Nicola Murino
f6b11c2d01
httpd/webdav: allow to configure trusted proxy header and depth
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-28 19:47:23 +02:00
Nicola Murino
32da923dfe
httpd: add a setting to customize tokens validation
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-28 13:28:50 +02:00
Nicola Murino
7c724e18fe
add support for ACME compliant certificate authorities
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-27 07:39:55 +02:00
Nicola Murino
90c21458b8
OIDC: add support for implicit roles
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-22 14:38:25 +02:00
Nicola Murino
1a33b5bb53
allow different TLS certificates for each binding
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-21 16:34:47 +02:00
Nicola Murino
0ecaa862bd
web UIs: allow to replace the default CSS
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-21 11:05:58 +02:00
Nicola Murino
751946f47a
allow to customize timeout and env vars for program based hooks
...
Fixes #847
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-20 19:30:54 +02:00
Nicola Murino
5d7f6960f3
web UIs: add branding support
...
Fixes #829
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-13 19:40:52 +02:00
Nicola Murino
4995cf1b02
defender: allow to load blocklist/safelist also from config/env vars
...
Fixes #831
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-13 14:46:07 +02:00
Nicola Murino
ecd488a840
data provider: remove prefer_database_credentials
...
Google Cloud Storage credentials are now always stored within the data
provider.
Added a migration to read credentials from disk and store them inside the
data provider.
After v2.3 we can also remove credentials_path
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-28 12:55:01 +02:00
Nicola Murino
cacfffc5bf
OIDC: add support for custom fields
...
These fields can be used in the pre-login hook to implement custom
logics
Fixes #787
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-12 19:31:25 +02:00
Nicola Murino
f9d8b83c2a
sshd: disable by default ssh-rsa host key algo
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-04 18:52:19 +02:00
Nicola Murino
55f8171dd1
sshd: add support for host key certificates
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-01 08:03:56 +02:00
Nicola Murino
a7b159aebb
ssh user certs: add a revoked list
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-31 21:49:06 +02:00
Nicola Murino
5cccb872bb
add support to redirect HTTP to HTTPS
...
Fixes #777
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-26 10:00:02 +01:00
Nicola Murino
93b9c1617e
web UI: allow to load custom css
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-19 21:44:27 +01:00
Nicola Murino
d9f30e7ac5
add a global whitelist
...
if defined only the listed IPs/networks can access the configured
services, all other client connections will be dropped before they
even try to authenticate
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-17 22:10:52 +01:00
Nicola Murino
7e7f662a23
ensure that defaults defined in code match the default config file
...
Fixes #754
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-14 10:42:14 +01:00
Nicola Murino
0bec1c6012
change the default value for prefer_database_credentials to true ...
...
... and deprecate this setting.
In the future we'll remove prefer_database_credentials and
credentials_path and we will not allow the credentials to be saved on
the filesystem
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-13 14:29:11 +01:00
Nicola Murino
5582f5c811
data provider: add automatic backups
...
Automatic backup are enabled by default, a new backup will be saved
each day at midnight.
The backups_path setting was moved from the httpd section to the
data_provider one, please adjust your configuration file and or your
env vars
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-13 13:45:07 +01:00
Nicola Murino
79857a8733
config: restore defaults for smtp templates path
...
It was mistakenly deleted in the previous commit
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-27 14:16:38 +01:00
Nicola Murino
dcc3292dbc
web setup: add an optional installation code
...
The purpose of this code is to prevent anyone who can access to
the initial setup screen from creating an admin user
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-27 13:08:47 +01:00
Nicola Murino
f1a255aa6c
httpd: allow to restrict allowed hosts ...
...
... and to add security headers to the responses
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-17 18:22:27 +01:00
Nicola Murino
1fccd05e9e
allow to configure the minimum version of TLS to be enabled
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-13 15:56:07 +01:00
Nicola Murino
66945c0a02
Web UIs: add OpenID Connect support
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-13 14:30:20 +01:00
Nicola Murino
02db00d008
dataprovider: add naming rules
...
naming rules allow to support case insensitive usernames, trim trailing
and leading white spaces, and accept any valid UTF-8 characters in
usernames.
If you were enabling `skip_natural_keys_validation` now you need to
set `naming_rules` to `1`
Fixes #687
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-31 18:01:37 +01:00
Nicola Murino
fb2d59ec92
data provider: add config options for certs validation/authentication
...
Fixes #682
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-30 18:04:03 +01:00
Nicola Murino
6d3d94a01f
move kms implementation outside the sdk package
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-06 10:11:47 +01:00
Nicola Murino
7c68b03d07
move plugin handling outside the sdk package
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-05 11:37:45 +01:00
Nicola Murino
a6fe802370
move kms definitions to the sdk package
...
This is the first step to make the sdk a separate module
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-01-04 12:49:30 +01:00
Nicola Murino
7d8823307f
defender: add provider driver
...
Fixes #616
2021-12-25 12:08:07 +01:00
Nicola Murino
bedc8e288b
web client: add support for integrating external viewers/editors
2021-12-03 18:33:08 +01:00
Nicola Murino
4652f9ede8
FTPD: allow to set different passive IPs based on the client's IP address
2021-11-25 12:45:09 +01:00
Nicola Murino
3d6b09e949
REST API: expose OpenAPI schema and render it using Swagger UI
...
Fixes #609
2021-11-21 09:32:51 +01:00
Nicola Murino
0833b4698e
httpd service: add CORS support
2021-11-13 23:14:50 +01:00
Martijn Pieters
f6938e76dc
Parse auth plugin information from env
2021-11-02 11:36:30 +01:00
Nicola Murino
570964deb3
add post-disconnect hook
...
Fixes #587
2021-10-29 19:55:18 +02:00
Nicola Murino
74fc3aaf37
REST API: add events search
2021-10-23 15:47:21 +02:00
Nicola Murino
4aa9686e3b
refactor custom actions
...
SFTPGo is now fully auditable, all fs and provider events that change
something are notified and can be collected using hooks/plugins.
There are some backward incompatible changes for command hooks
2021-10-10 13:08:05 +02:00
Nicola Murino
ea01c3a125
rate limiting: allow to exclude IP addresses/ranges
...
Fixes #563
2021-10-03 20:50:05 +02:00
Nicola Murino
1b4a1fbbe5
add data retention check hook
2021-10-03 15:17:49 +02:00
Nicola Murino
cc134cad9a
data retention: allow to notify results via e-mail
2021-10-02 22:25:41 +02:00
Nicola Murino
da0ccc6426
add SMTP support
...
it will be used in future update to add email sending capabilities
2021-09-26 20:25:37 +02:00
Nicola Murino
8a4c21b64a
add builtin two-factor auth support
...
The builtin two-factor authentication is based on time-based one time
passwords (RFC 6238) which works with Authy, Google Authenticator and
other compatible apps.
2021-09-04 12:11:04 +02:00
Nicola Murino
bcf088f586
data provider: update internal caches if the data provider is shared
2021-08-20 09:35:06 +02:00
Nicola Murino
ced2e16f41
add support for password validation rules
...
Fixes #494
2021-08-06 18:56:07 +02:00
Nicola Murino
a3c087456b
ftpd: add some security checks
2021-08-05 18:38:15 +02:00
Nicola Murino
4781921336
fix loading enabled_ssh_commands config key
2021-07-29 00:54:22 +02:00
mmcgeefeedo
3ae8abda9e
sftpd: add folder prefix middleware
2021-07-29 00:32:55 +02:00
Nicola Murino
90b324d707
Add a link on the login pages to switch between admin and web client login
...
The links are hidden if only the web admin or only thw web client is
enabled and can also be controlled using the "hide_login_url" setting
Fixes #485
2021-07-27 18:43:00 +02:00