feat: Add setting to disable embed endpoints and UI. (#4316)

Author: ildyria

app/Http/Controllers/Gallery/EmbedController.php

@@ -54,6 +54,10 @@ public function __construct(
 	 */
 	public function getAlbum(EmbededRequest $request): EmbedAlbumResource
 	{
+		if (!$request->configs()->getValueAsBool('is_embed_enabled')) {
+			throw new NotFoundHttpException();
+		}
+
 		/** @var Album $album */
 		$album = $request->album() ?? throw new LycheeLogicException('Album should be set in EmbededRequest');
 
@@ -84,6 +88,10 @@ public function getAlbum(EmbededRequest $request): EmbedAlbumResource
 	 */
 	public function getPublicStream(EmbededRequest $request): EmbedStreamResource
 	{
+		if (!$request->configs()->getValueAsBool('is_embed_enabled')) {
+			throw new NotFoundHttpException();
+		}
+
 		$photos = $this->findPublicPhotos($request->limit ?? 100, $request->offset, $request->sort ?? 'desc', $request->authors);
 
 		// Get site title from configuration

app/Http/Resources/GalleryConfigs/InitConfig.php

@@ -122,6 +122,9 @@ class InitConfig extends Data
 	public bool $is_rating_show_avg_in_album_view_enabled;
 	public VisibilityType $rating_album_view_mode;
 
+	// Embed
+	public bool $is_embed_enabled = true;
+
 	// Homepage
 	public string $default_homepage;
 	public bool $is_timeline_page_enabled = false;
@@ -225,6 +228,9 @@ public function __construct()
 		$this->is_rating_show_avg_in_album_view_enabled = request()->configs()->getValueAsBool('rating_show_avg_in_album_view');
 		$this->rating_album_view_mode = request()->configs()->getValueAsEnum('rating_album_view_mode', VisibilityType::class);
 
+		// Embed
+		$this->is_embed_enabled = request()->configs()->getValueAsBool('is_embed_enabled');
+
 		// Homepage
 		$this->default_homepage = request()->configs()->getValueAsString('home_page_default');
 		$this->is_timeline_page_enabled = request()->configs()->getValueAsBool('timeline_page_enabled');

database/migrations/2026_04_22_000001_add_embed_enabled_config.php

@@ -0,0 +1,31 @@
+<?php
+
+/**
+ * SPDX-License-Identifier: MIT
+ * Copyright (c) 2017-2018 Tobias Reich
+ * Copyright (c) 2018-2026 LycheeOrg.
+ */
+
+use App\Models\Extensions\BaseConfigMigration;
+
+return new class() extends BaseConfigMigration {
+	public const CAT = 'config';
+
+	public function getConfigs(): array
+	{
+		return [
+			[
+				'key' => 'is_embed_enabled',
+				'value' => '1',
+				'cat' => self::CAT,
+				'type_range' => self::BOOL,
+				'description' => 'Enable the embed API endpoints and UI features for external website integration.',
+				'details' => 'When disabled, all embed API endpoints return 404 and embed-related UI features are hidden.',
+				'is_secret' => false,
+				'is_expert' => false,
+				'level' => 0,
+				'order' => 100,
+			],
+		];
+	}
+};

resources/js/components/gallery/albumModule/AlbumHero.vue

@@ -179,7 +179,8 @@ const albumStore = useAlbumStore();
 const albumsStore = useAlbumsStore();
 const photosStore = usePhotosStore();
 
-const { is_se_enabled, is_se_preview_enabled, are_nsfw_visible, is_slideshow_enabled, album_header_size } = storeToRefs(lycheeStore);
+const { is_se_enabled, is_se_preview_enabled, are_nsfw_visible, is_slideshow_enabled, album_header_size, is_embed_enabled } =
+	storeToRefs(lycheeStore);
 
 function toggleAlbumView(mode: "grid" | "list") {
 	lycheeStore.album_view_mode = mode;
@@ -224,6 +225,10 @@ const emits = defineEmits<{
 // Check if album is embeddable (public, no password, no link requirement)
 // and if user is logged in
 const isEmbeddable = computed(() => {
+	// Respect the global embed enabled setting
+	if (!is_embed_enabled.value) {
+		return false;
+	}
 	// Only show embed button to logged-in users
 	if (!userStore.isLoggedIn) {
 		return false;

resources/js/composables/contextMenus/leftMenu.ts

@@ -35,8 +35,15 @@ export function useLeftMenu(
 	const { user } = storeToRefs(authStore);
 
 	const { initData, left_menu_open } = storeToRefs(LeftMenuStateStore);
-	const { clockwork_url, is_se_enabled, is_se_preview_enabled, is_se_info_hidden, is_favourite_enabled, is_timeline_page_enabled } =
-		storeToRefs(lycheeStore);
+	const {
+		clockwork_url,
+		is_se_enabled,
+		is_se_preview_enabled,
+		is_se_info_hidden,
+		is_favourite_enabled,
+		is_timeline_page_enabled,
+		is_embed_enabled,
+	} = storeToRefs(lycheeStore);
 	const openLycheeAbout = ref(false);
 	const logsEnabled = ref(true);
 
@@ -114,7 +121,7 @@ export function useLeftMenu(
 			{
 				label: "left-menu.embed_stream",
 				icon: "pi pi-code",
-				access: user.value?.id !== null,
+				access: (is_embed_enabled.value ?? true) && user.value?.id !== null,
 				command: () => {
 					const togglableStore = useTogglablesStateStore();
 					togglableStore.embed_code_mode = "stream";

resources/js/lychee.d.ts

@@ -509,6 +509,7 @@ declare namespace App.Http.Resources.GalleryConfigs {
 		rating_album_view_mode: App.Enum.VisibilityType;
 		default_homepage: string;
 		is_timeline_page_enabled: boolean;
+		is_embed_enabled: boolean;
 		is_contact_form_enabled: boolean;
 		photos_pagination_mode: App.Enum.PaginationMode;
 		albums_pagination_mode: App.Enum.PaginationMode;

resources/js/stores/LycheeState.ts

@@ -76,6 +76,7 @@ export const useLycheeStateStore = defineStore("lychee-store", {
 		dropbox_api_key: "disabled",
 		default_homepage: "gallery",
 		is_timeline_page_enabled: false,
+		is_embed_enabled: true,
 
 		// Login options
 		is_basic_auth_enabled: true,
@@ -220,6 +221,7 @@ export const useLycheeStateStore = defineStore("lychee-store", {
 
 					this.default_homepage = data.default_homepage;
 					this.is_timeline_page_enabled = data.is_timeline_page_enabled;
+					this.is_embed_enabled = data.is_embed_enabled;
 
 					this.photos_pagination_mode = data.photos_pagination_mode;
 					this.albums_pagination_mode = data.albums_pagination_mode;