fix(api/v2): gate /register at registration time, not per request
Per review: when registration is disabled, skip registering the /register route entirely instead of registering it and returning 404 on every request. A request to a disabled instance still 404s (unknown route). ServiceEnableRegistration is static config, so the gate belongs in the registrar.
This commit is contained in:
parent
dab490376b
commit
788de5f46b
|
|
@ -78,15 +78,20 @@ func RegisterPublicAuthRoutes(api huma.API) {
|
|||
func registerLocalAuthRoutes(api huma.API) {
|
||||
authTags := []string{"auth"}
|
||||
|
||||
Register(api, huma.Operation{
|
||||
OperationID: "auth-register",
|
||||
Summary: "Register",
|
||||
Description: "Creates a new local user account. Returns 404 when registration is disabled on this instance.",
|
||||
Method: http.MethodPost,
|
||||
Path: "/register",
|
||||
Tags: authTags,
|
||||
Security: publicSecurity,
|
||||
}, authRegister)
|
||||
// Registration is its own static-config gate on top of local auth: when it
|
||||
// is disabled the route simply isn't registered (a request then 404s as an
|
||||
// unknown route), rather than registering it and rejecting per request.
|
||||
if config.ServiceEnableRegistration.GetBool() {
|
||||
Register(api, huma.Operation{
|
||||
OperationID: "auth-register",
|
||||
Summary: "Register",
|
||||
Description: "Creates a new local user account.",
|
||||
Method: http.MethodPost,
|
||||
Path: "/register",
|
||||
Tags: authTags,
|
||||
Security: publicSecurity,
|
||||
}, authRegister)
|
||||
}
|
||||
|
||||
Register(api, huma.Operation{
|
||||
OperationID: "auth-password-token",
|
||||
|
|
@ -123,10 +128,6 @@ func registerLocalAuthRoutes(api huma.API) {
|
|||
}
|
||||
|
||||
func authRegister(_ context.Context, in *struct{ Body shared.UserRegister }) (*registerUserBody, error) {
|
||||
if !config.ServiceEnableRegistration.GetBool() {
|
||||
return nil, huma.Error404NotFound("registration is disabled")
|
||||
}
|
||||
|
||||
newUser, err := shared.RegisterUser(&in.Body)
|
||||
if err != nil {
|
||||
return nil, translateDomainError(err)
|
||||
|
|
|
|||
Loading…
Reference in New Issue