sftpgo-mirror/httpd/httpd.go

// Package httpd implements REST API and Web interface for SFTPGo.
// REST API allows to manage users and quota and to get real time reports for the active connections
// with possibility of forcibly closing a connection.
// The OpenAPI 3 schema for the exposed API can be found inside the source tree:
// https://github.com/drakkan/sftpgo/tree/master/api/schema/openapi.yaml
// A basic Web interface to manage users and connections is provided too
package httpd

import (
	"crypto/tls"
	"fmt"
	"net/http"
	"path/filepath"
	"time"

	"github.com/go-chi/chi"

	"github.com/drakkan/sftpgo/common"
	"github.com/drakkan/sftpgo/logger"
	"github.com/drakkan/sftpgo/utils"
)

const (
	logSender                 = "httpd"
	apiPrefix                 = "/api/v1"
	activeConnectionsPath     = "/api/v1/connection"
	quotaScanPath             = "/api/v1/quota_scan"
	quotaScanVFolderPath      = "/api/v1/folder_quota_scan"
	userPath                  = "/api/v1/user"
	versionPath               = "/api/v1/version"
	folderPath                = "/api/v1/folder"
	providerStatusPath        = "/api/v1/providerstatus"
	dumpDataPath              = "/api/v1/dumpdata"
	loadDataPath              = "/api/v1/loaddata"
	updateUsedQuotaPath       = "/api/v1/quota_update"
	updateFolderUsedQuotaPath = "/api/v1/folder_quota_update"
	metricsPath               = "/metrics"
	pprofBasePath             = "/debug"
	webBasePath               = "/web"
	webUsersPath              = "/web/users"
	webUserPath               = "/web/user"
	webConnectionsPath        = "/web/connections"
	webFoldersPath            = "/web/folders"
	webFolderPath             = "/web/folder"
	webStaticFilesPath        = "/static"
	maxRestoreSize            = 10485760 // 10 MB
	maxRequestSize            = 1048576  // 1MB
)

var (
	router      *chi.Mux
	backupsPath string
	httpAuth    httpAuthProvider
	certMgr     *common.CertManager
)

// Conf httpd daemon configuration
type Conf struct {
	// The port used for serving HTTP requests. 0 disable the HTTP server. Default: 8080
	BindPort int `json:"bind_port" mapstructure:"bind_port"`
	// The address to listen on. A blank value means listen on all available network interfaces. Default: "127.0.0.1"
	BindAddress string `json:"bind_address" mapstructure:"bind_address"`
	// Path to the HTML web templates. This can be an absolute path or a path relative to the config dir
	TemplatesPath string `json:"templates_path" mapstructure:"templates_path"`
	// Path to the static files for the web interface. This can be an absolute path or a path relative to the config dir.
	// If both TemplatesPath and StaticFilesPath are empty the built-in web interface will be disabled
	StaticFilesPath string `json:"static_files_path" mapstructure:"static_files_path"`
	// Path to the backup directory. This can be an absolute path or a path relative to the config dir
	BackupsPath string `json:"backups_path" mapstructure:"backups_path"`
	// Path to a file used to store usernames and password for basic authentication.
	// This can be an absolute path or a path relative to the config dir.
	// We support HTTP basic authentication and the file format must conform to the one generated using the Apache
	// htpasswd tool. The supported password formats are bcrypt ($2y$ prefix) and md5 crypt ($apr1$ prefix).
	// If empty HTTP authentication is disabled
	AuthUserFile string `json:"auth_user_file" mapstructure:"auth_user_file"`
	// If files containing a certificate and matching private key for the server are provided the server will expect
	// HTTPS connections.
	// Certificate and key files can be reloaded on demand sending a "SIGHUP" signal on Unix based systems and a
	// "paramchange" request to the running service on Windows.
	CertificateFile    string `json:"certificate_file" mapstructure:"certificate_file"`
	CertificateKeyFile string `json:"certificate_key_file" mapstructure:"certificate_key_file"`
}

type apiResponse struct {
	Error      string `json:"error"`
	Message    string `json:"message"`
	HTTPStatus int    `json:"status"`
}

// Initialize configures and starts the HTTP server
func (c Conf) Initialize(configDir string, enableProfiler bool) error {
	var err error
	logger.Debug(logSender, "", "initializing HTTP server with config %+v", c)
	backupsPath = getConfigPath(c.BackupsPath, configDir)
	staticFilesPath := getConfigPath(c.StaticFilesPath, configDir)
	templatesPath := getConfigPath(c.TemplatesPath, configDir)
	enableWebAdmin := len(staticFilesPath) > 0 || len(templatesPath) > 0
	if len(backupsPath) == 0 {
		return fmt.Errorf("Required directory is invalid, backup path %#v", backupsPath)
	}
	if enableWebAdmin && (len(staticFilesPath) == 0 || len(templatesPath) == 0) {
		return fmt.Errorf("Required directory is invalid, static file path: %#v template path: %#v",
			staticFilesPath, templatesPath)
	}
	authUserFile := getConfigPath(c.AuthUserFile, configDir)
	httpAuth, err = newBasicAuthProvider(authUserFile)
	if err != nil {
		return err
	}
	certificateFile := getConfigPath(c.CertificateFile, configDir)
	certificateKeyFile := getConfigPath(c.CertificateKeyFile, configDir)
	if enableWebAdmin {
		loadTemplates(templatesPath)
	} else {
		logger.Info(logSender, "", "built-in web interface disabled, please set templates_path and static_files_path to enable it")
	}
	initializeRouter(staticFilesPath, enableProfiler, enableWebAdmin)
	httpServer := &http.Server{
		Addr:           fmt.Sprintf("%s:%d", c.BindAddress, c.BindPort),
		Handler:        router,
		ReadTimeout:    60 * time.Second,
		WriteTimeout:   60 * time.Second,
		IdleTimeout:    120 * time.Second,
		MaxHeaderBytes: 1 << 16, // 64KB
	}
	if len(certificateFile) > 0 && len(certificateKeyFile) > 0 {
		certMgr, err = common.NewCertManager(certificateFile, certificateKeyFile, logSender)
		if err != nil {
			return err
		}
		config := &tls.Config{
			GetCertificate: certMgr.GetCertificateFunc(),
		}
		httpServer.TLSConfig = config
		return httpServer.ListenAndServeTLS("", "")
	}
	return httpServer.ListenAndServe()
}

// ReloadTLSCertificate reloads the TLS certificate and key from the configured paths
func ReloadTLSCertificate() error {
	if certMgr != nil {
		return certMgr.LoadCertificate(logSender)
	}
	return nil
}

func getConfigPath(name, configDir string) string {
	if !utils.IsFileInputValid(name) {
		return ""
	}
	if len(name) > 0 && !filepath.IsAbs(name) {
		return filepath.Join(configDir, name)
	}
	return name
}
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`// Package httpd implements REST API and Web interface for SFTPGo.`
			`// REST API allows to manage users and quota and to get real time reports for the active connections`
			`// with possibility of forcibly closing a connection.`
			`// The OpenAPI 3 schema for the exposed API can be found inside the source tree:`
			`// https://github.com/drakkan/sftpgo/tree/master/api/schema/openapi.yaml`
			`// A basic Web interface to manage users and connections is provided too`
			`package httpd`

			`import (`
httpd: allow to reload the https certificate without restarting the service HTTPS certificate can be reloaded on demand sending a SIGHUP signal on Unix based systems and a "paramchange" request to the running service on Windows 2020-02-04 22:21:33 +00:00			`"crypto/tls"`
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`"fmt"`
			`"net/http"`
			`"path/filepath"`
			`"time"`

add more linters test cases migration to testify is now complete. Linters are enabled for test cases too 2020-05-06 17:36:34 +00:00			`"github.com/go-chi/chi"`

refactoring: add common package The common package defines the interfaces that a protocol must implement and contain code that can be shared among supported protocols. This way should be easier to support new protocols 2020-07-24 21:39:38 +00:00			`"github.com/drakkan/sftpgo/common"`
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`"github.com/drakkan/sftpgo/logger"`
improve validations for user provided file and directory paths 2020-03-03 08:09:58 +00:00			`"github.com/drakkan/sftpgo/utils"`
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`)`

			`const (`
Add API endpoint to set current quota Fixes #130 2020-06-20 10:38:04 +00:00			`logSender = "httpd"`
			`apiPrefix = "/api/v1"`
			`activeConnectionsPath = "/api/v1/connection"`
			`quotaScanPath = "/api/v1/quota_scan"`
			`quotaScanVFolderPath = "/api/v1/folder_quota_scan"`
			`userPath = "/api/v1/user"`
			`versionPath = "/api/v1/version"`
			`folderPath = "/api/v1/folder"`
			`providerStatusPath = "/api/v1/providerstatus"`
			`dumpDataPath = "/api/v1/dumpdata"`
			`loadDataPath = "/api/v1/loaddata"`
			`updateUsedQuotaPath = "/api/v1/quota_update"`
			`updateFolderUsedQuotaPath = "/api/v1/folder_quota_update"`
			`metricsPath = "/metrics"`
			`pprofBasePath = "/debug"`
			`webBasePath = "/web"`
			`webUsersPath = "/web/users"`
			`webUserPath = "/web/user"`
			`webConnectionsPath = "/web/connections"`
			`webFoldersPath = "/web/folders"`
			`webFolderPath = "/web/folder"`
			`webStaticFilesPath = "/static"`
			`maxRestoreSize = 10485760 // 10 MB`
			`maxRequestSize = 1048576 // 1MB`
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`)`

			`var (`
simplify data provider usage remove the obsolete SQL scripts too. They are not required since v0.9.6 2020-07-08 17:59:31 +00:00			`router *chi.Mux`
			`backupsPath string`
			`httpAuth httpAuthProvider`
refactoring: add common package The common package defines the interfaces that a protocol must implement and contain code that can be shared among supported protocols. This way should be easier to support new protocols 2020-07-24 21:39:38 +00:00			`certMgr *common.CertManager`
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`)`

			`// Conf httpd daemon configuration`
			`type Conf struct {`
			`// The port used for serving HTTP requests. 0 disable the HTTP server. Default: 8080`
			BindPort int `json:"bind_port" mapstructure:"bind_port"`
			`// The address to listen on. A blank value means listen on all available network interfaces. Default: "127.0.0.1"`
			BindAddress string `json:"bind_address" mapstructure:"bind_address"`
			`// Path to the HTML web templates. This can be an absolute path or a path relative to the config dir`
			TemplatesPath string `json:"templates_path" mapstructure:"templates_path"`
httpd: make the built-in web interface optional The built-in web admin will be disabled if both "templates_path" and "static_files_path" are empty Fixes #131 2020-06-18 21:53:38 +00:00			`// Path to the static files for the web interface. This can be an absolute path or a path relative to the config dir.`
			`// If both TemplatesPath and StaticFilesPath are empty the built-in web interface will be disabled`
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			StaticFilesPath string `json:"static_files_path" mapstructure:"static_files_path"`
add backup/restore REST API 2019-12-27 22:12:44 +00:00			`// Path to the backup directory. This can be an absolute path or a path relative to the config dir`
			BackupsPath string `json:"backups_path" mapstructure:"backups_path"`
httpd: add support for basic auth and HTTPS 2020-02-03 23:08:00 +00:00			`// Path to a file used to store usernames and password for basic authentication.`
			`// This can be an absolute path or a path relative to the config dir.`
			`// We support HTTP basic authentication and the file format must conform to the one generated using the Apache`
			`// htpasswd tool. The supported password formats are bcrypt ($2y$ prefix) and md5 crypt ($apr1$ prefix).`
			`// If empty HTTP authentication is disabled`
			AuthUserFile string `json:"auth_user_file" mapstructure:"auth_user_file"`
			`// If files containing a certificate and matching private key for the server are provided the server will expect`
httpd: allow to reload the https certificate without restarting the service HTTPS certificate can be reloaded on demand sending a SIGHUP signal on Unix based systems and a "paramchange" request to the running service on Windows 2020-02-04 22:21:33 +00:00			`// HTTPS connections.`
			`// Certificate and key files can be reloaded on demand sending a "SIGHUP" signal on Unix based systems and a`
			`// "paramchange" request to the running service on Windows.`
httpd: add support for basic auth and HTTPS 2020-02-03 23:08:00 +00:00			CertificateFile string `json:"certificate_file" mapstructure:"certificate_file"`
			CertificateKeyFile string `json:"certificate_key_file" mapstructure:"certificate_key_file"`
add backup/restore REST API 2019-12-27 22:12:44 +00:00			`}`

add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`type apiResponse struct {`
			Error string `json:"error"`
			Message string `json:"message"`
			HTTPStatus int `json:"status"`
			`}`

add a new configuration section for HTTP clients HTTP clients are used for executing hooks such as the ones used for custom actions, external authentication and pre-login user modifications. This allows, for example, to use self-signed certificate without defeating the purpose of using TLS 2020-04-26 21:29:09 +00:00			`// Initialize configures and starts the HTTP server`
httpd: make the built-in web interface optional The built-in web admin will be disabled if both "templates_path" and "static_files_path" are empty Fixes #131 2020-06-18 21:53:38 +00:00			`func (c Conf) Initialize(configDir string, enableProfiler bool) error {`
httpd: add support for basic auth and HTTPS 2020-02-03 23:08:00 +00:00			`var err error`
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`logger.Debug(logSender, "", "initializing HTTP server with config %+v", c)`
httpd: add support for basic auth and HTTPS 2020-02-03 23:08:00 +00:00			`backupsPath = getConfigPath(c.BackupsPath, configDir)`
			`staticFilesPath := getConfigPath(c.StaticFilesPath, configDir)`
			`templatesPath := getConfigPath(c.TemplatesPath, configDir)`
httpd: make the built-in web interface optional The built-in web admin will be disabled if both "templates_path" and "static_files_path" are empty Fixes #131 2020-06-18 21:53:38 +00:00			`enableWebAdmin := len(staticFilesPath) > 0 \|\| len(templatesPath) > 0`
			`if len(backupsPath) == 0 {`
			`return fmt.Errorf("Required directory is invalid, backup path %#v", backupsPath)`
			`}`
			`if enableWebAdmin && (len(staticFilesPath) == 0 \|\| len(templatesPath) == 0) {`
			`return fmt.Errorf("Required directory is invalid, static file path: %#v template path: %#v",`
			`staticFilesPath, templatesPath)`
improve validations for user provided file and directory paths 2020-03-03 08:09:58 +00:00			`}`
httpd: add support for basic auth and HTTPS 2020-02-03 23:08:00 +00:00			`authUserFile := getConfigPath(c.AuthUserFile, configDir)`
			`httpAuth, err = newBasicAuthProvider(authUserFile)`
			`if err != nil {`
			`return err`
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`}`
httpd: add support for basic auth and HTTPS 2020-02-03 23:08:00 +00:00			`certificateFile := getConfigPath(c.CertificateFile, configDir)`
			`certificateKeyFile := getConfigPath(c.CertificateKeyFile, configDir)`
httpd: make the built-in web interface optional The built-in web admin will be disabled if both "templates_path" and "static_files_path" are empty Fixes #131 2020-06-18 21:53:38 +00:00			`if enableWebAdmin {`
			`loadTemplates(templatesPath)`
			`} else {`
			`logger.Info(logSender, "", "built-in web interface disabled, please set templates_path and static_files_path to enable it")`
			`}`
			`initializeRouter(staticFilesPath, enableProfiler, enableWebAdmin)`
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`httpServer := &http.Server{`
			`Addr: fmt.Sprintf("%s:%d", c.BindAddress, c.BindPort),`
			`Handler: router,`
httpd: add support for basic auth and HTTPS 2020-02-03 23:08:00 +00:00			`ReadTimeout: 60 * time.Second,`
			`WriteTimeout: 60 * time.Second,`
add support for virtual folders directories outside the user home directory can be exposed as virtual folders 2020-02-23 10:30:26 +00:00			`IdleTimeout: 120 * time.Second,`
httpd: add an API to get data provider status 2019-11-14 17:48:01 +00:00			`MaxHeaderBytes: 1 << 16, // 64KB`
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`}`
httpd: add support for basic auth and HTTPS 2020-02-03 23:08:00 +00:00			`if len(certificateFile) > 0 && len(certificateKeyFile) > 0 {`
refactoring: add common package The common package defines the interfaces that a protocol must implement and contain code that can be shared among supported protocols. This way should be easier to support new protocols 2020-07-24 21:39:38 +00:00			`certMgr, err = common.NewCertManager(certificateFile, certificateKeyFile, logSender)`
httpd: allow to reload the https certificate without restarting the service HTTPS certificate can be reloaded on demand sending a SIGHUP signal on Unix based systems and a "paramchange" request to the running service on Windows 2020-02-04 22:21:33 +00:00			`if err != nil {`
			`return err`
			`}`
			`config := &tls.Config{`
			`GetCertificate: certMgr.GetCertificateFunc(),`
			`}`
			`httpServer.TLSConfig = config`
			`return httpServer.ListenAndServeTLS("", "")`
httpd: add support for basic auth and HTTPS 2020-02-03 23:08:00 +00:00			`}`
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`return httpServer.ListenAndServe()`
			`}`
httpd: add support for basic auth and HTTPS 2020-02-03 23:08:00 +00:00
httpd: allow to reload the https certificate without restarting the service HTTPS certificate can be reloaded on demand sending a SIGHUP signal on Unix based systems and a "paramchange" request to the running service on Windows 2020-02-04 22:21:33 +00:00			`// ReloadTLSCertificate reloads the TLS certificate and key from the configured paths`
fix some lint issues 2020-04-30 12:23:55 +00:00			`func ReloadTLSCertificate() error {`
httpd: allow to reload the https certificate without restarting the service HTTPS certificate can be reloaded on demand sending a SIGHUP signal on Unix based systems and a "paramchange" request to the running service on Windows 2020-02-04 22:21:33 +00:00			`if certMgr != nil {`
refactoring: add common package The common package defines the interfaces that a protocol must implement and contain code that can be shared among supported protocols. This way should be easier to support new protocols 2020-07-24 21:39:38 +00:00			`return certMgr.LoadCertificate(logSender)`
httpd: allow to reload the https certificate without restarting the service HTTPS certificate can be reloaded on demand sending a SIGHUP signal on Unix based systems and a "paramchange" request to the running service on Windows 2020-02-04 22:21:33 +00:00			`}`
fix some lint issues 2020-04-30 12:23:55 +00:00			`return nil`
httpd: allow to reload the https certificate without restarting the service HTTPS certificate can be reloaded on demand sending a SIGHUP signal on Unix based systems and a "paramchange" request to the running service on Windows 2020-02-04 22:21:33 +00:00			`}`

httpd: add support for basic auth and HTTPS 2020-02-03 23:08:00 +00:00			`func getConfigPath(name, configDir string) string {`
improve validations for user provided file and directory paths 2020-03-03 08:09:58 +00:00			`if !utils.IsFileInputValid(name) {`
			`return ""`
			`}`
			`if len(name) > 0 && !filepath.IsAbs(name) {`
httpd: add support for basic auth and HTTPS 2020-02-03 23:08:00 +00:00			`return filepath.Join(configDir, name)`
			`}`
			`return name`
			`}`