disable registrations

This commit is contained in:
Evert Prants 2022-08-22 20:39:31 +03:00
parent 9cebc2ca68
commit 6e90d40db4
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
5 changed files with 38 additions and 22 deletions

View File

@ -22,7 +22,7 @@ module.exports = {
'@typescript-eslint/explicit-module-boundary-types': 'off', '@typescript-eslint/explicit-module-boundary-types': 'off',
'@typescript-eslint/no-explicit-any': 'off', '@typescript-eslint/no-explicit-any': 'off',
'sort-imports': [ 'sort-imports': [
'warning', 0,
{ {
ignoreCase: false, ignoreCase: false,
ignoreDeclarationSort: false, ignoreDeclarationSort: false,

View File

@ -20,6 +20,7 @@ export const configProviders: Provider<any>[] = [
// generate the following with crypto.randomBytes(256 / 8).toString('hex') // generate the following with crypto.randomBytes(256 / 8).toString('hex')
session_secret: 'change me!', session_secret: 'change me!',
challenge_secret: 'change me!', challenge_secret: 'change me!',
registrations: false,
}, },
email: { email: {
from: 'no-reply@localhost', from: 'no-reply@localhost',

View File

@ -7,9 +7,11 @@ import {
Render, Render,
Req, Req,
Res, Res,
UnauthorizedException,
} from '@nestjs/common'; } from '@nestjs/common';
import { Throttle } from '@nestjs/throttler'; import { Throttle } from '@nestjs/throttler';
import { Request, Response } from 'express'; import { Request, Response } from 'express';
import { ConfigurationService } from 'src/modules/config/config.service';
import { UserService } from 'src/modules/objects/user/user.service'; import { UserService } from 'src/modules/objects/user/user.service';
import { FormUtilityService } from 'src/modules/utility/services/form-utility.service'; import { FormUtilityService } from 'src/modules/utility/services/form-utility.service';
import { RegisterDto } from './register.interfaces'; import { RegisterDto } from './register.interfaces';
@ -19,12 +21,15 @@ export class RegisterController {
constructor( constructor(
private readonly userService: UserService, private readonly userService: UserService,
private readonly formUtil: FormUtilityService, private readonly formUtil: FormUtilityService,
private readonly config: ConfigurationService,
) {} ) {}
@Get() @Get()
@Render('register') @Render('register')
public registerView(@Req() req: Request): Record<string, any> { public registerView(@Req() req: Request): Record<string, any> {
return this.formUtil.populateTemplate(req); return this.formUtil.populateTemplate(req, {
registrationAuthorized: this.config.get<boolean>('app.registrations'),
});
} }
@Post() @Post()
@ -38,6 +43,12 @@ export class RegisterController {
const { username, display_name, email, password, password_repeat } = const { username, display_name, email, password, password_repeat } =
this.formUtil.trimmed(body, ['username', 'display_name', 'email']); this.formUtil.trimmed(body, ['username', 'display_name', 'email']);
if (!this.config.get<boolean>('app.registrations')) {
throw new UnauthorizedException(
'Registrations are disabled by administrator.',
);
}
try { try {
if ( if (
!username || !username ||

View File

@ -14,7 +14,6 @@ declare global {
declare module 'express-session' { declare module 'express-session' {
interface SessionData { interface SessionData {
csrf?: string;
user?: string; user?: string;
challenge?: string; challenge?: string;
flash?: Record<string, any>; flash?: Record<string, any>;

View File

@ -16,28 +16,33 @@ block body
.alert.alert-success .alert.alert-success
span #{message.text} span #{message.text}
form(method="post") if registrationAuthorized
div.form-container form(method="post")
input#csrf(type="hidden", name="_csrf", value=csrf) div.form-container
input#csrf(type="hidden", name="_csrf", value=csrf)
label.form-label(for="username") Username label.form-label(for="username") Username
input.form-control#username(type="text", name="username", placeholder="Username", autofocus, value=form.username) input.form-control#username(type="text", name="username", placeholder="Username", autofocus, value=form.username)
small.form-hint Between 3 and 26 English alphanumeric characters and .-_ only. small.form-hint Between 3 and 26 English alphanumeric characters and .-_ only.
label.form-label(for="display_name") Display name label.form-label(for="display_name") Display name
input.form-control#display_name(type="text", name="display_name", placeholder="Display name", value=form.display_name) input.form-control#display_name(type="text", name="display_name", placeholder="Display name", value=form.display_name)
small.form-hint Maximum length is 32. small.form-hint Maximum length is 32.
label.form-label(for="email") Email address label.form-label(for="email") Email address
input.form-control#email(type="email", name="email", placeholder="Email address", value=form.email) input.form-control#email(type="email", name="email", placeholder="Email address", value=form.email)
small.form-hint You will need to verify your email address before you can log in. small.form-hint You will need to verify your email address before you can log in.
label.form-label(for="password") Password label.form-label(for="password") Password
input.form-control#password(type="password", name="password", placeholder="Password", value=form.password) input.form-control#password(type="password", name="password", placeholder="Password", value=form.password)
small.form-hint Must be at least 8 characters long, contain a capital and lowercase letter and a number. small.form-hint Must be at least 8 characters long, contain a capital and lowercase letter and a number.
label.form-label(for="password_repeat") Confirm password label.form-label(for="password_repeat") Confirm password
input.form-control#password_repeat(type="password", name="password_repeat", placeholder="Confirm password") input.form-control#password_repeat(type="password", name="password_repeat", placeholder="Confirm password")
button.btn.btn-primary(type="submit") Create a new account button.btn.btn-primary(type="submit") Create a new account
a.btn.btn-link.align-self-end(type="button" href="/login") Log in instead a.btn.btn-link.align-self-end(type="button" href="/login") Log in instead
else
.alert.alert-danger
span Registrations are currently disabled. Sorry!
a.btn.btn-link.align-self-end(type="button" href="/login") Home