diff options
author | 蒼時弦也 | 2017-01-05 22:36:40 +0800 |
---|---|---|
committer | 蒼時弦也 | 2017-01-05 22:36:40 +0800 |
commit | aaf1ff4b2f5ae7ae3a5e4e4a202422484503f559 (patch) | |
tree | 91772db04e1059d29d70c8f27ff5911e14361c4f | |
parent | 23a12dd927b66880fa991b377d450455851b69a9 (diff) |
Add limit for constrain anonymous view note
-rw-r--r-- | lib/config.js | 2 | ||||
-rwxr-xr-x | lib/response.js | 6 |
2 files changed, 5 insertions, 3 deletions
diff --git a/lib/config.js b/lib/config.js index 53497f1f..1f14dd60 100644 --- a/lib/config.js +++ b/lib/config.js @@ -20,6 +20,7 @@ var urladdport = process.env.HMD_URL_ADDPORT ? (process.env.HMD_URL_ADDPORT === var usecdn = process.env.HMD_USECDN ? (process.env.HMD_USECDN === 'true') : ((typeof config.usecdn === 'boolean') ? config.usecdn : true); var allowanonymous = process.env.HMD_ALLOW_ANONYMOUS ? (process.env.HMD_ALLOW_ANONYMOUS === 'true') : ((typeof config.allowanonymous === 'boolean') ? config.allowanonymous : true); +var allowanonymousView = process.env.HMD_ALLOW_ANONYMOUS_VIEW ? (process.env.HMD_ALLOW_ANONYMOUS_VIEW === 'true') : ((typeof config.allowanonymousView === 'boolean') ? config.allowanonymousView : true); var allowfreeurl = process.env.HMD_ALLOW_FREEURL ? (process.env.HMD_ALLOW_FREEURL === 'true') : !!config.allowfreeurl; @@ -128,6 +129,7 @@ module.exports = { serverurl: getserverurl(), usecdn: usecdn, allowanonymous: allowanonymous, + allowanonymousView: allowanonymousView, allowfreeurl: allowfreeurl, dburl: dburl, db: db, diff --git a/lib/response.js b/lib/response.js index a0dc8b1f..69854815 100755 --- a/lib/response.js +++ b/lib/response.js @@ -117,7 +117,7 @@ function newNote(req, res, next) { } function checkViewPermission(req, note) { - if (note.permission == 'private') { + if (note.permission == 'private' || !config.allowanonymousView) { if (!req.isAuthenticated() || note.ownerId != req.user.id) return false; else @@ -161,7 +161,7 @@ function showNote(req, res, next) { findNote(req, res, function (note) { // force to use note id var noteId = req.params.noteId; - var id = LZString.compressToBase64(note.id); + var id = LZString.compressToBase64(note.id); if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id)) return res.redirect(config.serverurl + "/" + (note.alias || id)); return responseHackMD(res, note); @@ -413,7 +413,7 @@ function publishSlideActions(req, res, next) { res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id))); break; default: - res.redirect(config.serverurl + '/p/' + note.shortid); + res.redirect(config.serverurl + '/p/' + note.shortid); break; } }); |