Add global registration disable feature

Implement configurable registration control to allow administrators to disable new user signups.

Backend changes:
- Add fitpub.registration.enabled configuration property (defaults to true)
- Update AuthController to check registration status and return 403 Forbidden when disabled
- Create GET /api/auth/registration-status endpoint to expose registration status to frontend
- Add RegistrationStatusResponse DTO

Configuration changes:
- Add REGISTRATION_ENABLED environment variable to application.yml
- Add REGISTRATION_ENABLED to Dockerfile with default value of true
- Update .env.example with REGISTRATION_ENABLED documentation

Frontend changes:
- Update registration page to check status and hide form when disabled
- Add checkRegistrationStatus() to auth.js to dynamically hide registration links
- Display user-friendly message when registration is disabled

To disable registration, set environment variable: REGISTRATION_ENABLED=false

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

.env.example

@@ -18,6 +18,10 @@ APP_BASE_URL=https://example.com
 JWT_SECRET=change_me_to_a_secure_random_string_in_production
 JWT_EXPIRATION_MS=86400000
 
+# Registration Configuration
+# Set to false to disable user registration
+REGISTRATION_ENABLED=true
+
 # ActivityPub Configuration
 ACTIVITYPUB_ENABLED=true
 

Dockerfile

@@ -46,6 +46,9 @@ USER fitpub
 # Expose application port
 EXPOSE 8080
 
+# Environment variables
+ENV REGISTRATION_ENABLED=true
+
 # Health check
 HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
     CMD curl -f http://localhost:8080/actuator/health || exit 1

src/main/java/org/operaton/fitpub/controller/AuthController.java

@@ -7,6 +7,7 @@ import org.operaton.fitpub.model.dto.AuthResponse;
 import org.operaton.fitpub.model.dto.LoginRequest;
 import org.operaton.fitpub.model.dto.RegisterRequest;
 import org.operaton.fitpub.service.UserService;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -24,6 +25,9 @@ public class AuthController {
 
     private final UserService userService;
 
+    @Value("${fitpub.registration.enabled:true}")
+    private boolean registrationEnabled;
+
     /**
      * Register a new user account.
      *
@@ -32,6 +36,13 @@ public class AuthController {
      */
     @PostMapping("/register")
     public ResponseEntity<AuthResponse> register(@Valid @RequestBody RegisterRequest request) {
+        // Check if registration is enabled
+        if (!registrationEnabled) {
+            log.warn("Registration attempt blocked - registration is disabled");
+            return ResponseEntity.status(HttpStatus.FORBIDDEN)
+                    .body(null);
+        }
+
         log.info("Registration request received for username: {}", request.getUsername());
 
         try {
@@ -43,6 +54,16 @@ public class AuthController {
         }
     }
 
+    /**
+     * Get registration status.
+     *
+     * @return Registration status response
+     */
+    @GetMapping("/registration-status")
+    public ResponseEntity<RegistrationStatusResponse> getRegistrationStatus() {
+        return ResponseEntity.ok(new RegistrationStatusResponse(registrationEnabled));
+    }
+
     /**
      * Authenticate user and generate JWT token.
      *
@@ -84,4 +105,9 @@ public class AuthController {
      * Error response DTO.
      */
     record ErrorResponse(String error, String message) {}
+
+    /**
+     * Registration status response DTO.
+     */
+    record RegistrationStatusResponse(boolean enabled) {}
 }

src/main/resources/application.yml

@@ -62,6 +62,10 @@ fitpub:
       secret: ${JWT_SECRET:change-this-secret-key-in-production-must-be-at-least-32-characters-long}
       expiration: 86400000 # 24 hours in milliseconds
 
+  # Registration settings
+  registration:
+    enabled: ${REGISTRATION_ENABLED:true}
+
   # Storage settings
   storage:
     fit-files:

src/main/resources/static/js/auth.js

@@ -173,6 +173,9 @@ const FitPubAuth = {
         // Update navigation UI based on auth status
         this.updateNavigationUI();
 
+        // Check registration status and update UI
+        this.checkRegistrationStatus();
+
         // Check authentication status on page load
         this.checkAuthStatus();
 
@@ -180,6 +183,30 @@ const FitPubAuth = {
         this.setupExpirationWarning();
     },
 
+    /**
+     * Check if registration is enabled and update navigation UI
+     */
+    checkRegistrationStatus: async function() {
+        try {
+            const response = await fetch('/api/auth/registration-status');
+            const data = await response.json();
+
+            if (!data.enabled) {
+                // Hide registration link in navigation
+                const registerLinks = document.querySelectorAll('a[href="/register"]');
+                registerLinks.forEach(link => {
+                    const parent = link.parentElement;
+                    if (parent && parent.tagName === 'LI') {
+                        parent.style.display = 'none';
+                    }
+                });
+            }
+        } catch (error) {
+            console.error('Error checking registration status:', error);
+            // Continue without hiding registration link if check fails
+        }
+    },
+
     /**
      * Update navigation UI based on authentication status
      */

src/main/resources/templates/auth/register.html

@@ -174,7 +174,7 @@
     <!-- Custom Scripts -->
     <th:block layout:fragment="scripts">
         <script th:inline="javascript">
-            document.addEventListener('DOMContentLoaded', function() {
+            document.addEventListener('DOMContentLoaded', async function() {
                 const form = document.getElementById('registerForm');
                 const registerBtn = document.getElementById('registerBtn');
                 const registerBtnText = document.getElementById('registerBtnText');
@@ -183,6 +183,23 @@
                 const successAlert = document.getElementById('successAlert');
                 const errorMessage = document.getElementById('errorMessage');
 
+                // Check if registration is enabled
+                try {
+                    const response = await fetch('/api/auth/registration-status');
+                    const data = await response.json();
+
+                    if (!data.enabled) {
+                        // Registration is disabled - show message and hide form
+                        errorMessage.textContent = 'Registration is currently disabled on this instance. Please contact the administrator if you need an account.';
+                        errorAlert.classList.remove('d-none');
+                        form.style.display = 'none';
+                        return;
+                    }
+                } catch (error) {
+                    console.error('Error checking registration status:', error);
+                    // Continue to show form if check fails
+                }
+
                 // Password confirmation validation
                 const password = document.getElementById('password');
                 const confirmPassword = document.getElementById('confirmPassword');