Allow to disable sign up
TheZoker opened this issue · 3 comments
Clear and concise description of the problem
I'm using github as oauth provider and so far it worked without any issue (although it would be very nice, if the callback url could be added to the docs 😅).
But now I don't want anyone else to register to my instance, since I'm the only one using it.
It would be nice if there was a environment variable (let's say DISABLE_REGISTRATION) or something, to prevent new users from registering. I know that I can customize the code, but since I'm running briefkasten in a docker environment using the pre-build image this is not really an option.
I can imagine that this is quite a popular use case, that once all member have registered, the admin wants to disable further registrations, so his instance it not used by the whole wide world.
Suggested solution
Add environment variable that disabled further registration.
Alternative
No response
Additional context
No response
Validations
- Check that there isn't already an issue that request the same feature to avoid creating a duplicate.
Yeah so this is possible via the NextAuth settings / callback. As you said its a bit of a pain in the butt with the Docker setup though.
https://next-auth.js.org/configuration/callbacks#sign-in-callback
When using NextAuth.js with a database, the User object will be either a user object from the database (including the User ID) if the user has signed in before or a simpler prototype user object (i.e. name, email, image) for users who have not signed in before.
When using NextAuth.js without a database, the user object will always be a prototype user object, with information extracted from the profile.
So basically you'd have to check if the returned User object has a userId, for example. And return false/throw new Error(... if not, i.e. if its a brand new Github OAuth login/signup.
Unfortunately I don't have time to add this as a feature at the moment. If you want to open a PR I'd be happy to take a look at it, otherwise I can only reocmmend the above mentioned workaroudn for now.
Alright, I will have a look if I manage to open a PR. Thanks for the hints!
Closing this issue as I don't have the bandwidth for this atm.