beenull/sftpgo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1044 commits 8 branches 48 tags 35 MiB
Commit graph

272 commits

Author SHA1 Message Date
Nicola Murino
ced2e16f41
add support for password validation rules 
Fixes #494
 2021-08-06 18:56:07 +02:00
Nicola Murino
0503215e7a
web client: try to prevent browsers from caching requests 
Fixes #493
 2021-08-03 19:58:03 +02:00
Nicola Murino
90b324d707
Add a link on the login pages to switch between admin and web client login 
The links are hidden if only the web admin or only thw web client is
enabled and can also be controlled using the "hide_login_url" setting

Fixes #485
 2021-07-27 18:43:00 +02:00
Nicola Murino
3a22aae34f
web UI: add support for upload, create dirs, rename, delete 2021-07-26 20:55:49 +02:00
Nicola Murino
c41ae116eb
improve logging 
Fixes #381
 2021-07-24 20:11:17 +02:00
Nicola Murino
83c7453957
user API: allow to disable writes ... 
... even if the user has permissions for these actions
 2021-07-23 21:41:02 +02:00
Nicola Murino
85a47810ff
S3: expose more properties, possible backward incompatible change 
Before these changes we implictly set S3ForcePathStyle if an endpoint
was provided.

This can cause issues with some S3 compatible object storages and must
be explicitly set now.

AWS is also deprecating this setting

https://aws.amazon.com/it/blogs/aws/amazon-s3-path-deprecation-plan-the-rest-of-the-story/
 2021-07-23 16:56:48 +02:00
Nicola Murino
ae8ccadad2
users API: add API to create, delete, rename files and directories 2021-07-23 10:19:27 +02:00
Nicola Murino
776dffcf12
kms: improve modularity 2021-07-13 21:17:21 +02:00
Nicola Murino
e1a2451c22
s3: allow to configure the chunk download timeout 2021-07-11 18:39:45 +02:00
Nicola Murino
bd5191dfc5
add experimental plugin system 2021-07-11 15:26:51 +02:00
Nicola Murino
ff19879ffd
allow to use a persistent signing key for JWT and CSRF tokens 
Fixes #466
 2021-07-01 20:17:40 +02:00
Nicola Murino
076b2f0ee0
modules: add v2 support 2021-06-26 07:31:41 +02:00
Manuel Reithuber
fd4c388b23 added vfs.ListProviders() and using it in template fsconfig.html (added a new ListFSProviders template function for that) 2021-06-19 19:27:54 +02:00
Manuel Reithuber
88b10da596 updated utils.LoadTemplate() to call template.ParseFiles() directly and added a way to specify a base template (will be used in the next commit) 2021-06-19 19:27:54 +02:00
Manuel Reithuber
0ff010cc94 added vfs.GetProviderByName(), using it in for sftpgo portable and for parsing the webadmin form field 2021-06-19 19:27:54 +02:00
Nicola Murino
c1b862394d
move other errors to utils package 2021-06-19 13:06:01 +02:00
Manuel Reithuber
f19937b715
move Filesystem config validation to vfs 2021-06-19 12:24:43 +02:00
Nicola Murino
3bb0ca1d2b
config: remove deprecated configuration keys 2021-06-19 09:47:06 +02:00
Nicola Murino
9d3d7db29c
azblob: store SAS URL as kms.Secret 2021-06-11 22:27:36 +02:00
Nicola Murino
4be6307d87
webadmin: add defender page 2021-06-08 13:24:28 +02:00
Nicola Murino
feec2118bb
improve defender and quotas REST API 2021-06-07 21:52:43 +02:00
Nicola Murino
43182fc25e
OpenAPI: add users API 
These new APIs match the web client features.

I'm aware that some API do not follow REST best practises.

I want to avoid things likes "/user/folders/<path>"

where "path" must be encoded and making it optional create issues, so
I defined resources as query parameters instead of path parameters
 2021-06-05 16:07:09 +02:00
Nicola Murino
575bcf1f03
add remote address to transfer and commands logs 2021-06-01 22:28:43 +02:00
Nicola Murino
c1239fbf59
pre-upload action: add file open flags 
Reading the flags the hook receiver can detect if the client wants to
truncate the target file
 2021-05-31 22:33:23 +02:00
Nicola Murino
c63b923ec3
cryptfs: add support for atomic uploads 2021-05-31 21:45:29 +02:00
Nicola Murino
423d8306be
webclient: allow to download multiple files as zip 2021-05-30 23:07:46 +02:00
Nicola Murino
7a85c66ee7
webclient: defer file list rendering 
combined with server side processing I can now list a directory with
about 100.000 files in less than 2 seconds without losing client side
filtering and pagination
 2021-05-27 09:40:46 +02:00
Nicola Murino
25a44030f9
actions: add pre-download and pre-upload 
Downloads and uploads can be denied based on hook response
 2021-05-26 07:48:37 +02:00
Nicola Murino
600268ebb8
httpclient: allow to set custom headers 2021-05-25 08:36:01 +02:00
Nicola Murino
1223957f91
webclient: use different icons based on the file extension 2021-05-24 19:09:03 +02:00
Nicola Murino
15cde2dd1a
improve test coverage 2021-05-23 22:29:55 +02:00
Nicola Murino
50e441849a
try to make the web admin more user friendly 
removed all the textarea with fields separated using "::".
This should, hopefully, improve user experience
 2021-05-23 22:02:01 +02:00
Nicola Murino
02bb09ec01
remove deprecated file extensions filters 
these filters were deprecated a long time ago, everyone should use
patterns filters now
 2021-05-22 12:28:05 +02:00
Nicola Murino
b9bc8d722d
try to improve web client credentials page 
I should do the same for the admin page too
 2021-05-22 09:54:27 +02:00
Nicola Murino
ecfed4dc04
Add a Getting Started Guide 2021-05-20 18:16:27 +02:00
Nicola Murino
60cfbd2989
setup: auto login after creating the first admin 2021-05-16 21:36:57 +02:00
Nicola Murino
019b0f2fd5
http cookie: add max-age and samesite 
update deps too
 2021-05-16 09:13:00 +02:00
Nicola Murino
f2b93c0402
add a setup screen to create the first admin user 
If you prefer to auto-create the first admin you can enable the
"create_default_admin" configuration key and SFTPGo will work as before.

You can also create the first admin by loading initial data: now you can
set both username and password, before you could only change the password
 2021-05-14 19:21:15 +02:00
Nicola Murino
c8f7fc9bc9
httpd/webdav: add a list of hosts allowed to send proxy headers 
X-Forwarded-For, X-Real-IP and X-Forwarded-Proto headers will be ignored
for hosts not included in this list.

This is a backward incompatible change, before the proxy headers were
always used
 2021-05-11 06:54:06 +02:00
Nicola Murino
8f6cdacd00
allow to limit the number of per-host connections 2021-05-08 19:45:21 +02:00
Nicola Murino
4ea4202b99
httpd/webdav: use a custom listener with read and write deadlines 2021-05-07 20:41:20 +02:00
Nicola Murino
d4bfc3f6b5
fix lint configuration and a warning 2021-05-06 22:06:22 +02:00
Nicola Murino
23d9ebfc91
add a basic front-end web interface for end-users 
Fixes #339 #321 #398
 2021-05-06 21:35:43 +02:00
Nicola Murino
a383957cfa
OpenAPI: document that also folder-quota-update supports partial updates 2021-04-28 19:33:32 +02:00
Nicola Murino
00f97aabb4
OpenAPI: document that quota-update support partial updates 
If the update mode is "add" and you pass only used_quota_size or only
used_quota_files the missing field will remain unchanged
 2021-04-28 19:16:15 +02:00
Nicola Murino
32db0787bb
add an example script for scheduled quota updates 2021-04-26 21:53:09 +02:00
Nicola Murino
1275328fdf
Authentication errors: try to avoid user enumeration 
Fixes #395
 2021-04-26 19:48:21 +02:00
Nicola Murino
3941255733
docs: fix a typo 2021-04-25 09:42:19 +02:00
Nicola Murino
46998252e5
use bcrypt as default password hashing algo 
argon2id has a high memory cost and, if not properly tuned, it can lead to
resource starvation.

Advanced users can still configure and use argon2id.
Passwords stored as argon2id will continue to work
 2021-04-25 09:38:33 +02:00
Nicola Murino
92638ce93d
add support for hashing password using bcrypt 
argon2id remains the default
 2021-04-20 13:55:09 +02:00
Nicola Murino
47317bed9b
make sure that Retry-After header has a value greater than zero 2021-04-19 09:16:27 +02:00
Nicola Murino
f45c89fc46
add rate limiting support for REST API/web admin too 2021-04-19 08:14:04 +02:00
Nicola Murino
112e3b2fc2
add rate limiting support 2021-04-18 12:31:06 +02:00
Nicola Murino
c844fc7477
add support for delayed quota update 
If there are a lot of close uploads, accumulating quota updates can
save you many queries to the data provider
 2021-04-11 08:38:43 +02:00
Nicola Murino
0bc4db9950
web admin: make base url configurable 2021-04-09 22:02:48 +02:00
Nicola Murino
0823928f98
allow to disable login filesystem checks 
SFTPGo requires that the user's home directory, virtual folder root,
and intermediate paths to virtual folders exist to work properly.
If you already know that the required directories exist, disabling
these checks will speed up login.
 2021-04-05 17:57:30 +02:00
Nicola Murino
fdf3f23df5
allow to disable some hooks on a per-user basis 
This way you can, for example, mix external and internal users
 2021-04-04 22:32:25 +02:00
Nicola Murino
1ee843757d
fix OpenAPI schema 2021-04-03 17:09:08 +02:00
Nicola Murino
ea26d7786c
sftpfs: add buffering support 
this way we improve performance over high latency networks
 2021-04-03 16:00:55 +02:00
Nicola Murino
6eb43baf3d
web: fix content type for folders form 
Fixes #367
 2021-04-01 19:42:18 +02:00
Nicola Murino
2f56375121
improve SFTP loop detection 2021-04-01 18:53:48 +02:00
Nicola Murino
3bfd7e4d17
sftpfs: try to detect if an SFTP user point to itself 
this will cause an infinite loop on login. The check should be improved
 2021-03-29 21:53:44 +02:00
Nicola Murino
a43854ae9b
OpenAPI: document that secrets are automatically encrypted before saving 2021-03-28 11:23:06 +02:00
Nicola Murino
9ad750da54
WebDAV: try to preserve the lock fs as much as possible 2021-03-27 19:10:27 +01:00
Nicola Murino
0e50310a66
add a test case for UID/GID limits 2021-03-25 17:30:39 +01:00
Mike Unitskyi
5939ac4801
Increase uid:gid limits (#362) 
Fixes #361
 2021-03-25 17:11:42 +01:00
Nicola Murino
8a1249878a
OpenAPI schema: remove some superfluous required definitions 
Fixes #356
 2021-03-22 19:22:41 +01:00
Nicola Murino
5e375f56dd
kms: add a lock, secrets could be modified concurrently for cached users 
also reduce the size of the JSON payload omitting empty secrets
 2021-03-22 19:03:25 +01:00
Nicola Murino
d6dc3a507e
extend virtual folders support to all storage backends 
Fixes #241
 2021-03-21 19:15:47 +01:00
Nicola Murino
67ea75cf03
improve OpenAPI schema so it is better rendered on Stoplight 2021-03-07 18:41:56 +01:00
Nicola Murino
1ab02d5891
OpenAPI: improve schema 
Fix some lint warnings
 2021-03-06 17:08:24 +01:00
Nicola Murino
055506e518
sftpfs: add an option to disable concurrent reads 2021-03-06 15:41:40 +01:00
Nicola Murino
88122ba2f8
update jwtauth to v5 2021-03-05 18:50:45 +01:00
Nicola Murino
df41f0c556
add a setting to skip natural keys validation 
Enabling the "skip_natural_keys_validation" data provider setting,
the natural keys for REST API/Web Admin as usernames, admin names,
folder names are not restricted to unreserved URI chars

Fixes #334 #308
 2021-03-04 09:48:53 +01:00
Nicola Murino
534b253c20
WebDAV: improve TLS certificate authentication 
For each user you can now configure:

- TLS certificate auth
- TLS certificate auth and password
- Password auth

For TLS certificate auth, the certificate common name is used as
username
 2021-03-01 19:28:11 +01:00
Nicola Murino
a6e36e7cad
FTP: improve TLS certificate authentication 
For each user you can now configure:

- TLS certificate auth
- TLS certificate auth and password
- Password auth

For TLS auth, the certificate common name must match the name provided
using the "USER" FTP command
 2021-02-28 12:10:40 +01:00
Nicola Murino
ca3e15578e
Use new methods in the io and os packages instead of ioutil ones 
ioutil is deprecated in Go 1.16 and SFTPGo is an application, not
a library, we have no reason to keep compatibility with old Go
versions.

Go 1.16 fix some cifs related issues too.
 2021-02-25 21:53:04 +01:00
Nicola Murino
2146b83343
data providers: add filesystem to folder ... 
... and some descriptive fields.
The filesystem support for virtual folders will be implemented in
future commits
 2021-02-24 19:40:29 +01:00
Nicola Murino
5da4f931c5
TLS: allow to configure cipher suites 
Fixes #316
 2021-02-18 20:17:16 +01:00
Nicola Murino
be9230e85b
micro optimizations spotted using the go-critic linter 2021-02-16 19:11:36 +01:00
Nicola Murino
b1ce6eb85b
web admin: allow to set an empty password for SFTPGo users 2021-02-15 19:38:53 +01:00
Nicola Murino
46176a54b4
minor doc fixes 2021-02-14 22:08:08 +01:00
Nicola Murino
a21ccad174
web hooks: add mutual TLS support 2021-02-13 14:41:37 +01:00
Nicola Murino
1bccb93fcb
rename default branch from master to main 2021-02-09 19:53:03 +01:00
Nicola Murino
a2a99f9b57
merge full and slim dockerfiles 
Fixes #232
 2021-02-07 21:49:04 +01:00
Nicola Murino
d32b195a57
httpd: reuse the same compressor among bindings 2021-02-04 22:32:55 +01:00
Nicola Murino
267d9f1831
web ui: allow to create folders from a template 2021-02-04 19:09:43 +01:00
Nicola Murino
70bb3c34ce
sftpfs: improve endpoint validation 
Validation will fail if the endpoint is not specified as host:port
 2021-02-03 11:29:04 +01:00
Nicola Murino
e9dd4ecdf0
web admin: add CSRF 2021-02-03 08:55:28 +01:00
Nicola Murino
f863530653
JWT: only accepts tokens from the expected header or cookie 2021-02-02 13:11:47 +01:00
Nicola Murino
4f609cfa30
JWT: add token audience 
a token released for API audience cannot be used for web pages and
vice-versa
 2021-02-02 09:14:10 +01:00
Nicola Murino
78bf808322
virtual folders: change dataprovider structure 
This way we no longer depend on the local file system path and so we can
add support for cloud backends in future updates
 2021-02-01 19:04:15 +01:00
Nicola Murino
afe1da92c5
web UI cookie: set the Secure flags if we are over TLS 2021-01-28 13:29:16 +01:00
Nicola Murino
c2bbd468c4
REST API: add logout and store invalidated token 2021-01-26 22:35:36 +01:00
Nicola Murino
54321c5240
web ui: allow to create multiple users from a template 2021-01-25 21:31:33 +01:00
Nicola Murino
80f5ccd357
web admin: add backup/restore 2021-01-22 19:42:18 +01:00
Nicola Murino
57976b4085
httpd: add mTLS and multiple bindings support 2021-01-19 18:59:41 +01:00
Nicola Murino
41a1af863e
OpenAPI: minor changes 2021-01-18 13:24:38 +01:00
Nicola Murino
778ec9b88f
REST API v2 
- add JWT authentication
- admins are now stored inside the data provider
- admin access can be restricted based on the source IP: both proxy
  header and connection IP are checked
- deprecate REST API CLI: it is not relevant anymore

Some other changes to the REST API can still happen before releasing
SFTPGo 2.0.0

Fixes #197
 2021-01-17 22:29:08 +01:00