Nicola Murino
f45c89fc46
add rate limiting support for REST API/web admin too
2021-04-19 08:14:04 +02:00
Nicola Murino
112e3b2fc2
add rate limiting support
2021-04-18 12:31:06 +02:00
Nicola Murino
c844fc7477
add support for delayed quota update
...
If there are a lot of close uploads, accumulating quota updates can
save you many queries to the data provider
2021-04-11 08:38:43 +02:00
Nicola Murino
0bc4db9950
web admin: make base url configurable
2021-04-09 22:02:48 +02:00
Nicola Murino
acb4310c11
add a startup hook
2021-04-05 10:07:59 +02:00
Nicola Murino
4c658bb6f0
webdav: add prefix support
2021-03-07 17:10:45 +01:00
Nicola Murino
df41f0c556
add a setting to skip natural keys validation
...
Enabling the "skip_natural_keys_validation" data provider setting,
the natural keys for REST API/Web Admin as usernames, admin names,
folder names are not restricted to unreserved URI chars
Fixes #334 #308
2021-03-04 09:48:53 +01:00
Nicola Murino
5da4f931c5
TLS: allow to configure cipher suites
...
Fixes #316
2021-02-18 20:17:16 +01:00
Nicola Murino
a21ccad174
web hooks: add mutual TLS support
2021-02-13 14:41:37 +01:00
Nicola Murino
6a6e8fffbc
web hooks: improve resilience by adding a configurable retry
...
the retryable http client is used for hooks that notify events
2021-02-12 21:42:49 +01:00
Nicola Murino
78bf808322
virtual folders: change dataprovider structure
...
This way we no longer depend on the local file system path and so we can
add support for cloud backends in future updates
2021-02-01 19:04:15 +01:00
Nicola Murino
57976b4085
httpd: add mTLS and multiple bindings support
2021-01-19 18:59:41 +01:00
Nicola Murino
778ec9b88f
REST API v2
...
- add JWT authentication
- admins are now stored inside the data provider
- admin access can be restricted based on the source IP: both proxy
header and connection IP are checked
- deprecate REST API CLI: it is not relevant anymore
Some other changes to the REST API can still happen before releasing
SFTPGo 2.0.0
Fixes #197
2021-01-17 22:29:08 +01:00
Nicola Murino
684f4ba1a6
mutal TLS: add support for revocation lists
2021-01-03 17:03:04 +01:00
Nicola Murino
1e1c46ae1b
defender: minor docs improvements
2021-01-02 20:02:05 +01:00
Nicola Murino
037d89a320
add support for a basic built-in defender
...
It can help to prevent DoS and brute force password guessing
2021-01-02 14:05:09 +01:00
Nicola Murino
40e759c983
FTP: add support for client certificate authentication
2020-12-29 09:20:09 +01:00
Nicola Murino
141ca6777c
webdav: add support for client certificate authentication
...
Fixes #263
2020-12-28 19:48:23 +01:00
Nicola Murino
1dce1eff48
improve FTP support
...
- allow to disable active mode
- allow to disable SITE commands
- add optional support for calculating hash value of files
- add optional support for the non standard COMB command
2020-12-24 18:48:06 +01:00
Nicola Murino
c69d63c1f8
add support for multiple bindings
...
Fixes #253
2020-12-23 16:12:30 +01:00
Nicola Murino
bcf0fa073e
telemetry server: add optional https and authentication
2020-12-18 16:04:42 +01:00
Nicola Murino
143df87fee
add some docs for telemetry server
...
move pprof to the telemetry server only
2020-12-18 09:47:22 +01:00
Nicola Murino
f34462e3c3
add support for limiting max concurrent client connections
2020-12-15 19:29:30 +01:00
Nicola Murino
634b723b5d
add KMS support
...
Fixes #226
2020-11-30 21:46:34 +01:00
Nicola Murino
0119fd03a6
webdav: user caching is now mandatory
...
we cache the lock system with the user, without user caching we cannot
support locks for resource
2020-11-04 22:29:25 +01:00
Nicola Murino
0a14297b48
webdav: performance improvements and bug fixes
...
we need my custom golang/x/net/webdav fork for now
https://github.com/drakkan/net/tree/sftpgo
2020-11-04 19:11:40 +01:00
Nicola Murino
641493e31a
fix default config file
...
restore a setting changed for a local test
2020-10-31 11:34:50 +01:00
Nicola Murino
fcfdd633f6
Azure Blob: update SDK and add access tier support
2020-10-30 22:17:17 +01:00
Sean Hildebrand
db7e81e9d0
add prefer_database_credentials configuration parameter
...
When true, users' Google Cloud Storage credentials will be written to
the data provider instead of disk.
Pre-existing credentials on disk will be used as a fallback
Fixes #201
2020-10-22 10:42:40 +02:00
Nicola Murino
c992072286
data provider: add a setting to prevent auto-update
2020-10-05 19:42:33 +02:00
Nicola Murino
bdf18fa862
password hashing: exposes argon2 options
...
So the hashing complexity can be changed depending on available
memory/CPU resources and business requirements
2020-09-04 17:09:31 +02:00
Nicola Murino
a59163e56c
multi-step auth: don't advertise password method if it is disabled
...
also rename the settings to password_authentication so it is more like
OpenSSH, add some test cases and improve documentation
2020-09-01 19:34:40 +02:00
Nicola Murino
dbed110d02
WebDAV: add caching for authenticated users
...
In this way we get a big performance boost
2020-08-31 19:25:17 +02:00
Nicola Murino
600a107699
initprovider: check if the provider is already initialized
...
exit with code 0 if no initialization is required
2020-08-30 13:50:43 +02:00
Nicola Murino
8b0a1817b3
add check password hook
...
its main use case is to allow to easily support things like password+OTP for
protocols without keyboard interactive support such as FTP and WebDAV
2020-08-19 19:36:12 +02:00
Nicola Murino
0dbf0cc81f
WebDAV: add CORS support
2020-08-15 15:55:20 +02:00
Nicola Murino
196a56726e
FTP improvements
...
- add a setting to require TLS
- add symlink support
require TLS 1.2 for all TLS connections
2020-08-15 13:02:25 +02:00
Nicola Murino
aa0ed5dbd0
add post-login hook
...
a login scope is supported too so you can get notifications for failed logins,
successful logins or both
2020-08-12 16:15:12 +02:00
Nicola Murino
a9e21c282a
add WebDAV support
...
Fixes #147
2020-08-11 23:56:10 +02:00
Nicola Murino
22338ed478
add post connect hook
...
Fixes #144
2020-07-30 22:33:49 +02:00
Nicola Murino
93ce96d011
add support for the venerable FTP protocol
...
Fixes #46
2020-07-29 21:56:56 +02:00
Nicola Murino
4e41a5583d
refactoring: add common package
...
The common package defines the interfaces that a protocol must implement
and contain code that can be shared among supported protocols.
This way should be easier to support new protocols
2020-07-24 23:39:38 +02:00
Nicola Murino
8306b6bde6
refactor virtual folders
...
The same virtual folder can now be shared among users and different
folder quota limits for each user are supported.
Fixes #120
2020-06-07 23:30:18 +02:00
Nicola Murino
c27e3ef436
actions: add a generic hook to define external commands and HTTP URL
...
We can only define a single hook now and it can be an HTTP notification
or an external command, not both
2020-05-24 15:29:39 +02:00
Nicola Murino
a08dd85efd
sftpd: deprecate keys and add a new host_keys config param
...
host_key defines the private host keys as plain list of strings.
Remove the other deprecated config params from the default config too.
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2020-05-16 23:26:44 +02:00
Nicola Murino
cf148db75d
add test case for expired SSH certificate
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2020-05-15 23:23:49 +02:00
Nicola Murino
738c7ab43e
sftpd: add support for SSH user certificate authentication
...
This add support for PROTOCOL.certkeys vendor extension:
https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.8
Fixes #117
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2020-05-15 20:08:53 +02:00
Nicola Murino
f369fdf6f2
httpclient: add a configuration parameter to skip TLS certificate validation
...
In this mode, TLS is susceptible to man-in-the-middle attacks.
This should be used only for testing.
2020-05-03 11:37:50 +02:00
Nicola Murino
d377181b25
add a new configuration section for HTTP clients
...
HTTP clients are used for executing hooks such as the ones used for custom
actions, external authentication and pre-login user modifications.
This allows, for example, to use self-signed certificate without defeating the
purpose of using TLS
2020-04-26 23:29:09 +02:00
Nicola Murino
9046acbe68
add HTTP hooks
...
external auth, pre-login user modification and keyboard interactive
authentication is now supported via HTTP requests too
2020-04-01 23:25:23 +02:00