From 9fb33fbd9d94d493fb92dc61f98d877a5d7e418d Mon Sep 17 00:00:00 2001
From: Adhityaa Chandrasekar <adtac@adtac.in>
Date: Tue, 24 Jul 2018 15:38:00 +0530
Subject: [PATCH] api: add option to forbid new owner registrations

Closes https://gitlab.com/commento/commento-ce/issues/10
---
 api/config.go    | 9 ++++++++-
 api/errors.go    | 2 ++
 api/owner_new.go | 5 +++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/api/config.go b/api/config.go
index c2f7dc6..2f8850e 100644
--- a/api/config.go
+++ b/api/config.go
@@ -24,6 +24,8 @@ func configParse() error {
 
 		"CDN_PREFIX": "",
 
+		"FORBID_NEW_OWNERS": "false",
+
 		"STATIC": binPath,
 
 		"GZIP_STATIC": "false",
@@ -53,7 +55,7 @@ func configParse() error {
 	}
 
 	// Mandatory config parameters
-	for _, env := range []string{"POSTGRES", "PORT", "ORIGIN"} {
+	for _, env := range []string{"POSTGRES", "PORT", "ORIGIN", "FORBID_NEW_OWNERS"} {
 		if os.Getenv(env) == "" {
 			logger.Errorf("missing COMMENTO_%s environment variable", env)
 			return errorMissingConfig
@@ -64,6 +66,11 @@ func configParse() error {
 		os.Setenv("CDN_PREFIX", os.Getenv("ORIGIN"))
 	}
 
+	if os.Getenv("FORBID_NEW_OWNERS") != "true" && os.Getenv("FORBID_NEW_OWNERS") != "false" {
+		logger.Errorf("COMMENTO_FORBID_NEW_OWNERS neither 'true' nor 'false'")
+		return errorInvalidConfigValue
+	}
+
 	static := os.Getenv("STATIC")
 	for strings.HasSuffix(static, "/") {
 		static = static[0 : len(static)-1]
diff --git a/api/errors.go b/api/errors.go
index 223a3f3..1b250e2 100644
--- a/api/errors.go
+++ b/api/errors.go
@@ -39,3 +39,5 @@ var errorGzip = errors.New("Cannot GZip content.")
 var errorCannotDownloadDisqus = errors.New("We could not download your Disqus export file.")
 var errorSelfVote = errors.New("You cannot vote on your own comment.")
 var errorInvalidConfigFile = errors.New("Invalid config file.")
+var errorInvalidConfigValue = errors.New("Invalid config value.")
+var errorNewOwnerForbidden = errors.New("New user registrations are forbidden and closed.")
diff --git a/api/owner_new.go b/api/owner_new.go
index cfdaf55..66b1321 100644
--- a/api/owner_new.go
+++ b/api/owner_new.go
@@ -3,6 +3,7 @@ package main
 import (
 	"golang.org/x/crypto/bcrypt"
 	"net/http"
+	"os"
 	"time"
 )
 
@@ -11,6 +12,10 @@ func ownerNew(email string, name string, password string) (string, error) {
 		return "", errorMissingField
 	}
 
+	if os.Getenv("FORBID_NEW_OWNERS") == "true" {
+		return "", errorNewOwnerForbidden
+	}
+
 	ownerHex, err := randomHex(32)
 	if err != nil {
 		logger.Errorf("cannot generate ownerHex: %v", err)