summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
author蒼時弦也2017-01-05 22:36:40 +0800
committer蒼時弦也2017-01-05 22:36:40 +0800
commitaaf1ff4b2f5ae7ae3a5e4e4a202422484503f559 (patch)
tree91772db04e1059d29d70c8f27ff5911e14361c4f /lib
parent23a12dd927b66880fa991b377d450455851b69a9 (diff)
Add limit for constrain anonymous view note
Diffstat (limited to 'lib')
-rw-r--r--lib/config.js2
-rwxr-xr-xlib/response.js6
2 files changed, 5 insertions, 3 deletions
diff --git a/lib/config.js b/lib/config.js
index 53497f1f..1f14dd60 100644
--- a/lib/config.js
+++ b/lib/config.js
@@ -20,6 +20,7 @@ var urladdport = process.env.HMD_URL_ADDPORT ? (process.env.HMD_URL_ADDPORT ===
var usecdn = process.env.HMD_USECDN ? (process.env.HMD_USECDN === 'true') : ((typeof config.usecdn === 'boolean') ? config.usecdn : true);
var allowanonymous = process.env.HMD_ALLOW_ANONYMOUS ? (process.env.HMD_ALLOW_ANONYMOUS === 'true') : ((typeof config.allowanonymous === 'boolean') ? config.allowanonymous : true);
+var allowanonymousView = process.env.HMD_ALLOW_ANONYMOUS_VIEW ? (process.env.HMD_ALLOW_ANONYMOUS_VIEW === 'true') : ((typeof config.allowanonymousView === 'boolean') ? config.allowanonymousView : true);
var allowfreeurl = process.env.HMD_ALLOW_FREEURL ? (process.env.HMD_ALLOW_FREEURL === 'true') : !!config.allowfreeurl;
@@ -128,6 +129,7 @@ module.exports = {
serverurl: getserverurl(),
usecdn: usecdn,
allowanonymous: allowanonymous,
+ allowanonymousView: allowanonymousView,
allowfreeurl: allowfreeurl,
dburl: dburl,
db: db,
diff --git a/lib/response.js b/lib/response.js
index a0dc8b1f..69854815 100755
--- a/lib/response.js
+++ b/lib/response.js
@@ -117,7 +117,7 @@ function newNote(req, res, next) {
}
function checkViewPermission(req, note) {
- if (note.permission == 'private') {
+ if (note.permission == 'private' || !config.allowanonymousView) {
if (!req.isAuthenticated() || note.ownerId != req.user.id)
return false;
else
@@ -161,7 +161,7 @@ function showNote(req, res, next) {
findNote(req, res, function (note) {
// force to use note id
var noteId = req.params.noteId;
- var id = LZString.compressToBase64(note.id);
+ var id = LZString.compressToBase64(note.id);
if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id))
return res.redirect(config.serverurl + "/" + (note.alias || id));
return responseHackMD(res, note);
@@ -413,7 +413,7 @@ function publishSlideActions(req, res, next) {
res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)));
break;
default:
- res.redirect(config.serverurl + '/p/' + note.shortid);
+ res.redirect(config.serverurl + '/p/' + note.shortid);
break;
}
});