fix: update libs

refactoring pr by shinyzero00

cmd/banforge/command/daemon.go

@@ -30,6 +30,11 @@ var DaemonCmd = &cobra.Command{
 			log.Error("Failed to create request writer", "error", err)
 			os.Exit(1)
 		}
+		reqDb_r, err := storage.NewRequestsRd()
+		if err != nil {
+			log.Error("Failed to create request reader", "error", err)
+			os.Exit(1)
+		}
 		banDb_r, err := storage.NewBanReader()
 		if err != nil {
 			log.Error("Failed to create ban reader", "error", err)
@@ -63,7 +68,7 @@ var DaemonCmd = &cobra.Command{
 			log.Error("Failed to load rules", "error", err)
 			os.Exit(1)
 		}
-		j := judge.New(banDb_r, banDb_w, b, resultCh, entryCh)
+		j := judge.New(banDb_r, banDb_w, reqDb_r, b, resultCh, entryCh)
 		j.LoadRules(r)
 		go j.UnbanChecker()
 		go j.Tribunal()
@@ -112,6 +117,11 @@ var DaemonCmd = &cobra.Command{
 						ssh := parser.NewSshdParser()
 						ssh.Parse(p.Events(), entryCh)
 					}
+					if svc.Name == "apache" {
+						log.Info("Starting apache parser", "service", serviceName)
+						ap := parser.NewApacheParser()
+						ap.Parse(p.Events(), entryCh)
+					}
 				}(pars, svc.Name)
 				continue
 			}
@@ -131,14 +141,18 @@ var DaemonCmd = &cobra.Command{
 					if svc.Name == "nginx" {
 						log.Info("Starting nginx parser", "service", serviceName)
 						ng := parser.NewNginxParser()
-						ng.Parse(p.Events(), resultCh)
+						ng.Parse(p.Events(), entryCh)
 
 					}
 					if svc.Name == "ssh" {
 						log.Info("Starting ssh parser", "service", serviceName)
 						ssh := parser.NewSshdParser()
-						ssh.Parse(p.Events(), resultCh)
+						ssh.Parse(p.Events(), entryCh)
-
+					}
+					if svc.Name == "apache" {
+						log.Info("Starting apache parser", "service", serviceName)
+						ap := parser.NewApacheParser()
+						ap.Parse(p.Events(), entryCh)
 					}
 
 				}(pars, svc.Name)

cmd/banforge/command/fw.go

@@ -13,14 +13,17 @@ import (
 
 var (
 	ttl_fw   string
+	port     int
+	protocol string
 )
+
 var UnbanCmd = &cobra.Command{
 	Use:   "unban",
 	Short: "Unban IP",
 	Run: func(cmd *cobra.Command, args []string) {
+		err := func() error {
 			if len(args) == 0 {
-			fmt.Println("IP can't be empty")
+				return fmt.Errorf("IP can't be empty")
-			os.Exit(1)
 			}
 			if ttl_fw == "" {
 				ttl_fw = "1y"
@@ -28,39 +31,38 @@ var UnbanCmd = &cobra.Command{
 			ip := args[0]
 			db, err := storage.NewBanWriter()
 			if err != nil {
-			fmt.Println(err)
+				return err
-			os.Exit(1)
 			}
 			cfg, err := config.LoadConfig()
 			if err != nil {
-			fmt.Println(err)
+				return err
-			os.Exit(1)
 			}
 			fw := cfg.Firewall.Name
 			b := blocker.GetBlocker(fw, cfg.Firewall.Config)
 			if ip == "" {
-			fmt.Println("IP can't be empty")
+				return fmt.Errorf("IP can't be empty")
-			os.Exit(1)
 			}
 			if net.ParseIP(ip) == nil {
-			fmt.Println("Invalid IP")
+				return fmt.Errorf("invalid IP")
-			os.Exit(1)
 			}
 			if err != nil {
-			fmt.Println(err)
+				return err
-			os.Exit(1)
 			}
 			err = b.Unban(ip)
 			if err != nil {
-			fmt.Println(err)
+				return err
-			os.Exit(1)
 			}
 			err = db.RemoveBan(ip)
+			if err != nil {
+				return err
+			}
+			fmt.Println("IP unblocked successfully!")
+			return nil
+		}()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
-		fmt.Println("IP unblocked successfully!")
 	},
 }
 
@@ -68,19 +70,64 @@ var BanCmd = &cobra.Command{
 	Use:   "ban",
 	Short: "Ban IP",
 	Run: func(cmd *cobra.Command, args []string) {
+		err := func() error {
 			if len(args) == 0 {
-			fmt.Println("IP can't be empty")
+				return fmt.Errorf("IP can't be empty")
-			os.Exit(1)
 			}
 			if ttl_fw == "" {
 				ttl_fw = "1y"
 			}
 			ip := args[0]
 			db, err := storage.NewBanWriter()
+			if err != nil {
+				return err
+			}
+			cfg, err := config.LoadConfig()
+			if err != nil {
+				return err
+			}
+			fw := cfg.Firewall.Name
+			b := blocker.GetBlocker(fw, cfg.Firewall.Config)
+			if ip == "" {
+				return fmt.Errorf("IP can't be empty")
+			}
+			if net.ParseIP(ip) == nil {
+				return fmt.Errorf("invalid IP")
+			}
+			if err != nil {
+				return err
+			}
+			err = b.Ban(ip)
+			if err != nil {
+				return err
+			}
+			err = db.AddBan(ip, ttl_fw, "manual ban")
+			if err != nil {
+				return err
+			}
+			fmt.Println("IP blocked successfully!")
+			return nil
+		}()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
+	},
+}
+
+var PortCmd = &cobra.Command{
+	Use:   "port",
+	Short: "Ports commands",
+}
+
+var PortOpenCmd = &cobra.Command{
+	Use:   "open",
+	Short: "Open ports on firewall",
+	Run: func(cmd *cobra.Command, args []string) {
+		if protocol == "" {
+			fmt.Println("Protocol can't be empty")
+			os.Exit(1)
+		}
 		cfg, err := config.LoadConfig()
 		if err != nil {
 			fmt.Println(err)
@@ -88,32 +135,45 @@ var BanCmd = &cobra.Command{
 		}
 		fw := cfg.Firewall.Name
 		b := blocker.GetBlocker(fw, cfg.Firewall.Config)
-		if ip == "" {
+		err = b.PortOpen(port, protocol)
-			fmt.Println("IP can't be empty")
-			os.Exit(1)
-		}
-		if net.ParseIP(ip) == nil {
-			fmt.Println("Invalid IP")
-			os.Exit(1)
-		}
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
-		err = b.Ban(ip)
+		fmt.Println("Port opened successfully!")
+	},
+}
+
+var PortCloseCmd = &cobra.Command{
+	Use:   "close",
+	Short: "Close ports on firewall",
+	Run: func(cmd *cobra.Command, args []string) {
+		if protocol == "" {
+			fmt.Println("Protocol can't be empty")
+			os.Exit(1)
+		}
+		cfg, err := config.LoadConfig()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
-		err = db.AddBan(ip, ttl_fw, "manual ban")
+		fw := cfg.Firewall.Name
+		b := blocker.GetBlocker(fw, cfg.Firewall.Config)
+		err = b.PortClose(port, protocol)
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
-		fmt.Println("IP blocked successfully!")
+		fmt.Println("Port closed successfully!")
 	},
 }
 
 func FwRegister() {
 	BanCmd.Flags().StringVarP(&ttl_fw, "ttl", "t", "", "ban time")
+	PortCmd.AddCommand(PortOpenCmd)
+	PortCmd.AddCommand(PortCloseCmd)
+	PortOpenCmd.Flags().IntVarP(&port, "port", "p", 0, "port number")
+	PortOpenCmd.Flags().StringVarP(&protocol, "protocol", "c", "", "protocol")
+	PortCloseCmd.Flags().IntVarP(&port, "port", "p", 0, "port number")
+	PortCloseCmd.Flags().StringVarP(&protocol, "protocol", "c", "", "protocol")
 }

cmd/banforge/command/rule.go

@@ -61,11 +61,12 @@ var ListCmd = &cobra.Command{
 		}
 		for _, rule := range r {
 			fmt.Printf(
-				"Name: %s\nService: %s\nPath: %s\nStatus: %s\nMethod: %s\n\n",
+				"Name: %s\nService: %s\nPath: %s\nStatus: %s\n MaxRetry: %d\nMethod: %s\n\n",
 				rule.Name,
 				rule.ServiceName,
 				rule.Path,
 				rule.Status,
+				rule.MaxRetry,
 				rule.Method,
 			)
 		}

cmd/banforge/command/version.go

@@ -0,0 +1,17 @@
+package command
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+)
+
+var version = "0.5.0"
+
+var VersionCmd = &cobra.Command{
+	Use:   "version",
+	Short: "BanForge version",
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println("BanForge version:", version)
+	},
+}

cmd/banforge/main.go

@@ -13,7 +13,6 @@ var rootCmd = &cobra.Command{
 	Use:   "banforge",
 	Short: "IPS log-based written on Golang",
 	Run: func(cmd *cobra.Command, args []string) {
-
 	},
 }
 
@@ -28,6 +27,8 @@ func Execute() {
 	rootCmd.AddCommand(command.BanCmd)
 	rootCmd.AddCommand(command.UnbanCmd)
 	rootCmd.AddCommand(command.BanListCmd)
+	rootCmd.AddCommand(command.VersionCmd)
+	rootCmd.AddCommand(command.PortCmd)
 	command.RuleRegister()
 	command.FwRegister()
 	if err := rootCmd.Execute(); err != nil {

docs/cli.md

@@ -11,6 +11,16 @@ banforge init
 **Description**
 This command creates the necessary directories and base configuration files 
 required for the daemon to operate.
+
+### version - Display BanForge version
+
+```shell
+banforge version
+```
+
+**Description**
+This command displays the current version of the BanForge software.
+
 ### daemon - Starts the BanForge daemon process
 
 ```shell
@@ -32,6 +42,17 @@ banforge unban <ip>
 These commands provide an abstraction over your firewall. If you want to simplify the interface to your firewall, you can use these commands.
 
 Flag -t or -ttl add bantime if not used default ban 1 year
+
+### ports - Open and Close ports on firewall
+
+```shell
+banforge open -port <port> -protocol <protocol>
+banforge close -port <port> -protocol <protocol>
+```
+
+**Description**
+These commands provide an abstraction over your firewall. If you want to simplify the interface to your firewall, you can use these commands.
+
 ### list - Lists the IP addresses that are currently blocked
 ```shell
 banforge list

docs/config.md

@@ -40,6 +40,7 @@ Example:
   service = "nginx"
   path = ""
   status = "304"
+  max_retry = 3
   method = ""
   ban_time = "1m"
 ```

go.mod

@@ -7,23 +7,24 @@ require (
 	github.com/jedib0t/go-pretty/v6 v6.7.8
 	github.com/spf13/cobra v1.10.2
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
-	modernc.org/sqlite v1.44.3
+	modernc.org/sqlite v1.46.1
 )
 
 require (
+	github.com/clipperhouse/uax29/v2 v2.7.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mattn/go-runewidth v0.0.20 // indirect
 	github.com/ncruces/go-strftime v1.0.0 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
-	golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 // indirect
+	golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa // indirect
-	golang.org/x/sys v0.40.0 // indirect
+	golang.org/x/sys v0.41.0 // indirect
-	golang.org/x/text v0.32.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
-	modernc.org/libc v1.67.6 // indirect
+	modernc.org/libc v1.68.0 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 )

go.sum

@@ -1,5 +1,7 @@
 github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk=
 github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
+github.com/clipperhouse/uax29/v2 v2.7.0 h1:+gs4oBZ2gPfVrKPthwbMzWZDaAFPGYK72F0NJv2v7Vk=
+github.com/clipperhouse/uax29/v2 v2.7.0/go.mod h1:EFJ2TJMRUaplDxHKj1qAEhCtQPW2tJSwu5BF98AuoVM=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -19,6 +21,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
 github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-runewidth v0.0.20 h1:WcT52H91ZUAwy8+HUkdM3THM6gXqXuLJi9O3rjcQQaQ=
+github.com/mattn/go-runewidth v0.0.20/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
 github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w=
 github.com/ncruces/go-strftime v1.0.0/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -39,17 +43,25 @@ github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2wtOnGAHZWCHUM4KGzY=
 golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70=
+golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa h1:Zt3DZoOFFYkKhDT3v7Lm9FDMEV06GpzjG2jrqW+QTE0=
+golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa/go.mod h1:K79w1Vqn7PoiZn+TkNpx3BUWUQksGO3JcVX6qIjytmA=
 golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
 golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
+golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
 golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
 golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
 golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
+golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
 golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
+golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
+golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
 golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
 golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
+golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
 gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
@@ -59,16 +71,20 @@ modernc.org/cc/v4 v4.27.1 h1:9W30zRlYrefrDV2JE2O8VDtJ1yPGownxciz5rrbQZis=
 modernc.org/cc/v4 v4.27.1/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
 modernc.org/ccgo/v4 v4.30.1 h1:4r4U1J6Fhj98NKfSjnPUN7Ze2c6MnAdL0hWw6+LrJpc=
 modernc.org/ccgo/v4 v4.30.1/go.mod h1:bIOeI1JL54Utlxn+LwrFyjCx2n2RDiYEaJVSrgdrRfM=
+modernc.org/ccgo/v4 v4.30.2 h1:4yPaaq9dXYXZ2V8s1UgrC3KIj580l2N4ClrLwnbv2so=
 modernc.org/fileutil v1.3.40 h1:ZGMswMNc9JOCrcrakF1HrvmergNLAmxOPjizirpfqBA=
 modernc.org/fileutil v1.3.40/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
 modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
 modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
 modernc.org/gc/v3 v3.1.1 h1:k8T3gkXWY9sEiytKhcgyiZ2L0DTyCQ/nvX+LoCljoRE=
 modernc.org/gc/v3 v3.1.1/go.mod h1:HFK/6AGESC7Ex+EZJhJ2Gni6cTaYpSMmU/cT9RmlfYY=
+modernc.org/gc/v3 v3.1.2 h1:ZtDCnhonXSZexk/AYsegNRV1lJGgaNZJuKjJSWKyEqo=
 modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks=
 modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI=
 modernc.org/libc v1.67.6 h1:eVOQvpModVLKOdT+LvBPjdQqfrZq+pC39BygcT+E7OI=
 modernc.org/libc v1.67.6/go.mod h1:JAhxUVlolfYDErnwiqaLvUqc8nfb2r6S6slAgZOnaiE=
+modernc.org/libc v1.68.0 h1:PJ5ikFOV5pwpW+VqCK1hKJuEWsonkIJhhIXyuF/91pQ=
+modernc.org/libc v1.68.0/go.mod h1:NnKCYeoYgsEqnY3PgvNgAeaJnso968ygU8Z0DxjoEc0=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
 modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
@@ -79,6 +95,8 @@ modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
 modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
 modernc.org/sqlite v1.44.3 h1:+39JvV/HWMcYslAwRxHb8067w+2zowvFOUrOWIy9PjY=
 modernc.org/sqlite v1.44.3/go.mod h1:CzbrU2lSB1DKUusvwGz7rqEKIq+NUd8GWuBBZDs9/nA=
+modernc.org/sqlite v1.46.1 h1:eFJ2ShBLIEnUWlLy12raN0Z1plqmFX9Qe3rjQTKt6sU=
+modernc.org/sqlite v1.46.1/go.mod h1:CzbrU2lSB1DKUusvwGz7rqEKIq+NUd8GWuBBZDs9/nA=
 modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=

internal/blocker/firewalld.go

@@ -1,7 +1,9 @@
 package blocker
 
 import (
+	"fmt"
 	"os/exec"
+	"strconv"
 
 	"github.com/d3m0k1d/BanForge/internal/logger"
 )
@@ -21,6 +23,7 @@ func (f *Firewalld) Ban(ip string) error {
 	if err != nil {
 		return err
 	}
+	// #nosec G204 - ip is validated
 	cmd := exec.Command("firewall-cmd", "--zone=drop", "--add-source", ip, "--permanent")
 	output, err := cmd.CombinedOutput()
 	if err != nil {
@@ -42,6 +45,7 @@ func (f *Firewalld) Unban(ip string) error {
 	if err != nil {
 		return err
 	}
+	// #nosec G204 - ip is validated
 	cmd := exec.Command("firewall-cmd", "--zone=drop", "--remove-source", ip, "--permanent")
 	output, err := cmd.CombinedOutput()
 	if err != nil {
@@ -58,6 +62,63 @@ func (f *Firewalld) Unban(ip string) error {
 	return nil
 }
 
+func (f *Firewalld) PortOpen(port int, protocol string) error {
+	// #nosec G204 - handle is extracted from Firewalld output and validated
+	if port >= 0 && port <= 65535 {
+		if protocol != "tcp" && protocol != "udp" {
+			f.logger.Error("invalid protocol")
+			return fmt.Errorf("invalid protocol")
+		}
+		s := strconv.Itoa(port)
+		cmd := exec.Command(
+			"firewall-cmd",
+			"--zone=public",
+			"--add-port="+s+"/"+protocol,
+			"--permanent",
+		)
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			f.logger.Error(err.Error())
+			return err
+		}
+		f.logger.Info("Add port " + s + " " + string(output))
+		output, err = exec.Command("firewall-cmd", "--reload").CombinedOutput()
+		if err != nil {
+			f.logger.Error(err.Error())
+			return err
+		}
+		f.logger.Info("Reload " + string(output))
+	}
+	return nil
+}
+
+func (f *Firewalld) PortClose(port int, protocol string) error {
+	// #nosec G204 - handle is extracted from nftables output and validated
+	if port >= 0 && port <= 65535 {
+		if protocol != "tcp" && protocol != "udp" {
+			return fmt.Errorf("invalid protocol")
+		}
+		s := strconv.Itoa(port)
+		cmd := exec.Command(
+			"firewall-cmd",
+			"--zone=public",
+			"--remove-port="+s+"/"+protocol,
+			"--permanent",
+		)
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			return err
+		}
+		f.logger.Info("Remove port " + s + " " + string(output))
+		output, err = exec.Command("firewall-cmd", "--reload").CombinedOutput()
+		if err != nil {
+			return err
+		}
+		f.logger.Info("Reload " + string(output))
+	}
+	return nil
+}
+
 func (f *Firewalld) Setup(config string) error {
 	return nil
 }

internal/blocker/interface.go

@@ -10,6 +10,8 @@ type BlockerEngine interface {
 	Ban(ip string) error
 	Unban(ip string) error
 	Setup(config string) error
+	PortOpen(port int, protocol string) error
+	PortClose(port int, protocol string) error
 }
 
 func GetBlocker(fw string, config string) BlockerEngine {

internal/blocker/iptables.go

@@ -2,6 +2,7 @@ package blocker
 
 import (
 	"os/exec"
+	"strconv"
 
 	"github.com/d3m0k1d/BanForge/internal/logger"
 )
@@ -27,6 +28,7 @@ func (f *Iptables) Ban(ip string) error {
 	if err != nil {
 		return err
 	}
+	// #nosec G204 - f.config is validated above via validateConfigPath()
 	cmd := exec.Command("iptables", "-A", "INPUT", "-s", ip, "-j", "DROP")
 	output, err := cmd.CombinedOutput()
 	if err != nil {
@@ -69,6 +71,7 @@ func (f *Iptables) Unban(ip string) error {
 	if err != nil {
 		return err
 	}
+	// #nosec G204 - f.config is validated above via validateConfigPath()
 	cmd := exec.Command("iptables", "-D", "INPUT", "-s", ip, "-j", "DROP")
 	output, err := cmd.CombinedOutput()
 	if err != nil {
@@ -102,6 +105,64 @@ func (f *Iptables) Unban(ip string) error {
 	return nil
 }
 
+func (f *Iptables) PortOpen(port int, protocol string) error {
+	if port >= 0 && port <= 65535 {
+		if protocol != "tcp" && protocol != "udp" {
+			f.logger.Error("invalid protocol")
+			return nil
+		}
+		s := strconv.Itoa(port)
+		// #nosec G204 - managed by system adminstartor
+		cmd := exec.Command("iptables", "-A", "INPUT", "-p", protocol, "--dport", s, "-j", "ACCEPT")
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			f.logger.Error(err.Error())
+			return err
+		}
+		f.logger.Info("Add port " + s + " " + string(output))
+		// #nosec G204 - f.config is validated above via validateConfigPath()
+		cmd = exec.Command("iptables-save", "-f", f.config)
+		output, err = cmd.CombinedOutput()
+		if err != nil {
+			f.logger.Error("failed to save config",
+				"config_path", f.config,
+				"error", err.Error(),
+				"output", string(output))
+			return err
+		}
+	}
+	return nil
+}
+
+func (f *Iptables) PortClose(port int, protocol string) error {
+	if port >= 0 && port <= 65535 {
+		if protocol != "tcp" && protocol != "udp" {
+			f.logger.Error("invalid protocol")
+			return nil
+		}
+		s := strconv.Itoa(port)
+		// #nosec G204 - managed by system adminstartor
+		cmd := exec.Command("iptables", "-D", "INPUT", "-p", protocol, "--dport", s, "-j", "ACCEPT")
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			f.logger.Error(err.Error())
+			return err
+		}
+		f.logger.Info("Add port " + s + " " + string(output))
+		// #nosec G204 - f.config is validated above via validateConfigPath()
+		cmd = exec.Command("iptables-save", "-f", f.config)
+		output, err = cmd.CombinedOutput()
+		if err != nil {
+			f.logger.Error("failed to save config",
+				"config_path", f.config,
+				"error", err.Error(),
+				"output", string(output))
+			return err
+		}
+	}
+	return nil
+}
+
 func (f *Iptables) Setup(config string) error {
 	return nil
 }

internal/blocker/nftables.go

@@ -3,6 +3,7 @@ package blocker
 import (
 	"fmt"
 	"os/exec"
+	"strconv"
 	"strings"
 
 	"github.com/d3m0k1d/BanForge/internal/logger"
@@ -25,7 +26,7 @@ func (n *Nftables) Ban(ip string) error {
 	if err != nil {
 		return err
 	}
-
+	// #nosec G204 - ip is validated
 	cmd := exec.Command("nft", "add", "rule", "inet", "banforge", "banned",
 		"ip", "saddr", ip, "drop")
 	output, err := cmd.CombinedOutput()
@@ -112,6 +113,7 @@ func (n *Nftables) Setup(config string) error {
 	}
 }
 `
+	// #nosec G204 - config is managed by adminstartor
 	cmd := exec.Command("tee", config)
 	stdin, err := cmd.StdinPipe()
 	if err != nil {
@@ -134,7 +136,7 @@ func (n *Nftables) Setup(config string) error {
 	if err = cmd.Wait(); err != nil {
 		return fmt.Errorf("failed to save config: %w", err)
 	}
-
+	// #nosec G204 - config is managed by adminstartor
 	cmd = exec.Command("nft", "-f", config)
 	output, err := cmd.CombinedOutput()
 	if err != nil {
@@ -166,6 +168,81 @@ func (n *Nftables) findRuleHandle(ip string) (string, error) {
 	return "", nil
 }
 
+func (n *Nftables) PortOpen(port int, protocol string) error {
+	if port >= 0 && port <= 65535 {
+		if protocol != "tcp" && protocol != "udp" {
+			n.logger.Error("invalid protocol")
+			return fmt.Errorf("invalid protocol")
+		}
+		s := strconv.Itoa(port)
+		// #nosec G204 - managed by system adminstartor
+		cmd := exec.Command(
+			"nft",
+			"add",
+			"rule",
+			"inet",
+			"banforge",
+			"input",
+			protocol,
+			"dport",
+			s,
+			"accept",
+		)
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			n.logger.Error(err.Error())
+			return err
+		}
+		n.logger.Info("Add port " + s + " " + string(output))
+		err = saveNftablesConfig(n.config)
+		if err != nil {
+			n.logger.Error("failed to save config",
+				"config_path", n.config,
+				"error", err.Error())
+			return err
+		}
+	}
+	return nil
+}
+
+func (n *Nftables) PortClose(port int, protocol string) error {
+	if port >= 0 && port <= 65535 {
+		if protocol != "tcp" && protocol != "udp" {
+			n.logger.Error("invalid protocol")
+			return fmt.Errorf("invalid protocol")
+		}
+		s := strconv.Itoa(port)
+		// #nosec G204 - managed by system adminstartor
+		cmd := exec.Command(
+			"nft",
+			"add",
+			"rule",
+			"inet",
+			"banforge",
+			"input",
+			protocol,
+			"dport",
+			s,
+			"drop",
+		)
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			n.logger.Error(err.Error())
+			return err
+		}
+		n.logger.Info("Add port " + s + " " + string(output))
+		err = saveNftablesConfig(n.config)
+		if err != nil {
+			n.logger.Error("failed to save config",
+				"config_path", n.config,
+				"error", err.Error())
+			return err
+		}
+
+	}
+	return nil
+}
+
 func saveNftablesConfig(configPath string) error {
 	err := validateConfigPath(configPath)
 	if err != nil {
@@ -177,7 +254,7 @@ func saveNftablesConfig(configPath string) error {
 	if err != nil {
 		return fmt.Errorf("failed to get nftables ruleset: %w", err)
 	}
-
+	// #nosec G204 - managed by system adminstartor
 	cmd = exec.Command("tee", configPath)
 	stdin, err := cmd.StdinPipe()
 	if err != nil {

internal/blocker/ufw.go

@@ -3,6 +3,7 @@ package blocker
 import (
 	"fmt"
 	"os/exec"
+	"strconv"
 
 	"github.com/d3m0k1d/BanForge/internal/logger"
 )
@@ -22,7 +23,7 @@ func (u *Ufw) Ban(ip string) error {
 	if err != nil {
 		return err
 	}
-
+	// #nosec G204 - ip is validated
 	cmd := exec.Command("ufw", "--force", "deny", "from", ip)
 	output, err := cmd.CombinedOutput()
 	if err != nil {
@@ -41,7 +42,7 @@ func (u *Ufw) Unban(ip string) error {
 	if err != nil {
 		return err
 	}
-
+	// #nosec G204 - ip is validated
 	cmd := exec.Command("ufw", "--force", "delete", "deny", "from", ip)
 	output, err := cmd.CombinedOutput()
 	if err != nil {
@@ -56,6 +57,44 @@ func (u *Ufw) Unban(ip string) error {
 	return nil
 }
 
+func (u *Ufw) PortOpen(port int, protocol string) error {
+	if port >= 0 && port <= 65535 {
+		if protocol != "tcp" && protocol != "udp" {
+			u.logger.Error("invalid protocol")
+			return fmt.Errorf("invalid protocol")
+		}
+		s := strconv.Itoa(port)
+		// #nosec G204 - managed by system adminstartor
+		cmd := exec.Command("ufw", "allow", s+"/"+protocol)
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			u.logger.Error(err.Error())
+			return err
+		}
+		u.logger.Info("Add port " + s + " " + string(output))
+	}
+	return nil
+}
+
+func (u *Ufw) PortClose(port int, protocol string) error {
+	if port >= 0 && port <= 65535 {
+		if protocol != "tcp" && protocol != "udp" {
+			u.logger.Error("invalid protocol")
+			return nil
+		}
+		s := strconv.Itoa(port)
+		// #nosec G204 - managed by system adminstartor
+		cmd := exec.Command("ufw", "deny", s+"/"+protocol)
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			u.logger.Error(err.Error())
+			return err
+		}
+		u.logger.Info("Add port " + s + " " + string(output))
+	}
+	return nil
+}
+
 func (u *Ufw) Setup(config string) error {
 	if config != "" {
 		fmt.Printf("Ufw dont support config file\n")

internal/config/appconf.go

@@ -1,6 +1,7 @@
 package config
 
 import (
+	"errors"
 	"fmt"
 	"os"
 	"strconv"
@@ -57,13 +58,9 @@ func NewRule(
 		return err
 	}
 	defer func() {
-		err = file.Close()
+		err = errors.Join(err, file.Close())
-		if err != nil {
-			fmt.Println(err)
-		}
 	}()
 	cfg := Rules{Rules: r}
-
 	err = toml.NewEncoder(file).Encode(cfg)
 	if err != nil {
 		return err
@@ -126,24 +123,24 @@ func EditRule(Name string, ServiceName string, Path string, Status string, Metho
 }
 
 func ParseDurationWithYears(s string) (time.Duration, error) {
-	if strings.HasSuffix(s, "y") {
+	if ss, ok := strings.CutSuffix(s, "y"); ok {
-		years, err := strconv.Atoi(strings.TrimSuffix(s, "y"))
+		years, err := strconv.Atoi(ss)
 		if err != nil {
 			return 0, err
 		}
 		return time.Duration(years) * 365 * 24 * time.Hour, nil
 	}
 
-	if strings.HasSuffix(s, "M") {
+	if ss, ok := strings.CutSuffix(s, "M"); ok {
-		months, err := strconv.Atoi(strings.TrimSuffix(s, "M"))
+		months, err := strconv.Atoi(ss)
 		if err != nil {
 			return 0, err
 		}
 		return time.Duration(months) * 30 * 24 * time.Hour, nil
 	}
 
-	if strings.HasSuffix(s, "d") {
+	if ss, ok := strings.CutSuffix(s, "d"); ok {
-		days, err := strconv.Atoi(strings.TrimSuffix(s, "d"))
+		days, err := strconv.Atoi(ss)
 		if err != nil {
 			return 0, err
 		}

internal/config/types.go

@@ -28,5 +28,6 @@ type Rule struct {
 	Path        string `toml:"path"`
 	Status      string `toml:"status"`
 	Method      string `toml:"method"`
+	MaxRetry    int    `toml:"max_retry"`
 	BanTime     string `toml:"ban_time"`
 }

internal/judge/judge.go

@@ -14,6 +14,7 @@ import (
 type Judge struct {
 	db_r           *storage.BanReader
 	db_w           *storage.BanWriter
+	db_rq          *storage.RequestReader
 	logger         *logger.Logger
 	Blocker        blocker.BlockerEngine
 	rulesByService map[string][]config.Rule
@@ -24,6 +25,7 @@ type Judge struct {
 func New(
 	db_r *storage.BanReader,
 	db_w *storage.BanWriter,
+	db_rq *storage.RequestReader,
 	b blocker.BlockerEngine,
 	resultCh chan *storage.LogEntry,
 	entryCh chan *storage.LogEntry,
@@ -31,6 +33,7 @@ func New(
 	return &Judge{
 		db_w:           db_w,
 		db_r:           db_r,
+		db_rq:          db_rq,
 		logger:         logger.New(false),
 		rulesByService: make(map[string][]config.Rule),
 		Blocker:        b,
@@ -75,31 +78,28 @@ func (j *Judge) Tribunal() {
 			methodMatch := rule.Method == "" || entry.Method == rule.Method
 			statusMatch := rule.Status == "" || entry.Status == rule.Status
 			pathMatch := matchPath(entry.Path, rule.Path)
-
-			j.logger.Debug(
-				"Testing rule",
-				"rule", rule.Name,
-				"method_match", methodMatch,
-				"status_match", statusMatch,
-				"path_match", pathMatch,
-			)
-
 			if methodMatch && statusMatch && pathMatch {
 				ruleMatched = true
 				j.logger.Info("Rule matched", "rule", rule.Name, "ip", entry.IP)
-
+				j.resultCh <- entry
 				banned, err := j.db_r.IsBanned(entry.IP)
 				if err != nil {
 					j.logger.Error("Failed to check ban status", "ip", entry.IP, "error", err)
 					break
 				}
-
 				if banned {
 					j.logger.Info("IP already banned", "ip", entry.IP)
-					j.resultCh <- entry
 					break
 				}
-
+				exceeded, err := j.db_rq.IsMaxRetryExceeded(entry.IP, rule.MaxRetry)
+				if err != nil {
+					j.logger.Error("Failed to check retry count", "ip", entry.IP, "error", err)
+					break
+				}
+				if !exceeded {
+					j.logger.Info("Max retry not exceeded", "ip", entry.IP)
+					break
+				}
 				err = j.db_w.AddBan(entry.IP, rule.BanTime, rule.Name)
 				if err != nil {
 					j.logger.Error(
@@ -127,7 +127,6 @@ func (j *Judge) Tribunal() {
 					"ban_time",
 					rule.BanTime,
 				)
-				j.resultCh <- entry
 				break
 			}
 		}

internal/parser/ApacheParser.go

@@ -0,0 +1,61 @@
+package parser
+
+import (
+	"regexp"
+
+	"github.com/d3m0k1d/BanForge/internal/logger"
+	"github.com/d3m0k1d/BanForge/internal/storage"
+)
+
+type ApacheParser struct {
+	pattern *regexp.Regexp
+	logger  *logger.Logger
+}
+
+func NewApacheParser() *ApacheParser {
+	pattern := regexp.MustCompile(
+		`^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+-\s+-\s+\[(.*?)\]\s+"(\w+)\s+(.*?)\s+HTTP/[\d.]+"\s+(\d+)\s+(\d+|-)\s+"(.*?)"\s+"(.*?)"`,
+	)
+	// Groups:
+	// 1: IP
+	// 2: Timestamp
+	// 3: Method (GET, POST, etc.)
+	// 4: Path
+	// 5: Status Code (200, 404, 403...)
+	// 6: Response Size
+	// 7: Referer
+	// 8: User-Agent
+
+	return &ApacheParser{
+		pattern: pattern,
+		logger:  logger.New(false),
+	}
+}
+
+func (p *ApacheParser) Parse(eventCh <-chan Event, resultCh chan<- *storage.LogEntry) {
+	// Group 1: IP, Group 2: Timestamp, Group 3: Method, Group 4: Path, Group 5: Status
+	for event := range eventCh {
+		matches := p.pattern.FindStringSubmatch(event.Data)
+		if matches == nil {
+			continue
+		}
+		path := matches[4]
+		status := matches[5]
+		method := matches[3]
+
+		resultCh <- &storage.LogEntry{
+			Service: "apache",
+			IP:      matches[1],
+			Path:    path,
+			Status:  status,
+			Method:  method,
+		}
+		p.logger.Info(
+			"Parsed apache log entry",
+			"ip", matches[1],
+			"path", path,
+			"status", status,
+			"method", method,
+		)
+	}
+}

internal/parser/parser.go

@@ -24,6 +24,7 @@ type Scanner struct {
 }
 
 func NewScannerTail(path string) (*Scanner, error) {
+	// #nosec G204 - managed by system adminstartor
 	cmd := exec.Command("tail", "-F", "-n", "10", path)
 	stdout, err := cmd.StdoutPipe()
 	if err != nil {
@@ -46,6 +47,7 @@ func NewScannerTail(path string) (*Scanner, error) {
 }
 
 func NewScannerJournald(unit string) (*Scanner, error) {
+	// #nosec G204 - managed by system adminstartor
 	cmd := exec.Command("journalctl", "-u", unit, "-f", "-n", "0", "-o", "short", "--no-pager")
 	stdout, err := cmd.StdoutPipe()
 	if err != nil {

internal/storage/ban_db.go

@@ -21,7 +21,7 @@ type BanWriter struct {
 func NewBanWriter() (*BanWriter, error) {
 	db, err := sql.Open(
 		"sqlite",
-		"/var/lib/banforge/bans.db?_pragma=journal_mode(WAL)&_pragma=busy_timeout(30000)&_pragma=synchronous(NORMAL)",
+		buildSqliteDsn(banDBPath, pragmas),
 	)
 	if err != nil {
 		return nil, err
@@ -175,7 +175,6 @@ func (d *BanReader) IsBanned(ip string) (bool, error) {
 }
 
 func (d *BanReader) BanList() error {
-
 	var count int
 	t := table.NewWriter()
 	t.SetOutputMirror(os.Stdout)

internal/storage/db.go

@@ -2,55 +2,60 @@ package storage
 
 import (
 	"database/sql"
+	"errors"
 	"fmt"
+	"strings"
 
 	_ "modernc.org/sqlite"
 )
 
-func CreateTables() error {
+const (
+	DBDir     = "/var/lib/banforge/"
+	ReqDBPath = DBDir + "requests.db"
+	banDBPath = DBDir + "bans.db"
+)
+
+var pragmas = map[string]string{
+	`journal_mode`: `wal`,
+	`synchronous`:  `normal`,
+	`busy_timeout`: `30000`,
+	// also consider these
+	// `temp_store`:   `memory`,
+	// `cache_size`:   `1000000000`,
+}
+
+func buildSqliteDsn(path string, pragmas map[string]string) string {
+	pragmastrs := make([]string, len(pragmas))
+	i := 0
+	for k, v := range pragmas {
+		pragmastrs[i] = (fmt.Sprintf(`pragma=%s(%s)`, k, v))
+		i++
+	}
+	return path + "?" + "mode=rwc&" + strings.Join(pragmastrs, "&")
+}
+
+func initDB(dsn, sqlstr string) (err error) {
+	db, err := sql.Open("sqlite", dsn)
+	if err != nil {
+		return fmt.Errorf("failed to open %q: %w", dsn, err)
+	}
+	defer func() {
+		closeErr := db.Close()
+		if closeErr != nil {
+			err = errors.Join(err, fmt.Errorf("failed to close %q: %w", dsn, closeErr))
+		}
+	}()
+	_, err = db.Exec(sqlstr)
+	if err != nil {
+		return fmt.Errorf("failed to create table: %w", err)
+	}
+	return err
+}
+
+func CreateTables() (err error) {
 	// Requests DB
-	db_r, err := sql.Open("sqlite",
+	err1 := initDB(buildSqliteDsn(ReqDBPath, pragmas), CreateRequestsTable)
-		"/var/lib/banforge/requests.db?"+
+	err2 := initDB(buildSqliteDsn(banDBPath, pragmas), CreateBansTable)
-			"mode=rwc&"+
-			"_pragma=journal_mode(WAL)&"+
-			"_pragma=busy_timeout(30000)&"+
-			"_pragma=synchronous(NORMAL)")
-	if err != nil {
-		return fmt.Errorf("failed to open requests db: %w", err)
-	}
-	defer func() {
-		err = db_r.Close()
-		if err != nil {
-			fmt.Println(err)
-		}
-	}()
 
-	_, err = db_r.Exec(CreateRequestsTable)
+	return errors.Join(err1, err2)
-	if err != nil {
-		return fmt.Errorf("failed to create requests table: %w", err)
-	}
-
-	// Bans DB
-	db_b, err := sql.Open("sqlite",
-		"/var/lib/banforge/bans.db?"+
-			"mode=rwc&"+
-			"_pragma=journal_mode(WAL)&"+
-			"_pragma=busy_timeout(30000)&"+
-			"_pragma=synchronous(FULL)")
-	if err != nil {
-		return fmt.Errorf("failed to open bans db: %w", err)
-	}
-	defer func() {
-		err = db_b.Close()
-		if err != nil {
-			fmt.Println(err)
-		}
-	}()
-
-	_, err = db_b.Exec(CreateBansTable)
-	if err != nil {
-		return fmt.Errorf("failed to create bans table: %w", err)
-	}
-	fmt.Println("Tables created successfully!")
-	return nil
 }

internal/storage/requests_db.go

@@ -7,15 +7,15 @@ import (
 	_ "modernc.org/sqlite"
 )
 
-type Request_Writer struct {
+type RequestWriter struct {
 	logger *logger.Logger
 	db     *sql.DB
 }
 
-func NewRequestsWr() (*Request_Writer, error) {
+func NewRequestsWr() (*RequestWriter, error) {
 	db, err := sql.Open(
 		"sqlite",
-		"/var/lib/banforge/requests.db?_pragma=journal_mode(WAL)&_pragma=busy_timeout(30000)&_pragma=synchronous(NORMAL)",
+		buildSqliteDsn(ReqDBPath, pragmas),
 	)
 	if err != nil {
 		return nil, err
@@ -23,8 +23,41 @@ func NewRequestsWr() (*Request_Writer, error) {
 	db.SetMaxOpenConns(1)
 	db.SetMaxIdleConns(1)
 	db.SetConnMaxLifetime(0)
-	return &Request_Writer{
+	return &RequestWriter{
 		logger: logger.New(false),
 		db:     db,
 	}, nil
 }
+
+type RequestReader struct {
+	logger *logger.Logger
+	db     *sql.DB
+}
+
+func NewRequestsRd() (*RequestReader, error) {
+	db, err := sql.Open(
+		"sqlite",
+		buildSqliteDsn(ReqDBPath, pragmas),
+	)
+	if err != nil {
+		return nil, err
+	}
+	db.SetMaxOpenConns(1)
+	db.SetMaxIdleConns(1)
+	db.SetConnMaxLifetime(0)
+	return &RequestReader{
+		logger: logger.New(false),
+		db:     db,
+	}, nil
+}
+
+func (r *RequestReader) IsMaxRetryExceeded(ip string, maxRetry int) (bool, error) {
+	var count int
+	err := r.db.QueryRow("SELECT COUNT(*) FROM requests WHERE ip = ?", ip).Scan(&count)
+	if err != nil {
+		r.logger.Error("error query count: " + err.Error())
+		return false, err
+	}
+	r.logger.Info("Current request count for IP", "ip", ip, "count", count, "maxRetry", maxRetry)
+	return count >= maxRetry, nil
+}

internal/storage/writer.go

@@ -1,10 +1,13 @@
 package storage
 
 import (
+	"database/sql"
+	"errors"
+	"fmt"
 	"time"
 )
 
-func WriteReq(db *Request_Writer, resultCh <-chan *LogEntry) {
+func WriteReq(db *RequestWriter, resultCh <-chan *LogEntry) {
 	db.logger.Info("Starting log writer")
 	const batchSize = 100
 	const flushInterval = 1 * time.Second
@@ -14,29 +17,36 @@ func WriteReq(db *Request_Writer, resultCh <-chan *LogEntry) {
 	defer ticker.Stop()
 
 	flush := func() {
+		defer db.logger.Debug("Flushed batch", "count", len(batch))
+		err := func() (err error) {
 			if len(batch) == 0 {
-			return
+				return nil
 			}
 
 			tx, err := db.db.Begin()
 			if err != nil {
-			db.logger.Error("Failed to begin transaction", "error", err)
+				return fmt.Errorf("failed to begin transaction: %w", err)
-			return
 			}
+			defer func() {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil &&
+					!errors.Is(rollbackErr, sql.ErrTxDone) {
+					err = errors.Join(
+						err,
+						fmt.Errorf("failed to rollback transaction: %w", rollbackErr),
+					)
+				}
+			}()
 
 			stmt, err := tx.Prepare(
 				"INSERT INTO requests (service, ip, path, method, status, created_at) VALUES (?, ?, ?, ?, ?, ?)",
 			)
 			if err != nil {
-			db.logger.Error("Failed to prepare statement", "error", err)
+				err = fmt.Errorf("failed to prepare statement: %w", err)
-			if rollbackErr := tx.Rollback(); rollbackErr != nil {
+				return err
-				db.logger.Error("Failed to rollback transaction", "error", rollbackErr)
-			}
-			return
 			}
 			defer func() {
 				if closeErr := stmt.Close(); closeErr != nil {
-				db.logger.Error("Failed to close statement", "error", closeErr)
+					err = errors.Join(err, fmt.Errorf("failed to close statement: %w", closeErr))
 				}
 			}()
 
@@ -50,17 +60,20 @@ func WriteReq(db *Request_Writer, resultCh <-chan *LogEntry) {
 					time.Now().Format(time.RFC3339),
 				)
 				if err != nil {
-				db.logger.Error("Failed to insert entry", "error", err)
+					db.logger.Error(fmt.Errorf("failed to insert entry: %w", err).Error())
 				}
 			}
 
 			if err := tx.Commit(); err != nil {
-			db.logger.Error("Failed to commit transaction", "error", err)
+				return fmt.Errorf("failed to commit transaction: %w", err)
-			return
 			}
 
-		db.logger.Debug("Flushed batch", "count", len(batch))
 			batch = batch[:0]
+			return err
+		}()
+		if err != nil {
+			db.logger.Error(err.Error())
+		}
 	}
 
 	for {
@@ -81,3 +94,13 @@ func WriteReq(db *Request_Writer, resultCh <-chan *LogEntry) {
 		}
 	}
 }
+
+func (w *RequestWriter) GetRequestCount() (int, error) {
+	var count int
+	err := w.db.QueryRow("SELECT COUNT(*) FROM requests").Scan(&count)
+	return count, err
+}
+
+func (w *RequestWriter) Close() error {
+	return w.db.Close()
+}

internal/storage/writer_test.go

@@ -277,7 +277,7 @@ func TestWrite_ChannelClosed(t *testing.T) {
 	}
 }
 
-func NewRequestWriterWithDBPath(dbPath string) (*Request_Writer, error) {
+func NewRequestWriterWithDBPath(dbPath string) (*RequestWriter, error) {
 	db, err := sql.Open("sqlite", dbPath+"?_pragma=journal_mode(WAL)&_pragma=busy_timeout(30000)&_pragma=synchronous(NORMAL)")
 	if err != nil {
 		return nil, err
@@ -285,13 +285,13 @@ func NewRequestWriterWithDBPath(dbPath string) (*Request_Writer, error) {
 	db.SetMaxOpenConns(1)
 	db.SetMaxIdleConns(1)
 	db.SetConnMaxLifetime(0)
-	return &Request_Writer{
+	return &RequestWriter{
 		logger: logger.New(false),
 		db:     db,
 	}, nil
 }
 
-func (w *Request_Writer) CreateTable() error {
+func (w *RequestWriter) CreateTable() error {
 	_, err := w.db.Exec(CreateRequestsTable)
 	if err != nil {
 		return err
@@ -299,21 +299,3 @@ func (w *Request_Writer) CreateTable() error {
 	w.logger.Info("Created requests table")
 	return nil
 }
-
-func (w *Request_Writer) Close() error {
-	w.logger.Info("Closing request database connection")
-	err := w.db.Close()
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (w *Request_Writer) GetRequestCount() (int, error) {
-	var count int
-	err := w.db.QueryRow("SELECT COUNT(*) FROM requests").Scan(&count)
-	if err != nil {
-		return 0, err
-	}
-	return count, nil
-}