Bump version; update docs

Attachments

.gitignore

@@ -3,4 +3,5 @@ build/
 .idea/
 server/docs/
 tools/fbsend/fbsend
+playground/
 *.iml

.goreleaser.yml

@@ -59,6 +59,8 @@ nfpms:
         dst: /lib/systemd/system/ntfy-client.service
       - dst: /var/cache/ntfy
         type: dir
+      - dst: /var/cache/ntfy/attachments
+        type: dir
       - dst: /usr/share/ntfy/logo.png
         src: server/static/img/ntfy.png
     scripts:

Makefile

@@ -105,7 +105,8 @@ build-snapshot: build-deps
 	goreleaser build --snapshot --rm-dist --debug
 
 build-simple: clean
-	mkdir -p dist/ntfy_linux_amd64
+	mkdir -p dist/ntfy_linux_amd64 server/docs
+	touch server/docs/dummy
 	export CGO_ENABLED=1
 	go build \
 		-o dist/ntfy_linux_amd64/ntfy \

README.md

@@ -6,7 +6,8 @@
 [![Tests](https://github.com/binwiederhier/ntfy/workflows/test/badge.svg)](https://github.com/binwiederhier/ntfy/actions)
 [![Go Report Card](https://goreportcard.com/badge/github.com/binwiederhier/ntfy)](https://goreportcard.com/report/github.com/binwiederhier/ntfy)
 [![codecov](https://codecov.io/gh/binwiederhier/ntfy/branch/main/graph/badge.svg?token=A597KQ463G)](https://codecov.io/gh/binwiederhier/ntfy)
-[![Discord](https://img.shields.io/discord/874398661709295626)](https://discord.gg/cT7ECsZj9w)
+[![Discord](https://img.shields.io/discord/874398661709295626?label=Discord)](https://discord.gg/cT7ECsZj9w)
+[![Matrix](https://img.shields.io/matrix/ntfy:matrix.org?label=Matrix)](https://matrix.to/#/#ntfy:matrix.org)
 [![Healthcheck](https://healthchecks.io/badge/68b65976-b3b0-4102-aec9-980921/kcoEgrLY.svg)](https://ntfy.statuspage.io/)
 
 **ntfy** (pronounce: *notify*) is a simple HTTP-based [pub-sub](https://en.wikipedia.org/wiki/Publish%E2%80%93subscribe_pattern) notification service.
@@ -36,8 +37,9 @@ too.
 I welcome any and all contributions. Just create a PR or an issue.
 
 ## Contact me
-You can directly contact me **[on Discord](https://discord.gg/cT7ECsZj9w)**, or via the [GitHub issues](https://github.com/binwiederhier/ntfy/issues),
+You can directly contact me **[on Discord](https://discord.gg/cT7ECsZj9w)** or [on Matrix](https://matrix.to/#/#ntfy:matrix.org) 
-or find more contact information [on my website](https://heckel.io/about).
+(bridged from Discord), or via the [GitHub issues](https://github.com/binwiederhier/ntfy/issues), or find more contact information
+[on my website](https://heckel.io/about).
 
 ## License
 Made with ❤️ by [Philipp C. Heckel](https://heckel.io).   
@@ -48,6 +50,8 @@ Third party libraries and resources:
 * [Mixkit sound](https://mixkit.co/free-sound-effects/notification/) (Mixkit Free License) used as notification sound
 * [Lato Font](https://www.latofonts.com/) (OFL) is used as a font in the Web UI
 * [GoReleaser](https://goreleaser.com/) (MIT) is used to create releases
+* [go-smtp](https://github.com/emersion/go-smtp) (MIT) is used to receive e-mails
+* [stretchr/testify](https://github.com/stretchr/testify) (MIT) is used for unit and integration tests
 * [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) (MIT) is used to provide the persistent message cache
 * [Firebase Admin SDK](https://github.com/firebase/firebase-admin-go) (Apache 2.0) is used to send FCM messages
 * [github/gemoji](https://github.com/github/gemoji) (MIT) is used for emoji support (specifically the [emoji.json](https://raw.githubusercontent.com/github/gemoji/master/db/emoji.json) file)

client/client.go

@@ -67,6 +67,12 @@ func New(config *Config) *Client {
 }
 
 // Publish sends a message to a specific topic, optionally using options.
+// See PublishReader for details.
+func (c *Client) Publish(topic, message string, options ...PublishOption) (*Message, error) {
+	return c.PublishReader(topic, strings.NewReader(message), options...)
+}
+
+// PublishReader sends a message to a specific topic, optionally using options.
 //
 // A topic can be either a full URL (e.g. https://myhost.lan/mytopic), a short URL which is then prepended https://
 // (e.g. myhost.lan -> https://myhost.lan), or a short name which is expanded using the default host in the
@@ -74,9 +80,9 @@ func New(config *Config) *Client {
 //
 // To pass title, priority and tags, check out WithTitle, WithPriority, WithTagsList, WithDelay, WithNoCache,
 // WithNoFirebase, and the generic WithHeader.
-func (c *Client) Publish(topic, message string, options ...PublishOption) (*Message, error) {
+func (c *Client) PublishReader(topic string, body io.Reader, options ...PublishOption) (*Message, error) {
 	topicURL := c.expandTopicURL(topic)
-	req, _ := http.NewRequest("POST", topicURL, strings.NewReader(message))
+	req, _ := http.NewRequest("POST", topicURL, body)
 	for _, option := range options {
 		if err := option(req); err != nil {
 			return nil, err

client/client_test.go

@@ -37,6 +37,8 @@ func TestClient_Publish_Subscribe(t *testing.T) {
 	require.Equal(t, "some delayed message", msg.Message)
 	require.True(t, time.Now().Add(24*time.Hour).Unix() < msg.Time)
 
+	time.Sleep(200 * time.Millisecond)
+
 	msg = nextMessage(c)
 	require.NotNil(t, msg)
 	require.Equal(t, "some message", msg.Message)

client/options.go

@@ -16,6 +16,11 @@ type PublishOption = RequestOption
 // SubscribeOption is an option that can be passed to a Client.Subscribe or Client.Poll call
 type SubscribeOption = RequestOption
 
+// WithMessage sets the notification message. This is an alternative way to passing the message body.
+func WithMessage(message string) PublishOption {
+	return WithHeader("X-Message", message)
+}
+
 // WithTitle adds a title to a message
 func WithTitle(title string) PublishOption {
 	return WithHeader("X-Title", title)
@@ -45,6 +50,26 @@ func WithDelay(delay string) PublishOption {
 	return WithHeader("X-Delay", delay)
 }
 
+// WithClick makes the notification action open the given URL as opposed to entering the detail view
+func WithClick(url string) PublishOption {
+	return WithHeader("X-Click", url)
+}
+
+// WithAttach sets a URL that will be used by the client to download an attachment
+func WithAttach(attach string) PublishOption {
+	return WithHeader("X-Attach", attach)
+}
+
+// WithFilename sets a filename for the attachment, and/or forces the HTTP body to interpreted as an attachment
+func WithFilename(filename string) PublishOption {
+	return WithHeader("X-Filename", filename)
+}
+
+// WithEmail instructs the server to also send the message to the given e-mail address
+func WithEmail(email string) PublishOption {
+	return WithHeader("X-Email", email)
+}
+
 // WithNoCache instructs the server not to cache the message server-side
 func WithNoCache() PublishOption {
 	return WithHeader("X-Cache", "no")

cmd/app.go

@@ -7,7 +7,6 @@ import (
 	"github.com/urfave/cli/v2/altsrc"
 	"heckel.io/ntfy/util"
 	"os"
-	"strings"
 )
 
 var (
@@ -60,7 +59,3 @@ func initConfigFileInputSource(configFlag string, flags []cli.Flag) cli.BeforeFu
 		return altsrc.ApplyInputSourceValues(context, inputSource, flags)
 	}
 }
-
-func collapseTopicURL(s string) string {
-	return strings.TrimPrefix(strings.TrimPrefix(s, "https://"), "http://")
-}

cmd/app_test.go

@@ -2,10 +2,13 @@ package cmd
 
 import (
 	"bytes"
+	"encoding/json"
 	"github.com/urfave/cli/v2"
+	"heckel.io/ntfy/client"
 	"io"
 	"log"
 	"os"
+	"strings"
 	"testing"
 )
 
@@ -24,3 +27,11 @@ func newTestApp() (*cli.App, *bytes.Buffer, *bytes.Buffer, *bytes.Buffer) {
 	app.ErrWriter = &stderr
 	return app, &stdin, &stdout, &stderr
 }
+
+func toMessage(t *testing.T, s string) *client.Message {
+	var m *client.Message
+	if err := json.NewDecoder(strings.NewReader(s)).Decode(&m); err != nil {
+		t.Fatal(err)
+	}
+	return m
+}

cmd/publish.go

@@ -5,6 +5,9 @@ import (
 	"fmt"
 	"github.com/urfave/cli/v2"
 	"heckel.io/ntfy/client"
+	"io"
+	"os"
+	"path/filepath"
 	"strings"
 )
 
@@ -20,6 +23,11 @@ var cmdPublish = &cli.Command{
 		&cli.StringFlag{Name: "priority", Aliases: []string{"p"}, Usage: "priority of the message (1=min, 2=low, 3=default, 4=high, 5=max)"},
 		&cli.StringFlag{Name: "tags", Aliases: []string{"tag", "T"}, Usage: "comma separated list of tags and emojis"},
 		&cli.StringFlag{Name: "delay", Aliases: []string{"at", "in", "D"}, Usage: "delay/schedule message"},
+		&cli.StringFlag{Name: "click", Aliases: []string{"U"}, Usage: "URL to open when notification is clicked"},
+		&cli.StringFlag{Name: "attach", Aliases: []string{"a"}, Usage: "URL to send as an external attachment"},
+		&cli.StringFlag{Name: "filename", Aliases: []string{"name", "n"}, Usage: "Filename for the attachment"},
+		&cli.StringFlag{Name: "file", Aliases: []string{"f"}, Usage: "File to upload as an attachment"},
+		&cli.StringFlag{Name: "email", Aliases: []string{"e-mail", "mail", "e"}, Usage: "also send to e-mail address"},
 		&cli.BoolFlag{Name: "no-cache", Aliases: []string{"C"}, Usage: "do not cache message server-side"},
 		&cli.BoolFlag{Name: "no-firebase", Aliases: []string{"F"}, Usage: "do not forward message to Firebase"},
 		&cli.BoolFlag{Name: "quiet", Aliases: []string{"q"}, Usage: "do print message"},
@@ -33,6 +41,11 @@ Examples:
   ntfy pub --tags=warning,skull backups "Backups failed"  # Add tags/emojis to message
   ntfy pub --delay=10s delayed_topic Laterzz              # Delay message by 10s
   ntfy pub --at=8:30am delayed_topic Laterzz              # Send message at 8:30am
+  ntfy pub -e phil@example.com alerts 'App is down!'      # Also send email to phil@example.com
+  ntfy pub --click="https://reddit.com" redd 'New msg'    # Opens Reddit when notification is clicked
+  ntfy pub --attach="http://some.tld/file.zip" files      # Send ZIP archive from URL as attachment
+  ntfy pub --file=flower.jpg flowers 'Nice!'              # Send image.jpg as attachment
+  cat flower.jpg | ntfy pub --file=- flowers 'Nice!'      # Same as above, send image.jpg as attachment
   ntfy trigger mywebhook                                  # Sending without message, useful for webhooks
 
 Please also check out the docs on publishing messages. Especially for the --tags and --delay options, 
@@ -54,6 +67,11 @@ func execPublish(c *cli.Context) error {
 	priority := c.String("priority")
 	tags := c.String("tags")
 	delay := c.String("delay")
+	click := c.String("click")
+	attach := c.String("attach")
+	filename := c.String("filename")
+	file := c.String("file")
+	email := c.String("email")
 	noCache := c.Bool("no-cache")
 	noFirebase := c.Bool("no-firebase")
 	quiet := c.Bool("quiet")
@@ -75,14 +93,48 @@ func execPublish(c *cli.Context) error {
 	if delay != "" {
 		options = append(options, client.WithDelay(delay))
 	}
+	if click != "" {
+		options = append(options, client.WithClick(click))
+	}
+	if attach != "" {
+		options = append(options, client.WithAttach(attach))
+	}
+	if filename != "" {
+		options = append(options, client.WithFilename(filename))
+	}
+	if email != "" {
+		options = append(options, client.WithEmail(email))
+	}
 	if noCache {
 		options = append(options, client.WithNoCache())
 	}
 	if noFirebase {
 		options = append(options, client.WithNoFirebase())
 	}
+	var body io.Reader
+	if file == "" {
+		body = strings.NewReader(message)
+	} else {
+		if message != "" {
+			options = append(options, client.WithMessage(message))
+		}
+		if file == "-" {
+			if filename == "" {
+				options = append(options, client.WithFilename("stdin"))
+			}
+			body = c.App.Reader
+		} else {
+			if filename == "" {
+				options = append(options, client.WithFilename(filepath.Base(file)))
+			}
+			body, err = os.Open(file)
+			if err != nil {
+				return err
+			}
+		}
+	}
 	cl := client.New(conf)
-	m, err := cl.Publish(topic, message, options...)
+	m, err := cl.PublishReader(topic, body, options...)
 	if err != nil {
 		return err
 	}

cmd/publish_test.go

@@ -1,7 +1,9 @@
 package cmd
 
 import (
+	"fmt"
 	"github.com/stretchr/testify/require"
+	"heckel.io/ntfy/test"
 	"heckel.io/ntfy/util"
 	"testing"
 )
@@ -16,3 +18,19 @@ func TestCLI_Publish_Subscribe_Poll_Real_Server(t *testing.T) {
 	require.Nil(t, app2.Run([]string{"ntfy", "subscribe", "--poll", "ntfytest"}))
 	require.Contains(t, stdout.String(), testMessage)
 }
+
+func TestCLI_Publish_Subscribe_Poll(t *testing.T) {
+	s, port := test.StartServer(t)
+	defer test.StopServer(t, s, port)
+	topic := fmt.Sprintf("http://127.0.0.1:%d/mytopic", port)
+
+	app, _, stdout, _ := newTestApp()
+	require.Nil(t, app.Run([]string{"ntfy", "publish", topic, "some message"}))
+	m := toMessage(t, stdout.String())
+	require.Equal(t, "some message", m.Message)
+
+	app2, _, stdout, _ := newTestApp()
+	require.Nil(t, app2.Run([]string{"ntfy", "subscribe", "--poll", topic}))
+	m = toMessage(t, stdout.String())
+	require.Equal(t, "some message", m.Message)
+}

cmd/serve.go

@@ -1,18 +1,20 @@
-// Package cmd provides the ntfy CLI application
 package cmd
 
 import (
 	"errors"
+	"fmt"
 	"github.com/urfave/cli/v2"
 	"github.com/urfave/cli/v2/altsrc"
 	"heckel.io/ntfy/server"
 	"heckel.io/ntfy/util"
 	"log"
+	"math"
 	"time"
 )
 
 var flagsServe = []cli.Flag{
 	&cli.StringFlag{Name: "config", Aliases: []string{"c"}, EnvVars: []string{"NTFY_CONFIG_FILE"}, Value: "/etc/ntfy/server.yml", DefaultText: "/etc/ntfy/server.yml", Usage: "config file"},
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "base-url", Aliases: []string{"B"}, EnvVars: []string{"NTFY_BASE_URL"}, Usage: "externally visible base URL for this host (e.g. https://ntfy.sh)"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "listen-http", Aliases: []string{"l"}, EnvVars: []string{"NTFY_LISTEN_HTTP"}, Value: server.DefaultListenHTTP, Usage: "ip:port used to as HTTP listen address"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "listen-https", Aliases: []string{"L"}, EnvVars: []string{"NTFY_LISTEN_HTTPS"}, Usage: "ip:port used to as HTTPS listen address"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "key-file", Aliases: []string{"K"}, EnvVars: []string{"NTFY_KEY_FILE"}, Usage: "private key file, if listen-https is set"}),
@@ -20,12 +22,27 @@ var flagsServe = []cli.Flag{
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "firebase-key-file", Aliases: []string{"F"}, EnvVars: []string{"NTFY_FIREBASE_KEY_FILE"}, Usage: "Firebase credentials file; if set additionally publish to FCM topic"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "cache-file", Aliases: []string{"C"}, EnvVars: []string{"NTFY_CACHE_FILE"}, Usage: "cache file used for message caching"}),
 	altsrc.NewDurationFlag(&cli.DurationFlag{Name: "cache-duration", Aliases: []string{"b"}, EnvVars: []string{"NTFY_CACHE_DURATION"}, Value: server.DefaultCacheDuration, Usage: "buffer messages for this time to allow `since` requests"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "attachment-cache-dir", EnvVars: []string{"NTFY_ATTACHMENT_CACHE_DIR"}, Usage: "cache directory for attached files"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "attachment-total-size-limit", Aliases: []string{"A"}, EnvVars: []string{"NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT"}, DefaultText: "5G", Usage: "limit of the on-disk attachment cache"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "attachment-file-size-limit", Aliases: []string{"Y"}, EnvVars: []string{"NTFY_ATTACHMENT_FILE_SIZE_LIMIT"}, DefaultText: "15M", Usage: "per-file attachment size limit (e.g. 300k, 2M, 100M)"}),
+	altsrc.NewDurationFlag(&cli.DurationFlag{Name: "attachment-expiry-duration", Aliases: []string{"X"}, EnvVars: []string{"NTFY_ATTACHMENT_EXPIRY_DURATION"}, Value: server.DefaultAttachmentExpiryDuration, DefaultText: "3h", Usage: "duration after which uploaded attachments will be deleted (e.g. 3h, 20h)"}),
 	altsrc.NewDurationFlag(&cli.DurationFlag{Name: "keepalive-interval", Aliases: []string{"k"}, EnvVars: []string{"NTFY_KEEPALIVE_INTERVAL"}, Value: server.DefaultKeepaliveInterval, Usage: "interval of keepalive messages"}),
 	altsrc.NewDurationFlag(&cli.DurationFlag{Name: "manager-interval", Aliases: []string{"m"}, EnvVars: []string{"NTFY_MANAGER_INTERVAL"}, Value: server.DefaultManagerInterval, Usage: "interval of for message pruning and stats printing"}),
-	altsrc.NewIntFlag(&cli.IntFlag{Name: "global-topic-limit", Aliases: []string{"T"}, EnvVars: []string{"NTFY_GLOBAL_TOPIC_LIMIT"}, Value: server.DefaultGlobalTopicLimit, Usage: "total number of topics allowed"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "smtp-sender-addr", EnvVars: []string{"NTFY_SMTP_SENDER_ADDR"}, Usage: "SMTP server address (host:port) for outgoing emails"}),
-	altsrc.NewIntFlag(&cli.IntFlag{Name: "visitor-subscription-limit", Aliases: []string{"V"}, EnvVars: []string{"NTFY_VISITOR_SUBSCRIPTION_LIMIT"}, Value: server.DefaultVisitorSubscriptionLimit, Usage: "number of subscriptions per visitor"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "smtp-sender-user", EnvVars: []string{"NTFY_SMTP_SENDER_USER"}, Usage: "SMTP user (if e-mail sending is enabled)"}),
-	altsrc.NewIntFlag(&cli.IntFlag{Name: "visitor-request-limit-burst", Aliases: []string{"B"}, EnvVars: []string{"NTFY_VISITOR_REQUEST_LIMIT_BURST"}, Value: server.DefaultVisitorRequestLimitBurst, Usage: "initial limit of requests per visitor"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "smtp-sender-pass", EnvVars: []string{"NTFY_SMTP_SENDER_PASS"}, Usage: "SMTP password (if e-mail sending is enabled)"}),
-	altsrc.NewDurationFlag(&cli.DurationFlag{Name: "visitor-request-limit-replenish", Aliases: []string{"R"}, EnvVars: []string{"NTFY_VISITOR_REQUEST_LIMIT_REPLENISH"}, Value: server.DefaultVisitorRequestLimitReplenish, Usage: "interval at which burst limit is replenished (one per x)"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "smtp-sender-from", EnvVars: []string{"NTFY_SMTP_SENDER_FROM"}, Usage: "SMTP sender address (if e-mail sending is enabled)"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "smtp-server-listen", EnvVars: []string{"NTFY_SMTP_SERVER_LISTEN"}, Usage: "SMTP server address (ip:port) for incoming emails, e.g. :25"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "smtp-server-domain", EnvVars: []string{"NTFY_SMTP_SERVER_DOMAIN"}, Usage: "SMTP domain for incoming e-mail, e.g. ntfy.sh"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "smtp-server-addr-prefix", EnvVars: []string{"NTFY_SMTP_SERVER_ADDR_PREFIX"}, Usage: "SMTP email address prefix for topics to prevent spam (e.g. 'ntfy-')"}),
+	altsrc.NewIntFlag(&cli.IntFlag{Name: "global-topic-limit", Aliases: []string{"T"}, EnvVars: []string{"NTFY_GLOBAL_TOPIC_LIMIT"}, Value: server.DefaultTotalTopicLimit, Usage: "total number of topics allowed"}),
+	altsrc.NewIntFlag(&cli.IntFlag{Name: "visitor-subscription-limit", EnvVars: []string{"NTFY_VISITOR_SUBSCRIPTION_LIMIT"}, Value: server.DefaultVisitorSubscriptionLimit, Usage: "number of subscriptions per visitor"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "visitor-attachment-total-size-limit", EnvVars: []string{"NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT"}, Value: "100M", Usage: "total storage limit used for attachments per visitor"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "visitor-attachment-daily-bandwidth-limit", EnvVars: []string{"NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT"}, Value: "500M", Usage: "total daily attachment download/upload bandwidth limit per visitor"}),
+	altsrc.NewIntFlag(&cli.IntFlag{Name: "visitor-request-limit-burst", EnvVars: []string{"NTFY_VISITOR_REQUEST_LIMIT_BURST"}, Value: server.DefaultVisitorRequestLimitBurst, Usage: "initial limit of requests per visitor"}),
+	altsrc.NewDurationFlag(&cli.DurationFlag{Name: "visitor-request-limit-replenish", EnvVars: []string{"NTFY_VISITOR_REQUEST_LIMIT_REPLENISH"}, Value: server.DefaultVisitorRequestLimitReplenish, Usage: "interval at which burst limit is replenished (one per x)"}),
+	altsrc.NewIntFlag(&cli.IntFlag{Name: "visitor-email-limit-burst", EnvVars: []string{"NTFY_VISITOR_EMAIL_LIMIT_BURST"}, Value: server.DefaultVisitorEmailLimitBurst, Usage: "initial limit of e-mails per visitor"}),
+	altsrc.NewDurationFlag(&cli.DurationFlag{Name: "visitor-email-limit-replenish", EnvVars: []string{"NTFY_VISITOR_EMAIL_LIMIT_REPLENISH"}, Value: server.DefaultVisitorEmailLimitReplenish, Usage: "interval at which burst limit is replenished (one per x)"}),
 	altsrc.NewBoolFlag(&cli.BoolFlag{Name: "behind-proxy", Aliases: []string{"P"}, EnvVars: []string{"NTFY_BEHIND_PROXY"}, Value: false, Usage: "if set, use X-Forwarded-For header to determine visitor IP address (for rate limiting)"}),
 }
 
@@ -52,6 +69,7 @@ func execServe(c *cli.Context) error {
 	}
 
 	// Read all the options
+	baseURL := c.String("base-url")
 	listenHTTP := c.String("listen-http")
 	listenHTTPS := c.String("listen-https")
 	keyFile := c.String("key-file")
@@ -59,12 +77,27 @@ func execServe(c *cli.Context) error {
 	firebaseKeyFile := c.String("firebase-key-file")
 	cacheFile := c.String("cache-file")
 	cacheDuration := c.Duration("cache-duration")
+	attachmentCacheDir := c.String("attachment-cache-dir")
+	attachmentTotalSizeLimitStr := c.String("attachment-total-size-limit")
+	attachmentFileSizeLimitStr := c.String("attachment-file-size-limit")
+	attachmentExpiryDuration := c.Duration("attachment-expiry-duration")
 	keepaliveInterval := c.Duration("keepalive-interval")
 	managerInterval := c.Duration("manager-interval")
-	globalTopicLimit := c.Int("global-topic-limit")
+	smtpSenderAddr := c.String("smtp-sender-addr")
+	smtpSenderUser := c.String("smtp-sender-user")
+	smtpSenderPass := c.String("smtp-sender-pass")
+	smtpSenderFrom := c.String("smtp-sender-from")
+	smtpServerListen := c.String("smtp-server-listen")
+	smtpServerDomain := c.String("smtp-server-domain")
+	smtpServerAddrPrefix := c.String("smtp-server-addr-prefix")
+	totalTopicLimit := c.Int("global-topic-limit")
 	visitorSubscriptionLimit := c.Int("visitor-subscription-limit")
+	visitorAttachmentTotalSizeLimitStr := c.String("visitor-attachment-total-size-limit")
+	visitorAttachmentDailyBandwidthLimitStr := c.String("visitor-attachment-daily-bandwidth-limit")
 	visitorRequestLimitBurst := c.Int("visitor-request-limit-burst")
 	visitorRequestLimitReplenish := c.Duration("visitor-request-limit-replenish")
+	visitorEmailLimitBurst := c.Int("visitor-email-limit-burst")
+	visitorEmailLimitReplenish := c.Duration("visitor-email-limit-replenish")
 	behindProxy := c.Bool("behind-proxy")
 
 	// Check values
@@ -82,10 +115,37 @@ func execServe(c *cli.Context) error {
 		return errors.New("if set, certificate file must exist")
 	} else if listenHTTPS != "" && (keyFile == "" || certFile == "") {
 		return errors.New("if listen-https is set, both key-file and cert-file must be set")
+	} else if smtpSenderAddr != "" && (baseURL == "" || smtpSenderUser == "" || smtpSenderPass == "" || smtpSenderFrom == "") {
+		return errors.New("if smtp-sender-addr is set, base-url, smtp-sender-user, smtp-sender-pass and smtp-sender-from must also be set")
+	} else if smtpServerListen != "" && smtpServerDomain == "" {
+		return errors.New("if smtp-server-listen is set, smtp-server-domain must also be set")
+	} else if attachmentCacheDir != "" && baseURL == "" {
+		return errors.New("if attachment-cache-dir is set, base-url must also be set")
+	}
+
+	// Convert sizes to bytes
+	attachmentTotalSizeLimit, err := parseSize(attachmentTotalSizeLimitStr, server.DefaultAttachmentTotalSizeLimit)
+	if err != nil {
+		return err
+	}
+	attachmentFileSizeLimit, err := parseSize(attachmentFileSizeLimitStr, server.DefaultAttachmentFileSizeLimit)
+	if err != nil {
+		return err
+	}
+	visitorAttachmentTotalSizeLimit, err := parseSize(visitorAttachmentTotalSizeLimitStr, server.DefaultVisitorAttachmentTotalSizeLimit)
+	if err != nil {
+		return err
+	}
+	visitorAttachmentDailyBandwidthLimit, err := parseSize(visitorAttachmentDailyBandwidthLimitStr, server.DefaultVisitorAttachmentDailyBandwidthLimit)
+	if err != nil {
+		return err
+	} else if visitorAttachmentDailyBandwidthLimit > math.MaxInt {
+		return fmt.Errorf("config option visitor-attachment-daily-bandwidth-limit must be lower than %d", math.MaxInt)
 	}
 
 	// Run server
 	conf := server.NewConfig()
+	conf.BaseURL = baseURL
 	conf.ListenHTTP = listenHTTP
 	conf.ListenHTTPS = listenHTTPS
 	conf.KeyFile = keyFile
@@ -93,12 +153,27 @@ func execServe(c *cli.Context) error {
 	conf.FirebaseKeyFile = firebaseKeyFile
 	conf.CacheFile = cacheFile
 	conf.CacheDuration = cacheDuration
+	conf.AttachmentCacheDir = attachmentCacheDir
+	conf.AttachmentTotalSizeLimit = attachmentTotalSizeLimit
+	conf.AttachmentFileSizeLimit = attachmentFileSizeLimit
+	conf.AttachmentExpiryDuration = attachmentExpiryDuration
 	conf.KeepaliveInterval = keepaliveInterval
 	conf.ManagerInterval = managerInterval
-	conf.GlobalTopicLimit = globalTopicLimit
+	conf.SMTPSenderAddr = smtpSenderAddr
+	conf.SMTPSenderUser = smtpSenderUser
+	conf.SMTPSenderPass = smtpSenderPass
+	conf.SMTPSenderFrom = smtpSenderFrom
+	conf.SMTPServerListen = smtpServerListen
+	conf.SMTPServerDomain = smtpServerDomain
+	conf.SMTPServerAddrPrefix = smtpServerAddrPrefix
+	conf.TotalTopicLimit = totalTopicLimit
 	conf.VisitorSubscriptionLimit = visitorSubscriptionLimit
+	conf.VisitorAttachmentTotalSizeLimit = visitorAttachmentTotalSizeLimit
+	conf.VisitorAttachmentDailyBandwidthLimit = int(visitorAttachmentDailyBandwidthLimit)
 	conf.VisitorRequestLimitBurst = visitorRequestLimitBurst
 	conf.VisitorRequestLimitReplenish = visitorRequestLimitReplenish
+	conf.VisitorEmailLimitBurst = visitorEmailLimitBurst
+	conf.VisitorEmailLimitReplenish = visitorEmailLimitReplenish
 	conf.BehindProxy = behindProxy
 	s, err := server.New(conf)
 	if err != nil {
@@ -110,3 +185,14 @@ func execServe(c *cli.Context) error {
 	log.Printf("Exiting.")
 	return nil
 }
+
+func parseSize(s string, defaultValue int64) (v int64, err error) {
+	if s == "" {
+		return defaultValue, nil
+	}
+	v, err = util.ParseSize(s)
+	if err != nil {
+		return 0, err
+	}
+	return v, nil
+}

cmd/subscribe.go

@@ -180,7 +180,7 @@ func runCommandInternal(c *cli.Context, command string, m *client.Message) error
 	defer os.Remove(scriptFile)
 	verbose := c.Bool("verbose")
 	if verbose {
-		log.Printf("[%s] Executing: %s (for message: %s)", collapseTopicURL(m.TopicURL), command, m.Raw)
+		log.Printf("[%s] Executing: %s (for message: %s)", util.ShortTopicURL(m.TopicURL), command, m.Raw)
 	}
 	cmd := exec.Command("sh", "-c", scriptFile)
 	cmd.Stdin = c.App.Reader

docs/config.md

@@ -13,7 +13,7 @@ $ ntfy serve
 
 You can immediately start [publishing messages](publish.md), or subscribe via the [Android app](subscribe/phone.md),
 [the web UI](subscribe/web.md), or simply via [curl or your favorite HTTP client](subscribe/api.md). To configure 
-the server further, check out the [config options table](#config-options) or simply type `ntfy --help` to
+the server further, check out the [config options table](#config-options) or simply type `ntfy serve --help` to
 get a list of [command line options](#command-line-options).
 
 ## Message cache
@@ -35,23 +35,119 @@ the message to the subscribers.
 Subscribers can retrieve cached messaging using the [`poll=1` parameter](subscribe/api.md#poll-for-messages), as well as the
 [`since=` parameter](subscribe/api.md#fetch-cached-messages).
 
+## Attachments
+If desired, you may allow users to upload and [attach files to notifications](publish.md#attachments). To enable
+this feature, you have to simply configure an attachment cache directory and a base URL (`attachment-cache-dir`, `base-url`). 
+Once these options are set and the directory is writable by the server user, you can upload attachments via PUT.
+
+By default, attachments are stored in the disk-cache **for only 3 hours**. The main reason for this is to avoid legal issues
+and such when hosting user controlled content. Typically, this is more than enough time for the user (or the auto download 
+feature) to download the file. The following config options are relevant to attachments:
+
+* `base-url` is the root URL for the ntfy server; this is needed for the generated attachment URLs
+* `attachment-cache-dir` is the cache directory for attached files
+* `attachment-total-size-limit` is the size limit of the on-disk attachment cache (default: 5G)
+* `attachment-file-size-limit` is the per-file attachment size limit (e.g. 300k, 2M, 100M, default: 15M)
+* `attachment-expiry-duration` is the duration after which uploaded attachments will be deleted (e.g. 3h, 20h, default: 3h)
+
+Here's an example config using mostly the defaults (except for the cache directory, which is empty by default): 
+
+=== "/etc/ntfy/server.yml (minimal)"
+    ``` yaml
+    base-url: "https://ntfy.sh"
+    attachment-cache-dir: "/var/cache/ntfy/attachments"
+    ```
+
+=== "/etc/ntfy/server.yml (all options)"
+    ``` yaml
+    base-url: "https://ntfy.sh"
+    attachment-cache-dir: "/var/cache/ntfy/attachments"
+    attachment-total-size-limit: "5G"
+    attachment-file-size-limit: "15M"
+    attachment-expiry-duration: "3h"
+    visitor-attachment-total-size-limit: "100M"
+    visitor-attachment-daily-bandwidth-limit: "500M"
+    ```
+
+Please also refer to the [rate limiting](#rate-limiting) settings below, specifically `visitor-attachment-total-size-limit`
+and `visitor-attachment-daily-bandwidth-limit`. Setting these conservatively is necessary to avoid abuse.
+
+## E-mail notifications
+To allow forwarding messages via e-mail, you can configure an **SMTP server for outgoing messages**. Once configured, 
+you can set the `X-Email` header to [send messages via e-mail](publish.md#e-mail-notifications) (e.g. 
+`curl -d "hi there" -H "X-Email: phil@example.com" ntfy.sh/mytopic`).
+
+As of today, only SMTP servers with PLAIN auth and STARTLS are supported. To enable e-mail sending, you must set the 
+following settings:
+
+* `base-url` is the root URL for the ntfy server; this is needed for e-mail footer
+* `smtp-sender-addr` is the hostname:port of the SMTP server
+* `smtp-sender-user` and `smtp-sender-pass` are the username and password of the SMTP user
+* `smtp-sender-from` is the e-mail address of the sender
+
+Here's an example config using [Amazon SES](https://aws.amazon.com/ses/) for outgoing mail (this is how it is 
+configured for `ntfy.sh`):
+
+=== "/etc/ntfy/server.yml"
+    ``` yaml
+    base-url: "https://ntfy.sh"
+    smtp-sender-addr: "email-smtp.us-east-2.amazonaws.com:587"
+    smtp-sender-user: "AKIDEADBEEFAFFE12345"
+    smtp-sender-pass: "Abd13Kf+sfAk2DzifjafldkThisIsNotARealKeyOMG."
+    smtp-sender-from: "ntfy@ntfy.sh"
+    ```
+
+Please also refer to the [rate limiting](#rate-limiting) settings below, specifically `visitor-email-limit-burst` 
+and `visitor-email-limit-burst`. Setting these conservatively is necessary to avoid abuse.
+
+## E-mail publishing
+To allow publishing messages via e-mail, ntfy can run a lightweight **SMTP server for incoming messages**. Once configured, 
+users can [send emails to a topic e-mail address](publish.md#e-mail-publishing) (e.g. `mytopic@ntfy.sh` or 
+`myprefix-mytopic@ntfy.sh`) to publish messages to a topic. This is useful for e-mail based integrations such as for 
+statuspage.io (though these days most services also support webhooks and HTTP calls).
+
+To configure the SMTP server, you must at least set `smtp-server-listen` and `smtp-server-domain`:
+
+* `smtp-server-listen` defines the IP address and port the SMTP server will listen on, e.g. `:25` or `1.2.3.4:25`
+* `smtp-server-domain` is the e-mail domain, e.g. `ntfy.sh`
+* `smtp-server-addr-prefix` is an optional prefix for the e-mail addresses to prevent spam. If set to `ntfy-`, for instance,
+  only e-mails to `ntfy-$topic@ntfy.sh` will be accepted. If this is not set, all emails to `$topic@ntfy.sh` will be
+  accepted (which may obviously be a spam problem).
+
+Here's an example config (this is how it is configured for `ntfy.sh`):
+
+=== "/etc/ntfy/server.yml"
+    ``` yaml
+    smtp-server-listen: ":25"
+    smtp-server-domain: "ntfy.sh"
+    smtp-server-addr-prefix: "ntfy-"
+    ```
+
+In addition to configuring the ntfy server, you have to create two DNS records (an [MX record](https://en.wikipedia.org/wiki/MX_record) 
+and a corresponding A record), so incoming mail will find its way to your server. Here's an example of how `ntfy.sh` is 
+configured (in [Amazon Route 53](https://aws.amazon.com/route53/)):
+
+<figure markdown>
+  ![DNS records for incoming mail](static/img/screenshot-email-publishing-dns.png){ width=600 }
+  <figcaption>DNS records for incoming mail</figcaption>
+</figure>
+
 ## Behind a proxy (TLS, etc.)
 !!! warning
     If you are running ntfy behind a proxy, you must set the `behind-proxy` flag. Otherwise, all visitors are
     [rate limited](#rate-limiting) as if they are one.
 
-It may be desirable to run ntfy behind a proxy, e.g. so you can provide TLS certificates using Let's Encrypt using certbot,
+It may be desirable to run ntfy behind a proxy (e.g. nginx, HAproxy or Apache), so you can provide TLS certificates 
-or simply because you'd like to share the ports (80/443) with other services. Whatever your reasons may be, there are a 
+using Let's Encrypt using certbot, or simply because you'd like to share the ports (80/443) with other services. 
-few things to consider. 
+Whatever your reasons may be, there are a few things to consider. 
 
-### Rate limiting
+If you are running ntfy behind a proxy, you should set the `behind-proxy` flag. This will instruct the 
-If you are running ntfy behind a proxy (e.g. nginx, HAproxy or Apache), you should set the `behind-proxy` 
+[rate limiting](#rate-limiting) logic to use the `X-Forwarded-For` header as the primary identifier for a visitor, 
-flag. This will instruct the [rate limiting](#rate-limiting) logic to use the `X-Forwarded-For` header as the primary 
+as opposed to the remote IP address. If the `behind-proxy` flag is not set, all visitors will
-identifier for a visitor, as opposed to the remote IP address. If the `behind-proxy` flag is not set, all visitors will
 be counted as one, because from the perspective of the ntfy server, they all share the proxy's IP address.
 
 === "/etc/ntfy/server.yml"
-    ```
+    ``` yaml
     # Tell ntfy to use "X-Forwarded-For" to identify visitors
     behind-proxy: true
     ```
@@ -65,7 +161,7 @@ which lets you use [AWS Route 53](https://aws.amazon.com/route53/) as the challe
 HTTP challenge. I've found [this guide](https://nandovieira.com/using-lets-encrypt-in-development-with-nginx-and-aws-route53) to
 be incredibly helpful.
 
-### nginx/Apache2
+### nginx/Apache2/caddy
 For your convenience, here's a working config that'll help configure things behind a proxy. In this 
 example, ntfy runs on `:2586` and we proxy traffic to it. We also redirect HTTP to HTTPS for GET requests against a topic
 or the root domain:
@@ -83,7 +179,7 @@ or the root domain:
         if ($request_method = GET) {
           set $redirect_https "yes";
         }
-        if ($request_uri ~* "^/[-_a-z0-9]{0,64}$") {
+        if ($request_uri ~* "^/([-_a-z0-9]{0,64}$|docs/|static/)") {
           set $redirect_https "${redirect_https}yes";
         }
         if ($redirect_https = "yesyes") {
@@ -94,16 +190,17 @@ or the root domain:
         proxy_http_version 1.1;
     
         proxy_buffering off;
+        proxy_request_buffering off;
         proxy_redirect off;
      
         proxy_set_header Host $http_host;
-        proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
     
-        proxy_connect_timeout 1m;
+        proxy_connect_timeout 3m;
-        proxy_send_timeout 1m;
+        proxy_send_timeout 3m;
-        proxy_read_timeout 1m;
+        proxy_read_timeout 3m;
+
+        client_max_body_size 20m; # Must be >= attachment-file-size-limit in /etc/ntfy/server.yml
       }
     }
     
@@ -122,18 +219,19 @@ or the root domain:
       location / {
         proxy_pass http://127.0.0.1:2586;
         proxy_http_version 1.1;
-    
+
         proxy_buffering off;
+        proxy_request_buffering off;
         proxy_redirect off;
      
         proxy_set_header Host $http_host;
-        proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
     
-        proxy_connect_timeout 1m;
+        proxy_connect_timeout 3m;
-        proxy_send_timeout 1m;
+        proxy_send_timeout 3m;
-        proxy_read_timeout 1m;
+        proxy_read_timeout 3m;
+        
+        client_max_body_size 20m; # Must be >= attachment-file-size-limit in /etc/ntfy/server.yml
       }
     }
     ```
@@ -149,7 +247,7 @@ or the root domain:
         ProxyPass / http://127.0.0.1:2586/
         ProxyPassReverse / http://127.0.0.1:2586/
         
-        # Higher than the max message size of 512k 
+        # Higher than the max message size of 4096 bytes
         LimitRequestBody 102400
         
         # Redirect HTTP to HTTPS, but only for GET topic addresses, since we want 
@@ -173,7 +271,7 @@ or the root domain:
         ProxyPass / http://127.0.0.1:2586/
         ProxyPassReverse / http://127.0.0.1:2586/
         
-        # Higher than the max message size of 512k 
+        # Higher than the max message size of 4096 bytes 
         LimitRequestBody 102400
         
         # Redirect HTTP to HTTPS, but only for GET topic addresses, since we want 
@@ -184,6 +282,19 @@ or the root domain:
     </VirtualHost>
     ```
 
+=== "caddy"
+    ```
+    # Note that this config is most certainly incomplete. Please help out and let me know what's missing
+    # via Discord/Matrix or in a GitHub issue.
+
+    ntfy.sh {
+        reverse_proxy 127.0.0.1:2586
+    }
+    http://nfty.sh {
+        reverse_proxy 127.0.0.1:2586
+    }
+    ```
+
 ## Firebase (FCM)
 !!! info
     Using Firebase is **optional** and only works if you modify and [build your own Android .apk](develop.md#android-app).
@@ -214,17 +325,26 @@ firebase-key-file: "/etc/ntfy/ntfy-sh-firebase-adminsdk-ahnce-9f4d6f14b5.json"
 ## Rate limiting
 !!! info
     Be aware that if you are running ntfy behind a proxy, you must set the `behind-proxy` flag. 
-    Otherwise all visitors are rate limited as if they are one.
+    Otherwise, all visitors are rate limited as if they are one.
 
 By default, ntfy runs without authentication, so it is vitally important that we protect the server from abuse or overload.
-There are various limits and rate limits in place that you can use to configure the server. Let's do the easy ones first:
+There are various limits and rate limits in place that you can use to configure the server:
 
-* `global-topic-limit` defines the total number of topics before the server rejects new topics. It defaults to 5000.
+* **Global limit**: A global limit applies across all visitors (IPs, clients, users)
+* **Visitor limit**: A visitor limit only applies to a certain visitor. A **visitor** is identified by its IP address 
+  (or the `X-Forwarded-For` header if `behind-proxy` is set). All config options that start with the word `visitor` apply 
+  only on a per-visitor basis.
+
+During normal usage, you shouldn't encounter these limits at all, and even if you burst a few requests or emails
+(e.g. when you reconnect after a connection drop), it shouldn't have any effect.
+
+### General limits
+Let's do the easy limits first:
+
+* `global-topic-limit` defines the total number of topics before the server rejects new topics. It defaults to 15,000.
 * `visitor-subscription-limit` is the number of subscriptions (open connections) per visitor. This value defaults to 30.
 
-A **visitor** is identified by its IP address (or the `X-Forwarded-For` header if `behind-proxy` is set). All config 
+### Request limits
-options that start with the word `visitor` apply only on a per-visitor basis.   
-
 In addition to the limits above, there is a requests/second limit per visitor for all sensitive GET/PUT/POST requests.
 This limit uses a [token bucket](https://en.wikipedia.org/wiki/Token_bucket) (using Go's [rate package](https://pkg.go.dev/golang.org/x/time/rate)):
 
@@ -235,9 +355,23 @@ request every 10s (defined by `visitor-request-limit-replenish`)
 * `visitor-request-limit-burst` is the initial bucket of requests each visitor has. This defaults to 60.
 * `visitor-request-limit-replenish` is the rate at which the bucket is refilled (one request per x). Defaults to 10s.
 
-During normal usage, you shouldn't encounter this limit at all, and even if you burst a few requests shortly (e.g. when you 
+### Attachment limits
-reconnect after a connection drop), it shouldn't have any effect.
+Aside from the global file size and total attachment cache limits (see [above](#attachments)), there are two relevant 
+per-visitor limits:
 
+* `visitor-attachment-total-size-limit` is the total storage limit used for attachments per visitor. It defaults to 100M.
+  The per-visitor storage is automatically decreased as attachments expire. External attachments (attached via `X-Attach`, 
+  see [publishing docs](publish.md#attachments)) do not count here. 
+* `visitor-attachment-daily-bandwidth-limit` is the total daily attachment download/upload bandwidth limit per visitor, 
+  including PUT and GET requests. This is to protect your precious bandwidth from abuse, since egress costs money in
+  most cloud providers. This defaults to 500M.
+
+### E-mail limits
+Similarly to the request limit, there is also an e-mail limit (only relevant if [e-mail notifications](#e-mail-notifications) 
+are enabled):
+
+* `visitor-email-limit-burst` is the initial bucket of emails each visitor has. This defaults to 16.
+* `visitor-email-limit-replenish` is the rate at which the bucket is refilled (one email per x). Defaults to 1h.
 
 ## Tuning for scale
 If you're running ntfy for your home server, you probably don't need to worry about scale at all. In its default config,
@@ -249,7 +383,7 @@ Depending on *how you run it*, here are a few limits that are relevant:
 
 ### For systemd services
 If you're running ntfy in a systemd service (e.g. for .deb/.rpm packages), the main limiting factor is the
-`LimitNOFILE` setting in the systemd unit. The default open files limit for `ntfy.service` is 10000. You can override it
+`LimitNOFILE` setting in the systemd unit. The default open files limit for `ntfy.service` is 10,000. You can override it
 by creating a `/etc/systemd/system/ntfy.service.d/override.conf` file. As far as I can tell, `/etc/security/limits.conf`
 is not relevant.
 
@@ -262,7 +396,7 @@ is not relevant.
 
 ### Outside of systemd
 If you're running outside systemd, you may want to adjust your `/etc/security/limits.conf` file to
-increase the `nofile` setting. Here's an example that increases the limit to 5000. You can find out the current setting
+increase the `nofile` setting. Here's an example that increases the limit to 5,000. You can find out the current setting
 by running `ulimit -n`, or manually override it temporarily by running `ulimit -n 50000`.
 
 === "/etc/security/limits.conf"
@@ -285,6 +419,7 @@ to maintain the client connection and the connection to ntfy.
       worker_connections 40500;
     }
     ```
+
 === "/etc/systemd/system/nginx.service.d/override.conf"
     ```
     # Allow 40,000 proxy connections (2x of the desired ntfy connection count;
@@ -293,56 +428,142 @@ to maintain the client connection and the connection to ntfy.
     LimitNOFILE=40500
     ```
 
+### Banning bad actors (fail2ban)
+If you put stuff on the Internet, bad actors will try to break them or break in. [fail2ban](https://www.fail2ban.org/)
+and nginx's [ngx_http_limit_req_module module](http://nginx.org/en/docs/http/ngx_http_limit_req_module.html) can be used
+to ban client IPs if they misbehave. This is on top of the [rate limiting](#rate-limiting) inside the ntfy server.
+
+Here's an example for how ntfy.sh is configured, following the instructions from two tutorials ([here](https://easyengine.io/tutorials/nginx/fail2ban/) 
+and [here](https://easyengine.io/tutorials/nginx/block-wp-login-php-bruteforce-attack/)):
+
+=== "/etc/nginx/nginx.conf"
+    ```
+    http {
+	  limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
+    }
+    ```
+
+=== "/etc/nginx/sites-enabled/ntfy.sh"
+    ```
+    # For each server/location block
+    server {
+      location / {
+        limit_req zone=one burst=1000 nodelay;
+      }
+    }    
+    ```
+
+=== "/etc/fail2ban/filter.d/nginx-req-limit.conf"
+    ```
+    [Definition]
+    failregex = limiting requests, excess:.* by zone.*client: <HOST>
+    ignoreregex =
+    ```
+
+=== "/etc/fail2ban/jail.local"
+    ```
+    [nginx-req-limit]
+    enabled = true
+    filter = nginx-req-limit
+    action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
+    logpath = /var/log/nginx/error.log
+    findtime = 600
+    bantime = 7200
+    maxretry = 10
+    ```
+
 ## Config options
 Each config option can be set in the config file `/etc/ntfy/server.yml` (e.g. `listen-http: :80`) or as a
 CLI option (e.g. `--listen-http :80`. Here's a list of all available options. Alternatively, you can set an environment
 variable before running the `ntfy` command (e.g. `export NTFY_LISTEN_HTTP=:80`).
 
-| Config option | Env variable | Format | Default | Description |
+| Config option                              | Env variable                                    | Format           | Default | Description                                                                                                                                                                                                                     |
-|---|---|---|---|---|
+|--------------------------------------------|-------------------------------------------------|------------------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `listen-http` | `NTFY_LISTEN_HTTP` | `[host]:port` | `:80` | Listen address for the HTTP web server |
+| `base-url`                                 | `NTFY_BASE_URL`                                 | *URL*            | -       | Public facing base URL of the service (e.g. `https://ntfy.sh`)                                                                                                                                                                  |
-| `listen-https` | `NTFY_LISTEN_HTTPS` | `[host]:port` | - | Listen address for the HTTPS web server. If set, you also need to set `key-file` and `cert-file`. |
+| `listen-http`                              | `NTFY_LISTEN_HTTP`                              | `[host]:port`    | `:80`   | Listen address for the HTTP web server                                                                                                                                                                                          |
-| `key-file` | `NTFY_KEY_FILE` | *filename* | - | HTTPS/TLS private key file, only used if `listen-https` is set. |
+| `listen-https`                             | `NTFY_LISTEN_HTTPS`                             | `[host]:port`    | -       | Listen address for the HTTPS web server. If set, you also need to set `key-file` and `cert-file`.                                                                                                                               |
-| `cert-file` | `NTFY_CERT_FILE` | *filename* | - | HTTPS/TLS certificate file, only used if `listen-https` is set. |
+| `key-file`                                 | `NTFY_KEY_FILE`                                 | *filename*       | -       | HTTPS/TLS private key file, only used if `listen-https` is set.                                                                                                                                                                 |
-| `firebase-key-file` | `NTFY_FIREBASE_KEY_FILE` | *filename* | - | If set, also publish messages to a Firebase Cloud Messaging (FCM) topic for your app. This is optional and only required to save battery when using the Android app. See [Firebase (FCM](#firebase-fcm). |
+| `cert-file`                                | `NTFY_CERT_FILE`                                | *filename*       | -       | HTTPS/TLS certificate file, only used if `listen-https` is set.                                                                                                                                                                 |
-| `cache-file` | `NTFY_CACHE_FILE` | *filename* | - | If set, messages are cached in a local SQLite database instead of only in-memory. This allows for service restarts without losing messages in support of the since= parameter. See [message cache](#message-cache). |
+| `firebase-key-file`                        | `NTFY_FIREBASE_KEY_FILE`                        | *filename*       | -       | If set, also publish messages to a Firebase Cloud Messaging (FCM) topic for your app. This is optional and only required to save battery when using the Android app. See [Firebase (FCM](#firebase-fcm).                        |
-| `cache-duration` | `NTFY_CACHE_DURATION` | *duration* | 12h | Duration for which messages will be buffered before they are deleted. This is required to support the `since=...` and `poll=1` parameter. Set this to `0` to disable the cache entirely. |
+| `cache-file`                               | `NTFY_CACHE_FILE`                               | *filename*       | -       | If set, messages are cached in a local SQLite database instead of only in-memory. This allows for service restarts without losing messages in support of the since= parameter. See [message cache](#message-cache).             |
-| `keepalive-interval` | `NTFY_KEEPALIVE_INTERVAL` | *duration* | 30s | Interval in which keepalive messages are sent to the client. This is to prevent intermediaries closing the connection for inactivity. Note that the Android app has a hardcoded timeout at 77s, so it should be less than that. |
+| `cache-duration`                           | `NTFY_CACHE_DURATION`                           | *duration*       | 12h     | Duration for which messages will be buffered before they are deleted. This is required to support the `since=...` and `poll=1` parameter. Set this to `0` to disable the cache entirely.                                        |
-| `manager-interval` | `$NTFY_MANAGER_INTERVAL` | *duration* | 1m | Interval in which the manager prunes old messages, deletes topics and prints the stats. |
+| `behind-proxy`                             | `NTFY_BEHIND_PROXY`                             | *bool*           | false   | If set, the X-Forwarded-For header is used to determine the visitor IP address instead of the remote address of the connection.                                                                                                 |
-| `global-topic-limit` | `NTFY_GLOBAL_TOPIC_LIMIT` | *number* | 5000 | Rate limiting: Total number of topics before the server rejects new topics. |
+| `attachment-cache-dir`                     | `NTFY_ATTACHMENT_CACHE_DIR`                     | *directory*      | -       | Cache directory for attached files. To enable attachments, this has to be set.                                                                                                                                                  |
-| `visitor-subscription-limit` | `NTFY_VISITOR_SUBSCRIPTION_LIMIT` | *number* | 30 | Rate limiting: Number of subscriptions per visitor (IP address) |
+| `attachment-total-size-limit`              | `NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT`              | *size*           | 5G      | Limit of the on-disk attachment cache directory. If the limits is exceeded, new attachments will be rejected.                                                                                                                   |
-| `visitor-request-limit-burst` | `NTFY_VISITOR_REQUEST_LIMIT_BURST` | *number* | 60 | Allowed GET/PUT/POST requests per second, per visitor. This setting is the initial bucket of requests each visitor has |
+| `attachment-file-size-limit`               | `NTFY_ATTACHMENT_FILE_SIZE_LIMIT`               | *size*           | 15M     | Per-file attachment size limit (e.g. 300k, 2M, 100M). Larger attachment will be rejected.                                                                                                                                       |
-| `visitor-request-limit-replenish` | `NTFY_VISITOR_REQUEST_LIMIT_REPLENISH` | *duration* | 10s | Strongly related to `visitor-request-limit-burst`: The rate at which the bucket is refilled |
+| `attachment-expiry-duration`               | `NTFY_ATTACHMENT_EXPIRY_DURATION`               | *duration*       | 3h      | Duration after which uploaded attachments will be deleted (e.g. 3h, 20h). Strongly affects `visitor-attachment-total-size-limit`.                                                                                               |
-| `behind-proxy` | `NTFY_BEHIND_PROXY` | *bool* | false | If set, the X-Forwarded-For header is used to determine the visitor IP address instead of the remote address of the connection. |
+| `smtp-sender-addr`                         | `NTFY_SMTP_SENDER_ADDR`                         | `host:port`      | -       | SMTP server address to allow email sending                                                                                                                                                                                      |
+| `smtp-sender-user`                         | `NTFY_SMTP_SENDER_USER`                         | *string*         | -       | SMTP user; only used if e-mail sending is enabled                                                                                                                                                                               |
+| `smtp-sender-pass`                         | `NTFY_SMTP_SENDER_PASS`                         | *string*         | -       | SMTP password; only used if e-mail sending is enabled                                                                                                                                                                           |
+| `smtp-sender-from`                         | `NTFY_SMTP_SENDER_FROM`                         | *e-mail address* | -       | SMTP sender e-mail address; only used if e-mail sending is enabled                                                                                                                                                              |
+| `smtp-server-listen`                       | `NTFY_SMTP_SERVER_LISTEN`                       | `[ip]:port`      | -       | Defines the IP address and port the SMTP server will listen on, e.g. `:25` or `1.2.3.4:25`                                                                                                                                      |
+| `smtp-server-domain`                       | `NTFY_SMTP_SERVER_DOMAIN`                       | *domain name*    | -       | SMTP server e-mail domain, e.g. `ntfy.sh`                                                                                                                                                                                       |
+| `smtp-server-addr-prefix`                  | `NTFY_SMTP_SERVER_ADDR_PREFIX`                  | `[ip]:port`      | -       | Optional prefix for the e-mail addresses to prevent spam, e.g. `ntfy-`                                                                                                                                                          |
+| `keepalive-interval`                       | `NTFY_KEEPALIVE_INTERVAL`                       | *duration*       | 55s     | Interval in which keepalive messages are sent to the client. This is to prevent intermediaries closing the connection for inactivity. Note that the Android app has a hardcoded timeout at 77s, so it should be less than that. |
+| `manager-interval`                         | `$NTFY_MANAGER_INTERVAL`                        | *duration*       | 1m      | Interval in which the manager prunes old messages, deletes topics and prints the stats.                                                                                                                                         |
+| `global-topic-limit`                       | `NTFY_GLOBAL_TOPIC_LIMIT`                       | *number*         | 15,000  | Rate limiting: Total number of topics before the server rejects new topics.                                                                                                                                                     |
+| `visitor-subscription-limit`               | `NTFY_VISITOR_SUBSCRIPTION_LIMIT`               | *number*         | 30      | Rate limiting: Number of subscriptions per visitor (IP address)                                                                                                                                                                 |
+| `visitor-attachment-total-size-limit`      | `NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT`      | *size*           | 100M    | Rate limiting: Total storage limit used for attachments per visitor, for all attachments combined. Storage is freed after attachments expire. See `attachment-expiry-duration`.                                                 |
+| `visitor-attachment-daily-bandwidth-limit` | `NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT` | *size*           | 500M    | Rate limiting: Total daily attachment download/upload traffic limit per visitor. This is to protect your bandwidth costs from exploding.                                                                                        |
+| `visitor-request-limit-burst`              | `NTFY_VISITOR_REQUEST_LIMIT_BURST`              | *number*         | 60      | Rate limiting: Allowed GET/PUT/POST requests per second, per visitor. This setting is the initial bucket of requests each visitor has                                                                                           |
+| `visitor-request-limit-replenish`          | `NTFY_VISITOR_REQUEST_LIMIT_REPLENISH`          | *duration*       | 10s     | Rate limiting: Strongly related to `visitor-request-limit-burst`: The rate at which the bucket is refilled                                                                                                                      |
+| `visitor-email-limit-burst`                | `NTFY_VISITOR_EMAIL_LIMIT_BURST`                | *number*         | 16      | Rate limiting:Initial limit of e-mails per visitor                                                                                                                                                                              |
+| `visitor-email-limit-replenish`            | `NTFY_VISITOR_EMAIL_LIMIT_REPLENISH`            | *duration*       | 1h      | Rate limiting: Strongly related to `visitor-email-limit-burst`: The rate at which the bucket is refilled                                                                                                                        |
 
-The format for a *duration* is: `<number>(smh)`, e.g. 30s, 20m or 1h.
+The format for a *duration* is: `<number>(smh)`, e.g. 30s, 20m or 1h.   
+The format for a *size* is: `<number>(GMK)`, e.g. 1G, 200M or 4000k.
 
 ## Command line options
 ```
-$ ntfy --help
+$ ntfy serve --help
 NAME:
-   ntfy - Simple pub-sub notification service
+   ntfy serve - Run the ntfy server
 
 USAGE:
-   ntfy [OPTION..]
+   ntfy serve [OPTIONS..]
 
-GLOBAL OPTIONS:
+DESCRIPTION:
-   --config value, -c value                           config file (default: /etc/ntfy/server.yml) [$NTFY_CONFIG_FILE]
+   Run the ntfy server and listen for incoming requests
-   --listen-http value, -l value                      ip:port used to as listen address (default: ":80") [$NTFY_LISTEN_HTTP]
+   
-   --firebase-key-file value, -F value                Firebase credentials file; if set additionally publish to FCM topic [$NTFY_FIREBASE_KEY_FILE]
+   The command will load the configuration from /etc/ntfy/server.yml. Config options can 
-   --cache-file value, -C value                       cache file used for message caching [$NTFY_CACHE_FILE]
+   be overridden using the command line options.
-   --cache-duration since, -b since                   buffer messages for this time to allow since requests (default: 12h0m0s) [$NTFY_CACHE_DURATION]
+   
-   --keepalive-interval value, -k value               interval of keepalive messages (default: 30s) [$NTFY_KEEPALIVE_INTERVAL]
+   Examples:
-   --manager-interval value, -m value                 interval of for message pruning and stats printing (default: 1m0s) [$NTFY_MANAGER_INTERVAL]
+     ntfy serve                      # Starts server in the foreground (on port 80)
-   --global-topic-limit value, -T value               total number of topics allowed (default: 5000) [$NTFY_GLOBAL_TOPIC_LIMIT]
+     ntfy serve --listen-http :8080  # Starts server with alternate port
-   --visitor-subscription-limit value, -V value       number of subscriptions per visitor (default: 30) [$NTFY_VISITOR_SUBSCRIPTION_LIMIT]
-   --visitor-request-limit-burst value, -B value      initial limit of requests per visitor (default: 60) [$NTFY_VISITOR_REQUEST_LIMIT_BURST]
-   --visitor-request-limit-replenish value, -R value  interval at which burst limit is replenished (one per x) (default: 10s) [$NTFY_VISITOR_REQUEST_LIMIT_REPLENISH]
-   --behind-proxy, -P                                 if set, use X-Forwarded-For header to determine visitor IP address (for rate limiting) (default: false) [$NTFY_BEHIND_PROXY]
 
-Try 'ntfy COMMAND --help' for more information.
+OPTIONS:
-
+   --config value, -c value                          config file (default: /etc/ntfy/server.yml) [$NTFY_CONFIG_FILE]
-ntfy v1.4.8 (7b8185c), runtime go1.17, built at 1637872539
+   --base-url value, -B value                        externally visible base URL for this host (e.g. https://ntfy.sh) [$NTFY_BASE_URL]
-Copyright (C) 2021 Philipp C. Heckel, distributed under the Apache License 2.0
+   --listen-http value, -l value                     ip:port used to as HTTP listen address (default: ":80") [$NTFY_LISTEN_HTTP]
+   --listen-https value, -L value                    ip:port used to as HTTPS listen address [$NTFY_LISTEN_HTTPS]
+   --key-file value, -K value                        private key file, if listen-https is set [$NTFY_KEY_FILE]
+   --cert-file value, -E value                       certificate file, if listen-https is set [$NTFY_CERT_FILE]
+   --firebase-key-file value, -F value               Firebase credentials file; if set additionally publish to FCM topic [$NTFY_FIREBASE_KEY_FILE]
+   --cache-file value, -C value                      cache file used for message caching [$NTFY_CACHE_FILE]
+   --cache-duration since, -b since                  buffer messages for this time to allow since requests (default: 12h0m0s) [$NTFY_CACHE_DURATION]
+   --attachment-cache-dir value                      cache directory for attached files [$NTFY_ATTACHMENT_CACHE_DIR]
+   --attachment-total-size-limit value, -A value     limit of the on-disk attachment cache (default: 5G) [$NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT]
+   --attachment-file-size-limit value, -Y value      per-file attachment size limit (e.g. 300k, 2M, 100M) (default: 15M) [$NTFY_ATTACHMENT_FILE_SIZE_LIMIT]
+   --attachment-expiry-duration value, -X value      duration after which uploaded attachments will be deleted (e.g. 3h, 20h) (default: 3h) [$NTFY_ATTACHMENT_EXPIRY_DURATION]
+   --keepalive-interval value, -k value              interval of keepalive messages (default: 55s) [$NTFY_KEEPALIVE_INTERVAL]
+   --manager-interval value, -m value                interval of for message pruning and stats printing (default: 1m0s) [$NTFY_MANAGER_INTERVAL]
+   --smtp-sender-addr value                          SMTP server address (host:port) for outgoing emails [$NTFY_SMTP_SENDER_ADDR]
+   --smtp-sender-user value                          SMTP user (if e-mail sending is enabled) [$NTFY_SMTP_SENDER_USER]
+   --smtp-sender-pass value                          SMTP password (if e-mail sending is enabled) [$NTFY_SMTP_SENDER_PASS]
+   --smtp-sender-from value                          SMTP sender address (if e-mail sending is enabled) [$NTFY_SMTP_SENDER_FROM]
+   --smtp-server-listen value                        SMTP server address (ip:port) for incoming emails, e.g. :25 [$NTFY_SMTP_SERVER_LISTEN]
+   --smtp-server-domain value                        SMTP domain for incoming e-mail, e.g. ntfy.sh [$NTFY_SMTP_SERVER_DOMAIN]
+   --smtp-server-addr-prefix value                   SMTP email address prefix for topics to prevent spam (e.g. 'ntfy-') [$NTFY_SMTP_SERVER_ADDR_PREFIX]
+   --global-topic-limit value, -T value              total number of topics allowed (default: 15000) [$NTFY_GLOBAL_TOPIC_LIMIT]
+   --visitor-subscription-limit value                number of subscriptions per visitor (default: 30) [$NTFY_VISITOR_SUBSCRIPTION_LIMIT]
+   --visitor-attachment-total-size-limit value       total storage limit used for attachments per visitor (default: "100M") [$NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT]
+   --visitor-attachment-daily-bandwidth-limit value  total daily attachment download/upload bandwidth limit per visitor (default: "500M") [$NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT]
+   --visitor-request-limit-burst value               initial limit of requests per visitor (default: 60) [$NTFY_VISITOR_REQUEST_LIMIT_BURST]
+   --visitor-request-limit-replenish value           interval at which burst limit is replenished (one per x) (default: 10s) [$NTFY_VISITOR_REQUEST_LIMIT_REPLENISH]
+   --visitor-email-limit-burst value                 initial limit of e-mails per visitor (default: 16) [$NTFY_VISITOR_EMAIL_LIMIT_BURST]
+   --visitor-email-limit-replenish value             interval at which burst limit is replenished (one per x) (default: 1h0m0s) [$NTFY_VISITOR_EMAIL_LIMIT_REPLENISH]
+   --behind-proxy, -P                                if set, use X-Forwarded-For header to determine visitor IP address (for rate limiting) (default: false) [$NTFY_BEHIND_PROXY]
+   --help, -h                                        show help (default: false)
 ```
 

docs/install.md

@@ -26,21 +26,21 @@ deb/rpm packages.
 
 === "x86_64/amd64"
     ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.8.0/ntfy_1.8.0_linux_x86_64.tar.gz
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.12.1/ntfy_1.12.1_linux_x86_64.tar.gz
     sudo tar -C /usr/bin -zxf ntfy_*.tar.gz ntfy
     sudo ./ntfy serve
     ```
 
 === "armv7/armhf"
     ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.8.0/ntfy_1.8.0_linux_armv7.tar.gz
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.12.1/ntfy_1.12.1_linux_armv7.tar.gz
     sudo tar -C /usr/bin -zxf ntfy_*.tar.gz ntfy
     sudo ./ntfy serve
     ```
 
 === "arm64"
     ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.8.0/ntfy_1.8.0_linux_arm64.tar.gz
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.12.1/ntfy_1.12.1_linux_arm64.tar.gz
     sudo tar -C /usr/bin -zxf ntfy_*.tar.gz ntfy
     sudo ./ntfy serve
     ```
@@ -88,7 +88,7 @@ Manually installing the .deb file:
 
 === "x86_64/amd64"
     ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.8.0/ntfy_1.8.0_linux_amd64.deb
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.12.1/ntfy_1.12.1_linux_amd64.deb
     sudo dpkg -i ntfy_*.deb
     sudo systemctl enable ntfy
     sudo systemctl start ntfy
@@ -96,7 +96,7 @@ Manually installing the .deb file:
 
 === "armv7/armhf"
     ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.8.0/ntfy_1.8.0_linux_armv7.deb
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.12.1/ntfy_1.12.1_linux_armv7.deb
     sudo dpkg -i ntfy_*.deb
     sudo systemctl enable ntfy
     sudo systemctl start ntfy
@@ -104,7 +104,7 @@ Manually installing the .deb file:
 
 === "arm64"
     ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.8.0/ntfy_1.8.0_linux_arm64.deb
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.12.1/ntfy_1.12.1_linux_arm64.deb
     sudo dpkg -i ntfy_*.deb
     sudo systemctl enable ntfy
     sudo systemctl start ntfy
@@ -114,25 +114,39 @@ Manually installing the .deb file:
 
 === "x86_64/amd64"
     ```bash
-    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.8.0/ntfy_1.8.0_linux_amd64.rpm
+    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.12.1/ntfy_1.12.1_linux_amd64.rpm
     sudo systemctl enable ntfy 
     sudo systemctl start ntfy
     ```
 
 === "armv7/armhf"
     ```bash
-    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.8.0/ntfy_1.8.0_linux_armv7.rpm
+    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.12.1/ntfy_1.12.1_linux_armv7.rpm
     sudo systemctl enable ntfy 
     sudo systemctl start ntfy
     ```
 
 === "arm64"
     ```bash
-    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.8.0/ntfy_1.8.0_linux_arm64.rpm
+    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.12.1/ntfy_1.12.1_linux_arm64.rpm
     sudo systemctl enable ntfy 
     sudo systemctl start ntfy
     ```
 
+## Arch Linux
+ntfy can be installed using an [AUR package](https://aur.archlinux.org/packages/ntfysh-bin/). You can use an [AUR helper](https://wiki.archlinux.org/title/AUR_helpers) like `paru`, `yay` or others to download, build and install ntfy and keep it up to date.
+```
+paru -S ntfysh-bin
+```
+
+Alternatively, run the following commands to install ntfy manually:
+```
+curl https://aur.archlinux.org/cgit/aur.git/snapshot/ntfysh-bin.tar.gz | tar xzv
+cd ntfysh-bin
+makepkg -si
+```
+
+
 ## Docker
 The [ntfy image](https://hub.docker.com/r/binwiederhier/ntfy) is available for amd64, armv7 and arm64. It should be pretty
 straight forward to use.
@@ -167,6 +181,14 @@ docker run \
   serve
 ```
 
+Alternatively, you may wish to build a customized Docker image that can be run with fewer command-line arguments and without delivering the configuration file separately.
+```
+FROM binwiederhier/ntfy
+COPY server.yml /etc/ntfy/server.yml
+ENTRYPOINT ["ntfy", "serve"]
+```
+This image can be pushed to a container registry and shipped independently. All that's needed when running it is mapping ntfy's port to a host port.
+
 ## Go
 To install via Go, simply run:
 ```bash

docs/publish.md

@@ -592,6 +592,353 @@ Here's an example with a custom message, tags and a priority:
     file_get_contents('https://ntfy.sh/mywebhook/publish?message=Webhook+triggered&priority=high&tags=warning,skull');
     ```
 
+## Click action
+You can define which URL to open when a notification is clicked. This may be useful if your notification is related 
+to a Zabbix alert or a transaction that you'd like to provide the deep-link for. Tapping the notification will open
+the web browser (or the app) and open the website.
+
+Here's an example that will open Reddit when the notification is clicked:
+
+=== "Command line (curl)"
+    ```
+    curl \
+        -d "New messages on Reddit" \
+        -H "Click: https://www.reddit.com/message/messages" \
+        ntfy.sh/reddit_alerts
+    ```
+
+=== "ntfy CLI"
+    ```
+    ntfy publish \
+        --click="https://www.reddit.com/message/messages" \
+        reddit_alerts "New messages on Reddit"
+    ```
+
+=== "HTTP"
+    ``` http
+    POST /reddit_alerts HTTP/1.1
+    Host: ntfy.sh
+    Click: https://www.reddit.com/message/messages 
+
+    New messages on Reddit
+    ```
+
+=== "JavaScript"
+    ``` javascript
+    fetch('https://ntfy.sh/reddit_alerts', {
+        method: 'POST',
+        body: 'New messages on Reddit',
+        headers: { 'Click': 'https://www.reddit.com/message/messages' }
+    })
+    ```
+
+=== "Go"
+    ``` go
+    req, _ := http.NewRequest("POST", "https://ntfy.sh/reddit_alerts", strings.NewReader("New messages on Reddit"))
+    req.Header.Set("Click", "https://www.reddit.com/message/messages")
+    http.DefaultClient.Do(req)
+    ```
+
+=== "Python"
+    ``` python
+    requests.post("https://ntfy.sh/reddit_alerts",
+        data="New messages on Reddit",
+        headers={ "Click": "https://www.reddit.com/message/messages" })
+    ```
+
+=== "PHP"
+    ``` php-inline
+    file_get_contents('https://ntfy.sh/reddit_alerts', false, stream_context_create([
+        'http' => [
+            'method' => 'POST',
+            'header' =>
+                "Content-Type: text/plain\r\n" .
+                "Click: https://www.reddit.com/message/messages",
+            'content' => 'New messages on Reddit'
+        ]
+    ]));
+    ```
+
+## Attachments
+You can **send images and other files to your phone** as attachments to a notification. The attachments are then downloaded
+onto your phone (depending on size and setting automatically), and can be used from the Downloads folder.
+
+There are two different ways to send attachments: 
+
+* sending [a local file](#attach-local-file) via PUT, e.g. from `~/Flowers/flower.jpg` or `ringtone.mp3`
+* or by [passing an external URL](#attach-file-from-a-url) as an attachment, e.g. `https://f-droid.org/F-Droid.apk` 
+
+### Attach local file
+To **send a file from your computer** as an attachment, you can send it as the PUT request body. If a message is greater 
+than the maximum message size (4,096 bytes) or consists of non UTF-8 characters, the ntfy server will automatically 
+detect the mime type and size, and send the message as an attachment file. To send smaller text-only messages or files 
+as attachments, you must pass a filename by passing the `X-Filename` header or query parameter (or any of its aliases 
+`Filename`, `File` or `f`). 
+
+By default, and how ntfy.sh is configured, the **max attachment size is 15 MB** (with 100 MB total per visitor). 
+Attachments **expire after 3 hours**, which typically is plenty of time for the user to download it, or for the Android app
+to auto-download it. Please also check out the [other limits below](#limitations).
+
+Here's an example showing how to upload an image:
+
+=== "Command line (curl)"
+    ```
+    curl \
+        -T flower.jpg \
+        -H "Filename: flower.jpg" \
+        ntfy.sh/flowers
+    ```
+
+=== "ntfy CLI"
+    ```
+    ntfy publish \
+        --file=flower.jpg \
+        flowers
+    ```
+
+=== "HTTP"
+    ``` http
+    PUT /flowers HTTP/1.1
+    Host: ntfy.sh
+    Filename: flower.jpg
+    Content-Type: 52312
+
+    <binary JPEG data>
+    ```
+
+=== "JavaScript"
+    ``` javascript
+    fetch('https://ntfy.sh/flowers', {
+        method: 'PUT',
+        body: document.getElementById("file").files[0],
+        headers: { 'Filename': 'flower.jpg' }
+    })
+    ```
+
+=== "Go"
+    ``` go
+    file, _ := os.Open("flower.jpg")
+    req, _ := http.NewRequest("PUT", "https://ntfy.sh/flowers", file)
+    req.Header.Set("Filename", "flower.jpg")
+    http.DefaultClient.Do(req)
+    ```
+
+=== "Python"
+    ``` python
+    requests.put("https://ntfy.sh/flowers",
+        data=open("flower.jpg", 'rb'),
+        headers={ "Filename": "flower.jpg" })
+    ```
+
+=== "PHP"
+    ``` php-inline
+    file_get_contents('https://ntfy.sh/flowers', false, stream_context_create([
+        'http' => [
+            'method' => 'PUT',
+            'header' =>
+                "Content-Type: application/octet-stream\r\n" . // Does not matter
+                "Filename: flower.jpg",
+            'content' => file_get_contents('flower.jpg') // Dangerous for large files 
+        ]
+    ]));
+    ```
+
+Here's what that looks like on Android:
+
+<figure markdown>
+  ![image attachment](static/img/android-screenshot-attachment-image.png){ width=500 }
+  <figcaption>Image attachment sent from a local file</figcaption>
+</figure>
+
+### Attach file from a URL
+Instead of sending a local file to your phone, you can use **an external URL** to specify where the attachment is hosted.
+This could be a Dropbox link, a file from social media, or any other publicly available URL. Since the files are 
+externally hosted, the expiration or size limits from above do not apply here.
+
+To attach an external file, simple pass the `X-Attach` header or query parameter (or any of its aliases `Attach` or `a`)
+to specify the attachment URL. It can be any type of file. Here's an example showing how to upload an image:
+
+=== "Command line (curl)"
+    ```
+    curl \
+        -X POST \
+        -H "Attach: https://f-droid.org/F-Droid.apk" \
+        ntfy.sh/mydownloads
+    ```
+
+=== "ntfy CLI"
+    ```
+    ntfy publish \
+        --attach="https://f-droid.org/F-Droid.apk" \
+        mydownloads
+    ```
+
+=== "HTTP"
+    ``` http
+    POST /mydownloads HTTP/1.1
+    Host: ntfy.sh
+    Attach: https://f-droid.org/F-Droid.apk
+    ```
+
+=== "JavaScript"
+    ``` javascript
+    fetch('https://ntfy.sh/mydownloads', {
+        method: 'POST',
+        headers: { 'Attach': 'https://f-droid.org/F-Droid.apk' }
+    })
+    ```
+
+=== "Go"
+    ``` go
+    req, _ := http.NewRequest("POST", "https://ntfy.sh/mydownloads", file)
+    req.Header.Set("Attach", "https://f-droid.org/F-Droid.apk")
+    http.DefaultClient.Do(req)
+    ```
+
+=== "Python"
+    ``` python
+    requests.put("https://ntfy.sh/mydownloads",
+        headers={ "Attach": "https://f-droid.org/F-Droid.apk" })
+    ```
+
+=== "PHP"
+    ``` php-inline
+    file_get_contents('https://ntfy.sh/mydownloads', false, stream_context_create([
+        'http' => [
+        'method' => 'PUT',
+        'header' =>
+            "Content-Type: text/plain\r\n" . // Does not matter
+            "Attach: https://f-droid.org/F-Droid.apk",
+        ]
+    ]));
+    ```
+
+<figure markdown>
+  ![file attachment](static/img/android-screenshot-attachment-file.png){ width=500 }
+  <figcaption>File attachment sent from an external URL</figcaption>
+</figure>
+
+## E-mail notifications
+You can forward messages to e-mail by specifying an address in the header. This can be useful for messages that 
+you'd like to persist longer, or to blast-notify yourself on all possible channels. 
+
+Usage is easy: Simply pass the `X-Email` header (or any of its aliases: `X-E-mail`, `Email`, `E-mail`, `Mail`, or `e`).
+Only one e-mail address is supported.
+
+Since ntfy does not provide auth (yet), the rate limiting is pretty strict (see [limitations](#limitations)). In the 
+default configuration, you get **16 e-mails per visitor** (IP address) and then after that one per hour. On top of 
+that, your IP address appears in the e-mail body. This is to prevent abuse.
+
+=== "Command line (curl)"
+    ```
+    curl \
+        -H "Email: phil@example.com" \
+        -H "Tags: warning,skull,backup-host,ssh-login" \
+        -H "Priority: high" \
+        -d "Unknown login from 5.31.23.83 to backups.example.com" \
+        ntfy.sh/alerts
+    curl -H "Email: phil@example.com" -d "You've Got Mail" 
+    curl -d "You've Got Mail" "ntfy.sh/alerts?email=phil@example.com"
+    ```
+
+=== "ntfy CLI"
+    ```
+    ntfy publish \
+        --email=phil@example.com \
+        --tags=warning,skull,backup-host,ssh-login \
+        --priority=high \
+        alerts "Unknown login from 5.31.23.83 to backups.example.com"
+    ```
+
+=== "HTTP"
+    ``` http
+    POST /alerts HTTP/1.1
+    Host: ntfy.sh
+    Email: phil@example.com
+    Tags: warning,skull,backup-host,ssh-login
+    Priority: high
+
+    Unknown login from 5.31.23.83 to backups.example.com
+    ```
+
+=== "JavaScript"
+    ``` javascript
+    fetch('https://ntfy.sh/alerts', {
+        method: 'POST',
+        body: "Unknown login from 5.31.23.83 to backups.example.com",
+        headers: { 
+            'Email': 'phil@example.com',
+            'Tags': 'warning,skull,backup-host,ssh-login',
+            'Priority': 'high'
+        }
+    })
+    ```
+
+=== "Go"
+    ``` go
+    req, _ := http.NewRequest("POST", "https://ntfy.sh/alerts", 
+        strings.NewReader("Unknown login from 5.31.23.83 to backups.example.com"))
+    req.Header.Set("Email", "phil@example.com")
+    req.Header.Set("Tags", "warning,skull,backup-host,ssh-login")
+    req.Header.Set("Priority", "high")
+    http.DefaultClient.Do(req)
+    ```
+
+=== "Python"
+    ``` python
+    requests.post("https://ntfy.sh/alerts",
+        data="Unknown login from 5.31.23.83 to backups.example.com",
+        headers={ 
+            "Email": "phil@example.com",
+            "Tags": "warning,skull,backup-host,ssh-login",
+            "Priority": "high"
+        })
+    ```
+
+=== "PHP"
+    ``` php-inline
+    file_get_contents('https://ntfy.sh/alerts', false, stream_context_create([
+        'http' => [
+            'method' => 'POST',
+            'header' =>
+                "Content-Type: text/plain\r\n" .
+                "Email: phil@example.com\r\n" .
+                "Tags: warning,skull,backup-host,ssh-login\r\n" .
+                "Priority: high",
+            'content' => 'Unknown login from 5.31.23.83 to backups.example.com'
+        ]
+    ]));
+    ```
+
+Here's what that looks like in Google Mail:
+
+<figure markdown>
+  ![e-mail notification](static/img/screenshot-email.png){ width=600 }
+  <figcaption>E-mail notification</figcaption>
+</figure>
+
+## E-mail publishing
+You can publish messages to a topic via e-mail, i.e. by sending an email to a specific address. For instance, you can
+publish a message to the topic `sometopic` by sending an e-mail to `ntfy-sometopic@ntfy.sh`. This is useful for e-mail 
+based integrations such as for statuspage.io (though these days most services also support webhooks and HTTP calls).
+
+Depending on the [server configuration](config.md#e-mail-publishing), the e-mail address format can have a prefix to 
+prevent spam on topics. For ntfy.sh, the prefix is configured to `ntfy-`, meaning that the general e-mail address 
+format is:
+
+```
+ntfy-$topic@ntfy.sh
+```
+
+As of today, e-mail publishing only supports adding a [message title](#message-title) (the e-mail subject). Tags, priority,
+delay and other features are not supported (yet). Here's an example that will publish a message with the 
+title `You've Got Mail` to topic `sometopic` (see [ntfy.sh/sometopic](https://ntfy.sh/sometopic)):
+
+<figure markdown>
+  ![e-mail publishing](static/img/screenshot-email-publishing-gmail.png){ width=500 }
+  <figcaption>Publishing a message via e-mail</figcaption>
+</figure>
+
 ## Advanced features
 
 ### Message caching
@@ -739,16 +1086,33 @@ to `no`. This will instruct the server not to forward messages to Firebase.
     ]));
     ```
 
+### UnifiedPush
+!!! info
+    This setting is not relevant to users, only to app developers and people interested in [UnifiedPush](https://unifiedpush.org). 
+
+[UnifiedPush](https://unifiedpush.org) is a standard for receiving push notifications without using the Google-owned
+[Firebase Cloud Messaging (FCM)](https://firebase.google.com/docs/cloud-messaging) service. It puts push notifications
+in the control of the user. ntfy can act as a **UnifiedPush distributor**, forwarding messages to apps that support it.
+
+When publishing messages to a topic, apps using ntfy as a UnifiedPush distributor can set the `X-UnifiedPush` header or query
+parameter (or any of its aliases `unifiedpush` or `up`) to `1` to [disable Firebase](#disable-firebase). As of today, this
+option is equivalent to `Firebase: no`, but was introduced to allow future flexibility.
+
 ## Limitations
-There are a few limitations to the API to prevent abuse and to keep the server healthy. Most of them you won't run into,
+There are a few limitations to the API to prevent abuse and to keep the server healthy. Almost all of these settings 
+are configurable via the server side [rate limiting settings](config.md#rate-limiting). Most of these limits you won't run into,
 but just in case, let's list them all:
 
-| Limit | Description |
+| Limit                     | Description                                                                                                                                                               |
-|---|---|
+|---------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| **Message length** | Each message can be up to 512 bytes long. Longer messages are truncated. |
+| **Message length**        | Each message can be up to 4,096 bytes long. Longer messages are treated as [attachments](#attachments).                                                                   |
-| **Requests per second** | By default, the server is configured to allow 60 requests at once, and then refills the your allowed requests bucket at a rate of one request per 10 seconds. You can read more about this in the [rate limiting](config.md#rate-limiting) section. |
+| **Requests**              | By default, the server is configured to allow 60 requests per visitor at once, and then refills the your allowed requests bucket at a rate of one request per 10 seconds. |
-| **Subscription limits** | By default, the server allows each visitor to keep 30 connections to the server open. |
+| **E-mails**               | By default, the server is configured to allow sending 16 e-mails per visitor at once, and then refills the your allowed e-mail bucket at a rate of one per hour.          |
-| **Total number of topics** | By default, the server is configured to allow 5,000 topics. The ntfy.sh server has higher limits though. |
+| **Subscription limit**    | By default, the server allows each visitor to keep 30 connections to the server open.                                                                                     |
+| **Attachment size limit** | By default, the server allows attachments up to 15 MB in size, up to 100 MB in total per visitor and up to 5 GB across all visitors.                                      |
+| **Attachment expiry**     | By default, the server deletes attachments after 3 hours and thereby frees up space from the total visitor attachment limit.                                              |
+| **Attachment bandwidth**  | By default, the server allows 500 MB of GET/PUT/POST traffic for attachments per visitor in a 24 hour period. Traffic exceeding that is rejected.                         |
+| **Total number of topics** | By default, the server is configured to allow 15,000 topics. The ntfy.sh server has higher limits though.                                                                 |
 
 ## List of all parameters
 The following is a list of all parameters that can be passed when publishing a message. Parameter names are **case-insensitive**,
@@ -761,5 +1125,10 @@ and can be passed as **HTTP headers** or **query parameters in the URL**. They a
 | `X-Priority` | `Priority`, `prio`, `p` | [Message priority](#message-priority) |
 | `X-Tags` | `Tags`, `Tag`, `ta` | [Tags and emojis](#tags-emojis) |
 | `X-Delay` | `Delay`, `X-At`, `At`, `X-In`, `In` | Timestamp or duration for [delayed delivery](#scheduled-delivery) |
+| `X-Click` | `Click` | URL to open when [notification is clicked](#click-action) |
+| `X-Attach` | `Attach`, `a` | URL to send as an [attachment](#attachments), as an alternative to PUT/POST-ing an attachment |
+| `X-Filename` | `Filename`, `file`, `f` | Optional [attachment](#attachments) filename, as it appears in the client |
+| `X-Email` | `X-E-Mail`, `Email`, `E-Mail`, `mail`, `e` | E-mail address for [e-mail notifications](#e-mail-notifications) |
 | `X-Cache` | `Cache` | Allows disabling [message caching](#message-caching) |
 | `X-Firebase` | `Firebase` | Allows disabling [sending to Firebase](#disable-firebase) |
+| `X-UnifiedPush` | `UnifiedPush`, `up` | [UnifiedPush](#unifiedpush) publish option, currently equivalent to `Firebase: no` |

docs/static/css/extra.css

@@ -8,6 +8,12 @@
     width: unset !important;
 }
 
+.md-typeset h4 {
+    font-weight: 500 !important;
+    margin: 0 !important;
+    font-size: 1.1em !important;
+}
+
 .admonition {
     font-size: .74rem !important;
 }

docs/subscribe/phone.md

@@ -81,11 +81,28 @@ The ntfy Android app uses Firebase only for the main host `ntfy.sh`, and only in
 It won't use Firebase for any self-hosted servers, and not at all in the the F-Droid flavor.
 
 ## Integrations
+
+### UnifiedPush
+[UnifiedPush](https://unifiedpush.org) is a standard for receiving push notifications without using the Google-owned
+[Firebase Cloud Messaging (FCM)](https://firebase.google.com/docs/cloud-messaging) service. It puts push notifications 
+in the control of the user. ntfy can act as a **UnifiedPush distributor**, forwarding messages to apps that support it. 
+
+To use ntfy as a distributor, simply select it in one of the [supported apps](https://unifiedpush.org/users/apps/). 
+That's it. It's a one-step installation 😀. If desired, you can select your own [selfhosted ntfy server](../install.md)
+to handle messages. Here's an example with [FluffyChat](https://fluffychat.im/):
+
+<div id="unifiedpush-screenshots" class="screenshots">
+    <a href="../../static/img/android-screenshot-unifiedpush-fluffychat.jpg"><img src="../../static/img/android-screenshot-unifiedpush-fluffychat.jpg"/></a>
+    <a href="../../static/img/android-screenshot-unifiedpush-subscription.jpg"><img src="../../static/img/android-screenshot-unifiedpush-subscription.jpg"/></a>
+    <a href="../../static/img/android-screenshot-unifiedpush-settings.jpg"><img src="../../static/img/android-screenshot-unifiedpush-settings.jpg"/></a>
+</div>
+
+### Automation apps
 The ntfy Android app integrates nicely with automation apps such as [MacroDroid](https://play.google.com/store/apps/details?id=com.arlosoft.macrodroid)
 or [Tasker](https://play.google.com/store/apps/details?id=net.dinglisch.android.taskerm). Using Android intents, you can
 **react to incoming messages**, as well as **send messages**.
 
-### React to incoming messages
+#### React to incoming messages
 To react on incoming notifications, you have to register to intents with the `io.heckel.ntfy.MESSAGE_RECEIVED` action (see
 [code for details](https://github.com/binwiederhier/ntfy-android/blob/main/app/src/main/java/io/heckel/ntfy/msg/BroadcastService.kt)).
 Here's an example using [MacroDroid](https://play.google.com/store/apps/details?id=com.arlosoft.macrodroid)
@@ -127,7 +144,7 @@ Here's a list of extras you can access. Most likely, you'll want to filter for `
 | `tags_map` | *string* | `0=tag1,1=tag2,..` | Map of tags to make it easier to map first, second, ... tag |
 | `priority` | *int (between 1-5)* | `4` | Message [priority](../publish.md#message-priority) with 1=min, 3=default and 5=max |
 
-### Send messages using intents
+#### Send messages using intents
 To send messages from other apps (such as [MacroDroid](https://play.google.com/store/apps/details?id=com.arlosoft.macrodroid)
 and [Tasker](https://play.google.com/store/apps/details?id=net.dinglisch.android.taskerm)), you can 
 broadcast an intent with the `io.heckel.ntfy.SEND_MESSAGE` action. The ntfy Android app will forward the intent as a HTTP

go.mod

@@ -8,6 +8,7 @@ require (
 	firebase.google.com/go v3.13.0+incompatible
 	github.com/BurntSushi/toml v0.4.1 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
+	github.com/emersion/go-smtp v0.15.0
 	github.com/mattn/go-sqlite3 v1.14.9
 	github.com/olebedev/when v0.0.0-20211212231525-59bd4edcf9d6
 	github.com/stretchr/testify v1.7.0
@@ -26,8 +27,10 @@ require (
 	github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4 // indirect
 	github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21 // indirect
 	github.com/envoyproxy/go-control-plane v0.10.1 // indirect
 	github.com/envoyproxy/protoc-gen-validate v0.6.2 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/go-cmp v0.5.6 // indirect

go.sum

@@ -89,6 +89,10 @@ github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21 h1:OJyUGMJTzHTd1XQp98QTaHernxMYzRaOasRir9hUlFQ=
+github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21/go.mod h1:iL2twTeMvZnrg54ZoPDNfJaJaqy0xIQFuBdrLsmspwQ=
+github.com/emersion/go-smtp v0.15.0 h1:3+hMGMGrqP/lqd7qoxZc1hTU8LY8gHV9RFGWlqSDmP8=
+github.com/emersion/go-smtp v0.15.0/go.mod h1:qm27SGYgoIPRot6ubfQ/GpiPy/g3PaZAVRxiO/sDUgQ=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -102,6 +106,8 @@ github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPO
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/envoyproxy/protoc-gen-validate v0.6.2 h1:JiO+kJTpmYGjEodY7O1Zk8oZcNz1+f30UtwtXoFUPzE=
 github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws=
+github.com/gabriel-vasile/mimetype v1.4.0 h1:Cn9dkdYsMIu56tGho+fqzh7XmvY2YyGU0FnbhiOsEro=
+github.com/gabriel-vasile/mimetype v1.4.0/go.mod h1:fA8fi6KUiG7MgQQ+mEWotXoEOvmxRtOJlERCzSmRvr8=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -319,6 +325,7 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210505024714-0287a6fb4125/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d h1:LO7XpTYMwTqxjLcGWPijK3vRXg1aWdlNOVOHRq45d7c=
 golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=

scripts/postinst.sh

@@ -4,35 +4,34 @@ set -e
 # Restart systemd service if it was already running. Note that "deb-systemd-invoke try-restart" will
 # only act if the service is already running. If it's not running, it's a no-op.
 #
-# TODO: This is only tested on Debian.
+if [ "$1" = "configure" ] || [ "$1" -ge 1 ]; then
-#
+  if [ -d /run/systemd/system ]; then
-if [ "$1" = "configure" ] && [ -d /run/systemd/system ]; then
+    # Create ntfy user/group
-  # Create ntfy user/group
+    id ntfy >/dev/null 2>&1 || useradd --system --no-create-home ntfy
-  id ntfy >/dev/null 2>&1 || useradd --system --no-create-home ntfy
+    chown ntfy.ntfy /var/cache/ntfy /var/cache/ntfy/attachments
-  chown ntfy.ntfy /var/cache/ntfy
+    chmod 700 /var/cache/ntfy /var/cache/ntfy/attachments
-  chmod 700 /var/cache/ntfy
 
-  # Hack to change permissions on cache file
+    # Hack to change permissions on cache file
-  configfile="/etc/ntfy/server.yml"
+    configfile="/etc/ntfy/server.yml"
-  if [ -f "$configfile" ]; then
+    if [ -f "$configfile" ]; then
-    cachefile="$(cat "$configfile" | perl -n -e'/^\s*cache-file: ["'"'"']?([^"'"'"']+)["'"'"']?/ && print $1')" # Oh my, see #47
+      cachefile="$(cat "$configfile" | perl -n -e'/^\s*cache-file: ["'"'"']?([^"'"'"']+)["'"'"']?/ && print $1')" # Oh my, see #47
-    if [ -n "$cachefile" ]; then
+      if [ -n "$cachefile" ]; then
-      chown ntfy.ntfy "$cachefile" || true
+        chown ntfy.ntfy "$cachefile" || true
-      chmod 600 "$cachefile" || true
+        chmod 600 "$cachefile" || true
+      fi
     fi
-  fi
 
-  # Restart services
+    # Restart services
-  systemctl --system daemon-reload >/dev/null || true
+    systemctl --system daemon-reload >/dev/null || true
-  if systemctl is-active -q ntfy.service; then
+    if systemctl is-active -q ntfy.service; then
-    echo "Restarting ntfy.service ..."
+      echo "Restarting ntfy.service ..."
-    if [ -x /usr/bin/deb-systemd-invoke ]; then
+      if [ -x /usr/bin/deb-systemd-invoke ]; then
-      deb-systemd-invoke try-restart ntfy.service >/dev/null || true
+        deb-systemd-invoke try-restart ntfy.service >/dev/null || true
-    else
+      else
-      systemctl restart ntfy.service >/dev/null || true
+        systemctl restart ntfy.service >/dev/null || true
+      fi
     fi
-  fi
+    if systemctl is-active -q ntfy-client.service; then
-  if systemctl is-active -q ntfy-client.service; then
       echo "Restarting ntfy-client.service ..."
       if [ -x /usr/bin/deb-systemd-invoke ]; then
         deb-systemd-invoke try-restart ntfy-client.service >/dev/null || true
@@ -40,4 +39,5 @@ if [ "$1" = "configure" ] && [ -d /run/systemd/system ]; then
         systemctl restart ntfy-client.service >/dev/null || true
       fi
     fi
+  fi
 fi

scripts/postrm.sh

@@ -2,7 +2,7 @@
 set -e
 
 # Delete the config if package is purged
-if [ "$1" = "purge" ]; then
+if [ "$1" = "purge" ] || [ "$1" = "0" ]; then
   id ntfy >/dev/null 2>&1 && userdel ntfy
   rm -f /etc/ntfy/server.yml /etc/ntfy/client.yml
   rmdir /etc/ntfy || true

scripts/preinst.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 set -e
 
-if [ "$1" = "install" ] || [ "$1" = "upgrade" ]; then
+if [ "$1" = "install" ] || [ "$1" = "upgrade" ] || [ "$1" -ge 1 ]; then
   # Migration of old to new config file name
   oldconfigfile="/etc/ntfy/config.yml"
   configfile="/etc/ntfy/server.yml"

scripts/prerm.sh

@@ -2,11 +2,13 @@
 set -e
 
 # Stop systemd service
-if [ -d /run/systemd/system ] && [ "$1" = remove ]; then
+if [ -d /run/systemd/system ]; then
-  echo "Stopping ntfy.service ..."
+  if [ "$1" = "remove" ] || [ "$1" = "0" ]; then
-  if [ -x /usr/bin/deb-systemd-invoke ]; then
+    echo "Stopping ntfy.service ..."
-    deb-systemd-invoke stop 'ntfy.service' >/dev/null || true
+    if [ -x /usr/bin/deb-systemd-invoke ]; then
-  else
+      deb-systemd-invoke stop 'ntfy.service' >/dev/null || true
-    systemctl stop ntfy >/dev/null 2>&1 || true
+    else
+      systemctl stop ntfy >/dev/null 2>&1 || true
+    fi
   fi
 fi

server/cache.go

@@ -20,4 +20,6 @@ type cache interface {
 	Topics() (map[string]*topic, error)
 	Prune(olderThan time.Time) error
 	MarkPublished(m *message) error
+	AttachmentsSize(owner string) (int64, error)
+	AttachmentsExpired() ([]string, error)
 }

server/cache_mem.go

@@ -125,6 +125,35 @@ func (c *memCache) Prune(olderThan time.Time) error {
 	return nil
 }
 
+func (c *memCache) AttachmentsSize(owner string) (int64, error) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	var size int64
+	for topic := range c.messages {
+		for _, m := range c.messages[topic] {
+			counted := m.Attachment != nil && m.Attachment.Owner == owner && m.Attachment.Expires > time.Now().Unix()
+			if counted {
+				size += m.Attachment.Size
+			}
+		}
+	}
+	return size, nil
+}
+
+func (c *memCache) AttachmentsExpired() ([]string, error) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	ids := make([]string, 0)
+	for topic := range c.messages {
+		for _, m := range c.messages[topic] {
+			if m.Attachment != nil && m.Attachment.Expires > 0 && m.Attachment.Expires < time.Now().Unix() {
+				ids = append(ids, m.ID)
+			}
+		}
+	}
+	return ids, nil
+}
+
 func (c *memCache) pruneTopic(topic string, olderThan time.Time) {
 	messages := make([]*message, 0)
 	for _, m := range c.messages[topic] {

server/cache_mem_test.go

@@ -25,6 +25,10 @@ func TestMemCache_Prune(t *testing.T) {
 	testCachePrune(t, newMemCache())
 }
 
+func TestMemCache_Attachments(t *testing.T) {
+	testCacheAttachments(t, newMemCache())
+}
+
 func TestMemCache_NopCache(t *testing.T) {
 	c := newNopCache()
 	assert.Nil(t, c.AddMessage(newDefaultMessage("mytopic", "my message")))

server/cache_sqlite.go

@@ -15,34 +15,44 @@ const (
 	createMessagesTableQuery = `
 		BEGIN;
 		CREATE TABLE IF NOT EXISTS messages (
-			id VARCHAR(20) PRIMARY KEY,
+			id TEXT PRIMARY KEY,
 			time INT NOT NULL,
-			topic VARCHAR(64) NOT NULL,
+			topic TEXT NOT NULL,
-			message VARCHAR(512) NOT NULL,
+			message TEXT NOT NULL,
-			title VARCHAR(256) NOT NULL,
+			title TEXT NOT NULL,
 			priority INT NOT NULL,
-			tags VARCHAR(256) NOT NULL,
+			tags TEXT NOT NULL,
+			click TEXT NOT NULL,
+			attachment_name TEXT NOT NULL,
+			attachment_type TEXT NOT NULL,
+			attachment_size INT NOT NULL,
+			attachment_expires INT NOT NULL,
+			attachment_url TEXT NOT NULL,
+			attachment_owner TEXT NOT NULL,
 			published INT NOT NULL
 		);
 		CREATE INDEX IF NOT EXISTS idx_topic ON messages (topic);
 		COMMIT;
 	`
-	insertMessageQuery           = `INSERT INTO messages (id, time, topic, message, title, priority, tags, published) VALUES (?, ?, ?, ?, ?, ?, ?, ?)`
+	insertMessageQuery = `
+		INSERT INTO messages (id, time, topic, message, title, priority, tags, click, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, attachment_owner, published) 
+		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+	`
 	pruneMessagesQuery           = `DELETE FROM messages WHERE time < ? AND published = 1`
 	selectMessagesSinceTimeQuery = `
-		SELECT id, time, topic, message, title, priority, tags
+		SELECT id, time, topic, message, title, priority, tags, click, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, attachment_owner
 		FROM messages 
 		WHERE topic = ? AND time >= ? AND published = 1
 		ORDER BY time ASC
 	`
 	selectMessagesSinceTimeIncludeScheduledQuery = `
-		SELECT id, time, topic, message, title, priority, tags
+		SELECT id, time, topic, message, title, priority, tags, click, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, attachment_owner
 		FROM messages 
 		WHERE topic = ? AND time >= ?
 		ORDER BY time ASC
 	`
 	selectMessagesDueQuery = `
-		SELECT id, time, topic, message, title, priority, tags
+		SELECT id, time, topic, message, title, priority, tags, click, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, attachment_owner
 		FROM messages 
 		WHERE time <= ? AND published = 0
 	`
@@ -50,11 +60,13 @@ const (
 	selectMessagesCountQuery        = `SELECT COUNT(*) FROM messages`
 	selectMessageCountForTopicQuery = `SELECT COUNT(*) FROM messages WHERE topic = ?`
 	selectTopicsQuery               = `SELECT topic FROM messages GROUP BY topic`
+	selectAttachmentsSizeQuery      = `SELECT IFNULL(SUM(attachment_size), 0) FROM messages WHERE attachment_owner = ? AND attachment_expires >= ?`
+	selectAttachmentsExpiredQuery   = `SELECT id FROM messages WHERE attachment_expires > 0 AND attachment_expires < ?`
 )
 
 // Schema management queries
 const (
-	currentSchemaVersion          = 2
+	currentSchemaVersion          = 3
 	createSchemaVersionTableQuery = `
 		CREATE TABLE IF NOT EXISTS schemaVersion (
 			id INT PRIMARY KEY,
@@ -68,9 +80,9 @@ const (
 	// 0 -> 1
 	migrate0To1AlterMessagesTableQuery = `
 		BEGIN;
-		ALTER TABLE messages ADD COLUMN title VARCHAR(256) NOT NULL DEFAULT('');
+		ALTER TABLE messages ADD COLUMN title TEXT NOT NULL DEFAULT('');
 		ALTER TABLE messages ADD COLUMN priority INT NOT NULL DEFAULT(0);
-		ALTER TABLE messages ADD COLUMN tags VARCHAR(256) NOT NULL DEFAULT('');
+		ALTER TABLE messages ADD COLUMN tags TEXT NOT NULL DEFAULT('');
 		COMMIT;
 	`
 
@@ -78,6 +90,19 @@ const (
 	migrate1To2AlterMessagesTableQuery = `
 		ALTER TABLE messages ADD COLUMN published INT NOT NULL DEFAULT(1);
 	`
+
+	// 2 -> 3
+	migrate2To3AlterMessagesTableQuery = `
+		BEGIN;
+		ALTER TABLE messages ADD COLUMN click TEXT NOT NULL DEFAULT('');
+		ALTER TABLE messages ADD COLUMN attachment_name TEXT NOT NULL DEFAULT('');
+		ALTER TABLE messages ADD COLUMN attachment_type TEXT NOT NULL DEFAULT('');
+		ALTER TABLE messages ADD COLUMN attachment_size INT NOT NULL DEFAULT('0');
+		ALTER TABLE messages ADD COLUMN attachment_expires INT NOT NULL DEFAULT('0');
+		ALTER TABLE messages ADD COLUMN attachment_owner TEXT NOT NULL DEFAULT('');
+		ALTER TABLE messages ADD COLUMN attachment_url TEXT NOT NULL DEFAULT('');
+		COMMIT;
+	`
 )
 
 type sqliteCache struct {
@@ -104,7 +129,35 @@ func (c *sqliteCache) AddMessage(m *message) error {
 		return errUnexpectedMessageType
 	}
 	published := m.Time <= time.Now().Unix()
-	_, err := c.db.Exec(insertMessageQuery, m.ID, m.Time, m.Topic, m.Message, m.Title, m.Priority, strings.Join(m.Tags, ","), published)
+	tags := strings.Join(m.Tags, ",")
+	var attachmentName, attachmentType, attachmentURL, attachmentOwner string
+	var attachmentSize, attachmentExpires int64
+	if m.Attachment != nil {
+		attachmentName = m.Attachment.Name
+		attachmentType = m.Attachment.Type
+		attachmentSize = m.Attachment.Size
+		attachmentExpires = m.Attachment.Expires
+		attachmentURL = m.Attachment.URL
+		attachmentOwner = m.Attachment.Owner
+	}
+	_, err := c.db.Exec(
+		insertMessageQuery,
+		m.ID,
+		m.Time,
+		m.Topic,
+		m.Message,
+		m.Title,
+		m.Priority,
+		tags,
+		m.Click,
+		attachmentName,
+		attachmentType,
+		attachmentSize,
+		attachmentExpires,
+		attachmentURL,
+		attachmentOwner,
+		published,
+	)
 	return err
 }
 
@@ -181,29 +234,80 @@ func (c *sqliteCache) Prune(olderThan time.Time) error {
 	return err
 }
 
+func (c *sqliteCache) AttachmentsSize(owner string) (int64, error) {
+	rows, err := c.db.Query(selectAttachmentsSizeQuery, owner, time.Now().Unix())
+	if err != nil {
+		return 0, err
+	}
+	defer rows.Close()
+	var size int64
+	if !rows.Next() {
+		return 0, errors.New("no rows found")
+	}
+	if err := rows.Scan(&size); err != nil {
+		return 0, err
+	} else if err := rows.Err(); err != nil {
+		return 0, err
+	}
+	return size, nil
+}
+
+func (c *sqliteCache) AttachmentsExpired() ([]string, error) {
+	rows, err := c.db.Query(selectAttachmentsExpiredQuery, time.Now().Unix())
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	ids := make([]string, 0)
+	for rows.Next() {
+		var id string
+		if err := rows.Scan(&id); err != nil {
+			return nil, err
+		}
+		ids = append(ids, id)
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return ids, nil
+}
+
 func readMessages(rows *sql.Rows) ([]*message, error) {
 	defer rows.Close()
 	messages := make([]*message, 0)
 	for rows.Next() {
-		var timestamp int64
+		var timestamp, attachmentSize, attachmentExpires int64
 		var priority int
-		var id, topic, msg, title, tagsStr string
+		var id, topic, msg, title, tagsStr, click, attachmentName, attachmentType, attachmentURL, attachmentOwner string
-		if err := rows.Scan(&id, &timestamp, &topic, &msg, &title, &priority, &tagsStr); err != nil {
+		if err := rows.Scan(&id, &timestamp, &topic, &msg, &title, &priority, &tagsStr, &click, &attachmentName, &attachmentType, &attachmentSize, &attachmentExpires, &attachmentURL, &attachmentOwner); err != nil {
 			return nil, err
 		}
 		var tags []string
 		if tagsStr != "" {
 			tags = strings.Split(tagsStr, ",")
 		}
+		var att *attachment
+		if attachmentName != "" && attachmentURL != "" {
+			att = &attachment{
+				Name:    attachmentName,
+				Type:    attachmentType,
+				Size:    attachmentSize,
+				Expires: attachmentExpires,
+				URL:     attachmentURL,
+				Owner:   attachmentOwner,
+			}
+		}
 		messages = append(messages, &message{
-			ID:       id,
+			ID:         id,
-			Time:     timestamp,
+			Time:       timestamp,
-			Event:    messageEvent,
+			Event:      messageEvent,
-			Topic:    topic,
+			Topic:      topic,
-			Message:  msg,
+			Message:    msg,
-			Title:    title,
+			Title:      title,
-			Priority: priority,
+			Priority:   priority,
-			Tags:     tags,
+			Tags:       tags,
+			Click:      click,
+			Attachment: att,
 		})
 	}
 	if err := rows.Err(); err != nil {
@@ -241,6 +345,8 @@ func setupDB(db *sql.DB) error {
 		return migrateFrom0(db)
 	} else if schemaVersion == 1 {
 		return migrateFrom1(db)
+	} else if schemaVersion == 2 {
+		return migrateFrom2(db)
 	}
 	return fmt.Errorf("unexpected schema version found: %d", schemaVersion)
 }
@@ -280,5 +386,16 @@ func migrateFrom1(db *sql.DB) error {
 	if _, err := db.Exec(updateSchemaVersion, 2); err != nil {
 		return err
 	}
+	return migrateFrom2(db)
+}
+
+func migrateFrom2(db *sql.DB) error {
+	log.Print("Migrating cache database schema: from 2 to 3")
+	if _, err := db.Exec(migrate2To3AlterMessagesTableQuery); err != nil {
+		return err
+	}
+	if _, err := db.Exec(updateSchemaVersion, 3); err != nil {
+		return err
+	}
 	return nil // Update this when a new version is added
 }

server/cache_sqlite_test.go

@@ -29,6 +29,10 @@ func TestSqliteCache_Prune(t *testing.T) {
 	testCachePrune(t, newSqliteTestCache(t))
 }
 
+func TestSqliteCache_Attachments(t *testing.T) {
+	testCacheAttachments(t, newSqliteTestCache(t))
+}
+
 func TestSqliteCache_Migration_From0(t *testing.T) {
 	filename := newSqliteTestCacheFile(t)
 	db, err := sql.Open("sqlite3", filename)

server/cache_test.go

@@ -1,7 +1,7 @@
 package server
 
 import (
-	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"testing"
 	"time"
 )
@@ -13,71 +13,71 @@ func testCacheMessages(t *testing.T, c cache) {
 	m2 := newDefaultMessage("mytopic", "my other message")
 	m2.Time = 2
 
-	assert.Nil(t, c.AddMessage(m1))
+	require.Nil(t, c.AddMessage(m1))
-	assert.Nil(t, c.AddMessage(newDefaultMessage("example", "my example message")))
+	require.Nil(t, c.AddMessage(newDefaultMessage("example", "my example message")))
-	assert.Nil(t, c.AddMessage(m2))
+	require.Nil(t, c.AddMessage(m2))
 
 	// Adding invalid
-	assert.Equal(t, errUnexpectedMessageType, c.AddMessage(newKeepaliveMessage("mytopic"))) // These should not be added!
+	require.Equal(t, errUnexpectedMessageType, c.AddMessage(newKeepaliveMessage("mytopic"))) // These should not be added!
-	assert.Equal(t, errUnexpectedMessageType, c.AddMessage(newOpenMessage("example")))      // These should not be added!
+	require.Equal(t, errUnexpectedMessageType, c.AddMessage(newOpenMessage("example")))      // These should not be added!
 
 	// mytopic: count
 	count, err := c.MessageCount("mytopic")
-	assert.Nil(t, err)
+	require.Nil(t, err)
-	assert.Equal(t, 2, count)
+	require.Equal(t, 2, count)
 
 	// mytopic: since all
 	messages, _ := c.Messages("mytopic", sinceAllMessages, false)
-	assert.Equal(t, 2, len(messages))
+	require.Equal(t, 2, len(messages))
-	assert.Equal(t, "my message", messages[0].Message)
+	require.Equal(t, "my message", messages[0].Message)
-	assert.Equal(t, "mytopic", messages[0].Topic)
+	require.Equal(t, "mytopic", messages[0].Topic)
-	assert.Equal(t, messageEvent, messages[0].Event)
+	require.Equal(t, messageEvent, messages[0].Event)
-	assert.Equal(t, "", messages[0].Title)
+	require.Equal(t, "", messages[0].Title)
-	assert.Equal(t, 0, messages[0].Priority)
+	require.Equal(t, 0, messages[0].Priority)
-	assert.Nil(t, messages[0].Tags)
+	require.Nil(t, messages[0].Tags)
-	assert.Equal(t, "my other message", messages[1].Message)
+	require.Equal(t, "my other message", messages[1].Message)
 
 	// mytopic: since none
 	messages, _ = c.Messages("mytopic", sinceNoMessages, false)
-	assert.Empty(t, messages)
+	require.Empty(t, messages)
 
 	// mytopic: since 2
 	messages, _ = c.Messages("mytopic", sinceTime(time.Unix(2, 0)), false)
-	assert.Equal(t, 1, len(messages))
+	require.Equal(t, 1, len(messages))
-	assert.Equal(t, "my other message", messages[0].Message)
+	require.Equal(t, "my other message", messages[0].Message)
 
 	// example: count
 	count, err = c.MessageCount("example")
-	assert.Nil(t, err)
+	require.Nil(t, err)
-	assert.Equal(t, 1, count)
+	require.Equal(t, 1, count)
 
 	// example: since all
 	messages, _ = c.Messages("example", sinceAllMessages, false)
-	assert.Equal(t, "my example message", messages[0].Message)
+	require.Equal(t, "my example message", messages[0].Message)
 
 	// non-existing: count
 	count, err = c.MessageCount("doesnotexist")
-	assert.Nil(t, err)
+	require.Nil(t, err)
-	assert.Equal(t, 0, count)
+	require.Equal(t, 0, count)
 
 	// non-existing: since all
 	messages, _ = c.Messages("doesnotexist", sinceAllMessages, false)
-	assert.Empty(t, messages)
+	require.Empty(t, messages)
 }
 
 func testCacheTopics(t *testing.T, c cache) {
-	assert.Nil(t, c.AddMessage(newDefaultMessage("topic1", "my example message")))
+	require.Nil(t, c.AddMessage(newDefaultMessage("topic1", "my example message")))
-	assert.Nil(t, c.AddMessage(newDefaultMessage("topic2", "message 1")))
+	require.Nil(t, c.AddMessage(newDefaultMessage("topic2", "message 1")))
-	assert.Nil(t, c.AddMessage(newDefaultMessage("topic2", "message 2")))
+	require.Nil(t, c.AddMessage(newDefaultMessage("topic2", "message 2")))
-	assert.Nil(t, c.AddMessage(newDefaultMessage("topic2", "message 3")))
+	require.Nil(t, c.AddMessage(newDefaultMessage("topic2", "message 3")))
 
 	topics, err := c.Topics()
 	if err != nil {
 		t.Fatal(err)
 	}
-	assert.Equal(t, 2, len(topics))
+	require.Equal(t, 2, len(topics))
-	assert.Equal(t, "topic1", topics["topic1"].ID)
+	require.Equal(t, "topic1", topics["topic1"].ID)
-	assert.Equal(t, "topic2", topics["topic2"].ID)
+	require.Equal(t, "topic2", topics["topic2"].ID)
 }
 
 func testCachePrune(t *testing.T, c cache) {
@@ -90,23 +90,23 @@ func testCachePrune(t *testing.T, c cache) {
 	m3 := newDefaultMessage("another_topic", "and another one")
 	m3.Time = 1
 
-	assert.Nil(t, c.AddMessage(m1))
+	require.Nil(t, c.AddMessage(m1))
-	assert.Nil(t, c.AddMessage(m2))
+	require.Nil(t, c.AddMessage(m2))
-	assert.Nil(t, c.AddMessage(m3))
+	require.Nil(t, c.AddMessage(m3))
-	assert.Nil(t, c.Prune(time.Unix(2, 0)))
+	require.Nil(t, c.Prune(time.Unix(2, 0)))
 
 	count, err := c.MessageCount("mytopic")
-	assert.Nil(t, err)
+	require.Nil(t, err)
-	assert.Equal(t, 1, count)
+	require.Equal(t, 1, count)
 
 	count, err = c.MessageCount("another_topic")
-	assert.Nil(t, err)
+	require.Nil(t, err)
-	assert.Equal(t, 0, count)
+	require.Equal(t, 0, count)
 
 	messages, err := c.Messages("mytopic", sinceAllMessages, false)
-	assert.Nil(t, err)
+	require.Nil(t, err)
-	assert.Equal(t, 1, len(messages))
+	require.Equal(t, 1, len(messages))
-	assert.Equal(t, "my other message", messages[0].Message)
+	require.Equal(t, "my other message", messages[0].Message)
 }
 
 func testCacheMessagesTagsPrioAndTitle(t *testing.T, c cache) {
@@ -114,12 +114,12 @@ func testCacheMessagesTagsPrioAndTitle(t *testing.T, c cache) {
 	m.Tags = []string{"tag1", "tag2"}
 	m.Priority = 5
 	m.Title = "some title"
-	assert.Nil(t, c.AddMessage(m))
+	require.Nil(t, c.AddMessage(m))
 
 	messages, _ := c.Messages("mytopic", sinceAllMessages, false)
-	assert.Equal(t, []string{"tag1", "tag2"}, messages[0].Tags)
+	require.Equal(t, []string{"tag1", "tag2"}, messages[0].Tags)
-	assert.Equal(t, 5, messages[0].Priority)
+	require.Equal(t, 5, messages[0].Priority)
-	assert.Equal(t, "some title", messages[0].Title)
+	require.Equal(t, "some title", messages[0].Title)
 }
 
 func testCacheMessagesScheduled(t *testing.T, c cache) {
@@ -130,20 +130,93 @@ func testCacheMessagesScheduled(t *testing.T, c cache) {
 	m3.Time = time.Now().Add(time.Minute).Unix() // earlier than m2!
 	m4 := newDefaultMessage("mytopic2", "message 4")
 	m4.Time = time.Now().Add(time.Minute).Unix()
-	assert.Nil(t, c.AddMessage(m1))
+	require.Nil(t, c.AddMessage(m1))
-	assert.Nil(t, c.AddMessage(m2))
+	require.Nil(t, c.AddMessage(m2))
-	assert.Nil(t, c.AddMessage(m3))
+	require.Nil(t, c.AddMessage(m3))
 
 	messages, _ := c.Messages("mytopic", sinceAllMessages, false) // exclude scheduled
-	assert.Equal(t, 1, len(messages))
+	require.Equal(t, 1, len(messages))
-	assert.Equal(t, "message 1", messages[0].Message)
+	require.Equal(t, "message 1", messages[0].Message)
 
 	messages, _ = c.Messages("mytopic", sinceAllMessages, true) // include scheduled
-	assert.Equal(t, 3, len(messages))
+	require.Equal(t, 3, len(messages))
-	assert.Equal(t, "message 1", messages[0].Message)
+	require.Equal(t, "message 1", messages[0].Message)
-	assert.Equal(t, "message 3", messages[1].Message) // Order!
+	require.Equal(t, "message 3", messages[1].Message) // Order!
-	assert.Equal(t, "message 2", messages[2].Message)
+	require.Equal(t, "message 2", messages[2].Message)
 
 	messages, _ = c.MessagesDue()
-	assert.Empty(t, messages)
+	require.Empty(t, messages)
+}
+
+func testCacheAttachments(t *testing.T, c cache) {
+	expires1 := time.Now().Add(-4 * time.Hour).Unix()
+	m := newDefaultMessage("mytopic", "flower for you")
+	m.ID = "m1"
+	m.Attachment = &attachment{
+		Name:    "flower.jpg",
+		Type:    "image/jpeg",
+		Size:    5000,
+		Expires: expires1,
+		URL:     "https://ntfy.sh/file/AbDeFgJhal.jpg",
+		Owner:   "1.2.3.4",
+	}
+	require.Nil(t, c.AddMessage(m))
+
+	expires2 := time.Now().Add(2 * time.Hour).Unix() // Future
+	m = newDefaultMessage("mytopic", "sending you a car")
+	m.ID = "m2"
+	m.Attachment = &attachment{
+		Name:    "car.jpg",
+		Type:    "image/jpeg",
+		Size:    10000,
+		Expires: expires2,
+		URL:     "https://ntfy.sh/file/aCaRURL.jpg",
+		Owner:   "1.2.3.4",
+	}
+	require.Nil(t, c.AddMessage(m))
+
+	expires3 := time.Now().Add(1 * time.Hour).Unix() // Future
+	m = newDefaultMessage("another-topic", "sending you another car")
+	m.ID = "m3"
+	m.Attachment = &attachment{
+		Name:    "another-car.jpg",
+		Type:    "image/jpeg",
+		Size:    20000,
+		Expires: expires3,
+		URL:     "https://ntfy.sh/file/zakaDHFW.jpg",
+		Owner:   "1.2.3.4",
+	}
+	require.Nil(t, c.AddMessage(m))
+
+	messages, err := c.Messages("mytopic", sinceAllMessages, false)
+	require.Nil(t, err)
+	require.Equal(t, 2, len(messages))
+
+	require.Equal(t, "flower for you", messages[0].Message)
+	require.Equal(t, "flower.jpg", messages[0].Attachment.Name)
+	require.Equal(t, "image/jpeg", messages[0].Attachment.Type)
+	require.Equal(t, int64(5000), messages[0].Attachment.Size)
+	require.Equal(t, expires1, messages[0].Attachment.Expires)
+	require.Equal(t, "https://ntfy.sh/file/AbDeFgJhal.jpg", messages[0].Attachment.URL)
+	require.Equal(t, "1.2.3.4", messages[0].Attachment.Owner)
+
+	require.Equal(t, "sending you a car", messages[1].Message)
+	require.Equal(t, "car.jpg", messages[1].Attachment.Name)
+	require.Equal(t, "image/jpeg", messages[1].Attachment.Type)
+	require.Equal(t, int64(10000), messages[1].Attachment.Size)
+	require.Equal(t, expires2, messages[1].Attachment.Expires)
+	require.Equal(t, "https://ntfy.sh/file/aCaRURL.jpg", messages[1].Attachment.URL)
+	require.Equal(t, "1.2.3.4", messages[1].Attachment.Owner)
+
+	size, err := c.AttachmentsSize("1.2.3.4")
+	require.Nil(t, err)
+	require.Equal(t, int64(30000), size)
+
+	size, err = c.AttachmentsSize("5.6.7.8")
+	require.Nil(t, err)
+	require.Equal(t, int64(0), size)
+
+	ids, err := c.AttachmentsExpired()
+	require.Nil(t, err)
+	require.Equal(t, []string{"m1"}, ids)
 }

server/config.go

@@ -4,74 +4,116 @@ import (
 	"time"
 )
 
-// Defines default config settings
+// Defines default config settings (excluding limits, see below)
 const (
 	DefaultListenHTTP                = ":80"
 	DefaultCacheDuration             = 12 * time.Hour
-	DefaultKeepaliveInterval         = 30 * time.Second
+	DefaultKeepaliveInterval         = 55 * time.Second // Not too frequently to save battery (Android read timeout is 77s!)
 	DefaultManagerInterval           = time.Minute
 	DefaultAtSenderInterval          = 10 * time.Second
 	DefaultMinDelay                  = 10 * time.Second
 	DefaultMaxDelay                  = 3 * 24 * time.Hour
-	DefaultMessageLimit              = 512
+	DefaultFirebaseKeepaliveInterval = 3 * time.Hour // Not too frequently to save battery
-	DefaultFirebaseKeepaliveInterval = time.Hour
 )
 
-// Defines all the limits
+// Defines all global and per-visitor limits
-// - global topic limit: max number of topics overall
+// - message size limit: the max number of bytes for a message
-// - per visitor request limit: max number of PUT/GET/.. requests (here: 60 requests bucket, replenished at a rate of one per 10 seconds)
+// - total topic limit: max number of topics overall
-// - per visitor subscription limit: max number of subscriptions (active HTTP connections) per per-visitor/IP
+// - various attachment limits
 const (
-	DefaultGlobalTopicLimit             = 5000
+	DefaultMessageLengthLimit       = 4096 // Bytes
-	DefaultVisitorRequestLimitBurst     = 60
+	DefaultTotalTopicLimit          = 15000
-	DefaultVisitorRequestLimitReplenish = 10 * time.Second
+	DefaultAttachmentTotalSizeLimit = int64(5 * 1024 * 1024 * 1024) // 5 GB
-	DefaultVisitorSubscriptionLimit     = 30
+	DefaultAttachmentFileSizeLimit  = int64(15 * 1024 * 1024)       // 15 MB
+	DefaultAttachmentExpiryDuration = 3 * time.Hour
+)
+
+// Defines all per-visitor limits
+// - per visitor subscription limit: max number of subscriptions (active HTTP connections) per per-visitor/IP
+// - per visitor request limit: max number of PUT/GET/.. requests (here: 60 requests bucket, replenished at a rate of one per 10 seconds)
+// - per visitor email limit: max number of emails (here: 16 email bucket, replenished at a rate of one per hour)
+// - per visitor attachment size limit: total per-visitor attachment size in bytes to be stored on the server
+// - per visitor attachment daily bandwidth limit: number of bytes that can be transferred to/from the server
+const (
+	DefaultVisitorSubscriptionLimit             = 30
+	DefaultVisitorRequestLimitBurst             = 60
+	DefaultVisitorRequestLimitReplenish         = 10 * time.Second
+	DefaultVisitorEmailLimitBurst               = 16
+	DefaultVisitorEmailLimitReplenish           = time.Hour
+	DefaultVisitorAttachmentTotalSizeLimit      = 100 * 1024 * 1024 // 100 MB
+	DefaultVisitorAttachmentDailyBandwidthLimit = 500 * 1024 * 1024 // 500 MB
 )
 
 // Config is the main config struct for the application. Use New to instantiate a default config struct.
 type Config struct {
-	ListenHTTP                   string
+	BaseURL                              string
-	ListenHTTPS                  string
+	ListenHTTP                           string
-	KeyFile                      string
+	ListenHTTPS                          string
-	CertFile                     string
+	KeyFile                              string
-	FirebaseKeyFile              string
+	CertFile                             string
-	CacheFile                    string
+	FirebaseKeyFile                      string
-	CacheDuration                time.Duration
+	CacheFile                            string
-	KeepaliveInterval            time.Duration
+	CacheDuration                        time.Duration
-	ManagerInterval              time.Duration
+	AttachmentCacheDir                   string
-	AtSenderInterval             time.Duration
+	AttachmentTotalSizeLimit             int64
-	FirebaseKeepaliveInterval    time.Duration
+	AttachmentFileSizeLimit              int64
-	MessageLimit                 int
+	AttachmentExpiryDuration             time.Duration
-	MinDelay                     time.Duration
+	KeepaliveInterval                    time.Duration
-	MaxDelay                     time.Duration
+	ManagerInterval                      time.Duration
-	GlobalTopicLimit             int
+	AtSenderInterval                     time.Duration
-	VisitorRequestLimitBurst     int
+	FirebaseKeepaliveInterval            time.Duration
-	VisitorRequestLimitReplenish time.Duration
+	SMTPSenderAddr                       string
-	VisitorSubscriptionLimit     int
+	SMTPSenderUser                       string
-	BehindProxy                  bool
+	SMTPSenderPass                       string
+	SMTPSenderFrom                       string
+	SMTPServerListen                     string
+	SMTPServerDomain                     string
+	SMTPServerAddrPrefix                 string
+	MessageLimit                         int
+	MinDelay                             time.Duration
+	MaxDelay                             time.Duration
+	TotalTopicLimit                      int
+	TotalAttachmentSizeLimit             int64
+	VisitorSubscriptionLimit             int
+	VisitorAttachmentTotalSizeLimit      int64
+	VisitorAttachmentDailyBandwidthLimit int
+	VisitorRequestLimitBurst             int
+	VisitorRequestLimitReplenish         time.Duration
+	VisitorEmailLimitBurst               int
+	VisitorEmailLimitReplenish           time.Duration
+	BehindProxy                          bool
 }
 
 // NewConfig instantiates a default new server config
 func NewConfig() *Config {
 	return &Config{
-		ListenHTTP:                   DefaultListenHTTP,
+		BaseURL:                              "",
-		ListenHTTPS:                  "",
+		ListenHTTP:                           DefaultListenHTTP,
-		KeyFile:                      "",
+		ListenHTTPS:                          "",
-		CertFile:                     "",
+		KeyFile:                              "",
-		FirebaseKeyFile:              "",
+		CertFile:                             "",
-		CacheFile:                    "",
+		FirebaseKeyFile:                      "",
-		CacheDuration:                DefaultCacheDuration,
+		CacheFile:                            "",
-		KeepaliveInterval:            DefaultKeepaliveInterval,
+		CacheDuration:                        DefaultCacheDuration,
-		ManagerInterval:              DefaultManagerInterval,
+		AttachmentCacheDir:                   "",
-		MessageLimit:                 DefaultMessageLimit,
+		AttachmentTotalSizeLimit:             DefaultAttachmentTotalSizeLimit,
-		MinDelay:                     DefaultMinDelay,
+		AttachmentFileSizeLimit:              DefaultAttachmentFileSizeLimit,
-		MaxDelay:                     DefaultMaxDelay,
+		AttachmentExpiryDuration:             DefaultAttachmentExpiryDuration,
-		AtSenderInterval:             DefaultAtSenderInterval,
+		KeepaliveInterval:                    DefaultKeepaliveInterval,
-		FirebaseKeepaliveInterval:    DefaultFirebaseKeepaliveInterval,
+		ManagerInterval:                      DefaultManagerInterval,
-		GlobalTopicLimit:             DefaultGlobalTopicLimit,
+		MessageLimit:                         DefaultMessageLengthLimit,
-		VisitorRequestLimitBurst:     DefaultVisitorRequestLimitBurst,
+		MinDelay:                             DefaultMinDelay,
-		VisitorRequestLimitReplenish: DefaultVisitorRequestLimitReplenish,
+		MaxDelay:                             DefaultMaxDelay,
-		VisitorSubscriptionLimit:     DefaultVisitorSubscriptionLimit,
+		AtSenderInterval:                     DefaultAtSenderInterval,
-		BehindProxy:                  false,
+		FirebaseKeepaliveInterval:            DefaultFirebaseKeepaliveInterval,
+		TotalTopicLimit:                      DefaultTotalTopicLimit,
+		VisitorSubscriptionLimit:             DefaultVisitorSubscriptionLimit,
+		VisitorAttachmentTotalSizeLimit:      DefaultVisitorAttachmentTotalSizeLimit,
+		VisitorAttachmentDailyBandwidthLimit: DefaultVisitorAttachmentDailyBandwidthLimit,
+		VisitorRequestLimitBurst:             DefaultVisitorRequestLimitBurst,
+		VisitorRequestLimitReplenish:         DefaultVisitorRequestLimitReplenish,
+		VisitorEmailLimitBurst:               DefaultVisitorEmailLimitBurst,
+		VisitorEmailLimitReplenish:           DefaultVisitorEmailLimitReplenish,
+		BehindProxy:                          false,
 	}
 }

server/file_cache.go

@@ -0,0 +1,121 @@
+package server
+
+import (
+	"errors"
+	"heckel.io/ntfy/util"
+	"io"
+	"os"
+	"path/filepath"
+	"regexp"
+	"sync"
+)
+
+var (
+	fileIDRegex      = regexp.MustCompile(`^[-_A-Za-z0-9]+$`)
+	errInvalidFileID = errors.New("invalid file ID")
+	errFileExists    = errors.New("file exists")
+)
+
+type fileCache struct {
+	dir              string
+	totalSizeCurrent int64
+	totalSizeLimit   int64
+	fileSizeLimit    int64
+	mu               sync.Mutex
+}
+
+func newFileCache(dir string, totalSizeLimit int64, fileSizeLimit int64) (*fileCache, error) {
+	if err := os.MkdirAll(dir, 0700); err != nil {
+		return nil, err
+	}
+	size, err := dirSize(dir)
+	if err != nil {
+		return nil, err
+	}
+	return &fileCache{
+		dir:              dir,
+		totalSizeCurrent: size,
+		totalSizeLimit:   totalSizeLimit,
+		fileSizeLimit:    fileSizeLimit,
+	}, nil
+}
+
+func (c *fileCache) Write(id string, in io.Reader, limiters ...util.Limiter) (int64, error) {
+	if !fileIDRegex.MatchString(id) {
+		return 0, errInvalidFileID
+	}
+	file := filepath.Join(c.dir, id)
+	if _, err := os.Stat(file); err == nil {
+		return 0, errFileExists
+	}
+	f, err := os.OpenFile(file, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0600)
+	if err != nil {
+		return 0, err
+	}
+	defer f.Close()
+	limiters = append(limiters, util.NewFixedLimiter(c.Remaining()), util.NewFixedLimiter(c.fileSizeLimit))
+	limitWriter := util.NewLimitWriter(f, limiters...)
+	size, err := io.Copy(limitWriter, in)
+	if err != nil {
+		os.Remove(file)
+		return 0, err
+	}
+	if err := f.Close(); err != nil {
+		os.Remove(file)
+		return 0, err
+	}
+	c.mu.Lock()
+	c.totalSizeCurrent += size
+	c.mu.Unlock()
+	return size, nil
+}
+
+func (c *fileCache) Remove(ids ...string) error {
+	for _, id := range ids {
+		if !fileIDRegex.MatchString(id) {
+			return errInvalidFileID
+		}
+		file := filepath.Join(c.dir, id)
+		_ = os.Remove(file) // Best effort delete
+	}
+	size, err := dirSize(c.dir)
+	if err != nil {
+		return err
+	}
+	c.mu.Lock()
+	c.totalSizeCurrent = size
+	c.mu.Unlock()
+	return nil
+}
+
+func (c *fileCache) Size() int64 {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	return c.totalSizeCurrent
+}
+
+func (c *fileCache) Remaining() int64 {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	remaining := c.totalSizeLimit - c.totalSizeCurrent
+	if remaining < 0 {
+		return 0
+	}
+	return remaining
+}
+
+func dirSize(dir string) (int64, error) {
+	entries, err := os.ReadDir(dir)
+	if err != nil {
+		return 0, err
+	}
+	var size int64
+	for _, e := range entries {
+		info, err := e.Info()
+		if err != nil {
+			return 0, err
+		}
+		size += info.Size()
+	}
+	return size, nil
+}

server/file_cache_test.go

@@ -0,0 +1,83 @@
+package server
+
+import (
+	"bytes"
+	"fmt"
+	"github.com/stretchr/testify/require"
+	"heckel.io/ntfy/util"
+	"os"
+	"strings"
+	"testing"
+)
+
+var (
+	oneKilobyteArray = make([]byte, 1024)
+)
+
+func TestFileCache_Write_Success(t *testing.T) {
+	dir, c := newTestFileCache(t)
+	size, err := c.Write("abc", strings.NewReader("normal file"), util.NewFixedLimiter(999))
+	require.Nil(t, err)
+	require.Equal(t, int64(11), size)
+	require.Equal(t, "normal file", readFile(t, dir+"/abc"))
+	require.Equal(t, int64(11), c.Size())
+	require.Equal(t, int64(10229), c.Remaining())
+}
+
+func TestFileCache_Write_Remove_Success(t *testing.T) {
+	dir, c := newTestFileCache(t) // max = 10k (10240), each = 1k (1024)
+	for i := 0; i < 10; i++ {     // 10x999 = 9990
+		size, err := c.Write(fmt.Sprintf("abc%d", i), bytes.NewReader(make([]byte, 999)))
+		require.Nil(t, err)
+		require.Equal(t, int64(999), size)
+	}
+	require.Equal(t, int64(9990), c.Size())
+	require.Equal(t, int64(250), c.Remaining())
+	require.FileExists(t, dir+"/abc1")
+	require.FileExists(t, dir+"/abc5")
+
+	require.Nil(t, c.Remove("abc1", "abc5"))
+	require.NoFileExists(t, dir+"/abc1")
+	require.NoFileExists(t, dir+"/abc5")
+	require.Equal(t, int64(7992), c.Size())
+	require.Equal(t, int64(2248), c.Remaining())
+}
+
+func TestFileCache_Write_FailedTotalSizeLimit(t *testing.T) {
+	dir, c := newTestFileCache(t)
+	for i := 0; i < 10; i++ {
+		size, err := c.Write(fmt.Sprintf("abc%d", i), bytes.NewReader(oneKilobyteArray))
+		require.Nil(t, err)
+		require.Equal(t, int64(1024), size)
+	}
+	_, err := c.Write("abc11", bytes.NewReader(oneKilobyteArray))
+	require.Equal(t, util.ErrLimitReached, err)
+	require.NoFileExists(t, dir+"/abc11")
+}
+
+func TestFileCache_Write_FailedFileSizeLimit(t *testing.T) {
+	dir, c := newTestFileCache(t)
+	_, err := c.Write("abc", bytes.NewReader(make([]byte, 1025)))
+	require.Equal(t, util.ErrLimitReached, err)
+	require.NoFileExists(t, dir+"/abc")
+}
+
+func TestFileCache_Write_FailedAdditionalLimiter(t *testing.T) {
+	dir, c := newTestFileCache(t)
+	_, err := c.Write("abc", bytes.NewReader(make([]byte, 1001)), util.NewFixedLimiter(1000))
+	require.Equal(t, util.ErrLimitReached, err)
+	require.NoFileExists(t, dir+"/abc")
+}
+
+func newTestFileCache(t *testing.T) (dir string, cache *fileCache) {
+	dir = t.TempDir()
+	cache, err := newFileCache(dir, 10*1024, 1*1024)
+	require.Nil(t, err)
+	return dir, cache
+}
+
+func readFile(t *testing.T, f string) string {
+	b, err := os.ReadFile(f)
+	require.Nil(t, err)
+	return string(b)
+}

server/index.gohtml

@@ -198,7 +198,7 @@
             curl -d "Backup failed" <span id="detailTopicUrl">ntfy.sh/topic</span>
         </code>
         <p id="detailNotificationsDisallowed">
-            If you'd like to receive desktop notifications when new messages arrive on this topic, you have
+            If you'd like to receive desktop notifications when new messages arrive on this topic, you have to
             <a href="#" onclick="return requestPermission()">grant the browser permission</a> to show notifications.
             Click the link to do so.
         </p>

server/message.go

@@ -18,14 +18,25 @@ const (
 
 // message represents a message published to a topic
 type message struct {
-	ID       string   `json:"id"`    // Random message ID
+	ID         string      `json:"id"`    // Random message ID
-	Time     int64    `json:"time"`  // Unix time in seconds
+	Time       int64       `json:"time"`  // Unix time in seconds
-	Event    string   `json:"event"` // One of the above
+	Event      string      `json:"event"` // One of the above
-	Topic    string   `json:"topic"`
+	Topic      string      `json:"topic"`
-	Priority int      `json:"priority,omitempty"`
+	Priority   int         `json:"priority,omitempty"`
-	Tags     []string `json:"tags,omitempty"`
+	Tags       []string    `json:"tags,omitempty"`
-	Title    string   `json:"title,omitempty"`
+	Click      string      `json:"click,omitempty"`
-	Message  string   `json:"message,omitempty"`
+	Attachment *attachment `json:"attachment,omitempty"`
+	Title      string      `json:"title,omitempty"`
+	Message    string      `json:"message,omitempty"`
+}
+
+type attachment struct {
+	Name    string `json:"name"`
+	Type    string `json:"type,omitempty"`
+	Size    int64  `json:"size,omitempty"`
+	Expires int64  `json:"expires,omitempty"`
+	URL     string `json:"url"`
+	Owner   string `json:"-"` // IP address of uploader, used for rate limiting
 }
 
 // messageEncoder is a function that knows how to encode a message

server/server.go

@@ -3,11 +3,13 @@ package server
 import (
 	"bytes"
 	"context"
-	"embed" // required for go:embed
+	"embed"
 	"encoding/json"
+	"errors"
 	firebase "firebase.google.com/go"
 	"firebase.google.com/go/messaging"
 	"fmt"
+	"github.com/emersion/go-smtp"
 	"google.golang.org/api/option"
 	"heckel.io/ntfy/util"
 	"html/template"
@@ -15,11 +17,17 @@ import (
 	"log"
 	"net"
 	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"os"
+	"path"
+	"path/filepath"
 	"regexp"
 	"strconv"
 	"strings"
 	"sync"
 	"time"
+	"unicode/utf8"
 )
 
 // TODO add "max messages in a topic" limit
@@ -30,23 +38,34 @@ type Server struct {
 	config      *Config
 	httpServer  *http.Server
 	httpsServer *http.Server
+	smtpServer  *smtp.Server
+	smtpBackend *smtpBackend
 	topics      map[string]*topic
 	visitors    map[string]*visitor
 	firebase    subscriber
+	mailer      mailer
 	messages    int64
 	cache       cache
+	fileCache   *fileCache
 	closeChan   chan bool
 	mu          sync.Mutex
 }
 
 // errHTTP is a generic HTTP error for any non-200 HTTP error
 type errHTTP struct {
-	Code   int
+	Code     int    `json:"code,omitempty"`
-	Status string
+	HTTPCode int    `json:"http"`
+	Message  string `json:"error"`
+	Link     string `json:"link,omitempty"`
 }
 
 func (e errHTTP) Error() string {
-	return fmt.Sprintf("http: %s", e.Status)
+	return e.Message
+}
+
+func (e errHTTP) JSON() string {
+	b, _ := json.Marshal(&e)
+	return string(b)
 }
 
 type indexPage struct {
@@ -74,15 +93,18 @@ var (
 )
 
 var (
-	topicRegex = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}$`) // Regex must match JS & Android app!
+	topicRegex       = regexp.MustCompile(`^[-_A-Za-z0-9]{1,64}$`)  // No /!
-	jsonRegex  = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/json$`)
+	topicPathRegex   = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}$`) // Regex must match JS & Android app!
-	sseRegex   = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/sse$`)
+	jsonPathRegex    = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/json$`)
-	rawRegex   = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/raw$`)
+	ssePathRegex     = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/sse$`)
-	sendRegex  = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/(publish|send|trigger)$`)
+	rawPathRegex     = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/raw$`)
+	publishPathRegex = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/(publish|send|trigger)$`)
 
 	staticRegex      = regexp.MustCompile(`^/static/.+`)
 	docsRegex        = regexp.MustCompile(`^/docs(|/.*)$`)
-	disallowedTopics = []string{"docs", "static"}
+	fileRegex        = regexp.MustCompile(`^/file/([-_A-Za-z0-9]{1,64})(?:\.[A-Za-z0-9]{1,16})?$`)
+	disallowedTopics = []string{"docs", "static", "file"}
+	attachURLRegex   = regexp.MustCompile(`^https?://`)
 
 	templateFnMap = template.FuncMap{
 		"durationToHuman": util.DurationToHuman,
@@ -103,13 +125,36 @@ var (
 	docsStaticFs     embed.FS
 	docsStaticCached = &util.CachingEmbedFS{ModTime: time.Now(), FS: docsStaticFs}
 
-	errHTTPBadRequest      = &errHTTP{http.StatusBadRequest, http.StatusText(http.StatusBadRequest)}
+	errHTTPBadRequestEmailDisabled                   = &errHTTP{40001, http.StatusBadRequest, "e-mail notifications are not enabled", "https://ntfy.sh/docs/config/#e-mail-notifications"}
-	errHTTPNotFound        = &errHTTP{http.StatusNotFound, http.StatusText(http.StatusNotFound)}
+	errHTTPBadRequestDelayNoCache                    = &errHTTP{40002, http.StatusBadRequest, "cannot disable cache for delayed message", ""}
-	errHTTPTooManyRequests = &errHTTP{http.StatusTooManyRequests, http.StatusText(http.StatusTooManyRequests)}
+	errHTTPBadRequestDelayNoEmail                    = &errHTTP{40003, http.StatusBadRequest, "delayed e-mail notifications are not supported", ""}
+	errHTTPBadRequestDelayCannotParse                = &errHTTP{40004, http.StatusBadRequest, "invalid delay parameter: unable to parse delay", "https://ntfy.sh/docs/publish/#scheduled-delivery"}
+	errHTTPBadRequestDelayTooSmall                   = &errHTTP{40005, http.StatusBadRequest, "invalid delay parameter: too small, please refer to the docs", "https://ntfy.sh/docs/publish/#scheduled-delivery"}
+	errHTTPBadRequestDelayTooLarge                   = &errHTTP{40006, http.StatusBadRequest, "invalid delay parameter: too large, please refer to the docs", "https://ntfy.sh/docs/publish/#scheduled-delivery"}
+	errHTTPBadRequestPriorityInvalid                 = &errHTTP{40007, http.StatusBadRequest, "invalid priority parameter", "https://ntfy.sh/docs/publish/#message-priority"}
+	errHTTPBadRequestSinceInvalid                    = &errHTTP{40008, http.StatusBadRequest, "invalid since parameter", "https://ntfy.sh/docs/subscribe/api/#fetch-cached-messages"}
+	errHTTPBadRequestTopicInvalid                    = &errHTTP{40009, http.StatusBadRequest, "invalid topic: path invalid", ""}
+	errHTTPBadRequestTopicDisallowed                 = &errHTTP{40010, http.StatusBadRequest, "invalid topic: topic name is disallowed", ""}
+	errHTTPBadRequestMessageNotUTF8                  = &errHTTP{40011, http.StatusBadRequest, "invalid message: message must be UTF-8 encoded", ""}
+	errHTTPBadRequestAttachmentTooLarge              = &errHTTP{40012, http.StatusBadRequest, "invalid request: attachment too large, or bandwidth limit reached", ""}
+	errHTTPBadRequestAttachmentURLInvalid            = &errHTTP{40013, http.StatusBadRequest, "invalid request: attachment URL is invalid", ""}
+	errHTTPBadRequestAttachmentsDisallowed           = &errHTTP{40014, http.StatusBadRequest, "invalid request: attachments not allowed", ""}
+	errHTTPBadRequestAttachmentsExpiryBeforeDelivery = &errHTTP{40015, http.StatusBadRequest, "invalid request: attachment expiry before delayed delivery date", ""}
+	errHTTPNotFound                                  = &errHTTP{40401, http.StatusNotFound, "page not found", ""}
+	errHTTPTooManyRequestsLimitRequests              = &errHTTP{42901, http.StatusTooManyRequests, "limit reached: too many requests, please be nice", "https://ntfy.sh/docs/publish/#limitations"}
+	errHTTPTooManyRequestsLimitEmails                = &errHTTP{42902, http.StatusTooManyRequests, "limit reached: too many emails, please be nice", "https://ntfy.sh/docs/publish/#limitations"}
+	errHTTPTooManyRequestsLimitSubscriptions         = &errHTTP{42903, http.StatusTooManyRequests, "limit reached: too many active subscriptions, please be nice", "https://ntfy.sh/docs/publish/#limitations"}
+	errHTTPTooManyRequestsLimitTotalTopics           = &errHTTP{42904, http.StatusTooManyRequests, "limit reached: the total number of topics on the server has been reached, please contact the admin", "https://ntfy.sh/docs/publish/#limitations"}
+	errHTTPTooManyRequestsAttachmentBandwidthLimit   = &errHTTP{42905, http.StatusTooManyRequests, "too many requests: daily bandwidth limit reached", "https://ntfy.sh/docs/publish/#limitations"}
+	errHTTPInternalError                             = &errHTTP{50001, http.StatusInternalServerError, "internal server error", ""}
+	errHTTPInternalErrorInvalidFilePath              = &errHTTP{50002, http.StatusInternalServerError, "internal server error: invalid file path", ""}
 )
 
 const (
-	firebaseControlTopic = "~control" // See Android if changed
+	firebaseControlTopic     = "~control"                // See Android if changed
+	emptyMessageBody         = "triggered"               // Used if message body is empty
+	defaultAttachmentMessage = "You received a file: %s" // Used if message body is empty, and there is an attachment
+	fcmMessageLimit          = 4000                      // see maybeTruncateFCMMessage for details
 )
 
 // New instantiates a new Server. It creates the cache and adds a Firebase
@@ -123,6 +168,10 @@ func New(conf *Config) (*Server, error) {
 			return nil, err
 		}
 	}
+	var mailer mailer
+	if conf.SMTPSenderAddr != "" {
+		mailer = &smtpSender{config: conf}
+	}
 	cache, err := createCache(conf)
 	if err != nil {
 		return nil, err
@@ -131,12 +180,21 @@ func New(conf *Config) (*Server, error) {
 	if err != nil {
 		return nil, err
 	}
+	var fileCache *fileCache
+	if conf.AttachmentCacheDir != "" {
+		fileCache, err = newFileCache(conf.AttachmentCacheDir, conf.AttachmentTotalSizeLimit, conf.AttachmentFileSizeLimit)
+		if err != nil {
+			return nil, err
+		}
+	}
 	return &Server{
-		config:   conf,
+		config:    conf,
-		cache:    cache,
+		cache:     cache,
-		firebase: firebaseSubscriber,
+		fileCache: fileCache,
-		topics:   topics,
+		firebase:  firebaseSubscriber,
-		visitors: make(map[string]*visitor),
+		mailer:    mailer,
+		topics:    topics,
+		visitors:  make(map[string]*visitor),
 	}, nil
 }
 
@@ -176,18 +234,52 @@ func createFirebaseSubscriber(conf *Config) (subscriber, error) {
 				"topic":    m.Topic,
 				"priority": fmt.Sprintf("%d", m.Priority),
 				"tags":     strings.Join(m.Tags, ","),
+				"click":    m.Click,
 				"title":    m.Title,
 				"message":  m.Message,
 			}
+			if m.Attachment != nil {
+				data["attachment_name"] = m.Attachment.Name
+				data["attachment_type"] = m.Attachment.Type
+				data["attachment_size"] = fmt.Sprintf("%d", m.Attachment.Size)
+				data["attachment_expires"] = fmt.Sprintf("%d", m.Attachment.Expires)
+				data["attachment_url"] = m.Attachment.URL
+			}
 		}
-		_, err := msg.Send(context.Background(), &messaging.Message{
+		var androidConfig *messaging.AndroidConfig
-			Topic: m.Topic,
+		if m.Priority >= 4 {
-			Data:  data,
+			androidConfig = &messaging.AndroidConfig{
-		})
+				Priority: "high",
+			}
+		}
+		_, err := msg.Send(context.Background(), maybeTruncateFCMMessage(&messaging.Message{
+			Topic:   m.Topic,
+			Data:    data,
+			Android: androidConfig,
+		}))
 		return err
 	}, nil
 }
 
+// maybeTruncateFCMMessage performs best-effort truncation of FCM messages.
+// The docs say the limit is 4000 characters, but during testing it wasn't quite clear
+// what fields matter; so we're just capping the serialized JSON to 4000 bytes.
+func maybeTruncateFCMMessage(m *messaging.Message) *messaging.Message {
+	s, err := json.Marshal(m)
+	if err != nil {
+		return m
+	}
+	if len(s) > fcmMessageLimit {
+		over := len(s) - fcmMessageLimit + 16 // = len("truncated":"1",), sigh ...
+		message, ok := m.Data["message"]
+		if ok && len(message) > over {
+			m.Data["truncated"] = "1"
+			m.Data["message"] = message[:len(message)-over]
+		}
+	}
+	return m
+}
+
 // Run executes the main server. It listens on HTTP (+ HTTPS, if configured), and starts
 // a manager go routine to print stats and prune messages.
 func (s *Server) Run() error {
@@ -195,6 +287,9 @@ func (s *Server) Run() error {
 	if s.config.ListenHTTPS != "" {
 		listenStr += fmt.Sprintf(" %s/https", s.config.ListenHTTPS)
 	}
+	if s.config.SMTPServerListen != "" {
+		listenStr += fmt.Sprintf(" %s/smtp", s.config.SMTPServerListen)
+	}
 	log.Printf("Listening on %s", listenStr)
 	mux := http.NewServeMux()
 	mux.HandleFunc("/", s.handle)
@@ -206,15 +301,21 @@ func (s *Server) Run() error {
 		errChan <- s.httpServer.ListenAndServe()
 	}()
 	if s.config.ListenHTTPS != "" {
-		s.httpsServer = &http.Server{Addr: s.config.ListenHTTP, Handler: mux}
+		s.httpsServer = &http.Server{Addr: s.config.ListenHTTPS, Handler: mux}
 		go func() {
 			errChan <- s.httpsServer.ListenAndServeTLS(s.config.CertFile, s.config.KeyFile)
 		}()
 	}
+	if s.config.SMTPServerListen != "" {
+		go func() {
+			errChan <- s.runSMTPServer()
+		}()
+	}
 	s.mu.Unlock()
 	go s.runManager()
 	go s.runAtSender()
 	go s.runFirebaseKeepliver()
+
 	return <-errChan
 }
 
@@ -228,16 +329,24 @@ func (s *Server) Stop() {
 	if s.httpsServer != nil {
 		s.httpsServer.Close()
 	}
+	if s.smtpServer != nil {
+		s.smtpServer.Close()
+	}
 	close(s.closeChan)
 }
 
 func (s *Server) handle(w http.ResponseWriter, r *http.Request) {
 	if err := s.handleInternal(w, r); err != nil {
-		if e, ok := err.(*errHTTP); ok {
+		var e *errHTTP
-			s.fail(w, r, e.Code, e)
+		var ok bool
-		} else {
+		if e, ok = err.(*errHTTP); !ok {
-			s.fail(w, r, http.StatusInternalServerError, err)
+			e = errHTTPInternalError
 		}
+		log.Printf("[%s] %s - %d - %d - %s", r.RemoteAddr, r.Method, e.HTTPCode, e.Code, err.Error())
+		w.Header().Set("Content-Type", "application/json")
+		w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
+		w.WriteHeader(e.HTTPCode)
+		io.WriteString(w, e.JSON()+"\n")
 	}
 }
 
@@ -252,19 +361,21 @@ func (s *Server) handleInternal(w http.ResponseWriter, r *http.Request) error {
 		return s.handleStatic(w, r)
 	} else if r.Method == http.MethodGet && docsRegex.MatchString(r.URL.Path) {
 		return s.handleDocs(w, r)
+	} else if r.Method == http.MethodGet && fileRegex.MatchString(r.URL.Path) && s.config.AttachmentCacheDir != "" {
+		return s.withRateLimit(w, r, s.handleFile)
 	} else if r.Method == http.MethodOptions {
 		return s.handleOptions(w, r)
-	} else if r.Method == http.MethodGet && topicRegex.MatchString(r.URL.Path) {
+	} else if r.Method == http.MethodGet && topicPathRegex.MatchString(r.URL.Path) {
-		return s.handleHome(w, r)
+		return s.handleTopic(w, r)
-	} else if (r.Method == http.MethodPut || r.Method == http.MethodPost) && topicRegex.MatchString(r.URL.Path) {
+	} else if (r.Method == http.MethodPut || r.Method == http.MethodPost) && topicPathRegex.MatchString(r.URL.Path) {
 		return s.withRateLimit(w, r, s.handlePublish)
-	} else if r.Method == http.MethodGet && sendRegex.MatchString(r.URL.Path) {
+	} else if r.Method == http.MethodGet && publishPathRegex.MatchString(r.URL.Path) {
 		return s.withRateLimit(w, r, s.handlePublish)
-	} else if r.Method == http.MethodGet && jsonRegex.MatchString(r.URL.Path) {
+	} else if r.Method == http.MethodGet && jsonPathRegex.MatchString(r.URL.Path) {
 		return s.withRateLimit(w, r, s.handleSubscribeJSON)
-	} else if r.Method == http.MethodGet && sseRegex.MatchString(r.URL.Path) {
+	} else if r.Method == http.MethodGet && ssePathRegex.MatchString(r.URL.Path) {
 		return s.withRateLimit(w, r, s.handleSubscribeSSE)
-	} else if r.Method == http.MethodGet && rawRegex.MatchString(r.URL.Path) {
+	} else if r.Method == http.MethodGet && rawPathRegex.MatchString(r.URL.Path) {
 		return s.withRateLimit(w, r, s.handleSubscribeRaw)
 	}
 	return errHTTPNotFound
@@ -277,6 +388,17 @@ func (s *Server) handleHome(w http.ResponseWriter, r *http.Request) error {
 	})
 }
 
+func (s *Server) handleTopic(w http.ResponseWriter, r *http.Request) error {
+	unifiedpush := readParam(r, "x-unifiedpush", "unifiedpush", "up") == "1" // see PUT/POST too!
+	if unifiedpush {
+		w.Header().Set("Content-Type", "application/json")
+		w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
+		_, err := io.WriteString(w, `{"unifiedpush":{"version":1}}`+"\n")
+		return err
+	}
+	return s.handleHome(w, r)
+}
+
 func (s *Server) handleEmpty(_ http.ResponseWriter, _ *http.Request) error {
 	return nil
 }
@@ -296,23 +418,52 @@ func (s *Server) handleDocs(w http.ResponseWriter, r *http.Request) error {
 	return nil
 }
 
-func (s *Server) handlePublish(w http.ResponseWriter, r *http.Request, _ *visitor) error {
+func (s *Server) handleFile(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	if s.config.AttachmentCacheDir == "" {
+		return errHTTPInternalError
+	}
+	matches := fileRegex.FindStringSubmatch(r.URL.Path)
+	if len(matches) != 2 {
+		return errHTTPInternalErrorInvalidFilePath
+	}
+	messageID := matches[1]
+	file := filepath.Join(s.config.AttachmentCacheDir, messageID)
+	stat, err := os.Stat(file)
+	if err != nil {
+		return errHTTPNotFound
+	}
+	if err := v.BandwidthLimiter().Allow(stat.Size()); err != nil {
+		return errHTTPTooManyRequestsAttachmentBandwidthLimit
+	}
+	w.Header().Set("Content-Length", fmt.Sprintf("%d", stat.Size()))
+	f, err := os.Open(file)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	_, err = io.Copy(util.NewContentTypeWriter(w, r.URL.Path), f)
+	return err
+}
+
+func (s *Server) handlePublish(w http.ResponseWriter, r *http.Request, v *visitor) error {
 	t, err := s.topicFromPath(r.URL.Path)
 	if err != nil {
 		return err
 	}
-	reader := io.LimitReader(r.Body, int64(s.config.MessageLimit))
+	body, err := util.Peak(r.Body, s.config.MessageLimit)
-	b, err := io.ReadAll(reader)
 	if err != nil {
 		return err
 	}
-	m := newDefaultMessage(t.ID, strings.TrimSpace(string(b)))
+	m := newDefaultMessage(t.ID, "")
-	cache, firebase, err := s.parseParams(r, m)
+	cache, firebase, email, err := s.parsePublishParams(r, v, m)
 	if err != nil {
 		return err
 	}
+	if err := s.handlePublishBody(r, v, m, body); err != nil {
+		return err
+	}
 	if m.Message == "" {
-		m.Message = "triggered"
+		m.Message = emptyMessageBody
 	}
 	delayed := m.Time > time.Now().Unix()
 	if !delayed {
@@ -327,6 +478,13 @@ func (s *Server) handlePublish(w http.ResponseWriter, r *http.Request, _ *visito
 			}
 		}()
 	}
+	if s.mailer != nil && email != "" && !delayed {
+		go func() {
+			if err := s.mailer.Send(v.ip, email, m); err != nil {
+				log.Printf("Unable to send email: %v", err.Error())
+			}
+		}()
+	}
 	if cache {
 		if err := s.cache.AddMessage(m); err != nil {
 			return err
@@ -341,17 +499,53 @@ func (s *Server) handlePublish(w http.ResponseWriter, r *http.Request, _ *visito
 	return nil
 }
 
-func (s *Server) parseParams(r *http.Request, m *message) (cache bool, firebase bool, err error) {
+func (s *Server) parsePublishParams(r *http.Request, v *visitor, m *message) (cache bool, firebase bool, email string, err error) {
 	cache = readParam(r, "x-cache", "cache") != "no"
 	firebase = readParam(r, "x-firebase", "firebase") != "no"
 	m.Title = readParam(r, "x-title", "title", "t")
+	m.Click = readParam(r, "x-click", "click")
+	filename := readParam(r, "x-filename", "filename", "file", "f")
+	attach := readParam(r, "x-attach", "attach", "a")
+	if attach != "" || filename != "" {
+		m.Attachment = &attachment{}
+	}
+	if filename != "" {
+		m.Attachment.Name = filename
+	}
+	if attach != "" {
+		if !attachURLRegex.MatchString(attach) {
+			return false, false, "", errHTTPBadRequestAttachmentURLInvalid
+		}
+		m.Attachment.URL = attach
+		if m.Attachment.Name == "" {
+			u, err := url.Parse(m.Attachment.URL)
+			if err == nil {
+				m.Attachment.Name = path.Base(u.Path)
+				if m.Attachment.Name == "." || m.Attachment.Name == "/" {
+					m.Attachment.Name = ""
+				}
+			}
+		}
+		if m.Attachment.Name == "" {
+			m.Attachment.Name = "attachment"
+		}
+	}
+	email = readParam(r, "x-email", "x-e-mail", "email", "e-mail", "mail", "e")
+	if email != "" {
+		if err := v.EmailAllowed(); err != nil {
+			return false, false, "", errHTTPTooManyRequestsLimitEmails
+		}
+	}
+	if s.mailer == nil && email != "" {
+		return false, false, "", errHTTPBadRequestEmailDisabled
+	}
 	messageStr := readParam(r, "x-message", "message", "m")
 	if messageStr != "" {
 		m.Message = messageStr
 	}
 	m.Priority, err = util.ParsePriority(readParam(r, "x-priority", "priority", "prio", "p"))
 	if err != nil {
-		return false, false, errHTTPBadRequest
+		return false, false, "", errHTTPBadRequestPriorityInvalid
 	}
 	tagsStr := readParam(r, "x-tags", "tags", "tag", "ta")
 	if tagsStr != "" {
@@ -363,19 +557,26 @@ func (s *Server) parseParams(r *http.Request, m *message) (cache bool, firebase
 	delayStr := readParam(r, "x-delay", "delay", "x-at", "at", "x-in", "in")
 	if delayStr != "" {
 		if !cache {
-			return false, false, errHTTPBadRequest
+			return false, false, "", errHTTPBadRequestDelayNoCache
+		}
+		if email != "" {
+			return false, false, "", errHTTPBadRequestDelayNoEmail // we cannot store the email address (yet)
 		}
 		delay, err := util.ParseFutureTime(delayStr, time.Now())
 		if err != nil {
-			return false, false, errHTTPBadRequest
+			return false, false, "", errHTTPBadRequestDelayCannotParse
 		} else if delay.Unix() < time.Now().Add(s.config.MinDelay).Unix() {
-			return false, false, errHTTPBadRequest
+			return false, false, "", errHTTPBadRequestDelayTooSmall
 		} else if delay.Unix() > time.Now().Add(s.config.MaxDelay).Unix() {
-			return false, false, errHTTPBadRequest
+			return false, false, "", errHTTPBadRequestDelayTooLarge
 		}
 		m.Time = delay.Unix()
 	}
-	return cache, firebase, nil
+	unifiedpush := readParam(r, "x-unifiedpush", "unifiedpush", "up") == "1" // see GET too!
+	if unifiedpush {
+		firebase = false
+	}
+	return cache, firebase, email, nil
 }
 
 func readParam(r *http.Request, names ...string) string {
@@ -394,6 +595,81 @@ func readParam(r *http.Request, names ...string) string {
 	return ""
 }
 
+// handlePublishBody consumes the PUT/POST body and decides whether the body is an attachment or the message.
+//
+// 1. curl -H "Attach: http://example.com/file.jpg" ntfy.sh/mytopic
+//    Body must be a message, because we attached an external URL
+// 2. curl -T short.txt -H "Filename: short.txt" ntfy.sh/mytopic
+//    Body must be attachment, because we passed a filename
+// 3. curl -T file.txt ntfy.sh/mytopic
+//    If file.txt is <= 4096 (message limit) and valid UTF-8, treat it as a message
+// 4. curl -T file.txt ntfy.sh/mytopic
+//    If file.txt is > message limit, treat it as an attachment
+func (s *Server) handlePublishBody(r *http.Request, v *visitor, m *message, body *util.PeakedReadCloser) error {
+	if m.Attachment != nil && m.Attachment.URL != "" {
+		return s.handleBodyAsMessage(m, body) // Case 1
+	} else if m.Attachment != nil && m.Attachment.Name != "" {
+		return s.handleBodyAsAttachment(r, v, m, body) // Case 2
+	} else if !body.LimitReached && utf8.Valid(body.PeakedBytes) {
+		return s.handleBodyAsMessage(m, body) // Case 3
+	}
+	return s.handleBodyAsAttachment(r, v, m, body) // Case 4
+}
+
+func (s *Server) handleBodyAsMessage(m *message, body *util.PeakedReadCloser) error {
+	if !utf8.Valid(body.PeakedBytes) {
+		return errHTTPBadRequestMessageNotUTF8
+	}
+	if len(body.PeakedBytes) > 0 { // Empty body should not override message (publish via GET!)
+		m.Message = strings.TrimSpace(string(body.PeakedBytes)) // Truncates the message to the peak limit if required
+	}
+	if m.Attachment != nil && m.Attachment.Name != "" && m.Message == "" {
+		m.Message = fmt.Sprintf(defaultAttachmentMessage, m.Attachment.Name)
+	}
+	return nil
+}
+
+func (s *Server) handleBodyAsAttachment(r *http.Request, v *visitor, m *message, body *util.PeakedReadCloser) error {
+	if s.fileCache == nil || s.config.BaseURL == "" || s.config.AttachmentCacheDir == "" {
+		return errHTTPBadRequestAttachmentsDisallowed
+	} else if m.Time > time.Now().Add(s.config.AttachmentExpiryDuration).Unix() {
+		return errHTTPBadRequestAttachmentsExpiryBeforeDelivery
+	}
+	visitorAttachmentsSize, err := s.cache.AttachmentsSize(v.ip)
+	if err != nil {
+		return err
+	}
+	remainingVisitorAttachmentSize := s.config.VisitorAttachmentTotalSizeLimit - visitorAttachmentsSize
+	contentLengthStr := r.Header.Get("Content-Length")
+	if contentLengthStr != "" { // Early "do-not-trust" check, hard limit see below
+		contentLength, err := strconv.ParseInt(contentLengthStr, 10, 64)
+		if err == nil && (contentLength > remainingVisitorAttachmentSize || contentLength > s.config.AttachmentFileSizeLimit) {
+			return errHTTPBadRequestAttachmentTooLarge
+		}
+	}
+	if m.Attachment == nil {
+		m.Attachment = &attachment{}
+	}
+	var ext string
+	m.Attachment.Owner = v.ip // Important for attachment rate limiting
+	m.Attachment.Expires = time.Now().Add(s.config.AttachmentExpiryDuration).Unix()
+	m.Attachment.Type, ext = util.DetectContentType(body.PeakedBytes, m.Attachment.Name)
+	m.Attachment.URL = fmt.Sprintf("%s/file/%s%s", s.config.BaseURL, m.ID, ext)
+	if m.Attachment.Name == "" {
+		m.Attachment.Name = fmt.Sprintf("attachment%s", ext)
+	}
+	if m.Message == "" {
+		m.Message = fmt.Sprintf(defaultAttachmentMessage, m.Attachment.Name)
+	}
+	m.Attachment.Size, err = s.fileCache.Write(m.ID, body, v.BandwidthLimiter(), util.NewFixedLimiter(remainingVisitorAttachmentSize))
+	if err == util.ErrLimitReached {
+		return errHTTPBadRequestAttachmentTooLarge
+	} else if err != nil {
+		return err
+	}
+	return nil
+}
+
 func (s *Server) handleSubscribeJSON(w http.ResponseWriter, r *http.Request, v *visitor) error {
 	encoder := func(msg *message) (string, error) {
 		var buf bytes.Buffer
@@ -430,8 +706,8 @@ func (s *Server) handleSubscribeRaw(w http.ResponseWriter, r *http.Request, v *v
 }
 
 func (s *Server) handleSubscribe(w http.ResponseWriter, r *http.Request, v *visitor, format string, contentType string, encoder messageEncoder) error {
-	if err := v.AddSubscription(); err != nil {
+	if err := v.SubscriptionAllowed(); err != nil {
-		return errHTTPTooManyRequests
+		return errHTTPTooManyRequestsLimitSubscriptions
 	}
 	defer v.RemoveSubscription()
 	topicsStr := strings.TrimSuffix(r.URL.Path[1:], "/"+format) // Hack
@@ -577,7 +853,7 @@ func parseSince(r *http.Request, poll bool) (sinceTime, error) {
 	} else if d, err := time.ParseDuration(since); err == nil {
 		return sinceTime(time.Now().Add(-1 * d)), nil
 	}
-	return sinceNoMessages, errHTTPBadRequest
+	return sinceNoMessages, errHTTPBadRequestSinceInvalid
 }
 
 func (s *Server) handleOptions(w http.ResponseWriter, _ *http.Request) error {
@@ -589,7 +865,7 @@ func (s *Server) handleOptions(w http.ResponseWriter, _ *http.Request) error {
 func (s *Server) topicFromPath(path string) (*topic, error) {
 	parts := strings.Split(path, "/")
 	if len(parts) < 2 {
-		return nil, errHTTPBadRequest
+		return nil, errHTTPBadRequestTopicInvalid
 	}
 	topics, err := s.topicsFromIDs(parts[1])
 	if err != nil {
@@ -604,11 +880,11 @@ func (s *Server) topicsFromIDs(ids ...string) ([]*topic, error) {
 	topics := make([]*topic, 0)
 	for _, id := range ids {
 		if util.InStringList(disallowedTopics, id) {
-			return nil, errHTTPBadRequest
+			return nil, errHTTPBadRequestTopicDisallowed
 		}
 		if _, ok := s.topics[id]; !ok {
-			if len(s.topics) >= s.config.GlobalTopicLimit {
+			if len(s.topics) >= s.config.TotalTopicLimit {
-				return nil, errHTTPTooManyRequests
+				return nil, errHTTPTooManyRequestsLimitTotalTopics
 			}
 			s.topics[id] = newTopic(id)
 		}
@@ -628,6 +904,18 @@ func (s *Server) updateStatsAndPrune() {
 		}
 	}
 
+	// Delete expired attachments
+	if s.fileCache != nil {
+		ids, err := s.cache.AttachmentsExpired()
+		if err == nil {
+			if err := s.fileCache.Remove(ids...); err != nil {
+				log.Printf("error while deleting attachments: %s", err.Error())
+			}
+		} else {
+			log.Printf("error retrieving expired attachments: %s", err.Error())
+		}
+	}
+
 	// Prune message cache
 	olderThan := time.Now().Add(-1 * s.config.CacheDuration)
 	if err := s.cache.Prune(olderThan); err != nil {
@@ -651,9 +939,44 @@ func (s *Server) updateStatsAndPrune() {
 		messages += msgs
 	}
 
+	// Mail stats
+	var mailSuccess, mailFailure int64
+	if s.smtpBackend != nil {
+		mailSuccess, mailFailure = s.smtpBackend.Counts()
+	}
+
 	// Print stats
-	log.Printf("Stats: %d message(s) published, %d topic(s) active, %d subscriber(s), %d message(s) buffered, %d visitor(s)",
+	log.Printf("Stats: %d message(s) published, %d in cache, %d successful mails, %d failed, %d topic(s) active, %d subscriber(s), %d visitor(s)",
-		s.messages, len(s.topics), subscribers, messages, len(s.visitors))
+		s.messages, messages, mailSuccess, mailFailure, len(s.topics), subscribers, len(s.visitors))
+}
+
+func (s *Server) runSMTPServer() error {
+	sub := func(m *message) error {
+		url := fmt.Sprintf("%s/%s", s.config.BaseURL, m.Topic)
+		req, err := http.NewRequest("PUT", url, strings.NewReader(m.Message))
+		if err != nil {
+			return err
+		}
+		if m.Title != "" {
+			req.Header.Set("Title", m.Title)
+		}
+		rr := httptest.NewRecorder()
+		s.handle(rr, req)
+		if rr.Code != http.StatusOK {
+			return errors.New("error: " + rr.Body.String())
+		}
+		return nil
+	}
+	s.smtpBackend = newMailBackend(s.config, sub)
+	s.smtpServer = smtp.NewServer(s.smtpBackend)
+	s.smtpServer.Addr = s.config.SMTPServerListen
+	s.smtpServer.Domain = s.config.SMTPServerDomain
+	s.smtpServer.ReadTimeout = 10 * time.Second
+	s.smtpServer.WriteTimeout = 10 * time.Second
+	s.smtpServer.MaxMessageBytes = 1024 * 1024 // Must be much larger than message size (headers, multipart, etc.)
+	s.smtpServer.MaxRecipients = 1
+	s.smtpServer.AllowInsecureAuth = true
+	return s.smtpServer.ListenAndServe()
 }
 
 func (s *Server) runManager() {
@@ -709,10 +1032,10 @@ func (s *Server) sendDelayedMessages() error {
 			if err := t.Publish(m); err != nil {
 				log.Printf("unable to publish message %s to topic %s: %v", m.ID, m.Topic, err.Error())
 			}
-			if s.firebase != nil {
+		}
-				if err := s.firebase(m); err != nil {
+		if s.firebase != nil { // Firebase subscribers may not show up in topics map
-					log.Printf("unable to publish to Firebase: %v", err.Error())
+			if err := s.firebase(m); err != nil {
-				}
+				log.Printf("unable to publish to Firebase: %v", err.Error())
 			}
 		}
 		if err := s.cache.MarkPublished(m); err != nil {
@@ -725,7 +1048,7 @@ func (s *Server) sendDelayedMessages() error {
 func (s *Server) withRateLimit(w http.ResponseWriter, r *http.Request, handler func(w http.ResponseWriter, r *http.Request, v *visitor) error) error {
 	v := s.visitor(r)
 	if err := v.RequestAllowed(); err != nil {
-		return err
+		return errHTTPTooManyRequestsLimitRequests
 	}
 	return handler(w, r, v)
 }
@@ -745,7 +1068,7 @@ func (s *Server) visitor(r *http.Request) *visitor {
 	}
 	v, exists := s.visitors[ip]
 	if !exists {
-		s.visitors[ip] = newVisitor(s.config)
+		s.visitors[ip] = newVisitor(s.config, ip)
 		return s.visitors[ip]
 	}
 	v.Keepalive()
@@ -757,9 +1080,3 @@ func (s *Server) inc(counter *int64) {
 	defer s.mu.Unlock()
 	*counter++
 }
-
-func (s *Server) fail(w http.ResponseWriter, r *http.Request, code int, err error) {
-	log.Printf("[%s] %s - %d - %s", r.RemoteAddr, r.Method, code, err.Error())
-	w.WriteHeader(code)
-	_, _ = io.WriteString(w, fmt.Sprintf("%s\n", http.StatusText(code)))
-}

server/server.yml

@@ -1,8 +1,12 @@
 # ntfy server config file
 
+# Public facing base URL of the service (e.g. https://ntfy.sh or https://ntfy.example.com)
+# This setting is currently only used by the e-mail sending feature (outgoing mail only).
+#
+# base-url:
+
 # Listen address for the HTTP & HTTPS web server. If "listen-https" is set, you must also
-# set "key-file" and "cert-file".
+# set "key-file" and "cert-file". Format: <hostname>:<port>
-# Format: <hostname>:<port>
 #
 # listen-http: ":80"
 # listen-https:
@@ -32,23 +36,71 @@
 #
 # You can disable the cache entirely by setting this to 0.
 #
-# cache-duration: 12h
+# cache-duration: "12h"
+
+# If set, the X-Forwarded-For header is used to determine the visitor IP address
+# instead of the remote address of the connection.
+#
+# WARNING: If you are behind a proxy, you must set this, otherwise all visitors are rate limited
+#          as if they are one.
+#
+# behind-proxy: false
+
+# If enabled, clients can attach files to notifications as attachments. Minimum settings to enable attachments
+# are "attachment-cache-dir" and "base-url".
+#
+# - attachment-cache-dir is the cache directory for attached files
+# - attachment-total-size-limit is the limit of the on-disk attachment cache directory (total size)
+# - attachment-file-size-limit is the per-file attachment size limit (e.g. 300k, 2M, 100M)
+# - attachment-expiry-duration is the duration after which uploaded attachments will be deleted (e.g. 3h, 20h)
+#
+# attachment-cache-dir:
+# attachment-total-size-limit: "5G"
+# attachment-file-size-limit: "15M"
+# attachment-expiry-duration: "3h"
+
+# If enabled, allow outgoing e-mail notifications via the 'X-Email' header. If this header is set,
+# messages will additionally be sent out as e-mail using an external SMTP server. As of today, only
+# SMTP servers with plain text auth and STARTLS are supported. Please also refer to the rate limiting settings
+# below (visitor-email-limit-burst & visitor-email-limit-burst).
+#
+# - smtp-sender-addr is the hostname:port of the SMTP server
+# - smtp-sender-user/smtp-sender-pass are the username and password of the SMTP user
+# - smtp-sender-from is the e-mail address of the sender
+#
+# smtp-sender-addr:
+# smtp-sender-user:
+# smtp-sender-pass:
+# smtp-sender-from:
+
+# If enabled, ntfy will launch a lightweight SMTP server for incoming messages. Once configured, users can send
+# emails to a topic e-mail address to publish messages to a topic.
+#
+# - smtp-server-listen defines the IP address and port the SMTP server will listen on, e.g. :25 or 1.2.3.4:25
+# - smtp-server-domain is the e-mail domain, e.g. ntfy.sh
+# - smtp-server-addr-prefix is an optional prefix for the e-mail addresses to prevent spam. If set to "ntfy-",
+#   for instance, only e-mails to ntfy-$topic@ntfy.sh will be accepted. If this is not set, all emails to
+#   $topic@ntfy.sh will be accepted (which may obviously be a spam problem).
+#
+# smtp-server-listen:
+# smtp-server-domain:
+# smtp-server-addr-prefix:
 
 # Interval in which keepalive messages are sent to the client. This is to prevent
 # intermediaries closing the connection for inactivity.
 #
 # Note that the Android app has a hardcoded timeout at 77s, so it should be less than that.
 #
-# keepalive-interval: 30s
+# keepalive-interval: "30s"
 
 # Interval in which the manager prunes old messages, deletes topics
 # and prints the stats.
 #
-# manager-interval: 1m
+# manager-interval: "1m"
 
 # Rate limiting: Total number of topics before the server rejects new topics.
 #
-# global-topic-limit: 5000
+# global-topic-limit: 15000
 
 # Rate limiting: Number of subscriptions per visitor (IP address)
 #
@@ -59,12 +111,18 @@
 # - visitor-request-limit-replenish is the rate at which the bucket is refilled
 #
 # visitor-request-limit-burst: 60
-# visitor-request-limit-replenish: 10s
+# visitor-request-limit-replenish: "10s"
 
-# If set, the X-Forwarded-For header is used to determine the visitor IP address
+# Rate limiting: Allowed emails per visitor:
-# instead of the remote address of the connection.
+# - visitor-email-limit-burst is the initial bucket of emails each visitor has
+# - visitor-email-limit-replenish is the rate at which the bucket is refilled
 #
-# WARNING: If you are behind a proxy, you must set this, otherwise all visitors are rate limited
+# visitor-email-limit-burst: 16
-#          as if they are one.
+# visitor-email-limit-replenish: "1h"
+
+# Rate limiting: Attachment size and bandwidth limits per visitor:
+# - visitor-attachment-total-size-limit is the total storage limit used for attachments per visitor
+# - visitor-attachment-daily-bandwidth-limit is the total daily attachment download/upload traffic limit per visitor
 #
-# behind-proxy: false
+# visitor-attachment-total-size-limit: "100M"
+# visitor-attachment-daily-bandwidth-limit: "500M"

server/server_test.go

@@ -4,13 +4,16 @@ import (
 	"bufio"
 	"context"
 	"encoding/json"
+	"firebase.google.com/go/messaging"
 	"fmt"
 	"github.com/stretchr/testify/require"
+	"heckel.io/ntfy/util"
 	"net/http"
 	"net/http/httptest"
 	"os"
 	"path/filepath"
 	"strings"
+	"sync"
 	"testing"
 	"time"
 )
@@ -161,19 +164,13 @@ func TestServer_StaticSites(t *testing.T) {
 }
 
 func TestServer_PublishLargeMessage(t *testing.T) {
-	s := newTestServer(t, newTestConfig(t))
+	c := newTestConfig(t)
+	c.AttachmentCacheDir = "" // Disable attachments
+	s := newTestServer(t, c)
 
-	body := strings.Repeat("this is a large message", 1000)
+	body := strings.Repeat("this is a large message", 5000)
-	truncated := body[0:512]
 	response := request(t, s, "PUT", "/mytopic", body, nil)
-	msg := toMessage(t, response.Body.String())
+	require.Equal(t, 400, response.Code)
-	require.NotEmpty(t, msg.ID)
-	require.Equal(t, truncated, msg.Message)
-
-	response = request(t, s, "GET", "/mytopic/json?poll=1", "", nil)
-	messages := toMessages(t, response.Body.String())
-	require.Equal(t, 1, len(messages))
-	require.Equal(t, truncated, messages[0].Message)
 }
 
 func TestServer_PublishPriority(t *testing.T) {
@@ -202,6 +199,9 @@ func TestServer_PublishPriority(t *testing.T) {
 
 	response = request(t, s, "GET", "/mytopic/trigger?priority=urgent", "test", nil)
 	require.Equal(t, 5, toMessage(t, response.Body.String()).Priority)
+
+	response = request(t, s, "GET", "/mytopic/trigger?priority=INVALID", "test", nil)
+	require.Equal(t, 40007, toHTTPError(t, response.Body.String()).Code)
 }
 
 func TestServer_PublishNoCache(t *testing.T) {
@@ -251,6 +251,7 @@ func TestServer_PublishAtWithCacheError(t *testing.T) {
 		"In":    "30 min",
 	})
 	require.Equal(t, 400, response.Code)
+	require.Equal(t, errHTTPBadRequestDelayNoCache, toHTTPError(t, response.Body.String()))
 }
 
 func TestServer_PublishAtTooShortDelay(t *testing.T) {
@@ -264,13 +265,28 @@ func TestServer_PublishAtTooShortDelay(t *testing.T) {
 
 func TestServer_PublishAtTooLongDelay(t *testing.T) {
 	s := newTestServer(t, newTestConfig(t))
-
 	response := request(t, s, "PUT", "/mytopic", "a message", map[string]string{
 		"In": "99999999h",
 	})
 	require.Equal(t, 400, response.Code)
 }
 
+func TestServer_PublishAtInvalidDelay(t *testing.T) {
+	s := newTestServer(t, newTestConfig(t))
+	response := request(t, s, "PUT", "/mytopic?delay=INVALID", "a message", nil)
+	err := toHTTPError(t, response.Body.String())
+	require.Equal(t, 400, response.Code)
+	require.Equal(t, 40004, err.Code)
+}
+
+func TestServer_PublishAtTooLarge(t *testing.T) {
+	s := newTestServer(t, newTestConfig(t))
+	response := request(t, s, "PUT", "/mytopic?x-in=99999h", "a message", nil)
+	err := toHTTPError(t, response.Body.String())
+	require.Equal(t, 400, response.Code)
+	require.Equal(t, 40006, err.Code)
+}
+
 func TestServer_PublishAtAndPrune(t *testing.T) {
 	s := newTestServer(t, newTestConfig(t))
 
@@ -352,6 +368,19 @@ func TestServer_PublishAndPollSince(t *testing.T) {
 	messages := toMessages(t, response.Body.String())
 	require.Equal(t, 1, len(messages))
 	require.Equal(t, "test 2", messages[0].Message)
+
+	response = request(t, s, "GET", "/mytopic/json?poll=1&since=10s", "", nil)
+	messages = toMessages(t, response.Body.String())
+	require.Equal(t, 2, len(messages))
+	require.Equal(t, "test 1", messages[0].Message)
+
+	response = request(t, s, "GET", "/mytopic/json?poll=1&since=100ms", "", nil)
+	messages = toMessages(t, response.Body.String())
+	require.Equal(t, 1, len(messages))
+	require.Equal(t, "test 2", messages[0].Message)
+
+	response = request(t, s, "GET", "/mytopic/json?poll=1&since=INVALID", "", nil)
+	require.Equal(t, 40008, toHTTPError(t, response.Body.String()).Code)
 }
 
 func TestServer_PublishViaGET(t *testing.T) {
@@ -392,6 +421,13 @@ func TestServer_PublishFirebase(t *testing.T) {
 	time.Sleep(500 * time.Millisecond) // Time for sends
 }
 
+func TestServer_PublishInvalidTopic(t *testing.T) {
+	s := newTestServer(t, newTestConfig(t))
+	s.mailer = &testMailer{}
+	response := request(t, s, "PUT", "/docs", "fail", nil)
+	require.Equal(t, 40010, toHTTPError(t, response.Body.String()).Code)
+}
+
 func TestServer_PollWithQueryFilters(t *testing.T) {
 	s := newTestServer(t, newTestConfig(t))
 
@@ -508,9 +544,378 @@ func TestServer_Curl_Publish_Poll(t *testing.T) {
 }
 */
 
+type testMailer struct {
+	count int
+	mu    sync.Mutex
+}
+
+func (t *testMailer) Send(from, to string, m *message) error {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	t.count++
+	return nil
+}
+
+func TestServer_PublishTooManyEmails_Defaults(t *testing.T) {
+	s := newTestServer(t, newTestConfig(t))
+	s.mailer = &testMailer{}
+	for i := 0; i < 16; i++ {
+		response := request(t, s, "PUT", "/mytopic", fmt.Sprintf("message %d", i), map[string]string{
+			"E-Mail": "test@example.com",
+		})
+		require.Equal(t, 200, response.Code)
+	}
+	response := request(t, s, "PUT", "/mytopic", "one too many", map[string]string{
+		"E-Mail": "test@example.com",
+	})
+	require.Equal(t, 429, response.Code)
+}
+
+func TestServer_PublishTooManyEmails_Replenish(t *testing.T) {
+	c := newTestConfig(t)
+	c.VisitorEmailLimitReplenish = 500 * time.Millisecond
+	s := newTestServer(t, c)
+	s.mailer = &testMailer{}
+	for i := 0; i < 16; i++ {
+		response := request(t, s, "PUT", "/mytopic", fmt.Sprintf("message %d", i), map[string]string{
+			"E-Mail": "test@example.com",
+		})
+		require.Equal(t, 200, response.Code)
+	}
+	response := request(t, s, "PUT", "/mytopic", "one too many", map[string]string{
+		"E-Mail": "test@example.com",
+	})
+	require.Equal(t, 429, response.Code)
+
+	time.Sleep(510 * time.Millisecond)
+	response = request(t, s, "PUT", "/mytopic", "this should be okay again too many", map[string]string{
+		"E-Mail": "test@example.com",
+	})
+	require.Equal(t, 200, response.Code)
+
+	response = request(t, s, "PUT", "/mytopic", "and bad again", map[string]string{
+		"E-Mail": "test@example.com",
+	})
+	require.Equal(t, 429, response.Code)
+}
+
+func TestServer_PublishDelayedEmail_Fail(t *testing.T) {
+	s := newTestServer(t, newTestConfig(t))
+	s.mailer = &testMailer{}
+	response := request(t, s, "PUT", "/mytopic", "fail", map[string]string{
+		"E-Mail": "test@example.com",
+		"Delay":  "20 min",
+	})
+	require.Equal(t, 400, response.Code)
+}
+
+func TestServer_PublishEmailNoMailer_Fail(t *testing.T) {
+	s := newTestServer(t, newTestConfig(t))
+	response := request(t, s, "PUT", "/mytopic", "fail", map[string]string{
+		"E-Mail": "test@example.com",
+	})
+	require.Equal(t, 400, response.Code)
+}
+
+func TestServer_UnifiedPushDiscovery(t *testing.T) {
+	s := newTestServer(t, newTestConfig(t))
+	response := request(t, s, "GET", "/mytopic?up=1", "", nil)
+	require.Equal(t, 200, response.Code)
+	require.Equal(t, `{"unifiedpush":{"version":1}}`+"\n", response.Body.String())
+}
+
+func TestServer_MaybeTruncateFCMMessage(t *testing.T) {
+	origMessage := strings.Repeat("this is a long string", 300)
+	origFCMMessage := &messaging.Message{
+		Topic: "mytopic",
+		Data: map[string]string{
+			"id":       "abcdefg",
+			"time":     "1641324761",
+			"event":    "message",
+			"topic":    "mytopic",
+			"priority": "0",
+			"tags":     "",
+			"title":    "",
+			"message":  origMessage,
+		},
+		Android: &messaging.AndroidConfig{
+			Priority: "high",
+		},
+	}
+	origMessageLength := len(origFCMMessage.Data["message"])
+	serializedOrigFCMMessage, _ := json.Marshal(origFCMMessage)
+	require.Greater(t, len(serializedOrigFCMMessage), fcmMessageLimit) // Pre-condition
+
+	truncatedFCMMessage := maybeTruncateFCMMessage(origFCMMessage)
+	truncatedMessageLength := len(truncatedFCMMessage.Data["message"])
+	serializedTruncatedFCMMessage, _ := json.Marshal(truncatedFCMMessage)
+	require.Equal(t, fcmMessageLimit, len(serializedTruncatedFCMMessage))
+	require.Equal(t, "1", truncatedFCMMessage.Data["truncated"])
+	require.NotEqual(t, origMessageLength, truncatedMessageLength)
+}
+
+func TestServer_MaybeTruncateFCMMessage_NotTooLong(t *testing.T) {
+	origMessage := "not really a long string"
+	origFCMMessage := &messaging.Message{
+		Topic: "mytopic",
+		Data: map[string]string{
+			"id":       "abcdefg",
+			"time":     "1641324761",
+			"event":    "message",
+			"topic":    "mytopic",
+			"priority": "0",
+			"tags":     "",
+			"title":    "",
+			"message":  origMessage,
+		},
+	}
+	origMessageLength := len(origFCMMessage.Data["message"])
+	serializedOrigFCMMessage, _ := json.Marshal(origFCMMessage)
+	require.LessOrEqual(t, len(serializedOrigFCMMessage), fcmMessageLimit) // Pre-condition
+
+	notTruncatedFCMMessage := maybeTruncateFCMMessage(origFCMMessage)
+	notTruncatedMessageLength := len(notTruncatedFCMMessage.Data["message"])
+	serializedNotTruncatedFCMMessage, _ := json.Marshal(notTruncatedFCMMessage)
+	require.Equal(t, origMessageLength, notTruncatedMessageLength)
+	require.Equal(t, len(serializedOrigFCMMessage), len(serializedNotTruncatedFCMMessage))
+	require.Equal(t, "", notTruncatedFCMMessage.Data["truncated"])
+}
+
+func TestServer_PublishAttachment(t *testing.T) {
+	content := util.RandomString(5000) // > 4096
+	s := newTestServer(t, newTestConfig(t))
+	response := request(t, s, "PUT", "/mytopic", content, nil)
+	msg := toMessage(t, response.Body.String())
+	require.Equal(t, "attachment.txt", msg.Attachment.Name)
+	require.Equal(t, "text/plain; charset=utf-8", msg.Attachment.Type)
+	require.Equal(t, int64(5000), msg.Attachment.Size)
+	require.GreaterOrEqual(t, msg.Attachment.Expires, time.Now().Add(3*time.Hour).Unix())
+	require.Contains(t, msg.Attachment.URL, "http://127.0.0.1:12345/file/")
+	require.Equal(t, "", msg.Attachment.Owner) // Should never be returned
+	require.FileExists(t, filepath.Join(s.config.AttachmentCacheDir, msg.ID))
+
+	path := strings.TrimPrefix(msg.Attachment.URL, "http://127.0.0.1:12345")
+	response = request(t, s, "GET", path, "", nil)
+	require.Equal(t, 200, response.Code)
+	require.Equal(t, "5000", response.Header().Get("Content-Length"))
+	require.Equal(t, content, response.Body.String())
+
+	// Slightly unrelated cross-test: make sure we add an owner for internal attachments
+	size, err := s.cache.AttachmentsSize("9.9.9.9") // See request()
+	require.Nil(t, err)
+	require.Equal(t, int64(5000), size)
+}
+
+func TestServer_PublishAttachmentShortWithFilename(t *testing.T) {
+	c := newTestConfig(t)
+	c.BehindProxy = true
+	s := newTestServer(t, c)
+	content := "this is an ATTACHMENT"
+	response := request(t, s, "PUT", "/mytopic?f=myfile.txt", content, map[string]string{
+		"X-Forwarded-For": "1.2.3.4",
+	})
+	msg := toMessage(t, response.Body.String())
+	require.Equal(t, "myfile.txt", msg.Attachment.Name)
+	require.Equal(t, "text/plain; charset=utf-8", msg.Attachment.Type)
+	require.Equal(t, int64(21), msg.Attachment.Size)
+	require.GreaterOrEqual(t, msg.Attachment.Expires, time.Now().Add(3*time.Hour).Unix())
+	require.Contains(t, msg.Attachment.URL, "http://127.0.0.1:12345/file/")
+	require.Equal(t, "", msg.Attachment.Owner) // Should never be returned
+	require.FileExists(t, filepath.Join(s.config.AttachmentCacheDir, msg.ID))
+
+	path := strings.TrimPrefix(msg.Attachment.URL, "http://127.0.0.1:12345")
+	response = request(t, s, "GET", path, "", nil)
+	require.Equal(t, 200, response.Code)
+	require.Equal(t, "21", response.Header().Get("Content-Length"))
+	require.Equal(t, content, response.Body.String())
+
+	// Slightly unrelated cross-test: make sure we add an owner for internal attachments
+	size, err := s.cache.AttachmentsSize("1.2.3.4")
+	require.Nil(t, err)
+	require.Equal(t, int64(21), size)
+}
+
+func TestServer_PublishAttachmentExternalWithoutFilename(t *testing.T) {
+	s := newTestServer(t, newTestConfig(t))
+	response := request(t, s, "PUT", "/mytopic", "", map[string]string{
+		"Attach": "https://upload.wikimedia.org/wikipedia/commons/f/fd/Pink_flower.jpg",
+	})
+	msg := toMessage(t, response.Body.String())
+	require.Equal(t, "You received a file: Pink_flower.jpg", msg.Message)
+	require.Equal(t, "Pink_flower.jpg", msg.Attachment.Name)
+	require.Equal(t, "https://upload.wikimedia.org/wikipedia/commons/f/fd/Pink_flower.jpg", msg.Attachment.URL)
+	require.Equal(t, "", msg.Attachment.Type)
+	require.Equal(t, int64(0), msg.Attachment.Size)
+	require.Equal(t, int64(0), msg.Attachment.Expires)
+	require.Equal(t, "", msg.Attachment.Owner)
+
+	// Slightly unrelated cross-test: make sure we don't add an owner for external attachments
+	size, err := s.cache.AttachmentsSize("127.0.0.1")
+	require.Nil(t, err)
+	require.Equal(t, int64(0), size)
+}
+
+func TestServer_PublishAttachmentExternalWithFilename(t *testing.T) {
+	s := newTestServer(t, newTestConfig(t))
+	response := request(t, s, "PUT", "/mytopic", "This is a custom message", map[string]string{
+		"X-Attach": "https://upload.wikimedia.org/wikipedia/commons/f/fd/Pink_flower.jpg",
+		"File":     "some file.jpg",
+	})
+	msg := toMessage(t, response.Body.String())
+	require.Equal(t, "This is a custom message", msg.Message)
+	require.Equal(t, "some file.jpg", msg.Attachment.Name)
+	require.Equal(t, "https://upload.wikimedia.org/wikipedia/commons/f/fd/Pink_flower.jpg", msg.Attachment.URL)
+	require.Equal(t, "", msg.Attachment.Type)
+	require.Equal(t, int64(0), msg.Attachment.Size)
+	require.Equal(t, int64(0), msg.Attachment.Expires)
+	require.Equal(t, "", msg.Attachment.Owner)
+}
+
+func TestServer_PublishAttachmentBadURL(t *testing.T) {
+	s := newTestServer(t, newTestConfig(t))
+	response := request(t, s, "PUT", "/mytopic?a=not+a+URL", "", nil)
+	err := toHTTPError(t, response.Body.String())
+	require.Equal(t, 400, response.Code)
+	require.Equal(t, 400, err.HTTPCode)
+	require.Equal(t, 40013, err.Code)
+}
+
+func TestServer_PublishAttachmentTooLargeContentLength(t *testing.T) {
+	content := util.RandomString(5000) // > 4096
+	s := newTestServer(t, newTestConfig(t))
+	response := request(t, s, "PUT", "/mytopic", content, map[string]string{
+		"Content-Length": "20000000",
+	})
+	err := toHTTPError(t, response.Body.String())
+	require.Equal(t, 400, response.Code)
+	require.Equal(t, 400, err.HTTPCode)
+	require.Equal(t, 40012, err.Code)
+}
+
+func TestServer_PublishAttachmentTooLargeBodyAttachmentFileSizeLimit(t *testing.T) {
+	content := util.RandomString(5001) // > 5000, see below
+	c := newTestConfig(t)
+	c.AttachmentFileSizeLimit = 5000
+	s := newTestServer(t, c)
+	response := request(t, s, "PUT", "/mytopic", content, nil)
+	err := toHTTPError(t, response.Body.String())
+	require.Equal(t, 400, response.Code)
+	require.Equal(t, 400, err.HTTPCode)
+	require.Equal(t, 40012, err.Code)
+}
+
+func TestServer_PublishAttachmentExpiryBeforeDelivery(t *testing.T) {
+	c := newTestConfig(t)
+	c.AttachmentExpiryDuration = 10 * time.Minute
+	s := newTestServer(t, c)
+	response := request(t, s, "PUT", "/mytopic", util.RandomString(5000), map[string]string{
+		"Delay": "11 min", // > AttachmentExpiryDuration
+	})
+	err := toHTTPError(t, response.Body.String())
+	require.Equal(t, 400, response.Code)
+	require.Equal(t, 400, err.HTTPCode)
+	require.Equal(t, 40015, err.Code)
+}
+
+func TestServer_PublishAttachmentTooLargeBodyVisitorAttachmentTotalSizeLimit(t *testing.T) {
+	c := newTestConfig(t)
+	c.VisitorAttachmentTotalSizeLimit = 10000
+	s := newTestServer(t, c)
+
+	response := request(t, s, "PUT", "/mytopic", util.RandomString(5000), nil)
+	msg := toMessage(t, response.Body.String())
+	require.Equal(t, 200, response.Code)
+	require.Equal(t, "You received a file: attachment.txt", msg.Message)
+	require.Equal(t, int64(5000), msg.Attachment.Size)
+
+	content := util.RandomString(5001) // 5000+5001 > , see below
+	response = request(t, s, "PUT", "/mytopic", content, nil)
+	err := toHTTPError(t, response.Body.String())
+	require.Equal(t, 400, response.Code)
+	require.Equal(t, 400, err.HTTPCode)
+	require.Equal(t, 40012, err.Code)
+}
+
+func TestServer_PublishAttachmentAndPrune(t *testing.T) {
+	content := util.RandomString(5000) // > 4096
+
+	c := newTestConfig(t)
+	c.AttachmentExpiryDuration = time.Millisecond // Hack
+	s := newTestServer(t, c)
+
+	// Publish and make sure we can retrieve it
+	response := request(t, s, "PUT", "/mytopic", content, nil)
+	msg := toMessage(t, response.Body.String())
+	require.Contains(t, msg.Attachment.URL, "http://127.0.0.1:12345/file/")
+	file := filepath.Join(s.config.AttachmentCacheDir, msg.ID)
+	require.FileExists(t, file)
+
+	path := strings.TrimPrefix(msg.Attachment.URL, "http://127.0.0.1:12345")
+	response = request(t, s, "GET", path, "", nil)
+	require.Equal(t, 200, response.Code)
+	require.Equal(t, content, response.Body.String())
+
+	// Prune and makes sure it's gone
+	time.Sleep(time.Second) // Sigh ...
+	s.updateStatsAndPrune()
+	require.NoFileExists(t, file)
+	response = request(t, s, "GET", path, "", nil)
+	require.Equal(t, 404, response.Code)
+}
+
+func TestServer_PublishAttachmentBandwidthLimit(t *testing.T) {
+	content := util.RandomString(5000) // > 4096
+
+	c := newTestConfig(t)
+	c.VisitorAttachmentDailyBandwidthLimit = 5*5000 + 123 // A little more than 1 upload and 3 downloads
+	s := newTestServer(t, c)
+
+	// Publish attachment
+	response := request(t, s, "PUT", "/mytopic", content, nil)
+	msg := toMessage(t, response.Body.String())
+	require.Contains(t, msg.Attachment.URL, "http://127.0.0.1:12345/file/")
+
+	// Get it 4 times successfully
+	path := strings.TrimPrefix(msg.Attachment.URL, "http://127.0.0.1:12345")
+	for i := 1; i <= 4; i++ { // 4 successful downloads
+		response = request(t, s, "GET", path, "", nil)
+		require.Equal(t, 200, response.Code)
+		require.Equal(t, content, response.Body.String())
+	}
+
+	// And then fail with a 429
+	response = request(t, s, "GET", path, "", nil)
+	err := toHTTPError(t, response.Body.String())
+	require.Equal(t, 429, response.Code)
+	require.Equal(t, 42905, err.Code)
+}
+
+func TestServer_PublishAttachmentBandwidthLimitUploadOnly(t *testing.T) {
+	content := util.RandomString(5000) // > 4096
+
+	c := newTestConfig(t)
+	c.VisitorAttachmentDailyBandwidthLimit = 5*5000 + 500 // 5 successful uploads
+	s := newTestServer(t, c)
+
+	// 5 successful uploads
+	for i := 1; i <= 5; i++ {
+		response := request(t, s, "PUT", "/mytopic", content, nil)
+		msg := toMessage(t, response.Body.String())
+		require.Contains(t, msg.Attachment.URL, "http://127.0.0.1:12345/file/")
+	}
+
+	// And a failed one
+	response := request(t, s, "PUT", "/mytopic", content, nil)
+	err := toHTTPError(t, response.Body.String())
+	require.Equal(t, 400, response.Code)
+	require.Equal(t, 40012, err.Code)
+}
+
 func newTestConfig(t *testing.T) *Config {
 	conf := NewConfig()
+	conf.BaseURL = "http://127.0.0.1:12345"
 	conf.CacheFile = filepath.Join(t.TempDir(), "cache.db")
+	conf.AttachmentCacheDir = t.TempDir()
 	return conf
 }
 
@@ -528,6 +933,7 @@ func request(t *testing.T, s *Server, method, url, body string, headers map[stri
 	if err != nil {
 		t.Fatal(err)
 	}
+	req.RemoteAddr = "9.9.9.9" // Used for tests
 	for k, v := range headers {
 		req.Header.Set(k, v)
 	}
@@ -570,6 +976,12 @@ func toMessage(t *testing.T, s string) *message {
 	return &m
 }
 
+func toHTTPError(t *testing.T, s string) *errHTTP {
+	var e errHTTP
+	require.Nil(t, json.NewDecoder(strings.NewReader(s)).Decode(&e))
+	return &e
+}
+
 func firebaseServiceAccountFile(t *testing.T) string {
 	if os.Getenv("NTFY_TEST_FIREBASE_SERVICE_ACCOUNT_FILE") != "" {
 		return os.Getenv("NTFY_TEST_FIREBASE_SERVICE_ACCOUNT_FILE")

server/smtp_sender.go

@@ -0,0 +1,119 @@
+package server
+
+import (
+	_ "embed" // required by go:embed
+	"encoding/json"
+	"fmt"
+	"heckel.io/ntfy/util"
+	"mime"
+	"net"
+	"net/smtp"
+	"strings"
+	"time"
+)
+
+type mailer interface {
+	Send(from, to string, m *message) error
+}
+
+type smtpSender struct {
+	config *Config
+}
+
+func (s *smtpSender) Send(senderIP, to string, m *message) error {
+	host, _, err := net.SplitHostPort(s.config.SMTPSenderAddr)
+	if err != nil {
+		return err
+	}
+	message, err := formatMail(s.config.BaseURL, senderIP, s.config.SMTPSenderFrom, to, m)
+	if err != nil {
+		return err
+	}
+	auth := smtp.PlainAuth("", s.config.SMTPSenderUser, s.config.SMTPSenderPass, host)
+	return smtp.SendMail(s.config.SMTPSenderAddr, auth, s.config.SMTPSenderFrom, []string{to}, []byte(message))
+}
+
+func formatMail(baseURL, senderIP, from, to string, m *message) (string, error) {
+	topicURL := baseURL + "/" + m.Topic
+	subject := m.Title
+	if subject == "" {
+		subject = m.Message
+	}
+	subject = strings.ReplaceAll(strings.ReplaceAll(subject, "\r", ""), "\n", " ")
+	message := m.Message
+	trailer := ""
+	if len(m.Tags) > 0 {
+		emojis, tags, err := toEmojis(m.Tags)
+		if err != nil {
+			return "", err
+		}
+		if len(emojis) > 0 {
+			subject = strings.Join(emojis, " ") + " " + subject
+		}
+		if len(tags) > 0 {
+			trailer = "Tags: " + strings.Join(tags, ", ")
+		}
+	}
+	if m.Priority != 0 && m.Priority != 3 {
+		priority, err := util.PriorityString(m.Priority)
+		if err != nil {
+			return "", err
+		}
+		if trailer != "" {
+			trailer += "\n"
+		}
+		trailer += fmt.Sprintf("Priority: %s", priority)
+	}
+	if trailer != "" {
+		message += "\n\n" + trailer
+	}
+	subject = mime.BEncoding.Encode("utf-8", subject)
+	body := `From: "{shortTopicURL}" <{from}>
+To: {to}
+Subject: {subject}
+Content-Type: text/plain; charset="utf-8"
+
+{message}
+
+--
+This message was sent by {ip} at {time} via {topicURL}`
+	body = strings.ReplaceAll(body, "{from}", from)
+	body = strings.ReplaceAll(body, "{to}", to)
+	body = strings.ReplaceAll(body, "{subject}", subject)
+	body = strings.ReplaceAll(body, "{message}", message)
+	body = strings.ReplaceAll(body, "{topicURL}", topicURL)
+	body = strings.ReplaceAll(body, "{shortTopicURL}", util.ShortTopicURL(topicURL))
+	body = strings.ReplaceAll(body, "{time}", time.Unix(m.Time, 0).UTC().Format(time.RFC1123))
+	body = strings.ReplaceAll(body, "{ip}", senderIP)
+	return body, nil
+}
+
+var (
+	//go:embed "mailer_emoji.json"
+	emojisJSON string
+)
+
+type emoji struct {
+	Emoji   string   `json:"emoji"`
+	Aliases []string `json:"aliases"`
+}
+
+func toEmojis(tags []string) (emojisOut []string, tagsOut []string, err error) {
+	var emojis []emoji
+	if err = json.Unmarshal([]byte(emojisJSON), &emojis); err != nil {
+		return nil, nil, err
+	}
+	tagsOut = make([]string, 0)
+	emojisOut = make([]string, 0)
+nextTag:
+	for _, t := range tags { // TODO Super inefficient; we should just create a .json file with a map
+		for _, e := range emojis {
+			if util.InStringList(e.Aliases, t) {
+				emojisOut = append(emojisOut, e.Emoji)
+				continue nextTag
+			}
+		}
+		tagsOut = append(tagsOut, t)
+	}
+	return
+}

server/smtp_sender_test.go

@@ -0,0 +1,141 @@
+package server
+
+import (
+	"github.com/stretchr/testify/require"
+	"testing"
+)
+
+func TestFormatMail_Basic(t *testing.T) {
+	actual, _ := formatMail("https://ntfy.sh", "1.2.3.4", "ntfy@ntfy.sh", "phil@example.com", &message{
+		ID:      "abc",
+		Time:    1640382204,
+		Event:   "message",
+		Topic:   "alerts",
+		Message: "A simple message",
+	})
+	expected := `From: "ntfy.sh/alerts" <ntfy@ntfy.sh>
+To: phil@example.com
+Subject: A simple message
+Content-Type: text/plain; charset="utf-8"
+
+A simple message
+
+--
+This message was sent by 1.2.3.4 at Fri, 24 Dec 2021 21:43:24 UTC via https://ntfy.sh/alerts`
+	require.Equal(t, expected, actual)
+}
+
+func TestFormatMail_JustEmojis(t *testing.T) {
+	actual, _ := formatMail("https://ntfy.sh", "1.2.3.4", "ntfy@ntfy.sh", "phil@example.com", &message{
+		ID:      "abc",
+		Time:    1640382204,
+		Event:   "message",
+		Topic:   "alerts",
+		Message: "A simple message",
+		Tags:    []string{"grinning"},
+	})
+	expected := `From: "ntfy.sh/alerts" <ntfy@ntfy.sh>
+To: phil@example.com
+Subject: =?utf-8?b?8J+YgCBBIHNpbXBsZSBtZXNzYWdl?=
+Content-Type: text/plain; charset="utf-8"
+
+A simple message
+
+--
+This message was sent by 1.2.3.4 at Fri, 24 Dec 2021 21:43:24 UTC via https://ntfy.sh/alerts`
+	require.Equal(t, expected, actual)
+}
+
+func TestFormatMail_JustOtherTags(t *testing.T) {
+	actual, _ := formatMail("https://ntfy.sh", "1.2.3.4", "ntfy@ntfy.sh", "phil@example.com", &message{
+		ID:      "abc",
+		Time:    1640382204,
+		Event:   "message",
+		Topic:   "alerts",
+		Message: "A simple message",
+		Tags:    []string{"not-an-emoji"},
+	})
+	expected := `From: "ntfy.sh/alerts" <ntfy@ntfy.sh>
+To: phil@example.com
+Subject: A simple message
+Content-Type: text/plain; charset="utf-8"
+
+A simple message
+
+Tags: not-an-emoji
+
+--
+This message was sent by 1.2.3.4 at Fri, 24 Dec 2021 21:43:24 UTC via https://ntfy.sh/alerts`
+	require.Equal(t, expected, actual)
+}
+
+func TestFormatMail_JustPriority(t *testing.T) {
+	actual, _ := formatMail("https://ntfy.sh", "1.2.3.4", "ntfy@ntfy.sh", "phil@example.com", &message{
+		ID:       "abc",
+		Time:     1640382204,
+		Event:    "message",
+		Topic:    "alerts",
+		Message:  "A simple message",
+		Priority: 2,
+	})
+	expected := `From: "ntfy.sh/alerts" <ntfy@ntfy.sh>
+To: phil@example.com
+Subject: A simple message
+Content-Type: text/plain; charset="utf-8"
+
+A simple message
+
+Priority: low
+
+--
+This message was sent by 1.2.3.4 at Fri, 24 Dec 2021 21:43:24 UTC via https://ntfy.sh/alerts`
+	require.Equal(t, expected, actual)
+}
+
+func TestFormatMail_UTF8Subject(t *testing.T) {
+	actual, _ := formatMail("https://ntfy.sh", "1.2.3.4", "ntfy@ntfy.sh", "phil@example.com", &message{
+		ID:      "abc",
+		Time:    1640382204,
+		Event:   "message",
+		Topic:   "alerts",
+		Message: "A simple message",
+		Title:   " :: A not so simple title öäüß ¡Hola, señor!",
+	})
+	expected := `From: "ntfy.sh/alerts" <ntfy@ntfy.sh>
+To: phil@example.com
+Subject: =?utf-8?b?IDo6IEEgbm90IHNvIHNpbXBsZSB0aXRsZSDDtsOkw7zDnyDCoUhvbGEsIHNl?= =?utf-8?b?w7FvciE=?=
+Content-Type: text/plain; charset="utf-8"
+
+A simple message
+
+--
+This message was sent by 1.2.3.4 at Fri, 24 Dec 2021 21:43:24 UTC via https://ntfy.sh/alerts`
+	require.Equal(t, expected, actual)
+}
+
+func TestFormatMail_WithAllTheThings(t *testing.T) {
+	actual, _ := formatMail("https://ntfy.sh", "1.2.3.4", "ntfy@ntfy.sh", "phil@example.com", &message{
+		ID:       "abc",
+		Time:     1640382204,
+		Event:    "message",
+		Topic:    "alerts",
+		Priority: 5,
+		Tags:     []string{"warning", "skull", "tag123", "other"},
+		Title:    "Oh no 🙈\nThis is a message across\nmultiple lines",
+		Message:  "A message that contains monkeys 🙉\nNo really, though. Monkeys!",
+	})
+	expected := `From: "ntfy.sh/alerts" <ntfy@ntfy.sh>
+To: phil@example.com
+Subject: =?utf-8?b?4pqg77iPIPCfkoAgT2ggbm8g8J+ZiCBUaGlzIGlzIGEgbWVzc2FnZSBhY3Jv?= =?utf-8?b?c3MgbXVsdGlwbGUgbGluZXM=?=
+Content-Type: text/plain; charset="utf-8"
+
+A message that contains monkeys 🙉
+No really, though. Monkeys!
+
+Tags: tag123, other
+Priority: max
+
+--
+This message was sent by 1.2.3.4 at Fri, 24 Dec 2021 21:43:24 UTC via https://ntfy.sh/alerts`
+	require.Equal(t, expected, actual)
+}

server/smtp_server.go

@@ -0,0 +1,195 @@
+package server
+
+import (
+	"bytes"
+	"errors"
+	"github.com/emersion/go-smtp"
+	"io"
+	"mime"
+	"mime/multipart"
+	"net/mail"
+	"strings"
+	"sync"
+)
+
+var (
+	errInvalidDomain          = errors.New("invalid domain")
+	errInvalidAddress         = errors.New("invalid address")
+	errInvalidTopic           = errors.New("invalid topic")
+	errTooManyRecipients      = errors.New("too many recipients")
+	errUnsupportedContentType = errors.New("unsupported content type")
+)
+
+// smtpBackend implements SMTP server methods.
+type smtpBackend struct {
+	config  *Config
+	sub     subscriber
+	success int64
+	failure int64
+	mu      sync.Mutex
+}
+
+func newMailBackend(conf *Config, sub subscriber) *smtpBackend {
+	return &smtpBackend{
+		config: conf,
+		sub:    sub,
+	}
+}
+
+func (b *smtpBackend) Login(state *smtp.ConnectionState, username, password string) (smtp.Session, error) {
+	return &smtpSession{backend: b}, nil
+}
+
+func (b *smtpBackend) AnonymousLogin(state *smtp.ConnectionState) (smtp.Session, error) {
+	return &smtpSession{backend: b}, nil
+}
+
+func (b *smtpBackend) Counts() (success int64, failure int64) {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+	return b.success, b.failure
+}
+
+// smtpSession is returned after EHLO.
+type smtpSession struct {
+	backend *smtpBackend
+	topic   string
+	mu      sync.Mutex
+}
+
+func (s *smtpSession) AuthPlain(username, password string) error {
+	return nil
+}
+
+func (s *smtpSession) Mail(from string, opts smtp.MailOptions) error {
+	return nil
+}
+
+func (s *smtpSession) Rcpt(to string) error {
+	return s.withFailCount(func() error {
+		conf := s.backend.config
+		addressList, err := mail.ParseAddressList(to)
+		if err != nil {
+			return err
+		} else if len(addressList) != 1 {
+			return errTooManyRecipients
+		}
+		to = addressList[0].Address
+		if !strings.HasSuffix(to, "@"+conf.SMTPServerDomain) {
+			return errInvalidDomain
+		}
+		to = strings.TrimSuffix(to, "@"+conf.SMTPServerDomain)
+		if conf.SMTPServerAddrPrefix != "" {
+			if !strings.HasPrefix(to, conf.SMTPServerAddrPrefix) {
+				return errInvalidAddress
+			}
+			to = strings.TrimPrefix(to, conf.SMTPServerAddrPrefix)
+		}
+		if !topicRegex.MatchString(to) {
+			return errInvalidTopic
+		}
+		s.mu.Lock()
+		s.topic = to
+		s.mu.Unlock()
+		return nil
+	})
+}
+
+func (s *smtpSession) Data(r io.Reader) error {
+	return s.withFailCount(func() error {
+		conf := s.backend.config
+		b, err := io.ReadAll(r) // Protected by MaxMessageBytes
+		if err != nil {
+			return err
+		}
+		msg, err := mail.ReadMessage(bytes.NewReader(b))
+		if err != nil {
+			return err
+		}
+		body, err := readMailBody(msg)
+		if err != nil {
+			return err
+		}
+		body = strings.TrimSpace(body)
+		if len(body) > conf.MessageLimit {
+			body = body[:conf.MessageLimit]
+		}
+		m := newDefaultMessage(s.topic, body)
+		subject := strings.TrimSpace(msg.Header.Get("Subject"))
+		if subject != "" {
+			dec := mime.WordDecoder{}
+			subject, err := dec.DecodeHeader(subject)
+			if err != nil {
+				return err
+			}
+			m.Title = subject
+		}
+		if m.Title != "" && m.Message == "" {
+			m.Message = m.Title // Flip them, this makes more sense
+			m.Title = ""
+		}
+		if err := s.backend.sub(m); err != nil {
+			return err
+		}
+		s.backend.mu.Lock()
+		s.backend.success++
+		s.backend.mu.Unlock()
+		return nil
+	})
+}
+
+func (s *smtpSession) Reset() {
+	s.mu.Lock()
+	s.topic = ""
+	s.mu.Unlock()
+}
+
+func (s *smtpSession) Logout() error {
+	return nil
+}
+
+func (s *smtpSession) withFailCount(fn func() error) error {
+	err := fn()
+	s.backend.mu.Lock()
+	defer s.backend.mu.Unlock()
+	if err != nil {
+		s.backend.failure++
+	}
+	return err
+}
+
+func readMailBody(msg *mail.Message) (string, error) {
+	contentType, params, err := mime.ParseMediaType(msg.Header.Get("Content-Type"))
+	if err != nil {
+		return "", err
+	}
+	if contentType == "text/plain" {
+		body, err := io.ReadAll(msg.Body)
+		if err != nil {
+			return "", err
+		}
+		return string(body), nil
+	}
+	if strings.HasPrefix(contentType, "multipart/") {
+		mr := multipart.NewReader(msg.Body, params["boundary"])
+		for {
+			part, err := mr.NextPart()
+			if err != nil { // may be io.EOF
+				return "", err
+			}
+			partContentType, _, err := mime.ParseMediaType(part.Header.Get("Content-Type"))
+			if err != nil {
+				return "", err
+			}
+			if partContentType != "text/plain" {
+				continue
+			}
+			body, err := io.ReadAll(part)
+			if err != nil {
+				return "", err
+			}
+			return string(body), nil
+		}
+	}
+	return "", errUnsupportedContentType
+}

server/smtp_server_test.go

@@ -0,0 +1,290 @@
+package server
+
+import (
+	"github.com/emersion/go-smtp"
+	"github.com/stretchr/testify/require"
+	"strings"
+	"testing"
+)
+
+func TestSmtpBackend_Multipart(t *testing.T) {
+	email := `MIME-Version: 1.0
+Date: Tue, 28 Dec 2021 00:30:10 +0100
+Message-ID: <CAAvm79YP0C=Rt1N=KWmSUBB87KK2rRChmdzKqF1vCwMEUiVzLQ@mail.gmail.com>
+Subject: and one more
+From: Phil <phil@example.com>
+To: ntfy-mytopic@ntfy.sh
+Content-Type: multipart/alternative; boundary="000000000000f3320b05d42915c9"
+
+--000000000000f3320b05d42915c9
+Content-Type: text/plain; charset="UTF-8"
+
+what's up
+
+--000000000000f3320b05d42915c9
+Content-Type: text/html; charset="UTF-8"
+
+<div dir="ltr">what&#39;s up<br clear="all"><div><br></div></div>
+
+--000000000000f3320b05d42915c9--`
+	_, backend := newTestBackend(t, func(m *message) error {
+		require.Equal(t, "mytopic", m.Topic)
+		require.Equal(t, "and one more", m.Title)
+		require.Equal(t, "what's up", m.Message)
+		return nil
+	})
+	session, _ := backend.AnonymousLogin(nil)
+	require.Nil(t, session.Mail("phil@example.com", smtp.MailOptions{}))
+	require.Nil(t, session.Rcpt("ntfy-mytopic@ntfy.sh"))
+	require.Nil(t, session.Data(strings.NewReader(email)))
+}
+
+func TestSmtpBackend_MultipartNoBody(t *testing.T) {
+	email := `MIME-Version: 1.0
+Date: Tue, 28 Dec 2021 01:33:34 +0100
+Message-ID: <CAAvm7ABCDsi9vsuu0WTRXzZQBC8dXrDOLT8iCWdqrsmg@mail.gmail.com>
+Subject: This email has a subject but no body
+From: Phil <phil@example.com>
+To: ntfy-emailtest@ntfy.sh
+Content-Type: multipart/alternative; boundary="000000000000bcf4a405d429f8d4"
+
+--000000000000bcf4a405d429f8d4
+Content-Type: text/plain; charset="UTF-8"
+
+
+
+--000000000000bcf4a405d429f8d4
+Content-Type: text/html; charset="UTF-8"
+
+<div dir="ltr"><br></div>
+
+--000000000000bcf4a405d429f8d4--`
+	_, backend := newTestBackend(t, func(m *message) error {
+		require.Equal(t, "emailtest", m.Topic)
+		require.Equal(t, "", m.Title) // We flipped message and body
+		require.Equal(t, "This email has a subject but no body", m.Message)
+		return nil
+	})
+	session, _ := backend.AnonymousLogin(nil)
+	require.Nil(t, session.Mail("phil@example.com", smtp.MailOptions{}))
+	require.Nil(t, session.Rcpt("ntfy-emailtest@ntfy.sh"))
+	require.Nil(t, session.Data(strings.NewReader(email)))
+}
+
+func TestSmtpBackend_Plaintext(t *testing.T) {
+	email := `Date: Tue, 28 Dec 2021 00:30:10 +0100
+Message-ID: <CAAvm79YP0C=Rt1N=KWmSUBB87KK2rRChmdzKqF1vCwMEUiVzLQ@mail.gmail.com>
+Subject: and one more
+From: Phil <phil@example.com>
+To: mytopic@ntfy.sh
+Content-Type: text/plain; charset="UTF-8"
+
+what's up
+`
+	conf, backend := newTestBackend(t, func(m *message) error {
+		require.Equal(t, "mytopic", m.Topic)
+		require.Equal(t, "and one more", m.Title)
+		require.Equal(t, "what's up", m.Message)
+		return nil
+	})
+	conf.SMTPServerAddrPrefix = ""
+	session, _ := backend.AnonymousLogin(nil)
+	require.Nil(t, session.Mail("phil@example.com", smtp.MailOptions{}))
+	require.Nil(t, session.Rcpt("mytopic@ntfy.sh"))
+	require.Nil(t, session.Data(strings.NewReader(email)))
+}
+
+func TestSmtpBackend_Plaintext_EncodedSubject(t *testing.T) {
+	email := `Date: Tue, 28 Dec 2021 00:30:10 +0100
+Subject: =?UTF-8?B?VGhyZWUgc2FudGFzIPCfjoXwn46F8J+OhQ==?=
+From: Phil <phil@example.com>
+To: ntfy-mytopic@ntfy.sh
+Content-Type: text/plain; charset="UTF-8"
+
+what's up
+`
+	_, backend := newTestBackend(t, func(m *message) error {
+		require.Equal(t, "Three santas 🎅🎅🎅", m.Title)
+		return nil
+	})
+	session, _ := backend.AnonymousLogin(nil)
+	require.Nil(t, session.Mail("phil@example.com", smtp.MailOptions{}))
+	require.Nil(t, session.Rcpt("ntfy-mytopic@ntfy.sh"))
+	require.Nil(t, session.Data(strings.NewReader(email)))
+}
+
+func TestSmtpBackend_Plaintext_TooLongTruncate(t *testing.T) {
+	email := `Date: Tue, 28 Dec 2021 00:30:10 +0100
+Message-ID: <CAAvm79YP0C=Rt1N=KWmSUBB87KK2rRChmdzKqF1vCwMEUiVzLQ@mail.gmail.com>
+Subject: and one more
+From: Phil <phil@example.com>
+To: mytopic@ntfy.sh
+Content-Type: text/plain; charset="UTF-8"
+
+you know this is a string.
+it's a long string. 
+it's supposed to be longer than the max message length
+which is 4096 bytes,
+it used to be 512 bytes, but I increased that for the UnifiedPush support
+the 512 bytes was a little short, some people said
+but it kinda makes sense when you look at what it looks like one a phone
+heck this wasn't even half of it so far.
+so i'm gonna fill the rest of this with AAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAa
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+and with BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
+BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
+BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
+that should do it
+`
+	conf, backend := newTestBackend(t, func(m *message) error {
+		expected := `you know this is a string.
+it's a long string. 
+it's supposed to be longer than the max message length
+which is 4096 bytes,
+it used to be 512 bytes, but I increased that for the UnifiedPush support
+the 512 bytes was a little short, some people said
+but it kinda makes sense when you look at what it looks like one a phone
+heck this wasn't even half of it so far.
+so i'm gonna fill the rest of this with AAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAa
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+......................................................................
+and with BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
+BBBBBBBBBBBBBBBBBBBBBBBB`
+		require.Equal(t, 4096, len(expected)) // Sanity check
+		require.Equal(t, expected, m.Message)
+		return nil
+	})
+	conf.SMTPServerAddrPrefix = ""
+	session, _ := backend.AnonymousLogin(nil)
+	require.Nil(t, session.Mail("phil@example.com", smtp.MailOptions{}))
+	require.Nil(t, session.Rcpt("mytopic@ntfy.sh"))
+	require.Nil(t, session.Data(strings.NewReader(email)))
+}
+
+func TestSmtpBackend_Unsupported(t *testing.T) {
+	email := `Date: Tue, 28 Dec 2021 00:30:10 +0100
+Message-ID: <CAAvm79YP0C=Rt1N=KWmSUBB87KK2rRChmdzKqF1vCwMEUiVzLQ@mail.gmail.com>
+Subject: and one more
+From: Phil <phil@example.com>
+To: mytopic@ntfy.sh
+Content-Type: text/SOMETHINGELSE
+
+what's up
+`
+	conf, backend := newTestBackend(t, func(m *message) error {
+		return nil
+	})
+	conf.SMTPServerAddrPrefix = ""
+	session, _ := backend.Login(nil, "user", "pass")
+	require.Nil(t, session.Mail("phil@example.com", smtp.MailOptions{}))
+	require.Nil(t, session.Rcpt("mytopic@ntfy.sh"))
+	require.Equal(t, errUnsupportedContentType, session.Data(strings.NewReader(email)))
+}
+
+func newTestBackend(t *testing.T, sub subscriber) (*Config, *smtpBackend) {
+	conf := newTestConfig(t)
+	conf.SMTPServerListen = ":25"
+	conf.SMTPServerDomain = "ntfy.sh"
+	conf.SMTPServerAddrPrefix = "ntfy-"
+	backend := newMailBackend(conf, sub)
+	return conf, backend
+}

server/visitor.go

@@ -1,6 +1,7 @@
 package server
 
 import (
+	"errors"
 	"golang.org/x/time/rate"
 	"heckel.io/ntfy/util"
 	"sync"
@@ -8,39 +9,63 @@ import (
 )
 
 const (
-	visitorExpungeAfter = 30 * time.Minute
+	// visitorExpungeAfter defines how long a visitor is active before it is removed from memory. This number
+	// has to be very high to prevent e-mail abuse, but it doesn't really affect the other limits anyway, since
+	// they are replenished faster (typically).
+	visitorExpungeAfter = 24 * time.Hour
+)
+
+var (
+	errVisitorLimitReached = errors.New("limit reached")
 )
 
 // visitor represents an API user, and its associated rate.Limiter used for rate limiting
 type visitor struct {
 	config        *Config
-	limiter       *rate.Limiter
+	ip            string
-	subscriptions *util.Limiter
+	requests      *rate.Limiter
+	emails        *rate.Limiter
+	subscriptions util.Limiter
+	bandwidth     util.Limiter
 	seen          time.Time
 	mu            sync.Mutex
 }
 
-func newVisitor(conf *Config) *visitor {
+func newVisitor(conf *Config, ip string) *visitor {
 	return &visitor{
 		config:        conf,
-		limiter:       rate.NewLimiter(rate.Every(conf.VisitorRequestLimitReplenish), conf.VisitorRequestLimitBurst),
+		ip:            ip,
-		subscriptions: util.NewLimiter(int64(conf.VisitorSubscriptionLimit)),
+		requests:      rate.NewLimiter(rate.Every(conf.VisitorRequestLimitReplenish), conf.VisitorRequestLimitBurst),
+		emails:        rate.NewLimiter(rate.Every(conf.VisitorEmailLimitReplenish), conf.VisitorEmailLimitBurst),
+		subscriptions: util.NewFixedLimiter(int64(conf.VisitorSubscriptionLimit)),
+		bandwidth:     util.NewBytesLimiter(conf.VisitorAttachmentDailyBandwidthLimit, 24*time.Hour),
 		seen:          time.Now(),
 	}
 }
 
+func (v *visitor) IP() string {
+	return v.ip
+}
+
 func (v *visitor) RequestAllowed() error {
-	if !v.limiter.Allow() {
+	if !v.requests.Allow() {
-		return errHTTPTooManyRequests
+		return errVisitorLimitReached
 	}
 	return nil
 }
 
-func (v *visitor) AddSubscription() error {
+func (v *visitor) EmailAllowed() error {
+	if !v.emails.Allow() {
+		return errVisitorLimitReached
+	}
+	return nil
+}
+
+func (v *visitor) SubscriptionAllowed() error {
 	v.mu.Lock()
 	defer v.mu.Unlock()
-	if err := v.subscriptions.Add(1); err != nil {
+	if err := v.subscriptions.Allow(1); err != nil {
-		return errHTTPTooManyRequests
+		return errVisitorLimitReached
 	}
 	return nil
 }
@@ -48,7 +73,7 @@ func (v *visitor) AddSubscription() error {
 func (v *visitor) RemoveSubscription() {
 	v.mu.Lock()
 	defer v.mu.Unlock()
-	v.subscriptions.Sub(1)
+	v.subscriptions.Allow(-1)
 }
 
 func (v *visitor) Keepalive() {
@@ -57,6 +82,10 @@ func (v *visitor) Keepalive() {
 	v.seen = time.Now()
 }
 
+func (v *visitor) BandwidthLimiter() util.Limiter {
+	return v.bandwidth
+}
+
 func (v *visitor) Stale() bool {
 	v.mu.Lock()
 	defer v.mu.Unlock()

test/server.go

@@ -10,13 +10,17 @@ import (
 )
 
 func init() {
-	rand.Seed(time.Now().Unix())
+	rand.Seed(time.Now().UnixMilli())
 }
 
 // StartServer starts a server.Server with a random port and waits for the server to be up
 func StartServer(t *testing.T) (*server.Server, int) {
+	return StartServerWithConfig(t, server.NewConfig())
+}
+
+// StartServerWithConfig starts a server.Server with a random port and waits for the server to be up
+func StartServerWithConfig(t *testing.T, conf *server.Config) (*server.Server, int) {
 	port := 10000 + rand.Intn(20000)
-	conf := server.NewConfig()
 	conf.ListenHTTP = fmt.Sprintf(":%d", port)
 	s, err := server.New(conf)
 	if err != nil {

util/content_type_writer.go

@@ -0,0 +1,42 @@
+package util
+
+import (
+	"net/http"
+	"strings"
+)
+
+// ContentTypeWriter is an implementation of http.ResponseWriter that will detect the content type and set the
+// Content-Type and (optionally) Content-Disposition headers accordingly.
+//
+// It will always set a Content-Type based on http.DetectContentType, but will never send the "text/html"
+// content type.
+type ContentTypeWriter struct {
+	w        http.ResponseWriter
+	filename string
+	sniffed  bool
+}
+
+// NewContentTypeWriter creates a new ContentTypeWriter
+func NewContentTypeWriter(w http.ResponseWriter, filename string) *ContentTypeWriter {
+	return &ContentTypeWriter{w, filename, false}
+}
+
+func (w *ContentTypeWriter) Write(p []byte) (n int, err error) {
+	if w.sniffed {
+		return w.w.Write(p)
+	}
+	// Detect and set Content-Type header
+	// Fix content types that we don't want to inline-render in the browser. In particular,
+	// we don't want to render HTML in the browser for security reasons.
+	contentType, _ := DetectContentType(p, w.filename)
+	if strings.HasPrefix(contentType, "text/html") {
+		contentType = strings.ReplaceAll(contentType, "text/html", "text/plain")
+	} else if contentType == "application/octet-stream" {
+		contentType = "" // Reset to let downstream http.ResponseWriter take care of it
+	}
+	if contentType != "" {
+		w.w.Header().Set("Content-Type", contentType)
+	}
+	w.sniffed = true
+	return w.w.Write(p)
+}

util/content_type_writer_test.go

@@ -0,0 +1,57 @@
+package util
+
+import (
+	"crypto/rand"
+	"github.com/stretchr/testify/require"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestSniffWriter_WriteHTML(t *testing.T) {
+	rr := httptest.NewRecorder()
+	sw := NewContentTypeWriter(rr, "")
+	sw.Write([]byte("<script>alert('hi')</script>"))
+	require.Equal(t, "text/plain; charset=utf-8", rr.Header().Get("Content-Type"))
+}
+
+func TestSniffWriter_WriteTwoWriteCalls(t *testing.T) {
+	rr := httptest.NewRecorder()
+	sw := NewContentTypeWriter(rr, "")
+	sw.Write([]byte{0x25, 0x50, 0x44, 0x46, 0x2d, 0x11, 0x22, 0x33})
+	sw.Write([]byte("<script>alert('hi')</script>"))
+	require.Equal(t, "application/pdf", rr.Header().Get("Content-Type"))
+}
+
+func TestSniffWriter_NoSniffWriterWriteHTML(t *testing.T) {
+	// This test just makes sure that without the sniff-w, we would get text/html
+
+	rr := httptest.NewRecorder()
+	rr.Write([]byte("<script>alert('hi')</script>"))
+	require.Equal(t, "text/html; charset=utf-8", rr.Header().Get("Content-Type"))
+}
+
+func TestSniffWriter_WriteHTMLSplitIntoTwoWrites(t *testing.T) {
+	// This test shows how splitting the HTML into two Write() calls will still yield text/plain
+
+	rr := httptest.NewRecorder()
+	sw := NewContentTypeWriter(rr, "")
+	sw.Write([]byte("<scr"))
+	sw.Write([]byte("ipt>alert('hi')</script>"))
+	require.Equal(t, "text/plain; charset=utf-8", rr.Header().Get("Content-Type"))
+}
+
+func TestSniffWriter_WriteUnknownMimeType(t *testing.T) {
+	rr := httptest.NewRecorder()
+	sw := NewContentTypeWriter(rr, "")
+	randomBytes := make([]byte, 199)
+	rand.Read(randomBytes)
+	sw.Write(randomBytes)
+	require.Equal(t, "application/octet-stream", rr.Header().Get("Content-Type"))
+}
+
+func TestSniffWriter_WriteWithFilenameAPK(t *testing.T) {
+	rr := httptest.NewRecorder()
+	sw := NewContentTypeWriter(rr, "https://example.com/ntfy.apk")
+	sw.Write([]byte{0x50, 0x4B, 0x03, 0x04})
+	require.Equal(t, "application/vnd.android.package-archive", rr.Header().Get("Content-Type"))
+}

util/limit.go

@@ -2,59 +2,109 @@ package util
 
 import (
 	"errors"
+	"golang.org/x/time/rate"
+	"io"
 	"sync"
+	"time"
 )
 
 // ErrLimitReached is the error returned by the Limiter and LimitWriter when the predefined limit has been reached
 var ErrLimitReached = errors.New("limit reached")
 
-// Limiter is a helper that allows adding values up to a well-defined limit. Once the limit is reached
+// Limiter is an interface that implements a rate limiting mechanism, e.g. based on time or a fixed value
-// ErrLimitReached will be returned. Limiter may be used by multiple goroutines.
+type Limiter interface {
-type Limiter struct {
+	// Allow adds n to the limiters internal value, or returns ErrLimitReached if the limit has been reached
+	Allow(n int64) error
+}
+
+// FixedLimiter is a helper that allows adding values up to a well-defined limit. Once the limit is reached
+// ErrLimitReached will be returned. FixedLimiter may be used by multiple goroutines.
+type FixedLimiter struct {
 	value int64
 	limit int64
 	mu    sync.Mutex
 }
 
-// NewLimiter creates a new Limiter
+// NewFixedLimiter creates a new Limiter
-func NewLimiter(limit int64) *Limiter {
+func NewFixedLimiter(limit int64) *FixedLimiter {
-	return &Limiter{
+	return &FixedLimiter{
 		limit: limit,
 	}
 }
 
-// Add adds n to the limiters internal value, but only if the limit has not been reached. If the limit would be
+// Allow adds n to the limiters internal value, but only if the limit has not been reached. If the limit was
 // exceeded after adding n, ErrLimitReached is returned.
-func (l *Limiter) Add(n int64) error {
+func (l *FixedLimiter) Allow(n int64) error {
 	l.mu.Lock()
 	defer l.mu.Unlock()
-	if l.limit == 0 {
+	if l.value+n > l.limit {
-		l.value += n
-		return nil
-	} else if l.value+n <= l.limit {
-		l.value += n
-		return nil
-	} else {
 		return ErrLimitReached
 	}
+	l.value += n
+	return nil
+}
+
+// RateLimiter is a Limiter that wraps a rate.Limiter, allowing a floating time-based limit.
+type RateLimiter struct {
+	limiter *rate.Limiter
+}
+
+// NewRateLimiter creates a new RateLimiter
+func NewRateLimiter(r rate.Limit, b int) *RateLimiter {
+	return &RateLimiter{
+		limiter: rate.NewLimiter(r, b),
+	}
 }
 
-// Sub subtracts a value from the limiters internal value
+// NewBytesLimiter creates a RateLimiter that is meant to be used for a bytes-per-interval limit,
-func (l *Limiter) Sub(n int64) {
+// e.g. 250 MB per day. And example of the underlying idea can be found here: https://go.dev/play/p/0ljgzIZQ6dJ
-	l.Add(-n)
+func NewBytesLimiter(bytes int, interval time.Duration) *RateLimiter {
+	return NewRateLimiter(rate.Limit(bytes)*rate.Every(interval), bytes)
 }
 
-// Set sets the value of the limiter to n. This function ignores the limit. It is meant to set the value
+// Allow adds n to the limiters internal value, but only if the limit has not been reached. If the limit was
-// based on reality.
+// exceeded after adding n, ErrLimitReached is returned.
-func (l *Limiter) Set(n int64) {
+func (l *RateLimiter) Allow(n int64) error {
-	l.mu.Lock()
+	if n <= 0 {
-	l.value = n
+		return nil // No-op. Can't take back bytes you're written!
-	l.mu.Unlock()
+	}
+	if !l.limiter.AllowN(time.Now(), int(n)) {
+		return ErrLimitReached
+	}
+	return nil
 }
 
-// Value returns the internal value of the limiter
+// LimitWriter implements an io.Writer that will pass through all Write calls to the underlying
-func (l *Limiter) Value() int64 {
+// writer w until any of the limiter's limit is reached, at which point a Write will return ErrLimitReached.
-	l.mu.Lock()
+// Each limiter's value is increased with every write.
-	defer l.mu.Unlock()
+type LimitWriter struct {
-	return l.value
+	w        io.Writer
+	written  int64
+	limiters []Limiter
+	mu       sync.Mutex
+}
+
+// NewLimitWriter creates a new LimitWriter
+func NewLimitWriter(w io.Writer, limiters ...Limiter) *LimitWriter {
+	return &LimitWriter{
+		w:        w,
+		limiters: limiters,
+	}
+}
+
+// Write passes through all writes to the underlying writer until any of the given limiter's limit is reached
+func (w *LimitWriter) Write(p []byte) (n int, err error) {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	for i := 0; i < len(w.limiters); i++ {
+		if err := w.limiters[i].Allow(int64(len(p))); err != nil {
+			for j := i - 1; j >= 0; j-- {
+				w.limiters[j].Allow(-int64(len(p))) // Revert limiters limits if allowed
+			}
+			return 0, ErrLimitReached
+		}
+	}
+	n, err = w.w.Write(p)
+	w.written += int64(n)
+	return
 }

util/limit_test.go

@@ -1,30 +1,139 @@
 package util
 
 import (
+	"bytes"
+	"github.com/stretchr/testify/require"
 	"testing"
+	"time"
 )
 
-func TestLimiter_Add(t *testing.T) {
+func TestFixedLimiter_Add(t *testing.T) {
-	l := NewLimiter(10)
+	l := NewFixedLimiter(10)
-	if err := l.Add(5); err != nil {
+	if err := l.Allow(5); err != nil {
 		t.Fatal(err)
 	}
-	if err := l.Add(5); err != nil {
+	if err := l.Allow(5); err != nil {
 		t.Fatal(err)
 	}
-	if err := l.Add(5); err != ErrLimitReached {
+	if err := l.Allow(5); err != ErrLimitReached {
 		t.Fatalf("expected ErrLimitReached, got %#v", err)
 	}
 }
 
-func TestLimiter_AddSub(t *testing.T) {
+func TestFixedLimiter_AddSub(t *testing.T) {
-	l := NewLimiter(10)
+	l := NewFixedLimiter(10)
-	l.Add(5)
+	l.Allow(5)
-	if l.Value() != 5 {
+	if l.value != 5 {
-		t.Fatalf("expected value to be %d, got %d", 5, l.Value())
+		t.Fatalf("expected value to be %d, got %d", 5, l.value)
 	}
-	l.Sub(2)
+	l.Allow(-2)
-	if l.Value() != 3 {
+	if l.value != 3 {
-		t.Fatalf("expected value to be %d, got %d", 3, l.Value())
+		t.Fatalf("expected value to be %d, got %d", 7, l.value)
 	}
 }
+
+func TestBytesLimiter_Add_Simple(t *testing.T) {
+	l := NewBytesLimiter(250*1024*1024, 24*time.Hour) // 250 MB per 24h
+	require.Nil(t, l.Allow(100*1024*1024))
+	require.Nil(t, l.Allow(100*1024*1024))
+	require.Equal(t, ErrLimitReached, l.Allow(300*1024*1024))
+}
+
+func TestBytesLimiter_Add_Wait(t *testing.T) {
+	l := NewBytesLimiter(250*1024*1024, 24*time.Hour) // 250 MB per 24h (~ 303 bytes per 100ms)
+	require.Nil(t, l.Allow(250*1024*1024))
+	require.Equal(t, ErrLimitReached, l.Allow(400))
+	time.Sleep(200 * time.Millisecond)
+	require.Nil(t, l.Allow(400))
+}
+
+func TestLimitWriter_WriteNoLimiter(t *testing.T) {
+	var buf bytes.Buffer
+	lw := NewLimitWriter(&buf)
+	if _, err := lw.Write(make([]byte, 10)); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := lw.Write(make([]byte, 1)); err != nil {
+		t.Fatal(err)
+	}
+	if buf.Len() != 11 {
+		t.Fatalf("expected buffer length to be %d, got %d", 11, buf.Len())
+	}
+}
+
+func TestLimitWriter_WriteOneLimiter(t *testing.T) {
+	var buf bytes.Buffer
+	l := NewFixedLimiter(10)
+	lw := NewLimitWriter(&buf, l)
+	if _, err := lw.Write(make([]byte, 10)); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := lw.Write(make([]byte, 1)); err != ErrLimitReached {
+		t.Fatalf("expected ErrLimitReached, got %#v", err)
+	}
+	if buf.Len() != 10 {
+		t.Fatalf("expected buffer length to be %d, got %d", 10, buf.Len())
+	}
+	if l.value != 10 {
+		t.Fatalf("expected limiter value to be %d, got %d", 10, l.value)
+	}
+}
+
+func TestLimitWriter_WriteTwoLimiters(t *testing.T) {
+	var buf bytes.Buffer
+	l1 := NewFixedLimiter(11)
+	l2 := NewFixedLimiter(9)
+	lw := NewLimitWriter(&buf, l1, l2)
+	if _, err := lw.Write(make([]byte, 8)); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := lw.Write(make([]byte, 2)); err != ErrLimitReached {
+		t.Fatalf("expected ErrLimitReached, got %#v", err)
+	}
+	if buf.Len() != 8 {
+		t.Fatalf("expected buffer length to be %d, got %d", 8, buf.Len())
+	}
+	if l1.value != 8 {
+		t.Fatalf("expected limiter 1 value to be %d, got %d", 8, l1.value)
+	}
+	if l2.value != 8 {
+		t.Fatalf("expected limiter 2 value to be %d, got %d", 8, l2.value)
+	}
+}
+
+func TestLimitWriter_WriteTwoDifferentLimiters(t *testing.T) {
+	var buf bytes.Buffer
+	l1 := NewFixedLimiter(32)
+	l2 := NewBytesLimiter(8, 200*time.Millisecond)
+	lw := NewLimitWriter(&buf, l1, l2)
+	_, err := lw.Write(make([]byte, 8))
+	require.Nil(t, err)
+	_, err = lw.Write(make([]byte, 4))
+	require.Equal(t, ErrLimitReached, err)
+}
+
+func TestLimitWriter_WriteTwoDifferentLimiters_Wait(t *testing.T) {
+	var buf bytes.Buffer
+	l1 := NewFixedLimiter(32)
+	l2 := NewBytesLimiter(8, 200*time.Millisecond)
+	lw := NewLimitWriter(&buf, l1, l2)
+	_, err := lw.Write(make([]byte, 8))
+	require.Nil(t, err)
+	time.Sleep(250 * time.Millisecond)
+	_, err = lw.Write(make([]byte, 8))
+	require.Nil(t, err)
+	_, err = lw.Write(make([]byte, 4))
+	require.Equal(t, ErrLimitReached, err)
+}
+
+func TestLimitWriter_WriteTwoDifferentLimiters_Wait_FixedLimiterFail(t *testing.T) {
+	var buf bytes.Buffer
+	l1 := NewFixedLimiter(11) // <<< This fails below
+	l2 := NewBytesLimiter(8, 200*time.Millisecond)
+	lw := NewLimitWriter(&buf, l1, l2)
+	_, err := lw.Write(make([]byte, 8))
+	require.Nil(t, err)
+	time.Sleep(250 * time.Millisecond)
+	_, err = lw.Write(make([]byte, 8)) // <<< FixedLimiter fails
+	require.Equal(t, ErrLimitReached, err)
+}

util/peak.go

@@ -0,0 +1,61 @@
+package util
+
+import (
+	"bytes"
+	"io"
+	"strings"
+)
+
+// PeakedReadCloser is a ReadCloser that allows peaking into a stream and buffering it in memory.
+// It can be instantiated using the Peak function. After a stream has been peaked, it can still be fully
+// read by reading the PeakedReadCloser. It first drained from the memory buffer, and then from the remaining
+// underlying reader.
+type PeakedReadCloser struct {
+	PeakedBytes  []byte
+	LimitReached bool
+	peaked       io.Reader
+	underlying   io.ReadCloser
+	closed       bool
+}
+
+// Peak reads the underlying ReadCloser into memory up until the limit and returns a PeakedReadCloser
+func Peak(underlying io.ReadCloser, limit int) (*PeakedReadCloser, error) {
+	if underlying == nil {
+		underlying = io.NopCloser(strings.NewReader(""))
+	}
+	peaked := make([]byte, limit)
+	read, err := io.ReadFull(underlying, peaked)
+	if err != nil && err != io.ErrUnexpectedEOF && err != io.EOF {
+		return nil, err
+	}
+	return &PeakedReadCloser{
+		PeakedBytes:  peaked[:read],
+		LimitReached: read == limit,
+		underlying:   underlying,
+		peaked:       bytes.NewReader(peaked[:read]),
+		closed:       false,
+	}, nil
+}
+
+// Read reads from the peaked bytes and then from the underlying stream
+func (r *PeakedReadCloser) Read(p []byte) (n int, err error) {
+	if r.closed {
+		return 0, io.EOF
+	}
+	n, err = r.peaked.Read(p)
+	if err == io.EOF {
+		return r.underlying.Read(p)
+	} else if err != nil {
+		return 0, err
+	}
+	return
+}
+
+// Close closes the underlying stream
+func (r *PeakedReadCloser) Close() error {
+	if r.closed {
+		return io.EOF
+	}
+	r.closed = true
+	return r.underlying.Close()
+}

util/peak_test.go

@@ -0,0 +1,55 @@
+package util
+
+import (
+	"github.com/stretchr/testify/require"
+	"io"
+	"strings"
+	"testing"
+)
+
+func TestPeak_LimitReached(t *testing.T) {
+	underlying := io.NopCloser(strings.NewReader("1234567890"))
+	peaked, err := Peak(underlying, 5)
+	if err != nil {
+		t.Fatal(err)
+	}
+	require.Equal(t, []byte("12345"), peaked.PeakedBytes)
+	require.Equal(t, true, peaked.LimitReached)
+
+	all, err := io.ReadAll(peaked)
+	if err != nil {
+		t.Fatal(err)
+	}
+	require.Equal(t, []byte("1234567890"), all)
+	require.Equal(t, []byte("12345"), peaked.PeakedBytes)
+	require.Equal(t, true, peaked.LimitReached)
+}
+
+func TestPeak_LimitNotReached(t *testing.T) {
+	underlying := io.NopCloser(strings.NewReader("1234567890"))
+	peaked, err := Peak(underlying, 15)
+	if err != nil {
+		t.Fatal(err)
+	}
+	all, err := io.ReadAll(peaked)
+	if err != nil {
+		t.Fatal(err)
+	}
+	require.Equal(t, []byte("1234567890"), all)
+	require.Equal(t, []byte("1234567890"), peaked.PeakedBytes)
+	require.Equal(t, false, peaked.LimitReached)
+}
+
+func TestPeak_Nil(t *testing.T) {
+	peaked, err := Peak(nil, 15)
+	if err != nil {
+		t.Fatal(err)
+	}
+	all, err := io.ReadAll(peaked)
+	if err != nil {
+		t.Fatal(err)
+	}
+	require.Equal(t, []byte(""), all)
+	require.Equal(t, []byte(""), peaked.PeakedBytes)
+	require.Equal(t, false, peaked.LimitReached)
+}

util/util.go

@@ -3,8 +3,11 @@ package util
 import (
 	"errors"
 	"fmt"
+	"github.com/gabriel-vasile/mimetype"
 	"math/rand"
 	"os"
+	"regexp"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -15,9 +18,9 @@ const (
 )
 
 var (
-	random      = rand.New(rand.NewSource(time.Now().UnixNano()))
+	random             = rand.New(rand.NewSource(time.Now().UnixNano()))
-	randomMutex = sync.Mutex{}
+	randomMutex        = sync.Mutex{}
-
+	sizeStrRegex       = regexp.MustCompile(`(?i)^(\d+)([gmkb])?$`)
 	errInvalidPriority = errors.New("invalid priority")
 )
 
@@ -134,7 +137,68 @@ func ParsePriority(priority string) (int, error) {
 	}
 }
 
+// PriorityString converts a priority number to a string
+func PriorityString(priority int) (string, error) {
+	switch priority {
+	case 0:
+		return "default", nil
+	case 1:
+		return "min", nil
+	case 2:
+		return "low", nil
+	case 3:
+		return "default", nil
+	case 4:
+		return "high", nil
+	case 5:
+		return "max", nil
+	default:
+		return "", errInvalidPriority
+	}
+}
+
 // ExpandHome replaces "~" with the user's home directory
 func ExpandHome(path string) string {
 	return os.ExpandEnv(strings.ReplaceAll(path, "~", "$HOME"))
 }
+
+// ShortTopicURL shortens the topic URL to be human-friendly, removing the http:// or https://
+func ShortTopicURL(s string) string {
+	return strings.TrimPrefix(strings.TrimPrefix(s, "https://"), "http://")
+}
+
+// DetectContentType probes the byte array b and returns mime type and file extension.
+// The filename is only used to override certain special cases.
+func DetectContentType(b []byte, filename string) (mimeType string, ext string) {
+	if strings.HasSuffix(strings.ToLower(filename), ".apk") {
+		return "application/vnd.android.package-archive", ".apk"
+	}
+	m := mimetype.Detect(b)
+	mimeType, ext = m.String(), m.Extension()
+	if ext == "" {
+		ext = ".bin"
+	}
+	return
+}
+
+// ParseSize parses a size string like 2K or 2M into bytes. If no unit is found, e.g. 123, bytes is assumed.
+func ParseSize(s string) (int64, error) {
+	matches := sizeStrRegex.FindStringSubmatch(s)
+	if matches == nil {
+		return -1, fmt.Errorf("invalid size %s", s)
+	}
+	value, err := strconv.Atoi(matches[1])
+	if err != nil {
+		return -1, fmt.Errorf("cannot convert number %s", matches[1])
+	}
+	switch strings.ToUpper(matches[2]) {
+	case "G":
+		return int64(value) * 1024 * 1024 * 1024, nil
+	case "M":
+		return int64(value) * 1024 * 1024, nil
+	case "K":
+		return int64(value) * 1024, nil
+	default:
+		return int64(value), nil
+	}
+}

util/util_test.go

@@ -100,3 +100,55 @@ func TestParsePriority_Invalid(t *testing.T) {
 		require.Equal(t, errInvalidPriority, err)
 	}
 }
+
+func TestPriorityString(t *testing.T) {
+	priorities := []int{0, 1, 2, 3, 4, 5}
+	expected := []string{"default", "min", "low", "default", "high", "max"}
+	for i, priority := range priorities {
+		actual, err := PriorityString(priority)
+		require.Nil(t, err)
+		require.Equal(t, expected[i], actual)
+	}
+}
+
+func TestPriorityString_Invalid(t *testing.T) {
+	_, err := PriorityString(99)
+	require.Equal(t, err, errInvalidPriority)
+}
+
+func TestShortTopicURL(t *testing.T) {
+	require.Equal(t, "ntfy.sh/mytopic", ShortTopicURL("https://ntfy.sh/mytopic"))
+	require.Equal(t, "ntfy.sh/mytopic", ShortTopicURL("http://ntfy.sh/mytopic"))
+	require.Equal(t, "lalala", ShortTopicURL("lalala"))
+}
+
+func TestParseSize_10GSuccess(t *testing.T) {
+	s, err := ParseSize("10G")
+	if err != nil {
+		t.Fatal(err)
+	}
+	require.Equal(t, int64(10*1024*1024*1024), s)
+}
+
+func TestParseSize_10MUpperCaseSuccess(t *testing.T) {
+	s, err := ParseSize("10M")
+	if err != nil {
+		t.Fatal(err)
+	}
+	require.Equal(t, int64(10*1024*1024), s)
+}
+
+func TestParseSize_10kLowerCaseSuccess(t *testing.T) {
+	s, err := ParseSize("10k")
+	if err != nil {
+		t.Fatal(err)
+	}
+	require.Equal(t, int64(10*1024), s)
+}
+
+func TestParseSize_FailureInvalid(t *testing.T) {
+	_, err := ParseSize("not a size")
+	if err == nil {
+		t.Fatalf("expected error, but got none")
+	}
+}