so we can persist password reset codes, OIDC auth sessions and tokens.
These features will also work in multi-node setups without sicky
sessions now
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
Google Cloud Storage credentials are now always stored within the data
provider.
Added a migration to read credentials from disk and store them inside the
data provider.
After v2.3 we can also remove credentials_path
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
... and deprecate this setting.
In the future we'll remove prefer_database_credentials and
credentials_path and we will not allow the credentials to be saved on
the filesystem
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
The check could be expensive with some backends and is generally
only required the first time that a user logs in
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
with total limit or separate settings for uploads and downloads and
overrides based on the client's IP address.
Limits can be reset using the REST API
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
SFTPGo is now fully auditable, all fs and provider events that change
something are notified and can be collected using hooks/plugins.
There are some backward incompatible changes for command hooks
you need to load initial data or set "create_default_admin" to true
and the appropriate env vars if you don't want to use the web admin
setup screen to create the default admin
WinSCP does not set the APPEND flag while resuming a file upload,
so we detect a file upload resume if the TRUNCATE flag is not set.
The APPEND flag is now ignored.
Fixes#420
If you prefer to auto-create the first admin you can enable the
"create_default_admin" configuration key and SFTPGo will work as before.
You can also create the first admin by loading initial data: now you can
set both username and password, before you could only change the password
The actions to run synchronously can be configured via the `execute_sync`
configuration key.
Executing an action synchronously means that SFTPGo will not return a result
code to the client until your hook have completed its execution.
Fixes#409
X-Forwarded-For, X-Real-IP and X-Forwarded-Proto headers will be ignored
for hosts not included in this list.
This is a backward incompatible change, before the proxy headers were
always used
For each user you can now configure:
- TLS certificate auth
- TLS certificate auth and password
- Password auth
For TLS certificate auth, the certificate common name is used as
username
ioutil is deprecated in Go 1.16 and SFTPGo is an application, not
a library, we have no reason to keep compatibility with old Go
versions.
Go 1.16 fix some cifs related issues too.
The underlying golang webdav library returns Method Not Allowed for
HEAD requests on directories:
https://github.com/golang/net/blob/master/webdav/webdav.go#L210
let's see if we can workaround this inside SFTPGo itself in a similar
way as we do for GET.
The HEAD response will not return a Content-Length, we cannot handle
this inside SFTPGo.
Fixes#294
