Add 'allowPosting' config

This commit is contained in:
Bryan Ashby 2022-09-22 21:24:24 -06:00
parent d2dafc4dbc
commit 2cb0970a31
No known key found for this signature in database
GPG Key ID: C2C1B501E4EFD994
2 changed files with 23 additions and 9 deletions

View File

@ -121,6 +121,7 @@ const Responses = {
SendArticle: '340 send article to be posted', SendArticle: '340 send article to be posted',
PostingNotAllowed: '440 posting not allowed',
ArticlePostFailed: '441 posting failed', ArticlePostFailed: '441 posting failed',
AuthRequired: '480 authentication required', AuthRequired: '480 authentication required',
}; };
@ -1258,11 +1259,6 @@ exports.getModule = class NNTPServerModule extends ServerModule {
const config = Config(); const config = Config();
// add in some additional supported commands
const commands = Object.assign({}, NNTPServerBase.commands, {
POST: PostCommand,
});
// :TODO: nntp-server doesn't currently allow posting in a nice way, so this is kludged in. Fork+MR something cleaner at some point // :TODO: nntp-server doesn't currently allow posting in a nice way, so this is kludged in. Fork+MR something cleaner at some point
class ProxySession extends NNTPServerBase.Session { class ProxySession extends NNTPServerBase.Session {
constructor(server, stream) { constructor(server, stream) {
@ -1333,12 +1329,19 @@ exports.getModule = class NNTPServerModule extends ServerModule {
} }
const commonOptions = { const commonOptions = {
//requireAuth : true, // :TODO: re-enable!
// :TODO: How to hook into debugging?! // :TODO: How to hook into debugging?!
commands,
session: ProxySession, // :TODO: only do this is config.postingAllowed is true, else '440 posting not allowed' even if authenticated
}; };
if (true === _.get(config, 'contentServers.nntp.allowPosts')) {
// add in some additional supported commands
const commands = Object.assign({}, NNTPServerBase.commands, {
POST: PostCommand,
});
commonOptions.commands = commands;
commonOptions.session = ProxySession;
}
if (this.enableNntp) { if (this.enableNntp) {
this.nntpServer = new NNTPServer( this.nntpServer = new NNTPServer(
// :TODO: according to docs: if connection is non-tls, but behind proxy (assuming TLS termination?!!) then set this to true // :TODO: according to docs: if connection is non-tls, but behind proxy (assuming TLS termination?!!) then set this to true

View File

@ -12,6 +12,7 @@ The NNTP *content server* provides access to publicly exposed message conference
| `nntp` | :-1: | Configuration block for non-secure NNTP. See Non-Secure NNTP Configuration below. | | `nntp` | :-1: | Configuration block for non-secure NNTP. See Non-Secure NNTP Configuration below. |
| `nntps` | :-1: | Configuration block for secure NNTP. See Secure NNTPS Configuration below. | | `nntps` | :-1: | Configuration block for secure NNTP. See Secure NNTPS Configuration below. |
| `publicMessageConferences` | :+1: | A map of *conference tags* to *area tags* that are publicly exposed over NNTP. Anonymous users will get read-only access to these areas. | | `publicMessageConferences` | :+1: | A map of *conference tags* to *area tags* that are publicly exposed over NNTP. Anonymous users will get read-only access to these areas. |
| `postingAllowed` | :-1: | Allow posting from authenticated users. See [Write Access](#write-access).
### See Non-Secure NNTP Configuration ### See Non-Secure NNTP Configuration
Under `contentServers.nntp.nntp` the following configuration is allowed: Under `contentServers.nntp.nntp` the following configuration is allowed:
@ -40,10 +41,20 @@ An example of generating your own cert/key pair:
openssl req -newkey rsa:2048 -nodes -keyout ./config/nntps_key.pem -x509 -days 3050 -out ./config/nntps_cert.pem openssl req -newkey rsa:2048 -nodes -keyout ./config/nntps_key.pem -x509 -days 3050 -out ./config/nntps_cert.pem
``` ```
### Example Configuration ## Write Access
Authenticated users may write messages to a group given the following are true:
1. They are connected security (NNTPS). This is a strict requirement due to how NNTP authenticates in plain-text otherwise.
2. The authenticated user has write [ACS](../../configuration/acs.md) to the target message conference and area.
> :warning: Not all [ACS](../../configuration/acs.md) checks can be made over NNTP. Any ACS requiring a "client" will return false (fail), such as `LC` ("is local?").
## Example Configuration
```hjson ```hjson
contentServers: { contentServers: {
nntp: { nntp: {
allowPosting: true
publicMessageConferences: { publicMessageConferences: {
fsxnet: [ fsxnet: [
// Expose these areas of fsxNet // Expose these areas of fsxNet