backport from main

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino 2022-07-24 08:56:31 +02:00
parent d34446e6e9
commit e6d434654d
No known key found for this signature in database
GPG key ID: 2F1FB59433D5A8CB
14 changed files with 67 additions and 12 deletions

View file

@ -48,6 +48,7 @@ To initialize/update the data provider from the configuration directory simply u
$ sftpgo initprovider $ sftpgo initprovider
Any defined action is ignored.
Please take a look at the usage below to customize the options.`, Please take a look at the usage below to customize the options.`,
Run: func(cmd *cobra.Command, args []string) { Run: func(cmd *cobra.Command, args []string) {
logger.DisableLogger() logger.DisableLogger()
@ -65,6 +66,10 @@ Please take a look at the usage below to customize the options.`,
os.Exit(1) os.Exit(1)
} }
providerConf := config.GetProviderConf() providerConf := config.GetProviderConf()
// ignore actions
providerConf.Actions.Hook = ""
providerConf.Actions.ExecuteFor = nil
providerConf.Actions.ExecuteOn = nil
logger.InfoToConsole("Initializing provider: %#v config file: %#v", providerConf.Driver, viper.ConfigFileUsed()) logger.InfoToConsole("Initializing provider: %#v config file: %#v", providerConf.Driver, viper.ConfigFileUsed())
err = dataprovider.InitializeDatabase(providerConf, configDir) err = dataprovider.InitializeDatabase(providerConf, configDir)
if err == nil { if err == nil {

View file

@ -262,7 +262,7 @@ func (c *RetentionCheck) cleanupFolder(folderPath string) error {
result.Elapsed = time.Since(startTime) result.Elapsed = time.Since(startTime)
result.Info = "data retention check skipped: no permissions" result.Info = "data retention check skipped: no permissions"
c.conn.Log(logger.LevelInfo, "user %#v does not have permissions to check retention on %#v, retention check skipped", c.conn.Log(logger.LevelInfo, "user %#v does not have permissions to check retention on %#v, retention check skipped",
c.conn.User, folderPath) c.conn.User.Username, folderPath)
return nil return nil
} }

View file

@ -2713,7 +2713,7 @@ func TestDelayedQuotaUpdater(t *testing.T) {
Name: "folder", Name: "folder",
MappedPath: filepath.Join(os.TempDir(), "p"), MappedPath: filepath.Join(os.TempDir(), "p"),
} }
err = dataprovider.AddFolder(&folder) err = dataprovider.AddFolder(&folder, "", "")
assert.NoError(t, err) assert.NoError(t, err)
err = dataprovider.UpdateVirtualFolderQuota(&folder, 10, 6000, false) err = dataprovider.UpdateVirtualFolderQuota(&folder, 10, 6000, false)

View file

@ -43,6 +43,7 @@ const (
const ( const (
actionObjectUser = "user" actionObjectUser = "user"
actionObjectFolder = "folder"
actionObjectGroup = "group" actionObjectGroup = "group"
actionObjectAdmin = "admin" actionObjectAdmin = "admin"
actionObjectAPIKey = "api_key" actionObjectAPIKey = "api_key"

View file

@ -250,6 +250,24 @@ type PasswordValidation struct {
Users PasswordValidationRules `json:"users" mapstructure:"users"` Users PasswordValidationRules `json:"users" mapstructure:"users"`
} }
type wrappedFolder struct {
Folder vfs.BaseVirtualFolder
}
func (w *wrappedFolder) RenderAsJSON(reload bool) ([]byte, error) {
if reload {
folder, err := provider.getFolderByName(w.Folder.Name)
if err != nil {
providerLog(logger.LevelError, "unable to reload folder before rendering as json: %v", err)
return nil, err
}
folder.PrepareForRendering()
return json.Marshal(folder)
}
w.Folder.PrepareForRendering()
return json.Marshal(w.Folder)
}
// ObjectsActions defines the action to execute on user create, update, delete for the specified objects // ObjectsActions defines the action to execute on user create, update, delete for the specified objects
type ObjectsActions struct { type ObjectsActions struct {
// Valid values are add, update, delete. Empty slice to disable // Valid values are add, update, delete. Empty slice to disable
@ -1773,15 +1791,20 @@ func GetUsersForQuotaCheck(toFetch map[string]bool) ([]User, error) {
} }
// AddFolder adds a new virtual folder. // AddFolder adds a new virtual folder.
func AddFolder(folder *vfs.BaseVirtualFolder) error { func AddFolder(folder *vfs.BaseVirtualFolder, executor, ipAddress string) error {
folder.Name = config.convertName(folder.Name) folder.Name = config.convertName(folder.Name)
return provider.addFolder(folder) err := provider.addFolder(folder)
if err == nil {
executeAction(operationAdd, executor, ipAddress, actionObjectFolder, folder.Name, &wrappedFolder{Folder: *folder})
}
return err
} }
// UpdateFolder updates the specified virtual folder // UpdateFolder updates the specified virtual folder
func UpdateFolder(folder *vfs.BaseVirtualFolder, users []string, groups []string, executor, ipAddress string) error { func UpdateFolder(folder *vfs.BaseVirtualFolder, users []string, groups []string, executor, ipAddress string) error {
err := provider.updateFolder(folder) err := provider.updateFolder(folder)
if err == nil { if err == nil {
executeAction(operationUpdate, executor, ipAddress, actionObjectFolder, folder.Name, &wrappedFolder{Folder: *folder})
usersInGroups, errGrp := provider.getUsersInGroups(groups) usersInGroups, errGrp := provider.getUsersInGroups(groups)
if errGrp == nil { if errGrp == nil {
users = append(users, usersInGroups...) users = append(users, usersInGroups...)
@ -1812,6 +1835,7 @@ func DeleteFolder(folderName, executor, ipAddress string) error {
} }
err = provider.deleteFolder(folder) err = provider.deleteFolder(folder)
if err == nil { if err == nil {
executeAction(operationDelete, executor, ipAddress, actionObjectFolder, folder.Name, &wrappedFolder{Folder: folder})
users := folder.Users users := folder.Users
usersInGroups, errGrp := provider.getUsersInGroups(folder.Groups) usersInGroups, errGrp := provider.getUsersInGroups(folder.Groups)
if errGrp == nil { if errGrp == nil {

View file

@ -2007,7 +2007,7 @@ func (p *MemoryProvider) restoreFolders(dump *BackupData) error {
} }
} else { } else {
folder.Users = nil folder.Users = nil
err = AddFolder(&folder) err = AddFolder(&folder, ActionExecutorSystem, "")
if err != nil { if err != nil {
providerLog(logger.LevelError, "error adding folder %#v: %v", folder.Name, err) providerLog(logger.LevelError, "error adding folder %#v: %v", folder.Name, err)
return err return err

View file

@ -83,6 +83,8 @@ The `actions` struct inside the `data_provider` configuration section allows you
The supported object types are: The supported object types are:
- `user` - `user`
- `folder`
- `group`
- `admin` - `admin`
- `api_key` - `api_key`

View file

@ -220,7 +220,7 @@ The configuration file contains the following sections:
- `users_base_dir`, string. Users default base directory. If no home dir is defined while adding a new user, and this value is a valid absolute path, then the user home dir will be automatically defined as the path obtained joining the base dir and the username - `users_base_dir`, string. Users default base directory. If no home dir is defined while adding a new user, and this value is a valid absolute path, then the user home dir will be automatically defined as the path obtained joining the base dir and the username
- `actions`, struct. It contains the command to execute and/or the HTTP URL to notify and the trigger conditions. See [Custom Actions](./custom-actions.md) for more details - `actions`, struct. It contains the command to execute and/or the HTTP URL to notify and the trigger conditions. See [Custom Actions](./custom-actions.md) for more details
- `execute_on`, list of strings. Valid values are `add`, `update`, `delete`. `update` action will not be fired for internal updates such as the last login or the user quota fields. - `execute_on`, list of strings. Valid values are `add`, `update`, `delete`. `update` action will not be fired for internal updates such as the last login or the user quota fields.
- `execute_for`, list of strings. Defines the provider objects that trigger the action. Valid values are `user`, `admin`, `api_key`. - `execute_for`, list of strings. Defines the provider objects that trigger the action. Valid values are `user`, `folder`, `group`, `admin`, `api_key`, `share`.
- `hook`, string. Absolute path to the command to execute or HTTP URL to notify. - `hook`, string. Absolute path to the command to execute or HTTP URL to notify.
- `external_auth_hook`, string. Absolute path to an external program or an HTTP URL to invoke for users authentication. See [External Authentication](./external-auth.md) for more details. Leave empty to disable. - `external_auth_hook`, string. Absolute path to an external program or an HTTP URL to invoke for users authentication. See [External Authentication](./external-auth.md) for more details. Leave empty to disable.
- `external_auth_scope`, integer. 0 means all supported authentication scopes (passwords, public keys and keyboard interactive). 1 means passwords only. 2 means public keys only. 4 means key keyboard interactive only. 8 means TLS certificate. The flags can be combined, for example 6 means public keys and keyboard interactive - `external_auth_scope`, integer. 0 means all supported authentication scopes (passwords, public keys and keyboard interactive). 1 means passwords only. 2 means public keys only. 4 means key keyboard interactive only. 8 means TLS certificate. The flags can be combined, for example 6 means public keys and keyboard interactive

View file

@ -42,13 +42,19 @@ func getFolders(w http.ResponseWriter, r *http.Request) {
func addFolder(w http.ResponseWriter, r *http.Request) { func addFolder(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize) r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
}
var folder vfs.BaseVirtualFolder var folder vfs.BaseVirtualFolder
err := render.DecodeJSON(r.Body, &folder) err = render.DecodeJSON(r.Body, &folder)
if err != nil { if err != nil {
sendAPIResponse(w, r, err, "", http.StatusBadRequest) sendAPIResponse(w, r, err, "", http.StatusBadRequest)
return return
} }
err = dataprovider.AddFolder(&folder) err = dataprovider.AddFolder(&folder, claims.Username, util.GetIPFromRemoteAddress(r.RemoteAddr))
if err != nil { if err != nil {
sendAPIResponse(w, r, err, "", getRespStatus(err)) sendAPIResponse(w, r, err, "", getRespStatus(err))
return return

View file

@ -251,7 +251,7 @@ func RestoreFolders(folders []vfs.BaseVirtualFolder, inputFile string, mode, sca
logger.Debug(logSender, "", "restoring existing folder %#v, dump file: %#v, error: %v", folder.Name, inputFile, err) logger.Debug(logSender, "", "restoring existing folder %#v, dump file: %#v, error: %v", folder.Name, inputFile, err)
} else { } else {
folder.Users = nil folder.Users = nil
err = dataprovider.AddFolder(&folder) err = dataprovider.AddFolder(&folder, executor, ipAddress)
logger.Debug(logSender, "", "adding new folder %#v, dump file: %#v, error: %v", folder.Name, inputFile, err) logger.Debug(logSender, "", "adding new folder %#v, dump file: %#v, error: %v", folder.Name, inputFile, err)
} }
if err != nil { if err != nil {

View file

@ -580,6 +580,11 @@ func TestInvalidToken(t *testing.T) {
assert.Equal(t, http.StatusBadRequest, rr.Code) assert.Equal(t, http.StatusBadRequest, rr.Code)
assert.Contains(t, rr.Body.String(), "invalid token claims") assert.Contains(t, rr.Body.String(), "invalid token claims")
rr = httptest.NewRecorder()
addFolder(rr, req)
assert.Equal(t, http.StatusBadRequest, rr.Code)
assert.Contains(t, rr.Body.String(), "Invalid token claims")
rr = httptest.NewRecorder() rr = httptest.NewRecorder()
updateFolder(rr, req) updateFolder(rr, req)
assert.Equal(t, http.StatusBadRequest, rr.Code) assert.Equal(t, http.StatusBadRequest, rr.Code)
@ -590,6 +595,11 @@ func TestInvalidToken(t *testing.T) {
assert.Equal(t, http.StatusBadRequest, rr.Code) assert.Equal(t, http.StatusBadRequest, rr.Code)
assert.Contains(t, rr.Body.String(), "Invalid token claims") assert.Contains(t, rr.Body.String(), "Invalid token claims")
rr = httptest.NewRecorder()
server.handleWebAddFolderPost(rr, req)
assert.Equal(t, http.StatusBadRequest, rr.Code)
assert.Contains(t, rr.Body.String(), "invalid token claims")
rr = httptest.NewRecorder() rr = httptest.NewRecorder()
server.handleWebUpdateFolderPost(rr, req) server.handleWebUpdateFolderPost(rr, req)
assert.Equal(t, http.StatusBadRequest, rr.Code) assert.Equal(t, http.StatusBadRequest, rr.Code)

View file

@ -2267,8 +2267,13 @@ func (s *httpdServer) handleWebAddFolderGet(w http.ResponseWriter, r *http.Reque
func (s *httpdServer) handleWebAddFolderPost(w http.ResponseWriter, r *http.Request) { func (s *httpdServer) handleWebAddFolderPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize) r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderBadRequestPage(w, r, errors.New("invalid token claims"))
return
}
folder := vfs.BaseVirtualFolder{} folder := vfs.BaseVirtualFolder{}
err := r.ParseMultipartForm(maxRequestSize) err = r.ParseMultipartForm(maxRequestSize)
if err != nil { if err != nil {
s.renderFolderPage(w, r, folder, folderPageModeAdd, err.Error()) s.renderFolderPage(w, r, folder, folderPageModeAdd, err.Error())
return return
@ -2291,7 +2296,7 @@ func (s *httpdServer) handleWebAddFolderPost(w http.ResponseWriter, r *http.Requ
folder.FsConfig = fsConfig folder.FsConfig = fsConfig
folder = getFolderFromTemplate(folder, folder.Name) folder = getFolderFromTemplate(folder, folder.Name)
err = dataprovider.AddFolder(&folder) err = dataprovider.AddFolder(&folder, claims.Username, ipAddr)
if err == nil { if err == nil {
http.Redirect(w, r, webFoldersPath, http.StatusSeeOther) http.Redirect(w, r, webFoldersPath, http.StatusSeeOther)
} else { } else {

View file

@ -4635,6 +4635,8 @@ components:
type: string type: string
enum: enum:
- user - user
- folder
- group
- admin - admin
- api_key - api_key
- share - share

View file

@ -1047,7 +1047,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
case "svg": case "svg":
case "ico": case "ico":
var view_url = row['url']+"&inline=1"; var view_url = row['url']+"&inline=1";
return `<a href="${view_url}" data-lightbox="${filename}" data-title="${filename}"><i class="fas fa-eye"></i></a>`; return `<a href="${view_url}" data-lightbox="image-gallery" data-title="${filename}"><i class="fas fa-eye"></i></a>`;
case "mp4": case "mp4":
case "mov": case "mov":
return `<a href="#" onclick="openVideoPlayer('${row["name"]}', '${row['url']}', 'video/mp4');"><i class="fas fa-eye"></i></a>`; return `<a href="#" onclick="openVideoPlayer('${row["name"]}', '${row['url']}', 'video/mp4');"><i class="fas fa-eye"></i></a>`;