Add global registration disable feature

Implement configurable registration control to allow administrators to disable new user signups. Backend changes: - Add fitpub.registration.enabled configuration property (defaults to true) - Update AuthController to check registration status and return 403 Forbidden when disabled - Create GET /api/auth/registration-status endpoint to expose registration status to frontend - Add RegistrationStatusResponse DTO Configuration changes: - Add REGISTRATION_ENABLED environment variable to application.yml - Add REGISTRATION_ENABLED to Dockerfile with default value of true - Update .env.example with REGISTRATION_ENABLED documentation Frontend changes: - Update registration page to check status and hide form when disabled - Add checkRegistrationStatus() to auth.js to dynamically hide registration links - Display user-friendly message when registration is disabled To disable registration, set environment variable: REGISTRATION_ENABLED=false 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-03 11:27:19 +01:00 · 2025-12-03 11:27:19 +01:00 · bc6741a749
commit bc6741a749
parent 0732774986
6 changed files with 82 additions and 1 deletions
--- a/.env.example
+++ b/.env.example
@ -18,6 +18,10 @@ APP_BASE_URL=https://example.com
 JWT_SECRET=change_me_to_a_secure_random_string_in_production
 JWT_EXPIRATION_MS=86400000

+# Registration Configuration
+# Set to false to disable user registration
+REGISTRATION_ENABLED=true
+
 # ActivityPub Configuration
 ACTIVITYPUB_ENABLED=true

--- a/3
+++ b/3
@ -46,6 +46,9 @@ USER fitpub
 # Expose application port
 EXPOSE 8080

+# Environment variables
+ENV REGISTRATION_ENABLED=true
+
 # Health check
 HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
    CMD curl -f http://localhost:8080/actuator/health || exit 1
--- a/src/main/java/org/operaton/fitpub/controller/AuthController.java
+++ b/src/main/java/org/operaton/fitpub/controller/AuthController.java
@ -7,6 +7,7 @@ import org.operaton.fitpub.model.dto.AuthResponse;
 import org.operaton.fitpub.model.dto.LoginRequest;
 import org.operaton.fitpub.model.dto.RegisterRequest;
 import org.operaton.fitpub.service.UserService;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.BadCredentialsException;
@ -24,6 +25,9 @@ public class AuthController {

    private final UserService userService;

+    @Value("${fitpub.registration.enabled:true}")
+    private boolean registrationEnabled;
+
    /**
     * Register a new user account.
     *
@ -32,6 +36,13 @@ public class AuthController {
     */
    @PostMapping("/register")
    public ResponseEntity<AuthResponse> register(@Valid @RequestBody RegisterRequest request) {
+        // Check if registration is enabled
+        if (!registrationEnabled) {
+            log.warn("Registration attempt blocked - registration is disabled");
+            return ResponseEntity.status(HttpStatus.FORBIDDEN)
+                    .body(null);
+        }
+
        log.info("Registration request received for username: {}", request.getUsername());

        try {
@ -43,6 +54,16 @@ public class AuthController {
        }
    }

+    /**
+     * Get registration status.
+     *
+     * @return Registration status response
+     */
+    @GetMapping("/registration-status")
+    public ResponseEntity<RegistrationStatusResponse> getRegistrationStatus() {
+        return ResponseEntity.ok(new RegistrationStatusResponse(registrationEnabled));
+    }
+
    /**
     * Authenticate user and generate JWT token.
     *
@ -84,4 +105,9 @@ public class AuthController {
     * Error response DTO.
     */
    record ErrorResponse(String error, String message) {}
+
+    /**
+     * Registration status response DTO.
+     */
+    record RegistrationStatusResponse(boolean enabled) {}
 }
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -62,6 +62,10 @@ fitpub:
      secret: ${JWT_SECRET:change-this-secret-key-in-production-must-be-at-least-32-characters-long}
      expiration: 86400000 # 24 hours in milliseconds

+  # Registration settings
+  registration:
+    enabled: ${REGISTRATION_ENABLED:true}
+
  # Storage settings
  storage:
    fit-files:
--- a/src/main/resources/static/js/auth.js
+++ b/src/main/resources/static/js/auth.js
@ -173,6 +173,9 @@ const FitPubAuth = {
        // Update navigation UI based on auth status
        this.updateNavigationUI();

+        // Check registration status and update UI
+        this.checkRegistrationStatus();
+
        // Check authentication status on page load
        this.checkAuthStatus();

@ -180,6 +183,30 @@ const FitPubAuth = {
        this.setupExpirationWarning();
    },

+    /**
+     * Check if registration is enabled and update navigation UI
+     */
+    checkRegistrationStatus: async function() {
+        try {
+            const response = await fetch('/api/auth/registration-status');
+            const data = await response.json();
+
+            if (!data.enabled) {
+                // Hide registration link in navigation
+                const registerLinks = document.querySelectorAll('a[href="/register"]');
+                registerLinks.forEach(link => {
+                    const parent = link.parentElement;
+                    if (parent && parent.tagName === 'LI') {
+                        parent.style.display = 'none';
+                    }
+                });
+            }
+        } catch (error) {
+            console.error('Error checking registration status:', error);
+            // Continue without hiding registration link if check fails
+        }
+    },
+
    /**
     * Update navigation UI based on authentication status
     */
--- a/src/main/resources/templates/auth/register.html
+++ b/src/main/resources/templates/auth/register.html
@ -174,7 +174,7 @@
    <!-- Custom Scripts -->
    <th:block layout:fragment="scripts">
        <script th:inline="javascript">
-            document.addEventListener('DOMContentLoaded', function() {
+            document.addEventListener('DOMContentLoaded', async function() {
                const form = document.getElementById('registerForm');
                const registerBtn = document.getElementById('registerBtn');
                const registerBtnText = document.getElementById('registerBtnText');
@ -183,6 +183,23 @@
                const successAlert = document.getElementById('successAlert');
                const errorMessage = document.getElementById('errorMessage');

+                // Check if registration is enabled
+                try {
+                    const response = await fetch('/api/auth/registration-status');
+                    const data = await response.json();
+
+                    if (!data.enabled) {
+                        // Registration is disabled - show message and hide form
+                        errorMessage.textContent = 'Registration is currently disabled on this instance. Please contact the administrator if you need an account.';
+                        errorAlert.classList.remove('d-none');
+                        form.style.display = 'none';
+                        return;
+                    }
+                } catch (error) {
+                    console.error('Error checking registration status:', error);
+                    // Continue to show form if check fails
+                }
+
                // Password confirmation validation
                const password = document.getElementById('password');
                const confirmPassword = document.getElementById('confirmPassword');