Commit graph

178 commits

Author SHA1 Message Date
Nicola Murino
bdb6f585c7
add a setting to skip natural keys validation
Enabling the "skip_natural_keys_validation" data provider setting,
the natural keys for REST API/Web Admin as usernames, admin names,
folder names are not restricted to unreserved URI chars

Fixes #334 #308
2021-03-05 19:08:22 +01:00
Nicola Murino
be9230e85b
micro optimizations spotted using the go-critic linter 2021-02-16 19:11:36 +01:00
Nicola Murino
b1ce6eb85b
web admin: allow to set an empty password for SFTPGo users 2021-02-15 19:38:53 +01:00
Nicola Murino
46176a54b4
minor doc fixes 2021-02-14 22:08:08 +01:00
Nicola Murino
1ac66d27b6
Use IEC units for byte counting everywhere 2021-02-12 22:16:35 +01:00
Nicola Murino
6a6e8fffbc
web hooks: improve resilience by adding a configurable retry
the retryable http client is used for hooks that notify events
2021-02-12 21:42:49 +01:00
Nicola Murino
51f110bc7b
sftpd: add statvfs@openssh.com support 2021-02-11 19:45:52 +01:00
Nicola Murino
db80781716
validation: improve error message for invalid chars 2021-02-08 21:32:59 +01:00
Nicola Murino
17e2b234a0
dataprovider: fix migration with old mysql versions
Fixes #298
2021-02-06 14:33:51 +01:00
Nicola Murino
267d9f1831
web ui: allow to create folders from a template 2021-02-04 19:09:43 +01:00
Nicola Murino
78bf808322
virtual folders: change dataprovider structure
This way we no longer depend on the local file system path and so we can
add support for cloud backends in future updates
2021-02-01 19:04:15 +01:00
Nicola Murino
46ab8f8d78
post-login hook: add the full user JSON serialized
Fixes #284
2021-01-26 18:05:44 +01:00
Nicola Murino
54321c5240
web ui: allow to create multiple users from a template 2021-01-25 21:31:33 +01:00
Nicola Murino
778ec9b88f
REST API v2
- add JWT authentication
- admins are now stored inside the data provider
- admin access can be restricted based on the source IP: both proxy
  header and connection IP are checked
- deprecate REST API CLI: it is not relevant anymore

Some other changes to the REST API can still happen before releasing
SFTPGo 2.0.0

Fixes #197
2021-01-17 22:29:08 +01:00
Nicola Murino
daac90c4e1
fix a potential race condition for pre-login and ext auth
hooks

doing something like this:

err = provider.updateUser(u)
...
return provider.userExists(username)

could be racy if another update happen before

provider.userExists(username)

also pass a pointer to updateUser so if the user is modified inside
"validateUser" we can just return the modified user without do a new
query
2021-01-05 09:50:22 +01:00
Nicola Murino
72b2c83392
defender: allow hot-reloading for safe and block lists 2021-01-04 17:52:14 +01:00
Nicola Murino
037d89a320
add support for a basic built-in defender
It can help to prevent DoS and brute force password guessing
2021-01-02 14:05:09 +01:00
Nicola Murino
e536a638c9
web UI: improve user cloning 2020-12-26 15:11:38 +01:00
Nicola Murino
72e3d464b8
sftpfs: fix fingerprints copy for memory provider 2020-12-12 10:56:02 +01:00
Nicola Murino
a6985075b9
add sftpfs storage backend
Fixes #224
2020-12-12 10:31:09 +01:00
Nicola Murino
50982229e1
REST API: add a method to get the status of the services
added a status page to the built-in web admin
2020-12-08 11:18:34 +01:00
Nicola Murino
c451f742aa
revertprovider: crypted provider was not supported in v4
also ensure to initialize kms before the dataprovider, it could be
needed to downgrade secret from cloud kms providers
2020-12-06 10:36:48 +01:00
Nicola Murino
034d89876d
webdav: fix proppatch handling
also respect login delay for cached webdav users and check the home dir as
soon as the user authenticates

Fixes #239
2020-12-06 08:19:41 +01:00
Nicola Murino
4a88ea5c03
add Data At Rest Encryption support 2020-12-05 13:48:13 +01:00
Nicola Murino
634b723b5d
add KMS support
Fixes #226
2020-11-30 21:46:34 +01:00
Nicola Murino
2142ef20c5
fix some typos 2020-11-26 22:18:12 +01:00
Nicola Murino
224ce5fe81
add revertprovider subcommand
Fixes #233
2020-11-26 22:08:33 +01:00
Nicola Murino
4bb9d07dde
user: add a free text field
Fixes #230
2020-11-25 22:26:34 +01:00
Nicola Murino
2054dfd83d
create the credential directory when needed
The credentials dir is currently required only for GCS users if
prefer database credential setting is false, so defer its creation
and don't fail to start the services if this directory is missing
2020-11-25 14:18:12 +01:00
Nicola Murino
6699f5c2cc
initial data loading: an error is no longer fatal
therefore it does not prevent the services from starting
2020-11-25 09:18:36 +01:00
Estel Smith
70bde8b2bc
memory provider: print a log if loading the initial dump fails
therefore this error is no longer fatal and does not prevent the services
from starting

Fixes #229
2020-11-25 09:15:23 +01:00
Nicola Murino
dccc583b5d
add a dedicated struct to store encrypted credentials
also gcs credentials are now encrypted, both on disk and inside the
provider.

Data provider is automatically migrated and load data will accept
old format too but you should upgrade to the new format to avoid future
issues
2020-11-22 21:53:04 +01:00
Nicola Murino
e3eca424f1
web admin: allow both allowed and denied extensions/patterns for a dir
this fix a regression introduced in the previous commit
2020-11-16 19:21:50 +01:00
Nicola Murino
a6355e298e
add support for limit files using shell like patterns
Fixes #209
2020-11-15 22:04:48 +01:00
Nicola Murino
0a14297b48
webdav: performance improvements and bug fixes
we need my custom golang/x/net/webdav fork for now

https://github.com/drakkan/net/tree/sftpgo
2020-11-04 19:11:40 +01:00
Nicola Murino
6ad4cc317c
cloud backends: stat and other performance improvements 2020-11-02 19:16:12 +01:00
Nicola Murino
ac3bae00fc
add support for SFTP subsystem mode
Fixes #204
2020-10-29 19:23:33 +01:00
Nicola Murino
e54828a7b8
add metrics for Azure Blob storage 2020-10-26 19:01:17 +01:00
Nicola Murino
5ff8f75917
add Azure Blob support 2020-10-25 08:18:48 +01:00
Sean Hildebrand
db7e81e9d0
add prefer_database_credentials configuration parameter
When true, users' Google Cloud Storage credentials will be written to
the data provider instead of disk.
Pre-existing credentials on disk will be used as a fallback

Fixes #201
2020-10-22 10:42:40 +02:00
Nicola Murino
ce9387f1ab
update dependencies and some docs 2020-10-09 20:25:42 +02:00
Mark Sagi-Kazar
5e2db77ef9 refactor: add an enum for filesystem providers
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2020-10-05 21:40:21 +02:00
Nicola Murino
c992072286
data provider: add a setting to prevent auto-update 2020-10-05 19:42:33 +02:00
Nicola Murino
3e2afc35ba
data provider: try to automatically initialize it if required 2020-10-05 12:55:49 +02:00
Ilias Trichopoulos
c65dd86d5e
Fix typos (#181) 2020-10-05 11:29:18 +02:00
Nicola Murino
f0c9b55036 dataprovider: improve user validation errors
Fixes #170
2020-09-18 19:21:24 +02:00
Nicola Murino
542554fb2c replace the library to verify UNIX's crypt(3) passwords 2020-09-04 21:08:09 +02:00
Nicola Murino
bdf18fa862 password hashing: exposes argon2 options
So the hashing complexity can be changed depending on available
memory/CPU resources and business requirements
2020-09-04 17:09:31 +02:00
Nicola Murino
a59163e56c multi-step auth: don't advertise password method if it is disabled
also rename the settings to password_authentication so it is more like
OpenSSH, add some test cases and improve documentation
2020-09-01 19:34:40 +02:00
Nicola Murino
3925c7ff95 REST API/Web admin: add a parameter to disconnect a user after an update
This way you can force the user to login again and so to use the updated
configuration.

A deleted user will be automatically disconnected.

Fixes #163

Improved some docs too.
2020-09-01 16:10:26 +02:00