diff --git a/modules/hedgedoc.nix b/modules/hedgedoc.nix index 5352ba1..244734a 100644 --- a/modules/hedgedoc.nix +++ b/modules/hedgedoc.nix @@ -49,6 +49,7 @@ in # allow anonymous editing, but not creation of pads allowAnonymous = false; allowAnonymousEdits = true; + allowAnonymousUploads = false; defaultPermission = "limited"; defaultNotePath = builtins.toString template; # ldap auth diff --git a/overlays/default.nix b/overlays/default.nix index d9350d5..5fd91b9 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -34,4 +34,10 @@ in }; })); + + hedgedoc = prev.hedgedoc.overrideAttrs ({ patches ? [ ], ... }: { + patches = patches ++ [ + ./hedgedoc/0001-anonymous-uploads.patch + ]; + }); } diff --git a/overlays/hedgedoc/0001-anonymous-uploads.patch b/overlays/hedgedoc/0001-anonymous-uploads.patch new file mode 100644 index 0000000..83eead2 --- /dev/null +++ b/overlays/hedgedoc/0001-anonymous-uploads.patch @@ -0,0 +1,62 @@ +diff --git a/app.js b/app.js +index d41dbfbd7..faf686cfa 100644 +--- a/app.js ++++ b/app.js +@@ -203,6 +203,7 @@ app.locals.serverURL = config.serverURL + app.locals.sourceURL = config.sourceURL + app.locals.allowAnonymous = config.allowAnonymous + app.locals.allowAnonymousEdits = config.allowAnonymousEdits ++app.locals.allowAnonymousUploads = config.allowAnonymousUploads + app.locals.disableNoteCreation = config.disableNoteCreation + app.locals.authProviders = { + facebook: config.isFacebookEnable, +diff --git a/lib/config/default.js b/lib/config/default.js +index d038e5311..9ab9a6bb1 100644 +--- a/lib/config/default.js ++++ b/lib/config/default.js +@@ -33,6 +33,7 @@ module.exports = { + protocolUseSSL: false, + allowAnonymous: true, + allowAnonymousEdits: false, ++ allowAnonymousUploads: false, + allowFreeURL: false, + requireFreeURLAuthentication: false, + disableNoteCreation: false, +diff --git a/lib/config/environment.js b/lib/config/environment.js +index da50a660d..b74d122f4 100644 +--- a/lib/config/environment.js ++++ b/lib/config/environment.js +@@ -31,6 +31,7 @@ module.exports = { + allowOrigin: toArrayConfig(process.env.CMD_ALLOW_ORIGIN), + allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS), + allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS), ++ allowAnonymousUploads: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_UPLOADS), + allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL), + requireFreeURLAuthentication: toBooleanConfig(process.env.CMD_REQUIRE_FREEURL_AUTHENTICATION), + disableNoteCreation: toBooleanConfig(process.env.CMD_DISABLE_NOTE_CREATION), +diff --git a/lib/config/hackmdEnvironment.js b/lib/config/hackmdEnvironment.js +index c40ffc961..20c2da83b 100644 +--- a/lib/config/hackmdEnvironment.js ++++ b/lib/config/hackmdEnvironment.js +@@ -22,6 +22,7 @@ module.exports = { + allowOrigin: toArrayConfig(process.env.HMD_ALLOW_ORIGIN), + allowAnonymous: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS), + allowAnonymousEdits: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS_EDITS), ++ allowAnonymousUploads: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS_UPLOADS), + allowFreeURL: toBooleanConfig(process.env.HMD_ALLOW_FREEURL), + defaultPermission: process.env.HMD_DEFAULT_PERMISSION, + dbURL: process.env.HMD_DB_URL, +diff --git a/lib/web/imageRouter/index.js b/lib/web/imageRouter/index.js +index d9964827b..7321bc805 100644 +--- a/lib/web/imageRouter/index.js ++++ b/lib/web/imageRouter/index.js +@@ -59,8 +59,7 @@ async function checkUploadType (filePath) { + imageRouter.post('/uploadimage', function (req, res) { + if ( + !req.isAuthenticated() && +- !config.allowAnonymous && +- !config.allowAnonymousEdits ++ !config.allowAnonymousUploads + ) { + logger.error( + 'Image upload error: Anonymous edits and therefore uploads are not allowed'