check FQDN

meehow · meehow · commit aff0f3d3b6e5 · 2025-04-23T19:34:09.000+02:00
diff --git a/announce.go b/announce.go
@@ -17,7 +17,8 @@ type AnnounceResponse struct {
 	Complete   int    `bencode:"complete"`
 	Incomplete int    `bencode:"incomplete"`
 	Peers      []byte `bencode:"peers"`
-	PeersIPv6  []byte `bencode:"peers_ipv6"`
+	PeersIPv6  []byte `bencode:"peers6,omitempty"`
+	ExternalIP []byte `bencode:"external ip,omitempty"`
 }
 
 func announce(w http.ResponseWriter, r *http.Request) {
@@ -65,6 +66,7 @@ func announce(w http.ResponseWriter, r *http.Request) {
 		Incomplete: numLeechers,
 		Peers:      peersIPv4,
 		PeersIPv6:  peersIPv6,
+		ExternalIP: ip.To4(),
 	}
 	w.Header().Add("X-PrivTracker", fmt.Sprintf("s:%d l:%d", numSeeders, numLeechers))
 	if err := bencode.Marshal(w, resp); err != nil {
@@ -81,12 +83,15 @@ func getRemoteIP(r *http.Request) net.IP {
 	ip := net.ParseIP(addr)
 	if ip.IsPrivate() {
 		ips := strings.Split(r.Header.Get("X-Forwarded-For"), ",")
-		if len(ips) > 0 {
-			ipForwarded := net.ParseIP(strings.TrimSpace(ips[0]))
-			if ipForwarded != nil {
+		for _, maybeIP := range ips {
+			ipForwarded := net.ParseIP(strings.TrimSpace(maybeIP))
+			if !ipForwarded.IsPrivate() {
 				ip = ipForwarded
+				break
 			}
 		}
+		if len(ips) > 0 {
+		}
 	}
 	return ip
 }
diff --git a/announce_test.go b/announce_test.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"net/http"
 	"net/http/httptest"
 	"testing"
 )
@@ -9,9 +10,12 @@ func BenchmarkAnnounce(b *testing.B) {
 	server := httptest.NewServer(router())
 	client := server.Client()
 	for i := 0; i < b.N; i++ {
-		_, err := client.Get(server.URL + "/test/announce?port=1234")
+		resp, err := client.Get(server.URL + "/test/announce?port=1234")
 		if err != nil {
 			b.Fatal(err)
 		}
+		if resp.StatusCode != http.StatusOK {
+			b.Fatalf("unexpected status code: %d", resp.StatusCode)
+		}
 	}
 }
diff --git a/go.mod b/go.mod
@@ -1,13 +1,12 @@
 module github.com/meehow/privtracker
 
-go 1.22
+go 1.24.0
 
 require (
 	github.com/jackpal/bencode-go v1.0.2
-	golang.org/x/crypto v0.32.0
-)
+	golang.org/x/crypto v0.37.0
+	golang.org/x/net v0.39.0
 
-require (
-	golang.org/x/net v0.21.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
 )
+
+require golang.org/x/text v0.24.0 // indirect
diff --git a/go.sum b/go.sum
@@ -1,8 +1,8 @@
 github.com/jackpal/bencode-go v1.0.2 h1:LcCNfZ344u0LpBPOZNjpCLps/wUOuN4r87Fy9+5yU8g=
 github.com/jackpal/bencode-go v1.0.2/go.mod h1:6jI9mUjO3GQbZti3JizEfxTzRfWOM8oBBcwbwlTfceI=
-golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
-golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
-golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
-golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
+golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
+golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
+golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
diff --git a/main.go b/main.go
@@ -10,6 +10,7 @@ import (
 	"path/filepath"
 
 	"golang.org/x/crypto/acme/autocert"
+	"golang.org/x/net/publicsuffix"
 )
 
 func main() {
@@ -20,7 +21,7 @@ func main() {
 	handler := router(recoveryMiddleware, headersMiddleware, logRequestMiddleware)
 	if port == "443" {
 		go redirect80()
-		fmt.Println("PrivTracker listening on https://0.0.0.0/")
+		fmt.Println("PrivTracker listening on https://0.0.0.0/ (please use your FQDN to access this server)")
 		log.Fatal(http.Serve(autocertListener(), handler))
 	} else {
 		fmt.Printf("PrivTracker listening on http://0.0.0.0:%s/\n", port)
@@ -59,6 +60,10 @@ func autocertListener() net.Listener {
 
 func redirect(w http.ResponseWriter, r *http.Request) {
 	url := fmt.Sprintf("https://%s/", r.Host)
+	if _, icann := publicsuffix.PublicSuffix(r.Host); !icann {
+		// fallback in case we can't get FQDN
+		url = "https://privtracker.com/"
+	}
 	http.Redirect(w, r, url, http.StatusMovedPermanently)
 }
 
diff --git a/middleware.go b/middleware.go
@@ -40,7 +40,9 @@ func logRequestMiddleware(next http.Handler) http.Handler {
 
 func headersMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Strict-Transport-Security", "max-age=31536000") // hsts
+		if r.TLS != nil {
+			w.Header().Set("Strict-Transport-Security", "max-age=31536000") // hsts
+		}
 		w.Header().Set("Server", "PrivTracker")
 		next.ServeHTTP(w, r)
 	})

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,8 @@ type AnnounceResponse struct {`
`17`	`17`	Complete int `bencode:"complete"`
`18`	`18`	Incomplete int `bencode:"incomplete"`
`19`	`19`	Peers []byte `bencode:"peers"`
`20`		- PeersIPv6 []byte `bencode:"peers_ipv6"`
	`20`	+ PeersIPv6 []byte `bencode:"peers6,omitempty"`
	`21`	+ ExternalIP []byte `bencode:"external ip,omitempty"`
`21`	`22`	`}`
`22`	`23`
`23`	`24`	`func announce(w http.ResponseWriter, r *http.Request) {`
`@@ -65,6 +66,7 @@ func announce(w http.ResponseWriter, r *http.Request) {`
`65`	`66`	`Incomplete: numLeechers,`
`66`	`67`	`Peers: peersIPv4,`
`67`	`68`	`PeersIPv6: peersIPv6,`
	`69`	`+ ExternalIP: ip.To4(),`
`68`	`70`	`}`
`69`	`71`	`w.Header().Add("X-PrivTracker", fmt.Sprintf("s:%d l:%d", numSeeders, numLeechers))`
`70`	`72`	`if err := bencode.Marshal(w, resp); err != nil {`
`@@ -81,12 +83,15 @@ func getRemoteIP(r *http.Request) net.IP {`
`81`	`83`	`ip := net.ParseIP(addr)`
`82`	`84`	`if ip.IsPrivate() {`
`83`	`85`	`ips := strings.Split(r.Header.Get("X-Forwarded-For"), ",")`
`84`		`- if len(ips) > 0 {`
`85`		`- ipForwarded := net.ParseIP(strings.TrimSpace(ips[0]))`
`86`		`- if ipForwarded != nil {`
	`86`	`+ for _, maybeIP := range ips {`
	`87`	`+ ipForwarded := net.ParseIP(strings.TrimSpace(maybeIP))`
	`88`	`+ if !ipForwarded.IsPrivate() {`
`87`	`89`	`ip = ipForwarded`
	`90`	`+ break`
`88`	`91`	`}`
`89`	`92`	`}`
	`93`	`+ if len(ips) > 0 {`
	`94`	`+ }`
`90`	`95`	`}`
`91`	`96`	`return ip`
`92`	`97`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`package main`
`2`	`2`
`3`	`3`	`import (`
	`4`	`+ "net/http"`
`4`	`5`	`"net/http/httptest"`
`5`	`6`	`"testing"`
`6`	`7`	`)`
`@@ -9,9 +10,12 @@ func BenchmarkAnnounce(b *testing.B) {`
`9`	`10`	`server := httptest.NewServer(router())`
`10`	`11`	`client := server.Client()`
`11`	`12`	`for i := 0; i < b.N; i++ {`
`12`		`- _, err := client.Get(server.URL + "/test/announce?port=1234")`
	`13`	`+ resp, err := client.Get(server.URL + "/test/announce?port=1234")`
`13`	`14`	`if err != nil {`
`14`	`15`	`b.Fatal(err)`
`15`	`16`	`}`
	`17`	`+ if resp.StatusCode != http.StatusOK {`
	`18`	`+ b.Fatalf("unexpected status code: %d", resp.StatusCode)`
	`19`	`+ }`
`16`	`20`	`}`
`17`	`21`	`}`