Merge branch 'fix/30472'

README.md

@@ -4,8 +4,10 @@ publicly reachable.
 
 ## Command line arguments arguments
 The tool takes as input two command line arguments: a path to a certificate
-file and a path to its key file, both in PEM format.  We use these files to run
-the HTTPS server.
+file (specified by the argument `-cert-file`) and a path to its key file
+(specified by the argument `-key-file`), both in PEM format.  We use these
+files to run the HTTPS server. An optional third argument (`-addr`) can be used
+to specify the address and port to listen on.
 
 ## Scanning method
 We try to establish a TCP connection with the given IP address and port using

handlers.go

@@ -8,6 +8,10 @@ import (
 	"time"
 )
 
+// timeout specifies the number of seconds we're willing to wait until we
+// decide that the given destination is offline.
+const timeout time.Duration = 3 * time.Second
+
 // limiter implements a rate limiter.  We allow 1 request per second on average
 // with bursts of up to 5 requests per second.
 var limiter = rate.NewLimiter(1, 5)
@@ -38,10 +42,6 @@ func ScanDestination(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// The number of seconds we're willing to wait until we decide that the
-	// given destination is offline.
-	timeout, _ := time.ParseDuration("3s")
-
 	r.ParseForm()
 	// These variables will be "" if they're not set.
 	address := r.Form.Get("address")
@@ -56,7 +56,7 @@ func ScanDestination(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	portReachable, err := IsTCPPortReachable(address, port, timeout)
+	portReachable, err := IsTCPPortReachable(address, port)
 	if portReachable {
 		SendResponse(w, SuccessPage)
 	} else {
@@ -67,7 +67,7 @@ func ScanDestination(w http.ResponseWriter, r *http.Request) {
 // IsTCPPortReachable returns `true' if it can establish a TCP connection with
 // the given IP address and port.  If not, it returns `false' and the
 // respective error, as reported by `net.DialTimeout'.
-func IsTCPPortReachable(addr, port string, timeout time.Duration) (bool, error) {
+func IsTCPPortReachable(addr, port string) (bool, error) {
 
 	conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%s", addr, port), timeout)
 	if err != nil {

main.go

 package main
 
 import (
-	"fmt"
+	"flag"
+	"io"
 	"log"
 	"net/http"
 	"os"
 	"time"
 
+	"git.torproject.org/pluggable-transports/snowflake.git/common/safelog"
 	"github.com/gorilla/mux"
 )
 
@@ -76,13 +78,27 @@ func Logger(inner http.Handler, name string) http.Handler {
 // main is the entry point of this tool.
 func main() {
 
-	if len(os.Args) != 3 {
-		fmt.Printf("Usage: %s CERT_FILE KEY_FILE\n", os.Args[0])
-		os.Exit(1)
+	var certFile string
+	var keyFile string
+	var addr string
+
+	flag.StringVar(&certFile, "cert-file", "", "Path to the certificate to use, in .pem format.")
+	flag.StringVar(&keyFile, "key-file", "", "Path to the certificate's private key, in .pem format.")
+	flag.StringVar(&addr, "addr", ":443", "Address to listen on.")
+	flag.Parse()
+
+	var logOutput io.Writer = os.Stderr
+	// We want to send the log output through our scrubber first
+	log.SetOutput(&safelog.LogScrubber{Output: logOutput})
+	log.SetFlags(log.LstdFlags | log.LUTC)
+
+	if certFile == "" {
+		log.Fatalf("The -cert-file argument is required.")
+	}
+	if keyFile == "" {
+		log.Fatalf("The -key-file argument is required.")
 	}
-	certFile := os.Args[1]
-	keyFile := os.Args[2]
 
 	router := NewRouter()
-	log.Fatal(http.ListenAndServeTLS(":8080", certFile, keyFile, router))
+	log.Fatal(http.ListenAndServeTLS(addr, certFile, keyFile, router))
 }