diff options
| author | David Mehren | 2021-01-25 23:53:04 +0100 |
|---|---|---|
| committer | GitHub | 2021-01-25 23:53:04 +0100 |
| commit | dfd710982a5b53055a1a327e5ee35bd29de3f5bb (patch) | |
| tree | cf59ee7e371e93fe4b18f03aeff6cf9dabc47868 /lib | |
| parent | 1ded38642129d7542fc5e3db98891f7a773d7741 (diff) | |
| parent | ad056d7dbbe0c0bf6cb8d390f88d5e47a288cae1 (diff) | |
Merge pull request #755 from nidico/issue-754-config-require-freeurl-authentication
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/config/default.js | 1 | ||||
| -rw-r--r-- | lib/config/environment.js | 1 | ||||
| -rw-r--r-- | lib/web/note/util.js | 10 |
3 files changed, 8 insertions, 4 deletions
diff --git a/lib/config/default.js b/lib/config/default.js index fe9b7059..ed812f45 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -33,6 +33,7 @@ module.exports = { allowAnonymous: true, allowAnonymousEdits: false, allowFreeURL: false, + requireFreeURLAuthentication: false, forbiddenNoteIDs: ['robots.txt', 'favicon.ico', 'api', 'build', 'css', 'docs', 'fonts', 'js', 'uploads', 'vendor', 'views'], defaultPermission: 'editable', dbURL: '', diff --git a/lib/config/environment.js b/lib/config/environment.js index 2a2c5fbb..e03bac8a 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -29,6 +29,7 @@ module.exports = { allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS), allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS), allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL), + requireFreeURLAuthentication: toBooleanConfig(process.env.CMD_REQUIRE_FREEURL_AUTHENTICATION), forbiddenNoteIDs: toArrayConfig(process.env.CMD_FORBIDDEN_NOTE_IDS), defaultPermission: process.env.CMD_DEFAULT_PERMISSION, dbURL: process.env.CMD_DB_URL, diff --git a/lib/web/note/util.js b/lib/web/note/util.js index 9c6c1c8a..57438515 100644 --- a/lib/web/note/util.js +++ b/lib/web/note/util.js @@ -51,10 +51,12 @@ exports.newNote = function (req, res, body) { } else if (!config.allowAnonymous) { return errors.errorForbidden(res) } - if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) { - req.alias = noteId - } else if (noteId) { - return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res) + if (noteId) { + if (config.allowFreeURL && !config.forbiddenNoteIDs.includes(noteId) && (!config.requireFreeURLAuthentication || req.isAuthenticated())) { + req.alias = noteId + } else { + return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res) + } } models.Note.create({ ownerId: owner, |