Merge branch 'main' of github.com:binwiederhier/ntfy into attachment-s3

.github/workflows/build.yaml

@@ -9,11 +9,11 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.24.x'
+          go-version: '1.25.x'
       - name: Install node
         uses: actions/setup-node@v3
         with:
-          node-version: '20'
+          node-version: '24'
           cache: 'npm'
           cache-dependency-path: './web/package-lock.json'
       - name: Install dependencies

.github/workflows/release.yaml

@@ -28,11 +28,11 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.24.x'
+          go-version: '1.25.x'
       - name: Install node
         uses: actions/setup-node@v3
         with:
-          node-version: '20'
+          node-version: '24'
           cache: 'npm'
           cache-dependency-path: './web/package-lock.json'
       - name: Docker login

.github/workflows/test.yaml

@@ -25,11 +25,11 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.24.x'
+          go-version: '1.25.x'
       - name: Install node
         uses: actions/setup-node@v3
         with:
-          node-version: '20'
+          node-version: '24'
           cache: 'npm'
           cache-dependency-path: './web/package-lock.json'
       - name: Install dependencies

Dockerfile-build

@@ -1,8 +1,8 @@
-FROM golang:1.24-bullseye as builder
+FROM golang:1.25-bookworm AS builder
 
 ARG VERSION=dev
 ARG COMMIT=unknown
-ARG NODE_MAJOR=18
+ARG NODE_MAJOR=24
 
 RUN apt-get update && apt-get install -y \
        build-essential ca-certificates curl gnupg \
@@ -21,14 +21,14 @@ ADD Makefile .
 
 # docs
 ADD ./requirements.txt .
-RUN make docs-deps
+RUN --mount=type=cache,target=/root/.cache/pip make docs-deps
 ADD ./mkdocs.yml .
 ADD ./docs ./docs
 RUN make docs-build
 
 # web
 ADD ./web/package.json ./web/package-lock.json ./web/
-RUN make web-deps
+RUN --mount=type=cache,target=/root/.npm make web-deps
 ADD ./web ./web
 RUN make web-build
 
@@ -41,7 +41,11 @@ ADD ./server ./server
 ADD ./user ./user
 ADD ./util ./util
 ADD ./payments ./payments
-RUN make VERSION=$VERSION COMMIT=$COMMIT cli-linux-server
+ADD ./db ./db
+ADD ./message ./message
+ADD ./model ./model
+ADD ./webpush ./webpush
+RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build make VERSION=$VERSION COMMIT=$COMMIT cli-linux-server
 
 FROM alpine
 

attachment/store.go

@@ -138,6 +138,9 @@ func (c *Store) Remove(ids ...string) error {
 // deletes orphans (not in the valid ID set and older than 1 hour), and recomputes
 // the total size from the remaining objects.
 func (c *Store) sync() error {
+	if c.localIDs == nil {
+		return nil
+	}
 	localIDs, err := c.localIDs()
 	if err != nil {
 		return fmt.Errorf("attachment sync: failed to get valid IDs: %w", err)

docs/faq.md

@@ -71,7 +71,8 @@ The web app is a static website without a backend (other than the ntfy API). All
 cache and local storage. That means it does not need to be protected with a login screen, and it poses no additional 
 security risk. So technically, it does not need to be disabled.
 
-However, if you still want to disable it, you can do so with the `web-root: disable` option in the `server.yml` file. 
+However, if you still want, you can require login with the `require-login: true` option,
+or disable it with the `web-root: disable` option in the `server.yml` file. 
 
 Think of the ntfy web app like an Android/iOS app. It is freely available and accessible to anyone, yet useless without
 a proper backend. So as long as you secure your backend with ACLs, exposing the ntfy web app to the Internet is harmless.