thelounge-plugin-ntfy 1.1.0 → 1.3.0

package/README.md

@@ -1,5 +1,8 @@
 # The Lounge ntfy Plugin
 
+![NPM Version](https://img.shields.io/npm/v/thelounge-plugin-ntfy?style=for-the-badge)
+![NPM Downloads](https://img.shields.io/npm/dy/thelounge-plugin-ntfy?style=for-the-badge)
+
 A plugin for [The Lounge](https://thelounge.chat/) that sends a message to an [ntfy](https://ntfy.sh/) server whenever you are mentioned in a chat.
 
 ## Installation
@@ -41,6 +44,14 @@ To start/stop sending push notifications in the desired network, enter:
 /ntfy start/stop
 ```
 
+## Private Messages
+
+By default, you will only be notified when you are mentioned, **this includes messages sent privately to you**. If you want to be notified of all private messages, enter this command and start the notifier like usual:
+
+```
+/ntfy config set config.notify_on_private_messages true
+```
+
 ## License
 
 This plugin is licensed under [MIT](https://opensource.org/license/mit)

package/docker-compose.yml

@@ -8,3 +8,10 @@ services:
     restart: unless-stopped
     volumes:
       - $PWD/tl:/var/opt/thelounge
+      - $PWD/src:/var/opt/thelounge/packages/thelounge-plugin-ntfy/src
+      - $PWD/index.js:/var/opt/thelounge/packages/thelounge-plugin-ntfy/index.js
+      - $PWD/package.json:/var/opt/thelounge/packages/thelounge-plugin-ntfy/package.json
+      - $PWD/package-lock.json:/var/opt/thelounge/packages/thelounge-plugin-ntfy/package-lock.json
+
+# Installation: su node -c "thelounge install file:/var/opt/thelounge/packages/thelounge-plugin-ntfy"
+# Removal: su node -c "thelounge uninstall thelounge-plugin-ntfy"

package/index.js

@@ -22,17 +22,17 @@ const ntfyCommand = {
       say(`/${command} start - Start the ntfy listener for this network`);
       say(`/${command} stop - Stop the ntfy listener for this network`);
       say(
-        `/${command} status - Show the ntfy listener status for this network`
+        `/${command} status - Show the ntfy listener status for this network`,
       );
       say(`/${command} test - Send a test notification`);
       say(
-        `/${command} config set <setting_key> <setting_value> - Set a configuration setting`
+        `/${command} config set <setting_key> <setting_value> - Set a configuration setting`,
       );
       say(
-        `/${command} config remove <setting_key> - Set configuration setting to null`
+        `/${command} config remove <setting_key> - Set configuration setting to null`,
       );
       say(
-        `/${command} config print - Print the current configuration with warnings if any`
+        `/${command} config print - Print the current configuration with warnings if any`,
       );
     };
 
@@ -197,7 +197,7 @@ const ntfyCommand = {
             const response = saveUserSetting(
               client.client.name,
               settingKey,
-              settingValue
+              settingValue,
             );
 
             say(response);
@@ -217,7 +217,7 @@ const ntfyCommand = {
             const response = saveUserSetting(
               client.client.name,
               settingKey,
-              null
+              null,
             );
 
             say(response);
@@ -228,6 +228,8 @@ const ntfyCommand = {
           case "print": {
             const [userConfig, errors] = loadUserConfig(client.client.name);
 
+            const sensitiveKeys = new Set(["ntfy.password", "ntfy.token"]);
+
             const printConfig = (obj, parentKey = "") => {
               for (const key in obj) {
                 const value = obj[key];
@@ -235,6 +237,8 @@ const ntfyCommand = {
 
                 if (typeof value === "object" && value !== null) {
                   printConfig(value, fullKey);
+                } else if (sensitiveKeys.has(fullKey) && value) {
+                  say(`${fullKey}=********`);
                 } else {
                   say(`${fullKey}=${value}`);
                 }
@@ -257,7 +261,7 @@ const ntfyCommand = {
               userConfig.ntfy.password
             ) {
               say(
-                "Warning: Both ntfy.token and ntfy.username/password are set, ntfy.token will be used for authentication"
+                "Warning: Both ntfy.token and ntfy.username/password are set, ntfy.token will be used for authentication",
               );
             }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thelounge-plugin-ntfy",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "description": "A plugin for The Lounge that sends push notifications via ntfy when highlighted",
   "keywords": [
     "thelounge",
@@ -29,7 +29,7 @@
     "ajv": "^8.17.1",
     "ajv-errors": "^3.0.0",
     "ajv-formats": "^3.0.1",
-    "ntfy": "^1.11.8",
+    "ntfy": "~1.13.3",
     "thelounge": "^4.4.3"
   }
 }

package/src/config.js

@@ -5,6 +5,12 @@ const path = require("path");
 const Ajv2019 = require("ajv/dist/2019").default;
 const addFormats = require("ajv-formats");
 const addErrors = require("ajv-errors");
+const {
+  initEncryptionKey,
+  encrypt,
+  decrypt,
+  isEncrypted,
+} = require("./crypto.js");
 
 const DEFAULT_CONFIG = {
   ntfy: {
@@ -14,6 +20,9 @@ const DEFAULT_CONFIG = {
     password: null,
     token: null,
   },
+  config: {
+    notify_on_private_messages: false,
+  },
 };
 
 const ALLOWED_KEYS = new Set([
@@ -22,12 +31,17 @@ const ALLOWED_KEYS = new Set([
   "ntfy.username",
   "ntfy.password",
   "ntfy.token",
+  "config.notify_on_private_messages",
 ]);
 
+const BOOLEAN_KEYS = new Set(["config.notify_on_private_messages"]);
+
+const SENSITIVE_KEYS = new Set(["ntfy.password", "ntfy.token"]);
+
 const userConfigSchema = {
   type: "object",
   additionalProperties: false,
-  required: ["ntfy"],
+  required: ["ntfy", "config"],
   properties: {
     ntfy: {
       type: "object",
@@ -90,6 +104,17 @@ const userConfigSchema = {
         password: ["username"],
       },
     },
+    config: {
+      type: "object",
+      additionalProperties: false,
+      required: ["notify_on_private_messages"],
+      properties: {
+        notify_on_private_messages: {
+          type: "boolean",
+          default: false,
+        },
+      },
+    },
   },
 };
 
@@ -104,6 +129,38 @@ let rootDir = null;
 
 function setRootDir(dir) {
   rootDir = dir;
+  initEncryptionKey(dir);
+}
+
+function decryptSensitiveFields(config) {
+  const decrypted = JSON.parse(JSON.stringify(config)); // Deep clone
+
+  for (const key of SENSITIVE_KEYS) {
+    const keys = key.split(".");
+    let curr = decrypted;
+
+    for (let i = 0; i < keys.length - 1; i++) {
+      if (curr[keys[i]]) {
+        curr = curr[keys[i]];
+      } else {
+        curr = null;
+        break;
+      }
+    }
+
+    if (curr) {
+      const finalKey = keys[keys.length - 1];
+      if (curr[finalKey] && isEncrypted(curr[finalKey])) {
+        try {
+          curr[finalKey] = decrypt(curr[finalKey]);
+        } catch (e) {
+          // Leave as-is
+        }
+      }
+    }
+  }
+
+  return decrypted;
 }
 
 function loadUserConfig(username) {
@@ -125,10 +182,12 @@ function loadUserConfig(username) {
       userConfig = JSON.parse(fs.readFileSync(userConfigPath, "utf-8"));
     } catch (e) {
       throw new Error(
-        `Invalid JSON in user config for ${username}: ${e.message}`
+        `Invalid JSON in user config for ${username}: ${e.message}`,
       );
     }
 
+    userConfig = decryptSensitiveFields(userConfig);
+
     const validate = ajv.compile(userConfigSchema);
     const valid = validate(userConfig);
 
@@ -136,6 +195,33 @@ function loadUserConfig(username) {
   }
 }
 
+function encryptSensitiveFields(config) {
+  const encrypted = JSON.parse(JSON.stringify(config)); // Deep clone
+
+  for (const key of SENSITIVE_KEYS) {
+    const keys = key.split(".");
+    let curr = encrypted;
+
+    for (let i = 0; i < keys.length - 1; i++) {
+      if (curr[keys[i]]) {
+        curr = curr[keys[i]];
+      } else {
+        curr = null;
+        break;
+      }
+    }
+
+    if (curr) {
+      const finalKey = keys[keys.length - 1];
+      if (curr[finalKey] && !isEncrypted(curr[finalKey])) {
+        curr[finalKey] = encrypt(curr[finalKey]);
+      }
+    }
+  }
+
+  return encrypted;
+}
+
 function saveUserSetting(username, settingKey, settingValue) {
   if (!rootDir) {
     throw new Error("Root directory is not set");
@@ -155,22 +241,42 @@ function saveUserSetting(username, settingKey, settingValue) {
       }
     }
 
+    if (settingValue && typeof settingValue !== "string") {
+      return `Error: expected value to be a string`;
+    }
+
+    if (BOOLEAN_KEYS.has(settingKey)) {
+      try {
+        settingValue = settingValue
+          ? JSON.parse(settingValue.toLowerCase())
+          : false;
+
+        if (typeof settingValue !== "boolean") {
+          return `Invalid value for ${settingKey}, expected a boolean`;
+        }
+      } catch {
+        return `Invalid value for ${settingKey}, expected a boolean`;
+      }
+    }
+
     curr[keys[keys.length - 1]] = settingValue;
 
+    const configToSave = encryptSensitiveFields(userConfig);
+
     const userConfigPath = path.join(rootDir, "config", `${username}.json`);
 
     fs.mkdirSync(path.dirname(userConfigPath), { recursive: true });
     fs.writeFileSync(
       userConfigPath,
-      JSON.stringify(userConfig, null, 2),
-      "utf-8"
+      JSON.stringify(configToSave, null, 2),
+      "utf-8",
     );
 
     return "Success";
   }
 
   return `Invalid setting ${settingKey}, allowed settings are: ${Array.from(
-    ALLOWED_KEYS
+    ALLOWED_KEYS,
   ).join(", ")}`;
 }
 

package/src/crypto.js

@@ -0,0 +1,111 @@
+"use strict";
+
+const crypto = require("crypto");
+const fs = require("fs");
+const path = require("path");
+
+const ALGORITHM = "aes-256-gcm";
+const KEY_LENGTH = 32; // 256 bits
+const IV_LENGTH = 16; // 128 bits
+const AUTH_TAG_LENGTH = 16; // 128 bits
+const ENCRYPTED_PREFIX = "enc:";
+
+let encryptionKey = null;
+
+function initEncryptionKey(configDir) {
+  const keyPath = path.join(configDir, ".ntfy_key");
+
+  if (fs.existsSync(keyPath)) {
+    const keyData = fs.readFileSync(keyPath, "utf-8").trim();
+    encryptionKey = Buffer.from(keyData, "hex");
+
+    if (encryptionKey.length !== KEY_LENGTH) {
+      throw new Error("Invalid encryption key length");
+    }
+  } else {
+    encryptionKey = crypto.randomBytes(KEY_LENGTH);
+    fs.mkdirSync(configDir, { recursive: true });
+    fs.writeFileSync(keyPath, encryptionKey.toString("hex"), {
+      encoding: "utf-8",
+      mode: 0o600, // R/W for owner only
+    });
+  }
+}
+
+function isInitialized() {
+  return encryptionKey !== null;
+}
+
+function encrypt(plaintext) {
+  if (!encryptionKey) {
+    throw new Error("Encryption key not initialized");
+  }
+
+  if (!plaintext || typeof plaintext !== "string") {
+    return plaintext;
+  }
+
+  if (plaintext.startsWith(ENCRYPTED_PREFIX)) {
+    return plaintext;
+  }
+
+  const iv = crypto.randomBytes(IV_LENGTH);
+  const cipher = crypto.createCipheriv(ALGORITHM, encryptionKey, iv, {
+    authTagLength: AUTH_TAG_LENGTH,
+  });
+
+  let encrypted = cipher.update(plaintext, "utf8", "hex");
+  encrypted += cipher.final("hex");
+
+  const authTag = cipher.getAuthTag();
+
+  return `${ENCRYPTED_PREFIX}${iv.toString("hex")}:${authTag.toString("hex")}:${encrypted}`;
+}
+
+function decrypt(encryptedText) {
+  if (!encryptionKey) {
+    throw new Error("Encryption key not initialized");
+  }
+
+  if (!encryptedText || typeof encryptedText !== "string") {
+    return encryptedText;
+  }
+
+  if (!encryptedText.startsWith(ENCRYPTED_PREFIX)) {
+    return encryptedText;
+  }
+
+  const data = encryptedText.slice(ENCRYPTED_PREFIX.length);
+  const parts = data.split(":");
+
+  if (parts.length !== 3) {
+    throw new Error("Invalid encrypted data format");
+  }
+
+  const [ivHex, authTagHex, encrypted] = parts;
+  const iv = Buffer.from(ivHex, "hex");
+  const authTag = Buffer.from(authTagHex, "hex");
+
+  const decipher = crypto.createDecipheriv(ALGORITHM, encryptionKey, iv, {
+    authTagLength: AUTH_TAG_LENGTH,
+  });
+  decipher.setAuthTag(authTag);
+
+  let decrypted = decipher.update(encrypted, "hex", "utf8");
+  decrypted += decipher.final("utf8");
+
+  return decrypted;
+}
+
+function isEncrypted(value) {
+  return typeof value === "string" && value.startsWith(ENCRYPTED_PREFIX);
+}
+
+module.exports = {
+  initEncryptionKey,
+  isInitialized,
+  encrypt,
+  decrypt,
+  isEncrypted,
+  ENCRYPTED_PREFIX,
+};

package/src/handler.js

@@ -1,45 +1,88 @@
 "use strict";
 
 const { loadUserConfig } = require("./config.js");
+const { PluginLogger } = require("./logger.js");
 
 function createHandler(client, network) {
   return async (data) => {
+    // Ignore own messages
+    if (network.nick === data.nick) {
+      return;
+    }
+
     const highlightRegex = new RegExp(network.highlightRegex, "i");
     const message = data.message || "";
 
-    if (highlightRegex.test(message)) {
-      // Load config after each message to get latest settings
-      const [userConfig, errors] = loadUserConfig(client.client.name);
+    const mentioned = highlightRegex.test(message);
+    const isPM = data.target === network.nick;
+
+    let notify = false;
+    let userConfig;
+
+    if (mentioned) {
+      // Mentions always notify
+      notify = true;
+    } else if (isPM) {
+      // PMs notify only if enabled in config
+      const [uc, errors] = loadUserConfig(client.client.name);
 
       if (errors.length > 0) {
         return;
       }
 
-      let ntfyAuth;
+      userConfig = uc;
 
-      if (userConfig.ntfy.token) {
-        ntfyAuth = userConfig.ntfy.token;
-      } else if (userConfig.ntfy.username && userConfig.ntfy.password) {
-        ntfyAuth = {
-          username: userConfig.ntfy.username,
-          password: userConfig.ntfy.password,
-        };
+      if (userConfig.config.notify_on_private_messages) {
+        notify = true;
       }
+    }
+
+    if (notify) {
+      try {
+        // Avoid needlessly loading user config multiple times
+        if (!userConfig) {
+          const [uc, errors] = loadUserConfig(client.client.name);
 
-      const { NtfyClient, MessagePriority } = await import("ntfy");
+          if (errors.length > 0) {
+            return;
+          }
 
-      const ntfyClient = new NtfyClient({
-        server: userConfig.ntfy.server,
-        topic: userConfig.ntfy.topic,
-        priority: MessagePriority.HIGH,
-        tags: ["speech_balloon"],
-        authorization: ntfyAuth,
-      });
+          userConfig = uc;
+        }
 
-      ntfyClient.publish({
-        title: `${network.name} ${data.target}: ${data.nick}`,
-        message: message,
-      });
+        let ntfyAuth;
+
+        if (userConfig.ntfy.token) {
+          ntfyAuth = {
+            username: "",
+            password: userConfig.ntfy.token,
+          };
+        } else if (userConfig.ntfy.username && userConfig.ntfy.password) {
+          ntfyAuth = {
+            username: userConfig.ntfy.username,
+            password: userConfig.ntfy.password,
+          };
+        }
+
+        const { NtfyClient, MessagePriority } = await import("ntfy");
+
+        const ntfyClient = new NtfyClient({
+          server: userConfig.ntfy.server,
+          topic: userConfig.ntfy.topic,
+          priority: MessagePriority.HIGH,
+          tags: ["speech_balloon"],
+          authorization: ntfyAuth,
+        });
+
+        ntfyClient.publish({
+          title: isPM
+            ? `${network.name}: ${data.nick}`
+            : `${network.name} ${data.target}: ${data.nick}`,
+          message: message,
+        });
+      } catch (e) {
+        PluginLogger.error("Failed to send ntfy notification", e);
+      }
     }
   };
 }