Nicola Murino
6a6e8fffbc
web hooks: improve resilience by adding a configurable retry
...
the retryable http client is used for hooks that notify events
2021-02-12 21:42:49 +01:00
Nicola Murino
51f110bc7b
sftpd: add statvfs@openssh.com support
2021-02-11 19:45:52 +01:00
Nicola Murino
db80781716
validation: improve error message for invalid chars
2021-02-08 21:32:59 +01:00
Nicola Murino
17e2b234a0
dataprovider: fix migration with old mysql versions
...
Fixes #298
2021-02-06 14:33:51 +01:00
Nicola Murino
267d9f1831
web ui: allow to create folders from a template
2021-02-04 19:09:43 +01:00
Nicola Murino
78bf808322
virtual folders: change dataprovider structure
...
This way we no longer depend on the local file system path and so we can
add support for cloud backends in future updates
2021-02-01 19:04:15 +01:00
Nicola Murino
46ab8f8d78
post-login hook: add the full user JSON serialized
...
Fixes #284
2021-01-26 18:05:44 +01:00
Nicola Murino
54321c5240
web ui: allow to create multiple users from a template
2021-01-25 21:31:33 +01:00
Nicola Murino
778ec9b88f
REST API v2
...
- add JWT authentication
- admins are now stored inside the data provider
- admin access can be restricted based on the source IP: both proxy
header and connection IP are checked
- deprecate REST API CLI: it is not relevant anymore
Some other changes to the REST API can still happen before releasing
SFTPGo 2.0.0
Fixes #197
2021-01-17 22:29:08 +01:00
Nicola Murino
daac90c4e1
fix a potential race condition for pre-login and ext auth
...
hooks
doing something like this:
err = provider.updateUser(u)
...
return provider.userExists(username)
could be racy if another update happen before
provider.userExists(username)
also pass a pointer to updateUser so if the user is modified inside
"validateUser" we can just return the modified user without do a new
query
2021-01-05 09:50:22 +01:00
Nicola Murino
72b2c83392
defender: allow hot-reloading for safe and block lists
2021-01-04 17:52:14 +01:00
Nicola Murino
037d89a320
add support for a basic built-in defender
...
It can help to prevent DoS and brute force password guessing
2021-01-02 14:05:09 +01:00
Nicola Murino
e536a638c9
web UI: improve user cloning
2020-12-26 15:11:38 +01:00
Nicola Murino
72e3d464b8
sftpfs: fix fingerprints copy for memory provider
2020-12-12 10:56:02 +01:00
Nicola Murino
a6985075b9
add sftpfs storage backend
...
Fixes #224
2020-12-12 10:31:09 +01:00
Nicola Murino
50982229e1
REST API: add a method to get the status of the services
...
added a status page to the built-in web admin
2020-12-08 11:18:34 +01:00
Nicola Murino
c451f742aa
revertprovider: crypted provider was not supported in v4
...
also ensure to initialize kms before the dataprovider, it could be
needed to downgrade secret from cloud kms providers
2020-12-06 10:36:48 +01:00
Nicola Murino
034d89876d
webdav: fix proppatch handling
...
also respect login delay for cached webdav users and check the home dir as
soon as the user authenticates
Fixes #239
2020-12-06 08:19:41 +01:00
Nicola Murino
4a88ea5c03
add Data At Rest Encryption support
2020-12-05 13:48:13 +01:00
Nicola Murino
634b723b5d
add KMS support
...
Fixes #226
2020-11-30 21:46:34 +01:00
Nicola Murino
2142ef20c5
fix some typos
2020-11-26 22:18:12 +01:00
Nicola Murino
224ce5fe81
add revertprovider subcommand
...
Fixes #233
2020-11-26 22:08:33 +01:00
Nicola Murino
4bb9d07dde
user: add a free text field
...
Fixes #230
2020-11-25 22:26:34 +01:00
Nicola Murino
2054dfd83d
create the credential directory when needed
...
The credentials dir is currently required only for GCS users if
prefer database credential setting is false, so defer its creation
and don't fail to start the services if this directory is missing
2020-11-25 14:18:12 +01:00
Nicola Murino
6699f5c2cc
initial data loading: an error is no longer fatal
...
therefore it does not prevent the services from starting
2020-11-25 09:18:36 +01:00
Estel Smith
70bde8b2bc
memory provider: print a log if loading the initial dump fails
...
therefore this error is no longer fatal and does not prevent the services
from starting
Fixes #229
2020-11-25 09:15:23 +01:00
Nicola Murino
dccc583b5d
add a dedicated struct to store encrypted credentials
...
also gcs credentials are now encrypted, both on disk and inside the
provider.
Data provider is automatically migrated and load data will accept
old format too but you should upgrade to the new format to avoid future
issues
2020-11-22 21:53:04 +01:00
Nicola Murino
e3eca424f1
web admin: allow both allowed and denied extensions/patterns for a dir
...
this fix a regression introduced in the previous commit
2020-11-16 19:21:50 +01:00
Nicola Murino
a6355e298e
add support for limit files using shell like patterns
...
Fixes #209
2020-11-15 22:04:48 +01:00
Nicola Murino
0a14297b48
webdav: performance improvements and bug fixes
...
we need my custom golang/x/net/webdav fork for now
https://github.com/drakkan/net/tree/sftpgo
2020-11-04 19:11:40 +01:00
Nicola Murino
6ad4cc317c
cloud backends: stat and other performance improvements
2020-11-02 19:16:12 +01:00
Nicola Murino
ac3bae00fc
add support for SFTP subsystem mode
...
Fixes #204
2020-10-29 19:23:33 +01:00
Nicola Murino
e54828a7b8
add metrics for Azure Blob storage
2020-10-26 19:01:17 +01:00
Nicola Murino
5ff8f75917
add Azure Blob support
2020-10-25 08:18:48 +01:00
Sean Hildebrand
db7e81e9d0
add prefer_database_credentials configuration parameter
...
When true, users' Google Cloud Storage credentials will be written to
the data provider instead of disk.
Pre-existing credentials on disk will be used as a fallback
Fixes #201
2020-10-22 10:42:40 +02:00
Nicola Murino
ce9387f1ab
update dependencies and some docs
2020-10-09 20:25:42 +02:00
Mark Sagi-Kazar
5e2db77ef9
refactor: add an enum for filesystem providers
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2020-10-05 21:40:21 +02:00
Nicola Murino
c992072286
data provider: add a setting to prevent auto-update
2020-10-05 19:42:33 +02:00
Nicola Murino
3e2afc35ba
data provider: try to automatically initialize it if required
2020-10-05 12:55:49 +02:00
Ilias Trichopoulos
c65dd86d5e
Fix typos ( #181 )
2020-10-05 11:29:18 +02:00
Nicola Murino
f0c9b55036
dataprovider: improve user validation errors
...
Fixes #170
2020-09-18 19:21:24 +02:00
Nicola Murino
542554fb2c
replace the library to verify UNIX's crypt(3) passwords
2020-09-04 21:08:09 +02:00
Nicola Murino
bdf18fa862
password hashing: exposes argon2 options
...
So the hashing complexity can be changed depending on available
memory/CPU resources and business requirements
2020-09-04 17:09:31 +02:00
Nicola Murino
a59163e56c
multi-step auth: don't advertise password method if it is disabled
...
also rename the settings to password_authentication so it is more like
OpenSSH, add some test cases and improve documentation
2020-09-01 19:34:40 +02:00
Nicola Murino
3925c7ff95
REST API/Web admin: add a parameter to disconnect a user after an update
...
This way you can force the user to login again and so to use the updated
configuration.
A deleted user will be automatically disconnected.
Fixes #163
Improved some docs too.
2020-09-01 16:10:26 +02:00
Nicola Murino
dbed110d02
WebDAV: add caching for authenticated users
...
In this way we get a big performance boost
2020-08-31 19:25:17 +02:00
Nicola Murino
91a4c64390
fix initprovider exit code for MySQL and PostgreSQL
2020-08-30 14:00:45 +02:00
Nicola Murino
600a107699
initprovider: check if the provider is already initialized
...
exit with code 0 if no initialization is required
2020-08-30 13:50:43 +02:00
Nicola Murino
02e35ee002
sftpd: add Readlink support
2020-08-22 14:52:17 +02:00
Nicola Murino
8b0a1817b3
add check password hook
...
its main use case is to allow to easily support things like password+OTP for
protocols without keyboard interactive support such as FTP and WebDAV
2020-08-19 19:36:12 +02:00