feat(server/auth): HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE option (JSON encoded)
- For example: `{"auth":"basic","username":"me","password":"pass"}`
- For example`{"auth":"apiKey","apikey":"xyz"}`
- For example`{"auth":"none"}` (I don't recommend)
This commit is contained in:
Quentin McGaw
@@ -6,33 +6,25 @@ import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/qdm12/gluetun/internal/configuration/settings"
|
||||
"github.com/qdm12/gluetun/internal/httpserver"
|
||||
"github.com/qdm12/gluetun/internal/models"
|
||||
"github.com/qdm12/gluetun/internal/server/middlewares/auth"
|
||||
)
|
||||
|
||||
func New(ctx context.Context, address string, logEnabled bool, logger Logger,
|
||||
authConfigPath string, buildInfo models.BuildInformation, openvpnLooper VPNLooper,
|
||||
func New(ctx context.Context, settings settings.ControlServer, logger Logger,
|
||||
buildInfo models.BuildInformation, openvpnLooper VPNLooper,
|
||||
pfGetter PortForwardedGetter, dnsLooper DNSLoop,
|
||||
updaterLooper UpdaterLooper, publicIPLooper PublicIPLoop, storage Storage,
|
||||
ipv6Supported bool) (
|
||||
server *httpserver.Server, err error,
|
||||
) {
|
||||
authSettings, err := auth.Read(authConfigPath)
|
||||
switch {
|
||||
case errors.Is(err, os.ErrNotExist): // no auth file present
|
||||
case err != nil:
|
||||
return nil, fmt.Errorf("reading auth settings: %w", err)
|
||||
default:
|
||||
logger.Infof("read %d roles from authentication file", len(authSettings.Roles))
|
||||
}
|
||||
authSettings.SetDefaults()
|
||||
err = authSettings.Validate()
|
||||
authSettings, err := setupAuthMiddleware(settings.AuthFilePath, settings.AuthDefaultRole, logger)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("validating auth settings: %w", err)
|
||||
return nil, fmt.Errorf("building authentication middleware settings: %w", err)
|
||||
}
|
||||
|
||||
handler, err := newHandler(ctx, logger, logEnabled, authSettings, buildInfo,
|
||||
handler, err := newHandler(ctx, logger, *settings.Log, authSettings, buildInfo,
|
||||
openvpnLooper, pfGetter, dnsLooper, updaterLooper, publicIPLooper,
|
||||
storage, ipv6Supported)
|
||||
if err != nil {
|
||||
@@ -40,7 +32,7 @@ func New(ctx context.Context, address string, logEnabled bool, logger Logger,
|
||||
}
|
||||
|
||||
httpServerSettings := httpserver.Settings{
|
||||
Address: address,
|
||||
Address: *settings.Address,
|
||||
Handler: handler,
|
||||
Logger: logger,
|
||||
}
|
||||
@@ -52,3 +44,26 @@ func New(ctx context.Context, address string, logEnabled bool, logger Logger,
|
||||
|
||||
return server, nil
|
||||
}
|
||||
|
||||
func setupAuthMiddleware(authPath, jsonDefaultRole string, logger Logger) (
|
||||
authSettings auth.Settings, err error,
|
||||
) {
|
||||
authSettings, err = auth.Read(authPath)
|
||||
switch {
|
||||
case errors.Is(err, os.ErrNotExist): // no auth file present
|
||||
case err != nil:
|
||||
return auth.Settings{}, fmt.Errorf("reading auth settings: %w", err)
|
||||
default:
|
||||
logger.Infof("read %d roles from authentication file", len(authSettings.Roles))
|
||||
}
|
||||
err = authSettings.SetDefaultRole(jsonDefaultRole)
|
||||
if err != nil {
|
||||
return auth.Settings{}, fmt.Errorf("setting default role: %w", err)
|
||||
}
|
||||
authSettings.SetDefaults()
|
||||
err = authSettings.Validate()
|
||||
if err != nil {
|
||||
return auth.Settings{}, fmt.Errorf("validating auth settings: %w", err)
|
||||
}
|
||||
return authSettings, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user