summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDavid Mehren2021-01-25 23:53:04 +0100
committerGitHub2021-01-25 23:53:04 +0100
commitdfd710982a5b53055a1a327e5ee35bd29de3f5bb (patch)
treecf59ee7e371e93fe4b18f03aeff6cf9dabc47868 /lib
parent1ded38642129d7542fc5e3db98891f7a773d7741 (diff)
parentad056d7dbbe0c0bf6cb8d390f88d5e47a288cae1 (diff)
Merge pull request #755 from nidico/issue-754-config-require-freeurl-authentication
Diffstat (limited to '')
-rw-r--r--lib/config/default.js1
-rw-r--r--lib/config/environment.js1
-rw-r--r--lib/web/note/util.js10
3 files changed, 8 insertions, 4 deletions
diff --git a/lib/config/default.js b/lib/config/default.js
index fe9b7059..ed812f45 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -33,6 +33,7 @@ module.exports = {
allowAnonymous: true,
allowAnonymousEdits: false,
allowFreeURL: false,
+ requireFreeURLAuthentication: false,
forbiddenNoteIDs: ['robots.txt', 'favicon.ico', 'api', 'build', 'css', 'docs', 'fonts', 'js', 'uploads', 'vendor', 'views'],
defaultPermission: 'editable',
dbURL: '',
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 2a2c5fbb..e03bac8a 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -29,6 +29,7 @@ module.exports = {
allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS),
allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS),
allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL),
+ requireFreeURLAuthentication: toBooleanConfig(process.env.CMD_REQUIRE_FREEURL_AUTHENTICATION),
forbiddenNoteIDs: toArrayConfig(process.env.CMD_FORBIDDEN_NOTE_IDS),
defaultPermission: process.env.CMD_DEFAULT_PERMISSION,
dbURL: process.env.CMD_DB_URL,
diff --git a/lib/web/note/util.js b/lib/web/note/util.js
index 9c6c1c8a..57438515 100644
--- a/lib/web/note/util.js
+++ b/lib/web/note/util.js
@@ -51,10 +51,12 @@ exports.newNote = function (req, res, body) {
} else if (!config.allowAnonymous) {
return errors.errorForbidden(res)
}
- if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {
- req.alias = noteId
- } else if (noteId) {
- return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
+ if (noteId) {
+ if (config.allowFreeURL && !config.forbiddenNoteIDs.includes(noteId) && (!config.requireFreeURLAuthentication || req.isAuthenticated())) {
+ req.alias = noteId
+ } else {
+ return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
+ }
}
models.Note.create({
ownerId: owner,