beenull/sftpgo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

portable mode: add WebClient

Browse source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino 2023-08-10 19:02:55 +02:00
parent 25450d9efc
commit 6c482a248d
No known key found for this signature in database
GPG key ID: 935D2952DEC4EECF
7 changed files with 153 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
docs/portable-mode.md
View file

@ -75,6 +75,12 @@ Flags:
interrupt signal. interrupt signal.
-h, --help help for portable -h, --help help for portable
--httpd-cert string Path to the certificate file for WebClient
over HTTPS
--httpd-key string Path to the key file for WebClient over
HTTPS
--httpd-port int 0 means a random unprivileged port,
< 0 disabled (default -1)
-l, --log-file-path string Leave empty to disable logging -l, --log-file-path string Leave empty to disable logging
--log-level string Set the log level. --log-level string Set the log level.
Supported values: Supported values:

2
go.mod
View file

@ -39,7 +39,7 @@ require (
github.com/jackc/pgx/v5 v5.4.3 github.com/jackc/pgx/v5 v5.4.3
github.com/jlaffaye/ftp v0.0.0-20201112195030-9aae4d151126 github.com/jlaffaye/ftp v0.0.0-20201112195030-9aae4d151126
github.com/klauspost/compress v1.16.7 github.com/klauspost/compress v1.16.7
github.com/lestrrat-go/jwx/v2 v2.0.11 github.com/lestrrat-go/jwx/v2 v2.0.12
github.com/lithammer/shortuuid/v3 v3.0.7 github.com/lithammer/shortuuid/v3 v3.0.7
github.com/mattn/go-sqlite3 v1.14.17 github.com/mattn/go-sqlite3 v1.14.17
github.com/mhale/smtpd v0.8.0 github.com/mhale/smtpd v0.8.0

4
go.sum
View file

@ -338,8 +338,8 @@ github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJG
github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
github.com/lestrrat-go/jwx/v2 v2.0.11 h1:ViHMnaMeaO0qV16RZWBHM7GTrAnX2aFLVKofc7FuKLQ= github.com/lestrrat-go/jwx/v2 v2.0.12 h1:3d589+5w/b9b7S3DneICPW16AqTyYXB7VRjgluSDWeA=
github.com/lestrrat-go/jwx/v2 v2.0.11/go.mod h1:ZtPtMFlrfDrH2Y0iwfa3dRFn8VzwBrB+cyrm3IBWdDg= github.com/lestrrat-go/jwx/v2 v2.0.12/go.mod h1:Mq4KN1mM7bp+5z/W5HS8aCNs5RKZ911G/0y2qUjAQuQ=
github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=

33
internal/cmd/portable.go
View file

@ -75,6 +75,9 @@ var (
portableWebDAVPort int portableWebDAVPort int
portableWebDAVCert string portableWebDAVCert string
portableWebDAVKey string portableWebDAVKey string
portableHTTPPort int
portableHTTPSCert string
portableHTTPSKey string
portableAzContainer string portableAzContainer string
portableAzAccountName string portableAzAccountName string
portableAzAccountKey string portableAzAccountKey string
@ -152,7 +155,7 @@ Please take a look at the usage below to customize the serving parameters`,
os.Exit(1) os.Exit(1)
} }
} }
if portableWebDAVPort > 0 && portableWebDAVCert != "" && portableWebDAVKey != "" { if portableWebDAVPort >= 0 && portableWebDAVCert != "" && portableWebDAVKey != "" {
keyPairs := []common.TLSKeyPair{ keyPairs := []common.TLSKeyPair{
{ {
Cert: portableWebDAVCert, Cert: portableWebDAVCert,
@ -168,6 +171,22 @@ Please take a look at the usage below to customize the serving parameters`,
os.Exit(1) os.Exit(1)
} }
} }
if portableHTTPPort >= 0 && portableHTTPSCert != "" && portableHTTPSKey != "" {
keyPairs := []common.TLSKeyPair{
{
Cert: portableHTTPSCert,
Key: portableHTTPSKey,
ID: common.DefaultTLSKeyPaidID,
},
}
_, err := common.NewCertManager(keyPairs, filepath.Clean(defaultConfigDir),
"HTTP portable")
if err != nil {
fmt.Printf("Unable to load HTTPS key pair, cert file %q key file %q error: %v\n",
portableHTTPSCert, portableHTTPSKey, err)
os.Exit(1)
}
}
pwd := portablePassword pwd := portablePassword
if portablePasswordFile != "" { if portablePasswordFile != "" {
content, err := os.ReadFile(portablePasswordFile) content, err := os.ReadFile(portablePasswordFile)
@ -266,9 +285,9 @@ Please take a look at the usage below to customize the serving parameters`,
}, },
}, },
} }
err := service.StartPortableMode(portableSFTPDPort, portableFTPDPort, portableWebDAVPort, portableSSHCommands, err := service.StartPortableMode(portableSFTPDPort, portableFTPDPort, portableWebDAVPort, portableHTTPPort,
portableFTPSCert, portableFTPSKey, portableWebDAVCert, portableSSHCommands, portableFTPSCert, portableFTPSKey, portableWebDAVCert, portableWebDAVKey,
portableWebDAVKey) portableHTTPSCert, portableHTTPSKey)
if err == nil { if err == nil {
service.Wait() service.Wait()
if service.Error == nil { if service.Error == nil {
@ -295,6 +314,8 @@ path`)
portableCmd.Flags().IntVar(&portableFTPDPort, "ftpd-port", -1, `0 means a random unprivileged port, portableCmd.Flags().IntVar(&portableFTPDPort, "ftpd-port", -1, `0 means a random unprivileged port,
< 0 disabled`) < 0 disabled`)
portableCmd.Flags().IntVar(&portableWebDAVPort, "webdav-port", -1, `0 means a random unprivileged port, portableCmd.Flags().IntVar(&portableWebDAVPort, "webdav-port", -1, `0 means a random unprivileged port,
< 0 disabled`)
portableCmd.Flags().IntVar(&portableHTTPPort, "httpd-port", -1, `0 means a random unprivileged port,
< 0 disabled`) < 0 disabled`)
portableCmd.Flags().StringSliceVarP(&portableSSHCommands, "ssh-commands", "c", sftpd.GetDefaultSSHCommands(), portableCmd.Flags().StringSliceVarP(&portableSSHCommands, "ssh-commands", "c", sftpd.GetDefaultSSHCommands(),
`SSH commands to enable. `SSH commands to enable.
@ -366,6 +387,10 @@ a JSON credentials file, 1 automatic
portableCmd.Flags().StringVar(&portableWebDAVCert, "webdav-cert", "", `Path to the certificate file for WebDAV portableCmd.Flags().StringVar(&portableWebDAVCert, "webdav-cert", "", `Path to the certificate file for WebDAV
over HTTPS`) over HTTPS`)
portableCmd.Flags().StringVar(&portableWebDAVKey, "webdav-key", "", `Path to the key file for WebDAV over portableCmd.Flags().StringVar(&portableWebDAVKey, "webdav-key", "", `Path to the key file for WebDAV over
HTTPS`)
portableCmd.Flags().StringVar(&portableHTTPSCert, "httpd-cert", "", `Path to the certificate file for WebClient
over HTTPS`)
portableCmd.Flags().StringVar(&portableHTTPSKey, "httpd-key", "", `Path to the key file for WebClient over
HTTPS`) HTTPS`)
portableCmd.Flags().StringVar(&portableAzContainer, "az-container", "", "") portableCmd.Flags().StringVar(&portableAzContainer, "az-container", "", "")
portableCmd.Flags().StringVar(&portableAzAccountName, "az-account-name", "", "") portableCmd.Flags().StringVar(&portableAzAccountName, "az-account-name", "", "")

2
internal/httpd/webadmin.go
View file

@ -4174,7 +4174,7 @@ func (s *httpdServer) handleOAuth2TokenRedirect(w http.ResponseWriter, r *http.R
errTxt := "the OAuth2 provider returned an empty token. " + errTxt := "the OAuth2 provider returned an empty token. " +
"Some providers only return the token when the user first authorizes. " + "Some providers only return the token when the user first authorizes. " +
"If you have already registered SFTPGo with this user in the past, revoke access and try again. " + "If you have already registered SFTPGo with this user in the past, revoke access and try again. " +
"This way you will invalidate the previous token." "This way you will invalidate the previous token"
s.renderMessagePage(w, r, errorTitle, "Unable to get token:", http.StatusBadRequest, errors.New(errTxt), "") s.renderMessagePage(w, r, errorTitle, "Unable to get token:", http.StatusBadRequest, errors.New(errTxt), "")
return return
} }

162
internal/service/service_portable.go
View file

@ -27,6 +27,7 @@ import (
"github.com/drakkan/sftpgo/v2/internal/config" "github.com/drakkan/sftpgo/v2/internal/config"
"github.com/drakkan/sftpgo/v2/internal/dataprovider" "github.com/drakkan/sftpgo/v2/internal/dataprovider"
"github.com/drakkan/sftpgo/v2/internal/ftpd" "github.com/drakkan/sftpgo/v2/internal/ftpd"
"github.com/drakkan/sftpgo/v2/internal/httpd"
"github.com/drakkan/sftpgo/v2/internal/kms" "github.com/drakkan/sftpgo/v2/internal/kms"
"github.com/drakkan/sftpgo/v2/internal/logger" "github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/sftpd" "github.com/drakkan/sftpgo/v2/internal/sftpd"
@ -36,8 +37,8 @@ import (
) )
// StartPortableMode starts the service in portable mode // StartPortableMode starts the service in portable mode
func (s *Service) StartPortableMode(sftpdPort, ftpPort, webdavPort int, enabledSSHCommands []string, func (s *Service) StartPortableMode(sftpdPort, ftpPort, webdavPort, httpPort int, enabledSSHCommands []string,
ftpsCert, ftpsKey, webDavCert, webDavKey string) error { ftpsCert, ftpsKey, webDavCert, webDavKey, httpsCert, httpsKey string) error {
if s.PortableMode != 1 { if s.PortableMode != 1 {
return fmt.Errorf("service is not configured for portable mode") return fmt.Errorf("service is not configured for portable mode")
} }
@ -56,71 +57,50 @@ func (s *Service) StartPortableMode(sftpdPort, ftpPort, webdavPort int, enabledS
dataProviderConf.Name = "" dataProviderConf.Name = ""
config.SetProviderConf(dataProviderConf) config.SetProviderConf(dataProviderConf)
httpdConf := config.GetHTTPDConfig() httpdConf := config.GetHTTPDConfig()
httpdConf.Bindings = nil for idx := range httpdConf.Bindings {
httpdConf.Bindings[idx].Port = 0
}
config.SetHTTPDConfig(httpdConf) config.SetHTTPDConfig(httpdConf)
telemetryConf := config.GetTelemetryConfig() telemetryConf := config.GetTelemetryConfig()
telemetryConf.BindPort = 0 telemetryConf.BindPort = 0
config.SetTelemetryConfig(telemetryConf) config.SetTelemetryConfig(telemetryConf)
sftpdConf := config.GetSFTPDConfig()
sftpdConf.MaxAuthTries = 12
sftpdConf.Bindings = []sftpd.Binding{
{
Port: sftpdPort,
},
}
if sftpdPort >= 0 { if sftpdPort >= 0 {
if sftpdPort > 0 { configurePortableSFTPService(sftpdPort, enabledSSHCommands)
sftpdConf.Bindings[0].Port = sftpdPort
} else {
// dynamic ports starts from 49152
sftpdConf.Bindings[0].Port = 49152 + rand.Intn(15000)
}
if util.Contains(enabledSSHCommands, "*") {
sftpdConf.EnabledSSHCommands = sftpd.GetSupportedSSHCommands()
} else {
sftpdConf.EnabledSSHCommands = enabledSSHCommands
}
} }
config.SetSFTPDConfig(sftpdConf)
if ftpPort >= 0 { if ftpPort >= 0 {
ftpConf := config.GetFTPDConfig() configurePortableFTPService(ftpPort, ftpsCert, ftpsKey)
binding := ftpd.Binding{}
if ftpPort > 0 {
binding.Port = ftpPort
} else {
binding.Port = 49152 + rand.Intn(15000)
}
ftpConf.Bindings = []ftpd.Binding{binding}
ftpConf.Banner = fmt.Sprintf("SFTPGo portable %v ready", version.Get().Version)
ftpConf.CertificateFile = ftpsCert
ftpConf.CertificateKeyFile = ftpsKey
config.SetFTPDConfig(ftpConf)
} }
if webdavPort >= 0 { if webdavPort >= 0 {
webDavConf := config.GetWebDAVDConfig() configurePortableWebDAVService(webdavPort, webDavCert, webDavKey)
binding := webdavd.Binding{} }
if webdavPort > 0 {
binding.Port = webdavPort if httpPort >= 0 {
} else { configurePortableHTTPService(httpPort, httpsCert, httpsKey)
binding.Port = 49152 + rand.Intn(15000)
}
webDavConf.Bindings = []webdavd.Binding{binding}
webDavConf.CertificateFile = webDavCert
webDavConf.CertificateKeyFile = webDavKey
config.SetWebDAVDConfig(webDavConf)
} }
err = s.Start(true) err = s.Start(true)
if err != nil { if err != nil {
return err return err
} }
if httpPort >= 0 {
admin := &dataprovider.Admin{
Username: util.GenerateUniqueID(),
Password: util.GenerateUniqueID(),
Status: 0,
Permissions: []string{dataprovider.PermAdminAny},
}
if err := dataprovider.AddAdmin(admin, dataprovider.ActionExecutorSystem, "", ""); err != nil {
return err
}
}
logger.InfoToConsole("Portable mode ready, user: %q, password: %q, public keys: %v, directory: %q, "+ logger.InfoToConsole("Portable mode ready, user: %q, password: %q, public keys: %v, directory: %q, "+
"permissions: %+v, enabled ssh commands: %v file patterns filters: %+v %v", s.PortableUser.Username, "permissions: %+v, file patterns filters: %+v %v", s.PortableUser.Username,
printablePassword, s.PortableUser.PublicKeys, s.getPortableDirToServe(), s.PortableUser.Permissions, printablePassword, s.PortableUser.PublicKeys, s.getPortableDirToServe(), s.PortableUser.Permissions,
sftpdConf.EnabledSSHCommands, s.PortableUser.Filters.FilePatterns, s.getServiceOptionalInfoString()) s.PortableUser.Filters.FilePatterns, s.getServiceOptionalInfoString())
return nil return nil
} }
@ -137,7 +117,14 @@ func (s *Service) getServiceOptionalInfoString() string {
if config.GetWebDAVDConfig().CertificateFile != "" && config.GetWebDAVDConfig().CertificateKeyFile != "" { if config.GetWebDAVDConfig().CertificateFile != "" && config.GetWebDAVDConfig().CertificateKeyFile != "" {
scheme = "https" scheme = "https"
} }
info.WriteString(fmt.Sprintf("WebDAV URL: %v://<your IP>:%v/", scheme, config.GetWebDAVDConfig().Bindings[0].Port)) info.WriteString(fmt.Sprintf("WebDAV URL: %v://<your IP>:%v/ ", scheme, config.GetWebDAVDConfig().Bindings[0].Port))
}
if config.GetHTTPDConfig().Bindings[0].IsValid() {
scheme := "http"
if config.GetHTTPDConfig().CertificateFile != "" && config.GetHTTPDConfig().CertificateKeyFile != "" {
scheme = "https"
}
info.WriteString(fmt.Sprintf("WebClient URL: %v://<your IP>:%v/ ", scheme, config.GetHTTPDConfig().Bindings[0].Port))
} }
return info.String() return info.String()
} }
@ -170,12 +157,16 @@ func (s *Service) configurePortableUser() string {
} }
if len(s.PortableUser.PublicKeys) == 0 && s.PortableUser.Password == "" { if len(s.PortableUser.PublicKeys) == 0 && s.PortableUser.Password == "" {
var b strings.Builder var b strings.Builder
for i := 0; i < 8; i++ { for i := 0; i < 16; i++ {
b.WriteRune(chars[rand.Intn(len(chars))]) b.WriteRune(chars[rand.Intn(len(chars))])
} }
s.PortableUser.Password = b.String() s.PortableUser.Password = b.String()
printablePassword = s.PortableUser.Password printablePassword = s.PortableUser.Password
} }
s.PortableUser.Filters.WebClient = []string{sdk.WebClientSharesDisabled, sdk.WebClientInfoChangeDisabled,
sdk.WebClientPubKeyChangeDisabled, sdk.WebClientPasswordChangeDisabled, sdk.WebClientAPIKeyAuthChangeDisabled,
sdk.WebClientMFADisabled,
}
s.configurePortableSecrets() s.configurePortableSecrets()
return printablePassword return printablePassword
} }
@ -218,3 +209,76 @@ func getSecretFromString(payload string) *kms.Secret {
} }
return kms.NewEmptySecret() return kms.NewEmptySecret()
} }
func configurePortableSFTPService(port int, enabledSSHCommands []string) {
sftpdConf := config.GetSFTPDConfig()
if len(sftpdConf.Bindings) == 0 {
sftpdConf.Bindings = append(sftpdConf.Bindings, sftpd.Binding{})
}
if port > 0 {
sftpdConf.Bindings[0].Port = port
} else {
// dynamic ports starts from 49152
sftpdConf.Bindings[0].Port = 49152 + rand.Intn(15000)
}
if util.Contains(enabledSSHCommands, "*") {
sftpdConf.EnabledSSHCommands = sftpd.GetSupportedSSHCommands()
} else {
sftpdConf.EnabledSSHCommands = enabledSSHCommands
}
config.SetSFTPDConfig(sftpdConf)
}
func configurePortableFTPService(port int, cert, key string) {
ftpConf := config.GetFTPDConfig()
if len(ftpConf.Bindings) == 0 {
ftpConf.Bindings = append(ftpConf.Bindings, ftpd.Binding{})
}
if port > 0 {
ftpConf.Bindings[0].Port = port
} else {
ftpConf.Bindings[0].Port = 49152 + rand.Intn(15000)
}
if ftpConf.Banner == "" {
ftpConf.Banner = fmt.Sprintf("SFTPGo portable %v ready", version.Get().Version)
}
ftpConf.Bindings[0].CertificateFile = cert
ftpConf.Bindings[0].CertificateKeyFile = key
config.SetFTPDConfig(ftpConf)
}
func configurePortableWebDAVService(port int, cert, key string) {
webDavConf := config.GetWebDAVDConfig()
if len(webDavConf.Bindings) == 0 {
webDavConf.Bindings = append(webDavConf.Bindings, webdavd.Binding{})
}
if port > 0 {
webDavConf.Bindings[0].Port = port
} else {
webDavConf.Bindings[0].Port = 49152 + rand.Intn(15000)
}
webDavConf.Bindings[0].CertificateFile = cert
webDavConf.Bindings[0].CertificateKeyFile = key
webDavConf.Bindings[0].EnableHTTPS = true
config.SetWebDAVDConfig(webDavConf)
}
func configurePortableHTTPService(port int, cert, key string) {
httpdConf := config.GetHTTPDConfig()
if len(httpdConf.Bindings) == 0 {
httpdConf.Bindings = append(httpdConf.Bindings, httpd.Binding{})
}
if port > 0 {
httpdConf.Bindings[0].Port = port
} else {
httpdConf.Bindings[0].Port = 49152 + rand.Intn(15000)
}
httpdConf.Bindings[0].CertificateFile = cert
httpdConf.Bindings[0].CertificateKeyFile = key
httpdConf.Bindings[0].EnableHTTPS = true
httpdConf.Bindings[0].EnableWebAdmin = false
httpdConf.Bindings[0].EnableWebClient = true
httpdConf.Bindings[0].EnableRESTAPI = false
httpdConf.Bindings[0].RenderOpenAPI = false
config.SetHTTPDConfig(httpdConf)
}

1
openapi/openapi.yaml
View file

@ -7031,6 +7031,7 @@ components:
- GET - GET
- POST - POST
- PUT - PUT
- DELETE
query_parameters: query_parameters:
type: array type: array
items: items: