fix: Corrected Registration Validation, Case-Insensitive Variable Handling, Playwright workflow (#805)

* feat(auth.js): add validation for registration endpoint using validateRegistration middleware feat(validateRegistration.js): add middleware to validate registration based on ALLOW_REGISTRATION environment variable * fix(config.js): fix registrationEnabled and socialLoginEnabled variables to handle case-insensitive environment variable values * refactor(validateRegistration.js): remove console.log statement * chore(playwright.yml): skip browser download during yarn install chore(playwright.yml): place Playwright binaries to node_modules/@playwright/test chore(playwright.yml): install Playwright dependencies using npx playwright install-deps chore(playwright.yml): install Playwright chromium browser using npx playwright install chromium chore(playwright.yml): install @playwright/test@latest using npm install -D @playwright/test@latest chore(playwright.yml): run Playwright tests using npm run e2e:ci * chore(playwright.yml): change npm install order and update comment The order of the npm install commands in the "Install Playwright Browsers" step has been changed to first install @playwright/test@latest and then install chromium. Additionally, the comment explaining the PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD variable has been updated to mention npm install instead of yarn install. * chore(playwright.yml): remove commented out code for caching and add separate steps for installing Playwright dependencies and browsers
2025-09-21 21:50:49 +02:00 · 2023-08-14 09:45:44 -04:00 · 2023-08-14 09:45:44 -04:00 · d00c7354cd
commit d00c7354cd
parent 1aa4b34dc6
4 changed files with 21 additions and 23 deletions
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@ -31,6 +31,8 @@ jobs:
      CREDS_IV: ${{ secrets.CREDS_IV }}
      DOMAIN_CLIENT: ${{ secrets.DOMAIN_CLIENT }}
      DOMAIN_SERVER: ${{ secrets.DOMAIN_SERVER }}
+      PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 # Skip downloading during npm install
+      PLAYWRIGHT_BROWSERS_PATH: 0 # Places binaries to node_modules/@playwright/test
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
@ -38,14 +40,6 @@ jobs:
          node-version: 18
          cache: 'npm'

-      # - name: Cache Node.js modules
-      #   uses: actions/cache@v3
-      #   with:
-      #     path: ~/.npm
-      #     key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-      #     restore-keys: |
-      #       ${{ runner.os }}-node-
-
      - name: Install global dependencies
        run: npm ci

@ -58,16 +52,11 @@ jobs:
      - name: Build Client
        run: npm run frontend

-      # - name: Cache Playwright installations
-      #   uses: actions/cache@v3
-      #   with:
-      #     path: ~/.cache/ms-playwright/
-      #     key: ${{ runner.os }}-pw-${{ hashFiles('**/package-lock.json') }}
-      #     restore-keys: |
-      #       ${{ runner.os }}-pw-
-
-      - name: Install Playwright Browsers
-        run: npx playwright install --with-deps chromium && npm install -D @playwright/test@latest
+      - name: Install Playwright
+        run: |
+          npx playwright install-deps
+          npm install -D @playwright/test@latest
+          npx playwright install chromium

      - name: Run Playwright tests
        run: npm run e2e:ci
--- a/api/middleware/validateRegistration.js
+++ b/api/middleware/validateRegistration.js
@ -0,0 +1,10 @@
+function validateRegistration(req, res, next) {
+  const setting = process.env.ALLOW_REGISTRATION?.toLowerCase();
+  if (setting === 'true') {
+    next();
+  } else {
+    res.status(403).send('Registration is not allowed.');
+  }
+}
+
+module.exports = validateRegistration;
--- a/api/server/routes/auth.js
+++ b/api/server/routes/auth.js
@ -9,6 +9,7 @@ const { loginController } = require('../controllers/auth/LoginController');
 const { logoutController } = require('../controllers/auth/LogoutController');
 const requireJwtAuth = require('../../middleware/requireJwtAuth');
 const requireLocalAuth = require('../../middleware/requireLocalAuth');
+const validateRegistration = require('../../middleware/validateRegistration');

 const router = express.Router();

@ -16,9 +17,7 @@ const router = express.Router();
 router.post('/logout', requireJwtAuth, logoutController);
 router.post('/login', requireLocalAuth, loginController);
 // router.post('/refresh', requireJwtAuth, refreshController);
-if (process.env.ALLOW_REGISTRATION) {
-  router.post('/register', registrationController);
-}
+router.post('/register', validateRegistration, registrationController);
 router.post('/requestPasswordReset', resetPasswordRequestController);
 router.post('/resetPassword', resetPasswordController);

--- a/api/server/routes/config.js
+++ b/api/server/routes/config.js
@ -16,8 +16,8 @@ router.get('/', async function (req, res) {
    const discordLoginEnabled =
      !!process.env.DISCORD_CLIENT_ID && !!process.env.DISCORD_CLIENT_SECRET;
    const serverDomain = process.env.DOMAIN_SERVER || 'http://localhost:3080';
-    const registrationEnabled = process.env.ALLOW_REGISTRATION === 'true';
-    const socialLoginEnabled = process.env.ALLOW_SOCIAL_LOGIN === 'true';
+    const registrationEnabled = process.env.ALLOW_REGISTRATION?.toLowerCase() === 'true';
+    const socialLoginEnabled = process.env.ALLOW_SOCIAL_LOGIN?.toLowerCase() === 'true';
    const emailEnabled =
      !!process.env.EMAIL_SERVICE &&
      !!process.env.EMAIL_USERNAME &&