diff options
Diffstat (limited to '')
-rw-r--r-- | lib/config.js | 3 | ||||
-rw-r--r-- | lib/realtime.js | 1 | ||||
-rwxr-xr-x | lib/response.js | 4 |
3 files changed, 8 insertions, 0 deletions
diff --git a/lib/config.js b/lib/config.js index 669fcaa8..fb8d1907 100644 --- a/lib/config.js +++ b/lib/config.js @@ -19,6 +19,8 @@ var urladdport = process.env.HMD_URL_ADDPORT ? (process.env.HMD_URL_ADDPORT === var usecdn = process.env.HMD_USECDN ? (process.env.HMD_USECDN === 'true') : ((typeof config.usecdn === 'boolean') ? config.usecdn : true); +var allowanonmyous = process.env.HMD_ALLOW_ANONMYOUS ? (process.env.HMD_ALLOW_ANONMYOUS === 'true') : ((typeof config.allowanonmyous === 'boolean') ? config.allowanonmyous : true); + // db var db = config.db || { dialect: 'sqlite', @@ -125,6 +127,7 @@ module.exports = { usessl: usessl, serverurl: getserverurl(), usecdn: usecdn, + allowanonmyous: allowanonmyous, db: db, sslkeypath: path.join(cwd, sslkeypath), sslcertpath: path.join(cwd, sslcertpath), diff --git a/lib/realtime.js b/lib/realtime.js index 73f831f4..0b9e0c77 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -763,6 +763,7 @@ function connection(socket) { var note = notes[noteId]; //Only owner can change permission if (note.owner && note.owner == socket.request.user.id) { + if (permission == 'freely' && !config.allowanonmyous) return; note.permission = permission; models.Note.update({ permission: permission diff --git a/lib/response.js b/lib/response.js index aae39851..3f837e71 100755 --- a/lib/response.js +++ b/lib/response.js @@ -60,6 +60,7 @@ function showIndex(req, res, next) { res.render(config.indexpath, { url: config.serverurl, useCDN: config.usecdn, + allowAnonmyous: config.allowanonmyous, facebook: config.facebook, twitter: config.twitter, github: config.github, @@ -92,6 +93,7 @@ function responseHackMD(res, note) { url: config.serverurl, title: title, useCDN: config.usecdn, + allowAnonmyous: config.allowanonmyous, facebook: config.facebook, twitter: config.twitter, github: config.github, @@ -106,6 +108,8 @@ function newNote(req, res, next) { var owner = null; if (req.isAuthenticated()) { owner = req.user.id; + } else if (!config.allowanonmyous) { + return response.errorForbidden(res); } models.Note.create({ ownerId: owner |