Feat/route protection and prohibited registration

[Gradleless]

Access control features:

• Added PUBLIC_DOC and PUBLIC_ALLOW_REGISTRATION environment variables to .env.example, docker-compose.yml, and documented their usage in README.md. These control whether API docs are public and whether user registration is allowed.
• Created config exports allowRegistration and publicDoc in src/lib/config.ts for use throughout the codebase.

Registration flow updates:

• Updated registration server logic in src/routes/(auth)/register/+page.server.ts to redirect or block registration if allowRegistration is false, returning a localized error message when disabled.
• UI components in src/routes/+layout.svelte, src/routes/+page.svelte, and src/routes/(auth)/login/+page.svelte now conditionally display registration links/buttons based on allowRegistration.

API documentation access control:

• Added logic to src/routes/(doc)/doc/+page.server.ts and src/routes/api/v1/openapi.json/+server.ts to restrict API documentation access based on the publicDoc setting and user authorization.

Localization updates:

• Added new messages for "registration disabled" in both English and French localization files (messages/en.json, messages/fr.json).

[Copilot]

Pull request overview

This PR implements comprehensive access control features for the application, allowing administrators to configure whether API documentation is publicly accessible and whether new user registration is permitted. These features are controlled through environment variables and enforced at both the server and UI levels.

• Added two new environment variables (PUBLIC_DOC and PUBLIC_ALLOW_REGISTRATION) with corresponding configuration exports
• Implemented server-side protection for registration endpoints and API documentation routes
• Updated UI components to conditionally hide registration-related buttons and links

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
src/lib/config.ts	New configuration module that exports allowRegistration and publicDoc flags parsed from environment variables
src/routes/(auth)/register/+page.server.ts	Added registration blocking logic in both the load function (redirects to login) and action handler (returns 403 error)
src/routes/(doc)/doc/+page.server.ts	New server load function that restricts documentation access to authorized users when publicDoc is false
src/routes/api/v1/openapi.json/+server.ts	Added authorization check for OpenAPI spec endpoint based on publicDoc setting
src/routes/+layout.svelte	Conditionally renders "Get Started" registration button based on allowRegistration flag
src/routes/+page.svelte	Hides registration CTAs in hero and footer sections when registration is disabled
src/routes/(auth)/login/+page.svelte	Conditionally displays sign-up link based on allowRegistration setting
messages/en.json	Added "Registration is disabled" message in auth section
messages/fr.json	Added French translation for registration disabled message and removed unnecessary blank line
.env.example	Added default values for PUBLIC_DOC=false and PUBLIC_ALLOW_REGISTRATION=true
docker-compose.yml	Added environment variable mappings with sensible defaults for Docker deployments
README.md	Documented the new environment variables in both Docker and manual installation sections

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.