mirror of https://github.com/gotify/server.git synced 2026-07-01 04:34:20 +08:00

Go to file

Jannis Mattheis 925fb7e2c9 Fix file upload XSS

The application image file upload allowed authenticated users to upload
malious .html files. Opening such a file like

https://push.gotify.net/image/ViaxrjzNowdgL-xnEfVV-Ggv5.html

would allow the attacker to execute client side scripts.

The application image upload will now only allow the upload of files
with the following extensions: .gif, .png, .jpg and .jpeg.

2022-12-28 20:13:35 +01:00

.github

Update golang ci action

2022-12-03 11:42:19 +01:00

api

Fix file upload XSS

2022-12-28 20:13:35 +01:00

auth

Update docs

2022-12-03 10:45:07 +01:00

config

Add registration

2021-08-04 19:39:43 +02:00

database

Update linter

2022-05-29 19:45:45 +02:00

docker

Add linux/riscv64 project support

2022-11-09 19:01:20 +01:00

docs

Update docs

2022-12-03 10:45:07 +01:00

error

Update gin-gonic

2020-05-08 15:16:43 +02:00

hack/packr

Update packr/v2

2020-03-07 20:15:25 +01:00

mode

Use golangci-lint

2020-11-01 10:47:02 +01:00

model

Fix required mismatch in update & create user

2022-09-10 16:47:22 +02:00

plugin

Log loaded plugins

2022-09-11 17:29:31 +02:00

router

Mask token in log

2021-09-27 17:46:12 +02:00

runner

Fix redirect to https with default http port

2022-12-03 11:42:19 +01:00

test

Fix file upload XSS

2022-12-28 20:13:35 +01:00

Add priority colors

2022-10-21 20:39:50 +02:00

.editorconfig

Add .editorconfig file.

2020-02-11 17:27:22 +01:00

.gitignore

Change default folder & db path to data/*

2018-05-10 12:34:35 +02:00

.golangci.yml

Update linter

2022-05-29 19:45:45 +02:00

app.go

Update linter

2022-05-29 19:45:45 +02:00

CODE_OF_CONDUCT.md

Add code of conduct

2018-03-02 21:04:51 +01:00

CODEOWNERS

Add code owners

2019-03-16 14:28:09 +01:00

config.example.yml

Fix keep alive setting comment

2021-09-07 21:29:11 +02:00

CONTRIBUTING.md

improve CONTRIBUTING.md (#181 )

2019-04-04 23:03:21 +08:00

GO_VERSION

Update to go1.19

2022-09-10 16:47:22 +02:00

go.mod

Update other go deps

2022-09-10 16:50:01 +02:00

go.sum

Update other go deps

2022-09-10 16:50:01 +02:00

LICENSE

Use logo from gotify/logo.

2019-03-08 16:03:34 +01:00

Makefile

Add linux/riscv64 project support

2022-11-09 19:01:20 +01:00

README.md

Migrate to github actions

2021-01-06 14:27:55 +00:00

SECURITY.md

Create SECURITY.md

2021-09-26 20:46:58 +00:00

ui.png

[ImgBot] Optimize images

2019-01-20 12:00:36 +01:00

README.md

gotify/server

Intro

We wanted a simple server for sending and receiving messages (in real time per WebSocket). For this, not many open source projects existed and most of the existing ones were abandoned. Also, a requirement was that it can be self-hosted. We know there are many free and commercial push services out there.

Features

send messages via REST-API
receive messages via WebSocket
manage users, clients and applications
Plugins
Web-UI -> ./ui
CLI for sending messages -> gotify/cli
Android-App -> gotify/android

_{(Google Play and the Google Play logo are trademarks of Google LLC.)}

Documentation

Install ᛫ Configuration ᛫ REST-API ᛫ Setup Dev Environment

Contributing

We welcome all kinds of contribution, including bug reports, feature requests, documentation improvements, UI refinements, etc. Check out CONTRIBUTING.md for guidelines.

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository.

License

This project is licensed under the MIT License - see the LICENSE file for details

Languages

Go 67.5%

TypeScript 30.8%

Makefile 1%

HTML 0.3%

Dockerfile 0.3%