fix: Corrected Registration Validation, Case-Insensitive Variable Handling, Playwright workflow (#805)

* feat(auth.js): add validation for registration endpoint using validateRegistration middleware
feat(validateRegistration.js): add middleware to validate registration based on ALLOW_REGISTRATION environment variable

* fix(config.js): fix registrationEnabled and socialLoginEnabled variables to handle case-insensitive environment variable values

* refactor(validateRegistration.js): remove console.log statement

* chore(playwright.yml): skip browser download during yarn install
chore(playwright.yml): place Playwright binaries to node_modules/@playwright/test
chore(playwright.yml): install Playwright dependencies using npx playwright install-deps
chore(playwright.yml): install Playwright chromium browser using npx playwright install chromium
chore(playwright.yml): install @playwright/test@latest using npm install -D @playwright/test@latest
chore(playwright.yml): run Playwright tests using npm run e2e:ci

* chore(playwright.yml): change npm install order and update comment

The order of the npm install commands in the "Install Playwright Browsers" step has been changed to first install @playwright/test@latest and then install chromium. Additionally, the comment explaining the PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD variable has been updated to mention npm install instead of yarn install.

* chore(playwright.yml): remove commented out code for caching and add separate steps for installing Playwright dependencies and browsers

.github/workflows/playwright.yml

@@ -31,6 +31,8 @@ jobs:
       CREDS_IV: ${{ secrets.CREDS_IV }}
       DOMAIN_CLIENT: ${{ secrets.DOMAIN_CLIENT }}
       DOMAIN_SERVER: ${{ secrets.DOMAIN_SERVER }}
+      PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 # Skip downloading during npm install
+      PLAYWRIGHT_BROWSERS_PATH: 0 # Places binaries to node_modules/@playwright/test
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
@@ -38,14 +40,6 @@ jobs:
           node-version: 18
           cache: 'npm'
 
-      # - name: Cache Node.js modules
-      #   uses: actions/cache@v3
-      #   with:
-      #     path: ~/.npm
-      #     key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-      #     restore-keys: |
-      #       ${{ runner.os }}-node-
-
       - name: Install global dependencies
         run: npm ci
 
@@ -58,16 +52,11 @@ jobs:
       - name: Build Client
         run: npm run frontend
 
-      # - name: Cache Playwright installations
-      #   uses: actions/cache@v3
-      #   with:
-      #     path: ~/.cache/ms-playwright/
-      #     key: ${{ runner.os }}-pw-${{ hashFiles('**/package-lock.json') }}
-      #     restore-keys: |
-      #       ${{ runner.os }}-pw-
-
-      - name: Install Playwright Browsers
-        run: npx playwright install --with-deps chromium && npm install -D @playwright/test@latest
+      - name: Install Playwright
+        run: |
+          npx playwright install-deps
+          npm install -D @playwright/test@latest
+          npx playwright install chromium
 
       - name: Run Playwright tests
         run: npm run e2e:ci

api/middleware/validateRegistration.js

@@ -0,0 +1,10 @@
+function validateRegistration(req, res, next) {
+  const setting = process.env.ALLOW_REGISTRATION?.toLowerCase();
+  if (setting === 'true') {
+    next();
+  } else {
+    res.status(403).send('Registration is not allowed.');
+  }
+}
+
+module.exports = validateRegistration;

api/server/routes/auth.js

@@ -9,6 +9,7 @@ const { loginController } = require('../controllers/auth/LoginController');
 const { logoutController } = require('../controllers/auth/LogoutController');
 const requireJwtAuth = require('../../middleware/requireJwtAuth');
 const requireLocalAuth = require('../../middleware/requireLocalAuth');
+const validateRegistration = require('../../middleware/validateRegistration');
 
 const router = express.Router();
 
@@ -16,9 +17,7 @@ const router = express.Router();
 router.post('/logout', requireJwtAuth, logoutController);
 router.post('/login', requireLocalAuth, loginController);
 // router.post('/refresh', requireJwtAuth, refreshController);
-if (process.env.ALLOW_REGISTRATION) {
-  router.post('/register', registrationController);
-}
+router.post('/register', validateRegistration, registrationController);
 router.post('/requestPasswordReset', resetPasswordRequestController);
 router.post('/resetPassword', resetPasswordController);
 

api/server/routes/config.js

@@ -16,8 +16,8 @@ router.get('/', async function (req, res) {
     const discordLoginEnabled =
       !!process.env.DISCORD_CLIENT_ID && !!process.env.DISCORD_CLIENT_SECRET;
     const serverDomain = process.env.DOMAIN_SERVER || 'http://localhost:3080';
-    const registrationEnabled = process.env.ALLOW_REGISTRATION === 'true';
-    const socialLoginEnabled = process.env.ALLOW_SOCIAL_LOGIN === 'true';
+    const registrationEnabled = process.env.ALLOW_REGISTRATION?.toLowerCase() === 'true';
+    const socialLoginEnabled = process.env.ALLOW_SOCIAL_LOGIN?.toLowerCase() === 'true';
     const emailEnabled =
       !!process.env.EMAIL_SERVICE &&
       !!process.env.EMAIL_USERNAME &&