Add parsing tokens from files or environment variables

Cargo.toml

@@ -136,3 +136,6 @@ vergen = { version = "7.4.2", default-features = false, features = [
     "cargo",
 ] }
 anyhow = "1.0"
+
+[dev-dependencies]
+serial_test = "3.1.1"

README.md

@@ -101,12 +101,25 @@ Before heading to the full configuration specification, it's recommend to skim [
 
 See [Transport](./docs/transport.md) for more details about encryption and the `transport` block.
 
+Tokens can also be set through environment variables. The variable `RATHOLE_{service name in uppercase}_TOKEN` can be set or `RATHOLE_DEFAULT_TOKEN` for all services. 
+Tokens are parsed in the following order for "servicex":
+1. (client/server).services.servicex.token
+2. (client/server).services.servicex.token_file
+3. RATHOLE_SERVICEX_TOKEN
+4. (client/server).default_token
+5. (client/server).default_token_file
+6. RATHOLE_DEFAULT_TOKEN
+
+Tokens should be generated by yourself (not on someone's website or on random.com) using a cryptographic pseudorandom generator. On Linux, use `openssl rand -hex 64 > /path/to/key`. Make sure to do this on a system with high entropy. 
+Most systems will have plenty of entropy. The random network delay between packets, using the computer and typing, access latency from your hdd all can be used to create entropy. Just use your system for anything other than extremely repetitive tasks and don't generate the key right after boot. 
+
 Here is the full configuration specification:
 
 ```toml
 [client]
 remote_addr = "example.com:2333" # Necessary. The address of the server
 default_token = "default_token_if_not_specify" # Optional. The default token of services, if they don't define their own ones
+default_token_file = "/path/to/token" # Optional. This will pull the default token from the path specified
 heartbeat_timeout = 40 # Optional. Set to 0 to disable the application-layer heartbeat test. The value must be greater than `server.heartbeat_interval`. Default: 40 seconds
 retry_interval = 1 # Optional. The interval between retry to connect to the server. Default: 1 second
 
@@ -134,6 +147,7 @@ tls = true # If `true` then it will use settings in `client.transport.tls`
 [client.services.service1] # A service that needs forwarding. The name `service1` can change arbitrarily, as long as identical to the name in the server's configuration
 type = "tcp" # Optional. The protocol that needs forwarding. Possible values: ["tcp", "udp"]. Default: "tcp"
 token = "whatever" # Necessary if `client.default_token` not set
+token_file = "/path/to/token" # Necessary if token, default_token, the env var, and default_token_file are unset. 
 local_addr = "127.0.0.1:1081" # Necessary. The address of the service that needs to be forwarded
 nodelay = true # Optional. Override the `client.transport.nodelay` per service
 retry_interval = 1 # Optional. The interval between retry to connect to the server. Default: inherits the global config
@@ -144,6 +158,7 @@ local_addr = "127.0.0.1:1082"
 [server]
 bind_addr = "0.0.0.0:2333" # Necessary. The address that the server listens for clients. Generally only the port needs to be change.
 default_token = "default_token_if_not_specify" # Optional
+default_token_file = "/path/to/token" # Optional. This will pull the default token from the path specified
 heartbeat_interval = 30 # Optional. The interval between two application-layer heartbeat. Set to 0 to disable sending heartbeat. Default: 30 seconds
 
 [server.transport] # Same as `[client.transport]`
@@ -169,6 +184,7 @@ tls = true # If `true` then it will use settings in `server.transport.tls`
 [server.services.service1] # The service name must be identical to the client side
 type = "tcp" # Optional. Same as the client `[client.services.X.type]
 token = "whatever" # Necessary if `server.default_token` not set
+token_file = "/path/to/token" # Necessary if token, default_token, and default_token_file are unset. 
 bind_addr = "0.0.0.0:8081" # Necessary. The address of the service is exposed at. Generally only the port needs to be change.
 nodelay = true # Optional. Same as the client