Documentation ¶
Overview ¶
Package dataprovider provides data access. It abstracts different data providers and exposes a common API.
Index ¶
- Constants
- Variables
- func AddFolder(p Provider, folder vfs.BaseVirtualFolder) error
- func AddUser(p Provider, user User) error
- func Close(p Provider) error
- func DeleteFolder(p Provider, folder vfs.BaseVirtualFolder) error
- func DeleteUser(p Provider, user User) error
- func GetFolderByPath(p Provider, mappedPath string) (vfs.BaseVirtualFolder, error)
- func GetFolders(p Provider, limit, offset int, order, folderPath string) ([]vfs.BaseVirtualFolder, error)
- func GetProviderStatus(p Provider) error
- func GetQuotaTracking() int
- func GetUsedQuota(p Provider, username string) (int, int64, error)
- func GetUsedVirtualFolderQuota(p Provider, mappedPath string) (int, int64, error)
- func Initialize(cnf Config, basePath string) error
- func InitializeDatabase(cnf Config, basePath string) error
- func ReloadConfig() error
- func UpdateLastLogin(p Provider, user User) error
- func UpdateUser(p Provider, user User) error
- func UpdateUserQuota(p Provider, user User, filesAdd int, sizeAdd int64, reset bool) error
- func UpdateVirtualFolderQuota(p Provider, vfolder vfs.BaseVirtualFolder, filesAdd int, sizeAdd int64, ...) error
- type Actions
- type BackupData
- type BoltProvider
- type Config
- type ExtensionsFilter
- type Filesystem
- type MemoryProvider
- type MethodDisabledError
- type MySQLProvider
- type PGSQLProvider
- type Provider
- type RecordNotFoundError
- type SQLiteProvider
- type User
- func CheckKeyboardInteractiveAuth(p Provider, username, authHook string, client ssh.KeyboardInteractiveChallenge) (User, error)
- func CheckUserAndPass(p Provider, username string, password string) (User, error)
- func CheckUserAndPubKey(p Provider, username string, pubKey []byte) (User, string, error)
- func GetUserByID(p Provider, ID int64) (User, error)
- func GetUsers(p Provider, limit, offset int, order string, username string) ([]User, error)
- func HideUserSensitiveData(user *User) User
- func UserExists(p Provider, username string) (User, error)
- func (u *User) AddVirtualDirs(list []os.FileInfo, sftpPath string) []os.FileInfo
- func (u User) GetAllowedIPAsString() string
- func (u *User) GetAllowedLoginMethods() []string
- func (u *User) GetBandwidthAsString() string
- func (u User) GetDeniedIPAsString() string
- func (u *User) GetExpirationDateAsString() string
- func (u *User) GetFilesystem(connectionID string) (vfs.Fs, error)
- func (u *User) GetFiltersAsJSON() ([]byte, error)
- func (u *User) GetFsConfigAsJSON() ([]byte, error)
- func (u *User) GetGID() int
- func (u *User) GetHomeDir() string
- func (u *User) GetInfoString() string
- func (u *User) GetNextAuthMethods(partialSuccessMethods []string) []string
- func (u *User) GetPermissionsAsJSON() ([]byte, error)
- func (u *User) GetPermissionsAsString() string
- func (u *User) GetPermissionsForPath(p string) []string
- func (u *User) GetPublicKeysAsJSON() ([]byte, error)
- func (u *User) GetQuotaSummary() string
- func (u *User) GetUID() int
- func (u *User) GetVirtualFolderForPath(sftpPath string) (vfs.VirtualFolder, error)
- func (u *User) HasNoQuotaRestrictions(checkFiles bool) bool
- func (u *User) HasOverlappedMappedPaths() bool
- func (u *User) HasPerm(permission, path string) bool
- func (u *User) HasPermissionsInside(sftpPath string) bool
- func (u *User) HasPerms(permissions []string, path string) bool
- func (u *User) HasQuotaRestrictions() bool
- func (u *User) HasVirtualFoldersInside(sftpPath string) bool
- func (u *User) IsFileAllowed(sftpPath string) bool
- func (u *User) IsLoginFromAddrAllowed(remoteAddr string) bool
- func (u *User) IsLoginMethodAllowed(loginMethod string, partialSuccessMethods []string) bool
- func (u *User) IsMappedPath(fsPath string) bool
- func (u *User) IsPartialAuth(loginMethod string) bool
- func (u *User) IsVirtualFolder(sftpPath string) bool
- type UserFilters
- type ValidationError
Constants ¶
const ( // SQLiteDataProviderName name for SQLite database provider SQLiteDataProviderName = "sqlite" // PGSQLDataProviderName name for PostgreSQL database provider PGSQLDataProviderName = "postgresql" // MySQLDataProviderName name for MySQL database provider MySQLDataProviderName = "mysql" // BoltDataProviderName name for bbolt key/value store provider BoltDataProviderName = "bolt" // MemoryDataProviderName name for memory provider MemoryDataProviderName = "memory" )
const ( OrderASC = "ASC" OrderDESC = "DESC" )
ordering constants
const ( // All permissions are granted PermAny = "*" // List items such as files and directories is allowed PermListItems = "list" // download files is allowed PermDownload = "download" // upload files is allowed PermUpload = "upload" // overwrite an existing file, while uploading, is allowed // upload permission is required to allow file overwrite PermOverwrite = "overwrite" // delete files or directories is allowed PermDelete = "delete" // rename files or directories is allowed PermRename = "rename" // create directories is allowed PermCreateDirs = "create_dirs" // create symbolic links is allowed PermCreateSymlinks = "create_symlinks" // changing file or directory permissions is allowed PermChmod = "chmod" // changing file or directory owner and group is allowed PermChown = "chown" // changing file or directory access and modification time is allowed PermChtimes = "chtimes" )
Available permissions for SFTP users
const ( SSHLoginMethodPublicKey = "publickey" SSHLoginMethodPassword = "password" SSHLoginMethodKeyboardInteractive = "keyboard-interactive" SSHLoginMethodKeyAndPassword = "publickey+password" SSHLoginMethodKeyAndKeyboardInt = "publickey+keyboard-interactive" )
Available SSH login methods
Variables ¶
var ( // SupportedProviders defines the supported data providers SupportedProviders = []string{SQLiteDataProviderName, PGSQLDataProviderName, MySQLDataProviderName, BoltDataProviderName, MemoryDataProviderName} // ValidPerms defines all the valid permissions for a user ValidPerms = []string{PermAny, PermListItems, PermDownload, PermUpload, PermOverwrite, PermRename, PermDelete, PermCreateDirs, PermCreateSymlinks, PermChmod, PermChown, PermChtimes} // ValidSSHLoginMethods defines all the valid SSH login methods ValidSSHLoginMethods = []string{SSHLoginMethodPublicKey, SSHLoginMethodPassword, SSHLoginMethodKeyboardInteractive, SSHLoginMethodKeyAndPassword, SSHLoginMethodKeyAndKeyboardInt} // SSHMultiStepsLoginMethods defines the supported Multi-Step Authentications SSHMultiStepsLoginMethods = []string{SSHLoginMethodKeyAndPassword, SSHLoginMethodKeyAndKeyboardInt} )
Functions ¶
func AddFolder ¶
func AddFolder(p Provider, folder vfs.BaseVirtualFolder) error
AddFolder adds a new virtual folder. ManageUsers configuration must be set to 1 to enable this method
func AddUser ¶
AddUser adds a new SFTP user. ManageUsers configuration must be set to 1 to enable this method
func Close ¶
Close releases all provider resources. This method is used in test cases. Closing an uninitialized provider is not supported
func DeleteFolder ¶
func DeleteFolder(p Provider, folder vfs.BaseVirtualFolder) error
DeleteFolder deletes an existing folder. ManageUsers configuration must be set to 1 to enable this method
func DeleteUser ¶
DeleteUser deletes an existing SFTP user. ManageUsers configuration must be set to 1 to enable this method
func GetFolderByPath ¶
func GetFolderByPath(p Provider, mappedPath string) (vfs.BaseVirtualFolder, error)
GetFolderByPath returns the folder with the specified path if any
func GetFolders ¶
func GetFolders(p Provider, limit, offset int, order, folderPath string) ([]vfs.BaseVirtualFolder, error)
GetFolders returns an array of folders respecting limit and offset
func GetProviderStatus ¶
GetProviderStatus returns an error if the provider is not available
func GetQuotaTracking ¶
func GetQuotaTracking() int
GetQuotaTracking returns the configured mode for user's quota tracking
func GetUsedQuota ¶
GetUsedQuota returns the used quota for the given SFTP user.
func GetUsedVirtualFolderQuota ¶
GetUsedVirtualFolderQuota returns the used quota for the given virtual folder.
func Initialize ¶
Initialize the data provider. An error is returned if the configured driver is invalid or if the data provider cannot be initialized
func InitializeDatabase ¶
InitializeDatabase creates the initial database structure
func ReloadConfig ¶
func ReloadConfig() error
ReloadConfig reloads provider configuration. Currently only implemented for memory provider, allows to reload the users from the configured file, if defined
func UpdateLastLogin ¶
UpdateLastLogin updates the last login fields for the given SFTP user
func UpdateUser ¶
UpdateUser updates an existing SFTP user. ManageUsers configuration must be set to 1 to enable this method
func UpdateUserQuota ¶
UpdateUserQuota updates the quota for the given SFTP user adding filesAdd and sizeAdd. If reset is true filesAdd and sizeAdd indicates the total files and the total size instead of the difference.
func UpdateVirtualFolderQuota ¶
func UpdateVirtualFolderQuota(p Provider, vfolder vfs.BaseVirtualFolder, filesAdd int, sizeAdd int64, reset bool) error
UpdateVirtualFolderQuota updates the quota for the given virtual folder adding filesAdd and sizeAdd. If reset is true filesAdd and sizeAdd indicates the total files and the total size instead of the difference.
Types ¶
type Actions ¶
type Actions struct { // Valid values are add, update, delete. Empty slice to disable ExecuteOn []string `json:"execute_on" mapstructure:"execute_on"` // Deprecated: please use Hook Command string `json:"command" mapstructure:"command"` // Deprecated: please use Hook HTTPNotificationURL string `json:"http_notification_url" mapstructure:"http_notification_url"` // Absolute path to an external program or an HTTP URL Hook string `json:"hook" mapstructure:"hook"` }
Actions to execute on user create, update, delete. An external command can be executed and/or an HTTP notification can be fired
type BackupData ¶
type BackupData struct { Users []User `json:"users"` Folders []vfs.BaseVirtualFolder `json:"folders"` }
BackupData defines the structure for the backup/restore files
func DumpData ¶
func DumpData(p Provider) (BackupData, error)
DumpData returns all users and folders
type BoltProvider ¶
type BoltProvider struct {
// contains filtered or unexported fields
}
BoltProvider auth provider for bolt key/value store
type Config ¶
type Config struct { // Driver name, must be one of the SupportedProviders Driver string `json:"driver" mapstructure:"driver"` // Database name. For driver sqlite this can be the database name relative to the config dir // or the absolute path to the SQLite database. Name string `json:"name" mapstructure:"name"` // Database host Host string `json:"host" mapstructure:"host"` // Database port Port int `json:"port" mapstructure:"port"` // Database username Username string `json:"username" mapstructure:"username"` // Database password Password string `json:"password" mapstructure:"password"` // Used for drivers mysql and postgresql. // 0 disable SSL/TLS connections. // 1 require ssl. // 2 set ssl mode to verify-ca for driver postgresql and skip-verify for driver mysql. // 3 set ssl mode to verify-full for driver postgresql and preferred for driver mysql. SSLMode int `json:"sslmode" mapstructure:"sslmode"` // Custom database connection string. // If not empty this connection string will be used instead of build one using the previous parameters ConnectionString string `json:"connection_string" mapstructure:"connection_string"` // prefix for SQL tables SQLTablesPrefix string `json:"sql_tables_prefix" mapstructure:"sql_tables_prefix"` // Set to 0 to disable users management, 1 to enable ManageUsers int `json:"manage_users" mapstructure:"manage_users"` // Set the preferred way to track users quota between the following choices: // 0, disable quota tracking. REST API to scan user dir and update quota will do nothing // 1, quota is updated each time a user upload or delete a file even if the user has no quota restrictions // 2, quota is updated each time a user upload or delete a file but only for users with quota restrictions // and for virtual folders. // With this configuration the "quota scan" REST API can still be used to periodically update space usage // for users without quota restrictions TrackQuota int `json:"track_quota" mapstructure:"track_quota"` // Sets the maximum number of open connections for mysql and postgresql driver. // Default 0 (unlimited) PoolSize int `json:"pool_size" mapstructure:"pool_size"` // Users default base directory. // If no home dir is defined while adding a new user, and this value is // a valid absolute path, then the user home dir will be automatically // defined as the path obtained joining the base dir and the username UsersBaseDir string `json:"users_base_dir" mapstructure:"users_base_dir"` // Actions to execute on user add, update, delete. // Update action will not be fired for internal updates such as the last login or the user quota fields. Actions Actions `json:"actions" mapstructure:"actions"` // Deprecated: please use ExternalAuthHook ExternalAuthProgram string `json:"external_auth_program" mapstructure:"external_auth_program"` // Absolute path to an external program or an HTTP URL to invoke for users authentication. // Leave empty to use builtin authentication. // The external program can read the following environment variables to get info about the user trying // to authenticate: // // - SFTPGO_AUTHD_USERNAME // - SFTPGO_AUTHD_PASSWORD, not empty for password authentication // - SFTPGO_AUTHD_PUBLIC_KEY, not empty for public key authentication // - SFTPGO_AUTHD_KEYBOARD_INTERACTIVE, not empty for keyboard interactive authentication // // The content of these variables is _not_ quoted. They may contain special characters. They are under the // control of a possibly malicious remote user. // // The program must respond on the standard output with a valid SFTPGo user serialized as JSON if the // authentication succeed or a user with an empty username if the authentication fails. // If the hook is an HTTP URL then it will be invoked as HTTP POST. // The request body will contain a JSON serialized struct with the following fields: // // - username // - password, not empty for password authentication // - public_key, not empty for public key authentication // - keyboard_interactive, not empty for keyboard interactive authentication // // If authentication succeed the HTTP response code must be 200 and the response body a valid SFTPGo user // serialized as JSON. If the authentication fails the HTTP response code must be != 200 or the response body // must be empty. // // If the authentication succeed the user will be automatically added/updated inside the defined data provider. // Actions defined for user added/updated will not be executed in this case. // The external hook should check authentication only, if there are login restrictions such as user // disabled, expired, login allowed only from specific IP addresses it is enough to populate the matching user // fields and these conditions will be checked in the same way as for builtin users. // The external auth program must finish within 30 seconds. // This method is slower than built-in authentication methods, but it's very flexible as anyone can // easily write his own authentication hooks. ExternalAuthHook string `json:"external_auth_hook" mapstructure:"external_auth_hook"` // ExternalAuthScope defines the scope for the external authentication hook. // - 0 means all supported authetication scopes, the external hook will be executed for password, // public key and keyboard interactive authentication // - 1 means passwords only // - 2 means public keys only // - 4 means keyboard interactive only // you can combine the scopes, for example 3 means password and public key, 5 password and keyboard // interactive and so on ExternalAuthScope int `json:"external_auth_scope" mapstructure:"external_auth_scope"` // CredentialsPath defines the directory for storing user provided credential files such as // Google Cloud Storage credentials. It can be a path relative to the config dir or an // absolute path CredentialsPath string `json:"credentials_path" mapstructure:"credentials_path"` // Deprecated: please use PreLoginHook PreLoginProgram string `json:"pre_login_program" mapstructure:"pre_login_program"` // Absolute path to an external program or an HTTP URL to invoke just before the user login. // This program/URL allows to modify or create the user trying to login. // It is useful if you have users with dynamic fields to update just before the login. // The external program can read the following environment variables: // // - SFTPGO_LOGIND_USER, it contains the user trying to login serialized as JSON // - SFTPGO_LOGIND_METHOD, possible values are: "password", "publickey" and "keyboard-interactive" // // The program must write on its standard output an empty string if no user update is needed // or a valid SFTPGo user serialized as JSON. // // If the hook is an HTTP URL then it will be invoked as HTTP POST. // The login method is added to the query string, for example "<http_url>?login_method=password". // The request body will contain the user trying to login serialized as JSON. // If no modification is needed the HTTP response code must be 204, otherwise the response code // must be 200 and the response body a valid SFTPGo user serialized as JSON. // // The JSON response can include only the fields to update instead of the full user, // for example if you want to disable the user you can return a response like this: // // {"status":0} // // Please note that if you want to create a new user, the pre-login hook response must // include all the mandatory user fields. // // The pre-login hook must finish within 30 seconds. // // If an error happens while executing the "PreLoginHook" then login will be denied. // PreLoginHook and ExternalAuthHook are mutally exclusive. // Leave empty to disable. PreLoginHook string `json:"pre_login_hook" mapstructure:"pre_login_hook"` }
Config provider configuration
type ExtensionsFilter ¶
type ExtensionsFilter struct { // SFTP/SCP path, if no other specific filter is defined, the filter apply for // sub directories too. // For example if filters are defined for the paths "/" and "/sub" then the // filters for "/" are applied for any file outside the "/sub" directory Path string `json:"path"` // only files with these, case insensitive, extensions are allowed. // Shell like expansion is not supported so you have to specify ".jpg" and // not "*.jpg" AllowedExtensions []string `json:"allowed_extensions,omitempty"` // files with these, case insensitive, extensions are not allowed. // Denied file extensions are evaluated before the allowed ones DeniedExtensions []string `json:"denied_extensions,omitempty"` }
ExtensionsFilter defines filters based on file extensions. These restrictions do not apply to files listing for performance reasons, so a denied file cannot be downloaded/overwritten/renamed but will still be it will still be listed in the list of files. System commands such as Git and rsync interacts with the filesystem directly and they are not aware about these restrictions so they are not allowed inside paths with extensions filters
type Filesystem ¶
type Filesystem struct { // 0 local filesystem, 1 Amazon S3 compatible, 2 Google Cloud Storage Provider int `json:"provider"` S3Config vfs.S3FsConfig `json:"s3config,omitempty"` GCSConfig vfs.GCSFsConfig `json:"gcsconfig,omitempty"` }
Filesystem defines cloud storage filesystem details
type MemoryProvider ¶
type MemoryProvider struct {
// contains filtered or unexported fields
}
MemoryProvider auth provider for a memory store
type MethodDisabledError ¶
type MethodDisabledError struct {
// contains filtered or unexported fields
}
MethodDisabledError raised if a method is disabled in config file. For example, if user management is disabled, this error is raised every time a user operation is done using the REST API
func (*MethodDisabledError) Error ¶
func (e *MethodDisabledError) Error() string
Method disabled error details
type MySQLProvider ¶
type MySQLProvider struct {
// contains filtered or unexported fields
}
MySQLProvider auth provider for MySQL/MariaDB database
type PGSQLProvider ¶
type PGSQLProvider struct {
// contains filtered or unexported fields
}
PGSQLProvider auth provider for PostgreSQL database
type Provider ¶
type Provider interface {
// contains filtered or unexported methods
}
Provider defines the interface that data providers must implement.
type RecordNotFoundError ¶
type RecordNotFoundError struct {
// contains filtered or unexported fields
}
RecordNotFoundError raised if a requested user is not found
func (*RecordNotFoundError) Error ¶
func (e *RecordNotFoundError) Error() string
type SQLiteProvider ¶
type SQLiteProvider struct {
// contains filtered or unexported fields
}
SQLiteProvider auth provider for SQLite database
type User ¶
type User struct { // Database unique identifier ID int64 `json:"id"` // 1 enabled, 0 disabled (login is not allowed) Status int `json:"status"` // Username Username string `json:"username"` // Account expiration date as unix timestamp in milliseconds. An expired account cannot login. // 0 means no expiration ExpirationDate int64 `json:"expiration_date"` // Password used for password authentication. // For users created using SFTPGo REST API the password is be stored using argon2id hashing algo. // Checking passwords stored with bcrypt, pbkdf2, md5crypt and sha512crypt is supported too. Password string `json:"password,omitempty"` // PublicKeys used for public key authentication. At least one between password and a public key is mandatory PublicKeys []string `json:"public_keys,omitempty"` // The user cannot upload or download files outside this directory. Must be an absolute path HomeDir string `json:"home_dir"` // Mapping between virtual paths and filesystem paths outside the home directory. // Supported for local filesystem only VirtualFolders []vfs.VirtualFolder `json:"virtual_folders,omitempty"` // If sftpgo runs as root system user then the created files and directories will be assigned to this system UID UID int `json:"uid"` // If sftpgo runs as root system user then the created files and directories will be assigned to this system GID GID int `json:"gid"` // Maximum concurrent sessions. 0 means unlimited MaxSessions int `json:"max_sessions"` // Maximum size allowed as bytes. 0 means unlimited QuotaSize int64 `json:"quota_size"` // Maximum number of files allowed. 0 means unlimited QuotaFiles int `json:"quota_files"` // List of the granted permissions Permissions map[string][]string `json:"permissions"` // Used quota as bytes UsedQuotaSize int64 `json:"used_quota_size"` // Used quota as number of files UsedQuotaFiles int `json:"used_quota_files"` // Last quota update as unix timestamp in milliseconds LastQuotaUpdate int64 `json:"last_quota_update"` // Maximum upload bandwidth as KB/s, 0 means unlimited UploadBandwidth int64 `json:"upload_bandwidth"` // Maximum download bandwidth as KB/s, 0 means unlimited DownloadBandwidth int64 `json:"download_bandwidth"` // Last login as unix timestamp in milliseconds LastLogin int64 `json:"last_login"` // Additional restrictions Filters UserFilters `json:"filters"` // Filesystem configuration details FsConfig Filesystem `json:"filesystem"` }
User defines an SFTP user
func CheckKeyboardInteractiveAuth ¶
func CheckKeyboardInteractiveAuth(p Provider, username, authHook string, client ssh.KeyboardInteractiveChallenge) (User, error)
CheckKeyboardInteractiveAuth checks the keyboard interactive authentication and returns the authenticated user or an error
func CheckUserAndPass ¶
CheckUserAndPass retrieves the SFTP user with the given username and password if a match is found or an error
func CheckUserAndPubKey ¶
CheckUserAndPubKey retrieves the SFTP user with the given username and public key if a match is found or an error
func GetUserByID ¶
GetUserByID returns the user with the given database ID if a match is found or an error
func GetUsers ¶
GetUsers returns an array of users respecting limit and offset and filtered by username exact match if not empty
func HideUserSensitiveData ¶
HideUserSensitiveData hides user sensitive data
func UserExists ¶
UserExists checks if the given SFTP username exists, returns an error if no match is found
func (*User) AddVirtualDirs ¶
AddVirtualDirs adds virtual folders, if defined, to the given files list
func (User) GetAllowedIPAsString ¶
GetAllowedIPAsString returns the allowed IP as comma separated string
func (*User) GetAllowedLoginMethods ¶
GetAllowedLoginMethods returns the allowed login methods
func (*User) GetBandwidthAsString ¶
GetBandwidthAsString returns bandwidth limits if defines
func (User) GetDeniedIPAsString ¶
GetDeniedIPAsString returns the denied IP as comma separated string
func (*User) GetExpirationDateAsString ¶
GetExpirationDateAsString returns expiration date formatted as YYYY-MM-DD
func (*User) GetFilesystem ¶
GetFilesystem returns the filesystem for this user
func (*User) GetFiltersAsJSON ¶
GetFiltersAsJSON returns the filters as json byte array
func (*User) GetFsConfigAsJSON ¶
GetFsConfigAsJSON returns the filesystem config as json byte array
func (*User) GetHomeDir ¶
GetHomeDir returns the shortest path name equivalent to the user's home directory
func (*User) GetInfoString ¶
GetInfoString returns user's info as string. Storage provider, number of public keys, max sessions, uid, gid, denied and allowed IP/Mask are returned
func (*User) GetNextAuthMethods ¶
GetNextAuthMethods returns the list of authentications methods that can continue for multi-step authentication
func (*User) GetPermissionsAsJSON ¶
GetPermissionsAsJSON returns the permissions as json byte array
func (*User) GetPermissionsAsString ¶
GetPermissionsAsString returns the user's permissions as comma separated string
func (*User) GetPermissionsForPath ¶
GetPermissionsForPath returns the permissions for the given path. The path must be an SFTP path
func (*User) GetPublicKeysAsJSON ¶
GetPublicKeysAsJSON returns the public keys as json byte array
func (*User) GetQuotaSummary ¶
GetQuotaSummary returns used quota and limits if defined
func (*User) GetVirtualFolderForPath ¶
func (u *User) GetVirtualFolderForPath(sftpPath string) (vfs.VirtualFolder, error)
GetVirtualFolderForPath returns the virtual folder containing the specified sftp path. If the path is not inside a virtual folder an error is returned
func (*User) HasNoQuotaRestrictions ¶
HasNoQuotaRestrictions returns true if no quota restrictions need to be applyed
func (*User) HasOverlappedMappedPaths ¶
HasOverlappedMappedPaths returns true if this user has virtual folders with overlapped mapped paths
func (*User) HasPermissionsInside ¶
HasPermissionsInside returns true if the specified sftpPath has no permissions itself and no subdirs with defined permissions
func (*User) HasQuotaRestrictions ¶
HasQuotaRestrictions returns true if there is a quota restriction on number of files or size or both
func (*User) HasVirtualFoldersInside ¶
HasVirtualFoldersInside returns true if there are virtual folders inside the specified SFTP path. We assume that path are cleaned
func (*User) IsFileAllowed ¶
IsFileAllowed returns true if the specified file is allowed by the file restrictions filters
func (*User) IsLoginFromAddrAllowed ¶
IsLoginFromAddrAllowed returns true if the login is allowed from the specified remoteAddr. If AllowedIP is defined only the specified IP/Mask can login. If DeniedIP is defined the specified IP/Mask cannot login. If an IP is both allowed and denied then login will be denied
func (*User) IsLoginMethodAllowed ¶
IsLoginMethodAllowed returns true if the specified login method is allowed
func (*User) IsMappedPath ¶
IsMappedPath returns true if the specified filesystem path has a virtual folder mapping. The filesystem path must be cleaned before calling this method
func (*User) IsPartialAuth ¶
IsPartialAuth returns true if the specified login method is a step for a multi-step Authentication. We support publickey+password and publickey+keyboard-interactive, so only publickey can returns partial success. We can have partial success if only multi-step Auth methods are enabled
func (*User) IsVirtualFolder ¶
IsVirtualFolder returns true if the specified sftp path is a virtual folder
type UserFilters ¶
type UserFilters struct { // only clients connecting from these IP/Mask are allowed. // IP/Mask must be in CIDR notation as defined in RFC 4632 and RFC 4291 // for example "192.0.2.0/24" or "2001:db8::/32" AllowedIP []string `json:"allowed_ip,omitempty"` // clients connecting from these IP/Mask are not allowed. // Denied rules will be evaluated before allowed ones DeniedIP []string `json:"denied_ip,omitempty"` // these login methods are not allowed. // If null or empty any available login method is allowed DeniedLoginMethods []string `json:"denied_login_methods,omitempty"` // filters based on file extensions. // Please note that these restrictions can be easily bypassed. FileExtensions []ExtensionsFilter `json:"file_extensions,omitempty"` }
UserFilters defines additional restrictions for a user
type ValidationError ¶
type ValidationError struct {
// contains filtered or unexported fields
}
ValidationError raised if input data is not valid