diff --git a/README.md b/README.md index 6e2e710d..38dc52db 100644 --- a/README.md +++ b/README.md @@ -145,9 +145,10 @@ Environment variables (will overwrite other server configs) | HMD_LDAP_SEARCHFILTER | `(uid={{username}})` | LDAP filter to search with | | HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with | | HMD_LDAP_TLS_CA | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) | -| HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider | +| HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider | | HMD_IMGUR_CLIENTID | no example | Imgur API client id | | HMD_EMAIL | `true` or `false` | set to allow email signin | +| HMD_ALLOW_PDF_EXPORT | `true` or `false` | Enable or disable PDF exports | | HMD_ALLOW_EMAIL_REGISTER | `true` or `false` | set to allow email register (only applied when email is set, default is `true`) | | HMD_IMAGE_UPLOAD_TYPE | `imgur`, `s3` or `filesystem` | Where to upload image. For S3, see our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) | | HMD_S3_ACCESS_KEY_ID | no example | AWS access key id | diff --git a/app.json b/app.json index 1de6b7db..d1804c52 100644 --- a/app.json +++ b/app.json @@ -127,6 +127,10 @@ "HMD_IMGUR_CLIENTID": { "description": "Imgur API client id", "required": false + }, + "HMD_ALLOW_PDF_EXPORT": { + "description": "Enable or disable PDF exports", + "required": false } }, "addons": [ diff --git a/lib/config/default.js b/lib/config/default.js index f4c45e3d..e7e2e4b3 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -94,5 +94,6 @@ module.exports = { tlsca: undefined }, email: true, - allowemailregister: true + allowemailregister: true, + allowpdfexport: true } diff --git a/lib/config/environment.js b/lib/config/environment.js index 40b7e09f..6f33d140 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -69,5 +69,6 @@ module.exports = { tlsca: process.env.HMD_LDAP_TLS_CA }, email: toBooleanConfig(process.env.HMD_EMAIL), - allowemailregister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER) + allowemailregister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER), + allowpdfexport: toBooleanConfig(process.env.HMD_ALLOW_PDF_EXPORT) } diff --git a/lib/config/index.js b/lib/config/index.js index bea5a6af..dfad28ed 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -1,3 +1,4 @@ + 'use strict' const fs = require('fs') @@ -90,6 +91,7 @@ config.isEmailEnable = config.email config.isGitHubEnable = config.github.clientID && config.github.clientSecret config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret config.isLDAPEnable = config.ldap.url +config.isPDFExportEnable = config.allowpdfexport // generate correct path config.sslcapath = path.join(appRootPath, config.sslcapath) @@ -106,7 +108,7 @@ config.errorpath = path.join(appRootPath, config.errorpath) config.prettypath = path.join(appRootPath, config.prettypath) config.slidepath = path.join(appRootPath, config.slidepath) -// maek config readonly +// make config readonly config = deepFreeze(config) module.exports = config diff --git a/lib/response.js b/lib/response.js index a22d1e70..9e39ffb5 100755 --- a/lib/response.js +++ b/lib/response.js @@ -69,6 +69,7 @@ function showIndex (req, res, next) { ldap: config.isLDAPEnable, email: config.isEmailEnable, allowemailregister: config.allowemailregister, + allowpdfexport: config.allowpdfexport, signin: req.isAuthenticated(), infoMessage: req.flash('info'), errorMessage: req.flash('error') @@ -98,7 +99,8 @@ function responseHackMD (res, note) { google: config.isGoogleEnable, ldap: config.isLDAPEnable, email: config.isEmailEnable, - allowemailregister: config.allowemailregister + allowemailregister: config.allowemailregister, + allowpdfexport: config.allowpdfexport }) } @@ -382,7 +384,12 @@ function noteActions (req, res, next) { actionInfo(req, res, note) break case 'pdf': - actionPDF(req, res, note) + if (config.allowpdfexport) { + actionPDF(req, res, note) + } else { + logger.error('PDF export failed: Disabled by config. Set "allowpdfexport: true" to enable. Check the documentation for details') + response.errorForbidden(res) + } break case 'gist': actionGist(req, res, note) diff --git a/public/views/hackmd/header.ejs b/public/views/hackmd/header.ejs index bde9033a..47b563ac 100644 --- a/public/views/hackmd/header.ejs +++ b/public/views/hackmd/header.ejs @@ -70,8 +70,10 @@