Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,219 Commits 9 Branches 53 Tags
e7866047aa9af5e59d489386b9a6e5f5fb8d5815
Commit Graph

92 Commits

Author SHA1 Message Date
Nicola Murino
e7866047aa allow to edit profile to users logged in via OIDC 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-08-01 21:49:53 +02:00
Nicola Murino
2da19ef233 backport OIDC related changes from main 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-07-23 15:31:57 +02:00
Nicola Murino
b34bc2b818 add license header to source files 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-07-18 13:43:25 +02:00
Nicola Murino
7fd5558400 parse IP proxy header also if listening on UNIX domain socket 
Fixes #867

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-06-09 09:48:39 +02:00
Nicola Murino
cc2f23bd89 trim values for string lists which can be set as env vars 
See #857

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-31 18:22:18 +02:00
Nicola Murino
f6b11c2d01 httpd/webdav: allow to configure trusted proxy header and depth 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-28 19:47:23 +02:00
Nicola Murino
1a33b5bb53 allow different TLS certificates for each binding 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-21 16:34:47 +02:00
Nicola Murino
796ea1dde9 allow to store temporary sessions within the data provider 
so we can persist password reset codes, OIDC auth sessions and tokens.
These features will also work in multi-node setups without sicky
sessions now

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-19 19:49:51 +02:00
Nicola Murino
c9bd08cf9c UI branding: use the short name on the login pages 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-15 07:30:36 +02:00
Nicola Murino
5d7f6960f3 web UIs: add branding support 
Fixes #829

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-13 19:40:52 +02:00
Tim Birkett
7b1a0d3cd3 chore: disallow all crawlers with robots.txt (#833) 
Signed-off-by: Tim Birkett <tim.birkett@sainsburys.co.uk>
 2022-05-13 09:23:43 +02:00
Nicola Murino
504cd3efda add groups support 
Using groups simplifies the administration of multiple accounts by
letting you assign settings once to a group, instead of multiple
times to each individual user.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-25 15:49:11 +02:00
Nicola Murino
002a06629e refactoring of user session counters 
Fixes #792

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-14 19:07:41 +02:00
Nicola Murino
254b2ae87f add support for AWS container 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-03 08:52:36 +02:00
Nicola Murino
5cccb872bb add support to redirect HTTP to HTTPS 
Fixes #777

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-26 10:00:02 +01:00
Nicola Murino
aaf940edab enforce CSRF token usage by the same IP for which it was issued 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-26 08:41:50 +01:00
Nicola Murino
d955ddcef9 check that the jwt token is used by the same IP for which it 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-24 22:03:17 +01:00
Nicola Murino
93b9c1617e web UI: allow to load custom css 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-19 21:44:27 +01:00
Nicola Murino
d9f30e7ac5 add a global whitelist 
if defined only the listed IPs/networks can access the configured
services, all other client connections will be dropped before they
even try to authenticate

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-17 22:10:52 +01:00
Nicola Murino
d8de0faef5 allow to require two-factor auth for users 
Fixes #721

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-06 16:57:13 +01:00
Nicola Murino
79857a8733 config: restore defaults for smtp templates path 
It was mistakenly deleted in the previous commit

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-27 14:16:38 +01:00
Nicola Murino
dcc3292dbc web setup: add an optional installation code 
The purpose of this code is to prevent anyone who can access to
the initial setup screen from creating an admin user

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-27 13:08:47 +01:00
Nicola Murino
c6b8644828 OIDC: execute pre-login hook after IDP authentication 
so the SFTPGo users can be auto-created using the hook

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-19 10:53:35 +01:00
Nicola Murino
f1a255aa6c httpd: allow to restrict allowed hosts ... 
... and to add security headers to the responses

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-17 18:22:27 +01:00
Nicola Murino
f1832d4478 shares: add an upload form for shares with write scope 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-15 19:19:25 +01:00
Nicola Murino
1fccd05e9e allow to configure the minimum version of TLS to be enabled 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-13 15:56:07 +01:00
Nicola Murino
66945c0a02 Web UIs: add OpenID Connect support 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-13 14:30:20 +01:00
Nicola Murino
fa0ca8fe89 quota summary and docs improvements 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-08 12:43:08 +01:00
Nicola Murino
9382db751c make HTTP shares browsable 
if you share a single folder with read scope, you can now browse the share
and download single files

Fixes #674
See #677

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-06 16:46:43 +01:00
Nicola Murino
1df1225eed add support for data transfer bandwidth limits 
with total limit or separate settings for uploads and downloads and
overrides based on the client's IP address.

Limits can be reset using the REST API

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-30 11:42:36 +01:00
Jeremy Clerc
9709aed5e6 httpd: webpath redirect using status found (302) 
301 MovedPermanently is cached by the browser which can
be annoying when it is is on base path like / while one
may reuse the domain (e.g. localhost) for other apps/tests.

Fixes #695

Signed-off-by: Jeremy Clerc <jeremy@clerc.io>
 2022-01-26 21:50:37 +01:00
Nicola Murino
1f619d5ea6 make the sdk a separate module 
The SFTPGo SDK now is at the following URL

https://github.com/sftpgo/sdk

Fixes #657

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-06 11:54:43 +01:00
Nicola Murino
7c68b03d07 move plugin handling outside the sdk package 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-05 11:37:45 +01:00
Nicola Murino
2912b2e92e sdk: add a logger interface 
we are now ready to make the sdk a separate module

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-04 16:07:41 +01:00
Nicola Murino
ad483b7581 httpd: switch back to chi Recoverer now that the required patch is merged 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-04 09:48:16 +01:00
Nicola Murino
a587228cf0 add support for metadata plugins 2021-12-16 18:18:36 +01:00
Nicola Murino
c153330ab8 web client: use fetch to upload files 
also add REST API to upload a single file as POST body
 2021-12-08 19:25:22 +01:00
Nicola Murino
bedc8e288b web client: add support for integrating external viewers/editors 2021-12-03 18:33:08 +01:00
Nicola Murino
3f3591bae0 web client: allow to preview images and pdf 
pdf depends on browser support. It does not work on mobile devices.
 2021-11-25 19:24:32 +01:00
Nicola Murino
3d6b09e949 REST API: expose OpenAPI schema and render it using Swagger UI 
Fixes #609
 2021-11-21 09:32:51 +01:00
Nicola Murino
fb8f013ea7 web: update permissions on cookie refresh 2021-11-20 10:48:39 +01:00
Nicola Murino
0833b4698e httpd service: add CORS support 2021-11-13 23:14:50 +01:00
Nicola Murino
78233ff9a3 web UI/REST API: add password reset 
In order to reset the password from the admin/client user interface,
an SMTP configuration must be added and the user/admin must have an email
address.
You can prohibit the reset functionality on a per-user basis by using a
specific restriction.

Fixes #597
 2021-11-13 13:25:43 +01:00
Nicola Murino
3bc58f5988 WebClient/REST API: add sharing support 2021-11-06 14:13:20 +01:00
Nicola Murino
74fc3aaf37 REST API: add events search 2021-10-23 15:47:21 +02:00
Nicola Murino
4aa9686e3b refactor custom actions 
SFTPGo is now fully auditable, all fs and provider events that change
something are notified and can be collected using hooks/plugins.

There are some backward incompatible changes for command hooks
 2021-10-10 13:08:05 +02:00
Nicola Murino
64e87d64bd web client UI: allow to edit plain text files 
Fixes #567
 2021-10-09 14:17:28 +02:00
Nicola Murino
ba1febba73 rework user and admin profiles 
users and admins can now also update their email and description
 2021-09-29 18:46:15 +02:00
Nicola Murino
da5a061b65 add basic REST APIs for data retention 
Fixes #495
 2021-09-25 12:20:31 +02:00
Nicola Murino
bf4b3e6840 httpd: move the check connection middleware before the logger middleware 
Fixes #543
 2021-09-19 08:14:59 +02:00