explicitly dont handle returns in certain places

README.md

@@ -58,6 +58,8 @@ The app currently has 4 runtime flags:
 - `-x / --disable-x-forwarded-for` -- disables checking for the X-Forwarded-For header
 - `-l / --allow-private` -- allows lookups of private IP ranges
 
+All of the Flags also have an accompanying environment value: `PROBEHOST_LOGPATH`, `PROBEHOST_ALLOW_PRIVATE`, `PROBEHOST_LISTEN_PORT` and `PROBEHOST_DISABLE_X_FORWARDED_FOR` but the options given via commandline have priority.
+
 The app will log every request including the IP thats querying and show failed requests on stdout.
 
 Requests that contain an X-Forwarded-For header (implying the app is behind a reverse proxy) will automatically log that address instead of the requesting IP (the proxy itself), this can be turned off with -x.

caddy/Caddyfile

@@ -0,0 +1,29 @@
+{
+        email [your email]
+        order rate_limit before basicauth
+}
+
+:80, :443 {
+        redir * https://[your domain]
+}
+
+[your domain] {
+        reverse_proxy [host]:[port]
+        log {
+                output file [path] {
+                        roll_size 10GiB
+                        roll_keep 10
+                }
+                level INFO
+        }
+        handle_errors {
+                respond "{http.error.status_code} {http.error.status_text}"
+        }
+        rate_limit {
+                zone dynamic {
+                        key {remote_host}
+                        events 2
+                        window 5s
+                }
+        }
+}

caddy/Dockerfile

@@ -0,0 +1,8 @@
+FROM caddy:builder AS builder
+
+RUN xcaddy build \
+    --with github.com/mholt/caddy-ratelimit \
+    --with github.com/caddy-dns/cloudflare
+FROM caddy:latest
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy

caddy/README.md

@@ -0,0 +1,5 @@
+# caddy
+
+This folder contains a sample configuration for caddy with ratelimiting enabled. this will allow 2 requests per IP every 5 seconds. For more on that, check here: https://github.com/mholt/caddy-ratelimit
+
+I have also included a dockerfile to build caddy with the ratelimiting module.

caddy/build.sh

@@ -0,0 +1 @@
+xcaddy build --with github.com/mholt/caddy-ratelimit

docker/docker-compose.yml

@@ -5,6 +5,11 @@ services:
     container_name: probehost2
     image: byreqz/probehost2:latest
     restart: unless-stopped
+    environment:
+     - PROBEHOST_LOGPATH=/probehost2.log
+     - PROBEHOST_ALLOW_PRIVATE=false
+     - PROBEHOST_DISABLE_X_FORWARDED_FOR=false
+     - PROBEHOST_LISTEN_PORT=8000
     ports:
      - 1234:8000
     volumes:

main.go

@@ -1,15 +1,16 @@
 package main
+
 import (
 	"fmt"
+	"net"
+	"net/http"
 	"os"
 	"os/exec"
+	"strconv"
 	"strings"
-  "net/http"
-  "net"
 
 	log "github.com/sirupsen/logrus"
 	flag "github.com/spf13/pflag"
-
 )
 
 var logstdout = log.New()
@@ -20,17 +21,41 @@ var disablexforwardedfor bool
 var allowprivate bool
 
 func init() {
-  var logfilepath string
-  flag.StringVarP(&logfilepath, "logfilepath", "o","probehost2.log", "sets the output file for the log")
-  flag.IntVarP(&listenport, "port", "p", 8000, "sets the port to listen on")
-  flag.BoolVarP(&disablexforwardedfor, "disable-x-forwarded-for", "x", false, "whether to show x-forwarded-for or the requesting IP")
-  flag.BoolVarP(&allowprivate, "allow-private", "l", false, "whether to show lookups of private IP ranges")
-  flag.Parse()
-
 	logstdout.SetFormatter(&log.TextFormatter{
 		FullTimestamp: true})
 	logstdout.SetOutput(os.Stdout)
 	logstdout.SetLevel(log.InfoLevel)
+	var logfilepath string
+
+	if _, exists := os.LookupEnv("PROBEHOST_LOGPATH"); exists == true {
+		logfilepath, _ = os.LookupEnv("PROBEHOST_LOGPATH")
+	} else {
+		logfilepath = "probehost2.log"
+	}
+	if exists, _ := os.LookupEnv("PROBEHOST_ALLOW_PRIVATE"); exists == "true" {
+		allowprivate = true
+	} else {
+		allowprivate = false
+	}
+	if envvalue, exists := os.LookupEnv("PROBEHOST_LISTEN_PORT"); exists == true {
+		var err error
+		listenport, err = strconv.Atoi(envvalue)
+		if err != nil {
+			logstdout.Fatal("Failed to read PROBEHOST_LISTEN_PORT: ", err.Error())
+		}
+	} else {
+		listenport = 8000
+	}
+	if exists, _ := os.LookupEnv("PROBEHOST_DISABLE_X_FORWARDED_FOR"); exists == "true" {
+		disablexforwardedfor = true
+	} else {
+		disablexforwardedfor = false
+	}
+	flag.StringVarP(&logfilepath, "logfilepath", "o", logfilepath, "sets the output file for the log")
+	flag.IntVarP(&listenport, "port", "p", listenport, "sets the port to listen on")
+	flag.BoolVarP(&disablexforwardedfor, "disable-x-forwarded-for", "x", disablexforwardedfor, "whether to show x-forwarded-for or the requesting IP")
+	flag.BoolVarP(&allowprivate, "allow-private", "l", allowprivate, "whether to show lookups of private IP ranges")
+	flag.Parse()
 
 	logpath, err := os.OpenFile(logfilepath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0660)
 	if err != nil {
@@ -41,7 +66,7 @@ func init() {
 	logfile.Info("probehost2 initialized")
 }
 
-func runner(remoteip string, command string, args... string) string{
+func runner(remoteip string, command string, args ...string) string {
 	logfile.WithFields(log.Fields{
 		"remote_ip": remoteip,
 		"command":   fmt.Sprint(command, args),
@@ -67,23 +92,41 @@ func runner(remoteip string, command string, args... string) string{
 	return string(cmd)
 }
 
-func validatehosts(hosts []string) []string{
+func validatehosts(hosts []string) ([]string, []string) {
-  var valid []string
+	var validhosts []string
+	var validports []string
 	for _, host := range hosts {
+		split := strings.Split(host, "_")
+		host = split[0]
 		if hostparse := net.ParseIP(host); hostparse != nil {
 			if (net.IP.IsPrivate(hostparse) || net.IP.IsLoopback(hostparse)) && allowprivate {
-        valid = append(valid, host)
+				validhosts = append(validhosts, host)
-      } else if ! (net.IP.IsPrivate(hostparse) || net.IP.IsLoopback(hostparse)) {
+			} else if !(net.IP.IsPrivate(hostparse) || net.IP.IsLoopback(hostparse)) {
-        valid = append(valid, host)
+				validhosts = append(validhosts, host)
 			}
 		} else if _, err := net.LookupIP(host); err == nil {
-      valid = append(valid, host)
+			validhosts = append(validhosts, host)
+		} else {
+			continue
+		}
+
+		var port string
+		if len(split) > 1 {
+			port = split[1]
+			_, err := strconv.Atoi(port) // validate if port is just an int
+			if err == nil {
+				validports = append(validports, port)
+			} else {
+				validports = append(validports, "0")
+			}
+		} else {
+			validports = append(validports, "0")
 		}
 	}
-  return valid
+	return validhosts, validports
 }
 
-func parseopts(options []string, cmdopts map[string]string) []string{
+func parseopts(options []string, cmdopts map[string]string) []string {
 	var opts []string
 	for _, opt := range options {
 		opts = append(opts, cmdopts[opt])
@@ -91,10 +134,10 @@ func parseopts(options []string, cmdopts map[string]string) []string{
 	return opts
 }
 
-func prerunner(req *http.Request, cmd string, cmdopts map[string]string, defaultopts []string) string{
+func prerunner(req *http.Request, cmd string, cmdopts map[string]string, defaultopts []string) string {
 	geturl := strings.Split(req.URL.String(), "/")
 	targets := strings.Split(geturl[2], ",")
-  hosts := validatehosts(targets)
+	hosts, ports := validatehosts(targets)
 	var opts []string
 	opts = append(opts, defaultopts...)
 	if len(geturl) > 3 && len(geturl[3]) > 0 {
@@ -109,10 +152,13 @@ func prerunner(req *http.Request, cmd string, cmdopts map[string]string, default
 	} else {
 		remoteaddr = req.RemoteAddr
 	}
-  for _, host := range hosts {
+	for i, host := range hosts {
-    args = append(args, opts...)
+		runargs := append(args, opts...)
-    args = append(args, host)
+		if ports[i] != "0" && cmd == "nping" {
-    res = fmt.Sprint(res, runner(remoteaddr, cmd, args...), "\n")
+			runargs = append(runargs, "-p"+ports[i])
+		}
+		runargs = append(runargs, host)
+		res = fmt.Sprint(res, runner(remoteaddr, cmd, runargs...), "\n")
 	}
 	return res
 }
@@ -127,9 +173,9 @@ func ping(w http.ResponseWriter, req *http.Request) {
 	defaultopts = append(defaultopts, "-c10")
 	res := prerunner(req, cmd, cmdopts, defaultopts)
 	if strings.TrimSpace(res) == "" {
-    fmt.Fprintln(w, http.StatusInternalServerError)
+		http.Error(w, "500: Internal Server Error", http.StatusInternalServerError)
 	} else {
-    fmt.Fprint(w, strings.TrimSpace(res), "\n")
+		_, _ = fmt.Fprint(w, strings.TrimSpace(res), "\n")
 	}
 }
 
@@ -143,9 +189,9 @@ func mtr(w http.ResponseWriter, req *http.Request) {
 	defaultopts = append(defaultopts, "-r", "-w", "-c10")
 	res := prerunner(req, cmd, cmdopts, defaultopts)
 	if strings.TrimSpace(res) == "" {
-    fmt.Fprintln(w, http.StatusInternalServerError)
+		http.Error(w, "500: Internal Server Error", http.StatusInternalServerError)
 	} else {
-    fmt.Fprint(w, strings.TrimSpace(res), "\n")
+		_, _ = fmt.Fprint(w, strings.TrimSpace(res), "\n")
 	}
 }
 
@@ -159,9 +205,25 @@ func traceroute(w http.ResponseWriter, req *http.Request) {
 	//defaultopts = append(defaultopts) // no default options for traceroute
 	res := prerunner(req, cmd, cmdopts, defaultopts)
 	if strings.TrimSpace(res) == "" {
-    fmt.Fprintln(w, http.StatusInternalServerError)
+		http.Error(w, "500: Internal Server Error", http.StatusInternalServerError)
 	} else {
-    fmt.Fprint(w, strings.TrimSpace(res), "\n")
+		_, _ = fmt.Fprint(w, strings.TrimSpace(res), "\n")
+	}
+}
+
+func nping(w http.ResponseWriter, req *http.Request) {
+	cmd := "nping"
+	cmdopts := map[string]string{
+		"4": "-4", "6": "-6", "u": "--udp", "t": "--tcp-connect", "v": "-v", "c1": "-c1", "c3": "-c3", "c5": "-c5",
+		"force4": "-4", "force6": "-6", "udp": "--udp", "tcp": "--tcp-connect", "verbose": "-v", "count1": "-c1", "count3": "-c3", "count5": "-c5",
+	}
+	var defaultopts []string
+	defaultopts = append(defaultopts, "-c3")
+	res := prerunner(req, cmd, cmdopts, defaultopts)
+	if strings.TrimSpace(res) == "" {
+		http.Error(w, "500: Internal Server Error", http.StatusInternalServerError)
+	} else {
+		_, _ = fmt.Fprint(w, strings.TrimSpace(res), "\n")
 	}
 }
 
@@ -170,7 +232,8 @@ func main() {
 	http.HandleFunc("/mtr/", mtr)
 	http.HandleFunc("/tracert/", traceroute)
 	http.HandleFunc("/traceroute/", traceroute)
+	http.HandleFunc("/nping/", nping)
 	logstdout.Info("Serving on :", listenport)
 	logfile.Info("Serving on :", listenport)
-  http.ListenAndServe(fmt.Sprint(":", listenport), nil)
+	_ = http.ListenAndServe(fmt.Sprint(":", listenport), nil)
 }