Add more security as default (#47)

* Add more security as default

* Auto-update README

* Update config.json.example

* Update change_url

Co-authored-by: yunohost-bot <yunohost@yunohost.org>

conf/config.json.example

@@ -8,10 +8,11 @@
         "useCDN": false,
         "allowGravatar": false,
         "allowFreeURL": false,
+        "allowAnonymous": __ALLOW_ANONYMOUS__, 
         "allowAnonymousEdits": true,
         "defaultPermission": "locked",
         "email": true,
-        "allowEmailRegister": true,
+        "allowEmailRegister": __ALLOW_EMAIL_REGISTRATION__,
         "imageUploadType": "filesystem",
         "tooBusyLag": 1000,
         "hsts": {

config_panel.toml.example

@@ -0,0 +1,24 @@
+version = "1.0"
+
+[main]
+name = "HedgeDoc configuration"
+
+    [main.config]
+    name = "Configuration Options"
+
+        [main.config.allow_anonymous]
+        ask = "Allow anonymous usage"
+        type = "boolean"
+        yes = "true"
+        no = "false"
+        help = "Set to allow anonymous usage (default is true)."
+        bind = "allow_anonymous:__FINALPATH__/config.json"
+
+        [main.config.allow_email_registration]
+        ask = "Allow email registration"
+        type = "boolean"
+        yes = "true"
+        no = "false"
+        help = "Set to allow registration of new accounts using an email address. If set to false, you can still create accounts using the command line."
+        bind = "allow_email_registration:__FINALPATH__/config.json"
+

scripts/change_url

@@ -33,6 +33,9 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
 db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 
+allow_anonymous=$(ynh_app_setting_get --app=$app --key=allow_anonymous)
+allow_email_registration=$(ynh_app_setting_get --app=$app --key=allow_email_registration)
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================

scripts/install

@@ -29,6 +29,9 @@ is_public=$YNH_APP_ARG_IS_PUBLIC
 
 app=$YNH_APP_INSTANCE_NAME
 
+allow_anonymous=false
+allow_email_registration=false
+
 #=================================================
 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
 #=================================================
@@ -47,6 +50,8 @@ ynh_script_progression --message="Storing installation settings..." --weight=2
 
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
+ynh_app_setting_set --app=$app --key=allow_anonymous --value=$allow_anonymous
+ynh_app_setting_set --app=$app --key=allow_email_registration --value=$allow_email_registration
 
 #=================================================
 # STANDARD MODIFICATIONS

scripts/upgrade

@@ -24,6 +24,9 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
 db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 
+allow_anonymous=$(ynh_app_setting_get --app=$app --key=allow_anonymous)
+allow_email_registration=$(ynh_app_setting_get --app=$app --key=allow_email_registration)
+
 #=================================================
 # CHECK VERSION
 #=================================================
@@ -35,6 +38,16 @@ upgrade_type=$(ynh_check_app_version_changed)
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
 
+if [ -z "$allow_anonymous" ]; then
+	allow_anonymous="false"
+	ynh_app_setting_set --app=$app --key=allow_anonymous --value=$allow_anonymous
+fi
+
+if [ -z "$allow_email_registration" ]; then
+	allow_email_registration="false"
+	ynh_app_setting_set --app=$app --key=allow_email_registration --value=$allow_email_registration
+fi
+
 # Cleaning legacy permissions
 if ynh_legacy_permissions_exists; then
 	ynh_legacy_permissions_delete_all