add access token authentication

[itviewer]

placing an authenticating reverse proxy or using mTLS is annoying
the json-rpc request object has an id member, can we use this parameter to pass the authentication token?
the server:
wg-api --device=<my device> --listen=localhost:1234 --token=abcdef
then the request:
curl http://localhost:8080 -H "Content-Type: application/json" -d '{"jsonrpc": "2.0", "method": "GetDeviceInfo", "params": {}, "id":"abcdef"}'
The server performs Token authentication on each request from the client. If it does not match, it just returns an error and without performing any operation.

the argument --token is optional

[jamescun]

Hi, @itviewer, thanks for the feedback!

Unfortunetly using the id field for authentication would be a violation of the JSON-RPC 2.0 specification, and I'm not sure how you would configure this with some JSON-RPC clients.

However I am planning on implementing other authentication mechanisms, such as tokens (provided by a HTTP header) and UNIX sockets with permissions. The MVP only ended up having mTLS as this met my initial use case. It shoudln't be long before this is implemented.

I hope this was helpful. 🙂

[itviewer]

Thanks, it sounds exciting.

[jamescun]

Discussing this issue in #2

[jamescun]

Fixed by #5