Restrict characters for project ID

Only allow lowercase alphanumeric chars and hyphens
because the project ID is used as part of url
schemes to redirect users back to mobile apps
and certain characters are not allowed.

app/controllers/api/projects.php

@@ -9,7 +9,7 @@ use Appwrite\Network\Validator\CNAME;
 use Utopia\Validator\Domain as DomainValidator;
 use Appwrite\Network\Validator\Origin;
 use Utopia\Validator\URL;
-use Appwrite\Utopia\Database\Validator\CustomId;
+use Appwrite\Utopia\Database\Validator\ProjectId;
 use Appwrite\Utopia\Response;
 use Utopia\Abuse\Adapters\TimeLimit;
 use Utopia\App;
@@ -56,7 +56,7 @@ App::post('/v1/projects')
     ->label('sdk.response.code', Response::STATUS_CODE_CREATED)
     ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
     ->label('sdk.response.model', Response::MODEL_PROJECT)
-    ->param('projectId', '', new CustomId(), 'Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
+    ->param('projectId', '', new ProjectId(), 'Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, and hyphen. Can\'t start with a special char. Max length is 36 chars.')
     ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.')
     ->param('teamId', '', new UID(), 'Team unique ID.')
     ->param('region', App::getEnv('_APP_REGION', 'default'), new Whitelist(array_keys(array_filter(Config::getParam('regions'), fn($config) => !$config['disabled']))), 'Project Region.', true)

src/Appwrite/Utopia/Database/Validator/ProjectId.php

@@ -0,0 +1,56 @@
+<?php
+
+namespace Appwrite\Utopia\Database\Validator;
+
+use Utopia\Validator;
+
+class ProjectId extends Validator
+{
+    /**
+     * Is valid.
+     *
+     * Returns true if valid or false if not.
+     *
+     * @param $value
+     *
+     * @return bool
+     */
+    public function isValid($value): bool
+    {
+        return $value == 'unique()' || preg_match('/^[a-z0-9][a-z0-9-]{1,35}$/', $value);
+    }
+
+    /**
+     * Get description.
+     *
+     * @return string
+     */
+    public function getDescription(): string
+    {
+        return 'Project IDs must contain at most 36 chars. Valid chars are a-z, 0-9, and hyphen. Can\'t start with a special char.';
+    }
+
+    /**
+     * Is array
+     *
+     * Function will return true if object is array.
+     *
+     * @return bool
+     */
+    public function isArray(): bool
+    {
+        return false;
+    }
+
+    /**
+     * Get Type
+     *
+     * Returns validator type.
+     *
+     * @return string
+     */
+    public function getType(): string
+    {
+        return self::TYPE_STRING;
+    }
+}

tests/unit/Utopia/Database/Validator/ProjectIdTest.php

@@ -0,0 +1,47 @@
+<?php
+
+namespace Tests\Unit\Utopia\Database\Validator;
+
+use Appwrite\Utopia\Database\Validator\ProjectId;
+use PHPUnit\Framework\TestCase;
+
+class ProjectIdTest extends TestCase
+{
+    /**
+     * @var Key
+     */
+    protected $object = null;
+
+    public function setUp(): void
+    {
+        $this->object = new ProjectId();
+    }
+
+    public function tearDown(): void
+    {
+    }
+
+    /**
+     * @return array
+     */
+    public function provideTest(): array
+    {
+        return [
+            'unique()' => ['unique()', true],
+            'dashes' => ['as12-df34', true],
+            '36 chars' => [\str_repeat('a', 36), true],
+            'uppercase' => ['ABC', false],
+            'underscore' => ['under_score', false],
+            'leading dash' => ['-dash', false],
+            'too long' => [\str_repeat('a', 37), false],
+        ];
+    }
+
+    /**
+     * @dataProvider provideTest
+     */
+    public function testValues(string $input, bool $expected): void
+    {
+        $this->assertEquals($this->object->isValid($input), $expected);
+    }
+}