forbid profane usernames

dimkr · Oct 15, 2024 · a16225e · a16225e
1 parent 650a5b6
commit a16225e
Show file tree

Hide file tree

Showing 4 changed files with 95 additions and 0 deletions.
diff --git a/front/register.go b/front/register.go
@@ -21,6 +21,7 @@ import (
 	"crypto/tls"
 	"database/sql"
 	"fmt"
+	"github.com/TwiN/go-away"
 	"github.com/dimkr/tootik/ap"
 	"github.com/dimkr/tootik/front/text"
 	"github.com/dimkr/tootik/front/user"
@@ -83,6 +84,11 @@ func (h *Handler) register(w text.Writer, r *Request, args ...string) {
 		}
 	}
 
+	if goaway.IsProfane(userName) {
+		r.Log.Warn("Detected profane user name", "name", userName)
+		userName = ""
+	}
+
 	if userName == "" {
 		w.Status(10, "New user name")
 		return

diff --git a/go.mod b/go.mod
@@ -11,8 +11,10 @@ require (
 )
 
 require (
+	github.com/TwiN/go-away v1.6.13 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -1,3 +1,5 @@
+github.com/TwiN/go-away v1.6.13 h1:aB6l/FPXmA5ds+V7I9zdhxzpsLLUvVtEuS++iU/ZmgE=
+github.com/TwiN/go-away v1.6.13/go.mod h1:MpvIC9Li3minq+CGgbgUDvQ9tDaeW35k5IXZrF9MVas=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
@@ -14,6 +16,8 @@ golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
 golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

diff --git a/test/register_test.go b/test/register_test.go
@@ -1082,3 +1082,86 @@ func TestRegister_RedirectTwice(t *testing.T) {
 		assert.Regexp(data.expected, string(resp))
 	}
 }
+
+func TestRegister_ProfanityFilter(t *testing.T) {
+	assert := assert.New(t)
+
+	dbPath := fmt.Sprintf("/tmp/%s.sqlite3?_journal_mode=WAL", t.Name())
+	defer os.Remove(fmt.Sprintf("/tmp/%s.sqlite3", t.Name()))
+	db, err := sql.Open("sqlite3", dbPath)
+	assert.NoError(err)
+
+	var cfg cfg.Config
+	cfg.FillDefaults()
+
+	assert.NoError(migrations.Run(context.Background(), domain, db))
+
+	serverKeyPair, err := tls.X509KeyPair([]byte(serverCert), []byte(serverKey))
+	assert.NoError(err)
+
+	serverCfg := tls.Config{
+		Certificates: []tls.Certificate{serverKeyPair},
+		MinVersion:   tls.VersionTLS12,
+		ClientAuth:   tls.RequestClientCert,
+	}
+
+	erinKeyPair, err := tls.X509KeyPair([]byte(erinCert), []byte(erinKey))
+	assert.NoError(err)
+
+	clientCfg := tls.Config{
+		Certificates:       []tls.Certificate{erinKeyPair},
+		InsecureSkipVerify: true,
+	}
+
+	socketPath := fmt.Sprintf("/tmp/%s.socket", t.Name())
+
+	localListener, err := net.Listen("unix", socketPath)
+	assert.NoError(err)
+	defer os.Remove(socketPath)
+
+	tlsListener := tls.NewListener(localListener, &serverCfg)
+	defer tlsListener.Close()
+
+	unixReader, err := net.Dial("unix", socketPath)
+	assert.NoError(err)
+	defer unixReader.Close()
+
+	tlsWriter, err := tlsListener.Accept()
+	assert.NoError(err)
+
+	tlsReader := tls.Client(unixReader, &clientCfg)
+	defer tlsReader.Close()
+
+	var wg sync.WaitGroup
+	wg.Add(2)
+	go func() {
+		assert.NoError(tlsReader.Handshake())
+		wg.Done()
+	}()
+	go func() {
+		assert.NoError(tlsWriter.(*tls.Conn).Handshake())
+		wg.Done()
+	}()
+	wg.Wait()
+
+	_, err = tlsReader.Write([]byte("gemini://localhost.localdomain:8965/users/register?poop\r\n"))
+	assert.NoError(err)
+
+	handler, err := front.NewHandler(domain, false, &cfg, fed.NewResolver(nil, domain, &cfg, &http.Client{}, db), db)
+	assert.NoError(err)
+
+	l := gemini.Listener{
+		Domain:  domain,
+		Config:  &cfg,
+		Handler: handler,
+		DB:      db,
+	}
+	l.Handle(context.Background(), tlsWriter)
+
+	tlsWriter.Close()
+
+	resp, err := io.ReadAll(tlsReader)
+	assert.NoError(err)
+
+	assert.Equal("10 New user name\r\n", string(resp))
+}