diff --git a/backend/.dockerignore b/backend/.dockerignore new file mode 100644 index 0000000..aeef0a3 --- /dev/null +++ b/backend/.dockerignore @@ -0,0 +1,7 @@ +.git +.env +node_modules +npm-debug.log +Dockerfile +.dockerignore +*.md \ No newline at end of file diff --git a/backend/Dockerfile b/backend/Dockerfile new file mode 100644 index 0000000..96a6106 --- /dev/null +++ b/backend/Dockerfile @@ -0,0 +1,62 @@ +# Stage 1: Build Dependencies +# Use an official Node.js runtime as a parent image +FROM node:18-alpine AS builder + +WORKDIR /app + +# Install OS dependencies needed for ping/traceroute +# Using apk add --no-cache reduces layer size +RUN apk add --no-cache iputils-ping traceroute + +# Copy package.json and package-lock.json (or yarn.lock) +COPY package*.json ./ + +# Install app dependencies using npm ci for faster, reliable builds +# --only=production installs only production dependencies +RUN npm ci --only=production + +# Stage 2: Production Image +FROM node:18-alpine + +WORKDIR /app + +# Install only necessary OS dependencies again for the final image +RUN apk add --no-cache iputils-ping traceroute + +# Copy dependencies from the builder stage +COPY --from=builder /app/node_modules ./node_modules + +# Copy application code +COPY . . + +# Copy MaxMind data (assuming it's in ./data) +# Ensure the 'data' directory exists in your project root +COPY ./data ./data + +# Create a non-root user and group +RUN addgroup -S appgroup && adduser -S appuser -G appgroup +# Optional: Change ownership of app files to the new user +# RUN chown -R appuser:appgroup /app + +# Switch to the non-root user +USER appuser + +# Make port specified in environment variable available to the world outside this container +# Default to 3000 if not specified +ARG PORT=3000 +ENV PORT=${PORT} +EXPOSE ${PORT} + +# Define environment variable for Node environment (important for Pino, Express etc.) +ENV NODE_ENV=production +# Define default Log Level if not set externally +ENV LOG_LEVEL=info +# Define default Ping Count if not set externally +ENV PING_COUNT=4 +# Define paths to GeoIP DBs (can be overridden by external .env or docker run -e) +ENV GEOIP_CITY_DB=./data/GeoLite2-City.mmdb +ENV GEOIP_ASN_DB=./data/GeoLite2-ASN.mmdb + + +# Run the app when the container launches +CMD ["node", "server.js"] \ No newline at end of file diff --git a/backend/example.env b/backend/example.env index 20efa4c..cf10000 100644 --- a/backend/example.env +++ b/backend/example.env @@ -1,4 +1,7 @@ # .env GEOIP_CITY_DB=./data/GeoLite2-City.mmdb GEOIP_ASN_DB=./data/GeoLite2-ASN.mmdb -PORT=3000 \ No newline at end of file +PORT=3000 +LOG_LEVEL=debug # z.B. für mehr Details im Development +PING_COUNT=4 +# NODE_ENV=development # Setze dies ggf. für pino-pretty \ No newline at end of file diff --git a/backend/package-lock.json b/backend/package-lock.json index 5fa8c55..ac94dae 100644 --- a/backend/package-lock.json +++ b/backend/package-lock.json @@ -12,7 +12,10 @@ "@maxmind/geoip2-node": "^6.0.0", "cors": "^2.8.5", "dotenv": "^16.4.7", - "express": "^4.21.2" + "express": "^4.21.2", + "express-rate-limit": "^7.5.0", + "pino": "^9.6.0", + "pino-pretty": "^13.0.0" } }, "node_modules/@maxmind/geoip2-node": { @@ -40,6 +43,14 @@ "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==" }, + "node_modules/atomic-sleep": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/atomic-sleep/-/atomic-sleep-1.0.0.tgz", + "integrity": "sha512-kNOjDqAh7px0XWNI+4QbzoiR/nTkHAWNud2uvnJquD1/x5a7EQZMJT0AczqK0Qn67oY/TTQ1LbUKajZpp3I9tQ==", + "engines": { + "node": ">=8.0.0" + } + }, "node_modules/body-parser": { "version": "1.20.3", "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.3.tgz", @@ -98,6 +109,11 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/colorette": { + "version": "2.0.20", + "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz", + "integrity": "sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==" + }, "node_modules/content-disposition": { "version": "0.5.4", "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", @@ -142,6 +158,14 @@ "node": ">= 0.10" } }, + "node_modules/dateformat": { + "version": "4.6.3", + "resolved": "https://registry.npmjs.org/dateformat/-/dateformat-4.6.3.tgz", + "integrity": "sha512-2P0p0pFGzHS5EMnhdxQi7aJN+iMheud0UhG4dlE1DLAlvL8JHjJJTX/CSm4JXwV0Ka5nGk3zC5mcb5bUQUxxMA==", + "engines": { + "node": "*" + } + }, "node_modules/debug": { "version": "2.6.9", "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", @@ -204,6 +228,14 @@ "node": ">= 0.8" } }, + "node_modules/end-of-stream": { + "version": "1.4.4", + "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", + "integrity": "sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==", + "dependencies": { + "once": "^1.4.0" + } + }, "node_modules/es-define-property": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz", @@ -289,6 +321,38 @@ "url": "https://opencollective.com/express" } }, + "node_modules/express-rate-limit": { + "version": "7.5.0", + "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.5.0.tgz", + "integrity": "sha512-eB5zbQh5h+VenMPM3fh+nw1YExi5nMr6HUCR62ELSP11huvxm/Uir1H1QEyTkk5QX6A58pX6NmaTMceKZ0Eodg==", + "engines": { + "node": ">= 16" + }, + "funding": { + "url": "https://github.com/sponsors/express-rate-limit" + }, + "peerDependencies": { + "express": "^4.11 || 5 || ^5.0.0-beta.1" + } + }, + "node_modules/fast-copy": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/fast-copy/-/fast-copy-3.0.2.tgz", + "integrity": "sha512-dl0O9Vhju8IrcLndv2eU4ldt1ftXMqqfgN4H1cpmGV7P6jeB9FwpN9a2c8DPGE1Ys88rNUJVYDHq73CGAGOPfQ==" + }, + "node_modules/fast-redact": { + "version": "3.5.0", + "resolved": "https://registry.npmjs.org/fast-redact/-/fast-redact-3.5.0.tgz", + "integrity": "sha512-dwsoQlS7h9hMeYUq1W++23NDcBLV4KqONnITDV9DjfS3q1SgDGVrBdvvTLUotWtPSD7asWDV9/CmsZPy8Hf70A==", + "engines": { + "node": ">=6" + } + }, + "node_modules/fast-safe-stringify": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz", + "integrity": "sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==" + }, "node_modules/finalhandler": { "version": "1.3.1", "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz", @@ -398,6 +462,11 @@ "node": ">= 0.4" } }, + "node_modules/help-me": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/help-me/-/help-me-5.0.0.tgz", + "integrity": "sha512-7xgomUX6ADmcYzFik0HzAxh/73YlKR9bmFzf51CZwR+b6YtzU2m0u49hQCqV6SvlqIqsaxovfwdvbnsw3b/zpg==" + }, "node_modules/http-errors": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", @@ -437,6 +506,14 @@ "node": ">= 0.10" } }, + "node_modules/joycon": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/joycon/-/joycon-3.1.1.tgz", + "integrity": "sha512-34wB/Y7MW7bzjKRjUKTa46I2Z7eV62Rkhva+KkopW7Qvv/OSWBqvkSY7vusOPrNuZcUG3tApvdVgNB8POj3SPw==", + "engines": { + "node": ">=10" + } + }, "node_modules/math-intrinsics": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", @@ -512,6 +589,14 @@ "node": ">= 0.6" } }, + "node_modules/minimist": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/mmdb-lib": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/mmdb-lib/-/mmdb-lib-2.1.1.tgz", @@ -553,6 +638,14 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/on-exit-leak-free": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/on-exit-leak-free/-/on-exit-leak-free-2.1.2.tgz", + "integrity": "sha512-0eJJY6hXLGf1udHwfNftBqH+g73EU4B504nZeKpz1sYRKafAghwxEJunB2O7rDZkL4PGfsMVnTXZ2EjibbqcsA==", + "engines": { + "node": ">=14.0.0" + } + }, "node_modules/on-finished": { "version": "2.4.1", "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", @@ -564,6 +657,14 @@ "node": ">= 0.8" } }, + "node_modules/once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "dependencies": { + "wrappy": "1" + } + }, "node_modules/parseurl": { "version": "1.3.3", "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", @@ -577,6 +678,78 @@ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==" }, + "node_modules/pino": { + "version": "9.6.0", + "resolved": "https://registry.npmjs.org/pino/-/pino-9.6.0.tgz", + "integrity": "sha512-i85pKRCt4qMjZ1+L7sy2Ag4t1atFcdbEt76+7iRJn1g2BvsnRMGu9p8pivl9fs63M2kF/A0OacFZhTub+m/qMg==", + "dependencies": { + "atomic-sleep": "^1.0.0", + "fast-redact": "^3.1.1", + "on-exit-leak-free": "^2.1.0", + "pino-abstract-transport": "^2.0.0", + "pino-std-serializers": "^7.0.0", + "process-warning": "^4.0.0", + "quick-format-unescaped": "^4.0.3", + "real-require": "^0.2.0", + "safe-stable-stringify": "^2.3.1", + "sonic-boom": "^4.0.1", + "thread-stream": "^3.0.0" + }, + "bin": { + "pino": "bin.js" + } + }, + "node_modules/pino-abstract-transport": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/pino-abstract-transport/-/pino-abstract-transport-2.0.0.tgz", + "integrity": "sha512-F63x5tizV6WCh4R6RHyi2Ml+M70DNRXt/+HANowMflpgGFMAym/VKm6G7ZOQRjqN7XbGxK1Lg9t6ZrtzOaivMw==", + "dependencies": { + "split2": "^4.0.0" + } + }, + "node_modules/pino-pretty": { + "version": "13.0.0", + "resolved": "https://registry.npmjs.org/pino-pretty/-/pino-pretty-13.0.0.tgz", + "integrity": "sha512-cQBBIVG3YajgoUjo1FdKVRX6t9XPxwB9lcNJVD5GCnNM4Y6T12YYx8c6zEejxQsU0wrg9TwmDulcE9LR7qcJqA==", + "dependencies": { + "colorette": "^2.0.7", + "dateformat": "^4.6.3", + "fast-copy": "^3.0.2", + "fast-safe-stringify": "^2.1.1", + "help-me": "^5.0.0", + "joycon": "^3.1.1", + "minimist": "^1.2.6", + "on-exit-leak-free": "^2.1.0", + "pino-abstract-transport": "^2.0.0", + "pump": "^3.0.0", + "secure-json-parse": "^2.4.0", + "sonic-boom": "^4.0.1", + "strip-json-comments": "^3.1.1" + }, + "bin": { + "pino-pretty": "bin.js" + } + }, + "node_modules/pino-std-serializers": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/pino-std-serializers/-/pino-std-serializers-7.0.0.tgz", + "integrity": "sha512-e906FRY0+tV27iq4juKzSYPbUj2do2X2JX4EzSca1631EB2QJQUqGbDuERal7LCtOpxl6x3+nvo9NPZcmjkiFA==" + }, + "node_modules/process-warning": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/process-warning/-/process-warning-4.0.1.tgz", + "integrity": "sha512-3c2LzQ3rY9d0hc1emcsHhfT9Jwz0cChib/QN89oME2R451w5fy3f0afAhERFZAwrbDU43wk12d0ORBpDVME50Q==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fastify" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/fastify" + } + ] + }, "node_modules/proxy-addr": { "version": "2.0.7", "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", @@ -589,6 +762,15 @@ "node": ">= 0.10" } }, + "node_modules/pump": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.2.tgz", + "integrity": "sha512-tUPXtzlGM8FE3P0ZL6DVs/3P58k9nk8/jZeQCurTJylQA8qFYzHFfhBJkuqyE0FifOsQ0uKWekiZ5g8wtr28cw==", + "dependencies": { + "end-of-stream": "^1.1.0", + "once": "^1.3.1" + } + }, "node_modules/qs": { "version": "6.13.0", "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz", @@ -603,6 +785,11 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/quick-format-unescaped": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/quick-format-unescaped/-/quick-format-unescaped-4.0.4.tgz", + "integrity": "sha512-tYC1Q1hgyRuHgloV/YXs2w15unPVh8qfu/qCTfhTYamaw7fyhumKa2yGpdSo87vY32rIclj+4fWYQXUMs9EHvg==" + }, "node_modules/range-parser": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", @@ -625,6 +812,14 @@ "node": ">= 0.8" } }, + "node_modules/real-require": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/real-require/-/real-require-0.2.0.tgz", + "integrity": "sha512-57frrGM/OCTLqLOAh0mhVA9VBMHd+9U7Zb2THMGdBUoZVOtGbJzjxsYGDJ3A9AYYCP4hn6y1TVbaOfzWtm5GFg==", + "engines": { + "node": ">= 12.13.0" + } + }, "node_modules/safe-buffer": { "version": "5.2.1", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", @@ -644,11 +839,24 @@ } ] }, + "node_modules/safe-stable-stringify": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.5.0.tgz", + "integrity": "sha512-b3rppTKm9T+PsVCBEOUR46GWI7fdOs00VKZ1+9c1EWDaDMvjQc6tUwuFyIprgGgTcWoVHSKrU8H31ZHA2e0RHA==", + "engines": { + "node": ">=10" + } + }, "node_modules/safer-buffer": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, + "node_modules/secure-json-parse": { + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/secure-json-parse/-/secure-json-parse-2.7.0.tgz", + "integrity": "sha512-6aU+Rwsezw7VR8/nyvKTx8QpWH9FrcYiXXlqC4z5d5XQBDRqtbfsRjnwGyqbi3gddNtWHuEk9OANUotL26qKUw==" + }, "node_modules/send": { "version": "0.19.0", "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz", @@ -772,6 +980,22 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/sonic-boom": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-4.2.0.tgz", + "integrity": "sha512-INb7TM37/mAcsGmc9hyyI6+QR3rR1zVRu36B0NeGXKnOOLiZOfER5SA+N7X7k3yUYRzLWafduTDvJAfDswwEww==", + "dependencies": { + "atomic-sleep": "^1.0.0" + } + }, + "node_modules/split2": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/split2/-/split2-4.2.0.tgz", + "integrity": "sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==", + "engines": { + "node": ">= 10.x" + } + }, "node_modules/statuses": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", @@ -780,6 +1004,25 @@ "node": ">= 0.8" } }, + "node_modules/strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/thread-stream": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-3.1.0.tgz", + "integrity": "sha512-OqyPZ9u96VohAyMfJykzmivOrY2wfMSf3C5TtFJVgN+Hm6aj+voFhlK+kZEIv2FBh1X6Xp3DlnCOfEQ3B2J86A==", + "dependencies": { + "real-require": "^0.2.0" + } + }, "node_modules/tiny-lru": { "version": "11.2.11", "resolved": "https://registry.npmjs.org/tiny-lru/-/tiny-lru-11.2.11.tgz", @@ -831,6 +1074,11 @@ "engines": { "node": ">= 0.8" } + }, + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" } } } diff --git a/backend/package.json b/backend/package.json index e337ca4..bc707ac 100644 --- a/backend/package.json +++ b/backend/package.json @@ -13,6 +13,9 @@ "@maxmind/geoip2-node": "^6.0.0", "cors": "^2.8.5", "dotenv": "^16.4.7", - "express": "^4.21.2" + "express": "^4.21.2", + "express-rate-limit": "^7.5.0", + "pino": "^9.6.0", + "pino-pretty": "^13.0.0" } } diff --git a/backend/server.js b/backend/server.js index 69248b9..1fe3ace 100644 --- a/backend/server.js +++ b/backend/server.js @@ -1,11 +1,22 @@ // server.js -require('dotenv').config(); +require('dotenv').config(); // Lädt Variablen aus .env in process.env const express = require('express'); const cors = require('cors'); const geoip = require('@maxmind/geoip2-node'); const net = require('net'); // Node.js built-in module for IP validation const { spawn } = require('child_process'); const dns = require('dns').promises; +const pino = require('pino'); // Logging library +const rateLimit = require('express-rate-limit'); // Rate limiting middleware + +// --- Logger Initialisierung --- +const logger = pino({ + level: process.env.LOG_LEVEL || 'info', // Konfigurierbares Log-Level (z.B. 'debug', 'info', 'warn', 'error') + // Pretty print nur im Development, sonst JSON für bessere Maschinenlesbarkeit + transport: process.env.NODE_ENV !== 'production' + ? { target: 'pino-pretty', options: { colorize: true, translateTime: 'SYS:standard', ignore: 'pid,hostname' } } + : undefined, +}); const app = express(); const PORT = process.env.PORT || 3000; @@ -22,21 +33,45 @@ let asnReader; * @returns {boolean} True, wenn gültig (als v4 oder v6), sonst false. */ function isValidIp(ip) { - // Frühe Prüfung auf offensichtlich ungültige Werte if (!ip || typeof ip !== 'string' || ip.trim() === '') { - // console.log(`isValidIp (net): Input invalid`); // Optional Debugging return false; } const trimmedIp = ip.trim(); - - // net.isIP(trimmedIp) gibt 0 zurück, wenn ungültig, 4 für IPv4, 6 für IPv6. - const ipVersion = net.isIP(trimmedIp); - - // console.log(`isValidIp (net): net.isIP check for "${trimmedIp}": Version ${ipVersion}`); // Optional Debugging - + const ipVersion = net.isIP(trimmedIp); // Gibt 0, 4 oder 6 zurück + // logger.debug({ ip: trimmedIp, version: ipVersion }, 'isValidIp check'); // Optional: Debug log return ipVersion === 4 || ipVersion === 6; } +/** + * Prüft, ob eine IP-Adresse im privaten, Loopback- oder Link-Local-Bereich liegt. + * @param {string} ip - Die zu prüfende IP-Adresse (bereits validiert). + * @returns {boolean} True, wenn die IP privat/lokal ist, sonst false. + */ +function isPrivateIp(ip) { + if (!ip) return false; + const ipVersion = net.isIP(ip); + + if (ipVersion === 4) { + const parts = ip.split('.').map(Number); + return ( + parts[0] === 10 || // 10.0.0.0/8 + (parts[0] === 172 && parts[1] >= 16 && parts[1] <= 31) || // 172.16.0.0/12 + (parts[0] === 192 && parts[1] === 168) || // 192.168.0.0/16 + parts[0] === 127 || // 127.0.0.0/8 (Loopback) + (parts[0] === 169 && parts[1] === 254) // 169.254.0.0/16 (Link-local) + ); + } else if (ipVersion === 6) { + const lowerCaseIp = ip.toLowerCase(); + return ( + lowerCaseIp === '::1' || // ::1/128 (Loopback) + lowerCaseIp.startsWith('fc') || lowerCaseIp.startsWith('fd') || // fc00::/7 (Unique Local) + lowerCaseIp.startsWith('fe8') || lowerCaseIp.startsWith('fe9') || // fe80::/10 (Link-local) + lowerCaseIp.startsWith('fea') || lowerCaseIp.startsWith('feb') + ); + } + return false; +} + /** * Bereinigt eine IP-Adresse (z.B. entfernt ::ffff: Präfix von IPv4-mapped IPv6). @@ -45,36 +80,31 @@ function isValidIp(ip) { * @returns {string} Die bereinigte IP-Adresse. */ function getCleanIp(ip) { - if (!ip) return ip; // Handle null/undefined case - - const trimmedIp = ip.trim(); // Trimmen für Konsistenz - + if (!ip) return ip; + const trimmedIp = ip.trim(); if (trimmedIp.startsWith('::ffff:')) { const potentialIp4 = trimmedIp.substring(7); - // Prüfen, ob der extrahierte Teil eine gültige IPv4 ist if (net.isIP(potentialIp4) === 4) { return potentialIp4; } } - // Handle localhost cases for testing if (trimmedIp === '::1' || trimmedIp === '127.0.0.1') { return trimmedIp; } - return trimmedIp; // Gib die getrimmte IP zurück + return trimmedIp; } /** - * Führt einen Shell-Befehl sicher aus und gibt stdout zurück. + * Führt einen Shell-Befehl sicher aus und gibt stdout zurück. (Nur für Ping verwendet) * @param {string} command - Der Befehl (z.B. 'ping'). * @param {string[]} args - Die Argumente als Array. * @returns {Promise} Eine Promise, die mit stdout aufgelöst wird. */ function executeCommand(command, args) { return new Promise((resolve, reject) => { - // Argumenten-Validierung (einfach) args.forEach(arg => { if (typeof arg === 'string' && /[;&|`$()<>]/.test(arg)) { - console.error(`Potential command injection attempt detected in argument: ${arg}`); + logger.error({ command, arg }, "Potential command injection attempt detected in argument"); return reject(new Error(`Invalid character detected in command argument.`)); } }); @@ -86,12 +116,12 @@ function executeCommand(command, args) { proc.stdout.on('data', (data) => { stdout += data.toString(); }); proc.stderr.on('data', (data) => { stderr += data.toString(); }); proc.on('error', (err) => { - console.error(`Failed to start command ${command}: ${err.message}`); + logger.error({ command, args, error: err.message }, `Failed to start command`); reject(new Error(`Failed to start command ${command}: ${err.message}`)); }); proc.on('close', (code) => { if (code !== 0) { - console.error(`Command ${command} ${args.join(' ')} failed with code ${code}: ${stderr || stdout}`); + logger.error({ command, args, exitCode: code, stderr: stderr.trim(), stdout: stdout.trim() }, `Command failed`); reject(new Error(`Command ${command} failed with code ${code}: ${stderr || 'No stderr output'}`)); } else { resolve(stdout); @@ -100,84 +130,167 @@ function executeCommand(command, args) { }); } +/** + * Parst die Ausgabe des Linux/macOS ping Befehls. + * @param {string} pingOutput - Die rohe stdout Ausgabe von ping. + * @returns {object} Ein Objekt mit geparsten Daten oder Fehlern. + */ +function parsePingOutput(pingOutput) { + const result = { + rawOutput: pingOutput, + stats: null, + error: null, + }; + + try { + let packetsTransmitted = 0; + let packetsReceived = 0; + let packetLossPercent = 100; + let rtt = { min: null, avg: null, max: null, mdev: null }; + + const lines = pingOutput.trim().split('\n'); + const statsLine = lines.find(line => line.includes('packets transmitted')); + if (statsLine) { + const transmittedMatch = statsLine.match(/(\d+)\s+packets transmitted/); + const receivedMatch = statsLine.match(/(\d+)\s+(?:received|packets received)/); // Anpassung für Varianten + const lossMatch = statsLine.match(/([\d.]+)%\s+packet loss/); + if (transmittedMatch) packetsTransmitted = parseInt(transmittedMatch[1], 10); + if (receivedMatch) packetsReceived = parseInt(receivedMatch[1], 10); + if (lossMatch) packetLossPercent = parseFloat(lossMatch[1]); + } + + const rttLine = lines.find(line => line.startsWith('rtt min/avg/max/mdev') || line.startsWith('round-trip min/avg/max/stddev')); + if (rttLine) { + const rttMatch = rttLine.match(/([\d.]+)\/([\d.]+)\/([\d.]+)\/([\d.]+)/); + if (rttMatch) { + rtt = { + min: parseFloat(rttMatch[1]), + avg: parseFloat(rttMatch[2]), + max: parseFloat(rttMatch[3]), + mdev: parseFloat(rttMatch[4]), + }; + } + } + + result.stats = { + packets: { transmitted: packetsTransmitted, received: packetsReceived, lossPercent: packetLossPercent }, + rtt: rtt.avg !== null ? rtt : null, + }; + if (packetsTransmitted > 0 && rtt.avg === null && packetsReceived === 0) { + result.error = "Request timed out or host unreachable."; // Spezifischer Fehler bei Totalausfall + } + + } catch (parseError) { + logger.error({ error: parseError.message, output: pingOutput }, "Failed to parse ping output"); + result.error = "Failed to parse ping output."; + } + return result; +} /** - * Prüft, ob eine IP-Adresse im privaten, Loopback- oder Link-Local-Bereich liegt. - * @param {string} ip - Die zu prüfende IP-Adresse (bereits validiert). - * @returns {boolean} True, wenn die IP privat/lokal ist, sonst false. + * Parst eine einzelne Zeile der Linux/macOS traceroute Ausgabe. + * @param {string} line - Eine Zeile aus stdout. + * @returns {object | null} Ein Objekt mit Hop-Daten oder null bei uninteressanten Zeilen. */ -function isPrivateIp(ip) { - if (!ip) return false; // Sollte durch isValidIp vorher abgefangen werden +function parseTracerouteLine(line) { + line = line.trim(); + if (!line || line.startsWith('traceroute to')) return null; // Ignoriere Header - const ipVersion = net.isIP(ip); // Gibt 4 oder 6 zurück + // Regex angepasst für mehr Robustheit (optionaler Hostname, IP immer da, RTTs oder *) + const hopMatch = line.match(/^(\s*\d+)\s+(?:([a-zA-Z0-9\.\-]+)\s+\(([\d\.:a-fA-F]+)\)|([\d\.:a-fA-F]+))\s+(.*)$/); + const timeoutMatch = line.match(/^(\s*\d+)\s+(\*\s+\*\s+\*)/); - if (ipVersion === 4) { - const parts = ip.split('.').map(Number); - return ( - // 10.0.0.0/8 - parts[0] === 10 || - // 172.16.0.0/12 - (parts[0] === 172 && parts[1] >= 16 && parts[1] <= 31) || - // 192.168.0.0/16 - (parts[0] === 192 && parts[1] === 168) || - // 127.0.0.0/8 (Loopback) - parts[0] === 127 || - // 169.254.0.0/16 (Link-local) - (parts[0] === 169 && parts[1] === 254) - ); - } else if (ipVersion === 6) { - const lowerCaseIp = ip.toLowerCase(); - return ( - // ::1/128 (Loopback) - lowerCaseIp === '::1' || - // fc00::/7 (Unique Local Addresses) - lowerCaseIp.startsWith('fc') || lowerCaseIp.startsWith('fd') || - // fe80::/10 (Link-local) - lowerCaseIp.startsWith('fe8') || lowerCaseIp.startsWith('fe9') || - lowerCaseIp.startsWith('fea') || lowerCaseIp.startsWith('feb') - ); + if (timeoutMatch) { + return { + hop: parseInt(timeoutMatch[1].trim(), 10), + hostname: null, + ip: null, + rtt: ['*', '*', '*'], + rawLine: line, + }; + } else if (hopMatch) { + const hop = parseInt(hopMatch[1].trim(), 10); + const hostname = hopMatch[2]; // Kann undefined sein + const ipInParen = hopMatch[3]; // Kann undefined sein + const ipDirect = hopMatch[4]; // Kann undefined sein + const restOfLine = hopMatch[5].trim(); + + const ip = ipInParen || ipDirect; + + // Extrahiere RTTs (können * sein oder Zahl mit " ms") + const rttParts = restOfLine.split(/\s+/); + const rtts = rttParts.map(p => p === '*' ? '*' : p.replace(/\s*ms$/, '')).filter(p => p === '*' || !isNaN(parseFloat(p))).slice(0, 3); + // Fülle fehlende RTTs mit '*' auf, falls weniger als 3 gefunden wurden + while (rtts.length < 3) rtts.push('*'); + + return { + hop: hop, + hostname: hostname || null, // Setze null, wenn kein Hostname gefunden + ip: ip, + rtt: rtts, + rawLine: line, + }; } - - // Wenn net.isIP 0 zurückgibt (sollte nicht passieren nach isValidIp) - return false; + // logger.debug({ line }, "Unparsed traceroute line"); // Optional: Log unparsed lines + return null; // Nicht als Hop-Zeile erkannt } + // --- Initialisierung (MaxMind DBs laden) --- async function initialize() { try { - console.log('Loading MaxMind databases...'); + logger.info('Loading MaxMind databases...'); const cityDbPath = process.env.GEOIP_CITY_DB || './data/GeoLite2-City.mmdb'; const asnDbPath = process.env.GEOIP_ASN_DB || './data/GeoLite2-ASN.mmdb'; - console.log(`City DB Path: ${cityDbPath}`); - console.log(`ASN DB Path: ${asnDbPath}`); + logger.info({ cityDbPath, asnDbPath }, 'Database paths'); cityReader = await geoip.Reader.open(cityDbPath); asnReader = await geoip.Reader.open(asnDbPath); - console.log('MaxMind databases loaded successfully.'); + logger.info('MaxMind databases loaded successfully.'); } catch (error) { - console.error('FATAL: Could not load MaxMind databases.'); - console.error('Ensure GEOIP_CITY_DB and GEOIP_ASN_DB point to valid .mmdb files in the ./data directory or via .env'); - console.error(error); + logger.fatal({ error: error.message, stack: error.stack }, 'Could not load MaxMind databases. Exiting.'); process.exit(1); } } // --- Middleware --- -app.use(cors()); -app.use(express.json()); -// app.set('trust proxy', true); // Nur aktivieren, wenn nötig und korrekt konfiguriert +app.use(cors()); // Erlaubt Anfragen von anderen Origins +app.use(express.json()); // Parst JSON-Request-Bodies + +// Vertraue Proxy-Headern (vorsichtig verwenden!) +// app.set('trust proxy', 1); // Vertraue dem ersten Proxy (z.B. Nginx, Load Balancer) + +// Rate Limiter +const diagnosticLimiter = rateLimit({ + windowMs: 5 * 60 * 1000, // 5 Minuten + max: process.env.NODE_ENV === 'production' ? 10 : 100, // Mehr Anfragen im Dev erlauben + standardHeaders: true, + legacyHeaders: false, + message: { error: 'Too many diagnostic requests (ping/traceroute) from this IP, please try again after 5 minutes' }, + keyGenerator: (req, res) => req.ip || req.socket.remoteAddress, // IP des Clients als Schlüssel + handler: (req, res, next, options) => { + logger.warn({ ip: req.ip || req.socket.remoteAddress, route: req.originalUrl }, 'Rate limit exceeded'); + res.status(options.statusCode).send(options.message); + } +}); + +// Wende Limiter nur auf Ping und Traceroute an +app.use('/api/ping', diagnosticLimiter); +app.use('/api/traceroute', diagnosticLimiter); + // --- Routen --- // Haupt-Endpunkt: Liefert alle Infos zur IP des Clients app.get('/api/ipinfo', async (req, res) => { - console.log(`ipinfo request: req.ip = ${req.ip}, req.socket.remoteAddress = ${req.socket.remoteAddress}`); - const clientIpRaw = req.ip || req.socket.remoteAddress; - const clientIp = getCleanIp(clientIpRaw); // Verwendet jetzt die neue getCleanIp + const requestIp = req.ip || req.socket.remoteAddress; // req.ip berücksichtigt 'trust proxy' + logger.info({ ip: requestIp, method: req.method, url: req.originalUrl }, 'ipinfo request received'); - console.log(`ipinfo: Raw IP = ${clientIpRaw}, Cleaned IP = ${clientIp}`); + const clientIp = getCleanIp(requestIp); + logger.debug({ rawIp: requestIp, cleanedIp: clientIp }, 'IP cleaning result'); - if (!clientIp || !isValidIp(clientIp)) { // Verwendet jetzt die neue isValidIp + if (!clientIp || !isValidIp(clientIp)) { if (clientIp === '127.0.0.1' || clientIp === '::1') { + logger.info({ ip: clientIp }, 'Responding with localhost info'); return res.json({ ip: clientIp, geo: { note: 'Localhost IP, no Geo data available.' }, @@ -185,36 +298,53 @@ app.get('/api/ipinfo', async (req, res) => { rdns: ['localhost'], }); } - console.error(`ipinfo: Could not determine a valid client IP. Raw: ${clientIpRaw}, Cleaned: ${clientIp}`); - return res.status(400).json({ error: 'Could not determine a valid client IP address.', rawIp: clientIpRaw, cleanedIp: clientIp }); + logger.error({ rawIp: requestIp, cleanedIp: clientIp }, 'Could not determine a valid client IP'); + return res.status(400).json({ error: 'Could not determine a valid client IP address.', rawIp: requestIp, cleanedIp: clientIp }); } try { let geo = null; try { const geoData = cityReader.city(clientIp); - geo = { /* ... Geo-Daten wie zuvor ... */ }; + geo = { + city: geoData.city?.names?.en, + region: geoData.subdivisions?.[0]?.isoCode, + country: geoData.country?.isoCode, + countryName: geoData.country?.names?.en, + postalCode: geoData.postal?.code, + latitude: geoData.location?.latitude, + longitude: geoData.location?.longitude, + timezone: geoData.location?.timeZone, + }; + logger.debug({ ip: clientIp, geo }, 'GeoIP lookup successful'); } catch (e) { - console.warn(`ipinfo: MaxMind City lookup failed for ${clientIp}: ${e.message}`); - geo = { error: 'GeoIP lookup failed.' }; + logger.warn({ ip: clientIp, error: e.message }, `MaxMind City lookup failed`); + geo = { error: 'GeoIP lookup failed (IP not found in database or private range).' }; } let asn = null; try { const asnData = asnReader.asn(clientIp); - asn = { /* ... ASN-Daten wie zuvor ... */ }; + asn = { + number: asnData.autonomousSystemNumber, + organization: asnData.autonomousSystemOrganization, + }; + logger.debug({ ip: clientIp, asn }, 'ASN lookup successful'); } catch (e) { - console.warn(`ipinfo: MaxMind ASN lookup failed for ${clientIp}: ${e.message}`); - asn = { error: 'ASN lookup failed.' }; + logger.warn({ ip: clientIp, error: e.message }, `MaxMind ASN lookup failed`); + asn = { error: 'ASN lookup failed (IP not found in database or private range).' }; } let rdns = null; try { const hostnames = await dns.reverse(clientIp); rdns = hostnames; + logger.debug({ ip: clientIp, rdns }, 'rDNS lookup successful'); } catch (e) { if (e.code !== 'ENOTFOUND' && e.code !== 'ENODATA') { - console.warn(`ipinfo: rDNS lookup error for ${clientIp}:`, e.message); + logger.warn({ ip: clientIp, error: e.message, code: e.code }, `rDNS lookup error`); + } else { + logger.debug({ ip: clientIp, code: e.code }, 'rDNS lookup failed (No record)'); } rdns = { error: `rDNS lookup failed (${e.code || 'Unknown error'})` }; } @@ -222,8 +352,8 @@ app.get('/api/ipinfo', async (req, res) => { res.json({ ip: clientIp, geo, asn, rdns }); } catch (error) { - console.error(`ipinfo: Error processing ipinfo for ${clientIp}:`, error); - res.status(500).json({ error: 'Internal server error.' }); + logger.error({ ip: clientIp, error: error.message, stack: error.stack }, 'Error processing ipinfo'); + res.status(500).json({ error: 'Internal server error while processing IP information.' }); } }); @@ -231,92 +361,190 @@ app.get('/api/ipinfo', async (req, res) => { app.get('/api/ping', async (req, res) => { const targetIpRaw = req.query.targetIp; const targetIp = typeof targetIpRaw === 'string' ? targetIpRaw.trim() : targetIpRaw; + const requestIp = req.ip || req.socket.remoteAddress; - console.log(`--- PING Request ---`); - console.log(`Value of targetIp: "${targetIp}"`); + logger.info({ requestIp, targetIp }, 'Ping request received'); - const isValidResult = isValidIp(targetIp); - console.log(`isValidIp (net) result for "${targetIp}": ${isValidResult}`); - - if (!isValidResult) { - console.log(`isValidIp (net) returned false for "${targetIp}", sending 400.`); + if (!isValidIp(targetIp)) { + logger.warn({ requestIp, targetIp }, 'Invalid target IP for ping'); return res.status(400).json({ error: 'Invalid target IP address provided.' }); } - // --- NEUE PRÜFUNG AUF PRIVATE IP --- if (isPrivateIp(targetIp)) { - console.log(`Target IP "${targetIp}" is private/local. Aborting ping.`); + logger.warn({ requestIp, targetIp }, 'Attempt to ping private IP blocked'); return res.status(403).json({ error: 'Operations on private or local IP addresses are not allowed.' }); } - // --- ENDE NEUE PRÜFUNG --- try { - console.log(`Proceeding to execute ping for "${targetIp}"...`); - const args = ['-c', '4', targetIp]; + const pingCount = process.env.PING_COUNT || '4'; + const countArg = parseInt(pingCount, 10) || 4; + const args = ['-c', `${countArg}`, targetIp]; // Linux/macOS const command = 'ping'; - console.log(`Executing: ${command} ${args.join(' ')}`); + logger.info({ requestIp, targetIp, command: `${command} ${args.join(' ')}` }, 'Executing ping'); const output = await executeCommand(command, args); + const parsedResult = parsePingOutput(output); - console.log(`Ping for ${targetIp} successful.`); - // TODO: Ping-Ausgabe parsen - res.json({ success: true, rawOutput: output }); + logger.info({ requestIp, targetIp, stats: parsedResult.stats }, 'Ping successful'); + res.json({ success: true, ...parsedResult }); } catch (error) { - res.status(500).json({ success: false, error: `Ping command failed: ${error.message}` }); + // executeCommand loggt bereits Details + logger.error({ requestIp, targetIp, error: error.message }, 'Ping command failed'); + // Sende strukturierte Fehlermeldung, wenn möglich + const parsedError = parsePingOutput(error.message); // Versuche, Fehler aus Ping-Output zu parsen + res.status(500).json({ + success: false, + error: `Ping command failed: ${parsedError.error || error.message}`, + rawOutput: parsedError.rawOutput || error.message + }); } }); -// Traceroute Endpunkt -app.get('/api/traceroute', async (req, res) => { +// Traceroute Endpunkt (Server-Sent Events) +app.get('/api/traceroute', (req, res) => { // Beachte: nicht async, da wir streamen const targetIpRaw = req.query.targetIp; const targetIp = typeof targetIpRaw === 'string' ? targetIpRaw.trim() : targetIpRaw; + const requestIp = req.ip || req.socket.remoteAddress; - console.log(`--- TRACEROUTE Request ---`); - console.log(`Value of targetIp: "${targetIp}"`); + logger.info({ requestIp, targetIp }, 'Traceroute stream request received'); - const isValidResult = isValidIp(targetIp); - console.log(`isValidIp (net) result for "${targetIp}": ${isValidResult}`); - - if (!isValidResult) { - console.log(`isValidIp (net) returned false for "${targetIp}", sending 400.`); + if (!isValidIp(targetIp)) { + logger.warn({ requestIp, targetIp }, 'Invalid target IP for traceroute'); return res.status(400).json({ error: 'Invalid target IP address provided.' }); } - // --- NEUE PRÜFUNG AUF PRIVATE IP --- if (isPrivateIp(targetIp)) { - console.log(`Target IP "${targetIp}" is private/local. Aborting traceroute.`); + logger.warn({ requestIp, targetIp }, 'Attempt to traceroute private IP blocked'); return res.status(403).json({ error: 'Operations on private or local IP addresses are not allowed.' }); } - // --- ENDE NEUE PRÜFUNG --- try { - console.log(`Proceeding to execute traceroute for "${targetIp}"...`); - const args = ['-n', targetIp]; // Linux/macOS + logger.info({ requestIp, targetIp }, `Starting traceroute stream...`); + + // Set SSE Headers + res.setHeader('Content-Type', 'text/event-stream'); + res.setHeader('Cache-Control', 'no-cache'); + res.setHeader('Connection', 'keep-alive'); + res.setHeader('X-Accel-Buffering', 'no'); // Wichtig für Nginx-Proxies + res.flushHeaders(); // Send headers immediately + + const args = ['-n', targetIp]; // Linux/macOS, -n für keine Namensauflösung (schneller) const command = 'traceroute'; + const proc = spawn(command, args); + logger.info({ requestIp, targetIp, command: `${command} ${args.join(' ')}` }, 'Spawned traceroute process'); - console.log(`Executing: ${command} ${args.join(' ')}`); - const output = await executeCommand(command, args); + let buffer = ''; // Buffer für unvollständige Zeilen - console.log(`Traceroute for ${targetIp} successful.`); - // TODO: Traceroute-Ausgabe parsen - res.json({ success: true, rawOutput: output }); + const sendEvent = (event, data) => { + try { + res.write(`event: ${event}\ndata: ${JSON.stringify(data)}\n\n`); + } catch (e) { + logger.error({ requestIp, targetIp, event, error: e.message }, "Error writing to SSE stream (client likely disconnected)"); + proc.kill(); // Beende Prozess, wenn Schreiben fehlschlägt + res.end(); + } + }; + + proc.stdout.on('data', (data) => { + buffer += data.toString(); + let lines = buffer.split('\n'); + buffer = lines.pop() || ''; // Letzte (evtl. unvollständige) Zeile zurück in den Buffer + + lines.forEach(line => { + const parsed = parseTracerouteLine(line); + if (parsed) { + logger.debug({ requestIp, targetIp, hop: parsed.hop, ip: parsed.ip }, 'Sending hop data'); + sendEvent('hop', parsed); + } else if (line.trim()) { + logger.debug({ requestIp, targetIp, message: line.trim() }, 'Sending info data'); + sendEvent('info', { message: line.trim() }); + } + }); + }); + + proc.stderr.on('data', (data) => { + const errorMsg = data.toString().trim(); + logger.warn({ requestIp, targetIp, stderr: errorMsg }, 'Traceroute stderr output'); + sendEvent('error', { error: errorMsg }); + }); + + proc.on('error', (err) => { + logger.error({ requestIp, targetIp, error: err.message }, `Failed to start traceroute command`); + sendEvent('error', { error: `Failed to start traceroute: ${err.message}` }); + if (!res.writableEnded) res.end(); + }); + + proc.on('close', (code) => { + if (buffer) { // Verarbeite letzte Zeile im Buffer + const parsed = parseTracerouteLine(buffer); + if (parsed) { + sendEvent('hop', parsed); + } else if (buffer.trim()) { + sendEvent('info', { message: buffer.trim() }); + } + } + + if (code !== 0) { + logger.error({ requestIp, targetIp, exitCode: code }, `Traceroute command finished with error code ${code}`); + sendEvent('error', { error: `Traceroute command failed with exit code ${code}` }); + } else { + logger.info({ requestIp, targetIp }, `Traceroute stream completed successfully.`); + } + sendEvent('end', { exitCode: code }); + if (!res.writableEnded) res.end(); + }); + + // Handle client disconnect + req.on('close', () => { + logger.info({ requestIp, targetIp }, 'Client disconnected from traceroute stream, killing process.'); + if (!proc.killed) { + proc.kill(); + } + if (!res.writableEnded) res.end(); + }); } catch (error) { - res.status(500).json({ success: false, error: `Traceroute command failed: ${error.message}` }); + // Dieser Catch ist eher für synchrone Fehler vor dem Spawn + logger.error({ requestIp, targetIp, error: error.message, stack: error.stack }, 'Error setting up traceroute stream'); + if (!res.headersSent) { + res.status(500).json({ success: false, error: `Failed to initiate traceroute: ${error.message}` }); + } else { + // Wenn Header gesendet wurden, können wir nur noch versuchen, einen Fehler zu schreiben und zu beenden + try { + if (!res.writableEnded) { + res.write(`event: error\ndata: ${JSON.stringify({ error: `Internal server error: ${error.message}` })}\n\n`); + res.end(); + } + } catch (e) { logger.error({ requestIp, targetIp, error: e.message }, "Error writing final error to SSE stream"); } + } } -}); +}); // Ende von app.get('/api/traceroute'...) // --- Server starten --- initialize().then(() => { app.listen(PORT, () => { - console.log(`Server listening on port ${PORT}`); - console.log(`API endpoints available at:`); - console.log(` http://localhost:${PORT}/api/ipinfo`); - console.log(` http://localhost:${PORT}/api/ping?targetIp=`); - console.log(` http://localhost:${PORT}/api/traceroute?targetIp=`); + logger.info({ port: PORT, node_env: process.env.NODE_ENV || 'development' }, `Server listening`); + logger.info(`API endpoints available at:`); + logger.info(` http://localhost:${PORT}/api/ipinfo`); + logger.info(` http://localhost:${PORT}/api/ping?targetIp=`); + logger.info(` http://localhost:${PORT}/api/traceroute?targetIp=`); }); }).catch(error => { - console.error("Server could not start due to initialization errors."); + // Fehler bei der Initialisierung wurde bereits geloggt. + logger.fatal("Server could not start due to initialization errors."); + process.exit(1); // Beenden bei schwerwiegendem Startfehler +}); + +// Graceful Shutdown Handling (optional aber gut für Produktion) +const signals = { 'SIGINT': 2, 'SIGTERM': 15 }; +Object.keys(signals).forEach((signal) => { + process.on(signal, () => { + logger.info(`Received ${signal}, shutting down gracefully...`); + // Hier könnten noch offene Verbindungen geschlossen werden etc. + // z.B. server.close(() => { logger.info('HTTP server closed.'); process.exit(128 + signals[signal]); }); + // Für dieses Beispiel beenden wir direkt: + process.exit(128 + signals[signal]); + }); }); \ No newline at end of file