apunkt/SurfSense
1
0
Fork 0
mirror of https://github.com/MODSetter/SurfSense.git synced 2026-06-02 19:55:18 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #421 from AnishSarkar22/feature/disable-user-registration

Browse source 
feat: Disable public user registration via environment flag
This commit is contained in:
Rohan Verma 2025-10-20 17:54:24 -07:00 committed by GitHub
commit 87ca3886c8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 29 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
surfsense_backend/.env.example
View file

@ -9,6 +9,7 @@ NEXT_FRONTEND_URL=http://localhost:3000
# Auth # Auth
AUTH_TYPE=GOOGLE or LOCAL AUTH_TYPE=GOOGLE or LOCAL
REGISTRATION_ENABLED= TRUE or FALSE
# For Google Auth Only # For Google Auth Only
GOOGLE_OAUTH_CLIENT_ID=924507538m GOOGLE_OAUTH_CLIENT_ID=924507538m
GOOGLE_OAUTH_CLIENT_SECRET=GOCSV GOOGLE_OAUTH_CLIENT_SECRET=GOCSV

14
surfsense_backend/app/app.py
View file

@ -1,6 +1,6 @@
from contextlib import asynccontextmanager from contextlib import asynccontextmanager
from fastapi import Depends, FastAPI from fastapi import Depends, FastAPI, HTTPException, status
from fastapi.middleware.cors import CORSMiddleware from fastapi.middleware.cors import CORSMiddleware
from sqlalchemy.ext.asyncio import AsyncSession from sqlalchemy.ext.asyncio import AsyncSession
@ -18,6 +18,14 @@ async def lifespan(app: FastAPI):
yield yield
def registration_allowed():
if not config.REGISTRATION_ENABLED:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, detail="Registration is disabled"
)
return True
app = FastAPI(lifespan=lifespan) app = FastAPI(lifespan=lifespan)
# Add CORS middleware # Add CORS middleware
@ -36,6 +44,7 @@ app.include_router(
fastapi_users.get_register_router(UserRead, UserCreate), fastapi_users.get_register_router(UserRead, UserCreate),
prefix="/auth", prefix="/auth",
tags=["auth"], tags=["auth"],
dependencies=[Depends(registration_allowed)], # blocks registration when disabled
) )
app.include_router( app.include_router(
fastapi_users.get_reset_password_router(), fastapi_users.get_reset_password_router(),
@ -62,6 +71,9 @@ if config.AUTH_TYPE == "GOOGLE":
), ),
prefix="/auth/google", prefix="/auth/google",
tags=["auth"], tags=["auth"],
dependencies=[
Depends(registration_allowed)
], # blocks OAuth registration when disabled
) )
app.include_router(crud_router, prefix="/api/v1", tags=["crud"]) app.include_router(crud_router, prefix="/api/v1", tags=["crud"])

1
surfsense_backend/app/config/__init__.py
View file

@ -43,6 +43,7 @@ class Config:
# Auth # Auth
AUTH_TYPE = os.getenv("AUTH_TYPE") AUTH_TYPE = os.getenv("AUTH_TYPE")
REGISTRATION_ENABLED = os.getenv("REGISTRATION_ENABLED", "TRUE").upper() == "TRUE"
# Google OAuth # Google OAuth
GOOGLE_OAUTH_CLIENT_ID = os.getenv("GOOGLE_OAUTH_CLIENT_ID") GOOGLE_OAUTH_CLIENT_ID = os.getenv("GOOGLE_OAUTH_CLIENT_ID")

14
surfsense_web/app/(home)/register/page.tsx
View file

@ -64,6 +64,20 @@ export default function RegisterPage() {
const data = await response.json(); const data = await response.json();
if (!response.ok && response.status === 403) {
const friendlyMessage =
"Registrations are currently closed. If you need access, contact your administrator.";
setErrorTitle("Registration is disabled");
setError(friendlyMessage);
toast.error("Registration is disabled", {
id: loadingToast,
description: friendlyMessage,
duration: 6000,
});
setIsLoading(false);
return;
}
if (!response.ok) { if (!response.ok) {
throw new Error(data.detail || `HTTP ${response.status}`); throw new Error(data.detail || `HTTP ${response.status}`);
} }