jarno
/
hydroxide-push
1
0
Fork 0
Code Issues Pull Requests Wiki Activity

HTTP Basic authentication for push endpoint 

- Option to input HTTP basic auth username and password when running
  setup-ntfy
- Username and password are stored in notify.json, password is
  base64-encoded
This commit is contained in:
Jarno Rankinen 2024-07-01 10:05:54 +03:00
parent 544eb93e05
commit 54e545a1b5
1 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
ntfy/ntfy.go
View File

@ -23,6 +23,8 @@ type NtfyConfig struct {
URL string `json:"url"` URL string `json:"url"`
Topic string `json:"topic"` Topic string `json:"topic"`
BridgePw string `json:"bridgePw"` BridgePw string `json:"bridgePw"`
User string `json:"user"`
Password string `json:"password"`
} }
func (cfg *NtfyConfig) Init() { func (cfg *NtfyConfig) Init() {
@ -63,10 +65,18 @@ func ntfyConfigFile() (string, error) {
func Notify() { func Notify() {
cfg := NtfyConfig{} cfg := NtfyConfig{}
if err := cfg.Read(); err != nil { if err := cfg.Read(); err != nil {
log.Printf("error reading configuration: %v", err) log.Printf("error reading configuration: %v\n", err)
return return
} }
req, _ := http.NewRequest("POST", cfg.URI(), strings.NewReader("New message received")) req, _ := http.NewRequest("POST", cfg.URI(), strings.NewReader("New message received"))
if cfg.User != "" && cfg.Password != "" {
pw, err := base64.StdEncoding.DecodeString(cfg.Password)
if err != nil {
log.Printf("Error decoding push endpoint password: %v\n", err)
return
}
req.SetBasicAuth(cfg.User, string(pw))
}
req.Header.Set("Title", "ProtonMail") req.Header.Set("Title", "ProtonMail")
req.Header.Set("Click", "dismiss") req.Header.Set("Click", "dismiss")
req.Header.Set("Tags", "envelope") req.Header.Set("Tags", "envelope")
@ -154,6 +164,13 @@ func (cfg *NtfyConfig) Setup() {
cfg.URL = os.Getenv("PUSH_URL") cfg.URL = os.Getenv("PUSH_URL")
cfg.Topic = os.Getenv("PUSH_TOPIC") cfg.Topic = os.Getenv("PUSH_TOPIC")
log.Printf("Current push endpoint: %s\n", cfg.URI()) log.Printf("Current push endpoint: %s\n", cfg.URI())
if os.Getenv("PUSH_USER") != "" && os.Getenv("PUSH_PASSWORD") != "" {
cfg.User = os.Getenv("PUSH_USER")
cfg.Password = base64.StdEncoding.EncodeToString([]byte(os.Getenv("PUSH_PASSWORD")))
log.Println("Authentication for push endpoint configured using environment")
} else {
log.Println("Both PUSH_USER and PUSH_PASSWORD not set, assuming no authentication is necessary.")
}
err := cfg.Save() err := cfg.Save()
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
@ -166,6 +183,9 @@ func (cfg *NtfyConfig) Setup() {
fmt.Printf("Current push endpoint: %s\n", cfg.URI()) fmt.Printf("Current push endpoint: %s\n", cfg.URI())
n = "new " n = "new "
} }
if cfg.User != "" && cfg.Password != "" {
fmt.Println("Push is currently configured for basic auth. You'll need to input credentials again")
}
// Read push base URL // Read push base URL
notValid := true notValid := true
@ -192,6 +212,24 @@ func (cfg *NtfyConfig) Setup() {
cfg.Topic = scanner.Text() cfg.Topic = scanner.Text()
} }
fmt.Printf("Using URL %s\n", cfg.URI()) fmt.Printf("Using URL %s\n", cfg.URI())
// Configure HTTP Basic Auth for push
// This needs to be input each time the auth flow is done,
// existing values are reset
cfg.User = ""
cfg.Password = ""
scanner = bufio.NewScanner(os.Stdin)
fmt.Printf("Input username for push endpoint: ")
scanner.Scan()
if len(scanner.Text()) > 0 {
cfg.User = scanner.Text()
}
scanner = bufio.NewScanner(os.Stdin)
fmt.Printf("Input password for push endpoint: ")
scanner.Scan()
if len(scanner.Text()) > 0 {
// Store the password in base64 for a little obfuscation
cfg.Password = base64.StdEncoding.EncodeToString(scanner.Bytes())
}
// Save bridge password // Save bridge password
if len(cfg.BridgePw) == 0 { if len(cfg.BridgePw) == 0 {
err := LoginBridge(cfg) err := LoginBridge(cfg)