feat: block creating pages with system reserved paths

server/app/data.yml

@@ -72,4 +72,14 @@ telemetry:
   BUGSNAG_REMOTE: 'https://notify.bugsnag.com'
   GA_ID: 'UA-9094100-7'
   GA_REMOTE: 'https://www.google-analytics.com/batch'
+reservedPaths:
+  - login
+  - logout
+  - register
+  - verify
+  - favicons
+  - fonts
+  - img
+  - js
+  - svg
 # ---------------------------------

server/controllers/common.js

@@ -22,6 +22,11 @@ router.get('/robots.txt', (req, res, next) => {
  */
 router.get(['/e', '/e/*'], async (req, res, next) => {
   const pageArgs = pageHelper.parsePath(req.path)
+
+  if (pageHelper.isReservedPath(pageArgs.path)) {
+    return next(new Error('Cannot create this page because it starts with a system reserved path.'))
+  }
+
   let page = await WIKI.models.pages.getPageFromDb({
     path: pageArgs.path,
     locale: pageArgs.locale,

server/helpers/page.js

@@ -56,5 +56,11 @@ module.exports = {
       default:
         return page.content
     }
+  },
+  /**
+   * Check if path is a reserved path
+   */
+  isReservedPath(rawPath)  {
+    return _.some(WIKI.data.reservedPaths, p => _.startsWith(rawPath, p))
   }
 }