add RESTRICT_GUEST_ACCESS to block unregistered users from all applications
This commit is contained in:
notplants
@ -18,6 +18,10 @@ SANDBOX_DOMAIN=sandbox.cryptpad.example.com
|
||||
#EXTRA_DOMAINS=', `www.cryptpad.example.com`'
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
## Set to true to block unregistered users from accessing any CryptPad applications
|
||||
## See https://docs.cryptpad.org/en/admin_guide/customization.html#restricting-guest-access
|
||||
#RESTRICT_GUEST_ACCESS=false
|
||||
|
||||
## SSO / OIDC (optional — uncomment below and add compose.sso.yml to COMPOSE_FILE to enable)
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.sso.yml"
|
||||
#SSO_ENABLED=true
|
||||
|
||||
1
abra.sh
1
abra.sh
@ -3,3 +3,4 @@ export CONFIG_JS_VERSION=v2
|
||||
export NGINX_CONF_VERSION=v1
|
||||
export SSO_ENTRYPOINT_VERSION=v6
|
||||
export SSO_JS_VERSION=v3
|
||||
export APPLICATION_CONFIG_VERSION=v3
|
||||
|
||||
24
application_config.js.tmpl
Normal file
24
application_config.js.tmpl
Normal file
@ -0,0 +1,24 @@
|
||||
// CryptPad application customization — generated from environment variables
|
||||
// See https://docs.cryptpad.org/en/admin_guide/customization.html
|
||||
// For default file, see: https://github.com/cryptpad/cryptpad/blob/main/customize.dist/application_config.js
|
||||
|
||||
(() => {
|
||||
const factory = (AppConfig) => {
|
||||
{{ if eq (env "RESTRICT_GUEST_ACCESS") "true" }}
|
||||
// Block unregistered users from accessing any applications
|
||||
AppConfig.registeredOnlyTypes = AppConfig.availablePadTypes.slice();
|
||||
{{ end }}
|
||||
|
||||
return AppConfig;
|
||||
};
|
||||
|
||||
// Do not change code below
|
||||
if (typeof(module) !== 'undefined' && module.exports) {
|
||||
module.exports = factory(
|
||||
require('../www/common/application_config_internal.js')
|
||||
);
|
||||
} else if ((typeof(define) !== 'undefined' && define !== null) && (define.amd !== null)) {
|
||||
define(['/common/application_config_internal.js'], factory);
|
||||
}
|
||||
|
||||
})();
|
||||
@ -16,6 +16,7 @@ services:
|
||||
- "CPAD_HTTP2_DISABLE=true"
|
||||
- "CPAD_TRUST_PROXY=1"
|
||||
- "CPAD_CONF=/cryptpad/config/config.js"
|
||||
- "RESTRICT_GUEST_ACCESS=${RESTRICT_GUEST_ACCESS:-false}"
|
||||
volumes:
|
||||
- cryptpad_blob:/cryptpad/blob
|
||||
- cryptpad_block:/cryptpad/block
|
||||
@ -26,6 +27,8 @@ services:
|
||||
configs:
|
||||
- source: config_js
|
||||
target: /cryptpad/config/config.js
|
||||
- source: application_config_js
|
||||
target: /cryptpad/customize/application_config.js
|
||||
|
||||
deploy:
|
||||
restart_policy:
|
||||
@ -86,3 +89,7 @@ configs:
|
||||
name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION}
|
||||
file: nginx.conf.tmpl
|
||||
template_driver: golang
|
||||
application_config_js:
|
||||
name: ${STACK_NAME}_application_config_js_${APPLICATION_CONFIG_VERSION}
|
||||
file: application_config.js.tmpl
|
||||
template_driver: golang
|
||||
|
||||
Reference in New Issue
Block a user