From ffdfd6cd9aa24bd15824184db3142ae810d24791 Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Sun, 19 Apr 2026 15:37:35 +0200
Subject: [PATCH] feat(outbound): add HTTPS CHECK constraint on
 outbound_connections.url

Defense-in-depth per code review. DTO layer already validates HTTPS at save
time; this DB-level check guards against future code paths that might bypass
the DTO validator. Mustache template variables in the URL (e.g., {{env.slug}})
remain valid since only the scheme prefix is constrained.
---
 .../main/resources/db/migration/V11__outbound_connections.sql   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cameleer-server-app/src/main/resources/db/migration/V11__outbound_connections.sql b/cameleer-server-app/src/main/resources/db/migration/V11__outbound_connections.sql
index 102695f9..aa9576b1 100644
--- a/cameleer-server-app/src/main/resources/db/migration/V11__outbound_connections.sql
+++ b/cameleer-server-app/src/main/resources/db/migration/V11__outbound_connections.sql
@@ -10,7 +10,7 @@ CREATE TABLE outbound_connections (
   tenant_id                 varchar(64) NOT NULL,
   name                      varchar(100) NOT NULL,
   description               text,
-  url                       text NOT NULL,
+  url                       text NOT NULL CHECK (url ~ '^https://'),
   method                    outbound_method_enum NOT NULL,
   default_headers           jsonb NOT NULL DEFAULT '{}',
   default_body_tmpl         text,