Add Flowtriq notification provider#4239
Conversation
Adds a custom Apprise plugin for Flowtriq (flowtriq://) that sends structured JSON webhook payloads for correlating website changes with DDoS attack data. Supports optional API key authentication via the X-API-Key header. Usage: flowtriq://app.flowtriq.com/api/v1/webhooks/changedetection?key=your-key
|
Heya - thanks, but for now probably i wont ship this inside of changedetection, i'll check for some |
No worries and thank you! Let me know what you find and I can adapt this PR :) |
AmirF194
left a comment
There was a problem hiding this comment.
Nice, clean addition. The plugin is a well-formed NotifyBase subclass and the wiring is right: registering in handler.py plus the noqa: F401 imports in forms.py and blueprint/ui/notification.py is what makes flowtriq:// validate in the URL field and work in the test-notification path. I confirmed a registered flowtriq:// URL instantiates and sends through apprise. Failure handling is graceful (RequestException caught, logged, returns False), the X-API-Key header is only set when a key is present, and there are real unit tests that would fail at collection without the new module. I ran all 6 against apprise 1.9.9 and they pass.
A couple of things worth a look before merge:
-
Egress SSRF. The
requests.postinsend()goes to a user-controlled host with no private-address check, soflowtriq://169.254.169.254/...orflowtriq://localhost/...are accepted and posted to. The project already guards notification egress atcustom_handlers.py:204-210viais_url_private_or_parser_confused(GHSA-rph4-96w6-q594), gated byALLOW_IANA_RESTRICTED_ADDRESSES. These URLs are usually operator-set so this is defense in depth, but since the rest of the notification stack enforces it, reusing that helper here (and honoringself.verify_certificate) would keep the posture consistent. -
The
watch_urlfield in the payload is set totitle. With the default title templateChangeDetection.io Notification - {{watch_url}}, that field carries the whole rendered title string rather than the bare monitored URL, and it duplicatestitle. Since the point is correlating by URL, it might be worth either documenting that users should set a bare{{watch_url}}title/body, or dropping the redundant field. apprise'ssend()does not receive the watch URL directly, so those are the honest options.
Optional: in url(), url.rstrip('?key=') strips any trailing characters in the set {?, k, e, y, =}, not the literal suffix, so /api/webhook-key becomes /api/webhook-. Live sends are unaffected since the raw URL is stored and webhook_url is built in __init__, but removesuffix('?key=') (or only appending ?key= when a key is set) would be correct.
One CI note: all checks are green, but I do not think any job actually runs tests/apprise/. unit-tests runs tests/unit/ tests/llm/ and basic-tests runs pytest tests/test_*.py (non-recursive) plus named files, so the new tests are not exercised in CI (the two existing tests/apprise/ files look un-run too, so this predates the PR). I ran them locally and they pass. Adding tests/apprise/ to a CI job would let them gate future changes.
…ield - Add egress SSRF guard via is_url_private_or_parser_confused, honoring ALLOW_IANA_RESTRICTED_ADDRESSES, consistent with custom_handlers.py - Honor self.verify_certificate in requests.post - Remove redundant watch_url field from payload (duplicated title) - Fix url() rstrip bug: build URL conditionally instead of stripping a character set that could eat path suffixes - Add tests for SSRF blocking and url() without API key
|
@AmirF194 Thanks for the thorough review. All three points addressed in 41aa7e7:
Added two new tests covering SSRF blocking on private addresses and Re: the CI note about |
Summary
Adds Flowtriq as a native notification provider via a custom Apprise plugin. Flowtriq is a DDoS detection and traffic analytics platform -- correlating website changes/outages detected by changedetection.io with DDoS attack data is a natural fit.
Usage:
What this does:
flowtriq://URL scheme as a custom Apprise notification pluginsource,watch_url,title,body,status) to the configured Flowtriq webhook endpointX-API-Keyheader (passed as?key=in the URL)Files changed:
changedetectionio/notification/apprise_plugin/flowtriq.py-- the plugin (NotifyFlowtriq class extending NotifyBase)changedetectionio/notification/handler.py-- registers the plugin with Apprise's plugin managerchangedetectionio/forms.py-- imports the plugin so URL validation recognizesflowtriq://changedetectionio/blueprint/ui/notification.py-- imports the plugin for test notification supportchangedetectionio/tests/apprise/test_apprise_flowtriq.py-- unit tests covering URL parsing, send success/failure, payload structure, and API key handlingTest plan
flowtriq://URLs are accepted in the notification URL field without validation errorsX-API-Keyheader when?key=is providedpytest changedetectionio/tests/apprise/test_apprise_flowtriq.py