-- Fix search_path for validate_slug_format function
-- This resolves the final function search_path security warning

CREATE OR REPLACE FUNCTION public.validate_slug_format()
RETURNS trigger
LANGUAGE plpgsql
SET search_path = public
AS $function$
BEGIN
  IF NEW.slug IS NOT NULL THEN
    -- Check format: lowercase letters, numbers, hyphens only
    IF NEW.slug !~ '^[a-z0-9]+(-[a-z0-9]+)*$' THEN
      RAISE EXCEPTION 'Invalid slug format: %. Slugs must be lowercase alphanumeric with hyphens only.', NEW.slug;
    END IF;
    
    -- Check length constraints
    IF length(NEW.slug) < 2 THEN
      RAISE EXCEPTION 'Slug too short: %. Minimum length is 2 characters.', NEW.slug;
    END IF;
    
    IF length(NEW.slug) > 100 THEN
      RAISE EXCEPTION 'Slug too long: %. Maximum length is 100 characters.', NEW.slug;
    END IF;
    
    -- Prevent reserved slugs
    IF NEW.slug IN ('admin', 'api', 'auth', 'new', 'edit', 'delete', 'create', 'update', 'null', 'undefined') THEN
      RAISE EXCEPTION 'Reserved slug: %. This slug cannot be used.', NEW.slug;
    END IF;
  END IF;
  
  RETURN NEW;
END;
$function$;

DO $$ 
BEGIN 
  RAISE NOTICE '✅ Fixed search_path for validate_slug_format function';
  RAISE NOTICE '🔒 All database functions now have secure search_path settings';
END $$;