✨ feat(registration): add self-registration configuration option
- introduce ALLOW_SELF_REGISTRATION environment variable
- update .env-example and docker-compose.yml to include new setting
- modify registration logic to respect self-registration configuration
📝 docs(README): document self-registration configuration
- add description of ALLOW_SELF_REGISTRATION setting in README
- explain default value and its impact on user registration process
This commit is contained in:
nocci
parent
56f98e3597
commit
3c2c853fc7
4 changed files with 16 additions and 2 deletions
|
|
@ -5,3 +5,5 @@ SESSION_COOKIE_SECURE=1
|
||||||
DATABASE_PATH=/app/data/fleetledger.db
|
DATABASE_PATH=/app/data/fleetledger.db
|
||||||
# Optional: Fernet key for encrypting management passwords (leave empty to disable)
|
# Optional: Fernet key for encrypting management passwords (leave empty to disable)
|
||||||
ENCRYPTION_KEY=
|
ENCRYPTION_KEY=
|
||||||
|
# Allow self-registration after first admin (1 = allow, 0 = only admin-created)
|
||||||
|
ALLOW_SELF_REGISTRATION=0
|
||||||
|
|
|
||||||
|
|
@ -51,6 +51,7 @@ Self-hosted Übersicht für gemietete Server (VPS, Dedizierte, Storage, Managed)
|
||||||
- `SESSION_COOKIE_SECURE` (default `1`): Auf `0` nur für lokale HTTP-Tests setzen, sonst `1` (HTTPS).
|
- `SESSION_COOKIE_SECURE` (default `1`): Auf `0` nur für lokale HTTP-Tests setzen, sonst `1` (HTTPS).
|
||||||
- `DATABASE_PATH` (default `/app/data/fleetledger.db` im Docker-Image): Pfad zur SQLite-Datei. Lokal z. B. `./data/fleetledger.db`.
|
- `DATABASE_PATH` (default `/app/data/fleetledger.db` im Docker-Image): Pfad zur SQLite-Datei. Lokal z. B. `./data/fleetledger.db`.
|
||||||
- `ENCRYPTION_KEY` (optional): Fernet-Key für verschlüsselte Management-Passwörter. Leer lassen, wenn keine Speicherung gewünscht ist.
|
- `ENCRYPTION_KEY` (optional): Fernet-Key für verschlüsselte Management-Passwörter. Leer lassen, wenn keine Speicherung gewünscht ist.
|
||||||
|
- `ALLOW_SELF_REGISTRATION` (default `0`): `1` erlaubt neue Selbst-Registrierungen auch wenn schon ein Admin existiert; `0` = nur Admin darf weitere User anlegen.
|
||||||
|
|
||||||
## Sicherheitshinweise
|
## Sicherheitshinweise
|
||||||
- Immer einen starken `SESSION_SECRET` verwenden; im Docker-Setup wird der Start verweigert, wenn ein Platzhalter genutzt wird.
|
- Immer einen starken `SESSION_SECRET` verwenden; im Docker-Setup wird der Start verweigert, wenn ein Platzhalter genutzt wird.
|
||||||
|
|
|
||||||
13
app/main.py
13
app/main.py
|
|
@ -43,6 +43,7 @@ if not SESSION_SECRET or SESSION_SECRET.startswith("CHANGE_ME"):
|
||||||
)
|
)
|
||||||
|
|
||||||
SESSION_COOKIE_SECURE = os.getenv("SESSION_COOKIE_SECURE", "1") != "0"
|
SESSION_COOKIE_SECURE = os.getenv("SESSION_COOKIE_SECURE", "1") != "0"
|
||||||
|
ALLOW_SELF_REGISTRATION = os.getenv("ALLOW_SELF_REGISTRATION", "0") == "1"
|
||||||
|
|
||||||
|
|
||||||
@app.middleware("http")
|
@app.middleware("http")
|
||||||
|
|
@ -123,7 +124,11 @@ def register_form(
|
||||||
If at least one user already exists, only admins may register new users.
|
If at least one user already exists, only admins may register new users.
|
||||||
"""
|
"""
|
||||||
user_count = len(session.exec(select(User)).all())
|
user_count = len(session.exec(select(User)).all())
|
||||||
if user_count > 0 and (not current_user or not current_user.is_admin):
|
if (
|
||||||
|
user_count > 0
|
||||||
|
and not ALLOW_SELF_REGISTRATION
|
||||||
|
and (not current_user or not current_user.is_admin)
|
||||||
|
):
|
||||||
return RedirectResponse("/", status_code=303)
|
return RedirectResponse("/", status_code=303)
|
||||||
|
|
||||||
csrf_token = ensure_csrf_token(request)
|
csrf_token = ensure_csrf_token(request)
|
||||||
|
|
@ -170,7 +175,11 @@ def register(
|
||||||
)
|
)
|
||||||
|
|
||||||
user_count = len(session.exec(select(User)).all())
|
user_count = len(session.exec(select(User)).all())
|
||||||
if user_count > 0 and (not current_user or not current_user.is_admin):
|
if (
|
||||||
|
user_count > 0
|
||||||
|
and not ALLOW_SELF_REGISTRATION
|
||||||
|
and (not current_user or not current_user.is_admin)
|
||||||
|
):
|
||||||
return RedirectResponse("/", status_code=303)
|
return RedirectResponse("/", status_code=303)
|
||||||
|
|
||||||
error = None
|
error = None
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,8 @@ services:
|
||||||
- SESSION_COOKIE_SECURE=${SESSION_COOKIE_SECURE:-1}
|
- SESSION_COOKIE_SECURE=${SESSION_COOKIE_SECURE:-1}
|
||||||
# Optional: encryption key for management passwords (Fernet key)
|
# Optional: encryption key for management passwords (Fernet key)
|
||||||
- ENCRYPTION_KEY=${ENCRYPTION_KEY:-}
|
- ENCRYPTION_KEY=${ENCRYPTION_KEY:-}
|
||||||
|
# Allow self-registration after first admin (1 = allow, 0 = only admin-created)
|
||||||
|
- ALLOW_SELF_REGISTRATION=${ALLOW_SELF_REGISTRATION:-0}
|
||||||
volumes:
|
volumes:
|
||||||
- ./data:/app/data
|
- ./data:/app/data
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue