2022-01-30 09:48:59 -05:00
/ *
* SPDX - FileCopyrightText : 2022 The HedgeDoc developers ( see AUTHORS file )
*
* SPDX - License - Identifier : AGPL - 3.0 - only
* /
import { registerAs } from '@nestjs/config' ;
import * as Joi from 'joi' ;
2022-08-21 15:09:24 -04:00
import {
DefaultAccessPermission ,
getDefaultAccessPermissionOrdinal ,
} from './default-access-permission.enum' ;
import { GuestAccess } from './guest_access.enum' ;
2022-03-04 17:43:09 -05:00
import { buildErrorMessage , parseOptionalNumber , toArrayConfig } from './utils' ;
2022-01-30 09:48:59 -05:00
export interface NoteConfig {
forbiddenNoteIds : string [ ] ;
maxDocumentLength : number ;
2022-08-21 15:09:24 -04:00
guestAccess : GuestAccess ;
permissions : {
default : {
everyone : DefaultAccessPermission ;
loggedIn : DefaultAccessPermission ;
} ;
} ;
2022-01-30 09:48:59 -05:00
}
2022-08-21 15:09:24 -04:00
const schema = Joi . object < NoteConfig > ( {
2022-01-30 09:48:59 -05:00
forbiddenNoteIds : Joi.array ( )
. items ( Joi . string ( ) )
. optional ( )
. default ( [ ] )
. label ( 'HD_FORBIDDEN_NOTE_IDS' ) ,
maxDocumentLength : Joi.number ( )
. default ( 100000 )
2022-03-04 18:26:04 -05:00
. positive ( )
. integer ( )
2022-01-30 09:48:59 -05:00
. optional ( )
. label ( 'HD_MAX_DOCUMENT_LENGTH' ) ,
2022-08-21 15:09:24 -04:00
guestAccess : Joi.string ( )
. valid ( . . . Object . values ( GuestAccess ) )
. optional ( )
. default ( GuestAccess . WRITE )
. label ( 'HD_GUEST_ACCESS' ) ,
permissions : {
default : {
everyone : Joi.string ( )
. valid ( . . . Object . values ( DefaultAccessPermission ) )
. optional ( )
. default ( DefaultAccessPermission . READ )
. label ( 'HD_PERMISSION_DEFAULT_EVERYONE' ) ,
loggedIn : Joi.string ( )
. valid ( . . . Object . values ( DefaultAccessPermission ) )
. optional ( )
. default ( DefaultAccessPermission . WRITE )
. label ( 'HD_PERMISSION_DEFAULT_LOGGED_IN' ) ,
} ,
} ,
2022-01-30 09:48:59 -05:00
} ) ;
2022-08-21 15:09:24 -04:00
function checkEveryoneConfigIsConsistent ( config : NoteConfig ) : void {
const everyoneDefaultSet =
process . env . HD_PERMISSION_DEFAULT_EVERYONE !== undefined ;
if ( config . guestAccess === GuestAccess . DENY && everyoneDefaultSet ) {
throw new Error (
` 'HD_GUEST_ACCESS' is set to ' ${ config . guestAccess } ', but 'HD_PERMISSION_DEFAULT_EVERYONE' is also configured. Please remove 'HD_PERMISSION_DEFAULT_EVERYONE'. ` ,
) ;
}
}
function checkLoggedInUsersHaveHigherDefaultPermissionsThanGuests (
config : NoteConfig ,
) : void {
const everyone = config . permissions . default . everyone ;
const loggedIn = config . permissions . default . loggedIn ;
if (
getDefaultAccessPermissionOrdinal ( everyone ) >
getDefaultAccessPermissionOrdinal ( loggedIn )
) {
throw new Error (
` 'HD_PERMISSION_DEFAULT_EVERYONE' is set to ' ${ everyone } ', but 'HD_PERMISSION_DEFAULT_LOGGED_IN' is set to ' ${ loggedIn } '. This gives everyone greater permissions than logged-in users which is not allowed. ` ,
) ;
}
}
2022-01-30 09:48:59 -05:00
export default registerAs ( 'noteConfig' , ( ) = > {
const noteConfig = schema . validate (
{
forbiddenNoteIds : toArrayConfig ( process . env . HD_FORBIDDEN_NOTE_IDS , ',' ) ,
2022-03-04 17:43:09 -05:00
maxDocumentLength : parseOptionalNumber (
process . env . HD_MAX_DOCUMENT_LENGTH ,
) ,
2022-08-21 15:09:24 -04:00
guestAccess : process.env.HD_GUEST_ACCESS ,
permissions : {
default : {
everyone : process.env.HD_PERMISSION_DEFAULT_EVERYONE ,
loggedIn : process.env.HD_PERMISSION_DEFAULT_LOGGED_IN ,
} ,
} ,
} as NoteConfig ,
2022-01-30 09:48:59 -05:00
{
abortEarly : false ,
presence : 'required' ,
} ,
) ;
if ( noteConfig . error ) {
const errorMessages = noteConfig . error . details . map (
( detail ) = > detail . message ,
) ;
throw new Error ( buildErrorMessage ( errorMessages ) ) ;
}
2022-08-21 15:09:24 -04:00
const config = noteConfig . value ;
checkEveryoneConfigIsConsistent ( config ) ;
checkLoggedInUsersHaveHigherDefaultPermissionsThanGuests ( config ) ;
return config ;
2022-01-30 09:48:59 -05:00
} ) ;
