readme: Update explanation for resolved alerts

Priority is supported as well.
Run gofmt
2023-09-28 13:48:14 +02:00 · 2023-09-28 13:42:49 +02:00 · 2023-09-28 13:41:23 +02:00 · 2023-09-28 13:05:28 +02:00 · 2023-09-28 12:59:10 +02:00 · 2023-09-22 22:35:16 +02:00
6 changed files with 36 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -22,7 +22,7 @@ ntfy-alertmanager has support for setting ntfy [priority], [tags], [icon], [acti
 (which can be used to create an Alertmanager silence), [email notifications] and [phone calls].
 Define a decreasing order of labels in the config file and map those labels to tags, priority, an icon or an email address.

-   For priority and icon the first found value will be chosen. An icon for "resolved" alerts will take precedence.
+-   For priority and icon the first found value will be chosen. Settings for "resolved" alerts will take precedence.
 -   Tags are added together.

 ### Alertmanager config
--- a/config.scfg
+++ b/config.scfg
@ -40,6 +40,7 @@ labels {
 resolved {
    tags "resolved,partying_face"
    icon "https://foo.com/resolved.png"
+    priority 1
 }

 ntfy {
@ -53,7 +54,10 @@ ntfy {
    access-token foobar
    # When using (self signed) certificates that cannot be verified, you can instead specify
    # the SHA512 fingerprint.
-    certificate-fingerprint 136d2b889c5736d081b4b29c7909276292cfb86a6bd3ad4635cb7017eb996e28082ab8c6794bf62e817941981d53c807b35c245fb18eb6fb66b5ddb4d05c299
+    # openssl can be used to obtain it:
+    # openssl s_client -connect HOST:PORT | openssl x509 -fingerprint -sha512 -noout
+    # For convenience ntfy-alertmanager will convert the certificate to lower case and remove all colons.
+    certificate-fingerprint 13:6D:2B:88:9C:57:36:D0:81:B4:B2:9C:79:09:27:62:92:CF:B8:6A:6B:D3:AD:46:35:CB:70:17:EB:99:6E:28:08:2A:B8:C6:79:4B:F6:2E:81:79:41:98:1D:53:C8:07:B3:5C:24:5F:B1:8E:B6:FB:66:B5:DD:B4:D0:5C:29:91
    # Forward all messages to the specified email address.
    email-address foo@bar.com
    # Call the specified number for all alerts. Use `yes` to pick the first of your verified numbers.
--- a/config/config.go
+++ b/config/config.go
@ -77,8 +77,9 @@ type alertmanagerConfig struct {
 }

 type resolvedConfig struct {
-	Tags []string
-	Icon string
+	Tags     []string
+	Icon     string
+	Priority string
 }

 // ReadConfig reads an scfg formatted file and returns the configuration struct.
@ -283,6 +284,9 @@ func ReadConfig(path string) (*Config, error) {
 		if err := d.ParseParams(&config.Ntfy.CertFingerprint); err != nil {
 			return nil, err
 		}
+
+		// hex.EncodeToString outputs a lower case string
+		config.Ntfy.CertFingerprint = strings.ToLower(strings.ReplaceAll(config.Ntfy.CertFingerprint, ":", ""))
 	}

 	d = ntfyDir.Children.Get("email-address")
@ -412,6 +416,13 @@ func ReadConfig(path string) (*Config, error) {
 				return nil, err
 			}
 		}
+
+		d = resolvedDir.Children.Get("priority")
+		if d != nil {
+			if err := d.ParseParams(&config.Resolved.Priority); err != nil {
+				return nil, err
+			}
+		}
 	}

 	return config, nil
--- a/config/config_test.go
+++ b/config/config_test.go
@ -41,11 +41,12 @@ labels {
 resolved {
    tags "resolved,partying_face"
    icon "https://foo.com/resolved.png"
+    priority 1
 }

 ntfy {
    topic https://ntfy.sh/alertmanager-alerts
-    certificate-fingerprint 136d2b889c5736d081b4b29c7909276292cfb86a6bd3ad4635cb7017eb996e28082ab8c6794bf62e817941981d53c807b35c245fb18eb6fb66b5ddb4d05c299
+    certificate-fingerprint 13:6D:2B:88:9C:57:36:D0:81:B4:B2:9C:79:09:27:62:92:CF:B8:6A:6B:D3:AD:46:35:CB:70:17:EB:99:6E:28:08:2A:B8:C6:79:4B:F6:2E:81:79:41:98:1D:53:C8:07:B3:5C:24:5F:B1:8E:B6:FB:66:B5:DD:B4:D0:5C:29:91
    user user
    password pass
 }
@ -76,7 +77,7 @@ cache {
 			Topic:           "https://ntfy.sh/alertmanager-alerts",
 			User:            "user",
 			Password:        "pass",
-			CertFingerprint: "136d2b889c5736d081b4b29c7909276292cfb86a6bd3ad4635cb7017eb996e28082ab8c6794bf62e817941981d53c807b35c245fb18eb6fb66b5ddb4d05c299",
+			CertFingerprint: "136d2b889c5736d081b4b29c7909276292cfb86a6bd3ad4635cb7017eb996e28082ab8c6794bf62e817941981d53c807b35c245fb18eb6fb66b5ddb4d05c2991",
 		},
 		Labels: labels{Order: []string{"severity", "instance"},
 			Label: map[string]labelConfig{
@ -104,8 +105,9 @@ cache {
 			URL:             "https://alertmanager.xenrox.net",
 		},
 		Resolved: resolvedConfig{
-			Tags: []string{"resolved", "partying_face"},
-			Icon: "https://foo.com/resolved.png",
+			Tags:     []string{"resolved", "partying_face"},
+			Icon:     "https://foo.com/resolved.png",
+			Priority: "1",
 		},
 	}

--- a/main.go
+++ b/main.go
@ -117,6 +117,7 @@ func (br *bridge) singleAlertNotifications(p *payload) []*notification {
 		if alert.Status == "resolved" {
 			tags = append(tags, br.cfg.Resolved.Tags...)
 			n.icon = br.cfg.Resolved.Icon
+			n.priority = br.cfg.Resolved.Priority
 		}

 		n.emailAddress = br.cfg.Ntfy.EmailAddress
@ -226,6 +227,7 @@ func (br *bridge) multiAlertNotification(p *payload) *notification {
 	if p.Status == "resolved" {
 		tags = append(tags, br.cfg.Resolved.Tags...)
 		n.icon = br.cfg.Resolved.Icon
+		n.priority = br.cfg.Resolved.Priority
 	}

 	n.emailAddress = br.cfg.Ntfy.EmailAddress
@ -349,7 +351,14 @@ func (br *bridge) publish(n *notification) error {
 			}

 			hash := sha512.Sum512(rawCerts[0])
-			return fmt.Errorf("ntfy certificate fingerprint does not match: expected %q, got %q", hex.EncodeToString(hash[:]), configFingerprint)
+			var expectedFingerprint string
+			for i, b := range hash {
+				if i != 0 {
+					expectedFingerprint += ":"
+				}
+				expectedFingerprint += fmt.Sprintf("%02X", b)
+			}
+			return fmt.Errorf("the ntfy certificate fingerprint (%s) is not set in the config", expectedFingerprint)
 		}

 		tlsCfg.InsecureSkipVerify = true
@ -377,8 +386,6 @@ func (br *bridge) publish(n *notification) error {
 }

 func (br *bridge) handleWebhooks(w http.ResponseWriter, r *http.Request) {
-	defer r.Body.Close()
-
 	logger := br.logger.With(slog.String("handler", "/"))

 	if r.Method != http.MethodPost {
@ -396,6 +403,7 @@ func (br *bridge) handleWebhooks(w http.ResponseWriter, r *http.Request) {

 	var event payload
 	if err := json.NewDecoder(r.Body).Decode(&event); err != nil {
+		http.Error(w, "Failed to parse payload", http.StatusInternalServerError)
 		logger.Debug("Failed to decode payload",
 			slog.String("error", err.Error()))
 		return
--- a/silence.go
+++ b/silence.go
@ -38,8 +38,6 @@ type silenceResponse struct {
 }

 func (br *bridge) handleSilences(w http.ResponseWriter, r *http.Request) {
-	defer r.Body.Close()
-
 	logger := br.logger.With(slog.String("handler", "/silences"))

 	if r.Method != http.MethodPost {
Author	SHA1	Message	Date
Thorben Günther	e1ae4d2e43	readme: Update explanation for resolved alerts Priority is supported as well.	2023-09-28 13:48:14 +02:00
Thorben Günther	8868bfa20d	Run gofmt	2023-09-28 13:42:49 +02:00
Thorben Günther	9a030f2902	config: Fix test	2023-09-28 13:41:23 +02:00
Jackson Chen	9b4b135a39	implement priority for resolved alerts	2023-09-28 13:05:28 +02:00
Thorben Günther	3baffc9bef	Send HTTP error code when failing to decode payload	2023-09-28 12:59:10 +02:00
Thorben Günther	d2eef546d5	Remove unnecessary Body.close() calls The server will close those.	2023-09-22 22:35:16 +02:00
Thorben Günther	86afe915f3	publish: Move fingerprint conversion to config parsing We only really need to do it once, not every time a new message gets published.	2023-08-28 00:36:41 +02:00
Thorben Günther	1abacacab4	publish: Improve certificate fingerprint output	2023-08-27 16:53:19 +02:00
Thorben Günther	8f28182111	config.scfg: Add instructions to obtain cert fingerprint	2023-08-25 22:46:41 +02:00
Thorben Günther	ad2bc1fd89	publish: Improve certificate verification Remove colons and convert to lower case. hex.EncodeToString outputs a lower case string.	2023-08-25 22:36:00 +02:00