Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 14:20:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,179 Commits 9 Branches 53 Tags
60af36813be5a18b9d17e51a8455f5640a5804e4
Commit Graph

600 Commits

Author SHA1 Message Date
Nicola Murino
60af36813b gcs: improve error checking 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-05-23 19:56:21 +02:00
Nicola Murino
3f7533b86a update deps ... 
... and adapt the code to the new constants I added to
golang.org/x/crypto/ssh

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-05-19 19:42:36 +02:00
Nicola Murino
9e2230cc33 Support leading and trailing spaces in user passwords 
This improves compatibility with external authentication providers that
allow such characters in passwords.

Passwords created via the WebAdmin UI are still sanitized to prevent user
confusion.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-04-26 14:31:13 +02:00
Nicola Murino
1c48e51384 EventManager: escape email body when content type is text/html 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-04-24 19:01:17 +02:00
Nicola Murino
683d00caec cmd: remove startsubsys command 
SFTPGo is not designed to be used as an OpenSSH subsystem — many
features do not work correctly in subsystem mode. The functionality
was added after a user request in the pkg/sftp repository to
demonstrate that it was feasible, not for actual practical use.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-04-20 18:51:01 +02:00
Nicola Murino
c5e76f303a commands: initialize plugins if we have a KMS 
this is necessary to be able to read KMS secrets stored within
the data provider

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-04-20 18:48:19 +02:00
Nicola Murino
11d8fffd1b remove obsoletes build constraints 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-04-20 17:15:40 +02:00
Nicola Murino
0da8adb7ac EventManager: breaking change for placeholder names 
Placeholder names must now be in the format:

{{.VirtualPath}}

instead of:

{{.VirtualPath}}

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-04-14 09:11:44 +02:00
Nicola Murino
aea036715c OIDC: ensure token username adheres to naming conventions 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-04-08 18:25:16 +02:00
Nicola Murino
f41f00fec2 httpd: allow to configure referrer policy header 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-04-07 18:48:48 +02:00
Nicola Murino
5954d4ae20 sshconn: use a generic io.Closer instead of a net.Conn 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-04-02 18:52:06 +02:00
Nicola Murino
d95d773570 oidc: allow login if the password method is disabled 
isLoggedInWithOIDC returns false before login so we need to add
a specific check

Fixes #1879

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-29 20:28:49 +01:00
Nicola Murino
cf573fc743 pre-login hook: fix loading user after update 
Fixes #1890
Closes #1891

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-29 17:29:28 +01:00
Nicola Murino
2255c5f000 upgrade golangci-lint to v2 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-29 11:36:19 +01:00
Nicola Murino
38689a71a7 migrations: fix placeholder for shared session table 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-23 12:06:57 +01:00
Nicola Murino
a71e53c8c8 GCS: properly check for googleapi.Error 
Fixes #1936

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-23 11:37:21 +01:00
Nicola Murino
e590deebe0 db shared sessions: set key and type as primary key 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-23 11:34:10 +01:00
Nicola Murino
d4ea6adcc3 config: fix test case for slice values 
this is a behaviour change in the lastest version of viper

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-16 14:16:04 +01:00
Nicola Murino
51a9cf79bc azure blob fs: ensure sas url are not nil before comparing 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-15 20:39:42 +01:00
Nicola Murino
f096675a2b fix log formatting 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-12 11:19:38 +01:00
Nicola Murino
66ec11a19f fix typo 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-08 15:49:30 +01:00
Nicola Murino
15ac11b575 EventManager: add timestamp and name to scheduled event parameters 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-04 18:03:07 +01:00
Nicola Murino
002e819e54 defender: don't penalize redirects to the login page 
This is normal behavior

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-02-23 16:56:47 +01:00
Nicola Murino
38a6b5632a share login page: add CheckRedirect field 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-02-22 22:28:53 +01:00
Nicola Murino
5a01ce66f1 WebUIs: fix translations for some page titles 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-02-18 18:25:52 +01:00
Nicola Murino
152448d116 dataprovider: add options to shares for future extensibility 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-02-16 12:06:00 +01:00
Nicola Murino
0013e35b28 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-02-06 19:23:05 +01:00
Nicola Murino
519d201e74 fix rsync test case 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-02-06 11:01:12 +01:00
Nicola Murino
1393cf5956 ftp: add a test for SIZE command on dirs 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-02-04 19:26:55 +01:00
Nicola Murino
69ef36b4d9 httpd: add a setting to disable login methods, deprecate the previous one 
the previous enabled login methods setting is hard to extend in
a backward compatible way

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-25 22:00:55 +01:00
Nicola Murino
70f8b4d495 WebAdmin: allow to create admins with an unusable password 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-25 18:53:54 +01:00
Nicola Murino
48258f6e67 httpd: add cross origin resource and embedder policy headers 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-24 19:34:57 +01:00
Nicola Murino
83ee977746 ip lists: check the list size before parsing the IP 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-23 08:07:33 +01:00
Nicola Murino
61aef41bee WebClient: make the keep alive interval configurable 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-22 19:41:31 +01:00
Nicola Murino
ef2f3e51ea EventManager: add more datetime placeholders 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-16 18:14:43 +01:00
Nicola Murino
24215dc734 remove check for cache key collisions 
we use sha256 keys now

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-15 19:46:54 +01:00
Nicola Murino
e2b21ad946 ssh commands: fix for rsync with no arguments 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-15 19:23:23 +01:00
Nicola Murino
e8c5f8ed81 command actions: restrict passing env vars 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-13 20:58:32 +01:00
Nicola Murino
04fa242f57 azblobfs: add support for Azure Identity 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-13 20:58:17 +01:00
Nicola Murino
de3c987802 rsync: enforce a supported format and limit the allowed options 
Many rsync options are unsafe to use in restricted environments
and may pose security risks.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-13 19:41:58 +01:00
Nicola Murino
da68cf3e9d events search: remove trailing and leading space from received parameters 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-11 11:42:57 +01:00
Nicola Murino
5febcdca43 httpd: log csrf token duration 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-11 11:29:35 +01:00
Nicola Murino
b2e9935049 GCS: allow a 10 seconds timeout for client creation 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-11 11:25:45 +01:00
Nicola Murino
1f4cb7077a bad host handler: return a generic error message 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-06 10:08:25 +01:00
Nicola Murino
bf0961458c remove some unnecessary string conversions 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-04 11:58:37 +01:00
Nicola Murino
a4a33d4407 acme: add logger to retryable http client 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-04 09:27:01 +01:00
Nicola Murino
ff13be4616 zip creation: avoid stat if not strictly required 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-03 11:43:09 +01:00
Nicola Murino
37f8fb3a0e add a link to the upgrading docs in the error message 
Fixes #1854

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-12-31 10:04:43 +01:00
Nicola Murino
deea9ff038 do not return if client IP is not allowed in login API response 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-12-28 18:47:04 +01:00
Nicola Murino
91340bbe2f config: reset invalid rename mode 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-12-26 09:36:58 +01:00