ncp-diag, web-ui: Integrate new port check backend

Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> Signed-off-by: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com>
2026-01-09 06:32:00 -03:30 · 2023-01-11 00:15:29 +01:00 · 2023-01-11 00:15:29 +01:00 · bc0abc6c48
commit bc0abc6c48
parent 74200976ad
4 changed files with 81 additions and 69 deletions
--- a/bin/ncp-diag
+++ b/bin/ncp-diag
@ -1,6 +1,5 @@
 #!/bin/bash
-
-# NextCloudPi diagnostics report
+# NextcloudPi diagnostics report
 #
 # Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
 # GPL licensed (see end of file) * Use at your own risk!
@ -10,13 +9,13 @@
 #
 # More at https://ownyourbits.com
 #
-
+# shellcheck disable=SC1091
 source /usr/local/etc/library.sh

 # Distro, NCP version and tag
-echo "NextCloudPi version|$( cat /usr/local/etc/ncp-version )"
-[[ -f /usr/local/etc/ncp-baseimage ]] && echo "NextCloudPi image|$( cat /usr/local/etc/ncp-baseimage )"
-echo "OS|$(cat /etc/issue  | sed 's| \\n \\l||'). $(uname -r) ($(uname -m))"
+echo "NextcloudPi version|$( cat /usr/local/etc/ncp-version )"
+[[ -f /usr/local/etc/ncp-baseimage ]] && echo "NextcloudPi image|$( cat /usr/local/etc/ncp-baseimage )"
+echo "OS|$(sed 's| \\n \\l||' /etc/issue). $(uname -r) ($(uname -m))"

 # Data
 DATADIR="$( grep datadirectory /var/www/nextcloud/config/config.php |
@ -31,7 +30,7 @@ echo "USB devices|$USBDEVS"
 echo "datadir|$DATADIR$DIRINFO"
 [[ "$DIRINFO" == "" ]] && {
  echo "data in SD|$( [[ $( stat -fc%d / ) == $( stat -fc%d "$DATADIR" ) ]] && echo yes || echo no )"
-  echo "data filesystem|$( stat -fc%T $DATADIR )"
+  echo "data filesystem|$( stat -fc%T "$DATADIR" )"
  echo "data disk usage|$( df -h "$DATADIR" | tail -1 | awk '{ print $3"/"$2 }')"
 }
 echo "rootfs usage|$( df -h / | tail -1 | awk '{ print $3"/"$2 }')"
@ -66,63 +65,76 @@ echo "Internet check|$( ping -W 2 -w 1 -q github.com &>/dev/null && echo ok || e

 function is_port_open()
 {
-  local port_url tmp_file token ipv4_portcheck_args ipv6_portcheck_args
-  tmp_file=$(mktemp)
-  trap 'rm -rf ${tmp_file}' EXIT ERR SIGINT SIGQUIT SIGABRT SIGTERM SIGHUP
-
-  local port="${1?}"
-  local publicIPv4="${2}"
-  local publicIPv6="${3}"
-
-  readonly port_url="https://portchecker.co"
-
-  if [[ -z "$publicIPv4" ]] && [[ -z "$publicIPv6" ]]
+  # The URL leads to an application I've deployed for NCP on https://fly.io using a Docker container I made.
+  # The image for the container is available on Docker Hub (zendai/checkport:sanic) if you wish to deploy one yourself.
+  # The code for the Sanic server and Docker image is available at: https://github.com/ZendaiOwl/Build/tree/master/Docker/Python/Sanic/checkport
+  # I only have a free tier with limited outbound data per month, 100GB p/month.
+  # If we go over 100GB outbound data in a month, I will start being charged for the data going over that limit.
+  # I used a low level Python socket library & fortunately each request only consumes aprox. ~ 60-74 bytes p/second.
+  # Meaning 100GB should be plenty, it should be enough to handle a little less
+  # than 450 request p/second a month, unless my calculations are wrong.
+  # Thank you :pray: from Victor-ray, S. https://github.com/ZendaiOwl
+  local -r PORTURL="https://checkport.zendai.net.eu.org/check"
+  local TYPE="${1?}" IPType
+  # Checks both port 80 & 443 for IPv4/IPv6 and returns the result or [N/A] [N/A]
+  if ! [[ "$TYPE" =~ ^(0|4|6)$ ]]
  then
-    echo -n "Error - IPv4 & IPv6: [N/A] Couldn't get public IP."
+    echo "Invalid type: $TYPE" 1>&2
    return 1
-  fi
-
-  token=$(wget -T2 -t1 -qO- --keep-session-cookies --save-cookies "${tmp_file}" "${port_url}" | grep -oP "_csrf\" value=\"\K.*\"" )
-  readonly ipv4_portcheck_args=(-T2 -t1 -qO- --load-cookies "${tmp_file}" "${port_url}/check" --post-data "target_ip=${publicIPv4}&port=${port}&_csrf=${token::-1}")
-  readonly ipv6_portcheck_args=(-T2 -t1 -qO- --load-cookies "${tmp_file}" "${port_url}/check" --post-data "target_ip=${publicIPv6}&port=${port}&_csrf=${token::-1}")
-
-  [[ -n "${token}" ]] || {
-    echo -n "Error - Couldn't obtain a token for port check"
-    return 1
-  }
-
-  local ipv4_port_access=False
-  local ipv6_port_access=False
-  [[ -n "$publicIPv4" ]] && \
-    grep -q '<span class="green">open</span>' <(wget "${ipv4_portcheck_args[@]}") && \
-    ipv4_port_access=True
-  [[ -n "$publicIPv6" ]] && \
-    grep -q '<span class="green">open</span>' <(wget "${ipv6_portcheck_args[@]}") && \
-    ipv6_port_access=True
-
-  local result=""
-  if [[ "${ipv4_port_access}" == True ]] || [[ "${ipv6_port_access}" == True ]]
+  elif [[ "$TYPE" == 0 ]]
  then
-    result="open ("
+    # Public IPv4/6 is not available
+    echo -e "[N/A]\n[N/A]"
  else
-    result="closed"
+    IPType="--ipv6"
+    [[ "$TYPE" -eq 6 ]] || IPType="--ipv4"
+    curl --silent --max-time 4 "$IPType" "$PORTURL" | jq -r '."80",."443"'
  fi
-
-  [[ "${ipv4_port_access}" == True ]] && result="${result}ipv4)"
-
-  [[ "${ipv6_port_access}" == True ]] && result="${result/)/ \& }ipv6)"
-
-  echo -n "$result"
-
 }
+publicIPv4=$(curl --silent --max-time 4 --ipv4 "https://ipv4.icanhazip.com" 2>/dev/null) || unset publicIPv4
+echo "Public IPv4|${publicIPv4:-"not found"}"
+publicIPv6=$(curl --silent --max-time 4 --ipv6 "https://ipv6.icanhazip.com" 2>/dev/null) || unset publicIPv6
+echo "Public IPv6|${publicIPv6:-"not found"}"

-publicIPv4=$(curl -s -m4 -4 "https://icanhazip.com" 2>/dev/null) || unset publicIPv4
-echo "public IPv4|${publicIPv4:-"not found"}"
-publicIPv6=$(curl -s -m4 -6 "https://icanhazip.com" 2>/dev/null) || unset publicIPv6
-echo "public IPv6|${publicIPv6:-"not found"}"
+# Reads each line as an array index element to input into IPv4PORTS array
+if [[ -n "$publicIPv4" ]]
+then
+  mapfile -t IPv4PORTS < <(is_port_open 4)
+else
+  mapfile -t IPv4PORTS < <(is_port_open 0)
+fi

-echo "Port check 80|$( is_port_open 80 "$publicIPv4" "$publicIPv6" )"
-echo "Port check 443|$( is_port_open 443 "$publicIPv4" "$publicIPv6" )"
+# Reads each line as an array index element to input into IPv6PORTS array
+if [[ -n "$publicIPv6" ]]
+then
+  mapfile -t IPv6PORTS < <(is_port_open 6)
+else
+  mapfile -t IPv6PORTS < <(is_port_open 0)
+fi
+
+# Checks if Port 80 is open on IPv4 or IPv6
+if [[ "${IPv4PORTS[0]}" == "open" ]] || [[ "${IPv6PORTS[0]}" == "open" ]]
+then
+  PORT80="open"
+elif [[ "${IPv4PORTS[0]}" == "[N/A]" ]] && [[ "${IPv6PORTS[0]}" == "[N/A]" ]]
+then
+  PORT80="[N/A]"
+else
+  PORT80="closed"
+fi
+# Checks if Port 443 is open on IPv4 or IPv6
+if [[ "${IPv4PORTS[1]}" == "open" ]] || [[ "${IPv6PORTS[1]}" == "open" ]]
+then
+  PORT443="open"
+elif [[ "${IPv4PORTS[1]}" == "[N/A]" ]] && [[ "${IPv6PORTS[1]}" == "[N/A]" ]]
+then
+  PORT443="[N/A]"
+else
+  PORT443="closed"
+fi
+
+echo "Port 80|$PORT80"
+echo "Port 443|$PORT443"

 # LAN
 IFACE=$( ip r | grep "default via" | awk '{ print $5 }' | head -1 )
@ -130,14 +142,14 @@ GW=$(    ip r | grep "default via" | awk '{ print $3 }' | head -1 )
 IP="$(get_ip)"

 echo "IP|$IP"
-echo "gateway|$GW"
+echo "Gateway|$GW"
 echo "Interface|$IFACE"

 # Certificates
 CERTS="$( grep "SSLCertificateFile */etc/letsencrypt/live/" /etc/apache2/sites-available/nextcloud.conf \
        | sed 's|.*SSLCertificateFile */etc/letsencrypt/live/||;s|/fullchain.pem||' )"
 [[ "$CERTS" == "" ]] && CERTS=none
-echo "certificates|$CERTS"
+echo "Certificates|$CERTS"

 RESOLV="$( ping -c1 -w1 "$CERTS" 2>/dev/null | head -1 | grep -oP '\d{1,3}(.\d{1,3}){3}' )"
 echo "NAT loopback|$( [[ "$RESOLV" == "$IP" ]] && echo yes || echo no )"
--- a/bin/ncp-report
+++ b/bin/ncp-report
@ -38,8 +38,8 @@ echo "<--! Paste this in GitHub report -->"

 ##

-open_summary "NextCloudPi diagnostics"
-bash /usr/local/bin/ncp-diag | sed -r 's=(IP|certificates|gateway).*=\1|***REMOVED SENSITIVE VALUE***=g' | column  -t -s'|'
+open_summary "NextcloudPi diagnostics"
+bash /usr/local/bin/ncp-diag | sed -r 's=(IP|Certificates|Gateway|Public IPv4|Public IPv6).*=\1|***REMOVED SENSITIVE VALUE***=g' | column  -t -s'|'
 close_summary

 ##
--- a/bin/ncp-suggestions
+++ b/bin/ncp-suggestions
@ -23,10 +23,10 @@ is_active_app dnsmasq && \
  grep -q "NAT loopback|no" <<<"$OUT" && \
    echo -e "\nYou should enable dnsmasq to use your domain inside home"

-grep -q "certificates|none" <<<"$OUT" && \
+grep -q "Certificates|none" <<<"$OUT" && \
  echo -e "\nYou should run Lets Encrypt for trusted encrypted access"

-grep -q "port check .*|closed" <<<"$OUT" && \
+grep -q "Port .*|closed" <<<"$OUT" && \
    echo -e "\nYou should open your ports for Lets Encrypt and external access"

 grep -q "USB devices|none" <<<"$OUT" || {
--- a/ncp-web/wizard/index.php
+++ b/ncp-web/wizard/index.php
@ -1,6 +1,6 @@
 <?php 
 /*
- NextCloudPi Wizard
+ NextcloudPi Wizard

 Copyleft 2017 by Pantelis Sarantos and Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
 GPL licensed (see end of file) * Use at your own risk!
@ -27,7 +27,7 @@
 <!DOCTYPE html>
 <html>
 	<head>
-		<title>NextCloudPi Wizard</title>
+		<title>NextcloudPi Wizard</title>
 		<meta charset="utf-8">
 		<meta name="viewport" content="width=device-width, initial-scale=1.0">
 		<!-- Bootstrap -->
@ -57,7 +57,7 @@ HTML
 		<!-- Tab 1 content - Welcome -->
 		<div class="tab-pane" id="tab1">
 			<div class="ncp-tab-pane">
-				<h1>Welcome to NextCloudPi</h1>
+				<h1>Welcome to NextcloudPi</h1>
                <img id="ncp-welcome-logo" src="img/ncp-logo.svg">
 				<p>This wizard will help you configure your personal cloud.</p>
 			</div>
@ -81,7 +81,7 @@ HTML
 				<!-- Format USB drive -->
 				<div class="ncp-hidden" id="format-usb">
 					<p class="instructions">
-						If you want to prepare the USB drive to be used with NextCloudPi hit Format USB. Skip if already formated as ext4 or BTRFS.
+						If you want to prepare the USB drive to be used with NextcloudPi hit Format USB. Skip if already formated as ext4 or BTRFS.
 						<br>	
 						<strong>Attention!</strong> This will format your USB drive as BTRFS and <strong>will destroy any current data.</strong> 
 					</p>
@ -111,7 +111,7 @@ HTML
                    <h3>Port forwarding</h3>
                    <p class="instructions">
                        To access from the outside, your need to forward ports 80 and 443 to your RPi IP address <br>
-                        You can have NextCloudPi try to do this automatically for you<br>
+                        You can have NextcloudPi try to do this automatically for you<br>
                        To do it manually yourself, you must access your router interface, usually at <a href="http://192.168.1.1" target="_blank">http://192.168.1.1</a><br>
                    </p>
                    <div class="buttons-area">
@ -200,7 +200,7 @@ HTML
          <!-- Tab 4 content - Finish -->
          <div class="tab-pane" id="tab4">
              <div class="ncp-tab-pane">
-                  <p class="instructions"> NextCloudPi is ready!</p>
+                  <p class="instructions"> NextcloudPi is ready!</p>

                  <div class="linkbox">
                    <a id='gotonextcloud' href="#"><img id="nextcloud" src="img/nc-logo.png"></a>
@ -208,7 +208,7 @@ HTML
                  </div>
                  <div class="linkbox">
                    <a href=".."><img id="ncp-web" src="img/ncp-logo.svg"></a>
-                    <br>go back to NextCloudPi web panel
+                    <br>go back to NextcloudPi web panel
                  </div>

              </div>