feat(server): role based authentication system (#2434)

- Parse toml configuration file, see https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/control-server.md#authentication - Retro-compatible with existing AND documented routes, until after v3.41 release - Log a warning if an unprotected-by-default route is accessed unprotected - Authentication methods: none, apikey, basic - `genkey` command to generate API keys Co-authored-by: Joe Jose <45399349+joejose97@users.noreply.github.com>
2024-09-18 13:29:36 +02:00
parent 07651683f9
commit a2e76e1683
25 changed files with 920 additions and 10 deletions
--- a/internal/server/middlewares/auth/lookup_test.go
+++ b/internal/server/middlewares/auth/lookup_test.go
@@ -0,0 +1,60 @@
+package auth
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+// Read reads the toml file specified by the filepath given.
+func Test_settingsToLookupMap(t *testing.T) {
+	t.Parallel()
+
+	testCases := map[string]struct {
+		settings     Settings
+		routeToRoles map[string][]internalRole
+		errWrapped   error
+		errMessage   string
+	}{
+		"empty_settings": {
+			routeToRoles: map[string][]internalRole{},
+		},
+		"auth_method_not_supported": {
+			settings: Settings{
+				Roles: []Role{{Name: "a", Auth: "bad"}},
+			},
+			errWrapped: ErrMethodNotSupported,
+			errMessage: "authentication method not supported: bad",
+		},
+		"success": {
+			settings: Settings{
+				Roles: []Role{
+					{Name: "a", Auth: AuthNone, Routes: []string{"GET /path"}},
+					{Name: "b", Auth: AuthNone, Routes: []string{"GET /path", "PUT /path"}},
+				},
+			},
+			routeToRoles: map[string][]internalRole{
+				"GET /path": {
+					{name: "a", checker: newNoneMethod()}, // deduplicated method
+				},
+				"PUT /path": {
+					{name: "b", checker: newNoneMethod()},
+				}},
+		},
+	}
+
+	for name, testCase := range testCases {
+		testCase := testCase
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+
+			routeToRoles, err := settingsToLookupMap(testCase.settings)
+
+			assert.Equal(t, testCase.routeToRoles, routeToRoles)
+			assert.ErrorIs(t, err, testCase.errWrapped)
+			if testCase.errWrapped != nil {
+				assert.EqualError(t, err, testCase.errMessage)
+			}
+		})
+	}
+}