diff --git a/cmd/serve.go b/cmd/serve.go index 9fcf550c..62e0a14a 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -6,23 +6,22 @@ import ( "errors" "fmt" "github.com/stripe/stripe-go/v74" + "github.com/urfave/cli/v2" + "github.com/urfave/cli/v2/altsrc" + "heckel.io/ntfy/v2/log" + "heckel.io/ntfy/v2/server" "heckel.io/ntfy/v2/user" + "heckel.io/ntfy/v2/util" "io/fs" "math" "net" "net/netip" + "net/url" "os" "os/signal" "strings" "syscall" "time" - - "heckel.io/ntfy/v2/log" - - "github.com/urfave/cli/v2" - "github.com/urfave/cli/v2/altsrc" - "heckel.io/ntfy/v2/server" - "heckel.io/ntfy/v2/util" ) func init() { @@ -35,7 +34,7 @@ const ( var flagsServe = append( append([]cli.Flag{}, flagsDefault...), - &cli.StringFlag{Name: "config", Aliases: []string{"c"}, EnvVars: []string{"NTFY_CONFIG_FILE"}, Value: defaultServerConfigFile, DefaultText: defaultServerConfigFile, Usage: "config file"}, + &cli.StringFlag{Name: "config", Aliases: []string{"c"}, EnvVars: []string{"NTFY_CONFIG_FILE"}, Value: defaultServerConfigFile, Usage: "config file"}, altsrc.NewStringFlag(&cli.StringFlag{Name: "base-url", Aliases: []string{"base_url", "B"}, EnvVars: []string{"NTFY_BASE_URL"}, Usage: "externally visible base URL for this host (e.g. https://ntfy.sh)"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "listen-http", Aliases: []string{"listen_http", "l"}, EnvVars: []string{"NTFY_LISTEN_HTTP"}, Value: server.DefaultListenHTTP, Usage: "ip:port used as HTTP listen address"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "listen-https", Aliases: []string{"listen_https", "L"}, EnvVars: []string{"NTFY_LISTEN_HTTPS"}, Usage: "ip:port used as HTTPS listen address"}), @@ -45,19 +44,19 @@ var flagsServe = append( altsrc.NewStringFlag(&cli.StringFlag{Name: "cert-file", Aliases: []string{"cert_file", "E"}, EnvVars: []string{"NTFY_CERT_FILE"}, Usage: "certificate file, if listen-https is set"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "firebase-key-file", Aliases: []string{"firebase_key_file", "F"}, EnvVars: []string{"NTFY_FIREBASE_KEY_FILE"}, Usage: "Firebase credentials file; if set additionally publish to FCM topic"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "cache-file", Aliases: []string{"cache_file", "C"}, EnvVars: []string{"NTFY_CACHE_FILE"}, Usage: "cache file used for message caching"}), - altsrc.NewDurationFlag(&cli.DurationFlag{Name: "cache-duration", Aliases: []string{"cache_duration", "b"}, EnvVars: []string{"NTFY_CACHE_DURATION"}, Value: server.DefaultCacheDuration, Usage: "buffer messages for this time to allow `since` requests"}), + altsrc.NewStringFlag(&cli.StringFlag{Name: "cache-duration", Aliases: []string{"cache_duration", "b"}, EnvVars: []string{"NTFY_CACHE_DURATION"}, Value: util.FormatDuration(server.DefaultCacheDuration), Usage: "buffer messages for this time to allow `since` requests"}), altsrc.NewIntFlag(&cli.IntFlag{Name: "cache-batch-size", Aliases: []string{"cache_batch_size"}, EnvVars: []string{"NTFY_BATCH_SIZE"}, Usage: "max size of messages to batch together when writing to message cache (if zero, writes are synchronous)"}), - altsrc.NewDurationFlag(&cli.DurationFlag{Name: "cache-batch-timeout", Aliases: []string{"cache_batch_timeout"}, EnvVars: []string{"NTFY_CACHE_BATCH_TIMEOUT"}, Usage: "timeout for batched async writes to the message cache (if zero, writes are synchronous)"}), + altsrc.NewStringFlag(&cli.StringFlag{Name: "cache-batch-timeout", Aliases: []string{"cache_batch_timeout"}, EnvVars: []string{"NTFY_CACHE_BATCH_TIMEOUT"}, Value: util.FormatDuration(server.DefaultCacheBatchTimeout), Usage: "timeout for batched async writes to the message cache (if zero, writes are synchronous)"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "cache-startup-queries", Aliases: []string{"cache_startup_queries"}, EnvVars: []string{"NTFY_CACHE_STARTUP_QUERIES"}, Usage: "queries run when the cache database is initialized"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "auth-file", Aliases: []string{"auth_file", "H"}, EnvVars: []string{"NTFY_AUTH_FILE"}, Usage: "auth database file used for access control"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "auth-startup-queries", Aliases: []string{"auth_startup_queries"}, EnvVars: []string{"NTFY_AUTH_STARTUP_QUERIES"}, Usage: "queries run when the auth database is initialized"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "auth-default-access", Aliases: []string{"auth_default_access", "p"}, EnvVars: []string{"NTFY_AUTH_DEFAULT_ACCESS"}, Value: "read-write", Usage: "default permissions if no matching entries in the auth database are found"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "attachment-cache-dir", Aliases: []string{"attachment_cache_dir"}, EnvVars: []string{"NTFY_ATTACHMENT_CACHE_DIR"}, Usage: "cache directory for attached files"}), - altsrc.NewStringFlag(&cli.StringFlag{Name: "attachment-total-size-limit", Aliases: []string{"attachment_total_size_limit", "A"}, EnvVars: []string{"NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT"}, DefaultText: "5G", Usage: "limit of the on-disk attachment cache"}), - altsrc.NewStringFlag(&cli.StringFlag{Name: "attachment-file-size-limit", Aliases: []string{"attachment_file_size_limit", "Y"}, EnvVars: []string{"NTFY_ATTACHMENT_FILE_SIZE_LIMIT"}, DefaultText: "15M", Usage: "per-file attachment size limit (e.g. 300k, 2M, 100M)"}), - altsrc.NewDurationFlag(&cli.DurationFlag{Name: "attachment-expiry-duration", Aliases: []string{"attachment_expiry_duration", "X"}, EnvVars: []string{"NTFY_ATTACHMENT_EXPIRY_DURATION"}, Value: server.DefaultAttachmentExpiryDuration, DefaultText: "3h", Usage: "duration after which uploaded attachments will be deleted (e.g. 3h, 20h)"}), - altsrc.NewDurationFlag(&cli.DurationFlag{Name: "keepalive-interval", Aliases: []string{"keepalive_interval", "k"}, EnvVars: []string{"NTFY_KEEPALIVE_INTERVAL"}, Value: server.DefaultKeepaliveInterval, Usage: "interval of keepalive messages"}), - altsrc.NewDurationFlag(&cli.DurationFlag{Name: "manager-interval", Aliases: []string{"manager_interval", "m"}, EnvVars: []string{"NTFY_MANAGER_INTERVAL"}, Value: server.DefaultManagerInterval, Usage: "interval of for message pruning and stats printing"}), + altsrc.NewStringFlag(&cli.StringFlag{Name: "attachment-total-size-limit", Aliases: []string{"attachment_total_size_limit", "A"}, EnvVars: []string{"NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT"}, Value: util.FormatSize(server.DefaultAttachmentTotalSizeLimit), Usage: "limit of the on-disk attachment cache"}), + altsrc.NewStringFlag(&cli.StringFlag{Name: "attachment-file-size-limit", Aliases: []string{"attachment_file_size_limit", "Y"}, EnvVars: []string{"NTFY_ATTACHMENT_FILE_SIZE_LIMIT"}, Value: util.FormatSize(server.DefaultAttachmentFileSizeLimit), Usage: "per-file attachment size limit (e.g. 300k, 2M, 100M)"}), + altsrc.NewStringFlag(&cli.StringFlag{Name: "attachment-expiry-duration", Aliases: []string{"attachment_expiry_duration", "X"}, EnvVars: []string{"NTFY_ATTACHMENT_EXPIRY_DURATION"}, Value: util.FormatDuration(server.DefaultAttachmentExpiryDuration), Usage: "duration after which uploaded attachments will be deleted (e.g. 3h, 20h)"}), + altsrc.NewStringFlag(&cli.StringFlag{Name: "keepalive-interval", Aliases: []string{"keepalive_interval", "k"}, EnvVars: []string{"NTFY_KEEPALIVE_INTERVAL"}, Value: util.FormatDuration(server.DefaultKeepaliveInterval), Usage: "interval of keepalive messages"}), + altsrc.NewStringFlag(&cli.StringFlag{Name: "manager-interval", Aliases: []string{"manager_interval", "m"}, EnvVars: []string{"NTFY_MANAGER_INTERVAL"}, Value: util.FormatDuration(server.DefaultManagerInterval), Usage: "interval of for message pruning and stats printing"}), altsrc.NewStringSliceFlag(&cli.StringSliceFlag{Name: "disallowed-topics", Aliases: []string{"disallowed_topics"}, EnvVars: []string{"NTFY_DISALLOWED_TOPICS"}, Usage: "topics that are not allowed to be used"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "web-root", Aliases: []string{"web_root"}, EnvVars: []string{"NTFY_WEB_ROOT"}, Value: "/", Usage: "sets root of the web app (e.g. /, or /app), or disables it (disable)"}), altsrc.NewBoolFlag(&cli.BoolFlag{Name: "enable-signup", Aliases: []string{"enable_signup"}, EnvVars: []string{"NTFY_ENABLE_SIGNUP"}, Value: false, Usage: "allows users to sign up via the web app, or API"}), @@ -76,16 +75,18 @@ var flagsServe = append( altsrc.NewStringFlag(&cli.StringFlag{Name: "twilio-auth-token", Aliases: []string{"twilio_auth_token"}, EnvVars: []string{"NTFY_TWILIO_AUTH_TOKEN"}, Usage: "Twilio auth token"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "twilio-phone-number", Aliases: []string{"twilio_phone_number"}, EnvVars: []string{"NTFY_TWILIO_PHONE_NUMBER"}, Usage: "Twilio number to use for outgoing calls"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "twilio-verify-service", Aliases: []string{"twilio_verify_service"}, EnvVars: []string{"NTFY_TWILIO_VERIFY_SERVICE"}, Usage: "Twilio Verify service ID, used for phone number verification"}), + altsrc.NewStringFlag(&cli.StringFlag{Name: "message-size-limit", Aliases: []string{"message_size_limit"}, EnvVars: []string{"NTFY_MESSAGE_SIZE_LIMIT"}, Value: util.FormatSize(server.DefaultMessageSizeLimit), Usage: "size limit for the message (see docs for limitations)"}), + altsrc.NewStringFlag(&cli.StringFlag{Name: "message-delay-limit", Aliases: []string{"message_delay_limit"}, EnvVars: []string{"NTFY_MESSAGE_DELAY_LIMIT"}, Value: util.FormatDuration(server.DefaultMessageDelayMax), Usage: "max duration a message can be scheduled into the future"}), altsrc.NewIntFlag(&cli.IntFlag{Name: "global-topic-limit", Aliases: []string{"global_topic_limit", "T"}, EnvVars: []string{"NTFY_GLOBAL_TOPIC_LIMIT"}, Value: server.DefaultTotalTopicLimit, Usage: "total number of topics allowed"}), altsrc.NewIntFlag(&cli.IntFlag{Name: "visitor-subscription-limit", Aliases: []string{"visitor_subscription_limit"}, EnvVars: []string{"NTFY_VISITOR_SUBSCRIPTION_LIMIT"}, Value: server.DefaultVisitorSubscriptionLimit, Usage: "number of subscriptions per visitor"}), - altsrc.NewStringFlag(&cli.StringFlag{Name: "visitor-attachment-total-size-limit", Aliases: []string{"visitor_attachment_total_size_limit"}, EnvVars: []string{"NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT"}, Value: "100M", Usage: "total storage limit used for attachments per visitor"}), + altsrc.NewStringFlag(&cli.StringFlag{Name: "visitor-attachment-total-size-limit", Aliases: []string{"visitor_attachment_total_size_limit"}, EnvVars: []string{"NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT"}, Value: util.FormatSize(server.DefaultVisitorAttachmentTotalSizeLimit), Usage: "total storage limit used for attachments per visitor"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "visitor-attachment-daily-bandwidth-limit", Aliases: []string{"visitor_attachment_daily_bandwidth_limit"}, EnvVars: []string{"NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT"}, Value: "500M", Usage: "total daily attachment download/upload bandwidth limit per visitor"}), altsrc.NewIntFlag(&cli.IntFlag{Name: "visitor-request-limit-burst", Aliases: []string{"visitor_request_limit_burst"}, EnvVars: []string{"NTFY_VISITOR_REQUEST_LIMIT_BURST"}, Value: server.DefaultVisitorRequestLimitBurst, Usage: "initial limit of requests per visitor"}), - altsrc.NewDurationFlag(&cli.DurationFlag{Name: "visitor-request-limit-replenish", Aliases: []string{"visitor_request_limit_replenish"}, EnvVars: []string{"NTFY_VISITOR_REQUEST_LIMIT_REPLENISH"}, Value: server.DefaultVisitorRequestLimitReplenish, Usage: "interval at which burst limit is replenished (one per x)"}), + altsrc.NewStringFlag(&cli.StringFlag{Name: "visitor-request-limit-replenish", Aliases: []string{"visitor_request_limit_replenish"}, EnvVars: []string{"NTFY_VISITOR_REQUEST_LIMIT_REPLENISH"}, Value: util.FormatDuration(server.DefaultVisitorRequestLimitReplenish), Usage: "interval at which burst limit is replenished (one per x)"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "visitor-request-limit-exempt-hosts", Aliases: []string{"visitor_request_limit_exempt_hosts"}, EnvVars: []string{"NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS"}, Value: "", Usage: "hostnames and/or IP addresses of hosts that will be exempt from the visitor request limit"}), altsrc.NewIntFlag(&cli.IntFlag{Name: "visitor-message-daily-limit", Aliases: []string{"visitor_message_daily_limit"}, EnvVars: []string{"NTFY_VISITOR_MESSAGE_DAILY_LIMIT"}, Value: server.DefaultVisitorMessageDailyLimit, Usage: "max messages per visitor per day, derived from request limit if unset"}), altsrc.NewIntFlag(&cli.IntFlag{Name: "visitor-email-limit-burst", Aliases: []string{"visitor_email_limit_burst"}, EnvVars: []string{"NTFY_VISITOR_EMAIL_LIMIT_BURST"}, Value: server.DefaultVisitorEmailLimitBurst, Usage: "initial limit of e-mails per visitor"}), - altsrc.NewDurationFlag(&cli.DurationFlag{Name: "visitor-email-limit-replenish", Aliases: []string{"visitor_email_limit_replenish"}, EnvVars: []string{"NTFY_VISITOR_EMAIL_LIMIT_REPLENISH"}, Value: server.DefaultVisitorEmailLimitReplenish, Usage: "interval at which burst limit is replenished (one per x)"}), + altsrc.NewStringFlag(&cli.StringFlag{Name: "visitor-email-limit-replenish", Aliases: []string{"visitor_email_limit_replenish"}, EnvVars: []string{"NTFY_VISITOR_EMAIL_LIMIT_REPLENISH"}, Value: util.FormatDuration(server.DefaultVisitorEmailLimitReplenish), Usage: "interval at which burst limit is replenished (one per x)"}), altsrc.NewBoolFlag(&cli.BoolFlag{Name: "visitor-subscriber-rate-limiting", Aliases: []string{"visitor_subscriber_rate_limiting"}, EnvVars: []string{"NTFY_VISITOR_SUBSCRIBER_RATE_LIMITING"}, Value: false, Usage: "enables subscriber-based rate limiting"}), altsrc.NewBoolFlag(&cli.BoolFlag{Name: "behind-proxy", Aliases: []string{"behind_proxy", "P"}, EnvVars: []string{"NTFY_BEHIND_PROXY"}, Value: false, Usage: "if set, use X-Forwarded-For header to determine visitor IP address (for rate limiting)"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "stripe-secret-key", Aliases: []string{"stripe_secret_key"}, EnvVars: []string{"NTFY_STRIPE_SECRET_KEY"}, Value: "", Usage: "key used for the Stripe API communication, this enables payments"}), @@ -126,7 +127,7 @@ func execServe(c *cli.Context) error { // Read all the options config := c.String("config") - baseURL := c.String("base-url") + baseURL := strings.TrimSuffix(c.String("base-url"), "/") listenHTTP := c.String("listen-http") listenHTTPS := c.String("listen-https") listenUnix := c.String("listen-unix") @@ -140,19 +141,19 @@ func execServe(c *cli.Context) error { webPushEmailAddress := c.String("web-push-email-address") webPushStartupQueries := c.String("web-push-startup-queries") cacheFile := c.String("cache-file") - cacheDuration := c.Duration("cache-duration") + cacheDurationStr := c.String("cache-duration") cacheStartupQueries := c.String("cache-startup-queries") cacheBatchSize := c.Int("cache-batch-size") - cacheBatchTimeout := c.Duration("cache-batch-timeout") + cacheBatchTimeoutStr := c.String("cache-batch-timeout") authFile := c.String("auth-file") authStartupQueries := c.String("auth-startup-queries") authDefaultAccess := c.String("auth-default-access") attachmentCacheDir := c.String("attachment-cache-dir") attachmentTotalSizeLimitStr := c.String("attachment-total-size-limit") attachmentFileSizeLimitStr := c.String("attachment-file-size-limit") - attachmentExpiryDuration := c.Duration("attachment-expiry-duration") - keepaliveInterval := c.Duration("keepalive-interval") - managerInterval := c.Duration("manager-interval") + attachmentExpiryDurationStr := c.String("attachment-expiry-duration") + keepaliveIntervalStr := c.String("keepalive-interval") + managerIntervalStr := c.String("manager-interval") disallowedTopics := c.StringSlice("disallowed-topics") webRoot := c.String("web-root") enableSignup := c.Bool("enable-signup") @@ -171,17 +172,19 @@ func execServe(c *cli.Context) error { twilioAuthToken := c.String("twilio-auth-token") twilioPhoneNumber := c.String("twilio-phone-number") twilioVerifyService := c.String("twilio-verify-service") + messageSizeLimitStr := c.String("message-size-limit") + messageDelayLimitStr := c.String("message-delay-limit") totalTopicLimit := c.Int("global-topic-limit") visitorSubscriptionLimit := c.Int("visitor-subscription-limit") visitorSubscriberRateLimiting := c.Bool("visitor-subscriber-rate-limiting") visitorAttachmentTotalSizeLimitStr := c.String("visitor-attachment-total-size-limit") visitorAttachmentDailyBandwidthLimitStr := c.String("visitor-attachment-daily-bandwidth-limit") visitorRequestLimitBurst := c.Int("visitor-request-limit-burst") - visitorRequestLimitReplenish := c.Duration("visitor-request-limit-replenish") + visitorRequestLimitReplenishStr := c.String("visitor-request-limit-replenish") visitorRequestLimitExemptHosts := util.SplitNoEmpty(c.String("visitor-request-limit-exempt-hosts"), ",") visitorMessageDailyLimit := c.Int("visitor-message-daily-limit") visitorEmailLimitBurst := c.Int("visitor-email-limit-burst") - visitorEmailLimitReplenish := c.Duration("visitor-email-limit-replenish") + visitorEmailLimitReplenishStr := c.String("visitor-email-limit-replenish") behindProxy := c.Bool("behind-proxy") stripeSecretKey := c.String("stripe-secret-key") stripeWebhookKey := c.String("stripe-webhook-key") @@ -190,6 +193,64 @@ func execServe(c *cli.Context) error { enableMetrics := c.Bool("enable-metrics") || metricsListenHTTP != "" profileListenHTTP := c.String("profile-listen-http") + // Convert durations + cacheDuration, err := util.ParseDuration(cacheDurationStr) + if err != nil { + return fmt.Errorf("invalid cache duration: %s", cacheDurationStr) + } + cacheBatchTimeout, err := util.ParseDuration(cacheBatchTimeoutStr) + if err != nil { + return fmt.Errorf("invalid cache batch timeout: %s", cacheBatchTimeoutStr) + } + attachmentExpiryDuration, err := util.ParseDuration(attachmentExpiryDurationStr) + if err != nil { + return fmt.Errorf("invalid attachment expiry duration: %s", attachmentExpiryDurationStr) + } + keepaliveInterval, err := util.ParseDuration(keepaliveIntervalStr) + if err != nil { + return fmt.Errorf("invalid keepalive interval: %s", keepaliveIntervalStr) + } + managerInterval, err := util.ParseDuration(managerIntervalStr) + if err != nil { + return fmt.Errorf("invalid manager interval: %s", managerIntervalStr) + } + messageDelayLimit, err := util.ParseDuration(messageDelayLimitStr) + if err != nil { + return fmt.Errorf("invalid message delay limit: %s", messageDelayLimitStr) + } + visitorRequestLimitReplenish, err := util.ParseDuration(visitorRequestLimitReplenishStr) + if err != nil { + return fmt.Errorf("invalid visitor request limit replenish: %s", visitorRequestLimitReplenishStr) + } + visitorEmailLimitReplenish, err := util.ParseDuration(visitorEmailLimitReplenishStr) + if err != nil { + return fmt.Errorf("invalid visitor email limit replenish: %s", visitorEmailLimitReplenishStr) + } + + // Convert sizes to bytes + messageSizeLimit, err := util.ParseSize(messageSizeLimitStr) + if err != nil { + return fmt.Errorf("invalid message size limit: %s", messageSizeLimitStr) + } + attachmentTotalSizeLimit, err := util.ParseSize(attachmentTotalSizeLimitStr) + if err != nil { + return fmt.Errorf("invalid attachment total size limit: %s", attachmentTotalSizeLimitStr) + } + attachmentFileSizeLimit, err := util.ParseSize(attachmentFileSizeLimitStr) + if err != nil { + return fmt.Errorf("invalid attachment file size limit: %s", attachmentFileSizeLimitStr) + } + visitorAttachmentTotalSizeLimit, err := util.ParseSize(visitorAttachmentTotalSizeLimitStr) + if err != nil { + return fmt.Errorf("invalid visitor attachment total size limit: %s", visitorAttachmentTotalSizeLimitStr) + } + visitorAttachmentDailyBandwidthLimit, err := util.ParseSize(visitorAttachmentDailyBandwidthLimitStr) + if err != nil { + return fmt.Errorf("invalid visitor attachment daily bandwidth limit: %s", visitorAttachmentDailyBandwidthLimitStr) + } else if visitorAttachmentDailyBandwidthLimit > math.MaxInt { + return fmt.Errorf("config option visitor-attachment-daily-bandwidth-limit must be lower than %d", math.MaxInt) + } + // Check values if firebaseKeyFile != "" && !util.FileExists(firebaseKeyFile) { return errors.New("if set, FCM key file must exist") @@ -213,10 +274,15 @@ func execServe(c *cli.Context) error { return errors.New("if smtp-server-listen is set, smtp-server-domain must also be set") } else if attachmentCacheDir != "" && baseURL == "" { return errors.New("if attachment-cache-dir is set, base-url must also be set") - } else if baseURL != "" && !strings.HasPrefix(baseURL, "http://") && !strings.HasPrefix(baseURL, "https://") { - return errors.New("if set, base-url must start with http:// or https://") - } else if baseURL != "" && strings.HasSuffix(baseURL, "/") { - return errors.New("if set, base-url must not end with a slash (/)") + } else if baseURL != "" { + u, err := url.Parse(baseURL) + if err != nil { + return fmt.Errorf("if set, base-url must be a valid URL, e.g. https://ntfy.mydomain.com: %v", err) + } else if u.Scheme != "http" && u.Scheme != "https" { + return errors.New("if set, base-url must be a valid URL starting with http:// or https://, e.g. https://ntfy.mydomain.com") + } else if u.Path != "" { + return fmt.Errorf("if set, base-url must not have a path (%s), as hosting ntfy on a sub-path is not supported, e.g. https://ntfy.mydomain.com", u.Path) + } } else if upstreamBaseURL != "" && !strings.HasPrefix(upstreamBaseURL, "http://") && !strings.HasPrefix(upstreamBaseURL, "https://") { return errors.New("if set, upstream-base-url must start with http:// or https://") } else if upstreamBaseURL != "" && strings.HasSuffix(upstreamBaseURL, "/") { @@ -233,6 +299,11 @@ func execServe(c *cli.Context) error { return errors.New("if stripe-secret-key is set, stripe-webhook-key and base-url must also be set") } else if twilioAccount != "" && (twilioAuthToken == "" || twilioPhoneNumber == "" || twilioVerifyService == "" || baseURL == "" || authFile == "") { return errors.New("if twilio-account is set, twilio-auth-token, twilio-phone-number, twilio-verify-service, base-url, and auth-file must also be set") + } else if messageSizeLimit > server.DefaultMessageSizeLimit { + log.Warn("message-size-limit is greater than 4K, this is not recommended and largely untested, and may lead to issues with some clients") + if messageSizeLimit > 5*1024*1024 { + return errors.New("message-size-limit cannot be higher than 5M") + } } // Backwards compatibility @@ -257,26 +328,6 @@ func execServe(c *cli.Context) error { listenHTTP = "" } - // Convert sizes to bytes - attachmentTotalSizeLimit, err := parseSize(attachmentTotalSizeLimitStr, server.DefaultAttachmentTotalSizeLimit) - if err != nil { - return err - } - attachmentFileSizeLimit, err := parseSize(attachmentFileSizeLimitStr, server.DefaultAttachmentFileSizeLimit) - if err != nil { - return err - } - visitorAttachmentTotalSizeLimit, err := parseSize(visitorAttachmentTotalSizeLimitStr, server.DefaultVisitorAttachmentTotalSizeLimit) - if err != nil { - return err - } - visitorAttachmentDailyBandwidthLimit, err := parseSize(visitorAttachmentDailyBandwidthLimitStr, server.DefaultVisitorAttachmentDailyBandwidthLimit) - if err != nil { - return err - } else if visitorAttachmentDailyBandwidthLimit > math.MaxInt { - return fmt.Errorf("config option visitor-attachment-daily-bandwidth-limit must be lower than %d", math.MaxInt) - } - // Resolve hosts visitorRequestLimitExemptIPs := make([]netip.Prefix, 0) for _, host := range visitorRequestLimitExemptHosts { @@ -337,6 +388,8 @@ func execServe(c *cli.Context) error { conf.TwilioAuthToken = twilioAuthToken conf.TwilioPhoneNumber = twilioPhoneNumber conf.TwilioVerifyService = twilioVerifyService + conf.MessageSizeLimit = int(messageSizeLimit) + conf.MessageDelayMax = messageDelayLimit conf.TotalTopicLimit = totalTopicLimit conf.VisitorSubscriptionLimit = visitorSubscriptionLimit conf.VisitorAttachmentTotalSizeLimit = visitorAttachmentTotalSizeLimit @@ -379,17 +432,6 @@ func execServe(c *cli.Context) error { return nil } -func parseSize(s string, defaultValue int64) (v int64, err error) { - if s == "" { - return defaultValue, nil - } - v, err = util.ParseSize(s) - if err != nil { - return 0, err - } - return v, nil -} - func sigHandlerConfigReload(config string) { sigs := make(chan os.Signal, 1) signal.Notify(sigs, syscall.SIGHUP) diff --git a/cmd/tier.go b/cmd/tier.go index 63b023f9..3b45eaa7 100644 --- a/cmd/tier.go +++ b/cmd/tier.go @@ -366,9 +366,9 @@ func printTier(c *cli.Context, tier *user.Tier) { fmt.Fprintf(c.App.ErrWriter, "- Email limit: %d\n", tier.EmailLimit) fmt.Fprintf(c.App.ErrWriter, "- Phone call limit: %d\n", tier.CallLimit) fmt.Fprintf(c.App.ErrWriter, "- Reservation limit: %d\n", tier.ReservationLimit) - fmt.Fprintf(c.App.ErrWriter, "- Attachment file size limit: %s\n", util.FormatSize(tier.AttachmentFileSizeLimit)) - fmt.Fprintf(c.App.ErrWriter, "- Attachment total size limit: %s\n", util.FormatSize(tier.AttachmentTotalSizeLimit)) + fmt.Fprintf(c.App.ErrWriter, "- Attachment file size limit: %s\n", util.FormatSizeHuman(tier.AttachmentFileSizeLimit)) + fmt.Fprintf(c.App.ErrWriter, "- Attachment total size limit: %s\n", util.FormatSizeHuman(tier.AttachmentTotalSizeLimit)) fmt.Fprintf(c.App.ErrWriter, "- Attachment expiry duration: %s (%d seconds)\n", tier.AttachmentExpiryDuration.String(), int64(tier.AttachmentExpiryDuration.Seconds())) - fmt.Fprintf(c.App.ErrWriter, "- Attachment daily bandwidth limit: %s\n", util.FormatSize(tier.AttachmentBandwidthLimit)) + fmt.Fprintf(c.App.ErrWriter, "- Attachment daily bandwidth limit: %s\n", util.FormatSizeHuman(tier.AttachmentBandwidthLimit)) fmt.Fprintf(c.App.ErrWriter, "- Stripe prices (monthly/yearly): %s\n", prices) } diff --git a/docs/config.md b/docs/config.md index c987c27f..5fc1b6e5 100644 --- a/docs/config.md +++ b/docs/config.md @@ -995,6 +995,15 @@ are the easiest), and then configure the following options: After you have configured phone calls, create a [tier](#tiers) with a call limit (e.g. `ntfy tier create --call-limit=10 ...`), and then assign it to a user. Users may then use the `X-Call` header to receive a phone call when publishing a message. +## Message limits +There are a few message limits that you can configure: + +* `message-size-limit` defines the max size of a message body. Please note message sizes >4K are **not recommended, + and largely untested**. The Android/iOS and other clients may not work, or work properly. If FCM and/or APNS is used, + the limit should stay 4K, because their limits are around that size. If you increase this size limit regardless, + FCM and APNS will NOT work for large messages. +* `message-delay-limit` defines the max delay of a message when using the "Delay" header and [scheduled delivery](publish.md#scheduled-delivery). + ## Rate limiting !!! info Be aware that if you are running ntfy behind a proxy, you must set the `behind-proxy` flag. @@ -1092,8 +1101,8 @@ response if no "rate visitor" has been previously registered. This is to avoid b To enable subscriber-based rate limiting, set `visitor-subscriber-rate-limiting: true`. !!! info - Due to a denial-of-service issue, support for the `Rate-Topics` header was removed entirely. This is unfortunate, - but subscriber-based rate limiting will still work for `up*` topics. + Due to a [denial-of-service issue](https://github.com/binwiederhier/ntfy/issues/1048), support for the `Rate-Topics` + header was removed entirely. This is unfortunate, but subscriber-based rate limiting will still work for `up*` topics. ## Tuning for scale If you're running ntfy for your home server, you probably don't need to worry about scale at all. In its default config, @@ -1391,6 +1400,8 @@ variable before running the `ntfy` command (e.g. `export NTFY_LISTEN_HTTP=:80`). | `twilio-verify-service` | `NTFY_TWILIO_VERIFY_SERVICE` | *string* | - | Twilio Verify service SID, e.g. VA12345beefbeef67890beefbeef122586 | | `keepalive-interval` | `NTFY_KEEPALIVE_INTERVAL` | *duration* | 45s | Interval in which keepalive messages are sent to the client. This is to prevent intermediaries closing the connection for inactivity. Note that the Android app has a hardcoded timeout at 77s, so it should be less than that. | | `manager-interval` | `NTFY_MANAGER_INTERVAL` | *duration* | 1m | Interval in which the manager prunes old messages, deletes topics and prints the stats. | +| `message-size-limit` | `NTFY_MESSAGE_SIZE_LIMIT` | *size* | 4K | The size limit for the message body. Please note that this is largely untested, and that FCM/APNS have limits around 4KB. If you increase this size limit, FCM and APNS will NOT work for large messages. | +| `message-delay-limit` | `NTFY_MESSAGE_DELAY_LIMIT` | *duration* | 3d | Amount of time a message can be [scheduled](publish.md#scheduled-delivery) into the future when using the `Delay` header | | `global-topic-limit` | `NTFY_GLOBAL_TOPIC_LIMIT` | *number* | 15,000 | Rate limiting: Total number of topics before the server rejects new topics. | | `upstream-base-url` | `NTFY_UPSTREAM_BASE_URL` | *URL* | `https://ntfy.sh` | Forward poll request to an upstream server, this is needed for iOS push notifications for self-hosted servers | | `upstream-access-token` | `NTFY_UPSTREAM_ACCESS_TOKEN` | *string* | `tk_zyYLYj...` | Access token to use for the upstream server; needed only if upstream rate limits are exceeded or upstream server requires auth | @@ -1417,7 +1428,7 @@ variable before running the `ntfy` command (e.g. `export NTFY_LISTEN_HTTP=:80`). | `web-push-email-address` | `NTFY_WEB_PUSH_EMAIL_ADDRESS` | *string* | - | Web Push: Sender email address | | `web-push-startup-queries` | `NTFY_WEB_PUSH_STARTUP_QUERIES` | *string* | - | Web Push: SQL queries to run against subscription database at startup | -The format for a *duration* is: `(smh)`, e.g. 30s, 20m or 1h. +The format for a *duration* is: `(smhd)`, e.g. 30s, 20m, 1h or 3d. The format for a *size* is: `(GMK)`, e.g. 1G, 200M or 4000k. ## Command line options @@ -1449,7 +1460,7 @@ OPTIONS: --log-level-overrides value, --log_level_overrides value [ --log-level-overrides value, --log_level_overrides value ] set log level overrides [$NTFY_LOG_LEVEL_OVERRIDES] --log-format value, --log_format value set log format (default: "text") [$NTFY_LOG_FORMAT] --log-file value, --log_file value set log file, default is STDOUT [$NTFY_LOG_FILE] - --config value, -c value config file (default: /etc/ntfy/server.yml) [$NTFY_CONFIG_FILE] + --config value, -c value config file (default: "/etc/ntfy/server.yml") [$NTFY_CONFIG_FILE] --base-url value, --base_url value, -B value externally visible base URL for this host (e.g. https://ntfy.sh) [$NTFY_BASE_URL] --listen-http value, --listen_http value, -l value ip:port used as HTTP listen address (default: ":80") [$NTFY_LISTEN_HTTP] --listen-https value, --listen_https value, -L value ip:port used as HTTPS listen address [$NTFY_LISTEN_HTTPS] @@ -1459,19 +1470,19 @@ OPTIONS: --cert-file value, --cert_file value, -E value certificate file, if listen-https is set [$NTFY_CERT_FILE] --firebase-key-file value, --firebase_key_file value, -F value Firebase credentials file; if set additionally publish to FCM topic [$NTFY_FIREBASE_KEY_FILE] --cache-file value, --cache_file value, -C value cache file used for message caching [$NTFY_CACHE_FILE] - --cache-duration since, --cache_duration since, -b since buffer messages for this time to allow since requests (default: 12h0m0s) [$NTFY_CACHE_DURATION] + --cache-duration since, --cache_duration since, -b since buffer messages for this time to allow since requests (default: "12h") [$NTFY_CACHE_DURATION] --cache-batch-size value, --cache_batch_size value max size of messages to batch together when writing to message cache (if zero, writes are synchronous) (default: 0) [$NTFY_BATCH_SIZE] - --cache-batch-timeout value, --cache_batch_timeout value timeout for batched async writes to the message cache (if zero, writes are synchronous) (default: 0s) [$NTFY_CACHE_BATCH_TIMEOUT] + --cache-batch-timeout value, --cache_batch_timeout value timeout for batched async writes to the message cache (if zero, writes are synchronous) (default: "0s") [$NTFY_CACHE_BATCH_TIMEOUT] --cache-startup-queries value, --cache_startup_queries value queries run when the cache database is initialized [$NTFY_CACHE_STARTUP_QUERIES] --auth-file value, --auth_file value, -H value auth database file used for access control [$NTFY_AUTH_FILE] --auth-startup-queries value, --auth_startup_queries value queries run when the auth database is initialized [$NTFY_AUTH_STARTUP_QUERIES] --auth-default-access value, --auth_default_access value, -p value default permissions if no matching entries in the auth database are found (default: "read-write") [$NTFY_AUTH_DEFAULT_ACCESS] --attachment-cache-dir value, --attachment_cache_dir value cache directory for attached files [$NTFY_ATTACHMENT_CACHE_DIR] - --attachment-total-size-limit value, --attachment_total_size_limit value, -A value limit of the on-disk attachment cache (default: 5G) [$NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT] - --attachment-file-size-limit value, --attachment_file_size_limit value, -Y value per-file attachment size limit (e.g. 300k, 2M, 100M) (default: 15M) [$NTFY_ATTACHMENT_FILE_SIZE_LIMIT] - --attachment-expiry-duration value, --attachment_expiry_duration value, -X value duration after which uploaded attachments will be deleted (e.g. 3h, 20h) (default: 3h) [$NTFY_ATTACHMENT_EXPIRY_DURATION] - --keepalive-interval value, --keepalive_interval value, -k value interval of keepalive messages (default: 45s) [$NTFY_KEEPALIVE_INTERVAL] - --manager-interval value, --manager_interval value, -m value interval of for message pruning and stats printing (default: 1m0s) [$NTFY_MANAGER_INTERVAL] + --attachment-total-size-limit value, --attachment_total_size_limit value, -A value limit of the on-disk attachment cache (default: "5G") [$NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT] + --attachment-file-size-limit value, --attachment_file_size_limit value, -Y value per-file attachment size limit (e.g. 300k, 2M, 100M) (default: "15M") [$NTFY_ATTACHMENT_FILE_SIZE_LIMIT] + --attachment-expiry-duration value, --attachment_expiry_duration value, -X value duration after which uploaded attachments will be deleted (e.g. 3h, 20h) (default: "3h") [$NTFY_ATTACHMENT_EXPIRY_DURATION] + --keepalive-interval value, --keepalive_interval value, -k value interval of keepalive messages (default: "45s") [$NTFY_KEEPALIVE_INTERVAL] + --manager-interval value, --manager_interval value, -m value interval of for message pruning and stats printing (default: "1m") [$NTFY_MANAGER_INTERVAL] --disallowed-topics value, --disallowed_topics value [ --disallowed-topics value, --disallowed_topics value ] topics that are not allowed to be used [$NTFY_DISALLOWED_TOPICS] --web-root value, --web_root value sets root of the web app (e.g. /, or /app), or disables it (disable) (default: "/") [$NTFY_WEB_ROOT] --enable-signup, --enable_signup allows users to sign up via the web app, or API (default: false) [$NTFY_ENABLE_SIGNUP] @@ -1490,16 +1501,18 @@ OPTIONS: --twilio-auth-token value, --twilio_auth_token value Twilio auth token [$NTFY_TWILIO_AUTH_TOKEN] --twilio-phone-number value, --twilio_phone_number value Twilio number to use for outgoing calls [$NTFY_TWILIO_PHONE_NUMBER] --twilio-verify-service value, --twilio_verify_service value Twilio Verify service ID, used for phone number verification [$NTFY_TWILIO_VERIFY_SERVICE] + --message-size-limit value, --message_size_limit value size limit for the message (see docs for limitations) (default: "4K") [$NTFY_MESSAGE_SIZE_LIMIT] + --message-delay-limit value, --message_delay_limit value max duration a message can be scheduled into the future (default: "3d") [$NTFY_MESSAGE_DELAY_LIMIT] --global-topic-limit value, --global_topic_limit value, -T value total number of topics allowed (default: 15000) [$NTFY_GLOBAL_TOPIC_LIMIT] --visitor-subscription-limit value, --visitor_subscription_limit value number of subscriptions per visitor (default: 30) [$NTFY_VISITOR_SUBSCRIPTION_LIMIT] --visitor-attachment-total-size-limit value, --visitor_attachment_total_size_limit value total storage limit used for attachments per visitor (default: "100M") [$NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT] --visitor-attachment-daily-bandwidth-limit value, --visitor_attachment_daily_bandwidth_limit value total daily attachment download/upload bandwidth limit per visitor (default: "500M") [$NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT] --visitor-request-limit-burst value, --visitor_request_limit_burst value initial limit of requests per visitor (default: 60) [$NTFY_VISITOR_REQUEST_LIMIT_BURST] - --visitor-request-limit-replenish value, --visitor_request_limit_replenish value interval at which burst limit is replenished (one per x) (default: 5s) [$NTFY_VISITOR_REQUEST_LIMIT_REPLENISH] + --visitor-request-limit-replenish value, --visitor_request_limit_replenish value interval at which burst limit is replenished (one per x) (default: "5s") [$NTFY_VISITOR_REQUEST_LIMIT_REPLENISH] --visitor-request-limit-exempt-hosts value, --visitor_request_limit_exempt_hosts value hostnames and/or IP addresses of hosts that will be exempt from the visitor request limit [$NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS] --visitor-message-daily-limit value, --visitor_message_daily_limit value max messages per visitor per day, derived from request limit if unset (default: 0) [$NTFY_VISITOR_MESSAGE_DAILY_LIMIT] --visitor-email-limit-burst value, --visitor_email_limit_burst value initial limit of e-mails per visitor (default: 16) [$NTFY_VISITOR_EMAIL_LIMIT_BURST] - --visitor-email-limit-replenish value, --visitor_email_limit_replenish value interval at which burst limit is replenished (one per x) (default: 1h0m0s) [$NTFY_VISITOR_EMAIL_LIMIT_REPLENISH] + --visitor-email-limit-replenish value, --visitor_email_limit_replenish value interval at which burst limit is replenished (one per x) (default: "1h") [$NTFY_VISITOR_EMAIL_LIMIT_REPLENISH] --visitor-subscriber-rate-limiting, --visitor_subscriber_rate_limiting enables subscriber-based rate limiting (default: false) [$NTFY_VISITOR_SUBSCRIBER_RATE_LIMITING] --behind-proxy, --behind_proxy, -P if set, use X-Forwarded-For header to determine visitor IP address (for rate limiting) (default: false) [$NTFY_BEHIND_PROXY] --stripe-secret-key value, --stripe_secret_key value key used for the Stripe API communication, this enables payments [$NTFY_STRIPE_SECRET_KEY] @@ -1512,6 +1525,6 @@ OPTIONS: --web-push-private-key value, --web_push_private_key value private key used for web push notifications [$NTFY_WEB_PUSH_PRIVATE_KEY] --web-push-file value, --web_push_file value file used to store web push subscriptions [$NTFY_WEB_PUSH_FILE] --web-push-email-address value, --web_push_email_address value e-mail address of sender, required to use browser push services [$NTFY_WEB_PUSH_EMAIL_ADDRESS] - --web-push-startup-queries value, --web_push_startup-queries value queries run when the web push database is initialized [$NTFY_WEB_PUSH_STARTUP_QUERIES] + --web-push-startup-queries value, --web_push_startup_queries value queries run when the web push database is initialized [$NTFY_WEB_PUSH_STARTUP_QUERIES] --help, -h show help ``` diff --git a/docs/publish.md b/docs/publish.md index 41370778..41109290 100644 --- a/docs/publish.md +++ b/docs/publish.md @@ -738,9 +738,8 @@ Usage is pretty straight forward. You can set the delivery time using the `X-Del `3h`, `2 days`), or a natural language time string (e.g. `10am`, `8:30pm`, `tomorrow, 3pm`, `Tuesday, 7am`, [and more](https://github.com/olebedev/when)). -As of today, the minimum delay you can set is **10 seconds** and the maximum delay is **3 days**. This can currently -not be configured otherwise ([let me know](https://github.com/binwiederhier/ntfy/issues) if you'd like to change -these limits). +As of today, the minimum delay you can set is **10 seconds** and the maximum delay is **3 days**. This can be configured +with the `message-delay-limit` option). For the purposes of [message caching](config.md#message-cache), scheduled messages are kept in the cache until 12 hours after they were delivered (or whatever the server-side cache duration is set to). For instance, if a message is scheduled diff --git a/docs/releases.md b/docs/releases.md index 3549330b..7285ebba 100644 --- a/docs/releases.md +++ b/docs/releases.md @@ -13,7 +13,7 @@ Many thanks to [@tcaputi](https://github.com/tcaputi) for fixing the issues, and * UI not updating properly ([#267](https://github.com/binwiederhier/ntfy/issues/267)/[#402](https://github.com/binwiederhier/ntfy/issues/402), thanks to [@tcaputi](https://github.com/tcaputi)) -### ntfy server v2.8.0 +## ntfy server v2.8.0 Released November 19, 2023 This release brings a handful of random bug fixes: two unrelated access control list fixes, a fix around web app crashes for languages with underscores in the language code (e.g. `zh_Hant`, `zh_Hans`, `pt_BR`, ...), a workaround for the `Priority` header (often used in Cloudflare setups), and support among others support for HTML-only emails (finally), web app crash fixes @@ -1315,6 +1315,14 @@ and the [ntfy Android app](https://github.com/binwiederhier/ntfy-android/release ### ntfy server v2.9.0 +!!! info + **Breaking change**: The `Rate-Topics` header was removed due to a [DoS issue](https://github.com/binwiederhier/ntfy/issues/1048). This only affects installations with `visitor-subscriber-rate-limiting: true`, which is not the default and likely very rarely used. + +**Features:** + +* Support for larger message delays with `message-delay-limit` (see [message limits](config.md#message-limits), [#1050](https://github.com/binwiederhier/ntfy/pull/1050)/[#1019](https://github.com/binwiederhier/ntfy/issues/1019), thanks to [@MrChadMWood](https://github.com/MrChadMWood) for reporting) +* Support for larger message body sizes with `message-size-limit` (use at your own risk, see [message limits](config.md#message-limits), [#836](https://github.com/binwiederhier/ntfy/pull/836)/[#1050](https://github.com/binwiederhier/ntfy/pull/1050), thanks to [@zhzy0077](https://github.com/zhzy0077) for implementing this, and to [@nkjshlsqja7331](https://github.com/nkjshlsqja7331) for reporting) + **Bug fixes + maintenance:** * Remove `Rate-Topics` header due to DoS security issue if `visitor-subscriber-rate-limiting: true` ([#1048](https://github.com/binwiederhier/ntfy/issues/1048)) diff --git a/server/config.go b/server/config.go index a0cfdcd5..7267ce9d 100644 --- a/server/config.go +++ b/server/config.go @@ -12,11 +12,12 @@ import ( const ( DefaultListenHTTP = ":80" DefaultCacheDuration = 12 * time.Hour + DefaultCacheBatchTimeout = time.Duration(0) DefaultKeepaliveInterval = 45 * time.Second // Not too frequently to save battery (Android read timeout used to be 77s!) DefaultManagerInterval = time.Minute DefaultDelayedSenderInterval = 10 * time.Second - DefaultMinDelay = 10 * time.Second - DefaultMaxDelay = 3 * 24 * time.Hour + DefaultMessageDelayMin = 10 * time.Second + DefaultMessageDelayMax = 3 * 24 * time.Hour DefaultFirebaseKeepaliveInterval = 3 * time.Hour // ~control topic (Android), not too frequently to save battery DefaultFirebasePollInterval = 20 * time.Minute // ~poll topic (iOS), max. 2-3 times per hour (see docs) DefaultFirebaseQuotaExceededPenaltyDuration = 10 * time.Minute // Time that over-users are locked out of Firebase if it returns "quota exceeded" @@ -34,7 +35,7 @@ const ( // - total topic limit: max number of topics overall // - various attachment limits const ( - DefaultMessageLengthLimit = 4096 // Bytes + DefaultMessageSizeLimit = 4096 // Bytes; note that FCM/APNS have a limit of ~4 KB for the entire message DefaultTotalTopicLimit = 15000 DefaultAttachmentTotalSizeLimit = int64(5 * 1024 * 1024 * 1024) // 5 GB DefaultAttachmentFileSizeLimit = int64(15 * 1024 * 1024) // 15 MB @@ -122,9 +123,9 @@ type Config struct { MetricsEnable bool MetricsListenHTTP string ProfileListenHTTP string - MessageLimit int - MinDelay time.Duration - MaxDelay time.Duration + MessageDelayMin time.Duration + MessageDelayMax time.Duration + MessageSizeLimit int TotalTopicLimit int TotalAttachmentSizeLimit int64 VisitorSubscriptionLimit int @@ -211,9 +212,9 @@ func NewConfig() *Config { TwilioPhoneNumber: "", TwilioVerifyBaseURL: "https://verify.twilio.com", // Override for tests TwilioVerifyService: "", - MessageLimit: DefaultMessageLengthLimit, - MinDelay: DefaultMinDelay, - MaxDelay: DefaultMaxDelay, + MessageSizeLimit: DefaultMessageSizeLimit, + MessageDelayMin: DefaultMessageDelayMin, + MessageDelayMax: DefaultMessageDelayMax, TotalTopicLimit: DefaultTotalTopicLimit, TotalAttachmentSizeLimit: 0, VisitorSubscriptionLimit: DefaultVisitorSubscriptionLimit, diff --git a/server/server.go b/server/server.go index aad452ed..f6e39be3 100644 --- a/server/server.go +++ b/server/server.go @@ -733,7 +733,7 @@ func (s *Server) handlePublishInternal(r *http.Request, v *visitor) (*message, e if err != nil { return nil, err } - body, err := util.Peek(r.Body, s.config.MessageLimit) + body, err := util.Peek(r.Body, s.config.MessageSizeLimit) if err != nil { return nil, err } @@ -996,9 +996,9 @@ func (s *Server) parsePublishParams(r *http.Request, m *message) (cache bool, fi delay, err := util.ParseFutureTime(delayStr, time.Now()) if err != nil { return false, false, "", "", false, errHTTPBadRequestDelayCannotParse - } else if delay.Unix() < time.Now().Add(s.config.MinDelay).Unix() { + } else if delay.Unix() < time.Now().Add(s.config.MessageDelayMin).Unix() { return false, false, "", "", false, errHTTPBadRequestDelayTooSmall - } else if delay.Unix() > time.Now().Add(s.config.MaxDelay).Unix() { + } else if delay.Unix() > time.Now().Add(s.config.MessageDelayMax).Unix() { return false, false, "", "", false, errHTTPBadRequestDelayTooLarge } m.Time = delay.Unix() @@ -1754,7 +1754,7 @@ func (s *Server) sendDelayedMessage(v *visitor, m *message) error { // before passing it on to the next handler. This is meant to be used in combination with handlePublish. func (s *Server) transformBodyJSON(next handleFunc) handleFunc { return func(w http.ResponseWriter, r *http.Request, v *visitor) error { - m, err := readJSONWithLimit[publishMessage](r.Body, s.config.MessageLimit*2, false) // 2x to account for JSON format overhead + m, err := readJSONWithLimit[publishMessage](r.Body, s.config.MessageSizeLimit*2, false) // 2x to account for JSON format overhead if err != nil { return err } @@ -1812,7 +1812,7 @@ func (s *Server) transformBodyJSON(next handleFunc) handleFunc { func (s *Server) transformMatrixJSON(next handleFunc) handleFunc { return func(w http.ResponseWriter, r *http.Request, v *visitor) error { - newRequest, err := newRequestFromMatrixJSON(r, s.config.BaseURL, s.config.MessageLimit) + newRequest, err := newRequestFromMatrixJSON(r, s.config.BaseURL, s.config.MessageSizeLimit) if err != nil { logvr(v, r).Tag(tagMatrix).Err(err).Debug("Invalid Matrix request") if e, ok := err.(*errMatrixPushkeyRejected); ok { diff --git a/server/server.yml b/server/server.yml index e9e55e9b..7329d37e 100644 --- a/server/server.yml +++ b/server/server.yml @@ -236,6 +236,16 @@ # upstream-base-url: # upstream-access-token: +# Configures message-specific limits +# +# - message-size-limit defines the max size of a message body. Please note message sizes >4K are NOT RECOMMENDED, +# and largely untested. If FCM and/or APNS is used, the limit should stay 4K, because their limits are around that size. +# If you increase this size limit regardless, FCM and APNS will NOT work for large messages. +# - message-delay-limit defines the max delay of a message when using the "Delay" header. +# +# message-size-limit: "4k" +# message-delay-limit: "3d" + # Rate limiting: Total number of topics before the server rejects new topics. # # global-topic-limit: 15000 diff --git a/server/server_account_test.go b/server/server_account_test.go index 4c269c2f..72ba55c9 100644 --- a/server/server_account_test.go +++ b/server/server_account_test.go @@ -718,11 +718,11 @@ func TestAccount_Reservation_Delete_Messages_And_Attachments(t *testing.T) { require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleUser)) require.Nil(t, s.userManager.AddTier(&user.Tier{ Code: "starter", - MessageLimit: 10, + MessageSizeLimit: 10, })) require.Nil(t, s.userManager.AddTier(&user.Tier{ Code: "pro", - MessageLimit: 20, + MessageSizeLimit: 20, })) require.Nil(t, s.userManager.ChangeTier("phil", "starter")) diff --git a/server/smtp_server.go b/server/smtp_server.go index 467b8ca4..a687f1da 100644 --- a/server/smtp_server.go +++ b/server/smtp_server.go @@ -150,8 +150,8 @@ func (s *smtpSession) Data(r io.Reader) error { return err } body = strings.TrimSpace(body) - if len(body) > conf.MessageLimit { - body = body[:conf.MessageLimit] + if len(body) > conf.MessageSizeLimit { + body = body[:conf.MessageSizeLimit] } m := newDefaultMessage(s.topic, body) subject := strings.TrimSpace(msg.Header.Get("Subject")) diff --git a/server/visitor.go b/server/visitor.go index f8dc416a..d542e773 100644 --- a/server/visitor.go +++ b/server/visitor.go @@ -30,10 +30,10 @@ const ( visitorDefaultCallsLimit = int64(0) ) -// Constants used to convert a tier-user's MessageLimit (see user.Tier) into adequate request limiter +// Constants used to convert a tier-user's MessageSizeLimit (see user.Tier) into adequate request limiter // values (token bucket). This is only used to increase the values in server.yml, never decrease them. // -// Example: Assuming a user.Tier's MessageLimit is 10,000: +// Example: Assuming a user.Tier's MessageSizeLimit is 10,000: // - the allowed burst is 500 (= 10,000 * 5%), which is < 1000 (the max) // - the replenish rate is 2 * 10,000 / 24 hours const ( diff --git a/util/time.go b/util/time.go index 14aa3936..9fbee890 100644 --- a/util/time.go +++ b/util/time.go @@ -10,8 +10,8 @@ import ( ) var ( - errUnparsableTime = errors.New("unable to parse time") - durationStrRegex = regexp.MustCompile(`(?i)^(\d+)\s*(d|days?|h|hours?|m|mins?|minutes?|s|secs?|seconds?)$`) + errInvalidDuration = errors.New("unable to parse duration") + durationStrRegex = regexp.MustCompile(`(?i)^(\d+)\s*(d|days?|h|hours?|m|mins?|minutes?|s|secs?|seconds?)$`) ) const ( @@ -51,7 +51,7 @@ func ParseFutureTime(s string, now time.Time) (time.Time, error) { if err == nil { return t, nil } - return time.Time{}, errUnparsableTime + return time.Time{}, errInvalidDuration } // ParseDuration is like time.ParseDuration, except that it also understands days (d), which @@ -65,7 +65,7 @@ func ParseDuration(s string) (time.Duration, error) { if matches != nil { number, err := strconv.Atoi(matches[1]) if err != nil { - return 0, errUnparsableTime + return 0, errInvalidDuration } switch unit := matches[2][0:1]; unit { case "d": @@ -77,10 +77,28 @@ func ParseDuration(s string) (time.Duration, error) { case "s": return time.Duration(number) * time.Second, nil default: - return 0, errUnparsableTime + return 0, errInvalidDuration } } - return 0, errUnparsableTime + return 0, errInvalidDuration +} + +// FormatDuration formats a time.Duration into a human-readable string, e.g. "2d", "20h", "30m", "40s". +// It rounds to the largest unit that is not zero, thereby effectively rounding down. +func FormatDuration(d time.Duration) string { + if d >= 24*time.Hour { + return strconv.Itoa(int(d/(24*time.Hour))) + "d" + } + if d >= time.Hour { + return strconv.Itoa(int(d/time.Hour)) + "h" + } + if d >= time.Minute { + return strconv.Itoa(int(d/time.Minute)) + "m" + } + if d >= time.Second { + return strconv.Itoa(int(d/time.Second)) + "s" + } + return "0s" } func parseFromDuration(s string, now time.Time) (time.Time, error) { @@ -88,7 +106,7 @@ func parseFromDuration(s string, now time.Time) (time.Time, error) { if err == nil { return now.Add(d), nil } - return time.Time{}, errUnparsableTime + return time.Time{}, errInvalidDuration } func parseUnixTime(s string, now time.Time) (time.Time, error) { @@ -96,7 +114,7 @@ func parseUnixTime(s string, now time.Time) (time.Time, error) { if err != nil { return time.Time{}, err } else if int64(t) < now.Unix() { - return time.Time{}, errUnparsableTime + return time.Time{}, errInvalidDuration } return time.Unix(int64(t), 0).UTC(), nil } @@ -104,7 +122,7 @@ func parseUnixTime(s string, now time.Time) (time.Time, error) { func parseNaturalTime(s string, now time.Time) (time.Time, error) { r, err := when.EN.Parse(s, now) // returns "nil, nil" if no matches! if err != nil || r == nil { - return time.Time{}, errUnparsableTime + return time.Time{}, errInvalidDuration } else if r.Time.After(now) { return r.Time, nil } @@ -112,9 +130,9 @@ func parseNaturalTime(s string, now time.Time) (time.Time, error) { // simply append "tomorrow, " to it. r, err = when.EN.Parse("tomorrow, "+s, now) // returns "nil, nil" if no matches! if err != nil || r == nil { - return time.Time{}, errUnparsableTime + return time.Time{}, errInvalidDuration } else if r.Time.After(now) { return r.Time, nil } - return time.Time{}, errUnparsableTime + return time.Time{}, errInvalidDuration } diff --git a/util/time_test.go b/util/time_test.go index 9cc343fd..e29e5a3b 100644 --- a/util/time_test.go +++ b/util/time_test.go @@ -92,3 +92,27 @@ func TestParseDuration(t *testing.T) { require.Nil(t, err) require.Equal(t, time.Duration(0), d) } + +func TestFormatDuration(t *testing.T) { + values := []struct { + duration time.Duration + expected string + }{ + {24 * time.Second, "24s"}, + {56 * time.Minute, "56m"}, + {time.Hour, "1h"}, + {2 * time.Hour, "2h"}, + {24 * time.Hour, "1d"}, + {3 * 24 * time.Hour, "3d"}, + } + for _, value := range values { + require.Equal(t, value.expected, FormatDuration(value.duration)) + d, err := ParseDuration(FormatDuration(value.duration)) + require.Nil(t, err) + require.Equalf(t, value.duration, d, "duration does not match: %v != %v", value.duration, d) + } +} + +func TestFormatDuration_Rounded(t *testing.T) { + require.Equal(t, "1d", FormatDuration(47*time.Hour)) +} diff --git a/util/util.go b/util/util.go index df0c011c..39bf8798 100644 --- a/util/util.go +++ b/util/util.go @@ -7,6 +7,7 @@ import ( "errors" "fmt" "io" + "math" "math/rand" "net/netip" "os" @@ -215,6 +216,8 @@ func ParseSize(s string) (int64, error) { return -1, fmt.Errorf("cannot convert number %s", matches[1]) } switch strings.ToUpper(matches[2]) { + case "T": + return int64(value) * 1024 * 1024 * 1024 * 1024, nil case "G": return int64(value) * 1024 * 1024 * 1024, nil case "M": @@ -226,8 +229,23 @@ func ParseSize(s string) (int64, error) { } } -// FormatSize formats bytes into a human-readable notation, e.g. 2.1 MB +// FormatSize formats the size in a way that it can be parsed by ParseSize. +// It does not include decimal places. Uneven sizes are rounded down. func FormatSize(b int64) string { + const unit = 1024 + if b < unit { + return fmt.Sprintf("%d", b) + } + div, exp := int64(unit), 0 + for n := b / unit; n >= unit; n /= unit { + div *= unit + exp++ + } + return fmt.Sprintf("%d%c", int(math.Floor(float64(b)/float64(div))), "KMGT"[exp]) +} + +// FormatSizeHuman formats bytes into a human-readable notation, e.g. 2.1 MB +func FormatSizeHuman(b int64) string { const unit = 1024 if b < unit { return fmt.Sprintf("%d bytes", b) @@ -237,7 +255,7 @@ func FormatSize(b int64) string { div *= unit exp++ } - return fmt.Sprintf("%.1f %cB", float64(b)/float64(div), "KMGTPE"[exp]) + return fmt.Sprintf("%.1f %cB", float64(b)/float64(div), "KMGT"[exp]) } // ReadPassword will read a password from STDIN. If the terminal supports it, it will not print the diff --git a/util/util_test.go b/util/util_test.go index f0f45c28..9ddec58d 100644 --- a/util/util_test.go +++ b/util/util_test.go @@ -110,33 +110,47 @@ func TestShortTopicURL(t *testing.T) { func TestParseSize_10GSuccess(t *testing.T) { s, err := ParseSize("10G") - if err != nil { - t.Fatal(err) - } + require.Nil(t, err) require.Equal(t, int64(10*1024*1024*1024), s) } func TestParseSize_10MUpperCaseSuccess(t *testing.T) { s, err := ParseSize("10M") - if err != nil { - t.Fatal(err) - } + require.Nil(t, err) require.Equal(t, int64(10*1024*1024), s) } func TestParseSize_10kLowerCaseSuccess(t *testing.T) { s, err := ParseSize("10k") - if err != nil { - t.Fatal(err) - } + require.Nil(t, err) require.Equal(t, int64(10*1024), s) } func TestParseSize_FailureInvalid(t *testing.T) { _, err := ParseSize("not a size") - if err == nil { - t.Fatalf("expected error, but got none") + require.Error(t, err) +} + +func TestFormatSize(t *testing.T) { + values := []struct { + size int64 + expected string + }{ + {10, "10"}, + {10 * 1024, "10K"}, + {10 * 1024 * 1024, "10M"}, + {10 * 1024 * 1024 * 1024, "10G"}, } + for _, value := range values { + require.Equal(t, value.expected, FormatSize(value.size)) + s, err := ParseSize(FormatSize(value.size)) + require.Nil(t, err) + require.Equalf(t, value.size, s, "size does not match: %d != %d", value.size, s) + } +} + +func TestFormatSize_Rounded(t *testing.T) { + require.Equal(t, "10K", FormatSize(10*1024+999)) } func TestSplitKV(t *testing.T) {