add LockedLogins to settings.

internal/api/session.go

@@ -33,6 +33,8 @@ func (api *ApiManagerCtx) Login(w http.ResponseWriter, r *http.Request) error {
 			return utils.HttpUnprocessableEntity("session already connected")
 		} else if errors.Is(err, types.ErrMemberDoesNotExist) || errors.Is(err, types.ErrMemberInvalidPassword) {
 			return utils.HttpUnauthorized().WithInternalErr(err)
+		} else if errors.Is(err, types.ErrSessionLoginsLocked) {
+			return utils.HttpForbidden("logins are locked").WithInternalErr(err)
 		} else {
 			return utils.HttpInternalServerError().WithInternalErr(err)
 		}

internal/config/session.go

@@ -11,6 +11,7 @@ type Session struct {
 	File string
 
 	PrivateMode       bool
+	LockedLogins      bool
 	LockedControls    bool
 	ImplicitHosting   bool
 	InactiveCursors   bool
@@ -34,6 +35,11 @@ func (Session) Init(cmd *cobra.Command) error {
 		return err
 	}
 
+	cmd.PersistentFlags().Bool("session.locked_logins", false, "whether logins should be locked for users initially")
+	if err := viper.BindPFlag("session.locked_logins", cmd.PersistentFlags().Lookup("session.locked_logins")); err != nil {
+		return err
+	}
+
 	cmd.PersistentFlags().Bool("session.locked_controls", false, "whether controls should be locked for users initially")
 	if err := viper.BindPFlag("session.locked_controls", cmd.PersistentFlags().Lookup("session.locked_controls")); err != nil {
 		return err
@@ -87,6 +93,7 @@ func (s *Session) Set() {
 	s.File = viper.GetString("session.file")
 
 	s.PrivateMode = viper.GetBool("session.private_mode")
+	s.LockedLogins = viper.GetBool("session.locked_logins")
 	s.LockedControls = viper.GetBool("session.locked_controls")
 	s.ImplicitHosting = viper.GetBool("session.implicit_hosting")
 	s.InactiveCursors = viper.GetBool("session.inactive_cursors")

internal/member/manager.go

@@ -141,6 +141,10 @@ func (manager *MemberManagerCtx) Login(username string, password string) (types.
 		return nil, "", err
 	}
 
+	if !profile.IsAdmin && manager.sessions.Settings().LockedLogins {
+		return nil, "", types.ErrSessionLoginsLocked
+	}
+
 	session, ok := manager.sessions.Get(id)
 	if ok {
 		if session.State().IsConnected {

internal/session/manager.go

@@ -20,6 +20,7 @@ func New(config *config.Session) *SessionManagerCtx {
 		config: config,
 		settings: types.Settings{
 			PrivateMode:       config.PrivateMode,
+			LockedLogins:      config.LockedLogins,
 			LockedControls:    config.LockedControls,
 			ImplicitHosting:   config.ImplicitHosting,
 			InactiveCursors:   config.InactiveCursors,

pkg/types/session.go

@@ -11,6 +11,7 @@ var (
 	ErrSessionAlreadyExists    = errors.New("session already exists")
 	ErrSessionAlreadyConnected = errors.New("session is already connected")
 	ErrSessionLoginDisabled    = errors.New("session login disabled")
+	ErrSessionLoginsLocked     = errors.New("session logins locked")
 )
 
 type Cursor struct {
@@ -40,6 +41,7 @@ type SessionState struct {
 
 type Settings struct {
 	PrivateMode       bool `json:"private_mode"`
+	LockedLogins      bool `json:"locked_logins"`
 	LockedControls    bool `json:"locked_controls"`
 	ImplicitHosting   bool `json:"implicit_hosting"`
 	InactiveCursors   bool `json:"inactive_cursors"`