hard limit on total number of users allowed to be created as another …

…form of security
fullerzz · Aug 31, 2024 · 2e310a4 · 2e310a4
1 parent 7ab3606
commit 2e310a4
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 4 deletions.
diff --git a/src/smolvault/clients/database.py b/src/smolvault/clients/database.py
@@ -113,6 +113,12 @@ def get_user(self, username: str) -> UserInfo | None:
             statement = select(UserInfo).where(UserInfo.username == username)
             return session.exec(statement).first()
 
+    def get_user_count(self) -> int:
+        with Session(self.engine) as session:
+            statement = select(UserInfo)
+            results = session.exec(statement)
+            return len(results.fetchall())
+
     def add_user(self, user: NewUserDTO) -> None:
         user_info = UserInfo(
             username=user.username,

diff --git a/src/smolvault/config.py b/src/smolvault/config.py
@@ -11,6 +11,7 @@ class Settings(BaseSettings):
     smolvault_cache: str
     auth_secret_key: str
     user_whitelist: str
+    users_limit: int
 
     model_config = SettingsConfigDict(env_file=".env")
 

diff --git a/src/smolvault/validators/operation_validator.py b/src/smolvault/validators/operation_validator.py
@@ -32,8 +32,11 @@ def _user_on_whitelist(self, user_id: int) -> bool:
 
 
 class UserCreationValidator:
-    def __init__(self, database_client: DatabaseClient) -> None:
-        self.database_client = database_client
+    def __init__(self) -> None:
+        self.settings = get_settings()
+        self.users_limit = self.settings.users_limit
 
-    def user_creation_allowed(self, email: str) -> bool:
-        raise NotImplementedError
+    def user_creation_allowed(self, db_client: DatabaseClient) -> bool:
+        users: int = db_client.get_user_count()
+        logger.info("%d users currently in the system", users)
+        return users < self.users_limit