From 9ba217e50af8eeeb15ad6125afed29f458966c26 Mon Sep 17 00:00:00 2001
From: Kei <budi03@gmail.com>
Date: Mon, 6 May 2024 01:16:42 +0700
Subject: [PATCH] Automatically prevent folder/file names that are in public
 folder from being used as keywords (#977)

---
 app/Services/KeyGeneratorService.php                  | 3 ++-
 config/urlhub.php                                     | 7 +------
 tests/Feature/FrontPage/ShortenUrl/ValidationTest.php | 2 +-
 tests/Unit/Rule/NotBlacklistedKeywordTest.php         | 6 +++++-
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/app/Services/KeyGeneratorService.php b/app/Services/KeyGeneratorService.php
index 2e58c2ae6..de0b78b1c 100644
--- a/app/Services/KeyGeneratorService.php
+++ b/app/Services/KeyGeneratorService.php
@@ -100,8 +100,9 @@ public function ensureStringCanBeUsedAsKey(string $value): bool
         $alreadyInUse = Url::whereKeyword($value)->exists();
         $isReservedKeyword = in_array($value, config('urlhub.reserved_keyword'));
         $isRoute = in_array($value, $route);
+        $isPublicPath = in_array($value, scandir(public_path()));
 
-        if ($alreadyInUse || $isReservedKeyword || $isRoute) {
+        if ($alreadyInUse || $isReservedKeyword || $isRoute || $isPublicPath) {
             return false;
         }
 
diff --git a/config/urlhub.php b/config/urlhub.php
index a0aaec406..dbf37e95b 100644
--- a/config/urlhub.php
+++ b/config/urlhub.php
@@ -56,12 +56,7 @@
      * example rude words.
      */
     'reserved_keyword' => [
-        'css',
-        'images',
-        'img',
-        'fonts',
-        'js',
-        'svg',
+        'images', 'img', 'fonts',
     ],
 
     'web_title' => env('UH_WEB_TITLE', true),
diff --git a/tests/Feature/FrontPage/ShortenUrl/ValidationTest.php b/tests/Feature/FrontPage/ShortenUrl/ValidationTest.php
index cfc1d8b77..81af33d9b 100644
--- a/tests/Feature/FrontPage/ShortenUrl/ValidationTest.php
+++ b/tests/Feature/FrontPage/ShortenUrl/ValidationTest.php
@@ -62,7 +62,7 @@ public static function customKeyFailProvider(): array
         return [
             ['fooBar'],
             ['foo_bar'],
-            ['css'], // reserved keyword
+            ['fonts'], // reserved keyword
             ['login'], // registered route
         ];
     }
diff --git a/tests/Unit/Rule/NotBlacklistedKeywordTest.php b/tests/Unit/Rule/NotBlacklistedKeywordTest.php
index 598f3c967..09ac75ea4 100644
--- a/tests/Unit/Rule/NotBlacklistedKeywordTest.php
+++ b/tests/Unit/Rule/NotBlacklistedKeywordTest.php
@@ -44,6 +44,10 @@ public static function registeredRouteDataProvider(): array
         return [
             ['login'],
             ['register'],
+
+            // in public folder
+            ['svg'], // folder
+            ['build'], // vite folder
         ];
     }
 
@@ -68,7 +72,7 @@ public function testCustomKeywordIsRegisteredRoute($value): void
     #[Group('u-rule')]
     public function testCustomKeywordIsReservedKeyword(): void
     {
-        $value = 'css';
+        $value = 'reserved_keyword';
         config(['urlhub.reserved_keyword' => [$value]]);
 
         $val = Helper::validator(['foo' => $value], ['foo' => new NotBlacklistedKeyword]);