From 6cdd64c669604d9645b795759dff5ec7d24c746b Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Thu, 16 Jan 2020 23:07:58 -0700 Subject: [PATCH] Add BANNED_USERNAMES env var support to RestrictedNames --- app/Util/Lexer/RestrictedNames.php | 590 +++++++++++++++-------------- config/instance.php | 1 + config/pixelfed.php | 16 +- 3 files changed, 299 insertions(+), 308 deletions(-) diff --git a/app/Util/Lexer/RestrictedNames.php b/app/Util/Lexer/RestrictedNames.php index a7c32e42c..0b08ee1e0 100644 --- a/app/Util/Lexer/RestrictedNames.php +++ b/app/Util/Lexer/RestrictedNames.php @@ -4,306 +4,308 @@ namespace App\Util\Lexer; class RestrictedNames { - public static $blacklist = [ - 'autoconfig', - 'blog', - 'broadcasthost', - 'copyright', - 'download', - 'domainadmin', - 'domainadministrator', - 'errors', - 'events', - 'example', - 'faq', - 'faqs', - 'features', - 'ftp', - 'guest', - 'guests', - 'hostmaster', - 'hostmaster', - 'imap', - 'info', - 'information', - 'is', - 'isatap', - 'it', - 'localdomain', - 'localhost', - 'mail', - 'mailer-daemon', - 'mailerdaemon', - 'marketing', - 'me', - 'mis', - 'mx', - 'no-reply', - 'nobody', - 'noc', - 'noreply', - 'ns0', - 'ns1', - 'ns2', - 'ns3', - 'ns4', - 'ns5', - 'ns6', - 'ns7', - 'ns8', - 'ns9', - 'owner', - 'pop', - 'pop3', - 'postmaster', - 'pricing', - 'root', - 'sales', - 'security', - 'signin', - 'signout', - 'smtp', - 'src', - 'ssladmin', - 'ssladministrator', - 'sslwebmaster', - 'sys', - 'sysadmin', - 'system', - 'tutorial', - 'tutorials', - 'usenet', - 'uucp', - 'webmaster', - 'wpad', - ]; + public static $additional = [ + 'autoconfig', + 'blog', + 'broadcasthost', + 'copyright', + 'download', + 'domainadmin', + 'domainadministrator', + 'errors', + 'events', + 'example', + 'faq', + 'faqs', + 'features', + 'ftp', + 'guest', + 'guests', + 'hostmaster', + 'hostmaster', + 'imap', + 'info', + 'information', + 'is', + 'isatap', + 'it', + 'localdomain', + 'localhost', + 'mail', + 'mailer-daemon', + 'mailerdaemon', + 'marketing', + 'me', + 'mis', + 'mx', + 'no-reply', + 'nobody', + 'noc', + 'noreply', + 'ns0', + 'ns1', + 'ns2', + 'ns3', + 'ns4', + 'ns5', + 'ns6', + 'ns7', + 'ns8', + 'ns9', + 'owner', + 'pop', + 'pop3', + 'postmaster', + 'pricing', + 'root', + 'sales', + 'security', + 'signin', + 'signout', + 'smtp', + 'src', + 'ssladmin', + 'ssladministrator', + 'sslwebmaster', + 'sys', + 'sysadmin', + 'system', + 'tutorial', + 'tutorials', + 'usenet', + 'uucp', + 'webmaster', + 'wpad', + ]; - public static $reserved = [ - // Reserved for instance admin - 'admin', - 'administrator', + public static $reserved = [ + // Reserved for instance admin + 'admin', + 'administrator', - // Static Assets - 'assets', - 'storage', + // Static Assets + 'assets', + 'storage', - // Laravel Horizon - 'horizon', + // Laravel Horizon + 'horizon', - // Reserved routes - 'a', - 'app', - 'about', - 'aboutus', - 'about-us', - 'abuse', - 'account', - 'admins', - 'api', - 'audio', - 'auth', - 'b', - 'bartender', - 'broadcast', - 'broadcaster', - 'booth', - 'bouncer', - 'c', - 'cdn', - 'circle', - 'circles', - 'checkpoint', - 'collection', - 'collections', - 'community', - 'communities', - 'contact', - 'contact-us', - 'contact_us', - 'costar', - 'costars', - 'css', - 'd', - 'dashboard', - 'dmca', - 'db', - 'deck', - 'dev', - 'developer', - 'developers', - 'discover', - 'discovers', - 'dj', - 'doc', - 'docs', - 'docs', - 'drive', - 'drives', - 'driver', - 'e', - 'email', - 'emails', - 'error', - 'explore', - 'export', - 'exports', - 'f', - 'feed', - 'font', - 'fonts', - 'follow', - 'follows', - 'followme', - 'follow-me', - 'follow_me', - 'g', - 'gdpr', - 'graph', - 'ghost', - 'ghosts', - 'group', - 'groups', - 'h', - 'home', - 'help', - 'helpcenter', - 'help-center', - 'help_center', - 'help_center_', - 'help-center-', - 'help-center_', - 'help_center-', - 'i', - 'img', - 'imgs', - 'image', - 'images', - 'invite', - 'invites', - 'import', - 'imports', - 'j', - 'js', - 'k', - 'key', - 'l', - 'lab', - 'labs', - 'legal', - 'live', - 'loop', - 'loops', - 'location', - 'locations', - 'login', - 'logout', - 'm', - 'media', - 'menu', - 'music', - 'n', - 'news', - 'new', - 'news', - 'news', - 'newsfeed', - 'newsroom', - 'newsrooms', - 'news-room', - 'news-rooms', - 'o', - 'oauth', - 'official', - 'p', - 'page', - 'pages', - 'pin', - 'pins', - 'photo', - 'photos', - 'password', - 'privacy', - 'private', - 'q', - 'quote', - 'query', - 'r', - 'register', - 'registers', - 'review', - 'reset', - 'report', - 'results', - 'reports', - 'robot', - 'robots', - 's', - 'search', - 'sell', - 'send', - 'settings', - 'status', - 'statuses', - 'site', - 'sites', - 'stage', - 'static', - 'story', - 'stories', - 'support', - 'svg', - 'svgs', - 't', - 'terms', - 'telescope', - 'timeline', - 'timelines', - 'tour', - 'tv', - 'u', - 'user', - 'users', - 'username', - 'usernames', - 'v', - 'valet', - 'video', - 'videos', - 'vendor', - 'w', - 'waiter', - 'wall', - 'whats-new', - 'whatsnew', - 'whatnew', - 'whats-news', - 'ws', - 'wss', - 'www', - 'x', - 'y', - 'z', - '400', - '401', - '403', - '404', - '500', - '503', - '504', - ]; + // Reserved routes + 'a', + 'app', + 'about', + 'aboutus', + 'about-us', + 'abuse', + 'account', + 'admins', + 'api', + 'audio', + 'auth', + 'b', + 'bartender', + 'broadcast', + 'broadcaster', + 'booth', + 'bouncer', + 'c', + 'cdn', + 'circle', + 'circles', + 'checkpoint', + 'collection', + 'collections', + 'community', + 'communities', + 'contact', + 'contact-us', + 'contact_us', + 'costar', + 'costars', + 'css', + 'd', + 'dashboard', + 'dmca', + 'db', + 'deck', + 'dev', + 'developer', + 'developers', + 'discover', + 'discovers', + 'dj', + 'doc', + 'docs', + 'docs', + 'drive', + 'drives', + 'driver', + 'e', + 'email', + 'emails', + 'error', + 'explore', + 'export', + 'exports', + 'f', + 'feed', + 'font', + 'fonts', + 'follow', + 'follows', + 'followme', + 'follow-me', + 'follow_me', + 'g', + 'gdpr', + 'graph', + 'ghost', + 'ghosts', + 'group', + 'groups', + 'h', + 'home', + 'help', + 'helpcenter', + 'help-center', + 'help_center', + 'help_center_', + 'help-center-', + 'help-center_', + 'help_center-', + 'i', + 'img', + 'imgs', + 'image', + 'images', + 'invite', + 'invites', + 'import', + 'imports', + 'j', + 'js', + 'k', + 'key', + 'l', + 'lab', + 'labs', + 'legal', + 'live', + 'loop', + 'loops', + 'location', + 'locations', + 'login', + 'logout', + 'm', + 'media', + 'menu', + 'music', + 'n', + 'news', + 'new', + 'news', + 'news', + 'newsfeed', + 'newsroom', + 'newsrooms', + 'news-room', + 'news-rooms', + 'o', + 'oauth', + 'official', + 'p', + 'page', + 'pages', + 'pin', + 'pins', + 'photo', + 'photos', + 'password', + 'privacy', + 'private', + 'q', + 'quote', + 'query', + 'r', + 'register', + 'registers', + 'review', + 'reset', + 'report', + 'results', + 'reports', + 'robot', + 'robots', + 's', + 'search', + 'sell', + 'send', + 'settings', + 'status', + 'statuses', + 'site', + 'sites', + 'stage', + 'static', + 'story', + 'stories', + 'support', + 'svg', + 'svgs', + 't', + 'terms', + 'telescope', + 'timeline', + 'timelines', + 'tour', + 'tv', + 'u', + 'user', + 'users', + 'username', + 'usernames', + 'v', + 'valet', + 'video', + 'videos', + 'vendor', + 'w', + 'waiter', + 'wall', + 'whats-new', + 'whatsnew', + 'whatnew', + 'whats-news', + 'ws', + 'wss', + 'www', + 'x', + 'y', + 'z', + '400', + '401', + '403', + '404', + '500', + '503', + '504', + ]; - public static function get() - { - $reserved = $blacklist = []; + public static function get() + { + $banned = []; - if (true == config('pixelfed.restricted_names.use_blacklist')) { - $blacklist = self::$blacklist; - } + if(config('instance.username.banned')) { + $banned = array_map('trim', explode(',', config('instance.username.banned'))); + } - if (true == config('pixelfed.restricted_names.reserved_routes')) { - $reserved = self::$reserved; - } + $additional = self::$additional; + $reserved = self::$reserved; - return array_merge($blacklist, $reserved); - } + $res = array_merge($additional, $reserved, $banned); + sort($res); + + return $res; + } } diff --git a/config/instance.php b/config/instance.php index 3f4762fab..28916f92b 100644 --- a/config/instance.php +++ b/config/instance.php @@ -41,6 +41,7 @@ return [ ] ], 'username' => [ + 'banned' => env('BANNED_USERNAMES'), 'remote' => [ 'formats' => ['@', 'from', 'custom'], 'format' => in_array(env('USERNAME_REMOTE_FORMAT', '@'), ['@','from','custom']) ? env('USERNAME_REMOTE_FORMAT', '@') : '@', diff --git a/config/pixelfed.php b/config/pixelfed.php index 34434f5c8..fc4541c0d 100644 --- a/config/pixelfed.php +++ b/config/pixelfed.php @@ -48,20 +48,6 @@ return [ */ 'memory_limit' => env('MEMORY_LIMIT', '1024M'), - /* - |-------------------------------------------------------------------------- - | Restricted Usernames - |-------------------------------------------------------------------------- - | - | Optional blacklist to prevent registering usernames that could - | be confused for admin or system services. - | - */ - 'restricted_names' => [ - 'reserved_routes' => true, - 'use_blacklist' => env('USERNAME_BLACKLIST', false), - ], - /* |-------------------------------------------------------------------------- | Allow New Registrations @@ -278,4 +264,6 @@ return [ 'admin' => [ 'env_editor' => env('ADMIN_ENV_EDITOR', false) ], + + 'links_per_post' => env('MAX_LINKS_PER_POST', 0) ];