✨ feat(registration): add self-registration configuration option

- introduce ALLOW_SELF_REGISTRATION environment variable
- update .env-example and docker-compose.yml to include new setting
- modify registration logic to respect self-registration configuration

📝 docs(README): document self-registration configuration

- add description of ALLOW_SELF_REGISTRATION setting in README
- explain default value and its impact on user registration process

.env-example

@@ -5,3 +5,5 @@ SESSION_COOKIE_SECURE=1
 DATABASE_PATH=/app/data/fleetledger.db
 # Optional: Fernet key for encrypting management passwords (leave empty to disable)
 ENCRYPTION_KEY=
+# Allow self-registration after first admin (1 = allow, 0 = only admin-created)
+ALLOW_SELF_REGISTRATION=0

README.md

@@ -51,6 +51,7 @@ Self-hosted Übersicht für gemietete Server (VPS, Dedizierte, Storage, Managed)
 - `SESSION_COOKIE_SECURE` (default `1`): Auf `0` nur für lokale HTTP-Tests setzen, sonst `1` (HTTPS).
 - `DATABASE_PATH` (default `/app/data/fleetledger.db` im Docker-Image): Pfad zur SQLite-Datei. Lokal z. B. `./data/fleetledger.db`.
 - `ENCRYPTION_KEY` (optional): Fernet-Key für verschlüsselte Management-Passwörter. Leer lassen, wenn keine Speicherung gewünscht ist.
+- `ALLOW_SELF_REGISTRATION` (default `0`): `1` erlaubt neue Selbst-Registrierungen auch wenn schon ein Admin existiert; `0` = nur Admin darf weitere User anlegen.
 
 ## Sicherheitshinweise
 - Immer einen starken `SESSION_SECRET` verwenden; im Docker-Setup wird der Start verweigert, wenn ein Platzhalter genutzt wird.

app/main.py

@@ -43,6 +43,7 @@ if not SESSION_SECRET or SESSION_SECRET.startswith("CHANGE_ME"):
     )
 
 SESSION_COOKIE_SECURE = os.getenv("SESSION_COOKIE_SECURE", "1") != "0"
+ALLOW_SELF_REGISTRATION = os.getenv("ALLOW_SELF_REGISTRATION", "0") == "1"
 
 
 @app.middleware("http")
@@ -123,7 +124,11 @@ def register_form(
     If at least one user already exists, only admins may register new users.
     """
     user_count = len(session.exec(select(User)).all())
-    if user_count > 0 and (not current_user or not current_user.is_admin):
+    if (
+        user_count > 0
+        and not ALLOW_SELF_REGISTRATION
+        and (not current_user or not current_user.is_admin)
+    ):
         return RedirectResponse("/", status_code=303)
 
     csrf_token = ensure_csrf_token(request)
@@ -170,7 +175,11 @@ def register(
         )
 
     user_count = len(session.exec(select(User)).all())
-    if user_count > 0 and (not current_user or not current_user.is_admin):
+    if (
+        user_count > 0
+        and not ALLOW_SELF_REGISTRATION
+        and (not current_user or not current_user.is_admin)
+    ):
         return RedirectResponse("/", status_code=303)
 
     error = None

docker-compose.yml

@@ -13,6 +13,8 @@ services:
       - SESSION_COOKIE_SECURE=${SESSION_COOKIE_SECURE:-1}
       # Optional: encryption key for management passwords (Fernet key)
       - ENCRYPTION_KEY=${ENCRYPTION_KEY:-}
+      # Allow self-registration after first admin (1 = allow, 0 = only admin-created)
+      - ALLOW_SELF_REGISTRATION=${ALLOW_SELF_REGISTRATION:-0}
     volumes:
       - ./data:/app/data
     restart: unless-stopped