add config option to disable organization creation in single organization mode

Signed-off-by: rafi <refaei.shikho@hotmail.com>

Author: refoo0

controllers/org_controller.go

@@ -36,15 +36,17 @@ type OrgController struct {
 	rbacProvider           shared.RBACProvider
 	projectService         shared.ProjectService
 	invitationRepository   shared.InvitationRepository
+	configService          shared.ConfigService
 }
 
-func NewOrganizationController(repository shared.OrganizationRepository, orgService shared.OrgService, rbacProvider shared.RBACProvider, projectService shared.ProjectService, invitationRepository shared.InvitationRepository) *OrgController {
+func NewOrganizationController(repository shared.OrganizationRepository, orgService shared.OrgService, rbacProvider shared.RBACProvider, projectService shared.ProjectService, invitationRepository shared.InvitationRepository, configService shared.ConfigService) *OrgController {
 	return &OrgController{
 		organizationRepository: repository,
 		orgService:             orgService,
 		rbacProvider:           rbacProvider,
 		projectService:         projectService,
 		invitationRepository:   invitationRepository,
+		configService:          configService,
 	}
 }
 
@@ -56,6 +58,15 @@ func NewOrganizationController(repository shared.OrganizationRepository, orgServ
 // @Success 200 {object} models.Org
 // @Router /organizations [post]
 func (controller *OrgController) Create(ctx shared.Context) error {
+	var settings shared.InstanceSettings
+	err := controller.configService.GetJSONConfig(ctx.Request().Context(), "instance_settings", &settings)
+	if err != nil {
+		// if there is an error getting the instance settings, we assume that the instance settings do not exist and we allow the creation of the organization
+		settings = shared.InstanceSettings{}
+	}
+	if settings.SingleOrganizationMode {
+		return echo.NewHTTPError(400, "creating organizations is not allowed in single organization mode")
+	}
 
 	var req dtos.OrgCreateRequest
 	if err := ctx.Bind(&req); err != nil {
@@ -71,7 +82,7 @@ func (controller *OrgController) Create(ctx shared.Context) error {
 		return echo.NewHTTPError(400, "slug is required")
 	}
 
-	err := controller.orgService.CreateOrganization(ctx, &organization)
+	err = controller.orgService.CreateOrganization(ctx, &organization)
 	if err != nil {
 		return err
 	}

daemons/daemon.go

@@ -3,6 +3,7 @@ package daemons
 import (
 	"context"
 	"log/slog"
+	"os"
 	"time"
 
 	"github.com/l3montree-dev/devguard/shared"
@@ -68,8 +69,23 @@ func (runner *DaemonRunner) CleanupOrphanedRecords(ctx context.Context) error {
 	return nil
 }
 
+func (runner *DaemonRunner) SetInstanceSettings(ctx context.Context) error {
+	singleOrganizationMode := os.Getenv("SINGLE_ORGANIZATION_MODE")
+	if singleOrganizationMode == "true" {
+		return runner.configService.SetJSONConfig(ctx, "instance_settings", shared.InstanceSettings{
+			SingleOrganizationMode: true,
+		})
+	}
+	return nil
+}
+
 func (runner *DaemonRunner) runDaemons() {
 	ctx := context.Background()
+
+	if err := runner.SetInstanceSettings(ctx); err != nil {
+		slog.Error("could not set instance settings", "err", err)
+	}
+
 	if err := runner.maybeRunAndMark("maintain.cleanup", func() error {
 		return runner.CleanupOrphanedRecords(ctx)
 	}); err != nil {

router/apiv1_router.go

@@ -41,6 +41,7 @@ func NewAPIV1Router(srv api.Server,
 	pool *pgxpool.Pool,
 	thirdPartyIntegration shared.IntegrationAggregate,
 	oryAdmin shared.AdminClient,
+	configService shared.ConfigService,
 	assetController *controllers.AssetController,
 	intotoController *controllers.InToToController,
 	csafController *controllers.CSAFController,
@@ -202,6 +203,17 @@ func NewAPIV1Router(srv api.Server,
 	apiV1Router.POST("/scan-unauthenticated/", scanController.ScanDependencyVulnUnauthenticated)
 	apiV1Router.GET("/renovate/recommendation/", dependencyVulnController.GetRecommendation)
 
+	apiV1Router.GET("/instance-settings/", func(ctx echo.Context) error {
+		var settings shared.InstanceSettings
+		err := configService.GetJSONConfig(ctx.Request().Context(), "instance_settings", &settings)
+		if err != nil {
+			return ctx.JSON(404, map[string]string{
+				"error": "instance settings not found",
+			})
+		}
+		return ctx.JSON(200, settings)
+	})
+
 	// csaf routes
 	apiV1Router.GET("/.well-known/csaf-aggregator/aggregator.json/", csafController.GetAggregatorJSON)
 	apiV1Router.GET("/organizations/:organization/csaf/provider-metadata.json/", csafController.GetProviderMetadataForOrganization, middlewares.CsafMiddleware(true, orgRepository, projectRepository, assetRepository, assetVersionRepository, artifactRepository))

shared/common_interfaces.go

@@ -749,3 +749,7 @@ const (
 	ContainerScan ScannerType = "container-scan"
 	TestScanner   ScannerType = "test-scanner"
 )
+
+type InstanceSettings struct {
+	SingleOrganizationMode bool `json:"singleOrganizationMode"`
+}