source auth tokens from environment variable

jamescun · Feb 21, 2020 · 1e4dc65 · 1e4dc65
1 parent 1ecd3da
commit 1e4dc65
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/cmd/wg-api.go b/cmd/wg-api.go
@@ -8,6 +8,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"strings"
 
 	wireguardapi "github.com/jamescun/wg-api"
 	"github.com/jamescun/wg-api/server"
@@ -36,6 +37,10 @@ Options:
   --token                 opaque value provided by the client to authenticate
                           requests. may be specified multiple times.
 
+Environment Variables:
+  WGAPI_TOKENS  comma seperated list of authentication tokens, equivalent to
+                calling --token one or more times.
+
 Warnings:
   WG-API can perform sensitive network operations, as such it should not be
   publicly exposed. It should be bound to the local interface only, or
@@ -104,6 +109,10 @@ func main() {
 
 		handler := jsonrpc.HTTP(server.Logger(svc))
 
+		if tokens := envArray("WGAPI_TOKENS"); len(tokens) > 0 {
+			*authTokens = append(*authTokens, tokens...)
+		}
+
 		if len(*authTokens) > 0 {
 			handler = server.AuthTokens(*authTokens...)(handler)
 		}
@@ -168,3 +177,18 @@ func loadCertificatePool(filename string) (*x509.CertPool, error) {
 
 	return pool, nil
 }
+
+func envArray(name string) []string {
+	env := os.Getenv(name)
+	if env == "" {
+		return nil
+	}
+
+	vv := strings.Split(env, ",")
+
+	for i, v := range vv {
+		vv[i] = strings.TrimSpace(v)
+	}
+
+	return vv
+}