ntfy/server/server.go

1264 lines
39 KiB
Go
Raw Normal View History

2021-10-23 04:26:01 +03:00
package server
import (
"bytes"
2021-10-29 06:50:38 +03:00
"context"
2021-12-24 02:03:04 +03:00
"embed"
2022-01-17 21:28:07 +03:00
"encoding/base64"
2021-10-23 04:26:01 +03:00
"encoding/json"
2021-12-27 18:39:28 +03:00
"errors"
2021-10-23 20:21:33 +03:00
"fmt"
2021-10-23 04:26:01 +03:00
"io"
"log"
2021-10-24 05:49:50 +03:00
"net"
2021-10-23 04:26:01 +03:00
"net/http"
2021-12-27 18:39:28 +03:00
"net/http/httptest"
2022-01-14 20:13:14 +03:00
"net/url"
2022-01-11 00:28:13 +03:00
"os"
2022-01-14 20:13:14 +03:00
"path"
2022-01-03 01:56:12 +03:00
"path/filepath"
2021-10-23 04:26:01 +03:00
"regexp"
2021-10-29 20:58:14 +03:00
"strconv"
2021-10-23 04:26:01 +03:00
"strings"
"sync"
"time"
2022-01-03 01:56:12 +03:00
"unicode/utf8"
"github.com/emersion/go-smtp"
"github.com/gorilla/websocket"
"golang.org/x/sync/errgroup"
"heckel.io/ntfy/auth"
"heckel.io/ntfy/util"
2021-10-23 04:26:01 +03:00
)
2021-12-07 19:45:15 +03:00
// Server is the main server, providing the UI and API for ntfy
2021-10-23 04:26:01 +03:00
type Server struct {
2022-01-11 00:28:13 +03:00
config *Config
httpServer *http.Server
httpsServer *http.Server
unixListener net.Listener
smtpServer *smtp.Server
smtpBackend *smtpBackend
topics map[string]*topic
visitors map[string]*visitor
firebase subscriber
mailer mailer
messages int64
2022-01-23 08:54:18 +03:00
auth auth.Auther
2022-02-27 22:47:28 +03:00
messageCache *messageCache
2022-01-15 04:16:12 +03:00
fileCache *fileCache
2022-01-11 00:28:13 +03:00
closeChan chan bool
mu sync.Mutex
2021-10-23 04:26:01 +03:00
}
2022-01-22 06:22:27 +03:00
// handleFunc extends the normal http.HandlerFunc to be able to easily return errors
type handleFunc func(http.ResponseWriter, *http.Request, *visitor) error
2021-10-23 04:26:01 +03:00
var (
2022-01-31 19:44:58 +03:00
// If changed, don't forget to update Android App and auth_sqlite.go
topicRegex = regexp.MustCompile(`^[-_A-Za-z0-9]{1,64}$`) // No /!
topicPathRegex = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}$`) // Regex must match JS & Android app!
externalTopicPathRegex = regexp.MustCompile(`^/[^/]+\.[^/]+/[-_A-Za-z0-9]{1,64}$`) // Extended topic path, for web-app, e.g. /example.com/mytopic
jsonPathRegex = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/json$`)
ssePathRegex = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/sse$`)
rawPathRegex = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/raw$`)
wsPathRegex = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/ws$`)
authPathRegex = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/auth$`)
publishPathRegex = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}/(publish|send|trigger)$`)
2021-10-29 20:58:14 +03:00
webConfigPath = "/config.js"
2022-04-03 19:39:52 +03:00
userStatsPath = "/user/stats"
2021-12-09 06:13:59 +03:00
staticRegex = regexp.MustCompile(`^/static/.+`)
docsRegex = regexp.MustCompile(`^/docs(|/.*)$`)
2022-01-03 01:56:12 +03:00
fileRegex = regexp.MustCompile(`^/file/([-_A-Za-z0-9]{1,64})(?:\.[A-Za-z0-9]{1,16})?$`)
2022-03-06 04:24:10 +03:00
disallowedTopics = []string{"docs", "static", "file", "app", "settings"} // If updated, also update in Android app
attachURLRegex = regexp.MustCompile(`^https?://`)
2021-10-23 04:26:01 +03:00
2021-11-18 17:22:33 +03:00
//go:embed "example.html"
2021-11-28 00:12:08 +03:00
exampleSource string
2021-11-18 17:22:33 +03:00
2022-03-06 04:24:10 +03:00
//go:embed site
webFs embed.FS
webFsCached = &util.CachingEmbedFS{ModTime: time.Now(), FS: webFs}
webSiteDir = "/site"
2022-03-06 05:28:25 +03:00
webHomeIndex = "/home.html" // Landing page, only if "web-root: home"
2022-03-06 04:24:10 +03:00
webAppIndex = "/app.html" // React app
2021-10-24 21:22:53 +03:00
2021-12-03 01:27:31 +03:00
//go:embed docs
2021-12-07 18:38:58 +03:00
docsStaticFs embed.FS
2021-12-03 01:27:31 +03:00
docsStaticCached = &util.CachingEmbedFS{ModTime: time.Now(), FS: docsStaticFs}
2021-10-23 04:26:01 +03:00
)
2021-12-14 06:30:28 +03:00
const (
2022-01-13 05:24:48 +03:00
firebaseControlTopic = "~control" // See Android if changed
emptyMessageBody = "triggered" // Used if message body is empty
defaultAttachmentMessage = "You received a file: %s" // Used if message body is empty, and there is an attachment
2022-01-17 21:28:07 +03:00
encodingBase64 = "base64"
2022-01-16 06:33:35 +03:00
)
// WebSocket constants
const (
wsWriteWait = 2 * time.Second
wsBufferSize = 1024
wsReadLimit = 64 // We only ever receive PINGs
wsPongWait = 15 * time.Second
2021-12-14 06:30:28 +03:00
)
2021-12-07 19:45:15 +03:00
// New instantiates a new Server. It creates the cache and adds a Firebase
// subscriber (if configured).
2021-12-19 06:02:36 +03:00
func New(conf *Config) (*Server, error) {
2021-12-24 02:03:04 +03:00
var mailer mailer
2021-12-27 18:39:28 +03:00
if conf.SMTPSenderAddr != "" {
mailer = &smtpSender{config: conf}
2021-12-24 02:03:04 +03:00
}
2022-02-27 22:47:28 +03:00
messageCache, err := createMessageCache(conf)
2021-11-02 21:08:21 +03:00
if err != nil {
return nil, err
}
2022-02-27 22:47:28 +03:00
topics, err := messageCache.Topics()
2021-11-03 04:09:49 +03:00
if err != nil {
return nil, err
2021-11-02 21:08:21 +03:00
}
var fileCache *fileCache
2022-01-03 01:56:12 +03:00
if conf.AttachmentCacheDir != "" {
fileCache, err = newFileCache(conf.AttachmentCacheDir, conf.AttachmentTotalSizeLimit, conf.AttachmentFileSizeLimit)
if err != nil {
2022-01-03 01:56:12 +03:00
return nil, err
}
}
2022-01-23 08:54:18 +03:00
var auther auth.Auther
2022-01-23 07:01:20 +03:00
if conf.AuthFile != "" {
2022-01-23 08:02:16 +03:00
auther, err = auth.NewSQLiteAuth(conf.AuthFile, conf.AuthDefaultRead, conf.AuthDefaultWrite)
2022-01-23 07:01:20 +03:00
if err != nil {
return nil, err
}
2022-01-22 22:47:27 +03:00
}
var firebaseSubscriber subscriber
if conf.FirebaseKeyFile != "" {
2022-02-01 04:12:47 +03:00
var err error
firebaseSubscriber, err = createFirebaseSubscriber(conf.FirebaseKeyFile, auther)
if err != nil {
return nil, err
}
}
2021-10-23 04:26:01 +03:00
return &Server{
2022-02-27 22:47:28 +03:00
config: conf,
messageCache: messageCache,
fileCache: fileCache,
firebase: firebaseSubscriber,
mailer: mailer,
topics: topics,
auth: auther,
visitors: make(map[string]*visitor),
2021-10-29 06:50:38 +03:00
}, nil
2021-10-23 04:26:01 +03:00
}
2022-02-27 22:47:28 +03:00
func createMessageCache(conf *Config) (*messageCache, error) {
2021-12-09 18:23:17 +03:00
if conf.CacheDuration == 0 {
return newNopCache()
2021-12-09 18:23:17 +03:00
} else if conf.CacheFile != "" {
return newSqliteCache(conf.CacheFile, false)
2021-11-02 21:08:21 +03:00
}
return newMemCache()
2021-11-02 21:08:21 +03:00
}
2021-12-07 19:45:15 +03:00
// Run executes the main server. It listens on HTTP (+ HTTPS, if configured), and starts
// a manager go routine to print stats and prune messages.
2021-10-23 04:26:01 +03:00
func (s *Server) Run() error {
2022-01-11 00:28:13 +03:00
var listenStr string
if s.config.ListenHTTP != "" {
listenStr += fmt.Sprintf(" %s[http]", s.config.ListenHTTP)
}
2021-12-02 16:52:48 +03:00
if s.config.ListenHTTPS != "" {
2022-01-11 00:28:13 +03:00
listenStr += fmt.Sprintf(" %s[https]", s.config.ListenHTTPS)
}
if s.config.ListenUnix != "" {
listenStr += fmt.Sprintf(" %s[unix]", s.config.ListenUnix)
2021-12-02 16:52:48 +03:00
}
2021-12-28 00:06:40 +03:00
if s.config.SMTPServerListen != "" {
2022-01-11 00:28:13 +03:00
listenStr += fmt.Sprintf(" %s[smtp]", s.config.SMTPServerListen)
2021-12-28 00:06:40 +03:00
}
2022-01-11 00:28:13 +03:00
log.Printf("Listening on%s", listenStr)
2021-12-23 01:45:19 +03:00
mux := http.NewServeMux()
mux.HandleFunc("/", s.handle)
2021-12-02 16:52:48 +03:00
errChan := make(chan error)
2021-12-22 16:17:50 +03:00
s.mu.Lock()
s.closeChan = make(chan bool)
2022-01-11 00:28:13 +03:00
if s.config.ListenHTTP != "" {
s.httpServer = &http.Server{Addr: s.config.ListenHTTP, Handler: mux}
go func() {
errChan <- s.httpServer.ListenAndServe()
}()
}
2021-12-02 16:52:48 +03:00
if s.config.ListenHTTPS != "" {
s.httpsServer = &http.Server{Addr: s.config.ListenHTTPS, Handler: mux}
2021-12-02 16:52:48 +03:00
go func() {
2021-12-22 16:17:50 +03:00
errChan <- s.httpsServer.ListenAndServeTLS(s.config.CertFile, s.config.KeyFile)
2021-12-02 16:52:48 +03:00
}()
}
2022-01-11 00:28:13 +03:00
if s.config.ListenUnix != "" {
go func() {
var err error
s.mu.Lock()
os.Remove(s.config.ListenUnix)
s.unixListener, err = net.Listen("unix", s.config.ListenUnix)
if err != nil {
errChan <- err
return
}
s.mu.Unlock()
httpServer := &http.Server{Handler: mux}
errChan <- httpServer.Serve(s.unixListener)
}()
}
2021-12-27 18:39:28 +03:00
if s.config.SMTPServerListen != "" {
2021-12-27 17:48:09 +03:00
go func() {
2021-12-28 00:06:40 +03:00
errChan <- s.runSMTPServer()
2021-12-27 17:48:09 +03:00
}()
}
2021-12-22 16:17:50 +03:00
s.mu.Unlock()
2021-12-23 01:20:43 +03:00
go s.runManager()
go s.runAtSender()
2022-01-21 22:17:59 +03:00
go s.runFirebaseKeepaliver()
2021-12-27 17:48:09 +03:00
2021-12-02 16:52:48 +03:00
return <-errChan
2021-10-23 04:26:01 +03:00
}
2021-12-22 16:17:50 +03:00
// Stop stops HTTP (+HTTPS) server and all managers
func (s *Server) Stop() {
s.mu.Lock()
defer s.mu.Unlock()
if s.httpServer != nil {
s.httpServer.Close()
}
if s.httpsServer != nil {
s.httpsServer.Close()
}
2022-01-11 00:28:13 +03:00
if s.unixListener != nil {
s.unixListener.Close()
}
2021-12-28 00:06:40 +03:00
if s.smtpServer != nil {
s.smtpServer.Close()
}
2021-12-22 16:17:50 +03:00
close(s.closeChan)
}
2021-10-23 04:26:01 +03:00
func (s *Server) handle(w http.ResponseWriter, r *http.Request) {
2022-02-15 00:09:59 +03:00
v := s.visitor(r)
if err := s.handleInternal(w, r, v); err != nil {
2022-01-16 06:33:35 +03:00
if websocket.IsWebSocketUpgrade(r) {
2022-02-15 00:09:59 +03:00
log.Printf("[%s] WS %s %s - %s", v.ip, r.Method, r.URL.Path, err.Error())
2022-01-16 06:33:35 +03:00
return // Do not attempt to write to upgraded connection
2021-10-24 05:49:50 +03:00
}
2022-01-16 06:33:35 +03:00
httpErr, ok := err.(*errHTTP)
if !ok {
httpErr = errHTTPInternalError
}
2022-02-15 00:09:59 +03:00
log.Printf("[%s] HTTP %s %s - %d - %d - %s", v.ip, r.Method, r.URL.Path, httpErr.HTTPCode, httpErr.Code, err.Error())
2021-12-25 17:15:05 +03:00
w.Header().Set("Content-Type", "application/json")
w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
2022-01-16 06:33:35 +03:00
w.WriteHeader(httpErr.HTTPCode)
io.WriteString(w, httpErr.JSON()+"\n")
2021-10-23 04:26:01 +03:00
}
}
2022-02-15 00:09:59 +03:00
func (s *Server) handleInternal(w http.ResponseWriter, r *http.Request, v *visitor) error {
2022-05-13 21:42:25 +03:00
if r.Method == http.MethodGet && r.URL.Path == "/" {
return s.ensureWebEnabled(s.handleHome)(w, r, v)
} else if r.Method == http.MethodGet && r.URL.Path == "/example.html" {
return s.ensureWebEnabled(s.handleExample)(w, r, v)
} else if r.Method == http.MethodHead && r.URL.Path == "/" {
2022-05-13 21:42:25 +03:00
return s.ensureWebEnabled(s.handleEmpty)(w, r, v)
} else if r.Method == http.MethodGet && r.URL.Path == webConfigPath {
return s.ensureWebEnabled(s.handleWebConfig)(w, r, v)
2022-04-03 19:39:52 +03:00
} else if r.Method == http.MethodGet && r.URL.Path == userStatsPath {
return s.handleUserStats(w, r, v)
2022-05-13 21:42:25 +03:00
} else if r.Method == http.MethodGet && staticRegex.MatchString(r.URL.Path) {
return s.ensureWebEnabled(s.handleStatic)(w, r, v)
} else if r.Method == http.MethodGet && docsRegex.MatchString(r.URL.Path) {
return s.ensureWebEnabled(s.handleDocs)(w, r, v)
2022-01-04 02:55:08 +03:00
} else if r.Method == http.MethodGet && fileRegex.MatchString(r.URL.Path) && s.config.AttachmentCacheDir != "" {
2022-01-22 06:22:27 +03:00
return s.limitRequests(s.handleFile)(w, r, v)
} else if r.Method == http.MethodOptions {
2022-05-13 21:42:25 +03:00
return s.ensureWebEnabled(s.handleOptions)(w, r, v)
2022-03-16 21:16:54 +03:00
} else if (r.Method == http.MethodPut || r.Method == http.MethodPost) && r.URL.Path == "/" {
return s.limitRequests(s.transformBodyJSON(s.authWrite(s.handlePublish)))(w, r, v)
2021-12-28 00:06:40 +03:00
} else if (r.Method == http.MethodPut || r.Method == http.MethodPost) && topicPathRegex.MatchString(r.URL.Path) {
2022-01-22 06:22:27 +03:00
return s.limitRequests(s.authWrite(s.handlePublish))(w, r, v)
2021-12-28 00:06:40 +03:00
} else if r.Method == http.MethodGet && publishPathRegex.MatchString(r.URL.Path) {
2022-01-22 06:22:27 +03:00
return s.limitRequests(s.authWrite(s.handlePublish))(w, r, v)
2021-12-28 00:06:40 +03:00
} else if r.Method == http.MethodGet && jsonPathRegex.MatchString(r.URL.Path) {
2022-01-22 06:22:27 +03:00
return s.limitRequests(s.authRead(s.handleSubscribeJSON))(w, r, v)
2021-12-28 00:06:40 +03:00
} else if r.Method == http.MethodGet && ssePathRegex.MatchString(r.URL.Path) {
2022-01-22 06:22:27 +03:00
return s.limitRequests(s.authRead(s.handleSubscribeSSE))(w, r, v)
2021-12-28 00:06:40 +03:00
} else if r.Method == http.MethodGet && rawPathRegex.MatchString(r.URL.Path) {
2022-01-22 06:22:27 +03:00
return s.limitRequests(s.authRead(s.handleSubscribeRaw))(w, r, v)
2022-01-15 21:23:35 +03:00
} else if r.Method == http.MethodGet && wsPathRegex.MatchString(r.URL.Path) {
2022-01-22 06:22:27 +03:00
return s.limitRequests(s.authRead(s.handleSubscribeWS))(w, r, v)
2022-01-26 07:04:09 +03:00
} else if r.Method == http.MethodGet && authPathRegex.MatchString(r.URL.Path) {
return s.limitRequests(s.authRead(s.handleTopicAuth))(w, r, v)
} else if r.Method == http.MethodGet && (topicPathRegex.MatchString(r.URL.Path) || externalTopicPathRegex.MatchString(r.URL.Path)) {
2022-05-13 21:42:25 +03:00
return s.ensureWebEnabled(s.handleTopic)(w, r, v)
2021-10-23 04:26:01 +03:00
}
2021-10-24 05:49:50 +03:00
return errHTTPNotFound
2021-10-23 04:26:01 +03:00
}
2022-05-13 21:42:25 +03:00
func (s *Server) handleHome(w http.ResponseWriter, r *http.Request, v *visitor) error {
2022-03-06 05:28:25 +03:00
if s.config.WebRootIsApp {
r.URL.Path = webAppIndex
} else {
r.URL.Path = webHomeIndex
}
2022-05-13 21:42:25 +03:00
return s.handleStatic(w, r, v)
2021-10-23 04:26:01 +03:00
}
2022-05-13 21:42:25 +03:00
func (s *Server) handleTopic(w http.ResponseWriter, r *http.Request, v *visitor) error {
2022-01-16 07:17:46 +03:00
unifiedpush := readBoolParam(r, false, "x-unifiedpush", "unifiedpush", "up") // see PUT/POST too!
2021-12-26 00:07:55 +03:00
if unifiedpush {
w.Header().Set("Content-Type", "application/json")
w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
_, err := io.WriteString(w, `{"unifiedpush":{"version":1}}`+"\n")
return err
}
2022-03-06 04:24:10 +03:00
r.URL.Path = webAppIndex
2022-05-13 21:42:25 +03:00
return s.handleStatic(w, r, v)
2021-12-26 00:07:55 +03:00
}
2022-01-26 07:04:09 +03:00
func (s *Server) handleEmpty(_ http.ResponseWriter, _ *http.Request, _ *visitor) error {
return nil
}
2022-01-26 07:04:09 +03:00
func (s *Server) handleTopicAuth(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
w.Header().Set("Content-Type", "application/json")
w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
_, err := io.WriteString(w, `{"success":true}`+"\n")
return err
}
2022-05-13 21:42:25 +03:00
func (s *Server) handleExample(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
2021-11-18 17:22:33 +03:00
_, err := io.WriteString(w, exampleSource)
return err
}
2022-05-13 21:42:25 +03:00
func (s *Server) handleWebConfig(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
appRoot := "/"
if !s.config.WebRootIsApp {
appRoot = "/app"
}
disallowedTopicsStr := `"` + strings.Join(disallowedTopics, `", "`) + `"`
2022-03-11 23:56:54 +03:00
w.Header().Set("Content-Type", "text/javascript")
_, err := io.WriteString(w, fmt.Sprintf(`// Generated server configuration
2022-03-11 23:56:54 +03:00
var config = {
appRoot: "%s",
disallowedTopics: [%s]
};`, appRoot, disallowedTopicsStr))
return err
}
2022-04-03 19:39:52 +03:00
func (s *Server) handleUserStats(w http.ResponseWriter, r *http.Request, v *visitor) error {
stats, err := v.Stats()
if err != nil {
return err
}
w.Header().Set("Content-Type", "text/json")
w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
if err := json.NewEncoder(w).Encode(stats); err != nil {
return err
}
return nil
}
2022-05-13 21:42:25 +03:00
func (s *Server) handleStatic(w http.ResponseWriter, r *http.Request, _ *visitor) error {
2022-03-06 04:24:10 +03:00
r.URL.Path = webSiteDir + r.URL.Path
2022-03-11 05:55:56 +03:00
util.Gzip(http.FileServer(http.FS(webFsCached))).ServeHTTP(w, r)
2021-10-29 20:58:14 +03:00
return nil
}
2022-05-13 21:42:25 +03:00
func (s *Server) handleDocs(w http.ResponseWriter, r *http.Request, _ *visitor) error {
2022-03-11 05:55:56 +03:00
util.Gzip(http.FileServer(http.FS(docsStaticCached))).ServeHTTP(w, r)
2021-12-03 01:27:31 +03:00
return nil
}
2022-01-13 02:52:07 +03:00
func (s *Server) handleFile(w http.ResponseWriter, r *http.Request, v *visitor) error {
2022-01-03 01:56:12 +03:00
if s.config.AttachmentCacheDir == "" {
2022-01-04 02:55:08 +03:00
return errHTTPInternalError
2022-01-03 01:56:12 +03:00
}
matches := fileRegex.FindStringSubmatch(r.URL.Path)
if len(matches) != 2 {
return errHTTPInternalErrorInvalidFilePath
}
messageID := matches[1]
file := filepath.Join(s.config.AttachmentCacheDir, messageID)
stat, err := os.Stat(file)
if err != nil {
return errHTTPNotFound
}
2022-01-13 05:24:48 +03:00
if err := v.BandwidthLimiter().Allow(stat.Size()); err != nil {
return errHTTPTooManyRequestsAttachmentBandwidthLimit
2022-01-13 02:52:07 +03:00
}
2022-01-12 19:05:04 +03:00
w.Header().Set("Content-Length", fmt.Sprintf("%d", stat.Size()))
2022-03-26 00:17:24 +03:00
w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
2022-01-03 01:56:12 +03:00
f, err := os.Open(file)
if err != nil {
return err
}
defer f.Close()
2022-01-10 21:38:51 +03:00
_, err = io.Copy(util.NewContentTypeWriter(w, r.URL.Path), f)
2022-01-03 01:56:12 +03:00
return err
}
2021-12-24 02:03:04 +03:00
func (s *Server) handlePublish(w http.ResponseWriter, r *http.Request, v *visitor) error {
2021-12-15 17:41:55 +03:00
t, err := s.topicFromPath(r.URL.Path)
2021-11-01 23:39:40 +03:00
if err != nil {
return err
}
2022-04-03 19:39:52 +03:00
body, err := util.Peek(r.Body, s.config.MessageLimit)
2021-10-23 04:26:01 +03:00
if err != nil {
return err
}
2022-01-03 01:56:12 +03:00
m := newDefaultMessage(t.ID, "")
2022-01-17 21:28:07 +03:00
cache, firebase, email, unifiedpush, err := s.parsePublishParams(r, v, m)
if err != nil {
2021-10-29 06:50:38 +03:00
return err
}
2022-01-17 21:28:07 +03:00
if err := s.handlePublishBody(r, v, m, body, unifiedpush); err != nil {
return err
2021-12-24 02:03:04 +03:00
}
2021-12-15 17:41:55 +03:00
if m.Message == "" {
2021-12-24 02:03:04 +03:00
m.Message = emptyMessageBody
2021-12-15 17:41:55 +03:00
}
delayed := m.Time > time.Now().Unix()
if !delayed {
if err := t.Publish(m); err != nil {
return err
}
}
2021-12-26 00:07:55 +03:00
if s.firebase != nil && firebase && !delayed {
2021-12-09 20:15:17 +03:00
go func() {
if err := s.firebase(m); err != nil {
2022-02-15 00:09:59 +03:00
log.Printf("[%s] FB - Unable to publish to Firebase: %v", v.ip, err.Error())
2021-12-09 20:15:17 +03:00
}
}()
}
2021-12-26 00:07:55 +03:00
if s.mailer != nil && email != "" && !delayed {
2021-12-23 23:04:17 +03:00
go func() {
2021-12-24 17:01:29 +03:00
if err := s.mailer.Send(v.ip, email, m); err != nil {
2022-02-15 00:09:59 +03:00
log.Printf("[%s] MAIL - Unable to send email: %v", v.ip, err.Error())
2021-12-23 23:04:17 +03:00
}
}()
}
2021-12-09 18:23:17 +03:00
if cache {
2022-02-27 22:47:28 +03:00
if err := s.messageCache.AddMessage(m); err != nil {
2021-12-09 18:23:17 +03:00
return err
}
2021-11-02 21:08:21 +03:00
}
w.Header().Set("Content-Type", "application/json")
2021-10-24 20:34:15 +03:00
w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
2021-11-03 18:33:34 +03:00
if err := json.NewEncoder(w).Encode(m); err != nil {
return err
}
2022-01-16 07:17:46 +03:00
s.mu.Lock()
s.messages++
s.mu.Unlock()
2021-10-24 20:34:15 +03:00
return nil
2021-10-23 04:26:01 +03:00
}
2022-01-17 21:28:07 +03:00
func (s *Server) parsePublishParams(r *http.Request, v *visitor, m *message) (cache bool, firebase bool, email string, unifiedpush bool, err error) {
2022-01-16 07:17:46 +03:00
cache = readBoolParam(r, true, "x-cache", "cache")
firebase = readBoolParam(r, true, "x-firebase", "firebase")
2021-12-22 11:44:16 +03:00
m.Title = readParam(r, "x-title", "title", "t")
2022-01-05 01:40:41 +03:00
m.Click = readParam(r, "x-click", "click")
filename := readParam(r, "x-filename", "filename", "file", "f")
2022-01-14 20:13:14 +03:00
attach := readParam(r, "x-attach", "attach", "a")
if attach != "" || filename != "" {
m.Attachment = &attachment{}
}
2022-01-14 20:13:14 +03:00
if filename != "" {
m.Attachment.Name = filename
}
if attach != "" {
if !attachURLRegex.MatchString(attach) {
2022-01-17 21:28:07 +03:00
return false, false, "", false, errHTTPBadRequestAttachmentURLInvalid
}
m.Attachment.URL = attach
2022-01-14 20:13:14 +03:00
if m.Attachment.Name == "" {
u, err := url.Parse(m.Attachment.URL)
if err == nil {
m.Attachment.Name = path.Base(u.Path)
if m.Attachment.Name == "." || m.Attachment.Name == "/" {
m.Attachment.Name = ""
}
}
}
if m.Attachment.Name == "" {
m.Attachment.Name = "attachment"
}
}
email = readParam(r, "x-email", "x-e-mail", "email", "e-mail", "mail", "e")
if email != "" {
if err := v.EmailAllowed(); err != nil {
2022-01-17 21:28:07 +03:00
return false, false, "", false, errHTTPTooManyRequestsLimitEmails
}
}
if s.mailer == nil && email != "" {
2022-01-17 21:28:07 +03:00
return false, false, "", false, errHTTPBadRequestEmailDisabled
}
messageStr := strings.ReplaceAll(readParam(r, "x-message", "message", "m"), "\\n", "\n")
2021-12-15 17:41:55 +03:00
if messageStr != "" {
m.Message = messageStr
}
2021-12-17 04:33:01 +03:00
m.Priority, err = util.ParsePriority(readParam(r, "x-priority", "priority", "prio", "p"))
if err != nil {
2022-01-17 21:28:07 +03:00
return false, false, "", false, errHTTPBadRequestPriorityInvalid
2021-11-28 00:12:08 +03:00
}
2021-12-22 11:44:16 +03:00
tagsStr := readParam(r, "x-tags", "tags", "tag", "ta")
2021-11-28 00:12:08 +03:00
if tagsStr != "" {
m.Tags = make([]string, 0)
2021-12-21 23:22:27 +03:00
for _, s := range util.SplitNoEmpty(tagsStr, ",") {
m.Tags = append(m.Tags, strings.TrimSpace(s))
2021-12-07 23:39:42 +03:00
}
2021-11-28 00:12:08 +03:00
}
2021-12-15 17:41:55 +03:00
delayStr := readParam(r, "x-delay", "delay", "x-at", "at", "x-in", "in")
2021-12-11 08:06:25 +03:00
if delayStr != "" {
if !cache {
2022-01-17 21:28:07 +03:00
return false, false, "", false, errHTTPBadRequestDelayNoCache
}
2021-12-24 02:03:04 +03:00
if email != "" {
2022-01-17 21:28:07 +03:00
return false, false, "", false, errHTTPBadRequestDelayNoEmail // we cannot store the email address (yet)
2021-12-24 02:03:04 +03:00
}
2021-12-11 08:06:25 +03:00
delay, err := util.ParseFutureTime(delayStr, time.Now())
if err != nil {
2022-01-17 21:28:07 +03:00
return false, false, "", false, errHTTPBadRequestDelayCannotParse
2021-12-11 08:06:25 +03:00
} else if delay.Unix() < time.Now().Add(s.config.MinDelay).Unix() {
2022-01-17 21:28:07 +03:00
return false, false, "", false, errHTTPBadRequestDelayTooSmall
2021-12-11 08:06:25 +03:00
} else if delay.Unix() > time.Now().Add(s.config.MaxDelay).Unix() {
2022-01-17 21:28:07 +03:00
return false, false, "", false, errHTTPBadRequestDelayTooLarge
}
2021-12-11 08:06:25 +03:00
m.Time = delay.Unix()
}
2022-04-16 23:17:58 +03:00
actionsStr := readParam(r, "x-actions", "actions", "action")
if actionsStr != "" {
2022-04-19 16:14:32 +03:00
m.Actions, err = parseActions(actionsStr)
if err != nil {
2022-04-27 16:51:23 +03:00
return false, false, "", false, wrapErrHTTP(errHTTPBadRequestActionsInvalid, err.Error())
2022-04-17 21:29:43 +03:00
}
2022-04-16 23:17:58 +03:00
}
2022-01-17 21:28:07 +03:00
unifiedpush = readBoolParam(r, false, "x-unifiedpush", "unifiedpush", "up") // see GET too!
2021-12-26 00:07:55 +03:00
if unifiedpush {
firebase = false
2022-01-17 21:28:07 +03:00
unifiedpush = true
2021-12-26 00:07:55 +03:00
}
2022-01-17 21:28:07 +03:00
return cache, firebase, email, unifiedpush, nil
2021-11-28 00:12:08 +03:00
}
// handlePublishBody consumes the PUT/POST body and decides whether the body is an attachment or the message.
//
2022-01-17 21:28:07 +03:00
// 1. curl -T somebinarydata.bin "ntfy.sh/mytopic?up=1"
// If body is binary, encode as base64, if not do not encode
// 2. curl -H "Attach: http://example.com/file.jpg" ntfy.sh/mytopic
// Body must be a message, because we attached an external URL
2022-01-17 21:28:07 +03:00
// 3. curl -T short.txt -H "Filename: short.txt" ntfy.sh/mytopic
// Body must be attachment, because we passed a filename
// 4. curl -T file.txt ntfy.sh/mytopic
2022-01-17 21:28:07 +03:00
// If file.txt is <= 4096 (message limit) and valid UTF-8, treat it as a message
// 5. curl -T file.txt ntfy.sh/mytopic
// If file.txt is > message limit, treat it as an attachment
2022-04-03 19:39:52 +03:00
func (s *Server) handlePublishBody(r *http.Request, v *visitor, m *message, body *util.PeekedReadCloser, unifiedpush bool) error {
2022-01-17 21:28:07 +03:00
if unifiedpush {
return s.handleBodyAsMessageAutoDetect(m, body) // Case 1
} else if m.Attachment != nil && m.Attachment.URL != "" {
return s.handleBodyAsTextMessage(m, body) // Case 2
} else if m.Attachment != nil && m.Attachment.Name != "" {
2022-01-17 21:28:07 +03:00
return s.handleBodyAsAttachment(r, v, m, body) // Case 3
2022-04-03 19:39:52 +03:00
} else if !body.LimitReached && utf8.Valid(body.PeekedBytes) {
2022-01-17 21:28:07 +03:00
return s.handleBodyAsTextMessage(m, body) // Case 4
}
2022-01-17 21:28:07 +03:00
return s.handleBodyAsAttachment(r, v, m, body) // Case 5
}
2022-04-03 19:39:52 +03:00
func (s *Server) handleBodyAsMessageAutoDetect(m *message, body *util.PeekedReadCloser) error {
if utf8.Valid(body.PeekedBytes) {
m.Message = string(body.PeekedBytes) // Do not trim
2022-01-17 21:28:07 +03:00
} else {
2022-04-03 19:39:52 +03:00
m.Message = base64.StdEncoding.EncodeToString(body.PeekedBytes)
2022-01-17 21:28:07 +03:00
m.Encoding = encodingBase64
}
return nil
}
2022-04-03 19:39:52 +03:00
func (s *Server) handleBodyAsTextMessage(m *message, body *util.PeekedReadCloser) error {
if !utf8.Valid(body.PeekedBytes) {
return errHTTPBadRequestMessageNotUTF8
}
2022-04-03 19:39:52 +03:00
if len(body.PeekedBytes) > 0 { // Empty body should not override message (publish via GET!)
m.Message = strings.TrimSpace(string(body.PeekedBytes)) // Truncates the message to the peek limit if required
}
2022-01-10 21:38:51 +03:00
if m.Attachment != nil && m.Attachment.Name != "" && m.Message == "" {
m.Message = fmt.Sprintf(defaultAttachmentMessage, m.Attachment.Name)
}
return nil
}
2022-04-03 19:39:52 +03:00
func (s *Server) handleBodyAsAttachment(r *http.Request, v *visitor, m *message, body *util.PeekedReadCloser) error {
2022-01-12 19:05:04 +03:00
if s.fileCache == nil || s.config.BaseURL == "" || s.config.AttachmentCacheDir == "" {
return errHTTPBadRequestAttachmentsDisallowed
} else if m.Time > time.Now().Add(s.config.AttachmentExpiryDuration).Unix() {
return errHTTPBadRequestAttachmentsExpiryBeforeDelivery
}
2022-04-03 19:39:52 +03:00
visitorStats, err := v.Stats()
2022-01-11 20:58:11 +03:00
if err != nil {
return err
}
contentLengthStr := r.Header.Get("Content-Length")
if contentLengthStr != "" { // Early "do-not-trust" check, hard limit see below
contentLength, err := strconv.ParseInt(contentLengthStr, 10, 64)
2022-04-03 19:39:52 +03:00
if err == nil && (contentLength > visitorStats.VisitorAttachmentBytesRemaining || contentLength > s.config.AttachmentFileSizeLimit) {
return errHTTPEntityTooLargeAttachmentTooLarge
2022-01-11 20:58:11 +03:00
}
}
if m.Attachment == nil {
m.Attachment = &attachment{}
}
2022-01-10 21:38:51 +03:00
var ext string
m.Attachment.Owner = v.ip // Important for attachment rate limiting
m.Attachment.Expires = time.Now().Add(s.config.AttachmentExpiryDuration).Unix()
2022-04-03 19:39:52 +03:00
m.Attachment.Type, ext = util.DetectContentType(body.PeekedBytes, m.Attachment.Name)
m.Attachment.URL = fmt.Sprintf("%s/file/%s%s", s.config.BaseURL, m.ID, ext)
if m.Attachment.Name == "" {
m.Attachment.Name = fmt.Sprintf("attachment%s", ext)
}
if m.Message == "" {
2022-01-10 21:38:51 +03:00
m.Message = fmt.Sprintf(defaultAttachmentMessage, m.Attachment.Name)
2022-01-04 02:55:08 +03:00
}
2022-04-03 19:39:52 +03:00
m.Attachment.Size, err = s.fileCache.Write(m.ID, body, v.BandwidthLimiter(), util.NewFixedLimiter(visitorStats.VisitorAttachmentBytesRemaining))
if err == util.ErrLimitReached {
return errHTTPEntityTooLargeAttachmentTooLarge
} else if err != nil {
2022-01-03 01:56:12 +03:00
return err
}
return nil
}
2021-11-01 22:21:38 +03:00
func (s *Server) handleSubscribeJSON(w http.ResponseWriter, r *http.Request, v *visitor) error {
encoder := func(msg *message) (string, error) {
var buf bytes.Buffer
if err := json.NewEncoder(&buf).Encode(&msg); err != nil {
return "", err
2021-10-23 04:26:01 +03:00
}
return buf.String(), nil
2021-10-23 04:26:01 +03:00
}
2022-01-16 07:17:46 +03:00
return s.handleSubscribeHTTP(w, r, v, "application/x-ndjson", encoder)
2021-10-23 04:26:01 +03:00
}
2021-11-01 22:21:38 +03:00
func (s *Server) handleSubscribeSSE(w http.ResponseWriter, r *http.Request, v *visitor) error {
encoder := func(msg *message) (string, error) {
2021-10-23 20:21:33 +03:00
var buf bytes.Buffer
if err := json.NewEncoder(&buf).Encode(&msg); err != nil {
return "", err
2021-10-23 20:21:33 +03:00
}
2021-10-29 15:29:27 +03:00
if msg.Event != messageEvent {
return fmt.Sprintf("event: %s\ndata: %s\n", msg.Event, buf.String()), nil // Browser's .onmessage() does not fire on this!
2021-10-23 20:21:33 +03:00
}
return fmt.Sprintf("data: %s\n", buf.String()), nil
2021-10-23 22:22:17 +03:00
}
2022-01-16 07:17:46 +03:00
return s.handleSubscribeHTTP(w, r, v, "text/event-stream", encoder)
2021-10-23 20:21:33 +03:00
}
2021-11-01 22:21:38 +03:00
func (s *Server) handleSubscribeRaw(w http.ResponseWriter, r *http.Request, v *visitor) error {
encoder := func(msg *message) (string, error) {
2021-11-02 21:10:56 +03:00
if msg.Event == messageEvent { // only handle default events
return strings.ReplaceAll(msg.Message, "\n", " ") + "\n", nil
}
return "\n", nil // "keepalive" and "open" events just send an empty line
}
2022-01-16 07:17:46 +03:00
return s.handleSubscribeHTTP(w, r, v, "text/plain", encoder)
}
2022-01-16 07:17:46 +03:00
func (s *Server) handleSubscribeHTTP(w http.ResponseWriter, r *http.Request, v *visitor, contentType string, encoder messageEncoder) error {
2021-12-25 17:15:05 +03:00
if err := v.SubscriptionAllowed(); err != nil {
return errHTTPTooManyRequestsLimitSubscriptions
2021-11-01 22:21:38 +03:00
}
defer v.RemoveSubscription()
2022-01-16 07:17:46 +03:00
topics, topicsStr, err := s.topicsFromPath(r.URL.Path)
2021-11-01 23:39:40 +03:00
if err != nil {
return err
}
2022-01-16 07:17:46 +03:00
poll, since, scheduled, filters, err := parseSubscribeParams(r)
2021-12-21 23:22:27 +03:00
if err != nil {
return err
}
2021-12-22 11:44:16 +03:00
var wlock sync.Mutex
sub := func(msg *message) error {
2022-01-16 07:17:46 +03:00
if !filters.Pass(msg) {
2021-12-21 23:22:27 +03:00
return nil
}
m, err := encoder(msg)
if err != nil {
return err
}
2021-12-21 23:22:27 +03:00
wlock.Lock()
defer wlock.Unlock()
if _, err := w.Write([]byte(m)); err != nil {
return err
}
if fl, ok := w.(http.Flusher); ok {
fl.Flush()
}
return nil
}
2021-11-07 21:08:03 +03:00
w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
w.Header().Set("Content-Type", contentType+"; charset=utf-8") // Android/Volley client needs charset!
2021-10-29 20:58:14 +03:00
if poll {
return s.sendOldMessages(topics, since, scheduled, sub)
2021-10-29 20:58:14 +03:00
}
2021-11-15 15:56:58 +03:00
subscriberIDs := make([]int, 0)
for _, t := range topics {
subscriberIDs = append(subscriberIDs, t.Subscribe(sub))
}
defer func() {
for i, subscriberID := range subscriberIDs {
topics[i].Unsubscribe(subscriberID) // Order!
}
}()
if err := sub(newOpenMessage(topicsStr)); err != nil { // Send out open message
2021-10-29 20:58:14 +03:00
return err
}
if err := s.sendOldMessages(topics, since, scheduled, sub); err != nil {
return err
}
for {
select {
case <-r.Context().Done():
return nil
case <-time.After(s.config.KeepaliveInterval):
2021-11-01 22:21:38 +03:00
v.Keepalive()
2021-11-15 15:56:58 +03:00
if err := sub(newKeepaliveMessage(topicsStr)); err != nil { // Send keepalive message
return err
}
}
}
}
2022-01-15 21:23:35 +03:00
func (s *Server) handleSubscribeWS(w http.ResponseWriter, r *http.Request, v *visitor) error {
if strings.ToLower(r.Header.Get("Upgrade")) != "websocket" {
return errHTTPBadRequestWebSocketsUpgradeHeaderMissing
}
2022-01-15 21:23:35 +03:00
if err := v.SubscriptionAllowed(); err != nil {
return errHTTPTooManyRequestsLimitSubscriptions
}
defer v.RemoveSubscription()
2022-01-16 07:17:46 +03:00
topics, topicsStr, err := s.topicsFromPath(r.URL.Path)
2022-01-15 21:23:35 +03:00
if err != nil {
return err
}
2022-01-16 07:17:46 +03:00
poll, since, scheduled, filters, err := parseSubscribeParams(r)
2022-01-15 21:23:35 +03:00
if err != nil {
return err
}
upgrader := &websocket.Upgrader{
ReadBufferSize: wsBufferSize,
WriteBufferSize: wsBufferSize,
CheckOrigin: func(r *http.Request) bool {
return true // We're open for business!
},
}
conn, err := upgrader.Upgrade(w, r, nil)
if err != nil {
return err
}
defer conn.Close()
2022-01-16 08:07:32 +03:00
var wlock sync.Mutex
2022-01-15 21:23:35 +03:00
g, ctx := errgroup.WithContext(context.Background())
g.Go(func() error {
pongWait := s.config.KeepaliveInterval + wsPongWait
conn.SetReadLimit(wsReadLimit)
if err := conn.SetReadDeadline(time.Now().Add(pongWait)); err != nil {
return err
}
conn.SetPongHandler(func(appData string) error {
return conn.SetReadDeadline(time.Now().Add(pongWait))
})
for {
_, _, err := conn.NextReader()
if err != nil {
return err
}
}
})
g.Go(func() error {
ping := func() error {
2022-01-16 08:07:32 +03:00
wlock.Lock()
defer wlock.Unlock()
2022-01-15 21:23:35 +03:00
if err := conn.SetWriteDeadline(time.Now().Add(wsWriteWait)); err != nil {
return err
}
return conn.WriteMessage(websocket.PingMessage, nil)
}
for {
select {
case <-ctx.Done():
return nil
case <-time.After(s.config.KeepaliveInterval):
v.Keepalive()
if err := ping(); err != nil {
return err
}
}
}
})
sub := func(msg *message) error {
2022-01-16 07:17:46 +03:00
if !filters.Pass(msg) {
2022-01-15 21:23:35 +03:00
return nil
}
2022-01-16 08:07:32 +03:00
wlock.Lock()
defer wlock.Unlock()
2022-01-15 21:23:35 +03:00
if err := conn.SetWriteDeadline(time.Now().Add(wsWriteWait)); err != nil {
return err
}
return conn.WriteJSON(msg)
}
w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
if poll {
return s.sendOldMessages(topics, since, scheduled, sub)
}
subscriberIDs := make([]int, 0)
for _, t := range topics {
subscriberIDs = append(subscriberIDs, t.Subscribe(sub))
}
defer func() {
for i, subscriberID := range subscriberIDs {
topics[i].Unsubscribe(subscriberID) // Order!
}
}()
if err := sub(newOpenMessage(topicsStr)); err != nil { // Send out open message
return err
}
if err := s.sendOldMessages(topics, since, scheduled, sub); err != nil {
return err
}
2022-01-16 06:33:35 +03:00
err = g.Wait()
if err != nil && websocket.IsCloseError(err, websocket.CloseNormalClosure, websocket.CloseGoingAway) {
return nil // Normal closures are not errors
}
return err
2022-01-15 21:23:35 +03:00
}
2022-02-26 23:57:10 +03:00
func parseSubscribeParams(r *http.Request) (poll bool, since sinceMarker, scheduled bool, filters *queryFilter, err error) {
2022-01-16 07:17:46 +03:00
poll = readBoolParam(r, false, "x-poll", "poll", "po")
scheduled = readBoolParam(r, false, "x-scheduled", "scheduled", "sched")
since, err = parseSince(r, poll)
if err != nil {
return
2021-12-21 23:22:27 +03:00
}
2022-01-16 07:17:46 +03:00
filters, err = parseQueryFilters(r)
if err != nil {
return
2021-12-21 23:22:27 +03:00
}
2022-01-16 07:17:46 +03:00
return
2021-12-21 23:22:27 +03:00
}
2022-02-26 23:57:10 +03:00
func (s *Server) sendOldMessages(topics []*topic, since sinceMarker, scheduled bool, sub subscriber) error {
if since.IsNone() {
2021-10-29 20:58:14 +03:00
return nil
}
2021-11-15 15:56:58 +03:00
for _, t := range topics {
2022-02-27 22:47:28 +03:00
messages, err := s.messageCache.Messages(t.ID, since, scheduled)
2021-11-15 15:56:58 +03:00
if err != nil {
2021-10-29 20:58:14 +03:00
return err
}
2021-11-15 15:56:58 +03:00
for _, m := range messages {
if err := sub(m); err != nil {
return err
}
}
2021-10-29 20:58:14 +03:00
}
2021-10-24 20:34:15 +03:00
return nil
}
// parseSince returns a timestamp identifying the time span from which cached messages should be received.
//
// Values in the "since=..." parameter can be either a unix timestamp or a duration (e.g. 12h), or
// "all" for all messages.
2022-02-26 23:57:10 +03:00
func parseSince(r *http.Request, poll bool) (sinceMarker, error) {
2021-12-22 11:44:16 +03:00
since := readParam(r, "x-since", "since", "si")
2022-02-26 23:57:10 +03:00
// Easy cases (empty, all, none)
2021-12-22 11:44:16 +03:00
if since == "" {
if poll {
return sinceAllMessages, nil
}
return sinceNoMessages, nil
2022-02-26 23:57:10 +03:00
} else if since == "all" {
return sinceAllMessages, nil
2022-02-26 23:57:10 +03:00
} else if since == "none" {
return sinceNoMessages, nil
}
// ID, timestamp, duration
if validMessageID(since) {
return newSinceID(since), nil
2021-12-22 11:44:16 +03:00
} else if s, err := strconv.ParseInt(since, 10, 64); err == nil {
2022-02-26 23:57:10 +03:00
return newSinceTime(s), nil
2021-12-22 11:44:16 +03:00
} else if d, err := time.ParseDuration(since); err == nil {
2022-02-26 23:57:10 +03:00
return newSinceTime(time.Now().Add(-1 * d).Unix()), nil
2021-10-29 20:58:14 +03:00
}
2021-12-25 17:15:05 +03:00
return sinceNoMessages, errHTTPBadRequestSinceInvalid
2021-10-29 20:58:14 +03:00
}
2022-05-13 21:42:25 +03:00
func (s *Server) handleOptions(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
2021-10-29 20:58:14 +03:00
w.Header().Set("Access-Control-Allow-Methods", "GET, PUT, POST")
2022-03-11 06:58:24 +03:00
w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
w.Header().Set("Access-Control-Allow-Headers", "*") // CORS, allow auth via JS // FIXME is this terrible?
2021-10-24 21:22:53 +03:00
return nil
}
2021-12-15 17:41:55 +03:00
func (s *Server) topicFromPath(path string) (*topic, error) {
parts := strings.Split(path, "/")
if len(parts) < 2 {
2021-12-25 17:15:05 +03:00
return nil, errHTTPBadRequestTopicInvalid
2021-12-15 17:41:55 +03:00
}
topics, err := s.topicsFromIDs(parts[1])
2021-11-15 15:56:58 +03:00
if err != nil {
return nil, err
}
return topics[0], nil
}
2022-01-16 07:17:46 +03:00
func (s *Server) topicsFromPath(path string) ([]*topic, string, error) {
parts := strings.Split(path, "/")
if len(parts) < 2 {
return nil, "", errHTTPBadRequestTopicInvalid
}
topicIDs := util.SplitNoEmpty(parts[1], ",")
topics, err := s.topicsFromIDs(topicIDs...)
if err != nil {
return nil, "", errHTTPBadRequestTopicInvalid
}
return topics, parts[1], nil
}
2021-11-28 00:12:08 +03:00
func (s *Server) topicsFromIDs(ids ...string) ([]*topic, error) {
2021-10-23 04:26:01 +03:00
s.mu.Lock()
defer s.mu.Unlock()
2021-11-15 15:56:58 +03:00
topics := make([]*topic, 0)
2021-11-28 00:12:08 +03:00
for _, id := range ids {
2021-12-09 06:13:59 +03:00
if util.InStringList(disallowedTopics, id) {
2021-12-25 17:15:05 +03:00
return nil, errHTTPBadRequestTopicDisallowed
2021-12-09 06:13:59 +03:00
}
2021-11-15 15:56:58 +03:00
if _, ok := s.topics[id]; !ok {
2022-01-03 01:56:12 +03:00
if len(s.topics) >= s.config.TotalTopicLimit {
2022-01-12 19:05:04 +03:00
return nil, errHTTPTooManyRequestsLimitTotalTopics
2021-11-15 15:56:58 +03:00
}
2021-12-09 06:57:31 +03:00
s.topics[id] = newTopic(id)
2021-10-29 20:58:14 +03:00
}
2021-11-15 15:56:58 +03:00
topics = append(topics, s.topics[id])
2021-10-23 04:26:01 +03:00
}
2021-11-15 15:56:58 +03:00
return topics, nil
2021-10-23 04:26:01 +03:00
}
2021-12-11 06:57:01 +03:00
func (s *Server) updateStatsAndPrune() {
2021-10-23 04:26:01 +03:00
s.mu.Lock()
defer s.mu.Unlock()
2021-10-29 20:58:14 +03:00
// Expire visitors from rate visitors map
for ip, v := range s.visitors {
2021-11-01 22:21:38 +03:00
if v.Stale() {
2021-10-29 20:58:14 +03:00
delete(s.visitors, ip)
}
2021-10-23 04:26:01 +03:00
}
2022-01-07 17:15:33 +03:00
// Delete expired attachments
2022-01-08 20:14:43 +03:00
if s.fileCache != nil {
2022-02-27 22:47:28 +03:00
ids, err := s.messageCache.AttachmentsExpired()
2022-01-08 20:14:43 +03:00
if err == nil {
if err := s.fileCache.Remove(ids...); err != nil {
log.Printf("error while deleting attachments: %s", err.Error())
}
} else {
log.Printf("error retrieving expired attachments: %s", err.Error())
2022-01-07 17:15:33 +03:00
}
}
2021-12-11 06:57:01 +03:00
// Prune message cache
2021-12-09 06:57:31 +03:00
olderThan := time.Now().Add(-1 * s.config.CacheDuration)
2022-02-27 22:47:28 +03:00
if err := s.messageCache.Prune(olderThan); err != nil {
2021-11-03 04:09:49 +03:00
log.Printf("error pruning cache: %s", err.Error())
2021-11-02 21:08:21 +03:00
}
2021-12-11 06:57:01 +03:00
// Prune old topics, remove subscriptions without subscribers
2021-11-03 04:09:49 +03:00
var subscribers, messages int
2021-10-29 20:58:14 +03:00
for _, t := range s.topics {
2021-11-03 04:09:49 +03:00
subs := t.Subscribers()
2022-02-27 22:47:28 +03:00
msgs, err := s.messageCache.MessageCount(t.ID)
2021-11-03 04:09:49 +03:00
if err != nil {
2021-12-09 06:57:31 +03:00
log.Printf("cannot get stats for topic %s: %s", t.ID, err.Error())
2021-11-03 04:09:49 +03:00
continue
}
2021-12-09 20:15:17 +03:00
if msgs == 0 && subs == 0 {
2021-12-09 06:57:31 +03:00
delete(s.topics, t.ID)
2021-11-03 04:09:49 +03:00
continue
2021-10-29 20:58:14 +03:00
}
subscribers += subs
messages += msgs
}
2021-11-03 04:09:49 +03:00
2021-12-28 00:18:15 +03:00
// Mail stats
var mailSuccess, mailFailure int64
if s.smtpBackend != nil {
mailSuccess, mailFailure = s.smtpBackend.Counts()
}
2021-12-28 00:06:40 +03:00
2021-11-03 04:09:49 +03:00
// Print stats
2021-12-28 00:06:40 +03:00
log.Printf("Stats: %d message(s) published, %d in cache, %d successful mails, %d failed, %d topic(s) active, %d subscriber(s), %d visitor(s)",
s.messages, messages, mailSuccess, mailFailure, len(s.topics), subscribers, len(s.visitors))
}
2021-10-24 05:49:50 +03:00
2021-12-28 00:06:40 +03:00
func (s *Server) runSMTPServer() error {
2021-12-27 18:39:28 +03:00
sub := func(m *message) error {
url := fmt.Sprintf("%s/%s", s.config.BaseURL, m.Topic)
req, err := http.NewRequest("PUT", url, strings.NewReader(m.Message))
if err != nil {
return err
}
if m.Title != "" {
req.Header.Set("Title", m.Title)
}
rr := httptest.NewRecorder()
s.handle(rr, req)
if rr.Code != http.StatusOK {
return errors.New("error: " + rr.Body.String())
}
return nil
}
2021-12-28 00:06:40 +03:00
s.smtpBackend = newMailBackend(s.config, sub)
s.smtpServer = smtp.NewServer(s.smtpBackend)
s.smtpServer.Addr = s.config.SMTPServerListen
s.smtpServer.Domain = s.config.SMTPServerDomain
s.smtpServer.ReadTimeout = 10 * time.Second
s.smtpServer.WriteTimeout = 10 * time.Second
2021-12-28 03:26:20 +03:00
s.smtpServer.MaxMessageBytes = 1024 * 1024 // Must be much larger than message size (headers, multipart, etc.)
2021-12-28 00:06:40 +03:00
s.smtpServer.MaxRecipients = 1
s.smtpServer.AllowInsecureAuth = true
return s.smtpServer.ListenAndServe()
2021-12-27 17:48:09 +03:00
}
2021-12-15 17:13:16 +03:00
func (s *Server) runManager() {
2021-12-22 16:17:50 +03:00
for {
select {
case <-time.After(s.config.ManagerInterval):
2021-12-15 17:13:16 +03:00
s.updateStatsAndPrune()
2021-12-22 16:17:50 +03:00
case <-s.closeChan:
return
2021-12-15 17:13:16 +03:00
}
2021-12-22 16:17:50 +03:00
}
2021-12-15 17:13:16 +03:00
}
func (s *Server) runAtSender() {
for {
2021-12-22 16:17:50 +03:00
select {
case <-time.After(s.config.AtSenderInterval):
if err := s.sendDelayedMessages(); err != nil {
log.Printf("error sending scheduled messages: %s", err.Error())
}
case <-s.closeChan:
return
2021-12-15 17:13:16 +03:00
}
}
}
2022-01-21 22:17:59 +03:00
func (s *Server) runFirebaseKeepaliver() {
2021-12-15 17:13:16 +03:00
if s.firebase == nil {
return
}
for {
2021-12-22 16:17:50 +03:00
select {
case <-time.After(s.config.FirebaseKeepaliveInterval):
if err := s.firebase(newKeepaliveMessage(firebaseControlTopic)); err != nil {
log.Printf("error sending Firebase keepalive message: %s", err.Error())
}
case <-s.closeChan:
return
2021-12-15 17:13:16 +03:00
}
}
}
2021-12-22 16:17:50 +03:00
func (s *Server) sendDelayedMessages() error {
s.mu.Lock()
defer s.mu.Unlock()
2022-02-27 22:47:28 +03:00
messages, err := s.messageCache.MessagesDue()
if err != nil {
return err
}
for _, m := range messages {
t, ok := s.topics[m.Topic] // If no subscribers, just mark message as published
if ok {
if err := t.Publish(m); err != nil {
log.Printf("unable to publish message %s to topic %s: %v", m.ID, m.Topic, err.Error())
}
2022-01-10 23:36:12 +03:00
}
if s.firebase != nil { // Firebase subscribers may not show up in topics map
if err := s.firebase(m); err != nil {
log.Printf("unable to publish to Firebase: %v", err.Error())
}
}
2022-02-27 22:47:28 +03:00
if err := s.messageCache.MarkPublished(m); err != nil {
return err
}
}
return nil
}
2022-01-22 06:22:27 +03:00
func (s *Server) limitRequests(next handleFunc) handleFunc {
return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
2022-02-15 00:09:59 +03:00
if util.InStringList(s.config.VisitorRequestExemptIPAddrs, v.ip) {
return next(w, r, v)
} else if err := v.RequestAllowed(); err != nil {
2022-01-22 06:22:27 +03:00
return errHTTPTooManyRequestsLimitRequests
}
return next(w, r, v)
}
}
2022-05-13 21:42:25 +03:00
func (s *Server) ensureWebEnabled(next handleFunc) handleFunc {
return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
if !s.config.EnableWeb {
return errHTTPNotFound
}
return next(w, r, v)
}
}
2022-04-03 19:39:52 +03:00
// transformBodyJSON peeks the request body, reads the JSON, and converts it to headers
2022-03-16 21:16:54 +03:00
// before passing it on to the next handler. This is meant to be used in combination with handlePublish.
func (s *Server) transformBodyJSON(next handleFunc) handleFunc {
2022-03-15 23:00:59 +03:00
return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
2022-04-03 19:39:52 +03:00
body, err := util.Peek(r.Body, s.config.MessageLimit)
2022-03-15 23:00:59 +03:00
if err != nil {
return err
}
defer r.Body.Close()
var m publishMessage
if err := json.NewDecoder(body).Decode(&m); err != nil {
2022-03-16 21:16:54 +03:00
return errHTTPBadRequestJSONInvalid
2022-03-15 23:00:59 +03:00
}
if !topicRegex.MatchString(m.Topic) {
2022-03-16 21:16:54 +03:00
return errHTTPBadRequestTopicInvalid
2022-03-15 23:00:59 +03:00
}
if m.Message == "" {
m.Message = emptyMessageBody
}
r.URL.Path = "/" + m.Topic
r.Body = io.NopCloser(strings.NewReader(m.Message))
if m.Title != "" {
r.Header.Set("X-Title", m.Title)
}
2022-03-16 21:16:54 +03:00
if m.Priority != 0 {
r.Header.Set("X-Priority", fmt.Sprintf("%d", m.Priority))
2022-03-15 23:00:59 +03:00
}
2022-03-16 21:16:54 +03:00
if m.Tags != nil && len(m.Tags) > 0 {
r.Header.Set("X-Tags", strings.Join(m.Tags, ","))
2022-03-15 23:00:59 +03:00
}
if m.Attach != "" {
r.Header.Set("X-Attach", m.Attach)
}
if m.Filename != "" {
r.Header.Set("X-Filename", m.Filename)
}
if m.Click != "" {
r.Header.Set("X-Click", m.Click)
}
2022-04-16 23:17:58 +03:00
if len(m.Actions) > 0 {
actionsStr, err := json.Marshal(m.Actions)
if err != nil {
return errHTTPBadRequestJSONInvalid
}
r.Header.Set("X-Actions", string(actionsStr))
}
if m.Email != "" {
r.Header.Set("X-Email", m.Email)
}
if m.Delay != "" {
r.Header.Set("X-Delay", m.Delay)
}
2022-03-15 23:00:59 +03:00
return next(w, r, v)
}
}
2022-01-22 06:22:27 +03:00
func (s *Server) authWrite(next handleFunc) handleFunc {
2022-01-23 08:02:16 +03:00
return s.withAuth(next, auth.PermissionWrite)
2022-01-22 06:22:27 +03:00
}
func (s *Server) authRead(next handleFunc) handleFunc {
2022-01-23 08:02:16 +03:00
return s.withAuth(next, auth.PermissionRead)
2022-01-22 06:22:27 +03:00
}
2022-01-23 08:02:16 +03:00
func (s *Server) withAuth(next handleFunc, perm auth.Permission) handleFunc {
2022-01-22 06:22:27 +03:00
return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
2022-01-23 07:01:20 +03:00
if s.auth == nil {
2022-01-22 06:22:27 +03:00
return next(w, r, v)
}
2022-01-27 20:49:05 +03:00
topics, _, err := s.topicsFromPath(r.URL.Path)
2022-01-22 06:22:27 +03:00
if err != nil {
return err
}
2022-01-24 07:02:39 +03:00
var user *auth.User // may stay nil if no auth header!
username, password, ok := extractUserPass(r)
2022-01-22 06:22:27 +03:00
if ok {
2022-01-23 07:01:20 +03:00
if user, err = s.auth.Authenticate(username, password); err != nil {
2022-01-22 22:47:27 +03:00
log.Printf("authentication failed: %s", err.Error())
2022-01-22 06:22:27 +03:00
return errHTTPUnauthorized
}
}
2022-01-27 20:49:05 +03:00
for _, t := range topics {
if err := s.auth.Authorize(user, t.ID, perm); err != nil {
log.Printf("unauthorized: %s", err.Error())
return errHTTPForbidden
}
2022-01-22 06:22:27 +03:00
}
return next(w, r, v)
}
}
// extractUserPass reads the username/password from the basic auth header (Authorization: Basic ...),
// or from the ?auth=... query param. The latter is required only to support the WebSocket JavaScript
// class, which does not support passing headers during the initial request. The auth query param
// is effectively double base64 encoded. Its format is base64(Basic base64(user:pass)).
func extractUserPass(r *http.Request) (username string, password string, ok bool) {
username, password, ok = r.BasicAuth()
if ok {
return
}
authParam := readQueryParam(r, "authorization", "auth")
if authParam != "" {
a, err := base64.RawURLEncoding.DecodeString(authParam)
if err != nil {
return
}
r.Header.Set("Authorization", string(a))
return r.BasicAuth()
}
return
}
2021-10-24 05:49:50 +03:00
// visitor creates or retrieves a rate.Limiter for the given visitor.
// This function was taken from https://www.alexedwards.net/blog/how-to-rate-limit-http-requests (MIT).
func (s *Server) visitor(r *http.Request) *visitor {
2021-10-24 05:49:50 +03:00
s.mu.Lock()
defer s.mu.Unlock()
remoteAddr := r.RemoteAddr
2021-10-24 05:49:50 +03:00
ip, _, err := net.SplitHostPort(remoteAddr)
if err != nil {
ip = remoteAddr // This should not happen in real life; only in tests.
}
if s.config.BehindProxy && r.Header.Get("X-Forwarded-For") != "" {
ip = r.Header.Get("X-Forwarded-For")
}
2021-10-24 05:49:50 +03:00
v, exists := s.visitors[ip]
if !exists {
2022-04-03 19:39:52 +03:00
s.visitors[ip] = newVisitor(s.config, s.messageCache, ip)
2021-11-01 22:21:38 +03:00
return s.visitors[ip]
2021-10-24 05:49:50 +03:00
}
2021-12-22 12:04:59 +03:00
v.Keepalive()
2021-10-24 05:49:50 +03:00
return v
}