From 89ee57cdf9036b99e29e986060d8d261f2c0083a Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Fri, 5 Dec 2025 12:01:53 -0500
Subject: [PATCH] Enforce fqdn

---
 .../siteResource/createSiteResource.ts        | 24 ++++++-------------
 .../siteResource/updateSiteResource.ts        |  8 ++++++-
 2 files changed, 14 insertions(+), 18 deletions(-)

diff --git a/server/routers/siteResource/createSiteResource.ts b/server/routers/siteResource/createSiteResource.ts
index 3a753797..27280f7a 100644
--- a/server/routers/siteResource/createSiteResource.ts
+++ b/server/routers/siteResource/createSiteResource.ts
@@ -34,28 +34,18 @@ const createSiteResourceSchema = z
         // destinationPort: z.int().positive().optional(),
         destination: z.string().min(1),
         enabled: z.boolean().default(true),
-        alias: z.string().optional(),
+        alias: z
+            .string()
+            .regex(
+                /^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?$/,
+                "Alias must be a fully qualified domain name (e.g., example.com)"
+            )
+            .optional(),
         userIds: z.array(z.string()),
         roleIds: z.array(z.int()),
         clientIds: z.array(z.int())
     })
     .strict()
-    // .refine(
-    //     (data) => {
-    //         if (data.mode === "port") {
-    //             return (
-    //                 data.protocol !== undefined &&
-    //                 data.proxyPort !== undefined &&
-    //                 data.destinationPort !== undefined
-    //             );
-    //         }
-    //         return true;
-    //     },
-    //     {
-    //         message:
-    //             "Protocol, proxy port, and destination port are required for port mode"
-    //     }
-    // )
     .refine(
         (data) => {
             if (data.mode === "host") {
diff --git a/server/routers/siteResource/updateSiteResource.ts b/server/routers/siteResource/updateSiteResource.ts
index c816e679..63013164 100644
--- a/server/routers/siteResource/updateSiteResource.ts
+++ b/server/routers/siteResource/updateSiteResource.ts
@@ -44,7 +44,13 @@ const updateSiteResourceSchema = z
         // destinationPort: z.int().positive().nullish(),
         destination: z.string().min(1).optional(),
         enabled: z.boolean().optional(),
-        alias: z.string().nullish(),
+        alias: z
+            .string()
+            .regex(
+                /^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?$/,
+                "Alias must be a fully qualified domain name (e.g., example.internal)"
+            )
+            .nullish(),
         userIds: z.array(z.string()),
         roleIds: z.array(z.int()),
         clientIds: z.array(z.int())