From b6f35b62095b950c00fd6e940e6ad7a4f536357e Mon Sep 17 00:00:00 2001
From: daimond113 <72147841+daimond113@users.noreply.github.com>
Date: Wed, 30 Oct 2024 17:07:17 +0100
Subject: [PATCH] fix: validate package names are lowercase

---
 CHANGELOG.md               |  1 +
 registry/src/storage/s3.rs |  5 +++--
 src/names.rs               | 10 ++++++++--
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 92c09d0..c721e3d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Listen for device flow completion without requiring pressing enter by @daimond113
 - Sync scripts repo in background by @daimond113
 - Don't make CAS files read-only on Windows (file removal is disallowed if the file is read-only) by @daimond113 
+- Validate package names are lowercase by @daimond113
 
 ### Performance
 - Clone dependency repos shallowly by @daimond113
diff --git a/registry/src/storage/s3.rs b/registry/src/storage/s3.rs
index 1e5cdd0..41a3424 100644
--- a/registry/src/storage/s3.rs
+++ b/registry/src/storage/s3.rs
@@ -122,7 +122,8 @@ impl StorageImpl for S3Storage {
         let object_url = PutObject::new(
             &self.s3_bucket,
             Some(&self.s3_credentials),
-            &format!("doc/{}.gz", doc_hash),
+            // capitalize Doc to prevent conflicts with scope names
+            &format!("Doc/{}.gz", doc_hash),
         )
         .sign(S3_SIGN_DURATION);
 
@@ -142,7 +143,7 @@ impl StorageImpl for S3Storage {
         let object_url = GetObject::new(
             &self.s3_bucket,
             Some(&self.s3_credentials),
-            &format!("doc/{}.gz", doc_hash),
+            &format!("Doc/{}.gz", doc_hash),
         )
         .sign(S3_SIGN_DURATION);
 
diff --git a/src/names.rs b/src/names.rs
index 5491dd8..2799c6b 100644
--- a/src/names.rs
+++ b/src/names.rs
@@ -47,7 +47,10 @@ impl FromStr for PackageName {
                 return Err(Self::Err::PrePostfixUnderscore(reason, part.to_string()));
             }
 
-            if !part.chars().all(|c| c.is_ascii_alphanumeric() || c == '_') {
+            if !part
+                .chars()
+                .all(|c| c.is_ascii_lowercase() || c.is_ascii_digit() || c == '_')
+            {
                 return Err(Self::Err::InvalidCharacters(reason, part.to_string()));
             }
         }
@@ -172,7 +175,10 @@ pub mod wally {
                     return Err(Self::Err::InvalidLength(reason, part.to_string()));
                 }
 
-                if !part.chars().all(|c| c.is_ascii_alphanumeric() || c == '-') {
+                if !part
+                    .chars()
+                    .all(|c| c.is_ascii_lowercase() || c.is_ascii_digit() || c == '-')
+                {
                     return Err(Self::Err::InvalidCharacters(reason, part.to_string()));
                 }
             }