olly/mcma-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): public self-service registration (ALLOW_REGISTRATION)
Docker Build & Publish / build (push) Successful in 1m8s
Details
Docker Build & Publish / push (push) Failing after 34s
Details
Docker Build & Publish / Prune old image versions (push) Has been skipped
Details

Browse Source 
Add POST /auth/register: creates a non-superuser then auto-logs in,
returning the same TokenResponse as login. Gated by the new
allow_registration setting (env ALLOW_REGISTRATION, default true);
when disabled it raises PermissionDeniedError (403). Accounts remain
admin-only for superusers.

Tests cover create+login, duplicate (409), short password (422), and
the disabled (403) path.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Senko-san
2026-06-10 14:06:52 +03:00
parent c72d19599a
commit 14c1bc16e0
5 changed files with 83 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.env.example
+3
View File
@@ -16,6 +16,9 @@ REDIS_URL=redis://localhost:6379/0
JWT_SECRET=change-me-in-prod
ACCESS_TOKEN_TTL_SECONDS=900
REFRESH_TOKEN_TTL_SECONDS=2592000
# Public self-service sign-up (POST /auth/register). Set to false to make
# accounts admin-only. Registered users are never superusers.
ALLOW_REGISTRATION=true
# subsonic — key that encrypts per-user Subsonic app-passwords at rest.
# GENERATE a strong secret for prod (`openssl rand -hex 32`); rotating it