fix: move server name pattern validation to code for better error messages

- Add regex validation in parseServerName with specific error messages
- Validate namespace allows only alphanumeric, dots and hyphens
- Validate name allows only alphanumeric, dots, underscores and hyphens
- Update tests to expect descriptive error messages
- Add tests for invalid character validation
- Fix test server names to use valid format

As suggested by @joelverhagen in PR feedback

Author: ossamalafhel

internal/api/handlers/v0/edit_test.go

@@ -237,7 +237,7 @@ func TestEditServerEndpoint(t *testing.T) {
 			},
 			serverID:       testServerID,
 			expectedStatus: http.StatusBadRequest,
-			expectedError:  "Bad Request",
+			expectedError:  "server name must be in format 'dns-namespace/name'",
 		},
 		{
 			name: "cannot undelete server",

internal/api/handlers/v0/publish_integration_test.go

@@ -141,7 +141,7 @@ func TestPublishIntegration(t *testing.T) {
 
 	t.Run("publish fails with missing authorization header", func(t *testing.T) {
 		publishReq := apiv0.ServerJSON{
-			Name: "test-server",
+			Name: "com.example/test-server",
 		}
 
 		body, err := json.Marshal(publishReq)

internal/api/handlers/v0/publish_test.go

@@ -80,7 +80,7 @@ func TestPublishEndpoint(t *testing.T) {
 		{
 			name: "successful publish with no auth (AuthMethodNone)",
 			requestBody: apiv0.ServerJSON{
-				Name:        "example/test-server",
+				Name:        "com.example/test-server",
 				Description: "A test server without auth",
 				Repository: model.Repository{
 					URL:    "https://github.com/example/test-server",
@@ -92,7 +92,7 @@ func TestPublishEndpoint(t *testing.T) {
 			tokenClaims: &auth.JWTClaims{
 				AuthMethod: auth.MethodNone,
 				Permissions: []auth.Permission{
-					{Action: auth.PermissionActionPublish, ResourcePattern: "example/*"},
+					{Action: auth.PermissionActionPublish, ResourcePattern: "com.example/*"},
 				},
 			},
 			setupRegistryService: func(_ service.RegistryService) {
@@ -127,7 +127,7 @@ func TestPublishEndpoint(t *testing.T) {
 		{
 			name: "invalid token",
 			requestBody: apiv0.ServerJSON{
-				Name:        "test-server",
+				Name:        "com.example/test-server",
 				Description: "A test server",
 				Version: "1.0.0",
 			},
@@ -165,7 +165,7 @@ func TestPublishEndpoint(t *testing.T) {
 		{
 			name: "registry service error",
 			requestBody: apiv0.ServerJSON{
-				Name:        "example/test-server",
+				Name:        "com.example/test-server",
 				Description: "A test server",
 				Version: "1.0.0",
 				Repository: model.Repository{
@@ -183,7 +183,7 @@ func TestPublishEndpoint(t *testing.T) {
 			setupRegistryService: func(registry service.RegistryService) {
 				// Pre-publish the same server to cause duplicate version error
 				existingServer := apiv0.ServerJSON{
-					Name:        "example/test-server",
+					Name:        "com.example/test-server",
 					Description: "Existing test server",
 					Version: "1.0.0",
 					Repository: model.Repository{
@@ -353,6 +353,40 @@ func TestPublishEndpoint(t *testing.T) {
 			expectedStatus:       http.StatusBadRequest,
 			expectedError:        "server name format is invalid: must contain exactly one slash",
 		},
+		{
+			name: "invalid server name - invalid namespace characters",
+			requestBody: apiv0.ServerJSON{
+				Name:        "com.example@/test-server",
+				Description: "Server with invalid namespace characters",
+				Version:     "1.0.0",
+			},
+			tokenClaims: &auth.JWTClaims{
+				AuthMethod: auth.MethodNone,
+				Permissions: []auth.Permission{
+					{Action: auth.PermissionActionPublish, ResourcePattern: "*"},
+				},
+			},
+			setupRegistryService: func(_ service.RegistryService) {},
+			expectedStatus:       http.StatusBadRequest,
+			expectedError:        "server namespace 'com.example@' contains invalid characters",
+		},
+		{
+			name: "invalid server name - invalid name characters",
+			requestBody: apiv0.ServerJSON{
+				Name:        "com.example/test@server",
+				Description: "Server with invalid name characters",
+				Version:     "1.0.0",
+			},
+			tokenClaims: &auth.JWTClaims{
+				AuthMethod: auth.MethodNone,
+				Permissions: []auth.Permission{
+					{Action: auth.PermissionActionPublish, ResourcePattern: "*"},
+				},
+			},
+			setupRegistryService: func(_ service.RegistryService) {},
+			expectedStatus:       http.StatusBadRequest,
+			expectedError:        "server name 'test@server' contains invalid characters",
+		},
 	}
 
 	for _, tc := range testCases {

internal/validators/validators.go

@@ -413,6 +413,19 @@ func parseServerName(serverJSON apiv0.ServerJSON) (string, error) {
 		return "", fmt.Errorf("server name must be in format 'dns-namespace/name' with non-empty namespace and name parts")
 	}
 
+	// Validate namespace and name format according to schema
+	// Pattern: ^[a-zA-Z0-9.-]+/[a-zA-Z0-9._-]+$
+	namespacePattern := regexp.MustCompile(`^[a-zA-Z0-9.-]+$`)
+	namePattern := regexp.MustCompile(`^[a-zA-Z0-9._-]+$`)
+	
+	if !namespacePattern.MatchString(parts[0]) {
+		return "", fmt.Errorf("server namespace '%s' contains invalid characters: only alphanumeric characters, dots (.) and hyphens (-) are allowed", parts[0])
+	}
+	
+	if !namePattern.MatchString(parts[1]) {
+		return "", fmt.Errorf("server name '%s' contains invalid characters: only alphanumeric characters, dots (.), underscores (_) and hyphens (-) are allowed", parts[1])
+	}
+
 	return name, nil
 }