Fix: Implement slug validation in TeamIdOrSlugSchema (resolves FIXME)

[taheerahmed]

Summary

Resolves the FIXME in TeamIdOrSlugSchema by adding a regex that matches the DB's generate_team_slug() output from the migration in migrations/20250205180205.sql.

Change

src/lib/schemas/team.ts:

 export const TeamIdOrSlugSchema = z.union([
   z.uuid(),
-  z.string(),
-  // FIXME: Add correct team regex as in db slug generation
-  // .regex(
-  //   /^[a-z0-9]+(-[a-z0-9]+)*$/i,
-  //   'Must be a valid slug (words separated by hyphens)'
-  // ),
+  z
+    .string()
+    .regex(
+      /^[a-z0-9]+(-[a-z0-9]+)*$/,
+      'Must be a valid team slug (lowercase alphanumeric, separated by hyphens)'
+    ),
 ])

Note: removed the i flag from the original commented regex since generate_team_slug() produces lowercase-only output via LOWER().

Tests

Added 15 unit tests in src/__test__/unit/team-schema.test.ts:

Input	Expected
Valid UUID	Pass
acme-inc	Pass
acme-inc-a3f2 (DB suffix)	Pass
singleword	Pass
team-123	Pass
UPPERCASE	Fail
has spaces	Fail
has_underscore	Fail
-leading	Fail
trailing-	Fail
double--hyphen	Fail
../../etc/passwd	Fail

All unit tests pass (bun run test:unit — 95/95).

Closes #257

[vercel]

@taheerahmed is attempting to deploy a commit to the E2B Team on Vercel.

A member of the Team first needs to authorize it.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d5c00aeceb

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Align slug validator with DB-generated slug shapes

The new regex only accepts canonical kebab-case, but generate_team_slug() in migrations/20250205180205.sql (lines 42-54, 70-74, 85-92) can persist other forms (e.g. empty/leading-hyphen/multi-hyphen slugs) because it preserves existing hyphens, doesn't normalize them, and the table only enforces uniqueness. Since getTeamIdFromSegment now gates lookups through TeamIdOrSlugSchema, those already-stored slugs become unresolvable and affected users get unauthorized responses instead of their team data.

Useful? React with 👍 / 👎.