Merge pull request #1943 from pixelfed/staging

Add BANNED_USERNAMES env var support to RestrictedNames

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## [Unreleased](https://github.com/pixelfed/pixelfed/compare/v0.10.7...dev)
 ### Added
+- Added ```BANNED_USERNAMES``` .env var, an optional comma separated string to ban specific usernames from being used ([6cdd64c6](https://github.com/pixelfed/pixelfed/commit/6cdd64c6))
 
 ### Fixed
 - Fixed Story Compose bug affecting postgres instances ([#1918](https://github.com/pixelfed/pixelfed/pull/1918))

app/Util/Lexer/RestrictedNames.php

@@ -4,306 +4,308 @@ namespace App\Util\Lexer;
 
 class RestrictedNames
 {
-    public static $blacklist = [
-     'autoconfig',
-     'blog',
-     'broadcasthost',
-     'copyright',
-     'download',
-     'domainadmin',
-     'domainadministrator',
-     'errors',
-     'events',
-     'example',
-     'faq',
-     'faqs',
-     'features',
-     'ftp',
-     'guest',
-     'guests',
-     'hostmaster',
-     'hostmaster',
-     'imap',
-     'info',
-     'information',
-     'is',
-     'isatap',
-     'it',
-     'localdomain',
-     'localhost',
-     'mail',
-     'mailer-daemon',
-     'mailerdaemon',
-     'marketing',
-     'me',
-     'mis',
-     'mx',
-     'no-reply',
-     'nobody',
-     'noc',
-     'noreply',
-     'ns0',
-     'ns1',
-     'ns2',
-     'ns3',
-     'ns4',
-     'ns5',
-     'ns6',
-     'ns7',
-     'ns8',
-     'ns9',
-     'owner',
-     'pop',
-     'pop3',
-     'postmaster',
-     'pricing',
-     'root',
-     'sales',
-     'security',
-     'signin',
-     'signout',
-     'smtp',
-     'src',
-     'ssladmin',
-     'ssladministrator',
-     'sslwebmaster',
-     'sys',
-     'sysadmin',
-     'system',
-     'tutorial',
-     'tutorials',
-     'usenet',
-     'uucp',
-     'webmaster',
-     'wpad',
-   ];
+	public static $additional = [
+		'autoconfig',
+		'blog',
+		'broadcasthost',
+		'copyright',
+		'download',
+		'domainadmin',
+		'domainadministrator',
+		'errors',
+		'events',
+		'example',
+		'faq',
+		'faqs',
+		'features',
+		'ftp',
+		'guest',
+		'guests',
+		'hostmaster',
+		'hostmaster',
+		'imap',
+		'info',
+		'information',
+		'is',
+		'isatap',
+		'it',
+		'localdomain',
+		'localhost',
+		'mail',
+		'mailer-daemon',
+		'mailerdaemon',
+		'marketing',
+		'me',
+		'mis',
+		'mx',
+		'no-reply',
+		'nobody',
+		'noc',
+		'noreply',
+		'ns0',
+		'ns1',
+		'ns2',
+		'ns3',
+		'ns4',
+		'ns5',
+		'ns6',
+		'ns7',
+		'ns8',
+		'ns9',
+		'owner',
+		'pop',
+		'pop3',
+		'postmaster',
+		'pricing',
+		'root',
+		'sales',
+		'security',
+		'signin',
+		'signout',
+		'smtp',
+		'src',
+		'ssladmin',
+		'ssladministrator',
+		'sslwebmaster',
+		'sys',
+		'sysadmin',
+		'system',
+		'tutorial',
+		'tutorials',
+		'usenet',
+		'uucp',
+		'webmaster',
+		'wpad',
+	];
 
-    public static $reserved = [
-     // Reserved for instance admin
-     'admin',
-     'administrator',
+	public static $reserved = [
+		// Reserved for instance admin
+		'admin',
+		'administrator',
 
-     // Static Assets
-     'assets',
-     'storage',
+		// Static Assets
+		'assets',
+		'storage',
 
-     // Laravel Horizon
-     'horizon',
+		// Laravel Horizon
+		'horizon',
 
-     // Reserved routes
-     'a',
-     'app',
-     'about',
-     'aboutus',
-     'about-us',
-     'abuse',
-     'account',
-     'admins',
-     'api',
-     'audio',
-     'auth',
-     'b',
-     'bartender',
-     'broadcast',
-     'broadcaster',
-     'booth',
-     'bouncer',
-     'c',
-     'cdn',
-     'circle',
-     'circles',
-     'checkpoint',
-     'collection',
-     'collections',
-     'community',
-     'communities',
-     'contact',
-     'contact-us',
-     'contact_us',
-     'costar',
-     'costars',
-     'css',
-     'd',
-     'dashboard',
-     'dmca',
-     'db',
-     'deck',
-     'dev',
-     'developer',
-     'developers',
-     'discover',
-     'discovers',
-     'dj',
-     'doc',
-     'docs',
-     'docs',
-     'drive',
-     'drives',
-     'driver',
-     'e',
-     'email',
-     'emails',
-     'error',
-     'explore',
-     'export',
-     'exports',
-     'f',
-     'feed',
-     'font',
-     'fonts',
-     'follow',
-     'follows',
-     'followme',
-     'follow-me',
-     'follow_me',
-     'g',
-     'gdpr',
-     'graph',
-     'ghost',
-     'ghosts',
-     'group',
-     'groups',
-     'h',
-     'home',
-     'help',
-     'helpcenter',
-     'help-center',
-     'help_center',
-     'help_center_',
-     'help-center-',
-     'help-center_',
-     'help_center-',
-     'i',
-     'img',
-     'imgs',
-     'image',
-     'images',
-     'invite',
-     'invites',
-     'import',
-     'imports',
-     'j',
-     'js',
-     'k',
-     'key',
-     'l',
-     'lab',
-     'labs',
-     'legal',
-     'live',
-     'loop',
-     'loops',
-     'location',
-     'locations',
-     'login',
-     'logout',
-     'm',
-     'media',
-     'menu',
-     'music',
-     'n',
-     'news',
-     'new',
-     'news',
-     'news',
-     'newsfeed',
-     'newsroom',
-     'newsrooms',
-     'news-room',
-     'news-rooms',
-     'o',
-     'oauth',
-     'official',
-     'p',
-     'page',
-     'pages',
-     'pin',
-     'pins',
-     'photo',
-     'photos',
-     'password',
-     'privacy',
-     'private',
-     'q',
-     'quote',
-     'query',
-     'r',
-     'register',
-     'registers',
-     'review',
-     'reset',
-     'report',
-     'results',
-     'reports',
-     'robot',
-     'robots',
-     's',
-     'search',
-     'sell',
-     'send',
-     'settings',
-     'status',
-     'statuses',
-     'site',
-     'sites',
-     'stage',
-     'static',
-     'story',
-     'stories',
-     'support',
-     'svg',
-     'svgs',
-     't',
-     'terms',
-     'telescope',
-     'timeline',
-     'timelines',
-     'tour',
-     'tv',
-     'u',
-     'user',
-     'users',
-     'username',
-     'usernames',
-     'v',
-     'valet',
-     'video',
-     'videos',
-     'vendor',
-     'w',
-     'waiter',
-     'wall',
-     'whats-new',
-     'whatsnew',
-     'whatnew',
-     'whats-news',
-     'ws',
-     'wss',
-     'www',
-     'x',
-     'y',
-     'z',
-     '400',
-     '401',
-     '403',
-     '404',
-     '500',
-     '503',
-     '504',
-  ];
+		// Reserved routes
+		'a',
+		'app',
+		'about',
+		'aboutus',
+		'about-us',
+		'abuse',
+		'account',
+		'admins',
+		'api',
+		'audio',
+		'auth',
+		'b',
+		'bartender',
+		'broadcast',
+		'broadcaster',
+		'booth',
+		'bouncer',
+		'c',
+		'cdn',
+		'circle',
+		'circles',
+		'checkpoint',
+		'collection',
+		'collections',
+		'community',
+		'communities',
+		'contact',
+		'contact-us',
+		'contact_us',
+		'costar',
+		'costars',
+		'css',
+		'd',
+		'dashboard',
+		'dmca',
+		'db',
+		'deck',
+		'dev',
+		'developer',
+		'developers',
+		'discover',
+		'discovers',
+		'dj',
+		'doc',
+		'docs',
+		'docs',
+		'drive',
+		'drives',
+		'driver',
+		'e',
+		'email',
+		'emails',
+		'error',
+		'explore',
+		'export',
+		'exports',
+		'f',
+		'feed',
+		'font',
+		'fonts',
+		'follow',
+		'follows',
+		'followme',
+		'follow-me',
+		'follow_me',
+		'g',
+		'gdpr',
+		'graph',
+		'ghost',
+		'ghosts',
+		'group',
+		'groups',
+		'h',
+		'home',
+		'help',
+		'helpcenter',
+		'help-center',
+		'help_center',
+		'help_center_',
+		'help-center-',
+		'help-center_',
+		'help_center-',
+		'i',
+		'img',
+		'imgs',
+		'image',
+		'images',
+		'invite',
+		'invites',
+		'import',
+		'imports',
+		'j',
+		'js',
+		'k',
+		'key',
+		'l',
+		'lab',
+		'labs',
+		'legal',
+		'live',
+		'loop',
+		'loops',
+		'location',
+		'locations',
+		'login',
+		'logout',
+		'm',
+		'media',
+		'menu',
+		'music',
+		'n',
+		'news',
+		'new',
+		'news',
+		'news',
+		'newsfeed',
+		'newsroom',
+		'newsrooms',
+		'news-room',
+		'news-rooms',
+		'o',
+		'oauth',
+		'official',
+		'p',
+		'page',
+		'pages',
+		'pin',
+		'pins',
+		'photo',
+		'photos',
+		'password',
+		'privacy',
+		'private',
+		'q',
+		'quote',
+		'query',
+		'r',
+		'register',
+		'registers',
+		'review',
+		'reset',
+		'report',
+		'results',
+		'reports',
+		'robot',
+		'robots',
+		's',
+		'search',
+		'sell',
+		'send',
+		'settings',
+		'status',
+		'statuses',
+		'site',
+		'sites',
+		'stage',
+		'static',
+		'story',
+		'stories',
+		'support',
+		'svg',
+		'svgs',
+		't',
+		'terms',
+		'telescope',
+		'timeline',
+		'timelines',
+		'tour',
+		'tv',
+		'u',
+		'user',
+		'users',
+		'username',
+		'usernames',
+		'v',
+		'valet',
+		'video',
+		'videos',
+		'vendor',
+		'w',
+		'waiter',
+		'wall',
+		'whats-new',
+		'whatsnew',
+		'whatnew',
+		'whats-news',
+		'ws',
+		'wss',
+		'www',
+		'x',
+		'y',
+		'z',
+		'400',
+		'401',
+		'403',
+		'404',
+		'500',
+		'503',
+		'504',
+	];
 
-    public static function get()
-    {
-        $reserved = $blacklist = [];
+	public static function get()
+	{
+		$banned = [];
 
-        if (true == config('pixelfed.restricted_names.use_blacklist')) {
-            $blacklist = self::$blacklist;
-        }
+		if(config('instance.username.banned')) {
+			$banned = array_map('trim', explode(',', config('instance.username.banned')));
+		}
 
-        if (true == config('pixelfed.restricted_names.reserved_routes')) {
-            $reserved = self::$reserved;
-        }
+		$additional = self::$additional;
+		$reserved = self::$reserved;
 
-        return array_merge($blacklist, $reserved);
-    }
+		$res = array_merge($additional, $reserved, $banned);
+		sort($res);
+		
+		return $res;
+	}
 }

config/instance.php

@@ -41,6 +41,7 @@ return [
 		]
 	],
 	'username' => [
+		'banned' => env('BANNED_USERNAMES'),
 		'remote' => [
 			'formats' => ['@', 'from', 'custom'],
 			'format' => in_array(env('USERNAME_REMOTE_FORMAT', '@'), ['@','from','custom']) ? env('USERNAME_REMOTE_FORMAT', '@') : '@',

config/pixelfed.php

@@ -48,20 +48,6 @@ return [
     */
     'memory_limit' => env('MEMORY_LIMIT', '1024M'),
 
-    /*
-    |--------------------------------------------------------------------------
-    | Restricted Usernames
-    |--------------------------------------------------------------------------
-    |
-    | Optional blacklist to prevent registering usernames that could
-    | be confused for admin or system services.
-    |
-    */
-    'restricted_names' => [
-      'reserved_routes' => true,
-      'use_blacklist'   => env('USERNAME_BLACKLIST', false),
-    ],
-
     /*
     |--------------------------------------------------------------------------
     | Allow New Registrations
@@ -278,4 +264,6 @@ return [
     'admin' => [
         'env_editor' => env('ADMIN_ENV_EDITOR', false)
     ],
+
+    'links_per_post' => env('MAX_LINKS_PER_POST', 0) 
 ];