From aaf1ff4b2f5ae7ae3a5e4e4a202422484503f559 Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Thu, 5 Jan 2017 22:36:40 +0800 Subject: Add limit for constrain anonymous view note --- lib/config.js | 2 ++ lib/response.js | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/config.js b/lib/config.js index 53497f1f..1f14dd60 100644 --- a/lib/config.js +++ b/lib/config.js @@ -20,6 +20,7 @@ var urladdport = process.env.HMD_URL_ADDPORT ? (process.env.HMD_URL_ADDPORT === var usecdn = process.env.HMD_USECDN ? (process.env.HMD_USECDN === 'true') : ((typeof config.usecdn === 'boolean') ? config.usecdn : true); var allowanonymous = process.env.HMD_ALLOW_ANONYMOUS ? (process.env.HMD_ALLOW_ANONYMOUS === 'true') : ((typeof config.allowanonymous === 'boolean') ? config.allowanonymous : true); +var allowanonymousView = process.env.HMD_ALLOW_ANONYMOUS_VIEW ? (process.env.HMD_ALLOW_ANONYMOUS_VIEW === 'true') : ((typeof config.allowanonymousView === 'boolean') ? config.allowanonymousView : true); var allowfreeurl = process.env.HMD_ALLOW_FREEURL ? (process.env.HMD_ALLOW_FREEURL === 'true') : !!config.allowfreeurl; @@ -128,6 +129,7 @@ module.exports = { serverurl: getserverurl(), usecdn: usecdn, allowanonymous: allowanonymous, + allowanonymousView: allowanonymousView, allowfreeurl: allowfreeurl, dburl: dburl, db: db, diff --git a/lib/response.js b/lib/response.js index a0dc8b1f..69854815 100755 --- a/lib/response.js +++ b/lib/response.js @@ -117,7 +117,7 @@ function newNote(req, res, next) { } function checkViewPermission(req, note) { - if (note.permission == 'private') { + if (note.permission == 'private' || !config.allowanonymousView) { if (!req.isAuthenticated() || note.ownerId != req.user.id) return false; else @@ -161,7 +161,7 @@ function showNote(req, res, next) { findNote(req, res, function (note) { // force to use note id var noteId = req.params.noteId; - var id = LZString.compressToBase64(note.id); + var id = LZString.compressToBase64(note.id); if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id)) return res.redirect(config.serverurl + "/" + (note.alias || id)); return responseHackMD(res, note); @@ -413,7 +413,7 @@ function publishSlideActions(req, res, next) { res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id))); break; default: - res.redirect(config.serverurl + '/p/' + note.shortid); + res.redirect(config.serverurl + '/p/' + note.shortid); break; } }); -- cgit v1.2.3 From 1fbecbb03d8e94d310885da7d26e1654c548c364 Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Thu, 5 Jan 2017 23:37:10 +0800 Subject: Fix anonymouse view permission check --- lib/response.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/response.js b/lib/response.js index 69854815..e8430d60 100755 --- a/lib/response.js +++ b/lib/response.js @@ -117,12 +117,15 @@ function newNote(req, res, next) { } function checkViewPermission(req, note) { - if (note.permission == 'private' || !config.allowanonymousView) { + if (note.permission == 'private') { if (!req.isAuthenticated() || note.ownerId != req.user.id) return false; else return true; } else { + if(!config.allowanonymousView && !req.isAuthenticated()) { + return false; + } return true; } } -- cgit v1.2.3 From 9a23fec2390101b6ef7333674e8a8a84f0ebb339 Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Fri, 6 Jan 2017 00:15:14 +0800 Subject: Update readme --- README.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index a2980ee4..29477b9b 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,8 @@ HackMD [![Join the chat at https://gitter.im/hackmdio/hackmd](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/hackmdio/hackmd?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) -HackMD lets you create realtime collaborative markdown notes on all platforms. -Inspired by Hackpad, with more focus on speed and flexibility. +HackMD lets you create realtime collaborative markdown notes on all platforms. +Inspired by Hackpad, with more focus on speed and flexibility. Still in the early stage, feel free to fork or contribute to HackMD. Thanks for using! :smile: @@ -12,7 +12,7 @@ Thanks for using! :smile: [docker-hackmd](https://github.com/hackmdio/docker-hackmd) --- -Before you go too far, here is the great docker repo for HackMD. +Before you go too far, here is the great docker repo for HackMD. With docker, you can deploy a server in minutes without any downtime. Heroku Deployment @@ -25,14 +25,14 @@ You can quickly setup a sample heroku hackmd application by clicking the button [migration-to-0.5.0](https://github.com/hackmdio/migration-to-0.5.0) --- -We don't use LZString to compress socket.io data and DB data after version 0.5.0. +We don't use LZString to compress socket.io data and DB data after version 0.5.0. Please run the migration tool if you're upgrading from the old version. [migration-to-0.4.0](https://github.com/hackmdio/migration-to-0.4.0) --- -We've dropped MongoDB after version 0.4.0. -So here is the migration tool for you to transfer the old DB data to the new DB. +We've dropped MongoDB after version 0.4.0. +So here is the migration tool for you to transfer the old DB data to the new DB. This tool is also used for official service. Browsers Requirement @@ -125,6 +125,7 @@ Environment variables (will overwrite other server configs) | HMD_URL_ADDPORT | `true` or `false` | set to add port on callback url (port 80 or 443 won't applied) (only applied when domain is set) | | HMD_USECDN | `true` or `false` | set to use CDN resources or not (default is `true`) | | HMD_ALLOW_ANONYMOUS | `true` or `false` | set to allow anonymous usage (default is `true`) | +| HMD_ALLOW_ANONYMOUS_VIEW | `true` or `false` | set to allow anonymous view note (default is `true`) | | HMD_ALLOW_FREEURL | `true` or `false` | set to allow new note by accessing not exist note url | | HMD_DB_URL | `mysql://localhost:3306/database` | set the db url | | HMD_FACEBOOK_CLIENTID | no example | Facebook API client id | @@ -213,9 +214,9 @@ Third-party integration oauth callback urls Operational Transformation --- -From 0.3.2, we started supporting operational transformation. -It makes concurrent editing safe and will not break up other users' operations. -Additionally, now can show other clients' selections. +From 0.3.2, we started supporting operational transformation. +It makes concurrent editing safe and will not break up other users' operations. +Additionally, now can show other clients' selections. See more at [http://operational-transformation.github.io/](http://operational-transformation.github.io/) **License under MIT.** -- cgit v1.2.3 From f8e5b547670e3eeb75af3249bb9ad1ee2f44e58f Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Tue, 10 Jan 2017 09:32:44 +0800 Subject: Remove temporary change --- README.md | 1 - lib/config.js | 2 -- lib/response.js | 3 --- 3 files changed, 6 deletions(-) diff --git a/README.md b/README.md index 29477b9b..6b473b57 100644 --- a/README.md +++ b/README.md @@ -125,7 +125,6 @@ Environment variables (will overwrite other server configs) | HMD_URL_ADDPORT | `true` or `false` | set to add port on callback url (port 80 or 443 won't applied) (only applied when domain is set) | | HMD_USECDN | `true` or `false` | set to use CDN resources or not (default is `true`) | | HMD_ALLOW_ANONYMOUS | `true` or `false` | set to allow anonymous usage (default is `true`) | -| HMD_ALLOW_ANONYMOUS_VIEW | `true` or `false` | set to allow anonymous view note (default is `true`) | | HMD_ALLOW_FREEURL | `true` or `false` | set to allow new note by accessing not exist note url | | HMD_DB_URL | `mysql://localhost:3306/database` | set the db url | | HMD_FACEBOOK_CLIENTID | no example | Facebook API client id | diff --git a/lib/config.js b/lib/config.js index 1f14dd60..53497f1f 100644 --- a/lib/config.js +++ b/lib/config.js @@ -20,7 +20,6 @@ var urladdport = process.env.HMD_URL_ADDPORT ? (process.env.HMD_URL_ADDPORT === var usecdn = process.env.HMD_USECDN ? (process.env.HMD_USECDN === 'true') : ((typeof config.usecdn === 'boolean') ? config.usecdn : true); var allowanonymous = process.env.HMD_ALLOW_ANONYMOUS ? (process.env.HMD_ALLOW_ANONYMOUS === 'true') : ((typeof config.allowanonymous === 'boolean') ? config.allowanonymous : true); -var allowanonymousView = process.env.HMD_ALLOW_ANONYMOUS_VIEW ? (process.env.HMD_ALLOW_ANONYMOUS_VIEW === 'true') : ((typeof config.allowanonymousView === 'boolean') ? config.allowanonymousView : true); var allowfreeurl = process.env.HMD_ALLOW_FREEURL ? (process.env.HMD_ALLOW_FREEURL === 'true') : !!config.allowfreeurl; @@ -129,7 +128,6 @@ module.exports = { serverurl: getserverurl(), usecdn: usecdn, allowanonymous: allowanonymous, - allowanonymousView: allowanonymousView, allowfreeurl: allowfreeurl, dburl: dburl, db: db, diff --git a/lib/response.js b/lib/response.js index e8430d60..910db863 100755 --- a/lib/response.js +++ b/lib/response.js @@ -123,9 +123,6 @@ function checkViewPermission(req, note) { else return true; } else { - if(!config.allowanonymousView && !req.isAuthenticated()) { - return false; - } return true; } } -- cgit v1.2.3 From c21fb8e2a0030095fd8dbfd13f6ba84e933b0e2e Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Tue, 10 Jan 2017 09:35:21 +0800 Subject: Recovery tariling spaces --- README.md | 18 +++++++++--------- lib/response.js | 4 ++-- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 6b473b57..a2980ee4 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,8 @@ HackMD [![Join the chat at https://gitter.im/hackmdio/hackmd](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/hackmdio/hackmd?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) -HackMD lets you create realtime collaborative markdown notes on all platforms. -Inspired by Hackpad, with more focus on speed and flexibility. +HackMD lets you create realtime collaborative markdown notes on all platforms. +Inspired by Hackpad, with more focus on speed and flexibility. Still in the early stage, feel free to fork or contribute to HackMD. Thanks for using! :smile: @@ -12,7 +12,7 @@ Thanks for using! :smile: [docker-hackmd](https://github.com/hackmdio/docker-hackmd) --- -Before you go too far, here is the great docker repo for HackMD. +Before you go too far, here is the great docker repo for HackMD. With docker, you can deploy a server in minutes without any downtime. Heroku Deployment @@ -25,14 +25,14 @@ You can quickly setup a sample heroku hackmd application by clicking the button [migration-to-0.5.0](https://github.com/hackmdio/migration-to-0.5.0) --- -We don't use LZString to compress socket.io data and DB data after version 0.5.0. +We don't use LZString to compress socket.io data and DB data after version 0.5.0. Please run the migration tool if you're upgrading from the old version. [migration-to-0.4.0](https://github.com/hackmdio/migration-to-0.4.0) --- -We've dropped MongoDB after version 0.4.0. -So here is the migration tool for you to transfer the old DB data to the new DB. +We've dropped MongoDB after version 0.4.0. +So here is the migration tool for you to transfer the old DB data to the new DB. This tool is also used for official service. Browsers Requirement @@ -213,9 +213,9 @@ Third-party integration oauth callback urls Operational Transformation --- -From 0.3.2, we started supporting operational transformation. -It makes concurrent editing safe and will not break up other users' operations. -Additionally, now can show other clients' selections. +From 0.3.2, we started supporting operational transformation. +It makes concurrent editing safe and will not break up other users' operations. +Additionally, now can show other clients' selections. See more at [http://operational-transformation.github.io/](http://operational-transformation.github.io/) **License under MIT.** diff --git a/lib/response.js b/lib/response.js index 910db863..a0dc8b1f 100755 --- a/lib/response.js +++ b/lib/response.js @@ -161,7 +161,7 @@ function showNote(req, res, next) { findNote(req, res, function (note) { // force to use note id var noteId = req.params.noteId; - var id = LZString.compressToBase64(note.id); + var id = LZString.compressToBase64(note.id); if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id)) return res.redirect(config.serverurl + "/" + (note.alias || id)); return responseHackMD(res, note); @@ -413,7 +413,7 @@ function publishSlideActions(req, res, next) { res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id))); break; default: - res.redirect(config.serverurl + '/p/' + note.shortid); + res.redirect(config.serverurl + '/p/' + note.shortid); break; } }); -- cgit v1.2.3 From 89b8ddeabae81fd3a8891ce9d8191fbc9e27c83c Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Tue, 10 Jan 2017 10:02:37 +0800 Subject: Add limited and protected permission --- lib/models/note.js | 6 +++--- lib/realtime.js | 20 ++++++++++---------- lib/response.js | 9 +++++++-- public/js/index.js | 22 +++++++++++++++++++++- public/views/body.ejs | 2 ++ 5 files changed, 43 insertions(+), 16 deletions(-) diff --git a/lib/models/note.js b/lib/models/note.js index 132f8b1e..47d9b97a 100644 --- a/lib/models/note.js +++ b/lib/models/note.js @@ -23,7 +23,7 @@ var logger = require("../logger.js"); var ot = require("../ot/index.js"); // permission types -var permissionTypes = ["freely", "editable", "locked", "private"]; +var permissionTypes = ["freely", "editable", "locked", "private", "limited", "protected"]; module.exports = function (sequelize, DataTypes) { var Note = sequelize.define("Note", { @@ -333,7 +333,7 @@ module.exports = function (sequelize, DataTypes) { if (meta.slideOptions && (typeof meta.slideOptions == "object")) _meta.slideOptions = meta.slideOptions; } - return _meta; + return _meta; }, updateAuthorshipByOperation: function (operation, userId, authorships) { var index = 0; @@ -532,4 +532,4 @@ module.exports = function (sequelize, DataTypes) { }); return Note; -}; \ No newline at end of file +}; diff --git a/lib/realtime.js b/lib/realtime.js index a662deeb..b728622f 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -251,13 +251,13 @@ function getStatus(callback) { return logger.error('count user failed: ' + err); }); }).catch(function (err) { - return logger.error('count note failed: ' + err); + return logger.error('count note failed: ' + err); }); } function isReady() { - return realtime.io - && Object.keys(notes).length == 0 && Object.keys(users).length == 0 + return realtime.io + && Object.keys(notes).length == 0 && Object.keys(users).length == 0 && connectionSocketQueue.length == 0 && !isConnectionBusy && disconnectSocketQueue.length == 0 && !isDisconnectBusy; } @@ -420,7 +420,7 @@ function finishConnection(socket, note, user) { function startConnection(socket) { if (isConnectionBusy) return; isConnectionBusy = true; - + var noteId = socket.noteId; if (!noteId) { return failConnection(404, 'note id not found', socket); @@ -521,7 +521,7 @@ function disconnect(socket) { logger.info("SERVER disconnected a client"); logger.info(JSON.stringify(users[socket.id])); } - + if (users[socket.id]) { delete users[socket.id]; } @@ -618,12 +618,12 @@ function ifMayEdit(socket, callback) { case "freely": //not blocking anyone break; - case "editable": + case "editable": case: "limited": //only login user can change if (!socket.request.user || !socket.request.user.logged_in) mayEdit = false; break; - case "locked": case "private": + case "locked": case "private": case "protected": //only owner can change if (!note.owner || note.owner != socket.request.user.id) mayEdit = false; @@ -672,7 +672,7 @@ function operationCallback(socket, operation) { var noteId = note.alias ? note.alias : LZString.compressToBase64(note.id); if (note.server) history.updateHistory(userId, noteId, note.server.document); }, 0); - + } // save authorship note.authorship = models.Note.updateAuthorshipByOperation(operation, userId, note.authorship); @@ -689,10 +689,10 @@ function connection(socket) { } if (isDuplicatedInSocketQueue(socket, connectionSocketQueue)) return; - + // store noteId in this socket session socket.noteId = noteId; - + //initialize user data //random color var color = randomcolor(); diff --git a/lib/response.js b/lib/response.js index a0dc8b1f..4438be24 100755 --- a/lib/response.js +++ b/lib/response.js @@ -122,6 +122,11 @@ function checkViewPermission(req, note) { return false; else return true; + } else if (note.permission == 'limited' || note.permission == 'protected') { + if( !req.isAuthenticated() ) { + return false; + } + return true; } else { return true; } @@ -161,7 +166,7 @@ function showNote(req, res, next) { findNote(req, res, function (note) { // force to use note id var noteId = req.params.noteId; - var id = LZString.compressToBase64(note.id); + var id = LZString.compressToBase64(note.id); if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id)) return res.redirect(config.serverurl + "/" + (note.alias || id)); return responseHackMD(res, note); @@ -413,7 +418,7 @@ function publishSlideActions(req, res, next) { res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id))); break; default: - res.redirect(config.serverurl + '/p/' + note.shortid); + res.redirect(config.serverurl + '/p/' + note.shortid); break; } }); diff --git a/public/js/index.js b/public/js/index.js index 56766657..5b606242 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -857,7 +857,9 @@ window.ui = { freely: $(".ui-permission-freely"), editable: $(".ui-permission-editable"), locked: $(".ui-permission-locked"), - private: $(".ui-permission-private") + private: $(".ui-permission-private"), + limited: $(".ui-permission-limited"), + protected: $(".ui-permission-protected") }, delete: $(".ui-delete-note") }, @@ -2247,6 +2249,14 @@ ui.infobar.permission.locked.click(function () { ui.infobar.permission.private.click(function () { emitPermission("private"); }); +//limited +ui.infobar.permission.limited.click(function() { + emitPermission("limited"); +}); +//protected +ui.infobar.permission.protected.click(function() { + emitPermission("protected"); +}); // delete note ui.infobar.delete.click(function () { $('.delete-modal').modal('show'); @@ -2285,6 +2295,14 @@ function updatePermission(newPermission) { label = ' Private'; title = "Only owner can view & edit"; break; + case "limited": + label = ' Limited'; + title = "Signed people can view and edit" + break; + case "protected": + label = ' Protected'; + title = "Signed people can view"; + break; } if (personalInfo.userid && owner && personalInfo.userid == owner) { label += ' '; @@ -2302,6 +2320,7 @@ function havePermission() { bool = true; break; case "editable": + case "limited": if (!personalInfo.login) { bool = false; } else { @@ -2310,6 +2329,7 @@ function havePermission() { break; case "locked": case "private": + case "protected": if (!owner || personalInfo.userid != owner) { bool = false; } else { diff --git a/public/views/body.ejs b/public/views/body.ejs index 83a82fa3..79e36141 100644 --- a/public/views/body.ejs +++ b/public/views/body.ejs @@ -19,6 +19,8 @@