From d728426b451ae5c5b0b179264b00f6f3f4d4f6fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ferdinand=20M=C3=BCtsch?= <ferdinand@muetsch.io>
Date: Sat, 6 Feb 2021 10:59:12 +0100
Subject: [PATCH] chore: add config option to disable user registrations
 (resolve #113)

---
 Dockerfile         | 1 +
 config.default.yml | 3 ++-
 config/config.go   | 1 +
 routes/login.go    | 6 ++++++
 version.txt        | 2 +-
 5 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a8cb3f5..6b157e5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -40,6 +40,7 @@ ENV WAKAPI_DB_NAME=/data/wakapi.db
 ENV WAKAPI_PASSWORD_SALT ''
 ENV WAKAPI_LISTEN_IPV4 '0.0.0.0'
 ENV WAKAPI_INSECURE_COOKIES 'true'
+ENV WAKAPI_ALLOW_SIGNUP 'true
 
 COPY --from=build-env /app .
 
diff --git a/config.default.yml b/config.default.yml
index 78b61a0..8b437aa 100644
--- a/config.default.yml
+++ b/config.default.yml
@@ -28,4 +28,5 @@ db:
 security:
   password_salt:            # CHANGE !
   insecure_cookies: false
-  cookie_max_age: 172800
\ No newline at end of file
+  cookie_max_age: 172800
+  allow_signup: true
\ No newline at end of file
diff --git a/config/config.go b/config/config.go
index 16f8ca9..daeac5f 100644
--- a/config/config.go
+++ b/config/config.go
@@ -48,6 +48,7 @@ type appConfig struct {
 }
 
 type securityConfig struct {
+	AllowSignup bool `yaml:"allow_signup" default:"true" env:"WAKAPI_ALLOW_SIGNUP"`
 	// this is actually a pepper (https://en.wikipedia.org/wiki/Pepper_(cryptography))
 	PasswordSalt    string                     `yaml:"password_salt" default:"" env:"WAKAPI_PASSWORD_SALT"`
 	InsecureCookies bool                       `yaml:"insecure_cookies" default:"false" env:"WAKAPI_INSECURE_COOKIES"`
diff --git a/routes/login.go b/routes/login.go
index af3113d..a1ff615 100644
--- a/routes/login.go
+++ b/routes/login.go
@@ -121,6 +121,12 @@ func (h *LoginHandler) PostSignup(w http.ResponseWriter, r *http.Request) {
 		loadTemplates()
 	}
 
+	if !h.config.IsDev() && !h.config.Security.AllowSignup {
+		w.WriteHeader(http.StatusForbidden)
+		templates[conf.SignupTemplate].Execute(w, h.buildViewModel(r).WithError("registration is disabled on this server"))
+		return
+	}
+
 	if cookie, err := r.Cookie(models.AuthCookieKey); err == nil && cookie.Value != "" {
 		http.Redirect(w, r, fmt.Sprintf("%s/summary", h.config.Server.BasePath), http.StatusFound)
 		return
diff --git a/version.txt b/version.txt
index be02b33..054c858 100644
--- a/version.txt
+++ b/version.txt
@@ -1 +1 @@
-1.22.4
\ No newline at end of file
+1.22.5
\ No newline at end of file