disable registrations

This commit is contained in:
Evert Prants 2022-08-22 20:39:31 +03:00
parent 9cebc2ca68
commit 6e90d40db4
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
5 changed files with 38 additions and 22 deletions

View File

@ -22,7 +22,7 @@ module.exports = {
'@typescript-eslint/explicit-module-boundary-types': 'off', '@typescript-eslint/explicit-module-boundary-types': 'off',
'@typescript-eslint/no-explicit-any': 'off', '@typescript-eslint/no-explicit-any': 'off',
'sort-imports': [ 'sort-imports': [
'warning', 0,
{ {
ignoreCase: false, ignoreCase: false,
ignoreDeclarationSort: false, ignoreDeclarationSort: false,

View File

@ -20,6 +20,7 @@ export const configProviders: Provider<any>[] = [
// generate the following with crypto.randomBytes(256 / 8).toString('hex') // generate the following with crypto.randomBytes(256 / 8).toString('hex')
session_secret: 'change me!', session_secret: 'change me!',
challenge_secret: 'change me!', challenge_secret: 'change me!',
registrations: false,
}, },
email: { email: {
from: 'no-reply@localhost', from: 'no-reply@localhost',

View File

@ -7,9 +7,11 @@ import {
Render, Render,
Req, Req,
Res, Res,
UnauthorizedException,
} from '@nestjs/common'; } from '@nestjs/common';
import { Throttle } from '@nestjs/throttler'; import { Throttle } from '@nestjs/throttler';
import { Request, Response } from 'express'; import { Request, Response } from 'express';
import { ConfigurationService } from 'src/modules/config/config.service';
import { UserService } from 'src/modules/objects/user/user.service'; import { UserService } from 'src/modules/objects/user/user.service';
import { FormUtilityService } from 'src/modules/utility/services/form-utility.service'; import { FormUtilityService } from 'src/modules/utility/services/form-utility.service';
import { RegisterDto } from './register.interfaces'; import { RegisterDto } from './register.interfaces';
@ -19,12 +21,15 @@ export class RegisterController {
constructor( constructor(
private readonly userService: UserService, private readonly userService: UserService,
private readonly formUtil: FormUtilityService, private readonly formUtil: FormUtilityService,
private readonly config: ConfigurationService,
) {} ) {}
@Get() @Get()
@Render('register') @Render('register')
public registerView(@Req() req: Request): Record<string, any> { public registerView(@Req() req: Request): Record<string, any> {
return this.formUtil.populateTemplate(req); return this.formUtil.populateTemplate(req, {
registrationAuthorized: this.config.get<boolean>('app.registrations'),
});
} }
@Post() @Post()
@ -38,6 +43,12 @@ export class RegisterController {
const { username, display_name, email, password, password_repeat } = const { username, display_name, email, password, password_repeat } =
this.formUtil.trimmed(body, ['username', 'display_name', 'email']); this.formUtil.trimmed(body, ['username', 'display_name', 'email']);
if (!this.config.get<boolean>('app.registrations')) {
throw new UnauthorizedException(
'Registrations are disabled by administrator.',
);
}
try { try {
if ( if (
!username || !username ||

View File

@ -14,7 +14,6 @@ declare global {
declare module 'express-session' { declare module 'express-session' {
interface SessionData { interface SessionData {
csrf?: string;
user?: string; user?: string;
challenge?: string; challenge?: string;
flash?: Record<string, any>; flash?: Record<string, any>;

View File

@ -16,6 +16,7 @@ block body
.alert.alert-success .alert.alert-success
span #{message.text} span #{message.text}
if registrationAuthorized
form(method="post") form(method="post")
div.form-container div.form-container
input#csrf(type="hidden", name="_csrf", value=csrf) input#csrf(type="hidden", name="_csrf", value=csrf)
@ -41,3 +42,7 @@ block body
button.btn.btn-primary(type="submit") Create a new account button.btn.btn-primary(type="submit") Create a new account
a.btn.btn-link.align-self-end(type="button" href="/login") Log in instead a.btn.btn-link.align-self-end(type="button" href="/login") Log in instead
else
.alert.alert-danger
span Registrations are currently disabled. Sorry!
a.btn.btn-link.align-self-end(type="button" href="/login") Home