From 4c92c32c0ab42f8c87f2c6e89c46e9dc31cd594c Mon Sep 17 00:00:00 2001
From: Akhilesh Pandey <1akhil.pandey@gmail.com>
Date: Thu, 20 Jul 2023 16:34:07 +0530
Subject: [PATCH] [CODE-617]: Add env variable in Gitness to allow/disallow
 sign-ups

---
 .local.env                               |  3 ++-
 internal/api/controller/user/register.go |  8 +++++++-
 internal/api/handler/account/register.go |  5 +++--
 internal/router/api.go                   | 11 ++++++-----
 types/config.go                          | 10 ++++++----
 5 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/.local.env b/.local.env
index 87747110c..a68bded88 100644
--- a/.local.env
+++ b/.local.env
@@ -1,3 +1,4 @@
 GITNESS_TRACE=true
 GITNESS_WEBHOOK_ALLOW_LOOPBACK=true
-GITNESS_PRINCIPAL_ADMIN_PASSWORD=changeit
\ No newline at end of file
+GITNESS_PRINCIPAL_ADMIN_PASSWORD=changeit
+GITNESS_ALLOW_SIGNUP=true
\ No newline at end of file
diff --git a/internal/api/controller/user/register.go b/internal/api/controller/user/register.go
index 4e13aa29a..eeba4c0aa 100644
--- a/internal/api/controller/user/register.go
+++ b/internal/api/controller/user/register.go
@@ -17,9 +17,15 @@ import (
  * This differs from the Create method as it doesn't require auth, but has limited
  * functionalities (unable to create admin user for example).
  */
-func (c *Controller) Register(ctx context.Context, in *CreateInput) (*types.TokenResponse, error) {
+func (c *Controller) Register(ctx context.Context, in *CreateInput, config *types.Config) (*types.TokenResponse, error) {
 	// TODO: allow to configure if open register is allowed.
 
+	signUpFlag := config.AllowSignUp
+
+	if !signUpFlag {
+		return nil, fmt.Errorf("user sign-up is disabled")
+	}
+
 	user, err := c.CreateNoAuth(ctx, in, false)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create user: %w", err)
diff --git a/internal/api/handler/account/register.go b/internal/api/handler/account/register.go
index 07508d277..6563a7467 100644
--- a/internal/api/handler/account/register.go
+++ b/internal/api/handler/account/register.go
@@ -5,6 +5,7 @@
 package account
 
 import (
+	"github.com/harness/gitness/types"
 	"net/http"
 
 	"github.com/harness/gitness/internal/api/controller/user"
@@ -13,7 +14,7 @@ import (
 
 // HandleRegister returns an http.HandlerFunc that processes an http.Request
 // to register the named user account with the system.
-func HandleRegister(userCtrl *user.Controller) http.HandlerFunc {
+func HandleRegister(userCtrl *user.Controller, config *types.Config) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 
@@ -24,7 +25,7 @@ func HandleRegister(userCtrl *user.Controller) http.HandlerFunc {
 			Password:    r.FormValue("password"),
 		}
 
-		tokenResponse, err := userCtrl.Register(ctx, in)
+		tokenResponse, err := userCtrl.Register(ctx, in, config)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
diff --git a/internal/router/api.go b/internal/router/api.go
index 174634cef..16caa779e 100644
--- a/internal/router/api.go
+++ b/internal/router/api.go
@@ -46,7 +46,7 @@ import (
 	"github.com/rs/zerolog/hlog"
 )
 
-// APIHandler is an abstraction of an http handler that handles API calls.
+// APIHandler is an abstraction of a http handler that handles API calls.
 type APIHandler interface {
 	http.Handler
 }
@@ -91,7 +91,7 @@ func NewAPIHandler(
 
 	r.Route("/v1", func(r chi.Router) {
 		setupRoutesV1(r, repoCtrl, spaceCtrl, pullreqCtrl, webhookCtrl, githookCtrl,
-			saCtrl, userCtrl, principalCtrl, checkCtrl)
+			saCtrl, userCtrl, principalCtrl, checkCtrl, config)
 	})
 
 	// wrap router in terminatedPath encoder.
@@ -121,6 +121,7 @@ func setupRoutesV1(r chi.Router,
 	userCtrl *user.Controller,
 	principalCtrl principal.Controller,
 	checkCtrl *check.Controller,
+	config *types.Config,
 ) {
 	setupSpaces(r, spaceCtrl, repoCtrl)
 	setupRepos(r, repoCtrl, pullreqCtrl, webhookCtrl, checkCtrl)
@@ -129,7 +130,7 @@ func setupRoutesV1(r chi.Router,
 	setupPrincipals(r, principalCtrl)
 	setupInternal(r, githookCtrl)
 	setupAdmin(r, userCtrl)
-	setupAccount(r, userCtrl)
+	setupAccount(r, userCtrl, config)
 	setupSystem(r)
 	setupResources(r)
 }
@@ -431,8 +432,8 @@ func setupAdmin(r chi.Router, userCtrl *user.Controller) {
 	})
 }
 
-func setupAccount(r chi.Router, userCtrl *user.Controller) {
+func setupAccount(r chi.Router, userCtrl *user.Controller, config *types.Config) {
 	r.Post("/login", account.HandleLogin(userCtrl))
-	r.Post("/register", account.HandleRegister(userCtrl))
+	r.Post("/register", account.HandleRegister(userCtrl, config))
 	r.Post("/logout", account.HandleLogout(userCtrl))
 }
diff --git a/types/config.go b/types/config.go
index 7a00fc10d..014b0cf55 100644
--- a/types/config.go
+++ b/types/config.go
@@ -12,10 +12,12 @@ import (
 type Config struct {
 	// InstanceID specifis the ID of the gitness instance.
 	// NOTE: If the value is not provided the hostname of the machine is used.
-	InstanceID string `envconfig:"GITNESS_INSTANCE_ID"`
-	Debug      bool   `envconfig:"GITNESS_DEBUG"`
-	Trace      bool   `envconfig:"GITNESS_TRACE"`
-	Profiler   struct {
+	InstanceID  string `envconfig:"GITNESS_INSTANCE_ID"`
+	Debug       bool   `envconfig:"GITNESS_DEBUG"`
+	Trace       bool   `envconfig:"GITNESS_TRACE"`
+	AllowSignUp bool   `envconfig:"GITNESS_ALLOW_SIGNUP"`
+
+	Profiler struct {
 		Type        string `envconfig:"GITNESS_PROFILER_TYPE"`
 		ServiceName string `envconfig:"GITNESS_PROFILER_SERVICE_NAME" default:"gitness"`
 	}