From 5b64c95117598e672d806f64023f2ea94e469adc Mon Sep 17 00:00:00 2001
From: Nick <github@ngpixel.com>
Date: Fri, 19 Apr 2019 20:45:05 -0400
Subject: [PATCH] feat: block creating pages with system reserved paths

---
 config.sample.yml            |  2 +-
 dev/build/config.yml         |  5 -----
 server/app/data.yml          | 10 ++++++++++
 server/controllers/common.js |  5 +++++
 server/helpers/page.js       |  6 ++++++
 5 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/config.sample.yml b/config.sample.yml
index 7ee36eaa..eb587b2c 100644
--- a/config.sample.yml
+++ b/config.sample.yml
@@ -2,7 +2,7 @@
 # Wiki.js - CONFIGURATION                                             #
 #######################################################################
 # Full documentation + examples:
-# https://docs.requarks.io/wiki/install
+# https://docs-beta.requarks.io/install
 
 # ---------------------------------------------------------------------
 # Port the server should listen to
diff --git a/dev/build/config.yml b/dev/build/config.yml
index 73439655..40e8efc6 100644
--- a/dev/build/config.yml
+++ b/dev/build/config.yml
@@ -8,10 +8,5 @@ db:
   pass: $(DB_PASS)
   db: $(DB_NAME)
   storage: $(DB_FILEPATH)
-redis:
-  host: $(REDIS_HOST)
-  port: $(REDIS_PORT)
-  db: $(REDIS_DB)
-  password: $(REDIS_PASS)
 trustProxy: $(TRUST_PROXY)
 logLevel: info
diff --git a/server/app/data.yml b/server/app/data.yml
index c76d2663..8fd4111a 100644
--- a/server/app/data.yml
+++ b/server/app/data.yml
@@ -72,4 +72,14 @@ telemetry:
   BUGSNAG_REMOTE: 'https://notify.bugsnag.com'
   GA_ID: 'UA-9094100-7'
   GA_REMOTE: 'https://www.google-analytics.com/batch'
+reservedPaths:
+  - login
+  - logout
+  - register
+  - verify
+  - favicons
+  - fonts
+  - img
+  - js
+  - svg
 # ---------------------------------
diff --git a/server/controllers/common.js b/server/controllers/common.js
index 1d892f40..63afe9fc 100644
--- a/server/controllers/common.js
+++ b/server/controllers/common.js
@@ -22,6 +22,11 @@ router.get('/robots.txt', (req, res, next) => {
  */
 router.get(['/e', '/e/*'], async (req, res, next) => {
   const pageArgs = pageHelper.parsePath(req.path)
+
+  if (pageHelper.isReservedPath(pageArgs.path)) {
+    return next(new Error('Cannot create this page because it starts with a system reserved path.'))
+  }
+
   let page = await WIKI.models.pages.getPageFromDb({
     path: pageArgs.path,
     locale: pageArgs.locale,
diff --git a/server/helpers/page.js b/server/helpers/page.js
index 9893fe56..34517e9a 100644
--- a/server/helpers/page.js
+++ b/server/helpers/page.js
@@ -56,5 +56,11 @@ module.exports = {
       default:
         return page.content
     }
+  },
+  /**
+   * Check if path is a reserved path
+   */
+  isReservedPath(rawPath)  {
+    return _.some(WIKI.data.reservedPaths, p => _.startsWith(rawPath, p))
   }
 }