Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-08 15:28:05 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,200 Commits 10 Branches 53 Tags
dadaca141a073ad07d19be2f2bd00d8a2ccd57c9
Commit Graph

163 Commits

Author SHA1 Message Date
Nicola Murino
b774289c6d change default value for naming_rules to 1 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-06-03 16:09:02 +02:00
Nicola Murino
f6b11c2d01 httpd/webdav: allow to configure trusted proxy header and depth 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-28 19:47:23 +02:00
Nicola Murino
32da923dfe httpd: add a setting to customize tokens validation 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-28 13:28:50 +02:00
Nicola Murino
7c724e18fe add support for ACME compliant certificate authorities 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-27 07:39:55 +02:00
Nicola Murino
90c21458b8 OIDC: add support for implicit roles 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-22 14:38:25 +02:00
Nicola Murino
1a33b5bb53 allow different TLS certificates for each binding 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-21 16:34:47 +02:00
Nicola Murino
0ecaa862bd web UIs: allow to replace the default CSS 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-21 11:05:58 +02:00
Nicola Murino
751946f47a allow to customize timeout and env vars for program based hooks 
Fixes #847

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-20 19:30:54 +02:00
Nicola Murino
5d7f6960f3 web UIs: add branding support 
Fixes #829

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-13 19:40:52 +02:00
Nicola Murino
4995cf1b02 defender: allow to load blocklist/safelist also from config/env vars 
Fixes #831

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-13 14:46:07 +02:00
Nicola Murino
ecd488a840 data provider: remove prefer_database_credentials 
Google Cloud Storage credentials are now always stored within the data
provider.

Added a migration to read credentials from disk and store them inside the
data provider.

After v2.3 we can also remove credentials_path

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-28 12:55:01 +02:00
Nicola Murino
cacfffc5bf OIDC: add support for custom fields 
These fields can be used in the pre-login hook to implement custom
logics

Fixes #787

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-12 19:31:25 +02:00
Nicola Murino
f9d8b83c2a sshd: disable by default ssh-rsa host key algo 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-04 18:52:19 +02:00
Nicola Murino
55f8171dd1 sshd: add support for host key certificates 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-01 08:03:56 +02:00
Nicola Murino
a7b159aebb ssh user certs: add a revoked list 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-31 21:49:06 +02:00
Nicola Murino
5cccb872bb add support to redirect HTTP to HTTPS 
Fixes #777

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-26 10:00:02 +01:00
Nicola Murino
93b9c1617e web UI: allow to load custom css 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-19 21:44:27 +01:00
Nicola Murino
d9f30e7ac5 add a global whitelist 
if defined only the listed IPs/networks can access the configured
services, all other client connections will be dropped before they
even try to authenticate

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-17 22:10:52 +01:00
Nicola Murino
7e7f662a23 ensure that defaults defined in code match the default config file 
Fixes #754

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-14 10:42:14 +01:00
Nicola Murino
0bec1c6012 change the default value for prefer_database_credentials to true ... 
... and deprecate this setting.

In the future we'll remove prefer_database_credentials and
credentials_path and we will not allow the credentials to be saved on
the filesystem

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-13 14:29:11 +01:00
Nicola Murino
5582f5c811 data provider: add automatic backups 
Automatic backup are enabled by default, a new backup will be saved
each day at midnight.

The backups_path setting was moved from the httpd section to the
data_provider one, please adjust your configuration file and or your
env vars

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-13 13:45:07 +01:00
Nicola Murino
79857a8733 config: restore defaults for smtp templates path 
It was mistakenly deleted in the previous commit

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-27 14:16:38 +01:00
Nicola Murino
dcc3292dbc web setup: add an optional installation code 
The purpose of this code is to prevent anyone who can access to
the initial setup screen from creating an admin user

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-27 13:08:47 +01:00
Nicola Murino
f1a255aa6c httpd: allow to restrict allowed hosts ... 
... and to add security headers to the responses

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-17 18:22:27 +01:00
Nicola Murino
1fccd05e9e allow to configure the minimum version of TLS to be enabled 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-13 15:56:07 +01:00
Nicola Murino
66945c0a02 Web UIs: add OpenID Connect support 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-13 14:30:20 +01:00
Nicola Murino
02db00d008 dataprovider: add naming rules 
naming rules allow to support case insensitive usernames, trim trailing
and leading white spaces, and accept any valid UTF-8 characters in
usernames.

If you were enabling `skip_natural_keys_validation` now you need to
set `naming_rules` to `1`

Fixes #687

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-31 18:01:37 +01:00
Nicola Murino
fb2d59ec92 data provider: add config options for certs validation/authentication 
Fixes #682

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-30 18:04:03 +01:00
Nicola Murino
6d3d94a01f move kms implementation outside the sdk package 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-06 10:11:47 +01:00
Nicola Murino
7c68b03d07 move plugin handling outside the sdk package 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-05 11:37:45 +01:00
Nicola Murino
a6fe802370 move kms definitions to the sdk package 
This is the first step to make the sdk a separate module

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-04 12:49:30 +01:00
Nicola Murino
7d8823307f defender: add provider driver 
Fixes #616
 2021-12-25 12:08:07 +01:00
Nicola Murino
bedc8e288b web client: add support for integrating external viewers/editors 2021-12-03 18:33:08 +01:00
Nicola Murino
4652f9ede8 FTPD: allow to set different passive IPs based on the client's IP address 2021-11-25 12:45:09 +01:00
Nicola Murino
3d6b09e949 REST API: expose OpenAPI schema and render it using Swagger UI 
Fixes #609
 2021-11-21 09:32:51 +01:00
Nicola Murino
0833b4698e httpd service: add CORS support 2021-11-13 23:14:50 +01:00
Martijn Pieters
f6938e76dc Parse auth plugin information from env 2021-11-02 11:36:30 +01:00
Nicola Murino
570964deb3 add post-disconnect hook 
Fixes #587
 2021-10-29 19:55:18 +02:00
Nicola Murino
74fc3aaf37 REST API: add events search 2021-10-23 15:47:21 +02:00
Nicola Murino
4aa9686e3b refactor custom actions 
SFTPGo is now fully auditable, all fs and provider events that change
something are notified and can be collected using hooks/plugins.

There are some backward incompatible changes for command hooks
 2021-10-10 13:08:05 +02:00
Nicola Murino
ea01c3a125 rate limiting: allow to exclude IP addresses/ranges 
Fixes #563
 2021-10-03 20:50:05 +02:00
Nicola Murino
1b4a1fbbe5 add data retention check hook 2021-10-03 15:17:49 +02:00
Nicola Murino
cc134cad9a data retention: allow to notify results via e-mail 2021-10-02 22:25:41 +02:00
Nicola Murino
da0ccc6426 add SMTP support 
it will be used in future update to add email sending capabilities
 2021-09-26 20:25:37 +02:00
Nicola Murino
8a4c21b64a add builtin two-factor auth support 
The builtin two-factor authentication is based on time-based one time
passwords (RFC 6238) which works with Authy, Google Authenticator and
other compatible apps.
 2021-09-04 12:11:04 +02:00
Nicola Murino
bcf088f586 data provider: update internal caches if the data provider is shared 2021-08-20 09:35:06 +02:00
Nicola Murino
ced2e16f41 add support for password validation rules 
Fixes #494
 2021-08-06 18:56:07 +02:00
Nicola Murino
a3c087456b ftpd: add some security checks 2021-08-05 18:38:15 +02:00
Nicola Murino
4781921336 fix loading enabled_ssh_commands config key 2021-07-29 00:54:22 +02:00
mmcgeefeedo
3ae8abda9e sftpd: add folder prefix middleware 2021-07-29 00:32:55 +02:00