summaryrefslogtreecommitdiff
path: root/lib/web/note
diff options
context:
space:
mode:
authorDavid Mehren2021-01-25 23:53:04 +0100
committerGitHub2021-01-25 23:53:04 +0100
commitdfd710982a5b53055a1a327e5ee35bd29de3f5bb (patch)
treecf59ee7e371e93fe4b18f03aeff6cf9dabc47868 /lib/web/note
parent1ded38642129d7542fc5e3db98891f7a773d7741 (diff)
parentad056d7dbbe0c0bf6cb8d390f88d5e47a288cae1 (diff)
Merge pull request #755 from nidico/issue-754-config-require-freeurl-authentication
Diffstat (limited to 'lib/web/note')
-rw-r--r--lib/web/note/util.js10
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/web/note/util.js b/lib/web/note/util.js
index 9c6c1c8a..57438515 100644
--- a/lib/web/note/util.js
+++ b/lib/web/note/util.js
@@ -51,10 +51,12 @@ exports.newNote = function (req, res, body) {
} else if (!config.allowAnonymous) {
return errors.errorForbidden(res)
}
- if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {
- req.alias = noteId
- } else if (noteId) {
- return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
+ if (noteId) {
+ if (config.allowFreeURL && !config.forbiddenNoteIDs.includes(noteId) && (!config.requireFreeURLAuthentication || req.isAuthenticated())) {
+ req.alias = noteId
+ } else {
+ return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
+ }
}
models.Note.create({
ownerId: owner,