CooperandGoodman/homeschool
1
0
Fork 0
Code Issues Pull Requests Activity

Add Ntfy push notifications for super admin events

Browse Source 
Sends alerts to a configurable Ntfy topic on: new user registration,
account lockout after 5 failed login attempts, and login attempts on an
already-locked account. Fire-and-forget — never raises if Ntfy is down.

Configure via NTFY_URL and NTFY_TOKEN in .env.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Derek Cooper
2026-03-22 01:04:12 -07:00
parent 663b506868
commit 090ebc109e
7 changed files with 64 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@@ -25,6 +25,7 @@ A self-hosted web app for managing homeschool schedules, tracking daily learning
- **Password Change** — Users can change their own account password from Admin → Settings → Reset Password. The form requires the current password before accepting a new one.
- **Multi-Child Support** — Manage multiple students under one parent account, each with their own color, schedule, and history.
- **JWT Authentication** — Secure parent login with access tokens and httpOnly refresh cookies. TV dashboard is public (no login required). Disabled accounts receive a clear error message explaining the account is disabled rather than a generic "invalid credentials" response. After **5 consecutive failed login attempts**, an account is locked for **15 minutes** — the error message includes the remaining wait time. Locks clear automatically after the cooldown, or immediately when a super admin resets the account's password.
- **Ntfy Push Notifications** — Optional push notifications delivered to the super admin via [Ntfy](https://ntfy.sh). Alerts are sent for: new user registration, account lockout after 5 failed login attempts, and login attempts on an already-locked account. Works with ntfy.sh (public or self-hosted). Configure via `NTFY_URL` and optionally `NTFY_TOKEN` in `.env`.
- **Super Admin Panel** — A separate admin interface (at `/super-admin`) for site-wide management. Log in with a dedicated admin username and password (set in `.env`). Provides full control over all registered parent accounts:
- **Impersonate** — Enter any user's session to view and manage their data. An impersonation banner is shown at the top of every page with a one-click "Exit to Admin Panel" button.
- **Reset Password** — Set a new password for any user without needing the current password. Also clears any active login lockout on the account.
@@ -168,6 +169,11 @@ ADMIN_PASSWORD=change_me_admin_password
# Set to true only for local development (exposes /api/docs, /api/redoc)
DOCS_ENABLED=false
# Ntfy push notifications for super admin alerts (optional)
# Use https://ntfy.sh/your-secret-topic or a self-hosted Ntfy server
NTFY_URL=
NTFY_TOKEN=
```
### 3. Build and start
@@ -346,6 +352,8 @@ The TV dashboard connects to `ws://host/ws/{tv_token}` (using the child's 6-digi
| `ADMIN_USERNAME` | No | Super admin login username (default: `admin`) |
| `ADMIN_PASSWORD` | No | Super admin login password (default: `change_me_admin_password`) |
| `DOCS_ENABLED` | No | Set to `true` to enable `/api/docs` and `/api/redoc` (default: `false`). Recommended only for local development. |
| `NTFY_URL` | No | Full Ntfy topic URL (e.g. `https://ntfy.sh/your-secret-topic`). Leave blank to disable notifications. |
| `NTFY_TOKEN` | No | Bearer token for a protected Ntfy topic. Leave blank for public topics. |
> **Note:** `ADMIN_USERNAME` and `ADMIN_PASSWORD` must be set in `.env` **and** listed in the `backend` service's `environment` block in `docker-compose.yml`. Changing them in `.env` alone is not sufficient — the backend container reads them as environment variables, not from the file directly.