add roles
Fixes #837 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
parent
a9207857cf
commit
5a222807b7
83 changed files with 4285 additions and 806 deletions
|
@ -35,10 +35,6 @@ RUN apk add --update --no-cache ca-certificates tzdata mailcap
|
|||
|
||||
RUN if [ "${INSTALL_OPTIONAL_PACKAGES}" = "true" ]; then apk add --update --no-cache jq git rsync; fi
|
||||
|
||||
# set up nsswitch.conf for Go's "netgo" implementation
|
||||
# https://github.com/gliderlabs/docker-alpine/issues/367#issuecomment-424546457
|
||||
RUN test ! -e /etc/nsswitch.conf && echo 'hosts: files dns' > /etc/nsswitch.conf
|
||||
|
||||
RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo /srv/sftpgo/data /srv/sftpgo/backups
|
||||
|
||||
RUN addgroup -g 1000 -S sftpgo && \
|
||||
|
|
|
@ -64,6 +64,7 @@ If you report an invalid issue or ask for step-by-step support, your issue will
|
|||
- Per-user authentication methods.
|
||||
- [Two-factor authentication](./docs/howto/two-factor-authentication.md) based on time-based one time passwords (RFC 6238) which works with Authy, Google Authenticator and other compatible apps.
|
||||
- Simplified user administrations using [groups](./docs/groups.md).
|
||||
- [Roles](./docs/roles.md) allow you to create limited administrators who can only create and manage users with their role.
|
||||
- Custom authentication via [external programs/HTTP API](./docs/external-auth.md).
|
||||
- Web Client and Web Admin user interfaces support [OpenID Connect](https://openid.net/connect/) authentication and so they can be integrated with identity providers such as [Keycloak](https://www.keycloak.org/). You can find more details [here](./docs/oidc.md).
|
||||
- [Data At Rest Encryption](./docs/dare.md).
|
||||
|
@ -134,7 +135,7 @@ APT and YUM repositories are [available](./docs/repo.md).
|
|||
SFTPGo is also available on some marketplaces:
|
||||
|
||||
- [AWS Marketplace](https://aws.amazon.com/marketplace/seller-profile?id=6e849ab8-70a6-47de-9a43-13c3fa849335)
|
||||
- [Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/prasselsrl1645470739547.sftpgo_linux)
|
||||
- [Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/eliamarzia1667381463185.sftpgo_linux)
|
||||
- [Elest.io](https://elest.io/open-source/sftpgo)
|
||||
|
||||
Purchasing from there will help keep SFTPGo a long-term sustainable project.
|
||||
|
|
|
@ -125,7 +125,7 @@ SFTPGo 基于 Linux 开发和创建。在每一次提交之后,代码会自动
|
|||
|
||||
</details>
|
||||
|
||||
SFTPGo 在 [AWS Marketplace](https://aws.amazon.com/marketplace/seller-profile?id=6e849ab8-70a6-47de-9a43-13c3fa849335) 和 [Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/prasselsrl1645470739547.sftpgo_linux) 同样可用,在此付费可以帮助 SFTPGo 成为一个可持续发展的长期项目。
|
||||
SFTPGo 在 [AWS Marketplace](https://aws.amazon.com/marketplace/seller-profile?id=6e849ab8-70a6-47de-9a43-13c3fa849335) 和 [Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/eliamarzia1667381463185.sftpgo_linux) 同样可用,在此付费可以帮助 SFTPGo 成为一个可持续发展的长期项目。
|
||||
|
||||
<details><summary>Windows 包</summary>
|
||||
|
||||
|
|
|
@ -4,12 +4,12 @@ SFTPGo provides an official Docker image, it is available on both [Docker Hub](h
|
|||
|
||||
## Supported tags and respective Dockerfile links
|
||||
|
||||
- [v2.4.0, v2.4, v2, latest](https://github.com/drakkan/sftpgo/blob/v2.4.0/Dockerfile)
|
||||
- [v2.4.0-plugins, v2.4-plugins, v2-plugins, plugins](https://github.com/drakkan/sftpgo/blob/v2.4.0/Dockerfile)
|
||||
- [v2.4.0-alpine, v2.4-alpine, v2-alpine, alpine](https://github.com/drakkan/sftpgo/blob/v2.4.0/Dockerfile.alpine)
|
||||
- [v2.4.0-slim, v2.4-slim, v2-slim, slim](https://github.com/drakkan/sftpgo/blob/v2.4.0/Dockerfile)
|
||||
- [v2.4.0-alpine-slim, v2.4-alpine-slim, v2-alpine-slim, alpine-slim](https://github.com/drakkan/sftpgo/blob/v2.4.0/Dockerfile.alpine)
|
||||
- [v2.4.0-distroless-slim, v2.4-distroless-slim, v2-distroless-slim, distroless-slim](https://github.com/drakkan/sftpgo/blob/v2.4.0/Dockerfile.distroless)
|
||||
- [v2.4.1, v2.4, v2, latest](https://github.com/drakkan/sftpgo/blob/v2.4.1/Dockerfile)
|
||||
- [v2.4.1-plugins, v2.4-plugins, v2-plugins, plugins](https://github.com/drakkan/sftpgo/blob/v2.4.1/Dockerfile)
|
||||
- [v2.4.1-alpine, v2.4-alpine, v2-alpine, alpine](https://github.com/drakkan/sftpgo/blob/v2.4.1/Dockerfile.alpine)
|
||||
- [v2.4.1-slim, v2.4-slim, v2-slim, slim](https://github.com/drakkan/sftpgo/blob/v2.4.1/Dockerfile)
|
||||
- [v2.4.1-alpine-slim, v2.4-alpine-slim, v2-alpine-slim, alpine-slim](https://github.com/drakkan/sftpgo/blob/v2.4.1/Dockerfile.alpine)
|
||||
- [v2.4.1-distroless-slim, v2.4-distroless-slim, v2-distroless-slim, distroless-slim](https://github.com/drakkan/sftpgo/blob/v2.4.1/Dockerfile.distroless)
|
||||
- [edge](../Dockerfile)
|
||||
- [edge-plugins](../Dockerfile)
|
||||
- [edge-alpine](../Dockerfile.alpine)
|
||||
|
|
|
@ -65,7 +65,7 @@ The configuration file contains the following sections:
|
|||
- `hook`, string. Absolute path to the command to execute or HTTP URL to notify.
|
||||
- `setstat_mode`, integer. 0 means "normal mode": requests for changing permissions, owner/group and access/modification times are executed. 1 means "ignore mode": requests for changing permissions, owner/group and access/modification times are silently ignored. 2 means "ignore mode if not supported": requests for changing permissions and owner/group are silently ignored for cloud filesystems and executed for local/SFTP filesystem. Requests for changing modification times are always executed for local/SFTP filesystems and are executed for cloud based filesystems if the target is a file and there is a metadata plugin available. A metadata plugin can be found [here](https://github.com/sftpgo/sftpgo-plugin-metadata).
|
||||
- `temp_path`, string. Defines the path for temporary files such as those used for atomic uploads or file pipes. If you set this option you must make sure that the defined path exists, is accessible for writing by the user running SFTPGo, and is on the same filesystem as the users home directories otherwise the renaming for atomic uploads will become a copy and therefore may take a long time. The temporary files are not namespaced. The default is generally fine. Leave empty for the default.
|
||||
- `proxy_protocol`, integer. Support for [HAProxy PROXY protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt). If you are running SFTPGo behind a proxy server such as HAProxy, AWS ELB or NGINX, you can enable the proxy protocol. It provides a convenient way to safely transport connection information such as a client's address across multiple layers of NAT or TCP proxies to get the real client IP address instead of the proxy IP. Both protocol versions 1 and 2 are supported. If the proxy protocol is enabled in SFTPGo then you have to enable the protocol in your proxy configuration too. For example, for HAProxy, add `send-proxy` or `send-proxy-v2` to each server configuration line. The following modes are supported:
|
||||
- `proxy_protocol`, integer. Support for [HAProxy PROXY protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt). If you are running SFTPGo behind a proxy server such as HAProxy, AWS ELB or NGINX, you can enable the proxy protocol. It provides a convenient way to safely transport connection information such as a client's address across multiple layers of NAT or TCP proxies to get the real client IP address instead of the proxy IP. Both protocol versions 1 and 2 are supported. If the proxy protocol is enabled in SFTPGo then you have to enable the protocol in your proxy configuration too. For example, for HAProxy, add `send-proxy` or `send-proxy-v2` to each server configuration line. The PROXY protocol is supported for SSH/SFTP and FTP/S. The following modes are supported:
|
||||
- 0, disabled
|
||||
- 1, enabled. If the upstream IP is not allowed to send a proxy header the header be ignored. Using this mode does not mean that we can accept connections with and without the proxy header. We always try to read the proxy header and we ignore it if the upstream IP is not allowed to send a proxy header
|
||||
- 2, required. If the upstream IP is not allowed to send a proxy header the connection will be rejected
|
||||
|
|
13
docs/roles.md
Normal file
13
docs/roles.md
Normal file
|
@ -0,0 +1,13 @@
|
|||
# Roles
|
||||
|
||||
Roles can be assigned to users and administrators. Admins with a role are limited administrators, they can only view and manage users with their own role and they cannot have the following permissions:
|
||||
|
||||
- manage_admins
|
||||
- manage_system
|
||||
- manage_event_rules
|
||||
- manage_roles
|
||||
- view_events
|
||||
|
||||
Users created by role administrators automatically inherit their role.
|
||||
|
||||
Admins without a role are global administrators and can manage all users (with and without a role) and assign a specific role to users.
|
|
@ -47,3 +47,5 @@ python convertusers proftpd.passwd proftpd pro_users.json
|
|||
The generated json file can be used as input for the `loaddata` REST API.
|
||||
|
||||
Please note that when importing Linux/Unix users the input file is not required: `/etc/passwd` and `/etc/shadow` are automatically parsed. `/etc/shadow` read permission is typically granted to the `root` user only, so you need to execute `convertusers` as `root`.
|
||||
|
||||
:warning: SFTPGo does not currently support `yescrypt` hashed passwords.
|
||||
|
|
73
go.mod
73
go.mod
|
@ -3,21 +3,21 @@ module github.com/drakkan/sftpgo/v2
|
|||
go 1.19
|
||||
|
||||
require (
|
||||
cloud.google.com/go/storage v1.27.0
|
||||
cloud.google.com/go/storage v1.28.0
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.2.0
|
||||
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.5.1
|
||||
github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962
|
||||
github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387
|
||||
github.com/aws/aws-sdk-go-v2 v1.17.1
|
||||
github.com/aws/aws-sdk-go-v2/config v1.17.10
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.12.23
|
||||
github.com/aws/aws-sdk-go-v2/config v1.18.0
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.13.0
|
||||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.19
|
||||
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.37
|
||||
github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.13.21
|
||||
github.com/aws/aws-sdk-go-v2/service/s3 v1.29.1
|
||||
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.4
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.17.1
|
||||
github.com/cockroachdb/cockroach-go/v2 v2.2.16
|
||||
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.39
|
||||
github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.13.22
|
||||
github.com/aws/aws-sdk-go-v2/service/s3 v1.29.2
|
||||
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.5
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.17.2
|
||||
github.com/cockroachdb/cockroach-go/v2 v2.2.18
|
||||
github.com/coreos/go-oidc/v3 v3.4.0
|
||||
github.com/drakkan/webdav v0.0.0-20221101181759-17ed21f9337b
|
||||
github.com/eikenb/pipeat v0.0.0-20210730190139-06b3e6902001
|
||||
|
@ -25,62 +25,62 @@ require (
|
|||
github.com/fclairamb/go-log v0.4.1
|
||||
github.com/go-acme/lego/v4 v4.9.0
|
||||
github.com/go-chi/chi/v5 v5.0.8-0.20221018120124-e5529d9db4d3
|
||||
github.com/go-chi/jwtauth/v5 v5.0.2
|
||||
github.com/go-chi/jwtauth/v5 v5.1.0
|
||||
github.com/go-chi/render v1.0.2
|
||||
github.com/go-sql-driver/mysql v1.6.0
|
||||
github.com/golang/mock v1.6.0
|
||||
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
|
||||
github.com/google/uuid v1.3.0
|
||||
github.com/hashicorp/go-hclog v1.3.1
|
||||
github.com/hashicorp/go-plugin v1.4.5
|
||||
github.com/hashicorp/go-plugin v1.4.6
|
||||
github.com/hashicorp/go-retryablehttp v0.7.1
|
||||
github.com/jackc/pgx/v5 v5.0.4
|
||||
github.com/jackc/pgx/v5 v5.1.0
|
||||
github.com/jlaffaye/ftp v0.0.0-20201112195030-9aae4d151126
|
||||
github.com/klauspost/compress v1.15.12
|
||||
github.com/lestrrat-go/jwx v1.2.25
|
||||
github.com/lestrrat-go/jwx/v2 v2.0.7
|
||||
github.com/lithammer/shortuuid/v3 v3.0.7
|
||||
github.com/mattn/go-sqlite3 v1.14.16
|
||||
github.com/mhale/smtpd v0.8.0
|
||||
github.com/minio/sio v0.3.0
|
||||
github.com/otiai10/copy v1.7.0
|
||||
github.com/otiai10/copy v1.9.0
|
||||
github.com/pires/go-proxyproto v0.6.2
|
||||
github.com/pkg/sftp v1.13.6-0.20221020054726-e4133ab7e9bd
|
||||
github.com/pquerna/otp v1.3.0
|
||||
github.com/prometheus/client_golang v1.13.1
|
||||
github.com/prometheus/client_golang v1.14.0
|
||||
github.com/robfig/cron/v3 v3.0.1
|
||||
github.com/rs/cors v1.8.3-0.20220619195839-da52b0701de5
|
||||
github.com/rs/xid v1.4.0
|
||||
github.com/rs/zerolog v1.28.0
|
||||
github.com/sftpgo/sdk v0.1.3-0.20221105153737-bae9afc6b356
|
||||
github.com/sftpgo/sdk v0.1.3-0.20221116180328-3fc64e926700
|
||||
github.com/shirou/gopsutil/v3 v3.22.10
|
||||
github.com/spf13/afero v1.9.2
|
||||
github.com/spf13/afero v1.9.3
|
||||
github.com/spf13/cobra v1.6.1
|
||||
github.com/spf13/viper v1.13.0
|
||||
github.com/spf13/viper v1.14.0
|
||||
github.com/stretchr/testify v1.8.1
|
||||
github.com/studio-b12/gowebdav v0.0.0-20221102155456-200a600c0272
|
||||
github.com/studio-b12/gowebdav v0.0.0-20221109171924-60ec5ad56012
|
||||
github.com/subosito/gotenv v1.4.1
|
||||
github.com/unrolled/secure v1.13.0
|
||||
github.com/wagslane/go-password-validator v0.3.0
|
||||
github.com/xhit/go-simple-mail/v2 v2.12.0
|
||||
github.com/xhit/go-simple-mail/v2 v2.13.0
|
||||
github.com/yl2chen/cidranger v1.0.3-0.20210928021809-d1cb2c52f37a
|
||||
go.etcd.io/bbolt v1.3.6
|
||||
go.uber.org/automaxprocs v1.5.1
|
||||
gocloud.dev v0.27.0
|
||||
golang.org/x/crypto v0.1.0
|
||||
golang.org/x/net v0.1.0
|
||||
golang.org/x/oauth2 v0.1.0
|
||||
golang.org/x/sys v0.1.0
|
||||
golang.org/x/time v0.1.0
|
||||
google.golang.org/api v0.102.0
|
||||
golang.org/x/crypto v0.2.0
|
||||
golang.org/x/net v0.2.0
|
||||
golang.org/x/oauth2 v0.2.0
|
||||
golang.org/x/sys v0.2.0
|
||||
golang.org/x/time v0.2.0
|
||||
google.golang.org/api v0.103.0
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.0.0
|
||||
)
|
||||
|
||||
require (
|
||||
cloud.google.com/go v0.105.0 // indirect
|
||||
cloud.google.com/go v0.107.0 // indirect
|
||||
cloud.google.com/go/compute v1.12.1 // indirect
|
||||
cloud.google.com/go/compute/metadata v0.2.1 // indirect
|
||||
cloud.google.com/go/iam v0.7.0 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.1 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.1 // indirect
|
||||
github.com/ajg/form v1.5.1 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.9 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.25 // indirect
|
||||
|
@ -98,7 +98,7 @@ require (
|
|||
github.com/boombuler/barcode v1.0.1 // indirect
|
||||
github.com/cenkalti/backoff/v4 v4.1.3 // indirect
|
||||
github.com/cespare/xxhash/v2 v2.1.2 // indirect
|
||||
github.com/coreos/go-systemd/v22 v22.4.0 // indirect
|
||||
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
|
||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 // indirect
|
||||
|
@ -119,11 +119,11 @@ require (
|
|||
github.com/jackc/pgpassfile v1.0.0 // indirect
|
||||
github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect
|
||||
github.com/jmespath/go-jmespath v0.4.0 // indirect
|
||||
github.com/klauspost/cpuid/v2 v2.1.2 // indirect
|
||||
github.com/klauspost/cpuid/v2 v2.2.1 // indirect
|
||||
github.com/kr/fs v0.1.0 // indirect
|
||||
github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
|
||||
github.com/lestrrat-go/blackmagic v1.0.1 // indirect
|
||||
github.com/lestrrat-go/httpcc v1.0.1 // indirect
|
||||
github.com/lestrrat-go/httprc v1.0.4 // indirect
|
||||
github.com/lestrrat-go/iter v1.0.2 // indirect
|
||||
github.com/lestrrat-go/option v1.0.0 // indirect
|
||||
github.com/lib/pq v1.10.7 // indirect
|
||||
|
@ -139,7 +139,6 @@ require (
|
|||
github.com/oklog/run v1.1.0 // indirect
|
||||
github.com/pelletier/go-toml v1.9.5 // indirect
|
||||
github.com/pelletier/go-toml/v2 v2.0.5 // indirect
|
||||
github.com/pkg/errors v0.9.1 // indirect
|
||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||
github.com/power-devops/perfstat v0.0.0-20220216144756-c35f1ee13d7c // indirect
|
||||
github.com/prometheus/client_model v0.3.0 // indirect
|
||||
|
@ -149,17 +148,17 @@ require (
|
|||
github.com/spf13/cast v1.5.0 // indirect
|
||||
github.com/spf13/jwalterweatherman v1.1.0 // indirect
|
||||
github.com/spf13/pflag v1.0.5 // indirect
|
||||
github.com/tklauser/go-sysconf v0.3.10 // indirect
|
||||
github.com/tklauser/numcpus v0.5.0 // indirect
|
||||
github.com/tklauser/go-sysconf v0.3.11 // indirect
|
||||
github.com/tklauser/numcpus v0.6.0 // indirect
|
||||
github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208 // indirect
|
||||
github.com/yusufpapurcu/wmi v1.2.2 // indirect
|
||||
go.opencensus.io v0.24.0 // indirect
|
||||
golang.org/x/mod v0.6.0 // indirect
|
||||
golang.org/x/mod v0.7.0 // indirect
|
||||
golang.org/x/text v0.4.0 // indirect
|
||||
golang.org/x/tools v0.2.0 // indirect
|
||||
golang.org/x/tools v0.3.0 // indirect
|
||||
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
|
||||
google.golang.org/appengine v1.6.7 // indirect
|
||||
google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c // indirect
|
||||
google.golang.org/genproto v0.0.0-20221114212237-e4508ebdbee1 // indirect
|
||||
google.golang.org/grpc v1.50.1 // indirect
|
||||
google.golang.org/protobuf v1.28.1 // indirect
|
||||
gopkg.in/ini.v1 v1.67.0 // indirect
|
||||
|
|
158
go.sum
158
go.sum
|
@ -36,8 +36,8 @@ cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w9
|
|||
cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc=
|
||||
cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34hIU=
|
||||
cloud.google.com/go v0.103.0/go.mod h1:vwLx1nqLrzLX/fpwSMOXmFIqBOyHsvHbnAdbGSJ+mKk=
|
||||
cloud.google.com/go v0.105.0 h1:DNtEKRBAAzeS4KyIory52wWHuClNaXJ5x1F7xa4q+5Y=
|
||||
cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM=
|
||||
cloud.google.com/go v0.107.0 h1:qkj22L7bgkl6vIeZDlOY2po43Mx/TIa2Wsa7VR+PEww=
|
||||
cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I=
|
||||
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
|
||||
cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
|
||||
cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
|
||||
|
@ -63,8 +63,8 @@ cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp
|
|||
cloud.google.com/go/iam v0.7.0 h1:k4MuwOsS7zGJJ+QfZ5vBK8SgHBAvYN/23BWsiihJ1vs=
|
||||
cloud.google.com/go/iam v0.7.0/go.mod h1:H5Br8wRaDGNc8XP3keLc4unfUUZeyH3Sfl9XpQEYOeg=
|
||||
cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA=
|
||||
cloud.google.com/go/kms v1.5.0 h1:uc58n3b/n/F2yDMJzHMbXORkJSh3fzO4/+jju6eR7Zg=
|
||||
cloud.google.com/go/longrunning v0.1.1 h1:y50CXG4j0+qvEukslYFBCrzaXX0qpFbBzc3PchSu/LE=
|
||||
cloud.google.com/go/kms v1.6.0 h1:OWRZzrPmOZUzurjI2FBGtgY2mB1WaJkqhw6oIwSj0Yg=
|
||||
cloud.google.com/go/longrunning v0.3.0 h1:NjljC+FYPV3uh5/OwWT6pVU+doBqMg2x/rZlE+CamDs=
|
||||
cloud.google.com/go/monitoring v1.1.0/go.mod h1:L81pzz7HKn14QCMaCs6NTQkdBnE87TElyanS95vIcl4=
|
||||
cloud.google.com/go/monitoring v1.5.0/go.mod h1:/o9y8NYX5j91JjD/JvGLYbi86kL11OjyJXq2XziLJu4=
|
||||
cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
|
||||
|
@ -82,8 +82,8 @@ cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3f
|
|||
cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y=
|
||||
cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc=
|
||||
cloud.google.com/go/storage v1.24.0/go.mod h1:3xrJEFMXBsQLgxwThyjuD3aYlroL0TMRec1ypGUQ0KE=
|
||||
cloud.google.com/go/storage v1.27.0 h1:YOO045NZI9RKfCj1c5A/ZtuuENUc8OAW+gHdGnDgyMQ=
|
||||
cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s=
|
||||
cloud.google.com/go/storage v1.28.0 h1:DLrIZ6xkeZX6K70fU/boWx5INJumt6f+nwwWSHXzzGY=
|
||||
cloud.google.com/go/storage v1.28.0/go.mod h1:qlgZML35PXA3zoEnIkiPLY4/TOkUleufRlu6qmcf7sI=
|
||||
cloud.google.com/go/trace v1.0.0/go.mod h1:4iErSByzxkyHWzzlAj63/Gmjz0NH1ASqhJguHpGcr6A=
|
||||
cloud.google.com/go/trace v1.2.0/go.mod h1:Wc8y/uYyOhPy12KEnXG9XGrvfMz5F5SrYecQlbW1rwM=
|
||||
code.cloudfoundry.org/clock v0.0.0-20180518195852-02e53af36e6c/go.mod h1:QD9Lzhd/ux6eNQVUDVRJX/RKTigpewimNYBi7ivZKY8=
|
||||
|
@ -108,8 +108,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0/go.mod h1:+6sju8gk8FRmSa
|
|||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4SathZPhDhF4mVwpBMFlYjyAqy8=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v0.7.0/go.mod h1:yqy467j36fJxcRV2TzfVZ1pCb5vxm4BtZPUdYWe/Xo8=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.1 h1:XUNQ4mw+zJmaA2KXzP9JlQiecy1SI+Eog7xVkPiqIbg=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.1/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.1 h1:Oj853U9kG+RLTCQXpjvOnrv0WaZHxgmZz1TlLywgOPY=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.1/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.0.2/go.mod h1:LH9XQnMr2ZYxQdVdCrzLO9mxeDyrDFa6wbSI3x5zCZk=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1/go.mod h1:eZ4g6GUvXiGulfIbbhh1Xr4XwUYaYaWMqzGD/284wCA=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.5.1 h1:BMTdr+ib5ljLa9MxTJK8x/Ds0MbBb4MfuW5BL0zMJnI=
|
||||
|
@ -233,17 +233,17 @@ github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.3/go.mod h1:gNsR5CaXK
|
|||
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.9 h1:RKci2D7tMwpvGpDNZnGQw9wk6v7o/xSwFcUAuNPoB8k=
|
||||
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.9/go.mod h1:vCmV1q1VK8eoQJ5+aYE7PkK1K6v41qJ5pJdK3ggCDvg=
|
||||
github.com/aws/aws-sdk-go-v2/config v1.15.15/go.mod h1:A1Lzyy/o21I5/s2FbyX5AevQfSVXpvvIDCoVFD0BC4E=
|
||||
github.com/aws/aws-sdk-go-v2/config v1.17.10 h1:zBy5QQ/mkvHElM1rygHPAzuH+sl8nsdSaxSWj0+rpdE=
|
||||
github.com/aws/aws-sdk-go-v2/config v1.17.10/go.mod h1:/4np+UiJJKpWHN7Q+LZvqXYgyjgeXm5+lLfDI6TPZao=
|
||||
github.com/aws/aws-sdk-go-v2/config v1.18.0 h1:ULASZmfhKR/QE9UeZ7mzYjUzsnIydy/K1YMT6uH1KC0=
|
||||
github.com/aws/aws-sdk-go-v2/config v1.18.0/go.mod h1:H13DRX9Nv5tAcQvPABrE3dm5XnLp1RC7fVSM3OWiLvA=
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.12.10/go.mod h1:g5eIM5XRs/OzIIK81QMBl+dAuDyoLN0VYaLP+tBqEOk=
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.12.23 h1:LctvcJMIb8pxvk5hQhChpCu0WlU6oKQmcYb1HA4IZSA=
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.12.23/go.mod h1:0awX9iRr/+UO7OwRQFpV1hNtXxOVuehpjVEzrIAYNcA=
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.13.0 h1:W5f73j1qurASap+jdScUo4aGzSXxaC7wq1i7CiwhvU8=
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.13.0/go.mod h1:prZpUfBu1KZLBLVX482Sq4DpDXGugAre08TPEc21GUg=
|
||||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.9/go.mod h1:KDCCm4ONIdHtUloDcFvK2+vshZvx4Zmj7UMDfusuz5s=
|
||||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.19 h1:E3PXZSI3F2bzyj6XxUXdTIfvp425HHhwKsFvmzBwHgs=
|
||||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.19/go.mod h1:VihW95zQpeKQWVPGkwT+2+WJNQV8UXFfMTWdU6VErL8=
|
||||
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.21/go.mod h1:iIYPrQ2rYfZiB/iADYlhj9HHZ9TTi6PqKQPAqygohbE=
|
||||
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.37 h1:e1VtTBo+cLNjres0wTlMkmwCGGRjDEkkrz3frxxcaCs=
|
||||
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.37/go.mod h1:kdAV1UMnCkyG6tZJUC4mHbPoRjPA3dIK0L8mnsHERiM=
|
||||
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.39 h1:Fz/t08vTFdz63ZnlrQBLOMgBCNqdKmMQWE/XjKm1jt4=
|
||||
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.39/go.mod h1:763L1Xloj/mjT0do5k9d0qh0vEAVuomDPn1iOG2AdB4=
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.15/go.mod h1:pWrr2OoHlT7M/Pd2y4HV3gJyPb3qj5qMmnPkKSNPYK4=
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.25 h1:nBO/RFxeq/IS5G9Of+ZrgucRciie2qpLy++3UGZ+q2E=
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.25/go.mod h1:Zb29PYkf42vVYQY6pvSyJCJcFHlPIiY+YKdPtwnvMkY=
|
||||
|
@ -269,14 +269,14 @@ github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.9/go.mod h1:Rc5+wn2
|
|||
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.19 h1:piDBAaWkaxkkVV3xJJbTehXCZRXYs49kvpi/LG6LR2o=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.19/go.mod h1:BmQWRVkLTmyNzYPFAZgon53qKLWBNSvonugD1MrSWUs=
|
||||
github.com/aws/aws-sdk-go-v2/service/kms v1.18.1/go.mod h1:4PZMUkc9rXHWGVB5J9vKaZy3D7Nai79ORworQ3ASMiM=
|
||||
github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.13.21 h1:LpIut7TpOhp8RuTD72PBj8ksPy3+RelT3LPwGgQ8+Hg=
|
||||
github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.13.21/go.mod h1:mRGY+k3s1yt7yQA3AfzJhnr68OCs1xDfQfIABFUk+ek=
|
||||
github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.13.22 h1:abXVcIh8pjiuWdPBk8vZYwxO5yZCmRHR8grHf6ZqCdY=
|
||||
github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.13.22/go.mod h1:mRGY+k3s1yt7yQA3AfzJhnr68OCs1xDfQfIABFUk+ek=
|
||||
github.com/aws/aws-sdk-go-v2/service/s3 v1.27.2/go.mod h1:u+566cosFI+d+motIz3USXEh6sN8Nq4GrNXSg2RXVMo=
|
||||
github.com/aws/aws-sdk-go-v2/service/s3 v1.29.1 h1:/EMdFPW/Ppieh0WUtQf1+qCGNLdsq5UWUyevBQ6vMVc=
|
||||
github.com/aws/aws-sdk-go-v2/service/s3 v1.29.1/go.mod h1:/NHbqPRiwxSPVOB2Xr+StDEH+GWV/64WwnUjv4KYzV0=
|
||||
github.com/aws/aws-sdk-go-v2/service/s3 v1.29.2 h1:l29X5biLks99HzZzQgC78plJpwiMv/pGNhmaTM2z62A=
|
||||
github.com/aws/aws-sdk-go-v2/service/s3 v1.29.2/go.mod h1:/NHbqPRiwxSPVOB2Xr+StDEH+GWV/64WwnUjv4KYzV0=
|
||||
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.15.14/go.mod h1:xakbH8KMsQQKqzX87uyyzTHshc/0/Df8bsTneTS5pFU=
|
||||
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.4 h1:Hx79EGrkKNJya2iz2U5A7nyr7DjOu/TGTRefThfBZ1w=
|
||||
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.4/go.mod h1:k6CPuxyzO247nYEM1baEwHH1kRtosRCvgahAepaaShw=
|
||||
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.5 h1:De+sGzRmk6+/lzKqZXa6RdC1ZVGLPHI1nvjOxw4ooj0=
|
||||
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.5/go.mod h1:k6CPuxyzO247nYEM1baEwHH1kRtosRCvgahAepaaShw=
|
||||
github.com/aws/aws-sdk-go-v2/service/sns v1.17.10/go.mod h1:uITsRNVMeCB3MkWpXxXw0eDz8pW4TYLzj+eyQtbhSxM=
|
||||
github.com/aws/aws-sdk-go-v2/service/sqs v1.19.1/go.mod h1:A94o564Gj+Yn+7QO1eLFeI7UVv3riy/YBFOfICVqFvU=
|
||||
github.com/aws/aws-sdk-go-v2/service/ssm v1.27.6/go.mod h1:fiFzQgj4xNOg4/wqmAiPvzgDMXPD+cUEplX/CYn+0j0=
|
||||
|
@ -286,8 +286,8 @@ github.com/aws/aws-sdk-go-v2/service/sso v1.11.25/go.mod h1:IARHuzTXmj1C0KS35vbo
|
|||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.8 h1:jcw6kKZrtNfBPJkaHrscDOZoe5gvi9wjudnxvozYFJo=
|
||||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.8/go.mod h1:er2JHN+kBY6FcMfcBBKNGCT3CarImmdFzishsqBmSRI=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.16.10/go.mod h1:cftkHYN6tCDNfkSasAmclSfl4l7cySoay8vz7p/ce0E=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.17.1 h1:KRAix/KHvjGODaHAMXnxRk9t0D+4IJVUuS/uwXxngXk=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.17.1/go.mod h1:bXcN3koeVYiJcdDU89n3kCYILob7Y34AeLopUbZgLT4=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.17.2 h1:tpwEMRdMf2UsplengAOnmSIRdvAxf75oUFR+blBr92I=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.17.2/go.mod h1:bXcN3koeVYiJcdDU89n3kCYILob7Y34AeLopUbZgLT4=
|
||||
github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
|
||||
github.com/aws/smithy-go v1.13.4 h1:/RN2z1txIJWeXeOkzX+Hk/4Uuvv7dWtCjbmVJcrskyk=
|
||||
github.com/aws/smithy-go v1.13.4/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
|
||||
|
@ -358,8 +358,8 @@ github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWH
|
|||
github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
|
||||
github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
|
||||
github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
|
||||
github.com/cockroachdb/cockroach-go/v2 v2.2.16 h1:t9dmZuC9J2W8IDQDSIGXmP+fBuEJSsrGXxWQz4cYqBY=
|
||||
github.com/cockroachdb/cockroach-go/v2 v2.2.16/go.mod h1:xZ2VHjUEb/cySv0scXBx7YsBnHtLHkR1+w/w73b5i3M=
|
||||
github.com/cockroachdb/cockroach-go/v2 v2.2.18 h1:bRNZWqzRSZesVYFjDAl1jgFb1jhIFIEreWIC2kPbcdY=
|
||||
github.com/cockroachdb/cockroach-go/v2 v2.2.18/go.mod h1:mzlIDDBALQfEjv/7DU12fb2AfQ/MUYTlychcMpWp9QI=
|
||||
github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
|
||||
github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo=
|
||||
github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA=
|
||||
|
@ -480,8 +480,8 @@ github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+
|
|||
github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
|
||||
github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
|
||||
github.com/coreos/go-systemd/v22 v22.3.3-0.20220203105225-a9a7ef127534/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
|
||||
github.com/coreos/go-systemd/v22 v22.4.0 h1:y9YHcjnjynCd/DVbg5j9L/33jQM3MxJlbj/zWskzfGU=
|
||||
github.com/coreos/go-systemd/v22 v22.4.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
|
||||
github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
|
||||
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
|
||||
github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
|
||||
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
||||
|
@ -501,7 +501,6 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
|
|||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
|
||||
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
|
||||
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 h1:HbphB4TFFXpv7MNrT52FGrrgVXF1owhMVTHFZIlnvd4=
|
||||
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0/go.mod h1:DZGJHZMqrU4JJqFAWUS2UO1+lbSKsdiOoYi9Zzey7Fc=
|
||||
github.com/denisenkom/go-mssqldb v0.12.2/go.mod h1:lnIw1mZukFRZDJYQ0Pb833QS2IaC3l5HkEfra2LJ+sk=
|
||||
|
@ -608,11 +607,10 @@ github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwv
|
|||
github.com/gin-gonic/gin v1.7.7/go.mod h1:axIBovoeJpVj8S3BwE0uPMTeReE4+AfFtqpqaZ1qq1U=
|
||||
github.com/go-acme/lego/v4 v4.9.0 h1:8Hjj44IqRS7cigshMyFQ+0pIZvwgkG/+9A0UnNh7G8A=
|
||||
github.com/go-acme/lego/v4 v4.9.0/go.mod h1:g3JRUyWS3L/VObpp4bCxzJftKyf/Wba8QrSSnoiqjg4=
|
||||
github.com/go-chi/chi/v5 v5.0.4/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
|
||||
github.com/go-chi/chi/v5 v5.0.8-0.20221018120124-e5529d9db4d3 h1:qzwVVqrbdP93ZaSHy0yWQRYnig+t+j1OxnVtEs8SFuQ=
|
||||
github.com/go-chi/chi/v5 v5.0.8-0.20221018120124-e5529d9db4d3/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
|
||||
github.com/go-chi/jwtauth/v5 v5.0.2 h1:CSKtr+b6Jnfy5T27sMaiBPxaVE/bjnjS3ramFQ0526w=
|
||||
github.com/go-chi/jwtauth/v5 v5.0.2/go.mod h1:TeA7vmPe3uYThvHw8O8W13HOOpOd4MTgToxL41gZyjs=
|
||||
github.com/go-chi/jwtauth/v5 v5.1.0 h1:wJyf2YZ/ohPvNJBwPOzZaQbyzwgMZZceE1m8FOzXLeA=
|
||||
github.com/go-chi/jwtauth/v5 v5.1.0/go.mod h1:MA93hc1au3tAQwCKry+fI4LqJ5MIVN4XSsglOo+lSc8=
|
||||
github.com/go-chi/render v1.0.2 h1:4ER/udB0+fMWB2Jlf15RV3F4A2FDuYi/9f+lFttR/Lg=
|
||||
github.com/go-chi/render v1.0.2/go.mod h1:/gr3hVkmYR0YlEy3LxCuVRFzEu9Ruok+gFqbIofjao0=
|
||||
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
|
||||
|
@ -712,8 +710,6 @@ github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY9
|
|||
github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
|
||||
github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
|
||||
github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
|
||||
github.com/goccy/go-json v0.7.6/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
|
||||
github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
|
||||
github.com/goccy/go-json v0.9.11 h1:/pAaQDLHEoCq/5FFmSKBswWmK6H0e8g4159Kc/X/nqk=
|
||||
github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
|
||||
github.com/goccy/go-yaml v1.9.5/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA=
|
||||
|
@ -923,8 +919,8 @@ github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:
|
|||
github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
|
||||
github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
|
||||
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
|
||||
github.com/hashicorp/go-plugin v1.4.5 h1:oTE/oQR4eghggRg8VY7PAz3dr++VwDNBGCcOfIvHpBo=
|
||||
github.com/hashicorp/go-plugin v1.4.5/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
|
||||
github.com/hashicorp/go-plugin v1.4.6 h1:MDV3UrKQBM3du3G7MApDGvOsMYy3JQJ4exhSoKBAeVA=
|
||||
github.com/hashicorp/go-plugin v1.4.6/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
|
||||
github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
|
||||
github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
|
||||
github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
|
||||
|
@ -1013,8 +1009,8 @@ github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQ
|
|||
github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs=
|
||||
github.com/jackc/pgx/v4 v4.16.0/go.mod h1:N0A9sFdWzkw/Jy1lwoiB64F2+ugFZi987zRxcPez/wI=
|
||||
github.com/jackc/pgx/v4 v4.16.1/go.mod h1:SIhx0D5hoADaiXZVyv+3gSm3LCIIINTVO0PficsvWGQ=
|
||||
github.com/jackc/pgx/v5 v5.0.4 h1:r5O6y84qHX/z/HZV40JBdx2obsHz7/uRj5b+CcYEdeY=
|
||||
github.com/jackc/pgx/v5 v5.0.4/go.mod h1:U0ynklHtgg43fue9Ly30w3OCSTDPlXjig9ghrNGaguQ=
|
||||
github.com/jackc/pgx/v5 v5.1.0 h1:Z7pLKUb65HK6m18No8GGKT87K34NhIIEHa86rRdjxbU=
|
||||
github.com/jackc/pgx/v5 v5.1.0/go.mod h1:Ptn7zmohNsWEsdxRawMzk3gaKma2obW+NWTnKa0S4nk=
|
||||
github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
|
||||
github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
|
||||
github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
|
||||
|
@ -1063,8 +1059,9 @@ github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47e
|
|||
github.com/klauspost/compress v1.15.12 h1:YClS/PImqYbn+UILDnqxQCZ3RehC9N318SU3kElDUEM=
|
||||
github.com/klauspost/compress v1.15.12/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
|
||||
github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
|
||||
github.com/klauspost/cpuid/v2 v2.1.2 h1:XhdX4fqAJUA0yj+kUwMavO0hHrSPAecYdYf1ZmxHvak=
|
||||
github.com/klauspost/cpuid/v2 v2.1.2/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
|
||||
github.com/klauspost/cpuid/v2 v2.2.1 h1:U33DW0aiEj633gHYw3LoDNfkDiYnE5Q8M/TKJn2f2jI=
|
||||
github.com/klauspost/cpuid/v2 v2.2.1/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
|
||||
github.com/kolo/xmlrpc v0.0.0-20201022064351-38db28db192b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM=
|
||||
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
|
||||
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
|
||||
|
@ -1087,21 +1084,16 @@ github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LE
|
|||
github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
|
||||
github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
|
||||
github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
|
||||
github.com/lestrrat-go/backoff/v2 v2.0.8 h1:oNb5E5isby2kiro9AgdHLv5N5tint1AnDVVf2E2un5A=
|
||||
github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y=
|
||||
github.com/lestrrat-go/blackmagic v1.0.0/go.mod h1:TNgH//0vYSs8VXDCfkZLgIrVTTXQELZffUV0tz3MtdQ=
|
||||
github.com/lestrrat-go/blackmagic v1.0.1 h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80=
|
||||
github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
|
||||
github.com/lestrrat-go/codegen v1.0.1/go.mod h1:JhJw6OQAuPEfVKUCLItpaVLumDGWQznd1VaXrBk9TdM=
|
||||
github.com/lestrrat-go/httpcc v1.0.0/go.mod h1:tGS/u00Vh5N6FHNkExqGGNId8e0Big+++0Gf8MBnAvE=
|
||||
github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
|
||||
github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
|
||||
github.com/lestrrat-go/iter v1.0.1/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc=
|
||||
github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJGdI8=
|
||||
github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
|
||||
github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
|
||||
github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
|
||||
github.com/lestrrat-go/jwx v1.2.6/go.mod h1:tJuGuAI3LC71IicTx82Mz1n3w9woAs2bYJZpkjJQ5aU=
|
||||
github.com/lestrrat-go/jwx v1.2.25 h1:tAx93jN2SdPvFn08fHNAhqFJazn5mBBOB8Zli0g0otA=
|
||||
github.com/lestrrat-go/jwx v1.2.25/go.mod h1:zoNuZymNl5lgdcu6P7K6ie2QRll5HVfF4xwxBBK1NxY=
|
||||
github.com/lestrrat-go/jwx/v2 v2.0.7 h1:vNh7cA5pKS/1muWYpM1GeUHBCf/r1UFxYN60iv7LFRA=
|
||||
github.com/lestrrat-go/jwx/v2 v2.0.7/go.mod h1:zLxnyv9rTlEvOUHbc48FAfIL8iYu2hHvIRaTFGc8mT0=
|
||||
github.com/lestrrat-go/option v1.0.0 h1:WqAWL8kh8VcSoD6xjSH34/1m8yxluXQbDeKNfvFeEO4=
|
||||
github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
|
||||
github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
|
||||
|
@ -1304,13 +1296,13 @@ github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxS
|
|||
github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
|
||||
github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
|
||||
github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
|
||||
github.com/otiai10/copy v1.7.0 h1:hVoPiN+t+7d2nzzwMiDHPSOogsWAStewq3TwU05+clE=
|
||||
github.com/otiai10/copy v1.7.0/go.mod h1:rmRl6QPdJj6EiUqXQ/4Nn2lLXoNQjFCQbbNrxgc/t3U=
|
||||
github.com/otiai10/copy v1.9.0 h1:7KFNiCgZ91Ru4qW4CWPf/7jqtxLagGRmIxWldPP9VY4=
|
||||
github.com/otiai10/copy v1.9.0/go.mod h1:hsfX19wcn0UWIHUQ3/4fHuehhk2UyArQ9dVFAn3FczI=
|
||||
github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
|
||||
github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
|
||||
github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
|
||||
github.com/otiai10/mint v1.3.3 h1:7JgpsBaN0uMkyju4tbYHu0mnM55hNKVYLsXmwr15NQI=
|
||||
github.com/otiai10/mint v1.3.3/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
|
||||
github.com/otiai10/mint v1.4.0 h1:umwcf7gbpEwf7WFzqmWwSv0CzbeMsae2u9ZvpP8j2q4=
|
||||
github.com/otiai10/mint v1.4.0/go.mod h1:gifjb2MYOoULtKLqUAEILUG/9KONW6f7YsJ6vQLTlFI=
|
||||
github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
|
||||
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
|
||||
github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
|
||||
|
@ -1367,8 +1359,8 @@ github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP
|
|||
github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
|
||||
github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
|
||||
github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
|
||||
github.com/prometheus/client_golang v1.13.1 h1:3gMjIY2+/hzmqhtUC/aQNYldJA6DtH3CgQvwS+02K1c=
|
||||
github.com/prometheus/client_golang v1.13.1/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
|
||||
github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
|
||||
github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
|
||||
github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
|
||||
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
|
||||
github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
|
||||
|
@ -1453,8 +1445,8 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg
|
|||
github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
|
||||
github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
|
||||
github.com/secsy/goftp v0.0.0-20200609142545-aa2de14babf4 h1:PT+ElG/UUFMfqy5HrxJxNzj3QBOf7dZwupeVC+mG1Lo=
|
||||
github.com/sftpgo/sdk v0.1.3-0.20221105153737-bae9afc6b356 h1:VwFpy5W/pP0X+082xKU2yu4OAwuk8Qqa8j2ofImJ1bM=
|
||||
github.com/sftpgo/sdk v0.1.3-0.20221105153737-bae9afc6b356/go.mod h1:Giy5vj7Gmju0nGlmBNd28DwPo0G0o1nr9XkE+vu3i+o=
|
||||
github.com/sftpgo/sdk v0.1.3-0.20221116180328-3fc64e926700 h1:hfUjwmNPMqE9o5oIBxDQZE0FJ8IqlJwVVhATQYwe2Ao=
|
||||
github.com/sftpgo/sdk v0.1.3-0.20221116180328-3fc64e926700/go.mod h1:Giy5vj7Gmju0nGlmBNd28DwPo0G0o1nr9XkE+vu3i+o=
|
||||
github.com/shirou/gopsutil/v3 v3.22.10 h1:4KMHdfBRYXGF9skjDWiL4RA2N+E8dRdodU/bOZpPoVg=
|
||||
github.com/shirou/gopsutil/v3 v3.22.10/go.mod h1:QNza6r4YQoydyCfo6rH0blGfKahgibh4dQmV5xdFkQk=
|
||||
github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
|
||||
|
@ -1483,8 +1475,8 @@ github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B
|
|||
github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
|
||||
github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
|
||||
github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
|
||||
github.com/spf13/afero v1.9.2 h1:j49Hj62F0n+DaZ1dDCvhABaPNSGNkt32oRFxI33IEMw=
|
||||
github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
|
||||
github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk=
|
||||
github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
|
||||
github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
|
||||
github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
|
||||
github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
|
||||
|
@ -1506,8 +1498,8 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
|
|||
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
|
||||
github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
|
||||
github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
|
||||
github.com/spf13/viper v1.13.0 h1:BWSJ/M+f+3nmdz9bxB+bWX28kkALN2ok11D0rSo8EJU=
|
||||
github.com/spf13/viper v1.13.0/go.mod h1:Icm2xNL3/8uyh/wFuB1jI7TiTNKp8632Nwegu+zgdYw=
|
||||
github.com/spf13/viper v1.14.0 h1:Rg7d3Lo706X9tHsJMUjdiwMpHB7W8WnSVOssIY+JElU=
|
||||
github.com/spf13/viper v1.14.0/go.mod h1:WT//axPky3FdvXHzGw33dNdXXXfFQqmEalje+egj8As=
|
||||
github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
|
||||
github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
|
||||
github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
|
||||
|
@ -1532,8 +1524,8 @@ github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
|
|||
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
|
||||
github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
|
||||
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
|
||||
github.com/studio-b12/gowebdav v0.0.0-20221102155456-200a600c0272 h1:dXbdJSdxf0EnR4SkcsfRNuGCvoEk9lavXbSCFXN2gJc=
|
||||
github.com/studio-b12/gowebdav v0.0.0-20221102155456-200a600c0272/go.mod h1:bHA7t77X/QFExdeAnDzK6vKM34kEZAcE1OX4MfiwjkE=
|
||||
github.com/studio-b12/gowebdav v0.0.0-20221109171924-60ec5ad56012 h1:ZC+dlnsjxqrcB68nEFbIEfo4iXsog3Sg8FlXKytAjhY=
|
||||
github.com/studio-b12/gowebdav v0.0.0-20221109171924-60ec5ad56012/go.mod h1:bHA7t77X/QFExdeAnDzK6vKM34kEZAcE1OX4MfiwjkE=
|
||||
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
|
||||
github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs=
|
||||
github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
|
||||
|
@ -1543,11 +1535,12 @@ github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG
|
|||
github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
|
||||
github.com/tedsuo/ifrit v0.0.0-20180802180643-bea94bb476cc/go.mod h1:eyZnKCc955uh98WQvzOm0dgAeLnf2O0Rz0LPoC5ze+0=
|
||||
github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
|
||||
github.com/tklauser/go-sysconf v0.3.10 h1:IJ1AZGZRWbY8T5Vfk04D9WOA5WSejdflXxP03OUqALw=
|
||||
github.com/tklauser/go-sysconf v0.3.10/go.mod h1:C8XykCvCb+Gn0oNCWPIlcb0RuglQTYaQ2hGm7jmxEFk=
|
||||
github.com/tklauser/go-sysconf v0.3.11 h1:89WgdJhk5SNwJfu+GKyYveZ4IaJ7xAkecBo+KdJV0CM=
|
||||
github.com/tklauser/go-sysconf v0.3.11/go.mod h1:GqXfhXY3kiPa0nAXPDIQIWzJbMCB7AmcWpGR8lSZfqI=
|
||||
github.com/tklauser/numcpus v0.4.0/go.mod h1:1+UI3pD8NW14VMwdgJNJ1ESk2UnwhAnz5hMwiKKqXCQ=
|
||||
github.com/tklauser/numcpus v0.5.0 h1:ooe7gN0fg6myJ0EKoTAf5hebTZrH52px3New/D9iJ+A=
|
||||
github.com/tklauser/numcpus v0.5.0/go.mod h1:OGzpTxpcIMNGYQdit2BYL1pvk/dSOaJWjKoflh+RQjo=
|
||||
github.com/tklauser/numcpus v0.6.0 h1:kebhY2Qt+3U6RNK7UqpYNA+tJ23IBEGKkB7JQBfDYms=
|
||||
github.com/tklauser/numcpus v0.6.0/go.mod h1:FEZLMke0lhOUG6w2JadTzp0a+Nl8PF/GFkQ5UVIcaL4=
|
||||
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
|
||||
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
|
||||
github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
|
||||
|
@ -1583,8 +1576,8 @@ github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6
|
|||
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
|
||||
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
|
||||
github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
|
||||
github.com/xhit/go-simple-mail/v2 v2.12.0 h1:KweA6NO8Z6fZyeckMPNpvElU6QDIyBShlpce1sYUZgg=
|
||||
github.com/xhit/go-simple-mail/v2 v2.12.0/go.mod h1:b7P5ygho6SYE+VIqpxA6QkYfv4teeyG4MKqB3utRu98=
|
||||
github.com/xhit/go-simple-mail/v2 v2.13.0 h1:OANWU9jHZrVfBkNkvLf8Ww0fexwpQVF/v/5f96fFTLI=
|
||||
github.com/xhit/go-simple-mail/v2 v2.13.0/go.mod h1:b7P5ygho6SYE+VIqpxA6QkYfv4teeyG4MKqB3utRu98=
|
||||
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
|
||||
github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
|
||||
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
|
||||
|
@ -1741,8 +1734,8 @@ golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
|
|||
golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
|
||||
golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
|
||||
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
|
||||
golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I=
|
||||
golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
|
||||
golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA=
|
||||
golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
|
||||
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
|
@ -1819,8 +1812,9 @@ golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug
|
|||
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
|
||||
golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
|
||||
golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
|
||||
golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
|
||||
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
|
||||
golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU=
|
||||
golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
|
@ -1847,8 +1841,8 @@ golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7Lm
|
|||
golang.org/x/oauth2 v0.0.0-20220628200809-02e64fa58f26/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
|
||||
golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
|
||||
golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
|
||||
golang.org/x/oauth2 v0.1.0 h1:isLCZuhj4v+tYv7eskaN4v/TM+A1begWWgyVJDdl1+Y=
|
||||
golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A=
|
||||
golang.org/x/oauth2 v0.2.0 h1:GtQkldQ9m7yvzCL1V+LrYow3Khe0eJH0w7RbX/VbaIU=
|
||||
golang.org/x/oauth2 v0.2.0/go.mod h1:Cwn6afJ8jrQwYMxQDTpISoXmXW9I6qF6vDeuuoX3Ibs=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
|
@ -2004,19 +1998,21 @@ golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBc
|
|||
golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
|
||||
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
|
||||
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw=
|
||||
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/term v0.2.0 h1:z85xZCsEl7bi/KwbNADeBYoOP0++7W1ipu+aGnpwzRM=
|
||||
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
|
@ -2040,8 +2036,8 @@ golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxb
|
|||
golang.org/x/time v0.0.0-20220224211638-0e9765cccd65/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20220609170525-579cf78fd858/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.1.0 h1:xYY+Bajn2a7VBmTM5GikTmnK8ZuX8YgnQCqZpbBNtmA=
|
||||
golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.2.0 h1:52I/1L54xyEQAYdtcSuxtiT84KGYTBGXwayxmIpNJhE=
|
||||
golang.org/x/time v0.2.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
|
@ -2108,7 +2104,6 @@ golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc
|
|||
golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
|
||||
golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
|
||||
golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
|
||||
golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
|
||||
golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
|
@ -2116,7 +2111,6 @@ golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4f
|
|||
golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
|
||||
golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||
golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||
|
@ -2128,8 +2122,8 @@ golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
|
|||
golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
|
||||
golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4=
|
||||
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
|
||||
golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE=
|
||||
golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
|
||||
golang.org/x/tools v0.3.0 h1:SrNbZl6ECOS1qFzgTdQfWXZM9XBkiA6tkFrH9YSTPHM=
|
||||
golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k=
|
||||
golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
|
@ -2189,8 +2183,8 @@ google.golang.org/api v0.85.0/go.mod h1:AqZf8Ep9uZ2pyTvgL+x0D3Zt0eoT9b5E8fmzfu6F
|
|||
google.golang.org/api v0.86.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw=
|
||||
google.golang.org/api v0.90.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw=
|
||||
google.golang.org/api v0.91.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw=
|
||||
google.golang.org/api v0.102.0 h1:JxJl2qQ85fRMPNvlZY/enexbxpCjLwGhZUtgfGeQ51I=
|
||||
google.golang.org/api v0.102.0/go.mod h1:3VFl6/fzoA+qNuS1N1/VfXY4LjoXN/wzeIp7TweWwGo=
|
||||
google.golang.org/api v0.103.0 h1:9yuVqlu2JCvcLg9p8S3fcFLZij8EPSyvODIY1rkMizQ=
|
||||
google.golang.org/api v0.103.0/go.mod h1:hGtW6nK1AC+d9si/UBhw8Xli+QMOf6xyNAyJw4qU9w0=
|
||||
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||
google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
|
@ -2301,8 +2295,8 @@ google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljW
|
|||
google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
|
||||
google.golang.org/genproto v0.0.0-20220628213854-d9e0b6570c03/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
|
||||
google.golang.org/genproto v0.0.0-20220802133213-ce4fa296bf78/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc=
|
||||
google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c h1:QgY/XxIAIeccR+Ca/rDdKubLIU9rcJ3xfy1DC/Wd2Oo=
|
||||
google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c/go.mod h1:CGI5F/G+E5bKwmfYo09AXuVN4dD894kIKUFmVbP2/Fo=
|
||||
google.golang.org/genproto v0.0.0-20221114212237-e4508ebdbee1 h1:jCw9YRd2s40X9Vxi4zKsPRvSPlHWNqadVkpbMsCPzPQ=
|
||||
google.golang.org/genproto v0.0.0-20221114212237-e4508ebdbee1/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg=
|
||||
google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
|
||||
google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
|
||||
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
|
||||
|
|
|
@ -65,6 +65,12 @@ Please take a look at the usage below to customize the options.`,
|
|||
logger.ErrorToConsole("Unable to initialize KMS: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
mfaConfig := config.GetMFAConfig()
|
||||
err = mfaConfig.Initialize()
|
||||
if err != nil {
|
||||
logger.ErrorToConsole("Unable to initialize MFA: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
providerConf := config.GetProviderConf()
|
||||
// ignore actions
|
||||
providerConf.Actions.Hook = ""
|
||||
|
|
|
@ -56,7 +56,7 @@ Please take a look at the usage below to customize the options.`,
|
|||
}
|
||||
providerConf := config.GetProviderConf()
|
||||
if !resetProviderForce {
|
||||
logger.WarnToConsole("You are about to delete all the SFTPGo data for provider %#v, config file: %#v",
|
||||
logger.WarnToConsole("You are about to delete all the SFTPGo data for provider %q, config file: %q",
|
||||
providerConf.Driver, viper.ConfigFileUsed())
|
||||
logger.WarnToConsole("Are you sure? (Y/n)")
|
||||
reader := bufio.NewReader(os.Stdin)
|
||||
|
@ -70,7 +70,7 @@ Please take a look at the usage below to customize the options.`,
|
|||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
logger.InfoToConsole("Resetting provider: %#v, config file: %#v", providerConf.Driver, viper.ConfigFileUsed())
|
||||
logger.InfoToConsole("Resetting provider: %q, config file: %q", providerConf.Driver, viper.ConfigFileUsed())
|
||||
err = dataprovider.ResetDatabase(providerConf, configDir)
|
||||
if err != nil {
|
||||
logger.WarnToConsole("Error resetting provider: %v", err)
|
||||
|
|
|
@ -40,8 +40,8 @@ Please take a look at the usage below to customize the options.`,
|
|||
Run: func(_ *cobra.Command, _ []string) {
|
||||
logger.DisableLogger()
|
||||
logger.EnableConsoleLogger(zerolog.DebugLevel)
|
||||
if revertProviderTargetVersion != 19 {
|
||||
logger.WarnToConsole("Unsupported target version, 19 is the only supported one")
|
||||
if revertProviderTargetVersion != 23 {
|
||||
logger.WarnToConsole("Unsupported target version, 23 is the only supported one")
|
||||
os.Exit(1)
|
||||
}
|
||||
configDir = util.CleanDirInput(configDir)
|
||||
|
@ -57,7 +57,7 @@ Please take a look at the usage below to customize the options.`,
|
|||
os.Exit(1)
|
||||
}
|
||||
providerConf := config.GetProviderConf()
|
||||
logger.InfoToConsole("Reverting provider: %#v config file: %#v target version %v", providerConf.Driver,
|
||||
logger.InfoToConsole("Reverting provider: %q config file: %q target version %d", providerConf.Driver,
|
||||
viper.ConfigFileUsed(), revertProviderTargetVersion)
|
||||
err = dataprovider.RevertDatabase(providerConf, configDir, revertProviderTargetVersion)
|
||||
if err != nil {
|
||||
|
@ -71,7 +71,7 @@ Please take a look at the usage below to customize the options.`,
|
|||
|
||||
func init() {
|
||||
addConfigFlags(revertProviderCmd)
|
||||
revertProviderCmd.Flags().IntVar(&revertProviderTargetVersion, "to-version", 19, `19 means the version supported in v2.3.x`)
|
||||
revertProviderCmd.Flags().IntVar(&revertProviderTargetVersion, "to-version", 23, `23 means the version supported in v2.4.x`)
|
||||
|
||||
rootCmd.AddCommand(revertProviderCmd)
|
||||
}
|
||||
|
|
|
@ -137,7 +137,7 @@ Command-line flags should be specified in the Subsystem declaration.
|
|||
logger.Error(logSender, connectionID, "unable to initialize commands configuration: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
user, err := dataprovider.UserExists(username)
|
||||
user, err := dataprovider.UserExists(username, "")
|
||||
if err == nil {
|
||||
if user.HomeDir != filepath.Clean(homedir) && !preserveHomeDir {
|
||||
// update the user
|
||||
|
|
|
@ -417,6 +417,7 @@ type ActiveTransfer interface {
|
|||
type ActiveConnection interface {
|
||||
GetID() string
|
||||
GetUsername() string
|
||||
GetRole() string
|
||||
GetMaxSessions() int
|
||||
GetLocalAddress() string
|
||||
GetRemoteAddress() string
|
||||
|
@ -945,7 +946,7 @@ func (conns *ActiveConnections) Remove(connectionID string) {
|
|||
|
||||
// Close closes an active connection.
|
||||
// It returns true on success
|
||||
func (conns *ActiveConnections) Close(connectionID string) bool {
|
||||
func (conns *ActiveConnections) Close(connectionID, role string) bool {
|
||||
conns.RLock()
|
||||
|
||||
var result bool
|
||||
|
@ -953,12 +954,14 @@ func (conns *ActiveConnections) Close(connectionID string) bool {
|
|||
if idx, ok := conns.mapping[connectionID]; ok {
|
||||
c := conns.connections[idx]
|
||||
|
||||
if role == "" || c.GetRole() == role {
|
||||
defer func(conn ActiveConnection) {
|
||||
err := conn.Disconnect()
|
||||
logger.Debug(conn.GetProtocol(), conn.GetID(), "close connection requested, close err: %v", err)
|
||||
}(c)
|
||||
result = true
|
||||
}
|
||||
}
|
||||
|
||||
conns.RUnlock()
|
||||
return result
|
||||
|
@ -1161,13 +1164,14 @@ func (conns *ActiveConnections) IsNewConnectionAllowed(ipAddr string) error {
|
|||
}
|
||||
|
||||
// GetStats returns stats for active connections
|
||||
func (conns *ActiveConnections) GetStats() []ConnectionStatus {
|
||||
func (conns *ActiveConnections) GetStats(role string) []ConnectionStatus {
|
||||
conns.RLock()
|
||||
defer conns.RUnlock()
|
||||
|
||||
stats := make([]ConnectionStatus, 0, len(conns.connections))
|
||||
node := dataprovider.GetNodeName()
|
||||
for _, c := range conns.connections {
|
||||
if role == "" || c.GetRole() == role {
|
||||
stat := ConnectionStatus{
|
||||
Username: c.GetUsername(),
|
||||
ConnectionID: c.GetID(),
|
||||
|
@ -1182,6 +1186,7 @@ func (conns *ActiveConnections) GetStats() []ConnectionStatus {
|
|||
}
|
||||
stats = append(stats, stat)
|
||||
}
|
||||
}
|
||||
return stats
|
||||
}
|
||||
|
||||
|
@ -1254,6 +1259,7 @@ type ActiveQuotaScan struct {
|
|||
Username string `json:"username"`
|
||||
// quota scan start time as unix timestamp in milliseconds
|
||||
StartTime int64 `json:"start_time"`
|
||||
Role string `json:"-"`
|
||||
}
|
||||
|
||||
// ActiveVirtualFolderQuotaScan defines an active quota scan for a virtual folder
|
||||
|
@ -1272,18 +1278,26 @@ type ActiveScans struct {
|
|||
}
|
||||
|
||||
// GetUsersQuotaScans returns the active users quota scans
|
||||
func (s *ActiveScans) GetUsersQuotaScans() []ActiveQuotaScan {
|
||||
func (s *ActiveScans) GetUsersQuotaScans(role string) []ActiveQuotaScan {
|
||||
s.RLock()
|
||||
defer s.RUnlock()
|
||||
|
||||
scans := make([]ActiveQuotaScan, len(s.UserScans))
|
||||
copy(scans, s.UserScans)
|
||||
scans := make([]ActiveQuotaScan, 0, len(s.UserScans))
|
||||
for _, scan := range s.UserScans {
|
||||
if role == "" || role == scan.Role {
|
||||
scans = append(scans, ActiveQuotaScan{
|
||||
Username: scan.Username,
|
||||
StartTime: scan.StartTime,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
return scans
|
||||
}
|
||||
|
||||
// AddUserQuotaScan adds a user to the ones with active quota scans.
|
||||
// Returns false if the user has a quota scan already running
|
||||
func (s *ActiveScans) AddUserQuotaScan(username string) bool {
|
||||
func (s *ActiveScans) AddUserQuotaScan(username, role string) bool {
|
||||
s.Lock()
|
||||
defer s.Unlock()
|
||||
|
||||
|
@ -1295,6 +1309,7 @@ func (s *ActiveScans) AddUserQuotaScan(username string) bool {
|
|||
s.UserScans = append(s.UserScans, ActiveQuotaScan{
|
||||
Username: username,
|
||||
StartTime: util.GetTimeAsMsSinceEpoch(time.Now()),
|
||||
Role: role,
|
||||
})
|
||||
return true
|
||||
}
|
||||
|
@ -1368,6 +1383,7 @@ type MetadataCheck struct {
|
|||
Username string `json:"username"`
|
||||
// check start time as unix timestamp in milliseconds
|
||||
StartTime int64 `json:"start_time"`
|
||||
Role string `json:"-"`
|
||||
}
|
||||
|
||||
// MetadataChecks holds the active metadata checks
|
||||
|
@ -1377,19 +1393,26 @@ type MetadataChecks struct {
|
|||
}
|
||||
|
||||
// Get returns the active metadata checks
|
||||
func (c *MetadataChecks) Get() []MetadataCheck {
|
||||
func (c *MetadataChecks) Get(role string) []MetadataCheck {
|
||||
c.RLock()
|
||||
defer c.RUnlock()
|
||||
|
||||
checks := make([]MetadataCheck, len(c.checks))
|
||||
copy(checks, c.checks)
|
||||
checks := make([]MetadataCheck, 0, len(c.checks))
|
||||
for _, check := range c.checks {
|
||||
if role == "" || role == check.Role {
|
||||
checks = append(checks, MetadataCheck{
|
||||
Username: check.Username,
|
||||
StartTime: check.StartTime,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
return checks
|
||||
}
|
||||
|
||||
// Add adds a user to the ones with active metadata checks.
|
||||
// Return false if a metadata check is already active for the specified user
|
||||
func (c *MetadataChecks) Add(username string) bool {
|
||||
func (c *MetadataChecks) Add(username, role string) bool {
|
||||
c.Lock()
|
||||
defer c.Unlock()
|
||||
|
||||
|
@ -1402,6 +1425,7 @@ func (c *MetadataChecks) Add(username string) bool {
|
|||
c.checks = append(c.checks, MetadataCheck{
|
||||
Username: username,
|
||||
StartTime: util.GetTimeAsMsSinceEpoch(time.Now()),
|
||||
Role: role,
|
||||
})
|
||||
|
||||
return true
|
||||
|
|
|
@ -540,7 +540,7 @@ func TestUserMaxSessions(t *testing.T) {
|
|||
Connections.Lock()
|
||||
Connections.removeUserConnection(userTestUsername)
|
||||
Connections.Unlock()
|
||||
assert.Len(t, Connections.GetStats(), 0)
|
||||
assert.Len(t, Connections.GetStats(""), 0)
|
||||
}
|
||||
|
||||
func TestMaxConnections(t *testing.T) {
|
||||
|
@ -562,12 +562,12 @@ func TestMaxConnections(t *testing.T) {
|
|||
}
|
||||
err := Connections.Add(fakeConn)
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, Connections.GetStats(), 1)
|
||||
assert.Len(t, Connections.GetStats(""), 1)
|
||||
assert.Error(t, Connections.IsNewConnectionAllowed(ipAddr))
|
||||
|
||||
res := Connections.Close(fakeConn.GetID())
|
||||
res := Connections.Close(fakeConn.GetID(), "")
|
||||
assert.True(t, res)
|
||||
assert.Eventually(t, func() bool { return len(Connections.GetStats()) == 0 }, 300*time.Millisecond, 50*time.Millisecond)
|
||||
assert.Eventually(t, func() bool { return len(Connections.GetStats("")) == 0 }, 300*time.Millisecond, 50*time.Millisecond)
|
||||
|
||||
assert.NoError(t, Connections.IsNewConnectionAllowed(ipAddr))
|
||||
Connections.AddClientConnection(ipAddr)
|
||||
|
@ -580,6 +580,33 @@ func TestMaxConnections(t *testing.T) {
|
|||
Config.MaxTotalConnections = oldValue
|
||||
}
|
||||
|
||||
func TestConnectionRoles(t *testing.T) {
|
||||
username := "testUsername"
|
||||
role1 := "testRole1"
|
||||
role2 := "testRole2"
|
||||
c := NewBaseConnection("id", ProtocolSFTP, "", "", dataprovider.User{
|
||||
BaseUser: sdk.BaseUser{
|
||||
Username: username,
|
||||
Role: role1,
|
||||
},
|
||||
})
|
||||
fakeConn := &fakeConnection{
|
||||
BaseConnection: c,
|
||||
}
|
||||
err := Connections.Add(fakeConn)
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, Connections.GetStats(""), 1)
|
||||
assert.Len(t, Connections.GetStats(role1), 1)
|
||||
assert.Len(t, Connections.GetStats(role2), 0)
|
||||
|
||||
res := Connections.Close(fakeConn.GetID(), role2)
|
||||
assert.False(t, res)
|
||||
assert.Len(t, Connections.GetStats(""), 1)
|
||||
res = Connections.Close(fakeConn.GetID(), role1)
|
||||
assert.True(t, res)
|
||||
assert.Eventually(t, func() bool { return len(Connections.GetStats("")) == 0 }, 300*time.Millisecond, 50*time.Millisecond)
|
||||
}
|
||||
|
||||
func TestMaxConnectionPerHost(t *testing.T) {
|
||||
oldValue := Config.MaxPerHostConnections
|
||||
|
||||
|
@ -660,7 +687,7 @@ func TestIdleConnections(t *testing.T) {
|
|||
err = Connections.Add(fakeConn)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, Connections.GetActiveSessions(username), 2)
|
||||
assert.Len(t, Connections.GetStats(), 3)
|
||||
assert.Len(t, Connections.GetStats(""), 3)
|
||||
Connections.RLock()
|
||||
assert.Len(t, Connections.sshConnections, 2)
|
||||
Connections.RUnlock()
|
||||
|
@ -673,12 +700,12 @@ func TestIdleConnections(t *testing.T) {
|
|||
return len(Connections.sshConnections) == 1
|
||||
}, 1*time.Second, 200*time.Millisecond)
|
||||
stopEventScheduler()
|
||||
assert.Len(t, Connections.GetStats(), 2)
|
||||
assert.Len(t, Connections.GetStats(""), 2)
|
||||
c.lastActivity.Store(time.Now().Add(-24 * time.Hour).UnixNano())
|
||||
cFTP.lastActivity.Store(time.Now().Add(-24 * time.Hour).UnixNano())
|
||||
sshConn2.lastActivity.Store(c.lastActivity.Load())
|
||||
startPeriodicChecks(100 * time.Millisecond)
|
||||
assert.Eventually(t, func() bool { return len(Connections.GetStats()) == 0 }, 2*time.Second, 200*time.Millisecond)
|
||||
assert.Eventually(t, func() bool { return len(Connections.GetStats("")) == 0 }, 2*time.Second, 200*time.Millisecond)
|
||||
assert.Eventually(t, func() bool {
|
||||
Connections.RLock()
|
||||
defer Connections.RUnlock()
|
||||
|
@ -700,11 +727,11 @@ func TestCloseConnection(t *testing.T) {
|
|||
assert.NoError(t, Connections.IsNewConnectionAllowed("127.0.0.1"))
|
||||
err := Connections.Add(fakeConn)
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, Connections.GetStats(), 1)
|
||||
res := Connections.Close(fakeConn.GetID())
|
||||
assert.Len(t, Connections.GetStats(""), 1)
|
||||
res := Connections.Close(fakeConn.GetID(), "")
|
||||
assert.True(t, res)
|
||||
assert.Eventually(t, func() bool { return len(Connections.GetStats()) == 0 }, 300*time.Millisecond, 50*time.Millisecond)
|
||||
res = Connections.Close(fakeConn.GetID())
|
||||
assert.Eventually(t, func() bool { return len(Connections.GetStats("")) == 0 }, 300*time.Millisecond, 50*time.Millisecond)
|
||||
res = Connections.Close(fakeConn.GetID(), "")
|
||||
assert.False(t, res)
|
||||
Connections.Remove(fakeConn.GetID())
|
||||
}
|
||||
|
@ -716,8 +743,8 @@ func TestSwapConnection(t *testing.T) {
|
|||
}
|
||||
err := Connections.Add(fakeConn)
|
||||
assert.NoError(t, err)
|
||||
if assert.Len(t, Connections.GetStats(), 1) {
|
||||
assert.Equal(t, "", Connections.GetStats()[0].Username)
|
||||
if assert.Len(t, Connections.GetStats(""), 1) {
|
||||
assert.Equal(t, "", Connections.GetStats("")[0].Username)
|
||||
}
|
||||
c = NewBaseConnection("id", ProtocolFTP, "", "", dataprovider.User{
|
||||
BaseUser: sdk.BaseUser{
|
||||
|
@ -743,12 +770,12 @@ func TestSwapConnection(t *testing.T) {
|
|||
Connections.Remove(fakeConn1.ID)
|
||||
err = Connections.Swap(fakeConn)
|
||||
assert.NoError(t, err)
|
||||
if assert.Len(t, Connections.GetStats(), 1) {
|
||||
assert.Equal(t, userTestUsername, Connections.GetStats()[0].Username)
|
||||
if assert.Len(t, Connections.GetStats(""), 1) {
|
||||
assert.Equal(t, userTestUsername, Connections.GetStats("")[0].Username)
|
||||
}
|
||||
res := Connections.Close(fakeConn.GetID())
|
||||
res := Connections.Close(fakeConn.GetID(), "")
|
||||
assert.True(t, res)
|
||||
assert.Eventually(t, func() bool { return len(Connections.GetStats()) == 0 }, 300*time.Millisecond, 50*time.Millisecond)
|
||||
assert.Eventually(t, func() bool { return len(Connections.GetStats("")) == 0 }, 300*time.Millisecond, 50*time.Millisecond)
|
||||
err = Connections.Swap(fakeConn)
|
||||
assert.Error(t, err)
|
||||
}
|
||||
|
@ -800,7 +827,7 @@ func TestConnectionStatus(t *testing.T) {
|
|||
err = Connections.Add(fakeConn3)
|
||||
assert.NoError(t, err)
|
||||
|
||||
stats := Connections.GetStats()
|
||||
stats := Connections.GetStats("")
|
||||
assert.Len(t, stats, 3)
|
||||
for _, stat := range stats {
|
||||
assert.Equal(t, stat.Username, username)
|
||||
|
@ -838,24 +865,24 @@ func TestConnectionStatus(t *testing.T) {
|
|||
assert.Error(t, err)
|
||||
|
||||
Connections.Remove(fakeConn1.GetID())
|
||||
stats = Connections.GetStats()
|
||||
stats = Connections.GetStats("")
|
||||
assert.Len(t, stats, 2)
|
||||
assert.Equal(t, fakeConn3.GetID(), stats[0].ConnectionID)
|
||||
assert.Equal(t, fakeConn2.GetID(), stats[1].ConnectionID)
|
||||
Connections.Remove(fakeConn2.GetID())
|
||||
stats = Connections.GetStats()
|
||||
stats = Connections.GetStats("")
|
||||
assert.Len(t, stats, 1)
|
||||
assert.Equal(t, fakeConn3.GetID(), stats[0].ConnectionID)
|
||||
Connections.Remove(fakeConn3.GetID())
|
||||
stats = Connections.GetStats()
|
||||
stats = Connections.GetStats("")
|
||||
assert.Len(t, stats, 0)
|
||||
}
|
||||
|
||||
func TestQuotaScans(t *testing.T) {
|
||||
username := "username"
|
||||
assert.True(t, QuotaScans.AddUserQuotaScan(username))
|
||||
assert.False(t, QuotaScans.AddUserQuotaScan(username))
|
||||
usersScans := QuotaScans.GetUsersQuotaScans()
|
||||
assert.True(t, QuotaScans.AddUserQuotaScan(username, ""))
|
||||
assert.False(t, QuotaScans.AddUserQuotaScan(username, ""))
|
||||
usersScans := QuotaScans.GetUsersQuotaScans("")
|
||||
if assert.Len(t, usersScans, 1) {
|
||||
assert.Equal(t, usersScans[0].Username, username)
|
||||
assert.Equal(t, QuotaScans.UserScans[0].StartTime, usersScans[0].StartTime)
|
||||
|
@ -865,7 +892,7 @@ func TestQuotaScans(t *testing.T) {
|
|||
|
||||
assert.True(t, QuotaScans.RemoveUserQuotaScan(username))
|
||||
assert.False(t, QuotaScans.RemoveUserQuotaScan(username))
|
||||
assert.Len(t, QuotaScans.GetUsersQuotaScans(), 0)
|
||||
assert.Len(t, QuotaScans.GetUsersQuotaScans(""), 0)
|
||||
assert.Len(t, usersScans, 1)
|
||||
|
||||
folderName := "folder"
|
||||
|
@ -880,6 +907,24 @@ func TestQuotaScans(t *testing.T) {
|
|||
assert.Len(t, QuotaScans.GetVFoldersQuotaScans(), 0)
|
||||
}
|
||||
|
||||
func TestQuotaScansRole(t *testing.T) {
|
||||
username := "u"
|
||||
role1 := "r1"
|
||||
role2 := "r2"
|
||||
assert.True(t, QuotaScans.AddUserQuotaScan(username, role1))
|
||||
assert.False(t, QuotaScans.AddUserQuotaScan(username, ""))
|
||||
usersScans := QuotaScans.GetUsersQuotaScans("")
|
||||
assert.Len(t, usersScans, 1)
|
||||
assert.Empty(t, usersScans[0].Role)
|
||||
usersScans = QuotaScans.GetUsersQuotaScans(role1)
|
||||
assert.Len(t, usersScans, 1)
|
||||
usersScans = QuotaScans.GetUsersQuotaScans(role2)
|
||||
assert.Len(t, usersScans, 0)
|
||||
assert.True(t, QuotaScans.RemoveUserQuotaScan(username))
|
||||
assert.False(t, QuotaScans.RemoveUserQuotaScan(username))
|
||||
assert.Len(t, QuotaScans.GetUsersQuotaScans(""), 0)
|
||||
}
|
||||
|
||||
func TestProxyProtocolVersion(t *testing.T) {
|
||||
c := Configuration{
|
||||
ProxyProtocol: 0,
|
||||
|
@ -1342,13 +1387,13 @@ func TestUpdateTransferTimestamps(t *testing.T) {
|
|||
|
||||
err = dataprovider.UpdateUserTransferTimestamps(username, true)
|
||||
assert.NoError(t, err)
|
||||
userGet, err := dataprovider.UserExists(username)
|
||||
userGet, err := dataprovider.UserExists(username, "")
|
||||
assert.NoError(t, err)
|
||||
assert.Greater(t, userGet.FirstUpload, int64(0))
|
||||
assert.Equal(t, int64(0), user.FirstDownload)
|
||||
err = dataprovider.UpdateUserTransferTimestamps(username, false)
|
||||
assert.NoError(t, err)
|
||||
userGet, err = dataprovider.UserExists(username)
|
||||
userGet, err = dataprovider.UserExists(username, "")
|
||||
assert.NoError(t, err)
|
||||
assert.Greater(t, userGet.FirstUpload, int64(0))
|
||||
assert.Greater(t, userGet.FirstDownload, int64(0))
|
||||
|
@ -1358,23 +1403,40 @@ func TestUpdateTransferTimestamps(t *testing.T) {
|
|||
err = dataprovider.UpdateUserTransferTimestamps(username, false)
|
||||
assert.Error(t, err)
|
||||
// cleanup
|
||||
err = dataprovider.DeleteUser(username, "", "")
|
||||
err = dataprovider.DeleteUser(username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
func TestMetadataAPI(t *testing.T) {
|
||||
username := "metadatauser"
|
||||
require.False(t, ActiveMetadataChecks.Remove(username))
|
||||
require.True(t, ActiveMetadataChecks.Add(username))
|
||||
require.False(t, ActiveMetadataChecks.Add(username))
|
||||
checks := ActiveMetadataChecks.Get()
|
||||
require.True(t, ActiveMetadataChecks.Add(username, ""))
|
||||
require.False(t, ActiveMetadataChecks.Add(username, ""))
|
||||
checks := ActiveMetadataChecks.Get("")
|
||||
require.Len(t, checks, 1)
|
||||
checks[0].Username = username + "a"
|
||||
checks = ActiveMetadataChecks.Get()
|
||||
checks = ActiveMetadataChecks.Get("")
|
||||
require.Len(t, checks, 1)
|
||||
require.Equal(t, username, checks[0].Username)
|
||||
require.True(t, ActiveMetadataChecks.Remove(username))
|
||||
require.Len(t, ActiveMetadataChecks.Get(), 0)
|
||||
require.Len(t, ActiveMetadataChecks.Get(""), 0)
|
||||
}
|
||||
|
||||
func TestMetadataAPIRole(t *testing.T) {
|
||||
username := "muser"
|
||||
role1 := "r1"
|
||||
role2 := "r2"
|
||||
require.True(t, ActiveMetadataChecks.Add(username, role2))
|
||||
require.False(t, ActiveMetadataChecks.Add(username, ""))
|
||||
checks := ActiveMetadataChecks.Get("")
|
||||
require.Len(t, checks, 1)
|
||||
assert.Empty(t, checks[0].Role)
|
||||
checks = ActiveMetadataChecks.Get(role1)
|
||||
require.Len(t, checks, 0)
|
||||
checks = ActiveMetadataChecks.Get(role2)
|
||||
require.Len(t, checks, 1)
|
||||
require.True(t, ActiveMetadataChecks.Remove(username))
|
||||
require.Len(t, ActiveMetadataChecks.Get(""), 0)
|
||||
}
|
||||
|
||||
func BenchmarkBcryptHashing(b *testing.B) {
|
||||
|
|
|
@ -98,6 +98,11 @@ func (c *BaseConnection) GetUsername() string {
|
|||
return c.User.Username
|
||||
}
|
||||
|
||||
// GetRole returns the role for the user associated with this connection
|
||||
func (c *BaseConnection) GetRole() string {
|
||||
return c.User.Role
|
||||
}
|
||||
|
||||
// GetMaxSessions returns the maximum number of concurrent sessions allowed
|
||||
func (c *BaseConnection) GetMaxSessions() int {
|
||||
return c.User.MaxSessions
|
||||
|
|
|
@ -62,12 +62,13 @@ type ActiveRetentionChecks struct {
|
|||
}
|
||||
|
||||
// Get returns the active retention checks
|
||||
func (c *ActiveRetentionChecks) Get() []RetentionCheck {
|
||||
func (c *ActiveRetentionChecks) Get(role string) []RetentionCheck {
|
||||
c.RLock()
|
||||
defer c.RUnlock()
|
||||
|
||||
checks := make([]RetentionCheck, 0, len(c.Checks))
|
||||
for _, check := range c.Checks {
|
||||
if role == "" || role == check.Role {
|
||||
foldersCopy := make([]dataprovider.FolderRetention, len(check.Folders))
|
||||
copy(foldersCopy, check.Folders)
|
||||
notificationsCopy := make([]string, len(check.Notifications))
|
||||
|
@ -80,6 +81,7 @@ func (c *ActiveRetentionChecks) Get() []RetentionCheck {
|
|||
Folders: foldersCopy,
|
||||
})
|
||||
}
|
||||
}
|
||||
return checks
|
||||
}
|
||||
|
||||
|
@ -100,6 +102,7 @@ func (c *ActiveRetentionChecks) Add(check RetentionCheck, user *dataprovider.Use
|
|||
conn.SetProtocol(ProtocolDataRetention)
|
||||
conn.ID = fmt.Sprintf("data_retention_%v", user.Username)
|
||||
check.Username = user.Username
|
||||
check.Role = user.Role
|
||||
check.StartTime = util.GetTimeAsMsSinceEpoch(time.Now())
|
||||
check.conn = conn
|
||||
check.updateUserPermissions()
|
||||
|
@ -148,6 +151,7 @@ type RetentionCheck struct {
|
|||
Notifications []RetentionCheckNotification `json:"notifications,omitempty"`
|
||||
// email to use if the notification method is set to email
|
||||
Email string `json:"email,omitempty"`
|
||||
Role string `json:"-"`
|
||||
// Cleanup results
|
||||
results []folderRetentionCheckResult `json:"-"`
|
||||
conn *BaseConnection
|
||||
|
|
|
@ -316,7 +316,7 @@ func TestRetentionCheckAddRemove(t *testing.T) {
|
|||
Notifications: []RetentionCheckNotification{RetentionCheckNotificationHook},
|
||||
}
|
||||
assert.NotNil(t, RetentionChecks.Add(check, &user))
|
||||
checks := RetentionChecks.Get()
|
||||
checks := RetentionChecks.Get("")
|
||||
require.Len(t, checks, 1)
|
||||
assert.Equal(t, username, checks[0].Username)
|
||||
assert.Greater(t, checks[0].StartTime, int64(0))
|
||||
|
@ -328,10 +328,45 @@ func TestRetentionCheckAddRemove(t *testing.T) {
|
|||
|
||||
assert.Nil(t, RetentionChecks.Add(check, &user))
|
||||
assert.True(t, RetentionChecks.remove(username))
|
||||
require.Len(t, RetentionChecks.Get(), 0)
|
||||
require.Len(t, RetentionChecks.Get(""), 0)
|
||||
assert.False(t, RetentionChecks.remove(username))
|
||||
}
|
||||
|
||||
func TestRetentionCheckRole(t *testing.T) {
|
||||
username := "retuser"
|
||||
role1 := "retrole1"
|
||||
role2 := "retrole2"
|
||||
user := dataprovider.User{
|
||||
BaseUser: sdk.BaseUser{
|
||||
Username: username,
|
||||
Role: role1,
|
||||
},
|
||||
}
|
||||
user.Permissions = make(map[string][]string)
|
||||
user.Permissions["/"] = []string{dataprovider.PermAny}
|
||||
check := RetentionCheck{
|
||||
Folders: []dataprovider.FolderRetention{
|
||||
{
|
||||
Path: "/",
|
||||
Retention: 48,
|
||||
},
|
||||
},
|
||||
Notifications: []RetentionCheckNotification{RetentionCheckNotificationHook},
|
||||
}
|
||||
assert.NotNil(t, RetentionChecks.Add(check, &user))
|
||||
checks := RetentionChecks.Get("")
|
||||
require.Len(t, checks, 1)
|
||||
assert.Empty(t, checks[0].Role)
|
||||
checks = RetentionChecks.Get(role1)
|
||||
require.Len(t, checks, 1)
|
||||
checks = RetentionChecks.Get(role2)
|
||||
require.Len(t, checks, 0)
|
||||
user.Role = ""
|
||||
assert.Nil(t, RetentionChecks.Add(check, &user))
|
||||
assert.True(t, RetentionChecks.remove(username))
|
||||
require.Len(t, RetentionChecks.Get(""), 0)
|
||||
}
|
||||
|
||||
func TestCleanupErrors(t *testing.T) {
|
||||
user := dataprovider.User{
|
||||
BaseUser: sdk.BaseUser{
|
||||
|
|
|
@ -531,7 +531,7 @@ func (p *EventParams) getUserFromSender() (dataprovider.User, error) {
|
|||
},
|
||||
}, nil
|
||||
}
|
||||
user, err := dataprovider.UserExists(p.sender)
|
||||
user, err := dataprovider.UserExists(p.sender, "")
|
||||
if err != nil {
|
||||
eventManagerLog(logger.LevelError, "unable to get user %q: %+v", p.sender, err)
|
||||
return user, fmt.Errorf("error getting user %q", p.sender)
|
||||
|
@ -1652,7 +1652,7 @@ func executeQuotaResetForUser(user dataprovider.User) error {
|
|||
user.Username, err)
|
||||
return err
|
||||
}
|
||||
if !QuotaScans.AddUserQuotaScan(user.Username) {
|
||||
if !QuotaScans.AddUserQuotaScan(user.Username, user.Role) {
|
||||
eventManagerLog(logger.LevelError, "another quota scan is already in progress for user %q", user.Username)
|
||||
return fmt.Errorf("another quota scan is in progress for user %q", user.Username)
|
||||
}
|
||||
|
@ -1874,7 +1874,7 @@ func executeMetadataCheckForUser(user dataprovider.User) error {
|
|||
user.Username, err)
|
||||
return err
|
||||
}
|
||||
if !ActiveMetadataChecks.Add(user.Username) {
|
||||
if !ActiveMetadataChecks.Add(user.Username, user.Role) {
|
||||
eventManagerLog(logger.LevelError, "another metadata check is already in progress for user %q", user.Username)
|
||||
return fmt.Errorf("another metadata check is in progress for user %q", user.Username)
|
||||
}
|
||||
|
|
|
@ -645,12 +645,12 @@ func TestEventRuleActions(t *testing.T) {
|
|||
},
|
||||
})
|
||||
assert.NoError(t, err)
|
||||
userGet, err := dataprovider.UserExists(username1)
|
||||
userGet, err := dataprovider.UserExists(username1, "")
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, 1, userGet.UsedQuotaFiles)
|
||||
assert.Equal(t, int64(4), userGet.UsedQuotaSize)
|
||||
// simulate another quota scan in progress
|
||||
assert.True(t, QuotaScans.AddUserQuotaScan(username1))
|
||||
assert.True(t, QuotaScans.AddUserQuotaScan(username1, ""))
|
||||
err = executeRuleAction(action, &EventParams{}, dataprovider.ConditionOptions{
|
||||
Names: []dataprovider.ConditionPattern{
|
||||
{
|
||||
|
@ -694,7 +694,7 @@ func TestEventRuleActions(t *testing.T) {
|
|||
})
|
||||
assert.NoError(t, err)
|
||||
// simulate another metadata check in progress
|
||||
assert.True(t, ActiveMetadataChecks.Add(username1))
|
||||
assert.True(t, ActiveMetadataChecks.Add(username1, ""))
|
||||
err = executeRuleAction(action, &EventParams{}, dataprovider.ConditionOptions{
|
||||
Names: []dataprovider.ConditionPattern{
|
||||
{
|
||||
|
@ -850,7 +850,7 @@ func TestEventRuleActions(t *testing.T) {
|
|||
},
|
||||
})
|
||||
assert.NoError(t, err)
|
||||
userGet, err = dataprovider.UserExists(username1)
|
||||
userGet, err = dataprovider.UserExists(username1, "")
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, int64(0), userGet.UsedDownloadDataTransfer)
|
||||
assert.Equal(t, int64(0), userGet.UsedUploadDataTransfer)
|
||||
|
@ -948,9 +948,9 @@ func TestEventRuleActions(t *testing.T) {
|
|||
assert.Error(t, err)
|
||||
assert.Contains(t, getErrorString(err), "no file/folder compressed")
|
||||
|
||||
err = dataprovider.DeleteUser(username1, "", "")
|
||||
err = dataprovider.DeleteUser(username1, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = dataprovider.DeleteUser(username2, "", "")
|
||||
err = dataprovider.DeleteUser(username2, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
// test folder quota reset
|
||||
foldername1 := "f1"
|
||||
|
@ -1085,7 +1085,7 @@ func TestEventRuleActionsNoGroupMatching(t *testing.T) {
|
|||
assert.Contains(t, err.Error(), "no retention check executed")
|
||||
}
|
||||
|
||||
err = dataprovider.DeleteUser(username, "", "")
|
||||
err = dataprovider.DeleteUser(username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
|
@ -1147,7 +1147,7 @@ func TestGetFileContent(t *testing.T) {
|
|||
_, err = getMailAttachments(user, []string{"/file.txt"}, replacer)
|
||||
assert.Error(t, err)
|
||||
|
||||
err = dataprovider.DeleteUser(username, "", "")
|
||||
err = dataprovider.DeleteUser(username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
|
@ -1232,7 +1232,7 @@ func TestFilesystemActionErrors(t *testing.T) {
|
|||
assert.Error(t, err)
|
||||
user.FsConfig.Provider = sdk.LocalFilesystemProvider
|
||||
user.Permissions["/"] = []string{dataprovider.PermUpload}
|
||||
err = dataprovider.DeleteUser(username, "", "")
|
||||
err = dataprovider.DeleteUser(username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = dataprovider.AddUser(&user, "", "")
|
||||
assert.NoError(t, err)
|
||||
|
@ -1344,7 +1344,7 @@ func TestFilesystemActionErrors(t *testing.T) {
|
|||
assert.Contains(t, getErrorString(err), "is outside base dir")
|
||||
}
|
||||
|
||||
err = dataprovider.DeleteUser(username, "", "")
|
||||
err = dataprovider.DeleteUser(username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
|
@ -1400,7 +1400,7 @@ func TestQuotaActionsWithQuotaTrackDisabled(t *testing.T) {
|
|||
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
err = dataprovider.DeleteUser(username, "", "")
|
||||
err = dataprovider.DeleteUser(username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
|
||||
foldername := "f1"
|
||||
|
|
|
@ -3067,7 +3067,7 @@ func TestUserPasswordHashing(t *testing.T) {
|
|||
err = dataprovider.Initialize(providerConf, configDir, true)
|
||||
assert.NoError(t, err)
|
||||
|
||||
currentUser, err := dataprovider.UserExists(user.Username)
|
||||
currentUser, err := dataprovider.UserExists(user.Username, "")
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, strings.HasPrefix(currentUser.Password, "$2a$"))
|
||||
|
||||
|
@ -3088,7 +3088,7 @@ func TestUserPasswordHashing(t *testing.T) {
|
|||
user, _, err = httpdtest.AddUser(u, http.StatusCreated)
|
||||
assert.NoError(t, err)
|
||||
|
||||
currentUser, err = dataprovider.UserExists(user.Username)
|
||||
currentUser, err = dataprovider.UserExists(user.Username, "")
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, strings.HasPrefix(currentUser.Password, "$argon2id$"))
|
||||
|
||||
|
@ -3193,7 +3193,7 @@ func TestDelayedQuotaUpdater(t *testing.T) {
|
|||
assert.Equal(t, int64(100), ulSize)
|
||||
assert.Equal(t, int64(200), dlSize)
|
||||
|
||||
userGet, err := dataprovider.UserExists(user.Username)
|
||||
userGet, err := dataprovider.UserExists(user.Username, "")
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, 0, userGet.UsedQuotaFiles)
|
||||
assert.Equal(t, int64(0), userGet.UsedQuotaSize)
|
||||
|
@ -3211,7 +3211,7 @@ func TestDelayedQuotaUpdater(t *testing.T) {
|
|||
assert.Equal(t, int64(100), ulSize)
|
||||
assert.Equal(t, int64(200), dlSize)
|
||||
|
||||
userGet, err = dataprovider.UserExists(user.Username)
|
||||
userGet, err = dataprovider.UserExists(user.Username, "")
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, 10, userGet.UsedQuotaFiles)
|
||||
assert.Equal(t, int64(6000), userGet.UsedQuotaSize)
|
||||
|
@ -5609,7 +5609,7 @@ func TestEventRuleIPBlocked(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
err = dataprovider.DeleteEventAction(action2.Name, "", "")
|
||||
assert.NoError(t, err)
|
||||
err = dataprovider.DeleteUser(user.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
|
@ -5815,7 +5815,7 @@ func TestRetentionAPI(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
|
||||
assert.Eventually(t, func() bool {
|
||||
return len(common.RetentionChecks.Get()) == 0
|
||||
return len(common.RetentionChecks.Get("")) == 0
|
||||
}, 1000*time.Millisecond, 50*time.Millisecond)
|
||||
|
||||
_, err = client.Stat(uploadPath)
|
||||
|
@ -5828,7 +5828,7 @@ func TestRetentionAPI(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
|
||||
assert.Eventually(t, func() bool {
|
||||
return len(common.RetentionChecks.Get()) == 0
|
||||
return len(common.RetentionChecks.Get("")) == 0
|
||||
}, 1000*time.Millisecond, 50*time.Millisecond)
|
||||
|
||||
_, err = client.Stat(uploadPath)
|
||||
|
@ -5850,7 +5850,7 @@ func TestRetentionAPI(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
|
||||
assert.Eventually(t, func() bool {
|
||||
return len(common.RetentionChecks.Get()) == 0
|
||||
return len(common.RetentionChecks.Get("")) == 0
|
||||
}, 1000*time.Millisecond, 50*time.Millisecond)
|
||||
|
||||
_, err = client.Stat(uploadPath)
|
||||
|
@ -5905,7 +5905,7 @@ func TestRetentionAPI(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
|
||||
assert.Eventually(t, func() bool {
|
||||
return len(common.RetentionChecks.Get()) == 0
|
||||
return len(common.RetentionChecks.Get("")) == 0
|
||||
}, 1000*time.Millisecond, 50*time.Millisecond)
|
||||
|
||||
_, err = client.Stat(uploadPath)
|
||||
|
@ -5918,7 +5918,7 @@ func TestRetentionAPI(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
|
||||
assert.Eventually(t, func() bool {
|
||||
return len(common.RetentionChecks.Get()) == 0
|
||||
return len(common.RetentionChecks.Get("")) == 0
|
||||
}, 1000*time.Millisecond, 50*time.Millisecond)
|
||||
|
||||
_, err = client.Stat(uploadPath)
|
||||
|
@ -5940,7 +5940,7 @@ func TestRetentionAPI(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
|
||||
assert.Eventually(t, func() bool {
|
||||
return len(common.RetentionChecks.Get()) == 0
|
||||
return len(common.RetentionChecks.Get("")) == 0
|
||||
}, 1000*time.Millisecond, 50*time.Millisecond)
|
||||
|
||||
_, err = client.Stat(innerUploadFilePath)
|
||||
|
@ -5975,7 +5975,7 @@ func TestRetentionAPI(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
|
||||
assert.Eventually(t, func() bool {
|
||||
return len(common.RetentionChecks.Get()) == 0
|
||||
return len(common.RetentionChecks.Get("")) == 0
|
||||
}, 1000*time.Millisecond, 50*time.Millisecond)
|
||||
|
||||
err = os.Chmod(dirPath, 0555)
|
||||
|
@ -5985,7 +5985,7 @@ func TestRetentionAPI(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
|
||||
assert.Eventually(t, func() bool {
|
||||
return len(common.RetentionChecks.Get()) == 0
|
||||
return len(common.RetentionChecks.Get("")) == 0
|
||||
}, 1000*time.Millisecond, 50*time.Millisecond)
|
||||
|
||||
err = os.Chmod(dirPath, os.ModePerm)
|
||||
|
@ -5995,7 +5995,7 @@ func TestRetentionAPI(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
|
||||
assert.Eventually(t, func() bool {
|
||||
return len(common.RetentionChecks.Get()) == 0
|
||||
return len(common.RetentionChecks.Get("")) == 0
|
||||
}, 1000*time.Millisecond, 50*time.Millisecond)
|
||||
|
||||
assert.NoDirExists(t, dirPath)
|
||||
|
|
|
@ -83,7 +83,7 @@ func TestTransfersCheckerDiskQuota(t *testing.T) {
|
|||
assert.Equal(t, int64(120), group.UserSettings.QuotaSize)
|
||||
err = dataprovider.AddUser(&user, "", "")
|
||||
assert.NoError(t, err)
|
||||
user, err = dataprovider.GetUserWithGroupSettings(username)
|
||||
user, err = dataprovider.GetUserWithGroupSettings(username, "")
|
||||
assert.NoError(t, err)
|
||||
|
||||
connID1 := xid.New().String()
|
||||
|
@ -243,10 +243,10 @@ func TestTransfersCheckerDiskQuota(t *testing.T) {
|
|||
Connections.Remove(fakeConn3.GetID())
|
||||
Connections.Remove(fakeConn4.GetID())
|
||||
Connections.Remove(fakeConn5.GetID())
|
||||
stats := Connections.GetStats()
|
||||
stats := Connections.GetStats("")
|
||||
assert.Len(t, stats, 0)
|
||||
|
||||
err = dataprovider.DeleteUser(user.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
|
@ -366,10 +366,10 @@ func TestTransferCheckerTransferQuota(t *testing.T) {
|
|||
|
||||
Connections.Remove(fakeConn3.GetID())
|
||||
Connections.Remove(fakeConn4.GetID())
|
||||
stats := Connections.GetStats()
|
||||
stats := Connections.GetStats("")
|
||||
assert.Len(t, stats, 0)
|
||||
|
||||
err = dataprovider.DeleteUser(user.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
|
@ -671,7 +671,7 @@ func TestGetUsersForQuotaCheck(t *testing.T) {
|
|||
}
|
||||
|
||||
for i := 0; i < 40; i++ {
|
||||
err = dataprovider.DeleteUser(fmt.Sprintf("user%v", i), "", "")
|
||||
err = dataprovider.DeleteUser(fmt.Sprintf("user%v", i), "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = dataprovider.DeleteFolder(fmt.Sprintf("f%v", i), "", "")
|
||||
assert.NoError(t, err)
|
||||
|
|
|
@ -50,6 +50,7 @@ const (
|
|||
actionObjectShare = "share"
|
||||
actionObjectEventAction = "event_action"
|
||||
actionObjectEventRule = "event_rule"
|
||||
actionObjectRole = "role"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
|
@ -56,6 +56,7 @@ const (
|
|||
PermAdminMetadataChecks = "metadata_checks"
|
||||
PermAdminViewEvents = "view_events"
|
||||
PermAdminManageEventRules = "manage_event_rules"
|
||||
PermAdminManageRoles = "manage_roles"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -70,9 +71,11 @@ const (
|
|||
var (
|
||||
validAdminPerms = []string{PermAdminAny, PermAdminAddUsers, PermAdminChangeUsers, PermAdminDeleteUsers,
|
||||
PermAdminViewUsers, PermAdminManageGroups, PermAdminViewConnections, PermAdminCloseConnections,
|
||||
PermAdminViewServerStatus, PermAdminManageAdmins, PermAdminManageAPIKeys, PermAdminQuotaScans,
|
||||
PermAdminManageSystem, PermAdminManageDefender, PermAdminViewDefender, PermAdminRetentionChecks,
|
||||
PermAdminMetadataChecks, PermAdminViewEvents}
|
||||
PermAdminViewServerStatus, PermAdminManageAdmins, PermAdminManageRoles, PermAdminManageEventRules,
|
||||
PermAdminManageAPIKeys, PermAdminQuotaScans, PermAdminManageSystem, PermAdminManageDefender,
|
||||
PermAdminViewDefender, PermAdminRetentionChecks, PermAdminMetadataChecks, PermAdminViewEvents}
|
||||
forbiddenPermsForRoleAdmins = []string{PermAdminAny, PermAdminManageAdmins, PermAdminManageSystem,
|
||||
PermAdminManageEventRules, PermAdminManageRoles, PermAdminViewEvents}
|
||||
)
|
||||
|
||||
// AdminTOTPConfig defines the time-based one time password configuration
|
||||
|
@ -255,6 +258,14 @@ type Admin struct {
|
|||
UpdatedAt int64 `json:"updated_at"`
|
||||
// Last login as unix timestamp in milliseconds
|
||||
LastLogin int64 `json:"last_login"`
|
||||
// Role name. If set the admin can only administer users with the same role.
|
||||
// Role admins cannot have the following permissions:
|
||||
// - manage_admins
|
||||
// - manage_apikeys
|
||||
// - manage_system
|
||||
// - manage_event_rules
|
||||
// - manage_roles
|
||||
Role string `json:"role,omitempty"`
|
||||
}
|
||||
|
||||
// CountUnusedRecoveryCodes returns the number of unused recovery codes
|
||||
|
@ -322,7 +333,13 @@ func (a *Admin) validatePermissions() error {
|
|||
}
|
||||
for _, perm := range a.Permissions {
|
||||
if !util.Contains(validAdminPerms, perm) {
|
||||
return util.NewValidationError(fmt.Sprintf("invalid permission: %#v", perm))
|
||||
return util.NewValidationError(fmt.Sprintf("invalid permission: %q", perm))
|
||||
}
|
||||
if a.Role != "" {
|
||||
if util.Contains(forbiddenPermsForRoleAdmins, perm) {
|
||||
return util.NewValidationError(fmt.Sprintf("a role admin cannot have the following permissions: %q",
|
||||
strings.Join(forbiddenPermsForRoleAdmins, ",")))
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
|
@ -604,6 +621,7 @@ func (a *Admin) getACopy() Admin {
|
|||
LastLogin: a.LastLogin,
|
||||
CreatedAt: a.CreatedAt,
|
||||
UpdatedAt: a.UpdatedAt,
|
||||
Role: a.Role,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -165,7 +165,7 @@ func (k *APIKey) validate() error {
|
|||
k.Admin = ""
|
||||
}
|
||||
if k.User != "" {
|
||||
_, err := provider.userExists(k.User)
|
||||
_, err := provider.userExists(k.User, "")
|
||||
if err != nil {
|
||||
return util.NewValidationError(fmt.Sprintf("unable to check API key user %v: %v", k.User, err))
|
||||
}
|
||||
|
|
|
@ -35,7 +35,7 @@ import (
|
|||
)
|
||||
|
||||
const (
|
||||
boltDatabaseVersion = 23
|
||||
boltDatabaseVersion = 24
|
||||
)
|
||||
|
||||
var (
|
||||
|
@ -47,10 +47,11 @@ var (
|
|||
sharesBucket = []byte("shares")
|
||||
actionsBucket = []byte("events_actions")
|
||||
rulesBucket = []byte("events_rules")
|
||||
rolesBucket = []byte("roles")
|
||||
dbVersionBucket = []byte("db_version")
|
||||
dbVersionKey = []byte("version")
|
||||
boltBuckets = [][]byte{usersBucket, groupsBucket, foldersBucket, adminsBucket, apiKeysBucket,
|
||||
sharesBucket, actionsBucket, rulesBucket, dbVersionBucket}
|
||||
sharesBucket, actionsBucket, rulesBucket, rolesBucket, dbVersionBucket}
|
||||
)
|
||||
|
||||
// BoltProvider defines the auth provider for bolt key/value store
|
||||
|
@ -105,7 +106,7 @@ func (p *BoltProvider) validateUserAndTLSCert(username, protocol string, tlsCert
|
|||
if tlsCert == nil {
|
||||
return user, errors.New("TLS certificate cannot be null or empty")
|
||||
}
|
||||
user, err := p.userExists(username)
|
||||
user, err := p.userExists(username, "")
|
||||
if err != nil {
|
||||
providerLog(logger.LevelWarn, "error authenticating user %#v: %v", username, err)
|
||||
return user, err
|
||||
|
@ -114,7 +115,7 @@ func (p *BoltProvider) validateUserAndTLSCert(username, protocol string, tlsCert
|
|||
}
|
||||
|
||||
func (p *BoltProvider) validateUserAndPass(username, password, ip, protocol string) (User, error) {
|
||||
user, err := p.userExists(username)
|
||||
user, err := p.userExists(username, "")
|
||||
if err != nil {
|
||||
providerLog(logger.LevelWarn, "error authenticating user %#v: %v", username, err)
|
||||
return user, err
|
||||
|
@ -137,7 +138,7 @@ func (p *BoltProvider) validateUserAndPubKey(username string, pubKey []byte, isS
|
|||
if len(pubKey) == 0 {
|
||||
return user, "", errors.New("credentials cannot be null or empty")
|
||||
}
|
||||
user, err := p.userExists(username)
|
||||
user, err := p.userExists(username, "")
|
||||
if err != nil {
|
||||
providerLog(logger.LevelWarn, "error authenticating user %#v: %v", username, err)
|
||||
return user, "", err
|
||||
|
@ -336,7 +337,7 @@ func (p *BoltProvider) updateQuota(username string, filesAdd int, sizeAdd int64,
|
|||
}
|
||||
|
||||
func (p *BoltProvider) getUsedQuota(username string) (int, int64, int64, int64, error) {
|
||||
user, err := p.userExists(username)
|
||||
user, err := p.userExists(username, "")
|
||||
if err != nil {
|
||||
providerLog(logger.LevelError, "unable to get quota for user %v error: %v", username, err)
|
||||
return 0, 0, 0, 0, err
|
||||
|
@ -376,8 +377,12 @@ func (p *BoltProvider) addAdmin(admin *Admin) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
rolesBucket, err := p.getRolesBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if a := bucket.Get([]byte(admin.Username)); a != nil {
|
||||
return fmt.Errorf("admin %v already exists", admin.Username)
|
||||
return fmt.Errorf("admin %q already exists", admin.Username)
|
||||
}
|
||||
id, err := bucket.NextSequence()
|
||||
if err != nil {
|
||||
|
@ -393,6 +398,10 @@ func (p *BoltProvider) addAdmin(admin *Admin) error {
|
|||
return err
|
||||
}
|
||||
}
|
||||
if err = p.addAdminToRole(admin.Username, admin.Role, rolesBucket); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
buf, err := json.Marshal(admin)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -415,6 +424,10 @@ func (p *BoltProvider) updateAdmin(admin *Admin) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
rolesBucket, err := p.getRolesBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
var a []byte
|
||||
if a = bucket.Get([]byte(admin.Username)); a == nil {
|
||||
return util.NewRecordNotFoundError(fmt.Sprintf("admin %v does not exist", admin.Username))
|
||||
|
@ -425,12 +438,18 @@ func (p *BoltProvider) updateAdmin(admin *Admin) error {
|
|||
return err
|
||||
}
|
||||
|
||||
if err = p.removeAdminFromRole(oldAdmin.Username, oldAdmin.Role, rolesBucket); err != nil {
|
||||
return err
|
||||
}
|
||||
for idx := range oldAdmin.Groups {
|
||||
err = p.removeAdminFromGroupMapping(oldAdmin.Username, oldAdmin.Groups[idx].Name, groupBucket)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if err = p.addAdminToRole(admin.Username, admin.Role, rolesBucket); err != nil {
|
||||
return err
|
||||
}
|
||||
for idx := range admin.Groups {
|
||||
err = p.addAdminToGroupMapping(admin.Username, admin.Groups[idx].Name, groupBucket)
|
||||
if err != nil {
|
||||
|
@ -477,6 +496,15 @@ func (p *BoltProvider) deleteAdmin(admin Admin) error {
|
|||
}
|
||||
}
|
||||
}
|
||||
if oldAdmin.Role != "" {
|
||||
rolesBucket, err := p.getRolesBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err = p.removeAdminFromRole(oldAdmin.Username, oldAdmin.Role, rolesBucket); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if err := p.deleteRelatedAPIKey(tx, admin.Username, APIKeyScopeAdmin); err != nil {
|
||||
return err
|
||||
|
@ -560,7 +588,7 @@ func (p *BoltProvider) dumpAdmins() ([]Admin, error) {
|
|||
return admins, err
|
||||
}
|
||||
|
||||
func (p *BoltProvider) userExists(username string) (User, error) {
|
||||
func (p *BoltProvider) userExists(username, role string) (User, error) {
|
||||
var user User
|
||||
err := p.dbHandle.View(func(tx *bolt.Tx) error {
|
||||
bucket, err := p.getUsersBucket(tx)
|
||||
|
@ -569,14 +597,20 @@ func (p *BoltProvider) userExists(username string) (User, error) {
|
|||
}
|
||||
u := bucket.Get([]byte(username))
|
||||
if u == nil {
|
||||
return util.NewRecordNotFoundError(fmt.Sprintf("username %#v does not exist", username))
|
||||
return util.NewRecordNotFoundError(fmt.Sprintf("username %q does not exist", username))
|
||||
}
|
||||
foldersBucket, err := p.getFoldersBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
user, err = p.joinUserAndFolders(u, foldersBucket)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !user.hasRole(role) {
|
||||
return util.NewRecordNotFoundError(fmt.Sprintf("username %q does not exist", username))
|
||||
}
|
||||
return nil
|
||||
})
|
||||
return user, err
|
||||
}
|
||||
|
@ -599,6 +633,10 @@ func (p *BoltProvider) addUser(user *User) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
rolesBucket, err := p.getRolesBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if u := bucket.Get([]byte(user.Username)); u != nil {
|
||||
return fmt.Errorf("username %v already exists", user.Username)
|
||||
}
|
||||
|
@ -617,6 +655,9 @@ func (p *BoltProvider) addUser(user *User) error {
|
|||
user.FirstUpload = 0
|
||||
user.CreatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
|
||||
user.UpdatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
|
||||
if err := p.addUserToRole(user.Username, user.Role, rolesBucket); err != nil {
|
||||
return err
|
||||
}
|
||||
for idx := range user.VirtualFolders {
|
||||
err = p.addRelationToFolderMapping(&user.VirtualFolders[idx].BaseVirtualFolder, user, nil, foldersBucket)
|
||||
if err != nil {
|
||||
|
@ -689,6 +730,18 @@ func (p *BoltProvider) deleteUser(user User, softDelete bool) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
foldersBucket, err := p.getFoldersBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
groupBucket, err := p.getGroupsBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
rolesBucket, err := p.getRolesBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
var u []byte
|
||||
if u = bucket.Get([]byte(user.Username)); u == nil {
|
||||
return util.NewRecordNotFoundError(fmt.Sprintf("username %q does not exist", user.Username))
|
||||
|
@ -698,10 +751,7 @@ func (p *BoltProvider) deleteUser(user User, softDelete bool) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if len(oldUser.VirtualFolders) > 0 {
|
||||
foldersBucket, err := p.getFoldersBucket(tx)
|
||||
if err != nil {
|
||||
if err := p.removeUserFromRole(oldUser.Username, oldUser.Role, rolesBucket); err != nil {
|
||||
return err
|
||||
}
|
||||
for idx := range oldUser.VirtualFolders {
|
||||
|
@ -710,19 +760,12 @@ func (p *BoltProvider) deleteUser(user User, softDelete bool) error {
|
|||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
if len(oldUser.Groups) > 0 {
|
||||
groupBucket, err := p.getGroupsBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for idx := range oldUser.Groups {
|
||||
err = p.removeUserFromGroupMapping(oldUser.Username, oldUser.Groups[idx].Name, groupBucket)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
if err := p.deleteRelatedAPIKey(tx, user.Username, APIKeyScopeUser); err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -901,7 +944,7 @@ func (p *BoltProvider) getUsersForQuotaCheck(toFetch map[string]bool) ([]User, e
|
|||
return users, err
|
||||
}
|
||||
|
||||
func (p *BoltProvider) getUsers(limit int, offset int, order string) ([]User, error) {
|
||||
func (p *BoltProvider) getUsers(limit int, offset int, order, role string) ([]User, error) {
|
||||
users := make([]User, 0, limit)
|
||||
var err error
|
||||
if limit <= 0 {
|
||||
|
@ -928,6 +971,9 @@ func (p *BoltProvider) getUsers(limit int, offset int, order string) ([]User, er
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !user.hasRole(role) {
|
||||
continue
|
||||
}
|
||||
user.PrepareForRendering()
|
||||
users = append(users, user)
|
||||
if len(users) >= limit {
|
||||
|
@ -944,6 +990,9 @@ func (p *BoltProvider) getUsers(limit int, offset int, order string) ([]User, er
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !user.hasRole(role) {
|
||||
continue
|
||||
}
|
||||
user.PrepareForRendering()
|
||||
users = append(users, user)
|
||||
if len(users) >= limit {
|
||||
|
@ -2519,6 +2568,187 @@ func (*BoltProvider) cleanupNodes() error {
|
|||
return ErrNotImplemented
|
||||
}
|
||||
|
||||
func (p *BoltProvider) roleExists(name string) (Role, error) {
|
||||
var role Role
|
||||
err := p.dbHandle.View(func(tx *bolt.Tx) error {
|
||||
bucket, err := p.getRolesBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
r := bucket.Get([]byte(name))
|
||||
if r == nil {
|
||||
return util.NewRecordNotFoundError(fmt.Sprintf("role %q does not exist", name))
|
||||
}
|
||||
return json.Unmarshal(r, &role)
|
||||
})
|
||||
return role, err
|
||||
}
|
||||
|
||||
func (p *BoltProvider) addRole(role *Role) error {
|
||||
if err := role.validate(); err != nil {
|
||||
return err
|
||||
}
|
||||
return p.dbHandle.Update(func(tx *bolt.Tx) error {
|
||||
bucket, err := p.getRolesBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if r := bucket.Get([]byte(role.Name)); r != nil {
|
||||
return fmt.Errorf("role %q already exists", role.Name)
|
||||
}
|
||||
id, err := bucket.NextSequence()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
role.ID = int64(id)
|
||||
role.CreatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
|
||||
role.UpdatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
|
||||
role.Users = nil
|
||||
role.Admins = nil
|
||||
buf, err := json.Marshal(role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return bucket.Put([]byte(role.Name), buf)
|
||||
})
|
||||
}
|
||||
|
||||
func (p *BoltProvider) updateRole(role *Role) error {
|
||||
if err := role.validate(); err != nil {
|
||||
return err
|
||||
}
|
||||
return p.dbHandle.Update(func(tx *bolt.Tx) error {
|
||||
bucket, err := p.getRolesBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
var r []byte
|
||||
if r = bucket.Get([]byte(role.Name)); r == nil {
|
||||
return fmt.Errorf("role %q does not exist", role.Name)
|
||||
}
|
||||
var oldRole Role
|
||||
err = json.Unmarshal(r, &oldRole)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
role.ID = oldRole.ID
|
||||
role.CreatedAt = oldRole.CreatedAt
|
||||
role.UpdatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
|
||||
role.Users = oldRole.Users
|
||||
role.Admins = oldRole.Admins
|
||||
buf, err := json.Marshal(role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return bucket.Put([]byte(role.Name), buf)
|
||||
})
|
||||
}
|
||||
|
||||
func (p *BoltProvider) deleteRole(role Role) error {
|
||||
return p.dbHandle.Update(func(tx *bolt.Tx) error {
|
||||
bucket, err := p.getRolesBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
var r []byte
|
||||
if r = bucket.Get([]byte(role.Name)); r == nil {
|
||||
return fmt.Errorf("role %q does not exist", role.Name)
|
||||
}
|
||||
var oldRole Role
|
||||
err = json.Unmarshal(r, &oldRole)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if len(oldRole.Admins) > 0 {
|
||||
return util.NewValidationError(fmt.Sprintf("the role %q is referenced, it cannot be removed", oldRole.Name))
|
||||
}
|
||||
if len(oldRole.Users) > 0 {
|
||||
bucket, err := p.getUsersBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, username := range oldRole.Users {
|
||||
if err := p.removeRoleFromUser(username, oldRole.Name, bucket); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return bucket.Delete([]byte(role.Name))
|
||||
})
|
||||
}
|
||||
|
||||
func (p *BoltProvider) getRoles(limit int, offset int, order string, minimal bool) ([]Role, error) {
|
||||
roles := make([]Role, 0, limit)
|
||||
if limit <= 0 {
|
||||
return roles, nil
|
||||
}
|
||||
err := p.dbHandle.View(func(tx *bolt.Tx) error {
|
||||
bucket, err := p.getRolesBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
cursor := bucket.Cursor()
|
||||
itNum := 0
|
||||
if order == OrderASC {
|
||||
for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
|
||||
itNum++
|
||||
if itNum <= offset {
|
||||
continue
|
||||
}
|
||||
var role Role
|
||||
err = json.Unmarshal(v, &role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
roles = append(roles, role)
|
||||
if len(roles) >= limit {
|
||||
break
|
||||
}
|
||||
}
|
||||
} else {
|
||||
for k, v := cursor.Last(); k != nil; k, v = cursor.Prev() {
|
||||
itNum++
|
||||
if itNum <= offset {
|
||||
continue
|
||||
}
|
||||
var role Role
|
||||
err = json.Unmarshal(v, &role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
roles = append(roles, role)
|
||||
if len(roles) >= limit {
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
})
|
||||
return roles, err
|
||||
}
|
||||
|
||||
func (p *BoltProvider) dumpRoles() ([]Role, error) {
|
||||
roles := make([]Role, 0, 10)
|
||||
err := p.dbHandle.View(func(tx *bolt.Tx) error {
|
||||
bucket, err := p.getRolesBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
cursor := bucket.Cursor()
|
||||
for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
|
||||
var role Role
|
||||
err = json.Unmarshal(v, &role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
roles = append(roles, role)
|
||||
}
|
||||
return err
|
||||
})
|
||||
return roles, err
|
||||
}
|
||||
|
||||
func (p *BoltProvider) setFirstDownloadTimestamp(username string) error {
|
||||
return p.dbHandle.Update(func(tx *bolt.Tx) error {
|
||||
bucket, err := p.getUsersBucket(tx)
|
||||
|
@ -2603,6 +2833,10 @@ func (p *BoltProvider) migrateDatabase() error {
|
|||
providerLog(logger.LevelError, "%v", err)
|
||||
logger.ErrorToConsole("%v", err)
|
||||
return err
|
||||
case version == 23:
|
||||
logger.InfoToConsole(fmt.Sprintf("updating database schema version: %d -> 24", version))
|
||||
providerLog(logger.LevelInfo, "updating database schema version: %d -> 24", version)
|
||||
return updateBoltDatabaseVersion(p.dbHandle, 24)
|
||||
default:
|
||||
if version > boltDatabaseVersion {
|
||||
providerLog(logger.LevelError, "database schema version %d is newer than the supported one: %d", version,
|
||||
|
@ -2624,6 +2858,44 @@ func (p *BoltProvider) revertDatabase(targetVersion int) error {
|
|||
return errors.New("current version match target version, nothing to do")
|
||||
}
|
||||
switch dbVersion.Version {
|
||||
case 24:
|
||||
logger.InfoToConsole("downgrading database schema version: %d -> 23", dbVersion.Version)
|
||||
providerLog(logger.LevelInfo, "downgrading database schema version: %d -> 23", dbVersion.Version)
|
||||
err := p.dbHandle.Update(func(tx *bolt.Tx) error {
|
||||
roles, err := p.dumpRoles()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
adminsBucket, err := p.getAdminsBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
usersBucket, err := p.getUsersBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, role := range roles {
|
||||
for _, admin := range role.Admins {
|
||||
if err := p.removeRoleFromAdmin(admin, role.Name, adminsBucket); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
for _, user := range role.Users {
|
||||
if err := p.removeRoleFromUser(user, role.Name, usersBucket); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
err = tx.DeleteBucket(rolesBucket)
|
||||
if err != nil && !errors.Is(err, bolt.ErrBucketNotFound) {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return updateBoltDatabaseVersion(p.dbHandle, 23)
|
||||
default:
|
||||
return fmt.Errorf("database schema version not handled: %v", dbVersion.Version)
|
||||
}
|
||||
|
@ -2748,6 +3020,163 @@ func (p *BoltProvider) addFolderInternal(folder vfs.BaseVirtualFolder, bucket *b
|
|||
return bucket.Put([]byte(folder.Name), buf)
|
||||
}
|
||||
|
||||
func (p *BoltProvider) removeRoleFromUser(username, role string, bucket *bolt.Bucket) error {
|
||||
u := bucket.Get([]byte(username))
|
||||
if u == nil {
|
||||
providerLog(logger.LevelWarn, "user %q does not exist, cannot remove role %q", username, role)
|
||||
return nil
|
||||
}
|
||||
var user User
|
||||
err := json.Unmarshal(u, &user)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if user.Role == role {
|
||||
user.Role = ""
|
||||
buf, err := json.Marshal(user)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return bucket.Put([]byte(user.Username), buf)
|
||||
}
|
||||
providerLog(logger.LevelError, "user %q does not have the expected role %q, actual %q", username, role, user.Role)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *BoltProvider) removeRoleFromAdmin(username, role string, bucket *bolt.Bucket) error {
|
||||
a := bucket.Get([]byte(username))
|
||||
if a == nil {
|
||||
providerLog(logger.LevelWarn, "admin %q does not exist, cannot remove role %q", username, role)
|
||||
return nil
|
||||
}
|
||||
var admin Admin
|
||||
err := json.Unmarshal(a, &admin)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if admin.Role == role {
|
||||
admin.Role = ""
|
||||
buf, err := json.Marshal(admin)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return bucket.Put([]byte(admin.Username), buf)
|
||||
}
|
||||
providerLog(logger.LevelError, "admin %q does not have the expected role %q, actual %q", username, role, admin.Role)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *BoltProvider) addAdminToRole(username, roleName string, bucket *bolt.Bucket) error {
|
||||
if roleName == "" {
|
||||
return nil
|
||||
}
|
||||
r := bucket.Get([]byte(roleName))
|
||||
if r == nil {
|
||||
return util.NewGenericError(fmt.Sprintf("role %q does not exist", roleName))
|
||||
}
|
||||
var role Role
|
||||
err := json.Unmarshal(r, &role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !util.Contains(role.Admins, username) {
|
||||
role.Admins = append(role.Admins, username)
|
||||
buf, err := json.Marshal(role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return bucket.Put([]byte(role.Name), buf)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *BoltProvider) removeAdminFromRole(username, roleName string, bucket *bolt.Bucket) error {
|
||||
if roleName == "" {
|
||||
return nil
|
||||
}
|
||||
r := bucket.Get([]byte(roleName))
|
||||
if r == nil {
|
||||
providerLog(logger.LevelWarn, "role %q does not exist, cannot remove admin %q", roleName, username)
|
||||
return nil
|
||||
}
|
||||
var role Role
|
||||
err := json.Unmarshal(r, &role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if util.Contains(role.Admins, username) {
|
||||
var admins []string
|
||||
for _, admin := range role.Admins {
|
||||
if admin != username {
|
||||
admins = append(admins, admin)
|
||||
}
|
||||
}
|
||||
role.Admins = util.RemoveDuplicates(admins, false)
|
||||
buf, err := json.Marshal(role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return bucket.Put([]byte(role.Name), buf)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *BoltProvider) addUserToRole(username, roleName string, bucket *bolt.Bucket) error {
|
||||
if roleName == "" {
|
||||
return nil
|
||||
}
|
||||
r := bucket.Get([]byte(roleName))
|
||||
if r == nil {
|
||||
return util.NewGenericError(fmt.Sprintf("role %q does not exist", roleName))
|
||||
}
|
||||
var role Role
|
||||
err := json.Unmarshal(r, &role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !util.Contains(role.Users, username) {
|
||||
role.Users = append(role.Users, username)
|
||||
buf, err := json.Marshal(role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return bucket.Put([]byte(role.Name), buf)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *BoltProvider) removeUserFromRole(username, roleName string, bucket *bolt.Bucket) error {
|
||||
if roleName == "" {
|
||||
return nil
|
||||
}
|
||||
r := bucket.Get([]byte(roleName))
|
||||
if r == nil {
|
||||
providerLog(logger.LevelWarn, "role %q does not exist, cannot remove admin %q", roleName, username)
|
||||
return nil
|
||||
}
|
||||
var role Role
|
||||
err := json.Unmarshal(r, &role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if util.Contains(role.Users, username) {
|
||||
var users []string
|
||||
for _, user := range role.Users {
|
||||
if user != username {
|
||||
users = append(users, user)
|
||||
}
|
||||
}
|
||||
users = util.RemoveDuplicates(users, false)
|
||||
role.Users = users
|
||||
buf, err := json.Marshal(role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return bucket.Put([]byte(role.Name), buf)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *BoltProvider) addRuleToActionMapping(ruleName, actionName string, bucket *bolt.Bucket) error {
|
||||
a := bucket.Get([]byte(actionName))
|
||||
if a == nil {
|
||||
|
@ -3000,7 +3429,11 @@ func (p *BoltProvider) updateUserRelations(tx *bolt.Tx, user *User, oldUser User
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
groupBucket, err := p.getGroupsBucket(tx)
|
||||
groupsBucket, err := p.getGroupsBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
rolesBucket, err := p.getRolesBucket(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -3011,11 +3444,14 @@ func (p *BoltProvider) updateUserRelations(tx *bolt.Tx, user *User, oldUser User
|
|||
}
|
||||
}
|
||||
for idx := range oldUser.Groups {
|
||||
err = p.removeUserFromGroupMapping(user.Username, oldUser.Groups[idx].Name, groupBucket)
|
||||
err = p.removeUserFromGroupMapping(user.Username, oldUser.Groups[idx].Name, groupsBucket)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if err = p.removeUserFromRole(oldUser.Username, oldUser.Role, rolesBucket); err != nil {
|
||||
return err
|
||||
}
|
||||
for idx := range user.VirtualFolders {
|
||||
err = p.addRelationToFolderMapping(&user.VirtualFolders[idx].BaseVirtualFolder, user, nil, foldersBucket)
|
||||
if err != nil {
|
||||
|
@ -3023,12 +3459,12 @@ func (p *BoltProvider) updateUserRelations(tx *bolt.Tx, user *User, oldUser User
|
|||
}
|
||||
}
|
||||
for idx := range user.Groups {
|
||||
err = p.addUserToGroupMapping(user.Username, user.Groups[idx].Name, groupBucket)
|
||||
err = p.addUserToGroupMapping(user.Username, user.Groups[idx].Name, groupsBucket)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
return p.addUserToRole(user.Username, user.Role, rolesBucket)
|
||||
}
|
||||
|
||||
func (p *BoltProvider) adminExistsInternal(tx *bolt.Tx, username string) error {
|
||||
|
@ -3163,6 +3599,15 @@ func (p *BoltProvider) getGroupsBucket(tx *bolt.Tx) (*bolt.Bucket, error) {
|
|||
return bucket, err
|
||||
}
|
||||
|
||||
func (p *BoltProvider) getRolesBucket(tx *bolt.Tx) (*bolt.Bucket, error) {
|
||||
var err error
|
||||
bucket := tx.Bucket(rolesBucket)
|
||||
if bucket == nil {
|
||||
err = fmt.Errorf("unable to find roles bucket, bolt database structure not correcly defined")
|
||||
}
|
||||
return bucket, err
|
||||
}
|
||||
|
||||
func (p *BoltProvider) getFoldersBucket(tx *bolt.Tx) (*bolt.Bucket, error) {
|
||||
var err error
|
||||
bucket := tx.Bucket(foldersBucket)
|
||||
|
@ -3209,7 +3654,7 @@ func getBoltDatabaseVersion(dbHandle *bolt.DB) (schemaVersion, error) {
|
|||
return dbVersion, err
|
||||
}
|
||||
|
||||
/*func updateBoltDatabaseVersion(dbHandle *bolt.DB, version int) error {
|
||||
func updateBoltDatabaseVersion(dbHandle *bolt.DB, version int) error {
|
||||
err := dbHandle.Update(func(tx *bolt.Tx) error {
|
||||
bucket := tx.Bucket(dbVersionBucket)
|
||||
if bucket == nil {
|
||||
|
@ -3225,4 +3670,4 @@ func getBoltDatabaseVersion(dbHandle *bolt.DB) (schemaVersion, error) {
|
|||
return bucket.Put(dbVersionKey, buf)
|
||||
})
|
||||
return err
|
||||
}*/
|
||||
}
|
||||
|
|
|
@ -87,7 +87,7 @@ const (
|
|||
CockroachDataProviderName = "cockroachdb"
|
||||
// DumpVersion defines the version for the dump.
|
||||
// For restore/load we support the current version and the previous one
|
||||
DumpVersion = 13
|
||||
DumpVersion = 14
|
||||
|
||||
argonPwdPrefix = "$argon2id$"
|
||||
bcryptPwdPrefix = "$2a$"
|
||||
|
@ -190,6 +190,7 @@ var (
|
|||
sqlTableRulesActionsMapping string
|
||||
sqlTableTasks string
|
||||
sqlTableNodes string
|
||||
sqlTableRoles string
|
||||
sqlTableSchemaVersion string
|
||||
argon2Params *argon2id.Params
|
||||
lastLoginMinDelay = 10 * time.Minute
|
||||
|
@ -221,6 +222,7 @@ func initSQLTables() {
|
|||
sqlTableRulesActionsMapping = "rules_actions_mapping"
|
||||
sqlTableTasks = "tasks"
|
||||
sqlTableNodes = "nodes"
|
||||
sqlTableRoles = "roles"
|
||||
sqlTableSchemaVersion = "schema_version"
|
||||
}
|
||||
|
||||
|
@ -660,6 +662,7 @@ type BackupData struct {
|
|||
Shares []Share `json:"shares"`
|
||||
EventActions []BaseEventAction `json:"event_actions"`
|
||||
EventRules []EventRule `json:"event_rules"`
|
||||
Roles []Role `json:"roles"`
|
||||
Version int `json:"version"`
|
||||
}
|
||||
|
||||
|
@ -706,12 +709,12 @@ type Provider interface {
|
|||
updateQuota(username string, filesAdd int, sizeAdd int64, reset bool) error
|
||||
updateTransferQuota(username string, uploadSize, downloadSize int64, reset bool) error
|
||||
getUsedQuota(username string) (int, int64, int64, int64, error)
|
||||
userExists(username string) (User, error)
|
||||
userExists(username, role string) (User, error)
|
||||
addUser(user *User) error
|
||||
updateUser(user *User) error
|
||||
deleteUser(user User, softDelete bool) error
|
||||
updateUserPassword(username, password string) error
|
||||
getUsers(limit int, offset int, order string) ([]User, error)
|
||||
getUsers(limit int, offset int, order, role string) ([]User, error)
|
||||
dumpUsers() ([]User, error)
|
||||
getRecentlyUpdatedUsers(after int64) ([]User, error)
|
||||
getUsersForQuotaCheck(toFetch map[string]bool) ([]User, error)
|
||||
|
@ -796,6 +799,12 @@ type Provider interface {
|
|||
getNodes() ([]Node, error)
|
||||
updateNodeTimestamp() error
|
||||
cleanupNodes() error
|
||||
roleExists(name string) (Role, error)
|
||||
addRole(role *Role) error
|
||||
updateRole(role *Role) error
|
||||
deleteRole(role Role) error
|
||||
getRoles(limit int, offset int, order string, minimal bool) ([]Role, error)
|
||||
dumpRoles() ([]Role, error)
|
||||
checkAvailability() error
|
||||
close() error
|
||||
reloadConfig() error
|
||||
|
@ -974,16 +983,17 @@ func validateSQLTablesPrefix() error {
|
|||
sqlTableRulesActionsMapping = config.SQLTablesPrefix + sqlTableRulesActionsMapping
|
||||
sqlTableTasks = config.SQLTablesPrefix + sqlTableTasks
|
||||
sqlTableNodes = config.SQLTablesPrefix + sqlTableNodes
|
||||
sqlTableRoles = config.SQLTablesPrefix + sqlTableRoles
|
||||
sqlTableSchemaVersion = config.SQLTablesPrefix + sqlTableSchemaVersion
|
||||
providerLog(logger.LevelDebug, "sql table for users %q, folders %q users folders mapping %q admins %q "+
|
||||
"api keys %q shares %q defender hosts %q defender events %q transfers %q groups %q "+
|
||||
"users groups mapping %q admins groups mapping %q groups folders mapping %q shared sessions %q "+
|
||||
"schema version %q events actions %q events rules %q rules actions mapping %q tasks %q nodes %q",
|
||||
"schema version %q events actions %q events rules %q rules actions mapping %q tasks %q nodes %q roles %q",
|
||||
sqlTableUsers, sqlTableFolders, sqlTableUsersFoldersMapping, sqlTableAdmins, sqlTableAPIKeys,
|
||||
sqlTableShares, sqlTableDefenderHosts, sqlTableDefenderEvents, sqlTableActiveTransfers, sqlTableGroups,
|
||||
sqlTableUsersGroupsMapping, sqlTableAdminsGroupsMapping, sqlTableGroupsFoldersMapping, sqlTableSharedSessions,
|
||||
sqlTableSchemaVersion, sqlTableEventsActions, sqlTableEventsRules, sqlTableRulesActionsMapping,
|
||||
sqlTableTasks, sqlTableNodes)
|
||||
sqlTableTasks, sqlTableNodes, sqlTableRoles)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -1158,7 +1168,7 @@ func CheckUserBeforeTLSAuth(username, ip, protocol string, tlsCert *x509.Certifi
|
|||
err = user.LoadAndApplyGroupSettings()
|
||||
return user, err
|
||||
}
|
||||
user, err := UserExists(username)
|
||||
user, err := UserExists(username, "")
|
||||
if err != nil {
|
||||
return user, err
|
||||
}
|
||||
|
@ -1261,7 +1271,7 @@ func CheckKeyboardInteractiveAuth(username, authHook string, client ssh.Keyboard
|
|||
} else if config.PreLoginHook != "" {
|
||||
user, err = executePreLoginHook(username, SSHLoginMethodKeyboardInteractive, ip, protocol, nil)
|
||||
} else {
|
||||
user, err = provider.userExists(username)
|
||||
user, err = provider.userExists(username, "")
|
||||
}
|
||||
if err != nil {
|
||||
return user, err
|
||||
|
@ -1279,7 +1289,7 @@ func GetFTPPreAuthUser(username, ip string) (User, error) {
|
|||
if config.PreLoginHook != "" {
|
||||
user, err = executePreLoginHook(username, "", ip, protocolFTP, nil)
|
||||
} else {
|
||||
user, err = UserExists(username)
|
||||
user, err = UserExists(username, "")
|
||||
}
|
||||
if err != nil {
|
||||
return user, err
|
||||
|
@ -1298,7 +1308,7 @@ func GetUserAfterIDPAuth(username, ip, protocol string, oidcTokenFields *map[str
|
|||
if config.PreLoginHook != "" {
|
||||
user, err = executePreLoginHook(username, LoginMethodIDP, ip, protocol, oidcTokenFields)
|
||||
} else {
|
||||
user, err = UserExists(username)
|
||||
user, err = UserExists(username, "")
|
||||
}
|
||||
if err != nil {
|
||||
return user, err
|
||||
|
@ -1532,6 +1542,57 @@ func ShareExists(shareID, username string) (Share, error) {
|
|||
return provider.shareExists(shareID, username)
|
||||
}
|
||||
|
||||
// AddRole adds a new role
|
||||
func AddRole(role *Role, executor, ipAddress string) error {
|
||||
role.Name = config.convertName(role.Name)
|
||||
err := provider.addRole(role)
|
||||
if err == nil {
|
||||
executeAction(operationAdd, executor, ipAddress, actionObjectRole, role.Name, role)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
// UpdateRole updates an existing Role
|
||||
func UpdateRole(role *Role, executor, ipAddress string) error {
|
||||
err := provider.updateRole(role)
|
||||
if err == nil {
|
||||
executeAction(operationUpdate, executor, ipAddress, actionObjectRole, role.Name, role)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
// DeleteRole deletes an existing Role
|
||||
func DeleteRole(name string, executor, ipAddress string) error {
|
||||
name = config.convertName(name)
|
||||
role, err := provider.roleExists(name)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if len(role.Admins) > 0 {
|
||||
errorString := fmt.Sprintf("the role %q is referenced, it cannot be removed", role.Name)
|
||||
return util.NewValidationError(errorString)
|
||||
}
|
||||
err = provider.deleteRole(role)
|
||||
if err == nil {
|
||||
executeAction(operationDelete, executor, ipAddress, actionObjectRole, role.Name, &role)
|
||||
for _, user := range role.Users {
|
||||
provider.setUpdatedAt(user)
|
||||
u, err := provider.userExists(user, "")
|
||||
if err == nil {
|
||||
webDAVUsersCache.swap(&u)
|
||||
executeAction(operationUpdate, executor, ipAddress, actionObjectUser, u.Username, &u)
|
||||
}
|
||||
}
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
// RoleExists returns the Role with the given name if it exists
|
||||
func RoleExists(name string) (Role, error) {
|
||||
name = config.convertName(name)
|
||||
return provider.roleExists(name)
|
||||
}
|
||||
|
||||
// AddGroup adds a new group
|
||||
func AddGroup(group *Group, executor, ipAddress string) error {
|
||||
group.Name = config.convertName(group.Name)
|
||||
|
@ -1548,7 +1609,7 @@ func UpdateGroup(group *Group, users []string, executor, ipAddress string) error
|
|||
if err == nil {
|
||||
for _, user := range users {
|
||||
provider.setUpdatedAt(user)
|
||||
u, err := provider.userExists(user)
|
||||
u, err := provider.userExists(user, "")
|
||||
if err == nil {
|
||||
webDAVUsersCache.swap(&u)
|
||||
executeAction(operationUpdate, executor, ipAddress, actionObjectUser, u.Username, &u)
|
||||
|
@ -1569,14 +1630,14 @@ func DeleteGroup(name string, executor, ipAddress string) error {
|
|||
return err
|
||||
}
|
||||
if len(group.Users) > 0 {
|
||||
errorString := fmt.Sprintf("the group %#v is referenced, it cannot be removed", group.Name)
|
||||
errorString := fmt.Sprintf("the group %q is referenced, it cannot be removed", group.Name)
|
||||
return util.NewValidationError(errorString)
|
||||
}
|
||||
err = provider.deleteGroup(group)
|
||||
if err == nil {
|
||||
for _, user := range group.Users {
|
||||
provider.setUpdatedAt(user)
|
||||
u, err := provider.userExists(user)
|
||||
u, err := provider.userExists(user, "")
|
||||
if err == nil {
|
||||
executeAction(operationUpdate, executor, ipAddress, actionObjectUser, u.Username, &u)
|
||||
}
|
||||
|
@ -1840,16 +1901,16 @@ func AdminExists(username string) (Admin, error) {
|
|||
}
|
||||
|
||||
// UserExists checks if the given SFTPGo username exists, returns an error if no match is found
|
||||
func UserExists(username string) (User, error) {
|
||||
func UserExists(username, role string) (User, error) {
|
||||
username = config.convertName(username)
|
||||
return provider.userExists(username)
|
||||
return provider.userExists(username, role)
|
||||
}
|
||||
|
||||
// GetUserWithGroupSettings tries to return the user with the specified username
|
||||
// loading also the group settings
|
||||
func GetUserWithGroupSettings(username string) (User, error) {
|
||||
func GetUserWithGroupSettings(username, role string) (User, error) {
|
||||
username = config.convertName(username)
|
||||
user, err := provider.userExists(username)
|
||||
user, err := provider.userExists(username, role)
|
||||
if err != nil {
|
||||
return user, err
|
||||
}
|
||||
|
@ -1859,9 +1920,9 @@ func GetUserWithGroupSettings(username string) (User, error) {
|
|||
|
||||
// GetUserVariants tries to return the user with the specified username with and without
|
||||
// group settings applied
|
||||
func GetUserVariants(username string) (User, User, error) {
|
||||
func GetUserVariants(username, role string) (User, User, error) {
|
||||
username = config.convertName(username)
|
||||
user, err := provider.userExists(username)
|
||||
user, err := provider.userExists(username, role)
|
||||
if err != nil {
|
||||
return user, User{}, err
|
||||
}
|
||||
|
@ -1872,10 +1933,6 @@ func GetUserVariants(username string) (User, User, error) {
|
|||
|
||||
// AddUser adds a new SFTPGo user.
|
||||
func AddUser(user *User, executor, ipAddress string) error {
|
||||
user.Filters.RecoveryCodes = nil
|
||||
user.Filters.TOTPConfig = UserTOTPConfig{
|
||||
Enabled: false,
|
||||
}
|
||||
user.Username = config.convertName(user.Username)
|
||||
err := provider.addUser(user)
|
||||
if err == nil {
|
||||
|
@ -1914,9 +1971,9 @@ func UpdateUser(user *User, executor, ipAddress string) error {
|
|||
}
|
||||
|
||||
// DeleteUser deletes an existing SFTPGo user.
|
||||
func DeleteUser(username, executor, ipAddress string) error {
|
||||
func DeleteUser(username, executor, ipAddress, role string) error {
|
||||
username = config.convertName(username)
|
||||
user, err := provider.userExists(username)
|
||||
user, err := provider.userExists(username, role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -2028,14 +2085,19 @@ func GetAdmins(limit, offset int, order string) ([]Admin, error) {
|
|||
return provider.getAdmins(limit, offset, order)
|
||||
}
|
||||
|
||||
// GetRoles returns an array of roles respecting limit and offset
|
||||
func GetRoles(limit, offset int, order string, minimal bool) ([]Role, error) {
|
||||
return provider.getRoles(limit, offset, order, minimal)
|
||||
}
|
||||
|
||||
// GetGroups returns an array of groups respecting limit and offset
|
||||
func GetGroups(limit, offset int, order string, minimal bool) ([]Group, error) {
|
||||
return provider.getGroups(limit, offset, order, minimal)
|
||||
}
|
||||
|
||||
// GetUsers returns an array of users respecting limit and offset
|
||||
func GetUsers(limit, offset int, order string) ([]User, error) {
|
||||
return provider.getUsers(limit, offset, order)
|
||||
func GetUsers(limit, offset int, order, role string) ([]User, error) {
|
||||
return provider.getUsers(limit, offset, order, role)
|
||||
}
|
||||
|
||||
// GetUsersForQuotaCheck returns the users with the fields required for a quota check
|
||||
|
@ -2067,7 +2129,7 @@ func UpdateFolder(folder *vfs.BaseVirtualFolder, users []string, groups []string
|
|||
}
|
||||
for _, user := range users {
|
||||
provider.setUpdatedAt(user)
|
||||
u, err := provider.userExists(user)
|
||||
u, err := provider.userExists(user, "")
|
||||
if err == nil {
|
||||
webDAVUsersCache.swap(&u)
|
||||
executeAction(operationUpdate, executor, ipAddress, actionObjectUser, u.Username, &u)
|
||||
|
@ -2099,7 +2161,7 @@ func DeleteFolder(folderName, executor, ipAddress string) error {
|
|||
}
|
||||
for _, user := range users {
|
||||
provider.setUpdatedAt(user)
|
||||
u, err := provider.userExists(user)
|
||||
u, err := provider.userExists(user, "")
|
||||
if err == nil {
|
||||
executeAction(operationUpdate, executor, ipAddress, actionObjectUser, u.Username, &u)
|
||||
}
|
||||
|
@ -2166,6 +2228,10 @@ func DumpData() (BackupData, error) {
|
|||
if err != nil {
|
||||
return data, err
|
||||
}
|
||||
roles, err := provider.dumpRoles()
|
||||
if err != nil {
|
||||
return data, err
|
||||
}
|
||||
data.Users = users
|
||||
data.Groups = groups
|
||||
data.Folders = folders
|
||||
|
@ -2174,6 +2240,7 @@ func DumpData() (BackupData, error) {
|
|||
data.Shares = shares
|
||||
data.EventActions = actions
|
||||
data.EventRules = rules
|
||||
data.Roles = roles
|
||||
data.Version = DumpVersion
|
||||
return data, err
|
||||
}
|
||||
|
@ -2749,7 +2816,7 @@ func validateBaseParams(user *User) error {
|
|||
return util.NewValidationError(fmt.Sprintf("email %#v is not valid", user.Email))
|
||||
}
|
||||
if config.NamingRules&1 == 0 && !usernameRegex.MatchString(user.Username) {
|
||||
return util.NewValidationError(fmt.Sprintf("username %#v is not valid, the following characters are allowed: a-zA-Z0-9-_.~",
|
||||
return util.NewValidationError(fmt.Sprintf("username %q is not valid, the following characters are allowed: a-zA-Z0-9-_.~",
|
||||
user.Username))
|
||||
}
|
||||
if user.hasRedactedSecret() {
|
||||
|
@ -2821,7 +2888,7 @@ func ValidateFolder(folder *vfs.BaseVirtualFolder) error {
|
|||
return util.NewValidationError("folder name is mandatory")
|
||||
}
|
||||
if config.NamingRules&1 == 0 && !usernameRegex.MatchString(folder.Name) {
|
||||
return util.NewValidationError(fmt.Sprintf("folder name %#v is not valid, the following characters are allowed: a-zA-Z0-9-_.~",
|
||||
return util.NewValidationError(fmt.Sprintf("folder name %q is not valid, the following characters are allowed: a-zA-Z0-9-_.~",
|
||||
folder.Name))
|
||||
}
|
||||
if folder.FsConfig.Provider == sdk.LocalFilesystemProvider || folder.FsConfig.Provider == sdk.CryptedFilesystemProvider ||
|
||||
|
@ -3671,7 +3738,7 @@ func executePreLoginHook(username, loginMethod, ip, protocol string, oidcTokenFi
|
|||
}
|
||||
providerLog(logger.LevelDebug, "user %#v added/updated from pre-login hook response, id: %v", username, userID)
|
||||
if userID == 0 {
|
||||
return provider.userExists(username)
|
||||
return provider.userExists(username, "")
|
||||
}
|
||||
return u, nil
|
||||
}
|
||||
|
@ -3875,7 +3942,7 @@ func doExternalAuth(username, password string, pubKey []byte, keyboardInteractiv
|
|||
// returns "user" in both cases, so we use the username returned from
|
||||
// external auth and not the one used to login
|
||||
if user.Username != username {
|
||||
u, err = provider.userExists(user.Username)
|
||||
u, err = provider.userExists(user.Username, "")
|
||||
}
|
||||
if u.ID > 0 && err == nil {
|
||||
user.ID = u.ID
|
||||
|
@ -3903,7 +3970,7 @@ func doExternalAuth(username, password string, pubKey []byte, keyboardInteractiv
|
|||
if err != nil {
|
||||
return user, err
|
||||
}
|
||||
return provider.userExists(user.Username)
|
||||
return provider.userExists(user.Username, "")
|
||||
}
|
||||
|
||||
func doPluginAuth(username, password string, pubKey []byte, ip, protocol string,
|
||||
|
@ -3975,11 +4042,11 @@ func doPluginAuth(username, password string, pubKey []byte, ip, protocol string,
|
|||
if err != nil {
|
||||
return user, err
|
||||
}
|
||||
return provider.userExists(user.Username)
|
||||
return provider.userExists(user.Username, "")
|
||||
}
|
||||
|
||||
func getUserForHook(username string, oidcTokenFields *map[string]any) (User, User, error) {
|
||||
u, err := provider.userExists(username)
|
||||
u, err := provider.userExists(username, "")
|
||||
if err != nil {
|
||||
if _, ok := err.(*util.RecordNotFoundError); !ok {
|
||||
return u, u, err
|
||||
|
|
|
@ -138,7 +138,7 @@ func (g *Group) validate() error {
|
|||
return util.NewValidationError("name is mandatory")
|
||||
}
|
||||
if config.NamingRules&1 == 0 && !usernameRegex.MatchString(g.Name) {
|
||||
return util.NewValidationError(fmt.Sprintf("name %#v is not valid, the following characters are allowed: a-zA-Z0-9-_.~", g.Name))
|
||||
return util.NewValidationError(fmt.Sprintf("name %q is not valid, the following characters are allowed: a-zA-Z0-9-_.~", g.Name))
|
||||
}
|
||||
if g.hasRedactedSecret() {
|
||||
return util.NewValidationError("cannot save a user with a redacted secret")
|
||||
|
|
|
@ -70,6 +70,10 @@ type memoryProviderHandle struct {
|
|||
rules map[string]EventRule
|
||||
// slice with ordered rules
|
||||
rulesNames []string
|
||||
// map for roles, name is the key
|
||||
roles map[string]Role
|
||||
// slice with ordered roles
|
||||
roleNames []string
|
||||
}
|
||||
|
||||
// MemoryProvider defines the auth provider for a memory store
|
||||
|
@ -104,6 +108,8 @@ func initializeMemoryProvider(basePath string) {
|
|||
actionsNames: []string{},
|
||||
rules: make(map[string]EventRule),
|
||||
rulesNames: []string{},
|
||||
roles: map[string]Role{},
|
||||
roleNames: []string{},
|
||||
configFile: configFile,
|
||||
},
|
||||
}
|
||||
|
@ -137,7 +143,7 @@ func (p *MemoryProvider) validateUserAndTLSCert(username, protocol string, tlsCe
|
|||
if tlsCert == nil {
|
||||
return user, errors.New("TLS certificate cannot be null or empty")
|
||||
}
|
||||
user, err := p.userExists(username)
|
||||
user, err := p.userExists(username, "")
|
||||
if err != nil {
|
||||
providerLog(logger.LevelWarn, "error authenticating user %#v: %v", username, err)
|
||||
return user, err
|
||||
|
@ -146,7 +152,7 @@ func (p *MemoryProvider) validateUserAndTLSCert(username, protocol string, tlsCe
|
|||
}
|
||||
|
||||
func (p *MemoryProvider) validateUserAndPass(username, password, ip, protocol string) (User, error) {
|
||||
user, err := p.userExists(username)
|
||||
user, err := p.userExists(username, "")
|
||||
if err != nil {
|
||||
providerLog(logger.LevelWarn, "error authenticating user %#v: %v", username, err)
|
||||
return user, err
|
||||
|
@ -159,7 +165,7 @@ func (p *MemoryProvider) validateUserAndPubKey(username string, pubKey []byte, i
|
|||
if len(pubKey) == 0 {
|
||||
return user, "", errors.New("credentials cannot be null or empty")
|
||||
}
|
||||
user, err := p.userExists(username)
|
||||
user, err := p.userExists(username, "")
|
||||
if err != nil {
|
||||
providerLog(logger.LevelWarn, "error authenticating user %#v: %v", username, err)
|
||||
return user, "", err
|
||||
|
@ -317,7 +323,7 @@ func (p *MemoryProvider) addUser(user *User) error {
|
|||
|
||||
_, err = p.userExistsInternal(user.Username)
|
||||
if err == nil {
|
||||
return fmt.Errorf("username %#v already exists", user.Username)
|
||||
return fmt.Errorf("username %q already exists", user.Username)
|
||||
}
|
||||
user.ID = p.getNextID()
|
||||
user.LastQuotaUpdate = 0
|
||||
|
@ -330,6 +336,9 @@ func (p *MemoryProvider) addUser(user *User) error {
|
|||
user.FirstDownload = 0
|
||||
user.CreatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
|
||||
user.UpdatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
|
||||
if err := p.addUserToRole(user.Username, user.Role); err != nil {
|
||||
return err
|
||||
}
|
||||
var mappedGroups []string
|
||||
for idx := range user.Groups {
|
||||
if err = p.addUserToGroupMapping(user.Username, user.Groups[idx].Name); err != nil {
|
||||
|
@ -366,6 +375,15 @@ func (p *MemoryProvider) updateUser(user *User) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
p.removeUserFromRole(u.Username, u.Role)
|
||||
if err := p.addUserToRole(user.Username, user.Role); err != nil {
|
||||
// try ro add old role
|
||||
if errRollback := p.addUserToRole(u.Username, u.Role); errRollback != nil {
|
||||
providerLog(logger.LevelError, "unable to rollback old role %q for user %q, error: %v",
|
||||
u.Role, u.Username, errRollback)
|
||||
}
|
||||
return err
|
||||
}
|
||||
for idx := range u.Groups {
|
||||
p.removeUserFromGroupMapping(u.Username, u.Groups[idx].Name)
|
||||
}
|
||||
|
@ -412,6 +430,7 @@ func (p *MemoryProvider) deleteUser(user User, softDelete bool) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
p.removeUserFromRole(u.Username, u.Role)
|
||||
for _, oldFolder := range u.VirtualFolders {
|
||||
p.removeRelationFromFolderMapping(oldFolder.Name, u.Username, "")
|
||||
}
|
||||
|
@ -546,7 +565,7 @@ func (p *MemoryProvider) getUsersForQuotaCheck(toFetch map[string]bool) ([]User,
|
|||
return users, nil
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) getUsers(limit int, offset int, order string) ([]User, error) {
|
||||
func (p *MemoryProvider) getUsers(limit int, offset int, order, role string) ([]User, error) {
|
||||
users := make([]User, 0, limit)
|
||||
var err error
|
||||
p.dbHandle.Lock()
|
||||
|
@ -566,6 +585,9 @@ func (p *MemoryProvider) getUsers(limit int, offset int, order string) ([]User,
|
|||
}
|
||||
u := p.dbHandle.users[username]
|
||||
user := u.getACopy()
|
||||
if !user.hasRole(role) {
|
||||
continue
|
||||
}
|
||||
p.addVirtualFoldersToUser(&user)
|
||||
user.PrepareForRendering()
|
||||
users = append(users, user)
|
||||
|
@ -582,6 +604,9 @@ func (p *MemoryProvider) getUsers(limit int, offset int, order string) ([]User,
|
|||
username := p.dbHandle.usernames[i]
|
||||
u := p.dbHandle.users[username]
|
||||
user := u.getACopy()
|
||||
if !user.hasRole(role) {
|
||||
continue
|
||||
}
|
||||
p.addVirtualFoldersToUser(&user)
|
||||
user.PrepareForRendering()
|
||||
users = append(users, user)
|
||||
|
@ -593,7 +618,7 @@ func (p *MemoryProvider) getUsers(limit int, offset int, order string) ([]User,
|
|||
return users, err
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) userExists(username string) (User, error) {
|
||||
func (p *MemoryProvider) userExists(username, role string) (User, error) {
|
||||
p.dbHandle.Lock()
|
||||
defer p.dbHandle.Unlock()
|
||||
if p.dbHandle.isClosed {
|
||||
|
@ -603,6 +628,9 @@ func (p *MemoryProvider) userExists(username string) (User, error) {
|
|||
if err != nil {
|
||||
return user, err
|
||||
}
|
||||
if !user.hasRole(role) {
|
||||
return User{}, util.NewRecordNotFoundError(fmt.Sprintf("username %q does not exist", username))
|
||||
}
|
||||
p.addVirtualFoldersToUser(&user)
|
||||
return user, nil
|
||||
}
|
||||
|
@ -635,6 +663,13 @@ func (p *MemoryProvider) ruleExistsInternal(name string) (EventRule, error) {
|
|||
return EventRule{}, util.NewRecordNotFoundError(fmt.Sprintf("event rule %q does not exist", name))
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) roleExistsInternal(name string) (Role, error) {
|
||||
if val, ok := p.dbHandle.roles[name]; ok {
|
||||
return val.getACopy(), nil
|
||||
}
|
||||
return Role{}, util.NewRecordNotFoundError(fmt.Sprintf("role %q does not exist", name))
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) addAdmin(admin *Admin) error {
|
||||
p.dbHandle.Lock()
|
||||
defer p.dbHandle.Unlock()
|
||||
|
@ -653,6 +688,9 @@ func (p *MemoryProvider) addAdmin(admin *Admin) error {
|
|||
admin.CreatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
|
||||
admin.UpdatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
|
||||
admin.LastLogin = 0
|
||||
if err := p.addAdminToRole(admin.Username, admin.Role); err != nil {
|
||||
return err
|
||||
}
|
||||
var mappedAdmins []string
|
||||
for idx := range admin.Groups {
|
||||
if err = p.addAdminToGroupMapping(admin.Username, admin.Groups[idx].Name); err != nil {
|
||||
|
@ -684,6 +722,15 @@ func (p *MemoryProvider) updateAdmin(admin *Admin) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
p.removeAdminFromRole(a.Username, a.Role)
|
||||
if err := p.addAdminToRole(admin.Username, admin.Role); err != nil {
|
||||
// try ro add old role
|
||||
if errRollback := p.addAdminToRole(a.Username, a.Role); errRollback != nil {
|
||||
providerLog(logger.LevelError, "unable to rollback old role %q for admin %q, error: %v",
|
||||
a.Role, a.Username, errRollback)
|
||||
}
|
||||
return err
|
||||
}
|
||||
for idx := range a.Groups {
|
||||
p.removeAdminFromGroupMapping(a.Username, a.Groups[idx].Name)
|
||||
}
|
||||
|
@ -717,6 +764,7 @@ func (p *MemoryProvider) deleteAdmin(admin Admin) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
p.removeAdminFromRole(a.Username, a.Role)
|
||||
for idx := range a.Groups {
|
||||
p.removeAdminFromGroupMapping(a.Username, a.Groups[idx].Name)
|
||||
}
|
||||
|
@ -1183,6 +1231,74 @@ func (p *MemoryProvider) removeUserFromGroupMapping(username, groupname string)
|
|||
p.dbHandle.groups[groupname] = g
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) addAdminToRole(username, role string) error {
|
||||
if role == "" {
|
||||
return nil
|
||||
}
|
||||
r, err := p.roleExistsInternal(role)
|
||||
if err != nil {
|
||||
return util.NewGenericError(fmt.Sprintf("role %q does not exist", role))
|
||||
}
|
||||
if !util.Contains(r.Admins, username) {
|
||||
r.Admins = append(r.Admins, username)
|
||||
p.dbHandle.roles[role] = r
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) removeAdminFromRole(username, role string) {
|
||||
if role == "" {
|
||||
return
|
||||
}
|
||||
r, err := p.roleExistsInternal(role)
|
||||
if err != nil {
|
||||
providerLog(logger.LevelWarn, "role %q does not exist, cannot remove admin %q", role, username)
|
||||
return
|
||||
}
|
||||
var admins []string
|
||||
for _, a := range r.Admins {
|
||||
if a != username {
|
||||
admins = append(admins, a)
|
||||
}
|
||||
}
|
||||
r.Admins = admins
|
||||
p.dbHandle.roles[role] = r
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) addUserToRole(username, role string) error {
|
||||
if role == "" {
|
||||
return nil
|
||||
}
|
||||
r, err := p.roleExistsInternal(role)
|
||||
if err != nil {
|
||||
return util.NewGenericError(fmt.Sprintf("role %q does not exist", role))
|
||||
}
|
||||
if !util.Contains(r.Users, username) {
|
||||
r.Users = append(r.Users, username)
|
||||
p.dbHandle.roles[role] = r
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) removeUserFromRole(username, role string) {
|
||||
if role == "" {
|
||||
return
|
||||
}
|
||||
r, err := p.roleExistsInternal(role)
|
||||
if err != nil {
|
||||
providerLog(logger.LevelWarn, "role %q does not exist, cannot remove user %q", role, username)
|
||||
return
|
||||
}
|
||||
var users []string
|
||||
for _, u := range r.Users {
|
||||
if u != username {
|
||||
users = append(users, u)
|
||||
}
|
||||
}
|
||||
r.Users = users
|
||||
p.dbHandle.roles[role] = r
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) joinUserVirtualFoldersFields(user *User) []vfs.VirtualFolder {
|
||||
var folders []vfs.VirtualFolder
|
||||
for idx := range user.VirtualFolders {
|
||||
|
@ -1714,7 +1830,7 @@ func (p *MemoryProvider) addShare(share *Share) error {
|
|||
|
||||
_, err = p.shareExistsInternal(share.ShareID, share.Username)
|
||||
if err == nil {
|
||||
return fmt.Errorf("share %#v already exists", share.ShareID)
|
||||
return fmt.Errorf("share %q already exists", share.ShareID)
|
||||
}
|
||||
if _, err := p.userExistsInternal(share.Username); err != nil {
|
||||
return util.NewValidationError(fmt.Sprintf("related user %#v does not exists", share.Username))
|
||||
|
@ -1753,7 +1869,7 @@ func (p *MemoryProvider) updateShare(share *Share) error {
|
|||
return err
|
||||
}
|
||||
if _, err := p.userExistsInternal(share.Username); err != nil {
|
||||
return util.NewValidationError(fmt.Sprintf("related user %#v does not exists", share.Username))
|
||||
return util.NewValidationError(fmt.Sprintf("related user %q does not exists", share.Username))
|
||||
}
|
||||
share.ID = s.ID
|
||||
share.ShareID = s.ShareID
|
||||
|
@ -2322,6 +2438,158 @@ func (*MemoryProvider) cleanupNodes() error {
|
|||
return ErrNotImplemented
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) roleExists(name string) (Role, error) {
|
||||
p.dbHandle.Lock()
|
||||
defer p.dbHandle.Unlock()
|
||||
if p.dbHandle.isClosed {
|
||||
return Role{}, errMemoryProviderClosed
|
||||
}
|
||||
role, err := p.roleExistsInternal(name)
|
||||
if err != nil {
|
||||
return role, err
|
||||
}
|
||||
return role, nil
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) addRole(role *Role) error {
|
||||
if err := role.validate(); err != nil {
|
||||
return err
|
||||
}
|
||||
p.dbHandle.Lock()
|
||||
defer p.dbHandle.Unlock()
|
||||
if p.dbHandle.isClosed {
|
||||
return errMemoryProviderClosed
|
||||
}
|
||||
|
||||
_, err := p.roleExistsInternal(role.Name)
|
||||
if err == nil {
|
||||
return fmt.Errorf("role %q already exists", role.Name)
|
||||
}
|
||||
role.ID = p.getNextRoleID()
|
||||
role.CreatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
|
||||
role.UpdatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
|
||||
role.Users = nil
|
||||
role.Admins = nil
|
||||
p.dbHandle.roles[role.Name] = role.getACopy()
|
||||
p.dbHandle.roleNames = append(p.dbHandle.roleNames, role.Name)
|
||||
sort.Strings(p.dbHandle.roleNames)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) updateRole(role *Role) error {
|
||||
if err := role.validate(); err != nil {
|
||||
return err
|
||||
}
|
||||
p.dbHandle.Lock()
|
||||
defer p.dbHandle.Unlock()
|
||||
if p.dbHandle.isClosed {
|
||||
return errMemoryProviderClosed
|
||||
}
|
||||
oldRole, err := p.roleExistsInternal(role.Name)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
role.ID = oldRole.ID
|
||||
role.CreatedAt = oldRole.CreatedAt
|
||||
role.UpdatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
|
||||
role.Users = oldRole.Users
|
||||
role.Admins = oldRole.Admins
|
||||
p.dbHandle.roles[role.Name] = role.getACopy()
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) deleteRole(role Role) error {
|
||||
p.dbHandle.Lock()
|
||||
defer p.dbHandle.Unlock()
|
||||
if p.dbHandle.isClosed {
|
||||
return errMemoryProviderClosed
|
||||
}
|
||||
oldRole, err := p.roleExistsInternal(role.Name)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if len(oldRole.Admins) > 0 {
|
||||
return util.NewValidationError(fmt.Sprintf("the role %q is referenced, it cannot be removed", oldRole.Name))
|
||||
}
|
||||
for _, username := range oldRole.Users {
|
||||
user, err := p.userExistsInternal(username)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
if user.Role == role.Name {
|
||||
user.Role = ""
|
||||
p.dbHandle.users[username] = user
|
||||
} else {
|
||||
providerLog(logger.LevelError, "user %q does not have the expected role %q, actual %q", username, role.Name, user.Role)
|
||||
}
|
||||
}
|
||||
delete(p.dbHandle.roles, role.Name)
|
||||
p.dbHandle.roleNames = make([]string, 0, len(p.dbHandle.roles))
|
||||
for name := range p.dbHandle.roles {
|
||||
p.dbHandle.roleNames = append(p.dbHandle.roleNames, name)
|
||||
}
|
||||
sort.Strings(p.dbHandle.roleNames)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) getRoles(limit int, offset int, order string, minimal bool) ([]Role, error) {
|
||||
p.dbHandle.Lock()
|
||||
defer p.dbHandle.Unlock()
|
||||
|
||||
if p.dbHandle.isClosed {
|
||||
return nil, errMemoryProviderClosed
|
||||
}
|
||||
if limit <= 0 {
|
||||
return nil, nil
|
||||
}
|
||||
roles := make([]Role, 0, 10)
|
||||
itNum := 0
|
||||
if order == OrderASC {
|
||||
for _, name := range p.dbHandle.roleNames {
|
||||
itNum++
|
||||
if itNum <= offset {
|
||||
continue
|
||||
}
|
||||
r := p.dbHandle.roles[name]
|
||||
role := r.getACopy()
|
||||
roles = append(roles, role)
|
||||
if len(roles) >= limit {
|
||||
break
|
||||
}
|
||||
}
|
||||
} else {
|
||||
for i := len(p.dbHandle.roleNames) - 1; i >= 0; i-- {
|
||||
itNum++
|
||||
if itNum <= offset {
|
||||
continue
|
||||
}
|
||||
name := p.dbHandle.roleNames[i]
|
||||
r := p.dbHandle.roles[name]
|
||||
role := r.getACopy()
|
||||
roles = append(roles, role)
|
||||
if len(roles) >= limit {
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
return roles, nil
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) dumpRoles() ([]Role, error) {
|
||||
p.dbHandle.Lock()
|
||||
defer p.dbHandle.Unlock()
|
||||
if p.dbHandle.isClosed {
|
||||
return nil, errMemoryProviderClosed
|
||||
}
|
||||
|
||||
roles := make([]Role, 0, len(p.dbHandle.roles))
|
||||
for _, name := range p.dbHandle.roleNames {
|
||||
r := p.dbHandle.roles[name]
|
||||
roles = append(roles, r.getACopy())
|
||||
}
|
||||
return roles, nil
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) setFirstDownloadTimestamp(username string) error {
|
||||
p.dbHandle.Lock()
|
||||
defer p.dbHandle.Unlock()
|
||||
|
@ -2333,7 +2601,7 @@ func (p *MemoryProvider) setFirstDownloadTimestamp(username string) error {
|
|||
return err
|
||||
}
|
||||
if user.FirstDownload > 0 {
|
||||
return util.NewGenericError(fmt.Sprintf("first download already set to %v",
|
||||
return util.NewGenericError(fmt.Sprintf("first download already set to %s",
|
||||
util.GetTimeFromMsecSinceEpoch(user.FirstDownload)))
|
||||
}
|
||||
user.FirstDownload = util.GetTimeAsMsSinceEpoch(time.Now())
|
||||
|
@ -2352,7 +2620,7 @@ func (p *MemoryProvider) setFirstUploadTimestamp(username string) error {
|
|||
return err
|
||||
}
|
||||
if user.FirstUpload > 0 {
|
||||
return util.NewGenericError(fmt.Sprintf("first upload already set to %v",
|
||||
return util.NewGenericError(fmt.Sprintf("first upload already set to %s",
|
||||
util.GetTimeFromMsecSinceEpoch(user.FirstUpload)))
|
||||
}
|
||||
user.FirstUpload = util.GetTimeAsMsSinceEpoch(time.Now())
|
||||
|
@ -2420,11 +2688,24 @@ func (p *MemoryProvider) getNextRuleID() int64 {
|
|||
return nextID
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) getNextRoleID() int64 {
|
||||
nextID := int64(1)
|
||||
for _, r := range p.dbHandle.roles {
|
||||
if r.ID >= nextID {
|
||||
nextID = r.ID + 1
|
||||
}
|
||||
}
|
||||
return nextID
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) clear() {
|
||||
p.dbHandle.Lock()
|
||||
defer p.dbHandle.Unlock()
|
||||
|
||||
p.dbHandle.usernames = []string{}
|
||||
p.dbHandle.users = make(map[string]User)
|
||||
p.dbHandle.groupnames = []string{}
|
||||
p.dbHandle.groups = map[string]Group{}
|
||||
p.dbHandle.vfoldersNames = []string{}
|
||||
p.dbHandle.vfolders = make(map[string]vfs.BaseVirtualFolder)
|
||||
p.dbHandle.admins = make(map[string]Admin)
|
||||
|
@ -2433,6 +2714,12 @@ func (p *MemoryProvider) clear() {
|
|||
p.dbHandle.apiKeysIDs = []string{}
|
||||
p.dbHandle.shares = make(map[string]Share)
|
||||
p.dbHandle.sharesIDs = []string{}
|
||||
p.dbHandle.actions = map[string]BaseEventAction{}
|
||||
p.dbHandle.actionsNames = []string{}
|
||||
p.dbHandle.rules = map[string]EventRule{}
|
||||
p.dbHandle.rulesNames = []string{}
|
||||
p.dbHandle.roles = map[string]Role{}
|
||||
p.dbHandle.roleNames = []string{}
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) reloadConfig() error {
|
||||
|
@ -2466,8 +2753,16 @@ func (p *MemoryProvider) reloadConfig() error {
|
|||
providerLog(logger.LevelError, "error loading dump: %v", err)
|
||||
return err
|
||||
}
|
||||
return p.restoreDump(dump)
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) restoreDump(dump BackupData) error {
|
||||
p.clear()
|
||||
|
||||
if err := p.restoreRoles(dump); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := p.restoreFolders(dump); err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -2619,6 +2914,31 @@ func (p *MemoryProvider) restoreAdmins(dump BackupData) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) restoreRoles(dump BackupData) error {
|
||||
for _, role := range dump.Roles {
|
||||
role := role // pin
|
||||
role.Name = config.convertName(role.Name)
|
||||
r, err := p.roleExists(role.Name)
|
||||
if err == nil {
|
||||
role.ID = r.ID
|
||||
err = UpdateRole(&role, ActionExecutorSystem, "")
|
||||
if err != nil {
|
||||
providerLog(logger.LevelError, "error updating role %q: %v", role.Name, err)
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
role.Admins = nil
|
||||
role.Users = nil
|
||||
err = AddRole(&role, ActionExecutorSystem, "")
|
||||
if err != nil {
|
||||
providerLog(logger.LevelError, "error adding role %q: %v", role.Name, err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *MemoryProvider) restoreGroups(dump BackupData) error {
|
||||
for _, group := range dump.Groups {
|
||||
group := group // pin
|
||||
|
@ -2671,7 +2991,7 @@ func (p *MemoryProvider) restoreUsers(dump BackupData) error {
|
|||
for _, user := range dump.Users {
|
||||
user := user // pin
|
||||
user.Username = config.convertName(user.Username)
|
||||
u, err := p.userExists(user.Username)
|
||||
u, err := p.userExists(user.Username, "")
|
||||
if err == nil {
|
||||
user.ID = u.ID
|
||||
err = UpdateUser(&user, ActionExecutorSystem, "")
|
||||
|
|
|
@ -57,6 +57,7 @@ const (
|
|||
"DROP TABLE IF EXISTS `{{events_rules}}` CASCADE;" +
|
||||
"DROP TABLE IF EXISTS `{{tasks}}` CASCADE;" +
|
||||
"DROP TABLE IF EXISTS `{{nodes}}` CASCADE;" +
|
||||
"DROP TABLE IF EXISTS `{{roles}}` CASCADE;" +
|
||||
"DROP TABLE IF EXISTS `{{schema_version}}` CASCADE;"
|
||||
mysqlInitialSQL = "CREATE TABLE `{{schema_version}}` (`id` integer AUTO_INCREMENT NOT NULL PRIMARY KEY, `version` integer NOT NULL);" +
|
||||
"CREATE TABLE `{{admins}}` (`id` integer AUTO_INCREMENT NOT NULL PRIMARY KEY, `username` varchar(255) NOT NULL UNIQUE, " +
|
||||
|
@ -171,6 +172,17 @@ const (
|
|||
"CREATE INDEX `{{prefix}}events_rules_trigger_idx` ON `{{events_rules}}` (`trigger`);" +
|
||||
"CREATE INDEX `{{prefix}}rules_actions_mapping_order_idx` ON `{{rules_actions_mapping}}` (`order`);" +
|
||||
"INSERT INTO {{schema_version}} (version) VALUES (23);"
|
||||
mysqlV24SQL = "CREATE TABLE `{{roles}}` (`id` integer AUTO_INCREMENT NOT NULL PRIMARY KEY, `name` varchar(255) NOT NULL UNIQUE, " +
|
||||
"`description` varchar(512) NULL, `created_at` bigint NOT NULL, `updated_at` bigint NOT NULL);" +
|
||||
"ALTER TABLE `{{admins}}` ADD COLUMN `role_id` integer NULL , " +
|
||||
"ADD CONSTRAINT `{{prefix}}admins_role_id_fk_roles_id` FOREIGN KEY (`role_id`) REFERENCES `{{roles}}`(`id`) ON DELETE NO ACTION;" +
|
||||
"ALTER TABLE `{{users}}` ADD COLUMN `role_id` integer NULL , " +
|
||||
"ADD CONSTRAINT `{{prefix}}users_role_id_fk_roles_id` FOREIGN KEY (`role_id`) REFERENCES `{{roles}}`(`id`) ON DELETE SET NULL;"
|
||||
mysqlV24DownSQL = "ALTER TABLE `{{users}}` DROP FOREIGN KEY `{{prefix}}users_role_id_fk_roles_id`;" +
|
||||
"ALTER TABLE `{{admins}}` DROP FOREIGN KEY `{{prefix}}admins_role_id_fk_roles_id`;" +
|
||||
"ALTER TABLE `{{users}}` DROP COLUMN `role_id`;" +
|
||||
"ALTER TABLE `{{admins}}` DROP COLUMN `role_id`;" +
|
||||
"DROP TABLE `{{roles}}` CASCADE;"
|
||||
)
|
||||
|
||||
// MySQLProvider defines the auth provider for MySQL/MariaDB database
|
||||
|
@ -312,8 +324,8 @@ func (p *MySQLProvider) updateAdminLastLogin(username string) error {
|
|||
return sqlCommonUpdateAdminLastLogin(username, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *MySQLProvider) userExists(username string) (User, error) {
|
||||
return sqlCommonGetUserByUsername(username, p.dbHandle)
|
||||
func (p *MySQLProvider) userExists(username, role string) (User, error) {
|
||||
return sqlCommonGetUserByUsername(username, role, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *MySQLProvider) addUser(user *User) error {
|
||||
|
@ -340,8 +352,8 @@ func (p *MySQLProvider) getRecentlyUpdatedUsers(after int64) ([]User, error) {
|
|||
return sqlCommonGetRecentlyUpdatedUsers(after, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *MySQLProvider) getUsers(limit int, offset int, order string) ([]User, error) {
|
||||
return sqlCommonGetUsers(limit, offset, order, p.dbHandle)
|
||||
func (p *MySQLProvider) getUsers(limit int, offset int, order, role string) ([]User, error) {
|
||||
return sqlCommonGetUsers(limit, offset, order, role, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *MySQLProvider) getUsersForQuotaCheck(toFetch map[string]bool) ([]User, error) {
|
||||
|
@ -654,6 +666,30 @@ func (p *MySQLProvider) cleanupNodes() error {
|
|||
return sqlCommonCleanupNodes(p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *MySQLProvider) roleExists(name string) (Role, error) {
|
||||
return sqlCommonGetRoleByName(name, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *MySQLProvider) addRole(role *Role) error {
|
||||
return sqlCommonAddRole(role, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *MySQLProvider) updateRole(role *Role) error {
|
||||
return sqlCommonUpdateRole(role, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *MySQLProvider) deleteRole(role Role) error {
|
||||
return sqlCommonDeleteRole(role, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *MySQLProvider) getRoles(limit int, offset int, order string, minimal bool) ([]Role, error) {
|
||||
return sqlCommonGetRoles(limit, offset, order, minimal, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *MySQLProvider) dumpRoles() ([]Role, error) {
|
||||
return sqlCommonDumpRoles(p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *MySQLProvider) setFirstDownloadTimestamp(username string) error {
|
||||
return sqlCommonSetFirstDownloadTimestamp(username, p.dbHandle)
|
||||
}
|
||||
|
@ -701,6 +737,8 @@ func (p *MySQLProvider) migrateDatabase() error { //nolint:dupl
|
|||
providerLog(logger.LevelError, "%v", err)
|
||||
logger.ErrorToConsole("%v", err)
|
||||
return err
|
||||
case version == 23:
|
||||
return updateMySQLDatabaseFromV23(p.dbHandle)
|
||||
default:
|
||||
if version > sqlDatabaseVersion {
|
||||
providerLog(logger.LevelError, "database schema version %d is newer than the supported one: %d", version,
|
||||
|
@ -723,6 +761,8 @@ func (p *MySQLProvider) revertDatabase(targetVersion int) error {
|
|||
}
|
||||
|
||||
switch dbVersion.Version {
|
||||
case 24:
|
||||
return downgradeMySQLDatabaseFromV24(p.dbHandle)
|
||||
default:
|
||||
return fmt.Errorf("database schema version not handled: %d", dbVersion.Version)
|
||||
}
|
||||
|
@ -732,3 +772,31 @@ func (p *MySQLProvider) resetDatabase() error {
|
|||
sql := sqlReplaceAll(mysqlResetSQL)
|
||||
return sqlCommonExecSQLAndUpdateDBVersion(p.dbHandle, strings.Split(sql, ";"), 0, false)
|
||||
}
|
||||
|
||||
func updateMySQLDatabaseFromV23(dbHandle *sql.DB) error {
|
||||
return updateMySQLDatabaseFrom23To24(dbHandle)
|
||||
}
|
||||
|
||||
func downgradeMySQLDatabaseFromV24(dbHandle *sql.DB) error {
|
||||
return downgradeMySQLDatabaseFrom24To23(dbHandle)
|
||||
}
|
||||
|
||||
func updateMySQLDatabaseFrom23To24(dbHandle *sql.DB) error {
|
||||
logger.InfoToConsole("updating database schema version: 23 -> 24")
|
||||
providerLog(logger.LevelInfo, "updating database schema version: 23 -> 24")
|
||||
sql := strings.ReplaceAll(mysqlV24SQL, "{{roles}}", sqlTableRoles)
|
||||
sql = strings.ReplaceAll(sql, "{{admins}}", sqlTableAdmins)
|
||||
sql = strings.ReplaceAll(sql, "{{users}}", sqlTableUsers)
|
||||
sql = strings.ReplaceAll(sql, "{{prefix}}", config.SQLTablesPrefix)
|
||||
return sqlCommonExecSQLAndUpdateDBVersion(dbHandle, strings.Split(sql, ";"), 24, true)
|
||||
}
|
||||
|
||||
func downgradeMySQLDatabaseFrom24To23(dbHandle *sql.DB) error {
|
||||
logger.InfoToConsole("downgrading database schema version: 24 -> 23")
|
||||
providerLog(logger.LevelInfo, "downgrading database schema version: 24 -> 23")
|
||||
sql := strings.ReplaceAll(mysqlV24DownSQL, "{{roles}}", sqlTableRoles)
|
||||
sql = strings.ReplaceAll(sql, "{{admins}}", sqlTableAdmins)
|
||||
sql = strings.ReplaceAll(sql, "{{users}}", sqlTableUsers)
|
||||
sql = strings.ReplaceAll(sql, "{{prefix}}", config.SQLTablesPrefix)
|
||||
return sqlCommonExecSQLAndUpdateDBVersion(dbHandle, strings.Split(sql, ";"), 23, false)
|
||||
}
|
||||
|
|
|
@ -25,8 +25,8 @@ import (
|
|||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/lestrrat-go/jwx/jwa"
|
||||
"github.com/lestrrat-go/jwx/jwt"
|
||||
"github.com/lestrrat-go/jwx/v2/jwa"
|
||||
"github.com/lestrrat-go/jwx/v2/jwt"
|
||||
"github.com/rs/xid"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/internal/httpclient"
|
||||
|
@ -120,27 +120,33 @@ func (n *Node) validate() error {
|
|||
return n.Data.validate()
|
||||
}
|
||||
|
||||
func (n *Node) authenticate(token string) (string, error) {
|
||||
func (n *Node) authenticate(token string) (string, string, error) {
|
||||
if err := n.Data.Key.TryDecrypt(); err != nil {
|
||||
providerLog(logger.LevelError, "unable to decrypt node key: %v", err)
|
||||
return "", err
|
||||
return "", "", err
|
||||
}
|
||||
if token == "" {
|
||||
return "", ErrInvalidCredentials
|
||||
return "", "", ErrInvalidCredentials
|
||||
}
|
||||
t, err := jwt.Parse([]byte(token), jwt.WithVerify(jwa.HS256, []byte(n.Data.Key.GetPayload())))
|
||||
t, err := jwt.Parse([]byte(token), jwt.WithKey(jwa.HS256, []byte(n.Data.Key.GetPayload())), jwt.WithValidate(true))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("unable to parse token: %v", err)
|
||||
}
|
||||
if err := jwt.Validate(t); err != nil {
|
||||
return "", fmt.Errorf("unable to validate token: %v", err)
|
||||
return "", "", fmt.Errorf("unable to parse and validate token: %v", err)
|
||||
}
|
||||
var adminUsername, role string
|
||||
if admin, ok := t.Get("admin"); ok {
|
||||
if val, ok := admin.(string); ok && val != "" {
|
||||
return val, nil
|
||||
adminUsername = val
|
||||
}
|
||||
}
|
||||
return "", errors.New("no admin username associated with node token")
|
||||
if adminUsername == "" {
|
||||
return "", "", errors.New("no admin username associated with node token")
|
||||
}
|
||||
if r, ok := t.Get("role"); ok {
|
||||
if val, ok := r.(string); ok && val != "" {
|
||||
role = val
|
||||
}
|
||||
}
|
||||
return adminUsername, role, nil
|
||||
}
|
||||
|
||||
// getBaseURL returns the base URL for this node
|
||||
|
@ -157,7 +163,7 @@ func (n *Node) getBaseURL() string {
|
|||
}
|
||||
|
||||
// generateAuthToken generates a new auth token
|
||||
func (n *Node) generateAuthToken(username string) (string, error) {
|
||||
func (n *Node) generateAuthToken(username, role string) (string, error) {
|
||||
if err := n.Data.Key.TryDecrypt(); err != nil {
|
||||
return "", fmt.Errorf("unable to decrypt node key: %w", err)
|
||||
}
|
||||
|
@ -165,18 +171,19 @@ func (n *Node) generateAuthToken(username string) (string, error) {
|
|||
|
||||
t := jwt.New()
|
||||
t.Set("admin", username) //nolint:errcheck
|
||||
t.Set("role", role) //nolint:errcheck
|
||||
t.Set(jwt.JwtIDKey, xid.New().String()) //nolint:errcheck
|
||||
t.Set(jwt.NotBeforeKey, now.Add(-30*time.Second)) //nolint:errcheck
|
||||
t.Set(jwt.ExpirationKey, now.Add(1*time.Minute)) //nolint:errcheck
|
||||
|
||||
payload, err := jwt.Sign(t, jwa.HS256, []byte(n.Data.Key.GetPayload()))
|
||||
payload, err := jwt.Sign(t, jwt.WithKey(jwa.HS256, []byte(n.Data.Key.GetPayload())))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("unable to sign authentication token: %w", err)
|
||||
}
|
||||
return string(payload), nil
|
||||
}
|
||||
|
||||
func (n *Node) prepareRequest(ctx context.Context, username, relativeURL, method string,
|
||||
func (n *Node) prepareRequest(ctx context.Context, username, role, relativeURL, method string,
|
||||
body io.Reader,
|
||||
) (*http.Request, error) {
|
||||
url := fmt.Sprintf("%s%s", n.getBaseURL(), relativeURL)
|
||||
|
@ -184,7 +191,7 @@ func (n *Node) prepareRequest(ctx context.Context, username, relativeURL, method
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
token, err := n.generateAuthToken(username)
|
||||
token, err := n.generateAuthToken(username, role)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -194,11 +201,11 @@ func (n *Node) prepareRequest(ctx context.Context, username, relativeURL, method
|
|||
|
||||
// SendGetRequest sends an HTTP GET request to this node.
|
||||
// The responseHolder must be a pointer
|
||||
func (n *Node) SendGetRequest(username, relativeURL string, responseHolder any) error {
|
||||
func (n *Node) SendGetRequest(username, role, relativeURL string, responseHolder any) error {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), nodeReqTimeout)
|
||||
defer cancel()
|
||||
|
||||
req, err := n.prepareRequest(ctx, username, relativeURL, http.MethodGet, nil)
|
||||
req, err := n.prepareRequest(ctx, username, role, relativeURL, http.MethodGet, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -222,11 +229,11 @@ func (n *Node) SendGetRequest(username, relativeURL string, responseHolder any)
|
|||
}
|
||||
|
||||
// SendDeleteRequest sends an HTTP DELETE request to this node
|
||||
func (n *Node) SendDeleteRequest(username, relativeURL string) error {
|
||||
func (n *Node) SendDeleteRequest(username, role, relativeURL string) error {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), nodeReqTimeout)
|
||||
defer cancel()
|
||||
|
||||
req, err := n.prepareRequest(ctx, username, relativeURL, http.MethodDelete, nil)
|
||||
req, err := n.prepareRequest(ctx, username, role, relativeURL, http.MethodDelete, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -246,9 +253,9 @@ func (n *Node) SendDeleteRequest(username, relativeURL string) error {
|
|||
}
|
||||
|
||||
// AuthenticateNodeToken check the validity of the provided token
|
||||
func AuthenticateNodeToken(token string) (string, error) {
|
||||
func AuthenticateNodeToken(token string) (string, string, error) {
|
||||
if currentNode == nil {
|
||||
return "", errNoClusterNodes
|
||||
return "", "", errNoClusterNodes
|
||||
}
|
||||
return currentNode.authenticate(token)
|
||||
}
|
||||
|
|
|
@ -23,6 +23,7 @@ import (
|
|||
"database/sql"
|
||||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
// we import pgx here to be able to disable PostgreSQL support using a build tag
|
||||
|
@ -54,6 +55,7 @@ DROP TABLE IF EXISTS "{{events_actions}}" CASCADE;
|
|||
DROP TABLE IF EXISTS "{{events_rules}}" CASCADE;
|
||||
DROP TABLE IF EXISTS "{{tasks}}" CASCADE;
|
||||
DROP TABLE IF EXISTS "{{nodes}}" CASCADE;
|
||||
DROP TABLE IF EXISTS "{{roles}}" CASCADE;
|
||||
DROP TABLE IF EXISTS "{{schema_version}}" CASCADE;
|
||||
`
|
||||
pgsqlInitial = `CREATE TABLE "{{schema_version}}" ("id" serial NOT NULL PRIMARY KEY, "version" integer NOT NULL);
|
||||
|
@ -178,6 +180,19 @@ CREATE INDEX "{{prefix}}rules_actions_mapping_order_idx" ON "{{rules_actions_map
|
|||
CREATE INDEX "{{prefix}}admins_groups_mapping_admin_id_idx" ON "{{admins_groups_mapping}}" ("admin_id");
|
||||
CREATE INDEX "{{prefix}}admins_groups_mapping_group_id_idx" ON "{{admins_groups_mapping}}" ("group_id");
|
||||
INSERT INTO {{schema_version}} (version) VALUES (23);
|
||||
`
|
||||
pgsqlV24SQL = `CREATE TABLE "{{roles}}" ("id" serial NOT NULL PRIMARY KEY, "name" varchar(255) NOT NULL UNIQUE,
|
||||
"description" varchar(512) NULL, "created_at" bigint NOT NULL, "updated_at" bigint NOT NULL);
|
||||
ALTER TABLE "{{admins}}" ADD COLUMN "role_id" integer NULL CONSTRAINT "{{prefix}}admins_role_id_fk_roles_id"
|
||||
REFERENCES "{{roles}}"("id") ON DELETE NO ACTION;
|
||||
ALTER TABLE "{{users}}" ADD COLUMN "role_id" integer NULL CONSTRAINT "{{prefix}}users_role_id_fk_roles_id"
|
||||
REFERENCES "{{roles}}"("id") ON DELETE SET NULL;
|
||||
CREATE INDEX "{{prefix}}admins_role_id_idx" ON "{{admins}}" ("role_id");
|
||||
CREATE INDEX "{{prefix}}users_role_id_idx" ON "{{users}}" ("role_id");
|
||||
`
|
||||
pgsqlV24DownSQL = `ALTER TABLE "{{users}}" DROP COLUMN "role_id" CASCADE;
|
||||
ALTER TABLE "{{admins}}" DROP COLUMN "role_id" CASCADE;
|
||||
DROP TABLE "{{roles}}" CASCADE;
|
||||
`
|
||||
)
|
||||
|
||||
|
@ -279,8 +294,8 @@ func (p *PGSQLProvider) updateAdminLastLogin(username string) error {
|
|||
return sqlCommonUpdateAdminLastLogin(username, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *PGSQLProvider) userExists(username string) (User, error) {
|
||||
return sqlCommonGetUserByUsername(username, p.dbHandle)
|
||||
func (p *PGSQLProvider) userExists(username, role string) (User, error) {
|
||||
return sqlCommonGetUserByUsername(username, role, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *PGSQLProvider) addUser(user *User) error {
|
||||
|
@ -307,8 +322,8 @@ func (p *PGSQLProvider) getRecentlyUpdatedUsers(after int64) ([]User, error) {
|
|||
return sqlCommonGetRecentlyUpdatedUsers(after, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *PGSQLProvider) getUsers(limit int, offset int, order string) ([]User, error) {
|
||||
return sqlCommonGetUsers(limit, offset, order, p.dbHandle)
|
||||
func (p *PGSQLProvider) getUsers(limit int, offset int, order, role string) ([]User, error) {
|
||||
return sqlCommonGetUsers(limit, offset, order, role, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *PGSQLProvider) getUsersForQuotaCheck(toFetch map[string]bool) ([]User, error) {
|
||||
|
@ -621,6 +636,30 @@ func (p *PGSQLProvider) cleanupNodes() error {
|
|||
return sqlCommonCleanupNodes(p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *PGSQLProvider) roleExists(name string) (Role, error) {
|
||||
return sqlCommonGetRoleByName(name, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *PGSQLProvider) addRole(role *Role) error {
|
||||
return sqlCommonAddRole(role, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *PGSQLProvider) updateRole(role *Role) error {
|
||||
return sqlCommonUpdateRole(role, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *PGSQLProvider) deleteRole(role Role) error {
|
||||
return sqlCommonDeleteRole(role, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *PGSQLProvider) getRoles(limit int, offset int, order string, minimal bool) ([]Role, error) {
|
||||
return sqlCommonGetRoles(limit, offset, order, minimal, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *PGSQLProvider) dumpRoles() ([]Role, error) {
|
||||
return sqlCommonDumpRoles(p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *PGSQLProvider) setFirstDownloadTimestamp(username string) error {
|
||||
return sqlCommonSetFirstDownloadTimestamp(username, p.dbHandle)
|
||||
}
|
||||
|
@ -668,6 +707,8 @@ func (p *PGSQLProvider) migrateDatabase() error { //nolint:dupl
|
|||
providerLog(logger.LevelError, "%v", err)
|
||||
logger.ErrorToConsole("%v", err)
|
||||
return err
|
||||
case version == 23:
|
||||
return updatePgSQLDatabaseFromV23(p.dbHandle)
|
||||
default:
|
||||
if version > sqlDatabaseVersion {
|
||||
providerLog(logger.LevelError, "database schema version %d is newer than the supported one: %d", version,
|
||||
|
@ -690,6 +731,8 @@ func (p *PGSQLProvider) revertDatabase(targetVersion int) error {
|
|||
}
|
||||
|
||||
switch dbVersion.Version {
|
||||
case 24:
|
||||
return downgradePgSQLDatabaseFromV24(p.dbHandle)
|
||||
default:
|
||||
return fmt.Errorf("database schema version not handled: %d", dbVersion.Version)
|
||||
}
|
||||
|
@ -699,3 +742,31 @@ func (p *PGSQLProvider) resetDatabase() error {
|
|||
sql := sqlReplaceAll(pgsqlResetSQL)
|
||||
return sqlCommonExecSQLAndUpdateDBVersion(p.dbHandle, []string{sql}, 0, false)
|
||||
}
|
||||
|
||||
func updatePgSQLDatabaseFromV23(dbHandle *sql.DB) error {
|
||||
return updatePgSQLDatabaseFrom23To24(dbHandle)
|
||||
}
|
||||
|
||||
func downgradePgSQLDatabaseFromV24(dbHandle *sql.DB) error {
|
||||
return downgradePgSQLDatabaseFrom24To23(dbHandle)
|
||||
}
|
||||
|
||||
func updatePgSQLDatabaseFrom23To24(dbHandle *sql.DB) error {
|
||||
logger.InfoToConsole("updating database schema version: 23 -> 24")
|
||||
providerLog(logger.LevelInfo, "updating database schema version: 23 -> 24")
|
||||
sql := strings.ReplaceAll(pgsqlV24SQL, "{{roles}}", sqlTableRoles)
|
||||
sql = strings.ReplaceAll(sql, "{{admins}}", sqlTableAdmins)
|
||||
sql = strings.ReplaceAll(sql, "{{users}}", sqlTableUsers)
|
||||
sql = strings.ReplaceAll(sql, "{{prefix}}", config.SQLTablesPrefix)
|
||||
return sqlCommonExecSQLAndUpdateDBVersion(dbHandle, []string{sql}, 24, true)
|
||||
}
|
||||
|
||||
func downgradePgSQLDatabaseFrom24To23(dbHandle *sql.DB) error {
|
||||
logger.InfoToConsole("downgrading database schema version: 24 -> 23")
|
||||
providerLog(logger.LevelInfo, "downgrading database schema version: 24 -> 23")
|
||||
sql := strings.ReplaceAll(pgsqlV24DownSQL, "{{roles}}", sqlTableRoles)
|
||||
sql = strings.ReplaceAll(sql, "{{admins}}", sqlTableAdmins)
|
||||
sql = strings.ReplaceAll(sql, "{{users}}", sqlTableUsers)
|
||||
sql = strings.ReplaceAll(sql, "{{prefix}}", config.SQLTablesPrefix)
|
||||
return sqlCommonExecSQLAndUpdateDBVersion(dbHandle, []string{sql}, 23, false)
|
||||
}
|
||||
|
|
94
internal/dataprovider/role.go
Normal file
94
internal/dataprovider/role.go
Normal file
|
@ -0,0 +1,94 @@
|
|||
// Copyright (C) 2019-2022 Nicola Murino
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as published
|
||||
// by the Free Software Foundation, version 3.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
package dataprovider
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/internal/logger"
|
||||
"github.com/drakkan/sftpgo/v2/internal/util"
|
||||
)
|
||||
|
||||
// Role defines an SFTPGo role.
|
||||
type Role struct {
|
||||
// Data provider unique identifier
|
||||
ID int64 `json:"id"`
|
||||
// Role name
|
||||
Name string `json:"name"`
|
||||
// optional description
|
||||
Description string `json:"description,omitempty"`
|
||||
// Creation time as unix timestamp in milliseconds
|
||||
CreatedAt int64 `json:"created_at"`
|
||||
// last update time as unix timestamp in milliseconds
|
||||
UpdatedAt int64 `json:"updated_at"`
|
||||
// list of admins associated with this role
|
||||
Admins []string `json:"admins,omitempty"`
|
||||
// list of usernames associated with this role
|
||||
Users []string `json:"users,omitempty"`
|
||||
}
|
||||
|
||||
// RenderAsJSON implements the renderer interface used within plugins
|
||||
func (r *Role) RenderAsJSON(reload bool) ([]byte, error) {
|
||||
if reload {
|
||||
role, err := provider.roleExists(r.Name)
|
||||
if err != nil {
|
||||
providerLog(logger.LevelError, "unable to reload role before rendering as json: %v", err)
|
||||
return nil, err
|
||||
}
|
||||
return json.Marshal(role)
|
||||
}
|
||||
return json.Marshal(r)
|
||||
}
|
||||
|
||||
func (r *Role) validate() error {
|
||||
if r.Name == "" {
|
||||
return util.NewValidationError("name is mandatory")
|
||||
}
|
||||
if config.NamingRules&1 == 0 && !usernameRegex.MatchString(r.Name) {
|
||||
return util.NewValidationError(fmt.Sprintf("name %q is not valid, the following characters are allowed: a-zA-Z0-9-_.~", r.Name))
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (r *Role) getACopy() Role {
|
||||
users := make([]string, len(r.Users))
|
||||
copy(users, r.Users)
|
||||
admins := make([]string, len(r.Admins))
|
||||
copy(admins, r.Admins)
|
||||
|
||||
return Role{
|
||||
ID: r.ID,
|
||||
Name: r.Name,
|
||||
Description: r.Description,
|
||||
CreatedAt: r.CreatedAt,
|
||||
UpdatedAt: r.UpdatedAt,
|
||||
Users: users,
|
||||
Admins: admins,
|
||||
}
|
||||
}
|
||||
|
||||
// GetMembersAsString returns a string representation for the role members
|
||||
func (r *Role) GetMembersAsString() string {
|
||||
var sb strings.Builder
|
||||
if len(r.Users) > 0 {
|
||||
sb.WriteString(fmt.Sprintf("Users: %d. ", len(r.Users)))
|
||||
}
|
||||
if len(r.Admins) > 0 {
|
||||
sb.WriteString(fmt.Sprintf("Admins: %d. ", len(r.Admins)))
|
||||
}
|
||||
return sb.String()
|
||||
}
|
|
@ -34,7 +34,7 @@ import (
|
|||
)
|
||||
|
||||
const (
|
||||
sqlDatabaseVersion = 23
|
||||
sqlDatabaseVersion = 24
|
||||
defaultSQLQueryTimeout = 10 * time.Second
|
||||
longSQLQueryTimeout = 60 * time.Second
|
||||
)
|
||||
|
@ -78,6 +78,7 @@ func sqlReplaceAll(sql string) string {
|
|||
sql = strings.ReplaceAll(sql, "{{rules_actions_mapping}}", sqlTableRulesActionsMapping)
|
||||
sql = strings.ReplaceAll(sql, "{{tasks}}", sqlTableTasks)
|
||||
sql = strings.ReplaceAll(sql, "{{nodes}}", sqlTableNodes)
|
||||
sql = strings.ReplaceAll(sql, "{{roles}}", sqlTableRoles)
|
||||
sql = strings.ReplaceAll(sql, "{{prefix}}", config.SQLTablesPrefix)
|
||||
return sql
|
||||
}
|
||||
|
@ -105,7 +106,7 @@ func sqlCommonAddShare(share *Share, dbHandle *sql.DB) error {
|
|||
return err
|
||||
}
|
||||
|
||||
user, err := provider.userExists(share.Username)
|
||||
user, err := provider.userExists(share.Username, "")
|
||||
if err != nil {
|
||||
return util.NewValidationError(fmt.Sprintf("unable to validate user %#v", share.Username))
|
||||
}
|
||||
|
@ -165,7 +166,7 @@ func sqlCommonUpdateShare(share *Share, dbHandle *sql.DB) error {
|
|||
}
|
||||
}
|
||||
|
||||
user, err := provider.userExists(share.Username)
|
||||
user, err := provider.userExists(share.Username, "")
|
||||
if err != nil {
|
||||
return util.NewValidationError(fmt.Sprintf("unable to validate user %#v", share.Username))
|
||||
}
|
||||
|
@ -431,10 +432,10 @@ func sqlCommonAddAdmin(admin *Admin, dbHandle *sql.DB) error {
|
|||
defer cancel()
|
||||
|
||||
return sqlCommonExecuteTx(ctx, dbHandle, func(tx *sql.Tx) error {
|
||||
q := getAddAdminQuery()
|
||||
q := getAddAdminQuery(admin.Role)
|
||||
_, err = tx.ExecContext(ctx, q, admin.Username, admin.Password, admin.Status, admin.Email, string(perms),
|
||||
string(filters), admin.AdditionalInfo, admin.Description, util.GetTimeAsMsSinceEpoch(time.Now()),
|
||||
util.GetTimeAsMsSinceEpoch(time.Now()))
|
||||
util.GetTimeAsMsSinceEpoch(time.Now()), admin.Role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -462,9 +463,9 @@ func sqlCommonUpdateAdmin(admin *Admin, dbHandle *sql.DB) error {
|
|||
defer cancel()
|
||||
|
||||
return sqlCommonExecuteTx(ctx, dbHandle, func(tx *sql.Tx) error {
|
||||
q := getUpdateAdminQuery()
|
||||
q := getUpdateAdminQuery(admin.Role)
|
||||
_, err = tx.ExecContext(ctx, q, admin.Password, admin.Status, admin.Email, string(perms), string(filters),
|
||||
admin.AdditionalInfo, admin.Description, util.GetTimeAsMsSinceEpoch(time.Now()), admin.Username)
|
||||
admin.AdditionalInfo, admin.Description, util.GetTimeAsMsSinceEpoch(time.Now()), admin.Role, admin.Username)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -537,6 +538,122 @@ func sqlCommonDumpAdmins(dbHandle sqlQuerier) ([]Admin, error) {
|
|||
return getAdminsWithGroups(ctx, admins, dbHandle)
|
||||
}
|
||||
|
||||
func sqlCommonGetRoleByName(name string, dbHandle sqlQuerier) (Role, error) {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout)
|
||||
defer cancel()
|
||||
|
||||
q := getRoleByNameQuery()
|
||||
row := dbHandle.QueryRowContext(ctx, q, name)
|
||||
role, err := getRoleFromDbRow(row)
|
||||
if err != nil {
|
||||
return role, err
|
||||
}
|
||||
role, err = getRoleWithUsers(ctx, role, dbHandle)
|
||||
if err != nil {
|
||||
return role, err
|
||||
}
|
||||
return getRoleWithAdmins(ctx, role, dbHandle)
|
||||
}
|
||||
|
||||
func sqlCommonDumpRoles(dbHandle sqlQuerier) ([]Role, error) {
|
||||
roles := make([]Role, 0, 10)
|
||||
ctx, cancel := context.WithTimeout(context.Background(), longSQLQueryTimeout)
|
||||
defer cancel()
|
||||
|
||||
q := getDumpRolesQuery()
|
||||
|
||||
rows, err := dbHandle.QueryContext(ctx, q)
|
||||
if err != nil {
|
||||
return roles, err
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
for rows.Next() {
|
||||
role, err := getRoleFromDbRow(rows)
|
||||
if err != nil {
|
||||
return roles, err
|
||||
}
|
||||
roles = append(roles, role)
|
||||
}
|
||||
return roles, rows.Err()
|
||||
}
|
||||
|
||||
func sqlCommonGetRoles(limit int, offset int, order string, minimal bool, dbHandle sqlQuerier) ([]Role, error) {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout)
|
||||
defer cancel()
|
||||
|
||||
q := getRolesQuery(order, minimal)
|
||||
|
||||
roles := make([]Role, 0, limit)
|
||||
rows, err := dbHandle.QueryContext(ctx, q, limit, offset)
|
||||
if err != nil {
|
||||
return roles, err
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
for rows.Next() {
|
||||
var role Role
|
||||
if minimal {
|
||||
err = rows.Scan(&role.ID, &role.Name)
|
||||
} else {
|
||||
role, err = getRoleFromDbRow(rows)
|
||||
}
|
||||
if err != nil {
|
||||
return roles, err
|
||||
}
|
||||
roles = append(roles, role)
|
||||
}
|
||||
err = rows.Err()
|
||||
if err != nil {
|
||||
return roles, err
|
||||
}
|
||||
if minimal {
|
||||
return roles, nil
|
||||
}
|
||||
roles, err = getRolesWithUsers(ctx, roles, dbHandle)
|
||||
if err != nil {
|
||||
return roles, err
|
||||
}
|
||||
return getRolesWithAdmins(ctx, roles, dbHandle)
|
||||
}
|
||||
|
||||
func sqlCommonAddRole(role *Role, dbHandle *sql.DB) error {
|
||||
if err := role.validate(); err != nil {
|
||||
return err
|
||||
}
|
||||
ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout)
|
||||
defer cancel()
|
||||
|
||||
q := getAddRoleQuery()
|
||||
_, err := dbHandle.ExecContext(ctx, q, role.Name, role.Description, util.GetTimeAsMsSinceEpoch(time.Now()),
|
||||
util.GetTimeAsMsSinceEpoch(time.Now()))
|
||||
return err
|
||||
}
|
||||
|
||||
func sqlCommonUpdateRole(role *Role, dbHandle *sql.DB) error {
|
||||
if err := role.validate(); err != nil {
|
||||
return err
|
||||
}
|
||||
ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout)
|
||||
defer cancel()
|
||||
|
||||
q := getUpdateRoleQuery()
|
||||
_, err := dbHandle.ExecContext(ctx, q, role.Description, util.GetTimeAsMsSinceEpoch(time.Now()), role.Name)
|
||||
return err
|
||||
}
|
||||
|
||||
func sqlCommonDeleteRole(role Role, dbHandle *sql.DB) error {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout)
|
||||
defer cancel()
|
||||
|
||||
q := getDeleteRoleQuery()
|
||||
res, err := dbHandle.ExecContext(ctx, q, role.Name)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return sqlCommonRequireRowAffected(res)
|
||||
}
|
||||
|
||||
func sqlCommonGetGroupByName(name string, dbHandle sqlQuerier) (Group, error) {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout)
|
||||
defer cancel()
|
||||
|
@ -756,12 +873,16 @@ func sqlCommonDeleteGroup(group Group, dbHandle *sql.DB) error {
|
|||
return sqlCommonRequireRowAffected(res)
|
||||
}
|
||||
|
||||
func sqlCommonGetUserByUsername(username string, dbHandle sqlQuerier) (User, error) {
|
||||
func sqlCommonGetUserByUsername(username, role string, dbHandle sqlQuerier) (User, error) {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout)
|
||||
defer cancel()
|
||||
|
||||
q := getUserByUsernameQuery()
|
||||
row := dbHandle.QueryRowContext(ctx, q, username)
|
||||
q := getUserByUsernameQuery(role)
|
||||
args := []any{username}
|
||||
if role != "" {
|
||||
args = append(args, role)
|
||||
}
|
||||
row := dbHandle.QueryRowContext(ctx, q, args...)
|
||||
user, err := getUserFromDbRow(row)
|
||||
if err != nil {
|
||||
return user, err
|
||||
|
@ -774,7 +895,7 @@ func sqlCommonGetUserByUsername(username string, dbHandle sqlQuerier) (User, err
|
|||
}
|
||||
|
||||
func sqlCommonValidateUserAndPass(username, password, ip, protocol string, dbHandle *sql.DB) (User, error) {
|
||||
user, err := sqlCommonGetUserByUsername(username, dbHandle)
|
||||
user, err := sqlCommonGetUserByUsername(username, "", dbHandle)
|
||||
if err != nil {
|
||||
providerLog(logger.LevelWarn, "error authenticating user %#v: %v", username, err)
|
||||
return user, err
|
||||
|
@ -787,7 +908,7 @@ func sqlCommonValidateUserAndTLSCertificate(username, protocol string, tlsCert *
|
|||
if tlsCert == nil {
|
||||
return user, errors.New("TLS certificate cannot be null or empty")
|
||||
}
|
||||
user, err := sqlCommonGetUserByUsername(username, dbHandle)
|
||||
user, err := sqlCommonGetUserByUsername(username, "", dbHandle)
|
||||
if err != nil {
|
||||
providerLog(logger.LevelWarn, "error authenticating user %#v: %v", username, err)
|
||||
return user, err
|
||||
|
@ -800,7 +921,7 @@ func sqlCommonValidateUserAndPubKey(username string, pubKey []byte, isSSHCert bo
|
|||
if len(pubKey) == 0 {
|
||||
return user, "", errors.New("credentials cannot be null or empty")
|
||||
}
|
||||
user, err := sqlCommonGetUserByUsername(username, dbHandle)
|
||||
user, err := sqlCommonGetUserByUsername(username, "", dbHandle)
|
||||
if err != nil {
|
||||
providerLog(logger.LevelWarn, "error authenticating user %#v: %v", username, err)
|
||||
return user, "", err
|
||||
|
@ -993,12 +1114,12 @@ func sqlCommonAddUser(user *User, dbHandle *sql.DB) error {
|
|||
return err
|
||||
}
|
||||
}
|
||||
q := getAddUserQuery()
|
||||
q := getAddUserQuery(user.Role)
|
||||
_, err := tx.ExecContext(ctx, q, user.Username, user.Password, string(publicKeys), user.HomeDir, user.UID, user.GID,
|
||||
user.MaxSessions, user.QuotaSize, user.QuotaFiles, string(permissions), user.UploadBandwidth,
|
||||
user.DownloadBandwidth, user.Status, user.ExpirationDate, string(filters), string(fsConfig), user.AdditionalInfo,
|
||||
user.Description, user.Email, util.GetTimeAsMsSinceEpoch(time.Now()), util.GetTimeAsMsSinceEpoch(time.Now()),
|
||||
user.UploadDataTransfer, user.DownloadDataTransfer, user.TotalDataTransfer)
|
||||
user.UploadDataTransfer, user.DownloadDataTransfer, user.TotalDataTransfer, user.Role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -1044,12 +1165,12 @@ func sqlCommonUpdateUser(user *User, dbHandle *sql.DB) error {
|
|||
defer cancel()
|
||||
|
||||
return sqlCommonExecuteTx(ctx, dbHandle, func(tx *sql.Tx) error {
|
||||
q := getUpdateUserQuery()
|
||||
q := getUpdateUserQuery(user.Role)
|
||||
_, err := tx.ExecContext(ctx, q, user.Password, string(publicKeys), user.HomeDir, user.UID, user.GID, user.MaxSessions,
|
||||
user.QuotaSize, user.QuotaFiles, string(permissions), user.UploadBandwidth, user.DownloadBandwidth, user.Status,
|
||||
user.ExpirationDate, string(filters), string(fsConfig), user.AdditionalInfo, user.Description, user.Email,
|
||||
util.GetTimeAsMsSinceEpoch(time.Now()), user.UploadDataTransfer, user.DownloadDataTransfer, user.TotalDataTransfer,
|
||||
user.ID)
|
||||
user.Role, user.ID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -1264,20 +1385,18 @@ func sqlCommonGetUsersRangeForQuotaCheck(usernames []string, dbHandle sqlQuerier
|
|||
|
||||
for rows.Next() {
|
||||
var user User
|
||||
var filters sql.NullString
|
||||
var filters []byte
|
||||
err = rows.Scan(&user.ID, &user.Username, &user.QuotaSize, &user.UsedQuotaSize, &user.TotalDataTransfer,
|
||||
&user.UploadDataTransfer, &user.DownloadDataTransfer, &user.UsedUploadDataTransfer,
|
||||
&user.UsedDownloadDataTransfer, &filters)
|
||||
if err != nil {
|
||||
return users, err
|
||||
}
|
||||
if filters.Valid {
|
||||
var userFilters UserFilters
|
||||
err = json.Unmarshal([]byte(filters.String), &userFilters)
|
||||
err = json.Unmarshal(filters, &userFilters)
|
||||
if err == nil {
|
||||
user.Filters = userFilters
|
||||
}
|
||||
}
|
||||
users = append(users, user)
|
||||
}
|
||||
|
||||
|
@ -1353,13 +1472,19 @@ func sqlCommonGetActiveTransfers(from time.Time, dbHandle sqlQuerier) ([]ActiveT
|
|||
return transfers, rows.Err()
|
||||
}
|
||||
|
||||
func sqlCommonGetUsers(limit int, offset int, order string, dbHandle sqlQuerier) ([]User, error) {
|
||||
func sqlCommonGetUsers(limit int, offset int, order, role string, dbHandle sqlQuerier) ([]User, error) {
|
||||
users := make([]User, 0, limit)
|
||||
ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout)
|
||||
defer cancel()
|
||||
|
||||
q := getUsersQuery(order)
|
||||
rows, err := dbHandle.QueryContext(ctx, q, limit, offset)
|
||||
q := getUsersQuery(order, role)
|
||||
var args []any
|
||||
if role == "" {
|
||||
args = append(args, limit, offset)
|
||||
} else {
|
||||
args = append(args, role, limit, offset)
|
||||
}
|
||||
rows, err := dbHandle.QueryContext(ctx, q, args...)
|
||||
if err != nil {
|
||||
return users, err
|
||||
}
|
||||
|
@ -1593,7 +1718,8 @@ func sqlCommonCleanupDefenderEvents(from int64, dbHandle *sql.DB) error {
|
|||
|
||||
func getShareFromDbRow(row sqlScanner) (Share, error) {
|
||||
var share Share
|
||||
var description, password, allowFrom, paths sql.NullString
|
||||
var description, password sql.NullString
|
||||
var allowFrom, paths []byte
|
||||
|
||||
err := row.Scan(&share.ShareID, &share.Name, &description, &share.Scope,
|
||||
&paths, &share.Username, &share.CreatedAt, &share.UpdatedAt,
|
||||
|
@ -1605,29 +1731,23 @@ func getShareFromDbRow(row sqlScanner) (Share, error) {
|
|||
}
|
||||
return share, err
|
||||
}
|
||||
if paths.Valid {
|
||||
var list []string
|
||||
err = json.Unmarshal([]byte(paths.String), &list)
|
||||
err = json.Unmarshal(paths, &list)
|
||||
if err != nil {
|
||||
return share, err
|
||||
}
|
||||
share.Paths = list
|
||||
} else {
|
||||
return share, errors.New("unable to decode shared paths")
|
||||
}
|
||||
if description.Valid {
|
||||
share.Description = description.String
|
||||
}
|
||||
if password.Valid {
|
||||
share.Password = password.String
|
||||
}
|
||||
if allowFrom.Valid {
|
||||
var list []string
|
||||
err = json.Unmarshal([]byte(allowFrom.String), &list)
|
||||
list = nil
|
||||
err = json.Unmarshal(allowFrom, &list)
|
||||
if err == nil {
|
||||
share.AllowFrom = list
|
||||
}
|
||||
}
|
||||
return share, nil
|
||||
}
|
||||
|
||||
|
@ -1661,10 +1781,11 @@ func getAPIKeyFromDbRow(row sqlScanner) (APIKey, error) {
|
|||
|
||||
func getAdminFromDbRow(row sqlScanner) (Admin, error) {
|
||||
var admin Admin
|
||||
var email, filters, additionalInfo, permissions, description sql.NullString
|
||||
var email, additionalInfo, description, role sql.NullString
|
||||
var permissions, filters []byte
|
||||
|
||||
err := row.Scan(&admin.ID, &admin.Username, &admin.Password, &admin.Status, &email, &permissions,
|
||||
&filters, &additionalInfo, &description, &admin.CreatedAt, &admin.UpdatedAt, &admin.LastLogin)
|
||||
&filters, &additionalInfo, &description, &admin.CreatedAt, &admin.UpdatedAt, &admin.LastLogin, &role)
|
||||
|
||||
if err != nil {
|
||||
if errors.Is(err, sql.ErrNoRows) {
|
||||
|
@ -1673,31 +1794,31 @@ func getAdminFromDbRow(row sqlScanner) (Admin, error) {
|
|||
return admin, err
|
||||
}
|
||||
|
||||
if permissions.Valid {
|
||||
var perms []string
|
||||
err = json.Unmarshal([]byte(permissions.String), &perms)
|
||||
err = json.Unmarshal(permissions, &perms)
|
||||
if err != nil {
|
||||
return admin, err
|
||||
}
|
||||
admin.Permissions = perms
|
||||
}
|
||||
|
||||
if email.Valid {
|
||||
admin.Email = email.String
|
||||
}
|
||||
if filters.Valid {
|
||||
|
||||
var adminFilters AdminFilters
|
||||
err = json.Unmarshal([]byte(filters.String), &adminFilters)
|
||||
err = json.Unmarshal(filters, &adminFilters)
|
||||
if err == nil {
|
||||
admin.Filters = adminFilters
|
||||
}
|
||||
}
|
||||
if additionalInfo.Valid {
|
||||
admin.AdditionalInfo = additionalInfo.String
|
||||
}
|
||||
if description.Valid {
|
||||
admin.Description = description.String
|
||||
}
|
||||
if role.Valid {
|
||||
admin.Role = role.String
|
||||
}
|
||||
|
||||
admin.SetEmptySecretsIfNil()
|
||||
return admin, nil
|
||||
|
@ -1718,11 +1839,10 @@ func getEventActionFromDbRow(row sqlScanner) (BaseEventAction, error) {
|
|||
if description.Valid {
|
||||
action.Description = description.String
|
||||
}
|
||||
if len(options) > 0 {
|
||||
err = json.Unmarshal(options, &action.Options)
|
||||
if err != nil {
|
||||
return action, err
|
||||
}
|
||||
var actionOptions BaseEventActionOptions
|
||||
err = json.Unmarshal(options, &actionOptions)
|
||||
if err == nil {
|
||||
action.Options = actionOptions
|
||||
}
|
||||
return action, nil
|
||||
}
|
||||
|
@ -1740,21 +1860,40 @@ func getEventRuleFromDbRow(row sqlScanner) (EventRule, error) {
|
|||
}
|
||||
return rule, err
|
||||
}
|
||||
if len(conditions) > 0 {
|
||||
err = json.Unmarshal(conditions, &rule.Conditions)
|
||||
if err != nil {
|
||||
return rule, err
|
||||
}
|
||||
var ruleConditions EventConditions
|
||||
err = json.Unmarshal(conditions, &ruleConditions)
|
||||
if err == nil {
|
||||
rule.Conditions = ruleConditions
|
||||
}
|
||||
|
||||
if description.Valid {
|
||||
rule.Description = description.String
|
||||
}
|
||||
return rule, nil
|
||||
}
|
||||
|
||||
func getRoleFromDbRow(row sqlScanner) (Role, error) {
|
||||
var role Role
|
||||
var description sql.NullString
|
||||
|
||||
err := row.Scan(&role.ID, &role.Name, &description, &role.CreatedAt, &role.UpdatedAt)
|
||||
if err != nil {
|
||||
if errors.Is(err, sql.ErrNoRows) {
|
||||
return role, util.NewRecordNotFoundError(err.Error())
|
||||
}
|
||||
return role, err
|
||||
}
|
||||
if description.Valid {
|
||||
role.Description = description.String
|
||||
}
|
||||
|
||||
return role, nil
|
||||
}
|
||||
|
||||
func getGroupFromDbRow(row sqlScanner) (Group, error) {
|
||||
var group Group
|
||||
var userSettings, description sql.NullString
|
||||
var description sql.NullString
|
||||
var userSettings []byte
|
||||
|
||||
err := row.Scan(&group.ID, &group.Name, &description, &group.CreatedAt, &group.UpdatedAt, &userSettings)
|
||||
if err != nil {
|
||||
|
@ -1766,32 +1905,28 @@ func getGroupFromDbRow(row sqlScanner) (Group, error) {
|
|||
if description.Valid {
|
||||
group.Description = description.String
|
||||
}
|
||||
if userSettings.Valid {
|
||||
|
||||
var settings GroupUserSettings
|
||||
err = json.Unmarshal([]byte(userSettings.String), &settings)
|
||||
err = json.Unmarshal(userSettings, &settings)
|
||||
if err == nil {
|
||||
group.UserSettings = settings
|
||||
}
|
||||
}
|
||||
|
||||
return group, nil
|
||||
}
|
||||
|
||||
func getUserFromDbRow(row sqlScanner) (User, error) {
|
||||
var user User
|
||||
var permissions sql.NullString
|
||||
var password sql.NullString
|
||||
var publicKey sql.NullString
|
||||
var filters sql.NullString
|
||||
var fsConfig sql.NullString
|
||||
var additionalInfo, description, email sql.NullString
|
||||
var permissions, publicKey, filters, fsConfig []byte
|
||||
var additionalInfo, description, email, role sql.NullString
|
||||
|
||||
err := row.Scan(&user.ID, &user.Username, &password, &publicKey, &user.HomeDir, &user.UID, &user.GID, &user.MaxSessions,
|
||||
&user.QuotaSize, &user.QuotaFiles, &permissions, &user.UsedQuotaSize, &user.UsedQuotaFiles, &user.LastQuotaUpdate,
|
||||
&user.UploadBandwidth, &user.DownloadBandwidth, &user.ExpirationDate, &user.LastLogin, &user.Status, &filters, &fsConfig,
|
||||
&additionalInfo, &description, &email, &user.CreatedAt, &user.UpdatedAt, &user.UploadDataTransfer, &user.DownloadDataTransfer,
|
||||
&user.TotalDataTransfer, &user.UsedUploadDataTransfer, &user.UsedDownloadDataTransfer, &user.DeletedAt, &user.FirstDownload,
|
||||
&user.FirstUpload)
|
||||
&user.FirstUpload, &role)
|
||||
if err != nil {
|
||||
if errors.Is(err, sql.ErrNoRows) {
|
||||
return user, util.NewRecordNotFoundError(err.Error())
|
||||
|
@ -1801,39 +1936,31 @@ func getUserFromDbRow(row sqlScanner) (User, error) {
|
|||
if password.Valid {
|
||||
user.Password = password.String
|
||||
}
|
||||
// we can have a empty string or an invalid json in null string
|
||||
// so we do a relaxed test if the field is optional, for example we
|
||||
// populate public keys only if unmarshal does not return an error
|
||||
if publicKey.Valid {
|
||||
var list []string
|
||||
err = json.Unmarshal([]byte(publicKey.String), &list)
|
||||
if err == nil {
|
||||
user.PublicKeys = list
|
||||
}
|
||||
}
|
||||
if permissions.Valid {
|
||||
perms := make(map[string][]string)
|
||||
err = json.Unmarshal([]byte(permissions.String), &perms)
|
||||
err = json.Unmarshal(permissions, &perms)
|
||||
if err != nil {
|
||||
providerLog(logger.LevelError, "unable to deserialize permissions for user %#v: %v", user.Username, err)
|
||||
return user, fmt.Errorf("unable to deserialize permissions for user %#v: %v", user.Username, err)
|
||||
}
|
||||
user.Permissions = perms
|
||||
// we can have a empty string or an invalid json in null string
|
||||
// so we do a relaxed test if the field is optional, for example we
|
||||
// populate public keys only if unmarshal does not return an error
|
||||
var pKeys []string
|
||||
err = json.Unmarshal(publicKey, &pKeys)
|
||||
if err == nil {
|
||||
user.PublicKeys = pKeys
|
||||
}
|
||||
if filters.Valid {
|
||||
var userFilters UserFilters
|
||||
err = json.Unmarshal([]byte(filters.String), &userFilters)
|
||||
err = json.Unmarshal(filters, &userFilters)
|
||||
if err == nil {
|
||||
user.Filters = userFilters
|
||||
}
|
||||
}
|
||||
if fsConfig.Valid {
|
||||
var fs vfs.Filesystem
|
||||
err = json.Unmarshal([]byte(fsConfig.String), &fs)
|
||||
err = json.Unmarshal(fsConfig, &fs)
|
||||
if err == nil {
|
||||
user.FsConfig = fs
|
||||
}
|
||||
}
|
||||
if additionalInfo.Valid {
|
||||
user.AdditionalInfo = additionalInfo.String
|
||||
}
|
||||
|
@ -1843,6 +1970,9 @@ func getUserFromDbRow(row sqlScanner) (User, error) {
|
|||
if email.Valid {
|
||||
user.Email = email.String
|
||||
}
|
||||
if role.Valid {
|
||||
user.Role = role.String
|
||||
}
|
||||
user.SetEmptySecretsIfNil()
|
||||
return user, nil
|
||||
}
|
||||
|
@ -1851,7 +1981,8 @@ func sqlCommonGetFolder(ctx context.Context, name string, dbHandle sqlQuerier) (
|
|||
var folder vfs.BaseVirtualFolder
|
||||
q := getFolderByNameQuery()
|
||||
row := dbHandle.QueryRowContext(ctx, q, name)
|
||||
var mappedPath, description, fsConfig sql.NullString
|
||||
var mappedPath, description sql.NullString
|
||||
var fsConfig []byte
|
||||
err := row.Scan(&folder.ID, &mappedPath, &folder.UsedQuotaSize, &folder.UsedQuotaFiles, &folder.LastQuotaUpdate,
|
||||
&folder.Name, &description, &fsConfig)
|
||||
if err != nil {
|
||||
|
@ -1866,13 +1997,11 @@ func sqlCommonGetFolder(ctx context.Context, name string, dbHandle sqlQuerier) (
|
|||
if description.Valid {
|
||||
folder.Description = description.String
|
||||
}
|
||||
if fsConfig.Valid {
|
||||
var fs vfs.Filesystem
|
||||
err = json.Unmarshal([]byte(fsConfig.String), &fs)
|
||||
err = json.Unmarshal(fsConfig, &fs)
|
||||
if err == nil {
|
||||
folder.FsConfig = fs
|
||||
}
|
||||
}
|
||||
return folder, err
|
||||
}
|
||||
|
||||
|
@ -1971,7 +2100,8 @@ func sqlCommonDumpFolders(dbHandle sqlQuerier) ([]vfs.BaseVirtualFolder, error)
|
|||
defer rows.Close()
|
||||
for rows.Next() {
|
||||
var folder vfs.BaseVirtualFolder
|
||||
var mappedPath, description, fsConfig sql.NullString
|
||||
var mappedPath, description sql.NullString
|
||||
var fsConfig []byte
|
||||
err = rows.Scan(&folder.ID, &mappedPath, &folder.UsedQuotaSize, &folder.UsedQuotaFiles,
|
||||
&folder.LastQuotaUpdate, &folder.Name, &description, &fsConfig)
|
||||
if err != nil {
|
||||
|
@ -1983,13 +2113,11 @@ func sqlCommonDumpFolders(dbHandle sqlQuerier) ([]vfs.BaseVirtualFolder, error)
|
|||
if description.Valid {
|
||||
folder.Description = description.String
|
||||
}
|
||||
if fsConfig.Valid {
|
||||
var fs vfs.Filesystem
|
||||
err = json.Unmarshal([]byte(fsConfig.String), &fs)
|
||||
err = json.Unmarshal(fsConfig, &fs)
|
||||
if err == nil {
|
||||
folder.FsConfig = fs
|
||||
}
|
||||
}
|
||||
folders = append(folders, folder)
|
||||
}
|
||||
return folders, rows.Err()
|
||||
|
@ -2014,7 +2142,8 @@ func sqlCommonGetFolders(limit, offset int, order string, minimal bool, dbHandle
|
|||
return folders, err
|
||||
}
|
||||
} else {
|
||||
var mappedPath, description, fsConfig sql.NullString
|
||||
var mappedPath, description sql.NullString
|
||||
var fsConfig []byte
|
||||
err = rows.Scan(&folder.ID, &mappedPath, &folder.UsedQuotaSize, &folder.UsedQuotaFiles,
|
||||
&folder.LastQuotaUpdate, &folder.Name, &description, &fsConfig)
|
||||
if err != nil {
|
||||
|
@ -2026,14 +2155,12 @@ func sqlCommonGetFolders(limit, offset int, order string, minimal bool, dbHandle
|
|||
if description.Valid {
|
||||
folder.Description = description.String
|
||||
}
|
||||
if fsConfig.Valid {
|
||||
var fs vfs.Filesystem
|
||||
err = json.Unmarshal([]byte(fsConfig.String), &fs)
|
||||
err = json.Unmarshal(fsConfig, &fs)
|
||||
if err == nil {
|
||||
folder.FsConfig = fs
|
||||
}
|
||||
}
|
||||
}
|
||||
folder.PrepareForRendering()
|
||||
folders = append(folders, folder)
|
||||
}
|
||||
|
@ -2297,7 +2424,8 @@ func getUsersWithVirtualFolders(ctx context.Context, users []User, dbHandle sqlQ
|
|||
for rows.Next() {
|
||||
var folder vfs.VirtualFolder
|
||||
var userID int64
|
||||
var mappedPath, fsConfig, description sql.NullString
|
||||
var mappedPath, description sql.NullString
|
||||
var fsConfig []byte
|
||||
err = rows.Scan(&folder.ID, &folder.Name, &mappedPath, &folder.UsedQuotaSize, &folder.UsedQuotaFiles,
|
||||
&folder.LastQuotaUpdate, &folder.VirtualPath, &folder.QuotaSize, &folder.QuotaFiles, &userID, &fsConfig,
|
||||
&description)
|
||||
|
@ -2310,13 +2438,11 @@ func getUsersWithVirtualFolders(ctx context.Context, users []User, dbHandle sqlQ
|
|||
if description.Valid {
|
||||
folder.Description = description.String
|
||||
}
|
||||
if fsConfig.Valid {
|
||||
var fs vfs.Filesystem
|
||||
err = json.Unmarshal([]byte(fsConfig.String), &fs)
|
||||
err = json.Unmarshal(fsConfig, &fs)
|
||||
if err == nil {
|
||||
folder.FsConfig = fs
|
||||
}
|
||||
}
|
||||
usersVirtualFolders[userID] = append(usersVirtualFolders[userID], folder)
|
||||
}
|
||||
err = rows.Err()
|
||||
|
@ -2390,6 +2516,28 @@ func getGroupWithUsers(ctx context.Context, group Group, dbHandle sqlQuerier) (G
|
|||
return groups[0], err
|
||||
}
|
||||
|
||||
func getRoleWithUsers(ctx context.Context, role Role, dbHandle sqlQuerier) (Role, error) {
|
||||
roles, err := getRolesWithUsers(ctx, []Role{role}, dbHandle)
|
||||
if err != nil {
|
||||
return role, err
|
||||
}
|
||||
if len(roles) == 0 {
|
||||
return role, errors.New("unable to associate users with role")
|
||||
}
|
||||
return roles[0], err
|
||||
}
|
||||
|
||||
func getRoleWithAdmins(ctx context.Context, role Role, dbHandle sqlQuerier) (Role, error) {
|
||||
roles, err := getRolesWithAdmins(ctx, []Role{role}, dbHandle)
|
||||
if err != nil {
|
||||
return role, err
|
||||
}
|
||||
if len(roles) == 0 {
|
||||
return role, errors.New("unable to associate admins with role")
|
||||
}
|
||||
return roles[0], err
|
||||
}
|
||||
|
||||
func getGroupWithAdmins(ctx context.Context, group Group, dbHandle sqlQuerier) (Group, error) {
|
||||
groups, err := getGroupsWithAdmins(ctx, []Group{group}, dbHandle)
|
||||
if err != nil {
|
||||
|
@ -2427,7 +2575,8 @@ func getGroupsWithVirtualFolders(ctx context.Context, groups []Group, dbHandle s
|
|||
for rows.Next() {
|
||||
var groupID int64
|
||||
var folder vfs.VirtualFolder
|
||||
var mappedPath, fsConfig, description sql.NullString
|
||||
var mappedPath, description sql.NullString
|
||||
var fsConfig []byte
|
||||
err = rows.Scan(&folder.ID, &folder.Name, &mappedPath, &folder.UsedQuotaSize, &folder.UsedQuotaFiles,
|
||||
&folder.LastQuotaUpdate, &folder.VirtualPath, &folder.QuotaSize, &folder.QuotaFiles, &groupID, &fsConfig,
|
||||
&description)
|
||||
|
@ -2440,13 +2589,11 @@ func getGroupsWithVirtualFolders(ctx context.Context, groups []Group, dbHandle s
|
|||
if description.Valid {
|
||||
folder.Description = description.String
|
||||
}
|
||||
if fsConfig.Valid {
|
||||
var fs vfs.Filesystem
|
||||
err = json.Unmarshal([]byte(fsConfig.String), &fs)
|
||||
err = json.Unmarshal(fsConfig, &fs)
|
||||
if err == nil {
|
||||
folder.FsConfig = fs
|
||||
}
|
||||
}
|
||||
groupsVirtualFolders[groupID] = append(groupsVirtualFolders[groupID], folder)
|
||||
}
|
||||
err = rows.Err()
|
||||
|
@ -2498,6 +2645,71 @@ func getGroupsWithUsers(ctx context.Context, groups []Group, dbHandle sqlQuerier
|
|||
return groups, err
|
||||
}
|
||||
|
||||
func getRolesWithUsers(ctx context.Context, roles []Role, dbHandle sqlQuerier) ([]Role, error) {
|
||||
if len(roles) == 0 {
|
||||
return roles, nil
|
||||
}
|
||||
rows, err := dbHandle.QueryContext(ctx, getUsersWithRolesQuery(roles))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
rolesUsers := make(map[int64][]string)
|
||||
for rows.Next() {
|
||||
var roleID int64
|
||||
var username string
|
||||
err = rows.Scan(&roleID, &username)
|
||||
if err != nil {
|
||||
return roles, err
|
||||
}
|
||||
rolesUsers[roleID] = append(rolesUsers[roleID], username)
|
||||
}
|
||||
err = rows.Err()
|
||||
if err != nil {
|
||||
return roles, err
|
||||
}
|
||||
if len(rolesUsers) > 0 {
|
||||
for idx := range roles {
|
||||
ref := &roles[idx]
|
||||
ref.Users = rolesUsers[ref.ID]
|
||||
}
|
||||
}
|
||||
return roles, nil
|
||||
}
|
||||
|
||||
func getRolesWithAdmins(ctx context.Context, roles []Role, dbHandle sqlQuerier) ([]Role, error) {
|
||||
if len(roles) == 0 {
|
||||
return roles, nil
|
||||
}
|
||||
rows, err := dbHandle.QueryContext(ctx, getAdminsWithRolesQuery(roles))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
rolesAdmins := make(map[int64][]string)
|
||||
for rows.Next() {
|
||||
var roleID int64
|
||||
var username string
|
||||
err = rows.Scan(&roleID, &username)
|
||||
if err != nil {
|
||||
return roles, err
|
||||
}
|
||||
rolesAdmins[roleID] = append(rolesAdmins[roleID], username)
|
||||
}
|
||||
if err = rows.Err(); err != nil {
|
||||
return roles, err
|
||||
}
|
||||
if len(rolesAdmins) > 0 {
|
||||
for idx := range roles {
|
||||
ref := &roles[idx]
|
||||
ref.Admins = rolesAdmins[ref.ID]
|
||||
}
|
||||
}
|
||||
return roles, nil
|
||||
}
|
||||
|
||||
func getGroupsWithAdmins(ctx context.Context, groups []Group, dbHandle sqlQuerier) ([]Group, error) {
|
||||
if len(groups) == 0 {
|
||||
return groups, nil
|
||||
|
@ -2701,7 +2913,7 @@ func getRelatedValuesForAPIKeys(ctx context.Context, apiKeys []APIKey, dbHandle
|
|||
func sqlCommonGetAPIKeyRelatedIDs(apiKey *APIKey) (sql.NullInt64, sql.NullInt64, error) {
|
||||
var userID, adminID sql.NullInt64
|
||||
if apiKey.User != "" {
|
||||
u, err := provider.userExists(apiKey.User)
|
||||
u, err := provider.userExists(apiKey.User, "")
|
||||
if err != nil {
|
||||
return userID, adminID, util.NewValidationError(fmt.Sprintf("unable to validate user %v", apiKey.User))
|
||||
}
|
||||
|
|
|
@ -24,6 +24,7 @@ import (
|
|||
"errors"
|
||||
"fmt"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
// we import go-sqlite3 here to be able to disable SQLite support using a build tag
|
||||
|
@ -55,6 +56,7 @@ DROP TABLE IF EXISTS "{{rules_actions_mapping}}";
|
|||
DROP TABLE IF EXISTS "{{events_rules}}";
|
||||
DROP TABLE IF EXISTS "{{events_actions}}";
|
||||
DROP TABLE IF EXISTS "{{tasks}}";
|
||||
DROP TABLE IF EXISTS "{{roles}}";
|
||||
DROP TABLE IF EXISTS "{{schema_version}}";
|
||||
`
|
||||
sqliteInitialSQL = `CREATE TABLE "{{schema_version}}" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "version" integer NOT NULL);
|
||||
|
@ -159,6 +161,19 @@ CREATE INDEX "{{prefix}}rules_actions_mapping_order_idx" ON "{{rules_actions_map
|
|||
CREATE INDEX "{{prefix}}admins_groups_mapping_admin_id_idx" ON "{{admins_groups_mapping}}" ("admin_id");
|
||||
CREATE INDEX "{{prefix}}admins_groups_mapping_group_id_idx" ON "{{admins_groups_mapping}}" ("group_id");
|
||||
INSERT INTO {{schema_version}} (version) VALUES (23);
|
||||
`
|
||||
sqliteV24SQL = `CREATE TABLE "{{roles}}" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "name" varchar(255) NOT NULL UNIQUE,
|
||||
"description" varchar(512) NULL, "created_at" bigint NOT NULL, "updated_at" bigint NOT NULL);
|
||||
ALTER TABLE "{{users}}" ADD COLUMN "role_id" integer NULL REFERENCES "{{roles}}" ("id") ON DELETE SET NULL;
|
||||
ALTER TABLE "{{admins}}" ADD COLUMN "role_id" integer NULL REFERENCES "{{roles}}" ("id") ON DELETE NO ACTION;
|
||||
CREATE INDEX "{{prefix}}users_role_id_idx" ON "{{users}}" ("role_id");
|
||||
CREATE INDEX "{{prefix}}admins_role_id_idx" ON "{{admins}}" ("role_id");
|
||||
`
|
||||
sqliteV24DownSQL = `DROP INDEX "{{prefix}}users_role_id_idx";
|
||||
DROP INDEX "{{prefix}}admins_role_id_idx";
|
||||
ALTER TABLE "{{users}}" DROP COLUMN role_id;
|
||||
ALTER TABLE "{{admins}}" DROP COLUMN role_id;
|
||||
DROP TABLE "{{roles}}";
|
||||
`
|
||||
)
|
||||
|
||||
|
@ -239,8 +254,8 @@ func (p *SQLiteProvider) updateAdminLastLogin(username string) error {
|
|||
return sqlCommonUpdateAdminLastLogin(username, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *SQLiteProvider) userExists(username string) (User, error) {
|
||||
return sqlCommonGetUserByUsername(username, p.dbHandle)
|
||||
func (p *SQLiteProvider) userExists(username, role string) (User, error) {
|
||||
return sqlCommonGetUserByUsername(username, role, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *SQLiteProvider) addUser(user *User) error {
|
||||
|
@ -267,8 +282,8 @@ func (p *SQLiteProvider) getRecentlyUpdatedUsers(after int64) ([]User, error) {
|
|||
return sqlCommonGetRecentlyUpdatedUsers(after, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *SQLiteProvider) getUsers(limit int, offset int, order string) ([]User, error) {
|
||||
return sqlCommonGetUsers(limit, offset, order, p.dbHandle)
|
||||
func (p *SQLiteProvider) getUsers(limit int, offset int, order, role string) ([]User, error) {
|
||||
return sqlCommonGetUsers(limit, offset, order, role, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *SQLiteProvider) getUsersForQuotaCheck(toFetch map[string]bool) ([]User, error) {
|
||||
|
@ -581,6 +596,30 @@ func (*SQLiteProvider) cleanupNodes() error {
|
|||
return ErrNotImplemented
|
||||
}
|
||||
|
||||
func (p *SQLiteProvider) roleExists(name string) (Role, error) {
|
||||
return sqlCommonGetRoleByName(name, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *SQLiteProvider) addRole(role *Role) error {
|
||||
return sqlCommonAddRole(role, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *SQLiteProvider) updateRole(role *Role) error {
|
||||
return sqlCommonUpdateRole(role, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *SQLiteProvider) deleteRole(role Role) error {
|
||||
return sqlCommonDeleteRole(role, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *SQLiteProvider) getRoles(limit int, offset int, order string, minimal bool) ([]Role, error) {
|
||||
return sqlCommonGetRoles(limit, offset, order, minimal, p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *SQLiteProvider) dumpRoles() ([]Role, error) {
|
||||
return sqlCommonDumpRoles(p.dbHandle)
|
||||
}
|
||||
|
||||
func (p *SQLiteProvider) setFirstDownloadTimestamp(username string) error {
|
||||
return sqlCommonSetFirstDownloadTimestamp(username, p.dbHandle)
|
||||
}
|
||||
|
@ -628,6 +667,8 @@ func (p *SQLiteProvider) migrateDatabase() error { //nolint:dupl
|
|||
providerLog(logger.LevelError, "%v", err)
|
||||
logger.ErrorToConsole("%v", err)
|
||||
return err
|
||||
case version == 23:
|
||||
return updateSQLiteDatabaseFromV23(p.dbHandle)
|
||||
default:
|
||||
if version > sqlDatabaseVersion {
|
||||
providerLog(logger.LevelError, "database schema version %d is newer than the supported one: %d", version,
|
||||
|
@ -650,6 +691,8 @@ func (p *SQLiteProvider) revertDatabase(targetVersion int) error {
|
|||
}
|
||||
|
||||
switch dbVersion.Version {
|
||||
case 24:
|
||||
return downgradeSQLiteDatabaseFromV24(p.dbHandle)
|
||||
default:
|
||||
return fmt.Errorf("database schema version not handled: %d", dbVersion.Version)
|
||||
}
|
||||
|
@ -660,6 +703,34 @@ func (p *SQLiteProvider) resetDatabase() error {
|
|||
return sqlCommonExecSQLAndUpdateDBVersion(p.dbHandle, []string{sql}, 0, false)
|
||||
}
|
||||
|
||||
func updateSQLiteDatabaseFromV23(dbHandle *sql.DB) error {
|
||||
return updateSQLiteDatabaseFrom23To24(dbHandle)
|
||||
}
|
||||
|
||||
func downgradeSQLiteDatabaseFromV24(dbHandle *sql.DB) error {
|
||||
return downgradeSQLiteDatabaseFrom24To23(dbHandle)
|
||||
}
|
||||
|
||||
func updateSQLiteDatabaseFrom23To24(dbHandle *sql.DB) error {
|
||||
logger.InfoToConsole("updating database schema version: 23 -> 24")
|
||||
providerLog(logger.LevelInfo, "updating database schema version: 23 -> 24")
|
||||
sql := strings.ReplaceAll(sqliteV24SQL, "{{roles}}", sqlTableRoles)
|
||||
sql = strings.ReplaceAll(sql, "{{admins}}", sqlTableAdmins)
|
||||
sql = strings.ReplaceAll(sql, "{{users}}", sqlTableUsers)
|
||||
sql = strings.ReplaceAll(sql, "{{prefix}}", config.SQLTablesPrefix)
|
||||
return sqlCommonExecSQLAndUpdateDBVersion(dbHandle, []string{sql}, 24, true)
|
||||
}
|
||||
|
||||
func downgradeSQLiteDatabaseFrom24To23(dbHandle *sql.DB) error {
|
||||
logger.InfoToConsole("downgrading database schema version: 24 -> 23")
|
||||
providerLog(logger.LevelInfo, "downgrading database schema version: 24 -> 23")
|
||||
sql := strings.ReplaceAll(sqliteV24DownSQL, "{{roles}}", sqlTableRoles)
|
||||
sql = strings.ReplaceAll(sql, "{{admins}}", sqlTableAdmins)
|
||||
sql = strings.ReplaceAll(sql, "{{users}}", sqlTableUsers)
|
||||
sql = strings.ReplaceAll(sql, "{{prefix}}", config.SQLTablesPrefix)
|
||||
return sqlCommonExecSQLAndUpdateDBVersion(dbHandle, []string{sql}, 23, false)
|
||||
}
|
||||
|
||||
/*func setPragmaFK(dbHandle *sql.DB, value string) error {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), longSQLQueryTimeout)
|
||||
defer cancel()
|
||||
|
|
|
@ -23,17 +23,19 @@ import (
|
|||
)
|
||||
|
||||
const (
|
||||
selectUserFields = "id,username,password,public_keys,home_dir,uid,gid,max_sessions,quota_size,quota_files,permissions,used_quota_size," +
|
||||
"used_quota_files,last_quota_update,upload_bandwidth,download_bandwidth,expiration_date,last_login,status,filters,filesystem," +
|
||||
"additional_info,description,email,created_at,updated_at,upload_data_transfer,download_data_transfer,total_data_transfer," +
|
||||
"used_upload_data_transfer,used_download_data_transfer,deleted_at,first_download,first_upload"
|
||||
selectUserFields = "u.id,u.username,u.password,u.public_keys,u.home_dir,u.uid,u.gid,u.max_sessions,u.quota_size,u.quota_files," +
|
||||
"u.permissions,u.used_quota_size,u.used_quota_files,u.last_quota_update,u.upload_bandwidth,u.download_bandwidth," +
|
||||
"u.expiration_date,u.last_login,u.status,u.filters,u.filesystem,u.additional_info,u.description,u.email,u.created_at," +
|
||||
"u.updated_at,u.upload_data_transfer,u.download_data_transfer,u.total_data_transfer," +
|
||||
"u.used_upload_data_transfer,u.used_download_data_transfer,u.deleted_at,u.first_download,u.first_upload,r.name"
|
||||
selectFolderFields = "id,path,used_quota_size,used_quota_files,last_quota_update,name,description,filesystem"
|
||||
selectAdminFields = "id,username,password,status,email,permissions,filters,additional_info,description,created_at,updated_at,last_login"
|
||||
selectAdminFields = "a.id,a.username,a.password,a.status,a.email,a.permissions,a.filters,a.additional_info,a.description,a.created_at,a.updated_at,a.last_login,r.name"
|
||||
selectAPIKeyFields = "key_id,name,api_key,scope,created_at,updated_at,last_use_at,expires_at,description,user_id,admin_id"
|
||||
selectShareFields = "s.share_id,s.name,s.description,s.scope,s.paths,u.username,s.created_at,s.updated_at,s.last_use_at," +
|
||||
"s.expires_at,s.password,s.max_tokens,s.used_tokens,s.allow_from"
|
||||
selectGroupFields = "id,name,description,created_at,updated_at,user_settings"
|
||||
selectEventActionFields = "id,name,description,type,options"
|
||||
selectRoleFields = "id,name,description,created_at,updated_at"
|
||||
selectMinimalFields = "id,name"
|
||||
)
|
||||
|
||||
|
@ -65,6 +67,13 @@ func getSelectEventRuleFields() string {
|
|||
return `id,name,description,created_at,updated_at,"trigger",conditions,deleted_at`
|
||||
}
|
||||
|
||||
func getCoalesceDefaultForRole(role string) string {
|
||||
if role != "" {
|
||||
return "0"
|
||||
}
|
||||
return "NULL"
|
||||
}
|
||||
|
||||
func getAddSessionQuery() string {
|
||||
if config.Driver == MySQLDataProviderName {
|
||||
return fmt.Sprintf("INSERT INTO %s (`key`,`data`,`type`,`timestamp`) VALUES (%s,%s,%s,%s) "+
|
||||
|
@ -170,6 +179,75 @@ func getDefenderEventsCleanupQuery() string {
|
|||
return fmt.Sprintf(`DELETE FROM %s WHERE date_time < %s`, sqlTableDefenderEvents, sqlPlaceholders[0])
|
||||
}
|
||||
|
||||
func getRoleByNameQuery() string {
|
||||
return fmt.Sprintf(`SELECT %s FROM %s WHERE name = %s`, selectRoleFields, sqlTableRoles,
|
||||
sqlPlaceholders[0])
|
||||
}
|
||||
|
||||
func getRolesQuery(order string, minimal bool) string {
|
||||
var fieldSelection string
|
||||
if minimal {
|
||||
fieldSelection = selectMinimalFields
|
||||
} else {
|
||||
fieldSelection = selectRoleFields
|
||||
}
|
||||
return fmt.Sprintf(`SELECT %s FROM %s ORDER BY name %s LIMIT %s OFFSET %s`, fieldSelection,
|
||||
sqlTableRoles, order, sqlPlaceholders[0], sqlPlaceholders[1])
|
||||
}
|
||||
|
||||
func getUsersWithRolesQuery(roles []Role) string {
|
||||
var sb strings.Builder
|
||||
for _, r := range roles {
|
||||
if sb.Len() == 0 {
|
||||
sb.WriteString("(")
|
||||
} else {
|
||||
sb.WriteString(",")
|
||||
}
|
||||
sb.WriteString(strconv.FormatInt(r.ID, 10))
|
||||
}
|
||||
if sb.Len() > 0 {
|
||||
sb.WriteString(")")
|
||||
}
|
||||
return fmt.Sprintf(`SELECT r.id, u.username FROM %s u INNER JOIN %s r ON u.role_id = r.id WHERE u.role_id IN %s`,
|
||||
sqlTableUsers, sqlTableRoles, sb.String())
|
||||
}
|
||||
|
||||
func getAdminsWithRolesQuery(roles []Role) string {
|
||||
var sb strings.Builder
|
||||
for _, r := range roles {
|
||||
if sb.Len() == 0 {
|
||||
sb.WriteString("(")
|
||||
} else {
|
||||
sb.WriteString(",")
|
||||
}
|
||||
sb.WriteString(strconv.FormatInt(r.ID, 10))
|
||||
}
|
||||
if sb.Len() > 0 {
|
||||
sb.WriteString(")")
|
||||
}
|
||||
return fmt.Sprintf(`SELECT r.id, a.username FROM %s a INNER JOIN %s r ON a.role_id = r.id WHERE a.role_id IN %s`,
|
||||
sqlTableAdmins, sqlTableRoles, sb.String())
|
||||
}
|
||||
|
||||
func getDumpRolesQuery() string {
|
||||
return fmt.Sprintf(`SELECT %s FROM %s`, selectRoleFields, sqlTableRoles)
|
||||
}
|
||||
|
||||
func getAddRoleQuery() string {
|
||||
return fmt.Sprintf(`INSERT INTO %s (name,description,created_at,updated_at)
|
||||
VALUES (%s,%s,%s,%s)`, sqlTableRoles, sqlPlaceholders[0], sqlPlaceholders[1],
|
||||
sqlPlaceholders[2], sqlPlaceholders[3])
|
||||
}
|
||||
|
||||
func getUpdateRoleQuery() string {
|
||||
return fmt.Sprintf(`UPDATE %s SET description=%s,updated_at=%s
|
||||
WHERE name = %s`, sqlTableRoles, sqlPlaceholders[0], sqlPlaceholders[1], sqlPlaceholders[2])
|
||||
}
|
||||
|
||||
func getDeleteRoleQuery() string {
|
||||
return fmt.Sprintf(`DELETE FROM %s WHERE name = %s`, sqlTableRoles, sqlPlaceholders[0])
|
||||
}
|
||||
|
||||
func getGroupByNameQuery() string {
|
||||
return fmt.Sprintf(`SELECT %s FROM %s WHERE name = %s`, selectGroupFields, getSQLQuotedName(sqlTableGroups),
|
||||
sqlPlaceholders[0])
|
||||
|
@ -244,29 +322,33 @@ func getDeleteGroupQuery() string {
|
|||
}
|
||||
|
||||
func getAdminByUsernameQuery() string {
|
||||
return fmt.Sprintf(`SELECT %s FROM %s WHERE username = %s`, selectAdminFields, sqlTableAdmins, sqlPlaceholders[0])
|
||||
return fmt.Sprintf(`SELECT %s FROM %s a LEFT JOIN %s r on r.id = a.role_id WHERE a.username = %s`,
|
||||
selectAdminFields, sqlTableAdmins, sqlTableRoles, sqlPlaceholders[0])
|
||||
}
|
||||
|
||||
func getAdminsQuery(order string) string {
|
||||
return fmt.Sprintf(`SELECT %s FROM %s ORDER BY username %s LIMIT %s OFFSET %s`, selectAdminFields, sqlTableAdmins,
|
||||
order, sqlPlaceholders[0], sqlPlaceholders[1])
|
||||
return fmt.Sprintf(`SELECT %s FROM %s a LEFT JOIN %s r on r.id = a.role_id ORDER BY a.username %s LIMIT %s OFFSET %s`,
|
||||
selectAdminFields, sqlTableAdmins, sqlTableRoles, order, sqlPlaceholders[0], sqlPlaceholders[1])
|
||||
}
|
||||
|
||||
func getDumpAdminsQuery() string {
|
||||
return fmt.Sprintf(`SELECT %s FROM %s`, selectAdminFields, sqlTableAdmins)
|
||||
return fmt.Sprintf(`SELECT %s FROM %s a LEFT JOIN %s r on r.id = a.role_id`,
|
||||
selectAdminFields, sqlTableAdmins, sqlTableRoles)
|
||||
}
|
||||
|
||||
func getAddAdminQuery() string {
|
||||
return fmt.Sprintf(`INSERT INTO %s (username,password,status,email,permissions,filters,additional_info,description,created_at,updated_at,last_login)
|
||||
VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,0)`, sqlTableAdmins, sqlPlaceholders[0], sqlPlaceholders[1],
|
||||
sqlPlaceholders[2], sqlPlaceholders[3], sqlPlaceholders[4], sqlPlaceholders[5], sqlPlaceholders[6], sqlPlaceholders[7],
|
||||
sqlPlaceholders[8], sqlPlaceholders[9])
|
||||
func getAddAdminQuery(role string) string {
|
||||
return fmt.Sprintf(`INSERT INTO %s (username,password,status,email,permissions,filters,additional_info,description,created_at,updated_at,last_login,role_id)
|
||||
VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,0,COALESCE((SELECT id from %s WHERE name = %s),%s))`,
|
||||
sqlTableAdmins, sqlPlaceholders[0], sqlPlaceholders[1], sqlPlaceholders[2], sqlPlaceholders[3], sqlPlaceholders[4],
|
||||
sqlPlaceholders[5], sqlPlaceholders[6], sqlPlaceholders[7], sqlPlaceholders[8], sqlPlaceholders[9],
|
||||
sqlTableRoles, sqlPlaceholders[10], getCoalesceDefaultForRole(role))
|
||||
}
|
||||
|
||||
func getUpdateAdminQuery() string {
|
||||
return fmt.Sprintf(`UPDATE %s SET password=%s,status=%s,email=%s,permissions=%s,filters=%s,additional_info=%s,description=%s,updated_at=%s
|
||||
WHERE username = %s`, sqlTableAdmins, sqlPlaceholders[0], sqlPlaceholders[1], sqlPlaceholders[2],
|
||||
sqlPlaceholders[3], sqlPlaceholders[4], sqlPlaceholders[5], sqlPlaceholders[6], sqlPlaceholders[7], sqlPlaceholders[8])
|
||||
func getUpdateAdminQuery(role string) string {
|
||||
return fmt.Sprintf(`UPDATE %s SET password=%s,status=%s,email=%s,permissions=%s,filters=%s,additional_info=%s,description=%s,updated_at=%s,
|
||||
role_id=COALESCE((SELECT id from %s WHERE name = %s),%s) WHERE username = %s`, sqlTableAdmins, sqlPlaceholders[0],
|
||||
sqlPlaceholders[1], sqlPlaceholders[2], sqlPlaceholders[3], sqlPlaceholders[4], sqlPlaceholders[5], sqlPlaceholders[6],
|
||||
sqlPlaceholders[7], sqlTableRoles, sqlPlaceholders[8], getCoalesceDefaultForRole(role), sqlPlaceholders[9])
|
||||
}
|
||||
|
||||
func getDeleteAdminQuery() string {
|
||||
|
@ -393,14 +475,25 @@ func getRelatedAdminsForAPIKeysQuery(apiKeys []APIKey) string {
|
|||
return fmt.Sprintf(`SELECT id,username FROM %s WHERE id IN %s`, sqlTableAdmins, sb.String())
|
||||
}
|
||||
|
||||
func getUserByUsernameQuery() string {
|
||||
return fmt.Sprintf(`SELECT %s FROM %s WHERE username = %s AND deleted_at = 0`,
|
||||
selectUserFields, sqlTableUsers, sqlPlaceholders[0])
|
||||
func getUserByUsernameQuery(role string) string {
|
||||
if role == "" {
|
||||
return fmt.Sprintf(`SELECT %s FROM %s u LEFT JOIN %s r on r.id = u.role_id WHERE u.username = %s AND u.deleted_at = 0`,
|
||||
selectUserFields, sqlTableUsers, sqlTableRoles, sqlPlaceholders[0])
|
||||
}
|
||||
return fmt.Sprintf(`SELECT %s FROM %s u LEFT JOIN %s r on r.id = u.role_id WHERE u.username = %s AND u.deleted_at = 0
|
||||
AND u.role_id is NOT NULL AND r.name = %s`,
|
||||
selectUserFields, sqlTableUsers, sqlTableRoles, sqlPlaceholders[0], sqlPlaceholders[1])
|
||||
}
|
||||
|
||||
func getUsersQuery(order string) string {
|
||||
return fmt.Sprintf(`SELECT %s FROM %s WHERE deleted_at = 0 ORDER BY username %s LIMIT %s OFFSET %s`,
|
||||
selectUserFields, sqlTableUsers, order, sqlPlaceholders[0], sqlPlaceholders[1])
|
||||
func getUsersQuery(order, role string) string {
|
||||
if role == "" {
|
||||
return fmt.Sprintf(`SELECT %s FROM %s u LEFT JOIN %s r on r.id = u.role_id WHERE
|
||||
u.deleted_at = 0 ORDER BY u.username %s LIMIT %s OFFSET %s`,
|
||||
selectUserFields, sqlTableUsers, sqlTableRoles, order, sqlPlaceholders[0], sqlPlaceholders[1])
|
||||
}
|
||||
return fmt.Sprintf(`SELECT %s FROM %s u LEFT JOIN %s r on r.id = u.role_id WHERE
|
||||
u.deleted_at = 0 AND u.role_id is NOT NULL AND r.name = %s ORDER BY u.username %s LIMIT %s OFFSET %s`,
|
||||
selectUserFields, sqlTableUsers, sqlTableRoles, sqlPlaceholders[0], order, sqlPlaceholders[1], sqlPlaceholders[2])
|
||||
}
|
||||
|
||||
func getUsersForQuotaCheckQuery(numArgs int) string {
|
||||
|
@ -422,12 +515,13 @@ func getUsersForQuotaCheckQuery(numArgs int) string {
|
|||
}
|
||||
|
||||
func getRecentlyUpdatedUsersQuery() string {
|
||||
return fmt.Sprintf(`SELECT %s FROM %s WHERE updated_at >= %s OR deleted_at > 0`,
|
||||
selectUserFields, sqlTableUsers, sqlPlaceholders[0])
|
||||
return fmt.Sprintf(`SELECT %s FROM %s u LEFT JOIN %s r on r.id = u.role_id WHERE u.updated_at >= %s OR u.deleted_at > 0`,
|
||||
selectUserFields, sqlTableUsers, sqlTableRoles, sqlPlaceholders[0])
|
||||
}
|
||||
|
||||
func getDumpUsersQuery() string {
|
||||
return fmt.Sprintf(`SELECT %s FROM %s WHERE deleted_at = 0`, selectUserFields, sqlTableUsers)
|
||||
return fmt.Sprintf(`SELECT %s FROM %s u LEFT JOIN %s r on r.id = u.role_id WHERE u.deleted_at = 0`,
|
||||
selectUserFields, sqlTableUsers, sqlTableRoles)
|
||||
}
|
||||
|
||||
func getDumpFoldersQuery() string {
|
||||
|
@ -490,29 +584,32 @@ func getQuotaQuery() string {
|
|||
sqlTableUsers, sqlPlaceholders[0])
|
||||
}
|
||||
|
||||
func getAddUserQuery() string {
|
||||
func getAddUserQuery(role string) string {
|
||||
return fmt.Sprintf(`INSERT INTO %s (username,password,public_keys,home_dir,uid,gid,max_sessions,quota_size,quota_files,permissions,
|
||||
used_quota_size,used_quota_files,last_quota_update,upload_bandwidth,download_bandwidth,status,last_login,expiration_date,filters,
|
||||
filesystem,additional_info,description,email,created_at,updated_at,upload_data_transfer,download_data_transfer,total_data_transfer,
|
||||
used_upload_data_transfer,used_download_data_transfer,deleted_at,first_download,first_upload)
|
||||
VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,0,0,0,%s,%s,%s,0,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,0,0,0,0,0)`,
|
||||
used_upload_data_transfer,used_download_data_transfer,deleted_at,first_download,first_upload,role_id)
|
||||
VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,0,0,0,%s,%s,%s,0,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,0,0,0,0,0,
|
||||
COALESCE((SELECT id from %s WHERE name=%s),%s))`,
|
||||
sqlTableUsers, sqlPlaceholders[0], sqlPlaceholders[1], sqlPlaceholders[2], sqlPlaceholders[3], sqlPlaceholders[4],
|
||||
sqlPlaceholders[5], sqlPlaceholders[6], sqlPlaceholders[7], sqlPlaceholders[8], sqlPlaceholders[9],
|
||||
sqlPlaceholders[10], sqlPlaceholders[11], sqlPlaceholders[12], sqlPlaceholders[13], sqlPlaceholders[14],
|
||||
sqlPlaceholders[15], sqlPlaceholders[16], sqlPlaceholders[17], sqlPlaceholders[18], sqlPlaceholders[19],
|
||||
sqlPlaceholders[20], sqlPlaceholders[21], sqlPlaceholders[22], sqlPlaceholders[23])
|
||||
sqlPlaceholders[20], sqlPlaceholders[21], sqlPlaceholders[22], sqlPlaceholders[23], sqlTableRoles,
|
||||
sqlPlaceholders[24], getCoalesceDefaultForRole(role))
|
||||
}
|
||||
|
||||
func getUpdateUserQuery() string {
|
||||
func getUpdateUserQuery(role string) string {
|
||||
return fmt.Sprintf(`UPDATE %s SET password=%s,public_keys=%s,home_dir=%s,uid=%s,gid=%s,max_sessions=%s,quota_size=%s,
|
||||
quota_files=%s,permissions=%s,upload_bandwidth=%s,download_bandwidth=%s,status=%s,expiration_date=%s,filters=%s,filesystem=%s,
|
||||
additional_info=%s,description=%s,email=%s,updated_at=%s,upload_data_transfer=%s,download_data_transfer=%s,
|
||||
total_data_transfer=%s WHERE id = %s`,
|
||||
total_data_transfer=%s,role_id=COALESCE((SELECT id from %s WHERE name=%s),%s) WHERE id = %s`,
|
||||
sqlTableUsers, sqlPlaceholders[0], sqlPlaceholders[1], sqlPlaceholders[2], sqlPlaceholders[3], sqlPlaceholders[4],
|
||||
sqlPlaceholders[5], sqlPlaceholders[6], sqlPlaceholders[7], sqlPlaceholders[8], sqlPlaceholders[9],
|
||||
sqlPlaceholders[10], sqlPlaceholders[11], sqlPlaceholders[12], sqlPlaceholders[13], sqlPlaceholders[14],
|
||||
sqlPlaceholders[15], sqlPlaceholders[16], sqlPlaceholders[17], sqlPlaceholders[18], sqlPlaceholders[19],
|
||||
sqlPlaceholders[20], sqlPlaceholders[21], sqlPlaceholders[22])
|
||||
sqlPlaceholders[20], sqlPlaceholders[21], sqlTableRoles, sqlPlaceholders[22], getCoalesceDefaultForRole(role),
|
||||
sqlPlaceholders[23])
|
||||
}
|
||||
|
||||
func getUpdateUserPasswordQuery() string {
|
||||
|
|
|
@ -390,7 +390,7 @@ func (u *User) setAnonymousSettings() {
|
|||
// RenderAsJSON implements the renderer interface used within plugins
|
||||
func (u *User) RenderAsJSON(reload bool) ([]byte, error) {
|
||||
if reload {
|
||||
user, err := provider.userExists(u.Username)
|
||||
user, err := provider.userExists(u.Username, "")
|
||||
if err != nil {
|
||||
providerLog(logger.LevelError, "unable to reload user before rendering as json: %v", err)
|
||||
return nil, err
|
||||
|
@ -500,7 +500,7 @@ func (u *User) getForbiddenSFTPSelfUsers(username string) ([]string, error) {
|
|||
if allowSelfConnections == 0 {
|
||||
return nil, nil
|
||||
}
|
||||
sftpUser, err := UserExists(username)
|
||||
sftpUser, err := UserExists(username, "")
|
||||
if err == nil {
|
||||
err = sftpUser.LoadAndApplyGroupSettings()
|
||||
}
|
||||
|
@ -1825,6 +1825,13 @@ func (u *User) removeDuplicatesAfterGroupMerge() {
|
|||
u.groupSettingsApplied = true
|
||||
}
|
||||
|
||||
func (u *User) hasRole(role string) bool {
|
||||
if role == "" {
|
||||
return true
|
||||
}
|
||||
return role == u.Role
|
||||
}
|
||||
|
||||
func (u *User) getACopy() User {
|
||||
u.SetEmptySecretsIfNil()
|
||||
pubKeys := make([]string, len(u.PublicKeys))
|
||||
|
@ -1899,6 +1906,7 @@ func (u *User) getACopy() User {
|
|||
Description: u.Description,
|
||||
CreatedAt: u.CreatedAt,
|
||||
UpdatedAt: u.UpdatedAt,
|
||||
Role: u.Role,
|
||||
},
|
||||
Filters: filters,
|
||||
VirtualFolders: virtualFolders,
|
||||
|
|
|
@ -43,7 +43,7 @@ func TestBasicFTPHandlingCryptFs(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
client, err := getFTPClient(user, true, nil)
|
||||
if assert.NoError(t, err) {
|
||||
assert.Len(t, common.Connections.GetStats(), 1)
|
||||
assert.Len(t, common.Connections.GetStats(""), 1)
|
||||
testFilePath := filepath.Join(homeBasePath, testFileName)
|
||||
testFileSize := int64(65535)
|
||||
encryptedFileSize, err := getEncryptedFileSize(testFileSize)
|
||||
|
@ -131,7 +131,7 @@ func TestBasicFTPHandlingCryptFs(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 }, 1*time.Second, 50*time.Millisecond)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 1*time.Second, 50*time.Millisecond)
|
||||
assert.Eventually(t, func() bool { return common.Connections.GetClientConnections() == 0 }, 1000*time.Millisecond,
|
||||
50*time.Millisecond)
|
||||
}
|
||||
|
|
|
@ -519,9 +519,9 @@ func TestBasicFTPHandling(t *testing.T) {
|
|||
client, err := getFTPClient(user, true, nil)
|
||||
if assert.NoError(t, err) {
|
||||
if user.Username == defaultUsername {
|
||||
assert.Len(t, common.Connections.GetStats(), 1)
|
||||
assert.Len(t, common.Connections.GetStats(""), 1)
|
||||
} else {
|
||||
assert.Len(t, common.Connections.GetStats(), 2)
|
||||
assert.Len(t, common.Connections.GetStats(""), 2)
|
||||
}
|
||||
testFilePath := filepath.Join(homeBasePath, testFileName)
|
||||
testFileSize := int64(65535)
|
||||
|
@ -619,7 +619,7 @@ func TestBasicFTPHandling(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(localUser.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 }, 1*time.Second, 50*time.Millisecond)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 1*time.Second, 50*time.Millisecond)
|
||||
assert.Eventually(t, func() bool { return common.Connections.GetClientConnections() == 0 }, 1000*time.Millisecond,
|
||||
50*time.Millisecond)
|
||||
}
|
||||
|
@ -663,7 +663,7 @@ func TestHTTPFs(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 }, 1*time.Second, 50*time.Millisecond)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 1*time.Second, 50*time.Millisecond)
|
||||
assert.Eventually(t, func() bool { return common.Connections.GetClientConnections() == 0 }, 1000*time.Millisecond,
|
||||
50*time.Millisecond)
|
||||
}
|
||||
|
@ -1623,7 +1623,7 @@ func TestMaxConnections(t *testing.T) {
|
|||
err = client.Quit()
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
err = dataprovider.DeleteUser(user.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
|
@ -1653,7 +1653,7 @@ func TestMaxPerHostConnections(t *testing.T) {
|
|||
err = client.Quit()
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
err = dataprovider.DeleteUser(user.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
|
@ -1710,7 +1710,7 @@ func TestRateLimiter(t *testing.T) {
|
|||
assert.Contains(t, err.Error(), "banned client IP")
|
||||
}
|
||||
|
||||
err = dataprovider.DeleteUser(user.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
|
@ -1752,7 +1752,7 @@ func TestDefender(t *testing.T) {
|
|||
assert.Contains(t, err.Error(), "banned client IP")
|
||||
}
|
||||
|
||||
err = dataprovider.DeleteUser(user.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
|
@ -2387,10 +2387,10 @@ func TestClientClose(t *testing.T) {
|
|||
if assert.NoError(t, err) {
|
||||
err = checkBasicFTP(client)
|
||||
assert.NoError(t, err)
|
||||
stats := common.Connections.GetStats()
|
||||
stats := common.Connections.GetStats("")
|
||||
if assert.Len(t, stats, 1) {
|
||||
common.Connections.Close(stats[0].ConnectionID)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 },
|
||||
common.Connections.Close(stats[0].ConnectionID, "")
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
|
||||
1*time.Second, 50*time.Millisecond)
|
||||
}
|
||||
}
|
||||
|
@ -3671,7 +3671,7 @@ func TestNestedVirtualFolders(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(localUser.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 }, 1*time.Second, 50*time.Millisecond)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 1*time.Second, 50*time.Millisecond)
|
||||
assert.Eventually(t, func() bool { return common.Connections.GetClientConnections() == 0 }, 1000*time.Millisecond,
|
||||
50*time.Millisecond)
|
||||
}
|
||||
|
@ -3818,7 +3818,7 @@ func waitTCPListening(address string) {
|
|||
|
||||
func waitNoConnections() {
|
||||
time.Sleep(50 * time.Millisecond)
|
||||
for len(common.Connections.GetStats()) > 0 {
|
||||
for len(common.Connections.GetStats("")) > 0 {
|
||||
time.Sleep(50 * time.Millisecond)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -620,12 +620,12 @@ func TestClientVersion(t *testing.T) {
|
|||
}
|
||||
err := common.Connections.Add(connection)
|
||||
assert.NoError(t, err)
|
||||
stats := common.Connections.GetStats()
|
||||
stats := common.Connections.GetStats("")
|
||||
if assert.Len(t, stats, 1) {
|
||||
assert.Equal(t, "mock version", stats[0].ClientVersion)
|
||||
common.Connections.Remove(connection.GetID())
|
||||
}
|
||||
assert.Len(t, common.Connections.GetStats(), 0)
|
||||
assert.Len(t, common.Connections.GetStats(""), 0)
|
||||
}
|
||||
|
||||
func TestDriverMethodsNotImplemented(t *testing.T) {
|
||||
|
|
|
@ -147,6 +147,10 @@ func updateAdmin(w http.ResponseWriter, r *http.Request) {
|
|||
sendAPIResponse(w, r, errors.New("you cannot disable yourself"), "", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if admin.Role != claims.Role {
|
||||
sendAPIResponse(w, r, errors.New("you cannot add/change your role"), "", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
}
|
||||
admin.ID = adminID
|
||||
admin.Username = username
|
||||
|
|
|
@ -40,7 +40,7 @@ func getUserConnection(w http.ResponseWriter, r *http.Request) (*Connection, err
|
|||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return nil, fmt.Errorf("invalid token claims %w", err)
|
||||
}
|
||||
user, err := dataprovider.GetUserWithGroupSettings(claims.Username)
|
||||
user, err := dataprovider.GetUserWithGroupSettings(claims.Username, "")
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, nil, "Unable to retrieve your user", getRespStatus(err))
|
||||
return nil, err
|
||||
|
@ -405,7 +405,7 @@ func getUserProfile(w http.ResponseWriter, r *http.Request) {
|
|||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
user, err := dataprovider.UserExists(claims.Username)
|
||||
user, err := dataprovider.UserExists(claims.Username, "")
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
|
@ -434,7 +434,7 @@ func updateUserProfile(w http.ResponseWriter, r *http.Request) {
|
|||
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
user, userMerged, err := dataprovider.GetUserVariants(claims.Username)
|
||||
user, userMerged, err := dataprovider.GetUserVariants(claims.Username, "")
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
|
|
|
@ -180,6 +180,10 @@ func restoreBackup(content []byte, inputFile string, scanQuota, mode int, execut
|
|||
return util.NewValidationError(fmt.Sprintf("unable to parse backup content: %v", err))
|
||||
}
|
||||
|
||||
if err = RestoreRoles(dump.Roles, inputFile, mode, executor, ipAddress); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err = RestoreFolders(dump.Folders, inputFile, mode, scanQuota, executor, ipAddress); err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -404,6 +408,30 @@ func RestoreAdmins(admins []dataprovider.Admin, inputFile string, mode int, exec
|
|||
return nil
|
||||
}
|
||||
|
||||
// RestoreRoles restores the specified roles
|
||||
func RestoreRoles(roles []dataprovider.Role, inputFile string, mode int, executor, ipAddress string) error {
|
||||
for _, role := range roles {
|
||||
role := role // pin
|
||||
r, err := dataprovider.RoleExists(role.Name)
|
||||
if err == nil {
|
||||
if mode == 1 {
|
||||
logger.Debug(logSender, "", "loaddata mode 1, existing role %q not updated", r.Name)
|
||||
continue
|
||||
}
|
||||
role.ID = r.ID
|
||||
err = dataprovider.UpdateRole(&role, executor, ipAddress)
|
||||
logger.Debug(logSender, "", "restoring existing role: %q, dump file: %#v, error: %v", role.Name, inputFile, err)
|
||||
} else {
|
||||
err = dataprovider.AddRole(&role, executor, ipAddress)
|
||||
logger.Debug(logSender, "", "adding new role: %q, dump file: %q, error: %v", role.Name, inputFile, err)
|
||||
}
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to restore role %#v: %w", role.Name, err)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// RestoreGroups restores the specified groups
|
||||
func RestoreGroups(groups []dataprovider.Group, inputFile string, mode int, executor, ipAddress string) error {
|
||||
for _, group := range groups {
|
||||
|
@ -433,7 +461,7 @@ func RestoreGroups(groups []dataprovider.Group, inputFile string, mode int, exec
|
|||
func RestoreUsers(users []dataprovider.User, inputFile string, mode, scanQuota int, executor, ipAddress string) error {
|
||||
for _, user := range users {
|
||||
user := user // pin
|
||||
u, err := dataprovider.UserExists(user.Username)
|
||||
u, err := dataprovider.UserExists(user.Username, "")
|
||||
if err == nil {
|
||||
if mode == 1 {
|
||||
logger.Debug(logSender, "", "loaddata mode 1, existing user %#v not updated", u.Username)
|
||||
|
@ -454,7 +482,7 @@ func RestoreUsers(users []dataprovider.User, inputFile string, mode, scanQuota i
|
|||
return fmt.Errorf("unable to restore user %#v: %w", user.Username, err)
|
||||
}
|
||||
if scanQuota == 1 || (scanQuota == 2 && user.HasQuotaRestrictions()) {
|
||||
if common.QuotaScans.AddUserQuotaScan(user.Username) {
|
||||
if common.QuotaScans.AddUserQuotaScan(user.Username, user.Role) {
|
||||
logger.Debug(logSender, "", "starting quota scan for restored user: %#v", user.Username)
|
||||
go doUserQuotaScan(user) //nolint:errcheck
|
||||
}
|
||||
|
|
|
@ -27,18 +27,28 @@ import (
|
|||
|
||||
func getMetadataChecks(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
render.JSON(w, r, common.ActiveMetadataChecks.Get())
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
render.JSON(w, r, common.ActiveMetadataChecks.Get(claims.Role))
|
||||
}
|
||||
|
||||
func startMetadataCheck(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
user, err := dataprovider.GetUserWithGroupSettings(getURLParam(r, "username"))
|
||||
user, err := dataprovider.GetUserWithGroupSettings(getURLParam(r, "username"), claims.Role)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
}
|
||||
if !common.ActiveMetadataChecks.Add(user.Username) {
|
||||
if !common.ActiveMetadataChecks.Add(user.Username, user.Role) {
|
||||
sendAPIResponse(w, r, err, fmt.Sprintf("Another check is already in progress for user %#v", user.Username),
|
||||
http.StatusConflict)
|
||||
return
|
||||
|
|
|
@ -152,7 +152,7 @@ func getRecoveryCodes(w http.ResponseWriter, r *http.Request) {
|
|||
recoveryCodes := make([]recoveryCode, 0, 12)
|
||||
var accountRecoveryCodes []dataprovider.RecoveryCode
|
||||
if claims.hasUserAudience() {
|
||||
user, err := dataprovider.UserExists(claims.Username)
|
||||
user, err := dataprovider.UserExists(claims.Username, "")
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
|
@ -203,7 +203,7 @@ func generateRecoveryCodes(w http.ResponseWriter, r *http.Request) {
|
|||
accountRecoveryCodes = append(accountRecoveryCodes, dataprovider.RecoveryCode{Secret: kms.NewPlainSecret(code)})
|
||||
}
|
||||
if claims.hasUserAudience() {
|
||||
user, err := dataprovider.UserExists(claims.Username)
|
||||
user, err := dataprovider.UserExists(claims.Username, "")
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
|
@ -242,7 +242,7 @@ func getNewRecoveryCode() string {
|
|||
}
|
||||
|
||||
func saveUserTOTPConfig(username string, r *http.Request, recoveryCodes []dataprovider.RecoveryCode) error {
|
||||
user, err := dataprovider.UserExists(username)
|
||||
user, err := dataprovider.UserExists(username, "")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -44,7 +44,12 @@ type transferQuotaUsage struct {
|
|||
|
||||
func getUsersQuotaScans(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
render.JSON(w, r, common.QuotaScans.GetUsersQuotaScans())
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
render.JSON(w, r, common.QuotaScans.GetUsersQuotaScans(claims.Role))
|
||||
}
|
||||
|
||||
func getFoldersQuotaScans(w http.ResponseWriter, r *http.Request) {
|
||||
|
@ -86,8 +91,13 @@ func startFolderQuotaScan(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
func updateUserTransferQuotaUsage(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
var usage transferQuotaUsage
|
||||
err := render.DecodeJSON(r.Body, &usage)
|
||||
err = render.DecodeJSON(r.Body, &usage)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
||||
return
|
||||
|
@ -102,7 +112,7 @@ func updateUserTransferQuotaUsage(w http.ResponseWriter, r *http.Request) {
|
|||
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
user, err := dataprovider.GetUserWithGroupSettings(getURLParam(r, "username"))
|
||||
user, err := dataprovider.GetUserWithGroupSettings(getURLParam(r, "username"), claims.Role)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
|
@ -122,6 +132,11 @@ func updateUserTransferQuotaUsage(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func doUpdateUserQuotaUsage(w http.ResponseWriter, r *http.Request, username string, usage quotaUsage) {
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if usage.UsedQuotaFiles < 0 || usage.UsedQuotaSize < 0 {
|
||||
sendAPIResponse(w, r, errors.New("invalid used quota parameters, negative values are not allowed"),
|
||||
"", http.StatusBadRequest)
|
||||
|
@ -132,7 +147,7 @@ func doUpdateUserQuotaUsage(w http.ResponseWriter, r *http.Request, username str
|
|||
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
user, err := dataprovider.GetUserWithGroupSettings(username)
|
||||
user, err := dataprovider.GetUserWithGroupSettings(username, claims.Role)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
|
@ -142,7 +157,7 @@ func doUpdateUserQuotaUsage(w http.ResponseWriter, r *http.Request, username str
|
|||
"", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if !common.QuotaScans.AddUserQuotaScan(user.Username) {
|
||||
if !common.QuotaScans.AddUserQuotaScan(user.Username, user.Role) {
|
||||
sendAPIResponse(w, r, err, "A quota scan is in progress for this user", http.StatusConflict)
|
||||
return
|
||||
}
|
||||
|
@ -189,12 +204,17 @@ func doStartUserQuotaScan(w http.ResponseWriter, r *http.Request, username strin
|
|||
sendAPIResponse(w, r, nil, "Quota tracking is disabled!", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
user, err := dataprovider.GetUserWithGroupSettings(username)
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
user, err := dataprovider.GetUserWithGroupSettings(username, claims.Role)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
}
|
||||
if !common.QuotaScans.AddUserQuotaScan(user.Username) {
|
||||
if !common.QuotaScans.AddUserQuotaScan(user.Username, user.Role) {
|
||||
sendAPIResponse(w, r, nil, fmt.Sprintf("Another scan is already in progress for user %#v", username),
|
||||
http.StatusConflict)
|
||||
return
|
||||
|
|
|
@ -26,13 +26,23 @@ import (
|
|||
|
||||
func getRetentionChecks(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
render.JSON(w, r, common.RetentionChecks.Get())
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
render.JSON(w, r, common.RetentionChecks.Get(claims.Role))
|
||||
}
|
||||
|
||||
func startRetentionCheck(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
username := getURLParam(r, "username")
|
||||
user, err := dataprovider.GetUserWithGroupSettings(username)
|
||||
user, err := dataprovider.GetUserWithGroupSettings(username, claims.Role)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
|
@ -48,11 +58,6 @@ func startRetentionCheck(w http.ResponseWriter, r *http.Request) {
|
|||
check.Notifications = getCommaSeparatedQueryParam(r, "notifications")
|
||||
for _, notification := range check.Notifications {
|
||||
if notification == common.RetentionCheckNotificationEmail {
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
admin, err := dataprovider.AdminExists(claims.Username)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
|
|
129
internal/httpd/api_role.go
Normal file
129
internal/httpd/api_role.go
Normal file
|
@ -0,0 +1,129 @@
|
|||
// Copyright (C) 2019-2022 Nicola Murino
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as published
|
||||
// by the Free Software Foundation, version 3.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
package httpd
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
|
||||
"github.com/go-chi/render"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
|
||||
"github.com/drakkan/sftpgo/v2/internal/util"
|
||||
)
|
||||
|
||||
func getRoles(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
limit, offset, order, err := getSearchFilters(w, r)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
roles, err := dataprovider.GetRoles(limit, offset, order, false)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
render.JSON(w, r, roles)
|
||||
}
|
||||
|
||||
func addRole(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
var role dataprovider.Role
|
||||
err = render.DecodeJSON(r.Body, &role)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
err = dataprovider.AddRole(&role, claims.Username, util.GetIPFromRemoteAddress(r.RemoteAddr))
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
}
|
||||
renderRole(w, r, role.Name, http.StatusCreated)
|
||||
}
|
||||
|
||||
func updateRole(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
name := getURLParam(r, "name")
|
||||
role, err := dataprovider.RoleExists(name)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
}
|
||||
roleID := role.ID
|
||||
name = role.Name
|
||||
err = render.DecodeJSON(r.Body, &role)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
role.ID = roleID
|
||||
role.Name = name
|
||||
err = dataprovider.UpdateRole(&role, claims.Username, util.GetIPFromRemoteAddress(r.RemoteAddr))
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
}
|
||||
sendAPIResponse(w, r, nil, "Role updated", http.StatusOK)
|
||||
}
|
||||
|
||||
func renderRole(w http.ResponseWriter, r *http.Request, name string, status int) {
|
||||
role, err := dataprovider.RoleExists(name)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
}
|
||||
if status != http.StatusOK {
|
||||
ctx := context.WithValue(r.Context(), render.StatusCtxKey, status)
|
||||
render.JSON(w, r.WithContext(ctx), role)
|
||||
} else {
|
||||
render.JSON(w, r, role)
|
||||
}
|
||||
}
|
||||
|
||||
func getRoleByName(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
name := getURLParam(r, "name")
|
||||
renderRole(w, r, name, http.StatusOK)
|
||||
}
|
||||
|
||||
func deleteRole(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
name := getURLParam(r, "name")
|
||||
err = dataprovider.DeleteRole(name, claims.Username, util.GetIPFromRemoteAddress(r.RemoteAddr))
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
}
|
||||
sendAPIResponse(w, r, err, "Role deleted", http.StatusOK)
|
||||
}
|
|
@ -79,7 +79,7 @@ func addShare(w http.ResponseWriter, r *http.Request) {
|
|||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
user, err := dataprovider.GetUserWithGroupSettings(claims.Username)
|
||||
user, err := dataprovider.GetUserWithGroupSettings(claims.Username, "")
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "Unable to retrieve your user", getRespStatus(err))
|
||||
return
|
||||
|
@ -461,7 +461,7 @@ func (s *httpdServer) checkPublicShare(w http.ResponseWriter, r *http.Request, v
|
|||
}
|
||||
|
||||
func getUserForShare(share dataprovider.Share) (dataprovider.User, error) {
|
||||
user, err := dataprovider.GetUserWithGroupSettings(share.Username)
|
||||
user, err := dataprovider.GetUserWithGroupSettings(share.Username, "")
|
||||
if err != nil {
|
||||
return user, err
|
||||
}
|
||||
|
|
|
@ -38,8 +38,13 @@ func getUsers(w http.ResponseWriter, r *http.Request) {
|
|||
if err != nil {
|
||||
return
|
||||
}
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
users, err := dataprovider.GetUsers(limit, offset, order)
|
||||
users, err := dataprovider.GetUsers(limit, offset, order, claims.Role)
|
||||
if err == nil {
|
||||
render.JSON(w, r, users)
|
||||
} else {
|
||||
|
@ -49,12 +54,17 @@ func getUsers(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
func getUserByUsername(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
username := getURLParam(r, "username")
|
||||
renderUser(w, r, username, http.StatusOK)
|
||||
renderUser(w, r, username, claims.Role, http.StatusOK)
|
||||
}
|
||||
|
||||
func renderUser(w http.ResponseWriter, r *http.Request, username string, status int) {
|
||||
user, err := dataprovider.UserExists(username)
|
||||
func renderUser(w http.ResponseWriter, r *http.Request, username, role string, status int) {
|
||||
user, err := dataprovider.UserExists(username, role)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
|
@ -90,12 +100,19 @@ func addUser(w http.ResponseWriter, r *http.Request) {
|
|||
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if claims.Role != "" {
|
||||
user.Role = claims.Role
|
||||
}
|
||||
user.Filters.RecoveryCodes = nil
|
||||
user.Filters.TOTPConfig = dataprovider.UserTOTPConfig{
|
||||
Enabled: false,
|
||||
}
|
||||
err = dataprovider.AddUser(&user, claims.Username, util.GetIPFromRemoteAddress(r.RemoteAddr))
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
}
|
||||
renderUser(w, r, user.Username, http.StatusCreated)
|
||||
renderUser(w, r, user.Username, claims.Role, http.StatusCreated)
|
||||
}
|
||||
|
||||
func disableUser2FA(w http.ResponseWriter, r *http.Request) {
|
||||
|
@ -106,7 +123,7 @@ func disableUser2FA(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
username := getURLParam(r, "username")
|
||||
user, err := dataprovider.UserExists(username)
|
||||
user, err := dataprovider.UserExists(username, claims.Role)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
|
@ -140,7 +157,7 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
}
|
||||
user, err := dataprovider.UserExists(username)
|
||||
user, err := dataprovider.UserExists(username, claims.Role)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
|
@ -188,6 +205,9 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
|
|||
updateEncryptedSecrets(&user.FsConfig, currentS3AccessSecret, currentAzAccountKey, currentAzSASUrl,
|
||||
currentGCSCredentials, currentCryptoPassphrase, currentSFTPPassword, currentSFTPKey, currentSFTPKeyPassphrase,
|
||||
currentHTTPPassword, currentHTTPAPIKey)
|
||||
if claims.Role != "" {
|
||||
user.Role = claims.Role
|
||||
}
|
||||
err = dataprovider.UpdateUser(&user, claims.Username, util.GetIPFromRemoteAddress(r.RemoteAddr))
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
|
@ -207,7 +227,7 @@ func deleteUser(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
username := getURLParam(r, "username")
|
||||
err = dataprovider.DeleteUser(username, claims.Username, util.GetIPFromRemoteAddress(r.RemoteAddr))
|
||||
err = dataprovider.DeleteUser(username, claims.Username, util.GetIPFromRemoteAddress(r.RemoteAddr), claims.Role)
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
||||
return
|
||||
|
@ -251,9 +271,9 @@ func resetUserPassword(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func disconnectUser(username string) {
|
||||
for _, stat := range common.Connections.GetStats() {
|
||||
for _, stat := range common.Connections.GetStats("") {
|
||||
if stat.Username == username {
|
||||
common.Connections.Close(stat.ConnectionID)
|
||||
common.Connections.Close(stat.ConnectionID, "")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -160,9 +160,9 @@ func getActiveConnections(w http.ResponseWriter, r *http.Request) {
|
|||
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
stats := common.Connections.GetStats()
|
||||
stats := common.Connections.GetStats(claims.Role)
|
||||
if claims.NodeID == "" {
|
||||
stats = append(stats, getNodesConnections(claims.Username)...)
|
||||
stats = append(stats, getNodesConnections(claims.Username, claims.Role)...)
|
||||
}
|
||||
render.JSON(w, r, stats)
|
||||
}
|
||||
|
@ -181,7 +181,7 @@ func handleCloseConnection(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
node := r.URL.Query().Get("node")
|
||||
if node == "" || node == dataprovider.GetNodeName() {
|
||||
if common.Connections.Close(connectionID) {
|
||||
if common.Connections.Close(connectionID, claims.Role) {
|
||||
sendAPIResponse(w, r, nil, "Connection closed", http.StatusOK)
|
||||
} else {
|
||||
sendAPIResponse(w, r, nil, "Not Found", http.StatusNotFound)
|
||||
|
@ -195,7 +195,7 @@ func handleCloseConnection(w http.ResponseWriter, r *http.Request) {
|
|||
sendAPIResponse(w, r, nil, http.StatusText(status), status)
|
||||
return
|
||||
}
|
||||
if err := n.SendDeleteRequest(claims.Username, fmt.Sprintf("%s/%s", activeConnectionsPath, connectionID)); err != nil {
|
||||
if err := n.SendDeleteRequest(claims.Username, claims.Role, fmt.Sprintf("%s/%s", activeConnectionsPath, connectionID)); err != nil {
|
||||
logger.Warn(logSender, "", "unable to delete connection id %q from node %q: %v", connectionID, n.Name, err)
|
||||
sendAPIResponse(w, r, nil, "Not Found", http.StatusNotFound)
|
||||
return
|
||||
|
@ -205,7 +205,7 @@ func handleCloseConnection(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
// getNodesConnections returns the active connections from other nodes.
|
||||
// Errors are silently ignored
|
||||
func getNodesConnections(admin string) []common.ConnectionStatus {
|
||||
func getNodesConnections(admin, role string) []common.ConnectionStatus {
|
||||
nodes, err := dataprovider.GetNodes()
|
||||
if err != nil || len(nodes) == 0 {
|
||||
return nil
|
||||
|
@ -221,7 +221,7 @@ func getNodesConnections(admin string) []common.ConnectionStatus {
|
|||
defer wg.Done()
|
||||
|
||||
var stats []common.ConnectionStatus
|
||||
if err := node.SendGetRequest(admin, activeConnectionsPath, &stats); err != nil {
|
||||
if err := node.SendGetRequest(admin, role, activeConnectionsPath, &stats); err != nil {
|
||||
logger.Warn(logSender, "", "unable to get connections from node %s: %v", node.Name, err)
|
||||
return
|
||||
}
|
||||
|
@ -647,7 +647,7 @@ func handleForgotPassword(r *http.Request, username string, isAdmin bool) error
|
|||
email = admin.Email
|
||||
subject = fmt.Sprintf("Email Verification Code for admin %#v", username)
|
||||
} else {
|
||||
user, err = dataprovider.GetUserWithGroupSettings(username)
|
||||
user, err = dataprovider.GetUserWithGroupSettings(username, "")
|
||||
email = user.Email
|
||||
subject = fmt.Sprintf("Email Verification Code for user %#v", username)
|
||||
if err == nil {
|
||||
|
@ -719,7 +719,7 @@ func handleResetPassword(r *http.Request, code, newPassword string, isAdmin bool
|
|||
err = resetCodesMgr.Delete(code)
|
||||
return &admin, &user, err
|
||||
}
|
||||
user, err = dataprovider.GetUserWithGroupSettings(resetCode.Username)
|
||||
user, err = dataprovider.GetUserWithGroupSettings(resetCode.Username, "")
|
||||
if err != nil {
|
||||
return &admin, &user, util.NewValidationError("Unable to associate the confirmation code with an existing user")
|
||||
}
|
||||
|
|
|
@ -21,7 +21,7 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/go-chi/jwtauth/v5"
|
||||
"github.com/lestrrat-go/jwx/jwt"
|
||||
"github.com/lestrrat-go/jwx/v2/jwt"
|
||||
"github.com/rs/xid"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
|
||||
|
@ -51,6 +51,7 @@ const (
|
|||
const (
|
||||
claimUsernameKey = "username"
|
||||
claimPermissionsKey = "permissions"
|
||||
claimRole = "role"
|
||||
claimAPIKey = "api_key"
|
||||
claimNodeID = "node_id"
|
||||
claimMustSetSecondFactorKey = "2fa_required"
|
||||
|
@ -72,6 +73,7 @@ var (
|
|||
type jwtTokenClaims struct {
|
||||
Username string
|
||||
Permissions []string
|
||||
Role string
|
||||
Signature string
|
||||
Audience []string
|
||||
APIKeyID string
|
||||
|
@ -96,6 +98,9 @@ func (c *jwtTokenClaims) asMap() map[string]any {
|
|||
|
||||
claims[claimUsernameKey] = c.Username
|
||||
claims[claimPermissionsKey] = c.Permissions
|
||||
if c.Role != "" {
|
||||
claims[claimRole] = c.Role
|
||||
}
|
||||
if c.APIKeyID != "" {
|
||||
claims[claimAPIKey] = c.APIKeyID
|
||||
}
|
||||
|
@ -169,6 +174,13 @@ func (c *jwtTokenClaims) Decode(token map[string]any) {
|
|||
}
|
||||
}
|
||||
|
||||
if val, ok := token[claimRole]; ok {
|
||||
switch v := val.(type) {
|
||||
case string:
|
||||
c.Role = v
|
||||
}
|
||||
}
|
||||
|
||||
permissions := token[claimPermissionsKey]
|
||||
c.Permissions = c.decodeSliceString(permissions)
|
||||
|
||||
|
@ -350,6 +362,7 @@ func getAdminFromToken(r *http.Request) *dataprovider.Admin {
|
|||
admin.Username = tokenClaims.Username
|
||||
admin.Permissions = tokenClaims.Permissions
|
||||
admin.Filters.Preferences.HideUserPageSections = tokenClaims.HideUserPageSections
|
||||
admin.Role = tokenClaims.Role
|
||||
return admin
|
||||
}
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ import (
|
|||
|
||||
"github.com/go-chi/chi/v5"
|
||||
"github.com/go-chi/jwtauth/v5"
|
||||
"github.com/lestrrat-go/jwx/jwa"
|
||||
"github.com/lestrrat-go/jwx/v2/jwa"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/internal/common"
|
||||
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
|
||||
|
@ -91,6 +91,7 @@ const (
|
|||
sharesPath = "/api/v2/shares"
|
||||
eventActionsPath = "/api/v2/eventactions"
|
||||
eventRulesPath = "/api/v2/eventrules"
|
||||
rolesPath = "/api/v2/roles"
|
||||
healthzPath = "/healthz"
|
||||
robotsTxtPath = "/robots.txt"
|
||||
webRootPathDefault = "/"
|
||||
|
@ -128,6 +129,8 @@ const (
|
|||
webAdminEventRulePathDefault = "/web/admin/eventrule"
|
||||
webAdminEventActionsPathDefault = "/web/admin/eventactions"
|
||||
webAdminEventActionPathDefault = "/web/admin/eventaction"
|
||||
webAdminRolesPathDefault = "/web/admin/roles"
|
||||
webAdminRolePathDefault = "/web/admin/role"
|
||||
webAdminTOTPGeneratePathDefault = "/web/admin/totp/generate"
|
||||
webAdminTOTPValidatePathDefault = "/web/admin/totp/validate"
|
||||
webAdminTOTPSavePathDefault = "/web/admin/totp/save"
|
||||
|
@ -211,6 +214,8 @@ var (
|
|||
webAdminEventRulePath string
|
||||
webAdminEventActionsPath string
|
||||
webAdminEventActionPath string
|
||||
webAdminRolesPath string
|
||||
webAdminRolePath string
|
||||
webAdminTOTPGeneratePath string
|
||||
webAdminTOTPValidatePath string
|
||||
webAdminTOTPSavePath string
|
||||
|
@ -1010,6 +1015,8 @@ func updateWebAdminURLs(baseURL string) {
|
|||
webAdminEventRulePath = path.Join(baseURL, webAdminEventRulePathDefault)
|
||||
webAdminEventActionsPath = path.Join(baseURL, webAdminEventActionsPathDefault)
|
||||
webAdminEventActionPath = path.Join(baseURL, webAdminEventActionPathDefault)
|
||||
webAdminRolesPath = path.Join(baseURL, webAdminRolesPathDefault)
|
||||
webAdminRolePath = path.Join(baseURL, webAdminRolePathDefault)
|
||||
webAdminTOTPGeneratePath = path.Join(baseURL, webAdminTOTPGeneratePathDefault)
|
||||
webAdminTOTPValidatePath = path.Join(baseURL, webAdminTOTPValidatePathDefault)
|
||||
webAdminTOTPSavePath = path.Join(baseURL, webAdminTOTPSavePathDefault)
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -40,8 +40,8 @@ import (
|
|||
"github.com/go-chi/chi/v5/middleware"
|
||||
"github.com/go-chi/jwtauth/v5"
|
||||
"github.com/klauspost/compress/zip"
|
||||
"github.com/lestrrat-go/jwx/jwa"
|
||||
"github.com/lestrrat-go/jwx/jwt"
|
||||
"github.com/lestrrat-go/jwx/v2/jwa"
|
||||
"github.com/lestrrat-go/jwx/v2/jwt"
|
||||
"github.com/rs/xid"
|
||||
"github.com/sftpgo/sdk"
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
@ -686,6 +686,86 @@ func TestInvalidToken(t *testing.T) {
|
|||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "Invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
getMetadataChecks(rr, req)
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "Invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
startMetadataCheck(rr, req)
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "Invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
getUsersQuotaScans(rr, req)
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "Invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
updateUserTransferQuotaUsage(rr, req)
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "Invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
doUpdateUserQuotaUsage(rr, req, "", quotaUsage{})
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "Invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
doStartUserQuotaScan(rr, req, "")
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "Invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
getRetentionChecks(rr, req)
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "Invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
addRole(rr, req)
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "Invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
updateRole(rr, req)
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "Invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
deleteRole(rr, req)
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "Invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
getUsers(rr, req)
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "Invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
getUserByUsername(rr, req)
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "Invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
server.handleGetWebUsers(rr, req)
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
server.handleWebUpdateUserGet(rr, req)
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
server.handleWebUpdateRolePost(rr, req)
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
server.handleWebAddRolePost(rr, req)
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "invalid token claims")
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
server.handleWebAddAdminPost(rr, req)
|
||||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
|
@ -806,7 +886,7 @@ func TestRetentionInvalidTokenClaims(t *testing.T) {
|
|||
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
assert.Contains(t, rr.Body.String(), "Invalid token claims")
|
||||
|
||||
err = dataprovider.DeleteUser(username, "", "")
|
||||
err = dataprovider.DeleteUser(username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
|
@ -1030,6 +1110,13 @@ func TestCreateTokenError(t *testing.T) {
|
|||
assert.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
|
||||
assert.Contains(t, rr.Body.String(), "invalid URL escape")
|
||||
|
||||
req, _ = http.NewRequest(http.MethodPost, webAdminRolePath+"?a=a%C3%AO%JE", bytes.NewBuffer([]byte(form.Encode())))
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
rr = httptest.NewRecorder()
|
||||
server.handleWebAddRolePost(rr, req)
|
||||
assert.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
|
||||
assert.Contains(t, rr.Body.String(), "invalid URL escape")
|
||||
|
||||
req, _ = http.NewRequest(http.MethodPost, webClientResetPwdPath+"?a=a%C3%AO%JD", bytes.NewBuffer([]byte(form.Encode())))
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
rr = httptest.NewRecorder()
|
||||
|
@ -1074,7 +1161,7 @@ func TestCreateTokenError(t *testing.T) {
|
|||
err = authenticateUserWithAPIKey(username, "", server.tokenAuth, req)
|
||||
assert.Error(t, err)
|
||||
|
||||
err = dataprovider.DeleteUser(username, "", "")
|
||||
err = dataprovider.DeleteUser(username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.HomeDir)
|
||||
assert.NoError(t, err)
|
||||
|
@ -1341,13 +1428,13 @@ func TestCookieExpiration(t *testing.T) {
|
|||
cookie = rr.Header().Get("Set-Cookie")
|
||||
assert.Empty(t, cookie)
|
||||
|
||||
user, err = dataprovider.UserExists(user.Username)
|
||||
user, err = dataprovider.UserExists(user.Username, "")
|
||||
assert.NoError(t, err)
|
||||
user.Filters.AllowedIP = []string{"172.16.4.0/24"}
|
||||
err = dataprovider.UpdateUser(&user, "", "")
|
||||
assert.NoError(t, err)
|
||||
|
||||
user, err = dataprovider.UserExists(user.Username)
|
||||
user, err = dataprovider.UserExists(user.Username, "")
|
||||
assert.NoError(t, err)
|
||||
claims = make(map[string]any)
|
||||
claims[claimUsernameKey] = user.Username
|
||||
|
@ -1372,7 +1459,7 @@ func TestCookieExpiration(t *testing.T) {
|
|||
cookie = rr.Header().Get("Set-Cookie")
|
||||
assert.NotEmpty(t, cookie)
|
||||
|
||||
err = dataprovider.DeleteUser(user.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
|
@ -1451,7 +1538,7 @@ func TestQuotaScanInvalidFs(t *testing.T) {
|
|||
Provider: sdk.S3FilesystemProvider,
|
||||
},
|
||||
}
|
||||
common.QuotaScans.AddUserQuotaScan(user.Username)
|
||||
common.QuotaScans.AddUserQuotaScan(user.Username, "")
|
||||
err := doUserQuotaScan(user)
|
||||
assert.Error(t, err)
|
||||
}
|
||||
|
@ -2437,21 +2524,28 @@ func TestMetadataAPI(t *testing.T) {
|
|||
err := dataprovider.AddUser(&user, "", "")
|
||||
assert.NoError(t, err)
|
||||
|
||||
assert.True(t, common.ActiveMetadataChecks.Add(username))
|
||||
assert.True(t, common.ActiveMetadataChecks.Add(username, ""))
|
||||
|
||||
tokenAuth := jwtauth.New(jwa.HS256.String(), util.GenerateRandomBytes(32), nil)
|
||||
claims := make(map[string]any)
|
||||
claims["username"] = defaultAdminUsername
|
||||
claims[jwt.ExpirationKey] = time.Now().UTC().Add(1 * time.Hour)
|
||||
token, _, err := tokenAuth.Encode(claims)
|
||||
assert.NoError(t, err)
|
||||
req, err := http.NewRequest(http.MethodPost, path.Join(metadataBasePath, username, "check"), nil)
|
||||
assert.NoError(t, err)
|
||||
rctx := chi.NewRouteContext()
|
||||
rctx.URLParams.Add("username", username)
|
||||
req = req.WithContext(context.WithValue(req.Context(), chi.RouteCtxKey, rctx))
|
||||
req = req.WithContext(context.WithValue(req.Context(), jwtauth.TokenCtxKey, token))
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
startMetadataCheck(rr, req)
|
||||
assert.Equal(t, http.StatusConflict, rr.Code)
|
||||
assert.Equal(t, http.StatusConflict, rr.Code, rr.Body.String())
|
||||
|
||||
assert.True(t, common.ActiveMetadataChecks.Remove(username))
|
||||
assert.Len(t, common.ActiveMetadataChecks.Get(), 0)
|
||||
err = dataprovider.DeleteUser(username, "", "")
|
||||
assert.Len(t, common.ActiveMetadataChecks.Get(""), 0)
|
||||
err = dataprovider.DeleteUser(username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
|
||||
user.FsConfig.Provider = sdk.AzureBlobFilesystemProvider
|
||||
|
|
|
@ -21,7 +21,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/go-chi/jwtauth/v5"
|
||||
"github.com/lestrrat-go/jwx/jwt"
|
||||
"github.com/lestrrat-go/jwx/v2/jwt"
|
||||
"github.com/rs/xid"
|
||||
"github.com/sftpgo/sdk"
|
||||
|
||||
|
@ -320,7 +320,7 @@ func checkNodeToken(tokenAuth *jwtauth.JWTAuth) func(next http.Handler) http.Han
|
|||
if len(token) > 7 && strings.ToUpper(token[0:6]) == "BEARER" {
|
||||
token = token[7:]
|
||||
}
|
||||
admin, err := dataprovider.AuthenticateNodeToken(token)
|
||||
admin, role, err := dataprovider.AuthenticateNodeToken(token)
|
||||
if err != nil {
|
||||
logger.Debug(logSender, "", "unable to authenticate node token %q: %v", token, err)
|
||||
sendAPIResponse(w, r, fmt.Errorf("the provided token cannot be authenticated"), "", http.StatusUnauthorized)
|
||||
|
@ -330,6 +330,7 @@ func checkNodeToken(tokenAuth *jwtauth.JWTAuth) func(next http.Handler) http.Han
|
|||
Username: admin,
|
||||
Permissions: []string{dataprovider.PermAdminViewConnections, dataprovider.PermAdminCloseConnections},
|
||||
NodeID: dataprovider.GetNodeName(),
|
||||
Role: role,
|
||||
}
|
||||
resp, err := c.createTokenResponse(tokenAuth, tokenAudienceAPI, util.GetIPFromRemoteAddress(r.RemoteAddr))
|
||||
if err != nil {
|
||||
|
@ -468,7 +469,7 @@ func authenticateUserWithAPIKey(username, keyID string, tokenAuth *jwtauth.JWTAu
|
|||
if err := common.Config.ExecutePostConnectHook(ipAddr, protocol); err != nil {
|
||||
return err
|
||||
}
|
||||
user, err := dataprovider.GetUserWithGroupSettings(username)
|
||||
user, err := dataprovider.GetUserWithGroupSettings(username, "")
|
||||
if err != nil {
|
||||
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: username}},
|
||||
dataprovider.LoginMethodPassword, ipAddr, err)
|
||||
|
|
|
@ -205,6 +205,7 @@ type oidcToken struct {
|
|||
Username string `json:"username"`
|
||||
Permissions []string `json:"permissions"`
|
||||
HideUserPageSections int `json:"hide_user_page_sections,omitempty"`
|
||||
AdminRole string `json:"admin_role,omitempty"`
|
||||
Role any `json:"role"`
|
||||
CustomFields *map[string]any `json:"custom_fields,omitempty"`
|
||||
Cookie string `json:"cookie"`
|
||||
|
@ -389,10 +390,11 @@ func (t *oidcToken) refreshUser(r *http.Request) error {
|
|||
return err
|
||||
}
|
||||
t.Permissions = admin.Permissions
|
||||
t.AdminRole = admin.Role
|
||||
t.HideUserPageSections = admin.Filters.Preferences.HideUserPageSections
|
||||
return nil
|
||||
}
|
||||
user, err := dataprovider.GetUserWithGroupSettings(t.Username)
|
||||
user, err := dataprovider.GetUserWithGroupSettings(t.Username, "")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -416,6 +418,7 @@ func (t *oidcToken) getUser(r *http.Request) error {
|
|||
return err
|
||||
}
|
||||
t.Permissions = admin.Permissions
|
||||
t.AdminRole = admin.Role
|
||||
t.HideUserPageSections = admin.Filters.Preferences.HideUserPageSections
|
||||
dataprovider.UpdateAdminLastLogin(&admin)
|
||||
return nil
|
||||
|
@ -515,6 +518,7 @@ func (s *httpdServer) oidcTokenAuthenticator(audience tokenAudience) func(next h
|
|||
jwtTokenClaims := jwtTokenClaims{
|
||||
Username: token.Username,
|
||||
Permissions: token.Permissions,
|
||||
Role: token.AdminRole,
|
||||
HideUserPageSections: token.HideUserPageSections,
|
||||
}
|
||||
_, tokenString, err := jwtTokenClaims.createToken(s.tokenAuth, audience, util.GetIPFromRemoteAddress(r.RemoteAddr))
|
||||
|
|
|
@ -32,7 +32,7 @@ import (
|
|||
|
||||
"github.com/coreos/go-oidc/v3/oidc"
|
||||
"github.com/go-chi/jwtauth/v5"
|
||||
"github.com/lestrrat-go/jwx/jwa"
|
||||
"github.com/lestrrat-go/jwx/v2/jwa"
|
||||
"github.com/rs/xid"
|
||||
"github.com/sftpgo/sdk"
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
@ -521,7 +521,7 @@ func TestOIDCLoginLogout(t *testing.T) {
|
|||
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
err = dataprovider.DeleteUser(username, "", "")
|
||||
err = dataprovider.DeleteUser(username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
|
@ -706,7 +706,7 @@ func TestOIDCRefreshUser(t *testing.T) {
|
|||
if assert.Error(t, err) {
|
||||
assert.Contains(t, err.Error(), "is disabled")
|
||||
}
|
||||
user, err = dataprovider.UserExists(username)
|
||||
user, err = dataprovider.UserExists(username, "")
|
||||
assert.NoError(t, err)
|
||||
user.Status = 1
|
||||
err = dataprovider.UpdateUser(&user, "", "")
|
||||
|
@ -723,7 +723,7 @@ func TestOIDCRefreshUser(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
assert.Equal(t, user.Filters.WebClient, token.Permissions)
|
||||
|
||||
err = dataprovider.DeleteUser(username, "", "")
|
||||
err = dataprovider.DeleteUser(username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
|
@ -877,7 +877,7 @@ func TestOIDCToken(t *testing.T) {
|
|||
if assert.Error(t, err) {
|
||||
assert.Contains(t, err.Error(), "is disabled")
|
||||
}
|
||||
user, err = dataprovider.UserExists(username)
|
||||
user, err = dataprovider.UserExists(username, "")
|
||||
assert.NoError(t, err)
|
||||
user.Status = 1
|
||||
user.Password = "np"
|
||||
|
@ -916,7 +916,7 @@ func TestOIDCToken(t *testing.T) {
|
|||
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
err = dataprovider.DeleteUser(username, "", "")
|
||||
err = dataprovider.DeleteUser(username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
|
@ -1039,7 +1039,7 @@ func TestOIDCImplicitRoles(t *testing.T) {
|
|||
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
err = dataprovider.DeleteUser(username, "", "")
|
||||
err = dataprovider.DeleteUser(username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
|
@ -1164,7 +1164,7 @@ func TestOIDCPreLoginHook(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
server.initializeRouter()
|
||||
|
||||
_, err = dataprovider.UserExists(username)
|
||||
_, err = dataprovider.UserExists(username, "")
|
||||
_, ok = err.(*util.RecordNotFoundError)
|
||||
assert.True(t, ok)
|
||||
// now login with OIDC
|
||||
|
@ -1197,10 +1197,10 @@ func TestOIDCPreLoginHook(t *testing.T) {
|
|||
server.router.ServeHTTP(rr, r)
|
||||
assert.Equal(t, http.StatusFound, rr.Code)
|
||||
assert.Equal(t, webClientFilesPath, rr.Header().Get("Location"))
|
||||
_, err = dataprovider.UserExists(username)
|
||||
_, err = dataprovider.UserExists(username, "")
|
||||
assert.NoError(t, err)
|
||||
|
||||
err = dataprovider.DeleteUser(username, "", "")
|
||||
err = dataprovider.DeleteUser(username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(u.HomeDir)
|
||||
assert.NoError(t, err)
|
||||
|
@ -1225,7 +1225,7 @@ func TestOIDCPreLoginHook(t *testing.T) {
|
|||
server.router.ServeHTTP(rr, r)
|
||||
assert.Equal(t, http.StatusFound, rr.Code)
|
||||
assert.Equal(t, webClientLoginPath, rr.Header().Get("Location"))
|
||||
_, err = dataprovider.UserExists(username)
|
||||
_, err = dataprovider.UserExists(username, "")
|
||||
_, ok = err.(*util.RecordNotFoundError)
|
||||
assert.True(t, ok)
|
||||
if assert.Len(t, oidcMgr.tokens, 1) {
|
||||
|
|
|
@ -31,7 +31,7 @@ import (
|
|||
"github.com/go-chi/chi/v5/middleware"
|
||||
"github.com/go-chi/jwtauth/v5"
|
||||
"github.com/go-chi/render"
|
||||
"github.com/lestrrat-go/jwx/jwa"
|
||||
"github.com/lestrrat-go/jwx/v2/jwa"
|
||||
"github.com/rs/cors"
|
||||
"github.com/rs/xid"
|
||||
"github.com/sftpgo/sdk"
|
||||
|
@ -329,7 +329,7 @@ func (s *httpdServer) handleWebClientTwoFactorRecoveryPost(w http.ResponseWriter
|
|||
s.renderClientTwoFactorRecoveryPage(w, err.Error(), ipAddr)
|
||||
return
|
||||
}
|
||||
user, userMerged, err := dataprovider.GetUserVariants(username)
|
||||
user, userMerged, err := dataprovider.GetUserVariants(username, "")
|
||||
if err != nil {
|
||||
s.renderClientTwoFactorRecoveryPage(w, "Invalid credentials", ipAddr)
|
||||
return
|
||||
|
@ -386,7 +386,7 @@ func (s *httpdServer) handleWebClientTwoFactorPost(w http.ResponseWriter, r *htt
|
|||
s.renderClientTwoFactorPage(w, err.Error(), ipAddr)
|
||||
return
|
||||
}
|
||||
user, err := dataprovider.GetUserWithGroupSettings(username)
|
||||
user, err := dataprovider.GetUserWithGroupSettings(username, "")
|
||||
if err != nil {
|
||||
s.renderClientTwoFactorPage(w, "Invalid credentials", ipAddr)
|
||||
return
|
||||
|
@ -719,6 +719,7 @@ func (s *httpdServer) loginAdmin(
|
|||
c := jwtTokenClaims{
|
||||
Username: admin.Username,
|
||||
Permissions: admin.Permissions,
|
||||
Role: admin.Role,
|
||||
Signature: admin.GetSignature(),
|
||||
HideUserPageSections: admin.Filters.Preferences.HideUserPageSections,
|
||||
}
|
||||
|
@ -901,6 +902,7 @@ func (s *httpdServer) generateAndSendToken(w http.ResponseWriter, r *http.Reques
|
|||
c := jwtTokenClaims{
|
||||
Username: admin.Username,
|
||||
Permissions: admin.Permissions,
|
||||
Role: admin.Role,
|
||||
Signature: admin.GetSignature(),
|
||||
}
|
||||
|
||||
|
@ -939,7 +941,7 @@ func (s *httpdServer) checkCookieExpiration(w http.ResponseWriter, r *http.Reque
|
|||
}
|
||||
|
||||
func (s *httpdServer) refreshClientToken(w http.ResponseWriter, r *http.Request, tokenClaims jwtTokenClaims) {
|
||||
user, err := dataprovider.GetUserWithGroupSettings(tokenClaims.Username)
|
||||
user, err := dataprovider.GetUserWithGroupSettings(tokenClaims.Username, "")
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
@ -976,6 +978,7 @@ func (s *httpdServer) refreshAdminToken(w http.ResponseWriter, r *http.Request,
|
|||
return
|
||||
}
|
||||
tokenClaims.Permissions = admin.Permissions
|
||||
tokenClaims.Role = admin.Role
|
||||
tokenClaims.HideUserPageSections = admin.Filters.Preferences.HideUserPageSections
|
||||
logger.Debug(logSender, "", "cookie refreshed for admin %#v", admin.Username)
|
||||
tokenClaims.createAndSetCookie(w, r, s.tokenAuth, tokenAudienceWebAdmin, ipAddr) //nolint:errcheck
|
||||
|
@ -1294,6 +1297,11 @@ func (s *httpdServer) initializeRouter() {
|
|||
router.With(s.checkPerm(dataprovider.PermAdminManageEventRules)).Post(eventRulesPath, addEventRule)
|
||||
router.With(s.checkPerm(dataprovider.PermAdminManageEventRules)).Put(eventRulesPath+"/{name}", updateEventRule)
|
||||
router.With(s.checkPerm(dataprovider.PermAdminManageEventRules)).Delete(eventRulesPath+"/{name}", deleteEventRule)
|
||||
router.With(s.checkPerm(dataprovider.PermAdminManageRoles)).Get(rolesPath, getRoles)
|
||||
router.With(s.checkPerm(dataprovider.PermAdminManageRoles)).Get(rolesPath+"/{name}", getRoleByName)
|
||||
router.With(s.checkPerm(dataprovider.PermAdminManageRoles)).Post(rolesPath, addRole)
|
||||
router.With(s.checkPerm(dataprovider.PermAdminManageRoles)).Put(rolesPath+"/{name}", updateRole)
|
||||
router.With(s.checkPerm(dataprovider.PermAdminManageRoles)).Delete(rolesPath+"/{name}", deleteRole)
|
||||
})
|
||||
|
||||
s.router.Get(userTokenPath, s.getUserToken)
|
||||
|
@ -1640,6 +1648,17 @@ func (s *httpdServer) setupWebAdminRoutes() {
|
|||
s.handleWebUpdateEventRulePost)
|
||||
router.With(s.checkPerm(dataprovider.PermAdminManageEventRules), verifyCSRFHeader).
|
||||
Delete(webAdminEventRulePath+"/{name}", deleteEventRule)
|
||||
router.With(s.checkPerm(dataprovider.PermAdminManageRoles), s.refreshCookie).
|
||||
Get(webAdminRolesPath, s.handleWebGetRoles)
|
||||
router.With(s.checkPerm(dataprovider.PermAdminManageRoles), s.refreshCookie).
|
||||
Get(webAdminRolePath, s.handleWebAddRoleGet)
|
||||
router.With(s.checkPerm(dataprovider.PermAdminManageRoles)).Post(webAdminRolePath, s.handleWebAddRolePost)
|
||||
router.With(s.checkPerm(dataprovider.PermAdminManageRoles), s.refreshCookie).
|
||||
Get(webAdminRolePath+"/{name}", s.handleWebUpdateRoleGet)
|
||||
router.With(s.checkPerm(dataprovider.PermAdminManageRoles)).Post(webAdminRolePath+"/{name}",
|
||||
s.handleWebUpdateRolePost)
|
||||
router.With(s.checkPerm(dataprovider.PermAdminManageRoles), verifyCSRFHeader).
|
||||
Delete(webAdminRolePath+"/{name}", deleteRole)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
@ -84,6 +84,8 @@ const (
|
|||
templateEventRule = "eventrule.html"
|
||||
templateEventActions = "eventactions.html"
|
||||
templateEventAction = "eventaction.html"
|
||||
templateRoles = "roles.html"
|
||||
templateRole = "role.html"
|
||||
templateMessage = "message.html"
|
||||
templateStatus = "status.html"
|
||||
templateLogin = "login.html"
|
||||
|
@ -101,6 +103,7 @@ const (
|
|||
pageGroupsTitle = "Groups"
|
||||
pageEventRulesTitle = "Event rules"
|
||||
pageEventActionsTitle = "Event actions"
|
||||
pageRolesTitle = "Roles"
|
||||
pageProfileTitle = "My profile"
|
||||
pageChangePwdTitle = "Change password"
|
||||
pageMaintenanceTitle = "Maintenance"
|
||||
|
@ -140,6 +143,8 @@ type basePage struct {
|
|||
EventRuleURL string
|
||||
EventActionsURL string
|
||||
EventActionURL string
|
||||
RolesURL string
|
||||
RoleURL string
|
||||
FolderQuotaScanURL string
|
||||
StatusURL string
|
||||
MaintenanceURL string
|
||||
|
@ -151,6 +156,7 @@ type basePage struct {
|
|||
GroupsTitle string
|
||||
EventRulesTitle string
|
||||
EventActionsTitle string
|
||||
RolesTitle string
|
||||
StatusTitle string
|
||||
MaintenanceTitle string
|
||||
DefenderTitle string
|
||||
|
@ -183,6 +189,11 @@ type groupsPage struct {
|
|||
Groups []dataprovider.Group
|
||||
}
|
||||
|
||||
type rolesPage struct {
|
||||
basePage
|
||||
Roles []dataprovider.Role
|
||||
}
|
||||
|
||||
type eventRulesPage struct {
|
||||
basePage
|
||||
Rules []dataprovider.EventRule
|
||||
|
@ -226,6 +237,7 @@ type userPage struct {
|
|||
Mode userPageMode
|
||||
VirtualFolders []vfs.BaseVirtualFolder
|
||||
Groups []dataprovider.Group
|
||||
Roles []dataprovider.Role
|
||||
CanImpersonate bool
|
||||
FsWrapper fsWrapper
|
||||
}
|
||||
|
@ -234,6 +246,7 @@ type adminPage struct {
|
|||
basePage
|
||||
Admin *dataprovider.Admin
|
||||
Groups []dataprovider.Group
|
||||
Roles []dataprovider.Role
|
||||
Error string
|
||||
IsAdd bool
|
||||
}
|
||||
|
@ -304,6 +317,13 @@ type groupPage struct {
|
|||
FsWrapper fsWrapper
|
||||
}
|
||||
|
||||
type rolePage struct {
|
||||
basePage
|
||||
Role *dataprovider.Role
|
||||
Error string
|
||||
Mode genericPageMode
|
||||
}
|
||||
|
||||
type eventActionPage struct {
|
||||
basePage
|
||||
Action dataprovider.BaseEventAction
|
||||
|
@ -475,6 +495,16 @@ func loadAdminTemplates(templatesPath string) {
|
|||
filepath.Join(templatesPath, templateCommonDir, templateCommonCSS),
|
||||
filepath.Join(templatesPath, templateCommonDir, templateResetPassword),
|
||||
}
|
||||
rolesPaths := []string{
|
||||
filepath.Join(templatesPath, templateCommonDir, templateCommonCSS),
|
||||
filepath.Join(templatesPath, templateAdminDir, templateBase),
|
||||
filepath.Join(templatesPath, templateAdminDir, templateRoles),
|
||||
}
|
||||
rolePaths := []string{
|
||||
filepath.Join(templatesPath, templateCommonDir, templateCommonCSS),
|
||||
filepath.Join(templatesPath, templateAdminDir, templateBase),
|
||||
filepath.Join(templatesPath, templateAdminDir, templateRole),
|
||||
}
|
||||
|
||||
fsBaseTpl := template.New("fsBaseTemplate").Funcs(template.FuncMap{
|
||||
"ListFSProviders": func() []sdk.FilesystemProvider {
|
||||
|
@ -511,6 +541,8 @@ func loadAdminTemplates(templatesPath string) {
|
|||
setupTmpl := util.LoadTemplate(nil, setupPaths...)
|
||||
forgotPwdTmpl := util.LoadTemplate(nil, forgotPwdPaths...)
|
||||
resetPwdTmpl := util.LoadTemplate(nil, resetPwdPaths...)
|
||||
rolesTmpl := util.LoadTemplate(nil, rolesPaths...)
|
||||
roleTmpl := util.LoadTemplate(nil, rolePaths...)
|
||||
|
||||
adminTemplates[templateUsers] = usersTmpl
|
||||
adminTemplates[templateUser] = userTmpl
|
||||
|
@ -538,6 +570,8 @@ func loadAdminTemplates(templatesPath string) {
|
|||
adminTemplates[templateSetup] = setupTmpl
|
||||
adminTemplates[templateForgotPassword] = forgotPwdTmpl
|
||||
adminTemplates[templateResetPassword] = resetPwdTmpl
|
||||
adminTemplates[templateRoles] = rolesTmpl
|
||||
adminTemplates[templateRole] = roleTmpl
|
||||
}
|
||||
|
||||
func isEventManagerResource(currentURL string) bool {
|
||||
|
@ -583,6 +617,8 @@ func (s *httpdServer) getBasePageData(title, currentURL string, r *http.Request)
|
|||
EventRuleURL: webAdminEventRulePath,
|
||||
EventActionsURL: webAdminEventActionsPath,
|
||||
EventActionURL: webAdminEventActionPath,
|
||||
RolesURL: webAdminRolesPath,
|
||||
RoleURL: webAdminRolePath,
|
||||
QuotaScanURL: webQuotaScanPath,
|
||||
ConnectionsURL: webConnectionsPath,
|
||||
StatusURL: webStatusPath,
|
||||
|
@ -596,6 +632,7 @@ func (s *httpdServer) getBasePageData(title, currentURL string, r *http.Request)
|
|||
GroupsTitle: pageGroupsTitle,
|
||||
EventRulesTitle: pageEventRulesTitle,
|
||||
EventActionsTitle: pageEventActionsTitle,
|
||||
RolesTitle: pageRolesTitle,
|
||||
StatusTitle: pageStatusTitle,
|
||||
MaintenanceTitle: pageMaintenanceTitle,
|
||||
DefenderTitle: pageDefenderTitle,
|
||||
|
@ -774,6 +811,10 @@ func (s *httpdServer) renderAddUpdateAdminPage(w http.ResponseWriter, r *http.Re
|
|||
if err != nil {
|
||||
return
|
||||
}
|
||||
roles, err := s.getWebRoles(w, r, 10, true)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
currentURL := webAdminPath
|
||||
title := "Add a new admin"
|
||||
if !isAdd {
|
||||
|
@ -784,6 +825,7 @@ func (s *httpdServer) renderAddUpdateAdminPage(w http.ResponseWriter, r *http.Re
|
|||
basePage: s.getBasePageData(title, currentURL, r),
|
||||
Admin: admin,
|
||||
Groups: groups,
|
||||
Roles: roles,
|
||||
Error: error,
|
||||
IsAdd: isAdd,
|
||||
}
|
||||
|
@ -791,18 +833,7 @@ func (s *httpdServer) renderAddUpdateAdminPage(w http.ResponseWriter, r *http.Re
|
|||
renderAdminTemplate(w, templateAdmin, data)
|
||||
}
|
||||
|
||||
func (s *httpdServer) renderUserPage(w http.ResponseWriter, r *http.Request, user *dataprovider.User,
|
||||
mode userPageMode, error string, admin *dataprovider.Admin,
|
||||
) {
|
||||
folders, err := s.getWebVirtualFolders(w, r, defaultQueryLimit, true)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
groups, err := s.getWebGroups(w, r, defaultQueryLimit, true)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
user.SetEmptySecretsIfNil()
|
||||
func (s *httpdServer) getUserPageTitleAndURL(mode userPageMode, username string) (string, string) {
|
||||
var title, currentURL string
|
||||
switch mode {
|
||||
case userPageModeAdd:
|
||||
|
@ -810,11 +841,19 @@ func (s *httpdServer) renderUserPage(w http.ResponseWriter, r *http.Request, use
|
|||
currentURL = webUserPath
|
||||
case userPageModeUpdate:
|
||||
title = "Update user"
|
||||
currentURL = fmt.Sprintf("%v/%v", webUserPath, url.PathEscape(user.Username))
|
||||
currentURL = fmt.Sprintf("%v/%v", webUserPath, url.PathEscape(username))
|
||||
case userPageModeTemplate:
|
||||
title = "User template"
|
||||
currentURL = webTemplateUser
|
||||
}
|
||||
return title, currentURL
|
||||
}
|
||||
|
||||
func (s *httpdServer) renderUserPage(w http.ResponseWriter, r *http.Request, user *dataprovider.User,
|
||||
mode userPageMode, errorString string, admin *dataprovider.Admin,
|
||||
) {
|
||||
user.SetEmptySecretsIfNil()
|
||||
title, currentURL := s.getUserPageTitleAndURL(mode, user.Username)
|
||||
if user.Password != "" && user.IsPasswordHashed() {
|
||||
switch mode {
|
||||
case userPageModeUpdate:
|
||||
|
@ -833,10 +872,26 @@ func (s *httpdServer) renderUserPage(w http.ResponseWriter, r *http.Request, use
|
|||
})
|
||||
}
|
||||
}
|
||||
var roles []dataprovider.Role
|
||||
if basePage.LoggedAdmin.Role == "" {
|
||||
var err error
|
||||
roles, err = s.getWebRoles(w, r, 10, true)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
folders, err := s.getWebVirtualFolders(w, r, defaultQueryLimit, true)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
groups, err := s.getWebGroups(w, r, defaultQueryLimit, true)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
data := userPage{
|
||||
basePage: basePage,
|
||||
Mode: mode,
|
||||
Error: error,
|
||||
Error: errorString,
|
||||
User: user,
|
||||
ValidPerms: dataprovider.ValidPerms,
|
||||
ValidLoginMethods: dataprovider.ValidLoginMethods,
|
||||
|
@ -846,6 +901,7 @@ func (s *httpdServer) renderUserPage(w http.ResponseWriter, r *http.Request, use
|
|||
RootDirPerms: user.GetPermissionsForPath("/"),
|
||||
VirtualFolders: folders,
|
||||
Groups: groups,
|
||||
Roles: roles,
|
||||
CanImpersonate: os.Getuid() == 0,
|
||||
FsWrapper: fsWrapper{
|
||||
Filesystem: user.FsConfig,
|
||||
|
@ -859,6 +915,27 @@ func (s *httpdServer) renderUserPage(w http.ResponseWriter, r *http.Request, use
|
|||
renderAdminTemplate(w, templateUser, data)
|
||||
}
|
||||
|
||||
func (s *httpdServer) renderRolePage(w http.ResponseWriter, r *http.Request, role dataprovider.Role,
|
||||
mode genericPageMode, error string,
|
||||
) {
|
||||
var title, currentURL string
|
||||
switch mode {
|
||||
case genericPageModeAdd:
|
||||
title = "Add a new role"
|
||||
currentURL = webAdminRolePath
|
||||
case genericPageModeUpdate:
|
||||
title = "Update role"
|
||||
currentURL = fmt.Sprintf("%s/%s", webAdminRolePath, url.PathEscape(role.Name))
|
||||
}
|
||||
data := rolePage{
|
||||
basePage: s.getBasePageData(title, currentURL, r),
|
||||
Error: error,
|
||||
Role: &role,
|
||||
Mode: mode,
|
||||
}
|
||||
renderAdminTemplate(w, templateRole, data)
|
||||
}
|
||||
|
||||
func (s *httpdServer) renderGroupPage(w http.ResponseWriter, r *http.Request, group dataprovider.Group,
|
||||
mode genericPageMode, error string,
|
||||
) {
|
||||
|
@ -1577,6 +1654,7 @@ func getAdminFromPostFields(r *http.Request) (dataprovider.Admin, error) {
|
|||
admin.Permissions = r.Form["permissions"]
|
||||
admin.Email = r.Form.Get("email")
|
||||
admin.Status = status
|
||||
admin.Role = r.Form.Get("role")
|
||||
admin.Filters.AllowList = getSliceFromDelimitedValues(r.Form.Get("allowed_ip"), ",")
|
||||
admin.Filters.AllowAPIKeyAuth = r.Form.Get("allow_api_key_auth") != ""
|
||||
admin.AdditionalInfo = r.Form.Get("additional_info")
|
||||
|
@ -1843,6 +1921,7 @@ func getUserFromPostFields(r *http.Request) (dataprovider.User, error) {
|
|||
ExpirationDate: expirationDateMillis,
|
||||
AdditionalInfo: r.Form.Get("additional_info"),
|
||||
Description: r.Form.Get("description"),
|
||||
Role: r.Form.Get("role"),
|
||||
},
|
||||
Filters: dataprovider.UserFilters{
|
||||
BaseUserFilters: filters,
|
||||
|
@ -2223,6 +2302,18 @@ func getEventRuleFromPostFields(r *http.Request) (dataprovider.EventRule, error)
|
|||
return rule, nil
|
||||
}
|
||||
|
||||
func getRoleFromPostFields(r *http.Request) (dataprovider.Role, error) {
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
return dataprovider.Role{}, err
|
||||
}
|
||||
|
||||
return dataprovider.Role{
|
||||
Name: r.Form.Get("name"),
|
||||
Description: r.Form.Get("description"),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *httpdServer) handleWebAdminForgotPwd(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
if !smtp.IsEnabled() {
|
||||
|
@ -2515,10 +2606,14 @@ func (s *httpdServer) handleWebUpdateAdminPost(w http.ResponseWriter, r *http.Re
|
|||
s.renderAddUpdateAdminPage(w, r, &updatedAdmin, "You cannot disable yourself", false)
|
||||
return
|
||||
}
|
||||
if updatedAdmin.Role != claims.Role {
|
||||
s.renderAddUpdateAdminPage(w, r, &updatedAdmin, "You cannot add/change your role", false)
|
||||
return
|
||||
}
|
||||
}
|
||||
err = dataprovider.UpdateAdmin(&updatedAdmin, claims.Username, ipAddr)
|
||||
if err != nil {
|
||||
s.renderAddUpdateAdminPage(w, r, &admin, err.Error(), false)
|
||||
s.renderAddUpdateAdminPage(w, r, &updatedAdmin, err.Error(), false)
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, webAdminsPath, http.StatusSeeOther)
|
||||
|
@ -2536,6 +2631,11 @@ func (s *httpdServer) handleWebDefenderPage(w http.ResponseWriter, r *http.Reque
|
|||
|
||||
func (s *httpdServer) handleGetWebUsers(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
s.renderBadRequestPage(w, r, errors.New("invalid token claims"))
|
||||
return
|
||||
}
|
||||
var limit int
|
||||
if _, ok := r.URL.Query()["qlimit"]; ok {
|
||||
var err error
|
||||
|
@ -2548,7 +2648,7 @@ func (s *httpdServer) handleGetWebUsers(w http.ResponseWriter, r *http.Request)
|
|||
}
|
||||
users := make([]dataprovider.User, 0, limit)
|
||||
for {
|
||||
u, err := dataprovider.GetUsers(limit, len(users), dataprovider.OrderASC)
|
||||
u, err := dataprovider.GetUsers(limit, len(users), dataprovider.OrderASC, claims.Role)
|
||||
if err != nil {
|
||||
s.renderInternalServerErrorPage(w, r, err)
|
||||
return
|
||||
|
@ -2657,7 +2757,7 @@ func (s *httpdServer) handleWebTemplateUserGet(w http.ResponseWriter, r *http.Re
|
|||
}
|
||||
if r.URL.Query().Get("from") != "" {
|
||||
username := r.URL.Query().Get("from")
|
||||
user, err := dataprovider.UserExists(username)
|
||||
user, err := dataprovider.UserExists(username, admin.Role)
|
||||
if err == nil {
|
||||
user.SetEmptySecrets()
|
||||
user.PublicKeys = nil
|
||||
|
@ -2715,6 +2815,8 @@ func (s *httpdServer) handleWebTemplateUserPost(w http.ResponseWriter, r *http.R
|
|||
http.StatusBadRequest, err, "")
|
||||
return
|
||||
}
|
||||
// to create a template the "manage_system" permission is required, so role admins cannot use
|
||||
// this method, we don't need to force the role
|
||||
dump.Users = append(dump.Users, u)
|
||||
for _, folder := range u.VirtualFolders {
|
||||
if !dump.HasFolder(folder.Name) {
|
||||
|
@ -2764,8 +2866,13 @@ func (s *httpdServer) handleWebAddUserGet(w http.ResponseWriter, r *http.Request
|
|||
|
||||
func (s *httpdServer) handleWebUpdateUserGet(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
s.renderBadRequestPage(w, r, errors.New("invalid token claims"))
|
||||
return
|
||||
}
|
||||
username := getURLParam(r, "username")
|
||||
user, err := dataprovider.UserExists(username)
|
||||
user, err := dataprovider.UserExists(username, claims.Role)
|
||||
if err == nil {
|
||||
s.renderUserPage(w, r, &user, userPageModeUpdate, "", nil)
|
||||
} else if _, ok := err.(*util.RecordNotFoundError); ok {
|
||||
|
@ -2797,6 +2904,13 @@ func (s *httpdServer) handleWebAddUserPost(w http.ResponseWriter, r *http.Reques
|
|||
Password: user.Password,
|
||||
PublicKeys: user.PublicKeys,
|
||||
})
|
||||
if claims.Role != "" {
|
||||
user.Role = claims.Role
|
||||
}
|
||||
user.Filters.RecoveryCodes = nil
|
||||
user.Filters.TOTPConfig = dataprovider.UserTOTPConfig{
|
||||
Enabled: false,
|
||||
}
|
||||
err = dataprovider.AddUser(&user, claims.Username, ipAddr)
|
||||
if err != nil {
|
||||
s.renderUserPage(w, r, &user, userPageModeAdd, err.Error(), nil)
|
||||
|
@ -2813,7 +2927,7 @@ func (s *httpdServer) handleWebUpdateUserPost(w http.ResponseWriter, r *http.Req
|
|||
return
|
||||
}
|
||||
username := getURLParam(r, "username")
|
||||
user, err := dataprovider.UserExists(username)
|
||||
user, err := dataprovider.UserExists(username, claims.Role)
|
||||
if _, ok := err.(*util.RecordNotFoundError); ok {
|
||||
s.renderNotFoundPage(w, r, err)
|
||||
return
|
||||
|
@ -2849,6 +2963,9 @@ func (s *httpdServer) handleWebUpdateUserPost(w http.ResponseWriter, r *http.Req
|
|||
Password: updatedUser.Password,
|
||||
PublicKeys: updatedUser.PublicKeys,
|
||||
})
|
||||
if claims.Role != "" {
|
||||
updatedUser.Role = claims.Role
|
||||
}
|
||||
|
||||
err = dataprovider.UpdateUser(&updatedUser, claims.Username, ipAddr)
|
||||
if err != nil {
|
||||
|
@ -2877,8 +2994,8 @@ func (s *httpdServer) handleWebGetConnections(w http.ResponseWriter, r *http.Req
|
|||
s.renderBadRequestPage(w, r, errors.New("invalid token claims"))
|
||||
return
|
||||
}
|
||||
connectionStats := common.Connections.GetStats()
|
||||
connectionStats = append(connectionStats, getNodesConnections(claims.Username)...)
|
||||
connectionStats := common.Connections.GetStats(claims.Role)
|
||||
connectionStats = append(connectionStats, getNodesConnections(claims.Username, claims.Role)...)
|
||||
data := connectionsPage{
|
||||
basePage: s.getBasePageData(pageConnectionsTitle, webConnectionsPath, r),
|
||||
Connections: connectionStats,
|
||||
|
@ -3400,3 +3517,110 @@ func (s *httpdServer) handleWebUpdateEventRulePost(w http.ResponseWriter, r *htt
|
|||
}
|
||||
http.Redirect(w, r, webAdminEventRulesPath, http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (s *httpdServer) getWebRoles(w http.ResponseWriter, r *http.Request, limit int, minimal bool) ([]dataprovider.Role, error) {
|
||||
roles := make([]dataprovider.Role, 0, limit)
|
||||
for {
|
||||
res, err := dataprovider.GetRoles(limit, len(roles), dataprovider.OrderASC, minimal)
|
||||
if err != nil {
|
||||
s.renderInternalServerErrorPage(w, r, err)
|
||||
return roles, err
|
||||
}
|
||||
roles = append(roles, res...)
|
||||
if len(res) < limit {
|
||||
break
|
||||
}
|
||||
}
|
||||
return roles, nil
|
||||
}
|
||||
|
||||
func (s *httpdServer) handleWebGetRoles(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
roles, err := s.getWebRoles(w, r, 10, false)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
data := rolesPage{
|
||||
basePage: s.getBasePageData(pageRolesTitle, webAdminRolesPath, r),
|
||||
Roles: roles,
|
||||
}
|
||||
renderAdminTemplate(w, templateRoles, data)
|
||||
}
|
||||
|
||||
func (s *httpdServer) handleWebAddRoleGet(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
s.renderRolePage(w, r, dataprovider.Role{}, genericPageModeAdd, "")
|
||||
}
|
||||
|
||||
func (s *httpdServer) handleWebAddRolePost(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
role, err := getRoleFromPostFields(r)
|
||||
if err != nil {
|
||||
s.renderRolePage(w, r, role, genericPageModeAdd, err.Error())
|
||||
return
|
||||
}
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
s.renderBadRequestPage(w, r, errors.New("invalid token claims"))
|
||||
return
|
||||
}
|
||||
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
|
||||
if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
|
||||
s.renderForbiddenPage(w, r, err.Error())
|
||||
return
|
||||
}
|
||||
err = dataprovider.AddRole(&role, claims.Username, ipAddr)
|
||||
if err != nil {
|
||||
s.renderRolePage(w, r, role, genericPageModeAdd, err.Error())
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, webAdminRolesPath, http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (s *httpdServer) handleWebUpdateRoleGet(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
role, err := dataprovider.RoleExists(getURLParam(r, "name"))
|
||||
if err == nil {
|
||||
s.renderRolePage(w, r, role, genericPageModeUpdate, "")
|
||||
} else if _, ok := err.(*util.RecordNotFoundError); ok {
|
||||
s.renderNotFoundPage(w, r, err)
|
||||
} else {
|
||||
s.renderInternalServerErrorPage(w, r, err)
|
||||
}
|
||||
}
|
||||
|
||||
func (s *httpdServer) handleWebUpdateRolePost(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||
claims, err := getTokenClaims(r)
|
||||
if err != nil || claims.Username == "" {
|
||||
s.renderBadRequestPage(w, r, errors.New("invalid token claims"))
|
||||
return
|
||||
}
|
||||
role, err := dataprovider.RoleExists(getURLParam(r, "name"))
|
||||
if _, ok := err.(*util.RecordNotFoundError); ok {
|
||||
s.renderNotFoundPage(w, r, err)
|
||||
return
|
||||
} else if err != nil {
|
||||
s.renderInternalServerErrorPage(w, r, err)
|
||||
return
|
||||
}
|
||||
|
||||
updatedRole, err := getRoleFromPostFields(r)
|
||||
if err != nil {
|
||||
s.renderRolePage(w, r, role, genericPageModeAdd, err.Error())
|
||||
return
|
||||
}
|
||||
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
|
||||
if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
|
||||
s.renderForbiddenPage(w, r, err.Error())
|
||||
return
|
||||
}
|
||||
updatedRole.ID = role.ID
|
||||
updatedRole.Name = role.Name
|
||||
err = dataprovider.UpdateRole(&updatedRole, claims.Username, ipAddr)
|
||||
if err != nil {
|
||||
s.renderRolePage(w, r, updatedRole, genericPageModeUpdate, err.Error())
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, webAdminRolesPath, http.StatusSeeOther)
|
||||
}
|
||||
|
|
|
@ -472,7 +472,7 @@ func (s *httpdServer) renderClientMFAPage(w http.ResponseWriter, r *http.Request
|
|||
RecCodesURL: webClientRecoveryCodesPath,
|
||||
Protocols: dataprovider.MFAProtocols,
|
||||
}
|
||||
user, err := dataprovider.UserExists(data.LoggedUser.Username)
|
||||
user, err := dataprovider.UserExists(data.LoggedUser.Username, "")
|
||||
if err != nil {
|
||||
s.renderInternalServerErrorPage(w, r, err)
|
||||
return
|
||||
|
@ -590,7 +590,7 @@ func (s *httpdServer) renderClientProfilePage(w http.ResponseWriter, r *http.Req
|
|||
baseClientPage: s.getBaseClientPageData(pageClientProfileTitle, webClientProfilePath, r),
|
||||
Error: error,
|
||||
}
|
||||
user, userMerged, err := dataprovider.GetUserVariants(data.LoggedUser.Username)
|
||||
user, userMerged, err := dataprovider.GetUserVariants(data.LoggedUser.Username, "")
|
||||
if err != nil {
|
||||
s.renderClientInternalServerErrorPage(w, r, err)
|
||||
return
|
||||
|
@ -620,7 +620,7 @@ func (s *httpdServer) handleWebClientDownloadZip(w http.ResponseWriter, r *http.
|
|||
return
|
||||
}
|
||||
|
||||
user, err := dataprovider.GetUserWithGroupSettings(claims.Username)
|
||||
user, err := dataprovider.GetUserWithGroupSettings(claims.Username, "")
|
||||
if err != nil {
|
||||
s.renderClientMessagePage(w, r, "Unable to retrieve your user", "", getRespStatus(err), nil, "")
|
||||
return
|
||||
|
@ -820,7 +820,7 @@ func (s *httpdServer) handleClientGetDirContents(w http.ResponseWriter, r *http.
|
|||
return
|
||||
}
|
||||
|
||||
user, err := dataprovider.GetUserWithGroupSettings(claims.Username)
|
||||
user, err := dataprovider.GetUserWithGroupSettings(claims.Username, "")
|
||||
if err != nil {
|
||||
sendAPIResponse(w, r, nil, "Unable to retrieve your user", getRespStatus(err))
|
||||
return
|
||||
|
@ -897,7 +897,7 @@ func (s *httpdServer) handleClientGetFiles(w http.ResponseWriter, r *http.Reques
|
|||
return
|
||||
}
|
||||
|
||||
user, err := dataprovider.GetUserWithGroupSettings(claims.Username)
|
||||
user, err := dataprovider.GetUserWithGroupSettings(claims.Username, "")
|
||||
if err != nil {
|
||||
s.renderClientMessagePage(w, r, "Unable to retrieve your user", "", getRespStatus(err), nil, "")
|
||||
return
|
||||
|
@ -956,7 +956,7 @@ func (s *httpdServer) handleClientEditFile(w http.ResponseWriter, r *http.Reques
|
|||
return
|
||||
}
|
||||
|
||||
user, err := dataprovider.GetUserWithGroupSettings(claims.Username)
|
||||
user, err := dataprovider.GetUserWithGroupSettings(claims.Username, "")
|
||||
if err != nil {
|
||||
s.renderClientMessagePage(w, r, "Unable to retrieve your user", "", getRespStatus(err), nil, "")
|
||||
return
|
||||
|
@ -1025,7 +1025,7 @@ func (s *httpdServer) handleClientAddShareGet(w http.ResponseWriter, r *http.Req
|
|||
s.renderClientForbiddenPage(w, r, "Invalid token claims")
|
||||
return
|
||||
}
|
||||
user, err := dataprovider.GetUserWithGroupSettings(claims.Username)
|
||||
user, err := dataprovider.GetUserWithGroupSettings(claims.Username, "")
|
||||
if err != nil {
|
||||
s.renderClientMessagePage(w, r, "Unable to retrieve your user", "", getRespStatus(err), nil, "")
|
||||
return
|
||||
|
@ -1218,7 +1218,7 @@ func (s *httpdServer) handleWebClientProfilePost(w http.ResponseWriter, r *http.
|
|||
s.renderClientForbiddenPage(w, r, "Invalid token claims")
|
||||
return
|
||||
}
|
||||
user, userMerged, err := dataprovider.GetUserVariants(claims.Username)
|
||||
user, userMerged, err := dataprovider.GetUserVariants(claims.Username, "")
|
||||
if err != nil {
|
||||
s.renderClientProfilePage(w, r, err.Error())
|
||||
return
|
||||
|
@ -1368,7 +1368,7 @@ func (s *httpdServer) handleClientGetPDF(w http.ResponseWriter, r *http.Request)
|
|||
return
|
||||
}
|
||||
name = util.CleanPath(name)
|
||||
user, err := dataprovider.GetUserWithGroupSettings(claims.Username)
|
||||
user, err := dataprovider.GetUserWithGroupSettings(claims.Username, "")
|
||||
if err != nil {
|
||||
s.renderClientMessagePage(w, r, "Unable to retrieve your user", "", getRespStatus(err), nil, "")
|
||||
return
|
||||
|
|
|
@ -62,6 +62,7 @@ const (
|
|||
retentionChecksPath = "/api/v2/retention/users/checks"
|
||||
eventActionsPath = "/api/v2/eventactions"
|
||||
eventRulesPath = "/api/v2/eventrules"
|
||||
rolesPath = "/api/v2/roles"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -368,6 +369,115 @@ func GetGroups(limit, offset int64, expectedStatusCode int) ([]dataprovider.Grou
|
|||
return groups, body, err
|
||||
}
|
||||
|
||||
// AddRole adds a new role and checks the received HTTP Status code against expectedStatusCode.
|
||||
func AddRole(role dataprovider.Role, expectedStatusCode int) (dataprovider.Role, []byte, error) {
|
||||
var newRole dataprovider.Role
|
||||
var body []byte
|
||||
asJSON, _ := json.Marshal(role)
|
||||
resp, err := sendHTTPRequest(http.MethodPost, buildURLRelativeToBase(rolesPath), bytes.NewBuffer(asJSON),
|
||||
"application/json", getDefaultToken())
|
||||
if err != nil {
|
||||
return newRole, body, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
err = checkResponse(resp.StatusCode, expectedStatusCode)
|
||||
if expectedStatusCode != http.StatusCreated {
|
||||
body, _ = getResponseBody(resp)
|
||||
return newRole, body, err
|
||||
}
|
||||
if err == nil {
|
||||
err = render.DecodeJSON(resp.Body, &newRole)
|
||||
} else {
|
||||
body, _ = getResponseBody(resp)
|
||||
}
|
||||
if err == nil {
|
||||
err = checkRole(role, newRole)
|
||||
}
|
||||
return newRole, body, err
|
||||
}
|
||||
|
||||
// UpdateRole updates an existing role and checks the received HTTP Status code against expectedStatusCode
|
||||
func UpdateRole(role dataprovider.Role, expectedStatusCode int) (dataprovider.Role, []byte, error) {
|
||||
var newRole dataprovider.Role
|
||||
var body []byte
|
||||
|
||||
asJSON, _ := json.Marshal(role)
|
||||
resp, err := sendHTTPRequest(http.MethodPut, buildURLRelativeToBase(rolesPath, url.PathEscape(role.Name)),
|
||||
bytes.NewBuffer(asJSON), "application/json", getDefaultToken())
|
||||
if err != nil {
|
||||
return newRole, body, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
body, _ = getResponseBody(resp)
|
||||
err = checkResponse(resp.StatusCode, expectedStatusCode)
|
||||
if expectedStatusCode != http.StatusOK {
|
||||
return newRole, body, err
|
||||
}
|
||||
if err == nil {
|
||||
newRole, body, err = GetRoleByName(role.Name, expectedStatusCode)
|
||||
}
|
||||
if err == nil {
|
||||
err = checkRole(role, newRole)
|
||||
}
|
||||
return newRole, body, err
|
||||
}
|
||||
|
||||
// RemoveRole removes an existing role and checks the received HTTP Status code against expectedStatusCode.
|
||||
func RemoveRole(role dataprovider.Role, expectedStatusCode int) ([]byte, error) {
|
||||
var body []byte
|
||||
resp, err := sendHTTPRequest(http.MethodDelete, buildURLRelativeToBase(rolesPath, url.PathEscape(role.Name)),
|
||||
nil, "", getDefaultToken())
|
||||
if err != nil {
|
||||
return body, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
body, _ = getResponseBody(resp)
|
||||
return body, checkResponse(resp.StatusCode, expectedStatusCode)
|
||||
}
|
||||
|
||||
// GetRoleByName gets a role by name and checks the received HTTP Status code against expectedStatusCode.
|
||||
func GetRoleByName(name string, expectedStatusCode int) (dataprovider.Role, []byte, error) {
|
||||
var role dataprovider.Role
|
||||
var body []byte
|
||||
resp, err := sendHTTPRequest(http.MethodGet, buildURLRelativeToBase(rolesPath, url.PathEscape(name)),
|
||||
nil, "", getDefaultToken())
|
||||
if err != nil {
|
||||
return role, body, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
err = checkResponse(resp.StatusCode, expectedStatusCode)
|
||||
if err == nil && expectedStatusCode == http.StatusOK {
|
||||
err = render.DecodeJSON(resp.Body, &role)
|
||||
} else {
|
||||
body, _ = getResponseBody(resp)
|
||||
}
|
||||
return role, body, err
|
||||
}
|
||||
|
||||
// GetRoles returns a list of roles and checks the received HTTP Status code against expectedStatusCode.
|
||||
// The number of results can be limited specifying a limit.
|
||||
// Some results can be skipped specifying an offset.
|
||||
func GetRoles(limit, offset int64, expectedStatusCode int) ([]dataprovider.Role, []byte, error) {
|
||||
var roles []dataprovider.Role
|
||||
var body []byte
|
||||
url, err := addLimitAndOffsetQueryParams(buildURLRelativeToBase(rolesPath), limit, offset)
|
||||
if err != nil {
|
||||
return roles, body, err
|
||||
}
|
||||
resp, err := sendHTTPRequest(http.MethodGet, url.String(), nil, "", getDefaultToken())
|
||||
if err != nil {
|
||||
return roles, body, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
err = checkResponse(resp.StatusCode, expectedStatusCode)
|
||||
if err == nil && expectedStatusCode == http.StatusOK {
|
||||
err = render.DecodeJSON(resp.Body, &roles)
|
||||
} else {
|
||||
body, _ = getResponseBody(resp)
|
||||
}
|
||||
return roles, body, err
|
||||
}
|
||||
|
||||
// AddAdmin adds a new admin and checks the received HTTP Status code against expectedStatusCode.
|
||||
func AddAdmin(admin dataprovider.Admin, expectedStatusCode int) (dataprovider.Admin, []byte, error) {
|
||||
var newAdmin dataprovider.Admin
|
||||
|
@ -1503,6 +1613,31 @@ func checkEventRule(expected, actual dataprovider.EventRule) error {
|
|||
return checkEventRuleActions(expected.Actions, actual.Actions)
|
||||
}
|
||||
|
||||
func checkRole(expected, actual dataprovider.Role) error {
|
||||
if expected.ID <= 0 {
|
||||
if actual.ID <= 0 {
|
||||
return errors.New("actual role ID must be > 0")
|
||||
}
|
||||
} else {
|
||||
if actual.ID != expected.ID {
|
||||
return errors.New("role ID mismatch")
|
||||
}
|
||||
}
|
||||
if dataprovider.ConvertName(expected.Name) != actual.Name {
|
||||
return errors.New("name mismatch")
|
||||
}
|
||||
if expected.Description != actual.Description {
|
||||
return errors.New("description mismatch")
|
||||
}
|
||||
if actual.CreatedAt == 0 {
|
||||
return errors.New("created_at unset")
|
||||
}
|
||||
if actual.UpdatedAt == 0 {
|
||||
return errors.New("updated_at unset")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func checkGroup(expected, actual dataprovider.Group) error {
|
||||
if expected.ID <= 0 {
|
||||
if actual.ID <= 0 {
|
||||
|
@ -1667,6 +1802,9 @@ func compareAdminEqualFields(expected *dataprovider.Admin, actual *dataprovider.
|
|||
if expected.AdditionalInfo != actual.AdditionalInfo {
|
||||
return errors.New("additional info mismatch")
|
||||
}
|
||||
if expected.Role != actual.Role {
|
||||
return errors.New("role mismatch")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -2491,6 +2629,9 @@ func compareEqualsUserFields(expected *dataprovider.User, actual *dataprovider.U
|
|||
if expected.Description != actual.Description {
|
||||
return errors.New("description mismatch")
|
||||
}
|
||||
if expected.Role != actual.Role {
|
||||
return errors.New("role mismatch")
|
||||
}
|
||||
return compareQuotaUserFields(expected, actual)
|
||||
}
|
||||
|
||||
|
|
|
@ -350,7 +350,11 @@ func (s *Service) LoadInitialData() error {
|
|||
}
|
||||
|
||||
func (s *Service) restoreDump(dump *dataprovider.BackupData) error {
|
||||
err := httpd.RestoreFolders(dump.Folders, s.LoadDataFrom, s.LoadDataMode, s.LoadDataQuotaScan, dataprovider.ActionExecutorSystem, "")
|
||||
err := httpd.RestoreRoles(dump.Roles, s.LoadDataFrom, s.LoadDataMode, dataprovider.ActionExecutorSystem, "")
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to restore roles from file %#v: %v", s.LoadDataFrom, err)
|
||||
}
|
||||
err = httpd.RestoreFolders(dump.Folders, s.LoadDataFrom, s.LoadDataMode, s.LoadDataQuotaScan, dataprovider.ActionExecutorSystem, "")
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to restore folders from file %#v: %v", s.LoadDataFrom, err)
|
||||
}
|
||||
|
|
|
@ -2088,7 +2088,7 @@ func TestRecoverer(t *testing.T) {
|
|||
}
|
||||
err = scpCmd.handle()
|
||||
assert.EqualError(t, err, common.ErrGenericFailure.Error())
|
||||
assert.Len(t, common.Connections.GetStats(), 0)
|
||||
assert.Len(t, common.Connections.GetStats(""), 0)
|
||||
}
|
||||
|
||||
func TestListernerAcceptErrors(t *testing.T) {
|
||||
|
@ -2241,7 +2241,7 @@ func TestMaxUserSessions(t *testing.T) {
|
|||
assert.Contains(t, err.Error(), "too many open sessions")
|
||||
}
|
||||
common.Connections.Remove(connection.GetID())
|
||||
assert.Len(t, common.Connections.GetStats(), 0)
|
||||
assert.Len(t, common.Connections.GetStats(""), 0)
|
||||
}
|
||||
|
||||
func TestCanReadSymlink(t *testing.T) {
|
||||
|
|
|
@ -237,7 +237,7 @@ func (c *Configuration) getServerConfig() *ssh.ServerConfig {
|
|||
},
|
||||
NextAuthMethodsCallback: func(conn ssh.ConnMetadata) []string {
|
||||
var nextMethods []string
|
||||
user, err := dataprovider.GetUserWithGroupSettings(conn.User())
|
||||
user, err := dataprovider.GetUserWithGroupSettings(conn.User(), "")
|
||||
if err == nil {
|
||||
nextMethods = user.GetNextAuthMethods(conn.PartialSuccessMethods(), c.PasswordAuthentication)
|
||||
}
|
||||
|
|
|
@ -985,7 +985,7 @@ func TestDefender(t *testing.T) {
|
|||
_, _, err = getSftpClient(user, usePubKey)
|
||||
assert.Error(t, err)
|
||||
|
||||
err = dataprovider.DeleteUser(user.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
|
@ -1144,7 +1144,7 @@ func TestConcurrency(t *testing.T) {
|
|||
for {
|
||||
servedReqs := closedConns.Load()
|
||||
if servedReqs > 0 {
|
||||
stats := common.Connections.GetStats()
|
||||
stats := common.Connections.GetStats("")
|
||||
if len(stats) > maxConns {
|
||||
maxConns = len(stats)
|
||||
}
|
||||
|
@ -1178,7 +1178,7 @@ func TestConcurrency(t *testing.T) {
|
|||
}, 1*time.Second, 50*time.Millisecond)
|
||||
|
||||
assert.Eventually(t, func() bool {
|
||||
return len(common.Connections.GetStats()) == 0
|
||||
return len(common.Connections.GetStats("")) == 0
|
||||
}, 1*time.Second, 50*time.Millisecond)
|
||||
|
||||
err = os.Remove(testFilePath)
|
||||
|
@ -4284,7 +4284,7 @@ func TestMaxConnections(t *testing.T) {
|
|||
err = conn.Close()
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
err = dataprovider.DeleteUser(user.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
|
@ -4319,7 +4319,7 @@ func TestMaxPerHostConnections(t *testing.T) {
|
|||
err = conn.Close()
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
err = dataprovider.DeleteUser(user.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
|
@ -4603,12 +4603,12 @@ func TestQuotaScan(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestMultipleQuotaScans(t *testing.T) {
|
||||
res := common.QuotaScans.AddUserQuotaScan(defaultUsername)
|
||||
res := common.QuotaScans.AddUserQuotaScan(defaultUsername, "")
|
||||
assert.True(t, res)
|
||||
res = common.QuotaScans.AddUserQuotaScan(defaultUsername)
|
||||
res = common.QuotaScans.AddUserQuotaScan(defaultUsername, "")
|
||||
assert.False(t, res, "add quota must fail if another scan is already active")
|
||||
assert.True(t, common.QuotaScans.RemoveUserQuotaScan(defaultUsername))
|
||||
activeScans := common.QuotaScans.GetUsersQuotaScans()
|
||||
activeScans := common.QuotaScans.GetUsersQuotaScans("")
|
||||
assert.Equal(t, 0, len(activeScans))
|
||||
assert.False(t, common.QuotaScans.RemoveUserQuotaScan(defaultUsername))
|
||||
}
|
||||
|
@ -4866,13 +4866,13 @@ func TestBandwidthAndConnections(t *testing.T) {
|
|||
waitForActiveTransfers(t)
|
||||
time.Sleep(100 * time.Millisecond)
|
||||
|
||||
for _, stat := range common.Connections.GetStats() {
|
||||
common.Connections.Close(stat.ConnectionID)
|
||||
for _, stat := range common.Connections.GetStats("") {
|
||||
common.Connections.Close(stat.ConnectionID, "")
|
||||
}
|
||||
err = <-c
|
||||
assert.Error(t, err, "connection closed while uploading: the upload must fail")
|
||||
assert.Eventually(t, func() bool {
|
||||
return len(common.Connections.GetStats()) == 0
|
||||
return len(common.Connections.GetStats("")) == 0
|
||||
}, 10*time.Second, 200*time.Millisecond)
|
||||
err = os.Remove(testFilePath)
|
||||
assert.NoError(t, err)
|
||||
|
@ -7242,7 +7242,7 @@ func TestHashedPasswords(t *testing.T) {
|
|||
user.Password = ""
|
||||
userGetInitial, _, err := httpdtest.UpdateUser(user, http.StatusOK, "")
|
||||
assert.NoError(t, err)
|
||||
user, err = dataprovider.UserExists(user.Username)
|
||||
user, err = dataprovider.UserExists(user.Username, "")
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, pwd, user.Password)
|
||||
user.Password = clearPwd
|
||||
|
@ -7259,7 +7259,7 @@ func TestHashedPasswords(t *testing.T) {
|
|||
conn.Close()
|
||||
}
|
||||
// the password must converted to bcrypt and we should still be able to login
|
||||
user, err = dataprovider.UserExists(user.Username)
|
||||
user, err = dataprovider.UserExists(user.Username, "")
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, strings.HasPrefix(user.Password, "$2a$"))
|
||||
// update the user to invalidate the cached password and force a new check
|
||||
|
@ -10576,7 +10576,7 @@ func TestSCPErrors(t *testing.T) {
|
|||
time.Sleep(100 * time.Millisecond)
|
||||
err = cmd.Process.Kill()
|
||||
assert.NoError(t, err)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 }, 2*time.Second, 100*time.Millisecond)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 2*time.Second, 100*time.Millisecond)
|
||||
cmd = getScpUploadCommand(testFilePath, remoteUpPath, false, false)
|
||||
go func() {
|
||||
err := cmd.Run()
|
||||
|
@ -10588,7 +10588,7 @@ func TestSCPErrors(t *testing.T) {
|
|||
time.Sleep(100 * time.Millisecond)
|
||||
err = cmd.Process.Kill()
|
||||
assert.NoError(t, err)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 }, 2*time.Second, 100*time.Millisecond)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 2*time.Second, 100*time.Millisecond)
|
||||
err = os.Remove(testFilePath)
|
||||
assert.NoError(t, err)
|
||||
os.Remove(localPath)
|
||||
|
@ -11076,7 +11076,7 @@ func computeHashForFile(hasher hash.Hash, path string) (string, error) {
|
|||
|
||||
func waitForActiveTransfers(t *testing.T) {
|
||||
assert.Eventually(t, func() bool {
|
||||
for _, stat := range common.Connections.GetStats() {
|
||||
for _, stat := range common.Connections.GetStats("") {
|
||||
if len(stat.Transfers) > 0 {
|
||||
return true
|
||||
}
|
||||
|
|
|
@ -181,6 +181,7 @@ func SendEmail(to []string, subject, body string, contentType EmailContentType,
|
|||
}
|
||||
|
||||
email := mail.NewMSG()
|
||||
email.AllowDuplicateAddress = true
|
||||
if from != "" {
|
||||
email.SetFrom(from)
|
||||
} else {
|
||||
|
|
|
@ -617,8 +617,8 @@ func GetSSHPublicKeyAsString(pubKey []byte) (string, error) {
|
|||
return string(ssh.MarshalAuthorizedKey(k)), nil
|
||||
}
|
||||
|
||||
// GetRealIP returns the ip address as result of parsing either the
|
||||
// X-Real-IP header or the X-Forwarded-For header
|
||||
// GetRealIP returns the ip address as result of parsing the specified
|
||||
// header and using the specified depth
|
||||
func GetRealIP(r *http.Request, header string, depth int) string {
|
||||
if header == "" {
|
||||
return ""
|
||||
|
|
|
@ -17,7 +17,7 @@ package version
|
|||
|
||||
import "strings"
|
||||
|
||||
const version = "2.4.0-dev"
|
||||
const version = "2.4.1-dev"
|
||||
|
||||
var (
|
||||
commit = ""
|
||||
|
|
|
@ -937,7 +937,7 @@ func TestTransferSeek(t *testing.T) {
|
|||
assert.True(t, fs.IsNotExist(err))
|
||||
assert.Equal(t, int64(0), res)
|
||||
|
||||
assert.Len(t, common.Connections.GetStats(), 0)
|
||||
assert.Len(t, common.Connections.GetStats(""), 0)
|
||||
|
||||
err = os.Remove(testFilePath)
|
||||
assert.NoError(t, err)
|
||||
|
@ -959,7 +959,7 @@ func TestBasicUsersCache(t *testing.T) {
|
|||
u.Permissions["/"] = []string{dataprovider.PermAny}
|
||||
err := dataprovider.AddUser(&u, "", "")
|
||||
assert.NoError(t, err)
|
||||
user, err := dataprovider.UserExists(u.Username)
|
||||
user, err := dataprovider.UserExists(u.Username, "")
|
||||
assert.NoError(t, err)
|
||||
|
||||
c := &Configuration{
|
||||
|
@ -1054,7 +1054,7 @@ func TestBasicUsersCache(t *testing.T) {
|
|||
_, ok = dataprovider.GetCachedWebDAVUser(username)
|
||||
assert.True(t, ok)
|
||||
// cache is invalidated after user deletion
|
||||
err = dataprovider.DeleteUser(user.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
_, ok = dataprovider.GetCachedWebDAVUser(username)
|
||||
assert.False(t, ok)
|
||||
|
@ -1090,7 +1090,7 @@ func TestCachedUserWithFolders(t *testing.T) {
|
|||
})
|
||||
err := dataprovider.AddUser(&u, "", "")
|
||||
assert.NoError(t, err)
|
||||
user, err := dataprovider.UserExists(u.Username)
|
||||
user, err := dataprovider.UserExists(u.Username, "")
|
||||
assert.NoError(t, err)
|
||||
|
||||
c := &Configuration{
|
||||
|
@ -1177,7 +1177,7 @@ func TestCachedUserWithFolders(t *testing.T) {
|
|||
assert.False(t, cachedUser.IsExpired())
|
||||
}
|
||||
|
||||
err = dataprovider.DeleteUser(user.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
_, ok = dataprovider.GetCachedWebDAVUser(username)
|
||||
assert.False(t, ok)
|
||||
|
@ -1205,25 +1205,25 @@ func TestUsersCacheSizeAndExpiration(t *testing.T) {
|
|||
u.Permissions["/"] = []string{dataprovider.PermAny}
|
||||
err := dataprovider.AddUser(&u, "", "")
|
||||
assert.NoError(t, err)
|
||||
user1, err := dataprovider.UserExists(u.Username)
|
||||
user1, err := dataprovider.UserExists(u.Username, "")
|
||||
assert.NoError(t, err)
|
||||
u.Username = username + "2"
|
||||
u.Password = password + "2"
|
||||
err = dataprovider.AddUser(&u, "", "")
|
||||
assert.NoError(t, err)
|
||||
user2, err := dataprovider.UserExists(u.Username)
|
||||
user2, err := dataprovider.UserExists(u.Username, "")
|
||||
assert.NoError(t, err)
|
||||
u.Username = username + "3"
|
||||
u.Password = password + "3"
|
||||
err = dataprovider.AddUser(&u, "", "")
|
||||
assert.NoError(t, err)
|
||||
user3, err := dataprovider.UserExists(u.Username)
|
||||
user3, err := dataprovider.UserExists(u.Username, "")
|
||||
assert.NoError(t, err)
|
||||
u.Username = username + "4"
|
||||
u.Password = password + "4"
|
||||
err = dataprovider.AddUser(&u, "", "")
|
||||
assert.NoError(t, err)
|
||||
user4, err := dataprovider.UserExists(u.Username)
|
||||
user4, err := dataprovider.UserExists(u.Username, "")
|
||||
assert.NoError(t, err)
|
||||
|
||||
c := &Configuration{
|
||||
|
@ -1385,13 +1385,13 @@ func TestUsersCacheSizeAndExpiration(t *testing.T) {
|
|||
_, ok = dataprovider.GetCachedWebDAVUser(user4.Username)
|
||||
assert.True(t, ok)
|
||||
|
||||
err = dataprovider.DeleteUser(user1.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user1.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = dataprovider.DeleteUser(user2.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user2.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = dataprovider.DeleteUser(user3.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user3.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
err = dataprovider.DeleteUser(user4.Username, "", "")
|
||||
err = dataprovider.DeleteUser(user4.Username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
|
||||
err = os.RemoveAll(u.GetHomeDir())
|
||||
|
@ -1415,7 +1415,7 @@ func TestUserCacheIsolation(t *testing.T) {
|
|||
u.Permissions["/"] = []string{dataprovider.PermAny}
|
||||
err := dataprovider.AddUser(&u, "", "")
|
||||
assert.NoError(t, err)
|
||||
user, err := dataprovider.UserExists(u.Username)
|
||||
user, err := dataprovider.UserExists(u.Username, "")
|
||||
assert.NoError(t, err)
|
||||
cachedUser := &dataprovider.CachedUser{
|
||||
User: user,
|
||||
|
@ -1449,7 +1449,7 @@ func TestUserCacheIsolation(t *testing.T) {
|
|||
assert.False(t, cachedUser.User.FsConfig.S3Config.AccessSecret.IsEncrypted())
|
||||
}
|
||||
|
||||
err = dataprovider.DeleteUser(username, "", "")
|
||||
err = dataprovider.DeleteUser(username, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
_, ok = dataprovider.GetCachedWebDAVUser(username)
|
||||
assert.False(t, ok)
|
||||
|
|
|
@ -620,7 +620,7 @@ func TestBasicHandling(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(localUser.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 },
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
|
||||
1*time.Second, 100*time.Millisecond)
|
||||
status := webdavd.GetStatus()
|
||||
assert.True(t, status.IsActive)
|
||||
|
@ -702,7 +702,7 @@ func TestBasicHandlingCryptFs(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 },
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
|
||||
1*time.Second, 100*time.Millisecond)
|
||||
}
|
||||
|
||||
|
@ -929,7 +929,7 @@ func TestPropPatch(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(localUser.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 },
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
|
||||
1*time.Second, 100*time.Millisecond)
|
||||
}
|
||||
|
||||
|
@ -1311,7 +1311,7 @@ func TestPreDownloadHook(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 },
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
|
||||
1*time.Second, 100*time.Millisecond)
|
||||
|
||||
common.Config.Actions.ExecuteOn = []string{common.OperationPreDownload}
|
||||
|
@ -1361,7 +1361,7 @@ func TestPreUploadHook(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 },
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
|
||||
1*time.Second, 100*time.Millisecond)
|
||||
|
||||
common.Config.Actions.ExecuteOn = oldExecuteOn
|
||||
|
@ -1424,7 +1424,7 @@ func TestMaxConnections(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 },
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
|
||||
1*time.Second, 100*time.Millisecond)
|
||||
|
||||
common.Config.MaxTotalConnections = oldValue
|
||||
|
@ -1456,7 +1456,7 @@ func TestMaxPerHostConnections(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 },
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
|
||||
1*time.Second, 100*time.Millisecond)
|
||||
|
||||
common.Config.MaxPerHostConnections = oldValue
|
||||
|
@ -1482,7 +1482,7 @@ func TestMaxSessions(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(user.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 },
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
|
||||
1*time.Second, 100*time.Millisecond)
|
||||
}
|
||||
|
||||
|
@ -1894,7 +1894,7 @@ func TestClientClose(t *testing.T) {
|
|||
}()
|
||||
|
||||
assert.Eventually(t, func() bool {
|
||||
for _, stat := range common.Connections.GetStats() {
|
||||
for _, stat := range common.Connections.GetStats("") {
|
||||
if len(stat.Transfers) > 0 {
|
||||
return true
|
||||
}
|
||||
|
@ -1902,16 +1902,16 @@ func TestClientClose(t *testing.T) {
|
|||
return false
|
||||
}, 1*time.Second, 50*time.Millisecond)
|
||||
|
||||
for _, stat := range common.Connections.GetStats() {
|
||||
common.Connections.Close(stat.ConnectionID)
|
||||
for _, stat := range common.Connections.GetStats("") {
|
||||
common.Connections.Close(stat.ConnectionID, "")
|
||||
}
|
||||
wg.Wait()
|
||||
// for the sftp user a stat is done after the failed upload and
|
||||
// this triggers a new connection
|
||||
for _, stat := range common.Connections.GetStats() {
|
||||
common.Connections.Close(stat.ConnectionID)
|
||||
for _, stat := range common.Connections.GetStats("") {
|
||||
common.Connections.Close(stat.ConnectionID, "")
|
||||
}
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 },
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
|
||||
1*time.Second, 100*time.Millisecond)
|
||||
|
||||
err = os.Remove(testFilePath)
|
||||
|
@ -1929,7 +1929,7 @@ func TestClientClose(t *testing.T) {
|
|||
}()
|
||||
|
||||
assert.Eventually(t, func() bool {
|
||||
for _, stat := range common.Connections.GetStats() {
|
||||
for _, stat := range common.Connections.GetStats("") {
|
||||
if len(stat.Transfers) > 0 {
|
||||
return true
|
||||
}
|
||||
|
@ -1937,11 +1937,11 @@ func TestClientClose(t *testing.T) {
|
|||
return false
|
||||
}, 1*time.Second, 50*time.Millisecond)
|
||||
|
||||
for _, stat := range common.Connections.GetStats() {
|
||||
common.Connections.Close(stat.ConnectionID)
|
||||
for _, stat := range common.Connections.GetStats("") {
|
||||
common.Connections.Close(stat.ConnectionID, "")
|
||||
}
|
||||
wg.Wait()
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 },
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
|
||||
1*time.Second, 100*time.Millisecond)
|
||||
|
||||
err = os.Remove(localDownloadPath)
|
||||
|
@ -2964,7 +2964,7 @@ func TestNestedVirtualFolders(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
err = os.RemoveAll(localUser.GetHomeDir())
|
||||
assert.NoError(t, err)
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats()) == 0 },
|
||||
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
|
||||
1*time.Second, 100*time.Millisecond)
|
||||
}
|
||||
|
||||
|
|
|
@ -10,6 +10,7 @@ tags:
|
|||
- name: quota
|
||||
- name: folders
|
||||
- name: groups
|
||||
- name: roles
|
||||
- name: users
|
||||
- name: data retention
|
||||
- name: events
|
||||
|
@ -27,7 +28,7 @@ info:
|
|||
SFTPGo supports groups to simplify the administration of multiple accounts by letting you assign settings once to a group, instead of multiple times to each individual user.
|
||||
The SFTPGo WebClient allows end users to change their credentials, browse and manage their files in the browser and setup two-factor authentication which works with Authy, Google Authenticator and other compatible apps.
|
||||
From the WebClient each authorized user can also create HTTP/S links to externally share files and folders securely, by setting limits to the number of downloads/uploads, protecting the share with a password, limiting access by source IP address, setting an automatic expiration date.
|
||||
version: 2.4.0-dev
|
||||
version: 2.4.1-dev
|
||||
contact:
|
||||
name: API support
|
||||
url: 'https://github.com/drakkan/sftpgo'
|
||||
|
@ -1666,6 +1667,181 @@ paths:
|
|||
$ref: '#/components/responses/InternalServerError'
|
||||
default:
|
||||
$ref: '#/components/responses/DefaultResponse'
|
||||
/roles:
|
||||
get:
|
||||
tags:
|
||||
- roles
|
||||
summary: Get roles
|
||||
description: Returns an array with one or more roles
|
||||
operationId: get_roles
|
||||
parameters:
|
||||
- in: query
|
||||
name: offset
|
||||
schema:
|
||||
type: integer
|
||||
minimum: 0
|
||||
default: 0
|
||||
required: false
|
||||
- in: query
|
||||
name: limit
|
||||
schema:
|
||||
type: integer
|
||||
minimum: 1
|
||||
maximum: 500
|
||||
default: 100
|
||||
required: false
|
||||
description: 'The maximum number of items to return. Max value is 500, default is 100'
|
||||
- in: query
|
||||
name: order
|
||||
required: false
|
||||
description: Ordering groups by name. Default ASC
|
||||
schema:
|
||||
type: string
|
||||
enum:
|
||||
- ASC
|
||||
- DESC
|
||||
example: ASC
|
||||
responses:
|
||||
'200':
|
||||
description: successful operation
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/Role'
|
||||
'400':
|
||||
$ref: '#/components/responses/BadRequest'
|
||||
'401':
|
||||
$ref: '#/components/responses/Unauthorized'
|
||||
'403':
|
||||
$ref: '#/components/responses/Forbidden'
|
||||
'500':
|
||||
$ref: '#/components/responses/InternalServerError'
|
||||
default:
|
||||
$ref: '#/components/responses/DefaultResponse'
|
||||
post:
|
||||
tags:
|
||||
- roles
|
||||
summary: Add role
|
||||
operationId: add_role
|
||||
description: Adds a new role
|
||||
requestBody:
|
||||
required: true
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/Role'
|
||||
responses:
|
||||
'201':
|
||||
description: successful operation
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/Role'
|
||||
'400':
|
||||
$ref: '#/components/responses/BadRequest'
|
||||
'401':
|
||||
$ref: '#/components/responses/Unauthorized'
|
||||
'403':
|
||||
$ref: '#/components/responses/Forbidden'
|
||||
'500':
|
||||
$ref: '#/components/responses/InternalServerError'
|
||||
default:
|
||||
$ref: '#/components/responses/DefaultResponse'
|
||||
'/roles/{name}':
|
||||
parameters:
|
||||
- name: name
|
||||
in: path
|
||||
description: role name
|
||||
required: true
|
||||
schema:
|
||||
type: string
|
||||
get:
|
||||
tags:
|
||||
- roles
|
||||
summary: Find roles by name
|
||||
description: Returns the role with the given name if it exists.
|
||||
operationId: get_role_by_name
|
||||
responses:
|
||||
'200':
|
||||
description: successful operation
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/Role'
|
||||
'400':
|
||||
$ref: '#/components/responses/BadRequest'
|
||||
'401':
|
||||
$ref: '#/components/responses/Unauthorized'
|
||||
'403':
|
||||
$ref: '#/components/responses/Forbidden'
|
||||
'404':
|
||||
$ref: '#/components/responses/NotFound'
|
||||
'500':
|
||||
$ref: '#/components/responses/InternalServerError'
|
||||
default:
|
||||
$ref: '#/components/responses/DefaultResponse'
|
||||
put:
|
||||
tags:
|
||||
- roles
|
||||
summary: Update role
|
||||
description: Updates an existing role
|
||||
operationId: update_role
|
||||
requestBody:
|
||||
required: true
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/Role'
|
||||
responses:
|
||||
'200':
|
||||
description: successful operation
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ApiResponse'
|
||||
example:
|
||||
message: Group updated
|
||||
'400':
|
||||
$ref: '#/components/responses/BadRequest'
|
||||
'401':
|
||||
$ref: '#/components/responses/Unauthorized'
|
||||
'403':
|
||||
$ref: '#/components/responses/Forbidden'
|
||||
'404':
|
||||
$ref: '#/components/responses/NotFound'
|
||||
'500':
|
||||
$ref: '#/components/responses/InternalServerError'
|
||||
default:
|
||||
$ref: '#/components/responses/DefaultResponse'
|
||||
delete:
|
||||
tags:
|
||||
- roles
|
||||
summary: Delete role
|
||||
description: Deletes an existing role
|
||||
operationId: delete_role
|
||||
responses:
|
||||
'200':
|
||||
description: successful operation
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ApiResponse'
|
||||
example:
|
||||
message: Group deleted
|
||||
'400':
|
||||
$ref: '#/components/responses/BadRequest'
|
||||
'401':
|
||||
$ref: '#/components/responses/Unauthorized'
|
||||
'403':
|
||||
$ref: '#/components/responses/Forbidden'
|
||||
'404':
|
||||
$ref: '#/components/responses/NotFound'
|
||||
'500':
|
||||
$ref: '#/components/responses/InternalServerError'
|
||||
default:
|
||||
$ref: '#/components/responses/DefaultResponse'
|
||||
/eventactions:
|
||||
get:
|
||||
tags:
|
||||
|
@ -4269,6 +4445,7 @@ components:
|
|||
- close_conns
|
||||
- view_status
|
||||
- manage_admins
|
||||
- manage_groups
|
||||
- manage_apikeys
|
||||
- quota_scans
|
||||
- manage_system
|
||||
|
@ -4278,6 +4455,7 @@ components:
|
|||
- metadata_checks
|
||||
- view_events
|
||||
- manage_event_rules
|
||||
- manager_roles
|
||||
description: |
|
||||
Admin permissions:
|
||||
* `*` - all permissions are granted
|
||||
|
@ -4289,6 +4467,7 @@ components:
|
|||
* `close_conns` - close active connections is allowed
|
||||
* `view_status` - view the server status is allowed
|
||||
* `manage_admins` - manage other admins is allowed
|
||||
* `manage_groups` - manage groups is allowed
|
||||
* `manage_apikeys` - manage API keys is allowed
|
||||
* `quota_scans` - view and start quota scans is allowed
|
||||
* `manage_system` - backups and restores are allowed
|
||||
|
@ -4298,6 +4477,7 @@ components:
|
|||
* `metadata_checks` - view and start metadata checks is allowed
|
||||
* `view_events` - view and search filesystem and provider events is allowed
|
||||
* `manage_event_rules` - manage event actions and rules is allowed
|
||||
* `manager_roles` - manage roles is allowed
|
||||
FsProviders:
|
||||
type: integer
|
||||
enum:
|
||||
|
@ -4538,6 +4718,7 @@ components:
|
|||
- share
|
||||
- event_action
|
||||
- event_rule
|
||||
- role
|
||||
SSHAuthentications:
|
||||
type: string
|
||||
enum:
|
||||
|
@ -5211,6 +5392,8 @@ components:
|
|||
type: object
|
||||
additionalProperties: true
|
||||
description: 'This field is passed to the pre-login hook if custom OIDC token fields have been configured. Field values can be of any type (this is a free form object) and depend on the type of the configured OIDC token fields'
|
||||
role:
|
||||
type: string
|
||||
AdminPreferences:
|
||||
type: object
|
||||
properties:
|
||||
|
@ -5297,6 +5480,9 @@ components:
|
|||
type: integer
|
||||
format: int64
|
||||
description: Last user login as unix timestamp in milliseconds. It is saved at most once every 10 minutes
|
||||
role:
|
||||
type: string
|
||||
description: 'If set the admin can only administer users with the same role. Role admins cannot have the following permissions: "manage_admins", "manage_apikeys", "manage_system", "manage_event_rules", "manage_roles", "view_events"'
|
||||
AdminProfile:
|
||||
type: object
|
||||
properties:
|
||||
|
@ -5840,6 +6026,37 @@ components:
|
|||
description: 'Maximum total data transfer as MB'
|
||||
filters:
|
||||
$ref: '#/components/schemas/BaseUserFilters'
|
||||
Role:
|
||||
type: object
|
||||
properties:
|
||||
id:
|
||||
type: integer
|
||||
format: int32
|
||||
minimum: 1
|
||||
name:
|
||||
type: string
|
||||
description: name is unique
|
||||
description:
|
||||
type: string
|
||||
description: 'optional description'
|
||||
created_at:
|
||||
type: integer
|
||||
format: int64
|
||||
description: creation time as unix timestamp in milliseconds
|
||||
updated_at:
|
||||
type: integer
|
||||
format: int64
|
||||
description: last update time as unix timestamp in milliseconds
|
||||
users:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
description: list of usernames associated with this group
|
||||
admins:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
description: list of admins usernames associated with this group
|
||||
Group:
|
||||
type: object
|
||||
properties:
|
||||
|
@ -5942,6 +6159,18 @@ components:
|
|||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/Share'
|
||||
event_actions:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/EventAction'
|
||||
event_rules:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/EventRule'
|
||||
roles:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/Role'
|
||||
version:
|
||||
type: integer
|
||||
PwdChange:
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
NFPM_VERSION=2.21.0
|
||||
NFPM_VERSION=2.22.0
|
||||
NFPM_ARCH=${NFPM_ARCH:-amd64}
|
||||
if [ -z ${SFTPGO_VERSION} ]
|
||||
then
|
||||
|
|
|
@ -3,17 +3,17 @@
|
|||
<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
|
||||
<metadata>
|
||||
<id>sftpgo</id>
|
||||
<version>2.4.0</version>
|
||||
<version>2.4.1</version>
|
||||
<packageSourceUrl>https://github.com/drakkan/sftpgo/tree/main/pkgs/choco</packageSourceUrl>
|
||||
<owners>asheroto</owners>
|
||||
<title>SFTPGo</title>
|
||||
<authors>Nicola Murino</authors>
|
||||
<projectUrl>https://github.com/drakkan/sftpgo</projectUrl>
|
||||
<iconUrl>https://cdn.statically.io/gh/drakkan/sftpgo/v2.4.0/static/img/logo.png</iconUrl>
|
||||
<iconUrl>https://cdn.statically.io/gh/drakkan/sftpgo/v2.4.1/static/img/logo.png</iconUrl>
|
||||
<licenseUrl>https://github.com/drakkan/sftpgo/blob/main/LICENSE</licenseUrl>
|
||||
<requireLicenseAcceptance>false</requireLicenseAcceptance>
|
||||
<projectSourceUrl>https://github.com/drakkan/sftpgo</projectSourceUrl>
|
||||
<docsUrl>https://github.com/drakkan/sftpgo/tree/v2.4.0/docs</docsUrl>
|
||||
<docsUrl>https://github.com/drakkan/sftpgo/tree/v2.4.1/docs</docsUrl>
|
||||
<bugTrackerUrl>https://github.com/drakkan/sftpgo/issues</bugTrackerUrl>
|
||||
<tags>sftp sftp-server ftp webdav s3 azure-blob google-cloud-storage cloud-storage scp data-at-rest-encryption multi-factor-authentication multi-step-authentication</tags>
|
||||
<summary>Fully featured and highly configurable SFTP server with optional HTTP/S,FTP/S and WebDAV support.</summary>
|
||||
|
@ -32,7 +32,7 @@ You can find more info [here](https://github.com/drakkan/sftpgo).
|
|||
|
||||
* This package installs SFTPGo as Windows Service.
|
||||
* After the first installation please take a look at the [Getting Started Guide](https://github.com/drakkan/sftpgo/blob/main/docs/howto/getting-started.md).</description>
|
||||
<releaseNotes>https://github.com/drakkan/sftpgo/releases/tag/v2.4.0</releaseNotes>
|
||||
<releaseNotes>https://github.com/drakkan/sftpgo/releases/tag/v2.4.1</releaseNotes>
|
||||
</metadata>
|
||||
<files>
|
||||
<file src="**" exclude="**\*.md;**\icon.png;**\icon.jpg;**\icon.svg" />
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
$ErrorActionPreference = 'Stop'
|
||||
$packageName = 'sftpgo'
|
||||
$softwareName = 'SFTPGo'
|
||||
$url = 'https://github.com/drakkan/sftpgo/releases/download/v2.4.0/sftpgo_v2.4.0_windows_x86_64.exe'
|
||||
$checksum = 'D8503BF3C5F606C3445D1286C8C5CA54476EC751E2CE0D4EAAE5EB4903C09412'
|
||||
$url = 'https://github.com/drakkan/sftpgo/releases/download/v2.4.1/sftpgo_v2.4.1_windows_x86_64.exe'
|
||||
$checksum = 'AC199E8DE1F90ACE0B310FA2DEB4D84F5A8E1D592CB11F8C79DA3F4C9AC8517E'
|
||||
$silentArgs = '/VERYSILENT'
|
||||
$validExitCodes = @(0)
|
||||
|
||||
|
@ -47,8 +47,8 @@ Write-Output ""
|
|||
Write-Output "General information (README) location:"
|
||||
Write-Output "`thttps://github.com/drakkan/sftpgo"
|
||||
Write-Output "Getting started guide location:"
|
||||
Write-Output "`thttps://github.com/drakkan/sftpgo/blob/v2.4.0/docs/howto/getting-started.md"
|
||||
Write-Output "`thttps://github.com/drakkan/sftpgo/blob/v2.4.1/docs/howto/getting-started.md"
|
||||
Write-Output "Detailed information (docs folder) location:"
|
||||
Write-Output "`thttps://github.com/drakkan/sftpgo/tree/v2.4.0/docs"
|
||||
Write-Output "`thttps://github.com/drakkan/sftpgo/tree/v2.4.1/docs"
|
||||
Write-Output ""
|
||||
Write-Output "---------------------------"
|
|
@ -1,3 +1,9 @@
|
|||
sftpgo (2.4.1-1ppa1) bionic; urgency=medium
|
||||
|
||||
* New upstream release
|
||||
|
||||
-- Nicola Murino <nicola.murino@gmail.com> Sun, 13 Nov 2022 07:34:04 +0100
|
||||
|
||||
sftpgo (2.4.0-1ppa1) bionic; urgency=medium
|
||||
|
||||
* New upstream release
|
||||
|
|
|
@ -96,6 +96,26 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div class="card bg-light mb-3">
|
||||
<div class="card-header">
|
||||
<b>Role</b>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<h6 class="card-title mb-4">Setting a role limit the administrator to only manage users with the same role. Role administrators cannot have the following permissions: "manage_admins", "manage_roles", "manage_event_rules", "manage_apikeys", "manage_system"</h6>
|
||||
<div class="form-group row">
|
||||
<label for="idRole" class="col-sm-2 col-form-label">Role</label>
|
||||
<div class="col-sm-10">
|
||||
<select class="form-control selectpicker" data-live-search="true" id="idRole" name="role">
|
||||
<option value=""></option>
|
||||
{{- range .Roles}}
|
||||
<option value="{{.Name}}" {{if eq $.Admin.Role .Name}}selected{{end}}>{{.Name}}</option>
|
||||
{{- end}}
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="card bg-light mb-3">
|
||||
<div class="card-header">
|
||||
<b>Groups for users</b>
|
||||
|
|
|
@ -55,6 +55,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|||
<th>Email</th>
|
||||
<th>Description</th>
|
||||
<th>Groups for users</th>
|
||||
<th>Role</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
|
@ -70,6 +71,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|||
<td>{{.Email}}</td>
|
||||
<td>{{.Description}}</td>
|
||||
<td>{{.GetGroupsAsString}}</td>
|
||||
<td>{{.Role}}</td>
|
||||
</tr>
|
||||
{{end}}
|
||||
|
||||
|
@ -233,7 +235,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|||
"visible": false,
|
||||
},
|
||||
{
|
||||
"targets": [5,7,8],
|
||||
"targets": [5,7,8,10],
|
||||
"visible": false,
|
||||
},
|
||||
{
|
||||
|
|
|
@ -121,6 +121,14 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|||
</li>
|
||||
{{end}}
|
||||
|
||||
{{ if .LoggedAdmin.HasPermission "manage_roles"}}
|
||||
<li class="nav-item {{if eq .CurrentURL .RolesURL}}active{{end}}">
|
||||
<a class="nav-link" href="{{.RolesURL}}">
|
||||
<i class="fas fa-user-lock"></i>
|
||||
<span>{{.RolesTitle}}</span></a>
|
||||
</li>
|
||||
{{end}}
|
||||
|
||||
{{ if .LoggedAdmin.HasPermission "manage_admins"}}
|
||||
<li class="nav-item {{if eq .CurrentURL .AdminsURL}}active{{end}}">
|
||||
<a class="nav-link" href="{{.AdminsURL}}">
|
||||
|
|
62
templates/webadmin/role.html
Normal file
62
templates/webadmin/role.html
Normal file
|
@ -0,0 +1,62 @@
|
|||
<!--
|
||||
Copyright (C) 2019-2022 Nicola Murino
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as published
|
||||
by the Free Software Foundation, version 3.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
-->
|
||||
{{template "base" .}}
|
||||
|
||||
{{define "title"}}{{.Title}}{{end}}
|
||||
|
||||
{{define "extra_css"}}
|
||||
<link href="{{.StaticURL}}/vendor/bootstrap-select/css/bootstrap-select.min.css" rel="stylesheet">
|
||||
{{end}}
|
||||
|
||||
{{define "page_body"}}
|
||||
<!-- Page Heading -->
|
||||
<div class="card shadow mb-4">
|
||||
<div class="card-header py-3">
|
||||
<h6 class="m-0 font-weight-bold text-primary">{{.Title}}</h6>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
{{if .Error}}
|
||||
<div class="card mb-4 border-left-warning">
|
||||
<div class="card-body text-form-error">{{.Error}}</div>
|
||||
</div>
|
||||
{{end}}
|
||||
<form id="role_form" action="{{.CurrentURL}}" method="POST" autocomplete="off">
|
||||
<div class="form-group row">
|
||||
<label for="idRoleName" class="col-sm-2 col-form-label">Name</label>
|
||||
<div class="col-sm-10">
|
||||
<input type="text" class="form-control" id="idRoleName" name="name" placeholder=""
|
||||
value="{{.Role.Name}}" maxlength="255" autocomplete="nope" required {{if eq .Mode 2}}readonly{{end}}>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group row">
|
||||
<label for="idDescription" class="col-sm-2 col-form-label">Description</label>
|
||||
<div class="col-sm-10">
|
||||
<input type="text" class="form-control" id="idDescription" name="description" placeholder=""
|
||||
value="{{.Role.Description}}" maxlength="255" aria-describedby="descriptionHelpBlock">
|
||||
<small id="descriptionHelpBlock" class="form-text text-muted">
|
||||
Optional description
|
||||
</small>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<input type="hidden" name="_form_token" value="{{.CSRFToken}}">
|
||||
<div class="col-sm-12 text-right px-0">
|
||||
<button type="submit" class="btn btn-primary mt-3 ml-3 px-5" name="form_action" value="submit">Submit</button>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
{{end}}
|
222
templates/webadmin/roles.html
Normal file
222
templates/webadmin/roles.html
Normal file
|
@ -0,0 +1,222 @@
|
|||
<!--
|
||||
Copyright (C) 2019-2022 Nicola Murino
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as published
|
||||
by the Free Software Foundation, version 3.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
-->
|
||||
{{template "base" .}}
|
||||
|
||||
{{define "title"}}{{.Title}}{{end}}
|
||||
|
||||
{{define "extra_css"}}
|
||||
<link href="{{.StaticURL}}/vendor/datatables/dataTables.bootstrap4.min.css" rel="stylesheet">
|
||||
<link href="{{.StaticURL}}/vendor/datatables/buttons.bootstrap4.min.css" rel="stylesheet">
|
||||
<link href="{{.StaticURL}}/vendor/datatables/fixedHeader.bootstrap4.min.css" rel="stylesheet">
|
||||
<link href="{{.StaticURL}}/vendor/datatables/responsive.bootstrap4.min.css" rel="stylesheet">
|
||||
<link href="{{.StaticURL}}/vendor/datatables/select.bootstrap4.min.css" rel="stylesheet">
|
||||
{{end}}
|
||||
|
||||
{{define "page_body"}}
|
||||
<div id="errorMsg" class="card mb-4 border-left-warning" style="display: none;">
|
||||
<div id="errorTxt" class="card-body text-form-error"></div>
|
||||
</div>
|
||||
|
||||
<div class="card shadow mb-4">
|
||||
<div class="card-header py-3">
|
||||
<h6 class="m-0 font-weight-bold text-primary">View and manage roles</h6>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<div class="table-responsive">
|
||||
<table class="table table-hover nowrap" id="dataTable" width="100%" cellspacing="0">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Name</th>
|
||||
<th>Description</th>
|
||||
<th>Members</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{{range .Roles}}
|
||||
<tr>
|
||||
<td>{{.Name}}</td>
|
||||
<td>{{.Description}}</td>
|
||||
<td>{{.GetMembersAsString}}</td>
|
||||
</tr>
|
||||
{{end}}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{{end}}
|
||||
|
||||
{{define "dialog"}}
|
||||
<div class="modal fade" id="deleteModal" tabindex="-1" role="dialog" aria-labelledby="deleteModalLabel"
|
||||
aria-hidden="true">
|
||||
<div class="modal-dialog" role="document">
|
||||
<div class="modal-content">
|
||||
<div class="modal-header">
|
||||
<h5 class="modal-title" id="deleteModalLabel">
|
||||
Confirmation required
|
||||
</h5>
|
||||
<button class="close" type="button" data-dismiss="modal" aria-label="Close">
|
||||
<span aria-hidden="true">×</span>
|
||||
</button>
|
||||
</div>
|
||||
<div class="modal-body">Do you want to delete the selected role? It is not possible to remove a role that does contain administrators</div>
|
||||
<div class="modal-footer">
|
||||
<button class="btn btn-secondary" type="button" data-dismiss="modal">
|
||||
Cancel
|
||||
</button>
|
||||
<a class="btn btn-warning" href="#" onclick="deleteAction()">
|
||||
Delete
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{{end}}
|
||||
|
||||
{{define "extra_js"}}
|
||||
<script src="{{.StaticURL}}/vendor/datatables/jquery.dataTables.min.js"></script>
|
||||
<script src="{{.StaticURL}}/vendor/datatables/dataTables.bootstrap4.min.js"></script>
|
||||
<script src="{{.StaticURL}}/vendor/datatables/dataTables.buttons.min.js"></script>
|
||||
<script src="{{.StaticURL}}/vendor/datatables/buttons.bootstrap4.min.js"></script>
|
||||
<script src="{{.StaticURL}}/vendor/datatables/buttons.colVis.min.js"></script>
|
||||
<script src="{{.StaticURL}}/vendor/datatables/dataTables.fixedHeader.min.js"></script>
|
||||
<script src="{{.StaticURL}}/vendor/datatables/dataTables.responsive.min.js"></script>
|
||||
<script src="{{.StaticURL}}/vendor/datatables/responsive.bootstrap4.min.js"></script>
|
||||
<script src="{{.StaticURL}}/vendor/datatables/dataTables.select.min.js"></script>
|
||||
<script src="{{.StaticURL}}/vendor/datatables/ellipsis.js"></script>
|
||||
<script type="text/javascript">
|
||||
|
||||
function deleteAction() {
|
||||
var table = $('#dataTable').DataTable();
|
||||
table.button('delete:name').enable(false);
|
||||
var roleName = table.row({ selected: true }).data()[0];
|
||||
var path = '{{.RoleURL}}' + "/" + fixedEncodeURIComponent(roleName);
|
||||
$('#deleteModal').modal('hide');
|
||||
$.ajax({
|
||||
url: path,
|
||||
type: 'DELETE',
|
||||
dataType: 'json',
|
||||
headers: {'X-CSRF-TOKEN' : '{{.CSRFToken}}'},
|
||||
timeout: 15000,
|
||||
success: function (result) {
|
||||
window.location.href = '{{.RolesURL}}';
|
||||
},
|
||||
error: function ($xhr, textStatus, errorThrown) {
|
||||
var txt = "Unable to delete the selected role";
|
||||
if ($xhr) {
|
||||
var json = $xhr.responseJSON;
|
||||
if (json) {
|
||||
if (json.message){
|
||||
txt += ": " + json.message;
|
||||
} else {
|
||||
txt += ": " + json.error;
|
||||
}
|
||||
}
|
||||
}
|
||||
$('#errorTxt').text(txt);
|
||||
$('#errorMsg').show();
|
||||
setTimeout(function () {
|
||||
$('#errorMsg').hide();
|
||||
}, 5000);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
$(document).ready(function () {
|
||||
$.fn.dataTable.ext.buttons.add = {
|
||||
text: '<i class="fas fa-plus"></i>',
|
||||
name: 'add',
|
||||
titleAttr: "Add",
|
||||
action: function (e, dt, node, config) {
|
||||
window.location.href = '{{.RoleURL}}';
|
||||
}
|
||||
};
|
||||
|
||||
$.fn.dataTable.ext.buttons.edit = {
|
||||
text: '<i class="fas fa-pen"></i>',
|
||||
name: 'edit',
|
||||
titleAttr: "Edit",
|
||||
action: function (e, dt, node, config) {
|
||||
var roleName = table.row({ selected: true }).data()[0];
|
||||
var path = '{{.RoleURL}}' + "/" + fixedEncodeURIComponent(roleName);
|
||||
window.location.href = path;
|
||||
},
|
||||
enabled: false
|
||||
};
|
||||
|
||||
$.fn.dataTable.ext.buttons.delete = {
|
||||
text: '<i class="fas fa-trash"></i>',
|
||||
name: 'delete',
|
||||
titleAttr: "Delete",
|
||||
action: function (e, dt, node, config) {
|
||||
$('#deleteModal').modal('show');
|
||||
},
|
||||
enabled: false
|
||||
};
|
||||
|
||||
var table = $('#dataTable').DataTable({
|
||||
"select": {
|
||||
"style": "single",
|
||||
"blurable": true
|
||||
},
|
||||
"stateSave": true,
|
||||
"stateDuration": 0,
|
||||
"buttons": [
|
||||
{
|
||||
"text": "Column visibility",
|
||||
"extend": "colvis",
|
||||
"columns": ":not(.noVis)"
|
||||
}
|
||||
],
|
||||
"columnDefs": [
|
||||
{
|
||||
"targets": [0],
|
||||
"className": "noVis"
|
||||
},
|
||||
{
|
||||
"targets": [2],
|
||||
"render": $.fn.dataTable.render.ellipsis(100, true)
|
||||
},
|
||||
],
|
||||
"scrollX": false,
|
||||
"scrollY": false,
|
||||
"responsive": true,
|
||||
"language": {
|
||||
"emptyTable": "No role defined"
|
||||
},
|
||||
"order": [[0, 'asc']]
|
||||
});
|
||||
|
||||
new $.fn.dataTable.FixedHeader( table );
|
||||
|
||||
{{if .LoggedAdmin.HasPermission "manage_roles"}}
|
||||
table.button().add(0,'delete');
|
||||
table.button().add(0,'edit');
|
||||
table.button().add(0,'add');
|
||||
|
||||
table.buttons().container().appendTo('.col-md-6:eq(0)', table.table().container());
|
||||
|
||||
table.on('select deselect', function () {
|
||||
var selectedRows = table.rows({ selected: true }).count();
|
||||
table.button('delete:name').enable(selectedRows == 1);
|
||||
table.button('edit:name').enable(selectedRows == 1);
|
||||
});
|
||||
{{end}}
|
||||
|
||||
});
|
||||
|
||||
</script>
|
||||
{{end}}
|
|
@ -104,6 +104,23 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|||
</div>
|
||||
{{end}}
|
||||
|
||||
{{if .Roles}}
|
||||
<div class="form-group row">
|
||||
<label for="idRole" class="col-sm-2 col-form-label">Role</label>
|
||||
<div class="col-sm-10">
|
||||
<select class="form-control selectpicker" data-live-search="true" id="idRole" name="role" aria-describedby="roleHelpBlock">
|
||||
<option value=""></option>
|
||||
{{- range .Roles}}
|
||||
<option value="{{.Name}}" {{if eq $.User.Role .Name}}selected{{end}}>{{.Name}}</option>
|
||||
{{- end}}
|
||||
</select>
|
||||
<small id="roleHelpBlock" class="form-text text-muted">
|
||||
Users with a role can be managed by global administrators and administrators with the same role
|
||||
</small>
|
||||
</div>
|
||||
</div>
|
||||
{{end}}
|
||||
|
||||
{{if ne .Mode 3}}
|
||||
<div class="form-group row">
|
||||
<label for="idPassword" class="col-sm-2 col-form-label">Password</label>
|
||||
|
|
|
@ -56,6 +56,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|||
<th>MFA</th>
|
||||
<th>Bandwidth</th>
|
||||
<th>Quota</th>
|
||||
<th>Role</th>
|
||||
<th>Other</th>
|
||||
<th></th>
|
||||
</tr>
|
||||
|
@ -74,6 +75,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|||
<td>{{.GetMFAStatusAsString}}</td>
|
||||
<td>{{.GetBandwidthAsString}}</td>
|
||||
<td>{{.GetQuotaSummary}}</td>
|
||||
<td>{{.Role}}</td>
|
||||
<td>{{.GetInfoString}}</td>
|
||||
<td>{{.GetLastQuotaUpdateAsString}}</td>
|
||||
</tr>
|
||||
|
@ -281,7 +283,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|||
],
|
||||
"columnDefs": [
|
||||
{
|
||||
"targets": [0,12],
|
||||
"targets": [0,13],
|
||||
"visible": false,
|
||||
"searchable": false,
|
||||
"className": "noVis"
|
||||
|
@ -295,7 +297,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|||
"render": $.fn.dataTable.render.datetime()
|
||||
},
|
||||
{
|
||||
"targets": [4,5,8],
|
||||
"targets": [4,5,8,11],
|
||||
"visible": false
|
||||
},
|
||||
{
|
||||
|
@ -325,7 +327,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|||
}
|
||||
},
|
||||
{
|
||||
"targets": [11],
|
||||
"targets": [12],
|
||||
"visible": false,
|
||||
"render": $.fn.dataTable.render.ellipsis(100, true)
|
||||
}
|
||||
|
@ -349,7 +351,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|||
table.button().add(0,'delete');
|
||||
{{end}}
|
||||
|
||||
{{if .LoggedAdmin.HasPermission "add_users"}}
|
||||
{{if .LoggedAdmin.HasPermission "manage_system"}}
|
||||
table.button().add(0,'template');
|
||||
{{end}}
|
||||
|
||||
|
|
Loading…
Reference in a new issue