409/warren
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AUTH_ALLOW_REGISTRATION env variable

Browse Source
This commit is contained in:
Shawn
2025-08-29 16:17:13 +02:00
parent 8bf6de1682
commit d74531e2e1
3 changed files with 28 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/src/lib/domain/warren/models/user/requests/register.rs
View File

@@ -43,6 +43,8 @@ impl From<RegisterUserRequest> for CreateUserRequest {
pub enum RegisterUserError { pub enum RegisterUserError {
#[error(transparent)] #[error(transparent)]
CreateUser(#[from] CreateUserError), CreateUser(#[from] CreateUserError),
#[error("Registration is disabled")]
Disabled,
#[error(transparent)] #[error(transparent)]
Unknown(#[from] anyhow::Error), Unknown(#[from] anyhow::Error),
} }

24
backend/src/lib/domain/warren/service/auth.rs
View File

@@ -52,6 +52,7 @@ use crate::{
}; };
const AUTH_SESSION_EXPIRATION_KEY: &str = "AUTH_SESSION_EXPIRATION"; const AUTH_SESSION_EXPIRATION_KEY: &str = "AUTH_SESSION_EXPIRATION";
const ALLOW_REGISTRATION_KEY: &str = "AUTH_ALLOW_REGISTRATION";
/// The authentication service configuration /// The authentication service configuration
/// ///
@@ -59,6 +60,7 @@ const AUTH_SESSION_EXPIRATION_KEY: &str = "AUTH_SESSION_EXPIRATION";
#[derive(Debug, Clone, PartialEq, Eq)] #[derive(Debug, Clone, PartialEq, Eq)]
pub struct AuthConfig { pub struct AuthConfig {
session_lifetime: SessionExpirationTime, session_lifetime: SessionExpirationTime,
allow_registration: bool,
} }
impl AuthConfig { impl AuthConfig {
@@ -71,12 +73,27 @@ impl AuthConfig {
} }
}; };
Ok(Self { session_lifetime }) let allow_registration = match Config::load_env(ALLOW_REGISTRATION_KEY)
.map(|v| v.to_lowercase())
.as_deref()
{
Ok("true") => true,
Ok("false") | Ok(_) | Err(_) => false,
};
Ok(Self {
session_lifetime,
allow_registration,
})
} }
pub fn session_lifetime(&self) -> SessionExpirationTime { pub fn session_lifetime(&self) -> SessionExpirationTime {
self.session_lifetime self.session_lifetime
} }
pub fn allow_registration(&self) -> bool {
self.allow_registration
}
} }
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
@@ -232,6 +249,11 @@ where
} }
async fn register_user(&self, request: RegisterUserRequest) -> Result<User, RegisterUserError> { async fn register_user(&self, request: RegisterUserRequest) -> Result<User, RegisterUserError> {
if !self.config.allow_registration {
self.metrics.record_user_registration_failure().await;
return Err(RegisterUserError::Disabled);
}
let result = self.repository.create_user(request.into()).await; let result = self.repository.create_user(request.into()).await;
if let Ok(user) = result.as_ref() { if let Ok(user) = result.as_ref() {

3
backend/src/lib/inbound/http/errors.rs
View File

@@ -112,6 +112,9 @@ impl From<RegisterUserError> for ApiError {
fn from(value: RegisterUserError) -> Self { fn from(value: RegisterUserError) -> Self {
match value { match value {
RegisterUserError::CreateUser(err) => err.into(), RegisterUserError::CreateUser(err) => err.into(),
RegisterUserError::Disabled => {
Self::BadRequest("User registration is disabled".to_string())
}
RegisterUserError::Unknown(error) => Self::InternalServerError(error.to_string()), RegisterUserError::Unknown(error) => Self::InternalServerError(error.to_string()),
} }
} }