feat: add support for user registration toggle and Traefik integration in Docker setup

2026-03-11 22:56:23 +01:00
parent dc29976c1f
commit 4e1de172f7
7 changed files with 85 additions and 3 deletions
--- a/k-tv-backend/api/src/config.rs
+++ b/k-tv-backend/api/src/config.rs
@@ -32,6 +32,9 @@ pub struct Config {
    /// Whether the application is running in production mode
    pub is_production: bool,

+    /// Whether new user registration is open. Set ALLOW_REGISTRATION=false to lock down.
+    pub allow_registration: bool,
+
    // Jellyfin media provider
    pub jellyfin_base_url: Option<String>,
    pub jellyfin_api_key: Option<String>,
@@ -100,6 +103,10 @@ impl Config {
            .map(|v| v.to_lowercase() == "production" || v == "1" || v == "true")
            .unwrap_or(false);

+        let allow_registration = env::var("ALLOW_REGISTRATION")
+            .map(|v| !(v == "false" || v == "0"))
+            .unwrap_or(true);
+
        let jellyfin_base_url = env::var("JELLYFIN_BASE_URL").ok();
        let jellyfin_api_key = env::var("JELLYFIN_API_KEY").ok();
        let jellyfin_user_id = env::var("JELLYFIN_USER_ID").ok();
@@ -123,6 +130,7 @@ impl Config {
            jwt_audience,
            jwt_expiry_hours,
            is_production,
+            allow_registration,
            jellyfin_base_url,
            jellyfin_api_key,
            jellyfin_user_id,
--- a/k-tv-backend/api/src/routes/auth.rs
+++ b/k-tv-backend/api/src/routes/auth.rs
@@ -73,6 +73,10 @@ async fn register(
    State(state): State<AppState>,
    Json(payload): Json<RegisterRequest>,
 ) -> Result<impl IntoResponse, ApiError> {
+    if !state.config.allow_registration {
+        return Err(ApiError::Forbidden("Registration is disabled".to_string()));
+    }
+
    let password_hash = infra::auth::hash_password(payload.password.as_ref());

    let user = state
--- a/k-tv-backend/api/src/routes/config.rs
+++ b/k-tv-backend/api/src/routes/config.rs
@@ -1,4 +1,6 @@
-use axum::{Json, Router, routing::get};
+use axum::{Json, Router, extract::State, routing::get};
+use std::sync::Arc;
+use crate::config::Config;
 use crate::dto::ConfigResponse;
 use crate::state::AppState;

@@ -6,8 +8,8 @@ pub fn router() -> Router<AppState> {
    Router::new().route("/", get(get_config))
 }

-async fn get_config() -> Json<ConfigResponse> {
+async fn get_config(State(config): State<Arc<Config>>) -> Json<ConfigResponse> {
    Json(ConfigResponse {
-        allow_registration: true, // Default to true for template
+        allow_registration: config.allow_registration,
    })
 }
--- a/k-tv-backend/compose.yml
+++ b/k-tv-backend/compose.yml
@@ -19,6 +19,7 @@ services:
      - JWT_EXPIRY_HOURS=24
      - SECURE_COOKIE=false # set to true when serving over HTTPS
      - PRODUCTION=false
+      - ALLOW_REGISTRATION=true # set to false to disable new user registration
      # Database pool
      - DB_MAX_CONNECTIONS=5
      - DB_MIN_CONNECTIONS=1