feat: add fail2ban service

internal/api/handler/prosody_hdl.go

@@ -3,18 +3,21 @@ package handler
 import (
 	"fmt"
 
+	"gitea.urkob.com/urko/prosody-password/internal/services/fail2ban"
 	"gitea.urkob.com/urko/prosody-password/internal/services/prosody"
 	"github.com/gofiber/fiber/v2"
 )
 
-func NewProsodyHandler(prosodyService *prosody.Prosody) ProsodyHandler {
-	return ProsodyHandler{
-		prosodyService: prosodyService,
-	}
-}
-
 type ProsodyHandler struct {
 	prosodyService *prosody.Prosody
+	fail2banSrv    *fail2ban.Fail2Ban
+}
+
+func NewProsodyHandler(prosodyService *prosody.Prosody, fail2banSrv *fail2ban.Fail2Ban) ProsodyHandler {
+	return ProsodyHandler{
+		prosodyService: prosodyService,
+		fail2banSrv:    fail2banSrv,
+	}
 }
 
 type changePasswordReq struct {
@@ -30,6 +33,9 @@ func (handler ProsodyHandler) Post(c *fiber.Ctx) error {
 	}
 
 	if err := handler.prosodyService.ChangePassword(req.User, req.CurrentPassword, req.NewPassword); err != nil {
+		for _, ip := range c.IPs() {
+			handler.fail2banSrv.FailedAttempt(ip)
+		}
 		return RenderError(c, fmt.Errorf("ChangePassword: %w", err), defaultErrMessage)
 	}
 

internal/api/server.go

@@ -1,9 +1,11 @@
 package api
 
 import (
+	"fmt"
 	"log"
 
 	"gitea.urkob.com/urko/prosody-password/internal/api/handler"
+	"gitea.urkob.com/urko/prosody-password/internal/services/fail2ban"
 	"gitea.urkob.com/urko/prosody-password/internal/services/prosody"
 	"github.com/gofiber/fiber/v2"
 	"github.com/gofiber/fiber/v2/middleware/cors"
@@ -13,13 +15,16 @@ import (
 type RestServer struct {
 	app            *fiber.App
 	prosodyService *prosody.Prosody
+	fail2banSrv    *fail2ban.Fail2Ban
 }
 
 func NewRestServer(
 	prosodyService *prosody.Prosody,
+	fail2banSrv *fail2ban.Fail2Ban,
 ) *RestServer {
 	return &RestServer{
 		prosodyService: prosodyService,
+		fail2banSrv:    fail2banSrv,
 	}
 }
 
@@ -39,8 +44,14 @@ func (s *RestServer) Start(apiPort, views string) error {
 
 	s.loadViews()
 
-	prosodyHdl := handler.NewProsodyHandler(s.prosodyService)
+	prosodyHdl := handler.NewProsodyHandler(s.prosodyService, s.fail2banSrv)
 	s.app.Post("/changePassword", func(c *fiber.Ctx) error {
+		for _, ip := range c.IPs() {
+			if !s.fail2banSrv.CanChangePassword(ip) {
+				return handler.RenderError(c, fmt.Errorf("id is empty"), "Too many tries, blocked for 1h")
+			}
+		}
+
 		return prosodyHdl.Post(c)
 	})