Merge branch 'main' of github.com:binwiederhier/ntfy into macos-server

2022-05-20 15:59:12 -04:00 · 2022-05-20 15:59:12 -04:00 · 60c5ccf34b
commit 60c5ccf34b
parent a2825880bc 79cb082879
23 changed files with 643 additions and 308 deletions
--- a/server/config.go
+++ b/server/config.go
@ -88,6 +88,7 @@ type Config struct {
 	VisitorEmailLimitBurst               int
 	VisitorEmailLimitReplenish           time.Duration
 	BehindProxy                          bool
+	EnableWeb                            bool
 }

 // NewConfig instantiates a default new server config
@ -126,5 +127,6 @@ func NewConfig() *Config {
 		VisitorEmailLimitBurst:               DefaultVisitorEmailLimitBurst,
 		VisitorEmailLimitReplenish:           DefaultVisitorEmailLimitReplenish,
 		BehindProxy:                          false,
+		EnableWeb:                            true,
 	}
 }
--- a/server/server.go
+++ b/server/server.go
@ -8,11 +8,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/emersion/go-smtp"
-	"github.com/gorilla/websocket"
-	"golang.org/x/sync/errgroup"
-	"heckel.io/ntfy/auth"
-	"heckel.io/ntfy/util"
 	"io"
 	"log"
 	"net"
@ -28,6 +23,12 @@ import (
 	"sync"
 	"time"
 	"unicode/utf8"
+
+	"github.com/emersion/go-smtp"
+	"github.com/gorilla/websocket"
+	"golang.org/x/sync/errgroup"
+	"heckel.io/ntfy/auth"
+	"heckel.io/ntfy/util"
 )

 // Server is the main server, providing the UI and API for ntfy
@ -263,23 +264,23 @@ func (s *Server) handle(w http.ResponseWriter, r *http.Request) {

 func (s *Server) handleInternal(w http.ResponseWriter, r *http.Request, v *visitor) error {
 	if r.Method == http.MethodGet && r.URL.Path == "/" {
-		return s.handleHome(w, r)
+		return s.ensureWebEnabled(s.handleHome)(w, r, v)
 	} else if r.Method == http.MethodGet && r.URL.Path == "/example.html" {
-		return s.handleExample(w, r)
+		return s.ensureWebEnabled(s.handleExample)(w, r, v)
 	} else if r.Method == http.MethodHead && r.URL.Path == "/" {
-		return s.handleEmpty(w, r, v)
+		return s.ensureWebEnabled(s.handleEmpty)(w, r, v)
 	} else if r.Method == http.MethodGet && r.URL.Path == webConfigPath {
-		return s.handleWebConfig(w, r)
+		return s.ensureWebEnabled(s.handleWebConfig)(w, r, v)
 	} else if r.Method == http.MethodGet && r.URL.Path == userStatsPath {
 		return s.handleUserStats(w, r, v)
 	} else if r.Method == http.MethodGet && staticRegex.MatchString(r.URL.Path) {
-		return s.handleStatic(w, r)
+		return s.ensureWebEnabled(s.handleStatic)(w, r, v)
 	} else if r.Method == http.MethodGet && docsRegex.MatchString(r.URL.Path) {
-		return s.handleDocs(w, r)
+		return s.ensureWebEnabled(s.handleDocs)(w, r, v)
 	} else if r.Method == http.MethodGet && fileRegex.MatchString(r.URL.Path) && s.config.AttachmentCacheDir != "" {
 		return s.limitRequests(s.handleFile)(w, r, v)
 	} else if r.Method == http.MethodOptions {
-		return s.handleOptions(w, r)
+		return s.ensureWebEnabled(s.handleOptions)(w, r, v)
 	} else if (r.Method == http.MethodPut || r.Method == http.MethodPost) && r.URL.Path == "/" {
 		return s.limitRequests(s.transformBodyJSON(s.authWrite(s.handlePublish)))(w, r, v)
 	} else if (r.Method == http.MethodPut || r.Method == http.MethodPost) && topicPathRegex.MatchString(r.URL.Path) {
@ -297,21 +298,21 @@ func (s *Server) handleInternal(w http.ResponseWriter, r *http.Request, v *visit
 	} else if r.Method == http.MethodGet && authPathRegex.MatchString(r.URL.Path) {
 		return s.limitRequests(s.authRead(s.handleTopicAuth))(w, r, v)
 	} else if r.Method == http.MethodGet && (topicPathRegex.MatchString(r.URL.Path) || externalTopicPathRegex.MatchString(r.URL.Path)) {
-		return s.handleTopic(w, r)
+		return s.ensureWebEnabled(s.handleTopic)(w, r, v)
 	}
 	return errHTTPNotFound
 }

-func (s *Server) handleHome(w http.ResponseWriter, r *http.Request) error {
+func (s *Server) handleHome(w http.ResponseWriter, r *http.Request, v *visitor) error {
 	if s.config.WebRootIsApp {
 		r.URL.Path = webAppIndex
 	} else {
 		r.URL.Path = webHomeIndex
 	}
-	return s.handleStatic(w, r)
+	return s.handleStatic(w, r, v)
 }

-func (s *Server) handleTopic(w http.ResponseWriter, r *http.Request) error {
+func (s *Server) handleTopic(w http.ResponseWriter, r *http.Request, v *visitor) error {
 	unifiedpush := readBoolParam(r, false, "x-unifiedpush", "unifiedpush", "up") // see PUT/POST too!
 	if unifiedpush {
 		w.Header().Set("Content-Type", "application/json")
@ -320,7 +321,7 @@ func (s *Server) handleTopic(w http.ResponseWriter, r *http.Request) error {
 		return err
 	}
 	r.URL.Path = webAppIndex
-	return s.handleStatic(w, r)
+	return s.handleStatic(w, r, v)
 }

 func (s *Server) handleEmpty(_ http.ResponseWriter, _ *http.Request, _ *visitor) error {
@ -334,12 +335,12 @@ func (s *Server) handleTopicAuth(w http.ResponseWriter, _ *http.Request, _ *visi
 	return err
 }

-func (s *Server) handleExample(w http.ResponseWriter, _ *http.Request) error {
+func (s *Server) handleExample(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
 	_, err := io.WriteString(w, exampleSource)
 	return err
 }

-func (s *Server) handleWebConfig(w http.ResponseWriter, r *http.Request) error {
+func (s *Server) handleWebConfig(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
 	appRoot := "/"
 	if !s.config.WebRootIsApp {
 		appRoot = "/app"
@ -367,13 +368,13 @@ func (s *Server) handleUserStats(w http.ResponseWriter, r *http.Request, v *visi
 	return nil
 }

-func (s *Server) handleStatic(w http.ResponseWriter, r *http.Request) error {
+func (s *Server) handleStatic(w http.ResponseWriter, r *http.Request, _ *visitor) error {
 	r.URL.Path = webSiteDir + r.URL.Path
 	util.Gzip(http.FileServer(http.FS(webFsCached))).ServeHTTP(w, r)
 	return nil
 }

-func (s *Server) handleDocs(w http.ResponseWriter, r *http.Request) error {
+func (s *Server) handleDocs(w http.ResponseWriter, r *http.Request, _ *visitor) error {
 	util.Gzip(http.FileServer(http.FS(docsStaticCached))).ServeHTTP(w, r)
 	return nil
 }
@ -904,7 +905,7 @@ func parseSince(r *http.Request, poll bool) (sinceMarker, error) {
 	return sinceNoMessages, errHTTPBadRequestSinceInvalid
 }

-func (s *Server) handleOptions(w http.ResponseWriter, _ *http.Request) error {
+func (s *Server) handleOptions(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
 	w.Header().Set("Access-Control-Allow-Methods", "GET, PUT, POST")
 	w.Header().Set("Access-Control-Allow-Origin", "*")  // CORS, allow cross-origin requests
 	w.Header().Set("Access-Control-Allow-Headers", "*") // CORS, allow auth via JS // FIXME is this terrible?
@ -1118,6 +1119,15 @@ func (s *Server) limitRequests(next handleFunc) handleFunc {
 	}
 }

+func (s *Server) ensureWebEnabled(next handleFunc) handleFunc {
+	return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
+		if !s.config.EnableWeb {
+			return errHTTPNotFound
+		}
+		return next(w, r, v)
+	}
+}
+
 // transformBodyJSON peeks the request body, reads the JSON, and converts it to headers
 // before passing it on to the next handler. This is meant to be used in combination with handlePublish.
 func (s *Server) transformBodyJSON(next handleFunc) handleFunc {
--- a/server/server.yml
+++ b/server/server.yml
@ -1,4 +1,7 @@
 # ntfy server config file
+#
+# Please refer to the documentation at https://ntfy.sh/docs/config/ for details.
+# All options also support underscores (_) instead of dashes (-) to comply with the YAML spec.

 # Public facing base URL of the service (e.g. https://ntfy.sh or https://ntfy.example.com)
 # This setting is currently only used by the attachments and e-mail sending feature (outgoing mail only).
@ -127,7 +130,8 @@
 # manager-interval: "1m"

 # Defines if the root route (/) is pointing to the landing page (as on ntfy.sh) or the
-# web app. If you self-host, you don't want to change this. Can be "app" (default) or "home".
+# web app. If you self-host, you don't want to change this.
+# Can be "app" (default), "home" or "disable" to disable the web app entirely.
 #
 # web-root: app

--- a/server/server_test.go
+++ b/server/server_test.go
@ -6,9 +6,6 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"github.com/stretchr/testify/require"
-	"heckel.io/ntfy/auth"
-	"heckel.io/ntfy/util"
 	"math/rand"
 	"net/http"
 	"net/http/httptest"
@ -18,6 +15,10 @@ import (
 	"sync"
 	"testing"
 	"time"
+
+	"github.com/stretchr/testify/require"
+	"heckel.io/ntfy/auth"
+	"heckel.io/ntfy/util"
 )

 func TestServer_PublishAndPoll(t *testing.T) {
@ -162,6 +163,40 @@ func TestServer_StaticSites(t *testing.T) {
 	require.Contains(t, rr.Body.String(), "</html>")
 }

+func TestServer_WebEnabled(t *testing.T) {
+	conf := newTestConfig(t)
+	conf.EnableWeb = false
+	s := newTestServer(t, conf)
+
+	rr := request(t, s, "GET", "/", "", nil)
+	require.Equal(t, 404, rr.Code)
+
+	rr = request(t, s, "GET", "/example.html", "", nil)
+	require.Equal(t, 404, rr.Code)
+
+	rr = request(t, s, "GET", "/config.js", "", nil)
+	require.Equal(t, 404, rr.Code)
+
+	rr = request(t, s, "GET", "/static/css/home.css", "", nil)
+	require.Equal(t, 404, rr.Code)
+
+	conf2 := newTestConfig(t)
+	conf2.EnableWeb = true
+	s2 := newTestServer(t, conf2)
+
+	rr = request(t, s2, "GET", "/", "", nil)
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s2, "GET", "/example.html", "", nil)
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s2, "GET", "/config.js", "", nil)
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s2, "GET", "/static/css/home.css", "", nil)
+	require.Equal(t, 200, rr.Code)
+}
+
 func TestServer_PublishLargeMessage(t *testing.T) {
 	c := newTestConfig(t)
 	c.AttachmentCacheDir = "" // Disable attachments
@ -1303,7 +1338,7 @@ func firebaseServiceAccountFile(t *testing.T) string {
 		return os.Getenv("NTFY_TEST_FIREBASE_SERVICE_ACCOUNT_FILE")
 	} else if os.Getenv("NTFY_TEST_FIREBASE_SERVICE_ACCOUNT") != "" {
 		filename := filepath.Join(t.TempDir(), "firebase.json")
-		require.NotNil(t, os.WriteFile(filename, []byte(os.Getenv("NTFY_TEST_FIREBASE_SERVICE_ACCOUNT")), 0600))
+		require.NotNil(t, os.WriteFile(filename, []byte(os.Getenv("NTFY_TEST_FIREBASE_SERVICE_ACCOUNT")), 0o600))
 		return filename
 	}
 	t.SkipNow()