Add new way for uploading files to any collective

Applications running next to docspell may want a way to upload files
to any collective for integration purposes. This endpoint can be used
for this. It is disabled by default and can be enabled via the
configuration file.

modules/restserver/src/main/resources/reference.conf

@@ -31,6 +31,52 @@ docspell.server {
     session-valid = "5 minutes"
   }
 
+  # This endpoint allows to upload files to any collective. The
+  # intention is that local software integrates with docspell more
+  # easily. Therefore the endpoint is not protected by the usual
+  # means.
+  #
+  # For security reasons, this endpoint is disabled by default. If
+  # enabled, you can choose from some ways to protect it. It may be a
+  # good idea to further protect this endpoint using a firewall, such
+  # that outside traffic is not routed.
+  #
+  # NOTE: If all protection methods are disabled, the endpoint is not
+  # protected at all!
+  integration-endpoint {
+    enabled = false
+
+    # The priority to use when submitting files through this endpoint.
+    priority = "low"
+
+    # IPv4 addresses to allow access. An empty list, if enabled,
+    # prohibits all requests. IP addresses may be specified as simple
+    # globs: a part marked as `*' matches any octet, like in
+    # `192.168.*.*`. The `127.0.0.1' (the default) matches the
+    # loopback address.
+    allowed-ips {
+      enabled = true
+      ips = [ "127.0.0.1" ]
+    }
+
+    # Requests are expected to use http basic auth when uploading
+    # files.
+    http-basic {
+      enabled = false
+      realm = "Docspell Integration"
+      user = "docspell-int"
+      password = "docspell-int"
+    }
+
+    # Requests are expected to supply some specific header when
+    # uploading files.
+    http-header {
+      enabled = false
+      header-name = "Docspell-Integration"
+      header-value = "some-secret"
+    }
+  }
+
   # Configuration for the backend.
   backend {