~xenrox/ntfy-alertmanager: alertmanager: Support basic auth

4 files changed, 34 insertions(+), 1 deletions(-)

M README.md
M config.go
M config_test.go
M silence.go

M README.md => README.md +3 -0

@@ 70,6 70,9 @@ alertmanager {
     # the request will be proxied through ntfy-alertmanager. Therefore ntfy-alertmanager
     # needs to be exposed to external network requests and base-url has to be set.
     silence-duration 24h
+    # Basic authentication (https://prometheus.io/docs/alerting/latest/https/)
+    user user
+    password pass
 }
 
 # When the alert-mode is set to single, ntfy-alertmanager will cache each single alert

M config.go => config.go +16 -0

@@ 50,6 50,8 @@ type cacheConfig struct {
 }
 
 type alertmanagerConfig struct {
+	User            string
+	Password        string
 	SilenceDuration time.Duration
 }
 


@@ 246,6 248,20 @@ func readConfig(path string) (*config, error) {
 
 			config.am.SilenceDuration = duration
 		}
+
+		d = amDir.Children.Get("user")
+		if d != nil {
+			if err := d.ParseParams(&config.am.User); err != nil {
+				return nil, err
+			}
+		}
+
+		d = amDir.Children.Get("password")
+		if d != nil {
+			if err := d.ParseParams(&config.am.Password); err != nil {
+				return nil, err
+			}
+		}
 	}
 
 	return config, nil

M config_test.go => config_test.go +8 -1

@@ 55,6 55,9 @@ alertmanager {
     # the request will be proxied through ntfy-alertmanager. Therefore ntfy-alertmanager
     # needs to be exposed to external network requests and base-url has to be set.
     silence-duration 24h
+    # Basic authentication (https://prometheus.io/docs/alerting/latest/https/)
+    user user
+    password pass
 }
 
 # When the alert-mode is set to single, ntfy-alertmanager will cache each single alert


@@ 83,7 86,11 @@ cache {
 			},
 		},
 		cache: cacheConfig{CleanupInterval: time.Hour, Duration: 48 * time.Hour},
-		am:    alertmanagerConfig{SilenceDuration: time.Hour * 24},
+		am: alertmanagerConfig{
+			SilenceDuration: time.Hour * 24,
+			User:            "user",
+			Password:        "pass",
+		},
 	}
 
 	configPath := filepath.Join(t.TempDir(), "config")

M silence.go => silence.go +7 -0

@@ 4,6 4,7 @@ import (
 	"bytes"
 	"encoding/base64"
 	"encoding/json"
+	"fmt"
 	"io"
 	"net/http"
 	"time"


@@ 93,6 94,12 @@ func (rcv *receiver) handleSilences(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// Basic auth
+	if rcv.cfg.am.User != "" && rcv.cfg.am.Password != "" {
+		auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", rcv.cfg.am.User, rcv.cfg.am.Password)))
+		req.Header.Set("Authorization", fmt.Sprintf("Basic %s", auth))
+	}
+
 	req.Header.Add("Content-Type", "application/json")
 	resp, err := client.Do(req)
 	if err != nil {