Add disable option to web-root

[Curid]

Closes #238

[binwiederhier]

LGTM

1. Can you add docs? Mostly the table, I don't think we need a special section for this in the config docs; just the table(s) are enough.
2. And the server.yml entry
3. And maybe a quick test for it.

Thanks

[binwiederhier]

Can you name this WebEnabled instead and make it true by default? That will invert the if statements.

[binwiederhier]

Can you call this flag disable-web?

[Curid]

I didn't realize the flag didn't need to have the same name as the variable.

[binwiederhier]

Actually. Darn. This is tricky. Because this is the server.yml file config option. I wanted to name it web-enabled, but boolean flags with a true default don't work. I don't know how to solve this.

[Curid]

Added docs and tests, my editor uses gofumpt btw.

[binwiederhier]

You're gonna hate me for this, but what about this: why not make the web-root option have three possible states:

• app -- / app root
• home -- / is landing page, /app is app root
• disabled -- web app and home are entirely disabled (NEW)

You could turn the WebRootIsApp config param into WebRoot.

My reasoning is this: I hate having new parameters. And I also hate having a parameter called "disable-x". While that's okay in the CLI, it's super weird in yml.

What do you think?

[binwiederhier]

Looks great. Thank you for your contribution!

[tokenwizard]

Hey @Curid, fancy finding you on this project, too.
Am I missing something here? I just want to disable the webui and just use CLI/API and the Mobile Apps.
I have my server.yml like this but I can still access the webui anonymously.

Running via Docker method.

Here is my docker-compose.yml:

version: "2.3"

services:
  ntfy:
    image: binwiederhier/ntfy
    container_name: ntfy
    command:
      - serve
    environment:
      - TZ=America/New_York    # optional: set desired timezone
    volumes:
      - ./var/cache/ntfy:/var/cache/ntfy
      - ./etc/ntfy:/etc/ntfy
      - ./server.yml:/etc/ntfy/server.yml
      - ./var/lib/ntfy:/var/lib/ntfy
    ports:
      - 80:80
    healthcheck: # optional: remember to adapt the host:port to your environment
        test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:80/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"]
        interval: 60s
        timeout: 10s
        retries: 3
        start_period: 40s
    restart: unless-stopped

Here is the web-root section of my server.yml:

I could be wrong, but it seems I can anonymously access the webui and even the Settings. I am even able to delete my "james" user anonymously, with no authentication required to do so.

I would expect only an Admin to have that level of access.

[tokenwizard]

I think I see now. With the option set to "disable" the root url does throw a 404 error. Adding /app top the end still loads the webui. But the Users don't show in the webui if I load it on another device, so it only shows my "james" user because that is stored locally int he web browser.

Sound about right?

[wunter8]

If adding /app at the end of the URL still loads the web app when it's set to disable, that is probably a bug.

But yes, you are correct about the local storage. The web app is just a simple client (like the Android app): you can open it and look around, but you cannot publish/subscribe to topics unless you put in auth credentials