AUTH_ALLOW_REGISTRATION env variable

2025-08-29 16:17:13 +02:00
parent 8bf6de1682
commit d74531e2e1
3 changed files with 28 additions and 1 deletions
--- a/backend/src/lib/domain/warren/models/user/requests/register.rs
+++ b/backend/src/lib/domain/warren/models/user/requests/register.rs
@@ -43,6 +43,8 @@ impl From<RegisterUserRequest> for CreateUserRequest {
 pub enum RegisterUserError {
    #[error(transparent)]
    CreateUser(#[from] CreateUserError),
+    #[error("Registration is disabled")]
+    Disabled,
    #[error(transparent)]
    Unknown(#[from] anyhow::Error),
 }
--- a/backend/src/lib/domain/warren/service/auth.rs
+++ b/backend/src/lib/domain/warren/service/auth.rs
@@ -52,6 +52,7 @@ use crate::{
 };

 const AUTH_SESSION_EXPIRATION_KEY: &str = "AUTH_SESSION_EXPIRATION";
+const ALLOW_REGISTRATION_KEY: &str = "AUTH_ALLOW_REGISTRATION";

 /// The authentication service configuration
 ///
@@ -59,6 +60,7 @@ const AUTH_SESSION_EXPIRATION_KEY: &str = "AUTH_SESSION_EXPIRATION";
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct AuthConfig {
    session_lifetime: SessionExpirationTime,
+    allow_registration: bool,
 }

 impl AuthConfig {
@@ -71,12 +73,27 @@ impl AuthConfig {
            }
        };

-        Ok(Self { session_lifetime })
+        let allow_registration = match Config::load_env(ALLOW_REGISTRATION_KEY)
+            .map(|v| v.to_lowercase())
+            .as_deref()
+        {
+            Ok("true") => true,
+            Ok("false") | Ok(_) | Err(_) => false,
+        };
+
+        Ok(Self {
+            session_lifetime,
+            allow_registration,
+        })
    }

    pub fn session_lifetime(&self) -> SessionExpirationTime {
        self.session_lifetime
    }
+
+    pub fn allow_registration(&self) -> bool {
+        self.allow_registration
+    }
 }

 #[derive(Debug, Clone)]
@@ -232,6 +249,11 @@ where
    }

    async fn register_user(&self, request: RegisterUserRequest) -> Result<User, RegisterUserError> {
+        if !self.config.allow_registration {
+            self.metrics.record_user_registration_failure().await;
+            return Err(RegisterUserError::Disabled);
+        }
+
        let result = self.repository.create_user(request.into()).await;

        if let Ok(user) = result.as_ref() {
--- a/backend/src/lib/inbound/http/errors.rs
+++ b/backend/src/lib/inbound/http/errors.rs
@@ -112,6 +112,9 @@ impl From<RegisterUserError> for ApiError {
    fn from(value: RegisterUserError) -> Self {
        match value {
            RegisterUserError::CreateUser(err) => err.into(),
+            RegisterUserError::Disabled => {
+                Self::BadRequest("User registration is disabled".to_string())
+            }
            RegisterUserError::Unknown(error) => Self::InternalServerError(error.to_string()),
        }
    }