diff options
author | Christoph (Sheogorath) Kern | 2018-11-17 13:30:06 +0100 |
---|---|---|
committer | GitHub | 2018-11-17 13:30:06 +0100 |
commit | 5f0d04334b5aaf6d8e61b99f07b63a2cc05c2ee2 (patch) | |
tree | f73a1558f611db637e2e1d8e57f66ed4c2437df2 | |
parent | 6f7fd74b1aad24de2bb62eb2f80e02b94a1168cd (diff) | |
parent | 4bd8d7eb91524cc936bc607f8291804689de35ea (diff) |
Merge pull request #1053 from dsprenkels/robots.txt
Disallow creation of robots.txt in freeurl
Diffstat (limited to '')
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | lib/config/default.js | 1 | ||||
-rw-r--r-- | lib/config/environment.js | 1 | ||||
-rw-r--r-- | lib/response.js | 2 |
4 files changed, 5 insertions, 1 deletions
@@ -185,6 +185,7 @@ There are some config settings you need to change in the files below. | `CMD_ALLOW_ANONYMOUS` | `true` or `false` | set to allow anonymous usage (default is `true`) | | `CMD_ALLOW_ANONYMOUS_EDITS` | `true` or `false` | if `allowAnonymous` is `true`, allow users to select `freely` permission, allowing guests to edit existing notes (default is `false`) | | `CMD_ALLOW_FREEURL` | `true` or `false` | set to allow new note creation by accessing a nonexistent note URL | +| `CMD_FORBIDDEN_NODE_IDS` | `'robots.txt'` | disallow creation of notes, even if `CMD_ALLOW_FREEURL` is `true` | | `CMD_DEFAULT_PERMISSION` | `freely`, `editable`, `limited`, `locked` or `private` | set notes default permission (only applied on signed users) | | `CMD_DB_URL` | `mysql://localhost:3306/database` | set the database URL | | `CMD_SESSION_SECRET` | no example | Secret used to sign the session cookie. If non is set, one will randomly generated on startup | @@ -284,6 +285,7 @@ There are some config settings you need to change in the files below. | `allowAnonymous` | `true` or `false` | set to allow anonymous usage (default is `true`) | | `allowAnonymousEdits` | `true` or `false` | if `allowAnonymous` is `true`: allow users to select `freely` permission, allowing guests to edit existing notes (default is `false`) | | `allowFreeURL` | `true` or `false` | set to allow new note creation by accessing a nonexistent note URL | +| `forbiddenNoteIDs` | `['robots.txt']` | disallow creation of notes, even if `allowFreeUrl` is `true` | | `defaultPermission` | `freely`, `editable`, `limited`, `locked`, `protected` or `private` | set notes default permission (only applied on signed users) | | `dbURL` | `mysql://localhost:3306/database` | set the db URL; if set, then db config (below) won't be applied | | `db` | `{ "dialect": "sqlite", "storage": "./db.codimd.sqlite" }` | set the db configs, [see more here](http://sequelize.readthedocs.org/en/latest/api/sequelize/) | diff --git a/lib/config/default.js b/lib/config/default.js index 71375b98..d7a8f471 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -32,6 +32,7 @@ module.exports = { allowAnonymous: true, allowAnonymousEdits: false, allowFreeURL: false, + forbiddenNoteIDs: ['robots.txt', 'favicon.ico', 'api'], defaultPermission: 'editable', dbURL: '', db: {}, diff --git a/lib/config/environment.js b/lib/config/environment.js index 4220e54d..a57fe0db 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -28,6 +28,7 @@ module.exports = { allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS), allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS), allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL), + forbiddenNoteIDs: toArrayConfig(process.env.CMD_FORBIDDEN_NOTE_IDS), defaultPermission: process.env.CMD_DEFAULT_PERMISSION, dbURL: process.env.CMD_DB_URL, sessionSecret: process.env.CMD_SESSION_SECRET, diff --git a/lib/response.js b/lib/response.js index 671aa120..b94f473a 100644 --- a/lib/response.js +++ b/lib/response.js @@ -157,7 +157,7 @@ function findNote (req, res, callback, include) { include: include || null }).then(function (note) { if (!note) { - if (config.allowFreeURL && noteId) { + if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) { req.alias = noteId return newNote(req, res) } else { |