crimsonstrife
diff --git a/‎app/Actions/Fortify/CreateNewUser.php‎
Lines changed: 11 additions & 1 deletion b/‎app/Actions/Fortify/CreateNewUser.php‎
Lines changed: 11 additions & 1 deletion
diff --git a/‎app/Filament/Pages/Settings/ManageAuthSettings.php‎
Lines changed: 27 additions & 0 deletions b/‎app/Filament/Pages/Settings/ManageAuthSettings.php‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎app/Http/Middleware/EnsureRegistrationIsEnabled.php‎
Lines changed: 28 additions & 0 deletions b/‎app/Http/Middleware/EnsureRegistrationIsEnabled.php‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎app/Settings/AuthSettings.php‎
Lines changed: 18 additions & 0 deletions b/‎app/Settings/AuthSettings.php‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎bootstrap/app.php‎
Lines changed: 2 additions & 0 deletions b/‎bootstrap/app.php‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎composer.json‎
Lines changed: 2 additions & 2 deletions b/‎composer.json‎
Lines changed: 2 additions & 2 deletions
@@ -4,11 +4,14 @@
 
 use App\Models\Team;
 use App\Models\User;
+use App\Settings\AuthSettings;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Validator;
+use Illuminate\Validation\ValidationException;
 use Laravel\Fortify\Contracts\CreatesNewUsers;
 use Laravel\Jetstream\Jetstream;
+use Throwable;
 
 class CreateNewUser implements CreatesNewUsers
 {
@@ -18,10 +21,17 @@ class CreateNewUser implements CreatesNewUsers
      * Create a newly registered user.
      *
      * @param array<string, string> $input
-     * @throws \Throwable
+     * @throws Throwable
      */
     public function create(array $input): User
     {
+        $settings = app(AuthSettings::class);
+        if (!($settings->allowRegistration ?? true)) {
+            throw ValidationException::withMessages([
+                'email' => __('Registration is currently closed.'),
+            ]);
+        }
+
         Validator::make($input, [
             'name' => ['required', 'string', 'max:255'],
             'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
 
@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Filament\Pages\Settings;
+
+use App\Settings\AuthSettings;
+use Filament\Forms\Components\Toggle;
+use Filament\Pages\SettingsPage;
+use Filament\Schemas\Schema;
+use Filament\Support\Icons\Heroicon;
+
+class ManageAuthSettings extends SettingsPage
+{
+    protected static string $settings = AuthSettings::class;
+
+    protected static ?string $title = 'Authentication';
+    protected static string|null|\UnitEnum $navigationGroup = 'Settings';
+    protected static string|\BackedEnum|null $navigationIcon = Heroicon::OutlinedUserPlus;
+
+    public function form(Schema $schema): Schema
+    {
+        return $schema->schema([
+            Toggle::make('allowRegistration')
+                ->label('Allow self-registration')
+                ->helperText('When off, only admins can create accounts.'),
+        ]);
+    }
+}
@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Settings\AuthSettings;
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+/**
+ * Prevents access to the registration page when disabled.
+ */
+readonly class EnsureRegistrationIsEnabled
+{
+    public function __construct(private AuthSettings $settings)
+    {
+    }
+
+    public function handle(Request $request, Closure $next): Response
+    {
+        if (!($this->settings->allowRegistration ?? true) && $request->routeIs('register')) {
+            return redirect()->route('login')
+                ->with('status', __('Registration is currently closed.'));
+        }
+
+        return $next($request);
+    }
+}
@@ -0,0 +1,18 @@
+<?php
+
+namespace App\Settings;
+
+use Spatie\LaravelSettings\Settings;
+
+/**
+ * @phpstan-type AuthSettingsShape array{allowRegistration: bool}
+ */
+class AuthSettings extends Settings
+{
+    public bool $allowRegistration = false;
+
+    public static function group(): string
+    {
+        return 'auth';
+    }
+}
@@ -1,6 +1,7 @@
 <?php
 
 use App\Http\Middleware\AllowPublicEmbed;
+use App\Http\Middleware\EnsureRegistrationIsEnabled;
 use App\Http\Middleware\EnsureSupportIdentity;
 use App\Http\Middleware\SetPermissionsTeamContext;
 use App\Http\Middleware\VerifyIngestKey;
@@ -23,6 +24,7 @@
         $middleware->alias([
             'support.identity' => EnsureSupportIdentity::class,
             'ingest.key' => VerifyIngestKey::class,
+            'auth.registration' => EnsureRegistrationIsEnabled::class,
         ]);
         $middleware->group('api', [
             EnsureFrontendRequestsAreStateful::class,
 
@@ -12,13 +12,13 @@
         "ext-mbstring": "*",
         "ext-zip": "*",
         "ashallendesign/short-url": "^8.3",
-        "blaspsoft/blasp": "^2.1",
+        "blaspsoft/blasp": "^3.0",
         "calebporzio/sushi": "^2.5",
         "codedge/laravel-selfupdater": "^3.10",
         "dedoc/scramble": "^0.12.34",
         "doctrine/dbal": "^4.3",
         "filament/filament": "^4.0",
-        "filament/spatie-laravel-settings-plugin": "^v4.0.19",
+        "filament/spatie-laravel-settings-plugin": "^4.0",
         "guzzlehttp/guzzle": "^7.10",
         "kalnoy/nestedset": "^6.0",
         "knuckleswtf/scribe": "^5.3",