feat(server): add flag to disable new sign ups (#6752)

toeverything · Apr 30, 2024 · cebb841 · cebb841
1 parent 91ee5e0
commit cebb841
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 1 deletion.
diff --git a/packages/backend/server/src/config/affine.ts b/packages/backend/server/src/config/affine.ts
@@ -53,6 +53,9 @@ AFFiNE.port = 3010;
 // AFFiNE.metrics.enabled = true;
 //
 // /* Authentication Settings */
+// /* Whether allow anyone signup */
+// AFFiNE.auth.allowSignup = true;
+//
 // /* User Signup password limitation */
 // AFFiNE.auth.password = {
 //   minLength: 8,

diff --git a/packages/backend/server/src/core/auth/controller.ts b/packages/backend/server/src/core/auth/controller.ts
@@ -15,6 +15,7 @@ import {
 import type { Request, Response } from 'express';
 
 import {
+  Config,
   PaymentRequiredException,
   Throttle,
   URLHelper,
@@ -43,7 +44,8 @@ export class AuthController {
     private readonly url: URLHelper,
     private readonly auth: AuthService,
     private readonly user: UserService,
-    private readonly token: TokenService
+    private readonly token: TokenService,
+    private readonly config: Config
   ) {}
 
   @Public()
@@ -74,6 +76,10 @@ export class AuthController {
     } else {
       // send email magic link
       const user = await this.user.findUserByEmail(credential.email);
+      if (!user && !this.config.auth.allowSignup) {
+        throw new BadRequestException('You are not allows to sign up.');
+      }
+
       const result = await this.sendSignInEmail(
         { email: credential.email, signUp: !user },
         redirectUri

diff --git a/packages/backend/server/src/core/auth/resolver.ts b/packages/backend/server/src/core/auth/resolver.ts
@@ -87,6 +87,10 @@ export class AuthResolver {
     @Args('email') email: string,
     @Args('password') password: string
   ) {
+    if (!this.config.auth.allowSignup) {
+      throw new ForbiddenException('You are not allowed to sign up.');
+    }
+
     validators.assertValidCredential({ email, password });
     const user = await this.auth.signUp(name, email, password);
     await this.auth.setCookie(ctx.req, ctx.res, user);

diff --git a/packages/backend/server/src/fundamentals/config/def.ts b/packages/backend/server/src/fundamentals/config/def.ts
@@ -214,6 +214,8 @@ export interface AFFiNEConfig {
    * authentication config
    */
   auth: {
+    allowSignup: boolean;
+
     /**
      * The minimum and maximum length of the password when registering new users
      *

diff --git a/packages/backend/server/src/fundamentals/config/default.ts b/packages/backend/server/src/fundamentals/config/default.ts
@@ -147,6 +147,7 @@ export const getDefaultAFFiNEConfig: () => AFFiNEConfig = () => {
       playground: true,
     },
     auth: {
+      allowSignup: true,
       password: {
         minLength: node.prod ? 8 : 1,
         maxLength: 32,