A few months ago, my blog was the casualty of a server intrusion with my previous host. This post has been reconstructed and for my new blog (which is now hosted by RackSpace in their cloud because you get what you pay for).
The Reserved Routes interceptor can be used to prevent users from obtaining any keywords used in your SES routes as usernames. Additionally, you can also explicitly reserve words you do not desire usernames to have (such as admin). To reserve these words my ColdBox interceptor should be loaded in your applicatons ColdBox Config file after the SES Interceptor. The Reserved Routes Interceptor then pulls the SES interceptor from the ColdBox Cache, extracts the routes and reserves any static strings in the first position of your URL.
/* EXAMPLE OF STATIC ROUTE RESERVATON
* The above route declaration would result in the
* ReservedRoutes interceptor generating a reserved
* string of 'about'.
*/
addRoute(pattern='about/:version?', handler='General', action='index');
/* DYNAMIC FIRST POSITION ROUTES ARE NOT RESERVED
* The following route declaration would not result in any
* reserved strings as the first element in the list
* is dynamic.
*/
addRoute(':handler/:action?');
Why was this interceptor created?
This interceptor was created to allow users to have their own URLs such as mywebsite.com/:username. During the registration process, their username is compared to my reserved routes. I also add additional strings to the reserved list to exclude words I do not wish users to have (such as bad words).
Installation Instructions
/* Step 1
* Add the interceptor to your ColdBox config
* AFTER the SES interceptor.
*/
interceptors = [
{class="coldbox.system.interceptors.Autowire" } // Examples of another interceptor
,{class="coldbox.system.interceptors.SES" } // SES FIRST !!!
,{class="interceptors.ReserveRoutes", properties={} } // ReservedRoutes Second !!!
,{class="interceptors.Constructor"} // Examples of another interceptor
,{class="interceptors.Layout"} // Examples of another interceptor
,{class="coldbox.system.interceptors.coldboxSideBar"} // Examples of another interceptor
];
/* Optional
* When you declare the interceptor in the ColdBox configuration
* file, you can provide a list of custom terms to reserve.
* For example, you may not want users to register a
* username like 'Admin'.
*/
interceptors = [
{class="coldbox.system.interceptors.Autowire" } // Examples of another interceptor
,{class="coldbox.system.interceptors.SES" } // SES FIRST !!!
,{class="interceptors.ReserveRoutes" // ReservedRoutes Second !!!
,properties={
custom= 'DontAllowThisWord // The next four lines are
,SomethingUnacceptable // explicitly reserved
,Dont-Allow-This-Word
,Or-This-One'}
}
,{class="interceptors.Constructor"} // Examples of another interceptor
,{class="interceptors.Layout"} // Examples of another interceptor
,{class="coldbox.system.interceptors.coldboxSideBar"} // Examples of another interceptor
];
Download
You can download my Reserved Routes interceptor from ColdBox's ForgeBox Web site.
