mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-29 20:14:31 -05:00
Merge pull request #755 from nidico/issue-754-config-require-freeurl-authentication
This commit is contained in:
commit
dfd710982a
4 changed files with 9 additions and 4 deletions
|
@ -96,6 +96,7 @@ these are rarely used for various reasons.
|
|||
| `allowAnonymous` | `CMD_ALLOW_ANONYMOUS` | **`true`** or `false` | Set to allow anonymous usage (default is `true`). |
|
||||
| `allowAnonymousEdits` | `CMD_ALLOW_ANONYMOUS_EDITS` | **`false`** or `true` | If `allowAnonymous` is `false`: allow users to select `freely` permission, allowing guests to edit existing notes (default is `false`). |
|
||||
| `allowFreeURL` | `CMD_ALLOW_FREEURL` | **`false`** or `true` | Set to allow new note creation by accessing a nonexistent note URL. This is the behavior familiar from [Etherpad](https://github.com/ether/etherpad-lite). |
|
||||
| `requireFreeURLAuthentication` | `CMD_REQUIRE_FREEURL_AUTHENTICATION` | **`false`** or `true` | Set to require authentication for FreeURL mode style note creation. |
|
||||
| `defaultPermission` | `CMD_DEFAULT_PERMISSION` | **`editable`**, `freely`, `limited`, `locked`, `protected` or `private` | Set notes default permission (only applied on signed-in users). |
|
||||
| `sessionName` | | **`connect.sid`** | Cookie session name. |
|
||||
| `sessionLife` | `CMD_SESSION_LIFE` | **`14 * 24 * 60 * 60 * 1000`**, `1209600000` (14 days) | Cookie session life time in milliseconds. |
|
||||
|
|
|
@ -33,6 +33,7 @@ module.exports = {
|
|||
allowAnonymous: true,
|
||||
allowAnonymousEdits: false,
|
||||
allowFreeURL: false,
|
||||
requireFreeURLAuthentication: false,
|
||||
forbiddenNoteIDs: ['robots.txt', 'favicon.ico', 'api', 'build', 'css', 'docs', 'fonts', 'js', 'uploads', 'vendor', 'views'],
|
||||
defaultPermission: 'editable',
|
||||
dbURL: '',
|
||||
|
|
|
@ -29,6 +29,7 @@ module.exports = {
|
|||
allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS),
|
||||
allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS),
|
||||
allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL),
|
||||
requireFreeURLAuthentication: toBooleanConfig(process.env.CMD_REQUIRE_FREEURL_AUTHENTICATION),
|
||||
forbiddenNoteIDs: toArrayConfig(process.env.CMD_FORBIDDEN_NOTE_IDS),
|
||||
defaultPermission: process.env.CMD_DEFAULT_PERMISSION,
|
||||
dbURL: process.env.CMD_DB_URL,
|
||||
|
|
|
@ -51,10 +51,12 @@ exports.newNote = function (req, res, body) {
|
|||
} else if (!config.allowAnonymous) {
|
||||
return errors.errorForbidden(res)
|
||||
}
|
||||
if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {
|
||||
req.alias = noteId
|
||||
} else if (noteId) {
|
||||
return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
|
||||
if (noteId) {
|
||||
if (config.allowFreeURL && !config.forbiddenNoteIDs.includes(noteId) && (!config.requireFreeURLAuthentication || req.isAuthenticated())) {
|
||||
req.alias = noteId
|
||||
} else {
|
||||
return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
|
||||
}
|
||||
}
|
||||
models.Note.create({
|
||||
ownerId: owner,
|
||||
|
|
Loading…
Reference in a new issue