From 9ca5375652a19b067ab557bebb86302a06f29e07 Mon Sep 17 00:00:00 2001
From: Adam Outler <adamoutler@gmail.com>
Date: Mon, 2 Feb 2026 23:19:14 +0100
Subject: [PATCH] fix(schema): Enhance MAC validation for sessions and events

---
 server/api_server/api_server_start.py | 2 +-
 server/api_server/openapi/schemas.py  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/api_server/api_server_start.py b/server/api_server/api_server_start.py
index 29bdcd92..17c68a1b 100755
--- a/server/api_server/api_server_start.py
+++ b/server/api_server/api_server_start.py
@@ -1385,7 +1385,7 @@ def api_add_to_execution_queue(payload=None):
     path_params=[{
         "name": "mac",
         "description": "Device MAC address",
-        "schema": {"type": "string"}
+        "schema": {"type": "string", "pattern": "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$"}
     }],
     request_model=CreateEventRequest,
     response_model=BaseResponse,
diff --git a/server/api_server/openapi/schemas.py b/server/api_server/openapi/schemas.py
index 5181a4b7..b711e8ea 100644
--- a/server/api_server/openapi/schemas.py
+++ b/server/api_server/openapi/schemas.py
@@ -719,7 +719,7 @@ class SessionInfo(BaseModel):
 
 class CreateSessionRequest(BaseModel):
     """Request to create a session."""
-    mac: str = Field(..., description="Device MAC")
+    mac: str = Field(..., description="Device MAC", pattern=MAC_PATTERN)
     ip: str = Field(..., description="Device IP")
     start_time: str = Field(..., description="Start time")
     end_time: Optional[str] = Field(None, description="End time")