recipe-maintainers/cryptpad
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add RESTRICT_GUEST_ACCESS to block unregistered users from all applications

Browse Source
This commit is contained in:
notplants
2026-04-20 17:20:24 +00:00
parent 9922390ce3
commit 38393e1fd1
4 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.env.sample
View File

@ -18,6 +18,10 @@ SANDBOX_DOMAIN=sandbox.cryptpad.example.com
#EXTRA_DOMAINS=', `www.cryptpad.example.com`' #EXTRA_DOMAINS=', `www.cryptpad.example.com`'
LETS_ENCRYPT_ENV=production LETS_ENCRYPT_ENV=production
## Set to true to block unregistered users from accessing any CryptPad applications
## See https://docs.cryptpad.org/en/admin_guide/customization.html#restricting-guest-access
#RESTRICT_GUEST_ACCESS=false
## SSO / OIDC (optional — uncomment below and add compose.sso.yml to COMPOSE_FILE to enable) ## SSO / OIDC (optional — uncomment below and add compose.sso.yml to COMPOSE_FILE to enable)
# COMPOSE_FILE="$COMPOSE_FILE:compose.sso.yml" # COMPOSE_FILE="$COMPOSE_FILE:compose.sso.yml"
#SSO_ENABLED=true #SSO_ENABLED=true

1
abra.sh
View File

@ -3,3 +3,4 @@ export CONFIG_JS_VERSION=v2
export NGINX_CONF_VERSION=v1 export NGINX_CONF_VERSION=v1
export SSO_ENTRYPOINT_VERSION=v6 export SSO_ENTRYPOINT_VERSION=v6
export SSO_JS_VERSION=v3 export SSO_JS_VERSION=v3
export APPLICATION_CONFIG_VERSION=v3

24
application_config.js.tmpl Normal file
View File

@ -0,0 +1,24 @@
// CryptPad application customization — generated from environment variables
// See https://docs.cryptpad.org/en/admin_guide/customization.html
// For default file, see: https://github.com/cryptpad/cryptpad/blob/main/customize.dist/application_config.js
(() => {
const factory = (AppConfig) => {
{{ if eq (env "RESTRICT_GUEST_ACCESS") "true" }}
// Block unregistered users from accessing any applications
AppConfig.registeredOnlyTypes = AppConfig.availablePadTypes.slice();
{{ end }}
return AppConfig;
};
// Do not change code below
if (typeof(module) !== 'undefined' && module.exports) {
module.exports = factory(
require('../www/common/application_config_internal.js')
);
} else if ((typeof(define) !== 'undefined' && define !== null) && (define.amd !== null)) {
define(['/common/application_config_internal.js'], factory);
}
})();

7
compose.yml
View File

@ -16,6 +16,7 @@ services:
- "CPAD_HTTP2_DISABLE=true" - "CPAD_HTTP2_DISABLE=true"
- "CPAD_TRUST_PROXY=1" - "CPAD_TRUST_PROXY=1"
- "CPAD_CONF=/cryptpad/config/config.js" - "CPAD_CONF=/cryptpad/config/config.js"
- "RESTRICT_GUEST_ACCESS=${RESTRICT_GUEST_ACCESS:-false}"
volumes: volumes:
- cryptpad_blob:/cryptpad/blob - cryptpad_blob:/cryptpad/blob
- cryptpad_block:/cryptpad/block - cryptpad_block:/cryptpad/block
@ -26,6 +27,8 @@ services:
configs: configs:
- source: config_js - source: config_js
target: /cryptpad/config/config.js target: /cryptpad/config/config.js
- source: application_config_js
target: /cryptpad/customize/application_config.js
deploy: deploy:
restart_policy: restart_policy:
@ -86,3 +89,7 @@ configs:
name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION} name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION}
file: nginx.conf.tmpl file: nginx.conf.tmpl
template_driver: golang template_driver: golang
application_config_js:
name: ${STACK_NAME}_application_config_js_${APPLICATION_CONFIG_VERSION}
file: application_config.js.tmpl
template_driver: golang