Private Gifable features (#101)

* Seed admin user on server start.

* Optionally disable public user registration.

.env.example

@@ -16,3 +16,10 @@ S3_USE_SSL=true # optional
 SESSION_SECRET=
 
 DEBUG="app:*"
+
+# Seed an admin user on server start.
+# ADMIN_USERNAME=
+# ADMIN_PASSWORD=
+
+# Disable public user registration.
+# DISABLE_SIGNUP=1

README.md

@@ -34,3 +34,7 @@ docker run -d \
   -e DATABASE_URL="file:/data/gifable.db" \
   ghcr.io/pietvanzoen/gifable:latest
 ```
+
+## Configuration
+
+See `.env.example` for all available configuration options.

app/routes/login.tsx

@@ -1,7 +1,8 @@
-import type { ActionArgs } from "@remix-run/node";
+import { json, type ActionArgs } from "@remix-run/node";
 import {
   isRouteErrorResponse,
   useActionData,
+  useLoaderData,
   useRouteError,
   useSearchParams,
 } from "@remix-run/react";
@@ -21,6 +22,7 @@ import { UserSchema } from "~/utils/validators";
 import { makeTitle } from "~/utils/meta";
 import styles from "~/styles/login.css";
 import { isRateLimited, rateLimitError } from "~/utils/rate-limiter.server";
+import env from "~/utils/env.server";
 
 const log = debug("app:login");
 
@@ -84,6 +86,14 @@ export async function action({ request }: ActionArgs) {
     }
 
     case "register": {
+      if (env.get("DISABLE_SIGNUP")) {
+        log("Signup is disabled");
+        return badRequest({
+          repopulateFields: result.submittedData,
+          message: `Signup is disabled`,
+        });
+      }
+
       log("Registering user %s", username);
       const resp = await isRateLimited(
         getClientIPAddress(request) || username,
@@ -126,14 +136,23 @@ export async function action({ request }: ActionArgs) {
   }
 }
 
+export function loader() {
+  return json({
+    allowSignup: !env.get("DISABLE_SIGNUP"),
+  });
+}
+
 export default function Login() {
+  const data = useLoaderData<typeof loader>();
   const actionData = useActionData<typeof action>();
   const [searchParams] = useSearchParams();
   const defaultValues = actionData?.repopulateFields || {
     redirectTo: searchParams.get("redirectTo") || "/",
     loginType: "login",
   };
 
+  const title = data.allowSignup ? "Login or Register" : "Login";
+
   return (
     <ValidatedForm
       validator={validator}
@@ -143,22 +162,33 @@ export default function Login() {
     >
       <fieldset>
         <legend>
-          <h1>Login or Register?</h1>
+          <h1>{title}</h1>
         </legend>
         <FormInput label="Redirect to" type="hidden" name="redirectTo" />
-        <FormInput
-          name="loginType"
-          label="Login"
-          type="radio"
-          value="login"
-          checked
-        />
-        <FormInput
-          name="loginType"
-          label="Register"
-          type="radio"
-          value="register"
-        />
+        {data.allowSignup ? (
+          <>
+            <FormInput
+              name="loginType"
+              label="Login"
+              type="radio"
+              value="login"
+              checked
+            />
+            <FormInput
+              name="loginType"
+              label="Register"
+              type="radio"
+              value="register"
+            />
+          </>
+        ) : (
+          <FormInput
+            name="loginType"
+            label="Login"
+            type="hidden"
+            value="login"
+          />
+        )}
         <FormInput name="username" label="Username" required />
         <FormInput name="password" label="Password" type="password" required />
         <Alert>{actionData?.message}</Alert>

package.json

@@ -9,7 +9,7 @@
     "build": "remix build",
     "dev": "DEBUG=app:* remix dev",
     "predev": "prisma generate && npm run install:css",
-    "prestart": "prisma migrate deploy",
+    "prestart": "prisma migrate deploy && node ./seed-admin.mjs",
     "start": "remix-serve build",
     "typecheck": "tsc",
     "test": "jest app",

seed-admin.mjs

@@ -0,0 +1,44 @@
+//@ts-check
+import { PrismaClient } from "@prisma/client";
+import bycrypt from "bcryptjs";
+
+const db = new PrismaClient();
+
+const log = (/** @type {string} */ message) =>
+  console.log(`ADMIN SEED: ${message}`);
+
+async function main() {
+  const { ADMIN_USERNAME, ADMIN_PASSWORD } = process.env;
+
+  if (!ADMIN_USERNAME || !ADMIN_PASSWORD) {
+    return;
+  }
+
+  const admin = await db.user.findUnique({
+    where: {
+      username: ADMIN_USERNAME,
+    },
+  });
+
+  if (admin) {
+    log(`Admin user '${ADMIN_USERNAME}' already exists`);
+    return;
+  }
+
+  log(`Seeding admin user '${ADMIN_USERNAME}'`);
+
+  await db.user.create({
+    data: {
+      username: ADMIN_USERNAME,
+      passwordHash: await bycrypt.hash(ADMIN_PASSWORD, 10),
+      isAdmin: true,
+    },
+  });
+
+  log(`Admin user '${ADMIN_USERNAME}' created`);
+}
+
+main().catch((e) => {
+  console.error(e);
+  process.exit(1);
+});