Merge branch 'main' of gitea.scu.si:Florian.Walther/Web-Password

.gitea/workflows/docker-build-push.yml

@@ -1,29 +0,0 @@
-name: Docker Build and Push
-#on: [push]
-on:
-  workflow_dispatch:
-
-jobs:
-  build-and-push:
-    runs-on: docker
-    if: branch == 'main'
-    steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v4
-
-      - name: Login to Registry
-        run: |
-          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ secrets.REGISTRY_URL }} -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
-
-      - name: Build Docker Image
-        run: |
-          docker build -t ${{ secrets.REGISTRY_URL }}/FlorianWalther/password-generator:latest .
-
-      - name: Push Docker Image
-        run: |
-          docker push ${{ secrets.REGISTRY_URL }}/FlorianWalther/password-generator:latest
-
-      - name: Cleanup
-        run: |
-          docker system prune -f
-

.gitea/workflows/docker-release.yml

@@ -14,8 +14,8 @@ jobs:
       - name: Login to Gitea
         uses: docker/login-action@v3
         with:
-          registry: ${{ REGISTRY_URL }} # gitea.scu.si
-          username: ${{ gitea.actor }}
+          registry: ${{ vars.REGISTRY_URL }} # gitea.scu.si
+          username: ${{ secrets.REGISTRY_USER }}
           password: ${{ secrets.REGISTRY_PASSWORD }}
 
       - name: Build and push
@@ -26,5 +26,5 @@ jobs:
           # Hier wird die Git-Referenz automatisch als Docker-Tag genutzt
           #tags: gitea.scu.si/florianwalther/password-generator:${{ gitea.ref_name }}
           tags: |
-            gitea.scu.si/florianwalther/password-generator:${{ gitea.ref_name }}
-            gitea.scu.si/florianwalther/password-generator:latest
+            gitea.scu.si/florian.walther/password-generator:${{ gitea.ref_name }}
+            gitea.scu.si/florian.walther/password-generator:latest

README.md

@@ -1,26 +1,40 @@
+# Web-Password
 
-# Funktionsweise
+_a web based password generator, with an API endpoint_
 
-* Passwortgenerierung: Die Anwendung generiert ein 32-stelliges Passwort mit Großbuchstaben, Kleinbuchstaben und Ziffern (entspricht dem Befehl `apg -a 1 -m 32 -n 1 -M NCL`).
-* Zwischenablage: Mit dem Button "In Zwischenablage kopieren" wird das Passwort in die Zwischenablage kopiert.
-* Docker: Der Container enthält nur die Go-Anwendung und keine zusätzliche Linux-Distribution.
+![App Screenshot](img/screenshot.png)
 
+## Features
 
-# Baue die Go-Anwendung
+* generates long and random, secure passwords (read about the [security considerations](SECURITY.md))
+* copy to clipboard
+* very small docker container, that only contains the application and has minimum attack surface
+
+## Demo
+
+There is a demo at [https://passwd.scu.si](https://passwd.scu.si)
+
+## Usage
+
+The following example shows how to get up your own instance with `docker compose`.
 
 ```
-go build -o password-generator ./
+git clone https://gitea.scu.si/FlorianWalther/Web-Password.git
+cd Web-Password
+cp misc/docker-compose.yml ./
+docker compose pull
+docker compose up -d
 ```
 
-# Baue das Docker-Image
+## Docker image
 
+The latest official docker image is at [https://gitea.scu.si/FlorianWalther/-/packages/container/password-generator/latest](https://gitea.scu.si/FlorianWalther/-/packages/container/password-generator/latest)
+
+You can pull it like this:
 ```
-docker build -t password-generator .
+docker pull gitea.scu.si/florian.walther/password-generator:latest
 ```
 
-# Starte den Docker Container
-
-```
-docker run -p 8080:8080 password-generator
-```
+## more usage examples
 
+There are some more usage example in [misc/MoreUsage.md](misc/MoreUsage.md)

SECURITY.md

@@ -0,0 +1,110 @@
+# Security Considerations
+
+---
+
+## 1. Overview
+This document analyzes the security of passwords generated by the application, which uses the following parameters:
+- Length: 32 characters
+- Character set: Uppercase letters (A-Z), lowercase letters (a-z), digits (0-9)
+- No special characters (equivalent to `apg -a 1 -m 32 -n 1 -M NCL`)
+
+---
+
+## 2. Keyspace Analysis
+### 2.1. Character Set and Length
+- Character set size: 26 (uppercase) + 26 (lowercase) + 10 (digits) = **62 possible characters per position**.
+- Password length: 32 characters.
+
+### 2.2. Total Keyspace
+The total number of possible passwords is calculated as:
+62^32 ≈ 1.46 × 10^57
+This means there are **1.46 decillion** possible combinations.
+
+---
+
+## 3. Brute-Force Resistance
+### 3.1. Average Number of Guesses
+On average, an attacker would need to try half of the keyspace to guess the correct password:
+(62^32) / 2 ≈ 7.3 × 10^56 attempts
+
+### 3.2. Time to Crack on Modern Hardware
+| Hardware          | Hashes per Second | Time to Exhaust Keyspace       |
+|-------------------|-------------------|--------------------------------|
+| Modern CPU        | 10 billion        | 7.3 × 10^46 seconds            | ≈ 2.3 × 10^39 years            |
+| Modern GPU        | 100 billion       | 7.3 × 10^45 seconds            | ≈ 2.3 × 10^38 years            |
+
+**Note**: Even with massive parallelization (e.g., botnets or supercomputers), brute-forcing a 32-character password from this keyspace is practically infeasible.
+
+---
+
+## 4. Comparison with Shorter Passwords
+| Length | Keyspace (62 Characters) | Average Guesses       | Time on GPU (100 GigaHashes/s) |
+|--------|--------------------------|-----------------------|-------------------------------|
+| 16     | 4.7 × 10^28              | 2.35 × 10^28          | ~74 years                      |
+| 24     | 1.3 × 10^43              | 6.5 × 10^42           | ~2.1 million years            |
+| 32     | 1.46 × 10^57             | 7.3 × 10^56           | ~2.3 trillion years            |
+
+---
+
+## 5. Threat Model
+### 5.1. Brute-Force Attacks
+- **Conclusion**: Brute-force attacks are not a viable threat for 32-character passwords.
+- **Mitigation**: Ensure the system enforces rate-limiting to prevent automated guessing.
+
+### 5.2. Social Engineering and Side-Channel Attacks
+- **Social Engineering**: Phishing, keyloggers, or shoulder surfing are more realistic threats than brute-force attacks.
+- **Side-Channel Attacks**: Timing attacks or power analysis could theoretically reduce security if the password verification is poorly implemented.
+  - **Mitigation**: Use constant-time comparison functions for password verification.
+
+### 5.3. Password Storage
+- **Hashing**: Always store passwords using strong, adaptive hashing algorithms like:
+  - Argon2 (recommended for new systems)
+  - bcrypt or PBKDF2 (with high work factors)
+- **Salting**: Use a unique salt per password to prevent rainbow table attacks.
+
+---
+
+## 6. Practical Recommendations
+### 6.1. For Users
+- **Password Managers**: Encourage the use of password managers to store and manage generated passwords.
+- **Multi-Factor Authentication (MFA)**: Always enable MFA where possible to add an extra layer of security.
+
+### 6.2. For Developers
+- **Rate Limiting**: Implement rate limiting on authentication endpoints to slow down brute-force attempts.
+- **Secure Transmission**: Ensure passwords are transmitted over TLS/SSL to prevent interception.
+- **Password Policies**: Enforce policies that discourage password reuse and encourage regular updates.
+
+### 6.3. For DFIR and Incident Response
+- **Logging and Monitoring**: Log failed login attempts and monitor for unusual activity.
+- **Incident Response Plan**: Have a plan in place for compromised accounts, including forced password resets and user notification.
+
+---
+
+## 7. Additional Considerations
+### 7.1. Extended Character Set
+If special characters are included (e.g., !@#$%^&*), the keyspace increases to:
+72^32 ≈ 1.9 × 10^60
+This further improves security but is not necessary for most use cases given the already massive keyspace.
+
+### 7.2. Entropy Calculation
+The entropy of a 32-character password from a 62-character set is:
+log2(62^32) ≈ 192.6 bits
+This exceeds the 128-bit security level recommended by NIST for cryptographic applications.
+
+---
+
+## 8. Conclusion
+The passwords generated by this application are extremely secure against brute-force attacks due to their length and character diversity. The primary risks lie in human factors (e.g., phishing, reuse) and implementation flaws (e.g., weak hashing, lack of rate limiting).
+
+For DFIR and high-security environments, combine these passwords with:
+- Multi-Factor Authentication (MFA)
+- Regular audits of authentication logs
+- User education on social engineering risks
+
+---
+
+## 9. References
+- [NIST Special Publication 800-63B](https://pages.nist.gov/800-63-3/sp800-63b.html) (Digital Identity Guidelines)
+- [OWASP Password Storage Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)
+- [Argon2: The Memory-Hard Function for Password Hashing](https://github.com/P-H-C/phc-winner-argon2)
+

main.go

@@ -9,8 +9,22 @@ import (
 
 const (
 	passwordLength = 32
+	// Zeichensatz mit 62 möglichen Zeichen pro Position
 	chars          = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
-	//chars          = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!?$%&=#+<>-:,.;_*@"
+
+        // Zeichensatz mit 58 möglichen Zeichen pro Position
+        // Verwechslungsanfällige Zeichen (0, O, 1, l, I) sind nicht enthalten.
+        //
+        // ## Security Note: ################################################
+        // Der reduzierte Zeichensatz setzt den Keyspace von 10^57 auf 10^56 herab.
+        // Die Entropie wird von ~192.6 Bit auf ~190.6 Bit herabgesetzt.
+        // Solange die Passwortlänge von 32 Zeichen beibehalten wird ist der
+        // Sicherheitsverlust durch einen reduzierten Zeichensatz akzeptabel,
+        // weil der Keyspace immer noch so groß ist dass ein erraten praktisch
+        // unmöglich ist.
+        //
+        //const chars = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnpqrstuvwxyz23456789"
+
 )
 
 func generatePassword() string {
@@ -28,11 +42,14 @@ func generatePassword() string {
 }
 
 func passwordHandler(w http.ResponseWriter, r *http.Request) {
+        log.Printf("APIHandler called from %s\n", r.RemoteAddr)
 	password := generatePassword()
 	fmt.Fprint(w, password)
 }
 
+// new help handler
 func helpHandler(w http.ResponseWriter, r *http.Request) {
+	log.Printf("helpHandler called from %s\n", r.RemoteAddr)
 	helpHTML := `
 	<!DOCTYPE html>
 	<html>
@@ -40,6 +57,34 @@ func helpHandler(w http.ResponseWriter, r *http.Request) {
 		<title>Hilfe</title>
 		<meta name="viewport" content="width=device-width, initial-scale=1.0">
 		<style>
+  :root {
+    --bg-color: #f5f5f5;
+    --text-color: #333;
+    --container-bg: white;
+    --button-bg: #007BFF;
+    --button-hover: #0056b3;
+    --copy-button-bg: #4CAF50;
+    --copy-button-hover: #45a049;
+    --password-bg: #f0f0f0;
+    --border-color: #ddd;
+    --shadow-color: rgba(0, 0, 0, 0.1);
+  }
+
+  @media (prefers-color-scheme: dark) {
+    :root {
+      --bg-color: #121212;
+      --text-color: #e0e0e0;
+      --container-bg: #1e1e1e;
+      --button-bg: #2a7df4;
+      --button-hover: #1a5fb4;
+      --copy-button-bg: #4caf60;
+      --copy-button-hover: #3d8b40;
+      --password-bg: #2d2d2d;
+      --border-color: #444;
+      --shadow-color: rgba(0, 0, 0, 0.3);
+    }
+  }
+
   body {
     font-family: 'Helvetica Neue', Arial, sans-serif;
     display: flex;
@@ -47,35 +92,130 @@ func helpHandler(w http.ResponseWriter, r *http.Request) {
     align-items: center;
     height: 100vh;
     margin: 0;
-				background-color: #f5f5f5;
-				color: #333;
+    background-color: var(--bg-color);
+    color: var(--text-color);
+    transition: background-color 0.3s, color 0.3s;
   }
-			.help-container {
-				text-align: left;
-				background: white;
+
+  .container {
+    text-align: center;
+    background: var(--container-bg);
     padding: 2rem;
     border-radius: 8px;
-				box-shadow: 0 2px 10px rgba(0, 0, 0, 0.1);
-				max-width: 800px;
+    box-shadow: 0 2px 10px var(--shadow-color);
     width: 90%;
     min-width: 600px;
+    position: relative;
   }
+
   h1 {
     font-size: 1.5rem;
     margin-bottom: 1.5rem;
-				color: #444;
+    color: var(--text-color);
   }
-			pre {
+
+  #password {
     font-family: 'Courier New', Courier, monospace;
-				background: #f0f0f0;
+    font-size: 1.2rem;
+    letter-spacing: 1px;
+    margin: 1rem auto;
     padding: 0.8rem;
+    background: var(--password-bg);
     border-radius: 4px;
-				overflow-x: auto;
+    border: 1px solid var(--border-color);
+    width: 90%;
+    word-break: break-all;
+    color: var(--text-color);
   }
-			a {
-				color: #007BFF;
+
+  .copy-button {
+    background: var(--copy-button-bg);
+    color: white;
+    border: none;
+    padding: 0.6rem 1.2rem;
+    font-size: 1rem;
+    border-radius: 4px;
+    cursor: pointer;
+    transition: background 0.2s;
+    margin: 0.3rem;
+  }
+
+  .copy-button:hover {
+    background: var(--copy-button-hover);
+  }
+
+  .renew-button {
+    background: var(--button-bg);
+    color: white;
+    border: none;
+    padding: 0.6rem 1.2rem;
+    font-size: 1rem;
+    border-radius: 4px;
+    cursor: pointer;
+    transition: background 0.2s;
+    margin: 0.3rem;
+  }
+
+  .renew-button:hover {
+    background: var(--button-hover);
+  }
+
+  .help-link {
+    position: absolute;
+    top: 1rem;
+    right: 1rem;
+    font-size: 1.2rem;
+    color: var(--text-color);
+    opacity: 0.7;
     text-decoration: none;
   }
+
+  .help-link:hover {
+    opacity: 1;
+  }
+
+  #toast {
+    visibility: hidden;
+    min-width: 150px;
+    background-color: var(--copy-button-bg);
+    color: white;
+    text-align: center;
+    border-radius: 4px;
+    padding: 0.5rem;
+    position: fixed;
+    top: 20px;
+    right: 20px;
+    z-index: 1;
+    font-size: 0.9rem;
+    box-shadow: 0 2px 10px var(--shadow-color);
+  }
+
+  .help-container {
+    text-align: left;
+    background: var(--container-bg);
+    padding: 2rem;
+    border-radius: 8px;
+    box-shadow: 0 2px 10px var(--shadow-color);
+    max-width: 800px;
+    width: 90%;
+    min-width: 600px;
+    color: var(--text-color);
+  }
+
+  pre {
+    font-family: 'Courier New', Courier, monospace;
+    background: var(--password-bg);
+    padding: 0.8rem;
+    border-radius: 4px;
+    color: var(--text-color);
+    border: 1px solid var(--border-color);
+  }
+
+  a {
+    color: var(--button-bg);
+    text-decoration: none;
+  }
+
   a:hover {
     text-decoration: underline;
   }
@@ -101,6 +241,58 @@ func helpHandler(w http.ResponseWriter, r *http.Request) {
 				<a href="/">Zurück zur Passwort-Generierung</a>
 			</p>
 		</div>
+		<script>
+  // Darkmode-Toggle-Funktion (optional)
+  function toggleDarkMode() {
+    const root = document.documentElement;
+    const isDark = root.style.getPropertyValue('--bg-color') === 'rgb(18, 18, 18)';
+    if (isDark) {
+      // Zu Lightmode wechseln
+      root.style.setProperty('--bg-color', '#f5f5f5');
+      root.style.setProperty('--text-color', '#333');
+      root.style.setProperty('--container-bg', 'white');
+      root.style.setProperty('--button-bg', '#007BFF');
+      root.style.setProperty('--button-hover', '#0056b3');
+      root.style.setProperty('--copy-button-bg', '#4CAF50');
+      root.style.setProperty('--copy-button-hover', '#45a049');
+      root.style.setProperty('--password-bg', '#f0f0f0');
+      root.style.setProperty('--border-color', '#ddd');
+      root.style.setProperty('--shadow-color', 'rgba(0, 0, 0, 0.1)');
+      localStorage.setItem('theme', 'light');
+    } else {
+      // Zu Darkmode wechseln
+      root.style.setProperty('--bg-color', '#121212');
+      root.style.setProperty('--text-color', '#e0e0e0');
+      root.style.setProperty('--container-bg', '#1e1e1e');
+      root.style.setProperty('--button-bg', '#2a7df4');
+      root.style.setProperty('--button-hover', '#1a5fb4');
+      root.style.setProperty('--copy-button-bg', '#4caf60');
+      root.style.setProperty('--copy-button-hover', '#3d8b40');
+      root.style.setProperty('--password-bg', '#2d2d2d');
+      root.style.setProperty('--border-color', '#444');
+      root.style.setProperty('--shadow-color', 'rgba(0, 0, 0, 0.3)');
+      localStorage.setItem('theme', 'dark');
+    }
+  }
+
+  // Prüfe, ob Nutzer eine manuelle Einstellung gespeichert hat
+  if (localStorage.getItem('theme') === 'dark') {
+    toggleDarkMode();
+  } else if (localStorage.getItem('theme') === 'light') {
+    // Stelle sicher, dass Lightmode aktiv ist (falls Systemtheme dark ist)
+    document.documentElement.style.setProperty('--bg-color', '#f5f5f5');
+    document.documentElement.style.setProperty('--text-color', '#333');
+    document.documentElement.style.setProperty('--container-bg', 'white');
+    document.documentElement.style.setProperty('--button-bg', '#007BFF');
+    document.documentElement.style.setProperty('--button-hover', '#0056b3');
+    document.documentElement.style.setProperty('--copy-button-bg', '#4CAF50');
+    document.documentElement.style.setProperty('--copy-button-hover', '#45a049');
+    document.documentElement.style.setProperty('--password-bg', '#f0f0f0');
+    document.documentElement.style.setProperty('--border-color', '#ddd');
+    document.documentElement.style.setProperty('--shadow-color', 'rgba(0, 0, 0, 0.1)');
+  }
+</script>
+
 	</body>
 	</html>
 	`
@@ -108,7 +300,9 @@ func helpHandler(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprint(w, helpHTML)
 }
 
+
 func webHandler(w http.ResponseWriter, r *http.Request) {
+	log.Printf("webHandler called from %s\n", r.RemoteAddr)
 	password := generatePassword()
 html := fmt.Sprintf(
     `<DOCTYPE html>
@@ -117,6 +311,34 @@ html := fmt.Sprintf(
         <title>Passwort-Generator</title>
         <meta name="viewport" content="width=device-width, initial-scale=1.0">
 				<style>
+  :root {
+    --bg-color: #f5f5f5;
+    --text-color: #333;
+    --container-bg: white;
+    --button-bg: #007BFF;
+    --button-hover: #0056b3;
+    --copy-button-bg: #4CAF50;
+    --copy-button-hover: #45a049;
+    --password-bg: #f0f0f0;
+    --border-color: #ddd;
+    --shadow-color: rgba(0, 0, 0, 0.1);
+  }
+
+  @media (prefers-color-scheme: dark) {
+    :root {
+      --bg-color: #121212;
+      --text-color: #e0e0e0;
+      --container-bg: #1e1e1e;
+      --button-bg: #2a7df4;
+      --button-hover: #1a5fb4;
+      --copy-button-bg: #4caf60;
+      --copy-button-hover: #3d8b40;
+      --password-bg: #2d2d2d;
+      --border-color: #444;
+      --shadow-color: rgba(0, 0, 0, 0.3);
+    }
+  }
+
   body {
     font-family: 'Helvetica Neue', Arial, sans-serif;
     display: flex;
@@ -124,38 +346,44 @@ html := fmt.Sprintf(
     align-items: center;
     height: 100vh;
     margin: 0;
-                background-color: #f5f5f5;
-                color: #333;
+    background-color: var(--bg-color);
+    color: var(--text-color);
+    transition: background-color 0.3s, color 0.3s;
   }
+
   .container {
     text-align: center;
-                background: white;
+    background: var(--container-bg);
     padding: 2rem;
     border-radius: 8px;
-                box-shadow: 0 2px 10px rgba(0, 0, 0, 0.1);
-                width: 90%%;
+    box-shadow: 0 2px 10px var(--shadow-color);
+    width: 90%;
     min-width: 600px;
     position: relative;
   }
+
   h1 {
     font-size: 1.5rem;
     margin-bottom: 1.5rem;
-                color: #444;
+    color: var(--text-color);
   }
+
   #password {
     font-family: 'Courier New', Courier, monospace;
     font-size: 1.2rem;
     letter-spacing: 1px;
     margin: 1rem auto;
     padding: 0.8rem;
-                background: #f0f0f0;
+    background: var(--password-bg);
     border-radius: 4px;
-                border: 1px solid #ddd;
-                width: 90%%;
+    border: 1px solid var(--border-color);
+    width: 90%;
     word-break: break-all;
+    color: var(--text-color);
   }
+
   .copy-button {
-                background: #4CAF50;
+    background: var(--copy-button-bg);
     color: white;
     border: none;
     padding: 0.6rem 1.2rem;
@@ -165,11 +393,13 @@ html := fmt.Sprintf(
     transition: background 0.2s;
     margin: 0.3rem;
   }
+
   .copy-button:hover {
-                background: #45a049;
+    background: var(--copy-button-hover);
   }
+
   .renew-button {
-                background: #007BFF;
+    background: var(--button-bg);
     color: white;
     border: none;
     padding: 0.6rem 1.2rem;
@@ -179,29 +409,29 @@ html := fmt.Sprintf(
     transition: background 0.2s;
     margin: 0.3rem;
   }
+
   .renew-button:hover {
-                background: #0056b3;
+    background: var(--button-hover);
   }
+
   .help-link {
     position: absolute;
     top: 1rem;
     right: 1rem;
     font-size: 1.2rem;
-                color: #999;
+    color: var(--text-color);
+    opacity: 0.7;
     text-decoration: none;
   }
+
   .help-link:hover {
-                color: #444;
-            }
-            .buttons {
-                display: flex;
-                justify-content: center;
-                gap: 0.5rem;
+    opacity: 1;
   }
+
   #toast {
     visibility: hidden;
     min-width: 150px;
-                background-color: #4CAF50;
+    background-color: var(--copy-button-bg);
     color: white;
     text-align: center;
     border-radius: 4px;
@@ -211,13 +441,46 @@ html := fmt.Sprintf(
     right: 20px;
     z-index: 1;
     font-size: 0.9rem;
-                box-shadow: 0 2px 10px rgba(0, 0, 0, 0.2);
+    box-shadow: 0 2px 10px var(--shadow-color);
+  }
+
+  .help-container {
+    text-align: left;
+    background: var(--container-bg);
+    padding: 2rem;
+    border-radius: 8px;
+    box-shadow: 0 2px 10px var(--shadow-color);
+    max-width: 800px;
+    width: 90%;
+    min-width: 600px;
+    color: var(--text-color);
+  }
+
+  pre {
+    font-family: 'Courier New', Courier, monospace;
+    background: var(--password-bg);
+    padding: 0.8rem;
+    border-radius: 4px;
+    color: var(--text-color);
+    border: 1px solid var(--border-color);
+  }
+
+  a {
+    color: var(--button-bg);
+    text-decoration: none;
+  }
+
+  a:hover {
+    text-decoration: underline;
   }
         </style>
     </head>
     <body>
         <div class="container">
             <a href="/help" class="help-link">API</a>
+            <button onclick="toggleDarkMode()" style="position: absolute; top: 1rem; left: 1rem; background: transparent; border: none; color: var(--text-color); font-size: 1.2rem; cursor: pointer;">🌓</button>
+
+            <a class="about-link" href="https://gitea.scu.si/FlorianWalther/Web-Password">code</a>
             <h1>Generiertes Passwort</h1>
             <div id="password">%s</div>
             <div class="buttons">
@@ -249,6 +512,58 @@ html := fmt.Sprintf(
                     .catch(error => console.error("Fehler:", error));
             }
         </script>
+				<script>
+  // Darkmode-Toggle-Funktion (optional)
+  function toggleDarkMode() {
+    const root = document.documentElement;
+    const isDark = root.style.getPropertyValue('--bg-color') === 'rgb(18, 18, 18)';
+    if (isDark) {
+      // Zu Lightmode wechseln
+      root.style.setProperty('--bg-color', '#f5f5f5');
+      root.style.setProperty('--text-color', '#333');
+      root.style.setProperty('--container-bg', 'white');
+      root.style.setProperty('--button-bg', '#007BFF');
+      root.style.setProperty('--button-hover', '#0056b3');
+      root.style.setProperty('--copy-button-bg', '#4CAF50');
+      root.style.setProperty('--copy-button-hover', '#45a049');
+      root.style.setProperty('--password-bg', '#f0f0f0');
+      root.style.setProperty('--border-color', '#ddd');
+      root.style.setProperty('--shadow-color', 'rgba(0, 0, 0, 0.1)');
+      localStorage.setItem('theme', 'light');
+    } else {
+      // Zu Darkmode wechseln
+      root.style.setProperty('--bg-color', '#121212');
+      root.style.setProperty('--text-color', '#e0e0e0');
+      root.style.setProperty('--container-bg', '#1e1e1e');
+      root.style.setProperty('--button-bg', '#2a7df4');
+      root.style.setProperty('--button-hover', '#1a5fb4');
+      root.style.setProperty('--copy-button-bg', '#4caf60');
+      root.style.setProperty('--copy-button-hover', '#3d8b40');
+      root.style.setProperty('--password-bg', '#2d2d2d');
+      root.style.setProperty('--border-color', '#444');
+      root.style.setProperty('--shadow-color', 'rgba(0, 0, 0, 0.3)');
+      localStorage.setItem('theme', 'dark');
+    }
+  }
+
+  // Prüfe, ob Nutzer eine manuelle Einstellung gespeichert hat
+  if (localStorage.getItem('theme') === 'dark') {
+    toggleDarkMode();
+  } else if (localStorage.getItem('theme') === 'light') {
+    // Stelle sicher, dass Lightmode aktiv ist (falls Systemtheme dark ist)
+    document.documentElement.style.setProperty('--bg-color', '#f5f5f5');
+    document.documentElement.style.setProperty('--text-color', '#333');
+    document.documentElement.style.setProperty('--container-bg', 'white');
+    document.documentElement.style.setProperty('--button-bg', '#007BFF');
+    document.documentElement.style.setProperty('--button-hover', '#0056b3');
+    document.documentElement.style.setProperty('--copy-button-bg', '#4CAF50');
+    document.documentElement.style.setProperty('--copy-button-hover', '#45a049');
+    document.documentElement.style.setProperty('--password-bg', '#f0f0f0');
+    document.documentElement.style.setProperty('--border-color', '#ddd');
+    document.documentElement.style.setProperty('--shadow-color', 'rgba(0, 0, 0, 0.1)');
+  }
+</script>
+
     </body>
     </html>`,
     password,
@@ -266,4 +581,3 @@ func main() {
 	log.Println("Plain-Text-Passwort: curl http://localhost:8080/api/password")
 	log.Fatal(http.ListenAndServe(":8080", nil))
 }
-

misc/MoreUsage.md

@@ -0,0 +1,87 @@
+## bash alias
+
+You can configure an bash alias in your `~/.bashrc` like this:
+
+```
+## genpasswd alias
+alias genpasswd='echo $(curl -s https://passwd.scu.si/api/password)'
+```
+
+After making above changes you have to reload your ~/bashrc, in order to activate your changes.
+```
+. ~/.bashrc
+```
+
+Now you can enter `genpasswd` and get a fresh password from the API Endpoint.
+
+## get 10 fresh passwords
+
+```bash
+for i in {1..10}; do echo $(curl -s https://passwd.scu.si/api/password); done
+```
+
+# building the app
+
+you can build the app yourself like this:
+
+```
+go build -o password-generator ./
+```
+
+
+
+# build a docker container
+
+```
+docker build -t password-generator .
+```
+
+# start the docker container
+
+```
+docker run -p 8080:8080 password-generator
+```
+
+## docker-compose
+
+There are two example docker-compose files in the [misc](./) directory.
+
+### docker-compose.yml
+
+A basic variant that just brings up the container and export port 8080.
+The basic variant can be used without modifications.
+
+### docker-compose.traefik.yml
+
+The other one is meant to be used behind a traefik reverse proxy.
+This variant has lables to configure traefik accordingly.
+The traefik variant needs to be adjusted to your environment before 
+you can use it successfully.
+
+### initial pull
+
+```
+docker compose pull
+```
+
+### start up
+
+```
+docker compose up -d
+```
+
+### bring down
+
+```
+docker compose down
+```
+
+### update container
+
+In order to update your container to the current version, do this:
+```
+docker compose pull
+docker compose up -d
+```
+
+

misc/docker-compose.traefik.yml

@@ -0,0 +1,22 @@
+services:
+  password-generator:
+    image: gitea.scu.si/florianwalther/password-generator:latest
+    container_name: password-generator
+    restart: always
+    expose:
+      - "8080:8080"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik_backend"
+      - "traefik.http.routers.webpass.rule=Host(`passwd.scu.si`)"
+      - "traefik.http.routers.webpass.entrypoints=web,websecure"
+      - "traefik.http.routers.webpass.tls=true"
+      - "traefik.http.routers.webpass.tls.certresolver=myresolver"
+      - "traefik.http.services.webpass.loadbalancer.server.port=8080"
+    networks:
+      - traefik_backend
+
+networks:
+  traefik_backend:
+    external: true
+