From 7f9a6be62cafa8ade0da93fe6922fd7ef4336b1f Mon Sep 17 00:00:00 2001
From: hiteshwani29 <hiteshwani29@gmail.com>
Date: Tue, 21 Mar 2023 09:25:03 +0530
Subject: [PATCH] Added validation for project name

Signed-off-by: hiteshwani29 <hiteshwani29@gmail.com>
---
 CHANGELOG.md            |  2 ++
 pkg/common/constants.go | 10 +++++++++-
 pkg/service/project.go  |  7 +++++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 414acfac..110c88f1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,8 @@
 All notable changes to this project will be documented in this file.
 
 ## Unreleased
+## Fixed
+- Fix: add project name validation [hiteshwani29](https://github.com/hiteshwani29)
 
 ## [0.2.1] - 2023-02-24
 ### Added
diff --git a/pkg/common/constants.go b/pkg/common/constants.go
index 2d55d9ef..aea160f8 100644
--- a/pkg/common/constants.go
+++ b/pkg/common/constants.go
@@ -1,6 +1,9 @@
 package common
 
-import "time"
+import (
+	"regexp"
+	"time"
+)
 
 // environment variables for configuration
 const (
@@ -49,3 +52,8 @@ const (
 
 var SessionDataKey contextKey
 var SessionInternalKey contextKey
+
+// Regex
+var (
+	PrjNameRX = regexp.MustCompile(`^[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]$`)
+)
diff --git a/pkg/service/project.go b/pkg/service/project.go
index b208fef3..8532f3e9 100644
--- a/pkg/service/project.go
+++ b/pkg/service/project.go
@@ -3,6 +3,7 @@ package service
 import (
 	"context"
 	"database/sql"
+	"errors"
 	"fmt"
 	"time"
 
@@ -10,6 +11,7 @@ import (
 	cdao "github.com/paralus/paralus/internal/cluster/dao"
 	"github.com/paralus/paralus/internal/dao"
 	"github.com/paralus/paralus/internal/models"
+	"github.com/paralus/paralus/pkg/common"
 	authzv1 "github.com/paralus/paralus/proto/types/authz"
 	commonv3 "github.com/paralus/paralus/proto/types/commonpb/v3"
 	v3 "github.com/paralus/paralus/proto/types/commonpb/v3"
@@ -60,6 +62,11 @@ func (s *projectService) Create(ctx context.Context, project *systemv3.Project)
 		return nil, fmt.Errorf("missing organization in metadata")
 	}
 
+	matched := common.PrjNameRX.MatchString(project.Metadata.GetName())
+	if !matched {
+		return nil, errors.New("project name contains invalid characters. Valid characters are alphanumeric and hyphen, except at the beginning or the end")
+	}
+
 	var org models.Organization
 	_, err := dao.GetByName(ctx, s.db, project.Metadata.Organization, &org)
 	if err != nil {