sdk

package module
v0.1.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 3, 2024 License: Apache-2.0 Imports: 3 Imported by: 8

README

SFTPGo SDK

Go Reference

The SFTPGo SDK contains code useful for developing SFTPGo plugins.

Although we try not to break functionality, we reserve the right to reorganize the code at will and may occasionally cause breaks if they are warranted. As such we expect the tag of this module will stay less than v1.0.0.

For each SFTPGo branch there is a matching branch here. For example, the sftpgo-2.2.x branch matches SFTPGo v2.2.x.

Documentation

Overview

Package sdk provides SFTPGo data structures primarily intended for use within plugins

Index

Constants

View Source 
const (
	// Primary group
	GroupTypePrimary = iota + 1
	// Secondary group
	GroupTypeSecondary
	// Membership only, no settings are inherited from this group type
	GroupTypeMembership
)

Group types

View Source 
const (
	WebClientPubKeyChangeDisabled     = "publickey-change-disabled"
	WebClientTLSCertChangeDisabled    = "tls-cert-change-disabled"
	WebClientWriteDisabled            = "write-disabled"
	WebClientMFADisabled              = "mfa-disabled"
	WebClientPasswordChangeDisabled   = "password-change-disabled"
	WebClientAPIKeyAuthChangeDisabled = "api-key-auth-change-disabled"
	WebClientInfoChangeDisabled       = "info-change-disabled"
	WebClientSharesDisabled           = "shares-disabled"
	WebClientPasswordResetDisabled    = "password-reset-disabled"
	WebClientShareNoPasswordDisabled  = "shares-without-password-disabled"
)

Web Client/user REST API restrictions

View Source 
const (
	// DenyPolicyDefault means that denied files matching the filters are visible in directory
	// listing but cannot be uploaded/downloaded/overwritten/renamed
	DenyPolicyDefault = iota
	// DenyPolicyHide applies the same restrictions as DenyPolicyDefault and denied files/directories
	// matching the filters will also be hidden in directory listing.
	// This mode may cause performance issues for large directories
	DenyPolicyHide
)

Variables

View Source 
var (
	// WebClientOptions defines the available options for the web client interface/user REST API
	WebClientOptions = []string{WebClientWriteDisabled, WebClientPasswordChangeDisabled, WebClientPasswordResetDisabled,
		WebClientPubKeyChangeDisabled, WebClientTLSCertChangeDisabled, WebClientMFADisabled, WebClientAPIKeyAuthChangeDisabled,
		WebClientInfoChangeDisabled, WebClientSharesDisabled, WebClientShareNoPasswordDisabled}
	// UserTypes defines the supported user type hints for auth plugins
	UserTypes = []string{string(UserTypeLDAP), string(UserTypeOS)}
)

Functions

func IsProviderSupported added in v0.1.7 

func IsProviderSupported(provider FilesystemProvider) bool

IsProviderSupported returns true if the specified provider is supported.

Types

type AzBlobFsConfig 

type AzBlobFsConfig struct {
	BaseAzBlobFsConfig
	// Storage Account Key leave blank to use SAS URL.
	// The access key is stored encrypted based on the kms configuration
	AccountKey kms.BaseSecret `json:"account_key,omitempty"`
	// Shared access signature URL, leave blank if using account/key
	SASURL kms.BaseSecret `json:"sas_url,omitempty"`
}

AzBlobFsConfig defines the configuration for Azure Blob Storage based filesystem

type BandwidthLimit 

type BandwidthLimit struct {
	// Source networks in CIDR notation as defined in RFC 4632 and RFC 4291
	// for example "192.0.2.0/24" or "2001:db8::/32". The limit applies if the
	// defined networks contain the client IP
	Sources []string `json:"sources"`
	// Maximum upload bandwidth as KB/s
	UploadBandwidth int64 `json:"upload_bandwidth,omitempty"`
	// Maximum download bandwidth as KB/s
	DownloadBandwidth int64 `json:"download_bandwidth,omitempty"`
}

BandwidthLimit defines a per-source bandwidth limit

func (*BandwidthLimit) GetSourcesAsString 

func (l *BandwidthLimit) GetSourcesAsString() string

GetSourcesAsString returns the sources as comma separated string

type BaseAzBlobFsConfig 

type BaseAzBlobFsConfig struct {
	Container string `json:"container,omitempty"`
	// Storage Account Name, leave blank to use SAS URL
	AccountName string `json:"account_name,omitempty"`
	// Optional endpoint. Default is "blob.core.windows.net".
	// If you use the emulator the endpoint must include the protocol,
	// for example "http://127.0.0.1:10000"
	Endpoint string `json:"endpoint,omitempty"`
	// KeyPrefix is similar to a chroot directory for local filesystem.
	// If specified then the SFTPGo user will only see objects that starts
	// with this prefix and so you can restrict access to a specific
	// folder. The prefix, if not empty, must not start with "/" and must
	// end with "/".
	// If empty the whole bucket contents will be available
	KeyPrefix string `json:"key_prefix,omitempty"`
	// The buffer size (in MB) to use for multipart uploads.
	// If this value is set to zero, the default value (5MB) will be used.
	// Please note that if the upload bandwidth between the SFTPGo client and SFTPGo server is
	// greater than the upload bandwidth between SFTPGo and Azure then the SFTP client have
	// to wait for the upload of the last parts to Azure after it ends the file upload to SFTPGo,
	// and it may time out.
	// Keep this in mind if you customize these parameters.
	UploadPartSize int64 `json:"upload_part_size,omitempty"`
	// How many parts are uploaded in parallel. Default: 5
	UploadConcurrency int `json:"upload_concurrency,omitempty"`
	// The buffer size (in MB) to use for multipart downloads.
	// If this value is set to zero, the default value (5MB) will be used.
	DownloadPartSize int64 `json:"download_part_size,omitempty"`
	// How many parts are downloaded in parallel. 0 means the default (5)
	DownloadConcurrency int `json:"download_concurrency,omitempty"`
	// Set to true if you use an Azure emulator such as Azurite
	UseEmulator bool `json:"use_emulator,omitempty"`
	// Blob Access Tier
	AccessTier string `json:"access_tier,omitempty"`
}

BaseAzBlobFsConfig defines the base configuration for Azure Blob Storage based filesystem

type BaseGCSFsConfig 

type BaseGCSFsConfig struct {
	Bucket string `json:"bucket,omitempty"`
	// KeyPrefix is similar to a chroot directory for local filesystem.
	// If specified then the SFTP user will only see objects that starts
	// with this prefix and so you can restrict access to a specific
	// folder. The prefix, if not empty, must not start with "/" and must
	// end with "/".
	// If empty the whole bucket contents will be available
	KeyPrefix      string `json:"key_prefix,omitempty"`
	CredentialFile string `json:"-"`
	// 0 explicit, 1 automatic
	AutomaticCredentials int    `json:"automatic_credentials,omitempty"`
	StorageClass         string `json:"storage_class,omitempty"`
	// The ACL to apply to uploaded objects. Leave empty to use the default ACL.
	// For more information and available ACLs, refer to the JSON API here:
	// https://cloud.google.com/storage/docs/access-control/lists#predefined-acl
	ACL string `json:"acl,omitempty"`
	// The buffer size (in MB) to use for multipart uploads. The default value is 16MB.
	// 0 means use the default
	UploadPartSize int64 `json:"upload_part_size,omitempty"`
	// UploadPartMaxTime defines the maximum time allowed, in seconds, to upload a single chunk.
	// The default value is 32. 0 means use the default
	UploadPartMaxTime int `json:"upload_part_max_time,omitempty"`
}

BaseGCSFsConfig defines the base configuration for Google Cloud Storage based filesystems

type BaseGroup added in v0.1.1 

type BaseGroup struct {
	// Data provider unique identifier
	ID int64 `json:"id"`
	// Group name
	Name string `json:"name"`
	// optional description
	Description string `json:"description,omitempty"`
	// Creation time as unix timestamp in milliseconds
	CreatedAt int64 `json:"created_at"`
	// last update time as unix timestamp in milliseconds
	UpdatedAt int64 `json:"updated_at"`
	// list of usernames associated with this group
	Users []string `json:"users,omitempty"`
	// list of admins associated with this group
	Admins []string `json:"admins,omitempty"`
}

BaseGroup defines the shared group fields

type BaseGroupUserSettings added in v0.1.1 

type BaseGroupUserSettings struct {
	HomeDir string `json:"home_dir"`
	// Maximum concurrent sessions. 0 means unlimited
	MaxSessions int `json:"max_sessions"`
	// Maximum size allowed as bytes. 0 means unlimited
	QuotaSize int64 `json:"quota_size"`
	// Maximum number of files allowed. 0 means unlimited
	QuotaFiles int `json:"quota_files"`
	// List of permissions granted per-directory
	Permissions map[string][]string `json:"permissions"`
	// Maximum upload bandwidth as KB/s, 0 means unlimited.
	// This is the default if no per-source limit match
	UploadBandwidth int64 `json:"upload_bandwidth,omitempty"`
	// Maximum download bandwidth as KB/s, 0 means unlimited.
	// This is the default if no per-source limit match
	DownloadBandwidth int64 `json:"download_bandwidth,omitempty"`
	// Maximum data transfer allowed for uploads as MB. 0 means no limit.
	// You can periodically reset the data related transfer fields for example
	// each month
	UploadDataTransfer int64 `json:"upload_data_transfer"`
	// Maximum data transfer allowed for downloads as MB. 0 means no limit.
	DownloadDataTransfer int64 `json:"download_data_transfer"`
	// Maximum total data transfer as MB. 0 means unlimited.
	// You can set a total data transfer instead of the individual values
	// for uploads and downloads
	TotalDataTransfer int64 `json:"total_data_transfer"`
	// Defines account expiration in number of days from creation.
	// 0 means no expiration
	ExpiresIn int `json:"expires_in,omitempty"`
	// Additional restrictions
	Filters BaseUserFilters `json:"filters"`
}

BaseGroupUserSettings defines the base settings to apply to users

type BaseHTTPFsConfig added in v0.1.2 

type BaseHTTPFsConfig struct {
	// HTTP/S endpoint URL. SFTPGo will use this URL as base, for example for the
	// "stat" API, SFTPGo will add "/stat/{name}"
	Endpoint string `json:"endpoint,omitempty"`
	Username string `json:"username,omitempty"`
	// if enabled the HTTP client accepts any TLS certificate presented by
	// the server and any host name in that certificate.
	// In this mode, TLS is susceptible to man-in-the-middle attacks.
	// This should be used only for testing.
	SkipTLSVerify bool `json:"skip_tls_verify,omitempty"`
	// Defines how to check if this config points to the same
	// server as another config. By default both the endpoint and
	// the username must match. 1 means that only the endpoint must match.
	// If different configs point to the same server the renaming
	// between the fs configs is allowed.
	EqualityCheckMode int `json:"equality_check_mode,omitempty"`
}

BaseHTTPFsConfig defines the base configuration for HTTP based filesystem

type BaseS3FsConfig 

type BaseS3FsConfig struct {
	Bucket string `json:"bucket,omitempty"`
	// KeyPrefix is similar to a chroot directory for local filesystem.
	// If specified then the SFTP user will only see objects that starts
	// with this prefix and so you can restrict access to a specific
	// folder. The prefix, if not empty, must not start with "/" and must
	// end with "/".
	// If empty the whole bucket contents will be available
	KeyPrefix string `json:"key_prefix,omitempty"`
	Region    string `json:"region,omitempty"`
	AccessKey string `json:"access_key,omitempty"`
	// IAM Role ARN to assume
	RoleARN string `json:"role_arn,omitempty"`
	// Optional Session token that is a part of temporary security credentials provisioned by AWS STS.
	SessionToken string `json:"session_token,omitempty"`
	Endpoint     string `json:"endpoint,omitempty"`
	StorageClass string `json:"storage_class,omitempty"`
	// The canned ACL to apply to uploaded objects. Leave empty to use the default ACL.
	// For more information and available ACLs, see here:
	// https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl
	ACL string `json:"acl,omitempty"`
	// The buffer size (in MB) to use for multipart uploads. The minimum allowed part size is 5MB,
	// and if this value is set to zero, the default value (5MB) for the AWS SDK will be used.
	// The minimum allowed value is 5.
	// Please note that if the upload bandwidth between the SFTP client and SFTPGo is greater than
	// the upload bandwidth between SFTPGo and S3 then the SFTP client have to wait for the upload
	// of the last parts to S3 after it ends the file upload to SFTPGo, and it may time out.
	// Keep this in mind if you customize these parameters.
	UploadPartSize int64 `json:"upload_part_size,omitempty"`
	// How many parts are uploaded in parallel. 0 means the default (5)
	UploadConcurrency int `json:"upload_concurrency,omitempty"`
	// The buffer size (in MB) to use for multipart downloads. The minimum allowed part size is 5MB,
	// and if this value is set to zero, the default value (5MB) for the AWS SDK will be used.
	// The minimum allowed value is 5. Ignored for partial downloads.
	DownloadPartSize int64 `json:"download_part_size,omitempty"`
	// UploadPartMaxTime defines the maximum time allowed, in seconds, to upload a single chunk.
	// 0 means no timeout.
	UploadPartMaxTime int `json:"upload_part_max_time,omitempty"`
	// How many parts are downloaded in parallel.  0 means the default (5). Ignored for partial downloads.
	DownloadConcurrency int `json:"download_concurrency,omitempty"`
	// DownloadPartMaxTime defines the maximum time allowed, in seconds, to download a single chunk.
	// 0 means no timeout. Ignored for partial downloads.
	DownloadPartMaxTime int `json:"download_part_max_time,omitempty"`
	// Set this to `true` to force the request to use path-style addressing,
	// i.e., `http://s3.amazonaws.com/BUCKET/KEY`. By default, the S3 client
	// will use virtual hosted bucket addressing when possible
	// (`http://BUCKET.s3.amazonaws.com/KEY`)
	ForcePathStyle bool `json:"force_path_style,omitempty"`
	// If enabled the S3 client accepts any TLS certificate presented by
	// the server and any host name in that certificate.
	// In this mode, TLS is susceptible to man-in-the-middle attacks.
	// This should be used only for testing.
	SkipTLSVerify bool `json:"skip_tls_verify,omitempty"`
}

BaseS3FsConfig defines the base configuration for S3 based filesystems

type BaseSFTPFsConfig 

type BaseSFTPFsConfig struct {
	Endpoint     string   `json:"endpoint,omitempty"`
	Username     string   `json:"username,omitempty"`
	Fingerprints []string `json:"fingerprints,omitempty"`
	// Prefix is the path prefix to strip from SFTP resource paths.
	Prefix string `json:"prefix,omitempty"`
	// Concurrent reads are safe to use and disabling them will degrade performance.
	// Some servers automatically delete files once they are downloaded.
	// Using concurrent reads is problematic with such servers.
	DisableCouncurrentReads bool `json:"disable_concurrent_reads,omitempty"`
	// The buffer size (in MB) to use for transfers.
	// Buffering could improve performance for high latency networks.
	// With buffering enabled upload resume is not supported and a file
	// cannot be opened for both reading and writing at the same time
	// 0 means disabled.
	BufferSize int64 `json:"buffer_size,omitempty"`
	// Defines how to check if this config points to the same
	// server as another config. By default both the endpoint and
	// the username must match. 1 means that only the endpoint must match.
	// If different configs point to the same server the renaming
	// between the fs configs is allowed.
	EqualityCheckMode int `json:"equality_check_mode,omitempty"`
}

BaseSFTPFsConfig defines the base configuration for SFTP based filesystem

type BaseUser 

type BaseUser struct {
	// Data provider unique identifier
	ID int64 `json:"id"`
	// 1 enabled, 0 disabled (login is not allowed)
	Status int `json:"status"`
	// Username
	Username string `json:"username"`
	// Email
	Email string `json:"email,omitempty"`
	// Account expiration date as unix timestamp in milliseconds. An expired account cannot login.
	// 0 means no expiration
	ExpirationDate int64 `json:"expiration_date,omitempty"`
	// Password used for password authentication.
	// For users created using SFTPGo REST API the password is be stored using bcrypt or argon2id hashing algo.
	// Checking passwords stored with pbkdf2, md5crypt and sha512crypt is supported too.
	Password string `json:"password,omitempty"`
	// PublicKeys used for public key authentication.
	PublicKeys []string `json:"public_keys,omitempty"`
	// Indicates whether the password is set
	HasPassword bool `json:"has_password,omitempty"`
	// The user cannot upload or download files outside this directory. Must be an absolute path
	HomeDir string `json:"home_dir"`
	// If SFTPGo runs as root system user then the created files and directories will be assigned to this system UID
	UID int `json:"uid"`
	// If SFTPGo runs as root system user then the created files and directories will be assigned to this system GID
	GID int `json:"gid"`
	// Maximum concurrent sessions. 0 means unlimited
	MaxSessions int `json:"max_sessions"`
	// Maximum size allowed as bytes. 0 means unlimited
	QuotaSize int64 `json:"quota_size"`
	// Maximum number of files allowed. 0 means unlimited
	QuotaFiles int `json:"quota_files"`
	// List of permissions granted per-directory
	Permissions map[string][]string `json:"permissions"`
	// Used quota as bytes
	UsedQuotaSize int64 `json:"used_quota_size,omitempty"`
	// Used quota as number of files
	UsedQuotaFiles int `json:"used_quota_files,omitempty"`
	// Last quota update as unix timestamp in milliseconds
	LastQuotaUpdate int64 `json:"last_quota_update,omitempty"`
	// Maximum upload bandwidth as KB/s, 0 means unlimited.
	// This is the default if no per-source limit match
	UploadBandwidth int64 `json:"upload_bandwidth,omitempty"`
	// Maximum download bandwidth as KB/s, 0 means unlimited.
	// This is the default if no per-source limit match
	DownloadBandwidth int64 `json:"download_bandwidth,omitempty"`
	// Maximum data transfer allowed for uploads as MB. 0 means no limit.
	// You can periodically reset the data related transfer fields for example
	// each month
	UploadDataTransfer int64 `json:"upload_data_transfer"`
	// Maximum data transfer allowed for downloads as MB. 0 means no limit.
	DownloadDataTransfer int64 `json:"download_data_transfer"`
	// Maximum total data transfer as MB. 0 means unlimited.
	// You can set a total data transfer instead of the individual values
	// for uploads and downloads
	TotalDataTransfer int64 `json:"total_data_transfer"`
	// Uploaded size, as bytes, since the last reset
	UsedUploadDataTransfer int64 `json:"used_upload_data_transfer,omitempty"`
	// Downloaded size, as bytes, since the last reset
	UsedDownloadDataTransfer int64 `json:"used_download_data_transfer,omitempty"`
	// Last login as unix timestamp in milliseconds
	LastLogin int64 `json:"last_login,omitempty"`
	// Creation time as unix timestamp in milliseconds. It will be 0 for admins created before v2.2.0
	CreatedAt int64 `json:"created_at"`
	// last update time as unix timestamp in milliseconds
	UpdatedAt int64 `json:"updated_at"`
	// first download time as unix timestamp in milliseconds
	FirstDownload int64 `json:"first_download,omitempty"`
	// first upload time as unix timestamp in milliseconds
	FirstUpload int64 `json:"first_upload,omitempty"`
	// last password change as unix timestamp in milliseconds
	LastPasswordChange int64 `json:"last_password_change,omitempty"`
	// optional description, for example full name
	Description string `json:"description,omitempty"`
	// free form text field for external systems
	AdditionalInfo string `json:"additional_info,omitempty"`
	// groups associated with this user
	Groups []GroupMapping `json:"groups,omitempty"`
	// This field is passed to the pre-login hook if custom OIDC fields have been configured.
	// Field values can be of any type (this is a free form object) and depend on the type
	// of the configured OIDC fields.
	// This fields are never saved or returned in anything other than the pre-login hook
	OIDCCustomFields *map[string]interface{} `json:"oidc_custom_fields,omitempty"`
	// Role name
	Role string `json:"role,omitempty"`
}

BaseUser defines the shared user fields

type BaseUserFilters 

type BaseUserFilters struct {
	// only clients connecting from these IP/Mask are allowed.
	// IP/Mask must be in CIDR notation as defined in RFC 4632 and RFC 4291
	// for example "192.0.2.0/24" or "2001:db8::/32"
	AllowedIP []string `json:"allowed_ip,omitempty"`
	// clients connecting from these IP/Mask are not allowed.
	// Denied rules will be evaluated before allowed ones
	DeniedIP []string `json:"denied_ip,omitempty"`
	// these login methods are not allowed.
	// If null or empty any available login method is allowed
	DeniedLoginMethods []string `json:"denied_login_methods,omitempty"`
	// these protocols are not allowed.
	// If null or empty any available protocol is allowed
	DeniedProtocols []string `json:"denied_protocols,omitempty"`
	// filter based on shell patterns.
	// Please note that these restrictions can be easily bypassed.
	FilePatterns []PatternsFilter `json:"file_patterns,omitempty"`
	// max size allowed for a single upload, 0 means unlimited
	MaxUploadFileSize int64 `json:"max_upload_file_size,omitempty"`
	// TLS certificate attribute to use as username.
	// For FTP clients it must match the name provided using the
	// "USER" command
	TLSUsername TLSUsername `json:"tls_username,omitempty"`
	// TLSCerts defines the allowed TLS certificates for mutual authentication.
	// If provided will be checked before TLSUsername
	TLSCerts []string `json:"tls_certs,omitempty"`
	// user specific hook overrides
	Hooks HooksFilter `json:"hooks,omitempty"`
	// Disable checks for existence and automatic creation of home directory
	// and virtual folders.
	// SFTPGo requires that the user's home directory, virtual folder root,
	// and intermediate paths to virtual folders exist to work properly.
	// If you already know that the required directories exist, disabling
	// these checks will speed up login.
	// You could, for example, disable these checks after the first login
	DisableFsChecks bool `json:"disable_fs_checks,omitempty"`
	// WebClient related configuration options
	WebClient []string `json:"web_client,omitempty"`
	// API key auth allows to impersonate this user with an API key
	AllowAPIKeyAuth bool `json:"allow_api_key_auth,omitempty"`
	// UserType is an hint for authentication plugins.
	// It is ignored when using SFTPGo internal authentication
	UserType string `json:"user_type,omitempty"`
	// Per-source bandwidth limits
	BandwidthLimits []BandwidthLimit `json:"bandwidth_limits,omitempty"`
	// Defines the cache time, in seconds, for users authenticated using
	// an external auth hook. 0 means no cache
	ExternalAuthCacheTime int64 `json:"external_auth_cache_time,omitempty"`
	// Specifies an alternate starting directory. If not set, the default is "/".
	// This option is supported for SFTP/SCP, FTP and HTTP (WebClient/REST API) protocols.
	// Relative paths will use this directory as base
	StartDirectory string `json:"start_directory,omitempty"`
	// TwoFactorAuthProtocols defines protocols that require two factor authentication
	TwoFactorAuthProtocols []string `json:"two_factor_protocols,omitempty"`
	// Define the FTP security mode. Set to 1 to require TLS for both data and control
	// connection. This setting is useful if you want to allow both encrypted and plain text
	// FTP sessions globally and then you want to require encrypted sessions on a per-user
	// basis.
	// It has no effect if TLS is already required for all users in the configuration file.
	FTPSecurity int `json:"ftp_security,omitempty"`
	// If enabled the user can login with any password or no password at all.
	// Anonymous users are supported for FTP and WebDAV protocols and
	// permissions will be automatically set to "list" and "download" (read only)
	IsAnonymous bool `json:"is_anonymous,omitempty"`
	// Defines the default expiration for newly created shares as number of days.
	// 0 means no expiration
	DefaultSharesExpiration int `json:"default_shares_expiration,omitempty"`
	// Defines the maximum sharing expiration as a number of days. If set, users
	// must set an expiration for their shares and it must be less than or equal
	// to this number of days. 0 means any expiration
	MaxSharesExpiration int `json:"max_shares_expiration,omitempty"`
	// The password expires after the defined number of days. 0 means no expiration
	PasswordExpiration int `json:"password_expiration,omitempty"`
	// PasswordStrength defines the minimum password strength.
	// 0 means disabled, any password will be accepted. Values in the 50-70
	// range are suggested for common use cases.
	PasswordStrength int `json:"password_strength,omitempty"`
	// AccessTime defines the time periods in which access is allowed
	AccessTime []TimePeriod `json:"access_time,omitempty"`
}

BaseUserFilters defines additional restrictions for a user

func (*BaseUserFilters) GetFlatFilePatterns added in v0.1.1 

func (f *BaseUserFilters) GetFlatFilePatterns() []PatternsFilter

GetFlatFilePatterns returns file patterns as flat list duplicating a path if it has both allowed and denied patterns

type BaseVirtualFolder 

type BaseVirtualFolder struct {
	ID            int64  `json:"id"`
	Name          string `json:"name"`
	MappedPath    string `json:"mapped_path,omitempty"`
	Description   string `json:"description,omitempty"`
	UsedQuotaSize int64  `json:"used_quota_size"`
	// Used quota as number of files
	UsedQuotaFiles int `json:"used_quota_files"`
	// Last quota update as unix timestamp in milliseconds
	LastQuotaUpdate int64 `json:"last_quota_update"`
	// list of usernames associated with this virtual folder
	Users []string `json:"users,omitempty"`
	// list of group names associated with this virtual folder
	Groups []string `json:"groups,omitempty"`
	// Filesystem configuration details
	FsConfig Filesystem `json:"filesystem"`
}

BaseVirtualFolder defines the path for the virtual folder and the used quota limits. The same folder can be shared among multiple users and each user can have different quota limits or a different virtual path.

type CryptFsConfig 

type CryptFsConfig struct {
	OSFsConfig
	Passphrase kms.BaseSecret `json:"passphrase,omitempty"`
}

CryptFsConfig defines the configuration to store local files as encrypted

type DirectoryPermissions 

type DirectoryPermissions struct {
	Path        string
	Permissions []string
}

DirectoryPermissions defines permissions for a directory virtual path

type Filesystem 

type Filesystem struct {
	Provider     FilesystemProvider `json:"provider"`
	OSConfig     OSFsConfig         `json:"osconfig,omitempty"`
	S3Config     S3FsConfig         `json:"s3config,omitempty"`
	GCSConfig    GCSFsConfig        `json:"gcsconfig,omitempty"`
	AzBlobConfig AzBlobFsConfig     `json:"azblobconfig,omitempty"`
	CryptConfig  CryptFsConfig      `json:"cryptconfig,omitempty"`
	SFTPConfig   SFTPFsConfig       `json:"sftpconfig,omitempty"`
	HTTPConfig   HTTPFsConfig       `json:"httpconfig,omitempty"`
}

Filesystem defines filesystem details

type FilesystemProvider 

type FilesystemProvider int

FilesystemProvider defines the supported storage filesystems 

const (
	LocalFilesystemProvider     FilesystemProvider = iota // Local
	S3FilesystemProvider                                  // AWS S3 compatible
	GCSFilesystemProvider                                 // Google Cloud Storage
	AzureBlobFilesystemProvider                           // Azure Blob Storage
	CryptedFilesystemProvider                             // Local encrypted
	SFTPFilesystemProvider                                // SFTP
	HTTPFilesystemProvider                                // HTTP
)

supported values for FilesystemProvider

type GCSFsConfig 

type GCSFsConfig struct {
	BaseGCSFsConfig
	Credentials kms.BaseSecret `json:"credentials,omitempty"`
}

GCSFsConfig defines the configuration for Google Cloud Storage based filesystems

type Group added in v0.1.1 

type Group struct {
	BaseGroup
	// settings to apply to users for whom this is a primary group
	UserSettings GroupUserSettings `json:"user_settings,omitempty"`
	// Mapping between virtual paths and virtual folders
	VirtualFolders []VirtualFolder `json:"virtual_folders,omitempty"`
}

Group defines an SFTPGo group. Groups are used to easily configure similar users

type GroupMapping added in v0.1.1 

type GroupMapping struct {
	Name string `json:"name"` // group name
	Type int    `json:"type"`
}

GroupMapping defines the mapping between an SFTPGo user and a group

type GroupUserSettings added in v0.1.1 

type GroupUserSettings struct {
	BaseGroupUserSettings
	// Filesystem configuration details
	FsConfig Filesystem `json:"filesystem"`
}

GroupUserSettings defines the settings to apply to users

type HTTPFsConfig added in v0.1.2 

type HTTPFsConfig struct {
	BaseHTTPFsConfig
	Password kms.BaseSecret `json:"password,omitempty"`
	APIKey   kms.BaseSecret `json:"api_key,omitempty"`
}

HTTPFsConfig defines the configuration for HTTP based filesystem

type HooksFilter 

type HooksFilter struct {
	ExternalAuthDisabled  bool `json:"external_auth_disabled"`
	PreLoginDisabled      bool `json:"pre_login_disabled"`
	CheckPasswordDisabled bool `json:"check_password_disabled"`
}

HooksFilter defines user specific overrides for global hooks

type OSFsConfig added in v0.1.4 

type OSFsConfig struct {
	// Read buffer size as bytes, 0 means no buffering
	ReadBufferSize int `json:"read_buffer_size,omitempty"`
	// Write buffer size as bytes, 0 means no buffering
	WriteBufferSize int `json:"write_buffer_size,omitempty"`
}

OSFsConfig defines the configuration for local filesystem

type PatternsFilter 

type PatternsFilter struct {
	// Virtual path, if no other specific filter is defined, the filter applies for
	// sub directories too.
	// For example if filters are defined for the paths "/" and "/sub" then the
	// filters for "/" are applied for any file outside the "/sub" directory
	Path string `json:"path"`
	// files/dir with these, case insensitive, patterns are allowed.
	// Denied file patterns are evaluated before the allowed ones
	AllowedPatterns []string `json:"allowed_patterns,omitempty"`
	// files/dir with these, case insensitive, patterns are not allowed.
	// Denied file patterns are evaluated before the allowed ones
	DeniedPatterns []string `json:"denied_patterns,omitempty"`
	// Deny policy
	DenyPolicy int `json:"deny_policy,omitempty"`
}

PatternsFilter defines filters based on shell like patterns. System commands such as Git and rsync interacts with the filesystem directly and they are not aware about these restrictions so they are not allowed inside paths with extensions filters

func (*PatternsFilter) CheckAllowed added in v0.1.1 

func (p *PatternsFilter) CheckAllowed(item string) bool

CheckAllowed returns true if the specified item is allowed

func (*PatternsFilter) GetCommaSeparatedPatterns 

func (p *PatternsFilter) GetCommaSeparatedPatterns() string

GetCommaSeparatedPatterns returns the first non empty patterns list comma separated

func (*PatternsFilter) IsAllowed 

func (p *PatternsFilter) IsAllowed() bool

IsAllowed returns true if the patterns has one or more allowed patterns

func (*PatternsFilter) IsDenied 

func (p *PatternsFilter) IsDenied() bool

IsDenied returns true if the patterns has one or more denied patterns

type RecoveryCode 

type RecoveryCode struct {
	Secret kms.BaseSecret `json:"secret"`
	Used   bool           `json:"used,omitempty"`
}

RecoveryCode defines a 2FA recovery code

type S3FsConfig 

type S3FsConfig struct {
	BaseS3FsConfig
	AccessSecret kms.BaseSecret `json:"access_secret,omitempty"`
}

S3FsConfig defines the base configuration for S3 based filesystems

type SFTPFsConfig 

type SFTPFsConfig struct {
	BaseSFTPFsConfig
	Password      kms.BaseSecret `json:"password,omitempty"`
	PrivateKey    kms.BaseSecret `json:"private_key,omitempty"`
	KeyPassphrase kms.BaseSecret `json:"key_passphrase,omitempty"`
}

SFTPFsConfig defines the configuration for SFTP based filesystem

type TLSUsername 

type TLSUsername string

TLSUsername defines the TLS certificate attribute to use as username 

const (
	TLSUsernameNone TLSUsername = "None"
	TLSUsernameCN   TLSUsername = "CommonName"
)

Supported certificate attributes to use as username

type TOTPConfig 

type TOTPConfig struct {
	Enabled    bool           `json:"enabled,omitempty"`
	ConfigName string         `json:"config_name,omitempty"`
	Secret     kms.BaseSecret `json:"secret,omitempty"`
	// TOTP will be required for the specified protocols.
	// SSH protocol (SFTP/SCP/SSH commands) will ask for the TOTP passcode if the client uses keyboard interactive
	// authentication.
	// FTP have no standard way to support two factor authentication, if you
	// enable the support for this protocol you have to add the TOTP passcode after the password.
	// For example if your password is "password" and your one time passcode is
	// "123456" you have to use "password123456" as password.
	Protocols []string `json:"protocols,omitempty"`
}

TOTPConfig defines the time-based one time password configuration

type TimePeriod added in v0.1.7 

type TimePeriod struct {
	DayOfWeek int    `json:"day_of_week,omitempty"`
	From      string `json:"from,omitempty"`
	To        string `json:"to,omitempty"`
}

TimePeriod defines a period of time

type User 

type User struct {
	BaseUser
	// Additional restrictions
	Filters UserFilters `json:"filters"`
	// Mapping between virtual paths and virtual folders
	VirtualFolders []VirtualFolder `json:"virtual_folders,omitempty"`
	// Filesystem configuration details
	FsConfig Filesystem `json:"filesystem"`
}

User defines a SFTPGo user

type UserFilters 

type UserFilters struct {
	BaseUserFilters
	// User must change password from WebClient/REST API at next login.
	RequirePasswordChange bool `json:"require_password_change,omitempty"`
	// Time-based one time passwords configuration
	TOTPConfig TOTPConfig `json:"totp_config,omitempty"`
	// Recovery codes to use if the user loses access to their second factor auth device.
	// Each code can only be used once, you should use these codes to login and disable or
	// reset 2FA for your account
	RecoveryCodes []RecoveryCode `json:"recovery_codes,omitempty"`
}

UserFilters defines additional restrictions for a user TODO: rename to UserOptions in v3

type UserType 

type UserType string

UserType defines the supported user types. This is an hint for external auth plugins, is not used in SFTPGo directly 

const (
	UserTypeLDAP UserType = "LDAPUser"
	UserTypeOS   UserType = "OSUser"
)

User types, auth plugins could use this info to choose the correct authentication backend

type VirtualFolder 

type VirtualFolder struct {
	BaseVirtualFolder
	VirtualPath string `json:"virtual_path"`
	// Maximum size allowed as bytes. 0 means unlimited, -1 included in user quota
	QuotaSize int64 `json:"quota_size"`
	// Maximum number of files allowed. 0 means unlimited, -1 included in user quota
	QuotaFiles int `json:"quota_files"`
}

VirtualFolder defines a mapping between an SFTPGo exposed virtual path and a filesystem path outside the user home directory. The specified paths must be absolute and the virtual path cannot be "/", it must be a sub directory. The parent directory for the specified virtual path must exist. SFTPGo will, by default, try to automatically create any missing parent directory for the configured virtual folders at user login.

Source Files

View all Source files

Directories

Path Synopsis
Package kms provides Key Management Services support
 Package kms provides Key Management Services support
auth
Package auth defines the interface and the GRPC implementation for authentication plugins.
 Package auth defines the interface and the GRPC implementation for authentication plugins.
auth/proto
eventsearcher
Package eventsearcher defines the interface and the GRPC implementation for events search plugins.
 Package eventsearcher defines the interface and the GRPC implementation for events search plugins.
eventsearcher/proto
ipfilter
Package ipfilter defines the interface and the GRPC implementation for IP filter plugins.
 Package ipfilter defines the interface and the GRPC implementation for IP filter plugins.
ipfilter/proto
kms
Package kms defines the interface and the GRPC implementation for kms plugins.
 Package kms defines the interface and the GRPC implementation for kms plugins.
kms/proto
notifier
Package notifier defines the interface and the GRPC implementation for event notifier plugins.
 Package notifier defines the interface and the GRPC implementation for event notifier plugins.
notifier/proto

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.