From 3c2c853fc7be70a7cd0799e25d13133154d1491a Mon Sep 17 00:00:00 2001 From: nocci Date: Sat, 6 Dec 2025 14:07:21 +0000 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20feat(registration):=20add=20self-re?= =?UTF-8?q?gistration=20configuration=20option?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - introduce ALLOW_SELF_REGISTRATION environment variable - update .env-example and docker-compose.yml to include new setting - modify registration logic to respect self-registration configuration 📝 docs(README): document self-registration configuration - add description of ALLOW_SELF_REGISTRATION setting in README - explain default value and its impact on user registration process --- .env-example | 2 ++ README.md | 1 + app/main.py | 13 +++++++++++-- docker-compose.yml | 2 ++ 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/.env-example b/.env-example index b7320fe..4f60b96 100644 --- a/.env-example +++ b/.env-example @@ -5,3 +5,5 @@ SESSION_COOKIE_SECURE=1 DATABASE_PATH=/app/data/fleetledger.db # Optional: Fernet key for encrypting management passwords (leave empty to disable) ENCRYPTION_KEY= +# Allow self-registration after first admin (1 = allow, 0 = only admin-created) +ALLOW_SELF_REGISTRATION=0 diff --git a/README.md b/README.md index 57fe731..b3be38b 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,7 @@ Self-hosted Übersicht für gemietete Server (VPS, Dedizierte, Storage, Managed) - `SESSION_COOKIE_SECURE` (default `1`): Auf `0` nur für lokale HTTP-Tests setzen, sonst `1` (HTTPS). - `DATABASE_PATH` (default `/app/data/fleetledger.db` im Docker-Image): Pfad zur SQLite-Datei. Lokal z. B. `./data/fleetledger.db`. - `ENCRYPTION_KEY` (optional): Fernet-Key für verschlüsselte Management-Passwörter. Leer lassen, wenn keine Speicherung gewünscht ist. +- `ALLOW_SELF_REGISTRATION` (default `0`): `1` erlaubt neue Selbst-Registrierungen auch wenn schon ein Admin existiert; `0` = nur Admin darf weitere User anlegen. ## Sicherheitshinweise - Immer einen starken `SESSION_SECRET` verwenden; im Docker-Setup wird der Start verweigert, wenn ein Platzhalter genutzt wird. diff --git a/app/main.py b/app/main.py index f147597..4b0d7d4 100644 --- a/app/main.py +++ b/app/main.py @@ -43,6 +43,7 @@ if not SESSION_SECRET or SESSION_SECRET.startswith("CHANGE_ME"): ) SESSION_COOKIE_SECURE = os.getenv("SESSION_COOKIE_SECURE", "1") != "0" +ALLOW_SELF_REGISTRATION = os.getenv("ALLOW_SELF_REGISTRATION", "0") == "1" @app.middleware("http") @@ -123,7 +124,11 @@ def register_form( If at least one user already exists, only admins may register new users. """ user_count = len(session.exec(select(User)).all()) - if user_count > 0 and (not current_user or not current_user.is_admin): + if ( + user_count > 0 + and not ALLOW_SELF_REGISTRATION + and (not current_user or not current_user.is_admin) + ): return RedirectResponse("/", status_code=303) csrf_token = ensure_csrf_token(request) @@ -170,7 +175,11 @@ def register( ) user_count = len(session.exec(select(User)).all()) - if user_count > 0 and (not current_user or not current_user.is_admin): + if ( + user_count > 0 + and not ALLOW_SELF_REGISTRATION + and (not current_user or not current_user.is_admin) + ): return RedirectResponse("/", status_code=303) error = None diff --git a/docker-compose.yml b/docker-compose.yml index d1c8f44..f1ab2e1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,6 +13,8 @@ services: - SESSION_COOKIE_SECURE=${SESSION_COOKIE_SECURE:-1} # Optional: encryption key for management passwords (Fernet key) - ENCRYPTION_KEY=${ENCRYPTION_KEY:-} + # Allow self-registration after first admin (1 = allow, 0 = only admin-created) + - ALLOW_SELF_REGISTRATION=${ALLOW_SELF_REGISTRATION:-0} volumes: - ./data:/app/data restart: unless-stopped