feat: Local authentication is configurable

Signed-off-by: Jianhui Zhao <[email protected]>

config/config.go

@@ -23,6 +23,7 @@ type Config struct {
 	Token       string
 	WhiteList   map[string]bool
 	DB          string
+	LocalAuth   bool
 }
 
 func getConfigOpt(yamlCfg *yaml.File, name string, opt interface{}) {
@@ -51,6 +52,7 @@ func Parse(c *cli.Context) *Config {
 		SslCacert:   c.String("ssl-cacert"),
 		Token:       c.String("token"),
 		DB:          c.String("db"),
+		LocalAuth:   c.Bool("local-auth"),
 	}
 
 	cfg.WhiteList = make(map[string]bool)

http.go

@@ -67,10 +67,12 @@ func authorizedDev(devid string, cfg *config.Config) bool {
 	return ok
 }
 
-func httpAuth(c *gin.Context) bool {
-	addr, _ := net.ResolveTCPAddr("tcp", c.Request.RemoteAddr)
-	if addr.IP.IsLoopback() {
-		return true
+func httpAuth(cfg *config.Config, c *gin.Context) bool {
+	if !cfg.LocalAuth {
+		addr, _ := net.ResolveTCPAddr("tcp", c.Request.RemoteAddr)
+		if addr.IP.IsLoopback() {
+			return true
+		}
 	}
 
 	cookie, err := c.Cookie("sid")
@@ -98,7 +100,7 @@ func httpStart(br *broker) {
 			return
 		}
 
-		if !httpAuth(c) {
+		if !httpAuth(cfg, c) {
 			c.AbortWithStatus(http.StatusUnauthorized)
 		}
 	})
@@ -193,7 +195,7 @@ func httpStart(br *broker) {
 	})
 
 	r.GET("/authorized/:devid", func(c *gin.Context) {
-		authorized := authorizedDev(c.Param("devid"), cfg) || httpAuth(c)
+		authorized := authorizedDev(c.Param("devid"), cfg) || httpAuth(cfg, c)
 		c.JSON(http.StatusOK, gin.H{
 			"authorized": authorized,
 		})
@@ -225,7 +227,7 @@ func httpStart(br *broker) {
 	})
 
 	r.GET("/alive", func(c *gin.Context) {
-		if !httpAuth(c) {
+		if !httpAuth(cfg, c) {
 			c.AbortWithStatus(http.StatusUnauthorized)
 		} else {
 			c.Status(http.StatusOK)

main.go

@@ -147,6 +147,10 @@ func main() {
 						Value: "rttys.db",
 						Usage: "sqlite3 database path",
 					},
+					&cli.BoolFlag{
+						Name:  "local-auth",
+						Usage: "need auth for local",
+					},
 				},
 				Action: func(c *cli.Context) error {
 					runRttys(c)