feat(web): add --disable-registration flag to disable user registration (#1881)

2026-05-06 17:59:11 +00:00 · 2026-02-13 16:03:11 +08:00
parent 011770a601
commit 3512a80597
4 changed files with 37 additions and 4 deletions
@@ -34,3 +34,6 @@ cli:
  geoip_db:
    en: "The path to the GeoIP2 database file, used to lookup the location of the client, default is the embedded file (only country information) , recommend https://github.com/P3TERX/GeoLite.mmdb"
    zh-CN: "GeoIP2 数据库文件路径，用于查找客户端的位置，默认为嵌入文件（仅国家信息），推荐 https://github.com/P3TERX/GeoLite.mmdb"
  disable_registration:
    en: "Disable user registration"
    zh-CN: "禁用用户注册"
@@ -109,6 +109,13 @@ struct Cli {
        help = t!("cli.api_host").to_string()
    )]
    api_host: Option<url::Url>,
    #[arg(
        long,
        default_value = "false",
        help = t!("cli.disable_registration").to_string(),
    )]
    disable_registration: bool,
 }
 impl LoggingConfigLoader for &Cli {
@@ -212,6 +219,7 @@ async fn main() {
        mgr.clone(),
        db,
        web_router_restful,
        cli.disable_registration,
    )
    .await
    .unwrap()
@@ -14,6 +14,13 @@ use super::{
    AppStateInner,
 };
 /// Feature flags for the web server
 #[derive(Clone, Default)]
 pub struct FeatureFlags {
    /// Whether user registration is disabled
    pub disable_registration: bool,
 }
 #[derive(Debug, Deserialize, Serialize)]
 pub struct LoginResult {
    messages: Vec<Message>,
@@ -67,7 +74,7 @@ mod put {
 }
 mod post {
-    use axum::Json;
+    use axum::{extract::Extension, Json};
    use easytier::proto::common::Void;
    use crate::restful::{
@@ -110,10 +117,20 @@ mod post {
    }
    pub async fn register(
        Extension(feature_flags): Extension<FeatureFlags>,
        auth_session: AuthSession,
        captcha_session: tower_sessions::Session,
        Json(req): Json<RegisterNewUser>,
    ) -> Result<Json<Void>, HttpHandleError> {
        // Check if registration is disabled
        if feature_flags.disable_registration {
            tracing::warn!("Registration attempt blocked: registration is disabled");
            return Err((
                StatusCode::FORBIDDEN,
                other_error("Registration is disabled").into(),
            ));
        }
        // 调用CaptchaUtil的静态方法验证验证码是否正确
        if !CaptchaUtil::ver(&req.captcha, &captcha_session).await {
            return Err((
@@ -7,7 +7,7 @@ use std::{net::SocketAddr, sync::Arc};
 use axum::http::StatusCode;
 use axum::routing::post;
-use axum::{extract::State, routing::get, Json, Router};
+use axum::{extract::State, routing::get, Extension, Json, Router};
 use axum_login::tower_sessions::{ExpiredDeletion, SessionManagerLayer};
 use axum_login::{login_required, AuthManagerLayerBuilder, AuthUser, AuthzBackend};
 use axum_messages::MessagesManagerLayer;
@@ -37,6 +37,7 @@ struct Assets;
 pub struct RestfulServer {
    bind_addr: SocketAddr,
    client_mgr: Arc<ClientManager>,
    registration_disabled: bool,
    db: Db,
    // serve_task: Option<ScopedTask<()>>,
@@ -104,6 +105,7 @@ impl RestfulServer {
        client_mgr: Arc<ClientManager>,
        db: Db,
        web_router: Option<Router>,
        registration_disabled: bool,
    ) -> anyhow::Result<Self> {
        assert!(client_mgr.is_running());
@@ -112,6 +114,7 @@ impl RestfulServer {
        Ok(RestfulServer {
            bind_addr,
            client_mgr,
            registration_disabled,
            db,
            // serve_task: None,
            // delete_task: None,
@@ -240,7 +243,9 @@ impl RestfulServer {
            .route("/api/v1/sessions", get(Self::handle_list_all_sessions))
            .merge(NetworkApi::build_route())
            .route_layer(login_required!(Backend))
-            .merge(auth::router())
+            .merge(auth::router().layer(Extension(auth::FeatureFlags {
                disable_registration: self.registration_disabled,
            })))
            .with_state(self.client_mgr.clone())
            .route(
                "/api/v1/generate-config",