feat(server): add flag to disable new sign ups (#6752)

2026-02-14 13:25:12 +00:00 · 2024-04-30 15:19:30 +00:00
parent 91ee5e05bb
commit cebb841430
5 changed files with 17 additions and 1 deletions
--- a/packages/backend/server/src/core/auth/controller.ts
+++ b/packages/backend/server/src/core/auth/controller.ts
@@ -15,6 +15,7 @@ import {
 import type { Request, Response } from 'express';

 import {
+  Config,
  PaymentRequiredException,
  Throttle,
  URLHelper,
@@ -43,7 +44,8 @@ export class AuthController {
    private readonly url: URLHelper,
    private readonly auth: AuthService,
    private readonly user: UserService,
-    private readonly token: TokenService
+    private readonly token: TokenService,
+    private readonly config: Config
  ) {}

  @Public()
@@ -74,6 +76,10 @@ export class AuthController {
    } else {
      // send email magic link
      const user = await this.user.findUserByEmail(credential.email);
+      if (!user && !this.config.auth.allowSignup) {
+        throw new BadRequestException('You are not allows to sign up.');
+      }
+
      const result = await this.sendSignInEmail(
        { email: credential.email, signUp: !user },
        redirectUri
--- a/packages/backend/server/src/core/auth/resolver.ts
+++ b/packages/backend/server/src/core/auth/resolver.ts
@@ -87,6 +87,10 @@ export class AuthResolver {
    @Args('email') email: string,
    @Args('password') password: string
  ) {
+    if (!this.config.auth.allowSignup) {
+      throw new ForbiddenException('You are not allowed to sign up.');
+    }
+
    validators.assertValidCredential({ email, password });
    const user = await this.auth.signUp(name, email, password);
    await this.auth.setCookie(ctx.req, ctx.res, user);