Add environment configuration and implement token cleanup service

Author: yakuter

env.example

@@ -0,0 +1,74 @@
+# Passwall Server Environment Variables
+# Copy this file to .env and fill in your actual values
+# NEVER commit .env to git!
+
+# ===================================
+# SERVER CONFIGURATION
+# ===================================
+SERVER_PORT=3625
+SERVER_ENV=production
+SERVER_DOMAIN=https://your-domain.com
+SERVER_TIMEOUT=30
+
+# CRITICAL: Generate a strong random secret for JWT tokens
+# Example: openssl rand -base64 64
+SERVER_SECRET=your-super-secret-jwt-key-here-use-openssl-rand-base64-64
+
+# CRITICAL: Generate a strong passphrase for encryption
+# Example: openssl rand -base64 32
+SERVER_PASSPHRASE=your-encryption-passphrase-here
+
+# Token expiration durations (examples: 15m, 1h, 24h, 7d)
+SERVER_ACCESS_TOKEN_EXPIRE_DURATION=15m
+SERVER_REFRESH_TOKEN_EXPIRE_DURATION=24h
+
+# Generated password length for password manager
+SERVER_GENERATED_PASSWORD_LENGTH=16
+
+# ===================================
+# DATABASE CONFIGURATION
+# ===================================
+DATABASE_NAME=passwall
+DATABASE_USERNAME=postgres
+DATABASE_PASSWORD=your-database-password
+DATABASE_HOST=localhost
+DATABASE_PORT=5432
+DATABASE_DBMS=postgres
+DATABASE_SSL_MODE=disable
+DATABASE_LOG_MODE=false
+
+# ===================================
+# EMAIL CONFIGURATION
+# ===================================
+# SMTP Settings
+EMAIL_HOST=smtp.example.com
+EMAIL_PORT=587
+EMAIL_USERNAME=your-email@example.com
+EMAIL_PASSWORD=your-email-password
+EMAIL_FROM_EMAIL=no-reply@passwall.io
+EMAIL_FROM_NAME=Passwall
+EMAIL_API_KEY=your-email-api-key-if-needed
+
+# ===================================
+# BACKUP CONFIGURATION
+# ===================================
+BACKUP_FOLDER=./store/backup
+BACKUP_ROTATION=7
+BACKUP_PERIOD=1440
+
+# ===================================
+# SECURITY NOTES
+# ===================================
+# 1. Generate strong random secrets:
+#    - JWT Secret: openssl rand -base64 64
+#    - Passphrase: openssl rand -base64 32
+#
+# 2. Use environment variables in production
+#
+# 3. Enable SSL/TLS in production:
+#    - DATABASE_SSL_MODE=require
+#    - Use HTTPS domain
+#
+# 4. Change all default passwords
+#
+# 5. Revoke and regenerate email API keys if compromised

internal/cleanup/token_cleanup.go

@@ -0,0 +1,72 @@
+package cleanup
+
+import (
+	"context"
+	"time"
+
+	"github.com/passwall/passwall-server/internal/repository"
+	"github.com/passwall/passwall-server/pkg/logger"
+)
+
+// TokenCleanup handles periodic cleanup of expired tokens
+type TokenCleanup struct {
+	tokenRepo repository.TokenRepository
+	interval  time.Duration
+	stopChan  chan struct{}
+}
+
+// NewTokenCleanup creates a new token cleanup service
+func NewTokenCleanup(tokenRepo repository.TokenRepository, interval time.Duration) *TokenCleanup {
+	return &TokenCleanup{
+		tokenRepo: tokenRepo,
+		interval:  interval,
+		stopChan:  make(chan struct{}),
+	}
+}
+
+// Start begins the periodic cleanup process
+func (tc *TokenCleanup) Start(ctx context.Context) {
+	logger.Infof("Token cleanup started with interval: %v", tc.interval)
+
+	// Run cleanup immediately on start
+	tc.cleanup(ctx)
+
+	ticker := time.NewTicker(tc.interval)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ticker.C:
+			tc.cleanup(ctx)
+		case <-tc.stopChan:
+			logger.Infof("Token cleanup stopped")
+			return
+		case <-ctx.Done():
+			logger.Infof("Token cleanup stopped due to context cancellation")
+			return
+		}
+	}
+}
+
+// Stop stops the cleanup process
+func (tc *TokenCleanup) Stop() {
+	close(tc.stopChan)
+}
+
+// cleanup performs the actual cleanup operation
+func (tc *TokenCleanup) cleanup(ctx context.Context) {
+	logger.Infof("Running token cleanup...")
+
+	deletedCount, err := tc.tokenRepo.DeleteExpired(ctx)
+	if err != nil {
+		logger.Errorf("Failed to delete expired tokens: %v", err)
+		return
+	}
+
+	if deletedCount > 0 {
+		logger.Infof("Successfully deleted %d expired tokens", deletedCount)
+	} else {
+		logger.Debugf("No expired tokens found")
+	}
+}
+

internal/core/app.go

@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
+	"github.com/passwall/passwall-server/internal/cleanup"
 	"github.com/passwall/passwall-server/internal/config"
 	httpHandler "github.com/passwall/passwall-server/internal/handler/http"
 	"github.com/passwall/passwall-server/internal/repository/gormrepo"
@@ -21,9 +22,12 @@ import (
 
 // App represents the application
 type App struct {
-	config *config.Config
-	db     database.Database
-	server *http.Server
+	config       *config.Config
+	db           database.Database
+	server       *http.Server
+	tokenCleanup *cleanup.TokenCleanup
+	cleanupCtx   context.Context
+	cleanupStop  context.CancelFunc
 }
 
 // New creates a new application instance
@@ -130,6 +134,13 @@ func (a *App) Run() error {
 		IdleTimeout:  60 * time.Second,
 	}
 
+	// Initialize token cleanup service (runs every hour)
+	a.tokenCleanup = cleanup.NewTokenCleanup(tokenRepo, 1*time.Hour)
+	a.cleanupCtx, a.cleanupStop = context.WithCancel(context.Background())
+
+	// Start token cleanup in background
+	go a.tokenCleanup.Start(a.cleanupCtx)
+
 	// Start server in a goroutine
 	go func() {
 		logger.Infof("Server starting on %s", addr)
@@ -153,6 +164,12 @@ func (a *App) waitForShutdown() error {
 	logger.Infof("Shutting down server...")
 	fmt.Println("\n⏳ Shutting down gracefully...")
 
+	// Stop token cleanup
+	if a.cleanupStop != nil {
+		a.cleanupStop()
+		logger.Infof("Token cleanup stopped")
+	}
+
 	// Give outstanding requests 5 seconds to complete
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()

internal/core/router.go

@@ -2,6 +2,7 @@ package core
 
 import (
 	"net/http"
+	"time"
 
 	"github.com/gin-gonic/gin"
 	httpHandler "github.com/passwall/passwall-server/internal/handler/http"
@@ -37,12 +38,21 @@ func SetupRouter(
 		c.JSON(http.StatusOK, gin.H{"status": "ok"})
 	})
 
+	// Rate limiters for auth endpoints
+	// SignIn/SignUp: 5 requests per minute per IP (prevents brute force)
+	authRateLimiter := httpHandler.NewRateLimiter(12*time.Second, 5)
+	// Refresh token: 10 requests per minute per IP
+	refreshRateLimiter := httpHandler.NewRateLimiter(6*time.Second, 10)
+
 	// Auth routes (no auth middleware)
 	authGroup := router.Group("/auth")
 	{
-		authGroup.POST("/signup", authHandler.SignUp)
-		authGroup.POST("/signin", authHandler.SignIn)
-		authGroup.POST("/refresh", authHandler.RefreshToken)
+		// Rate-limited endpoints
+		authGroup.POST("/signup", httpHandler.RateLimitMiddleware(authRateLimiter), authHandler.SignUp)
+		authGroup.POST("/signin", httpHandler.RateLimitMiddleware(authRateLimiter), authHandler.SignIn)
+		authGroup.POST("/refresh", httpHandler.RateLimitMiddleware(refreshRateLimiter), authHandler.RefreshToken)
+		
+		// No rate limit on token check (it's already authenticated)
 		authGroup.POST("/check", authHandler.CheckToken)
 	}
 

internal/handler/http/ratelimit.go

@@ -0,0 +1,115 @@
+package http
+
+import (
+	"net/http"
+	"sync"
+	"time"
+
+	"github.com/gin-gonic/gin"
+)
+
+// RateLimiter implements a simple token bucket rate limiter
+type RateLimiter struct {
+	visitors map[string]*Visitor
+	mu       sync.RWMutex
+	rate     time.Duration // Time between requests
+	burst    int           // Maximum burst size
+}
+
+// Visitor represents a client with rate limiting state
+type Visitor struct {
+	lastSeen time.Time
+	tokens   int
+	mu       sync.Mutex
+}
+
+// NewRateLimiter creates a new rate limiter
+// rate: minimum time between requests (e.g., 1 second)
+// burst: maximum number of requests in a burst
+func NewRateLimiter(rate time.Duration, burst int) *RateLimiter {
+	rl := &RateLimiter{
+		visitors: make(map[string]*Visitor),
+		rate:     rate,
+		burst:    burst,
+	}
+
+	// Clean up old visitors every 5 minutes
+	go rl.cleanupVisitors()
+
+	return rl
+}
+
+// Allow checks if a request from the given IP is allowed
+func (rl *RateLimiter) Allow(ip string) bool {
+	rl.mu.Lock()
+	visitor, exists := rl.visitors[ip]
+	if !exists {
+		visitor = &Visitor{
+			lastSeen: time.Now(),
+			tokens:   rl.burst,
+		}
+		rl.visitors[ip] = visitor
+	}
+	rl.mu.Unlock()
+
+	visitor.mu.Lock()
+	defer visitor.mu.Unlock()
+
+	now := time.Now()
+	timePassed := now.Sub(visitor.lastSeen)
+
+	// Refill tokens based on time passed
+	tokensToAdd := int(timePassed / rl.rate)
+	if tokensToAdd > 0 {
+		visitor.tokens += tokensToAdd
+		if visitor.tokens > rl.burst {
+			visitor.tokens = rl.burst
+		}
+		visitor.lastSeen = now
+	}
+
+	// Check if request is allowed
+	if visitor.tokens > 0 {
+		visitor.tokens--
+		return true
+	}
+
+	return false
+}
+
+// cleanupVisitors removes visitors that haven't been seen in a while
+func (rl *RateLimiter) cleanupVisitors() {
+	ticker := time.NewTicker(5 * time.Minute)
+	defer ticker.Stop()
+
+	for range ticker.C {
+		rl.mu.Lock()
+		for ip, visitor := range rl.visitors {
+			visitor.mu.Lock()
+			if time.Since(visitor.lastSeen) > 10*time.Minute {
+				delete(rl.visitors, ip)
+			}
+			visitor.mu.Unlock()
+		}
+		rl.mu.Unlock()
+	}
+}
+
+// RateLimitMiddleware creates a rate limiting middleware
+func RateLimitMiddleware(limiter *RateLimiter) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		ip := c.ClientIP()
+
+		if !limiter.Allow(ip) {
+			c.JSON(http.StatusTooManyRequests, gin.H{
+				"error":   "Rate limit exceeded",
+				"message": "Too many requests. Please try again later.",
+			})
+			c.Abort()
+			return
+		}
+
+		c.Next()
+	}
+}
+

internal/repository/gormrepo/token.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/passwall/passwall-server/internal/domain"
 	"github.com/passwall/passwall-server/internal/repository"
+	"github.com/passwall/passwall-server/pkg/hash"
 	uuid "github.com/satori/go.uuid"
 	"gorm.io/gorm"
 )
@@ -33,10 +34,14 @@ func (r *tokenRepository) GetByUUID(ctx context.Context, uuid string) (*domain.T
 }
 
 func (r *tokenRepository) Create(ctx context.Context, userID int, tokenUUID uuid.UUID, token string, expiryTime time.Time) error {
+	// SECURITY: Hash the token before storing in database
+	// This prevents token theft if database is compromised
+	hashedToken := hash.SHA256(token)
+
 	t := &domain.Token{
 		UserID:     userID,
 		UUID:       tokenUUID,
-		Token:      token,
+		Token:      hashedToken,
 		ExpiryTime: expiryTime,
 	}
 	return r.db.WithContext(ctx).Create(t).Error
@@ -50,6 +55,11 @@ func (r *tokenRepository) DeleteByUUID(ctx context.Context, uuid string) error {
 	return r.db.WithContext(ctx).Where("uuid = ?", uuid).Delete(&domain.Token{}).Error
 }
 
+func (r *tokenRepository) DeleteExpired(ctx context.Context) (int64, error) {
+	result := r.db.WithContext(ctx).Where("expiry_time < ?", time.Now()).Delete(&domain.Token{})
+	return result.RowsAffected, result.Error
+}
+
 func (r *tokenRepository) Migrate() error {
 	return r.db.AutoMigrate(&domain.Token{})
 }

internal/repository/repository.go

@@ -118,6 +118,7 @@ type TokenRepository interface {
 	Create(ctx context.Context, userID int, uuid uuid.UUID, token string, expiryTime time.Time) error
 	Delete(ctx context.Context, userID int) error
 	DeleteByUUID(ctx context.Context, uuid string) error
+	DeleteExpired(ctx context.Context) (int64, error)
 	Migrate() error
 }