[Bug]price_id Field Accepts Chinese Characters (Invalid Input Not Rejected) #4
Description
Description
The price_id field in the /v1/devices API endpoint accepts Chinese characters (and potentially other non-ASCII characters) despite being documented as a string type with no explicit validation rules. This may lead to inconsistent data or billing issues, as price_id is intended for Stripe pricing IDs (which should typically follow alphanumeric/standard formats).
Steps to Reproduce
Steps to reproduce the behavior:
1.Send a POST request to https://api.stayforge.net/v1/devices/... with a JSON body containing price_id with Chinese characters (e.g., "price_id": "pricdee二hly").
2.Observe that the API accepts the request and creates the device with the invalid price_id.
Request Body Example
{
"device_id": "uacxc",
"sn": "SN202501是2002",
"display_name": "一百一十四楼温度传感器",
"price_id": "pricdee二hly", // Contains Chinese characters
"status": "active",
"metadata": {}
}
Actual Behavior
The API accepts the price_id with Chinese characters and creates the device successfully (status 201 Created).
Expected Behavior
The API should validate price_id to ensure it conforms to expected formats (e.g., Stripe’s pricing ID pattern, typically alphanumeric with possible hyphens/underscores).
If invalid characters (like Chinese) are provided, the API should return an error (e.g., 400 Bad Request) with a clear validation message.
Environment (if applicable)
- OS:Windows11
- Browser / Tool:Chrome/Postman
- SDK / Client:
- Other relevant details:
Additional Context
The sn and display_name fields also accept Chinese characters, but this may be intentional (unlike price_id).
The device_id field correctly enforces alphanumeric/hyphen/underscore patterns (as per its pattern constraint).