beenull/sftpgo-mirror
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2024-11-22 15:40:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
1263 commits 8 branches 49 tags 49 MiB
Commit graph

362 commits

Author SHA1 Message Date
Dylan Legendre
4b099640de
Updating typos in openapi/swagger documentation as well as various markdown documentation files (#816) 
Signed-off-by: Dylan Legendre <dylanlegendre09@gmail.com>
 2022-05-05 18:26:22 +02:00
Nicola Murino
80da2dc722
try to automatically find shared data dirs in system-wide paths 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-05 11:27:19 +02:00
Nicola Murino
14fb6c4038
always check recently updated users 
also fix the query to get users for quota check for sql based providers

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-30 11:59:36 +02:00
Nicola Murino
ecd488a840
data provider: remove prefer_database_credentials 
Google Cloud Storage credentials are now always stored within the data
provider.

Added a migration to read credentials from disk and store them inside the
data provider.

After v2.3 we can also remove credentials_path

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-28 12:55:01 +02:00
Nicola Murino
4a44a7dfe1
improved readlink handling 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-27 18:38:46 +02:00
Nicola Murino
504cd3efda
add groups support 
Using groups simplifies the administration of multiple accounts by
letting you assign settings once to a group, instead of multiple
times to each individual user.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-25 15:49:11 +02:00
zemsten
857b6cc10a
Update full-configuration.md (#799) 
NGINX spelling

Signed-off-by: Samuel Zarn <samz@localhost.localdomain>
 2022-04-22 09:22:36 +02:00
Nicola Murino
cacfffc5bf
OIDC: add support for custom fields 
These fields can be used in the pre-login hook to implement custom
logics

Fixes #787

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-12 19:31:25 +02:00
Nicola Murino
f9d8b83c2a
sshd: disable by default ssh-rsa host key algo 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-04 18:52:19 +02:00
Nicola Murino
254b2ae87f
add support for AWS container 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-03 08:52:36 +02:00
Nicola Murino
5a40f998ae
check and update the password hashing algorithm on user login 
also add ldap md5 variant as per-user request

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-02 22:20:21 +02:00
Nicola Murino
77f3400161
allow to mount virtual folders on root (/) path 
Fixes #783

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-02 18:32:46 +02:00
Nicola Murino
55f8171dd1
sshd: add support for host key certificates 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-01 08:03:56 +02:00
Nicola Murino
a7b159aebb
ssh user certs: add a revoked list 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-31 21:49:06 +02:00
Nicola Murino
8fb256ac91
add link to an external Traefik tutorial 
update deps

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-29 18:13:43 +02:00
Nicola Murino
ca32cd5e0e
allow placeholders for add/update users and folders 
remove session token for S3, a temporary token is useless for our usage

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-27 16:32:21 +02:00
Nicola Murino
5cccb872bb
add support to redirect HTTP to HTTPS 
Fixes #777

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-26 10:00:02 +01:00
Nicola Murino
a193089646
add jq to full docker image variants 
Fixes #767

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-23 11:35:23 +01:00
Nicola Murino
b062b38ef4
docker: add rsync to "full" images 
there are better alternatives and rsync will only work on local
filesystem, but it can still be useful to some people

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-22 17:29:14 +01:00
Nicola Murino
a31a9dc32c
update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-21 17:52:18 +01:00
Pr0pHesyer
fa43791ea9 Optimized typography for better readability 
Signed-off-by: Pr0pHesyer <proskire@protonmail.com>
 2022-03-21 15:05:43 +01:00
Nicola Murino
93b9c1617e
web UI: allow to load custom css 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-19 21:44:27 +01:00
Nicola Murino
4c710d731f
update to Go 1.18 
temporarily disabled docker image for ppcle64 as alpine image
is not yet available

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-18 21:52:00 +01:00
Nicola Murino
d9f30e7ac5
add a global whitelist 
if defined only the listed IPs/networks can access the configured
services, all other client connections will be dropped before they
even try to authenticate

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-17 22:10:52 +01:00
Nicola Murino
03da7f696c
SFTPGo is now listed on Azure Marketplace 
Fixes #684

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-17 14:59:02 +01:00
Nicola Murino
7e7f662a23
ensure that defaults defined in code match the default config file 
Fixes #754

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-14 10:42:14 +01:00
Nicola Murino
0bec1c6012
change the default value for prefer_database_credentials to true ... 
... and deprecate this setting.

In the future we'll remove prefer_database_credentials and
credentials_path and we will not allow the credentials to be saved on
the filesystem

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-13 14:29:11 +01:00
Nicola Murino
5582f5c811
data provider: add automatic backups 
Automatic backup are enabled by default, a new backup will be saved
each day at midnight.

The backups_path setting was moved from the httpd section to the
data_provider one, please adjust your configuration file and or your
env vars

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-13 13:45:07 +01:00
Nicola Murino
5c2fd8d52a
add support for a start directory 
Fixes #705

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-03 12:44:56 +01:00
Nicola Murino
4519bffa39
S3: add support for assume role 
Fixes #736

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-28 20:19:13 +01:00
Nicola Murino
dcc3292dbc
web setup: add an optional installation code 
The purpose of this code is to prevent anyone who can access to
the initial setup screen from creating an admin user

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-27 13:08:47 +01:00
Nicola Murino
7fc5cb80d6
deb/rpm packages: attempt to set the cap_net_bind_service capability 
so the service can bind to privileged ports without running as root user

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-26 10:10:51 +01:00
Nicola Murino
e18ad55067
S3: add support for session tokens 
Fixes #736

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-25 15:30:04 +01:00
Nicola Murino
4e9dae6fa4
allow to cache external authentications 
Fixes #733

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-25 11:51:10 +01:00
Nicola Murino
8bbf54d2b6
azure blobs: add support for multipart downloads 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-21 19:01:31 +01:00
Nicola Murino
c19b03a3f7
shares: add permission to deny sharing without password 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-19 13:31:58 +01:00
Nicola Murino
c6b8644828
OIDC: execute pre-login hook after IDP authentication 
so the SFTPGo users can be auto-created using the hook

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-19 10:53:35 +01:00
Nicola Murino
f1a255aa6c
httpd: allow to restrict allowed hosts ... 
... and to add security headers to the responses

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-17 18:22:27 +01:00
Nicola Murino
1fccd05e9e
allow to configure the minimum version of TLS to be enabled 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-13 15:56:07 +01:00
Nicola Murino
66945c0a02
Web UIs: add OpenID Connect support 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-13 14:30:20 +01:00
Nicola Murino
02db00d008
dataprovider: add naming rules 
naming rules allow to support case insensitive usernames, trim trailing
and leading white spaces, and accept any valid UTF-8 characters in
usernames.

If you were enabling `skip_natural_keys_validation` now you need to
set `naming_rules` to `1`

Fixes #687

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-31 18:01:37 +01:00
Nicola Murino
fb2d59ec92
data provider: add config options for certs validation/authentication 
Fixes #682

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-30 18:04:03 +01:00
Nicola Murino
1df1225eed
add support for data transfer bandwidth limits 
with total limit or separate settings for uploads and downloads and
overrides based on the client's IP address.

Limits can be reset using the REST API

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-30 11:42:36 +01:00
Moroi
aca71bff7a
Fixed typo 
Signed-off-by: Moroi <4635854+Rango-dz@users.noreply.github.com>
 2022-01-26 22:00:59 +01:00
Nicola Murino
ec1d20f46f
sshd: improve docs about supported ciphers, KEX and MACs 
also added a check to ensure that the configured values are valid

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-06 18:09:49 +01:00
Nicola Murino
1f619d5ea6
make the sdk a separate module 
The SFTPGo SDK now is at the following URL

https://github.com/sftpgo/sdk

Fixes #657

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-06 11:54:43 +01:00
Nicola Murino
df86955f28
eventsearcher plugin: add support to search for provider, bucket, endpoint 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-03 17:02:52 +01:00
Nicola Murino
222db53410
notifiers plugin: replace params with a struct 
Fixes #658

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-02 15:16:35 +01:00
Nicola Murino
c36217c654
improve some docs 2021-12-26 14:54:29 +01:00
Nicola Murino
7d8823307f
defender: add provider driver 
Fixes #616
 2021-12-25 12:08:07 +01:00
Nicola Murino
00a02dc14d
howto: add two-factor authentication 2021-12-19 18:08:12 +01:00
Nicola Murino
a587228cf0
add support for metadata plugins 2021-12-16 18:18:36 +01:00
Nicola Murino
a7c0b07a2a
add session id to notifier plugins/hook 2021-12-04 17:27:24 +01:00
Nicola Murino
dc1cc88a46
keyboard interactive hooks: allow to validate passcode 2021-12-04 15:14:44 +01:00
Nicola Murino
bedc8e288b
web client: add support for integrating external viewers/editors 2021-12-03 18:33:08 +01:00
Nicola Murino
6ee51c5cc1
kms: remove support for compat secrets 
also document how to activate the deprecated builtin provider
 2021-12-01 17:53:19 +01:00
Nicola Murino
0f8170c10f
improve some docs and disable telemetry server by default 2021-11-29 17:58:10 +01:00
Nicola Murino
f2480ce5c9
improve chtimes handling on open files 2021-11-26 19:00:44 +01:00
Nicola Murino
4652f9ede8
FTPD: allow to set different passive IPs based on the client's IP address 2021-11-25 12:45:09 +01:00
Nicola Murino
9fb43b2c46
docs: clarify how multi-step auth works with external authentication 
Fixes #617
 2021-11-24 11:27:32 +01:00
Nicola Murino
3d6b09e949
REST API: expose OpenAPI schema and render it using Swagger UI 
Fixes #609
 2021-11-21 09:32:51 +01:00
Nicola Murino
0833b4698e
httpd service: add CORS support 2021-11-13 23:14:50 +01:00
Nicola Murino
ee5c5e033d
S3: add ACL support 
Fixes #610
 2021-11-13 16:05:40 +01:00
Nicola Murino
78233ff9a3
web UI/REST API: add password reset 
In order to reset the password from the admin/client user interface,
an SMTP configuration must be added and the user/admin must have an email
address.
You can prohibit the reset functionality on a per-user basis by using a
specific restriction.

Fixes #597
 2021-11-13 13:25:43 +01:00
Nicola Murino
dfcfcee208
Windows: fix UTC time logging 2021-11-06 16:27:01 +01:00
Nicola Murino
094ee1522e
logger: add a flag to use UTC time for logging 2021-11-06 15:18:16 +01:00
Nicola Murino
3bc58f5988
WebClient/REST API: add sharing support 2021-11-06 14:13:20 +01:00
Nicola Murino
570964deb3
add post-disconnect hook 
Fixes #587
 2021-10-29 19:55:18 +02:00
Nicola Murino
31984ffec1
update logo and add it to windows exe and installer 
thanks to @asheroto for donating the new logo
 2021-10-23 19:27:39 +02:00
Nicola Murino
74fc3aaf37
REST API: add events search 2021-10-23 15:47:21 +02:00
Nicola Murino
97d0a48557
plugins: improve notifier and searcher 2021-10-20 19:39:49 +02:00
Nicola Murino
f131ef130b
add a link to the new events store plugin 2021-10-16 17:08:34 +02:00
Nicola Murino
4a6a4ce28d
sftpfs: map path resolution error to permission denied 
we do the same for os fs so that the problematic directory is excluded
from the webdav listing instead of failing the whole directory listing
 2021-10-16 10:32:18 +02:00
Nicola Murino
4aa9686e3b
refactor custom actions 
SFTPGo is now fully auditable, all fs and provider events that change
something are notified and can be collected using hooks/plugins.

There are some backward incompatible changes for command hooks
 2021-10-10 13:08:05 +02:00
Nicola Murino
64e87d64bd
web client UI: allow to edit plain text files 
Fixes #567
 2021-10-09 14:17:28 +02:00
Nicola Murino
ea01c3a125
rate limiting: allow to exclude IP addresses/ranges 
Fixes #563
 2021-10-03 20:50:05 +02:00
Nicola Murino
1b4a1fbbe5
add data retention check hook 2021-10-03 15:17:49 +02:00
Nicola Murino
ec81a7ac29
actions: add a specific protocol for data retention 2021-10-03 10:22:47 +02:00
Nicola Murino
22d28a37b6
cmd: improve completion sub-commands 2021-10-03 08:14:57 +02:00
Nicola Murino
cc134cad9a
data retention: allow to notify results via e-mail 2021-10-02 22:25:41 +02:00
Nicola Murino
ba1febba73
rework user and admin profiles 
users and admins can now also update their email and description
 2021-09-29 18:46:15 +02:00
Nicola Murino
da0ccc6426
add SMTP support 
it will be used in future update to add email sending capabilities
 2021-09-26 20:25:37 +02:00
Nicola Murino
da5a061b65
add basic REST APIs for data retention 
Fixes #495
 2021-09-25 12:20:31 +02:00
Nicola Murino
6ea38188e8
minor fixes and doc improvements 2021-09-18 10:50:17 +02:00
Nicola Murino
101c2962ab
web client UI: add a permission to disable password change 
Fixes #528
 2021-09-05 18:49:13 +02:00
Nicola Murino
59140a6d51
add additional data to MFA secrets and fix pointers management 2021-09-05 14:10:12 +02:00
Nicola Murino
8a4c21b64a
add builtin two-factor auth support 
The builtin two-factor authentication is based on time-based one time
passwords (RFC 6238) which works with Authy, Google Authenticator and
other compatible apps.
 2021-09-04 12:11:04 +02:00
Nicola Murino
b903a6e46f
data provider: remove default admin 
you need to load initial data or set "create_default_admin" to true
and the appropriate env vars if you don't want to use the web admin
setup screen to create the default admin
 2021-08-20 10:37:51 +02:00
Nicola Murino
bcf088f586
data provider: update internal caches if the data provider is shared 2021-08-20 09:35:06 +02:00
Nicola Murino
0a558203da
improve proxy documentation 
Fixes #507
 2021-08-18 15:27:07 +02:00
Nicola Murino
5a549a88fe
update to Go 1.17 2021-08-18 14:39:56 +02:00
Nicola Murino
fe953d6b38
REST API: add support for API key authentication 2021-08-17 18:08:32 +02:00
erwiese
05c62b9f40
add documentation for defender scores (#500) 
Co-authored-by: Erwin Wiesensarter <erwin.wiesensarter@bkg.bund.de>
 2021-08-13 15:40:33 +02:00
Nicola Murino
555dc3b0c0
transfer logs: add FTP mode 2021-08-10 13:07:38 +02:00
Nicola Murino
a20373b613
add support for auth plugins 2021-08-08 17:09:48 +02:00
Nicola Murino
ced2e16f41
add support for password validation rules 
Fixes #494
 2021-08-06 18:56:07 +02:00
Nicola Murino
a3c087456b
ftpd: add some security checks 2021-08-05 18:38:15 +02:00
Nicola Murino
1e9a19e326
add a howto to use SFTPGo as OpenSSH's SFTP subsystem 2021-07-31 19:09:09 +02:00
mmcgeefeedo
0046c9960a
add support to override default admin credentials via env vars 2021-07-31 10:39:53 +02:00
Nicola Murino
a26962f367
add dot and dot dot directories to sftp/ftp file listing 2021-07-31 09:42:23 +02:00