feat: Disable levels of encryptions by default

- Add `allow_client_encryption_key` option to allow encryption key provided by
  the client on the web UI (false by default)
- Add `allow_no_encryption` option to allow notes without encryption (disabled
  by default)

Signed-off-by: Julien Riou <julien@riou.xyz>

src/server/handlers_web.go

@@ -17,16 +17,18 @@ import (
 )
 
 type PageData struct {
-	Title                  string
-	Version                string
-	Expirations            []int
-	Expiration             int
-	Languages              []string
-	Err                    error
-	URL                    string
-	Note                   *Note
-	EnableUploadFileButton bool
-	BootstrapDirectory     string
+	Title                    string
+	Version                  string
+	Expirations              []int
+	Expiration               int
+	Languages                []string
+	Err                      error
+	URL                      string
+	Note                     *Note
+	EnableUploadFileButton   bool
+	AllowClientEncryptionKey bool
+	AllowNoEncryption        bool
+	BootstrapDirectory       string
 }
 
 type HomeHandler struct {
@@ -115,7 +117,17 @@ func (h *CreateNoteWithFormHandler) ServeHTTP(w http.ResponseWriter, r *http.Req
 	deleteAfterRead := r.FormValue("delete-after-read")
 	language := r.FormValue("language")
 
-	if encryptionKey == "" && noEncryption == "" {
+	if !h.PageData.AllowNoEncryption && noEncryption != "" {
+		h.PageData.Err = fmt.Errorf("encryption is mandatory")
+		h.Templates.ExecuteTemplate(w, templateName, h.PageData)
+	}
+
+	if !h.PageData.AllowClientEncryptionKey && encryptionKey != "" {
+		h.PageData.Err = fmt.Errorf("client encryption key is not allowed")
+		h.Templates.ExecuteTemplate(w, templateName, h.PageData)
+	}
+
+	if !h.PageData.AllowClientEncryptionKey && encryptionKey == "" && noEncryption == "" {
 		h.logger.Debug("generating encryption key")
 		encryptionKey = internal.GenerateChars(encryptionKeyLength)
 	}