Merge pull request #1943 from pixelfed/staging

Add BANNED_USERNAMES env var support to RestrictedNames
This commit is contained in:
daniel 2020-01-16 23:11:49 -07:00 committed by GitHub
commit 77c6962f7b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 300 additions and 308 deletions

View file

@ -2,6 +2,7 @@
## [Unreleased](https://github.com/pixelfed/pixelfed/compare/v0.10.7...dev)
### Added
- Added ```BANNED_USERNAMES``` .env var, an optional comma separated string to ban specific usernames from being used ([6cdd64c6](https://github.com/pixelfed/pixelfed/commit/6cdd64c6))
### Fixed
- Fixed Story Compose bug affecting postgres instances ([#1918](https://github.com/pixelfed/pixelfed/pull/1918))

View file

@ -4,306 +4,308 @@ namespace App\Util\Lexer;
class RestrictedNames
{
public static $blacklist = [
'autoconfig',
'blog',
'broadcasthost',
'copyright',
'download',
'domainadmin',
'domainadministrator',
'errors',
'events',
'example',
'faq',
'faqs',
'features',
'ftp',
'guest',
'guests',
'hostmaster',
'hostmaster',
'imap',
'info',
'information',
'is',
'isatap',
'it',
'localdomain',
'localhost',
'mail',
'mailer-daemon',
'mailerdaemon',
'marketing',
'me',
'mis',
'mx',
'no-reply',
'nobody',
'noc',
'noreply',
'ns0',
'ns1',
'ns2',
'ns3',
'ns4',
'ns5',
'ns6',
'ns7',
'ns8',
'ns9',
'owner',
'pop',
'pop3',
'postmaster',
'pricing',
'root',
'sales',
'security',
'signin',
'signout',
'smtp',
'src',
'ssladmin',
'ssladministrator',
'sslwebmaster',
'sys',
'sysadmin',
'system',
'tutorial',
'tutorials',
'usenet',
'uucp',
'webmaster',
'wpad',
];
public static $additional = [
'autoconfig',
'blog',
'broadcasthost',
'copyright',
'download',
'domainadmin',
'domainadministrator',
'errors',
'events',
'example',
'faq',
'faqs',
'features',
'ftp',
'guest',
'guests',
'hostmaster',
'hostmaster',
'imap',
'info',
'information',
'is',
'isatap',
'it',
'localdomain',
'localhost',
'mail',
'mailer-daemon',
'mailerdaemon',
'marketing',
'me',
'mis',
'mx',
'no-reply',
'nobody',
'noc',
'noreply',
'ns0',
'ns1',
'ns2',
'ns3',
'ns4',
'ns5',
'ns6',
'ns7',
'ns8',
'ns9',
'owner',
'pop',
'pop3',
'postmaster',
'pricing',
'root',
'sales',
'security',
'signin',
'signout',
'smtp',
'src',
'ssladmin',
'ssladministrator',
'sslwebmaster',
'sys',
'sysadmin',
'system',
'tutorial',
'tutorials',
'usenet',
'uucp',
'webmaster',
'wpad',
];
public static $reserved = [
// Reserved for instance admin
'admin',
'administrator',
public static $reserved = [
// Reserved for instance admin
'admin',
'administrator',
// Static Assets
'assets',
'storage',
// Static Assets
'assets',
'storage',
// Laravel Horizon
'horizon',
// Laravel Horizon
'horizon',
// Reserved routes
'a',
'app',
'about',
'aboutus',
'about-us',
'abuse',
'account',
'admins',
'api',
'audio',
'auth',
'b',
'bartender',
'broadcast',
'broadcaster',
'booth',
'bouncer',
'c',
'cdn',
'circle',
'circles',
'checkpoint',
'collection',
'collections',
'community',
'communities',
'contact',
'contact-us',
'contact_us',
'costar',
'costars',
'css',
'd',
'dashboard',
'dmca',
'db',
'deck',
'dev',
'developer',
'developers',
'discover',
'discovers',
'dj',
'doc',
'docs',
'docs',
'drive',
'drives',
'driver',
'e',
'email',
'emails',
'error',
'explore',
'export',
'exports',
'f',
'feed',
'font',
'fonts',
'follow',
'follows',
'followme',
'follow-me',
'follow_me',
'g',
'gdpr',
'graph',
'ghost',
'ghosts',
'group',
'groups',
'h',
'home',
'help',
'helpcenter',
'help-center',
'help_center',
'help_center_',
'help-center-',
'help-center_',
'help_center-',
'i',
'img',
'imgs',
'image',
'images',
'invite',
'invites',
'import',
'imports',
'j',
'js',
'k',
'key',
'l',
'lab',
'labs',
'legal',
'live',
'loop',
'loops',
'location',
'locations',
'login',
'logout',
'm',
'media',
'menu',
'music',
'n',
'news',
'new',
'news',
'news',
'newsfeed',
'newsroom',
'newsrooms',
'news-room',
'news-rooms',
'o',
'oauth',
'official',
'p',
'page',
'pages',
'pin',
'pins',
'photo',
'photos',
'password',
'privacy',
'private',
'q',
'quote',
'query',
'r',
'register',
'registers',
'review',
'reset',
'report',
'results',
'reports',
'robot',
'robots',
's',
'search',
'sell',
'send',
'settings',
'status',
'statuses',
'site',
'sites',
'stage',
'static',
'story',
'stories',
'support',
'svg',
'svgs',
't',
'terms',
'telescope',
'timeline',
'timelines',
'tour',
'tv',
'u',
'user',
'users',
'username',
'usernames',
'v',
'valet',
'video',
'videos',
'vendor',
'w',
'waiter',
'wall',
'whats-new',
'whatsnew',
'whatnew',
'whats-news',
'ws',
'wss',
'www',
'x',
'y',
'z',
'400',
'401',
'403',
'404',
'500',
'503',
'504',
];
// Reserved routes
'a',
'app',
'about',
'aboutus',
'about-us',
'abuse',
'account',
'admins',
'api',
'audio',
'auth',
'b',
'bartender',
'broadcast',
'broadcaster',
'booth',
'bouncer',
'c',
'cdn',
'circle',
'circles',
'checkpoint',
'collection',
'collections',
'community',
'communities',
'contact',
'contact-us',
'contact_us',
'costar',
'costars',
'css',
'd',
'dashboard',
'dmca',
'db',
'deck',
'dev',
'developer',
'developers',
'discover',
'discovers',
'dj',
'doc',
'docs',
'docs',
'drive',
'drives',
'driver',
'e',
'email',
'emails',
'error',
'explore',
'export',
'exports',
'f',
'feed',
'font',
'fonts',
'follow',
'follows',
'followme',
'follow-me',
'follow_me',
'g',
'gdpr',
'graph',
'ghost',
'ghosts',
'group',
'groups',
'h',
'home',
'help',
'helpcenter',
'help-center',
'help_center',
'help_center_',
'help-center-',
'help-center_',
'help_center-',
'i',
'img',
'imgs',
'image',
'images',
'invite',
'invites',
'import',
'imports',
'j',
'js',
'k',
'key',
'l',
'lab',
'labs',
'legal',
'live',
'loop',
'loops',
'location',
'locations',
'login',
'logout',
'm',
'media',
'menu',
'music',
'n',
'news',
'new',
'news',
'news',
'newsfeed',
'newsroom',
'newsrooms',
'news-room',
'news-rooms',
'o',
'oauth',
'official',
'p',
'page',
'pages',
'pin',
'pins',
'photo',
'photos',
'password',
'privacy',
'private',
'q',
'quote',
'query',
'r',
'register',
'registers',
'review',
'reset',
'report',
'results',
'reports',
'robot',
'robots',
's',
'search',
'sell',
'send',
'settings',
'status',
'statuses',
'site',
'sites',
'stage',
'static',
'story',
'stories',
'support',
'svg',
'svgs',
't',
'terms',
'telescope',
'timeline',
'timelines',
'tour',
'tv',
'u',
'user',
'users',
'username',
'usernames',
'v',
'valet',
'video',
'videos',
'vendor',
'w',
'waiter',
'wall',
'whats-new',
'whatsnew',
'whatnew',
'whats-news',
'ws',
'wss',
'www',
'x',
'y',
'z',
'400',
'401',
'403',
'404',
'500',
'503',
'504',
];
public static function get()
{
$reserved = $blacklist = [];
public static function get()
{
$banned = [];
if (true == config('pixelfed.restricted_names.use_blacklist')) {
$blacklist = self::$blacklist;
}
if(config('instance.username.banned')) {
$banned = array_map('trim', explode(',', config('instance.username.banned')));
}
if (true == config('pixelfed.restricted_names.reserved_routes')) {
$reserved = self::$reserved;
}
$additional = self::$additional;
$reserved = self::$reserved;
return array_merge($blacklist, $reserved);
}
$res = array_merge($additional, $reserved, $banned);
sort($res);
return $res;
}
}

View file

@ -41,6 +41,7 @@ return [
]
],
'username' => [
'banned' => env('BANNED_USERNAMES'),
'remote' => [
'formats' => ['@', 'from', 'custom'],
'format' => in_array(env('USERNAME_REMOTE_FORMAT', '@'), ['@','from','custom']) ? env('USERNAME_REMOTE_FORMAT', '@') : '@',

View file

@ -48,20 +48,6 @@ return [
*/
'memory_limit' => env('MEMORY_LIMIT', '1024M'),
/*
|--------------------------------------------------------------------------
| Restricted Usernames
|--------------------------------------------------------------------------
|
| Optional blacklist to prevent registering usernames that could
| be confused for admin or system services.
|
*/
'restricted_names' => [
'reserved_routes' => true,
'use_blacklist' => env('USERNAME_BLACKLIST', false),
],
/*
|--------------------------------------------------------------------------
| Allow New Registrations
@ -278,4 +264,6 @@ return [
'admin' => [
'env_editor' => env('ADMIN_ENV_EDITOR', false)
],
'links_per_post' => env('MAX_LINKS_PER_POST', 0)
];