add experimental plugin system

sdk/plugin/mkproto.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+protoc notifier/proto/notifier.proto --go_out=plugins=grpc:../.. --go_out=../../..
+
+

sdk/plugin/notifier.go

@@ -0,0 +1,135 @@
+package plugin
+
+import (
+	"crypto/sha256"
+	"fmt"
+	"os/exec"
+
+	"github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/go-plugin"
+
+	"github.com/drakkan/sftpgo/v2/logger"
+	"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
+	"github.com/drakkan/sftpgo/v2/util"
+)
+
+// NotifierConfig defines configuration parameters for notifiers plugins
+type NotifierConfig struct {
+	FsEvents   []string `json:"fs_events" mapstructure:"fs_events"`
+	UserEvents []string `json:"user_events" mapstructure:"user_events"`
+}
+
+func (c *NotifierConfig) hasActions() bool {
+	if len(c.FsEvents) > 0 {
+		return true
+	}
+	if len(c.UserEvents) > 0 {
+		return true
+	}
+	return false
+}
+
+type notifierPlugin struct {
+	config   Config
+	notifier notifier.Notifier
+	client   *plugin.Client
+}
+
+func newNotifierPlugin(config Config) (*notifierPlugin, error) {
+	p := &notifierPlugin{
+		config: config,
+	}
+	if err := p.initialize(); err != nil {
+		logger.Warn(logSender, "", "unable to create notifier plugin: %v, config %v", err, config)
+		return nil, err
+	}
+	return p, nil
+}
+
+func (p *notifierPlugin) exited() bool {
+	return p.client.Exited()
+}
+
+func (p *notifierPlugin) cleanup() {
+	p.client.Kill()
+}
+
+func (p *notifierPlugin) initialize() error {
+	killProcess(p.config.Cmd)
+	logger.Debug(logSender, "", "create new plugin %v", p.config.Cmd)
+	if !p.config.NotifierOptions.hasActions() {
+		return fmt.Errorf("no actions defined for the notifier plugin %v", p.config.Cmd)
+	}
+	var secureConfig *plugin.SecureConfig
+	if p.config.SHA256Sum != "" {
+		secureConfig.Checksum = []byte(p.config.SHA256Sum)
+		secureConfig.Hash = sha256.New()
+	}
+	client := plugin.NewClient(&plugin.ClientConfig{
+		HandshakeConfig: notifier.Handshake,
+		Plugins:         notifier.PluginMap,
+		Cmd:             exec.Command(p.config.Cmd, p.config.Args...),
+		AllowedProtocols: []plugin.Protocol{
+			plugin.ProtocolGRPC,
+		},
+		AutoMTLS:     p.config.AutoMTLS,
+		SecureConfig: secureConfig,
+		Managed:      false,
+		Logger: &logger.HCLogAdapter{
+			Logger: hclog.New(&hclog.LoggerOptions{
+				Name:        fmt.Sprintf("%v.%v", logSender, notifier.PluginName),
+				Level:       pluginsLogLevel,
+				DisableTime: true,
+			}),
+		},
+	})
+	rpcClient, err := client.Client()
+	if err != nil {
+		logger.Debug(logSender, "", "unable to get rpc client for plugin %v: %v", p.config.Cmd, err)
+		return err
+	}
+	raw, err := rpcClient.Dispense(notifier.PluginName)
+	if err != nil {
+		logger.Debug(logSender, "", "unable to get plugin %v from rpc client for plugin %v: %v",
+			notifier.PluginName, p.config.Cmd, err)
+		return err
+	}
+
+	p.client = client
+	p.notifier = raw.(notifier.Notifier)
+
+	return nil
+}
+
+func (p *notifierPlugin) notifyFsAction(action, username, fsPath, fsTargetPath, sshCmd, protocol string, fileSize int64, errAction error) {
+	if !util.IsStringInSlice(action, p.config.NotifierOptions.FsEvents) {
+		return
+	}
+
+	go func() {
+		status := 1
+		if errAction != nil {
+			status = 0
+		}
+		if err := p.notifier.NotifyFsEvent(action, username, fsPath, fsTargetPath, sshCmd, protocol, fileSize, status); err != nil {
+			logger.Warn(logSender, "", "unable to send fs action notification to plugin %v: %v", p.config.Cmd, err)
+		}
+	}()
+}
+
+func (p *notifierPlugin) notifyUserAction(action string, user Renderer) {
+	if !util.IsStringInSlice(action, p.config.NotifierOptions.UserEvents) {
+		return
+	}
+
+	go func() {
+		userAsJSON, err := user.RenderAsJSON(action != "delete")
+		if err != nil {
+			logger.Warn(logSender, "", "unable to render user as json for action %v: %v", action, err)
+			return
+		}
+		if err := p.notifier.NotifyUserEvent(action, userAsJSON); err != nil {
+			logger.Warn(logSender, "", "unable to send user action notification to plugin %v: %v", p.config.Cmd, err)
+		}
+	}()
+}

sdk/plugin/notifier/grpc.go

@@ -0,0 +1,72 @@
+package notifier
+
+import (
+	"context"
+	"time"
+
+	"google.golang.org/protobuf/types/known/emptypb"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier/proto"
+)
+
+const (
+	rpcTimeout = 20 * time.Second
+)
+
+// GRPCClient is an implementation of Notifier interface that talks over RPC.
+type GRPCClient struct {
+	client proto.NotifierClient
+}
+
+// NotifyFsEvent implements the Notifier interface
+func (c *GRPCClient) NotifyFsEvent(action, username, fsPath, fsTargetPath, sshCmd, protocol string, fileSize int64, status int) error {
+	ctx, cancel := context.WithTimeout(context.Background(), rpcTimeout)
+	defer cancel()
+
+	_, err := c.client.SendFsEvent(ctx, &proto.FsEvent{
+		Timestamp:    timestamppb.New(time.Now()),
+		Action:       action,
+		Username:     username,
+		FsPath:       fsPath,
+		FsTargetPath: fsTargetPath,
+		SshCmd:       sshCmd,
+		FileSize:     fileSize,
+		Protocol:     protocol,
+		Status:       int32(status),
+	})
+
+	return err
+}
+
+// NotifyUserEvent implements the Notifier interface
+func (c *GRPCClient) NotifyUserEvent(action string, user []byte) error {
+	ctx, cancel := context.WithTimeout(context.Background(), rpcTimeout)
+	defer cancel()
+
+	_, err := c.client.SendUserEvent(ctx, &proto.UserEvent{
+		Timestamp: timestamppb.New(time.Now()),
+		Action:    action,
+		User:      user,
+	})
+
+	return err
+}
+
+// GRPCServer defines the gRPC server that GRPCClient talks to.
+type GRPCServer struct {
+	Impl Notifier
+}
+
+// SendFsEvent implements the serve side fs notify method
+func (s *GRPCServer) SendFsEvent(ctx context.Context, req *proto.FsEvent) (*emptypb.Empty, error) {
+	err := s.Impl.NotifyFsEvent(req.Action, req.Username, req.FsPath, req.FsTargetPath, req.SshCmd,
+		req.Protocol, req.FileSize, int(req.Status))
+	return &emptypb.Empty{}, err
+}
+
+// SendUserEvent implements the serve side user notify method
+func (s *GRPCServer) SendUserEvent(ctx context.Context, req *proto.UserEvent) (*emptypb.Empty, error) {
+	err := s.Impl.NotifyUserEvent(req.Action, req.User)
+	return &emptypb.Empty{}, err
+}

sdk/plugin/notifier/notifier.go

@@ -0,0 +1,57 @@
+// Package notifier defines the implementation for event notifier plugin.
+// Notifier plugins allow to receive filesystem events such as file uploads,
+// downloads etc. and user events such as add, update, delete.
+package notifier
+
+import (
+	"context"
+
+	"github.com/hashicorp/go-plugin"
+	"google.golang.org/grpc"
+
+	"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier/proto"
+)
+
+const (
+	// PluginName defines the name for a notifier plugin
+	PluginName = "notifier"
+)
+
+// Handshake is a common handshake that is shared by plugin and host.
+var Handshake = plugin.HandshakeConfig{
+	ProtocolVersion:  1,
+	MagicCookieKey:   "SFTPGO_NOTIFIER_PLUGIN",
+	MagicCookieValue: "c499b98b-cd59-4df2-92b3-6268817f4d80",
+}
+
+// PluginMap is the map of plugins we can dispense.
+var PluginMap = map[string]plugin.Plugin{
+	PluginName: &Plugin{},
+}
+
+// Notifier defines the interface for notifiers plugins
+type Notifier interface {
+	NotifyFsEvent(action, username, fsPath, fsTargetPath, sshCmd, protocol string, fileSize int64, status int) error
+	NotifyUserEvent(action string, user []byte) error
+}
+
+// Plugin defines the implementation to serve/connect to a notifier plugin
+type Plugin struct {
+	plugin.Plugin
+	Impl Notifier
+}
+
+// GRPCServer defines the GRPC server implementation for this plugin
+func (p *Plugin) GRPCServer(broker *plugin.GRPCBroker, s *grpc.Server) error {
+	proto.RegisterNotifierServer(s, &GRPCServer{
+		Impl: p.Impl,
+	})
+	return nil
+}
+
+// GRPCClient defines the GRPC client implementation for this plugin
+func (p *Plugin) GRPCClient(ctx context.Context, broker *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) {
+	return &GRPCClient{
+		client: proto.NewNotifierClient(c),
+	}, nil
+}

sdk/plugin/notifier/proto/notifier.pb.go

@@ -0,0 +1,448 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.26.0
+// 	protoc        v3.17.3
+// source: notifier/proto/notifier.proto
+
+package proto
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	emptypb "google.golang.org/protobuf/types/known/emptypb"
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type FsEvent struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Timestamp    *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
+	Action       string                 `protobuf:"bytes,2,opt,name=action,proto3" json:"action,omitempty"`
+	Username     string                 `protobuf:"bytes,3,opt,name=username,proto3" json:"username,omitempty"`
+	FsPath       string                 `protobuf:"bytes,4,opt,name=fs_path,json=fsPath,proto3" json:"fs_path,omitempty"`
+	FsTargetPath string                 `protobuf:"bytes,5,opt,name=fs_target_path,json=fsTargetPath,proto3" json:"fs_target_path,omitempty"`
+	SshCmd       string                 `protobuf:"bytes,6,opt,name=ssh_cmd,json=sshCmd,proto3" json:"ssh_cmd,omitempty"`
+	FileSize     int64                  `protobuf:"varint,7,opt,name=file_size,json=fileSize,proto3" json:"file_size,omitempty"`
+	Protocol     string                 `protobuf:"bytes,8,opt,name=protocol,proto3" json:"protocol,omitempty"`
+	Status       int32                  `protobuf:"varint,9,opt,name=status,proto3" json:"status,omitempty"`
+}
+
+func (x *FsEvent) Reset() {
+	*x = FsEvent{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_notifier_proto_notifier_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FsEvent) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FsEvent) ProtoMessage() {}
+
+func (x *FsEvent) ProtoReflect() protoreflect.Message {
+	mi := &file_notifier_proto_notifier_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FsEvent.ProtoReflect.Descriptor instead.
+func (*FsEvent) Descriptor() ([]byte, []int) {
+	return file_notifier_proto_notifier_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *FsEvent) GetTimestamp() *timestamppb.Timestamp {
+	if x != nil {
+		return x.Timestamp
+	}
+	return nil
+}
+
+func (x *FsEvent) GetAction() string {
+	if x != nil {
+		return x.Action
+	}
+	return ""
+}
+
+func (x *FsEvent) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *FsEvent) GetFsPath() string {
+	if x != nil {
+		return x.FsPath
+	}
+	return ""
+}
+
+func (x *FsEvent) GetFsTargetPath() string {
+	if x != nil {
+		return x.FsTargetPath
+	}
+	return ""
+}
+
+func (x *FsEvent) GetSshCmd() string {
+	if x != nil {
+		return x.SshCmd
+	}
+	return ""
+}
+
+func (x *FsEvent) GetFileSize() int64 {
+	if x != nil {
+		return x.FileSize
+	}
+	return 0
+}
+
+func (x *FsEvent) GetProtocol() string {
+	if x != nil {
+		return x.Protocol
+	}
+	return ""
+}
+
+func (x *FsEvent) GetStatus() int32 {
+	if x != nil {
+		return x.Status
+	}
+	return 0
+}
+
+type UserEvent struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Timestamp *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
+	Action    string                 `protobuf:"bytes,2,opt,name=action,proto3" json:"action,omitempty"`
+	User      []byte                 `protobuf:"bytes,3,opt,name=user,proto3" json:"user,omitempty"` // SFTPGo user json serialized
+}
+
+func (x *UserEvent) Reset() {
+	*x = UserEvent{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_notifier_proto_notifier_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UserEvent) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UserEvent) ProtoMessage() {}
+
+func (x *UserEvent) ProtoReflect() protoreflect.Message {
+	mi := &file_notifier_proto_notifier_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UserEvent.ProtoReflect.Descriptor instead.
+func (*UserEvent) Descriptor() ([]byte, []int) {
+	return file_notifier_proto_notifier_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *UserEvent) GetTimestamp() *timestamppb.Timestamp {
+	if x != nil {
+		return x.Timestamp
+	}
+	return nil
+}
+
+func (x *UserEvent) GetAction() string {
+	if x != nil {
+		return x.Action
+	}
+	return ""
+}
+
+func (x *UserEvent) GetUser() []byte {
+	if x != nil {
+		return x.User
+	}
+	return nil
+}
+
+var File_notifier_proto_notifier_proto protoreflect.FileDescriptor
+
+var file_notifier_proto_notifier_proto_rawDesc = []byte{
+	0x0a, 0x1d, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2f, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
+	0x05, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d,
+	0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa0, 0x02, 0x0a, 0x07, 0x46, 0x73, 0x45, 0x76, 0x65, 0x6e, 0x74,
+	0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52,
+	0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x61, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x17,
+	0x0a, 0x07, 0x66, 0x73, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x06, 0x66, 0x73, 0x50, 0x61, 0x74, 0x68, 0x12, 0x24, 0x0a, 0x0e, 0x66, 0x73, 0x5f, 0x74, 0x61,
+	0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0c, 0x66, 0x73, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x12, 0x17, 0x0a,
+	0x07, 0x73, 0x73, 0x68, 0x5f, 0x63, 0x6d, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
+	0x73, 0x73, 0x68, 0x43, 0x6d, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x73,
+	0x69, 0x7a, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x53,
+	0x69, 0x7a, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18,
+	0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12,
+	0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52,
+	0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x71, 0x0a, 0x09, 0x55, 0x73, 0x65, 0x72, 0x45,
+	0x76, 0x65, 0x6e, 0x74, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d,
+	0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74,
+	0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x16,
+	0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
+	0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x73, 0x65, 0x72, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x75, 0x73, 0x65, 0x72, 0x32, 0x7c, 0x0a, 0x08, 0x4e, 0x6f,
+	0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x35, 0x0a, 0x0b, 0x53, 0x65, 0x6e, 0x64, 0x46, 0x73,
+	0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x0e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x46, 0x73,
+	0x45, 0x76, 0x65, 0x6e, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x39, 0x0a,
+	0x0d, 0x53, 0x65, 0x6e, 0x64, 0x55, 0x73, 0x65, 0x72, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x10,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x45, 0x76, 0x65, 0x6e, 0x74,
+	0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x42, 0x1b, 0x5a, 0x19, 0x73, 0x64, 0x6b, 0x2f,
+	0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_notifier_proto_notifier_proto_rawDescOnce sync.Once
+	file_notifier_proto_notifier_proto_rawDescData = file_notifier_proto_notifier_proto_rawDesc
+)
+
+func file_notifier_proto_notifier_proto_rawDescGZIP() []byte {
+	file_notifier_proto_notifier_proto_rawDescOnce.Do(func() {
+		file_notifier_proto_notifier_proto_rawDescData = protoimpl.X.CompressGZIP(file_notifier_proto_notifier_proto_rawDescData)
+	})
+	return file_notifier_proto_notifier_proto_rawDescData
+}
+
+var file_notifier_proto_notifier_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_notifier_proto_notifier_proto_goTypes = []interface{}{
+	(*FsEvent)(nil),               // 0: proto.FsEvent
+	(*UserEvent)(nil),             // 1: proto.UserEvent
+	(*timestamppb.Timestamp)(nil), // 2: google.protobuf.Timestamp
+	(*emptypb.Empty)(nil),         // 3: google.protobuf.Empty
+}
+var file_notifier_proto_notifier_proto_depIdxs = []int32{
+	2, // 0: proto.FsEvent.timestamp:type_name -> google.protobuf.Timestamp
+	2, // 1: proto.UserEvent.timestamp:type_name -> google.protobuf.Timestamp
+	0, // 2: proto.Notifier.SendFsEvent:input_type -> proto.FsEvent
+	1, // 3: proto.Notifier.SendUserEvent:input_type -> proto.UserEvent
+	3, // 4: proto.Notifier.SendFsEvent:output_type -> google.protobuf.Empty
+	3, // 5: proto.Notifier.SendUserEvent:output_type -> google.protobuf.Empty
+	4, // [4:6] is the sub-list for method output_type
+	2, // [2:4] is the sub-list for method input_type
+	2, // [2:2] is the sub-list for extension type_name
+	2, // [2:2] is the sub-list for extension extendee
+	0, // [0:2] is the sub-list for field type_name
+}
+
+func init() { file_notifier_proto_notifier_proto_init() }
+func file_notifier_proto_notifier_proto_init() {
+	if File_notifier_proto_notifier_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_notifier_proto_notifier_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FsEvent); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_notifier_proto_notifier_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*UserEvent); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_notifier_proto_notifier_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_notifier_proto_notifier_proto_goTypes,
+		DependencyIndexes: file_notifier_proto_notifier_proto_depIdxs,
+		MessageInfos:      file_notifier_proto_notifier_proto_msgTypes,
+	}.Build()
+	File_notifier_proto_notifier_proto = out.File
+	file_notifier_proto_notifier_proto_rawDesc = nil
+	file_notifier_proto_notifier_proto_goTypes = nil
+	file_notifier_proto_notifier_proto_depIdxs = nil
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConnInterface
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion6
+
+// NotifierClient is the client API for Notifier service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type NotifierClient interface {
+	SendFsEvent(ctx context.Context, in *FsEvent, opts ...grpc.CallOption) (*emptypb.Empty, error)
+	SendUserEvent(ctx context.Context, in *UserEvent, opts ...grpc.CallOption) (*emptypb.Empty, error)
+}
+
+type notifierClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewNotifierClient(cc grpc.ClientConnInterface) NotifierClient {
+	return &notifierClient{cc}
+}
+
+func (c *notifierClient) SendFsEvent(ctx context.Context, in *FsEvent, opts ...grpc.CallOption) (*emptypb.Empty, error) {
+	out := new(emptypb.Empty)
+	err := c.cc.Invoke(ctx, "/proto.Notifier/SendFsEvent", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *notifierClient) SendUserEvent(ctx context.Context, in *UserEvent, opts ...grpc.CallOption) (*emptypb.Empty, error) {
+	out := new(emptypb.Empty)
+	err := c.cc.Invoke(ctx, "/proto.Notifier/SendUserEvent", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// NotifierServer is the server API for Notifier service.
+type NotifierServer interface {
+	SendFsEvent(context.Context, *FsEvent) (*emptypb.Empty, error)
+	SendUserEvent(context.Context, *UserEvent) (*emptypb.Empty, error)
+}
+
+// UnimplementedNotifierServer can be embedded to have forward compatible implementations.
+type UnimplementedNotifierServer struct {
+}
+
+func (*UnimplementedNotifierServer) SendFsEvent(context.Context, *FsEvent) (*emptypb.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method SendFsEvent not implemented")
+}
+func (*UnimplementedNotifierServer) SendUserEvent(context.Context, *UserEvent) (*emptypb.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method SendUserEvent not implemented")
+}
+
+func RegisterNotifierServer(s *grpc.Server, srv NotifierServer) {
+	s.RegisterService(&_Notifier_serviceDesc, srv)
+}
+
+func _Notifier_SendFsEvent_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(FsEvent)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(NotifierServer).SendFsEvent(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/proto.Notifier/SendFsEvent",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(NotifierServer).SendFsEvent(ctx, req.(*FsEvent))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Notifier_SendUserEvent_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UserEvent)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(NotifierServer).SendUserEvent(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/proto.Notifier/SendUserEvent",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(NotifierServer).SendUserEvent(ctx, req.(*UserEvent))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+var _Notifier_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "proto.Notifier",
+	HandlerType: (*NotifierServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "SendFsEvent",
+			Handler:    _Notifier_SendFsEvent_Handler,
+		},
+		{
+			MethodName: "SendUserEvent",
+			Handler:    _Notifier_SendUserEvent_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "notifier/proto/notifier.proto",
+}

sdk/plugin/notifier/proto/notifier.proto

@@ -0,0 +1,30 @@
+syntax = "proto3";
+package proto;
+
+import "google/protobuf/timestamp.proto";
+import "google/protobuf/empty.proto";
+
+option go_package = "sdk/plugin/notifier/proto";
+
+message FsEvent {
+    google.protobuf.Timestamp timestamp = 1;
+    string action = 2;
+    string username = 3;
+    string fs_path = 4;
+    string fs_target_path = 5;
+    string ssh_cmd = 6;
+    int64 file_size =  7;
+    string protocol = 8;
+    int32 status = 9;
+}
+
+message UserEvent {
+    google.protobuf.Timestamp timestamp = 1;
+    string action = 2;
+    bytes user = 3; // SFTPGo user json serialized
+}
+
+service Notifier {
+    rpc SendFsEvent(FsEvent) returns (google.protobuf.Empty);
+    rpc SendUserEvent(UserEvent) returns (google.protobuf.Empty);
+}

sdk/plugin/plugin.go

@@ -0,0 +1,166 @@
+// Package plugin provides support for the SFTPGo plugin system
+package plugin
+
+import (
+	"fmt"
+	"sync"
+
+	"github.com/hashicorp/go-hclog"
+
+	"github.com/drakkan/sftpgo/v2/logger"
+	"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
+)
+
+const (
+	logSender = "plugins"
+)
+
+var (
+	// Handler defines the plugins manager
+	Handler         Manager
+	pluginsLogLevel = hclog.Debug
+)
+
+// Renderer defines the interface for generic objects rendering
+type Renderer interface {
+	RenderAsJSON(reload bool) ([]byte, error)
+}
+
+// Config defines a plugin configuration
+type Config struct {
+	// Plugin type
+	Type string `json:"type" mapstructure:"type"`
+	// NotifierOptions defines additional options for notifiers plugins
+	NotifierOptions NotifierConfig `json:"notifier_options" mapstructure:"notifier_options"`
+	// Path to the plugin executable
+	Cmd string `json:"cmd" mapstructure:"cmd"`
+	// Args to pass to the plugin executable
+	Args []string `json:"args" mapstructure:"args"`
+	// SHA256 checksum for the plugin executable.
+	// If not empty it will be used to verify the integrity of the executable
+	SHA256Sum string `json:"sha256sum" mapstructure:"sha256sum"`
+	// If enabled the client and the server automatically negotiate mTLS for
+	// transport authentication. This ensures that only the original client will
+	// be allowed to connect to the server, and all other connections will be
+	// rejected. The client will also refuse to connect to any server that isn't
+	// the original instance started by the client.
+	AutoMTLS bool `json:"auto_mtls" mapstructure:"auto_mtls"`
+}
+
+// Manager handles enabled plugins
+type Manager struct {
+	// List of configured plugins
+	Configs   []Config `json:"plugins" mapstructure:"plugins"`
+	mu        sync.RWMutex
+	notifiers []*notifierPlugin
+}
+
+// Initialize initializes the configured plugins
+func Initialize(configs []Config, logVerbose bool) error {
+	Handler = Manager{
+		Configs: configs,
+	}
+
+	if logVerbose {
+		pluginsLogLevel = hclog.Debug
+	} else {
+		pluginsLogLevel = hclog.Info
+	}
+
+	for _, config := range configs {
+		switch config.Type {
+		case notifier.PluginName:
+			plugin, err := newNotifierPlugin(config)
+			if err != nil {
+				return err
+			}
+			Handler.notifiers = append(Handler.notifiers, plugin)
+		default:
+			return fmt.Errorf("unsupported plugin type: %v", config.Type)
+		}
+	}
+	return nil
+}
+
+// NotifyFsEvent sends the fs event notifications using any defined notifier plugins
+func (m *Manager) NotifyFsEvent(action, username, fsPath, fsTargetPath, sshCmd, protocol string, fileSize int64, err error) {
+	m.mu.RLock()
+
+	var crashedIdxs []int
+	for idx, n := range m.notifiers {
+		if n.exited() {
+			crashedIdxs = append(crashedIdxs, idx)
+		} else {
+			n.notifyFsAction(action, username, fsPath, fsTargetPath, sshCmd, protocol, fileSize, err)
+		}
+	}
+
+	m.mu.RUnlock()
+
+	if len(crashedIdxs) > 0 {
+		m.restartCrashedNotifiers(crashedIdxs)
+
+		m.mu.RLock()
+		defer m.mu.RUnlock()
+
+		for idx := range crashedIdxs {
+			if !m.notifiers[idx].exited() {
+				m.notifiers[idx].notifyFsAction(action, username, fsPath, fsTargetPath, sshCmd, protocol, fileSize, err)
+			}
+		}
+	}
+}
+
+// NotifyUserEvent sends the user event notifications using any defined notifier plugins
+func (m *Manager) NotifyUserEvent(action string, user Renderer) {
+	m.mu.RLock()
+
+	var crashedIdxs []int
+	for idx, n := range m.notifiers {
+		if n.exited() {
+			crashedIdxs = append(crashedIdxs, idx)
+		} else {
+			n.notifyUserAction(action, user)
+		}
+	}
+
+	m.mu.RUnlock()
+
+	if len(crashedIdxs) > 0 {
+		m.restartCrashedNotifiers(crashedIdxs)
+
+		m.mu.RLock()
+		defer m.mu.RUnlock()
+
+		for idx := range crashedIdxs {
+			if !m.notifiers[idx].exited() {
+				m.notifiers[idx].notifyUserAction(action, user)
+			}
+		}
+	}
+}
+
+func (m *Manager) restartCrashedNotifiers(crashedIdxs []int) {
+	for _, idx := range crashedIdxs {
+		m.mu.Lock()
+		defer m.mu.Unlock()
+
+		if m.notifiers[idx].exited() {
+			logger.Info(logSender, "", "try to restart crashed plugin %v", m.Configs[idx].Cmd)
+			plugin, err := newNotifierPlugin(m.Configs[idx])
+			if err == nil {
+				m.notifiers[idx] = plugin
+			} else {
+				logger.Warn(logSender, "", "plugin %v crashed and restart failed: %v", m.Configs[idx].Cmd, err)
+			}
+		}
+	}
+}
+
+// Cleanup releases all the active plugins
+func (m *Manager) Cleanup() {
+	for _, n := range m.notifiers {
+		logger.Debug(logSender, "", "cleanup plugin %v", n.config.Cmd)
+		n.cleanup()
+	}
+}

sdk/plugin/util.go

@@ -0,0 +1,25 @@
+package plugin
+
+import (
+	"github.com/shirou/gopsutil/v3/process"
+
+	"github.com/drakkan/sftpgo/v2/logger"
+)
+
+func killProcess(processPath string) {
+	procs, err := process.Processes()
+	if err != nil {
+		return
+	}
+	for _, p := range procs {
+		cmdLine, err := p.Exe()
+		if err == nil {
+			if cmdLine == processPath {
+				err = p.Kill()
+				logger.Debug(logSender, "", "killed process %v, pid %v, err %v", cmdLine, p.Pid, err)
+				return
+			}
+		}
+	}
+	logger.Debug(logSender, "", "no match for plugin process %v", processPath)
+}