Fixed and tidied up code for disabling registrations

api/apiserver.py

@@ -656,9 +656,7 @@ def delete( self ):
         })
 
 def make_app():
-    if settings['self_registration'] == "yes":
-        return tornado.web.Application([
-            (r"/api/register", RegisterHandler),
+    app_routes = [
             (r"/api/login", LoginHandler),
             (r"/api/collected_pages", GetCollectedPagesHandler),
             (r"/api/delete_injection", DeleteInjectionHandler),
@@ -674,25 +672,10 @@ def make_app():
             (r"/uploads/(.*)", tornado.web.StaticFileHandler, {"path": "uploads/"}),
             (r"/api/record_injection", InjectionRequestHandler),
             (r"/(.*)", HomepageHandler),
-        ], cookie_secret=settings["cookie_secret"])
-    else: # Self registration is disabled; don't add the route to the application
-        return tornado.web.Application([
-            (r"/api/login", LoginHandler),
-            (r"/api/collected_pages", GetCollectedPagesHandler),
-            (r"/api/delete_injection", DeleteInjectionHandler),
-            (r"/api/delete_collected_page", DeleteCollectedPageHandler),
-            (r"/api/user", UserInformationHandler),
-            (r"/api/payloadfires", GetXSSPayloadFiresHandler),
-            (r"/api/contactus", ContactUsHandler),
-            (r"/api/resend_injection_email", ResendInjectionEmailHandler),
-            (r"/api/logout", LogoutHandler),
-            (r"/js_callback", CallbackHandler),
-            (r"/page_callback", CollectPageHandler),
-            (r"/health", HealthHandler),
-            (r"/uploads/(.*)", tornado.web.StaticFileHandler, {"path": "uploads/"}),
-            (r"/api/record_injection", InjectionRequestHandler),
-            (r"/(.*)", HomepageHandler),
-        ], cookie_secret=settings["cookie_secret"])
+        ]
+    if settings['self_registration']:
+        app_routes.append((r"/api/register", RegisterHandler))  
+    return tornado.web.Application(app_routes, cookie_secret=settings["cookie_secret"])
 
 if __name__ == "__main__":
     args = sys.argv

gui/guiserver.py

@@ -54,23 +54,16 @@ def get(self):
         self.write( loader.load( "contact.htm" ).generate() )
 
 def make_app():
-    if settings['self_registration'] == "yes":
-        return tornado.web.Application([
+    app_routes = [
             (r"/", HomepageHandler),
             (r"/app", XSSHunterApplicationHandler),
             (r"/features", FeaturesHandler),
-            (r"/signup", SignUpHandler),
             (r"/contact", ContactHandler),
             (r"/static/(.*)", tornado.web.StaticFileHandler, {"path": "static/"}),
-        ])
-    else:
-        return tornado.web.Application([
-            (r"/", HomepageHandler),
-            (r"/app", XSSHunterApplicationHandler),
-            (r"/features", FeaturesHandler),
-            (r"/contact", ContactHandler),
-            (r"/static/(.*)", tornado.web.StaticFileHandler, {"path": "static/"}),
-        ])
+    ]
+    if settings['self_registration']:
+        app_routes.append((r"/signup", SignUpHandler))
+    return tornado.web.Application(app_routes)
 
 if __name__ == "__main__":
     DOMAIN = settings["domain"]