disables signups via env variable (#6212)

* disables signups via env variable * Apply suggestions from code review Co-authored-by: Peer Richelsen <peeroke@gmail.com> Co-authored-by: Omar López <zomars@me.com>
2023-01-13 19:42:13 -05:00 · 2023-01-13 19:42:13 -05:00 · 443329b99f
parent a1fc4ec26d
commit 443329b99f
5 changed files with 22 additions and 1 deletions
--- a/.env.example
+++ b/.env.example
@ -152,3 +152,6 @@ SENTRY_IGNORE_API_RESOLUTION_ERROR=
 NEXT_PUBLIC_APP_NAME="Cal.com"
 NEXT_PUBLIC_SUPPORT_MAIL_ADDRESS="help@cal.com"
 NEXT_PUBLIC_COMPANY_NAME="Cal.com, Inc."
+# Set this to true in to disable new signups
+# NEXT_PUBLIC_DISABLE_SIGNUP=true
+NEXT_PUBLIC_DISABLE_SIGNUP=
--- a/apps/web/pages/api/auth/signup.ts
+++ b/apps/web/pages/api/auth/signup.ts
@ -12,6 +12,11 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
    return;
  }

+  if (process.env.NEXT_PUBLIC_DISABLE_SIGNUP === "true") {
+    res.status(403).json({ message: "Signup is disabled" });
+    return;
+  }
+
  const data = req.body;
  const { email, password } = data;
  const username = slugify(data.username);
--- a/apps/web/pages/auth/login.tsx
+++ b/apps/web/pages/auth/login.tsx
@ -115,7 +115,13 @@ export default function Login({
        description={t("login")}
        showLogo
        heading={twoFactorRequired ? t("2fa_code") : t("welcome_back")}
-        footerText={twoFactorRequired ? TwoFactorFooter : LoginFooter}>
+        footerText={
+          twoFactorRequired
+            ? TwoFactorFooter
+            : process.env.NEXT_PUBLIC_DISABLE_SIGNUP !== "true"
+            ? LoginFooter
+            : null
+        }>
        <FormProvider {...methods}>
          <form onSubmit={methods.handleSubmit(onSubmit)} data-testid="login-form">
            <div>
--- a/apps/web/pages/signup.tsx
+++ b/apps/web/pages/signup.tsx
@ -149,6 +149,12 @@ export const getServerSideProps = async (ctx: GetServerSidePropsContext) => {
    prepopulateFormValues: undefined,
  };

+  if (process.env.NEXT_PUBLIC_DISABLE_SIGNUP === "true") {
+    return {
+      notFound: true,
+    };
+  }
+
  // no token given, treat as a normal signup without verification token
  if (!token) {
    return {
--- a/turbo.json
+++ b/turbo.json
@ -225,6 +225,7 @@
    "$NEXT_PUBLIC_SUPPORT_MAIL_ADDRESS",
    "$NEXT_PUBLIC_COMPANY_NAME",
    "$NEXT_PUBLIC_SENDER_ID",
+    "$NEXT_PUBLIC_DISABLE_SIGNUP",
    "$NEXTAUTH_COOKIE_DOMAIN",
    "$NEXTAUTH_SECRET",
    "$NEXTAUTH_URL",