Nicola Murino
019b0f2fd5
http cookie: add max-age and samesite
...
update deps too
2021-05-16 09:13:00 +02:00
Nicola Murino
15d6cd144a
another try to better understand the random webdav test case failure
2021-05-15 08:56:36 +02:00
Nicola Murino
f59f62317e
sftpd: fix file upload resume detection
...
WinSCP does not set the APPEND flag while resuming a file upload,
so we detect a file upload resume if the TRUNCATE flag is not set.
The APPEND flag is now ignored.
Fixes #420
2021-05-15 08:39:01 +02:00
Nicola Murino
f2b93c0402
add a setup screen to create the first admin user
...
If you prefer to auto-create the first admin you can enable the
"create_default_admin" configuration key and SFTPGo will work as before.
You can also create the first admin by loading initial data: now you can
set both username and password, before you could only change the password
2021-05-14 19:21:15 +02:00
Nicola Murino
0540b8780e
redact credentials within hooks
...
go-retryablehttp does not redact credentials, so we still log them
when we use it
https://github.com/hashicorp/go-retryablehttp/pull/133
2021-05-12 22:44:17 +02:00
Nicola Murino
fa45c9c138
allow to execute actions for file operations and SSH commands synchronously
...
The actions to run synchronously can be configured via the `execute_sync`
configuration key.
Executing an action synchronously means that SFTPGo will not return a result
code to the client until your hook have completed its execution.
Fixes #409
2021-05-11 12:45:14 +02:00
Nicola Murino
b67cd0d3df
ensure no client is connected before running max connections test cases
2021-05-11 08:04:57 +02:00
Nicola Murino
c8f7fc9bc9
httpd/webdav: add a list of hosts allowed to send proxy headers
...
X-Forwarded-For, X-Real-IP and X-Forwarded-Proto headers will be ignored
for hosts not included in this list.
This is a backward incompatible change, before the proxy headers were
always used
2021-05-11 06:54:06 +02:00
dependabot[bot]
f1b998ce16
Bump github.com/otiai10/copy from 1.5.1 to 1.6.0 ( #414 )
...
Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy ) from 1.5.1 to 1.6.0.
- [Release notes](https://github.com/otiai10/copy/releases )
- [Commits](https://github.com/otiai10/copy/compare/v1.5.1...v1.6.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-10 14:02:09 +02:00
dependabot[bot]
aaa758e978
Bump github.com/minio/sio from 0.2.1 to 0.3.0 ( #412 )
...
Bumps [github.com/minio/sio](https://github.com/minio/sio ) from 0.2.1 to 0.3.0.
- [Release notes](https://github.com/minio/sio/releases )
- [Commits](https://github.com/minio/sio/compare/v0.2.1...v0.3.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-10 11:34:01 +02:00
dependabot[bot]
716946a148
Bump github.com/aws/aws-sdk-go from 1.38.35 to 1.38.36 ( #413 )
...
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.38.35 to 1.38.36.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.38.35...v1.38.36 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-10 11:10:58 +02:00
Nicola Murino
15934d72cc
webdav test: increase log size
...
the latest 10 lines are not enough to understand the issue, try with 20
2021-05-09 10:09:25 +02:00
Nicola Murino
8f6cdacd00
allow to limit the number of per-host connections
2021-05-08 19:45:21 +02:00
Nicola Murino
8f736da4b8
webdav test: add some more logs
...
QuotaLimits test case sometime fails when running in CI, try to
understand the reason
2021-05-07 22:24:06 +02:00
Nicola Murino
4ea4202b99
httpd/webdav: use a custom listener with read and write deadlines
2021-05-07 20:41:20 +02:00
Nicola Murino
d4bfc3f6b5
fix lint configuration and a warning
2021-05-06 22:06:22 +02:00
Nicola Murino
23d9ebfc91
add a basic front-end web interface for end-users
...
Fixes #339 #321 #398
2021-05-06 21:35:43 +02:00
dependabot[bot]
5c99f4fb60
Bump github.com/shirou/gopsutil/v3 from 3.21.3 to 3.21.4 ( #406 )
...
Bumps [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil ) from 3.21.3 to 3.21.4.
- [Release notes](https://github.com/shirou/gopsutil/releases )
- [Commits](https://github.com/shirou/gopsutil/compare/v3.21.3...v3.21.4 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-03 14:44:07 +02:00
dependabot[bot]
2263c7e20f
Bump github.com/hashicorp/go-retryablehttp from 0.6.8 to 0.7.0 ( #405 )
...
Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp ) from 0.6.8 to 0.7.0.
- [Release notes](https://github.com/hashicorp/go-retryablehttp/releases )
- [Commits](https://github.com/hashicorp/go-retryablehttp/compare/v0.6.8...v0.7.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-03 14:43:53 +02:00
dependabot[bot]
515b2d917e
Bump github.com/fclairamb/ftpserverlib from 0.13.0 to 0.13.1 ( #404 )
...
Bumps [github.com/fclairamb/ftpserverlib](https://github.com/fclairamb/ftpserverlib ) from 0.13.0 to 0.13.1.
- [Release notes](https://github.com/fclairamb/ftpserverlib/releases )
- [Commits](https://github.com/fclairamb/ftpserverlib/compare/v0.13.0...v0.13.1 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-03 13:29:54 +02:00
dependabot[bot]
af4723356d
Bump github.com/lestrrat-go/jwx from 1.1.7 to 1.2.0 ( #403 )
...
Bumps [github.com/lestrrat-go/jwx](https://github.com/lestrrat-go/jwx ) from 1.1.7 to 1.2.0.
- [Release notes](https://github.com/lestrrat-go/jwx/releases )
- [Changelog](https://github.com/lestrrat-go/jwx/blob/main/Changes )
- [Commits](https://github.com/lestrrat-go/jwx/compare/v1.1.7...v1.2.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-03 13:29:16 +02:00
dependabot[bot]
068dd34a38
Bump github.com/aws/aws-sdk-go from 1.38.25 to 1.38.30 ( #402 )
...
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.38.25 to 1.38.30.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.38.25...v1.38.30 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-03 11:41:25 +02:00
dependabot[bot]
b16a5c2caf
Bump github.com/go-chi/chi/v5 from 5.0.2 to 5.0.3 ( #401 )
...
Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi ) from 5.0.2 to 5.0.3.
- [Release notes](https://github.com/go-chi/chi/releases )
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md )
- [Commits](https://github.com/go-chi/chi/compare/v5.0.2...v5.0.3 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-03 11:41:09 +02:00
Nicola Murino
a383957cfa
OpenAPI: document that also folder-quota-update supports partial updates
2021-04-28 19:33:32 +02:00
Nicola Murino
00f97aabb4
OpenAPI: document that quota-update support partial updates
...
If the update mode is "add" and you pass only used_quota_size or only
used_quota_files the missing field will remain unchanged
2021-04-28 19:16:15 +02:00
Nicola Murino
32db0787bb
add an example script for scheduled quota updates
2021-04-26 21:53:09 +02:00
Nicola Murino
1275328fdf
Authentication errors: try to avoid user enumeration
...
Fixes #395
2021-04-26 19:48:21 +02:00
Nicola Murino
7778716fa7
update crypto and net dependencies
2021-04-25 18:12:02 +02:00
dependabot[bot]
77476d0f56
Bump github.com/aws/aws-sdk-go from 1.38.21 to 1.38.25 ( #394 )
...
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.38.21 to 1.38.25.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.38.21...v1.38.25 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-25 17:07:59 +02:00
dependabot[bot]
c7a1fc2996
Bump cloud.google.com/go/storage from 1.14.0 to 1.15.0 ( #392 )
...
Bumps [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go ) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.14.0...spanner/v1.15.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-25 17:07:36 +02:00
dependabot[bot]
e7d8e73be8
Bump github.com/lib/pq from 1.10.0 to 1.10.1 ( #391 )
...
Bumps [github.com/lib/pq](https://github.com/lib/pq ) from 1.10.0 to 1.10.1.
- [Release notes](https://github.com/lib/pq/releases )
- [Commits](https://github.com/lib/pq/compare/v1.10.0...v1.10.1 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-25 17:07:26 +02:00
dependabot[bot]
3ee27f4370
Bump golangci/golangci-lint-action from v2 to v2.5.2 ( #389 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from v2 to v2.5.2.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2...5c56cd6c9dc07901af25baab6f2b0d9f3b7c3018 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-25 16:41:17 +02:00
Nicola Murino
92424cd1c2
dependabot: limit the number of open pull requests
2021-04-25 16:39:41 +02:00
Nicola Murino
0190dad984
docker: update github script to v4
2021-04-25 15:59:29 +02:00
Nicola Murino
198258f4e7
add dependabot
...
Fixes #388
2021-04-25 15:54:19 +02:00
Nicola Murino
5be4b6bd44
localfs: fix subdir check if the user has the root dir as home
2021-04-25 14:36:29 +02:00
Nicola Murino
3941255733
docs: fix a typo
2021-04-25 09:42:19 +02:00
Nicola Murino
46998252e5
use bcrypt as default password hashing algo
...
argon2id has a high memory cost and, if not properly tuned, it can lead to
resource starvation.
Advanced users can still configure and use argon2id.
Passwords stored as argon2id will continue to work
2021-04-25 09:38:33 +02:00
Nicola Murino
74b51f0ad3
update nfpm
2021-04-23 22:53:13 +02:00
Nicola Murino
b11865f971
CI: add support for darwin/arm64
...
I have no way to test the produced binaries on a real Silicon M1
2021-04-20 23:00:27 +02:00
Nicola Murino
f4369cdbef
fix max connections check
...
Also make sure to close the ssh client connection in test cases
2021-04-20 18:12:16 +02:00
Nicola Murino
92638ce93d
add support for hashing password using bcrypt
...
argon2id remains the default
2021-04-20 13:55:09 +02:00
Nicola Murino
6ef85d6026
add, optional, in memory password caching
...
Verifying argon2 passwords has a high memory and computational cost,
by enabling, in memory, password caching you reduce this cost
2021-04-20 09:39:36 +02:00
Nicola Murino
bc88503f25
sql providers: reuse the same context where appropriate
2021-04-19 18:58:53 +02:00
Nicola Murino
47317bed9b
make sure that Retry-After header has a value greater than zero
2021-04-19 09:16:27 +02:00
Nicola Murino
f45c89fc46
add rate limiting support for REST API/web admin too
2021-04-19 08:14:04 +02:00
Nicola Murino
112e3b2fc2
add rate limiting support
2021-04-18 12:31:06 +02:00
Nicola Murino
124c471a2b
FTPD: make sure that the passive ip, if provided, is valid
...
The server will refuse to start if the provided passive ip is not a
valid IPv4 address.
Fixes #376
2021-04-16 15:08:10 +02:00
Nicola Murino
683ba6cd5b
get binding from env: respect the documented default
...
Fixes #377
2021-04-16 13:35:13 +02:00
Nicola Murino
21fbcf4556
FTP: add support for TLS session resumption on the data connection
...
Fixes #374
2021-04-16 09:00:40 +02:00