add config option to prevent new users

compass/.env.example

@@ -41,6 +41,11 @@ CACHE_DRIVER=redis
 # if it supports the IndieAuth protocol https://indieweb.org/indieauth-for-login
 DEFAULT_AUTH_ENDPOINT=https://indieauth.com/auth
 
+# If this is true, then anyone can create accounts. If false, then only existing
+# users in the users table will be able to log in. You can add your own domain name
+# to the users table to allow yourself to log in the first time.
+ALLOW_NEW_USERS=false
+
 APP_ENV=local
 APP_DEBUG=false
 

compass/app/Http/Controllers/IndieAuth.php

@@ -19,6 +19,13 @@ class IndieAuth extends BaseController
       return view('auth/error', ['error' => 'Invalid URL']);
     }
 
+    if(!env('ALLOW_NEW_USERS')) {
+      $user = DB::table('users')->where('url', $me)->first();
+      if(!$user) {
+        return view('auth/error', ['error' => 'User Not Registered']);
+      }
+    }
+
     $state = \IndieAuth\Client::generateStateParameter();
 
     if(preg_match('/https?:\/\/github\.com\/[^ \/]+/', $me)) {

compass/resources/views/auth/error.blade.php

@@ -2,8 +2,9 @@
 
 @section('content')
 
-<h1>Something went wrong</h1>
+<div class="splash">
+  <h1>Something went wrong</h1>
+  <p>{{ $error }}</p>
+</div>
 
-{{ $error }}
-
-@endsection
+@endsection