diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/config/default.js | 9 | ||||
-rw-r--r-- | lib/config/environment.js | 9 | ||||
-rw-r--r-- | lib/config/index.js | 4 | ||||
-rwxr-xr-x | lib/response.js | 11 |
4 files changed, 28 insertions, 5 deletions
diff --git a/lib/config/default.js b/lib/config/default.js index a14a4294..e7e2e4b3 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -7,6 +7,12 @@ module.exports = { urladdport: false, alloworigin: ['localhost'], usessl: false, + hsts: { + enable: true, + maxAgeSeconds: 31536000, + includeSubdomains: true, + preload: true + }, protocolusessl: false, usecdn: true, allowanonymous: true, @@ -88,5 +94,6 @@ module.exports = { tlsca: undefined }, email: true, - allowemailregister: true + allowemailregister: true, + allowpdfexport: true } diff --git a/lib/config/environment.js b/lib/config/environment.js index c108a6f9..6f33d140 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -8,6 +8,12 @@ module.exports = { port: process.env.HMD_PORT, urladdport: toBooleanConfig(process.env.HMD_URL_ADDPORT), usessl: toBooleanConfig(process.env.HMD_USESSL), + hsts: { + enable: toBooleanConfig(process.env.HMD_HSTS_ENABLE), + maxAgeSeconds: process.env.HMD_HSTS_MAX_AGE, + includeSubdomains: toBooleanConfig(process.env.HMD_HSTS_INCLUDE_SUBDOMAINS), + preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD) + }, protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL), alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined, usecdn: toBooleanConfig(process.env.HMD_USECDN), @@ -63,5 +69,6 @@ module.exports = { tlsca: process.env.HMD_LDAP_TLS_CA }, email: toBooleanConfig(process.env.HMD_EMAIL), - allowemailregister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER) + allowemailregister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER), + allowpdfexport: toBooleanConfig(process.env.HMD_ALLOW_PDF_EXPORT) } diff --git a/lib/config/index.js b/lib/config/index.js index bea5a6af..dfad28ed 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -1,3 +1,4 @@ + 'use strict' const fs = require('fs') @@ -90,6 +91,7 @@ config.isEmailEnable = config.email config.isGitHubEnable = config.github.clientID && config.github.clientSecret config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret config.isLDAPEnable = config.ldap.url +config.isPDFExportEnable = config.allowpdfexport // generate correct path config.sslcapath = path.join(appRootPath, config.sslcapath) @@ -106,7 +108,7 @@ config.errorpath = path.join(appRootPath, config.errorpath) config.prettypath = path.join(appRootPath, config.prettypath) config.slidepath = path.join(appRootPath, config.slidepath) -// maek config readonly +// make config readonly config = deepFreeze(config) module.exports = config diff --git a/lib/response.js b/lib/response.js index a22d1e70..9e39ffb5 100755 --- a/lib/response.js +++ b/lib/response.js @@ -69,6 +69,7 @@ function showIndex (req, res, next) { ldap: config.isLDAPEnable, email: config.isEmailEnable, allowemailregister: config.allowemailregister, + allowpdfexport: config.allowpdfexport, signin: req.isAuthenticated(), infoMessage: req.flash('info'), errorMessage: req.flash('error') @@ -98,7 +99,8 @@ function responseHackMD (res, note) { google: config.isGoogleEnable, ldap: config.isLDAPEnable, email: config.isEmailEnable, - allowemailregister: config.allowemailregister + allowemailregister: config.allowemailregister, + allowpdfexport: config.allowpdfexport }) } @@ -382,7 +384,12 @@ function noteActions (req, res, next) { actionInfo(req, res, note) break case 'pdf': - actionPDF(req, res, note) + if (config.allowpdfexport) { + actionPDF(req, res, note) + } else { + logger.error('PDF export failed: Disabled by config. Set "allowpdfexport: true" to enable. Check the documentation for details') + response.errorForbidden(res) + } break case 'gist': actionGist(req, res, note) |