REST API v2

- add JWT authentication - admins are now stored inside the data provider - admin access can be restricted based on the source IP: both proxy header and connection IP are checked - deprecate REST API CLI: it is not relevant anymore Some other changes to the REST API can still happen before releasing SFTPGo 2.0.0 Fixes #197
2025-12-07 14:50:55 +03:00 · 2021-01-17 22:29:08 +01:00
parent d42fcc3786
commit 778ec9b88f
82 changed files with 9302 additions and 5327 deletions
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -26,12 +26,15 @@ import (
 	"strings"
 	"time"

+	"github.com/rs/xid"
 	"golang.org/x/crypto/ssh"

 	"github.com/drakkan/sftpgo/logger"
 )

-const logSender = "utils"
+const (
+	logSender = "utils"
+)

 // IsStringInSlice searches a string in a slice and returns true if the string is found
 func IsStringInSlice(obj string, list []string) bool {
@@ -383,6 +386,22 @@ func createDirPathIfMissing(file string, perm os.FileMode) error {
 	return nil
 }

+// GenerateRandomBytes generates the secret to use for JWT auth
+func GenerateRandomBytes(length int) []byte {
+	b := make([]byte, length)
+	_, err := io.ReadFull(rand.Reader, b)
+	if err != nil {
+		return b
+	}
+
+	b = xid.New().Bytes()
+	for len(b) < length {
+		b = append(b, xid.New().Bytes()...)
+	}
+
+	return b[:length]
+}
+
 // HTTPListenAndServe is a wrapper for ListenAndServe that support both tcp
 // and Unix-domain sockets
 func HTTPListenAndServe(srv *http.Server, address string, port int, isTLS bool, logSender string) error {