Password Compromise Monitoring Tool
Go to file
surtur f2025395b2
All checks were successful
continuous-integration/drone/push Build is passing
go: add basic hibp handling, requests scheduling
* change hibp schema's date field to string, as the date format would
  prevent direct unmarshaling. instead, marshal to string, convert later
* the scheduler is in place in order not to get throttled after going
  over API limit
* the scheduler detects when in testing mode and changes little bits of
  behaviour
* add tests for some basic requests
* run the requests scheduler as a background service during testing
2023-08-22 19:57:48 +02:00
app go: add basic hibp handling, requests scheduling 2023-08-22 19:57:48 +02:00
assets tmpl(users): add table zebra striping [skip ci] 2023-08-08 12:05:14 +02:00
config config: add comments [skip ci] 2023-08-16 16:10:49 +02:00
ent go: add basic hibp handling, requests scheduling 2023-08-22 19:57:48 +02:00
handlers go,tmpl: allow conditionally disabling the sign-up 2023-08-16 15:07:10 +02:00
modules go: add basic hibp handling, requests scheduling 2023-08-22 19:57:48 +02:00
slogging go: change how logger is initialised 2023-08-02 15:26:51 +02:00
templates go,tmpl: allow conditionally disabling the sign-up 2023-08-16 15:07:10 +02:00
.air.toml add support for goreleaser [skip ci] 2023-08-05 15:02:26 +02:00
.dockerignore dockerignore: add node_modules [skip ci] 2023-05-28 20:05:51 +02:00
.drone.yml ci: simplify godocs,goreportcard steps 2023-08-08 15:33:12 +02:00
.editorconfig update .editorconfig [skip ci] 2023-04-12 23:14:21 +02:00
.envrc add support for goreleaser [skip ci] 2023-08-05 15:02:26 +02:00
.gitattributes go: redo asset handling 2023-05-08 00:13:33 +02:00
.gitignore add support for goreleaser [skip ci] 2023-08-05 15:02:26 +02:00
.golangci.yml ci: bump golanci-lint to v1.53.3 2023-07-19 21:33:49 +02:00
.goreleaser.yaml add support for goreleaser [skip ci] 2023-08-05 15:02:26 +02:00
.hadolint.yaml feat: add license headers (+spdx id) 2023-05-20 20:15:57 +02:00
.pre-commit-config.yaml pre-commit-config: use check-added-large-files ... 2023-08-19 04:36:24 +02:00
atlas.hcl add atlas.hcl [skip ci] 2023-08-14 14:56:46 +02:00
bs.js add user listing 2023-05-22 03:22:58 +02:00
Containerfile containerfile: bump base to alpine3.18 (also npm) 2023-08-08 13:33:50 +02:00
devenv.lock devenv: bump nixpkgs to 4a56ce9 2023-08-03 14:38:27 +02:00
devenv.nix feat: bump configuration schema to 0.0.1-rc.2 2023-05-21 12:44:18 +02:00
devenv.yaml nix: add devenv 2023-05-05 19:43:28 +02:00
Dockerfile ci,just,pre-commit: add Containerfile 2023-05-20 18:05:26 +02:00
embed.go feat: add license headers (+spdx id) 2023-05-20 20:15:57 +02:00
error.go go(run.go): add a way to load local breach data 2023-08-10 19:06:13 +02:00
exampleConfig.dhall feat: bump configuration schema to 0.0.1-rc.2 2023-05-21 12:44:18 +02:00
flag.go go: mv flags to flag.go 2023-08-13 17:00:46 +02:00
gen.go feat: add license headers (+spdx id) 2023-05-20 20:15:57 +02:00
go.mod go: add handling of argon2 to the password module 2023-08-19 04:28:00 +02:00
go.sum go: add handling of argon2 to the password module 2023-08-19 04:28:00 +02:00
justfile justfile,readme: bump postgres to 15.3-alpine3.18 2023-08-08 13:54:13 +02:00
LICENSE initial commit 2023-01-30 20:19:53 +01:00
main.go go: change how logger is initialised 2023-08-02 15:26:51 +02:00
package-lock.json chore: bump npm deps 2023-08-10 23:18:51 +02:00
package.json go: redo asset handling 2023-05-08 00:13:33 +02:00
README.md readme: add icon [skip ci] 2023-08-14 17:07:22 +02:00
run_test.go feat: add license headers (+spdx id) 2023-05-20 20:15:57 +02:00
run.go go: implement import of local breach data 2023-08-20 05:20:33 +02:00
svgo.config.js feat: add license headers (+spdx id) 2023-05-20 20:15:57 +02:00
tailwind.config.js add user listing 2023-05-22 03:22:58 +02:00

pcmt

Password Compromise Monitoring Tool

pre-commit Build Status Go Report Card Go Documentation Docker Image Version Docker Image Size (tag) Docker pulls

🚧 note: this project is being developed as a part of my thesis and is currently a work in progress. 🚧

pcmt Gopher logo
pcmt Gopher logo based on the Egon Elbre's awesome Gopher designs.

Who is this good for

it might come in handy to anybody willing to operate this application for family, a group of friends, a university faculty or even just for themselves.

What even is this

Password Compromise Monitoring Tool offers a frictionless way to check credentials for potential compromise. of course, the application cannot possibly know it all, which is why no indication of compromise does not necessarily amount to no compromise.

How to try this out

with podman and just installed, run the following, only supplanting the mt-pcmt:<tag> with either testbuild or one of the recent tagged releases:

# build the image locally using kaniko.
just kaniko

# start postgres.
just dbstart

# in another terminal, run the application.
# LiveMode=False disables loading assets and templates from the filesystem and
# instead uses the embedded resources.
podman run --rm -it -e PCMT_DBTYPE=postgres \
    -e PCMT_CONNSTRING="host=127.0.0.1 port=5432 sslmode=disable dbname=postgres password=postgres"
    -e PCMT_LIVE=False docker.io/immawanderer/mt-pcmt:<tag> \
    -config /etc/pcmt/config.dhall

while the above runs fine, running in pods is better and more close to a production setting (assuming rootless Podman setup):

# create a pod 🦭.
podman pod create --userns=keep-id -p3005:3000 --name pcmt

# if you have the db from the previous example still running, terminate it by
# pressing ^C or running the following:
just dbstop

# run a db in the pod.
podman run --pod pcmt --replace -d --name "pcmt-pg" --rm \
    -e POSTGRES_INITDB_ARGS="--auth-host=scram-sha-256 --auth-local=scram-sha-256" \
    -e POSTGRES_PASSWORD=postgres -v $PWD/tmp/db:/var/lib/postgresql/data \
    docker.io/library/postgres:15.3-alpine3.18

# run the application in the pod (assuming that you have built it as in the
# previous example). do note that we're connecting to the db using its
# container name, while localhost would also work. inside the pod, every
# container is reachable on localhost.
podman run --pod pcmt --replace --name pcmt-og -d --rm \
    -e PCMT_LIVE=False \
    -e PCMT_DBTYPE="postgres" \
    -e PCMT_CONNSTRING="host=pcmt-pg port=5432 sslmode=disable user=postgres dbname=postgres password=postgres" \
    -v $PWD/config.dhall:/config.dhall:ro \
    docker.io/immawanderer/mt-pcmt:<tag> -config /config.dhall

# also, if we try to connect to the db from the host we get an error (unless
# there is another database running on localhost already, such as the one from
# the previous example).

curl localhost:5432
--> curl: (7) Failed to connect to localhost port 5432 after 0 ms: Couldn't connect to server

# that is because the database port has not been exposed from the pod (recall
# the pod creation command).

Custom config

Make sure to check out the Dhall configuration schema to see what's possible, or have a look at the example config.

If you're new to Dhall, its documentation page is a good resource to start at.

Run modes

there are toggles that affect how the application behaves, and they can both be supplied either as environment variables prefixed with PCMT_ or in the configuration file:

  • LiveMode
  • DevelMode

live mode makes the application load all assets from persistent storage, i.e. it no assets embedded at build time are used (so make sure to supply your own).

devel mode is mainly useful in development or when debugging. it makes the application reload the templates at every request and automatically increases log levels.

🔨 Building from sources

pre-requisites:

the application consists of frontend and backend. the frontend is basically a generated TailwindCSS stylesheet and it is not shipped as part of the development process. as such, it needs to be built from sources just the same as the backend.

step 0: clone this repository with git

step 1: build the frontend using just tw or just frontend

step 2: finally, build the Go application using:

# debugging version.
just build

# or with debugging information stripped.
just buildrelease

step 1-alt: build both frontend and backend in release modes using: just prod.

the order of the steps is important as the application embeds the generated stylesheet.

if you plan to run the application in LiveMode, the stylesheet can be supplied when running the application; however, the binary will lack the way to fall back to the embedded asset so bear that in mind.

if you're curious, you can open the justfile to see the details of the build targets (such as tw and buildrelease) used above.

⚖️ LICENSE

AGPL-3.0-only (see LICENSE for details).