Add limit for constrain anonymous view note
This commit is contained in:
蒼時弦也
parent
23a12dd927
commit
aaf1ff4b2f
2 changed files with 5 additions and 3 deletions
|
|
@ -20,6 +20,7 @@ var urladdport = process.env.HMD_URL_ADDPORT ? (process.env.HMD_URL_ADDPORT ===
|
||||||
var usecdn = process.env.HMD_USECDN ? (process.env.HMD_USECDN === 'true') : ((typeof config.usecdn === 'boolean') ? config.usecdn : true);
|
var usecdn = process.env.HMD_USECDN ? (process.env.HMD_USECDN === 'true') : ((typeof config.usecdn === 'boolean') ? config.usecdn : true);
|
||||||
|
|
||||||
var allowanonymous = process.env.HMD_ALLOW_ANONYMOUS ? (process.env.HMD_ALLOW_ANONYMOUS === 'true') : ((typeof config.allowanonymous === 'boolean') ? config.allowanonymous : true);
|
var allowanonymous = process.env.HMD_ALLOW_ANONYMOUS ? (process.env.HMD_ALLOW_ANONYMOUS === 'true') : ((typeof config.allowanonymous === 'boolean') ? config.allowanonymous : true);
|
||||||
|
var allowanonymousView = process.env.HMD_ALLOW_ANONYMOUS_VIEW ? (process.env.HMD_ALLOW_ANONYMOUS_VIEW === 'true') : ((typeof config.allowanonymousView === 'boolean') ? config.allowanonymousView : true);
|
||||||
|
|
||||||
var allowfreeurl = process.env.HMD_ALLOW_FREEURL ? (process.env.HMD_ALLOW_FREEURL === 'true') : !!config.allowfreeurl;
|
var allowfreeurl = process.env.HMD_ALLOW_FREEURL ? (process.env.HMD_ALLOW_FREEURL === 'true') : !!config.allowfreeurl;
|
||||||
|
|
||||||
|
|
@ -128,6 +129,7 @@ module.exports = {
|
||||||
serverurl: getserverurl(),
|
serverurl: getserverurl(),
|
||||||
usecdn: usecdn,
|
usecdn: usecdn,
|
||||||
allowanonymous: allowanonymous,
|
allowanonymous: allowanonymous,
|
||||||
|
allowanonymousView: allowanonymousView,
|
||||||
allowfreeurl: allowfreeurl,
|
allowfreeurl: allowfreeurl,
|
||||||
dburl: dburl,
|
dburl: dburl,
|
||||||
db: db,
|
db: db,
|
||||||
|
|
|
||||||
|
|
@ -117,7 +117,7 @@ function newNote(req, res, next) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function checkViewPermission(req, note) {
|
function checkViewPermission(req, note) {
|
||||||
if (note.permission == 'private') {
|
if (note.permission == 'private' || !config.allowanonymousView) {
|
||||||
if (!req.isAuthenticated() || note.ownerId != req.user.id)
|
if (!req.isAuthenticated() || note.ownerId != req.user.id)
|
||||||
return false;
|
return false;
|
||||||
else
|
else
|
||||||
|
|
@ -161,7 +161,7 @@ function showNote(req, res, next) {
|
||||||
findNote(req, res, function (note) {
|
findNote(req, res, function (note) {
|
||||||
// force to use note id
|
// force to use note id
|
||||||
var noteId = req.params.noteId;
|
var noteId = req.params.noteId;
|
||||||
var id = LZString.compressToBase64(note.id);
|
var id = LZString.compressToBase64(note.id);
|
||||||
if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id))
|
if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id))
|
||||||
return res.redirect(config.serverurl + "/" + (note.alias || id));
|
return res.redirect(config.serverurl + "/" + (note.alias || id));
|
||||||
return responseHackMD(res, note);
|
return responseHackMD(res, note);
|
||||||
|
|
@ -413,7 +413,7 @@ function publishSlideActions(req, res, next) {
|
||||||
res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)));
|
res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)));
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
res.redirect(config.serverurl + '/p/' + note.shortid);
|
res.redirect(config.serverurl + '/p/' + note.shortid);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue