Disallow creation of robots.txt in freeurl

Add a configuration setting to "hard"-disable creation of notes as set by the configuration value. This defaults to `['robots.txt', 'favicon.ico']`, because these files are often accidentally created by bots and browsers. This commit fixes #1052. Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
author: Daan Sprenkels 2018-11-13 00:14:25 +0100
committer: Daan Sprenkels 2018-11-17 13:23:03 +0100
commit: 4bd8d7eb91524cc936bc607f8291804689de35ea (patch)
tree: 8f3137af224c4af7507a2cfb200b2bd1298086f7 /lib/config
parent: 54d3d930cf39c2a3bec422d858cbac20ad8118eb (diff)
2 files changed, 2 insertions, 0 deletions
diff --git a/lib/config/default.js b/lib/config/default.js
index 15f11aaa..c04bda3c 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -31,6 +31,7 @@ module.exports = {
   allowAnonymous: true,
   allowAnonymousEdits: false,
   allowFreeURL: false,
+  forbiddenNoteIDs: ['robots.txt', 'favicon.ico', 'api'],
   defaultPermission: 'editable',
   dbURL: '',
   db: {},
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 0c7c9a4f..8526e3ee 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -27,6 +27,7 @@ module.exports = {
   allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS),
   allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS),
   allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL),
+  forbiddenNoteIDs: toArrayConfig(process.env.CMD_FORBIDDEN_NOTE_IDS),
   defaultPermission: process.env.CMD_DEFAULT_PERMISSION,
   dbURL: process.env.CMD_DB_URL,
   sessionSecret: process.env.CMD_SESSION_SECRET,
author	Daan Sprenkels	2018-11-13 00:14:25 +0100
committer	Daan Sprenkels	2018-11-17 13:23:03 +0100
commit	4bd8d7eb91524cc936bc607f8291804689de35ea (patch)
tree	8f3137af224c4af7507a2cfb200b2bd1298086f7 /lib/config
parent	54d3d930cf39c2a3bec422d858cbac20ad8118eb (diff)