feat: add disable user registration setting to the admin page

This means it is not allowed to create accounts, but, you as an admin are allowed to create accounts which can use the application
2023-04-11 09:20:38 +02:00 · 2023-04-11 09:20:38 +02:00 · 5239cc4b65
commit 5239cc4b65
parent d20e948d65
6 changed files with 49 additions and 6 deletions
--- a/prisma/migrations/20230411070916_disable_account_creation/migration.sql
+++ b/prisma/migrations/20230411070916_disable_account_creation/migration.sql
@ -0,0 +1,14 @@
+-- RedefineTables
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_Settings" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "disable_users" BOOLEAN NOT NULL DEFAULT false,
+    "disable_user_account_creation" BOOLEAN NOT NULL DEFAULT false,
+    "read_only" BOOLEAN NOT NULL DEFAULT false,
+    "disable_file_upload" BOOLEAN NOT NULL DEFAULT false
+);
+INSERT INTO "new_Settings" ("disable_file_upload", "disable_users", "id", "read_only") SELECT "disable_file_upload", "disable_users", "id", "read_only" FROM "Settings";
+DROP TABLE "Settings";
+ALTER TABLE "new_Settings" RENAME TO "Settings";
+PRAGMA foreign_key_check;
+PRAGMA foreign_keys=ON;
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@ -47,8 +47,9 @@ model Statistic {
 }

 model Settings {
-    id                  String  @id
-    disable_users       Boolean @default(false)
-    read_only           Boolean @default(false)
-    disable_file_upload Boolean @default(false)
+    id                            String  @id
+    disable_users                 Boolean @default(false)
+    disable_user_account_creation Boolean @default(false)
+    read_only                     Boolean @default(false)
+    disable_file_upload           Boolean @default(false)
 }
--- a/server.js
+++ b/server.js
@ -21,6 +21,8 @@ import keyGeneration from './src/server/decorators/key-generation.js';

 import readCookieAllRoutesHandler from './src/server/prehandlers/cookie-all-routes.js';
 import readOnlyHandler from './src/server/prehandlers/read-only.js';
+import disableUserHandler from './src/server/prehandlers/disable-users.js';
+import disableUserAccountCreationHandler from './src/server/prehandlers/disable-user-account-creation.js';

 import usersRoute from './src/server/controllers/admin/users.js';
 import adminSettingsRoute from './src/server/controllers/admin/settings.js';
@ -31,8 +33,6 @@ import secretRoute from './src/server/controllers/secret.js';
 import statsRoute from './src/server/controllers/stats.js';
 import healthzRoute from './src/server/controllers/healthz.js';

-import disableUserHandler from './src/server/prehandlers/disable-users.js';
-
 const isDev = process.env.NODE_ENV === 'development';

 const MAX_FILE_BYTES = 1024 * config.get('file.size') * 1000; // Example: 1024 * 2 * 1000 = 2 024 000 bytes
@ -83,6 +83,7 @@ fastify.register(keyGeneration);
 // Define pre handlers
 fastify.addHook('preHandler', readCookieAllRoutesHandler(fastify));
 fastify.addHook('preHandler', disableUserHandler);
+fastify.addHook('preHandler', disableUserAccountCreationHandler);
 fastify.addHook('preHandler', readOnlyHandler);

 // Register our routes before the static content
--- a/src/client/routes/account/settings.jsx
+++ b/src/client/routes/account/settings.jsx
@ -25,6 +25,7 @@ const Settings = () => {
        initialValues: {
            read_only: false,
            disable_users: false,
+            disable_user_account_creation: false,
            disable_file_upload: false,
        },
    });
@ -101,6 +102,18 @@ const Settings = () => {
                        }
                    />
                </Group>
+                <Group position="left">
+                    <Checkbox
+                        label="Disable user account creation"
+                        description="Do not allow users to create acoounts. However, you as an admin is allowed to add users which can sign in."
+                        checked={form.getInputProps('disable_user_account_creation').value}
+                        onChange={(event) =>
+                            form.setValues({
+                                disable_user_account_creation: event.currentTarget.checked,
+                            })
+                        }
+                    />
+                </Group>
                <Group position="left">
                    <Checkbox
                        label="Disable file upload"
--- a/src/server/controllers/admin/settings.js
+++ b/src/server/controllers/admin/settings.js
@ -26,6 +26,7 @@ async function settings(fastify) {
        async (request) => {
            const {
                disable_users = false,
+                disable_user_account_creation = false,
                read_only = false,
                disable_file_upload = false,
            } = request.body;
@ -36,6 +37,7 @@ async function settings(fastify) {
                },
                update: {
                    disable_users, // Disable user registration
+                    disable_user_account_creation, // Disable user account creation
                    read_only, // Allow visiting users to read secrets, and not create any except if you are an admin
                    disable_file_upload, // Disable file uploads
                },
--- a/src/server/prehandlers/disable-user-account-creation.js
+++ b/src/server/prehandlers/disable-user-account-creation.js
@ -0,0 +1,12 @@
+import adminSettings from '../adminSettings.js';
+
+const authenticationRegex = /^\/api\/authentication\/signup.*$/i;
+const errorMessage = 'Access denied. You are not allowed create a user. 🥲';
+
+export default async function disableUserAccountCreation(request, reply) {
+    const { url } = request;
+
+    if (adminSettings.get('disable_user_account_creation') && authenticationRegex.test(url)) {
+        return reply.code(403).send({ error: errorMessage });
+    }
+}