beenull/sftpgo-mirror
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2024-11-22 07:30:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
1579 commits 8 branches 49 tags 49 MiB
Commit graph

226 commits

Author SHA1 Message Date
Nicola Murino
b5894b257f
try to better highlight donations and sponsorships options ... 
... and to better explain why they are required.

Please don't say "someone else will help the project, I'll just use it"

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-07-11 16:14:44 +02:00
Nicola Murino
1b8f94c08f
add event manager 
auto backup removed from setting. You can now schedule backups with
the event manager

Fixes #762

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-07-11 08:17:36 +02:00
Nicola Murino
9a6b1a1315
Fix issues found in PR #887 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-06-25 10:42:17 +02:00
Andre Mainka
90009a649d
Allow OAuth Scope to be configured (#887) 
Signed-off-by: BobSilent <andre_1@gmx.net>
 2022-06-25 10:40:39 +02:00
Nicola Murino
b774289c6d
change default value for naming_rules to 1 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-06-03 16:09:02 +02:00
Nicola Murino
ecf715880f
update docs 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-06-03 14:36:38 +02:00
Nicola Murino
b2e28fe3a2
groups: apply placeholders to the fs config of virtual folders 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-06-02 09:45:01 +02:00
Nicola Murino
f6b11c2d01
httpd/webdav: allow to configure trusted proxy header and depth 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-28 19:47:23 +02:00
Nicola Murino
32da923dfe
httpd: add a setting to customize tokens validation 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-28 13:28:50 +02:00
Nicola Murino
7c724e18fe
add support for ACME compliant certificate authorities 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-27 07:39:55 +02:00
Nicola Murino
90c21458b8
OIDC: add support for implicit roles 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-22 14:38:25 +02:00
Nicola Murino
1a33b5bb53
allow different TLS certificates for each binding 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-21 16:34:47 +02:00
Nicola Murino
0ecaa862bd
web UIs: allow to replace the default CSS 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-21 11:05:58 +02:00
Nicola Murino
751946f47a
allow to customize timeout and env vars for program based hooks 
Fixes #847

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-20 19:30:54 +02:00
Nicola Murino
796ea1dde9
allow to store temporary sessions within the data provider 
so we can persist password reset codes, OIDC auth sessions and tokens.
These features will also work in multi-node setups without sicky
sessions now

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-19 19:49:51 +02:00
Nicola Murino
c9bd08cf9c
UI branding: use the short name on the login pages 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-15 07:30:36 +02:00
Nicola Murino
5d7f6960f3
web UIs: add branding support 
Fixes #829

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-13 19:40:52 +02:00
Nicola Murino
4995cf1b02
defender: allow to load blocklist/safelist also from config/env vars 
Fixes #831

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-13 14:46:07 +02:00
Dylan Legendre
4b099640de
Updating typos in openapi/swagger documentation as well as various markdown documentation files (#816) 
Signed-off-by: Dylan Legendre <dylanlegendre09@gmail.com>
 2022-05-05 18:26:22 +02:00
Nicola Murino
14fb6c4038
always check recently updated users 
also fix the query to get users for quota check for sql based providers

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-30 11:59:36 +02:00
Nicola Murino
ecd488a840
data provider: remove prefer_database_credentials 
Google Cloud Storage credentials are now always stored within the data
provider.

Added a migration to read credentials from disk and store them inside the
data provider.

After v2.3 we can also remove credentials_path

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-28 12:55:01 +02:00
zemsten
857b6cc10a
Update full-configuration.md (#799) 
NGINX spelling

Signed-off-by: Samuel Zarn <samz@localhost.localdomain>
 2022-04-22 09:22:36 +02:00
Nicola Murino
cacfffc5bf
OIDC: add support for custom fields 
These fields can be used in the pre-login hook to implement custom
logics

Fixes #787

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-12 19:31:25 +02:00
Nicola Murino
f9d8b83c2a
sshd: disable by default ssh-rsa host key algo 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-04 18:52:19 +02:00
Nicola Murino
254b2ae87f
add support for AWS container 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-03 08:52:36 +02:00
Nicola Murino
5a40f998ae
check and update the password hashing algorithm on user login 
also add ldap md5 variant as per-user request

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-02 22:20:21 +02:00
Nicola Murino
55f8171dd1
sshd: add support for host key certificates 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-01 08:03:56 +02:00
Nicola Murino
a7b159aebb
ssh user certs: add a revoked list 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-31 21:49:06 +02:00
Nicola Murino
5cccb872bb
add support to redirect HTTP to HTTPS 
Fixes #777

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-26 10:00:02 +01:00
Nicola Murino
a31a9dc32c
update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-21 17:52:18 +01:00
Pr0pHesyer
fa43791ea9 Optimized typography for better readability 
Signed-off-by: Pr0pHesyer <proskire@protonmail.com>
 2022-03-21 15:05:43 +01:00
Nicola Murino
93b9c1617e
web UI: allow to load custom css 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-19 21:44:27 +01:00
Nicola Murino
4c710d731f
update to Go 1.18 
temporarily disabled docker image for ppcle64 as alpine image
is not yet available

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-18 21:52:00 +01:00
Nicola Murino
d9f30e7ac5
add a global whitelist 
if defined only the listed IPs/networks can access the configured
services, all other client connections will be dropped before they
even try to authenticate

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-17 22:10:52 +01:00
Nicola Murino
7e7f662a23
ensure that defaults defined in code match the default config file 
Fixes #754

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-14 10:42:14 +01:00
Nicola Murino
0bec1c6012
change the default value for prefer_database_credentials to true ... 
... and deprecate this setting.

In the future we'll remove prefer_database_credentials and
credentials_path and we will not allow the credentials to be saved on
the filesystem

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-13 14:29:11 +01:00
Nicola Murino
5582f5c811
data provider: add automatic backups 
Automatic backup are enabled by default, a new backup will be saved
each day at midnight.

The backups_path setting was moved from the httpd section to the
data_provider one, please adjust your configuration file and or your
env vars

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-13 13:45:07 +01:00
Nicola Murino
dcc3292dbc
web setup: add an optional installation code 
The purpose of this code is to prevent anyone who can access to
the initial setup screen from creating an admin user

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-27 13:08:47 +01:00
Nicola Murino
7fc5cb80d6
deb/rpm packages: attempt to set the cap_net_bind_service capability 
so the service can bind to privileged ports without running as root user

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-26 10:10:51 +01:00
Nicola Murino
c6b8644828
OIDC: execute pre-login hook after IDP authentication 
so the SFTPGo users can be auto-created using the hook

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-19 10:53:35 +01:00
Nicola Murino
f1a255aa6c
httpd: allow to restrict allowed hosts ... 
... and to add security headers to the responses

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-17 18:22:27 +01:00
Nicola Murino
1fccd05e9e
allow to configure the minimum version of TLS to be enabled 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-13 15:56:07 +01:00
Nicola Murino
66945c0a02
Web UIs: add OpenID Connect support 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-13 14:30:20 +01:00
Nicola Murino
02db00d008
dataprovider: add naming rules 
naming rules allow to support case insensitive usernames, trim trailing
and leading white spaces, and accept any valid UTF-8 characters in
usernames.

If you were enabling `skip_natural_keys_validation` now you need to
set `naming_rules` to `1`

Fixes #687

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-31 18:01:37 +01:00
Nicola Murino
fb2d59ec92
data provider: add config options for certs validation/authentication 
Fixes #682

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-30 18:04:03 +01:00
Nicola Murino
1df1225eed
add support for data transfer bandwidth limits 
with total limit or separate settings for uploads and downloads and
overrides based on the client's IP address.

Limits can be reset using the REST API

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-30 11:42:36 +01:00
Nicola Murino
ec1d20f46f
sshd: improve docs about supported ciphers, KEX and MACs 
also added a check to ensure that the configured values are valid

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-06 18:09:49 +01:00
Nicola Murino
222db53410
notifiers plugin: replace params with a struct 
Fixes #658

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-02 15:16:35 +01:00
Nicola Murino
7d8823307f
defender: add provider driver 
Fixes #616
 2021-12-25 12:08:07 +01:00
Nicola Murino
a587228cf0
add support for metadata plugins 2021-12-16 18:18:36 +01:00
Nicola Murino
bedc8e288b
web client: add support for integrating external viewers/editors 2021-12-03 18:33:08 +01:00
Nicola Murino
0f8170c10f
improve some docs and disable telemetry server by default 2021-11-29 17:58:10 +01:00
Nicola Murino
4652f9ede8
FTPD: allow to set different passive IPs based on the client's IP address 2021-11-25 12:45:09 +01:00
Nicola Murino
3d6b09e949
REST API: expose OpenAPI schema and render it using Swagger UI 
Fixes #609
 2021-11-21 09:32:51 +01:00
Nicola Murino
0833b4698e
httpd service: add CORS support 2021-11-13 23:14:50 +01:00
Nicola Murino
094ee1522e
logger: add a flag to use UTC time for logging 2021-11-06 15:18:16 +01:00
Nicola Murino
570964deb3
add post-disconnect hook 
Fixes #587
 2021-10-29 19:55:18 +02:00
Nicola Murino
4aa9686e3b
refactor custom actions 
SFTPGo is now fully auditable, all fs and provider events that change
something are notified and can be collected using hooks/plugins.

There are some backward incompatible changes for command hooks
 2021-10-10 13:08:05 +02:00
Nicola Murino
ea01c3a125
rate limiting: allow to exclude IP addresses/ranges 
Fixes #563
 2021-10-03 20:50:05 +02:00
Nicola Murino
1b4a1fbbe5
add data retention check hook 2021-10-03 15:17:49 +02:00
Nicola Murino
22d28a37b6
cmd: improve completion sub-commands 2021-10-03 08:14:57 +02:00
Nicola Murino
cc134cad9a
data retention: allow to notify results via e-mail 2021-10-02 22:25:41 +02:00
Nicola Murino
ba1febba73
rework user and admin profiles 
users and admins can now also update their email and description
 2021-09-29 18:46:15 +02:00
Nicola Murino
da0ccc6426
add SMTP support 
it will be used in future update to add email sending capabilities
 2021-09-26 20:25:37 +02:00
Nicola Murino
101c2962ab
web client UI: add a permission to disable password change 
Fixes #528
 2021-09-05 18:49:13 +02:00
Nicola Murino
59140a6d51
add additional data to MFA secrets and fix pointers management 2021-09-05 14:10:12 +02:00
Nicola Murino
8a4c21b64a
add builtin two-factor auth support 
The builtin two-factor authentication is based on time-based one time
passwords (RFC 6238) which works with Authy, Google Authenticator and
other compatible apps.
 2021-09-04 12:11:04 +02:00
Nicola Murino
b903a6e46f
data provider: remove default admin 
you need to load initial data or set "create_default_admin" to true
and the appropriate env vars if you don't want to use the web admin
setup screen to create the default admin
 2021-08-20 10:37:51 +02:00
Nicola Murino
bcf088f586
data provider: update internal caches if the data provider is shared 2021-08-20 09:35:06 +02:00
Nicola Murino
0a558203da
improve proxy documentation 
Fixes #507
 2021-08-18 15:27:07 +02:00
Nicola Murino
a20373b613
add support for auth plugins 2021-08-08 17:09:48 +02:00
Nicola Murino
ced2e16f41
add support for password validation rules 
Fixes #494
 2021-08-06 18:56:07 +02:00
Nicola Murino
a3c087456b
ftpd: add some security checks 2021-08-05 18:38:15 +02:00
mmcgeefeedo
0046c9960a
add support to override default admin credentials via env vars 2021-07-31 10:39:53 +02:00
Nicola Murino
a26962f367
add dot and dot dot directories to sftp/ftp file listing 2021-07-31 09:42:23 +02:00
Nicola Murino
f778e47d22
sftpd: minor improvements and docs for the prefix middleware 2021-07-29 20:12:23 +02:00
Nicola Murino
90b324d707
Add a link on the login pages to switch between admin and web client login 
The links are hidden if only the web admin or only thw web client is
enabled and can also be controlled using the "hide_login_url" setting

Fixes #485
 2021-07-27 18:43:00 +02:00
Nicola Murino
ae8ccadad2
users API: add API to create, delete, rename files and directories 2021-07-23 10:19:27 +02:00
Nicola Murino
5967aa1aa5
FTP: enable ftpserverlib logging and make debug mode configurable 2021-07-20 17:22:08 +02:00
Nicola Murino
c900cde8e4
notifiers plugin: add settings to retry unhandled events 2021-07-20 12:51:21 +02:00
Nicola Murino
5a568b4077
KMS: allow to provide the master encryption key as string 2021-07-17 15:34:48 +02:00
Nicola Murino
030507a2ce
add some docs for the plugin system 2021-07-17 14:14:42 +02:00
Nicola Murino
6d313f6d8f
expose KMS as plugin 2021-07-16 18:22:42 +02:00
Nicola Murino
bd5191dfc5
add experimental plugin system 2021-07-11 15:26:51 +02:00
Nicola Murino
ff19879ffd
allow to use a persistent signing key for JWT and CSRF tokens 
Fixes #466
 2021-07-01 20:17:40 +02:00
Nicola Murino
3bb0ca1d2b
config: remove deprecated configuration keys 2021-06-19 09:47:06 +02:00
Nicola Murino
423d8306be
webclient: allow to download multiple files as zip 2021-05-30 23:07:46 +02:00
Nicola Murino
3b46e6a6fb
add support for a global temp path 
Fixes #436
 2021-05-27 15:38:27 +02:00
Nicola Murino
600268ebb8
httpclient: allow to set custom headers 2021-05-25 08:36:01 +02:00
Nicola Murino
8ecf64f481
httpclient: accepts timeouts as float 
Fixes #428
 2021-05-16 12:50:06 +02:00
Nicola Murino
f2b93c0402
add a setup screen to create the first admin user 
If you prefer to auto-create the first admin you can enable the
"create_default_admin" configuration key and SFTPGo will work as before.

You can also create the first admin by loading initial data: now you can
set both username and password, before you could only change the password
 2021-05-14 19:21:15 +02:00
Nicola Murino
fa45c9c138
allow to execute actions for file operations and SSH commands synchronously 
The actions to run synchronously can be configured via the `execute_sync`
configuration key.

Executing an action synchronously means that SFTPGo will not return a result
code to the client until your hook have completed its execution.

Fixes #409
 2021-05-11 12:45:14 +02:00
Nicola Murino
c8f7fc9bc9
httpd/webdav: add a list of hosts allowed to send proxy headers 
X-Forwarded-For, X-Real-IP and X-Forwarded-Proto headers will be ignored
for hosts not included in this list.

This is a backward incompatible change, before the proxy headers were
always used
 2021-05-11 06:54:06 +02:00
Nicola Murino
8f6cdacd00
allow to limit the number of per-host connections 2021-05-08 19:45:21 +02:00
Nicola Murino
23d9ebfc91
add a basic front-end web interface for end-users 
Fixes #339 #321 #398
 2021-05-06 21:35:43 +02:00
Nicola Murino
32db0787bb
add an example script for scheduled quota updates 2021-04-26 21:53:09 +02:00
Nicola Murino
3941255733
docs: fix a typo 2021-04-25 09:42:19 +02:00
Nicola Murino
46998252e5
use bcrypt as default password hashing algo 
argon2id has a high memory cost and, if not properly tuned, it can lead to
resource starvation.

Advanced users can still configure and use argon2id.
Passwords stored as argon2id will continue to work
 2021-04-25 09:38:33 +02:00
Nicola Murino
92638ce93d
add support for hashing password using bcrypt 
argon2id remains the default
 2021-04-20 13:55:09 +02:00
Nicola Murino
6ef85d6026
add, optional, in memory password caching 
Verifying argon2 passwords has a high memory and computational cost,
by enabling, in memory, password caching you reduce this cost
 2021-04-20 09:39:36 +02:00