Merge pull request #755 from nidico/issue-754-config-require-freeurl-authentication

2024-11-26 03:33:58 -05:00 · 2021-01-25 23:53:04 +01:00 · 2021-01-25 23:53:04 +01:00 · dfd710982a
commit dfd710982a
parent 1ded386421 ad056d7dbb
4 changed files with 9 additions and 4 deletions
--- a/docs/content/configuration.md
+++ b/docs/content/configuration.md
@ -96,6 +96,7 @@ these are rarely used for various reasons.
 | `allowAnonymous`      | `CMD_ALLOW_ANONYMOUS`       | **`true`** or `false`                                                   | Set to allow anonymous usage (default is `true`).                                                                                                              |
 | `allowAnonymousEdits` | `CMD_ALLOW_ANONYMOUS_EDITS` | **`false`** or `true`                                                   | If `allowAnonymous` is `false`: allow users to select `freely` permission, allowing guests to edit existing notes (default is `false`).                        |
 | `allowFreeURL`        | `CMD_ALLOW_FREEURL`         | **`false`** or `true`                                                   | Set to allow new note creation by accessing a nonexistent note URL. This is the behavior familiar from [Etherpad](https://github.com/ether/etherpad-lite).     |
+| `requireFreeURLAuthentication`        | `CMD_REQUIRE_FREEURL_AUTHENTICATION`         | **`false`** or `true`                            | Set to require authentication for FreeURL mode style note creation. |
 | `defaultPermission`   | `CMD_DEFAULT_PERMISSION`    | **`editable`**, `freely`, `limited`, `locked`, `protected` or `private` | Set notes default permission (only applied on signed-in users).                                                                                                |
 | `sessionName`         |                             | **`connect.sid`**                                                       | Cookie session name.                                                                                                                                           |
 | `sessionLife`         | `CMD_SESSION_LIFE`          | **`14 * 24 * 60 * 60 * 1000`**, `1209600000` (14 days)                  | Cookie session life time in milliseconds.                                                                                                                      |
--- a/lib/config/default.js
+++ b/lib/config/default.js
@ -33,6 +33,7 @@ module.exports = {
  allowAnonymous: true,
  allowAnonymousEdits: false,
  allowFreeURL: false,
+  requireFreeURLAuthentication: false,
  forbiddenNoteIDs: ['robots.txt', 'favicon.ico', 'api', 'build', 'css', 'docs', 'fonts', 'js', 'uploads', 'vendor', 'views'],
  defaultPermission: 'editable',
  dbURL: '',
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@ -29,6 +29,7 @@ module.exports = {
  allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS),
  allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS),
  allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL),
+  requireFreeURLAuthentication: toBooleanConfig(process.env.CMD_REQUIRE_FREEURL_AUTHENTICATION),
  forbiddenNoteIDs: toArrayConfig(process.env.CMD_FORBIDDEN_NOTE_IDS),
  defaultPermission: process.env.CMD_DEFAULT_PERMISSION,
  dbURL: process.env.CMD_DB_URL,
--- a/lib/web/note/util.js
+++ b/lib/web/note/util.js
@ -51,10 +51,12 @@ exports.newNote = function (req, res, body) {
  } else if (!config.allowAnonymous) {
    return errors.errorForbidden(res)
  }
-  if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {
-    req.alias = noteId
-  } else if (noteId) {
-    return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
+  if (noteId) {
+    if (config.allowFreeURL && !config.forbiddenNoteIDs.includes(noteId) && (!config.requireFreeURLAuthentication || req.isAuthenticated())) {
+      req.alias = noteId
+    } else {
+      return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
+    }
  }
  models.Note.create({
    ownerId: owner,