From add22b771a33ec4748fadd7b7ebba8049843eeb8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorben=20G=C3=BCnther?= <admin@xenrox.net>
Date: Thu, 21 Nov 2024 12:21:12 +0100
Subject: [PATCH] Remove default ntfy server setting

Setting this to "https://ntfy.sh" has security implications: If the user
forgets to set his server, but uses the new short form for topics, the
notification will be sent to "ntfy.sh" and could expose information.
---
 config.scfg           | 2 +-
 config/config.go      | 2 --
 config/config_test.go | 1 +
 main.go               | 4 ++++
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/config.scfg b/config.scfg
index 976bede..06afef8 100644
--- a/config.scfg
+++ b/config.scfg
@@ -65,7 +65,7 @@ resolved {
 
 ntfy {
     # URL of the ntfy server.
-    # Default: "https://ntfy.sh"
+    # Default: ""
     server https://ntfy.sh
     # Name of the ntfy topic. For backwards compatibility you can specify the full URL of the
     # topic (e.g. https://ntfy.sh/alertmanager-alerts) and the server will be parsed from it.
diff --git a/config/config.go b/config/config.go
index ce6ed8e..61ae18a 100644
--- a/config/config.go
+++ b/config/config.go
@@ -430,8 +430,6 @@ func Read(path string) (*Config, error) {
 	config.LogFormat = "text"
 	config.AlertMode = Multi
 
-	config.Ntfy.Server = "https://ntfy.sh"
-
 	config.Cache.Type = "disabled"
 	config.Cache.Duration = time.Hour * 24
 	// memory
diff --git a/config/config_test.go b/config/config_test.go
index 872053d..1b35364 100644
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -47,6 +47,7 @@ resolved {
 }
 
 ntfy {
+    server https://ntfy.sh
     topic https://ntfy.sh/alertmanager-alerts
     certificate-fingerprint 13:6D:2B:88:9C:57:36:D0:81:B4:B2:9C:79:09:27:62:92:CF:B8:6A:6B:D3:AD:46:35:CB:70:17:EB:99:6E:28:08:2A:B8:C6:79:4B:F6:2E:81:79:41:98:1D:53:C8:07:B3:5C:24:5F:B1:8E:B6:FB:66:B5:DD:B4:D0:5C:29:91
     user user
diff --git a/main.go b/main.go
index e6c61ec..96bda73 100644
--- a/main.go
+++ b/main.go
@@ -637,6 +637,10 @@ func (br *bridge) topicURL(topic string) (string, error) {
 		return topic, nil
 	}
 
+	if br.cfg.Ntfy.Server == "" {
+		return "", errors.New("cannot set topic: no ntfy server set")
+	}
+
 	s, err := url.JoinPath(br.cfg.Ntfy.Server, topic)
 	if err != nil {
 		return "", err