feat(server): role based authentication system (#2434)

- Parse toml configuration file, see https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/control-server.md#authentication
- Retro-compatible with existing AND documented routes, until after v3.41 release
- Log a warning if an unprotected-by-default route is accessed unprotected
- Authentication methods: none, apikey, basic
- `genkey` command to generate API keys

Co-authored-by: Joe Jose <45399349+joejose97@users.noreply.github.com>

internal/server/server.go

@@ -6,17 +6,31 @@ import (
 
 	"github.com/qdm12/gluetun/internal/httpserver"
 	"github.com/qdm12/gluetun/internal/models"
+	"github.com/qdm12/gluetun/internal/server/middlewares/auth"
 )
 
 func New(ctx context.Context, address string, logEnabled bool, logger Logger,
-	buildInfo models.BuildInformation, openvpnLooper VPNLooper,
+	authConfigPath string, buildInfo models.BuildInformation, openvpnLooper VPNLooper,
 	pfGetter PortForwardedGetter, dnsLooper DNSLoop,
 	updaterLooper UpdaterLooper, publicIPLooper PublicIPLoop, storage Storage,
 	ipv6Supported bool) (
 	server *httpserver.Server, err error) {
-	handler := newHandler(ctx, logger, logEnabled, buildInfo,
+	authSettings, err := auth.Read(authConfigPath)
+	if err != nil {
+		return nil, fmt.Errorf("reading auth settings: %w", err)
+	}
+	authSettings.SetDefaults()
+	err = authSettings.Validate()
+	if err != nil {
+		return nil, fmt.Errorf("validating auth settings: %w", err)
+	}
+
+	handler, err := newHandler(ctx, logger, logEnabled, authSettings, buildInfo,
 		openvpnLooper, pfGetter, dnsLooper, updaterLooper, publicIPLooper,
 		storage, ipv6Supported)
+	if err != nil {
+		return nil, fmt.Errorf("creating handler: %w", err)
+	}
 
 	httpServerSettings := httpserver.Settings{
 		Address: address,