feat(registration): allow self-hosted users to disable registration altogether (#2365)

* feat(registration): allow self-hosted users to disable registration altogether

* updated tests

* fix build

Author: waleedlatif1

apps/sim/.env.example

@@ -4,10 +4,13 @@ DATABASE_URL="postgresql://postgres:password@localhost:5432/postgres"
 # PostgreSQL Port (Optional) - defaults to 5432 if not specified
 # POSTGRES_PORT=5432
 
-# Authentication (Required)
+# Authentication (Required unless DISABLE_AUTH=true)
 BETTER_AUTH_SECRET=your_secret_key  # Use `openssl rand -hex 32` to generate, or visit https://www.better-auth.com/docs/installation
 BETTER_AUTH_URL=http://localhost:3000
 
+# Authentication Bypass (Optional - for self-hosted deployments behind private networks)
+# DISABLE_AUTH=true  # Uncomment to bypass authentication entirely. Creates an anonymous session for all requests.
+
 # NextJS (Required)
 NEXT_PUBLIC_APP_URL=http://localhost:3000
 

apps/sim/app/(auth)/components/oauth-provider-checker.tsx

@@ -1,7 +1,7 @@
 'use server'
 
 import { env } from '@/lib/core/config/env'
-import { isProd } from '@/lib/core/config/environment'
+import { isProd } from '@/lib/core/config/feature-flags'
 
 export async function getOAuthProviderStatus() {
   const githubAvailable = !!(env.GITHUB_CLIENT_ID && env.GITHUB_CLIENT_SECRET)

apps/sim/app/(auth)/login/page.tsx

@@ -1,7 +1,6 @@
 import { getOAuthProviderStatus } from '@/app/(auth)/components/oauth-provider-checker'
 import LoginForm from '@/app/(auth)/login/login-form'
 
-// Force dynamic rendering to avoid prerender errors with search params
 export const dynamic = 'force-dynamic'
 
 export default async function LoginPage() {

apps/sim/app/(auth)/signup/page.tsx

@@ -1,16 +1,16 @@
-import { env, isTruthy } from '@/lib/core/config/env'
+import { isRegistrationDisabled } from '@/lib/core/config/feature-flags'
 import { getOAuthProviderStatus } from '@/app/(auth)/components/oauth-provider-checker'
 import SignupForm from '@/app/(auth)/signup/signup-form'
 
 export const dynamic = 'force-dynamic'
 
 export default async function SignupPage() {
-  const { githubAvailable, googleAvailable, isProduction } = await getOAuthProviderStatus()
-
-  if (isTruthy(env.DISABLE_REGISTRATION)) {
+  if (isRegistrationDisabled) {
     return <div>Registration is disabled, please contact your admin.</div>
   }
 
+  const { githubAvailable, googleAvailable, isProduction } = await getOAuthProviderStatus()
+
   return (
     <SignupForm
       githubAvailable={githubAvailable}

apps/sim/app/(auth)/verify/page.tsx

@@ -1,4 +1,4 @@
-import { isEmailVerificationEnabled, isProd } from '@/lib/core/config/environment'
+import { isEmailVerificationEnabled, isProd } from '@/lib/core/config/feature-flags'
 import { hasEmailService } from '@/lib/messaging/email/mailer'
 import { VerifyContent } from '@/app/(auth)/verify/verify-content'
 

apps/sim/app/(landing)/careers/page.tsx

@@ -13,7 +13,7 @@ import {
   SelectValue,
 } from '@/components/ui/select'
 import { Textarea } from '@/components/ui/textarea'
-import { isHosted } from '@/lib/core/config/environment'
+import { isHosted } from '@/lib/core/config/feature-flags'
 import { cn } from '@/lib/core/utils/cn'
 import { createLogger } from '@/lib/logs/console/logger'
 import { quickValidateEmail } from '@/lib/messaging/email/validation'

apps/sim/app/(landing)/components/legal-layout.tsx

@@ -1,6 +1,6 @@
 'use client'
 
-import { isHosted } from '@/lib/core/config/environment'
+import { isHosted } from '@/lib/core/config/feature-flags'
 import { soehne } from '@/app/_styles/fonts/soehne/soehne'
 import Footer from '@/app/(landing)/components/footer/footer'
 import Nav from '@/app/(landing)/components/nav/nav'

apps/sim/app/(landing)/components/nav/nav.tsx

@@ -7,7 +7,7 @@ import Link from 'next/link'
 import { useRouter } from 'next/navigation'
 import { GithubIcon } from '@/components/icons'
 import { useBrandConfig } from '@/lib/branding/branding'
-import { isHosted } from '@/lib/core/config/environment'
+import { isHosted } from '@/lib/core/config/feature-flags'
 import { createLogger } from '@/lib/logs/console/logger'
 import { soehne } from '@/app/_styles/fonts/soehne/soehne'
 import { getFormattedGitHubStars } from '@/app/(landing)/actions/github'

apps/sim/app/api/auth/[...all]/route.ts

@@ -1,6 +1,23 @@
 import { toNextJsHandler } from 'better-auth/next-js'
+import { type NextRequest, NextResponse } from 'next/server'
 import { auth } from '@/lib/auth'
+import { createAnonymousSession, ensureAnonymousUserExists } from '@/lib/auth/anonymous'
+import { isAuthDisabled } from '@/lib/core/config/feature-flags'
 
 export const dynamic = 'force-dynamic'
 
-export const { GET, POST } = toNextJsHandler(auth.handler)
+const { GET: betterAuthGET, POST: betterAuthPOST } = toNextJsHandler(auth.handler)
+
+export async function GET(request: NextRequest) {
+  const url = new URL(request.url)
+  const path = url.pathname.replace('/api/auth/', '')
+
+  if (path === 'get-session' && isAuthDisabled) {
+    await ensureAnonymousUserExists()
+    return NextResponse.json(createAnonymousSession())
+  }
+
+  return betterAuthGET(request)
+}
+
+export const POST = betterAuthPOST

apps/sim/app/api/auth/socket-token/route.ts

@@ -1,9 +1,14 @@
 import { headers } from 'next/headers'
 import { NextResponse } from 'next/server'
 import { auth } from '@/lib/auth'
+import { isAuthDisabled } from '@/lib/core/config/feature-flags'
 
 export async function POST() {
   try {
+    if (isAuthDisabled) {
+      return NextResponse.json({ token: 'anonymous-socket-token' })
+    }
+
     const hdrs = await headers()
     const response = await auth.api.generateOneTimeToken({
       headers: hdrs,