feat: block creating pages with system reserved paths

config.sample.yml

@@ -2,7 +2,7 @@
 # Wiki.js - CONFIGURATION                                             #
 #######################################################################
 # Full documentation + examples:
-# https://docs.requarks.io/wiki/install
+# https://docs-beta.requarks.io/install
 
 # ---------------------------------------------------------------------
 # Port the server should listen to

dev/build/config.yml

@@ -8,10 +8,5 @@ db:
   pass: $(DB_PASS)
   db: $(DB_NAME)
   storage: $(DB_FILEPATH)
-redis:
-  host: $(REDIS_HOST)
-  port: $(REDIS_PORT)
-  db: $(REDIS_DB)
-  password: $(REDIS_PASS)
 trustProxy: $(TRUST_PROXY)
 logLevel: info

server/app/data.yml

@@ -72,4 +72,14 @@ telemetry:
   BUGSNAG_REMOTE: 'https://notify.bugsnag.com'
   GA_ID: 'UA-9094100-7'
   GA_REMOTE: 'https://www.google-analytics.com/batch'
+reservedPaths:
+  - login
+  - logout
+  - register
+  - verify
+  - favicons
+  - fonts
+  - img
+  - js
+  - svg
 # ---------------------------------

server/controllers/common.js

@@ -22,6 +22,11 @@ router.get('/robots.txt', (req, res, next) => {
  */
 router.get(['/e', '/e/*'], async (req, res, next) => {
   const pageArgs = pageHelper.parsePath(req.path)
+
+  if (pageHelper.isReservedPath(pageArgs.path)) {
+    return next(new Error('Cannot create this page because it starts with a system reserved path.'))
+  }
+
   let page = await WIKI.models.pages.getPageFromDb({
     path: pageArgs.path,
     locale: pageArgs.locale,

server/helpers/page.js

@@ -56,5 +56,11 @@ module.exports = {
       default:
         return page.content
     }
+  },
+  /**
+   * Check if path is a reserved path
+   */
+  isReservedPath(rawPath)  {
+    return _.some(WIKI.data.reservedPaths, p => _.startsWith(rawPath, p))
   }
 }