README
¶
SFTPGo SDK
The SFTPGo SDK contains code useful for developing SFTPGo plugins.
Although we try not to break functionality, we reserve the right to reorganize the code at will and may occasionally cause breaks if they are warranted. As such we expect the tag of this module will stay less than v1.0.0.
For each SFTPGo branch there is a matching branch here. For example, the sftpgo-2.2.x branch matches SFTPGo v2.2.x.
Documentation
¶
Overview ¶
Package sdk provides SFTPGo data structures primarily intended for use within plugins
Index ¶
- Constants
- Variables
- func IsProviderSupported(provider FilesystemProvider) bool
- type AzBlobFsConfig
- type BandwidthLimit
- type BaseAzBlobFsConfig
- type BaseGCSFsConfig
- type BaseGroup
- type BaseGroupUserSettings
- type BaseHTTPFsConfig
- type BaseS3FsConfig
- type BaseSFTPFsConfig
- type BaseUser
- type BaseUserFilters
- type BaseVirtualFolder
- type CryptFsConfig
- type DirectoryPermissions
- type Filesystem
- type FilesystemProvider
- type GCSFsConfig
- type Group
- type GroupMapping
- type GroupUserSettings
- type HTTPFsConfig
- type HooksFilter
- type OSFsConfig
- type PatternsFilter
- type RecoveryCode
- type S3FsConfig
- type SFTPFsConfig
- type TLSUsername
- type TOTPConfig
- type TimePeriod
- type User
- type UserFilters
- type UserType
- type VirtualFolder
Constants ¶
View Source
const ( // Primary group GroupTypePrimary = iota + 1 // Secondary group GroupTypeSecondary // Membership only, no settings are inherited from this group type GroupTypeMembership )
Group types
View Source
const ( WebClientPubKeyChangeDisabled = "publickey-change-disabled" WebClientTLSCertChangeDisabled = "tls-cert-change-disabled" WebClientWriteDisabled = "write-disabled" WebClientMFADisabled = "mfa-disabled" WebClientPasswordChangeDisabled = "password-change-disabled" WebClientAPIKeyAuthChangeDisabled = "api-key-auth-change-disabled" WebClientInfoChangeDisabled = "info-change-disabled" WebClientPasswordResetDisabled = "password-reset-disabled" )
Web Client/user REST API restrictions
View Source
const ( // DenyPolicyDefault means that denied files matching the filters are visible in directory // listing but cannot be uploaded/downloaded/overwritten/renamed DenyPolicyDefault = iota // DenyPolicyHide applies the same restrictions as DenyPolicyDefault and denied files/directories // matching the filters will also be hidden in directory listing. // This mode may cause performance issues for large directories DenyPolicyHide )
Variables ¶
View Source
var ( // WebClientOptions defines the available options for the web client interface/user REST API WebClientOptions = []string{WebClientWriteDisabled, WebClientPasswordChangeDisabled, WebClientPasswordResetDisabled, WebClientPubKeyChangeDisabled, WebClientTLSCertChangeDisabled, WebClientMFADisabled, WebClientAPIKeyAuthChangeDisabled, WebClientInfoChangeDisabled, WebClientSharesDisabled, WebClientShareNoPasswordDisabled} // UserTypes defines the supported user type hints for auth plugins UserTypes = []string{string(UserTypeLDAP), string(UserTypeOS)} )
Functions ¶
func IsProviderSupported ¶ added in v0.1.7
func IsProviderSupported(provider FilesystemProvider) bool
IsProviderSupported returns true if the specified provider is supported.
Types ¶
type AzBlobFsConfig ¶
type AzBlobFsConfig struct {
BaseAzBlobFsConfig
// Storage Account Key leave blank to use SAS URL.
// The access key is stored encrypted based on the kms configuration
AccountKey kms.BaseSecret `json:"account_key,omitempty"`
// Shared access signature URL, leave blank if using account/key
SASURL kms.BaseSecret `json:"sas_url,omitempty"`
}
AzBlobFsConfig defines the configuration for Azure Blob Storage based filesystem
type BandwidthLimit ¶
type BandwidthLimit struct {
// Source networks in CIDR notation as defined in RFC 4632 and RFC 4291
// for example "192.0.2.0/24" or "2001:db8::/32". The limit applies if the
// defined networks contain the client IP
Sources []string `json:"sources"`
// Maximum upload bandwidth as KB/s
UploadBandwidth int64 `json:"upload_bandwidth,omitempty"`
// Maximum download bandwidth as KB/s
DownloadBandwidth int64 `json:"download_bandwidth,omitempty"`
}
BandwidthLimit defines a per-source bandwidth limit
func (*BandwidthLimit) GetSourcesAsString ¶
func (l *BandwidthLimit) GetSourcesAsString() string
GetSourcesAsString returns the sources as comma separated string
type BaseAzBlobFsConfig ¶
type BaseAzBlobFsConfig struct {
Container string `json:"container,omitempty"`
// Storage Account Name, leave blank to use SAS URL
AccountName string `json:"account_name,omitempty"`
// Optional endpoint. Default is "blob.core.windows.net".
// If you use the emulator the endpoint must include the protocol,
// for example "http://127.0.0.1:10000"
Endpoint string `json:"endpoint,omitempty"`
// KeyPrefix is similar to a chroot directory for local filesystem.
// If specified then the SFTPGo user will only see objects that starts
// with this prefix and so you can restrict access to a specific
// folder. The prefix, if not empty, must not start with "/" and must
// end with "/".
// If empty the whole bucket contents will be available
KeyPrefix string `json:"key_prefix,omitempty"`
// The buffer size (in MB) to use for multipart uploads.
// If this value is set to zero, the default value (5MB) will be used.
// Please note that if the upload bandwidth between the SFTPGo client and SFTPGo server is
// greater than the upload bandwidth between SFTPGo and Azure then the SFTP client have
// to wait for the upload of the last parts to Azure after it ends the file upload to SFTPGo,
// and it may time out.
// Keep this in mind if you customize these parameters.
UploadPartSize int64 `json:"upload_part_size,omitempty"`
// How many parts are uploaded in parallel. Default: 5
UploadConcurrency int `json:"upload_concurrency,omitempty"`
// The buffer size (in MB) to use for multipart downloads.
// If this value is set to zero, the default value (5MB) will be used.
DownloadPartSize int64 `json:"download_part_size,omitempty"`
// How many parts are downloaded in parallel. 0 means the default (5)
DownloadConcurrency int `json:"download_concurrency,omitempty"`
// Set to true if you use an Azure emulator such as Azurite
UseEmulator bool `json:"use_emulator,omitempty"`
// Blob Access Tier
AccessTier string `json:"access_tier,omitempty"`
}
BaseAzBlobFsConfig defines the base configuration for Azure Blob Storage based filesystem
type BaseGCSFsConfig ¶
type BaseGCSFsConfig struct {
Bucket string `json:"bucket,omitempty"`
// KeyPrefix is similar to a chroot directory for local filesystem.
// If specified then the SFTP user will only see objects that starts
// with this prefix and so you can restrict access to a specific
// folder. The prefix, if not empty, must not start with "/" and must
// end with "/".
// If empty the whole bucket contents will be available
KeyPrefix string `json:"key_prefix,omitempty"`
CredentialFile string `json:"-"`
// 0 explicit, 1 automatic
AutomaticCredentials int `json:"automatic_credentials,omitempty"`
StorageClass string `json:"storage_class,omitempty"`
// The ACL to apply to uploaded objects. Leave empty to use the default ACL.
// For more information and available ACLs, refer to the JSON API here:
// https://cloud.google.com/storage/docs/access-control/lists#predefined-acl
ACL string `json:"acl,omitempty"`
// The buffer size (in MB) to use for multipart uploads. The default value is 16MB.
// 0 means use the default
UploadPartSize int64 `json:"upload_part_size,omitempty"`
// UploadPartMaxTime defines the maximum time allowed, in seconds, to upload a single chunk.
// The default value is 32. 0 means use the default
UploadPartMaxTime int `json:"upload_part_max_time,omitempty"`
}
BaseGCSFsConfig defines the base configuration for Google Cloud Storage based filesystems
type BaseGroup ¶ added in v0.1.1
type BaseGroup struct {
// Data provider unique identifier
ID int64 `json:"id"`
// Group name
Name string `json:"name"`
// optional description
Description string `json:"description,omitempty"`
// Creation time as unix timestamp in milliseconds
CreatedAt int64 `json:"created_at"`
// last update time as unix timestamp in milliseconds
UpdatedAt int64 `json:"updated_at"`
// list of usernames associated with this group
Users []string `json:"users,omitempty"`
// list of admins associated with this group
Admins []string `json:"admins,omitempty"`
}
BaseGroup defines the shared group fields
type BaseGroupUserSettings ¶ added in v0.1.1
type BaseGroupUserSettings struct {
HomeDir string `json:"home_dir"`
// Maximum concurrent sessions. 0 means unlimited
MaxSessions int `json:"max_sessions"`
// Maximum size allowed as bytes. 0 means unlimited
QuotaSize int64 `json:"quota_size"`
// Maximum number of files allowed. 0 means unlimited
QuotaFiles int `json:"quota_files"`
// List of permissions granted per-directory
Permissions map[string][]string `json:"permissions"`
// Maximum upload bandwidth as KB/s, 0 means unlimited.
// This is the default if no per-source limit match
UploadBandwidth int64 `json:"upload_bandwidth,omitempty"`
// Maximum download bandwidth as KB/s, 0 means unlimited.
// This is the default if no per-source limit match
DownloadBandwidth int64 `json:"download_bandwidth,omitempty"`
// Maximum data transfer allowed for uploads as MB. 0 means no limit.
// You can periodically reset the data related transfer fields for example
// each month
UploadDataTransfer int64 `json:"upload_data_transfer"`
// Maximum data transfer allowed for downloads as MB. 0 means no limit.
DownloadDataTransfer int64 `json:"download_data_transfer"`
// Maximum total data transfer as MB. 0 means unlimited.
// You can set a total data transfer instead of the individual values
// for uploads and downloads
TotalDataTransfer int64 `json:"total_data_transfer"`
// Defines account expiration in number of days from creation.
// 0 means no expiration
ExpiresIn int `json:"expires_in,omitempty"`
// Additional restrictions
Filters BaseUserFilters `json:"filters"`
}
BaseGroupUserSettings defines the base settings to apply to users
type BaseHTTPFsConfig ¶ added in v0.1.2
type BaseHTTPFsConfig struct {
// HTTP/S endpoint URL. SFTPGo will use this URL as base, for example for the
// "stat" API, SFTPGo will add "/stat/{name}"
Endpoint string `json:"endpoint,omitempty"`
Username string `json:"username,omitempty"`
// if enabled the HTTP client accepts any TLS certificate presented by
// the server and any host name in that certificate.
// In this mode, TLS is susceptible to man-in-the-middle attacks.
// This should be used only for testing.
SkipTLSVerify bool `json:"skip_tls_verify,omitempty"`
// Defines how to check if this config points to the same
// server as another config. By default both the endpoint and
// the username must match. 1 means that only the endpoint must match.
// If different configs point to the same server the renaming
// between the fs configs is allowed.
EqualityCheckMode int `json:"equality_check_mode,omitempty"`
}
BaseHTTPFsConfig defines the base configuration for HTTP based filesystem
type BaseS3FsConfig ¶
type BaseS3FsConfig struct {
Bucket string `json:"bucket,omitempty"`
// KeyPrefix is similar to a chroot directory for local filesystem.
// If specified then the SFTP user will only see objects that starts
// with this prefix and so you can restrict access to a specific
// folder. The prefix, if not empty, must not start with "/" and must
// end with "/".
// If empty the whole bucket contents will be available
KeyPrefix string `json:"key_prefix,omitempty"`
Region string `json:"region,omitempty"`
AccessKey string `json:"access_key,omitempty"`
// IAM Role ARN to assume
RoleARN string `json:"role_arn,omitempty"`
// Optional Session token that is a part of temporary security credentials provisioned by AWS STS.
SessionToken string `json:"session_token,omitempty"`
Endpoint string `json:"endpoint,omitempty"`
StorageClass string `json:"storage_class,omitempty"`
// The canned ACL to apply to uploaded objects. Leave empty to use the default ACL.
// For more information and available ACLs, see here:
// https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl
ACL string `json:"acl,omitempty"`
// The buffer size (in MB) to use for multipart uploads. The minimum allowed part size is 5MB,
// and if this value is set to zero, the default value (5MB) for the AWS SDK will be used.
// The minimum allowed value is 5.
// Please note that if the upload bandwidth between the SFTP client and SFTPGo is greater than
// the upload bandwidth between SFTPGo and S3 then the SFTP client have to wait for the upload
// of the last parts to S3 after it ends the file upload to SFTPGo, and it may time out.
// Keep this in mind if you customize these parameters.
UploadPartSize int64 `json:"upload_part_size,omitempty"`
// How many parts are uploaded in parallel. 0 means the default (5)
UploadConcurrency int `json:"upload_concurrency,omitempty"`
// The buffer size (in MB) to use for multipart downloads. The minimum allowed part size is 5MB,
// and if this value is set to zero, the default value (5MB) for the AWS SDK will be used.
// The minimum allowed value is 5. Ignored for partial downloads.
DownloadPartSize int64 `json:"download_part_size,omitempty"`
// UploadPartMaxTime defines the maximum time allowed, in seconds, to upload a single chunk.
// 0 means no timeout.
UploadPartMaxTime int `json:"upload_part_max_time,omitempty"`
// How many parts are downloaded in parallel. 0 means the default (5). Ignored for partial downloads.
DownloadConcurrency int `json:"download_concurrency,omitempty"`
// DownloadPartMaxTime defines the maximum time allowed, in seconds, to download a single chunk.
// 0 means no timeout. Ignored for partial downloads.
DownloadPartMaxTime int `json:"download_part_max_time,omitempty"`
// Set this to `true` to force the request to use path-style addressing,
// i.e., `http://s3.amazonaws.com/BUCKET/KEY`. By default, the S3 client
// will use virtual hosted bucket addressing when possible
// (`http://BUCKET.s3.amazonaws.com/KEY`)
ForcePathStyle bool `json:"force_path_style,omitempty"`
// If enabled the S3 client accepts any TLS certificate presented by
// the server and any host name in that certificate.
// In this mode, TLS is susceptible to man-in-the-middle attacks.
// This should be used only for testing.
SkipTLSVerify bool `json:"skip_tls_verify,omitempty"`
}
BaseS3FsConfig defines the base configuration for S3 based filesystems
type BaseSFTPFsConfig ¶
type BaseSFTPFsConfig struct {
Endpoint string `json:"endpoint,omitempty"`
Username string `json:"username,omitempty"`
Fingerprints []string `json:"fingerprints,omitempty"`
// Prefix is the path prefix to strip from SFTP resource paths.
Prefix string `json:"prefix,omitempty"`
// Concurrent reads are safe to use and disabling them will degrade performance.
// Some servers automatically delete files once they are downloaded.
// Using concurrent reads is problematic with such servers.
DisableCouncurrentReads bool `json:"disable_concurrent_reads,omitempty"`
// The buffer size (in MB) to use for transfers.
// Buffering could improve performance for high latency networks.
// With buffering enabled upload resume is not supported and a file
// cannot be opened for both reading and writing at the same time
// 0 means disabled.
BufferSize int64 `json:"buffer_size,omitempty"`
// Defines how to check if this config points to the same
// server as another config. By default both the endpoint and
// the username must match. 1 means that only the endpoint must match.
// If different configs point to the same server the renaming
// between the fs configs is allowed.
EqualityCheckMode int `json:"equality_check_mode,omitempty"`
}
BaseSFTPFsConfig defines the base configuration for SFTP based filesystem
type BaseUser ¶
type BaseUser struct {
// Data provider unique identifier
ID int64 `json:"id"`
// 1 enabled, 0 disabled (login is not allowed)
Status int `json:"status"`
// Username
Username string `json:"username"`
// Email
Email string `json:"email,omitempty"`
// Account expiration date as unix timestamp in milliseconds. An expired account cannot login.
// 0 means no expiration
ExpirationDate int64 `json:"expiration_date,omitempty"`
// Password used for password authentication.
// For users created using SFTPGo REST API the password is be stored using bcrypt or argon2id hashing algo.
// Checking passwords stored with pbkdf2, md5crypt and sha512crypt is supported too.
Password string `json:"password,omitempty"`
// PublicKeys used for public key authentication.
PublicKeys []string `json:"public_keys,omitempty"`
// Indicates whether the password is set
HasPassword bool `json:"has_password,omitempty"`
// The user cannot upload or download files outside this directory. Must be an absolute path
HomeDir string `json:"home_dir"`
// If SFTPGo runs as root system user then the created files and directories will be assigned to this system UID
UID int `json:"uid"`
// If SFTPGo runs as root system user then the created files and directories will be assigned to this system GID
GID int `json:"gid"`
// Maximum concurrent sessions. 0 means unlimited
MaxSessions int `json:"max_sessions"`
// Maximum size allowed as bytes. 0 means unlimited
QuotaSize int64 `json:"quota_size"`
// Maximum number of files allowed. 0 means unlimited
QuotaFiles int `json:"quota_files"`
// List of permissions granted per-directory
Permissions map[string][]string `json:"permissions"`
// Used quota as bytes
UsedQuotaSize int64 `json:"used_quota_size,omitempty"`
// Used quota as number of files
UsedQuotaFiles int `json:"used_quota_files,omitempty"`
// Last quota update as unix timestamp in milliseconds
LastQuotaUpdate int64 `json:"last_quota_update,omitempty"`
// Maximum upload bandwidth as KB/s, 0 means unlimited.
// This is the default if no per-source limit match
UploadBandwidth int64 `json:"upload_bandwidth,omitempty"`
// Maximum download bandwidth as KB/s, 0 means unlimited.
// This is the default if no per-source limit match
DownloadBandwidth int64 `json:"download_bandwidth,omitempty"`
// Maximum data transfer allowed for uploads as MB. 0 means no limit.
// You can periodically reset the data related transfer fields for example
// each month
UploadDataTransfer int64 `json:"upload_data_transfer"`
// Maximum data transfer allowed for downloads as MB. 0 means no limit.
DownloadDataTransfer int64 `json:"download_data_transfer"`
// Maximum total data transfer as MB. 0 means unlimited.
// You can set a total data transfer instead of the individual values
// for uploads and downloads
TotalDataTransfer int64 `json:"total_data_transfer"`
// Uploaded size, as bytes, since the last reset
UsedUploadDataTransfer int64 `json:"used_upload_data_transfer,omitempty"`
// Downloaded size, as bytes, since the last reset
UsedDownloadDataTransfer int64 `json:"used_download_data_transfer,omitempty"`
// Last login as unix timestamp in milliseconds
LastLogin int64 `json:"last_login,omitempty"`
// Creation time as unix timestamp in milliseconds. It will be 0 for admins created before v2.2.0
CreatedAt int64 `json:"created_at"`
// last update time as unix timestamp in milliseconds
UpdatedAt int64 `json:"updated_at"`
// first download time as unix timestamp in milliseconds
FirstDownload int64 `json:"first_download,omitempty"`
// first upload time as unix timestamp in milliseconds
FirstUpload int64 `json:"first_upload,omitempty"`
// last password change as unix timestamp in milliseconds
LastPasswordChange int64 `json:"last_password_change,omitempty"`
// optional description, for example full name
Description string `json:"description,omitempty"`
// free form text field for external systems
AdditionalInfo string `json:"additional_info,omitempty"`
// groups associated with this user
Groups []GroupMapping `json:"groups,omitempty"`
// This field is passed to the pre-login hook if custom OIDC fields have been configured.
// Field values can be of any type (this is a free form object) and depend on the type
// of the configured OIDC fields.
// This fields are never saved or returned in anything other than the pre-login hook
OIDCCustomFields *map[string]interface{} `json:"oidc_custom_fields,omitempty"`
// Role name
Role string `json:"role,omitempty"`
}
BaseUser defines the shared user fields
type BaseUserFilters ¶
type BaseUserFilters struct {
// only clients connecting from these IP/Mask are allowed.
// IP/Mask must be in CIDR notation as defined in RFC 4632 and RFC 4291
// for example "192.0.2.0/24" or "2001:db8::/32"
AllowedIP []string `json:"allowed_ip,omitempty"`
// clients connecting from these IP/Mask are not allowed.
// Denied rules will be evaluated before allowed ones
DeniedIP []string `json:"denied_ip,omitempty"`
// these login methods are not allowed.
// If null or empty any available login method is allowed
DeniedLoginMethods []string `json:"denied_login_methods,omitempty"`
// these protocols are not allowed.
// If null or empty any available protocol is allowed
DeniedProtocols []string `json:"denied_protocols,omitempty"`
// filter based on shell patterns.
// Please note that these restrictions can be easily bypassed.
FilePatterns []PatternsFilter `json:"file_patterns,omitempty"`
// max size allowed for a single upload, 0 means unlimited
MaxUploadFileSize int64 `json:"max_upload_file_size,omitempty"`
// TLS certificate attribute to use as username.
// For FTP clients it must match the name provided using the
// "USER" command
TLSUsername TLSUsername `json:"tls_username,omitempty"`
// TLSCerts defines the allowed TLS certificates for mutual authentication.
// If provided will be checked before TLSUsername
TLSCerts []string `json:"tls_certs,omitempty"`
// user specific hook overrides
Hooks HooksFilter `json:"hooks,omitempty"`
// Disable checks for existence and automatic creation of home directory
// and virtual folders.
// SFTPGo requires that the user's home directory, virtual folder root,
// and intermediate paths to virtual folders exist to work properly.
// If you already know that the required directories exist, disabling
// these checks will speed up login.
// You could, for example, disable these checks after the first login
DisableFsChecks bool `json:"disable_fs_checks,omitempty"`
// WebClient related configuration options
WebClient []string `json:"web_client,omitempty"`
// API key auth allows to impersonate this user with an API key
AllowAPIKeyAuth bool `json:"allow_api_key_auth,omitempty"`
// UserType is an hint for authentication plugins.
// It is ignored when using SFTPGo internal authentication
UserType string `json:"user_type,omitempty"`
// Per-source bandwidth limits
BandwidthLimits []BandwidthLimit `json:"bandwidth_limits,omitempty"`
// Defines the cache time, in seconds, for users authenticated using
// an external auth hook. 0 means no cache
ExternalAuthCacheTime int64 `json:"external_auth_cache_time,omitempty"`
// Specifies an alternate starting directory. If not set, the default is "/".
// This option is supported for SFTP/SCP, FTP and HTTP (WebClient/REST API) protocols.
// Relative paths will use this directory as base
StartDirectory string `json:"start_directory,omitempty"`
// TwoFactorAuthProtocols defines protocols that require two factor authentication
TwoFactorAuthProtocols []string `json:"two_factor_protocols,omitempty"`
// Define the FTP security mode. Set to 1 to require TLS for both data and control
// connection. This setting is useful if you want to allow both encrypted and plain text
// FTP sessions globally and then you want to require encrypted sessions on a per-user
// basis.
// It has no effect if TLS is already required for all users in the configuration file.
FTPSecurity int `json:"ftp_security,omitempty"`
// If enabled the user can login with any password or no password at all.
// Anonymous users are supported for FTP and WebDAV protocols and
// permissions will be automatically set to "list" and "download" (read only)
IsAnonymous bool `json:"is_anonymous,omitempty"`
// 0 means no expiration
DefaultSharesExpiration int `json:"default_shares_expiration,omitempty"`
// must set an expiration for their shares and it must be less than or equal
// to this number of days. 0 means any expiration
MaxSharesExpiration int `json:"max_shares_expiration,omitempty"`
// The password expires after the defined number of days. 0 means no expiration
PasswordExpiration int `json:"password_expiration,omitempty"`
// PasswordStrength defines the minimum password strength.
// 0 means disabled, any password will be accepted. Values in the 50-70
// range are suggested for common use cases.
PasswordStrength int `json:"password_strength,omitempty"`
// AccessTime defines the time periods in which access is allowed
AccessTime []TimePeriod `json:"access_time,omitempty"`
}
BaseUserFilters defines additional restrictions for a user
func (*BaseUserFilters) GetFlatFilePatterns ¶ added in v0.1.1
func (f *BaseUserFilters) GetFlatFilePatterns() []PatternsFilter
GetFlatFilePatterns returns file patterns as flat list duplicating a path if it has both allowed and denied patterns
type BaseVirtualFolder ¶
type BaseVirtualFolder struct {
ID int64 `json:"id"`
Name string `json:"name"`
MappedPath string `json:"mapped_path,omitempty"`
Description string `json:"description,omitempty"`
UsedQuotaSize int64 `json:"used_quota_size"`
// Used quota as number of files
UsedQuotaFiles int `json:"used_quota_files"`
// Last quota update as unix timestamp in milliseconds
LastQuotaUpdate int64 `json:"last_quota_update"`
// list of usernames associated with this virtual folder
Users []string `json:"users,omitempty"`
// list of group names associated with this virtual folder
Groups []string `json:"groups,omitempty"`
// Filesystem configuration details
FsConfig Filesystem `json:"filesystem"`
}
BaseVirtualFolder defines the path for the virtual folder and the used quota limits. The same folder can be shared among multiple users and each user can have different quota limits or a different virtual path.
type CryptFsConfig ¶
type CryptFsConfig struct {
OSFsConfig
Passphrase kms.BaseSecret `json:"passphrase,omitempty"`
}
CryptFsConfig defines the configuration to store local files as encrypted
type DirectoryPermissions ¶
DirectoryPermissions defines permissions for a directory virtual path
type Filesystem ¶
type Filesystem struct {
Provider FilesystemProvider `json:"provider"`
OSConfig OSFsConfig `json:"osconfig,omitempty"`
S3Config S3FsConfig `json:"s3config,omitempty"`
GCSConfig GCSFsConfig `json:"gcsconfig,omitempty"`
AzBlobConfig AzBlobFsConfig `json:"azblobconfig,omitempty"`
CryptConfig CryptFsConfig `json:"cryptconfig,omitempty"`
SFTPConfig SFTPFsConfig `json:"sftpconfig,omitempty"`
HTTPConfig HTTPFsConfig `json:"httpconfig,omitempty"`
}
Filesystem defines filesystem details
type FilesystemProvider ¶
type FilesystemProvider int
FilesystemProvider defines the supported storage filesystems
const ( LocalFilesystemProvider FilesystemProvider = iota // Local S3FilesystemProvider // AWS S3 compatible GCSFilesystemProvider // Google Cloud Storage AzureBlobFilesystemProvider // Azure Blob Storage CryptedFilesystemProvider // Local encrypted SFTPFilesystemProvider // SFTP HTTPFilesystemProvider // HTTP )
supported values for FilesystemProvider
type GCSFsConfig ¶
type GCSFsConfig struct {
BaseGCSFsConfig
Credentials kms.BaseSecret `json:"credentials,omitempty"`
}
GCSFsConfig defines the configuration for Google Cloud Storage based filesystems
type Group ¶ added in v0.1.1
type Group struct {
BaseGroup
// settings to apply to users for whom this is a primary group
UserSettings GroupUserSettings `json:"user_settings,omitempty"`
// Mapping between virtual paths and virtual folders
VirtualFolders []VirtualFolder `json:"virtual_folders,omitempty"`
}
Group defines an SFTPGo group. Groups are used to easily configure similar users
type GroupMapping ¶ added in v0.1.1
GroupMapping defines the mapping between an SFTPGo user and a group
type GroupUserSettings ¶ added in v0.1.1
type GroupUserSettings struct {
BaseGroupUserSettings
// Filesystem configuration details
FsConfig Filesystem `json:"filesystem"`
}
GroupUserSettings defines the settings to apply to users
type HTTPFsConfig ¶ added in v0.1.2
type HTTPFsConfig struct {
BaseHTTPFsConfig
Password kms.BaseSecret `json:"password,omitempty"`
APIKey kms.BaseSecret `json:"api_key,omitempty"`
}
HTTPFsConfig defines the configuration for HTTP based filesystem
type HooksFilter ¶
type HooksFilter struct {
ExternalAuthDisabled bool `json:"external_auth_disabled"`
PreLoginDisabled bool `json:"pre_login_disabled"`
CheckPasswordDisabled bool `json:"check_password_disabled"`
}
HooksFilter defines user specific overrides for global hooks
type OSFsConfig ¶ added in v0.1.4
type OSFsConfig struct {
// Read buffer size as bytes, 0 means no buffering
ReadBufferSize int `json:"read_buffer_size,omitempty"`
// Write buffer size as bytes, 0 means no buffering
WriteBufferSize int `json:"write_buffer_size,omitempty"`
}
OSFsConfig defines the configuration for local filesystem
type PatternsFilter ¶
type PatternsFilter struct {
// Virtual path, if no other specific filter is defined, the filter applies for
// sub directories too.
// For example if filters are defined for the paths "/" and "/sub" then the
// filters for "/" are applied for any file outside the "/sub" directory
Path string `json:"path"`
// files/dir with these, case insensitive, patterns are allowed.
// Denied file patterns are evaluated before the allowed ones
AllowedPatterns []string `json:"allowed_patterns,omitempty"`
// files/dir with these, case insensitive, patterns are not allowed.
// Denied file patterns are evaluated before the allowed ones
DeniedPatterns []string `json:"denied_patterns,omitempty"`
// Deny policy
DenyPolicy int `json:"deny_policy,omitempty"`
}
PatternsFilter defines filters based on shell like patterns. System commands such as Git and rsync interacts with the filesystem directly and they are not aware about these restrictions so they are not allowed inside paths with extensions filters
func (*PatternsFilter) CheckAllowed ¶ added in v0.1.1
func (p *PatternsFilter) CheckAllowed(item string) bool
CheckAllowed returns true if the specified item is allowed
func (*PatternsFilter) GetCommaSeparatedPatterns ¶
func (p *PatternsFilter) GetCommaSeparatedPatterns() string
GetCommaSeparatedPatterns returns the first non empty patterns list comma separated
func (*PatternsFilter) IsAllowed ¶
func (p *PatternsFilter) IsAllowed() bool
IsAllowed returns true if the patterns has one or more allowed patterns
func (*PatternsFilter) IsDenied ¶
func (p *PatternsFilter) IsDenied() bool
IsDenied returns true if the patterns has one or more denied patterns
type RecoveryCode ¶
type RecoveryCode struct {
Secret kms.BaseSecret `json:"secret"`
Used bool `json:"used,omitempty"`
}
RecoveryCode defines a 2FA recovery code
type S3FsConfig ¶
type S3FsConfig struct {
BaseS3FsConfig
AccessSecret kms.BaseSecret `json:"access_secret,omitempty"`
}
S3FsConfig defines the base configuration for S3 based filesystems
type SFTPFsConfig ¶
type SFTPFsConfig struct {
BaseSFTPFsConfig
Password kms.BaseSecret `json:"password,omitempty"`
PrivateKey kms.BaseSecret `json:"private_key,omitempty"`
}
SFTPFsConfig defines the configuration for SFTP based filesystem
type TLSUsername ¶
type TLSUsername string
TLSUsername defines the TLS certificate attribute to use as username
const ( TLSUsernameNone TLSUsername = "None" TLSUsernameCN TLSUsername = "CommonName" )
Supported certificate attributes to use as username
type TOTPConfig ¶
type TOTPConfig struct {
Enabled bool `json:"enabled,omitempty"`
ConfigName string `json:"config_name,omitempty"`
Secret kms.BaseSecret `json:"secret,omitempty"`
// TOTP will be required for the specified protocols.
// SSH protocol (SFTP/SCP/SSH commands) will ask for the TOTP passcode if the client uses keyboard interactive
// authentication.
// FTP have no standard way to support two factor authentication, if you
// enable the support for this protocol you have to add the TOTP passcode after the password.
// For example if your password is "password" and your one time passcode is
// "123456" you have to use "password123456" as password.
Protocols []string `json:"protocols,omitempty"`
}
TOTPConfig defines the time-based one time password configuration
type TimePeriod ¶ added in v0.1.7
type TimePeriod struct {
DayOfWeek int `json:"day_of_week,omitempty"`
From string `json:"from,omitempty"`
To string `json:"to,omitempty"`
}
TimePeriod defines a period of time
type User ¶
type User struct {
BaseUser
// Additional restrictions
Filters UserFilters `json:"filters"`
// Mapping between virtual paths and virtual folders
VirtualFolders []VirtualFolder `json:"virtual_folders,omitempty"`
// Filesystem configuration details
FsConfig Filesystem `json:"filesystem"`
}
User defines a SFTPGo user
type UserFilters ¶
type UserFilters struct {
BaseUserFilters
// User must change password from WebClient/REST API at next login.
RequirePasswordChange bool `json:"require_password_change,omitempty"`
// Time-based one time passwords configuration
TOTPConfig TOTPConfig `json:"totp_config,omitempty"`
// Recovery codes to use if the user loses access to their second factor auth device.
// Each code can only be used once, you should use these codes to login and disable or
// reset 2FA for your account
RecoveryCodes []RecoveryCode `json:"recovery_codes,omitempty"`
}
UserFilters defines additional restrictions for a user TODO: rename to UserOptions in v3
type UserType ¶
type UserType string
UserType defines the supported user types. This is an hint for external auth plugins, is not used in SFTPGo directly
type VirtualFolder ¶
type VirtualFolder struct {
BaseVirtualFolder
VirtualPath string `json:"virtual_path"`
// Maximum size allowed as bytes. 0 means unlimited, -1 included in user quota
QuotaSize int64 `json:"quota_size"`
// Maximum number of files allowed. 0 means unlimited, -1 included in user quota
QuotaFiles int `json:"quota_files"`
}
VirtualFolder defines a mapping between an SFTPGo exposed virtual path and a filesystem path outside the user home directory. The specified paths must be absolute and the virtual path cannot be "/", it must be a sub directory. The parent directory for the specified virtual path must exist. SFTPGo will, by default, try to automatically create any missing parent directory for the configured virtual folders at user login.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package kms provides Key Management Services support
|
Package kms provides Key Management Services support |
|
auth
Package auth defines the interface and the GRPC implementation for authentication plugins.
|
Package auth defines the interface and the GRPC implementation for authentication plugins. |
|
eventsearcher
Package eventsearcher defines the interface and the GRPC implementation for events search plugins.
|
Package eventsearcher defines the interface and the GRPC implementation for events search plugins. |
|
ipfilter
Package ipfilter defines the interface and the GRPC implementation for IP filter plugins.
|
Package ipfilter defines the interface and the GRPC implementation for IP filter plugins. |
|
kms
Package kms defines the interface and the GRPC implementation for kms plugins.
|
Package kms defines the interface and the GRPC implementation for kms plugins. |
|
notifier
Package notifier defines the interface and the GRPC implementation for event notifier plugins.
|
Package notifier defines the interface and the GRPC implementation for event notifier plugins. |
Click to show internal directories.
Click to hide internal directories.