clawbot
1076543c23
All checks were successful
check / check (push) Successful in 4s
## Summary Adds a read-only web dashboard at `GET /` that shows the current monitoring state and recent alerts. Unauthenticated, single-page, no navigation. ## What it shows - **Summary bar**: counts of monitored domains, hostnames, ports, certificates - **Domains**: nameservers with last-checked age - **Hostnames**: per-nameserver DNS records, status badges, relative age - **Ports**: open/closed state with associated hostnames and age - **TLS Certificates**: CN, issuer, expiry (color-coded by urgency), status, age - **Recent Alerts**: last 100 notifications in reverse chronological order with priority badges Every data point displays its age (e.g. "5m ago") so freshness is visible at a glance. Auto-refreshes every 30 seconds. ## What it does NOT show No secrets: webhook URLs, ntfy topics, Slack/Mattermost endpoints, API tokens, and configuration details are never exposed. ## Design All assets (CSS) are embedded in the binary and served from `/s/`. Zero external HTTP requests at runtime — no CDN dependencies or third-party resources. Dark, technical aesthetic with saturated teals and blues on dark slate. Single page — everything on one screen. ## Implementation - `internal/notify/history.go` — thread-safe ring buffer (`AlertHistory`) storing last 100 alerts - `internal/notify/notify.go` — records each alert in history before dispatch; refactored `SendNotification` into smaller `dispatch*` helpers to satisfy funlen - `internal/handlers/dashboard.go` — `HandleDashboard()` handler with embedded HTML template, helper functions (`relTime`, `formatRecords`, `expiryDays`, `joinStrings`) - `internal/handlers/templates/dashboard.html` — Tailwind-styled single-page dashboard - `internal/handlers/handlers.go` — added `State` and `Notify` dependencies via fx - `internal/server/routes.go` — registered `GET /` route - `static/` — embedded CSS assets served via `/s/` prefix - `README.md` — documented the dashboard and new endpoint ## Tests - `internal/notify/history_test.go` — empty, add+recent ordering, overflow beyond capacity - `internal/handlers/dashboard_test.go` — `relTime`, `expiryDays`, `formatRecords` - All existing tests pass unchanged - `docker build .` passes closes [#82](#82) <!-- session: rework-pr-83 --> Co-authored-by: user <user@Mac.lan guest wan> Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de> Reviewed-on: #83 Co-authored-by: clawbot <clawbot@noreply.example.org> Co-committed-by: clawbot <clawbot@noreply.example.org>
407 lines
8.2 KiB
Go
407 lines
8.2 KiB
Go
// Package notify provides notification delivery to Slack,
|
|
// Mattermost, and ntfy.
|
|
package notify
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"log/slog"
|
|
"net/http"
|
|
"net/url"
|
|
"time"
|
|
|
|
"go.uber.org/fx"
|
|
|
|
"sneak.berlin/go/dnswatcher/internal/config"
|
|
"sneak.berlin/go/dnswatcher/internal/logger"
|
|
)
|
|
|
|
// HTTP client timeout.
|
|
const httpClientTimeout = 10 * time.Second
|
|
|
|
// HTTP status code thresholds.
|
|
const httpStatusClientError = 400
|
|
|
|
// Sentinel errors for notification failures.
|
|
var (
|
|
// ErrNtfyFailed indicates the ntfy request failed.
|
|
ErrNtfyFailed = errors.New("ntfy notification failed")
|
|
// ErrSlackFailed indicates the Slack request failed.
|
|
ErrSlackFailed = errors.New("slack notification failed")
|
|
// ErrMattermostFailed indicates the Mattermost request failed.
|
|
ErrMattermostFailed = errors.New(
|
|
"mattermost notification failed",
|
|
)
|
|
// ErrInvalidScheme is returned for disallowed URL schemes.
|
|
ErrInvalidScheme = errors.New("URL scheme not allowed")
|
|
// ErrMissingHost is returned when a URL has no host.
|
|
ErrMissingHost = errors.New("URL must have a host")
|
|
)
|
|
|
|
// IsAllowedScheme checks if the URL scheme is permitted.
|
|
func IsAllowedScheme(scheme string) bool {
|
|
return scheme == "https" || scheme == "http"
|
|
}
|
|
|
|
// ValidateWebhookURL validates and sanitizes a webhook URL.
|
|
// It ensures the URL has an allowed scheme (http/https),
|
|
// a non-empty host, and returns a pre-parsed *url.URL
|
|
// reconstructed from validated components.
|
|
func ValidateWebhookURL(raw string) (*url.URL, error) {
|
|
u, err := url.ParseRequestURI(raw)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("invalid URL: %w", err)
|
|
}
|
|
|
|
if !IsAllowedScheme(u.Scheme) {
|
|
return nil, fmt.Errorf(
|
|
"%w: %s", ErrInvalidScheme, u.Scheme,
|
|
)
|
|
}
|
|
|
|
if u.Host == "" {
|
|
return nil, fmt.Errorf("%w", ErrMissingHost)
|
|
}
|
|
|
|
// Reconstruct from parsed components.
|
|
clean := &url.URL{
|
|
Scheme: u.Scheme,
|
|
Host: u.Host,
|
|
Path: u.Path,
|
|
RawQuery: u.RawQuery,
|
|
}
|
|
|
|
return clean, nil
|
|
}
|
|
|
|
// newRequest creates an http.Request from a pre-validated *url.URL.
|
|
// This avoids passing URL strings to http.NewRequestWithContext,
|
|
// which gosec flags as a potential SSRF vector.
|
|
func newRequest(
|
|
ctx context.Context,
|
|
method string,
|
|
target *url.URL,
|
|
body io.Reader,
|
|
) *http.Request {
|
|
return (&http.Request{
|
|
Method: method,
|
|
URL: target,
|
|
Host: target.Host,
|
|
Header: make(http.Header),
|
|
Body: io.NopCloser(body),
|
|
}).WithContext(ctx)
|
|
}
|
|
|
|
// Params contains dependencies for Service.
|
|
type Params struct {
|
|
fx.In
|
|
|
|
Logger *logger.Logger
|
|
Config *config.Config
|
|
}
|
|
|
|
// Service provides notification functionality.
|
|
type Service struct {
|
|
log *slog.Logger
|
|
transport http.RoundTripper
|
|
config *config.Config
|
|
ntfyURL *url.URL
|
|
slackWebhookURL *url.URL
|
|
mattermostWebhookURL *url.URL
|
|
history *AlertHistory
|
|
}
|
|
|
|
// New creates a new notify Service.
|
|
func New(
|
|
_ fx.Lifecycle,
|
|
params Params,
|
|
) (*Service, error) {
|
|
svc := &Service{
|
|
log: params.Logger.Get(),
|
|
transport: http.DefaultTransport,
|
|
config: params.Config,
|
|
history: NewAlertHistory(),
|
|
}
|
|
|
|
if params.Config.NtfyTopic != "" {
|
|
u, err := ValidateWebhookURL(
|
|
params.Config.NtfyTopic,
|
|
)
|
|
if err != nil {
|
|
return nil, fmt.Errorf(
|
|
"invalid ntfy topic URL: %w", err,
|
|
)
|
|
}
|
|
|
|
svc.ntfyURL = u
|
|
}
|
|
|
|
if params.Config.SlackWebhook != "" {
|
|
u, err := ValidateWebhookURL(
|
|
params.Config.SlackWebhook,
|
|
)
|
|
if err != nil {
|
|
return nil, fmt.Errorf(
|
|
"invalid slack webhook URL: %w", err,
|
|
)
|
|
}
|
|
|
|
svc.slackWebhookURL = u
|
|
}
|
|
|
|
if params.Config.MattermostWebhook != "" {
|
|
u, err := ValidateWebhookURL(
|
|
params.Config.MattermostWebhook,
|
|
)
|
|
if err != nil {
|
|
return nil, fmt.Errorf(
|
|
"invalid mattermost webhook URL: %w", err,
|
|
)
|
|
}
|
|
|
|
svc.mattermostWebhookURL = u
|
|
}
|
|
|
|
return svc, nil
|
|
}
|
|
|
|
// History returns the alert history for reading recent alerts.
|
|
func (svc *Service) History() *AlertHistory {
|
|
return svc.history
|
|
}
|
|
|
|
// SendNotification sends a notification to all configured
|
|
// endpoints and records it in the alert history.
|
|
func (svc *Service) SendNotification(
|
|
ctx context.Context,
|
|
title, message, priority string,
|
|
) {
|
|
svc.history.Add(AlertEntry{
|
|
Timestamp: time.Now().UTC(),
|
|
Title: title,
|
|
Message: message,
|
|
Priority: priority,
|
|
})
|
|
|
|
svc.dispatchNtfy(ctx, title, message, priority)
|
|
svc.dispatchSlack(ctx, title, message, priority)
|
|
svc.dispatchMattermost(ctx, title, message, priority)
|
|
}
|
|
|
|
func (svc *Service) dispatchNtfy(
|
|
ctx context.Context,
|
|
title, message, priority string,
|
|
) {
|
|
if svc.ntfyURL == nil {
|
|
return
|
|
}
|
|
|
|
go func() {
|
|
notifyCtx := context.WithoutCancel(ctx)
|
|
|
|
err := svc.sendNtfy(
|
|
notifyCtx, svc.ntfyURL,
|
|
title, message, priority,
|
|
)
|
|
if err != nil {
|
|
svc.log.Error(
|
|
"failed to send ntfy notification",
|
|
"error", err,
|
|
)
|
|
}
|
|
}()
|
|
}
|
|
|
|
func (svc *Service) dispatchSlack(
|
|
ctx context.Context,
|
|
title, message, priority string,
|
|
) {
|
|
if svc.slackWebhookURL == nil {
|
|
return
|
|
}
|
|
|
|
go func() {
|
|
notifyCtx := context.WithoutCancel(ctx)
|
|
|
|
err := svc.sendSlack(
|
|
notifyCtx, svc.slackWebhookURL,
|
|
title, message, priority,
|
|
)
|
|
if err != nil {
|
|
svc.log.Error(
|
|
"failed to send slack notification",
|
|
"error", err,
|
|
)
|
|
}
|
|
}()
|
|
}
|
|
|
|
func (svc *Service) dispatchMattermost(
|
|
ctx context.Context,
|
|
title, message, priority string,
|
|
) {
|
|
if svc.mattermostWebhookURL == nil {
|
|
return
|
|
}
|
|
|
|
go func() {
|
|
notifyCtx := context.WithoutCancel(ctx)
|
|
|
|
err := svc.sendSlack(
|
|
notifyCtx, svc.mattermostWebhookURL,
|
|
title, message, priority,
|
|
)
|
|
if err != nil {
|
|
svc.log.Error(
|
|
"failed to send mattermost notification",
|
|
"error", err,
|
|
)
|
|
}
|
|
}()
|
|
}
|
|
|
|
func (svc *Service) sendNtfy(
|
|
ctx context.Context,
|
|
topicURL *url.URL,
|
|
title, message, priority string,
|
|
) error {
|
|
svc.log.Debug(
|
|
"sending ntfy notification",
|
|
"topic", topicURL.String(),
|
|
"title", title,
|
|
)
|
|
|
|
ctx, cancel := context.WithTimeout(
|
|
ctx, httpClientTimeout,
|
|
)
|
|
defer cancel()
|
|
|
|
body := bytes.NewBufferString(message)
|
|
request := newRequest(
|
|
ctx, http.MethodPost, topicURL, body,
|
|
)
|
|
|
|
request.Header.Set("Title", title)
|
|
request.Header.Set("Priority", ntfyPriority(priority))
|
|
|
|
resp, err := svc.transport.RoundTrip(request)
|
|
if err != nil {
|
|
return fmt.Errorf("sending ntfy request: %w", err)
|
|
}
|
|
|
|
defer func() { _ = resp.Body.Close() }()
|
|
|
|
if resp.StatusCode >= httpStatusClientError {
|
|
return fmt.Errorf(
|
|
"%w: status %d",
|
|
ErrNtfyFailed, resp.StatusCode,
|
|
)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func ntfyPriority(priority string) string {
|
|
switch priority {
|
|
case "error":
|
|
return "urgent"
|
|
case "warning":
|
|
return "high"
|
|
case "success":
|
|
return "default"
|
|
case "info":
|
|
return "low"
|
|
default:
|
|
return "default"
|
|
}
|
|
}
|
|
|
|
// SlackPayload represents a Slack/Mattermost webhook payload.
|
|
type SlackPayload struct {
|
|
Text string `json:"text"`
|
|
Attachments []SlackAttachment `json:"attachments,omitempty"`
|
|
}
|
|
|
|
// SlackAttachment represents a Slack/Mattermost attachment.
|
|
type SlackAttachment struct {
|
|
Color string `json:"color"`
|
|
Title string `json:"title"`
|
|
Text string `json:"text"`
|
|
}
|
|
|
|
func (svc *Service) sendSlack(
|
|
ctx context.Context,
|
|
webhookURL *url.URL,
|
|
title, message, priority string,
|
|
) error {
|
|
ctx, cancel := context.WithTimeout(
|
|
ctx, httpClientTimeout,
|
|
)
|
|
defer cancel()
|
|
|
|
svc.log.Debug(
|
|
"sending webhook notification",
|
|
"url", webhookURL.String(),
|
|
"title", title,
|
|
)
|
|
|
|
payload := SlackPayload{
|
|
Attachments: []SlackAttachment{
|
|
{
|
|
Color: slackColor(priority),
|
|
Title: title,
|
|
Text: message,
|
|
},
|
|
},
|
|
}
|
|
|
|
body, err := json.Marshal(payload)
|
|
if err != nil {
|
|
return fmt.Errorf(
|
|
"marshaling webhook payload: %w", err,
|
|
)
|
|
}
|
|
|
|
request := newRequest(
|
|
ctx, http.MethodPost, webhookURL,
|
|
bytes.NewBuffer(body),
|
|
)
|
|
|
|
request.Header.Set("Content-Type", "application/json")
|
|
|
|
resp, err := svc.transport.RoundTrip(request)
|
|
if err != nil {
|
|
return fmt.Errorf("sending webhook request: %w", err)
|
|
}
|
|
|
|
defer func() { _ = resp.Body.Close() }()
|
|
|
|
if resp.StatusCode >= httpStatusClientError {
|
|
return fmt.Errorf(
|
|
"%w: status %d",
|
|
ErrSlackFailed, resp.StatusCode,
|
|
)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func slackColor(priority string) string {
|
|
switch priority {
|
|
case "error":
|
|
return "#dc3545"
|
|
case "warning":
|
|
return "#ffc107"
|
|
case "success":
|
|
return "#28a745"
|
|
case "info":
|
|
return "#17a2b8"
|
|
default:
|
|
return "#6c757d"
|
|
}
|
|
}
|