From 473585a8e4620e298f10d9368f054123e4a82732 Mon Sep 17 00:00:00 2001
From: swh00tw <a6140000@gmail.com>
Date: Wed, 21 Feb 2024 18:55:44 -0500
Subject: [PATCH] fix: add username blacklist

#141
---
 apps/recnet/src/app/[username]/Profile.tsx | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/apps/recnet/src/app/[username]/Profile.tsx b/apps/recnet/src/app/[username]/Profile.tsx
index 94dba363..74d80f84 100644
--- a/apps/recnet/src/app/[username]/Profile.tsx
+++ b/apps/recnet/src/app/[username]/Profile.tsx
@@ -18,6 +18,17 @@ import { updateUser } from "@/server/user";
 import { getErrorMessage, isErrorWithMessage } from "@/utils/error";
 import { toast } from "sonner";
 
+const UsernameBlacklist = [
+  "about",
+  "api",
+  "all-users",
+  "feeds",
+  "help",
+  "onboard",
+  "search",
+  "user",
+];
+
 const EditUserProfileSchema = z.object({
   name: z.string().min(1, "Name cannot be blank."),
   username: z
@@ -27,6 +38,15 @@ const EditUserProfileSchema = z.object({
     .regex(
       /^[A-Za-z0-9_]+$/,
       "Username should be between 4 to 15 characters and contain only letters (A-Z, a-z), numbers, and underscores (_)."
+    )
+    .refine(
+      (name) => {
+        // username cannot be in blacklist or prefix with any reserved path
+        return !UsernameBlacklist.includes(name);
+      },
+      {
+        message: "Username is not allowed.",
+      }
     ),
   affiliation: z.string().optional(),
 });