mein bereinigt

README.md

@@ -10,6 +10,8 @@ _a web based password generator, with an API endpoint_
 * copy to clipboard
 * very small docker container, that only contains the application and has minimum attack surface
 * supports DarkMode and LightMode, you can toggle
+* prepared to run behind a reverse-proxy, like traefik.
+* logs in combined log format
 
 ## Demo
 

main.go

@@ -1,30 +1,113 @@
 package main
 
 import (
+	"crypto/rand"
+	"encoding/json"
+	"fmt"
+	"html/template"
+	"log"
+	"net"
+	"net/http"
 	"os"
+	"path/filepath"
 	"strconv"
 	"strings"
 	"sync"
-	"crypto/rand"
-	"html/template"
-	"log"
-	"net/http"
-	"encoding/json"
+	"time"
 )
 
 const (
-	passwordLength = 32
-	chars          = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+	passwordLength            = 32
+	chars                     = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+	startTimeKey   contextKey = "startTime"
 )
 
 var (
-	debug = false
-	templates = make(map[string]*template.Template)
-	AppVersion = "development"
+	debug       = false
+	templates   = make(map[string]*template.Template)
+	AppVersion  = "development"
 	counterFile = "/data/counter.txt"
-	mu sync.Mutex
+	mu          sync.Mutex
 )
 
+type contextKey string
+type responseWriter struct {
+	http.ResponseWriter
+	statusCode int
+}
+
+func (rw *responseWriter) WriteHeader(code int) {
+	rw.statusCode = code
+	rw.ResponseWriter.WriteHeader(code)
+}
+
+func newResponseWriter(w http.ResponseWriter) *responseWriter {
+	return &responseWriter{w, http.StatusOK} // Default 200 OK
+}
+
+func initConfig() {
+	if envFile := os.Getenv("COUNTER_FILE"); envFile != "" {
+		counterFile = envFile
+		log.Printf("counterFile st to %s, by ENV\n", envFile)
+		// Prüfen, ob das Verzeichnis für die Datei existiert
+		dir := filepath.Dir(counterFile)
+		if _, err := os.Stat(dir); os.IsNotExist(err) {
+			log.Printf("WARNUNG: Verzeichnis %s existiert nicht. Counter wird evtl. fehlschlagen.", dir)
+		}
+	}
+
+	envDebug := strings.ToLower(os.Getenv("DEBUG"))
+	if envDebug == "true" || envDebug == "1" {
+		debug = true
+		log.Println("DEBUG-Modus ist aktiviert")
+	}
+}
+
+func LoggingMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		start := time.Now()
+		rw := newResponseWriter(w)
+		next.ServeHTTP(rw, r)
+		duration := time.Since(start)
+		clientIP := getClientIP(r)
+		userAgent := r.UserAgent()
+		// Format: IP - - [Datum] "Method Path Proto" Status Duration User-Agent
+		// "Combined Log Format"
+		log.Printf("%s - - [%s] \"%s %s %s\" %d %v \"%s\"\n",
+			clientIP,
+			time.Now().Format("02/Jan/2006:15:04:05 -0700"),
+			r.Method,
+			r.URL.Path,
+			r.Proto,
+			rw.statusCode,
+			duration,
+			userAgent,
+		)
+	})
+}
+
+func getClientIP(r *http.Request) string {
+	// 1. Prüfe den X-Forwarded-For Header (Standard für Proxies)
+	xForwardedFor := r.Header.Get("X-Forwarded-For")
+	if xForwardedFor != "" {
+		// Der Header kann eine Liste von IPs sein (Client, Proxy1, Proxy2)
+		// Die erste IP in der Liste ist die echte Client-IP
+		ips := strings.Split(xForwardedFor, ",")
+		return strings.TrimSpace(ips[0])
+	}
+
+	// 2. Fallback auf X-Real-IP (oft von Traefik/Nginx gesetzt)
+	xRealIP := r.Header.Get("X-Real-IP")
+	if xRealIP != "" {
+		return xRealIP
+	}
+
+	// 3. Letzter Ausweg: Die direkte IP (wird in deinem Fall die Traefik-IP sein)
+	// RemoteAddr enthält oft auch den Port (z.B. "127.0.0.1:1234")
+	ip, _, _ := net.SplitHostPort(r.RemoteAddr)
+	return ip
+}
+
 // Diese Funktion wird nur intern aufgerufen, wenn der Mutex bereits gesperrt ist
 func getCount() int {
 	data, err := os.ReadFile(counterFile)
@@ -55,29 +138,34 @@ func IncrementPasswordCount() {
 }
 
 func loadTemplates() {
-    // 1. FuncMap definieren
-    funcMap := template.FuncMap{
-        "getAppVersion": func() string { return AppVersion },
-        "getPassCount": func() int { return GetPasswordCount() },
-    }
+	funcMap := template.FuncMap{
+		"getAppVersion": func() string { return AppVersion },
+		"getPassCount":  func() int { return GetPasswordCount() },
+		"isDebug":       func() bool { return debug },
+		"dt": func(startTime time.Time) string {
+			duration := time.Since(startTime)
+			// Gibt die Zeit in Millisekunden mit 2 Nachkommastellen aus, z.B. "1.45ms"
+			return fmt.Sprintf("%.2fms", float64(duration.Nanoseconds())/1e6)
+		},
+	}
 
-    // 2. Templates mit FuncMap laden
-    // Wir nutzen New("base.html"), da base.html meist das Haupt-Layout definiert
-    templates["index.html"] = template.Must(template.New("base.html").Funcs(funcMap).ParseFiles(
-        "templates/base.html", 
-        "templates/index.html",
-    ))
+	templates["index.html"] = template.Must(template.New("base.html").Funcs(funcMap).ParseFiles(
+		"templates/base.html",
+		"templates/index.html",
+	))
 
-    templates["help.html"] = template.Must(template.New("base.html").Funcs(funcMap).ParseFiles(
-        "templates/base.html", 
-        "templates/help.html",
-    ))
+	templates["help.html"] = template.Must(template.New("base.html").Funcs(funcMap).ParseFiles(
+		"templates/base.html",
+		"templates/help.html",
+	))
 
-    log.Printf("Alle Templates erfolgreich geladen")
+	log.Printf("Alle Templates erfolgreich geladen")
 }
 
 func generatePassword() string {
-	if debug { log.Printf("called generatePassword\n") }
+	if debug {
+		log.Printf("called generatePassword\n")
+	}
 	password := make([]byte, passwordLength)
 	_, err := rand.Read(password)
 	if err != nil {
@@ -91,39 +179,60 @@ func generatePassword() string {
 }
 
 func passwordHandler(w http.ResponseWriter, r *http.Request) {
-    if debug { log.Printf("called passwordHandler\n") }
-    password := generatePassword()
-    currentCount := GetPasswordCount()
-    response := map[string]interface{}{
-        "password": password,
-        "count":    currentCount,
-    }
-    w.Header().Set("Content-Type", "application/json")
-    err := json.NewEncoder(w).Encode(response)
-    if err != nil {
-        log.Printf("Fehler beim Senden des JSON: %v", err)
-        http.Error(w, "Interner Fehler", http.StatusInternalServerError)
-        return
-    }
+	if debug {
+		log.Printf("called passwordHandler\n")
+	}
+	password := generatePassword()
+	currentCount := GetPasswordCount()
+	response := map[string]interface{}{
+		"password": password,
+		"count":    currentCount,
+	}
+	w.Header().Set("Content-Type", "application/json")
+	err := json.NewEncoder(w).Encode(response)
+	if err != nil {
+		log.Printf("Fehler beim Senden des JSON: %v", err)
+		http.Error(w, "Interner Fehler", http.StatusInternalServerError)
+		return
+	}
 }
 
 func passwordAPIHandler(w http.ResponseWriter, r *http.Request) {
-	if debug { log.Printf("called passwordHandler\n") }
+	if debug {
+		log.Printf("called passwordHandler\n")
+	}
 	password := generatePassword()
 	w.Header().Set("Content-Type", "text/plain")
 	w.Write([]byte(password))
 }
 
 func indexHandler(w http.ResponseWriter, r *http.Request) {
-	if debug { log.Printf("call indexHandler: Request %s %s\n", r.Method, r.URL) }
-	password := generatePassword()
-	//password := "load..."
-	data := struct {
-		Password string
-	}{
-		Password: password,
+	if debug {
+		log.Printf("call indexHandler: Request %s %s\n", r.Method, r.URL)
+	}
+
+	startTime, ok := r.Context().Value(startTimeKey).(time.Time)
+	if !ok {
+		startTime = time.Now() // Fallback, falls die Middleware mal fehlt
+	}
+
+	password := generatePassword()
+
+	data := struct {
+		Password  string
+		StartTime time.Time
+		Request   *http.Request
+		RealIP    string
+	}{
+		Password:  password,
+		StartTime: startTime,
+		Request:   r,
+		RealIP:    getClientIP(r),
+	}
+
+	if debug {
+		log.Printf("prepare template for index\n")
 	}
-	if debug { log.Printf("prepare template for index\n") }
 	err := templates["index.html"].ExecuteTemplate(w, "base.html", data)
 	if err != nil {
 		log.Printf("Fehler beim Rendern des Templates: %v", err)
@@ -132,7 +241,9 @@ func indexHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func helpHandler(w http.ResponseWriter, r *http.Request) {
-	if debug { log.Printf("call helpHandler\n") }
+	if debug {
+		log.Printf("call helpHandler\n")
+	}
 	err := templates["help.html"].ExecuteTemplate(w, "base.html", nil)
 	if err != nil {
 		log.Printf("Fehler beim Rendern des Templates: %v", err)
@@ -141,15 +252,21 @@ func helpHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func main() {
+	initConfig()
 	loadTemplates()
-	fs := http.FileServer(http.Dir("static"))
-	http.Handle("/static/", http.StripPrefix("/static/", fs))
+	mux := http.NewServeMux()
 
-	http.HandleFunc("/", indexHandler)
-	http.HandleFunc("/api/password", passwordAPIHandler)
-	http.HandleFunc("/json/password", passwordHandler)
-	http.HandleFunc("/help", helpHandler)
+	fs := http.FileServer(http.Dir("static"))
+	mux.Handle("/static/", http.StripPrefix("/static/", fs))
+
+	mux.HandleFunc("/", indexHandler)
+	mux.HandleFunc("/api/password", passwordAPIHandler)
+	mux.HandleFunc("/json/password", passwordHandler)
+	mux.HandleFunc("/help", helpHandler)
+
+	loggingRouter := LoggingMiddleware(mux)
 
 	log.Println("Server läuft auf http://localhost:8080")
-	log.Fatal(http.ListenAndServe(":8080", nil))
+
+	log.Fatal(http.ListenAndServe(":8080", loggingRouter))
 }

misc/MoreUsage.md

@@ -25,21 +25,32 @@ for i in {1..10}; do echo $(curl -s https://passwd.scu.si/api/password); done
 you can build the app yourself like this:
 
 ```
-go build -o password-generator ./
+go build ./
 ```
 
+NOTE: If you build the app manually in go, like shown in this example, it will probably not run, since it misses a writeable `/data` directory.
+You can set the counterFile by environment variable `COUNTER_FILE`, like this:
+```
+COUNTER_FILE=./counter.txt ./Web-Password
+```
 
+## debuging the app
+
+You can turn on debug mode via environment variable `DEBUG`
+```
+DEBUG=true ./Web-Password
+```
 
 # build a docker container
 
 ```
-docker build -t password-generator .
+docker build -t web-password:dev .
 ```
 
 # start the docker container
 
 ```
-docker run -p 8080:8080 password-generator
+docker run -p 8080:8080 -v app_data:/data web-password:dev
 ```
 
 ## docker-compose

misc/docker-compose.yml

@@ -3,6 +3,9 @@ services:
     image: gitea.scu.si/florian.walther/password-generator:latest
     container_name: password-generator
     restart: always
+    environment:
+      - DEBUG=false
+      - COUNTER_FILE=/data/counter.txt
     volumes:
       - ./app_data:/data
     ports:

static/style.css

@@ -211,3 +211,27 @@ a:hover {
   text-decoration: underline;
 }
 
+.debug-banner {
+  position: absolute;
+  top: 1rem;
+  left: 4rem;
+  font-size: 1.2rem;
+  border-radius: 4px;
+  border: 1px solid var(--border-color);
+}
+
+.debug-only {
+    display: none;
+}
+
+.debug-footer {
+  position: absolute;
+  bottom: 4em;
+  left: 0;
+
+}
+
+body.is-debug .debug-only {
+  display: inline-block;
+  border: 1px dashed red;
+}

templates/base.html

@@ -44,11 +44,35 @@
 </head>
 <body>
     <button id="theme-toggle">🌓</button>
+    {{if isDebug}}
+        <div class="debug-banner" style="background: #ffeb3b; color: #000; text-align: center; font-size: 12px; padding: 5px; font-weight: bold;">
+            ⚠️ DEBUG-MODUS AKTIVIERT
+        </div>
+    {{end}}
     {{ block "body" . }}{{end}}
 
+{{if isDebug}}
+<div class="debug-footer" style="background: #333; color: #0f0; font-family: monospace; font-size: 11px; padding: 10px; border-top: 2px solid #0f0;">
+    <div>
+        <strong>DEBUG INFO:</strong> 
+        <span>Ladezeit: {{dt .StartTime}}</span> | 
+        <span>Method: {{.Request.Method}}</span> | 
+        <span>Path: {{.Request.URL.Path}}</span> | 
+        <span>Remote: {{.Request.RemoteAddr}}</span> | 
+        <span>Real IP: {{.RealIP}}</span>
+    </div>
+    <div style="margin-top: 5px; color: #888;">
+        User-Agent: {{.Request.UserAgent}}
+    </div>
+</div>
+{{end}}
+
 <!-- <footer>Version: {{getAppVersion}} | made with golang and ♥️  {{ block "footer" . }}{{ end }}</footer> -->
 <footer>
     <div class="footer-container">
+        <div class="footer-item">
+            <span>Ladezeit: {{dt .StartTime}}</span> 
+        </div>
         <div class="footer-item">
             Passwörter generiert: <span id="global-counter">{{getPassCount}}</span>
         </div>