Don't create user if allowed users is set (#1822)

* dont allow creating of users when allowed users are set * add info to .env.example --------- Co-authored-by: dni ⚡ <office@dnilabs.com>
2025-01-18 21:32:38 +01:00 · 2023-09-26 07:08:36 +01:00 · 2023-09-26 07:08:36 +01:00 · d79a55b4c6
commit d79a55b4c6
parent 5b16f54857
2 changed files with 6 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@ -15,6 +15,7 @@ LNBITS_ALLOWED_IPS=""
 LNBITS_BLOCKED_IPS=""

 # Allow users and admins by user IDs (comma separated list)
+# if set new users will not be able to create accounts
 LNBITS_ALLOWED_USERS=""
 LNBITS_ADMIN_USERS=""
 # Extensions only admin can access
--- a/lnbits/core/views/api.py
+++ b/lnbits/core/views/api.py
@ -172,6 +172,11 @@ async def api_create_wallet(

@api_router.post("/api/v1/account", response_model=Wallet)
 async def api_create_account(data: CreateWallet) -> Wallet:
+    if len(settings.lnbits_allowed_users) > 0:
+        raise HTTPException(
+            status_code=HTTPStatus.BAD_REQUEST,
+            detail="Account creation is disabled.",
+        )
    account = await create_account()
    return await create_wallet(user_id=account.id, wallet_name=data.name)