feat: add security related settings

2025-06-05 22:09:59 +02:00 · 2024-08-28 23:46:06 +08:00
parent 4e5810e205
commit 1167df29d8
16 changed files with 377 additions and 359 deletions
--- a/server/router/api/v1/auth_service.go
+++ b/server/router/api/v1/auth_service.go
@@ -167,11 +167,11 @@ func (s *APIV1Service) doSignIn(ctx context.Context, user *store.User, expireTim
 }

 func (s *APIV1Service) SignUp(ctx context.Context, request *v1pb.SignUpRequest) (*v1pb.User, error) {
-	workspaceProfile, err := s.GetWorkspaceProfile(ctx, &v1pb.GetWorkspaceProfileRequest{})
+	workspaceGeneralSetting, err := s.Store.GetWorkspaceGeneralSetting(ctx)
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to get workspace profile, err: %s", err))
+		return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to get workspace general setting, err: %s", err))
 	}
-	if !workspaceProfile.Public {
+	if workspaceGeneralSetting.DisallowSignup {
 		return nil, status.Errorf(codes.PermissionDenied, "sign up is not allowed")
 	}

--- a/server/router/api/v1/workspace_service.go
+++ b/server/router/api/v1/workspace_service.go
@@ -13,11 +13,9 @@ import (

 func (s *APIV1Service) GetWorkspaceProfile(ctx context.Context, _ *v1pb.GetWorkspaceProfileRequest) (*v1pb.WorkspaceProfile, error) {
 	workspaceProfile := &v1pb.WorkspaceProfile{
-		Version:      s.Profile.Version,
-		Mode:         s.Profile.Mode,
-		Public:       s.Profile.Public,
-		PasswordAuth: s.Profile.PasswordAuth,
-		InstanceUrl:  s.Profile.InstanceURL,
+		Version:     s.Profile.Version,
+		Mode:        s.Profile.Mode,
+		InstanceUrl: s.Profile.InstanceURL,
 	}
 	println("workspaceProfile: ", workspaceProfile.Mode)
 	owner, err := s.GetInstanceOwner(ctx)
@@ -26,10 +24,6 @@ func (s *APIV1Service) GetWorkspaceProfile(ctx context.Context, _ *v1pb.GetWorks
 	}
 	if owner != nil {
 		workspaceProfile.Owner = owner.Name
-	} else {
-		// If owner is not found, set Public/PasswordAuth to true.
-		workspaceProfile.Public = true
-		workspaceProfile.PasswordAuth = true
 	}
 	return workspaceProfile, nil
 }
--- a/server/router/api/v1/workspace_setting_service.go
+++ b/server/router/api/v1/workspace_setting_service.go
@@ -132,9 +132,11 @@ func convertWorkspaceGeneralSettingFromStore(setting *storepb.WorkspaceGeneralSe
 		return nil
 	}
 	generalSetting := &v1pb.WorkspaceGeneralSetting{
-		AdditionalScript:   setting.AdditionalScript,
-		AdditionalStyle:    setting.AdditionalStyle,
-		WeekStartDayOffset: setting.WeekStartDayOffset,
+		DisallowSignup:         setting.DisallowSignup,
+		DisallowPasswordSignin: setting.DisallowPasswordSignin,
+		AdditionalScript:       setting.AdditionalScript,
+		AdditionalStyle:        setting.AdditionalStyle,
+		WeekStartDayOffset:     setting.WeekStartDayOffset,
 	}
 	if setting.CustomProfile != nil {
 		generalSetting.CustomProfile = &v1pb.WorkspaceCustomProfile{
@@ -153,9 +155,11 @@ func convertWorkspaceGeneralSettingToStore(setting *v1pb.WorkspaceGeneralSetting
 		return nil
 	}
 	generalSetting := &storepb.WorkspaceGeneralSetting{
-		AdditionalScript:   setting.AdditionalScript,
-		AdditionalStyle:    setting.AdditionalStyle,
-		WeekStartDayOffset: setting.WeekStartDayOffset,
+		DisallowSignup:         setting.DisallowSignup,
+		DisallowPasswordSignin: setting.DisallowPasswordSignin,
+		AdditionalScript:       setting.AdditionalScript,
+		AdditionalStyle:        setting.AdditionalStyle,
+		WeekStartDayOffset:     setting.WeekStartDayOffset,
 	}
 	if setting.CustomProfile != nil {
 		generalSetting.CustomProfile = &storepb.WorkspaceCustomProfile{