feat(server): role based authentication system (#2434)

- Parse toml configuration file, see https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/control-server.md#authentication - Retro-compatible with existing AND documented routes, until after v3.41 release - Log a warning if an unprotected-by-default route is accessed unprotected - Authentication methods: none, apikey, basic - `genkey` command to generate API keys - move log middleware to internal/server/middlewares/log Co-authored-by: Joe Jose <45399349+joejose97@users.noreply.github.com>
2024-08-23 13:46:52 +00:00
parent cbfdb25190
commit 67ae5f5065
27 changed files with 943 additions and 24 deletions
--- a/internal/server/middlewares/auth/configfile.go
+++ b/internal/server/middlewares/auth/configfile.go
@@ -0,0 +1,35 @@
+package auth
+
+import (
+	"errors"
+	"fmt"
+	"os"
+
+	"github.com/pelletier/go-toml/v2"
+)
+
+// Read reads the toml file specified by the filepath given.
+// If the file does not exist, it returns empty settings and no error.
+func Read(filepath string) (settings Settings, err error) {
+	file, err := os.Open(filepath)
+	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			return Settings{}, nil
+		}
+		return settings, fmt.Errorf("opening file: %w", err)
+	}
+	decoder := toml.NewDecoder(file)
+	decoder.DisallowUnknownFields()
+	err = decoder.Decode(&settings)
+	if err == nil {
+		return settings, nil
+	}
+
+	strictErr := new(toml.StrictMissingError)
+	ok := errors.As(err, &strictErr)
+	if !ok {
+		return settings, fmt.Errorf("toml decoding file: %w", err)
+	}
+	return settings, fmt.Errorf("toml decoding file: %w:\n%s",
+		strictErr, strictErr.String())
+}