api: add option to forbid new owner registrations

Closes https://gitlab.com/commento/commento-ce/issues/10

api/config.go

@@ -24,6 +24,8 @@ func configParse() error {
 
 		"CDN_PREFIX": "",
 
+		"FORBID_NEW_OWNERS": "false",
+
 		"STATIC": binPath,
 
 		"GZIP_STATIC": "false",
@@ -53,7 +55,7 @@ func configParse() error {
 	}
 
 	// Mandatory config parameters
-	for _, env := range []string{"POSTGRES", "PORT", "ORIGIN"} {
+	for _, env := range []string{"POSTGRES", "PORT", "ORIGIN", "FORBID_NEW_OWNERS"} {
 		if os.Getenv(env) == "" {
 			logger.Errorf("missing COMMENTO_%s environment variable", env)
 			return errorMissingConfig
@@ -64,6 +66,11 @@ func configParse() error {
 		os.Setenv("CDN_PREFIX", os.Getenv("ORIGIN"))
 	}
 
+	if os.Getenv("FORBID_NEW_OWNERS") != "true" && os.Getenv("FORBID_NEW_OWNERS") != "false" {
+		logger.Errorf("COMMENTO_FORBID_NEW_OWNERS neither 'true' nor 'false'")
+		return errorInvalidConfigValue
+	}
+
 	static := os.Getenv("STATIC")
 	for strings.HasSuffix(static, "/") {
 		static = static[0 : len(static)-1]

api/errors.go

@@ -39,3 +39,5 @@ var errorGzip = errors.New("Cannot GZip content.")
 var errorCannotDownloadDisqus = errors.New("We could not download your Disqus export file.")
 var errorSelfVote = errors.New("You cannot vote on your own comment.")
 var errorInvalidConfigFile = errors.New("Invalid config file.")
+var errorInvalidConfigValue = errors.New("Invalid config value.")
+var errorNewOwnerForbidden = errors.New("New user registrations are forbidden and closed.")

api/owner_new.go

@@ -3,6 +3,7 @@ package main
 import (
 	"golang.org/x/crypto/bcrypt"
 	"net/http"
+	"os"
 	"time"
 )
 
@@ -11,6 +12,10 @@ func ownerNew(email string, name string, password string) (string, error) {
 		return "", errorMissingField
 	}
 
+	if os.Getenv("FORBID_NEW_OWNERS") == "true" {
+		return "", errorNewOwnerForbidden
+	}
+
 	ownerHex, err := randomHex(32)
 	if err != nil {
 		logger.Errorf("cannot generate ownerHex: %v", err)