feat(server): role based authentication system (#2434)

- Parse toml configuration file, see https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/control-server.md#authentication - Retro-compatible with existing AND documented routes, until after v3.41 release - Log a warning if an unprotected-by-default route is accessed unprotected - Authentication methods: none, apikey, basic - `genkey` command to generate API keys - move log middleware to internal/server/middlewares/log Co-authored-by: Joe Jose <45399349+joejose97@users.noreply.github.com>
2024-08-23 13:46:52 +00:00
parent cbfdb25190
commit 67ae5f5065
27 changed files with 943 additions and 24 deletions
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -6,17 +6,31 @@ import (

 	"github.com/qdm12/gluetun/internal/httpserver"
 	"github.com/qdm12/gluetun/internal/models"
+	"github.com/qdm12/gluetun/internal/server/middlewares/auth"
 )

 func New(ctx context.Context, address string, logEnabled bool, logger Logger,
-	buildInfo models.BuildInformation, openvpnLooper VPNLooper,
+	authConfigPath string, buildInfo models.BuildInformation, openvpnLooper VPNLooper,
 	pfGetter PortForwardedGetter, unboundLooper DNSLoop,
 	updaterLooper UpdaterLooper, publicIPLooper PublicIPLoop, storage Storage,
 	ipv6Supported bool) (
 	server *httpserver.Server, err error) {
-	handler := newHandler(ctx, logger, logEnabled, buildInfo,
+	authSettings, err := auth.Read(authConfigPath)
+	if err != nil {
+		return nil, fmt.Errorf("reading auth settings: %w", err)
+	}
+	authSettings.SetDefaults()
+	err = authSettings.Validate()
+	if err != nil {
+		return nil, fmt.Errorf("validating auth settings: %w", err)
+	}
+
+	handler, err := newHandler(ctx, logger, logEnabled, authSettings, buildInfo,
 		openvpnLooper, pfGetter, unboundLooper, updaterLooper, publicIPLooper,
 		storage, ipv6Supported)
+	if err != nil {
+		return nil, fmt.Errorf("creating handler: %w", err)
+	}

 	httpServerSettings := httpserver.Settings{
 		Address: address,