feat(web): add --disable-registration flag to disable user registration (#1881)

2026-05-06 17:59:11 +00:00 · 2026-02-13 16:03:11 +08:00
parent 011770a601
commit 3512a80597
4 changed files with 37 additions and 4 deletions
@@ -34,3 +34,6 @@ cli:
  geoip_db:
    en: "The path to the GeoIP2 database file, used to lookup the location of the client, default is the embedded file (only country information) , recommend https://github.com/P3TERX/GeoLite.mmdb"
    zh-CN: "GeoIP2 数据库文件路径，用于查找客户端的位置，默认为嵌入文件（仅国家信息），推荐 https://github.com/P3TERX/GeoLite.mmdb"
+  disable_registration:
+    en: "Disable user registration"
+    zh-CN: "禁用用户注册"
@@ -109,6 +109,13 @@ struct Cli {
        help = t!("cli.api_host").to_string()
    )]
    api_host: Option<url::Url>,
+
+    #[arg(
+        long,
+        default_value = "false",
+        help = t!("cli.disable_registration").to_string(),
+    )]
+    disable_registration: bool,
 }

 impl LoggingConfigLoader for &Cli {
@@ -212,6 +219,7 @@ async fn main() {
        mgr.clone(),
        db,
        web_router_restful,
+        cli.disable_registration,
    )
    .await
    .unwrap()
@@ -14,6 +14,13 @@ use super::{
    AppStateInner,
 };

+/// Feature flags for the web server
+#[derive(Clone, Default)]
+pub struct FeatureFlags {
+    /// Whether user registration is disabled
+    pub disable_registration: bool,
+}
+
 #[derive(Debug, Deserialize, Serialize)]
 pub struct LoginResult {
    messages: Vec<Message>,
@@ -67,7 +74,7 @@ mod put {
 }

 mod post {
-    use axum::Json;
+    use axum::{extract::Extension, Json};
    use easytier::proto::common::Void;

    use crate::restful::{
@@ -110,10 +117,20 @@ mod post {
    }

    pub async fn register(
+        Extension(feature_flags): Extension<FeatureFlags>,
        auth_session: AuthSession,
        captcha_session: tower_sessions::Session,
        Json(req): Json<RegisterNewUser>,
    ) -> Result<Json<Void>, HttpHandleError> {
+        // Check if registration is disabled
+        if feature_flags.disable_registration {
+            tracing::warn!("Registration attempt blocked: registration is disabled");
+            return Err((
+                StatusCode::FORBIDDEN,
+                other_error("Registration is disabled").into(),
+            ));
+        }
+
        // 调用CaptchaUtil的静态方法验证验证码是否正确
        if !CaptchaUtil::ver(&req.captcha, &captcha_session).await {
            return Err((
@@ -7,7 +7,7 @@ use std::{net::SocketAddr, sync::Arc};

 use axum::http::StatusCode;
 use axum::routing::post;
-use axum::{extract::State, routing::get, Json, Router};
+use axum::{extract::State, routing::get, Extension, Json, Router};
 use axum_login::tower_sessions::{ExpiredDeletion, SessionManagerLayer};
 use axum_login::{login_required, AuthManagerLayerBuilder, AuthUser, AuthzBackend};
 use axum_messages::MessagesManagerLayer;
@@ -37,6 +37,7 @@ struct Assets;
 pub struct RestfulServer {
    bind_addr: SocketAddr,
    client_mgr: Arc<ClientManager>,
+    registration_disabled: bool,
    db: Db,

    // serve_task: Option<ScopedTask<()>>,
@@ -104,6 +105,7 @@ impl RestfulServer {
        client_mgr: Arc<ClientManager>,
        db: Db,
        web_router: Option<Router>,
+        registration_disabled: bool,
    ) -> anyhow::Result<Self> {
        assert!(client_mgr.is_running());

@@ -112,6 +114,7 @@ impl RestfulServer {
        Ok(RestfulServer {
            bind_addr,
            client_mgr,
+            registration_disabled,
            db,
            // serve_task: None,
            // delete_task: None,
@@ -240,7 +243,9 @@ impl RestfulServer {
            .route("/api/v1/sessions", get(Self::handle_list_all_sessions))
            .merge(NetworkApi::build_route())
            .route_layer(login_required!(Backend))
-            .merge(auth::router())
+            .merge(auth::router().layer(Extension(auth::FeatureFlags {
+                disable_registration: self.registration_disabled,
+            })))
            .with_state(self.client_mgr.clone())
            .route(
                "/api/v1/generate-config",