feat(global-settings): add login and email registration settings with checks in auth routes

Author: JasonKrik

services/backend/src/global-settings/global.ts

@@ -24,6 +24,22 @@ export const globalSettings: GlobalSettingsModule = {
       description: 'Enable or disable email sending functionality',
       encrypted: false,
       required: false
+    },
+    {
+      key: 'global.enable_login',
+      defaultValue: true,
+      type: 'boolean',
+      description: 'Enable or disable all login functionality (email, GitHub, etc.)',
+      encrypted: false,
+      required: false
+    },
+    {
+      key: 'global.enable_email_registration',
+      defaultValue: true,
+      type: 'boolean',
+      description: 'Enable or disable email registration',
+      encrypted: false,
+      required: false
     }
   ]
 };

services/backend/src/global-settings/index.ts

@@ -406,14 +406,18 @@ export class GlobalSettingsInitService {
     try {
       const settings = await Promise.all([
         GlobalSettingsService.get('global.page_url'),
-        GlobalSettingsService.get('global.send_mail')
+        GlobalSettingsService.get('global.send_mail'),
+        GlobalSettingsService.get('global.enable_login'),
+        GlobalSettingsService.get('global.enable_email_registration')
       ]);
 
-      const [pageUrl, sendMail] = settings;
+      const [pageUrl, sendMail, enableLogin, enableEmailRegistration] = settings;
 
       return {
         pageUrl: pageUrl?.value || 'http://localhost:5173',
-        sendMail: sendMail?.value === 'true'
+        sendMail: sendMail?.value === 'true',
+        enableLogin: enableLogin?.value === 'true',
+        enableEmailRegistration: enableEmailRegistration?.value === 'true'
       };
     } catch (error) {
       console.error('Failed to get Global configuration:', error);
@@ -446,6 +450,32 @@ export class GlobalSettingsInitService {
       return 'http://localhost:5173'; // Default fallback
     }
   }
+
+  /**
+   * Check if login is enabled (all types: email, GitHub, etc.)
+   */
+  static async isLoginEnabled(): Promise<boolean> {
+    try {
+      const setting = await GlobalSettingsService.get('global.enable_login');
+      return setting?.value === 'true';
+    } catch (error) {
+      console.error('Failed to check if login is enabled:', error);
+      return true; // Default to enabled if there's an error
+    }
+  }
+
+  /**
+   * Check if email registration is enabled
+   */
+  static async isEmailRegistrationEnabled(): Promise<boolean> {
+    try {
+      const setting = await GlobalSettingsService.get('global.enable_email_registration');
+      return setting?.value === 'true';
+    } catch (error) {
+      console.error('Failed to check if email registration is enabled:', error);
+      return true; // Default to enabled if there's an error
+    }
+  }
 }
 
 // Export the helper class

services/backend/src/global-settings/types.ts

@@ -81,6 +81,8 @@ export interface GitHubOAuthConfig {
 export interface GlobalConfig {
   pageUrl: string;
   sendMail: boolean;
+  enableLogin: boolean;
+  enableEmailRegistration: boolean;
 }
 
 export interface InitializationResult {

services/backend/src/routes/auth/github.ts

@@ -6,6 +6,7 @@ import { getDb, getSchema } from '../../db';
 import { eq } from 'drizzle-orm';
 import { generateId } from 'lucia';
 import { generateState } from 'arctic';
+import { GlobalSettingsInitService } from '../../global-settings';
 
 // Define types for requests with specific query parameters
 const GITHUB_SCOPES = ['user:email']; // Request access to user's email
@@ -15,6 +16,14 @@ export default async function githubAuthRoutes(fastify: FastifyInstance) {
   fastify.get(
     '/login',
     async (_request, reply: FastifyReply) => { // _request type can be FastifyRequest if no specific generics needed here
+      // Check if login is enabled
+      const isLoginEnabled = await GlobalSettingsInitService.isLoginEnabled();
+      if (!isLoginEnabled) {
+        return reply.status(403).send({ 
+          error: 'Login is currently disabled by administrator.' 
+        });
+      }
+
       const state = generateState();
       // PKCE is recommended for OAuth 2.0 public clients, but for confidential clients (server-side),
       // state alone is often sufficient for CSRF. Lucia's GitHub provider handles PKCE if code_verifier is passed.
@@ -44,6 +53,14 @@ export default async function githubAuthRoutes(fastify: FastifyInstance) {
   fastify.get<{ Querystring: GithubCallbackInput }>(
     '/callback',
     async (request, reply: FastifyReply) => { // request.query will be typed as GithubCallbackInput by Fastify
+      // Check if login is enabled
+      const isLoginEnabled = await GlobalSettingsInitService.isLoginEnabled();
+      if (!isLoginEnabled) {
+        return reply.status(403).send({ 
+          error: 'Login is currently disabled by administrator.' 
+        });
+      }
+
       const storedState = request.cookies?.oauth_state; // Access cookies safely, ensure @fastify/cookie is registered
       // const storedCodeVerifier = request.cookies?.oauth_code_verifier; // if using PKCE
 

services/backend/src/routes/auth/loginEmail.ts

@@ -4,11 +4,21 @@ import { getLucia } from '../../lib/lucia'; // Corrected import
 import { verify } from '@node-rs/argon2';
 import { getDb, getSchema } from '../../db';
 import { eq, or } from 'drizzle-orm';
+import { GlobalSettingsInitService } from '../../global-settings';
 
 export default async function loginEmailRoute(fastify: FastifyInstance) {
   fastify.post(
     '/login',
     async (request, reply: FastifyReply) => {
+      // Check if login is enabled
+      const isLoginEnabled = await GlobalSettingsInitService.isLoginEnabled();
+      if (!isLoginEnabled) {
+        return reply.status(403).send({ 
+          success: false, 
+          error: 'Login is currently disabled by administrator.' 
+        });
+      }
+
       // eslint-disable-next-line @typescript-eslint/no-explicit-any
       const { login, email, password } = request.body as any;
 

services/backend/src/routes/auth/registerEmail.ts

@@ -7,11 +7,21 @@ import { eq, or } from 'drizzle-orm';
 import { generateId } from 'lucia'; // Lucia's utility for generating IDs
 import { hash } from '@node-rs/argon2';
 import { TeamService } from '../../services/teamService';
+import { GlobalSettingsInitService } from '../../global-settings';
 
 export default async function registerEmailRoute(fastify: FastifyInstance) {
   fastify.post<{ Body: RegisterEmailInput }>( // Use Fastify's generic type for request body
     '/register',
     async (request, reply: FastifyReply) => { // request type will be inferred by Fastify
+      // Check if email registration is enabled
+      const isEmailRegistrationEnabled = await GlobalSettingsInitService.isEmailRegistrationEnabled();
+      if (!isEmailRegistrationEnabled) {
+        return reply.status(403).send({ 
+          success: false, 
+          error: 'Email registration is currently disabled by administrator.' 
+        });
+      }
+
       const { username, email, password, first_name, last_name } = request.body; // request.body should now be typed as RegisterEmailInput
 
       const db = getDb();

services/frontend/src/assets/index.css

@@ -120,7 +120,7 @@ input {
 }
 
 .bg-card {
-  background-color: var(--color-muted);
+  background-color: oklch(96.8% 0.007 247.896)
 }
 
 /* Global cursor pointer for buttons and interactive elements */

services/frontend/src/router/index.ts

@@ -76,7 +76,7 @@ const routes = [
     children: [
       {
         path: 'settings',
-        redirect: '/admin/settings/smtp'
+        redirect: '/admin/settings/global'
       },
       {
         path: 'settings/:groupId',