feat: implement registration toggle in backend and handle disabled state in frontend

2026-04-25 00:36:31 +02:00 · 2025-10-20 15:54:52 +05:30 · 2025-10-20 15:54:52 +05:30 · 19ed0becce
commit 19ed0becce
parent 4dc5cebb94
4 changed files with 23 additions and 1 deletions
--- a/surfsense_backend/.env.example
+++ b/surfsense_backend/.env.example
@ -9,6 +9,7 @@ NEXT_FRONTEND_URL=http://localhost:3000

 # Auth
 AUTH_TYPE=GOOGLE or LOCAL
+REGISTRATION_ENABLED= TRUE or FALSE
 # For Google Auth Only
 GOOGLE_OAUTH_CLIENT_ID=924507538m
 GOOGLE_OAUTH_CLIENT_SECRET=GOCSV
--- a/surfsense_backend/app/app.py
+++ b/surfsense_backend/app/app.py
@ -1,6 +1,6 @@
 from contextlib import asynccontextmanager

-from fastapi import Depends, FastAPI
+from fastapi import Depends, FastAPI, HTTPException, status
 from fastapi.middleware.cors import CORSMiddleware
 from sqlalchemy.ext.asyncio import AsyncSession

@ -17,6 +17,10 @@ async def lifespan(app: FastAPI):
    await create_db_and_tables()
    yield

+def registration_allowed():
+    if not config.REGISTRATION_ENABLED:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Registration is disabled")
+    return True

 app = FastAPI(lifespan=lifespan)

@ -36,6 +40,7 @@ app.include_router(
    fastapi_users.get_register_router(UserRead, UserCreate),
    prefix="/auth",
    tags=["auth"],
+    dependencies=[Depends(registration_allowed)],  # blocks registration when disabled
 )
 app.include_router(
    fastapi_users.get_reset_password_router(),
@ -62,6 +67,7 @@ if config.AUTH_TYPE == "GOOGLE":
        ),
        prefix="/auth/google",
        tags=["auth"],
+        dependencies=[Depends(registration_allowed)],  # blocks OAuth registration when disabled
    )

 app.include_router(crud_router, prefix="/api/v1", tags=["crud"])
--- a/surfsense_backend/app/config/init.py
+++ b/surfsense_backend/app/config/init.py
@ -43,6 +43,7 @@ class Config:

    # Auth
    AUTH_TYPE = os.getenv("AUTH_TYPE")
+    REGISTRATION_ENABLED = os.getenv("REGISTRATION_ENABLED", "TRUE").upper() == "TRUE"

    # Google OAuth
    GOOGLE_OAUTH_CLIENT_ID = os.getenv("GOOGLE_OAUTH_CLIENT_ID")
--- a/surfsense_web/app/(home)/register/page.tsx
+++ b/surfsense_web/app/(home)/register/page.tsx
@ -64,6 +64,20 @@ export default function RegisterPage() {

 			const data = await response.json();

+			if (!response.ok && response.status === 403) {
+                const friendlyMessage =
+                    "Registrations are currently closed. If you need access, contact your administrator.";
+                setErrorTitle("Registration is disabled");
+                setError(friendlyMessage);
+                toast.error("Registration is disabled", {
+                    id: loadingToast,
+                    description: friendlyMessage,
+                    duration: 6000,
+                });
+                setIsLoading(false);
+                return;
+            }
+
 			if (!response.ok) {
 				throw new Error(data.detail || `HTTP ${response.status}`);
 			}