From d6e45d01a6cd6214a3a4b99b858913474b935cd1 Mon Sep 17 00:00:00 2001
From: zephyrdark <zephyrdark@gmail.com>
Date: Sun, 8 Feb 2026 00:17:21 +0900
Subject: [PATCH] feat: disable user registration endpoint
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Personal-use service — no new account creation needed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 backend/app/api/auth.py | 26 ++++----------------------
 1 file changed, 4 insertions(+), 22 deletions(-)

diff --git a/backend/app/api/auth.py b/backend/app/api/auth.py
index 15aba70..4ef3db4 100644
--- a/backend/app/api/auth.py
+++ b/backend/app/api/auth.py
@@ -51,29 +51,11 @@ async def register(
     user_data: UserCreate,
     db: Annotated[Session, Depends(get_db)],
 ):
-    """Register a new user."""
-    if db.query(User).filter(User.username == user_data.username).first():
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail="Username already registered",
-        )
-
-    if db.query(User).filter(User.email == user_data.email).first():
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail="Email already registered",
-        )
-
-    user = User(
-        username=user_data.username,
-        email=user_data.email,
-        hashed_password=get_password_hash(user_data.password),
+    """Register a new user. Disabled for production."""
+    raise HTTPException(
+        status_code=status.HTTP_403_FORBIDDEN,
+        detail="Registration is disabled",
     )
-    db.add(user)
-    db.commit()
-    db.refresh(user)
-
-    return user
 
 
 @router.get("/me", response_model=UserResponse)