docs: minor improvements

dataprovider/dataprovider.go

@@ -801,6 +801,17 @@ func validateBaseParams(user *User) error {
 	return nil
 }
 
+func createUserPasswordHash(user *User) error {
+	if len(user.Password) > 0 && !utils.IsStringPrefixInSlice(user.Password, hashPwdPrefixes) {
+		pwd, err := argon2id.CreateHash(user.Password, argon2id.DefaultParams)
+		if err != nil {
+			return err
+		}
+		user.Password = pwd
+	}
+	return nil
+}
+
 func validateUser(user *User) error {
 	buildUserHomeDir(user)
 	if err := validateBaseParams(user); err != nil {
@@ -818,12 +829,8 @@ func validateUser(user *User) error {
 	if user.Status < 0 || user.Status > 1 {
 		return &ValidationError{err: fmt.Sprintf("invalid user status: %v", user.Status)}
 	}
-	if len(user.Password) > 0 && !utils.IsStringPrefixInSlice(user.Password, hashPwdPrefixes) {
-		pwd, err := argon2id.CreateHash(user.Password, argon2id.DefaultParams)
-		if err != nil {
-			return err
-		}
-		user.Password = pwd
+	if err := createUserPasswordHash(user); err != nil {
+		return err
 	}
 	if err := validatePublicKeys(user); err != nil {
 		return err

docs/account.md

@@ -42,7 +42,7 @@ For each account, the following properties can be configured:
 - `s3_bucket`, required for S3 filesystem
 - `s3_region`, required for S3 filesystem. Must match the region for your bucket. You can find here the list of available [AWS regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). For example if your bucket is at `Frankfurt` you have to set the region to `eu-central-1`
 - `s3_access_key`
-- `s3_access_secret`, if provided it is stored encrypted (AES-256-GCM)
+- `s3_access_secret`, if provided it is stored encrypted (AES-256-GCM). You can leave access key and access secret blank to use credentials from environment
 - `s3_endpoint`, specifies a S3 endpoint (server) different from AWS. It is not required if you are connecting to AWS
 - `s3_storage_class`, leave blank to use the default or specify a valid AWS [storage class](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
 - `s3_key_prefix`, allows to restrict access to the virtual folder identified by this prefix and its contents

docs/google-cloud-storage.md

@@ -1,6 +1,6 @@
 # Google Cloud Storage backend
 
-To connect SFTPGo to Google Cloud Storage, you can use use the Application Default Credentials (ADC) strategy to try to find your application's credentials automatically or you can explicitly provide a JSON credentials file that you can obtain from the Google Cloud Console. Take a look [here](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application) for details.
+To connect SFTPGo to Google Cloud Storage you can use use the Application Default Credentials (ADC) strategy to try to find your application's credentials automatically or you can explicitly provide a JSON credentials file that you can obtain from the Google Cloud Console. Take a look [here](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application) for details.
 
 Specifying a different `key_prefix`, you can assign different virtual folders of the same bucket to different users. This is similar to a chroot directory for local filesystem. Each SFTP/SCP user can only access the assigned virtual folder and its contents. The virtual folder identified by `key_prefix` does not need to be pre-created.
 

docs/performance.md

@@ -128,8 +128,8 @@ Stream|Baseline MB/s|Optimized MB/s|Balanced MB/s|OpenSSH MB/s|
 8|897|903|823|887|
 
 ### Optimizations applied
-- AES-CTR optimization of Golang compiler, the patch hasn't been merged yet, you can apply it yourself. [Patch](https://go-review.googlesource.com/c/go/+/51670)
-- Use [minio/sha256-simd](https://github.com/minio/sha256-simd) to accelerate MAC (Message Authentication Code) computation. In this way the tested hardware will use `Intel SHA Extensions` for SHA256 computation. This will give a significant performance boost compared to `AVX2` extensions used with the Golang's SHA256 implementation.
+- AES-CTR optimization of Go compiler for x86_64, there is a [patch](https://go-review.googlesource.com/c/go/+/51670) that hasn't been merged yet, you can apply it yourself.
+- Use [minio/sha256-simd](https://github.com/minio/sha256-simd) to accelerate MAC (Message Authentication Code) computation. In this way the tested hardware will use `Intel SHA Extensions` for SHA256 computation. This will give a significant performance boost compared to `AVX2` extensions used with the Go's SHA256 implementation. This patch is now included in SFTPGo master branch.
 ```
 diff --git a/go.mod b/go.mod
 index f1b2caa..109e064 100644
@@ -142,7 +142,7 @@ index f1b2caa..109e064 100644
 +
 +replace golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20200303175438-17ef3d252b1c
 ```
-- A new allocator for `pkg/sftp` which greatly improve parallel loads. We are discussing about this patch with `pkg/sftp` maintainers [here](https://github.com/pkg/sftp/issues/334).
+- A new allocator for `pkg/sftp` which greatly improve parallel loads. We are discussing about this patch with `pkg/sftp` maintainers [here](https://github.com/pkg/sftp/pull/344).
 ```
 diff --git a/go.mod b/go.mod
 index 109e064..4d67a47 100644
@@ -152,7 +152,7 @@ index 109e064..4d67a47 100644
  replace github.com/eikenb/pipeat v0.0.0-20190316224601-fb1f3a9aa29f => github.com/drakkan/pipeat v0.0.0-20200123131427-11c048cfc0ec
 
  replace golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20200303175438-17ef3d252b1c
-+replace github.com/pkg/sftp => github.com/drakkan/sftp v0.0.0-20200227085621-6b4abaad1b9a
++replace github.com/pkg/sftp => github.com/drakkan/sftp v0.0.0-20200319122022-2fc68482d27f
 ```
 
 ### HAProxy configuration

docs/profiling.md

@@ -16,7 +16,7 @@ The following profiles are available, you can obtain them via HTTP GET requests:
 - `threadcreate`, stack traces that led to the creation of new OS threads
 - `trace`, a trace of execution of the current program. You can specify the duration in the `seconds` GET parameter. After you get the trace file, use the `go tool trace` command to investigate the trace
 
-Let's see some examples:
+For example you can:
 
 - download a 30 seconds CPU profile from the URL `/debug/pprof/profile?seconds=30`
 - download a sampling of memory allocations of live objects from the URL `/debug/pprof/heap?gc=1`