[PR #1329] [MERGED] [Featute] Add optional web app flag which requires a login for every action #1567

New issue

Closed

opened 2026-05-07 01:02:42 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented 2026-05-07 01:02:42 +02:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/binwiederhier/ntfy/pull/1329
Author: @theatischbein
Created: 5/5/2025
Status: ✅ Merged
Merged: 8/25/2025
Merged by: @binwiederhier

Base: main ← Head: feat_optional_require_login

---

📝 Commits (1)

• 03aeb70 feat: Add optional web app flag which requires a login for every action

📊 Changes

10 files changed (+39 additions, -13 deletions)

View changed files

📝 cmd/serve.go (+1 -0)
📝 docs/config.md (+1 -0)
📝 server/config.go (+1 -0)
📝 server/server.go (+1 -0)
📝 server/server.yml (+2 -0)
📝 server/types.go (+1 -0)
📝 web/public/static/langs/en.json (+2 -0)
📝 web/src/components/Navigation.jsx (+7 -1)
📝 web/src/components/Notifications.jsx (+7 -2)
📝 web/src/components/Preferences.jsx (+16 -10)

📄 Description

Problem

I have read #238 and was also notified about #1316 (which I disagree too because the ACL does not allow it).
I do understand that the web app is supposed to be a dump client, but I still want to manage who uses my server ressources. Since the web app has a login it feels not suitable to add an additonal login step like BASIC-AUTH.

But I see the point of #238 that the web app can be used to subscribe to other ntfy servers, which might not be wanted.

Also I find it a bit confusing in my setup that there are options in the NavigationBar to subscribe or publish notifications on my servers without a login, but the ACL does not allow it. And I do not want others (without an account) to use my instance to subscribe to external server.

Changes

So I added the flag require_login/require-login/NTFY_REQUIRE_LOGIN (Default: false).

If the flag is enabled and there is no Login:

• NavigationBar: hides All Notifications, Settings, Publisish Notification, Subscribe to topic
• NavigationBar: Documentation and all other possible entries are still there
• Endpoint /settings redirects back to main page
• Notification: Informs that a Login is needed to use this page

Missing

I only added the translation for English.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/binwiederhier/ntfy/pull/1329 **Author:** [@theatischbein](https://github.com/theatischbein) **Created:** 5/5/2025 **Status:** ✅ Merged **Merged:** 8/25/2025 **Merged by:** [@binwiederhier](https://github.com/binwiederhier) **Base:** `main` ← **Head:** `feat_optional_require_login` --- ### 📝 Commits (1) - [`03aeb70`](https://github.com/binwiederhier/ntfy/commit/03aeb707f2a3276239765292d37311786b44e4b4) feat: Add optional web app flag which requires a login for every action ### 📊 Changes **10 files changed** (+39 additions, -13 deletions) <details> <summary>View changed files</summary> 📝 `cmd/serve.go` (+1 -0) 📝 `docs/config.md` (+1 -0) 📝 `server/config.go` (+1 -0) 📝 `server/server.go` (+1 -0) 📝 `server/server.yml` (+2 -0) 📝 `server/types.go` (+1 -0) 📝 `web/public/static/langs/en.json` (+2 -0) 📝 `web/src/components/Navigation.jsx` (+7 -1) 📝 `web/src/components/Notifications.jsx` (+7 -2) 📝 `web/src/components/Preferences.jsx` (+16 -10) </details> ### 📄 Description ## Problem I have read #238 and was also notified about #1316 (which I disagree too because the ACL does not allow it). I do understand that the web app is supposed to be a dump client, but I still want to manage who uses my server ressources. Since the web app has a login it feels not suitable to add an additonal login step like BASIC-AUTH. But I see the point of #238 that the web app can be used to subscribe to other ntfy servers, which might not be wanted. Also I find it a bit confusing in my setup that there are options in the NavigationBar to subscribe or publish notifications on my servers without a login, but the ACL does not allow it. And I do not want others (without an account) to use my instance to subscribe to external server. ## Changes So I added the flag `require_login`/`require-login`/`NTFY_REQUIRE_LOGIN` (Default: `false`). If the flag is enabled and there is no Login: - NavigationBar: hides All Notifications, Settings, Publisish Notification, Subscribe to topic - NavigationBar: Documentation and all other possible entries are still there - Endpoint `/settings` redirects back to main page - Notification: Informs that a Login is needed to use this page  ## Missing I only added the translation for English. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

BreizhHardware 2026-05-07 01:02:42 +02:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/npm_and_yarn/web/fast-uri-3.1.2

email-verification

attachment-no-http2

attachment-fixes

attachment-s3

config-generator

postgres-replica

dockers-v2

postgres-support

postgres-webpush+user+message

postgres-webpush+user

postgres-webpush

1364-copy-action

crashfix

user-header

scalar-api-docs

cancel-scheduled

update-available

windows-server

303-update-notifications

postgres

admin-ui

require-login

http-clipboard

message-cache-lock

debian-stripe

predefined-users

busy-timeout

template-dir

ipv6

client-ip-header

apns-fix

feat_optional_require_login

security-updates

pg-message-cache

templating-disallow

templating-3

templating-2

message-size-limit+delay-limit

remove-rate-topics

html-emails

cf-priority

acl-underscores

auth-user-header

markdown

img-attach

web-improvements

utf8-headers

matrix-507-reject

http-response-writer

new-homepage-design

e2e

canary

windows

electron

update-messages

webhook-templating

v2.22.0

v2.21.0

v2.20.1

v2.20.0

v2.19.2

v2.19.1

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.14.0

v2.13.0

v2.12.0

v2.11.0

v2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

v2.0.0

v1.31.0

v1.30.1

v1.29.1

v1.29.0

v1.28.0

v1.27.2

v1.27.1

v1.26.0

v1.25.2

v1.25.1

v1.25.0

v1.24.0

v1.23.0

v1.22.0

v1.21.2

v1.21.1

v1.21.0

v1.20.0

v1.19.0

v1.18.1

v1.18.0

v1.17.1

v1.17.0

v1.16.0

v1.15.0

v1.14.1

v1.14.0

v1.13.0

v1.12.1

v1.12.0

v1.11.1

v1.11.2

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.7.0

v1.6.1

v1.6.0

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.8

v1.4.7

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.3

v1.3.1

v1.3.0

v1.2.5

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.0

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels   

ai-generated

  

android-app

  

android-app

  

android-app

  

🪲 bug

  

build

  

build

  

dependencies

  

docs

  

enhancement

  

enhancement

  

🔥 HOT

  

in-progress 🏃

  

ios

  

prio:low

  

prio:low

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

🔒 security

  

server

  

server

  

unified-push

  

web-app

  

website

No labels

ai-generated

android-app

android-app

android-app

🪲 bug

build

build

dependencies

docs

enhancement

enhancement

🔥 HOT

in-progress 🏃

ios

prio:low

prio:low

pull-request

question

🔒 security

server

server

unified-push

web-app

website

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ntfy#1567

No description provided.