README.md

@@ -22,7 +22,7 @@ ntfy-alertmanager has support for setting ntfy [priority], [tags], [icon], [acti
 (which can be used to create an Alertmanager silence), [email notifications] and [phone calls].
 Define a decreasing order of labels in the config file and map those labels to tags, priority, an icon or an email address.
 
--   For priority and icon the first found value will be chosen. Settings for "resolved" alerts will take precedence.
+-   For priority and icon the first found value will be chosen. An icon for "resolved" alerts will take precedence.
 -   Tags are added together.
 
 ### Alertmanager config

config.scfg

@@ -40,7 +40,6 @@ labels {
 resolved {
     tags "resolved,partying_face"
     icon "https://foo.com/resolved.png"
-    priority 1
 }
 
 ntfy {
@@ -54,10 +53,7 @@ ntfy {
     access-token foobar
     # When using (self signed) certificates that cannot be verified, you can instead specify
     # the SHA512 fingerprint.
-    # openssl can be used to obtain it:
+    certificate-fingerprint 136d2b889c5736d081b4b29c7909276292cfb86a6bd3ad4635cb7017eb996e28082ab8c6794bf62e817941981d53c807b35c245fb18eb6fb66b5ddb4d05c299
-    # openssl s_client -connect HOST:PORT | openssl x509 -fingerprint -sha512 -noout
-    # For convenience ntfy-alertmanager will convert the certificate to lower case and remove all colons.
-    certificate-fingerprint 13:6D:2B:88:9C:57:36:D0:81:B4:B2:9C:79:09:27:62:92:CF:B8:6A:6B:D3:AD:46:35:CB:70:17:EB:99:6E:28:08:2A:B8:C6:79:4B:F6:2E:81:79:41:98:1D:53:C8:07:B3:5C:24:5F:B1:8E:B6:FB:66:B5:DD:B4:D0:5C:29:91
     # Forward all messages to the specified email address.
     email-address foo@bar.com
     # Call the specified number for all alerts. Use `yes` to pick the first of your verified numbers.

config/config.go

@@ -77,9 +77,8 @@ type alertmanagerConfig struct {
 }
 
 type resolvedConfig struct {
-	Tags     []string
+	Tags []string
-	Icon     string
+	Icon string
-	Priority string
 }
 
 // ReadConfig reads an scfg formatted file and returns the configuration struct.
@@ -284,9 +283,6 @@ func ReadConfig(path string) (*Config, error) {
 		if err := d.ParseParams(&config.Ntfy.CertFingerprint); err != nil {
 			return nil, err
 		}
-
-		// hex.EncodeToString outputs a lower case string
-		config.Ntfy.CertFingerprint = strings.ToLower(strings.ReplaceAll(config.Ntfy.CertFingerprint, ":", ""))
 	}
 
 	d = ntfyDir.Children.Get("email-address")
@@ -416,13 +412,6 @@ func ReadConfig(path string) (*Config, error) {
 				return nil, err
 			}
 		}
-
-		d = resolvedDir.Children.Get("priority")
-		if d != nil {
-			if err := d.ParseParams(&config.Resolved.Priority); err != nil {
-				return nil, err
-			}
-		}
 	}
 
 	return config, nil

config/config_test.go

@@ -41,12 +41,11 @@ labels {
 resolved {
     tags "resolved,partying_face"
     icon "https://foo.com/resolved.png"
-    priority 1
 }
 
 ntfy {
     topic https://ntfy.sh/alertmanager-alerts
-    certificate-fingerprint 13:6D:2B:88:9C:57:36:D0:81:B4:B2:9C:79:09:27:62:92:CF:B8:6A:6B:D3:AD:46:35:CB:70:17:EB:99:6E:28:08:2A:B8:C6:79:4B:F6:2E:81:79:41:98:1D:53:C8:07:B3:5C:24:5F:B1:8E:B6:FB:66:B5:DD:B4:D0:5C:29:91
+    certificate-fingerprint 136d2b889c5736d081b4b29c7909276292cfb86a6bd3ad4635cb7017eb996e28082ab8c6794bf62e817941981d53c807b35c245fb18eb6fb66b5ddb4d05c299
     user user
     password pass
 }
@@ -77,7 +76,7 @@ cache {
 			Topic:           "https://ntfy.sh/alertmanager-alerts",
 			User:            "user",
 			Password:        "pass",
-			CertFingerprint: "136d2b889c5736d081b4b29c7909276292cfb86a6bd3ad4635cb7017eb996e28082ab8c6794bf62e817941981d53c807b35c245fb18eb6fb66b5ddb4d05c2991",
+			CertFingerprint: "136d2b889c5736d081b4b29c7909276292cfb86a6bd3ad4635cb7017eb996e28082ab8c6794bf62e817941981d53c807b35c245fb18eb6fb66b5ddb4d05c299",
 		},
 		Labels: labels{Order: []string{"severity", "instance"},
 			Label: map[string]labelConfig{
@@ -105,9 +104,8 @@ cache {
 			URL:             "https://alertmanager.xenrox.net",
 		},
 		Resolved: resolvedConfig{
-			Tags:     []string{"resolved", "partying_face"},
+			Tags: []string{"resolved", "partying_face"},
-			Icon:     "https://foo.com/resolved.png",
+			Icon: "https://foo.com/resolved.png",
-			Priority: "1",
 		},
 	}
 

main.go

@@ -117,7 +117,6 @@ func (br *bridge) singleAlertNotifications(p *payload) []*notification {
 		if alert.Status == "resolved" {
 			tags = append(tags, br.cfg.Resolved.Tags...)
 			n.icon = br.cfg.Resolved.Icon
-			n.priority = br.cfg.Resolved.Priority
 		}
 
 		n.emailAddress = br.cfg.Ntfy.EmailAddress
@@ -227,7 +226,6 @@ func (br *bridge) multiAlertNotification(p *payload) *notification {
 	if p.Status == "resolved" {
 		tags = append(tags, br.cfg.Resolved.Tags...)
 		n.icon = br.cfg.Resolved.Icon
-		n.priority = br.cfg.Resolved.Priority
 	}
 
 	n.emailAddress = br.cfg.Ntfy.EmailAddress
@@ -351,14 +349,7 @@ func (br *bridge) publish(n *notification) error {
 			}
 
 			hash := sha512.Sum512(rawCerts[0])
-			var expectedFingerprint string
+			return fmt.Errorf("ntfy certificate fingerprint does not match: expected %q, got %q", hex.EncodeToString(hash[:]), configFingerprint)
-			for i, b := range hash {
-				if i != 0 {
-					expectedFingerprint += ":"
-				}
-				expectedFingerprint += fmt.Sprintf("%02X", b)
-			}
-			return fmt.Errorf("the ntfy certificate fingerprint (%s) is not set in the config", expectedFingerprint)
 		}
 
 		tlsCfg.InsecureSkipVerify = true
@@ -386,6 +377,8 @@ func (br *bridge) publish(n *notification) error {
 }
 
 func (br *bridge) handleWebhooks(w http.ResponseWriter, r *http.Request) {
+	defer r.Body.Close()
+
 	logger := br.logger.With(slog.String("handler", "/"))
 
 	if r.Method != http.MethodPost {
@@ -403,7 +396,6 @@ func (br *bridge) handleWebhooks(w http.ResponseWriter, r *http.Request) {
 
 	var event payload
 	if err := json.NewDecoder(r.Body).Decode(&event); err != nil {
-		http.Error(w, "Failed to parse payload", http.StatusInternalServerError)
 		logger.Debug("Failed to decode payload",
 			slog.String("error", err.Error()))
 		return

silence.go

@@ -38,6 +38,8 @@ type silenceResponse struct {
 }
 
 func (br *bridge) handleSilences(w http.ResponseWriter, r *http.Request) {
+	defer r.Body.Close()
+
 	logger := br.logger.With(slog.String("handler", "/silences"))
 
 	if r.Method != http.MethodPost {