Add options to filter registrations on invite request text

[ClearlyClaire]

This partially addresses #13269 and #10742 by adding registration text filters: the rationale being that spambots frequently feel invited to paste their crap into the invite request field, so providing a way to filter those with keywords and regexps seem useful.

Admin and moderation interfaces

Adding a filter

Regexp validation

Listing filters (mod and admin-facing)

Audit log (mod and admin-facing)

Registration form (user-facing)

[koyuawsmbrtn]

Another idea that came to my mind is to use regex to disallow reserved usernames like admin, root etc.

[shleeable]

Love to see it.

[Gargron]

Another idea that came to my mind is to use regex to disallow reserved usernames like admin, root etc.

There's already a list of reserved usernames! Though it's not regex, it's configurable.

[Gargron]

General thoughts:

• Making admins input regex directly will backfire. First, it's not very user-friendly and people will mess up the separators and escaped characters and what not (we've been through this with HTML already). Secondly, it's dangerous because people will accidentally create slow regexes. It would have to be something like our phrase filter form instead
• Too many settings on one page. We need to begin splitting up settings into separate pages, like a page dedicated to sign-ups or whatever. The form is too huge.

[ClearlyClaire]

Agreed wrt. regexps not being very user-friendly, although I do think being able to write regexps here is useful, maybe each filter could be either a word or a regexp. Wrt. slow regexps, only the instance admins can set them, and they are only applied to registrations, so I really don't think that's an issue.

I also agree with the fact the site settings would benefit being split into different pages, but I'm not too sure how they should be split.

[ClearlyClaire]

Maybe I could split this PR in 3:

• add the option to require invite request text (would still be an additional setting in the huge settings page, but we could break that down later)
• JS fixes
• add the option to filter on invite text (which would need to be reworked to not be a single regexp field)

[ClearlyClaire]

Split #15325 and #15326 out of it, I will rework the filtering thing later once they are merged.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[koyuawsmbrtn]

bump

[ClearlyClaire]

ping @Gargron

[ClearlyClaire]

ping @Gargron

[ClearlyClaire]

Rebased. Again.

cc @Gargron

[mstdn]

Wow, this is a great start!

[cking]

instead of allowing "plain" regex, you instead could use regular wildcards (that are already wildly used) like * and ?

at least almost everyone understands what star means in normal wildcard environments. you could even go so far to make it understand (web)paths by differentiating /*/ (single directory) and /**/ (nexted directories) though that would be more complicated to understand

[mstdn]

Bump..

Is there a possibility this can get merged? We really, really, reallllllyyy need something against the bots..

[ClearlyClaire]

Rebased again.

[github-actions]

This pull request has merge conflicts that must be resolved before it can be merged.