This commit is contained in:
binwiederhier 2023-05-11 13:50:10 -04:00
parent a26a6be62b
commit d4767caf30
10 changed files with 279 additions and 26 deletions

View file

@ -74,6 +74,7 @@ var flagsServe = append(
altsrc.NewStringFlag(&cli.StringFlag{Name: "twilio-account", Aliases: []string{"twilio_account"}, EnvVars: []string{"NTFY_TWILIO_ACCOUNT"}, Usage: "Twilio account SID, used for SMS and calling, e.g. AC123..."}),
altsrc.NewStringFlag(&cli.StringFlag{Name: "twilio-auth-token", Aliases: []string{"twilio_auth_token"}, EnvVars: []string{"NTFY_TWILIO_AUTH_TOKEN"}, Usage: "Twilio auth token"}),
altsrc.NewStringFlag(&cli.StringFlag{Name: "twilio-from-number", Aliases: []string{"twilio_from_number"}, EnvVars: []string{"NTFY_TWILIO_FROM_NUMBER"}, Usage: "Twilio number to use for outgoing calls and text messages"}),
altsrc.NewStringFlag(&cli.StringFlag{Name: "twilio-verify-service", Aliases: []string{"twilio_verify_service"}, EnvVars: []string{"NTFY_TWILIO_VERIFY_SERVICE"}, Usage: "Twilio Verify service ID, used for phone number verification"}),
altsrc.NewIntFlag(&cli.IntFlag{Name: "global-topic-limit", Aliases: []string{"global_topic_limit", "T"}, EnvVars: []string{"NTFY_GLOBAL_TOPIC_LIMIT"}, Value: server.DefaultTotalTopicLimit, Usage: "total number of topics allowed"}),
altsrc.NewIntFlag(&cli.IntFlag{Name: "visitor-subscription-limit", Aliases: []string{"visitor_subscription_limit"}, EnvVars: []string{"NTFY_VISITOR_SUBSCRIPTION_LIMIT"}, Value: server.DefaultVisitorSubscriptionLimit, Usage: "number of subscriptions per visitor"}),
altsrc.NewStringFlag(&cli.StringFlag{Name: "visitor-attachment-total-size-limit", Aliases: []string{"visitor_attachment_total_size_limit"}, EnvVars: []string{"NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT"}, Value: "100M", Usage: "total storage limit used for attachments per visitor"}),
@ -159,6 +160,7 @@ func execServe(c *cli.Context) error {
twilioAccount := c.String("twilio-account")
twilioAuthToken := c.String("twilio-auth-token")
twilioFromNumber := c.String("twilio-from-number")
twilioVerifyService := c.String("twilio-verify-service")
totalTopicLimit := c.Int("global-topic-limit")
visitorSubscriptionLimit := c.Int("visitor-subscription-limit")
visitorSubscriberRateLimiting := c.Bool("visitor-subscriber-rate-limiting")
@ -323,6 +325,7 @@ func execServe(c *cli.Context) error {
conf.TwilioAccount = twilioAccount
conf.TwilioAuthToken = twilioAuthToken
conf.TwilioFromNumber = twilioFromNumber
conf.TwilioVerifyService = twilioVerifyService
conf.TotalTopicLimit = totalTopicLimit
conf.VisitorSubscriptionLimit = visitorSubscriptionLimit
conf.VisitorAttachmentTotalSizeLimit = visitorAttachmentTotalSizeLimit

View file

@ -107,10 +107,12 @@ type Config struct {
SMTPServerListen string
SMTPServerDomain string
SMTPServerAddrPrefix string
TwilioBaseURL string
TwilioMessagingBaseURL string
TwilioAccount string
TwilioAuthToken string
TwilioFromNumber string
TwilioVerifyBaseURL string
TwilioVerifyService string
MetricsEnable bool
MetricsListenHTTP string
ProfileListenHTTP string
@ -191,10 +193,12 @@ func NewConfig() *Config {
SMTPServerListen: "",
SMTPServerDomain: "",
SMTPServerAddrPrefix: "",
TwilioBaseURL: "https://api.twilio.com", // Override for tests
TwilioMessagingBaseURL: "https://api.twilio.com", // Override for tests
TwilioAccount: "",
TwilioAuthToken: "",
TwilioFromNumber: "",
TwilioVerifyBaseURL: "https://verify.twilio.com", // Override for tests
TwilioVerifyService: "",
MessageLimit: DefaultMessageLengthLimit,
MinDelay: DefaultMinDelay,
MaxDelay: DefaultMaxDelay,

View file

@ -88,6 +88,7 @@ var (
apiAccountSettingsPath = "/v1/account/settings"
apiAccountSubscriptionPath = "/v1/account/subscription"
apiAccountReservationPath = "/v1/account/reservation"
apiAccountPhonePath = "/v1/account/phone"
apiAccountBillingPortalPath = "/v1/account/billing/portal"
apiAccountBillingWebhookPath = "/v1/account/billing/webhook"
apiAccountBillingSubscriptionPath = "/v1/account/billing/subscription"
@ -450,6 +451,10 @@ func (s *Server) handleInternal(w http.ResponseWriter, r *http.Request, v *visit
return s.ensurePaymentsEnabled(s.ensureStripeCustomer(s.handleAccountBillingPortalSessionCreate))(w, r, v)
} else if r.Method == http.MethodPost && r.URL.Path == apiAccountBillingWebhookPath {
return s.ensurePaymentsEnabled(s.ensureUserManager(s.handleAccountBillingWebhook))(w, r, v) // This request comes from Stripe!
} else if r.Method == http.MethodPut && r.URL.Path == apiAccountPhonePath {
return s.ensureUser(s.withAccountSync(s.handleAccountPhoneNumberAdd))(w, r, v)
} else if r.Method == http.MethodPost && r.URL.Path == apiAccountPhonePath {
return s.ensureUser(s.withAccountSync(s.handleAccountPhoneNumberVerify))(w, r, v)
} else if r.Method == http.MethodGet && r.URL.Path == apiStatsPath {
return s.handleStats(w, r, v)
} else if r.Method == http.MethodGet && r.URL.Path == apiTiersPath {

View file

@ -149,6 +149,7 @@
# twilio-account:
# twilio-auth-token:
# twilio-from-number:
# twilio-verify-service:
# Interval in which keepalive messages are sent to the client. This is to prevent
# intermediaries closing the connection for inactivity.

View file

@ -144,6 +144,19 @@ func (s *Server) handleAccountGet(w http.ResponseWriter, r *http.Request, v *vis
})
}
}
phoneNumbers, err := s.userManager.PhoneNumbers(u.ID)
if err != nil {
return err
}
if len(phoneNumbers) > 0 {
response.PhoneNumbers = make([]*apiAccountPhoneNumberResponse, 0)
for _, p := range phoneNumbers {
response.PhoneNumbers = append(response.PhoneNumbers, &apiAccountPhoneNumberResponse{
Number: p.Number,
Verified: p.Verified,
})
}
}
} else {
response.Username = user.Everyone
response.Role = string(user.RoleAnonymous)
@ -517,6 +530,80 @@ func (s *Server) maybeRemoveMessagesAndExcessReservations(r *http.Request, v *vi
return nil
}
func (s *Server) handleAccountPhoneNumberAdd(w http.ResponseWriter, r *http.Request, v *visitor) error {
u := v.User()
req, err := readJSONWithLimit[apiAccountPhoneNumberRequest](r.Body, jsonBodyBytesLimit, false)
if err != nil {
return err
}
if !phoneNumberRegex.MatchString(req.Number) {
return errHTTPBadRequestPhoneNumberInvalid
}
// Check user is allowed to add phone numbers
if u == nil || (u.IsUser() && u.Tier == nil) {
return errHTTPUnauthorized
} else if u.IsUser() && u.Tier.SMSLimit == 0 && u.Tier.CallLimit == 0 {
return errHTTPUnauthorized
}
// Actually add the unverified number, and send verification
logvr(v, r).
Tag(tagAccount).
Fields(log.Context{
"number": req.Number,
}).
Debug("Adding phone number, and sending verification")
if err := s.userManager.AddPhoneNumber(u.ID, req.Number); err != nil {
return err
}
if err := s.verifyPhone(v, r, req.Number); err != nil {
return err
}
return s.writeJSON(w, newSuccessResponse())
}
func (s *Server) handleAccountPhoneNumberVerify(w http.ResponseWriter, r *http.Request, v *visitor) error {
u := v.User()
req, err := readJSONWithLimit[apiAccountPhoneNumberRequest](r.Body, jsonBodyBytesLimit, false)
if err != nil {
return err
}
if !phoneNumberRegex.MatchString(req.Number) {
return errHTTPBadRequestPhoneNumberInvalid
}
// Check user is allowed to add phone numbers
if u == nil {
return errHTTPUnauthorized
}
// Get phone numbers, and check if it's in the list
phoneNumbers, err := s.userManager.PhoneNumbers(u.ID)
if err != nil {
return err
}
found := false
for _, phoneNumber := range phoneNumbers {
if phoneNumber.Number == req.Number && phoneNumber.Verified {
found = true
break
}
}
if !found {
return errHTTPBadRequestPhoneNumberInvalid
}
if err := s.checkVerifyPhone(v, r, req.Number, req.Code); err != nil {
return err
}
logvr(v, r).
Tag(tagAccount).
Fields(log.Context{
"number": req.Number,
}).
Debug("Marking phone number as verified")
if err := s.userManager.MarkPhoneNumberVerified(u.ID, req.Number); err != nil {
return err
}
return s.writeJSON(w, newSuccessResponse())
}
// publishSyncEventAsync kicks of a Go routine to publish a sync message to the user's sync topic
func (s *Server) publishSyncEventAsync(v *visitor) {
go func() {

View file

@ -38,7 +38,7 @@ func (s *Server) sendSMS(v *visitor, r *http.Request, m *message, to string) {
data.Set("From", s.config.TwilioFromNumber)
data.Set("To", to)
data.Set("Body", body)
s.performTwilioRequest(v, r, m, metricSMSSentSuccess, metricSMSSentFailure, twilioMessageEndpoint, to, body, data)
s.twilioMessagingRequest(v, r, m, metricSMSSentSuccess, metricSMSSentFailure, twilioMessageEndpoint, to, body, data)
}
func (s *Server) callPhone(v *visitor, r *http.Request, m *message, to string) {
@ -47,10 +47,72 @@ func (s *Server) callPhone(v *visitor, r *http.Request, m *message, to string) {
data.Set("From", s.config.TwilioFromNumber)
data.Set("To", to)
data.Set("Twiml", body)
s.performTwilioRequest(v, r, m, metricCallsMadeSuccess, metricCallsMadeFailure, twilioCallEndpoint, to, body, data)
s.twilioMessagingRequest(v, r, m, metricCallsMadeSuccess, metricCallsMadeFailure, twilioCallEndpoint, to, body, data)
}
func (s *Server) performTwilioRequest(v *visitor, r *http.Request, m *message, msuccess, mfailure prometheus.Counter, endpoint, to, body string, data url.Values) {
func (s *Server) verifyPhone(v *visitor, r *http.Request, phoneNumber string) error {
logvr(v, r).Tag(tagTwilio).Field("twilio_to", phoneNumber).Debug("Sending phone verification")
data := url.Values{}
data.Set("To", phoneNumber)
data.Set("Channel", "sms")
requestURL := fmt.Sprintf("%s/v2/Services/%s/Verifications", s.config.TwilioVerifyBaseURL, s.config.TwilioVerifyService)
req, err := http.NewRequest(http.MethodPost, requestURL, strings.NewReader(data.Encode()))
if err != nil {
return err
}
req.Header.Set("Authorization", util.BasicAuth(s.config.TwilioAccount, s.config.TwilioAuthToken))
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
resp, err := http.DefaultClient.Do(req)
if err != nil {
return err
}
response, err := io.ReadAll(resp.Body)
ev := logvr(v, r).Tag(tagTwilio)
if err != nil {
ev.Err(err).Warn("Error sending Twilio phone verification request")
return err
}
if ev.IsTrace() {
ev.Field("twilio_response", string(response)).Trace("Received successful Twilio phone verification response")
} else if ev.IsDebug() {
ev.Debug("Received successful Twilio phone verification response")
}
return nil
}
func (s *Server) checkVerifyPhone(v *visitor, r *http.Request, phoneNumber, code string) error {
logvr(v, r).Tag(tagTwilio).Field("twilio_to", phoneNumber).Debug("Checking phone verification")
data := url.Values{}
data.Set("To", phoneNumber)
data.Set("Code", code)
requestURL := fmt.Sprintf("%s/v2/Services/%s/VerificationCheck", s.config.TwilioVerifyBaseURL, s.config.TwilioAccount)
req, err := http.NewRequest(http.MethodPost, requestURL, strings.NewReader(data.Encode()))
if err != nil {
return err
}
req.Header.Set("Authorization", util.BasicAuth(s.config.TwilioAccount, s.config.TwilioAuthToken))
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
resp, err := http.DefaultClient.Do(req)
if err != nil {
return err
} else if resp.StatusCode != http.StatusOK {
return
}
response, err := io.ReadAll(resp.Body)
if err != nil {
return err
}
ev := logvr(v, r).Tag(tagTwilio)
if ev.IsTrace() {
ev.Field("twilio_response", string(response)).Trace("Received successful Twilio phone verification response")
} else if ev.IsDebug() {
ev.Debug("Received successful Twilio phone verification response")
}
return nil
}
func (s *Server) twilioMessagingRequest(v *visitor, r *http.Request, m *message, msuccess, mfailure prometheus.Counter, endpoint, to, body string, data url.Values) {
logContext := log.Context{
"twilio_from": s.config.TwilioFromNumber,
"twilio_to": to,
@ -61,7 +123,7 @@ func (s *Server) performTwilioRequest(v *visitor, r *http.Request, m *message, m
} else if ev.IsDebug() {
ev.Debug("Sending Twilio request")
}
response, err := s.performTwilioRequestInternal(endpoint, data)
response, err := s.performTwilioMessagingRequestInternal(endpoint, data)
if err != nil {
ev.
Field("twilio_body", body).
@ -79,8 +141,8 @@ func (s *Server) performTwilioRequest(v *visitor, r *http.Request, m *message, m
minc(msuccess)
}
func (s *Server) performTwilioRequestInternal(endpoint string, data url.Values) (string, error) {
requestURL := fmt.Sprintf("%s/2010-04-01/Accounts/%s/%s", s.config.TwilioBaseURL, s.config.TwilioAccount, endpoint)
func (s *Server) performTwilioMessagingRequestInternal(endpoint string, data url.Values) (string, error) {
requestURL := fmt.Sprintf("%s/2010-04-01/Accounts/%s/%s", s.config.TwilioMessagingBaseURL, s.config.TwilioAccount, endpoint)
req, err := http.NewRequest(http.MethodPost, requestURL, strings.NewReader(data.Encode()))
if err != nil {
return "", err

View file

@ -25,7 +25,7 @@ func TestServer_Twilio_SMS(t *testing.T) {
c := newTestConfig(t)
c.BaseURL = "https://ntfy.sh"
c.TwilioBaseURL = twilioServer.URL
c.TwilioMessagingBaseURL = twilioServer.URL
c.TwilioAccount = "AC1234567890"
c.TwilioAuthToken = "AAEAA1234567890"
c.TwilioFromNumber = "+1234567890"
@ -58,7 +58,7 @@ func TestServer_Twilio_SMS_With_User(t *testing.T) {
c := newTestConfigWithAuthFile(t)
c.BaseURL = "https://ntfy.sh"
c.TwilioBaseURL = twilioServer.URL
c.TwilioMessagingBaseURL = twilioServer.URL
c.TwilioAccount = "AC1234567890"
c.TwilioAuthToken = "AAEAA1234567890"
c.TwilioFromNumber = "+1234567890"
@ -104,7 +104,7 @@ func TestServer_Twilio_Call(t *testing.T) {
defer twilioServer.Close()
c := newTestConfig(t)
c.TwilioBaseURL = twilioServer.URL
c.TwilioMessagingBaseURL = twilioServer.URL
c.TwilioAccount = "AC1234567890"
c.TwilioAuthToken = "AAEAA1234567890"
c.TwilioFromNumber = "+1234567890"
@ -139,7 +139,7 @@ func TestServer_Twilio_Call_With_User(t *testing.T) {
defer twilioServer.Close()
c := newTestConfigWithAuthFile(t)
c.TwilioBaseURL = twilioServer.URL
c.TwilioMessagingBaseURL = twilioServer.URL
c.TwilioAccount = "AC1234567890"
c.TwilioAuthToken = "AAEAA1234567890"
c.TwilioFromNumber = "+1234567890"
@ -167,7 +167,7 @@ func TestServer_Twilio_Call_With_User(t *testing.T) {
func TestServer_Twilio_Call_InvalidNumber(t *testing.T) {
c := newTestConfig(t)
c.TwilioBaseURL = "https://127.0.0.1"
c.TwilioMessagingBaseURL = "https://127.0.0.1"
c.TwilioAccount = "AC1234567890"
c.TwilioAuthToken = "AAEAA1234567890"
c.TwilioFromNumber = "+1234567890"
@ -181,7 +181,7 @@ func TestServer_Twilio_Call_InvalidNumber(t *testing.T) {
func TestServer_Twilio_SMS_InvalidNumber(t *testing.T) {
c := newTestConfig(t)
c.TwilioBaseURL = "https://127.0.0.1"
c.TwilioMessagingBaseURL = "https://127.0.0.1"
c.TwilioAccount = "AC1234567890"
c.TwilioAuthToken = "AAEAA1234567890"
c.TwilioFromNumber = "+1234567890"

View file

@ -277,6 +277,16 @@ type apiAccountTokenResponse struct {
Expires int64 `json:"expires,omitempty"` // Unix timestamp
}
type apiAccountPhoneNumberRequest struct {
Number string `json:"number"`
Code string `json:"code,omitempty"` // Only supplied in "verify" call
}
type apiAccountPhoneNumberResponse struct {
Number string `json:"number"`
Verified bool `json:"verified"`
}
type apiAccountTier struct {
Code string `json:"code"`
Name string `json:"name"`
@ -334,6 +344,7 @@ type apiAccountResponse struct {
Subscriptions []*user.Subscription `json:"subscriptions,omitempty"`
Reservations []*apiAccountReservation `json:"reservations,omitempty"`
Tokens []*apiAccountTokenResponse `json:"tokens,omitempty"`
PhoneNumbers []*apiAccountPhoneNumberResponse `json:"phone_numbers,omitempty"`
Tier *apiAccountTier `json:"tier,omitempty"`
Limits *apiAccountLimits `json:"limits,omitempty"`
Stats *apiAccountStats `json:"stats,omitempty"`
@ -419,3 +430,7 @@ type apiStripeSubscriptionDeletedEvent struct {
ID string `json:"id"`
Customer string `json:"customer"`
}
type apiTwilioVerifyResponse struct {
Status string `json:"status"`
}

View file

@ -113,6 +113,14 @@ const (
PRIMARY KEY (user_id, token),
FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
);
CREATE TABLE IF NOT EXISTS user_phone (
user_id TEXT NOT NULL,
phone_number TEXT NOT NULL,
verified INT NOT NULL,
PRIMARY KEY (user_id, phone_number),
FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
);
CREATE UNIQUE INDEX idx_user_phone_number ON user_phone (phone_number);
CREATE TABLE IF NOT EXISTS schemaVersion (
id INT PRIMARY KEY,
version INT NOT NULL
@ -261,6 +269,10 @@ const (
)
`
selectPhoneNumbersQuery = `SELECT phone_number, verified FROM user_phone WHERE user_id = ?`
insertPhoneNumberQuery = `INSERT INTO user_phone (user_id, phone_number, verified) VALUES (?, ?, 0)`
updatePhoneNumberVerifiedQuery = `UPDATE user_phone SET verified=1 WHERE user_id = ? AND phone_number = ?`
insertTierQuery = `
INSERT INTO tier (id, code, name, messages_limit, messages_expiry_duration, emails_limit, sms_limit, calls_limit, reservations_limit, attachment_file_size_limit, attachment_total_size_limit, attachment_expiry_duration, attachment_bandwidth_limit, stripe_monthly_price_id, stripe_yearly_price_id)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
@ -402,6 +414,14 @@ const (
ALTER TABLE tier ADD COLUMN calls_limit INT NOT NULL DEFAULT (0);
ALTER TABLE user ADD COLUMN stats_sms INT NOT NULL DEFAULT (0);
ALTER TABLE user ADD COLUMN stats_calls INT NOT NULL DEFAULT (0);
CREATE TABLE IF NOT EXISTS user_phone (
user_id TEXT NOT NULL,
phone_number TEXT NOT NULL,
verified INT NOT NULL,
PRIMARY KEY (user_id, phone_number),
FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
);
CREATE UNIQUE INDEX idx_user_phone_number ON user_phone (phone_number);
`
)
@ -631,6 +651,56 @@ func (a *Manager) RemoveExpiredTokens() error {
return nil
}
func (a *Manager) PhoneNumbers(userID string) ([]*PhoneNumber, error) {
rows, err := a.db.Query(selectPhoneNumbersQuery, userID)
if err != nil {
return nil, err
}
defer rows.Close()
phoneNumbers := make([]*PhoneNumber, 0)
for {
phoneNumber, err := a.readPhoneNumber(rows)
if err == ErrPhoneNumberNotFound {
break
} else if err != nil {
return nil, err
}
phoneNumbers = append(phoneNumbers, phoneNumber)
}
return phoneNumbers, nil
}
func (a *Manager) readPhoneNumber(rows *sql.Rows) (*PhoneNumber, error) {
var phoneNumber string
var verified bool
if !rows.Next() {
return nil, ErrPhoneNumberNotFound
}
if err := rows.Scan(&phoneNumber, &verified); err != nil {
return nil, err
} else if err := rows.Err(); err != nil {
return nil, err
}
return &PhoneNumber{
Number: phoneNumber,
Verified: verified,
}, nil
}
func (a *Manager) AddPhoneNumber(userID string, phoneNumber string) error {
if _, err := a.db.Exec(insertPhoneNumberQuery, userID, phoneNumber); err != nil {
return err
}
return nil
}
func (a *Manager) MarkPhoneNumberVerified(userID string, phoneNumber string) error {
if _, err := a.db.Exec(updatePhoneNumberVerifiedQuery, userID, phoneNumber); err != nil {
return err
}
return nil
}
// RemoveDeletedUsers deletes all users that have been marked deleted for
func (a *Manager) RemoveDeletedUsers() error {
if _, err := a.db.Exec(deleteUsersMarkedQuery, time.Now().Unix()); err != nil {

View file

@ -71,6 +71,11 @@ type TokenUpdate struct {
LastOrigin netip.Addr
}
type PhoneNumber struct {
Number string
Verified bool
}
// Prefs represents a user's configuration settings
type Prefs struct {
Language *string `json:"language,omitempty"`
@ -282,5 +287,6 @@ var (
ErrUserNotFound = errors.New("user not found")
ErrTierNotFound = errors.New("tier not found")
ErrTokenNotFound = errors.New("token not found")
ErrPhoneNumberNotFound = errors.New("phone number not found")
ErrTooManyReservations = errors.New("new tier has lower reservation limit")
)