DEV Community: Hasan Behbahani

Simple XDP Firewall with Golang

Hasan Behbahani — Thu, 01 Dec 2022 23:36:45 +0000

For almost 20+ years, the traditional security features of a Linux system were centered around iptables, which has been the de facto packet filtering mechanism in the Linux kernel.
However, the increase in network speed and the transformation of the type of applications running in a Linux server has led to the consciousness that the current implementation may not be able to cope with the modern requirements, particularly in terms of scalability.
That's where XDP & eBPF come in.

So what is XDP?

XDP is a part of the upstream Linux kernel, and enables users to inject packet processing programs into the kernel, that will be executed for each arriving packet, before the kernel does any other processing on the data.

Writing the Code

So, enough nerd-talk about the technology, how do we use it?

To demonstrate, we'll be writing a simple firewall that'll drop incoming packets based on their IP address using XDP.
The program is going to consist of 2 parts:

The Kernel Space Code
The User Space Code

The Kernel side is written in C or Rust (We'll be using C), and is compiled into the eBPF byte code format that is verified and JIT-compiled in the kernel.
I'll be writing the XDP application with a User-Space controller written in Go.
I should mention that writing complex eBPF programs requires much more context than what we'll be doing today. There is a lot to know about eBPF and XDP. We will barely scratch the surface.
All the code for this project can be found in here.

First, let's discuss the kernel side of things.

Kernel Space Code

As discussed earlier, we are a bit restricted in the language we use in here. Possible languages that can be used are Rust and C.
We'll be using C because there's a C program out there for almost every standard use-case scenario for us to grab and use, except if what we're trying to do is very specific to our usecase. (Cloudflare's L4 DDos Mitigation platform showcases this very well)
Our kernel-space program is gonna consist of one function called firewall and one map called blacklist.
We already know what a function is, but what is a map and why do we need it?

Maps are a “generic data structure for storage of different types of data” and can be used to share data between eBPF programs as well as between kernel and userspace. The key and value of a map can be of arbitrary size as defined when creating the map. The user also defines the maximum number of entries with max_entries.

The blacklist is gonna store all IP addresses that need to be dropped, and the firewall function will check each packet and see if the source IP of that packet matches any of the IP addresses stored in the blacklist map.
We'll be using the following XDP actions:

XDP_PASS if the IP address matches none of the IP addreses in the blacklist map.
XDP_DROP if it does match an IP address in the map.
XDP_ABORTED if the ipv4 header or ethernet header of the packet is malformed.

First, let's take a look at the defintion of the blacklist map:

BPF_MAP_DEF(blacklist) = {
    .map_type = BPF_MAP_TYPE_LPM_TRIE,
    .key_size = sizeof(__u64),
    .value_size = sizeof(__u32),
    .max_entries = 16,
};
BPF_MAP_ADD(blacklist);

The defintion is quite simple.

we'll first define the type of the map.
Here's the list of types of maps, found in the bpf_helpers.h header file:

enum bpf_map_type {
  BPF_MAP_TYPE_UNSPEC = 0,
  BPF_MAP_TYPE_HASH,
  BPF_MAP_TYPE_ARRAY,
  BPF_MAP_TYPE_PROG_ARRAY,
  BPF_MAP_TYPE_PERF_EVENT_ARRAY,
  BPF_MAP_TYPE_PERCPU_HASH,
  BPF_MAP_TYPE_PERCPU_ARRAY,
  BPF_MAP_TYPE_STACK_TRACE,
  BPF_MAP_TYPE_CGROUP_ARRAY,
  BPF_MAP_TYPE_LRU_HASH,
  BPF_MAP_TYPE_LRU_PERCPU_HASH,
  BPF_MAP_TYPE_LPM_TRIE,
  BPF_MAP_TYPE_ARRAY_OF_MAPS,
  BPF_MAP_TYPE_HASH_OF_MAPS,
  BPF_MAP_TYPE_DEVMAP,
  BPF_MAP_TYPE_SOCKMAP,
  BPF_MAP_TYPE_CPUMAP,
  BPF_MAP_TYPE_XSKMAP,
  BPF_MAP_TYPE_SOCKHASH,
  BPF_MAP_TYPE_CGROUP_STORAGE,
  BPF_MAP_TYPE_REUSEPORT_SOCKARRAY,
  BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE,
  BPF_MAP_TYPE_QUEUE,
  BPF_MAP_TYPE_STACK,
  BPF_MAP_TYPE_SK_STORAGE,
};

Then we'll define the .key_size, .value_size and .max_entries.

Now, take a look at the firewall function.
Before we define the function, we need to define 2 structs:

ethhdr Ethernet header
iphdr IPv4 header

// Ethernet header
struct ethhdr {
  __u8 h_dest[6];
  __u8 h_source[6];
  __u16 h_proto;
} __attribute__((packed));

// IPv4 header
struct iphdr {
  __u8 ihl : 4;
  __u8 version : 4;
  __u8 tos;
  __u16 tot_len;
  __u16 id;
  __u16 frag_off;
  __u8 ttl;
  __u8 protocol;
  __u16 check;
  __u32 saddr;
  __u32 daddr;
} __attribute__((packed));

We're going to need to define these structs so we analyze the received packets. All of this logic happens in the firewall function.
Let's take a look at the defintion of the function:

SEC("xdp")
int firewall(struct xdp_md *ctx) {
  void *data_end = (void *)(long)ctx->data_end;
  void *data = (void *)(long)ctx->data;

  struct ethhdr *ether = data;

  // Check if the Ethernet header is malformed
  if (data + sizeof(*ether) > data_end) {
    return XDP_ABORTED;
  }

  if (ether->h_proto != 0x08U) {  // htons(ETH_P_IP) -> 0x08U
    // If not IPv4 Traffic, pass the packet
    return XDP_PASS;
  }

  data += sizeof(*ether);
  struct iphdr *ip = data;

  // Check if the IPv4 header is malformed
  if (data + sizeof(*ip) > data_end) {
    return XDP_ABORTED;
  }

  struct {
    __u32 prefixlen;
    __u32 saddr;
  } key;

  key.prefixlen = 32;
  key.saddr = ip->saddr;

  // Lookup the IP Address in the blacklsit map
  // we defined earlier.
  // If the source IP matches the IP in the blacklist map
  // We drop the packet!!
  __u64 *rule_idx = bpf_map_lookup_elem(&blacklist, &key);
  if (rule_idx) {
    __u32 index = *(__u32*)rule_idx;  // make verifier happy
    return XDP_DROP;
  }

  return XDP_PASS;
}

Do not be intimidated!
C code can be intimidating, but taking a closer look at the code we can see what the function is trying to accomplish.

I should mention that this XDP program only supports ipv4 packets, so any other type of traffic (ipv6 included ) will be passed with XDP_PASS.

We're almost finished with the Kernel-Space side.
We just need to compile our code eBPF byte code.
But before we do that, we need to include the bpf_helpers.h header file at the start of C file:

#include "bpf_helpers.h"

This is not the same bpf_helpers.h header file in the bcc github repo. You can find the header file in here.
Either download it and place it in your project, or clone the repo and compile.
We'll be using Clang to compile our code to eBPF byte code.
Install it, and run the following command:

$ clang -I ../headers -O -target bpf -c xdp.c -o xdp.elf

the -I points to the directory where we downloaded the bpf_helpers.h file from earlier, so mind that. xdp.c is the file name of our C source code, and the output will be in the ELF format, that's what our User Space code will load into the kernel.
We can use the readelf command to verify the file:

$ readelf -a xdp.elf 
...

Symbol table '.symtab' contains 5 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS xdp.c
     2: 0000000000000130     0 NOTYPE  LOCAL  DEFAULT    3 LBB0_5
     3: 0000000000000000   312 FUNC    GLOBAL DEFAULT    3 firewall
     4: 0000000000000000    40 OBJECT  GLOBAL DEFAULT    5 blacklist

If you're having issues compiling, check out the source code and check if there's anything missing, or comment down below.

Let's place these 2 files inside a directory called bpf and move on to the exciting part of the tutorial!

User Space Code

Now comes the exciting (and less frusterating) part of our program!! Writing Go code.

Before we dive in, let's first take a look at all the eBPF/Go libraries provided for us by the lovely open-source community around the world.

Here's a list of the most popular Go eBPF libraires:

ebpf-go by Cilium which is a pure-Go library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel.
gobpf by iovisor which provides go bindings for the bcc framework as well as low-level routines to load and use eBPF programs from .elf files.
libbpfgo by aquasecurity which is built around libbpf - the standard library for interacting with eBPF programs
goebpf by Dropbox - A nice and convenient way to work with eBPF programs / perf events from Go.

I've decided to use goebpf, the one from Dropbox in this tutorial, mainly because of it's simplicity and it's easy beginner-friendly approach to eBPF.

Let's install the goebpf library by Dropbox:

go get github.com/dropbox/goebpf

Now that we have that out of the way, create a file called main.go and let's start coding!

Note: make sure the main.go file and the rest of C and ELF files are not in the same directory as that can cause errors and warnings, place the main.go file next to the bpf directory we made earlier.
So the directory hierarchy will look something similar to this:

.
├── bpf
│   ├── xdp.c
│   └── xdp.elf
├── go.mod
├── go.sum
├── headers
│   └── bpf_helpers.h
└── main.go

Let's first define two variables, the interface we'll attach our XDP program to and a slice containing the IP addresses and their subnet.

package main

import (
    "fmt"
    "log"
    "os"
    "os/signal"

    "github.com/dropbox/goebpf"
)

func main() {

    // Specify Interface Name
    interfaceName := "lo"
    // IP BlockList
    // Add the IPs you want to be blocked
    ipList := []string{
        "8.8.8.8",
    }

...

For my example, I'm going to attach my XDP program to my system's loopback device, and I'm gonna drop any packet coming from the source IP address 8.8.8.8.
Now let's load our XDP program:

// Load XDP Into App
    bpf := goebpf.NewDefaultEbpfSystem()
        // According to our directory hierarchy,
        // The xdp.elf file is placed in the bpf directory 
        // next to the main.go file
    err := bpf.LoadElf("bpf/xdp.elf")
    if err != nil {
        log.Fatalf("LoadELF() failed: %s", err)
    }

        // Load blacklist map
    blacklist := bpf.GetMapByName("blacklist")
    if blacklist == nil {
        log.Fatalf("eBPF map 'blacklist' not found\n")
    }

        // Load firewall function
    xdp := bpf.GetProgramByName("firewall")
    if xdp == nil {
        log.Fatalln("Program 'firewall' not found in Program")
    }
    err = xdp.Load()
    if err != nil {
        fmt.Printf("xdp.Attach(): %v", err)
    }

        // attach the program to the interface
        // in this case, the lo interface
    err = xdp.Attach(interfaceName)
    if err != nil {
        log.Fatalf("Error attaching to Interface: %s", err)
    }

The code is pretty self explanatory.
We load the eBPF ELF file from the bpf directory. We then load and assign the blacklist map & the firewall function to the variables blacklist & firewall respectivly, and finally we attach the program to the interface, in this case the loopback interface (lo).

We just need to create a function that takes the IP addresses in ipList and adds them to the blacklist map. The rest is handled in the C code we wrote earlier.
Here's the function:

func BlockIPAddress(ipAddreses []string, blacklist goebpf.Map) error {
    for index, ip := range ipAddreses {
        fmt.Printf("\t%s\n", ip)
        err := blacklist.Insert(goebpf.CreateLPMtrieKey(ip), index)
        if err != nil {
            return err
        }
    }
    return nil
}

Pretty simple isn't it.
Now we can use this function after attaching our program to the interface:

    ....
    err = xdp.Attach(interfaceName)
    if err != nil {
        log.Fatalf("Error attaching to Interface: %s", err)
    }

    BlockIPAddress(ipList, blacklist)

    defer xdp.Detach()

We're pretty much done. The only thing missing is that if we build and run our program it'll exit immediately, and with it the XDP program will be detached( see defer xdp.Detach ).
We don't want that, we want the program running until we interrupt it. We'll use channels for that.
Here's the final Go code:

package main

import (
    "fmt"
    "log"
    "os"
    "os/signal"

    "github.com/dropbox/goebpf"
)

func main() {

    // Specify Interface Name
    interfaceName := "lo"
    // IP BlockList
    // Add the IPs you want to be blocked
    ipList := []string{
        "8.8.8.8",
    }

    // Load XDP Into App
    bpf := goebpf.NewDefaultEbpfSystem()
    err := bpf.LoadElf("bpf/xdp.elf")
    if err != nil {
        log.Fatalf("LoadELF() failed: %s", err)
    }
    blacklist := bpf.GetMapByName("blacklist")
    if blacklist == nil {
        log.Fatalf("eBPF map 'blacklist' not found\n")
    }
    xdp := bpf.GetProgramByName("firewall")
    if xdp == nil {
        log.Fatalln("Program 'firewall' not found in Program")
    }
    err = xdp.Load()
    if err != nil {
        fmt.Printf("xdp.Attach(): %v", err)
    }
    err = xdp.Attach(interfaceName)
    if err != nil {
        log.Fatalf("Error attaching to Interface: %s", err)
    }

    BlockIPAddress(ipList, blacklist)

    defer xdp.Detach()
    ctrlC := make(chan os.Signal, 1)
    signal.Notify(ctrlC, os.Interrupt)
    log.Println("XDP Program Loaded successfuly into the Kernel.")
    log.Println("Press CTRL+C to stop.")
    <-ctrlC

}

// The Function That adds the IPs to the blacklist map
func BlockIPAddress(ipAddreses []string, blacklist goebpf.Map) error {
    for index, ip := range ipAddreses {
        err := blacklist.Insert(goebpf.CreateLPMtrieKey(ip), index)
        if err != nil {
            return err
        }
    }
    return nil
}

Build and run the Go code with sudo:

$ go build
$ sudo ./xdp-firewall
2022/12/02 02:36:46 XDP Program Loaded successfuly into the Kernel.
2022/12/02 02:36:46 Press CTRL+C to stop.

Now while the program is running, open another terminal and run the following command:

$ ip link list dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 xdpgeneric qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    prog/xdp id 173

We can see the XDP program with an id of 173 is now attached.
If we go back to the last terminal and exit the program, and run the command again:

$ ip link list dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

The XDP program has disappeared from the lo interface.

And this is pretty much it!
If you'd like to read more on this topic, I'll add a few links below for you to check out.

Brandan Gregg's Blog (One of the pioneers of the eBPF/XDP space)
https://github.com/dropbox/goebpf
https://github.com/cilium/ebpf
https://docs.cilium.io/en/v1.12/bpf.html
https://ebpf.io/
Repo for this project

Creating a GIF sending Discord bot with Golang

Hasan Behbahani — Wed, 23 Mar 2022 20:54:33 +0000

Discord has been used by almost every gamer, and nowadays, it's made its way into the lives of programmers.
I myself got into Discord in late 2017, and ever since then, I found myself more drawn to using this social media service than any other app out there.
In any case, anyone who has ever used Discord knows that bots play a huge role. These bots are AI-powered tools that can perform many actions, from community engagement to content moderating, to even streaming music from YouTube & Spotify.
In this article, we are going to be making a simple Discord Bot with Golang that you can add to your server. What will this Bot be doing, you might ask? Well, you can search GIFs by keywords, and you can share them with your buddies on your favorite server!

anyway, let's get started!

Github Repo For this Project

First things first, you need to let Discord know that you're not just some average Discord user, but that you're a developer! So you need to enable developer mode in your Discord account. Go to your Discord application, go to Settings button. Then, click on Advanced and then enable Developer Mode:

Head off to the Discord Developer Portal & create a new application. We'll name this one "Giffie" because it's about GIFs, and we want to be creative.
From there, head to the Bot tab and create a new bot and also give it the username "Giffie".
Finally, if we want to add this bot to our server, go to the oAuth2 tab, select URL generator, under scopes check bot and visit the generated URL on the bottom of the page:

You'll see the usual screen for adding custom bots to Discord servers. Select your server and you should see it on your server under offline users! See how easy that was. pretty cool right:

Now comes the exciting part. Coding our bot! so grab a coffee and make yourself comfortable.

First, through the command-line, let's create our Go project:



$ mkdir giffie-bot 
$ cd giffie-bot
$ go mod init giffie

The commands above will create a giffie-bot directory and a go.mod file, which'll look something like this:



module giffie

go 1.17

There are several libraries out there to hit Discord’s API, each with its own traits and capabilities, but ultimately they all achieve the same thing. Since we are using Go, we'll use bwmarrin's DiscordGo library.

According to this repo's readme:

DiscordGo is a Go package that provides low level bindings to the Discord chat client API. DiscordGo has nearly complete support for all of the Discord API endpoints, websocket interface, and voice interface.

This library has more than what we need.
before we go any further, what does our bot do?

Users will type a prefix followed by a keyword. (i.e !search <keyword> or =search <keyword>)
Our bot will go ahead and search for a Gif related to that keyword and show that to the user and everyone to see in the server.

The end results will look something like this:

So let's first install our needed libraries. Run the commands below:



$ go get -u github.com/bwmarrin/discordgo
$ go get -u github.com/joho/godotenv

The second line installs the library needed for using .env files, so we can safely & securely use tokens or keys without hard-coding it in our code. we'll talk about its use-case later.

Let's write our first lines of code! Create a main.go file in the giffie-bot directory right next to the go.mod file. We then initialize the package, called main, and all dependencies/libraries we need to import and use in our main file:



package main

import (
    "encoding/json"
    "flag"
    "fmt"
    "io/ioutil"
    "net/http"
    "os"
    "os/signal"
    "strings"
    "syscall"

    "github.com/bwmarrin/discordgo"
    "github.com/joho/godotenv"
)

next, we'll initialize our main function, which'll create a Discord session, registers our handlers and runs our Bot.

Before we write our main function, we'll need our Discord bot token. To get that, head over back to Discord Developer Portal, click on your application, then on the left panel, click on Bot and the Reset Token button.( remember that if you forget or lose access to your token, you'll need to regenerate a new one. so be careful as much as you can)
After getting your token, create a .env file right next to main.go, so we can handle our environment variables.
That's where we'll be using the Godotenv library, which'll help us load environment variables.
your .env file should look something similar to this:



DISCORD_TOKEN=< your discord token >

So let's write our main function:



func main() {
    // 1
    err := godotenv.Load(".env")
    Token := os.Getenv("DISCORD_TOKEN")
    if err != nil {
        log.Fatal(err)
    }

    // 2
    dg, err := discordgo.New("Bot " + Token)
    if err != nil {
        fmt.Println("Error creating a discord Session, ", err)
    }

    // 3
    dg.AddHandler(ready)
    dg.AddHandler(messageCreate)

    // 4
    err = dg.Open()
    if err != nil {
        fmt.Println("Error opening Discord Session, ", err)
    }
    fmt.Println("The bot is now running. Press CTRL-C to exit.")

    // 5
    sc := make(chan os.Signal, 1)
    signal.Notify(sc, syscall.SIGINT, syscall.SIGTERM, os.Interrupt, os.Kill)
    <-sc
}

That's a lot of code. But I'll try and explain the important lines.

We first load our .env file with the godotenv.Load() function, and pass in our file's name as its argument. After loading the file, we'll use the built-in os Go package to use our environment variable called DISCORD_TOKEN and assign it to the variable Token.
We then create a new Discord session using the provided bot token from the last step.
We register the ready & messageCreate as callbacks for Event & MessageCreate events. Furthermore, We'll declare those functions later.
Open a websocket connection to Discord and begin listening.
Wait here until CTRL-C or other term signal is received.

Pretty basic stuff, right?
Now let's write our handlers.

Our first handler, the ready function, is a simple one. It'll update the status of our bot.
The declaration of the function is as simple as it gets:



func ready(s *discordgo.Session, event *discordgo.Event) {
    s.UpdateGameStatus(0, "!search < keyword >")
}

the UpdateGameStatus() function(as the name suggests), will update the status of the bot. To see this in action, comment out the dg.addHandler(messageCreate) line in your main function, and let's start our bot!
Run the below commands in the giffie-bot directory:



$ go build 
$ ./giffie

Pretty straightforward stuff. This'll build our project and run the generated binary file.
Let's go back to our Discord server and check the right panel:

Well, what do you know? The bot is now online! With the status that we provided in our UpdateGameStatus() function!

But the bot is not going to do anything. We want it to listen to messages sent by users, and trigger a command every time a user types !search followed by a keyword.

Uncomment the dg.addHandler(messageCreate) line in our main function and let's create the messageCreate handler.

But before we do that, let me explain how are we going to search for a specific GIF based on a keyword.
We're going to be using an API. More specifically, an API that'll help us find a GIF based on a word.
There are many GIF websites out there that offer a free API services, most notably Giphy & Tenor.
We're going to be using Giphy, but if you prefer the Tenor API or any other service, feel free to use them, but we're going to stick to the Giphy API for this tutorial.
To read more on the Giphy & Tenor APIs, check out the below links:

So in order to use the Giphy API, we'll need a token.
Head over to Giphy and create an account if you don't already have one, and login.
On the developer dashboard, which'll look something like this:

Go ahead and click on the Create an App button, click on Next Step, and you'll be presented with a form. Fill it in and you'll be presented with your API Key:

Go back to your .env file and add this line:



GIPHY_TOKEN=< your Giphy key >

You'll now have access to your Giphey API using the os.Getenv() function.
Now how are we gonna be able to search for a GIF?
After searching in the Giphy docs, I came across this endpoint:



api.giphy.com/v1/gifs/random

We'll use this endpoint to get our desired Gifs link!
But in order to use this endpoint, we need to provide it with a Required request parameter, the api_key and a tag, which is our keyword.
Before writing the code, let's use cURL to see what we get when we use this endpoint.
Run the below command:



curl -X GET  "https://api.giphy.com/v1/gifs/random?api_key=<Giphy API KEY>&tag=<Keyword>"

If the request was a success, you'll receive a huge and complex JSON response.
We have to turn that JSON into a Golang Struct, so our code can understand our response.
We'll use JSON-to-Go.
Copy and paste the JSON response in there, and you'll be presented with a neat but huge Golang struct.
But don't worry about it, just copy the Struct and paste it in your code, right before the main function, and rename it to GifSearch.
That's a lot of work for just sending a GET request and deconstructing the JSON response. But believe me, you'll realize how it'll make your life easier in the future.

Now, back to our code.
In Go, we'll use the http built-in library for adding headers to our URL endpoint.(you can see that in Go, we don't need to install 3rd party packages because most of the useful stuff are built-in).
So let's write the messageCreate function:



func messageCreate(s *discordgo.Session, message *discordgo.MessageCreate) {
    // 1
    err := godotenv.Load(".env")
    giphyToken := os.Getenv("GIPHY_TOKEN")
    if err != nil {
        log.Fatal(err)
    }
    // 2
    if message.Author.ID == s.State.User.ID {
        return
    }
    // 3
    command := strings.Split(message.Content, " ")
    // 4
    if command[0] == "!search" && len(command) > 1 {
        url := "https://api.giphy.com/v1/gifs/random"
        var result GifSearch
        // 5
        gifKeyword := strings.Join(command[1:], " ")

        // 6
        req, err := http.NewRequest("GET", url, nil)
        if err != nil {
            fmt.Println("Error in making a new Request", err)
        }
        query := req.URL.Query()
        query.Add("api_key", giphyToken)
        query.Add("tag", gifKeyword)
        req.URL.RawQuery = query.Encode()
        client := http.Client{}
        res, err := client.Do(req)
        if err != nil {
            fmt.Println("Error in getting a response, ", err)
        }
        body, _ := ioutil.ReadAll(res.Body)
        if err := json.Unmarshal(body, &result); err != nil {
            fmt.Println("Can not unmarshall JSON", err)
        }
        // 7
        s.ChannelMessageSend(message.ChannelID, result.Data.EmbedUrl)
        res.Body.Close()
    }
}

As you can see, most of the heavy work is done in this handler.
So let's go through the code step-by-step:

We'll first load the GIPHY_TOKEN environment variable from the .env file, just like we did last time, and assign it to the variable giphyToken.
this if statement is just to check if the messages sent, are by a user or by the Bot itself. if they indeed were sent by the Bot, just return.
This is Golang Data structure 101. Splits the message sent from a string into a slice separated by a whitespace. More in here
this if statement will check if the first element of the slice is the string !search and if the length of the slice is more than one, so it at least contains a keyword, not just a prefix.
concatenates the the rest of the elements into a single string, and assigning it to the variable gifKeyword.
This is where the heavy-lifting is happening. It's kinda confusing & the syntax may be a bit hard, but it's kinda easy. We just create a new GET request with the http.NewRequest() function and add our Request Parameters, with req.URL.Query(). Create a client, and send the request with Client.Do(req), then receive and read the response with ioutil.ReadAll(res.Body) and unmarshal the JSON we got from the response according to the Struct we defined earlier. You may wanna read this again to understand the full functionality of this block of code.
As a final step, we'll just send the URL we got from the response to our server, using the s.ChannelMessageSend() function.

that's it!
That took a lot more effort than it should've, but the end result is worth it.
Build your project like we did last time, and run your code.
Go back to your server and in the text-box, type !search followed by anything you want. You'll see that the Bot will respond with a GIF!

Conclusion:

There's way more amazing things you can do with a Discord bot! Even ones that uses databases and so on.
The Github repo for this tutorial can be found here.
Fore more resources, I'll leave a few links at the end of the post. be sure to check them out.

Thanks for reading. I hope this has been a helpful introduction on how to make a simple yet useful Discord bot. If it was helpful, do leave a comment or share this article around for more reach.

Resources:

https://github.com/bwmarrin/discordgo
https://github.com/joho/godotenv
https://developers.giphy.com/docs/api/endpoint
https://pkg.go.dev/strings
https://mholt.github.io/json-to-go/