feat: Add ALLOW_REGISTRATION configuration to enable/disable user registration and introduce a Forbidden API error type.

2025-12-25 23:05:26 +01:00
parent bb15181817
commit 0af7294468
7 changed files with 39 additions and 0 deletions
--- a/notes-api/src/config.rs
+++ b/notes-api/src/config.rs
@@ -8,6 +8,7 @@ pub struct Config {
    pub database_url: String,
    pub session_secret: String,
    pub cors_allowed_origins: Vec<String>,
+    pub allow_registration: bool,
 }

 impl Default for Config {
@@ -19,6 +20,7 @@ impl Default for Config {
            session_secret: "k-notes-super-secret-key-must-be-at-least-64-bytes-long!!!!"
                .to_string(),
            cors_allowed_origins: vec!["http://localhost:5173".to_string()],
+            allow_registration: true,
        }
    }
 }
@@ -50,12 +52,17 @@ impl Config {
            .filter(|s| !s.is_empty())
            .collect();

+        let allow_registration = env::var("ALLOW_REGISTRATION")
+            .map(|s| s.to_lowercase() == "true")
+            .unwrap_or(true);
+
        Self {
            host,
            port,
            database_url,
            session_secret,
            cors_allowed_origins,
+            allow_registration,
        }
    }
 }
--- a/notes-api/src/error.rs
+++ b/notes-api/src/error.rs
@@ -23,6 +23,9 @@ pub enum ApiError {

    #[error("Internal server error")]
    Internal(String),
+
+    #[error("Forbidden: {0}")]
+    Forbidden(String),
 }

 /// Error response body
@@ -83,6 +86,14 @@ impl IntoResponse for ApiError {
                    },
                )
            }
+
+            ApiError::Forbidden(msg) => (
+                StatusCode::FORBIDDEN,
+                ErrorResponse {
+                    error: "Forbidden".to_string(),
+                    details: Some(msg.clone()),
+                },
+            ),
        };

        (status, Json(error_response)).into_response()
--- a/notes-api/src/main.rs
+++ b/notes-api/src/main.rs
@@ -88,6 +88,7 @@ async fn main() -> anyhow::Result<()> {
        note_service,
        tag_service,
        user_service,
+        config.clone(),
    );

    // Auth backend
--- a/notes-api/src/routes/auth.rs
+++ b/notes-api/src/routes/auth.rs
@@ -22,6 +22,11 @@ pub async fn register(
        .validate()
        .map_err(|e| ApiError::validation(e.to_string()))?;

+    // Check if registration is allowed
+    if !state.config.allow_registration {
+        return Err(ApiError::Forbidden("Registration is disabled".to_string()));
+    }
+
    // Check if user exists
    if state
        .user_repo
--- a/notes-api/src/state.rs
+++ b/notes-api/src/state.rs
@@ -1,5 +1,6 @@
 use std::sync::Arc;

+use crate::config::Config;
 use notes_domain::{
    NoteRepository, NoteService, TagRepository, TagService, UserRepository, UserService,
 };
@@ -13,6 +14,7 @@ pub struct AppState {
    pub note_service: Arc<NoteService>,
    pub tag_service: Arc<TagService>,
    pub user_service: Arc<UserService>,
+    pub config: Config,
 }

 impl AppState {
@@ -23,6 +25,7 @@ impl AppState {
        note_service: Arc<NoteService>,
        tag_service: Arc<TagService>,
        user_service: Arc<UserService>,
+        config: Config,
    ) -> Self {
        Self {
            note_repo,
@@ -31,6 +34,7 @@ impl AppState {
            note_service,
            tag_service,
            user_service,
+            config,
        }
    }
 }