parra/ntfy
parra/ntfy
1
0
Fork 0
mirror of https://github.com/binwiederhier/ntfy.git synced 2025-11-29 19:59:59 +01:00
Code Releases Activity

Adding test and some docs

Browse source
This commit is contained in:
Kyle Duren 2025-01-06 00:57:53 +00:00
parent 926967b6e7
commit 20c014ba8d
2 changed files with 18 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
docs/config.md
View file

@ -555,12 +555,13 @@ Whatever your reasons may be, there are a few things to consider.
If you are running ntfy behind a proxy, you should set the `behind-proxy` flag. This will instruct the If you are running ntfy behind a proxy, you should set the `behind-proxy` flag. This will instruct the
[rate limiting](#rate-limiting) logic to use the `X-Forwarded-For` header as the primary identifier for a visitor, [rate limiting](#rate-limiting) logic to use the `X-Forwarded-For` header as the primary identifier for a visitor,
as opposed to the remote IP address. If the `behind-proxy` flag is not set, all visitors will as opposed to the remote IP address. If the `behind-proxy` flag is not set, all visitors will
be counted as one, because from the perspective of the ntfy server, they all share the proxy's IP address. be counted as one, because from the perspective of the ntfy server, they all share the proxy's IP address. If your proxy or CDN provider uses a custom header to securely pass the source IP/Client IP to your application, you can specify that header instead of using the XFF. Using the custom header (unique per provide/cdn/proxy), will disable the use of the XFF header.
=== "/etc/ntfy/server.yml" === "/etc/ntfy/server.yml"
``` yaml ``` yaml
# Tell ntfy to use "X-Forwarded-For" to identify visitors # Tell ntfy to use "X-Forwarded-For" to identify visitors
behind-proxy: true behind-proxy: true
proxy-client-ip-header: "X-Client-IP"
``` ```
### TLS/SSL ### TLS/SSL

18
server/server_test.go
View file

@ -7,8 +7,6 @@ import (
"encoding/base64" "encoding/base64"
"encoding/json" "encoding/json"
"fmt" "fmt"
"golang.org/x/crypto/bcrypt"
"heckel.io/ntfy/v2/user"
"io" "io"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
@ -22,6 +20,9 @@ import (
"testing" "testing"
"time" "time"
"golang.org/x/crypto/bcrypt"
"heckel.io/ntfy/v2/user"
"github.com/SherClockHolmes/webpush-go" "github.com/SherClockHolmes/webpush-go"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"heckel.io/ntfy/v2/log" "heckel.io/ntfy/v2/log"
@ -2181,6 +2182,19 @@ func TestServer_Visitor_XForwardedFor_Multiple(t *testing.T) {
require.Equal(t, "234.5.2.1", v.ip.String()) require.Equal(t, "234.5.2.1", v.ip.String())
} }
func TestServer_Visitor_Custom_ClientIP_Header(t *testing.T) {
c := newTestConfig(t)
c.BehindProxy = true
c.ProxyClientIPHeader = "X-Client-IP"
s := newTestServer(t, c)
r, _ := http.NewRequest("GET", "/bla", nil)
r.RemoteAddr = "8.9.10.11"
r.Header.Set("X-Client-IP", "1.2.3.4")
v, err := s.maybeAuthenticate(r)
require.Nil(t, err)
require.Equal(t, "1.2.3.4", v.ip.String())
}
func TestServer_PublishWhileUpdatingStatsWithLotsOfMessages(t *testing.T) { func TestServer_PublishWhileUpdatingStatsWithLotsOfMessages(t *testing.T) {
t.Parallel() t.Parallel()
count := 50000 count := 50000