Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 22:30:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,169 Commits 9 Branches 53 Tags
c9bd08cf9ca286a23f9ba1b367a093da7045a4cc
Commit Graph

84 Commits

Author SHA1 Message Date
Nicola Murino
c9bd08cf9c UI branding: use the short name on the login pages 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-15 07:30:36 +02:00
Nicola Murino
5d7f6960f3 web UIs: add branding support 
Fixes #829

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-13 19:40:52 +02:00
Tim Birkett
7b1a0d3cd3 chore: disallow all crawlers with robots.txt (#833) 
Signed-off-by: Tim Birkett <tim.birkett@sainsburys.co.uk>
 2022-05-13 09:23:43 +02:00
Nicola Murino
504cd3efda add groups support 
Using groups simplifies the administration of multiple accounts by
letting you assign settings once to a group, instead of multiple
times to each individual user.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-25 15:49:11 +02:00
Nicola Murino
002a06629e refactoring of user session counters 
Fixes #792

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-14 19:07:41 +02:00
Nicola Murino
254b2ae87f add support for AWS container 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-03 08:52:36 +02:00
Nicola Murino
5cccb872bb add support to redirect HTTP to HTTPS 
Fixes #777

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-26 10:00:02 +01:00
Nicola Murino
aaf940edab enforce CSRF token usage by the same IP for which it was issued 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-26 08:41:50 +01:00
Nicola Murino
d955ddcef9 check that the jwt token is used by the same IP for which it 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-24 22:03:17 +01:00
Nicola Murino
93b9c1617e web UI: allow to load custom css 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-19 21:44:27 +01:00
Nicola Murino
d9f30e7ac5 add a global whitelist 
if defined only the listed IPs/networks can access the configured
services, all other client connections will be dropped before they
even try to authenticate

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-17 22:10:52 +01:00
Nicola Murino
d8de0faef5 allow to require two-factor auth for users 
Fixes #721

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-06 16:57:13 +01:00
Nicola Murino
79857a8733 config: restore defaults for smtp templates path 
It was mistakenly deleted in the previous commit

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-27 14:16:38 +01:00
Nicola Murino
dcc3292dbc web setup: add an optional installation code 
The purpose of this code is to prevent anyone who can access to
the initial setup screen from creating an admin user

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-27 13:08:47 +01:00
Nicola Murino
c6b8644828 OIDC: execute pre-login hook after IDP authentication 
so the SFTPGo users can be auto-created using the hook

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-19 10:53:35 +01:00
Nicola Murino
f1a255aa6c httpd: allow to restrict allowed hosts ... 
... and to add security headers to the responses

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-17 18:22:27 +01:00
Nicola Murino
f1832d4478 shares: add an upload form for shares with write scope 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-15 19:19:25 +01:00
Nicola Murino
1fccd05e9e allow to configure the minimum version of TLS to be enabled 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-13 15:56:07 +01:00
Nicola Murino
66945c0a02 Web UIs: add OpenID Connect support 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-13 14:30:20 +01:00
Nicola Murino
fa0ca8fe89 quota summary and docs improvements 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-08 12:43:08 +01:00
Nicola Murino
9382db751c make HTTP shares browsable 
if you share a single folder with read scope, you can now browse the share
and download single files

Fixes #674
See #677

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-06 16:46:43 +01:00
Nicola Murino
1df1225eed add support for data transfer bandwidth limits 
with total limit or separate settings for uploads and downloads and
overrides based on the client's IP address.

Limits can be reset using the REST API

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-30 11:42:36 +01:00
Jeremy Clerc
9709aed5e6 httpd: webpath redirect using status found (302) 
301 MovedPermanently is cached by the browser which can
be annoying when it is is on base path like / while one
may reuse the domain (e.g. localhost) for other apps/tests.

Fixes #695

Signed-off-by: Jeremy Clerc <jeremy@clerc.io>
 2022-01-26 21:50:37 +01:00
Nicola Murino
1f619d5ea6 make the sdk a separate module 
The SFTPGo SDK now is at the following URL

https://github.com/sftpgo/sdk

Fixes #657

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-06 11:54:43 +01:00
Nicola Murino
7c68b03d07 move plugin handling outside the sdk package 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-05 11:37:45 +01:00
Nicola Murino
2912b2e92e sdk: add a logger interface 
we are now ready to make the sdk a separate module

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-04 16:07:41 +01:00
Nicola Murino
ad483b7581 httpd: switch back to chi Recoverer now that the required patch is merged 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-04 09:48:16 +01:00
Nicola Murino
a587228cf0 add support for metadata plugins 2021-12-16 18:18:36 +01:00
Nicola Murino
c153330ab8 web client: use fetch to upload files 
also add REST API to upload a single file as POST body
 2021-12-08 19:25:22 +01:00
Nicola Murino
bedc8e288b web client: add support for integrating external viewers/editors 2021-12-03 18:33:08 +01:00
Nicola Murino
3f3591bae0 web client: allow to preview images and pdf 
pdf depends on browser support. It does not work on mobile devices.
 2021-11-25 19:24:32 +01:00
Nicola Murino
3d6b09e949 REST API: expose OpenAPI schema and render it using Swagger UI 
Fixes #609
 2021-11-21 09:32:51 +01:00
Nicola Murino
fb8f013ea7 web: update permissions on cookie refresh 2021-11-20 10:48:39 +01:00
Nicola Murino
0833b4698e httpd service: add CORS support 2021-11-13 23:14:50 +01:00
Nicola Murino
78233ff9a3 web UI/REST API: add password reset 
In order to reset the password from the admin/client user interface,
an SMTP configuration must be added and the user/admin must have an email
address.
You can prohibit the reset functionality on a per-user basis by using a
specific restriction.

Fixes #597
 2021-11-13 13:25:43 +01:00
Nicola Murino
3bc58f5988 WebClient/REST API: add sharing support 2021-11-06 14:13:20 +01:00
Nicola Murino
74fc3aaf37 REST API: add events search 2021-10-23 15:47:21 +02:00
Nicola Murino
4aa9686e3b refactor custom actions 
SFTPGo is now fully auditable, all fs and provider events that change
something are notified and can be collected using hooks/plugins.

There are some backward incompatible changes for command hooks
 2021-10-10 13:08:05 +02:00
Nicola Murino
64e87d64bd web client UI: allow to edit plain text files 
Fixes #567
 2021-10-09 14:17:28 +02:00
Nicola Murino
ba1febba73 rework user and admin profiles 
users and admins can now also update their email and description
 2021-09-29 18:46:15 +02:00
Nicola Murino
da5a061b65 add basic REST APIs for data retention 
Fixes #495
 2021-09-25 12:20:31 +02:00
Nicola Murino
bf4b3e6840 httpd: move the check connection middleware before the logger middleware 
Fixes #543
 2021-09-19 08:14:59 +02:00
Nicola Murino
7bad65a43e user: add a permission to disable changing api key authentication 
also implement the missing APIs to enable/disable api key authentication
 2021-09-06 18:46:35 +02:00
Nicola Murino
101c2962ab web client UI: add a permission to disable password change 
Fixes #528
 2021-09-05 18:49:13 +02:00
Nicola Murino
8a4c21b64a add builtin two-factor auth support 
The builtin two-factor authentication is based on time-based one time
passwords (RFC 6238) which works with Authy, Google Authenticator and
other compatible apps.
 2021-09-04 12:11:04 +02:00
Nicola Murino
be3857d572 dataprovider: add timestamp fields for users and admins 2021-08-19 15:51:43 +02:00
Nicola Murino
fe953d6b38 REST API: add support for API key authentication 2021-08-17 18:08:32 +02:00
Nicola Murino
90b324d707 Add a link on the login pages to switch between admin and web client login 
The links are hidden if only the web admin or only thw web client is
enabled and can also be controlled using the "hide_login_url" setting

Fixes #485
 2021-07-27 18:43:00 +02:00
Nicola Murino
3a22aae34f web UI: add support for upload, create dirs, rename, delete 2021-07-26 20:55:49 +02:00
Nicola Murino
83c7453957 user API: allow to disable writes ... 
... even if the user has permissions for these actions
 2021-07-23 21:41:02 +02:00