turn off endpoints if basic login disabled

dashboard/src/main/auth/Login.tsx

@@ -17,8 +17,10 @@ type StateType = {
   password: string;
   emailError: boolean;
   credentialError: boolean;
+  hasBasic: boolean;
   hasGithub: boolean;
   hasGoogle: boolean;
+  hasResetPassword: boolean;
 };
 
 export default class Login extends Component<PropsType, StateType> {
@@ -27,8 +29,10 @@ export default class Login extends Component<PropsType, StateType> {
     password: "",
     emailError: false,
     credentialError: false,
+    hasBasic: true,
     hasGithub: true,
     hasGoogle: false,
+    hasResetPassword: true,
   };
 
   handleKeyDown = (e: any) => {
@@ -47,8 +51,10 @@ export default class Login extends Component<PropsType, StateType> {
       .getCapabilities("", {}, {})
       .then((res) => {
         this.setState({ 
-          hasGithub: res.data?.github,
-          hasGoogle: res.data?.google,
+          hasBasic: res.data?.basic_login,
+          hasGithub: res.data?.github_login,
+          hasGoogle: res.data?.google_login,
+          hasResetPassword: res.data?.email,
         });
       })
       .catch((err) => console.log(err));
@@ -152,29 +158,12 @@ export default class Login extends Component<PropsType, StateType> {
     }
   };
 
-  render() {
-    let { email, password, credentialError, emailError } = this.state;
+  renderBasicSection = () => {
+    if (this.state.hasBasic) {
+      let { email, password, credentialError, emailError } = this.state;
 
-    return (
-      <StyledLogin>
-        <LoginPanel numOAuth={+this.state.hasGithub + +this.state.hasGoogle}>
-          <OverflowWrapper>
-            <GradientBg />
-          </OverflowWrapper>
-          <FormWrapper>
-            <Logo src={logo} />
-            <Prompt>Log in to Porter</Prompt>
-            {this.renderGithubSection()}
-            {this.renderGoogleSection()}
-            {(this.state.hasGithub || this.state.hasGoogle) ? 
-              <OrWrapper>
-                <Line />
-                <Or>or</Or>
-              </OrWrapper> :
-              null
-            }
-            <DarkMatter />
-            <InputWrapper>
+      return <div>
+        <InputWrapper>
               <Input
                 type="email"
                 placeholder="Email"
@@ -206,23 +195,56 @@ export default class Login extends Component<PropsType, StateType> {
               {this.renderCredentialError()}
             </InputWrapper>
             <Button onClick={this.handleLogin}>Continue</Button>
+      </div>
+    }
+  }
+  
+  renderHelper() {
+    if (this.state.hasResetPassword) {
+      return <Helper>
+        <Link href="/register">Sign up</Link> |
+        <Link href="/password/reset">Forgot password?</Link>
+      </Helper>
+    } 
+
+    return <Helper>
+      <Link href="/register">Sign up</Link>
+    </Helper>
+  }
 
-            <Helper>
-              <Link href="/register">Sign up</Link> |
-              <Link href="/password/reset">Forgot password?</Link>
-            </Helper>
+  render() {
+    return (
+      <StyledLogin>
+        <LoginPanel numOAuth={+this.state.hasGithub + +this.state.hasGoogle}>
+          <OverflowWrapper>
+            <GradientBg />
+          </OverflowWrapper>
+          <FormWrapper>
+            <Logo src={logo} />
+            <Prompt>Log in to Porter</Prompt>
+            {this.renderGithubSection()}
+            {this.renderGoogleSection()}
+            {(this.state.hasGithub || this.state.hasGoogle) && this.state.hasBasic ? 
+              <OrWrapper>
+                <Line />
+                <Or>or</Or>
+              </OrWrapper> :
+              null
+            }
+            <DarkMatter />
+            {this.renderBasicSection()}
+            {this.renderHelper()}
           </FormWrapper>
         </LoginPanel>
-
         <Footer>
-          © 2021 Porter Technologies Inc. •
-          <Link
-            href="https://docs.getporter.dev/docs/terms-of-service"
-            target="_blank"
-          >
-            Terms & Privacy
-          </Link>
-        </Footer>
+            © 2021 Porter Technologies Inc. •
+            <Link
+              href="https://docs.getporter.dev/docs/terms-of-service"
+              target="_blank"
+            >
+              Terms & Privacy
+            </Link>
+          </Footer>
       </StyledLogin>
     );
   }

internal/adapter/gorm.go

@@ -22,13 +22,19 @@ func New(conf *config.DBConf) (*gorm.DB, error) {
 	}
 
 	dsn := fmt.Sprintf(
-		"user=%s password=%s port=%d host=%s sslmode=disable",
+		"user=%s password=%s port=%d host=%s",
 		conf.Username,
 		conf.Password,
 		conf.Port,
 		conf.Host,
 	)
 
+	if conf.ForceSSL {
+		dsn = dsn + " sslmode=require"
+	} else {
+		dsn = dsn + " sslmode=disable"
+	}
+
 	res, err := gorm.Open(postgres.Open(dsn), &gorm.Config{
 		FullSaveAssociations: true,
 	})

internal/config/config.go

@@ -35,8 +35,11 @@ type ServerConf struct {
 	DefaultApplicationHelmRepoURL string `env:"HELM_APP_REPO_URL,default=https://charts.dev.getporter.dev"`
 	DefaultAddonHelmRepoURL       string `env:"HELM_ADD_ON_REPO_URL,default=https://chart-addons.dev.getporter.dev"`
 
+	BasicLoginEnabled bool `env:"BASIC_LOGIN_ENABLED,default=true"`
+
 	GithubClientID     string `env:"GITHUB_CLIENT_ID"`
 	GithubClientSecret string `env:"GITHUB_CLIENT_SECRET"`
+	GithubLoginEnabled bool   `env:"GITHUB_LOGIN_ENABLED,default=true"`
 
 	GoogleClientID         string `env:"GOOGLE_CLIENT_ID"`
 	GoogleClientSecret     string `env:"GOOGLE_CLIENT_SECRET"`
@@ -66,6 +69,7 @@ type DBConf struct {
 	Username string `env:"DB_USER,default=porter"`
 	Password string `env:"DB_PASS,default=porter"`
 	DbName   string `env:"DB_NAME,default=porter"`
+	ForceSSL bool   `env:"DB_FORCE_SSL,default=false"`
 
 	SQLLite     bool   `env:"SQL_LITE,default=false"`
 	SQLLitePath string `env:"SQL_LITE_PATH,default=/porter/porter.db"`

server/api/api.go

@@ -93,9 +93,10 @@ type App struct {
 
 type AppCapabilities struct {
 	Provisioning bool `json:"provisioner"`
-	Subdomains   bool `json:"subdomains"`
 	Github       bool `json:"github"`
-	GoogleLogin  bool `json:"google"`
+	BasicLogin   bool `json:"basic_login"`
+	GithubLogin  bool `json:"github_login"`
+	GoogleLogin  bool `json:"google_login"`
 	Email        bool `json:"email"`
 	Analytics    bool `json:"analytics"`
 }
@@ -172,6 +173,8 @@ func New(conf *AppConfig) (*App, error) {
 			Scopes:       []string{"repo", "read:user", "workflow"},
 			BaseURL:      sc.ServerURL,
 		})
+
+		app.Capabilities.GithubLogin = sc.GithubLoginEnabled
 	}
 
 	if sc.GoogleClientID != "" && sc.GoogleClientSecret != "" {
@@ -200,6 +203,7 @@ func New(conf *AppConfig) (*App, error) {
 
 	app.Capabilities.Email = sc.SendgridAPIKey != ""
 	app.Capabilities.Analytics = sc.SegmentClientKey != ""
+	app.Capabilities.BasicLogin = sc.BasicLoginEnabled
 
 	app.tokenConf = &token.TokenGeneratorConf{
 		TokenSecret: conf.ServerConf.TokenGeneratorSecret,

server/router/router.go

@@ -55,11 +55,20 @@ func New(a *api.App) *chi.Mux {
 				),
 			)
 
-			r.Method(
-				"POST",
-				"/users",
-				requestlog.NewHandler(a.HandleCreateUser, l),
-			)
+			// only allow basic create user or basic login if BasicLogin feature is set
+			if a.Capabilities.BasicLogin {
+				r.Method(
+					"POST",
+					"/users",
+					requestlog.NewHandler(a.HandleCreateUser, l),
+				)
+
+				r.Method(
+					"POST",
+					"/login",
+					requestlog.NewHandler(a.HandleLoginUser, l),
+				)
+			}
 
 			r.Method(
 				"DELETE",
@@ -84,12 +93,6 @@ func New(a *api.App) *chi.Mux {
 				requestlog.NewHandler(a.HandleCLILoginExchangeToken, l),
 			)
 
-			r.Method(
-				"POST",
-				"/login",
-				requestlog.NewHandler(a.HandleLoginUser, l),
-			)
-
 			r.Method(
 				"GET",
 				"/auth/check",