I2PControl tokens are insecure and not validated

[eliaseinarsson]

While writing some code that communicates with the I2PControl JSON-RPC API I noticed that the Token returned by the Authenticate API was just a Unix timestamp (generated here.) This is obviously completely insufficient for an authentication token, as it is trivial to guess. A simple fix for this would be to just replace that with a call to a cryptographically secure RNG.

Much more seriously however, I also noticed that the token is not checked or validated anywhere! You can set arbitrary configuration parameters without knowing the password or having to guess the token!

[r4sas]

We know about it, but nobody actually uses I2PControl, and it can't be used to control i2pd itself, so nobody did anything about it.

[r4sas]

But if someone wants to fix this, please send a PR.

[eliaseinarsson]

Sadly I'm not confident enough in my C++ abilities to finish the token implementation. I could probably make a PR that at least refuses to start I2PControl if a password is set and instead logs an error message, and add a note in the docs about password auth not being implemented. That way there's no chance for someone to think their I2PControl is password protected when it isn't, so they won't accidentally leave it fully accessible to the public internet like I almost did 😅

Does that sound like an acceptable stop-gap solution?