feat: add security related settings

1167df29 · Steven · 4e5810e2 · 1167df29 · 1167df29 · 1167df29
Commit 1167df29 authored Aug 28, 2024 by Steven
16 changed files
--- a/bin/memos/main.go
+++ b/bin/memos/main.go
@@ -36,16 +36,14 @@ var (
 		Short: `An open source, lightweight note-taking service. Easily capture and share your great thoughts.`,
 		Run: func(_ *cobra.Command, _ []string) {
 			instanceProfile := &profile.Profile{
-				Mode:         viper.GetString("mode"),
+				Mode:        viper.GetString("mode"),
-				Addr:         viper.GetString("addr"),
+				Addr:        viper.GetString("addr"),
-				Port:         viper.GetInt("port"),
+				Port:        viper.GetInt("port"),
-				Data:         viper.GetString("data"),
+				Data:        viper.GetString("data"),
-				Driver:       viper.GetString("driver"),
+				Driver:      viper.GetString("driver"),
-				DSN:          viper.GetString("dsn"),
+				DSN:         viper.GetString("dsn"),
-				Public:       viper.GetBool("public"),
+				InstanceURL: viper.GetString("instance-url"),
-				PasswordAuth: viper.GetBool("password-auth"),
+				Version:     version.GetCurrentVersion(viper.GetString("mode")),
-				InstanceURL:  viper.GetString("instance-url"),
-				Version:      version.GetCurrentVersion(viper.GetString("mode")),
 			}
 			if err := instanceProfile.Validate(); err != nil {
 				panic(err)
@@ -104,7 +102,6 @@ func init() {
 	viper.SetDefault("mode", "dev")
 	viper.SetDefault("driver", "sqlite")
 	viper.SetDefault("port", 8081)
-	viper.SetDefault("password-auth", true)
 	rootCmd.PersistentFlags().String("mode", "dev", `mode of server, can be "prod" or "dev" or "demo"`)
 	rootCmd.PersistentFlags().String("addr", "", "address of server")
@@ -112,8 +109,6 @@ func init() {
 	rootCmd.PersistentFlags().String("data", "", "data directory")
 	rootCmd.PersistentFlags().String("driver", "sqlite", "database driver")
 	rootCmd.PersistentFlags().String("dsn", "", "database source name(aka. DSN)")
-	rootCmd.PersistentFlags().Bool("public", false, "")
-	rootCmd.PersistentFlags().Bool("password-auth", true, "")
 	rootCmd.PersistentFlags().String("instance-url", "", "the url of your memos instance")
 	if err := viper.BindPFlag("mode", rootCmd.PersistentFlags().Lookup("mode")); err != nil {
@@ -134,21 +129,12 @@ func init() {
 	if err := viper.BindPFlag("dsn", rootCmd.PersistentFlags().Lookup("dsn")); err != nil {
 		panic(err)
 	}
-	if err := viper.BindPFlag("public", rootCmd.PersistentFlags().Lookup("public")); err != nil {
-		panic(err)
-	}
-	if err := viper.BindPFlag("password-auth", rootCmd.PersistentFlags().Lookup("password-auth")); err != nil {
-		panic(err)
-	}
 	if err := viper.BindPFlag("instance-url", rootCmd.PersistentFlags().Lookup("instance-url")); err != nil {
 		panic(err)
 	}
 	viper.SetEnvPrefix("memos")
 	viper.AutomaticEnv()
-	if err := viper.BindEnv("password-auth", "MEMOS_PASSWORD_AUTH"); err != nil {
-		panic(err)
-	}
 	if err := viper.BindEnv("instance-url", "MEMOS_INSTANCE_URL"); err != nil {
 		panic(err)
 	}
@@ -163,11 +149,9 @@ dsn: %s
 addr: %s
 port: %d
 mode: %s
-public: %t
-password-auth: %t
 driver: %s
 ---
-`, profile.Version, profile.Data, profile.DSN, profile.Addr, profile.Port, profile.Mode, profile.Public, profile.PasswordAuth, profile.Driver)
+`, profile.Version, profile.Data, profile.DSN, profile.Addr, profile.Port, profile.Mode, profile.Driver)
 	print(greetingBanner)
 	if len(profile.Addr) == 0 {

--- a/docs/apidocs.swagger.yaml
+++ b/docs/apidocs.swagger.yaml
@@ -2045,6 +2045,12 @@ definitions:
  apiv1WorkspaceGeneralSetting:
    type: object
    properties:
+      disallowSignup:
+        type: boolean
+        description: disallow_signup disallows signup for new users.
+      disallowPasswordSignin:
+        type: boolean
+        description: disallow_password_signin disallows user to sign in with password. Except for the admins.
      additionalScript:
        type: string
        description: additional_script is the additional script.
@@ -3125,12 +3131,6 @@ definitions:
      mode:
        type: string
        description: mode is the instance mode (e.g. "prod", "dev" or "demo").
-      public:
-        type: boolean
-        description: public is a flag that the instance is open for other users.
-      passwordAuth:
-        type: boolean
-        description: password_auth is a flag whether the instance allows password authentication.
      instanceUrl:
        type: string
        description: instance_url is the URL of the instance.
--- a/proto/api/v1/workspace_service.proto
+++ b/proto/api/v1/workspace_service.proto
@@ -21,10 +21,6 @@ message WorkspaceProfile {
  string version = 2;
  // mode is the instance mode (e.g. "prod", "dev" or "demo").
  string mode = 3;
-  // public is a flag that the instance is open for other users.
-  bool public = 4;
-  // password_auth is a flag whether the instance allows password authentication.
-  bool password_auth = 5;
  // instance_url is the URL of the instance.
  string instance_url = 6;
 }

--- a/proto/api/v1/workspace_setting_service.proto
+++ b/proto/api/v1/workspace_setting_service.proto
@@ -36,6 +36,10 @@ message WorkspaceSetting {
 }
 message WorkspaceGeneralSetting {
+  // disallow_signup disallows signup for new users.
+  bool disallow_signup = 1;
+  // disallow_password_signin disallows user to sign in with password. Except for the admins.
+  bool disallow_password_signin = 2;
  // additional_script is the additional script.
  string additional_script = 3;
  // additional_style is the additional style.

--- a/proto/gen/api/v1/workspace_service.pb.go
+++ b/proto/gen/api/v1/workspace_service.pb.go
@@ -33,10 +33,6 @@ type WorkspaceProfile struct {
 	Version string `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"`
 	// mode is the instance mode (e.g. "prod", "dev" or "demo").
 	Mode string `protobuf:"bytes,3,opt,name=mode,proto3" json:"mode,omitempty"`
-	// public is a flag that the instance is open for other users.
-	Public bool `protobuf:"varint,4,opt,name=public,proto3" json:"public,omitempty"`
-	// password_auth is a flag whether the instance allows password authentication.
-	PasswordAuth bool `protobuf:"varint,5,opt,name=password_auth,json=passwordAuth,proto3" json:"password_auth,omitempty"`
 	// instance_url is the URL of the instance.
 	InstanceUrl string `protobuf:"bytes,6,opt,name=instance_url,json=instanceUrl,proto3" json:"instance_url,omitempty"`
 }
@@ -94,20 +90,6 @@ func (x *WorkspaceProfile) GetMode() string {
 	return ""
 }
-func (x *WorkspaceProfile) GetPublic() bool {
-	if x != nil {
-		return x.Public
-	}
-	return false
-}
-func (x *WorkspaceProfile) GetPasswordAuth() bool {
-	if x != nil {
-		return x.PasswordAuth
-	}
-	return false
-}
 func (x *WorkspaceProfile) GetInstanceUrl() string {
 	if x != nil {
 		return x.InstanceUrl
@@ -160,42 +142,38 @@ var file_api_v1_workspace_service_proto_rawDesc = []byte{
 	0x63, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
 	0x12, 0x0c, 0x6d, 0x65, 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x1a, 0x1c,
 	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb6, 0x01, 0x0a,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x79, 0x0a, 0x10,
-	0x10, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c,
-	0x65, 0x12, 0x14, 0x0a, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69,
-	0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f,
-	0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x12, 0x23, 0x0a,
-	0x0d, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x18, 0x05,
-	0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x41, 0x75,
-	0x74, 0x68, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x75,
-	0x72, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e,
-	0x63, 0x65, 0x55, 0x72, 0x6c, 0x22, 0x1c, 0x0a, 0x1a, 0x47, 0x65, 0x74, 0x57, 0x6f, 0x72, 0x6b,
-	0x73, 0x70, 0x61, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x32, 0x97, 0x01, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63,
-	0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x82, 0x01, 0x0a, 0x13, 0x47, 0x65, 0x74,
 	0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65,
-	0x12, 0x28, 0x2e, 0x6d, 0x65, 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x2e,
+	0x12, 0x14, 0x0a, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x47, 0x65, 0x74, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x66,
+	0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f,
-	0x69, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x6d, 0x65, 0x6d,
+	0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
-	0x6f, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70,
+	0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x61, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x22, 0x21, 0x82, 0xd3, 0xe4, 0x93,
+	0x6d, 0x6f, 0x64, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65,
-	0x02, 0x1b, 0x12, 0x19, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x77, 0x6f, 0x72, 0x6b,
+	0x5f, 0x75, 0x72, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x69, 0x6e, 0x73, 0x74,
-	0x73, 0x70, 0x61, 0x63, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x42, 0xad, 0x01,
+	0x61, 0x6e, 0x63, 0x65, 0x55, 0x72, 0x6c, 0x22, 0x1c, 0x0a, 0x1a, 0x47, 0x65, 0x74, 0x57, 0x6f,
-	0x0a, 0x10, 0x63, 0x6f, 0x6d, 0x2e, 0x6d, 0x65, 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e,
+	0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x52, 0x65,
-	0x76, 0x31, 0x42, 0x15, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x53, 0x65, 0x72,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x32, 0x97, 0x01, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70,
-	0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x30, 0x67, 0x69, 0x74,
+	0x61, 0x63, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x82, 0x01, 0x0a, 0x13, 0x47,
-	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x75, 0x73, 0x65, 0x6d, 0x65, 0x6d, 0x6f, 0x73,
+	0x65, 0x74, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69,
-	0x2f, 0x6d, 0x65, 0x6d, 0x6f, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x65, 0x6e,
+	0x6c, 0x65, 0x12, 0x28, 0x2e, 0x6d, 0x65, 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76,
-	0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x70, 0x69, 0x76, 0x31, 0xa2, 0x02, 0x03,
+	0x31, 0x2e, 0x47, 0x65, 0x74, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x50, 0x72,
-	0x4d, 0x41, 0x58, 0xaa, 0x02, 0x0c, 0x4d, 0x65, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x70, 0x69, 0x2e,
+	0x6f, 0x66, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x6d,
-	0x56, 0x31, 0xca, 0x02, 0x0c, 0x4d, 0x65, 0x6d, 0x6f, 0x73, 0x5c, 0x41, 0x70, 0x69, 0x5c, 0x56,
+	0x65, 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b,
-	0x31, 0xe2, 0x02, 0x18, 0x4d, 0x65, 0x6d, 0x6f, 0x73, 0x5c, 0x41, 0x70, 0x69, 0x5c, 0x56, 0x31,
+	0x73, 0x70, 0x61, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x22, 0x21, 0x82, 0xd3,
-	0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x0e, 0x4d,
+	0xe4, 0x93, 0x02, 0x1b, 0x12, 0x19, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x77, 0x6f,
-	0x65, 0x6d, 0x6f, 0x73, 0x3a, 0x3a, 0x41, 0x70, 0x69, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70,
+	0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x42,
-	0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0xad, 0x01, 0x0a, 0x10, 0x63, 0x6f, 0x6d, 0x2e, 0x6d, 0x65, 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x70,
+	0x69, 0x2e, 0x76, 0x31, 0x42, 0x15, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x53,
+	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x30, 0x67,
+	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x75, 0x73, 0x65, 0x6d, 0x65, 0x6d,
+	0x6f, 0x73, 0x2f, 0x6d, 0x65, 0x6d, 0x6f, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67,
+	0x65, 0x6e, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x70, 0x69, 0x76, 0x31, 0xa2,
+	0x02, 0x03, 0x4d, 0x41, 0x58, 0xaa, 0x02, 0x0c, 0x4d, 0x65, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x70,
+	0x69, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0c, 0x4d, 0x65, 0x6d, 0x6f, 0x73, 0x5c, 0x41, 0x70, 0x69,
+	0x5c, 0x56, 0x31, 0xe2, 0x02, 0x18, 0x4d, 0x65, 0x6d, 0x6f, 0x73, 0x5c, 0x41, 0x70, 0x69, 0x5c,
+	0x56, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02,
+	0x0e, 0x4d, 0x65, 0x6d, 0x6f, 0x73, 0x3a, 0x3a, 0x41, 0x70, 0x69, 0x3a, 0x3a, 0x56, 0x31, 0x62,
+	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 var (

--- a/proto/gen/api/v1/workspace_setting_service.pb.go
+++ b/proto/gen/api/v1/workspace_setting_service.pb.go
--- a/proto/gen/store/workspace_setting.pb.go
+++ b/proto/gen/store/workspace_setting.pb.go
--- a/proto/store/workspace_setting.proto
+++ b/proto/store/workspace_setting.proto
@@ -31,16 +31,20 @@ message WorkspaceBasicSetting {
 }
 message WorkspaceGeneralSetting {
+  // disallow_signup disallows signup for new users.
+  bool disallow_signup = 1;
+  // disallow_password_signin disallows user to sign in with password. Except for the admins.
+  bool disallow_password_signin = 2;
  // additional_script is the additional script.
-  string additional_script = 1;
+  string additional_script = 3;
  // additional_style is the additional style.
-  string additional_style = 2;
+  string additional_style = 4;
  // custom_profile is the custom profile.
-  WorkspaceCustomProfile custom_profile = 3;
+  WorkspaceCustomProfile custom_profile = 5;
  // week_start_day_offset is the week start day offset from Sunday.
  // 0: Sunday, 1: Monday, 2: Tuesday, 3: Wednesday, 4: Thursday, 5: Friday, 6: Saturday
  // Default is Sunday.
-  int32 week_start_day_offset = 4;
+  int32 week_start_day_offset = 6;
 }
 message WorkspaceCustomProfile {

--- a/scripts/.air.toml
+++ b/scripts/.air.toml
@@ -2,7 +2,7 @@ root = "."
 tmp_dir = ".air"
 [build]
-bin = "./.air/memos --mode dev --public true"
+bin = "./.air/memos --mode dev"
 cmd = "go build -o ./.air/memos ./bin/memos/main.go"
 delay = 1000
 exclude_dir = [".air", "web", "build"]

--- a/server/profile/profile.go
+++ b/server/profile/profile.go
@@ -28,10 +28,6 @@ type Profile struct {
 	Driver string
 	// Version is the current version of server
 	Version string
-	// Pubic is the flag whether the instance is public for others.
-	Public bool
-	// PasswordAuth is the flag whether the instance uses password authentication.
-	PasswordAuth bool
 	// InstanceURL is the url of your memos instance.
 	InstanceURL string
 }

--- a/server/router/api/v1/auth_service.go
+++ b/server/router/api/v1/auth_service.go
@@ -167,11 +167,11 @@ func (s *APIV1Service) doSignIn(ctx context.Context, user *store.User, expireTim
 }
 func (s *APIV1Service) SignUp(ctx context.Context, request *v1pb.SignUpRequest) (*v1pb.User, error) {
-	workspaceProfile, err := s.GetWorkspaceProfile(ctx, &v1pb.GetWorkspaceProfileRequest{})
+	workspaceGeneralSetting, err := s.Store.GetWorkspaceGeneralSetting(ctx)
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to get workspace profile, err: %s", err))
+		return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to get workspace general setting, err: %s", err))
 	}
-	if !workspaceProfile.Public {
+	if workspaceGeneralSetting.DisallowSignup {
 		return nil, status.Errorf(codes.PermissionDenied, "sign up is not allowed")
 	}

--- a/server/router/api/v1/workspace_service.go
+++ b/server/router/api/v1/workspace_service.go
@@ -13,11 +13,9 @@ import (
 func (s *APIV1Service) GetWorkspaceProfile(ctx context.Context, _ *v1pb.GetWorkspaceProfileRequest) (*v1pb.WorkspaceProfile, error) {
 	workspaceProfile := &v1pb.WorkspaceProfile{
-		Version:      s.Profile.Version,
+		Version:     s.Profile.Version,
-		Mode:         s.Profile.Mode,
+		Mode:        s.Profile.Mode,
-		Public:       s.Profile.Public,
+		InstanceUrl: s.Profile.InstanceURL,
-		PasswordAuth: s.Profile.PasswordAuth,
-		InstanceUrl:  s.Profile.InstanceURL,
 	}
 	println("workspaceProfile: ", workspaceProfile.Mode)
 	owner, err := s.GetInstanceOwner(ctx)
@@ -26,10 +24,6 @@ func (s *APIV1Service) GetWorkspaceProfile(ctx context.Context, _ *v1pb.GetWorks
 	}
 	if owner != nil {
 		workspaceProfile.Owner = owner.Name
-	} else {
-		// If owner is not found, set Public/PasswordAuth to true.
-		workspaceProfile.Public = true
-		workspaceProfile.PasswordAuth = true
 	}
 	return workspaceProfile, nil
 }

--- a/server/router/api/v1/workspace_setting_service.go
+++ b/server/router/api/v1/workspace_setting_service.go
@@ -132,9 +132,11 @@ func convertWorkspaceGeneralSettingFromStore(setting *storepb.WorkspaceGeneralSe
 		return nil
 	}
 	generalSetting := &v1pb.WorkspaceGeneralSetting{
-		AdditionalScript:   setting.AdditionalScript,
+		DisallowSignup:         setting.DisallowSignup,
-		AdditionalStyle:    setting.AdditionalStyle,
+		DisallowPasswordSignin: setting.DisallowPasswordSignin,
-		WeekStartDayOffset: setting.WeekStartDayOffset,
+		AdditionalScript:       setting.AdditionalScript,
+		AdditionalStyle:        setting.AdditionalStyle,
+		WeekStartDayOffset:     setting.WeekStartDayOffset,
 	}
 	if setting.CustomProfile != nil {
 		generalSetting.CustomProfile = &v1pb.WorkspaceCustomProfile{
@@ -153,9 +155,11 @@ func convertWorkspaceGeneralSettingToStore(setting *v1pb.WorkspaceGeneralSetting
 		return nil
 	}
 	generalSetting := &storepb.WorkspaceGeneralSetting{
-		AdditionalScript:   setting.AdditionalScript,
+		DisallowSignup:         setting.DisallowSignup,
-		AdditionalStyle:    setting.AdditionalStyle,
+		DisallowPasswordSignin: setting.DisallowPasswordSignin,
-		WeekStartDayOffset: setting.WeekStartDayOffset,
+		AdditionalScript:       setting.AdditionalScript,
+		AdditionalStyle:        setting.AdditionalStyle,
+		WeekStartDayOffset:     setting.WeekStartDayOffset,
 	}
 	if setting.CustomProfile != nil {
 		generalSetting.CustomProfile = &storepb.WorkspaceCustomProfile{

--- a/web/src/components/Settings/WorkspaceSection.tsx
+++ b/web/src/components/Settings/WorkspaceSection.tsx
-import { Button, Select, Textarea, Option, Divider } from "@mui/joy";
+import { Button, Select, Textarea, Option, Divider, Switch } from "@mui/joy";
 import { isEqual } from "lodash-es";
 import { ExternalLinkIcon } from "lucide-react";
 import { useState } from "react";
@@ -22,16 +22,12 @@ const WorkspaceSection = () => {
    showUpdateCustomizedProfileDialog();
  };
-  const handleAdditionalStyleChanged = (value: string) => {
+  const updatePartialSetting = (partial: Partial<WorkspaceGeneralSetting>) => {
-    setWorkspaceGeneralSetting({ ...workspaceGeneralSetting, additionalStyle: value });
+    const newWorkspaceGeneralSetting = WorkspaceGeneralSetting.fromPartial({
-  };
+      ...workspaceGeneralSetting,
+      ...partial,
-  const handleAdditionalScriptChanged = (value: string) => {
+    });
-    setWorkspaceGeneralSetting({ ...workspaceGeneralSetting, additionalScript: value });
+    setWorkspaceGeneralSetting(newWorkspaceGeneralSetting);
-  };
-  const handleWeekStartDayOffsetChanged = (value: number) => {
-    setWorkspaceGeneralSetting({ ...workspaceGeneralSetting, weekStartDayOffset: value });
  };
  const handleSaveGeneralSetting = async () => {
@@ -75,7 +71,7 @@ const WorkspaceSection = () => {
        maxRows={4}
        placeholder={t("setting.system-section.additional-style-placeholder")}
        value={workspaceGeneralSetting.additionalStyle}
-        onChange={(event) => handleAdditionalStyleChanged(event.target.value)}
+        onChange={(event) => updatePartialSetting({ additionalStyle: event.target.value })}
      />
      <div className="w-full flex flex-row justify-between items-center">
        <span>{t("setting.system-section.additional-script")}</span>
@@ -91,7 +87,7 @@ const WorkspaceSection = () => {
        maxRows={4}
        placeholder={t("setting.system-section.additional-script-placeholder")}
        value={workspaceGeneralSetting.additionalScript}
-        onChange={(event) => handleAdditionalScriptChanged(event.target.value)}
+        onChange={(event) => updatePartialSetting({ additionalScript: event.target.value })}
      />
      <div className="w-full">
        <Link
@@ -103,13 +99,27 @@ const WorkspaceSection = () => {
          <ExternalLinkIcon className="inline w-4 h-auto ml-1" />
        </Link>
      </div>
+      <div className="w-full flex flex-row justify-between items-center">
+        <span>Disallow signup</span>
+        <Switch
+          checked={workspaceGeneralSetting.disallowSignup}
+          onChange={(event) => updatePartialSetting({ disallowSignup: event.target.checked })}
+        />
+      </div>
+      <div className="w-full flex flex-row justify-between items-center">
+        <span>Disallow password signin</span>
+        <Switch
+          checked={workspaceGeneralSetting.disallowPasswordSignin}
+          onChange={(event) => updatePartialSetting({ disallowPasswordSignin: event.target.checked })}
+        />
+      </div>
      <div className="w-full flex flex-row justify-between items-center">
        <span className="truncate">Week start day</span>
        <Select
          className="!min-w-fit"
          value={workspaceGeneralSetting.weekStartDayOffset}
          onChange={(_, weekStartDayOffset) => {
-            handleWeekStartDayOffsetChanged(weekStartDayOffset || 0);
+            updatePartialSetting({ weekStartDayOffset: weekStartDayOffset || 0 });
          }}
        >
          <Option value={-1}>Saturday</Option>

--- a/web/src/pages/SignIn.tsx
+++ b/web/src/pages/SignIn.tsx
@@ -116,7 +116,7 @@ const SignIn = () => {
            {workspaceGeneralSetting.customProfile?.title || "Memos"}
          </p>
        </div>
-        {commonContext.profile.passwordAuth ? (
+        {!workspaceGeneralSetting.disallowPasswordSignin ? (
          <form className="w-full mt-2" onSubmit={handleFormSubmit}>
            <div className="flex flex-col justify-start items-start w-full gap-4">
              <div className="w-full flex flex-col justify-start items-start">
@@ -176,7 +176,7 @@ const SignIn = () => {
        ) : (
          <p className="w-full text-2xl mt-2 dark:text-gray-500">Password auth is not allowed.</p>
        )}
-        {commonContext.profile.public && commonContext.profile.passwordAuth && (
+        {!workspaceGeneralSetting.disallowSignup && !workspaceGeneralSetting.disallowPasswordSignin && (
          <p className="w-full mt-4 text-sm">
            <span className="dark:text-gray-500">{t("auth.sign-up-tip")}</span>
            <Link to="/auth/signup" className="cursor-pointer ml-2 text-blue-600 hover:underline" unstable_viewTransition>

--- a/web/src/pages/SignUp.tsx
+++ b/web/src/pages/SignUp.tsx
@@ -79,7 +79,7 @@ const SignUp = () => {
            {workspaceGeneralSetting.customProfile?.title || "Memos"}
          </p>
        </div>
-        {commonContext.profile.public ? (
+        {!workspaceGeneralSetting.disallowSignup ? (
          <>
            <p className="w-full text-2xl mt-2 dark:text-gray-500">{t("auth.create-your-account")}</p>
            <form className="w-full mt-2" onSubmit={handleFormSubmit}>