beenull/sftpgo-mirror

mirror of https://github.com/drakkan/sftpgo.git synced 2024-11-22 15:40:23 +00:00

Author	SHA1	Message	Date
Nicola Murino	7c724e18fe	add support for ACME compliant certificate authorities Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-05-27 07:39:55 +02:00
Nicola Murino	90c21458b8	OIDC: add support for implicit roles Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-05-22 14:38:25 +02:00
Nicola Murino	1a33b5bb53	allow different TLS certificates for each binding Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-05-21 16:34:47 +02:00
Nicola Murino	0ecaa862bd	web UIs: allow to replace the default CSS Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-05-21 11:05:58 +02:00
Nicola Murino	751946f47a	allow to customize timeout and env vars for program based hooks Fixes #847 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-05-20 19:30:54 +02:00
Nicola Murino	796ea1dde9	allow to store temporary sessions within the data provider so we can persist password reset codes, OIDC auth sessions and tokens. These features will also work in multi-node setups without sicky sessions now Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-05-19 19:49:51 +02:00
Nicola Murino	5d7f6960f3	web UIs: add branding support Fixes #829 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-05-13 19:40:52 +02:00
Nicola Murino	4995cf1b02	defender: allow to load blocklist/safelist also from config/env vars Fixes #831 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-05-13 14:46:07 +02:00
Nicola Murino	ecd488a840	data provider: remove prefer_database_credentials Google Cloud Storage credentials are now always stored within the data provider. Added a migration to read credentials from disk and store them inside the data provider. After v2.3 we can also remove credentials_path Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-04-28 12:55:01 +02:00
Nicola Murino	cacfffc5bf	OIDC: add support for custom fields These fields can be used in the pre-login hook to implement custom logics Fixes #787 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-04-12 19:31:25 +02:00
Nicola Murino	f9d8b83c2a	sshd: disable by default ssh-rsa host key algo Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-04-04 18:52:19 +02:00
Nicola Murino	55f8171dd1	sshd: add support for host key certificates Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-04-01 08:03:56 +02:00
Nicola Murino	a7b159aebb	ssh user certs: add a revoked list Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-03-31 21:49:06 +02:00
Nicola Murino	5cccb872bb	add support to redirect HTTP to HTTPS Fixes #777 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-03-26 10:00:02 +01:00
Nicola Murino	93b9c1617e	web UI: allow to load custom css Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-03-19 21:44:27 +01:00
Nicola Murino	d9f30e7ac5	add a global whitelist if defined only the listed IPs/networks can access the configured services, all other client connections will be dropped before they even try to authenticate Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-03-17 22:10:52 +01:00
Nicola Murino	7e7f662a23	ensure that defaults defined in code match the default config file Fixes #754 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-03-14 10:42:14 +01:00
Nicola Murino	0bec1c6012	change the default value for prefer_database_credentials to true ... ... and deprecate this setting. In the future we'll remove prefer_database_credentials and credentials_path and we will not allow the credentials to be saved on the filesystem Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-03-13 14:29:11 +01:00
Nicola Murino	5582f5c811	data provider: add automatic backups Automatic backup are enabled by default, a new backup will be saved each day at midnight. The backups_path setting was moved from the httpd section to the data_provider one, please adjust your configuration file and or your env vars Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-03-13 13:45:07 +01:00
Nicola Murino	79857a8733	config: restore defaults for smtp templates path It was mistakenly deleted in the previous commit Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-02-27 14:16:38 +01:00
Nicola Murino	dcc3292dbc	web setup: add an optional installation code The purpose of this code is to prevent anyone who can access to the initial setup screen from creating an admin user Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-02-27 13:08:47 +01:00
Nicola Murino	f1a255aa6c	httpd: allow to restrict allowed hosts ... ... and to add security headers to the responses Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-02-17 18:22:27 +01:00
Nicola Murino	1fccd05e9e	allow to configure the minimum version of TLS to be enabled Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-02-13 15:56:07 +01:00
Nicola Murino	66945c0a02	Web UIs: add OpenID Connect support Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-02-13 14:30:20 +01:00
Nicola Murino	02db00d008	dataprovider: add naming rules naming rules allow to support case insensitive usernames, trim trailing and leading white spaces, and accept any valid UTF-8 characters in usernames. If you were enabling `skip_natural_keys_validation` now you need to set `naming_rules` to `1` Fixes #687 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-01-31 18:01:37 +01:00
Nicola Murino	fb2d59ec92	data provider: add config options for certs validation/authentication Fixes #682 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-01-30 18:04:03 +01:00
Nicola Murino	1f619d5ea6	make the sdk a separate module The SFTPGo SDK now is at the following URL https://github.com/sftpgo/sdk Fixes #657 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-01-06 11:54:43 +01:00
Nicola Murino	6d3d94a01f	move kms implementation outside the sdk package Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-01-06 10:11:47 +01:00
Nicola Murino	7c68b03d07	move plugin handling outside the sdk package Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-01-05 11:37:45 +01:00
Nicola Murino	2912b2e92e	sdk: add a logger interface we are now ready to make the sdk a separate module Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-01-04 16:07:41 +01:00
Nicola Murino	a6fe802370	move kms definitions to the sdk package This is the first step to make the sdk a separate module Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2022-01-04 12:49:30 +01:00
Nicola Murino	7d8823307f	defender: add provider driver Fixes #616	2021-12-25 12:08:07 +01:00
Nicola Murino	bedc8e288b	web client: add support for integrating external viewers/editors	2021-12-03 18:33:08 +01:00
Nicola Murino	4652f9ede8	FTPD: allow to set different passive IPs based on the client's IP address	2021-11-25 12:45:09 +01:00
Nicola Murino	3d6b09e949	REST API: expose OpenAPI schema and render it using Swagger UI Fixes #609	2021-11-21 09:32:51 +01:00
Nicola Murino	0833b4698e	httpd service: add CORS support	2021-11-13 23:14:50 +01:00
Martijn Pieters	f6938e76dc	Parse auth plugin information from env	2021-11-02 11:36:30 +01:00
Nicola Murino	570964deb3	add post-disconnect hook Fixes #587	2021-10-29 19:55:18 +02:00
Nicola Murino	74fc3aaf37	REST API: add events search	2021-10-23 15:47:21 +02:00
Nicola Murino	4aa9686e3b	refactor custom actions SFTPGo is now fully auditable, all fs and provider events that change something are notified and can be collected using hooks/plugins. There are some backward incompatible changes for command hooks	2021-10-10 13:08:05 +02:00
Nicola Murino	ea01c3a125	rate limiting: allow to exclude IP addresses/ranges Fixes #563	2021-10-03 20:50:05 +02:00
Nicola Murino	1b4a1fbbe5	add data retention check hook	2021-10-03 15:17:49 +02:00
Nicola Murino	cc134cad9a	data retention: allow to notify results via e-mail	2021-10-02 22:25:41 +02:00
Nicola Murino	da0ccc6426	add SMTP support it will be used in future update to add email sending capabilities	2021-09-26 20:25:37 +02:00
Nicola Murino	8a4c21b64a	add builtin two-factor auth support The builtin two-factor authentication is based on time-based one time passwords (RFC 6238) which works with Authy, Google Authenticator and other compatible apps.	2021-09-04 12:11:04 +02:00
Nicola Murino	bcf088f586	data provider: update internal caches if the data provider is shared	2021-08-20 09:35:06 +02:00
Nicola Murino	be3857d572	dataprovider: add timestamp fields for users and admins	2021-08-19 15:51:43 +02:00
Nicola Murino	ced2e16f41	add support for password validation rules Fixes #494	2021-08-06 18:56:07 +02:00
Nicola Murino	a3c087456b	ftpd: add some security checks	2021-08-05 18:38:15 +02:00
Nicola Murino	4781921336	fix loading enabled_ssh_commands config key	2021-07-29 00:54:22 +02:00

1 2 3 4

168 commits