feat: Allow optional public user signup (#34)

Author: TomBursch

app/config.py

@@ -23,6 +23,7 @@
 ALLOWED_FILE_EXTENSIONS = {'txt', 'pdf', 'png', 'jpg', 'jpeg', 'gif'}
 
 PRIVACY_POLICY_URL = os.getenv('PRIVACY_POLICY_URL')
+OPEN_REGISTRATION = os.getenv('OPEN_REGISTRATION', "False").lower() == "true"
 
 DB_URL = URL.create(
     os.getenv('DB_DRIVER', "sqlite"),

app/controller/auth/auth_controller.py

@@ -3,9 +3,9 @@
 from flask import jsonify, Blueprint, request
 from flask_jwt_extended import current_user, jwt_required, get_jwt
 from app.models import User, Token
-from app.errors import UnauthorizedRequest
-from .schemas import Login, CreateLongLivedToken
-from app.config import jwt
+from app.errors import UnauthorizedRequest, InvalidUsage
+from .schemas import Login, Signup, CreateLongLivedToken
+from app.config import jwt, OPEN_REGISTRATION
 
 auth = Blueprint('auth', __name__)
 
@@ -63,6 +63,35 @@ def login(args):
     })
 
 
+if OPEN_REGISTRATION:
+    @auth.route('signup', methods=['POST'])
+    @validate_args(Signup)
+    def signup(args):
+        username = args['username'].strip().lower()
+        user = User.find_by_username(username)
+        if user:
+            raise InvalidUsage()
+        
+        user = User(username=username, name=args['name'].strip())
+        user.set_password(args['password'])
+        user.save()
+
+        device = "Unkown"
+        if "device" in args:
+            device = args['device']
+
+        # Create refresh token
+        refreshToken, refreshModel = Token.create_refresh_token(user, device)
+
+        # Create first access token
+        accesssToken, _ = Token.create_access_token(user, refreshModel)
+
+        return jsonify({
+            'access_token': accesssToken,
+            'refresh_token': refreshToken
+        })
+
+
 @auth.route('/refresh', methods=['GET'])
 @jwt_required(refresh=True)
 def refresh():

app/controller/auth/schemas.py

@@ -17,6 +17,26 @@ class Login(Schema):
         load_only=True,
     )
 
+class Signup(Schema):
+    username = fields.String(
+        required=True,
+        validate=lambda a: a and not a.isspace() and not "@" in a
+    )
+    name = fields.String(
+        required=True,
+        validate=lambda a: a and not a.isspace()
+    )
+    password = fields.String(
+        required=True,
+        validate=lambda a: a and not a.isspace(),
+        load_only=True,
+    )
+    device = fields.String(
+        required=False,
+        validate=lambda a: a and not a.isspace(),
+        load_only=True,
+    )
+
 
 class CreateLongLivedToken(Schema):
     device = fields.String(

app/controller/health_controller.py

@@ -1,5 +1,5 @@
 from flask import jsonify, Blueprint
-from app.config import BACKEND_VERSION, MIN_FRONTEND_VERSION, PRIVACY_POLICY_URL
+from app.config import BACKEND_VERSION, MIN_FRONTEND_VERSION, PRIVACY_POLICY_URL, OPEN_REGISTRATION
 from app.models import Settings
 from app.config import SUPPORTED_LANGUAGES
 
@@ -15,6 +15,8 @@ def get_health():
     }
     if PRIVACY_POLICY_URL:
         info['privacy_policy'] = PRIVACY_POLICY_URL
+    if OPEN_REGISTRATION:
+        info['open_registration'] = True
     return jsonify(info)
 
 @health.route('/supported-languages', methods=['GET'])