From b5de63e225ad99ef041ec6eed380cb00d0469415 Mon Sep 17 00:00:00 2001
From: Christopher Vagnetoft <labs@noccy.com>
Date: Sat, 17 Jan 2026 17:53:16 +0100
Subject: [PATCH] Config is proper, auth logic OK, update readme

---
 README.md           | 83 +++++++++++++++++++++++++++++++++++++++++++++
 config.dist.yaml    |  2 +-
 config.example.yaml | 12 +++----
 src/NtfiDaemon.php  | 11 ++++--
 4 files changed, 99 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index d33e6b6..e18cabb 100644
--- a/README.md
+++ b/README.md
@@ -4,3 +4,86 @@ This is a daemon with the single purpose of centralizing credentials and configu
 pushing notifications to *ntfy.sh* or private instances of ntfy.
 
 This daemon does **not** support subscriptions for now, only publishing.
+
+## Using
+
+Bare metal (Linux):
+
+```bash
+$ cp config.dist.yaml config.yaml
+$ editor config.yaml
+$ ./ntfid.phar --config config.yaml
+```
+
+With Docker:
+
+```bash
+$ cp config.dist.yaml config.yaml
+$ editor config.yaml
+$ docker exec --rm -it -p 13000:13000 -v $PWD/config.yaml:/app/config.yaml \
+    dev.noccylabs.info/noccylabs/ntfi:latest
+```
+
+With Docker Compose:
+
+Make sure to create `config.yaml` from `config.dist.yaml` in the same directory
+as the `compose.yaml` file.
+
+```yaml
+services:
+  ntfi:
+    image: dev.noccylabs.info/noccylabs/ntfi:latest
+    ports:
+      - 13000:13000
+    volumes:
+      - ./config.yaml:/app/config.yaml
+    restart: always
+```
+
+## Configuration
+
+### Listen
+
+This is a single key defining the HTTP listen address. This defaults to
+`0.0.0.0:13000`.
+
+### Servers
+
+Configure the servers that you want to be able to relay notifications to. The
+default configuration defines a single server, `default` which is configured
+to send messages to *ntfy.sh* as an anonymous user.
+
+| Key | Req | Detail
+| --- | --- | ---
+| `server` | Y | The server name without protocol (always https)
+| `token` | \- | API token to use when authenticating
+| `username` | \- | Username for authenticating
+| `password` | \- | Password for authenticating
+
+> [!NOTE]
+> Note that for authentication to work, you need to specify *either* `token`,
+> *or* `username` *and* `password`. If `token` is empty, and only `username`
+> or `password` is set, no authentication will be used.
+
+### Channels
+
+These are the channels that can be sent to. Each channel name matches the request
+URL, and placeholders can be used to extract and reassemble a destination topic.
+
+| Key | Req | Detail
+| --- | --- | ---
+| `destination` | Y | The destination, as `<server>/<topic>`
+
+Examples:
+
+```yaml
+  # match exact topic and send to rewritten topic
+  "serverevents":
+    destination: "default/sometopicnameforserverevents"
+  # parse and use only part of topic, sending to another server
+  "prefix_{topic}":
+    destination: "prefixed/{topic}"
+  # or append a prefix to the topic, sending to yet another server
+  "{topic}":
+    destination: "prefixing/prefix_{topic}"
+```
\ No newline at end of file
diff --git a/config.dist.yaml b/config.dist.yaml
index 50c6c28..c3df068 100644
--- a/config.dist.yaml
+++ b/config.dist.yaml
@@ -6,4 +6,4 @@ servers:
 
 channels:
   "{topic}":
-    destination: "prefixing/{topic}"
+    destination: "default/{topic}"
diff --git a/config.example.yaml b/config.example.yaml
index ba4cddb..5bce201 100644
--- a/config.example.yaml
+++ b/config.example.yaml
@@ -14,13 +14,13 @@ servers:
 # this is where you can send messages to
 channels:
   # redirect topics directly
-  serverevents:
-    destination: default/sometopicnameforserverevents
-  otherevents:
-    destination: default/someothertopicnameforevents
+  "serverevents":
+    destination: "default/sometopicnameforserverevents"
+  "otherevents":
+    destination: "default/someothertopicnameforevents"
   # parse and use only part of topic
   "prefix_{topic}":
-    destination: prefixed/{topic}
+    destination: "prefixed/{topic}"
   # or append a prefix to the topic
   "{topic}":
-    destination: prefixing/prefix_{topic}
+    destination: "prefixing/prefix_{topic}"
diff --git a/src/NtfiDaemon.php b/src/NtfiDaemon.php
index 2e98751..1f91e7e 100644
--- a/src/NtfiDaemon.php
+++ b/src/NtfiDaemon.php
@@ -174,13 +174,20 @@ class NtfiDaemon
         $serverInfo = $this->servers[$connection] ?? throw new \Exception("The server '{$connection}' is not configured");
         
 
+        $browser = new Browser();
         if (isset($serverInfo['token']) && $serverInfo['token']) {
-            $browser = new Browser();
-            $browser->withHeader("authorization", "Bearer {$serverInfo['token']}");
+            $browser = $browser
+                ->withHeader("authorization", "Bearer {$serverInfo['token']}");
+        } elseif (isset($serverInfo['username']) && $serverInfo['username'] &&
+                isset($serverInfo['password']) && $serverInfo['password']) {
+            $auth = base64_encode(sprintf("%s:%s", $serverInfo['username'], $serverInfo['password']));
+            $browser = $browser
+                ->withHeader("authorization", "Basic {$auth}");
         }
 
         $url = sprintf("https://%s/%s", $serverInfo['server'], $topic);
 
+        printf("post: %s\n", $url);
         $browser->post($url, [
             'content-type' => $type,
         ], $body)->then(