fix(api/v2): gate /register at registration time, not per request

Per review: when registration is disabled, skip registering the
/register route entirely instead of registering it and returning 404 on
every request. A request to a disabled instance still 404s (unknown
route). ServiceEnableRegistration is static config, so the gate belongs
in the registrar.
This commit is contained in:
kolaente 2026-06-12 09:41:19 +02:00 committed by kolaente
parent d8ad9d64f5
commit 2bbe77c141
1 changed files with 14 additions and 13 deletions

View File

@ -78,15 +78,20 @@ func RegisterPublicAuthRoutes(api huma.API) {
func registerLocalAuthRoutes(api huma.API) {
authTags := []string{"auth"}
Register(api, huma.Operation{
OperationID: "auth-register",
Summary: "Register",
Description: "Creates a new local user account. Returns 404 when registration is disabled on this instance.",
Method: http.MethodPost,
Path: "/register",
Tags: authTags,
Security: publicSecurity,
}, authRegister)
// Registration is its own static-config gate on top of local auth: when it
// is disabled the route simply isn't registered (a request then 404s as an
// unknown route), rather than registering it and rejecting per request.
if config.ServiceEnableRegistration.GetBool() {
Register(api, huma.Operation{
OperationID: "auth-register",
Summary: "Register",
Description: "Creates a new local user account.",
Method: http.MethodPost,
Path: "/register",
Tags: authTags,
Security: publicSecurity,
}, authRegister)
}
Register(api, huma.Operation{
OperationID: "auth-password-token",
@ -123,10 +128,6 @@ func registerLocalAuthRoutes(api huma.API) {
}
func authRegister(_ context.Context, in *struct{ Body shared.UserRegister }) (*registerUserBody, error) {
if !config.ServiceEnableRegistration.GetBool() {
return nil, huma.Error404NotFound("registration is disabled")
}
newUser, err := shared.RegisterUser(&in.Body)
if err != nil {
return nil, translateDomainError(err)