feat(web): add --disable-registration flag to disable user registration (#1881)

easytier-web/src/restful/auth.rs

@@ -14,6 +14,13 @@ use super::{
     AppStateInner,
 };
 
+/// Feature flags for the web server
+#[derive(Clone, Default)]
+pub struct FeatureFlags {
+    /// Whether user registration is disabled
+    pub disable_registration: bool,
+}
+
 #[derive(Debug, Deserialize, Serialize)]
 pub struct LoginResult {
     messages: Vec<Message>,
@@ -67,7 +74,7 @@ mod put {
 }
 
 mod post {
-    use axum::Json;
+    use axum::{extract::Extension, Json};
     use easytier::proto::common::Void;
 
     use crate::restful::{
@@ -110,10 +117,20 @@ mod post {
     }
 
     pub async fn register(
+        Extension(feature_flags): Extension<FeatureFlags>,
         auth_session: AuthSession,
         captcha_session: tower_sessions::Session,
         Json(req): Json<RegisterNewUser>,
     ) -> Result<Json<Void>, HttpHandleError> {
+        // Check if registration is disabled
+        if feature_flags.disable_registration {
+            tracing::warn!("Registration attempt blocked: registration is disabled");
+            return Err((
+                StatusCode::FORBIDDEN,
+                other_error("Registration is disabled").into(),
+            ));
+        }
+
         // 调用CaptchaUtil的静态方法验证验证码是否正确
         if !CaptchaUtil::ver(&req.captcha, &captcha_session).await {
             return Err((

easytier-web/src/restful/mod.rs

@@ -7,7 +7,7 @@ use std::{net::SocketAddr, sync::Arc};
 
 use axum::http::StatusCode;
 use axum::routing::post;
-use axum::{extract::State, routing::get, Json, Router};
+use axum::{extract::State, routing::get, Extension, Json, Router};
 use axum_login::tower_sessions::{ExpiredDeletion, SessionManagerLayer};
 use axum_login::{login_required, AuthManagerLayerBuilder, AuthUser, AuthzBackend};
 use axum_messages::MessagesManagerLayer;
@@ -37,6 +37,7 @@ struct Assets;
 pub struct RestfulServer {
     bind_addr: SocketAddr,
     client_mgr: Arc<ClientManager>,
+    registration_disabled: bool,
     db: Db,
 
     // serve_task: Option<ScopedTask<()>>,
@@ -104,6 +105,7 @@ impl RestfulServer {
         client_mgr: Arc<ClientManager>,
         db: Db,
         web_router: Option<Router>,
+        registration_disabled: bool,
     ) -> anyhow::Result<Self> {
         assert!(client_mgr.is_running());
 
@@ -112,6 +114,7 @@ impl RestfulServer {
         Ok(RestfulServer {
             bind_addr,
             client_mgr,
+            registration_disabled,
             db,
             // serve_task: None,
             // delete_task: None,
@@ -240,7 +243,9 @@ impl RestfulServer {
             .route("/api/v1/sessions", get(Self::handle_list_all_sessions))
             .merge(NetworkApi::build_route())
             .route_layer(login_required!(Backend))
-            .merge(auth::router())
+            .merge(auth::router().layer(Extension(auth::FeatureFlags {
+                disable_registration: self.registration_disabled,
+            })))
             .with_state(self.client_mgr.clone())
             .route(
                 "/api/v1/generate-config",