Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 14:20:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
686 Commits 9 Branches 53 Tags
05ae0ea5f2aa5528cacaa91d2c26c42d8a06a83c
Commit Graph

136 Commits

Author SHA1 Message Date
Nicola Murino
d32b195a57 httpd: reuse the same compressor among bindings 2021-02-04 22:32:55 +01:00
Nicola Murino
267d9f1831 web ui: allow to create folders from a template 2021-02-04 19:09:43 +01:00
Nicola Murino
70bb3c34ce sftpfs: improve endpoint validation 
Validation will fail if the endpoint is not specified as host:port
 2021-02-03 11:29:04 +01:00
Nicola Murino
e9dd4ecdf0 web admin: add CSRF 2021-02-03 08:55:28 +01:00
Nicola Murino
f863530653 JWT: only accepts tokens from the expected header or cookie 2021-02-02 13:11:47 +01:00
Nicola Murino
4f609cfa30 JWT: add token audience 
a token released for API audience cannot be used for web pages and
vice-versa
 2021-02-02 09:14:10 +01:00
Nicola Murino
78bf808322 virtual folders: change dataprovider structure 
This way we no longer depend on the local file system path and so we can
add support for cloud backends in future updates
 2021-02-01 19:04:15 +01:00
Nicola Murino
afe1da92c5 web UI cookie: set the Secure flags if we are over TLS 2021-01-28 13:29:16 +01:00
Nicola Murino
c2bbd468c4 REST API: add logout and store invalidated token 2021-01-26 22:35:36 +01:00
Nicola Murino
54321c5240 web ui: allow to create multiple users from a template 2021-01-25 21:31:33 +01:00
Nicola Murino
80f5ccd357 web admin: add backup/restore 2021-01-22 19:42:18 +01:00
Nicola Murino
57976b4085 httpd: add mTLS and multiple bindings support 2021-01-19 18:59:41 +01:00
Nicola Murino
41a1af863e OpenAPI: minor changes 2021-01-18 13:24:38 +01:00
Nicola Murino
778ec9b88f REST API v2 
- add JWT authentication
- admins are now stored inside the data provider
- admin access can be restricted based on the source IP: both proxy
  header and connection IP are checked
- deprecate REST API CLI: it is not relevant anymore

Some other changes to the REST API can still happen before releasing
SFTPGo 2.0.0

Fixes #197
 2021-01-17 22:29:08 +01:00
Nicola Murino
daac90c4e1 fix a potential race condition for pre-login and ext auth 
hooks

doing something like this:

err = provider.updateUser(u)
...
return provider.userExists(username)

could be racy if another update happen before

provider.userExists(username)

also pass a pointer to updateUser so if the user is modified inside
"validateUser" we can just return the modified user without do a new
query
 2021-01-05 09:50:22 +01:00
Nicola Murino
684f4ba1a6 mutal TLS: add support for revocation lists 2021-01-03 17:03:04 +01:00
Nicola Murino
6d84c5b9e3 capture http servers error logs 
otherwise they will be printed to stdout
 2021-01-03 10:38:28 +01:00
Nicola Murino
4b522a2455 webdav: refactor server initialization 2021-01-03 09:51:54 +01:00
Nicola Murino
d6b3acdb62 add REST API for the defender 2021-01-02 19:33:24 +01:00
Nicola Murino
037d89a320 add support for a basic built-in defender 
It can help to prevent DoS and brute force password guessing
 2021-01-02 14:05:09 +01:00
Nicola Murino
30eb3c4a99 update OpenAPI schema 2020-12-29 19:33:04 +01:00
Nicola Murino
0966d44c0f httpd: add support for listening over a Unix-domain socket 
Fixes #266
 2020-12-29 19:02:56 +01:00
Nicola Murino
80c06d6b59 clone: disable decrypt error test for memory provider 
This test cannot work using memory provider, we cannot change the provider
for a kms secrete without reloading it from JSON and the memory provider
will never reload users
 2020-12-26 15:57:01 +01:00
Nicola Murino
e536a638c9 web UI: improve user cloning 2020-12-26 15:11:38 +01:00
Jochen Munz
bc397002d4 Feature: Clone existing user via web admin (#259) 
UI based cloning of an existing user. The "add user" screen is prepopulated with existing user data.

Resolves drakkan/sftpgo#225
 2020-12-26 14:58:59 +01:00
Nicola Murino
1dce1eff48 improve FTP support 
- allow to disable active mode
- allow to disable SITE commands
- add optional support for calculating hash value of files
- add optional support for the non standard COMB command
 2020-12-24 18:48:06 +01:00
Nicola Murino
c69d63c1f8 add support for multiple bindings 
Fixes #253
 2020-12-23 16:12:30 +01:00
Nicola Murino
743b350fdd httpd: add support for route undefined HEAD requests to GET handlers 
HEAD responses will not include a body but the Content-Length will be
set as the equivalent GET request

Fixes #255
 2020-12-20 10:22:16 +01:00
Nicola Murino
bcf0fa073e telemetry server: add optional https and authentication 2020-12-18 16:04:42 +01:00
Nicola Murino
140380716d remove unused constant 2020-12-18 10:05:08 +01:00
Nicola Murino
143df87fee add some docs for telemetry server 
move pprof to the telemetry server only
 2020-12-18 09:47:22 +01:00
Nicola Murino
a6985075b9 add sftpfs storage backend 
Fixes #224
 2020-12-12 10:31:09 +01:00
Nicola Murino
50982229e1 REST API: add a method to get the status of the services 
added a status page to the built-in web admin
 2020-12-08 11:18:34 +01:00
Nicola Murino
4a88ea5c03 add Data At Rest Encryption support 2020-12-05 13:48:13 +01:00
Nicola Murino
a67276ccc2 add build tags to disable kms providers 2020-12-02 09:44:18 +01:00
Nicola Murino
87b51a6fd5 kms: remember if a secret was saved without a master key 
So we will be able to decrypt secret stored without a master key if a
such key is provided later
 2020-12-01 22:18:16 +01:00
Nicola Murino
634b723b5d add KMS support 
Fixes #226
 2020-11-30 21:46:34 +01:00
Nicola Murino
4bb9d07dde user: add a free text field 
Fixes #230
 2020-11-25 22:26:34 +01:00
Nicola Murino
dccc583b5d add a dedicated struct to store encrypted credentials 
also gcs credentials are now encrypted, both on disk and inside the
provider.

Data provider is automatically migrated and load data will accept
old format too but you should upgrade to the new format to avoid future
issues
 2020-11-22 21:53:04 +01:00
Nicola Murino
e3eca424f1 web admin: allow both allowed and denied extensions/patterns for a dir 
this fix a regression introduced in the previous commit
 2020-11-16 19:21:50 +01:00
Nicola Murino
a6355e298e add support for limit files using shell like patterns 
Fixes #209
 2020-11-15 22:04:48 +01:00
Nicola Murino
6ad4cc317c cloud backends: stat and other performance improvements 2020-11-02 19:16:12 +01:00
Nicola Murino
57bec976ae document heathz endpoint 2020-11-01 10:39:10 +01:00
Nicola Murino
fcfdd633f6 Azure Blob: update SDK and add access tier support 2020-10-30 22:17:17 +01:00
Nicola Murino
5bc1c2de2d add a link to the heml chart 
Fixes #210
 2020-10-29 21:50:21 +01:00
Mark Sagi-Kazar
ec00613202 feat(httpd): add new healthz endpoint 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2020-10-29 21:37:30 +01:00
Mark Sagi-Kazar
02ec3a5f48 refactor(httpd): move every route under a new group 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2020-10-29 21:37:30 +01:00
Nicola Murino
14bcc6f2fc s3, azblob: check upper limit for part size 2020-10-25 12:10:11 +01:00
Nicola Murino
5ff8f75917 add Azure Blob support 2020-10-25 08:18:48 +01:00
Sean Hildebrand
db7e81e9d0 add prefer_database_credentials configuration parameter 
When true, users' Google Cloud Storage credentials will be written to
the data provider instead of disk.
Pre-existing credentials on disk will be used as a fallback

Fixes #201
 2020-10-22 10:42:40 +02:00