(refactor): Use utopia validators for hostname, IP, port, and TLS path validation

- Replace custom isValidHostname() regex with Utopia\Validator\Hostname in both HTTP servers
- Use Utopia\Validator\Range for port validation in Adapter::validate()
- Use Utopia\Validator\IP for IP format validation in Adapter::validate()
- Use Utopia\Validator\Text for TLS certificate path validation
- Add utopia-php/validators dependency

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: abnegate

composer.json

@@ -13,7 +13,8 @@
         "php": ">=8.4",
         "ext-redis": "*",
         "ext-swoole": ">=6.0",
-        "utopia-php/console": "^0.1.1"
+        "utopia-php/console": "^0.1.1",
+        "utopia-php/validators": "^0.2.0"
     },
     "require-dev": {
         "phpunit/phpunit": "12.*",

src/Adapter.php

@@ -4,6 +4,8 @@
 
 use Swoole\Table;
 use Utopia\Proxy\Resolver\Exception as ResolverException;
+use Utopia\Validator\IP;
+use Utopia\Validator\Range;
 
 /**
  * Protocol Proxy Adapter
@@ -277,16 +279,16 @@ protected function validate(string $endpoint): string
         $hasPort = isset($parts[1]);
         $port = $hasPort ? (int) $parts[1] : 0;
 
-        if ($hasPort && ($port < 1 || $port > 65535)) {
+        if ($hasPort && !(new Range(1, 65535))->isValid($port)) {
             throw new ResolverException("Invalid port number: {$port}");
         }
 
         $ip = \gethostbyname($host);
-        if ($ip === $host && !\filter_var($ip, FILTER_VALIDATE_IP)) {
+        if ($ip === $host && !(new IP())->isValid($ip)) {
             throw new ResolverException("Cannot resolve hostname: {$host}");
         }
 
-        if (\filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+        if ((new IP(IP::V4))->isValid($ip)) {
             $longIp = \ip2long($ip);
             if ($longIp === false) {
                 throw new ResolverException("Invalid IP address: {$ip}");
@@ -310,7 +312,7 @@ protected function validate(string $endpoint): string
                     throw new ResolverException("Access to private/reserved IP address is forbidden: {$ip}");
                 }
             }
-        } elseif (\filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+        } elseif ((new IP(IP::V6))->isValid($ip)) {
             if (
                 $ip === '::1'
                 || \str_starts_with($ip, 'fe80:')

src/Server/HTTP/Swoole.php

@@ -13,6 +13,7 @@
 use Utopia\Proxy\Adapter;
 use Utopia\Proxy\Protocol;
 use Utopia\Proxy\Resolver;
+use Utopia\Validator\Hostname;
 
 /**
  * High-performance HTTP proxy server (Swoole Implementation)
@@ -468,11 +469,7 @@ protected function isValidHostname(string $hostname): bool
             return false;
         }
 
-        if (strlen($host) > 255 || preg_match('/[\x00-\x1f\x7f\s]/', $host)) {
-            return false;
-        }
-
-        return preg_match('/^[a-z0-9]([a-z0-9.-]*[a-z0-9])?$/i', $host) === 1;
+        return (new Hostname())->isValid($host);
     }
 
     public function start(): void

src/Server/HTTP/SwooleCoroutine.php

@@ -13,6 +13,7 @@
 use Utopia\Proxy\Adapter;
 use Utopia\Proxy\Protocol;
 use Utopia\Proxy\Resolver;
+use Utopia\Validator\Hostname;
 
 /**
  * High-performance HTTP proxy server (Swoole Coroutine Implementation)
@@ -470,11 +471,7 @@ protected function isValidHostname(string $hostname): bool
             return false;
         }
 
-        if (strlen($host) > 255 || preg_match('/[\x00-\x1f\x7f\s]/', $host)) {
-            return false;
-        }
-
-        return preg_match('/^[a-z0-9]([a-z0-9.-]*[a-z0-9])?$/i', $host) === 1;
+        return (new Hostname())->isValid($host);
     }
 
     public function start(): void

src/Server/TCP/TLS.php

@@ -2,6 +2,8 @@
 
 namespace Utopia\Proxy\Server\TCP;
 
+use Utopia\Validator\Text;
+
 /**
  * TLS Configuration for TCP Proxy Server
  *
@@ -77,10 +79,20 @@ public function __construct(
      */
     public function validate(): void
     {
+        $path = new Text(4096);
+
+        if (!$path->isValid($this->certificate)) {
+            throw new \RuntimeException("TLS certificate path is invalid: {$path->getDescription()}");
+        }
+
         if (!is_readable($this->certificate)) {
             throw new \RuntimeException("TLS certificate file not readable: {$this->certificate}");
         }
 
+        if (!$path->isValid($this->key)) {
+            throw new \RuntimeException("TLS key path is invalid: {$path->getDescription()}");
+        }
+
         if (!is_readable($this->key)) {
             throw new \RuntimeException("TLS private key file not readable: {$this->key}");
         }
@@ -89,6 +101,10 @@ public function validate(): void
             throw new \RuntimeException('CA certificate path is required when client certificate verification is enabled');
         }
 
+        if ($this->ca !== '' && !$path->isValid($this->ca)) {
+            throw new \RuntimeException("TLS CA path is invalid: {$path->getDescription()}");
+        }
+
         if ($this->ca !== '' && !is_readable($this->ca)) {
             throw new \RuntimeException("TLS CA certificate file not readable: {$this->ca}");
         }