Disable login and signup on master (auth only on dev branch)

owenbcoding · owenbcoding · commit 152da97cab33 · 2026-03-10T16:30:19.000Z
Made-with: Cursor
diff --git a/app/Http/Middleware/EnsureAuthPublic.php b/app/Http/Middleware/EnsureAuthPublic.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class EnsureAuthPublic
+{
+    /**
+     * Paths that are disabled when auth is not public (login/signup disabled).
+     */
+    protected array $authPaths = [
+        'login',
+        'register',
+        'forgot-password',
+        'reset-password',
+        'two-factor-challenge',
+        'email/verify',
+    ];
+
+    public function handle(Request $request, Closure $next): Response
+    {
+        if (config('services.auth_public', true)) {
+            return $next($request);
+        }
+
+        $path = trim($request->path(), '/');
+
+        foreach ($this->authPaths as $authPath) {
+            if ($path === $authPath || str_starts_with($path, $authPath.'/')) {
+                return redirect()->route('home')
+                    ->with('status', 'Login and sign up are not available.');
+            }
+        }
+
+        return $next($request);
+    }
+}
diff --git a/bootstrap/app.php b/bootstrap/app.php
@@ -1,5 +1,6 @@
 <?php
 
+use App\Http\Middleware\EnsureAuthPublic;
 use App\Http\Middleware\HandleAppearance;
 use App\Http\Middleware\HandleInertiaRequests;
 use Illuminate\Foundation\Application;
@@ -17,6 +18,7 @@
         $middleware->encryptCookies(except: ['appearance', 'sidebar_state']);
 
         $middleware->web(append: [
+            EnsureAuthPublic::class,
             HandleAppearance::class,
             HandleInertiaRequests::class,
             AddLinkHeadersForPreloadedAssets::class,
diff --git a/config/services.php b/config/services.php
@@ -36,4 +36,16 @@
         ],
     ],
 
+    /*
+    |--------------------------------------------------------------------------
+    | Auth public (login / signup)
+    |--------------------------------------------------------------------------
+    |
+    | When true, /login and /register are available. When false, they redirect
+    | to home. Default is false on master (auth disabled); set AUTH_PUBLIC=true
+    | or use the dev branch for login/signup.
+    |
+    */
+    'auth_public' => env('AUTH_PUBLIC', false),
+
 ];
diff --git a/routes/web.php b/routes/web.php
@@ -20,7 +20,7 @@
 
 Route::get('/', function () {
     return Inertia::render('Welcome', [
-        'canRegister' => Features::enabled(Features::registration()),
+        'canRegister' => config('services.auth_public', true) && Features::enabled(Features::registration()),
     ]);
 })->name('home');
 
diff --git a/tests/Feature/Auth/AuthenticationTest.php b/tests/Feature/Auth/AuthenticationTest.php
@@ -4,6 +4,12 @@
 use Illuminate\Support\Facades\RateLimiter;
 use Laravel\Fortify\Features;
 
+beforeEach(function () {
+    if (! auth_public()) {
+        $this->markTestSkipped('Login/signup is disabled on this branch.');
+    }
+});
+
 test('login screen can be rendered', function () {
     $response = $this->get(route('login'));
 
diff --git a/tests/Feature/Auth/PasswordConfirmationTest.php b/tests/Feature/Auth/PasswordConfirmationTest.php
@@ -3,6 +3,12 @@
 use App\Models\User;
 use Inertia\Testing\AssertableInertia as Assert;
 
+beforeEach(function () {
+    if (! auth_public()) {
+        $this->markTestSkipped('Login/signup is disabled on this branch.');
+    }
+});
+
 test('confirm password screen can be rendered', function () {
     $user = User::factory()->create();
 
@@ -18,5 +24,5 @@
 test('password confirmation requires authentication', function () {
     $response = $this->get(route('password.confirm'));
 
-    $response->assertRedirect(route('login'));
+    $response->assertRedirect(guest_redirect_target());
 });
diff --git a/tests/Feature/Auth/PasswordResetTest.php b/tests/Feature/Auth/PasswordResetTest.php
@@ -4,6 +4,12 @@
 use Illuminate\Auth\Notifications\ResetPassword;
 use Illuminate\Support\Facades\Notification;
 
+beforeEach(function () {
+    if (! auth_public()) {
+        $this->markTestSkipped('Login/signup is disabled on this branch.');
+    }
+});
+
 test('reset password link screen can be rendered', function () {
     $response = $this->get(route('password.request'));
 
diff --git a/tests/Feature/Auth/RegistrationTest.php b/tests/Feature/Auth/RegistrationTest.php
@@ -1,5 +1,11 @@
 <?php
 
+beforeEach(function () {
+    if (! auth_public()) {
+        $this->markTestSkipped('Login/signup is disabled on this branch.');
+    }
+});
+
 test('registration screen can be rendered', function () {
     $response = $this->get(route('register'));
 
diff --git a/tests/Feature/Auth/TwoFactorChallengeTest.php b/tests/Feature/Auth/TwoFactorChallengeTest.php
@@ -4,6 +4,12 @@
 use Inertia\Testing\AssertableInertia as Assert;
 use Laravel\Fortify\Features;
 
+beforeEach(function () {
+    if (! auth_public()) {
+        $this->markTestSkipped('Login/signup is disabled on this branch.');
+    }
+});
+
 test('two factor challenge redirects to login when not authenticated', function () {
     if (! Features::canManageTwoFactorAuthentication()) {
         $this->markTestSkipped('Two-factor authentication is not enabled.');
diff --git a/tests/Feature/ChangelogEntryTest.php b/tests/Feature/ChangelogEntryTest.php
@@ -9,8 +9,8 @@
 use function Pest\Laravel\patch;
 use function Pest\Laravel\delete;
 
-it('redirects guests from changelog index to login', function () {
-    get(route('changelog.index'))->assertRedirect(route('login'));
+it('redirects guests from changelog index to login or home when auth disabled', function () {
+    get(route('changelog.index'))->assertRedirect(guest_redirect_target());
 });
 
 it('lists only the authenticated users changelog entries', function () {
diff --git a/tests/Feature/CheckInTest.php b/tests/Feature/CheckInTest.php
@@ -8,8 +8,8 @@
 use function Pest\Laravel\post;
 use function Pest\Laravel\patch;
 
-it('redirects guests from check-ins index to login', function () {
-    get(route('check-ins.index'))->assertRedirect(route('login'));
+it('redirects guests from check-ins index to login or home when auth disabled', function () {
+    get(route('check-ins.index'))->assertRedirect(guest_redirect_target());
 });
 
 it('shows only the authenticated users check-ins in the given range', function () {
diff --git a/tests/Feature/DashboardTest.php b/tests/Feature/DashboardTest.php
@@ -2,9 +2,9 @@
 
 use App\Models\User;
 
-test('guests are redirected to the login page', function () {
+test('guests are redirected to login or home when auth is disabled', function () {
     $response = $this->get(route('dashboard'));
-    $response->assertRedirect(route('login'));
+    $response->assertRedirect(guest_redirect_target());
 });
 
 test('authenticated users can visit the dashboard', function () {
diff --git a/tests/Feature/WorkSessionTest.php b/tests/Feature/WorkSessionTest.php
@@ -9,8 +9,8 @@
 use function Pest\Laravel\patch;
 use function Pest\Laravel\delete;
 
-it('redirects guests from work sessions index to login', function () {
-    get(route('work-sessions.index'))->assertRedirect(route('login'));
+it('redirects guests from work sessions index to login or home when auth disabled', function () {
+    get(route('work-sessions.index'))->assertRedirect(guest_redirect_target());
 });
 
 it('lists only the authenticated users ended work sessions', function () {
diff --git a/tests/Pest.php b/tests/Pest.php
@@ -41,7 +41,12 @@
 |
 */
 
-function something()
+function auth_public(): bool
 {
-    // ..
+    return config('services.auth_public', true);
+}
+
+function guest_redirect_target(): string
+{
+    return auth_public() ? route('login') : route('home');
 }
