Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forbid profane usernames #80

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

Forbid profane usernames #80

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
1a6f9b8
lock cache during update
dimkr Oct 14, 2024
3d3bdc5
bypass cache in tests
dimkr Oct 14, 2024
650a5b6
clean up cache.go
dimkr Oct 15, 2024
a16225e
forbid profane usernames
dimkr Oct 15, 2024
1702fd4
Revert "clean up cache.go"
dimkr Oct 17, 2024
22b9bb2
Revert "bypass cache in tests"
dimkr Oct 17, 2024
4257430
Revert "lock cache during update"
dimkr Oct 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions front/register.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
"crypto/tls"
"database/sql"
"fmt"
"github.com/TwiN/go-away"
"github.com/dimkr/tootik/ap"
"github.com/dimkr/tootik/front/text"
"github.com/dimkr/tootik/front/user"
Expand Down Expand Up @@ -83,6 +84,11 @@ func (h *Handler) register(w text.Writer, r *Request, args ...string) {
}
}

if goaway.IsProfane(userName) {
r.Log.Warn("Detected profane user name", "name", userName)
userName = ""
}

if userName == "" {
w.Status(10, "New user name")
return
Expand Down
2 changes: 2 additions & 0 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,10 @@ require (
)

require (
github.com/TwiN/go-away v1.6.13 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
golang.org/x/sys v0.15.0 // indirect
golang.org/x/text v0.19.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
4 changes: 4 additions & 0 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
github.com/TwiN/go-away v1.6.13 h1:aB6l/FPXmA5ds+V7I9zdhxzpsLLUvVtEuS++iU/ZmgE=
github.com/TwiN/go-away v1.6.13/go.mod h1:MpvIC9Li3minq+CGgbgUDvQ9tDaeW35k5IXZrF9MVas=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
Expand All @@ -14,6 +16,8 @@ golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
Expand Down
83 changes: 83 additions & 0 deletions test/register_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1082,3 +1082,86 @@ func TestRegister_RedirectTwice(t *testing.T) {
assert.Regexp(data.expected, string(resp))
}
}

func TestRegister_ProfanityFilter(t *testing.T) {
assert := assert.New(t)

dbPath := fmt.Sprintf("/tmp/%s.sqlite3?_journal_mode=WAL", t.Name())
defer os.Remove(fmt.Sprintf("/tmp/%s.sqlite3", t.Name()))
db, err := sql.Open("sqlite3", dbPath)
assert.NoError(err)

var cfg cfg.Config
cfg.FillDefaults()

assert.NoError(migrations.Run(context.Background(), domain, db))

serverKeyPair, err := tls.X509KeyPair([]byte(serverCert), []byte(serverKey))
assert.NoError(err)

serverCfg := tls.Config{
Certificates: []tls.Certificate{serverKeyPair},
MinVersion: tls.VersionTLS12,
ClientAuth: tls.RequestClientCert,
}

erinKeyPair, err := tls.X509KeyPair([]byte(erinCert), []byte(erinKey))
assert.NoError(err)

clientCfg := tls.Config{
Certificates: []tls.Certificate{erinKeyPair},
InsecureSkipVerify: true,
}

socketPath := fmt.Sprintf("/tmp/%s.socket", t.Name())

localListener, err := net.Listen("unix", socketPath)
assert.NoError(err)
defer os.Remove(socketPath)

tlsListener := tls.NewListener(localListener, &serverCfg)
defer tlsListener.Close()

unixReader, err := net.Dial("unix", socketPath)
assert.NoError(err)
defer unixReader.Close()

tlsWriter, err := tlsListener.Accept()
assert.NoError(err)

tlsReader := tls.Client(unixReader, &clientCfg)
defer tlsReader.Close()

var wg sync.WaitGroup
wg.Add(2)
go func() {
assert.NoError(tlsReader.Handshake())
wg.Done()
}()
go func() {
assert.NoError(tlsWriter.(*tls.Conn).Handshake())
wg.Done()
}()
wg.Wait()

_, err = tlsReader.Write([]byte("gemini://localhost.localdomain:8965/users/register?poop\r\n"))
assert.NoError(err)

handler, err := front.NewHandler(domain, false, &cfg, fed.NewResolver(nil, domain, &cfg, &http.Client{}, db), db)
assert.NoError(err)

l := gemini.Listener{
Domain: domain,
Config: &cfg,
Handler: handler,
DB: db,
}
l.Handle(context.Background(), tlsWriter)

tlsWriter.Close()

resp, err := io.ReadAll(tlsReader)
assert.NoError(err)

assert.Equal("10 New user name\r\n", string(resp))
}
Loading