Use terminal.ReadPasword to read password

- Option to input HTTP basic auth username and password when running
  setup-ntfy
- Username and password are stored in notify.json, password is
  base64-encoded

ntfy/ntfy.go

@@ -6,6 +6,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"golang.org/x/crypto/ssh/terminal"
 	"log"
 	"net"
 	"net/http"
@@ -23,6 +24,8 @@ type NtfyConfig struct {
 	URL      string `json:"url"`
 	Topic    string `json:"topic"`
 	BridgePw string `json:"bridgePw"`
+	User     string `json:"user"`
+	Password string `json:"password"`
 }
 
 func (cfg *NtfyConfig) Init() {
@@ -63,10 +66,18 @@ func ntfyConfigFile() (string, error) {
 func Notify() {
 	cfg := NtfyConfig{}
 	if err := cfg.Read(); err != nil {
-		log.Printf("error reading configuration: %v", err)
+		log.Printf("error reading configuration: %v\n", err)
 		return
 	}
 	req, _ := http.NewRequest("POST", cfg.URI(), strings.NewReader("New message received"))
+	if cfg.User != "" && cfg.Password != "" {
+		pw, err := base64.StdEncoding.DecodeString(cfg.Password)
+		if err != nil {
+			log.Printf("Error decoding push endpoint password: %v\n", err)
+			return
+		}
+		req.SetBasicAuth(cfg.User, string(pw))
+	}
 	req.Header.Set("Title", "ProtonMail")
 	req.Header.Set("Click", "dismiss")
 	req.Header.Set("Tags", "envelope")
@@ -154,6 +165,13 @@ func (cfg *NtfyConfig) Setup() {
 		cfg.URL = os.Getenv("PUSH_URL")
 		cfg.Topic = os.Getenv("PUSH_TOPIC")
 		log.Printf("Current push endpoint: %s\n", cfg.URI())
+		if os.Getenv("PUSH_USER") != "" && os.Getenv("PUSH_PASSWORD") != "" {
+			cfg.User = os.Getenv("PUSH_USER")
+			cfg.Password = base64.StdEncoding.EncodeToString([]byte(os.Getenv("PUSH_PASSWORD")))
+			log.Println("Authentication for push endpoint configured using environment")
+		} else {
+			log.Println("Both PUSH_USER and PUSH_PASSWORD not set, assuming no authentication is necessary.")
+		}
 		err := cfg.Save()
 		if err != nil {
 			log.Fatal(err)
@@ -166,6 +184,9 @@ func (cfg *NtfyConfig) Setup() {
 		fmt.Printf("Current push endpoint: %s\n", cfg.URI())
 		n = "new "
 	}
+	if cfg.User != "" && cfg.Password != "" {
+		fmt.Println("Push is currently configured for basic auth. You'll need to input credentials again")
+	}
 
 	// Read push base URL
 	notValid := true
@@ -192,6 +213,30 @@ func (cfg *NtfyConfig) Setup() {
 		cfg.Topic = scanner.Text()
 	}
 	fmt.Printf("Using URL %s\n", cfg.URI())
+	// Configure HTTP Basic Auth for push
+	// This needs to be input each time the auth flow is done,
+	// existing values are reset
+	cfg.User = ""
+	cfg.Password = ""
+	fmt.Println("Configuring HTTP basic authentication for push endpoint.")
+	fmt.Println("Previously set username and password have been cleared.")
+	fmt.Println("Leave values blank to disable basic authentication.")
+	scanner = bufio.NewScanner(os.Stdin)
+	fmt.Printf("Username: ")
+	scanner.Scan()
+	if len(scanner.Text()) > 0 {
+		cfg.User = scanner.Text()
+	}
+	fmt.Printf("Password: ")
+	pwBytes, err := terminal.ReadPassword(0)
+	if err != nil {
+		fmt.Printf("Error reading password: %v\n", err)
+		return
+	}
+	if len(pwBytes) > 0 {
+		// Store the password in base64 for a little obfuscation
+		cfg.Password = base64.StdEncoding.EncodeToString(pwBytes)
+	}
 	// Save bridge password
 	if len(cfg.BridgePw) == 0 {
 		err := LoginBridge(cfg)
@@ -203,7 +248,7 @@ func (cfg *NtfyConfig) Setup() {
 		fmt.Println("Bridge password is set")
 	}
 	// Save configuration
-	err := cfg.Save()
+	err = cfg.Save()
 	if err != nil {
 		fmt.Println(err)
 		os.Exit(1)