feat(global): add authentication support with single admin account

api/api.go

@@ -2,6 +2,8 @@ package main
 
 import (
 	"crypto/tls"
+	"errors"
+	"github.com/gorilla/securecookie"
 	"log"
 	"net/http"
 	"net/url"
@@ -15,6 +17,8 @@ type (
 		dataPath     string
 		tlsConfig    *tls.Config
 		templatesURL string
+		dataStore    *dataStore
+		secret       []byte
 	}
 
 	apiConfig struct {
@@ -31,7 +35,21 @@ type (
 	}
 )
 
+const (
+	datastoreFileName = "portainer.db"
+)
+
+var (
+	errSecretKeyGeneration = errors.New("Unable to generate secret key to sign JWT")
+)
+
 func (a *api) run(settings *Settings) {
+	err := a.initDatabase()
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer a.cleanUp()
+
 	handler := a.newHandler(settings)
 	log.Printf("Starting portainer on %s", a.bindAddress)
 	if err := http.ListenAndServe(a.bindAddress, handler); err != nil {
@@ -39,12 +57,34 @@ func (a *api) run(settings *Settings) {
 	}
 }
 
+func (a *api) cleanUp() {
+	a.dataStore.cleanUp()
+}
+
+func (a *api) initDatabase() error {
+	dataStore, err := newDataStore(a.dataPath + "/" + datastoreFileName)
+	if err != nil {
+		return err
+	}
+	err = dataStore.initDataStore()
+	if err != nil {
+		return err
+	}
+	a.dataStore = dataStore
+	return nil
+}
+
 func newAPI(apiConfig apiConfig) *api {
 	endpointURL, err := url.Parse(apiConfig.Endpoint)
 	if err != nil {
 		log.Fatal(err)
 	}
 
+	secret := securecookie.GenerateRandomKey(32)
+	if secret == nil {
+		log.Fatal(errSecretKeyGeneration)
+	}
+
 	var tlsConfig *tls.Config
 	if apiConfig.TLSEnabled {
 		tlsConfig = newTLSConfig(apiConfig.TLSCACertPath, apiConfig.TLSCertPath, apiConfig.TLSKeyPath)
@@ -57,5 +97,6 @@ func newAPI(apiConfig apiConfig) *api {
 		dataPath:     apiConfig.DataPath,
 		tlsConfig:    tlsConfig,
 		templatesURL: apiConfig.TemplatesURL,
+		secret:       secret,
 	}
 }