hedgedoc: disable anonymous patches

https://c3d2.social/@sandro/113900709169130028

modules/hedgedoc.nix

@@ -49,6 +49,7 @@ in
         # allow anonymous editing, but not creation of pads
         allowAnonymous = false;
         allowAnonymousEdits = true;
+        allowAnonymousUploads = false;
         defaultPermission = "limited";
         defaultNotePath = builtins.toString template;
         # ldap auth

overlays/default.nix

@@ -34,4 +34,10 @@ in
     };
 
   }));
+
+  hedgedoc = prev.hedgedoc.overrideAttrs ({ patches ? [ ], ... }: {
+    patches = patches ++ [
+      ./hedgedoc/0001-anonymous-uploads.patch
+    ];
+  });
 }

overlays/hedgedoc/0001-anonymous-uploads.patch

@@ -0,0 +1,62 @@
+diff --git a/app.js b/app.js
+index d41dbfbd7..faf686cfa 100644
+--- a/app.js
++++ b/app.js
+@@ -203,6 +203,7 @@ app.locals.serverURL = config.serverURL
+ app.locals.sourceURL = config.sourceURL
+ app.locals.allowAnonymous = config.allowAnonymous
+ app.locals.allowAnonymousEdits = config.allowAnonymousEdits
++app.locals.allowAnonymousUploads = config.allowAnonymousUploads
+ app.locals.disableNoteCreation = config.disableNoteCreation
+ app.locals.authProviders = {
+   facebook: config.isFacebookEnable,
+diff --git a/lib/config/default.js b/lib/config/default.js
+index d038e5311..9ab9a6bb1 100644
+--- a/lib/config/default.js
++++ b/lib/config/default.js
+@@ -33,6 +33,7 @@ module.exports = {
+   protocolUseSSL: false,
+   allowAnonymous: true,
+   allowAnonymousEdits: false,
++  allowAnonymousUploads: false,
+   allowFreeURL: false,
+   requireFreeURLAuthentication: false,
+   disableNoteCreation: false,
+diff --git a/lib/config/environment.js b/lib/config/environment.js
+index da50a660d..b74d122f4 100644
+--- a/lib/config/environment.js
++++ b/lib/config/environment.js
+@@ -31,6 +31,7 @@ module.exports = {
+   allowOrigin: toArrayConfig(process.env.CMD_ALLOW_ORIGIN),
+   allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS),
+   allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS),
++  allowAnonymousUploads: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_UPLOADS),
+   allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL),
+   requireFreeURLAuthentication: toBooleanConfig(process.env.CMD_REQUIRE_FREEURL_AUTHENTICATION),
+   disableNoteCreation: toBooleanConfig(process.env.CMD_DISABLE_NOTE_CREATION),
+diff --git a/lib/config/hackmdEnvironment.js b/lib/config/hackmdEnvironment.js
+index c40ffc961..20c2da83b 100644
+--- a/lib/config/hackmdEnvironment.js
++++ b/lib/config/hackmdEnvironment.js
+@@ -22,6 +22,7 @@ module.exports = {
+   allowOrigin: toArrayConfig(process.env.HMD_ALLOW_ORIGIN),
+   allowAnonymous: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS),
+   allowAnonymousEdits: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS_EDITS),
++  allowAnonymousUploads: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS_UPLOADS),
+   allowFreeURL: toBooleanConfig(process.env.HMD_ALLOW_FREEURL),
+   defaultPermission: process.env.HMD_DEFAULT_PERMISSION,
+   dbURL: process.env.HMD_DB_URL,
+diff --git a/lib/web/imageRouter/index.js b/lib/web/imageRouter/index.js
+index d9964827b..7321bc805 100644
+--- a/lib/web/imageRouter/index.js
++++ b/lib/web/imageRouter/index.js
+@@ -59,8 +59,7 @@ async function checkUploadType (filePath) {
+ imageRouter.post('/uploadimage', function (req, res) {
+   if (
+     !req.isAuthenticated() &&
+-    !config.allowAnonymous &&
+-    !config.allowAnonymousEdits
++    !config.allowAnonymousUploads
+   ) {
+     logger.error(
+       'Image upload error: Anonymous edits and therefore uploads are not allowed'