Remove the registration UI page completely and use the public timeline as the default start page.
Changes:
- Delete auth/register.html template
- Remove /register route from AuthViewController
- Update HomeController to redirect / to /timeline
- Remove /register from public paths list in auth.js
Users will no longer see a registration option in the UI. Registration can only be done via direct API calls if enabled.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implement configurable registration control to allow administrators to disable new user signups.
Backend changes:
- Add fitpub.registration.enabled configuration property (defaults to true)
- Update AuthController to check registration status and return 403 Forbidden when disabled
- Create GET /api/auth/registration-status endpoint to expose registration status to frontend
- Add RegistrationStatusResponse DTO
Configuration changes:
- Add REGISTRATION_ENABLED environment variable to application.yml
- Add REGISTRATION_ENABLED to Dockerfile with default value of true
- Update .env.example with REGISTRATION_ENABLED documentation
Frontend changes:
- Update registration page to check status and hide form when disabled
- Add checkRegistrationStatus() to auth.js to dynamically hide registration links
- Display user-friendly message when registration is disabled
To disable registration, set environment variable: REGISTRATION_ENABLED=false
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The issue was that Java's DateTimeFormatter.RFC_1123_DATE_TIME produces
dates like 'Tue, 2 Dec 2025' (without zero-padded day) but Mastodon
requires strict RFC 1123 format with zero-padded day: 'Tue, 02 Dec 2025'.
This was causing HTTP Signature validation failures (401 Unauthorized)
because the Date header in the signed string didn't match the actual header.
Changes:
- Fixed date format in HttpSignatureValidator to use custom pattern
- Pattern: 'EEE, dd MMM yyyy HH:mm:ss GMT' with Locale.US
- Added date format test to verify correct output
- Added debug endpoint for key validation
- Explicitly set Host header in FederationService
This should fix the 401 errors when federating with Mastodon.
- Added key pair validation debug endpoint
- Verified that public/private key pairs match correctly
- Fixed HTTP Signature issue by explicitly setting Host header
- Previously relied on RestTemplate to auto-set Host, which could differ from signed value
- Now explicitly set Host header to match the value used in signature calculation
This should fix the 401 Unauthorized errors when sending activities to Mastodon
