Commit graph

334 commits

Author SHA1 Message Date
Tim Birkett
a5d0cbbe44
chore: fix a linting error (#834)
Signed-off-by: Tim Birkett <tim.birkett@sainsburys.co.uk>
2022-05-13 11:14:38 +02:00
Tim Birkett
7b1a0d3cd3
chore: disallow all crawlers with robots.txt (#833)
Signed-off-by: Tim Birkett <tim.birkett@sainsburys.co.uk>
2022-05-13 09:23:43 +02:00
Nicola Murino
1e0b3a2a8c
web client: add share mode read/write
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-09 19:09:43 +02:00
Nicola Murino
80da2dc722
try to automatically find shared data dirs in system-wide paths
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-05 11:27:19 +02:00
Nicola Murino
ecd488a840
data provider: remove prefer_database_credentials
Google Cloud Storage credentials are now always stored within the data
provider.

Added a migration to read credentials from disk and store them inside the
data provider.

After v2.3 we can also remove credentials_path

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-28 12:55:01 +02:00
Nicola Murino
504cd3efda
add groups support
Using groups simplifies the administration of multiple accounts by
letting you assign settings once to a group, instead of multiple
times to each individual user.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-25 15:49:11 +02:00
Nicola Murino
002a06629e
refactoring of user session counters
Fixes #792

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-14 19:07:41 +02:00
Nicola Murino
cacfffc5bf
OIDC: add support for custom fields
These fields can be used in the pre-login hook to implement custom
logics

Fixes #787

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-12 19:31:25 +02:00
Nicola Murino
254b2ae87f
add support for AWS container
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-03 08:52:36 +02:00
Nicola Murino
77f3400161
allow to mount virtual folders on root (/) path
Fixes #783

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-02 18:32:46 +02:00
Nicola Murino
3521bacc4a
web user templates: ensure we can save valid users
users with no public key and password are now valid after the recent
changes

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-01 09:47:54 +02:00
Nicola Murino
5c114b28e3
sshd: we don't need the user certificate
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-31 18:16:50 +02:00
Nicola Murino
8fb256ac91
add link to an external Traefik tutorial
update deps

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-29 18:13:43 +02:00
Nicola Murino
ca32cd5e0e
allow placeholders for add/update users and folders
remove session token for S3, a temporary token is useless for our usage

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-27 16:32:21 +02:00
Nicola Murino
5cccb872bb
add support to redirect HTTP to HTTPS
Fixes #777

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-26 10:00:02 +01:00
Nicola Murino
aaf940edab
enforce CSRF token usage by the same IP for which it was issued
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-26 08:41:50 +01:00
ismail BASKIN
853086b942
Add role field array support (#774)
oidc: add array role field support

Signed-off-by: Ismail Baskin <ismailbaskin5@gmail.com>
2022-03-25 10:36:35 +01:00
Nicola Murino
d955ddcef9
check that the jwt token is used by the same IP for which it
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-24 22:03:17 +01:00
Nicola Murino
9bfdc10172
add support for ipfilter plugins
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-23 10:58:01 +01:00
Nicola Murino
93b9c1617e
web UI: allow to load custom css
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-19 21:44:27 +01:00
Nicola Murino
4c710d731f
update to Go 1.18
temporarily disabled docker image for ppcle64 as alpine image
is not yet available

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-18 21:52:00 +01:00
Nicola Murino
d9f30e7ac5
add a global whitelist
if defined only the listed IPs/networks can access the configured
services, all other client connections will be dropped before they
even try to authenticate

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-17 22:10:52 +01:00
Nicola Murino
0bec1c6012
change the default value for prefer_database_credentials to true ...
... and deprecate this setting.

In the future we'll remove prefer_database_credentials and
credentials_path and we will not allow the credentials to be saved on
the filesystem

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-13 14:29:11 +01:00
Nicola Murino
5582f5c811
data provider: add automatic backups
Automatic backup are enabled by default, a new backup will be saved
each day at midnight.

The backups_path setting was moved from the httpd section to the
data_provider one, please adjust your configuration file and or your
env vars

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-13 13:45:07 +01:00
Nicola Murino
d8de0faef5
allow to require two-factor auth for users
Fixes #721

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-06 16:57:13 +01:00
Nicola Murino
5c2fd8d52a
add support for a start directory
Fixes #705

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-03 12:44:56 +01:00
Nicola Murino
4519bffa39
S3: add support for assume role
Fixes #736

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-28 20:19:13 +01:00
Nicola Murino
1ea7429921
initprovider: add load data options
Fixes #741

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-28 17:05:18 +01:00
Nicola Murino
79857a8733
config: restore defaults for smtp templates path
It was mistakenly deleted in the previous commit

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-27 14:16:38 +01:00
Nicola Murino
dcc3292dbc
web setup: add an optional installation code
The purpose of this code is to prevent anyone who can access to
the initial setup screen from creating an admin user

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-27 13:08:47 +01:00
Nicola Murino
7f674a7fb3
add more details to the server status page
add all supported fields to the OpenAPI docs

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-26 16:43:29 +01:00
Nicola Murino
e18ad55067
S3: add support for session tokens
Fixes #736

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-25 15:30:04 +01:00
Nicola Murino
4e9dae6fa4
allow to cache external authentications
Fixes #733

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-25 11:51:10 +01:00
Nicola Murino
f5a0559be6
don't execute fs check if the user has recent activity
The check could be expensive with some backends and is generally
only required the first time that a user logs in

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-24 16:11:35 +01:00
Nicola Murino
670018f05e
OIDC: add profile and email scope to OAuth2 config
Fixes #728

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-22 10:20:14 +01:00
Nicola Murino
8bbf54d2b6
azure blobs: add support for multipart downloads
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-21 19:01:31 +01:00
Nicola Murino
c19b03a3f7
shares: add permission to deny sharing without password
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-19 13:31:58 +01:00
Nicola Murino
c6b8644828
OIDC: execute pre-login hook after IDP authentication
so the SFTPGo users can be auto-created using the hook

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-19 10:53:35 +01:00
Nicola Murino
f1a255aa6c
httpd: allow to restrict allowed hosts ...
... and to add security headers to the responses

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-17 18:22:27 +01:00
Nicola Murino
f1832d4478
shares: add an upload form for shares with write scope
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-15 19:19:25 +01:00
Nicola Murino
1fccd05e9e
allow to configure the minimum version of TLS to be enabled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-13 15:56:07 +01:00
Nicola Murino
66945c0a02
Web UIs: add OpenID Connect support
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-13 14:30:20 +01:00
Nicola Murino
fa0ca8fe89
quota summary and docs improvements
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-08 12:43:08 +01:00
Nicola Murino
9382db751c
make HTTP shares browsable
if you share a single folder with read scope, you can now browse the share
and download single files

Fixes #674
See #677

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-06 16:46:43 +01:00
Nicola Murino
cd35636939
S3: add a timeout for single part uploads
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-01 12:15:56 +01:00
Nicola Murino
02db00d008
dataprovider: add naming rules
naming rules allow to support case insensitive usernames, trim trailing
and leading white spaces, and accept any valid UTF-8 characters in
usernames.

If you were enabling `skip_natural_keys_validation` now you need to
set `naming_rules` to `1`

Fixes #687

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-31 18:01:37 +01:00
Nicola Murino
1df1225eed
add support for data transfer bandwidth limits
with total limit or separate settings for uploads and downloads and
overrides based on the client's IP address.

Limits can be reset using the REST API

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-30 11:42:36 +01:00
Jeremy Clerc
9709aed5e6 httpd: webpath redirect using status found (302)
301 MovedPermanently is cached by the browser which can
be annoying when it is is on base path like / while one
may reuse the domain (e.g. localhost) for other apps/tests.

Fixes #695

Signed-off-by: Jeremy Clerc <jeremy@clerc.io>
2022-01-26 21:50:37 +01:00
Nicola Murino
d2a4178846
check quota usage between ongoing transfers
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-20 18:19:20 +01:00
Nicola Murino
d73be7aee5
remove the use of some unnecessary pointers
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-16 12:09:17 +01:00