add experimental plugin system

sdk/filesystem.go

@@ -0,0 +1,202 @@
+package sdk
+
+import "github.com/drakkan/sftpgo/v2/kms"
+
+// FilesystemProvider defines the supported storage filesystems
+type FilesystemProvider int
+
+// supported values for FilesystemProvider
+const (
+	LocalFilesystemProvider     FilesystemProvider = iota // Local
+	S3FilesystemProvider                                  // AWS S3 compatible
+	GCSFilesystemProvider                                 // Google Cloud Storage
+	AzureBlobFilesystemProvider                           // Azure Blob Storage
+	CryptedFilesystemProvider                             // Local encrypted
+	SFTPFilesystemProvider                                // SFTP
+)
+
+// GetProviderByName returns the FilesystemProvider matching a given name
+// to provide backwards compatibility, numeric strings are accepted as well
+func GetProviderByName(name string) FilesystemProvider {
+	switch name {
+	case "0", "osfs":
+		return LocalFilesystemProvider
+	case "1", "s3fs":
+		return S3FilesystemProvider
+	case "2", "gcsfs":
+		return GCSFilesystemProvider
+	case "3", "azblobfs":
+		return AzureBlobFilesystemProvider
+	case "4", "cryptfs":
+		return CryptedFilesystemProvider
+	case "5", "sftpfs":
+		return SFTPFilesystemProvider
+	}
+
+	// TODO think about returning an error value instead of silently defaulting to LocalFilesystemProvider
+	return LocalFilesystemProvider
+}
+
+// Name returns the Provider's unique name
+func (p FilesystemProvider) Name() string {
+	switch p {
+	case LocalFilesystemProvider:
+		return "osfs"
+	case S3FilesystemProvider:
+		return "s3fs"
+	case GCSFilesystemProvider:
+		return "gcsfs"
+	case AzureBlobFilesystemProvider:
+		return "azblobfs"
+	case CryptedFilesystemProvider:
+		return "cryptfs"
+	case SFTPFilesystemProvider:
+		return "sftpfs"
+	}
+	return "" // let's not claim to be
+}
+
+// ShortInfo returns a human readable, short description for the given FilesystemProvider
+func (p FilesystemProvider) ShortInfo() string {
+	switch p {
+	case LocalFilesystemProvider:
+		return "Local"
+	case S3FilesystemProvider:
+		return "AWS S3 (Compatible)"
+	case GCSFilesystemProvider:
+		return "Google Cloud Storage"
+	case AzureBlobFilesystemProvider:
+		return "Azure Blob Storage"
+	case CryptedFilesystemProvider:
+		return "Local encrypted"
+	case SFTPFilesystemProvider:
+		return "SFTP"
+	}
+	return ""
+}
+
+// ListProviders returns a list of available FilesystemProviders.
+func ListProviders() []FilesystemProvider {
+	return []FilesystemProvider{
+		LocalFilesystemProvider, S3FilesystemProvider,
+		GCSFilesystemProvider, AzureBlobFilesystemProvider,
+		CryptedFilesystemProvider, SFTPFilesystemProvider,
+	}
+}
+
+// S3FsConfig defines the configuration for S3 based filesystem
+type S3FsConfig struct {
+	Bucket string `json:"bucket,omitempty"`
+	// KeyPrefix is similar to a chroot directory for local filesystem.
+	// If specified then the SFTP user will only see objects that starts
+	// with this prefix and so you can restrict access to a specific
+	// folder. The prefix, if not empty, must not start with "/" and must
+	// end with "/".
+	// If empty the whole bucket contents will be available
+	KeyPrefix    string      `json:"key_prefix,omitempty"`
+	Region       string      `json:"region,omitempty"`
+	AccessKey    string      `json:"access_key,omitempty"`
+	AccessSecret *kms.Secret `json:"access_secret,omitempty"`
+	Endpoint     string      `json:"endpoint,omitempty"`
+	StorageClass string      `json:"storage_class,omitempty"`
+	// The buffer size (in MB) to use for multipart uploads. The minimum allowed part size is 5MB,
+	// and if this value is set to zero, the default value (5MB) for the AWS SDK will be used.
+	// The minimum allowed value is 5.
+	// Please note that if the upload bandwidth between the SFTP client and SFTPGo is greater than
+	// the upload bandwidth between SFTPGo and S3 then the SFTP client have to wait for the upload
+	// of the last parts to S3 after it ends the file upload to SFTPGo, and it may time out.
+	// Keep this in mind if you customize these parameters.
+	UploadPartSize int64 `json:"upload_part_size,omitempty"`
+	// How many parts are uploaded in parallel
+	UploadConcurrency int `json:"upload_concurrency,omitempty"`
+}
+
+// GCSFsConfig defines the configuration for Google Cloud Storage based filesystem
+type GCSFsConfig struct {
+	Bucket string `json:"bucket,omitempty"`
+	// KeyPrefix is similar to a chroot directory for local filesystem.
+	// If specified then the SFTP user will only see objects that starts
+	// with this prefix and so you can restrict access to a specific
+	// folder. The prefix, if not empty, must not start with "/" and must
+	// end with "/".
+	// If empty the whole bucket contents will be available
+	KeyPrefix      string      `json:"key_prefix,omitempty"`
+	CredentialFile string      `json:"-"`
+	Credentials    *kms.Secret `json:"credentials,omitempty"`
+	// 0 explicit, 1 automatic
+	AutomaticCredentials int    `json:"automatic_credentials,omitempty"`
+	StorageClass         string `json:"storage_class,omitempty"`
+}
+
+// AzBlobFsConfig defines the configuration for Azure Blob Storage based filesystem
+type AzBlobFsConfig struct {
+	Container string `json:"container,omitempty"`
+	// Storage Account Name, leave blank to use SAS URL
+	AccountName string `json:"account_name,omitempty"`
+	// Storage Account Key leave blank to use SAS URL.
+	// The access key is stored encrypted based on the kms configuration
+	AccountKey *kms.Secret `json:"account_key,omitempty"`
+	// Optional endpoint. Default is "blob.core.windows.net".
+	// If you use the emulator the endpoint must include the protocol,
+	// for example "http://127.0.0.1:10000"
+	Endpoint string `json:"endpoint,omitempty"`
+	// Shared access signature URL, leave blank if using account/key
+	SASURL *kms.Secret `json:"sas_url,omitempty"`
+	// KeyPrefix is similar to a chroot directory for local filesystem.
+	// If specified then the SFTPGo user will only see objects that starts
+	// with this prefix and so you can restrict access to a specific
+	// folder. The prefix, if not empty, must not start with "/" and must
+	// end with "/".
+	// If empty the whole bucket contents will be available
+	KeyPrefix string `json:"key_prefix,omitempty"`
+	// The buffer size (in MB) to use for multipart uploads.
+	// If this value is set to zero, the default value (1MB) for the Azure SDK will be used.
+	// Please note that if the upload bandwidth between the SFTPGo client and SFTPGo server is
+	// greater than the upload bandwidth between SFTPGo and Azure then the SFTP client have
+	// to wait for the upload of the last parts to Azure after it ends the file upload to SFTPGo,
+	// and it may time out.
+	// Keep this in mind if you customize these parameters.
+	UploadPartSize int64 `json:"upload_part_size,omitempty"`
+	// How many parts are uploaded in parallel
+	UploadConcurrency int `json:"upload_concurrency,omitempty"`
+	// Set to true if you use an Azure emulator such as Azurite
+	UseEmulator bool `json:"use_emulator,omitempty"`
+	// Blob Access Tier
+	AccessTier string `json:"access_tier,omitempty"`
+}
+
+// CryptFsConfig defines the configuration to store local files as encrypted
+type CryptFsConfig struct {
+	Passphrase *kms.Secret `json:"passphrase,omitempty"`
+}
+
+// SFTPFsConfig defines the configuration for SFTP based filesystem
+type SFTPFsConfig struct {
+	Endpoint     string      `json:"endpoint,omitempty"`
+	Username     string      `json:"username,omitempty"`
+	Password     *kms.Secret `json:"password,omitempty"`
+	PrivateKey   *kms.Secret `json:"private_key,omitempty"`
+	Fingerprints []string    `json:"fingerprints,omitempty"`
+	// Prefix is the path prefix to strip from SFTP resource paths.
+	Prefix string `json:"prefix,omitempty"`
+	// Concurrent reads are safe to use and disabling them will degrade performance.
+	// Some servers automatically delete files once they are downloaded.
+	// Using concurrent reads is problematic with such servers.
+	DisableCouncurrentReads bool `json:"disable_concurrent_reads,omitempty"`
+	// The buffer size (in MB) to use for transfers.
+	// Buffering could improve performance for high latency networks.
+	// With buffering enabled upload resume is not supported and a file
+	// cannot be opened for both reading and writing at the same time
+	// 0 means disabled.
+	BufferSize int64 `json:"buffer_size,omitempty"`
+}
+
+// Filesystem defines filesystem details
+type Filesystem struct {
+	Provider     FilesystemProvider `json:"provider"`
+	S3Config     S3FsConfig         `json:"s3config,omitempty"`
+	GCSConfig    GCSFsConfig        `json:"gcsconfig,omitempty"`
+	AzBlobConfig AzBlobFsConfig     `json:"azblobconfig,omitempty"`
+	CryptConfig  CryptFsConfig      `json:"cryptconfig,omitempty"`
+	SFTPConfig   SFTPFsConfig       `json:"sftpconfig,omitempty"`
+}

sdk/folder.go

@@ -0,0 +1,35 @@
+package sdk
+
+// BaseVirtualFolder defines the path for the virtual folder and the used quota limits.
+// The same folder can be shared among multiple users and each user can have different
+// quota limits or a different virtual path.
+type BaseVirtualFolder struct {
+	ID            int64  `json:"id"`
+	Name          string `json:"name"`
+	MappedPath    string `json:"mapped_path,omitempty"`
+	Description   string `json:"description,omitempty"`
+	UsedQuotaSize int64  `json:"used_quota_size"`
+	// Used quota as number of files
+	UsedQuotaFiles int `json:"used_quota_files"`
+	// Last quota update as unix timestamp in milliseconds
+	LastQuotaUpdate int64 `json:"last_quota_update"`
+	// list of usernames associated with this virtual folder
+	Users []string `json:"users,omitempty"`
+	// Filesystem configuration details
+	FsConfig Filesystem `json:"filesystem"`
+}
+
+// VirtualFolder defines a mapping between an SFTPGo exposed virtual path and a
+// filesystem path outside the user home directory.
+// The specified paths must be absolute and the virtual path cannot be "/",
+// it must be a sub directory. The parent directory for the specified virtual
+// path must exist. SFTPGo will, by default, try to automatically create any missing
+// parent directory for the configured virtual folders at user login.
+type VirtualFolder struct {
+	BaseVirtualFolder
+	VirtualPath string `json:"virtual_path"`
+	// Maximum size allowed as bytes. 0 means unlimited, -1 included in user quota
+	QuotaSize int64 `json:"quota_size"`
+	// Maximum number of files allowed. 0 means unlimited, -1 included in user quota
+	QuotaFiles int `json:"quota_files"`
+}

sdk/plugin/mkproto.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+protoc notifier/proto/notifier.proto --go_out=plugins=grpc:../.. --go_out=../../..
+
+

sdk/plugin/notifier.go

@@ -0,0 +1,135 @@
+package plugin
+
+import (
+	"crypto/sha256"
+	"fmt"
+	"os/exec"
+
+	"github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/go-plugin"
+
+	"github.com/drakkan/sftpgo/v2/logger"
+	"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
+	"github.com/drakkan/sftpgo/v2/util"
+)
+
+// NotifierConfig defines configuration parameters for notifiers plugins
+type NotifierConfig struct {
+	FsEvents   []string `json:"fs_events" mapstructure:"fs_events"`
+	UserEvents []string `json:"user_events" mapstructure:"user_events"`
+}
+
+func (c *NotifierConfig) hasActions() bool {
+	if len(c.FsEvents) > 0 {
+		return true
+	}
+	if len(c.UserEvents) > 0 {
+		return true
+	}
+	return false
+}
+
+type notifierPlugin struct {
+	config   Config
+	notifier notifier.Notifier
+	client   *plugin.Client
+}
+
+func newNotifierPlugin(config Config) (*notifierPlugin, error) {
+	p := &notifierPlugin{
+		config: config,
+	}
+	if err := p.initialize(); err != nil {
+		logger.Warn(logSender, "", "unable to create notifier plugin: %v, config %v", err, config)
+		return nil, err
+	}
+	return p, nil
+}
+
+func (p *notifierPlugin) exited() bool {
+	return p.client.Exited()
+}
+
+func (p *notifierPlugin) cleanup() {
+	p.client.Kill()
+}
+
+func (p *notifierPlugin) initialize() error {
+	killProcess(p.config.Cmd)
+	logger.Debug(logSender, "", "create new plugin %v", p.config.Cmd)
+	if !p.config.NotifierOptions.hasActions() {
+		return fmt.Errorf("no actions defined for the notifier plugin %v", p.config.Cmd)
+	}
+	var secureConfig *plugin.SecureConfig
+	if p.config.SHA256Sum != "" {
+		secureConfig.Checksum = []byte(p.config.SHA256Sum)
+		secureConfig.Hash = sha256.New()
+	}
+	client := plugin.NewClient(&plugin.ClientConfig{
+		HandshakeConfig: notifier.Handshake,
+		Plugins:         notifier.PluginMap,
+		Cmd:             exec.Command(p.config.Cmd, p.config.Args...),
+		AllowedProtocols: []plugin.Protocol{
+			plugin.ProtocolGRPC,
+		},
+		AutoMTLS:     p.config.AutoMTLS,
+		SecureConfig: secureConfig,
+		Managed:      false,
+		Logger: &logger.HCLogAdapter{
+			Logger: hclog.New(&hclog.LoggerOptions{
+				Name:        fmt.Sprintf("%v.%v", logSender, notifier.PluginName),
+				Level:       pluginsLogLevel,
+				DisableTime: true,
+			}),
+		},
+	})
+	rpcClient, err := client.Client()
+	if err != nil {
+		logger.Debug(logSender, "", "unable to get rpc client for plugin %v: %v", p.config.Cmd, err)
+		return err
+	}
+	raw, err := rpcClient.Dispense(notifier.PluginName)
+	if err != nil {
+		logger.Debug(logSender, "", "unable to get plugin %v from rpc client for plugin %v: %v",
+			notifier.PluginName, p.config.Cmd, err)
+		return err
+	}
+
+	p.client = client
+	p.notifier = raw.(notifier.Notifier)
+
+	return nil
+}
+
+func (p *notifierPlugin) notifyFsAction(action, username, fsPath, fsTargetPath, sshCmd, protocol string, fileSize int64, errAction error) {
+	if !util.IsStringInSlice(action, p.config.NotifierOptions.FsEvents) {
+		return
+	}
+
+	go func() {
+		status := 1
+		if errAction != nil {
+			status = 0
+		}
+		if err := p.notifier.NotifyFsEvent(action, username, fsPath, fsTargetPath, sshCmd, protocol, fileSize, status); err != nil {
+			logger.Warn(logSender, "", "unable to send fs action notification to plugin %v: %v", p.config.Cmd, err)
+		}
+	}()
+}
+
+func (p *notifierPlugin) notifyUserAction(action string, user Renderer) {
+	if !util.IsStringInSlice(action, p.config.NotifierOptions.UserEvents) {
+		return
+	}
+
+	go func() {
+		userAsJSON, err := user.RenderAsJSON(action != "delete")
+		if err != nil {
+			logger.Warn(logSender, "", "unable to render user as json for action %v: %v", action, err)
+			return
+		}
+		if err := p.notifier.NotifyUserEvent(action, userAsJSON); err != nil {
+			logger.Warn(logSender, "", "unable to send user action notification to plugin %v: %v", p.config.Cmd, err)
+		}
+	}()
+}

sdk/plugin/notifier/grpc.go

@@ -0,0 +1,72 @@
+package notifier
+
+import (
+	"context"
+	"time"
+
+	"google.golang.org/protobuf/types/known/emptypb"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier/proto"
+)
+
+const (
+	rpcTimeout = 20 * time.Second
+)
+
+// GRPCClient is an implementation of Notifier interface that talks over RPC.
+type GRPCClient struct {
+	client proto.NotifierClient
+}
+
+// NotifyFsEvent implements the Notifier interface
+func (c *GRPCClient) NotifyFsEvent(action, username, fsPath, fsTargetPath, sshCmd, protocol string, fileSize int64, status int) error {
+	ctx, cancel := context.WithTimeout(context.Background(), rpcTimeout)
+	defer cancel()
+
+	_, err := c.client.SendFsEvent(ctx, &proto.FsEvent{
+		Timestamp:    timestamppb.New(time.Now()),
+		Action:       action,
+		Username:     username,
+		FsPath:       fsPath,
+		FsTargetPath: fsTargetPath,
+		SshCmd:       sshCmd,
+		FileSize:     fileSize,
+		Protocol:     protocol,
+		Status:       int32(status),
+	})
+
+	return err
+}
+
+// NotifyUserEvent implements the Notifier interface
+func (c *GRPCClient) NotifyUserEvent(action string, user []byte) error {
+	ctx, cancel := context.WithTimeout(context.Background(), rpcTimeout)
+	defer cancel()
+
+	_, err := c.client.SendUserEvent(ctx, &proto.UserEvent{
+		Timestamp: timestamppb.New(time.Now()),
+		Action:    action,
+		User:      user,
+	})
+
+	return err
+}
+
+// GRPCServer defines the gRPC server that GRPCClient talks to.
+type GRPCServer struct {
+	Impl Notifier
+}
+
+// SendFsEvent implements the serve side fs notify method
+func (s *GRPCServer) SendFsEvent(ctx context.Context, req *proto.FsEvent) (*emptypb.Empty, error) {
+	err := s.Impl.NotifyFsEvent(req.Action, req.Username, req.FsPath, req.FsTargetPath, req.SshCmd,
+		req.Protocol, req.FileSize, int(req.Status))
+	return &emptypb.Empty{}, err
+}
+
+// SendUserEvent implements the serve side user notify method
+func (s *GRPCServer) SendUserEvent(ctx context.Context, req *proto.UserEvent) (*emptypb.Empty, error) {
+	err := s.Impl.NotifyUserEvent(req.Action, req.User)
+	return &emptypb.Empty{}, err
+}

sdk/plugin/notifier/notifier.go

@@ -0,0 +1,57 @@
+// Package notifier defines the implementation for event notifier plugin.
+// Notifier plugins allow to receive filesystem events such as file uploads,
+// downloads etc. and user events such as add, update, delete.
+package notifier
+
+import (
+	"context"
+
+	"github.com/hashicorp/go-plugin"
+	"google.golang.org/grpc"
+
+	"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier/proto"
+)
+
+const (
+	// PluginName defines the name for a notifier plugin
+	PluginName = "notifier"
+)
+
+// Handshake is a common handshake that is shared by plugin and host.
+var Handshake = plugin.HandshakeConfig{
+	ProtocolVersion:  1,
+	MagicCookieKey:   "SFTPGO_NOTIFIER_PLUGIN",
+	MagicCookieValue: "c499b98b-cd59-4df2-92b3-6268817f4d80",
+}
+
+// PluginMap is the map of plugins we can dispense.
+var PluginMap = map[string]plugin.Plugin{
+	PluginName: &Plugin{},
+}
+
+// Notifier defines the interface for notifiers plugins
+type Notifier interface {
+	NotifyFsEvent(action, username, fsPath, fsTargetPath, sshCmd, protocol string, fileSize int64, status int) error
+	NotifyUserEvent(action string, user []byte) error
+}
+
+// Plugin defines the implementation to serve/connect to a notifier plugin
+type Plugin struct {
+	plugin.Plugin
+	Impl Notifier
+}
+
+// GRPCServer defines the GRPC server implementation for this plugin
+func (p *Plugin) GRPCServer(broker *plugin.GRPCBroker, s *grpc.Server) error {
+	proto.RegisterNotifierServer(s, &GRPCServer{
+		Impl: p.Impl,
+	})
+	return nil
+}
+
+// GRPCClient defines the GRPC client implementation for this plugin
+func (p *Plugin) GRPCClient(ctx context.Context, broker *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) {
+	return &GRPCClient{
+		client: proto.NewNotifierClient(c),
+	}, nil
+}

sdk/plugin/notifier/proto/notifier.pb.go

@@ -0,0 +1,448 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.26.0
+// 	protoc        v3.17.3
+// source: notifier/proto/notifier.proto
+
+package proto
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	emptypb "google.golang.org/protobuf/types/known/emptypb"
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type FsEvent struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Timestamp    *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
+	Action       string                 `protobuf:"bytes,2,opt,name=action,proto3" json:"action,omitempty"`
+	Username     string                 `protobuf:"bytes,3,opt,name=username,proto3" json:"username,omitempty"`
+	FsPath       string                 `protobuf:"bytes,4,opt,name=fs_path,json=fsPath,proto3" json:"fs_path,omitempty"`
+	FsTargetPath string                 `protobuf:"bytes,5,opt,name=fs_target_path,json=fsTargetPath,proto3" json:"fs_target_path,omitempty"`
+	SshCmd       string                 `protobuf:"bytes,6,opt,name=ssh_cmd,json=sshCmd,proto3" json:"ssh_cmd,omitempty"`
+	FileSize     int64                  `protobuf:"varint,7,opt,name=file_size,json=fileSize,proto3" json:"file_size,omitempty"`
+	Protocol     string                 `protobuf:"bytes,8,opt,name=protocol,proto3" json:"protocol,omitempty"`
+	Status       int32                  `protobuf:"varint,9,opt,name=status,proto3" json:"status,omitempty"`
+}
+
+func (x *FsEvent) Reset() {
+	*x = FsEvent{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_notifier_proto_notifier_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FsEvent) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FsEvent) ProtoMessage() {}
+
+func (x *FsEvent) ProtoReflect() protoreflect.Message {
+	mi := &file_notifier_proto_notifier_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FsEvent.ProtoReflect.Descriptor instead.
+func (*FsEvent) Descriptor() ([]byte, []int) {
+	return file_notifier_proto_notifier_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *FsEvent) GetTimestamp() *timestamppb.Timestamp {
+	if x != nil {
+		return x.Timestamp
+	}
+	return nil
+}
+
+func (x *FsEvent) GetAction() string {
+	if x != nil {
+		return x.Action
+	}
+	return ""
+}
+
+func (x *FsEvent) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *FsEvent) GetFsPath() string {
+	if x != nil {
+		return x.FsPath
+	}
+	return ""
+}
+
+func (x *FsEvent) GetFsTargetPath() string {
+	if x != nil {
+		return x.FsTargetPath
+	}
+	return ""
+}
+
+func (x *FsEvent) GetSshCmd() string {
+	if x != nil {
+		return x.SshCmd
+	}
+	return ""
+}
+
+func (x *FsEvent) GetFileSize() int64 {
+	if x != nil {
+		return x.FileSize
+	}
+	return 0
+}
+
+func (x *FsEvent) GetProtocol() string {
+	if x != nil {
+		return x.Protocol
+	}
+	return ""
+}
+
+func (x *FsEvent) GetStatus() int32 {
+	if x != nil {
+		return x.Status
+	}
+	return 0
+}
+
+type UserEvent struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Timestamp *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
+	Action    string                 `protobuf:"bytes,2,opt,name=action,proto3" json:"action,omitempty"`
+	User      []byte                 `protobuf:"bytes,3,opt,name=user,proto3" json:"user,omitempty"` // SFTPGo user json serialized
+}
+
+func (x *UserEvent) Reset() {
+	*x = UserEvent{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_notifier_proto_notifier_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UserEvent) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UserEvent) ProtoMessage() {}
+
+func (x *UserEvent) ProtoReflect() protoreflect.Message {
+	mi := &file_notifier_proto_notifier_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UserEvent.ProtoReflect.Descriptor instead.
+func (*UserEvent) Descriptor() ([]byte, []int) {
+	return file_notifier_proto_notifier_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *UserEvent) GetTimestamp() *timestamppb.Timestamp {
+	if x != nil {
+		return x.Timestamp
+	}
+	return nil
+}
+
+func (x *UserEvent) GetAction() string {
+	if x != nil {
+		return x.Action
+	}
+	return ""
+}
+
+func (x *UserEvent) GetUser() []byte {
+	if x != nil {
+		return x.User
+	}
+	return nil
+}
+
+var File_notifier_proto_notifier_proto protoreflect.FileDescriptor
+
+var file_notifier_proto_notifier_proto_rawDesc = []byte{
+	0x0a, 0x1d, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2f, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
+	0x05, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d,
+	0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa0, 0x02, 0x0a, 0x07, 0x46, 0x73, 0x45, 0x76, 0x65, 0x6e, 0x74,
+	0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52,
+	0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x61, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x17,
+	0x0a, 0x07, 0x66, 0x73, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x06, 0x66, 0x73, 0x50, 0x61, 0x74, 0x68, 0x12, 0x24, 0x0a, 0x0e, 0x66, 0x73, 0x5f, 0x74, 0x61,
+	0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0c, 0x66, 0x73, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x12, 0x17, 0x0a,
+	0x07, 0x73, 0x73, 0x68, 0x5f, 0x63, 0x6d, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
+	0x73, 0x73, 0x68, 0x43, 0x6d, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x73,
+	0x69, 0x7a, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x53,
+	0x69, 0x7a, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18,
+	0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12,
+	0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52,
+	0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x71, 0x0a, 0x09, 0x55, 0x73, 0x65, 0x72, 0x45,
+	0x76, 0x65, 0x6e, 0x74, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d,
+	0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74,
+	0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x16,
+	0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
+	0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x73, 0x65, 0x72, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x75, 0x73, 0x65, 0x72, 0x32, 0x7c, 0x0a, 0x08, 0x4e, 0x6f,
+	0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x35, 0x0a, 0x0b, 0x53, 0x65, 0x6e, 0x64, 0x46, 0x73,
+	0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x0e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x46, 0x73,
+	0x45, 0x76, 0x65, 0x6e, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x39, 0x0a,
+	0x0d, 0x53, 0x65, 0x6e, 0x64, 0x55, 0x73, 0x65, 0x72, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x10,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x45, 0x76, 0x65, 0x6e, 0x74,
+	0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x42, 0x1b, 0x5a, 0x19, 0x73, 0x64, 0x6b, 0x2f,
+	0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_notifier_proto_notifier_proto_rawDescOnce sync.Once
+	file_notifier_proto_notifier_proto_rawDescData = file_notifier_proto_notifier_proto_rawDesc
+)
+
+func file_notifier_proto_notifier_proto_rawDescGZIP() []byte {
+	file_notifier_proto_notifier_proto_rawDescOnce.Do(func() {
+		file_notifier_proto_notifier_proto_rawDescData = protoimpl.X.CompressGZIP(file_notifier_proto_notifier_proto_rawDescData)
+	})
+	return file_notifier_proto_notifier_proto_rawDescData
+}
+
+var file_notifier_proto_notifier_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_notifier_proto_notifier_proto_goTypes = []interface{}{
+	(*FsEvent)(nil),               // 0: proto.FsEvent
+	(*UserEvent)(nil),             // 1: proto.UserEvent
+	(*timestamppb.Timestamp)(nil), // 2: google.protobuf.Timestamp
+	(*emptypb.Empty)(nil),         // 3: google.protobuf.Empty
+}
+var file_notifier_proto_notifier_proto_depIdxs = []int32{
+	2, // 0: proto.FsEvent.timestamp:type_name -> google.protobuf.Timestamp
+	2, // 1: proto.UserEvent.timestamp:type_name -> google.protobuf.Timestamp
+	0, // 2: proto.Notifier.SendFsEvent:input_type -> proto.FsEvent
+	1, // 3: proto.Notifier.SendUserEvent:input_type -> proto.UserEvent
+	3, // 4: proto.Notifier.SendFsEvent:output_type -> google.protobuf.Empty
+	3, // 5: proto.Notifier.SendUserEvent:output_type -> google.protobuf.Empty
+	4, // [4:6] is the sub-list for method output_type
+	2, // [2:4] is the sub-list for method input_type
+	2, // [2:2] is the sub-list for extension type_name
+	2, // [2:2] is the sub-list for extension extendee
+	0, // [0:2] is the sub-list for field type_name
+}
+
+func init() { file_notifier_proto_notifier_proto_init() }
+func file_notifier_proto_notifier_proto_init() {
+	if File_notifier_proto_notifier_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_notifier_proto_notifier_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FsEvent); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_notifier_proto_notifier_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*UserEvent); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_notifier_proto_notifier_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_notifier_proto_notifier_proto_goTypes,
+		DependencyIndexes: file_notifier_proto_notifier_proto_depIdxs,
+		MessageInfos:      file_notifier_proto_notifier_proto_msgTypes,
+	}.Build()
+	File_notifier_proto_notifier_proto = out.File
+	file_notifier_proto_notifier_proto_rawDesc = nil
+	file_notifier_proto_notifier_proto_goTypes = nil
+	file_notifier_proto_notifier_proto_depIdxs = nil
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConnInterface
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion6
+
+// NotifierClient is the client API for Notifier service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type NotifierClient interface {
+	SendFsEvent(ctx context.Context, in *FsEvent, opts ...grpc.CallOption) (*emptypb.Empty, error)
+	SendUserEvent(ctx context.Context, in *UserEvent, opts ...grpc.CallOption) (*emptypb.Empty, error)
+}
+
+type notifierClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewNotifierClient(cc grpc.ClientConnInterface) NotifierClient {
+	return &notifierClient{cc}
+}
+
+func (c *notifierClient) SendFsEvent(ctx context.Context, in *FsEvent, opts ...grpc.CallOption) (*emptypb.Empty, error) {
+	out := new(emptypb.Empty)
+	err := c.cc.Invoke(ctx, "/proto.Notifier/SendFsEvent", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *notifierClient) SendUserEvent(ctx context.Context, in *UserEvent, opts ...grpc.CallOption) (*emptypb.Empty, error) {
+	out := new(emptypb.Empty)
+	err := c.cc.Invoke(ctx, "/proto.Notifier/SendUserEvent", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// NotifierServer is the server API for Notifier service.
+type NotifierServer interface {
+	SendFsEvent(context.Context, *FsEvent) (*emptypb.Empty, error)
+	SendUserEvent(context.Context, *UserEvent) (*emptypb.Empty, error)
+}
+
+// UnimplementedNotifierServer can be embedded to have forward compatible implementations.
+type UnimplementedNotifierServer struct {
+}
+
+func (*UnimplementedNotifierServer) SendFsEvent(context.Context, *FsEvent) (*emptypb.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method SendFsEvent not implemented")
+}
+func (*UnimplementedNotifierServer) SendUserEvent(context.Context, *UserEvent) (*emptypb.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method SendUserEvent not implemented")
+}
+
+func RegisterNotifierServer(s *grpc.Server, srv NotifierServer) {
+	s.RegisterService(&_Notifier_serviceDesc, srv)
+}
+
+func _Notifier_SendFsEvent_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(FsEvent)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(NotifierServer).SendFsEvent(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/proto.Notifier/SendFsEvent",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(NotifierServer).SendFsEvent(ctx, req.(*FsEvent))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Notifier_SendUserEvent_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UserEvent)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(NotifierServer).SendUserEvent(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/proto.Notifier/SendUserEvent",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(NotifierServer).SendUserEvent(ctx, req.(*UserEvent))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+var _Notifier_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "proto.Notifier",
+	HandlerType: (*NotifierServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "SendFsEvent",
+			Handler:    _Notifier_SendFsEvent_Handler,
+		},
+		{
+			MethodName: "SendUserEvent",
+			Handler:    _Notifier_SendUserEvent_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "notifier/proto/notifier.proto",
+}

sdk/plugin/notifier/proto/notifier.proto

@@ -0,0 +1,30 @@
+syntax = "proto3";
+package proto;
+
+import "google/protobuf/timestamp.proto";
+import "google/protobuf/empty.proto";
+
+option go_package = "sdk/plugin/notifier/proto";
+
+message FsEvent {
+    google.protobuf.Timestamp timestamp = 1;
+    string action = 2;
+    string username = 3;
+    string fs_path = 4;
+    string fs_target_path = 5;
+    string ssh_cmd = 6;
+    int64 file_size =  7;
+    string protocol = 8;
+    int32 status = 9;
+}
+
+message UserEvent {
+    google.protobuf.Timestamp timestamp = 1;
+    string action = 2;
+    bytes user = 3; // SFTPGo user json serialized
+}
+
+service Notifier {
+    rpc SendFsEvent(FsEvent) returns (google.protobuf.Empty);
+    rpc SendUserEvent(UserEvent) returns (google.protobuf.Empty);
+}

sdk/plugin/plugin.go

@@ -0,0 +1,166 @@
+// Package plugin provides support for the SFTPGo plugin system
+package plugin
+
+import (
+	"fmt"
+	"sync"
+
+	"github.com/hashicorp/go-hclog"
+
+	"github.com/drakkan/sftpgo/v2/logger"
+	"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
+)
+
+const (
+	logSender = "plugins"
+)
+
+var (
+	// Handler defines the plugins manager
+	Handler         Manager
+	pluginsLogLevel = hclog.Debug
+)
+
+// Renderer defines the interface for generic objects rendering
+type Renderer interface {
+	RenderAsJSON(reload bool) ([]byte, error)
+}
+
+// Config defines a plugin configuration
+type Config struct {
+	// Plugin type
+	Type string `json:"type" mapstructure:"type"`
+	// NotifierOptions defines additional options for notifiers plugins
+	NotifierOptions NotifierConfig `json:"notifier_options" mapstructure:"notifier_options"`
+	// Path to the plugin executable
+	Cmd string `json:"cmd" mapstructure:"cmd"`
+	// Args to pass to the plugin executable
+	Args []string `json:"args" mapstructure:"args"`
+	// SHA256 checksum for the plugin executable.
+	// If not empty it will be used to verify the integrity of the executable
+	SHA256Sum string `json:"sha256sum" mapstructure:"sha256sum"`
+	// If enabled the client and the server automatically negotiate mTLS for
+	// transport authentication. This ensures that only the original client will
+	// be allowed to connect to the server, and all other connections will be
+	// rejected. The client will also refuse to connect to any server that isn't
+	// the original instance started by the client.
+	AutoMTLS bool `json:"auto_mtls" mapstructure:"auto_mtls"`
+}
+
+// Manager handles enabled plugins
+type Manager struct {
+	// List of configured plugins
+	Configs   []Config `json:"plugins" mapstructure:"plugins"`
+	mu        sync.RWMutex
+	notifiers []*notifierPlugin
+}
+
+// Initialize initializes the configured plugins
+func Initialize(configs []Config, logVerbose bool) error {
+	Handler = Manager{
+		Configs: configs,
+	}
+
+	if logVerbose {
+		pluginsLogLevel = hclog.Debug
+	} else {
+		pluginsLogLevel = hclog.Info
+	}
+
+	for _, config := range configs {
+		switch config.Type {
+		case notifier.PluginName:
+			plugin, err := newNotifierPlugin(config)
+			if err != nil {
+				return err
+			}
+			Handler.notifiers = append(Handler.notifiers, plugin)
+		default:
+			return fmt.Errorf("unsupported plugin type: %v", config.Type)
+		}
+	}
+	return nil
+}
+
+// NotifyFsEvent sends the fs event notifications using any defined notifier plugins
+func (m *Manager) NotifyFsEvent(action, username, fsPath, fsTargetPath, sshCmd, protocol string, fileSize int64, err error) {
+	m.mu.RLock()
+
+	var crashedIdxs []int
+	for idx, n := range m.notifiers {
+		if n.exited() {
+			crashedIdxs = append(crashedIdxs, idx)
+		} else {
+			n.notifyFsAction(action, username, fsPath, fsTargetPath, sshCmd, protocol, fileSize, err)
+		}
+	}
+
+	m.mu.RUnlock()
+
+	if len(crashedIdxs) > 0 {
+		m.restartCrashedNotifiers(crashedIdxs)
+
+		m.mu.RLock()
+		defer m.mu.RUnlock()
+
+		for idx := range crashedIdxs {
+			if !m.notifiers[idx].exited() {
+				m.notifiers[idx].notifyFsAction(action, username, fsPath, fsTargetPath, sshCmd, protocol, fileSize, err)
+			}
+		}
+	}
+}
+
+// NotifyUserEvent sends the user event notifications using any defined notifier plugins
+func (m *Manager) NotifyUserEvent(action string, user Renderer) {
+	m.mu.RLock()
+
+	var crashedIdxs []int
+	for idx, n := range m.notifiers {
+		if n.exited() {
+			crashedIdxs = append(crashedIdxs, idx)
+		} else {
+			n.notifyUserAction(action, user)
+		}
+	}
+
+	m.mu.RUnlock()
+
+	if len(crashedIdxs) > 0 {
+		m.restartCrashedNotifiers(crashedIdxs)
+
+		m.mu.RLock()
+		defer m.mu.RUnlock()
+
+		for idx := range crashedIdxs {
+			if !m.notifiers[idx].exited() {
+				m.notifiers[idx].notifyUserAction(action, user)
+			}
+		}
+	}
+}
+
+func (m *Manager) restartCrashedNotifiers(crashedIdxs []int) {
+	for _, idx := range crashedIdxs {
+		m.mu.Lock()
+		defer m.mu.Unlock()
+
+		if m.notifiers[idx].exited() {
+			logger.Info(logSender, "", "try to restart crashed plugin %v", m.Configs[idx].Cmd)
+			plugin, err := newNotifierPlugin(m.Configs[idx])
+			if err == nil {
+				m.notifiers[idx] = plugin
+			} else {
+				logger.Warn(logSender, "", "plugin %v crashed and restart failed: %v", m.Configs[idx].Cmd, err)
+			}
+		}
+	}
+}
+
+// Cleanup releases all the active plugins
+func (m *Manager) Cleanup() {
+	for _, n := range m.notifiers {
+		logger.Debug(logSender, "", "cleanup plugin %v", n.config.Cmd)
+		n.cleanup()
+	}
+}

sdk/plugin/util.go

@@ -0,0 +1,25 @@
+package plugin
+
+import (
+	"github.com/shirou/gopsutil/v3/process"
+
+	"github.com/drakkan/sftpgo/v2/logger"
+)
+
+func killProcess(processPath string) {
+	procs, err := process.Processes()
+	if err != nil {
+		return
+	}
+	for _, p := range procs {
+		cmdLine, err := p.Exe()
+		if err == nil {
+			if cmdLine == processPath {
+				err = p.Kill()
+				logger.Debug(logSender, "", "killed process %v, pid %v, err %v", cmdLine, p.Pid, err)
+				return
+			}
+		}
+	}
+	logger.Debug(logSender, "", "no match for plugin process %v", processPath)
+}

sdk/sdk.go

@@ -0,0 +1,2 @@
+// Package sdk provides SFTPGo data structures primarily intended for use within plugins
+package sdk

sdk/user.go

@@ -0,0 +1,181 @@
+package sdk
+
+import (
+	"strings"
+
+	"github.com/drakkan/sftpgo/v2/util"
+)
+
+// Web Client restrictions
+const (
+	WebClientPubKeyChangeDisabled = "publickey-change-disabled"
+)
+
+var (
+	// WebClientOptions defines the available options for the web client interface
+	WebClientOptions = []string{WebClientPubKeyChangeDisabled}
+)
+
+// TLSUsername defines the TLS certificate attribute to use as username
+type TLSUsername string
+
+// Supported certificate attributes to use as username
+const (
+	TLSUsernameNone TLSUsername = "None"
+	TLSUsernameCN   TLSUsername = "CommonName"
+)
+
+// DirectoryPermissions defines permissions for a directory virtual path
+type DirectoryPermissions struct {
+	Path        string
+	Permissions []string
+}
+
+// HasPerm returns true if the directory has the specified permissions
+func (d *DirectoryPermissions) HasPerm(perm string) bool {
+	return util.IsStringInSlice(perm, d.Permissions)
+}
+
+// PatternsFilter defines filters based on shell like patterns.
+// These restrictions do not apply to files listing for performance reasons, so
+// a denied file cannot be downloaded/overwritten/renamed but will still be
+// in the list of files.
+// System commands such as Git and rsync interacts with the filesystem directly
+// and they are not aware about these restrictions so they are not allowed
+// inside paths with extensions filters
+type PatternsFilter struct {
+	// Virtual path, if no other specific filter is defined, the filter apply for
+	// sub directories too.
+	// For example if filters are defined for the paths "/" and "/sub" then the
+	// filters for "/" are applied for any file outside the "/sub" directory
+	Path string `json:"path"`
+	// files with these, case insensitive, patterns are allowed.
+	// Denied file patterns are evaluated before the allowed ones
+	AllowedPatterns []string `json:"allowed_patterns,omitempty"`
+	// files with these, case insensitive, patterns are not allowed.
+	// Denied file patterns are evaluated before the allowed ones
+	DeniedPatterns []string `json:"denied_patterns,omitempty"`
+}
+
+// GetCommaSeparatedPatterns returns the first non empty patterns list comma separated
+func (p *PatternsFilter) GetCommaSeparatedPatterns() string {
+	if len(p.DeniedPatterns) > 0 {
+		return strings.Join(p.DeniedPatterns, ",")
+	}
+	return strings.Join(p.AllowedPatterns, ",")
+}
+
+// IsDenied returns true if the patterns has one or more denied patterns
+func (p *PatternsFilter) IsDenied() bool {
+	return len(p.DeniedPatterns) > 0
+}
+
+// IsAllowed returns true if the patterns has one or more allowed patterns
+func (p *PatternsFilter) IsAllowed() bool {
+	return len(p.AllowedPatterns) > 0
+}
+
+// HooksFilter defines user specific overrides for global hooks
+type HooksFilter struct {
+	ExternalAuthDisabled  bool `json:"external_auth_disabled"`
+	PreLoginDisabled      bool `json:"pre_login_disabled"`
+	CheckPasswordDisabled bool `json:"check_password_disabled"`
+}
+
+// UserFilters defines additional restrictions for a user
+// TODO: rename to UserOptions in v3
+type UserFilters struct {
+	// only clients connecting from these IP/Mask are allowed.
+	// IP/Mask must be in CIDR notation as defined in RFC 4632 and RFC 4291
+	// for example "192.0.2.0/24" or "2001:db8::/32"
+	AllowedIP []string `json:"allowed_ip,omitempty"`
+	// clients connecting from these IP/Mask are not allowed.
+	// Denied rules will be evaluated before allowed ones
+	DeniedIP []string `json:"denied_ip,omitempty"`
+	// these login methods are not allowed.
+	// If null or empty any available login method is allowed
+	DeniedLoginMethods []string `json:"denied_login_methods,omitempty"`
+	// these protocols are not allowed.
+	// If null or empty any available protocol is allowed
+	DeniedProtocols []string `json:"denied_protocols,omitempty"`
+	// filter based on shell patterns.
+	// Please note that these restrictions can be easily bypassed.
+	FilePatterns []PatternsFilter `json:"file_patterns,omitempty"`
+	// max size allowed for a single upload, 0 means unlimited
+	MaxUploadFileSize int64 `json:"max_upload_file_size,omitempty"`
+	// TLS certificate attribute to use as username.
+	// For FTP clients it must match the name provided using the
+	// "USER" command
+	TLSUsername TLSUsername `json:"tls_username,omitempty"`
+	// user specific hook overrides
+	Hooks HooksFilter `json:"hooks,omitempty"`
+	// Disable checks for existence and automatic creation of home directory
+	// and virtual folders.
+	// SFTPGo requires that the user's home directory, virtual folder root,
+	// and intermediate paths to virtual folders exist to work properly.
+	// If you already know that the required directories exist, disabling
+	// these checks will speed up login.
+	// You could, for example, disable these checks after the first login
+	DisableFsChecks bool `json:"disable_fs_checks,omitempty"`
+	// WebClient related configuration options
+	WebClient []string `json:"web_client,omitempty"`
+}
+
+type BaseUser struct {
+	// Data provider unique identifier
+	ID int64 `json:"id"`
+	// 1 enabled, 0 disabled (login is not allowed)
+	Status int `json:"status"`
+	// Username
+	Username string `json:"username"`
+	// Account expiration date as unix timestamp in milliseconds. An expired account cannot login.
+	// 0 means no expiration
+	ExpirationDate int64 `json:"expiration_date"`
+	// Password used for password authentication.
+	// For users created using SFTPGo REST API the password is be stored using bcrypt or argon2id hashing algo.
+	// Checking passwords stored with pbkdf2, md5crypt and sha512crypt is supported too.
+	Password string `json:"password,omitempty"`
+	// PublicKeys used for public key authentication. At least one between password and a public key is mandatory
+	PublicKeys []string `json:"public_keys,omitempty"`
+	// The user cannot upload or download files outside this directory. Must be an absolute path
+	HomeDir string `json:"home_dir"`
+	// If sftpgo runs as root system user then the created files and directories will be assigned to this system UID
+	UID int `json:"uid"`
+	// If sftpgo runs as root system user then the created files and directories will be assigned to this system GID
+	GID int `json:"gid"`
+	// Maximum concurrent sessions. 0 means unlimited
+	MaxSessions int `json:"max_sessions"`
+	// Maximum size allowed as bytes. 0 means unlimited
+	QuotaSize int64 `json:"quota_size"`
+	// Maximum number of files allowed. 0 means unlimited
+	QuotaFiles int `json:"quota_files"`
+	// List of the granted permissions
+	Permissions map[string][]string `json:"permissions"`
+	// Used quota as bytes
+	UsedQuotaSize int64 `json:"used_quota_size"`
+	// Used quota as number of files
+	UsedQuotaFiles int `json:"used_quota_files"`
+	// Last quota update as unix timestamp in milliseconds
+	LastQuotaUpdate int64 `json:"last_quota_update"`
+	// Maximum upload bandwidth as KB/s, 0 means unlimited
+	UploadBandwidth int64 `json:"upload_bandwidth"`
+	// Maximum download bandwidth as KB/s, 0 means unlimited
+	DownloadBandwidth int64 `json:"download_bandwidth"`
+	// Last login as unix timestamp in milliseconds
+	LastLogin int64 `json:"last_login"`
+	// Additional restrictions
+	Filters UserFilters `json:"filters"`
+	// optional description, for example full name
+	Description string `json:"description,omitempty"`
+	// free form text field for external systems
+	AdditionalInfo string `json:"additional_info,omitempty"`
+}
+
+// User defines a SFTPGo user
+type User struct {
+	BaseUser
+	// Mapping between virtual paths and virtual folders
+	VirtualFolders []VirtualFolder `json:"virtual_folders,omitempty"`
+	// Filesystem configuration details
+	FsConfig Filesystem `json:"filesystem"`
+}