thelounge-plugin-ntfy 1.2.0 → 1.4.0

package/README.md

@@ -1,5 +1,8 @@
 # The Lounge ntfy Plugin
 
+![NPM Version](https://img.shields.io/npm/v/thelounge-plugin-ntfy?style=for-the-badge)
+![NPM Downloads](https://img.shields.io/npm/dy/thelounge-plugin-ntfy?style=for-the-badge)
+
 A plugin for [The Lounge](https://thelounge.chat/) that sends a message to an [ntfy](https://ntfy.sh/) server whenever you are mentioned in a chat.
 
 ## Installation
@@ -21,8 +24,10 @@ This plugin introduces the `/ntfy` command, subcommands are:
 - `/ntfy status`: Show the ntfy listener status for this network
 - `/ntfy test`: Send a test notification
 - `/ntfy config`: Config commands
-  - `/ntfy config set <setting_key> <setting_value>`: Set a configuration setting
-  - `/ntfy config remove <setting_key>`: Set a configuration setting to null
+  - `/ntfy config set <setting_key> <setting_value>`: Set a global configuration setting
+  - `/ntfy config remove <setting_key>`: Set a global configuration setting to null
+  - `/ntfy config network set <setting_key> <setting_value>`: Set a per-network setting for this network
+  - `/ntfy config network remove <setting_key>`: Remove per-network setting for this network
   - `/ntfy config print`: Print the current configuration with warnings if any
 
 ## Setup
@@ -43,12 +48,14 @@ To start/stop sending push notifications in the desired network, enter:
 
 ## Private Messages
 
-By default, you will only be notified when you are mentioned, **this includes messages sent privately to you**. If you want to be notified of all private messages, enter this command and start the notifier like usual:
+By default, you will only be notified when you are mentioned, **this includes messages sent privately to you**. If you want to be notified of all private messages on a specific network, enter this command while connected to that network and start the notifier like usual:
 
 ```
-/ntfy config set config.notify_on_private_messages true
+/ntfy config network set config.notify_on_private_messages true
 ```
 
+This setting is per-network, so you can enable it for some networks and disable it for others.
+
 ## License
 
 This plugin is licensed under [MIT](https://opensource.org/license/mit)

package/docker-compose.yml

@@ -12,3 +12,6 @@ services:
       - $PWD/index.js:/var/opt/thelounge/packages/thelounge-plugin-ntfy/index.js
       - $PWD/package.json:/var/opt/thelounge/packages/thelounge-plugin-ntfy/package.json
       - $PWD/package-lock.json:/var/opt/thelounge/packages/thelounge-plugin-ntfy/package-lock.json
+
+# Installation: su node -c "thelounge install file:/var/opt/thelounge/packages/thelounge-plugin-ntfy"
+# Removal: su node -c "thelounge uninstall thelounge-plugin-ntfy"

package/index.js

@@ -6,6 +6,8 @@ const {
   setRootDir,
   loadUserConfig,
   saveUserSetting,
+  saveNetworkSetting,
+  PER_NETWORK_KEYS,
 } = require("./src/config.js");
 
 // user -> Map<network.uuid -> handler and client>
@@ -22,17 +24,23 @@ const ntfyCommand = {
       say(`/${command} start - Start the ntfy listener for this network`);
       say(`/${command} stop - Stop the ntfy listener for this network`);
       say(
-        `/${command} status - Show the ntfy listener status for this network`
+        `/${command} status - Show the ntfy listener status for this network`,
       );
       say(`/${command} test - Send a test notification`);
       say(
-        `/${command} config set <setting_key> <setting_value> - Set a configuration setting`
+        `/${command} config set <setting_key> <setting_value> - Set a global configuration setting`,
       );
       say(
-        `/${command} config remove <setting_key> - Set configuration setting to null`
+        `/${command} config remove <setting_key> - Set global configuration setting to null`,
       );
       say(
-        `/${command} config print - Print the current configuration with warnings if any`
+        `/${command} config network set <setting_key> <setting_value> - Set a per-network setting for this network`,
+      );
+      say(
+        `/${command} config network remove <setting_key> - Remove per-network setting for this network`,
+      );
+      say(
+        `/${command} config print - Print the current configuration with warnings if any`,
       );
     };
 
@@ -197,7 +205,7 @@ const ntfyCommand = {
             const response = saveUserSetting(
               client.client.name,
               settingKey,
-              settingValue
+              settingValue,
             );
 
             say(response);
@@ -217,7 +225,7 @@ const ntfyCommand = {
             const response = saveUserSetting(
               client.client.name,
               settingKey,
-              null
+              null,
             );
 
             say(response);
@@ -228,13 +236,30 @@ const ntfyCommand = {
           case "print": {
             const [userConfig, errors] = loadUserConfig(client.client.name);
 
+            const sensitiveKeys = new Set(["ntfy.password", "ntfy.token"]);
+            const perNetworkKeys = new Set([
+              "config.notify_on_private_messages",
+            ]);
+
             const printConfig = (obj, parentKey = "") => {
               for (const key in obj) {
                 const value = obj[key];
                 const fullKey = parentKey ? `${parentKey}.${key}` : key;
 
-                if (typeof value === "object" && value !== null) {
+                if (perNetworkKeys.has(fullKey)) {
+                  // Special handling for per-network settings
+                  if (typeof value === "object" && value !== null) {
+                    const networkValue = value[network.uuid];
+                    say(
+                      `${fullKey}=${networkValue !== undefined ? networkValue : "(not set for this network)"}`,
+                    );
+                  } else {
+                    say(`${fullKey}=(not set for this network)`);
+                  }
+                } else if (typeof value === "object" && value !== null) {
                   printConfig(value, fullKey);
+                } else if (sensitiveKeys.has(fullKey) && value) {
+                  say(`${fullKey}=********`);
                 } else {
                   say(`${fullKey}=${value}`);
                 }
@@ -257,13 +282,85 @@ const ntfyCommand = {
               userConfig.ntfy.password
             ) {
               say(
-                "Warning: Both ntfy.token and ntfy.username/password are set, ntfy.token will be used for authentication"
+                "Warning: Both ntfy.token and ntfy.username/password are set, ntfy.token will be used for authentication",
               );
             }
 
             break;
           }
 
+          case "network": {
+            const networkArgs = subsubcommand.slice(1);
+
+            if (networkArgs.length === 0) {
+              helpMessage();
+              return;
+            }
+
+            if (typeof networkArgs[0] !== "string") {
+              helpMessage();
+              return;
+            }
+
+            switch (networkArgs[0].toLowerCase()) {
+              case "set": {
+                const setArgs = networkArgs.slice(1);
+
+                if (setArgs.length < 2) {
+                  say("Usage: /ntfy config network set <setting_key> <value>");
+                  say(
+                    `Available per-network settings: ${Array.from(PER_NETWORK_KEYS).join(", ")}`,
+                  );
+                  return;
+                }
+
+                const settingKey = setArgs[0];
+                const settingValue = setArgs.slice(1).join(" ");
+                const response = saveNetworkSetting(
+                  client.client.name,
+                  settingKey,
+                  network.uuid,
+                  settingValue,
+                );
+
+                say(response);
+
+                break;
+              }
+
+              case "remove": {
+                const removeArgs = networkArgs.slice(1);
+
+                if (removeArgs.length < 1) {
+                  say("Usage: /ntfy config network remove <setting_key>");
+                  say(
+                    `Available per-network settings: ${Array.from(PER_NETWORK_KEYS).join(", ")}`,
+                  );
+                  return;
+                }
+
+                const settingKey = removeArgs[0];
+                const response = saveNetworkSetting(
+                  client.client.name,
+                  settingKey,
+                  network.uuid,
+                  null,
+                );
+
+                say(response);
+
+                break;
+              }
+
+              default: {
+                helpMessage();
+                break;
+              }
+            }
+
+            break;
+          }
+
           default: {
             helpMessage();
             break;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thelounge-plugin-ntfy",
-  "version": "1.2.0",
+  "version": "1.4.0",
   "description": "A plugin for The Lounge that sends push notifications via ntfy when highlighted",
   "keywords": [
     "thelounge",
@@ -29,7 +29,7 @@
     "ajv": "^8.17.1",
     "ajv-errors": "^3.0.0",
     "ajv-formats": "^3.0.1",
-    "ntfy": "^1.11.8",
+    "ntfy": "~1.13.3",
     "thelounge": "^4.4.3"
   }
 }

package/src/config.js

@@ -5,6 +5,12 @@ const path = require("path");
 const Ajv2019 = require("ajv/dist/2019").default;
 const addFormats = require("ajv-formats");
 const addErrors = require("ajv-errors");
+const {
+  initEncryptionKey,
+  encrypt,
+  decrypt,
+  isEncrypted,
+} = require("./crypto.js");
 
 const DEFAULT_CONFIG = {
   ntfy: {
@@ -15,20 +21,23 @@ const DEFAULT_CONFIG = {
     token: null,
   },
   config: {
-    notify_on_private_messages: false,
+    notify_on_private_messages: {}, // Per-network: { "network-uuid": true/false }
   },
 };
 
-const ALLOWED_KEYS = new Set([
+const GLOBAL_KEYS = new Set([
   "ntfy.server",
   "ntfy.topic",
   "ntfy.username",
   "ntfy.password",
   "ntfy.token",
-  "config.notify_on_private_messages",
 ]);
+const GLOBAL_BOOLEAN_KEYS = new Set([]);
 
-const BOOLEAN_KEYS = new Set(["config.notify_on_private_messages"]);
+const PER_NETWORK_KEYS = new Set(["config.notify_on_private_messages"]);
+const PER_NETWORK_BOOLEAN_KEYS = new Set(["config.notify_on_private_messages"]);
+
+const SENSITIVE_KEYS = new Set(["ntfy.password", "ntfy.token"]);
 
 const userConfigSchema = {
   type: "object",
@@ -102,8 +111,9 @@ const userConfigSchema = {
       required: ["notify_on_private_messages"],
       properties: {
         notify_on_private_messages: {
-          type: "boolean",
-          default: false,
+          type: "object",
+          additionalProperties: { type: ["boolean", "string"] },
+          default: {},
         },
       },
     },
@@ -121,6 +131,38 @@ let rootDir = null;
 
 function setRootDir(dir) {
   rootDir = dir;
+  initEncryptionKey(dir);
+}
+
+function decryptSensitiveFields(config) {
+  const decrypted = JSON.parse(JSON.stringify(config)); // Deep clone
+
+  for (const key of SENSITIVE_KEYS) {
+    const keys = key.split(".");
+    let curr = decrypted;
+
+    for (let i = 0; i < keys.length - 1; i++) {
+      if (curr[keys[i]]) {
+        curr = curr[keys[i]];
+      } else {
+        curr = null;
+        break;
+      }
+    }
+
+    if (curr) {
+      const finalKey = keys[keys.length - 1];
+      if (curr[finalKey] && isEncrypted(curr[finalKey])) {
+        try {
+          curr[finalKey] = decrypt(curr[finalKey]);
+        } catch (e) {
+          // Leave as-is
+        }
+      }
+    }
+  }
+
+  return decrypted;
 }
 
 function loadUserConfig(username) {
@@ -142,10 +184,12 @@ function loadUserConfig(username) {
       userConfig = JSON.parse(fs.readFileSync(userConfigPath, "utf-8"));
     } catch (e) {
       throw new Error(
-        `Invalid JSON in user config for ${username}: ${e.message}`
+        `Invalid JSON in user config for ${username}: ${e.message}`,
       );
     }
 
+    userConfig = decryptSensitiveFields(userConfig);
+
     const validate = ajv.compile(userConfigSchema);
     const valid = validate(userConfig);
 
@@ -153,12 +197,39 @@ function loadUserConfig(username) {
   }
 }
 
+function encryptSensitiveFields(config) {
+  const encrypted = JSON.parse(JSON.stringify(config)); // Deep clone
+
+  for (const key of SENSITIVE_KEYS) {
+    const keys = key.split(".");
+    let curr = encrypted;
+
+    for (let i = 0; i < keys.length - 1; i++) {
+      if (curr[keys[i]]) {
+        curr = curr[keys[i]];
+      } else {
+        curr = null;
+        break;
+      }
+    }
+
+    if (curr) {
+      const finalKey = keys[keys.length - 1];
+      if (curr[finalKey] && !isEncrypted(curr[finalKey])) {
+        curr[finalKey] = encrypt(curr[finalKey]);
+      }
+    }
+  }
+
+  return encrypted;
+}
+
 function saveUserSetting(username, settingKey, settingValue) {
   if (!rootDir) {
     throw new Error("Root directory is not set");
   }
 
-  if (ALLOWED_KEYS.has(settingKey)) {
+  if (GLOBAL_KEYS.has(settingKey)) {
     let userConfig = loadUserConfig(username)[0];
 
     const keys = settingKey.split(".");
@@ -176,7 +247,7 @@ function saveUserSetting(username, settingKey, settingValue) {
       return `Error: expected value to be a string`;
     }
 
-    if (BOOLEAN_KEYS.has(settingKey)) {
+    if (GLOBAL_BOOLEAN_KEYS.has(settingKey)) {
       try {
         settingValue = settingValue
           ? JSON.parse(settingValue.toLowerCase())
@@ -192,25 +263,118 @@ function saveUserSetting(username, settingKey, settingValue) {
 
     curr[keys[keys.length - 1]] = settingValue;
 
+    const configToSave = encryptSensitiveFields(userConfig);
+
     const userConfigPath = path.join(rootDir, "config", `${username}.json`);
 
     fs.mkdirSync(path.dirname(userConfigPath), { recursive: true });
     fs.writeFileSync(
       userConfigPath,
-      JSON.stringify(userConfig, null, 2),
-      "utf-8"
+      JSON.stringify(configToSave, null, 2),
+      "utf-8",
     );
 
     return "Success";
   }
 
   return `Invalid setting ${settingKey}, allowed settings are: ${Array.from(
-    ALLOWED_KEYS
+    GLOBAL_KEYS,
   ).join(", ")}`;
 }
 
+function saveNetworkSetting(username, settingKey, networkUuid, settingValue) {
+  if (!rootDir) {
+    throw new Error("Root directory is not set");
+  }
+
+  if (!PER_NETWORK_KEYS.has(settingKey)) {
+    return `Invalid per-network setting ${settingKey}, allowed settings are: ${Array.from(
+      PER_NETWORK_KEYS,
+    ).join(", ")}`;
+  }
+
+  let userConfig = loadUserConfig(username)[0];
+
+  const keys = settingKey.split(".");
+
+  let curr = userConfig;
+
+  for (let i = 0; i < keys.length - 1; i++) {
+    const key = keys[i];
+    if (key in curr) {
+      curr = curr[key];
+    }
+  }
+
+  const finalKey = keys[keys.length - 1];
+
+  if (!curr[finalKey] || typeof curr[finalKey] !== "object") {
+    curr[finalKey] = {};
+  }
+
+  if (settingValue === null) {
+    delete curr[finalKey][networkUuid];
+  } else if (PER_NETWORK_BOOLEAN_KEYS.has(settingKey)) {
+    try {
+      const boolValue = JSON.parse(settingValue.toLowerCase());
+
+      if (typeof boolValue !== "boolean") {
+        return `Invalid value for ${settingKey}, expected a boolean`;
+      }
+
+      curr[finalKey][networkUuid] = boolValue;
+    } catch {
+      return `Invalid value for ${settingKey}, expected a boolean (true/false)`;
+    }
+  } else {
+    curr[finalKey][networkUuid] = settingValue;
+  }
+
+  const configToSave = encryptSensitiveFields(userConfig);
+
+  const userConfigPath = path.join(rootDir, "config", `${username}.json`);
+
+  fs.mkdirSync(path.dirname(userConfigPath), { recursive: true });
+  fs.writeFileSync(
+    userConfigPath,
+    JSON.stringify(configToSave, null, 2),
+    "utf-8",
+  );
+
+  return "Success";
+}
+
+function getNetworkSetting(
+  userConfig,
+  settingKey,
+  networkUuid,
+  defaultValue = false,
+) {
+  const keys = settingKey.split(".");
+
+  let curr = userConfig;
+
+  for (const key of keys) {
+    if (curr && typeof curr === "object" && key in curr) {
+      curr = curr[key];
+    } else {
+      return defaultValue;
+    }
+  }
+
+  if (curr && typeof curr === "object" && networkUuid in curr) {
+    return curr[networkUuid];
+  }
+
+  return defaultValue;
+}
+
 module.exports = {
   setRootDir,
   loadUserConfig,
   saveUserSetting,
+  saveNetworkSetting,
+  getNetworkSetting,
+  PER_NETWORK_KEYS,
+  PER_NETWORK_BOOLEAN_KEYS,
 };

package/src/crypto.js

@@ -0,0 +1,111 @@
+"use strict";
+
+const crypto = require("crypto");
+const fs = require("fs");
+const path = require("path");
+
+const ALGORITHM = "aes-256-gcm";
+const KEY_LENGTH = 32; // 256 bits
+const IV_LENGTH = 16; // 128 bits
+const AUTH_TAG_LENGTH = 16; // 128 bits
+const ENCRYPTED_PREFIX = "enc:";
+
+let encryptionKey = null;
+
+function initEncryptionKey(configDir) {
+  const keyPath = path.join(configDir, ".ntfy_key");
+
+  if (fs.existsSync(keyPath)) {
+    const keyData = fs.readFileSync(keyPath, "utf-8").trim();
+    encryptionKey = Buffer.from(keyData, "hex");
+
+    if (encryptionKey.length !== KEY_LENGTH) {
+      throw new Error("Invalid encryption key length");
+    }
+  } else {
+    encryptionKey = crypto.randomBytes(KEY_LENGTH);
+    fs.mkdirSync(configDir, { recursive: true });
+    fs.writeFileSync(keyPath, encryptionKey.toString("hex"), {
+      encoding: "utf-8",
+      mode: 0o600, // R/W for owner only
+    });
+  }
+}
+
+function isInitialized() {
+  return encryptionKey !== null;
+}
+
+function encrypt(plaintext) {
+  if (!encryptionKey) {
+    throw new Error("Encryption key not initialized");
+  }
+
+  if (!plaintext || typeof plaintext !== "string") {
+    return plaintext;
+  }
+
+  if (plaintext.startsWith(ENCRYPTED_PREFIX)) {
+    return plaintext;
+  }
+
+  const iv = crypto.randomBytes(IV_LENGTH);
+  const cipher = crypto.createCipheriv(ALGORITHM, encryptionKey, iv, {
+    authTagLength: AUTH_TAG_LENGTH,
+  });
+
+  let encrypted = cipher.update(plaintext, "utf8", "hex");
+  encrypted += cipher.final("hex");
+
+  const authTag = cipher.getAuthTag();
+
+  return `${ENCRYPTED_PREFIX}${iv.toString("hex")}:${authTag.toString("hex")}:${encrypted}`;
+}
+
+function decrypt(encryptedText) {
+  if (!encryptionKey) {
+    throw new Error("Encryption key not initialized");
+  }
+
+  if (!encryptedText || typeof encryptedText !== "string") {
+    return encryptedText;
+  }
+
+  if (!encryptedText.startsWith(ENCRYPTED_PREFIX)) {
+    return encryptedText;
+  }
+
+  const data = encryptedText.slice(ENCRYPTED_PREFIX.length);
+  const parts = data.split(":");
+
+  if (parts.length !== 3) {
+    throw new Error("Invalid encrypted data format");
+  }
+
+  const [ivHex, authTagHex, encrypted] = parts;
+  const iv = Buffer.from(ivHex, "hex");
+  const authTag = Buffer.from(authTagHex, "hex");
+
+  const decipher = crypto.createDecipheriv(ALGORITHM, encryptionKey, iv, {
+    authTagLength: AUTH_TAG_LENGTH,
+  });
+  decipher.setAuthTag(authTag);
+
+  let decrypted = decipher.update(encrypted, "hex", "utf8");
+  decrypted += decipher.final("utf8");
+
+  return decrypted;
+}
+
+function isEncrypted(value) {
+  return typeof value === "string" && value.startsWith(ENCRYPTED_PREFIX);
+}
+
+module.exports = {
+  initEncryptionKey,
+  isInitialized,
+  encrypt,
+  decrypt,
+  isEncrypted,
+  ENCRYPTED_PREFIX,
+};

package/src/handler.js

@@ -1,6 +1,6 @@
 "use strict";
 
-const { loadUserConfig } = require("./config.js");
+const { loadUserConfig, getNetworkSetting } = require("./config.js");
 const { PluginLogger } = require("./logger.js");
 
 function createHandler(client, network) {
@@ -23,7 +23,7 @@ function createHandler(client, network) {
       // Mentions always notify
       notify = true;
     } else if (isPM) {
-      // PMs notify only if enabled in config
+      // PMs notify only if enabled in config for this network
       const [uc, errors] = loadUserConfig(client.client.name);
 
       if (errors.length > 0) {
@@ -32,7 +32,14 @@ function createHandler(client, network) {
 
       userConfig = uc;
 
-      if (userConfig.config.notify_on_private_messages) {
+      const notifyOnPMs = getNetworkSetting(
+        userConfig,
+        "config.notify_on_private_messages",
+        network.uuid,
+        false,
+      );
+
+      if (notifyOnPMs) {
         notify = true;
       }
     }