mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-21 09:16:30 -05:00
feat: option to disable note creation
The abuse of the demo instance required us to disallow note creation Signed-off-by: Erik Michelson <github@erik.michelson.eu> Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
This commit is contained in:
Erik Michelson
Tilman Vatteroth
parent
c85b11463d
commit
858d7bf5d1
9 changed files with 20 additions and 2 deletions
1
app.js
1
app.js
|
|
@ -203,6 +203,7 @@ app.locals.serverURL = config.serverURL
|
|||
app.locals.sourceURL = config.sourceURL
|
||||
app.locals.allowAnonymous = config.allowAnonymous
|
||||
app.locals.allowAnonymousEdits = config.allowAnonymousEdits
|
||||
app.locals.disableNoteCreation = config.disableNoteCreation
|
||||
app.locals.authProviders = {
|
||||
facebook: config.isFacebookEnable,
|
||||
twitter: config.isTwitterEnable,
|
||||
|
|
|
|||
|
|
@ -110,6 +110,7 @@ these are rarely used for various reasons.
|
|||
| `allowAnonymousEdits` | `CMD_ALLOW_ANONYMOUS_EDITS` | **`false`** or `true` | If `allowAnonymous` is `false`: allow users to select `freely` permission, allowing guests to edit existing notes (default is `false`). |
|
||||
| `allowFreeURL` | `CMD_ALLOW_FREEURL` | **`false`** or `true` | Set to allow new note creation by accessing a nonexistent note URL. This is the behavior familiar from [Etherpad](https://github.com/ether/etherpad-lite). |
|
||||
| `requireFreeURLAuthentication` | `CMD_REQUIRE_FREEURL_AUTHENTICATION` | **`false`** or `true` | Set to require authentication for FreeURL mode style note creation. |
|
||||
| `disableNoteCreation` | `CMD_DISABLE_NOTE_CREATION` | **`false`** or `true` | Set to `true` to disallow any person to create notes. |
|
||||
| `defaultPermission` | `CMD_DEFAULT_PERMISSION` | **`editable`**, `freely`, `limited`, `locked`, `protected` or `private` | Set notes default permission (only applied on signed-in users). |
|
||||
| `sessionName` | | **`connect.sid`** | Cookie session name. |
|
||||
| `sessionLife` | `CMD_SESSION_LIFE` | **`14 * 24 * 60 * 60 * 1000`**, `1209600000` (14 days) | Cookie session life time in milliseconds. |
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ module.exports = {
|
|||
allowAnonymousEdits: false,
|
||||
allowFreeURL: false,
|
||||
requireFreeURLAuthentication: false,
|
||||
disableNoteCreation: false,
|
||||
forbiddenNoteIDs: ['robots.txt', 'favicon.ico', 'api', 'build', 'css', 'docs', 'fonts', 'js', 'uploads', 'vendor', 'views'],
|
||||
defaultPermission: 'editable',
|
||||
dbURL: '',
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ module.exports = {
|
|||
allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS),
|
||||
allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL),
|
||||
requireFreeURLAuthentication: toBooleanConfig(process.env.CMD_REQUIRE_FREEURL_AUTHENTICATION),
|
||||
disableNoteCreation: toBooleanConfig(process.env.CMD_DISABLE_NOTE_CREATION),
|
||||
forbiddenNoteIDs: toArrayConfig(process.env.CMD_FORBIDDEN_NOTE_IDS),
|
||||
defaultPermission: process.env.CMD_DEFAULT_PERMISSION,
|
||||
dbURL: process.env.CMD_DB_URL,
|
||||
|
|
|
|||
|
|
@ -82,6 +82,9 @@ exports.showNote = function (req, res, next) {
|
|||
}
|
||||
|
||||
exports.createFromPOST = function (req, res, next) {
|
||||
if (config.disableNoteCreation) {
|
||||
return errors.errorForbidden(res)
|
||||
}
|
||||
let body = ''
|
||||
if (req.body && req.body.length > config.documentMaxLength) {
|
||||
return errors.errorTooLong(res)
|
||||
|
|
|
|||
|
|
@ -19,8 +19,12 @@ exports.findNote = function (req, res, callback, include = null, createIfNotFoun
|
|||
include: include || null
|
||||
}).then(function (note) {
|
||||
if (!note && createIfNotFound) {
|
||||
if (config.disableNoteCreation) {
|
||||
return errors.errorNotFound(res)
|
||||
} else {
|
||||
return exports.newNote(req, res, '')
|
||||
}
|
||||
}
|
||||
if (!note && !createIfNotFound) {
|
||||
return errors.errorNotFound(res)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
|
||||
### Enhancements
|
||||
- Add a pointer to Mermaid 9.1.7 documentation, which is what HedgeDoc 1 supports.
|
||||
- Add `disableNoteCreation` config option for read-only instances
|
||||
|
||||
### Bugfixes
|
||||
- Fix a crash when having numeric-only values in opengraph frontmatter
|
||||
|
|
|
|||
|
|
@ -22,8 +22,10 @@
|
|||
<i class="fa fa-caret-down"></i>
|
||||
</a>
|
||||
<ul class="dropdown-menu list" role="menu" aria-labelledby="menu">
|
||||
<% if (!disableNoteCreation) { %>
|
||||
<li role="presentation"><a role="menuitem" class="ui-new" tabindex="-1" href="<%- serverURL %>/new" target="_blank" rel="noopener"><i class="fa fa-plus fa-fw"></i> <%= __('New') %></a>
|
||||
</li>
|
||||
<% } %>
|
||||
<li role="presentation"><a role="menuitem" class="ui-publish" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-share-square-o fa-fw"></i> <%= __('Publish') %></a>
|
||||
</li>
|
||||
<li class="divider"></li>
|
||||
|
|
@ -112,11 +114,13 @@
|
|||
</li>
|
||||
</ul>
|
||||
<ul class="nav navbar-nav navbar-right" style="padding:0;">
|
||||
<% if (!disableNoteCreation) { %>
|
||||
<li>
|
||||
<a href="<%- serverURL %>/new" target="_blank" rel="noopener" class="ui-new">
|
||||
<i class="fa fa-plus"></i> <%= __('New') %>
|
||||
</a>
|
||||
</li>
|
||||
<% } %>
|
||||
<li>
|
||||
<a href="#" target="_blank" rel="noopener" class="ui-publish">
|
||||
<i class="fa fa-share-square-o"></i> <%= __('Publish') %>
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
<li class="ui-history<% if(signin) { %> active<% } %>"><a href="#"><%= __('History') %></a>
|
||||
</li>
|
||||
<div class="ui-signin" style="float: right; margin-top: 8px;<% if(signin) { %> display: none;<% } %>">
|
||||
<% if (allowAnonymous) { %>
|
||||
<% if (allowAnonymous && !disableNoteCreation) { %>
|
||||
<a type="button" href="<%- serverURL %>/new" class="btn btn-sm btn-primary"><i class="fa fa-plus"></i> <%= __('New guest note') %></a>
|
||||
<% } %>
|
||||
<% if (authProviders.facebook || authProviders.twitter || authProviders.github || authProviders.gitlab || authProviders.mattermost || authProviders.dropbox || authProviders.google || authProviders.ldap || authProviders.saml || authProviders.oauth2 || authProviders.email) { %>
|
||||
|
|
@ -20,7 +20,9 @@
|
|||
<% } %>
|
||||
</div>
|
||||
<div class="ui-signout" style="float: right; margin-top: 8px;<% if(!signin) { %> display: none;<% } %>">
|
||||
<% if (!disableNoteCreation) { %>
|
||||
<a type="button" href="<%- serverURL %>/new" class="btn btn-sm btn-primary"><i class="fa fa-plus"></i> <%= __('New note') %></a>
|
||||
<% } %>
|
||||
<span class="ui-profile dropdown pull-right">
|
||||
<button id="profileLabel" class="btn btn-sm btn-link ui-profile-label" style="padding-right: 0;" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
|
||||
<img class="ui-avatar" width="20" height="20"><span class="hidden-xs hidden-sm"> <span class="ui-name"></span></span> <i class="fa fa-caret-down"></i>
|
||||
|
|
|
|||
Loading…
Reference in a new issue