Add config option which requires authentication in FreeURL mode

This mitigates unintended note creation by bots or humans through a simple GET call. See discussion in #754. Signed-off-by: Nicolas Dietrich <nidi@mailbox.org>
2025-06-01 07:38:33 -04:00 · 2021-01-22 16:47:47 +01:00 · 2021-01-22 16:47:47 +01:00 · 497569fee4
commit 497569fee4
parent 3331c0947c
5 changed files with 5 additions and 1 deletions
--- a/lib/config/default.js
+++ b/lib/config/default.js
@ -33,6 +33,7 @@ module.exports = {
  allowAnonymous: true,
  allowAnonymousEdits: false,
  allowFreeURL: false,
+  requireFreeURLAuthentication: false,
  forbiddenNoteIDs: ['robots.txt', 'favicon.ico', 'api', 'build', 'css', 'docs', 'fonts', 'js', 'uploads', 'vendor', 'views'],
  defaultPermission: 'editable',
  dbURL: '',
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@ -29,6 +29,7 @@ module.exports = {
  allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS),
  allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS),
  allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL),
+  requireFreeURLAuthentication: toBooleanConfig(process.env.CMD_REQUIRE_FREEURL_AUTH),
  forbiddenNoteIDs: toArrayConfig(process.env.CMD_FORBIDDEN_NOTE_IDS),
  defaultPermission: process.env.CMD_DEFAULT_PERMISSION,
  dbURL: process.env.CMD_DB_URL,
--- a/lib/config/hackmdEnvironment.js
+++ b/lib/config/hackmdEnvironment.js
@ -24,6 +24,7 @@ module.exports = {
  allowAnonymous: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS),
  allowAnonymousEdits: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS_EDITS),
  allowFreeURL: toBooleanConfig(process.env.HMD_ALLOW_FREEURL),
+  requireFreeURLAuthentication: toBooleanConfig(process.env.HMD_REQUIRE_FREEURL_AUTH),
  defaultPermission: process.env.HMD_DEFAULT_PERMISSION,
  dbURL: process.env.HMD_DB_URL,
  sessionSecret: process.env.HMD_SESSION_SECRET,