From 7b9c29e039cae638475047386d814138237cf3b4 Mon Sep 17 00:00:00 2001
From: Mike Cao <mike@mikecao.com>
Date: Wed, 2 Aug 2023 11:56:42 -0700
Subject: [PATCH] Check for DISABLE_LOGIN on api route.

---
 pages/api/auth/login.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pages/api/auth/login.ts b/pages/api/auth/login.ts
index af206938..b9a2be00 100644
--- a/pages/api/auth/login.ts
+++ b/pages/api/auth/login.ts
@@ -7,6 +7,7 @@ import {
   checkPassword,
   createSecureToken,
   methodNotAllowed,
+  forbidden,
 } from 'next-basics';
 import redis from '@umami/redis-client';
 import { getUserByUsername } from 'queries';
@@ -30,6 +31,10 @@ export default async (
   req: NextApiRequestQueryBody<any, LoginRequestBody>,
   res: NextApiResponse<LoginResponse>,
 ) => {
+  if (process.env.DISABLE_LOGIN) {
+    return forbidden(res);
+  }
+
   if (req.method === 'POST') {
     const { username, password } = req.body;