From e176a3ea2245a40f3e1783f4cb87f904d905a77e Mon Sep 17 00:00:00 2001
From: Hector <hector@hjs.dev>
Date: Wed, 12 Jan 2022 22:05:27 +0000
Subject: [PATCH] check basic auth username and password set

Add check to ensure basic auth username and password are both set or both
unset. It isn't valid to set one without the other.
Update README file to include the new CLI parameters.
---
 README.md      | 16 ++++++++++------
 src/cfg/cfg.go |  8 ++++++--
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index fb56af8..02b3676 100644
--- a/README.md
+++ b/README.md
@@ -39,18 +39,22 @@ See the [releases page](https://gitlab.com/hectorjsmith/fail2ban-prometheus-expo
 ```
 $ fail2ban-prometheus-exporter -h
 
-  -web.listen-address string
-        address to use for metrics server (default 0.0.0.0)
+  -collector.textfile
+        enable the textfile collector
+  -collector.textfile.directory string
+        directory to read text files with metrics from
   -port int
         port to use for the metrics server (default 9191)
   -socket string
         path to the fail2ban server socket
   -version
         show version info and exit
-  -collector.textfile
-        enable the textfile collector
-  -collector.textfile.directory string
-        directory to read text files with metrics from
+  -web.basic-auth.password string
+        password to use to protect endpoints with basic auth
+  -web.basic-auth.username string
+        username to use to protect endpoints with basic auth
+  -web.listen-address string
+        address to use for the metrics server (default "0.0.0.0")
 ```
 
 **Example**
diff --git a/src/cfg/cfg.go b/src/cfg/cfg.go
index 4d7bc64..85d291c 100644
--- a/src/cfg/cfg.go
+++ b/src/cfg/cfg.go
@@ -30,8 +30,8 @@ func Parse() *AppSettings {
 	flag.StringVar(&appSettings.Fail2BanSocketPath, "socket", "", "path to the fail2ban server socket")
 	flag.BoolVar(&appSettings.FileCollectorEnabled, "collector.textfile", false, "enable the textfile collector")
 	flag.StringVar(&appSettings.FileCollectorPath, "collector.textfile.directory", "", "directory to read text files with metrics from")
-	flag.StringVar(&appSettings.BasicAuthUsername, "web.basic-auth.username", "", "set username for basic auth")
-	flag.StringVar(&appSettings.BasicAuthPassword, "web.basic-auth.password", "", "set password for basic auth")
+	flag.StringVar(&appSettings.BasicAuthUsername, "web.basic-auth.username", "", "username to use to protect endpoints with basic auth")
+	flag.StringVar(&appSettings.BasicAuthPassword, "web.basic-auth.password", "", "password to use to protect endpoints with basic auth")
 
 	flag.Parse()
 	appSettings.validateFlags()
@@ -54,6 +54,10 @@ func (settings *AppSettings) validateFlags() {
 			fmt.Printf("file collector directory path must not be empty if collector enabled\n")
 			flagsValid = false
 		}
+		if (len(settings.BasicAuthUsername) > 0) != (len(settings.BasicAuthPassword) > 0) {
+			fmt.Printf("to enable basic auth both the username and the password must be provided")
+			flagsValid = false
+		}
 	}
 	if !flagsValid {
 		flag.Usage()