Google Cloud Storage credentials are now always stored within the data
provider.
Added a migration to read credentials from disk and store them inside the
data provider.
After v2.3 we can also remove credentials_path
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
Using groups simplifies the administration of multiple accounts by
letting you assign settings once to a group, instead of multiple
times to each individual user.
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
if defined only the listed IPs/networks can access the configured
services, all other client connections will be dropped before they
even try to authenticate
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
The purpose of this code is to prevent anyone who can access to
the initial setup screen from creating an admin user
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
with total limit or separate settings for uploads and downloads and
overrides based on the client's IP address.
Limits can be reset using the REST API
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
SFTPGo is now fully auditable, all fs and provider events that change
something are notified and can be collected using hooks/plugins.
There are some backward incompatible changes for command hooks
The builtin two-factor authentication is based on time-based one time
passwords (RFC 6238) which works with Authy, Google Authenticator and
other compatible apps.
ioutil is deprecated in Go 1.16 and SFTPGo is an application, not
a library, we have no reason to keep compatibility with old Go
versions.
Go 1.16 fix some cifs related issues too.
- add JWT authentication
- admins are now stored inside the data provider
- admin access can be restricted based on the source IP: both proxy
header and connection IP are checked
- deprecate REST API CLI: it is not relevant anymore
Some other changes to the REST API can still happen before releasing
SFTPGo 2.0.0
Fixes#197
hooks
doing something like this:
err = provider.updateUser(u)
...
return provider.userExists(username)
could be racy if another update happen before
provider.userExists(username)
also pass a pointer to updateUser so if the user is modified inside
"validateUser" we can just return the modified user without do a new
query