feat: option to disable note creation

The abuse of the demo instance required us to disallow note creation

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>

lib/config/default.js

@@ -35,6 +35,7 @@ module.exports = {
   allowAnonymousEdits: false,
   allowFreeURL: false,
   requireFreeURLAuthentication: false,
+  disableNoteCreation: false,
   forbiddenNoteIDs: ['robots.txt', 'favicon.ico', 'api', 'build', 'css', 'docs', 'fonts', 'js', 'uploads', 'vendor', 'views'],
   defaultPermission: 'editable',
   dbURL: '',

lib/config/environment.js

@@ -33,6 +33,7 @@ module.exports = {
   allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS),
   allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL),
   requireFreeURLAuthentication: toBooleanConfig(process.env.CMD_REQUIRE_FREEURL_AUTHENTICATION),
+  disableNoteCreation: toBooleanConfig(process.env.CMD_DISABLE_NOTE_CREATION),
   forbiddenNoteIDs: toArrayConfig(process.env.CMD_FORBIDDEN_NOTE_IDS),
   defaultPermission: process.env.CMD_DEFAULT_PERMISSION,
   dbURL: process.env.CMD_DB_URL,

lib/web/note/controller.js

@@ -82,6 +82,9 @@ exports.showNote = function (req, res, next) {
 }
 
 exports.createFromPOST = function (req, res, next) {
+  if (config.disableNoteCreation) {
+    return errors.errorForbidden(res)
+  }
   let body = ''
   if (req.body && req.body.length > config.documentMaxLength) {
     return errors.errorTooLong(res)

lib/web/note/util.js

@@ -19,7 +19,11 @@ exports.findNote = function (req, res, callback, include = null, createIfNotFoun
       include: include || null
     }).then(function (note) {
       if (!note && createIfNotFound) {
-        return exports.newNote(req, res, '')
+        if (config.disableNoteCreation) {
+          return errors.errorNotFound(res)
+        } else {
+          return exports.newNote(req, res, '')
+        }
       }
       if (!note && !createIfNotFound) {
         return errors.errorNotFound(res)