Nicola Murino
f1a255aa6c
httpd: allow to restrict allowed hosts ...
...
... and to add security headers to the responses
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-17 18:22:27 +01:00
Nicola Murino
1fccd05e9e
allow to configure the minimum version of TLS to be enabled
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-13 15:56:07 +01:00
Nicola Murino
66945c0a02
Web UIs: add OpenID Connect support
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-13 14:30:20 +01:00
Nicola Murino
02db00d008
dataprovider: add naming rules
...
naming rules allow to support case insensitive usernames, trim trailing
and leading white spaces, and accept any valid UTF-8 characters in
usernames.
If you were enabling `skip_natural_keys_validation` now you need to
set `naming_rules` to `1`
Fixes #687
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-31 18:01:37 +01:00
Nicola Murino
fb2d59ec92
data provider: add config options for certs validation/authentication
...
Fixes #682
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-30 18:04:03 +01:00
Nicola Murino
7d8823307f
defender: add provider driver
...
Fixes #616
2021-12-25 12:08:07 +01:00
Nicola Murino
bedc8e288b
web client: add support for integrating external viewers/editors
2021-12-03 18:33:08 +01:00
Nicola Murino
0f8170c10f
improve some docs and disable telemetry server by default
2021-11-29 17:58:10 +01:00
Nicola Murino
4652f9ede8
FTPD: allow to set different passive IPs based on the client's IP address
2021-11-25 12:45:09 +01:00
Nicola Murino
8a8298ad46
web client: improve file upload
2021-11-22 12:25:36 +01:00
Nicola Murino
3d6b09e949
REST API: expose OpenAPI schema and render it using Swagger UI
...
Fixes #609
2021-11-21 09:32:51 +01:00
Nicola Murino
0833b4698e
httpd service: add CORS support
2021-11-13 23:14:50 +01:00
Nicola Murino
570964deb3
add post-disconnect hook
...
Fixes #587
2021-10-29 19:55:18 +02:00
Nicola Murino
4aa9686e3b
refactor custom actions
...
SFTPGo is now fully auditable, all fs and provider events that change
something are notified and can be collected using hooks/plugins.
There are some backward incompatible changes for command hooks
2021-10-10 13:08:05 +02:00
Nicola Murino
ea01c3a125
rate limiting: allow to exclude IP addresses/ranges
...
Fixes #563
2021-10-03 20:50:05 +02:00
Nicola Murino
1b4a1fbbe5
add data retention check hook
2021-10-03 15:17:49 +02:00
Nicola Murino
cc134cad9a
data retention: allow to notify results via e-mail
2021-10-02 22:25:41 +02:00
Nicola Murino
da0ccc6426
add SMTP support
...
it will be used in future update to add email sending capabilities
2021-09-26 20:25:37 +02:00
Nicola Murino
8a4c21b64a
add builtin two-factor auth support
...
The builtin two-factor authentication is based on time-based one time
passwords (RFC 6238) which works with Authy, Google Authenticator and
other compatible apps.
2021-09-04 12:11:04 +02:00
Nicola Murino
bcf088f586
data provider: update internal caches if the data provider is shared
2021-08-20 09:35:06 +02:00
Nicola Murino
ced2e16f41
add support for password validation rules
...
Fixes #494
2021-08-06 18:56:07 +02:00
Nicola Murino
a3c087456b
ftpd: add some security checks
2021-08-05 18:38:15 +02:00
mmcgeefeedo
3ae8abda9e
sftpd: add folder prefix middleware
2021-07-29 00:32:55 +02:00
Nicola Murino
90b324d707
Add a link on the login pages to switch between admin and web client login
...
The links are hidden if only the web admin or only thw web client is
enabled and can also be controlled using the "hide_login_url" setting
Fixes #485
2021-07-27 18:43:00 +02:00
Nicola Murino
ae8ccadad2
users API: add API to create, delete, rename files and directories
2021-07-23 10:19:27 +02:00
Nicola Murino
5967aa1aa5
FTP: enable ftpserverlib logging and make debug mode configurable
2021-07-20 17:22:08 +02:00
Nicola Murino
5a568b4077
KMS: allow to provide the master encryption key as string
2021-07-17 15:34:48 +02:00
Nicola Murino
bd5191dfc5
add experimental plugin system
2021-07-11 15:26:51 +02:00
Nicola Murino
ff19879ffd
allow to use a persistent signing key for JWT and CSRF tokens
...
Fixes #466
2021-07-01 20:17:40 +02:00
Nicola Murino
3b46e6a6fb
add support for a global temp path
...
Fixes #436
2021-05-27 15:38:27 +02:00
Nicola Murino
600268ebb8
httpclient: allow to set custom headers
2021-05-25 08:36:01 +02:00
Nicola Murino
f2b93c0402
add a setup screen to create the first admin user
...
If you prefer to auto-create the first admin you can enable the
"create_default_admin" configuration key and SFTPGo will work as before.
You can also create the first admin by loading initial data: now you can
set both username and password, before you could only change the password
2021-05-14 19:21:15 +02:00
Nicola Murino
fa45c9c138
allow to execute actions for file operations and SSH commands synchronously
...
The actions to run synchronously can be configured via the `execute_sync`
configuration key.
Executing an action synchronously means that SFTPGo will not return a result
code to the client until your hook have completed its execution.
Fixes #409
2021-05-11 12:45:14 +02:00
Nicola Murino
c8f7fc9bc9
httpd/webdav: add a list of hosts allowed to send proxy headers
...
X-Forwarded-For, X-Real-IP and X-Forwarded-Proto headers will be ignored
for hosts not included in this list.
This is a backward incompatible change, before the proxy headers were
always used
2021-05-11 06:54:06 +02:00
Nicola Murino
8f6cdacd00
allow to limit the number of per-host connections
2021-05-08 19:45:21 +02:00
Nicola Murino
23d9ebfc91
add a basic front-end web interface for end-users
...
Fixes #339 #321 #398
2021-05-06 21:35:43 +02:00
Nicola Murino
46998252e5
use bcrypt as default password hashing algo
...
argon2id has a high memory cost and, if not properly tuned, it can lead to
resource starvation.
Advanced users can still configure and use argon2id.
Passwords stored as argon2id will continue to work
2021-04-25 09:38:33 +02:00
Nicola Murino
92638ce93d
add support for hashing password using bcrypt
...
argon2id remains the default
2021-04-20 13:55:09 +02:00
Nicola Murino
6ef85d6026
add, optional, in memory password caching
...
Verifying argon2 passwords has a high memory and computational cost,
by enabling, in memory, password caching you reduce this cost
2021-04-20 09:39:36 +02:00
Nicola Murino
f45c89fc46
add rate limiting support for REST API/web admin too
2021-04-19 08:14:04 +02:00
Nicola Murino
112e3b2fc2
add rate limiting support
2021-04-18 12:31:06 +02:00
Nicola Murino
c844fc7477
add support for delayed quota update
...
If there are a lot of close uploads, accumulating quota updates can
save you many queries to the data provider
2021-04-11 08:38:43 +02:00
Nicola Murino
0bc4db9950
web admin: make base url configurable
2021-04-09 22:02:48 +02:00
Nicola Murino
acb4310c11
add a startup hook
2021-04-05 10:07:59 +02:00
Nicola Murino
4c658bb6f0
webdav: add prefix support
2021-03-07 17:10:45 +01:00
Nicola Murino
df41f0c556
add a setting to skip natural keys validation
...
Enabling the "skip_natural_keys_validation" data provider setting,
the natural keys for REST API/Web Admin as usernames, admin names,
folder names are not restricted to unreserved URI chars
Fixes #334 #308
2021-03-04 09:48:53 +01:00
Nicola Murino
5da4f931c5
TLS: allow to configure cipher suites
...
Fixes #316
2021-02-18 20:17:16 +01:00
Nicola Murino
a21ccad174
web hooks: add mutual TLS support
2021-02-13 14:41:37 +01:00
Nicola Murino
6a6e8fffbc
web hooks: improve resilience by adding a configurable retry
...
the retryable http client is used for hooks that notify events
2021-02-12 21:42:49 +01:00
Nicola Murino
78bf808322
virtual folders: change dataprovider structure
...
This way we no longer depend on the local file system path and so we can
add support for cloud backends in future updates
2021-02-01 19:04:15 +01:00