add instance settings middleware

Signed-off-by: rafi <refaei.shikho@hotmail.com>

Author: refoo0

controllers/org_controller.go

@@ -36,17 +36,15 @@ type OrgController struct {
 	rbacProvider           shared.RBACProvider
 	projectService         shared.ProjectService
 	invitationRepository   shared.InvitationRepository
-	configService          shared.ConfigService
 }
 
-func NewOrganizationController(repository shared.OrganizationRepository, orgService shared.OrgService, rbacProvider shared.RBACProvider, projectService shared.ProjectService, invitationRepository shared.InvitationRepository, configService shared.ConfigService) *OrgController {
+func NewOrganizationController(repository shared.OrganizationRepository, orgService shared.OrgService, rbacProvider shared.RBACProvider, projectService shared.ProjectService, invitationRepository shared.InvitationRepository) *OrgController {
 	return &OrgController{
 		organizationRepository: repository,
 		orgService:             orgService,
 		rbacProvider:           rbacProvider,
 		projectService:         projectService,
 		invitationRepository:   invitationRepository,
-		configService:          configService,
 	}
 }
 
@@ -58,16 +56,6 @@ func NewOrganizationController(repository shared.OrganizationRepository, orgServ
 // @Success 200 {object} models.Org
 // @Router /organizations [post]
 func (controller *OrgController) Create(ctx shared.Context) error {
-	var settings shared.InstanceSettings
-	err := controller.configService.GetJSONConfig(ctx.Request().Context(), "instance_settings", &settings)
-	if err != nil {
-		// if there is an error getting the instance settings, we assume that the instance settings do not exist and we allow the creation of the organization
-		settings = shared.InstanceSettings{}
-	}
-	if settings.SingleOrganizationMode {
-		return echo.NewHTTPError(403, "creating organizations is not allowed in single organization mode")
-	}
-
 	var req dtos.OrgCreateRequest
 	if err := ctx.Bind(&req); err != nil {
 		return err
@@ -82,8 +70,7 @@ func (controller *OrgController) Create(ctx shared.Context) error {
 		return echo.NewHTTPError(400, "slug is required")
 	}
 
-	err = controller.orgService.CreateOrganization(ctx, &organization)
-	if err != nil {
+	if err := controller.orgService.CreateOrganization(ctx, &organization); err != nil {
 		return err
 	}
 

daemons/daemon.go

@@ -72,11 +72,11 @@ func (runner *DaemonRunner) CleanupOrphanedRecords(ctx context.Context) error {
 func (runner *DaemonRunner) SetInstanceSettings(ctx context.Context) error {
 	singleOrganizationMode := os.Getenv("SINGLE_ORGANIZATION_MODE")
 	if singleOrganizationMode == "true" {
-		return runner.configService.SetJSONConfig(ctx, "instance_settings", shared.InstanceSettings{
+		return runner.configService.SetJSONConfig(ctx, "instanceSettings", shared.InstanceSettings{
 			SingleOrganizationMode: true,
 		})
 	} else {
-		return runner.configService.SetJSONConfig(ctx, "instance_settings", shared.InstanceSettings{
+		return runner.configService.SetJSONConfig(ctx, "instanceSettings", shared.InstanceSettings{
 			SingleOrganizationMode: false,
 		})
 	}

daemons/providers.go

@@ -141,6 +141,10 @@ func NewDaemonRunner(
 
 // Start initiates all background daemons
 func (runner *DaemonRunner) Start(ctx context.Context) {
+	if err := runner.SetInstanceSettings(ctx); err != nil {
+		slog.Error("could not set instance settings", "err", err)
+	}
+
 	go func() {
 		runner.tick()
 		ticker := time.NewTicker(5 * time.Minute)
@@ -152,10 +156,6 @@ func (runner *DaemonRunner) Start(ctx context.Context) {
 }
 
 func (runner *DaemonRunner) tick() {
-	if err := runner.SetInstanceSettings(context.Background()); err != nil {
-		slog.Error("could not set instance settings", "err", err)
-	}
-
 	if runner.leaderElector.IsLeader() {
 		slog.Info("this instance is the leader - running background jobs")
 		runner.runDaemons()

middlewares/access_control_middlewares.go

@@ -29,6 +29,22 @@ import (
 	"github.com/labstack/echo/v4"
 )
 
+func InstanceSettings(configService shared.ConfigService, disabled func(shared.InstanceSettings) bool) echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(ctx echo.Context) error {
+			var settings shared.InstanceSettings
+			if err := configService.GetJSONConfig(ctx.Request().Context(), "instanceSettings", &settings); err != nil {
+				// settings not found — allow the request
+				return next(ctx)
+			}
+			if disabled(settings) {
+				return echo.NewHTTPError(403, "this endpoint is disabled by the instance configuration")
+			}
+			return next(ctx)
+		}
+	}
+}
+
 func OrganizationAccessControlMiddleware(obj shared.Object, act shared.Action) echo.MiddlewareFunc {
 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(ctx echo.Context) error {

router/apiv1_router.go

@@ -272,7 +272,7 @@ func NewAPIV1Router(srv api.Server,
 
 	apiV1Router.GET("/instance-settings/", func(ctx echo.Context) error {
 		var settings shared.InstanceSettings
-		err := configService.GetJSONConfig(ctx.Request().Context(), "instance_settings", &settings)
+		err := configService.GetJSONConfig(ctx.Request().Context(), "instanceSettings", &settings)
 		if err != nil {
 			// If the setting is not found, return empty settings with 200 status
 			return ctx.JSON(200, shared.InstanceSettings{})

router/org_router.go

@@ -30,6 +30,7 @@ type OrgRouter struct {
 
 func NewOrgRouter(
 	sessionGroup SessionRouter,
+	configService shared.ConfigService,
 	orgController *controllers.OrgController,
 	projectController *controllers.ProjectController,
 	dependencyProxyController *dependencyfirewall.DependencyProxyController,
@@ -49,7 +50,7 @@ func NewOrgRouter(
 	*/
 	orgRouter := sessionGroup.Group.Group("/organizations")
 	orgRouter.GET("/", orgController.List)
-	orgRouter.POST("/", orgController.Create, middlewares.NeededScope([]string{"manage"}))
+	orgRouter.POST("/", orgController.Create, middlewares.InstanceSettings(configService, func(s shared.InstanceSettings) bool { return s.SingleOrganizationMode }), middlewares.NeededScope([]string{"manage"}))
 
 	/**
 	Organization scoped router