feat: do log ips

.gitignore

@@ -3,3 +3,4 @@
 coverage
 .notes
 uploads
+bin

Makefile

@@ -0,0 +1,59 @@
+COVERAGE_DIR := coverage
+BIN_DIR := ./bin
+MAIN := ./cmd/http/main.go
+APP_NAME := prosody_password
+
+lint:
+	golangci-lint run ./...
+goreportcard:
+	goreportcard-cli -v
+test: 
+	go test ./...
+test-coverage:
+	rm -rf ${COVERAGE_DIR}
+	mkdir ${COVERAGE_DIR}
+	go test -v -coverprofile ${COVERAGE_DIR}/cover.out ./...
+	go tool cover -html ${COVERAGE_DIR}/cover.out -o ${COVERAGE_DIR}/cover.html
+
+
+.PHONY: local_run
+local_run:
+	go run ./cmd/main.go --dir "$(DIR)" --bucket "$(BUCKET)"
+
+.PHONY: build_linux_amd64
+build_linux_amd64:
+	@mkdir -p $(BIN_DIR)
+	GOOS=linux GOARCH=amd64 go build -o $(BIN_DIR)/$(APP_NAME)_linux_amd64 $(MAIN)
+
+.PHONY: build_linux_arm64
+build_linux_arm64:
+	@mkdir -p $(BIN_DIR)
+	GOOS=linux GOARCH=arm64 go build -o $(BIN_DIR)/$(APP_NAME)_linux_arm64 $(MAIN)
+
+.PHONY: build_windows_amd64
+build_windows_amd64:
+	@mkdir -p $(BIN_DIR)
+	GOOS=windows GOARCH=amd64 go build -o $(BIN_DIR)/$(APP_NAME)_windows_amd64.exe $(MAIN)
+
+.PHONY: build_windows_386
+build_windows_386:
+	@mkdir -p $(BIN_DIR)
+	GOOS=windows GOARCH=386 go build -o $(BIN_DIR)/$(APP_NAME)_windows_386.exe $(MAIN)
+
+.PHONY: build_mac_amd64
+build_mac_amd64:
+	@mkdir -p $(BIN_DIR)
+	GOOS=darwin GOARCH=amd64 go build -o $(BIN_DIR)/$(APP_NAME)_mac_amd64 $(MAIN)
+
+.PHONY: build_mac_arm64
+build_mac_arm64:
+	@mkdir -p $(BIN_DIR)
+	GOOS=darwin GOARCH=arm64 go build -o $(BIN_DIR)/$(APP_NAME)_mac_arm64 $(MAIN)
+
+.PHONY: clean
+clean:
+	rm -rf $(BIN_DIR)
+
+.PHONY: rebuild
+#rebuild: clean build_linux_amd64 build_linux_arm64 build_windows_amd64 build_windows_386 build_mac_amd64 build_mac_arm64
+rebuild: clean build_linux_amd64 build_windows_amd64 build_windows_386 build_mac_amd64

README.md

@@ -0,0 +1,73 @@
+# Prosody Password Manager
+This project provides a web interface to change the password for XMPP accounts managed by Prosody. It interfaces with the Prosody server to securely handle password changes.
+
+## Project Structure
+```bash
+.
+├── cmd
+│   └── http
+│       ├── main.go
+│       └── views
+│           ├── error.hbs
+│           ├── index.hbs
+│           ├── styles.hbs
+│           └── success.hbs
+├── go.mod
+├── go.sum
+├── internal
+│   ├── api
+│   │   ├── handler
+│   │   │   ├── helper.go
+│   │   │   └── prosody_hdl.go
+│   │   └── server.go
+│   └── services
+│       ├── fail2ban
+│       │   └── fail.go
+│       └── prosody
+│           ├── account.go
+│           ├── change_password.go
+│           ├── change_password_test.go
+│           └── prosody.go
+├── kit
+│   ├── config
+│   │   └── config.go
+│   └── path.go
+└── LICENSE
+```
+
+## Key Files
+
+- **logic** to change the password in the Prosody server. It interfaces with the Prosody server's command-line tools and verifies the current password before making any changes.
+
+- **prosody.go**: Provides utility functions related to the Prosody server, including constructing paths to account data files.
+
+- **account.go**: Contains utility functions to load account details from Prosody's data files.
+
+- **server.go**: Sets up the web server, routes, and middleware for the application.
+
+- **main.go**: The entry point of the application. It initializes the services and starts the web server.
+
+## Requirements
+
+- **Prosody Server**: Ensure that the Prosody server is installed and running on your machine. This application interfaces with Prosody's command-line tools to manage XMPP accounts.
+
+- **Environment Variables**: The application requires certain environment variables to be set. These can be provided directly or through a **.env** file. The required variables are:
+    - **DOMAIN**: The domain for the Prosody server (e.g., **xmpp.example.com**).
+    - **API_PORT** (optional): The port on which the web server will run. Defaults to **8080** if not provided.
+    - **VIEWS** (optional): The path to the directory containing view templates. Defaults to **./views** if not provided.
+
+## Setup & Running
+
+1. Ensure you have Go installed on your machine.
+2. Clone the repository.
+3. Navigate to the project directory.
+4. Run the application using:
+
+```bash
+go run cmd/http/main.go
+```
+
+Visit **http://localhost:<API_PORT>** in your browser to access the password change interface.
+
+## Contributing
+If you'd like to contribute to this project, please fork the repository and submit a pull request.

cmd/http/main.go

@@ -36,7 +36,9 @@ func main() {
 
 	log.Println("on shutdown")
 	if restServer != nil {
-		restServer.Shutdown()
+		if err := restServer.Shutdown(); err != nil {
+			panic(err)
+		}
 	}
 	log.Println("gracefully shutdown")
 

go.mod

@@ -1,6 +1,6 @@
 module gitea.urkob.com/urko/prosody-password
 
-go 1.20
+go 1.22
 
 require (
 	gitea.urkob.com/urko/go-root-dir v0.0.0-20230311113851-2f6d4355888a
@@ -8,12 +8,14 @@ require (
 	github.com/gofiber/template/handlebars/v2 v2.1.3
 	github.com/joho/godotenv v1.5.1
 	github.com/kelseyhightower/envconfig v1.4.0
+	github.com/stretchr/testify v1.8.2
 	github.com/xdg-go/pbkdf2 v1.0.0
 )
 
 require (
 	github.com/andybalholm/brotli v1.0.5 // indirect
 	github.com/aymerick/raymond v2.0.2+incompatible // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/gofiber/template v1.8.2 // indirect
 	github.com/gofiber/utils v1.1.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
@@ -22,6 +24,7 @@ require (
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/philhofer/fwd v1.1.2 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/savsgio/dictpool v0.0.0-20221023140959-7bf2e61cea94 // indirect
 	github.com/savsgio/gotils v0.0.0-20230208104028-c358bd845dee // indirect
@@ -30,4 +33,5 @@ require (
 	github.com/valyala/fasthttp v1.47.0 // indirect
 	github.com/valyala/tcplisten v1.0.0 // indirect
 	golang.org/x/sys v0.9.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -4,7 +4,9 @@ github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/
 github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/aymerick/raymond v2.0.2+incompatible h1:VEp3GpgdAnv9B2GFyTvqgcKvY+mfKMjPOA3SbKLtnU0=
 github.com/aymerick/raymond v2.0.2+incompatible/go.mod h1:osfaiScAUVup+UC9Nfq76eWqDhXlp+4UYaA8uhTBO6g=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/gofiber/fiber/v2 v2.47.0 h1:EN5lHVCc+Pyqh5OEsk8fzRiifgwpbrP0rulQ4iNf3fs=
 github.com/gofiber/fiber/v2 v2.47.0/go.mod h1:mbFMVN1lQuzziTkkakgtKKdjfsXSw9BKR5lmcNksUoU=
 github.com/gofiber/template v1.8.2 h1:PIv9s/7Uq6m+Fm2MDNd20pAFFKt5wWs7ZBd8iV9pWwk=
@@ -32,6 +34,7 @@ github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG
 github.com/philhofer/fwd v1.1.2 h1:bnDivRJ1EWPjUIRXV5KfORO897HTbpFAQddBdE8t7Gw=
 github.com/philhofer/fwd v1.1.2/go.mod h1:qkPdfjR2SIEbspLqpe1tO4n5yICnr2DY7mqEx2tUTP0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/savsgio/dictpool v0.0.0-20221023140959-7bf2e61cea94 h1:rmMl4fXJhKMNWl+K+r/fq4FbbKI+Ia2m9hYBLm2h4G4=
@@ -39,7 +42,13 @@ github.com/savsgio/dictpool v0.0.0-20221023140959-7bf2e61cea94/go.mod h1:90zrgN3
 github.com/savsgio/gotils v0.0.0-20220530130905-52f3993e8d6d/go.mod h1:Gy+0tqhJvgGlqnTF8CVGP0AaGRjwBtXs/a5PA0Y3+A4=
 github.com/savsgio/gotils v0.0.0-20230208104028-c358bd845dee h1:8Iv5m6xEo1NR1AvpV+7XmhI4r39LGNzwUL4YpMuL5vk=
 github.com/savsgio/gotils v0.0.0-20230208104028-c358bd845dee/go.mod h1:qwtSXrKuJh/zsFQ12yEE89xfCrGKK63Rr7ctU/uCo4g=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/tinylib/msgp v1.1.6/go.mod h1:75BAfg2hauQhs3qedfdDZmWAPcFMAvJE5b9rGOMufyw=
 github.com/tinylib/msgp v1.1.8 h1:FCXC1xanKO4I8plpHGH2P7koL/RzZs12l/+r7vakfm0=
 github.com/tinylib/msgp v1.1.8/go.mod h1:qkpG+2ldGg4xRFmx+jfTvZPxfGFhi64BcnL9vkCm/Tw=
@@ -97,5 +106,9 @@ golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

internal/api/handler/prosody_hdl.go

@@ -2,6 +2,7 @@ package handler
 
 import (
 	"fmt"
+	"log"
 
 	"gitea.urkob.com/urko/prosody-password/internal/services/fail2ban"
 	"gitea.urkob.com/urko/prosody-password/internal/services/prosody"
@@ -31,10 +32,14 @@ func (handler ProsodyHandler) Post(c *fiber.Ctx) error {
 	if err := c.BodyParser(&req); err != nil {
 		return RenderError(c, fmt.Errorf(" c.BodyParser(&req): %w", err), defaultErrMessage)
 	}
+	log.Println("request ip", c.IP())
+	log.Println("c.IPs()", c.IPs())
+	req.CurrentPassword = c.FormValue("current_password")
+	req.NewPassword = c.FormValue("new_password")
 	if err := handler.prosodyService.ChangePassword(req.User, req.CurrentPassword, req.NewPassword); err != nil {
-		// for _, ip := range c.IPs() {
+		for _, ip := range c.IPs() {
-		// 	handler.fail2banSrv.FailedAttempt(ip)
+			handler.fail2banSrv.FailedAttempt(ip)
-		// }
+		}
 		return RenderError(c, fmt.Errorf("ChangePassword: %w", err), defaultErrMessage)
 	}
 

internal/api/server.go

@@ -33,6 +33,8 @@ func (s *RestServer) Start(apiPort, views string) error {
 	engine := handlebars.New(views, ".hbs")
 	s.app = fiber.New(fiber.Config{
 		Views:              engine,
+		ProxyHeader:        "X-Forwarded-For",
+		EnableIPValidation: true,
 	})
 
 	s.app.Use(limiter.New(limiter.Config{
@@ -47,7 +49,6 @@ func (s *RestServer) Start(apiPort, views string) error {
 		AllowHeaders:  "Origin, Accept, Content-Type, X-CSRF-Token, Authorization",
 		ExposeHeaders: "Origin",
 	}))
-
 	s.loadViews()
 
 	prosodyHdl := handler.NewProsodyHandler(s.prosodyService, s.fail2banSrv)

internal/services/prosody/account.go

@@ -7,6 +7,7 @@ import (
 )
 
 type account struct {
+	User           string
 	Salt           string `prosody:"salt"`
 	StoredKey      string `prosody:"stored_key"`
 	IterationCount string `prosody:"iteration_count"`
@@ -47,7 +48,9 @@ func (p *Prosody) loadAccount(username string) (*account, error) {
 		}
 	}
 
-	acc := &account{}
+	acc := &account{
+		User: username,
+	}
 	acc.unmarshal(mapValues)
 	return acc, nil
 }

internal/services/prosody/change_password.go

@@ -33,7 +33,7 @@ func (p *Prosody) ChangePassword(user string, currentPwd string, newPwd string)
 		return errors.New("password is incorrect")
 	}
 
-	cmd := exec.Command("/usr/bin/prosodyctl", "passwd", user+"@"+p.plainDomain)
+	cmd := exec.Command("/usr/bin/prosodyctl", "passwd", acc.User+"@"+p.plainDomain)
 	// Create a pipe to write to the process's standard input.
 	stdin, err := cmd.StdinPipe()
 	if err != nil {

internal/services/prosody/change_password_test.go

@@ -0,0 +1,19 @@
+package prosody
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func Test_hashPassword(t *testing.T) {
+	password := "test"
+	salt := "317d9b92-38a4-44fb-b540-099e35fd23f7"
+	accStoredKey := "3e7ac415b43be64e3935d32c447a11fe7a36cb9c"
+	iterationCount := 10000
+	storedKey, err := hashPassword(password, salt, iterationCount)
+	require.NoError(t, err)
+
+	// Compare the hashes
+	require.Equal(t, storedKey, accStoredKey)
+}