Add default-server ntfy auth (fix 403 on protected topics)

The "send test" action, admin alerts and feeds without their own credentials now use configurable default-server token / basic auth, so publishing works against ntfy servers with access control enabled. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-02 21:47:12 +08:00
parent bf52bc3079
commit e696537fe1
7 changed files with 50 additions and 3 deletions
@@ -384,6 +384,9 @@ def read_settings(session: Session = Depends(get_session), _: User = Depends(req
    s = get_settings(session)
    return {
        "default_ntfy_server": s.default_ntfy_server,
+        "default_ntfy_token": s.default_ntfy_token,
+        "default_ntfy_username": s.default_ntfy_username,
+        "default_ntfy_password": s.default_ntfy_password,
        "check_interval": s.check_interval,
        "auth_enabled": s.auth_enabled,
        "telegram_enabled": s.telegram_enabled,
@@ -410,6 +413,9 @@ def write_settings(
        raise HTTPException(400, "Создайте хотя бы одного пользователя перед включением авторизации")

    s.default_ntfy_server = data.default_ntfy_server.strip() or "https://ntfy.sh"
+    s.default_ntfy_token = data.default_ntfy_token.strip()
+    s.default_ntfy_username = data.default_ntfy_username.strip()
+    s.default_ntfy_password = data.default_ntfy_password
    s.check_interval = data.check_interval
    s.auth_enabled = data.auth_enabled
    s.telegram_enabled = data.telegram_enabled
@@ -520,6 +526,8 @@ async def test_notification(
    server = data.server.strip() or s.default_ntfy_server
    if not data.topic.strip():
        raise HTTPException(400, "Укажите тему")
+    # Use a custom server's own auth only if it matches the default; otherwise
+    # fall back to the configured default-server credentials.
    try:
        await ntfy.publish(
            server=server,
@@ -528,6 +536,9 @@ async def test_notification(
            message="Тестовое уведомление — всё работает!",
            tags="white_check_mark",
            priority=3,
+            token=s.default_ntfy_token,
+            username=s.default_ntfy_username,
+            password=s.default_ntfy_password,
        )
    except Exception as exc:  # noqa: BLE001
        raise HTTPException(502, f"Не удалось отправить: {exc}")