sftpgo

mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 06:10:54 +03:00

Author	SHA1	Message	Date
Nicola Murino	74f8539247	pre-login hook: require either a full user object or no user modification The previous behavior was a leftover from an old refactor. This change aligns the pre-login hook with the behavior of other hooks, although it may break some edge cases that relied on the previous inconsistent behavior. Fixes #2107 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-11-18 20:09:22 +01:00
Nicola Murino	973b68a383	data provider: micro-optimization skip availability check when updating the node timestamp. If the update succeeds, the data provider is healthy Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-10-26 09:48:47 +01:00
Nicola Murino	5ce9688780	enforce group-level password strength for users and shares Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-10-26 09:44:32 +01:00
Nicola Murino	0ae2354fed	JWT: replace jwtauth/jwx with lightweight wrapper around go-jose We replaced the jwtauth and jwx libraries with a minimal custom wrapper around go-jose because we don’t need the full feature set provided by jwx. Implementing our own wrapper simplifies the codebase and improves maintainability. Moreover, go-jose depends only on the standard library, resulting in a leaner dependency that still meets all our requirements. This change also reduces the SFTPGo binary size by approximately 1MB Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-10-08 18:10:39 +02:00
Nicola Murino	35525e22e9	remove rsync support rsync was executed as an external command, which means we have no insight into or control over what it actually does. From a security perspective, this is far from ideal. To be clear, there's nothing inherently wrong with rsync itself. However, if we were to support it properly within SFTPGo, we would need to implement the low-level protocol internally rather than relying on launching an external process. This would ensure it works seamlessly with any storage backend, just as SFTP does, for example. We recommend using one of the many alternatives that rely on the SFTP protocol, such as rclone Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-28 18:15:15 +02:00
Nicola Murino	e892748ef4	system commands: recursively verify required permissions If any permission is missing at any level, return a "Permission Denied" error Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-28 09:36:19 +02:00
Nicola Murino	d2ee43585a	remove x/crypto fork Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-21 14:21:47 +02:00
Nicola Murino	7f03dc0fab	convert action migration: allow to import any command action EnabledCommands are initialized after the migration so allow any command, they will be denied if not allowed and this is temporary. The migration will be removed in the future Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-20 17:59:15 +02:00
Nicola Murino	a5dd529d88	node token: embed permissions directly in JWT Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-22 15:57:41 +02:00
Nicola Murino	6bde42fc3f	dataprovider: prevent action execution after external authentication As per the documentation for external authentication, provider actions should not be executed post-authentication. Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-21 07:20:06 +02:00
Nicola Murino	a2d3613250	dataprovider: preserve initial sort order for related resources Folders and groups now retain their initial order, improving compatibility and predictability when used with Terraform Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-19 16:11:53 +02:00
Nicola Murino	76f6dc06de	Log output from command hooks Re-adds #1208 now that the CLA has been signed. Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-07-20 10:45:48 +02:00
Nicola Murino	b6873768b2	replace strings.Split with SplitSeq Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-05-31 19:03:41 +02:00
Nicola Murino	3f7533b86a	update deps ... ... and adapt the code to the new constants I added to golang.org/x/crypto/ssh Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-05-19 19:42:36 +02:00
Nicola Murino	9e2230cc33	Support leading and trailing spaces in user passwords This improves compatibility with external authentication providers that allow such characters in passwords. Passwords created via the WebAdmin UI are still sanitized to prevent user confusion. Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-04-26 14:31:13 +02:00
Nicola Murino	11d8fffd1b	remove obsoletes build constraints Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-04-20 17:15:40 +02:00
Nicola Murino	0da8adb7ac	EventManager: breaking change for placeholder names Placeholder names must now be in the format: {{.VirtualPath}} instead of: {{.VirtualPath}} Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-04-14 09:11:44 +02:00
Nicola Murino	cf573fc743	pre-login hook: fix loading user after update Fixes #1890 Closes #1891 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-03-29 17:29:28 +01:00
Nicola Murino	2255c5f000	upgrade golangci-lint to v2 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-03-29 11:36:19 +01:00
Nicola Murino	38689a71a7	migrations: fix placeholder for shared session table Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-03-23 12:06:57 +01:00
Nicola Murino	e590deebe0	db shared sessions: set key and type as primary key Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-03-23 11:34:10 +01:00
Nicola Murino	152448d116	dataprovider: add options to shares for future extensibility Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-02-16 12:06:00 +01:00
Nicola Murino	0013e35b28	update deps Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-02-06 19:23:05 +01:00
Nicola Murino	83ee977746	ip lists: check the list size before parsing the IP Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-01-23 08:07:33 +01:00
Nicola Murino	bf0961458c	remove some unnecessary string conversions Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-01-04 11:58:37 +01:00
Nicola Murino	37f8fb3a0e	add a link to the upgrading docs in the error message Fixes #1854 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-12-31 10:04:43 +01:00
Nicola Murino	9f873d1059	prefer strings.EqualFold to strings.strings.ToLower where possible Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-12-19 19:44:01 +01:00
Nicola Murino	b0061f570e	WebClient: refactor preserving share password Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-12-18 19:54:39 +01:00
Nicola Murino	bfe6c58133	don't allow DSA keys Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-12-18 19:01:15 +01:00
Nicola Murino	8c5f92aeb1	dataprovider events: fix string formatting for program hook Fixes #1845 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-12-18 18:37:44 +01:00
Nicola Murino	ec90b61bb4	allow to configure JWT tokens and cookies duration Fixes #1839 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-12-18 18:33:37 +01:00
Nicola Murino	c56be285a5	replace fnv with sha256 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-12-14 14:42:43 +01:00
Nicola Murino	6a7c8df1ef	use GenerateOpaqueString also for node secrets this method will use rand.Text() with Go 1.24 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-27 19:05:19 +01:00
Nicola Murino	d3e76898cd	WebAdmin: refactor template permissions Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-26 20:39:36 +01:00
Nicola Murino	c37b7f0493	provider rule events: allows to filter by user groups Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-15 14:01:08 +01:00
Nicola Murino	b524da11e9	EventManager: disable commands by default Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-10 12:08:17 +01:00
Nicola Murino	3dd412f6e3	WebAdmin and REST API: remove too granular permissions Our permissions system for admin users is too granular and some permissions overlap. For example, you can define an administrator with the "manage_system" permission and not with the "manage_admins" or "manage_user" permission, but the "manage_system" permission allows you to restore a backup and then create users and administrators. The following permissions will be removed: "manage_admins", "manage_apikeys", "manage_system", "retention_checks", "manage_event_rules", "manage_roles", "manage_ip_lists". Now you need to add the "*" permission to replace the removed granular permissions because the removed permissions allow actions that should only be allowed to super administrators. There is no point in having separate, overlapping permissions. Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-10 10:46:28 +01:00
Nicola Murino	88b1850b58	EventManager: allow to define the allowed system commands Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-01 11:37:33 +01:00
Nicola Murino	21bd8c5660	node: use a plain string as key Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-10-28 18:34:36 +01:00
Nicola Murino	d8691d1e1a	update translations Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-10-13 17:00:17 +02:00
Nicola Murino	eba4c93efd	user: add additional emails Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-10-11 19:20:51 +02:00
Nicola Murino	126cb1ee0d	remove some useless hooks Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-09-27 15:52:51 +02:00
Nicola Murino	eeef23139d	EventManager: filter action execution based on event status Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-09-23 19:55:03 +02:00
Nicola Murino	433d45ed87	WebUI: add a token validation mode that allows checking the signature Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-09-21 14:06:25 +02:00
Nicola Murino	1b928ef6b2	sqlite: execute PRAGMA optimize on startup Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-09-06 19:35:18 +02:00
Nicola Murino	fd6126134e	execute provider events also for plugin auth Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-09-06 19:17:31 +02:00
Nicola Murino	b9b370fbb8	add some pre-validation hooks Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-08-17 09:11:42 +02:00
Nicola Murino	d783ffc13f	fix new lint warnings Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-08-14 08:46:18 +02:00
Nicola Murino	954c36c0a2	add fs providers hook Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-08-10 15:57:05 +02:00
Nicola Murino	81433e00d1	event action: add update modtime to fs rename Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-08-09 20:18:33 +02:00

1 2 3 4 5

217 Commits