feat: sanitize input & add tcp latency value

Cat · Cat · commit ef7c2da5cf89 · 2026-01-11T03:33:25.000+08:00
diff --git a/api/api.go b/api/api.go
@@ -2,10 +2,12 @@ package api
 
 import (
 	"encoding/json"
-	"github.com/The-NeXT-Project/NetStatus-API-Go/config"
 	"net"
 	"net/http"
+	"strconv"
 	"time"
+
+	"github.com/The-NeXT-Project/NetStatus-API-Go/config"
 )
 
 func TcpingV1(writer http.ResponseWriter, request *http.Request) {
@@ -41,27 +43,60 @@ func TcpingV1(writer http.ResponseWriter, request *http.Request) {
 		return
 	}
 
-	status, msg := ping(request.URL.Query().Get("ip"), request.URL.Query().Get("port"))
+	ip := request.URL.Query().Get("ip")
+	portStr := request.URL.Query().Get("port")
+
+	// Sanitize IP address
+	if net.ParseIP(ip) == nil {
+		res, _ := json.Marshal(tcpingRes{
+			Status: "false",
+			Message: "Invalid IP address format",
+		})
+		writer.Header().Set("Content-Type", "application/json")
+		writer.WriteHeader(http.StatusBadRequest)
+		_, err := writer.Write(res)
+		if err != nil {
+			writer.WriteHeader(http.StatusInternalServerError)
+		}
+		return
+	}
+
+	// Sanitize port
+	port, err := strconv.Atoi(portStr)
+	if err != nil || port < 1 || port > 65535 {
+		res, _ := json.Marshal(tcpingRes{
+			Status: "false",
+			Message: "Invalid port number",
+		})
+		writer.Header().Set("Content-Type", "application/json")
+		writer.WriteHeader(http.StatusBadRequest)
+		_, _ = writer.Write(res) // Error handling for Write is already present below
+		return
+	}
+
+	status, latency, msg := ping(ip, portStr)
 
 	res, _ := json.Marshal(tcpingRes{
 		Status:  status,
+		Time:    latency,
 		Message: msg,
 	})
 
 	writer.Header().Set("Content-Type", "application/json")
 	writer.WriteHeader(http.StatusOK)
-	_, err := writer.Write(res)
+	_, err = writer.Write(res)
 	if err != nil {
 		writer.WriteHeader(http.StatusInternalServerError)
 	}
 }
 
-func ping(ip string, port string) (status string, msg string) {
+func ping(ip string, port string) (string, int, string) {
 	timeout := time.Duration(int64(config.Config.TcpingTimeout) * int64(time.Millisecond))
+	startTime := time.Now()
 
 	conn, err := net.DialTimeout("tcp", net.JoinHostPort(ip, port), timeout)
 	if err != nil {
-		return "false", "TCP connection failed"
+		return "false", config.Config.TcpingTimeout, "TCP connection failed"
 	}
 
 	if conn != nil {
@@ -70,5 +105,5 @@ func ping(ip string, port string) (status string, msg string) {
 		}(conn)
 	}
 
-	return "true", "TCP connection successful"
+	return "true", int(time.Since(startTime).Milliseconds()), "TCP connection successful"
 }
diff --git a/api/model.go b/api/model.go
@@ -2,5 +2,6 @@ package api
 
 type tcpingRes struct {
 	Status  string `json:"status"`
+	Time    int    `json:"time,omitempty"`
 	Message string `json:"message"`
 }

Original file line number	Diff line number	Diff line change
`@@ -2,5 +2,6 @@ package api`
`2`	`2`
`3`	`3`	`type tcpingRes struct {`
`4`	`4`	Status string `json:"status"`
	`5`	+ Time int `json:"time,omitempty"`
`5`	`6`	Message string `json:"message"`
`6`	`7`	`}`