feat: moderation

2025-05-30 14:35:15 +03:00 · 2025-05-30 14:35:15 +03:00 · 2def8d7a00
commit 2def8d7a00
parent db9c133bbb
6 changed files with 61 additions and 4 deletions
--- a/website/src/routes/api/settings/+server.ts
+++ b/website/src/routes/api/settings/+server.ts
@ -5,12 +5,17 @@ import { db } from '$lib/server/db';
 import { user } from '$lib/server/db/schema';
 import { eq } from 'drizzle-orm';
 import { MAX_FILE_SIZE } from '$lib/data/constants';
+import { isNameAppropriate } from '$lib/server/moderation';

-function validateInputs(name: string, bio: string, username: string, avatarFile: File | null) {
+async function validateInputs(name: string, bio: string, username: string, avatarFile: File | null) {
    if (name && name.length < 1) {
        throw error(400, 'Name cannot be empty');
    }

+    if (name && !(await isNameAppropriate(name))) {
+        throw error(400, 'Name contains inappropriate content');
+    }
+
    if (bio && bio.length > 160) {
        throw error(400, 'Bio must be 160 characters or less');
    }
@ -19,6 +24,10 @@ function validateInputs(name: string, bio: string, username: string, avatarFile:
        throw error(400, 'Username must be between 3 and 30 characters');
    }

+    if (username && !(await isNameAppropriate(username))) {
+        throw error(400, 'Username contains inappropriate content');
+    }
+
    if (avatarFile && avatarFile.size > MAX_FILE_SIZE) {
        throw error(400, 'Avatar file must be smaller than 1MB');
    }
@ -39,7 +48,7 @@ export async function POST({ request }) {
    const username = formData.get('username') as string;
    const avatarFile = formData.get('avatar') as File | null;

-    validateInputs(name, bio, username, avatarFile);
+    await validateInputs(name, bio, username, avatarFile);

    const updates: Record<string, any> = {
        name,
--- a/website/src/routes/api/settings/check-username/+server.ts
+++ b/website/src/routes/api/settings/check-username/+server.ts
@ -2,6 +2,7 @@ import { json } from '@sveltejs/kit';
 import { db } from '$lib/server/db';
 import { user } from '$lib/server/db/schema';
 import { eq } from 'drizzle-orm';
+import { isNameAppropriate } from '$lib/server/moderation';

 export async function GET({ url }) {
    const username = url.searchParams.get('username');
@ -9,6 +10,10 @@ export async function GET({ url }) {
        return json({ available: false });
    }

+    if (!(await isNameAppropriate(username))) {
+        return json({ available: false, reason: 'Inappropriate content' });
+    }
+
    const exists = await db.query.user.findFirst({
        where: eq(user.username, username)
    });