@@ 6,6 6,7 @@ import (
"net/http"
"net/url"
"strconv"
+ "strings"
"git.sr.ht/~evanj/cms/internal/c"
"git.sr.ht/~evanj/cms/internal/m/space"
@@ 72,20 73,23 @@ func (l *User) login(w http.ResponseWriter, r *http.Request) {
}
func (l *User) signup(w http.ResponseWriter, r *http.Request) {
- if !l.signupEnabled {
- l.Error(w, r, http.StatusForbidden, ErrNoSignup)
- return
- }
-
username := r.FormValue("username")
password := r.FormValue("password")
verify := r.FormValue("verify")
+
t, ok := tier.ByName(r.FormValue("tier"))
if !ok {
l.Error(w, r, http.StatusBadRequest, ErrNoTier)
return
}
+ isChief := strings.Contains(username, "@chief") && t.Is(tier.Free)
+
+ if !l.signupEnabled && !isChief {
+ l.Error(w, r, http.StatusForbidden, ErrNoSignup)
+ return
+ }
+
user, err := l.db.UserNew(username, password, verify)
if err != nil {
l.Error(w, r, http.StatusBadRequest, err)