Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,960 Commits 9 Branches 53 Tags
d0f348a46a85d6280b2d3328fb056f646f650c47
Commit Graph

1960 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicola Murino
d0f348a46a WebAdmin and REST API: remove too granular permissions 
Our permissions system for admin users is too granular and some
permissions overlap. For example, you can define an administrator
with the "manage_system" permission and not with the "manage_admins"
or "manage_user" permission, but the "manage_system" permission
allows you to restore a backup and then create users and
administrators. The following permissions will be removed:
"manage_admins", "manage_apikeys", "manage_system", "retention_checks",
"manage_event_rules", "manage_roles", "manage_ip_lists". Now you
need to add the "*" permission to replace the removed granular
permissions because the removed permissions allow actions that
should only be allowed to super administrators.
There is no point in having separate, overlapping permissions.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-10 10:51:27 +01:00
Nicola Murino
65e8e2c1d4 don't allow admins to change their own permissions 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-09 20:33:03 +01:00
Nicola Murino
5c163ed592 EventManager: allow to define the allowed system commands 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-09 19:14:45 +01:00
Nicola Murino
1df1b8e4b5 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-09 18:56:07 +01:00
Nicola Murino
feaf3ac459 WebAdmin: check CSRF header when deleting blocked hosts 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-09 18:50:31 +01:00
Nicola Murino
f363d037a7 remove fallback if rand.Reader fails 
Failing to read from rand.Reader essentially can't happen, and if it
does is not possible to fallback securely, so just panic

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-09 18:48:48 +01:00
Nicola Murino
f13eab1caf CI: re-enable build packages with Go latest 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-07 20:17:48 +01:00
Nicola Murino
dda89185fb plugins: fix passing additional environment variables 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-05 18:07:24 +01:00
Nicola Murino
b4acae85b8 proxy protocol: improve logging 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-31 14:30:49 +01:00
Nicola Murino
bc317775d2 plugin: remove invalid chars from error message 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-29 18:12:42 +01:00
Nicola Murino
10e4843a18 WebAdmin active connections: fix active transfer display 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-28 20:13:26 +01:00
Nicola Murino
256e3c1e3e node: use a plain string as key 
Some KMS providers only allow UTF-8 characters

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-28 14:33:38 +01:00
Nicola Murino
b4eabda7ad update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-26 21:31:38 +02:00
Nicola Murino
5f659aa7b1 OpenAPI: document password_strength 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-26 21:12:23 +02:00
Nicola Murino
b8fa4e72b4 update translations 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-21 20:41:53 +02:00
Nicola Murino
ccfe71b3fc update README 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-18 19:22:29 +02:00
Nicola Murino
d3c15b0d6f add License NOTICE 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-18 19:22:23 +02:00
Nicola Murino
9c744da620 DirLister: returns appropriate protocol errors 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-16 19:05:11 +02:00
Nicola Murino
7d24a4852c WebAdmin SMTP: ensure current config is not nil 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-15 18:23:28 +02:00
Nicola Murino
87fdc1dec1 Web: add CheckRedirect to pages using baselogin.html 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-12 12:54:32 +02:00
Nicola Murino
cdbb376376 EventManager: add escaped virtual path 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-12 11:28:03 +02:00
Rafał Bielawski
07616f7b7a Update translation.json (#1781) 
Signed-off-by: Rafał Bielawski <hello@rbielawski.pl>
 2024-10-12 11:27:12 +02:00
Nicola Murino
5d087f6abe CI: update FreeBSD version to 14.1 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-08 19:21:21 +02:00
Nicola Murino
18a014b95e CI: disable GRPC modules 
we don't use this feature for now

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-08 19:15:25 +02:00
Nicola Murino
472bfac5fe EventManager: add datetime placeholder 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-08 19:15:07 +02:00
Nicola Murino
594eab3246 WebAdmin: remove max value from password_strength 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-04 19:22:10 +02:00
Nicola Murino
5b8f283e03 WebClient: update edit and preview file extensions 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-04 19:22:06 +02:00
Nicola Murino
32a4a753f9 WebClient: improve readability of upload progress 
Fixes #1773

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-03 20:31:46 +02:00
Nicola Murino
e1008c30bf log: fix level for transfer logs 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-03 20:29:28 +02:00
Nicola Murino
c9d4920e81 WebClient: make sure to upload files after the queue is populated 
Ugly hack to prevent to start uploading files before the upload
queue is fully populated.

We should investigate if there is a better way

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-03 20:29:23 +02:00
Nicola Murino
4f49457eee CI: update Go version 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-03 07:00:24 +02:00
Nicola Murino
8325fbc7dd kms: add support for Oracle Key Vault 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-03 06:59:54 +02:00
Nicola Murino
f6a5264a2e update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-28 12:08:54 +02:00
Nicola Murino
5c27dedf5a CI: update Go version 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-28 12:04:36 +02:00
Nicola Murino
c74f391caf EventManager: filter action execution based on event status 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-27 20:49:04 +02:00
Nicola Murino
9830efac33 update css and js bundle 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-27 18:09:23 +02:00
Nicola Murino
41a5b7007e update links to the documentation 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-18 18:47:20 +02:00
Nicola Murino
7337b294ca update translations 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-01 13:44:51 +02:00
Nicola Murino
89aa7f0f41 WebUIs: update theme to version 1.0.4 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-21 18:37:26 +02:00
Nicola Murino
c563b24f1b add noopener noreferrer to href with target _blank 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-20 11:28:18 +02:00
Nicola Murino
84f3f877a5 smtp: replace deprecated method 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-20 11:28:14 +02:00
Nicola Murino
fe6bd8720f update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-20 11:28:05 +02:00
Nicola Murino
d2b9e55209 CI: use Go 1.22.6 to build packages 
We should investigate why building packages fails on archs other
than amd64 with Go 1.23.0

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-14 11:20:31 +02:00
Nicola Murino
121d5ae34d fix new lint warnings 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-14 08:46:55 +02:00
Nicola Murino
6f8bc59756 httpd: allow to configure cache control header 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-12 21:52:59 +02:00
Nicola Murino
2cc2fc64db update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-12 18:09:08 +02:00
Nicola Murino
3169197252 backports from main 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-12 18:06:08 +02:00
Nicola Murino
c2de3c3efc ip lists page: allow a missing description field 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-11 22:16:19 +02:00
Nicola Murino
ab83babcc6 resetpwd: also disable two-factor authentication 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-04 21:28:41 +02:00
Nicola Murino
4fd92db12a IDP account check: preserve user profile 
Fixes #1712

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-02 19:25:34 +02:00