Nicola Murino
f131ef130b
add a link to the new events store plugin
2021-10-16 17:08:34 +02:00
Nicola Murino
4a6a4ce28d
sftpfs: map path resolution error to permission denied
...
we do the same for os fs so that the problematic directory is excluded
from the webdav listing instead of failing the whole directory listing
2021-10-16 10:32:18 +02:00
Nicola Murino
4aa9686e3b
refactor custom actions
...
SFTPGo is now fully auditable, all fs and provider events that change
something are notified and can be collected using hooks/plugins.
There are some backward incompatible changes for command hooks
2021-10-10 13:08:05 +02:00
Nicola Murino
64e87d64bd
web client UI: allow to edit plain text files
...
Fixes #567
2021-10-09 14:17:28 +02:00
Nicola Murino
ea01c3a125
rate limiting: allow to exclude IP addresses/ranges
...
Fixes #563
2021-10-03 20:50:05 +02:00
Nicola Murino
1b4a1fbbe5
add data retention check hook
2021-10-03 15:17:49 +02:00
Nicola Murino
ec81a7ac29
actions: add a specific protocol for data retention
2021-10-03 10:22:47 +02:00
Nicola Murino
22d28a37b6
cmd: improve completion sub-commands
2021-10-03 08:14:57 +02:00
Nicola Murino
cc134cad9a
data retention: allow to notify results via e-mail
2021-10-02 22:25:41 +02:00
Nicola Murino
ba1febba73
rework user and admin profiles
...
users and admins can now also update their email and description
2021-09-29 18:46:15 +02:00
Nicola Murino
da0ccc6426
add SMTP support
...
it will be used in future update to add email sending capabilities
2021-09-26 20:25:37 +02:00
Nicola Murino
da5a061b65
add basic REST APIs for data retention
...
Fixes #495
2021-09-25 12:20:31 +02:00
Nicola Murino
6ea38188e8
minor fixes and doc improvements
2021-09-18 10:50:17 +02:00
Nicola Murino
101c2962ab
web client UI: add a permission to disable password change
...
Fixes #528
2021-09-05 18:49:13 +02:00
Nicola Murino
59140a6d51
add additional data to MFA secrets and fix pointers management
2021-09-05 14:10:12 +02:00
Nicola Murino
8a4c21b64a
add builtin two-factor auth support
...
The builtin two-factor authentication is based on time-based one time
passwords (RFC 6238) which works with Authy, Google Authenticator and
other compatible apps.
2021-09-04 12:11:04 +02:00
Nicola Murino
b903a6e46f
data provider: remove default admin
...
you need to load initial data or set "create_default_admin" to true
and the appropriate env vars if you don't want to use the web admin
setup screen to create the default admin
2021-08-20 10:37:51 +02:00
Nicola Murino
bcf088f586
data provider: update internal caches if the data provider is shared
2021-08-20 09:35:06 +02:00
Nicola Murino
0a558203da
improve proxy documentation
...
Fixes #507
2021-08-18 15:27:07 +02:00
Nicola Murino
5a549a88fe
update to Go 1.17
2021-08-18 14:39:56 +02:00
Nicola Murino
fe953d6b38
REST API: add support for API key authentication
2021-08-17 18:08:32 +02:00
erwiese
05c62b9f40
add documentation for defender scores ( #500 )
...
Co-authored-by: Erwin Wiesensarter <erwin.wiesensarter@bkg.bund.de>
2021-08-13 15:40:33 +02:00
Nicola Murino
555dc3b0c0
transfer logs: add FTP mode
2021-08-10 13:07:38 +02:00
Nicola Murino
a20373b613
add support for auth plugins
2021-08-08 17:09:48 +02:00
Nicola Murino
ced2e16f41
add support for password validation rules
...
Fixes #494
2021-08-06 18:56:07 +02:00
Nicola Murino
a3c087456b
ftpd: add some security checks
2021-08-05 18:38:15 +02:00
Nicola Murino
1e9a19e326
add a howto to use SFTPGo as OpenSSH's SFTP subsystem
2021-07-31 19:09:09 +02:00
mmcgeefeedo
0046c9960a
add support to override default admin credentials via env vars
2021-07-31 10:39:53 +02:00
Nicola Murino
a26962f367
add dot and dot dot directories to sftp/ftp file listing
2021-07-31 09:42:23 +02:00
Nicola Murino
f778e47d22
sftpd: minor improvements and docs for the prefix middleware
2021-07-29 20:12:23 +02:00
Nicola Murino
90b324d707
Add a link on the login pages to switch between admin and web client login
...
The links are hidden if only the web admin or only thw web client is
enabled and can also be controlled using the "hide_login_url" setting
Fixes #485
2021-07-27 18:43:00 +02:00
Nicola Murino
a7313e4492
webdav: add new test cases and fix some lock related issues
...
Our net/webdav branch now include the following patches:
https://github.com/golang/net/pull/92
https://github.com/golang/net/pull/93
https://github.com/golang/net/pull/94
2021-07-25 09:55:14 +02:00
Nicola Murino
c41ae116eb
improve logging
...
Fixes #381
2021-07-24 20:11:17 +02:00
Nicola Murino
ae8ccadad2
users API: add API to create, delete, rename files and directories
2021-07-23 10:19:27 +02:00
Nicola Murino
5967aa1aa5
FTP: enable ftpserverlib logging and make debug mode configurable
2021-07-20 17:22:08 +02:00
Nicola Murino
c900cde8e4
notifiers plugin: add settings to retry unhandled events
2021-07-20 12:51:21 +02:00
Nicola Murino
5a568b4077
KMS: allow to provide the master encryption key as string
2021-07-17 15:34:48 +02:00
Nicola Murino
030507a2ce
add some docs for the plugin system
2021-07-17 14:14:42 +02:00
Nicola Murino
338301955f
move cloud KMS providers to an external plugin
2021-07-17 13:08:05 +02:00
Nicola Murino
6d313f6d8f
expose KMS as plugin
2021-07-16 18:22:42 +02:00
Nicola Murino
bd5191dfc5
add experimental plugin system
2021-07-11 15:26:51 +02:00
Nicola Murino
302ec2558c
add notifications for mkdir/rmdir
2021-07-03 18:07:55 +02:00
Nicola Murino
ff19879ffd
allow to use a persistent signing key for JWT and CSRF tokens
...
Fixes #466
2021-07-01 20:17:40 +02:00
Nicola Murino
076b2f0ee0
modules: add v2 support
2021-06-26 07:31:41 +02:00
Nicola Murino
ac8d8a3da1
update portable mode docs
2021-06-19 19:40:53 +02:00
Nicola Murino
3bb0ca1d2b
config: remove deprecated configuration keys
2021-06-19 09:47:06 +02:00
Nicola Murino
62744e081b
get HTTPD binding from env: respect the documented default
2021-06-17 15:57:41 +02:00
Nicola Murino
4d97ab9eb9
Let's Encrypt tutorial: use sudo where appropriate
2021-06-14 22:35:08 +02:00
Nicola Murino
8ed13dc4a9
docs: document how to use Let's Encrypt Certificates
2021-06-14 22:05:55 +02:00
Nicola Murino
9d3d7db29c
azblob: store SAS URL as kms.Secret
2021-06-11 22:27:36 +02:00
Nicola Murino
4be6307d87
webadmin: add defender page
2021-06-08 13:24:28 +02:00
Nicola Murino
976f588863
improve docs to enable FTP/WebDAV
...
Fixes #447
2021-06-02 09:49:31 +02:00
Nicola Murino
575bcf1f03
add remote address to transfer and commands logs
2021-06-01 22:28:43 +02:00
Nicola Murino
969c992bfd
pre-upload: execute the hook just before opening the target file
2021-05-31 22:40:47 +02:00
Nicola Murino
c1239fbf59
pre-upload action: add file open flags
...
Reading the flags the hook receiver can detect if the client wants to
truncate the target file
2021-05-31 22:33:23 +02:00
Nicola Murino
c63b923ec3
cryptfs: add support for atomic uploads
2021-05-31 21:45:29 +02:00
Nicola Murino
423d8306be
webclient: allow to download multiple files as zip
2021-05-30 23:07:46 +02:00
Nicola Murino
3b46e6a6fb
add support for a global temp path
...
Fixes #436
2021-05-27 15:38:27 +02:00
Nicola Murino
25a44030f9
actions: add pre-download and pre-upload
...
Downloads and uploads can be denied based on hook response
2021-05-26 07:48:37 +02:00
Nicola Murino
600268ebb8
httpclient: allow to set custom headers
2021-05-25 08:36:01 +02:00
Nicola Murino
50e441849a
try to make the web admin more user friendly
...
removed all the textarea with fields separated using "::".
This should, hopefully, improve user experience
2021-05-23 22:02:01 +02:00
Nicola Murino
b9bc8d722d
try to improve web client credentials page
...
I should do the same for the admin page too
2021-05-22 09:54:27 +02:00
Nicola Murino
9fc4be6d40
minor doc fixes
2021-05-20 18:34:38 +02:00
Nicola Murino
ecfed4dc04
Add a Getting Started Guide
2021-05-20 18:16:27 +02:00
Nicola Murino
8ecf64f481
httpclient: accepts timeouts as float
...
Fixes #428
2021-05-16 12:50:06 +02:00
Nicola Murino
f2b93c0402
add a setup screen to create the first admin user
...
If you prefer to auto-create the first admin you can enable the
"create_default_admin" configuration key and SFTPGo will work as before.
You can also create the first admin by loading initial data: now you can
set both username and password, before you could only change the password
2021-05-14 19:21:15 +02:00
Nicola Murino
fa45c9c138
allow to execute actions for file operations and SSH commands synchronously
...
The actions to run synchronously can be configured via the `execute_sync`
configuration key.
Executing an action synchronously means that SFTPGo will not return a result
code to the client until your hook have completed its execution.
Fixes #409
2021-05-11 12:45:14 +02:00
Nicola Murino
c8f7fc9bc9
httpd/webdav: add a list of hosts allowed to send proxy headers
...
X-Forwarded-For, X-Real-IP and X-Forwarded-Proto headers will be ignored
for hosts not included in this list.
This is a backward incompatible change, before the proxy headers were
always used
2021-05-11 06:54:06 +02:00
Nicola Murino
8f6cdacd00
allow to limit the number of per-host connections
2021-05-08 19:45:21 +02:00
Nicola Murino
23d9ebfc91
add a basic front-end web interface for end-users
...
Fixes #339 #321 #398
2021-05-06 21:35:43 +02:00
Nicola Murino
32db0787bb
add an example script for scheduled quota updates
2021-04-26 21:53:09 +02:00
Nicola Murino
3941255733
docs: fix a typo
2021-04-25 09:42:19 +02:00
Nicola Murino
46998252e5
use bcrypt as default password hashing algo
...
argon2id has a high memory cost and, if not properly tuned, it can lead to
resource starvation.
Advanced users can still configure and use argon2id.
Passwords stored as argon2id will continue to work
2021-04-25 09:38:33 +02:00
Nicola Murino
92638ce93d
add support for hashing password using bcrypt
...
argon2id remains the default
2021-04-20 13:55:09 +02:00
Nicola Murino
6ef85d6026
add, optional, in memory password caching
...
Verifying argon2 passwords has a high memory and computational cost,
by enabling, in memory, password caching you reduce this cost
2021-04-20 09:39:36 +02:00
Nicola Murino
f45c89fc46
add rate limiting support for REST API/web admin too
2021-04-19 08:14:04 +02:00
Nicola Murino
112e3b2fc2
add rate limiting support
2021-04-18 12:31:06 +02:00
Nicola Murino
124c471a2b
FTPD: make sure that the passive ip, if provided, is valid
...
The server will refuse to start if the provided passive ip is not a
valid IPv4 address.
Fixes #376
2021-04-16 15:08:10 +02:00
Nicola Murino
c844fc7477
add support for delayed quota update
...
If there are a lot of close uploads, accumulating quota updates can
save you many queries to the data provider
2021-04-11 08:38:43 +02:00
Nicola Murino
0bc4db9950
web admin: make base url configurable
2021-04-09 22:02:48 +02:00
Nicola Murino
ed26d68948
portable mode: add SFTP buffer size
2021-04-07 19:47:39 +02:00
Nicola Murino
b389f93d97
allow to select sha256-simd using an env var
2021-04-07 16:25:58 +02:00
Nicola Murino
acb4310c11
add a startup hook
2021-04-05 10:07:59 +02:00
Nicola Murino
fdf3f23df5
allow to disable some hooks on a per-user basis
...
This way you can, for example, mix external and internal users
2021-04-04 22:32:25 +02:00
Nicola Murino
ea26d7786c
sftpfs: add buffering support
...
this way we improve performance over high latency networks
2021-04-03 16:00:55 +02:00
Nicola Murino
2f56375121
improve SFTP loop detection
2021-04-01 18:53:48 +02:00
Nicola Murino
5cd27ce529
document Cockroach driver name
2021-03-27 19:41:00 +01:00
Nicola Murino
9ad750da54
WebDAV: try to preserve the lock fs as much as possible
2021-03-27 19:10:27 +01:00
Nicola Murino
5f49af1780
external auth: allow to inspect and preserve an existing user
2021-03-26 15:19:01 +01:00
Nicola Murino
6bc5c64a3a
webdav: ignore path, perm and not exist errors in PROPFIND
...
Fixes #340
2021-03-24 13:32:20 +01:00
Nicola Murino
28f1d66ae5
link the Active Directory example in the howto section
2021-03-22 09:52:05 +01:00
Nicola Murino
f249286cb1
docs: add some notes about the new virtual folders support
...
fixe a failing test case for the memory provider
2021-03-21 19:47:11 +01:00
Nicola Murino
d6dc3a507e
extend virtual folders support to all storage backends
...
Fixes #241
2021-03-21 19:15:47 +01:00
Nicola Murino
0286da2356
try to auto create virtual folders if missing
2021-03-10 22:30:56 +01:00
Nicola Murino
4c658bb6f0
webdav: add prefix support
2021-03-07 17:10:45 +01:00
Nicola Murino
055506e518
sftpfs: add an option to disable concurrent reads
2021-03-06 15:41:40 +01:00
Nicola Murino
df41f0c556
add a setting to skip natural keys validation
...
Enabling the "skip_natural_keys_validation" data provider setting,
the natural keys for REST API/Web Admin as usernames, admin names,
folder names are not restricted to unreserved URI chars
Fixes #334 #308
2021-03-04 09:48:53 +01:00
Nicola Murino
3243181c5f
Add a link to the OpenAPI schema where relevant
...
Fixes #329
2021-03-01 22:22:05 +01:00
Nicola Murino
534b253c20
WebDAV: improve TLS certificate authentication
...
For each user you can now configure:
- TLS certificate auth
- TLS certificate auth and password
- Password auth
For TLS certificate auth, the certificate common name is used as
username
2021-03-01 19:28:11 +01:00
Nicola Murino
a6e36e7cad
FTP: improve TLS certificate authentication
...
For each user you can now configure:
- TLS certificate auth
- TLS certificate auth and password
- Password auth
For TLS auth, the certificate common name must match the name provided
using the "USER" FTP command
2021-02-28 12:10:40 +01:00
Nicola Murino
5da4f931c5
TLS: allow to configure cipher suites
...
Fixes #316
2021-02-18 20:17:16 +01:00
Nicola Murino
b1ce6eb85b
web admin: allow to set an empty password for SFTPGo users
2021-02-15 19:38:53 +01:00
Nicola Murino
46176a54b4
minor doc fixes
2021-02-14 22:08:08 +01:00
Nicola Murino
a21ccad174
web hooks: add mutual TLS support
2021-02-13 14:41:37 +01:00
Nicola Murino
6a6e8fffbc
web hooks: improve resilience by adding a configurable retry
...
the retryable http client is used for hooks that notify events
2021-02-12 21:42:49 +01:00
Nicola Murino
1bccb93fcb
rename default branch from master to main
2021-02-09 19:53:03 +01:00
Nicola Murino
a219d25cac
webdav: update the doc
...
the user specific path is now gone
2021-02-04 07:46:40 +01:00
Nicola Murino
78bf808322
virtual folders: change dataprovider structure
...
This way we no longer depend on the local file system path and so we can
add support for cloud backends in future updates
2021-02-01 19:04:15 +01:00
Nicola Murino
46ab8f8d78
post-login hook: add the full user JSON serialized
...
Fixes #284
2021-01-26 18:05:44 +01:00
Nicola Murino
80f5ccd357
web admin: add backup/restore
2021-01-22 19:42:18 +01:00
Nicola Murino
57976b4085
httpd: add mTLS and multiple bindings support
2021-01-19 18:59:41 +01:00
Nicola Murino
41a1af863e
OpenAPI: minor changes
2021-01-18 13:24:38 +01:00
Nicola Murino
778ec9b88f
REST API v2
...
- add JWT authentication
- admins are now stored inside the data provider
- admin access can be restricted based on the source IP: both proxy
header and connection IP are checked
- deprecate REST API CLI: it is not relevant anymore
Some other changes to the REST API can still happen before releasing
SFTPGo 2.0.0
Fixes #197
2021-01-17 22:29:08 +01:00
Nicola Murino
a8a17a223a
scp: minor improvements
...
document that we don't support wildcard expansion.
I should refactor scp code ...
2021-01-05 22:32:30 +01:00
Nicola Murino
72b2c83392
defender: allow hot-reloading for safe and block lists
2021-01-04 17:52:14 +01:00
Nicola Murino
684f4ba1a6
mutal TLS: add support for revocation lists
2021-01-03 17:03:04 +01:00
Nicola Murino
1e1c46ae1b
defender: minor docs improvements
2021-01-02 20:02:05 +01:00
Nicola Murino
d6b3acdb62
add REST API for the defender
2021-01-02 19:33:24 +01:00
Nicola Murino
037d89a320
add support for a basic built-in defender
...
It can help to prevent DoS and brute force password guessing
2021-01-02 14:05:09 +01:00
Nicola Murino
0966d44c0f
httpd: add support for listening over a Unix-domain socket
...
Fixes #266
2020-12-29 19:02:56 +01:00
Nicola Murino
40e759c983
FTP: add support for client certificate authentication
2020-12-29 09:20:09 +01:00
Nicola Murino
141ca6777c
webdav: add support for client certificate authentication
...
Fixes #263
2020-12-28 19:48:23 +01:00
Nicola Murino
1dce1eff48
improve FTP support
...
- allow to disable active mode
- allow to disable SITE commands
- add optional support for calculating hash value of files
- add optional support for the non standard COMB command
2020-12-24 18:48:06 +01:00
Nicola Murino
c69d63c1f8
add support for multiple bindings
...
Fixes #253
2020-12-23 16:12:30 +01:00
Nicola Murino
bcf0fa073e
telemetry server: add optional https and authentication
2020-12-18 16:04:42 +01:00
Nicola Murino
143df87fee
add some docs for telemetry server
...
move pprof to the telemetry server only
2020-12-18 09:47:22 +01:00
Nicola Murino
f34462e3c3
add support for limiting max concurrent client connections
2020-12-15 19:29:30 +01:00
Nicola Murino
ed43ddd79d
enable hash commands for any supported backend
2020-12-13 15:11:55 +01:00
Nicola Murino
a6985075b9
add sftpfs storage backend
...
Fixes #224
2020-12-12 10:31:09 +01:00
dharmendra kariya
6977a4a18b
Update full-configuration.md ( #240 )
...
just deleting redundant line
2020-12-08 09:09:21 +01:00
Nicola Murino
034d89876d
webdav: fix proppatch handling
...
also respect login delay for cached webdav users and check the home dir as
soon as the user authenticates
Fixes #239
2020-12-06 08:19:41 +01:00
Nicola Murino
4a88ea5c03
add Data At Rest Encryption support
2020-12-05 13:48:13 +01:00
Nicola Murino
95c6d41c35
config: make config file relative to the config dir
...
a configuration parsing error is now fatal
2020-12-03 17:16:35 +01:00
Nicola Murino
a67276ccc2
add build tags to disable kms providers
2020-12-02 09:44:18 +01:00
Nicola Murino
940836b25b
add a note about using sqlite provider over cifs shares
...
See #235
2020-11-30 21:59:56 +01:00
Nicola Murino
634b723b5d
add KMS support
...
Fixes #226
2020-11-30 21:46:34 +01:00
Nicola Murino
4bb9d07dde
user: add a free text field
...
Fixes #230
2020-11-25 22:26:34 +01:00
Nicola Murino
0609188d3f
allow to disable SFTP service
...
Fixes #228
2020-11-24 13:44:57 +01:00
Nicola Murino
dccc583b5d
add a dedicated struct to store encrypted credentials
...
also gcs credentials are now encrypted, both on disk and inside the
provider.
Data provider is automatically migrated and load data will accept
old format too but you should upgrade to the new format to avoid future
issues
2020-11-22 21:53:04 +01:00
Nicola Murino
a6355e298e
add support for limit files using shell like patterns
...
Fixes #209
2020-11-15 22:04:48 +01:00
Nicola Murino
5720d40fee
add setstat_mode 2
...
in this mode chmod/chtimes/chown can be silently ignored only for cloud
based file systems
Fixes #223
2020-11-12 10:39:46 +01:00
Nicola Murino
36151d1ba9
subsystem mode: add base-home-dir flag
2020-11-05 12:12:11 +01:00
Nicola Murino
0119fd03a6
webdav: user caching is now mandatory
...
we cache the lock system with the user, without user caching we cannot
support locks for resource
2020-11-04 22:29:25 +01:00
Nicola Murino
0a14297b48
webdav: performance improvements and bug fixes
...
we need my custom golang/x/net/webdav fork for now
https://github.com/drakkan/net/tree/sftpgo
2020-11-04 19:11:40 +01:00
Nicola Murino
ebb18fa57d
config: manually set viper defaults
...
so we can override config via env var even without a configuration file
Fixes #208
2020-10-30 18:58:57 +01:00
Nicola Murino
58b0ca585c
docs: clarify that the config dir is the working dir by default
...
Fixes #211
2020-10-29 21:54:02 +01:00
Nicola Murino
ac3bae00fc
add support for SFTP subsystem mode
...
Fixes #204
2020-10-29 19:23:33 +01:00
Nicola Murino
e54828a7b8
add metrics for Azure Blob storage
2020-10-26 19:01:17 +01:00
Nicola Murino
f2acde789d
portable mode: add Azure Blob support
2020-10-25 21:42:43 +01:00
Nicola Murino
5ff8f75917
add Azure Blob support
2020-10-25 08:18:48 +01:00