diff --git a/cmd/serve.go b/cmd/serve.go
index d71c40eb..ab8d75ec 100644
--- a/cmd/serve.go
+++ b/cmd/serve.go
@@ -63,6 +63,7 @@ var flagsServe = append(
altsrc.NewBoolFlag(&cli.BoolFlag{Name: "enable-signup", Aliases: []string{"enable_signup"}, EnvVars: []string{"NTFY_ENABLE_SIGNUP"}, Value: false, Usage: "allows users to sign up via the web app, or API"}),
altsrc.NewBoolFlag(&cli.BoolFlag{Name: "enable-login", Aliases: []string{"enable_login"}, EnvVars: []string{"NTFY_ENABLE_LOGIN"}, Value: false, Usage: "allows users to log in via the web app, or API"}),
altsrc.NewBoolFlag(&cli.BoolFlag{Name: "enable-reservations", Aliases: []string{"enable_reservations"}, EnvVars: []string{"NTFY_ENABLE_RESERVATIONS"}, Value: false, Usage: "allows users to reserve topics (if their tier allows it)"}),
+ altsrc.NewBoolFlag(&cli.BoolFlag{Name: "require-login", Aliases: []string{"require_login"}, EnvVars: []string{"NTFY_REQUIRE_LOGIN"}, Value: false, Usage: "all actions via the web app requires a login"}),
altsrc.NewStringFlag(&cli.StringFlag{Name: "upstream-base-url", Aliases: []string{"upstream_base_url"}, EnvVars: []string{"NTFY_UPSTREAM_BASE_URL"}, Value: "", Usage: "forward poll request to an upstream server, this is needed for iOS push notifications for self-hosted servers"}),
altsrc.NewStringFlag(&cli.StringFlag{Name: "upstream-access-token", Aliases: []string{"upstream_access_token"}, EnvVars: []string{"NTFY_UPSTREAM_ACCESS_TOKEN"}, Value: "", Usage: "access token to use for the upstream server; needed only if upstream rate limits are exceeded or upstream server requires auth"}),
altsrc.NewStringFlag(&cli.StringFlag{Name: "smtp-sender-addr", Aliases: []string{"smtp_sender_addr"}, EnvVars: []string{"NTFY_SMTP_SENDER_ADDR"}, Usage: "SMTP server address (host:port) for outgoing emails"}),
@@ -171,6 +172,7 @@ func execServe(c *cli.Context) error {
webRoot := c.String("web-root")
enableSignup := c.Bool("enable-signup")
enableLogin := c.Bool("enable-login")
+ requireLogin := c.Bool("require-login")
enableReservations := c.Bool("enable-reservations")
upstreamBaseURL := c.String("upstream-base-url")
upstreamAccessToken := c.String("upstream-access-token")
@@ -318,10 +320,12 @@ func execServe(c *cli.Context) error {
return errors.New("if upstream-base-url is set, base-url must also be set")
} else if upstreamBaseURL != "" && baseURL != "" && baseURL == upstreamBaseURL {
return errors.New("base-url and upstream-base-url cannot be identical, you'll likely want to set upstream-base-url to https://ntfy.sh, see https://ntfy.sh/docs/config/#ios-instant-notifications")
- } else if authFile == "" && (enableSignup || enableLogin || enableReservations || stripeSecretKey != "") {
- return errors.New("cannot set enable-signup, enable-login, enable-reserve-topics, or stripe-secret-key if auth-file is not set")
+ } else if authFile == "" && (enableSignup || enableLogin || requireLogin || enableReservations || stripeSecretKey != "") {
+ return errors.New("cannot set enable-signup, enable-login, require-login, enable-reserve-topics, or stripe-secret-key if auth-file is not set")
} else if enableSignup && !enableLogin {
return errors.New("cannot set enable-signup without also setting enable-login")
+ } else if requireLogin && !enableLogin {
+ return errors.New("cannot set require-login without also setting enable-login")
} else if !payments.Available && (stripeSecretKey != "" || stripeWebhookKey != "") {
return errors.New("cannot set stripe-secret-key or stripe-webhook-key, support for payments is not available in this build (nopayments)")
} else if stripeSecretKey != "" && (stripeWebhookKey == "" || baseURL == "") {
@@ -475,6 +479,7 @@ func execServe(c *cli.Context) error {
conf.BillingContact = billingContact
conf.EnableSignup = enableSignup
conf.EnableLogin = enableLogin
+ conf.RequireLogin = requireLogin
conf.EnableReservations = enableReservations
conf.EnableMetrics = enableMetrics
conf.MetricsListenHTTP = metricsListenHTTP
diff --git a/docs/config.md b/docs/config.md
index f3a5e3a3..74325dad 100644
--- a/docs/config.md
+++ b/docs/config.md
@@ -1698,6 +1698,7 @@ variable before running the `ntfy` command (e.g. `export NTFY_LISTEN_HTTP=:80`).
| `enable-signup` | `NTFY_ENABLE_SIGNUP` | *boolean* (`true` or `false`) | `false` | Allows users to sign up via the web app, or API |
| `enable-login` | `NTFY_ENABLE_LOGIN` | *boolean* (`true` or `false`) | `false` | Allows users to log in via the web app, or API |
| `enable-reservations` | `NTFY_ENABLE_RESERVATIONS` | *boolean* (`true` or `false`) | `false` | Allows users to reserve topics (if their tier allows it) |
+| `require-login` | `NTFY_REQUIRE_LOGIN` | *boolean* (`true` or `false`) | `false` | All actions via the web app require a login |
| `stripe-secret-key` | `NTFY_STRIPE_SECRET_KEY` | *string* | - | Payments: Key used for the Stripe API communication, this enables payments |
| `stripe-webhook-key` | `NTFY_STRIPE_WEBHOOK_KEY` | *string* | - | Payments: Key required to validate the authenticity of incoming webhooks from Stripe |
| `billing-contact` | `NTFY_BILLING_CONTACT` | *email address* or *website* | - | Payments: Email or website displayed in Upgrade dialog as a billing contact |
diff --git a/docs/releases.md b/docs/releases.md
index 48c4ec16..15bfa743 100644
--- a/docs/releases.md
+++ b/docs/releases.md
@@ -1470,6 +1470,10 @@ and the [ntfy Android app](https://github.com/binwiederhier/ntfy-android/release
### ntfy server v2.15.0 (UNRELEASED)
+**Features:**
+
+* Add `require-login` flag to redirect to login page if not logged in ([#1434](https://github.com/binwiederhier/ntfy/pull/1434)/[#238](https://github.com/binwiederhier/ntfy/issues/238)/[#1329](https://github.com/binwiederhier/ntfy/pull/1329), thanks to [@theatischbein](https://github.com/theatischbein) for implementing most of this)
+
**Bug fixes + maintenance:**
* Add mutex around message cache writes to avoid `database locked` errors ([#1397](https://github.com/binwiederhier/ntfy/pull/1397), [#1391](https://github.com/binwiederhier/ntfy/issues/1391), thanks to [@timofej673](https://github.com/timofej673))
diff --git a/server/config.go b/server/config.go
index 6a7c4cee..8e7dcda2 100644
--- a/server/config.go
+++ b/server/config.go
@@ -162,6 +162,7 @@ type Config struct {
BillingContact string
EnableSignup bool // Enable creation of accounts via API and UI
EnableLogin bool
+ RequireLogin bool
EnableReservations bool // Allow users with role "user" to own/reserve topics
EnableMetrics bool
AccessControlAllowOrigin string // CORS header field to restrict access from web clients
@@ -256,6 +257,7 @@ func NewConfig() *Config {
EnableSignup: false,
EnableLogin: false,
EnableReservations: false,
+ RequireLogin: false,
AccessControlAllowOrigin: "*",
Version: "",
WebPushPrivateKey: "",
diff --git a/server/server.go b/server/server.go
index 8b5fb00b..fc04d50f 100644
--- a/server/server.go
+++ b/server/server.go
@@ -9,8 +9,6 @@ import (
"encoding/json"
"errors"
"fmt"
- "gopkg.in/yaml.v2"
- "heckel.io/ntfy/v2/payments"
"io"
"net"
"net/http"
@@ -33,7 +31,9 @@ import (
"github.com/gorilla/websocket"
"github.com/prometheus/client_golang/prometheus/promhttp"
"golang.org/x/sync/errgroup"
+ "gopkg.in/yaml.v2"
"heckel.io/ntfy/v2/log"
+ "heckel.io/ntfy/v2/payments"
"heckel.io/ntfy/v2/user"
"heckel.io/ntfy/v2/util"
"heckel.io/ntfy/v2/util/sprig"
@@ -600,6 +600,7 @@ func (s *Server) handleWebConfig(w http.ResponseWriter, _ *http.Request, _ *visi
BaseURL: "", // Will translate to window.location.origin
AppRoot: s.config.WebRoot,
EnableLogin: s.config.EnableLogin,
+ RequireLogin: s.config.RequireLogin,
EnableSignup: s.config.EnableSignup,
EnablePayments: s.config.StripeSecretKey != "",
EnableCalls: s.config.TwilioAccount != "",
diff --git a/server/server.yml b/server/server.yml
index 9b3a008b..d9e85453 100644
--- a/server/server.yml
+++ b/server/server.yml
@@ -258,9 +258,11 @@
#
# - enable-signup allows users to sign up via the web app, or API
# - enable-login allows users to log in via the web app, or API
+# - require-login redirects users to the login page if they are not logged in (disallows web app access without login)
# - enable-reservations allows users to reserve topics (if their tier allows it)
#
# enable-signup: false
+# require-login: false
# enable-login: false
# enable-reservations: false
diff --git a/server/types.go b/server/types.go
index b8a82883..d9519b94 100644
--- a/server/types.go
+++ b/server/types.go
@@ -449,6 +449,7 @@ type apiConfigResponse struct {
BaseURL string `json:"base_url"`
AppRoot string `json:"app_root"`
EnableLogin bool `json:"enable_login"`
+ RequireLogin bool `json:"require_login"`
EnableSignup bool `json:"enable_signup"`
EnablePayments bool `json:"enable_payments"`
EnableCalls bool `json:"enable_calls"`
diff --git a/web/public/config.js b/web/public/config.js
index 63bc97bd..5b904cd5 100644
--- a/web/public/config.js
+++ b/web/public/config.js
@@ -9,6 +9,7 @@ var config = {
base_url: window.location.origin, // Change to test against a different server
app_root: "/",
enable_login: true,
+ require_login: true,
enable_signup: true,
enable_payments: false,
enable_reservations: true,
diff --git a/web/src/app/utils.js b/web/src/app/utils.js
index b798589c..935f2024 100644
--- a/web/src/app/utils.js
+++ b/web/src/app/utils.js
@@ -79,7 +79,7 @@ export const maybeWithBearerAuth = (headers, token) => {
export const withBasicAuth = (headers, username, password) => ({
...headers,
- Authorization: basicAuth(username, password)
+ Authorization: basicAuth(username, password),
});
export const maybeWithAuth = (headers, user) => {
@@ -142,7 +142,7 @@ export const getKebabCaseLangStr = (language) => language.replace(/_/g, "-");
export const formatShortDateTime = (timestamp, language) =>
new Intl.DateTimeFormat(getKebabCaseLangStr(language), {
dateStyle: "short",
- timeStyle: "short"
+ timeStyle: "short",
}).format(new Date(timestamp * 1000));
export const formatShortDate = (timestamp, language) =>
@@ -181,32 +181,32 @@ export const openUrl = (url) => {
export const sounds = {
ding: {
file: ding,
- label: "Ding"
+ label: "Ding",
},
juntos: {
file: juntos,
- label: "Juntos"
+ label: "Juntos",
},
pristine: {
file: pristine,
- label: "Pristine"
+ label: "Pristine",
},
dadum: {
file: dadum,
- label: "Dadum"
+ label: "Dadum",
},
pop: {
file: pop,
- label: "Pop"
+ label: "Pop",
},
"pop-swoosh": {
file: popSwoosh,
- label: "Pop swoosh"
+ label: "Pop swoosh",
},
beep: {
file: beep,
- label: "Beep"
- }
+ label: "Beep",
+ },
};
export const playSound = async (id) => {
@@ -219,7 +219,7 @@ export const playSound = async (id) => {
export async function* fetchLinesIterator(fileURL, headers) {
const utf8Decoder = new TextDecoder("utf-8");
const response = await fetch(fileURL, {
- headers
+ headers,
});
const reader = response.body.getReader();
let { value: chunk, done: readerDone } = await reader.read();
@@ -228,7 +228,7 @@ export async function* fetchLinesIterator(fileURL, headers) {
const re = /\n|\r|\r\n/gm;
let startIndex = 0;
- for (; ;) {
+ for (;;) {
const result = re.exec(chunk);
if (!result) {
if (readerDone) {
@@ -277,17 +277,17 @@ export const urlB64ToUint8Array = (base64String) => {
export const copyToClipboard = (text) => {
if (navigator.clipboard && window.isSecureContext) {
return navigator.clipboard.writeText(text);
- } else {
- const textarea = document.createElement("textarea");
- textarea.value = text;
- textarea.setAttribute("readonly", ""); // Avoid mobile keyboards from popping up
- textarea.style.position = "fixed"; // Avoid scroll jump
- textarea.style.left = "-9999px";
- document.body.appendChild(textarea);
- textarea.focus();
- textarea.select();
- document.execCommand("copy");
- document.body.removeChild(textarea);
- return Promise.resolve();
}
+ // Fallback to the older method if clipboard API is not supported (or on HTTP)
+ const textarea = document.createElement("textarea");
+ textarea.value = text;
+ textarea.setAttribute("readonly", ""); // Avoid mobile keyboards from popping up
+ textarea.style.position = "fixed"; // Avoid scroll jump
+ textarea.style.left = "-9999px";
+ document.body.appendChild(textarea);
+ textarea.focus();
+ textarea.select();
+ document.execCommand("copy");
+ document.body.removeChild(textarea);
+ return Promise.resolve();
};
diff --git a/web/src/components/App.jsx b/web/src/components/App.jsx
index 7f84b7de..9a2c3e66 100644
--- a/web/src/components/App.jsx
+++ b/web/src/components/App.jsx
@@ -23,6 +23,7 @@ import Account from "./Account";
import initI18n from "../app/i18n"; // Translations!
import prefs, { THEME } from "../app/Prefs";
import RTLCacheProvider from "./RTLCacheProvider";
+import session from "../app/Session";
initI18n();
@@ -45,7 +46,6 @@ const darkModeEnabled = (prefersDarkMode, themePreference) => {
const App = () => {
const { i18n } = useTranslation();
const languageDir = i18n.dir();
-
const [account, setAccount] = useState(null);
const accountMemo = useMemo(() => ({ account, setAccount }), [account, setAccount]);
const prefersDarkMode = useMediaQuery("(prefers-color-scheme: dark)");
@@ -60,6 +60,12 @@ const App = () => {
document.dir = languageDir;
}, [i18n.language, languageDir]);
+ useEffect(() => {
+ if (!session.exists() && config.require_login && window.location.pathname !== routes.login) {
+ window.location.href = routes.login;
+ }
+ }, []);
+
return (
}>
diff --git a/web/src/components/Notifications.jsx b/web/src/components/Notifications.jsx
index 9f984431..449b238b 100644
--- a/web/src/components/Notifications.jsx
+++ b/web/src/components/Notifications.jsx
@@ -28,7 +28,13 @@ import { useRemark } from "react-remark";
import styled from "@emotion/styled";
import {
copyToClipboard,
- formatBytes, formatShortDateTime, maybeActionErrors, openUrl, shortUrl, topicShortUrl, unmatchedTags
+ formatBytes,
+ formatShortDateTime,
+ maybeActionErrors,
+ openUrl,
+ shortUrl,
+ topicShortUrl,
+ unmatchedTags,
} from "../app/utils";
import { formatMessage, formatTitle, isImage } from "../app/notificationUtils";
import { LightboxBackdrop, Paragraph, VerticallyCenteredContainer } from "./styles";