feat: profanity censoring and filtering

2026-06-28 06:34:15 +00:00 · 2025-04-23 22:04:05 +01:00 · 2025-04-23 22:04:05 +01:00 · 25c9bb079c
commit 25c9bb079c
parent e1d248853f
9 changed files with 41 additions and 5 deletions
--- a/src/app/api/auth/display-name/route.ts
+++ b/src/app/api/auth/display-name/route.ts
@ -1,4 +1,5 @@
 import { NextRequest, NextResponse } from "next/server";
+import { profanity } from "@2toad/profanity";

 import { auth } from "@/lib/auth";
 import { prisma } from "@/lib/prisma";
@ -14,6 +15,9 @@ export async function PATCH(request: NextRequest) {
 	const validation = displayNameSchema.safeParse(displayName);
 	if (!validation.success) return NextResponse.json({ error: validation.error.errors[0].message }, { status: 400 });

+	// Check for inappropriate words
+	if (profanity.exists(displayName)) return NextResponse.json({ error: "Display name contains inappropriate words" }, { status: 400 });
+
 	try {
 		await prisma.user.update({
 			where: { email: session.user?.email ?? undefined },
--- a/src/app/api/auth/username/route.ts
+++ b/src/app/api/auth/username/route.ts
@ -1,9 +1,11 @@
 import { NextRequest, NextResponse } from "next/server";

+import dayjs from "dayjs";
+import { profanity } from "@2toad/profanity";
+
 import { auth } from "@/lib/auth";
 import { prisma } from "@/lib/prisma";
 import { usernameSchema } from "@/lib/schemas";
-import dayjs from "dayjs";

 export async function PATCH(request: NextRequest) {
 	const session = await auth();
@ -24,6 +26,9 @@ export async function PATCH(request: NextRequest) {
 	const validation = usernameSchema.safeParse(username);
 	if (!validation.success) return NextResponse.json({ error: validation.error.errors[0].message }, { status: 400 });

+	// Check for inappropriate words
+	if (profanity.exists(username)) return NextResponse.json({ error: "Username contains inappropriate words" }, { status: 400 });
+
 	const existingUser = await prisma.user.findUnique({ where: { username } });
 	if (existingUser) return NextResponse.json({ error: "Username is already taken" }, { status: 400 });

--- a/src/app/api/mii/[id]/edit/route.ts
+++ b/src/app/api/mii/[id]/edit/route.ts
@ -6,6 +6,8 @@ import fs from "fs/promises";
 import path from "path";
 import sharp from "sharp";

+import { profanity } from "@2toad/profanity";
+
 import { auth } from "@/lib/auth";
 import { prisma } from "@/lib/prisma";
 import { idSchema, nameSchema, tagsSchema } from "@/lib/schemas";
@ -81,8 +83,8 @@ export async function PATCH(request: Request, { params }: { params: Promise<{ id

 	// Edit Mii in database
 	const updateData: Partial<Mii> = {};
-	if (name !== undefined) updateData.name = name;
-	if (tags !== undefined) updateData.tags = tags;
+	if (name !== undefined) updateData.name = profanity.censor(name); // Censor potential inappropriate words
+	if (tags !== undefined) updateData.tags = tags.map((t) => profanity.censor(t)); // Same here
 	if (images.length > 0) updateData.imageCount = images.length;

 	if (Object.keys(updateData).length == 0) return NextResponse.json({ error: "Nothing was changed" }, { status: 400 });
--- a/src/app/api/submit/route.ts
+++ b/src/app/api/submit/route.ts
@ -6,6 +6,7 @@ import path from "path";
 import sharp from "sharp";

 import qrcode from "qrcode-generator";
+import { profanity } from "@2toad/profanity";

 import { auth } from "@/lib/auth";
 import { prisma } from "@/lib/prisma";
@ -54,7 +55,11 @@ export async function POST(request: Request) {
 	});

 	if (!parsed.success) return NextResponse.json({ error: parsed.error.errors[0].message }, { status: 400 });
-	const { name, tags, qrBytesRaw, image1, image2, image3 } = parsed.data;
+	const { name: uncensoredName, tags: uncensoredTags, qrBytesRaw, image1, image2, image3 } = parsed.data;
+
+	// Censor potential inappropriate words
+	const name = profanity.censor(uncensoredName);
+	const tags = uncensoredTags.map((t) => profanity.censor(t));

 	// Validate image files
 	const images: File[] = [];
--- a/src/app/terms-of-service/page.tsx
+++ b/src/app/terms-of-service/page.tsx
@ -3,7 +3,7 @@ export default function PrivacyPage() {
 		<div>
 			<h1 className="text-2xl font-bold">Terms of Service</h1>
 			<h2 className="font-light">
-				<strong className="font-medium">Effective Date:</strong> April 06, 2025
+				<strong className="font-medium">Effective Date:</strong> April 23, 2025
 			</h2>

 			<hr className="border-black/20 mt-1 mb-4" />
@ -34,6 +34,7 @@ export default function PrivacyPage() {
 							<li>No impersonation of others.</li>
 							<li>No malware, malicious links, or phishing content.</li>
 							<li>No harassment, hate speech, threats, or bullying towards others.</li>
+							<li>Avoid using inappropriate language. Profanity may be automatically censored.</li>
 							<li>No use of automated scripts, bots, or scrapers to access or interact with the site.</li>
 						</ul>
 					</section>
--- a/src/lib/qr-codes.ts
+++ b/src/lib/qr-codes.ts
@ -1,4 +1,6 @@
+import { profanity } from "@2toad/profanity";
 import { AES_CCM } from "@trafficlunar/asmcrypto.js";
+
 import { MII_DECRYPTION_KEY } from "./constants";
 import Mii from "./mii.js/mii";
 import TomodachiLifeMii from "./tomodachi-life-mii";
@ -39,6 +41,11 @@ export function convertQrCode(bytes: Uint8Array): { mii: Mii; tomodachiLifeMii:
 			mii.facialHairColor = tomodachiLifeMii.studioHairColor;
 		}

+		// Censor potential inappropriate words
+		tomodachiLifeMii.firstName = profanity.censor(tomodachiLifeMii.firstName);
+		tomodachiLifeMii.lastName = profanity.censor(tomodachiLifeMii.lastName);
+		tomodachiLifeMii.islandName = profanity.censor(tomodachiLifeMii.islandName);
+
 		return { mii, tomodachiLifeMii };
 	} catch (error) {
 		console.error(error);
--- a/src/lib/schemas.ts
+++ b/src/lib/schemas.ts
@ -1,5 +1,7 @@
 import { z } from "zod";

+// profanity censoring bypasses the regex in some of these but I think it's funny
+
 export const querySchema = z
 	.string()
 	.trim()