From 497569fee4a841b13ed1606ca54f269162d3fa62 Mon Sep 17 00:00:00 2001 From: Nicolas Dietrich Date: Fri, 22 Jan 2021 16:47:47 +0100 Subject: Add config option which requires authentication in FreeURL mode This mitigates unintended note creation by bots or humans through a simple GET call. See discussion in #754. Signed-off-by: Nicolas Dietrich --- lib/config/environment.js | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/config/environment.js') diff --git a/lib/config/environment.js b/lib/config/environment.js index 2a2c5fbb..3f13c8e0 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -29,6 +29,7 @@ module.exports = { allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS), allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS), allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL), + requireFreeURLAuthentication: toBooleanConfig(process.env.CMD_REQUIRE_FREEURL_AUTH), forbiddenNoteIDs: toArrayConfig(process.env.CMD_FORBIDDEN_NOTE_IDS), defaultPermission: process.env.CMD_DEFAULT_PERMISSION, dbURL: process.env.CMD_DB_URL, -- cgit v1.2.3 From 5e269e4af97b78765b63c3e1dc638d5cbb50ac0b Mon Sep 17 00:00:00 2001 From: Nicolas Dietrich Date: Sat, 23 Jan 2021 14:14:47 +0100 Subject: Keep JS and env varibale name in sync (requireFreeURLAuthentication) Signed-off-by: Nicolas Dietrich --- lib/config/environment.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/config/environment.js') diff --git a/lib/config/environment.js b/lib/config/environment.js index 3f13c8e0..e03bac8a 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -29,7 +29,7 @@ module.exports = { allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS), allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS), allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL), - requireFreeURLAuthentication: toBooleanConfig(process.env.CMD_REQUIRE_FREEURL_AUTH), + requireFreeURLAuthentication: toBooleanConfig(process.env.CMD_REQUIRE_FREEURL_AUTHENTICATION), forbiddenNoteIDs: toArrayConfig(process.env.CMD_FORBIDDEN_NOTE_IDS), defaultPermission: process.env.CMD_DEFAULT_PERMISSION, dbURL: process.env.CMD_DB_URL, -- cgit v1.2.3