From 3ba6f7fa0ac42243523ae6066fb195d0f42185e8 Mon Sep 17 00:00:00 2001
From: Chen-I Lim <chenilim@gmail.com>
Date: Tue, 9 Feb 2021 15:58:08 -0800
Subject: [PATCH] Disable login, reg, change password for single-user

---
 server/api/auth.go | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/server/api/auth.go b/server/api/auth.go
index 802f3358c..9e8b769b3 100644
--- a/server/api/auth.go
+++ b/server/api/auth.go
@@ -78,6 +78,12 @@ func isValidPassword(password string) error {
 }
 
 func (a *API) handleLogin(w http.ResponseWriter, r *http.Request) {
+	if len(a.singleUserToken) > 0 {
+		// Not permitted in single-user mode
+		errorResponse(w, http.StatusUnauthorized, nil, nil)
+		return
+	}
+
 	requestBody, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		errorResponse(w, http.StatusInternalServerError, nil, err)
@@ -111,6 +117,12 @@ func (a *API) handleLogin(w http.ResponseWriter, r *http.Request) {
 }
 
 func (a *API) handleRegister(w http.ResponseWriter, r *http.Request) {
+	if len(a.singleUserToken) > 0 {
+		// Not permitted in single-user mode
+		errorResponse(w, http.StatusUnauthorized, nil, nil)
+		return
+	}
+
 	requestBody, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		errorResponse(w, http.StatusInternalServerError, nil, err)
@@ -164,6 +176,12 @@ func (a *API) handleRegister(w http.ResponseWriter, r *http.Request) {
 }
 
 func (a *API) handleChangePassword(w http.ResponseWriter, r *http.Request) {
+	if len(a.singleUserToken) > 0 {
+		// Not permitted in single-user mode
+		errorResponse(w, http.StatusUnauthorized, nil, nil)
+		return
+	}
+
 	vars := mux.Vars(r)
 	userID := vars["userID"]