Nicola Murino
bf4b3e6840
httpd: move the check connection middleware before the logger middleware
...
Fixes #543
2021-09-19 08:14:59 +02:00
Nicola Murino
6ea38188e8
minor fixes and doc improvements
2021-09-18 10:50:17 +02:00
Nicola Murino
b5639a51fd
don't generate defender events for HTTP/WebDAV requests with no auth
...
it is quite common for HTTP clients to send a first request without
the Authorization header and then send the credentials after receiving
a 401 response. We don't want to generate defender events in this case
2021-09-11 18:23:11 +02:00
Nicola Murino
5c34d814d6
fix a possible nil pointer dereference
...
it can happen by upgrading from very old versions
2021-09-11 14:19:17 +02:00
Nicola Murino
7bad65a43e
user: add a permission to disable changing api key authentication
...
also implement the missing APIs to enable/disable api key authentication
2021-09-06 18:46:35 +02:00
Nicola Murino
101c2962ab
web client UI: add a permission to disable password change
...
Fixes #528
2021-09-05 18:49:13 +02:00
Nicola Murino
59140a6d51
add additional data to MFA secrets and fix pointers management
2021-09-05 14:10:12 +02:00
Nicola Murino
8a4c21b64a
add builtin two-factor auth support
...
The builtin two-factor authentication is based on time-based one time
passwords (RFC 6238) which works with Authy, Google Authenticator and
other compatible apps.
2021-09-04 12:11:04 +02:00
Nicola Murino
b903a6e46f
data provider: remove default admin
...
you need to load initial data or set "create_default_admin" to true
and the appropriate env vars if you don't want to use the web admin
setup screen to create the default admin
2021-08-20 10:37:51 +02:00
Nicola Murino
be3857d572
dataprovider: add timestamp fields for users and admins
2021-08-19 15:51:43 +02:00
Nicola Murino
fe953d6b38
REST API: add support for API key authentication
2021-08-17 18:08:32 +02:00
Nicola Murino
ced2e16f41
add support for password validation rules
...
Fixes #494
2021-08-06 18:56:07 +02:00
Nicola Murino
0503215e7a
web client: try to prevent browsers from caching requests
...
Fixes #493
2021-08-03 19:58:03 +02:00
Nicola Murino
90b324d707
Add a link on the login pages to switch between admin and web client login
...
The links are hidden if only the web admin or only thw web client is
enabled and can also be controlled using the "hide_login_url" setting
Fixes #485
2021-07-27 18:43:00 +02:00
Nicola Murino
3a22aae34f
web UI: add support for upload, create dirs, rename, delete
2021-07-26 20:55:49 +02:00
Nicola Murino
c41ae116eb
improve logging
...
Fixes #381
2021-07-24 20:11:17 +02:00
Nicola Murino
83c7453957
user API: allow to disable writes ...
...
... even if the user has permissions for these actions
2021-07-23 21:41:02 +02:00
Nicola Murino
85a47810ff
S3: expose more properties, possible backward incompatible change
...
Before these changes we implictly set S3ForcePathStyle if an endpoint
was provided.
This can cause issues with some S3 compatible object storages and must
be explicitly set now.
AWS is also deprecating this setting
https://aws.amazon.com/it/blogs/aws/amazon-s3-path-deprecation-plan-the-rest-of-the-story/
2021-07-23 16:56:48 +02:00
Nicola Murino
ae8ccadad2
users API: add API to create, delete, rename files and directories
2021-07-23 10:19:27 +02:00
Nicola Murino
776dffcf12
kms: improve modularity
2021-07-13 21:17:21 +02:00
Nicola Murino
e1a2451c22
s3: allow to configure the chunk download timeout
2021-07-11 18:39:45 +02:00
Nicola Murino
bd5191dfc5
add experimental plugin system
2021-07-11 15:26:51 +02:00
Nicola Murino
ff19879ffd
allow to use a persistent signing key for JWT and CSRF tokens
...
Fixes #466
2021-07-01 20:17:40 +02:00
Nicola Murino
076b2f0ee0
modules: add v2 support
2021-06-26 07:31:41 +02:00
Manuel Reithuber
fd4c388b23
added vfs.ListProviders() and using it in template fsconfig.html (added a new ListFSProviders template function for that)
2021-06-19 19:27:54 +02:00
Manuel Reithuber
88b10da596
updated utils.LoadTemplate() to call template.ParseFiles() directly and added a way to specify a base template (will be used in the next commit)
2021-06-19 19:27:54 +02:00
Manuel Reithuber
0ff010cc94
added vfs.GetProviderByName(), using it in for sftpgo portable and for parsing the webadmin form field
2021-06-19 19:27:54 +02:00
Nicola Murino
c1b862394d
move other errors to utils package
2021-06-19 13:06:01 +02:00
Manuel Reithuber
f19937b715
move Filesystem config validation to vfs
2021-06-19 12:24:43 +02:00
Nicola Murino
3bb0ca1d2b
config: remove deprecated configuration keys
2021-06-19 09:47:06 +02:00
Nicola Murino
9d3d7db29c
azblob: store SAS URL as kms.Secret
2021-06-11 22:27:36 +02:00
Nicola Murino
4be6307d87
webadmin: add defender page
2021-06-08 13:24:28 +02:00
Nicola Murino
feec2118bb
improve defender and quotas REST API
2021-06-07 21:52:43 +02:00
Nicola Murino
43182fc25e
OpenAPI: add users API
...
These new APIs match the web client features.
I'm aware that some API do not follow REST best practises.
I want to avoid things likes "/user/folders/<path>"
where "path" must be encoded and making it optional create issues, so
I defined resources as query parameters instead of path parameters
2021-06-05 16:07:09 +02:00
Nicola Murino
575bcf1f03
add remote address to transfer and commands logs
2021-06-01 22:28:43 +02:00
Nicola Murino
c1239fbf59
pre-upload action: add file open flags
...
Reading the flags the hook receiver can detect if the client wants to
truncate the target file
2021-05-31 22:33:23 +02:00
Nicola Murino
c63b923ec3
cryptfs: add support for atomic uploads
2021-05-31 21:45:29 +02:00
Nicola Murino
423d8306be
webclient: allow to download multiple files as zip
2021-05-30 23:07:46 +02:00
Nicola Murino
7a85c66ee7
webclient: defer file list rendering
...
combined with server side processing I can now list a directory with
about 100.000 files in less than 2 seconds without losing client side
filtering and pagination
2021-05-27 09:40:46 +02:00
Nicola Murino
25a44030f9
actions: add pre-download and pre-upload
...
Downloads and uploads can be denied based on hook response
2021-05-26 07:48:37 +02:00
Nicola Murino
600268ebb8
httpclient: allow to set custom headers
2021-05-25 08:36:01 +02:00
Nicola Murino
1223957f91
webclient: use different icons based on the file extension
2021-05-24 19:09:03 +02:00
Nicola Murino
15cde2dd1a
improve test coverage
2021-05-23 22:29:55 +02:00
Nicola Murino
50e441849a
try to make the web admin more user friendly
...
removed all the textarea with fields separated using "::".
This should, hopefully, improve user experience
2021-05-23 22:02:01 +02:00
Nicola Murino
02bb09ec01
remove deprecated file extensions filters
...
these filters were deprecated a long time ago, everyone should use
patterns filters now
2021-05-22 12:28:05 +02:00
Nicola Murino
b9bc8d722d
try to improve web client credentials page
...
I should do the same for the admin page too
2021-05-22 09:54:27 +02:00
Nicola Murino
ecfed4dc04
Add a Getting Started Guide
2021-05-20 18:16:27 +02:00
Nicola Murino
60cfbd2989
setup: auto login after creating the first admin
2021-05-16 21:36:57 +02:00
Nicola Murino
019b0f2fd5
http cookie: add max-age and samesite
...
update deps too
2021-05-16 09:13:00 +02:00
Nicola Murino
f2b93c0402
add a setup screen to create the first admin user
...
If you prefer to auto-create the first admin you can enable the
"create_default_admin" configuration key and SFTPGo will work as before.
You can also create the first admin by loading initial data: now you can
set both username and password, before you could only change the password
2021-05-14 19:21:15 +02:00