From c1194d558cb50f5a1bef2dd9f1621d4f48bbe388 Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Sun, 22 Mar 2020 14:03:06 +0100 Subject: [PATCH] docs: minor improvements --- dataprovider/dataprovider.go | 19 +++++++++++++------ docs/account.md | 2 +- docs/google-cloud-storage.md | 2 +- docs/performance.md | 8 ++++---- docs/profiling.md | 2 +- 5 files changed, 20 insertions(+), 13 deletions(-) diff --git a/dataprovider/dataprovider.go b/dataprovider/dataprovider.go index 5c2af457..3085253e 100644 --- a/dataprovider/dataprovider.go +++ b/dataprovider/dataprovider.go @@ -801,6 +801,17 @@ func validateBaseParams(user *User) error { return nil } +func createUserPasswordHash(user *User) error { + if len(user.Password) > 0 && !utils.IsStringPrefixInSlice(user.Password, hashPwdPrefixes) { + pwd, err := argon2id.CreateHash(user.Password, argon2id.DefaultParams) + if err != nil { + return err + } + user.Password = pwd + } + return nil +} + func validateUser(user *User) error { buildUserHomeDir(user) if err := validateBaseParams(user); err != nil { @@ -818,12 +829,8 @@ func validateUser(user *User) error { if user.Status < 0 || user.Status > 1 { return &ValidationError{err: fmt.Sprintf("invalid user status: %v", user.Status)} } - if len(user.Password) > 0 && !utils.IsStringPrefixInSlice(user.Password, hashPwdPrefixes) { - pwd, err := argon2id.CreateHash(user.Password, argon2id.DefaultParams) - if err != nil { - return err - } - user.Password = pwd + if err := createUserPasswordHash(user); err != nil { + return err } if err := validatePublicKeys(user); err != nil { return err diff --git a/docs/account.md b/docs/account.md index 64b31d6f..18b90f8b 100644 --- a/docs/account.md +++ b/docs/account.md @@ -42,7 +42,7 @@ For each account, the following properties can be configured: - `s3_bucket`, required for S3 filesystem - `s3_region`, required for S3 filesystem. Must match the region for your bucket. You can find here the list of available [AWS regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). For example if your bucket is at `Frankfurt` you have to set the region to `eu-central-1` - `s3_access_key` -- `s3_access_secret`, if provided it is stored encrypted (AES-256-GCM) +- `s3_access_secret`, if provided it is stored encrypted (AES-256-GCM). You can leave access key and access secret blank to use credentials from environment - `s3_endpoint`, specifies a S3 endpoint (server) different from AWS. It is not required if you are connecting to AWS - `s3_storage_class`, leave blank to use the default or specify a valid AWS [storage class](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) - `s3_key_prefix`, allows to restrict access to the virtual folder identified by this prefix and its contents diff --git a/docs/google-cloud-storage.md b/docs/google-cloud-storage.md index c0683321..fd82dfdb 100644 --- a/docs/google-cloud-storage.md +++ b/docs/google-cloud-storage.md @@ -1,6 +1,6 @@ # Google Cloud Storage backend -To connect SFTPGo to Google Cloud Storage, you can use use the Application Default Credentials (ADC) strategy to try to find your application's credentials automatically or you can explicitly provide a JSON credentials file that you can obtain from the Google Cloud Console. Take a look [here](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application) for details. +To connect SFTPGo to Google Cloud Storage you can use use the Application Default Credentials (ADC) strategy to try to find your application's credentials automatically or you can explicitly provide a JSON credentials file that you can obtain from the Google Cloud Console. Take a look [here](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application) for details. Specifying a different `key_prefix`, you can assign different virtual folders of the same bucket to different users. This is similar to a chroot directory for local filesystem. Each SFTP/SCP user can only access the assigned virtual folder and its contents. The virtual folder identified by `key_prefix` does not need to be pre-created. diff --git a/docs/performance.md b/docs/performance.md index fc7f1759..a99313be 100644 --- a/docs/performance.md +++ b/docs/performance.md @@ -128,8 +128,8 @@ Stream|Baseline MB/s|Optimized MB/s|Balanced MB/s|OpenSSH MB/s| 8|897|903|823|887| ### Optimizations applied -- AES-CTR optimization of Golang compiler, the patch hasn't been merged yet, you can apply it yourself. [Patch](https://go-review.googlesource.com/c/go/+/51670) -- Use [minio/sha256-simd](https://github.com/minio/sha256-simd) to accelerate MAC (Message Authentication Code) computation. In this way the tested hardware will use `Intel SHA Extensions` for SHA256 computation. This will give a significant performance boost compared to `AVX2` extensions used with the Golang's SHA256 implementation. +- AES-CTR optimization of Go compiler for x86_64, there is a [patch](https://go-review.googlesource.com/c/go/+/51670) that hasn't been merged yet, you can apply it yourself. +- Use [minio/sha256-simd](https://github.com/minio/sha256-simd) to accelerate MAC (Message Authentication Code) computation. In this way the tested hardware will use `Intel SHA Extensions` for SHA256 computation. This will give a significant performance boost compared to `AVX2` extensions used with the Go's SHA256 implementation. This patch is now included in SFTPGo master branch. ``` diff --git a/go.mod b/go.mod index f1b2caa..109e064 100644 @@ -142,7 +142,7 @@ index f1b2caa..109e064 100644 + +replace golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20200303175438-17ef3d252b1c ``` -- A new allocator for `pkg/sftp` which greatly improve parallel loads. We are discussing about this patch with `pkg/sftp` maintainers [here](https://github.com/pkg/sftp/issues/334). +- A new allocator for `pkg/sftp` which greatly improve parallel loads. We are discussing about this patch with `pkg/sftp` maintainers [here](https://github.com/pkg/sftp/pull/344). ``` diff --git a/go.mod b/go.mod index 109e064..4d67a47 100644 @@ -152,7 +152,7 @@ index 109e064..4d67a47 100644 replace github.com/eikenb/pipeat v0.0.0-20190316224601-fb1f3a9aa29f => github.com/drakkan/pipeat v0.0.0-20200123131427-11c048cfc0ec replace golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20200303175438-17ef3d252b1c -+replace github.com/pkg/sftp => github.com/drakkan/sftp v0.0.0-20200227085621-6b4abaad1b9a ++replace github.com/pkg/sftp => github.com/drakkan/sftp v0.0.0-20200319122022-2fc68482d27f ``` ### HAProxy configuration diff --git a/docs/profiling.md b/docs/profiling.md index 2f477aa7..8fc8c28a 100644 --- a/docs/profiling.md +++ b/docs/profiling.md @@ -16,7 +16,7 @@ The following profiles are available, you can obtain them via HTTP GET requests: - `threadcreate`, stack traces that led to the creation of new OS threads - `trace`, a trace of execution of the current program. You can specify the duration in the `seconds` GET parameter. After you get the trace file, use the `go tool trace` command to investigate the trace -Let's see some examples: +For example you can: - download a 30 seconds CPU profile from the URL `/debug/pprof/profile?seconds=30` - download a sampling of memory allocations of live objects from the URL `/debug/pprof/heap?gc=1`