From 3fb00b281ca6a3c1c2c4588662e1534c56f7d9c0 Mon Sep 17 00:00:00 2001
From: Thomas Heartman <thomas@getunleash.ai>
Date: Thu, 22 Jun 2023 11:01:10 +0200
Subject: [PATCH] fix: disallow empty list of envs and invalid env names in
 advanced playground (#4060)

This PR changes the OpenAPI schema for the advanced playground to not
accept empty lists of environments and to not accept environment names
that don't match the env name pattern we use.

The pattern is the same as the one we use for controlling environment
names on creation.

However, there is a (small) chance that these may get out of sync later,
so we could do something to only define this pattern once (and import it
in the enterprise package), but that may be more work than is necessary,
and I'd suggest we do that later.

I've also added a minLength to the string items although it isn't
strictly necessary. It's primarily to give the users better feedback if
the name is empty.
---
 src/lib/openapi/spec/advanced-playground-request-schema.ts | 7 ++++++-
 .../e2e/api/openapi/__snapshots__/openapi.e2e.test.ts.snap | 3 +++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/lib/openapi/spec/advanced-playground-request-schema.ts b/src/lib/openapi/spec/advanced-playground-request-schema.ts
index 161fba6607..47b68d533e 100644
--- a/src/lib/openapi/spec/advanced-playground-request-schema.ts
+++ b/src/lib/openapi/spec/advanced-playground-request-schema.ts
@@ -11,7 +11,12 @@ export const advancedPlaygroundRequestSchema = {
     properties: {
         environments: {
             type: 'array',
-            items: { type: 'string' },
+            items: {
+                type: 'string',
+                minLength: 1,
+                pattern: '^[a-zA-Z0-9~_.-]+$',
+            },
+            minItems: 1,
             example: ['development', 'production'],
             description: 'The environments to evaluate toggles in.',
         },
diff --git a/src/test/e2e/api/openapi/__snapshots__/openapi.e2e.test.ts.snap b/src/test/e2e/api/openapi/__snapshots__/openapi.e2e.test.ts.snap
index 06d996d4e7..69352dc914 100644
--- a/src/test/e2e/api/openapi/__snapshots__/openapi.e2e.test.ts.snap
+++ b/src/test/e2e/api/openapi/__snapshots__/openapi.e2e.test.ts.snap
@@ -843,8 +843,11 @@ The provider you choose for your addon dictates what properties the \`parameters
               "production",
             ],
             "items": {
+              "minLength": 1,
+              "pattern": "^[a-zA-Z0-9~_.-]+$",
               "type": "string",
             },
+            "minItems": 1,
             "type": "array",
           },
           "projects": {