Add allowed-fingerprints option

Closes #4

Author: EpicEric

book/mdbook-admonish.css

@@ -18,7 +18,11 @@ ssh -L 4000:my.tunnel:3000
 
 Then you can access `localhost:4000`, and all traffic will be redirected to port 2000 on the remote service. It's almost like a VPN!
 
-Currently, there are no authentication options for local forwarding, but this is a planned feature.
+If you'd like to restrict which users can access your service, you can provide the allowed fingerprints as a comma-separated list at the end of the command, like so:
+
+```shell
+ssh -R my.tunnel:3000:localhost:2000 server.com -p 2222 allowed-fingerprints=SHA256:GehKyA21BBK6eJCouziacUmqYDNl8BPMGG0CTtLSrbQ
+```
 
 ## Custom domains
 

book/src/advanced_uses.md

@@ -10,4 +10,6 @@ pub(crate) enum ServerError {
     RequestTimeout,
     #[error("Invalid file path")]
     InvalidFilePath,
+    #[error("Fingerprint denied")]
+    FingerprintDenied,
 }

src/error.rs

@@ -0,0 +1,16 @@
+use async_trait::async_trait;
+#[cfg(test)]
+use mockall::automock;
+use tokio::sync::mpsc;
+
+#[cfg_attr(test, automock)]
+#[async_trait]
+pub(crate) trait ConnectionHandler<T: Sync> {
+    fn log_channel(&self) -> mpsc::UnboundedSender<Vec<u8>>;
+    async fn tunneling_channel(
+        &self,
+        ip: &str,
+        port: u16,
+        fingerprint: Option<String>,
+    ) -> anyhow::Result<T>;
+}