Commit graph

327 commits

Author SHA1 Message Date
Nicola Murino
cacfffc5bf
OIDC: add support for custom fields
These fields can be used in the pre-login hook to implement custom
logics

Fixes #787

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-12 19:31:25 +02:00
Nicola Murino
a3f50029ba
update moment.js to v2.29.2
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-09 10:05:15 +02:00
Nicola Murino
f9d8b83c2a
sshd: disable by default ssh-rsa host key algo
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-04 18:52:19 +02:00
Nicola Murino
254b2ae87f
add support for AWS container
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-03 08:52:36 +02:00
Nicola Murino
77f3400161
allow to mount virtual folders on root (/) path
Fixes #783

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-02 18:32:46 +02:00
Nicola Murino
e079444e8a
update deps
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-31 09:54:59 +02:00
Nicola Murino
3cb23ac956
be sure to close an SSH connection if all channels are idle
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-30 10:59:25 +02:00
Nicola Murino
8fb256ac91
add link to an external Traefik tutorial
update deps

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-29 18:13:43 +02:00
Nicola Murino
ca32cd5e0e
allow placeholders for add/update users and folders
remove session token for S3, a temporary token is useless for our usage

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-27 16:32:21 +02:00
Nicola Murino
e0defafa26
azblob: fix the error returned in fs.Stat
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-26 11:47:12 +01:00
Nicola Murino
d955ddcef9
check that the jwt token is used by the same IP for which it
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-24 22:03:17 +01:00
Nicola Murino
4bbb195711
plugin: reload IP filter plugin on demand
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-24 10:21:13 +01:00
Nicola Murino
9bfdc10172
add support for ipfilter plugins
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-23 10:58:01 +01:00
Nicola Murino
b062b38ef4
docker: add rsync to "full" images
there are better alternatives and rsync will only work on local
filesystem, but it can still be useful to some people

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-22 17:29:14 +01:00
Nicola Murino
a31a9dc32c
update deps
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-21 17:52:18 +01:00
Nicola Murino
93b9c1617e
web UI: allow to load custom css
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-19 21:44:27 +01:00
Nicola Murino
4c710d731f
update to Go 1.18
temporarily disabled docker image for ppcle64 as alpine image
is not yet available

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-18 21:52:00 +01:00
Nicola Murino
03da7f696c
SFTPGo is now listed on Azure Marketplace
Fixes #684

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-17 14:59:02 +01:00
Nicola Murino
883a3dceaf
db defender: fix getHost query and add more test cases
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-16 18:22:08 +01:00
Nicola Murino
8502d7b051
improve transfer quota limits test case
ReadAll can read more bytes than the effective size, for this test
io.Copy is better

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-15 22:13:07 +01:00
Nicola Murino
6f8b71b89f
s3fs: migrate to AWS SDK V2
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-15 19:16:50 +01:00
Nicola Murino
5582f5c811
data provider: add automatic backups
Automatic backup are enabled by default, a new backup will be saved
each day at midnight.

The backups_path setting was moved from the httpd section to the
data_provider one, please adjust your configuration file and or your
env vars

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-13 13:45:07 +01:00
Nicola Murino
48ed3dab1f
update docs and deps
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-11 17:11:49 +01:00
Nicola Murino
d8de0faef5
allow to require two-factor auth for users
Fixes #721

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-06 16:57:13 +01:00
Nicola Murino
df828b6021
gcsfs: use pagers when listing bucket objects
Hopefully fixes #746

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-04 18:46:17 +01:00
Nicola Murino
056daaddfc
always execute fs checks for users not logged in after an update
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-03 19:31:54 +01:00
Nicola Murino
5c2fd8d52a
add support for a start directory
Fixes #705

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-03 12:44:56 +01:00
Nicola Murino
4519bffa39
S3: add support for assume role
Fixes #736

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-28 20:19:13 +01:00
Nicola Murino
1ea7429921
initprovider: add load data options
Fixes #741

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-28 17:05:18 +01:00
dependabot[bot]
816c174036 Bump github.com/mattn/go-sqlite3 from 1.14.11 to 1.14.12
Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.11 to 1.14.12.
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.11...v1.14.12)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-sqlite3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-28 09:26:17 +01:00
Nicola Murino
b64d3c2fbf
simplify rename permission
before this patch we allow a rename in the following cases:

- the user has rename permission on both source and target path
- the user has delete permission on source path and create/upload on
  target path

we now check only the rename/rename_files/rename_dirs permissions.
This is what SFTPGo users expect.

This is a backward incompatible change and it will not backported to
the 2.2.x branch

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-26 12:19:09 +01:00
Nicola Murino
e18ad55067
S3: add support for session tokens
Fixes #736

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-25 15:30:04 +01:00
Nicola Murino
4e9dae6fa4
allow to cache external authentications
Fixes #733

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-25 11:51:10 +01:00
Nicola Murino
f5a0559be6
don't execute fs check if the user has recent activity
The check could be expensive with some backends and is generally
only required the first time that a user logs in

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-24 16:11:35 +01:00
Nicola Murino
8bbf54d2b6
azure blobs: add support for multipart downloads
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-21 19:01:31 +01:00
Nicola Murino
d31cccf85f
azblob: switch to the new azure-go-sdk
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-20 14:43:24 +01:00
Nicola Murino
c19b03a3f7
shares: add permission to deny sharing without password
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-19 13:31:58 +01:00
Nicola Murino
c6b8644828
OIDC: execute pre-login hook after IDP authentication
so the SFTPGo users can be auto-created using the hook

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-19 10:53:35 +01:00
Nicola Murino
f1a255aa6c
httpd: allow to restrict allowed hosts ...
... and to add security headers to the responses

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-17 18:22:27 +01:00
Nicola Murino
900e519ff1
SFTP: respect file open flags also for file creation
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-16 16:05:56 +01:00
Nicola Murino
f1832d4478
shares: add an upload form for shares with write scope
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-15 19:19:25 +01:00
Nicola Murino
66945c0a02
Web UIs: add OpenID Connect support
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-13 14:30:20 +01:00
Nicola Murino
fa0ca8fe89
quota summary and docs improvements
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-08 12:43:08 +01:00
Nicola Murino
9382db751c
make HTTP shares browsable
if you share a single folder with read scope, you can now browse the share
and download single files

Fixes #674
See #677

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-06 16:46:43 +01:00
Nicola Murino
7e2a8e70c9
update zerolog deps
The updated version avoid to always create a socket connected to the
journald on application start.

Now the socket is only created if we log to the journald

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-03 17:55:36 +01:00
Nicola Murino
cd35636939
S3: add a timeout for single part uploads
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-01 12:15:56 +01:00
Nicola Murino
1df1225eed
add support for data transfer bandwidth limits
with total limit or separate settings for uploads and downloads and
overrides based on the client's IP address.

Limits can be reset using the REST API

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-30 11:42:36 +01:00
Nicola Murino
d2a4178846
check quota usage between ongoing transfers
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-20 18:19:20 +01:00
Nicola Murino
c3831de94e
add hide policy to pattern filters
Disallowed files/dirs can be completly hidden. This may cause performance
issues for large directories

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-15 17:16:49 +01:00
Nicola Murino
64d1ea2d89
update deps
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-13 18:48:08 +01:00
Nicola Murino
51c15de892
web admin: simplify user page
The page to add/edit users should be less less intimidating now.
All the advanced settings are hidden by default. Permissions are set
to any, so if you also have a users base dir set, to add a user
you have to simply set username, password or public key and save

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-10 19:44:16 +01:00
Nicola Murino
b8efb1b8ec
squash database migrations.
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-09 12:25:53 +01:00
Nicola Murino
ec1d20f46f
sshd: improve docs about supported ciphers, KEX and MACs
also added a check to ensure that the configured values are valid

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-06 18:09:49 +01:00
Nicola Murino
1f619d5ea6
make the sdk a separate module
The SFTPGo SDK now is at the following URL

https://github.com/sftpgo/sdk

Fixes #657

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-06 11:54:43 +01:00
Nicola Murino
ad483b7581
httpd: switch back to chi Recoverer now that the required patch is merged
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-04 09:48:16 +01:00
Nicola Murino
00ec426a80
notifier plugins: add provider, bucket and endpoint to nottifier params
Fixes #656

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-02 19:22:44 +01:00
Nicola Murino
222db53410
notifiers plugin: replace params with a struct
Fixes #658

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-02 15:16:35 +01:00
Nicola Murino
e3f3997c5e
set version to 2.2.1
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2021-12-31 13:42:03 +01:00
Nicola Murino
f78090e47f
update deps
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2021-12-29 18:11:00 +01:00
Nicola Murino
4d7a4aa99a
check rename source and target 2021-12-28 12:03:52 +01:00
Nicola Murino
7d8823307f
defender: add provider driver
Fixes #616
2021-12-25 12:08:07 +01:00
Nicola Murino
8174349032
console logger: enable colors on Windows too ...
... now that zerolog supports this feature
2021-12-20 18:47:18 +01:00
Nicola Murino
ced73ed04e
REST API: add an option to create missing dirs 2021-12-19 12:14:53 +01:00
Nicola Murino
a587228cf0
add support for metadata plugins 2021-12-16 18:18:36 +01:00
Nicola Murino
0bb141960f
add support for different bandwidth limits based on client IP 2021-12-10 18:43:26 +01:00
Nicola Murino
c153330ab8
web client: use fetch to upload files
also add REST API to upload a single file as POST body
2021-12-08 19:25:22 +01:00
Nicola Murino
5b4ef0ee3b
windows installer: rename the sample configuration with the default values
The previous name sftpgo.json.default could create confusion for Windows
users
2021-12-05 07:58:53 +01:00
Nicola Murino
30d98326ca
docker: update alpine image to 3.15 2021-12-03 19:33:37 +01:00
Nicola Murino
4df0ae82ac
web client: allow downloading of single shared files without compression
Fixes #629
2021-11-30 20:32:10 +01:00
Nicola Murino
c330ac8418
CI: add windows arm64 2021-11-28 18:56:30 +01:00
Nicola Murino
015aa36c56
loaddata: improve shares restore
usage and timestamps are now preserved
2021-11-27 11:12:51 +01:00
Nicola Murino
4652f9ede8
FTPD: allow to set different passive IPs based on the client's IP address 2021-11-25 12:45:09 +01:00
Nicola Murino
fb8f013ea7
web: update permissions on cookie refresh 2021-11-20 10:48:39 +01:00
Nicola Murino
52f3a98cc8
preserve GCS credentials on update if not set
credentials were not preserved if "prefer_database_credentials" was
set to true

Fixes #613
2021-11-15 19:12:58 +01:00
Nicola Murino
0833b4698e
httpd service: add CORS support 2021-11-13 23:14:50 +01:00
Nicola Murino
78233ff9a3
web UI/REST API: add password reset
In order to reset the password from the admin/client user interface,
an SMTP configuration must be added and the user/admin must have an email
address.
You can prohibit the reset functionality on a per-user basis by using a
specific restriction.

Fixes #597
2021-11-13 13:25:43 +01:00
Nicola Murino
b331dc5686
web client: show share last use and used tokens 2021-11-07 09:53:35 +01:00
Nicola Murino
3bc58f5988
WebClient/REST API: add sharing support 2021-11-06 14:13:20 +01:00
Nicola Murino
570964deb3
add post-disconnect hook
Fixes #587
2021-10-29 19:55:18 +02:00
Nicola Murino
31984ffec1
update logo and add it to windows exe and installer
thanks to @asheroto for donating the new logo
2021-10-23 19:27:39 +02:00
Nicola Murino
74fc3aaf37
REST API: add events search 2021-10-23 15:47:21 +02:00
Nicola Murino
97d0a48557
plugins: improve notifier and searcher 2021-10-20 19:39:49 +02:00
Nicola Murino
f131ef130b
add a link to the new events store plugin 2021-10-16 17:08:34 +02:00
Nicola Murino
4a6a4ce28d
sftpfs: map path resolution error to permission denied
we do the same for os fs so that the problematic directory is excluded
from the webdav listing instead of failing the whole directory listing
2021-10-16 10:32:18 +02:00
Nicola Murino
a80ac80fcd
pkgs: update nfpm to 2.7 and use xz as compression for both deb and rpm 2021-10-13 09:15:04 +02:00
Nicola Murino
64e87d64bd
web client UI: allow to edit plain text files
Fixes #567
2021-10-09 14:17:28 +02:00
Nicola Murino
6eb154bb74
webdav: add support for lock discovery 2021-10-06 09:11:56 +02:00
Nicola Murino
1b4a1fbbe5
add data retention check hook 2021-10-03 15:17:49 +02:00
Nicola Murino
cc134cad9a
data retention: allow to notify results via e-mail 2021-10-02 22:25:41 +02:00
Nicola Murino
1459150024
WebDAV: improve logs 2021-10-01 20:37:23 +02:00
Nicola Murino
e6f969cb04
web UI: update js and css deps 2021-09-30 10:23:25 +02:00
Nicola Murino
ba1febba73
rework user and admin profiles
users and admins can now also update their email and description
2021-09-29 18:46:15 +02:00
Nicola Murino
4ab2e4088a
CI docker: remove armv7 support
building docker images now takes too long and often fails with random
errors. I have to restart the build several times to be able to push
the images to docker hub and gcr
2021-09-27 10:25:21 +02:00
Nicola Murino
da0ccc6426
add SMTP support
it will be used in future update to add email sending capabilities
2021-09-26 20:25:37 +02:00
Nicola Murino
da5a061b65
add basic REST APIs for data retention
Fixes #495
2021-09-25 12:20:31 +02:00
Nicola Murino
6ea38188e8
minor fixes and doc improvements 2021-09-18 10:50:17 +02:00
Nicola Murino
5c34d814d6
fix a possible nil pointer dereference
it can happen by upgrading from very old versions
2021-09-11 14:19:17 +02:00
Nicola Murino
0eca4f1866
update deps 2021-09-08 12:29:47 +02:00
Nicola Murino
374de07c7b
update deps 2021-09-04 13:30:23 +02:00
Nicola Murino
8a4c21b64a
add builtin two-factor auth support
The builtin two-factor authentication is based on time-based one time
passwords (RFC 6238) which works with Authy, Google Authenticator and
other compatible apps.
2021-09-04 12:11:04 +02:00