package dataprovider import ( "encoding/json" "path/filepath" "github.com/drakkan/sftpgo/utils" ) // Available permissions for SFTP users const ( // All permissions are granted PermAny = "*" // List items such as files and directories is allowed PermListItems = "list" // download files is allowed PermDownload = "download" // upload files is allowed PermUpload = "upload" // delete files or directories is allowed PermDelete = "delete" // rename files or directories is allowed PermRename = "rename" // create directories is allowed PermCreateDirs = "create_dirs" // create symbolic links is allowed PermCreateSymlinks = "create_symlinks" ) // User defines an SFTP user type User struct { // Database unique identifier ID int64 `json:"id"` // Username Username string `json:"username"` // Password used for password authentication. // For users created using SFTPGo REST API the password is be stored using argon2id hashing algo. // Checking passwords stored with bcrypt is supported too. // Currently, as fallback, there is a clear text password checking but you should not store passwords // as clear text and this support could be removed at any time, so please don't depend on it. Password string `json:"password,omitempty"` // PublicKeys used for public key authentication. At least one between password and a public key is mandatory PublicKeys []string `json:"public_keys,omitempty"` // The user cannot upload or download files outside this directory. Must be an absolute path HomeDir string `json:"home_dir"` // If sftpgo runs as root system user then the created files and directories will be assigned to this system UID UID int `json:"uid"` // If sftpgo runs as root system user then the created files and directories will be assigned to this system GID GID int `json:"gid"` // Maximum concurrent sessions. 0 means unlimited MaxSessions int `json:"max_sessions"` // Maximum size allowed as bytes. 0 means unlimited QuotaSize int64 `json:"quota_size"` // Maximum number of files allowed. 0 means unlimited QuotaFiles int `json:"quota_files"` // List of the granted permissions Permissions []string `json:"permissions"` // Used quota as bytes UsedQuotaSize int64 `json:"used_quota_size"` // Used quota as number of files UsedQuotaFiles int `json:"used_quota_files"` // Last quota update as unix timestamp in milliseconds LastQuotaUpdate int64 `json:"last_quota_update"` // Maximum upload bandwidth as KB/s, 0 means unlimited UploadBandwidth int64 `json:"upload_bandwidth"` // Maximum download bandwidth as KB/s, 0 means unlimited DownloadBandwidth int64 `json:"download_bandwidth"` } // HasPerm returns true if the user has the given permission or any permission func (u *User) HasPerm(permission string) bool { if utils.IsStringInSlice(PermAny, u.Permissions) { return true } return utils.IsStringInSlice(permission, u.Permissions) } // GetPermissionsAsJSON returns the permissions as json byte array func (u *User) GetPermissionsAsJSON() ([]byte, error) { return json.Marshal(u.Permissions) } // GetPublicKeysAsJSON returns the public keys as json byte array func (u *User) GetPublicKeysAsJSON() ([]byte, error) { return json.Marshal(u.PublicKeys) } // GetUID returns a validate uid, suitable for use with os.Chown func (u *User) GetUID() int { if u.UID <= 0 || u.UID > 65535 { return -1 } return u.UID } // GetGID returns a validate gid, suitable for use with os.Chown func (u *User) GetGID() int { if u.GID <= 0 || u.GID > 65535 { return -1 } return u.GID } // GetHomeDir returns the shortest path name equivalent to the user's home directory func (u *User) GetHomeDir() string { return filepath.Clean(u.HomeDir) } // HasQuotaRestrictions returns true if there is a quota restriction on number of files or size or both func (u *User) HasQuotaRestrictions() bool { return u.QuotaFiles > 0 || u.QuotaSize > 0 } // GetRelativePath returns the path for a file relative to the user's home dir. // This is the path as seen by SFTP users func (u *User) GetRelativePath(path string) string { rel, err := filepath.Rel(u.GetHomeDir(), path) if err != nil { return "" } return "/" + filepath.ToSlash(rel) }