2020-01-19 12:58:55 +00:00
|
|
|
// Package vfs provides local and remote filesystems support
|
2020-01-19 06:41:05 +00:00
|
|
|
package vfs
|
|
|
|
|
|
|
|
import (
|
|
|
|
"errors"
|
2020-01-31 18:04:00 +00:00
|
|
|
"fmt"
|
2020-11-17 18:36:39 +00:00
|
|
|
"io"
|
2020-10-25 07:18:48 +00:00
|
|
|
"net/url"
|
2020-01-19 06:41:05 +00:00
|
|
|
"os"
|
2020-01-19 22:23:09 +00:00
|
|
|
"path"
|
2020-06-26 21:38:29 +00:00
|
|
|
"path/filepath"
|
2020-01-19 06:41:05 +00:00
|
|
|
"runtime"
|
2020-01-19 22:23:09 +00:00
|
|
|
"strings"
|
2020-01-19 06:41:05 +00:00
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/eikenb/pipeat"
|
2021-02-11 18:45:52 +00:00
|
|
|
"github.com/pkg/sftp"
|
2020-05-06 17:36:34 +00:00
|
|
|
|
2020-11-30 20:46:34 +00:00
|
|
|
"github.com/drakkan/sftpgo/kms"
|
2020-05-06 17:36:34 +00:00
|
|
|
"github.com/drakkan/sftpgo/logger"
|
2020-10-30 21:17:17 +00:00
|
|
|
"github.com/drakkan/sftpgo/utils"
|
2020-01-19 06:41:05 +00:00
|
|
|
)
|
|
|
|
|
2020-10-25 07:18:48 +00:00
|
|
|
const dirMimeType = "inode/directory"
|
|
|
|
|
2020-12-25 10:14:08 +00:00
|
|
|
var (
|
2021-02-11 18:45:52 +00:00
|
|
|
validAzAccessTier = []string{"", "Archive", "Hot", "Cool"}
|
|
|
|
// ErrStorageSizeUnavailable is returned if the storage backend does not support getting the size
|
|
|
|
ErrStorageSizeUnavailable = errors.New("unable to get available size for this storage backend")
|
2021-03-21 18:15:47 +00:00
|
|
|
// ErrVfsUnsupported defines the error for an unsupported VFS operation
|
|
|
|
ErrVfsUnsupported = errors.New("not supported")
|
|
|
|
credentialsDirPath string
|
2021-05-27 13:38:27 +00:00
|
|
|
tempPath string
|
2021-04-01 16:53:48 +00:00
|
|
|
sftpFingerprints []string
|
2020-12-25 10:14:08 +00:00
|
|
|
)
|
2020-10-30 21:17:17 +00:00
|
|
|
|
2021-03-21 18:15:47 +00:00
|
|
|
// SetCredentialsDirPath sets the credentials dir path
|
|
|
|
func SetCredentialsDirPath(credentialsPath string) {
|
|
|
|
credentialsDirPath = credentialsPath
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetCredentialsDirPath returns the credentials dir path
|
|
|
|
func GetCredentialsDirPath() string {
|
|
|
|
return credentialsDirPath
|
|
|
|
}
|
|
|
|
|
2021-05-27 13:38:27 +00:00
|
|
|
// SetTempPath sets the path for temporary files
|
|
|
|
func SetTempPath(fsPath string) {
|
|
|
|
tempPath = fsPath
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetTempPath returns the path for temporary files
|
|
|
|
func GetTempPath() string {
|
|
|
|
return tempPath
|
|
|
|
}
|
|
|
|
|
2021-04-01 16:53:48 +00:00
|
|
|
// SetSFTPFingerprints sets the SFTP host key fingerprints
|
|
|
|
func SetSFTPFingerprints(fp []string) {
|
|
|
|
sftpFingerprints = fp
|
|
|
|
}
|
|
|
|
|
2020-01-31 18:04:00 +00:00
|
|
|
// Fs defines the interface for filesystem backends
|
2020-01-19 06:41:05 +00:00
|
|
|
type Fs interface {
|
|
|
|
Name() string
|
|
|
|
ConnectionID() string
|
|
|
|
Stat(name string) (os.FileInfo, error)
|
|
|
|
Lstat(name string) (os.FileInfo, error)
|
2020-11-17 18:36:39 +00:00
|
|
|
Open(name string, offset int64) (File, *pipeat.PipeReaderAt, func(), error)
|
|
|
|
Create(name string, flag int) (File, *PipeWriter, func(), error)
|
2020-01-19 06:41:05 +00:00
|
|
|
Rename(source, target string) error
|
|
|
|
Remove(name string, isDir bool) error
|
|
|
|
Mkdir(name string) error
|
2021-03-21 18:15:47 +00:00
|
|
|
MkdirAll(name string, uid int, gid int) error
|
2020-01-19 06:41:05 +00:00
|
|
|
Symlink(source, target string) error
|
|
|
|
Chown(name string, uid int, gid int) error
|
|
|
|
Chmod(name string, mode os.FileMode) error
|
|
|
|
Chtimes(name string, atime, mtime time.Time) error
|
2020-08-20 11:54:36 +00:00
|
|
|
Truncate(name string, size int64) error
|
2020-01-19 06:41:05 +00:00
|
|
|
ReadDir(dirname string) ([]os.FileInfo, error)
|
2020-08-22 12:52:17 +00:00
|
|
|
Readlink(name string) (string, error)
|
2020-01-19 06:41:05 +00:00
|
|
|
IsUploadResumeSupported() bool
|
|
|
|
IsAtomicUploadSupported() bool
|
2020-01-19 12:58:55 +00:00
|
|
|
CheckRootPath(username string, uid int, gid int) bool
|
|
|
|
ResolvePath(sftpPath string) (string, error)
|
2020-01-19 06:41:05 +00:00
|
|
|
IsNotExist(err error) bool
|
|
|
|
IsPermission(err error) bool
|
2020-11-12 09:39:46 +00:00
|
|
|
IsNotSupported(err error) bool
|
2020-01-19 12:58:55 +00:00
|
|
|
ScanRootDirContents() (int, int64, error)
|
2020-06-07 21:30:18 +00:00
|
|
|
GetDirSize(dirname string) (int, int64, error)
|
2020-01-19 06:41:05 +00:00
|
|
|
GetAtomicUploadPath(name string) string
|
2020-01-19 22:23:09 +00:00
|
|
|
GetRelativePath(name string) string
|
2020-06-26 21:38:29 +00:00
|
|
|
Walk(root string, walkFn filepath.WalkFunc) error
|
2020-01-19 06:41:05 +00:00
|
|
|
Join(elem ...string) string
|
2020-07-31 17:24:57 +00:00
|
|
|
HasVirtualFolders() bool
|
2020-08-11 21:56:10 +00:00
|
|
|
GetMimeType(name string) (string, error)
|
2021-02-11 18:45:52 +00:00
|
|
|
GetAvailableDiskSize(dirName string) (*sftp.StatVFS, error)
|
2020-12-12 09:31:09 +00:00
|
|
|
Close() error
|
2020-08-11 21:56:10 +00:00
|
|
|
}
|
|
|
|
|
2020-11-17 18:36:39 +00:00
|
|
|
// File defines an interface representing a SFTPGo file
|
|
|
|
type File interface {
|
|
|
|
io.Reader
|
|
|
|
io.Writer
|
|
|
|
io.Closer
|
|
|
|
io.ReaderAt
|
|
|
|
io.WriterAt
|
|
|
|
io.Seeker
|
|
|
|
Stat() (os.FileInfo, error)
|
|
|
|
Name() string
|
|
|
|
Truncate(size int64) error
|
|
|
|
}
|
|
|
|
|
2020-06-16 20:49:18 +00:00
|
|
|
// QuotaCheckResult defines the result for a quota check
|
|
|
|
type QuotaCheckResult struct {
|
|
|
|
HasSpace bool
|
|
|
|
AllowedSize int64
|
|
|
|
AllowedFiles int
|
|
|
|
UsedSize int64
|
|
|
|
UsedFiles int
|
|
|
|
QuotaSize int64
|
|
|
|
QuotaFiles int
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetRemainingSize returns the remaining allowed size
|
|
|
|
func (q *QuotaCheckResult) GetRemainingSize() int64 {
|
|
|
|
if q.QuotaSize > 0 {
|
|
|
|
return q.QuotaSize - q.UsedSize
|
|
|
|
}
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
2020-06-18 20:38:03 +00:00
|
|
|
// GetRemainingFiles returns the remaining allowed files
|
2020-06-16 20:49:18 +00:00
|
|
|
func (q *QuotaCheckResult) GetRemainingFiles() int {
|
|
|
|
if q.QuotaFiles > 0 {
|
|
|
|
return q.QuotaFiles - q.UsedFiles
|
|
|
|
}
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
2020-05-23 09:58:05 +00:00
|
|
|
// S3FsConfig defines the configuration for S3 based filesystem
|
|
|
|
type S3FsConfig struct {
|
|
|
|
Bucket string `json:"bucket,omitempty"`
|
|
|
|
// KeyPrefix is similar to a chroot directory for local filesystem.
|
2020-06-07 21:30:18 +00:00
|
|
|
// If specified then the SFTP user will only see objects that starts
|
|
|
|
// with this prefix and so you can restrict access to a specific
|
2020-05-23 09:58:05 +00:00
|
|
|
// folder. The prefix, if not empty, must not start with "/" and must
|
|
|
|
// end with "/".
|
|
|
|
// If empty the whole bucket contents will be available
|
2020-11-30 20:46:34 +00:00
|
|
|
KeyPrefix string `json:"key_prefix,omitempty"`
|
|
|
|
Region string `json:"region,omitempty"`
|
|
|
|
AccessKey string `json:"access_key,omitempty"`
|
|
|
|
AccessSecret *kms.Secret `json:"access_secret,omitempty"`
|
|
|
|
Endpoint string `json:"endpoint,omitempty"`
|
|
|
|
StorageClass string `json:"storage_class,omitempty"`
|
2020-05-23 09:58:05 +00:00
|
|
|
// The buffer size (in MB) to use for multipart uploads. The minimum allowed part size is 5MB,
|
|
|
|
// and if this value is set to zero, the default value (5MB) for the AWS SDK will be used.
|
|
|
|
// The minimum allowed value is 5.
|
|
|
|
// Please note that if the upload bandwidth between the SFTP client and SFTPGo is greater than
|
|
|
|
// the upload bandwidth between SFTPGo and S3 then the SFTP client have to wait for the upload
|
|
|
|
// of the last parts to S3 after it ends the file upload to SFTPGo, and it may time out.
|
|
|
|
// Keep this in mind if you customize these parameters.
|
|
|
|
UploadPartSize int64 `json:"upload_part_size,omitempty"`
|
|
|
|
// How many parts are uploaded in parallel
|
|
|
|
UploadConcurrency int `json:"upload_concurrency,omitempty"`
|
|
|
|
}
|
|
|
|
|
2021-03-27 18:10:27 +00:00
|
|
|
func (c *S3FsConfig) isEqual(other *S3FsConfig) bool {
|
|
|
|
if c.Bucket != other.Bucket {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.KeyPrefix != other.KeyPrefix {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.Region != other.Region {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.AccessKey != other.AccessKey {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.Endpoint != other.Endpoint {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.StorageClass != other.StorageClass {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.UploadPartSize != other.UploadPartSize {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.UploadConcurrency != other.UploadConcurrency {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.AccessSecret == nil {
|
|
|
|
c.AccessSecret = kms.NewEmptySecret()
|
|
|
|
}
|
|
|
|
if other.AccessSecret == nil {
|
|
|
|
other.AccessSecret = kms.NewEmptySecret()
|
|
|
|
}
|
|
|
|
return c.AccessSecret.IsEqual(other.AccessSecret)
|
|
|
|
}
|
|
|
|
|
2020-12-12 09:31:09 +00:00
|
|
|
func (c *S3FsConfig) checkCredentials() error {
|
|
|
|
if c.AccessKey == "" && !c.AccessSecret.IsEmpty() {
|
|
|
|
return errors.New("access_key cannot be empty with access_secret not empty")
|
|
|
|
}
|
|
|
|
if c.AccessSecret.IsEmpty() && c.AccessKey != "" {
|
|
|
|
return errors.New("access_secret cannot be empty with access_key not empty")
|
|
|
|
}
|
|
|
|
if c.AccessSecret.IsEncrypted() && !c.AccessSecret.IsValid() {
|
|
|
|
return errors.New("invalid encrypted access_secret")
|
|
|
|
}
|
|
|
|
if !c.AccessSecret.IsEmpty() && !c.AccessSecret.IsValidInput() {
|
|
|
|
return errors.New("invalid access_secret")
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// EncryptCredentials encrypts access secret if it is in plain text
|
|
|
|
func (c *S3FsConfig) EncryptCredentials(additionalData string) error {
|
|
|
|
if c.AccessSecret.IsPlain() {
|
|
|
|
c.AccessSecret.SetAdditionalData(additionalData)
|
|
|
|
err := c.AccessSecret.Encrypt()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Validate returns an error if the configuration is not valid
|
|
|
|
func (c *S3FsConfig) Validate() error {
|
|
|
|
if c.AccessSecret == nil {
|
|
|
|
c.AccessSecret = kms.NewEmptySecret()
|
|
|
|
}
|
|
|
|
if c.Bucket == "" {
|
|
|
|
return errors.New("bucket cannot be empty")
|
|
|
|
}
|
|
|
|
if c.Region == "" {
|
|
|
|
return errors.New("region cannot be empty")
|
|
|
|
}
|
|
|
|
if err := c.checkCredentials(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if c.KeyPrefix != "" {
|
|
|
|
if strings.HasPrefix(c.KeyPrefix, "/") {
|
|
|
|
return errors.New("key_prefix cannot start with /")
|
|
|
|
}
|
|
|
|
c.KeyPrefix = path.Clean(c.KeyPrefix)
|
|
|
|
if !strings.HasSuffix(c.KeyPrefix, "/") {
|
|
|
|
c.KeyPrefix += "/"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if c.UploadPartSize != 0 && (c.UploadPartSize < 5 || c.UploadPartSize > 5000) {
|
|
|
|
return errors.New("upload_part_size cannot be != 0, lower than 5 (MB) or greater than 5000 (MB)")
|
|
|
|
}
|
|
|
|
if c.UploadConcurrency < 0 || c.UploadConcurrency > 64 {
|
|
|
|
return fmt.Errorf("invalid upload concurrency: %v", c.UploadConcurrency)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-05-23 09:58:05 +00:00
|
|
|
// GCSFsConfig defines the configuration for Google Cloud Storage based filesystem
|
|
|
|
type GCSFsConfig struct {
|
|
|
|
Bucket string `json:"bucket,omitempty"`
|
|
|
|
// KeyPrefix is similar to a chroot directory for local filesystem.
|
2020-06-07 21:30:18 +00:00
|
|
|
// If specified then the SFTP user will only see objects that starts
|
|
|
|
// with this prefix and so you can restrict access to a specific
|
2020-05-23 09:58:05 +00:00
|
|
|
// folder. The prefix, if not empty, must not start with "/" and must
|
|
|
|
// end with "/".
|
|
|
|
// If empty the whole bucket contents will be available
|
2020-11-30 20:46:34 +00:00
|
|
|
KeyPrefix string `json:"key_prefix,omitempty"`
|
|
|
|
CredentialFile string `json:"-"`
|
|
|
|
Credentials *kms.Secret `json:"credentials,omitempty"`
|
2020-11-22 20:53:04 +00:00
|
|
|
// 0 explicit, 1 automatic
|
2020-05-23 09:58:05 +00:00
|
|
|
AutomaticCredentials int `json:"automatic_credentials,omitempty"`
|
|
|
|
StorageClass string `json:"storage_class,omitempty"`
|
|
|
|
}
|
|
|
|
|
2021-03-27 18:10:27 +00:00
|
|
|
func (c *GCSFsConfig) isEqual(other *GCSFsConfig) bool {
|
|
|
|
if c.Bucket != other.Bucket {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.KeyPrefix != other.KeyPrefix {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.AutomaticCredentials != other.AutomaticCredentials {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.StorageClass != other.StorageClass {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.Credentials == nil {
|
|
|
|
c.Credentials = kms.NewEmptySecret()
|
|
|
|
}
|
|
|
|
if other.Credentials == nil {
|
|
|
|
other.Credentials = kms.NewEmptySecret()
|
|
|
|
}
|
|
|
|
return c.Credentials.IsEqual(other.Credentials)
|
|
|
|
}
|
|
|
|
|
2020-12-12 09:31:09 +00:00
|
|
|
// Validate returns an error if the configuration is not valid
|
|
|
|
func (c *GCSFsConfig) Validate(credentialsFilePath string) error {
|
|
|
|
if c.Credentials == nil {
|
|
|
|
c.Credentials = kms.NewEmptySecret()
|
|
|
|
}
|
|
|
|
if c.Bucket == "" {
|
|
|
|
return errors.New("bucket cannot be empty")
|
|
|
|
}
|
|
|
|
if c.KeyPrefix != "" {
|
|
|
|
if strings.HasPrefix(c.KeyPrefix, "/") {
|
|
|
|
return errors.New("key_prefix cannot start with /")
|
|
|
|
}
|
|
|
|
c.KeyPrefix = path.Clean(c.KeyPrefix)
|
|
|
|
if !strings.HasSuffix(c.KeyPrefix, "/") {
|
|
|
|
c.KeyPrefix += "/"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if c.Credentials.IsEncrypted() && !c.Credentials.IsValid() {
|
|
|
|
return errors.New("invalid encrypted credentials")
|
|
|
|
}
|
|
|
|
if !c.Credentials.IsValidInput() && c.AutomaticCredentials == 0 {
|
|
|
|
fi, err := os.Stat(credentialsFilePath)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("invalid credentials %v", err)
|
|
|
|
}
|
|
|
|
if fi.Size() == 0 {
|
|
|
|
return errors.New("credentials cannot be empty")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-10-25 07:18:48 +00:00
|
|
|
// AzBlobFsConfig defines the configuration for Azure Blob Storage based filesystem
|
|
|
|
type AzBlobFsConfig struct {
|
|
|
|
Container string `json:"container,omitempty"`
|
|
|
|
// Storage Account Name, leave blank to use SAS URL
|
|
|
|
AccountName string `json:"account_name,omitempty"`
|
|
|
|
// Storage Account Key leave blank to use SAS URL.
|
2020-11-30 20:46:34 +00:00
|
|
|
// The access key is stored encrypted based on the kms configuration
|
|
|
|
AccountKey *kms.Secret `json:"account_key,omitempty"`
|
2020-10-25 07:18:48 +00:00
|
|
|
// Optional endpoint. Default is "blob.core.windows.net".
|
|
|
|
// If you use the emulator the endpoint must include the protocol,
|
|
|
|
// for example "http://127.0.0.1:10000"
|
|
|
|
Endpoint string `json:"endpoint,omitempty"`
|
|
|
|
// Shared access signature URL, leave blank if using account/key
|
2021-06-11 20:27:36 +00:00
|
|
|
SASURL *kms.Secret `json:"sas_url,omitempty"`
|
2020-10-25 07:18:48 +00:00
|
|
|
// KeyPrefix is similar to a chroot directory for local filesystem.
|
2021-06-11 20:27:36 +00:00
|
|
|
// If specified then the SFTPGo user will only see objects that starts
|
2020-10-25 07:18:48 +00:00
|
|
|
// with this prefix and so you can restrict access to a specific
|
|
|
|
// folder. The prefix, if not empty, must not start with "/" and must
|
|
|
|
// end with "/".
|
|
|
|
// If empty the whole bucket contents will be available
|
|
|
|
KeyPrefix string `json:"key_prefix,omitempty"`
|
|
|
|
// The buffer size (in MB) to use for multipart uploads.
|
|
|
|
// If this value is set to zero, the default value (1MB) for the Azure SDK will be used.
|
|
|
|
// Please note that if the upload bandwidth between the SFTPGo client and SFTPGo server is
|
|
|
|
// greater than the upload bandwidth between SFTPGo and Azure then the SFTP client have
|
|
|
|
// to wait for the upload of the last parts to Azure after it ends the file upload to SFTPGo,
|
|
|
|
// and it may time out.
|
|
|
|
// Keep this in mind if you customize these parameters.
|
|
|
|
UploadPartSize int64 `json:"upload_part_size,omitempty"`
|
|
|
|
// How many parts are uploaded in parallel
|
|
|
|
UploadConcurrency int `json:"upload_concurrency,omitempty"`
|
|
|
|
// Set to true if you use an Azure emulator such as Azurite
|
|
|
|
UseEmulator bool `json:"use_emulator,omitempty"`
|
2020-10-30 21:17:17 +00:00
|
|
|
// Blob Access Tier
|
|
|
|
AccessTier string `json:"access_tier,omitempty"`
|
2020-10-25 07:18:48 +00:00
|
|
|
}
|
|
|
|
|
2021-03-27 18:10:27 +00:00
|
|
|
func (c *AzBlobFsConfig) isEqual(other *AzBlobFsConfig) bool {
|
|
|
|
if c.Container != other.Container {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.AccountName != other.AccountName {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.Endpoint != other.Endpoint {
|
|
|
|
return false
|
|
|
|
}
|
2021-06-11 20:27:36 +00:00
|
|
|
if c.SASURL.IsEmpty() {
|
|
|
|
c.SASURL = kms.NewEmptySecret()
|
|
|
|
}
|
|
|
|
if other.SASURL.IsEmpty() {
|
|
|
|
other.SASURL = kms.NewEmptySecret()
|
|
|
|
}
|
|
|
|
if !c.SASURL.IsEqual(other.SASURL) {
|
2021-03-27 18:10:27 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.KeyPrefix != other.KeyPrefix {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.UploadPartSize != other.UploadPartSize {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.UploadConcurrency != other.UploadConcurrency {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.UseEmulator != other.UseEmulator {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.AccessTier != other.AccessTier {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if c.AccountKey == nil {
|
|
|
|
c.AccountKey = kms.NewEmptySecret()
|
|
|
|
}
|
|
|
|
if other.AccountKey == nil {
|
|
|
|
other.AccountKey = kms.NewEmptySecret()
|
|
|
|
}
|
|
|
|
return c.AccountKey.IsEqual(other.AccountKey)
|
|
|
|
}
|
|
|
|
|
2020-12-12 09:31:09 +00:00
|
|
|
// EncryptCredentials encrypts access secret if it is in plain text
|
|
|
|
func (c *AzBlobFsConfig) EncryptCredentials(additionalData string) error {
|
|
|
|
if c.AccountKey.IsPlain() {
|
|
|
|
c.AccountKey.SetAdditionalData(additionalData)
|
|
|
|
if err := c.AccountKey.Encrypt(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
2021-06-11 20:27:36 +00:00
|
|
|
if c.SASURL.IsPlain() {
|
|
|
|
c.SASURL.SetAdditionalData(additionalData)
|
|
|
|
if err := c.SASURL.Encrypt(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
2020-12-12 09:31:09 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *AzBlobFsConfig) checkCredentials() error {
|
2021-06-11 20:27:36 +00:00
|
|
|
if c.SASURL.IsPlain() {
|
|
|
|
_, err := url.Parse(c.SASURL.GetPayload())
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if c.SASURL.IsEncrypted() && !c.SASURL.IsValid() {
|
|
|
|
return errors.New("invalid encrypted sas_url")
|
|
|
|
}
|
|
|
|
if !c.SASURL.IsEmpty() {
|
|
|
|
return nil
|
|
|
|
}
|
2020-12-12 09:31:09 +00:00
|
|
|
if c.AccountName == "" || !c.AccountKey.IsValidInput() {
|
|
|
|
return errors.New("credentials cannot be empty or invalid")
|
|
|
|
}
|
|
|
|
if c.AccountKey.IsEncrypted() && !c.AccountKey.IsValid() {
|
|
|
|
return errors.New("invalid encrypted account_key")
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Validate returns an error if the configuration is not valid
|
|
|
|
func (c *AzBlobFsConfig) Validate() error {
|
|
|
|
if c.AccountKey == nil {
|
|
|
|
c.AccountKey = kms.NewEmptySecret()
|
|
|
|
}
|
2021-06-11 20:27:36 +00:00
|
|
|
if c.SASURL == nil {
|
|
|
|
c.SASURL = kms.NewEmptySecret()
|
2020-12-12 09:31:09 +00:00
|
|
|
}
|
2021-06-11 20:27:36 +00:00
|
|
|
// container could be embedded within SAS URL we check this at runtime
|
|
|
|
if c.SASURL.IsEmpty() && c.Container == "" {
|
2020-12-12 09:31:09 +00:00
|
|
|
return errors.New("container cannot be empty")
|
|
|
|
}
|
|
|
|
if err := c.checkCredentials(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if c.KeyPrefix != "" {
|
|
|
|
if strings.HasPrefix(c.KeyPrefix, "/") {
|
|
|
|
return errors.New("key_prefix cannot start with /")
|
|
|
|
}
|
|
|
|
c.KeyPrefix = path.Clean(c.KeyPrefix)
|
|
|
|
if !strings.HasSuffix(c.KeyPrefix, "/") {
|
|
|
|
c.KeyPrefix += "/"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if c.UploadPartSize < 0 || c.UploadPartSize > 100 {
|
|
|
|
return fmt.Errorf("invalid upload part size: %v", c.UploadPartSize)
|
|
|
|
}
|
|
|
|
if c.UploadConcurrency < 0 || c.UploadConcurrency > 64 {
|
|
|
|
return fmt.Errorf("invalid upload concurrency: %v", c.UploadConcurrency)
|
|
|
|
}
|
|
|
|
if !utils.IsStringInSlice(c.AccessTier, validAzAccessTier) {
|
|
|
|
return fmt.Errorf("invalid access tier %#v, valid values: \"''%v\"", c.AccessTier, strings.Join(validAzAccessTier, ", "))
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-12-05 12:48:13 +00:00
|
|
|
// CryptFsConfig defines the configuration to store local files as encrypted
|
|
|
|
type CryptFsConfig struct {
|
|
|
|
Passphrase *kms.Secret `json:"passphrase,omitempty"`
|
|
|
|
}
|
|
|
|
|
2021-03-27 18:10:27 +00:00
|
|
|
func (c *CryptFsConfig) isEqual(other *CryptFsConfig) bool {
|
|
|
|
if c.Passphrase == nil {
|
|
|
|
c.Passphrase = kms.NewEmptySecret()
|
|
|
|
}
|
|
|
|
if other.Passphrase == nil {
|
|
|
|
other.Passphrase = kms.NewEmptySecret()
|
|
|
|
}
|
|
|
|
return c.Passphrase.IsEqual(other.Passphrase)
|
|
|
|
}
|
|
|
|
|
2020-12-12 09:31:09 +00:00
|
|
|
// EncryptCredentials encrypts access secret if it is in plain text
|
|
|
|
func (c *CryptFsConfig) EncryptCredentials(additionalData string) error {
|
|
|
|
if c.Passphrase.IsPlain() {
|
|
|
|
c.Passphrase.SetAdditionalData(additionalData)
|
|
|
|
if err := c.Passphrase.Encrypt(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Validate returns an error if the configuration is not valid
|
|
|
|
func (c *CryptFsConfig) Validate() error {
|
|
|
|
if c.Passphrase == nil || c.Passphrase.IsEmpty() {
|
|
|
|
return errors.New("invalid passphrase")
|
|
|
|
}
|
|
|
|
if !c.Passphrase.IsValidInput() {
|
|
|
|
return errors.New("passphrase cannot be empty or invalid")
|
|
|
|
}
|
|
|
|
if c.Passphrase.IsEncrypted() && !c.Passphrase.IsValid() {
|
|
|
|
return errors.New("invalid encrypted passphrase")
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-05-19 17:17:43 +00:00
|
|
|
// PipeWriter defines a wrapper for pipeat.PipeWriterAt.
|
|
|
|
type PipeWriter struct {
|
|
|
|
writer *pipeat.PipeWriterAt
|
|
|
|
err error
|
|
|
|
done chan bool
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewPipeWriter initializes a new PipeWriter
|
|
|
|
func NewPipeWriter(w *pipeat.PipeWriterAt) *PipeWriter {
|
|
|
|
return &PipeWriter{
|
|
|
|
writer: w,
|
|
|
|
err: nil,
|
|
|
|
done: make(chan bool),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Close waits for the upload to end, closes the pipeat.PipeWriterAt and returns an error if any.
|
|
|
|
func (p *PipeWriter) Close() error {
|
|
|
|
p.writer.Close() //nolint:errcheck // the returned error is always null
|
|
|
|
<-p.done
|
|
|
|
return p.err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Done unlocks other goroutines waiting on Close().
|
|
|
|
// It must be called when the upload ends
|
|
|
|
func (p *PipeWriter) Done(err error) {
|
|
|
|
p.err = err
|
|
|
|
p.done <- true
|
|
|
|
}
|
|
|
|
|
|
|
|
// WriteAt is a wrapper for pipeat WriteAt
|
|
|
|
func (p *PipeWriter) WriteAt(data []byte, off int64) (int, error) {
|
|
|
|
return p.writer.WriteAt(data, off)
|
|
|
|
}
|
|
|
|
|
2020-07-24 21:39:38 +00:00
|
|
|
// Write is a wrapper for pipeat Write
|
|
|
|
func (p *PipeWriter) Write(data []byte) (int, error) {
|
|
|
|
return p.writer.Write(data)
|
|
|
|
}
|
|
|
|
|
2020-01-19 06:41:05 +00:00
|
|
|
// IsDirectory checks if a path exists and is a directory
|
|
|
|
func IsDirectory(fs Fs, path string) (bool, error) {
|
|
|
|
fileInfo, err := fs.Stat(path)
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
return fileInfo.IsDir(), err
|
|
|
|
}
|
|
|
|
|
2020-12-05 12:48:13 +00:00
|
|
|
// IsLocalOsFs returns true if fs is a local filesystem implementation
|
2020-01-19 06:41:05 +00:00
|
|
|
func IsLocalOsFs(fs Fs) bool {
|
|
|
|
return fs.Name() == osFsName
|
|
|
|
}
|
|
|
|
|
2020-12-05 12:48:13 +00:00
|
|
|
// IsCryptOsFs returns true if fs is an encrypted local filesystem implementation
|
|
|
|
func IsCryptOsFs(fs Fs) bool {
|
|
|
|
return fs.Name() == cryptFsName
|
|
|
|
}
|
|
|
|
|
2021-02-14 21:08:08 +00:00
|
|
|
// IsSFTPFs returns true if fs is an SFTP filesystem
|
2020-12-12 09:31:09 +00:00
|
|
|
func IsSFTPFs(fs Fs) bool {
|
|
|
|
return strings.HasPrefix(fs.Name(), sftpFsName)
|
2020-11-22 20:53:04 +00:00
|
|
|
}
|
|
|
|
|
2021-04-03 14:00:55 +00:00
|
|
|
// IsBufferedSFTPFs returns true if this is a buffered SFTP filesystem
|
|
|
|
func IsBufferedSFTPFs(fs Fs) bool {
|
|
|
|
if !IsSFTPFs(fs) {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
return !fs.IsUploadResumeSupported()
|
|
|
|
}
|
|
|
|
|
|
|
|
// IsLocalOrUnbufferedSFTPFs returns true if fs is local or SFTP with no buffer
|
|
|
|
func IsLocalOrUnbufferedSFTPFs(fs Fs) bool {
|
|
|
|
if IsLocalOsFs(fs) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
if IsSFTPFs(fs) {
|
|
|
|
return fs.IsUploadResumeSupported()
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2020-12-12 09:31:09 +00:00
|
|
|
// IsLocalOrSFTPFs returns true if fs is local or SFTP
|
|
|
|
func IsLocalOrSFTPFs(fs Fs) bool {
|
|
|
|
return IsLocalOsFs(fs) || IsSFTPFs(fs)
|
2020-12-05 12:48:13 +00:00
|
|
|
}
|
|
|
|
|
2021-04-03 14:00:55 +00:00
|
|
|
// HasOpenRWSupport returns true if the fs can open a file
|
|
|
|
// for reading and writing at the same time
|
|
|
|
func HasOpenRWSupport(fs Fs) bool {
|
|
|
|
if IsLocalOsFs(fs) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
if IsSFTPFs(fs) && fs.IsUploadResumeSupported() {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2021-03-21 18:15:47 +00:00
|
|
|
// IsLocalOrCryptoFs returns true if fs is local or local encrypted
|
|
|
|
func IsLocalOrCryptoFs(fs Fs) bool {
|
|
|
|
return IsLocalOsFs(fs) || IsCryptOsFs(fs)
|
|
|
|
}
|
|
|
|
|
2020-01-19 06:41:05 +00:00
|
|
|
// SetPathPermissions calls fs.Chown.
|
|
|
|
// It does nothing for local filesystem on windows
|
|
|
|
func SetPathPermissions(fs Fs, path string, uid int, gid int) {
|
2020-12-12 09:31:09 +00:00
|
|
|
if uid == -1 && gid == -1 {
|
|
|
|
return
|
|
|
|
}
|
2020-01-19 06:41:05 +00:00
|
|
|
if IsLocalOsFs(fs) {
|
|
|
|
if runtime.GOOS == "windows" {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if err := fs.Chown(path, uid, gid); err != nil {
|
|
|
|
fsLog(fs, logger.LevelWarn, "error chowning path %v: %v", path, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func fsLog(fs Fs, level logger.LogLevel, format string, v ...interface{}) {
|
|
|
|
logger.Log(level, fs.Name(), fs.ConnectionID(), format, v...)
|
|
|
|
}
|