fix(server): Add boundary check for editing host name (#1018)

* feat(localization): Add validation prompt for invalid host formats

Add validation for host formats, allowing only IPv4, IPv6, and domain name formats

Add regular expression validation for host format on the server editing page

Update multilingual files to add the invalidHostFormat field

* chore: Update dependent package versions to the latest

* fix(server edit): Update the hostname regular expression to support IPv6 zone identifiers

Modify the regular expression for hostname validation to add support for IPv6 zone identifiers (such as %en0)

lib/generated/l10n/l10n.dart

@@ -854,6 +854,12 @@ abstract class AppLocalizations {
   /// **'Invalid'**
   String get invalid;
 
+  /// No description provided for @invalidHostFormat.
+  ///
+  /// In en, this message translates to:
+  /// **'Invalid host format. Only IPv4, IPv6, and domain characters are allowed.'**
+  String get invalidHostFormat;
+
   /// No description provided for @jumpServer.
   ///
   /// In en, this message translates to:

lib/generated/l10n/l10n_de.dart

@@ -420,6 +420,10 @@ class AppLocalizationsDe extends AppLocalizations {
   @override
   String get invalid => 'Ungültig';
 
+  @override
+  String get invalidHostFormat =>
+      'Invalid host format. Only IPv4, IPv6, and domain characters are allowed.';
+
   @override
   String get jumpServer => 'Server springen';
 

lib/generated/l10n/l10n_en.dart

@@ -418,6 +418,10 @@ class AppLocalizationsEn extends AppLocalizations {
   @override
   String get invalid => 'Invalid';
 
+  @override
+  String get invalidHostFormat =>
+      'Invalid host format. Only IPv4, IPv6, and domain characters are allowed.';
+
   @override
   String get jumpServer => 'Jump server';
 

lib/generated/l10n/l10n_es.dart

@@ -419,6 +419,10 @@ class AppLocalizationsEs extends AppLocalizations {
   @override
   String get invalid => 'Inválido';
 
+  @override
+  String get invalidHostFormat =>
+      'Invalid host format. Only IPv4, IPv6, and domain characters are allowed.';
+
   @override
   String get jumpServer => 'Servidor de salto';
 

lib/generated/l10n/l10n_fr.dart

@@ -420,6 +420,10 @@ class AppLocalizationsFr extends AppLocalizations {
   @override
   String get invalid => 'Invalide';
 
+  @override
+  String get invalidHostFormat =>
+      'Invalid host format. Only IPv4, IPv6, and domain characters are allowed.';
+
   @override
   String get jumpServer => 'Aller au serveur';
 

lib/generated/l10n/l10n_id.dart

@@ -418,6 +418,10 @@ class AppLocalizationsId extends AppLocalizations {
   @override
   String get invalid => 'Tidak valid';
 
+  @override
+  String get invalidHostFormat =>
+      'Invalid host format. Only IPv4, IPv6, and domain characters are allowed.';
+
   @override
   String get jumpServer => 'Lompat server';
 

lib/generated/l10n/l10n_ja.dart

@@ -407,6 +407,10 @@ class AppLocalizationsJa extends AppLocalizations {
   @override
   String get invalid => '無効';
 
+  @override
+  String get invalidHostFormat =>
+      'Invalid host format. Only IPv4, IPv6, and domain characters are allowed.';
+
   @override
   String get jumpServer => 'ジャンプサーバー';
 

lib/generated/l10n/l10n_nl.dart

@@ -419,6 +419,10 @@ class AppLocalizationsNl extends AppLocalizations {
   @override
   String get invalid => 'Ongeldig';
 
+  @override
+  String get invalidHostFormat =>
+      'Invalid host format. Only IPv4, IPv6, and domain characters are allowed.';
+
   @override
   String get jumpServer => 'Spring naar server';
 

lib/generated/l10n/l10n_pt.dart

@@ -418,6 +418,10 @@ class AppLocalizationsPt extends AppLocalizations {
   @override
   String get invalid => 'Inválido';
 
+  @override
+  String get invalidHostFormat =>
+      'Invalid host format. Only IPv4, IPv6, and domain characters are allowed.';
+
   @override
   String get jumpServer => 'Servidor de salto';
 

lib/generated/l10n/l10n_ru.dart

@@ -419,6 +419,10 @@ class AppLocalizationsRu extends AppLocalizations {
   @override
   String get invalid => 'Недействительный';
 
+  @override
+  String get invalidHostFormat =>
+      'Invalid host format. Only IPv4, IPv6, and domain characters are allowed.';
+
   @override
   String get jumpServer => 'прыжковый сервер';
 

lib/generated/l10n/l10n_tr.dart

@@ -418,6 +418,10 @@ class AppLocalizationsTr extends AppLocalizations {
   @override
   String get invalid => 'Geçersiz';
 
+  @override
+  String get invalidHostFormat =>
+      'Invalid host format. Only IPv4, IPv6, and domain characters are allowed.';
+
   @override
   String get jumpServer => 'Atlama sunucusu';
 

lib/generated/l10n/l10n_uk.dart

@@ -420,6 +420,10 @@ class AppLocalizationsUk extends AppLocalizations {
   @override
   String get invalid => 'Недійсний';
 
+  @override
+  String get invalidHostFormat =>
+      'Недійсний формат хоста. Дозволено лише символи IPv4, IPv6 та домену.';
+
   @override
   String get jumpServer => 'Стрибковий Сервер';
 

lib/generated/l10n/l10n_zh.dart

@@ -401,6 +401,9 @@ class AppLocalizationsZh extends AppLocalizations {
   @override
   String get invalid => '无效';
 
+  @override
+  String get invalidHostFormat => '主机格式无效，仅支持 IPv4、IPv6 和域名字符。';
+
   @override
   String get jumpServer => '跳板服务器';
 
@@ -1380,6 +1383,9 @@ class AppLocalizationsZhTw extends AppLocalizationsZh {
   @override
   String get invalid => '無效';
 
+  @override
+  String get invalidHostFormat => '主機格式無效，僅支援 IPv4、IPv6 和網域字元。';
+
   @override
   String get jumpServer => '跳板伺服器';
 

lib/l10n/app_en.arb

@@ -122,6 +122,7 @@
   "install": "install",
   "installDockerWithUrl": "Please https://docs.docker.com/engine/install docker first.",
   "invalid": "Invalid",
+  "invalidHostFormat": "Invalid host format. Only IPv4, IPv6, and domain characters are allowed.",
   "jumpServer": "Jump server",
   "keepForeground": "Keep app foreground!",
   "keepStatusWhenErr": "Preserve the last server state",

lib/l10n/app_uk.arb

@@ -122,6 +122,7 @@
   "install": "Встановити",
   "installDockerWithUrl": "Будь ласка, спочатку встановіть Docker. (https://docs.docker.com/engine/install)",
   "invalid": "Недійсний",
+  "invalidHostFormat": "Недійсний формат хоста. Дозволено лише символи IPv4, IPv6 та домену.",
   "jumpServer": "Стрибковий Сервер",
   "keepForeground": "Тримати застосунок на передньому плані!",
   "keepStatusWhenErr": "Зберегати останній стан сервера",

lib/l10n/app_zh.arb

@@ -122,6 +122,7 @@
   "install": "安装",
   "installDockerWithUrl": "请先前往 https://docs.docker.com/engine/install 安装 Docker",
   "invalid": "无效",
+  "invalidHostFormat": "主机格式无效，仅支持 IPv4、IPv6 和域名字符。",
   "jumpServer": "跳板服务器",
   "keepForeground": "请将应用保持在前台运行",
   "keepStatusWhenErr": "保留上次的服务器状态",

lib/l10n/app_zh_tw.arb

@@ -122,6 +122,7 @@
   "install": "安裝",
   "installDockerWithUrl": "請先前往 https://docs.docker.com/engine/install 安裝 Docker",
   "invalid": "無效",
+  "invalidHostFormat": "主機格式無效，僅支援 IPv4、IPv6 和網域字元。",
   "jumpServer": "跳板伺服器",
   "keepForeground": "請讓 App 保持在前景執行",
   "keepStatusWhenErr": "保留上次的伺服器狀態",

lib/view/page/server/edit/actions.dart

@@ -1,5 +1,8 @@
 part of 'edit.dart';
 
+/// Only permit ipv4 / ipv6 / domain chars (including IPv6 zone identifier like %en0)
+final _hostReg = RegExp(r'^[a-zA-Z0-9\.\-_:%;]+$');
+
 extension _Actions on _ServerEditPageState {
   Future<void> _onTapSSHDiscovery() async {
     try {
@@ -222,6 +225,11 @@ extension _Actions on _ServerEditPageState {
       return;
     }
 
+    if (!_hostReg.hasMatch(_ipController.text)) {
+      context.showSnackBar(l10n.invalidHostFormat);
+      return;
+    }
+
     if (_keyIdx.value == null && _passwordController.text.isEmpty) {
       final ok = await context.showRoundDialog<bool>(
         title: libL10n.attention,