Nicola Murino
6eb43baf3d
web: fix content type for folders form
...
Fixes #367
2021-04-01 19:42:18 +02:00
Nicola Murino
2f56375121
improve SFTP loop detection
2021-04-01 18:53:48 +02:00
Nicola Murino
3bfd7e4d17
sftpfs: try to detect if an SFTP user point to itself
...
this will cause an infinite loop on login. The check should be improved
2021-03-29 21:53:44 +02:00
Nicola Murino
a43854ae9b
OpenAPI: document that secrets are automatically encrypted before saving
2021-03-28 11:23:06 +02:00
Nicola Murino
9ad750da54
WebDAV: try to preserve the lock fs as much as possible
2021-03-27 19:10:27 +01:00
Nicola Murino
0e50310a66
add a test case for UID/GID limits
2021-03-25 17:30:39 +01:00
Mike Unitskyi
5939ac4801
Increase uid:gid limits ( #362 )
...
Fixes #361
2021-03-25 17:11:42 +01:00
Nicola Murino
8a1249878a
OpenAPI schema: remove some superfluous required definitions
...
Fixes #356
2021-03-22 19:22:41 +01:00
Nicola Murino
5e375f56dd
kms: add a lock, secrets could be modified concurrently for cached users
...
also reduce the size of the JSON payload omitting empty secrets
2021-03-22 19:03:25 +01:00
Nicola Murino
d6dc3a507e
extend virtual folders support to all storage backends
...
Fixes #241
2021-03-21 19:15:47 +01:00
Nicola Murino
67ea75cf03
improve OpenAPI schema so it is better rendered on Stoplight
2021-03-07 18:41:56 +01:00
Nicola Murino
1ab02d5891
OpenAPI: improve schema
...
Fix some lint warnings
2021-03-06 17:08:24 +01:00
Nicola Murino
055506e518
sftpfs: add an option to disable concurrent reads
2021-03-06 15:41:40 +01:00
Nicola Murino
88122ba2f8
update jwtauth to v5
2021-03-05 18:50:45 +01:00
Nicola Murino
df41f0c556
add a setting to skip natural keys validation
...
Enabling the "skip_natural_keys_validation" data provider setting,
the natural keys for REST API/Web Admin as usernames, admin names,
folder names are not restricted to unreserved URI chars
Fixes #334 #308
2021-03-04 09:48:53 +01:00
Nicola Murino
534b253c20
WebDAV: improve TLS certificate authentication
...
For each user you can now configure:
- TLS certificate auth
- TLS certificate auth and password
- Password auth
For TLS certificate auth, the certificate common name is used as
username
2021-03-01 19:28:11 +01:00
Nicola Murino
a6e36e7cad
FTP: improve TLS certificate authentication
...
For each user you can now configure:
- TLS certificate auth
- TLS certificate auth and password
- Password auth
For TLS auth, the certificate common name must match the name provided
using the "USER" FTP command
2021-02-28 12:10:40 +01:00
Nicola Murino
ca3e15578e
Use new methods in the io and os packages instead of ioutil ones
...
ioutil is deprecated in Go 1.16 and SFTPGo is an application, not
a library, we have no reason to keep compatibility with old Go
versions.
Go 1.16 fix some cifs related issues too.
2021-02-25 21:53:04 +01:00
Nicola Murino
2146b83343
data providers: add filesystem to folder ...
...
... and some descriptive fields.
The filesystem support for virtual folders will be implemented in
future commits
2021-02-24 19:40:29 +01:00
Nicola Murino
5da4f931c5
TLS: allow to configure cipher suites
...
Fixes #316
2021-02-18 20:17:16 +01:00
Nicola Murino
be9230e85b
micro optimizations spotted using the go-critic linter
2021-02-16 19:11:36 +01:00
Nicola Murino
b1ce6eb85b
web admin: allow to set an empty password for SFTPGo users
2021-02-15 19:38:53 +01:00
Nicola Murino
46176a54b4
minor doc fixes
2021-02-14 22:08:08 +01:00
Nicola Murino
a21ccad174
web hooks: add mutual TLS support
2021-02-13 14:41:37 +01:00
Nicola Murino
1bccb93fcb
rename default branch from master to main
2021-02-09 19:53:03 +01:00
Nicola Murino
a2a99f9b57
merge full and slim dockerfiles
...
Fixes #232
2021-02-07 21:49:04 +01:00
Nicola Murino
d32b195a57
httpd: reuse the same compressor among bindings
2021-02-04 22:32:55 +01:00
Nicola Murino
267d9f1831
web ui: allow to create folders from a template
2021-02-04 19:09:43 +01:00
Nicola Murino
70bb3c34ce
sftpfs: improve endpoint validation
...
Validation will fail if the endpoint is not specified as host:port
2021-02-03 11:29:04 +01:00
Nicola Murino
e9dd4ecdf0
web admin: add CSRF
2021-02-03 08:55:28 +01:00
Nicola Murino
f863530653
JWT: only accepts tokens from the expected header or cookie
2021-02-02 13:11:47 +01:00
Nicola Murino
4f609cfa30
JWT: add token audience
...
a token released for API audience cannot be used for web pages and
vice-versa
2021-02-02 09:14:10 +01:00
Nicola Murino
78bf808322
virtual folders: change dataprovider structure
...
This way we no longer depend on the local file system path and so we can
add support for cloud backends in future updates
2021-02-01 19:04:15 +01:00
Nicola Murino
afe1da92c5
web UI cookie: set the Secure flags if we are over TLS
2021-01-28 13:29:16 +01:00
Nicola Murino
c2bbd468c4
REST API: add logout and store invalidated token
2021-01-26 22:35:36 +01:00
Nicola Murino
54321c5240
web ui: allow to create multiple users from a template
2021-01-25 21:31:33 +01:00
Nicola Murino
80f5ccd357
web admin: add backup/restore
2021-01-22 19:42:18 +01:00
Nicola Murino
57976b4085
httpd: add mTLS and multiple bindings support
2021-01-19 18:59:41 +01:00
Nicola Murino
41a1af863e
OpenAPI: minor changes
2021-01-18 13:24:38 +01:00
Nicola Murino
778ec9b88f
REST API v2
...
- add JWT authentication
- admins are now stored inside the data provider
- admin access can be restricted based on the source IP: both proxy
header and connection IP are checked
- deprecate REST API CLI: it is not relevant anymore
Some other changes to the REST API can still happen before releasing
SFTPGo 2.0.0
Fixes #197
2021-01-17 22:29:08 +01:00
Nicola Murino
daac90c4e1
fix a potential race condition for pre-login and ext auth
...
hooks
doing something like this:
err = provider.updateUser(u)
...
return provider.userExists(username)
could be racy if another update happen before
provider.userExists(username)
also pass a pointer to updateUser so if the user is modified inside
"validateUser" we can just return the modified user without do a new
query
2021-01-05 09:50:22 +01:00
Nicola Murino
684f4ba1a6
mutal TLS: add support for revocation lists
2021-01-03 17:03:04 +01:00
Nicola Murino
6d84c5b9e3
capture http servers error logs
...
otherwise they will be printed to stdout
2021-01-03 10:38:28 +01:00
Nicola Murino
4b522a2455
webdav: refactor server initialization
2021-01-03 09:51:54 +01:00
Nicola Murino
d6b3acdb62
add REST API for the defender
2021-01-02 19:33:24 +01:00
Nicola Murino
037d89a320
add support for a basic built-in defender
...
It can help to prevent DoS and brute force password guessing
2021-01-02 14:05:09 +01:00
Nicola Murino
30eb3c4a99
update OpenAPI schema
2020-12-29 19:33:04 +01:00
Nicola Murino
0966d44c0f
httpd: add support for listening over a Unix-domain socket
...
Fixes #266
2020-12-29 19:02:56 +01:00
Nicola Murino
80c06d6b59
clone: disable decrypt error test for memory provider
...
This test cannot work using memory provider, we cannot change the provider
for a kms secrete without reloading it from JSON and the memory provider
will never reload users
2020-12-26 15:57:01 +01:00
Nicola Murino
e536a638c9
web UI: improve user cloning
2020-12-26 15:11:38 +01:00