From 35fa254d1b98d7f6cbf28e7dbb555a1334f2f918 Mon Sep 17 00:00:00 2001
From: Jon Staab <shtaab@gmail.com>
Date: Thu, 2 Apr 2026 13:40:38 -0700
Subject: [PATCH] Be more strict with schema validation

---
 zooid/api.go      | 4 ++++
 zooid/instance.go | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/zooid/api.go b/zooid/api.go
index aaae1fe..c36adac 100644
--- a/zooid/api.go
+++ b/zooid/api.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"regexp"
 	"strings"
 
 	"fiatjaf.com/nostr"
@@ -285,6 +286,9 @@ func (api *APIHandler) validatePatchedConfig(config *Config) error {
 	if config.Schema == "" {
 		return fmt.Errorf("schema is required")
 	}
+	if !regexp.MustCompile(`^[a-zA-Z_][a-zA-Z0-9_]*$`).MatchString(config.Schema) {
+		return fmt.Errorf("schema must contain only letters, numbers, and underscores")
+	}
 	if config.Secret == "" {
 		return fmt.Errorf("secret is required")
 	}
diff --git a/zooid/instance.go b/zooid/instance.go
index d5da9c4..2c05ded 100644
--- a/zooid/instance.go
+++ b/zooid/instance.go
@@ -122,7 +122,7 @@ func MakeInstance(filename string) (*Instance, error) {
 	// Initialize the database
 
 	if err := instance.Events.Init(); err != nil {
-		log.Fatal("Failed to initialize event store: ", err)
+		log.Fatal("Failed to initialize event store for ", filename, ": ", err)
 	}
 
 	// Enable extra functionality