Commit graph

268 commits

Author SHA1 Message Date
Nicola Murino
a20373b613
add support for auth plugins 2021-08-08 17:09:48 +02:00
Nicola Murino
ced2e16f41
add support for password validation rules
Fixes #494
2021-08-06 18:56:07 +02:00
Nicola Murino
a3c087456b
ftpd: add some security checks 2021-08-05 18:38:15 +02:00
Nicola Murino
1e9a19e326
add a howto to use SFTPGo as OpenSSH's SFTP subsystem 2021-07-31 19:09:09 +02:00
mmcgeefeedo
0046c9960a
add support to override default admin credentials via env vars 2021-07-31 10:39:53 +02:00
Nicola Murino
a26962f367
add dot and dot dot directories to sftp/ftp file listing 2021-07-31 09:42:23 +02:00
Nicola Murino
f778e47d22
sftpd: minor improvements and docs for the prefix middleware 2021-07-29 20:12:23 +02:00
Nicola Murino
90b324d707
Add a link on the login pages to switch between admin and web client login
The links are hidden if only the web admin or only thw web client is
enabled and can also be controlled using the "hide_login_url" setting

Fixes #485
2021-07-27 18:43:00 +02:00
Nicola Murino
a7313e4492
webdav: add new test cases and fix some lock related issues
Our net/webdav branch now include the following patches:

https://github.com/golang/net/pull/92
https://github.com/golang/net/pull/93
https://github.com/golang/net/pull/94
2021-07-25 09:55:14 +02:00
Nicola Murino
c41ae116eb
improve logging
Fixes #381
2021-07-24 20:11:17 +02:00
Nicola Murino
ae8ccadad2
users API: add API to create, delete, rename files and directories 2021-07-23 10:19:27 +02:00
Nicola Murino
5967aa1aa5
FTP: enable ftpserverlib logging and make debug mode configurable 2021-07-20 17:22:08 +02:00
Nicola Murino
c900cde8e4
notifiers plugin: add settings to retry unhandled events 2021-07-20 12:51:21 +02:00
Nicola Murino
5a568b4077
KMS: allow to provide the master encryption key as string 2021-07-17 15:34:48 +02:00
Nicola Murino
030507a2ce
add some docs for the plugin system 2021-07-17 14:14:42 +02:00
Nicola Murino
338301955f
move cloud KMS providers to an external plugin 2021-07-17 13:08:05 +02:00
Nicola Murino
6d313f6d8f
expose KMS as plugin 2021-07-16 18:22:42 +02:00
Nicola Murino
bd5191dfc5
add experimental plugin system 2021-07-11 15:26:51 +02:00
Nicola Murino
302ec2558c
add notifications for mkdir/rmdir 2021-07-03 18:07:55 +02:00
Nicola Murino
ff19879ffd
allow to use a persistent signing key for JWT and CSRF tokens
Fixes #466
2021-07-01 20:17:40 +02:00
Nicola Murino
076b2f0ee0
modules: add v2 support 2021-06-26 07:31:41 +02:00
Nicola Murino
ac8d8a3da1
update portable mode docs 2021-06-19 19:40:53 +02:00
Nicola Murino
3bb0ca1d2b
config: remove deprecated configuration keys 2021-06-19 09:47:06 +02:00
Nicola Murino
62744e081b
get HTTPD binding from env: respect the documented default 2021-06-17 15:57:41 +02:00
Nicola Murino
4d97ab9eb9
Let's Encrypt tutorial: use sudo where appropriate 2021-06-14 22:35:08 +02:00
Nicola Murino
8ed13dc4a9
docs: document how to use Let's Encrypt Certificates 2021-06-14 22:05:55 +02:00
Nicola Murino
9d3d7db29c
azblob: store SAS URL as kms.Secret 2021-06-11 22:27:36 +02:00
Nicola Murino
4be6307d87
webadmin: add defender page 2021-06-08 13:24:28 +02:00
Nicola Murino
976f588863
improve docs to enable FTP/WebDAV
Fixes #447
2021-06-02 09:49:31 +02:00
Nicola Murino
575bcf1f03
add remote address to transfer and commands logs 2021-06-01 22:28:43 +02:00
Nicola Murino
969c992bfd
pre-upload: execute the hook just before opening the target file 2021-05-31 22:40:47 +02:00
Nicola Murino
c1239fbf59
pre-upload action: add file open flags
Reading the flags the hook receiver can detect if the client wants to
truncate the target file
2021-05-31 22:33:23 +02:00
Nicola Murino
c63b923ec3
cryptfs: add support for atomic uploads 2021-05-31 21:45:29 +02:00
Nicola Murino
423d8306be
webclient: allow to download multiple files as zip 2021-05-30 23:07:46 +02:00
Nicola Murino
3b46e6a6fb
add support for a global temp path
Fixes #436
2021-05-27 15:38:27 +02:00
Nicola Murino
25a44030f9
actions: add pre-download and pre-upload
Downloads and uploads can be denied based on hook response
2021-05-26 07:48:37 +02:00
Nicola Murino
600268ebb8
httpclient: allow to set custom headers 2021-05-25 08:36:01 +02:00
Nicola Murino
50e441849a
try to make the web admin more user friendly
removed all the textarea with fields separated using "::".
This should, hopefully, improve user experience
2021-05-23 22:02:01 +02:00
Nicola Murino
b9bc8d722d
try to improve web client credentials page
I should do the same for the admin page too
2021-05-22 09:54:27 +02:00
Nicola Murino
9fc4be6d40
minor doc fixes 2021-05-20 18:34:38 +02:00
Nicola Murino
ecfed4dc04
Add a Getting Started Guide 2021-05-20 18:16:27 +02:00
Nicola Murino
8ecf64f481
httpclient: accepts timeouts as float
Fixes #428
2021-05-16 12:50:06 +02:00
Nicola Murino
f2b93c0402
add a setup screen to create the first admin user
If you prefer to auto-create the first admin you can enable the
"create_default_admin" configuration key and SFTPGo will work as before.

You can also create the first admin by loading initial data: now you can
set both username and password, before you could only change the password
2021-05-14 19:21:15 +02:00
Nicola Murino
fa45c9c138
allow to execute actions for file operations and SSH commands synchronously
The actions to run synchronously can be configured via the `execute_sync`
configuration key.

Executing an action synchronously means that SFTPGo will not return a result
code to the client until your hook have completed its execution.

Fixes #409
2021-05-11 12:45:14 +02:00
Nicola Murino
c8f7fc9bc9
httpd/webdav: add a list of hosts allowed to send proxy headers
X-Forwarded-For, X-Real-IP and X-Forwarded-Proto headers will be ignored
for hosts not included in this list.

This is a backward incompatible change, before the proxy headers were
always used
2021-05-11 06:54:06 +02:00
Nicola Murino
8f6cdacd00
allow to limit the number of per-host connections 2021-05-08 19:45:21 +02:00
Nicola Murino
23d9ebfc91
add a basic front-end web interface for end-users
Fixes #339 #321 #398
2021-05-06 21:35:43 +02:00
Nicola Murino
32db0787bb
add an example script for scheduled quota updates 2021-04-26 21:53:09 +02:00
Nicola Murino
3941255733
docs: fix a typo 2021-04-25 09:42:19 +02:00
Nicola Murino
46998252e5
use bcrypt as default password hashing algo
argon2id has a high memory cost and, if not properly tuned, it can lead to
resource starvation.

Advanced users can still configure and use argon2id.
Passwords stored as argon2id will continue to work
2021-04-25 09:38:33 +02:00
Nicola Murino
92638ce93d
add support for hashing password using bcrypt
argon2id remains the default
2021-04-20 13:55:09 +02:00
Nicola Murino
6ef85d6026
add, optional, in memory password caching
Verifying argon2 passwords has a high memory and computational cost,
by enabling, in memory, password caching you reduce this cost
2021-04-20 09:39:36 +02:00
Nicola Murino
f45c89fc46
add rate limiting support for REST API/web admin too 2021-04-19 08:14:04 +02:00
Nicola Murino
112e3b2fc2
add rate limiting support 2021-04-18 12:31:06 +02:00
Nicola Murino
124c471a2b
FTPD: make sure that the passive ip, if provided, is valid
The server will refuse to start if the provided passive ip is not a
valid IPv4 address.

Fixes #376
2021-04-16 15:08:10 +02:00
Nicola Murino
c844fc7477
add support for delayed quota update
If there are a lot of close uploads, accumulating quota updates can
save you many queries to the data provider
2021-04-11 08:38:43 +02:00
Nicola Murino
0bc4db9950
web admin: make base url configurable 2021-04-09 22:02:48 +02:00
Nicola Murino
ed26d68948
portable mode: add SFTP buffer size 2021-04-07 19:47:39 +02:00
Nicola Murino
b389f93d97
allow to select sha256-simd using an env var 2021-04-07 16:25:58 +02:00
Nicola Murino
acb4310c11
add a startup hook 2021-04-05 10:07:59 +02:00
Nicola Murino
fdf3f23df5
allow to disable some hooks on a per-user basis
This way you can, for example, mix external and internal users
2021-04-04 22:32:25 +02:00
Nicola Murino
ea26d7786c
sftpfs: add buffering support
this way we improve performance over high latency networks
2021-04-03 16:00:55 +02:00
Nicola Murino
2f56375121
improve SFTP loop detection 2021-04-01 18:53:48 +02:00
Nicola Murino
5cd27ce529
document Cockroach driver name 2021-03-27 19:41:00 +01:00
Nicola Murino
9ad750da54
WebDAV: try to preserve the lock fs as much as possible 2021-03-27 19:10:27 +01:00
Nicola Murino
5f49af1780
external auth: allow to inspect and preserve an existing user 2021-03-26 15:19:01 +01:00
Nicola Murino
6bc5c64a3a
webdav: ignore path, perm and not exist errors in PROPFIND
Fixes #340
2021-03-24 13:32:20 +01:00
Nicola Murino
28f1d66ae5
link the Active Directory example in the howto section 2021-03-22 09:52:05 +01:00
Nicola Murino
f249286cb1
docs: add some notes about the new virtual folders support
fixe a failing test case for the memory provider
2021-03-21 19:47:11 +01:00
Nicola Murino
d6dc3a507e
extend virtual folders support to all storage backends
Fixes #241
2021-03-21 19:15:47 +01:00
Nicola Murino
0286da2356
try to auto create virtual folders if missing 2021-03-10 22:30:56 +01:00
Nicola Murino
4c658bb6f0
webdav: add prefix support 2021-03-07 17:10:45 +01:00
Nicola Murino
055506e518
sftpfs: add an option to disable concurrent reads 2021-03-06 15:41:40 +01:00
Nicola Murino
df41f0c556
add a setting to skip natural keys validation
Enabling the "skip_natural_keys_validation" data provider setting,
the natural keys for REST API/Web Admin as usernames, admin names,
folder names are not restricted to unreserved URI chars

Fixes #334 #308
2021-03-04 09:48:53 +01:00
Nicola Murino
3243181c5f
Add a link to the OpenAPI schema where relevant
Fixes #329
2021-03-01 22:22:05 +01:00
Nicola Murino
534b253c20
WebDAV: improve TLS certificate authentication
For each user you can now configure:

- TLS certificate auth
- TLS certificate auth and password
- Password auth

For TLS certificate auth, the certificate common name is used as
username
2021-03-01 19:28:11 +01:00
Nicola Murino
a6e36e7cad
FTP: improve TLS certificate authentication
For each user you can now configure:

- TLS certificate auth
- TLS certificate auth and password
- Password auth

For TLS auth, the certificate common name must match the name provided
using the "USER" FTP command
2021-02-28 12:10:40 +01:00
Nicola Murino
5da4f931c5
TLS: allow to configure cipher suites
Fixes #316
2021-02-18 20:17:16 +01:00
Nicola Murino
b1ce6eb85b
web admin: allow to set an empty password for SFTPGo users 2021-02-15 19:38:53 +01:00
Nicola Murino
46176a54b4
minor doc fixes 2021-02-14 22:08:08 +01:00
Nicola Murino
a21ccad174
web hooks: add mutual TLS support 2021-02-13 14:41:37 +01:00
Nicola Murino
6a6e8fffbc
web hooks: improve resilience by adding a configurable retry
the retryable http client is used for hooks that notify events
2021-02-12 21:42:49 +01:00
Nicola Murino
1bccb93fcb
rename default branch from master to main 2021-02-09 19:53:03 +01:00
Nicola Murino
a219d25cac
webdav: update the doc
the user specific path is now gone
2021-02-04 07:46:40 +01:00
Nicola Murino
78bf808322
virtual folders: change dataprovider structure
This way we no longer depend on the local file system path and so we can
add support for cloud backends in future updates
2021-02-01 19:04:15 +01:00
Nicola Murino
46ab8f8d78
post-login hook: add the full user JSON serialized
Fixes #284
2021-01-26 18:05:44 +01:00
Nicola Murino
80f5ccd357
web admin: add backup/restore 2021-01-22 19:42:18 +01:00
Nicola Murino
57976b4085
httpd: add mTLS and multiple bindings support 2021-01-19 18:59:41 +01:00
Nicola Murino
41a1af863e
OpenAPI: minor changes 2021-01-18 13:24:38 +01:00
Nicola Murino
778ec9b88f
REST API v2
- add JWT authentication
- admins are now stored inside the data provider
- admin access can be restricted based on the source IP: both proxy
  header and connection IP are checked
- deprecate REST API CLI: it is not relevant anymore

Some other changes to the REST API can still happen before releasing
SFTPGo 2.0.0

Fixes #197
2021-01-17 22:29:08 +01:00
Nicola Murino
a8a17a223a
scp: minor improvements
document that we don't support wildcard expansion.

I should refactor scp code ...
2021-01-05 22:32:30 +01:00
Nicola Murino
72b2c83392
defender: allow hot-reloading for safe and block lists 2021-01-04 17:52:14 +01:00
Nicola Murino
684f4ba1a6
mutal TLS: add support for revocation lists 2021-01-03 17:03:04 +01:00
Nicola Murino
1e1c46ae1b
defender: minor docs improvements 2021-01-02 20:02:05 +01:00
Nicola Murino
d6b3acdb62
add REST API for the defender 2021-01-02 19:33:24 +01:00
Nicola Murino
037d89a320
add support for a basic built-in defender
It can help to prevent DoS and brute force password guessing
2021-01-02 14:05:09 +01:00
Nicola Murino
0966d44c0f
httpd: add support for listening over a Unix-domain socket
Fixes #266
2020-12-29 19:02:56 +01:00
Nicola Murino
40e759c983
FTP: add support for client certificate authentication 2020-12-29 09:20:09 +01:00
Nicola Murino
141ca6777c
webdav: add support for client certificate authentication
Fixes #263
2020-12-28 19:48:23 +01:00
Nicola Murino
1dce1eff48
improve FTP support
- allow to disable active mode
- allow to disable SITE commands
- add optional support for calculating hash value of files
- add optional support for the non standard COMB command
2020-12-24 18:48:06 +01:00