Merge branch 'main' into dev

server/db/pg/schema/privateSchema.ts

@@ -328,6 +328,14 @@ export const approvals = pgTable("approvals", {
         .notNull()
 });
 
+export const bannedEmails = pgTable("bannedEmails", {
+    email: varchar("email", { length: 255 }).primaryKey(),
+});
+
+export const bannedIps = pgTable("bannedIps", {
+    ip: varchar("ip", { length: 255 }).primaryKey(),
+});
+
 export type Approval = InferSelectModel<typeof approvals>;
 export type Limit = InferSelectModel<typeof limits>;
 export type Account = InferSelectModel<typeof account>;

server/db/sqlite/schema/privateSchema.ts

@@ -318,6 +318,15 @@ export const approvals = sqliteTable("approvals", {
         .notNull()
 });
 
+
+export const bannedEmails = sqliteTable("bannedEmails", {
+    email: text("email").primaryKey()
+});
+
+export const bannedIps = sqliteTable("bannedIps", {
+    ip: text("ip").primaryKey()
+});
+
 export type Approval = InferSelectModel<typeof approvals>;
 export type Limit = InferSelectModel<typeof limits>;
 export type Account = InferSelectModel<typeof account>;

server/routers/auth/signup.ts

@@ -1,5 +1,5 @@
 import { NextFunction, Request, Response } from "express";
-import { db, users } from "@server/db";
+import { bannedEmails, bannedIps, db, users } from "@server/db";
 import HttpCode from "@server/types/HttpCode";
 import { email, z } from "zod";
 import { fromError } from "zod-validation-error";
@@ -65,6 +65,30 @@ export async function signup(
         skipVerificationEmail
     } = parsedBody.data;
 
+    const [bannedEmail] = await db
+        .select()
+        .from(bannedEmails)
+        .where(eq(bannedEmails.email, email))
+        .limit(1);
+    if (bannedEmail) {
+        return next(
+            createHttpError(HttpCode.FORBIDDEN, "Signup blocked. Do not attempt to continue to use this service.")
+        );
+    }
+
+    if (req.ip) {
+        const [bannedIp] = await db
+            .select()
+            .from(bannedIps)
+            .where(eq(bannedIps.ip, req.ip))
+            .limit(1);
+        if (bannedIp) {
+            return next(
+                createHttpError(HttpCode.FORBIDDEN, "Signup blocked. Do not attempt to continue to use this service.")
+            );
+        }
+    }
+
     const passwordHash = await hashPassword(password);
     const userId = generateId(15);
 

server/routers/resource/createResource.ts

@@ -223,6 +223,20 @@ async function createHttpResource(
         );
     }
 
+    // Prevent creating resource with same domain as dashboard
+    const dashboardUrl = config.getRawConfig().app.dashboard_url;
+    if (dashboardUrl) {
+        const dashboardHost = new URL(dashboardUrl).hostname;
+        if (fullDomain === dashboardHost) {
+            return next(
+                createHttpError(
+                    HttpCode.CONFLICT,
+                    "Resource domain cannot be the same as the dashboard domain"
+                )
+            );
+        }
+    }
+
     if (build != "oss") {
         const existingLoginPages = await db
             .select()

server/routers/resource/updateResource.ts

@@ -353,6 +353,20 @@ async function updateHttpResource(
                 );
             }
 
+            // Prevent updating resource with same domain as dashboard
+            const dashboardUrl = config.getRawConfig().app.dashboard_url;
+            if (dashboardUrl) {
+                const dashboardHost = new URL(dashboardUrl).hostname;
+                if (fullDomain === dashboardHost) {
+                    return next(
+                        createHttpError(
+                            HttpCode.CONFLICT,
+                            "Resource domain cannot be the same as the dashboard domain"
+                        )
+                    );
+                }
+            }
+        
             if (build != "oss") {
                 const existingLoginPages = await db
                     .select()