feature: disable creation of temp_users and user signup through config

2025-02-02 22:43:45 +08:00 · 2025-01-14 15:49:52 +01:00 · 2025-01-14 15:49:52 +01:00 · 8d5860d733
commit 8d5860d733
parent 78ac033a1c
4 changed files with 55 additions and 9 deletions
--- a/src/backend/src/config.js
+++ b/src/backend/src/config.js
@ -25,10 +25,11 @@ let config = {};
 // Static defaults
 config.servers = [];

+config.disable_user_signup = false;
+config.default_user_group = '78b1b1dd-c959-44d2-b02c-8735671f9997';
+
 // Will disable the auto-generated temp users. If a user lands on the site, they will be required to sign up or log in.
 config.disable_temp_users = false;
-
-config.default_user_group = '78b1b1dd-c959-44d2-b02c-8735671f9997';
 config.default_temp_group = 'b7220104-7905-4985-b996-649fdcdb3c8f';

 config.max_file_size = 100_000_000_000;
--- a/src/backend/src/helpers.js
+++ b/src/backend/src/helpers.js
@ -78,6 +78,24 @@ async function is_shared_with(fsentry_id, recipient_user_id){
    return false;
 }

+/**
+ * Checks to see if temp_users is disabled and return a boolean
+ * @returns {boolean}
+ */
+async function is_temp_users_disabled() {
+    const svc_feature_flag = await services.get("feature-flag");
+    return await svc_feature_flag.check("temp-users-disabled");
+}
+
+/**
+ * Checks to see if user_signup is disabled and return a boolean
+ * @returns {boolean}
+ */
+async function is_user_signup_disabled() {
+    const svc_feature_flag = await services.get("feature-flag");
+    return await svc_feature_flag.check("user-signup-disabled");
+}
+
 const chkperm = spanify('chkperm', async (target_fsentry, requester_user_id, action) => {
    // basic cases where false is the default response
    if(!target_fsentry)
@ -1661,6 +1679,8 @@ module.exports = {
    is_valid_uuid4,
    is_valid_uuid,
    is_specifically_uuidv4,
+    is_temp_users_disabled,
+    is_user_signup_disabled,
    is_valid_url,
    jwt_auth,
    mv,
--- a/src/backend/src/routers/signup.js
+++ b/src/backend/src/routers/signup.js
@ -23,6 +23,8 @@ const eggspress = require('../api/eggspress');
 const { Context } = require('../util/context');
 const { DB_WRITE } = require('../services/database/consts');
 const { generate_identifier } = require('../util/identifier');
+const { is_temp_users_disabled: lazy_temp_users, 
+        is_user_signup_disabled: lazy_user_signup } = require("../helpers")

 async function generate_random_username () {
    let username;
@ -137,15 +139,26 @@ module.exports = eggspress(['/signup'], {
        }
    }

-    // temporary user
-    if(req.body.is_temp && !config.disable_temp_users){
-        req.body.username = await generate_random_username();
-        req.body.email = req.body.username + '@gmail.com';
-        req.body.password = 'sadasdfasdfsadfsa';
-    }else if(config.disable_temp_users){
-        return res.status(400).send('Temp users are disabled.');
+    const is_temp_users_disabled = await lazy_temp_users();
+    const is_user_signup_disabled = await lazy_user_signup();
+
+    if (is_temp_users_disabled && is_user_signup_disabled) {
+        return res.status(403).send('User signup and Temporary users are disabled.');
    }

+    if (!req.body.is_temp && is_user_signup_disabled) {
+        return res.status(403).send('User signup is disabled.');
+    } 
+
+    if (req.body.is_temp && is_temp_users_disabled) {
+        return res.status(403).send('Temporary users are disabled.');
+    }
+
+    // Create temp user data
+    req.body.username = req.body.username ?? await generate_random_username();
+    req.body.email = req.body.email ?? req.body.username + '@gmail.com';
+    req.body.password = req.body.password ?? 'sadasdfasdfsadfsa';
+    
    // send_confirmation_code
    req.body.send_confirmation_code = req.body.send_confirmation_code ?? true;

--- a/src/backend/src/services/auth/AuthService.js
+++ b/src/backend/src/services/auth/AuthService.js
@ -48,6 +48,17 @@ class AuthService extends BaseService {
        this.db = await this.services.get('database').get(DB_WRITE, 'auth');
        this.svc_session = await this.services.get('session');
        
+        const svc_feature_flag = await this.services.get("feature-flag");
+        svc_feature_flag.register("temp-users-disabled", {
+            $: "config-flag",
+            value: this.global_config.disable_temp_users ?? false
+        });
+
+        svc_feature_flag.register("user-signup-disabled", {
+            $: "config-flag",
+            value: this.global_config.disable_user_signup ?? false
+        })
+        
        // "FPE" stands for "Format Preserving Encryption"
        // The `uuid_fpe_key` is a key for creating encrypted alternatives
        // to UUIDs and decrypting them back to the original UUIDs
@ -67,6 +78,7 @@ class AuthService extends BaseService {
        };
    }

+    

    /**
    * This method authenticates a user or app using a token.