internal/server/middlewares/auth/lookup.go

package auth

import (
	"fmt"
)

type internalRole struct {
	name    string
	checker authorizationChecker
}

func settingsToLookupMap(settings Settings) (routeToRoles map[string][]internalRole, err error) {
	routeToRoles = make(map[string][]internalRole)
	for _, role := range settings.Roles {
		var checker authorizationChecker
		switch role.Auth {
		case AuthNone:
			checker = newNoneMethod()
		case AuthAPIKey:
			checker = newAPIKeyMethod(role.APIKey)
		case AuthBasic:
			checker = newBasicAuthMethod(role.Username, role.Password)
		default:
			return nil, fmt.Errorf("%w: %s", ErrMethodNotSupported, role.Auth)
		}

		iRole := internalRole{
			name:    role.Name,
			checker: checker,
		}
		for _, route := range role.Routes {
			checkerExists := false
			for _, role := range routeToRoles[route] {
				if role.checker.equal(iRole.checker) {
					checkerExists = true
					break
				}
			}
			if checkerExists {
				// even if the role name is different, if the checker is the same, skip it.
				continue
			}
			routeToRoles[route] = append(routeToRoles[route], iRole)
		}
	}
	return routeToRoles, nil
}
feat(server): role based authentication system (#2434) - Parse toml configuration file, see https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/control-server.md#authentication - Retro-compatible with existing AND documented routes, until after v3.41 release - Log a warning if an unprotected-by-default route is accessed unprotected - Authentication methods: none, apikey, basic - `genkey` command to generate API keys Co-authored-by: Joe Jose <45399349+joejose97@users.noreply.github.com> 2024-09-18 13:29:36 +02:00			`package auth`

			`import (`
			`"fmt"`
			`)`

			`type internalRole struct {`
			`name string`
			`checker authorizationChecker`
			`}`

			`func settingsToLookupMap(settings Settings) (routeToRoles map[string][]internalRole, err error) {`
			`routeToRoles = make(map[string][]internalRole)`
			`for _, role := range settings.Roles {`
			`var checker authorizationChecker`
			`switch role.Auth {`
			`case AuthNone:`
			`checker = newNoneMethod()`
			`case AuthAPIKey:`
			`checker = newAPIKeyMethod(role.APIKey)`
			`case AuthBasic:`
			`checker = newBasicAuthMethod(role.Username, role.Password)`
			`default:`
			`return nil, fmt.Errorf("%w: %s", ErrMethodNotSupported, role.Auth)`
			`}`

			`iRole := internalRole{`
			`name: role.Name,`
			`checker: checker,`
			`}`
			`for _, route := range role.Routes {`
			`checkerExists := false`
			`for _, role := range routeToRoles[route] {`
			`if role.checker.equal(iRole.checker) {`
			`checkerExists = true`
			`break`
			`}`
			`}`
			`if checkerExists {`
			`// even if the role name is different, if the checker is the same, skip it.`
			`continue`
			`}`
			`routeToRoles[route] = append(routeToRoles[route], iRole)`
			`}`
			`}`
			`return routeToRoles, nil`
			`}`