sftpgo-mirror/httpd/api_user.go

package httpd

import (
	"errors"
	"fmt"
	"net/http"
	"strconv"

	"github.com/go-chi/chi"
	"github.com/go-chi/render"

	"github.com/drakkan/sftpgo/common"
	"github.com/drakkan/sftpgo/dataprovider"
	"github.com/drakkan/sftpgo/kms"
	"github.com/drakkan/sftpgo/vfs"
)

func getUsers(w http.ResponseWriter, r *http.Request) {
	limit := 100
	offset := 0
	order := dataprovider.OrderASC
	username := ""
	var err error
	if _, ok := r.URL.Query()["limit"]; ok {
		limit, err = strconv.Atoi(r.URL.Query().Get("limit"))
		if err != nil {
			err = errors.New("Invalid limit")
			sendAPIResponse(w, r, err, "", http.StatusBadRequest)
			return
		}
		if limit > 500 {
			limit = 500
		}
	}
	if _, ok := r.URL.Query()["offset"]; ok {
		offset, err = strconv.Atoi(r.URL.Query().Get("offset"))
		if err != nil {
			err = errors.New("Invalid offset")
			sendAPIResponse(w, r, err, "", http.StatusBadRequest)
			return
		}
	}
	if _, ok := r.URL.Query()["order"]; ok {
		order = r.URL.Query().Get("order")
		if order != dataprovider.OrderASC && order != dataprovider.OrderDESC {
			err = errors.New("Invalid order")
			sendAPIResponse(w, r, err, "", http.StatusBadRequest)
			return
		}
	}
	if _, ok := r.URL.Query()["username"]; ok {
		username = r.URL.Query().Get("username")
	}
	users, err := dataprovider.GetUsers(limit, offset, order, username)
	if err == nil {
		render.JSON(w, r, users)
	} else {
		sendAPIResponse(w, r, err, "", http.StatusInternalServerError)
	}
}

func getUserByID(w http.ResponseWriter, r *http.Request) {
	userID, err := strconv.ParseInt(chi.URLParam(r, "userID"), 10, 64)
	if err != nil {
		err = errors.New("Invalid userID")
		sendAPIResponse(w, r, err, "", http.StatusBadRequest)
		return
	}
	user, err := dataprovider.GetUserByID(userID)
	if err == nil {
		user.HideConfidentialData()
		render.JSON(w, r, user)
	} else {
		sendAPIResponse(w, r, err, "", getRespStatus(err))
	}
}

func addUser(w http.ResponseWriter, r *http.Request) {
	r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
	var user dataprovider.User
	err := render.DecodeJSON(r.Body, &user)
	if err != nil {
		sendAPIResponse(w, r, err, "", http.StatusBadRequest)
		return
	}
	user.SetEmptySecretsIfNil()
	switch user.FsConfig.Provider {
	case dataprovider.S3FilesystemProvider:
		if user.FsConfig.S3Config.AccessSecret.IsRedacted() {
			sendAPIResponse(w, r, errors.New("invalid access_secret"), "", http.StatusBadRequest)
			return
		}
	case dataprovider.GCSFilesystemProvider:
		if user.FsConfig.GCSConfig.Credentials.IsRedacted() {
			sendAPIResponse(w, r, errors.New("invalid credentials"), "", http.StatusBadRequest)
			return
		}
	case dataprovider.AzureBlobFilesystemProvider:
		if user.FsConfig.AzBlobConfig.AccountKey.IsRedacted() {
			sendAPIResponse(w, r, errors.New("invalid account_key"), "", http.StatusBadRequest)
			return
		}
	case dataprovider.CryptedFilesystemProvider:
		if user.FsConfig.CryptConfig.Passphrase.IsRedacted() {
			sendAPIResponse(w, r, errors.New("invalid passphrase"), "", http.StatusBadRequest)
			return
		}
	case dataprovider.SFTPFilesystemProvider:
		if user.FsConfig.SFTPConfig.Password.IsRedacted() {
			sendAPIResponse(w, r, errors.New("invalid SFTP password"), "", http.StatusBadRequest)
			return
		}
		if user.FsConfig.SFTPConfig.PrivateKey.IsRedacted() {
			sendAPIResponse(w, r, errors.New("invalid SFTP private key"), "", http.StatusBadRequest)
			return
		}
	}
	err = dataprovider.AddUser(&user)
	if err == nil {
		user, err = dataprovider.UserExists(user.Username)
		if err == nil {
			user.HideConfidentialData()
			render.JSON(w, r, user)
		} else {
			sendAPIResponse(w, r, err, "", getRespStatus(err))
		}
	} else {
		sendAPIResponse(w, r, err, "", getRespStatus(err))
	}
}

func updateUser(w http.ResponseWriter, r *http.Request) {
	r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
	userID, err := strconv.ParseInt(chi.URLParam(r, "userID"), 10, 64)
	if err != nil {
		err = errors.New("Invalid userID")
		sendAPIResponse(w, r, err, "", http.StatusBadRequest)
		return
	}
	disconnect := 0
	if _, ok := r.URL.Query()["disconnect"]; ok {
		disconnect, err = strconv.Atoi(r.URL.Query().Get("disconnect"))
		if err != nil {
			err = fmt.Errorf("invalid disconnect parameter: %v", err)
			sendAPIResponse(w, r, err, "", http.StatusBadRequest)
			return
		}
	}
	user, err := dataprovider.GetUserByID(userID)
	if err != nil {
		sendAPIResponse(w, r, err, "", getRespStatus(err))
		return
	}
	currentPermissions := user.Permissions
	currentS3AccessSecret := user.FsConfig.S3Config.AccessSecret
	currentAzAccountKey := user.FsConfig.AzBlobConfig.AccountKey
	currentGCSCredentials := user.FsConfig.GCSConfig.Credentials
	currentCryptoPassphrase := user.FsConfig.CryptConfig.Passphrase
	currentSFTPPassword := user.FsConfig.SFTPConfig.Password
	currentSFTPKey := user.FsConfig.SFTPConfig.PrivateKey

	user.Permissions = make(map[string][]string)
	user.FsConfig.S3Config = vfs.S3FsConfig{}
	user.FsConfig.AzBlobConfig = vfs.AzBlobFsConfig{}
	user.FsConfig.GCSConfig = vfs.GCSFsConfig{}
	user.FsConfig.CryptConfig = vfs.CryptFsConfig{}
	user.FsConfig.SFTPConfig = vfs.SFTPFsConfig{}
	err = render.DecodeJSON(r.Body, &user)
	if err != nil {
		sendAPIResponse(w, r, err, "", http.StatusBadRequest)
		return
	}
	user.SetEmptySecretsIfNil()
	// we use new Permissions if passed otherwise the old ones
	if len(user.Permissions) == 0 {
		user.Permissions = currentPermissions
	}
	updateEncryptedSecrets(&user, currentS3AccessSecret, currentAzAccountKey, currentGCSCredentials, currentCryptoPassphrase,
		currentSFTPPassword, currentSFTPKey)
	if user.ID != userID {
		sendAPIResponse(w, r, err, "user ID in request body does not match user ID in path parameter", http.StatusBadRequest)
		return
	}
	err = dataprovider.UpdateUser(&user)
	if err != nil {
		sendAPIResponse(w, r, err, "", getRespStatus(err))
	} else {
		sendAPIResponse(w, r, err, "User updated", http.StatusOK)
		if disconnect == 1 {
			disconnectUser(user.Username)
		}
	}
}

func deleteUser(w http.ResponseWriter, r *http.Request) {
	userID, err := strconv.ParseInt(chi.URLParam(r, "userID"), 10, 64)
	if err != nil {
		err = errors.New("Invalid userID")
		sendAPIResponse(w, r, err, "", http.StatusBadRequest)
		return
	}
	user, err := dataprovider.GetUserByID(userID)
	if err != nil {
		sendAPIResponse(w, r, err, "", getRespStatus(err))
		return
	}
	err = dataprovider.DeleteUser(&user)
	if err != nil {
		sendAPIResponse(w, r, err, "", http.StatusInternalServerError)
	} else {
		sendAPIResponse(w, r, err, "User deleted", http.StatusOK)
		disconnectUser(user.Username)
	}
}

func disconnectUser(username string) {
	for _, stat := range common.Connections.GetStats() {
		if stat.Username == username {
			common.Connections.Close(stat.ConnectionID)
		}
	}
}

func updateEncryptedSecrets(user *dataprovider.User, currentS3AccessSecret, currentAzAccountKey,
	currentGCSCredentials, currentCryptoPassphrase, currentSFTPPassword, currentSFTPKey *kms.Secret) {
	// we use the new access secret if plain or empty, otherwise the old value
	switch user.FsConfig.Provider {
	case dataprovider.S3FilesystemProvider:
		if user.FsConfig.S3Config.AccessSecret.IsNotPlainAndNotEmpty() {
			user.FsConfig.S3Config.AccessSecret = currentS3AccessSecret
		}
	case dataprovider.AzureBlobFilesystemProvider:
		if user.FsConfig.AzBlobConfig.AccountKey.IsNotPlainAndNotEmpty() {
			user.FsConfig.AzBlobConfig.AccountKey = currentAzAccountKey
		}
	case dataprovider.GCSFilesystemProvider:
		if user.FsConfig.GCSConfig.Credentials.IsNotPlainAndNotEmpty() {
			user.FsConfig.GCSConfig.Credentials = currentGCSCredentials
		}
	case dataprovider.CryptedFilesystemProvider:
		if user.FsConfig.CryptConfig.Passphrase.IsNotPlainAndNotEmpty() {
			user.FsConfig.CryptConfig.Passphrase = currentCryptoPassphrase
		}
	case dataprovider.SFTPFilesystemProvider:
		if user.FsConfig.SFTPConfig.Password.IsNotPlainAndNotEmpty() {
			user.FsConfig.SFTPConfig.Password = currentSFTPPassword
		}
		if user.FsConfig.SFTPConfig.PrivateKey.IsNotPlainAndNotEmpty() {
			user.FsConfig.SFTPConfig.PrivateKey = currentSFTPKey
		}
	}
}
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`package httpd`
first version 2019-07-20 10:26:52 +00:00
			`import (`
			`"errors"`
REST API/Web admin: add a parameter to disconnect a user after an update This way you can force the user to login again and so to use the updated configuration. A deleted user will be automatically disconnected. Fixes #163 Improved some docs too. 2020-09-01 14:10:26 +00:00			`"fmt"`
first version 2019-07-20 10:26:52 +00:00			`"net/http"`
			`"strconv"`

			`"github.com/go-chi/chi"`
			`"github.com/go-chi/render"`
add more linters test cases migration to testify is now complete. Linters are enabled for test cases too 2020-05-06 17:36:34 +00:00
REST API/Web admin: add a parameter to disconnect a user after an update This way you can force the user to login again and so to use the updated configuration. A deleted user will be automatically disconnected. Fixes #163 Improved some docs too. 2020-09-01 14:10:26 +00:00			`"github.com/drakkan/sftpgo/common"`
add more linters test cases migration to testify is now complete. Linters are enabled for test cases too 2020-05-06 17:36:34 +00:00			`"github.com/drakkan/sftpgo/dataprovider"`
add KMS support Fixes #226 2020-11-30 20:46:34 +00:00			`"github.com/drakkan/sftpgo/kms"`
add a dedicated struct to store encrypted credentials also gcs credentials are now encrypted, both on disk and inside the provider. Data provider is automatically migrated and load data will accept old format too but you should upgrade to the new format to avoid future issues 2020-11-22 20:53:04 +00:00			`"github.com/drakkan/sftpgo/vfs"`
first version 2019-07-20 10:26:52 +00:00			`)`

			`func getUsers(w http.ResponseWriter, r *http.Request) {`
			`limit := 100`
			`offset := 0`
refactor virtual folders The same virtual folder can now be shared among users and different folder quota limits for each user are supported. Fixes #120 2020-06-07 21:30:18 +00:00			`order := dataprovider.OrderASC`
first version 2019-07-20 10:26:52 +00:00			`username := ""`
			`var err error`
			`if _, ok := r.URL.Query()["limit"]; ok {`
			`limit, err = strconv.Atoi(r.URL.Query().Get("limit"))`
			`if err != nil {`
			`err = errors.New("Invalid limit")`
			`sendAPIResponse(w, r, err, "", http.StatusBadRequest)`
			`return`
			`}`
			`if limit > 500 {`
			`limit = 500`
			`}`
			`}`
			`if _, ok := r.URL.Query()["offset"]; ok {`
			`offset, err = strconv.Atoi(r.URL.Query().Get("offset"))`
			`if err != nil {`
			`err = errors.New("Invalid offset")`
			`sendAPIResponse(w, r, err, "", http.StatusBadRequest)`
			`return`
			`}`
			`}`
			`if _, ok := r.URL.Query()["order"]; ok {`
			`order = r.URL.Query().Get("order")`
refactor virtual folders The same virtual folder can now be shared among users and different folder quota limits for each user are supported. Fixes #120 2020-06-07 21:30:18 +00:00			`if order != dataprovider.OrderASC && order != dataprovider.OrderDESC {`
first version 2019-07-20 10:26:52 +00:00			`err = errors.New("Invalid order")`
			`sendAPIResponse(w, r, err, "", http.StatusBadRequest)`
			`return`
			`}`
			`}`
			`if _, ok := r.URL.Query()["username"]; ok {`
			`username = r.URL.Query().Get("username")`
			`}`
simplify data provider usage remove the obsolete SQL scripts too. They are not required since v0.9.6 2020-07-08 17:59:31 +00:00			`users, err := dataprovider.GetUsers(limit, offset, order, username)`
first version 2019-07-20 10:26:52 +00:00			`if err == nil {`
			`render.JSON(w, r, users)`
			`} else {`
			`sendAPIResponse(w, r, err, "", http.StatusInternalServerError)`
			`}`
			`}`

			`func getUserByID(w http.ResponseWriter, r *http.Request) {`
			`userID, err := strconv.ParseInt(chi.URLParam(r, "userID"), 10, 64)`
			`if err != nil {`
			`err = errors.New("Invalid userID")`
			`sendAPIResponse(w, r, err, "", http.StatusBadRequest)`
			`return`
			`}`
simplify data provider usage remove the obsolete SQL scripts too. They are not required since v0.9.6 2020-07-08 17:59:31 +00:00			`user, err := dataprovider.GetUserByID(userID)`
first version 2019-07-20 10:26:52 +00:00			`if err == nil {`
add a dedicated struct to store encrypted credentials also gcs credentials are now encrypted, both on disk and inside the provider. Data provider is automatically migrated and load data will accept old format too but you should upgrade to the new format to avoid future issues 2020-11-22 20:53:04 +00:00			`user.HideConfidentialData()`
			`render.JSON(w, r, user)`
first version 2019-07-20 10:26:52 +00:00			`} else {`
Add API endpoint to set current quota Fixes #130 2020-06-20 10:38:04 +00:00			`sendAPIResponse(w, r, err, "", getRespStatus(err))`
first version 2019-07-20 10:26:52 +00:00			`}`
			`}`

			`func addUser(w http.ResponseWriter, r *http.Request) {`
add support for serving Google Cloud Storage over SFTP/SCP Each user can be mapped with a Google Cloud Storage bucket or a bucket virtual folder 2020-01-31 18:04:00 +00:00			`r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)`
first version 2019-07-20 10:26:52 +00:00			`var user dataprovider.User`
			`err := render.DecodeJSON(r.Body, &user)`
			`if err != nil {`
			`sendAPIResponse(w, r, err, "", http.StatusBadRequest)`
			`return`
			`}`
add KMS support Fixes #226 2020-11-30 20:46:34 +00:00			`user.SetEmptySecretsIfNil()`
add a dedicated struct to store encrypted credentials also gcs credentials are now encrypted, both on disk and inside the provider. Data provider is automatically migrated and load data will accept old format too but you should upgrade to the new format to avoid future issues 2020-11-22 20:53:04 +00:00			`switch user.FsConfig.Provider {`
			`case dataprovider.S3FilesystemProvider:`
			`if user.FsConfig.S3Config.AccessSecret.IsRedacted() {`
			`sendAPIResponse(w, r, errors.New("invalid access_secret"), "", http.StatusBadRequest)`
			`return`
			`}`
			`case dataprovider.GCSFilesystemProvider:`
			`if user.FsConfig.GCSConfig.Credentials.IsRedacted() {`
			`sendAPIResponse(w, r, errors.New("invalid credentials"), "", http.StatusBadRequest)`
			`return`
			`}`
			`case dataprovider.AzureBlobFilesystemProvider:`
			`if user.FsConfig.AzBlobConfig.AccountKey.IsRedacted() {`
			`sendAPIResponse(w, r, errors.New("invalid account_key"), "", http.StatusBadRequest)`
			`return`
			`}`
add Data At Rest Encryption support 2020-12-05 12:48:13 +00:00			`case dataprovider.CryptedFilesystemProvider:`
			`if user.FsConfig.CryptConfig.Passphrase.IsRedacted() {`
			`sendAPIResponse(w, r, errors.New("invalid passphrase"), "", http.StatusBadRequest)`
			`return`
			`}`
add sftpfs storage backend Fixes #224 2020-12-12 09:31:09 +00:00			`case dataprovider.SFTPFilesystemProvider:`
			`if user.FsConfig.SFTPConfig.Password.IsRedacted() {`
			`sendAPIResponse(w, r, errors.New("invalid SFTP password"), "", http.StatusBadRequest)`
			`return`
			`}`
			`if user.FsConfig.SFTPConfig.PrivateKey.IsRedacted() {`
			`sendAPIResponse(w, r, errors.New("invalid SFTP private key"), "", http.StatusBadRequest)`
			`return`
			`}`
add a dedicated struct to store encrypted credentials also gcs credentials are now encrypted, both on disk and inside the provider. Data provider is automatically migrated and load data will accept old format too but you should upgrade to the new format to avoid future issues 2020-11-22 20:53:04 +00:00			`}`
fix a potential race condition for pre-login and ext auth hooks doing something like this: err = provider.updateUser(u) ... return provider.userExists(username) could be racy if another update happen before provider.userExists(username) also pass a pointer to updateUser so if the user is modified inside "validateUser" we can just return the modified user without do a new query 2021-01-05 08:50:22 +00:00			`err = dataprovider.AddUser(&user)`
first version 2019-07-20 10:26:52 +00:00			`if err == nil {`
simplify data provider usage remove the obsolete SQL scripts too. They are not required since v0.9.6 2020-07-08 17:59:31 +00:00			`user, err = dataprovider.UserExists(user.Username)`
first version 2019-07-20 10:26:52 +00:00			`if err == nil {`
add a dedicated struct to store encrypted credentials also gcs credentials are now encrypted, both on disk and inside the provider. Data provider is automatically migrated and load data will accept old format too but you should upgrade to the new format to avoid future issues 2020-11-22 20:53:04 +00:00			`user.HideConfidentialData()`
			`render.JSON(w, r, user)`
first version 2019-07-20 10:26:52 +00:00			`} else {`
Add API endpoint to set current quota Fixes #130 2020-06-20 10:38:04 +00:00			`sendAPIResponse(w, r, err, "", getRespStatus(err))`
first version 2019-07-20 10:26:52 +00:00			`}`
			`} else {`
			`sendAPIResponse(w, r, err, "", getRespStatus(err))`
			`}`
			`}`

			`func updateUser(w http.ResponseWriter, r *http.Request) {`
add support for serving Google Cloud Storage over SFTP/SCP Each user can be mapped with a Google Cloud Storage bucket or a bucket virtual folder 2020-01-31 18:04:00 +00:00			`r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)`
first version 2019-07-20 10:26:52 +00:00			`userID, err := strconv.ParseInt(chi.URLParam(r, "userID"), 10, 64)`
			`if err != nil {`
			`err = errors.New("Invalid userID")`
			`sendAPIResponse(w, r, err, "", http.StatusBadRequest)`
			`return`
			`}`
REST API/Web admin: add a parameter to disconnect a user after an update This way you can force the user to login again and so to use the updated configuration. A deleted user will be automatically disconnected. Fixes #163 Improved some docs too. 2020-09-01 14:10:26 +00:00			`disconnect := 0`
			`if _, ok := r.URL.Query()["disconnect"]; ok {`
			`disconnect, err = strconv.Atoi(r.URL.Query().Get("disconnect"))`
			`if err != nil {`
			`err = fmt.Errorf("invalid disconnect parameter: %v", err)`
			`sendAPIResponse(w, r, err, "", http.StatusBadRequest)`
			`return`
			`}`
			`}`
simplify data provider usage remove the obsolete SQL scripts too. They are not required since v0.9.6 2020-07-08 17:59:31 +00:00			`user, err := dataprovider.GetUserByID(userID)`
Add API endpoint to set current quota Fixes #130 2020-06-20 10:38:04 +00:00			`if err != nil {`
			`sendAPIResponse(w, r, err, "", getRespStatus(err))`
			`return`
			`}`
add support for serving Google Cloud Storage over SFTP/SCP Each user can be mapped with a Google Cloud Storage bucket or a bucket virtual folder 2020-01-31 18:04:00 +00:00			`currentPermissions := user.Permissions`
add sftpfs storage backend Fixes #224 2020-12-12 09:31:09 +00:00			`currentS3AccessSecret := user.FsConfig.S3Config.AccessSecret`
			`currentAzAccountKey := user.FsConfig.AzBlobConfig.AccountKey`
			`currentGCSCredentials := user.FsConfig.GCSConfig.Credentials`
			`currentCryptoPassphrase := user.FsConfig.CryptConfig.Passphrase`
			`currentSFTPPassword := user.FsConfig.SFTPConfig.Password`
			`currentSFTPKey := user.FsConfig.SFTPConfig.PrivateKey`
add Data At Rest Encryption support 2020-12-05 12:48:13 +00:00
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed 2019-12-25 17:20:19 +00:00			`user.Permissions = make(map[string][]string)`
add a dedicated struct to store encrypted credentials also gcs credentials are now encrypted, both on disk and inside the provider. Data provider is automatically migrated and load data will accept old format too but you should upgrade to the new format to avoid future issues 2020-11-22 20:53:04 +00:00			`user.FsConfig.S3Config = vfs.S3FsConfig{}`
			`user.FsConfig.AzBlobConfig = vfs.AzBlobFsConfig{}`
			`user.FsConfig.GCSConfig = vfs.GCSFsConfig{}`
add Data At Rest Encryption support 2020-12-05 12:48:13 +00:00			`user.FsConfig.CryptConfig = vfs.CryptFsConfig{}`
add sftpfs storage backend Fixes #224 2020-12-12 09:31:09 +00:00			`user.FsConfig.SFTPConfig = vfs.SFTPFsConfig{}`
first version 2019-07-20 10:26:52 +00:00			`err = render.DecodeJSON(r.Body, &user)`
			`if err != nil {`
			`sendAPIResponse(w, r, err, "", http.StatusBadRequest)`
			`return`
			`}`
add KMS support Fixes #226 2020-11-30 20:46:34 +00:00			`user.SetEmptySecretsIfNil()`
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed 2019-12-25 17:20:19 +00:00			`// we use new Permissions if passed otherwise the old ones`
			`if len(user.Permissions) == 0 {`
add support for serving Google Cloud Storage over SFTP/SCP Each user can be mapped with a Google Cloud Storage bucket or a bucket virtual folder 2020-01-31 18:04:00 +00:00			`user.Permissions = currentPermissions`
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed 2019-12-25 17:20:19 +00:00			`}`
add sftpfs storage backend Fixes #224 2020-12-12 09:31:09 +00:00			`updateEncryptedSecrets(&user, currentS3AccessSecret, currentAzAccountKey, currentGCSCredentials, currentCryptoPassphrase,`
			`currentSFTPPassword, currentSFTPKey)`
first version 2019-07-20 10:26:52 +00:00			`if user.ID != userID {`
			`sendAPIResponse(w, r, err, "user ID in request body does not match user ID in path parameter", http.StatusBadRequest)`
			`return`
			`}`
fix a potential race condition for pre-login and ext auth hooks doing something like this: err = provider.updateUser(u) ... return provider.userExists(username) could be racy if another update happen before provider.userExists(username) also pass a pointer to updateUser so if the user is modified inside "validateUser" we can just return the modified user without do a new query 2021-01-05 08:50:22 +00:00			`err = dataprovider.UpdateUser(&user)`
first version 2019-07-20 10:26:52 +00:00			`if err != nil {`
			`sendAPIResponse(w, r, err, "", getRespStatus(err))`
			`} else {`
			`sendAPIResponse(w, r, err, "User updated", http.StatusOK)`
REST API/Web admin: add a parameter to disconnect a user after an update This way you can force the user to login again and so to use the updated configuration. A deleted user will be automatically disconnected. Fixes #163 Improved some docs too. 2020-09-01 14:10:26 +00:00			`if disconnect == 1 {`
			`disconnectUser(user.Username)`
			`}`
first version 2019-07-20 10:26:52 +00:00			`}`
			`}`

			`func deleteUser(w http.ResponseWriter, r *http.Request) {`
			`userID, err := strconv.ParseInt(chi.URLParam(r, "userID"), 10, 64)`
			`if err != nil {`
			`err = errors.New("Invalid userID")`
			`sendAPIResponse(w, r, err, "", http.StatusBadRequest)`
			`return`
			`}`
simplify data provider usage remove the obsolete SQL scripts too. They are not required since v0.9.6 2020-07-08 17:59:31 +00:00			`user, err := dataprovider.GetUserByID(userID)`
Add API endpoint to set current quota Fixes #130 2020-06-20 10:38:04 +00:00			`if err != nil {`
			`sendAPIResponse(w, r, err, "", getRespStatus(err))`
first version 2019-07-20 10:26:52 +00:00			`return`
			`}`
fix a potential race condition for pre-login and ext auth hooks doing something like this: err = provider.updateUser(u) ... return provider.userExists(username) could be racy if another update happen before provider.userExists(username) also pass a pointer to updateUser so if the user is modified inside "validateUser" we can just return the modified user without do a new query 2021-01-05 08:50:22 +00:00			`err = dataprovider.DeleteUser(&user)`
first version 2019-07-20 10:26:52 +00:00			`if err != nil {`
			`sendAPIResponse(w, r, err, "", http.StatusInternalServerError)`
			`} else {`
			`sendAPIResponse(w, r, err, "User deleted", http.StatusOK)`
REST API/Web admin: add a parameter to disconnect a user after an update This way you can force the user to login again and so to use the updated configuration. A deleted user will be automatically disconnected. Fixes #163 Improved some docs too. 2020-09-01 14:10:26 +00:00			`disconnectUser(user.Username)`
			`}`
			`}`

			`func disconnectUser(username string) {`
			`for _, stat := range common.Connections.GetStats() {`
			`if stat.Username == username {`
			`common.Connections.Close(stat.ConnectionID)`
			`}`
first version 2019-07-20 10:26:52 +00:00			`}`
			`}`
add Azure Blob support 2020-10-25 07:18:48 +00:00
add Data At Rest Encryption support 2020-12-05 12:48:13 +00:00			`func updateEncryptedSecrets(user *dataprovider.User, currentS3AccessSecret, currentAzAccountKey,`
add sftpfs storage backend Fixes #224 2020-12-12 09:31:09 +00:00			`currentGCSCredentials, currentCryptoPassphrase, currentSFTPPassword, currentSFTPKey *kms.Secret) {`
add a dedicated struct to store encrypted credentials also gcs credentials are now encrypted, both on disk and inside the provider. Data provider is automatically migrated and load data will accept old format too but you should upgrade to the new format to avoid future issues 2020-11-22 20:53:04 +00:00			`// we use the new access secret if plain or empty, otherwise the old value`
add sftpfs storage backend Fixes #224 2020-12-12 09:31:09 +00:00			`switch user.FsConfig.Provider {`
			`case dataprovider.S3FilesystemProvider:`
			`if user.FsConfig.S3Config.AccessSecret.IsNotPlainAndNotEmpty() {`
add Azure Blob support 2020-10-25 07:18:48 +00:00			`user.FsConfig.S3Config.AccessSecret = currentS3AccessSecret`
			`}`
add sftpfs storage backend Fixes #224 2020-12-12 09:31:09 +00:00			`case dataprovider.AzureBlobFilesystemProvider:`
			`if user.FsConfig.AzBlobConfig.AccountKey.IsNotPlainAndNotEmpty() {`
add Azure Blob support 2020-10-25 07:18:48 +00:00			`user.FsConfig.AzBlobConfig.AccountKey = currentAzAccountKey`
			`}`
add sftpfs storage backend Fixes #224 2020-12-12 09:31:09 +00:00			`case dataprovider.GCSFilesystemProvider:`
			`if user.FsConfig.GCSConfig.Credentials.IsNotPlainAndNotEmpty() {`
add a dedicated struct to store encrypted credentials also gcs credentials are now encrypted, both on disk and inside the provider. Data provider is automatically migrated and load data will accept old format too but you should upgrade to the new format to avoid future issues 2020-11-22 20:53:04 +00:00			`user.FsConfig.GCSConfig.Credentials = currentGCSCredentials`
			`}`
add sftpfs storage backend Fixes #224 2020-12-12 09:31:09 +00:00			`case dataprovider.CryptedFilesystemProvider:`
			`if user.FsConfig.CryptConfig.Passphrase.IsNotPlainAndNotEmpty() {`
add Data At Rest Encryption support 2020-12-05 12:48:13 +00:00			`user.FsConfig.CryptConfig.Passphrase = currentCryptoPassphrase`
			`}`
add sftpfs storage backend Fixes #224 2020-12-12 09:31:09 +00:00			`case dataprovider.SFTPFilesystemProvider:`
			`if user.FsConfig.SFTPConfig.Password.IsNotPlainAndNotEmpty() {`
			`user.FsConfig.SFTPConfig.Password = currentSFTPPassword`
			`}`
			`if user.FsConfig.SFTPConfig.PrivateKey.IsNotPlainAndNotEmpty() {`
			`user.FsConfig.SFTPConfig.PrivateKey = currentSFTPKey`
			`}`
add Data At Rest Encryption support 2020-12-05 12:48:13 +00:00			`}`
add Azure Blob support 2020-10-25 07:18:48 +00:00			`}`