a2e76e1683
- Parse toml configuration file, see https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/control-server.md#authentication - Retro-compatible with existing AND documented routes, until after v3.41 release - Log a warning if an unprotected-by-default route is accessed unprotected - Authentication methods: none, apikey, basic - `genkey` command to generate API keys Co-authored-by: Joe Jose <45399349+joejose97@users.noreply.github.com>
37 lines
894 B
Go
37 lines
894 B
Go
package auth
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"crypto/subtle"
|
|
"net/http"
|
|
)
|
|
|
|
type apiKeyMethod struct {
|
|
apiKeyDigest [32]byte
|
|
}
|
|
|
|
func newAPIKeyMethod(apiKey string) *apiKeyMethod {
|
|
return &apiKeyMethod{
|
|
apiKeyDigest: sha256.Sum256([]byte(apiKey)),
|
|
}
|
|
}
|
|
|
|
// equal returns true if another auth checker is equal.
|
|
// This is used to deduplicate checkers for a particular route.
|
|
func (a *apiKeyMethod) equal(other authorizationChecker) bool {
|
|
otherTokenMethod, ok := other.(*apiKeyMethod)
|
|
if !ok {
|
|
return false
|
|
}
|
|
return a.apiKeyDigest == otherTokenMethod.apiKeyDigest
|
|
}
|
|
|
|
func (a *apiKeyMethod) isAuthorized(_ http.Header, request *http.Request) bool {
|
|
xAPIKey := request.Header.Get("X-API-Key")
|
|
if xAPIKey == "" {
|
|
xAPIKey = request.URL.Query().Get("api_key")
|
|
}
|
|
xAPIKeyDigest := sha256.Sum256([]byte(xAPIKey))
|
|
return subtle.ConstantTimeCompare(xAPIKeyDigest[:], a.apiKeyDigest[:]) == 1
|
|
}
|