// A bridge between ntfy and Alertmanager package main import ( "crypto/sha512" "crypto/subtle" _ "embed" "encoding/base64" "encoding/json" "flag" "fmt" "net/http" "os" "strings" "time" "git.xenrox.net/~xenrox/go-log" "golang.org/x/text/cases" "golang.org/x/text/language" ) //go:generate sh -c "git describe --long > version.txt" //go:embed version.txt var version string type receiver struct { cfg *config logger *log.Logger } type payload struct { Status string `json:"status"` Alerts []alert `json:"alerts"` GroupLabels map[string]interface{} `json:"groupLabels"` CommonLabels map[string]interface{} `json:"commonLabels"` CommonAnnotations map[string]interface{} `json:"commonAnnotations"` } type alert struct { Status string `json:"status"` Labels map[string]interface{} `json:"labels"` Annotations map[string]interface{} `json:"annotations"` } type notification struct { title string body string priority string tags string } func (rcv *receiver) singleAlertNotifications(p *payload) []*notification { var notifications []*notification for _, alert := range p.Alerts { n := new(notification) // create title n.title = fmt.Sprintf("[%s]", strings.ToUpper(alert.Status)) if name, ok := alert.Labels["alertname"]; ok { n.title = fmt.Sprintf("%s %s", n.title, name) } for _, value := range p.GroupLabels { n.title = fmt.Sprintf("%s %s", n.title, value) } // create body n.body = "Labels:\n" for key, value := range alert.Labels { n.body = fmt.Sprintf("%s%s = %s\n", n.body, key, value) } n.body += "\nAnnotations:\n" for key, value := range alert.Annotations { n.body = fmt.Sprintf("%s%s = %s\n", n.body, key, value) } var tags []string for _, labelName := range rcv.cfg.labels.Order { val, ok := alert.Labels[labelName] if !ok { continue } labelConfig, ok := rcv.cfg.labels.Label[fmt.Sprintf("%s:%s", labelName, val)] if !ok { continue } if n.priority == "" { n.priority = labelConfig.Priority } for _, val := range labelConfig.Tags { if !sliceContains(tags, val) { tags = append(tags, val) } } } n.tags = strings.Join(tags, ",") notifications = append(notifications, n) } return notifications } func (rcv *receiver) multiAlertNotification(p *payload) *notification { n := new(notification) // create title count := len(p.Alerts) title := fmt.Sprintf("[%s", strings.ToUpper(p.Status)) if p.Status == "firing" { title = fmt.Sprintf("%s:%d", title, count) } title += "]" for _, value := range p.GroupLabels { title = fmt.Sprintf("%s %s", title, value) } n.title = title // create body var body string c := cases.Title(language.English) for _, alert := range p.Alerts { alertBody := fmt.Sprintf("%s\nLabels:\n", c.String(alert.Status)) for key, value := range alert.Labels { alertBody = fmt.Sprintf("%s%s = %s\n", alertBody, key, value) } alertBody += "Annotations:\n" for key, value := range alert.Annotations { alertBody = fmt.Sprintf("%s%s = %s\n", alertBody, key, value) } alertBody += "\n" body += alertBody } n.body = body var priority string var tags []string for _, labelName := range rcv.cfg.labels.Order { val, ok := p.CommonLabels[labelName] if !ok { continue } labelConfig, ok := rcv.cfg.labels.Label[fmt.Sprintf("%s:%s", labelName, val)] if !ok { continue } if priority == "" { priority = labelConfig.Priority } for _, val := range labelConfig.Tags { if !sliceContains(tags, val) { tags = append(tags, val) } } } tagString := strings.Join(tags, ",") n.priority = priority n.tags = tagString return n } func (rcv *receiver) publish(n *notification) error { client := &http.Client{Timeout: time.Second * 3} req, err := http.NewRequest(http.MethodPost, rcv.cfg.ntfy.Topic, strings.NewReader(n.body)) if err != nil { return err } // Basic auth if rcv.cfg.ntfy.Password != "" && rcv.cfg.ntfy.User != "" { auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", rcv.cfg.ntfy.User, rcv.cfg.ntfy.Password))) req.Header.Set("Authorization", fmt.Sprintf("Basic %s", auth)) } req.Header.Set("X-Title", n.title) if n.priority != "" { req.Header.Set("X-Priority", n.priority) } if n.tags != "" { req.Header.Set("X-Tags", n.tags) } resp, err := client.Do(req) if err != nil { return err } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { return fmt.Errorf("ntfy: received status code %d", resp.StatusCode) } return nil } func (rcv *receiver) handleWebhooks(w http.ResponseWriter, r *http.Request) { defer r.Body.Close() if r.Method != http.MethodPost { http.Error(w, "Only POST allowed", http.StatusMethodNotAllowed) rcv.logger.Debugf("illegal HTTP method: expected %q, got %q", "POST", r.Method) return } contentType := r.Header.Get("Content-Type") if contentType != "application/json" { http.Error(w, "Only application/json allowed", http.StatusUnsupportedMediaType) rcv.logger.Debugf("illegal content type: %s", contentType) return } var event payload if err := json.NewDecoder(r.Body).Decode(&event); err != nil { rcv.logger.Debug(err) return } if rcv.cfg.alertMode == single { notifications := rcv.singleAlertNotifications(&event) for _, n := range notifications { err := rcv.publish(n) if err != nil { rcv.logger.Errorf("Failed to publish notification: %v", err) } } } else { notification := rcv.multiAlertNotification(&event) err := rcv.publish(notification) if err != nil { rcv.logger.Errorf("Failed to publish notification: %v", err) } } } func (rcv *receiver) basicAuthMiddleware(handler http.HandlerFunc) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user, pass, ok := r.BasicAuth() if !ok { rcv.logger.Debug("basic auth failure") return } inputUserHash := sha512.Sum512([]byte(user)) inputPassHash := sha512.Sum512([]byte(pass)) configUserHash := sha512.Sum512([]byte(rcv.cfg.User)) configPassHash := sha512.Sum512([]byte(rcv.cfg.Password)) validUser := subtle.ConstantTimeCompare(inputUserHash[:], configUserHash[:]) validPass := subtle.ConstantTimeCompare(inputPassHash[:], configPassHash[:]) if validUser != 1 || validPass != 1 { http.Error(w, "Unauthorized", http.StatusUnauthorized) rcv.logger.Debug("basic auth: wrong user or password") return } handler(w, r) } } func main() { var configPath string flag.StringVar(&configPath, "config", "/etc/ntfy-alertmanager/config", "config file path") var showVersion bool flag.BoolVar(&showVersion, "version", false, "Show version and exit") flag.Parse() if showVersion { fmt.Println(version) os.Exit(0) } logger := log.NewDefaultLogger() cfg, err := readConfig(configPath) if err != nil { logger.Fatalf("config: %v", err) } if err := logger.SetLevelFromString(cfg.LogLevel); err != nil { logger.Errorf("config: %v", err) } receiver := &receiver{cfg: cfg, logger: logger} logger.Infof("Listening on %s, ntfy-alertmanager %s", cfg.HTTPAddress, version) if cfg.User != "" && cfg.Password != "" { logger.Info("Enabling HTTP Basic Authentication") http.HandleFunc("/", receiver.basicAuthMiddleware(receiver.handleWebhooks)) } else { http.HandleFunc("/", receiver.handleWebhooks) } logger.Fatal(http.ListenAndServe(cfg.HTTPAddress, nil)) }