server icon indicating copy to clipboard operation
server copied to clipboard
verified publisher icon gotify

add ability to manage plugins through the web UI

Open david-kalmakoff opened this issue 1 year ago • 4 comments

Is your feature request related to a problem? Please describe. It is frustrating to have to upload plugin files on the sever to install or update them. This becomes even more of a problem when developing plugins, were you have to do this often.

Describe the solution you'd like It would be great to have an upload button on the plugins page to upload the plugin file to the server. A delete and update button on the individual plugin page to make changes to existing plugins. We would also need a way to restart the Gotify service through the UI to apply the changes.

Additional context I can foresee an issue with breaking the Gotify service from a broken or incompatible plugin. This is already an issue when manually uploading a plugin file. Currently it is not that bad since you will already be changing files at the server level. I think there may be problems that occur when opening up the plugins feature to more users who may not readily access the service's files.

This is something I would be glad to implement if others would find value in it.

david-kalmakoff avatar Nov 01 '24 23:11 david-kalmakoff

I would think it is a security concern as the privilege of "admin" in gotify is way less than the privilege of arbitrary code execution. It is just a middle ground between a highly constrained execution environment (JS, etc) and requiring you to completely rebuild the container often.

It has been on my table to update some "in hindsight" things to the plugin template. https://github.com/eternal-flame-AD/gotify-webhook-misskey/blob/main/Makefile https://github.com/eternal-flame-AD/gotify-broadcast/blob/master/Makefile

The latter one has CI supporting 2 years of gotify releases (the first one uses recent golang features so only 2 releases).

eternal-flame-AD avatar Nov 01 '24 23:11 eternal-flame-AD

I agree that the security concerns would out weigh the value gained from the feature.

david-kalmakoff avatar Nov 02 '24 16:11 david-kalmakoff

For plugin implementations in golang we are theoretically there are two ways to safely do what you want I know:

One is Hashicorp Vault's approach (Custom code signing), you can either preauthorize the hash or a code signer on the platform and admins can update on the fly, probably too complex for gotify.

Another one is use a WASM runtime and physically enforce user boundary as we do now.

I think let's wait until more people need this feature to decide whether to actually do it.

eternal-flame-AD avatar Nov 02 '24 20:11 eternal-flame-AD

I don't think everything needs a GUI. There is always the option to mount the remote drive and do ctrl+c and ctrl+v. Please feel free to disagree and share your opinion.

najtin avatar Nov 05 '24 15:11 najtin