diff --git a/.cirrus.yml b/.cirrus.yml
index 568c34d7..7c45f1fc 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -2,17 +2,17 @@ freebsd_task:
name: FreeBSD
matrix:
- - name: FreeBSD 14.3
+ - name: FreeBSD 14.1
freebsd_instance:
- image_family: freebsd-14-3
+ image_family: freebsd-14-1
pkginstall_script:
- pkg update -f
- - pkg install -y go125
+ - pkg install -y go122
- pkg install -y git
setup_script:
- - ln -s /usr/local/bin/go125 /usr/local/bin/go
+ - ln -s /usr/local/bin/go122 /usr/local/bin/go
- pw groupadd sftpgo
- pw useradd sftpgo -g sftpgo -w none -m
- mkdir /home/sftpgo/sftpgo
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
index 934cc584..74b99f7a 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -7,10 +7,8 @@ body:
attributes:
value: |
### 👍 Thank you for contributing to our project!
- Before asking for help please check our [support policy](https://github.com/drakkan/sftpgo?tab=readme-ov-file#support).
- If you are a [commercial user](https://sftpgo.com/) please contact us using the dedicated [email address](mailto:support@sftpgo.com).
- If you'd like to contribute code, please make sure to read and understand our [Contributor License Agreement (CLA)](https://sftpgo.com/cla.html).
- You’ll be asked to accept it when submitting a pull request.
+ Before asking for help please check the [support policy](https://github.com/drakkan/sftpgo#support-policy).
+ If you are a commercial user or a project sponsor please contact us using the dedicated [email address](mailto:support@sftpgo.com).
- type: checkboxes
id: before-posting
attributes:
diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml
index 5fd83037..f0cf871b 100644
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -2,14 +2,6 @@ name: 🚀 Feature request
description: Suggest an idea for SFTPGo
labels: ["suggestion"]
body:
- - type: markdown
- attributes:
- value: |
- ### 👍 Thank you for contributing to our project!
- Before asking for help please check our [support policy](https://github.com/drakkan/sftpgo?tab=readme-ov-file#support).
- If you are a [commercial user](https://sftpgo.com/) please contact us using the dedicated [email address](mailto:support@sftpgo.com).
- If you'd like to contribute code, please make sure to read and understand our [Contributor License Agreement (CLA)](https://sftpgo.com/cla.html).
- You’ll be asked to accept it when submitting a pull request.
- type: textarea
attributes:
label: Is your feature request related to a problem? Please describe.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index db26ed74..08edea2d 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -15,22 +15,22 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v6
+ uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
- uses: actions/setup-go@v6
+ uses: actions/setup-go@v5
with:
- go-version: '1.25'
+ go-version: '1.22'
- name: Initialize CodeQL
- uses: github/codeql-action/init@v4
+ uses: github/codeql-action/init@v3
with:
languages: go
- name: Autobuild
- uses: github/codeql-action/autobuild@v4
+ uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v4
\ No newline at end of file
+ uses: github/codeql-action/analyze@v3
\ No newline at end of file
diff --git a/.github/workflows/development.yml b/.github/workflows/development.yml
index 45769de3..4b73b415 100644
--- a/.github/workflows/development.yml
+++ b/.github/workflows/development.yml
@@ -2,7 +2,7 @@ name: CI
on:
push:
- branches: [main]
+ branches: [2.6.x]
pull_request:
permissions:
@@ -15,16 +15,16 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
- go: ['1.26']
+ go: ['1.22']
os: [ubuntu-latest, macos-latest]
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
- uses: actions/setup-go@v6
+ uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go }}
@@ -50,7 +50,7 @@ jobs:
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
with:
- files: ./coverage.txt
+ file: ./coverage.txt
fail_ci_if_error: false
token: ${{ secrets.CODECOV_TOKEN }}
@@ -93,34 +93,92 @@ jobs:
- name: Upload build artifact
if: startsWith(matrix.os, 'ubuntu-') != true
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo-${{ matrix.os }}-go-${{ matrix.go }}
path: output
test-deploy-windows:
name: Test and deploy Windows
+ environment: signing
runs-on: windows-latest
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@v4
with:
fetch-depth: 0
- - name: Set up Go
- uses: actions/setup-go@v6
+ - name: Azure login
+ if: ${{ github.event_name != 'pull_request' }}
+ uses: azure/login@v2
with:
- go-version: '1.26'
+ client-id: ${{ secrets.AZURE_CLIENT_ID }}
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+ subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- - name: Run test cases using SQLite provider
+ - name: Set up Go
+ uses: actions/setup-go@v5
+ with:
+ go-version: '1.22'
+
+ - name: Build
run: |
+ $GIT_COMMIT = (git describe --always --abbrev=8 --dirty) | Out-String
+ $DATE_TIME = ([datetime]::Now.ToUniversalTime().toString("yyyy-MM-ddTHH:mm:ssZ")) | Out-String
+ $LATEST_TAG = ((git describe --tags $(git rev-list --tags --max-count=1)) | Out-String).Trim()
+ $REV_LIST=$LATEST_TAG+"..HEAD"
+ $COMMITS_FROM_TAG= ((git rev-list $REV_LIST --count) | Out-String).Trim()
+ $FILE_VERSION = $LATEST_TAG.substring(1) + "." + $COMMITS_FROM_TAG
+ go install github.com/tc-hib/go-winres@latest
+ go-winres simply --arch amd64 --product-version $LATEST_TAG-dev-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo server" --product-name SFTPGo --copyright "AGPL-3.0 with additional terms" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico
+ go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=$GIT_COMMIT -X github.com/drakkan/sftpgo/v2/internal/version.date=$DATE_TIME" -o sftpgo.exe
cd tests/eventsearcher
go build -trimpath -ldflags "-s -w" -o eventsearcher.exe
cd ../..
cd tests/ipfilter
go build -trimpath -ldflags "-s -w" -o ipfilter.exe
cd ../..
- go test -v -tags nopgxregisterdefaulttypes,disable_grpc_modules -p 1 -timeout 15m ./... -coverprofile=coverage.txt -covermode=atomic
+ mkdir arm64
+ $Env:CGO_ENABLED='0'
+ $Env:GOOS='windows'
+ $Env:GOARCH='arm64'
+ go-winres simply --arch arm64 --product-version $LATEST_TAG-dev-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo server" --product-name SFTPGo --copyright "AGPL-3.0 with additional terms" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico
+ go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules,nosqlite -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=$GIT_COMMIT -X github.com/drakkan/sftpgo/v2/internal/version.date=$DATE_TIME" -o .\arm64\sftpgo.exe
+ mkdir x86
+ $Env:GOARCH='386'
+ go-winres simply --arch 386 --product-version $LATEST_TAG-dev-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo server" --product-name SFTPGo --copyright "AGPL-3.0 with additional terms" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico
+ go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules,nosqlite -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=$GIT_COMMIT -X github.com/drakkan/sftpgo/v2/internal/version.date=$DATE_TIME" -o .\x86\sftpgo.exe
+ Remove-Item Env:\CGO_ENABLED
+ Remove-Item Env:\GOOS
+ Remove-Item Env:\GOARCH
+
+ - name: Sign binaries
+ if: ${{ github.event_name != 'pull_request' }}
+ uses: azure/trusted-signing-action@v0.5.0
+ with:
+ endpoint: https://eus.codesigning.azure.net/
+ trusted-signing-account-name: nicola
+ certificate-profile-name: SFTPGo
+ files: |
+ ${{ github.workspace }}\sftpgo.exe
+ ${{ github.workspace }}\arm64\sftpgo.exe
+ ${{ github.workspace }}\x86\sftpgo.exe
+ file-digest: SHA256
+ timestamp-rfc3161: http://timestamp.acs.microsoft.com
+ timestamp-digest: SHA256
+ exclude-environment-credential: true
+ exclude-workload-identity-credential: true
+ exclude-managed-identity-credential: true
+ exclude-shared-token-cache-credential: true
+ exclude-visual-studio-credential: true
+ exclude-visual-studio-code-credential: true
+ exclude-azure-cli-credential: false
+ exclude-azure-powershell-credential: true
+ exclude-azure-developer-cli-credential: true
+ exclude-interactive-browser-credential: true
+
+ - name: Run test cases using SQLite provider
+ run: go test -v -tags nopgxregisterdefaulttypes,disable_grpc_modules -p 1 -timeout 15m ./... -coverprofile=coverage.txt -covermode=atomic
- name: Run test cases using bolt provider
run: |
@@ -143,31 +201,6 @@ jobs:
SFTPGO_DATA_PROVIDER__DRIVER: memory
SFTPGO_DATA_PROVIDER__NAME: ''
- - name: Build
- run: |
- $GIT_COMMIT = (git describe --always --abbrev=8 --dirty) | Out-String
- $DATE_TIME = ([datetime]::Now.ToUniversalTime().toString("yyyy-MM-ddTHH:mm:ssZ")) | Out-String
- $LATEST_TAG = ((git describe --tags $(git rev-list --tags --max-count=1)) | Out-String).Trim()
- $REV_LIST=$LATEST_TAG+"..HEAD"
- $COMMITS_FROM_TAG= ((git rev-list $REV_LIST --count) | Out-String).Trim()
- $FILE_VERSION = $LATEST_TAG.substring(1) + "." + $COMMITS_FROM_TAG
- go install github.com/tc-hib/go-winres@latest
- go-winres simply --arch amd64 --product-version $LATEST_TAG-dev-$GIT_COMMIT --file-version "$FILE_VERSION" --file-description "SFTPGo server" --product-name SFTPGo --copyright "2019-2025 Nicola Murino" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico
- go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=$GIT_COMMIT -X github.com/drakkan/sftpgo/v2/internal/version.date=$DATE_TIME" -o sftpgo.exe
- mkdir arm64
- $Env:CGO_ENABLED='0'
- $Env:GOOS='windows'
- $Env:GOARCH='arm64'
- go-winres simply --arch arm64 --product-version $LATEST_TAG-dev-$GIT_COMMIT --file-version "$FILE_VERSION" --file-description "SFTPGo server" --product-name SFTPGo --copyright "2019-2025 Nicola Murino" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico
- go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules,nosqlite -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=$GIT_COMMIT -X github.com/drakkan/sftpgo/v2/internal/version.date=$DATE_TIME" -o .\arm64\sftpgo.exe
- mkdir x86
- $Env:GOARCH='386'
- go-winres simply --arch 386 --product-version $LATEST_TAG-dev-$GIT_COMMIT --file-version "$FILE_VERSION" --file-description "SFTPGo server" --product-name SFTPGo --copyright "2019-2025 Nicola Murino" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico
- go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules,nosqlite -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=$GIT_COMMIT -X github.com/drakkan/sftpgo/v2/internal/version.date=$DATE_TIME" -o .\x86\sftpgo.exe
- Remove-Item Env:\CGO_ENABLED
- Remove-Item Env:\GOOS
- Remove-Item Env:\GOARCH
-
- name: Initialize data provider
run: |
rm sftpgo.db
@@ -177,7 +210,6 @@ jobs:
- name: Prepare Windows installers
if: ${{ github.event_name != 'pull_request' }}
run: |
- choco install innosetup
Remove-Item -LiteralPath "output" -Force -Recurse -ErrorAction Ignore
mkdir output
copy .\sftpgo.exe .\output
@@ -214,23 +246,48 @@ jobs:
$Env:SFTPGO_ISS_ARCH='x86'
iscc .\windows-installer\sftpgo.iss
+ - name: Sign installers
+ if: ${{ github.event_name != 'pull_request' }}
+ uses: azure/trusted-signing-action@v0.5.0
+ with:
+ endpoint: https://eus.codesigning.azure.net/
+ trusted-signing-account-name: nicola
+ certificate-profile-name: SFTPGo
+ files: |
+ ${{ github.workspace }}\sftpgo_windows_x86_64.exe
+ ${{ github.workspace }}\sftpgo_windows_arm64.exe
+ ${{ github.workspace }}\sftpgo_windows_x86.exe
+ file-digest: SHA256
+ timestamp-rfc3161: http://timestamp.acs.microsoft.com
+ timestamp-digest: SHA256
+ exclude-environment-credential: true
+ exclude-workload-identity-credential: true
+ exclude-managed-identity-credential: true
+ exclude-shared-token-cache-credential: true
+ exclude-visual-studio-credential: true
+ exclude-visual-studio-code-credential: true
+ exclude-azure-cli-credential: false
+ exclude-azure-powershell-credential: true
+ exclude-azure-developer-cli-credential: true
+ exclude-interactive-browser-credential: true
+
- name: Upload Windows installer x86_64 artifact
if: ${{ github.event_name != 'pull_request' }}
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo_windows_installer_x86_64
path: ./sftpgo_windows_x86_64.exe
- name: Upload Windows installer arm64 artifact
if: ${{ github.event_name != 'pull_request' }}
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo_windows_installer_arm64
path: ./sftpgo_windows_arm64.exe
- name: Upload Windows installer x86 artifact
if: ${{ github.event_name != 'pull_request' }}
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo_windows_installer_x86
path: ./sftpgo_windows_x86.exe
@@ -254,7 +311,7 @@ jobs:
xcopy .\openapi .\output\openapi\ /E
- name: Upload build artifact
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo-windows-portable
path: output
@@ -264,12 +321,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@v4
- name: Set up Go
- uses: actions/setup-go@v6
+ uses: actions/setup-go@v5
with:
- go-version: '1.26'
+ go-version: '1.22'
- name: Build
run: |
@@ -328,12 +385,12 @@ jobs:
- 3308:3306
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@v4
- name: Set up Go
- uses: actions/setup-go@v6
+ uses: actions/setup-go@v5
with:
- go-version: '1.26'
+ go-version: '1.22'
- name: Build
run: |
@@ -427,7 +484,7 @@ jobs:
go: latest
go-arch: arm7
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@v4
with:
fetch-depth: 0
@@ -472,7 +529,7 @@ jobs:
gzip output/man/man1/*
cp sftpgo output/
- - uses: uraimo/run-on-arch-action@v3
+ - uses: uraimo/run-on-arch-action@v2
if: ${{ matrix.arch != 'amd64' }}
name: Build for ${{ matrix.arch }}
id: build
@@ -521,7 +578,7 @@ jobs:
cp sftpgo output/
- name: Upload build artifact
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo-linux-${{ matrix.arch }}-go-${{ matrix.go }}
path: output
@@ -536,13 +593,13 @@ jobs:
echo "pkg-version=${PKG_VERSION}" >> $GITHUB_OUTPUT
- name: Upload Debian Package
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo-${{ steps.build_linux_pkgs.outputs.pkg-version }}-${{ matrix.go-arch }}-deb
path: pkgs/dist/deb/*
- name: Upload RPM Package
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo-${{ steps.build_linux_pkgs.outputs.pkg-version }}-${{ matrix.go-arch }}-rpm
path: pkgs/dist/rpm/*
@@ -552,11 +609,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Set up Go
- uses: actions/setup-go@v6
+ uses: actions/setup-go@v5
with:
- go-version: '1.26'
- - uses: actions/checkout@v6
+ go-version: '1.22'
+ - uses: actions/checkout@v4
- name: Run golangci-lint
- uses: golangci/golangci-lint-action@v9
+ uses: golangci/golangci-lint-action@v6
with:
+ args: --timeout=10m
version: latest
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 822c916e..33782ead 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -5,7 +5,7 @@ on:
# - cron: '0 4 * * *' # everyday at 4:00 AM UTC
push:
branches:
- - main
+ - 2.6.x
tags:
- v*
pull_request:
@@ -33,7 +33,7 @@ jobs:
optional_deps: true
steps:
- name: Checkout
- uses: actions/checkout@v6
+ uses: actions/checkout@v4
- name: Gather image information
id: info
@@ -141,21 +141,21 @@ jobs:
OPTIONAL_DEPS: ${{ matrix.optional_deps }}
- name: Set up QEMU
- uses: docker/setup-qemu-action@v4
+ uses: docker/setup-qemu-action@v3
- name: Set up builder
- uses: docker/setup-buildx-action@v4
+ uses: docker/setup-buildx-action@v3
id: builder
- name: Login to Docker Hub
- uses: docker/login-action@v4
+ uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
if: ${{ github.event_name != 'pull_request' }}
- name: Login to GitHub Container Registry
- uses: docker/login-action@v4
+ uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
@@ -163,7 +163,7 @@ jobs:
if: ${{ github.event_name != 'pull_request' }}
- name: Build and push
- uses: docker/build-push-action@v7
+ uses: docker/build-push-action@v5
with:
context: .
builder: ${{ steps.builder.outputs.name }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9ac10ee5..9d304a64 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -9,16 +9,16 @@ permissions:
contents: write
env:
- GO_VERSION: 1.25.8
+ GO_VERSION: 1.22.9
jobs:
prepare-sources-with-deps:
name: Prepare sources with deps
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@v4
- name: Set up Go
- uses: actions/setup-go@v6
+ uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
@@ -36,7 +36,7 @@ jobs:
SFTPGO_VERSION: ${{ steps.get_version.outputs.VERSION }}
- name: Upload build artifact
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.VERSION }}_src_with_deps.tar.xz
path: ./sftpgo_${{ steps.get_version.outputs.VERSION }}_src_with_deps.tar.xz
@@ -44,15 +44,23 @@ jobs:
prepare-windows:
name: Prepare Windows binaries
+ environment: signing
runs-on: windows-2022
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@v4
- name: Set up Go
- uses: actions/setup-go@v6
+ uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
+ - name: Azure login
+ uses: azure/login@v2
+ with:
+ client-id: ${{ secrets.AZURE_CLIENT_ID }}
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+ subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
- name: Get SFTPGo version
id: get_version
run: echo "VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT
@@ -64,17 +72,17 @@ jobs:
$DATE_TIME = ([datetime]::Now.ToUniversalTime().toString("yyyy-MM-ddTHH:mm:ssZ")) | Out-String
$FILE_VERSION = $Env:SFTPGO_VERSION.substring(1) + ".0"
go install github.com/tc-hib/go-winres@latest
- go-winres simply --arch amd64 --product-version $Env:SFTPGO_VERSION-$GIT_COMMIT --file-version "$FILE_VERSION" --file-description "SFTPGo server" --product-name SFTPGo --copyright "2019-2025 Nicola Murino" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico
+ go-winres simply --arch amd64 --product-version $Env:SFTPGO_VERSION-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo server" --product-name SFTPGo --copyright "AGPL-3.0 with additional terms" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico
go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=$GIT_COMMIT -X github.com/drakkan/sftpgo/v2/internal/version.date=$DATE_TIME" -o sftpgo.exe
mkdir arm64
$Env:CGO_ENABLED='0'
$Env:GOOS='windows'
$Env:GOARCH='arm64'
- go-winres simply --arch arm64 --product-version $Env:SFTPGO_VERSION-$GIT_COMMIT --file-version "$FILE_VERSION" --file-description "SFTPGo server" --product-name SFTPGo --copyright "2019-2025 Nicola Murino" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico
+ go-winres simply --arch arm64 --product-version $Env:SFTPGO_VERSION-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo server" --product-name SFTPGo --copyright "AGPL-3.0 with additional terms" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico
go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules,nosqlite -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=$GIT_COMMIT -X github.com/drakkan/sftpgo/v2/internal/version.date=$DATE_TIME" -o .\arm64\sftpgo.exe
mkdir x86
$Env:GOARCH='386'
- go-winres simply --arch 386 --product-version $Env:SFTPGO_VERSION-$GIT_COMMIT --file-version "$FILE_VERSION" --file-description "SFTPGo server" --product-name SFTPGo --copyright "2019-2025 Nicola Murino" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico
+ go-winres simply --arch 386 --product-version $Env:SFTPGO_VERSION-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo server" --product-name SFTPGo --copyright "AGPL-3.0 with additional terms" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico
go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules,nosqlite -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=$GIT_COMMIT -X github.com/drakkan/sftpgo/v2/internal/version.date=$DATE_TIME" -o .\x86\sftpgo.exe
Remove-Item Env:\CGO_ENABLED
Remove-Item Env:\GOOS
@@ -82,6 +90,30 @@ jobs:
env:
SFTPGO_VERSION: ${{ steps.get_version.outputs.VERSION }}
+ - name: Sign binaries
+ uses: azure/trusted-signing-action@v0.5.0
+ with:
+ endpoint: https://eus.codesigning.azure.net/
+ trusted-signing-account-name: nicola
+ certificate-profile-name: SFTPGo
+ files: |
+ ${{ github.workspace }}\sftpgo.exe
+ ${{ github.workspace }}\arm64\sftpgo.exe
+ ${{ github.workspace }}\x86\sftpgo.exe
+ file-digest: SHA256
+ timestamp-rfc3161: http://timestamp.acs.microsoft.com
+ timestamp-digest: SHA256
+ exclude-environment-credential: true
+ exclude-workload-identity-credential: true
+ exclude-managed-identity-credential: true
+ exclude-shared-token-cache-credential: true
+ exclude-visual-studio-credential: true
+ exclude-visual-studio-code-credential: true
+ exclude-azure-cli-credential: false
+ exclude-azure-powershell-credential: true
+ exclude-azure-developer-cli-credential: true
+ exclude-interactive-browser-credential: true
+
- name: Initialize data provider
run: ./sftpgo initprovider
shell: bash
@@ -120,6 +152,30 @@ jobs:
env:
SFTPGO_ISS_VERSION: ${{ steps.get_version.outputs.VERSION }}
+ - name: Sign installers
+ uses: azure/trusted-signing-action@v0.5.0
+ with:
+ endpoint: https://eus.codesigning.azure.net/
+ trusted-signing-account-name: nicola
+ certificate-profile-name: SFTPGo
+ files: |
+ ${{ github.workspace }}\sftpgo_windows_x86_64.exe
+ ${{ github.workspace }}\sftpgo_windows_arm64.exe
+ ${{ github.workspace }}\sftpgo_windows_x86.exe
+ file-digest: SHA256
+ timestamp-rfc3161: http://timestamp.acs.microsoft.com
+ timestamp-digest: SHA256
+ exclude-environment-credential: true
+ exclude-workload-identity-credential: true
+ exclude-managed-identity-credential: true
+ exclude-shared-token-cache-credential: true
+ exclude-visual-studio-credential: true
+ exclude-visual-studio-code-credential: true
+ exclude-azure-cli-credential: false
+ exclude-azure-powershell-credential: true
+ exclude-azure-developer-cli-credential: true
+ exclude-interactive-browser-credential: true
+
- name: Prepare Portable Release
run: |
mkdir win-portable
@@ -142,28 +198,28 @@ jobs:
Compress-Archive .\win-portable\* sftpgo_portable.zip
- name: Upload Windows installer x86_64 artifact
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.VERSION }}_windows_x86_64.exe
path: ./sftpgo_windows_x86_64.exe
retention-days: 1
- name: Upload Windows installer arm64 artifact
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.VERSION }}_windows_arm64.exe
path: ./sftpgo_windows_arm64.exe
retention-days: 1
- name: Upload Windows installer x86 artifact
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.VERSION }}_windows_x86.exe
path: ./sftpgo_windows_x86.exe
retention-days: 1
- name: Upload Windows portable artifact
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.VERSION }}_windows_portable.zip
path: ./sftpgo_portable.zip
@@ -171,12 +227,12 @@ jobs:
prepare-mac:
name: Prepare macOS binaries
- runs-on: macos-14
+ runs-on: macos-12
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@v4
- name: Set up Go
- uses: actions/setup-go@v6
+ uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
@@ -225,14 +281,14 @@ jobs:
SFTPGO_VERSION: ${{ steps.get_version.outputs.VERSION }}
- name: Upload macOS x86_64 artifact
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.VERSION }}_macOS_x86_64.tar.xz
path: ./sftpgo_${{ steps.get_version.outputs.VERSION }}_macOS_x86_64.tar.xz
retention-days: 1
- name: Upload macOS arm64 artifact
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.VERSION }}_macOS_arm64.tar.xz
path: ./sftpgo_${{ steps.get_version.outputs.VERSION }}_macOS_arm64.tar.xz
@@ -270,7 +326,7 @@ jobs:
tar-arch: armv7
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@v4
- name: Get versions
id: get_version
@@ -323,7 +379,7 @@ jobs:
env:
SFTPGO_VERSION: ${{ steps.get_version.outputs.SFTPGO_VERSION }}
- - uses: uraimo/run-on-arch-action@v3
+ - uses: uraimo/run-on-arch-action@v2
if: ${{ matrix.arch != 'amd64' }}
name: Build for ${{ matrix.arch }}
id: build
@@ -372,7 +428,7 @@ jobs:
cd ..
- name: Upload build artifact for ${{ matrix.arch }}
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_linux_${{ matrix.tar-arch }}.tar.xz
path: ./output/sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_linux_${{ matrix.tar-arch }}.tar.xz
@@ -390,14 +446,14 @@ jobs:
SFTPGO_VERSION: ${{ steps.get_version.outputs.SFTPGO_VERSION }}
- name: Upload Deb Package
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo_${{ steps.build_linux_pkgs.outputs.pkg-version }}-1_${{ matrix.deb-arch}}.deb
path: ./pkgs/dist/deb/sftpgo_${{ steps.build_linux_pkgs.outputs.pkg-version }}-1_${{ matrix.deb-arch}}.deb
retention-days: 1
- name: Upload RPM Package
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo-${{ steps.build_linux_pkgs.outputs.pkg-version }}-1.${{ matrix.rpm-arch}}.rpm
path: ./pkgs/dist/rpm/sftpgo-${{ steps.build_linux_pkgs.outputs.pkg-version }}-1.${{ matrix.rpm-arch}}.rpm
@@ -416,22 +472,22 @@ jobs:
shell: bash
- name: Download amd64 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_linux_x86_64.tar.xz
- name: Download arm64 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_linux_arm64.tar.xz
- name: Download ppc64le artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_linux_ppc64le.tar.xz
- name: Download armv7 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_linux_armv7.tar.xz
@@ -454,7 +510,7 @@ jobs:
SFTPGO_VERSION: ${{ steps.get_version.outputs.SFTPGO_VERSION }}
- name: Upload Linux bundle
- uses: actions/upload-artifact@v7
+ uses: actions/upload-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_linux_bundle.tar.xz
path: ./bundle/sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_linux_bundle.tar.xz
@@ -466,7 +522,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@v4
- name: Get versions
id: get_version
run: |
@@ -477,102 +533,102 @@ jobs:
shell: bash
- name: Download amd64 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_linux_x86_64.tar.xz
- name: Download arm64 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_linux_arm64.tar.xz
- name: Download ppc64le artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_linux_ppc64le.tar.xz
- name: Download armv7 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_linux_armv7.tar.xz
- name: Download Linux bundle artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_linux_bundle.tar.xz
- name: Download Deb amd64 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.PKG_VERSION }}-1_amd64.deb
- name: Download Deb arm64 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.PKG_VERSION }}-1_arm64.deb
- name: Download Deb ppc64le artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.PKG_VERSION }}-1_ppc64el.deb
- name: Download Deb armv7 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.PKG_VERSION }}-1_armhf.deb
- name: Download RPM x86_64 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo-${{ steps.get_version.outputs.PKG_VERSION }}-1.x86_64.rpm
- name: Download RPM aarch64 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo-${{ steps.get_version.outputs.PKG_VERSION }}-1.aarch64.rpm
- name: Download RPM ppc64le artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo-${{ steps.get_version.outputs.PKG_VERSION }}-1.ppc64le.rpm
- name: Download RPM armv7 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo-${{ steps.get_version.outputs.PKG_VERSION }}-1.armv7hl.rpm
- name: Download macOS x86_64 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_macOS_x86_64.tar.xz
- name: Download macOS arm64 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_macOS_arm64.tar.xz
- name: Download Windows installer x86_64 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_windows_x86_64.exe
- name: Download Windows installer arm64 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_windows_arm64.exe
- name: Download Windows installer x86 artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_windows_x86.exe
- name: Download Windows portable artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_windows_portable.zip
- name: Download source with deps artifact
- uses: actions/download-artifact@v8
+ uses: actions/download-artifact@v4
with:
name: sftpgo_${{ steps.get_version.outputs.SFTPGO_VERSION }}_src_with_deps.tar.xz
diff --git a/.golangci.yml b/.golangci.yml
index 14f9c1f9..ac545673 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,66 +1,52 @@
-version: "2"
run:
+ timeout: 10m
issues-exit-code: 1
tests: true
+
+
+linters-settings:
+ dupl:
+ threshold: 150
+ errcheck:
+ check-type-assertions: false
+ check-blank: false
+ goconst:
+ min-len: 3
+ min-occurrences: 3
+ gocyclo:
+ min-complexity: 15
+ gofmt:
+ simplify: true
+ goimports:
+ local-prefixes: github.com/drakkan/sftpgo
+ #govet:
+ # report about shadowed variables
+ #check-shadowing: true
+ #enable:
+ # - fieldalignment
+
+issues:
+ include:
+ - EXC0002
+ - EXC0012
+ - EXC0013
+ - EXC0014
+ - EXC0015
+
linters:
enable:
- - bodyclose
- - dogsled
- - dupl
- goconst
- - gocyclo
- - misspell
- - revive
- - rowserrcheck
- - unconvert
- - unparam
- - whitespace
- settings:
- dupl:
- threshold: 150
- errcheck:
- check-type-assertions: false
- check-blank: false
- goconst:
- min-len: 3
- min-occurrences: 3
- gocyclo:
- min-complexity: 15
- # https://golangci-lint.run/usage/linters/#revive
- revive:
- rules:
- - name: var-naming
- severity: warning
- disabled: true
- exclude: [""]
- arguments:
- - ["ID"] # AllowList
- - ["VM"] # DenyList
- - - upper-case-const: true
- - - skip-package-name-checks: true
- exclusions:
- generated: lax
- presets:
- - common-false-positives
- - legacy
- - std-error-handling
- paths:
- - third_party$
- - builtin$
- - examples$
-formatters:
- enable:
+ - errcheck
- gofmt
- goimports
- settings:
- gofmt:
- simplify: true
- goimports:
- local-prefixes:
- - github.com/drakkan/sftpgo
- exclusions:
- generated: lax
- paths:
- - third_party$
- - builtin$
- - examples$
+ - revive
+ - unconvert
+ - unparam
+ - bodyclose
+ - gocyclo
+ - misspell
+ - whitespace
+ - dupl
+ - rowserrcheck
+ - dogsled
+ - govet
diff --git a/Dockerfile b/Dockerfile
index 65371870..bd26b684 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.26-trixie AS builder
+FROM golang:1.22-bookworm as builder
ENV GOFLAGS="-mod=readonly"
@@ -10,7 +10,7 @@ WORKDIR /workspace
ARG GOPROXY
COPY go.mod go.sum ./
-RUN go mod download && go mod verify
+RUN go mod download
ARG COMMIT_SHA
@@ -30,14 +30,14 @@ ARG DOWNLOAD_PLUGINS=false
RUN if [ "${DOWNLOAD_PLUGINS}" = "true" ]; then apt-get update && apt-get install --no-install-recommends -y curl && ./docker/scripts/download-plugins.sh; fi
-FROM debian:trixie-slim
+FROM debian:bookworm-slim
-# Set to "true" to install jq
+# Set to "true" to install jq and the optional git and rsync dependencies
ARG INSTALL_OPTIONAL_PACKAGES=false
RUN apt-get update && apt-get -y upgrade && apt-get install --no-install-recommends -y ca-certificates media-types && rm -rf /var/lib/apt/lists/*
-RUN if [ "${INSTALL_OPTIONAL_PACKAGES}" = "true" ]; then apt-get update && apt-get install --no-install-recommends -y jq && rm -rf /var/lib/apt/lists/*; fi
+RUN if [ "${INSTALL_OPTIONAL_PACKAGES}" = "true" ]; then apt-get update && apt-get install --no-install-recommends -y jq git rsync && rm -rf /var/lib/apt/lists/*; fi
RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo /srv/sftpgo/data /srv/sftpgo/backups
diff --git a/Dockerfile.alpine b/Dockerfile.alpine
index 494442dc..3b9f82f5 100644
--- a/Dockerfile.alpine
+++ b/Dockerfile.alpine
@@ -1,4 +1,4 @@
-FROM golang:1.26-alpine3.23 AS builder
+FROM golang:1.22-alpine3.19 AS builder
ENV GOFLAGS="-mod=readonly"
@@ -10,7 +10,7 @@ WORKDIR /workspace
ARG GOPROXY
COPY go.mod go.sum ./
-RUN go mod download && go mod verify
+RUN go mod download
ARG COMMIT_SHA
@@ -25,14 +25,14 @@ RUN set -xe && \
export COMMIT_SHA=${COMMIT_SHA:-$(git describe --always --abbrev=8 --dirty)} && \
go build $(if [ -n "${FEATURES}" ]; then echo "-tags ${FEATURES}"; fi) -trimpath -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=${COMMIT_SHA} -X github.com/drakkan/sftpgo/v2/internal/version.date=`date -u +%FT%TZ`" -v -o sftpgo
-FROM alpine:3.23
+FROM alpine:3.19
-# Set to "true" to install jq
+# Set to "true" to install jq and the optional git and rsync dependencies
ARG INSTALL_OPTIONAL_PACKAGES=false
RUN apk -U upgrade --no-cache && apk add --update --no-cache ca-certificates tzdata mailcap
-RUN if [ "${INSTALL_OPTIONAL_PACKAGES}" = "true" ]; then apk add --update --no-cache jq; fi
+RUN if [ "${INSTALL_OPTIONAL_PACKAGES}" = "true" ]; then apk add --update --no-cache jq git rsync; fi
RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo /srv/sftpgo/data /srv/sftpgo/backups
diff --git a/Dockerfile.distroless b/Dockerfile.distroless
index 36bc1406..a88e2fc4 100644
--- a/Dockerfile.distroless
+++ b/Dockerfile.distroless
@@ -1,4 +1,4 @@
-FROM golang:1.26-trixie AS builder
+FROM golang:1.22-bookworm as builder
ENV CGO_ENABLED=0 GOFLAGS="-mod=readonly"
@@ -10,7 +10,7 @@ WORKDIR /workspace
ARG GOPROXY
COPY go.mod go.sum ./
-RUN go mod download && go mod verify
+RUN go mod download
ARG COMMIT_SHA
@@ -32,7 +32,7 @@ RUN sed -i 's|"users_base_dir": "",|"users_base_dir": "/srv/sftpgo/data",|' sftp
RUN mkdir /etc/sftpgo /var/lib/sftpgo /srv/sftpgo
-FROM gcr.io/distroless/static-debian13
+FROM gcr.io/distroless/static-debian12
COPY --from=builder --chown=1000:1000 /etc/sftpgo /etc/sftpgo
COPY --from=builder --chown=1000:1000 /srv/sftpgo /srv/sftpgo
diff --git a/README.md b/README.md
index bee0bc4f..7971c843 100644
--- a/README.md
+++ b/README.md
@@ -1,51 +1,27 @@
# SFTPGo
-[](https://github.com/drakkan/sftpgo/workflows/CI/badge.svg)
+[](https://github.com/drakkan/sftpgo/workflows/CI/badge.svg?branch=main&event=push)
+[](https://codecov.io/gh/drakkan/sftpgo/branch/main)
[](https://www.gnu.org/licenses/agpl-3.0)
[](https://github.com/avelino/awesome-go)
-Full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. Storage backends: local filesystem, encrypted local filesystem, S3 (compatible) Object Storage, Google Cloud Storage, Azure Blob Storage, other SFTP servers.
+Full-featured and highly configurable event-driven file transfer solution.
+Server protocols: SFTP, HTTP/S, FTP/S, WebDAV.
+Storage backends: local filesystem, encrypted local filesystem, S3 (compatible) Object Storage, Google Cloud Storage, Azure Blob Storage, other SFTP servers.
With SFTPGo you can leverage local and cloud storage backends for exchanging and storing files internally or with business partners using the same tools and processes you are already familiar with.
-## Project Status & Editions
+The WebAdmin UI allows to easily create and manage your users, folders, groups and other resources.
-SFTPGo is an open-source project with a sustainable business model. We offer two editions to suit different requirements, ensuring the project remains healthy and maintained for everyone.
-
-### Open Source (Community)
-
-Free, Copyleft (AGPLv3), Community Supported. The Community edition is a fully functional, production-ready solution widely adopted worldwide. It includes all the core protocols, storage backends, and the WebAdmin/WebClient UIs. It is ideal for:
-
-- Standard file transfer needs.
-- Integrating storage backends (S3, GCS, Azure Blob) with legacy protocols.
-- Projects that are comfortable with AGPLv3 licensing.
-
-### SFTPGo Enterprise
-
-Commercial License, Professional Support, ISO 27001 Vendor. The Enterprise edition is built on the same core but extends it for mission-critical environments, compliance-heavy industries, and advanced workflows. It is a drop-in replacement (seamless upgrade).
-
-| Feature | Open Source (Community) | Enterprise Edition |
-| :--- | :--- | :--- |
-| **License Type** | AGPLv3 (Copyleft) | **Commercial License**
Proprietary/No Copyleft |
-| **Vendor Compliance** | Not Applicable
Community Project | **Certified Vendor**
ISO 27001 & Supply Chain Validation |
-| **Support** | Community (GitHub) | **Direct from Authors** |
-| **Cloud Storage Engine** | Standard | **High Performance & Scalable**
In-memory streaming (no local temp files) and up to 70% faster |
-| **High Availability (HA)** | Standard
Shared DB & Storage | **Advanced**
Enhanced event handling and optimized instance coordination |
-| **Automation Logic** | Simple Placeholders | **Dynamic Logic & Virtual Folders**
Conditions, loops, route data across storage backends |
-| **Data Lifecycle** | Delete / Retain | **Smart Archiving**
Move data to external Cloud/SFTP storage via Virtual Folders |
-| **Email Data Ingestion** | - | **Native IMAP Integration**
Auto-extract attachments from email to storage |
-| **Public Sharing** | Standard Links | **Advanced & Collaborative**
Email Authentication & Group Delegation |
-| **Data Protection** | - | **Encryption & Scanning**
Automated PGP, Antivirus & DLP via ICAP |
-| **Advanced Identity (SSO)** | Standard | **Extended Controls**
Advanced Single Sign-On parameters |
-| **Document Editing** | - | **Included**
View, edit, and co-author in browser |
-
-**Note**: We are committed to keeping the Open Source edition powerful and maintained. The Enterprise edition helps fund the development of the entire SFTPGo ecosystem.
+The WebClient UI allows end users to change their credentials, browse and manage their files in the browser and setup two-factor authentication which works with Microsoft Authenticator, Google Authenticator, Authy and other compatible apps.
## Sponsors
-If you rely on SFTPGo in your projects, consider becoming a [sponsor](https://github.com/sponsors/drakkan).
+We strongly believe in Open Source software model, so we decided to make SFTPGo available to everyone, but maintaining and evolving SFTPGo takes a lot of time and work. To make development and maintenance sustainable you should consider to support the project with a [sponsorship](https://github.com/sponsors/drakkan).
-Your sponsorship helps cover maintenance, security updates and ongoing development of the open-source edition.
+We love doing the work and we'd like to keep doing it - your support helps make SFTPGo possible.
+
+It is important to understand that you should support SFTPGo and any other Open Source project you rely on for ongoing maintenance, even if you don't have any questions or need new features, to mitigate the business risk of a project you depend on going unmaintained, with its security and development velocity implications.
### Thank you to our sponsors
@@ -65,39 +41,26 @@ Your sponsorship helps cover maintenance, security updates and ongoing developme
[
](https://www.7digital.com/)
-[
](https://servinga.com/)
-
-[
](https://www.reui.io/)
-
-## Documentation
-
-You can explore all supported features and configuration options at [docs.sftpgo.com](https://docs.sftpgo.com/latest/).
-
-**Note:** The link above refers to the **Community Edition**.
-For details on **Enterprise Edition**, please refer to the [Enterprise Documentation](https://docs.sftpgo.com/enterprise/).
+[
](https://www.vps2day.com/)
## Support
-- **Community Support**: use [GitHub Discussions](https://github.com/drakkan/sftpgo/discussions) to ask questions, share feedback, and engage with other users.
-- **Commercial Support**: If you require guaranteed SLAs, expert guidance, or the advanced features listed above, check out [SFTPGo Enterprise](https://sftpgo.com).
+You can use SFTPGo for free, respecting the obligations of the Open Source [license](#license), but please do not ask or expect free support as well.
-SFTPGo Enterprise is available as:
+Use [discussions](https://github.com/drakkan/sftpgo/discussions) to ask questions and get support from the community.
-- On-premises: Full control on your infrastructure. More details: [sftpgo.com/on-premises](https://sftpgo.com/on-premises)
-- Fully managed SaaS: We handle the infrastructure. More details: [sftpgo.com/saas](https://sftpgo.com/saas)
+We offer commercial support, guarantees, and advice for SFTPGo:
-## Internationalization
+- With our [plans](https://sftpgo.com/plans) you can safely install and use SFTPGo on-premise in professional environments.
+- With our [SaaS offerings](https://sftpgo.com/saas) you can use SFTPGo hosted in the cloud, fully managed and supported.
-The translations are available via [Crowdin](https://crowdin.com/project/sftpgo), who have granted us an open source license.
+## Documentation
-Before translating please take a look at our contribution [guidelines](https://docs.sftpgo.com/latest/web-interfaces/#internationalization).
+You can read more about supported features and documentation at [docs.sftpgo.com](https://docs.sftpgo.com/).
## Release Cadence
-SFTPGo follows a feature-driven release cycle.
-
-- Enterprise Edition: Receives major new features first and follows a faster [release cadence](https://docs.sftpgo.com/enterprise/changelog/).
-- Community Edition: Remains maintained, receiving bug fixes, security updates, and updates to core features.
+SFTPGo releases are feature-driven, we don't have a fixed time based schedule. As a rough estimate, you can expect 1 or 2 new major releases per year and several bug fix releases.
## Acknowledgements
@@ -107,7 +70,7 @@ We are very grateful to all the people who contributed with ideas and/or pull re
Thank you to [ysura](https://www.ysura.com/) for granting us stable access to a test AWS S3 account.
-Thank you to [KeenThemes](https://keenthemes.com/) for granting us a custom license to use their amazing [themes](https://keenthemes.com/bootstrap-templates) for the SFTPGo WebAdmin and WebClient user interfaces, across both the Open Source and Open Core versions.
+Thank you to [KeenThemes](https://keenthemes.com/) for granting us a custom license to use their amazing [Mega Bundle](https://keenthemes.com/products/templates-mega-bundle) for SFTPGo UI.
Thank you to [Crowdin](https://crowdin.com/) for granting us an Open Source License.
@@ -117,15 +80,13 @@ Thank you to [Incode](https://www.incode.it/) for helping us to improve the UI/U
SFTPGo source code is licensed under the GNU AGPL-3.0-only with [additional terms](./NOTICE).
-The [theme](https://keenthemes.com/bootstrap-templates) used in WebAdmin and WebClient user interfaces is proprietary, this means:
+The [theme](https://keenthemes.com/products/templates-mega-bundle) used in WebAdmin and WebClient user interfaces is proprietary, this means:
- KeenThemes HTML/CSS/JS components are allowed for use only within the SFTPGo product and restricted to be used in a resealable HTML template that can compete with KeenThemes products anyhow.
- The SFTPGo WebAdmin and WebClient user interfaces (HTML, CSS and JS components) based on this theme are allowed for use only within the SFTPGo product and therefore cannot be used in derivative works/products without an explicit grant from the [SFTPGo Team](mailto:support@sftpgo.com).
More information about [compliance](https://sftpgo.com/compliance.html).
-**Note:** We do not provide legal advice. If you have questions about license compliance or whether your use case is permitted under the license terms, please consult your legal team.
-
## Copyright
-Copyright (C) 2019 - 2026 Nicola Murino
+Copyright (C) 2019 Nicola Murino
diff --git a/SECURITY.md b/SECURITY.md
index 01650ca6..05e5daf7 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,18 +2,8 @@
## Supported Versions
-We actively maintain the latest stable release of SFTPGo. While we strive to keep the Open Source version secure and up-to-date, maintenance is performed on a best-effort basis by the community and contributors.
-
-## Scope and Dependency Policy
-
-Our security advisories focus on vulnerabilities found within the **SFTPGo codebase itself**.
-
-To ensure the long-term sustainability of the project, we handle upstream dependencies (like the Go standard library, external packages, or Docker base images) as follows:
-
-- Community Updates: For the Open Source version, vulnerabilities in upstream components (such as the Go standard library or third-party packages) are addressed during our **regular release cycles**. We generally do not provide immediate, out-of-band or ad-hoc releases to address dependency-only CVEs.
-- Empowering Users: One of the strengths of SFTPGo being open-source is that you have full control. If your security scanners require an immediate fix, you can always rebuild the project using the latest patched Go toolchain or updated dependencies.
-- Compatibility: We are committed to keeping SFTPGo compatible with the latest stable Go compiler. If an upstream fix breaks SFTPGo, fixing that becomes a priority for us.
-- Professional Needs: We understand that some organizations have strict compliance requirements or internal SLAs that require guaranteed, immediate response times and out-of-band patches. For these cases, we offer [SFTPGo Enterprise](https://sftpgo.com/on-premises) to cover the additional maintenance and support overhead.
+Only the current release of the software is actively supported.
+[Contact us](mailto:support@sftpgo.com) if you need early security patches and enterprise-grade security.
## Reporting a Vulnerability
diff --git a/docker/scripts/download-plugins.sh b/docker/scripts/download-plugins.sh
index 7638cd56..6d9cbdd0 100755
--- a/docker/scripts/download-plugins.sh
+++ b/docker/scripts/download-plugins.sh
@@ -1,13 +1,13 @@
#!/usr/bin/env bash
-set -euo pipefail
+set -e
-ARCH=$(uname -m)
+ARCH=`uname -m`
case ${ARCH} in
- x86_64)
+ "x86_64")
SUFFIX=amd64
;;
- aarch64)
+ "aarch64")
SUFFIX=arm64
;;
*)
@@ -15,21 +15,11 @@ case ${ARCH} in
;;
esac
-echo "Downloading plugins for arch ${SUFFIX}"
+echo "download plugins for arch ${SUFFIX}"
-PLUGINS=(geoipfilter kms pubsub eventstore eventsearch auth)
-
-for PLUGIN in "${PLUGINS[@]}"; do
- URL="https://github.com/sftpgo/sftpgo-plugin-${PLUGIN}/releases/latest/download/sftpgo-plugin-${PLUGIN}-linux-${SUFFIX}"
- DEST="/usr/local/bin/sftpgo-plugin-${PLUGIN}"
-
- echo "Downloading ${PLUGIN}..."
- if curl --fail --silent --show-error -L "${URL}" --output "${DEST}"; then
- chmod 755 "${DEST}"
- else
- echo "Error: Failed to download ${PLUGIN}" >&2
- exit 1
- fi
+for PLUGIN in geoipfilter kms pubsub eventstore eventsearch auth
+do
+ echo "download plugin from https://github.com/sftpgo/sftpgo-plugin-${PLUGIN}/releases/latest/download/sftpgo-plugin-${PLUGIN}-linux-${SUFFIX}"
+ curl -L "https://github.com/sftpgo/sftpgo-plugin-${PLUGIN}/releases/latest/download/sftpgo-plugin-${PLUGIN}-linux-${SUFFIX}" --output "/usr/local/bin/sftpgo-plugin-${PLUGIN}"
+ chmod 755 "/usr/local/bin/sftpgo-plugin-${PLUGIN}"
done
-
-echo "All plugins downloaded successfully"
diff --git a/examples/data-retention/README.md b/examples/data-retention/README.md
new file mode 100644
index 00000000..ca1c7679
--- /dev/null
+++ b/examples/data-retention/README.md
@@ -0,0 +1,36 @@
+# File retention policies
+
+:warning: Since v2.4.0 you can use the [EventManager](https://docs.sftpgo.com/latest/eventmanager/) to schedule data retention checks.
+
+The `checkretention` example script shows how to use the SFTPGo REST API to manage data retention.
+
+:warning: Deleting files is an irreversible action, please make sure you fully understand what you are doing before using this feature, you may have users with overlapping home directories or virtual folders shared between multiple users, it is relatively easy to inadvertently delete files you need.
+
+The example shows how to setup a really simple retention policy, for each user it sends this request:
+
+```json
+[
+ {
+ "path": "/",
+ "retention": 168,
+ "delete_empty_dirs": true,
+ "ignore_user_permissions": false
+ }
+]
+```
+
+so alls files with modification time older than 168 hours (7 days) will be deleted. Empty directories will be removed and the check will respect user's permissions, so if the user cannot delete a file/folder it will be skipped.
+
+You can define different retention policies per-user and per-folder and you can exclude a folder setting the retention to `0`.
+
+You can use this script as a starting point, please edit it according to your needs.
+
+The script is written in Python and has the following requirements:
+
+- python3 or python2
+- python [Requests](https://requests.readthedocs.io/en/master/) module
+
+The provided example tries to connect to an SFTPGo instance running on `127.0.0.1:8080` using the following credentials:
+
+- username: `admin`
+- password: `password`
diff --git a/examples/data-retention/checkretention b/examples/data-retention/checkretention
new file mode 100755
index 00000000..1474b073
--- /dev/null
+++ b/examples/data-retention/checkretention
@@ -0,0 +1,115 @@
+#!/usr/bin/env python
+
+from datetime import datetime
+import sys
+import time
+
+import pytz
+import requests
+
+try:
+ import urllib.parse as urlparse
+except ImportError:
+ import urlparse
+
+# change base_url to point to your SFTPGo installation
+base_url = "http://127.0.0.1:8080"
+# set to False if you want to skip TLS certificate validation
+verify_tls_cert = True
+# set the credentials for a valid admin here
+admin_user = "admin"
+admin_password = "password"
+
+
+class CheckRetention:
+
+ def __init__(self):
+ self.limit = 100
+ self.offset = 0
+ self.access_token = ""
+ self.access_token_expiration = None
+
+ def printLog(self, message):
+ print("{} - {}".format(datetime.now(), message))
+
+ def checkAccessToken(self):
+ if self.access_token != "" and self.access_token_expiration:
+ expire_diff = self.access_token_expiration - datetime.now(tz=pytz.UTC)
+ # we don't use total_seconds to be python 2 compatible
+ seconds_to_expire = expire_diff.days * 86400 + expire_diff.seconds
+ if seconds_to_expire > 180:
+ return
+
+ auth = requests.auth.HTTPBasicAuth(admin_user, admin_password)
+ r = requests.get(urlparse.urljoin(base_url, "api/v2/token"), auth=auth, verify=verify_tls_cert, timeout=10)
+ if r.status_code != 200:
+ self.printLog("error getting access token: {}".format(r.text))
+ sys.exit(1)
+ self.access_token = r.json()["access_token"]
+ self.access_token_expiration = pytz.timezone("UTC").localize(datetime.strptime(r.json()["expires_at"],
+ "%Y-%m-%dT%H:%M:%SZ"))
+
+ def getAuthHeader(self):
+ self.checkAccessToken()
+ return {"Authorization": "Bearer " + self.access_token}
+
+ def waitForRentionCheck(self, username):
+ while True:
+ auth_header = self.getAuthHeader()
+ r = requests.get(urlparse.urljoin(base_url, "api/v2/retention/users/checks"), headers=auth_header, verify=verify_tls_cert,
+ timeout=10)
+ if r.status_code != 200:
+ self.printLog("error getting retention checks while waiting for {}: {}".format(username, r.text))
+ sys.exit(1)
+
+ checking = False
+ for check in r.json():
+ if check["username"] == username:
+ checking = True
+ if not checking:
+ break
+ self.printLog("waiting for the retention check to complete for user {}".format(username))
+ time.sleep(2)
+
+ self.printLog("retention check for user {} finished".format(username))
+
+ def checkUserRetention(self, username):
+ self.printLog("starting retention check for user {}".format(username))
+ auth_header = self.getAuthHeader()
+ retention = [
+ {
+ "path": "/",
+ "retention": 168,
+ "delete_empty_dirs": True,
+ "ignore_user_permissions": False
+ }
+ ]
+ r = requests.post(urlparse.urljoin(base_url, "api/v2/retention/users/" + username + "/check"), headers=auth_header,
+ json=retention, verify=verify_tls_cert, timeout=10)
+ if r.status_code != 202:
+ self.printLog("error starting retention check for user {}: {}".format(username, r.text))
+ sys.exit(1)
+ self.waitForRentionCheck(username)
+
+ def checkUsersRetention(self):
+ while True:
+ self.printLog("get users, limit {} offset {}".format(self.limit, self.offset))
+ auth_header = self.getAuthHeader()
+ payload = {"limit":self.limit, "offset":self.offset}
+ r = requests.get(urlparse.urljoin(base_url, "api/v2/users"), headers=auth_header, params=payload,
+ verify=verify_tls_cert, timeout=10)
+ if r.status_code != 200:
+ self.printLog("error getting users: {}".format(r.text))
+ sys.exit(1)
+ users = r.json()
+ for user in users:
+ self.checkUserRetention(user["username"])
+
+ self.offset += len(users)
+ if len(users) < self.limit:
+ break
+
+
+if __name__ == '__main__':
+ c = CheckRetention()
+ c.checkUsersRetention()
diff --git a/examples/ldapauth/go.mod b/examples/ldapauth/go.mod
index 81df3ad5..4b04e152 100644
--- a/examples/ldapauth/go.mod
+++ b/examples/ldapauth/go.mod
@@ -1,15 +1,15 @@
module github.com/drakkan/ldapauth
-go 1.25.0
+go 1.22.2
require (
- github.com/go-ldap/ldap/v3 v3.4.12
- golang.org/x/crypto v0.45.0
+ github.com/go-ldap/ldap/v3 v3.4.8
+ golang.org/x/crypto v0.23.0
)
require (
- github.com/Azure/go-ntlmssp v0.1.0 // indirect
- github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
+ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
+ github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
github.com/google/uuid v1.6.0 // indirect
- golang.org/x/sys v0.38.0 // indirect
+ golang.org/x/sys v0.20.0 // indirect
)
diff --git a/examples/ldapauth/go.sum b/examples/ldapauth/go.sum
index 67fe852a..6c72d1cd 100644
--- a/examples/ldapauth/go.sum
+++ b/examples/ldapauth/go.sum
@@ -1,15 +1,20 @@
-github.com/Azure/go-ntlmssp v0.1.0 h1:DjFo6YtWzNqNvQdrwEyr/e4nhU3vRiwenz5QX7sFz+A=
-github.com/Azure/go-ntlmssp v0.1.0/go.mod h1:NYqdhxd/8aAct/s4qSYZEerdPuH1liG2/X9DiVTbhpk=
-github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e h1:4dAU9FXIyQktpoUAgOJK3OTFc/xug0PCXYCqU0FgDKI=
-github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
+github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
+github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
+github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI=
+github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
-github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
-github.com/go-ldap/ldap/v3 v3.4.12 h1:1b81mv7MagXZ7+1r7cLTWmyuTqVqdwbtJSjC0DAp9s4=
-github.com/go-ldap/ldap/v3 v3.4.12/go.mod h1:+SPAGcTtOfmGsCb3h1RFiq4xpp4N636G75OEace8lNo=
+github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
+github.com/go-asn1-ber/asn1-ber v1.5.7 h1:DTX+lbVTWaTw1hQ+PbZPlnDZPEIs0SS/GCZAl535dDk=
+github.com/go-asn1-ber/asn1-ber v1.5.7/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
+github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ=
+github.com/go-ldap/ldap/v3 v3.4.8/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
+github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
+github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8=
@@ -26,15 +31,69 @@ github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZ
github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
-golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
-golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
-golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
-golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
+golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/examples/ldapauthserver/go.mod b/examples/ldapauthserver/go.mod
index f65828cc..3b5fcf73 100644
--- a/examples/ldapauthserver/go.mod
+++ b/examples/ldapauthserver/go.mod
@@ -1,37 +1,43 @@
module github.com/drakkan/sftpgo/ldapauthserver
-go 1.25.0
+go 1.22.2
require (
- github.com/go-chi/chi/v5 v5.2.3
+ github.com/go-chi/chi/v5 v5.0.12
github.com/go-chi/render v1.0.3
- github.com/go-ldap/ldap/v3 v3.4.12
+ github.com/go-ldap/ldap/v3 v3.4.8
github.com/nathanaelle/password/v2 v2.0.1
- github.com/rs/zerolog v1.34.0
- github.com/spf13/cobra v1.10.1
- github.com/spf13/viper v1.21.0
- golang.org/x/crypto v0.45.0
+ github.com/rs/zerolog v1.32.0
+ github.com/spf13/cobra v1.8.0
+ github.com/spf13/viper v1.18.2
+ golang.org/x/crypto v0.23.0
gopkg.in/natefinch/lumberjack.v2 v2.2.1
)
require (
- github.com/Azure/go-ntlmssp v0.1.0 // indirect
+ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
github.com/ajg/form v1.5.1 // indirect
- github.com/fsnotify/fsnotify v1.9.0 // indirect
- github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
- github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
+ github.com/fsnotify/fsnotify v1.7.0 // indirect
+ github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
github.com/google/uuid v1.6.0 // indirect
+ github.com/hashicorp/hcl v1.0.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
- github.com/mattn/go-colorable v0.1.14 // indirect
+ github.com/magiconair/properties v1.8.7 // indirect
+ github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
- github.com/pelletier/go-toml/v2 v2.2.4 // indirect
- github.com/sagikazarmark/locafero v0.12.0 // indirect
- github.com/spf13/afero v1.15.0 // indirect
- github.com/spf13/cast v1.10.0 // indirect
- github.com/spf13/pflag v1.0.10 // indirect
+ github.com/mitchellh/mapstructure v1.5.0 // indirect
+ github.com/pelletier/go-toml/v2 v2.2.2 // indirect
+ github.com/sagikazarmark/locafero v0.4.0 // indirect
+ github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+ github.com/sourcegraph/conc v0.3.0 // indirect
+ github.com/spf13/afero v1.11.0 // indirect
+ github.com/spf13/cast v1.6.0 // indirect
+ github.com/spf13/pflag v1.0.5 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
- go.yaml.in/yaml/v3 v3.0.4 // indirect
- golang.org/x/sys v0.38.0 // indirect
- golang.org/x/text v0.31.0 // indirect
- gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
+ go.uber.org/multierr v1.11.0 // indirect
+ golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect
+ golang.org/x/sys v0.20.0 // indirect
+ golang.org/x/text v0.15.0 // indirect
+ gopkg.in/ini.v1 v1.67.0 // indirect
+ gopkg.in/yaml.v3 v3.0.1 // indirect
)
diff --git a/examples/ldapauthserver/go.sum b/examples/ldapauthserver/go.sum
index 99ea3a37..a16640f3 100644
--- a/examples/ldapauthserver/go.sum
+++ b/examples/ldapauthserver/go.sum
@@ -1,34 +1,40 @@
-github.com/Azure/go-ntlmssp v0.1.0 h1:DjFo6YtWzNqNvQdrwEyr/e4nhU3vRiwenz5QX7sFz+A=
-github.com/Azure/go-ntlmssp v0.1.0/go.mod h1:NYqdhxd/8aAct/s4qSYZEerdPuH1liG2/X9DiVTbhpk=
+github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
+github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
github.com/ajg/form v1.5.1 h1:t9c7v8JUKu/XxOGBU0yjNpaMloxGEJhUkqFRq0ibGeU=
github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
-github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e h1:4dAU9FXIyQktpoUAgOJK3OTFc/xug0PCXYCqU0FgDKI=
-github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
+github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI=
+github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
-github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
-github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
-github.com/go-chi/chi/v5 v5.2.3 h1:WQIt9uxdsAbgIYgid+BpYc+liqQZGMHRaUwp0JUcvdE=
-github.com/go-chi/chi/v5 v5.2.3/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
+github.com/go-asn1-ber/asn1-ber v1.5.7 h1:DTX+lbVTWaTw1hQ+PbZPlnDZPEIs0SS/GCZAl535dDk=
+github.com/go-asn1-ber/asn1-ber v1.5.7/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
+github.com/go-chi/chi/v5 v5.0.12 h1:9euLV5sTrTNTRUU9POmDUvfxyj6LAABLUcEWO+JJb4s=
+github.com/go-chi/chi/v5 v5.0.12/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
github.com/go-chi/render v1.0.3 h1:AsXqd2a1/INaIfUSKq3G5uA8weYx20FOsM7uSoCyyt4=
github.com/go-chi/render v1.0.3/go.mod h1:/gr3hVkmYR0YlEy3LxCuVRFzEu9Ruok+gFqbIofjao0=
-github.com/go-ldap/ldap/v3 v3.4.12 h1:1b81mv7MagXZ7+1r7cLTWmyuTqVqdwbtJSjC0DAp9s4=
-github.com/go-ldap/ldap/v3 v3.4.12/go.mod h1:+SPAGcTtOfmGsCb3h1RFiq4xpp4N636G75OEace8lNo=
-github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
-github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ=
+github.com/go-ldap/ldap/v3 v3.4.8/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
+github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
+github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8=
@@ -47,68 +53,132 @@ github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
+github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
-github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/nathanaelle/password/v2 v2.0.1 h1:ItoCTdsuIWzilYmllQPa3DR3YoCXcpfxScWLqr8Ii2s=
github.com/nathanaelle/password/v2 v2.0.1/go.mod h1:eaoT+ICQEPNtikBRIAatN8ThWwMhVG+r1jTw60BvPJk=
-github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
-github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
+github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
+github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
-github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
-github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
-github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
+github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
+github.com/rs/zerolog v1.32.0 h1:keLypqrlIjaFsbmJOBdB/qvyF8KEtCWHwobLp5l/mQ0=
+github.com/rs/zerolog v1.32.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sagikazarmark/locafero v0.12.0 h1:/NQhBAkUb4+fH1jivKHWusDYFjMOOKU88eegjfxfHb4=
-github.com/sagikazarmark/locafero v0.12.0/go.mod h1:sZh36u/YSZ918v0Io+U9ogLYQJ9tLLBmM4eneO6WwsI=
-github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
-github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
-github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY=
-github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
-github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=
-github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=
-github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
-github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU=
-github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY=
-github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
-github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
+github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
+github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
+github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
+github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
+github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
+github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
+github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
+github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
+github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
+github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
+github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ=
+github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
-go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
-golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=
+golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
+golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
-golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
-golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
-golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/go.mod b/go.mod
index d2fafb83..cf10d58f 100644
--- a/go.mod
+++ b/go.mod
@@ -1,185 +1,203 @@
module github.com/drakkan/sftpgo/v2
-go 1.25.0
+go 1.22.7
require (
- cloud.google.com/go/storage v1.60.0
- github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0
- github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1
- github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.4
+ cloud.google.com/go/storage v1.47.0
+ github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0
+ github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.5.0
github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5
github.com/alexedwards/argon2id v1.0.0
github.com/amoghe/go-crypt v0.0.0-20220222110647-20eada5f5964
- github.com/aws/aws-sdk-go-v2 v1.41.3
- github.com/aws/aws-sdk-go-v2/config v1.32.11
- github.com/aws/aws-sdk-go-v2/credentials v1.19.11
- github.com/aws/aws-sdk-go-v2/service/s3 v1.96.4
- github.com/aws/aws-sdk-go-v2/service/sts v1.41.8
- github.com/bmatcuk/doublestar/v4 v4.10.0
- github.com/cockroachdb/cockroach-go/v2 v2.4.3
- github.com/coreos/go-oidc/v3 v3.17.0
+ github.com/aws/aws-sdk-go-v2 v1.32.5
+ github.com/aws/aws-sdk-go-v2/config v1.28.5
+ github.com/aws/aws-sdk-go-v2/credentials v1.17.46
+ github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20
+ github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.41
+ github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.25.6
+ github.com/aws/aws-sdk-go-v2/service/s3 v1.69.0
+ github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.6
+ github.com/aws/aws-sdk-go-v2/service/sts v1.33.1
+ github.com/bmatcuk/doublestar/v4 v4.7.1
+ github.com/cockroachdb/cockroach-go/v2 v2.3.8
+ github.com/coreos/go-oidc/v3 v3.11.0
github.com/drakkan/webdav v0.0.0-20241026165615-b8b8f74ae71b
- github.com/eikenb/pipeat v0.0.0-20251030185646-385cd3c3e07b
- github.com/fclairamb/ftpserverlib v0.30.0
- github.com/go-acme/lego/v4 v4.32.0
- github.com/go-chi/chi/v5 v5.2.5
+ github.com/eikenb/pipeat v0.0.0-20210730190139-06b3e6902001
+ github.com/fclairamb/ftpserverlib v0.24.1
+ github.com/fclairamb/go-log v0.5.0
+ github.com/go-acme/lego/v4 v4.20.4
+ github.com/go-chi/chi/v5 v5.1.0
+ github.com/go-chi/jwtauth/v5 v5.3.1
github.com/go-chi/render v1.0.3
- github.com/go-jose/go-jose/v4 v4.1.3
- github.com/go-sql-driver/mysql v1.9.3
+ github.com/go-sql-driver/mysql v1.8.1
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
github.com/google/uuid v1.6.0
github.com/hashicorp/go-hclog v1.6.3
- github.com/hashicorp/go-plugin v1.7.0
- github.com/hashicorp/go-retryablehttp v0.7.8
- github.com/jackc/pgx/v5 v5.8.0
+ github.com/hashicorp/go-plugin v1.6.2
+ github.com/hashicorp/go-retryablehttp v0.7.7
+ github.com/jackc/pgx/v5 v5.7.1
github.com/jlaffaye/ftp v0.2.0
- github.com/klauspost/compress v1.18.4
- github.com/lithammer/shortuuid/v4 v4.2.0
- github.com/mattn/go-sqlite3 v1.14.34
+ github.com/klauspost/compress v1.17.11
+ github.com/lestrrat-go/jwx/v2 v2.1.3
+ github.com/lithammer/shortuuid/v3 v3.0.7
+ github.com/mattn/go-sqlite3 v1.14.24
github.com/mhale/smtpd v0.8.3
- github.com/minio/sio v0.4.3
- github.com/otiai10/copy v1.14.1
- github.com/pires/go-proxyproto v0.11.0
- github.com/pkg/sftp v1.13.10
- github.com/pquerna/otp v1.5.0
- github.com/prometheus/client_golang v1.23.2
+ github.com/minio/sio v0.4.1
+ github.com/otiai10/copy v1.14.0
+ github.com/pires/go-proxyproto v0.8.0
+ github.com/pkg/sftp v1.13.7
+ github.com/pquerna/otp v1.4.0
+ github.com/prometheus/client_golang v1.20.5
github.com/robfig/cron/v3 v3.0.1
github.com/rs/cors v1.11.1
github.com/rs/xid v1.6.0
- github.com/rs/zerolog v1.34.0
- github.com/sftpgo/sdk v0.1.9
+ github.com/rs/zerolog v1.33.0
+ github.com/sftpgo/sdk v0.1.8
github.com/shirou/gopsutil/v3 v3.24.5
- github.com/spf13/afero v1.15.0
- github.com/spf13/cobra v1.10.2
- github.com/spf13/viper v1.21.0
- github.com/stretchr/testify v1.11.1
- github.com/studio-b12/gowebdav v0.12.0
+ github.com/spf13/afero v1.11.0
+ github.com/spf13/cobra v1.8.1
+ github.com/spf13/viper v1.19.0
+ github.com/stretchr/testify v1.10.0
+ github.com/studio-b12/gowebdav v0.9.0
github.com/subosito/gotenv v1.6.0
github.com/unrolled/secure v1.17.0
github.com/wagslane/go-password-validator v0.3.0
- github.com/wneessen/go-mail v0.7.2
+ github.com/wneessen/go-mail v0.5.2
github.com/yl2chen/cidranger v1.0.3-0.20210928021809-d1cb2c52f37a
- go.etcd.io/bbolt v1.4.3
- gocloud.dev v0.45.0
- golang.org/x/crypto v0.49.0
- golang.org/x/net v0.52.0
- golang.org/x/oauth2 v0.36.0
- golang.org/x/sys v0.42.0
- golang.org/x/term v0.41.0
- golang.org/x/time v0.15.0
- google.golang.org/api v0.271.0
+ go.etcd.io/bbolt v1.3.11
+ go.uber.org/automaxprocs v1.6.0
+ gocloud.dev v0.40.0
+ golang.org/x/crypto v0.29.0
+ golang.org/x/net v0.31.0
+ golang.org/x/oauth2 v0.24.0
+ golang.org/x/sys v0.27.0
+ golang.org/x/term v0.26.0
+ golang.org/x/time v0.8.0
+ google.golang.org/api v0.209.0
gopkg.in/natefinch/lumberjack.v2 v2.2.1
)
require (
- cel.dev/expr v0.25.1 // indirect
- cloud.google.com/go v0.123.0 // indirect
- cloud.google.com/go/auth v0.18.2 // indirect
- cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
- cloud.google.com/go/compute/metadata v0.9.0 // indirect
- cloud.google.com/go/iam v1.5.3 // indirect
- cloud.google.com/go/monitoring v1.24.3 // indirect
- filippo.io/edwards25519 v1.2.0 // indirect
- github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect
- github.com/AzureAD/microsoft-authentication-library-for-go v1.7.0 // indirect
- github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.31.0 // indirect
- github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.55.0 // indirect
- github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.55.0 // indirect
- github.com/ajg/form v1.7.1 // indirect
- github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.6 // indirect
- github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.19 // indirect
- github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.19 // indirect
- github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.19 // indirect
- github.com/aws/aws-sdk-go-v2/internal/ini v1.8.5 // indirect
- github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.20 // indirect
- github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.6 // indirect
- github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.11 // indirect
- github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.19 // indirect
- github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.19 // indirect
- github.com/aws/aws-sdk-go-v2/service/signin v1.0.7 // indirect
- github.com/aws/aws-sdk-go-v2/service/sso v1.30.12 // indirect
- github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.16 // indirect
- github.com/aws/smithy-go v1.24.2 // indirect
+ cel.dev/expr v0.18.0 // indirect
+ cloud.google.com/go v0.116.0 // indirect
+ cloud.google.com/go/auth v0.11.0 // indirect
+ cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect
+ cloud.google.com/go/compute/metadata v0.5.2 // indirect
+ cloud.google.com/go/iam v1.2.2 // indirect
+ cloud.google.com/go/monitoring v1.21.2 // indirect
+ filippo.io/edwards25519 v1.1.0 // indirect
+ github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
+ github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect
+ github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 // indirect
+ github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 // indirect
+ github.com/ajg/form v1.5.1 // indirect
+ github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect
+ github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 // indirect
+ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 // indirect
+ github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+ github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.24 // indirect
+ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect
+ github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.5 // indirect
+ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 // indirect
+ github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.5 // indirect
+ github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 // indirect
+ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 // indirect
+ github.com/aws/smithy-go v1.22.1 // indirect
github.com/beorn7/perks v1.0.1 // indirect
- github.com/boombuler/barcode v1.1.0 // indirect
- github.com/cenkalti/backoff/v5 v5.0.3 // indirect
+ github.com/boombuler/barcode v1.0.2 // indirect
+ github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+ github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
- github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2 // indirect
- github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
+ github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect
+ github.com/coreos/go-systemd/v22 v22.5.0 // indirect
+ github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
- github.com/envoyproxy/go-control-plane/envoy v1.37.0 // indirect
- github.com/envoyproxy/protoc-gen-validate v1.3.3 // indirect
+ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect
+ github.com/envoyproxy/go-control-plane v0.13.1 // indirect
+ github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
github.com/fatih/color v1.18.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
- github.com/fsnotify/fsnotify v1.9.0 // indirect
- github.com/go-logr/logr v1.4.3 // indirect
+ github.com/fsnotify/fsnotify v1.8.0 // indirect
+ github.com/go-jose/go-jose/v4 v4.0.4 // indirect
+ github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-ole/go-ole v1.3.0 // indirect
- github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
- github.com/golang-jwt/jwt/v5 v5.3.1 // indirect
+ github.com/goccy/go-json v0.10.3 // indirect
+ github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect
- github.com/google/s2a-go v0.1.9 // indirect
- github.com/googleapis/enterprise-certificate-proxy v0.3.14 // indirect
- github.com/googleapis/gax-go/v2 v2.18.0 // indirect
+ github.com/google/s2a-go v0.1.8 // indirect
+ github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
+ github.com/googleapis/gax-go/v2 v2.14.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
+ github.com/hashicorp/hcl v1.0.0 // indirect
github.com/hashicorp/yamux v0.1.2 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jackc/pgpassfile v1.0.0 // indirect
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
github.com/jackc/puddle/v2 v2.2.2 // indirect
github.com/kr/fs v0.1.0 // indirect
- github.com/kylelemons/godebug v1.1.0 // indirect
- github.com/lufia/plan9stats v0.0.0-20260216142805-b3301c5f2a88 // indirect
- github.com/mattn/go-colorable v0.1.14 // indirect
+ github.com/lestrrat-go/blackmagic v1.0.2 // indirect
+ github.com/lestrrat-go/httpcc v1.0.1 // indirect
+ github.com/lestrrat-go/httprc v1.0.6 // indirect
+ github.com/lestrrat-go/iter v1.0.2 // indirect
+ github.com/lestrrat-go/option v1.0.1 // indirect
+ github.com/lufia/plan9stats v0.0.0-20240909124753-873cd0166683 // indirect
+ github.com/magiconair/properties v1.8.7 // indirect
+ github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
- github.com/miekg/dns v1.1.72 // indirect
+ github.com/miekg/dns v1.1.62 // indirect
+ github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
- github.com/oklog/run v1.2.0 // indirect
- github.com/otiai10/mint v1.6.3 // indirect
- github.com/pelletier/go-toml/v2 v2.2.4 // indirect
- github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
+ github.com/oklog/run v1.1.0 // indirect
+ github.com/pelletier/go-toml/v2 v2.2.3 // indirect
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
- github.com/prometheus/client_model v0.6.2 // indirect
- github.com/prometheus/common v0.67.5 // indirect
- github.com/prometheus/procfs v0.20.1 // indirect
+ github.com/prometheus/client_model v0.6.1 // indirect
+ github.com/prometheus/common v0.60.1 // indirect
+ github.com/prometheus/procfs v0.15.1 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
- github.com/sagikazarmark/locafero v0.12.0 // indirect
- github.com/shoenig/go-m1cpu v0.2.0 // indirect
- github.com/spf13/cast v1.10.0 // indirect
- github.com/spf13/pflag v1.0.10 // indirect
- github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect
- github.com/tklauser/go-sysconf v0.3.16 // indirect
- github.com/tklauser/numcpus v0.11.0 // indirect
+ github.com/sagikazarmark/locafero v0.6.0 // indirect
+ github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+ github.com/segmentio/asm v1.2.0 // indirect
+ github.com/shoenig/go-m1cpu v0.1.6 // indirect
+ github.com/sourcegraph/conc v0.3.0 // indirect
+ github.com/spf13/cast v1.7.0 // indirect
+ github.com/spf13/pflag v1.0.5 // indirect
+ github.com/tklauser/go-sysconf v0.3.14 // indirect
+ github.com/tklauser/numcpus v0.9.0 // indirect
github.com/yusufpapurcu/wmi v1.2.4 // indirect
- go.opentelemetry.io/auto/sdk v1.2.1 // indirect
- go.opentelemetry.io/contrib/detectors/gcp v1.42.0 // indirect
- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.67.0 // indirect
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 // indirect
- go.opentelemetry.io/otel v1.42.0 // indirect
- go.opentelemetry.io/otel/metric v1.42.0 // indirect
- go.opentelemetry.io/otel/sdk v1.42.0 // indirect
- go.opentelemetry.io/otel/sdk/metric v1.42.0 // indirect
- go.opentelemetry.io/otel/trace v1.42.0 // indirect
- go.yaml.in/yaml/v2 v2.4.4 // indirect
- go.yaml.in/yaml/v3 v3.0.4 // indirect
- golang.org/x/mod v0.34.0 // indirect
- golang.org/x/sync v0.20.0 // indirect
- golang.org/x/text v0.35.0 // indirect
- golang.org/x/tools v0.43.0 // indirect
+ go.opencensus.io v0.24.0 // indirect
+ go.opentelemetry.io/contrib/detectors/gcp v1.32.0 // indirect
+ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 // indirect
+ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect
+ go.opentelemetry.io/otel v1.32.0 // indirect
+ go.opentelemetry.io/otel/metric v1.32.0 // indirect
+ go.opentelemetry.io/otel/sdk v1.32.0 // indirect
+ go.opentelemetry.io/otel/sdk/metric v1.32.0 // indirect
+ go.opentelemetry.io/otel/trace v1.32.0 // indirect
+ go.uber.org/multierr v1.11.0 // indirect
+ golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
+ golang.org/x/mod v0.22.0 // indirect
+ golang.org/x/sync v0.9.0 // indirect
+ golang.org/x/text v0.20.0 // indirect
+ golang.org/x/tools v0.27.0 // indirect
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
- google.golang.org/genproto v0.0.0-20260311181403-84a4fc48630c // indirect
- google.golang.org/genproto/googleapis/api v0.0.0-20260311181403-84a4fc48630c // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20260311181403-84a4fc48630c // indirect
- google.golang.org/grpc v1.79.2 // indirect
- google.golang.org/protobuf v1.36.11 // indirect
+ google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect
+ google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect
+ google.golang.org/grpc v1.68.0 // indirect
+ google.golang.org/grpc/stats/opentelemetry v0.0.0-20241028142157-ada6787961b3 // indirect
+ google.golang.org/protobuf v1.35.2 // indirect
+ gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
replace (
+ github.com/fclairamb/ftpserverlib => github.com/drakkan/ftpserverlib v0.0.0-20240603150004-6a8f643fbf2e
github.com/jlaffaye/ftp => github.com/drakkan/ftp v0.0.0-20240430173938-7ba8270c8e7f
github.com/robfig/cron/v3 => github.com/drakkan/cron/v3 v3.0.0-20230222140221-217a1e4d96c0
+ golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20241109174329-ca456f56018f
)
diff --git a/go.sum b/go.sum
index d81c977d..a5991389 100644
--- a/go.sum
+++ b/go.sum
@@ -1,198 +1,239 @@
-cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4=
-cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4=
-cloud.google.com/go v0.123.0 h1:2NAUJwPR47q+E35uaJeYoNhuNEM9kM8SjgRgdeOJUSE=
-cloud.google.com/go v0.123.0/go.mod h1:xBoMV08QcqUGuPW65Qfm1o9Y4zKZBpGS+7bImXLTAZU=
-cloud.google.com/go/auth v0.18.2 h1:+Nbt5Ev0xEqxlNjd6c+yYUeosQ5TtEUaNcN/3FozlaM=
-cloud.google.com/go/auth v0.18.2/go.mod h1:xD+oY7gcahcu7G2SG2DsBerfFxgPAJz17zz2joOFF3M=
-cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc=
-cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c=
-cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs=
-cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10=
-cloud.google.com/go/iam v1.5.3 h1:+vMINPiDF2ognBJ97ABAYYwRgsaqxPbQDlMnbHMjolc=
-cloud.google.com/go/iam v1.5.3/go.mod h1:MR3v9oLkZCTlaqljW6Eb2d3HGDGK5/bDv93jhfISFvU=
-cloud.google.com/go/kms v1.26.0 h1:cK9mN2cf+9V63D3H1f6koxTatWy39aTI/hCjz1I+adU=
-cloud.google.com/go/kms v1.26.0/go.mod h1:pHKOdFJm63hxBsiPkYtowZPltu9dW0MWvBa6IA4HM58=
-cloud.google.com/go/logging v1.13.2 h1:qqlHCBvieJT9Cdq4QqYx1KPadCQ2noD4FK02eNqHAjA=
-cloud.google.com/go/logging v1.13.2/go.mod h1:zaybliM3yun1J8mU2dVQ1/qDzjbOqEijZCn6hSBtKak=
-cloud.google.com/go/longrunning v0.8.0 h1:LiKK77J3bx5gDLi4SMViHixjD2ohlkwBi+mKA7EhfW8=
-cloud.google.com/go/longrunning v0.8.0/go.mod h1:UmErU2Onzi+fKDg2gR7dusz11Pe26aknR4kHmJJqIfk=
-cloud.google.com/go/monitoring v1.24.3 h1:dde+gMNc0UhPZD1Azu6at2e79bfdztVDS5lvhOdsgaE=
-cloud.google.com/go/monitoring v1.24.3/go.mod h1:nYP6W0tm3N9H/bOw8am7t62YTzZY+zUeQ+Bi6+2eonI=
-cloud.google.com/go/storage v1.60.0 h1:oBfZrSOCimggVNz9Y/bXY35uUcts7OViubeddTTVzQ8=
-cloud.google.com/go/storage v1.60.0/go.mod h1:q+5196hXfejkctrnx+VYU8RKQr/L3c0cBIlrjmiAKE0=
-cloud.google.com/go/trace v1.11.7 h1:kDNDX8JkaAG3R2nq1lIdkb7FCSi1rCmsEtKVsty7p+U=
-cloud.google.com/go/trace v1.11.7/go.mod h1:TNn9d5V3fQVf6s4SCveVMIBS2LJUqo73GACmq/Tky0s=
-filippo.io/edwards25519 v1.2.0 h1:crnVqOiS4jqYleHd9vaKZ+HKtHfllngJIiOpNpoJsjo=
-filippo.io/edwards25519 v1.2.0/go.mod h1:xzAOLCNug/yB62zG1bQ8uziwrIqIuxhctzJT18Q77mc=
+cel.dev/expr v0.18.0 h1:CJ6drgk+Hf96lkLikr4rFf19WrU0BOWEihyZnI2TAzo=
+cel.dev/expr v0.18.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE=
+cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U=
+cloud.google.com/go/auth v0.11.0 h1:Ic5SZz2lsvbYcWT5dfjNWgw6tTlGi2Wc8hyQSC9BstA=
+cloud.google.com/go/auth v0.11.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI=
+cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU=
+cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8=
+cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo=
+cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k=
+cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA=
+cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY=
+cloud.google.com/go/kms v1.20.1 h1:og29Wv59uf2FVaZlesaiDAqHFzHaoUyHI3HYp9VUHVg=
+cloud.google.com/go/kms v1.20.1/go.mod h1:LywpNiVCvzYNJWS9JUcGJSVTNSwPwi0vBAotzDqn2nc=
+cloud.google.com/go/logging v1.12.0 h1:ex1igYcGFd4S/RZWOCU51StlIEuey5bjqwH9ZYjHibk=
+cloud.google.com/go/logging v1.12.0/go.mod h1:wwYBt5HlYP1InnrtYI0wtwttpVU1rifnMT7RejksUAM=
+cloud.google.com/go/longrunning v0.6.2 h1:xjDfh1pQcWPEvnfjZmwjKQEcHnpz6lHjfy7Fo0MK+hc=
+cloud.google.com/go/longrunning v0.6.2/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI=
+cloud.google.com/go/monitoring v1.21.2 h1:FChwVtClH19E7pJ+e0xUhJPGksctZNVOk2UhMmblmdU=
+cloud.google.com/go/monitoring v1.21.2/go.mod h1:hS3pXvaG8KgWTSz+dAdyzPrGUYmi2Q+WFX8g2hqVEZU=
+cloud.google.com/go/storage v1.47.0 h1:ajqgt30fnOMmLfWfu1PWcb+V9Dxz6n+9WKjdNg5R4HM=
+cloud.google.com/go/storage v1.47.0/go.mod h1:Ks0vP374w0PW6jOUameJbapbQKXqkjGd/OJRp2fb9IQ=
+cloud.google.com/go/trace v1.11.2 h1:4ZmaBdL8Ng/ajrgKqY5jfvzqMXbrDcBsUGXOT9aqTtI=
+cloud.google.com/go/trace v1.11.2/go.mod h1:bn7OwXd4pd5rFuAnTrzBuoZ4ax2XQeG3qNgYmfCy0Io=
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 h1:fou+2+WFTib47nS+nz/ozhEBnvU96bKHy6LjRsY4E28=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0/go.mod h1:t76Ruy8AHvUAC8GfMWJMa0ElSbuIcO03NLpynfbgsPA=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 h1:Hk5QBxZQC1jb2Fwj6mpzme37xbCDdNTxU7O9eb5+LB4=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1/go.mod h1:IYus9qsFobWIc2YVwe/WPjcnyCkPKtnHAqUYeebc8z0=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2/go.mod h1:XtLgD3ZD34DAaVIIAyG3objl5DynM3CQ/vMcbBNJZGI=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.8.1 h1:/Zt+cDPnpC3OVDm/JKLOs7M2DKmLRIIp3XIx9pHHiig=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.8.1/go.mod h1:Ng3urmn6dYe8gnbCMoHHVl5APYz2txho3koEkV2o2HA=
-github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.4 h1:jWQK1GI+LeGGUKBADtcH2rRqPxYB1Ljwms5gFA2LqrM=
-github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.4/go.mod h1:8mwH4klAm9DUgR2EEHyEEAQlRDvLPyg5fQry3y+cDew=
-github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
-github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.7.0 h1:4iB+IesclUXdP0ICgAabvq2FYLXrJWKx1fJQ+GxSo3Y=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.7.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0 h1:PiSrjRPpkQNjrM8H0WwKMnZUdu1RGMtd/LdGKUrOo+c=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0/go.mod h1:oDrbWx4ewMylP7xHivfgixbfGBT6APAwsSoHRKotnIc=
+github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.5.0 h1:mlmW46Q0B79I+Aj4azKC6xDMFN9a9SyZWESlGWYXbFs=
+github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.5.0/go.mod h1:PXe2h+LKcWTX9afWdZoHyODqR4fBa5boUM/8uJfZ0Jo=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5 h1:IEjq88XO4PuBDcvmjQJcQGg+w+UaafSy8G5Kcb5tBhI=
github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5/go.mod h1:exZ0C/1emQJAw5tHOaUDyY1ycttqBAPcxuzf7QbY6ec=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.31.0 h1:DHa2U07rk8syqvCge0QIGMCE1WxGj9njT44GH7zNJLQ=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.31.0/go.mod h1:P4WPRUkOhJC13W//jWpyfJNDAIpvRbAUIYLX/4jtlE0=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.55.0 h1:UnDZ/zFfG1JhH/DqxIZYU/1CUAlTUScoXD/LcM2Ykk8=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.55.0/go.mod h1:IA1C1U7jO/ENqm/vhi7V9YYpBsp+IMyqNrEN94N7tVc=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.55.0 h1:7t/qx5Ost0s0wbA/VDrByOooURhp+ikYwv20i9Y07TQ=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.55.0/go.mod h1:vB2GH9GAYYJTO3mEn8oYwzEdhlayZIdQz6zdzgUIRvA=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.55.0 h1:0s6TxfCu2KHkkZPnBfsQ2y5qia0jl3MMrmBhu3nCOYk=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.55.0/go.mod h1:Mf6O40IAyB9zR/1J8nGDDPirZQQPbYJni8Yisy7NTMc=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 h1:3c8yed4lgqTt+oTQ+JNMDo+F4xprBf+O/il4ZC0nRLw=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0/go.mod h1:obipzmGjfSjam60XLwGfqUkJsfiheAl+TUjG+4yzyPM=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 h1:o90wcURuxekmXrtxmYWTyNla0+ZEHhud6DI1ZTxd1vI=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0/go.mod h1:6fTWu4m3jocfUZLYF5KsZC1TUfRvEjs7lM4crme/irw=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0 h1:jJKWl98inONJAr/IZrdFQUWcwUO95DLY1XMD1ZIut+g=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0/go.mod h1:l2fIqmwB+FKSfvn3bAD/0i+AXAxhIZjTK2svT/mgUXs=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 h1:GYUJLfvd++4DMuMhCFLgLXvFwofIxh/qOwoGuS/LTew=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0/go.mod h1:wRbFgBQUVm1YXrvWKofAEmq9HNJTDphbAaJSSX01KUI=
+github.com/ajg/form v1.5.1 h1:t9c7v8JUKu/XxOGBU0yjNpaMloxGEJhUkqFRq0ibGeU=
github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
-github.com/ajg/form v1.7.1 h1:OsnBDzTkrWdrxvEnO68I72ZVGJGNaMwPhoAm0V+llgc=
-github.com/ajg/form v1.7.1/go.mod h1:HL757PzLyNkj5AIfptT6L+iGNeXTlnrr/oDePGc/y7Q=
github.com/alexedwards/argon2id v1.0.0 h1:wJzDx66hqWX7siL/SRUmgz3F8YMrd/nfX/xHHcQQP0w=
github.com/alexedwards/argon2id v1.0.0/go.mod h1:tYKkqIjzXvZdzPvADMWOEZ+l6+BD6CtBXMj5fnJppiw=
github.com/amoghe/go-crypt v0.0.0-20220222110647-20eada5f5964 h1:I9YN9WMo3SUh7p/4wKeNvD/IQla3U3SUa61U7ul+xM4=
github.com/amoghe/go-crypt v0.0.0-20220222110647-20eada5f5964/go.mod h1:eFiR01PwTcpbzXtdMces7zxg6utvFM5puiWHpWB8D/k=
-github.com/aws/aws-sdk-go-v2 v1.41.3 h1:4kQ/fa22KjDt13QCy1+bYADvdgcxpfH18f0zP542kZA=
-github.com/aws/aws-sdk-go-v2 v1.41.3/go.mod h1:mwsPRE8ceUUpiTgF7QmQIJ7lgsKUPQOUl3o72QBrE1o=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.6 h1:N4lRUXZpZ1KVEUn6hxtco/1d2lgYhNn1fHkkl8WhlyQ=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.6/go.mod h1:lyw7GFp3qENLh7kwzf7iMzAxDn+NzjXEAGjKS2UOKqI=
-github.com/aws/aws-sdk-go-v2/config v1.32.11 h1:ftxI5sgz8jZkckuUHXfC/wMUc8u3fG1vQS0plr2F2Zs=
-github.com/aws/aws-sdk-go-v2/config v1.32.11/go.mod h1:twF11+6ps9aNRKEDimksp923o44w/Thk9+8YIlzWMmo=
-github.com/aws/aws-sdk-go-v2/credentials v1.19.11 h1:NdV8cwCcAXrCWyxArt58BrvZJ9pZ9Fhf9w6Uh5W3Uyc=
-github.com/aws/aws-sdk-go-v2/credentials v1.19.11/go.mod h1:30yY2zqkMPdrvxBqzI9xQCM+WrlrZKSOpSJEsylVU+8=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.19 h1:INUvJxmhdEbVulJYHI061k4TVuS3jzzthNvjqvVvTKM=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.19/go.mod h1:FpZN2QISLdEBWkayloda+sZjVJL+e9Gl0k1SyTgcswU=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.19 h1:/sECfyq2JTifMI2JPyZ4bdRN77zJmr6SrS1eL3augIA=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.19/go.mod h1:dMf8A5oAqr9/oxOfLkC/c2LU/uMcALP0Rgn2BD5LWn0=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.19 h1:AWeJMk33GTBf6J20XJe6qZoRSJo0WfUhsMdUKhoODXE=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.19/go.mod h1:+GWrYoaAsV7/4pNHpwh1kiNLXkKaSoppxQq9lbH8Ejw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.5 h1:clHU5fm//kWS1C2HgtgWxfQbFbx4b6rx+5jzhgX9HrI=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.5/go.mod h1:O3h0IK87yXci+kg6flUKzJnWeziQUKciKrLjcatSNcY=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.20 h1:qi3e/dmpdONhj1RyIZdi6DKKpDXS5Lb8ftr3p7cyHJc=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.20/go.mod h1:V1K+TeJVD5JOk3D9e5tsX2KUdL7BlB+FV6cBhdobN8c=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.6 h1:XAq62tBTJP/85lFD5oqOOe7YYgWxY9LvWq8plyDvDVg=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.6/go.mod h1:x0nZssQ3qZSnIcePWLvcoFisRXJzcTVvYpAAdYX8+GI=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.11 h1:BYf7XNsJMzl4mObARUBUib+j2tf0U//JAAtTnYqvqCw=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.11/go.mod h1:aEUS4WrNk/+FxkBZZa7tVgp4pGH+kFGW40Y8rCPqt5g=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.19 h1:X1Tow7suZk9UCJHE1Iw9GMZJJl0dAnKXXP1NaSDHwmw=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.19/go.mod h1:/rARO8psX+4sfjUQXp5LLifjUt8DuATZ31WptNJTyQA=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.19 h1:JnQeStZvPHFHeyky/7LbMlyQjUa+jIBj36OlWm0pzIk=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.19/go.mod h1:HGyasyHvYdFQeJhvDHfH7HXkHh57htcJGKDZ+7z+I24=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.96.4 h1:4ExZyubQ6LQQVuF2Qp9OsfEvsTdAWh5Gfwf6PgIdLdk=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.96.4/go.mod h1:NF3JcMGOiARAss1ld3WGORCw71+4ExDD2cbbdKS5PpA=
-github.com/aws/aws-sdk-go-v2/service/signin v1.0.7 h1:Y2cAXlClHsXkkOvWZFXATr34b0hxxloeQu/pAZz2row=
-github.com/aws/aws-sdk-go-v2/service/signin v1.0.7/go.mod h1:idzZ7gmDeqeNrSPkdbtMp9qWMgcBwykA7P7Rzh5DXVU=
-github.com/aws/aws-sdk-go-v2/service/sso v1.30.12 h1:iSsvB9EtQ09YrsmIc44Heqlx5ByGErqhPK1ZQLppias=
-github.com/aws/aws-sdk-go-v2/service/sso v1.30.12/go.mod h1:fEWYKTRGoZNl8tZ77i61/ccwOMJdGxwOhWCkp6TXAr0=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.16 h1:EnUdUqRP1CNzt2DkV67tJx6XDN4xlfBFm+bzeNOQVb0=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.16/go.mod h1:Jic/xv0Rq/pFNCh3WwpH4BEqdbSAl+IyHro8LbibHD8=
-github.com/aws/aws-sdk-go-v2/service/sts v1.41.8 h1:XQTQTF75vnug2TXS8m7CVJfC2nniYPZnO1D4Np761Oo=
-github.com/aws/aws-sdk-go-v2/service/sts v1.41.8/go.mod h1:Xgx+PR1NUOjNmQY+tRMnouRp83JRM8pRMw/vCaVhPkI=
-github.com/aws/smithy-go v1.24.2 h1:FzA3bu/nt/vDvmnkg+R8Xl46gmzEDam6mZ1hzmwXFng=
-github.com/aws/smithy-go v1.24.2/go.mod h1:YE2RhdIuDbA5E5bTdciG9KrW3+TiEONeUWCqxX9i1Fc=
+github.com/aws/aws-sdk-go-v2 v1.32.5 h1:U8vdWJuY7ruAkzaOdD7guwJjD06YSKmnKCJs7s3IkIo=
+github.com/aws/aws-sdk-go-v2 v1.32.5/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 h1:lL7IfaFzngfx0ZwUGOZdsFFnQ5uLvR0hWqqhyE7Q9M8=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7/go.mod h1:QraP0UcVlQJsmHfioCrveWOC1nbiWUl3ej08h4mXWoc=
+github.com/aws/aws-sdk-go-v2/config v1.28.5 h1:Za41twdCXbuyyWv9LndXxZZv3QhTG1DinqlFsSuvtI0=
+github.com/aws/aws-sdk-go-v2/config v1.28.5/go.mod h1:4VsPbHP8JdcdUDmbTVgNL/8w9SqOkM5jyY8ljIxLO3o=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.46 h1:AU7RcriIo2lXjUfHFnFKYsLCwgbz1E7Mm95ieIRDNUg=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.46/go.mod h1:1FmYyLGL08KQXQ6mcTlifyFXfJVCNJTVGuQP4m0d/UA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 h1:sDSXIrlsFSFJtWKLQS4PUWRvrT580rrnuLydJrCQ/yA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20/go.mod h1:WZ/c+w0ofps+/OUqMwWgnfrgzZH1DZO1RIkktICsqnY=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.41 h1:hqcxMc2g/MwwnRMod9n6Bd+t+9Nf7d5qRg7RaXKPd6o=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.41/go.mod h1:d1eH0VrttvPmrCraU68LOyNdu26zFxQFjrVSb5vdhog=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 h1:4usbeaes3yJnCFC7kfeyhkdkPtoRYPa/hTmCqMpKpLI=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24/go.mod h1:5CI1JemjVwde8m2WG3cz23qHKPOxbpkq0HaoreEgLIY=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 h1:N1zsICrQglfzaBnrfM0Ys00860C+QFwu6u/5+LomP+o=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24/go.mod h1:dCn9HbJ8+K31i8IQ8EWmWj0EiIk0+vKiHNMxTTYveAg=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.24 h1:JX70yGKLj25+lMC5Yyh8wBtvB01GDilyRuJvXJ4piD0=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.24/go.mod h1:+Ln60j9SUTD0LEwnhEB0Xhg61DHqplBrbZpLgyjoEHg=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.5 h1:gvZOjQKPxFXy1ft3QnEyXmT+IqneM9QAUWlM3r0mfqw=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.5/go.mod h1:DLWnfvIcm9IET/mmjdxeXbBKmTCm0ZB8p1za9BVteM8=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 h1:wtpJ4zcwrSbwhECWQoI/g6WM9zqCcSpHDJIWSbMLOu4=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5/go.mod h1:qu/W9HXQbbQ4+1+JcZp0ZNPV31ym537ZJN+fiS7Ti8E=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.5 h1:P1doBzv5VEg1ONxnJss1Kh5ZG/ewoIE4MQtKKc6Crgg=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.5/go.mod h1:NOP+euMW7W3Ukt28tAxPuoWao4rhhqJD3QEBk7oCg7w=
+github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.25.6 h1:3aPcXE6EUx7D+/mzEsp1vVBG+OVO4QsyTsyoLfAUzj4=
+github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.25.6/go.mod h1:capelnANRLuXXVcT3oPQvDhKDn6unq1Ve2k9b8M12/o=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.69.0 h1:Q2ax8S21clKOnHhhr933xm3JxdJebql+R7aNo7p7GBQ=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.69.0/go.mod h1:ralv4XawHjEMaHOWnTFushl0WRqim/gQWesAMF6hTow=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.6 h1:1KDMKvOKNrpD667ORbZ/+4OgvUoaok1gg/MLzrHF9fw=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.6/go.mod h1:DmtyfCfONhOyVAJ6ZMTrDSFIeyCBlEO93Qkfhxwbxu0=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 h1:3zu537oLmsPfDMyjnUS2g+F2vITgy5pB74tHI+JBNoM=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.6/go.mod h1:WJSZH2ZvepM6t6jwu4w/Z45Eoi75lPN7DcydSRtJg6Y=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 h1:K0OQAsDywb0ltlFrZm0JHPY3yZp/S9OaoLU33S7vPS8=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5/go.mod h1:ORITg+fyuMoeiQFiVGoqB3OydVTLkClw/ljbblMq6Cc=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 h1:6SZUVRQNvExYlMLbHdlKB48x0fLbc2iVROyaNEwBHbU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.1/go.mod h1:GqWyYCwLXnlUB1lOAXQyNSPqPLQJvmo8J0DWBzp9mtg=
+github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro=
+github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bmatcuk/doublestar/v4 v4.10.0 h1:zU9WiOla1YA122oLM6i4EXvGW62DvKZVxIe6TYWexEs=
-github.com/bmatcuk/doublestar/v4 v4.10.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
+github.com/bmatcuk/doublestar/v4 v4.7.1 h1:fdDeAqgT47acgwd9bd9HxJRDmc9UAmPpc+2m0CXv75Q=
+github.com/bmatcuk/doublestar/v4 v4.7.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/boombuler/barcode v1.1.0 h1:ChaYjBR63fr4LFyGn8E8nt7dBSt3MiU3zMOZqFvVkHo=
-github.com/boombuler/barcode v1.1.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw=
-github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c=
-github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
-github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
+github.com/boombuler/barcode v1.0.2 h1:79yrbttoZrLGkL/oOI8hBrUKucwOL0oOjUgEguGMcJ4=
+github.com/boombuler/barcode v1.0.2/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA=
+github.com/bufbuild/protocompile v0.4.0/go.mod h1:3v93+mbWn/v3xzN+31nwkJfrEpAUwp+BagBSZWx+TP8=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
+github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2 h1:aBangftG7EVZoUb69Os8IaYg++6uMOdKK83QtkkvJik=
-github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2/go.mod h1:qwXFYgsP6T7XnJtbKlf1HP8AjxZZyzxMmc+Lq5GjlU4=
-github.com/cockroachdb/cockroach-go/v2 v2.4.3 h1:LJO3K3jC5WXvMePRQSJE1NsIGoFGcEx1LW83W6RAlhw=
-github.com/cockroachdb/cockroach-go/v2 v2.4.3/go.mod h1:9U179XbCx4qFWtNhc7BiWLPfuyMVQ7qdAhfrwLz1vH0=
-github.com/coreos/go-oidc/v3 v3.17.0 h1:hWBGaQfbi0iVviX4ibC7bk8OKT5qNr4klBaCHVNvehc=
-github.com/coreos/go-oidc/v3 v3.17.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 h1:QVw89YDxXxEe+l8gU8ETbOasdwEV+avkR75ZzsVV9WI=
+github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
+github.com/cockroachdb/cockroach-go/v2 v2.3.8 h1:53yoUo4+EtrC1NrAEgnnad4AS3ntNvGup1PAXZ7UmpE=
+github.com/cockroachdb/cockroach-go/v2 v2.3.8/go.mod h1:9uH5jK4yQ3ZQUT9IXe4I2fHzMIF5+JC/oOdzTRgJYJk=
+github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI=
+github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0=
+github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
-github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo=
-github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
+github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnNEcHYvcCuK6dPZSg=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
github.com/drakkan/cron/v3 v3.0.0-20230222140221-217a1e4d96c0 h1:EW9gIJRmt9lzk66Fhh4S8VEtURA6QHZqGeSRE9Nb2/U=
github.com/drakkan/cron/v3 v3.0.0-20230222140221-217a1e4d96c0/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
+github.com/drakkan/crypto v0.0.0-20241109174329-ca456f56018f h1:XcWqEK+oBZv7o3+JdziHprvQwgGlr9rk7sgIYPwy/C8=
+github.com/drakkan/crypto v0.0.0-20241109174329-ca456f56018f/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
github.com/drakkan/ftp v0.0.0-20240430173938-7ba8270c8e7f h1:S9JUlrOzjK58UKoLqqb40YLyVlt0bcIFtYrvnanV3zc=
github.com/drakkan/ftp v0.0.0-20240430173938-7ba8270c8e7f/go.mod h1:4p8lUl4vQ80L598CygL+3IFtm+3nggvvW/palOlViwE=
+github.com/drakkan/ftpserverlib v0.0.0-20240603150004-6a8f643fbf2e h1:VBpqQeChkGXSV1FXCtvd3BJTyB+DcMgiu7SfkpsGuKw=
+github.com/drakkan/ftpserverlib v0.0.0-20240603150004-6a8f643fbf2e/go.mod h1:aAwyOAC6IIe+IZeeGD1QjuE3GGDzqW/c5Xtn+Dp0JUM=
github.com/drakkan/webdav v0.0.0-20241026165615-b8b8f74ae71b h1:Y1tLiQ8fnxM5f3wiBjAXsHzHNwiY9BR+mXZA75nZwrs=
github.com/drakkan/webdav v0.0.0-20241026165615-b8b8f74ae71b/go.mod h1:zOVb1QDhwwqWn2L2qZ0U3swMSO4GTSNyIwXCGO/UGWE=
-github.com/eikenb/pipeat v0.0.0-20251030185646-385cd3c3e07b h1:G2Mm3YhlyjkFrNnvu5E6LtNcPJtggXL1i5ekDV4hDD4=
-github.com/eikenb/pipeat v0.0.0-20251030185646-385cd3c3e07b/go.mod h1:XccPiThW83W5pzeOCsJAylEUtWeH+3zQVwiO402FXXc=
-github.com/envoyproxy/go-control-plane v0.14.0 h1:hbG2kr4RuFj222B6+7T83thSPqLjwBIfQawTkC++2HA=
-github.com/envoyproxy/go-control-plane v0.14.0/go.mod h1:NcS5X47pLl/hfqxU70yPwL9ZMkUlwlKxtAohpi2wBEU=
-github.com/envoyproxy/go-control-plane/envoy v1.37.0 h1:u3riX6BoYRfF4Dr7dwSOroNfdSbEPe9Yyl09/B6wBrQ=
-github.com/envoyproxy/go-control-plane/envoy v1.37.0/go.mod h1:DReE9MMrmecPy+YvQOAOHNYMALuowAnbjjEMkkWOi6A=
-github.com/envoyproxy/go-control-plane/ratelimit v0.1.0 h1:/G9QYbddjL25KvtKTv3an9lx6VBE2cnb8wp1vEGNYGI=
-github.com/envoyproxy/go-control-plane/ratelimit v0.1.0/go.mod h1:Wk+tMFAFbCXaJPzVVHnPgRKdUdwW/KdbRt94AzgRee4=
-github.com/envoyproxy/protoc-gen-validate v1.3.3 h1:MVQghNeW+LZcmXe7SY1V36Z+WFMDjpqGAGacLe2T0ds=
-github.com/envoyproxy/protoc-gen-validate v1.3.3/go.mod h1:TsndJ/ngyIdQRhMcVVGDDHINPLWB7C82oDArY51KfB0=
+github.com/eikenb/pipeat v0.0.0-20210730190139-06b3e6902001 h1:/ZshrfQzayqRSBDodmp3rhNCHJCff+utvgBuWRbiqu4=
+github.com/eikenb/pipeat v0.0.0-20210730190139-06b3e6902001/go.mod h1:kltMsfRMTHSFdMbK66XdS8mfMW77+FZA1fGY1xYMF84=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.13.1 h1:vPfJZCkob6yTMEgS+0TwfTUfbHjfy/6vOJ8hUWX/uXE=
+github.com/envoyproxy/go-control-plane v0.13.1/go.mod h1:X45hY0mufo6Fd0KW3rqsGvQMw58jvjymeCzBU3mWyHw=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/envoyproxy/protoc-gen-validate v1.1.0 h1:tntQDh69XqOCOZsDz0lVJQez/2L6Uu2PdjCQwWCJ3bM=
+github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4=
github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
-github.com/fclairamb/ftpserverlib v0.30.0 h1:caB9sDn1Au//q0j2ev/icPn388qPuk4k1ajSvglDcMQ=
-github.com/fclairamb/ftpserverlib v0.30.0/go.mod h1:QmogtltTOgkihyKza0GNo37Mu4AEzbJ+sH6W9Y0MBIQ=
+github.com/fclairamb/go-log v0.5.0 h1:Gz9wSamEaA6lta4IU2cjJc2xSq5sV5VYSB5w/SUHhVc=
+github.com/fclairamb/go-log v0.5.0/go.mod h1:XoRO1dYezpsGmLLkZE9I+sHqpqY65p8JA+Vqblb7k40=
github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
-github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/go-acme/lego/v4 v4.32.0 h1:z7Ss7aa1noabhKj+DBzhNCO2SM96xhE3b0ucVW3x8Tc=
-github.com/go-acme/lego/v4 v4.32.0/go.mod h1:lI2fZNdgeM/ymf9xQ9YKbgZm6MeDuf91UrohMQE4DhI=
-github.com/go-chi/chi/v5 v5.2.5 h1:Eg4myHZBjyvJmAFjFvWgrqDTXFyOzjj7YIm3L3mu6Ug=
-github.com/go-chi/chi/v5 v5.2.5/go.mod h1:X7Gx4mteadT3eDOMTsXzmI4/rwUpOwBHLpAfupzFJP0=
+github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
+github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/go-acme/lego/v4 v4.20.4 h1:yCQGBX9jOfMbriEQUocdYm7EBapdTp8nLXYG8k6SqSU=
+github.com/go-acme/lego/v4 v4.20.4/go.mod h1:foauPlhnhoq8WUphaWx5U04uDc+JGhk4ZZtPz/Vqsjg=
+github.com/go-chi/chi/v5 v5.1.0 h1:acVI1TYaD+hhedDJ3r54HyA6sExp3HfXq7QWEEY/xMw=
+github.com/go-chi/chi/v5 v5.1.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-chi/jwtauth/v5 v5.3.1 h1:1ePWrjVctvp1tyBq5b/2ER8Th/+RbYc7x4qNsc5rh5A=
+github.com/go-chi/jwtauth/v5 v5.3.1/go.mod h1:6Fl2RRmWXs3tJYE1IQGX81FsPoGqDwq9c15j52R5q80=
github.com/go-chi/render v1.0.3 h1:AsXqd2a1/INaIfUSKq3G5uA8weYx20FOsM7uSoCyyt4=
github.com/go-chi/render v1.0.3/go.mod h1:/gr3hVkmYR0YlEy3LxCuVRFzEu9Ruok+gFqbIofjao0=
-github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
-github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
+github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
+github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
+github.com/go-kit/log v0.2.1 h1:MRVx0/zhvdseW+Gza6N9rVzU/IVzaeE1SFI4raAhmBU=
+github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
+github.com/go-logfmt/logfmt v0.5.1 h1:otpy5pqBCBZ1ng9RQ0dPu4PN7ba75Y/aA+UpowDyNVA=
+github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
-github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
-github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo=
-github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
-github.com/go-viper/mapstructure/v2 v2.5.0 h1:vM5IJoUAy3d7zRSVtIwQgBj7BiWtMPfmPEgAXnvj1Ro=
-github.com/go-viper/mapstructure/v2 v2.5.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
+github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
+github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
+github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/gofrs/flock v0.13.0 h1:95JolYOvGMqeH31+FC7D2+uULf6mG61mEZ/A8dRYMzw=
-github.com/gofrs/flock v0.13.0/go.mod h1:jxeyy9R1auM5S6JYDBhDt+E2TCo7DkratH4Pgi8P+Z0=
-github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY=
-github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
+github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E=
+github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0=
+github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
+github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
-github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc=
github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0=
-github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
-github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
+github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM=
+github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/wire v0.7.0 h1:JxUKI6+CVBgCO2WToKy/nQk0sS+amI9z9EjVmdaocj4=
-github.com/google/wire v0.7.0/go.mod h1:n6YbUQD9cPKTnHXEBN2DXlOp/mVADhVErcMFb0v3J18=
-github.com/googleapis/enterprise-certificate-proxy v0.3.14 h1:yh8ncqsbUY4shRD5dA6RlzjJaT4hi3kII+zYw8wmLb8=
-github.com/googleapis/enterprise-certificate-proxy v0.3.14/go.mod h1:vqVt9yG9480NtzREnTlmGSBmFrA+bzb0yl0TxoBQXOg=
-github.com/googleapis/gax-go/v2 v2.18.0 h1:jxP5Uuo3bxm3M6gGtV94P4lliVetoCB4Wk2x8QA86LI=
-github.com/googleapis/gax-go/v2 v2.18.0/go.mod h1:uSzZN4a356eRG985CzJ3WfbFSpqkLTjsnhWGJR6EwrE=
+github.com/google/wire v0.6.0 h1:HBkoIh4BdSxoyo9PveV8giw7ZsaBOvzWKfcg/6MrVwI=
+github.com/google/wire v0.6.0/go.mod h1:F4QhpQ9EDIdJ1Mbop/NZBRB+5yrR6qg3BnctaoUk6NA=
+github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw=
+github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA=
+github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o=
+github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -202,10 +243,12 @@ github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB1
github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-plugin v1.7.0 h1:YghfQH/0QmPNc/AZMTFE3ac8fipZyZECHdDPshfk+mA=
-github.com/hashicorp/go-plugin v1.7.0/go.mod h1:BExt6KEaIYx804z8k4gRzRLEvxKVb+kn0NMcihqOqb8=
-github.com/hashicorp/go-retryablehttp v0.7.8 h1:ylXZWnqa7Lhqpk0L1P1LzDtGcCR0rPVUrx/c8Unxc48=
-github.com/hashicorp/go-retryablehttp v0.7.8/go.mod h1:rjiScheydd+CxvumBsIrFKlx3iS0jrZ7LvzFGFmuKbw=
+github.com/hashicorp/go-plugin v1.6.2 h1:zdGAEd0V1lCaU0u+MxWQhtSDQmahpkwOun8U8EiRVog=
+github.com/hashicorp/go-plugin v1.6.2/go.mod h1:CkgLQ5CZqNmdL9U9JzM532t8ZiYQ35+pj3b1FD37R0Q=
+github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
+github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
+github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/hashicorp/yamux v0.1.2 h1:XtB8kyFOyHXYVFnwT5C3+Bdo8gArse7j2AQ0DA0Uey8=
github.com/hashicorp/yamux v0.1.2/go.mod h1:C+zze2n6e/7wshOZep2A70/aQU6QBRWJO/G6FT1wIns=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
@@ -214,16 +257,14 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI
github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
-github.com/jackc/pgx/v5 v5.8.0 h1:TYPDoleBBme0xGSAX3/+NujXXtpZn9HBONkQC7IEZSo=
-github.com/jackc/pgx/v5 v5.8.0/go.mod h1:QVeDInX2m9VyzvNeiCJVjCkNFqzsNb43204HshNSZKw=
+github.com/jackc/pgx/v5 v5.7.1 h1:x7SYsPBYDkHDksogeSmZZ5xzThcTgRz++I5E+ePFUcs=
+github.com/jackc/pgx/v5 v5.7.1/go.mod h1:e7O26IywZZ+naJtWWos6i6fvWK+29etgITqrqHLfoZA=
github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
-github.com/jhump/protoreflect v1.17.0 h1:qOEr613fac2lOuTgWN4tPAtLL7fUSbuJL5X5XumQh94=
-github.com/jhump/protoreflect v1.17.0/go.mod h1:h9+vUUL38jiBzck8ck+6G/aeMX8Z4QUY/NiJPwPNi+8=
-github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU=
-github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k=
-github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c=
-github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
+github.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgfCL6c=
+github.com/jhump/protoreflect v1.15.1/go.mod h1:jD/2GMKKE6OqX8qTjhADU1e6DShO+gavG9e0Q693nKo=
+github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
+github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=
github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -232,48 +273,63 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k=
+github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
+github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
+github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
+github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCGW8k=
+github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
+github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
+github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
+github.com/lestrrat-go/jwx/v2 v2.1.3 h1:Ud4lb2QuxRClYAmRleF50KrbKIoM1TddXgBrneT5/Jo=
+github.com/lestrrat-go/jwx/v2 v2.1.3/go.mod h1:q6uFgbgZfEmQrfJfrCo90QcQOcXFMfbI/fO0NqRtvZo=
+github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
+github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/lithammer/shortuuid/v4 v4.2.0 h1:LMFOzVB3996a7b8aBuEXxqOBflbfPQAiVzkIcHO0h8c=
-github.com/lithammer/shortuuid/v4 v4.2.0/go.mod h1:D5noHZ2oFw/YaKCfGy0YxyE7M0wMbezmMjPdhyEFe6Y=
-github.com/lufia/plan9stats v0.0.0-20260216142805-b3301c5f2a88 h1:PTw+yKnXcOFCR6+8hHTyWBeQ/P4Nb7dd4/0ohEcWQuM=
-github.com/lufia/plan9stats v0.0.0-20260216142805-b3301c5f2a88/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
+github.com/lithammer/shortuuid/v3 v3.0.7 h1:trX0KTHy4Pbwo/6ia8fscyHoGA+mf1jWbPJVuvyJQQ8=
+github.com/lithammer/shortuuid/v3 v3.0.7/go.mod h1:vMk8ke37EmiewwolSO1NLW8vP4ZaKlRuDIi8tWWmAts=
+github.com/lufia/plan9stats v0.0.0-20240909124753-873cd0166683 h1:7UMa6KCCMjZEMDtTVdcGu0B1GmmC7QJKiCCjyTAWQy0=
+github.com/lufia/plan9stats v0.0.0-20240909124753-873cd0166683/go.mod h1:ilwx/Dta8jXAgpFYFvSWEMwxmbWXyiUHkd5FwyKhb5k=
+github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
+github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
-github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-sqlite3 v1.14.34 h1:3NtcvcUnFBPsuRcno8pUtupspG/GM+9nZ88zgJcp6Zk=
-github.com/mattn/go-sqlite3 v1.14.34/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
+github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
github.com/mhale/smtpd v0.8.3 h1:8j8YNXajksoSLZja3HdwvYVZPuJSqAxFsib3adzRRt8=
github.com/mhale/smtpd v0.8.3/go.mod h1:MQl+y2hwIEQCXtNhe5+55n0GZOjSmeqORDIXbqUL3x4=
-github.com/miekg/dns v1.1.72 h1:vhmr+TF2A3tuoGNkLDFK9zi36F2LS+hKTRW0Uf8kbzI=
-github.com/miekg/dns v1.1.72/go.mod h1:+EuEPhdHOsfk6Wk5TT2CzssZdqkmFhf8r+aVyDEToIs=
-github.com/minio/sio v0.4.3 h1:JqyID1XM86KwBZox5RAdLD4MLPIDoCY2cke2CXCJCkg=
-github.com/minio/sio v0.4.3/go.mod h1:4ANoe4CCXqnt1FCiLM0+vlBUhhWZzVOhYCz0069KtFc=
+github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ=
+github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ=
+github.com/minio/sio v0.4.1 h1:EMe3YBC1nf+sRQia65Rutxi+Z554XPV0dt8BIBA+a/0=
+github.com/minio/sio v0.4.1/go.mod h1:oBSjJeGbBdRMZZwna07sX9EFzZy+ywu5aofRiV1g79I=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/oklog/run v1.2.0 h1:O8x3yXwah4A73hJdlrwo/2X6J62gE5qTMusH0dvz60E=
-github.com/oklog/run v1.2.0/go.mod h1:mgDbKRSwPhJfesJ4PntqFUbKQRZ50NgmZTSPlFA0YFk=
-github.com/otiai10/copy v1.14.1 h1:5/7E6qsUMBaH5AnQ0sSLzzTg1oTECmcCmT6lvF45Na8=
-github.com/otiai10/copy v1.14.1/go.mod h1:oQwrEDDOci3IM8dJF0d8+jnbfPDllW6vUjNc3DoZm9I=
-github.com/otiai10/mint v1.6.3 h1:87qsV/aw1F5as1eH1zS/yqHY85ANKVMgkDrf9rcxbQs=
-github.com/otiai10/mint v1.6.3/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
-github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
-github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
-github.com/pires/go-proxyproto v0.11.0 h1:gUQpS85X/VJMdUsYyEgyn59uLJvGqPhJV5YvG68wXH4=
-github.com/pires/go-proxyproto v0.11.0/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
+github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
+github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
+github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
+github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
+github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
+github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
+github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
+github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
+github.com/pires/go-proxyproto v0.8.0 h1:5unRmEAPbHXHuLjDg01CxJWf91cw3lKHc/0xzKpXEe0=
+github.com/pires/go-proxyproto v0.8.0/go.mod h1:iknsfgnH8EkjrMeMyvfKByp9TiBZCKZM0jx2xmKqnVY=
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/sftp v1.13.10 h1:+5FbKNTe5Z9aspU88DPIKJ9z2KZoaGCu6Sr6kKR/5mU=
-github.com/pkg/sftp v1.13.10/go.mod h1:bJ1a7uDhrX/4OII+agvy28lzRvQrmIQuaHrcI1HbeGA=
+github.com/pkg/sftp v1.13.7 h1:uv+I3nNJvlKZIQGSr8JVQLNHFU9YhhNpvC14Y6KgmSM=
+github.com/pkg/sftp v1.13.7/go.mod h1:KMKI0t3T6hfA+lTR/ssZdunHo+uwq7ghoN09/FSu3DY=
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo=
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -281,136 +337,165 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU=
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
-github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs=
-github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
-github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
-github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg=
-github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
-github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
-github.com/prometheus/common v0.67.5 h1:pIgK94WWlQt1WLwAC5j2ynLaBRDiinoAb86HZHTUGI4=
-github.com/prometheus/common v0.67.5/go.mod h1:SjE/0MzDEEAyrdr5Gqc6G+sXI67maCxzaT3A2+HqjUw=
-github.com/prometheus/procfs v0.20.1 h1:XwbrGOIplXW/AU3YhIhLODXMJYyC1isLFfYCsTEycfc=
-github.com/prometheus/procfs v0.20.1/go.mod h1:o9EMBZGRyvDrSPH1RqdxhojkuXstoe4UlK79eF5TGGo=
-github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
-github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
+github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg=
+github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
+github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
+github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
+github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
+github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc=
+github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA=
github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
+github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU=
github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
-github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
-github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
+github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8=
+github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sagikazarmark/locafero v0.12.0 h1:/NQhBAkUb4+fH1jivKHWusDYFjMOOKU88eegjfxfHb4=
-github.com/sagikazarmark/locafero v0.12.0/go.mod h1:sZh36u/YSZ918v0Io+U9ogLYQJ9tLLBmM4eneO6WwsI=
+github.com/sagikazarmark/locafero v0.6.0 h1:ON7AQg37yzcRPU69mt7gwhFEBwxI6P9T4Qu3N51bwOk=
+github.com/sagikazarmark/locafero v0.6.0/go.mod h1:77OmuIc6VTraTXKXIs/uvUxKGUXjE1GbemJYHqdNjX0=
+github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
+github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
github.com/secsy/goftp v0.0.0-20200609142545-aa2de14babf4 h1:PT+ElG/UUFMfqy5HrxJxNzj3QBOf7dZwupeVC+mG1Lo=
github.com/secsy/goftp v0.0.0-20200609142545-aa2de14babf4/go.mod h1:MnkX001NG75g3p8bhFycnyIjeQoOjGL6CEIsdE/nKSY=
-github.com/sftpgo/sdk v0.1.9 h1:onBWfibCt34xHeKC2KFYPZ1DBqXGl9um/cAw+AVdgzY=
-github.com/sftpgo/sdk v0.1.9/go.mod h1:ehimvlTP+XTEiE3t1CPwWx9n7+6A6OGvMGlZ7ouvKFk=
+github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
+github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
+github.com/sftpgo/sdk v0.1.8 h1:HAywJl9jZnigFGztA/CWLieOW+R+HH6js6o6/qYvuSY=
+github.com/sftpgo/sdk v0.1.8/go.mod h1:Isl0IEzS/Muvh8Fr4X+NWFsOS/fZQHRD4oPQpoY7C4g=
github.com/shirou/gopsutil/v3 v3.24.5 h1:i0t8kL+kQTvpAYToeuiVk3TgDeKOFioZO3Ztz/iZ9pI=
github.com/shirou/gopsutil/v3 v3.24.5/go.mod h1:bsoOS1aStSs9ErQ1WWfxllSeS1K5D+U30r2NfcubMVk=
-github.com/shoenig/go-m1cpu v0.2.0 h1:t4GNqvPZ84Vjtpboo/kT3pIkbaK3vc+JIlD/Wz1zSFY=
-github.com/shoenig/go-m1cpu v0.2.0/go.mod h1:KkDOw6m3ZJQAPHbrzkZki4hnx+pDRR1Lo+ldA56wD5w=
-github.com/shoenig/test v1.7.0 h1:eWcHtTXa6QLnBvm0jgEabMRN/uJ4DMV3M8xUGgRkZmk=
-github.com/shoenig/test v1.7.0/go.mod h1:UxJ6u/x2v/TNs/LoLxBNJRV9DiwBBKYxXSyczsBHFoI=
-github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
-github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
-github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY=
-github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
-github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU=
-github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4=
-github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
-github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU=
-github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY=
-github.com/spiffe/go-spiffe/v2 v2.6.0 h1:l+DolpxNWYgruGQVV0xsfeya3CsC7m8iBzDnMpsbLuo=
-github.com/spiffe/go-spiffe/v2 v2.6.0/go.mod h1:gm2SeUoMZEtpnzPNs2Csc0D/gX33k1xIx7lEzqblHEs=
+github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
+github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg9SUEw2VQ=
+github.com/shoenig/test v0.6.4 h1:kVTaSd7WLz5WZ2IaoM0RSzRsUD+m8wRR+5qvntpn4LU=
+github.com/shoenig/test v0.6.4/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k=
+github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
+github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
+github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
+github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
+github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w=
+github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
+github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
+github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI=
+github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
-github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
-github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/studio-b12/gowebdav v0.12.0 h1:kFRtQECt8jmVAvA6RHBz3geXUGJHUZA6/IKpOVUs5kM=
-github.com/studio-b12/gowebdav v0.12.0/go.mod h1:bHA7t77X/QFExdeAnDzK6vKM34kEZAcE1OX4MfiwjkE=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/studio-b12/gowebdav v0.9.0 h1:1j1sc9gQnNxbXXM4M/CebPOX4aXYtr7MojAVcN4dHjU=
+github.com/studio-b12/gowebdav v0.9.0/go.mod h1:bHA7t77X/QFExdeAnDzK6vKM34kEZAcE1OX4MfiwjkE=
github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-github.com/tklauser/go-sysconf v0.3.16 h1:frioLaCQSsF5Cy1jgRBrzr6t502KIIwQ0MArYICU0nA=
-github.com/tklauser/go-sysconf v0.3.16/go.mod h1:/qNL9xxDhc7tx3HSRsLWNnuzbVfh3e7gh/BmM179nYI=
-github.com/tklauser/numcpus v0.11.0 h1:nSTwhKH5e1dMNsCdVBukSZrURJRoHbSEQjdEbY+9RXw=
-github.com/tklauser/numcpus v0.11.0/go.mod h1:z+LwcLq54uWZTX0u/bGobaV34u6V7KNlTZejzM6/3MQ=
+github.com/tklauser/go-sysconf v0.3.14 h1:g5vzr9iPFFz24v2KZXs/pvpvh8/V9Fw6vQK5ZZb78yU=
+github.com/tklauser/go-sysconf v0.3.14/go.mod h1:1ym4lWMLUOhuBOPGtRcJm7tEGX4SCYNEEEtghGG/8uY=
+github.com/tklauser/numcpus v0.9.0 h1:lmyCHtANi8aRUgkckBgoDk1nHCux3n2cgkJLXdQGPDo=
+github.com/tklauser/numcpus v0.9.0/go.mod h1:SN6Nq1O3VychhC1npsWostA+oW+VOQTxZrS604NSRyI=
github.com/unrolled/secure v1.17.0 h1:Io7ifFgo99Bnh0J7+Q+qcMzWM6kaDPCA5FroFZEdbWU=
github.com/unrolled/secure v1.17.0/go.mod h1:BmF5hyM6tXczk3MpQkFf1hpKSRqCyhqcbiQtiAF7+40=
github.com/wagslane/go-password-validator v0.3.0 h1:vfxOPzGHkz5S146HDpavl0cw1DSVP061Ry2PX0/ON6I=
github.com/wagslane/go-password-validator v0.3.0/go.mod h1:TI1XJ6T5fRdRnHqHt14pvy1tNVnrwe7m3/f1f2fDphQ=
-github.com/wneessen/go-mail v0.7.2 h1:xxPnhZ6IZLSgxShebmZ6DPKh1b6OJcoHfzy7UjOkzS8=
-github.com/wneessen/go-mail v0.7.2/go.mod h1:+TkW6QP3EVkgTEqHtVmnAE/1MRhmzb8Y9/W3pweuS+k=
+github.com/wneessen/go-mail v0.5.2 h1:MZKwgHJoRboLJ+EHMLuHpZc95wo+u1xViL/4XSswDT8=
+github.com/wneessen/go-mail v0.5.2/go.mod h1:kRroJvEq2hOSEPFRiKjN7Csrz0G1w+RpiGR3b6yo+Ck=
github.com/yl2chen/cidranger v1.0.3-0.20210928021809-d1cb2c52f37a h1:XfF01GyP+0eWCaVp0y6rNN+kFp7pt9Da4UUYrJ5XPWA=
github.com/yl2chen/cidranger v1.0.3-0.20210928021809-d1cb2c52f37a/go.mod h1:aXb8yZQEWo1XHGMf1qQfnb83GR/EJ2EBlwtUgAaNBoE=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
-go.etcd.io/bbolt v1.4.3 h1:dEadXpI6G79deX5prL3QRNP6JB8UxVkqo4UPnHaNXJo=
-go.etcd.io/bbolt v1.4.3/go.mod h1:tKQlpPaYCVFctUIgFKFnAlvbmB3tpy1vkTnDWohtc0E=
-go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
-go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
-go.opentelemetry.io/contrib/detectors/gcp v1.42.0 h1:kpt2PEJuOuqYkPcktfJqWWDjTEd/FNgrxcniL7kQrXQ=
-go.opentelemetry.io/contrib/detectors/gcp v1.42.0/go.mod h1:W9zQ439utxymRrXsUOzZbFX4JhLxXU4+ZnCt8GG7yA8=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.67.0 h1:yI1/OhfEPy7J9eoa6Sj051C7n5dvpj0QX8g4sRchg04=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.67.0/go.mod h1:NoUCKYWK+3ecatC4HjkRktREheMeEtrXoQxrqYFeHSc=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 h1:OyrsyzuttWTSur2qN/Lm0m2a8yqyIjUVBZcxFPuXq2o=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0/go.mod h1:C2NGBr+kAB4bk3xtMXfZ94gqFDtg/GkI7e9zqGh5Beg=
-go.opentelemetry.io/otel v1.42.0 h1:lSQGzTgVR3+sgJDAU/7/ZMjN9Z+vUip7leaqBKy4sho=
-go.opentelemetry.io/otel v1.42.0/go.mod h1:lJNsdRMxCUIWuMlVJWzecSMuNjE7dOYyWlqOXWkdqCc=
-go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.39.0 h1:5gn2urDL/FBnK8OkCfD1j3/ER79rUuTYmCvlXBKeYL8=
-go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.39.0/go.mod h1:0fBG6ZJxhqByfFZDwSwpZGzJU671HkwpWaNe2t4VUPI=
-go.opentelemetry.io/otel/metric v1.42.0 h1:2jXG+3oZLNXEPfNmnpxKDeZsFI5o4J+nz6xUlaFdF/4=
-go.opentelemetry.io/otel/metric v1.42.0/go.mod h1:RlUN/7vTU7Ao/diDkEpQpnz3/92J9ko05BIwxYa2SSI=
-go.opentelemetry.io/otel/sdk v1.42.0 h1:LyC8+jqk6UJwdrI/8VydAq/hvkFKNHZVIWuslJXYsDo=
-go.opentelemetry.io/otel/sdk v1.42.0/go.mod h1:rGHCAxd9DAph0joO4W6OPwxjNTYWghRWmkHuGbayMts=
-go.opentelemetry.io/otel/sdk/metric v1.42.0 h1:D/1QR46Clz6ajyZ3G8SgNlTJKBdGp84q9RKCAZ3YGuA=
-go.opentelemetry.io/otel/sdk/metric v1.42.0/go.mod h1:Ua6AAlDKdZ7tdvaQKfSmnFTdHx37+J4ba8MwVCYM5hc=
-go.opentelemetry.io/otel/trace v1.42.0 h1:OUCgIPt+mzOnaUTpOQcBiM/PLQ/Op7oq6g4LenLmOYY=
-go.opentelemetry.io/otel/trace v1.42.0/go.mod h1:f3K9S+IFqnumBkKhRJMeaZeNk9epyhnCmQh/EysQCdc=
-go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
-go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-go.yaml.in/yaml/v2 v2.4.4 h1:tuyd0P+2Ont/d6e2rl3be67goVK4R6deVxCUX5vyPaQ=
-go.yaml.in/yaml/v2 v2.4.4/go.mod h1:gMZqIpDtDqOfM0uNfy0SkpRhvUryYH0Z6wdMYcacYXQ=
-go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
-go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
-gocloud.dev v0.45.0 h1:WknIK8IbRdmynDvara3Q7G6wQhmEiOGwpgJufbM39sY=
-gocloud.dev v0.45.0/go.mod h1:0kXKmkCLG6d31N7NyLZWzt7jDSQura9zD/mWgiB6THI=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
-golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
-golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
+go.etcd.io/bbolt v1.3.11 h1:yGEzV1wPz2yVCLsD8ZAiGHhHVlczyC9d1rP43/VCRJ0=
+go.etcd.io/bbolt v1.3.11/go.mod h1:dksAq7YMXoljX0xu6VF5DMZGbhYYoLUalEiSySYAS4I=
+go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
+go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/contrib/detectors/gcp v1.32.0 h1:P78qWqkLSShicHmAzfECaTgvslqHxblNE9j62Ws1NK8=
+go.opentelemetry.io/contrib/detectors/gcp v1.32.0/go.mod h1:TVqo0Sda4Cv8gCIixd7LuLwW4EylumVWfhjZJjDD4DU=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 h1:qtFISDHKolvIxzSs0gIaiPUPR0Cucb0F2coHC7ZLdps=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0/go.mod h1:Y+Pop1Q6hCOnETWTW4NROK/q1hv50hM7yDaUTjG8lp8=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 h1:DheMAlT6POBP+gh8RUH19EOTnQIor5QE0uSRPtzCpSw=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0/go.mod h1:wZcGmeVO9nzP67aYSLDqXNWK87EZWhi7JWj1v7ZXf94=
+go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U=
+go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0 h1:WDdP9acbMYjbKIyJUhTvtzj601sVJOqgWdUxSdR/Ysc=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0/go.mod h1:BLbf7zbNIONBLPwvFnwNHGj4zge8uTCM/UPIVW1Mq2I=
+go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M=
+go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8=
+go.opentelemetry.io/otel/sdk v1.32.0 h1:RNxepc9vK59A8XsgZQouW8ue8Gkb4jpWtJm9ge5lEG4=
+go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU=
+go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU=
+go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ=
+go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM=
+go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8=
+go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
+go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+gocloud.dev v0.40.0 h1:f8LgP+4WDqOG/RXoUcyLpeIAGOcAbZrZbDQCUee10ng=
+gocloud.dev v0.40.0/go.mod h1:drz+VyYNBvrMTW0KZiBAYEdl8lbNZx+OQ7oQvdrFmSQ=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo=
+golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI=
-golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
+golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=
-golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw=
-golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs=
-golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
+golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
+golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
-golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
+golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210601080250-7ecdf8ef093b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -421,57 +506,90 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
-golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
-golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU=
-golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
+golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU=
+golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
-golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
-golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U=
-golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
+golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
+golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
+golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s=
-golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o=
+golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da h1:noIWHXmPHxILtqtCOPIhSt0ABwskkZKjD3bXGnZGpNY=
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
-gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
-gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
-google.golang.org/api v0.271.0 h1:cIPN4qcUc61jlh7oXu6pwOQqbJW2GqYh5PS6rB2C/JY=
-google.golang.org/api v0.271.0/go.mod h1:CGT29bhwkbF+i11qkRUJb2KMKqcJ1hdFceEIRd9u64Q=
-google.golang.org/genproto v0.0.0-20260311181403-84a4fc48630c h1:ZhFDeBMmFc/4g8/GwxnJ4rzB3O4GwQVNr+8Mh7Y5z4g=
-google.golang.org/genproto v0.0.0-20260311181403-84a4fc48630c/go.mod h1:hf4r/rBuzaTkLUWRO03771Xvcs6P5hwdQK3UUEJjqo0=
-google.golang.org/genproto/googleapis/api v0.0.0-20260311181403-84a4fc48630c h1:OyQPd6I3pN/9gDxz6L13kYGJgqkpdrAohJRBeXyxlgI=
-google.golang.org/genproto/googleapis/api v0.0.0-20260311181403-84a4fc48630c/go.mod h1:X2gu9Qwng7Nn009s/r3RUxqkzQNqOrAy79bluY7ojIg=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260311181403-84a4fc48630c h1:xgCzyF2LFIO/0X2UAoVRiXKU5Xg6VjToG4i2/ecSswk=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260311181403-84a4fc48630c/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
-google.golang.org/grpc v1.79.2 h1:fRMD94s2tITpyJGtBBn7MkMseNpOZU8ZxgC3MMBaXRU=
-google.golang.org/grpc v1.79.2/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
-google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
-google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
+google.golang.org/api v0.209.0 h1:Ja2OXNlyRlWCWu8o+GgI4yUn/wz9h/5ZfFbKz+dQX+w=
+google.golang.org/api v0.209.0/go.mod h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk=
+google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc=
+google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 h1:pgr/4QbFyktUv9CtQ/Fq4gzEE6/Xs7iCXbktaGzLHbQ=
+google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 h1:LWZqQOEjDyONlF1H6afSWpAL/znlREo2tHfLoe+8LMA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0=
+google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA=
+google.golang.org/grpc/stats/opentelemetry v0.0.0-20241028142157-ada6787961b3 h1:hUfOButuEtpc0UvYiaYRbNwxVYr0mQQOWq6X8beJ9Gc=
+google.golang.org/grpc/stats/opentelemetry v0.0.0-20241028142157-ada6787961b3/go.mod h1:jzYlkSMbKypzuu6xoAEijsNVo9ZeDF1u/zCfFgsx7jg=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
+google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/img/logo.png b/img/logo.png
index 81b1f94b..0c320ff7 100644
Binary files a/img/logo.png and b/img/logo.png differ
diff --git a/img/reui.png b/img/reui.png
deleted file mode 100644
index 20973803..00000000
Binary files a/img/reui.png and /dev/null differ
diff --git a/img/servinga.png b/img/servinga.png
deleted file mode 100644
index c5ccb638..00000000
Binary files a/img/servinga.png and /dev/null differ
diff --git a/img/vps2day.png b/img/vps2day.png
new file mode 100644
index 00000000..faddcf15
Binary files /dev/null and b/img/vps2day.png differ
diff --git a/init/sftpgo b/init/sftpgo
deleted file mode 100755
index 6da97d15..00000000
--- a/init/sftpgo
+++ /dev/null
@@ -1,102 +0,0 @@
-#! /bin/sh
-
-### BEGIN INIT INFO
-# Provides: SFTPGo
-# Required-Start: $remote_fs $syslog
-# Required-Stop: $remote_fs $syslog
-# Default-Start: 2 3 4 5
-# Default-Stop:
-# Short-Description: SFTPGo server
-### END INIT INFO
-
-set -e
-
-# /etc/init.d/sftpgo: start and stop the SFTPGo "server" daemon
-
-SFTPGO_USER="sftpgo"
-SFTPGO_GROUP="sftpgo"
-SFTPGO_BIN_NAME="sftpgo"
-SFTPGO_BIN="/usr/bin/sftpgo"
-SFTPGO_PID="/run/sftpgo.pid"
-SFTPGO_CONF_DIR="/etc/sftpgo"
-SFTPGO_CONF_FILE="sftpgo.json"
-SFTPGO_OPTS="serve -c $SFTPGO_CONF_DIR --config-file $SFTPGO_CONF_FILE"
-
-umask 022
-
-test -x $SFTPGO_BIN || exit 0
-
-
-if test -f /etc/default/$SFTPGO_BIN_NAME; then
- . /etc/default/$SFTPGO_BIN_NAME
-fi
-
-. /lib/lsb/init-functions
-
-if [ -n "$2" ]; then
- SFTPGO_OPTS="$SFTPGO_OPTS $2"
-fi
-
-# Are we running from init?
-run_by_init() {
- ([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ]
-}
-
-check_dev_null() {
- if [ ! -c /dev/null ]; then
- if [ "$1" = log_end_msg ]; then
- log_end_msg 1 || true
- fi
- if ! run_by_init; then
- log_action_msg "/dev/null is not a character device!" || true
- fi
- exit 1
- fi
-}
-
-write_pid() {
- sleep 0.25
- echo $(/bin/pidof $SFTPGO_BIN_NAME) > $SFTPGO_PID
-}
-
-export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
-
-case "$1" in
- start)
- check_dev_null
- log_daemon_msg "Starting SFTPGo server" "$SFTPGO_BIN_NAME" || true
- if start-stop-daemon --start --background --quiet --oknodo --chuid $SFTPGO_USER:$SFTPGO_GROUP --pidfile $SFTPGO_PID --exec $SFTPGO_BIN -- $SFTPGO_OPTS; then
- log_end_msg 0 || true
- write_pid
- else
- log_end_msg 1 || true
- fi
- ;;
- stop)
- log_daemon_msg "Stopping SFTPGo server" "$SFTPGO_BIN_NAME" || true
- if start-stop-daemon --stop --quiet --oknodo --pidfile $SFTPGO_PID --exec $SFTPGO_BIN; then
- log_end_msg 0 || true
- else
- log_end_msg 1 || true
- fi
- ;;
-
- reload)
- log_daemon_msg "Reloading SFTPGo server" "$SFTPGO_BIN_NAME" || true
- if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile $SFTPGO_PID --exec $SFTPGO_BIN; then
- log_end_msg 0 || true
- else
- log_end_msg 1 || true
- fi
- ;;
-
- status)
- status_of_proc -p $SFTPGO_PID $SFTPGO_BIN $SFTPGO_BIN_NAME && exit 0 || exit $?
- ;;
-
- *)
- log_action_msg "Usage: /etc/init.d/$SFTPGO_BIN_NAME {start|stop|reload|status}" || true
- exit 1
-esac
-
-exit 0
diff --git a/internal/acme/acme.go b/internal/acme/acme.go
index 6c4612e5..6ac395f0 100644
--- a/internal/acme/acme.go
+++ b/internal/acme/acme.go
@@ -30,7 +30,6 @@ import (
"net/url"
"os"
"path/filepath"
- "slices"
"strconv"
"strings"
"time"
@@ -44,7 +43,6 @@ import (
"github.com/go-acme/lego/v4/log"
"github.com/go-acme/lego/v4/providers/http/webroot"
"github.com/go-acme/lego/v4/registration"
- "github.com/hashicorp/go-retryablehttp"
"github.com/robfig/cron/v3"
"github.com/drakkan/sftpgo/v2/internal/common"
@@ -251,7 +249,7 @@ func (c *Configuration) Initialize(configDir string) error {
if c.RenewDays < 1 {
return fmt.Errorf("invalid number of days remaining before renewal: %d", c.RenewDays)
}
- if !slices.Contains(supportedKeyTypes, c.KeyType) {
+ if !util.Contains(supportedKeyTypes, c.KeyType) {
return fmt.Errorf("invalid key type %q", c.KeyType)
}
caURL, err := url.Parse(c.CAEndpoint)
@@ -491,16 +489,7 @@ func (c *Configuration) setup() (*account, *lego.Client, error) {
config := lego.NewConfig(&account)
config.CADirURL = c.CAEndpoint
config.Certificate.KeyType = certcrypto.KeyType(c.KeyType)
- config.Certificate.OverallRequestLimit = 6
config.UserAgent = version.GetServerVersion("/", false)
-
- retryClient := retryablehttp.NewClient()
- retryClient.Logger = &logger.LeveledLogger{Sender: "RetryableHTTPClient"}
- retryClient.RetryMax = 5
- retryClient.HTTPClient = config.HTTPClient
-
- config.HTTPClient = retryClient.StandardClient()
-
client, err := lego.NewClient(config)
if err != nil {
acmeLog(logger.LevelError, "unable to get ACME client: %v", err)
@@ -568,13 +557,6 @@ func (c *Configuration) tryRecoverRegistration(privateKey crypto.PrivateKey) (*r
config.CADirURL = c.CAEndpoint
config.UserAgent = version.GetServerVersion("/", false)
- retryClient := retryablehttp.NewClient()
- retryClient.Logger = &logger.LeveledLogger{Sender: "RetryableHTTPClient"}
- retryClient.RetryMax = 5
- retryClient.HTTPClient = config.HTTPClient
-
- config.HTTPClient = retryClient.StandardClient()
-
client, err := lego.NewClient(config)
if err != nil {
acmeLog(logger.LevelError, "unable to get the ACME client: %v", err)
@@ -767,7 +749,7 @@ func (c *Configuration) renewCertificates() error {
func isDomainValid(domain string) (string, bool) {
isValid := false
- for d := range strings.SplitSeq(domain, ",") {
+ for _, d := range strings.Split(domain, ",") {
d = strings.TrimSpace(d)
if d != "" {
isValid = true
@@ -785,7 +767,7 @@ func getDomains(domain string) []string {
delimiter = " "
}
- for d := range strings.SplitSeq(domain, delimiter) {
+ for _, d := range strings.Split(domain, delimiter) {
d = strings.TrimSpace(d)
if d != "" {
domains = append(domains, d)
diff --git a/internal/bundle/bundle.go b/internal/bundle/bundle.go
index 077fb360..70934ace 100644
--- a/internal/bundle/bundle.go
+++ b/internal/bundle/bundle.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build bundle
+// +build bundle
package bundle
diff --git a/internal/cmd/acme.go b/internal/cmd/acme.go
index e98cf515..bce51598 100644
--- a/internal/cmd/acme.go
+++ b/internal/cmd/acme.go
@@ -24,7 +24,6 @@ import (
"github.com/drakkan/sftpgo/v2/internal/config"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
"github.com/drakkan/sftpgo/v2/internal/logger"
- "github.com/drakkan/sftpgo/v2/internal/plugin"
"github.com/drakkan/sftpgo/v2/internal/util"
)
@@ -57,15 +56,6 @@ renewed by the SFTPGo service
logger.ErrorToConsole("unable to initialize KMS: %v", err)
os.Exit(1)
}
- if config.HasKMSPlugin() {
- if err := plugin.Initialize(config.GetPluginsConfig(), "debug"); err != nil {
- logger.ErrorToConsole("unable to initialize plugin system: %v", err)
- os.Exit(1)
- }
- registerSignals()
- defer plugin.Handler.Cleanup()
- }
-
mfaConfig := config.GetMFAConfig()
err = mfaConfig.Initialize()
if err != nil {
diff --git a/internal/cmd/awscontainer.go b/internal/cmd/awscontainer.go
new file mode 100644
index 00000000..72deee90
--- /dev/null
+++ b/internal/cmd/awscontainer.go
@@ -0,0 +1,34 @@
+// Copyright (C) 2019 Nicola Murino
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published
+// by the Free Software Foundation, version 3.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+//go:build awscontainer
+// +build awscontainer
+
+package cmd
+
+import (
+ "github.com/spf13/cobra"
+ "github.com/spf13/viper"
+)
+
+func addAWSContainerFlags(cmd *cobra.Command) {
+ viper.SetDefault("disable_aws_installation_code", false)
+ viper.BindEnv("disable_aws_installation_code", "SFTPGO_DISABLE_AWS_INSTALLATION_CODE") //nolint:errcheck
+ cmd.Flags().BoolVar(&disableAWSInstallationCode, "disable-aws-installation-code", viper.GetBool("disable_aws_installation_code"),
+ `Disable installation code for the AWS container.
+This flag can be set using
+SFTPGO_DISABLE_AWS_INSTALLATION_CODE env var too.
+`)
+ viper.BindPFlag("disable_aws_installation_code", cmd.Flags().Lookup("disable-aws-installation-code")) //nolint:errcheck
+}
diff --git a/internal/cmd/signals_windows.go b/internal/cmd/awscontainer_disabled.go
similarity index 62%
rename from internal/cmd/signals_windows.go
rename to internal/cmd/awscontainer_disabled.go
index 3ea1e6ff..3dbd8599 100644
--- a/internal/cmd/signals_windows.go
+++ b/internal/cmd/awscontainer_disabled.go
@@ -1,4 +1,4 @@
-// Copyright (C) 2025 Nicola Murino
+// Copyright (C) 2019 Nicola Murino
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published
@@ -12,25 +12,13 @@
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see .
+//go:build !awscontainer
+// +build !awscontainer
+
package cmd
import (
- "os"
- "os/signal"
-
- "github.com/drakkan/sftpgo/v2/internal/logger"
- "github.com/drakkan/sftpgo/v2/internal/plugin"
+ "github.com/spf13/cobra"
)
-func registerSignals() {
- c := make(chan os.Signal, 1)
- signal.Notify(c, os.Interrupt)
-
- go func() {
- for range c {
- logger.DebugToConsole("Received interrupt request")
- plugin.Handler.Cleanup()
- os.Exit(0)
- }
- }()
-}
+func addAWSContainerFlags(_ *cobra.Command) {}
diff --git a/internal/cmd/initprovider.go b/internal/cmd/initprovider.go
index 8862d261..c61ad228 100644
--- a/internal/cmd/initprovider.go
+++ b/internal/cmd/initprovider.go
@@ -21,11 +21,9 @@ import (
"github.com/spf13/cobra"
"github.com/spf13/viper"
- "github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/config"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
"github.com/drakkan/sftpgo/v2/internal/logger"
- "github.com/drakkan/sftpgo/v2/internal/plugin"
"github.com/drakkan/sftpgo/v2/internal/service"
"github.com/drakkan/sftpgo/v2/internal/util"
)
@@ -67,15 +65,6 @@ Please take a look at the usage below to customize the options.`,
logger.ErrorToConsole("Unable to initialize KMS: %v", err)
os.Exit(1)
}
- if config.HasKMSPlugin() {
- if err := plugin.Initialize(config.GetPluginsConfig(), "debug"); err != nil {
- logger.ErrorToConsole("unable to initialize plugin system: %v", err)
- os.Exit(1)
- }
- registerSignals()
- defer plugin.Handler.Cleanup()
- }
-
mfaConfig := config.GetMFAConfig()
err = mfaConfig.Initialize()
if err != nil {
@@ -89,20 +78,15 @@ Please take a look at the usage below to customize the options.`,
providerConf.Actions.ExecuteOn = nil
logger.InfoToConsole("Initializing provider: %q config file: %q", providerConf.Driver, viper.ConfigFileUsed())
err = dataprovider.InitializeDatabase(providerConf, configDir)
- switch err {
- case nil:
+ if err == nil {
logger.InfoToConsole("Data provider successfully initialized/updated")
- case dataprovider.ErrNoInitRequired:
+ } else if err == dataprovider.ErrNoInitRequired {
logger.InfoToConsole("%v", err.Error())
- default:
+ } else {
logger.ErrorToConsole("Unable to initialize/update the data provider: %v", err)
os.Exit(1)
}
if providerConf.Driver != dataprovider.MemoryDataProviderName && loadDataFrom != "" {
- if err := common.Initialize(config.GetCommonConfig(), providerConf.GetShared()); err != nil {
- logger.ErrorToConsole("%v", err)
- os.Exit(1)
- }
service := service.Service{
LoadDataFrom: loadDataFrom,
LoadDataMode: loadDataMode,
diff --git a/internal/cmd/portable.go b/internal/cmd/portable.go
index 356371a9..0a39fb20 100644
--- a/internal/cmd/portable.go
+++ b/internal/cmd/portable.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build !noportable
+// +build !noportable
package cmd
@@ -496,7 +497,7 @@ func getPatternsFilterValues(value string) (string, []string) {
if len(dirExts) > 1 {
dir := strings.TrimSpace(dirExts[0])
exts := []string{}
- for e := range strings.SplitSeq(dirExts[1], ",") {
+ for _, e := range strings.Split(dirExts[1], ",") {
cleanedExt := strings.TrimSpace(e)
if cleanedExt != "" {
exts = append(exts, cleanedExt)
diff --git a/internal/cmd/portable_disabled.go b/internal/cmd/portable_disabled.go
index f043ee7e..5e2b7974 100644
--- a/internal/cmd/portable_disabled.go
+++ b/internal/cmd/portable_disabled.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build noportable
+// +build noportable
package cmd
diff --git a/internal/cmd/resetpwd.go b/internal/cmd/resetpwd.go
index eb009e31..fec8c4ea 100644
--- a/internal/cmd/resetpwd.go
+++ b/internal/cmd/resetpwd.go
@@ -27,7 +27,6 @@ import (
"github.com/drakkan/sftpgo/v2/internal/config"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
"github.com/drakkan/sftpgo/v2/internal/logger"
- "github.com/drakkan/sftpgo/v2/internal/plugin"
"github.com/drakkan/sftpgo/v2/internal/util"
)
@@ -59,15 +58,6 @@ Please take a look at the usage below to customize the options.`,
logger.ErrorToConsole("unable to initialize KMS: %v", err)
os.Exit(1)
}
- if config.HasKMSPlugin() {
- if err := plugin.Initialize(config.GetPluginsConfig(), "debug"); err != nil {
- logger.ErrorToConsole("unable to initialize plugin system: %v", err)
- os.Exit(1)
- }
- registerSignals()
- defer plugin.Handler.Cleanup()
- }
-
mfaConfig := config.GetMFAConfig()
err = mfaConfig.Initialize()
if err != nil {
diff --git a/internal/cmd/revertprovider.go b/internal/cmd/revertprovider.go
index 09b8d1a8..64de3529 100644
--- a/internal/cmd/revertprovider.go
+++ b/internal/cmd/revertprovider.go
@@ -24,7 +24,6 @@ import (
"github.com/drakkan/sftpgo/v2/internal/config"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
"github.com/drakkan/sftpgo/v2/internal/logger"
- "github.com/drakkan/sftpgo/v2/internal/plugin"
"github.com/drakkan/sftpgo/v2/internal/util"
)
@@ -41,8 +40,8 @@ Please take a look at the usage below to customize the options.`,
Run: func(_ *cobra.Command, _ []string) {
logger.DisableLogger()
logger.EnableConsoleLogger(zerolog.DebugLevel)
- if revertProviderTargetVersion != 33 {
- logger.WarnToConsole("Unsupported target version, 33 is the only supported one")
+ if revertProviderTargetVersion != 28 {
+ logger.WarnToConsole("Unsupported target version, 28 is the only supported one")
os.Exit(1)
}
configDir = util.CleanDirInput(configDir)
@@ -57,21 +56,6 @@ Please take a look at the usage below to customize the options.`,
logger.ErrorToConsole("unable to initialize KMS: %v", err)
os.Exit(1)
}
- if config.HasKMSPlugin() {
- if err := plugin.Initialize(config.GetPluginsConfig(), "debug"); err != nil {
- logger.ErrorToConsole("unable to initialize plugin system: %v", err)
- os.Exit(1)
- }
- registerSignals()
- defer plugin.Handler.Cleanup()
- }
-
- mfaConfig := config.GetMFAConfig()
- err = mfaConfig.Initialize()
- if err != nil {
- logger.ErrorToConsole("Unable to initialize MFA: %v", err)
- os.Exit(1)
- }
providerConf := config.GetProviderConf()
logger.InfoToConsole("Reverting provider: %q config file: %q target version %d", providerConf.Driver,
viper.ConfigFileUsed(), revertProviderTargetVersion)
@@ -87,7 +71,7 @@ Please take a look at the usage below to customize the options.`,
func init() {
addConfigFlags(revertProviderCmd)
- revertProviderCmd.Flags().IntVar(&revertProviderTargetVersion, "to-version", 33, `33 means the version supported in v2.7.x`)
+ revertProviderCmd.Flags().IntVar(&revertProviderTargetVersion, "to-version", 28, `28 means the version supported in v2.5.x`)
rootCmd.AddCommand(revertProviderCmd)
}
diff --git a/internal/cmd/root.go b/internal/cmd/root.go
index 00759236..ba96be58 100644
--- a/internal/cmd/root.go
+++ b/internal/cmd/root.go
@@ -85,6 +85,8 @@ var (
loadDataQuotaScan int
loadDataClean bool
graceTime int
+ // used if awscontainer build tag is enabled
+ disableAWSInstallationCode bool
rootCmd = &cobra.Command{
Use: "sftpgo",
diff --git a/internal/cmd/serve.go b/internal/cmd/serve.go
index 348fb834..519fa78f 100644
--- a/internal/cmd/serve.go
+++ b/internal/cmd/serve.go
@@ -61,7 +61,7 @@ Please take a look at the usage below to customize the startup options`,
LoadDataClean: loadDataClean,
Shutdown: make(chan bool),
}
- if err := service.Start(); err == nil {
+ if err := service.Start(disableAWSInstallationCode); err == nil {
service.Wait()
if service.Error == nil {
os.Exit(0)
@@ -144,4 +144,5 @@ func checkServeParamsFromEnvFiles(configDir string) { //nolint:gocyclo
func init() {
rootCmd.AddCommand(serveCmd)
addServeFlags(serveCmd)
+ addAWSContainerFlags(serveCmd)
}
diff --git a/internal/cmd/startsubsys.go b/internal/cmd/startsubsys.go
new file mode 100644
index 00000000..6f7c5751
--- /dev/null
+++ b/internal/cmd/startsubsys.go
@@ -0,0 +1,227 @@
+// Copyright (C) 2019 Nicola Murino
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published
+// by the Free Software Foundation, version 3.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+package cmd
+
+import (
+ "io"
+ "os"
+ "os/user"
+ "path/filepath"
+
+ "github.com/rs/xid"
+ "github.com/rs/zerolog"
+ "github.com/spf13/cobra"
+ "github.com/spf13/viper"
+
+ "github.com/drakkan/sftpgo/v2/internal/common"
+ "github.com/drakkan/sftpgo/v2/internal/config"
+ "github.com/drakkan/sftpgo/v2/internal/dataprovider"
+ "github.com/drakkan/sftpgo/v2/internal/logger"
+ "github.com/drakkan/sftpgo/v2/internal/plugin"
+ "github.com/drakkan/sftpgo/v2/internal/sftpd"
+ "github.com/drakkan/sftpgo/v2/internal/version"
+)
+
+var (
+ logJournalD = false
+ preserveHomeDir = false
+ baseHomeDir = ""
+ subsystemCmd = &cobra.Command{
+ Use: "startsubsys",
+ Short: "Use sftpgo as SFTP file transfer subsystem",
+ Long: `In this mode SFTPGo speaks the server side of SFTP protocol to stdout and
+expects client requests from stdin.
+This mode is not intended to be called directly, but from sshd using the
+Subsystem option.
+For example adding a line like this one in "/etc/ssh/sshd_config":
+
+Subsystem sftp sftpgo startsubsys
+
+Command-line flags should be specified in the Subsystem declaration.
+`,
+ Run: func(_ *cobra.Command, _ []string) {
+ logSender := "startsubsys"
+ connectionID := xid.New().String()
+ var zeroLogLevel zerolog.Level
+ switch logLevel {
+ case "info":
+ zeroLogLevel = zerolog.InfoLevel
+ case "warn":
+ zeroLogLevel = zerolog.WarnLevel
+ case "error":
+ zeroLogLevel = zerolog.ErrorLevel
+ default:
+ zeroLogLevel = zerolog.DebugLevel
+ }
+ logger.SetLogTime(logUTCTime)
+ if logJournalD {
+ logger.InitJournalDLogger(zeroLogLevel)
+ } else {
+ logger.InitStdErrLogger(zeroLogLevel)
+ }
+ osUser, err := user.Current()
+ if err != nil {
+ logger.Error(logSender, connectionID, "unable to get the current user: %v", err)
+ os.Exit(1)
+ }
+ username := osUser.Username
+ homedir := osUser.HomeDir
+ logger.Info(logSender, connectionID, "starting SFTPGo %v as subsystem, user %q home dir %q config dir %q base home dir %q",
+ version.Get(), username, homedir, configDir, baseHomeDir)
+ err = config.LoadConfig(configDir, configFile)
+ if err != nil {
+ logger.Error(logSender, connectionID, "unable to load configuration: %v", err)
+ os.Exit(1)
+ }
+ kmsConfig := config.GetKMSConfig()
+ if err := kmsConfig.Initialize(); err != nil {
+ logger.Error(logSender, connectionID, "unable to initialize KMS: %v", err)
+ os.Exit(1)
+ }
+ if err := plugin.Initialize(config.GetPluginsConfig(), logLevel); err != nil {
+ logger.Error(logSender, connectionID, "unable to initialize plugin system: %v", err)
+ os.Exit(1)
+ }
+ mfaConfig := config.GetMFAConfig()
+ err = mfaConfig.Initialize()
+ if err != nil {
+ logger.Error(logSender, "", "unable to initialize MFA: %v", err)
+ os.Exit(1)
+ }
+ dataProviderConf := config.GetProviderConf()
+ if dataProviderConf.Driver == dataprovider.SQLiteDataProviderName || dataProviderConf.Driver == dataprovider.BoltDataProviderName {
+ logger.Debug(logSender, connectionID, "data provider %q not supported in subsystem mode, using %q provider",
+ dataProviderConf.Driver, dataprovider.MemoryDataProviderName)
+ dataProviderConf.Driver = dataprovider.MemoryDataProviderName
+ dataProviderConf.Name = ""
+ }
+ config.SetProviderConf(dataProviderConf)
+ err = dataprovider.Initialize(dataProviderConf, configDir, false)
+ if err != nil {
+ logger.Error(logSender, connectionID, "unable to initialize the data provider: %v", err)
+ os.Exit(1)
+ }
+ smtpConfig := config.GetSMTPConfig()
+ err = smtpConfig.Initialize(configDir, false)
+ if err != nil {
+ logger.Error(logSender, connectionID, "unable to initialize SMTP configuration: %v", err)
+ os.Exit(1)
+ }
+ commonConfig := config.GetCommonConfig()
+ // idle connection are managed externally
+ commonConfig.IdleTimeout = 0
+ config.SetCommonConfig(commonConfig)
+ if err := common.Initialize(config.GetCommonConfig(), dataProviderConf.GetShared()); err != nil {
+ logger.Error(logSender, connectionID, "%v", err)
+ os.Exit(1)
+ }
+ httpConfig := config.GetHTTPConfig()
+ if err := httpConfig.Initialize(configDir); err != nil {
+ logger.Error(logSender, connectionID, "unable to initialize http client: %v", err)
+ os.Exit(1)
+ }
+ commandConfig := config.GetCommandConfig()
+ if err := commandConfig.Initialize(); err != nil {
+ logger.Error(logSender, connectionID, "unable to initialize commands configuration: %v", err)
+ os.Exit(1)
+ }
+ user, err := dataprovider.UserExists(username, "")
+ if err == nil {
+ if user.HomeDir != filepath.Clean(homedir) && !preserveHomeDir {
+ // update the user
+ user.HomeDir = filepath.Clean(homedir)
+ err = dataprovider.UpdateUser(&user, dataprovider.ActionExecutorSystem, "", "")
+ if err != nil {
+ logger.Error(logSender, connectionID, "unable to update user %q: %v", username, err)
+ os.Exit(1)
+ }
+ }
+ } else {
+ user.Username = username
+ if baseHomeDir != "" && filepath.IsAbs(baseHomeDir) {
+ user.HomeDir = filepath.Join(baseHomeDir, username)
+ } else {
+ user.HomeDir = filepath.Clean(homedir)
+ }
+ logger.Debug(logSender, connectionID, "home dir for new user %q", user.HomeDir)
+ user.Password = connectionID
+ user.Permissions = make(map[string][]string)
+ user.Permissions["/"] = []string{dataprovider.PermAny}
+ err = dataprovider.AddUser(&user, dataprovider.ActionExecutorSystem, "", "")
+ if err != nil {
+ logger.Error(logSender, connectionID, "unable to add user %q: %v", username, err)
+ os.Exit(1)
+ }
+ }
+ err = user.LoadAndApplyGroupSettings()
+ if err != nil {
+ logger.Error(logSender, connectionID, "unable to apply group settings for user %q: %v", username, err)
+ os.Exit(1)
+ }
+ err = sftpd.ServeSubSystemConnection(&user, connectionID, os.Stdin, os.Stdout)
+ if err != nil && err != io.EOF {
+ logger.Warn(logSender, connectionID, "serving subsystem finished with error: %v", err)
+ os.Exit(1)
+ }
+ logger.Info(logSender, connectionID, "serving subsystem finished")
+ plugin.Handler.Cleanup()
+ os.Exit(0)
+ },
+ }
+)
+
+func init() {
+ subsystemCmd.Flags().BoolVarP(&preserveHomeDir, "preserve-home", "p", false, `If the user already exists, the existing home
+directory will not be changed`)
+ subsystemCmd.Flags().StringVarP(&baseHomeDir, "base-home-dir", "d", "", `If the user does not exist specify an alternate
+starting directory. The home directory for a new
+user will be:
+
+[base-home-dir]/[username]
+
+base-home-dir must be an absolute path.`)
+ subsystemCmd.Flags().BoolVarP(&logJournalD, "log-to-journald", "j", false, `Send logs to journald. Only available on Linux.
+Use:
+
+$ journalctl -o verbose -f
+
+To see full logs.
+If not set, the logs will be sent to the standard
+error`)
+
+ addConfigFlags(subsystemCmd)
+
+ viper.SetDefault(logLevelKey, defaultLogLevel)
+ viper.BindEnv(logLevelKey, "SFTPGO_LOG_LEVEL") //nolint:errcheck
+ subsystemCmd.Flags().StringVar(&logLevel, logLevelFlag, viper.GetString(logLevelKey),
+ `Set the log level. Supported values:
+
+debug, info, warn, error.
+
+This flag can be set
+using SFTPGO_LOG_LEVEL env var too.
+`)
+ viper.BindPFlag(logLevelKey, subsystemCmd.Flags().Lookup(logLevelFlag)) //nolint:errcheck
+
+ viper.SetDefault(logUTCTimeKey, defaultLogUTCTime)
+ viper.BindEnv(logUTCTimeKey, "SFTPGO_LOG_UTC_TIME") //nolint:errcheck
+ subsystemCmd.Flags().BoolVar(&logUTCTime, logUTCTimeFlag, viper.GetBool(logUTCTimeKey),
+ `Use UTC time for logging. This flag can be set
+using SFTPGO_LOG_UTC_TIME env var too.
+`)
+ viper.BindPFlag(logUTCTimeKey, subsystemCmd.Flags().Lookup(logUTCTimeFlag)) //nolint:errcheck
+
+ rootCmd.AddCommand(subsystemCmd)
+}
diff --git a/internal/command/command.go b/internal/command/command.go
index 512c2d4e..b3d56aa3 100644
--- a/internal/command/command.go
+++ b/internal/command/command.go
@@ -17,9 +17,10 @@ package command
import (
"fmt"
- "slices"
"strings"
"time"
+
+ "github.com/drakkan/sftpgo/v2/internal/util"
)
const (
@@ -35,6 +36,7 @@ const (
HookStartup = "startup"
HookPostConnect = "post_connect"
HookPostDisconnect = "post_disconnect"
+ HookDataRetention = "data_retention"
HookCheckPassword = "check_password"
HookPreLogin = "pre_login"
HookPostLogin = "post_login"
@@ -45,7 +47,7 @@ const (
var (
config Config
supportedHooks = []string{HookFsActions, HookProviderActions, HookStartup, HookPostConnect, HookPostDisconnect,
- HookCheckPassword, HookPreLogin, HookPostLogin, HookExternalAuth, HookKeyboardInteractive}
+ HookDataRetention, HookCheckPassword, HookPreLogin, HookPostLogin, HookExternalAuth, HookKeyboardInteractive}
)
// Command define the configuration for a specific commands
@@ -115,7 +117,7 @@ func (c Config) Initialize() error {
}
// don't validate args, we allow to pass empty arguments
if cmd.Hook != "" {
- if !slices.Contains(supportedHooks, cmd.Hook) {
+ if !util.Contains(supportedHooks, cmd.Hook) {
return fmt.Errorf("invalid hook name %q, supported values: %+v", cmd.Hook, supportedHooks)
}
}
diff --git a/internal/common/actions.go b/internal/common/actions.go
index d6fd04b0..01206b93 100644
--- a/internal/common/actions.go
+++ b/internal/common/actions.go
@@ -25,7 +25,6 @@ import (
"os/exec"
"path"
"path/filepath"
- "slices"
"strings"
"sync/atomic"
"time"
@@ -38,6 +37,7 @@ import (
"github.com/drakkan/sftpgo/v2/internal/httpclient"
"github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/plugin"
+ "github.com/drakkan/sftpgo/v2/internal/util"
)
var (
@@ -86,7 +86,7 @@ func InitializeActionHandler(handler ActionHandler) {
func ExecutePreAction(conn *BaseConnection, operation, filePath, virtualPath string, fileSize int64, openFlags int) (int, error) {
var event *notifier.FsEvent
hasNotifiersPlugin := plugin.Handler.HasNotifiers()
- hasHook := slices.Contains(Config.Actions.ExecuteOn, operation)
+ hasHook := util.Contains(Config.Actions.ExecuteOn, operation)
hasRules := eventManager.hasFsRules()
if !hasHook && !hasNotifiersPlugin && !hasRules {
return 0, nil
@@ -133,7 +133,7 @@ func ExecuteActionNotification(conn *BaseConnection, operation, filePath, virtua
fileSize int64, err error, elapsed int64, metadata map[string]string,
) error {
hasNotifiersPlugin := plugin.Handler.HasNotifiers()
- hasHook := slices.Contains(Config.Actions.ExecuteOn, operation)
+ hasHook := util.Contains(Config.Actions.ExecuteOn, operation)
hasRules := eventManager.hasFsRules()
if !hasHook && !hasNotifiersPlugin && !hasRules {
return nil
@@ -175,7 +175,7 @@ func ExecuteActionNotification(conn *BaseConnection, operation, filePath, virtua
}
}
if hasHook {
- if slices.Contains(Config.Actions.ExecuteSync, operation) {
+ if util.Contains(Config.Actions.ExecuteSync, operation) {
_, err := actionHandler.Handle(notification)
return err
}
@@ -250,7 +250,7 @@ func newActionNotification(
type defaultActionHandler struct{}
func (h *defaultActionHandler) Handle(event *notifier.FsEvent) (int, error) {
- if !slices.Contains(Config.Actions.ExecuteOn, event.Action) {
+ if !util.Contains(Config.Actions.ExecuteOn, event.Action) {
return 0, nil
}
@@ -348,7 +348,7 @@ func notificationAsEnvVars(event *notifier.FsEvent) []string {
if len(event.Metadata) > 0 {
data, err := json.Marshal(event.Metadata)
if err == nil {
- result = append(result, fmt.Sprintf("SFTPGO_ACTION_METADATA=%s", data))
+ result = append(result, fmt.Sprintf("SFTPGO_ACTION_METADATA=%s", util.BytesToString(data)))
}
}
return result
diff --git a/internal/common/actions_test.go b/internal/common/actions_test.go
index 6ac0463c..02666e6c 100644
--- a/internal/common/actions_test.go
+++ b/internal/common/actions_test.go
@@ -24,7 +24,7 @@ import (
"testing"
"time"
- "github.com/lithammer/shortuuid/v4"
+ "github.com/lithammer/shortuuid/v3"
"github.com/rs/xid"
"github.com/sftpgo/sdk"
"github.com/sftpgo/sdk/plugin/notifier"
diff --git a/internal/common/common.go b/internal/common/common.go
index 99b5e8d1..9933f041 100644
--- a/internal/common/common.go
+++ b/internal/common/common.go
@@ -19,14 +19,12 @@ import (
"context"
"errors"
"fmt"
- "io"
"net"
"net/http"
"net/url"
"os"
"os/exec"
"path/filepath"
- "slices"
"strconv"
"strings"
"sync"
@@ -126,9 +124,6 @@ func init() {
Connections.clients = clientsMap{
clients: make(map[string]int),
}
- Connections.transfers = clientsMap{
- clients: make(map[string]int),
- }
Connections.perUserConns = make(map[string]int)
Connections.mapping = make(map[string]int)
Connections.sshMapping = make(map[string]int)
@@ -168,20 +163,13 @@ var (
rateLimiters map[string][]*rateLimiter
isShuttingDown atomic.Bool
ftpLoginCommands = []string{"PASS", "USER"}
- fnUpdateBranding func(*dataprovider.BrandingConfigs)
)
-// SetUpdateBrandingFn sets the function to call to update branding configs.
-func SetUpdateBrandingFn(fn func(*dataprovider.BrandingConfigs)) {
- fnUpdateBranding = fn
-}
-
// Initialize sets the common configuration
func Initialize(c Configuration, isShared int) error {
isShuttingDown.Store(false)
util.SetUmask(c.Umask)
version.SetConfig(c.ServerVersion)
- dataprovider.SetTZ(c.TZ)
Config = c
Config.Actions.ExecuteOn = util.RemoveDuplicates(Config.Actions.ExecuteOn, true)
Config.Actions.ExecuteSync = util.RemoveDuplicates(Config.Actions.ExecuteSync, true)
@@ -212,7 +200,7 @@ func Initialize(c Configuration, isShared int) error {
Config.rateLimitersList = rateLimitersList
}
if c.DefenderConfig.Enabled {
- if !slices.Contains(supportedDefenderDrivers, c.DefenderConfig.Driver) {
+ if !util.Contains(supportedDefenderDrivers, c.DefenderConfig.Driver) {
return fmt.Errorf("unsupported defender driver %q", c.DefenderConfig.Driver)
}
var defender Defender
@@ -418,23 +406,6 @@ func AddDefenderEvent(ip, protocol string, event HostEvent) bool {
return Config.defender.AddEvent(ip, protocol, event)
}
-func reloadProviderConfigs() {
- configs, err := dataprovider.GetConfigs()
- if err != nil {
- logger.Error(logSender, "", "unable to load config from provider: %v", err)
- return
- }
- configs.SetNilsToEmpty()
- if fnUpdateBranding != nil {
- fnUpdateBranding(configs.Branding)
- }
- if err := configs.SMTP.TryDecrypt(); err != nil {
- logger.Error(logSender, "", "unable to decrypt smtp config: %v", err)
- return
- }
- smtp.Activate(configs.SMTP)
-}
-
func startPeriodicChecks(duration time.Duration, isShared int) {
startEventScheduler()
spec := fmt.Sprintf("@every %s", duration)
@@ -443,7 +414,7 @@ func startPeriodicChecks(duration time.Duration, isShared int) {
logger.Info(logSender, "", "scheduled overquota transfers check, schedule %q", spec)
if isShared == 1 {
logger.Info(logSender, "", "add reload configs task")
- _, err := eventScheduler.AddFunc("@every 10m", reloadProviderConfigs)
+ _, err := eventScheduler.AddFunc("@every 10m", smtp.ReloadProviderConf)
util.PanicOnError(err)
}
if Config.IdleTimeout > 0 {
@@ -463,7 +434,6 @@ type ActiveTransfer interface {
GetDownloadedSize() int64
GetUploadedSize() int64
GetVirtualPath() string
- GetFsPath() string
GetStartTime() time.Time
SignalClose(err error)
Truncate(fsPath string, size int64) (int64, error)
@@ -616,6 +586,9 @@ type Configuration struct {
// Absolute path to an external program or an HTTP URL to invoke after an SSH/FTP connection ends.
// Leave empty do disable.
PostDisconnectHook string `json:"post_disconnect_hook" mapstructure:"post_disconnect_hook"`
+ // Absolute path to an external program or an HTTP URL to invoke after a data retention check completes.
+ // Leave empty do disable.
+ DataRetentionHook string `json:"data_retention_hook" mapstructure:"data_retention_hook"`
// Maximum number of concurrent client connections. 0 means unlimited
MaxTotalConnections int `json:"max_total_connections" mapstructure:"max_total_connections"`
// Maximum number of concurrent client connections from the same host (IP). 0 means unlimited
@@ -636,10 +609,6 @@ type Configuration struct {
Umask string `json:"umask" mapstructure:"umask"`
// Defines the server version
ServerVersion string `json:"server_version" mapstructure:"server_version"`
- // TZ defines the time zone to use for the EventManager scheduler and to
- // control time-based access restrictions. Set to "local" to use the
- // server's local time, otherwise UTC will be used.
- TZ string `json:"tz" mapstructure:"tz"`
// Metadata configuration
Metadata MetadataConfig `json:"metadata" mapstructure:"metadata"`
// EventManager configuration
@@ -676,7 +645,7 @@ func (c *Configuration) initializeProxyProtocol() error {
// GetProxyListener returns a wrapper for the given listener that supports the
// HAProxy Proxy Protocol
-func (c *Configuration) GetProxyListener(listener net.Listener) (net.Listener, error) {
+func (c *Configuration) GetProxyListener(listener net.Listener) (*proxyproto.Listener, error) {
if c.ProxyProtocol > 0 {
defaultPolicy := proxyproto.REQUIRE
if c.ProxyProtocol == 1 {
@@ -803,7 +772,7 @@ func (c *Configuration) checkPostDisconnectHook(remoteAddr, protocol, username,
if c.PostDisconnectHook == "" {
return
}
- if !slices.Contains(disconnHookProtocols, protocol) {
+ if !util.Contains(disconnHookProtocols, protocol) {
return
}
go c.executePostDisconnectHook(remoteAddr, protocol, username, connID, connectionTime)
@@ -866,7 +835,6 @@ func getProxyPolicy(allowed, skipped []func(net.IP) bool, def proxyproto.Policy)
if err != nil {
// Something is wrong with the source IP, better reject the
// connection.
- logger.Error(logSender, "", "reject connection from ip %q, err: %v", connPolicyOptions.Upstream, err)
return proxyproto.REJECT, proxyproto.ErrInvalidUpstream
}
@@ -898,12 +866,12 @@ func getProxyPolicy(allowed, skipped []func(net.IP) bool, def proxyproto.Policy)
// Each SSH connection can open several channels for SFTP or SSH commands
type SSHConnection struct {
id string
- conn io.Closer
+ conn net.Conn
lastActivity atomic.Int64
}
// NewSSHConnection returns a new SSHConnection
-func NewSSHConnection(id string, conn io.Closer) *SSHConnection {
+func NewSSHConnection(id string, conn net.Conn) *SSHConnection {
c := &SSHConnection{
id: id,
conn: conn,
@@ -936,9 +904,7 @@ func (c *SSHConnection) Close() error {
type ActiveConnections struct {
// clients contains both authenticated and estabilished connections and the ones waiting
// for authentication
- clients clientsMap
- // transfers contains active transfers, total and per-user
- transfers clientsMap
+ clients clientsMap
transfersCheckStatus atomic.Bool
sync.RWMutex
connections []ActiveConnection
@@ -989,9 +955,6 @@ func (conns *ActiveConnections) Add(c ActiveConnection) error {
if val := conns.perUserConns[username]; val >= maxSessions {
return fmt.Errorf("too many open sessions: %d/%d", val, maxSessions)
}
- if val := conns.transfers.getTotalFrom(username); val >= maxSessions {
- return fmt.Errorf("too many open transfers: %d/%d", val, maxSessions)
- }
}
conns.addUserConnection(username)
}
@@ -1053,7 +1016,7 @@ func (conns *ActiveConnections) Remove(connectionID string) {
metric.UpdateActiveConnectionsSize(lastIdx)
logger.Debug(conn.GetProtocol(), conn.GetID(), "connection removed, local address %q, remote address %q close fs error: %v, num open connections: %d",
conn.GetLocalAddress(), conn.GetRemoteAddress(), err, lastIdx)
- if conn.GetProtocol() == ProtocolFTP && conn.GetUsername() == "" && !slices.Contains(ftpLoginCommands, conn.GetCommand()) {
+ if conn.GetProtocol() == ProtocolFTP && conn.GetUsername() == "" && !util.Contains(ftpLoginCommands, conn.GetCommand()) {
ip := util.GetIPFromRemoteAddress(conn.GetRemoteAddress())
logger.ConnectionFailedLog("", ip, dataprovider.LoginMethodNoAuthTried, ProtocolFTP,
dataprovider.ErrNoAuthTried.Error())
@@ -1162,7 +1125,7 @@ func (conns *ActiveConnections) checkIdles() {
logger.Debug(conn.GetProtocol(), conn.GetID(), "close idle connection, idle time: %s, username: %q close err: %v",
time.Since(conn.GetLastActivity()), conn.GetUsername(), err)
}(c)
- } else if !isUnauthenticatedFTPUser && !c.isAccessAllowed() {
+ } else if !c.isAccessAllowed() {
defer func(conn ActiveConnection) {
err := conn.Disconnect()
logger.Info(conn.GetProtocol(), conn.GetID(), "access conditions not met for user: %q close connection err: %v",
@@ -1252,35 +1215,6 @@ func (conns *ActiveConnections) GetClientConnections() int32 {
return conns.clients.getTotal()
}
-// GetTotalTransfers returns the total number of active transfers
-func (conns *ActiveConnections) GetTotalTransfers() int32 {
- return conns.transfers.getTotal()
-}
-
-// IsNewTransferAllowed returns an error if the maximum number of concurrent allowed
-// transfers is exceeded
-func (conns *ActiveConnections) IsNewTransferAllowed(username string) error {
- if isShuttingDown.Load() {
- return ErrShuttingDown
- }
- if Config.MaxTotalConnections == 0 && Config.MaxPerHostConnections == 0 {
- return nil
- }
- if Config.MaxPerHostConnections > 0 {
- if transfers := conns.transfers.getTotalFrom(username); transfers >= Config.MaxPerHostConnections {
- logger.Info(logSender, "", "active transfers from user %q: %d/%d", username, transfers, Config.MaxPerHostConnections)
- return ErrConnectionDenied
- }
- }
- if Config.MaxTotalConnections > 0 {
- if transfers := conns.transfers.getTotal(); transfers >= int32(Config.MaxTotalConnections) {
- logger.Info(logSender, "", "active transfers %d/%d", transfers, Config.MaxTotalConnections)
- return ErrConnectionDenied
- }
- }
- return nil
-}
-
// IsNewConnectionAllowed returns an error if the maximum number of concurrent allowed
// connections is exceeded or a whitelist is defined and the specified ipAddr is not listed
// or the service is shutting down
@@ -1321,11 +1255,7 @@ func (conns *ActiveConnections) IsNewConnectionAllowed(ipAddr, protocol string)
}
// on a single SFTP connection we could have multiple SFTP channels or commands
- // so we check the estabilished connections and active uploads too
- if transfers := conns.transfers.getTotal(); transfers >= int32(Config.MaxTotalConnections) {
- logger.Info(logSender, "", "active transfers %d/%d", transfers, Config.MaxTotalConnections)
- return ErrConnectionDenied
- }
+ // so we check the estabilished connections too
conns.RLock()
defer conns.RUnlock()
diff --git a/internal/common/common_test.go b/internal/common/common_test.go
index 8566d773..46f66aec 100644
--- a/internal/common/common_test.go
+++ b/internal/common/common_test.go
@@ -23,7 +23,6 @@ import (
"os/exec"
"path/filepath"
"runtime"
- "slices"
"sync"
"testing"
"time"
@@ -64,7 +63,7 @@ func (c *fakeConnection) AddUser(user dataprovider.User) error {
if err != nil {
return err
}
- c.User = user
+ c.BaseConnection.User = user
return nil
}
@@ -653,17 +652,11 @@ func TestMaxConnections(t *testing.T) {
ipAddr := "192.168.7.8"
assert.NoError(t, Connections.IsNewConnectionAllowed(ipAddr, ProtocolFTP))
- assert.NoError(t, Connections.IsNewTransferAllowed(userTestUsername))
Config.MaxTotalConnections = 1
Config.MaxPerHostConnections = perHost
assert.NoError(t, Connections.IsNewConnectionAllowed(ipAddr, ProtocolHTTP))
- assert.NoError(t, Connections.IsNewTransferAllowed(userTestUsername))
- isShuttingDown.Store(true)
- assert.ErrorIs(t, Connections.IsNewTransferAllowed(userTestUsername), ErrShuttingDown)
- isShuttingDown.Store(false)
-
c := NewBaseConnection("id", ProtocolSFTP, "", "", dataprovider.User{})
fakeConn := &fakeConnection{
BaseConnection: c,
@@ -672,10 +665,6 @@ func TestMaxConnections(t *testing.T) {
assert.NoError(t, err)
assert.Len(t, Connections.GetStats(""), 1)
assert.Error(t, Connections.IsNewConnectionAllowed(ipAddr, ProtocolSSH))
- Connections.transfers.add(userTestUsername)
- assert.Error(t, Connections.IsNewTransferAllowed(userTestUsername))
- Connections.transfers.remove(userTestUsername)
- assert.Equal(t, int32(0), Connections.GetTotalTransfers())
res := Connections.Close(fakeConn.GetID(), "")
assert.True(t, res)
@@ -687,9 +676,6 @@ func TestMaxConnections(t *testing.T) {
assert.Error(t, Connections.IsNewConnectionAllowed(ipAddr, ProtocolSSH))
Connections.RemoveClientConnection(ipAddr)
assert.NoError(t, Connections.IsNewConnectionAllowed(ipAddr, ProtocolWebDAV))
- Connections.transfers.add(userTestUsername)
- assert.Error(t, Connections.IsNewConnectionAllowed(ipAddr, ProtocolSSH))
- Connections.transfers.remove(userTestUsername)
Connections.RemoveClientConnection(ipAddr)
Config.MaxTotalConnections = oldValue
@@ -828,7 +814,11 @@ func TestIdleConnections(t *testing.T) {
assert.NoError(t, err)
assert.Equal(t, Connections.GetActiveSessions(username), 2)
- cFTP := NewBaseConnection("id2", ProtocolFTP, "", "", dataprovider.User{})
+ cFTP := NewBaseConnection("id2", ProtocolFTP, "", "", dataprovider.User{
+ BaseUser: sdk.BaseUser{
+ Status: 1,
+ },
+ })
cFTP.lastActivity.Store(time.Now().UnixNano())
fakeConn = &fakeConnection{
BaseConnection: cFTP,
@@ -995,10 +985,9 @@ func TestConnectionStatus(t *testing.T) {
assert.Len(t, stats, 3)
for _, stat := range stats {
assert.Equal(t, stat.Username, username)
- switch stat.ConnectionID {
- case "SFTP_id1":
+ if stat.ConnectionID == "SFTP_id1" {
assert.Len(t, stat.Transfers, 2)
- case "DAV_id3":
+ } else if stat.ConnectionID == "DAV_id3" {
assert.Len(t, stat.Transfers, 1)
}
}
@@ -1155,17 +1144,13 @@ func TestProxyProtocolVersion(t *testing.T) {
assert.Contains(t, err.Error(), "proxy protocol not configured")
}
c.ProxyProtocol = 1
- listener, err := c.GetProxyListener(nil)
+ proxyListener, err := c.GetProxyListener(nil)
assert.NoError(t, err)
- proxyListener, ok := listener.(*proxyproto.Listener)
- require.True(t, ok)
assert.NotNil(t, proxyListener.ConnPolicy)
c.ProxyProtocol = 2
- listener, err = c.GetProxyListener(nil)
+ proxyListener, err = c.GetProxyListener(nil)
assert.NoError(t, err)
- proxyListener, ok = listener.(*proxyproto.Listener)
- require.True(t, ok)
assert.NotNil(t, proxyListener.ConnPolicy)
}
@@ -1296,8 +1281,8 @@ func TestFolderCopy(t *testing.T) {
folder.ID = 2
folder.Users = []string{"user3"}
require.Len(t, folderCopy.Users, 2)
- require.True(t, slices.Contains(folderCopy.Users, "user1"))
- require.True(t, slices.Contains(folderCopy.Users, "user2"))
+ require.True(t, util.Contains(folderCopy.Users, "user1"))
+ require.True(t, util.Contains(folderCopy.Users, "user2"))
require.Equal(t, int64(1), folderCopy.ID)
require.Equal(t, folder.Name, folderCopy.Name)
require.Equal(t, folder.MappedPath, folderCopy.MappedPath)
@@ -1313,7 +1298,7 @@ func TestFolderCopy(t *testing.T) {
folderCopy = folder.GetACopy()
folder.FsConfig.CryptConfig.Passphrase = kms.NewEmptySecret()
require.Len(t, folderCopy.Users, 1)
- require.True(t, slices.Contains(folderCopy.Users, "user3"))
+ require.True(t, util.Contains(folderCopy.Users, "user3"))
require.Equal(t, int64(2), folderCopy.ID)
require.Equal(t, folder.Name, folderCopy.Name)
require.Equal(t, folder.MappedPath, folderCopy.MappedPath)
diff --git a/internal/common/connection.go b/internal/common/connection.go
index 4bbc89f0..db04ab67 100644
--- a/internal/common/connection.go
+++ b/internal/common/connection.go
@@ -63,7 +63,7 @@ type BaseConnection struct {
// NewBaseConnection returns a new BaseConnection
func NewBaseConnection(id, protocol, localAddr, remoteAddr string, user dataprovider.User) *BaseConnection {
connID := id
- if slices.Contains(supportedProtocols, protocol) {
+ if util.Contains(supportedProtocols, protocol) {
connID = fmt.Sprintf("%s_%s", protocol, id)
}
user.UploadBandwidth, user.DownloadBandwidth = user.GetBandwidthForIP(util.GetIPFromRemoteAddress(remoteAddr), connID)
@@ -132,7 +132,7 @@ func (c *BaseConnection) GetRemoteIP() string {
// SetProtocol sets the protocol for this connection
func (c *BaseConnection) SetProtocol(protocol string) {
c.protocol = protocol
- if slices.Contains(supportedProtocols, c.protocol) {
+ if util.Contains(supportedProtocols, c.protocol) {
c.ID = fmt.Sprintf("%v_%v", c.protocol, c.ID)
}
}
@@ -159,8 +159,6 @@ func (c *BaseConnection) CloseFS() error {
// AddTransfer associates a new transfer to this connection
func (c *BaseConnection) AddTransfer(t ActiveTransfer) {
- Connections.transfers.add(c.User.Username)
-
c.Lock()
defer c.Unlock()
@@ -192,8 +190,6 @@ func (c *BaseConnection) AddTransfer(t ActiveTransfer) {
// RemoveTransfer removes the specified transfer from the active ones
func (c *BaseConnection) RemoveTransfer(t ActiveTransfer) {
- Connections.transfers.remove(c.User.Username)
-
c.Lock()
defer c.Unlock()
@@ -296,20 +292,6 @@ func (c *BaseConnection) setTimes(fsPath string, atime time.Time, mtime time.Tim
return false
}
-// getInfoForOngoingUpload returns upload statistics for an upload currently in
-// progress on this connection.
-func (c *BaseConnection) getInfoForOngoingUpload(fsPath string) (os.FileInfo, error) {
- c.RLock()
- defer c.RUnlock()
-
- for _, t := range c.activeTransfers {
- if t.GetType() == TransferUpload && t.GetFsPath() == fsPath {
- return vfs.NewFileInfo(t.GetVirtualPath(), false, t.GetSize(), t.GetStartTime(), false), nil
- }
- }
- return nil, os.ErrNotExist
-}
-
func (c *BaseConnection) truncateOpenHandle(fsPath string, size int64) (int64, error) {
c.RLock()
defer c.RUnlock()
@@ -467,7 +449,10 @@ func (c *BaseConnection) RemoveFile(fs vfs.Fs, fsPath, virtualPath string, info
if updateQuota && info.Mode()&os.ModeSymlink == 0 {
vfolder, err := c.User.GetVirtualFolderForPath(path.Dir(virtualPath))
if err == nil {
- dataprovider.UpdateUserFolderQuota(&vfolder, &c.User, -1, -size, false)
+ dataprovider.UpdateVirtualFolderQuota(&vfolder.BaseVirtualFolder, -1, -size, false) //nolint:errcheck
+ if vfolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&c.User, -1, -size, false) //nolint:errcheck
+ }
} else {
dataprovider.UpdateUserQuota(&c.User, -1, -size, false) //nolint:errcheck
}
@@ -631,15 +616,13 @@ func (c *BaseConnection) checkCopy(srcInfo, dstInfo os.FileInfo, virtualSource,
if dstInfo != nil && dstInfo.IsDir() {
return fmt.Errorf("cannot overwrite file %q with dir %q: %w", virtualSource, virtualTarget, c.GetOpUnsupportedError())
}
- if c.IsSameResource(virtualSource, virtualTarget) {
- if fsSourcePath == fsTargetPath {
- return fmt.Errorf("the copy source and target cannot be the same: %w", c.GetOpUnsupportedError())
- }
+ if fsSourcePath == fsTargetPath {
+ return fmt.Errorf("the copy source and target cannot be the same: %w", c.GetOpUnsupportedError())
}
return nil
}
-func (c *BaseConnection) copyFile(virtualSourcePath, virtualTargetPath string, srcInfo os.FileInfo) error {
+func (c *BaseConnection) copyFile(virtualSourcePath, virtualTargetPath string, srcSize int64) error {
if !c.User.HasPerm(dataprovider.PermCopy, virtualSourcePath) || !c.User.HasPerm(dataprovider.PermCopy, virtualTargetPath) {
return c.GetPermissionDeniedError()
}
@@ -657,12 +640,12 @@ func (c *BaseConnection) copyFile(virtualSourcePath, virtualTargetPath string, s
return err
}
startTime := time.Now()
- numFiles, sizeDiff, err := copier.CopyFile(fsSourcePath, fsTargetPath, srcInfo)
+ numFiles, sizeDiff, err := copier.CopyFile(fsSourcePath, fsTargetPath, srcSize)
elapsed := time.Since(startTime).Nanoseconds() / 1000000
updateUserQuotaAfterFileWrite(c, virtualTargetPath, numFiles, sizeDiff)
logger.CommandLog(copyLogSender, fsSourcePath, fsTargetPath, c.User.Username, "", c.ID, c.protocol, -1, -1,
- "", "", "", srcInfo.Size(), c.localAddr, c.remoteAddr, elapsed)
- ExecuteActionNotification(c, operationCopy, fsSourcePath, virtualSourcePath, fsTargetPath, virtualTargetPath, "", srcInfo.Size(), err, elapsed, nil) //nolint:errcheck
+ "", "", "", srcSize, c.localAddr, c.remoteAddr, elapsed)
+ ExecuteActionNotification(c, operationCopy, fsSourcePath, virtualSourcePath, fsTargetPath, virtualTargetPath, "", srcSize, err, elapsed, nil) //nolint:errcheck
return err
}
}
@@ -674,7 +657,7 @@ func (c *BaseConnection) copyFile(virtualSourcePath, virtualTargetPath string, s
defer rCancelFn()
defer reader.Close()
- writer, numFiles, truncatedSize, wCancelFn, err := getFileWriter(c, virtualTargetPath, srcInfo.Size())
+ writer, numFiles, truncatedSize, wCancelFn, err := getFileWriter(c, virtualTargetPath, srcSize)
if err != nil {
return fmt.Errorf("unable to get writer for path %q: %w", virtualTargetPath, err)
}
@@ -725,7 +708,7 @@ func (c *BaseConnection) doRecursiveCopy(virtualSourcePath, virtualTargetPath st
return nil
}
- return c.copyFile(virtualSourcePath, virtualTargetPath, srcInfo)
+ return c.copyFile(virtualSourcePath, virtualTargetPath, srcInfo.Size())
}
func (c *BaseConnection) recursiveCopyEntries(virtualSourcePath, virtualTargetPath string, entries []os.FileInfo, recursion int) error {
@@ -787,27 +770,29 @@ func (c *BaseConnection) Copy(virtualSourcePath, virtualTargetPath string) error
return err
}
}
- createTargetDir := dstInfo == nil || !dstInfo.IsDir()
+ createTargetDir := true
+ if dstInfo != nil && dstInfo.IsDir() {
+ createTargetDir = false
+ }
if err := c.checkCopy(srcInfo, dstInfo, virtualSourcePath, destPath); err != nil {
return err
}
if err := c.CheckParentDirs(path.Dir(destPath)); err != nil {
return err
}
- stopKeepAlive := keepConnectionAlive(c, 2*time.Minute)
- defer stopKeepAlive()
+ done := make(chan bool)
+ defer close(done)
+ go keepConnectionAlive(c, done, 2*time.Minute)
return c.doRecursiveCopy(virtualSourcePath, destPath, srcInfo, createTargetDir, 0)
}
// Rename renames (moves) virtualSourcePath to virtualTargetPath
func (c *BaseConnection) Rename(virtualSourcePath, virtualTargetPath string) error {
- return c.renameInternal(virtualSourcePath, virtualTargetPath, false, vfs.CheckParentDir)
+ return c.renameInternal(virtualSourcePath, virtualTargetPath, false)
}
-func (c *BaseConnection) renameInternal(virtualSourcePath, virtualTargetPath string, //nolint:gocyclo
- checkParentDestination bool, checks int,
-) error {
+func (c *BaseConnection) renameInternal(virtualSourcePath, virtualTargetPath string, checkParentDestination bool) error {
if virtualSourcePath == virtualTargetPath {
return fmt.Errorf("the rename source and target cannot be the same: %w", c.GetOpUnsupportedError())
}
@@ -828,11 +813,7 @@ func (c *BaseConnection) renameInternal(virtualSourcePath, virtualTargetPath str
return c.GetPermissionDeniedError()
}
initialSize := int64(-1)
- dstInfo, err := fsDst.Lstat(fsTargetPath)
- if err != nil && !fsDst.IsNotExist(err) {
- return err
- }
- if err == nil {
+ if dstInfo, err := fsDst.Lstat(fsTargetPath); err == nil {
checkParentDestination = false
if dstInfo.IsDir() {
c.Log(logger.LevelWarn, "attempted to rename %q overwriting an existing directory %q",
@@ -854,17 +835,18 @@ func (c *BaseConnection) renameInternal(virtualSourcePath, virtualTargetPath str
return err
}
}
- if !c.hasSpaceForRename(fsSrc, virtualSourcePath, virtualTargetPath, initialSize, fsSourcePath, srcInfo) {
+ if !c.hasSpaceForRename(fsSrc, virtualSourcePath, virtualTargetPath, initialSize, fsSourcePath) {
c.Log(logger.LevelInfo, "denying cross rename due to space limit")
return c.GetGenericError(ErrQuotaExceeded)
}
if checkParentDestination {
c.CheckParentDirs(path.Dir(virtualTargetPath)) //nolint:errcheck
}
- stopKeepAlive := keepConnectionAlive(c, 2*time.Minute)
- defer stopKeepAlive()
+ done := make(chan bool)
+ defer close(done)
+ go keepConnectionAlive(c, done, 2*time.Minute)
- files, size, err := fsDst.Rename(fsSourcePath, fsTargetPath, checks)
+ files, size, err := fsDst.Rename(fsSourcePath, fsTargetPath)
if err != nil {
c.Log(logger.LevelError, "failed to rename %q -> %q: %+v", fsSourcePath, fsTargetPath, err)
return c.GetFsError(fsSrc, err)
@@ -936,6 +918,16 @@ func (c *BaseConnection) CreateSymlink(virtualSourcePath, virtualTargetPath stri
return nil
}
+func (c *BaseConnection) getPathForSetStatPerms(fs vfs.Fs, fsPath, virtualPath string) string {
+ pathForPerms := virtualPath
+ if fi, err := fs.Lstat(fsPath); err == nil {
+ if fi.IsDir() {
+ pathForPerms = path.Dir(virtualPath)
+ }
+ }
+ return pathForPerms
+}
+
func (c *BaseConnection) doStatInternal(virtualPath string, mode int, checkFilePatterns,
convertResult bool,
) (os.FileInfo, error) {
@@ -966,19 +958,7 @@ func (c *BaseConnection) doStatInternal(virtualPath string, mode int, checkFileP
info, err = fs.Stat(c.getRealFsPath(fsPath))
}
if err != nil {
- isNotExist := fs.IsNotExist(err)
- if isNotExist {
- // This is primarily useful for atomic storage backends, where files
- // become visible only after they are closed. However, since we may
- // be proxying (for example) an SFTP server backed by atomic
- // storage, and this search only inspects transfers active on the
- // current connection (typically just one), the check is inexpensive
- // and safe to perform unconditionally.
- if info, err := c.getInfoForOngoingUpload(fsPath); err == nil {
- return info, nil
- }
- }
- if !isNotExist {
+ if !fs.IsNotExist(err) {
c.Log(logger.LevelWarn, "stat error for path %q: %+v", virtualPath, err)
}
return nil, c.GetFsError(fs, err)
@@ -1084,7 +1064,7 @@ func (c *BaseConnection) SetStat(virtualPath string, attributes *StatAttributes)
if err != nil {
return err
}
- pathForPerms := path.Dir(virtualPath)
+ pathForPerms := c.getPathForSetStatPerms(fs, fsPath, virtualPath)
if attributes.Flags&StatAttrTimes != 0 {
if err = c.handleChtimes(fs, fsPath, pathForPerms, attributes); err != nil {
@@ -1141,7 +1121,10 @@ func (c *BaseConnection) truncateFile(fs vfs.Fs, fsPath, virtualPath string, siz
sizeDiff := initialSize - size
vfolder, err := c.User.GetVirtualFolderForPath(path.Dir(virtualPath))
if err == nil {
- dataprovider.UpdateUserFolderQuota(&vfolder, &c.User, 0, -sizeDiff, false)
+ dataprovider.UpdateVirtualFolderQuota(&vfolder.BaseVirtualFolder, 0, -sizeDiff, false) //nolint:errcheck
+ if vfolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&c.User, 0, -sizeDiff, false) //nolint:errcheck
+ }
} else {
dataprovider.UpdateUserQuota(&c.User, 0, -sizeDiff, false) //nolint:errcheck
}
@@ -1150,11 +1133,11 @@ func (c *BaseConnection) truncateFile(fs vfs.Fs, fsPath, virtualPath string, siz
}
func (c *BaseConnection) checkRecursiveRenameDirPermissions(fsSrc, fsDst vfs.Fs, sourcePath, targetPath,
- virtualSourcePath, virtualTargetPath string, srcInfo os.FileInfo,
+ virtualSourcePath, virtualTargetPath string, fi os.FileInfo,
) error {
if !c.User.HasPermissionsInside(virtualSourcePath) &&
!c.User.HasPermissionsInside(virtualTargetPath) {
- if !c.isRenamePermitted(fsSrc, fsDst, sourcePath, targetPath, virtualSourcePath, virtualTargetPath, srcInfo) {
+ if !c.isRenamePermitted(fsSrc, fsDst, sourcePath, targetPath, virtualSourcePath, virtualTargetPath, fi) {
c.Log(logger.LevelInfo, "rename %q -> %q is not allowed, virtual destination path: %q",
sourcePath, targetPath, virtualTargetPath)
return c.GetPermissionDeniedError()
@@ -1214,7 +1197,7 @@ func (c *BaseConnection) hasRenamePerms(virtualSourcePath, virtualTargetPath str
}
func (c *BaseConnection) checkFolderRename(fsSrc, fsDst vfs.Fs, fsSourcePath, fsTargetPath, virtualSourcePath,
- virtualTargetPath string, srcInfo os.FileInfo) error {
+ virtualTargetPath string, fi os.FileInfo) error {
if util.IsDirOverlapped(virtualSourcePath, virtualTargetPath, true, "/") {
c.Log(logger.LevelDebug, "renaming the folder %q->%q is not supported: nested folders",
virtualSourcePath, virtualTargetPath)
@@ -1238,7 +1221,7 @@ func (c *BaseConnection) checkFolderRename(fsSrc, fsDst vfs.Fs, fsSourcePath, fs
return fmt.Errorf("folder %q has virtual folders inside it: %w", virtualTargetPath, c.GetOpUnsupportedError())
}
if err := c.checkRecursiveRenameDirPermissions(fsSrc, fsDst, fsSourcePath, fsTargetPath,
- virtualSourcePath, virtualTargetPath, srcInfo); err != nil {
+ virtualSourcePath, virtualTargetPath, fi); err != nil {
c.Log(logger.LevelDebug, "error checking recursive permissions before renaming %q: %+v", fsSourcePath, err)
return err
}
@@ -1246,7 +1229,7 @@ func (c *BaseConnection) checkFolderRename(fsSrc, fsDst vfs.Fs, fsSourcePath, fs
}
func (c *BaseConnection) isRenamePermitted(fsSrc, fsDst vfs.Fs, fsSourcePath, fsTargetPath, virtualSourcePath,
- virtualTargetPath string, srcInfo os.FileInfo,
+ virtualTargetPath string, fi os.FileInfo,
) bool {
if !c.IsSameResource(virtualSourcePath, virtualTargetPath) {
c.Log(logger.LevelInfo, "rename %q->%q is not allowed: the paths must be on the same resource",
@@ -1276,11 +1259,11 @@ func (c *BaseConnection) isRenamePermitted(fsSrc, fsDst vfs.Fs, fsSourcePath, fs
virtualTargetPath)
return false
}
- return c.hasRenamePerms(virtualSourcePath, virtualTargetPath, srcInfo)
+ return c.hasRenamePerms(virtualSourcePath, virtualTargetPath, fi)
}
func (c *BaseConnection) hasSpaceForRename(fs vfs.Fs, virtualSourcePath, virtualTargetPath string, initialSize int64,
- sourcePath string, srcInfo os.FileInfo) bool {
+ fsSourcePath string) bool {
if dataprovider.GetQuotaTracking() == 0 {
return true
}
@@ -1310,28 +1293,30 @@ func (c *BaseConnection) hasSpaceForRename(fs vfs.Fs, virtualSourcePath, virtual
// no quota restrictions
return true
}
- return c.hasSpaceForCrossRename(fs, quotaResult, initialSize, sourcePath, srcInfo)
+ return c.hasSpaceForCrossRename(fs, quotaResult, initialSize, fsSourcePath)
}
// hasSpaceForCrossRename checks the quota after a rename between different folders
-func (c *BaseConnection) hasSpaceForCrossRename(fs vfs.Fs, quotaResult vfs.QuotaCheckResult, initialSize int64,
- sourcePath string, srcInfo os.FileInfo,
-) bool {
+func (c *BaseConnection) hasSpaceForCrossRename(fs vfs.Fs, quotaResult vfs.QuotaCheckResult, initialSize int64, sourcePath string) bool {
if !quotaResult.HasSpace && initialSize == -1 {
// we are over quota and this is not a file replace
return false
}
+ fi, err := fs.Lstat(sourcePath)
+ if err != nil {
+ c.Log(logger.LevelError, "cross rename denied, stat error for path %q: %v", sourcePath, err)
+ return false
+ }
var sizeDiff int64
var filesDiff int
- var err error
- if srcInfo.Mode().IsRegular() {
- sizeDiff = srcInfo.Size()
+ if fi.Mode().IsRegular() {
+ sizeDiff = fi.Size()
filesDiff = 1
if initialSize != -1 {
sizeDiff -= initialSize
filesDiff = 0
}
- } else if srcInfo.IsDir() {
+ } else if fi.IsDir() {
filesDiff, sizeDiff, err = fs.GetDirSize(sourcePath)
if err != nil {
c.Log(logger.LevelError, "cross rename denied, error getting size for directory %q: %v", sourcePath, err)
@@ -1358,7 +1343,7 @@ func (c *BaseConnection) hasSpaceForCrossRename(fs vfs.Fs, quotaResult vfs.Quota
}
if quotaResult.QuotaSize > 0 {
remainingSize := quotaResult.GetRemainingSize()
- c.Log(logger.LevelDebug, "cross rename, source %q remaining size %d to add %d", srcInfo.Name(),
+ c.Log(logger.LevelDebug, "cross rename, source %q remaining size %d to add %d", sourcePath,
remainingSize, sizeDiff)
if remainingSize < sizeDiff {
return false
@@ -1533,40 +1518,61 @@ func (c *BaseConnection) updateQuotaMoveBetweenVFolders(sourceFolder, dstFolder
if sourceFolder.Name == dstFolder.Name {
// both files are inside the same virtual folder
if initialSize != -1 {
- dataprovider.UpdateUserFolderQuota(dstFolder, &c.User, -numFiles, -initialSize, false)
+ dataprovider.UpdateVirtualFolderQuota(&dstFolder.BaseVirtualFolder, -numFiles, -initialSize, false) //nolint:errcheck
+ if dstFolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&c.User, -numFiles, -initialSize, false) //nolint:errcheck
+ }
}
return
}
// files are inside different virtual folders
- dataprovider.UpdateUserFolderQuota(sourceFolder, &c.User, -numFiles, -filesSize, false)
- if initialSize == -1 {
- dataprovider.UpdateUserFolderQuota(dstFolder, &c.User, numFiles, filesSize, false)
- return
+ dataprovider.UpdateVirtualFolderQuota(&sourceFolder.BaseVirtualFolder, -numFiles, -filesSize, false) //nolint:errcheck
+ if sourceFolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&c.User, -numFiles, -filesSize, false) //nolint:errcheck
+ }
+ if initialSize == -1 {
+ dataprovider.UpdateVirtualFolderQuota(&dstFolder.BaseVirtualFolder, numFiles, filesSize, false) //nolint:errcheck
+ if dstFolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&c.User, numFiles, filesSize, false) //nolint:errcheck
+ }
+ } else {
+ // we cannot have a directory here, initialSize != -1 only for files
+ dataprovider.UpdateVirtualFolderQuota(&dstFolder.BaseVirtualFolder, 0, filesSize-initialSize, false) //nolint:errcheck
+ if dstFolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&c.User, 0, filesSize-initialSize, false) //nolint:errcheck
+ }
}
- // we cannot have a directory here, initialSize != -1 only for files
- dataprovider.UpdateUserFolderQuota(dstFolder, &c.User, 0, filesSize-initialSize, false)
}
func (c *BaseConnection) updateQuotaMoveFromVFolder(sourceFolder *vfs.VirtualFolder, initialSize, filesSize int64, numFiles int) {
// move between a virtual folder and the user home dir
- dataprovider.UpdateUserFolderQuota(sourceFolder, &c.User, -numFiles, -filesSize, false)
+ dataprovider.UpdateVirtualFolderQuota(&sourceFolder.BaseVirtualFolder, -numFiles, -filesSize, false) //nolint:errcheck
+ if sourceFolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&c.User, -numFiles, -filesSize, false) //nolint:errcheck
+ }
if initialSize == -1 {
dataprovider.UpdateUserQuota(&c.User, numFiles, filesSize, false) //nolint:errcheck
- return
+ } else {
+ // we cannot have a directory here, initialSize != -1 only for files
+ dataprovider.UpdateUserQuota(&c.User, 0, filesSize-initialSize, false) //nolint:errcheck
}
- // we cannot have a directory here, initialSize != -1 only for files
- dataprovider.UpdateUserQuota(&c.User, 0, filesSize-initialSize, false) //nolint:errcheck
}
func (c *BaseConnection) updateQuotaMoveToVFolder(dstFolder *vfs.VirtualFolder, initialSize, filesSize int64, numFiles int) {
// move between the user home dir and a virtual folder
dataprovider.UpdateUserQuota(&c.User, -numFiles, -filesSize, false) //nolint:errcheck
if initialSize == -1 {
- dataprovider.UpdateUserFolderQuota(dstFolder, &c.User, numFiles, filesSize, false)
- return
+ dataprovider.UpdateVirtualFolderQuota(&dstFolder.BaseVirtualFolder, numFiles, filesSize, false) //nolint:errcheck
+ if dstFolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&c.User, numFiles, filesSize, false) //nolint:errcheck
+ }
+ } else {
+ // we cannot have a directory here, initialSize != -1 only for files
+ dataprovider.UpdateVirtualFolderQuota(&dstFolder.BaseVirtualFolder, 0, filesSize-initialSize, false) //nolint:errcheck
+ if dstFolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&c.User, 0, filesSize-initialSize, false) //nolint:errcheck
+ }
}
- // we cannot have a directory here, initialSize != -1 only for files
- dataprovider.UpdateUserFolderQuota(dstFolder, &c.User, 0, filesSize-initialSize, false)
}
func (c *BaseConnection) updateQuotaAfterRename(fs vfs.Fs, virtualSourcePath, virtualTargetPath, targetPath string,
@@ -1815,8 +1821,8 @@ type DirListerAt struct {
lister vfs.DirLister
}
-// Prepend adds the given os.FileInfo as first element of the internal cache
-func (l *DirListerAt) Prepend(fi os.FileInfo) {
+// Add adds the given os.FileInfo to the internal cache
+func (l *DirListerAt) Add(fi os.FileInfo) {
l.mu.Lock()
defer l.mu.Unlock()
@@ -1893,22 +1899,18 @@ func getPermissionDeniedError(protocol string) error {
}
}
-func keepConnectionAlive(c *BaseConnection, interval time.Duration) func() {
- var timer *time.Timer
- var closed atomic.Bool
+func keepConnectionAlive(c *BaseConnection, done chan bool, interval time.Duration) {
+ ticker := time.NewTicker(interval)
+ defer func() {
+ ticker.Stop()
+ }()
- task := func() {
- c.UpdateLastActivity()
-
- if !closed.Load() {
- timer.Reset(interval)
+ for {
+ select {
+ case <-done:
+ return
+ case <-ticker.C:
+ c.UpdateLastActivity()
}
}
-
- timer = time.AfterFunc(interval, task)
-
- return func() {
- closed.Store(true)
- timer.Stop()
- }
}
diff --git a/internal/common/connection_test.go b/internal/common/connection_test.go
index 0f426858..5f3c26dc 100644
--- a/internal/common/connection_test.go
+++ b/internal/common/connection_test.go
@@ -22,7 +22,6 @@ import (
"path"
"path/filepath"
"runtime"
- "slices"
"strconv"
"testing"
"time"
@@ -198,24 +197,25 @@ func TestRecursiveRenameWalkError(t *testing.T) {
}
func TestCrossRenameFsErrors(t *testing.T) {
- if runtime.GOOS == osWindows {
- t.Skip("this test is not available on Windows")
- }
fs := vfs.NewOsFs("", os.TempDir(), "", nil)
conn := NewBaseConnection("", ProtocolWebDAV, "", "", dataprovider.User{})
- dirPath := filepath.Join(os.TempDir(), "d")
- err := os.Mkdir(dirPath, os.ModePerm)
- assert.NoError(t, err)
- err = os.Chmod(dirPath, 0001)
- assert.NoError(t, err)
- srcInfo := vfs.NewFileInfo(filepath.Base(dirPath), true, 0, time.Now(), false)
- res := conn.hasSpaceForCrossRename(fs, vfs.QuotaCheckResult{}, 1, dirPath, srcInfo)
+ res := conn.hasSpaceForCrossRename(fs, vfs.QuotaCheckResult{}, 1, "missingsource")
assert.False(t, res)
+ if runtime.GOOS != osWindows {
+ dirPath := filepath.Join(os.TempDir(), "d")
+ err := os.Mkdir(dirPath, os.ModePerm)
+ assert.NoError(t, err)
+ err = os.Chmod(dirPath, 0001)
+ assert.NoError(t, err)
- err = os.Chmod(dirPath, os.ModePerm)
- assert.NoError(t, err)
- err = os.Remove(dirPath)
- assert.NoError(t, err)
+ res = conn.hasSpaceForCrossRename(fs, vfs.QuotaCheckResult{}, 1, dirPath)
+ assert.False(t, res)
+
+ err = os.Chmod(dirPath, os.ModePerm)
+ assert.NoError(t, err)
+ err = os.Remove(dirPath)
+ assert.NoError(t, err)
+ }
}
func TestRenameVirtualFolders(t *testing.T) {
@@ -389,7 +389,7 @@ func TestErrorsMapping(t *testing.T) {
err := conn.GetFsError(fs, os.ErrNotExist)
if protocol == ProtocolSFTP {
assert.ErrorIs(t, err, sftp.ErrSSHFxNoSuchFile)
- } else if slices.Contains(osErrorsProtocols, protocol) {
+ } else if util.Contains(osErrorsProtocols, protocol) {
assert.EqualError(t, err, os.ErrNotExist.Error())
} else {
assert.EqualError(t, err, ErrNotExist.Error())
@@ -627,11 +627,12 @@ func TestErrorResolvePath(t *testing.T) {
func TestConnectionKeepAlive(t *testing.T) {
conn := NewBaseConnection("", ProtocolWebDAV, "", "", dataprovider.User{})
lastActivity := conn.GetLastActivity()
-
- stop := keepConnectionAlive(conn, 50*time.Millisecond)
- defer stop()
-
- time.Sleep(200 * time.Millisecond)
+ done := make(chan bool)
+ go func() {
+ time.Sleep(200 * time.Millisecond)
+ close(done)
+ }()
+ keepConnectionAlive(conn, done, 50*time.Millisecond)
assert.Greater(t, conn.GetLastActivity(), lastActivity)
}
@@ -1046,37 +1047,6 @@ func TestFilePatterns(t *testing.T) {
require.Len(t, filtered, 1)
}
-func TestStatForOngoingTransfers(t *testing.T) {
- user := dataprovider.User{
- BaseUser: sdk.BaseUser{
- Username: xid.New().String(),
- Password: xid.New().String(),
- HomeDir: filepath.Clean(os.TempDir()),
- Status: 1,
- Permissions: map[string][]string{
- "/": {"*"},
- },
- },
- }
- fileName := "file.txt"
- conn := NewBaseConnection(xid.New().String(), ProtocolSFTP, "", "", user)
- fs := vfs.NewOsFs("", os.TempDir(), "", nil)
- tr := NewBaseTransfer(nil, conn, nil, filepath.Join(os.TempDir(), fileName), filepath.Join(os.TempDir(), fileName),
- fileName, TransferUpload, 0, 0, 0, 0, true, fs, dataprovider.TransferQuota{})
- _, err := conn.DoStat("/file.txt", 0, false)
- assert.NoError(t, err)
- err = tr.Close()
- assert.NoError(t, err)
- tr = NewBaseTransfer(nil, conn, nil, filepath.Join(os.TempDir(), fileName), filepath.Join(os.TempDir(), fileName),
- fileName, TransferDownload, 0, 0, 0, 0, true, fs, dataprovider.TransferQuota{})
- _, err = conn.DoStat("/file.txt", 0, false)
- assert.Error(t, err)
- err = tr.Close()
- assert.NoError(t, err)
- err = conn.CloseFS()
- assert.NoError(t, err)
-}
-
func TestListerAt(t *testing.T) {
dir := t.TempDir()
user := dataprovider.User{
@@ -1164,8 +1134,8 @@ func TestListerAt(t *testing.T) {
require.Equal(t, 0, n)
lister, err = conn.ListDir("/")
require.NoError(t, err)
- lister.Prepend(vfs.NewFileInfo("..", true, 0, time.Unix(0, 0), false))
- lister.Prepend(vfs.NewFileInfo(".", true, 0, time.Unix(0, 0), false))
+ lister.Add(vfs.NewFileInfo("..", true, 0, time.Unix(0, 0), false))
+ lister.Add(vfs.NewFileInfo(".", true, 0, time.Unix(0, 0), false))
files = make([]os.FileInfo, 1)
n, err = lister.ListAt(files, 0)
require.NoError(t, err)
@@ -1189,348 +1159,3 @@ func TestListerAt(t *testing.T) {
err = lister.Close()
require.NoError(t, err)
}
-
-func TestGetFsAndResolvedPath(t *testing.T) {
- homeDir := filepath.Join(os.TempDir(), "home_test")
- localVdir := filepath.Join(os.TempDir(), "local_mount_test")
-
- err := os.MkdirAll(homeDir, 0777)
- require.NoError(t, err)
- err = os.MkdirAll(localVdir, 0777)
- require.NoError(t, err)
-
- t.Cleanup(func() {
- os.RemoveAll(homeDir)
- os.RemoveAll(localVdir)
- })
-
- user := dataprovider.User{
- BaseUser: sdk.BaseUser{
- Username: xid.New().String(),
- Status: 1,
- HomeDir: homeDir,
- },
- VirtualFolders: []vfs.VirtualFolder{
- {
- BaseVirtualFolder: vfs.BaseVirtualFolder{
- Name: "s3",
- MappedPath: "",
- FsConfig: vfs.Filesystem{
- Provider: sdk.S3FilesystemProvider,
- S3Config: vfs.S3FsConfig{
- BaseS3FsConfig: sdk.BaseS3FsConfig{
- Bucket: "my-test-bucket",
- Region: "us-east-1",
- },
- },
- },
- },
- VirtualPath: "/s3",
- },
- {
- BaseVirtualFolder: vfs.BaseVirtualFolder{
- Name: "local",
- MappedPath: localVdir,
- FsConfig: vfs.Filesystem{
- Provider: sdk.LocalFilesystemProvider,
- },
- },
- VirtualPath: "/local",
- },
- },
- }
-
- conn := NewBaseConnection(xid.New().String(), ProtocolSFTP, "", "", user)
-
- tests := []struct {
- name string
- inputVirtualPath string
- expectedFsType string
- expectedPhyPath string // The resolved path on the target FS
- expectedRelativePath string
- }{
- {
- name: "Root File",
- inputVirtualPath: "/file.txt",
- expectedFsType: "osfs",
- expectedPhyPath: filepath.Join(homeDir, "file.txt"),
- expectedRelativePath: "/file.txt",
- },
- {
- name: "Standard S3 File",
- inputVirtualPath: "/s3/image.png",
- expectedFsType: "S3Fs",
- expectedPhyPath: "image.png",
- expectedRelativePath: "/s3/image.png",
- },
- {
- name: "Standard Local Mount File",
- inputVirtualPath: "/local/config.json",
- expectedFsType: "osfs",
- expectedPhyPath: filepath.Join(localVdir, "config.json"),
- expectedRelativePath: "/local/config.json",
- },
-
- {
- name: "Backslash Separator -> Should hit S3",
- inputVirtualPath: "\\s3\\doc.txt",
- expectedFsType: "S3Fs",
- expectedPhyPath: "doc.txt",
- expectedRelativePath: "/s3/doc.txt",
- },
- {
- name: "Mixed Separators -> Should hit Local Mount",
- inputVirtualPath: "/local\\subdir/test.txt",
- expectedFsType: "osfs",
- expectedPhyPath: filepath.Join(localVdir, "subdir", "test.txt"),
- expectedRelativePath: "/local/subdir/test.txt",
- },
- {
- name: "Double Slash -> Should normalize and hit S3",
- inputVirtualPath: "//s3//dir @1/data.csv",
- expectedFsType: "S3Fs",
- expectedPhyPath: "dir @1/data.csv",
- expectedRelativePath: "/s3/dir @1/data.csv",
- },
-
- {
- name: "Local Mount Traversal (Attempt to escape)",
- inputVirtualPath: "/local/../../etc/passwd",
- expectedFsType: "osfs",
- expectedPhyPath: filepath.Join(homeDir, "/etc/passwd"),
- expectedRelativePath: "/etc/passwd",
- },
- {
- name: "Traversal Out of S3 (Valid)",
- inputVirtualPath: "/s3/../../secret.txt",
- expectedFsType: "osfs",
- expectedPhyPath: filepath.Join(homeDir, "secret.txt"),
- expectedRelativePath: "/secret.txt",
- },
- {
- name: "Traversal Inside S3",
- inputVirtualPath: "/s3/subdir/../image.png",
- expectedFsType: "S3Fs",
- expectedPhyPath: "image.png",
- expectedRelativePath: "/s3/image.png",
- },
- {
- name: "Mount Point Bypass -> Target Local Mount",
- inputVirtualPath: "/s3\\..\\local\\secret.txt",
- expectedFsType: "osfs",
- expectedPhyPath: filepath.Join(localVdir, "secret.txt"),
- expectedRelativePath: "/local/secret.txt",
- },
- {
- name: "Dirty Relative Path (Your Case)",
- inputVirtualPath: "test\\..\\..\\oops/file.txt",
- expectedFsType: "osfs",
- expectedPhyPath: filepath.Join(homeDir, "oops", "file.txt"),
- expectedRelativePath: "/oops/file.txt",
- },
- {
- name: "Relative Path targeting S3 (No leading slash)",
- inputVirtualPath: "s3//sub/../image.png",
- expectedFsType: "S3Fs",
- expectedPhyPath: "image.png",
- expectedRelativePath: "/s3/image.png",
- },
- {
- name: "Windows Path starting with Backslash",
- inputVirtualPath: "\\s3\\doc/dir\\doc.txt",
- expectedFsType: "S3Fs",
- expectedPhyPath: "doc/dir/doc.txt",
- expectedRelativePath: "/s3/doc/dir/doc.txt",
- },
- {
- name: "Filesystem Juggling (Relative)",
- inputVirtualPath: "local/../s3/file.txt",
- expectedFsType: "S3Fs",
- expectedPhyPath: "file.txt",
- expectedRelativePath: "/s3/file.txt",
- },
- {
- name: "Triple Dot Filename (Valid Name)",
- inputVirtualPath: "/...hidden/secret",
- expectedFsType: "osfs",
- expectedPhyPath: filepath.Join(homeDir, "...hidden", "secret"),
- expectedRelativePath: "/...hidden/secret",
- },
- {
- name: "Dot Slash Prefix",
- inputVirtualPath: "./local/file.txt",
- expectedFsType: "osfs",
- expectedPhyPath: filepath.Join(localVdir, "file.txt"),
- expectedRelativePath: "/local/file.txt",
- },
- {
- name: "Root of Local Mount Exactly",
- inputVirtualPath: "/local/",
- expectedFsType: "osfs",
- expectedPhyPath: localVdir,
- expectedRelativePath: "/local",
- },
- {
- name: "Root of S3 Mount Exactly",
- inputVirtualPath: "/s3/",
- expectedFsType: "S3Fs",
- expectedPhyPath: "",
- expectedRelativePath: "/s3",
- },
- }
-
- for _, tc := range tests {
- t.Run(tc.name, func(t *testing.T) {
- // The input path is sanitized by the protocol handler
- // implementations before reaching GetFsAndResolvedPath.
- cleanInput := util.CleanPath(tc.inputVirtualPath)
- fs, resolvedPath, err := conn.GetFsAndResolvedPath(cleanInput)
- if assert.NoError(t, err, "did not expect error for path: %q, got: %v", tc.inputVirtualPath, err) {
- assert.Contains(t, fs.Name(), tc.expectedFsType,
- "routing error: input %q but expected fs %q, got %q", tc.inputVirtualPath, tc.expectedFsType, fs.Name())
- assert.Equal(t, tc.expectedPhyPath, resolvedPath,
- "resolution error: input %q resolved to %q expected %q", tc.inputVirtualPath, resolvedPath, tc.expectedPhyPath)
- relativePath := fs.GetRelativePath(resolvedPath)
- assert.Equal(t, tc.expectedRelativePath, relativePath,
- "relative path error, input %q, got %q, expected %q", tc.inputVirtualPath, tc.expectedRelativePath, relativePath)
- }
- })
- }
-}
-
-func TestOsFsGetRelativePath(t *testing.T) {
- homeDir := filepath.Join(os.TempDir(), "home_test")
- localVdir := filepath.Join(os.TempDir(), "local_mount_test")
-
- err := os.MkdirAll(homeDir, 0777)
- require.NoError(t, err)
- err = os.MkdirAll(localVdir, 0777)
- require.NoError(t, err)
-
- t.Cleanup(func() {
- os.RemoveAll(homeDir)
- os.RemoveAll(localVdir)
- })
-
- user := dataprovider.User{
- BaseUser: sdk.BaseUser{
- Username: xid.New().String(),
- Status: 1,
- HomeDir: homeDir,
- },
- VirtualFolders: []vfs.VirtualFolder{
- {
- BaseVirtualFolder: vfs.BaseVirtualFolder{
- Name: "local",
- MappedPath: localVdir,
- FsConfig: vfs.Filesystem{
- Provider: sdk.LocalFilesystemProvider,
- },
- },
- VirtualPath: "/local",
- },
- },
- }
-
- connID := xid.New().String()
- rootFs, err := user.GetFilesystemForPath("/", connID)
- require.NoError(t, err)
-
- localFs, err := user.GetFilesystemForPath("/local", connID)
- require.NoError(t, err)
-
- tests := []struct {
- name string
- fs vfs.Fs
- inputPath string // The physical path to reverse-map
- expectedRel string // The expected virtual path
- }{
- {
- name: "Root FS - Inside root",
- fs: rootFs,
- inputPath: filepath.Join(homeDir, "docs", "file.txt"),
- expectedRel: "/docs/file.txt",
- },
- {
- name: "Root FS - Exact root directory",
- fs: rootFs,
- inputPath: homeDir,
- expectedRel: "/",
- },
- {
- name: "Root FS - External absolute path (Jail to /)",
- fs: rootFs,
- inputPath: "/etc/passwd",
- expectedRel: "/",
- },
- {
- name: "Root FS - Traversal escape (Jail to /)",
- fs: rootFs,
- inputPath: filepath.Join(homeDir, "..", "escaped.txt"),
- expectedRel: "/",
- },
- {
- name: "Root FS - Valid file named with triple dots",
- fs: rootFs,
- inputPath: filepath.Join(homeDir, "..."),
- expectedRel: "/...",
- },
- {
- name: "Local FS - Up path in dir",
- fs: rootFs,
- inputPath: homeDir + "/../" + filepath.Base(homeDir) + "/dir/test.txt",
- expectedRel: "/dir/test.txt",
- },
-
- {
- name: "Local FS - Inside mount",
- fs: localFs,
- inputPath: filepath.Join(localVdir, "data", "config.json"),
- expectedRel: "/local/data/config.json",
- },
- {
- name: "Local FS - Exact mount directory",
- fs: localFs,
- inputPath: localVdir,
- expectedRel: "/local",
- },
- {
- name: "Local FS - External absolute path (Jail to /local)",
- fs: localFs,
- inputPath: "/var/log/syslog",
- expectedRel: "/local",
- },
- {
- name: "Local FS - Traversal escape (Jail to /local)",
- fs: localFs,
- inputPath: filepath.Join(localVdir, "..", "..", "etc", "passwd"),
- expectedRel: "/local",
- },
- {
- name: "Local FS - Partial prefix (Jail to /local)",
- fs: localFs,
- inputPath: localVdir + "_backup",
- expectedRel: "/local",
- },
- {
- name: "Local FS - Relative traversal matching virual dir",
- fs: localFs,
- inputPath: localVdir + "/../" + filepath.Base(localVdir) + "/dir/test.txt",
- expectedRel: "/local/dir/test.txt",
- },
- {
- name: "Local FS - Valid file starting with two dots",
- fs: localFs,
- inputPath: filepath.Join(localVdir, "..hidden_file.txt"),
- expectedRel: "/local/..hidden_file.txt",
- },
- }
-
- for _, tc := range tests {
- t.Run(tc.name, func(t *testing.T) {
- actualRel := tc.fs.GetRelativePath(tc.inputPath)
- assert.Equal(t, tc.expectedRel, actualRel,
- "Failed mapping physical path %q on FS %q", tc.inputPath, tc.fs.Name())
- })
- }
-}
diff --git a/internal/common/dataretention.go b/internal/common/dataretention.go
index cbde9521..d97369c2 100644
--- a/internal/common/dataretention.go
+++ b/internal/common/dataretention.go
@@ -15,20 +15,44 @@
package common
import (
+ "bytes"
+ "context"
+ "encoding/json"
"errors"
"fmt"
"io"
+ "net/http"
+ "net/url"
"os"
+ "os/exec"
"path"
+ "path/filepath"
+ "strings"
"sync"
"time"
+ "github.com/wneessen/go-mail"
+
+ "github.com/drakkan/sftpgo/v2/internal/command"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
+ "github.com/drakkan/sftpgo/v2/internal/httpclient"
"github.com/drakkan/sftpgo/v2/internal/logger"
+ "github.com/drakkan/sftpgo/v2/internal/smtp"
"github.com/drakkan/sftpgo/v2/internal/util"
"github.com/drakkan/sftpgo/v2/internal/vfs"
)
+// RetentionCheckNotification defines the supported notification methods for a retention check result
+type RetentionCheckNotification = string
+
+// Supported notification methods
+const (
+ // notify results using the defined "data_retention_hook"
+ RetentionCheckNotificationHook = "Hook"
+ // notify results by email
+ RetentionCheckNotificationEmail = "Email"
+)
+
var (
// RetentionChecks is the list of active retention checks
RetentionChecks ActiveRetentionChecks
@@ -50,10 +74,14 @@ func (c *ActiveRetentionChecks) Get(role string) []RetentionCheck {
if role == "" || role == check.Role {
foldersCopy := make([]dataprovider.FolderRetention, len(check.Folders))
copy(foldersCopy, check.Folders)
+ notificationsCopy := make([]string, len(check.Notifications))
+ copy(notificationsCopy, check.Notifications)
checks = append(checks, RetentionCheck{
- Username: check.Username,
- StartTime: check.StartTime,
- Folders: foldersCopy,
+ Username: check.Username,
+ StartTime: check.StartTime,
+ Notifications: notificationsCopy,
+ Email: check.Email,
+ Folders: foldersCopy,
})
}
}
@@ -122,10 +150,54 @@ type RetentionCheck struct {
StartTime int64 `json:"start_time"`
// affected folders
Folders []dataprovider.FolderRetention `json:"folders"`
- Role string `json:"-"`
+ // how cleanup results will be notified
+ Notifications []RetentionCheckNotification `json:"notifications,omitempty"`
+ // email to use if the notification method is set to email
+ Email string `json:"email,omitempty"`
+ Role string `json:"-"`
// Cleanup results
results []folderRetentionCheckResult `json:"-"`
- conn *BaseConnection `json:"-"`
+ conn *BaseConnection
+}
+
+// Validate returns an error if the specified folders are not valid
+func (c *RetentionCheck) Validate() error {
+ folderPaths := make(map[string]bool)
+ nothingToDo := true
+ for idx := range c.Folders {
+ f := &c.Folders[idx]
+ if err := f.Validate(); err != nil {
+ return err
+ }
+ if f.Retention > 0 {
+ nothingToDo = false
+ }
+ if _, ok := folderPaths[f.Path]; ok {
+ return util.NewValidationError(fmt.Sprintf("duplicated folder path %q", f.Path))
+ }
+ folderPaths[f.Path] = true
+ }
+ if nothingToDo {
+ return util.NewValidationError("nothing to delete!")
+ }
+ for _, notification := range c.Notifications {
+ switch notification {
+ case RetentionCheckNotificationEmail:
+ if !smtp.IsEnabled() {
+ return util.NewValidationError("in order to notify results via email you must configure an SMTP server")
+ }
+ if c.Email == "" {
+ return util.NewValidationError("in order to notify results via email you must add a valid email address to your profile")
+ }
+ case RetentionCheckNotificationHook:
+ if Config.DataRetentionHook == "" {
+ return util.NewValidationError("in order to notify results via hook you must define a data_retention_hook")
+ }
+ default:
+ return util.NewValidationError(fmt.Sprintf("invalid notification %q", notification))
+ }
+ }
+ return nil
}
func (c *RetentionCheck) updateUserPermissions() {
@@ -287,13 +359,130 @@ func (c *RetentionCheck) Start() error {
for _, folder := range c.Folders {
if folder.Retention > 0 {
if err := c.cleanupFolder(folder.Path, 0); err != nil {
- c.conn.Log(logger.LevelError, "retention check failed, unable to cleanup folder %q, elapsed: %s",
- folder.Path, time.Since(startTime))
+ c.conn.Log(logger.LevelError, "retention check failed, unable to cleanup folder %q", folder.Path)
+ c.sendNotifications(time.Since(startTime), err)
return err
}
}
}
- c.conn.Log(logger.LevelInfo, "retention check completed, elapsed: %s", time.Since(startTime))
+ c.conn.Log(logger.LevelInfo, "retention check completed")
+ c.sendNotifications(time.Since(startTime), nil)
return nil
}
+
+func (c *RetentionCheck) sendNotifications(elapsed time.Duration, err error) {
+ for _, notification := range c.Notifications {
+ switch notification {
+ case RetentionCheckNotificationEmail:
+ c.sendEmailNotification(err) //nolint:errcheck
+ case RetentionCheckNotificationHook:
+ c.sendHookNotification(elapsed, err) //nolint:errcheck
+ }
+ }
+}
+
+func (c *RetentionCheck) sendEmailNotification(errCheck error) error {
+ params := EventParams{}
+ if len(c.results) > 0 || errCheck != nil {
+ params.retentionChecks = append(params.retentionChecks, executedRetentionCheck{
+ Username: c.conn.User.Username,
+ ActionName: "Retention check",
+ Results: c.results,
+ })
+ }
+ var files []*mail.File
+ f, err := params.getRetentionReportsAsMailAttachment()
+ if err != nil {
+ c.conn.Log(logger.LevelError, "unable to get retention report as mail attachment: %v", err)
+ return err
+ }
+ f.Name = "retention-report.zip"
+ files = append(files, f)
+
+ startTime := time.Now()
+ var subject string
+ if errCheck == nil {
+ subject = fmt.Sprintf("Successful retention check for user %q", c.conn.User.Username)
+ } else {
+ subject = fmt.Sprintf("Retention check failed for user %q", c.conn.User.Username)
+ }
+ body := "Further details attached."
+ err = smtp.SendEmail([]string{c.Email}, nil, subject, body, smtp.EmailContentTypeTextPlain, files...)
+ if err != nil {
+ c.conn.Log(logger.LevelError, "unable to notify retention check result via email: %v, elapsed: %s", err,
+ time.Since(startTime))
+ return err
+ }
+ c.conn.Log(logger.LevelInfo, "retention check result successfully notified via email, elapsed: %s", time.Since(startTime))
+ return nil
+}
+
+func (c *RetentionCheck) sendHookNotification(elapsed time.Duration, errCheck error) error {
+ startNewHook()
+ defer hookEnded()
+
+ data := make(map[string]any)
+ totalDeletedFiles := 0
+ totalDeletedSize := int64(0)
+ for _, result := range c.results {
+ totalDeletedFiles += result.DeletedFiles
+ totalDeletedSize += result.DeletedSize
+ }
+ data["username"] = c.conn.User.Username
+ data["start_time"] = c.StartTime
+ data["elapsed"] = elapsed.Milliseconds()
+ if errCheck == nil {
+ data["status"] = 1
+ } else {
+ data["status"] = 0
+ }
+ data["total_deleted_files"] = totalDeletedFiles
+ data["total_deleted_size"] = totalDeletedSize
+ data["details"] = c.results
+ jsonData, _ := json.Marshal(data)
+
+ startTime := time.Now()
+
+ if strings.HasPrefix(Config.DataRetentionHook, "http") {
+ var url *url.URL
+ url, err := url.Parse(Config.DataRetentionHook)
+ if err != nil {
+ c.conn.Log(logger.LevelError, "invalid data retention hook %q: %v", Config.DataRetentionHook, err)
+ return err
+ }
+ respCode := 0
+
+ resp, err := httpclient.RetryablePost(url.String(), "application/json", bytes.NewBuffer(jsonData))
+ if err == nil {
+ respCode = resp.StatusCode
+ resp.Body.Close()
+
+ if respCode != http.StatusOK {
+ err = errUnexpectedHTTResponse
+ }
+ }
+
+ c.conn.Log(logger.LevelDebug, "notified result to URL: %q, status code: %v, elapsed: %v err: %v",
+ url.Redacted(), respCode, time.Since(startTime), err)
+
+ return err
+ }
+ if !filepath.IsAbs(Config.DataRetentionHook) {
+ err := fmt.Errorf("invalid data retention hook %q", Config.DataRetentionHook)
+ c.conn.Log(logger.LevelError, "%v", err)
+ return err
+ }
+ timeout, env, args := command.GetConfig(Config.DataRetentionHook, command.HookDataRetention)
+ ctx, cancel := context.WithTimeout(context.Background(), timeout)
+ defer cancel()
+
+ cmd := exec.CommandContext(ctx, Config.DataRetentionHook, args...)
+ cmd.Env = append(env,
+ fmt.Sprintf("SFTPGO_DATA_RETENTION_RESULT=%s", util.BytesToString(jsonData)))
+ err := cmd.Run()
+
+ c.conn.Log(logger.LevelDebug, "notified result using command: %q, elapsed: %s err: %v",
+ Config.DataRetentionHook, time.Since(startTime), err)
+ return err
+}
diff --git a/internal/common/dataretention_test.go b/internal/common/dataretention_test.go
index b3ce46df..b0c17e3b 100644
--- a/internal/common/dataretention_test.go
+++ b/internal/common/dataretention_test.go
@@ -15,17 +15,228 @@
package common
import (
+ "errors"
"fmt"
+ "os/exec"
+ "runtime"
"testing"
+ "time"
"github.com/sftpgo/sdk"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
+ "github.com/drakkan/sftpgo/v2/internal/smtp"
"github.com/drakkan/sftpgo/v2/internal/util"
)
+func TestRetentionValidation(t *testing.T) {
+ check := RetentionCheck{}
+ check.Folders = []dataprovider.FolderRetention{
+ {
+ Path: "/",
+ Retention: -1,
+ },
+ }
+ err := check.Validate()
+ require.Error(t, err)
+ assert.Contains(t, err.Error(), "invalid folder retention")
+
+ check.Folders = []dataprovider.FolderRetention{
+ {
+ Path: "/ab/..",
+ Retention: 0,
+ },
+ }
+ err = check.Validate()
+ require.Error(t, err)
+ assert.Contains(t, err.Error(), "nothing to delete")
+ assert.Equal(t, "/", check.Folders[0].Path)
+
+ check.Folders = append(check.Folders, dataprovider.FolderRetention{
+ Path: "/../..",
+ Retention: 24,
+ })
+ err = check.Validate()
+ require.Error(t, err)
+ assert.Contains(t, err.Error(), `duplicated folder path "/"`)
+
+ check.Folders = []dataprovider.FolderRetention{
+ {
+ Path: "/dir1",
+ Retention: 48,
+ },
+ {
+ Path: "/dir2",
+ Retention: 96,
+ },
+ }
+ err = check.Validate()
+ assert.NoError(t, err)
+ assert.Len(t, check.Notifications, 0)
+ assert.Empty(t, check.Email)
+
+ check.Notifications = []RetentionCheckNotification{RetentionCheckNotificationEmail}
+ err = check.Validate()
+ require.Error(t, err)
+ assert.Contains(t, err.Error(), "you must configure an SMTP server")
+
+ smtpCfg := smtp.Config{
+ Host: "mail.example.com",
+ Port: 25,
+ From: "notification@example.com",
+ TemplatesPath: "templates",
+ }
+ err = smtpCfg.Initialize(configDir, true)
+ require.NoError(t, err)
+
+ err = check.Validate()
+ require.Error(t, err)
+ assert.Contains(t, err.Error(), "you must add a valid email address")
+
+ check.Email = "admin@example.com"
+ err = check.Validate()
+ assert.NoError(t, err)
+
+ smtpCfg = smtp.Config{}
+ err = smtpCfg.Initialize(configDir, true)
+ require.NoError(t, err)
+
+ check.Notifications = []RetentionCheckNotification{RetentionCheckNotificationHook}
+ err = check.Validate()
+ require.Error(t, err)
+ assert.Contains(t, err.Error(), "data_retention_hook")
+
+ check.Notifications = []string{"not valid"}
+ err = check.Validate()
+ require.Error(t, err)
+ assert.Contains(t, err.Error(), "invalid notification")
+}
+
+func TestRetentionEmailNotifications(t *testing.T) {
+ smtpCfg := smtp.Config{
+ Host: "127.0.0.1",
+ Port: 2525,
+ From: "notification@example.com",
+ TemplatesPath: "templates",
+ }
+ err := smtpCfg.Initialize(configDir, true)
+ require.NoError(t, err)
+
+ user := dataprovider.User{
+ BaseUser: sdk.BaseUser{
+ Username: "user1",
+ },
+ }
+ user.Permissions = make(map[string][]string)
+ user.Permissions["/"] = []string{dataprovider.PermAny}
+ check := RetentionCheck{
+ Notifications: []RetentionCheckNotification{RetentionCheckNotificationEmail},
+ Email: "notification@example.com",
+ results: []folderRetentionCheckResult{
+ {
+ Path: "/",
+ Retention: 24,
+ DeletedFiles: 10,
+ DeletedSize: 32657,
+ Elapsed: 10 * time.Second,
+ },
+ },
+ }
+ conn := NewBaseConnection("", "", "", "", user)
+ conn.SetProtocol(ProtocolDataRetention)
+ conn.ID = fmt.Sprintf("data_retention_%v", user.Username)
+ check.conn = conn
+ check.sendNotifications(1*time.Second, nil)
+ err = check.sendEmailNotification(nil)
+ assert.NoError(t, err)
+ err = check.sendEmailNotification(errors.New("test error"))
+ assert.NoError(t, err)
+
+ check.results = nil
+ err = check.sendEmailNotification(nil)
+ if assert.Error(t, err) {
+ assert.Contains(t, err.Error(), "no data retention report available")
+ }
+
+ smtpCfg.Port = 2626
+ err = smtpCfg.Initialize(configDir, true)
+ require.NoError(t, err)
+ err = check.sendEmailNotification(nil)
+ assert.Error(t, err)
+ check.results = []folderRetentionCheckResult{
+ {
+ Path: "/",
+ Retention: 24,
+ DeletedFiles: 20,
+ DeletedSize: 456789,
+ Elapsed: 12 * time.Second,
+ },
+ }
+
+ smtpCfg = smtp.Config{}
+ err = smtpCfg.Initialize(configDir, true)
+ require.NoError(t, err)
+ err = check.sendEmailNotification(nil)
+ assert.Error(t, err)
+}
+
+func TestRetentionHookNotifications(t *testing.T) {
+ dataRetentionHook := Config.DataRetentionHook
+
+ Config.DataRetentionHook = fmt.Sprintf("http://%v", httpAddr)
+ user := dataprovider.User{
+ BaseUser: sdk.BaseUser{
+ Username: "user2",
+ },
+ }
+ user.Permissions = make(map[string][]string)
+ user.Permissions["/"] = []string{dataprovider.PermAny}
+ check := RetentionCheck{
+ Notifications: []RetentionCheckNotification{RetentionCheckNotificationHook},
+ results: []folderRetentionCheckResult{
+ {
+ Path: "/",
+ Retention: 24,
+ DeletedFiles: 10,
+ DeletedSize: 32657,
+ Elapsed: 10 * time.Second,
+ },
+ },
+ }
+ conn := NewBaseConnection("", "", "", "", user)
+ conn.SetProtocol(ProtocolDataRetention)
+ conn.ID = fmt.Sprintf("data_retention_%v", user.Username)
+ check.conn = conn
+ check.sendNotifications(1*time.Second, nil)
+ err := check.sendHookNotification(1*time.Second, nil)
+ assert.NoError(t, err)
+
+ Config.DataRetentionHook = fmt.Sprintf("http://%v/404", httpAddr)
+ err = check.sendHookNotification(1*time.Second, nil)
+ assert.ErrorIs(t, err, errUnexpectedHTTResponse)
+
+ Config.DataRetentionHook = "http://foo\x7f.com/retention"
+ err = check.sendHookNotification(1*time.Second, err)
+ assert.Error(t, err)
+
+ Config.DataRetentionHook = "relativepath"
+ err = check.sendHookNotification(1*time.Second, err)
+ assert.Error(t, err)
+
+ if runtime.GOOS != osWindows {
+ hookCmd, err := exec.LookPath("true")
+ assert.NoError(t, err)
+
+ Config.DataRetentionHook = hookCmd
+ err = check.sendHookNotification(1*time.Second, err)
+ assert.NoError(t, err)
+ }
+
+ Config.DataRetentionHook = dataRetentionHook
+}
+
func TestRetentionPermissionsAndGetFolder(t *testing.T) {
user := dataprovider.User{
BaseUser: sdk.BaseUser{
@@ -100,6 +311,7 @@ func TestRetentionCheckAddRemove(t *testing.T) {
Retention: 48,
},
},
+ Notifications: []RetentionCheckNotification{RetentionCheckNotificationHook},
}
assert.NotNil(t, RetentionChecks.Add(check, &user))
checks := RetentionChecks.Get("")
@@ -109,6 +321,8 @@ func TestRetentionCheckAddRemove(t *testing.T) {
require.Len(t, checks[0].Folders, 1)
assert.Equal(t, check.Folders[0].Path, checks[0].Folders[0].Path)
assert.Equal(t, check.Folders[0].Retention, checks[0].Folders[0].Retention)
+ require.Len(t, checks[0].Notifications, 1)
+ assert.Equal(t, RetentionCheckNotificationHook, checks[0].Notifications[0])
assert.Nil(t, RetentionChecks.Add(check, &user))
assert.True(t, RetentionChecks.remove(username))
@@ -135,6 +349,7 @@ func TestRetentionCheckRole(t *testing.T) {
Retention: 48,
},
},
+ Notifications: []RetentionCheckNotification{RetentionCheckNotificationHook},
}
assert.NotNil(t, RetentionChecks.Add(check, &user))
checks := RetentionChecks.Get("")
diff --git a/internal/common/defenderdb.go b/internal/common/defenderdb.go
index 63995862..3f0a4849 100644
--- a/internal/common/defenderdb.go
+++ b/internal/common/defenderdb.go
@@ -62,7 +62,7 @@ func (d *dbDefender) GetHost(ip string) (dataprovider.DefenderEntry, error) {
// and increase ban time if the IP is found.
// This method must be called as soon as the client connects
func (d *dbDefender) IsBanned(ip, protocol string) bool {
- if d.isBanned(ip, protocol) {
+ if d.baseDefender.isBanned(ip, protocol) {
return true
}
@@ -95,15 +95,15 @@ func (d *dbDefender) AddEvent(ip, protocol string, event HostEvent) bool {
return true
}
- score := d.getScore(event)
+ score := d.baseDefender.getScore(event)
host, err := dataprovider.AddDefenderEvent(ip, score, d.getStartObservationTime())
if err != nil {
return false
}
- d.logEvent(ip, protocol, event, host.Score)
+ d.baseDefender.logEvent(ip, protocol, event, host.Score)
if host.Score > d.config.Threshold {
- d.logBan(ip, protocol)
+ d.baseDefender.logBan(ip, protocol)
banTime := time.Now().Add(time.Duration(d.config.BanTime) * time.Minute)
err = dataprovider.SetDefenderBanTime(ip, util.GetTimeAsMsSinceEpoch(banTime))
if err == nil {
diff --git a/internal/common/defendermem.go b/internal/common/defendermem.go
index 0f59b37a..b5642c4e 100644
--- a/internal/common/defendermem.go
+++ b/internal/common/defendermem.go
@@ -148,7 +148,7 @@ func (d *memoryDefender) IsBanned(ip, protocol string) bool {
defer d.RUnlock()
- return d.isBanned(ip, protocol)
+ return d.baseDefender.isBanned(ip, protocol)
}
// DeleteHost removes the specified IP from the defender lists
@@ -188,7 +188,7 @@ func (d *memoryDefender) AddEvent(ip, protocol string, event HostEvent) bool {
delete(d.banned, ip)
}
- score := d.getScore(event)
+ score := d.baseDefender.getScore(event)
ev := hostEvent{
dateTime: time.Now(),
@@ -207,11 +207,11 @@ func (d *memoryDefender) AddEvent(ip, protocol string, event HostEvent) bool {
idx++
}
}
- d.logEvent(ip, protocol, event, hs.TotalScore)
+ d.baseDefender.logEvent(ip, protocol, event, hs.TotalScore)
hs.Events = hs.Events[:idx]
if hs.TotalScore >= d.config.Threshold {
- d.logBan(ip, protocol)
+ d.baseDefender.logBan(ip, protocol)
d.banned[ip] = time.Now().Add(time.Duration(d.config.BanTime) * time.Minute)
delete(d.hosts, ip)
d.cleanupBanned()
@@ -225,7 +225,7 @@ func (d *memoryDefender) AddEvent(ip, protocol string, event HostEvent) bool {
d.hosts[ip] = hs
}
} else {
- d.logEvent(ip, protocol, event, ev.score)
+ d.baseDefender.logEvent(ip, protocol, event, ev.score)
d.hosts[ip] = hostScore{
TotalScore: ev.score,
Events: []hostEvent{ev},
diff --git a/internal/common/eventmanager.go b/internal/common/eventmanager.go
index ca0f7494..fcb517ee 100644
--- a/internal/common/eventmanager.go
+++ b/internal/common/eventmanager.go
@@ -21,7 +21,6 @@ import (
"encoding/json"
"errors"
"fmt"
- "html"
"io"
"mime"
"mime/multipart"
@@ -57,8 +56,8 @@ import (
const (
ipBlockedEventName = "IP Blocked"
maxAttachmentsSize = int64(10 * 1024 * 1024)
- objDataPlaceholder = "{{.ObjectData}}"
- objDataPlaceholderString = "{{.ObjectDataString}}"
+ objDataPlaceholder = "{{ObjectData}}"
+ objDataPlaceholderString = "{{ObjectDataString}}"
dateTimeMillisFormat = "2006-01-02T15:04:05.000"
)
@@ -72,9 +71,6 @@ var (
// eventManager handle the supported event rules actions
eventManager eventRulesContainer
multipartQuoteEscaper = strings.NewReplacer("\\", "\\\\", `"`, "\\\"")
- fsEventsWithSize = []string{operationPreDelete, OperationPreUpload, operationDelete,
- operationCopy, operationDownload, operationFirstUpload, operationFirstDownload,
- operationUpload}
)
func init() {
@@ -278,8 +274,7 @@ func (r *eventRulesContainer) addUpdateRuleInternal(rule dataprovider.EventRule)
func (r *eventRulesContainer) loadRules() {
eventManagerLog(logger.LevelDebug, "loading updated rules")
modTime := util.GetTimeAsMsSinceEpoch(time.Now())
- lastLoadTime := r.getLastLoadTime()
- rules, err := dataprovider.GetRecentlyUpdatedRules(lastLoadTime)
+ rules, err := dataprovider.GetRecentlyUpdatedRules(r.getLastLoadTime())
if err != nil {
eventManagerLog(logger.LevelError, "unable to load event rules: %v", err)
return
@@ -315,7 +310,7 @@ func (*eventRulesContainer) checkIPDLoginEventMatch(conditions *dataprovider.Eve
}
func (*eventRulesContainer) checkProviderEventMatch(conditions *dataprovider.EventConditions, params *EventParams) bool {
- if !slices.Contains(conditions.ProviderEvents, params.Event) {
+ if !util.Contains(conditions.ProviderEvents, params.Event) {
return false
}
if !checkEventConditionPatterns(params.Name, conditions.Options.Names) {
@@ -327,14 +322,14 @@ func (*eventRulesContainer) checkProviderEventMatch(conditions *dataprovider.Eve
if !checkEventConditionPatterns(params.Role, conditions.Options.RoleNames) {
return false
}
- if len(conditions.Options.ProviderObjects) > 0 && !slices.Contains(conditions.Options.ProviderObjects, params.ObjectType) {
+ if len(conditions.Options.ProviderObjects) > 0 && !util.Contains(conditions.Options.ProviderObjects, params.ObjectType) {
return false
}
return true
}
func (*eventRulesContainer) checkFsEventMatch(conditions *dataprovider.EventConditions, params *EventParams) bool {
- if !slices.Contains(conditions.FsEvents, params.Event) {
+ if !util.Contains(conditions.FsEvents, params.Event) {
return false
}
if !checkEventConditionPatterns(params.Name, conditions.Options.Names) {
@@ -349,10 +344,10 @@ func (*eventRulesContainer) checkFsEventMatch(conditions *dataprovider.EventCond
if !checkEventConditionPatterns(params.VirtualPath, conditions.Options.FsPaths) {
return false
}
- if len(conditions.Options.Protocols) > 0 && !slices.Contains(conditions.Options.Protocols, params.Protocol) {
+ if len(conditions.Options.Protocols) > 0 && !util.Contains(conditions.Options.Protocols, params.Protocol) {
return false
}
- if slices.Contains(fsEventsWithSize, params.Event) {
+ if params.Event == operationUpload || params.Event == operationDownload {
if conditions.Options.MinFileSize > 0 {
if params.FileSize < conditions.Options.MinFileSize {
return false
@@ -776,70 +771,48 @@ func (p *EventParams) getRetentionReportsAsMailAttachment() (*mail.File, error)
}, nil
}
-func (*EventParams) getStringReplacement(val string, escapeMode int) string {
- switch escapeMode {
- case 1:
+func (*EventParams) getStringReplacement(val string, jsonEscaped bool) string {
+ if jsonEscaped {
return util.JSONEscape(val)
- case 2:
- return html.EscapeString(val)
- default:
- return val
}
+ return val
}
-func (p *EventParams) getStringReplacements(addObjectData bool, escapeMode int) []string {
- var dateTimeString string
- if Config.TZ == "local" {
- dateTimeString = p.Timestamp.Local().Format(dateTimeMillisFormat)
- } else {
- dateTimeString = p.Timestamp.UTC().Format(dateTimeMillisFormat)
- }
- year := dateTimeString[0:4]
- month := dateTimeString[5:7]
- day := dateTimeString[8:10]
- hour := dateTimeString[11:13]
- minute := dateTimeString[14:16]
-
+func (p *EventParams) getStringReplacements(addObjectData, jsonEscaped bool) []string {
replacements := []string{
- "{{.Name}}", p.getStringReplacement(p.Name, escapeMode),
- "{{.Event}}", p.Event,
- "{{.Status}}", fmt.Sprintf("%d", p.Status),
- "{{.VirtualPath}}", p.getStringReplacement(p.VirtualPath, escapeMode),
- "{{.EscapedVirtualPath}}", p.getStringReplacement(url.QueryEscape(p.VirtualPath), escapeMode),
- "{{.FsPath}}", p.getStringReplacement(p.FsPath, escapeMode),
- "{{.VirtualTargetPath}}", p.getStringReplacement(p.VirtualTargetPath, escapeMode),
- "{{.FsTargetPath}}", p.getStringReplacement(p.FsTargetPath, escapeMode),
- "{{.ObjectName}}", p.getStringReplacement(p.ObjectName, escapeMode),
- "{{.ObjectBaseName}}", p.getStringReplacement(strings.TrimSuffix(p.ObjectName, p.Extension), escapeMode),
- "{{.ObjectType}}", p.ObjectType,
- "{{.FileSize}}", strconv.FormatInt(p.FileSize, 10),
- "{{.Elapsed}}", strconv.FormatInt(p.Elapsed, 10),
- "{{.Protocol}}", p.Protocol,
- "{{.IP}}", p.IP,
- "{{.Role}}", p.getStringReplacement(p.Role, escapeMode),
- "{{.Email}}", p.getStringReplacement(p.Email, escapeMode),
- "{{.Timestamp}}", strconv.FormatInt(p.Timestamp.UnixNano(), 10),
- "{{.DateTime}}", dateTimeString,
- "{{.Year}}", year,
- "{{.Month}}", month,
- "{{.Day}}", day,
- "{{.Hour}}", hour,
- "{{.Minute}}", minute,
- "{{.StatusString}}", p.getStatusString(),
- "{{.UID}}", p.getStringReplacement(p.UID, escapeMode),
- "{{.Ext}}", p.getStringReplacement(p.Extension, escapeMode),
+ "{{Name}}", p.getStringReplacement(p.Name, jsonEscaped),
+ "{{Event}}", p.Event,
+ "{{Status}}", fmt.Sprintf("%d", p.Status),
+ "{{VirtualPath}}", p.getStringReplacement(p.VirtualPath, jsonEscaped),
+ "{{EscapedVirtualPath}}", p.getStringReplacement(url.QueryEscape(p.VirtualPath), jsonEscaped),
+ "{{FsPath}}", p.getStringReplacement(p.FsPath, jsonEscaped),
+ "{{VirtualTargetPath}}", p.getStringReplacement(p.VirtualTargetPath, jsonEscaped),
+ "{{FsTargetPath}}", p.getStringReplacement(p.FsTargetPath, jsonEscaped),
+ "{{ObjectName}}", p.getStringReplacement(p.ObjectName, jsonEscaped),
+ "{{ObjectType}}", p.ObjectType,
+ "{{FileSize}}", strconv.FormatInt(p.FileSize, 10),
+ "{{Elapsed}}", strconv.FormatInt(p.Elapsed, 10),
+ "{{Protocol}}", p.Protocol,
+ "{{IP}}", p.IP,
+ "{{Role}}", p.getStringReplacement(p.Role, jsonEscaped),
+ "{{Email}}", p.getStringReplacement(p.Email, jsonEscaped),
+ "{{Timestamp}}", strconv.FormatInt(p.Timestamp.UnixNano(), 10),
+ "{{DateTime}}", p.Timestamp.UTC().Format(dateTimeMillisFormat),
+ "{{StatusString}}", p.getStatusString(),
+ "{{UID}}", p.getStringReplacement(p.UID, jsonEscaped),
+ "{{Ext}}", p.getStringReplacement(p.Extension, jsonEscaped),
}
if p.VirtualPath != "" {
- replacements = append(replacements, "{{.VirtualDirPath}}", p.getStringReplacement(path.Dir(p.VirtualPath), escapeMode))
+ replacements = append(replacements, "{{VirtualDirPath}}", p.getStringReplacement(path.Dir(p.VirtualPath), jsonEscaped))
}
if p.VirtualTargetPath != "" {
- replacements = append(replacements, "{{.VirtualTargetDirPath}}", p.getStringReplacement(path.Dir(p.VirtualTargetPath), escapeMode))
- replacements = append(replacements, "{{.TargetName}}", p.getStringReplacement(path.Base(p.VirtualTargetPath), escapeMode))
+ replacements = append(replacements, "{{VirtualTargetDirPath}}", p.getStringReplacement(path.Dir(p.VirtualTargetPath), jsonEscaped))
+ replacements = append(replacements, "{{TargetName}}", p.getStringReplacement(path.Base(p.VirtualTargetPath), jsonEscaped))
}
if len(p.errors) > 0 {
- replacements = append(replacements, "{{.ErrorString}}", p.getStringReplacement(strings.Join(p.errors, ", "), escapeMode))
+ replacements = append(replacements, "{{ErrorString}}", p.getStringReplacement(strings.Join(p.errors, ", "), jsonEscaped))
} else {
- replacements = append(replacements, "{{.ErrorString}}", "")
+ replacements = append(replacements, "{{ErrorString}}", "")
}
replacements = append(replacements, objDataPlaceholder, "{}")
replacements = append(replacements, objDataPlaceholderString, "")
@@ -847,23 +820,23 @@ func (p *EventParams) getStringReplacements(addObjectData bool, escapeMode int)
data, err := p.Object.RenderAsJSON(p.Event != operationDelete)
if err == nil {
dataString := util.BytesToString(data)
- replacements[len(replacements)-3] = p.getStringReplacement(dataString, 0)
- replacements[len(replacements)-1] = p.getStringReplacement(dataString, 1)
+ replacements[len(replacements)-3] = p.getStringReplacement(dataString, false)
+ replacements[len(replacements)-1] = p.getStringReplacement(dataString, true)
}
}
if p.IDPCustomFields != nil {
for k, v := range *p.IDPCustomFields {
- replacements = append(replacements, fmt.Sprintf("{{.IDPField%s}}", k), p.getStringReplacement(v, escapeMode))
+ replacements = append(replacements, fmt.Sprintf("{{IDPField%s}}", k), p.getStringReplacement(v, jsonEscaped))
}
}
- replacements = append(replacements, "{{.Metadata}}", "{}")
- replacements = append(replacements, "{{.MetadataString}}", "")
+ replacements = append(replacements, "{{Metadata}}", "{}")
+ replacements = append(replacements, "{{MetadataString}}", "")
if len(p.Metadata) > 0 {
data, err := json.Marshal(p.Metadata)
if err == nil {
dataString := util.BytesToString(data)
- replacements[len(replacements)-3] = p.getStringReplacement(dataString, 0)
- replacements[len(replacements)-1] = p.getStringReplacement(dataString, 1)
+ replacements[len(replacements)-3] = p.getStringReplacement(dataString, false)
+ replacements[len(replacements)-1] = p.getStringReplacement(dataString, true)
}
}
return replacements
@@ -943,7 +916,10 @@ func updateUserQuotaAfterFileWrite(conn *BaseConnection, virtualPath string, num
dataprovider.UpdateUserQuota(&conn.User, numFiles, fileSize, false) //nolint:errcheck
return
}
- dataprovider.UpdateUserFolderQuota(&vfolder, &conn.User, numFiles, fileSize, false)
+ dataprovider.UpdateVirtualFolderQuota(&vfolder.BaseVirtualFolder, numFiles, fileSize, false) //nolint:errcheck
+ if vfolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&conn.User, numFiles, fileSize, false) //nolint:errcheck
+ }
}
func checkWriterPermsAndQuota(conn *BaseConnection, virtualPath string, numFiles int, expectedSize, truncatedSize int64) error {
@@ -1020,7 +996,7 @@ func getFileWriter(conn *BaseConnection, virtualPath string, expectedSize int64)
return w, numFiles, truncatedSize, cancelFn, nil
}
-func addZipEntry(wr *zipWriterWrapper, conn *BaseConnection, entryPath, baseDir string, info os.FileInfo, recursion int) error { //nolint:gocyclo
+func addZipEntry(wr *zipWriterWrapper, conn *BaseConnection, entryPath, baseDir string, recursion int) error {
if entryPath == wr.Name {
// skip the archive itself
return nil
@@ -1030,13 +1006,10 @@ func addZipEntry(wr *zipWriterWrapper, conn *BaseConnection, entryPath, baseDir
return util.ErrRecursionTooDeep
}
recursion++
- var err error
- if info == nil {
- info, err = conn.DoStat(entryPath, 1, false)
- if err != nil {
- eventManagerLog(logger.LevelError, "unable to add zip entry %q, stat error: %v", entryPath, err)
- return err
- }
+ info, err := conn.DoStat(entryPath, 1, false)
+ if err != nil {
+ eventManagerLog(logger.LevelError, "unable to add zip entry %q, stat error: %v", entryPath, err)
+ return err
}
entryName, err := getZipEntryName(entryPath, baseDir)
if err != nil {
@@ -1074,7 +1047,7 @@ func addZipEntry(wr *zipWriterWrapper, conn *BaseConnection, entryPath, baseDir
}
for _, info := range contents {
fullPath := util.CleanPath(path.Join(entryPath, info.Name()))
- if err := addZipEntry(wr, conn, fullPath, baseDir, info, recursion); err != nil {
+ if err := addZipEntry(wr, conn, fullPath, baseDir, recursion); err != nil {
eventManagerLog(logger.LevelError, "unable to add zip entry: %v", err)
return err
}
@@ -1198,7 +1171,7 @@ func getMailAttachments(conn *BaseConnection, attachments []string, replacer *st
}
func replaceWithReplacer(input string, replacer *strings.Replacer) string {
- if !strings.Contains(input, "{{.") {
+ if !strings.Contains(input, "{{") {
return input
}
return replacer.Replace(input)
@@ -1285,7 +1258,7 @@ func getHTTPRuleActionEndpoint(c *dataprovider.EventActionHTTPConfig, replacer *
if err != nil {
return "", fmt.Errorf("invalid endpoint: %w", err)
}
- if strings.Contains(u.Path, "{{.") {
+ if strings.Contains(u.Path, "{{") {
pathComponents := strings.Split(u.Path, "/")
for idx := range pathComponents {
part := replaceWithReplacer(pathComponents[idx], replacer)
@@ -1319,7 +1292,7 @@ func writeHTTPPart(m *multipart.Writer, part dataprovider.HTTPPart, h textproto.
if part.Body != "" {
cType := h.Get("Content-Type")
if strings.Contains(strings.ToLower(cType), "application/json") {
- replacements := params.getStringReplacements(addObjectData, 1)
+ replacements := params.getStringReplacements(addObjectData, true)
jsonReplacer := strings.NewReplacer(replacements...)
_, err = partWriter.Write(util.StringToBytes(replaceWithReplacer(part.Body, jsonReplacer)))
} else {
@@ -1367,7 +1340,7 @@ func getHTTPRuleActionBody(c *dataprovider.EventActionHTTPConfig, replacer *stri
return bytes.NewBuffer(data), "", nil
}
if c.HasJSONBody() {
- replacements := params.getStringReplacements(addObjectData, 1)
+ replacements := params.getStringReplacements(addObjectData, true)
jsonReplacer := strings.NewReplacer(replacements...)
return bytes.NewBufferString(replaceWithReplacer(c.Body, jsonReplacer)), "", nil
}
@@ -1380,7 +1353,8 @@ func getHTTPRuleActionBody(c *dataprovider.EventActionHTTPConfig, replacer *stri
var conn *BaseConnection
if user.Username != "" {
var err error
- if err := getUserForEventAction(&user); err != nil {
+ user, err = getUserForEventAction(user)
+ if err != nil {
return body, "", err
}
connectionID := fmt.Sprintf("%s_%s", protocolEventAction, xid.New().String())
@@ -1454,7 +1428,7 @@ func executeHTTPRuleAction(c dataprovider.EventActionHTTPConfig, params *EventPa
addObjectData = c.HasObjectData()
}
- replacements := params.getStringReplacements(addObjectData, 0)
+ replacements := params.getStringReplacements(addObjectData, false)
replacer := strings.NewReplacer(replacements...)
endpoint, err := getHTTPRuleActionEndpoint(&c, replacer)
if err != nil {
@@ -1504,7 +1478,7 @@ func executeHTTPRuleAction(c dataprovider.EventActionHTTPConfig, params *EventPa
if resp.StatusCode < http.StatusOK || resp.StatusCode > http.StatusNoContent {
if rb, err := io.ReadAll(io.LimitReader(resp.Body, 2048)); err == nil {
eventManagerLog(logger.LevelDebug, "error notification response from endpoint %q: %s",
- endpoint, rb)
+ endpoint, util.BytesToString(rb))
}
return fmt.Errorf("unexpected status code: %d", resp.StatusCode)
}
@@ -1525,7 +1499,7 @@ func executeCommandRuleAction(c dataprovider.EventActionCommandConfig, params *E
}
}
}
- replacements := params.getStringReplacements(addObjectData, 0)
+ replacements := params.getStringReplacements(addObjectData, false)
replacer := strings.NewReplacer(replacements...)
args := make([]string, 0, len(c.Args))
@@ -1539,7 +1513,7 @@ func executeCommandRuleAction(c dataprovider.EventActionCommandConfig, params *E
cmd := exec.CommandContext(ctx, c.Cmd, args...)
cmd.Env = []string{}
for _, keyVal := range c.EnvVars {
- if keyVal.Value == "$" && !strings.HasPrefix(strings.ToUpper(keyVal.Key), "SFTPGO_") {
+ if keyVal.Value == "$" {
val := os.Getenv(keyVal.Key)
if val == "" {
eventManagerLog(logger.LevelDebug, "empty value for environment variable %q", keyVal.Key)
@@ -1580,16 +1554,9 @@ func executeEmailRuleAction(c dataprovider.EventActionEmailConfig, params *Event
addObjectData = true
}
}
- replacements := params.getStringReplacements(addObjectData, 0)
+ replacements := params.getStringReplacements(addObjectData, false)
replacer := strings.NewReplacer(replacements...)
- var body string
- if c.ContentType == 1 {
- replacements := params.getStringReplacements(addObjectData, 2)
- bodyReplacer := strings.NewReplacer(replacements...)
- body = replaceWithReplacer(c.Body, bodyReplacer)
- } else {
- body = replaceWithReplacer(c.Body, replacer)
- }
+ body := replaceWithReplacer(c.Body, replacer)
subject := replaceWithReplacer(c.Subject, replacer)
recipients := getEmailAddressesWithReplacer(c.Recipients, replacer)
bcc := getEmailAddressesWithReplacer(c.Bcc, replacer)
@@ -1612,7 +1579,8 @@ func executeEmailRuleAction(c dataprovider.EventActionEmailConfig, params *Event
if err != nil {
return err
}
- if err := getUserForEventAction(&user); err != nil {
+ user, err = getUserForEventAction(user)
+ if err != nil {
return err
}
connectionID := fmt.Sprintf("%s_%s", protocolEventAction, xid.New().String())
@@ -1639,11 +1607,11 @@ func executeEmailRuleAction(c dataprovider.EventActionEmailConfig, params *Event
return nil
}
-func getUserForEventAction(user *dataprovider.User) error {
+func getUserForEventAction(user dataprovider.User) (dataprovider.User, error) {
err := user.LoadAndApplyGroupSettings()
if err != nil {
eventManagerLog(logger.LevelError, "unable to get group for user %q: %+v", user.Username, err)
- return fmt.Errorf("unable to get groups for user %q", user.Username)
+ return dataprovider.User{}, fmt.Errorf("unable to get groups for user %q", user.Username)
}
user.UploadDataTransfer = 0
user.UploadBandwidth = 0
@@ -1654,7 +1622,7 @@ func getUserForEventAction(user *dataprovider.User) error {
for k := range user.Permissions {
user.Permissions[k] = []string{dataprovider.PermAny}
}
- return nil
+ return user, nil
}
func replacePathsPlaceholders(paths []string, replacer *strings.Replacer) []string {
@@ -1674,11 +1642,12 @@ func executeDeleteFileFsAction(conn *BaseConnection, item string, info os.FileIn
}
func executeDeleteFsActionForUser(deletes []string, replacer *strings.Replacer, user dataprovider.User) error {
- if err := getUserForEventAction(&user); err != nil {
+ user, err := getUserForEventAction(user)
+ if err != nil {
return err
}
connectionID := fmt.Sprintf("%s_%s", protocolEventAction, xid.New().String())
- err := user.CheckFsRoot(connectionID)
+ err = user.CheckFsRoot(connectionID)
defer user.CloseFs() //nolint:errcheck
if err != nil {
return fmt.Errorf("delete error, unable to check root fs for user %q: %w", user.Username, err)
@@ -1743,11 +1712,12 @@ func executeDeleteFsRuleAction(deletes []string, replacer *strings.Replacer,
}
func executeMkDirsFsActionForUser(dirs []string, replacer *strings.Replacer, user dataprovider.User) error {
- if err := getUserForEventAction(&user); err != nil {
+ user, err := getUserForEventAction(user)
+ if err != nil {
return err
}
connectionID := fmt.Sprintf("%s_%s", protocolEventAction, xid.New().String())
- err := user.CheckFsRoot(connectionID)
+ err = user.CheckFsRoot(connectionID)
defer user.CloseFs() //nolint:errcheck
if err != nil {
return fmt.Errorf("mkdir error, unable to check root fs for user %q: %w", user.Username, err)
@@ -1800,14 +1770,15 @@ func executeMkdirFsRuleAction(dirs []string, replacer *strings.Replacer,
return nil
}
-func executeRenameFsActionForUser(renames []dataprovider.RenameConfig, replacer *strings.Replacer,
+func executeRenameFsActionForUser(renames []dataprovider.KeyValue, replacer *strings.Replacer,
user dataprovider.User,
) error {
- if err := getUserForEventAction(&user); err != nil {
+ user, err := getUserForEventAction(user)
+ if err != nil {
return err
}
connectionID := fmt.Sprintf("%s_%s", protocolEventAction, xid.New().String())
- err := user.CheckFsRoot(connectionID)
+ err = user.CheckFsRoot(connectionID)
defer user.CloseFs() //nolint:errcheck
if err != nil {
return fmt.Errorf("rename error, unable to check root fs for user %q: %w", user.Username, err)
@@ -1818,11 +1789,7 @@ func executeRenameFsActionForUser(renames []dataprovider.RenameConfig, replacer
for _, item := range renames {
source := util.CleanPath(replaceWithReplacer(item.Key, replacer))
target := util.CleanPath(replaceWithReplacer(item.Value, replacer))
- checks := 0
- if item.UpdateModTime {
- checks += vfs.CheckUpdateModTime
- }
- if err = conn.renameInternal(source, target, true, checks); err != nil {
+ if err = conn.renameInternal(source, target, true); err != nil {
return fmt.Errorf("unable to rename %q->%q, user %q: %w", source, target, user.Username, err)
}
eventManagerLog(logger.LevelDebug, "rename %q->%q ok, user %q", source, target, user.Username)
@@ -1833,11 +1800,12 @@ func executeRenameFsActionForUser(renames []dataprovider.RenameConfig, replacer
func executeCopyFsActionForUser(keyVals []dataprovider.KeyValue, replacer *strings.Replacer,
user dataprovider.User,
) error {
- if err := getUserForEventAction(&user); err != nil {
+ user, err := getUserForEventAction(user)
+ if err != nil {
return err
}
connectionID := fmt.Sprintf("%s_%s", protocolEventAction, xid.New().String())
- err := user.CheckFsRoot(connectionID)
+ err = user.CheckFsRoot(connectionID)
defer user.CloseFs() //nolint:errcheck
if err != nil {
return fmt.Errorf("copy error, unable to check root fs for user %q: %w", user.Username, err)
@@ -1865,11 +1833,12 @@ func executeCopyFsActionForUser(keyVals []dataprovider.KeyValue, replacer *strin
func executeExistFsActionForUser(exist []string, replacer *strings.Replacer,
user dataprovider.User,
) error {
- if err := getUserForEventAction(&user); err != nil {
+ user, err := getUserForEventAction(user)
+ if err != nil {
return err
}
connectionID := fmt.Sprintf("%s_%s", protocolEventAction, xid.New().String())
- err := user.CheckFsRoot(connectionID)
+ err = user.CheckFsRoot(connectionID)
defer user.CloseFs() //nolint:errcheck
if err != nil {
return fmt.Errorf("existence check error, unable to check root fs for user %q: %w", user.Username, err)
@@ -1886,7 +1855,7 @@ func executeExistFsActionForUser(exist []string, replacer *strings.Replacer,
return nil
}
-func executeRenameFsRuleAction(renames []dataprovider.RenameConfig, replacer *strings.Replacer,
+func executeRenameFsRuleAction(renames []dataprovider.KeyValue, replacer *strings.Replacer,
conditions dataprovider.ConditionOptions, params *EventParams,
) error {
users, err := params.getUsers()
@@ -2024,11 +1993,12 @@ func estimateZipSize(conn *BaseConnection, zipPath string, paths []string) (int6
func executeCompressFsActionForUser(c dataprovider.EventActionFsCompress, replacer *strings.Replacer,
user dataprovider.User,
) error {
- if err := getUserForEventAction(&user); err != nil {
+ user, err := getUserForEventAction(user)
+ if err != nil {
return err
}
connectionID := fmt.Sprintf("%s_%s", protocolEventAction, xid.New().String())
- err := user.CheckFsRoot(connectionID)
+ err = user.CheckFsRoot(connectionID)
defer user.CloseFs() //nolint:errcheck
if err != nil {
return fmt.Errorf("compress error, unable to check root fs for user %q: %w", user.Username, err)
@@ -2069,7 +2039,7 @@ func executeCompressFsActionForUser(c dataprovider.EventActionFsCompress, replac
}
startTime := time.Now()
for _, item := range paths {
- if err := addZipEntry(zipWriter, conn, item, baseDir, nil, 0); err != nil {
+ if err := addZipEntry(zipWriter, conn, item, baseDir, 0); err != nil {
closeWriterAndUpdateQuota(writer, conn, name, "", numFiles, truncatedSize, err, operationUpload, startTime) //nolint:errcheck
return err
}
@@ -2154,7 +2124,7 @@ func executeFsRuleAction(c dataprovider.EventActionFilesystemConfig, conditions
params *EventParams,
) error {
addObjectData := false
- replacements := params.getStringReplacements(addObjectData, 0)
+ replacements := params.getStringReplacements(addObjectData, false)
replacer := strings.NewReplacer(replacements...)
switch c.Type {
case dataprovider.FilesystemActionRename:
@@ -2506,7 +2476,7 @@ func executePwdExpirationCheckForUser(user *dataprovider.User, config dataprovid
}
subject := "SFTPGo password expiration notification"
startTime := time.Now()
- if err := smtp.SendEmail(user.GetEmailAddresses(), nil, subject, body.String(), smtp.EmailContentTypeTextHTML); err != nil {
+ if err := smtp.SendEmail([]string{user.Email}, nil, subject, body.String(), smtp.EmailContentTypeTextHTML); err != nil {
eventManagerLog(logger.LevelError, "unable to notify password expiration for user %s: %v, elapsed: %s",
user.Username, err, time.Since(startTime))
return err
@@ -2554,7 +2524,7 @@ func executeAdminCheckAction(c *dataprovider.EventActionIDPAccountCheck, params
return nil, err
}
- replacements := params.getStringReplacements(false, 1)
+ replacements := params.getStringReplacements(false, true)
replacer := strings.NewReplacer(replacements...)
data := replaceWithReplacer(c.TemplateAdmin, replacer)
@@ -2601,9 +2571,6 @@ func preserveUserProfile(user, newUser *dataprovider.User) {
if user.Email != "" {
newUser.Email = user.Email
}
- if len(user.Filters.AdditionalEmails) > 0 {
- newUser.Filters.AdditionalEmails = user.Filters.AdditionalEmails
- }
}
if newUser.CanChangeAPIKeyAuth() {
newUser.Filters.AllowAPIKeyAuth = user.Filters.AllowAPIKeyAuth
@@ -2624,7 +2591,7 @@ func executeUserCheckAction(c *dataprovider.EventActionIDPAccountCheck, params *
if err != nil && !errors.Is(err, util.ErrNotFound) {
return nil, err
}
- replacements := params.getStringReplacements(false, 1)
+ replacements := params.getStringReplacements(false, true)
replacer := strings.NewReplacer(replacements...)
data := replaceWithReplacer(c.TemplateUser, replacer)
@@ -2846,16 +2813,6 @@ func (j *eventCronJob) getTask(rule *dataprovider.EventRule) (dataprovider.Task,
return dataprovider.Task{}, nil
}
-func (j *eventCronJob) getEventParams() EventParams {
- return EventParams{
- Event: "Schedule",
- Name: j.ruleName,
- Status: 1,
- Timestamp: time.Now(),
- updateStatusFromError: true,
- }
-}
-
func (j *eventCronJob) Run() {
eventManagerLog(logger.LevelDebug, "executing scheduled rule %q", j.ruleName)
rule, err := dataprovider.EventRuleExists(j.ruleName)
@@ -2906,9 +2863,9 @@ func (j *eventCronJob) Run() {
}
}(task.Name)
- executeAsyncRulesActions([]dataprovider.EventRule{rule}, j.getEventParams())
+ executeAsyncRulesActions([]dataprovider.EventRule{rule}, EventParams{Status: 1, updateStatusFromError: true})
} else {
- executeAsyncRulesActions([]dataprovider.EventRule{rule}, j.getEventParams())
+ executeAsyncRulesActions([]dataprovider.EventRule{rule}, EventParams{Status: 1, updateStatusFromError: true})
}
eventManagerLog(logger.LevelDebug, "execution for scheduled rule %q finished", j.ruleName)
}
diff --git a/internal/common/eventmanager_test.go b/internal/common/eventmanager_test.go
index d350421e..44f401d4 100644
--- a/internal/common/eventmanager_test.go
+++ b/internal/common/eventmanager_test.go
@@ -801,29 +801,14 @@ func TestEventManagerErrors(t *testing.T) {
}
func TestDateTimePlaceholder(t *testing.T) {
- oldTZ := Config.TZ
-
- Config.TZ = ""
dateTime := time.Now()
params := EventParams{
Timestamp: dateTime,
}
- replacements := params.getStringReplacements(false, 0)
+ replacements := params.getStringReplacements(false, false)
r := strings.NewReplacer(replacements...)
- res := r.Replace("{{.DateTime}}")
+ res := r.Replace("{{DateTime}}")
assert.Equal(t, dateTime.UTC().Format(dateTimeMillisFormat), res)
- res = r.Replace("{{.Year}}-{{.Month}}-{{.Day}}T{{.Hour}}:{{.Minute}}")
- assert.Equal(t, dateTime.UTC().Format(dateTimeMillisFormat)[:16], res)
-
- Config.TZ = "local"
- replacements = params.getStringReplacements(false, 0)
- r = strings.NewReplacer(replacements...)
- res = r.Replace("{{.DateTime}}")
- assert.Equal(t, dateTime.Local().Format(dateTimeMillisFormat), res)
- res = r.Replace("{{.Year}}-{{.Month}}-{{.Day}}T{{.Hour}}:{{.Minute}}")
- assert.Equal(t, dateTime.Local().Format(dateTimeMillisFormat)[:16], res)
-
- Config.TZ = oldTZ
}
func TestEventRuleActions(t *testing.T) {
@@ -845,7 +830,7 @@ func TestEventRuleActions(t *testing.T) {
HTTPConfig: dataprovider.EventActionHTTPConfig{
Endpoint: "http://foo\x7f.com/", // invalid URL
SkipTLSVerify: true,
- Body: `"data": "{{.ObjectDataString}}"`,
+ Body: `"data": "{{ObjectDataString}}"`,
Method: http.MethodPost,
QueryParameters: []dataprovider.KeyValue{
{
@@ -913,7 +898,7 @@ func TestEventRuleActions(t *testing.T) {
assert.Contains(t, getErrorString(err), "error getting user")
action.Options.HTTPConfig.Parts = nil
- action.Options.HTTPConfig.Body = "{{.ObjectData}}"
+ action.Options.HTTPConfig.Body = "{{ObjectData}}"
// test disk and transfer quota reset
username1 := "user1"
username2 := "user2"
@@ -1192,12 +1177,10 @@ func TestEventRuleActions(t *testing.T) {
action.Options = dataprovider.BaseEventActionOptions{
FsConfig: dataprovider.EventActionFilesystemConfig{
Type: dataprovider.FilesystemActionRename,
- Renames: []dataprovider.RenameConfig{
+ Renames: []dataprovider.KeyValue{
{
- KeyValue: dataprovider.KeyValue{
- Key: "/source",
- Value: "/target",
- },
+ Key: "/source",
+ Value: "/target",
},
},
},
@@ -1249,7 +1232,7 @@ func TestEventRuleActions(t *testing.T) {
Type: dataprovider.FilesystemActionCompress,
Compress: dataprovider.EventActionFsCompress{
Name: "test.zip",
- Paths: []string{"/{{.VirtualPath}}"},
+ Paths: []string{"/{{VirtualPath}}"},
},
},
}
@@ -1422,7 +1405,6 @@ func TestIDPAccountCheckRule(t *testing.T) {
// Update the profile attribute and make sure they are preserved
user.Password = "secret"
user.Email = "example@example.com"
- user.Filters.AdditionalEmails = []string{"alias@example.com"}
user.Description = "some desc"
user.Filters.TLSCerts = []string{serverCert}
user.PublicKeys = []string{"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC03jj0D+djk7pxIf/0OhrxrchJTRZklofJ1NoIu4752Sq02mdXmarMVsqJ1cAjV5LBVy3D1F5U6XW4rppkXeVtd04Pxb09ehtH0pRRPaoHHlALiJt8CoMpbKYMA8b3KXPPriGxgGomvtU2T2RMURSwOZbMtpsugfjYSWenyYX+VORYhylWnSXL961LTyC21ehd6d6QnW9G7E5hYMITMY9TuQZz3bROYzXiTsgN0+g6Hn7exFQp50p45StUMfV/SftCMdCxlxuyGny2CrN/vfjO7xxOo2uv7q1qm10Q46KPWJQv+pgZ/OfL+EDjy07n5QVSKHlbx+2nT4Q0EgOSQaCTYwn3YjtABfIxWwgAFdyj6YlPulCL22qU4MYhDcA6PSBwDdf8hvxBfvsiHdM+JcSHvv8/VeJhk6CmnZxGY0fxBupov27z3yEO8nAg8k+6PaUiW1MSUfuGMF/ktB8LOstXsEPXSszuyXiOv4DaryOXUiSn7bmRqKcEFlJusO6aZP0= nicola@p1"}
@@ -1437,7 +1419,6 @@ func TestIDPAccountCheckRule(t *testing.T) {
assert.Len(t, user.PublicKeys, 1)
assert.Len(t, user.Filters.TLSCerts, 1)
assert.NotEmpty(t, user.Email)
- assert.Len(t, user.Filters.AdditionalEmails, 1)
assert.NotEmpty(t, user.Description)
err = dataprovider.DeleteUser(username, "", "", "")
@@ -1739,12 +1720,10 @@ func TestFilesystemActionErrors(t *testing.T) {
assert.NoError(t, err)
err = dataprovider.AddUser(&user, "", "", "")
assert.NoError(t, err)
- err = executeRenameFsActionForUser([]dataprovider.RenameConfig{
+ err = executeRenameFsActionForUser([]dataprovider.KeyValue{
{
- KeyValue: dataprovider.KeyValue{
- Key: "/p1",
- Value: "/p1",
- },
+ Key: "/p1",
+ Value: "/p1",
},
}, testReplacer, user)
if assert.Error(t, err) {
@@ -1755,12 +1734,10 @@ func TestFilesystemActionErrors(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
FsConfig: dataprovider.EventActionFilesystemConfig{
Type: dataprovider.FilesystemActionRename,
- Renames: []dataprovider.RenameConfig{
+ Renames: []dataprovider.KeyValue{
{
- KeyValue: dataprovider.KeyValue{
- Key: "/p2",
- Value: "/p2",
- },
+ Key: "/p2",
+ Value: "/p2",
},
},
},
@@ -1846,7 +1823,7 @@ func TestFilesystemActionErrors(t *testing.T) {
Writer: zip.NewWriter(bytes.NewBuffer(nil)),
Entries: map[string]bool{},
}
- err = addZipEntry(wr, conn, "/adir/sub/f.dat", "/adir/sub/sub", nil, 0)
+ err = addZipEntry(wr, conn, "/adir/sub/f.dat", "/adir/sub/sub", 0)
assert.Error(t, err)
assert.Contains(t, getErrorString(err), "is outside base dir")
}
@@ -1856,7 +1833,7 @@ func TestFilesystemActionErrors(t *testing.T) {
Writer: zip.NewWriter(bytes.NewBuffer(nil)),
Entries: map[string]bool{},
}
- err = addZipEntry(wr, conn, "/p1", "/", nil, 2000)
+ err = addZipEntry(wr, conn, "/p1", "/", 2000)
assert.ErrorIs(t, err, util.ErrRecursionTooDeep)
err = dataprovider.DeleteUser(username, "", "", "")
@@ -1954,27 +1931,12 @@ func TestScheduledActions(t *testing.T) {
backupsPath := filepath.Join(os.TempDir(), "backups")
err := os.RemoveAll(backupsPath)
assert.NoError(t, err)
- now := time.Now().UTC().Format(dateTimeMillisFormat)
- // The backup action sets the home directory to the backup path.
- expectedDirPath := filepath.Join(backupsPath, fmt.Sprintf("%s_%s_%s", now[0:4], now[5:7], now[8:10]))
- action1 := &dataprovider.BaseEventAction{
- Name: "action1",
+ action := &dataprovider.BaseEventAction{
+ Name: "action",
Type: dataprovider.ActionTypeBackup,
}
- err = dataprovider.AddEventAction(action1, "", "", "")
- assert.NoError(t, err)
- action2 := &dataprovider.BaseEventAction{
- Name: "action2",
- Type: dataprovider.ActionTypeFilesystem,
- Options: dataprovider.BaseEventActionOptions{
- FsConfig: dataprovider.EventActionFilesystemConfig{
- Type: dataprovider.FilesystemActionMkdirs,
- MkDirs: []string{"{{.Year}}_{{.Month}}_{{.Day}}"},
- },
- },
- }
- err = dataprovider.AddEventAction(action2, "", "", "")
+ err = dataprovider.AddEventAction(action, "", "", "")
assert.NoError(t, err)
rule := &dataprovider.EventRule{
Name: "rule",
@@ -1993,16 +1955,10 @@ func TestScheduledActions(t *testing.T) {
Actions: []dataprovider.EventAction{
{
BaseEventAction: dataprovider.BaseEventAction{
- Name: action1.Name,
+ Name: action.Name,
},
Order: 1,
},
- {
- BaseEventAction: dataprovider.BaseEventAction{
- Name: action2.Name,
- },
- Order: 2,
- },
},
}
@@ -2017,10 +1973,9 @@ func TestScheduledActions(t *testing.T) {
job.Run()
assert.DirExists(t, backupsPath)
- assert.DirExists(t, expectedDirPath)
- action1.Type = dataprovider.ActionTypeEmail
- action1.Options = dataprovider.BaseEventActionOptions{
+ action.Type = dataprovider.ActionTypeEmail
+ action.Options = dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"example@example.com"},
Subject: "test with attachments",
@@ -2028,19 +1983,16 @@ func TestScheduledActions(t *testing.T) {
Attachments: []string{"/file1.txt"},
},
}
- err = dataprovider.UpdateEventAction(action1, "", "", "")
+ err = dataprovider.UpdateEventAction(action, "", "", "")
assert.NoError(t, err)
job.Run() // action is not compatible with a scheduled rule
err = dataprovider.DeleteEventRule(rule.Name, "", "", "")
assert.NoError(t, err)
- err = dataprovider.DeleteEventAction(action1.Name, "", "", "")
- assert.NoError(t, err)
- err = dataprovider.DeleteEventAction(action2.Name, "", "", "")
+ err = dataprovider.DeleteEventAction(action.Name, "", "", "")
assert.NoError(t, err)
err = os.RemoveAll(backupsPath)
assert.NoError(t, err)
-
stopEventScheduler()
}
@@ -2159,11 +2111,11 @@ func TestWriteHTTPPartsError(t *testing.T) {
}
func TestReplacePathsPlaceholders(t *testing.T) {
- replacer := strings.NewReplacer("{{.VirtualPath}}", "/path1")
- paths := []string{"{{.VirtualPath}}", "/path1"}
+ replacer := strings.NewReplacer("{{VirtualPath}}", "/path1")
+ paths := []string{"{{VirtualPath}}", "/path1"}
paths = replacePathsPlaceholders(paths, replacer)
assert.Equal(t, []string{"/path1"}, paths)
- paths = []string{"{{.VirtualPath}}", "/path2"}
+ paths = []string{"{{VirtualPath}}", "/path2"}
paths = replacePathsPlaceholders(paths, replacer)
assert.Equal(t, []string{"/path1", "/path2"}, paths)
}
@@ -2256,7 +2208,7 @@ func TestOnDemandRule(t *testing.T) {
Recipients: []string{"example@example.org"},
Subject: "subject",
Body: "body",
- Attachments: []string{"/{{.VirtualPath}}"},
+ Attachments: []string{"/{{VirtualPath}}"},
},
},
}
@@ -2297,21 +2249,21 @@ func getErrorString(err error) string {
func TestHTTPEndpointWithPlaceholders(t *testing.T) {
c := dataprovider.EventActionHTTPConfig{
- Endpoint: "http://127.0.0.1:8080/base/url/{{.Name}}/{{.VirtualPath}}/upload",
+ Endpoint: "http://127.0.0.1:8080/base/url/{{Name}}/{{VirtualPath}}/upload",
QueryParameters: []dataprovider.KeyValue{
{
Key: "u",
- Value: "{{.Name}}",
+ Value: "{{Name}}",
},
{
Key: "p",
- Value: "{{.VirtualPath}}",
+ Value: "{{VirtualPath}}",
},
},
}
name := "uname"
vPath := "/a dir/@ file.txt"
- replacer := strings.NewReplacer("{{.Name}}", name, "{{.VirtualPath}}", vPath)
+ replacer := strings.NewReplacer("{{Name}}", name, "{{VirtualPath}}", vPath)
u, err := getHTTPRuleActionEndpoint(&c, replacer)
assert.NoError(t, err)
expected := "http://127.0.0.1:8080/base/url/" + url.PathEscape(name) + "/" + url.PathEscape(vPath) +
@@ -2331,9 +2283,9 @@ func TestMetadataReplacement(t *testing.T) {
"key": "value",
},
}
- replacements := params.getStringReplacements(false, 0)
+ replacements := params.getStringReplacements(false, false)
replacer := strings.NewReplacer(replacements...)
- reader, _, err := getHTTPRuleActionBody(&dataprovider.EventActionHTTPConfig{Body: "{{.Metadata}} {{.MetadataString}}"}, replacer, nil, dataprovider.User{}, params, false)
+ reader, _, err := getHTTPRuleActionBody(&dataprovider.EventActionHTTPConfig{Body: "{{Metadata}} {{MetadataString}}"}, replacer, nil, dataprovider.User{}, params, false)
require.NoError(t, err)
data, err := io.ReadAll(reader)
require.NoError(t, err)
diff --git a/internal/common/eventscheduler.go b/internal/common/eventscheduler.go
index 762880f7..71315e81 100644
--- a/internal/common/eventscheduler.go
+++ b/internal/common/eventscheduler.go
@@ -19,8 +19,6 @@ import (
"github.com/robfig/cron/v3"
- "github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/util"
)
@@ -38,15 +36,7 @@ func stopEventScheduler() {
func startEventScheduler() {
stopEventScheduler()
- options := []cron.Option{
- cron.WithLogger(cron.DiscardLogger),
- }
- if !dataprovider.UseLocalTime() {
- eventManagerLog(logger.LevelDebug, "use UTC time for the scheduler")
- options = append(options, cron.WithLocation(time.UTC))
- }
-
- eventScheduler = cron.New(options...)
+ eventScheduler = cron.New(cron.WithLocation(time.UTC), cron.WithLogger(cron.DiscardLogger))
eventManager.loadRules()
_, err := eventScheduler.AddFunc("@every 10m", eventManager.loadRules)
util.PanicOnError(err)
diff --git a/internal/common/protocol_test.go b/internal/common/protocol_test.go
index 8147e246..7d9f13ff 100644
--- a/internal/common/protocol_test.go
+++ b/internal/common/protocol_test.go
@@ -1459,15 +1459,15 @@ func TestTruncateQuotaLimits(t *testing.T) {
expectedQuotaSize := int64(3)
fold, _, err := httpdtest.GetFolderByName(folder2.Name, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), fold.UsedQuotaSize)
- assert.Equal(t, 0, fold.UsedQuotaFiles)
+ assert.Equal(t, expectedQuotaSize, fold.UsedQuotaSize)
+ assert.Equal(t, expectedQuotaFiles, fold.UsedQuotaFiles)
err = f.Close()
assert.NoError(t, err)
expectedQuotaFiles = 1
fold, _, err = httpdtest.GetFolderByName(folder2.Name, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), fold.UsedQuotaSize)
- assert.Equal(t, 0, fold.UsedQuotaFiles)
+ assert.Equal(t, expectedQuotaSize, fold.UsedQuotaSize)
+ assert.Equal(t, expectedQuotaFiles, fold.UsedQuotaFiles)
user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles)
@@ -1779,8 +1779,8 @@ func TestVirtualFoldersQuotaValues(t *testing.T) {
assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize)
f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize, f.UsedQuotaSize)
@@ -1887,8 +1887,8 @@ func TestQuotaRenameInsideSameVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize)
f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 2, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
@@ -1912,8 +1912,8 @@ func TestQuotaRenameInsideSameVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 2, f.UsedQuotaFiles)
// rename a file inside vdir2, it isn't included inside user quota, so we have:
// - vdir1/dir1/testFileName.rename
// - vdir1/dir2/testFileName1
@@ -1931,8 +1931,8 @@ func TestQuotaRenameInsideSameVirtualFolder(t *testing.T) {
assert.Equal(t, 2, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 2, f.UsedQuotaFiles)
// rename a file inside vdir2 overwriting an existing, we now have:
// - vdir1/dir1/testFileName.rename
// - vdir1/dir2/testFileName1
@@ -1949,8 +1949,8 @@ func TestQuotaRenameInsideSameVirtualFolder(t *testing.T) {
assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 2, f.UsedQuotaFiles)
// rename a file inside vdir1 overwriting an existing, we now have:
// - vdir1/dir1/testFileName.rename (initial testFileName1)
// - vdir2/dir1/testFileName.rename (initial testFileName1)
@@ -1962,8 +1962,8 @@ func TestQuotaRenameInsideSameVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize1, f.UsedQuotaSize)
@@ -1983,8 +1983,8 @@ func TestQuotaRenameInsideSameVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize1, f.UsedQuotaSize)
@@ -2089,8 +2089,8 @@ func TestQuotaRenameBetweenVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize, user.UsedQuotaSize)
f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize+testFileSize1+testFileSize1, f.UsedQuotaSize)
@@ -2108,8 +2108,8 @@ func TestQuotaRenameBetweenVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize*2, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize*2, f.UsedQuotaSize)
+ assert.Equal(t, 2, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize1*2, f.UsedQuotaSize)
@@ -2126,8 +2126,8 @@ func TestQuotaRenameBetweenVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize1+testFileSize, f.UsedQuotaSize)
@@ -2143,8 +2143,8 @@ func TestQuotaRenameBetweenVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize, f.UsedQuotaSize)
@@ -2174,8 +2174,8 @@ func TestQuotaRenameBetweenVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize1*3+testFileSize*2, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize1*3+testFileSize*2, f.UsedQuotaSize)
+ assert.Equal(t, 5, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, int64(0), f.UsedQuotaSize)
@@ -2189,8 +2189,8 @@ func TestQuotaRenameBetweenVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize1*2+testFileSize, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize1*2+testFileSize, f.UsedQuotaSize)
+ assert.Equal(t, 3, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
@@ -2295,8 +2295,8 @@ func TestQuotaRenameFromVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize)
f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
@@ -2314,8 +2314,8 @@ func TestQuotaRenameFromVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize+testFileSize1+testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize, f.UsedQuotaSize)
@@ -2378,8 +2378,8 @@ func TestQuotaRenameFromVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize*3+testFileSize1*3, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 2, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, int64(0), f.UsedQuotaSize)
@@ -2499,8 +2499,8 @@ func TestQuotaRenameToVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize)
f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
// rename a file from user home dir to vdir2, vdir2 is not included in user quota so we have:
// - /vdir2/dir1/testFileName
// - /vdir1/dir1/testFileName1
@@ -2539,8 +2539,8 @@ func TestQuotaRenameToVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize, f.UsedQuotaSize)
@@ -2556,8 +2556,8 @@ func TestQuotaRenameToVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize1, f.UsedQuotaSize)
@@ -2579,8 +2579,8 @@ func TestQuotaRenameToVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize*2+testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize1, f.UsedQuotaSize)
@@ -2597,8 +2597,8 @@ func TestQuotaRenameToVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize*2+testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize*2+testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 3, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize1, f.UsedQuotaSize)
@@ -2623,8 +2623,8 @@ func TestQuotaRenameToVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize*2+testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize*2+testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 3, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize1*2+testFileSize, f.UsedQuotaSize)
@@ -3784,8 +3784,8 @@ func TestEventRule(t *testing.T) {
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"test1@example.com", "test2@example.com"},
Bcc: []string{"test3@example.com"},
- Subject: `New "{{.Event}}" from "{{.Name}}" status {{.StatusString}}`,
- Body: "Fs path {{.FsPath}}, size: {{.FileSize}}, protocol: {{.Protocol}}, IP: {{.IP}} Data: {{.ObjectData}} {{.ErrorString}}",
+ Subject: `New "{{Event}}" from "{{Name}}" status {{StatusString}}`,
+ Body: "Fs path {{FsPath}}, size: {{FileSize}}, protocol: {{Protocol}}, IP: {{IP}} Data: {{ObjectData}} {{ErrorString}}",
},
},
}
@@ -3795,8 +3795,8 @@ func TestEventRule(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"failure@example.com"},
- Subject: `Failed "{{.Event}}" from "{{.Name}}"`,
- Body: "Fs path {{.FsPath}}, protocol: {{.Protocol}}, IP: {{.IP}} {{.ErrorString}}",
+ Subject: `Failed "{{Event}}" from "{{Name}}"`,
+ Body: "Fs path {{FsPath}}, protocol: {{Protocol}}, IP: {{IP}} {{ErrorString}}",
},
},
}
@@ -3941,7 +3941,7 @@ func TestEventRule(t *testing.T) {
EnvVars: []dataprovider.KeyValue{
{
Key: "SFTPGO_ACTION_PATH",
- Value: "{{.FsPath}}",
+ Value: "{{FsPath}}",
},
{
Key: "CUSTOM_ENV_VAR",
@@ -3986,9 +3986,9 @@ func TestEventRule(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email := lastReceivedEmail.get()
assert.Len(t, email.To, 3)
- assert.True(t, slices.Contains(email.To, "test1@example.com"))
- assert.True(t, slices.Contains(email.To, "test2@example.com"))
- assert.True(t, slices.Contains(email.To, "test3@example.com"))
+ assert.True(t, util.Contains(email.To, "test1@example.com"))
+ assert.True(t, util.Contains(email.To, "test2@example.com"))
+ assert.True(t, util.Contains(email.To, "test3@example.com"))
assert.Contains(t, email.Data, fmt.Sprintf(`Subject: New "upload" from "%s" status OK`, user.Username))
// test the failure action, we download a file that exceeds the transfer quota limit
err = writeSFTPFileNoCheck(path.Join("subdir1", testFileName), 1*1024*1024+65535, client)
@@ -4007,9 +4007,9 @@ func TestEventRule(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email = lastReceivedEmail.get()
assert.Len(t, email.To, 3)
- assert.True(t, slices.Contains(email.To, "test1@example.com"))
- assert.True(t, slices.Contains(email.To, "test2@example.com"))
- assert.True(t, slices.Contains(email.To, "test3@example.com"))
+ assert.True(t, util.Contains(email.To, "test1@example.com"))
+ assert.True(t, util.Contains(email.To, "test2@example.com"))
+ assert.True(t, util.Contains(email.To, "test3@example.com"))
assert.Contains(t, email.Data, fmt.Sprintf(`Subject: New "download" from "%s" status KO`, user.Username))
assert.Contains(t, email.Data, `"download" failed`)
assert.Contains(t, email.Data, common.ErrReadQuotaExceeded.Error())
@@ -4027,7 +4027,7 @@ func TestEventRule(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email = lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "failure@example.com"))
+ assert.True(t, util.Contains(email.To, "failure@example.com"))
assert.Contains(t, email.Data, fmt.Sprintf(`Subject: Failed "upload" from "%s"`, user.Username))
assert.Contains(t, email.Data, fmt.Sprintf(`action %q failed`, action1.Name))
// now test the download rule
@@ -4044,13 +4044,13 @@ func TestEventRule(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email = lastReceivedEmail.get()
assert.Len(t, email.To, 3)
- assert.True(t, slices.Contains(email.To, "test1@example.com"))
- assert.True(t, slices.Contains(email.To, "test2@example.com"))
- assert.True(t, slices.Contains(email.To, "test3@example.com"))
+ assert.True(t, util.Contains(email.To, "test1@example.com"))
+ assert.True(t, util.Contains(email.To, "test2@example.com"))
+ assert.True(t, util.Contains(email.To, "test3@example.com"))
assert.Contains(t, email.Data, fmt.Sprintf(`Subject: New "download" from "%s"`, user.Username))
}
// test upload action command with arguments
- action1.Options.CmdConfig.Args = []string{"{{.Event}}", "{{.VirtualPath}}", "custom_arg"}
+ action1.Options.CmdConfig.Args = []string{"{{Event}}", "{{VirtualPath}}", "custom_arg"}
action1, _, err = httpdtest.UpdateEventAction(action1, http.StatusOK)
assert.NoError(t, err)
uploadLogFilePath := filepath.Join(os.TempDir(), "upload.log")
@@ -4087,9 +4087,9 @@ func TestEventRule(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email := lastReceivedEmail.get()
assert.Len(t, email.To, 3)
- assert.True(t, slices.Contains(email.To, "test1@example.com"))
- assert.True(t, slices.Contains(email.To, "test2@example.com"))
- assert.True(t, slices.Contains(email.To, "test3@example.com"))
+ assert.True(t, util.Contains(email.To, "test1@example.com"))
+ assert.True(t, util.Contains(email.To, "test2@example.com"))
+ assert.True(t, util.Contains(email.To, "test3@example.com"))
assert.Contains(t, email.Data, `Subject: New "delete" from "admin"`)
_, err = httpdtest.RemoveEventRule(rule3, http.StatusOK)
assert.NoError(t, err)
@@ -4128,8 +4128,8 @@ func TestEventRuleStatues(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"test6@example.com"},
- Subject: `New "{{.Event}}" error`,
- Body: "{{.ErrorString}}",
+ Subject: `New "{{Event}}" error`,
+ Body: "{{ErrorString}}",
},
},
}
@@ -4241,7 +4241,7 @@ func TestEventRuleDisabledCommand(t *testing.T) {
EnvVars: []dataprovider.KeyValue{
{
Key: "SFTPGO_OBJECT_DATA",
- Value: "{{.ObjectData}}",
+ Value: "{{ObjectData}}",
},
},
},
@@ -4253,8 +4253,8 @@ func TestEventRuleDisabledCommand(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"test3@example.com"},
- Subject: `New "{{.Event}}" from "{{.Name}}"`,
- Body: "Object name: {{.ObjectName}} object type: {{.ObjectType}} Data: {{.ObjectData}}",
+ Subject: `New "{{Event}}" from "{{Name}}"`,
+ Body: "Object name: {{ObjectName}} object type: {{ObjectType}} Data: {{ObjectData}}",
},
},
}
@@ -4265,8 +4265,8 @@ func TestEventRuleDisabledCommand(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"failure@example.com"},
- Subject: `Failed "{{.Event}}" from "{{.Name}}"`,
- Body: "Object name: {{.ObjectName}} object type: {{.ObjectType}}, IP: {{.IP}}",
+ Subject: `Failed "{{Event}}" from "{{Name}}"`,
+ Body: "Object name: {{ObjectName}} object type: {{ObjectType}}, IP: {{IP}}",
},
},
}
@@ -4390,7 +4390,7 @@ func TestEventRuleProviderEvents(t *testing.T) {
EnvVars: []dataprovider.KeyValue{
{
Key: "SFTPGO_OBJECT_DATA",
- Value: "{{.ObjectData}}",
+ Value: "{{ObjectData}}",
},
},
},
@@ -4402,8 +4402,8 @@ func TestEventRuleProviderEvents(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"test3@example.com"},
- Subject: `New "{{.Event}}" from "{{.Name}}"`,
- Body: "Object name: {{.ObjectName}} object type: {{.ObjectType}} Data: {{.ObjectData}}",
+ Subject: `New "{{Event}}" from "{{Name}}"`,
+ Body: "Object name: {{ObjectName}} object type: {{ObjectType}} Data: {{ObjectData}}",
},
},
}
@@ -4414,8 +4414,8 @@ func TestEventRuleProviderEvents(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"failure@example.com"},
- Subject: `Failed "{{.Event}}" from "{{.Name}}"`,
- Body: "Object name: {{.ObjectName}} object type: {{.ObjectType}}, IP: {{.IP}}",
+ Subject: `Failed "{{Event}}" from "{{Name}}"`,
+ Body: "Object name: {{ObjectName}} object type: {{ObjectType}}, IP: {{IP}}",
},
},
}
@@ -4494,7 +4494,7 @@ func TestEventRuleProviderEvents(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email := lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "test3@example.com"))
+ assert.True(t, util.Contains(email.To, "test3@example.com"))
assert.Contains(t, email.Data, `Subject: New "update" from "admin"`)
}
// now delete the script to generate an error
@@ -4509,7 +4509,7 @@ func TestEventRuleProviderEvents(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email := lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "failure@example.com"))
+ assert.True(t, util.Contains(email.To, "failure@example.com"))
assert.Contains(t, email.Data, `Subject: Failed "update" from "admin"`)
assert.Contains(t, email.Data, fmt.Sprintf("Object name: %s object type: folder", folder.Name))
lastReceivedEmail.reset()
@@ -4558,12 +4558,10 @@ func TestEventRuleFsActions(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
FsConfig: dataprovider.EventActionFilesystemConfig{
Type: dataprovider.FilesystemActionRename,
- Renames: []dataprovider.RenameConfig{
+ Renames: []dataprovider.KeyValue{
{
- KeyValue: dataprovider.KeyValue{
- Key: "/{{.VirtualDirPath}}/{{.ObjectName}}",
- Value: "/{{.ObjectName}}_renamed",
- },
+ Key: "/{{VirtualDirPath}}/{{ObjectName}}",
+ Value: "/{{ObjectName}}_renamed",
},
},
},
@@ -4575,7 +4573,7 @@ func TestEventRuleFsActions(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
FsConfig: dataprovider.EventActionFilesystemConfig{
Type: dataprovider.FilesystemActionDelete,
- Deletes: []string{"/{{.ObjectName}}_renamed"},
+ Deletes: []string{"/{{ObjectName}}_renamed"},
},
},
}
@@ -4593,7 +4591,7 @@ func TestEventRuleFsActions(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
FsConfig: dataprovider.EventActionFilesystemConfig{
Type: dataprovider.FilesystemActionExist,
- Exist: []string{"/{{.VirtualPath}}"},
+ Exist: []string{"/{{VirtualPath}}"},
},
},
}
@@ -4821,80 +4819,6 @@ func TestEventRuleFsActions(t *testing.T) {
assert.NoError(t, err)
}
-func TestEventActionObjectBaseName(t *testing.T) {
- a1 := dataprovider.BaseEventAction{
- Name: "a1",
- Type: dataprovider.ActionTypeFilesystem,
- Options: dataprovider.BaseEventActionOptions{
- FsConfig: dataprovider.EventActionFilesystemConfig{
- Type: dataprovider.FilesystemActionRename,
- Renames: []dataprovider.RenameConfig{
- {
- KeyValue: dataprovider.KeyValue{
- Key: "/{{.VirtualDirPath}}/{{.ObjectName}}",
- Value: "/{{.ObjectBaseName}}",
- },
- },
- },
- },
- },
- }
- action1, resp, err := httpdtest.AddEventAction(a1, http.StatusCreated)
- assert.NoError(t, err, string(resp))
-
- r1 := dataprovider.EventRule{
- Name: "r2",
- Status: 1,
- Trigger: dataprovider.EventTriggerFsEvent,
- Conditions: dataprovider.EventConditions{
- FsEvents: []string{"upload"},
- },
- Actions: []dataprovider.EventAction{
- {
- BaseEventAction: dataprovider.BaseEventAction{
- Name: action1.Name,
- },
- Order: 1,
- Options: dataprovider.EventActionOptions{
- ExecuteSync: true,
- },
- },
- },
- }
- rule1, _, err := httpdtest.AddEventRule(r1, http.StatusCreated)
- assert.NoError(t, err)
-
- user, _, err := httpdtest.AddUser(getTestUser(), http.StatusCreated)
- assert.NoError(t, err)
- conn, client, err := getSftpClient(user)
- if assert.NoError(t, err) {
- defer conn.Close()
- defer client.Close()
-
- testDir := "test dir name"
- err = client.Mkdir(testDir)
- fileSize := int64(32768)
- assert.NoError(t, err)
- err = writeSFTPFileNoCheck(path.Join(testDir, testFileName), fileSize, client)
- assert.NoError(t, err)
-
- _, err = client.Stat(path.Join(testDir, testFileName))
- assert.ErrorIs(t, err, os.ErrNotExist)
-
- _, err = client.Stat(strings.TrimSuffix(testFileName, path.Ext(testFileName)))
- assert.NoError(t, err)
- }
-
- _, err = httpdtest.RemoveUser(user, http.StatusOK)
- assert.NoError(t, err)
- err = os.RemoveAll(user.GetHomeDir())
- assert.NoError(t, err)
- _, err = httpdtest.RemoveEventRule(rule1, http.StatusOK)
- assert.NoError(t, err)
- _, err = httpdtest.RemoveEventAction(action1, http.StatusOK)
- assert.NoError(t, err)
-}
-
func TestUploadEventRule(t *testing.T) {
smtpCfg := smtp.Config{
Host: "127.0.0.1",
@@ -4911,8 +4835,8 @@ func TestUploadEventRule(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"test1@example.com"},
- Subject: `New "{{.Event}}" from "{{.Name}}" status {{.StatusString}}`,
- Body: "Fs path {{.FsPath}}, size: {{.FileSize}}, protocol: {{.Protocol}}, IP: {{.IP}} Data: {{.ObjectData}} {{.ErrorString}}",
+ Subject: `New "{{Event}}" from "{{Name}}" status {{StatusString}}`,
+ Body: "Fs path {{FsPath}}, size: {{FileSize}}, protocol: {{Protocol}}, IP: {{IP}} Data: {{ObjectData}} {{ErrorString}}",
},
},
}
@@ -5044,13 +4968,10 @@ func TestEventRulePreDelete(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
FsConfig: dataprovider.EventActionFilesystemConfig{
Type: dataprovider.FilesystemActionRename,
- Renames: []dataprovider.RenameConfig{
+ Renames: []dataprovider.KeyValue{
{
- KeyValue: dataprovider.KeyValue{
- Key: "/{{.VirtualPath}}",
- Value: fmt.Sprintf("/%s/{{.VirtualPath}}", movePath),
- },
- UpdateModTime: true,
+ Key: "/{{VirtualPath}}",
+ Value: fmt.Sprintf("/%s/{{VirtualPath}}", movePath),
},
},
},
@@ -5104,83 +5025,59 @@ func TestEventRulePreDelete(t *testing.T) {
QuotaFiles: 1000,
},
}
- localUser, _, err := httpdtest.AddUser(u, http.StatusCreated)
- assert.NoError(t, err)
- u = getTestSFTPUser()
- u.QuotaFiles = 1000
- sftpUser, _, err := httpdtest.AddUser(u, http.StatusCreated)
+ user, _, err := httpdtest.AddUser(u, http.StatusCreated)
assert.NoError(t, err)
+ conn, client, err := getSftpClient(user)
+ if assert.NoError(t, err) {
+ defer conn.Close()
+ defer client.Close()
- for _, user := range []dataprovider.User{localUser, sftpUser} {
- conn, client, err := getSftpClient(user)
- if assert.NoError(t, err) {
- defer conn.Close()
- defer client.Close()
-
- testDir := "sub dir"
- err = client.MkdirAll(testDir)
- assert.NoError(t, err)
- err = writeSFTPFile(testFileName, 100, client)
- assert.NoError(t, err)
- err = writeSFTPFile(path.Join(testDir, testFileName), 100, client)
- assert.NoError(t, err)
- modTime := time.Now().Add(-36 * time.Hour)
- err = client.Chtimes(testFileName, modTime, modTime)
- assert.NoError(t, err)
- err = client.Remove(testFileName)
- assert.NoError(t, err)
- err = client.Remove(path.Join(testDir, testFileName))
- assert.NoError(t, err)
- // check files
- _, err = client.Stat(testFileName)
- assert.ErrorIs(t, err, os.ErrNotExist)
- _, err = client.Stat(path.Join(testDir, testFileName))
- assert.ErrorIs(t, err, os.ErrNotExist)
- info, err := client.Stat(path.Join("/", movePath, testFileName))
- assert.NoError(t, err)
- diff := math.Abs(time.Until(info.ModTime()).Seconds())
- assert.LessOrEqual(t, diff, float64(2))
-
- _, err = client.Stat(path.Join("/", movePath, testDir, testFileName))
- assert.NoError(t, err)
- // check quota
- user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK)
- assert.NoError(t, err)
- if user.Username == localUser.Username {
- assert.Equal(t, 0, user.UsedQuotaFiles)
- assert.Equal(t, int64(0), user.UsedQuotaSize)
- folder, _, err := httpdtest.GetFolderByName(movePath, http.StatusOK)
- assert.NoError(t, err)
- assert.Equal(t, 2, folder.UsedQuotaFiles)
- assert.Equal(t, int64(200), folder.UsedQuotaSize)
- } else {
- assert.Equal(t, 1, user.UsedQuotaFiles)
- assert.Equal(t, int64(100), user.UsedQuotaSize)
- }
- // pre-delete action is not executed in movePath
- err = client.Remove(path.Join("/", movePath, testFileName))
- assert.NoError(t, err)
- if user.Username == localUser.Username {
- // check quota
- folder, _, err := httpdtest.GetFolderByName(movePath, http.StatusOK)
- assert.NoError(t, err)
- assert.Equal(t, 1, folder.UsedQuotaFiles)
- assert.Equal(t, int64(100), folder.UsedQuotaSize)
- err = os.RemoveAll(user.GetHomeDir())
- assert.NoError(t, err)
- }
- }
+ testDir := "sub dir"
+ err = client.MkdirAll(testDir)
+ assert.NoError(t, err)
+ err = writeSFTPFile(testFileName, 100, client)
+ assert.NoError(t, err)
+ err = writeSFTPFile(path.Join(testDir, testFileName), 100, client)
+ assert.NoError(t, err)
+ err = client.Remove(testFileName)
+ assert.NoError(t, err)
+ err = client.Remove(path.Join(testDir, testFileName))
+ assert.NoError(t, err)
+ // check files
+ _, err = client.Stat(testFileName)
+ assert.ErrorIs(t, err, os.ErrNotExist)
+ _, err = client.Stat(path.Join(testDir, testFileName))
+ assert.ErrorIs(t, err, os.ErrNotExist)
+ _, err = client.Stat(path.Join("/", movePath, testFileName))
+ assert.NoError(t, err)
+ _, err = client.Stat(path.Join("/", movePath, testDir, testFileName))
+ assert.NoError(t, err)
+ // check quota
+ user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK)
+ assert.NoError(t, err)
+ assert.Equal(t, 0, user.UsedQuotaFiles)
+ assert.Equal(t, int64(0), user.UsedQuotaSize)
+ folder, _, err := httpdtest.GetFolderByName(movePath, http.StatusOK)
+ assert.NoError(t, err)
+ assert.Equal(t, 2, folder.UsedQuotaFiles)
+ assert.Equal(t, int64(200), folder.UsedQuotaSize)
+ // pre-delete action is not executed in movePath
+ err = client.Remove(path.Join("/", movePath, testFileName))
+ assert.NoError(t, err)
+ // check quota
+ folder, _, err = httpdtest.GetFolderByName(movePath, http.StatusOK)
+ assert.NoError(t, err)
+ assert.Equal(t, 1, folder.UsedQuotaFiles)
+ assert.Equal(t, int64(100), folder.UsedQuotaSize)
}
_, err = httpdtest.RemoveEventRule(rule1, http.StatusOK)
assert.NoError(t, err)
_, err = httpdtest.RemoveEventAction(action1, http.StatusOK)
assert.NoError(t, err)
- _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK)
+ _, err = httpdtest.RemoveUser(user, http.StatusOK)
assert.NoError(t, err)
- _, err = httpdtest.RemoveUser(localUser, http.StatusOK)
- assert.NoError(t, err)
- err = os.RemoveAll(localUser.GetHomeDir())
+ err = os.RemoveAll(user.GetHomeDir())
assert.NoError(t, err)
_, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: movePath}, http.StatusOK)
assert.NoError(t, err)
@@ -5208,12 +5105,10 @@ func TestEventRulePreDownloadUpload(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
FsConfig: dataprovider.EventActionFilesystemConfig{
Type: dataprovider.FilesystemActionRename,
- Renames: []dataprovider.RenameConfig{
+ Renames: []dataprovider.KeyValue{
{
- KeyValue: dataprovider.KeyValue{
- Key: "/missing source",
- Value: "/missing target",
- },
+ Key: "/missing source",
+ Value: "/missing target",
},
},
},
@@ -5402,7 +5297,6 @@ func TestEventActionCommandEnvVars(t *testing.T) {
}
func TestFsActionCopy(t *testing.T) {
- dirCopy := "/dircopy"
a1 := dataprovider.BaseEventAction{
Name: "a1",
Type: dataprovider.ActionTypeFilesystem,
@@ -5411,8 +5305,8 @@ func TestFsActionCopy(t *testing.T) {
Type: dataprovider.FilesystemActionCopy,
Copy: []dataprovider.KeyValue{
{
- Key: "/{{.VirtualPath}}/",
- Value: dirCopy + "/",
+ Key: "/{{VirtualPath}}/",
+ Value: "/dircopy/",
},
},
},
@@ -5442,29 +5336,7 @@ func TestFsActionCopy(t *testing.T) {
}
rule1, _, err := httpdtest.AddEventRule(r1, http.StatusCreated)
assert.NoError(t, err)
- g1 := dataprovider.Group{
- BaseGroup: sdk.BaseGroup{
- Name: "group1",
- },
- UserSettings: dataprovider.GroupUserSettings{
- BaseGroupUserSettings: sdk.BaseGroupUserSettings{
- Permissions: map[string][]string{
- // Restrict permissions in copyPath to check that action
- // will have full permissions anyway.
- dirCopy: {dataprovider.PermListItems, dataprovider.PermDelete},
- },
- },
- },
- }
- group1, resp, err := httpdtest.AddGroup(g1, http.StatusCreated)
- assert.NoError(t, err, string(resp))
u := getTestUser()
- u.Groups = []sdk.GroupMapping{
- {
- Name: group1.Name,
- Type: sdk.GroupTypePrimary,
- },
- }
user, _, err := httpdtest.AddUser(u, http.StatusCreated)
assert.NoError(t, err)
conn, client, err := getSftpClient(user)
@@ -5474,7 +5346,7 @@ func TestFsActionCopy(t *testing.T) {
err = writeSFTPFile(testFileName, 100, client)
assert.NoError(t, err)
- _, err = client.Stat(path.Join(dirCopy, testFileName))
+ _, err = client.Stat(path.Join("dircopy", testFileName))
assert.NoError(t, err)
action1.Options.FsConfig.Copy = []dataprovider.KeyValue{
@@ -5497,8 +5369,6 @@ func TestFsActionCopy(t *testing.T) {
assert.NoError(t, err)
err = os.RemoveAll(user.GetHomeDir())
assert.NoError(t, err)
- _, err = httpdtest.RemoveGroup(group1, http.StatusOK)
- assert.NoError(t, err)
}
func TestEventFsActionsGroupFilters(t *testing.T) {
@@ -5517,8 +5387,8 @@ func TestEventFsActionsGroupFilters(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"example@example.net"},
- Subject: `New "{{.Event}}" from "{{.Name}}" status {{.StatusString}}`,
- Body: "Fs path {{.FsPath}}, size: {{.FileSize}}, protocol: {{.Protocol}}, IP: {{.IP}} {{.ErrorString}}",
+ Subject: `New "{{Event}}" from "{{Name}}" status {{StatusString}}`,
+ Body: "Fs path {{FsPath}}, size: {{FileSize}}, protocol: {{Protocol}}, IP: {{IP}} {{ErrorString}}",
},
},
}
@@ -5648,8 +5518,8 @@ func TestEventProviderActionGroupFilters(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"example@example.net"},
- Subject: `New "{{.Event}}" from "{{.Name}}"`,
- Body: "IP: {{.IP}}",
+ Subject: `New "{{Event}}" from "{{Name}}"`,
+ Body: "IP: {{IP}}",
},
},
}
@@ -5775,7 +5645,7 @@ func TestBackupAsAttachment(t *testing.T) {
require.NoError(t, err)
a1 := dataprovider.BaseEventAction{
- Name: "a1 with space",
+ Name: "a1",
Type: dataprovider.ActionTypeBackup,
}
a2 := dataprovider.BaseEventAction{
@@ -5784,9 +5654,9 @@ func TestBackupAsAttachment(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"test@example.com"},
- Subject: `"{{.Event}} {{.StatusString}}"`,
- Body: "Domain: {{.Name}}",
- Attachments: []string{"/{{.VirtualPath}}"},
+ Subject: `"{{Event}} {{StatusString}}"`,
+ Body: "Domain: {{Name}}",
+ Attachments: []string{"/{{VirtualPath}}"},
},
},
}
@@ -5831,7 +5701,7 @@ func TestBackupAsAttachment(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email := lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "test@example.com"))
+ assert.True(t, util.Contains(email.To, "test@example.com"))
assert.Contains(t, email.Data, fmt.Sprintf(`Subject: "%s OK"`, renewalEvent))
assert.Contains(t, email.Data, `Domain: example.com`)
assert.Contains(t, email.Data, "Content-Type: application/json")
@@ -5865,11 +5735,11 @@ func TestEventActionHTTPMultipart(t *testing.T) {
Value: "application/json",
},
},
- Body: `{"FilePath": "{{.VirtualPath}}"}`,
+ Body: `{"FilePath": "{{VirtualPath}}"}`,
},
{
Name: "file",
- Filepath: "/{{.VirtualPath}}",
+ Filepath: "/{{VirtualPath}}",
},
},
},
@@ -5945,8 +5815,8 @@ func TestEventActionCompress(t *testing.T) {
FsConfig: dataprovider.EventActionFilesystemConfig{
Type: dataprovider.FilesystemActionCompress,
Compress: dataprovider.EventActionFsCompress{
- Name: "/{{.VirtualPath}}.zip",
- Paths: []string{"/{{.VirtualPath}}"},
+ Name: "/{{VirtualPath}}.zip",
+ Paths: []string{"/{{VirtualPath}}"},
},
},
},
@@ -6116,7 +5986,7 @@ func TestEventActionCompressQuotaErrors(t *testing.T) {
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"test@example.com"},
Subject: `"Compress failed"`,
- Body: "Error: {{.ErrorString}}",
+ Body: "Error: {{ErrorString}}",
},
},
}
@@ -6201,7 +6071,7 @@ func TestEventActionCompressQuotaErrors(t *testing.T) {
}, 3*time.Second, 100*time.Millisecond)
email := lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "test@example.com"))
+ assert.True(t, util.Contains(email.To, "test@example.com"))
assert.Contains(t, email.Data, `Subject: "Compress failed"`)
assert.Contains(t, email.Data, common.ErrQuotaExceeded.Error())
// update quota size so the user is already overquota
@@ -6216,7 +6086,7 @@ func TestEventActionCompressQuotaErrors(t *testing.T) {
}, 3*time.Second, 100*time.Millisecond)
email = lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "test@example.com"))
+ assert.True(t, util.Contains(email.To, "test@example.com"))
assert.Contains(t, email.Data, `Subject: "Compress failed"`)
assert.Contains(t, email.Data, common.ErrQuotaExceeded.Error())
// remove the path to compress to trigger an error for size estimation
@@ -6230,7 +6100,7 @@ func TestEventActionCompressQuotaErrors(t *testing.T) {
}, 3*time.Second, 100*time.Millisecond)
email = lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "test@example.com"))
+ assert.True(t, util.Contains(email.To, "test@example.com"))
assert.Contains(t, email.Data, `Subject: "Compress failed"`)
assert.Contains(t, email.Data, "unable to estimate archive size")
}
@@ -6260,8 +6130,8 @@ func TestEventActionCompressQuotaFolder(t *testing.T) {
FsConfig: dataprovider.EventActionFilesystemConfig{
Type: dataprovider.FilesystemActionCompress,
Compress: dataprovider.EventActionFsCompress{
- Name: "/{{.VirtualPath}}.zip",
- Paths: []string{"/{{.VirtualPath}}", testDir},
+ Name: "/{{VirtualPath}}.zip",
+ Paths: []string{"/{{VirtualPath}}", testDir},
},
},
},
@@ -6359,8 +6229,8 @@ func TestEventActionCompressQuotaFolder(t *testing.T) {
assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize)
vfolder, _, err := httpdtest.GetFolderByName(folderName, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, 0, vfolder.UsedQuotaFiles)
- assert.Equal(t, int64(0), vfolder.UsedQuotaSize)
+ assert.Equal(t, 2, vfolder.UsedQuotaFiles)
+ assert.Equal(t, info.Size()+int64(len(testFileContent)), vfolder.UsedQuotaSize)
}
}
@@ -6386,8 +6256,8 @@ func TestEventActionCompressErrors(t *testing.T) {
FsConfig: dataprovider.EventActionFilesystemConfig{
Type: dataprovider.FilesystemActionCompress,
Compress: dataprovider.EventActionFsCompress{
- Name: "/{{.VirtualPath}}.zip",
- Paths: []string{"/{{.VirtualPath}}.zip"}, // cannot compress itself
+ Name: "/{{VirtualPath}}.zip",
+ Paths: []string{"/{{VirtualPath}}.zip"}, // cannot compress itself
},
},
},
@@ -6449,7 +6319,7 @@ func TestEventActionCompressErrors(t *testing.T) {
// try to overwrite a directory
testDir := "/adir"
action1.Options.FsConfig.Compress.Name = testDir
- action1.Options.FsConfig.Compress.Paths = []string{"/{{.VirtualPath}}"}
+ action1.Options.FsConfig.Compress.Paths = []string{"/{{VirtualPath}}"}
_, _, err = httpdtest.UpdateEventAction(action1, http.StatusOK)
assert.NoError(t, err)
conn, client, err = getSftpClient(user)
@@ -6494,8 +6364,8 @@ func TestEventActionEmailAttachments(t *testing.T) {
FsConfig: dataprovider.EventActionFilesystemConfig{
Type: dataprovider.FilesystemActionCompress,
Compress: dataprovider.EventActionFsCompress{
- Name: "/archive/{{.VirtualPath}}.zip",
- Paths: []string{"/{{.VirtualPath}}"},
+ Name: "/archive/{{VirtualPath}}.zip",
+ Paths: []string{"/{{VirtualPath}}"},
},
},
},
@@ -6508,9 +6378,9 @@ func TestEventActionEmailAttachments(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"test@example.com"},
- Subject: `"{{.Event}}" from "{{.Name}}"`,
- Body: "Fs path {{.FsPath}}, size: {{.FileSize}}, protocol: {{.Protocol}}, IP: {{.IP}} {{.EscapedVirtualPath}}",
- Attachments: []string{"/archive/{{.VirtualPath}}.zip"},
+ Subject: `"{{Event}}" from "{{Name}}"`,
+ Body: "Fs path {{FsPath}}, size: {{FileSize}}, protocol: {{Protocol}}, IP: {{IP}} {{EscapedVirtualPath}}",
+ Attachments: []string{"/archive/{{VirtualPath}}.zip"},
},
},
}
@@ -6566,7 +6436,7 @@ func TestEventActionEmailAttachments(t *testing.T) {
}, 1500*time.Millisecond, 100*time.Millisecond)
email := lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "test@example.com"))
+ assert.True(t, util.Contains(email.To, "test@example.com"))
assert.Contains(t, email.Data, `Subject: "upload" from`)
assert.Contains(t, email.Data, url.QueryEscape("/"+testFileName))
assert.Contains(t, email.Data, "Content-Disposition: attachment")
@@ -6629,8 +6499,8 @@ func TestEventActionsRetentionReports(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"test@example.com"},
- Subject: `"{{.Event}}" from "{{.Name}}"`,
- Body: "Fs path {{.FsPath}}, size: {{.FileSize}}, protocol: {{.Protocol}}, IP: {{.IP}}",
+ Subject: `"{{Event}}" from "{{Name}}"`,
+ Body: "Fs path {{FsPath}}, size: {{FileSize}}, protocol: {{Protocol}}, IP: {{IP}}",
Attachments: []string{dataprovider.RetentionReportPlaceHolder},
},
},
@@ -6744,7 +6614,7 @@ func TestEventActionsRetentionReports(t *testing.T) {
email := lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "test@example.com"))
+ assert.True(t, util.Contains(email.To, "test@example.com"))
assert.Contains(t, email.Data, fmt.Sprintf(`Subject: "upload" from "%s"`, user.Username))
assert.Contains(t, email.Data, "Content-Disposition: attachment")
_, err = client.Stat(testDir)
@@ -6857,8 +6727,8 @@ func TestEventRuleFirstUploadDownloadActions(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"test@example.com"},
- Subject: `"{{.Event}}" from "{{.Name}}"`,
- Body: "Fs path {{.FsPath}}, size: {{.FileSize}}, protocol: {{.Protocol}}, IP: {{.IP}}",
+ Subject: `"{{Event}}" from "{{Name}}"`,
+ Body: "Fs path {{FsPath}}, size: {{FileSize}}, protocol: {{Protocol}}, IP: {{IP}}",
},
},
}
@@ -6917,7 +6787,7 @@ func TestEventRuleFirstUploadDownloadActions(t *testing.T) {
}, 1500*time.Millisecond, 100*time.Millisecond)
email := lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "test@example.com"))
+ assert.True(t, util.Contains(email.To, "test@example.com"))
assert.Contains(t, email.Data, fmt.Sprintf(`Subject: "first-upload" from "%s"`, user.Username))
lastReceivedEmail.reset()
// a new upload will not produce a new notification
@@ -6940,7 +6810,7 @@ func TestEventRuleFirstUploadDownloadActions(t *testing.T) {
}, 1500*time.Millisecond, 100*time.Millisecond)
email = lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "test@example.com"))
+ assert.True(t, util.Contains(email.To, "test@example.com"))
assert.Contains(t, email.Data, fmt.Sprintf(`Subject: "first-download" from "%s"`, user.Username))
// download again
lastReceivedEmail.reset()
@@ -6989,9 +6859,9 @@ func TestEventRuleRenameEvent(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"test@example.com"},
- Subject: `"{{.Event}}" from "{{.Name}}"`,
+ Subject: `"{{Event}}" from "{{Name}}"`,
ContentType: 1,
- Body: `Fs path {{.FsPath}}, Name: {{.Name}}, Target path "{{.VirtualTargetDirPath}}/{{.TargetName}}", size: {{.FileSize}}
`,
+ Body: `Fs path {{FsPath}}, Target path "{{VirtualTargetDirPath}}/{{TargetName}}", size: {{FileSize}}
`,
},
},
}
@@ -7016,9 +6886,7 @@ func TestEventRuleRenameEvent(t *testing.T) {
rule1, _, err := httpdtest.AddEventRule(r1, http.StatusCreated)
assert.NoError(t, err)
- u := getTestUser()
- u.Username = "test & chars"
- user, _, err := httpdtest.AddUser(u, http.StatusCreated)
+ user, _, err := httpdtest.AddUser(getTestUser(), http.StatusCreated)
assert.NoError(t, err)
conn, client, err := getSftpClient(user)
if assert.NoError(t, err) {
@@ -7038,11 +6906,10 @@ func TestEventRuleRenameEvent(t *testing.T) {
}, 1500*time.Millisecond, 100*time.Millisecond)
email := lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "test@example.com"))
+ assert.True(t, util.Contains(email.To, "test@example.com"))
assert.Contains(t, email.Data, fmt.Sprintf(`Subject: "rename" from "%s"`, user.Username))
assert.Contains(t, email.Data, "Content-Type: text/html")
assert.Contains(t, email.Data, fmt.Sprintf("Target path %q", path.Join("/subdir", testFileName)))
- assert.Contains(t, email.Data, "Name: test & chars,")
}
_, err = httpdtest.RemoveEventRule(rule1, http.StatusOK)
@@ -7070,12 +6937,12 @@ func TestEventRuleIDPLogin(t *testing.T) {
require.NoError(t, err)
lastReceivedEmail.reset()
- username := `test_'idp_'login`
+ username := `test_"idp_"login`
custom1 := `cust"oa"1`
u := map[string]any{
- "username": "{{.Name}}",
+ "username": "{{Name}}",
"status": 1,
- "home_dir": filepath.Join(os.TempDir(), "{{.IDPFieldcustom1}}"),
+ "home_dir": filepath.Join(os.TempDir(), "{{IDPFieldcustom1}}"),
"permissions": map[string][]string{
"/": {dataprovider.PermAny},
},
@@ -7083,7 +6950,7 @@ func TestEventRuleIDPLogin(t *testing.T) {
userTmpl, err := json.Marshal(u)
require.NoError(t, err)
a := map[string]any{
- "username": "{{.Name}}",
+ "username": "{{Name}}",
"status": 1,
"permissions": []string{dataprovider.PermAdminAny},
}
@@ -7109,8 +6976,8 @@ func TestEventRuleIDPLogin(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"test@example.com"},
- Subject: `"{{.Event}} {{.StatusString}}"`,
- Body: "{{.Name}} Custom field: {{.IDPFieldcustom1}}",
+ Subject: `"{{Event}} {{StatusString}}"`,
+ Body: "{{Name}} Custom field: {{IDPFieldcustom1}}",
},
},
}
@@ -7173,7 +7040,7 @@ func TestEventRuleIDPLogin(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email := lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "test@example.com"))
+ assert.True(t, util.Contains(email.To, "test@example.com"))
assert.Contains(t, email.Data, fmt.Sprintf(`Subject: "%s OK"`, common.IDPLoginUser))
assert.Contains(t, email.Data, username)
assert.Contains(t, email.Data, custom1)
@@ -7237,7 +7104,7 @@ func TestEventRuleIDPLogin(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email = lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "test@example.com"))
+ assert.True(t, util.Contains(email.To, "test@example.com"))
assert.Contains(t, email.Data, fmt.Sprintf(`Subject: "%s OK"`, common.IDPLoginAdmin))
assert.Contains(t, email.Data, username)
assert.Contains(t, email.Data, custom1)
@@ -7355,8 +7222,8 @@ func TestEventRuleEmailField(t *testing.T) {
Type: dataprovider.ActionTypeEmail,
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
- Recipients: []string{"{{.Email}}"},
- Subject: `"{{.Event}}" from "{{.Name}}"`,
+ Recipients: []string{"{{Email}}"},
+ Subject: `"{{Event}}" from "{{Name}}"`,
Body: "Sample email body",
},
},
@@ -7370,7 +7237,7 @@ func TestEventRuleEmailField(t *testing.T) {
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"failure@example.com"},
Subject: `"Failure`,
- Body: "{{.ErrorString}}",
+ Body: "{{ErrorString}}",
},
},
}
@@ -7397,9 +7264,6 @@ func TestEventRuleEmailField(t *testing.T) {
Trigger: dataprovider.EventTriggerProviderEvent,
Conditions: dataprovider.EventConditions{
ProviderEvents: []string{"add"},
- Options: dataprovider.ConditionOptions{
- ProviderObjects: []string{"user"},
- },
},
Actions: []dataprovider.EventAction{
{
@@ -7432,7 +7296,7 @@ func TestEventRuleEmailField(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email := lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, user.Email))
+ assert.True(t, util.Contains(email.To, user.Email))
assert.Contains(t, email.Data, `Subject: "add" from "admin"`)
// if we add a user without email the notification will fail
@@ -7446,7 +7310,7 @@ func TestEventRuleEmailField(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email = lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "failure@example.com"))
+ assert.True(t, util.Contains(email.To, "failure@example.com"))
assert.Contains(t, email.Data, `no recipient addresses set`)
conn, client, err := getSftpClient(user)
@@ -7463,7 +7327,7 @@ func TestEventRuleEmailField(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email := lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, user.Email))
+ assert.True(t, util.Contains(email.To, user.Email))
assert.Contains(t, email.Data, fmt.Sprintf(`Subject: "mkdir" from "%s"`, user.Username))
}
@@ -7504,9 +7368,9 @@ func TestEventRuleCertificate(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"test@example.com"},
- Subject: `"{{.Event}} {{.StatusString}}"`,
+ Subject: `"{{Event}} {{StatusString}}"`,
ContentType: 0,
- Body: "Domain: {{.Name}} Timestamp: {{.Timestamp}} {{.ErrorString}} Date time: {{.DateTime}}",
+ Body: "Domain: {{Name}} Timestamp: {{Timestamp}} {{ErrorString}} Date time: {{DateTime}}",
},
},
}
@@ -7570,7 +7434,7 @@ func TestEventRuleCertificate(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email := lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "test@example.com"))
+ assert.True(t, util.Contains(email.To, "test@example.com"))
assert.Contains(t, email.Data, fmt.Sprintf(`Subject: "%s OK"`, renewalEvent))
assert.Contains(t, email.Data, "Content-Type: text/plain")
assert.Contains(t, email.Data, `Domain: example.com Timestamp`)
@@ -7591,7 +7455,7 @@ func TestEventRuleCertificate(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email = lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "test@example.com"))
+ assert.True(t, util.Contains(email.To, "test@example.com"))
assert.Contains(t, email.Data, fmt.Sprintf(`Subject: "%s KO"`, renewalEvent))
assert.Contains(t, email.Data, `Domain: example.com Timestamp`)
assert.Contains(t, email.Data, dateTime.UTC().Format("2006-01-02T15:04:05.000"))
@@ -7644,8 +7508,8 @@ func TestEventRuleIPBlocked(t *testing.T) {
Options: dataprovider.BaseEventActionOptions{
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"test3@example.com", "test4@example.com"},
- Subject: `New "{{.Event}}"`,
- Body: "IP: {{.IP}} Timestamp: {{.Timestamp}}",
+ Subject: `New "{{Event}}"`,
+ Body: "IP: {{IP}} Timestamp: {{Timestamp}}",
},
},
}
@@ -7718,8 +7582,8 @@ func TestEventRuleIPBlocked(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email := lastReceivedEmail.get()
assert.Len(t, email.To, 2)
- assert.True(t, slices.Contains(email.To, "test3@example.com"))
- assert.True(t, slices.Contains(email.To, "test4@example.com"))
+ assert.True(t, util.Contains(email.To, "test3@example.com"))
+ assert.True(t, util.Contains(email.To, "test4@example.com"))
assert.Contains(t, email.Data, `Subject: New "IP Blocked"`)
err = dataprovider.DeleteEventRule(rule1.Name, "", "", "")
@@ -8107,7 +7971,6 @@ func TestEventRulePasswordExpiration(t *testing.T) {
_, _, err = httpdtest.UpdateEventRule(rule1, http.StatusOK)
assert.NoError(t, err)
user.Email = "user@example.net"
- user.Filters.AdditionalEmails = []string{"additional@example.net"}
_, _, err = httpdtest.UpdateUser(user, http.StatusOK, "")
assert.NoError(t, err)
conn, client, err = getSftpClient(user)
@@ -8123,9 +7986,8 @@ func TestEventRulePasswordExpiration(t *testing.T) {
return lastReceivedEmail.get().From != ""
}, 1500*time.Millisecond, 100*time.Millisecond)
email := lastReceivedEmail.get()
- assert.Len(t, email.To, 2)
+ assert.Len(t, email.To, 1)
assert.Contains(t, email.To, user.Email)
- assert.Contains(t, email.To, user.Filters.AdditionalEmails[0])
assert.Contains(t, email.Data, "your SFTPGo password expires in 5 days")
err = client.RemoveDirectory(dirName)
assert.NoError(t, err)
@@ -8346,12 +8208,7 @@ func TestRetentionAPI(t *testing.T) {
DeleteEmptyDirs: true,
},
}
- check := common.RetentionCheck{
- Folders: folderRetention,
- }
- c := common.RetentionChecks.Add(check, &user)
- assert.NotNil(t, c)
- err = c.Start()
+ _, err = httpdtest.StartRetentionCheck(user.Username, folderRetention, http.StatusAccepted)
assert.NoError(t, err)
assert.Eventually(t, func() bool {
@@ -8364,7 +8221,7 @@ func TestRetentionAPI(t *testing.T) {
err = client.Chtimes(uploadPath, time.Now().Add(-48*time.Hour), time.Now().Add(-48*time.Hour))
assert.NoError(t, err)
- err = c.Start()
+ _, err = httpdtest.StartRetentionCheck(user.Username, folderRetention, http.StatusAccepted)
assert.NoError(t, err)
assert.Eventually(t, func() bool {
@@ -8382,13 +8239,11 @@ func TestRetentionAPI(t *testing.T) {
err = writeSFTPFile(uploadPath, 32, client)
assert.NoError(t, err)
- check.Folders[0].DeleteEmptyDirs = false
+ folderRetention[0].DeleteEmptyDirs = false
err = client.Chtimes(uploadPath, time.Now().Add(-48*time.Hour), time.Now().Add(-48*time.Hour))
assert.NoError(t, err)
- c = common.RetentionChecks.Add(check, &user)
- assert.NotNil(t, c)
- err = c.Start()
+ _, err = httpdtest.StartRetentionCheck(user.Username, folderRetention, http.StatusAccepted)
assert.NoError(t, err)
assert.Eventually(t, func() bool {
@@ -8405,8 +8260,6 @@ func TestRetentionAPI(t *testing.T) {
assert.NoError(t, err)
err = client.Chtimes(uploadPath, time.Now().Add(-48*time.Hour), time.Now().Add(-48*time.Hour))
assert.NoError(t, err)
- conn.Close()
- client.Close()
}
// remove delete permissions to the user, it will be automatically granted
@@ -8417,6 +8270,9 @@ func TestRetentionAPI(t *testing.T) {
conn, client, err = getSftpClient(user)
if assert.NoError(t, err) {
+ defer conn.Close()
+ defer client.Close()
+
innerUploadFilePath := path.Join("/"+testDir, testDir, testFileName)
err = client.Mkdir(path.Join(testDir, testDir))
assert.NoError(t, err)
@@ -8441,12 +8297,7 @@ func TestRetentionAPI(t *testing.T) {
Retention: 0,
},
}
- check := common.RetentionCheck{
- Folders: folderRetention,
- }
- c := common.RetentionChecks.Add(check, &user)
- assert.NotNil(t, c)
- err = c.Start()
+ _, err = httpdtest.StartRetentionCheck(user.Username, folderRetention, http.StatusAccepted)
assert.NoError(t, err)
assert.Eventually(t, func() bool {
@@ -8467,12 +8318,7 @@ func TestRetentionAPI(t *testing.T) {
},
}
- check = common.RetentionCheck{
- Folders: folderRetention,
- }
- c = common.RetentionChecks.Add(check, &user)
- assert.NotNil(t, c)
- err = c.Start()
+ _, err = httpdtest.StartRetentionCheck(user.Username, folderRetention, http.StatusAccepted)
assert.NoError(t, err)
assert.Eventually(t, func() bool {
@@ -8481,8 +8327,6 @@ func TestRetentionAPI(t *testing.T) {
_, err = client.Stat(innerUploadFilePath)
assert.ErrorIs(t, err, os.ErrNotExist)
- conn.Close()
- client.Close()
}
// finally test some errors removing files or folders
if runtime.GOOS != osWindows {
@@ -8508,13 +8352,8 @@ func TestRetentionAPI(t *testing.T) {
},
}
- check := common.RetentionCheck{
- Folders: folderRetention,
- }
- c := common.RetentionChecks.Add(check, &user)
- assert.NotNil(t, c)
- err = c.Start()
- assert.ErrorIs(t, err, os.ErrPermission)
+ _, err = httpdtest.StartRetentionCheck(user.Username, folderRetention, http.StatusAccepted)
+ assert.NoError(t, err)
assert.Eventually(t, func() bool {
return len(common.RetentionChecks.Get("")) == 0
@@ -8523,10 +8362,8 @@ func TestRetentionAPI(t *testing.T) {
err = os.Chmod(dirPath, 0555)
assert.NoError(t, err)
- c = common.RetentionChecks.Add(check, &user)
- assert.NotNil(t, c)
- err = c.Start()
- assert.ErrorIs(t, err, os.ErrPermission)
+ _, err = httpdtest.StartRetentionCheck(user.Username, folderRetention, http.StatusAccepted)
+ assert.NoError(t, err)
assert.Eventually(t, func() bool {
return len(common.RetentionChecks.Get("")) == 0
@@ -8535,12 +8372,7 @@ func TestRetentionAPI(t *testing.T) {
err = os.Chmod(dirPath, os.ModePerm)
assert.NoError(t, err)
- check = common.RetentionCheck{
- Folders: folderRetention,
- }
- c = common.RetentionChecks.Add(check, &user)
- assert.NotNil(t, c)
- err = c.Start()
+ _, err = httpdtest.StartRetentionCheck(user.Username, folderRetention, http.StatusAccepted)
assert.NoError(t, err)
assert.Eventually(t, func() bool {
@@ -8554,93 +8386,6 @@ func TestRetentionAPI(t *testing.T) {
assert.NoError(t, err)
err = os.RemoveAll(user.GetHomeDir())
assert.NoError(t, err)
-
- assert.Eventually(t, func() bool {
- return common.Connections.GetClientConnections() == 0
- }, 1*time.Second, 50*time.Millisecond)
-}
-
-func TestPerUserTransferLimits(t *testing.T) {
- oldMaxPerHostConns := common.Config.MaxPerHostConnections
-
- common.Config.MaxPerHostConnections = 2
-
- u := getTestUser()
- u.UploadBandwidth = 32
- user, _, err := httpdtest.AddUser(u, http.StatusCreated)
- if !assert.NoError(t, err) {
- printLatestLogs(20)
- }
- conn, client, err := getSftpClient(user)
- if assert.NoError(t, err) {
- defer conn.Close()
- defer client.Close()
-
- var wg sync.WaitGroup
- numErrors := 0
- for i := 0; i <= 2; i++ {
- wg.Add(1)
- go func(counter int) {
- defer wg.Done()
-
- time.Sleep(20 * time.Millisecond)
- err := writeSFTPFile(fmt.Sprintf("%s_%d", testFileName, counter), 64*1024, client)
- if err != nil {
- numErrors++
- }
- }(i)
- }
- wg.Wait()
-
- assert.Equal(t, 1, numErrors)
- }
- _, err = httpdtest.RemoveUser(user, http.StatusOK)
- assert.NoError(t, err)
- err = os.RemoveAll(user.GetHomeDir())
- assert.NoError(t, err)
-
- common.Config.MaxPerHostConnections = oldMaxPerHostConns
-}
-
-func TestMaxSessionsSameConnection(t *testing.T) {
- u := getTestUser()
- u.UploadBandwidth = 32
- u.MaxSessions = 2
- user, _, err := httpdtest.AddUser(u, http.StatusCreated)
- assert.NoError(t, err)
- conn, client, err := getSftpClient(user)
- if assert.NoError(t, err) {
- defer conn.Close()
- defer client.Close()
-
- var wg sync.WaitGroup
- numErrors := 0
- for i := 0; i <= 2; i++ {
- wg.Add(1)
- go func(counter int) {
- defer wg.Done()
-
- var err error
- if counter < 2 {
- err = writeSFTPFile(fmt.Sprintf("%s_%d", testFileName, counter), 64*1024, client)
- } else {
- // wait for the transfers to start
- time.Sleep(50 * time.Millisecond)
- _, _, err = getSftpClient(user)
- }
- if err != nil {
- numErrors++
- }
- }(i)
- }
-
- wg.Wait()
- assert.Equal(t, 1, numErrors)
- }
- _, err = httpdtest.RemoveUser(user, http.StatusOK)
- assert.NoError(t, err)
- err = os.RemoveAll(user.GetHomeDir())
- assert.NoError(t, err)
}
func TestRenameDir(t *testing.T) {
@@ -9010,7 +8755,7 @@ func TestSFTPLoopError(t *testing.T) {
}, 3000*time.Millisecond, 100*time.Millisecond)
email := lastReceivedEmail.get()
assert.Len(t, email.To, 1)
- assert.True(t, slices.Contains(email.To, "failure@example.com"))
+ assert.True(t, util.Contains(email.To, "failure@example.com"))
assert.Contains(t, email.Data, `Subject: Failed action`)
user1.VirtualFolders[0].FsConfig.SFTPConfig.Password = kms.NewPlainSecret(defaultPassword)
diff --git a/internal/common/ratelimiter.go b/internal/common/ratelimiter.go
index 85d88092..1caa2ebf 100644
--- a/internal/common/ratelimiter.go
+++ b/internal/common/ratelimiter.go
@@ -17,7 +17,6 @@ package common
import (
"errors"
"fmt"
- "slices"
"sort"
"sync"
"sync/atomic"
@@ -95,7 +94,7 @@ func (r *RateLimiterConfig) validate() error {
}
r.Protocols = util.RemoveDuplicates(r.Protocols, true)
for _, protocol := range r.Protocols {
- if !slices.Contains(rateLimiterProtocolValues, protocol) {
+ if !util.Contains(rateLimiterProtocolValues, protocol) {
return fmt.Errorf("invalid protocol %q", protocol)
}
}
diff --git a/internal/common/tlsutils.go b/internal/common/tlsutils.go
index a7dfb0c6..c604728d 100644
--- a/internal/common/tlsutils.go
+++ b/internal/common/tlsutils.go
@@ -25,7 +25,6 @@ import (
"math/rand"
"os"
"path/filepath"
- "slices"
"sync"
"github.com/drakkan/sftpgo/v2/internal/logger"
@@ -97,7 +96,7 @@ func (m *CertManager) loadCertificates() error {
}
logger.Debug(m.logSender, "", "TLS certificate %q successfully loaded, id %v", keyPair.Cert, keyPair.ID)
certs[keyPair.ID] = &newCert
- if !slices.Contains(m.monitorList, keyPair.Cert) {
+ if !util.Contains(m.monitorList, keyPair.Cert) {
m.monitorList = append(m.monitorList, keyPair.Cert)
}
}
@@ -191,7 +190,7 @@ func (m *CertManager) LoadCRLs() error {
logger.Debug(m.logSender, "", "CRL %q successfully loaded", revocationList)
crls = append(crls, crl)
- if !slices.Contains(m.monitorList, revocationList) {
+ if !util.Contains(m.monitorList, revocationList) {
m.monitorList = append(m.monitorList, revocationList)
}
}
diff --git a/internal/common/transfer.go b/internal/common/transfer.go
index df9638b1..f4e78e30 100644
--- a/internal/common/transfer.go
+++ b/internal/common/transfer.go
@@ -35,7 +35,7 @@ var (
)
// BaseTransfer contains protocols common transfer details for an upload or a download.
-type BaseTransfer struct {
+type BaseTransfer struct { //nolint:maligned
ID int64
BytesSent atomic.Int64
BytesReceived atomic.Int64
@@ -329,21 +329,6 @@ func (t *BaseTransfer) getUploadFileSize() (int64, int, error) {
var fileSize int64
var deletedFiles int
- switch dataprovider.GetQuotaTracking() {
- case 0:
- return fileSize, deletedFiles, errors.New("quota tracking disabled")
- case 2:
- if !t.Connection.User.HasQuotaRestrictions() {
- vfolder, err := t.Connection.User.GetVirtualFolderForPath(path.Dir(t.requestPath))
- if err != nil {
- return fileSize, deletedFiles, errors.New("quota tracking disabled for this user")
- }
- if vfolder.IsIncludedInUserQuota() {
- return fileSize, deletedFiles, errors.New("quota tracking disabled for this user and folder included in user quota")
- }
- }
- }
-
info, err := t.Fs.Stat(t.fsPath)
if err == nil {
fileSize = info.Size()
@@ -409,7 +394,7 @@ func (t *BaseTransfer) Close() error {
t.effectiveFsPath, err)
} else if t.isAtomicUpload() {
if t.ErrTransfer == nil || Config.UploadMode&UploadModeAtomicWithResume != 0 {
- _, _, err = t.Fs.Rename(t.effectiveFsPath, t.fsPath, 0)
+ _, _, err = t.Fs.Rename(t.effectiveFsPath, t.fsPath)
t.Connection.Log(logger.LevelDebug, "atomic upload completed, rename: %q -> %q, error: %v",
t.effectiveFsPath, t.fsPath, err)
// the file must be removed if it is uploaded to a path outside the home dir and cannot be renamed
@@ -536,8 +521,11 @@ func (t *BaseTransfer) updateQuota(numFiles int, fileSize int64) bool {
if t.transferType == TransferUpload && (numFiles != 0 || sizeDiff != 0) {
vfolder, err := t.Connection.User.GetVirtualFolderForPath(path.Dir(t.requestPath))
if err == nil {
- dataprovider.UpdateUserFolderQuota(&vfolder, &t.Connection.User, numFiles,
+ dataprovider.UpdateVirtualFolderQuota(&vfolder.BaseVirtualFolder, numFiles, //nolint:errcheck
sizeDiff, false)
+ if vfolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&t.Connection.User, numFiles, sizeDiff, false) //nolint:errcheck
+ }
} else {
dataprovider.UpdateUserQuota(&t.Connection.User, numFiles, sizeDiff, false) //nolint:errcheck
}
diff --git a/internal/common/transfer_test.go b/internal/common/transfer_test.go
index 1bf0dbe1..5324484b 100644
--- a/internal/common/transfer_test.go
+++ b/internal/common/transfer_test.go
@@ -306,9 +306,8 @@ func TestRemovePartialCryptoFile(t *testing.T) {
require.NoError(t, err)
u := dataprovider.User{
BaseUser: sdk.BaseUser{
- Username: "test",
- HomeDir: os.TempDir(),
- QuotaFiles: 1000000,
+ Username: "test",
+ HomeDir: os.TempDir(),
},
}
conn := NewBaseConnection(fs.ConnectionID(), ProtocolSFTP, "", "", u)
@@ -324,9 +323,6 @@ func TestRemovePartialCryptoFile(t *testing.T) {
assert.Equal(t, int64(0), size)
assert.Equal(t, 1, deletedFiles)
assert.NoFileExists(t, testFile)
- err = transfer.Close()
- assert.Error(t, err)
- assert.Len(t, conn.GetTransfers(), 0)
}
func TestFTPMode(t *testing.T) {
@@ -438,11 +434,6 @@ func TestTransferQuota(t *testing.T) {
}
err = transfer.CheckWrite()
assert.True(t, conn.IsQuotaExceededError(err))
-
- err = transfer.Close()
- assert.NoError(t, err)
- assert.Len(t, conn.GetTransfers(), 0)
- assert.Equal(t, int32(0), Connections.GetTotalTransfers())
}
func TestUploadOutsideHomeRenameError(t *testing.T) {
diff --git a/internal/common/transferschecker_test.go b/internal/common/transferschecker_test.go
index 0528de61..443e438e 100644
--- a/internal/common/transferschecker_test.go
+++ b/internal/common/transferschecker_test.go
@@ -250,7 +250,6 @@ func TestTransfersCheckerDiskQuota(t *testing.T) {
Connections.Remove(fakeConn5.GetID())
stats := Connections.GetStats("")
assert.Len(t, stats, 0)
- assert.Equal(t, int32(0), Connections.GetTotalTransfers())
err = dataprovider.DeleteUser(user.Username, "", "", "")
assert.NoError(t, err)
@@ -369,16 +368,11 @@ func TestTransferCheckerTransferQuota(t *testing.T) {
if assert.Error(t, transfer4.errAbort) {
assert.Contains(t, transfer4.errAbort.Error(), ErrReadQuotaExceeded.Error())
}
- err = transfer3.Close()
- assert.NoError(t, err)
- err = transfer4.Close()
- assert.NoError(t, err)
Connections.Remove(fakeConn3.GetID())
Connections.Remove(fakeConn4.GetID())
stats := Connections.GetStats("")
assert.Len(t, stats, 0)
- assert.Equal(t, int32(0), Connections.GetTotalTransfers())
err = dataprovider.DeleteUser(user.Username, "", "", "")
assert.NoError(t, err)
diff --git a/internal/config/config.go b/internal/config/config.go
index 58863c6d..00f8e1ba 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -20,11 +20,9 @@ import (
"fmt"
"os"
"path/filepath"
- "slices"
"strconv"
"strings"
- kmsplugin "github.com/sftpgo/sdk/plugin/kms"
"github.com/spf13/viper"
"github.com/subosito/gotenv"
@@ -93,35 +91,30 @@ var (
TLSCipherSuites: nil,
Protocols: nil,
Prefix: "",
- ProxyMode: 0,
ProxyAllowed: nil,
ClientIPProxyHeader: "",
ClientIPHeaderDepth: 0,
DisableWWWAuthHeader: false,
}
defaultHTTPDBinding = httpd.Binding{
- Address: "",
- Port: 8080,
- EnableWebAdmin: true,
- EnableWebClient: true,
- EnableRESTAPI: true,
- EnabledLoginMethods: 0,
- DisabledLoginMethods: 0,
- EnableHTTPS: false,
- CertificateFile: "",
- CertificateKeyFile: "",
- MinTLSVersion: 12,
- ClientAuthType: 0,
- TLSCipherSuites: nil,
- Protocols: nil,
- ProxyMode: 0,
- ProxyAllowed: nil,
- ClientIPProxyHeader: "",
- ClientIPHeaderDepth: 0,
- HideLoginURL: 0,
- RenderOpenAPI: true,
- BaseURL: "",
- Languages: []string{"en"},
+ Address: "",
+ Port: 8080,
+ EnableWebAdmin: true,
+ EnableWebClient: true,
+ EnableRESTAPI: true,
+ EnabledLoginMethods: 0,
+ EnableHTTPS: false,
+ CertificateFile: "",
+ CertificateKeyFile: "",
+ MinTLSVersion: 12,
+ ClientAuthType: 0,
+ TLSCipherSuites: nil,
+ Protocols: nil,
+ ProxyAllowed: nil,
+ ClientIPProxyHeader: "",
+ ClientIPHeaderDepth: 0,
+ HideLoginURL: 0,
+ RenderOpenAPI: true,
OIDC: httpd.OIDC{
ClientID: "",
ClientSecret: "",
@@ -137,23 +130,21 @@ var (
Debug: false,
},
Security: httpd.SecurityConf{
- Enabled: false,
- AllowedHosts: nil,
- AllowedHostsAreRegex: false,
- HostsProxyHeaders: nil,
- HTTPSRedirect: false,
- HTTPSHost: "",
- HTTPSProxyHeaders: nil,
- STSSeconds: 0,
- STSIncludeSubdomains: false,
- STSPreload: false,
- ContentTypeNosniff: false,
- ContentSecurityPolicy: "",
- PermissionsPolicy: "",
- CrossOriginOpenerPolicy: "",
- CrossOriginResourcePolicy: "",
- CrossOriginEmbedderPolicy: "",
- CacheControl: "",
+ Enabled: false,
+ AllowedHosts: nil,
+ AllowedHostsAreRegex: false,
+ HostsProxyHeaders: nil,
+ HTTPSRedirect: false,
+ HTTPSHost: "",
+ HTTPSProxyHeaders: nil,
+ STSSeconds: 0,
+ STSIncludeSubdomains: false,
+ STSPreload: false,
+ ContentTypeNosniff: false,
+ ContentSecurityPolicy: "",
+ PermissionsPolicy: "",
+ CrossOriginOpenerPolicy: "",
+ CacheControl: "",
},
Branding: httpd.Branding{},
}
@@ -218,6 +209,7 @@ func Init() {
ProxySkipped: []string{},
PostConnectHook: "",
PostDisconnectHook: "",
+ DataRetentionHook: "",
MaxTotalConnections: 0,
MaxPerHostConnections: 20,
AllowListStatus: 0,
@@ -243,7 +235,6 @@ func Init() {
RateLimitersConfig: []common.RateLimiterConfig{defaultRateLimiter},
Umask: "",
ServerVersion: "",
- TZ: "",
Metadata: common.MetadataConfig{
Read: 0,
},
@@ -274,13 +265,12 @@ func Init() {
HostCertificates: []string{},
HostKeyAlgorithms: []string{},
KexAlgorithms: []string{},
+ MinDHGroupExchangeKeySize: 2048,
Ciphers: []string{},
MACs: []string{},
PublicKeyAlgorithms: []string{},
TrustedUserCAKeys: []string{},
RevokedUserCertsFile: "",
- OPKSSHPath: "",
- OPKSSHChecksum: "",
LoginBannerFile: "",
EnabledSSHCommands: []string{},
KeyboardInteractiveAuthentication: true,
@@ -409,9 +399,6 @@ func Init() {
SigningPassphrase: "",
SigningPassphraseFile: "",
TokenValidation: 0,
- CookieLifetime: 20,
- ShareCookieLifetime: 120,
- JWTLifetime: 20,
MaxUploadFileSize: 0,
Cors: httpd.CorsConfig{
Enabled: false,
@@ -590,16 +577,6 @@ func SetPluginsConfig(config []plugin.Config) {
globalConf.PluginsConfig = config
}
-// HasKMSPlugin returns true if at least one KMS plugin is configured.
-func HasKMSPlugin() bool {
- for _, c := range globalConf.PluginsConfig {
- if c.Type == kmsplugin.PluginName {
- return true
- }
- }
- return false
-}
-
// GetMFAConfig returns multi-factor authentication config
func GetMFAConfig() mfa.Config {
return globalConf.MFAConfig
@@ -646,6 +623,7 @@ func getRedactedGlobalConf() globalConfig {
conf.Common.StartupHook = util.GetRedactedURL(conf.Common.StartupHook)
conf.Common.PostConnectHook = util.GetRedactedURL(conf.Common.PostConnectHook)
conf.Common.PostDisconnectHook = util.GetRedactedURL(conf.Common.PostDisconnectHook)
+ conf.Common.DataRetentionHook = util.GetRedactedURL(conf.Common.DataRetentionHook)
conf.SFTPD.KeyboardInteractiveHook = util.GetRedactedURL(conf.SFTPD.KeyboardInteractiveHook)
conf.HTTPDConfig.SigningPassphrase = getRedactedPassword(conf.HTTPDConfig.SigningPassphrase)
conf.HTTPDConfig.Setup.InstallationCode = getRedactedPassword(conf.HTTPDConfig.Setup.InstallationCode)
@@ -662,7 +640,6 @@ func getRedactedGlobalConf() globalConfig {
binding.OIDC.ClientSecret = getRedactedPassword(binding.OIDC.ClientSecret)
conf.HTTPDConfig.Bindings = append(conf.HTTPDConfig.Bindings, binding)
}
- conf.KMSConfig.Secrets.MasterKeyString = getRedactedPassword(conf.KMSConfig.Secrets.MasterKeyString)
conf.PluginsConfig = nil
for _, plugin := range globalConf.PluginsConfig {
var args []string
@@ -742,7 +719,7 @@ func checkOverrideDefaultSettings() {
}
}
- if slices.Contains(viper.AllKeys(), "mfa.totp") {
+ if util.Contains(viper.AllKeys(), "mfa.totp") {
globalConf.MFAConfig.TOTP = nil
}
}
@@ -828,12 +805,6 @@ func resetInvalidConfigs() {
logger.WarnToConsole("Non-fatal configuration error: %v", warn)
}
}
- if globalConf.Common.RenameMode < 0 || globalConf.Common.RenameMode > 1 {
- warn := fmt.Sprintf("invalid rename mode %d, reset to 0", globalConf.Common.RenameMode)
- globalConf.Common.RenameMode = 0
- logger.Warn(logSender, "", "Non-fatal configuration error: %v", warn)
- logger.WarnToConsole("Non-fatal configuration error: %v", warn)
- }
}
func loadBindingsFromEnv() {
@@ -906,13 +877,13 @@ func getRateLimitersFromEnv(idx int) {
isSet = true
}
- burst, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_COMMON__RATE_LIMITERS__%v__BURST", idx), 32)
+ burst, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_COMMON__RATE_LIMITERS__%v__BURST", idx), 0)
if ok {
rtlConfig.Burst = int(burst)
isSet = true
}
- rtlType, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_COMMON__RATE_LIMITERS__%v__TYPE", idx), 32)
+ rtlType, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_COMMON__RATE_LIMITERS__%v__TYPE", idx), 0)
if ok {
rtlConfig.Type = int(rtlType)
isSet = true
@@ -930,13 +901,13 @@ func getRateLimitersFromEnv(idx int) {
isSet = true
}
- softLimit, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_COMMON__RATE_LIMITERS__%v__ENTRIES_SOFT_LIMIT", idx), 32)
+ softLimit, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_COMMON__RATE_LIMITERS__%v__ENTRIES_SOFT_LIMIT", idx), 0)
if ok {
rtlConfig.EntriesSoftLimit = int(softLimit)
isSet = true
}
- hardLimit, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_COMMON__RATE_LIMITERS__%v__ENTRIES_HARD_LIMIT", idx), 32)
+ hardLimit, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_COMMON__RATE_LIMITERS__%v__ENTRIES_HARD_LIMIT", idx), 0)
if ok {
rtlConfig.EntriesHardLimit = int(hardLimit)
isSet = true
@@ -972,7 +943,7 @@ func getKMSPluginFromEnv(idx int, pluginConfig *plugin.Config) bool {
func getAuthPluginFromEnv(idx int, pluginConfig *plugin.Config) bool {
isSet := false
- authScope, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_PLUGINS__%v__AUTH_OPTIONS__SCOPE", idx), 32)
+ authScope, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_PLUGINS__%v__AUTH_OPTIONS__SCOPE", idx), 0)
if ok {
pluginConfig.AuthOptions.Scope = int(authScope)
isSet = true
@@ -1017,13 +988,13 @@ func getNotifierPluginFromEnv(idx int, pluginConfig *plugin.Config) bool {
}
}
- notifierRetryMaxTime, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_PLUGINS__%v__NOTIFIER_OPTIONS__RETRY_MAX_TIME", idx), 32)
+ notifierRetryMaxTime, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_PLUGINS__%v__NOTIFIER_OPTIONS__RETRY_MAX_TIME", idx), 0)
if ok {
pluginConfig.NotifierOptions.RetryMaxTime = int(notifierRetryMaxTime)
isSet = true
}
- notifierRetryQueueMaxSize, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_PLUGINS__%v__NOTIFIER_OPTIONS__RETRY_QUEUE_MAX_SIZE", idx), 32)
+ notifierRetryQueueMaxSize, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_PLUGINS__%v__NOTIFIER_OPTIONS__RETRY_QUEUE_MAX_SIZE", idx), 0)
if ok {
pluginConfig.NotifierOptions.RetryQueueMaxSize = int(notifierRetryQueueMaxSize)
isSet = true
@@ -1111,7 +1082,7 @@ func getSFTPDBindindFromEnv(idx int) {
isSet := false
- port, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_SFTPD__BINDINGS__%v__PORT", idx), 32)
+ port, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_SFTPD__BINDINGS__%v__PORT", idx), 0)
if ok {
binding.Port = int(port)
isSet = true
@@ -1198,13 +1169,19 @@ func getFTPDBindingSecurityFromEnv(idx int, binding *ftpd.Binding) bool {
isSet = true
}
- tlsMode, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__TLS_MODE", idx), 32)
+ tlsMode, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__TLS_MODE", idx), 0)
if ok {
binding.TLSMode = int(tlsMode)
isSet = true
}
- tlsVer, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__MIN_TLS_VERSION", idx), 32)
+ tlsSessionReuse, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__TLS_SESSION_REUSE", idx), 0)
+ if ok {
+ binding.TLSSessionReuse = int(tlsSessionReuse)
+ isSet = true
+ }
+
+ tlsVer, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__MIN_TLS_VERSION", idx), 0)
if ok {
binding.MinTLSVersion = int(tlsVer)
isSet = true
@@ -1216,24 +1193,30 @@ func getFTPDBindingSecurityFromEnv(idx int, binding *ftpd.Binding) bool {
isSet = true
}
- clientAuthType, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__CLIENT_AUTH_TYPE", idx), 32)
+ clientAuthType, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__CLIENT_AUTH_TYPE", idx), 0)
if ok {
binding.ClientAuthType = int(clientAuthType)
isSet = true
}
- pasvSecurity, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__PASSIVE_CONNECTIONS_SECURITY", idx), 32)
+ pasvSecurity, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__PASSIVE_CONNECTIONS_SECURITY", idx), 0)
if ok {
binding.PassiveConnectionsSecurity = int(pasvSecurity)
isSet = true
}
- activeSecurity, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__ACTIVE_CONNECTIONS_SECURITY", idx), 32)
+ activeSecurity, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__ACTIVE_CONNECTIONS_SECURITY", idx), 0)
if ok {
binding.ActiveConnectionsSecurity = int(activeSecurity)
isSet = true
}
+ ignoreASCIITransferType, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%d__IGNORE_ASCII_TRANSFER_TYPE", idx), 0)
+ if ok {
+ binding.IgnoreASCIITransferType = int(ignoreASCIITransferType)
+ isSet = true
+ }
+
return isSet
}
@@ -1241,7 +1224,7 @@ func getFTPDBindingFromEnv(idx int) {
binding := getDefaultFTPDBinding(idx)
isSet := false
- port, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__PORT", idx), 32)
+ port, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__PORT", idx), 0)
if ok {
binding.Port = int(port)
isSet = true
@@ -1321,13 +1304,13 @@ func getWebDAVBindingHTTPSConfigsFromEnv(idx int, binding *webdavd.Binding) bool
isSet = true
}
- tlsVer, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_WEBDAVD__BINDINGS__%v__MIN_TLS_VERSION", idx), 32)
+ tlsVer, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_WEBDAVD__BINDINGS__%v__MIN_TLS_VERSION", idx), 0)
if ok {
binding.MinTLSVersion = int(tlsVer)
isSet = true
}
- clientAuthType, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_WEBDAVD__BINDINGS__%v__CLIENT_AUTH_TYPE", idx), 32)
+ clientAuthType, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_WEBDAVD__BINDINGS__%v__CLIENT_AUTH_TYPE", idx), 0)
if ok {
binding.ClientAuthType = int(clientAuthType)
isSet = true
@@ -1351,12 +1334,6 @@ func getWebDAVBindingHTTPSConfigsFromEnv(idx int, binding *webdavd.Binding) bool
func getWebDAVDBindingProxyConfigsFromEnv(idx int, binding *webdavd.Binding) bool {
isSet := false
- proxyMode, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_WEBDAVD__BINDINGS__%v__PROXY_MODE", idx), 32)
- if ok {
- binding.ProxyMode = int(proxyMode)
- isSet = true
- }
-
proxyAllowed, ok := lookupStringListFromEnv(fmt.Sprintf("SFTPGO_WEBDAVD__BINDINGS__%v__PROXY_ALLOWED", idx))
if ok {
binding.ProxyAllowed = proxyAllowed
@@ -1369,7 +1346,7 @@ func getWebDAVDBindingProxyConfigsFromEnv(idx int, binding *webdavd.Binding) boo
isSet = true
}
- clientIPHeaderDepth, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_WEBDAVD__BINDINGS__%v__CLIENT_IP_HEADER_DEPTH", idx), 32)
+ clientIPHeaderDepth, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_WEBDAVD__BINDINGS__%v__CLIENT_IP_HEADER_DEPTH", idx), 0)
if ok {
binding.ClientIPHeaderDepth = int(clientIPHeaderDepth)
isSet = true
@@ -1407,7 +1384,7 @@ func getWebDAVDBindingFromEnv(idx int) {
isSet := false
- port, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_WEBDAVD__BINDINGS__%v__PORT", idx), 32)
+ port, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_WEBDAVD__BINDINGS__%v__PORT", idx), 0)
if ok {
binding.Port = int(port)
isSet = true
@@ -1568,27 +1545,9 @@ func getHTTPDSecurityConfFromEnv(idx int) (httpd.SecurityConf, bool) { //nolint:
isSet = true
}
- crossOriginOpenerPolicy, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__SECURITY__CROSS_ORIGIN_OPENER_POLICY", idx))
+ crossOriginOpenedPolicy, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__SECURITY__CROSS_ORIGIN_OPENER_POLICY", idx))
if ok {
- result.CrossOriginOpenerPolicy = crossOriginOpenerPolicy
- isSet = true
- }
-
- crossOriginResourcePolicy, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__SECURITY__CROSS_ORIGIN_RESOURCE_POLICY", idx))
- if ok {
- result.CrossOriginResourcePolicy = crossOriginResourcePolicy
- isSet = true
- }
-
- crossOriginEmbedderPolicy, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__SECURITY__CROSS_ORIGIN_EMBEDDER_POLICY", idx))
- if ok {
- result.CrossOriginEmbedderPolicy = crossOriginEmbedderPolicy
- isSet = true
- }
-
- referredPolicy, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__SECURITY__REFERRER_POLICY", idx))
- if ok {
- result.ReferrerPolicy = referredPolicy
+ result.CrossOriginOpenerPolicy = crossOriginOpenedPolicy
isSet = true
}
@@ -1796,12 +1755,6 @@ func getHTTPDNestedObjectsFromEnv(idx int, binding *httpd.Binding) bool {
func getHTTPDBindingProxyConfigsFromEnv(idx int, binding *httpd.Binding) bool {
isSet := false
- proxyMode, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__PROXY_MODE", idx), 32)
- if ok {
- binding.ProxyMode = int(proxyMode)
- isSet = true
- }
-
proxyAllowed, ok := lookupStringListFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__PROXY_ALLOWED", idx))
if ok {
binding.ProxyAllowed = proxyAllowed
@@ -1814,7 +1767,7 @@ func getHTTPDBindingProxyConfigsFromEnv(idx int, binding *httpd.Binding) bool {
isSet = true
}
- clientIPHeaderDepth, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__CLIENT_IP_HEADER_DEPTH", idx), 32)
+ clientIPHeaderDepth, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__CLIENT_IP_HEADER_DEPTH", idx), 0)
if ok {
binding.ClientIPHeaderDepth = int(clientIPHeaderDepth)
isSet = true
@@ -1827,7 +1780,7 @@ func getHTTPDBindingFromEnv(idx int) { //nolint:gocyclo
binding := getDefaultHTTPBinding(idx)
isSet := false
- port, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__PORT", idx), 32)
+ port, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__PORT", idx), 0)
if ok {
binding.Port = int(port)
isSet = true
@@ -1869,49 +1822,31 @@ func getHTTPDBindingFromEnv(idx int) { //nolint:gocyclo
isSet = true
}
- enabledLoginMethods, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__ENABLED_LOGIN_METHODS", idx), 32)
+ enabledLoginMethods, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__ENABLED_LOGIN_METHODS", idx), 0)
if ok {
binding.EnabledLoginMethods = int(enabledLoginMethods)
isSet = true
}
- disabledLoginMethods, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__DISABLED_LOGIN_METHODS", idx), 32)
- if ok {
- binding.DisabledLoginMethods = int(disabledLoginMethods)
- isSet = true
- }
-
renderOpenAPI, ok := lookupBoolFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__RENDER_OPENAPI", idx))
if ok {
binding.RenderOpenAPI = renderOpenAPI
isSet = true
}
- baseURL, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%d__BASE_URL", idx))
- if ok {
- binding.BaseURL = baseURL
- isSet = true
- }
-
- languages, ok := lookupStringListFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%d__LANGUAGES", idx))
- if ok {
- binding.Languages = languages
- isSet = true
- }
-
enableHTTPS, ok := lookupBoolFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__ENABLE_HTTPS", idx))
if ok {
binding.EnableHTTPS = enableHTTPS
isSet = true
}
- tlsVer, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__MIN_TLS_VERSION", idx), 32)
+ tlsVer, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__MIN_TLS_VERSION", idx), 0)
if ok {
binding.MinTLSVersion = int(tlsVer)
isSet = true
}
- clientAuthType, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__CLIENT_AUTH_TYPE", idx), 32)
+ clientAuthType, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__CLIENT_AUTH_TYPE", idx), 0)
if ok {
binding.ClientAuthType = int(clientAuthType)
isSet = true
@@ -1933,7 +1868,7 @@ func getHTTPDBindingFromEnv(idx int) { //nolint:gocyclo
isSet = true
}
- hideLoginURL, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__HIDE_LOGIN_URL", idx), 32)
+ hideLoginURL, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__HIDE_LOGIN_URL", idx), 0)
if ok {
binding.HideLoginURL = int(hideLoginURL)
isSet = true
@@ -2022,7 +1957,7 @@ func getCommandConfigsFromEnv(idx int) {
cfg.Path = path
}
- timeout, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_COMMAND__COMMANDS__%v__TIMEOUT", idx), 32)
+ timeout, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_COMMAND__COMMANDS__%v__TIMEOUT", idx), 0)
if ok {
cfg.Timeout = int(timeout)
}
@@ -2061,6 +1996,7 @@ func setViperDefaults() {
viper.SetDefault("common.proxy_skipped", globalConf.Common.ProxySkipped)
viper.SetDefault("common.post_connect_hook", globalConf.Common.PostConnectHook)
viper.SetDefault("common.post_disconnect_hook", globalConf.Common.PostDisconnectHook)
+ viper.SetDefault("common.data_retention_hook", globalConf.Common.DataRetentionHook)
viper.SetDefault("common.max_total_connections", globalConf.Common.MaxTotalConnections)
viper.SetDefault("common.max_per_host_connections", globalConf.Common.MaxPerHostConnections)
viper.SetDefault("common.allowlist_status", globalConf.Common.AllowListStatus)
@@ -2081,7 +2017,6 @@ func setViperDefaults() {
viper.SetDefault("common.defender.login_delay.password_failed", globalConf.Common.DefenderConfig.LoginDelay.PasswordFailed)
viper.SetDefault("common.umask", globalConf.Common.Umask)
viper.SetDefault("common.server_version", globalConf.Common.ServerVersion)
- viper.SetDefault("common.tz", globalConf.Common.TZ)
viper.SetDefault("common.metadata.read", globalConf.Common.Metadata.Read)
viper.SetDefault("common.event_manager.enabled_commands", globalConf.Common.EventManager.EnabledCommands)
viper.SetDefault("acme.email", globalConf.ACME.Email)
@@ -2099,13 +2034,12 @@ func setViperDefaults() {
viper.SetDefault("sftpd.host_certificates", globalConf.SFTPD.HostCertificates)
viper.SetDefault("sftpd.host_key_algorithms", globalConf.SFTPD.HostKeyAlgorithms)
viper.SetDefault("sftpd.kex_algorithms", globalConf.SFTPD.KexAlgorithms)
+ viper.SetDefault("sftpd.min_dh_group_exchange_key_size", globalConf.SFTPD.MinDHGroupExchangeKeySize)
viper.SetDefault("sftpd.ciphers", globalConf.SFTPD.Ciphers)
viper.SetDefault("sftpd.macs", globalConf.SFTPD.MACs)
viper.SetDefault("sftpd.public_key_algorithms", globalConf.SFTPD.PublicKeyAlgorithms)
viper.SetDefault("sftpd.trusted_user_ca_keys", globalConf.SFTPD.TrustedUserCAKeys)
viper.SetDefault("sftpd.revoked_user_certs_file", globalConf.SFTPD.RevokedUserCertsFile)
- viper.SetDefault("sftpd.opkssh_path", globalConf.SFTPD.OPKSSHPath)
- viper.SetDefault("sftpd.opkssh_checksum", globalConf.SFTPD.OPKSSHChecksum)
viper.SetDefault("sftpd.login_banner_file", globalConf.SFTPD.LoginBannerFile)
viper.SetDefault("sftpd.enabled_ssh_commands", sftpd.GetDefaultSSHCommands())
viper.SetDefault("sftpd.keyboard_interactive_authentication", globalConf.SFTPD.KeyboardInteractiveAuthentication)
@@ -2197,9 +2131,6 @@ func setViperDefaults() {
viper.SetDefault("httpd.signing_passphrase", globalConf.HTTPDConfig.SigningPassphrase)
viper.SetDefault("httpd.signing_passphrase_file", globalConf.HTTPDConfig.SigningPassphraseFile)
viper.SetDefault("httpd.token_validation", globalConf.HTTPDConfig.TokenValidation)
- viper.SetDefault("httpd.cookie_lifetime", globalConf.HTTPDConfig.CookieLifetime)
- viper.SetDefault("httpd.share_cookie_lifetime", globalConf.HTTPDConfig.ShareCookieLifetime)
- viper.SetDefault("httpd.jwt_lifetime", globalConf.HTTPDConfig.JWTLifetime)
viper.SetDefault("httpd.max_upload_file_size", globalConf.HTTPDConfig.MaxUploadFileSize)
viper.SetDefault("httpd.cors.enabled", globalConf.HTTPDConfig.Cors.Enabled)
viper.SetDefault("httpd.cors.allowed_origins", globalConf.HTTPDConfig.Cors.AllowedOrigins)
@@ -2273,7 +2204,7 @@ func lookupStringListFromEnv(envName string) ([]string, bool) {
value, ok := os.LookupEnv(envName)
if ok {
var result []string
- for v := range strings.SplitSeq(value, ",") {
+ for _, v := range strings.Split(value, ",") {
val := strings.TrimSpace(v)
if val != "" {
result = append(result, val)
diff --git a/internal/config/config_darwin.go b/internal/config/config_darwin.go
index 808c1cd3..04a31d48 100644
--- a/internal/config/config_darwin.go
+++ b/internal/config/config_darwin.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build darwin
+// +build darwin
package config
diff --git a/internal/config/config_fallback.go b/internal/config/config_fallback.go
index f841410a..5bf27b46 100644
--- a/internal/config/config_fallback.go
+++ b/internal/config/config_fallback.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build !linux && !darwin
+// +build !linux,!darwin
package config
diff --git a/internal/config/config_linux.go b/internal/config/config_linux.go
index 21e6eed5..ef19d34c 100644
--- a/internal/config/config_linux.go
+++ b/internal/config/config_linux.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build linux
+// +build linux
package config
diff --git a/internal/config/config_test.go b/internal/config/config_test.go
index 668d6769..625bdcdc 100644
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@@ -19,7 +19,6 @@ import (
"encoding/json"
"os"
"path/filepath"
- "slices"
"testing"
"github.com/sftpgo/sdk/kms"
@@ -37,6 +36,7 @@ import (
"github.com/drakkan/sftpgo/v2/internal/plugin"
"github.com/drakkan/sftpgo/v2/internal/sftpd"
"github.com/drakkan/sftpgo/v2/internal/smtp"
+ "github.com/drakkan/sftpgo/v2/internal/util"
"github.com/drakkan/sftpgo/v2/internal/webdavd"
)
@@ -243,26 +243,6 @@ func TestInvalidInstallationHint(t *testing.T) {
assert.NoError(t, err)
}
-func TestInvalidRenameMode(t *testing.T) {
- reset()
-
- confName := tempConfigName + ".json"
- configFilePath := filepath.Join(configDir, confName)
- commonConfig := config.GetCommonConfig()
- commonConfig.RenameMode = 10
- c := make(map[string]any)
- c["common"] = commonConfig
- jsonConf, err := json.Marshal(c)
- assert.NoError(t, err)
- err = os.WriteFile(configFilePath, jsonConf, os.ModePerm)
- assert.NoError(t, err)
- err = config.LoadConfig(configDir, confName)
- assert.NoError(t, err)
- assert.Equal(t, 0, config.GetCommonConfig().RenameMode)
- err = os.Remove(configFilePath)
- assert.NoError(t, err)
-}
-
func TestDefenderProviderDriver(t *testing.T) {
if config.GetProviderConf().Driver != dataprovider.SQLiteDataProviderName {
t.Skip("this test is not supported with the current database provider")
@@ -343,18 +323,6 @@ func TestSetGetConfig(t *testing.T) {
if assert.Len(t, config.GetPluginsConfig(), 1) {
assert.Equal(t, pluginConf[0].Type, config.GetPluginsConfig()[0].Type)
}
- assert.False(t, config.HasKMSPlugin())
- pluginConf = []plugin.Config{
- {
- Type: "notifier",
- },
- {
- Type: "kms",
- },
- }
- config.SetPluginsConfig(pluginConf)
- assert.Len(t, config.GetPluginsConfig(), 2)
- assert.True(t, config.HasKMSPlugin())
}
func TestServiceToStart(t *testing.T) {
@@ -540,7 +508,7 @@ func TestOverrideSliceValues(t *testing.T) {
c = make(map[string]any)
c["httpd"] = httpd.Conf{
- Bindings: nil,
+ Bindings: []httpd.Binding{},
}
jsonConf, err = json.Marshal(c)
assert.NoError(t, err)
@@ -711,8 +679,8 @@ func TestPluginsFromEnv(t *testing.T) {
pluginConf := pluginsConf[0]
require.Equal(t, "notifier", pluginConf.Type)
require.Len(t, pluginConf.NotifierOptions.FsEvents, 2)
- require.True(t, slices.Contains(pluginConf.NotifierOptions.FsEvents, "upload"))
- require.True(t, slices.Contains(pluginConf.NotifierOptions.FsEvents, "download"))
+ require.True(t, util.Contains(pluginConf.NotifierOptions.FsEvents, "upload"))
+ require.True(t, util.Contains(pluginConf.NotifierOptions.FsEvents, "download"))
require.Len(t, pluginConf.NotifierOptions.ProviderEvents, 2)
require.Equal(t, "add", pluginConf.NotifierOptions.ProviderEvents[0])
require.Equal(t, "update", pluginConf.NotifierOptions.ProviderEvents[1])
@@ -761,8 +729,8 @@ func TestPluginsFromEnv(t *testing.T) {
pluginConf = pluginsConf[0]
require.Equal(t, "notifier", pluginConf.Type)
require.Len(t, pluginConf.NotifierOptions.FsEvents, 2)
- require.True(t, slices.Contains(pluginConf.NotifierOptions.FsEvents, "upload"))
- require.True(t, slices.Contains(pluginConf.NotifierOptions.FsEvents, "download"))
+ require.True(t, util.Contains(pluginConf.NotifierOptions.FsEvents, "upload"))
+ require.True(t, util.Contains(pluginConf.NotifierOptions.FsEvents, "download"))
require.Len(t, pluginConf.NotifierOptions.ProviderEvents, 2)
require.Equal(t, "add", pluginConf.NotifierOptions.ProviderEvents[0])
require.Equal(t, "update", pluginConf.NotifierOptions.ProviderEvents[1])
@@ -819,8 +787,8 @@ func TestRateLimitersFromEnv(t *testing.T) {
require.Equal(t, 2, limiters[0].Type)
protocols := limiters[0].Protocols
require.Len(t, protocols, 2)
- require.True(t, slices.Contains(protocols, common.ProtocolFTP))
- require.True(t, slices.Contains(protocols, common.ProtocolSSH))
+ require.True(t, util.Contains(protocols, common.ProtocolFTP))
+ require.True(t, util.Contains(protocols, common.ProtocolSSH))
require.True(t, limiters[0].GenerateDefenderEvents)
require.Equal(t, 50, limiters[0].EntriesSoftLimit)
require.Equal(t, 100, limiters[0].EntriesHardLimit)
@@ -831,10 +799,10 @@ func TestRateLimitersFromEnv(t *testing.T) {
require.Equal(t, 2, limiters[1].Type)
protocols = limiters[1].Protocols
require.Len(t, protocols, 4)
- require.True(t, slices.Contains(protocols, common.ProtocolFTP))
- require.True(t, slices.Contains(protocols, common.ProtocolSSH))
- require.True(t, slices.Contains(protocols, common.ProtocolWebDAV))
- require.True(t, slices.Contains(protocols, common.ProtocolHTTP))
+ require.True(t, util.Contains(protocols, common.ProtocolFTP))
+ require.True(t, util.Contains(protocols, common.ProtocolSSH))
+ require.True(t, util.Contains(protocols, common.ProtocolWebDAV))
+ require.True(t, util.Contains(protocols, common.ProtocolHTTP))
require.False(t, limiters[1].GenerateDefenderEvents)
require.Equal(t, 100, limiters[1].EntriesSoftLimit)
require.Equal(t, 150, limiters[1].EntriesHardLimit)
@@ -942,6 +910,7 @@ func TestFTPDBindingsFromEnv(t *testing.T) {
os.Setenv("SFTPGO_FTPD__BINDINGS__0__PORT", "2200")
os.Setenv("SFTPGO_FTPD__BINDINGS__0__APPLY_PROXY_CONFIG", "f")
os.Setenv("SFTPGO_FTPD__BINDINGS__0__TLS_MODE", "2")
+ os.Setenv("SFTPGO_FTPD__BINDINGS__0__TLS_SESSION_REUSE", "1")
os.Setenv("SFTPGO_FTPD__BINDINGS__0__FORCE_PASSIVE_IP", "127.0.1.2")
os.Setenv("SFTPGO_FTPD__BINDINGS__0__PASSIVE_IP_OVERRIDES__0__IP", "172.16.1.1")
os.Setenv("SFTPGO_FTPD__BINDINGS__0__PASSIVE_HOST", "127.0.1.3")
@@ -966,6 +935,7 @@ func TestFTPDBindingsFromEnv(t *testing.T) {
os.Unsetenv("SFTPGO_FTPD__BINDINGS__0__PORT")
os.Unsetenv("SFTPGO_FTPD__BINDINGS__0__APPLY_PROXY_CONFIG")
os.Unsetenv("SFTPGO_FTPD__BINDINGS__0__TLS_MODE")
+ os.Unsetenv("SFTPGO_FTPD__BINDINGS__0__TLS_SESSION_REUSE")
os.Unsetenv("SFTPGO_FTPD__BINDINGS__0__FORCE_PASSIVE_IP")
os.Unsetenv("SFTPGO_FTPD__BINDINGS__0__PASSIVE_IP_OVERRIDES__0__IP")
os.Unsetenv("SFTPGO_FTPD__BINDINGS__0__PASSIVE_HOST")
@@ -994,6 +964,7 @@ func TestFTPDBindingsFromEnv(t *testing.T) {
require.Equal(t, "127.0.0.1", bindings[0].Address)
require.False(t, bindings[0].ApplyProxyConfig)
require.Equal(t, 2, bindings[0].TLSMode)
+ require.Equal(t, 1, bindings[0].TLSSessionReuse)
require.Equal(t, 12, bindings[0].MinTLSVersion)
require.Equal(t, "127.0.1.2", bindings[0].ForcePassiveIP)
require.Len(t, bindings[0].PassiveIPOverrides, 0)
@@ -1005,10 +976,12 @@ func TestFTPDBindingsFromEnv(t *testing.T) {
require.False(t, bindings[0].Debug)
require.Equal(t, 1, bindings[0].PassiveConnectionsSecurity)
require.Equal(t, 0, bindings[0].ActiveConnectionsSecurity)
+ require.Equal(t, 0, bindings[0].IgnoreASCIITransferType)
require.Equal(t, 2203, bindings[1].Port)
require.Equal(t, "127.0.1.1", bindings[1].Address)
require.True(t, bindings[1].ApplyProxyConfig) // default value
require.Equal(t, 1, bindings[1].TLSMode)
+ require.Equal(t, 0, bindings[1].TLSSessionReuse)
require.Equal(t, 13, bindings[1].MinTLSVersion)
require.Equal(t, "127.0.1.1", bindings[1].ForcePassiveIP)
require.Empty(t, bindings[1].PassiveHost)
@@ -1021,6 +994,7 @@ func TestFTPDBindingsFromEnv(t *testing.T) {
require.Nil(t, bindings[1].TLSCipherSuites)
require.Equal(t, 0, bindings[1].PassiveConnectionsSecurity)
require.Equal(t, 1, bindings[1].ActiveConnectionsSecurity)
+ require.Equal(t, 1, bindings[1].IgnoreASCIITransferType)
require.True(t, bindings[1].Debug)
require.Equal(t, "cert.crt", bindings[1].CertificateFile)
require.Equal(t, "cert.key", bindings[1].CertificateKeyFile)
@@ -1100,7 +1074,6 @@ func TestWebDAVBindingsFromEnv(t *testing.T) {
os.Setenv("SFTPGO_WEBDAVD__BINDINGS__1__ENABLE_HTTPS", "0")
os.Setenv("SFTPGO_WEBDAVD__BINDINGS__1__TLS_CIPHER_SUITES", "TLS_RSA_WITH_AES_128_CBC_SHA ")
os.Setenv("SFTPGO_WEBDAVD__BINDINGS__1__TLS_PROTOCOLS", "http/1.1 ")
- os.Setenv("SFTPGO_WEBDAVD__BINDINGS__1__PROXY_MODE", "1")
os.Setenv("SFTPGO_WEBDAVD__BINDINGS__1__PROXY_ALLOWED", "192.168.10.1")
os.Setenv("SFTPGO_WEBDAVD__BINDINGS__1__CLIENT_IP_PROXY_HEADER", "X-Forwarded-For")
os.Setenv("SFTPGO_WEBDAVD__BINDINGS__1__CLIENT_IP_HEADER_DEPTH", "2")
@@ -1120,7 +1093,6 @@ func TestWebDAVBindingsFromEnv(t *testing.T) {
os.Unsetenv("SFTPGO_WEBDAVD__BINDINGS__1__ENABLE_HTTPS")
os.Unsetenv("SFTPGO_WEBDAVD__BINDINGS__1__TLS_CIPHER_SUITES")
os.Unsetenv("SFTPGO_WEBDAVD__BINDINGS__1__TLS_PROTOCOLS")
- os.Unsetenv("SFTPGO_WEBDAVD__BINDINGS__1__PROXY_MODE")
os.Unsetenv("SFTPGO_WEBDAVD__BINDINGS__1__PROXY_ALLOWED")
os.Unsetenv("SFTPGO_WEBDAVD__BINDINGS__1__CLIENT_IP_PROXY_HEADER")
os.Unsetenv("SFTPGO_WEBDAVD__BINDINGS__1__CLIENT_IP_HEADER_DEPTH")
@@ -1145,7 +1117,6 @@ func TestWebDAVBindingsFromEnv(t *testing.T) {
require.Equal(t, 12, bindings[0].MinTLSVersion)
require.Len(t, bindings[0].TLSCipherSuites, 0)
require.Len(t, bindings[0].Protocols, 0)
- require.Equal(t, 0, bindings[0].ProxyMode)
require.Empty(t, bindings[0].Prefix)
require.Equal(t, 0, bindings[0].ClientIPHeaderDepth)
require.False(t, bindings[0].DisableWWWAuthHeader)
@@ -1158,7 +1129,6 @@ func TestWebDAVBindingsFromEnv(t *testing.T) {
require.Equal(t, "TLS_RSA_WITH_AES_128_CBC_SHA", bindings[1].TLSCipherSuites[0])
require.Len(t, bindings[1].Protocols, 1)
assert.Equal(t, "http/1.1", bindings[1].Protocols[0])
- require.Equal(t, 1, bindings[1].ProxyMode)
require.Equal(t, "192.168.10.1", bindings[1].ProxyAllowed[0])
require.Equal(t, "X-Forwarded-For", bindings[1].ClientIPProxyHeader)
require.Equal(t, 2, bindings[1].ClientIPHeaderDepth)
@@ -1169,7 +1139,6 @@ func TestWebDAVBindingsFromEnv(t *testing.T) {
require.True(t, bindings[2].EnableHTTPS)
require.Equal(t, 13, bindings[2].MinTLSVersion)
require.Equal(t, 1, bindings[2].ClientAuthType)
- require.Equal(t, 0, bindings[2].ProxyMode)
require.Nil(t, bindings[2].TLSCipherSuites)
require.Equal(t, "/dav2", bindings[2].Prefix)
require.Equal(t, "webdav.crt", bindings[2].CertificateFile)
@@ -1198,16 +1167,12 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__ENABLE_WEB_CLIENT", "0")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__ENABLE_REST_API", "0")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__ENABLED_LOGIN_METHODS", "3")
- os.Setenv("SFTPGO_HTTPD__BINDINGS__2__DISABLED_LOGIN_METHODS", "12")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__RENDER_OPENAPI", "0")
- os.Setenv("SFTPGO_HTTPD__BINDINGS__2__BASE_URL", "https://example.com")
- os.Setenv("SFTPGO_HTTPD__BINDINGS__2__LANGUAGES", "en,es")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__ENABLE_HTTPS", "1 ")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__MIN_TLS_VERSION", "13")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__CLIENT_AUTH_TYPE", "1")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__TLS_CIPHER_SUITES", " TLS_AES_256_GCM_SHA384 , TLS_CHACHA20_POLY1305_SHA256")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__TLS_PROTOCOLS", "h2, http/1.1")
- os.Setenv("SFTPGO_HTTPD__BINDINGS__2__PROXY_MODE", "1")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__PROXY_ALLOWED", " 192.168.9.1 , 172.16.25.0/24")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__CLIENT_IP_PROXY_HEADER", "X-Real-IP")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__CLIENT_IP_HEADER_DEPTH", "2")
@@ -1238,10 +1203,7 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__CONTENT_SECURITY_POLICY", "script-src $NONCE")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__PERMISSIONS_POLICY", "fullscreen=(), geolocation=()")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__CROSS_ORIGIN_OPENER_POLICY", "same-origin")
- os.Setenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__CROSS_ORIGIN_RESOURCE_POLICY", "same-site")
- os.Setenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__CROSS_ORIGIN_EMBEDDER_POLICY", "require-corp")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__CACHE_CONTROL", "private")
- os.Setenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__REFERRER_POLICY", "no-referrer")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__EXTRA_CSS__0__PATH", "path1")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__EXTRA_CSS__1__PATH", "path2")
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__BRANDING__WEB_ADMIN__FAVICON_PATH", "favicon.ico")
@@ -1272,14 +1234,10 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__ENABLE_WEB_CLIENT")
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__ENABLE_REST_API")
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__ENABLED_LOGIN_METHODS")
- os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__DISABLED_LOGIN_METHODS")
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__RENDER_OPENAPI")
- os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__BASE_URL")
- os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__LANGUAGES")
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__CLIENT_AUTH_TYPE")
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__TLS_CIPHER_SUITES")
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__TLS_PROTOCOLS")
- os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__PROXY_MODE")
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__PROXY_ALLOWED")
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__CLIENT_IP_PROXY_HEADER")
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__CLIENT_IP_HEADER_DEPTH")
@@ -1310,10 +1268,7 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__CONTENT_SECURITY_POLICY")
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__PERMISSIONS_POLICY")
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__CROSS_ORIGIN_OPENER_POLICY")
- os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__CROSS_ORIGIN_RESOURCE_POLICY")
- os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__CROSS_ORIGIN_EMBEDDER_POLICY")
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__CACHE_CONTROL")
- os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__REFERRER_POLICY")
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__EXTRA_CSS__0__PATH")
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__EXTRA_CSS__1__PATH")
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__BRANDING__WEB_ADMIN__FAVICON_PATH")
@@ -1339,13 +1294,8 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
require.True(t, bindings[0].EnableWebClient)
require.True(t, bindings[0].EnableRESTAPI)
require.Equal(t, 0, bindings[0].EnabledLoginMethods)
- require.Equal(t, 0, bindings[0].DisabledLoginMethods)
require.True(t, bindings[0].RenderOpenAPI)
- require.Empty(t, bindings[0].BaseURL)
- require.Len(t, bindings[0].Languages, 1)
- assert.Contains(t, bindings[0].Languages, "en")
require.Len(t, bindings[0].TLSCipherSuites, 1)
- require.Equal(t, 0, bindings[0].ProxyMode)
require.Empty(t, bindings[0].OIDC.ConfigURL)
require.Equal(t, "TLS_AES_128_GCM_SHA256", bindings[0].TLSCipherSuites[0])
require.Equal(t, 0, bindings[0].HideLoginURL)
@@ -1354,7 +1304,6 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
require.Len(t, bindings[0].OIDC.Scopes, 3)
require.False(t, bindings[0].OIDC.InsecureSkipSignatureCheck)
require.False(t, bindings[0].OIDC.Debug)
- require.Empty(t, bindings[0].Security.ReferrerPolicy)
require.Equal(t, 8000, bindings[1].Port)
require.Equal(t, "127.0.0.1", bindings[1].Address)
require.False(t, bindings[1].EnableHTTPS)
@@ -1363,11 +1312,7 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
require.True(t, bindings[1].EnableWebClient)
require.True(t, bindings[1].EnableRESTAPI)
require.Equal(t, 0, bindings[1].EnabledLoginMethods)
- require.Equal(t, 0, bindings[1].DisabledLoginMethods)
require.True(t, bindings[1].RenderOpenAPI)
- require.Empty(t, bindings[1].BaseURL)
- require.Len(t, bindings[1].Languages, 1)
- assert.Contains(t, bindings[1].Languages, "en")
require.Nil(t, bindings[1].TLSCipherSuites)
require.Equal(t, 1, bindings[1].HideLoginURL)
require.Empty(t, bindings[1].OIDC.ClientID)
@@ -1377,7 +1322,6 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
require.False(t, bindings[1].Security.Enabled)
require.Equal(t, "Web Admin", bindings[1].Branding.WebAdmin.Name)
require.Equal(t, "WebClient", bindings[1].Branding.WebClient.ShortName)
- require.Equal(t, 0, bindings[1].ProxyMode)
require.Equal(t, 0, bindings[1].ClientIPHeaderDepth)
require.Equal(t, 9000, bindings[2].Port)
require.Equal(t, "127.0.1.1", bindings[2].Address)
@@ -1387,12 +1331,7 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
require.False(t, bindings[2].EnableWebClient)
require.False(t, bindings[2].EnableRESTAPI)
require.Equal(t, 3, bindings[2].EnabledLoginMethods)
- require.Equal(t, 12, bindings[2].DisabledLoginMethods)
require.False(t, bindings[2].RenderOpenAPI)
- require.Equal(t, "https://example.com", bindings[2].BaseURL)
- require.Len(t, bindings[2].Languages, 2)
- assert.Contains(t, bindings[2].Languages, "en")
- assert.Contains(t, bindings[2].Languages, "es")
require.Equal(t, 1, bindings[2].ClientAuthType)
require.Len(t, bindings[2].TLSCipherSuites, 2)
require.Equal(t, "TLS_AES_256_GCM_SHA384", bindings[2].TLSCipherSuites[0])
@@ -1400,7 +1339,6 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
require.Len(t, bindings[2].Protocols, 2)
require.Equal(t, "h2", bindings[2].Protocols[0])
require.Equal(t, "http/1.1", bindings[2].Protocols[1])
- require.Equal(t, 1, bindings[2].ProxyMode)
require.Len(t, bindings[2].ProxyAllowed, 2)
require.Equal(t, "192.168.9.1", bindings[2].ProxyAllowed[0])
require.Equal(t, "172.16.25.0/24", bindings[2].ProxyAllowed[1])
@@ -1440,10 +1378,7 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
require.Equal(t, "script-src $NONCE", bindings[2].Security.ContentSecurityPolicy)
require.Equal(t, "fullscreen=(), geolocation=()", bindings[2].Security.PermissionsPolicy)
require.Equal(t, "same-origin", bindings[2].Security.CrossOriginOpenerPolicy)
- require.Equal(t, "same-site", bindings[2].Security.CrossOriginResourcePolicy)
- require.Equal(t, "require-corp", bindings[2].Security.CrossOriginEmbedderPolicy)
require.Equal(t, "private", bindings[2].Security.CacheControl)
- require.Equal(t, "no-referrer", bindings[2].Security.ReferrerPolicy)
require.Equal(t, "favicon.ico", bindings[2].Branding.WebAdmin.FaviconPath)
require.Equal(t, "logo.png", bindings[2].Branding.WebClient.LogoPath)
require.Equal(t, "disclaimer", bindings[2].Branding.WebClient.DisclaimerName)
diff --git a/internal/dataprovider/actions.go b/internal/dataprovider/actions.go
index b61e5b0a..066b7bf7 100644
--- a/internal/dataprovider/actions.go
+++ b/internal/dataprovider/actions.go
@@ -21,7 +21,6 @@ import (
"net/url"
"os/exec"
"path/filepath"
- "slices"
"strings"
"time"
@@ -79,8 +78,8 @@ func executeAction(operation, executor, ip, objectType, objectName, role string,
if config.Actions.Hook == "" {
return
}
- if !slices.Contains(config.Actions.ExecuteOn, operation) ||
- !slices.Contains(config.Actions.ExecuteFor, objectType) {
+ if !util.Contains(config.Actions.ExecuteOn, operation) ||
+ !util.Contains(config.Actions.ExecuteFor, objectType) {
return
}
@@ -142,14 +141,14 @@ func executeNotificationCommand(operation, executor, ip, objectType, objectName,
cmd := exec.CommandContext(ctx, config.Actions.Hook, args...)
cmd.Env = append(env,
- fmt.Sprintf("SFTPGO_PROVIDER_ACTION=%s", operation),
+ fmt.Sprintf("SFTPGO_PROVIDER_ACTION=%vs", operation),
fmt.Sprintf("SFTPGO_PROVIDER_OBJECT_TYPE=%s", objectType),
fmt.Sprintf("SFTPGO_PROVIDER_OBJECT_NAME=%s", objectName),
fmt.Sprintf("SFTPGO_PROVIDER_USERNAME=%s", executor),
fmt.Sprintf("SFTPGO_PROVIDER_IP=%s", ip),
fmt.Sprintf("SFTPGO_PROVIDER_ROLE=%s", role),
fmt.Sprintf("SFTPGO_PROVIDER_TIMESTAMP=%d", util.GetTimeAsMsSinceEpoch(time.Now())),
- fmt.Sprintf("SFTPGO_PROVIDER_OBJECT=%s", objectAsJSON))
+ fmt.Sprintf("SFTPGO_PROVIDER_OBJECT=%s", util.BytesToString(objectAsJSON)))
startTime := time.Now()
err := cmd.Run()
diff --git a/internal/dataprovider/admin.go b/internal/dataprovider/admin.go
index dea4a20b..aca524f2 100644
--- a/internal/dataprovider/admin.go
+++ b/internal/dataprovider/admin.go
@@ -20,7 +20,6 @@ import (
"fmt"
"net"
"os"
- "slices"
"strconv"
"strings"
@@ -87,7 +86,7 @@ func (c *AdminTOTPConfig) validate(username string) error {
if c.ConfigName == "" {
return util.NewValidationError("totp: config name is mandatory")
}
- if !slices.Contains(mfa.GetAvailableTOTPConfigNames(), c.ConfigName) {
+ if !util.Contains(mfa.GetAvailableTOTPConfigNames(), c.ConfigName) {
return util.NewValidationError(fmt.Sprintf("totp: config name %q not found", c.ConfigName))
}
if c.Secret.IsEmpty() {
@@ -323,15 +322,15 @@ func (a *Admin) validatePermissions() error {
util.I18nErrorPermissionsRequired,
)
}
- if slices.Contains(a.Permissions, PermAdminAny) {
+ if util.Contains(a.Permissions, PermAdminAny) {
a.Permissions = []string{PermAdminAny}
}
for _, perm := range a.Permissions {
- if !slices.Contains(validAdminPerms, perm) {
+ if !util.Contains(validAdminPerms, perm) {
return util.NewValidationError(fmt.Sprintf("invalid permission: %q", perm))
}
if a.Role != "" {
- if slices.Contains(forbiddenPermsForRoleAdmins, perm) {
+ if util.Contains(forbiddenPermsForRoleAdmins, perm) {
return util.NewI18nError(
util.NewValidationError("a role admin cannot be a super admin"),
util.I18nErrorRoleAdminPerms,
@@ -364,24 +363,11 @@ func (a *Admin) validateGroups() error {
return nil
}
-func (a *Admin) applyNamingRules() {
- a.Username = config.convertName(a.Username)
- a.Role = config.convertName(a.Role)
- for idx := range a.Groups {
- a.Groups[idx].Name = config.convertName(a.Groups[idx].Name)
- }
-}
-
-func (a *Admin) validate() error { //nolint:gocyclo
+func (a *Admin) validate() error {
a.SetEmptySecretsIfNil()
- a.applyNamingRules()
- a.Password = strings.TrimSpace(a.Password)
if a.Username == "" {
return util.NewI18nError(util.NewValidationError("username is mandatory"), util.I18nErrorUsernameRequired)
}
- if !util.IsNameValid(a.Username) {
- return util.NewI18nError(errInvalidInput, util.I18nErrorInvalidInput)
- }
if err := checkReservedUsernames(a.Username); err != nil {
return util.NewI18nError(err, util.I18nErrorReservedUsername)
}
@@ -494,7 +480,7 @@ func (a *Admin) checkUserAndPass(password, ip string) error {
if err := a.CanLogin(ip); err != nil {
return err
}
- if a.Password == "" || strings.TrimSpace(password) == "" {
+ if a.Password == "" || password == "" {
return errors.New("credentials cannot be null or empty")
}
match, err := a.CheckPassword(password)
@@ -554,20 +540,10 @@ func (a *Admin) SetNilSecretsIfEmpty() {
// HasPermission returns true if the admin has the specified permission
func (a *Admin) HasPermission(perm string) bool {
- if slices.Contains(a.Permissions, PermAdminAny) {
+ if util.Contains(a.Permissions, PermAdminAny) {
return true
}
- return slices.Contains(a.Permissions, perm)
-}
-
-// HasPermissions returns true if the admin has all the specified permissions
-func (a *Admin) HasPermissions(perms ...string) bool {
- for _, perm := range perms {
- if !a.HasPermission(perm) {
- return false
- }
- }
- return len(perms) > 0
+ return util.Contains(a.Permissions, perm)
}
// GetAllowedIPAsString returns the allowed IP as comma separated string
diff --git a/internal/dataprovider/apikey.go b/internal/dataprovider/apikey.go
index b7424dd6..b6c8499d 100644
--- a/internal/dataprovider/apikey.go
+++ b/internal/dataprovider/apikey.go
@@ -148,9 +148,6 @@ func (k *APIKey) validate() error {
if k.Name == "" {
return util.NewValidationError("name is mandatory")
}
- if !util.IsNameValid(k.Name) {
- return util.NewI18nError(errInvalidInput, util.I18nErrorInvalidInput)
- }
if k.Scope != APIKeyScopeAdmin && k.Scope != APIKeyScopeUser {
return util.NewValidationError(fmt.Sprintf("invalid scope: %v", k.Scope))
}
diff --git a/internal/dataprovider/bolt.go b/internal/dataprovider/bolt.go
index 28adb25f..01ad0b3e 100644
--- a/internal/dataprovider/bolt.go
+++ b/internal/dataprovider/bolt.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build !nobolt
+// +build !nobolt
package dataprovider
@@ -24,13 +25,10 @@ import (
"fmt"
"net/netip"
"path/filepath"
- "slices"
"sort"
- "strconv"
"time"
bolt "go.etcd.io/bbolt"
- bolterrors "go.etcd.io/bbolt/errors"
"github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/util"
@@ -39,7 +37,7 @@ import (
)
const (
- boltDatabaseVersion = 34
+ boltDatabaseVersion = 29
)
var (
@@ -183,50 +181,6 @@ func (p *BoltProvider) updateAPIKeyLastUse(keyID string) error {
})
}
-func (p *BoltProvider) getAdminSignature(username string) (string, error) {
- var updatedAt int64
- err := p.dbHandle.View(func(tx *bolt.Tx) error {
- bucket, err := p.getAdminsBucket(tx)
- if err != nil {
- return err
- }
- u := bucket.Get([]byte(username))
- var admin Admin
- err = json.Unmarshal(u, &admin)
- if err != nil {
- return err
- }
- updatedAt = admin.UpdatedAt
- return nil
- })
- if err != nil {
- return "", err
- }
- return strconv.FormatInt(updatedAt, 10), nil
-}
-
-func (p *BoltProvider) getUserSignature(username string) (string, error) {
- var updatedAt int64
- err := p.dbHandle.View(func(tx *bolt.Tx) error {
- bucket, err := p.getUsersBucket(tx)
- if err != nil {
- return err
- }
- u := bucket.Get([]byte(username))
- var user User
- err = json.Unmarshal(u, &user)
- if err != nil {
- return err
- }
- updatedAt = user.UpdatedAt
- return nil
- })
- if err != nil {
- return "", err
- }
- return strconv.FormatInt(updatedAt, 10), nil
-}
-
func (p *BoltProvider) setUpdatedAt(username string) {
p.dbHandle.Update(func(tx *bolt.Tx) error { //nolint:errcheck
bucket, err := p.getUsersBucket(tx)
@@ -446,6 +400,9 @@ func (p *BoltProvider) addAdmin(admin *Admin) error {
admin.LastLogin = 0
admin.CreatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
admin.UpdatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
+ sort.Slice(admin.Groups, func(i, j int) bool {
+ return admin.Groups[i].Name < admin.Groups[j].Name
+ })
for idx := range admin.Groups {
err = p.addAdminToGroupMapping(admin.Username, admin.Groups[idx].Name, groupBucket)
if err != nil {
@@ -504,6 +461,9 @@ func (p *BoltProvider) updateAdmin(admin *Admin) error {
if err = p.addAdminToRole(admin.Username, admin.Role, rolesBucket); err != nil {
return err
}
+ sort.Slice(admin.Groups, func(i, j int) bool {
+ return admin.Groups[i].Name < admin.Groups[j].Name
+ })
for idx := range admin.Groups {
err = p.addAdminToGroupMapping(admin.Username, admin.Groups[idx].Name, groupBucket)
if err != nil {
@@ -715,12 +675,18 @@ func (p *BoltProvider) addUser(user *User) error {
if err := p.addUserToRole(user.Username, user.Role, rolesBucket); err != nil {
return err
}
+ sort.Slice(user.VirtualFolders, func(i, j int) bool {
+ return user.VirtualFolders[i].Name < user.VirtualFolders[j].Name
+ })
for idx := range user.VirtualFolders {
err = p.addRelationToFolderMapping(user.VirtualFolders[idx].Name, user, nil, foldersBucket)
if err != nil {
return err
}
}
+ sort.Slice(user.Groups, func(i, j int) bool {
+ return user.Groups[i].Name < user.Groups[j].Name
+ })
for idx := range user.Groups {
err = p.addUserToGroupMapping(user.Username, user.Groups[idx].Name, groupBucket)
if err != nil {
@@ -1492,6 +1458,9 @@ func (p *BoltProvider) addGroup(group *Group) error {
group.UpdatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
group.Users = nil
group.Admins = nil
+ sort.Slice(group.VirtualFolders, func(i, j int) bool {
+ return group.VirtualFolders[i].Name < group.VirtualFolders[j].Name
+ })
for idx := range group.VirtualFolders {
err = p.addRelationToFolderMapping(group.VirtualFolders[idx].Name, nil, group, foldersBucket)
if err != nil {
@@ -1534,6 +1503,9 @@ func (p *BoltProvider) updateGroup(group *Group) error {
return err
}
}
+ sort.Slice(group.VirtualFolders, func(i, j int) bool {
+ return group.VirtualFolders[i].Name < group.VirtualFolders[j].Name
+ })
for idx := range group.VirtualFolders {
err = p.addRelationToFolderMapping(group.VirtualFolders[idx].Name, nil, group, foldersBucket)
if err != nil {
@@ -2116,11 +2088,11 @@ func (p *BoltProvider) addSharedSession(_ Session) error {
return ErrNotImplemented
}
-func (p *BoltProvider) deleteSharedSession(_ string, _ SessionType) error {
+func (p *BoltProvider) deleteSharedSession(_ string) error {
return ErrNotImplemented
}
-func (p *BoltProvider) getSharedSession(_ string, _ SessionType) (Session, error) {
+func (p *BoltProvider) getSharedSession(_ string) (Session, error) {
return Session{}, ErrNotImplemented
}
@@ -3162,16 +3134,15 @@ func (p *BoltProvider) migrateDatabase() error {
case version == boltDatabaseVersion:
providerLog(logger.LevelDebug, "bolt database is up to date, current version: %d", version)
return ErrNoInitRequired
- case version < 33:
- err = errSchemaVersionTooOld(version)
+ case version < 28:
+ err = fmt.Errorf("database schema version %d is too old, please see the upgrading docs", version)
providerLog(logger.LevelError, "%v", err)
logger.ErrorToConsole("%v", err)
return err
- case version == 33:
- logger.InfoToConsole("updating database schema version: %d -> 34", version)
- providerLog(logger.LevelInfo, "updating database schema version: %d -> 34", version)
- return updateBoltDatabaseVersion(p.dbHandle, 34)
-
+ case version == 28:
+ logger.InfoToConsole("updating database schema version: %d -> 29", version)
+ providerLog(logger.LevelInfo, "updating database schema version: %d -> 29", version)
+ return updateBoltDatabaseVersion(p.dbHandle, 29)
default:
if version > boltDatabaseVersion {
providerLog(logger.LevelError, "database schema version %d is newer than the supported one: %d", version,
@@ -3184,7 +3155,7 @@ func (p *BoltProvider) migrateDatabase() error {
}
}
-func (p *BoltProvider) revertDatabase(targetVersion int) error {
+func (p *BoltProvider) revertDatabase(targetVersion int) error { //nolint:gocyclo
dbVersion, err := getBoltDatabaseVersion(p.dbHandle)
if err != nil {
return err
@@ -3193,11 +3164,10 @@ func (p *BoltProvider) revertDatabase(targetVersion int) error {
return errors.New("current version match target version, nothing to do")
}
switch dbVersion.Version {
- case 34:
- logger.InfoToConsole("downgrading database schema version: %d -> 33", dbVersion.Version)
- providerLog(logger.LevelInfo, "downgrading database schema version: %d -> 33", dbVersion.Version)
- return updateBoltDatabaseVersion(p.dbHandle, 33)
-
+ case 29:
+ logger.InfoToConsole("downgrading database schema version: %d -> 28", dbVersion.Version)
+ providerLog(logger.LevelInfo, "downgrading database schema version: %d -> 28", dbVersion.Version)
+ return updateBoltDatabaseVersion(p.dbHandle, 28)
default:
return fmt.Errorf("database schema version not handled: %v", dbVersion.Version)
}
@@ -3207,7 +3177,7 @@ func (p *BoltProvider) resetDatabase() error {
return p.dbHandle.Update(func(tx *bolt.Tx) error {
for _, bucketName := range boltBuckets {
err := tx.DeleteBucket(bucketName)
- if err != nil && !errors.Is(err, bolterrors.ErrBucketNotFound) {
+ if err != nil && !errors.Is(err, bolt.ErrBucketNotFound) {
return fmt.Errorf("unable to remove bucket %v: %w", bucketName, err)
}
}
@@ -3358,7 +3328,7 @@ func (p *BoltProvider) addAdminToRole(username, roleName string, bucket *bolt.Bu
if err != nil {
return err
}
- if !slices.Contains(role.Admins, username) {
+ if !util.Contains(role.Admins, username) {
role.Admins = append(role.Admins, username)
buf, err := json.Marshal(role)
if err != nil {
@@ -3383,7 +3353,7 @@ func (p *BoltProvider) removeAdminFromRole(username, roleName string, bucket *bo
if err != nil {
return err
}
- if slices.Contains(role.Admins, username) {
+ if util.Contains(role.Admins, username) {
var admins []string
for _, admin := range role.Admins {
if admin != username {
@@ -3413,7 +3383,7 @@ func (p *BoltProvider) addUserToRole(username, roleName string, bucket *bolt.Buc
if err != nil {
return err
}
- if !slices.Contains(role.Users, username) {
+ if !util.Contains(role.Users, username) {
role.Users = append(role.Users, username)
buf, err := json.Marshal(role)
if err != nil {
@@ -3438,7 +3408,7 @@ func (p *BoltProvider) removeUserFromRole(username, roleName string, bucket *bol
if err != nil {
return err
}
- if slices.Contains(role.Users, username) {
+ if util.Contains(role.Users, username) {
var users []string
for _, user := range role.Users {
if user != username {
@@ -3466,7 +3436,7 @@ func (p *BoltProvider) addRuleToActionMapping(ruleName, actionName string, bucke
if err != nil {
return err
}
- if !slices.Contains(action.Rules, ruleName) {
+ if !util.Contains(action.Rules, ruleName) {
action.Rules = append(action.Rules, ruleName)
buf, err := json.Marshal(action)
if err != nil {
@@ -3488,7 +3458,7 @@ func (p *BoltProvider) removeRuleFromActionMapping(ruleName, actionName string,
if err != nil {
return err
}
- if slices.Contains(action.Rules, ruleName) {
+ if util.Contains(action.Rules, ruleName) {
var rules []string
for _, r := range action.Rules {
if r != ruleName {
@@ -3515,7 +3485,7 @@ func (p *BoltProvider) addUserToGroupMapping(username, groupname string, bucket
if err != nil {
return err
}
- if !slices.Contains(group.Users, username) {
+ if !util.Contains(group.Users, username) {
group.Users = append(group.Users, username)
buf, err := json.Marshal(group)
if err != nil {
@@ -3560,7 +3530,7 @@ func (p *BoltProvider) addAdminToGroupMapping(username, groupname string, bucket
if err != nil {
return err
}
- if !slices.Contains(group.Admins, username) {
+ if !util.Contains(group.Admins, username) {
group.Admins = append(group.Admins, username)
buf, err := json.Marshal(group)
if err != nil {
@@ -3631,11 +3601,11 @@ func (p *BoltProvider) addRelationToFolderMapping(folderName string, user *User,
return err
}
updated := false
- if user != nil && !slices.Contains(folder.Users, user.Username) {
+ if user != nil && !util.Contains(folder.Users, user.Username) {
folder.Users = append(folder.Users, user.Username)
updated = true
}
- if group != nil && !slices.Contains(folder.Groups, group.Name) {
+ if group != nil && !util.Contains(folder.Groups, group.Name) {
folder.Groups = append(folder.Groups, group.Name)
updated = true
}
@@ -3721,12 +3691,18 @@ func (p *BoltProvider) updateUserRelations(tx *bolt.Tx, user *User, oldUser User
if err = p.removeUserFromRole(oldUser.Username, oldUser.Role, rolesBucket); err != nil {
return err
}
+ sort.Slice(user.VirtualFolders, func(i, j int) bool {
+ return user.VirtualFolders[i].Name < user.VirtualFolders[j].Name
+ })
for idx := range user.VirtualFolders {
err = p.addRelationToFolderMapping(user.VirtualFolders[idx].Name, user, nil, foldersBucket)
if err != nil {
return err
}
}
+ sort.Slice(user.Groups, func(i, j int) bool {
+ return user.Groups[i].Name < user.Groups[j].Name
+ })
for idx := range user.Groups {
err = p.addUserToGroupMapping(user.Username, user.Groups[idx].Name, groupsBucket)
if err != nil {
@@ -3923,7 +3899,7 @@ func getBoltDatabaseVersion(dbHandle *bolt.DB) (schemaVersion, error) {
v := bucket.Get(dbVersionKey)
if v == nil {
dbVersion = schemaVersion{
- Version: 33,
+ Version: 28,
}
return nil
}
diff --git a/internal/dataprovider/bolt_disabled.go b/internal/dataprovider/bolt_disabled.go
index 0ec5030a..0116314d 100644
--- a/internal/dataprovider/bolt_disabled.go
+++ b/internal/dataprovider/bolt_disabled.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build nobolt
+// +build nobolt
package dataprovider
diff --git a/internal/dataprovider/configs.go b/internal/dataprovider/configs.go
index 22a9c5a4..a68abf72 100644
--- a/internal/dataprovider/configs.go
+++ b/internal/dataprovider/configs.go
@@ -15,12 +15,8 @@
package dataprovider
import (
- "bytes"
"encoding/json"
"fmt"
- "image/png"
- "net/url"
- "slices"
"golang.org/x/crypto/ssh"
@@ -32,18 +28,18 @@ import (
// Supported values for host keys, KEXs, ciphers, MACs
var (
supportedHostKeyAlgos = []string{ssh.KeyAlgoRSA}
- supportedPublicKeyAlgos = []string{ssh.KeyAlgoRSA, ssh.InsecureKeyAlgoDSA} //nolint:staticcheck
+ supportedPublicKeyAlgos = []string{ssh.KeyAlgoRSA, ssh.InsecureKeyAlgoDSA}
supportedKexAlgos = []string{
ssh.KeyExchangeDH16SHA512, ssh.InsecureKeyExchangeDH14SHA1, ssh.InsecureKeyExchangeDH1SHA1,
ssh.InsecureKeyExchangeDHGEXSHA1,
}
supportedCiphers = []string{
- ssh.InsecureCipherAES128CBC,
+ ssh.InsecureCipherAES128CBC, ssh.InsecureCipherAES192CBC, ssh.InsecureCipherAES256CBC,
ssh.InsecureCipherTripleDESCBC,
}
supportedMACs = []string{
ssh.HMACSHA512ETM, ssh.HMACSHA512,
- ssh.HMACSHA1, ssh.InsecureHMACSHA196,
+ ssh.InsecureHMACSHA1, ssh.InsecureHMACSHA196,
}
)
@@ -106,7 +102,7 @@ func (c *SFTPDConfigs) validate() error {
if algo == ssh.CertAlgoRSAv01 {
continue
}
- if !slices.Contains(supportedHostKeyAlgos, algo) {
+ if !util.Contains(supportedHostKeyAlgos, algo) {
return util.NewValidationError(fmt.Sprintf("unsupported host key algorithm %q", algo))
}
hostKeyAlgos = append(hostKeyAlgos, algo)
@@ -117,27 +113,24 @@ func (c *SFTPDConfigs) validate() error {
if algo == "diffie-hellman-group18-sha512" || algo == ssh.KeyExchangeDHGEXSHA256 {
continue
}
- if !slices.Contains(supportedKexAlgos, algo) {
+ if !util.Contains(supportedKexAlgos, algo) {
return util.NewValidationError(fmt.Sprintf("unsupported KEX algorithm %q", algo))
}
kexAlgos = append(kexAlgos, algo)
}
c.KexAlgorithms = kexAlgos
for _, cipher := range c.Ciphers {
- if slices.Contains([]string{"aes192-cbc", "aes256-cbc"}, cipher) {
- continue
- }
- if !slices.Contains(supportedCiphers, cipher) {
+ if !util.Contains(supportedCiphers, cipher) {
return util.NewValidationError(fmt.Sprintf("unsupported cipher %q", cipher))
}
}
for _, mac := range c.MACs {
- if !slices.Contains(supportedMACs, mac) {
+ if !util.Contains(supportedMACs, mac) {
return util.NewValidationError(fmt.Sprintf("unsupported MAC algorithm %q", mac))
}
}
for _, algo := range c.PublicKeyAlgos {
- if !slices.Contains(supportedPublicKeyAlgos, algo) {
+ if !util.Contains(supportedPublicKeyAlgos, algo) {
return util.NewValidationError(fmt.Sprintf("unsupported public key algorithm %q", algo))
}
}
@@ -200,19 +193,19 @@ func (c *SMTPOAuth2) validate() error {
if c.ClientID == "" {
return util.NewI18nError(
util.NewValidationError("smtp oauth2: client id is required"),
- util.I18nErrorClientIDRequired,
+ util.I18nErrorSMTPClientIDRequired,
)
}
- if c.ClientSecret == nil || c.ClientSecret.IsEmpty() {
+ if c.ClientSecret == nil {
return util.NewI18nError(
util.NewValidationError("smtp oauth2: client secret is required"),
- util.I18nErrorClientSecretRequired,
+ util.I18nErrorSMTPClientSecretRequired,
)
}
- if c.RefreshToken == nil || c.RefreshToken.IsEmpty() {
+ if c.RefreshToken == nil {
return util.NewI18nError(
util.NewValidationError("smtp oauth2: refresh token is required"),
- util.I18nErrorRefreshTokenRequired,
+ util.I18nErrorSMTPRefreshTokenRequired,
)
}
if err := validateSMTPSecret(c.ClientSecret, "oauth2 client secret"); err != nil {
@@ -312,27 +305,6 @@ func (c *SMTPConfigs) TryDecrypt() error {
return nil
}
-func (c *SMTPConfigs) prepareForRendering() {
- if c.Password != nil {
- c.Password.Hide()
- if c.Password.IsEmpty() {
- c.Password = nil
- }
- }
- if c.OAuth2.ClientSecret != nil {
- c.OAuth2.ClientSecret.Hide()
- if c.OAuth2.ClientSecret.IsEmpty() {
- c.OAuth2.ClientSecret = nil
- }
- }
- if c.OAuth2.RefreshToken != nil {
- c.OAuth2.RefreshToken.Hide()
- if c.OAuth2.RefreshToken.IsEmpty() {
- c.OAuth2.RefreshToken = nil
- }
- }
-}
-
func (c *SMTPConfigs) getACopy() *SMTPConfigs {
var password *kms.Secret
if c.Password != nil {
@@ -415,137 +387,13 @@ func (c *ACMEConfigs) getACopy() *ACMEConfigs {
}
}
-// BrandingConfig defines the branding configuration
-type BrandingConfig struct {
- Name string `json:"name"`
- ShortName string `json:"short_name"`
- Logo []byte `json:"logo"`
- Favicon []byte `json:"favicon"`
- DisclaimerName string `json:"disclaimer_name"`
- DisclaimerURL string `json:"disclaimer_url"`
-}
-
-func (c *BrandingConfig) isEmpty() bool {
- if c.Name != "" {
- return false
- }
- if c.ShortName != "" {
- return false
- }
- if len(c.Logo) > 0 {
- return false
- }
- if len(c.Favicon) > 0 {
- return false
- }
- if c.DisclaimerName != "" && c.DisclaimerURL != "" {
- return false
- }
- return true
-}
-
-func (*BrandingConfig) validatePNG(b []byte, maxWidth, maxHeight int) error {
- if len(b) == 0 {
- return nil
- }
- // DecodeConfig is more efficient, but I'm not sure if this would lead to
- // accepting invalid images in some edge cases and performance does not
- // matter here.
- img, err := png.Decode(bytes.NewBuffer(b))
- if err != nil {
- return util.NewI18nError(
- util.NewValidationError("invalid PNG image"),
- util.I18nErrorInvalidPNG,
- )
- }
- bounds := img.Bounds()
- if bounds.Dx() > maxWidth || bounds.Dy() > maxHeight {
- return util.NewI18nError(
- util.NewValidationError("invalid PNG image size"),
- util.I18nErrorInvalidPNGSize,
- )
- }
- return nil
-}
-
-func (c *BrandingConfig) validateDisclaimerURL() error {
- if c.DisclaimerURL == "" {
- return nil
- }
- u, err := url.Parse(c.DisclaimerURL)
- if err != nil {
- return util.NewI18nError(
- util.NewValidationError("invalid disclaimer URL"),
- util.I18nErrorInvalidDisclaimerURL,
- )
- }
- if u.Scheme != "http" && u.Scheme != "https" {
- return util.NewI18nError(
- util.NewValidationError("invalid disclaimer URL scheme"),
- util.I18nErrorInvalidDisclaimerURL,
- )
- }
- return nil
-}
-
-func (c *BrandingConfig) validate() error {
- if err := c.validateDisclaimerURL(); err != nil {
- return err
- }
- if err := c.validatePNG(c.Logo, 512, 512); err != nil {
- return err
- }
- return c.validatePNG(c.Favicon, 256, 256)
-}
-
-func (c *BrandingConfig) getACopy() BrandingConfig {
- logo := make([]byte, len(c.Logo))
- copy(logo, c.Logo)
- favicon := make([]byte, len(c.Favicon))
- copy(favicon, c.Favicon)
-
- return BrandingConfig{
- Name: c.Name,
- ShortName: c.ShortName,
- Logo: logo,
- Favicon: favicon,
- DisclaimerName: c.DisclaimerName,
- DisclaimerURL: c.DisclaimerURL,
- }
-}
-
-// BrandingConfigs defines the branding configuration for WebAdmin and WebClient UI
-type BrandingConfigs struct {
- WebAdmin BrandingConfig
- WebClient BrandingConfig
-}
-
-func (c *BrandingConfigs) isEmpty() bool {
- return c.WebAdmin.isEmpty() && c.WebClient.isEmpty()
-}
-
-func (c *BrandingConfigs) validate() error {
- if err := c.WebAdmin.validate(); err != nil {
- return err
- }
- return c.WebClient.validate()
-}
-
-func (c *BrandingConfigs) getACopy() *BrandingConfigs {
- return &BrandingConfigs{
- WebAdmin: c.WebAdmin.getACopy(),
- WebClient: c.WebClient.getACopy(),
- }
-}
-
// Configs allows to set configuration keys disabled by default without
// modifying the config file or setting env vars
type Configs struct {
- SFTPD *SFTPDConfigs `json:"sftpd,omitempty"`
- SMTP *SMTPConfigs `json:"smtp,omitempty"`
- ACME *ACMEConfigs `json:"acme,omitempty"`
- Branding *BrandingConfigs `json:"branding,omitempty"`
- UpdatedAt int64 `json:"updated_at,omitempty"`
+ SFTPD *SFTPDConfigs `json:"sftpd,omitempty"`
+ SMTP *SMTPConfigs `json:"smtp,omitempty"`
+ ACME *ACMEConfigs `json:"acme,omitempty"`
+ UpdatedAt int64 `json:"updated_at,omitempty"`
}
func (c *Configs) validate() error {
@@ -564,11 +412,6 @@ func (c *Configs) validate() error {
return err
}
}
- if c.Branding != nil {
- if err := c.Branding.validate(); err != nil {
- return err
- }
- }
return nil
}
@@ -585,11 +428,25 @@ func (c *Configs) PrepareForRendering() {
if c.ACME != nil && c.ACME.isEmpty() {
c.ACME = nil
}
- if c.Branding != nil && c.Branding.isEmpty() {
- c.Branding = nil
- }
if c.SMTP != nil {
- c.SMTP.prepareForRendering()
+ if c.SMTP.Password != nil {
+ c.SMTP.Password.Hide()
+ if c.SMTP.Password.IsEmpty() {
+ c.SMTP.Password = nil
+ }
+ }
+ if c.SMTP.OAuth2.ClientSecret != nil {
+ c.SMTP.OAuth2.ClientSecret.Hide()
+ if c.SMTP.OAuth2.ClientSecret.IsEmpty() {
+ c.SMTP.OAuth2.ClientSecret = nil
+ }
+ }
+ if c.SMTP.OAuth2.RefreshToken != nil {
+ c.SMTP.OAuth2.RefreshToken.Hide()
+ if c.SMTP.OAuth2.RefreshToken.IsEmpty() {
+ c.SMTP.OAuth2.RefreshToken = nil
+ }
+ }
}
}
@@ -613,9 +470,6 @@ func (c *Configs) SetNilsToEmpty() {
if c.ACME == nil {
c.ACME = &ACMEConfigs{}
}
- if c.Branding == nil {
- c.Branding = &BrandingConfigs{}
- }
}
// RenderAsJSON implements the renderer interface used within plugins
@@ -644,9 +498,6 @@ func (c *Configs) getACopy() Configs {
if c.ACME != nil {
result.ACME = c.ACME.getACopy()
}
- if c.Branding != nil {
- result.Branding = c.Branding.getACopy()
- }
result.UpdatedAt = c.UpdatedAt
return result
}
diff --git a/internal/dataprovider/dataprovider.go b/internal/dataprovider/dataprovider.go
index 7ecbbe2d..26cfc977 100644
--- a/internal/dataprovider/dataprovider.go
+++ b/internal/dataprovider/dataprovider.go
@@ -44,7 +44,6 @@ import (
"path/filepath"
"regexp"
"runtime"
- "slices"
"strconv"
"strings"
"sync"
@@ -90,7 +89,7 @@ const (
CockroachDataProviderName = "cockroachdb"
// DumpVersion defines the version for the dump.
// For restore/load we support the current version and the previous one
- DumpVersion = 17
+ DumpVersion = 16
argonPwdPrefix = "$argon2id$"
bcryptPwdPrefix = "$2a$"
@@ -112,6 +111,7 @@ const (
operationDelete = "delete"
sqlPrefixValidChars = "abcdefghijklmnopqrstuvwxyz_0123456789"
maxHookResponseSize = 1048576 // 1MB
+ iso8601UTCFormat = "2006-01-02T15:04:05Z"
)
// Supported algorithms for hashing passwords.
@@ -187,8 +187,6 @@ var (
ErrDuplicatedKey = errors.New("duplicated key not allowed")
// ErrForeignKeyViolated occurs when there is a foreign key constraint violation
ErrForeignKeyViolated = errors.New("violates foreign key constraint")
- errInvalidInput = util.NewValidationError("Invalid input. Slashes (/ ), colons (:), control characters, and reserved system names are not allowed")
- tz = ""
isAdminCreated atomic.Bool
validTLSUsernames = []string{string(sdk.TLSUsernameNone), string(sdk.TLSUsernameCN)}
config Config
@@ -211,7 +209,6 @@ var (
sqlTableAdmins string
sqlTableAPIKeys string
sqlTableShares string
- sqlTableSharesGroupsMapping string
sqlTableDefenderHosts string
sqlTableDefenderEvents string
sqlTableActiveTransfers string
@@ -246,7 +243,6 @@ func initSQLTables() {
sqlTableAdmins = "admins"
sqlTableAPIKeys = "api_keys"
sqlTableShares = "shares"
- sqlTableSharesGroupsMapping = "shares_groups_mapping"
sqlTableDefenderHosts = "defender_hosts"
sqlTableDefenderEvents = "defender_events"
sqlTableActiveTransfers = "active_transfers"
@@ -522,7 +518,7 @@ type Config struct {
// GetShared returns the provider share mode.
// This method is called before the provider is initialized
func (c *Config) GetShared() int {
- if !slices.Contains(sharedProviders, c.Driver) {
+ if !util.Contains(sharedProviders, c.Driver) {
return 0
}
return c.IsShared
@@ -594,16 +590,6 @@ func (c *Config) doBackup() (string, error) {
return outputFile, nil
}
-// SetTZ sets the configured timezone.
-func SetTZ(val string) {
- tz = val
-}
-
-// UseLocalTime returns true if local time should be used instead of UTC.
-func UseLocalTime() bool {
- return tz == "local"
-}
-
// ExecuteBackup executes a backup
func ExecuteBackup() (string, error) {
return config.doBackup()
@@ -773,8 +759,6 @@ type Provider interface {
updateLastLogin(username string) error
updateAdminLastLogin(username string) error
setUpdatedAt(username string)
- getAdminSignature(username string) (string, error)
- getUserSignature(username string) (string, error)
getFolders(limit, offset int, order string, minimal bool) ([]vfs.BaseVirtualFolder, error)
getFolderByName(name string) (vfs.BaseVirtualFolder, error)
addFolder(folder *vfs.BaseVirtualFolder) error
@@ -826,8 +810,8 @@ type Provider interface {
cleanupActiveTransfers(before time.Time) error
getActiveTransfers(from time.Time) ([]ActiveTransfer, error)
addSharedSession(session Session) error
- deleteSharedSession(key string, sessionType SessionType) error
- getSharedSession(key string, sessionType SessionType) (Session, error)
+ deleteSharedSession(key string) error
+ getSharedSession(key string) (Session, error)
cleanupSharedSessions(sessionType SessionType, before int64) error
getEventActions(limit, offset int, order string, minimal bool) ([]BaseEventAction, error)
dumpEventActions() ([]BaseEventAction, error)
@@ -890,7 +874,7 @@ func SetTempPath(fsPath string) {
}
func checkSharedMode() {
- if !slices.Contains(sharedProviders, config.Driver) {
+ if !util.Contains(sharedProviders, config.Driver) {
config.IsShared = 0
}
}
@@ -945,13 +929,12 @@ func checkDatabase(checkAdmins bool) error {
if config.UpdateMode == 0 {
err := provider.initializeDatabase()
if err != nil && err != ErrNoInitRequired {
- logger.WarnToConsole("unable to initialize data provider: %v", err)
- providerLog(logger.LevelError, "unable to initialize data provider: %v", err)
+ logger.WarnToConsole("Unable to initialize data provider: %v", err)
+ providerLog(logger.LevelError, "Unable to initialize data provider: %v", err)
return err
}
if err == nil {
- logger.DebugToConsole("data provider successfully initialized")
- providerLog(logger.LevelInfo, "data provider successfully initialized")
+ logger.DebugToConsole("Data provider successfully initialized")
}
err = provider.migrateDatabase()
if err != nil && err != ErrNoInitRequired {
@@ -1057,7 +1040,6 @@ func validateSQLTablesPrefix() error {
sqlTableAdmins = config.SQLTablesPrefix + sqlTableAdmins
sqlTableAPIKeys = config.SQLTablesPrefix + sqlTableAPIKeys
sqlTableShares = config.SQLTablesPrefix + sqlTableShares
- sqlTableSharesGroupsMapping = config.SQLTablesPrefix + sqlTableSharesGroupsMapping
sqlTableDefenderEvents = config.SQLTablesPrefix + sqlTableDefenderEvents
sqlTableDefenderHosts = config.SQLTablesPrefix + sqlTableDefenderHosts
sqlTableActiveTransfers = config.SQLTablesPrefix + sqlTableActiveTransfers
@@ -1079,12 +1061,12 @@ func validateSQLTablesPrefix() error {
"api keys %q shares %q defender hosts %q defender events %q transfers %q groups %q "+
"users groups mapping %q admins groups mapping %q groups folders mapping %q shared sessions %q "+
"schema version %q events actions %q events rules %q rules actions mapping %q tasks %q nodes %q roles %q"+
- "ip lists %q share groups mapping %q configs %q",
+ "ip lists %q configs %q",
sqlTableUsers, sqlTableFolders, sqlTableUsersFoldersMapping, sqlTableAdmins, sqlTableAPIKeys,
sqlTableShares, sqlTableDefenderHosts, sqlTableDefenderEvents, sqlTableActiveTransfers, sqlTableGroups,
sqlTableUsersGroupsMapping, sqlTableAdminsGroupsMapping, sqlTableGroupsFoldersMapping, sqlTableSharedSessions,
sqlTableSchemaVersion, sqlTableEventsActions, sqlTableEventsRules, sqlTableRulesActionsMapping,
- sqlTableTasks, sqlTableNodes, sqlTableRoles, sqlTableIPLists, sqlTableSharesGroupsMapping, sqlTableConfigs)
+ sqlTableTasks, sqlTableNodes, sqlTableRoles, sqlTableIPLists, sqlTableConfigs)
}
return nil
}
@@ -1521,15 +1503,6 @@ func UpdateUserQuota(user *User, filesAdd int, sizeAdd int64, reset bool) error
return nil
}
-// UpdateUserFolderQuota updates the quota for the given user and virtual folder.
-func UpdateUserFolderQuota(folder *vfs.VirtualFolder, user *User, filesAdd int, sizeAdd int64, reset bool) {
- if folder.IsIncludedInUserQuota() {
- UpdateUserQuota(user, filesAdd, sizeAdd, reset) //nolint:errcheck
- return
- }
- UpdateVirtualFolderQuota(&folder.BaseVirtualFolder, filesAdd, sizeAdd, reset) //nolint:errcheck
-}
-
// UpdateVirtualFolderQuota updates the quota for the given virtual folder adding filesAdd and sizeAdd.
// If reset is true filesAdd and sizeAdd indicates the total files and the total size instead of the difference.
func UpdateVirtualFolderQuota(vfolder *vfs.BaseVirtualFolder, filesAdd int, sizeAdd int64, reset bool) error {
@@ -1720,7 +1693,7 @@ func IPListEntryExists(ipOrNet string, listType IPListType) (IPListEntry, error)
// GetIPListEntries returns the IP list entries applying the specified criteria and search limit
func GetIPListEntries(listType IPListType, filter, from, order string, limit int) ([]IPListEntry, error) {
- if !slices.Contains(supportedIPListType, listType) {
+ if !util.Contains(supportedIPListType, listType) {
return nil, util.NewValidationError(fmt.Sprintf("invalid list type %d", listType))
}
return provider.getIPListEntries(listType, filter, from, order, limit)
@@ -2091,20 +2064,6 @@ func UserExists(username, role string) (User, error) {
return provider.userExists(username, role)
}
-// GetAdminSignature returns the signature for the admin with the specified
-// username.
-func GetAdminSignature(username string) (string, error) {
- username = config.convertName(username)
- return provider.getAdminSignature(username)
-}
-
-// GetUserSignature returns the signature for the user with the specified
-// username.
-func GetUserSignature(username string) (string, error) {
- username = config.convertName(username)
- return provider.getUserSignature(username)
-}
-
// GetUserWithGroupSettings tries to return the user with the specified username
// loading also the group settings
func GetUserWithGroupSettings(username, role string) (User, error) {
@@ -2147,6 +2106,9 @@ func UpdateUserPassword(username, plainPwd, executor, ipAddress, role string) er
return err
}
userCopy := user.getACopy()
+ if err := userCopy.LoadAndApplyGroupSettings(); err != nil {
+ return err
+ }
userCopy.Password = plainPwd
if err := createUserPasswordHash(&userCopy); err != nil {
return err
@@ -2244,8 +2206,8 @@ func AddSharedSession(session Session) error {
}
// DeleteSharedSession deletes the session with the specified key
-func DeleteSharedSession(key string, sessionType SessionType) error {
- err := provider.deleteSharedSession(key, sessionType)
+func DeleteSharedSession(key string) error {
+ err := provider.deleteSharedSession(key)
if err != nil {
providerLog(logger.LevelError, "unable to add shared session, key %q, err: %v", key, err)
}
@@ -2253,8 +2215,8 @@ func DeleteSharedSession(key string, sessionType SessionType) error {
}
// GetSharedSession retrieves the session with the specified key
-func GetSharedSession(key string, sessionType SessionType) (Session, error) {
- return provider.getSharedSession(key, sessionType)
+func GetSharedSession(key string) (Session, error) {
+ return provider.getSharedSession(key)
}
// CleanupSharedSessions removes the shared session with the specified type and
@@ -2390,7 +2352,7 @@ func GetFolders(limit, offset int, order string, minimal bool) ([]vfs.BaseVirtua
}
func dumpUsers(data *BackupData, scopes []string) error {
- if len(scopes) == 0 || slices.Contains(scopes, DumpScopeUsers) {
+ if len(scopes) == 0 || util.Contains(scopes, DumpScopeUsers) {
users, err := provider.dumpUsers()
if err != nil {
return err
@@ -2401,7 +2363,7 @@ func dumpUsers(data *BackupData, scopes []string) error {
}
func dumpFolders(data *BackupData, scopes []string) error {
- if len(scopes) == 0 || slices.Contains(scopes, DumpScopeFolders) {
+ if len(scopes) == 0 || util.Contains(scopes, DumpScopeFolders) {
folders, err := provider.dumpFolders()
if err != nil {
return err
@@ -2412,7 +2374,7 @@ func dumpFolders(data *BackupData, scopes []string) error {
}
func dumpGroups(data *BackupData, scopes []string) error {
- if len(scopes) == 0 || slices.Contains(scopes, DumpScopeGroups) {
+ if len(scopes) == 0 || util.Contains(scopes, DumpScopeGroups) {
groups, err := provider.dumpGroups()
if err != nil {
return err
@@ -2423,7 +2385,7 @@ func dumpGroups(data *BackupData, scopes []string) error {
}
func dumpAdmins(data *BackupData, scopes []string) error {
- if len(scopes) == 0 || slices.Contains(scopes, DumpScopeAdmins) {
+ if len(scopes) == 0 || util.Contains(scopes, DumpScopeAdmins) {
admins, err := provider.dumpAdmins()
if err != nil {
return err
@@ -2434,7 +2396,7 @@ func dumpAdmins(data *BackupData, scopes []string) error {
}
func dumpAPIKeys(data *BackupData, scopes []string) error {
- if len(scopes) == 0 || slices.Contains(scopes, DumpScopeAPIKeys) {
+ if len(scopes) == 0 || util.Contains(scopes, DumpScopeAPIKeys) {
apiKeys, err := provider.dumpAPIKeys()
if err != nil {
return err
@@ -2445,7 +2407,7 @@ func dumpAPIKeys(data *BackupData, scopes []string) error {
}
func dumpShares(data *BackupData, scopes []string) error {
- if len(scopes) == 0 || slices.Contains(scopes, DumpScopeShares) {
+ if len(scopes) == 0 || util.Contains(scopes, DumpScopeShares) {
shares, err := provider.dumpShares()
if err != nil {
return err
@@ -2456,7 +2418,7 @@ func dumpShares(data *BackupData, scopes []string) error {
}
func dumpActions(data *BackupData, scopes []string) error {
- if len(scopes) == 0 || slices.Contains(scopes, DumpScopeActions) {
+ if len(scopes) == 0 || util.Contains(scopes, DumpScopeActions) {
actions, err := provider.dumpEventActions()
if err != nil {
return err
@@ -2467,7 +2429,7 @@ func dumpActions(data *BackupData, scopes []string) error {
}
func dumpRules(data *BackupData, scopes []string) error {
- if len(scopes) == 0 || slices.Contains(scopes, DumpScopeRules) {
+ if len(scopes) == 0 || util.Contains(scopes, DumpScopeRules) {
rules, err := provider.dumpEventRules()
if err != nil {
return err
@@ -2478,7 +2440,7 @@ func dumpRules(data *BackupData, scopes []string) error {
}
func dumpRoles(data *BackupData, scopes []string) error {
- if len(scopes) == 0 || slices.Contains(scopes, DumpScopeRoles) {
+ if len(scopes) == 0 || util.Contains(scopes, DumpScopeRoles) {
roles, err := provider.dumpRoles()
if err != nil {
return err
@@ -2489,7 +2451,7 @@ func dumpRoles(data *BackupData, scopes []string) error {
}
func dumpIPLists(data *BackupData, scopes []string) error {
- if len(scopes) == 0 || slices.Contains(scopes, DumpScopeIPLists) {
+ if len(scopes) == 0 || util.Contains(scopes, DumpScopeIPLists) {
ipLists, err := provider.dumpIPListEntries()
if err != nil {
return err
@@ -2500,7 +2462,7 @@ func dumpIPLists(data *BackupData, scopes []string) error {
}
func dumpConfigs(data *BackupData, scopes []string) error {
- if len(scopes) == 0 || slices.Contains(scopes, DumpScopeConfigs) {
+ if len(scopes) == 0 || util.Contains(scopes, DumpScopeConfigs) {
configs, err := provider.getConfigs()
if err != nil {
return err
@@ -2557,17 +2519,6 @@ func DumpData(scopes []string) (BackupData, error) {
func ParseDumpData(data []byte) (BackupData, error) {
var dump BackupData
err := json.Unmarshal(data, &dump)
- if err != nil {
- return dump, err
- }
- if dump.Version < 17 {
- providerLog(logger.LevelInfo, "updating placeholders for actions restored from dump version %d", dump.Version)
- eventActions, err := updateEventActionPlaceholders(dump.EventActions)
- if err != nil {
- return dump, fmt.Errorf("unable to update event action placeholders for dump version %d: %w", dump.Version, err)
- }
- dump.EventActions = eventActions
- }
return dump, err
}
@@ -2732,7 +2683,7 @@ func validateUserGroups(user *User) error {
groupNames := make(map[string]bool)
for _, g := range user.Groups {
- if g.Type < sdk.GroupTypePrimary || g.Type > sdk.GroupTypeMembership {
+ if g.Type < sdk.GroupTypePrimary && g.Type > sdk.GroupTypeMembership {
return util.NewValidationError(fmt.Sprintf("invalid group type: %v", g.Type))
}
if g.Type == sdk.GroupTypePrimary {
@@ -2763,7 +2714,6 @@ func validateAssociatedVirtualFolders(vfolders []vfs.VirtualFolder) ([]vfs.Virtu
folderNames := make(map[string]bool)
for _, v := range vfolders {
- v.Name = config.convertName(v.Name)
if v.VirtualPath == "" {
return nil, util.NewI18nError(
util.NewValidationError("mount/virtual path is mandatory"),
@@ -2815,7 +2765,7 @@ func validateUserTOTPConfig(c *UserTOTPConfig, username string) error {
if c.ConfigName == "" {
return util.NewValidationError("totp: config name is mandatory")
}
- if !slices.Contains(mfa.GetAvailableTOTPConfigNames(), c.ConfigName) {
+ if !util.Contains(mfa.GetAvailableTOTPConfigNames(), c.ConfigName) {
return util.NewValidationError(fmt.Sprintf("totp: config name %q not found", c.ConfigName))
}
if c.Secret.IsEmpty() {
@@ -2831,7 +2781,7 @@ func validateUserTOTPConfig(c *UserTOTPConfig, username string) error {
return util.NewValidationError("totp: specify at least one protocol")
}
for _, protocol := range c.Protocols {
- if !slices.Contains(MFAProtocols, protocol) {
+ if !util.Contains(MFAProtocols, protocol) {
return util.NewValidationError(fmt.Sprintf("totp: invalid protocol %q", protocol))
}
}
@@ -2864,7 +2814,7 @@ func validateUserPermissions(permsToCheck map[string][]string) (map[string][]str
return permissions, util.NewValidationError("invalid permissions")
}
for _, p := range perms {
- if !slices.Contains(ValidPerms, p) {
+ if !util.Contains(ValidPerms, p) {
return permissions, util.NewValidationError(fmt.Sprintf("invalid permission: %q", p))
}
}
@@ -2878,7 +2828,7 @@ func validateUserPermissions(permsToCheck map[string][]string) (map[string][]str
if dir != cleanedDir && cleanedDir == "/" {
return permissions, util.NewValidationError(fmt.Sprintf("cannot set permissions for invalid subdirectory: %q is an alias for \"/\"", dir))
}
- if slices.Contains(perms, PermAny) {
+ if util.Contains(perms, PermAny) {
permissions[cleanedDir] = []string{PermAny}
} else {
permissions[cleanedDir] = util.RemoveDuplicates(perms, false)
@@ -2919,18 +2869,11 @@ func validatePublicKeys(user *User) error {
util.I18nErrorPubKeyInvalid,
)
}
- if out.Type() == ssh.InsecureKeyAlgoDSA { //nolint:staticcheck
- providerLog(logger.LevelError, "dsa public key not accepted, position: %d", idx)
- return util.NewI18nError(
- util.NewValidationError(fmt.Sprintf("DSA key format is insecure and it is not allowed for key at position %d", idx)),
- util.I18nErrorKeyInsecure,
- )
- }
if k, ok := out.(ssh.CryptoPublicKey); ok {
cryptoKey := k.CryptoPublicKey()
if rsaKey, ok := cryptoKey.(*rsa.PublicKey); ok {
if size := rsaKey.N.BitLen(); size < 2048 {
- providerLog(logger.LevelError, "rsa key with size %d at position %d not accepted, minimum 2048", size, idx)
+ providerLog(logger.LevelError, "rsa key with size %d not accepted, minimum 2048", size)
return util.NewI18nError(
util.NewValidationError(fmt.Sprintf("invalid size %d for rsa key at position %d, minimum 2048",
size, idx)),
@@ -2961,7 +2904,7 @@ func validateFiltersPatternExtensions(baseFilters *sdk.BaseUserFilters) error {
util.I18nErrorFilePatternPathInvalid,
)
}
- if slices.Contains(filteredPaths, cleanedPath) {
+ if util.Contains(filteredPaths, cleanedPath) {
return util.NewI18nError(
util.NewValidationError(fmt.Sprintf("duplicate file patterns filter for path %q", f.Path)),
util.I18nErrorFilePatternDuplicated,
@@ -3080,13 +3023,13 @@ func validateFilterProtocols(filters *sdk.BaseUserFilters) error {
return util.NewValidationError("invalid denied_protocols")
}
for _, p := range filters.DeniedProtocols {
- if !slices.Contains(ValidProtocols, p) {
+ if !util.Contains(ValidProtocols, p) {
return util.NewValidationError(fmt.Sprintf("invalid denied protocol %q", p))
}
}
for _, p := range filters.TwoFactorAuthProtocols {
- if !slices.Contains(MFAProtocols, p) {
+ if !util.Contains(MFAProtocols, p) {
return util.NewValidationError(fmt.Sprintf("invalid two factor protocol %q", p))
}
}
@@ -3142,7 +3085,7 @@ func validateBaseFilters(filters *sdk.BaseUserFilters) error {
return util.NewValidationError("invalid denied_login_methods")
}
for _, loginMethod := range filters.DeniedLoginMethods {
- if !slices.Contains(ValidLoginMethods, loginMethod) {
+ if !util.Contains(ValidLoginMethods, loginMethod) {
return util.NewValidationError(fmt.Sprintf("invalid login method: %q", loginMethod))
}
}
@@ -3150,7 +3093,7 @@ func validateBaseFilters(filters *sdk.BaseUserFilters) error {
return err
}
if filters.TLSUsername != "" {
- if !slices.Contains(validTLSUsernames, string(filters.TLSUsername)) {
+ if !util.Contains(validTLSUsernames, string(filters.TLSUsername)) {
return util.NewValidationError(fmt.Sprintf("invalid TLS username: %q", filters.TLSUsername))
}
}
@@ -3160,7 +3103,7 @@ func validateBaseFilters(filters *sdk.BaseUserFilters) error {
}
filters.TLSCerts = certs
for _, opts := range filters.WebClient {
- if !slices.Contains(sdk.WebClientOptions, opts) {
+ if !util.Contains(sdk.WebClientOptions, opts) {
return util.NewValidationError(fmt.Sprintf("invalid web client options %q", opts))
}
}
@@ -3228,19 +3171,19 @@ func validateAccessTimeFilters(filters *sdk.BaseUserFilters) error {
}
func validateCombinedUserFilters(user *User) error {
- if user.Filters.TOTPConfig.Enabled && slices.Contains(user.Filters.WebClient, sdk.WebClientMFADisabled) {
+ if user.Filters.TOTPConfig.Enabled && util.Contains(user.Filters.WebClient, sdk.WebClientMFADisabled) {
return util.NewI18nError(
util.NewValidationError("two-factor authentication cannot be disabled for a user with an active configuration"),
util.I18nErrorDisableActive2FA,
)
}
- if user.Filters.RequirePasswordChange && slices.Contains(user.Filters.WebClient, sdk.WebClientPasswordChangeDisabled) {
+ if user.Filters.RequirePasswordChange && util.Contains(user.Filters.WebClient, sdk.WebClientPasswordChangeDisabled) {
return util.NewI18nError(
util.NewValidationError("you cannot require password change and at the same time disallow it"),
util.I18nErrorPwdChangeConflict,
)
}
- if len(user.Filters.TwoFactorAuthProtocols) > 0 && slices.Contains(user.Filters.WebClient, sdk.WebClientMFADisabled) {
+ if len(user.Filters.TwoFactorAuthProtocols) > 0 && util.Contains(user.Filters.WebClient, sdk.WebClientMFADisabled) {
return util.NewI18nError(
util.NewValidationError("you cannot require two-factor authentication and at the same time disallow it"),
util.I18nError2FAConflict,
@@ -3249,37 +3192,19 @@ func validateCombinedUserFilters(user *User) error {
return nil
}
-func validateEmails(user *User) error {
+func validateBaseParams(user *User) error {
+ if user.Username == "" {
+ return util.NewI18nError(util.NewValidationError("username is mandatory"), util.I18nErrorUsernameRequired)
+ }
+ if err := checkReservedUsernames(user.Username); err != nil {
+ return util.NewI18nError(err, util.I18nErrorReservedUsername)
+ }
if user.Email != "" && !util.IsEmailValid(user.Email) {
return util.NewI18nError(
util.NewValidationError(fmt.Sprintf("email %q is not valid", user.Email)),
util.I18nErrorInvalidEmail,
)
}
- for _, email := range user.Filters.AdditionalEmails {
- if !util.IsEmailValid(email) {
- return util.NewI18nError(
- util.NewValidationError(fmt.Sprintf("email %q is not valid", email)),
- util.I18nErrorInvalidEmail,
- )
- }
- }
- return nil
-}
-
-func validateBaseParams(user *User) error {
- if user.Username == "" {
- return util.NewI18nError(util.NewValidationError("username is mandatory"), util.I18nErrorUsernameRequired)
- }
- if !util.IsNameValid(user.Username) {
- return util.NewI18nError(errInvalidInput, util.I18nErrorInvalidInput)
- }
- if err := checkReservedUsernames(user.Username); err != nil {
- return util.NewI18nError(err, util.I18nErrorReservedUsername)
- }
- if err := validateEmails(user); err != nil {
- return err
- }
if config.NamingRules&1 == 0 && !usernameRegex.MatchString(user.Username) {
return util.NewI18nError(
util.NewValidationError(fmt.Sprintf("username %q is not valid, the following characters are allowed: a-zA-Z0-9-_.~", user.Username)),
@@ -3340,19 +3265,6 @@ func hashPlainPassword(plainPwd string) (string, error) {
func createUserPasswordHash(user *User) error {
if user.Password != "" && !user.IsPasswordHashed() {
- for _, g := range user.Groups {
- if g.Type == sdk.GroupTypePrimary {
- group, err := GroupExists(g.Name)
- if err != nil {
- return errors.New("unable to load group password policies")
- }
- if minEntropy := group.UserSettings.Filters.PasswordStrength; minEntropy > 0 {
- if err := passwordvalidator.Validate(user.Password, float64(minEntropy)); err != nil {
- return util.NewI18nError(util.NewValidationError(err.Error()), util.I18nErrorPasswordComplexity)
- }
- }
- }
- }
if minEntropy := user.getMinPasswordEntropy(); minEntropy > 0 {
if err := passwordvalidator.Validate(user.Password, minEntropy); err != nil {
return util.NewI18nError(util.NewValidationError(err.Error()), util.I18nErrorPasswordComplexity)
@@ -3375,9 +3287,6 @@ func ValidateFolder(folder *vfs.BaseVirtualFolder) error {
if folder.Name == "" {
return util.NewI18nError(util.NewValidationError("folder name is mandatory"), util.I18nErrorNameRequired)
}
- if !util.IsNameValid(folder.Name) {
- return util.NewI18nError(errInvalidInput, util.I18nErrorInvalidInput)
- }
if config.NamingRules&1 == 0 && !usernameRegex.MatchString(folder.Name) {
return util.NewI18nError(
util.NewValidationError(fmt.Sprintf("folder name %q is not valid, the following characters are allowed: a-zA-Z0-9-_.~", folder.Name)),
@@ -3407,7 +3316,6 @@ func ValidateUser(user *User) error {
user.OIDCCustomFields = nil
user.HasPassword = false
user.SetEmptySecretsIfNil()
- user.applyNamingRules()
buildUserHomeDir(user)
if err := validateBaseParams(user); err != nil {
return err
@@ -3557,7 +3465,7 @@ func checkUserAndPass(user *User, password, ip, protocol string) (User, error) {
if err != nil {
return *user, ErrInvalidCredentials
}
- if user.Password == "" || strings.TrimSpace(password) == "" {
+ if user.Password == "" || password == "" {
return *user, errors.New("credentials cannot be null or empty")
}
if !user.Filters.Hooks.CheckPasswordDisabled {
@@ -3596,7 +3504,7 @@ func checkUserPasscode(user *User, password, protocol string) (string, error) {
if user.Filters.TOTPConfig.Enabled {
switch protocol {
case protocolFTP:
- if slices.Contains(user.Filters.TOTPConfig.Protocols, protocol) {
+ if util.Contains(user.Filters.TOTPConfig.Protocols, protocol) {
// the TOTP passcode has six digits
pwdLen := len(password)
if pwdLen < 7 {
@@ -3732,8 +3640,7 @@ func comparePbkdf2PasswordAndHash(password, hashedPassword string) (bool, error)
}
func getSSLMode() string {
- switch config.Driver {
- case PGSQLDataProviderName, CockroachDataProviderName:
+ if config.Driver == PGSQLDataProviderName || config.Driver == CockroachDataProviderName {
switch config.SSLMode {
case 0:
return "disable"
@@ -3748,7 +3655,7 @@ func getSSLMode() string {
case 5:
return "allow"
}
- case MySQLDataProviderName:
+ } else if config.Driver == MySQLDataProviderName {
if config.requireCustomTLSForMySQL() {
return "custom"
}
@@ -3803,7 +3710,7 @@ func doBuiltinKeyboardInteractiveAuth(user *User, client ssh.KeyboardInteractive
if err := user.LoadAndApplyGroupSettings(); err != nil {
return 0, err
}
- hasSecondFactor := user.Filters.TOTPConfig.Enabled && slices.Contains(user.Filters.TOTPConfig.Protocols, protocolSSH)
+ hasSecondFactor := user.Filters.TOTPConfig.Enabled && util.Contains(user.Filters.TOTPConfig.Protocols, protocolSSH)
if !isPartialAuth || !hasSecondFactor {
answers, err := client("", "", []string{"Password: "}, []bool{false})
if err != nil {
@@ -3821,7 +3728,7 @@ func doBuiltinKeyboardInteractiveAuth(user *User, client ssh.KeyboardInteractive
}
func checkKeyboardInteractiveSecondFactor(user *User, client ssh.KeyboardInteractiveChallenge, protocol string) (int, error) {
- if !user.Filters.TOTPConfig.Enabled || !slices.Contains(user.Filters.TOTPConfig.Protocols, protocolSSH) {
+ if !user.Filters.TOTPConfig.Enabled || !util.Contains(user.Filters.TOTPConfig.Protocols, protocolSSH) {
return 1, nil
}
err := user.Filters.TOTPConfig.Secret.TryDecrypt()
@@ -3945,7 +3852,7 @@ func getKeyboardInteractiveAnswers(client ssh.KeyboardInteractiveChallenge, resp
}
if len(answers) == 1 && response.CheckPwd > 0 {
if response.CheckPwd == 2 {
- if !user.Filters.TOTPConfig.Enabled || !slices.Contains(user.Filters.TOTPConfig.Protocols, protocolSSH) {
+ if !user.Filters.TOTPConfig.Enabled || !util.Contains(user.Filters.TOTPConfig.Protocols, protocolSSH) {
providerLog(logger.LevelInfo, "keyboard interactive auth error: unable to check TOTP passcode, TOTP is not enabled for user %q",
user.Username)
return answers, errors.New("TOTP not enabled for SSH protocol")
@@ -4151,7 +4058,7 @@ func getPasswordHookResponse(username, password, ip, protocol string) ([]byte, e
fmt.Sprintf("SFTPGO_AUTHD_IP=%s", ip),
fmt.Sprintf("SFTPGO_AUTHD_PROTOCOL=%s", protocol),
)
- return getCmdOutput(cmd, "check_password_hook")
+ return cmd.Output()
}
func executeCheckPasswordHook(username, password, ip, protocol string) (checkPasswordResponse, error) {
@@ -4207,17 +4114,15 @@ func getPreLoginHookResponse(loginMethod, ip, protocol string, userAsJSON []byte
cmd := exec.CommandContext(ctx, config.PreLoginHook, args...)
cmd.Env = append(env,
- fmt.Sprintf("SFTPGO_LOGIND_USER=%s", userAsJSON),
+ fmt.Sprintf("SFTPGO_LOGIND_USER=%s", util.BytesToString(userAsJSON)),
fmt.Sprintf("SFTPGO_LOGIND_METHOD=%s", loginMethod),
fmt.Sprintf("SFTPGO_LOGIND_IP=%s", ip),
fmt.Sprintf("SFTPGO_LOGIND_PROTOCOL=%s", protocol),
)
- return getCmdOutput(cmd, "pre_login_hook")
+ return cmd.Output()
}
func executePreLoginHook(username, loginMethod, ip, protocol string, oidcTokenFields *map[string]any) (User, error) {
- var user User
-
u, mergedUser, userAsJSON, err := getUserAndJSONForHook(username, oidcTokenFields)
if err != nil {
return u, err
@@ -4240,41 +4145,55 @@ func executePreLoginHook(username, loginMethod, ip, protocol string, oidcTokenFi
}
return u, nil
}
- err = json.Unmarshal(out, &user)
+
+ userID := u.ID
+ userUsedQuotaSize := u.UsedQuotaSize
+ userUsedQuotaFiles := u.UsedQuotaFiles
+ userUsedDownloadTransfer := u.UsedDownloadDataTransfer
+ userUsedUploadTransfer := u.UsedUploadDataTransfer
+ userLastQuotaUpdate := u.LastQuotaUpdate
+ userLastLogin := u.LastLogin
+ userFirstDownload := u.FirstDownload
+ userFirstUpload := u.FirstUpload
+ userLastPwdChange := u.LastPasswordChange
+ userCreatedAt := u.CreatedAt
+ totpConfig := u.Filters.TOTPConfig
+ recoveryCodes := u.Filters.RecoveryCodes
+ err = json.Unmarshal(out, &u)
if err != nil {
- return u, fmt.Errorf("invalid pre-login hook response %q, error: %v", out, err)
+ return u, fmt.Errorf("invalid pre-login hook response %q, error: %v", util.BytesToString(out), err)
}
- if u.ID > 0 {
- user.ID = u.ID
- user.UsedQuotaSize = u.UsedQuotaSize
- user.UsedQuotaFiles = u.UsedQuotaFiles
- user.UsedUploadDataTransfer = u.UsedUploadDataTransfer
- user.UsedDownloadDataTransfer = u.UsedDownloadDataTransfer
- user.LastQuotaUpdate = u.LastQuotaUpdate
- user.LastLogin = u.LastLogin
- user.LastPasswordChange = u.LastPasswordChange
- user.FirstDownload = u.FirstDownload
- user.FirstUpload = u.FirstUpload
- // preserve TOTP config and recovery codes
- user.Filters.TOTPConfig = u.Filters.TOTPConfig
- user.Filters.RecoveryCodes = u.Filters.RecoveryCodes
- if err := provider.updateUser(&user); err != nil {
- return u, err
- }
+ u.ID = userID
+ u.UsedQuotaSize = userUsedQuotaSize
+ u.UsedQuotaFiles = userUsedQuotaFiles
+ u.UsedUploadDataTransfer = userUsedUploadTransfer
+ u.UsedDownloadDataTransfer = userUsedDownloadTransfer
+ u.LastQuotaUpdate = userLastQuotaUpdate
+ u.LastLogin = userLastLogin
+ u.LastPasswordChange = userLastPwdChange
+ u.FirstDownload = userFirstDownload
+ u.FirstUpload = userFirstUpload
+ u.CreatedAt = userCreatedAt
+ if userID == 0 {
+ err = provider.addUser(&u)
} else {
- if err := provider.addUser(&user); err != nil {
- return u, err
+ u.UpdatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
+ // preserve TOTP config and recovery codes
+ u.Filters.TOTPConfig = totpConfig
+ u.Filters.RecoveryCodes = recoveryCodes
+ err = provider.updateUser(&u)
+ if err == nil {
+ webDAVUsersCache.swap(&u, "")
}
}
- user, err = provider.userExists(user.Username, "")
if err != nil {
return u, err
}
- providerLog(logger.LevelDebug, "user %q added/updated from pre-login hook response, id: %d", username, u.ID)
- if u.ID > 0 {
- webDAVUsersCache.swap(&user, "")
+ providerLog(logger.LevelDebug, "user %q added/updated from pre-login hook response, id: %d", username, userID)
+ if userID == 0 {
+ return provider.userExists(username, "")
}
- return user, nil
+ return u, nil
}
// ExecutePostLoginHook executes the post login hook if defined
@@ -4337,7 +4256,7 @@ func ExecutePostLoginHook(user *User, loginMethod, ip, protocol string, err erro
cmd := exec.CommandContext(ctx, config.PostLoginHook, args...)
cmd.Env = append(env,
- fmt.Sprintf("SFTPGO_LOGIND_USER=%s", userAsJSON),
+ fmt.Sprintf("SFTPGO_LOGIND_USER=%s", util.BytesToString(userAsJSON)),
fmt.Sprintf("SFTPGO_LOGIND_IP=%s", ip),
fmt.Sprintf("SFTPGO_LOGIND_METHOD=%s", loginMethod),
fmt.Sprintf("SFTPGO_LOGIND_STATUS=%s", status),
@@ -4406,7 +4325,7 @@ func getExternalAuthResponse(username, password, pkey, keyboardInteractive, ip,
cmd := exec.CommandContext(ctx, config.ExternalAuthHook, args...)
cmd.Env = append(env,
fmt.Sprintf("SFTPGO_AUTHD_USERNAME=%s", username),
- fmt.Sprintf("SFTPGO_AUTHD_USER=%s", userAsJSON),
+ fmt.Sprintf("SFTPGO_AUTHD_USER=%s", util.BytesToString(userAsJSON)),
fmt.Sprintf("SFTPGO_AUTHD_IP=%s", ip),
fmt.Sprintf("SFTPGO_AUTHD_PASSWORD=%s", password),
fmt.Sprintf("SFTPGO_AUTHD_PUBLIC_KEY=%s", pkey),
@@ -4414,7 +4333,7 @@ func getExternalAuthResponse(username, password, pkey, keyboardInteractive, ip,
fmt.Sprintf("SFTPGO_AUTHD_TLS_CERT=%s", strings.ReplaceAll(tlsCert, "\n", "\\n")),
fmt.Sprintf("SFTPGO_AUTHD_KEYBOARD_INTERACTIVE=%v", keyboardInteractive))
- return getCmdOutput(cmd, "external_auth_hook")
+ return cmd.Output()
}
func updateUserFromExtAuthResponse(user *User, password, pkey string) {
@@ -4688,59 +4607,6 @@ func isExternalAuthConfigured(loginMethod string) bool {
}
}
-func replaceTemplateVars(input string) string {
- var result strings.Builder
- i := 0
- for i < len(input) {
- if i+2 <= len(input) && input[i:i+2] == "{{" {
- if i+2 < len(input) {
- nextChar := input[i+2]
- if nextChar == ' ' || nextChar == '.' || nextChar == '-' {
- // Don't replace if followed by space, dot or minus.
- result.WriteString("{{")
- i += 2
- continue
- }
- }
-
- // Find the closing "}}"
- closing := strings.Index(input[i:], "}}")
- if closing != -1 {
- // Replace with {{. only if it's a proper template variable.
- result.WriteString("{{.")
- result.WriteString(input[i+2 : i+closing])
- result.WriteString("}}")
- i += closing + 2
- continue
- }
- }
- result.WriteByte(input[i])
- i++
- }
- return result.String()
-}
-
-func updateEventActionPlaceholders(actions []BaseEventAction) ([]BaseEventAction, error) {
- var result []BaseEventAction
-
- for _, action := range actions {
- options, err := json.Marshal(action.Options)
- if err != nil {
- return nil, err
- }
- convertedOptions := replaceTemplateVars(string(options))
- var opts BaseEventActionOptions
- err = json.Unmarshal([]byte(convertedOptions), &opts)
- if err != nil {
- return nil, err
- }
- action.Options = opts
- result = append(result, action)
- }
-
- return result, nil
-}
-
func getConfigPath(name, configDir string) string {
if !util.IsFileInputValid(name) {
return ""
@@ -4752,47 +4618,12 @@ func getConfigPath(name, configDir string) string {
}
func checkReservedUsernames(username string) error {
- if slices.Contains(reservedUsers, username) {
+ if util.Contains(reservedUsers, username) {
return util.NewValidationError("this username is reserved")
}
return nil
}
-func errSchemaVersionTooOld(version int) error {
- return fmt.Errorf("database schema version %d is too old, please see the upgrading docs: https://docs.sftpgo.com/latest/data-provider/#upgrading", version)
-}
-
-func getCmdOutput(cmd *exec.Cmd, sender string) ([]byte, error) {
- var stdout bytes.Buffer
- cmd.Stdout = &stdout
-
- stderr, err := cmd.StderrPipe()
- if err != nil {
- return nil, err
- }
-
- err = cmd.Start()
- if err != nil {
- return nil, err
- }
-
- scanner := bufio.NewScanner(stderr)
-
- go func() {
- for scanner.Scan() {
- if out := scanner.Text(); out != "" {
- logger.Log(logger.LevelWarn, sender, "", "%s", out)
- }
- }
- if err := scanner.Err(); err != nil {
- logger.Log(logger.LevelError, sender, "", "error reading stderr: %v", err)
- }
- }()
-
- err = cmd.Wait()
- return stdout.Bytes(), err
-}
-
func providerLog(level logger.LogLevel, format string, v ...any) {
logger.Log(level, logSender, "", format, v...)
}
diff --git a/internal/dataprovider/eventrule.go b/internal/dataprovider/eventrule.go
index 959f874c..0c7d0e35 100644
--- a/internal/dataprovider/eventrule.go
+++ b/internal/dataprovider/eventrule.go
@@ -64,7 +64,7 @@ var (
)
func isActionTypeValid(action int) bool {
- return slices.Contains(supportedEventActions, action)
+ return util.Contains(supportedEventActions, action)
}
func getActionTypeAsString(action int) string {
@@ -119,7 +119,7 @@ var (
)
func isEventTriggerValid(trigger int) bool {
- return slices.Contains(supportedEventTriggers, trigger)
+ return util.Contains(supportedEventTriggers, trigger)
}
func getTriggerTypeAsString(trigger int) string {
@@ -173,7 +173,7 @@ var (
)
func isFilesystemActionValid(value int) bool {
- return slices.Contains(supportedFsActions, value)
+ return util.Contains(supportedFsActions, value)
}
func getFsActionTypeAsString(value int) string {
@@ -342,7 +342,7 @@ func (c *EventActionHTTPConfig) validateMultiparts() error {
)
}
for _, k := range c.Headers {
- if strings.EqualFold(k.Key, "content-type") {
+ if strings.ToLower(k.Key) == "content-type" {
return util.NewI18nError(
util.NewValidationError("content type is automatically set for multipart requests"),
util.I18nErrorMultipartCType,
@@ -384,7 +384,7 @@ func (c *EventActionHTTPConfig) validate(additionalData string) error {
return util.NewValidationError(fmt.Sprintf("could not encrypt HTTP password: %v", err))
}
}
- if !slices.Contains(SupportedHTTPActionMethods, c.Method) {
+ if !util.Contains(SupportedHTTPActionMethods, c.Method) {
return util.NewValidationError(fmt.Sprintf("unsupported HTTP method: %s", c.Method))
}
for _, kv := range c.QueryParameters {
@@ -671,21 +671,12 @@ func (c *EventActionFsCompress) validate() error {
return nil
}
-// RenameConfig defines the configuration for a filesystem rename
-type RenameConfig struct {
- // key is the source and target the value
- KeyValue
- // This setting only applies to storage providers that support
- // changing modification times.
- UpdateModTime bool `json:"update_modtime,omitempty"`
-}
-
// EventActionFilesystemConfig defines the configuration for filesystem actions
type EventActionFilesystemConfig struct {
// Filesystem actions, see the above enum
Type int `json:"type,omitempty"`
- // files/dirs to rename
- Renames []RenameConfig `json:"renames,omitempty"`
+ // files/dirs to rename, key is the source and target the value
+ Renames []KeyValue `json:"renames,omitempty"`
// directories to create
MkDirs []string `json:"mkdirs,omitempty"`
// files/dirs to delete
@@ -726,9 +717,9 @@ func (c *EventActionFilesystemConfig) validateRenames() error {
if len(c.Renames) == 0 {
return util.NewI18nError(util.NewValidationError("no path to rename specified"), util.I18nErrorPathRequired)
}
- for idx, cfg := range c.Renames {
- key := strings.TrimSpace(cfg.Key)
- value := strings.TrimSpace(cfg.Value)
+ for idx, kv := range c.Renames {
+ key := strings.TrimSpace(kv.Key)
+ value := strings.TrimSpace(kv.Value)
if key == "" || value == "" {
return util.NewValidationError("invalid paths to rename")
}
@@ -746,12 +737,9 @@ func (c *EventActionFilesystemConfig) validateRenames() error {
util.I18nErrorRootNotAllowed,
)
}
- c.Renames[idx] = RenameConfig{
- KeyValue: KeyValue{
- Key: key,
- Value: value,
- },
- UpdateModTime: cfg.UpdateModTime,
+ c.Renames[idx] = KeyValue{
+ Key: key,
+ Value: value,
}
}
return nil
@@ -915,7 +903,7 @@ func (c *EventActionFilesystemConfig) getACopy() EventActionFilesystemConfig {
return EventActionFilesystemConfig{
Type: c.Type,
- Renames: cloneRenameConfigs(c.Renames),
+ Renames: cloneKeyValues(c.Renames),
MkDirs: mkdirs,
Deletes: deletes,
Exist: exist,
@@ -1253,15 +1241,6 @@ func (a *BaseEventAction) validate() error {
if a.Name == "" {
return util.NewI18nError(util.NewValidationError("name is mandatory"), util.I18nErrorNameRequired)
}
- if !util.IsNameValid(a.Name) {
- return util.NewI18nError(errInvalidInput, util.I18nErrorInvalidInput)
- }
- if config.NamingRules&1 == 0 && !usernameRegex.MatchString(a.Name) {
- return util.NewI18nError(
- util.NewValidationError(fmt.Sprintf("name %q is not valid, the following characters are allowed: a-zA-Z0-9-_.~", a.Name)),
- util.I18nErrorInvalidUser,
- )
- }
if !isActionTypeValid(a.Type) {
return util.NewValidationError(fmt.Sprintf("invalid action type: %d", a.Type))
}
@@ -1313,7 +1292,7 @@ func (a *EventAction) validateAssociation(trigger int, fsEvents []string) error
}
if trigger == EventTriggerFsEvent {
for _, ev := range fsEvents {
- if !slices.Contains(allowedSyncFsEvents, ev) {
+ if !util.Contains(allowedSyncFsEvents, ev) {
return util.NewI18nError(
util.NewValidationError("sync execution is only supported for upload and pre-* events"),
util.I18nErrorEvSyncUnsupportedFs,
@@ -1407,12 +1386,12 @@ func (f *ConditionOptions) validate() error {
}
for _, p := range f.Protocols {
- if !slices.Contains(SupportedRuleConditionProtocols, p) {
+ if !util.Contains(SupportedRuleConditionProtocols, p) {
return util.NewValidationError(fmt.Sprintf("unsupported rule condition protocol: %q", p))
}
}
for _, p := range f.ProviderObjects {
- if !slices.Contains(SupporteRuleConditionProviderObjects, p) {
+ if !util.Contains(SupporteRuleConditionProviderObjects, p) {
return util.NewValidationError(fmt.Sprintf("unsupported provider object: %q", p))
}
}
@@ -1517,7 +1496,7 @@ func (c *EventConditions) validate(trigger int) error {
)
}
for _, ev := range c.FsEvents {
- if !slices.Contains(SupportedFsEvents, ev) {
+ if !util.Contains(SupportedFsEvents, ev) {
return util.NewValidationError(fmt.Sprintf("unsupported fs event: %q", ev))
}
}
@@ -1537,7 +1516,7 @@ func (c *EventConditions) validate(trigger int) error {
)
}
for _, ev := range c.ProviderEvents {
- if !slices.Contains(SupportedProviderEvents, ev) {
+ if !util.Contains(SupportedProviderEvents, ev) {
return util.NewValidationError(fmt.Sprintf("unsupported provider event: %q", ev))
}
}
@@ -1590,7 +1569,7 @@ func (c *EventConditions) validate(trigger int) error {
c.Options.MinFileSize = 0
c.Options.MaxFileSize = 0
c.Schedules = nil
- if !slices.Contains(supportedIDPLoginEvents, c.IDPLoginEvent) {
+ if !util.Contains(supportedIDPLoginEvents, c.IDPLoginEvent) {
return util.NewValidationError(fmt.Sprintf("invalid Identity Provider login event %d", c.IDPLoginEvent))
}
default:
@@ -1681,19 +1660,10 @@ func (r *EventRule) isStatusValid() bool {
return r.Status >= 0 && r.Status <= 1
}
-func (r *EventRule) validate() error { //nolint:gocyclo
+func (r *EventRule) validate() error {
if r.Name == "" {
return util.NewI18nError(util.NewValidationError("name is mandatory"), util.I18nErrorNameRequired)
}
- if !util.IsNameValid(r.Name) {
- return util.NewI18nError(errInvalidInput, util.I18nErrorInvalidInput)
- }
- if config.NamingRules&1 == 0 && !usernameRegex.MatchString(r.Name) {
- return util.NewI18nError(
- util.NewValidationError(fmt.Sprintf("name %q is not valid, the following characters are allowed: a-zA-Z0-9-_.~", r.Name)),
- util.I18nErrorInvalidUser,
- )
- }
if !r.isStatusValid() {
return util.NewValidationError(fmt.Sprintf("invalid event rule status: %d", r.Status))
}
@@ -1753,7 +1723,7 @@ func (r *EventRule) validateMandatorySyncActions() error {
return nil
}
for _, ev := range r.Conditions.FsEvents {
- if slices.Contains(mandatorySyncFsEvents, ev) {
+ if util.Contains(mandatorySyncFsEvents, ev) {
return util.NewI18nError(
util.NewValidationError(fmt.Sprintf("event %q requires at least a sync action", ev)),
util.I18nErrorRuleSyncActionRequired,
@@ -1771,7 +1741,7 @@ func (r *EventRule) checkIPBlockedAndCertificateActions() error {
ActionTypeDataRetentionCheck, ActionTypeFilesystem, ActionTypePasswordExpirationCheck,
ActionTypeUserExpirationCheck}
for _, action := range r.Actions {
- if slices.Contains(unavailableActions, action.Type) {
+ if util.Contains(unavailableActions, action.Type) {
return fmt.Errorf("action %q, type %q is not supported for event trigger %q",
action.Name, getActionTypeAsString(action.Type), getTriggerTypeAsString(r.Trigger))
}
@@ -1787,7 +1757,7 @@ func (r *EventRule) checkProviderEventActions(providerObjectType string) error {
ActionTypeDataRetentionCheck, ActionTypeFilesystem,
ActionTypePasswordExpirationCheck, ActionTypeUserExpirationCheck}
for _, action := range r.Actions {
- if slices.Contains(userSpecificActions, action.Type) && providerObjectType != actionObjectUser {
+ if util.Contains(userSpecificActions, action.Type) && providerObjectType != actionObjectUser {
return fmt.Errorf("action %q, type %q is only supported for provider user events",
action.Name, getActionTypeAsString(action.Type))
}
@@ -1895,20 +1865,6 @@ func (r *EventRule) RenderAsJSON(reload bool) ([]byte, error) {
return json.Marshal(r)
}
-func cloneRenameConfigs(renames []RenameConfig) []RenameConfig {
- res := make([]RenameConfig, 0, len(renames))
- for _, c := range renames {
- res = append(res, RenameConfig{
- KeyValue: KeyValue{
- Key: c.Key,
- Value: c.Value,
- },
- UpdateModTime: c.UpdateModTime,
- })
- }
- return res
-}
-
func cloneKeyValues(keyVals []KeyValue) []KeyValue {
res := make([]KeyValue, 0, len(keyVals))
for _, kv := range keyVals {
diff --git a/internal/dataprovider/group.go b/internal/dataprovider/group.go
index fa09fda4..8577efda 100644
--- a/internal/dataprovider/group.go
+++ b/internal/dataprovider/group.go
@@ -132,22 +132,11 @@ func (g *Group) hasRedactedSecret() bool {
return g.UserSettings.FsConfig.HasRedactedSecret()
}
-func (g *Group) applyNamingRules() {
- g.Name = config.convertName(g.Name)
- for idx := range g.VirtualFolders {
- g.VirtualFolders[idx].Name = config.convertName(g.VirtualFolders[idx].Name)
- }
-}
-
func (g *Group) validate() error {
g.SetEmptySecretsIfNil()
- g.applyNamingRules()
if g.Name == "" {
return util.NewI18nError(util.NewValidationError("name is mandatory"), util.I18nErrorNameRequired)
}
- if !util.IsNameValid(g.Name) {
- return util.NewI18nError(errInvalidInput, util.I18nErrorInvalidInput)
- }
if config.NamingRules&1 == 0 && !usernameRegex.MatchString(g.Name) {
return util.NewI18nError(
util.NewValidationError(fmt.Sprintf("name %q is not valid, the following characters are allowed: a-zA-Z0-9-_.~", g.Name)),
diff --git a/internal/dataprovider/iplist.go b/internal/dataprovider/iplist.go
index bc3b5b99..739ef472 100644
--- a/internal/dataprovider/iplist.go
+++ b/internal/dataprovider/iplist.go
@@ -19,7 +19,6 @@ import (
"fmt"
"net"
"net/netip"
- "slices"
"strings"
"sync"
"sync/atomic"
@@ -86,7 +85,7 @@ var (
// CheckIPListType returns an error if the provided IP list type is not valid
func CheckIPListType(t IPListType) error {
- if !slices.Contains(supportedIPListType, t) {
+ if !util.Contains(supportedIPListType, t) {
return util.NewValidationError(fmt.Sprintf("invalid list type %d", t))
}
return nil
@@ -418,10 +417,6 @@ func (l *IPList) IsListed(ip, protocol string) (bool, int, error) {
l.mu.RLock()
defer l.mu.RUnlock()
- if l.Ranges.Len() == 0 {
- return false, 0, nil
- }
-
parsedIP := net.ParseIP(ip)
if parsedIP == nil {
return false, 0, fmt.Errorf("invalid IP %s", ip)
diff --git a/internal/dataprovider/memory.go b/internal/dataprovider/memory.go
index e8595291..05d72352 100644
--- a/internal/dataprovider/memory.go
+++ b/internal/dataprovider/memory.go
@@ -22,9 +22,7 @@ import (
"net/netip"
"os"
"path/filepath"
- "slices"
"sort"
- "strconv"
"sync"
"time"
@@ -208,32 +206,6 @@ func (p *MemoryProvider) updateAPIKeyLastUse(keyID string) error {
return nil
}
-func (p *MemoryProvider) getAdminSignature(username string) (string, error) {
- p.dbHandle.Lock()
- defer p.dbHandle.Unlock()
- if p.dbHandle.isClosed {
- return "", errMemoryProviderClosed
- }
- admin, err := p.adminExistsInternal(username)
- if err != nil {
- return "", err
- }
- return strconv.FormatInt(admin.UpdatedAt, 10), nil
-}
-
-func (p *MemoryProvider) getUserSignature(username string) (string, error) {
- p.dbHandle.Lock()
- defer p.dbHandle.Unlock()
- if p.dbHandle.isClosed {
- return "", errMemoryProviderClosed
- }
- user, err := p.userExistsInternal(username)
- if err != nil {
- return "", err
- }
- return strconv.FormatInt(user.UpdatedAt, 10), nil
-}
-
func (p *MemoryProvider) setUpdatedAt(username string) {
p.dbHandle.Lock()
defer p.dbHandle.Unlock()
@@ -376,6 +348,9 @@ func (p *MemoryProvider) addUser(user *User) error {
if err := p.addUserToRole(user.Username, user.Role); err != nil {
return err
}
+ sort.Slice(user.Groups, func(i, j int) bool {
+ return user.Groups[i].Name < user.Groups[j].Name
+ })
var mappedGroups []string
for idx := range user.Groups {
if err = p.addUserToGroupMapping(user.Username, user.Groups[idx].Name); err != nil {
@@ -387,6 +362,9 @@ func (p *MemoryProvider) addUser(user *User) error {
}
mappedGroups = append(mappedGroups, user.Groups[idx].Name)
}
+ sort.Slice(user.VirtualFolders, func(i, j int) bool {
+ return user.VirtualFolders[i].Name < user.VirtualFolders[j].Name
+ })
var mappedFolders []string
for idx := range user.VirtualFolders {
if err = p.addUserToFolderMapping(user.Username, user.VirtualFolders[idx].Name); err != nil {
@@ -432,6 +410,9 @@ func (p *MemoryProvider) updateUser(user *User) error { //nolint:gocyclo
for idx := range u.Groups {
p.removeUserFromGroupMapping(u.Username, u.Groups[idx].Name)
}
+ sort.Slice(user.Groups, func(i, j int) bool {
+ return user.Groups[i].Name < user.Groups[j].Name
+ })
for idx := range user.Groups {
if err = p.addUserToGroupMapping(user.Username, user.Groups[idx].Name); err != nil {
// try to add old mapping
@@ -447,6 +428,9 @@ func (p *MemoryProvider) updateUser(user *User) error { //nolint:gocyclo
for _, oldFolder := range u.VirtualFolders {
p.removeRelationFromFolderMapping(oldFolder.Name, u.Username, "")
}
+ sort.Slice(user.VirtualFolders, func(i, j int) bool {
+ return user.VirtualFolders[i].Name < user.VirtualFolders[j].Name
+ })
for idx := range user.VirtualFolders {
if err = p.addUserToFolderMapping(user.Username, user.VirtualFolders[idx].Name); err != nil {
// try to add old mapping
@@ -759,6 +743,9 @@ func (p *MemoryProvider) addAdmin(admin *Admin) error {
return err
}
var mappedAdmins []string
+ sort.Slice(admin.Groups, func(i, j int) bool {
+ return admin.Groups[i].Name < admin.Groups[j].Name
+ })
for idx := range admin.Groups {
if err = p.addAdminToGroupMapping(admin.Username, admin.Groups[idx].Name); err != nil {
// try to remove group mapping
@@ -801,6 +788,9 @@ func (p *MemoryProvider) updateAdmin(admin *Admin) error {
for idx := range a.Groups {
p.removeAdminFromGroupMapping(a.Username, a.Groups[idx].Name)
}
+ sort.Slice(admin.Groups, func(i, j int) bool {
+ return admin.Groups[i].Name < admin.Groups[j].Name
+ })
for idx := range admin.Groups {
if err = p.addAdminToGroupMapping(admin.Username, admin.Groups[idx].Name); err != nil {
// try to add old mapping
@@ -1064,6 +1054,9 @@ func (p *MemoryProvider) addGroup(group *Group) error {
group.UpdatedAt = util.GetTimeAsMsSinceEpoch(time.Now())
group.Users = nil
group.Admins = nil
+ sort.Slice(group.VirtualFolders, func(i, j int) bool {
+ return group.VirtualFolders[i].Name < group.VirtualFolders[j].Name
+ })
var mappedFolders []string
for idx := range group.VirtualFolders {
if err = p.addGroupToFolderMapping(group.Name, group.VirtualFolders[idx].Name); err != nil {
@@ -1097,6 +1090,9 @@ func (p *MemoryProvider) updateGroup(group *Group) error {
for _, oldFolder := range g.VirtualFolders {
p.removeRelationFromFolderMapping(oldFolder.Name, "", g.Name)
}
+ sort.Slice(group.VirtualFolders, func(i, j int) bool {
+ return group.VirtualFolders[i].Name < group.VirtualFolders[j].Name
+ })
for idx := range group.VirtualFolders {
if err = p.addGroupToFolderMapping(group.Name, group.VirtualFolders[idx].Name); err != nil {
// try to add old mapping
@@ -1214,7 +1210,7 @@ func (p *MemoryProvider) addRuleToActionMapping(ruleName, actionName string) err
if err != nil {
return util.NewGenericError(fmt.Sprintf("action %q does not exist", actionName))
}
- if !slices.Contains(a.Rules, ruleName) {
+ if !util.Contains(a.Rules, ruleName) {
a.Rules = append(a.Rules, ruleName)
p.dbHandle.actions[actionName] = a
}
@@ -1227,7 +1223,7 @@ func (p *MemoryProvider) removeRuleFromActionMapping(ruleName, actionName string
providerLog(logger.LevelWarn, "action %q does not exist, cannot remove from mapping", actionName)
return
}
- if slices.Contains(a.Rules, ruleName) {
+ if util.Contains(a.Rules, ruleName) {
var rules []string
for _, r := range a.Rules {
if r != ruleName {
@@ -1244,7 +1240,7 @@ func (p *MemoryProvider) addAdminToGroupMapping(username, groupname string) erro
if err != nil {
return err
}
- if !slices.Contains(g.Admins, username) {
+ if !util.Contains(g.Admins, username) {
g.Admins = append(g.Admins, username)
p.dbHandle.groups[groupname] = g
}
@@ -1287,7 +1283,7 @@ func (p *MemoryProvider) addUserToGroupMapping(username, groupname string) error
if err != nil {
return err
}
- if !slices.Contains(g.Users, username) {
+ if !util.Contains(g.Users, username) {
g.Users = append(g.Users, username)
p.dbHandle.groups[groupname] = g
}
@@ -1317,7 +1313,7 @@ func (p *MemoryProvider) addAdminToRole(username, role string) error {
if err != nil {
return fmt.Errorf("%w: role %q does not exist", ErrForeignKeyViolated, role)
}
- if !slices.Contains(r.Admins, username) {
+ if !util.Contains(r.Admins, username) {
r.Admins = append(r.Admins, username)
p.dbHandle.roles[role] = r
}
@@ -1351,7 +1347,7 @@ func (p *MemoryProvider) addUserToRole(username, role string) error {
if err != nil {
return fmt.Errorf("%w: role %q does not exist", ErrForeignKeyViolated, role)
}
- if !slices.Contains(r.Users, username) {
+ if !util.Contains(r.Users, username) {
r.Users = append(r.Users, username)
p.dbHandle.roles[role] = r
}
@@ -1382,7 +1378,7 @@ func (p *MemoryProvider) addUserToFolderMapping(username, foldername string) err
if err != nil {
return util.NewGenericError(fmt.Sprintf("unable to get folder %q: %v", foldername, err))
}
- if !slices.Contains(f.Users, username) {
+ if !util.Contains(f.Users, username) {
f.Users = append(f.Users, username)
p.dbHandle.vfolders[foldername] = f
}
@@ -1394,7 +1390,7 @@ func (p *MemoryProvider) addGroupToFolderMapping(name, foldername string) error
if err != nil {
return util.NewGenericError(fmt.Sprintf("unable to get folder %q: %v", foldername, err))
}
- if !slices.Contains(f.Groups, name) {
+ if !util.Contains(f.Groups, name) {
f.Groups = append(f.Groups, name)
p.dbHandle.vfolders[foldername] = f
}
@@ -2093,11 +2089,11 @@ func (p *MemoryProvider) addSharedSession(_ Session) error {
return ErrNotImplemented
}
-func (p *MemoryProvider) deleteSharedSession(_ string, _ SessionType) error {
+func (p *MemoryProvider) deleteSharedSession(_ string) error {
return ErrNotImplemented
}
-func (p *MemoryProvider) getSharedSession(_ string, _ SessionType) (Session, error) {
+func (p *MemoryProvider) getSharedSession(_ string) (Session, error) {
return Session{}, ErrNotImplemented
}
diff --git a/internal/dataprovider/mysql.go b/internal/dataprovider/mysql.go
index f6be87b0..659637d9 100644
--- a/internal/dataprovider/mysql.go
+++ b/internal/dataprovider/mysql.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build !nomysql
+// +build !nomysql
package dataprovider
@@ -38,11 +39,11 @@ import (
const (
mysqlResetSQL = "DROP TABLE IF EXISTS `{{api_keys}}` CASCADE;" +
+ "DROP TABLE IF EXISTS `{{folders_mapping}}` CASCADE;" +
"DROP TABLE IF EXISTS `{{users_folders_mapping}}` CASCADE;" +
"DROP TABLE IF EXISTS `{{users_groups_mapping}}` CASCADE;" +
"DROP TABLE IF EXISTS `{{admins_groups_mapping}}` CASCADE;" +
"DROP TABLE IF EXISTS `{{groups_folders_mapping}}` CASCADE;" +
- "DROP TABLE IF EXISTS `{{shares_groups_mapping}}` CASCADE;" +
"DROP TABLE IF EXISTS `{{admins}}` CASCADE;" +
"DROP TABLE IF EXISTS `{{folders}}` CASCADE;" +
"DROP TABLE IF EXISTS `{{shares}}` CASCADE;" +
@@ -83,8 +84,8 @@ const (
"CREATE TABLE `{{groups}}` (`id` integer AUTO_INCREMENT NOT NULL PRIMARY KEY, " +
"`name` varchar(255) NOT NULL UNIQUE, `description` varchar(512) NULL, `created_at` bigint NOT NULL, " +
"`updated_at` bigint NOT NULL, `user_settings` longtext NULL);" +
- "CREATE TABLE `{{shared_sessions}}` (`key` varchar(128) NOT NULL, `type` integer NOT NULL, `data` longtext NOT NULL, " +
- "`timestamp` bigint NOT NULL, PRIMARY KEY (`key`, `type`));" +
+ "CREATE TABLE `{{shared_sessions}}` (`key` varchar(128) NOT NULL PRIMARY KEY, " +
+ "`data` longtext NOT NULL, `type` integer NOT NULL, `timestamp` bigint NOT NULL);" +
"CREATE TABLE `{{users}}` (`id` integer AUTO_INCREMENT NOT NULL PRIMARY KEY, `username` varchar(255) NOT NULL UNIQUE, " +
"`status` integer NOT NULL, `expiration_date` bigint NOT NULL, `description` varchar(512) NULL, `password` longtext NULL, " +
"`public_keys` longtext NULL, `home_dir` longtext NOT NULL, `uid` bigint NOT NULL, `gid` bigint NOT NULL, " +
@@ -94,41 +95,38 @@ const (
"`last_login` bigint NOT NULL, `filters` longtext NULL, `filesystem` longtext NULL, `additional_info` longtext NULL, " +
"`created_at` bigint NOT NULL, `updated_at` bigint NOT NULL, `email` varchar(255) NULL, " +
"`upload_data_transfer` integer NOT NULL, `download_data_transfer` integer NOT NULL, " +
- "`total_data_transfer` integer NOT NULL, `used_upload_data_transfer` bigint NOT NULL, " +
- "`used_download_data_transfer` bigint NOT NULL, `deleted_at` bigint NOT NULL, `first_download` bigint NOT NULL, " +
+ "`total_data_transfer` integer NOT NULL, `used_upload_data_transfer` integer NOT NULL, " +
+ "`used_download_data_transfer` integer NOT NULL, `deleted_at` bigint NOT NULL, `first_download` bigint NOT NULL, " +
"`first_upload` bigint NOT NULL, `last_password_change` bigint NOT NULL, `role_id` integer NULL);" +
"CREATE TABLE `{{groups_folders_mapping}}` (`id` integer AUTO_INCREMENT NOT NULL PRIMARY KEY, " +
"`group_id` integer NOT NULL, `folder_id` integer NOT NULL, " +
- "`virtual_path` longtext NOT NULL, `quota_size` bigint NOT NULL, `quota_files` integer NOT NULL, `sort_order` integer NOT NULL);" +
+ "`virtual_path` longtext NOT NULL, `quota_size` bigint NOT NULL, `quota_files` integer NOT NULL);" +
"CREATE TABLE `{{users_groups_mapping}}` (`id` integer AUTO_INCREMENT NOT NULL PRIMARY KEY, " +
- "`user_id` integer NOT NULL, `group_id` integer NOT NULL, `group_type` integer NOT NULL, `sort_order` integer NOT NULL);" +
+ "`user_id` integer NOT NULL, `group_id` integer NOT NULL, `group_type` integer NOT NULL);" +
"CREATE TABLE `{{users_folders_mapping}}` (`id` integer AUTO_INCREMENT NOT NULL PRIMARY KEY, `virtual_path` longtext NOT NULL, " +
- "`quota_size` bigint NOT NULL, `quota_files` integer NOT NULL, `folder_id` integer NOT NULL, `user_id` integer NOT NULL, `sort_order` integer NOT NULL);" +
+ "`quota_size` bigint NOT NULL, `quota_files` integer NOT NULL, `folder_id` integer NOT NULL, `user_id` integer NOT NULL);" +
"ALTER TABLE `{{users_folders_mapping}}` ADD CONSTRAINT `{{prefix}}unique_user_folder_mapping` " +
"UNIQUE (`user_id`, `folder_id`);" +
"ALTER TABLE `{{users_folders_mapping}}` ADD CONSTRAINT `{{prefix}}users_folders_mapping_user_id_fk_users_id` " +
"FOREIGN KEY (`user_id`) REFERENCES `{{users}}` (`id`) ON DELETE CASCADE;" +
"ALTER TABLE `{{users_folders_mapping}}` ADD CONSTRAINT `{{prefix}}users_folders_mapping_folder_id_fk_folders_id` " +
"FOREIGN KEY (`folder_id`) REFERENCES `{{folders}}` (`id`) ON DELETE CASCADE;" +
- "CREATE INDEX `{{prefix}}users_folders_mapping_sort_order_idx` ON `{{users_folders_mapping}}` (`sort_order`);" +
"ALTER TABLE `{{users_groups_mapping}}` ADD CONSTRAINT `{{prefix}}unique_user_group_mapping` UNIQUE (`user_id`, `group_id`);" +
"ALTER TABLE `{{groups_folders_mapping}}` ADD CONSTRAINT `{{prefix}}unique_group_folder_mapping` UNIQUE (`group_id`, `folder_id`);" +
"ALTER TABLE `{{users_groups_mapping}}` ADD CONSTRAINT `{{prefix}}users_groups_mapping_group_id_fk_groups_id` " +
"FOREIGN KEY (`group_id`) REFERENCES `{{groups}}` (`id`) ON DELETE NO ACTION;" +
"ALTER TABLE `{{users_groups_mapping}}` ADD CONSTRAINT `{{prefix}}users_groups_mapping_user_id_fk_users_id` " +
"FOREIGN KEY (`user_id`) REFERENCES `{{users}}` (`id`) ON DELETE CASCADE; " +
- "CREATE INDEX `{{prefix}}users_groups_mapping_sort_order_idx` ON `{{users_groups_mapping}}` (`sort_order`);" +
"ALTER TABLE `{{groups_folders_mapping}}` ADD CONSTRAINT `{{prefix}}groups_folders_mapping_folder_id_fk_folders_id` " +
"FOREIGN KEY (`folder_id`) REFERENCES `{{folders}}` (`id`) ON DELETE CASCADE;" +
"ALTER TABLE `{{groups_folders_mapping}}` ADD CONSTRAINT `{{prefix}}groups_folders_mapping_group_id_fk_groups_id` " +
"FOREIGN KEY (`group_id`) REFERENCES `{{groups}}` (`id`) ON DELETE CASCADE;" +
- "CREATE INDEX `{{prefix}}groups_folders_mapping_sort_order_idx` ON `{{groups_folders_mapping}}` (`sort_order`); " +
"CREATE TABLE `{{shares}}` (`id` integer AUTO_INCREMENT NOT NULL PRIMARY KEY, " +
"`share_id` varchar(60) NOT NULL UNIQUE, `name` varchar(255) NOT NULL, `description` varchar(512) NULL, " +
"`scope` integer NOT NULL, `paths` longtext NOT NULL, `created_at` bigint NOT NULL, " +
"`updated_at` bigint NOT NULL, `last_use_at` bigint NOT NULL, `expires_at` bigint NOT NULL, " +
"`password` longtext NULL, `max_tokens` integer NOT NULL, `used_tokens` integer NOT NULL, " +
- "`allow_from` longtext NULL, `options` longtext NULL, `user_id` integer NOT NULL);" +
+ "`allow_from` longtext NULL, `user_id` integer NOT NULL);" +
"ALTER TABLE `{{shares}}` ADD CONSTRAINT `{{prefix}}shares_user_id_fk_users_id` " +
"FOREIGN KEY (`user_id`) REFERENCES `{{users}}` (`id`) ON DELETE CASCADE;" +
"CREATE TABLE `{{api_keys}}` (`id` integer AUTO_INCREMENT NOT NULL PRIMARY KEY, `name` varchar(255) NOT NULL, `key_id` varchar(50) NOT NULL UNIQUE," +
@@ -152,14 +150,13 @@ const (
"ALTER TABLE `{{rules_actions_mapping}}` ADD CONSTRAINT `{{prefix}}rules_actions_mapping_action_id_fk_events_targets_id` " +
"FOREIGN KEY (`action_id`) REFERENCES `{{events_actions}}` (`id`) ON DELETE NO ACTION;" +
"CREATE TABLE `{{admins_groups_mapping}}` (`id` integer AUTO_INCREMENT NOT NULL PRIMARY KEY, " +
- " `admin_id` integer NOT NULL, `group_id` integer NOT NULL, `options` longtext NOT NULL, `sort_order` integer NOT NULL);" +
+ " `admin_id` integer NOT NULL, `group_id` integer NOT NULL, `options` longtext NOT NULL);" +
"ALTER TABLE `{{admins_groups_mapping}}` ADD CONSTRAINT `{{prefix}}unique_admin_group_mapping` " +
"UNIQUE (`admin_id`, `group_id`);" +
"ALTER TABLE `{{admins_groups_mapping}}` ADD CONSTRAINT `{{prefix}}admins_groups_mapping_admin_id_fk_admins_id` " +
"FOREIGN KEY (`admin_id`) REFERENCES `{{admins}}` (`id`) ON DELETE CASCADE;" +
"ALTER TABLE `{{admins_groups_mapping}}` ADD CONSTRAINT `{{prefix}}admins_groups_mapping_group_id_fk_groups_id` " +
"FOREIGN KEY (`group_id`) REFERENCES `{{groups}}` (`id`) ON DELETE CASCADE;" +
- "CREATE INDEX `{{prefix}}admins_groups_mapping_sort_order_idx` ON `{{admins_groups_mapping}}` (`sort_order`); " +
"CREATE TABLE `{{nodes}}` (`id` integer AUTO_INCREMENT NOT NULL PRIMARY KEY, " +
"`name` varchar(255) NOT NULL UNIQUE, `data` longtext NOT NULL, `created_at` bigint NOT NULL, " +
"`updated_at` bigint NOT NULL);" +
@@ -196,17 +193,11 @@ const (
"CREATE INDEX `{{prefix}}ip_lists_updated_at_idx` ON `{{ip_lists}}` (`updated_at`);" +
"CREATE INDEX `{{prefix}}ip_lists_deleted_at_idx` ON `{{ip_lists}}` (`deleted_at`);" +
"CREATE INDEX `{{prefix}}ip_lists_first_last_idx` ON `{{ip_lists}}` (`first`, `last`);" +
- "INSERT INTO {{schema_version}} (version) VALUES (33);"
- mysqlV34SQL = "CREATE TABLE `{{shares_groups_mapping}}` (`id` integer AUTO_INCREMENT NOT NULL PRIMARY KEY," +
- "`share_id` integer NOT NULL, `group_id` integer NOT NULL, `permissions` integer NOT NULL," +
- "`sort_order` integer NOT NULL," +
- "CONSTRAINT `{{prefix}}unique_share_group_mapping` UNIQUE (`share_id`, `group_id`)," +
- "CONSTRAINT `{{prefix}}shares_groups_mapping_share_id_fk` FOREIGN KEY (`share_id`) REFERENCES `{{shares}}` (`id`) ON DELETE CASCADE," +
- "CONSTRAINT `{{prefix}}shares_groups_mapping_group_id_fk` FOREIGN KEY (`group_id`) REFERENCES `{{groups}}` (`id`) ON DELETE CASCADE); " +
- "CREATE INDEX `{{prefix}}shares_groups_mapping_sort_order_idx` ON `{{shares_groups_mapping}}` (`sort_order`); " +
- "CREATE INDEX `{{prefix}}shares_groups_mapping_share_id_idx` ON `{{shares_groups_mapping}}` (`share_id`); " +
- "CREATE INDEX `{{prefix}}shares_groups_mapping_group_id_idx` ON `{{shares_groups_mapping}}` (`group_id`);"
- mysqlV34DownSQL = "DROP TABLE IF EXISTS `{{shares_groups_mapping}}`;"
+ "INSERT INTO {{schema_version}} (version) VALUES (28);"
+ mysqlV29SQL = "ALTER TABLE `{{users}}` MODIFY `used_download_data_transfer` bigint NOT NULL;" +
+ "ALTER TABLE `{{users}}` MODIFY `used_upload_data_transfer` bigint NOT NULL;"
+ mysqlV29DownSQL = "ALTER TABLE `{{users}}` MODIFY `used_upload_data_transfer` integer NOT NULL;" +
+ "ALTER TABLE `{{users}}` MODIFY `used_download_data_transfer` integer NOT NULL;"
)
// MySQLProvider defines the auth provider for MySQL/MariaDB database
@@ -338,14 +329,6 @@ func (p *MySQLProvider) getUsedQuota(username string) (int, int64, int64, int64,
return sqlCommonGetUsedQuota(username, p.dbHandle)
}
-func (p *MySQLProvider) getAdminSignature(username string) (string, error) {
- return sqlCommonGetAdminSignature(username, p.dbHandle)
-}
-
-func (p *MySQLProvider) getUserSignature(username string) (string, error) {
- return sqlCommonGetUserSignature(username, p.dbHandle)
-}
-
func (p *MySQLProvider) setUpdatedAt(username string) {
sqlCommonSetUpdatedAt(username, p.dbHandle)
}
@@ -600,12 +583,12 @@ func (p *MySQLProvider) addSharedSession(session Session) error {
return sqlCommonAddSession(session, p.dbHandle)
}
-func (p *MySQLProvider) deleteSharedSession(key string, sessionType SessionType) error {
- return sqlCommonDeleteSession(key, sessionType, p.dbHandle)
+func (p *MySQLProvider) deleteSharedSession(key string) error {
+ return sqlCommonDeleteSession(key, p.dbHandle)
}
-func (p *MySQLProvider) getSharedSession(key string, sessionType SessionType) (Session, error) {
- return sqlCommonGetSession(key, sessionType, p.dbHandle)
+func (p *MySQLProvider) getSharedSession(key string) (Session, error) {
+ return sqlCommonGetSession(key, p.dbHandle)
}
func (p *MySQLProvider) cleanupSharedSessions(sessionType SessionType, before int64) error {
@@ -793,11 +776,11 @@ func (p *MySQLProvider) initializeDatabase() error {
if errors.Is(err, sql.ErrNoRows) {
return errSchemaVersionEmpty
}
- logger.InfoToConsole("creating initial database schema, version 33")
- providerLog(logger.LevelInfo, "creating initial database schema, version 33")
+ logger.InfoToConsole("creating initial database schema, version 28")
+ providerLog(logger.LevelInfo, "creating initial database schema, version 28")
initialSQL := sqlReplaceAll(mysqlInitialSQL)
- return sqlCommonExecSQLAndUpdateDBVersion(p.dbHandle, strings.Split(initialSQL, ";"), 33, true)
+ return sqlCommonExecSQLAndUpdateDBVersion(p.dbHandle, strings.Split(initialSQL, ";"), 28, true)
}
func (p *MySQLProvider) migrateDatabase() error {
@@ -810,13 +793,13 @@ func (p *MySQLProvider) migrateDatabase() error {
case version == sqlDatabaseVersion:
providerLog(logger.LevelDebug, "sql database is up to date, current version: %d", version)
return ErrNoInitRequired
- case version < 33:
- err = errSchemaVersionTooOld(version)
+ case version < 28:
+ err = fmt.Errorf("database schema version %d is too old, please see the upgrading docs", version)
providerLog(logger.LevelError, "%v", err)
logger.ErrorToConsole("%v", err)
return err
- case version == 33:
- return updateMySQLDatabaseFromV33(p.dbHandle)
+ case version == 28:
+ return updateMySQLDatabaseFrom28To29(p.dbHandle)
default:
if version > sqlDatabaseVersion {
providerLog(logger.LevelError, "database schema version %d is newer than the supported one: %d", version,
@@ -839,8 +822,8 @@ func (p *MySQLProvider) revertDatabase(targetVersion int) error {
}
switch dbVersion.Version {
- case 34:
- return downgradeMySQLDatabaseFromV34(p.dbHandle)
+ case 29:
+ return downgradeMySQLDatabaseFrom29To28(p.dbHandle)
default:
return fmt.Errorf("database schema version not handled: %d", dbVersion.Version)
}
@@ -879,29 +862,18 @@ func (p *MySQLProvider) normalizeError(err error, fieldType int) error {
return err
}
-func updateMySQLDatabaseFromV33(dbHandle *sql.DB) error {
- return updateMySQLDatabaseFrom33To34(dbHandle)
+func updateMySQLDatabaseFrom28To29(dbHandle *sql.DB) error {
+ logger.InfoToConsole("updating database schema version: 28 -> 29")
+ providerLog(logger.LevelInfo, "updating database schema version: 28 -> 29")
+
+ sql := strings.ReplaceAll(mysqlV29SQL, "{{users}}", sqlTableUsers)
+ return sqlCommonExecSQLAndUpdateDBVersion(dbHandle, strings.Split(sql, ";"), 29, true)
}
-func downgradeMySQLDatabaseFromV34(dbHandle *sql.DB) error {
- return downgradeMySQLDatabaseFrom34To33(dbHandle)
-}
-
-func updateMySQLDatabaseFrom33To34(dbHandle *sql.DB) error {
- logger.InfoToConsole("updating database schema version: 33 -> 34")
- providerLog(logger.LevelInfo, "updating database schema version: 33 -> 34")
-
- sql := strings.ReplaceAll(mysqlV34SQL, "{{prefix}}", config.SQLTablesPrefix)
- sql = strings.ReplaceAll(sql, "{{shares}}", sqlTableShares)
- sql = strings.ReplaceAll(sql, "{{shares_groups_mapping}}", sqlTableSharesGroupsMapping)
- sql = strings.ReplaceAll(sql, "{{groups}}", sqlTableGroups)
- return sqlCommonExecSQLAndUpdateDBVersion(dbHandle, strings.Split(sql, ";"), 34, true)
-}
-
-func downgradeMySQLDatabaseFrom34To33(dbHandle *sql.DB) error {
- logger.InfoToConsole("downgrading database schema version: 34 -> 33")
- providerLog(logger.LevelInfo, "downgrading database schema version: 34 -> 33")
-
- sql := strings.ReplaceAll(mysqlV34DownSQL, "{{shares_groups_mapping}}", sqlTableSharesGroupsMapping)
- return sqlCommonExecSQLAndUpdateDBVersion(dbHandle, strings.Split(sql, ";"), 33, false)
+func downgradeMySQLDatabaseFrom29To28(dbHandle *sql.DB) error {
+ logger.InfoToConsole("downgrading database schema version: 29 -> 28")
+ providerLog(logger.LevelInfo, "downgrading database schema version: 29 -> 28")
+
+ sql := strings.ReplaceAll(mysqlV29DownSQL, "{{users}}", sqlTableUsers)
+ return sqlCommonExecSQLAndUpdateDBVersion(dbHandle, strings.Split(sql, ";"), 28, false)
}
diff --git a/internal/dataprovider/mysql_disabled.go b/internal/dataprovider/mysql_disabled.go
index 203092b2..c6c09ded 100644
--- a/internal/dataprovider/mysql_disabled.go
+++ b/internal/dataprovider/mysql_disabled.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build nomysql
+// +build nomysql
package dataprovider
diff --git a/internal/dataprovider/node.go b/internal/dataprovider/node.go
index 4b8fc803..5bdf0c25 100644
--- a/internal/dataprovider/node.go
+++ b/internal/dataprovider/node.go
@@ -17,21 +17,21 @@ package dataprovider
import (
"bytes"
"context"
- "crypto/sha256"
- "encoding/hex"
"encoding/json"
"errors"
"fmt"
+ "hash/fnv"
"io"
"net/http"
"strconv"
"strings"
"time"
- "github.com/go-jose/go-jose/v4"
+ "github.com/lestrrat-go/jwx/v2/jwa"
+ "github.com/lestrrat-go/jwx/v2/jwt"
+ "github.com/rs/xid"
"github.com/drakkan/sftpgo/v2/internal/httpclient"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/kms"
"github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/util"
@@ -45,8 +45,7 @@ const (
const (
// NodeTokenHeader defines the header to use for the node auth token
- NodeTokenHeader = "X-SFTPGO-Node"
- nodeTokenAudience = "node"
+ NodeTokenHeader = "X-SFTPGO-Node"
)
var (
@@ -109,12 +108,12 @@ func (n *NodeData) validate() error {
}
func (n *NodeData) getNodeName() string {
- h := sha256.New()
+ h := fnv.New64a()
var b bytes.Buffer
- fmt.Fprintf(&b, "%s:%d", n.Host, n.Port)
+ b.WriteString(fmt.Sprintf("%s:%d", n.Host, n.Port))
h.Write(b.Bytes())
- return hex.EncodeToString(h.Sum(nil))
+ return strconv.FormatUint(h.Sum64(), 10)
}
// Node defines a cluster node
@@ -132,26 +131,33 @@ func (n *Node) validate() error {
return n.Data.validate()
}
-func (n *Node) authenticate(token string) (*jwt.Claims, error) {
+func (n *Node) authenticate(token string) (string, string, error) {
if err := n.Data.Key.TryDecrypt(); err != nil {
providerLog(logger.LevelError, "unable to decrypt node key: %v", err)
- return nil, err
+ return "", "", err
}
if token == "" {
- return nil, ErrInvalidCredentials
+ return "", "", ErrInvalidCredentials
}
- claims, err := jwt.VerifyTokenWithKey(token, []jose.SignatureAlgorithm{jose.HS256}, []byte(n.Data.Key.GetPayload()))
+ t, err := jwt.Parse([]byte(token), jwt.WithKey(jwa.HS256, []byte(n.Data.Key.GetPayload())), jwt.WithValidate(true))
if err != nil {
- return nil, fmt.Errorf("unable to parse and validate token: %v", err)
+ return "", "", fmt.Errorf("unable to parse and validate token: %v", err)
}
- if claims.Username == "" {
- return nil, errors.New("no admin username associated with node token")
+ var adminUsername, role string
+ if admin, ok := t.Get("admin"); ok {
+ if val, ok := admin.(string); ok && val != "" {
+ adminUsername = val
+ }
}
- if !claims.Audience.Contains(nodeTokenAudience) {
- return nil, errors.New("invalid node token audience")
+ if adminUsername == "" {
+ return "", "", errors.New("no admin username associated with node token")
}
-
- return claims, nil
+ if r, ok := t.Get("role"); ok {
+ if val, ok := r.(string); ok && val != "" {
+ role = val
+ }
+ }
+ return adminUsername, role, nil
}
// getBaseURL returns the base URL for this node
@@ -168,37 +174,35 @@ func (n *Node) getBaseURL() string {
}
// generateAuthToken generates a new auth token
-func (n *Node) generateAuthToken(username, role string, permissions []string) (string, error) {
+func (n *Node) generateAuthToken(username, role string) (string, error) {
if err := n.Data.Key.TryDecrypt(); err != nil {
return "", fmt.Errorf("unable to decrypt node key: %w", err)
}
- signer, err := jwt.NewSigner(jose.HS256, []byte(n.Data.Key.GetPayload()))
- if err != nil {
- return "", fmt.Errorf("unable to create signer: %w", err)
- }
- claims := &jwt.Claims{
- Username: username,
- Role: role,
- Permissions: permissions,
- }
- claims.Audience = []string{nodeTokenAudience}
- claims.SetExpiry(time.Now().Add(1 * time.Minute))
- payload, err := signer.Sign(claims)
+ now := time.Now().UTC()
+
+ t := jwt.New()
+ t.Set("admin", username) //nolint:errcheck
+ t.Set("role", role) //nolint:errcheck
+ t.Set(jwt.JwtIDKey, xid.New().String()) //nolint:errcheck
+ t.Set(jwt.NotBeforeKey, now.Add(-30*time.Second)) //nolint:errcheck
+ t.Set(jwt.ExpirationKey, now.Add(1*time.Minute)) //nolint:errcheck
+
+ payload, err := jwt.Sign(t, jwt.WithKey(jwa.HS256, []byte(n.Data.Key.GetPayload())))
if err != nil {
return "", fmt.Errorf("unable to sign authentication token: %w", err)
}
- return payload, nil
+ return util.BytesToString(payload), nil
}
func (n *Node) prepareRequest(ctx context.Context, username, role, relativeURL, method string,
- permissions []string, body io.Reader,
+ body io.Reader,
) (*http.Request, error) {
url := fmt.Sprintf("%s%s", n.getBaseURL(), relativeURL)
req, err := http.NewRequestWithContext(ctx, method, url, body)
if err != nil {
return nil, err
}
- token, err := n.generateAuthToken(username, role, permissions)
+ token, err := n.generateAuthToken(username, role)
if err != nil {
return nil, err
}
@@ -208,11 +212,11 @@ func (n *Node) prepareRequest(ctx context.Context, username, role, relativeURL,
// SendGetRequest sends an HTTP GET request to this node.
// The responseHolder must be a pointer
-func (n *Node) SendGetRequest(username, role, relativeURL string, permissions []string, responseHolder any) error {
+func (n *Node) SendGetRequest(username, role, relativeURL string, responseHolder any) error {
ctx, cancel := context.WithTimeout(context.Background(), nodeReqTimeout)
defer cancel()
- req, err := n.prepareRequest(ctx, username, role, relativeURL, http.MethodGet, permissions, nil)
+ req, err := n.prepareRequest(ctx, username, role, relativeURL, http.MethodGet, nil)
if err != nil {
return err
}
@@ -240,11 +244,11 @@ func (n *Node) SendGetRequest(username, role, relativeURL string, permissions []
}
// SendDeleteRequest sends an HTTP DELETE request to this node
-func (n *Node) SendDeleteRequest(username, role, relativeURL string, permissions []string) error {
+func (n *Node) SendDeleteRequest(username, role, relativeURL string) error {
ctx, cancel := context.WithTimeout(context.Background(), nodeReqTimeout)
defer cancel()
- req, err := n.prepareRequest(ctx, username, role, relativeURL, http.MethodDelete, permissions, nil)
+ req, err := n.prepareRequest(ctx, username, role, relativeURL, http.MethodDelete, nil)
if err != nil {
return err
}
@@ -264,9 +268,9 @@ func (n *Node) SendDeleteRequest(username, role, relativeURL string, permissions
}
// AuthenticateNodeToken check the validity of the provided token
-func AuthenticateNodeToken(token string) (*jwt.Claims, error) {
+func AuthenticateNodeToken(token string) (string, string, error) {
if currentNode == nil {
- return nil, errNoClusterNodes
+ return "", "", errNoClusterNodes
}
return currentNode.authenticate(token)
}
diff --git a/internal/dataprovider/pgsql.go b/internal/dataprovider/pgsql.go
index c4f7c93a..3e7d69d2 100644
--- a/internal/dataprovider/pgsql.go
+++ b/internal/dataprovider/pgsql.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build !nopgsql
+// +build !nopgsql
package dataprovider
@@ -23,7 +24,6 @@ import (
"errors"
"fmt"
"net"
- "slices"
"strconv"
"strings"
"time"
@@ -40,11 +40,11 @@ import (
const (
pgsqlResetSQL = `DROP TABLE IF EXISTS "{{api_keys}}" CASCADE;
+DROP TABLE IF EXISTS "{{folders_mapping}}" CASCADE;
DROP TABLE IF EXISTS "{{users_folders_mapping}}" CASCADE;
DROP TABLE IF EXISTS "{{users_groups_mapping}}" CASCADE;
DROP TABLE IF EXISTS "{{admins_groups_mapping}}" CASCADE;
DROP TABLE IF EXISTS "{{groups_folders_mapping}}" CASCADE;
-DROP TABLE IF EXISTS "{{shares_groups_mapping}}" CASCADE;
DROP TABLE IF EXISTS "{{admins}}" CASCADE;
DROP TABLE IF EXISTS "{{folders}}" CASCADE;
DROP TABLE IF EXISTS "{{shares}}" CASCADE;
@@ -85,8 +85,8 @@ CREATE TABLE "{{folders}}" ("id" integer NOT NULL PRIMARY KEY GENERATED ALWAYS A
"filesystem" text NULL);
CREATE TABLE "{{groups}}" ("id" integer NOT NULL PRIMARY KEY GENERATED ALWAYS AS IDENTITY, "name" varchar(255) NOT NULL UNIQUE,
"description" varchar(512) NULL, "created_at" bigint NOT NULL, "updated_at" bigint NOT NULL, "user_settings" text NULL);
-CREATE TABLE "{{shared_sessions}}" ("key" varchar(128) NOT NULL, "type" integer NOT NULL,
-"data" text NOT NULL, "timestamp" bigint NOT NULL, PRIMARY KEY ("key", "type"));
+CREATE TABLE "{{shared_sessions}}" ("key" varchar(128) NOT NULL PRIMARY KEY,
+"data" text NOT NULL, "type" integer NOT NULL, "timestamp" bigint NOT NULL);
CREATE TABLE "{{users}}" ("id" integer NOT NULL PRIMARY KEY GENERATED ALWAYS AS IDENTITY, "username" varchar(255) NOT NULL UNIQUE, "status" integer NOT NULL,
"expiration_date" bigint NOT NULL, "description" varchar(512) NULL, "password" text NULL, "public_keys" text NULL,
"home_dir" text NOT NULL, "uid" bigint NOT NULL, "gid" bigint NOT NULL, "max_sessions" integer NOT NULL,
@@ -95,14 +95,14 @@ CREATE TABLE "{{users}}" ("id" integer NOT NULL PRIMARY KEY GENERATED ALWAYS AS
"download_bandwidth" integer NOT NULL, "last_login" bigint NOT NULL, "filters" text NULL, "filesystem" text NULL,
"additional_info" text NULL, "created_at" bigint NOT NULL, "updated_at" bigint NOT NULL, "email" varchar(255) NULL,
"upload_data_transfer" integer NOT NULL, "download_data_transfer" integer NOT NULL, "total_data_transfer" integer NOT NULL,
-"used_upload_data_transfer" bigint NOT NULL, "used_download_data_transfer" bigint NOT NULL, "deleted_at" bigint NOT NULL,
+"used_upload_data_transfer" integer NOT NULL, "used_download_data_transfer" integer NOT NULL, "deleted_at" bigint NOT NULL,
"first_download" bigint NOT NULL, "first_upload" bigint NOT NULL, "last_password_change" bigint NOT NULL, "role_id" integer NULL);
CREATE TABLE "{{groups_folders_mapping}}" ("id" integer NOT NULL PRIMARY KEY GENERATED ALWAYS AS IDENTITY, "group_id" integer NOT NULL,
-"folder_id" integer NOT NULL, "virtual_path" text NOT NULL, "quota_size" bigint NOT NULL, "quota_files" integer NOT NULL, "sort_order" integer NOT NULL);
+"folder_id" integer NOT NULL, "virtual_path" text NOT NULL, "quota_size" bigint NOT NULL, "quota_files" integer NOT NULL);
CREATE TABLE "{{users_groups_mapping}}" ("id" integer NOT NULL PRIMARY KEY GENERATED ALWAYS AS IDENTITY, "user_id" integer NOT NULL,
-"group_id" integer NOT NULL, "group_type" integer NOT NULL, "sort_order" integer NOT NULL);
+"group_id" integer NOT NULL, "group_type" integer NOT NULL);
CREATE TABLE "{{users_folders_mapping}}" ("id" integer NOT NULL PRIMARY KEY GENERATED ALWAYS AS IDENTITY, "virtual_path" text NOT NULL,
-"quota_size" bigint NOT NULL, "quota_files" integer NOT NULL, "sort_order" integer NOT NULL, "folder_id" integer NOT NULL, "user_id" integer NOT NULL);
+"quota_size" bigint NOT NULL, "quota_files" integer NOT NULL, "folder_id" integer NOT NULL, "user_id" integer NOT NULL);
ALTER TABLE "{{users_folders_mapping}}" ADD CONSTRAINT "{{prefix}}unique_user_folder_mapping" UNIQUE ("user_id", "folder_id");
ALTER TABLE "{{users_folders_mapping}}" ADD CONSTRAINT "{{prefix}}users_folders_mapping_folder_id_fk_folders_id"
FOREIGN KEY ("folder_id") REFERENCES "{{folders}}" ("id") MATCH SIMPLE ON UPDATE NO ACTION ON DELETE CASCADE;
@@ -112,7 +112,7 @@ CREATE TABLE "{{shares}}" ("id" integer NOT NULL PRIMARY KEY GENERATED ALWAYS AS
"share_id" varchar(60) NOT NULL UNIQUE, "name" varchar(255) NOT NULL, "description" varchar(512) NULL,
"scope" integer NOT NULL, "paths" text NOT NULL, "created_at" bigint NOT NULL, "updated_at" bigint NOT NULL,
"last_use_at" bigint NOT NULL, "expires_at" bigint NOT NULL, "password" text NULL,
-"max_tokens" integer NOT NULL, "used_tokens" integer NOT NULL, "allow_from" text NULL, "options" text NULL,
+"max_tokens" integer NOT NULL, "used_tokens" integer NOT NULL, "allow_from" text NULL,
"user_id" integer NOT NULL);
ALTER TABLE "{{shares}}" ADD CONSTRAINT "{{prefix}}shares_user_id_fk_users_id" FOREIGN KEY ("user_id")
REFERENCES "{{users}}" ("id") MATCH SIMPLE ON UPDATE NO ACTION ON DELETE CASCADE;
@@ -132,14 +132,12 @@ FOREIGN KEY ("group_id") REFERENCES "{{groups}}" ("id") MATCH SIMPLE ON UPDATE N
CREATE INDEX "{{prefix}}users_groups_mapping_user_id_idx" ON "{{users_groups_mapping}}" ("user_id");
ALTER TABLE "{{users_groups_mapping}}" ADD CONSTRAINT "{{prefix}}users_groups_mapping_user_id_fk_users_id"
FOREIGN KEY ("user_id") REFERENCES "{{users}}" ("id") MATCH SIMPLE ON UPDATE NO ACTION ON DELETE CASCADE;
-CREATE INDEX "{{prefix}}users_groups_mapping_sort_order_idx" ON "{{users_groups_mapping}}" ("sort_order");
CREATE INDEX "{{prefix}}groups_folders_mapping_folder_id_idx" ON "{{groups_folders_mapping}}" ("folder_id");
ALTER TABLE "{{groups_folders_mapping}}" ADD CONSTRAINT "{{prefix}}groups_folders_mapping_folder_id_fk_folders_id"
FOREIGN KEY ("folder_id") REFERENCES "{{folders}}" ("id") MATCH SIMPLE ON UPDATE NO ACTION ON DELETE CASCADE;
CREATE INDEX "{{prefix}}groups_folders_mapping_group_id_idx" ON "{{groups_folders_mapping}}" ("group_id");
ALTER TABLE "{{groups_folders_mapping}}" ADD CONSTRAINT "{{prefix}}groups_folders_mapping_group_id_fk_groups_id"
FOREIGN KEY ("group_id") REFERENCES "{{groups}}" ("id") MATCH SIMPLE ON UPDATE NO ACTION ON DELETE CASCADE;
-CREATE INDEX "{{prefix}}groups_folders_mapping_sort_order_idx" ON "{{groups_folders_mapping}}" ("sort_order");
CREATE TABLE "{{events_rules}}" ("id" integer NOT NULL PRIMARY KEY GENERATED ALWAYS AS IDENTITY, "name" varchar(255) NOT NULL UNIQUE,
"status" integer NOT NULL, "description" varchar(512) NULL, "created_at" bigint NOT NULL, "updated_at" bigint NOT NULL,
"trigger" integer NOT NULL, "conditions" text NOT NULL, "deleted_at" bigint NOT NULL);
@@ -155,7 +153,7 @@ FOREIGN KEY ("rule_id") REFERENCES "{{events_rules}}" ("id") MATCH SIMPLE ON UPD
ALTER TABLE "{{rules_actions_mapping}}" ADD CONSTRAINT "{{prefix}}rules_actions_mapping_action_id_fk_events_targets_id"
FOREIGN KEY ("action_id") REFERENCES "{{events_actions}}" ("id") MATCH SIMPLE ON UPDATE NO ACTION ON DELETE NO ACTION;
CREATE TABLE "{{admins_groups_mapping}}" ("id" integer NOT NULL PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
-"admin_id" integer NOT NULL, "group_id" integer NOT NULL, "options" text NOT NULL, "sort_order" integer NOT NULL);
+"admin_id" integer NOT NULL, "group_id" integer NOT NULL, "options" text NOT NULL);
ALTER TABLE "{{admins_groups_mapping}}" ADD CONSTRAINT "{{prefix}}unique_admin_group_mapping" UNIQUE ("admin_id", "group_id");
ALTER TABLE "{{admins_groups_mapping}}" ADD CONSTRAINT "{{prefix}}admins_groups_mapping_admin_id_fk_admins_id"
FOREIGN KEY ("admin_id") REFERENCES "{{admins}}" ("id") MATCH SIMPLE ON UPDATE NO ACTION ON DELETE CASCADE;
@@ -178,7 +176,6 @@ CREATE TABLE "{{configs}}" ("id" integer NOT NULL PRIMARY KEY GENERATED ALWAYS A
INSERT INTO {{configs}} (configs) VALUES ('{}');
CREATE INDEX "{{prefix}}users_folders_mapping_folder_id_idx" ON "{{users_folders_mapping}}" ("folder_id");
CREATE INDEX "{{prefix}}users_folders_mapping_user_id_idx" ON "{{users_folders_mapping}}" ("user_id");
-CREATE INDEX "{{prefix}}users_folders_mapping_sort_order_idx" ON "{{users_folders_mapping}}" ("sort_order");
CREATE INDEX "{{prefix}}api_keys_admin_id_idx" ON "{{api_keys}}" ("admin_id");
CREATE INDEX "{{prefix}}api_keys_user_id_idx" ON "{{api_keys}}" ("user_id");
CREATE INDEX "{{prefix}}users_updated_at_idx" ON "{{users}}" ("updated_at");
@@ -201,7 +198,6 @@ CREATE INDEX "{{prefix}}rules_actions_mapping_action_id_idx" ON "{{rules_actions
CREATE INDEX "{{prefix}}rules_actions_mapping_order_idx" ON "{{rules_actions_mapping}}" ("order");
CREATE INDEX "{{prefix}}admins_groups_mapping_admin_id_idx" ON "{{admins_groups_mapping}}" ("admin_id");
CREATE INDEX "{{prefix}}admins_groups_mapping_group_id_idx" ON "{{admins_groups_mapping}}" ("group_id");
-CREATE INDEX "{{prefix}}admins_groups_mapping_sort_order_idx" ON "{{admins_groups_mapping}}" ("sort_order");
CREATE INDEX "{{prefix}}admins_role_id_idx" ON "{{admins}}" ("role_id");
CREATE INDEX "{{prefix}}users_role_id_idx" ON "{{users}}" ("role_id");
CREATE INDEX "{{prefix}}ip_lists_type_idx" ON "{{ip_lists}}" ("type");
@@ -209,24 +205,16 @@ CREATE INDEX "{{prefix}}ip_lists_ipornet_idx" ON "{{ip_lists}}" ("ipornet");
CREATE INDEX "{{prefix}}ip_lists_updated_at_idx" ON "{{ip_lists}}" ("updated_at");
CREATE INDEX "{{prefix}}ip_lists_deleted_at_idx" ON "{{ip_lists}}" ("deleted_at");
CREATE INDEX "{{prefix}}ip_lists_first_last_idx" ON "{{ip_lists}}" ("first", "last");
-INSERT INTO {{schema_version}} (version) VALUES (33);
+INSERT INTO {{schema_version}} (version) VALUES (28);
`
// not supported in CockroachDB
ipListsLikeIndex = `CREATE INDEX "{{prefix}}ip_lists_ipornet_like_idx" ON "{{ip_lists}}" ("ipornet" varchar_pattern_ops);`
- pgsqlV34SQL = `CREATE TABLE "{{shares_groups_mapping}}" (
-"id" integer NOT NULL PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY,
-"share_id" integer NOT NULL,
-"group_id" integer NOT NULL,
-"permissions" integer NOT NULL,
-"sort_order" integer NOT NULL,
-CONSTRAINT "{{prefix}}unique_share_group_mapping" UNIQUE ("share_id", "group_id"),
-CONSTRAINT "{{prefix}}shares_groups_mapping_share_id_fk" FOREIGN KEY ("share_id") REFERENCES "{{shares}}"("id") ON DELETE CASCADE,
-CONSTRAINT "{{prefix}}shares_groups_mapping_group_id_fk" FOREIGN KEY ("group_id") REFERENCES "{{groups}}"("id") ON DELETE CASCADE);
-CREATE INDEX "{{prefix}}shares_groups_mapping_sort_order_idx" ON "{{shares_groups_mapping}}" ("sort_order");
-CREATE INDEX "{{prefix}}shares_groups_mapping_share_id_idx" ON "{{shares_groups_mapping}}" ("share_id");
-CREATE INDEX "{{prefix}}shares_groups_mapping_group_id_idx" ON "{{shares_groups_mapping}}" ("group_id");
+ pgsqlV29SQL = `ALTER TABLE "{{users}}" ALTER COLUMN "used_download_data_transfer" TYPE bigint;
+ALTER TABLE "{{users}}" ALTER COLUMN "used_upload_data_transfer" TYPE bigint;
+`
+ pgsqlV29DownSQL = `ALTER TABLE "{{users}}" ALTER COLUMN "used_upload_data_transfer" TYPE integer;
+ALTER TABLE "{{users}}" ALTER COLUMN "used_download_data_transfer" TYPE integer;
`
- pgsqlV34DownSQL = `DROP TABLE IF EXISTS "{{shares_groups_mapping}}";`
)
var (
@@ -286,7 +274,7 @@ func getPGSQLHostsAndPorts(configHost string, configPort int) (string, string) {
defaultPort = "5432"
}
- for hostport := range strings.SplitSeq(configHost, ",") {
+ for _, hostport := range strings.Split(configHost, ",") {
hostport = strings.TrimSpace(hostport)
if hostport == "" {
continue
@@ -323,7 +311,7 @@ func getPGSQLConnectionString(redactedPwd bool) string {
if config.DisableSNI {
connectionString += " sslsni=0"
}
- if slices.Contains(pgSQLTargetSessionAttrs, config.TargetSessionAttrs) {
+ if util.Contains(pgSQLTargetSessionAttrs, config.TargetSessionAttrs) {
connectionString += fmt.Sprintf(" target_session_attrs='%s'", config.TargetSessionAttrs)
}
} else {
@@ -360,14 +348,6 @@ func (p *PGSQLProvider) getUsedQuota(username string) (int, int64, int64, int64,
return sqlCommonGetUsedQuota(username, p.dbHandle)
}
-func (p *PGSQLProvider) getAdminSignature(username string) (string, error) {
- return sqlCommonGetAdminSignature(username, p.dbHandle)
-}
-
-func (p *PGSQLProvider) getUserSignature(username string) (string, error) {
- return sqlCommonGetUserSignature(username, p.dbHandle)
-}
-
func (p *PGSQLProvider) setUpdatedAt(username string) {
sqlCommonSetUpdatedAt(username, p.dbHandle)
}
@@ -622,12 +602,12 @@ func (p *PGSQLProvider) addSharedSession(session Session) error {
return sqlCommonAddSession(session, p.dbHandle)
}
-func (p *PGSQLProvider) deleteSharedSession(key string, sessionType SessionType) error {
- return sqlCommonDeleteSession(key, sessionType, p.dbHandle)
+func (p *PGSQLProvider) deleteSharedSession(key string) error {
+ return sqlCommonDeleteSession(key, p.dbHandle)
}
-func (p *PGSQLProvider) getSharedSession(key string, sessionType SessionType) (Session, error) {
- return sqlCommonGetSession(key, sessionType, p.dbHandle)
+func (p *PGSQLProvider) getSharedSession(key string) (Session, error) {
+ return sqlCommonGetSession(key, p.dbHandle)
}
func (p *PGSQLProvider) cleanupSharedSessions(sessionType SessionType, before int64) error {
@@ -815,8 +795,8 @@ func (p *PGSQLProvider) initializeDatabase() error {
if errors.Is(err, sql.ErrNoRows) {
return errSchemaVersionEmpty
}
- logger.InfoToConsole("creating initial database schema, version 33")
- providerLog(logger.LevelInfo, "creating initial database schema, version 33")
+ logger.InfoToConsole("creating initial database schema, version 28")
+ providerLog(logger.LevelInfo, "creating initial database schema, version 28")
var initialSQL string
if config.Driver == CockroachDataProviderName {
initialSQL = sqlReplaceAll(pgsqlInitial)
@@ -825,10 +805,10 @@ func (p *PGSQLProvider) initializeDatabase() error {
initialSQL = sqlReplaceAll(pgsqlInitial + ipListsLikeIndex)
}
- return sqlCommonExecSQLAndUpdateDBVersion(p.dbHandle, []string{initialSQL}, 33, true)
+ return sqlCommonExecSQLAndUpdateDBVersion(p.dbHandle, []string{initialSQL}, 28, true)
}
-func (p *PGSQLProvider) migrateDatabase() error {
+func (p *PGSQLProvider) migrateDatabase() error { //nolint:dupl
dbVersion, err := sqlCommonGetDatabaseVersion(p.dbHandle, true)
if err != nil {
return err
@@ -838,13 +818,13 @@ func (p *PGSQLProvider) migrateDatabase() error {
case version == sqlDatabaseVersion:
providerLog(logger.LevelDebug, "sql database is up to date, current version: %d", version)
return ErrNoInitRequired
- case version < 33:
- err = errSchemaVersionTooOld(version)
+ case version < 28:
+ err = fmt.Errorf("database schema version %d is too old, please see the upgrading docs", version)
providerLog(logger.LevelError, "%v", err)
logger.ErrorToConsole("%v", err)
return err
- case version == 33:
- return updatePGSQLDatabaseFromV33(p.dbHandle)
+ case version == 28:
+ return updatePGSQLDatabaseFrom28To29(p.dbHandle)
default:
if version > sqlDatabaseVersion {
providerLog(logger.LevelError, "database schema version %d is newer than the supported one: %d", version,
@@ -867,8 +847,8 @@ func (p *PGSQLProvider) revertDatabase(targetVersion int) error {
}
switch dbVersion.Version {
- case 34:
- return downgradePGSQLDatabaseFromV34(p.dbHandle)
+ case 29:
+ return downgradePGSQLDatabaseFrom29To28(p.dbHandle)
default:
return fmt.Errorf("database schema version not handled: %d", dbVersion.Version)
}
@@ -907,29 +887,18 @@ func (p *PGSQLProvider) normalizeError(err error, fieldType int) error {
return err
}
-func updatePGSQLDatabaseFromV33(dbHandle *sql.DB) error {
- return updatePGSQLDatabaseFrom33To34(dbHandle)
+func updatePGSQLDatabaseFrom28To29(dbHandle *sql.DB) error {
+ logger.InfoToConsole("updating database schema version: 28 -> 29")
+ providerLog(logger.LevelInfo, "updating database schema version: 28 -> 29")
+
+ sql := strings.ReplaceAll(pgsqlV29SQL, "{{users}}", sqlTableUsers)
+ return sqlCommonExecSQLAndUpdateDBVersion(dbHandle, []string{sql}, 29, true)
}
-func downgradePGSQLDatabaseFromV34(dbHandle *sql.DB) error {
- return downgradePGSQLDatabaseFrom34To33(dbHandle)
-}
-
-func updatePGSQLDatabaseFrom33To34(dbHandle *sql.DB) error {
- logger.InfoToConsole("updating database schema version: 33 -> 34")
- providerLog(logger.LevelInfo, "updating database schema version: 33 -> 34")
-
- sql := strings.ReplaceAll(pgsqlV34SQL, "{{prefix}}", config.SQLTablesPrefix)
- sql = strings.ReplaceAll(sql, "{{shares}}", sqlTableShares)
- sql = strings.ReplaceAll(sql, "{{shares_groups_mapping}}", sqlTableSharesGroupsMapping)
- sql = strings.ReplaceAll(sql, "{{groups}}", sqlTableGroups)
- return sqlCommonExecSQLAndUpdateDBVersion(dbHandle, []string{sql}, 34, true)
-}
-
-func downgradePGSQLDatabaseFrom34To33(dbHandle *sql.DB) error {
- logger.InfoToConsole("downgrading database schema version: 34 -> 33")
- providerLog(logger.LevelInfo, "downgrading database schema version: 34 -> 33")
-
- sql := strings.ReplaceAll(pgsqlV34DownSQL, "{{shares_groups_mapping}}", sqlTableSharesGroupsMapping)
- return sqlCommonExecSQLAndUpdateDBVersion(dbHandle, []string{sql}, 33, false)
+func downgradePGSQLDatabaseFrom29To28(dbHandle *sql.DB) error {
+ logger.InfoToConsole("downgrading database schema version: 29 -> 28")
+ providerLog(logger.LevelInfo, "downgrading database schema version: 29 -> 28")
+
+ sql := strings.ReplaceAll(pgsqlV29DownSQL, "{{users}}", sqlTableUsers)
+ return sqlCommonExecSQLAndUpdateDBVersion(dbHandle, []string{sql}, 28, false)
}
diff --git a/internal/dataprovider/pgsql_disabled.go b/internal/dataprovider/pgsql_disabled.go
index 899b5380..a561c5c9 100644
--- a/internal/dataprovider/pgsql_disabled.go
+++ b/internal/dataprovider/pgsql_disabled.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build nopgsql
+// +build nopgsql
package dataprovider
diff --git a/internal/dataprovider/role.go b/internal/dataprovider/role.go
index 5f1154e0..dffe0321 100644
--- a/internal/dataprovider/role.go
+++ b/internal/dataprovider/role.go
@@ -57,9 +57,6 @@ func (r *Role) validate() error {
if r.Name == "" {
return util.NewI18nError(util.NewValidationError("name is mandatory"), util.I18nErrorNameRequired)
}
- if !util.IsNameValid(r.Name) {
- return util.NewI18nError(errInvalidInput, util.I18nErrorInvalidInput)
- }
if len(r.Name) > 255 {
return util.NewValidationError("name is too long, 255 is the maximum length allowed")
}
diff --git a/internal/dataprovider/scheduler.go b/internal/dataprovider/scheduler.go
index 085066a5..71e9ead8 100644
--- a/internal/dataprovider/scheduler.go
+++ b/internal/dataprovider/scheduler.go
@@ -84,14 +84,11 @@ func addScheduledCacheUpdates() error {
func checkDataprovider() {
if currentNode != nil {
- err := provider.updateNodeTimestamp()
- if err != nil {
+ if err := provider.updateNodeTimestamp(); err != nil {
providerLog(logger.LevelError, "unable to update node timestamp: %v", err)
} else {
providerLog(logger.LevelDebug, "node timestamp updated")
}
- metric.UpdateDataProviderAvailability(err)
- return
}
err := provider.checkAvailability()
if err != nil {
diff --git a/internal/dataprovider/share.go b/internal/dataprovider/share.go
index 6d2881b0..7e8a4798 100644
--- a/internal/dataprovider/share.go
+++ b/internal/dataprovider/share.go
@@ -89,11 +89,6 @@ func (s *Share) GetAllowedFromAsString() string {
return strings.Join(s.AllowFrom, ",")
}
-// IsPasswordHashed returns true if the password is hashed
-func (s *Share) IsPasswordHashed() bool {
- return util.IsStringPrefixInSlice(s.Password, hashPwdPrefixes)
-}
-
func (s *Share) getACopy() Share {
allowFrom := make([]string, len(s.AllowFrom))
copy(allowFrom, s.AllowFrom)
@@ -146,7 +141,7 @@ func (s *Share) HasRedactedPassword() bool {
func (s *Share) hashPassword() error {
if s.Password != "" && !util.IsStringPrefixInSlice(s.Password, internalHashPwdPrefixes) {
- user, err := GetUserWithGroupSettings(s.Username, "")
+ user, err := UserExists(s.Username, "")
if err != nil {
return util.NewGenericError(fmt.Sprintf("unable to validate user: %v", err))
}
@@ -206,16 +201,13 @@ func (s *Share) validatePaths() error {
return nil
}
-func (s *Share) validate() error { //nolint:gocyclo
+func (s *Share) validate() error {
if s.ShareID == "" {
return util.NewValidationError("share_id is mandatory")
}
if s.Name == "" {
return util.NewI18nError(util.NewValidationError("name is mandatory"), util.I18nErrorNameRequired)
}
- if !util.IsNameValid(s.Name) {
- return util.NewI18nError(errInvalidInput, util.I18nErrorInvalidInput)
- }
if s.Scope < ShareScopeRead || s.Scope > ShareScopeReadWrite {
return util.NewI18nError(util.NewValidationError(fmt.Sprintf("invalid scope: %v", s.Scope)), util.I18nErrorShareScope)
}
diff --git a/internal/dataprovider/sqlcommon.go b/internal/dataprovider/sqlcommon.go
index 768adb31..3a5e5c1c 100644
--- a/internal/dataprovider/sqlcommon.go
+++ b/internal/dataprovider/sqlcommon.go
@@ -23,7 +23,6 @@ import (
"fmt"
"net/netip"
"runtime/debug"
- "strconv"
"strings"
"time"
@@ -36,7 +35,7 @@ import (
)
const (
- sqlDatabaseVersion = 34
+ sqlDatabaseVersion = 29
defaultSQLQueryTimeout = 10 * time.Second
longSQLQueryTimeout = 60 * time.Second
)
@@ -71,7 +70,6 @@ func sqlReplaceAll(sql string) string {
sql = strings.ReplaceAll(sql, "{{groups_folders_mapping}}", sqlTableGroupsFoldersMapping)
sql = strings.ReplaceAll(sql, "{{api_keys}}", sqlTableAPIKeys)
sql = strings.ReplaceAll(sql, "{{shares}}", sqlTableShares)
- sql = strings.ReplaceAll(sql, "{{shares_groups_mapping}}", sqlTableSharesGroupsMapping)
sql = strings.ReplaceAll(sql, "{{defender_events}}", sqlTableDefenderEvents)
sql = strings.ReplaceAll(sql, "{{defender_hosts}}", sqlTableDefenderHosts)
sql = strings.ReplaceAll(sql, "{{active_transfers}}", sqlTableActiveTransfers)
@@ -1250,32 +1248,6 @@ func sqlCommonUpdateQuota(username string, filesAdd int, sizeAdd int64, reset bo
return err
}
-func sqlCommonGetAdminSignature(username string, dbHandle *sql.DB) (string, error) {
- ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout)
- defer cancel()
-
- q := getAdminSignatureQuery()
- var updatedAt int64
- err := dbHandle.QueryRowContext(ctx, q, username).Scan(&updatedAt)
- if err != nil {
- return "", err
- }
- return strconv.FormatInt(updatedAt, 10), nil
-}
-
-func sqlCommonGetUserSignature(username string, dbHandle *sql.DB) (string, error) {
- ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout)
- defer cancel()
-
- q := getUserSignatureQuery()
- var updatedAt int64
- err := dbHandle.QueryRowContext(ctx, q, username).Scan(&updatedAt)
- if err != nil {
- return "", err
- }
- return strconv.FormatInt(updatedAt, 10), nil
-}
-
func sqlCommonGetUsedQuota(username string, dbHandle *sql.DB) (int, int64, int64, int64, error) {
ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout)
defer cancel()
@@ -2524,9 +2496,9 @@ func sqlCommonClearUserGroupMapping(ctx context.Context, user *User, dbHandle sq
return err
}
-func sqlCommonAddUserFolderMapping(ctx context.Context, user *User, folder *vfs.VirtualFolder, sortOrder int, dbHandle sqlQuerier) error {
+func sqlCommonAddUserFolderMapping(ctx context.Context, user *User, folder *vfs.VirtualFolder, dbHandle sqlQuerier) error {
q := getAddUserFolderMappingQuery()
- _, err := dbHandle.ExecContext(ctx, q, folder.VirtualPath, folder.QuotaSize, folder.QuotaFiles, folder.Name, user.Username, sortOrder)
+ _, err := dbHandle.ExecContext(ctx, q, folder.VirtualPath, folder.QuotaSize, folder.QuotaFiles, folder.Name, user.Username)
return err
}
@@ -2536,29 +2508,27 @@ func sqlCommonClearAdminGroupMapping(ctx context.Context, admin *Admin, dbHandle
return err
}
-func sqlCommonAddGroupFolderMapping(ctx context.Context, group *Group, folder *vfs.VirtualFolder, sortOrder int,
- dbHandle sqlQuerier,
-) error {
+func sqlCommonAddGroupFolderMapping(ctx context.Context, group *Group, folder *vfs.VirtualFolder, dbHandle sqlQuerier) error {
q := getAddGroupFolderMappingQuery()
- _, err := dbHandle.ExecContext(ctx, q, folder.VirtualPath, folder.QuotaSize, folder.QuotaFiles, folder.Name, group.Name, sortOrder)
+ _, err := dbHandle.ExecContext(ctx, q, folder.VirtualPath, folder.QuotaSize, folder.QuotaFiles, folder.Name, group.Name)
return err
}
-func sqlCommonAddUserGroupMapping(ctx context.Context, username, groupName string, groupType, sortOrder int, dbHandle sqlQuerier) error {
+func sqlCommonAddUserGroupMapping(ctx context.Context, username, groupName string, groupType int, dbHandle sqlQuerier) error {
q := getAddUserGroupMappingQuery()
- _, err := dbHandle.ExecContext(ctx, q, username, groupName, groupType, sortOrder)
+ _, err := dbHandle.ExecContext(ctx, q, username, groupName, groupType)
return err
}
func sqlCommonAddAdminGroupMapping(ctx context.Context, username, groupName string, mappingOptions AdminGroupMappingOptions,
- sortOrder int, dbHandle sqlQuerier,
+ dbHandle sqlQuerier,
) error {
options, err := json.Marshal(mappingOptions)
if err != nil {
return err
}
q := getAddAdminGroupMappingQuery()
- _, err = dbHandle.ExecContext(ctx, q, username, groupName, options, sortOrder)
+ _, err = dbHandle.ExecContext(ctx, q, username, groupName, options)
return err
}
@@ -2569,7 +2539,7 @@ func generateGroupVirtualFoldersMapping(ctx context.Context, group *Group, dbHan
}
for idx := range group.VirtualFolders {
vfolder := &group.VirtualFolders[idx]
- err = sqlCommonAddGroupFolderMapping(ctx, group, vfolder, idx, dbHandle)
+ err = sqlCommonAddGroupFolderMapping(ctx, group, vfolder, dbHandle)
if err != nil {
return err
}
@@ -2584,7 +2554,7 @@ func generateUserVirtualFoldersMapping(ctx context.Context, user *User, dbHandle
}
for idx := range user.VirtualFolders {
vfolder := &user.VirtualFolders[idx]
- err = sqlCommonAddUserFolderMapping(ctx, user, vfolder, idx, dbHandle)
+ err = sqlCommonAddUserFolderMapping(ctx, user, vfolder, dbHandle)
if err != nil {
return err
}
@@ -2597,8 +2567,8 @@ func generateUserGroupMapping(ctx context.Context, user *User, dbHandle sqlQueri
if err != nil {
return err
}
- for idx, group := range user.Groups {
- err = sqlCommonAddUserGroupMapping(ctx, user.Username, group.Name, group.Type, idx, dbHandle)
+ for _, group := range user.Groups {
+ err = sqlCommonAddUserGroupMapping(ctx, user.Username, group.Name, group.Type, dbHandle)
if err != nil {
return err
}
@@ -2611,8 +2581,8 @@ func generateAdminGroupMapping(ctx context.Context, admin *Admin, dbHandle sqlQu
if err != nil {
return err
}
- for idx, group := range admin.Groups {
- err = sqlCommonAddAdminGroupMapping(ctx, admin.Username, group.Name, group.Options, idx, dbHandle)
+ for _, group := range admin.Groups {
+ err = sqlCommonAddAdminGroupMapping(ctx, admin.Username, group.Name, group.Options, dbHandle)
if err != nil {
return err
}
@@ -3268,14 +3238,14 @@ func sqlCommonAddSession(session Session, dbHandle *sql.DB) error {
return err
}
-func sqlCommonGetSession(key string, sessionType SessionType, dbHandle sqlQuerier) (Session, error) {
+func sqlCommonGetSession(key string, dbHandle sqlQuerier) (Session, error) {
var session Session
ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout)
defer cancel()
q := getSessionQuery()
var data []byte // type hint, some driver will use string instead of []byte if the type is any
- err := dbHandle.QueryRowContext(ctx, q, key, sessionType).Scan(&session.Key, &data, &session.Type, &session.Timestamp)
+ err := dbHandle.QueryRowContext(ctx, q, key).Scan(&session.Key, &data, &session.Type, &session.Timestamp)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
return session, util.NewRecordNotFoundError(err.Error())
@@ -3286,12 +3256,12 @@ func sqlCommonGetSession(key string, sessionType SessionType, dbHandle sqlQuerie
return session, nil
}
-func sqlCommonDeleteSession(key string, sessionType SessionType, dbHandle *sql.DB) error {
+func sqlCommonDeleteSession(key string, dbHandle *sql.DB) error {
ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout)
defer cancel()
q := getDeleteSessionQuery()
- res, err := dbHandle.ExecContext(ctx, q, key, sessionType)
+ res, err := dbHandle.ExecContext(ctx, q, key)
if err != nil {
return err
}
@@ -3966,22 +3936,16 @@ func sqlCommonUpdateDatabaseVersion(ctx context.Context, dbHandle sqlQuerier, ve
}
func sqlCommonExecSQLAndUpdateDBVersion(dbHandle *sql.DB, sqlQueries []string, newVersion int, isUp bool) error {
+ if err := sqlAcquireLock(dbHandle); err != nil {
+ return err
+ }
+ defer sqlReleaseLock(dbHandle)
+
ctx, cancel := context.WithTimeout(context.Background(), longSQLQueryTimeout)
defer cancel()
- conn, err := dbHandle.Conn(ctx)
- if err != nil {
- return fmt.Errorf("unable to get connection from pool: %w", err)
- }
- defer conn.Close()
-
- if err := sqlAcquireLock(conn); err != nil {
- return err
- }
- defer sqlReleaseLock(conn)
-
if newVersion > 0 {
- currentVersion, err := sqlCommonGetDatabaseVersion(conn, false)
+ currentVersion, err := sqlCommonGetDatabaseVersion(dbHandle, false)
if err == nil {
if (isUp && currentVersion.Version >= newVersion) || (!isUp && currentVersion.Version <= newVersion) {
providerLog(logger.LevelInfo, "current schema version: %v, requested: %v, did you execute simultaneous migrations?",
@@ -3991,7 +3955,7 @@ func sqlCommonExecSQLAndUpdateDBVersion(dbHandle *sql.DB, sqlQueries []string, n
}
}
- return sqlCommonExecuteTxOnConn(ctx, conn, func(tx *sql.Tx) error {
+ return sqlCommonExecuteTx(ctx, dbHandle, func(tx *sql.Tx) error {
for _, q := range sqlQueries {
if strings.TrimSpace(q) == "" {
continue
@@ -4008,7 +3972,7 @@ func sqlCommonExecSQLAndUpdateDBVersion(dbHandle *sql.DB, sqlQueries []string, n
})
}
-func sqlAcquireLock(dbHandle *sql.Conn) error {
+func sqlAcquireLock(dbHandle *sql.DB) error {
ctx, cancel := context.WithTimeout(context.Background(), longSQLQueryTimeout)
defer cancel()
@@ -4037,7 +4001,7 @@ func sqlAcquireLock(dbHandle *sql.Conn) error {
return nil
}
-func sqlReleaseLock(dbHandle *sql.Conn) {
+func sqlReleaseLock(dbHandle *sql.DB) {
ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout)
defer cancel()
@@ -4059,20 +4023,6 @@ func sqlReleaseLock(dbHandle *sql.Conn) {
}
}
-func sqlCommonExecuteTxOnConn(ctx context.Context, conn *sql.Conn, txFn func(*sql.Tx) error) error {
- tx, err := conn.BeginTx(ctx, nil)
- if err != nil {
- return err
- }
-
- err = txFn(tx)
- if err != nil {
- tx.Rollback() //nolint:errcheck
- return err
- }
- return tx.Commit()
-}
-
func sqlCommonExecuteTx(ctx context.Context, dbHandle *sql.DB, txFn func(*sql.Tx) error) error {
if config.Driver == CockroachDataProviderName {
return crdb.ExecuteTx(ctx, dbHandle, nil, txFn)
diff --git a/internal/dataprovider/sqlite.go b/internal/dataprovider/sqlite.go
index 98d2d2b9..4a21c21c 100644
--- a/internal/dataprovider/sqlite.go
+++ b/internal/dataprovider/sqlite.go
@@ -12,7 +12,8 @@
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see .
-//go:build !nosqlite && cgo
+//go:build !nosqlite
+// +build !nosqlite
package dataprovider
@@ -23,7 +24,6 @@ import (
"errors"
"fmt"
"path/filepath"
- "strings"
"time"
"github.com/mattn/go-sqlite3"
@@ -36,11 +36,11 @@ import (
const (
sqliteResetSQL = `DROP TABLE IF EXISTS "{{api_keys}}";
+DROP TABLE IF EXISTS "{{folders_mapping}}";
DROP TABLE IF EXISTS "{{users_folders_mapping}}";
DROP TABLE IF EXISTS "{{users_groups_mapping}}";
DROP TABLE IF EXISTS "{{admins_groups_mapping}}";
DROP TABLE IF EXISTS "{{groups_folders_mapping}}";
-DROP TABLE IF EXISTS "{{shares_groups_mapping}}";
DROP TABLE IF EXISTS "{{admins}}";
DROP TABLE IF EXISTS "{{folders}}";
DROP TABLE IF EXISTS "{{shares}}";
@@ -82,8 +82,8 @@ CREATE TABLE "{{folders}}" ("id" integer NOT NULL PRIMARY KEY, "name" varchar(25
"last_quota_update" bigint NOT NULL, "filesystem" text NULL);
CREATE TABLE "{{groups}}" ("id" integer NOT NULL PRIMARY KEY, "name" varchar(255) NOT NULL UNIQUE,
"description" varchar(512) NULL, "created_at" bigint NOT NULL, "updated_at" bigint NOT NULL, "user_settings" text NULL);
-CREATE TABLE "{{shared_sessions}}" ("key" varchar(128) NOT NULL, "type" integer NOT NULL,
-"data" text NOT NULL, "timestamp" bigint NOT NULL, PRIMARY KEY ("key", "type"));
+CREATE TABLE "{{shared_sessions}}" ("key" varchar(128) NOT NULL PRIMARY KEY, "data" text NOT NULL,
+"type" integer NOT NULL, "timestamp" bigint NOT NULL);
CREATE TABLE "{{users}}" ("id" integer NOT NULL PRIMARY KEY, "username" varchar(255) NOT NULL UNIQUE,
"status" integer NOT NULL, "expiration_date" bigint NOT NULL, "description" varchar(512) NULL, "password" text NULL,
"public_keys" text NULL, "home_dir" text NOT NULL, "uid" bigint NOT NULL, "gid" bigint NOT NULL,
@@ -98,21 +98,21 @@ CREATE TABLE "{{users}}" ("id" integer NOT NULL PRIMARY KEY, "username" varchar(
CREATE TABLE "{{groups_folders_mapping}}" ("id" integer NOT NULL PRIMARY KEY,
"folder_id" integer NOT NULL REFERENCES "{{folders}}" ("id") ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED,
"group_id" integer NOT NULL REFERENCES "{{groups}}" ("id") ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED,
-"virtual_path" text NOT NULL, "quota_size" bigint NOT NULL, "quota_files" integer NOT NULL, "sort_order" integer NOT NULL,
+"virtual_path" text NOT NULL, "quota_size" bigint NOT NULL, "quota_files" integer NOT NULL,
CONSTRAINT "{{prefix}}unique_group_folder_mapping" UNIQUE ("group_id", "folder_id"));
CREATE TABLE "{{users_groups_mapping}}" ("id" integer NOT NULL PRIMARY KEY,
"user_id" integer NOT NULL REFERENCES "{{users}}" ("id") ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED,
"group_id" integer NOT NULL REFERENCES "{{groups}}" ("id") ON DELETE NO ACTION,
-"group_type" integer NOT NULL, "sort_order" integer NOT NULL, CONSTRAINT "{{prefix}}unique_user_group_mapping" UNIQUE ("user_id", "group_id"));
+"group_type" integer NOT NULL, CONSTRAINT "{{prefix}}unique_user_group_mapping" UNIQUE ("user_id", "group_id"));
CREATE TABLE "{{users_folders_mapping}}" ("id" integer NOT NULL PRIMARY KEY,
"user_id" integer NOT NULL REFERENCES "{{users}}" ("id") ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED,
"folder_id" integer NOT NULL REFERENCES "{{folders}}" ("id") ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED,
-"virtual_path" text NOT NULL, "quota_size" bigint NOT NULL, "quota_files" integer NOT NULL, "sort_order" integer NOT NULL,
+"virtual_path" text NOT NULL, "quota_size" bigint NOT NULL, "quota_files" integer NOT NULL,
CONSTRAINT "{{prefix}}unique_user_folder_mapping" UNIQUE ("user_id", "folder_id"));
CREATE TABLE "{{shares}}" ("id" integer NOT NULL PRIMARY KEY, "share_id" varchar(60) NOT NULL UNIQUE,
"name" varchar(255) NOT NULL, "description" varchar(512) NULL, "scope" integer NOT NULL, "paths" text NOT NULL,
"created_at" bigint NOT NULL, "updated_at" bigint NOT NULL, "last_use_at" bigint NOT NULL, "expires_at" bigint NOT NULL,
-"password" text NULL, "max_tokens" integer NOT NULL, "used_tokens" integer NOT NULL, "allow_from" text NULL, "options" text NULL,
+"password" text NULL, "max_tokens" integer NOT NULL, "used_tokens" integer NOT NULL, "allow_from" text NULL,
"user_id" integer NOT NULL REFERENCES "{{users}}" ("id") ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED);
CREATE TABLE "{{api_keys}}" ("id" integer NOT NULL PRIMARY KEY, "name" varchar(255) NOT NULL,
"key_id" varchar(50) NOT NULL UNIQUE, "api_key" varchar(255) NOT NULL UNIQUE, "scope" integer NOT NULL,
@@ -134,7 +134,7 @@ CREATE TABLE "{{tasks}}" ("id" integer NOT NULL PRIMARY KEY, "name" varchar(255)
CREATE TABLE "{{admins_groups_mapping}}" ("id" integer NOT NULL PRIMARY KEY,
"admin_id" integer NOT NULL REFERENCES "{{admins}}" ("id") ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED,
"group_id" integer NOT NULL REFERENCES "{{groups}}" ("id") ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED,
-"options" text NOT NULL, "sort_order" integer NOT NULL, CONSTRAINT "{{prefix}}unique_admin_group_mapping" UNIQUE ("admin_id", "group_id"));
+"options" text NOT NULL, CONSTRAINT "{{prefix}}unique_admin_group_mapping" UNIQUE ("admin_id", "group_id"));
CREATE TABLE "{{ip_lists}}" ("id" integer NOT NULL PRIMARY KEY,
"type" integer NOT NULL, "ipornet" varchar(50) NOT NULL, "mode" integer NOT NULL, "description" varchar(512) NULL,
"first" BLOB NOT NULL, "last" BLOB NOT NULL, "ip_type" integer NOT NULL, "protocols" integer NOT NULL,
@@ -144,13 +144,10 @@ CREATE TABLE "{{configs}}" ("id" integer NOT NULL PRIMARY KEY, "configs" text NO
INSERT INTO {{configs}} (configs) VALUES ('{}');
CREATE INDEX "{{prefix}}users_folders_mapping_folder_id_idx" ON "{{users_folders_mapping}}" ("folder_id");
CREATE INDEX "{{prefix}}users_folders_mapping_user_id_idx" ON "{{users_folders_mapping}}" ("user_id");
-CREATE INDEX "{{prefix}}users_folders_mapping_sort_order_idx" ON "{{users_folders_mapping}}" ("sort_order");
CREATE INDEX "{{prefix}}users_groups_mapping_group_id_idx" ON "{{users_groups_mapping}}" ("group_id");
CREATE INDEX "{{prefix}}users_groups_mapping_user_id_idx" ON "{{users_groups_mapping}}" ("user_id");
-CREATE INDEX "{{prefix}}users_groups_mapping_sort_order_idx" ON "{{users_groups_mapping}}" ("sort_order");
CREATE INDEX "{{prefix}}groups_folders_mapping_folder_id_idx" ON "{{groups_folders_mapping}}" ("folder_id");
CREATE INDEX "{{prefix}}groups_folders_mapping_group_id_idx" ON "{{groups_folders_mapping}}" ("group_id");
-CREATE INDEX "{{prefix}}groups_folders_mapping_sort_order_idx" ON "{{groups_folders_mapping}}" ("sort_order");
CREATE INDEX "{{prefix}}api_keys_admin_id_idx" ON "{{api_keys}}" ("admin_id");
CREATE INDEX "{{prefix}}api_keys_user_id_idx" ON "{{api_keys}}" ("user_id");
CREATE INDEX "{{prefix}}users_updated_at_idx" ON "{{users}}" ("updated_at");
@@ -173,7 +170,6 @@ CREATE INDEX "{{prefix}}rules_actions_mapping_action_id_idx" ON "{{rules_actions
CREATE INDEX "{{prefix}}rules_actions_mapping_order_idx" ON "{{rules_actions_mapping}}" ("order");
CREATE INDEX "{{prefix}}admins_groups_mapping_admin_id_idx" ON "{{admins_groups_mapping}}" ("admin_id");
CREATE INDEX "{{prefix}}admins_groups_mapping_group_id_idx" ON "{{admins_groups_mapping}}" ("group_id");
-CREATE INDEX "{{prefix}}admins_groups_mapping_sort_order_idx" ON "{{admins_groups_mapping}}" ("sort_order");
CREATE INDEX "{{prefix}}users_role_id_idx" ON "{{users}}" ("role_id");
CREATE INDEX "{{prefix}}admins_role_id_idx" ON "{{admins}}" ("role_id");
CREATE INDEX "{{prefix}}ip_lists_type_idx" ON "{{ip_lists}}" ("type");
@@ -182,22 +178,8 @@ CREATE INDEX "{{prefix}}ip_lists_ip_type_idx" ON "{{ip_lists}}" ("ip_type");
CREATE INDEX "{{prefix}}ip_lists_ip_updated_at_idx" ON "{{ip_lists}}" ("updated_at");
CREATE INDEX "{{prefix}}ip_lists_ip_deleted_at_idx" ON "{{ip_lists}}" ("deleted_at");
CREATE INDEX "{{prefix}}ip_lists_first_last_idx" ON "{{ip_lists}}" ("first", "last");
-INSERT INTO {{schema_version}} (version) VALUES (33);
+INSERT INTO {{schema_version}} (version) VALUES (28);
`
- sqliteV34SQL = `
-CREATE TABLE "{{shares_groups_mapping}}" (
- "id" integer NOT NULL PRIMARY KEY AUTOINCREMENT,
- "share_id" integer NOT NULL REFERENCES "{{shares}}" ("id") ON DELETE CASCADE,
- "group_id" integer NOT NULL REFERENCES "{{groups}}" ("id") ON DELETE CASCADE,
- "permissions" integer NOT NULL,
- "sort_order" integer NOT NULL,
- CONSTRAINT "{{prefix}}unique_share_group_mapping" UNIQUE ("share_id", "group_id")
-);
-CREATE INDEX "{{prefix}}shares_groups_mapping_sort_order_idx" ON "{{shares_groups_mapping}}" ("sort_order");
-CREATE INDEX "{{prefix}}shares_groups_mapping_group_id_idx" ON "{{shares_groups_mapping}}" ("group_id");
-CREATE INDEX "{{prefix}}shares_groups_mapping_share_id_idx" ON "{{shares_groups_mapping}}" ("share_id");
-`
- sqliteV34DownSQL = `DROP TABLE IF EXISTS "{{shares_groups_mapping}}";`
)
// SQLiteProvider defines the auth provider for SQLite database
@@ -233,7 +215,7 @@ func initializeSQLiteProvider(basePath string) error {
providerLog(logger.LevelDebug, "sqlite database handle created, connection string: %q", connectionString)
dbHandle.SetMaxOpenConns(1)
provider = &SQLiteProvider{dbHandle: dbHandle}
- return executePragmaOptimize(dbHandle)
+ return nil
}
func (p *SQLiteProvider) checkAvailability() error {
@@ -264,14 +246,6 @@ func (p *SQLiteProvider) getUsedQuota(username string) (int, int64, int64, int64
return sqlCommonGetUsedQuota(username, p.dbHandle)
}
-func (p *SQLiteProvider) getAdminSignature(username string) (string, error) {
- return sqlCommonGetAdminSignature(username, p.dbHandle)
-}
-
-func (p *SQLiteProvider) getUserSignature(username string) (string, error) {
- return sqlCommonGetUserSignature(username, p.dbHandle)
-}
-
func (p *SQLiteProvider) setUpdatedAt(username string) {
sqlCommonSetUpdatedAt(username, p.dbHandle)
}
@@ -526,12 +500,12 @@ func (p *SQLiteProvider) addSharedSession(session Session) error {
return sqlCommonAddSession(session, p.dbHandle)
}
-func (p *SQLiteProvider) deleteSharedSession(key string, sessionType SessionType) error {
- return sqlCommonDeleteSession(key, sessionType, p.dbHandle)
+func (p *SQLiteProvider) deleteSharedSession(key string) error {
+ return sqlCommonDeleteSession(key, p.dbHandle)
}
-func (p *SQLiteProvider) getSharedSession(key string, sessionType SessionType) (Session, error) {
- return sqlCommonGetSession(key, sessionType, p.dbHandle)
+func (p *SQLiteProvider) getSharedSession(key string) (Session, error) {
+ return sqlCommonGetSession(key, p.dbHandle)
}
func (p *SQLiteProvider) cleanupSharedSessions(sessionType SessionType, before int64) error {
@@ -719,13 +693,13 @@ func (p *SQLiteProvider) initializeDatabase() error {
if errors.Is(err, sql.ErrNoRows) {
return errSchemaVersionEmpty
}
- logger.InfoToConsole("creating initial database schema, version 33")
- providerLog(logger.LevelInfo, "creating initial database schema, version 33")
+ logger.InfoToConsole("creating initial database schema, version 28")
+ providerLog(logger.LevelInfo, "creating initial database schema, version 28")
sql := sqlReplaceAll(sqliteInitialSQL)
- return sqlCommonExecSQLAndUpdateDBVersion(p.dbHandle, []string{sql}, 33, true)
+ return sqlCommonExecSQLAndUpdateDBVersion(p.dbHandle, []string{sql}, 28, true)
}
-func (p *SQLiteProvider) migrateDatabase() error {
+func (p *SQLiteProvider) migrateDatabase() error { //nolint:dupl
dbVersion, err := sqlCommonGetDatabaseVersion(p.dbHandle, true)
if err != nil {
return err
@@ -735,13 +709,13 @@ func (p *SQLiteProvider) migrateDatabase() error {
case version == sqlDatabaseVersion:
providerLog(logger.LevelDebug, "sql database is up to date, current version: %d", version)
return ErrNoInitRequired
- case version < 33:
- err = errSchemaVersionTooOld(version)
+ case version < 28:
+ err = fmt.Errorf("database schema version %d is too old, please see the upgrading docs", version)
providerLog(logger.LevelError, "%v", err)
logger.ErrorToConsole("%v", err)
return err
- case version == 33:
- return updateSQLiteDatabaseFromV33(p.dbHandle)
+ case version == 28:
+ return updateSQLiteDatabaseFrom28To29(p.dbHandle)
default:
if version > sqlDatabaseVersion {
providerLog(logger.LevelError, "database schema version %d is newer than the supported one: %d", version,
@@ -764,8 +738,8 @@ func (p *SQLiteProvider) revertDatabase(targetVersion int) error {
}
switch dbVersion.Version {
- case 34:
- return downgradeSQLiteDatabaseFromV34(p.dbHandle)
+ case 29:
+ return downgradeSQLiteDatabaseFrom29To28(p.dbHandle)
default:
return fmt.Errorf("database schema version not handled: %d", dbVersion.Version)
}
@@ -803,39 +777,24 @@ func (p *SQLiteProvider) normalizeError(err error, fieldType int) error {
return err
}
-func executePragmaOptimize(dbHandle *sql.DB) error {
+func updateSQLiteDatabaseFrom28To29(dbHandle *sql.DB) error {
+ logger.InfoToConsole("updating database schema version: 28 -> 29")
+ providerLog(logger.LevelInfo, "updating database schema version: 28 -> 29")
+
ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout)
defer cancel()
- _, err := dbHandle.ExecContext(ctx, "PRAGMA optimize;")
- return err
+ return sqlCommonUpdateDatabaseVersion(ctx, dbHandle, 29)
}
-func updateSQLiteDatabaseFromV33(dbHandle *sql.DB) error {
- return updateSQLiteDatabaseFrom33To34(dbHandle)
-}
+func downgradeSQLiteDatabaseFrom29To28(dbHandle *sql.DB) error {
+ logger.InfoToConsole("downgrading database schema version: 29 -> 28")
+ providerLog(logger.LevelInfo, "downgrading database schema version: 29 -> 28")
-func downgradeSQLiteDatabaseFromV34(dbHandle *sql.DB) error {
- return downgradeSQLiteDatabaseFrom34To33(dbHandle)
-}
+ ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout)
+ defer cancel()
-func updateSQLiteDatabaseFrom33To34(dbHandle *sql.DB) error {
- logger.InfoToConsole("updating database schema version: 33 -> 34")
- providerLog(logger.LevelInfo, "updating database schema version: 33 -> 34")
-
- sql := strings.ReplaceAll(sqliteV34SQL, "{{prefix}}", config.SQLTablesPrefix)
- sql = strings.ReplaceAll(sql, "{{shares}}", sqlTableShares)
- sql = strings.ReplaceAll(sql, "{{shares_groups_mapping}}", sqlTableSharesGroupsMapping)
- sql = strings.ReplaceAll(sql, "{{groups}}", sqlTableGroups)
- return sqlCommonExecSQLAndUpdateDBVersion(dbHandle, []string{sql}, 34, true)
-}
-
-func downgradeSQLiteDatabaseFrom34To33(dbHandle *sql.DB) error {
- logger.InfoToConsole("downgrading database schema version: 34 -> 33")
- providerLog(logger.LevelInfo, "downgrading database schema version: 34 -> 33")
-
- sql := strings.ReplaceAll(sqliteV34DownSQL, "{{shares_groups_mapping}}", sqlTableSharesGroupsMapping)
- return sqlCommonExecSQLAndUpdateDBVersion(dbHandle, []string{sql}, 33, false)
+ return sqlCommonUpdateDatabaseVersion(ctx, dbHandle, 28)
}
/*func setPragmaFK(dbHandle *sql.DB, value string) error {
diff --git a/internal/dataprovider/sqlite_disabled.go b/internal/dataprovider/sqlite_disabled.go
index 22138967..6c7ea18d 100644
--- a/internal/dataprovider/sqlite_disabled.go
+++ b/internal/dataprovider/sqlite_disabled.go
@@ -12,7 +12,8 @@
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see .
-//go:build nosqlite || !cgo
+//go:build nosqlite
+// +build nosqlite
package dataprovider
diff --git a/internal/dataprovider/sqlqueries.go b/internal/dataprovider/sqlqueries.go
index 2d5aaf6b..2ce95b5c 100644
--- a/internal/dataprovider/sqlqueries.go
+++ b/internal/dataprovider/sqlqueries.go
@@ -81,27 +81,25 @@ func getAddSessionQuery() string {
"ON DUPLICATE KEY UPDATE `data`=VALUES(`data`), `timestamp`=VALUES(`timestamp`)",
sqlTableSharedSessions, sqlPlaceholders[0], sqlPlaceholders[1], sqlPlaceholders[2], sqlPlaceholders[3])
}
- return fmt.Sprintf(`INSERT INTO %s (key,data,type,timestamp) VALUES (%s,%s,%s,%s) ON CONFLICT(key,type) DO UPDATE SET data=
+ return fmt.Sprintf(`INSERT INTO %s (key,data,type,timestamp) VALUES (%s,%s,%s,%s) ON CONFLICT(key) DO UPDATE SET data=
EXCLUDED.data, timestamp=EXCLUDED.timestamp`,
sqlTableSharedSessions, sqlPlaceholders[0], sqlPlaceholders[1], sqlPlaceholders[2], sqlPlaceholders[3])
}
func getDeleteSessionQuery() string {
if config.Driver == MySQLDataProviderName {
- return fmt.Sprintf("DELETE FROM %s WHERE `key` = %s AND `type` = %s",
- sqlTableSharedSessions, sqlPlaceholders[0], sqlPlaceholders[1])
+ return fmt.Sprintf("DELETE FROM %s WHERE `key` = %s", sqlTableSharedSessions, sqlPlaceholders[0])
}
- return fmt.Sprintf(`DELETE FROM %s WHERE key = %s AND type = %s`,
- sqlTableSharedSessions, sqlPlaceholders[0], sqlPlaceholders[1])
+ return fmt.Sprintf(`DELETE FROM %s WHERE key = %s`, sqlTableSharedSessions, sqlPlaceholders[0])
}
func getSessionQuery() string {
if config.Driver == MySQLDataProviderName {
- return fmt.Sprintf("SELECT `key`,`data`,`type`,`timestamp` FROM %s WHERE `key` = %s AND `type` = %s",
- sqlTableSharedSessions, sqlPlaceholders[0], sqlPlaceholders[1])
+ return fmt.Sprintf("SELECT `key`,`data`,`type`,`timestamp` FROM %s WHERE `key` = %s", sqlTableSharedSessions,
+ sqlPlaceholders[0])
}
- return fmt.Sprintf(`SELECT key,data,type,timestamp FROM %s WHERE key = %s AND type = %s`,
- sqlTableSharedSessions, sqlPlaceholders[0], sqlPlaceholders[1])
+ return fmt.Sprintf(`SELECT key,data,type,timestamp FROM %s WHERE key = %s`, sqlTableSharedSessions,
+ sqlPlaceholders[0])
}
func getCleanupSessionsQuery() string {
@@ -652,14 +650,6 @@ func getUpdateQuotaQuery(reset bool) string {
WHERE username = %s`, sqlTableUsers, sqlPlaceholders[0], sqlPlaceholders[1], sqlPlaceholders[2], sqlPlaceholders[3])
}
-func getAdminSignatureQuery() string {
- return fmt.Sprintf(`SELECT updated_at FROM %s WHERE username = %s`, sqlTableAdmins, sqlPlaceholders[0])
-}
-
-func getUserSignatureQuery() string {
- return fmt.Sprintf(`SELECT updated_at FROM %s WHERE username = %s`, sqlTableUsers, sqlPlaceholders[0])
-}
-
func getSetUpdateAtQuery() string {
return fmt.Sprintf(`UPDATE %s SET updated_at = %s WHERE username = %s`, sqlTableUsers, sqlPlaceholders[0], sqlPlaceholders[1])
}
@@ -767,10 +757,10 @@ func getClearUserGroupMappingQuery() string {
}
func getAddUserGroupMappingQuery() string {
- return fmt.Sprintf(`INSERT INTO %s (user_id,group_id,group_type,sort_order) VALUES ((SELECT id FROM %s WHERE username = %s),
- (SELECT id FROM %s WHERE name = %s),%s,%s)`,
+ return fmt.Sprintf(`INSERT INTO %s (user_id,group_id,group_type) VALUES ((SELECT id FROM %s WHERE username = %s),
+ (SELECT id FROM %s WHERE name = %s),%s)`,
sqlTableUsersGroupsMapping, sqlTableUsers, sqlPlaceholders[0], getSQLQuotedName(sqlTableGroups),
- sqlPlaceholders[1], sqlPlaceholders[2], sqlPlaceholders[3])
+ sqlPlaceholders[1], sqlPlaceholders[2])
}
func getClearAdminGroupMappingQuery() string {
@@ -779,10 +769,10 @@ func getClearAdminGroupMappingQuery() string {
}
func getAddAdminGroupMappingQuery() string {
- return fmt.Sprintf(`INSERT INTO %s (admin_id,group_id,options,sort_order) VALUES ((SELECT id FROM %s WHERE username = %s),
- (SELECT id FROM %s WHERE name = %s),%s,%s)`,
+ return fmt.Sprintf(`INSERT INTO %s (admin_id,group_id,options) VALUES ((SELECT id FROM %s WHERE username = %s),
+ (SELECT id FROM %s WHERE name = %s),%s)`,
sqlTableAdminsGroupsMapping, sqlTableAdmins, sqlPlaceholders[0], getSQLQuotedName(sqlTableGroups),
- sqlPlaceholders[1], sqlPlaceholders[2], sqlPlaceholders[3])
+ sqlPlaceholders[1], sqlPlaceholders[2])
}
func getClearGroupFolderMappingQuery() string {
@@ -791,10 +781,10 @@ func getClearGroupFolderMappingQuery() string {
}
func getAddGroupFolderMappingQuery() string {
- return fmt.Sprintf(`INSERT INTO %s (virtual_path,quota_size,quota_files,folder_id,group_id,sort_order)
- VALUES (%s,%s,%s,(SELECT id FROM %s WHERE name = %s),(SELECT id FROM %s WHERE name = %s),%s)`,
+ return fmt.Sprintf(`INSERT INTO %s (virtual_path,quota_size,quota_files,folder_id,group_id)
+ VALUES (%s,%s,%s,(SELECT id FROM %s WHERE name = %s),(SELECT id FROM %s WHERE name = %s))`,
sqlTableGroupsFoldersMapping, sqlPlaceholders[0], sqlPlaceholders[1], sqlPlaceholders[2], sqlTableFolders,
- sqlPlaceholders[3], getSQLQuotedName(sqlTableGroups), sqlPlaceholders[4], sqlPlaceholders[5])
+ sqlPlaceholders[3], getSQLQuotedName(sqlTableGroups), sqlPlaceholders[4])
}
func getClearUserFolderMappingQuery() string {
@@ -803,10 +793,10 @@ func getClearUserFolderMappingQuery() string {
}
func getAddUserFolderMappingQuery() string {
- return fmt.Sprintf(`INSERT INTO %s (virtual_path,quota_size,quota_files,folder_id,user_id,sort_order)
- VALUES (%s,%s,%s,(SELECT id FROM %s WHERE name = %s),(SELECT id FROM %s WHERE username = %s),%s)`,
+ return fmt.Sprintf(`INSERT INTO %s (virtual_path,quota_size,quota_files,folder_id,user_id)
+ VALUES (%s,%s,%s,(SELECT id FROM %s WHERE name = %s),(SELECT id FROM %s WHERE username = %s))`,
sqlTableUsersFoldersMapping, sqlPlaceholders[0], sqlPlaceholders[1], sqlPlaceholders[2], sqlTableFolders,
- sqlPlaceholders[3], sqlTableUsers, sqlPlaceholders[4], sqlPlaceholders[5])
+ sqlPlaceholders[3], sqlTableUsers, sqlPlaceholders[4])
}
func getFoldersQuery(order string, minimal bool) string {
@@ -848,7 +838,7 @@ func getRelatedGroupsForUsersQuery(users []User) string {
sb.WriteString(")")
}
return fmt.Sprintf(`SELECT g.name,ug.group_type,ug.user_id FROM %s g INNER JOIN %s ug ON g.id = ug.group_id WHERE
- ug.user_id IN %s ORDER BY ug.sort_order`, getSQLQuotedName(sqlTableGroups), sqlTableUsersGroupsMapping, sb.String())
+ ug.user_id IN %s ORDER BY g.name`, getSQLQuotedName(sqlTableGroups), sqlTableUsersGroupsMapping, sb.String())
}
func getRelatedGroupsForAdminsQuery(admins []Admin) string {
@@ -865,7 +855,7 @@ func getRelatedGroupsForAdminsQuery(admins []Admin) string {
sb.WriteString(")")
}
return fmt.Sprintf(`SELECT g.name,ag.options,ag.admin_id FROM %s g INNER JOIN %s ag ON g.id = ag.group_id WHERE
- ag.admin_id IN %s ORDER BY ag.sort_order`, getSQLQuotedName(sqlTableGroups), sqlTableAdminsGroupsMapping, sb.String())
+ ag.admin_id IN %s ORDER BY g.name`, getSQLQuotedName(sqlTableGroups), sqlTableAdminsGroupsMapping, sb.String())
}
func getRelatedFoldersForUsersQuery(users []User) string {
@@ -883,7 +873,7 @@ func getRelatedFoldersForUsersQuery(users []User) string {
}
return fmt.Sprintf(`SELECT f.id,f.name,f.path,f.used_quota_size,f.used_quota_files,f.last_quota_update,fm.virtual_path,
fm.quota_size,fm.quota_files,fm.user_id,f.filesystem,f.description FROM %s f INNER JOIN %s fm ON f.id = fm.folder_id WHERE
- fm.user_id IN %s ORDER BY fm.sort_order`, sqlTableFolders, sqlTableUsersFoldersMapping, sb.String())
+ fm.user_id IN %s ORDER BY f.name`, sqlTableFolders, sqlTableUsersFoldersMapping, sb.String())
}
func getRelatedUsersForFoldersQuery(folders []vfs.BaseVirtualFolder) string {
@@ -970,7 +960,7 @@ func getRelatedFoldersForGroupsQuery(groups []Group) string {
}
return fmt.Sprintf(`SELECT f.id,f.name,f.path,f.used_quota_size,f.used_quota_files,f.last_quota_update,fm.virtual_path,
fm.quota_size,fm.quota_files,fm.group_id,f.filesystem,f.description FROM %s f INNER JOIN %s fm ON f.id = fm.folder_id WHERE
- fm.group_id IN %s ORDER BY fm.sort_order`, sqlTableFolders, sqlTableGroupsFoldersMapping, sb.String())
+ fm.group_id IN %s ORDER BY f.name`, sqlTableFolders, sqlTableGroupsFoldersMapping, sb.String())
}
func getActiveTransfersQuery() string {
diff --git a/internal/dataprovider/unixcrypt.go b/internal/dataprovider/unixcrypt.go
index 26c8f646..9799e8a4 100644
--- a/internal/dataprovider/unixcrypt.go
+++ b/internal/dataprovider/unixcrypt.go
@@ -12,7 +12,8 @@
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see .
-//go:build unixcrypt && cgo
+//go:build unixcrypt
+// +build unixcrypt
package dataprovider
diff --git a/internal/dataprovider/unixcrypt_disabled.go b/internal/dataprovider/unixcrypt_disabled.go
index 3e865110..ecf76997 100644
--- a/internal/dataprovider/unixcrypt_disabled.go
+++ b/internal/dataprovider/unixcrypt_disabled.go
@@ -12,7 +12,8 @@
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see .
-//go:build !unixcrypt || !cgo
+//go:build !unixcrypt
+// +build !unixcrypt
package dataprovider
diff --git a/internal/dataprovider/user.go b/internal/dataprovider/user.go
index 8cea928d..80970c26 100644
--- a/internal/dataprovider/user.go
+++ b/internal/dataprovider/user.go
@@ -22,8 +22,6 @@ import (
"net"
"os"
"path"
- "path/filepath"
- "slices"
"strconv"
"strings"
"time"
@@ -125,8 +123,6 @@ type UserFilters struct {
sdk.BaseUserFilters
// User must change password from WebClient/REST API at next login.
RequirePasswordChange bool `json:"require_password_change,omitempty"`
- // AdditionalEmails defines additional email addresses
- AdditionalEmails []string `json:"additional_emails,omitempty"`
// Time-based one time passwords configuration
TOTPConfig UserTOTPConfig `json:"totp_config,omitempty"`
// Recovery codes to use if the user loses access to their second factor auth device.
@@ -346,11 +342,7 @@ func (u *User) isTimeBasedAccessAllowed(when time.Time) bool {
if when.IsZero() {
when = time.Now()
}
- if UseLocalTime() {
- when = when.Local()
- } else {
- when = when.UTC()
- }
+ when = when.UTC()
weekDay := when.Weekday()
hhMM := when.Format("15:04")
for _, p := range u.Filters.AccessTime {
@@ -407,15 +399,6 @@ func (u *User) CheckMaxShareExpiration(expiresAt time.Time) error {
return nil
}
-// GetEmailAddresses returns all the email addresses.
-func (u *User) GetEmailAddresses() []string {
- var res []string
- if u.Email != "" {
- res = append(res, u.Email)
- }
- return slices.Concat(res, u.Filters.AdditionalEmails)
-}
-
// GetSubDirPermissions returns permissions for sub directories
func (u *User) GetSubDirPermissions() []sdk.DirectoryPermissions {
var result []sdk.DirectoryPermissions
@@ -857,20 +840,20 @@ func (u *User) HasPermissionsInside(virtualPath string) bool {
// HasPerm returns true if the user has the given permission or any permission
func (u *User) HasPerm(permission, path string) bool {
perms := u.GetPermissionsForPath(path)
- if slices.Contains(perms, PermAny) {
+ if util.Contains(perms, PermAny) {
return true
}
- return slices.Contains(perms, permission)
+ return util.Contains(perms, permission)
}
// HasAnyPerm returns true if the user has at least one of the given permissions
func (u *User) HasAnyPerm(permissions []string, path string) bool {
perms := u.GetPermissionsForPath(path)
- if slices.Contains(perms, PermAny) {
+ if util.Contains(perms, PermAny) {
return true
}
for _, permission := range permissions {
- if slices.Contains(perms, permission) {
+ if util.Contains(perms, permission) {
return true
}
}
@@ -880,11 +863,11 @@ func (u *User) HasAnyPerm(permissions []string, path string) bool {
// HasPerms returns true if the user has all the given permissions
func (u *User) HasPerms(permissions []string, path string) bool {
perms := u.GetPermissionsForPath(path)
- if slices.Contains(perms, PermAny) {
+ if util.Contains(perms, PermAny) {
return true
}
for _, permission := range permissions {
- if !slices.Contains(perms, permission) {
+ if !util.Contains(perms, permission) {
return false
}
}
@@ -944,11 +927,11 @@ func (u *User) IsLoginMethodAllowed(loginMethod, protocol string) bool {
if len(u.Filters.DeniedLoginMethods) == 0 {
return true
}
- if slices.Contains(u.Filters.DeniedLoginMethods, loginMethod) {
+ if util.Contains(u.Filters.DeniedLoginMethods, loginMethod) {
return false
}
if protocol == protocolSSH && loginMethod == LoginMethodPassword {
- if slices.Contains(u.Filters.DeniedLoginMethods, SSHLoginMethodPassword) {
+ if util.Contains(u.Filters.DeniedLoginMethods, SSHLoginMethodPassword) {
return false
}
}
@@ -982,10 +965,10 @@ func (u *User) IsPartialAuth() bool {
method == SSHLoginMethodPassword {
continue
}
- if method == LoginMethodPassword && slices.Contains(u.Filters.DeniedLoginMethods, SSHLoginMethodPassword) {
+ if method == LoginMethodPassword && util.Contains(u.Filters.DeniedLoginMethods, SSHLoginMethodPassword) {
continue
}
- if !slices.Contains(SSHMultiStepsLoginMethods, method) {
+ if !util.Contains(SSHMultiStepsLoginMethods, method) {
return false
}
}
@@ -999,7 +982,7 @@ func (u *User) GetAllowedLoginMethods() []string {
if method == SSHLoginMethodPassword {
continue
}
- if !slices.Contains(u.Filters.DeniedLoginMethods, method) {
+ if !util.Contains(u.Filters.DeniedLoginMethods, method) {
allowedMethods = append(allowedMethods, method)
}
}
@@ -1069,7 +1052,7 @@ func (u *User) IsFileAllowed(virtualPath string) (bool, int) {
// CanManageMFA returns true if the user can add a multi-factor authentication configuration
func (u *User) CanManageMFA() bool {
- if slices.Contains(u.Filters.WebClient, sdk.WebClientMFADisabled) {
+ if util.Contains(u.Filters.WebClient, sdk.WebClientMFADisabled) {
return false
}
return len(mfa.GetAvailableTOTPConfigs()) > 0
@@ -1090,39 +1073,39 @@ func (u *User) skipExternalAuth() bool {
// CanManageShares returns true if the user can add, update and list shares
func (u *User) CanManageShares() bool {
- return !slices.Contains(u.Filters.WebClient, sdk.WebClientSharesDisabled)
+ return !util.Contains(u.Filters.WebClient, sdk.WebClientSharesDisabled)
}
// CanResetPassword returns true if this user is allowed to reset its password
func (u *User) CanResetPassword() bool {
- return !slices.Contains(u.Filters.WebClient, sdk.WebClientPasswordResetDisabled)
+ return !util.Contains(u.Filters.WebClient, sdk.WebClientPasswordResetDisabled)
}
// CanChangePassword returns true if this user is allowed to change its password
func (u *User) CanChangePassword() bool {
- return !slices.Contains(u.Filters.WebClient, sdk.WebClientPasswordChangeDisabled)
+ return !util.Contains(u.Filters.WebClient, sdk.WebClientPasswordChangeDisabled)
}
// CanChangeAPIKeyAuth returns true if this user is allowed to enable/disable API key authentication
func (u *User) CanChangeAPIKeyAuth() bool {
- return !slices.Contains(u.Filters.WebClient, sdk.WebClientAPIKeyAuthChangeDisabled)
+ return !util.Contains(u.Filters.WebClient, sdk.WebClientAPIKeyAuthChangeDisabled)
}
// CanChangeInfo returns true if this user is allowed to change its info such as email and description
func (u *User) CanChangeInfo() bool {
- return !slices.Contains(u.Filters.WebClient, sdk.WebClientInfoChangeDisabled)
+ return !util.Contains(u.Filters.WebClient, sdk.WebClientInfoChangeDisabled)
}
// CanManagePublicKeys returns true if this user is allowed to manage public keys
// from the WebClient. Used in WebClient UI
func (u *User) CanManagePublicKeys() bool {
- return !slices.Contains(u.Filters.WebClient, sdk.WebClientPubKeyChangeDisabled)
+ return !util.Contains(u.Filters.WebClient, sdk.WebClientPubKeyChangeDisabled)
}
// CanManageTLSCerts returns true if this user is allowed to manage TLS certificates
// from the WebClient. Used in WebClient UI
func (u *User) CanManageTLSCerts() bool {
- return !slices.Contains(u.Filters.WebClient, sdk.WebClientTLSCertChangeDisabled)
+ return !util.Contains(u.Filters.WebClient, sdk.WebClientTLSCertChangeDisabled)
}
// CanUpdateProfile returns true if the user is allowed to update the profile.
@@ -1134,7 +1117,7 @@ func (u *User) CanUpdateProfile() bool {
// CanAddFilesFromWeb returns true if the client can add files from the web UI.
// The specified target is the directory where the files must be uploaded
func (u *User) CanAddFilesFromWeb(target string) bool {
- if slices.Contains(u.Filters.WebClient, sdk.WebClientWriteDisabled) {
+ if util.Contains(u.Filters.WebClient, sdk.WebClientWriteDisabled) {
return false
}
return u.HasPerm(PermUpload, target) || u.HasPerm(PermOverwrite, target)
@@ -1143,7 +1126,7 @@ func (u *User) CanAddFilesFromWeb(target string) bool {
// CanAddDirsFromWeb returns true if the client can add directories from the web UI.
// The specified target is the directory where the new directory must be created
func (u *User) CanAddDirsFromWeb(target string) bool {
- if slices.Contains(u.Filters.WebClient, sdk.WebClientWriteDisabled) {
+ if util.Contains(u.Filters.WebClient, sdk.WebClientWriteDisabled) {
return false
}
return u.HasPerm(PermCreateDirs, target)
@@ -1152,7 +1135,7 @@ func (u *User) CanAddDirsFromWeb(target string) bool {
// CanRenameFromWeb returns true if the client can rename objects from the web UI.
// The specified src and dest are the source and target directories for the rename.
func (u *User) CanRenameFromWeb(src, dest string) bool {
- if slices.Contains(u.Filters.WebClient, sdk.WebClientWriteDisabled) {
+ if util.Contains(u.Filters.WebClient, sdk.WebClientWriteDisabled) {
return false
}
return u.HasAnyPerm(permsRenameAny, src) && u.HasAnyPerm(permsRenameAny, dest)
@@ -1161,7 +1144,7 @@ func (u *User) CanRenameFromWeb(src, dest string) bool {
// CanDeleteFromWeb returns true if the client can delete objects from the web UI.
// The specified target is the parent directory for the object to delete
func (u *User) CanDeleteFromWeb(target string) bool {
- if slices.Contains(u.Filters.WebClient, sdk.WebClientWriteDisabled) {
+ if util.Contains(u.Filters.WebClient, sdk.WebClientWriteDisabled) {
return false
}
return u.HasAnyPerm(permsDeleteAny, target)
@@ -1170,7 +1153,7 @@ func (u *User) CanDeleteFromWeb(target string) bool {
// CanCopyFromWeb returns true if the client can copy objects from the web UI.
// The specified src and dest are the source and target directories for the copy.
func (u *User) CanCopyFromWeb(src, dest string) bool {
- if slices.Contains(u.Filters.WebClient, sdk.WebClientWriteDisabled) {
+ if util.Contains(u.Filters.WebClient, sdk.WebClientWriteDisabled) {
return false
}
if !u.HasPerm(PermListItems, src) {
@@ -1230,7 +1213,7 @@ func (u *User) MustSetSecondFactor() bool {
return true
}
for _, p := range u.Filters.TwoFactorAuthProtocols {
- if !slices.Contains(u.Filters.TOTPConfig.Protocols, p) {
+ if !util.Contains(u.Filters.TOTPConfig.Protocols, p) {
return true
}
}
@@ -1241,11 +1224,11 @@ func (u *User) MustSetSecondFactor() bool {
// MustSetSecondFactorForProtocol returns true if the user must set a second factor authentication
// for the specified protocol
func (u *User) MustSetSecondFactorForProtocol(protocol string) bool {
- if slices.Contains(u.Filters.TwoFactorAuthProtocols, protocol) {
+ if util.Contains(u.Filters.TwoFactorAuthProtocols, protocol) {
if !u.Filters.TOTPConfig.Enabled {
return true
}
- if !slices.Contains(u.Filters.TOTPConfig.Protocols, protocol) {
+ if !util.Contains(u.Filters.TOTPConfig.Protocols, protocol) {
return true
}
}
@@ -1588,7 +1571,7 @@ func (u *User) mergeCryptFsConfig(group *Group) {
func (u *User) mergeWithPrimaryGroup(group *Group, replacer *strings.Replacer) {
if group.UserSettings.HomeDir != "" {
- u.HomeDir = filepath.Clean(u.replacePlaceholder(group.UserSettings.HomeDir, replacer))
+ u.HomeDir = u.replacePlaceholder(group.UserSettings.HomeDir, replacer)
}
if group.UserSettings.FsConfig.Provider != 0 {
u.FsConfig = u.replaceFsConfigPlaceholders(group.UserSettings.FsConfig, replacer)
@@ -1765,17 +1748,6 @@ func (u *User) hasRole(role string) bool {
return role == u.Role
}
-func (u *User) applyNamingRules() {
- u.Username = config.convertName(u.Username)
- u.Role = config.convertName(u.Role)
- for idx := range u.Groups {
- u.Groups[idx].Name = config.convertName(u.Groups[idx].Name)
- }
- for idx := range u.VirtualFolders {
- u.VirtualFolders[idx].Name = config.convertName(u.VirtualFolders[idx].Name)
- }
-}
-
func (u *User) getACopy() User {
u.SetEmptySecretsIfNil()
pubKeys := make([]string, len(u.PublicKeys))
@@ -1807,8 +1779,6 @@ func (u *User) getACopy() User {
filters.TOTPConfig.Secret = u.Filters.TOTPConfig.Secret.Clone()
filters.TOTPConfig.Protocols = make([]string, len(u.Filters.TOTPConfig.Protocols))
copy(filters.TOTPConfig.Protocols, u.Filters.TOTPConfig.Protocols)
- filters.AdditionalEmails = make([]string, len(u.Filters.AdditionalEmails))
- copy(filters.AdditionalEmails, u.Filters.AdditionalEmails)
filters.RecoveryCodes = make([]RecoveryCode, 0, len(u.Filters.RecoveryCodes))
for _, code := range u.Filters.RecoveryCodes {
if code.Secret == nil {
diff --git a/internal/ftpd/cryptfs_test.go b/internal/ftpd/cryptfs_test.go
index 23567fff..c036b59a 100644
--- a/internal/ftpd/cryptfs_test.go
+++ b/internal/ftpd/cryptfs_test.go
@@ -134,7 +134,6 @@ func TestBasicFTPHandlingCryptFs(t *testing.T) {
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 1*time.Second, 50*time.Millisecond)
assert.Eventually(t, func() bool { return common.Connections.GetClientConnections() == 0 }, 1000*time.Millisecond,
50*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func TestBufferedCryptFs(t *testing.T) {
@@ -180,7 +179,6 @@ func TestBufferedCryptFs(t *testing.T) {
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 1*time.Second, 50*time.Millisecond)
assert.Eventually(t, func() bool { return common.Connections.GetClientConnections() == 0 }, 1000*time.Millisecond,
50*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func TestZeroBytesTransfersCryptFs(t *testing.T) {
diff --git a/internal/ftpd/ftpd.go b/internal/ftpd/ftpd.go
index 9fdfacf0..80dd1531 100644
--- a/internal/ftpd/ftpd.go
+++ b/internal/ftpd/ftpd.go
@@ -19,7 +19,6 @@ import (
"context"
"errors"
"fmt"
- "log/slog"
"net"
"os"
"path/filepath"
@@ -67,6 +66,8 @@ type Binding struct {
// Set to 1 to require TLS for both data and control connection.
// Set to 2 to enable implicit TLS
TLSMode int `json:"tls_mode" mapstructure:"tls_mode"`
+ // 0 disabled, 1 required
+ TLSSessionReuse int `json:"tls_session_reuse" mapstructure:"tls_session_reuse"`
// Certificate and matching private key for this specific binding, if empty the global
// ones will be used, if any
CertificateFile string `json:"certificate_file" mapstructure:"certificate_file"`
@@ -108,6 +109,11 @@ type Binding struct {
// Please note that disabling the security checks you will make the FTP service vulnerable to bounce attacks
// on active data connections, so change the default value only if you are on a trusted/internal network
ActiveConnectionsSecurity int `json:"active_connections_security" mapstructure:"active_connections_security"`
+ // Set to 1 to silently ignore any client requests to perform ASCII translations via the TYPE command.
+ // That is, FTP clients can request ASCII translations, and SFTPGo will respond as the client expects,
+ // but will not actually perform the translation for either uploads or downloads. This behavior can be
+ // useful in circumstances involving older/mainframe clients and EBCDIC files.
+ IgnoreASCIITransferType int `json:"ignore_ascii_transfer_type" mapstructure:"ignore_ascii_transfer_type"`
// Debug enables the FTP debug mode. In debug mode, every FTP command will be logged
Debug bool `json:"debug" mapstructure:"debug"`
ciphers []uint16
@@ -135,6 +141,10 @@ func (b *Binding) isTLSModeValid() bool {
return b.TLSMode >= 0 && b.TLSMode <= 2
}
+func (b *Binding) isTLSSessionReuseValid() bool {
+ return b.TLSSessionReuse >= 0 && b.TLSSessionReuse <= 1
+}
+
func (b *Binding) checkSecuritySettings() error {
if b.PassiveConnectionsSecurity < 0 || b.PassiveConnectionsSecurity > 1 {
return fmt.Errorf("invalid passive_connections_security: %v", b.PassiveConnectionsSecurity)
@@ -402,14 +412,9 @@ func (c *Configuration) Initialize(configDir string) error {
server := NewServer(c, configDir, binding, idx)
go func(s *Server) {
- ftpLogger := logger.NewSlogAdapter("ftpserverlib", []slog.Attr{
- {
- Key: "server_id",
- Value: slog.StringValue(fmt.Sprintf("FTP_%d", s.ID)),
- },
- })
+ ftpLogger := logger.LeveledLogger{Sender: "ftpserverlib"}
ftpServer := ftpserver.NewFtpServer(s)
- ftpServer.Logger = slog.New(ftpLogger)
+ ftpServer.Logger = ftpLogger.With("server_id", fmt.Sprintf("FTP_%v", s.ID))
logger.Info(logSender, "", "starting FTP serving, binding: %v", s.binding.GetAddress())
util.CheckTCP4Port(s.binding.Port)
exitChannel <- ftpServer.ListenAndServe()
diff --git a/internal/ftpd/ftpd_test.go b/internal/ftpd/ftpd_test.go
index aebf5f37..ffc9f3f8 100644
--- a/internal/ftpd/ftpd_test.go
+++ b/internal/ftpd/ftpd_test.go
@@ -37,7 +37,6 @@ import (
ftpserver "github.com/fclairamb/ftpserverlib"
"github.com/jlaffaye/ftp"
- "github.com/pkg/sftp"
"github.com/pquerna/otp"
"github.com/pquerna/otp/totp"
"github.com/rs/zerolog"
@@ -45,7 +44,6 @@ import (
sdkkms "github.com/sftpgo/sdk/kms"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
- "golang.org/x/crypto/ssh"
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/config"
@@ -443,6 +441,7 @@ func TestMain(m *testing.M) { //nolint:gocyclo
CertificateFile: certPath,
CertificateKeyFile: keyPath,
TLSMode: 1,
+ TLSSessionReuse: 1,
ClientAuthType: 2,
},
}
@@ -529,6 +528,16 @@ func TestInitializationFailure(t *testing.T) {
require.Error(t, err)
require.Contains(t, err.Error(), "the provided passive IP \"127001\" is not valid")
ftpdConf.Bindings[1].ForcePassiveIP = ""
+ ftpdConf.Bindings[1].TLSMode = 2
+ ftpdConf.Bindings[1].TLSSessionReuse = 1
+ err = ftpdConf.Initialize(configDir)
+ require.Error(t, err, "TLS session resumption should not be supported with implicit FTPS")
+ ftpdConf.Bindings[1].TLSMode = 0
+ ftpdConf.Bindings[1].TLSSessionReuse = 100
+ err = ftpdConf.Initialize(configDir)
+ require.Error(t, err)
+ assert.Contains(t, err.Error(), "unsupported TLS reuse mode")
+ ftpdConf.Bindings[1].TLSSessionReuse = 0
err = ftpdConf.Initialize(configDir)
require.Error(t, err)
@@ -629,8 +638,6 @@ func TestBasicFTPHandling(t *testing.T) {
}
err = ftpUploadFile(testFilePath, testFileName, testFileSize, client, 0)
assert.NoError(t, err)
- _, err = client.FileSize(path.Join("/", testDir))
- assert.Error(t, err)
size, err := client.FileSize(path.Join("/", testDir, testFileName))
assert.NoError(t, err)
assert.Equal(t, testFileSize, size)
@@ -664,7 +671,6 @@ func TestBasicFTPHandling(t *testing.T) {
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 1*time.Second, 50*time.Millisecond)
assert.Eventually(t, func() bool { return common.Connections.GetClientConnections() == 0 }, 1000*time.Millisecond,
50*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func TestHTTPFs(t *testing.T) {
@@ -709,7 +715,6 @@ func TestHTTPFs(t *testing.T) {
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 1*time.Second, 50*time.Millisecond)
assert.Eventually(t, func() bool { return common.Connections.GetClientConnections() == 0 }, 1000*time.Millisecond,
50*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func TestListDirWithWildcards(t *testing.T) {
@@ -1730,66 +1735,6 @@ func TestMaxPerHostConnections(t *testing.T) {
common.Config.MaxPerHostConnections = oldValue
}
-func TestMaxTransfers(t *testing.T) {
- oldValue := common.Config.MaxPerHostConnections
- common.Config.MaxPerHostConnections = 2
-
- assert.Eventually(t, func() bool {
- return common.Connections.GetClientConnections() == 0
- }, 1000*time.Millisecond, 50*time.Millisecond)
-
- user := getTestUser()
- err := dataprovider.AddUser(&user, "", "", "")
- assert.NoError(t, err)
- user.Password = ""
-
- testFilePath := filepath.Join(homeBasePath, testFileName)
- testFileSize := int64(65535)
- err = createTestFile(testFilePath, testFileSize)
- assert.NoError(t, err)
-
- conn, sftpClient, err := getSftpClient(user)
- assert.NoError(t, err)
- defer conn.Close()
- defer sftpClient.Close()
-
- f1, err := sftpClient.Create("file1")
- assert.NoError(t, err)
- f2, err := sftpClient.Create("file2")
- assert.NoError(t, err)
- _, err = f1.Write([]byte(" "))
- assert.NoError(t, err)
- _, err = f2.Write([]byte(" "))
- assert.NoError(t, err)
-
- client, err := getFTPClient(user, true, nil)
- if assert.NoError(t, err) {
- err = checkBasicFTP(client)
- assert.NoError(t, err)
- err = ftpUploadFile(testFilePath, testFileName, testFileSize, client, 0)
- assert.Error(t, err)
- localDownloadPath := filepath.Join(homeBasePath, testDLFileName)
- err = ftpDownloadFile(testFileName, localDownloadPath, testFileSize, client, 0)
- assert.Error(t, err)
- err := client.Quit()
- assert.NoError(t, err)
- err = os.Remove(localDownloadPath)
- assert.NoError(t, err)
- }
-
- err = f1.Close()
- assert.NoError(t, err)
- err = f2.Close()
- assert.NoError(t, err)
-
- err = dataprovider.DeleteUser(user.Username, "", "", "")
- assert.NoError(t, err)
- err = os.RemoveAll(user.GetHomeDir())
- assert.NoError(t, err)
-
- common.Config.MaxPerHostConnections = oldValue
-}
-
func TestRateLimiter(t *testing.T) {
oldConfig := config.GetCommonConfig()
@@ -2506,7 +2451,7 @@ func TestLoginWithDatabaseCredentials(t *testing.T) {
u := getTestUser()
u.FsConfig.Provider = sdk.GCSFilesystemProvider
u.FsConfig.GCSConfig.Bucket = "test"
- u.FsConfig.GCSConfig.Credentials = kms.NewPlainSecret(`{ "type": "service_account", "private_key": " ", "client_email": "example@iam.gserviceaccount.com" }`)
+ u.FsConfig.GCSConfig.Credentials = kms.NewPlainSecret(`{ "type": "service_account" }`)
user, _, err := httpdtest.AddUser(u, http.StatusCreated)
assert.NoError(t, err)
assert.Equal(t, sdkkms.SecretStatusSecretBox, user.FsConfig.GCSConfig.Credentials.GetStatus())
@@ -2773,7 +2718,6 @@ func TestStat(t *testing.T) {
func TestUploadOverwriteVfolder(t *testing.T) {
u := getTestUser()
- u.QuotaFiles = 1000
vdir := "/vdir"
mappedPath := filepath.Join(os.TempDir(), "vdir")
folderName := filepath.Base(mappedPath)
@@ -2805,24 +2749,14 @@ func TestUploadOverwriteVfolder(t *testing.T) {
assert.NoError(t, err)
folder, _, err := httpdtest.GetFolderByName(folderName, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), folder.UsedQuotaSize)
- assert.Equal(t, 0, folder.UsedQuotaFiles)
- user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK)
- assert.NoError(t, err)
- assert.Equal(t, testFileSize, user.UsedQuotaSize)
- assert.Equal(t, 1, user.UsedQuotaFiles)
-
+ assert.Equal(t, testFileSize, folder.UsedQuotaSize)
+ assert.Equal(t, 1, folder.UsedQuotaFiles)
err = ftpUploadFile(testFilePath, path.Join(vdir, testFileName), testFileSize, client, 0)
assert.NoError(t, err)
folder, _, err = httpdtest.GetFolderByName(folderName, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), folder.UsedQuotaSize)
- assert.Equal(t, 0, folder.UsedQuotaFiles)
- user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK)
- assert.NoError(t, err)
- assert.Equal(t, testFileSize, user.UsedQuotaSize)
- assert.Equal(t, 1, user.UsedQuotaFiles)
-
+ assert.Equal(t, testFileSize, folder.UsedQuotaSize)
+ assert.Equal(t, 1, folder.UsedQuotaFiles)
err = client.Quit()
assert.NoError(t, err)
err = os.Remove(testFilePath)
@@ -3154,12 +3088,12 @@ func TestMODEType(t *testing.T) {
if assert.NoError(t, err) {
code, response, err := client.SendCommand("MODE s")
assert.NoError(t, err)
- assert.Equal(t, ftp.StatusNotImplementedParameter, code)
- assert.Equal(t, "Unsupported mode", response)
+ assert.Equal(t, ftp.StatusCommandOK, code)
+ assert.Equal(t, "Transfer mode set to 'S'", response)
code, response, err = client.SendCommand("MODE S")
assert.NoError(t, err)
assert.Equal(t, ftp.StatusCommandOK, code)
- assert.Equal(t, "Using stream mode", response)
+ assert.Equal(t, "Transfer mode set to 'S'", response)
code, _, err = client.SendCommand("MODE Z")
assert.NoError(t, err)
@@ -3167,7 +3101,7 @@ func TestMODEType(t *testing.T) {
code, _, err = client.SendCommand("MODE SS")
assert.NoError(t, err)
- assert.Equal(t, ftp.StatusNotImplementedParameter, code)
+ assert.Equal(t, ftp.StatusBadArguments, code)
err = client.Quit()
assert.NoError(t, err)
@@ -3527,6 +3461,61 @@ func TestCombine(t *testing.T) {
assert.NoError(t, err)
}
+func TestTLSSessionReuse(t *testing.T) {
+ u := getTestUser()
+ user, _, err := httpdtest.AddUser(u, http.StatusCreated)
+ assert.NoError(t, err)
+
+ client, err := getFTPClientWithSessionReuse(user, nil)
+ if assert.NoError(t, err) {
+ err = checkBasicFTP(client)
+ assert.NoError(t, err)
+
+ testFilePath := filepath.Join(homeBasePath, testFileName)
+ testFileSize := int64(65535)
+ err = createTestFile(testFilePath, testFileSize)
+ assert.NoError(t, err)
+
+ err = ftpUploadFile(testFilePath, testFileName, testFileSize, client, 0)
+ assert.NoError(t, err)
+
+ localDownloadPath := filepath.Join(homeBasePath, testDLFileName)
+ err = ftpDownloadFile(testFileName, localDownloadPath, testFileSize, client, 0)
+ assert.NoError(t, err)
+
+ entries, err := client.List("/")
+ assert.NoError(t, err)
+ assert.Len(t, entries, 1)
+
+ err = client.Quit()
+ assert.NoError(t, err)
+ err = os.Remove(testFilePath)
+ assert.NoError(t, err)
+ err = os.Remove(localDownloadPath)
+ assert.NoError(t, err)
+ }
+
+ // this TLS config does not support session resumption
+ tlsConfig := &tls.Config{
+ ServerName: "localhost",
+ InsecureSkipVerify: true, // use this for tests only
+ MinVersion: tls.VersionTLS12,
+ }
+ client, err = getFTPClientWithSessionReuse(user, tlsConfig)
+ if assert.NoError(t, err) {
+ err = checkBasicFTP(client)
+ assert.Error(t, err)
+
+ err = client.Quit()
+ assert.NoError(t, err)
+ }
+
+ _, err = httpdtest.RemoveUser(user, http.StatusOK)
+ assert.NoError(t, err)
+ err = os.RemoveAll(user.GetHomeDir())
+ assert.NoError(t, err)
+}
+
func TestClientCertificateAuthRevokedCert(t *testing.T) {
u := getTestUser()
u.Username = tlsClient2Username
@@ -3962,7 +3951,6 @@ func TestNestedVirtualFolders(t *testing.T) {
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 1*time.Second, 50*time.Millisecond)
assert.Eventually(t, func() bool { return common.Connections.GetClientConnections() == 0 }, 1000*time.Millisecond,
50*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func checkBasicFTP(client *ftp.ServerConn) error {
@@ -4214,30 +4202,6 @@ func getPreLoginScriptContent(user dataprovider.User, nonJSONResponse bool) []by
return content
}
-func getSftpClient(user dataprovider.User) (*ssh.Client, *sftp.Client, error) {
- var sftpClient *sftp.Client
- config := &ssh.ClientConfig{
- User: user.Username,
- HostKeyCallback: ssh.InsecureIgnoreHostKey(),
- Timeout: 5 * time.Second,
- }
- if user.Password != "" {
- config.Auth = []ssh.AuthMethod{ssh.Password(user.Password)}
- } else {
- config.Auth = []ssh.AuthMethod{ssh.Password(defaultPassword)}
- }
-
- conn, err := ssh.Dial("tcp", sftpServerAddr, config)
- if err != nil {
- return conn, sftpClient, err
- }
- sftpClient, err = sftp.NewClient(conn)
- if err != nil {
- conn.Close()
- }
- return conn, sftpClient, err
-}
-
func getExitCodeScriptContent(exitCode int) []byte {
content := []byte("#!/bin/sh\n\n")
content = append(content, []byte(fmt.Sprintf("exit %v", exitCode))...)
diff --git a/internal/ftpd/handler.go b/internal/ftpd/handler.go
index 613eaa07..036c3977 100644
--- a/internal/ftpd/handler.go
+++ b/internal/ftpd/handler.go
@@ -29,7 +29,6 @@ import (
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
"github.com/drakkan/sftpgo/v2/internal/logger"
- "github.com/drakkan/sftpgo/v2/internal/util"
"github.com/drakkan/sftpgo/v2/internal/vfs"
)
@@ -98,7 +97,6 @@ func (c *Connection) Create(_ string) (afero.File, error) {
// Mkdir creates a directory using the connection filesystem
func (c *Connection) Mkdir(name string, _ os.FileMode) error {
c.UpdateLastActivity()
- name = util.CleanPath(name)
return c.CreateDir(name, true)
}
@@ -122,7 +120,6 @@ func (c *Connection) OpenFile(_ string, _ int, _ os.FileMode) (afero.File, error
// We implements ClientDriverExtensionRemoveDir for directories
func (c *Connection) Remove(name string) error {
c.UpdateLastActivity()
- name = util.CleanPath(name)
fs, p, err := c.GetFsAndResolvedPath(name)
if err != nil {
@@ -150,8 +147,6 @@ func (c *Connection) RemoveAll(_ string) error {
// Rename renames a file or a directory
func (c *Connection) Rename(oldname, newname string) error {
c.UpdateLastActivity()
- oldname = util.CleanPath(oldname)
- newname = util.CleanPath(newname)
return c.BaseConnection.Rename(oldname, newname)
}
@@ -160,7 +155,6 @@ func (c *Connection) Rename(oldname, newname string) error {
// if any happens
func (c *Connection) Stat(name string) (os.FileInfo, error) {
c.UpdateLastActivity()
- name = util.CleanPath(name)
c.doWildcardListDir = false
if !c.User.HasPerm(dataprovider.PermListItems, path.Dir(name)) {
@@ -204,7 +198,6 @@ func (c *Connection) Chown(_ string, _, _ int) error {
// Chmod changes the mode of the named file/directory
func (c *Connection) Chmod(name string, mode os.FileMode) error {
c.UpdateLastActivity()
- name = util.CleanPath(name)
attrs := common.StatAttributes{
Flags: common.StatAttrPerms,
@@ -216,7 +209,6 @@ func (c *Connection) Chmod(name string, mode os.FileMode) error {
// Chtimes changes the access and modification times of the named file
func (c *Connection) Chtimes(name string, atime time.Time, mtime time.Time) error {
c.UpdateLastActivity()
- name = util.CleanPath(name)
attrs := common.StatAttributes{
Flags: common.StatAttrTimes,
@@ -229,7 +221,6 @@ func (c *Connection) Chtimes(name string, atime time.Time, mtime time.Time) erro
// GetAvailableSpace implements ClientDriverExtensionAvailableSpace interface
func (c *Connection) GetAvailableSpace(dirName string) (int64, error) {
c.UpdateLastActivity()
- dirName = util.CleanPath(dirName)
diskQuota, transferQuota := c.HasSpace(false, false, path.Join(dirName, "fakefile.txt"))
if !diskQuota.HasSpace || !transferQuota.HasUploadSpace() {
@@ -288,7 +279,6 @@ func (c *Connection) AllocateSpace(_ int) error {
// RemoveDir implements ClientDriverExtensionRemoveDir
func (c *Connection) RemoveDir(name string) error {
c.UpdateLastActivity()
- name = util.CleanPath(name)
return c.BaseConnection.RemoveDir(name)
}
@@ -296,16 +286,13 @@ func (c *Connection) RemoveDir(name string) error {
// Symlink implements ClientDriverExtensionSymlink
func (c *Connection) Symlink(oldname, newname string) error {
c.UpdateLastActivity()
- oldname = util.CleanPath(oldname)
- newname = util.CleanPath(newname)
- return c.CreateSymlink(oldname, newname)
+ return c.BaseConnection.CreateSymlink(oldname, newname)
}
// ReadDir implements ClientDriverExtensionFilelist
-func (c *Connection) ReadDir(name string) ([]os.FileInfo, error) {
+func (c *Connection) ReadDir(name string) (ftpserver.DirLister, error) {
c.UpdateLastActivity()
- name = util.CleanPath(name)
if c.doWildcardListDir {
c.doWildcardListDir = false
@@ -319,27 +306,21 @@ func (c *Connection) ReadDir(name string) ([]os.FileInfo, error) {
if err != nil {
return nil, err
}
- patternLister := &patternDirLister{
+ return &patternDirLister{
DirLister: lister,
pattern: baseName,
lastCommand: c.clientContext.GetLastCommand(),
dirName: name,
- connectionPath: util.CleanPath(c.clientContext.Path()),
- }
- return consumeDirLister(patternLister)
+ connectionPath: c.clientContext.Path(),
+ }, nil
}
- lister, err := c.ListDir(name)
- if err != nil {
- return nil, err
- }
- return consumeDirLister(lister)
+ return c.ListDir(name)
}
// GetHandle implements ClientDriverExtentionFileTransfer
func (c *Connection) GetHandle(name string, flags int, offset int64) (ftpserver.FileTransfer, error) {
c.UpdateLastActivity()
- name = util.CleanPath(name)
fs, p, err := c.GetFsAndResolvedPath(name)
if err != nil {
@@ -350,11 +331,6 @@ func (c *Connection) GetHandle(name string, flags int, offset int64) (ftpserver.
return nil, errCOMBNotSupported
}
- if err := common.Connections.IsNewTransferAllowed(c.User.Username); err != nil {
- c.Log(logger.LevelInfo, "denying transfer due to count limits")
- return nil, c.GetPermissionDeniedError()
- }
-
if flags&os.O_WRONLY != 0 {
return c.uploadFile(fs, p, name, flags)
}
@@ -489,7 +465,7 @@ func (c *Connection) handleFTPUploadToExistingFile(fs vfs.Fs, flags int, resolve
}
if common.Config.IsAtomicUploadEnabled() && fs.IsAtomicUploadSupported() {
- _, _, err = fs.Rename(resolvedPath, filePath, 0)
+ _, _, err = fs.Rename(resolvedPath, filePath)
if err != nil {
c.Log(logger.LevelError, "error renaming existing file for atomic upload, source: %q, dest: %q, err: %+v",
resolvedPath, filePath, err)
@@ -517,7 +493,10 @@ func (c *Connection) handleFTPUploadToExistingFile(fs vfs.Fs, flags int, resolve
if vfs.HasTruncateSupport(fs) {
vfolder, err := c.User.GetVirtualFolderForPath(path.Dir(requestPath))
if err == nil {
- dataprovider.UpdateUserFolderQuota(&vfolder, &c.User, 0, -fileSize, false)
+ dataprovider.UpdateVirtualFolderQuota(&vfolder.BaseVirtualFolder, 0, -fileSize, false) //nolint:errcheck
+ if vfolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&c.User, 0, -fileSize, false) //nolint:errcheck
+ }
} else {
dataprovider.UpdateUserQuota(&c.User, 0, -fileSize, false) //nolint:errcheck
}
@@ -602,24 +581,3 @@ func (l *patternDirLister) Next(limit int) ([]os.FileInfo, error) {
}
}
}
-
-func consumeDirLister(lister vfs.DirLister) ([]os.FileInfo, error) {
- defer lister.Close()
-
- var results []os.FileInfo
-
- for {
- files, err := lister.Next(vfs.ListerBatchSize)
- finished := errors.Is(err, io.EOF)
- results = append(results, files...)
- if err != nil && !finished {
- return results, err
- }
- if finished {
- lister.Close()
- break
- }
- }
-
- return results, nil
-}
diff --git a/internal/ftpd/internal_test.go b/internal/ftpd/internal_test.go
index 4e167524..6d9dd8f0 100644
--- a/internal/ftpd/internal_test.go
+++ b/internal/ftpd/internal_test.go
@@ -404,7 +404,7 @@ func (fs MockOsFs) Remove(name string, _ bool) error {
}
// Rename renames (moves) source to target
-func (fs MockOsFs) Rename(source, target string, _ int) (int, int64, error) {
+func (fs MockOsFs) Rename(source, target string) (int, int64, error) {
if fs.err != nil {
return -1, -1, fs.err
}
@@ -527,24 +527,15 @@ func TestServerGetSettings(t *testing.T) {
Bindings: []Binding{binding},
PassivePortRange: PortRange{
Start: 10000,
- End: 10000,
+ End: 11000,
},
}
assert.False(t, binding.HasProxy())
server := NewServer(c, configDir, binding, 0)
settings, err := server.GetSettings()
assert.NoError(t, err)
- if ranger, ok := settings.PassiveTransferPortRange.(*ftpserver.PortRange); ok {
- assert.Equal(t, 10000, ranger.Start)
- assert.Equal(t, 10000, ranger.End)
- }
- c.PassivePortRange.End = 11000
- settings, err = server.GetSettings()
- assert.NoError(t, err)
- if ranger, ok := settings.PassiveTransferPortRange.(*ftpserver.PortRange); ok {
- assert.Equal(t, 10000, ranger.Start)
- assert.Equal(t, 11000, ranger.End)
- }
+ assert.Equal(t, 10000, settings.PassiveTransferPortRange.Start)
+ assert.Equal(t, 11000, settings.PassiveTransferPortRange.End)
common.Config.ProxyProtocol = 1
_, err = server.GetSettings()
@@ -673,7 +664,6 @@ func TestClientVersion(t *testing.T) {
common.Connections.Remove(connection.GetID())
}
assert.Len(t, common.Connections.GetStats(""), 0)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func TestDriverMethodsNotImplemented(t *testing.T) {
@@ -699,26 +689,16 @@ func TestDriverMethodsNotImplemented(t *testing.T) {
func TestExtraData(t *testing.T) {
mockCC := mockFTPClientContext{}
- _, ok := mockCC.Extra().(*tlsState)
+ _, ok := mockCC.Extra().(bool)
require.False(t, ok)
- mockCC.SetExtra(&tlsState{
- LoginWithMutualTLS: false,
- Version: tls.VersionName(tls.VersionTLS13),
- Cipher: tls.CipherSuiteName(tls.TLS_AES_128_GCM_SHA256),
- KEX: tls.X25519MLKEM768.String(),
- })
- state, ok := mockCC.Extra().(*tlsState)
+ mockCC.SetExtra(false)
+ val, ok := mockCC.Extra().(bool)
require.True(t, ok)
- require.False(t, state.LoginWithMutualTLS)
- require.Equal(t, tls.VersionName(tls.VersionTLS13), state.Version)
- require.Equal(t, tls.CipherSuiteName(tls.TLS_AES_128_GCM_SHA256), state.Cipher)
- require.Equal(t, tls.X25519MLKEM768.String(), state.KEX)
- mockCC.SetExtra(&tlsState{
- LoginWithMutualTLS: true,
- })
- state, ok = mockCC.Extra().(*tlsState)
+ require.False(t, val)
+ mockCC.SetExtra(true)
+ val, ok = mockCC.Extra().(bool)
require.True(t, ok)
- require.True(t, state.LoginWithMutualTLS)
+ require.True(t, val)
}
func TestResolvePathErrors(t *testing.T) {
@@ -938,7 +918,6 @@ func TestTransferErrors(t *testing.T) {
pipeWriter := vfs.NewPipeWriter(w)
baseTransfer = common.NewBaseTransfer(nil, connection.BaseConnection, nil, testfile, testfile, testfile,
common.TransferUpload, 0, 0, 0, 0, false, fs, dataprovider.TransferQuota{})
- tr.Connection.RemoveTransfer(tr)
tr = newTransfer(baseTransfer, pipeWriter, nil, 0)
err = r.Close()
@@ -954,7 +933,6 @@ func TestTransferErrors(t *testing.T) {
if assert.Error(t, err) {
assert.EqualError(t, err, common.ErrOpUnsupported.Error())
}
- tr.Connection.RemoveTransfer(tr)
err = os.Remove(testfile)
assert.NoError(t, err)
}
diff --git a/internal/ftpd/server.go b/internal/ftpd/server.go
index 2e5790ae..8baf631c 100644
--- a/internal/ftpd/server.go
+++ b/internal/ftpd/server.go
@@ -22,7 +22,6 @@ import (
"net"
"os"
"path/filepath"
- "slices"
ftpserver "github.com/fclairamb/ftpserverlib"
"github.com/sftpgo/sdk/plugin/notifier"
@@ -36,15 +35,6 @@ import (
"github.com/drakkan/sftpgo/v2/internal/version"
)
-// tlsState tracks TLS connection state for a client
-type tlsState struct {
- // LoginWithMutualTLS indicates whether the user logged in using TLS certificate authentication
- LoginWithMutualTLS bool
- Version string
- Cipher string
- KEX string
-}
-
// Server implements the ftpserverlib MainDriver interface
type Server struct {
ID int
@@ -92,7 +82,7 @@ func (s *Server) GetSettings() (*ftpserver.Settings, error) {
return nil, err
}
var portRange *ftpserver.PortRange
- if s.config.PassivePortRange.Start > 0 && s.config.PassivePortRange.End >= s.config.PassivePortRange.Start {
+ if s.config.PassivePortRange.Start > 0 && s.config.PassivePortRange.End > s.config.PassivePortRange.Start {
portRange = &ftpserver.PortRange{
Start: s.config.PassivePortRange.Start,
End: s.config.PassivePortRange.End,
@@ -119,31 +109,34 @@ func (s *Server) GetSettings() (*ftpserver.Settings, error) {
return nil, fmt.Errorf("unsupported TLS mode: %d", s.binding.TLSMode)
}
- if s.binding.TLSMode > 0 && certMgr == nil {
+ if !s.binding.isTLSSessionReuseValid() {
+ return nil, fmt.Errorf("unsupported TLS reuse mode %d", s.binding.TLSSessionReuse)
+ }
+
+ if (s.binding.TLSMode > 0 || s.binding.TLSSessionReuse > 0) && certMgr == nil {
return nil, errors.New("to enable TLS you need to provide a certificate")
}
- settings := &ftpserver.Settings{
- Listener: ftpListener,
- ListenAddr: s.binding.GetAddress(),
- PublicIPResolver: s.binding.passiveIPResolver,
- ActiveTransferPortNon20: s.config.ActiveTransfersPortNon20,
- IdleTimeout: -1,
- ConnectionTimeout: 20,
- Banner: s.statusBanner,
- TLSRequired: ftpserver.TLSRequirement(s.binding.TLSMode),
- DisableSite: !s.config.EnableSite,
- DisableActiveMode: s.config.DisableActiveMode,
- EnableHASH: s.config.HASHSupport > 0,
- EnableCOMB: s.config.CombineSupport > 0,
- DefaultTransferType: ftpserver.TransferTypeBinary,
- ActiveConnectionsCheck: ftpserver.DataConnectionRequirement(s.binding.ActiveConnectionsSecurity),
- PasvConnectionsCheck: ftpserver.DataConnectionRequirement(s.binding.PassiveConnectionsSecurity),
- }
- if portRange != nil {
- settings.PassiveTransferPortRange = portRange
- }
- return settings, nil
+ return &ftpserver.Settings{
+ Listener: ftpListener,
+ ListenAddr: s.binding.GetAddress(),
+ PublicIPResolver: s.binding.passiveIPResolver,
+ PassiveTransferPortRange: portRange,
+ ActiveTransferPortNon20: s.config.ActiveTransfersPortNon20,
+ IdleTimeout: -1,
+ ConnectionTimeout: 20,
+ Banner: s.statusBanner,
+ TLSRequired: ftpserver.TLSRequirement(s.binding.TLSMode),
+ TLSSessionReuse: ftpserver.TLSSessionReuse(s.binding.TLSSessionReuse),
+ DisableSite: !s.config.EnableSite,
+ DisableActiveMode: s.config.DisableActiveMode,
+ EnableHASH: s.config.HASHSupport > 0,
+ EnableCOMB: s.config.CombineSupport > 0,
+ DefaultTransferType: ftpserver.TransferTypeBinary,
+ IgnoreASCIITranferType: s.binding.IgnoreASCIITransferType == 1,
+ ActiveConnectionsCheck: ftpserver.DataConnectionRequirement(s.binding.ActiveConnectionsSecurity),
+ PasvConnectionsCheck: ftpserver.DataConnectionRequirement(s.binding.PassiveConnectionsSecurity),
+ }, nil
}
// ClientConnected is called to send the very first welcome message
@@ -187,26 +180,27 @@ func (s *Server) ClientDisconnected(cc ftpserver.ClientContext) {
// AuthUser authenticates the user and selects an handling driver
func (s *Server) AuthUser(cc ftpserver.ClientContext, username, password string) (ftpserver.ClientDriver, error) {
loginMethod := dataprovider.LoginMethodPassword
- tlsState, ok := cc.Extra().(*tlsState)
- if ok && tlsState != nil && tlsState.LoginWithMutualTLS {
+ if verified, ok := cc.Extra().(bool); ok && verified {
loginMethod = dataprovider.LoginMethodTLSCertificateAndPwd
}
ipAddr := util.GetIPFromRemoteAddress(cc.RemoteAddr().String())
user, err := dataprovider.CheckUserAndPass(username, password, ipAddr, common.ProtocolFTP)
if err != nil {
user.Username = username
- updateLoginMetrics(&user, ipAddr, loginMethod, err, nil)
+ updateLoginMetrics(&user, ipAddr, loginMethod, err)
return nil, dataprovider.ErrInvalidCredentials
}
connection, err := s.validateUser(user, cc, loginMethod)
- defer updateLoginMetrics(&user, ipAddr, loginMethod, err, connection)
+ defer updateLoginMetrics(&user, ipAddr, loginMethod, err)
if err != nil {
return nil, err
}
setStartDirectory(user.Filters.StartDirectory, cc)
+ connection.Log(logger.LevelInfo, "User %q logged in with %q from ip %q, TLS enabled? %t",
+ user.Username, loginMethod, ipAddr, cc.HasTLSForControl())
dataprovider.UpdateLastLogin(&user)
return connection, nil
}
@@ -240,52 +234,42 @@ func (s *Server) WrapPassiveListener(listener net.Listener) (net.Listener, error
// VerifyConnection checks whether a user should be authenticated using a client certificate without prompting for a password
func (s *Server) VerifyConnection(cc ftpserver.ClientContext, user string, tlsConn *tls.Conn) (ftpserver.ClientDriver, error) {
- if tlsConn == nil {
- return nil, nil
- }
- state := tlsConn.ConnectionState()
- cc.SetExtra(&tlsState{
- LoginWithMutualTLS: false,
- Cipher: tls.CipherSuiteName(state.CipherSuite),
- Version: tls.VersionName(state.Version),
- KEX: state.CurveID.String(),
- })
if !s.binding.isMutualTLSEnabled() {
return nil, nil
}
-
- if len(state.PeerCertificates) > 0 {
- ipAddr := util.GetIPFromRemoteAddress(cc.RemoteAddr().String())
- dbUser, err := dataprovider.CheckUserBeforeTLSAuth(user, ipAddr, common.ProtocolFTP, state.PeerCertificates[0])
- if err != nil {
- dbUser.Username = user
- updateLoginMetrics(&dbUser, ipAddr, dataprovider.LoginMethodTLSCertificate, err, nil)
- return nil, dataprovider.ErrInvalidCredentials
- }
- if dbUser.IsTLSVerificationEnabled() {
- dbUser, err = dataprovider.CheckUserAndTLSCert(user, ipAddr, common.ProtocolFTP, state.PeerCertificates[0])
+ cc.SetExtra(false)
+ if tlsConn != nil {
+ state := tlsConn.ConnectionState()
+ if len(state.PeerCertificates) > 0 {
+ ipAddr := util.GetIPFromRemoteAddress(cc.RemoteAddr().String())
+ dbUser, err := dataprovider.CheckUserBeforeTLSAuth(user, ipAddr, common.ProtocolFTP, state.PeerCertificates[0])
if err != nil {
- return nil, err
+ dbUser.Username = user
+ updateLoginMetrics(&dbUser, ipAddr, dataprovider.LoginMethodTLSCertificate, err)
+ return nil, dataprovider.ErrInvalidCredentials
}
-
- cc.SetExtra(&tlsState{
- LoginWithMutualTLS: true,
- Cipher: tls.CipherSuiteName(state.CipherSuite),
- Version: tls.VersionName(state.Version),
- KEX: state.CurveID.String(),
- })
-
- if dbUser.IsLoginMethodAllowed(dataprovider.LoginMethodTLSCertificate, common.ProtocolFTP) {
- connection, err := s.validateUser(dbUser, cc, dataprovider.LoginMethodTLSCertificate)
-
- defer updateLoginMetrics(&dbUser, ipAddr, dataprovider.LoginMethodTLSCertificate, err, connection)
-
+ if dbUser.IsTLSVerificationEnabled() {
+ dbUser, err = dataprovider.CheckUserAndTLSCert(user, ipAddr, common.ProtocolFTP, state.PeerCertificates[0])
if err != nil {
return nil, err
}
- setStartDirectory(dbUser.Filters.StartDirectory, cc)
- dataprovider.UpdateLastLogin(&dbUser)
- return connection, nil
+
+ cc.SetExtra(true)
+
+ if dbUser.IsLoginMethodAllowed(dataprovider.LoginMethodTLSCertificate, common.ProtocolFTP) {
+ connection, err := s.validateUser(dbUser, cc, dataprovider.LoginMethodTLSCertificate)
+
+ defer updateLoginMetrics(&dbUser, ipAddr, dataprovider.LoginMethodTLSCertificate, err)
+
+ if err != nil {
+ return nil, err
+ }
+ setStartDirectory(dbUser.Filters.StartDirectory, cc)
+ connection.Log(logger.LevelInfo, "User id: %d, logged in with FTP using a TLS certificate, username: %q, home_dir: %q remote addr: %q",
+ dbUser.ID, dbUser.Username, dbUser.HomeDir, ipAddr)
+ dataprovider.UpdateLastLogin(&dbUser)
+ return connection, nil
+ }
}
}
}
@@ -311,7 +295,9 @@ func (s *Server) buildTLSConfig() {
s.binding.GetAddress(), s.binding.ciphers, certID)
if s.binding.isMutualTLSEnabled() {
s.tlsConfig.ClientCAs = certMgr.GetRootCAs()
- s.tlsConfig.VerifyConnection = s.verifyTLSConnection
+ if s.binding.TLSSessionReuse != int(ftpserver.TLSSessionReuseRequired) {
+ s.tlsConfig.VerifyConnection = s.verifyTLSConnection
+ }
switch s.binding.ClientAuthType {
case 1:
s.tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert
@@ -375,7 +361,7 @@ func (s *Server) validateUser(user dataprovider.User, cc ftpserver.ClientContext
user.Username, user.HomeDir)
return nil, fmt.Errorf("cannot login user with invalid home dir: %q", user.HomeDir)
}
- if slices.Contains(user.Filters.DeniedProtocols, common.ProtocolFTP) {
+ if util.Contains(user.Filters.DeniedProtocols, common.ProtocolFTP) {
logger.Info(logSender, connectionID, "cannot login user %q, protocol FTP is not allowed", user.Username)
return nil, fmt.Errorf("protocol FTP is not allowed for user %q", user.Username)
}
@@ -430,15 +416,9 @@ func setStartDirectory(startDirectory string, cc ftpserver.ClientContext) {
cc.SetPath(startDirectory)
}
-func updateLoginMetrics(user *dataprovider.User, ip, loginMethod string, err error, c *Connection) {
+func updateLoginMetrics(user *dataprovider.User, ip, loginMethod string, err error) {
metric.AddLoginAttempt(loginMethod)
if err == nil {
- info := ""
- if tlsState, ok := c.clientContext.Extra().(*tlsState); ok && tlsState != nil {
- info = fmt.Sprintf("%s - %s - %s", tlsState.Version, tlsState.Cipher, tlsState.KEX)
- }
- logger.LoginLog(user.Username, ip, loginMethod, common.ProtocolFTP, c.ID, c.GetClientVersion(),
- c.clientContext.HasTLSForControl(), info)
plugin.Handler.NotifyLogEvent(notifier.LogEventTypeLoginOK, common.ProtocolFTP, user.Username, ip, "", nil)
common.DelayLogin(nil)
} else if err != common.ErrInternalFailure {
diff --git a/internal/ftpd/transfer.go b/internal/ftpd/transfer.go
index 071f8b1e..ed0ce660 100644
--- a/internal/ftpd/transfer.go
+++ b/internal/ftpd/transfer.go
@@ -136,7 +136,7 @@ func (t *transfer) closeIO() error {
} else if t.reader != nil {
err = t.reader.Close()
if metadater, ok := t.reader.(vfs.Metadater); ok {
- t.SetMetadata(metadater.Metadata())
+ t.BaseTransfer.SetMetadata(metadater.Metadata())
}
}
return err
diff --git a/internal/httpd/api_admin.go b/internal/httpd/api_admin.go
index 2fd093a0..2a8c7ec6 100644
--- a/internal/httpd/api_admin.go
+++ b/internal/httpd/api_admin.go
@@ -21,10 +21,10 @@ import (
"net/http"
"net/url"
+ "github.com/go-chi/jwtauth/v5"
"github.com/go-chi/render"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/smtp"
"github.com/drakkan/sftpgo/v2/internal/util"
)
@@ -68,7 +68,7 @@ func renderAdmin(w http.ResponseWriter, r *http.Request, username string, status
func addAdmin(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -90,7 +90,7 @@ func addAdmin(w http.ResponseWriter, r *http.Request) {
func disableAdmin2FA(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -138,7 +138,7 @@ func updateAdmin(w http.ResponseWriter, r *http.Request) {
return
}
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -182,7 +182,7 @@ func updateAdmin(w http.ResponseWriter, r *http.Request) {
func deleteAdmin(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
username := getURLParam(r, "username")
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -202,7 +202,7 @@ func deleteAdmin(w http.ResponseWriter, r *http.Request) {
func getAdminProfile(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -224,7 +224,7 @@ func getAdminProfile(w http.ResponseWriter, r *http.Request) {
func updateAdminProfile(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -317,7 +317,7 @@ func doChangeAdminPassword(r *http.Request, currentPassword, newPassword, confir
util.I18nErrorChangePwdNoDifferent,
)
}
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil {
return util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken)
}
@@ -335,3 +335,14 @@ func doChangeAdminPassword(r *http.Request, currentPassword, newPassword, confir
return dataprovider.UpdateAdmin(&admin, dataprovider.ActionExecutorSelf, util.GetIPFromRemoteAddress(r.RemoteAddr), claims.Role)
}
+
+func getTokenClaims(r *http.Request) (jwtTokenClaims, error) {
+ tokenClaims := jwtTokenClaims{}
+ _, claims, err := jwtauth.FromContext(r.Context())
+ if err != nil {
+ return tokenClaims, err
+ }
+ tokenClaims.Decode(claims)
+
+ return tokenClaims, nil
+}
diff --git a/internal/httpd/api_configs.go b/internal/httpd/api_configs.go
index 520f81a9..399c7ad2 100644
--- a/internal/httpd/api_configs.go
+++ b/internal/httpd/api_configs.go
@@ -66,7 +66,7 @@ func testSMTPConfig(w http.ResponseWriter, r *http.Request) {
}
}
if req.AuthType == 3 {
- if err := req.OAuth2.Validate(); err != nil {
+ if err := req.Config.OAuth2.Validate(); err != nil {
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
return
}
@@ -85,7 +85,7 @@ type oauth2TokenRequest struct {
BaseRedirectURL string `json:"base_redirect_url"`
}
-func (s *httpdServer) handleSMTPOAuth2TokenRequestPost(w http.ResponseWriter, r *http.Request) {
+func handleSMTPOAuth2TokenRequestPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
var req oauth2TokenRequest
@@ -106,20 +106,20 @@ func (s *httpdServer) handleSMTPOAuth2TokenRequestPost(w http.ResponseWriter, r
}
configs.SetNilsToEmpty()
if err := configs.SMTP.TryDecrypt(); err == nil {
- req.ClientSecret = configs.SMTP.OAuth2.ClientSecret.GetPayload()
+ req.OAuth2Config.ClientSecret = configs.SMTP.OAuth2.ClientSecret.GetPayload()
}
}
- cfg := req.GetOAuth2()
+ cfg := req.OAuth2Config.GetOAuth2()
cfg.RedirectURL = req.BaseRedirectURL + webOAuth2RedirectPath
clientSecret := kms.NewPlainSecret(cfg.ClientSecret)
clientSecret.SetAdditionalData(xid.New().String())
pendingAuth := newOAuth2PendingAuth(req.Provider, cfg.RedirectURL, cfg.ClientID, clientSecret)
oauth2Mgr.addPendingAuth(pendingAuth)
- stateToken := createOAuth2Token(s.csrfTokenAuth, pendingAuth.State, util.GetIPFromRemoteAddress(r.RemoteAddr))
+ stateToken := createOAuth2Token(pendingAuth.State, util.GetIPFromRemoteAddress(r.RemoteAddr))
if stateToken == "" {
sendAPIResponse(w, r, nil, "unable to create state token", http.StatusInternalServerError)
return
}
- u := cfg.AuthCodeURL(stateToken, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(pendingAuth.Verifier))
+ u := cfg.AuthCodeURL(stateToken, oauth2.AccessTypeOffline)
sendAPIResponse(w, r, nil, u, http.StatusOK)
}
diff --git a/internal/httpd/api_eventrule.go b/internal/httpd/api_eventrule.go
index b8474af4..a4daaaa6 100644
--- a/internal/httpd/api_eventrule.go
+++ b/internal/httpd/api_eventrule.go
@@ -24,7 +24,6 @@ import (
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/util"
)
@@ -43,7 +42,7 @@ func getEventActions(w http.ResponseWriter, r *http.Request) {
render.JSON(w, r, actions)
}
-func renderEventAction(w http.ResponseWriter, r *http.Request, name string, claims *jwt.Claims, status int) {
+func renderEventAction(w http.ResponseWriter, r *http.Request, name string, claims *jwtTokenClaims, status int) {
action, err := dataprovider.EventActionExists(name)
if err != nil {
sendAPIResponse(w, r, err, "", getRespStatus(err))
@@ -62,19 +61,19 @@ func renderEventAction(w http.ResponseWriter, r *http.Request, name string, clai
func getEventActionByName(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
}
name := getURLParam(r, "name")
- renderEventAction(w, r, name, claims, http.StatusOK)
+ renderEventAction(w, r, name, &claims, http.StatusOK)
}
func addEventAction(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -92,12 +91,12 @@ func addEventAction(w http.ResponseWriter, r *http.Request) {
return
}
w.Header().Add("Location", fmt.Sprintf("%s/%s", eventActionsPath, url.PathEscape(action.Name)))
- renderEventAction(w, r, action.Name, claims, http.StatusCreated)
+ renderEventAction(w, r, action.Name, &claims, http.StatusCreated)
}
func updateEventAction(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -137,7 +136,7 @@ func updateEventAction(w http.ResponseWriter, r *http.Request) {
func deleteEventAction(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -166,7 +165,7 @@ func getEventRules(w http.ResponseWriter, r *http.Request) {
render.JSON(w, r, rules)
}
-func renderEventRule(w http.ResponseWriter, r *http.Request, name string, claims *jwt.Claims, status int) {
+func renderEventRule(w http.ResponseWriter, r *http.Request, name string, claims *jwtTokenClaims, status int) {
rule, err := dataprovider.EventRuleExists(name)
if err != nil {
sendAPIResponse(w, r, err, "", getRespStatus(err))
@@ -185,19 +184,19 @@ func renderEventRule(w http.ResponseWriter, r *http.Request, name string, claims
func getEventRuleByName(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
}
name := getURLParam(r, "name")
- renderEventRule(w, r, name, claims, http.StatusOK)
+ renderEventRule(w, r, name, &claims, http.StatusOK)
}
func addEventRule(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -214,12 +213,12 @@ func addEventRule(w http.ResponseWriter, r *http.Request) {
return
}
w.Header().Add("Location", fmt.Sprintf("%s/%s", eventRulesPath, url.PathEscape(rule.Name)))
- renderEventRule(w, r, rule.Name, claims, http.StatusCreated)
+ renderEventRule(w, r, rule.Name, &claims, http.StatusCreated)
}
func updateEventRule(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -250,7 +249,7 @@ func updateEventRule(w http.ResponseWriter, r *http.Request) {
func deleteEventRule(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
diff --git a/internal/httpd/api_events.go b/internal/httpd/api_events.go
index a5ad1a5c..5c218271 100644
--- a/internal/httpd/api_events.go
+++ b/internal/httpd/api_events.go
@@ -27,7 +27,6 @@ import (
"github.com/sftpgo/sdk/plugin/notifier"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/plugin"
"github.com/drakkan/sftpgo/v2/internal/util"
)
@@ -69,8 +68,8 @@ func getCommonSearchParamsFromRequest(r *http.Request) (eventsearcher.CommonSear
}
c.EndTimestamp = ts
}
- c.Username = strings.TrimSpace(r.URL.Query().Get("username"))
- c.IP = strings.TrimSpace(r.URL.Query().Get("ip"))
+ c.Username = r.URL.Query().Get("username")
+ c.IP = r.URL.Query().Get("ip")
c.InstanceIDs = getCommaSeparatedQueryParam(r, "instance_ids")
c.FromID = r.URL.Query().Get("from_id")
@@ -94,9 +93,9 @@ func getFsSearchParamsFromRequest(r *http.Request) (eventsearcher.FsEventSearch,
s.FsProvider = val
}
s.Actions = getCommaSeparatedQueryParam(r, "actions")
- s.SSHCmd = strings.TrimSpace(r.URL.Query().Get("ssh_cmd"))
- s.Bucket = strings.TrimSpace(r.URL.Query().Get("bucket"))
- s.Endpoint = strings.TrimSpace(r.URL.Query().Get("endpoint"))
+ s.SSHCmd = r.URL.Query().Get("ssh_cmd")
+ s.Bucket = r.URL.Query().Get("bucket")
+ s.Endpoint = r.URL.Query().Get("endpoint")
s.Protocols = getCommaSeparatedQueryParam(r, "protocols")
statuses := getCommaSeparatedQueryParam(r, "statuses")
for _, status := range statuses {
@@ -118,7 +117,7 @@ func getProviderSearchParamsFromRequest(r *http.Request) (eventsearcher.Provider
return s, err
}
s.Actions = getCommaSeparatedQueryParam(r, "actions")
- s.ObjectName = strings.TrimSpace(r.URL.Query().Get("object_name"))
+ s.ObjectName = r.URL.Query().Get("object_name")
s.ObjectTypes = getCommaSeparatedQueryParam(r, "object_types")
return s, nil
}
@@ -144,7 +143,7 @@ func getLogSearchParamsFromRequest(r *http.Request) (eventsearcher.LogEventSearc
func searchFsEvents(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -177,7 +176,7 @@ func searchFsEvents(w http.ResponseWriter, r *http.Request) {
func searchProviderEvents(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -212,7 +211,7 @@ func searchProviderEvents(w http.ResponseWriter, r *http.Request) {
func searchLogEvents(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
diff --git a/internal/httpd/api_folder.go b/internal/httpd/api_folder.go
index c46d4ab3..debc8483 100644
--- a/internal/httpd/api_folder.go
+++ b/internal/httpd/api_folder.go
@@ -23,7 +23,6 @@ import (
"github.com/go-chi/render"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/util"
"github.com/drakkan/sftpgo/v2/internal/vfs"
)
@@ -46,7 +45,7 @@ func getFolders(w http.ResponseWriter, r *http.Request) {
func addFolder(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -63,12 +62,12 @@ func addFolder(w http.ResponseWriter, r *http.Request) {
return
}
w.Header().Add("Location", fmt.Sprintf("%s/%s", folderPath, url.PathEscape(folder.Name)))
- renderFolder(w, r, folder.Name, claims, http.StatusCreated)
+ renderFolder(w, r, folder.Name, &claims, http.StatusCreated)
}
func updateFolder(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -101,7 +100,7 @@ func updateFolder(w http.ResponseWriter, r *http.Request) {
sendAPIResponse(w, r, nil, "Folder updated", http.StatusOK)
}
-func renderFolder(w http.ResponseWriter, r *http.Request, name string, claims *jwt.Claims, status int) {
+func renderFolder(w http.ResponseWriter, r *http.Request, name string, claims *jwtTokenClaims, status int) {
folder, err := dataprovider.GetFolderByName(name)
if err != nil {
sendAPIResponse(w, r, err, "", getRespStatus(err))
@@ -120,18 +119,18 @@ func renderFolder(w http.ResponseWriter, r *http.Request, name string, claims *j
func getFolderByName(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
}
name := getURLParam(r, "name")
- renderFolder(w, r, name, claims, http.StatusOK)
+ renderFolder(w, r, name, &claims, http.StatusOK)
}
func deleteFolder(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
diff --git a/internal/httpd/api_group.go b/internal/httpd/api_group.go
index beae9ad2..125319d5 100644
--- a/internal/httpd/api_group.go
+++ b/internal/httpd/api_group.go
@@ -23,7 +23,6 @@ import (
"github.com/go-chi/render"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/util"
)
@@ -45,7 +44,7 @@ func getGroups(w http.ResponseWriter, r *http.Request) {
func addGroup(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -62,12 +61,12 @@ func addGroup(w http.ResponseWriter, r *http.Request) {
return
}
w.Header().Add("Location", fmt.Sprintf("%s/%s", groupPath, url.PathEscape(group.Name)))
- renderGroup(w, r, group.Name, claims, http.StatusCreated)
+ renderGroup(w, r, group.Name, &claims, http.StatusCreated)
}
func updateGroup(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -99,7 +98,7 @@ func updateGroup(w http.ResponseWriter, r *http.Request) {
sendAPIResponse(w, r, nil, "Group updated", http.StatusOK)
}
-func renderGroup(w http.ResponseWriter, r *http.Request, name string, claims *jwt.Claims, status int) {
+func renderGroup(w http.ResponseWriter, r *http.Request, name string, claims *jwtTokenClaims, status int) {
group, err := dataprovider.GroupExists(name)
if err != nil {
sendAPIResponse(w, r, err, "", getRespStatus(err))
@@ -118,18 +117,18 @@ func renderGroup(w http.ResponseWriter, r *http.Request, name string, claims *jw
func getGroupByName(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
}
name := getURLParam(r, "name")
- renderGroup(w, r, name, claims, http.StatusOK)
+ renderGroup(w, r, name, &claims, http.StatusOK)
}
func deleteGroup(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
diff --git a/internal/httpd/api_http_user.go b/internal/httpd/api_http_user.go
index 45bbd52f..26bc0063 100644
--- a/internal/httpd/api_http_user.go
+++ b/internal/httpd/api_http_user.go
@@ -31,13 +31,12 @@ import (
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/util"
)
func getUserConnection(w http.ResponseWriter, r *http.Request) (*Connection, error) {
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return nil, fmt.Errorf("invalid token claims %w", err)
@@ -50,12 +49,15 @@ func getUserConnection(w http.ResponseWriter, r *http.Request) (*Connection, err
connID := xid.New().String()
protocol := getProtocolFromRequest(r)
connectionID := fmt.Sprintf("%v_%v", protocol, connID)
- if err := checkHTTPClientUser(&user, r, connectionID, false, false); err != nil {
+ if err := checkHTTPClientUser(&user, r, connectionID, false); err != nil {
sendAPIResponse(w, r, err, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return nil, err
}
- baseConn := common.NewBaseConnection(connID, protocol, util.GetHTTPLocalAddress(r), r.RemoteAddr, user)
- connection := newConnection(baseConn, w, r)
+ connection := &Connection{
+ BaseConnection: common.NewBaseConnection(connID, protocol, util.GetHTTPLocalAddress(r),
+ r.RemoteAddr, user),
+ request: r,
+ }
if err = common.Connections.Add(connection); err != nil {
sendAPIResponse(w, r, err, "Unable to add connection", http.StatusTooManyRequests)
return connection, err
@@ -315,13 +317,6 @@ func uploadUserFiles(w http.ResponseWriter, r *http.Request) {
}
defer common.Connections.Remove(connection.GetID())
- if err := common.Connections.IsNewTransferAllowed(connection.User.Username); err != nil {
- connection.Log(logger.LevelInfo, "denying file write due to number of transfer limits")
- sendAPIResponse(w, r, err, "Denying file write due to transfer count limits",
- http.StatusConflict)
- return
- }
-
transferQuota := connection.GetTransferQuota()
if !transferQuota.HasUploadSpace() {
connection.Log(logger.LevelInfo, "denying file write due to transfer quota limits")
@@ -458,7 +453,7 @@ func getUserFilesAsZipStream(w http.ResponseWriter, r *http.Request) {
func getUserProfile(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -474,16 +469,15 @@ func getUserProfile(w http.ResponseWriter, r *http.Request) {
Description: user.Description,
AllowAPIKeyAuth: user.Filters.AllowAPIKeyAuth,
},
- AdditionalEmails: user.Filters.AdditionalEmails,
- PublicKeys: user.PublicKeys,
- TLSCerts: user.Filters.TLSCerts,
+ PublicKeys: user.PublicKeys,
+ TLSCerts: user.Filters.TLSCerts,
}
render.JSON(w, r, resp)
}
func updateUserProfile(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -514,7 +508,6 @@ func updateUserProfile(w http.ResponseWriter, r *http.Request) {
}
if userMerged.CanChangeInfo() {
user.Email = req.Email
- user.Filters.AdditionalEmails = req.AdditionalEmails
user.Description = req.Description
}
if err := dataprovider.UpdateUser(&user, dataprovider.ActionExecutorSelf, util.GetIPFromRemoteAddress(r.RemoteAddr), user.Role); err != nil {
@@ -558,7 +551,7 @@ func doChangeUserPassword(r *http.Request, currentPassword, newPassword, confirm
util.I18nErrorChangePwdNoDifferent,
)
}
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
return util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken)
}
diff --git a/internal/httpd/api_iplist.go b/internal/httpd/api_iplist.go
index d74b68d8..5c1de975 100644
--- a/internal/httpd/api_iplist.go
+++ b/internal/httpd/api_iplist.go
@@ -25,7 +25,6 @@ import (
"github.com/go-chi/render"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/util"
)
@@ -69,7 +68,7 @@ func getIPListEntry(w http.ResponseWriter, r *http.Request) {
func addIPListEntry(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -92,7 +91,7 @@ func addIPListEntry(w http.ResponseWriter, r *http.Request) {
func updateIPListEntry(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -126,7 +125,7 @@ func updateIPListEntry(w http.ResponseWriter, r *http.Request) {
func deleteIPListEntry(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
diff --git a/internal/httpd/api_keys.go b/internal/httpd/api_keys.go
index a9a3bcb2..d95d88de 100644
--- a/internal/httpd/api_keys.go
+++ b/internal/httpd/api_keys.go
@@ -23,7 +23,6 @@ import (
"github.com/go-chi/render"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/util"
)
@@ -57,7 +56,7 @@ func getAPIKeyByID(w http.ResponseWriter, r *http.Request) {
func addAPIKey(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -88,7 +87,7 @@ func addAPIKey(w http.ResponseWriter, r *http.Request) {
func updateAPIKey(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -120,7 +119,7 @@ func updateAPIKey(w http.ResponseWriter, r *http.Request) {
func deleteAPIKey(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
keyID := getURLParam(r, "id")
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
diff --git a/internal/httpd/api_maintenance.go b/internal/httpd/api_maintenance.go
index 560c702e..10347de8 100644
--- a/internal/httpd/api_maintenance.go
+++ b/internal/httpd/api_maintenance.go
@@ -29,7 +29,6 @@ import (
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/util"
"github.com/drakkan/sftpgo/v2/internal/vfs"
@@ -116,7 +115,7 @@ func dumpData(w http.ResponseWriter, r *http.Request) {
func loadDataFromRequest(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, MaxRestoreSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -144,7 +143,7 @@ func loadDataFromRequest(w http.ResponseWriter, r *http.Request) {
func loadData(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -552,10 +551,9 @@ func RestoreUsers(users []dataprovider.User, inputFile string, mode, scanQuota i
return fmt.Errorf("unable to restore user %q: %w", user.Username, err)
}
if scanQuota == 1 || (scanQuota == 2 && user.HasQuotaRestrictions()) {
- user, err = dataprovider.GetUserWithGroupSettings(user.Username, "")
- if err == nil && common.QuotaScans.AddUserQuotaScan(user.Username, user.Role) {
+ if common.QuotaScans.AddUserQuotaScan(user.Username, user.Role) {
logger.Debug(logSender, "", "starting quota scan for restored user: %q", user.Username)
- go doUserQuotaScan(&user) //nolint:errcheck
+ go doUserQuotaScan(user) //nolint:errcheck
}
}
}
diff --git a/internal/httpd/api_mfa.go b/internal/httpd/api_mfa.go
index 73df7593..0b7e282e 100644
--- a/internal/httpd/api_mfa.go
+++ b/internal/httpd/api_mfa.go
@@ -20,14 +20,12 @@ import (
"fmt"
"io"
"net/http"
- "slices"
"strconv"
"strings"
"github.com/go-chi/render"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/kms"
"github.com/drakkan/sftpgo/v2/internal/mfa"
"github.com/drakkan/sftpgo/v2/internal/util"
@@ -67,13 +65,13 @@ func getTOTPConfigs(w http.ResponseWriter, r *http.Request) {
func generateTOTPSecret(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
}
var accountName string
- if hasUserAudience(claims) {
+ if claims.hasUserAudience() {
accountName = fmt.Sprintf("User %q", claims.Username)
} else {
accountName = fmt.Sprintf("Admin %q", claims.Username)
@@ -114,7 +112,7 @@ func getQRCode(w http.ResponseWriter, r *http.Request) {
func saveTOTPConfig(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -125,7 +123,7 @@ func saveTOTPConfig(w http.ResponseWriter, r *http.Request) {
recoveryCodes = append(recoveryCodes, dataprovider.RecoveryCode{Secret: kms.NewPlainSecret(code)})
}
baseURL := webBaseClientPath
- if hasUserAudience(claims) {
+ if claims.hasUserAudience() {
if err := saveUserTOTPConfig(claims.Username, r, recoveryCodes); err != nil {
sendAPIResponse(w, r, err, "", getRespStatus(err))
return
@@ -140,7 +138,8 @@ func saveTOTPConfig(w http.ResponseWriter, r *http.Request) {
if claims.MustSetTwoFactorAuth {
// force logout
defer func() {
- removeCookie(w, r, baseURL)
+ c := jwtTokenClaims{}
+ c.removeCookie(w, r, baseURL)
}()
}
@@ -165,14 +164,14 @@ func validateTOTPPasscode(w http.ResponseWriter, r *http.Request) {
func getRecoveryCodes(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
}
recoveryCodes := make([]recoveryCode, 0, 12)
var accountRecoveryCodes []dataprovider.RecoveryCode
- if hasUserAudience(claims) {
+ if claims.hasUserAudience() {
user, err := dataprovider.UserExists(claims.Username, "")
if err != nil {
sendAPIResponse(w, r, err, "", getRespStatus(err))
@@ -211,7 +210,7 @@ func getRecoveryCodes(w http.ResponseWriter, r *http.Request) {
func generateRecoveryCodes(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -223,7 +222,7 @@ func generateRecoveryCodes(w http.ResponseWriter, r *http.Request) {
recoveryCodes = append(recoveryCodes, code)
accountRecoveryCodes = append(accountRecoveryCodes, dataprovider.RecoveryCode{Secret: kms.NewPlainSecret(code)})
}
- if hasUserAudience(claims) {
+ if claims.hasUserAudience() {
user, err := dataprovider.UserExists(claims.Username, "")
if err != nil {
sendAPIResponse(w, r, err, "", getRespStatus(err))
@@ -277,7 +276,7 @@ func saveUserTOTPConfig(username string, r *http.Request, recoveryCodes []datapr
return util.NewValidationError("two-factor authentication must be enabled")
}
for _, p := range userMerged.Filters.TwoFactorAuthProtocols {
- if !slices.Contains(user.Filters.TOTPConfig.Protocols, p) {
+ if !util.Contains(user.Filters.TOTPConfig.Protocols, p) {
return util.NewValidationError(fmt.Sprintf("totp: the following protocols are required: %q",
strings.Join(userMerged.Filters.TwoFactorAuthProtocols, ", ")))
}
diff --git a/internal/httpd/api_quota.go b/internal/httpd/api_quota.go
index db339e39..de6ff8bb 100644
--- a/internal/httpd/api_quota.go
+++ b/internal/httpd/api_quota.go
@@ -23,7 +23,6 @@ import (
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/vfs"
)
@@ -45,7 +44,7 @@ type transferQuotaUsage struct {
func getUsersQuotaScans(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -92,7 +91,7 @@ func startFolderQuotaScan(w http.ResponseWriter, r *http.Request) {
func updateUserTransferQuotaUsage(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -133,7 +132,7 @@ func updateUserTransferQuotaUsage(w http.ResponseWriter, r *http.Request) {
}
func doUpdateUserQuotaUsage(w http.ResponseWriter, r *http.Request, username string, usage quotaUsage) {
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -205,7 +204,7 @@ func doStartUserQuotaScan(w http.ResponseWriter, r *http.Request, username strin
sendAPIResponse(w, r, nil, "Quota tracking is disabled!", http.StatusForbidden)
return
}
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -220,7 +219,7 @@ func doStartUserQuotaScan(w http.ResponseWriter, r *http.Request, username strin
http.StatusConflict)
return
}
- go doUserQuotaScan(&user) //nolint:errcheck
+ go doUserQuotaScan(user) //nolint:errcheck
sendAPIResponse(w, r, err, "Scan started", http.StatusAccepted)
}
@@ -243,14 +242,14 @@ func doStartFolderQuotaScan(w http.ResponseWriter, r *http.Request, name string)
sendAPIResponse(w, r, err, "Scan started", http.StatusAccepted)
}
-func doUserQuotaScan(user *dataprovider.User) error {
+func doUserQuotaScan(user dataprovider.User) error {
defer common.QuotaScans.RemoveUserQuotaScan(user.Username)
numFiles, size, err := user.ScanQuota()
if err != nil {
logger.Warn(logSender, "", "error scanning user quota %q: %v", user.Username, err)
return err
}
- err = dataprovider.UpdateUserQuota(user, numFiles, size, true)
+ err = dataprovider.UpdateUserQuota(&user, numFiles, size, true)
logger.Debug(logSender, "", "user quota scanned, user: %q, error: %v", user.Username, err)
return err
}
diff --git a/internal/httpd/api_retention.go b/internal/httpd/api_retention.go
index 1502a327..a47a1119 100644
--- a/internal/httpd/api_retention.go
+++ b/internal/httpd/api_retention.go
@@ -15,20 +15,67 @@
package httpd
import (
+ "fmt"
"net/http"
"github.com/go-chi/render"
"github.com/drakkan/sftpgo/v2/internal/common"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
+ "github.com/drakkan/sftpgo/v2/internal/dataprovider"
)
func getRetentionChecks(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
}
render.JSON(w, r, common.RetentionChecks.Get(claims.Role))
}
+
+func startRetentionCheck(w http.ResponseWriter, r *http.Request) {
+ r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
+ claims, err := getTokenClaims(r)
+ if err != nil || claims.Username == "" {
+ sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
+ return
+ }
+ username := getURLParam(r, "username")
+ user, err := dataprovider.GetUserWithGroupSettings(username, claims.Role)
+ if err != nil {
+ sendAPIResponse(w, r, err, "", getRespStatus(err))
+ return
+ }
+ var check common.RetentionCheck
+
+ err = render.DecodeJSON(r.Body, &check.Folders)
+ if err != nil {
+ sendAPIResponse(w, r, err, "", http.StatusBadRequest)
+ return
+ }
+
+ check.Notifications = getCommaSeparatedQueryParam(r, "notifications")
+ for _, notification := range check.Notifications {
+ if notification == common.RetentionCheckNotificationEmail {
+ admin, err := dataprovider.AdminExists(claims.Username)
+ if err != nil {
+ sendAPIResponse(w, r, err, "", getRespStatus(err))
+ return
+ }
+ check.Email = admin.Email
+ }
+ }
+ if err := check.Validate(); err != nil {
+ sendAPIResponse(w, r, err, "Invalid retention check", http.StatusBadRequest)
+ return
+ }
+ c := common.RetentionChecks.Add(check, &user)
+ if c == nil {
+ sendAPIResponse(w, r, err, fmt.Sprintf("Another check is already in progress for user %q", username),
+ http.StatusConflict)
+ return
+ }
+ go c.Start() //nolint:errcheck
+ sendAPIResponse(w, r, err, "Check started", http.StatusAccepted)
+}
diff --git a/internal/httpd/api_role.go b/internal/httpd/api_role.go
index d8840155..6e9a23ee 100644
--- a/internal/httpd/api_role.go
+++ b/internal/httpd/api_role.go
@@ -23,7 +23,6 @@ import (
"github.com/go-chi/render"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/util"
)
@@ -45,7 +44,7 @@ func getRoles(w http.ResponseWriter, r *http.Request) {
func addRole(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -68,7 +67,7 @@ func addRole(w http.ResponseWriter, r *http.Request) {
func updateRole(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -120,7 +119,7 @@ func getRoleByName(w http.ResponseWriter, r *http.Request) {
func deleteRole(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
diff --git a/internal/httpd/api_shares.go b/internal/httpd/api_shares.go
index 1ea1542e..6704a515 100644
--- a/internal/httpd/api_shares.go
+++ b/internal/httpd/api_shares.go
@@ -22,24 +22,23 @@ import (
"net/url"
"os"
"path"
- "slices"
"strings"
"time"
+ "github.com/go-chi/jwtauth/v5"
"github.com/go-chi/render"
"github.com/rs/xid"
"github.com/sftpgo/sdk"
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/util"
)
func getShares(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -59,7 +58,7 @@ func getShares(w http.ResponseWriter, r *http.Request) {
func getShareByID(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -77,7 +76,7 @@ func getShareByID(w http.ResponseWriter, r *http.Request) {
func addShare(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -108,7 +107,7 @@ func addShare(w http.ResponseWriter, r *http.Request) {
share.Name = share.ShareID
}
if share.Password == "" {
- if slices.Contains(claims.Permissions, sdk.WebClientShareNoPasswordDisabled) {
+ if util.Contains(claims.Permissions, sdk.WebClientShareNoPasswordDisabled) {
sendAPIResponse(w, r, nil, "You are not authorized to share files/folders without a password",
http.StatusForbidden)
return
@@ -126,7 +125,7 @@ func addShare(w http.ResponseWriter, r *http.Request) {
func updateShare(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -156,7 +155,7 @@ func updateShare(w http.ResponseWriter, r *http.Request) {
updatedShare.Password = share.Password
}
if updatedShare.Password == "" {
- if slices.Contains(claims.Permissions, sdk.WebClientShareNoPasswordDisabled) {
+ if util.Contains(claims.Permissions, sdk.WebClientShareNoPasswordDisabled) {
sendAPIResponse(w, r, nil, "You are not authorized to share files/folders without a password",
http.StatusForbidden)
return
@@ -177,7 +176,7 @@ func updateShare(w http.ResponseWriter, r *http.Request) {
func deleteShare(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
shareID := getURLParam(r, "id")
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -380,12 +379,6 @@ func (s *httpdServer) uploadFilesToShare(w http.ResponseWriter, r *http.Request)
if err != nil {
return
}
- if err := common.Connections.IsNewTransferAllowed(connection.User.Username); err != nil {
- connection.Log(logger.LevelInfo, "denying file write due to number of transfer limits")
- sendAPIResponse(w, r, err, "Denying file write due to transfer count limits",
- http.StatusConflict)
- return
- }
transferQuota := connection.GetTransferQuota()
if !transferQuota.HasUploadSpace() {
@@ -432,41 +425,36 @@ func (s *httpdServer) uploadFilesToShare(w http.ResponseWriter, r *http.Request)
}
}
-func (s *httpdServer) getShareClaims(r *http.Request, shareID string) (context.Context, *jwt.Claims, error) {
- token, err := jwt.VerifyRequest(s.tokenAuth, r, jwt.TokenFromCookie)
- if err != nil || token == nil {
- return nil, nil, errInvalidToken
- }
- tokenString := jwt.TokenFromCookie(r)
- if tokenString == "" || invalidatedJWTTokens.Get(tokenString) {
- return nil, nil, errInvalidToken
- }
- if !token.Audience.Contains(tokenAudienceWebShare) {
- logger.Debug(logSender, "", "invalid token audience for share %q", shareID)
- return nil, nil, errInvalidToken
- }
- ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := validateIPForToken(token, ipAddr); err != nil {
- logger.Debug(logSender, "", "token for share %q is not valid for the ip address %q", shareID, ipAddr)
- return nil, nil, err
- }
- if token.Username != shareID {
- logger.Debug(logSender, "", "token not valid for share %q", shareID)
- return nil, nil, errInvalidToken
- }
- ctx := jwt.NewContext(r.Context(), token, nil)
- return ctx, token, nil
-}
-
func (s *httpdServer) checkWebClientShareCredentials(w http.ResponseWriter, r *http.Request, share *dataprovider.Share) error {
doRedirect := func() {
redirectURL := path.Join(webClientPubSharesPath, share.ShareID, fmt.Sprintf("login?next=%s", url.QueryEscape(r.RequestURI)))
http.Redirect(w, r, redirectURL, http.StatusFound)
}
- if _, _, err := s.getShareClaims(r, share.ShareID); err != nil {
+ token, err := jwtauth.VerifyRequest(s.tokenAuth, r, jwtauth.TokenFromCookie)
+ if err != nil || token == nil {
doRedirect()
- return err
+ return errInvalidToken
+ }
+ if !util.Contains(token.Audience(), tokenAudienceWebShare) {
+ logger.Debug(logSender, "", "invalid token audience for share %q", share.ShareID)
+ doRedirect()
+ return errInvalidToken
+ }
+ if tokenValidationMode != tokenValidationNoIPMatch {
+ ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
+ if !util.Contains(token.Audience(), ipAddr) {
+ logger.Debug(logSender, "", "token for share %q is not valid for the ip address %q", share.ShareID, ipAddr)
+ doRedirect()
+ return errInvalidToken
+ }
+ }
+ ctx := jwtauth.NewContext(r.Context(), token, nil)
+ claims, err := getTokenClaims(r.WithContext(ctx))
+ if err != nil || claims.Username != share.ShareID {
+ logger.Debug(logSender, "", "token not valid for share %q", share.ShareID)
+ doRedirect()
+ return errInvalidToken
}
return nil
}
@@ -492,7 +480,7 @@ func (s *httpdServer) checkPublicShare(w http.ResponseWriter, r *http.Request, v
renderError(err, "", statusCode)
return share, nil, err
}
- if !slices.Contains(validScopes, share.Scope) {
+ if !util.Contains(validScopes, share.Scope) {
err := errors.New("invalid share scope")
renderError(util.NewI18nError(err, util.I18nErrorShareScope), "", http.StatusForbidden)
return share, nil, err
@@ -506,6 +494,7 @@ func (s *httpdServer) checkPublicShare(w http.ResponseWriter, r *http.Request, v
if share.Password != "" {
if isWebClient {
if err := s.checkWebClientShareCredentials(w, r, &share); err != nil {
+ handleDefenderEventLoginFailed(ipAddr, err) //nolint:errcheck
return share, nil, dataprovider.ErrInvalidCredentials
}
} else {
@@ -531,8 +520,11 @@ func (s *httpdServer) checkPublicShare(w http.ResponseWriter, r *http.Request, v
return share, nil, err
}
connID := xid.New().String()
- baseConn := common.NewBaseConnection(connID, common.ProtocolHTTPShare, util.GetHTTPLocalAddress(r), r.RemoteAddr, user)
- connection := newConnection(baseConn, w, r)
+ connection := &Connection{
+ BaseConnection: common.NewBaseConnection(connID, common.ProtocolHTTPShare, util.GetHTTPLocalAddress(r),
+ r.RemoteAddr, user),
+ request: r,
+ }
return share, connection, nil
}
@@ -545,7 +537,7 @@ func getUserForShare(share dataprovider.Share) (dataprovider.User, error) {
if !user.CanManageShares() {
return user, util.NewI18nError(util.NewRecordNotFoundError("this share does not exist"), util.I18nError404Message)
}
- if share.Password == "" && slices.Contains(user.Filters.WebClient, sdk.WebClientShareNoPasswordDisabled) {
+ if share.Password == "" && util.Contains(user.Filters.WebClient, sdk.WebClientShareNoPasswordDisabled) {
return user, util.NewI18nError(
fmt.Errorf("sharing without a password was disabled: %w", os.ErrPermission),
util.I18nError403Message,
diff --git a/internal/httpd/api_user.go b/internal/httpd/api_user.go
index 4af45f30..7b55082a 100644
--- a/internal/httpd/api_user.go
+++ b/internal/httpd/api_user.go
@@ -27,7 +27,6 @@ import (
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/smtp"
"github.com/drakkan/sftpgo/v2/internal/util"
@@ -40,7 +39,7 @@ func getUsers(w http.ResponseWriter, r *http.Request) {
if err != nil {
return
}
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -56,16 +55,16 @@ func getUsers(w http.ResponseWriter, r *http.Request) {
func getUserByUsername(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
}
username := getURLParam(r, "username")
- renderUser(w, r, username, claims, http.StatusOK)
+ renderUser(w, r, username, &claims, http.StatusOK)
}
-func renderUser(w http.ResponseWriter, r *http.Request, username string, claims *jwt.Claims, status int) {
+func renderUser(w http.ResponseWriter, r *http.Request, username string, claims *jwtTokenClaims, status int) {
user, err := dataprovider.UserExists(username, claims.Role)
if err != nil {
sendAPIResponse(w, r, err, "", getRespStatus(err))
@@ -85,7 +84,7 @@ func renderUser(w http.ResponseWriter, r *http.Request, username string, claims
func addUser(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -118,12 +117,12 @@ func addUser(w http.ResponseWriter, r *http.Request) {
return
}
w.Header().Add("Location", fmt.Sprintf("%s/%s", userPath, url.PathEscape(user.Username)))
- renderUser(w, r, user.Username, claims, http.StatusCreated)
+ renderUser(w, r, user.Username, &claims, http.StatusCreated)
}
func disableUser2FA(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -151,7 +150,7 @@ func disableUser2FA(w http.ResponseWriter, r *http.Request) {
func updateUser(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -203,7 +202,7 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
func deleteUser(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -265,9 +264,7 @@ func disconnectUser(username, admin, role string) {
logger.Warn(logSender, "", "unable to disconnect user %q, error getting node %q: %v", username, stat.Node, err)
continue
}
- perms := []string{dataprovider.PermAdminCloseConnections}
- uri := fmt.Sprintf("%s/%s", activeConnectionsPath, stat.ConnectionID)
- if err := n.SendDeleteRequest(admin, role, uri, perms); err != nil {
+ if err := n.SendDeleteRequest(admin, role, fmt.Sprintf("%s/%s", activeConnectionsPath, stat.ConnectionID)); err != nil {
logger.Warn(logSender, "", "unable to disconnect user %q from node %q, error: %v", username, n.Name, err)
}
}
@@ -281,9 +278,6 @@ func updateEncryptedSecrets(fsConfig *vfs.Filesystem, currentFsConfig *vfs.Files
if fsConfig.S3Config.AccessSecret.IsNotPlainAndNotEmpty() {
fsConfig.S3Config.AccessSecret = currentFsConfig.S3Config.AccessSecret
}
- if fsConfig.S3Config.SSECustomerKey.IsNotPlainAndNotEmpty() {
- fsConfig.S3Config.SSECustomerKey = currentFsConfig.S3Config.SSECustomerKey
- }
case sdk.AzureBlobFilesystemProvider:
if fsConfig.AzBlobConfig.AccountKey.IsNotPlainAndNotEmpty() {
fsConfig.AzBlobConfig.AccountKey = currentFsConfig.AzBlobConfig.AccountKey
diff --git a/internal/httpd/api_utils.go b/internal/httpd/api_utils.go
index cef57b53..fa4bac08 100644
--- a/internal/httpd/api_utils.go
+++ b/internal/httpd/api_utils.go
@@ -27,7 +27,6 @@ import (
"net/url"
"os"
"path"
- "slices"
"strconv"
"strings"
"sync"
@@ -42,7 +41,6 @@ import (
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/metric"
"github.com/drakkan/sftpgo/v2/internal/plugin"
@@ -73,9 +71,8 @@ type adminProfile struct {
type userProfile struct {
baseProfile
- AdditionalEmails []string `json:"additional_emails,omitempty"`
- PublicKeys []string `json:"public_keys,omitempty"`
- TLSCerts []string `json:"tls_certs,omitempty"`
+ PublicKeys []string `json:"public_keys,omitempty"`
+ TLSCerts []string `json:"tls_certs,omitempty"`
}
func sendAPIResponse(w http.ResponseWriter, r *http.Request, err error, message string, code int) {
@@ -162,7 +159,7 @@ func getURLPath(r *http.Request) string {
func getCommaSeparatedQueryParam(r *http.Request, key string) []string {
var result []string
- for val := range strings.SplitSeq(r.URL.Query().Get(key), ",") {
+ for _, val := range strings.Split(r.URL.Query().Get(key), ",") {
val = strings.TrimSpace(val)
if val != "" {
result = append(result, val)
@@ -178,7 +175,7 @@ func getBoolQueryParam(r *http.Request, param string) bool {
func getActiveConnections(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -192,7 +189,7 @@ func getActiveConnections(w http.ResponseWriter, r *http.Request) {
func handleCloseConnection(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -218,9 +215,7 @@ func handleCloseConnection(w http.ResponseWriter, r *http.Request) {
sendAPIResponse(w, r, nil, http.StatusText(status), status)
return
}
- perms := []string{dataprovider.PermAdminCloseConnections}
- uri := fmt.Sprintf("%s/%s", activeConnectionsPath, connectionID)
- if err := n.SendDeleteRequest(claims.Username, claims.Role, uri, perms); err != nil {
+ if err := n.SendDeleteRequest(claims.Username, claims.Role, fmt.Sprintf("%s/%s", activeConnectionsPath, connectionID)); err != nil {
logger.Warn(logSender, "", "unable to delete connection id %q from node %q: %v", connectionID, n.Name, err)
sendAPIResponse(w, r, nil, "Not Found", http.StatusNotFound)
return
@@ -246,8 +241,7 @@ func getNodesConnections(admin, role string) []common.ConnectionStatus {
defer wg.Done()
var stats []common.ConnectionStatus
- perms := []string{dataprovider.PermAdminViewConnections}
- if err := node.SendGetRequest(admin, role, activeConnectionsPath, perms, &stats); err != nil {
+ if err := node.SendGetRequest(admin, role, activeConnectionsPath, &stats); err != nil {
logger.Warn(logSender, "", "unable to get connections from node %s: %v", node.Name, err)
return
}
@@ -369,16 +363,6 @@ func streamJSONArray(w http.ResponseWriter, chunkSize int, dataGetter func(limit
streamData(w, []byte("]"))
}
-func renderPNGImage(w http.ResponseWriter, r *http.Request, b []byte) {
- if len(b) == 0 {
- ctx := context.WithValue(r.Context(), render.StatusCtxKey, http.StatusNotFound)
- render.PlainText(w, r.WithContext(ctx), http.StatusText(http.StatusNotFound))
- return
- }
- w.Header().Set("Content-Type", "image/png")
- streamData(w, b)
-}
-
func getCompressedFileName(username string, files []string) string {
if len(files) == 1 {
name := path.Base(files[0])
@@ -400,7 +384,7 @@ func renderCompressedFiles(w http.ResponseWriter, conn *Connection, baseDir stri
for _, file := range files {
fullPath := util.CleanPath(path.Join(baseDir, file))
- if err := addZipEntry(wr, conn, fullPath, baseDir, nil, 0); err != nil {
+ if err := addZipEntry(wr, conn, fullPath, baseDir, 0); err != nil {
if share != nil {
dataprovider.UpdateShareLastUse(share, -1) //nolint:errcheck
}
@@ -416,19 +400,16 @@ func renderCompressedFiles(w http.ResponseWriter, conn *Connection, baseDir stri
}
}
-func addZipEntry(wr *zip.Writer, conn *Connection, entryPath, baseDir string, info os.FileInfo, recursion int) error {
+func addZipEntry(wr *zip.Writer, conn *Connection, entryPath, baseDir string, recursion int) error {
if recursion >= util.MaxRecursion {
conn.Log(logger.LevelDebug, "unable to add zip entry %q, recursion too depth: %d", entryPath, recursion)
return util.ErrRecursionTooDeep
}
recursion++
- var err error
- if info == nil {
- info, err = conn.Stat(entryPath, 1)
- if err != nil {
- conn.Log(logger.LevelDebug, "unable to add zip entry %q, stat error: %v", entryPath, err)
- return err
- }
+ info, err := conn.Stat(entryPath, 1)
+ if err != nil {
+ conn.Log(logger.LevelDebug, "unable to add zip entry %q, stat error: %v", entryPath, err)
+ return err
}
entryName, err := getZipEntryName(entryPath, baseDir)
if err != nil {
@@ -460,7 +441,7 @@ func addZipEntry(wr *zip.Writer, conn *Connection, entryPath, baseDir string, in
}
for _, info := range contents {
fullPath := util.CleanPath(path.Join(entryPath, info.Name()))
- if err := addZipEntry(wr, conn, fullPath, baseDir, info, recursion); err != nil {
+ if err := addZipEntry(wr, conn, fullPath, baseDir, recursion); err != nil {
return err
}
}
@@ -710,7 +691,7 @@ func handleDefenderEventLoginFailed(ipAddr string, err error) error {
return err
}
-func updateLoginMetrics(user *dataprovider.User, loginMethod, ip string, err error, r *http.Request) {
+func updateLoginMetrics(user *dataprovider.User, loginMethod, ip string, err error) {
metric.AddLoginAttempt(loginMethod)
var protocol string
switch loginMethod {
@@ -720,7 +701,6 @@ func updateLoginMetrics(user *dataprovider.User, loginMethod, ip string, err err
protocol = common.ProtocolHTTP
}
if err == nil {
- logger.LoginLog(user.Username, ip, loginMethod, protocol, "", r.UserAgent(), r.TLS != nil, "")
plugin.Handler.NotifyLogEvent(notifier.LogEventTypeLoginOK, protocol, user.Username, ip, "", nil)
common.DelayLogin(nil)
} else if err != common.ErrInternalFailure && err != common.ErrNoCredentials {
@@ -736,15 +716,15 @@ func updateLoginMetrics(user *dataprovider.User, loginMethod, ip string, err err
dataprovider.ExecutePostLoginHook(user, loginMethod, ip, protocol, err)
}
-func checkHTTPClientUser(user *dataprovider.User, r *http.Request, connectionID string, checkSessions, isOIDCLogin bool) error {
- if slices.Contains(user.Filters.DeniedProtocols, common.ProtocolHTTP) {
+func checkHTTPClientUser(user *dataprovider.User, r *http.Request, connectionID string, checkSessions bool) error {
+ if util.Contains(user.Filters.DeniedProtocols, common.ProtocolHTTP) {
logger.Info(logSender, connectionID, "cannot login user %q, protocol HTTP is not allowed", user.Username)
return util.NewI18nError(
fmt.Errorf("protocol HTTP is not allowed for user %q", user.Username),
util.I18nErrorProtocolForbidden,
)
}
- if !isLoggedInWithOIDC(r) && !isOIDCLogin && !user.IsLoginMethodAllowed(dataprovider.LoginMethodPassword, common.ProtocolHTTP) {
+ if !isLoggedInWithOIDC(r) && !user.IsLoginMethodAllowed(dataprovider.LoginMethodPassword, common.ProtocolHTTP) {
logger.Info(logSender, connectionID, "cannot login user %q, password login method is not allowed", user.Username)
return util.NewI18nError(
fmt.Errorf("login method password is not allowed for user %q", user.Username),
@@ -788,15 +768,14 @@ func getActiveUser(username string, r *http.Request) (dataprovider.User, error)
if err := user.CheckLoginConditions(); err != nil {
return user, util.NewRecordNotFoundError(fmt.Sprintf("user %q cannot login: %v", username, err))
}
- if err := checkHTTPClientUser(&user, r, xid.New().String(), false, false); err != nil {
+ if err := checkHTTPClientUser(&user, r, xid.New().String(), false); err != nil {
return user, util.NewRecordNotFoundError(fmt.Sprintf("user %q cannot login: %v", username, err))
}
return user, nil
}
func handleForgotPassword(r *http.Request, username string, isAdmin bool) error {
- var emails []string
- var subject string
+ var email, subject string
var err error
var admin dataprovider.Admin
var user dataprovider.User
@@ -806,13 +785,11 @@ func handleForgotPassword(r *http.Request, username string, isAdmin bool) error
}
if isAdmin {
admin, err = getActiveAdmin(username, util.GetIPFromRemoteAddress(r.RemoteAddr))
- if admin.Email != "" {
- emails = []string{admin.Email}
- }
+ email = admin.Email
subject = fmt.Sprintf("Email Verification Code for admin %q", username)
} else {
user, err = getActiveUser(username, r)
- emails = user.GetEmailAddresses()
+ email = user.Email
subject = fmt.Sprintf("Email Verification Code for user %q", username)
if err == nil {
if !isUserAllowedToResetPassword(r, &user) {
@@ -833,7 +810,7 @@ func handleForgotPassword(r *http.Request, username string, isAdmin bool) error
}
return util.NewI18nError(util.NewGenericError("Error retrieving your account, please try again later"), util.I18nErrorGetUser)
}
- if len(emails) == 0 {
+ if email == "" {
return util.NewI18nError(
util.NewValidationError("Your account does not have an email address, it is not possible to reset your password by sending an email verification code"),
util.I18nErrorPwdResetNoEmail,
@@ -848,7 +825,7 @@ func handleForgotPassword(r *http.Request, username string, isAdmin bool) error
return util.NewGenericError("Unable to render password reset template")
}
startTime := time.Now()
- if err := smtp.SendEmail(emails, nil, subject, body.String(), smtp.EmailContentTypeTextHTML); err != nil {
+ if err := smtp.SendEmail([]string{email}, nil, subject, body.String(), smtp.EmailContentTypeTextHTML); err != nil {
logger.Warn(logSender, middleware.GetReqID(r.Context()), "unable to send password reset code via email: %v, elapsed: %v",
err, time.Since(startTime))
return util.NewI18nError(
@@ -856,8 +833,8 @@ func handleForgotPassword(r *http.Request, username string, isAdmin bool) error
util.I18nErrorPwdResetSendEmail,
)
}
- logger.Debug(logSender, middleware.GetReqID(r.Context()), "reset code sent via email to %q, emails: %+v, is admin? %v, elapsed: %v",
- username, emails, isAdmin, time.Since(startTime))
+ logger.Debug(logSender, middleware.GetReqID(r.Context()), "reset code sent via email to %q, email: %q, is admin? %v, elapsed: %v",
+ username, email, isAdmin, time.Since(startTime))
return resetCodesMgr.Add(c)
}
@@ -925,7 +902,7 @@ func isUserAllowedToResetPassword(r *http.Request, user *dataprovider.User) bool
if !user.CanResetPassword() {
return false
}
- if slices.Contains(user.Filters.DeniedProtocols, common.ProtocolHTTP) {
+ if util.Contains(user.Filters.DeniedProtocols, common.ProtocolHTTP) {
return false
}
if !user.IsLoginMethodAllowed(dataprovider.LoginMethodPassword, common.ProtocolHTTP) {
@@ -944,18 +921,9 @@ func getProtocolFromRequest(r *http.Request) string {
return common.ProtocolHTTP
}
-func hideConfidentialData(claims *jwt.Claims, r *http.Request) bool {
- if !claims.HasPerm(dataprovider.PermAdminAny) {
+func hideConfidentialData(claims *jwtTokenClaims, r *http.Request) bool {
+ if !claims.hasPerm(dataprovider.PermAdminAny) {
return true
}
return r.URL.Query().Get("confidential_data") != "1"
}
-
-func responseControllerDeadlines(rc *http.ResponseController, read, write time.Time) {
- if err := rc.SetReadDeadline(read); err != nil {
- logger.Error(logSender, "", "unable to set read timeout to %s: %v", read, err)
- }
- if err := rc.SetWriteDeadline(write); err != nil {
- logger.Error(logSender, "", "unable to set write timeout to %s: %v", write, err)
- }
-}
diff --git a/internal/httpd/auth_utils.go b/internal/httpd/auth_utils.go
index ecd9ce86..3cfaeb53 100644
--- a/internal/httpd/auth_utils.go
+++ b/internal/httpd/auth_utils.go
@@ -15,14 +15,16 @@
package httpd
import (
- "crypto/rand"
"errors"
"fmt"
"net/http"
"time"
+ "github.com/go-chi/jwtauth/v5"
+ "github.com/lestrrat-go/jwx/v2/jwt"
+ "github.com/rs/xid"
+
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/util"
)
@@ -39,123 +41,243 @@ const (
tokenAudienceAPIUser tokenAudience = "APIUser"
tokenAudienceCSRF tokenAudience = "CSRF"
tokenAudienceOAuth2 tokenAudience = "OAuth2"
- tokenAudienceWebLogin tokenAudience = "WebLogin"
+)
+
+type tokenValidation = int
+
+const (
+ tokenValidationFull = iota
+ tokenValidationNoIPMatch tokenValidation = iota
)
const (
- tokenValidationModeDefault = 0
- tokenValidationModeNoIPMatch = 1
- tokenValidationModeUserSignature = 2
-)
-
-const (
- basicRealm = "Basic realm=\"SFTPGo\""
+ claimUsernameKey = "username"
+ claimPermissionsKey = "permissions"
+ claimRole = "role"
+ claimAPIKey = "api_key"
+ claimNodeID = "node_id"
+ claimMustChangePasswordKey = "chpwd"
+ claimMustSetSecondFactorKey = "2fa_required"
+ claimRequiredTwoFactorProtocols = "2fa_protos"
+ claimHideUserPageSection = "hus"
+ basicRealm = "Basic realm=\"SFTPGo\""
+ jwtCookieKey = "jwt"
)
var (
- apiTokenDuration = 20 * time.Minute
- cookieTokenDuration = 20 * time.Minute
- shareTokenDuration = 2 * time.Hour
+ tokenDuration = 20 * time.Minute
+ shareTokenDuration = 2 * time.Hour
// csrf token duration is greater than normal token duration to reduce issues
// with the login form
- csrfTokenDuration = 4 * time.Hour
- cookieRefreshThreshold = 10 * time.Minute
- maxTokenDuration = 12 * time.Hour
- tokenValidationMode = tokenValidationModeDefault
+ csrfTokenDuration = 6 * time.Hour
+ tokenRefreshThreshold = 10 * time.Minute
+ tokenValidationMode = tokenValidationFull
)
-func isTokenDurationValid(minutes int) bool {
- return minutes >= 1 && minutes <= 720
+type jwtTokenClaims struct {
+ Username string
+ Permissions []string
+ Role string
+ Signature string
+ Audience []string
+ APIKeyID string
+ NodeID string
+ MustSetTwoFactorAuth bool
+ MustChangePassword bool
+ RequiredTwoFactorProtocols []string
+ HideUserPageSections int
}
-func updateTokensDuration(api, cookie, share int) {
- if isTokenDurationValid(api) {
- apiTokenDuration = time.Duration(api) * time.Minute
- }
- if isTokenDurationValid(cookie) {
- cookieTokenDuration = time.Duration(cookie) * time.Minute
- cookieRefreshThreshold = cookieTokenDuration / 2
- if cookieTokenDuration > csrfTokenDuration {
- csrfTokenDuration = cookieTokenDuration
+func (c *jwtTokenClaims) hasUserAudience() bool {
+ for _, audience := range c.Audience {
+ if audience == tokenAudienceWebClient || audience == tokenAudienceAPIUser {
+ return true
}
}
- if isTokenDurationValid(share) {
- shareTokenDuration = time.Duration(share) * time.Minute
- }
- logger.Debug(logSender, "", "API token duration %s, cookie token duration %s, cookie refresh threshold %s, share token duration %s, csrf token duration %s",
- apiTokenDuration, cookieTokenDuration, cookieRefreshThreshold, shareTokenDuration, csrfTokenDuration)
+
+ return false
}
-func getTokenDuration(audience tokenAudience) time.Duration {
- switch audience {
- case tokenAudienceWebShare:
- return shareTokenDuration
- case tokenAudienceWebLogin, tokenAudienceCSRF:
- return csrfTokenDuration
- case tokenAudienceAPI, tokenAudienceAPIUser:
- return apiTokenDuration
- case tokenAudienceWebAdmin, tokenAudienceWebClient:
- return cookieTokenDuration
- case tokenAudienceWebAdminPartial, tokenAudienceWebClientPartial, tokenAudienceOAuth2:
- return 5 * time.Minute
+func (c *jwtTokenClaims) asMap() map[string]any {
+ claims := make(map[string]any)
+
+ claims[claimUsernameKey] = c.Username
+ claims[claimPermissionsKey] = c.Permissions
+ if c.Role != "" {
+ claims[claimRole] = c.Role
+ }
+ if c.APIKeyID != "" {
+ claims[claimAPIKey] = c.APIKeyID
+ }
+ if c.NodeID != "" {
+ claims[claimNodeID] = c.NodeID
+ }
+ claims[jwt.SubjectKey] = c.Signature
+ if c.MustChangePassword {
+ claims[claimMustChangePasswordKey] = c.MustChangePassword
+ }
+ if c.MustSetTwoFactorAuth {
+ claims[claimMustSetSecondFactorKey] = c.MustSetTwoFactorAuth
+ }
+ if len(c.RequiredTwoFactorProtocols) > 0 {
+ claims[claimRequiredTwoFactorProtocols] = c.RequiredTwoFactorProtocols
+ }
+ if c.HideUserPageSections > 0 {
+ claims[claimHideUserPageSection] = c.HideUserPageSections
+ }
+
+ return claims
+}
+
+func (c *jwtTokenClaims) decodeSliceString(val any) []string {
+ switch v := val.(type) {
+ case []any:
+ result := make([]string, 0, len(v))
+ for _, elem := range v {
+ switch elemValue := elem.(type) {
+ case string:
+ result = append(result, elemValue)
+ }
+ }
+ return result
+ case []string:
+ return v
default:
- logger.Error(logSender, "", "token duration not handled for audience: %q", audience)
- return 20 * time.Minute
+ return nil
}
}
-func getMaxCookieDuration() time.Duration {
- result := csrfTokenDuration
- if shareTokenDuration > result {
- result = shareTokenDuration
+func (c *jwtTokenClaims) decodeBoolean(val any) bool {
+ switch v := val.(type) {
+ case bool:
+ return v
+ default:
+ return false
}
- if cookieTokenDuration > result {
- result = cookieTokenDuration
- }
- return result
}
-func hasUserAudience(claims *jwt.Claims) bool {
- return claims.HasAnyAudience([]string{tokenAudienceWebClient, tokenAudienceAPIUser})
+func (c *jwtTokenClaims) decodeString(val any) string {
+ switch v := val.(type) {
+ case string:
+ return v
+ default:
+ return ""
+ }
}
-func createAndSetCookie(w http.ResponseWriter, r *http.Request, claims *jwt.Claims, tokenAuth *jwt.Signer,
+func (c *jwtTokenClaims) Decode(token map[string]any) {
+ c.Permissions = nil
+ c.Username = c.decodeString(token[claimUsernameKey])
+ c.Signature = c.decodeString(token[jwt.SubjectKey])
+
+ audience := token[jwt.AudienceKey]
+ switch v := audience.(type) {
+ case []string:
+ c.Audience = v
+ }
+
+ if val, ok := token[claimAPIKey]; ok {
+ c.APIKeyID = c.decodeString(val)
+ }
+
+ if val, ok := token[claimNodeID]; ok {
+ c.NodeID = c.decodeString(val)
+ }
+
+ if val, ok := token[claimRole]; ok {
+ c.Role = c.decodeString(val)
+ }
+
+ permissions := token[claimPermissionsKey]
+ c.Permissions = c.decodeSliceString(permissions)
+
+ if val, ok := token[claimMustChangePasswordKey]; ok {
+ c.MustChangePassword = c.decodeBoolean(val)
+ }
+
+ if val, ok := token[claimMustSetSecondFactorKey]; ok {
+ c.MustSetTwoFactorAuth = c.decodeBoolean(val)
+ }
+
+ if val, ok := token[claimRequiredTwoFactorProtocols]; ok {
+ c.RequiredTwoFactorProtocols = c.decodeSliceString(val)
+ }
+
+ if val, ok := token[claimHideUserPageSection]; ok {
+ switch v := val.(type) {
+ case float64:
+ c.HideUserPageSections = int(v)
+ }
+ }
+}
+
+func (c *jwtTokenClaims) hasPerm(perm string) bool {
+ if util.Contains(c.Permissions, dataprovider.PermAdminAny) {
+ return true
+ }
+
+ return util.Contains(c.Permissions, perm)
+}
+
+func (c *jwtTokenClaims) createToken(tokenAuth *jwtauth.JWTAuth, audience tokenAudience, ip string) (jwt.Token, string, error) {
+ claims := c.asMap()
+ now := time.Now().UTC()
+
+ claims[jwt.JwtIDKey] = xid.New().String()
+ claims[jwt.NotBeforeKey] = now.Add(-30 * time.Second)
+ claims[jwt.ExpirationKey] = now.Add(tokenDuration)
+ claims[jwt.AudienceKey] = []string{audience, ip}
+
+ return tokenAuth.Encode(claims)
+}
+
+func (c *jwtTokenClaims) createTokenResponse(tokenAuth *jwtauth.JWTAuth, audience tokenAudience, ip string) (map[string]any, error) {
+ token, tokenString, err := c.createToken(tokenAuth, audience, ip)
+ if err != nil {
+ return nil, err
+ }
+
+ response := make(map[string]any)
+ response["access_token"] = tokenString
+ response["expires_at"] = token.Expiration().Format(time.RFC3339)
+
+ return response, nil
+}
+
+func (c *jwtTokenClaims) createAndSetCookie(w http.ResponseWriter, r *http.Request, tokenAuth *jwtauth.JWTAuth,
audience tokenAudience, ip string,
) error {
- duration := getTokenDuration(audience)
- token, err := tokenAuth.SignWithParams(claims, audience, ip, duration)
+ resp, err := c.createTokenResponse(tokenAuth, audience, ip)
if err != nil {
return err
}
- resp := claims.BuildTokenResponse(token)
var basePath string
if audience == tokenAudienceWebAdmin || audience == tokenAudienceWebAdminPartial {
basePath = webBaseAdminPath
} else {
basePath = webBaseClientPath
}
- setCookie(w, r, basePath, resp.Token, duration)
-
- return nil
-}
-
-func setCookie(w http.ResponseWriter, r *http.Request, cookiePath, cookieValue string, duration time.Duration) {
+ duration := tokenDuration
+ if audience == tokenAudienceWebShare {
+ duration = shareTokenDuration
+ }
http.SetCookie(w, &http.Cookie{
- Name: jwt.CookieKey,
- Value: cookieValue,
- Path: cookiePath,
+ Name: jwtCookieKey,
+ Value: resp["access_token"].(string),
+ Path: basePath,
Expires: time.Now().Add(duration),
MaxAge: int(duration / time.Second),
HttpOnly: true,
Secure: isTLS(r),
SameSite: http.SameSiteStrictMode,
})
+
+ return nil
}
-func removeCookie(w http.ResponseWriter, r *http.Request, cookiePath string) {
- invalidateToken(r)
+func (c *jwtTokenClaims) removeCookie(w http.ResponseWriter, r *http.Request, cookiePath string) {
http.SetCookie(w, &http.Cookie{
- Name: jwt.CookieKey,
+ Name: jwtCookieKey,
Value: "",
Path: cookiePath,
Expires: time.Unix(0, 0),
@@ -165,9 +287,10 @@ func removeCookie(w http.ResponseWriter, r *http.Request, cookiePath string) {
SameSite: http.SameSiteStrictMode,
})
w.Header().Add("Cache-Control", `no-cache="Set-Cookie"`)
+ invalidateToken(r)
}
-func oidcTokenFromContext(r *http.Request) string {
+func tokenFromContext(r *http.Request) string {
if token, ok := r.Context().Value(oidcGeneratedToken).(string); ok {
return token
}
@@ -179,16 +302,16 @@ func isTLS(r *http.Request) bool {
return true
}
if proto, ok := r.Context().Value(forwardedProtoKey).(string); ok {
- return proto == "https" //nolint:goconst
+ return proto == "https"
}
return false
}
func isTokenInvalidated(r *http.Request) bool {
var findTokenFns []func(r *http.Request) string
- findTokenFns = append(findTokenFns, jwt.TokenFromHeader)
- findTokenFns = append(findTokenFns, jwt.TokenFromCookie)
- findTokenFns = append(findTokenFns, oidcTokenFromContext)
+ findTokenFns = append(findTokenFns, jwtauth.TokenFromHeader)
+ findTokenFns = append(findTokenFns, jwtauth.TokenFromCookie)
+ findTokenFns = append(findTokenFns, tokenFromContext)
isTokenFound := false
for _, fn := range findTokenFns {
@@ -205,78 +328,55 @@ func isTokenInvalidated(r *http.Request) bool {
}
func invalidateToken(r *http.Request) {
- tokenString := jwt.TokenFromHeader(r)
+ tokenString := jwtauth.TokenFromHeader(r)
if tokenString != "" {
- invalidateTokenString(r, tokenString, apiTokenDuration)
+ invalidatedJWTTokens.Add(tokenString, time.Now().Add(tokenDuration).UTC())
}
- tokenString = jwt.TokenFromCookie(r)
+ tokenString = jwtauth.TokenFromCookie(r)
if tokenString != "" {
- invalidateTokenString(r, tokenString, getMaxCookieDuration())
+ invalidatedJWTTokens.Add(tokenString, time.Now().Add(tokenDuration).UTC())
}
}
-func invalidateTokenString(r *http.Request, tokenString string, fallbackDuration time.Duration) {
- token, err := jwt.FromContext(r.Context())
- if err != nil {
- invalidatedJWTTokens.Add(tokenString, time.Now().Add(fallbackDuration).UTC())
- return
- }
- invalidatedJWTTokens.Add(tokenString, token.Expiry.Time().Add(1*time.Minute).UTC())
-}
-
func getUserFromToken(r *http.Request) *dataprovider.User {
user := &dataprovider.User{}
- claims, err := jwt.FromContext(r.Context())
+ _, claims, err := jwtauth.FromContext(r.Context())
if err != nil {
return user
}
- user.Username = claims.Username
- user.Filters.WebClient = claims.Permissions
- user.Role = claims.Role
+ tokenClaims := jwtTokenClaims{}
+ tokenClaims.Decode(claims)
+ user.Username = tokenClaims.Username
+ user.Filters.WebClient = tokenClaims.Permissions
+ user.Role = tokenClaims.Role
return user
}
func getAdminFromToken(r *http.Request) *dataprovider.Admin {
admin := &dataprovider.Admin{}
- claims, err := jwt.FromContext(r.Context())
+ _, claims, err := jwtauth.FromContext(r.Context())
if err != nil {
return admin
}
- admin.Username = claims.Username
- admin.Permissions = claims.Permissions
- admin.Filters.Preferences.HideUserPageSections = claims.HideUserPageSections
- admin.Role = claims.Role
+ tokenClaims := jwtTokenClaims{}
+ tokenClaims.Decode(claims)
+ admin.Username = tokenClaims.Username
+ admin.Permissions = tokenClaims.Permissions
+ admin.Filters.Preferences.HideUserPageSections = tokenClaims.HideUserPageSections
+ admin.Role = tokenClaims.Role
return admin
}
-func createLoginCookie(w http.ResponseWriter, r *http.Request, csrfTokenAuth *jwt.Signer, tokenID, basePath, ip string,
-) {
- c := jwt.NewClaims(tokenAudienceWebLogin, ip, getTokenDuration(tokenAudienceWebLogin))
- c.ID = tokenID
- resp, err := c.GenerateTokenResponse(csrfTokenAuth)
- if err != nil {
- return
- }
- setCookie(w, r, basePath, resp.Token, csrfTokenDuration)
-}
+func createCSRFToken(ip string) string {
+ claims := make(map[string]any)
+ now := time.Now().UTC()
-func createCSRFToken(w http.ResponseWriter, r *http.Request, csrfTokenAuth *jwt.Signer, tokenID,
- basePath string,
-) string {
- ip := util.GetIPFromRemoteAddress(r.RemoteAddr)
- claims := jwt.NewClaims(tokenAudienceCSRF, ip, csrfTokenDuration)
- claims.ID = rand.Text()
- if tokenID != "" {
- createLoginCookie(w, r, csrfTokenAuth, tokenID, basePath, ip)
- claims.Ref = tokenID
- } else {
- if c, err := jwt.FromContext(r.Context()); err == nil {
- claims.Ref = c.ID
- } else {
- logger.Error(logSender, "", "unable to add reference to CSRF token: %v", err)
- }
- }
- tokenString, err := csrfTokenAuth.Sign(claims)
+ claims[jwt.JwtIDKey] = xid.New().String()
+ claims[jwt.NotBeforeKey] = now.Add(-30 * time.Second)
+ claims[jwt.ExpirationKey] = now.Add(csrfTokenDuration)
+ claims[jwt.AudienceKey] = []string{tokenAudienceCSRF, ip}
+
+ _, tokenString, err := csrfTokenAuth.Encode(claims)
if err != nil {
logger.Debug(logSender, "", "unable to create CSRF token: %v", err)
return ""
@@ -284,80 +384,38 @@ func createCSRFToken(w http.ResponseWriter, r *http.Request, csrfTokenAuth *jwt.
return tokenString
}
-func verifyCSRFToken(r *http.Request, csrfTokenAuth *jwt.Signer) error {
- tokenString := r.Form.Get(csrfFormToken)
- token, err := jwt.VerifyToken(csrfTokenAuth, tokenString)
+func verifyCSRFToken(tokenString, ip string) error {
+ token, err := jwtauth.VerifyToken(csrfTokenAuth, tokenString)
if err != nil || token == nil {
logger.Debug(logSender, "", "error validating CSRF token %q: %v", tokenString, err)
return fmt.Errorf("unable to verify form token: %v", err)
}
- if !token.Audience.Contains(tokenAudienceCSRF) {
+ if !util.Contains(token.Audience(), tokenAudienceCSRF) {
logger.Debug(logSender, "", "error validating CSRF token audience")
return errors.New("the form token is not valid")
}
- if err := validateIPForToken(token, util.GetIPFromRemoteAddress(r.RemoteAddr)); err != nil {
- logger.Debug(logSender, "", "error validating CSRF token IP audience")
- return errors.New("the form token is not valid")
- }
- return checkCSRFTokenRef(r, token)
-}
-
-func checkCSRFTokenRef(r *http.Request, token *jwt.Claims) error {
- claims, err := jwt.FromContext(r.Context())
- if err != nil {
- logger.Debug(logSender, "", "error getting token claims for CSRF validation: %v", err)
- return err
- }
- if token.ID == "" {
- logger.Debug(logSender, "", "error validating CSRF token, missing reference")
- return errors.New("the form token is not valid")
- }
- if claims.ID != token.Ref {
- logger.Debug(logSender, "", "error validating CSRF reference, id %q, reference %q", claims.ID, token.ID)
- return errors.New("unexpected form token")
+ if tokenValidationMode != tokenValidationNoIPMatch {
+ if !util.Contains(token.Audience(), ip) {
+ logger.Debug(logSender, "", "error validating CSRF token IP audience")
+ return errors.New("the form token is not valid")
+ }
}
return nil
}
-func verifyLoginCookie(r *http.Request) error {
- token, err := jwt.FromContext(r.Context())
- if err != nil {
- logger.Debug(logSender, "", "error getting login token: %v", err)
- return errInvalidToken
- }
- if isTokenInvalidated(r) {
- logger.Debug(logSender, "", "the login token has been invalidated")
- return errInvalidToken
- }
- if !token.Audience.Contains(tokenAudienceWebLogin) {
- logger.Debug(logSender, "", "the token with id %q is not valid for audience %q", token.ID, tokenAudienceWebLogin)
- return errInvalidToken
- }
- ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := validateIPForToken(token, ipAddr); err != nil {
- return err
- }
- return nil
-}
+func createOAuth2Token(state, ip string) string {
+ claims := make(map[string]any)
+ now := time.Now().UTC()
-func verifyLoginCookieAndCSRFToken(r *http.Request, csrfTokenAuth *jwt.Signer) error {
- if err := verifyLoginCookie(r); err != nil {
- return err
- }
- if err := verifyCSRFToken(r, csrfTokenAuth); err != nil {
- return err
- }
- return nil
-}
+ claims[jwt.JwtIDKey] = state
+ claims[jwt.NotBeforeKey] = now.Add(-30 * time.Second)
+ claims[jwt.ExpirationKey] = now.Add(3 * time.Minute)
+ claims[jwt.AudienceKey] = []string{tokenAudienceOAuth2, ip}
-func createOAuth2Token(csrfTokenAuth *jwt.Signer, state, ip string) string {
- claims := jwt.NewClaims(tokenAudienceOAuth2, ip, getTokenDuration(tokenAudienceOAuth2))
- claims.ID = state
-
- tokenString, err := csrfTokenAuth.Sign(claims)
+ _, tokenString, err := csrfTokenAuth.Encode(claims)
if err != nil {
logger.Debug(logSender, "", "unable to create OAuth2 token: %v", err)
return ""
@@ -365,8 +423,8 @@ func createOAuth2Token(csrfTokenAuth *jwt.Signer, state, ip string) string {
return tokenString
}
-func verifyOAuth2Token(csrfTokenAuth *jwt.Signer, tokenString, ip string) (string, error) {
- token, err := jwt.VerifyToken(csrfTokenAuth, tokenString)
+func verifyOAuth2Token(tokenString, ip string) (string, error) {
+ token, err := jwtauth.VerifyToken(csrfTokenAuth, tokenString)
if err != nil || token == nil {
logger.Debug(logSender, "", "error validating OAuth2 token %q: %v", tokenString, err)
return "", util.NewI18nError(
@@ -375,62 +433,22 @@ func verifyOAuth2Token(csrfTokenAuth *jwt.Signer, tokenString, ip string) (strin
)
}
- if !token.Audience.Contains(tokenAudienceOAuth2) {
+ if !util.Contains(token.Audience(), tokenAudienceOAuth2) {
logger.Debug(logSender, "", "error validating OAuth2 token audience")
return "", util.NewI18nError(errors.New("invalid OAuth2 state"), util.I18nOAuth2InvalidState)
}
- if err := validateIPForToken(token, ip); err != nil {
- logger.Debug(logSender, "", "error validating OAuth2 token IP audience")
- return "", util.NewI18nError(errors.New("invalid OAuth2 state"), util.I18nOAuth2InvalidState)
+ if tokenValidationMode != tokenValidationNoIPMatch {
+ if !util.Contains(token.Audience(), ip) {
+ logger.Debug(logSender, "", "error validating OAuth2 token IP audience")
+ return "", util.NewI18nError(errors.New("invalid OAuth2 state"), util.I18nOAuth2InvalidState)
+ }
}
- if token.ID != "" {
- return token.ID, nil
+ if val, ok := token.Get(jwt.JwtIDKey); ok {
+ if state, ok := val.(string); ok {
+ return state, nil
+ }
}
logger.Debug(logSender, "", "jti not found in OAuth2 token")
return "", util.NewI18nError(errors.New("invalid OAuth2 state"), util.I18nOAuth2InvalidState)
}
-
-func validateIPForToken(token *jwt.Claims, ip string) error {
- if tokenValidationMode&tokenValidationModeNoIPMatch == 0 {
- if !token.Audience.Contains(ip) {
- return errInvalidToken
- }
- }
- return nil
-}
-
-func checkTokenSignature(r *http.Request, token *jwt.Claims) error {
- if _, ok := r.Context().Value(oidcTokenKey).(string); ok {
- return nil
- }
- var err error
- if tokenValidationMode&tokenValidationModeUserSignature != 0 {
- for _, audience := range token.Audience {
- switch audience {
- case tokenAudienceAPI, tokenAudienceWebAdmin:
- err = validateSignatureForToken(token, dataprovider.GetAdminSignature)
- case tokenAudienceAPIUser, tokenAudienceWebClient:
- err = validateSignatureForToken(token, dataprovider.GetUserSignature)
- }
- }
- }
- if err != nil {
- invalidateToken(r)
- }
- return err
-}
-
-func validateSignatureForToken(token *jwt.Claims, getter func(string) (string, error)) error {
- signature, err := getter(token.Username)
- if err != nil {
- logger.Debug(logSender, "", "unable to get signature for username %q: %v", token.Username, err)
- return errInvalidToken
- }
- if signature != "" && signature == token.Subject {
- return nil
- }
- logger.Debug(logSender, "", "signature mismatch for username %q, signature %q, token signature %q",
- token.Username, signature, token.Subject)
- return errInvalidToken
-}
diff --git a/internal/httpd/file.go b/internal/httpd/file.go
index daa70b49..5bc4627b 100644
--- a/internal/httpd/file.go
+++ b/internal/httpd/file.go
@@ -126,7 +126,7 @@ func (f *httpdFile) closeIO() error {
} else if f.reader != nil {
err = f.reader.Close()
if metadater, ok := f.reader.(vfs.Metadater); ok {
- f.SetMetadata(metadater.Metadata())
+ f.BaseTransfer.SetMetadata(metadater.Metadata())
}
}
return err
diff --git a/internal/httpd/handler.go b/internal/httpd/handler.go
index 15b085fe..d417cc4a 100644
--- a/internal/httpd/handler.go
+++ b/internal/httpd/handler.go
@@ -35,17 +35,6 @@ import (
type Connection struct {
*common.BaseConnection
request *http.Request
- rc *http.ResponseController
-}
-
-func newConnection(conn *common.BaseConnection, w http.ResponseWriter, r *http.Request) *Connection {
- rc := http.NewResponseController(w)
- responseControllerDeadlines(rc, time.Time{}, time.Time{})
- return &Connection{
- BaseConnection: conn,
- request: r,
- rc: rc,
- }
}
// GetClientVersion returns the connected client's version.
@@ -71,9 +60,6 @@ func (c *Connection) GetRemoteAddress() string {
// Disconnect closes the active transfer
func (c *Connection) Disconnect() (err error) {
- if c.rc != nil {
- responseControllerDeadlines(c.rc, time.Now().Add(5*time.Second), time.Now().Add(5*time.Second))
- }
return c.SignalTransfersAbort()
}
@@ -111,11 +97,6 @@ func (c *Connection) ReadDir(name string) (vfs.DirLister, error) {
func (c *Connection) getFileReader(name string, offset int64, method string) (io.ReadCloser, error) {
c.UpdateLastActivity()
- if err := common.Connections.IsNewTransferAllowed(c.User.Username); err != nil {
- c.Log(logger.LevelInfo, "denying file read due to transfer count limits")
- return nil, util.NewI18nError(c.GetPermissionDeniedError(), util.I18nError403Message)
- }
-
transferQuota := c.GetTransferQuota()
if !transferQuota.HasDownloadSpace() {
c.Log(logger.LevelInfo, "denying file read due to quota limits")
@@ -195,7 +176,7 @@ func (c *Connection) getFileWriter(name string) (io.WriteCloser, error) {
}
if common.Config.IsAtomicUploadEnabled() && fs.IsAtomicUploadSupported() {
- _, _, err = fs.Rename(p, filePath, 0)
+ _, _, err = fs.Rename(p, filePath)
if err != nil {
c.Log(logger.LevelError, "error renaming existing file for atomic upload, source: %q, dest: %q, err: %+v",
p, filePath, err)
@@ -207,10 +188,6 @@ func (c *Connection) getFileWriter(name string) (io.WriteCloser, error) {
}
func (c *Connection) handleUploadFile(fs vfs.Fs, resolvedPath, filePath, requestPath string, isNewFile bool, fileSize int64) (io.WriteCloser, error) {
- if err := common.Connections.IsNewTransferAllowed(c.User.Username); err != nil {
- c.Log(logger.LevelInfo, "denying file write due to transfer count limits")
- return nil, util.NewI18nError(c.GetPermissionDeniedError(), util.I18nError403Message)
- }
diskQuota, transferQuota := c.HasSpace(isNewFile, false, requestPath)
if !diskQuota.HasSpace || !transferQuota.HasUploadSpace() {
c.Log(logger.LevelInfo, "denying file write due to quota limits")
@@ -236,7 +213,10 @@ func (c *Connection) handleUploadFile(fs vfs.Fs, resolvedPath, filePath, request
if vfs.HasTruncateSupport(fs) {
vfolder, err := c.User.GetVirtualFolderForPath(path.Dir(requestPath))
if err == nil {
- dataprovider.UpdateUserFolderQuota(&vfolder, &c.User, 0, -fileSize, false)
+ dataprovider.UpdateVirtualFolderQuota(&vfolder.BaseVirtualFolder, 0, -fileSize, false) //nolint:errcheck
+ if vfolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&c.User, 0, -fileSize, false) //nolint:errcheck
+ }
} else {
dataprovider.UpdateUserQuota(&c.User, 0, -fileSize, false) //nolint:errcheck
}
@@ -343,10 +323,6 @@ func (t *throttledReader) GetRealFsPath(_ string) string {
return ""
}
-func (t *throttledReader) GetFsPath() string {
- return ""
-}
-
func (t *throttledReader) SetTimes(_ string, _ time.Time, _ time.Time) bool {
return false
}
diff --git a/internal/httpd/httpd.go b/internal/httpd/httpd.go
index 13e39206..ae81b7af 100644
--- a/internal/httpd/httpd.go
+++ b/internal/httpd/httpd.go
@@ -23,16 +23,16 @@ import (
"fmt"
"net"
"net/http"
- "net/url"
"os"
"path"
"path/filepath"
"runtime"
"strings"
- "sync"
"time"
"github.com/go-chi/chi/v5"
+ "github.com/go-chi/jwtauth/v5"
+ "github.com/lestrrat-go/jwx/v2/jwa"
"github.com/drakkan/sftpgo/v2/internal/acme"
"github.com/drakkan/sftpgo/v2/internal/common"
@@ -84,6 +84,7 @@ const (
user2FARecoveryCodesPath = "/api/v2/user/2fa/recoverycodes"
userProfilePath = "/api/v2/user/profile"
userSharesPath = "/api/v2/user/shares"
+ retentionBasePath = "/api/v2/retention/users"
retentionChecksPath = "/api/v2/retention/users/checks"
fsEventsPath = "/api/v2/events/fs"
providerEventsPath = "/api/v2/events/provider"
@@ -195,6 +196,7 @@ var (
cleanupTicker *time.Ticker
cleanupDone chan bool
invalidatedJWTTokens tokenManager
+ csrfTokenAuth *jwtauth.JWTAuth
webRootPath string
webBasePath string
webBaseAdminPath string
@@ -286,88 +288,12 @@ var (
installationCodeHint string
fnInstallationCodeResolver FnInstallationCodeResolver
configurationDir string
- dbBrandingConfig brandingCache
)
func init() {
updateWebAdminURLs("")
updateWebClientURLs("")
acme.SetReloadHTTPDCertsFn(ReloadCertificateMgr)
- common.SetUpdateBrandingFn(dbBrandingConfig.Set)
-}
-
-type brandingCache struct {
- mu sync.RWMutex
- configs *dataprovider.BrandingConfigs
-}
-
-func (b *brandingCache) Set(configs *dataprovider.BrandingConfigs) {
- b.mu.Lock()
- defer b.mu.Unlock()
-
- b.configs = configs
-}
-
-func (b *brandingCache) getWebAdminLogo() []byte {
- b.mu.RLock()
- defer b.mu.RUnlock()
-
- return b.configs.WebAdmin.Logo
-}
-
-func (b *brandingCache) getWebAdminFavicon() []byte {
- b.mu.RLock()
- defer b.mu.RUnlock()
-
- return b.configs.WebAdmin.Favicon
-}
-
-func (b *brandingCache) getWebClientLogo() []byte {
- b.mu.RLock()
- defer b.mu.RUnlock()
-
- return b.configs.WebClient.Logo
-}
-
-func (b *brandingCache) getWebClientFavicon() []byte {
- b.mu.RLock()
- defer b.mu.RUnlock()
-
- return b.configs.WebClient.Favicon
-}
-
-func (b *brandingCache) mergeBrandingConfig(branding UIBranding, isWebClient bool) UIBranding {
- b.mu.RLock()
- defer b.mu.RUnlock()
-
- var urlPrefix string
- var cfg dataprovider.BrandingConfig
- if isWebClient {
- cfg = b.configs.WebClient
- urlPrefix = "webclient"
- } else {
- cfg = b.configs.WebAdmin
- urlPrefix = "webadmin"
- }
- if cfg.Name != "" {
- branding.Name = cfg.Name
- }
- if cfg.ShortName != "" {
- branding.ShortName = cfg.ShortName
- }
- if cfg.DisclaimerName != "" {
- branding.DisclaimerName = cfg.DisclaimerName
- }
- if cfg.DisclaimerURL != "" {
- branding.DisclaimerPath = cfg.DisclaimerURL
- }
- if len(cfg.Logo) > 0 {
- branding.LogoPath = path.Join("/", "branding", urlPrefix, "logo.png")
- }
- if len(cfg.Favicon) > 0 {
- branding.FaviconPath = path.Join("/", "branding", urlPrefix, "favicon.png")
- }
- return branding
}
// FnInstallationCodeResolver defines a method to get the installation code.
@@ -414,17 +340,11 @@ type SecurityConf struct {
ContentSecurityPolicy string `json:"content_security_policy" mapstructure:"content_security_policy"`
// PermissionsPolicy allows to set the Permissions-Policy header value. Default is "".
PermissionsPolicy string `json:"permissions_policy" mapstructure:"permissions_policy"`
- // CrossOriginOpenerPolicy allows to set the Cross-Origin-Opener-Policy header value. Default is "".
+ // CrossOriginOpenerPolicy allows to set the `Cross-Origin-Opener-Policy` header value. Default is "".
CrossOriginOpenerPolicy string `json:"cross_origin_opener_policy" mapstructure:"cross_origin_opener_policy"`
- // CrossOriginResourcePolicy allows to set the Cross-Origin-Resource-Policy header value. Default is "".
- CrossOriginResourcePolicy string `json:"cross_origin_resource_policy" mapstructure:"cross_origin_resource_policy"`
- // CrossOriginEmbedderPolicy allows to set the Cross-Origin-Embedder-Policy header value. Default is "".
- CrossOriginEmbedderPolicy string `json:"cross_origin_embedder_policy" mapstructure:"cross_origin_embedder_policy"`
- // CacheControl allows to set the Cache-Control header value.
+ // CacheControl allow to set the Cache-Control header value.
CacheControl string `json:"cache_control" mapstructure:"cache_control"`
- // ReferrerPolicy allows to set the Referrer-Policy header values.
- ReferrerPolicy string `json:"referrer_policy" mapstructure:"referrer_policy"`
- proxyHeaders []string
+ proxyHeaders []string
}
func (s *SecurityConf) updateProxyHeaders() {
@@ -491,23 +411,19 @@ type UIBranding struct {
// the default CSS files
DefaultCSS []string `json:"default_css" mapstructure:"default_css"`
// Additional CSS file paths, relative to "static_files_path", to include
- ExtraCSS []string `json:"extra_css" mapstructure:"extra_css"`
- DefaultLogoPath string `json:"-" mapstructure:"-"`
- DefaultFaviconPath string `json:"-" mapstructure:"-"`
+ ExtraCSS []string `json:"extra_css" mapstructure:"extra_css"`
}
func (b *UIBranding) check() {
- b.DefaultLogoPath = "/img/logo.png"
- b.DefaultFaviconPath = "/favicon.png"
if b.LogoPath != "" {
b.LogoPath = util.CleanPath(b.LogoPath)
} else {
- b.LogoPath = b.DefaultLogoPath
+ b.LogoPath = "/img/logo.png"
}
if b.FaviconPath != "" {
b.FaviconPath = util.CleanPath(b.FaviconPath)
} else {
- b.FaviconPath = b.DefaultFaviconPath
+ b.FaviconPath = "/favicon.ico"
}
if b.DisclaimerPath != "" {
if !strings.HasPrefix(b.DisclaimerPath, "https://") && !strings.HasPrefix(b.DisclaimerPath, "http://") {
@@ -567,21 +483,7 @@ type Binding struct {
//
// You can combine the values. For example 3 means that you can only login using OIDC on
// both WebClient and WebAdmin UI.
- // Deprecated because it is not extensible, use DisabledLoginMethods
EnabledLoginMethods int `json:"enabled_login_methods" mapstructure:"enabled_login_methods"`
- // Defines the login methods disabled for the WebAdmin and WebClient UIs:
- //
- // - 1 means OIDC for the WebAdmin UI
- // - 2 means OIDC for the WebClient UI
- // - 4 means login form for the WebAdmin UI
- // - 8 means login form for the WebClient UI
- // - 16 means basic auth for admin REST API
- // - 32 means basic auth for user REST API
- // - 64 means API key auth for admins
- // - 128 means API key auth for users
- // You can combine the values. For example 12 means that you can only login using OIDC on
- // both WebClient and WebAdmin UI.
- DisabledLoginMethods int `json:"disabled_login_methods" mapstructure:"disabled_login_methods"`
// you also need to provide a certificate for enabling HTTPS
EnableHTTPS bool `json:"enable_https" mapstructure:"enable_https"`
// Certificate and matching private key for this specific binding, if empty the global
@@ -606,9 +508,6 @@ type Binding struct {
TLSCipherSuites []string `json:"tls_cipher_suites" mapstructure:"tls_cipher_suites"`
// HTTP protocols in preference order. Supported values: http/1.1, h2
Protocols []string `json:"tls_protocols" mapstructure:"tls_protocols"`
- // Defines whether to use the common proxy protocol configuration or the
- // binding-specific proxy header configuration.
- ProxyMode int `json:"proxy_mode" mapstructure:"proxy_mode"`
// List of IP addresses and IP ranges allowed to set client IP proxy headers and
// X-Forwarded-Proto header.
ProxyAllowed []string `json:"proxy_allowed" mapstructure:"proxy_allowed"`
@@ -628,12 +527,6 @@ type Binding struct {
HideLoginURL int `json:"hide_login_url" mapstructure:"hide_login_url"`
// Enable the built-in OpenAPI renderer
RenderOpenAPI bool `json:"render_openapi" mapstructure:"render_openapi"`
- // BaseURL defines the external base URL for generating public links
- // (currently share access link), bypassing the default browser-based
- // detection.
- BaseURL string `json:"base_url" mapstructure:"base_url"`
- // Languages defines the list of enabled translations for the WebAdmin and WebClient UI.
- Languages []string `json:"languages" mapstructure:"languages"`
// Defining an OIDC configuration the web admin and web client UI will use OpenID to authenticate users.
OIDC OIDC `json:"oidc" mapstructure:"oidc"`
// Security defines security headers to add to HTTP responses and allows to restrict allowed hosts
@@ -660,36 +553,6 @@ func (b *Binding) checkBranding() {
}
}
-func (b *Binding) webAdminBranding() UIBranding {
- return dbBrandingConfig.mergeBrandingConfig(b.Branding.WebAdmin, false)
-}
-
-func (b *Binding) webClientBranding() UIBranding {
- return dbBrandingConfig.mergeBrandingConfig(b.Branding.WebClient, true)
-}
-
-func (b *Binding) languages() []string {
- return b.Languages
-}
-
-func (b *Binding) validateBaseURL() error {
- if b.BaseURL == "" {
- return nil
- }
- u, err := url.ParseRequestURI(b.BaseURL)
- if err != nil {
- return err
- }
- if u.Scheme != "http" && u.Scheme != "https" {
- return fmt.Errorf("invalid base URL schema %s", b.BaseURL)
- }
- if u.Host == "" {
- return fmt.Errorf("invalid base URL host %s", b.BaseURL)
- }
- b.BaseURL = strings.TrimRight(u.String(), "/")
- return nil
-}
-
func (b *Binding) parseAllowedProxy() error {
if filepath.IsAbs(b.Address) && len(b.ProxyAllowed) > 0 {
// unix domain socket
@@ -723,90 +586,47 @@ func (b *Binding) IsValid() bool {
return false
}
-func (b *Binding) check() error {
- if err := b.parseAllowedProxy(); err != nil {
- return err
- }
- if err := b.validateBaseURL(); err != nil {
- return err
- }
- b.checkBranding()
- b.Security.updateProxyHeaders()
- return nil
-}
-
func (b *Binding) isWebAdminOIDCLoginDisabled() bool {
if b.EnableWebAdmin {
- return b.DisabledLoginMethods&1 != 0
+ if b.EnabledLoginMethods == 0 {
+ return false
+ }
+ return b.EnabledLoginMethods&1 == 0
}
return false
}
func (b *Binding) isWebClientOIDCLoginDisabled() bool {
if b.EnableWebClient {
- return b.DisabledLoginMethods&2 != 0
+ if b.EnabledLoginMethods == 0 {
+ return false
+ }
+ return b.EnabledLoginMethods&2 == 0
}
return false
}
func (b *Binding) isWebAdminLoginFormDisabled() bool {
if b.EnableWebAdmin {
- return b.DisabledLoginMethods&4 != 0
+ if b.EnabledLoginMethods == 0 {
+ return false
+ }
+ return b.EnabledLoginMethods&4 == 0
}
return false
}
func (b *Binding) isWebClientLoginFormDisabled() bool {
if b.EnableWebClient {
- return b.DisabledLoginMethods&8 != 0
+ if b.EnabledLoginMethods == 0 {
+ return false
+ }
+ return b.EnabledLoginMethods&8 == 0
}
return false
}
-func (b *Binding) isAdminTokenEndpointDisabled() bool {
- return b.DisabledLoginMethods&16 != 0
-}
-
-func (b *Binding) isUserTokenEndpointDisabled() bool {
- return b.DisabledLoginMethods&32 != 0
-}
-
-func (b *Binding) isAdminAPIKeyAuthDisabled() bool {
- return b.DisabledLoginMethods&64 != 0
-}
-
-func (b *Binding) isUserAPIKeyAuthDisabled() bool {
- return b.DisabledLoginMethods&128 != 0
-}
-
-func (b *Binding) hasLoginForAPI() bool {
- return !b.isAdminTokenEndpointDisabled() || !b.isUserTokenEndpointDisabled() ||
- !b.isAdminAPIKeyAuthDisabled() || !b.isUserAPIKeyAuthDisabled()
-}
-
-// convertLoginMethods checks if the deprecated EnabledLoginMethods is set and
-// convert the value to DisabledLoginMethods.
-func (b *Binding) convertLoginMethods() {
- if b.DisabledLoginMethods > 0 || b.EnabledLoginMethods == 0 {
- // DisabledLoginMethods already in use or EnabledLoginMethods not set.
- return
- }
- if b.EnabledLoginMethods&1 == 0 {
- b.DisabledLoginMethods++
- }
- if b.EnabledLoginMethods&2 == 0 {
- b.DisabledLoginMethods += 2
- }
- if b.EnabledLoginMethods&4 == 0 {
- b.DisabledLoginMethods += 4
- }
- if b.EnabledLoginMethods&8 == 0 {
- b.DisabledLoginMethods += 8
- }
-}
-
func (b *Binding) checkLoginMethods() error {
- b.convertLoginMethods()
if b.isWebAdminLoginFormDisabled() && b.isWebAdminOIDCLoginDisabled() {
return errors.New("no login method available for WebAdmin UI")
}
@@ -823,9 +643,6 @@ func (b *Binding) checkLoginMethods() error {
return errors.New("no login method available for WebClient UI")
}
}
- if b.EnableRESTAPI && !b.hasLoginForAPI() {
- return errors.New("no login method available for REST API")
- }
return nil
}
@@ -853,13 +670,6 @@ func (b *Binding) isMutualTLSEnabled() bool {
return b.ClientAuthType == 1
}
-func (b *Binding) listenerWrapper() func(net.Listener) (net.Listener, error) {
- if b.ProxyMode == 1 {
- return common.Config.GetProxyListener
- }
- return nil
-}
-
type defenderStatus struct {
IsActive bool `json:"is_active"`
}
@@ -953,12 +763,6 @@ type Conf struct {
// By default all the available security checks are enabled. Set to 1 to disable the requirement
// that a token must be used by the same IP for which it was issued.
TokenValidation int `json:"token_validation" mapstructure:"token_validation"`
- // CookieLifetime defines the duration of cookies for WebAdmin and WebClient
- CookieLifetime int `json:"cookie_lifetime" mapstructure:"cookie_lifetime"`
- // ShareCookieLifetime defines the duration of cookies for public shares
- ShareCookieLifetime int `json:"share_cookie_lifetime" mapstructure:"share_cookie_lifetime"`
- // JWTLifetime defines the duration of JWT tokens used in REST API
- JWTLifetime int `json:"jwt_lifetime" mapstructure:"jwt_lifetime"`
// MaxUploadFileSize Defines the maximum request body size, in bytes, for Web Client/API HTTP upload requests.
// 0 means no limit
MaxUploadFileSize int64 `json:"max_upload_file_size" mapstructure:"max_upload_file_size"`
@@ -1067,7 +871,11 @@ func (c *Conf) getKeyPairs(configDir string) []common.TLSKeyPair {
}
func (c *Conf) setTokenValidationMode() {
- tokenValidationMode = c.TokenValidation
+ if c.TokenValidation == 1 {
+ tokenValidationMode = tokenValidationNoIPMatch
+ } else {
+ tokenValidationMode = tokenValidationFull
+ }
}
func (c *Conf) loadFromProvider() error {
@@ -1076,7 +884,6 @@ func (c *Conf) loadFromProvider() error {
return fmt.Errorf("unable to load config from provider: %w", err)
}
configs.SetNilsToEmpty()
- dbBrandingConfig.Set(configs.Branding)
if configs.ACME.Domain == "" || !configs.ACME.HasProtocol(common.ProtocolHTTP) {
return nil
}
@@ -1162,6 +969,7 @@ func (c *Conf) Initialize(configDir string, isShared int) error {
c.SigningPassphrase = passphrase
}
+ csrfTokenAuth = jwtauth.New(jwa.HS256.String(), getSigningKey(c.SigningPassphrase), nil)
hideSupportLink = c.HideSupportLink
exitChannel := make(chan error, 1)
@@ -1170,9 +978,11 @@ func (c *Conf) Initialize(configDir string, isShared int) error {
if !binding.IsValid() {
continue
}
- if err := binding.check(); err != nil {
+ if err := binding.parseAllowedProxy(); err != nil {
return err
}
+ binding.checkBranding()
+ binding.Security.updateProxyHeaders()
go func(b Binding) {
if err := b.OIDC.initialize(); err != nil {
@@ -1193,8 +1003,7 @@ func (c *Conf) Initialize(configDir string, isShared int) error {
maxUploadFileSize = c.MaxUploadFileSize
installationCode = c.Setup.InstallationCode
installationCodeHint = c.Setup.InstallationCodeHint
- updateTokensDuration(c.JWTLifetime, c.CookieLifetime, c.ShareCookieLifetime)
- startCleanupTicker(10 * time.Minute)
+ startCleanupTicker(tokenDuration / 2)
c.setTokenValidationMode()
return <-exitChannel
}
@@ -1367,12 +1176,10 @@ func updateWebAdminURLs(baseURL string) {
}
// GetHTTPRouter returns an HTTP handler suitable to use for test cases
-func GetHTTPRouter(b Binding) (http.Handler, error) {
+func GetHTTPRouter(b Binding) http.Handler {
server := newHttpdServer(b, filepath.Join("..", "..", "static"), "", CorsConfig{}, filepath.Join("..", "..", "openapi"))
- if err := server.initializeRouter(); err != nil {
- return nil, err
- }
- return server.router, nil
+ server.initializeRouter()
+ return server.router
}
// the ticker cannot be started/stopped from multiple goroutines
@@ -1410,14 +1217,11 @@ func stopCleanupTicker() {
}
func getSigningKey(signingPassphrase string) []byte {
- var key []byte
if signingPassphrase != "" {
- key = []byte(signingPassphrase)
- } else {
- key = util.GenerateRandomBytes(32)
+ sk := sha256.Sum256([]byte(signingPassphrase))
+ return sk[:]
}
- sk := sha256.Sum256(key)
- return sk[:]
+ return util.GenerateRandomBytes(32)
}
// SetInstallationCodeResolver sets a function to call to resolve the installation code
diff --git a/internal/httpd/httpd_test.go b/internal/httpd/httpd_test.go
index be4f8d88..8da9018b 100644
--- a/internal/httpd/httpd_test.go
+++ b/internal/httpd/httpd_test.go
@@ -20,9 +20,6 @@ import (
"encoding/json"
"errors"
"fmt"
- "image"
- "image/color"
- "image/png"
"io"
"io/fs"
"math"
@@ -36,7 +33,6 @@ import (
"path/filepath"
"regexp"
"runtime"
- "slices"
"strconv"
"strings"
"sync"
@@ -46,10 +42,9 @@ import (
"github.com/go-chi/render"
_ "github.com/go-sql-driver/mysql"
_ "github.com/jackc/pgx/v5/stdlib"
- "github.com/lithammer/shortuuid/v4"
+ "github.com/lithammer/shortuuid/v3"
_ "github.com/mattn/go-sqlite3"
"github.com/mhale/smtpd"
- "github.com/pkg/sftp"
"github.com/pquerna/otp"
"github.com/pquerna/otp/totp"
"github.com/rs/xid"
@@ -126,6 +121,7 @@ const (
user2FARecoveryCodesPath = "/api/v2/user/2fa/recoverycodes"
userProfilePath = "/api/v2/user/profile"
userSharesPath = "/api/v2/user/shares"
+ retentionBasePath = "/api/v2/retention/users"
fsEventsPath = "/api/v2/events/fs"
providerEventsPath = "/api/v2/events/provider"
logEventsPath = "/api/v2/events/logs"
@@ -328,7 +324,7 @@ type recoveryCode struct {
Used bool `json:"used"`
}
-func TestMain(m *testing.M) { //nolint:gocyclo
+func TestMain(m *testing.M) {
homeBasePath = os.TempDir()
logfilePath := filepath.Join(configDir, "sftpgo_api_test.log")
logger.InitLogger(logfilePath, 5, 1, 28, false, false, zerolog.DebugLevel)
@@ -480,12 +476,7 @@ func TestMain(m *testing.M) { //nolint:gocyclo
waitTCPListening(httpdConf.Bindings[0].GetAddress())
httpd.ReloadCertificateMgr() //nolint:errcheck
- handler, err := httpd.GetHTTPRouter(httpdConf.Bindings[0])
- if err != nil {
- logger.ErrorToConsole("unable to get http test handler: %v", err)
- os.Exit(1)
- }
- testServer = httptest.NewServer(handler)
+ testServer = httptest.NewServer(httpd.GetHTTPRouter(httpdConf.Bindings[0]))
defer testServer.Close()
exitCode := m.Run()
@@ -580,36 +571,29 @@ func TestInitialization(t *testing.T) {
assert.Contains(t, err.Error(), "oidc")
}
httpdConf.Bindings[0].OIDC = httpd.OIDC{}
- httpdConf.Bindings[0].BaseURL = "ftp://127.0.0.1"
- err = httpdConf.Initialize(configDir, isShared)
- if assert.Error(t, err) {
- assert.Contains(t, err.Error(), "URL schema")
- }
- httpdConf.Bindings[0].BaseURL = ""
httpdConf.Bindings[0].EnableWebClient = true
httpdConf.Bindings[0].EnableWebAdmin = true
- httpdConf.Bindings[0].EnableRESTAPI = true
- httpdConf.Bindings[0].DisabledLoginMethods = 14
+ httpdConf.Bindings[0].EnabledLoginMethods = 1
err = httpdConf.Initialize(configDir, isShared)
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "no login method available for WebAdmin UI")
}
- httpdConf.Bindings[0].DisabledLoginMethods = 13
+ httpdConf.Bindings[0].EnabledLoginMethods = 2
err = httpdConf.Initialize(configDir, isShared)
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "no login method available for WebAdmin UI")
}
- httpdConf.Bindings[0].DisabledLoginMethods = 9
+ httpdConf.Bindings[0].EnabledLoginMethods = 6
err = httpdConf.Initialize(configDir, isShared)
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "no login method available for WebClient UI")
}
- httpdConf.Bindings[0].DisabledLoginMethods = 11
+ httpdConf.Bindings[0].EnabledLoginMethods = 4
err = httpdConf.Initialize(configDir, isShared)
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "no login method available for WebClient UI")
}
- httpdConf.Bindings[0].DisabledLoginMethods = 12
+ httpdConf.Bindings[0].EnabledLoginMethods = 3
err = httpdConf.Initialize(configDir, isShared)
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "no login method available for WebAdmin UI")
@@ -619,12 +603,6 @@ func TestInitialization(t *testing.T) {
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "no login method available for WebClient UI")
}
- httpdConf.Bindings[0].EnableWebClient = false
- httpdConf.Bindings[0].DisabledLoginMethods = 240
- err = httpdConf.Initialize(configDir, isShared)
- if assert.Error(t, err) {
- assert.Contains(t, err.Error(), "no login method available for REST API")
- }
err = dataprovider.Close()
assert.NoError(t, err)
err = httpdConf.Initialize(configDir, isShared)
@@ -641,7 +619,6 @@ func TestInitialization(t *testing.T) {
func TestBasicUserHandling(t *testing.T) {
u := getTestUser()
u.Email = "user@user.com"
- u.Filters.AdditionalEmails = []string{"email1@user.com", "email2@user.com"}
user, resp, err := httpdtest.AddUser(u, http.StatusCreated)
assert.NoError(t, err, string(resp))
_, resp, err = httpdtest.AddUser(u, http.StatusConflict)
@@ -682,12 +659,6 @@ func TestBasicUserHandling(t *testing.T) {
assert.NoError(t, err)
assert.Contains(t, string(body), "Validation error: email")
- user.Email = ""
- user.Filters.AdditionalEmails = []string{"invalid@email"}
- _, body, err = httpdtest.UpdateUser(user, http.StatusBadRequest, "")
- assert.NoError(t, err)
- assert.Contains(t, string(body), "Validation error: email")
-
_, err = httpdtest.RemoveUser(user, http.StatusOK)
assert.NoError(t, err)
}
@@ -905,289 +876,6 @@ func TestTLSCert(t *testing.T) {
assert.NoError(t, err)
}
-func TestSortRelatedFolders(t *testing.T) {
- folder1 := util.GenerateUniqueID()
- folder2 := util.GenerateUniqueID()
- folder3 := util.GenerateUniqueID()
-
- f1 := vfs.BaseVirtualFolder{
- Name: folder1,
- MappedPath: filepath.Clean(os.TempDir()),
- }
- f2 := vfs.BaseVirtualFolder{
- Name: folder2,
- MappedPath: filepath.Clean(os.TempDir()),
- }
- f3 := vfs.BaseVirtualFolder{
- Name: folder3,
- MappedPath: filepath.Clean(os.TempDir()),
- }
- _, _, err := httpdtest.AddFolder(f1, http.StatusCreated)
- assert.NoError(t, err)
- _, _, err = httpdtest.AddFolder(f2, http.StatusCreated)
- assert.NoError(t, err)
- _, _, err = httpdtest.AddFolder(f3, http.StatusCreated)
- assert.NoError(t, err)
-
- u := getTestUser()
- u.VirtualFolders = []vfs.VirtualFolder{
- {
- BaseVirtualFolder: f1,
- VirtualPath: "/" + folder1,
- },
- {
- BaseVirtualFolder: f2,
- VirtualPath: "/" + folder2,
- },
- {
- BaseVirtualFolder: f3,
- VirtualPath: "/" + folder3,
- },
- }
- user, _, err := httpdtest.AddUser(u, http.StatusCreated)
- assert.NoError(t, err)
- user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK)
- assert.NoError(t, err)
- if assert.Len(t, user.VirtualFolders, 3) {
- assert.Equal(t, folder1, user.VirtualFolders[0].Name)
- assert.Equal(t, folder2, user.VirtualFolders[1].Name)
- assert.Equal(t, folder3, user.VirtualFolders[2].Name)
- }
- // Update
- user.VirtualFolders = []vfs.VirtualFolder{
- {
- BaseVirtualFolder: f2,
- VirtualPath: "/" + folder2,
- },
- {
- BaseVirtualFolder: f1,
- VirtualPath: "/" + folder1,
- },
- {
- BaseVirtualFolder: f3,
- VirtualPath: "/" + folder3,
- },
- }
- user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "")
- assert.NoError(t, err)
- user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK)
- assert.NoError(t, err)
- if assert.Len(t, user.VirtualFolders, 3) {
- assert.Equal(t, folder2, user.VirtualFolders[0].Name)
- assert.Equal(t, folder1, user.VirtualFolders[1].Name)
- assert.Equal(t, folder3, user.VirtualFolders[2].Name)
- }
-
- g := getTestGroup()
- g.VirtualFolders = []vfs.VirtualFolder{
- {
- BaseVirtualFolder: f1,
- VirtualPath: "/" + folder1,
- },
- {
- BaseVirtualFolder: f2,
- VirtualPath: "/" + folder2,
- },
- {
- BaseVirtualFolder: f3,
- VirtualPath: "/" + folder3,
- },
- }
- group, _, err := httpdtest.AddGroup(g, http.StatusCreated)
- assert.NoError(t, err)
- group, _, err = httpdtest.GetGroupByName(group.Name, http.StatusOK)
- assert.NoError(t, err)
- if assert.Len(t, group.VirtualFolders, 3) {
- assert.Equal(t, folder1, group.VirtualFolders[0].Name)
- assert.Equal(t, folder2, group.VirtualFolders[1].Name)
- assert.Equal(t, folder3, group.VirtualFolders[2].Name)
- }
- group, _, err = httpdtest.GetGroupByName(group.Name, http.StatusOK)
- assert.NoError(t, err)
- group.VirtualFolders = []vfs.VirtualFolder{
- {
- BaseVirtualFolder: f3,
- VirtualPath: "/" + folder3,
- },
- {
- BaseVirtualFolder: f1,
- VirtualPath: "/" + folder1,
- },
- {
- BaseVirtualFolder: f2,
- VirtualPath: "/" + folder2,
- },
- }
- group, _, err = httpdtest.UpdateGroup(group, http.StatusOK)
- assert.NoError(t, err)
- group, _, err = httpdtest.GetGroupByName(group.Name, http.StatusOK)
- assert.NoError(t, err)
- if assert.Len(t, group.VirtualFolders, 3) {
- assert.Equal(t, folder3, group.VirtualFolders[0].Name)
- assert.Equal(t, folder1, group.VirtualFolders[1].Name)
- assert.Equal(t, folder2, group.VirtualFolders[2].Name)
- }
-
- _, err = httpdtest.RemoveUser(user, http.StatusOK)
- assert.NoError(t, err)
- _, err = httpdtest.RemoveGroup(group, http.StatusOK)
- assert.NoError(t, err)
-
- _, err = httpdtest.RemoveFolder(f1, http.StatusOK)
- assert.NoError(t, err)
- _, err = httpdtest.RemoveFolder(f2, http.StatusOK)
- assert.NoError(t, err)
- _, err = httpdtest.RemoveFolder(f3, http.StatusOK)
- assert.NoError(t, err)
-}
-
-func TestSortRelatedGroups(t *testing.T) {
- name1 := util.GenerateUniqueID()
- name2 := util.GenerateUniqueID()
- name3 := util.GenerateUniqueID()
-
- g1 := getTestGroup()
- g1.Name = name1
- g2 := getTestGroup()
- g2.Name = name2
- g3 := getTestGroup()
- g3.Name = name3
-
- group1, _, err := httpdtest.AddGroup(g1, http.StatusCreated)
- assert.NoError(t, err)
- group2, _, err := httpdtest.AddGroup(g2, http.StatusCreated)
- assert.NoError(t, err)
- group3, _, err := httpdtest.AddGroup(g3, http.StatusCreated)
- assert.NoError(t, err)
-
- u := getTestUser()
- u.Groups = []sdk.GroupMapping{
- {
- Name: name1,
- },
- }
- _, _, err = httpdtest.AddUser(u, http.StatusBadRequest)
- assert.NoError(t, err)
- u.Groups = []sdk.GroupMapping{
- {
- Name: name1,
- Type: sdk.GroupTypePrimary,
- },
- {
- Name: name2,
- Type: sdk.GroupTypeSecondary,
- },
- {
- Name: name3,
- Type: sdk.GroupTypeMembership,
- },
- }
- user, _, err := httpdtest.AddUser(u, http.StatusCreated)
- assert.NoError(t, err)
- user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK)
- assert.NoError(t, err)
- if assert.Len(t, user.Groups, 3) {
- assert.Equal(t, name1, user.Groups[0].Name)
- assert.Equal(t, name2, user.Groups[1].Name)
- assert.Equal(t, name3, user.Groups[2].Name)
- }
- user.Groups = []sdk.GroupMapping{
- {
- Name: name2,
- Type: sdk.GroupTypeSecondary,
- },
- {
- Name: name3,
- Type: sdk.GroupTypeMembership,
- },
- {
- Name: name1,
- Type: sdk.GroupTypePrimary,
- },
- }
- user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "")
- assert.NoError(t, err)
- user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK)
- assert.NoError(t, err)
- if assert.Len(t, user.Groups, 3) {
- assert.Equal(t, name2, user.Groups[0].Name)
- assert.Equal(t, name3, user.Groups[1].Name)
- assert.Equal(t, name1, user.Groups[2].Name)
- }
-
- a := getTestAdmin()
- a.Username = altAdminUsername
- a.Groups = []dataprovider.AdminGroupMapping{
- {
- Name: name3,
- Options: dataprovider.AdminGroupMappingOptions{
- AddToUsersAs: dataprovider.GroupAddToUsersAsSecondary,
- },
- },
- {
- Name: name2,
- Options: dataprovider.AdminGroupMappingOptions{
- AddToUsersAs: dataprovider.GroupAddToUsersAsPrimary,
- },
- },
- {
- Name: name1,
- Options: dataprovider.AdminGroupMappingOptions{
- AddToUsersAs: dataprovider.GroupAddToUsersAsMembership,
- },
- },
- }
- admin, _, err := httpdtest.AddAdmin(a, http.StatusCreated)
- assert.NoError(t, err)
- admin, _, err = httpdtest.GetAdminByUsername(admin.Username, http.StatusOK)
- assert.NoError(t, err)
- if assert.Len(t, admin.Groups, 3) {
- assert.Equal(t, name3, admin.Groups[0].Name)
- assert.Equal(t, name2, admin.Groups[1].Name)
- assert.Equal(t, name1, admin.Groups[2].Name)
- }
- admin.Groups = []dataprovider.AdminGroupMapping{
- {
- Name: name1,
- Options: dataprovider.AdminGroupMappingOptions{
- AddToUsersAs: dataprovider.GroupAddToUsersAsPrimary,
- },
- },
- {
- Name: name3,
- Options: dataprovider.AdminGroupMappingOptions{
- AddToUsersAs: dataprovider.GroupAddToUsersAsMembership,
- },
- },
- {
- Name: name2,
- Options: dataprovider.AdminGroupMappingOptions{
- AddToUsersAs: dataprovider.GroupAddToUsersAsSecondary,
- },
- },
- }
- admin, _, err = httpdtest.UpdateAdmin(admin, http.StatusOK)
- assert.NoError(t, err)
- admin, _, err = httpdtest.GetAdminByUsername(admin.Username, http.StatusOK)
- assert.NoError(t, err)
- if assert.Len(t, admin.Groups, 3) {
- assert.Equal(t, name1, admin.Groups[0].Name)
- assert.Equal(t, name3, admin.Groups[1].Name)
- assert.Equal(t, name2, admin.Groups[2].Name)
- }
-
- _, err = httpdtest.RemoveUser(user, http.StatusOK)
- assert.NoError(t, err)
- _, err = httpdtest.RemoveAdmin(admin, http.StatusOK)
- assert.NoError(t, err)
- _, err = httpdtest.RemoveGroup(group1, http.StatusOK)
- assert.NoError(t, err)
- _, err = httpdtest.RemoveGroup(group2, http.StatusOK)
- assert.NoError(t, err)
- _, err = httpdtest.RemoveGroup(group3, http.StatusOK)
- assert.NoError(t, err)
-}
-
func TestBasicGroupHandling(t *testing.T) {
g := getTestGroup()
g.UserSettings.Filters.TLSCerts = []string{"invalid cert"} // ignored for groups
@@ -1651,25 +1339,25 @@ func TestGroupSettingsOverride(t *testing.T) {
var folderNames []string
if assert.Len(t, user.VirtualFolders, 4) {
for _, f := range user.VirtualFolders {
- if !slices.Contains(folderNames, f.Name) {
+ if !util.Contains(folderNames, f.Name) {
folderNames = append(folderNames, f.Name)
}
switch f.Name {
case folderName1:
assert.Equal(t, mappedPath1, f.MappedPath)
- assert.Equal(t, 3, f.FsConfig.OSConfig.ReadBufferSize)
- assert.Equal(t, 5, f.FsConfig.OSConfig.WriteBufferSize)
- assert.True(t, slices.Contains([]string{"/vdir1", "/vdir2"}, f.VirtualPath))
+ assert.Equal(t, 3, f.BaseVirtualFolder.FsConfig.OSConfig.ReadBufferSize)
+ assert.Equal(t, 5, f.BaseVirtualFolder.FsConfig.OSConfig.WriteBufferSize)
+ assert.True(t, util.Contains([]string{"/vdir1", "/vdir2"}, f.VirtualPath))
case folderName2:
assert.Equal(t, mappedPath2, f.MappedPath)
assert.Equal(t, "/vdir3", f.VirtualPath)
- assert.Equal(t, 0, f.FsConfig.OSConfig.ReadBufferSize)
- assert.Equal(t, 0, f.FsConfig.OSConfig.WriteBufferSize)
+ assert.Equal(t, 0, f.BaseVirtualFolder.FsConfig.OSConfig.ReadBufferSize)
+ assert.Equal(t, 0, f.BaseVirtualFolder.FsConfig.OSConfig.WriteBufferSize)
case folderName3:
assert.Equal(t, mappedPath3, f.MappedPath)
assert.Equal(t, "/vdir4", f.VirtualPath)
- assert.Equal(t, 1, f.FsConfig.OSConfig.ReadBufferSize)
- assert.Equal(t, 2, f.FsConfig.OSConfig.WriteBufferSize)
+ assert.Equal(t, 1, f.BaseVirtualFolder.FsConfig.OSConfig.ReadBufferSize)
+ assert.Equal(t, 2, f.BaseVirtualFolder.FsConfig.OSConfig.WriteBufferSize)
}
}
}
@@ -1789,19 +1477,6 @@ func TestGroupSettingsOverride(t *testing.T) {
assert.Contains(t, user.Filters.WebClient, sdk.WebClientInfoChangeDisabled)
assert.Contains(t, user.Filters.WebClient, sdk.WebClientMFADisabled)
}
- // Attempt to create a user with a weak password and group1 as the primary group: this should fail
- u = getTestUser()
- u.Username = rand.Text()
- u.Password = defaultPassword
- u.Groups = []sdk.GroupMapping{
- {
- Name: group1.Name,
- Type: sdk.GroupTypePrimary,
- },
- }
- _, resp, err = httpdtest.AddUser(u, http.StatusBadRequest)
- assert.NoError(t, err)
- assert.Contains(t, string(resp), "insecure password")
err = os.RemoveAll(user.GetHomeDir())
assert.NoError(t, err)
@@ -2093,7 +1768,7 @@ func TestIPListEntriesValidation(t *testing.T) {
}
func TestBasicActionRulesHandling(t *testing.T) {
- actionName := "test_action"
+ actionName := "test action"
a := dataprovider.BaseEventAction{
Name: actionName,
Description: "test description",
@@ -2169,9 +1844,9 @@ func TestBasicActionRulesHandling(t *testing.T) {
EmailConfig: dataprovider.EventActionEmailConfig{
Recipients: []string{"email@example.com"},
Bcc: []string{"bcc@example.com"},
- Subject: "Event: {{.Event}}",
+ Subject: "Event: {{Event}}",
Body: "test mail body",
- Attachments: []string{"/{{.VirtualPath}}"},
+ Attachments: []string{"/{{VirtualPath}}"},
},
}
@@ -2209,7 +1884,7 @@ func TestBasicActionRulesHandling(t *testing.T) {
Value: "b",
},
},
- Body: `{"event":"{{.Event}}","name":"{{.Name}}"}`,
+ Body: `{"event":"{{Event}}","name":"{{Name}}"}`,
},
}
action, _, err = httpdtest.UpdateEventAction(a, http.StatusOK)
@@ -2233,7 +1908,7 @@ func TestBasicActionRulesHandling(t *testing.T) {
assert.Equal(t, defaultPassword, dbAction.Options.HTTPConfig.Password.GetPayload())
r := dataprovider.EventRule{
- Name: "test_rule_name",
+ Name: "test rule name",
Status: 1,
Description: "",
Trigger: dataprovider.EventTriggerFsEvent,
@@ -2432,16 +2107,16 @@ func TestActionRuleRelations(t *testing.T) {
action1, _, err = httpdtest.GetEventActionByName(action1.Name, http.StatusOK)
assert.NoError(t, err)
assert.Len(t, action1.Rules, 1)
- assert.True(t, slices.Contains(action1.Rules, rule1.Name))
+ assert.True(t, util.Contains(action1.Rules, rule1.Name))
action2, _, err = httpdtest.GetEventActionByName(action2.Name, http.StatusOK)
assert.NoError(t, err)
assert.Len(t, action2.Rules, 1)
- assert.True(t, slices.Contains(action2.Rules, rule2.Name))
+ assert.True(t, util.Contains(action2.Rules, rule2.Name))
action3, _, err = httpdtest.GetEventActionByName(action3.Name, http.StatusOK)
assert.NoError(t, err)
assert.Len(t, action3.Rules, 2)
- assert.True(t, slices.Contains(action3.Rules, rule1.Name))
- assert.True(t, slices.Contains(action3.Rules, rule2.Name))
+ assert.True(t, util.Contains(action3.Rules, rule1.Name))
+ assert.True(t, util.Contains(action3.Rules, rule2.Name))
// referenced actions cannot be removed
_, err = httpdtest.RemoveEventAction(action1, http.StatusBadRequest)
assert.NoError(t, err)
@@ -2469,7 +2144,7 @@ func TestActionRuleRelations(t *testing.T) {
action3, _, err = httpdtest.GetEventActionByName(action3.Name, http.StatusOK)
assert.NoError(t, err)
assert.Len(t, action3.Rules, 1)
- assert.True(t, slices.Contains(action3.Rules, rule1.Name))
+ assert.True(t, util.Contains(action3.Rules, rule1.Name))
_, err = httpdtest.RemoveEventRule(rule1, http.StatusOK)
assert.NoError(t, err)
@@ -2495,7 +2170,7 @@ func TestActionRuleRelations(t *testing.T) {
}
func TestOnDemandEventRules(t *testing.T) {
- ruleName := "test_on_demand_rule"
+ ruleName := "test on demand rule"
a := dataprovider.BaseEventAction{
Name: "a",
Type: dataprovider.ActionTypeBackup,
@@ -2536,7 +2211,7 @@ func TestOnDemandEventRules(t *testing.T) {
}
func TestIDPLoginEventRule(t *testing.T) {
- ruleName := "test_IDP_login_rule"
+ ruleName := "test IDP login rule"
a := dataprovider.BaseEventAction{
Name: "a",
Type: dataprovider.ActionTypeIDPAccountCheck,
@@ -2808,34 +2483,28 @@ func TestEventActionValidation(t *testing.T) {
_, resp, err = httpdtest.AddEventAction(action, http.StatusBadRequest)
assert.NoError(t, err)
assert.Contains(t, string(resp), "no path to rename specified")
- action.Options.FsConfig.Renames = []dataprovider.RenameConfig{
+ action.Options.FsConfig.Renames = []dataprovider.KeyValue{
{
- KeyValue: dataprovider.KeyValue{
- Key: "",
- Value: "/adir",
- },
+ Key: "",
+ Value: "/adir",
},
}
_, resp, err = httpdtest.AddEventAction(action, http.StatusBadRequest)
assert.NoError(t, err)
assert.Contains(t, string(resp), "invalid paths to rename")
- action.Options.FsConfig.Renames = []dataprovider.RenameConfig{
+ action.Options.FsConfig.Renames = []dataprovider.KeyValue{
{
- KeyValue: dataprovider.KeyValue{
- Key: "adir",
- Value: "/adir",
- },
+ Key: "adir",
+ Value: "/adir",
},
}
_, resp, err = httpdtest.AddEventAction(action, http.StatusBadRequest)
assert.NoError(t, err)
assert.Contains(t, string(resp), "rename source and target cannot be equal")
- action.Options.FsConfig.Renames = []dataprovider.RenameConfig{
+ action.Options.FsConfig.Renames = []dataprovider.KeyValue{
{
- KeyValue: dataprovider.KeyValue{
- Key: "/",
- Value: "/dir",
- },
+ Key: "/",
+ Value: "/dir",
},
}
_, resp, err = httpdtest.AddEventAction(action, http.StatusBadRequest)
@@ -3664,44 +3333,32 @@ func TestLoginRedirectNext(t *testing.T) {
checkResponseCode(t, http.StatusOK, rr)
assert.Contains(t, rr.Body.String(), fmt.Sprintf("action=%q", redirectURI))
// now login the user and check the redirect
- loginCookie, csrfToken, err := getCSRFTokenMock(webClientLoginPath, defaultRemoteAddr)
+ csrfToken, err := getCSRFTokenMock(webClientLoginPath, defaultRemoteAddr)
assert.NoError(t, err)
- assert.NotEmpty(t, loginCookie)
form := getLoginForm(defaultUsername, defaultPassword, csrfToken)
req, err = http.NewRequest(http.MethodPost, redirectURI, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
req.RequestURI = redirectURI
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusFound, rr)
assert.Equal(t, uri, rr.Header().Get("Location"))
// unsafe URI
- loginCookie, csrfToken, err = getCSRFTokenMock(webClientLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
- assert.NotEmpty(t, loginCookie)
- form = getLoginForm(defaultUsername, defaultPassword, csrfToken)
unsafeURI := webClientLoginPath + "?next=" + url.QueryEscape("http://example.net")
req, err = http.NewRequest(http.MethodPost, unsafeURI, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
req.RequestURI = unsafeURI
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusFound, rr)
assert.Equal(t, webClientFilesPath, rr.Header().Get("Location"))
- loginCookie, csrfToken, err = getCSRFTokenMock(webClientLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
- assert.NotEmpty(t, loginCookie)
- form = getLoginForm(defaultUsername, defaultPassword, csrfToken)
unsupportedURI := webClientLoginPath + "?next=" + url.QueryEscape(webClientProfilePath)
req, err = http.NewRequest(http.MethodPost, unsupportedURI, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
req.RequestURI = unsupportedURI
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusFound, rr)
@@ -3784,7 +3441,7 @@ func TestMustChangePasswordRequirement(t *testing.T) {
rr = executeRequest(req)
checkResponseCode(t, http.StatusForbidden, rr)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webChangeClientPwdPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webClientLoginPath)
assert.NoError(t, err)
form := make(url.Values)
form.Set(csrfFormToken, csrfToken)
@@ -4069,10 +3726,9 @@ func TestAdminMustChangePasswordRequirement(t *testing.T) {
setJWTCookieForReq(req, webToken)
rr := executeRequest(req)
checkResponseCode(t, http.StatusForbidden, rr)
- // The change password page should be accessible, we get the CSRF from it.
- csrfToken, err := getCSRFTokenFromInternalPageMock(webChangeAdminPwdPath, webToken)
- assert.NoError(t, err)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
+ assert.NoError(t, err)
form := make(url.Values)
form.Set(csrfFormToken, csrfToken)
form.Set("current_password", defaultTokenAuthPass)
@@ -5192,6 +4848,9 @@ func TestAddUserInvalidFsConfig(t *testing.T) {
u.FsConfig.AzBlobConfig.AccountName = "name"
_, _, err = httpdtest.AddUser(u, http.StatusBadRequest)
assert.NoError(t, err)
+ u.FsConfig.AzBlobConfig.Container = "container"
+ _, _, err = httpdtest.AddUser(u, http.StatusBadRequest)
+ assert.NoError(t, err)
u.FsConfig.AzBlobConfig.AccountKey = kms.NewSecret(sdkkms.SecretStatusRedacted, "key", "", "")
u.FsConfig.AzBlobConfig.KeyPrefix = "/amedir/subdir/"
_, _, err = httpdtest.AddUser(u, http.StatusBadRequest)
@@ -5295,12 +4954,6 @@ func TestUserRedactedPassword(t *testing.T) {
assert.Contains(t, err.Error(), "cannot save a user with a redacted secret")
}
u.FsConfig.S3Config.AccessSecret = kms.NewPlainSecret("secret")
- u.FsConfig.S3Config.SSECustomerKey = kms.NewSecret(sdkkms.SecretStatusRedacted, "mysecretkey", "", "")
- _, resp, err = httpdtest.AddUser(u, http.StatusBadRequest)
- assert.NoError(t, err, string(resp))
- assert.Contains(t, string(resp), "cannot save a user with a redacted secret")
-
- u.FsConfig.S3Config.SSECustomerKey = kms.NewPlainSecret("key")
user, _, err := httpdtest.AddUser(u, http.StatusCreated)
assert.NoError(t, err)
@@ -5349,13 +5002,6 @@ func TestRetentionAPI(t *testing.T) {
user, _, err := httpdtest.AddUser(getTestUser(), http.StatusCreated)
assert.NoError(t, err)
- t.Cleanup(func() {
- _, err = httpdtest.RemoveUser(user, http.StatusOK)
- assert.NoError(t, err)
- err = os.RemoveAll(user.GetHomeDir())
- assert.NoError(t, err)
- })
-
checks, _, err := httpdtest.GetRetentionChecks(http.StatusOK)
assert.NoError(t, err)
assert.Len(t, checks, 0)
@@ -5369,19 +5015,21 @@ func TestRetentionAPI(t *testing.T) {
folderRetention := []dataprovider.FolderRetention{
{
Path: "/",
- Retention: 24,
+ Retention: 0,
DeleteEmptyDirs: true,
},
}
- check := common.RetentionCheck{
- Folders: folderRetention,
- }
- c := common.RetentionChecks.Add(check, &user)
- require.NotNil(t, c)
+ _, err = httpdtest.StartRetentionCheck(altAdminUsername, folderRetention, http.StatusNotFound)
+ assert.NoError(t, err)
- err = c.Start()
- require.NoError(t, err)
+ resp, err := httpdtest.StartRetentionCheck(user.Username, folderRetention, http.StatusBadRequest)
+ assert.NoError(t, err)
+ assert.Contains(t, string(resp), "Invalid retention check")
+
+ folderRetention[0].Retention = 24
+ _, err = httpdtest.StartRetentionCheck(user.Username, folderRetention, http.StatusAccepted)
+ assert.NoError(t, err)
assert.Eventually(t, func() bool {
return len(common.RetentionChecks.Get("")) == 0
@@ -5392,8 +5040,8 @@ func TestRetentionAPI(t *testing.T) {
err = os.Chtimes(localFilePath, time.Now().Add(-48*time.Hour), time.Now().Add(-48*time.Hour))
assert.NoError(t, err)
- err = c.Start()
- require.NoError(t, err)
+ _, err = httpdtest.StartRetentionCheck(user.Username, folderRetention, http.StatusAccepted)
+ assert.NoError(t, err)
assert.Eventually(t, func() bool {
return len(common.RetentionChecks.Get("")) == 0
@@ -5402,25 +5050,54 @@ func TestRetentionAPI(t *testing.T) {
assert.NoFileExists(t, localFilePath)
assert.NoDirExists(t, filepath.Dir(localFilePath))
- c = common.RetentionChecks.Add(check, &user)
+ check := common.RetentionCheck{
+ Folders: folderRetention,
+ }
+ c := common.RetentionChecks.Add(check, &user)
assert.NotNil(t, c)
- assert.Nil(t, common.RetentionChecks.Add(check, &user)) // a check for this user is already in progress
-
- checks, _, err = httpdtest.GetRetentionChecks(http.StatusOK)
+ _, err = httpdtest.StartRetentionCheck(user.Username, folderRetention, http.StatusConflict)
assert.NoError(t, err)
- assert.Len(t, checks, 1)
err = c.Start()
assert.NoError(t, err)
+ assert.Len(t, common.RetentionChecks.Get(""), 0)
- assert.Eventually(t, func() bool {
- return len(common.RetentionChecks.Get("")) == 0
- }, 1000*time.Millisecond, 50*time.Millisecond)
-
- checks, _, err = httpdtest.GetRetentionChecks(http.StatusOK)
+ admin := getTestAdmin()
+ admin.Username = altAdminUsername
+ admin.Password = altAdminPassword
+ admin, _, err = httpdtest.AddAdmin(admin, http.StatusCreated)
+ assert.NoError(t, err)
+
+ token, err := getJWTAPITokenFromTestServer(altAdminUsername, altAdminPassword)
+ assert.NoError(t, err)
+ req, _ := http.NewRequest(http.MethodPost, retentionBasePath+"/"+user.Username+"/check",
+ bytes.NewBuffer([]byte("invalid json")))
+ setBearerForReq(req, token)
+ rr := executeRequest(req)
+ checkResponseCode(t, http.StatusBadRequest, rr)
+
+ asJSON, err := json.Marshal(folderRetention)
+ assert.NoError(t, err)
+ req, _ = http.NewRequest(http.MethodPost, retentionBasePath+"/"+user.Username+"/check?notifications=Email,",
+ bytes.NewBuffer(asJSON))
+ setBearerForReq(req, token)
+ rr = executeRequest(req)
+ checkResponseCode(t, http.StatusBadRequest, rr)
+ assert.Contains(t, rr.Body.String(), "to notify results via email")
+
+ _, err = httpdtest.RemoveAdmin(admin, http.StatusOK)
+ assert.NoError(t, err)
+ req, _ = http.NewRequest(http.MethodPost, retentionBasePath+"/"+user.Username+"/check?notifications=Email",
+ bytes.NewBuffer(asJSON))
+ setBearerForReq(req, token)
+ rr = executeRequest(req)
+ checkResponseCode(t, http.StatusNotFound, rr)
+
+ _, err = httpdtest.RemoveUser(user, http.StatusOK)
+ assert.NoError(t, err)
+ err = os.RemoveAll(user.GetHomeDir())
assert.NoError(t, err)
- assert.Len(t, checks, 0)
}
func TestAddUserInvalidVirtualFolders(t *testing.T) {
@@ -5550,13 +5227,6 @@ func TestUserPublicKey(t *testing.T) {
_, err = httpdtest.RemoveUser(user, http.StatusOK)
assert.NoError(t, err)
- // DSA keys are not accepted
- u = getTestUser()
- u.Password = ""
- u.PublicKeys = []string{"ssh-dss AAAAB3NzaC1kc3MAAACBAK+BKLZs1Vd0cWYOquKfp++0ml9hkzB7UDRozT3nhRcyHcuwASsXiVTqsg96oGjBcUUy076CXlsfJEXE2P0dF6tt1wvABPMwKpOn+kIrfJ0j93X2c2KIZNlD4YuNUJjLHu1DvgQHw8NMps6l5D0M5NFCRdD3NYhI5zFVJJ4CzikrAAAAFQCRBagw7gEbs0gd8So7OLMcSVzs/wAAAIBjuo7U9q8npchQ3otgCvj0xIwsQ+Fi9bH0SBceqbCcVzFYY6JXSQ0XmwHs+0AuvRCPIGaBdfcm+w+9YOxREtdEVjcmkYlfJpTaVljjWcWFWTQddbiamZhQ/xLU9CNLK4oYLwIGLZjCcG7nRDdLtLQdBFuzP/faEi3TD2BK114QmAAAAIEAj1n34pH2WKwbSZhzmz/OG0VzqJICFWboiM44LZl2AqcRBvEEycdHlGe2IKaj5lEtLgBKJt9NSFhBIzWh7gcEzSMlkiDecdYSFlDc4snmTiXaoiIehV59nTY6gc8GLWCzuem+WdHxvJ4yOSWF9k+a+Y+/v/35shNLkfokViOlN7k="}
- _, resp, err := httpdtest.AddUser(u, http.StatusBadRequest)
- assert.NoError(t, err)
- assert.Contains(t, string(resp), "DSA key format is insecure and it is not allowed")
}
func TestUpdateUserEmptyPassword(t *testing.T) {
@@ -6003,7 +5673,6 @@ func TestUserS3Config(t *testing.T) {
user.FsConfig.S3Config.Bucket = "test" //nolint:goconst
user.FsConfig.S3Config.AccessKey = "Server-Access-Key"
user.FsConfig.S3Config.AccessSecret = kms.NewPlainSecret("Server-Access-Secret")
- user.FsConfig.S3Config.SSECustomerKey = kms.NewPlainSecret("SSE-encryption-key")
user.FsConfig.S3Config.RoleARN = "myRoleARN"
user.FsConfig.S3Config.Endpoint = "http://127.0.0.1:9000"
user.FsConfig.S3Config.UploadPartSize = 8
@@ -6037,10 +5706,6 @@ func TestUserS3Config(t *testing.T) {
assert.NotEmpty(t, user.FsConfig.S3Config.AccessSecret.GetPayload())
assert.Empty(t, user.FsConfig.S3Config.AccessSecret.GetAdditionalData())
assert.Empty(t, user.FsConfig.S3Config.AccessSecret.GetKey())
- assert.Equal(t, sdkkms.SecretStatusSecretBox, user.FsConfig.S3Config.SSECustomerKey.GetStatus())
- assert.NotEmpty(t, user.FsConfig.S3Config.SSECustomerKey.GetPayload())
- assert.Empty(t, user.FsConfig.S3Config.SSECustomerKey.GetAdditionalData())
- assert.Empty(t, user.FsConfig.S3Config.SSECustomerKey.GetKey())
assert.Equal(t, 60, user.FsConfig.S3Config.DownloadPartMaxTime)
assert.Equal(t, 40, user.FsConfig.S3Config.UploadPartMaxTime)
assert.True(t, user.FsConfig.S3Config.SkipTLSVerify)
@@ -6065,14 +5730,13 @@ func TestUserS3Config(t *testing.T) {
user.ID = 0
user.CreatedAt = 0
user.VirtualFolders = nil
- user.FsConfig.S3Config.SSECustomerKey = kms.NewEmptySecret()
secret := kms.NewSecret(sdkkms.SecretStatusSecretBox, "Server-Access-Secret", "", "")
user.FsConfig.S3Config.AccessSecret = secret
_, _, err = httpdtest.AddUser(user, http.StatusCreated)
assert.Error(t, err)
user.FsConfig.S3Config.AccessSecret.SetStatus(sdkkms.SecretStatusPlain)
- user, resp, err := httpdtest.AddUser(user, http.StatusCreated)
- assert.NoError(t, err, string(resp))
+ user, _, err = httpdtest.AddUser(user, http.StatusCreated)
+ assert.NoError(t, err)
initialSecretPayload := user.FsConfig.S3Config.AccessSecret.GetPayload()
assert.Equal(t, sdkkms.SecretStatusSecretBox, user.FsConfig.S3Config.AccessSecret.GetStatus())
assert.NotEmpty(t, initialSecretPayload)
@@ -6449,7 +6113,6 @@ func TestUserHiddenFields(t *testing.T) {
u1.FsConfig.S3Config.Region = "us-east-1"
u1.FsConfig.S3Config.AccessKey = "S3-Access-Key"
u1.FsConfig.S3Config.AccessSecret = kms.NewPlainSecret("S3-Access-Secret")
- u1.FsConfig.S3Config.SSECustomerKey = kms.NewPlainSecret("SSE-secret-key")
user1, _, err := httpdtest.AddUser(u1, http.StatusCreated)
assert.NoError(t, err)
@@ -6522,10 +6185,6 @@ func TestUserHiddenFields(t *testing.T) {
assert.Empty(t, user1.FsConfig.S3Config.AccessSecret.GetAdditionalData())
assert.NotEmpty(t, user1.FsConfig.S3Config.AccessSecret.GetStatus())
assert.NotEmpty(t, user1.FsConfig.S3Config.AccessSecret.GetPayload())
- assert.Empty(t, user1.FsConfig.S3Config.SSECustomerKey.GetKey())
- assert.Empty(t, user1.FsConfig.S3Config.SSECustomerKey.GetAdditionalData())
- assert.NotEmpty(t, user1.FsConfig.S3Config.SSECustomerKey.GetStatus())
- assert.NotEmpty(t, user1.FsConfig.S3Config.SSECustomerKey.GetPayload())
user2, _, err = httpdtest.GetUserByUsername(user2.Username, http.StatusOK)
assert.NoError(t, err)
@@ -6580,22 +6239,12 @@ func TestUserHiddenFields(t *testing.T) {
assert.NotEmpty(t, user1.FsConfig.S3Config.AccessSecret.GetAdditionalData())
assert.NotEmpty(t, user1.FsConfig.S3Config.AccessSecret.GetStatus())
assert.NotEmpty(t, user1.FsConfig.S3Config.AccessSecret.GetPayload())
- assert.NotEmpty(t, user1.FsConfig.S3Config.SSECustomerKey.GetKey())
- assert.NotEmpty(t, user1.FsConfig.S3Config.SSECustomerKey.GetAdditionalData())
- assert.NotEmpty(t, user1.FsConfig.S3Config.SSECustomerKey.GetStatus())
- assert.NotEmpty(t, user1.FsConfig.S3Config.SSECustomerKey.GetPayload())
err = user1.FsConfig.S3Config.AccessSecret.Decrypt()
assert.NoError(t, err)
- err = user1.FsConfig.S3Config.SSECustomerKey.Decrypt()
- assert.NoError(t, err)
assert.Equal(t, sdkkms.SecretStatusPlain, user1.FsConfig.S3Config.AccessSecret.GetStatus())
assert.Equal(t, u1.FsConfig.S3Config.AccessSecret.GetPayload(), user1.FsConfig.S3Config.AccessSecret.GetPayload())
assert.Empty(t, user1.FsConfig.S3Config.AccessSecret.GetKey())
assert.Empty(t, user1.FsConfig.S3Config.AccessSecret.GetAdditionalData())
- assert.Equal(t, sdkkms.SecretStatusPlain, user1.FsConfig.S3Config.SSECustomerKey.GetStatus())
- assert.Equal(t, u1.FsConfig.S3Config.SSECustomerKey.GetPayload(), user1.FsConfig.S3Config.SSECustomerKey.GetPayload())
- assert.Empty(t, user1.FsConfig.S3Config.SSECustomerKey.GetKey())
- assert.Empty(t, user1.FsConfig.S3Config.SSECustomerKey.GetAdditionalData())
user2, err = dataprovider.UserExists(user2.Username, "")
assert.NoError(t, err)
@@ -7032,7 +6681,6 @@ func TestCloseActiveConnection(t *testing.T) {
_, err = httpdtest.CloseConnection(c.GetID(), http.StatusOK)
assert.NoError(t, err)
assert.Len(t, common.Connections.GetStats(""), 0)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func TestCloseConnectionAfterUserUpdateDelete(t *testing.T) {
@@ -7065,7 +6713,6 @@ func TestCloseConnectionAfterUserUpdateDelete(t *testing.T) {
_, err = httpdtest.RemoveUser(user, http.StatusOK)
assert.NoError(t, err)
assert.Len(t, common.Connections.GetStats(""), 0)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func TestAdminGenerateRecoveryCodesSaveError(t *testing.T) {
@@ -7124,57 +6771,6 @@ func TestAdminGenerateRecoveryCodesSaveError(t *testing.T) {
assert.NoError(t, err)
}
-func TestAdminCredentialsWithSpaces(t *testing.T) {
- a := getTestAdmin()
- a.Username = xid.New().String()
- a.Password = " " + xid.New().String() + " "
- admin, _, err := httpdtest.AddAdmin(a, http.StatusCreated)
- assert.NoError(t, err)
- // For admins the password is always trimmed.
- _, err = getJWTAPITokenFromTestServer(a.Username, a.Password)
- assert.Error(t, err)
- _, err = getJWTAPITokenFromTestServer(a.Username, strings.TrimSpace(a.Password))
- assert.NoError(t, err)
- // The password sent from the WebAdmin UI is automatically trimmed
- _, err = getJWTWebToken(a.Username, a.Password)
- assert.NoError(t, err)
- _, err = getJWTWebToken(a.Username, strings.TrimSpace(a.Password))
- assert.NoError(t, err)
-
- _, err = httpdtest.RemoveAdmin(admin, http.StatusOK)
- assert.NoError(t, err)
-}
-
-func TestUserCredentialsWithSpaces(t *testing.T) {
- u := getTestUser()
- u.Password = " " + xid.New().String() + " "
- user, _, err := httpdtest.AddUser(u, http.StatusCreated)
- assert.NoError(t, err)
- // For users the password is not trimmed
- _, err = getJWTAPIUserTokenFromTestServer(u.Username, u.Password)
- assert.NoError(t, err)
- _, err = getJWTAPIUserTokenFromTestServer(u.Username, strings.TrimSpace(u.Password))
- assert.Error(t, err)
-
- _, err = getJWTWebClientTokenFromTestServer(u.Username, u.Password)
- assert.NoError(t, err)
- _, err = getJWTWebClientTokenFromTestServer(u.Username, strings.TrimSpace(u.Password))
- assert.Error(t, err)
-
- user.Password = u.Password
- conn, sftpClient, err := getSftpClient(user)
- if assert.NoError(t, err) {
- conn.Close()
- sftpClient.Close()
- }
- user.Password = strings.TrimSpace(u.Password)
- _, _, err = getSftpClient(user)
- assert.Error(t, err)
-
- _, err = httpdtest.RemoveUser(user, http.StatusOK)
- assert.NoError(t, err)
-}
-
func TestNamingRules(t *testing.T) {
smtpCfg := smtp.Config{
Host: "127.0.0.1",
@@ -7270,9 +6866,9 @@ func TestNamingRules(t *testing.T) {
return
}
- token, err = getJWTWebClientTokenFromTestServer(user.Username, defaultPassword)
+ csrfToken, err := getCSRFToken(httpBaseURL + webClientLoginPath)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webClientProfilePath, token)
+ token, err = getJWTWebClientTokenFromTestServer(user.Username, defaultPassword)
assert.NoError(t, err)
form := make(url.Values)
form.Set(csrfFormToken, csrfToken)
@@ -7284,8 +6880,6 @@ func TestNamingRules(t *testing.T) {
checkResponseCode(t, http.StatusOK, rr)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidUser)
// test user reset password. Setting the new password will fail because the username is not valid
- loginCookie, csrfToken, err := getCSRFTokenMock(webClientLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
form = make(url.Values)
form.Set("username", user.Username)
form.Set(csrfFormToken, csrfToken)
@@ -7293,7 +6887,6 @@ func TestNamingRules(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webClientForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
@@ -7306,7 +6899,6 @@ func TestNamingRules(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webClientResetPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -7348,7 +6940,7 @@ func TestNamingRules(t *testing.T) {
token, err = getJWTWebTokenFromTestServer(admin.Username, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webAdminProfilePath, token)
+ csrfToken, err = getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
form = make(url.Values)
form.Set(csrfFormToken, csrfToken)
@@ -7379,8 +6971,6 @@ func TestNamingRules(t *testing.T) {
checkResponseCode(t, http.StatusBadRequest, rr)
assert.Contains(t, rr.Body.String(), "the following characters are allowed")
// test admin reset password
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
form = make(url.Values)
form.Set("username", admin.Username)
form.Set(csrfFormToken, csrfToken)
@@ -7388,13 +6978,10 @@ func TestNamingRules(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
assert.GreaterOrEqual(t, len(lastResetCode), 20)
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
form = make(url.Values)
form.Set(csrfFormToken, csrfToken)
form.Set("code", lastResetCode)
@@ -7403,7 +6990,6 @@ func TestNamingRules(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminResetPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -7555,13 +7141,12 @@ func TestSaveErrors(t *testing.T) {
assert.NoError(t, err)
assert.Contains(t, string(resp), "the following characters are allowed")
- loginCookie, csrfToken, err := getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
form := getLoginForm(a.Username, a.Password, csrfToken)
req, err := http.NewRequest(http.MethodPost, webLoginPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr := executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
@@ -7569,8 +7154,6 @@ func TestSaveErrors(t *testing.T) {
cookie, err := getCookieFromResponse(rr)
assert.NoError(t, err)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webAdminTwoFactorRecoveryPath, cookie)
- assert.NoError(t, err)
form = make(url.Values)
form.Set("recovery_code", recCode)
form.Set(csrfFormToken, csrfToken)
@@ -7583,13 +7166,12 @@ func TestSaveErrors(t *testing.T) {
assert.Equal(t, http.StatusInternalServerError, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nError500Message)
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
+ csrfToken, err = getCSRFToken(httpBaseURL + webClientLoginPath)
assert.NoError(t, err)
form = getLoginForm(u.Username, u.Password, csrfToken)
req, err = http.NewRequest(http.MethodPost, webClientLoginPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
@@ -7597,8 +7179,6 @@ func TestSaveErrors(t *testing.T) {
cookie, err = getCookieFromResponse(rr)
assert.NoError(t, err)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webClientTwoFactorRecoveryPath, cookie)
- assert.NoError(t, err)
form = make(url.Values)
form.Set("recovery_code", recCode)
form.Set(csrfFormToken, csrfToken)
@@ -7741,7 +7321,7 @@ func TestProviderErrors(t *testing.T) {
rr = executeRequest(req)
checkResponseCode(t, http.StatusInternalServerError, rr)
// password reset errors
- loginCookie, csrfToken, err := getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
form := make(url.Values)
form.Set("username", "username")
@@ -7749,7 +7329,6 @@ func TestProviderErrors(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webClientForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -7876,7 +7455,7 @@ func TestProviderErrors(t *testing.T) {
backupData = dataprovider.BackupData{
EventActions: []dataprovider.BaseEventAction{
{
- Name: "quota_reset",
+ Name: "quota reset",
Type: dataprovider.ActionTypeFolderQuotaReset,
},
},
@@ -7891,7 +7470,7 @@ func TestProviderErrors(t *testing.T) {
backupData = dataprovider.BackupData{
EventRules: []dataprovider.EventRule{
{
- Name: "quota_reset",
+ Name: "quota reset",
Trigger: dataprovider.EventTriggerSchedule,
Conditions: dataprovider.EventConditions{
Schedules: []dataprovider.Schedule{
@@ -8685,7 +8264,7 @@ func TestLoaddata(t *testing.T) {
}
action := dataprovider.BaseEventAction{
ID: 81,
- Name: "test_restore_action",
+ Name: "test restore action",
Type: dataprovider.ActionTypeHTTP,
Options: dataprovider.BaseEventActionOptions{
HTTPConfig: dataprovider.EventActionHTTPConfig{
@@ -8695,13 +8274,13 @@ func TestLoaddata(t *testing.T) {
Timeout: 10,
SkipTLSVerify: true,
Method: http.MethodPost,
- Body: `{"event":"{{.Event}}","name":"{{.Name}}"}`,
+ Body: `{"event":"{{Event}}","name":"{{Name}}"}`,
},
},
}
rule := dataprovider.EventRule{
ID: 100,
- Name: "test_rule_restore",
+ Name: "test rule restore",
Description: "",
Trigger: dataprovider.EventTriggerFsEvent,
Conditions: dataprovider.EventConditions{
@@ -8719,7 +8298,7 @@ func TestLoaddata(t *testing.T) {
configs := dataprovider.Configs{
SFTPD: &dataprovider.SFTPDConfigs{
HostKeyAlgos: []string{ssh.KeyAlgoRSA, ssh.CertAlgoRSAv01},
- PublicKeyAlgos: []string{ssh.InsecureKeyAlgoDSA}, //nolint:staticcheck
+ PublicKeyAlgos: []string{ssh.InsecureKeyAlgoDSA},
},
SMTP: &dataprovider.SMTPConfigs{
Host: "mail.example.com",
@@ -8786,7 +8365,7 @@ func TestLoaddata(t *testing.T) {
assert.NoError(t, err)
assert.Equal(t, configs.SMTP, configsGet.SMTP)
assert.Equal(t, []string{ssh.KeyAlgoRSA}, configsGet.SFTPD.HostKeyAlgos)
- assert.Equal(t, []string{ssh.InsecureKeyAlgoDSA}, configsGet.SFTPD.PublicKeyAlgos) //nolint:staticcheck
+ assert.Equal(t, []string{ssh.InsecureKeyAlgoDSA}, configsGet.SFTPD.PublicKeyAlgos)
assert.Len(t, configsGet.SFTPD.KexAlgorithms, 0)
assert.Len(t, configsGet.SFTPD.Ciphers, 0)
assert.Len(t, configsGet.SFTPD.MACs, 0)
@@ -8941,85 +8520,6 @@ func TestLoaddata(t *testing.T) {
assert.NoError(t, err)
}
-func TestLoaddataConvertActions(t *testing.T) {
- a1 := dataprovider.BaseEventAction{
- Name: xid.New().String(),
- Type: dataprovider.ActionTypeEmail,
- Options: dataprovider.BaseEventActionOptions{
- EmailConfig: dataprovider.EventActionEmailConfig{
- Recipients: []string{"failure@example.com"},
- Subject: `Failed "{{Event}}" from "{{Name}}"`,
- Body: "Object name: {{ObjectName}} object type: {{ObjectType}}, IP: {{IP}}",
- },
- },
- }
- a2 := dataprovider.BaseEventAction{
- Name: xid.New().String(),
- Type: dataprovider.ActionTypeFilesystem,
- Options: dataprovider.BaseEventActionOptions{
- FsConfig: dataprovider.EventActionFilesystemConfig{
- Type: dataprovider.FilesystemActionRename,
- Renames: []dataprovider.RenameConfig{
- {
- KeyValue: dataprovider.KeyValue{
- Key: "/{{VirtualDirPath}}/{{ObjectName}}",
- Value: "/{{ObjectName}}_renamed",
- },
- },
- },
- },
- },
- }
- backupData := dataprovider.BackupData{
- EventActions: []dataprovider.BaseEventAction{a1, a2},
- Version: 16,
- }
- backupContent, err := json.Marshal(backupData)
- assert.NoError(t, err)
- backupFilePath := filepath.Join(backupsPath, "backup.json")
- err = os.WriteFile(backupFilePath, backupContent, os.ModePerm)
- assert.NoError(t, err)
- _, resp, err := httpdtest.Loaddata(backupFilePath, "1", "2", http.StatusOK)
- assert.NoError(t, err, string(resp))
- // Check that actions are migrated.
- action1, _, err := httpdtest.GetEventActionByName(a1.Name, http.StatusOK)
- assert.NoError(t, err)
- action2, _, err := httpdtest.GetEventActionByName(a2.Name, http.StatusOK)
- assert.NoError(t, err)
- assert.Equal(t, `Failed "{{.Event}}" from "{{.Name}}"`, action1.Options.EmailConfig.Subject)
- assert.Equal(t, `Object name: {{.ObjectName}} object type: {{.ObjectType}}, IP: {{.IP}}`, action1.Options.EmailConfig.Body)
- assert.Equal(t, `/{{.VirtualDirPath}}/{{.ObjectName}}`, action2.Options.FsConfig.Renames[0].Key)
- assert.Equal(t, `/{{.ObjectName}}_renamed`, action2.Options.FsConfig.Renames[0].Value)
- // If we restore a backup from the current version actions are not migrated.
- backupData = dataprovider.BackupData{
- EventActions: []dataprovider.BaseEventAction{a1, a2},
- Version: dataprovider.DumpVersion,
- }
- backupContent, err = json.Marshal(backupData)
- assert.NoError(t, err)
- backupFilePath = filepath.Join(backupsPath, "backup.json")
- err = os.WriteFile(backupFilePath, backupContent, os.ModePerm)
- assert.NoError(t, err)
- _, resp, err = httpdtest.Loaddata(backupFilePath, "1", "2", http.StatusOK)
- assert.NoError(t, err, string(resp))
- action1, _, err = httpdtest.GetEventActionByName(a1.Name, http.StatusOK)
- assert.NoError(t, err)
- action2, _, err = httpdtest.GetEventActionByName(a2.Name, http.StatusOK)
- assert.NoError(t, err)
- assert.Equal(t, `Failed "{{Event}}" from "{{Name}}"`, action1.Options.EmailConfig.Subject)
- assert.Equal(t, `Object name: {{ObjectName}} object type: {{ObjectType}}, IP: {{IP}}`, action1.Options.EmailConfig.Body)
- assert.Equal(t, `/{{VirtualDirPath}}/{{ObjectName}}`, action2.Options.FsConfig.Renames[0].Key)
- assert.Equal(t, `/{{ObjectName}}_renamed`, action2.Options.FsConfig.Renames[0].Value)
- // Cleanup.
- _, err = httpdtest.RemoveEventAction(action1, http.StatusOK)
- assert.NoError(t, err)
- _, err = httpdtest.RemoveEventAction(action2, http.StatusOK)
- assert.NoError(t, err)
- actions, _, err := httpdtest.GetEventActions(0, 0, http.StatusOK)
- assert.NoError(t, err)
- assert.Len(t, actions, 0)
-}
-
func TestLoaddataMode(t *testing.T) {
err := dataprovider.UpdateConfigs(nil, "", "", "")
assert.NoError(t, err)
@@ -9066,7 +8566,7 @@ func TestLoaddataMode(t *testing.T) {
}
action := dataprovider.BaseEventAction{
ID: 81,
- Name: "test_restore_action_data_mode",
+ Name: "test restore action data mode",
Description: "action desc",
Type: dataprovider.ActionTypeHTTP,
Options: dataprovider.BaseEventActionOptions{
@@ -9077,13 +8577,13 @@ func TestLoaddataMode(t *testing.T) {
Timeout: 10,
SkipTLSVerify: true,
Method: http.MethodPost,
- Body: `{"event":"{{.Event}}","name":"{{.Name}}"}`,
+ Body: `{"event":"{{Event}}","name":"{{Name}}"}`,
},
},
}
rule := dataprovider.EventRule{
ID: 100,
- Name: "test_rule_restore_data_mode",
+ Name: "test rule restore data mode",
Description: "rule desc",
Trigger: dataprovider.EventTriggerFsEvent,
Conditions: dataprovider.EventConditions{
@@ -9212,7 +8712,7 @@ func TestLoaddataMode(t *testing.T) {
entry, _, err = httpdtest.UpdateIPListEntry(entry, http.StatusOK)
assert.NoError(t, err)
- configs.SFTPD.PublicKeyAlgos = append(configs.SFTPD.PublicKeyAlgos, ssh.InsecureKeyAlgoDSA) //nolint:staticcheck
+ configs.SFTPD.PublicKeyAlgos = append(configs.SFTPD.PublicKeyAlgos, ssh.InsecureKeyAlgoDSA)
err = dataprovider.UpdateConfigs(&configs, "", "", "")
assert.NoError(t, err)
backupData.Configs = &configs
@@ -9281,7 +8781,6 @@ func TestLoaddataMode(t *testing.T) {
assert.NoError(t, err)
// mode 2 will update the user and close the previous connection
assert.Len(t, common.Connections.GetStats(""), 0)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, oldUploadBandwidth, user.UploadBandwidth)
@@ -9424,7 +8923,7 @@ func TestBasicUserHandlingMock(t *testing.T) {
assert.Equal(t, user.MaxSessions, updatedUser.MaxSessions)
assert.Equal(t, user.UploadBandwidth, updatedUser.UploadBandwidth)
assert.Equal(t, 1, len(updatedUser.Permissions["/"]))
- assert.True(t, slices.Contains(updatedUser.Permissions["/"], dataprovider.PermAny))
+ assert.True(t, util.Contains(updatedUser.Permissions["/"], dataprovider.PermAny))
req, _ = http.NewRequest(http.MethodDelete, userPath+"/"+user.Username, nil)
setBearerForReq(req, token)
rr = executeRequest(req)
@@ -9590,7 +9089,7 @@ func TestEventRuleErrorsMock(t *testing.T) {
checkResponseCode(t, http.StatusBadRequest, rr)
a := dataprovider.BaseEventAction{
- Name: "action_name",
+ Name: "action name",
Description: "test description",
Type: dataprovider.ActionTypeBackup,
Options: dataprovider.BaseEventActionOptions{},
@@ -9605,7 +9104,7 @@ func TestEventRuleErrorsMock(t *testing.T) {
checkResponseCode(t, http.StatusBadRequest, rr)
r := dataprovider.EventRule{
- Name: "test_event_rule",
+ Name: "test event rule",
Trigger: dataprovider.EventTriggerSchedule,
Conditions: dataprovider.EventConditions{
Schedules: []dataprovider.Schedule{
@@ -9816,13 +9315,12 @@ func TestAdminTwoFactorLogin(t *testing.T) {
rr = executeRequest(req)
checkResponseCode(t, http.StatusNotFound, rr)
- loginCookie, csrfToken, err := getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
form := getLoginForm(altAdminUsername, altAdminPassword, csrfToken)
req, err = http.NewRequest(http.MethodPost, webLoginPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
@@ -9877,8 +9375,6 @@ func TestAdminTwoFactorLogin(t *testing.T) {
assert.Equal(t, http.StatusOK, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCSRF)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webAdminTwoFactorRecoveryPath, cookie)
- assert.NoError(t, err)
form.Set(csrfFormToken, csrfToken)
form.Set("passcode", "invalid_passcode")
req, err = http.NewRequest(http.MethodPost, webAdminTwoFactorPath, bytes.NewBuffer([]byte(form.Encode())))
@@ -9917,13 +9413,10 @@ func TestAdminTwoFactorLogin(t *testing.T) {
rr = executeRequest(req)
assert.Equal(t, http.StatusNotFound, rr.Code)
// get a new cookie and login using a recovery code
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
form = getLoginForm(altAdminUsername, altAdminPassword, csrfToken)
req, err = http.NewRequest(http.MethodPost, webLoginPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
@@ -9944,8 +9437,6 @@ func TestAdminTwoFactorLogin(t *testing.T) {
assert.Equal(t, http.StatusOK, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCSRF)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webAdminTwoFactorRecoveryPath, cookie)
- assert.NoError(t, err)
form.Set(csrfFormToken, csrfToken)
form.Set("recovery_code", "")
req, err = http.NewRequest(http.MethodPost, webAdminTwoFactorRecoveryPath, bytes.NewBuffer([]byte(form.Encode())))
@@ -9996,21 +9487,16 @@ func TestAdminTwoFactorLogin(t *testing.T) {
}
assert.True(t, found)
// the same recovery code cannot be reused
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
form = getLoginForm(altAdminUsername, altAdminPassword, csrfToken)
req, err = http.NewRequest(http.MethodPost, webLoginPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
assert.Equal(t, webAdminTwoFactorPath, rr.Header().Get("Location"))
cookie, err = getCookieFromResponse(rr)
assert.NoError(t, err)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webAdminTwoFactorRecoveryPath, cookie)
- assert.NoError(t, err)
form = make(url.Values)
form.Set("recovery_code", recoveryCode)
form.Set(csrfFormToken, csrfToken)
@@ -10033,23 +9519,12 @@ func TestAdminTwoFactorLogin(t *testing.T) {
assert.Equal(t, http.StatusOK, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCredentials)
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
form = getLoginForm(altAdminUsername, altAdminPassword, csrfToken)
req, err = http.NewRequest(http.MethodPost, webLoginPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
- assert.Equal(t, http.StatusOK, rr.Code)
- assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCSRF)
-
- req, err = http.NewRequest(http.MethodPost, webLoginPath, bytes.NewBuffer([]byte(form.Encode())))
- assert.NoError(t, err)
- req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
- req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
- rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
assert.Equal(t, webAdminTwoFactorPath, rr.Header().Get("Location"))
cookie, err = getCookieFromResponse(rr)
@@ -10077,8 +9552,6 @@ func TestAdminTwoFactorLogin(t *testing.T) {
checkResponseCode(t, http.StatusBadRequest, rr)
assert.Contains(t, rr.Body.String(), "two-factor authentication is not enabled")
- csrfToken, err = getCSRFTokenFromInternalPageMock(webAdminTwoFactorRecoveryPath, cookie)
- assert.NoError(t, err)
form = make(url.Values)
form.Set("recovery_code", recoveryCode)
form.Set(csrfFormToken, csrfToken)
@@ -10352,7 +9825,7 @@ func TestSMTPConfig(t *testing.T) {
tokenHeader := "X-CSRF-TOKEN"
webToken, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webConfigsPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
req, err := http.NewRequest(http.MethodPost, smtpTestURL, bytes.NewBuffer([]byte("{")))
assert.NoError(t, err)
@@ -10436,7 +9909,7 @@ func TestOAuth2TokenRequest(t *testing.T) {
tokenHeader := "X-CSRF-TOKEN"
webToken, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webConfigsPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
req, err := http.NewRequest(http.MethodPost, webOAuth2TokenPath, bytes.NewBuffer([]byte("{")))
assert.NoError(t, err)
@@ -10577,24 +10050,14 @@ func TestWebUserTwoFactorLogin(t *testing.T) {
rr = executeRequest(req)
checkResponseCode(t, http.StatusNotFound, rr)
- loginCookie, csrfToken, err := getCSRFTokenMock(webClientLoginPath, defaultRemoteAddr)
+ csrfToken, err := getCSRFToken(httpBaseURL + webClientLoginPath)
assert.NoError(t, err)
form := getLoginForm(defaultUsername, defaultPassword, csrfToken)
- // CSRF verification fails if there is no cookie
req, err = http.NewRequest(http.MethodPost, webClientLoginPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
- assert.Equal(t, http.StatusOK, rr.Code)
- assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCSRF)
-
- req, err = http.NewRequest(http.MethodPost, webClientLoginPath, bytes.NewBuffer([]byte(form.Encode())))
- assert.NoError(t, err)
- req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
- req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
- rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
assert.Equal(t, webClientTwoFactorPath, rr.Header().Get("Location"))
cookie, err := getCookieFromResponse(rr)
@@ -10611,13 +10074,6 @@ func TestWebUserTwoFactorLogin(t *testing.T) {
assert.NoError(t, err)
rr = executeRequest(req)
checkResponseCode(t, http.StatusNotFound, rr)
- // invalid IP address
- req, err = http.NewRequest(http.MethodGet, webClientTwoFactorPath, nil)
- assert.NoError(t, err)
- setJWTCookieForReq(req, cookie)
- req.RemoteAddr = "6.7.8.9:4567"
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusNotFound, rr)
req, err = http.NewRequest(http.MethodGet, webClientTwoFactorRecoveryPath, nil)
assert.NoError(t, err)
@@ -10653,8 +10109,6 @@ func TestWebUserTwoFactorLogin(t *testing.T) {
assert.Equal(t, http.StatusOK, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCSRF)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webClientTwoFactorPath, cookie)
- assert.NoError(t, err)
form.Set(csrfFormToken, csrfToken)
form.Set("passcode", "invalid_user_passcode")
req, err = http.NewRequest(http.MethodPost, webClientTwoFactorPath, bytes.NewBuffer([]byte(form.Encode())))
@@ -10694,13 +10148,10 @@ func TestWebUserTwoFactorLogin(t *testing.T) {
rr = executeRequest(req)
assert.Equal(t, http.StatusNotFound, rr.Code)
// get a new cookie and login using a recovery code
- loginCookie, csrfToken, err = getCSRFTokenMock(webClientLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
form = getLoginForm(defaultUsername, defaultPassword, csrfToken)
req, err = http.NewRequest(http.MethodPost, webClientLoginPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
@@ -10720,8 +10171,6 @@ func TestWebUserTwoFactorLogin(t *testing.T) {
assert.Equal(t, http.StatusOK, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCSRF)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webClientTwoFactorRecoveryPath, cookie)
- assert.NoError(t, err)
form.Set(csrfFormToken, csrfToken)
form.Set("recovery_code", "")
req, err = http.NewRequest(http.MethodPost, webClientTwoFactorRecoveryPath, bytes.NewBuffer([]byte(form.Encode())))
@@ -10787,22 +10236,16 @@ func TestWebUserTwoFactorLogin(t *testing.T) {
}
assert.True(t, found)
// the same recovery code cannot be reused
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
form = getLoginForm(defaultUsername, defaultPassword, csrfToken)
req, err = http.NewRequest(http.MethodPost, webClientLoginPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
assert.Equal(t, webClientTwoFactorPath, rr.Header().Get("Location"))
cookie, err = getCookieFromResponse(rr)
assert.NoError(t, err)
-
- csrfToken, err = getCSRFTokenFromInternalPageMock(webClientTwoFactorRecoveryPath, cookie)
- assert.NoError(t, err)
form = make(url.Values)
form.Set("recovery_code", recoveryCode)
form.Set(csrfFormToken, csrfToken)
@@ -10825,13 +10268,10 @@ func TestWebUserTwoFactorLogin(t *testing.T) {
assert.Equal(t, http.StatusOK, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCredentials)
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
form = getLoginForm(defaultUsername, defaultPassword, csrfToken)
req, err = http.NewRequest(http.MethodPost, webClientLoginPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
@@ -10853,12 +10293,11 @@ func TestWebUserTwoFactorLogin(t *testing.T) {
checkResponseCode(t, http.StatusBadRequest, rr)
assert.Contains(t, rr.Body.String(), "two-factor authentication is not enabled")
- csrfToken, err = getCSRFTokenFromInternalPageMock(webClientTwoFactorRecoveryPath, cookie)
- assert.NoError(t, err)
form = make(url.Values)
form.Set("recovery_code", recoveryCode)
form.Set("passcode", passcode)
form.Set(csrfFormToken, csrfToken)
+
req, err = http.NewRequest(http.MethodPost, webClientTwoFactorRecoveryPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
setJWTCookieForReq(req, cookie)
@@ -10930,7 +10369,7 @@ func TestWebUserTwoFactoryLoginRedirect(t *testing.T) {
rr := executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
- loginCookie, csrfToken, err := getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
+ csrfToken, err := getCSRFToken(httpBaseURL + webClientLoginPath)
assert.NoError(t, err)
form := getLoginForm(defaultUsername, defaultPassword, csrfToken)
uri := webClientFilesPath + "?path=%2F"
@@ -10940,7 +10379,6 @@ func TestWebUserTwoFactoryLoginRedirect(t *testing.T) {
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
req.RequestURI = loginURI
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
@@ -10948,29 +10386,20 @@ func TestWebUserTwoFactoryLoginRedirect(t *testing.T) {
cookie, err := getCookieFromResponse(rr)
assert.NoError(t, err)
// test unsafe redirects
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
- form = getLoginForm(defaultUsername, defaultPassword, csrfToken)
externalURI := webClientLoginPath + "?next=" + url.QueryEscape("https://example.com")
req, err = http.NewRequest(http.MethodPost, externalURI, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
req.RequestURI = externalURI
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
assert.Equal(t, webClientTwoFactorPath, rr.Header().Get("Location"))
-
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
- form = getLoginForm(defaultUsername, defaultPassword, csrfToken)
internalURI := webClientLoginPath + "?next=" + url.QueryEscape(webClientMFAPath)
req, err = http.NewRequest(http.MethodPost, internalURI, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
req.RequestURI = internalURI
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
@@ -10984,8 +10413,6 @@ func TestWebUserTwoFactoryLoginRedirect(t *testing.T) {
checkResponseCode(t, http.StatusOK, rr)
assert.Contains(t, rr.Body.String(), fmt.Sprintf("action=%q", expectedURI))
// login with the passcode
- csrfToken, err = getCSRFTokenFromInternalPageMock(expectedURI, cookie)
- assert.NoError(t, err)
passcode, err := generateTOTPPasscode(key.Secret())
assert.NoError(t, err)
form = make(url.Values)
@@ -11417,22 +10844,18 @@ func TestMFAInvalidSecret(t *testing.T) {
checkResponseCode(t, http.StatusInternalServerError, rr)
assert.Contains(t, rr.Body.String(), "Unable to decrypt recovery codes")
- loginCookie, csrfToken, err := getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
+ csrfToken, err := getCSRFToken(httpBaseURL + webClientLoginPath)
assert.NoError(t, err)
form := getLoginForm(defaultUsername, defaultPassword, csrfToken)
req, err = http.NewRequest(http.MethodPost, webClientLoginPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
assert.Equal(t, webClientTwoFactorPath, rr.Header().Get("Location"))
cookie, err := getCookieFromResponse(rr)
assert.NoError(t, err)
-
- csrfToken, err = getCSRFTokenFromInternalPageMock(webClientTwoFactorPath, cookie)
- assert.NoError(t, err)
form = make(url.Values)
form.Set(csrfFormToken, csrfToken)
form.Set("passcode", "123456")
@@ -11444,8 +10867,6 @@ func TestMFAInvalidSecret(t *testing.T) {
rr = executeRequest(req)
assert.Equal(t, http.StatusInternalServerError, rr.Code)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webClientTwoFactorRecoveryPath, cookie)
- assert.NoError(t, err)
form = make(url.Values)
form.Set(csrfFormToken, csrfToken)
form.Set("recovery_code", "RC-123456")
@@ -11491,22 +10912,18 @@ func TestMFAInvalidSecret(t *testing.T) {
err = dataprovider.UpdateAdmin(&admin, "", "", "")
assert.NoError(t, err)
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
+ csrfToken, err = getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
form = getLoginForm(altAdminUsername, altAdminPassword, csrfToken)
req, err = http.NewRequest(http.MethodPost, webLoginPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
assert.Equal(t, webAdminTwoFactorPath, rr.Header().Get("Location"))
cookie, err = getCookieFromResponse(rr)
assert.NoError(t, err)
-
- csrfToken, err = getCSRFTokenFromInternalPageMock(webAdminTwoFactorRecoveryPath, cookie)
- assert.NoError(t, err)
form = make(url.Values)
form.Set(csrfFormToken, csrfToken)
form.Set("passcode", "123456")
@@ -11518,8 +10935,6 @@ func TestMFAInvalidSecret(t *testing.T) {
rr = executeRequest(req)
assert.Equal(t, http.StatusInternalServerError, rr.Code)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webAdminTwoFactorRecoveryPath, cookie)
- assert.NoError(t, err)
form = make(url.Values)
form.Set(csrfFormToken, csrfToken)
form.Set("recovery_code", "RC-123456")
@@ -11758,7 +11173,6 @@ func TestWebAPIChangeUserProfileMock(t *testing.T) {
checkResponseCode(t, http.StatusBadRequest, rr)
email := "userapi@example.com"
- additionalEmails := []string{"userapi1@example.com"}
description := "user API description"
profileReq := make(map[string]any)
profileReq["allow_api_key_auth"] = true
@@ -11766,7 +11180,6 @@ func TestWebAPIChangeUserProfileMock(t *testing.T) {
profileReq["description"] = description
profileReq["public_keys"] = []string{testPubKey, testPubKey1}
profileReq["tls_certs"] = []string{httpsCert}
- profileReq["additional_emails"] = additionalEmails
asJSON, err := json.Marshal(profileReq)
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPut, userProfilePath, bytes.NewBuffer(asJSON))
@@ -11784,7 +11197,6 @@ func TestWebAPIChangeUserProfileMock(t *testing.T) {
err = json.Unmarshal(rr.Body.Bytes(), &profileReq)
assert.NoError(t, err)
assert.Equal(t, email, profileReq["email"].(string))
- assert.Len(t, profileReq["additional_emails"].([]interface{}), 1)
assert.Equal(t, description, profileReq["description"].(string))
assert.True(t, profileReq["allow_api_key_auth"].(bool))
val, ok := profileReq["public_keys"].([]any)
@@ -11806,17 +11218,6 @@ func TestWebAPIChangeUserProfileMock(t *testing.T) {
rr = executeRequest(req)
checkResponseCode(t, http.StatusBadRequest, rr)
assert.Contains(t, rr.Body.String(), "Validation error: email")
- // set an invalid additional email
- profileReq = make(map[string]any)
- profileReq["additional_emails"] = []string{"not an email"}
- asJSON, err = json.Marshal(profileReq)
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPut, userProfilePath, bytes.NewBuffer(asJSON))
- assert.NoError(t, err)
- setBearerForReq(req, token)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusBadRequest, rr)
- assert.Contains(t, rr.Body.String(), "Validation error: email")
// set an invalid public key
profileReq = make(map[string]any)
profileReq["public_keys"] = []string{"not a public key"}
@@ -12666,7 +12067,7 @@ func TestUserPermissionsMock(t *testing.T) {
err = render.DecodeJSON(rr.Body, &updatedUser)
assert.NoError(t, err)
if val, ok := updatedUser.Permissions["/otherdir"]; ok {
- assert.True(t, slices.Contains(val, dataprovider.PermListItems))
+ assert.True(t, util.Contains(val, dataprovider.PermListItems))
assert.Equal(t, 1, len(val))
} else {
assert.Fail(t, "expected dir not found in permissions")
@@ -13386,6 +12787,8 @@ func TestWebClientLoginMock(t *testing.T) {
assert.NoError(t, err)
webToken, err := getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
+ csrfToken, err := getCSRFToken(httpBaseURL + webClientLoginPath)
+ assert.NoError(t, err)
// a web token is not valid for API or WebAdmin usage
req, _ := http.NewRequest(http.MethodGet, serverStatusPath, nil)
setBearerForReq(req, webToken)
@@ -13447,8 +12850,6 @@ func TestWebClientLoginMock(t *testing.T) {
assert.NoError(t, err)
apiUserToken, err := getJWTAPIUserTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webClientProfilePath, webToken)
- assert.NoError(t, err)
_, err = httpdtest.RemoveUser(user, http.StatusOK)
assert.NoError(t, err)
err = os.RemoveAll(user.GetHomeDir())
@@ -13568,7 +12969,6 @@ func TestWebClientMaxConnections(t *testing.T) {
err = os.RemoveAll(user.GetHomeDir())
assert.NoError(t, err)
assert.Len(t, common.Connections.GetStats(""), 0)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
common.Config.MaxTotalConnections = oldValue
}
@@ -13664,7 +13064,7 @@ func TestDefender(t *testing.T) {
checkResponseCode(t, http.StatusForbidden, rr)
assert.Contains(t, rr.Body.String(), "your IP address is blocked")
// requests for static files should be always allowed
- req, err = http.NewRequest(http.MethodGet, "/static/favicon.png", nil)
+ req, err = http.NewRequest(http.MethodGet, "/static/favicon.ico", nil)
assert.NoError(t, err)
req.RemoteAddr = remoteAddr
rr = executeRequest(req)
@@ -13770,7 +13170,7 @@ func TestMaxSessions(t *testing.T) {
checkResponseCode(t, http.StatusTooManyRequests, rr)
assert.Contains(t, rr.Body.String(), "too many open sessions")
// web client requests
- csrfToken, err := getCSRFTokenFromInternalPageMock(webClientProfilePath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
form := make(url.Values)
form.Set(csrfFormToken, csrfToken)
@@ -13822,8 +13222,6 @@ func TestMaxSessions(t *testing.T) {
err = smtpCfg.Initialize(configDir, true)
assert.NoError(t, err)
- loginCookie, csrfToken, err := getCSRFTokenMock(webClientLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
form = make(url.Values)
form.Set(csrfFormToken, csrfToken)
form.Set("username", user.Username)
@@ -13831,14 +13229,10 @@ func TestMaxSessions(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webClientForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
assert.GreaterOrEqual(t, len(lastResetCode), 20)
-
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
form = make(url.Values)
form.Set(csrfFormToken, csrfToken)
form.Set("password", defaultPassword)
@@ -13847,7 +13241,6 @@ func TestMaxSessions(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webClientResetPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -13863,129 +13256,6 @@ func TestMaxSessions(t *testing.T) {
err = os.RemoveAll(user.GetHomeDir())
assert.NoError(t, err)
assert.Len(t, common.Connections.GetStats(""), 0)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
-}
-
-func TestMaxTransfers(t *testing.T) {
- oldValue := common.Config.MaxPerHostConnections
- common.Config.MaxPerHostConnections = 2
-
- assert.Eventually(t, func() bool {
- return common.Connections.GetClientConnections() == 0
- }, 1000*time.Millisecond, 50*time.Millisecond)
- user, _, err := httpdtest.AddUser(getTestUser(), http.StatusCreated)
- assert.NoError(t, err)
-
- webToken, err := getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
- assert.NoError(t, err)
- webAPIToken, err := getJWTAPIUserTokenFromTestServer(defaultUsername, defaultPassword)
- assert.NoError(t, err)
-
- share := dataprovider.Share{
- Name: "test share",
- Scope: dataprovider.ShareScopeReadWrite,
- Paths: []string{"/"},
- Password: defaultPassword,
- }
- asJSON, err := json.Marshal(share)
- assert.NoError(t, err)
- req, err := http.NewRequest(http.MethodPost, userSharesPath, bytes.NewBuffer(asJSON))
- assert.NoError(t, err)
- setBearerForReq(req, webAPIToken)
- rr := executeRequest(req)
- checkResponseCode(t, http.StatusCreated, rr)
- objectID := rr.Header().Get("X-Object-ID")
- assert.NotEmpty(t, objectID)
-
- fileName := "testfile.txt"
- req, err = http.NewRequest(http.MethodPost, userUploadFilePath+"?path="+fileName, bytes.NewBuffer([]byte(" ")))
- assert.NoError(t, err)
- setBearerForReq(req, webAPIToken)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusCreated, rr)
-
- conn, sftpClient, err := getSftpClient(user)
- assert.NoError(t, err)
- defer conn.Close()
- defer sftpClient.Close()
-
- f1, err := sftpClient.Create("file1")
- assert.NoError(t, err)
- f2, err := sftpClient.Create("file2")
- assert.NoError(t, err)
- _, err = f1.Write([]byte(" "))
- assert.NoError(t, err)
- _, err = f2.Write([]byte(" "))
- assert.NoError(t, err)
-
- body := new(bytes.Buffer)
- writer := multipart.NewWriter(body)
- part, err := writer.CreateFormFile("filenames", "filepre")
- assert.NoError(t, err)
- _, err = part.Write([]byte("file content"))
- assert.NoError(t, err)
- err = writer.Close()
- assert.NoError(t, err)
- reader := bytes.NewReader(body.Bytes())
- _, err = reader.Seek(0, io.SeekStart)
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, userFilesPath, reader)
- assert.NoError(t, err)
- req.Header.Add("Content-Type", writer.FormDataContentType())
- setBearerForReq(req, webAPIToken)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusConflict, rr)
-
- req, err = http.NewRequest(http.MethodGet, webClientFilesPath+"?path="+fileName, nil)
- assert.NoError(t, err)
- setJWTCookieForReq(req, webToken)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusOK, rr)
- assert.Contains(t, rr.Body.String(), util.I18nError403Message)
-
- req, err = http.NewRequest(http.MethodPost, userUploadFilePath+"?path="+fileName, bytes.NewBuffer([]byte(" ")))
- assert.NoError(t, err)
- setBearerForReq(req, webAPIToken)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusForbidden, rr)
-
- body = new(bytes.Buffer)
- writer = multipart.NewWriter(body)
- part1, err := writer.CreateFormFile("filenames", "file11.txt")
- assert.NoError(t, err)
- _, err = part1.Write([]byte("file11 content"))
- assert.NoError(t, err)
- part2, err := writer.CreateFormFile("filenames", "file22.txt")
- assert.NoError(t, err)
- _, err = part2.Write([]byte("file22 content"))
- assert.NoError(t, err)
- err = writer.Close()
- assert.NoError(t, err)
- reader = bytes.NewReader(body.Bytes())
- req, err = http.NewRequest(http.MethodPost, sharesPath+"/"+objectID, reader)
- assert.NoError(t, err)
- req.Header.Add("Content-Type", writer.FormDataContentType())
- req.SetBasicAuth(defaultUsername, defaultPassword)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusConflict, rr)
-
- err = f1.Close()
- assert.NoError(t, err)
- err = f2.Close()
- assert.NoError(t, err)
-
- _, err = httpdtest.RemoveUser(user, http.StatusOK)
- assert.NoError(t, err)
- err = os.RemoveAll(user.GetHomeDir())
- assert.NoError(t, err)
- assert.Eventually(t, func() bool {
- return len(common.Connections.GetStats("")) == 0
- }, 1000*time.Millisecond, 50*time.Millisecond)
- assert.Eventually(t, func() bool {
- return common.Connections.GetTotalTransfers() == 0
- }, 1000*time.Millisecond, 50*time.Millisecond)
-
- common.Config.MaxPerHostConnections = oldValue
}
func TestWebConfigsMock(t *testing.T) {
@@ -13997,6 +13267,8 @@ func TestWebConfigsMock(t *testing.T) {
assert.NoError(t, err)
webToken, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
+ csrfToken, err := getCSRFToken(httpBaseURL + webClientLoginPath)
+ assert.NoError(t, err)
req, err := http.NewRequest(http.MethodGet, webConfigsPath, nil)
assert.NoError(t, err)
@@ -14005,17 +13277,13 @@ func TestWebConfigsMock(t *testing.T) {
checkResponseCode(t, http.StatusOK, rr)
form := make(url.Values)
- b, contentType, err := getMultipartFormData(form, "", "")
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
+ req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
+ req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusForbidden, rr)
// parse form error
- csrfToken, err := getCSRFTokenFromInternalPageMock(webConfigsPath, webToken)
- assert.NoError(t, err)
form.Set(csrfFormToken, csrfToken)
req, err = http.NewRequest(http.MethodPost, webConfigsPath+"?p=p%C3%AO%GH", bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
@@ -14025,29 +13293,25 @@ func TestWebConfigsMock(t *testing.T) {
checkResponseCode(t, http.StatusBadRequest, rr)
// save SFTP configs
form.Set("sftp_host_key_algos", ssh.KeyAlgoRSA)
- form.Add("sftp_host_key_algos", ssh.InsecureCertAlgoDSAv01) //nolint:staticcheck
- form.Set("sftp_pub_key_algos", ssh.InsecureKeyAlgoDSA) //nolint:staticcheck
+ form.Add("sftp_host_key_algos", ssh.InsecureCertAlgoDSAv01)
+ form.Set("sftp_pub_key_algos", ssh.InsecureKeyAlgoDSA)
form.Set("form_action", "sftp_submit")
- b, contentType, err = getMultipartFormData(form, "", "")
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
+ req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
+ req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
assert.Contains(t, rr.Body.String(), util.I18nError500Message) // invalid algo
form.Set("sftp_host_key_algos", ssh.KeyAlgoRSA)
form.Add("sftp_host_key_algos", ssh.CertAlgoRSAv01)
- form.Set("sftp_pub_key_algos", ssh.InsecureKeyAlgoDSA) //nolint:staticcheck
+ form.Set("sftp_pub_key_algos", ssh.InsecureKeyAlgoDSA)
form.Set("sftp_kex_algos", "diffie-hellman-group18-sha512")
form.Add("sftp_kex_algos", ssh.KeyExchangeDH16SHA512)
- b, contentType, err = getMultipartFormData(form, "", "")
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
+ req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
+ req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
assert.Contains(t, rr.Body.String(), util.I18nConfigsOK)
@@ -14057,17 +13321,15 @@ func TestWebConfigsMock(t *testing.T) {
assert.Len(t, configs.SFTPD.HostKeyAlgos, 1)
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.KeyAlgoRSA)
assert.Len(t, configs.SFTPD.PublicKeyAlgos, 1)
- assert.Contains(t, configs.SFTPD.PublicKeyAlgos, ssh.InsecureKeyAlgoDSA) //nolint:staticcheck
+ assert.Contains(t, configs.SFTPD.PublicKeyAlgos, ssh.InsecureKeyAlgoDSA)
assert.Len(t, configs.SFTPD.KexAlgorithms, 1)
assert.Contains(t, configs.SFTPD.KexAlgorithms, ssh.KeyExchangeDH16SHA512)
// invalid form action
form.Set("form_action", "")
- b, contentType, err = getMultipartFormData(form, "", "")
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
+ req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
+ req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusBadRequest, rr)
assert.Contains(t, rr.Body.String(), util.I18nError400Message)
@@ -14079,12 +13341,10 @@ func TestWebConfigsMock(t *testing.T) {
form.Set("smtp_password", defaultPassword)
form.Set("smtp_domain", "localdomain")
form.Set("smtp_auth", "100")
- b, contentType, err = getMultipartFormData(form, "", "")
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
+ req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
+ req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
assert.Contains(t, rr.Body.String(), util.I18nError500Message) // invalid smtp_auth
@@ -14095,12 +13355,10 @@ func TestWebConfigsMock(t *testing.T) {
form.Set("smtp_debug", "checked")
form.Set("smtp_oauth2_provider", "1")
form.Set("smtp_oauth2_client_id", "123")
- b, contentType, err = getMultipartFormData(form, "", "")
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
+ req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
+ req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
assert.Contains(t, rr.Body.String(), util.I18nConfigsOK)
@@ -14110,7 +13368,7 @@ func TestWebConfigsMock(t *testing.T) {
assert.Len(t, configs.SFTPD.HostKeyAlgos, 1)
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.KeyAlgoRSA)
assert.Len(t, configs.SFTPD.PublicKeyAlgos, 1)
- assert.Contains(t, configs.SFTPD.PublicKeyAlgos, ssh.InsecureKeyAlgoDSA) //nolint:staticcheck
+ assert.Contains(t, configs.SFTPD.PublicKeyAlgos, ssh.InsecureKeyAlgoDSA)
assert.Equal(t, "mail.example.net", configs.SMTP.Host)
assert.Equal(t, 587, configs.SMTP.Port)
assert.Equal(t, "Example ", configs.SMTP.From)
@@ -14127,12 +13385,10 @@ func TestWebConfigsMock(t *testing.T) {
form.Set("smtp_password", redactedSecret)
form.Set("smtp_auth", "")
configs.SMTP.AuthType = 0 // empty will be converted to 0
- b, contentType, err = getMultipartFormData(form, "", "")
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
+ req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
+ req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
assert.Contains(t, rr.Body.String(), util.I18nConfigsOK)
@@ -14148,12 +13404,10 @@ func TestWebConfigsMock(t *testing.T) {
updatedConfigs.SMTP.Password = kms.NewSecret(sdkkms.SecretStatusSecretBox, encryptedPayload, secretKey, "")
err = dataprovider.UpdateConfigs(&updatedConfigs, "", "", "")
assert.NoError(t, err)
- b, contentType, err = getMultipartFormData(form, "", "")
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
+ req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
+ req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
assert.Contains(t, rr.Body.String(), util.I18nConfigsOK)
@@ -14163,23 +13417,19 @@ func TestWebConfigsMock(t *testing.T) {
form.Add("acme_protocols", "2")
form.Add("acme_protocols", "3")
form.Set("acme_domain", "example.com")
- b, contentType, err = getMultipartFormData(form, "", "")
- assert.NoError(t, err)
// no email set, validation will fail
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
+ req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
+ req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidEmail)
form.Set("acme_domain", "")
- b, contentType, err = getMultipartFormData(form, "", "")
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
+ req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
+ req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
assert.Contains(t, rr.Body.String(), util.I18nConfigsOK)
@@ -14189,7 +13439,7 @@ func TestWebConfigsMock(t *testing.T) {
assert.Len(t, configs.SFTPD.HostKeyAlgos, 1)
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.KeyAlgoRSA)
assert.Len(t, configs.SFTPD.PublicKeyAlgos, 1)
- assert.Contains(t, configs.SFTPD.PublicKeyAlgos, ssh.InsecureKeyAlgoDSA) //nolint:staticcheck
+ assert.Contains(t, configs.SFTPD.PublicKeyAlgos, ssh.InsecureKeyAlgoDSA)
assert.Equal(t, 80, configs.ACME.HTTP01Challenge.Port)
assert.Equal(t, 7, configs.ACME.Protocols)
assert.Empty(t, configs.ACME.Domain)
@@ -14210,12 +13460,10 @@ func TestWebConfigsMock(t *testing.T) {
form.Add("acme_protocols", "1000")
form.Set("acme_domain", domain)
form.Set("acme_email", "email@example.com")
- b, contentType, err = getMultipartFormData(form, "", "")
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
+ req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
+ req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
assert.Contains(t, rr.Body.String(), util.I18nConfigsOK)
@@ -14239,201 +13487,6 @@ func TestWebConfigsMock(t *testing.T) {
assert.NoError(t, err)
}
-func TestBrandingConfigMock(t *testing.T) {
- err := dataprovider.UpdateConfigs(nil, "", "", "")
- assert.NoError(t, err)
-
- webClientLogoPath := "/static/branding/webclient/logo.png"
- webClientFaviconPath := "/static/branding/webclient/favicon.png"
- webAdminLogoPath := "/static/branding/webadmin/logo.png"
- webAdminFaviconPath := "/static/branding/webadmin/favicon.png"
- // no custom log or favicon was set
- for _, p := range []string{webClientLogoPath, webClientFaviconPath, webAdminLogoPath, webAdminFaviconPath} {
- req, err := http.NewRequest(http.MethodGet, p, nil)
- assert.NoError(t, err)
- rr := executeRequest(req)
- checkResponseCode(t, http.StatusNotFound, rr)
- }
-
- webToken, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
- assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webConfigsPath, webToken)
- assert.NoError(t, err)
- form := make(url.Values)
- form.Set(csrfFormToken, csrfToken)
- form.Set("form_action", "branding_submit")
- form.Set("branding_webadmin_name", "Custom WebAdmin")
- form.Set("branding_webadmin_short_name", "WebAdmin")
- form.Set("branding_webadmin_disclaimer_name", "Admin disclaimer")
- form.Set("branding_webadmin_disclaimer_url", "invalid, not a URL")
- form.Set("branding_webclient_name", "Custom WebClient")
- form.Set("branding_webclient_short_name", "WebClient")
- form.Set("branding_webclient_disclaimer_name", "Client disclaimer")
- form.Set("branding_webclient_disclaimer_url", "https://example.com")
- b, contentType, err := getMultipartFormData(form, "", "")
- assert.NoError(t, err)
- req, err := http.NewRequest(http.MethodPost, webConfigsPath, &b)
- assert.NoError(t, err)
- setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
- rr := executeRequest(req)
- checkResponseCode(t, http.StatusOK, rr)
- assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidDisclaimerURL)
-
- form.Set("branding_webadmin_disclaimer_url", "https://example.net")
- tmpFile := filepath.Join(os.TempDir(), util.GenerateUniqueID()+".png")
- err = createTestPNG(tmpFile, 512, 512, color.RGBA{100, 200, 200, 0xff})
- assert.NoError(t, err)
-
- b, contentType, err = getMultipartFormData(form, "branding_webadmin_logo", tmpFile)
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
- assert.NoError(t, err)
- setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusOK, rr)
- assert.Contains(t, rr.Body.String(), util.I18nConfigsOK)
- // check
- configs, err := dataprovider.GetConfigs()
- assert.NoError(t, err)
- assert.Equal(t, "Custom WebAdmin", configs.Branding.WebAdmin.Name)
- assert.Equal(t, "WebAdmin", configs.Branding.WebAdmin.ShortName)
- assert.Equal(t, "Admin disclaimer", configs.Branding.WebAdmin.DisclaimerName)
- assert.Equal(t, "https://example.net", configs.Branding.WebAdmin.DisclaimerURL)
- assert.Equal(t, "Custom WebClient", configs.Branding.WebClient.Name)
- assert.Equal(t, "WebClient", configs.Branding.WebClient.ShortName)
- assert.Equal(t, "Client disclaimer", configs.Branding.WebClient.DisclaimerName)
- assert.Equal(t, "https://example.com", configs.Branding.WebClient.DisclaimerURL)
- assert.Greater(t, len(configs.Branding.WebAdmin.Logo), 0)
- assert.Len(t, configs.Branding.WebAdmin.Favicon, 0)
- assert.Len(t, configs.Branding.WebClient.Logo, 0)
- assert.Len(t, configs.Branding.WebClient.Favicon, 0)
-
- err = createTestPNG(tmpFile, 256, 256, color.RGBA{120, 220, 220, 0xff})
- assert.NoError(t, err)
- form.Set("branding_webadmin_logo_remove", "0") // 0 preserves WebAdmin logo
- b, contentType, err = getMultipartFormData(form, "branding_webadmin_favicon", tmpFile)
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
- assert.NoError(t, err)
- setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusOK, rr)
- assert.Contains(t, rr.Body.String(), util.I18nConfigsOK)
- configs, err = dataprovider.GetConfigs()
- assert.NoError(t, err)
- assert.Equal(t, "Custom WebAdmin", configs.Branding.WebAdmin.Name)
- assert.Equal(t, "WebAdmin", configs.Branding.WebAdmin.ShortName)
- assert.Equal(t, "Admin disclaimer", configs.Branding.WebAdmin.DisclaimerName)
- assert.Equal(t, "https://example.net", configs.Branding.WebAdmin.DisclaimerURL)
- assert.Equal(t, "Custom WebClient", configs.Branding.WebClient.Name)
- assert.Equal(t, "WebClient", configs.Branding.WebClient.ShortName)
- assert.Equal(t, "Client disclaimer", configs.Branding.WebClient.DisclaimerName)
- assert.Equal(t, "https://example.com", configs.Branding.WebClient.DisclaimerURL)
- assert.Greater(t, len(configs.Branding.WebAdmin.Logo), 0)
- assert.Greater(t, len(configs.Branding.WebAdmin.Favicon), 0)
- assert.Len(t, configs.Branding.WebClient.Logo, 0)
- assert.Len(t, configs.Branding.WebClient.Favicon, 0)
-
- err = createTestPNG(tmpFile, 256, 256, color.RGBA{80, 90, 110, 0xff})
- assert.NoError(t, err)
- b, contentType, err = getMultipartFormData(form, "branding_webclient_logo", tmpFile)
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
- assert.NoError(t, err)
- setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusOK, rr)
- assert.Contains(t, rr.Body.String(), util.I18nConfigsOK)
- configs, err = dataprovider.GetConfigs()
- assert.NoError(t, err)
- assert.Greater(t, len(configs.Branding.WebClient.Logo), 0)
-
- err = createTestPNG(tmpFile, 256, 256, color.RGBA{120, 50, 120, 0xff})
- assert.NoError(t, err)
- b, contentType, err = getMultipartFormData(form, "branding_webclient_favicon", tmpFile)
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
- assert.NoError(t, err)
- setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusOK, rr)
- assert.Contains(t, rr.Body.String(), util.I18nConfigsOK)
- configs, err = dataprovider.GetConfigs()
- assert.NoError(t, err)
- assert.Greater(t, len(configs.Branding.WebClient.Favicon), 0)
-
- for _, p := range []string{webClientLogoPath, webClientFaviconPath, webAdminLogoPath, webAdminFaviconPath} {
- req, err := http.NewRequest(http.MethodGet, p, nil)
- assert.NoError(t, err)
- rr := executeRequest(req)
- checkResponseCode(t, http.StatusOK, rr)
- }
- // remove images
- form.Set("branding_webadmin_logo_remove", "1")
- form.Set("branding_webclient_logo_remove", "1")
- form.Set("branding_webadmin_favicon_remove", "1")
- form.Set("branding_webclient_favicon_remove", "1")
- b, contentType, err = getMultipartFormData(form, "", "")
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
- assert.NoError(t, err)
- setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusOK, rr)
- assert.Contains(t, rr.Body.String(), util.I18nConfigsOK)
- configs, err = dataprovider.GetConfigs()
- assert.NoError(t, err)
- assert.Len(t, configs.Branding.WebAdmin.Logo, 0)
- assert.Len(t, configs.Branding.WebAdmin.Favicon, 0)
- assert.Len(t, configs.Branding.WebClient.Logo, 0)
- assert.Len(t, configs.Branding.WebClient.Favicon, 0)
- for _, p := range []string{webClientLogoPath, webClientFaviconPath, webAdminLogoPath, webAdminFaviconPath} {
- req, err := http.NewRequest(http.MethodGet, p, nil)
- assert.NoError(t, err)
- rr := executeRequest(req)
- checkResponseCode(t, http.StatusNotFound, rr)
- }
- form.Del("branding_webadmin_logo_remove")
- form.Del("branding_webclient_logo_remove")
- form.Del("branding_webadmin_favicon_remove")
- form.Del("branding_webclient_favicon_remove")
- // image too large
- err = createTestPNG(tmpFile, 768, 512, color.RGBA{120, 50, 120, 0xff})
- assert.NoError(t, err)
- b, contentType, err = getMultipartFormData(form, "branding_webclient_logo", tmpFile)
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
- assert.NoError(t, err)
- setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusOK, rr)
- assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidPNGSize)
- // not a png image
- err = createTestFile(tmpFile, 128)
- assert.NoError(t, err)
- b, contentType, err = getMultipartFormData(form, "branding_webclient_logo", tmpFile)
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webConfigsPath, &b)
- assert.NoError(t, err)
- setJWTCookieForReq(req, webToken)
- req.Header.Set("Content-Type", contentType)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusOK, rr)
- assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidPNG)
-
- err = os.Remove(tmpFile)
- assert.NoError(t, err)
- err = dataprovider.UpdateConfigs(nil, "", "", "")
- assert.NoError(t, err)
-}
-
func TestSFTPLoopError(t *testing.T) {
user1 := getTestUser()
user2 := getTestUser()
@@ -14475,7 +13528,7 @@ func TestSFTPLoopError(t *testing.T) {
err = smtpCfg.Initialize(configDir, true)
assert.NoError(t, err)
- loginCookie, csrfToken, err := getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
form := make(url.Values)
form.Set(csrfFormToken, csrfToken)
@@ -14484,14 +13537,10 @@ func TestSFTPLoopError(t *testing.T) {
req, err := http.NewRequest(http.MethodPost, webClientForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr := executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
assert.GreaterOrEqual(t, len(lastResetCode), 20)
-
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
form = make(url.Values)
form.Set(csrfFormToken, csrfToken)
form.Set("password", defaultPassword)
@@ -14500,7 +13549,6 @@ func TestSFTPLoopError(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webClientResetPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -14560,6 +13608,8 @@ func TestWebClientChangePwd(t *testing.T) {
assert.NoError(t, err)
webToken, err := getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
+ csrfToken, err := getCSRFToken(httpBaseURL + webClientLoginPath)
+ assert.NoError(t, err)
req, err := http.NewRequest(http.MethodGet, webChangeClientPwdPath, nil)
assert.NoError(t, err)
@@ -14582,8 +13632,6 @@ func TestWebClientChangePwd(t *testing.T) {
checkResponseCode(t, http.StatusForbidden, rr)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCSRF)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webChangeClientPwdPath, webToken)
- assert.NoError(t, err)
form.Set(csrfFormToken, csrfToken)
req, _ = http.NewRequest(http.MethodPost, webChangeClientPwdPath, bytes.NewBuffer([]byte(form.Encode())))
req.RemoteAddr = defaultRemoteAddr
@@ -14638,9 +13686,6 @@ func TestWebClientChangePwd(t *testing.T) {
webToken, err = getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword+"1")
assert.NoError(t, err)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webClientProfilePath, webToken)
- assert.NoError(t, err)
- form.Set(csrfFormToken, csrfToken)
form.Set("current_password", defaultPassword+"1")
form.Set("new_password1", defaultPassword)
form.Set("new_password2", defaultPassword)
@@ -15069,47 +14114,6 @@ func TestShareUsage(t *testing.T) {
executeRequest(req)
}
-func TestSharePasswordPolicy(t *testing.T) {
- g := getTestGroup()
- g.UserSettings.Filters.PasswordStrength = 70
- group, _, err := httpdtest.AddGroup(g, http.StatusCreated)
- assert.NoError(t, err)
-
- u := getTestUser()
- u.Groups = []sdk.GroupMapping{
- {
- Name: g.Name,
- Type: sdk.GroupTypePrimary,
- },
- }
- u.Password = rand.Text()
- user, _, err := httpdtest.AddUser(u, http.StatusCreated)
- assert.NoError(t, err)
-
- webAPIToken, err := getJWTAPIUserTokenFromTestServer(defaultUsername, u.Password)
- assert.NoError(t, err)
-
- share := dataprovider.Share{
- Name: util.GenerateUniqueID(),
- Scope: dataprovider.ShareScopeRead,
- Paths: []string{"/"},
- Password: defaultPassword,
- }
- asJSON, err := json.Marshal(share)
- assert.NoError(t, err)
- req, err := http.NewRequest(http.MethodPost, userSharesPath, bytes.NewBuffer(asJSON))
- assert.NoError(t, err)
- setBearerForReq(req, webAPIToken)
- rr := executeRequest(req)
- checkResponseCode(t, http.StatusBadRequest, rr)
- assert.Contains(t, rr.Body.String(), "insecure password")
-
- _, err = httpdtest.RemoveUser(user, http.StatusOK)
- assert.NoError(t, err)
- _, err = httpdtest.RemoveGroup(group, http.StatusOK)
- assert.NoError(t, err)
-}
-
func TestShareMaxExpiration(t *testing.T) {
u := getTestUser()
u.Filters.MaxSharesExpiration = 5
@@ -15126,6 +14130,8 @@ func TestShareMaxExpiration(t *testing.T) {
assert.NoError(t, err)
webClientToken, err := getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
+ csrfToken, err := getCSRFToken(httpBaseURL + webClientLoginPath)
+ assert.NoError(t, err)
s := dataprovider.Share{
Name: "test share",
@@ -15179,9 +14185,6 @@ func TestShareMaxExpiration(t *testing.T) {
rr = executeRequest(req)
checkResponseCode(t, http.StatusBadRequest, rr)
assert.Contains(t, rr.Body.String(), "share must expire before")
-
- csrfToken, err := getCSRFTokenFromInternalPageMock(webClientSharePath, webClientToken)
- assert.NoError(t, err)
form := make(url.Values)
form.Set("name", s.Name)
form.Set("scope", strconv.Itoa(int(s.Scope)))
@@ -15294,13 +14297,12 @@ func TestWebClientShareCredentials(t *testing.T) {
checkResponseCode(t, http.StatusOK, rr)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCSRF)
// set the CSRF token
- loginCookie, csrfToken, err := getCSRFTokenMock(loginURI, defaultRemoteAddr)
+ csrfToken, err := getCSRFToken(httpBaseURL + webClientLoginPath)
assert.NoError(t, err)
form.Set(csrfFormToken, csrfToken)
req, err = http.NewRequest(http.MethodPost, loginURI, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
@@ -15343,67 +14345,31 @@ func TestWebClientShareCredentials(t *testing.T) {
req.RemoteAddr = "1.2.3.4:1234"
rr = executeRequest(req)
checkResponseCode(t, http.StatusFound, rr)
- // logout to a different share, the cookie is not valid.
- req, err = http.NewRequest(http.MethodGet, path.Join(webClientPubSharesPath, shareWriteID, "logout"), nil)
- assert.NoError(t, err)
- req.RequestURI = uri
- setJWTCookieForReq(req, cookie)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusForbidden, rr)
- assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidToken)
- // logout
- req, err = http.NewRequest(http.MethodGet, path.Join(webClientPubSharesPath, shareReadID, "logout"), nil)
- assert.NoError(t, err)
- req.RequestURI = uri
- setJWTCookieForReq(req, cookie)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusFound, rr)
- // the cookie is no longer valid
- req, err = http.NewRequest(http.MethodGet, path.Join(webClientPubSharesPath, shareReadID, "download?b=c"), nil)
- assert.NoError(t, err)
- req.RequestURI = uri
- setJWTCookieForReq(req, cookie)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusFound, rr)
- assert.Contains(t, rr.Header().Get("Location"), "/login")
-
// try to login with invalid credentials
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
- form.Set(csrfFormToken, csrfToken)
form.Set("share_password", "")
req, err = http.NewRequest(http.MethodPost, loginURI, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCredentials)
// login with the next param set
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
- form.Set(csrfFormToken, csrfToken)
form.Set("share_password", defaultPassword)
nextURI := path.Join(webClientPubSharesPath, shareReadID, "browse")
loginURI = path.Join(webClientPubSharesPath, shareReadID, fmt.Sprintf("login?next=%s", url.QueryEscape(nextURI)))
req, err = http.NewRequest(http.MethodPost, loginURI, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusFound, rr)
assert.Equal(t, nextURI, rr.Header().Get("Location"))
// try to login to a missing share
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
- form.Set(csrfFormToken, csrfToken)
loginURI = path.Join(webClientPubSharesPath, "missing", "login")
req, err = http.NewRequest(http.MethodPost, loginURI, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
@@ -15546,7 +14512,7 @@ func TestShareMaxSessions(t *testing.T) {
assert.Contains(t, rr.Body.String(), "too many open sessions")
share = dataprovider.Share{
- Name: "test share max sessions read&write",
+ Name: "test share max sessions read/write",
Scope: dataprovider.ShareScopeReadWrite,
Paths: []string{"/"},
}
@@ -15572,7 +14538,6 @@ func TestShareMaxSessions(t *testing.T) {
err = os.RemoveAll(user.GetHomeDir())
assert.NoError(t, err)
assert.Len(t, common.Connections.GetStats(""), 0)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func TestShareUploadSingle(t *testing.T) {
@@ -17043,7 +16008,7 @@ func TestWebClientExistenceCheck(t *testing.T) {
webToken, err := getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webClientProfilePath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
req, err := http.NewRequest(http.MethodPost, webClientExistPath, nil)
@@ -17402,7 +16367,7 @@ func TestWebGetFiles(t *testing.T) {
assert.NoError(t, err)
assert.Len(t, dirEntries, 1)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webClientProfilePath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
form := make(url.Values)
form.Set("files", fmt.Sprintf(`["%s","%s","%s"]`, testFileName, testDir, testFileName+extensions[2]))
@@ -17706,8 +16671,7 @@ func TestRenameDifferentResource(t *testing.T) {
assert.NoError(t, err)
webToken, err := getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webClientProfilePath, webToken)
- assert.NoError(t, err)
+ csrfToken, err := getCSRFToken(httpBaseURL + webClientLoginPath)
getStatusResponse := func(taskID string) int {
req, _ := http.NewRequest(http.MethodGet, webClientTasksPath+"/"+url.PathEscape(taskID), nil)
@@ -18461,7 +17425,7 @@ func TestWebClientTasksAPI(t *testing.T) {
webToken, err := getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webClientProfilePath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webClientLoginPath)
assert.NoError(t, err)
webToken1, err := getJWTWebClientTokenFromTestServer(user1.Username, defaultPassword)
assert.NoError(t, err)
@@ -19159,7 +18123,7 @@ func TestWebAPIVFolder(t *testing.T) {
folder, _, err := httpdtest.GetFolderByName(folderName, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), folder.UsedQuotaSize)
+ assert.Equal(t, int64(len(fileContents)), folder.UsedQuotaSize)
_, err = reader.Seek(0, io.SeekStart)
assert.NoError(t, err)
@@ -19176,7 +18140,7 @@ func TestWebAPIVFolder(t *testing.T) {
folder, _, err = httpdtest.GetFolderByName(folderName, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), folder.UsedQuotaSize)
+ assert.Equal(t, int64(len(fileContents)), folder.UsedQuotaSize)
_, err = httpdtest.RemoveUser(user, http.StatusOK)
assert.NoError(t, err)
@@ -19518,7 +18482,7 @@ func TestCompressionErrorMock(t *testing.T) {
webToken, err := getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webClientProfilePath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
form := make(url.Values)
@@ -19707,7 +18671,6 @@ func TestClientUserClose(t *testing.T) {
wg.Wait()
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
1*time.Second, 100*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
_, err = httpdtest.RemoveUser(user, http.StatusOK)
assert.NoError(t, err)
@@ -19769,13 +18732,12 @@ func TestWebAdminSetupMock(t *testing.T) {
checkResponseCode(t, http.StatusFound, rr)
assert.Equal(t, webAdminSetupPath, rr.Header().Get("Location"))
- loginCookie, csrfToken, err := getCSRFTokenMock(webAdminSetupPath, defaultRemoteAddr)
+ csrfToken, err := getCSRFToken(httpBaseURL + webAdminSetupPath)
assert.NoError(t, err)
form := make(url.Values)
req, err = http.NewRequest(http.MethodPost, webAdminSetupPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusForbidden, rr)
@@ -19783,7 +18745,6 @@ func TestWebAdminSetupMock(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminSetupPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
@@ -19792,7 +18753,6 @@ func TestWebAdminSetupMock(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminSetupPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
@@ -19801,7 +18761,6 @@ func TestWebAdminSetupMock(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminSetupPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
@@ -19820,7 +18779,6 @@ func TestWebAdminSetupMock(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminSetupPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
@@ -19834,7 +18792,6 @@ func TestWebAdminSetupMock(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminSetupPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusFound, rr)
@@ -19986,13 +18943,12 @@ func TestWebAdminLoginMock(t *testing.T) {
rr = executeRequest(req)
checkResponseCode(t, http.StatusFound, rr)
- loginCookie, csrfToken, err := getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
// now try using wrong password
form := getLoginForm(defaultTokenAuthUser, "wrong pwd", csrfToken)
req, _ = http.NewRequest(http.MethodPost, webLoginPath, bytes.NewBuffer([]byte(form.Encode())))
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
@@ -20001,7 +18957,6 @@ func TestWebAdminLoginMock(t *testing.T) {
form = getLoginForm("wrong username", defaultTokenAuthPass, csrfToken)
req, _ = http.NewRequest(http.MethodPost, webLoginPath, bytes.NewBuffer([]byte(form.Encode())))
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
@@ -20016,12 +18971,10 @@ func TestWebAdminLoginMock(t *testing.T) {
assert.NoError(t, err)
rAddr := "127.1.1.1:1234"
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, rAddr)
+ csrfToken, err = getCSRFTokenMock(webLoginPath, rAddr)
assert.NoError(t, err)
- assert.NotEmpty(t, loginCookie)
form = getLoginForm(altAdminUsername, altAdminPassword, csrfToken)
req, _ = http.NewRequest(http.MethodPost, webLoginPath, bytes.NewBuffer([]byte(form.Encode())))
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.RemoteAddr = rAddr
rr = executeRequest(req)
@@ -20029,24 +18982,20 @@ func TestWebAdminLoginMock(t *testing.T) {
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCredentials)
rAddr = "10.9.9.9:1234"
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, rAddr)
+ csrfToken, err = getCSRFTokenMock(webLoginPath, rAddr)
assert.NoError(t, err)
- assert.NotEmpty(t, loginCookie)
form = getLoginForm(altAdminUsername, altAdminPassword, csrfToken)
req, _ = http.NewRequest(http.MethodPost, webLoginPath, bytes.NewBuffer([]byte(form.Encode())))
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.RemoteAddr = rAddr
- setLoginCookie(req, loginCookie)
rr = executeRequest(req)
checkResponseCode(t, http.StatusFound, rr)
rAddr = "127.0.1.1:4567"
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, rAddr)
+ csrfToken, err = getCSRFTokenMock(webLoginPath, rAddr)
assert.NoError(t, err)
- assert.NotEmpty(t, loginCookie)
form = getLoginForm(altAdminUsername, altAdminPassword, csrfToken)
req, _ = http.NewRequest(http.MethodPost, webLoginPath, bytes.NewBuffer([]byte(form.Encode())))
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.RemoteAddr = rAddr
req.Header.Set("X-Forwarded-For", "10.9.9.9")
@@ -20095,9 +19044,9 @@ func TestWebUserShare(t *testing.T) {
user, _, err := httpdtest.AddUser(getTestUser(), http.StatusCreated)
assert.NoError(t, err)
- token, err := getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
+ csrfToken, err := getCSRFToken(httpBaseURL + webClientLoginPath)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webClientProfilePath, token)
+ token, err := getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
userAPItoken, err := getJWTAPIUserTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
@@ -20336,9 +19285,9 @@ func TestWebUserShareNoPasswordDisabled(t *testing.T) {
user.Filters.DefaultSharesExpiration = 30
user, _, err = httpdtest.UpdateUser(u, http.StatusOK, "")
assert.NoError(t, err)
- token, err := getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
+ csrfToken, err := getCSRFToken(httpBaseURL + webClientLoginPath)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webClientSharePath, token)
+ token, err := getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
userAPItoken, err := getJWTAPIUserTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
@@ -20420,74 +19369,13 @@ func TestWebUserShareNoPasswordDisabled(t *testing.T) {
assert.NoError(t, err)
}
-func TestInvalidCSRF(t *testing.T) {
- user, _, err := httpdtest.AddUser(getTestUser(), http.StatusCreated)
- assert.NoError(t, err)
-
- for _, loginURL := range []string{webClientLoginPath, webLoginPath} {
- // try using an invalid CSRF token
- loginCookie1, csrfToken1, err := getCSRFTokenMock(loginURL, defaultRemoteAddr)
- assert.NoError(t, err)
- assert.NotEmpty(t, loginCookie1)
- assert.NotEmpty(t, csrfToken1)
- loginCookie2, csrfToken2, err := getCSRFTokenMock(loginURL, defaultRemoteAddr)
- assert.NoError(t, err)
- assert.NotEmpty(t, loginCookie2)
- assert.NotEmpty(t, csrfToken2)
- rAddr := "1.2.3.4"
- loginCookie3, csrfToken3, err := getCSRFTokenMock(loginURL, rAddr)
- assert.NoError(t, err)
- assert.NotEmpty(t, loginCookie3)
- assert.NotEmpty(t, csrfToken3)
-
- form := getLoginForm(defaultUsername, defaultPassword, csrfToken1)
- req, err := http.NewRequest(http.MethodPost, loginURL, bytes.NewBuffer([]byte(form.Encode())))
- assert.NoError(t, err)
- req.RemoteAddr = defaultRemoteAddr
- req.RequestURI = loginURL
- setLoginCookie(req, loginCookie2)
- req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
- rr := executeRequest(req)
- checkResponseCode(t, http.StatusOK, rr)
- assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCSRF)
-
- // use a CSRF token as login cookie (invalid audience)
- form = getLoginForm(defaultUsername, defaultPassword, csrfToken1)
- req, err = http.NewRequest(http.MethodPost, loginURL, bytes.NewBuffer([]byte(form.Encode())))
- assert.NoError(t, err)
- req.RemoteAddr = defaultRemoteAddr
- req.RequestURI = loginURL
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", csrfToken1))
- req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusOK, rr)
- assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCSRF)
- // invalid IP
- form = getLoginForm(defaultUsername, defaultPassword, csrfToken3)
- req, err = http.NewRequest(http.MethodPost, loginURL, bytes.NewBuffer([]byte(form.Encode())))
- assert.NoError(t, err)
- req.RemoteAddr = defaultRemoteAddr
- req.RequestURI = loginURL
- setLoginCookie(req, loginCookie3)
- req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusOK, rr)
- assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCSRF)
- }
-
- err = os.RemoveAll(user.GetHomeDir())
- assert.NoError(t, err)
- _, err = httpdtest.RemoveUser(user, http.StatusOK)
- assert.NoError(t, err)
-}
-
func TestWebUserProfile(t *testing.T) {
user, _, err := httpdtest.AddUser(getTestUser(), http.StatusCreated)
assert.NoError(t, err)
- token, err := getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
+ csrfToken, err := getCSRFToken(httpBaseURL + webClientLoginPath)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webClientProfilePath, token)
+ token, err := getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
email := "user@user.com"
@@ -20500,7 +19388,6 @@ func TestWebUserProfile(t *testing.T) {
form.Set("public_keys[0][public_key]", testPubKey)
form.Set("public_keys[1][public_key]", testPubKey1)
form.Set("tls_certs[0][tls_cert]", httpsCert)
- form.Set("additional_emails[0][additional_email]", "email1@user.com")
// no csrf token
req, err := http.NewRequest(http.MethodPost, webClientProfilePath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
@@ -20527,9 +19414,6 @@ func TestWebUserProfile(t *testing.T) {
assert.Len(t, user.Filters.TLSCerts, 1)
assert.Equal(t, email, user.Email)
assert.Equal(t, description, user.Description)
- if assert.Len(t, user.Filters.AdditionalEmails, 1) {
- assert.Equal(t, "email1@user.com", user.Filters.AdditionalEmails[0])
- }
// set an invalid email
form.Set("email", "not an email")
@@ -20568,8 +19452,6 @@ func TestWebUserProfile(t *testing.T) {
assert.NoError(t, err)
token, err = getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webClientProfilePath, token)
- assert.NoError(t, err)
form.Set("allow_api_key_auth", "0")
form.Set(csrfFormToken, csrfToken)
@@ -20594,12 +19476,9 @@ func TestWebUserProfile(t *testing.T) {
assert.NoError(t, err)
token, err = getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webClientProfilePath, token)
- assert.NoError(t, err)
form.Set("public_keys[0][public_key]", testPubKey)
form.Set("public_keys[1][public_key]", testPubKey1)
form.Set("tls_certs[0][tls_cert]", "")
- form.Set(csrfFormToken, csrfToken)
req, _ = http.NewRequest(http.MethodPost, webClientProfilePath, bytes.NewBuffer([]byte(form.Encode())))
req.RemoteAddr = defaultRemoteAddr
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
@@ -20620,11 +19499,8 @@ func TestWebUserProfile(t *testing.T) {
assert.NoError(t, err)
token, err = getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webClientProfilePath, token)
- assert.NoError(t, err)
form.Set("email", "newemail@user.com")
form.Set("description", "new description")
- form.Set(csrfFormToken, csrfToken)
req, _ = http.NewRequest(http.MethodPost, webClientProfilePath, bytes.NewBuffer([]byte(form.Encode())))
req.RemoteAddr = defaultRemoteAddr
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
@@ -20646,9 +19522,6 @@ func TestWebUserProfile(t *testing.T) {
assert.NoError(t, err)
token, err = getJWTWebClientTokenFromTestServer(defaultUsername, defaultPassword)
assert.NoError(t, err)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webChangeClientPwdPath, token)
- assert.NoError(t, err)
- form.Set(csrfFormToken, csrfToken)
req, _ = http.NewRequest(http.MethodPost, webClientProfilePath, bytes.NewBuffer([]byte(form.Encode())))
req.RemoteAddr = defaultRemoteAddr
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
@@ -20679,7 +19552,7 @@ func TestWebAdminProfile(t *testing.T) {
assert.NoError(t, err)
token, err := getJWTWebTokenFromTestServer(admin.Username, altAdminPassword)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webAdminProfilePath, token)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
req, err := http.NewRequest(http.MethodGet, webAdminProfilePath, nil)
assert.NoError(t, err)
@@ -20756,7 +19629,7 @@ func TestWebAdminPwdChange(t *testing.T) {
token, err := getJWTWebTokenFromTestServer(admin.Username, altAdminPassword)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webChangeAdminPwdPath, token)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
req, err := http.NewRequest(http.MethodGet, webChangeAdminPwdPath, nil)
assert.NoError(t, err)
@@ -21225,7 +20098,7 @@ func TestBasicWebUsersMock(t *testing.T) {
setJWTCookieForReq(req, webToken)
rr = executeRequest(req)
checkResponseCode(t, http.StatusNotFound, rr)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webUserPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
form := make(url.Values)
form.Set("username", user.Username)
@@ -21287,7 +20160,7 @@ func TestWebAdminBasicMock(t *testing.T) {
admin := getTestAdmin()
admin.Username = altAdminUsername
admin.Password = altAdminPassword
- csrfToken, err := getCSRFTokenFromInternalPageMock(webAdminPath, token)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
form := make(url.Values)
form.Set("username", admin.Username)
@@ -21331,6 +20204,13 @@ func TestWebAdminBasicMock(t *testing.T) {
assert.Contains(t, rr.Body.String(), util.I18nError500Message)
form.Set("default_users_expiration", "10")
+ req, _ = http.NewRequest(http.MethodPost, webAdminPath, bytes.NewBuffer([]byte(form.Encode())))
+ req.RemoteAddr = defaultRemoteAddr
+ req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+ setJWTCookieForReq(req, token)
+ rr = executeRequest(req)
+ checkResponseCode(t, http.StatusOK, rr)
+
form.Set("password", admin.Password)
req, _ = http.NewRequest(http.MethodPost, webAdminPath, bytes.NewBuffer([]byte(form.Encode())))
req.RemoteAddr = defaultRemoteAddr
@@ -21360,17 +20240,6 @@ func TestWebAdminBasicMock(t *testing.T) {
checkResponseCode(t, http.StatusForbidden, rr)
assert.Contains(t, rr.Body.String(), "Invalid token")
- req, err = http.NewRequest(http.MethodPost, webAdminTOTPSavePath, bytes.NewBuffer(asJSON))
- assert.NoError(t, err)
- setJWTCookieForReq(req, altToken)
- setCSRFHeaderForReq(req, csrfToken) // invalid CSRF token
- req.RemoteAddr = defaultRemoteAddr
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusForbidden, rr)
- assert.Contains(t, rr.Body.String(), "the token is not valid")
-
- csrfToken, err = getCSRFTokenFromInternalPageMock(webAdminPath, altToken)
- assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, webAdminTOTPSavePath, bytes.NewBuffer(asJSON))
assert.NoError(t, err)
setJWTCookieForReq(req, altToken)
@@ -21447,7 +20316,7 @@ func TestWebAdminBasicMock(t *testing.T) {
rr = executeRequest(req)
checkResponseCode(t, http.StatusSeeOther, rr)
- form.Set(csrfFormToken, csrfToken) // associated to altToken
+ form.Set(csrfFormToken, "invalid csrf")
req, _ = http.NewRequest(http.MethodPost, path.Join(webAdminPath, altAdminUsername), bytes.NewBuffer([]byte(form.Encode())))
req.RemoteAddr = defaultRemoteAddr
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
@@ -21456,8 +20325,6 @@ func TestWebAdminBasicMock(t *testing.T) {
checkResponseCode(t, http.StatusForbidden, rr)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCSRF)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webAdminPath, token)
- assert.NoError(t, err)
form.Set(csrfFormToken, csrfToken)
form.Set("email", "not-an-email")
req, _ = http.NewRequest(http.MethodPost, path.Join(webAdminPath, altAdminUsername), bytes.NewBuffer([]byte(form.Encode())))
@@ -21567,7 +20434,7 @@ func TestWebAdminGroupsMock(t *testing.T) {
admin := getTestAdmin()
admin.Username = altAdminUsername
admin.Password = altAdminPassword
- csrfToken, err := getCSRFTokenFromInternalPageMock(webAdminPath, token)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
form := make(url.Values)
form.Set(csrfFormToken, csrfToken)
@@ -21705,7 +20572,7 @@ func TestAdminUpdateSelfMock(t *testing.T) {
assert.NoError(t, err)
token, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webAdminPath, token)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
form := make(url.Values)
form.Set("username", admin.Username)
@@ -21763,8 +20630,9 @@ func TestWebMaintenanceMock(t *testing.T) {
setJWTCookieForReq(req, token)
rr := executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webMaintenancePath, token)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
+
form := make(url.Values)
form.Set("mode", "a")
b, contentType, _ := getMultipartFormData(form, "", "")
@@ -21883,7 +20751,7 @@ func TestWebUserAddMock(t *testing.T) {
assert.NoError(t, err)
apiToken, err := getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webUserPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
group1 := getTestGroup()
group1.Name += "_1"
@@ -21906,7 +20774,6 @@ func TestWebUserAddMock(t *testing.T) {
user.AdditionalInfo = "info"
user.Description = "user dsc"
user.Email = "test@test.com"
- user.Filters.AdditionalEmails = []string{"example1@test.com", "example2@test.com"}
mappedDir := filepath.Join(os.TempDir(), "mapped")
folderName := filepath.Base(mappedDir)
f := vfs.BaseVirtualFolder{
@@ -21924,8 +20791,6 @@ func TestWebUserAddMock(t *testing.T) {
form.Set(csrfFormToken, csrfToken)
form.Set("username", user.Username)
form.Set("email", user.Email)
- form.Set("additional_emails[0][additional_email]", user.Filters.AdditionalEmails[0])
- form.Set("additional_emails[1][additional_email]", user.Filters.AdditionalEmails[1])
form.Set("home_dir", user.HomeDir)
form.Set("osfs_read_buffer_size", "2")
form.Set("osfs_write_buffer_size", "3")
@@ -22252,7 +21117,6 @@ func TestWebUserAddMock(t *testing.T) {
assert.True(t, newUser.Filters.DisableFsChecks)
assert.False(t, newUser.Filters.AllowAPIKeyAuth)
assert.Equal(t, user.Email, newUser.Email)
- assert.Equal(t, len(user.Filters.AdditionalEmails), len(newUser.Filters.AdditionalEmails))
assert.Equal(t, "/start/dir", newUser.Filters.StartDirectory)
assert.Equal(t, 0, newUser.Filters.FTPSecurity)
assert.Equal(t, 10, newUser.Filters.DefaultSharesExpiration)
@@ -22261,10 +21125,10 @@ func TestWebUserAddMock(t *testing.T) {
assert.Equal(t, 60, newUser.Filters.PasswordStrength)
assert.Greater(t, newUser.LastPasswordChange, int64(0))
assert.True(t, newUser.Filters.RequirePasswordChange)
- assert.True(t, slices.Contains(newUser.PublicKeys, testPubKey))
+ assert.True(t, util.Contains(newUser.PublicKeys, testPubKey))
if val, ok := newUser.Permissions["/subdir"]; ok {
- assert.True(t, slices.Contains(val, dataprovider.PermListItems))
- assert.True(t, slices.Contains(val, dataprovider.PermDownload))
+ assert.True(t, util.Contains(val, dataprovider.PermListItems))
+ assert.True(t, util.Contains(val, dataprovider.PermDownload))
} else {
assert.Fail(t, "user permissions must contain /somedir", "actual: %v", newUser.Permissions)
}
@@ -22283,20 +21147,20 @@ func TestWebUserAddMock(t *testing.T) {
case "/dir1":
assert.Len(t, filter.DeniedPatterns, 1)
assert.Len(t, filter.AllowedPatterns, 1)
- assert.True(t, slices.Contains(filter.AllowedPatterns, "*.png"))
- assert.True(t, slices.Contains(filter.DeniedPatterns, "*.zip"))
+ assert.True(t, util.Contains(filter.AllowedPatterns, "*.png"))
+ assert.True(t, util.Contains(filter.DeniedPatterns, "*.zip"))
assert.Equal(t, sdk.DenyPolicyDefault, filter.DenyPolicy)
case "/dir2":
assert.Len(t, filter.DeniedPatterns, 1)
assert.Len(t, filter.AllowedPatterns, 2)
- assert.True(t, slices.Contains(filter.AllowedPatterns, "*.jpg"))
- assert.True(t, slices.Contains(filter.AllowedPatterns, "*.png"))
- assert.True(t, slices.Contains(filter.DeniedPatterns, "*.mkv"))
+ assert.True(t, util.Contains(filter.AllowedPatterns, "*.jpg"))
+ assert.True(t, util.Contains(filter.AllowedPatterns, "*.png"))
+ assert.True(t, util.Contains(filter.DeniedPatterns, "*.mkv"))
assert.Equal(t, sdk.DenyPolicyHide, filter.DenyPolicy)
case "/dir3":
assert.Len(t, filter.DeniedPatterns, 1)
assert.Len(t, filter.AllowedPatterns, 0)
- assert.True(t, slices.Contains(filter.DeniedPatterns, "*.rar"))
+ assert.True(t, util.Contains(filter.DeniedPatterns, "*.rar"))
assert.Equal(t, sdk.DenyPolicyDefault, filter.DenyPolicy)
}
}
@@ -22342,6 +21206,8 @@ func TestWebUserUpdateMock(t *testing.T) {
assert.NoError(t, err)
apiToken, err := getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
+ assert.NoError(t, err)
user := getTestUser()
user.Filters.BandwidthLimits = []sdk.BandwidthLimit{
{
@@ -22380,8 +21246,6 @@ func TestWebUserUpdateMock(t *testing.T) {
checkResponseCode(t, http.StatusForbidden, rr)
assert.Contains(t, rr.Body.String(), "Invalid token")
- csrfToken, err := getCSRFTokenFromInternalPageMock(webClientProfilePath, userToken)
- assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, webClientTOTPSavePath, bytes.NewBuffer(asJSON))
assert.NoError(t, err)
setJWTCookieForReq(req, userToken)
@@ -22466,8 +21330,6 @@ func TestWebUserUpdateMock(t *testing.T) {
checkResponseCode(t, http.StatusForbidden, rr)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCSRF)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webUserPath, webToken)
- assert.NoError(t, err)
form.Set(csrfFormToken, csrfToken)
b, contentType, _ = getMultipartFormData(form, "", "")
req, _ = http.NewRequest(http.MethodPost, path.Join(webUserPath, user.Username), &b)
@@ -22537,16 +21399,16 @@ func TestWebUserUpdateMock(t *testing.T) {
assert.Equal(t, 40, updateUser.Filters.PasswordStrength)
assert.True(t, updateUser.Filters.RequirePasswordChange)
if val, ok := updateUser.Permissions["/otherdir"]; ok {
- assert.True(t, slices.Contains(val, dataprovider.PermListItems))
- assert.True(t, slices.Contains(val, dataprovider.PermUpload))
+ assert.True(t, util.Contains(val, dataprovider.PermListItems))
+ assert.True(t, util.Contains(val, dataprovider.PermUpload))
} else {
assert.Fail(t, "user permissions must contains /otherdir", "actual: %v", updateUser.Permissions)
}
- assert.True(t, slices.Contains(updateUser.Filters.AllowedIP, "192.168.1.3/32"))
- assert.True(t, slices.Contains(updateUser.Filters.DeniedIP, "10.0.0.2/32"))
- assert.True(t, slices.Contains(updateUser.Filters.DeniedLoginMethods, dataprovider.SSHLoginMethodKeyboardInteractive))
- assert.True(t, slices.Contains(updateUser.Filters.DeniedProtocols, common.ProtocolFTP))
- assert.True(t, slices.Contains(updateUser.Filters.FilePatterns[0].DeniedPatterns, "*.zip"))
+ assert.True(t, util.Contains(updateUser.Filters.AllowedIP, "192.168.1.3/32"))
+ assert.True(t, util.Contains(updateUser.Filters.DeniedIP, "10.0.0.2/32"))
+ assert.True(t, util.Contains(updateUser.Filters.DeniedLoginMethods, dataprovider.SSHLoginMethodKeyboardInteractive))
+ assert.True(t, util.Contains(updateUser.Filters.DeniedProtocols, common.ProtocolFTP))
+ assert.True(t, util.Contains(updateUser.Filters.FilePatterns[0].DeniedPatterns, "*.zip"))
assert.Len(t, updateUser.Filters.BandwidthLimits, 0)
assert.Len(t, updateUser.Filters.TLSCerts, 1)
req, err = http.NewRequest(http.MethodDelete, path.Join(userPath, user.Username), nil)
@@ -22617,10 +21479,112 @@ func TestRenderUserTemplateMock(t *testing.T) {
assert.NoError(t, err)
}
+func TestUserTemplateWithFoldersMock(t *testing.T) {
+ folder := vfs.BaseVirtualFolder{
+ Name: "vfolder",
+ MappedPath: filepath.Join(os.TempDir(), "mapped"),
+ Description: "vfolder desc with spéciàl ch@rs",
+ }
+
+ token, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
+ assert.NoError(t, err)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
+ assert.NoError(t, err)
+ user := getTestUser()
+ form := make(url.Values)
+ form.Set("username", user.Username)
+ form.Set("home_dir", filepath.Join(os.TempDir(), "%username%"))
+ form.Set("uid", strconv.FormatInt(int64(user.UID), 10))
+ form.Set("gid", strconv.FormatInt(int64(user.GID), 10))
+ form.Set("max_sessions", strconv.FormatInt(int64(user.MaxSessions), 10))
+ form.Set("quota_size", strconv.FormatInt(user.QuotaSize, 10))
+ form.Set("quota_files", strconv.FormatInt(int64(user.QuotaFiles), 10))
+ form.Set("upload_bandwidth", "0")
+ form.Set("download_bandwidth", "0")
+ form.Set("upload_data_transfer", "0")
+ form.Set("download_data_transfer", "0")
+ form.Set("total_data_transfer", "0")
+ form.Set("permissions", "*")
+ form.Set("status", strconv.Itoa(user.Status))
+ form.Set("expiration_date", "2020-01-01 00:00:00")
+ form.Set("fs_provider", "0")
+ form.Set("max_upload_file_size", "0")
+ form.Set("default_shares_expiration", "0")
+ form.Set("max_shares_expiration", "0")
+ form.Set("password_expiration", "0")
+ form.Set("password_strength", "0")
+ form.Set("ftp_security", "1")
+ form.Set("external_auth_cache_time", "0")
+ form.Set("description", "desc %username% %password%")
+ form.Set("start_directory", "/base/%username%")
+ form.Set("vfolder_path", "/vdir%username%")
+ form.Set("vfolder_name", folder.Name)
+ form.Set("vfolder_quota_size", "-1")
+ form.Set("vfolder_quota_files", "-1")
+ form.Add("tpl_username", "auser1")
+ form.Add("tpl_password", "password1")
+ form.Add("tpl_public_keys", " ")
+ form.Add("tpl_username", "auser2")
+ form.Add("tpl_password", "password2")
+ form.Add("tpl_public_keys", testPubKey)
+ form.Add("tpl_username", "auser1")
+ form.Add("tpl_password", "password")
+ form.Add("tpl_public_keys", "")
+ form.Set("form_action", "export_from_template")
+ b, contentType, _ := getMultipartFormData(form, "", "")
+ req, _ := http.NewRequest(http.MethodPost, webTemplateUser, &b)
+ setJWTCookieForReq(req, token)
+ req.Header.Set("Content-Type", contentType)
+ rr := executeRequest(req)
+ checkResponseCode(t, http.StatusForbidden, rr)
+ require.Contains(t, rr.Body.String(), util.I18nErrorInvalidCSRF)
+
+ folder, resp, err := httpdtest.AddFolder(folder, http.StatusCreated)
+ assert.NoError(t, err, string(resp))
+
+ form.Set(csrfFormToken, csrfToken)
+ b, contentType, _ = getMultipartFormData(form, "", "")
+ req, _ = http.NewRequest(http.MethodPost, webTemplateUser, &b)
+ setJWTCookieForReq(req, token)
+ req.Header.Set("Content-Type", contentType)
+ rr = executeRequest(req)
+ checkResponseCode(t, http.StatusOK, rr)
+
+ var dump dataprovider.BackupData
+ err = json.Unmarshal(rr.Body.Bytes(), &dump)
+ assert.NoError(t, err)
+ assert.Len(t, dump.Users, 2)
+ assert.Len(t, dump.Folders, 1)
+ user1 := dump.Users[0]
+ user2 := dump.Users[1]
+ folder1 := dump.Folders[0]
+ assert.Equal(t, "auser1", user1.Username)
+ assert.Equal(t, "auser2", user2.Username)
+ assert.Equal(t, "desc auser1 password1", user1.Description)
+ assert.Equal(t, "desc auser2 password2", user2.Description)
+ assert.Equal(t, filepath.Join(os.TempDir(), user1.Username), user1.HomeDir)
+ assert.Equal(t, filepath.Join(os.TempDir(), user2.Username), user2.HomeDir)
+ assert.Equal(t, path.Join("/base", user1.Username), user1.Filters.StartDirectory)
+ assert.Equal(t, path.Join("/base", user2.Username), user2.Filters.StartDirectory)
+ assert.Equal(t, 0, user2.Filters.DefaultSharesExpiration)
+ assert.Equal(t, folder.Name, folder1.Name)
+ assert.Len(t, user1.PublicKeys, 0)
+ assert.Len(t, user2.PublicKeys, 1)
+ assert.Len(t, user1.VirtualFolders, 1)
+ assert.Len(t, user2.VirtualFolders, 1)
+ assert.Equal(t, "/vdirauser1", user1.VirtualFolders[0].VirtualPath)
+ assert.Equal(t, "/vdirauser2", user2.VirtualFolders[0].VirtualPath)
+ assert.Equal(t, 1, user1.Filters.FTPSecurity)
+ assert.Equal(t, 1, user2.Filters.FTPSecurity)
+
+ _, err = httpdtest.RemoveFolder(folder, http.StatusOK)
+ assert.NoError(t, err)
+}
+
func TestUserSaveFromTemplateMock(t *testing.T) {
token, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webTemplateFolder, token)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
user1 := "u1"
user2 := "u2"
@@ -22652,48 +21616,18 @@ func TestUserSaveFromTemplateMock(t *testing.T) {
form.Add("template_users[0][tpl_public_keys]", " ")
form.Add("template_users[1][tpl_username]", user2)
form.Add("template_users[1][tpl_public_keys]", testPubKey)
+ form.Set(csrfFormToken, csrfToken)
b, contentType, _ := getMultipartFormData(form, "", "")
req, _ := http.NewRequest(http.MethodPost, webTemplateUser, &b)
setJWTCookieForReq(req, token)
req.Header.Set("Content-Type", contentType)
rr := executeRequest(req)
- checkResponseCode(t, http.StatusForbidden, rr)
- assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCSRF)
-
- form.Set(csrfFormToken, csrfToken)
- b, contentType, _ = getMultipartFormData(form, "", "")
- req, _ = http.NewRequest(http.MethodPost, webTemplateUser, &b)
- setJWTCookieForReq(req, token)
- req.Header.Set("Content-Type", contentType)
- rr = executeRequest(req)
checkResponseCode(t, http.StatusSeeOther, rr)
u1, _, err := httpdtest.GetUserByUsername(user1, http.StatusOK)
assert.NoError(t, err)
- assert.False(t, u1.Filters.RequirePasswordChange)
u2, _, err := httpdtest.GetUserByUsername(user2, http.StatusOK)
assert.NoError(t, err)
- assert.False(t, u2.Filters.RequirePasswordChange)
-
- _, err = httpdtest.RemoveUser(u1, http.StatusOK)
- assert.NoError(t, err)
- _, err = httpdtest.RemoveUser(u2, http.StatusOK)
- assert.NoError(t, err)
-
- form.Add("tpl_require_password_change", "checked")
- b, contentType, _ = getMultipartFormData(form, "", "")
- req, _ = http.NewRequest(http.MethodPost, webTemplateUser, &b)
- setJWTCookieForReq(req, token)
- req.Header.Set("Content-Type", contentType)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusSeeOther, rr)
-
- u1, _, err = httpdtest.GetUserByUsername(user1, http.StatusOK)
- assert.NoError(t, err)
- assert.True(t, u1.Filters.RequirePasswordChange)
- u2, _, err = httpdtest.GetUserByUsername(user2, http.StatusOK)
- assert.NoError(t, err)
- assert.True(t, u2.Filters.RequirePasswordChange)
_, err = httpdtest.RemoveUser(u1, http.StatusOK)
assert.NoError(t, err)
@@ -22720,11 +21654,9 @@ func TestUserSaveFromTemplateMock(t *testing.T) {
assert.NoError(t, err)
}
-func TestUserTemplateErrors(t *testing.T) {
+func TestUserTemplateMock(t *testing.T) {
token, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webTemplateFolder, token)
- assert.NoError(t, err)
user := getTestUser()
user.FsConfig.Provider = sdk.S3FilesystemProvider
user.FsConfig.S3Config.Bucket = "test"
@@ -22735,6 +21667,8 @@ func TestUserTemplateErrors(t *testing.T) {
user.FsConfig.S3Config.UploadConcurrency = 4
user.FsConfig.S3Config.DownloadPartSize = 6
user.FsConfig.S3Config.DownloadConcurrency = 3
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
+ assert.NoError(t, err)
form := make(url.Values)
form.Set(csrfFormToken, csrfToken)
form.Set("username", user.Username)
@@ -22760,7 +21694,6 @@ func TestUserTemplateErrors(t *testing.T) {
form.Set("s3_region", user.FsConfig.S3Config.Region)
form.Set("s3_access_key", "%username%")
form.Set("s3_access_secret", "%password%")
- form.Set("s3_sse_customer_key", "%password%")
form.Set("s3_key_prefix", "base/%username%")
form.Set("max_upload_file_size", "0")
form.Set("default_shares_expiration", "0")
@@ -22785,14 +21718,13 @@ func TestUserTemplateErrors(t *testing.T) {
form.Set("s3_upload_concurrency", strconv.Itoa(user.FsConfig.S3Config.UploadConcurrency))
form.Set("s3_download_part_size", strconv.FormatInt(user.FsConfig.S3Config.DownloadPartSize, 10))
form.Set("s3_download_concurrency", strconv.Itoa(user.FsConfig.S3Config.DownloadConcurrency))
- // no user defined
+
b, contentType, _ = getMultipartFormData(form, "", "")
req, _ = http.NewRequest(http.MethodPost, webTemplateUser, &b)
setJWTCookieForReq(req, token)
req.Header.Set("Content-Type", contentType)
rr = executeRequest(req)
checkResponseCode(t, http.StatusBadRequest, rr)
- assert.Contains(t, rr.Body.String(), util.I18nErrorUserTemplate)
form.Set("template_users[0][tpl_username]", "user1")
form.Set("template_users[0][tpl_password]", "password1")
@@ -22815,141 +21747,73 @@ func TestUserTemplateErrors(t *testing.T) {
rr = executeRequest(req)
checkResponseCode(t, http.StatusBadRequest, rr)
require.Contains(t, rr.Body.String(), util.I18nErrorUserTemplate)
-}
-func TestUserTemplateRoleAndPermissions(t *testing.T) {
- r1 := getTestRole()
- r2 := getTestRole()
- r2.Name += "_mod"
- role1, resp, err := httpdtest.AddRole(r1, http.StatusCreated)
- assert.NoError(t, err, string(resp))
- role2, resp, err := httpdtest.AddRole(r2, http.StatusCreated)
- assert.NoError(t, err, string(resp))
- admin := getTestAdmin()
- admin.Username = altAdminUsername
- admin.Password = altAdminPassword
- admin.Role = role1.Name
- admin.Permissions = []string{dataprovider.PermAdminManageFolders, dataprovider.PermAdminChangeUsers,
- dataprovider.PermAdminViewUsers}
- admin, _, err = httpdtest.AddAdmin(admin, http.StatusCreated)
- assert.NoError(t, err)
-
- token, err := getJWTWebTokenFromTestServer(altAdminUsername, altAdminPassword)
- assert.NoError(t, err)
-
- req, _ := http.NewRequest(http.MethodGet, webTemplateUser, nil)
- setJWTCookieForReq(req, token)
- rr := executeRequest(req)
- checkResponseCode(t, http.StatusForbidden, rr)
-
- csrfToken, err := getCSRFTokenFromInternalPageMock(webTemplateFolder, token)
- assert.NoError(t, err)
- user1 := "u1"
- user2 := "u2"
- form := make(url.Values)
- form.Set("username", "")
- form.Set("role", role2.Name)
- form.Set("home_dir", filepath.Join(os.TempDir(), "%username%"))
- form.Set("upload_bandwidth", "0")
- form.Set("download_bandwidth", "0")
- form.Set("upload_data_transfer", "0")
- form.Set("download_data_transfer", "0")
- form.Set("total_data_transfer", "0")
- form.Set("uid", "0")
- form.Set("gid", "0")
- form.Set("max_sessions", "0")
- form.Set("quota_size", "0")
- form.Set("quota_files", "0")
- form.Set("permissions", "*")
- form.Set("status", "1")
- form.Set("expiration_date", "")
- form.Set("fs_provider", "0")
- form.Set("max_upload_file_size", "0")
- form.Set("default_shares_expiration", "0")
- form.Set("max_shares_expiration", "0")
- form.Set("password_expiration", "0")
- form.Set("password_strength", "0")
- form.Set("external_auth_cache_time", "0")
- form.Add("template_users[0][tpl_username]", user1)
- form.Add("template_users[0][tpl_password]", "password1")
- form.Add("template_users[0][tpl_public_keys]", " ")
- form.Add("template_users[1][tpl_username]", user2)
- form.Add("template_users[1][tpl_public_keys]", testPubKey)
- form.Set(csrfFormToken, csrfToken)
- b, contentType, _ := getMultipartFormData(form, "", "")
+ form.Set("template_users[0][tpl_username]", "user1")
+ form.Set("template_users[0][tpl_password]", "password1")
+ form.Set("template_users[0][tpl_public_keys]", " ")
+ form.Set("template_users[1][tpl_username]", "user2")
+ form.Set("template_users[1][tpl_password]", "password2")
+ form.Set("template_users[1][tpl_public_keys]", testPubKey)
+ form.Set("template_users[2][tpl_username]", "")
+ form.Set("template_users[2][tpl_password]", "password3")
+ form.Set("template_users[2][tpl_public_keys]", testPubKey)
+ b, contentType, _ = getMultipartFormData(form, "", "")
req, _ = http.NewRequest(http.MethodPost, webTemplateUser, &b)
setJWTCookieForReq(req, token)
req.Header.Set("Content-Type", contentType)
rr = executeRequest(req)
- checkResponseCode(t, http.StatusForbidden, rr)
- // Add the required permissions
- admin.Permissions = append(admin.Permissions, dataprovider.PermAdminAddUsers)
- _, _, err = httpdtest.UpdateAdmin(admin, http.StatusOK)
- assert.NoError(t, err)
-
- token, err = getJWTWebTokenFromTestServer(altAdminUsername, altAdminPassword)
- assert.NoError(t, err)
-
- req, _ = http.NewRequest(http.MethodGet, webTemplateUser, nil)
- setJWTCookieForReq(req, token)
- rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
- csrfToken, err = getCSRFTokenFromInternalPageMock(webTemplateUser, token)
- assert.NoError(t, err)
- form.Set(csrfFormToken, csrfToken)
+ var dump dataprovider.BackupData
+ err = json.Unmarshal(rr.Body.Bytes(), &dump)
+ require.NoError(t, err)
+ require.Len(t, dump.Users, 2)
+ require.Len(t, dump.Admins, 0)
+ require.Len(t, dump.Folders, 0)
- b, contentType, _ = getMultipartFormData(form, "", "")
- req, _ = http.NewRequest(http.MethodPost, webTemplateUser, &b)
- setJWTCookieForReq(req, token)
- req.Header.Set("Content-Type", contentType)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusSeeOther, rr)
-
- u1, _, err := httpdtest.GetUserByUsername(user1, http.StatusOK)
- assert.NoError(t, err)
- assert.Equal(t, admin.Role, u1.Role)
- u2, _, err := httpdtest.GetUserByUsername(user2, http.StatusOK)
- assert.NoError(t, err)
- assert.Equal(t, admin.Role, u2.Role)
-
- _, err = httpdtest.RemoveUser(u1, http.StatusOK)
- assert.NoError(t, err)
- _, err = httpdtest.RemoveUser(u2, http.StatusOK)
- assert.NoError(t, err)
- // Set an empty role
- form.Set("role", "")
- b, contentType, _ = getMultipartFormData(form, "", "")
- req, _ = http.NewRequest(http.MethodPost, webTemplateUser, &b)
- setJWTCookieForReq(req, token)
- req.Header.Set("Content-Type", contentType)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusSeeOther, rr)
-
- u1, _, err = httpdtest.GetUserByUsername(user1, http.StatusOK)
- assert.NoError(t, err)
- assert.Equal(t, admin.Role, u1.Role)
- u2, _, err = httpdtest.GetUserByUsername(user2, http.StatusOK)
- assert.NoError(t, err)
- assert.Equal(t, admin.Role, u2.Role)
-
- _, err = httpdtest.RemoveUser(u1, http.StatusOK)
- assert.NoError(t, err)
- _, err = httpdtest.RemoveUser(u2, http.StatusOK)
- assert.NoError(t, err)
-
- _, err = httpdtest.RemoveAdmin(admin, http.StatusOK)
- assert.NoError(t, err)
- _, err = httpdtest.RemoveRole(role1, http.StatusOK)
- assert.NoError(t, err)
- _, err = httpdtest.RemoveRole(role2, http.StatusOK)
- assert.NoError(t, err)
+ var user1, user2 dataprovider.User
+ for _, u := range dump.Users {
+ switch u.Username {
+ case "user1":
+ user1 = u
+ default:
+ user2 = u
+ }
+ }
+ require.Equal(t, "user1", user1.Username)
+ require.Equal(t, sdk.S3FilesystemProvider, user1.FsConfig.Provider)
+ require.Equal(t, "user2", user2.Username)
+ require.Equal(t, sdk.S3FilesystemProvider, user2.FsConfig.Provider)
+ require.Len(t, user1.PublicKeys, 0)
+ require.Len(t, user2.PublicKeys, 1)
+ require.Equal(t, filepath.Join(os.TempDir(), user1.Username), user1.HomeDir)
+ require.Equal(t, filepath.Join(os.TempDir(), user2.Username), user2.HomeDir)
+ require.Equal(t, user1.Username, user1.FsConfig.S3Config.AccessKey)
+ require.Equal(t, user2.Username, user2.FsConfig.S3Config.AccessKey)
+ require.Equal(t, path.Join("base", user1.Username)+"/", user1.FsConfig.S3Config.KeyPrefix)
+ require.Equal(t, path.Join("base", user2.Username)+"/", user2.FsConfig.S3Config.KeyPrefix)
+ require.True(t, user1.FsConfig.S3Config.AccessSecret.IsEncrypted())
+ err = user1.FsConfig.S3Config.AccessSecret.Decrypt()
+ require.NoError(t, err)
+ require.Equal(t, "password1", user1.FsConfig.S3Config.AccessSecret.GetPayload())
+ require.True(t, user2.FsConfig.S3Config.AccessSecret.IsEncrypted())
+ err = user2.FsConfig.S3Config.AccessSecret.Decrypt()
+ require.NoError(t, err)
+ require.Equal(t, "password2", user2.FsConfig.S3Config.AccessSecret.GetPayload())
+ require.True(t, user1.Filters.Hooks.ExternalAuthDisabled)
+ require.True(t, user1.Filters.Hooks.CheckPasswordDisabled)
+ require.False(t, user1.Filters.Hooks.PreLoginDisabled)
+ require.True(t, user2.Filters.Hooks.ExternalAuthDisabled)
+ require.True(t, user2.Filters.Hooks.CheckPasswordDisabled)
+ require.False(t, user2.Filters.Hooks.PreLoginDisabled)
+ require.True(t, user1.Filters.DisableFsChecks)
+ require.True(t, user2.Filters.DisableFsChecks)
}
func TestUserPlaceholders(t *testing.T) {
token, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webUserPath, token)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
u := getTestUser()
u.HomeDir = filepath.Join(os.TempDir(), "%username%_%password%")
@@ -23022,7 +21886,7 @@ func TestUserPlaceholders(t *testing.T) {
func TestFolderPlaceholders(t *testing.T) {
token, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webFolderPath, token)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
folderName := "folderName"
form := make(url.Values)
@@ -23066,7 +21930,7 @@ func TestFolderSaveFromTemplateMock(t *testing.T) {
folder2 := "f2"
token, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webTemplateFolder, token)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
form := make(url.Values)
form.Set("name", "name")
@@ -23112,12 +21976,12 @@ func TestFolderSaveFromTemplateMock(t *testing.T) {
assert.NoError(t, err)
}
-func TestFolderTemplateErrors(t *testing.T) {
+func TestFolderTemplateMock(t *testing.T) {
folderName := "vfolder-template"
mappedPath := filepath.Join(os.TempDir(), "%name%mapped%name%path")
token, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webTemplateFolder, token)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
form := make(url.Values)
form.Set("name", folderName)
@@ -23128,6 +21992,7 @@ func TestFolderTemplateErrors(t *testing.T) {
form.Set("template_folders[2][tpl_foldername]", "folder3")
form.Set("template_folders[3][tpl_foldername]", "folder1 ")
form.Add("template_folders[3][tpl_foldername]", " ")
+ form.Set("form_action", "export_from_template")
b, contentType, _ := getMultipartFormData(form, "", "")
req, _ := http.NewRequest(http.MethodPost, webTemplateFolder, &b)
setJWTCookieForReq(req, token)
@@ -23145,12 +22010,41 @@ func TestFolderTemplateErrors(t *testing.T) {
checkResponseCode(t, http.StatusBadRequest, rr)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidForm)
+ folder1 := "folder1"
+ folder2 := "folder2"
+ folder3 := "folder3"
+ b, contentType, _ = getMultipartFormData(form, "", "")
+ req, _ = http.NewRequest(http.MethodPost, webTemplateFolder, &b)
+ setJWTCookieForReq(req, token)
+ req.Header.Set("Content-Type", contentType)
+ rr = executeRequest(req)
+ checkResponseCode(t, http.StatusOK, rr)
+
+ var dump dataprovider.BackupData
+ err = json.Unmarshal(rr.Body.Bytes(), &dump)
+ require.NoError(t, err)
+ require.Len(t, dump.Users, 0)
+ require.Len(t, dump.Admins, 0)
+ require.Len(t, dump.Folders, 3)
+ for _, folder := range dump.Folders {
+ switch folder.Name {
+ case folder1:
+ require.Equal(t, "desc folder folder1", folder.Description)
+ require.True(t, strings.HasSuffix(folder.MappedPath, "folder1mappedfolder1path"))
+ case folder2:
+ require.Equal(t, "desc folder folder2", folder.Description)
+ require.True(t, strings.HasSuffix(folder.MappedPath, "folder2mappedfolder2path"))
+ default:
+ require.Equal(t, "desc folder folder3", folder.Description)
+ require.True(t, strings.HasSuffix(folder.MappedPath, "folder3mappedfolder3path"))
+ }
+ }
+
form.Set("fs_provider", "1")
form.Set("s3_bucket", "bucket")
form.Set("s3_region", "us-east-1")
form.Set("s3_access_key", "%name%")
form.Set("s3_access_secret", "pwd%name%")
- form.Set("s3_sse_customer_key", "key%name%")
form.Set("s3_key_prefix", "base/%name%")
b, contentType, _ = getMultipartFormData(form, "", "")
@@ -23167,6 +22061,43 @@ func TestFolderTemplateErrors(t *testing.T) {
form.Set("s3_upload_part_max_time", "0")
form.Set("s3_download_part_size", "6")
form.Set("s3_download_concurrency", "2")
+ b, contentType, _ = getMultipartFormData(form, "", "")
+ req, _ = http.NewRequest(http.MethodPost, webTemplateFolder, &b)
+ setJWTCookieForReq(req, token)
+ req.Header.Set("Content-Type", contentType)
+ rr = executeRequest(req)
+ checkResponseCode(t, http.StatusOK, rr)
+
+ dump = dataprovider.BackupData{
+ Version: dataprovider.DumpVersion,
+ }
+ err = json.Unmarshal(rr.Body.Bytes(), &dump)
+ require.NoError(t, err)
+ require.Len(t, dump.Users, 0)
+ require.Len(t, dump.Admins, 0)
+ require.Len(t, dump.Folders, 3)
+ for _, folder := range dump.Folders {
+ switch folder.Name {
+ case folder1:
+ require.Equal(t, folder1, folder.FsConfig.S3Config.AccessKey)
+ err = folder.FsConfig.S3Config.AccessSecret.Decrypt()
+ require.NoError(t, err)
+ require.Equal(t, fmt.Sprintf("pwd%s", folder1), folder.FsConfig.S3Config.AccessSecret.GetPayload())
+ require.Equal(t, path.Join("base", folder1)+"/", folder.FsConfig.S3Config.KeyPrefix)
+ case folder2:
+ require.Equal(t, folder2, folder.FsConfig.S3Config.AccessKey)
+ err = folder.FsConfig.S3Config.AccessSecret.Decrypt()
+ require.NoError(t, err)
+ require.Equal(t, "pwd"+folder2, folder.FsConfig.S3Config.AccessSecret.GetPayload())
+ require.Equal(t, "base/"+folder2+"/", folder.FsConfig.S3Config.KeyPrefix)
+ default:
+ require.Equal(t, folder3, folder.FsConfig.S3Config.AccessKey)
+ err = folder.FsConfig.S3Config.AccessSecret.Decrypt()
+ require.NoError(t, err)
+ require.Equal(t, "pwd"+folder3, folder.FsConfig.S3Config.AccessSecret.GetPayload())
+ require.Equal(t, "base/"+folder3+"/", folder.FsConfig.S3Config.KeyPrefix)
+ }
+ }
form.Set("template_folders[0][tpl_foldername]", " ")
form.Set("template_folders[1][tpl_foldername]", "")
@@ -23191,67 +22122,12 @@ func TestFolderTemplateErrors(t *testing.T) {
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidHomeDir)
}
-func TestFolderTemplatePermission(t *testing.T) {
- admin := getTestAdmin()
- admin.Username = altAdminUsername
- admin.Password = altAdminPassword
- admin.Permissions = []string{dataprovider.PermAdminChangeUsers, dataprovider.PermAdminAddUsers, dataprovider.PermAdminViewUsers}
- admin, _, err := httpdtest.AddAdmin(admin, http.StatusCreated)
- assert.NoError(t, err)
- // no permission to view or add folders from templates
- token, err := getJWTWebTokenFromTestServer(altAdminUsername, altAdminPassword)
- assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webTemplateUser, token)
- assert.NoError(t, err)
-
- req, err := http.NewRequest(http.MethodGet, webTemplateFolder, nil)
- assert.NoError(t, err)
- req.RequestURI = webTemplateFolder
- setJWTCookieForReq(req, token)
- rr := executeRequest(req)
- checkResponseCode(t, http.StatusForbidden, rr)
-
- form := make(url.Values)
- form.Set("name", "name")
- form.Set("mapped_path", filepath.Join(os.TempDir(), "%name%"))
- form.Set("description", "desc folder %name%")
- form.Set("template_folders[0][tpl_foldername]", "folder1")
- form.Set("template_folders[1][tpl_foldername]", "folder2")
- form.Set(csrfFormToken, csrfToken)
- b, contentType, _ := getMultipartFormData(form, "", "")
- req, err = http.NewRequest(http.MethodPost, webTemplateFolder, &b)
- assert.NoError(t, err)
- setJWTCookieForReq(req, token)
- req.Header.Set("Content-Type", contentType)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusForbidden, rr)
-
- admin.Permissions = append(admin.Permissions, dataprovider.PermAdminManageFolders)
- _, _, err = httpdtest.UpdateAdmin(admin, http.StatusOK)
- assert.NoError(t, err)
-
- token, err = getJWTWebTokenFromTestServer(altAdminUsername, altAdminPassword)
- assert.NoError(t, err)
- _, err = getCSRFTokenFromInternalPageMock(webTemplateUser, token)
- assert.NoError(t, err)
-
- req, err = http.NewRequest(http.MethodGet, webTemplateFolder, nil)
- assert.NoError(t, err)
- req.RequestURI = webTemplateFolder
- setJWTCookieForReq(req, token)
- rr = executeRequest(req)
- checkResponseCode(t, http.StatusOK, rr)
-
- _, err = httpdtest.RemoveAdmin(admin, http.StatusOK)
- assert.NoError(t, err)
-}
-
func TestWebUserS3Mock(t *testing.T) {
webToken, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
apiToken, err := getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webUserPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
user := getTestUser()
userAsJSON := getUserAsJSON(t, user)
@@ -23268,7 +22144,6 @@ func TestWebUserS3Mock(t *testing.T) {
user.FsConfig.S3Config.Region = "eu-west-1"
user.FsConfig.S3Config.AccessKey = "access-key"
user.FsConfig.S3Config.AccessSecret = kms.NewPlainSecret("access-secret")
- user.FsConfig.S3Config.SSECustomerKey = kms.NewPlainSecret("enc-key")
user.FsConfig.S3Config.RoleARN = "arn:aws:iam::123456789012:user/Development/product_1234/*"
user.FsConfig.S3Config.Endpoint = "http://127.0.0.1:9000/path?a=b"
user.FsConfig.S3Config.StorageClass = "Standard"
@@ -23309,7 +22184,6 @@ func TestWebUserS3Mock(t *testing.T) {
form.Set("s3_region", user.FsConfig.S3Config.Region)
form.Set("s3_access_key", user.FsConfig.S3Config.AccessKey)
form.Set("s3_access_secret", user.FsConfig.S3Config.AccessSecret.GetPayload())
- form.Set("s3_sse_customer_key", user.FsConfig.S3Config.SSECustomerKey.GetPayload())
form.Set("s3_role_arn", user.FsConfig.S3Config.RoleARN)
form.Set("s3_storage_class", user.FsConfig.S3Config.StorageClass)
form.Set("s3_acl", user.FsConfig.S3Config.ACL)
@@ -23434,10 +22308,6 @@ func TestWebUserS3Mock(t *testing.T) {
assert.NotEmpty(t, updateUser.FsConfig.S3Config.AccessSecret.GetPayload())
assert.Empty(t, updateUser.FsConfig.S3Config.AccessSecret.GetKey())
assert.Empty(t, updateUser.FsConfig.S3Config.AccessSecret.GetAdditionalData())
- assert.Equal(t, sdkkms.SecretStatusSecretBox, updateUser.FsConfig.S3Config.SSECustomerKey.GetStatus())
- assert.NotEmpty(t, updateUser.FsConfig.S3Config.SSECustomerKey.GetPayload())
- assert.Empty(t, updateUser.FsConfig.S3Config.SSECustomerKey.GetKey())
- assert.Empty(t, updateUser.FsConfig.S3Config.SSECustomerKey.GetAdditionalData())
assert.Equal(t, user.Description, updateUser.Description)
assert.True(t, updateUser.Filters.Hooks.PreLoginDisabled)
assert.False(t, updateUser.Filters.Hooks.ExternalAuthDisabled)
@@ -23447,7 +22317,6 @@ func TestWebUserS3Mock(t *testing.T) {
assert.Equal(t, 1, updateUser.Filters.FTPSecurity)
// now check that a redacted password is not saved
form.Set("s3_access_secret", redactedSecret)
- form.Set("s3_sse_customer_key", redactedSecret)
b, contentType, _ = getMultipartFormData(form, "", "")
req, _ = http.NewRequest(http.MethodPost, path.Join(webUserPath, user.Username), &b)
setJWTCookieForReq(req, webToken)
@@ -23466,15 +22335,10 @@ func TestWebUserS3Mock(t *testing.T) {
assert.Equal(t, updateUser.FsConfig.S3Config.AccessSecret.GetPayload(), lastUpdatedUser.FsConfig.S3Config.AccessSecret.GetPayload())
assert.Empty(t, lastUpdatedUser.FsConfig.S3Config.AccessSecret.GetKey())
assert.Empty(t, lastUpdatedUser.FsConfig.S3Config.AccessSecret.GetAdditionalData())
- assert.Equal(t, sdkkms.SecretStatusSecretBox, lastUpdatedUser.FsConfig.S3Config.SSECustomerKey.GetStatus())
- assert.Equal(t, updateUser.FsConfig.S3Config.SSECustomerKey.GetPayload(), lastUpdatedUser.FsConfig.S3Config.SSECustomerKey.GetPayload())
- assert.Empty(t, lastUpdatedUser.FsConfig.S3Config.SSECustomerKey.GetKey())
- assert.Empty(t, lastUpdatedUser.FsConfig.S3Config.SSECustomerKey.GetAdditionalData())
assert.Equal(t, lastPwdChange, lastUpdatedUser.LastPasswordChange)
// now clear credentials
form.Set("s3_access_key", "")
form.Set("s3_access_secret", "")
- form.Set("s3_sse_customer_key", "")
b, contentType, _ = getMultipartFormData(form, "", "")
req, _ = http.NewRequest(http.MethodPost, path.Join(webUserPath, user.Username), &b)
setJWTCookieForReq(req, webToken)
@@ -23489,7 +22353,6 @@ func TestWebUserS3Mock(t *testing.T) {
err = render.DecodeJSON(rr.Body, &userGet)
assert.NoError(t, err)
assert.Nil(t, userGet.FsConfig.S3Config.AccessSecret)
- assert.Nil(t, userGet.FsConfig.S3Config.SSECustomerKey)
req, _ = http.NewRequest(http.MethodDelete, path.Join(userPath, user.Username), nil)
setBearerForReq(req, apiToken)
@@ -23502,7 +22365,7 @@ func TestWebUserGCSMock(t *testing.T) {
assert.NoError(t, err)
apiToken, err := getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webUserPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
user := getTestUser()
userAsJSON := getUserAsJSON(t, user)
@@ -23630,7 +22493,7 @@ func TestWebUserHTTPFsMock(t *testing.T) {
assert.NoError(t, err)
apiToken, err := getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webUserPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
user := getTestUser()
userAsJSON := getUserAsJSON(t, user)
@@ -23757,7 +22620,7 @@ func TestWebUserAzureBlobMock(t *testing.T) {
assert.NoError(t, err)
apiToken, err := getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webUserPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
user := getTestUser()
userAsJSON := getUserAsJSON(t, user)
@@ -23954,7 +22817,7 @@ func TestWebUserCryptMock(t *testing.T) {
assert.NoError(t, err)
apiToken, err := getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webUserPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
user := getTestUser()
userAsJSON := getUserAsJSON(t, user)
@@ -24061,7 +22924,7 @@ func TestWebUserSFTPFsMock(t *testing.T) {
assert.NoError(t, err)
apiToken, err := getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webUserPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
user := getTestUser()
userAsJSON := getUserAsJSON(t, user)
@@ -24217,7 +23080,7 @@ func TestWebUserRole(t *testing.T) {
assert.NoError(t, err)
webToken, err := getJWTWebTokenFromTestServer(altAdminUsername, altAdminPassword)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webUserPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
user := getTestUser()
form := make(url.Values)
@@ -24280,7 +23143,7 @@ func TestWebEventAction(t *testing.T) {
assert.NoError(t, err)
apiToken, err := getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webAdminEventActionPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
action := dataprovider.BaseEventAction{
Name: "web_action_http",
@@ -24306,7 +23169,7 @@ func TestWebEventAction(t *testing.T) {
Value: "value1",
},
},
- Body: `{"event":"{{.Event}}","name":"{{.Name}}"}`,
+ Body: `{"event":"{{Event}}","name":"{{Name}}"}`,
},
},
}
@@ -24425,12 +23288,12 @@ func TestWebEventAction(t *testing.T) {
form.Del("http_headers[0][http_header_key]")
form.Del("http_headers[0][http_header_val]")
form.Set("multipart_body[0][http_part_name]", "part1")
- form.Set("multipart_body[0][http_part_file]", "{{.VirtualPath}}")
+ form.Set("multipart_body[0][http_part_file]", "{{VirtualPath}}")
form.Set("multipart_body[0][http_part_body]", "")
form.Set("multipart_body[0][http_part_headers]", "X-MyHeader: a:b,c")
form.Set("multipart_body[12][http_part_name]", "part2")
form.Set("multipart_body[12][http_part_headers]", "Content-Type:application/json \r\n")
- form.Set("multipart_body[12][http_part_body]", "{{.ObjectData}}")
+ form.Set("multipart_body[12][http_part_body]", "{{ObjectData}}")
req, err = http.NewRequest(http.MethodPost, path.Join(webAdminEventActionPath, action.Name),
bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
@@ -24447,12 +23310,12 @@ func TestWebEventAction(t *testing.T) {
assert.Equal(t, 0, dbAction.Options.HTTPConfig.Timeout)
if assert.Len(t, dbAction.Options.HTTPConfig.Parts, 2) {
assert.Equal(t, "part1", dbAction.Options.HTTPConfig.Parts[0].Name)
- assert.Equal(t, "/{{.VirtualPath}}", dbAction.Options.HTTPConfig.Parts[0].Filepath)
+ assert.Equal(t, "/{{VirtualPath}}", dbAction.Options.HTTPConfig.Parts[0].Filepath)
assert.Empty(t, dbAction.Options.HTTPConfig.Parts[0].Body)
assert.Equal(t, "X-MyHeader", dbAction.Options.HTTPConfig.Parts[0].Headers[0].Key)
assert.Equal(t, "a:b,c", dbAction.Options.HTTPConfig.Parts[0].Headers[0].Value)
assert.Equal(t, "part2", dbAction.Options.HTTPConfig.Parts[1].Name)
- assert.Equal(t, "{{.ObjectData}}", dbAction.Options.HTTPConfig.Parts[1].Body)
+ assert.Equal(t, "{{ObjectData}}", dbAction.Options.HTTPConfig.Parts[1].Body)
assert.Empty(t, dbAction.Options.HTTPConfig.Parts[1].Filepath)
assert.Equal(t, "Content-Type", dbAction.Options.HTTPConfig.Parts[1].Headers[0].Key)
assert.Equal(t, "application/json", dbAction.Options.HTTPConfig.Parts[1].Headers[0].Value)
@@ -24685,19 +23548,16 @@ func TestWebEventAction(t *testing.T) {
action.Options.FsConfig = dataprovider.EventActionFilesystemConfig{
Type: dataprovider.FilesystemActionRename,
- Renames: []dataprovider.RenameConfig{
+ Renames: []dataprovider.KeyValue{
{
- KeyValue: dataprovider.KeyValue{
- Key: "/src",
- Value: "/target",
- },
+ Key: "/src",
+ Value: "/target",
},
},
}
form.Set("fs_action_type", fmt.Sprintf("%d", action.Options.FsConfig.Type))
form.Set("fs_rename[0][fs_rename_source]", action.Options.FsConfig.Renames[0].Key)
form.Set("fs_rename[0][fs_rename_target]", action.Options.FsConfig.Renames[0].Value)
- form.Set("fs_rename[0][fs_rename_options][]", "1")
req, err = http.NewRequest(http.MethodPost, path.Join(webAdminEventActionPath, action.Name),
bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
@@ -24709,9 +23569,7 @@ func TestWebEventAction(t *testing.T) {
actionGet, _, err = httpdtest.GetEventActionByName(action.Name, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, action.Type, actionGet.Type)
- if assert.Len(t, actionGet.Options.FsConfig.Renames, 1) {
- assert.True(t, actionGet.Options.FsConfig.Renames[0].UpdateModTime)
- }
+ assert.Len(t, actionGet.Options.FsConfig.Renames, 1)
action.Options.FsConfig = dataprovider.EventActionFilesystemConfig{
Type: dataprovider.FilesystemActionCopy,
@@ -24833,7 +23691,7 @@ func TestWebEventAction(t *testing.T) {
func TestWebEventRule(t *testing.T) {
webToken, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webAdminEventRulePath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
a := dataprovider.BaseEventAction{
Name: "web_action",
@@ -25151,7 +24009,7 @@ func TestWebEventRule(t *testing.T) {
func TestWebIPListEntries(t *testing.T) {
webToken, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webUserPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
req, err := http.NewRequest(http.MethodGet, webIPListPath+"/mode", nil)
@@ -25338,7 +24196,7 @@ func TestWebIPListEntries(t *testing.T) {
func TestWebRole(t *testing.T) {
webToken, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webAdminRolePath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
role := getTestRole()
form := make(url.Values)
@@ -25444,12 +24302,84 @@ func TestWebRole(t *testing.T) {
assert.NoError(t, err)
}
+func TestNameParamSingleSlash(t *testing.T) {
+ err := dataprovider.Close()
+ assert.NoError(t, err)
+ err = config.LoadConfig(configDir, "")
+ assert.NoError(t, err)
+ providerConf := config.GetProviderConf()
+ providerConf.NamingRules = 5
+ err = dataprovider.Initialize(providerConf, configDir, true)
+ assert.NoError(t, err)
+
+ webToken, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
+ assert.NoError(t, err)
+ apiToken, err := getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
+ assert.NoError(t, err)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
+ assert.NoError(t, err)
+ group := getTestGroup()
+ group.Name = "/"
+ form := make(url.Values)
+ form.Set("name", group.Name)
+ form.Set("description", group.Description)
+ form.Set("max_sessions", "0")
+ form.Set("quota_files", "0")
+ form.Set("quota_size", "0")
+ form.Set("upload_bandwidth", "0")
+ form.Set("download_bandwidth", "0")
+ form.Set("upload_data_transfer", "0")
+ form.Set("download_data_transfer", "0")
+ form.Set("total_data_transfer", "0")
+ form.Set("max_upload_file_size", "0")
+ form.Set("default_shares_expiration", "0")
+ form.Set("max_shares_expiration", "0")
+ form.Set("password_expiration", "0")
+ form.Set("password_strength", "0")
+ form.Set("expires_in", "0")
+ form.Set("external_auth_cache_time", "0")
+ form.Set(csrfFormToken, csrfToken)
+ b, contentType, err := getMultipartFormData(form, "", "")
+ assert.NoError(t, err)
+ req, err := http.NewRequest(http.MethodPost, webGroupPath, &b)
+ assert.NoError(t, err)
+ req.Header.Set("Content-Type", contentType)
+ setJWTCookieForReq(req, webToken)
+ rr := executeRequest(req)
+ checkResponseCode(t, http.StatusSeeOther, rr)
+
+ groupGet, _, err := httpdtest.GetGroupByName(group.Name, http.StatusOK)
+ assert.NoError(t, err)
+ assert.Equal(t, "/", groupGet.Name)
+ // check strip slash
+ req, err = http.NewRequest(http.MethodGet, webGroupsPath+"/", nil)
+ assert.NoError(t, err)
+ setJWTCookieForReq(req, webToken)
+ rr = executeRequest(req)
+ checkResponseCode(t, http.StatusOK, rr)
+ // cleanup
+ req, err = http.NewRequest(http.MethodDelete, groupPath+"/"+url.PathEscape(group.Name), nil)
+ assert.NoError(t, err)
+ setBearerForReq(req, apiToken)
+ rr = executeRequest(req)
+ checkResponseCode(t, http.StatusOK, rr)
+
+ err = dataprovider.Close()
+ assert.NoError(t, err)
+ err = config.LoadConfig(configDir, "")
+ assert.NoError(t, err)
+ providerConf = config.GetProviderConf()
+ providerConf.BackupsPath = backupsPath
+ err = dataprovider.Initialize(providerConf, configDir, true)
+ assert.NoError(t, err)
+}
+
func TestAddWebGroup(t *testing.T) {
webToken, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
apiToken, err := getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webGroupPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
group := getTestGroup()
group.UserSettings = dataprovider.GroupUserSettings{
@@ -25635,7 +24565,7 @@ func TestAddWebFoldersMock(t *testing.T) {
assert.NoError(t, err)
apiToken, err := getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webFolderPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
mappedPath := filepath.Clean(os.TempDir())
folderName := filepath.Base(mappedPath)
@@ -25713,7 +24643,7 @@ func TestHTTPFsWebFolderMock(t *testing.T) {
assert.NoError(t, err)
apiToken, err := getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webFolderPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
mappedPath := filepath.Clean(os.TempDir())
folderName := filepath.Base(mappedPath)
@@ -25808,7 +24738,7 @@ func TestS3WebFolderMock(t *testing.T) {
assert.NoError(t, err)
apiToken, err := getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webFolderPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
mappedPath := filepath.Clean(os.TempDir())
folderName := filepath.Base(mappedPath)
@@ -25817,7 +24747,6 @@ func TestS3WebFolderMock(t *testing.T) {
S3Region := "eu-west-1"
S3AccessKey := "access-key"
S3AccessSecret := kms.NewPlainSecret("folder-access-secret")
- S3SSEKey := kms.NewPlainSecret("folder-sse-key")
S3SessionToken := "fake session token"
S3RoleARN := "arn:aws:iam::123456789012:user/Development/product_1234/*"
S3Endpoint := "http://127.0.0.1:9000/path?b=c"
@@ -25839,7 +24768,6 @@ func TestS3WebFolderMock(t *testing.T) {
form.Set("s3_region", S3Region)
form.Set("s3_access_key", S3AccessKey)
form.Set("s3_access_secret", S3AccessSecret.GetPayload())
- form.Set("s3_sse_customer_key", S3SSEKey.GetPayload())
form.Set("s3_session_token", S3SessionToken)
form.Set("s3_role_arn", S3RoleARN)
form.Set("s3_storage_class", S3StorageClass)
@@ -25887,7 +24815,6 @@ func TestS3WebFolderMock(t *testing.T) {
assert.Equal(t, S3Region, folder.FsConfig.S3Config.Region)
assert.Equal(t, S3AccessKey, folder.FsConfig.S3Config.AccessKey)
assert.NotEmpty(t, folder.FsConfig.S3Config.AccessSecret.GetPayload())
- assert.NotEmpty(t, folder.FsConfig.S3Config.SSECustomerKey.GetPayload())
assert.Equal(t, S3Endpoint, folder.FsConfig.S3Config.Endpoint)
assert.Equal(t, S3StorageClass, folder.FsConfig.S3Config.StorageClass)
assert.Equal(t, S3ACL, folder.FsConfig.S3Config.ACL)
@@ -25938,7 +24865,6 @@ func TestS3WebFolderMock(t *testing.T) {
assert.Equal(t, S3AccessKey, folder.FsConfig.S3Config.AccessKey)
assert.Equal(t, S3RoleARN, folder.FsConfig.S3Config.RoleARN)
assert.NotEmpty(t, folder.FsConfig.S3Config.AccessSecret.GetPayload())
- assert.NotEmpty(t, folder.FsConfig.S3Config.SSECustomerKey.GetPayload())
assert.Equal(t, S3Endpoint, folder.FsConfig.S3Config.Endpoint)
assert.Equal(t, S3StorageClass, folder.FsConfig.S3Config.StorageClass)
assert.Equal(t, S3KeyPrefix, folder.FsConfig.S3Config.KeyPrefix)
@@ -25957,7 +24883,7 @@ func TestUpdateWebGroupMock(t *testing.T) {
assert.NoError(t, err)
apiToken, err := getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webGroupPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
group, _, err := httpdtest.AddGroup(getTestGroup(), http.StatusCreated)
assert.NoError(t, err)
@@ -26062,7 +24988,7 @@ func TestUpdateWebFolderMock(t *testing.T) {
assert.NoError(t, err)
apiToken, err := getJWTAPITokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webFolderPath, webToken)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
folderName := "vfolderupdate"
folderDesc := "updated desc"
@@ -26279,7 +25205,7 @@ func TestAdminForgotPassword(t *testing.T) {
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
- loginCookie, csrfToken, err := getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
form := make(url.Values)
@@ -26288,7 +25214,6 @@ func TestAdminForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusForbidden, rr.Code)
@@ -26297,7 +25222,6 @@ func TestAdminForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -26313,11 +25237,10 @@ func TestAdminForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
- assert.Len(t, lastResetCode, 0)
+ assert.GreaterOrEqual(t, len(lastResetCode), 0)
admin.Status = 1
admin, _, err = httpdtest.UpdateAdmin(admin, http.StatusOK)
@@ -26326,7 +25249,6 @@ func TestAdminForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
@@ -26336,7 +25258,6 @@ func TestAdminForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminResetPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusForbidden, rr.Code)
@@ -26345,7 +25266,6 @@ func TestAdminForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminResetPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -26356,7 +25276,6 @@ func TestAdminForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminResetPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -26369,7 +25288,6 @@ func TestAdminForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminResetPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -26382,19 +25300,14 @@ func TestAdminForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminResetPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
- form.Set(csrfFormToken, csrfToken)
form.Set("username", altAdminUsername)
req, err = http.NewRequest(http.MethodPost, webAdminForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
@@ -26416,7 +25329,6 @@ func TestAdminForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -26431,7 +25343,6 @@ func TestAdminForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webAdminForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -26486,25 +25397,22 @@ func TestUserForgotPassword(t *testing.T) {
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
- loginCookie, csrfToken, err := getCSRFTokenMock(webClientLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
-
form := make(url.Values)
form.Set("username", "")
// no csrf token
req, err = http.NewRequest(http.MethodPost, webClientForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusForbidden, rr.Code)
// empty username
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
+ assert.NoError(t, err)
form.Set(csrfFormToken, csrfToken)
req, err = http.NewRequest(http.MethodPost, webClientForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -26514,7 +25422,6 @@ func TestUserForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webClientForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -26528,11 +25435,10 @@ func TestUserForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webClientForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
- assert.Len(t, lastResetCode, 0)
+ assert.GreaterOrEqual(t, len(lastResetCode), 0)
user.ExpirationDate = util.GetTimeAsMsSinceEpoch(time.Now().Add(24 * time.Hour))
user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "")
@@ -26540,12 +25446,11 @@ func TestUserForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webClientForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
assert.GreaterOrEqual(t, len(lastResetCode), 20)
- // no login token
+ // no csrf token
form = make(url.Values)
req, err = http.NewRequest(http.MethodPost, webClientResetPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
@@ -26560,7 +25465,6 @@ func TestUserForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webClientResetPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -26571,7 +25475,6 @@ func TestUserForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webClientResetPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -26582,7 +25485,6 @@ func TestUserForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webClientResetPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -26595,7 +25497,6 @@ func TestUserForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webClientResetPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -26607,13 +25508,10 @@ func TestUserForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webClientResetPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
- loginCookie, csrfToken, err = getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
- assert.NoError(t, err)
form = make(url.Values)
form.Set(csrfFormToken, csrfToken)
form.Set("username", user.Username)
@@ -26621,7 +25519,6 @@ func TestUserForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webClientForgotPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusFound, rr.Code)
@@ -26654,7 +25551,6 @@ func TestUserForgotPassword(t *testing.T) {
req, err = http.NewRequest(http.MethodPost, webClientResetPwdPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -26851,7 +25747,7 @@ func TestAPIForgotPassword(t *testing.T) {
func TestProviderClosedMock(t *testing.T) {
token, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err)
- csrfToken, err := getCSRFTokenFromInternalPageMock(webConfigsPath, token)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
// create a role admin
role, resp, err := httpdtest.AddRole(getTestRole(), http.StatusCreated)
@@ -27060,7 +25956,7 @@ func TestWebConnectionsMock(t *testing.T) {
checkResponseCode(t, http.StatusForbidden, rr)
assert.Contains(t, rr.Body.String(), "Invalid token")
- csrfToken, err := getCSRFTokenFromInternalPageMock(webUserPath, token)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
assert.NoError(t, err)
req, _ = http.NewRequest(http.MethodDelete, path.Join(webConnectionsPath, "id"), nil)
setJWTCookieForReq(req, token)
@@ -27098,7 +25994,7 @@ func TestGetWebStatusMock(t *testing.T) {
}
func TestStaticFilesMock(t *testing.T) {
- req, err := http.NewRequest(http.MethodGet, "/static/favicon.png", nil)
+ req, err := http.NewRequest(http.MethodGet, "/static/favicon.ico", nil)
assert.NoError(t, err)
rr := executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
@@ -27191,63 +26087,12 @@ func TestSecondFactorRequirements(t *testing.T) {
assert.False(t, user.MustSetSecondFactorForProtocol(common.ProtocolSSH))
}
-func TestIsNameValid(t *testing.T) {
- tests := []struct {
- name string
- input string
- expected bool
- }{
- {"simple name", "user", true},
- {"alphanumeric", "User123", true},
- {"unicode allowed", "你好", true},
- {"emoji allowed", "user😊", true},
- {"name with dot", "file.txt", true},
- {"name with multiple dots", "archive.tar.gz", true},
- {"control char", "abc\u0001", false},
- {"newline", "abc\n", false},
- {"tab", "abc\t", false},
- {"slash", "user/name", false},
- {"backslash", "user\\name", false},
- {"colon", "user:name", false},
- {"single dot", ".", false},
- {"double dot", "..", false},
- {"dot with suffix allowed", ".hidden", true},
- {"name ending with dot", "file.", false},
- {"name ending with space", "file ", false},
- {"CON", "CON", false},
- {"con lowercase", "con", false},
- {"con with extension", "con.txt", false},
- {"LPT1", "LPT1", false},
- {"lpt1 lowercase", "lpt1", false},
- {"COM5 uppercase", "COM5", false},
- {"com9 with extension", "com9.log", false},
- {"NUL", "NUL", false},
- {"Valid because suffix changes base", "con123", true},
- {"base name split", "aux.pdf", false},
- {"valid long name", "auxiliary", true},
- {"space only", " ", false},
- {"dot inside", "ab.cd.ef", true},
- {"unicode that ends with dot", "你好.", false},
- {"unicode that ends with space", "你好 ", false},
- }
-
- for _, tt := range tests {
- t.Run(tt.name, func(t *testing.T) {
- result := util.IsNameValid(tt.input)
- if result != tt.expected {
- t.Errorf("IsNameValid(%q) = %v, expected %v", tt.input, result, tt.expected)
- }
- })
- }
-}
-
func startOIDCMockServer() {
go func() {
http.HandleFunc("/", func(w http.ResponseWriter, _ *http.Request) {
fmt.Fprintf(w, "OK\n")
})
http.HandleFunc("/auth/realms/sftpgo/.well-known/openid-configuration", func(w http.ResponseWriter, _ *http.Request) {
- w.Header().Set("Content-Type", "application/json")
fmt.Fprintf(w, `{"issuer":"http://127.0.0.1:11111/auth/realms/sftpgo","authorization_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/auth","token_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/token","introspection_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/token/introspect","userinfo_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/userinfo","end_session_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/logout","frontchannel_logout_session_supported":true,"frontchannel_logout_supported":true,"jwks_uri":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/certs","check_session_iframe":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials","urn:ietf:params:oauth:grant-type:device_code","urn:openid:params:grant-type:ciba"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"id_token_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"userinfo_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"request_object_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"request_object_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"request_object_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"response_modes_supported":["query","fragment","form_post","query.jwt","fragment.jwt","form_post.jwt","jwt"],"registration_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"introspection_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"introspection_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"authorization_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"authorization_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"authorization_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"claims_supported":["aud","sub","iss","auth_time","name","given_name","family_name","preferred_username","email","acr"],"claim_types_supported":["normal"],"claims_parameter_supported":true,"scopes_supported":["openid","phone","email","web-origins","offline_access","microprofile-jwt","profile","address","roles"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"code_challenge_methods_supported":["plain","S256"],"tls_client_certificate_bound_access_tokens":true,"revocation_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/revoke","revocation_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"revocation_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"backchannel_logout_supported":true,"backchannel_logout_session_supported":true,"device_authorization_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/auth/device","backchannel_token_delivery_modes_supported":["poll","ping"],"backchannel_authentication_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/ext/ciba/auth","backchannel_authentication_request_signing_alg_values_supported":["PS384","ES384","RS384","ES256","RS256","ES512","PS256","PS512","RS512"],"require_pushed_authorization_requests":false,"pushed_authorization_request_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/ext/par/request","mtls_endpoint_aliases":{"token_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/token","revocation_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/revoke","introspection_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/token/introspect","device_authorization_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/auth/device","registration_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/clients-registrations/openid-connect","userinfo_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/userinfo","pushed_authorization_request_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/ext/par/request","backchannel_authentication_endpoint":"http://127.0.0.1:11111/auth/realms/sftpgo/protocol/openid-connect/ext/ciba/auth"}}`)
})
http.HandleFunc("/404", func(w http.ResponseWriter, _ *http.Request) {
@@ -27386,53 +26231,29 @@ func getUserAsJSON(t *testing.T, user dataprovider.User) []byte {
return json
}
-func getCSRFTokenFromInternalPageMock(urlPath, token string) (string, error) {
- req, err := http.NewRequest(http.MethodGet, urlPath, nil)
+func getCSRFTokenMock(loginURLPath, remoteAddr string) (string, error) {
+ req, err := http.NewRequest(http.MethodGet, loginURLPath, nil)
if err != nil {
return "", err
}
- req.RequestURI = urlPath
- setJWTCookieForReq(req, token)
- rr := executeRequest(req)
- if rr.Code != http.StatusOK {
- return "", fmt.Errorf("unexpected status code: %d", rr.Code)
- }
- return getCSRFTokenFromBody(rr.Body)
-}
-
-func getCSRFTokenMock(loginURLPath, remoteAddr string) (string, string, error) {
- req, err := http.NewRequest(http.MethodGet, loginURLPath, nil)
- if err != nil {
- return "", "", err
- }
req.RemoteAddr = remoteAddr
rr := executeRequest(req)
- cookie := rr.Header().Get("Set-Cookie")
- if cookie == "" {
- return "", "", errors.New("unable to get login cookie")
- }
- token, err := getCSRFTokenFromBody(bytes.NewBuffer(rr.Body.Bytes()))
- return cookie, token, err
+ return getCSRFTokenFromBody(bytes.NewBuffer(rr.Body.Bytes()))
}
-func getCSRFToken(url string) (string, string, error) {
+func getCSRFToken(url string) (string, error) {
req, err := http.NewRequest(http.MethodGet, url, nil)
if err != nil {
- return "", "", err
+ return "", err
}
resp, err := httpclient.GetHTTPClient().Do(req)
if err != nil {
- return "", "", err
- }
- cookie := resp.Header.Get("Set-Cookie")
- if cookie == "" {
- return "", "", errors.New("no login cookie")
+ return "", err
}
defer resp.Body.Close()
- token, err := getCSRFTokenFromBody(resp.Body)
- return cookie, token, err
+ return getCSRFTokenFromBody(resp.Body)
}
func getCSRFTokenFromBody(body io.Reader) (string, error) {
@@ -27468,10 +26289,6 @@ func getCSRFTokenFromBody(body io.Reader) (string, error) {
f(doc)
- if csrfToken == "" {
- return "", errors.New("CSRF token not found")
- }
-
return csrfToken, nil
}
@@ -27498,10 +26315,6 @@ func setAPIKeyForReq(req *http.Request, apiKey, username string) {
req.Header.Set("X-SFTPGO-API-KEY", apiKey)
}
-func setLoginCookie(req *http.Request, cookie string) {
- req.Header.Set("Cookie", cookie)
-}
-
func setJWTCookieForReq(req *http.Request, jwtToken string) {
req.RemoteAddr = defaultRemoteAddr
req.Header.Set("Cookie", fmt.Sprintf("jwt=%v", jwtToken))
@@ -27545,14 +26358,13 @@ func getJWTAPIUserTokenFromTestServer(username, password string) (string, error)
}
func getJWTWebToken(username, password string) (string, error) {
- loginCookie, csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
if err != nil {
return "", err
}
form := getLoginForm(username, password, csrfToken)
req, _ := http.NewRequest(http.MethodPost, httpBaseURL+webLoginPath,
bytes.NewBuffer([]byte(form.Encode())))
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
client := &http.Client{
Timeout: 10 * time.Second,
@@ -27585,14 +26397,13 @@ func getCookieFromResponse(rr *httptest.ResponseRecorder) (string, error) {
}
func getJWTWebClientTokenFromTestServerWithAddr(username, password, remoteAddr string) (string, error) {
- loginCookie, csrfToken, err := getCSRFTokenMock(webClientLoginPath, remoteAddr)
+ csrfToken, err := getCSRFTokenMock(webClientLoginPath, remoteAddr)
if err != nil {
return "", err
}
form := getLoginForm(username, password, csrfToken)
req, _ := http.NewRequest(http.MethodPost, webClientLoginPath, bytes.NewBuffer([]byte(form.Encode())))
req.RemoteAddr = remoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr := executeRequest(req)
if rr.Code != http.StatusFound {
@@ -27602,14 +26413,13 @@ func getJWTWebClientTokenFromTestServerWithAddr(username, password, remoteAddr s
}
func getJWTWebClientTokenFromTestServer(username, password string) (string, error) {
- loginCookie, csrfToken, err := getCSRFTokenMock(webClientLoginPath, defaultRemoteAddr)
+ csrfToken, err := getCSRFToken(httpBaseURL + webClientLoginPath)
if err != nil {
return "", err
}
form := getLoginForm(username, password, csrfToken)
req, _ := http.NewRequest(http.MethodPost, webClientLoginPath, bytes.NewBuffer([]byte(form.Encode())))
req.RemoteAddr = defaultRemoteAddr
- req.Header.Set("Cookie", loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr := executeRequest(req)
if rr.Code != http.StatusFound {
@@ -27619,14 +26429,13 @@ func getJWTWebClientTokenFromTestServer(username, password string) (string, erro
}
func getJWTWebTokenFromTestServer(username, password string) (string, error) {
- loginCookie, csrfToken, err := getCSRFTokenMock(webLoginPath, defaultRemoteAddr)
+ csrfToken, err := getCSRFToken(httpBaseURL + webLoginPath)
if err != nil {
return "", err
}
form := getLoginForm(username, password, csrfToken)
req, _ := http.NewRequest(http.MethodPost, webLoginPath, bytes.NewBuffer([]byte(form.Encode())))
req.RemoteAddr = defaultRemoteAddr
- setLoginCookie(req, loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr := executeRequest(req)
if rr.Code != http.StatusFound {
@@ -27645,30 +26454,6 @@ func checkResponseCode(t *testing.T, expected int, rr *httptest.ResponseRecorder
assert.Equal(t, expected, rr.Code, rr.Body.String())
}
-func getSftpClient(user dataprovider.User) (*ssh.Client, *sftp.Client, error) {
- var sftpClient *sftp.Client
- config := &ssh.ClientConfig{
- User: user.Username,
- HostKeyCallback: ssh.InsecureIgnoreHostKey(),
- Timeout: 5 * time.Second,
- }
- if user.Password != "" {
- config.Auth = []ssh.AuthMethod{ssh.Password(user.Password)}
- } else {
- config.Auth = []ssh.AuthMethod{ssh.Password(defaultPassword)}
- }
-
- conn, err := ssh.Dial("tcp", sftpServerAddr, config)
- if err != nil {
- return conn, sftpClient, err
- }
- sftpClient, err = sftp.NewClient(conn)
- if err != nil {
- conn.Close()
- }
- return conn, sftpClient, err
-}
-
func createTestFile(path string, size int64) error {
baseDir := filepath.Dir(path)
if _, err := os.Stat(baseDir); errors.Is(err, fs.ErrNotExist) {
@@ -27742,23 +26527,6 @@ func isDbDefenderSupported() bool {
}
}
-func createTestPNG(name string, width, height int, imgColor color.Color) error {
- upLeft := image.Point{0, 0}
- lowRight := image.Point{width, height}
- img := image.NewRGBA(image.Rectangle{upLeft, lowRight})
- for x := 0; x < width; x++ {
- for y := 0; y < height; y++ {
- img.Set(x, y, imgColor)
- }
- }
- f, err := os.Create(name)
- if err != nil {
- return err
- }
- defer f.Close()
- return png.Encode(f, img)
-}
-
func BenchmarkSecretDecryption(b *testing.B) {
s := kms.NewPlainSecret("test data")
s.SetAdditionalData("username")
diff --git a/internal/httpd/internal_test.go b/internal/httpd/internal_test.go
index 987f0263..782a5c84 100644
--- a/internal/httpd/internal_test.go
+++ b/internal/httpd/internal_test.go
@@ -38,21 +38,20 @@ import (
"github.com/go-chi/chi/v5"
"github.com/go-chi/chi/v5/middleware"
- "github.com/go-jose/go-jose/v4"
- josejwt "github.com/go-jose/go-jose/v4/jwt"
+ "github.com/go-chi/jwtauth/v5"
"github.com/klauspost/compress/zip"
+ "github.com/lestrrat-go/jwx/v2/jwa"
+ "github.com/lestrrat-go/jwx/v2/jwt"
"github.com/rs/xid"
"github.com/sftpgo/sdk"
sdkkms "github.com/sftpgo/sdk/kms"
"github.com/sftpgo/sdk/plugin/notifier"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
- "golang.org/x/net/html"
"github.com/drakkan/sftpgo/v2/internal/acme"
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/kms"
"github.com/drakkan/sftpgo/v2/internal/plugin"
"github.com/drakkan/sftpgo/v2/internal/util"
@@ -286,7 +285,6 @@ RKjnkiEZeG4+G91Xu7+HmcBLwV86k5I+tXK9O1Okomr6Zry8oqVcxU5TB6VRS+rA
ubwF00Drdvk2+kDZfxIM137nBiy7wgCJi2Ksm5ihN3dUF6Q0oNPl
-----END RSA PRIVATE KEY-----`
defaultAdminUsername = "admin"
- defaultAdminPass = "password"
defeaultUsername = "test_user"
)
@@ -307,16 +305,6 @@ func (r *failingWriter) Header() http.Header {
return make(http.Header)
}
-type failingJoseSigner struct{}
-
-func (s *failingJoseSigner) Sign(payload []byte) (*jose.JSONWebSignature, error) {
- return nil, errors.New("sign test error")
-}
-
-func (s *failingJoseSigner) Options() jose.SignerOptions {
- return jose.SignerOptions{}
-}
-
func TestShouldBind(t *testing.T) {
c := Conf{
Bindings: []Binding{
@@ -353,7 +341,7 @@ func TestBrandingValidation(t *testing.T) {
},
}
b.checkBranding()
- assert.Equal(t, "/favicon.png", b.Branding.WebAdmin.FaviconPath)
+ assert.Equal(t, "/favicon.ico", b.Branding.WebAdmin.FaviconPath)
assert.Equal(t, "/path1", b.Branding.WebAdmin.LogoPath)
assert.Equal(t, []string{"/my.css"}, b.Branding.WebAdmin.DefaultCSS)
assert.Len(t, b.Branding.WebAdmin.ExtraCSS, 0)
@@ -424,80 +412,9 @@ func TestGCSWebInvalidFormFile(t *testing.T) {
assert.EqualError(t, err, http.ErrNotMultipart.Error())
}
-func TestBrandingInvalidFormFile(t *testing.T) {
- form := make(url.Values)
- req, _ := http.NewRequest(http.MethodPost, webConfigsPath, strings.NewReader(form.Encode()))
- req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
- err := req.ParseForm()
- assert.NoError(t, err)
- _, err = getBrandingConfigFromPostFields(req, &dataprovider.BrandingConfigs{})
- assert.EqualError(t, err, http.ErrNotMultipart.Error())
-}
-
-func TestTokenDuration(t *testing.T) {
- assert.Equal(t, shareTokenDuration, getTokenDuration(tokenAudienceWebShare))
- assert.Equal(t, apiTokenDuration, getTokenDuration(tokenAudienceAPI))
- assert.Equal(t, apiTokenDuration, getTokenDuration(tokenAudienceAPIUser))
- assert.Equal(t, cookieTokenDuration, getTokenDuration(tokenAudienceWebAdmin))
- assert.Equal(t, csrfTokenDuration, getTokenDuration(tokenAudienceCSRF))
- assert.Equal(t, 20*time.Minute, getTokenDuration(""))
-
- updateTokensDuration(30, 660, 360)
- assert.Equal(t, 30*time.Minute, apiTokenDuration)
- assert.Equal(t, 11*time.Hour, cookieTokenDuration)
- assert.Equal(t, 11*time.Hour, csrfTokenDuration)
- assert.Equal(t, 6*time.Hour, shareTokenDuration)
- assert.Equal(t, 11*time.Hour, getMaxCookieDuration())
-
- csrfTokenDuration = 1 * time.Hour
- assert.Equal(t, 11*time.Hour, getMaxCookieDuration())
-}
-
-func TestVerifyCSRFToken(t *testing.T) {
- server := httpdServer{}
- err := server.initializeRouter()
- require.NoError(t, err)
- req, err := http.NewRequest(http.MethodPost, webAdminEventActionPath, nil)
- require.NoError(t, err)
- req = req.WithContext(jwt.NewContext(req.Context(), &jwt.Claims{}, fs.ErrPermission))
-
- rr := httptest.NewRecorder()
- tokenString := createCSRFToken(rr, req, server.csrfTokenAuth, "", webBaseAdminPath)
- assert.NotEmpty(t, tokenString)
-
- claims, err := jwt.VerifyToken(server.csrfTokenAuth, tokenString)
- require.NoError(t, err)
- assert.Empty(t, claims.Ref)
-
- req.Form = url.Values{}
- req.Form.Set(csrfFormToken, tokenString)
- err = verifyCSRFToken(req, server.csrfTokenAuth)
- assert.ErrorIs(t, err, fs.ErrPermission)
-
- req, err = http.NewRequest(http.MethodPost, webAdminEventActionPath, nil)
- require.NoError(t, err)
- req = req.WithContext(jwt.NewContext(req.Context(), &jwt.Claims{Claims: josejwt.Claims{ID: xid.New().String()}}, nil))
- req.Form = url.Values{}
- req.Form.Set(csrfFormToken, tokenString)
- err = verifyCSRFToken(req, server.csrfTokenAuth)
- assert.ErrorContains(t, err, "unexpected form token")
-
- claims = jwt.NewClaims(tokenAudienceCSRF, "", getTokenDuration(tokenAudienceCSRF))
- tokenString, err = josejwt.Signed(server.csrfTokenAuth.Signer()).Claims(claims).Serialize()
- assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodPost, webAdminEventActionPath, nil)
- require.NoError(t, err)
- req = req.WithContext(jwt.NewContext(req.Context(), &jwt.Claims{Claims: josejwt.Claims{ID: xid.New().String()}}, nil))
- req.Form = url.Values{}
- req.Form.Set(csrfFormToken, tokenString)
- err = verifyCSRFToken(req, server.csrfTokenAuth)
- assert.ErrorContains(t, err, "the form token is not valid")
-}
-
func TestInvalidToken(t *testing.T) {
server := httpdServer{}
- err := server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
admin := dataprovider.Admin{
Username: "admin",
}
@@ -508,7 +425,7 @@ func TestInvalidToken(t *testing.T) {
rctx := chi.NewRouteContext()
rctx.URLParams.Add("username", admin.Username)
req = req.WithContext(context.WithValue(req.Context(), chi.RouteCtxKey, rctx))
- req = req.WithContext(context.WithValue(req.Context(), jwt.ErrorCtxKey, errFake))
+ req = req.WithContext(context.WithValue(req.Context(), jwtauth.ErrorCtxKey, errFake))
rr := httptest.NewRecorder()
updateAdmin(rr, req)
assert.Equal(t, http.StatusBadRequest, rr.Code)
@@ -524,7 +441,7 @@ func TestInvalidToken(t *testing.T) {
assert.NoError(t, err)
req, _ = http.NewRequest(http.MethodPut, "", bytes.NewBuffer(asJSON))
req = req.WithContext(context.WithValue(req.Context(), chi.RouteCtxKey, rctx))
- req = req.WithContext(context.WithValue(req.Context(), jwt.ErrorCtxKey, errFake))
+ req = req.WithContext(context.WithValue(req.Context(), jwtauth.ErrorCtxKey, errFake))
rr = httptest.NewRecorder()
changeAdminPassword(rr, req)
assert.Equal(t, http.StatusInternalServerError, rr.Code)
@@ -989,218 +906,78 @@ func TestInvalidToken(t *testing.T) {
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidToken)
}
-func TestTokenSignatureValidation(t *testing.T) {
- tokenValidationMode = 0
- server := httpdServer{
- binding: Binding{
- Address: "",
- Port: 8080,
- EnableWebAdmin: true,
- EnableWebClient: true,
- EnableRESTAPI: true,
- },
- enableWebAdmin: true,
- enableWebClient: true,
- enableRESTAPI: true,
- }
- err := server.initializeRouter()
- require.NoError(t, err)
- testServer := httptest.NewServer(server.router)
- defer testServer.Close()
-
- rr := httptest.NewRecorder()
- req, err := http.NewRequest(http.MethodGet, tokenPath, nil)
- require.NoError(t, err)
- req.SetBasicAuth(defaultAdminUsername, defaultAdminPass)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusOK, rr.Code)
- var resp map[string]any
- err = json.Unmarshal(rr.Body.Bytes(), &resp)
- assert.NoError(t, err)
- accessToken := resp["access_token"]
- require.NotEmpty(t, accessToken)
-
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodGet, versionPath, nil)
- require.NoError(t, err)
- req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", accessToken))
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusOK, rr.Code)
- // change the token validation mode
- tokenValidationMode = 2
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodGet, versionPath, nil)
- require.NoError(t, err)
- req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", accessToken))
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusOK, rr.Code)
- // Now update the admin
- admin, err := dataprovider.AdminExists(defaultAdminUsername)
- assert.NoError(t, err)
- err = dataprovider.UpdateAdmin(&admin, "", "", "")
- assert.NoError(t, err)
- // token validation mode is 0, the old token is still valid
- tokenValidationMode = 0
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodGet, versionPath, nil)
- require.NoError(t, err)
- req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", accessToken))
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusOK, rr.Code)
- // change the token validation mode
- tokenValidationMode = 2
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodGet, versionPath, nil)
- require.NoError(t, err)
- req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", accessToken))
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusUnauthorized, rr.Code)
- // the token is invalidated, changing the validation mode has no effect
- tokenValidationMode = 0
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodGet, versionPath, nil)
- require.NoError(t, err)
- req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", accessToken))
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusUnauthorized, rr.Code)
-
- userPwd := "pwd"
- user := dataprovider.User{
- BaseUser: sdk.BaseUser{
- Username: defeaultUsername,
- Password: userPwd,
- HomeDir: filepath.Join(os.TempDir(), defeaultUsername),
- Status: 1,
- },
- }
- user.Permissions = make(map[string][]string)
- user.Permissions["/"] = []string{dataprovider.PermAny}
- err = dataprovider.AddUser(&user, "", "", "")
- assert.NoError(t, err)
-
- defer func() {
- dataprovider.DeleteUser(defeaultUsername, "", "", "") //nolint:errcheck
- }()
-
- tokenValidationMode = 2
- req, err = http.NewRequest(http.MethodGet, webClientLoginPath, nil)
- require.NoError(t, err)
- rr = httptest.NewRecorder()
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusOK, rr.Code)
- loginCookie := strings.Split(rr.Header().Get("Set-Cookie"), ";")[0]
- assert.NotEmpty(t, loginCookie)
- csrfToken, err := getCSRFTokenFromBody(rr.Body)
- assert.NoError(t, err)
- assert.NotEmpty(t, csrfToken)
- // Now login
- form := make(url.Values)
- form.Set(csrfFormToken, csrfToken)
- form.Set("username", defeaultUsername)
- form.Set("password", userPwd)
- req, err = http.NewRequest(http.MethodPost, webClientLoginPath, bytes.NewBuffer([]byte(form.Encode())))
- assert.NoError(t, err)
- req.Header.Set("Cookie", loginCookie)
- req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
- rr = httptest.NewRecorder()
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusFound, rr.Code)
- userCookie := strings.Split(rr.Header().Get("Set-Cookie"), ";")[0]
- assert.NotEmpty(t, userCookie)
- // Test a WebClient page and a JSON API
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodGet, webClientFilesPath, nil)
- require.NoError(t, err)
- req.Header.Set("Cookie", userCookie)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusOK, rr.Code)
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodGet, webClientProfilePath, nil)
- require.NoError(t, err)
- req.Header.Set("Cookie", userCookie)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusOK, rr.Code)
- csrfToken, err = getCSRFTokenFromBody(rr.Body)
- assert.NoError(t, err)
- assert.NotEmpty(t, csrfToken)
-
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodGet, webClientFilePath+"?path=missing.txt", nil)
- require.NoError(t, err)
- req.Header.Set("Cookie", userCookie)
- req.Header.Set(csrfHeaderToken, csrfToken)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusNotFound, rr.Code)
-
- tokenValidationMode = 0
- err = dataprovider.DeleteUser(defeaultUsername, "", "", "")
- assert.NoError(t, err)
-
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodGet, webClientFilePath+"?path=missing.txt", nil)
- require.NoError(t, err)
- req.Header.Set("Cookie", userCookie)
- req.Header.Set(csrfHeaderToken, csrfToken)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusNotFound, rr.Code)
-
- tokenValidationMode = 2
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodGet, webClientFilePath+"?path=missing.txt", nil)
- require.NoError(t, err)
- req.Header.Set("Cookie", userCookie)
- req.Header.Set(csrfHeaderToken, csrfToken)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusFound, rr.Code)
-
- tokenValidationMode = 0
-}
-
func TestUpdateWebAdminInvalidClaims(t *testing.T) {
server := httpdServer{}
- err := server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
rr := httptest.NewRecorder()
admin := dataprovider.Admin{
Username: "",
Password: "password",
}
- c := &jwt.Claims{
+ c := jwtTokenClaims{
Username: admin.Username,
Permissions: admin.Permissions,
+ Signature: admin.GetSignature(),
}
- c.Subject = admin.GetSignature()
- token, err := server.tokenAuth.SignWithParams(c, tokenAudienceWebAdmin, "", 10*time.Minute)
+ token, err := c.createTokenResponse(server.tokenAuth, tokenAudienceWebAdmin, "")
assert.NoError(t, err)
- resp := c.BuildTokenResponse(token)
-
- req, err := http.NewRequest(http.MethodGet, webAdminPath, nil)
- assert.NoError(t, err)
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", resp.Token))
- parsedToken, err := jwt.VerifyRequest(server.tokenAuth, req, jwt.TokenFromCookie)
- assert.NoError(t, err)
- ctx := req.Context()
- ctx = jwt.NewContext(ctx, parsedToken, err)
- req = req.WithContext(ctx)
form := make(url.Values)
- form.Set(csrfFormToken, createCSRFToken(rr, req, server.csrfTokenAuth, "", webBaseAdminPath))
+ form.Set(csrfFormToken, createCSRFToken(""))
form.Set("status", "1")
form.Set("default_users_expiration", "30")
- req, err = http.NewRequest(http.MethodPost, path.Join(webAdminPath, "admin"), bytes.NewBuffer([]byte(form.Encode())))
- assert.NoError(t, err)
+ req, _ := http.NewRequest(http.MethodPost, path.Join(webAdminPath, "admin"), bytes.NewBuffer([]byte(form.Encode())))
rctx := chi.NewRouteContext()
rctx.URLParams.Add("username", "admin")
- req = req.WithContext(ctx)
req = req.WithContext(context.WithValue(req.Context(), chi.RouteCtxKey, rctx))
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", resp.Token))
+ req.Header.Set("Cookie", fmt.Sprintf("jwt=%v", token["access_token"]))
server.handleWebUpdateAdminPost(rr, req)
assert.Equal(t, http.StatusOK, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidToken)
}
+func TestRetentionInvalidTokenClaims(t *testing.T) {
+ username := "retentionuser"
+ user := dataprovider.User{
+ BaseUser: sdk.BaseUser{
+ Username: username,
+ Password: "pwd",
+ HomeDir: filepath.Join(os.TempDir(), username),
+ Status: 1,
+ },
+ }
+ user.Permissions = make(map[string][]string)
+ user.Permissions["/"] = []string{dataprovider.PermAny}
+ user.Filters.AllowAPIKeyAuth = true
+ err := dataprovider.AddUser(&user, "", "", "")
+ assert.NoError(t, err)
+ folderRetention := []dataprovider.FolderRetention{
+ {
+ Path: "/",
+ Retention: 0,
+ DeleteEmptyDirs: true,
+ },
+ }
+ asJSON, err := json.Marshal(folderRetention)
+ assert.NoError(t, err)
+ req, _ := http.NewRequest(http.MethodPost, retentionBasePath+"/"+username+"/check?notifications=Email", bytes.NewBuffer(asJSON))
+
+ rctx := chi.NewRouteContext()
+ rctx.URLParams.Add("username", username)
+
+ req = req.WithContext(context.WithValue(req.Context(), chi.RouteCtxKey, rctx))
+ req = req.WithContext(context.WithValue(req.Context(), jwtauth.ErrorCtxKey, errors.New("error")))
+ rr := httptest.NewRecorder()
+ startRetentionCheck(rr, req)
+ assert.Equal(t, http.StatusBadRequest, rr.Code)
+ assert.Contains(t, rr.Body.String(), "Invalid token claims")
+
+ err = dataprovider.DeleteUser(username, "", "", "")
+ assert.NoError(t, err)
+}
+
func TestUpdateSMTPSecrets(t *testing.T) {
currentConfigs := &dataprovider.SMTPConfigs{
OAuth2: dataprovider.SMTPOAuth2{
@@ -1241,8 +1018,7 @@ func TestUpdateSMTPSecrets(t *testing.T) {
func TestOAuth2Redirect(t *testing.T) {
server := httpdServer{}
- err := server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
rr := httptest.NewRecorder()
req, err := http.NewRequest(http.MethodGet, webOAuth2RedirectPath+"?state=invalid", nil)
@@ -1252,7 +1028,7 @@ func TestOAuth2Redirect(t *testing.T) {
assert.Contains(t, rr.Body.String(), util.I18nOAuth2ErrorTitle)
ip := "127.1.1.4"
- tokenString := createOAuth2Token(server.csrfTokenAuth, xid.New().String(), ip)
+ tokenString := createOAuth2Token(xid.New().String(), ip)
rr = httptest.NewRecorder()
req, err = http.NewRequest(http.MethodGet, webOAuth2RedirectPath+"?state="+tokenString, nil) //nolint:goconst
assert.NoError(t, err)
@@ -1263,48 +1039,57 @@ func TestOAuth2Redirect(t *testing.T) {
}
func TestOAuth2Token(t *testing.T) {
- server := httpdServer{}
- err := server.initializeRouter()
- require.NoError(t, err)
// invalid token
- _, err = verifyOAuth2Token(server.csrfTokenAuth, "token", "")
+ _, err := verifyOAuth2Token("token", "")
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "unable to verify OAuth2 state")
}
// bad audience
- claims := jwt.NewClaims(tokenAudienceAPI, "", getTokenDuration(tokenAudienceAPI))
+ claims := make(map[string]any)
+ now := time.Now().UTC()
- tokenString, err := server.csrfTokenAuth.Sign(claims)
+ claims[jwt.JwtIDKey] = xid.New().String()
+ claims[jwt.NotBeforeKey] = now.Add(-30 * time.Second)
+ claims[jwt.ExpirationKey] = now.Add(tokenDuration)
+ claims[jwt.AudienceKey] = []string{tokenAudienceAPI}
+
+ _, tokenString, err := csrfTokenAuth.Encode(claims)
assert.NoError(t, err)
- _, err = verifyOAuth2Token(server.csrfTokenAuth, tokenString, "")
+ _, err = verifyOAuth2Token(tokenString, "")
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "invalid OAuth2 state")
}
// bad IP
- tokenString = createOAuth2Token(server.csrfTokenAuth, "state", "127.1.1.1")
- _, err = verifyOAuth2Token(server.csrfTokenAuth, tokenString, "127.1.1.2")
+ tokenString = createOAuth2Token("state", "127.1.1.1")
+ _, err = verifyOAuth2Token(tokenString, "127.1.1.2")
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "invalid OAuth2 state")
}
// ok
state := xid.New().String()
- tokenString = createOAuth2Token(server.csrfTokenAuth, state, "127.1.1.3")
- s, err := verifyOAuth2Token(server.csrfTokenAuth, tokenString, "127.1.1.3")
+ tokenString = createOAuth2Token(state, "127.1.1.3")
+ s, err := verifyOAuth2Token(tokenString, "127.1.1.3")
assert.NoError(t, err)
assert.Equal(t, state, s)
// no jti
- claims = jwt.NewClaims(tokenAudienceOAuth2, "127.1.1.4", getTokenDuration(tokenAudienceOAuth2))
- tokenString, err = josejwt.Signed(server.csrfTokenAuth.Signer()).Claims(claims).Serialize()
+ claims = make(map[string]any)
+
+ claims[jwt.NotBeforeKey] = now.Add(-30 * time.Second)
+ claims[jwt.ExpirationKey] = now.Add(tokenDuration)
+ claims[jwt.AudienceKey] = []string{tokenAudienceOAuth2, "127.1.1.4"}
+ _, tokenString, err = csrfTokenAuth.Encode(claims)
assert.NoError(t, err)
- _, err = verifyOAuth2Token(server.csrfTokenAuth, tokenString, "127.1.1.4")
+ _, err = verifyOAuth2Token(tokenString, "127.1.1.4")
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "invalid OAuth2 state")
}
// encode error
- server.csrfTokenAuth.SetSigner(&failingJoseSigner{})
- tokenString = createOAuth2Token(server.csrfTokenAuth, xid.New().String(), "")
+ csrfTokenAuth = jwtauth.New("HT256", util.GenerateRandomBytes(32), nil)
+ tokenString = createOAuth2Token(xid.New().String(), "")
assert.Empty(t, tokenString)
+ server := httpdServer{}
+ server.initializeRouter()
rr := httptest.NewRecorder()
testReq := make(map[string]any)
testReq["base_redirect_url"] = "http://localhost:8082"
@@ -1312,50 +1097,50 @@ func TestOAuth2Token(t *testing.T) {
assert.NoError(t, err)
req, err := http.NewRequest(http.MethodPost, webOAuth2TokenPath, bytes.NewBuffer(asJSON))
assert.NoError(t, err)
- server.handleSMTPOAuth2TokenRequestPost(rr, req)
+ handleSMTPOAuth2TokenRequestPost(rr, req)
assert.Equal(t, http.StatusInternalServerError, rr.Code)
assert.Contains(t, rr.Body.String(), "unable to create state token")
+
+ csrfTokenAuth = jwtauth.New(jwa.HS256.String(), util.GenerateRandomBytes(32), nil)
}
func TestCSRFToken(t *testing.T) {
- server := httpdServer{}
- err := server.initializeRouter()
- require.NoError(t, err)
// invalid token
- req := &http.Request{}
- err = verifyCSRFToken(req, server.csrfTokenAuth)
+ err := verifyCSRFToken("token", "")
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "unable to verify form token")
}
// bad audience
- claims := jwt.NewClaims(tokenAudienceAPI, "", getTokenDuration(tokenAudienceAPI))
- tokenString, err := server.csrfTokenAuth.Sign(claims)
+ claims := make(map[string]any)
+ now := time.Now().UTC()
+
+ claims[jwt.JwtIDKey] = xid.New().String()
+ claims[jwt.NotBeforeKey] = now.Add(-30 * time.Second)
+ claims[jwt.ExpirationKey] = now.Add(tokenDuration)
+ claims[jwt.AudienceKey] = []string{tokenAudienceAPI}
+
+ _, tokenString, err := csrfTokenAuth.Encode(claims)
assert.NoError(t, err)
- values := url.Values{}
- values.Set(csrfFormToken, tokenString)
- req.Form = values
- err = verifyCSRFToken(req, server.csrfTokenAuth)
+ err = verifyCSRFToken(tokenString, "")
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "form token is not valid")
}
// bad IP
- req.RemoteAddr = "127.1.1.1"
- tokenString = createCSRFToken(httptest.NewRecorder(), req, server.csrfTokenAuth, "", webBaseAdminPath)
- values.Set(csrfFormToken, tokenString)
- req.Form = values
- req.RemoteAddr = "127.1.1.2"
- err = verifyCSRFToken(req, server.csrfTokenAuth)
+ tokenString = createCSRFToken("127.1.1.1")
+ err = verifyCSRFToken(tokenString, "127.1.1.2")
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "form token is not valid")
}
- claims = jwt.NewClaims(tokenAudienceAPI, "", getTokenDuration(tokenAudienceAPI))
- tokenString, err = server.csrfTokenAuth.Sign(claims)
+ claims[jwt.JwtIDKey] = xid.New().String()
+ claims[jwt.NotBeforeKey] = now.Add(-30 * time.Second)
+ claims[jwt.ExpirationKey] = now.Add(tokenDuration)
+ claims[jwt.AudienceKey] = []string{tokenAudienceAPI}
+ _, tokenString, err = csrfTokenAuth.Encode(claims)
assert.NoError(t, err)
- assert.NotEmpty(t, tokenString)
- r, err := GetHTTPRouter(Binding{
+ r := GetHTTPRouter(Binding{
Address: "",
Port: 8080,
EnableWebAdmin: true,
@@ -1363,10 +1148,9 @@ func TestCSRFToken(t *testing.T) {
EnableRESTAPI: true,
RenderOpenAPI: true,
})
- assert.NoError(t, err)
- fn := server.verifyCSRFHeader(r)
+ fn := verifyCSRFHeader(r)
rr := httptest.NewRecorder()
- req, _ = http.NewRequest(http.MethodDelete, path.Join(userPath, "username"), nil)
+ req, _ := http.NewRequest(http.MethodDelete, path.Join(userPath, "username"), nil)
fn.ServeHTTP(rr, req)
assert.Equal(t, http.StatusForbidden, rr.Code)
assert.Contains(t, rr.Body.String(), "Invalid token")
@@ -1379,22 +1163,18 @@ func TestCSRFToken(t *testing.T) {
assert.Contains(t, rr.Body.String(), "the token is not valid")
// invalid IP
- tokenString = createCSRFToken(httptest.NewRecorder(), req, server.csrfTokenAuth, "", webBaseAdminPath)
+ tokenString = createCSRFToken("172.16.1.2")
req.Header.Set(csrfHeaderToken, tokenString)
- req.RemoteAddr = "172.16.1.2"
rr = httptest.NewRecorder()
fn.ServeHTTP(rr, req)
assert.Equal(t, http.StatusForbidden, rr.Code)
assert.Contains(t, rr.Body.String(), "the token is not valid")
- csrfTokenAuth, err := jwt.NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
- csrfTokenAuth.SetSigner(&failingJoseSigner{})
- tokenString = createCSRFToken(httptest.NewRecorder(), req, csrfTokenAuth, "", webBaseAdminPath)
+ csrfTokenAuth = jwtauth.New("PS256", util.GenerateRandomBytes(32), nil)
+ tokenString = createCSRFToken("")
assert.Empty(t, tokenString)
- rr = httptest.NewRecorder()
- createLoginCookie(rr, req, csrfTokenAuth, "", webBaseAdminPath, req.RemoteAddr)
- assert.Empty(t, rr.Header().Get("Set-Cookie"))
+
+ csrfTokenAuth = jwtauth.New(jwa.HS256.String(), util.GenerateRandomBytes(32), nil)
}
func TestCreateShareCookieError(t *testing.T) {
@@ -1414,7 +1194,7 @@ func TestCreateShareCookieError(t *testing.T) {
err := dataprovider.AddUser(user, "", "", "")
assert.NoError(t, err)
share := &dataprovider.Share{
- Name: "test_share_cookie_error",
+ Name: "test share cookie error",
ShareID: util.GenerateUniqueID(),
Scope: dataprovider.ShareScopeRead,
Password: pwd,
@@ -1424,44 +1204,20 @@ func TestCreateShareCookieError(t *testing.T) {
err = dataprovider.AddShare(share, "", "", "")
assert.NoError(t, err)
- tokenAuth, err := jwt.NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
- tokenAuth.SetSigner(&failingJoseSigner{})
- csrfTokenAuth, err := jwt.NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
-
server := httpdServer{
- tokenAuth: tokenAuth,
- csrfTokenAuth: csrfTokenAuth,
+ tokenAuth: jwtauth.New("TS256", util.GenerateRandomBytes(32), nil),
}
-
- c := jwt.NewClaims(tokenAudienceWebLogin, "127.0.0.1", getTokenDuration(tokenAudienceWebLogin))
- token, err := server.csrfTokenAuth.Sign(c)
- assert.NoError(t, err)
- resp := c.BuildTokenResponse(token)
- parsedToken, err := jwt.VerifyToken(server.csrfTokenAuth, resp.Token)
- assert.NoError(t, err)
-
- req, err := http.NewRequest(http.MethodGet, path.Join(webClientPubSharesPath, share.ShareID, "login"), nil)
- assert.NoError(t, err)
- req.RemoteAddr = "127.0.0.1:4567"
- ctx := req.Context()
- ctx = jwt.NewContext(ctx, parsedToken, err)
- req = req.WithContext(ctx)
-
form := make(url.Values)
form.Set("share_password", pwd)
- form.Set(csrfFormToken, createCSRFToken(httptest.NewRecorder(), req, server.csrfTokenAuth, "", webBaseClientPath))
+ form.Set(csrfFormToken, createCSRFToken("127.0.0.1"))
rctx := chi.NewRouteContext()
rctx.URLParams.Add("id", share.ShareID)
rr := httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodPost, path.Join(webClientPubSharesPath, share.ShareID, "login"),
+ req, err := http.NewRequest(http.MethodPost, path.Join(webClientPubSharesPath, share.ShareID, "login"),
bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = "127.0.0.1:2345"
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", resp.Token))
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
- req = req.WithContext(ctx)
req = req.WithContext(context.WithValue(req.Context(), chi.RouteCtxKey, rctx))
server.handleClientShareLoginPost(rr, req)
assert.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
@@ -1472,15 +1228,8 @@ func TestCreateShareCookieError(t *testing.T) {
}
func TestCreateTokenError(t *testing.T) {
- tokenAuth, err := jwt.NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
- tokenAuth.SetSigner(&failingJoseSigner{})
- csrfTokenAuth, err := jwt.NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
-
server := httpdServer{
- tokenAuth: tokenAuth,
- csrfTokenAuth: csrfTokenAuth,
+ tokenAuth: jwtauth.New("PS256", util.GenerateRandomBytes(32), nil),
}
rr := httptest.NewRecorder()
admin := dataprovider.Admin{
@@ -1504,37 +1253,14 @@ func TestCreateTokenError(t *testing.T) {
server.generateAndSendUserToken(rr, req, "", user)
assert.Equal(t, http.StatusInternalServerError, rr.Code)
- c := &jwt.Claims{}
- c.ID = xid.New().String()
- c.SetExpiry(time.Now().Add(1 * time.Minute))
- tokenString, err := server.csrfTokenAuth.SignWithParams(c, tokenAudienceAPI, "", getTokenDuration(tokenAudienceAPI))
- assert.NoError(t, err)
- token := c.BuildTokenResponse(tokenString)
-
- req, err = http.NewRequest(http.MethodGet, webAdminLoginPath, nil)
- assert.NoError(t, err)
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token.Token))
- parsedToken, err := jwt.VerifyRequest(server.csrfTokenAuth, req, jwt.TokenFromCookie)
- assert.NoError(t, err)
- ctx := req.Context()
- ctx = jwt.NewContext(ctx, parsedToken, err)
- req = req.WithContext(ctx)
-
rr = httptest.NewRecorder()
form := make(url.Values)
form.Set("username", admin.Username)
form.Set("password", admin.Password)
- form.Set(csrfFormToken, createCSRFToken(rr, req, server.csrfTokenAuth, xid.New().String(), webBaseAdminPath))
- cookie := rr.Header().Get("Set-Cookie")
- assert.NotEmpty(t, cookie)
+ form.Set(csrfFormToken, createCSRFToken("127.0.0.1"))
req, _ = http.NewRequest(http.MethodPost, webAdminLoginPath, bytes.NewBuffer([]byte(form.Encode())))
- req.Header.Set("Cookie", cookie)
+ req.RemoteAddr = "127.0.0.1:1234"
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
- parsedToken, err = jwt.VerifyRequest(server.csrfTokenAuth, req, jwt.TokenFromCookie)
- assert.NoError(t, err)
- ctx = req.Context()
- ctx = jwt.NewContext(ctx, parsedToken, err)
- req = req.WithContext(ctx)
server.handleWebAdminLoginPost(rr, req)
assert.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
// req with no content type
@@ -1561,7 +1287,7 @@ func TestCreateTokenError(t *testing.T) {
req, _ = http.NewRequest(http.MethodGet, webAdminLoginPath+"?a=a%C3%A2%G3", nil)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
- _, err = getAdminFromPostFields(req)
+ _, err := getAdminFromPostFields(req)
assert.Error(t, err)
req, _ = http.NewRequest(http.MethodPost, webAdminEventActionPath+"?a=a%C3%A2%GG", nil)
@@ -1611,7 +1337,6 @@ func TestCreateTokenError(t *testing.T) {
assert.Equal(t, http.StatusInternalServerError, rr.Code, rr.Body.String())
req, _ = http.NewRequest(http.MethodPost, webAdminTwoFactorPath+"?a=a%C3%AO%GC", bytes.NewBuffer([]byte(form.Encode())))
- req = req.WithContext(jwt.NewContext(req.Context(), &jwt.Claims{}, nil))
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = httptest.NewRecorder()
server.handleWebAdminTwoFactorPost(rr, req)
@@ -1619,7 +1344,6 @@ func TestCreateTokenError(t *testing.T) {
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidForm)
req, _ = http.NewRequest(http.MethodPost, webAdminTwoFactorRecoveryPath+"?a=a%C3%AO%GD", bytes.NewBuffer([]byte(form.Encode())))
- req = req.WithContext(jwt.NewContext(req.Context(), &jwt.Claims{}, nil))
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = httptest.NewRecorder()
server.handleWebAdminTwoFactorRecoveryPost(rr, req)
@@ -1627,7 +1351,6 @@ func TestCreateTokenError(t *testing.T) {
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidForm)
req, _ = http.NewRequest(http.MethodPost, webClientTwoFactorPath+"?a=a%C3%AO%GC", bytes.NewBuffer([]byte(form.Encode())))
- req = req.WithContext(jwt.NewContext(req.Context(), &jwt.Claims{}, nil))
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = httptest.NewRecorder()
server.handleWebClientTwoFactorPost(rr, req)
@@ -1635,7 +1358,6 @@ func TestCreateTokenError(t *testing.T) {
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidForm)
req, _ = http.NewRequest(http.MethodPost, webClientTwoFactorRecoveryPath+"?a=a%C3%AO%GD", bytes.NewBuffer([]byte(form.Encode())))
- req = req.WithContext(jwt.NewContext(req.Context(), &jwt.Claims{}, nil))
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = httptest.NewRecorder()
server.handleWebClientTwoFactorRecoveryPost(rr, req)
@@ -1699,21 +1421,13 @@ func TestCreateTokenError(t *testing.T) {
err = dataprovider.AddUser(&user, "", "", "")
assert.NoError(t, err)
- req, err = http.NewRequest(http.MethodGet, webClientLoginPath, nil)
- assert.NoError(t, err)
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token.Token))
- parsedToken, err = jwt.VerifyRequest(server.csrfTokenAuth, req, jwt.TokenFromCookie)
- assert.NoError(t, err)
- ctx = req.Context()
- ctx = jwt.NewContext(ctx, parsedToken, err)
- req = req.WithContext(ctx)
-
rr = httptest.NewRecorder()
form = make(url.Values)
form.Set("username", user.Username)
form.Set("password", "clientpwd")
- form.Set(csrfFormToken, createCSRFToken(rr, req, server.csrfTokenAuth, "", webBaseClientPath))
+ form.Set(csrfFormToken, createCSRFToken("127.0.0.1"))
req, _ = http.NewRequest(http.MethodPost, webClientLoginPath, bytes.NewBuffer([]byte(form.Encode())))
+ req.RemoteAddr = "127.0.0.1:4567"
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
server.handleWebClientLoginPost(rr, req)
assert.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
@@ -1741,7 +1455,7 @@ func TestCreateTokenError(t *testing.T) {
}
func TestAPIKeyAuthForbidden(t *testing.T) {
- r, err := GetHTTPRouter(Binding{
+ r := GetHTTPRouter(Binding{
Address: "",
Port: 8080,
EnableWebAdmin: true,
@@ -1749,7 +1463,6 @@ func TestAPIKeyAuthForbidden(t *testing.T) {
EnableRESTAPI: true,
RenderOpenAPI: true,
})
- require.NoError(t, err)
fn := forbidAPIKeyAuthentication(r)
rr := httptest.NewRecorder()
req, _ := http.NewRequest(http.MethodGet, versionPath, nil)
@@ -1759,14 +1472,12 @@ func TestAPIKeyAuthForbidden(t *testing.T) {
}
func TestJWTTokenValidation(t *testing.T) {
- tokenAuth, err := jwt.NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
- claims := &jwt.Claims{
- Username: defaultAdminUsername,
- }
- claims.SetExpiry(time.Now().UTC().Add(-1 * time.Hour))
- _, err = tokenAuth.SignWithParams(claims, tokenAudienceWebAdmin, "", getTokenDuration(tokenAudienceWebAdmin))
- require.NoError(t, err)
+ tokenAuth := jwtauth.New(jwa.HS256.String(), util.GenerateRandomBytes(32), nil)
+ claims := make(map[string]any)
+ claims["username"] = defaultAdminUsername
+ claims[jwt.ExpirationKey] = time.Now().UTC().Add(-1 * time.Hour)
+ token, _, err := tokenAuth.Encode(claims)
+ assert.NoError(t, err)
server := httpdServer{
binding: Binding{
@@ -1778,20 +1489,19 @@ func TestJWTTokenValidation(t *testing.T) {
RenderOpenAPI: true,
},
}
- err = server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
r := server.router
fn := jwtAuthenticatorAPI(r)
rr := httptest.NewRecorder()
req, _ := http.NewRequest(http.MethodGet, userPath, nil)
- ctx := jwt.NewContext(req.Context(), claims, nil)
+ ctx := jwtauth.NewContext(req.Context(), token, nil)
fn.ServeHTTP(rr, req.WithContext(ctx))
assert.Equal(t, http.StatusUnauthorized, rr.Code)
fn = jwtAuthenticatorWebAdmin(r)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodGet, webUserPath, nil)
- ctx = jwt.NewContext(req.Context(), claims, nil)
+ ctx = jwtauth.NewContext(req.Context(), token, nil)
fn.ServeHTTP(rr, req.WithContext(ctx))
assert.Equal(t, http.StatusFound, rr.Code)
assert.Equal(t, webAdminLoginPath, rr.Header().Get("Location"))
@@ -1799,26 +1509,26 @@ func TestJWTTokenValidation(t *testing.T) {
fn = jwtAuthenticatorWebClient(r)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodGet, webClientFilesPath, nil)
- ctx = jwt.NewContext(req.Context(), claims, nil)
+ ctx = jwtauth.NewContext(req.Context(), token, nil)
fn.ServeHTTP(rr, req.WithContext(ctx))
assert.Equal(t, http.StatusFound, rr.Code)
assert.Equal(t, webClientLoginPath, rr.Header().Get("Location"))
errTest := errors.New("test error")
- permFn := server.checkPerms(dataprovider.PermAdminAny)
+ permFn := server.checkPerm(dataprovider.PermAdminAny)
fn = permFn(r)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodGet, userPath, nil)
- ctx = jwt.NewContext(req.Context(), claims, errTest)
+ ctx = jwtauth.NewContext(req.Context(), token, errTest)
fn.ServeHTTP(rr, req.WithContext(ctx))
assert.Equal(t, http.StatusBadRequest, rr.Code)
- permFn = server.checkPerms(dataprovider.PermAdminAny)
+ permFn = server.checkPerm(dataprovider.PermAdminAny)
fn = permFn(r)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodGet, webUserPath, nil)
req.RequestURI = webUserPath
- ctx = jwt.NewContext(req.Context(), claims, errTest)
+ ctx = jwtauth.NewContext(req.Context(), token, errTest)
fn.ServeHTTP(rr, req.WithContext(ctx))
assert.Equal(t, http.StatusBadRequest, rr.Code)
@@ -1827,14 +1537,14 @@ func TestJWTTokenValidation(t *testing.T) {
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodPost, webClientProfilePath, nil)
req.RequestURI = webClientProfilePath
- ctx = jwt.NewContext(req.Context(), claims, errTest)
+ ctx = jwtauth.NewContext(req.Context(), token, errTest)
fn.ServeHTTP(rr, req.WithContext(ctx))
assert.Equal(t, http.StatusBadRequest, rr.Code)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodPost, userProfilePath, nil)
req.RequestURI = userProfilePath
- ctx = jwt.NewContext(req.Context(), claims, errTest)
+ ctx = jwtauth.NewContext(req.Context(), token, errTest)
fn.ServeHTTP(rr, req.WithContext(ctx))
assert.Equal(t, http.StatusBadRequest, rr.Code)
@@ -1842,7 +1552,7 @@ func TestJWTTokenValidation(t *testing.T) {
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodPost, webClientProfilePath, nil)
req.RequestURI = webClientProfilePath
- ctx = jwt.NewContext(req.Context(), claims, errTest)
+ ctx = jwtauth.NewContext(req.Context(), token, errTest)
fn.ServeHTTP(rr, req.WithContext(ctx))
assert.Equal(t, http.StatusBadRequest, rr.Code)
@@ -1850,56 +1560,50 @@ func TestJWTTokenValidation(t *testing.T) {
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodPost, webGroupsPath, nil)
req.RequestURI = webGroupsPath
- ctx = jwt.NewContext(req.Context(), claims, errTest)
+ ctx = jwtauth.NewContext(req.Context(), token, errTest)
fn.ServeHTTP(rr, req.WithContext(ctx))
assert.Equal(t, http.StatusBadRequest, rr.Code)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodPost, userSharesPath, nil)
req.RequestURI = userSharesPath
- ctx = jwt.NewContext(req.Context(), claims, errTest)
+ ctx = jwtauth.NewContext(req.Context(), token, errTest)
fn.ServeHTTP(rr, req.WithContext(ctx))
assert.Equal(t, http.StatusBadRequest, rr.Code)
}
func TestUpdateContextFromCookie(t *testing.T) {
- tokenAuth, err := jwt.NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
server := httpdServer{
- tokenAuth: tokenAuth,
+ tokenAuth: jwtauth.New(jwa.HS256.String(), util.GenerateRandomBytes(32), nil),
}
req, _ := http.NewRequest(http.MethodGet, tokenPath, nil)
- claims := jwt.NewClaims(tokenAudienceWebClient, "", getTokenDuration(tokenAudienceWebClient))
- _, err = server.tokenAuth.Sign(claims)
+ claims := make(map[string]any)
+ claims["a"] = "b"
+ token, _, err := server.tokenAuth.Encode(claims)
assert.NoError(t, err)
- ctx := jwt.NewContext(req.Context(), claims, nil)
- req = server.updateContextFromCookie(req.WithContext(ctx))
- token, err := jwt.FromContext(req.Context())
- require.NoError(t, err)
- require.True(t, token.Audience.Contains(tokenAudienceWebClient))
- require.NotEmpty(t, token.ID)
+ ctx := jwtauth.NewContext(req.Context(), token, nil)
+ server.updateContextFromCookie(req.WithContext(ctx))
}
func TestCookieExpiration(t *testing.T) {
- tokenAuth, err := jwt.NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
server := httpdServer{
- tokenAuth: tokenAuth,
+ tokenAuth: jwtauth.New(jwa.HS256.String(), util.GenerateRandomBytes(32), nil),
}
- err = errors.New("test error")
+ err := errors.New("test error")
rr := httptest.NewRecorder()
req, _ := http.NewRequest(http.MethodGet, tokenPath, nil)
- ctx := jwt.NewContext(req.Context(), nil, err)
+ ctx := jwtauth.NewContext(req.Context(), nil, err)
server.checkCookieExpiration(rr, req.WithContext(ctx))
cookie := rr.Header().Get("Set-Cookie")
assert.Empty(t, cookie)
req, _ = http.NewRequest(http.MethodGet, tokenPath, nil)
- claims := jwt.NewClaims(tokenAudienceWebClient, "", getTokenDuration(tokenAudienceWebClient))
- _, err = server.tokenAuth.Sign(claims)
+ claims := make(map[string]any)
+ claims["a"] = "b"
+ token, _, err := server.tokenAuth.Encode(claims)
assert.NoError(t, err)
- ctx = jwt.NewContext(req.Context(), claims, nil)
+ ctx = jwtauth.NewContext(req.Context(), token, nil)
server.checkCookieExpiration(rr, req.WithContext(ctx))
cookie = rr.Header().Get("Set-Cookie")
assert.Empty(t, cookie)
@@ -1909,16 +1613,16 @@ func TestCookieExpiration(t *testing.T) {
Password: "password",
Permissions: []string{dataprovider.PermAdminAny},
}
- claims = jwt.NewClaims(tokenAudienceAPI, "", getTokenDuration(tokenAudienceAPI))
- claims.Username = admin.Username
- claims.Permissions = admin.Permissions
- claims.Subject = admin.GetSignature()
- claims.SetExpiry(time.Now().Add(1 * time.Minute))
- _, err = server.tokenAuth.Sign(claims)
+ claims = make(map[string]any)
+ claims[claimUsernameKey] = admin.Username
+ claims[claimPermissionsKey] = admin.Permissions
+ claims[jwt.SubjectKey] = admin.GetSignature()
+ claims[jwt.ExpirationKey] = time.Now().Add(1 * time.Minute)
+ claims[jwt.AudienceKey] = []string{tokenAudienceAPI}
+ token, _, err = server.tokenAuth.Encode(claims)
assert.NoError(t, err)
-
req, _ = http.NewRequest(http.MethodGet, tokenPath, nil)
- ctx = jwt.NewContext(req.Context(), claims, nil)
+ ctx = jwtauth.NewContext(req.Context(), token, nil)
server.checkCookieExpiration(rr, req.WithContext(ctx))
cookie = rr.Header().Get("Set-Cookie")
assert.Empty(t, cookie)
@@ -1927,7 +1631,7 @@ func TestCookieExpiration(t *testing.T) {
err = dataprovider.AddAdmin(&admin, "", "", "")
assert.NoError(t, err)
req, _ = http.NewRequest(http.MethodGet, tokenPath, nil)
- ctx = jwt.NewContext(req.Context(), claims, nil)
+ ctx = jwtauth.NewContext(req.Context(), token, nil)
server.checkCookieExpiration(rr, req.WithContext(ctx))
cookie = rr.Header().Get("Set-Cookie")
assert.Empty(t, cookie)
@@ -1937,41 +1641,34 @@ func TestCookieExpiration(t *testing.T) {
err = dataprovider.UpdateAdmin(&admin, "", "", "")
assert.NoError(t, err)
req, _ = http.NewRequest(http.MethodGet, tokenPath, nil)
- ctx = jwt.NewContext(req.Context(), claims, nil)
+ ctx = jwtauth.NewContext(req.Context(), token, nil)
server.checkCookieExpiration(rr, req.WithContext(ctx))
cookie = rr.Header().Get("Set-Cookie")
assert.Empty(t, cookie)
admin, err = dataprovider.AdminExists(admin.Username)
assert.NoError(t, err)
- tokenID := xid.New().String()
- claims = jwt.NewClaims(tokenAudienceAPI, "", getTokenDuration(tokenAudienceAPI))
- claims.ID = tokenID
- claims.Username = admin.Username
- claims.Permissions = admin.Permissions
- claims.Subject = admin.GetSignature()
- claims.SetExpiry(time.Now().Add(1 * time.Minute))
- _, err = server.tokenAuth.Sign(claims)
+ claims = make(map[string]any)
+ claims[claimUsernameKey] = admin.Username
+ claims[claimPermissionsKey] = admin.Permissions
+ claims[jwt.SubjectKey] = admin.GetSignature()
+ claims[jwt.ExpirationKey] = time.Now().Add(1 * time.Minute)
+ claims[jwt.AudienceKey] = []string{tokenAudienceAPI}
+ token, _, err = server.tokenAuth.Encode(claims)
assert.NoError(t, err)
-
req, _ = http.NewRequest(http.MethodGet, tokenPath, nil)
req.RemoteAddr = "192.168.8.1:1234"
- ctx = jwt.NewContext(req.Context(), claims, nil)
+ ctx = jwtauth.NewContext(req.Context(), token, nil)
server.checkCookieExpiration(rr, req.WithContext(ctx))
cookie = rr.Header().Get("Set-Cookie")
assert.Empty(t, cookie)
req, _ = http.NewRequest(http.MethodGet, tokenPath, nil)
req.RemoteAddr = "172.16.1.12:4567"
- ctx = jwt.NewContext(req.Context(), claims, nil)
+ ctx = jwtauth.NewContext(req.Context(), token, nil)
server.checkCookieExpiration(rr, req.WithContext(ctx))
cookie = rr.Header().Get("Set-Cookie")
assert.True(t, strings.HasPrefix(cookie, "jwt="))
- req.Header.Set("Cookie", cookie)
- c, err := jwt.VerifyRequest(server.tokenAuth, req, jwt.TokenFromCookie)
- if assert.NoError(t, err) {
- assert.Equal(t, tokenID, c.ID)
- }
err = dataprovider.DeleteAdmin(admin.Username, "", "", "")
assert.NoError(t, err)
@@ -1989,18 +1686,18 @@ func TestCookieExpiration(t *testing.T) {
user.Permissions = make(map[string][]string)
user.Permissions["/"] = []string{"*"}
- claims = jwt.NewClaims(tokenAudienceWebClient, "", getTokenDuration(tokenAudienceWebClient))
- claims.ID = tokenID
- claims.Username = user.Username
- claims.Permissions = user.Filters.WebClient
- claims.Subject = user.GetSignature()
- claims.SetExpiry(time.Now().Add(1 * time.Minute))
- _, err = server.tokenAuth.Sign(claims)
+ claims = make(map[string]any)
+ claims[claimUsernameKey] = user.Username
+ claims[claimPermissionsKey] = user.Filters.WebClient
+ claims[jwt.SubjectKey] = user.GetSignature()
+ claims[jwt.ExpirationKey] = time.Now().Add(1 * time.Minute)
+ claims[jwt.AudienceKey] = []string{tokenAudienceWebClient}
+ token, _, err = server.tokenAuth.Encode(claims)
assert.NoError(t, err)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodGet, webClientFilesPath, nil)
- ctx = jwt.NewContext(req.Context(), claims, nil)
+ ctx = jwtauth.NewContext(req.Context(), token, nil)
server.checkCookieExpiration(rr, req.WithContext(ctx))
cookie = rr.Header().Get("Set-Cookie")
assert.Empty(t, cookie)
@@ -2008,7 +1705,7 @@ func TestCookieExpiration(t *testing.T) {
err = dataprovider.AddUser(&user, "", "", "")
assert.NoError(t, err)
req, _ = http.NewRequest(http.MethodGet, webClientFilesPath, nil)
- ctx = jwt.NewContext(req.Context(), claims, nil)
+ ctx = jwtauth.NewContext(req.Context(), token, nil)
server.checkCookieExpiration(rr, req.WithContext(ctx))
cookie = rr.Header().Get("Set-Cookie")
assert.Empty(t, cookie)
@@ -2021,57 +1718,28 @@ func TestCookieExpiration(t *testing.T) {
user, err = dataprovider.UserExists(user.Username, "")
assert.NoError(t, err)
- issuedAt := time.Now().Add(-1 * time.Minute)
- expiresAt := time.Now().Add(1 * time.Minute)
-
- claims = jwt.NewClaims(tokenAudienceWebClient, "", getTokenDuration(tokenAudienceWebClient))
- claims.ID = tokenID
- claims.Username = user.Username
- claims.Permissions = user.Filters.WebClient
- claims.Subject = user.GetSignature()
- claims.SetExpiry(expiresAt)
- claims.SetIssuedAt(issuedAt)
- _, err = server.tokenAuth.Sign(claims)
+ claims = make(map[string]any)
+ claims[claimUsernameKey] = user.Username
+ claims[claimPermissionsKey] = user.Filters.WebClient
+ claims[jwt.SubjectKey] = user.GetSignature()
+ claims[jwt.ExpirationKey] = time.Now().Add(1 * time.Minute)
+ claims[jwt.AudienceKey] = []string{tokenAudienceWebClient}
+ token, _, err = server.tokenAuth.Encode(claims)
assert.NoError(t, err)
req, _ = http.NewRequest(http.MethodGet, webClientFilesPath, nil)
req.RemoteAddr = "172.16.3.12:4567"
- ctx = jwt.NewContext(req.Context(), claims, nil)
+ ctx = jwtauth.NewContext(req.Context(), token, nil)
server.checkCookieExpiration(rr, req.WithContext(ctx))
cookie = rr.Header().Get("Set-Cookie")
assert.Empty(t, cookie)
req, _ = http.NewRequest(http.MethodGet, webClientFilesPath, nil)
req.RemoteAddr = "172.16.4.16:4567"
- ctx = jwt.NewContext(req.Context(), claims, nil)
+ ctx = jwtauth.NewContext(req.Context(), token, nil)
server.checkCookieExpiration(rr, req.WithContext(ctx))
cookie = rr.Header().Get("Set-Cookie")
assert.NotEmpty(t, cookie)
- req.Header.Set("Cookie", cookie)
- c, err = jwt.VerifyRequest(server.tokenAuth, req, jwt.TokenFromCookie)
- if assert.NoError(t, err) {
- assert.Equal(t, tokenID, c.ID)
- assert.Equal(t, issuedAt.Unix(), c.IssuedAt.Time().Unix())
- assert.NotEqual(t, expiresAt.Unix(), c.Expiry.Time().Unix())
- }
- // test a cookie issued more that 12 hours ago
- claims = jwt.NewClaims(tokenAudienceWebClient, "", getTokenDuration(tokenAudienceWebClient))
- claims.ID = tokenID
- claims.Username = user.Username
- claims.Permissions = user.Filters.WebClient
- claims.Subject = user.GetSignature()
- claims.SetExpiry(expiresAt)
- claims.SetIssuedAt(time.Now().Add(-24 * time.Hour))
- _, err = server.tokenAuth.Sign(claims)
- assert.NoError(t, err)
-
- rr = httptest.NewRecorder()
- req, _ = http.NewRequest(http.MethodGet, webClientFilesPath, nil)
- req.RemoteAddr = "172.16.4.16:6789"
- ctx = jwt.NewContext(req.Context(), claims, nil)
- server.checkCookieExpiration(rr, req.WithContext(ctx))
- cookie = rr.Header().Get("Set-Cookie")
- assert.Empty(t, cookie)
// test a disabled user
user.Status = 0
@@ -2080,19 +1748,18 @@ func TestCookieExpiration(t *testing.T) {
user, err = dataprovider.UserExists(user.Username, "")
assert.NoError(t, err)
- claims = jwt.NewClaims(tokenAudienceWebClient, "", getTokenDuration(tokenAudienceWebClient))
- claims.ID = tokenID
- claims.Username = user.Username
- claims.Permissions = user.Filters.WebClient
- claims.Subject = user.GetSignature()
- claims.SetExpiry(time.Now().Add(1 * time.Minute))
- claims.SetIssuedAt(issuedAt)
- _, err = server.tokenAuth.Sign(claims)
+ claims = make(map[string]any)
+ claims[claimUsernameKey] = user.Username
+ claims[claimPermissionsKey] = user.Filters.WebClient
+ claims[jwt.SubjectKey] = user.GetSignature()
+ claims[jwt.ExpirationKey] = time.Now().Add(1 * time.Minute)
+ claims[jwt.AudienceKey] = []string{tokenAudienceWebClient}
+ token, _, err = server.tokenAuth.Encode(claims)
assert.NoError(t, err)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodGet, webClientFilesPath, nil)
- ctx = jwt.NewContext(req.Context(), claims, nil)
+ ctx = jwtauth.NewContext(req.Context(), token, nil)
server.checkCookieExpiration(rr, req.WithContext(ctx))
cookie = rr.Header().Get("Set-Cookie")
assert.Empty(t, cookie)
@@ -2122,7 +1789,6 @@ func TestChangePwdValidationErrors(t *testing.T) {
require.Error(t, err)
req, _ := http.NewRequest(http.MethodPut, adminPwdPath, nil)
- req = req.WithContext(jwt.NewContext(req.Context(), &jwt.Claims{Claims: josejwt.Claims{ID: xid.New().String()}}, nil))
err = doChangeAdminPassword(req, "currentpwd", "newpwd", "newpwd")
assert.Error(t, err)
}
@@ -2130,24 +1796,23 @@ func TestChangePwdValidationErrors(t *testing.T) {
func TestRenderUnexistingFolder(t *testing.T) {
rr := httptest.NewRecorder()
req, _ := http.NewRequest(http.MethodPost, folderPath, nil)
- renderFolder(rr, req, "path not mapped", &jwt.Claims{}, http.StatusOK)
+ renderFolder(rr, req, "path not mapped", &jwtTokenClaims{}, http.StatusOK)
assert.Equal(t, http.StatusNotFound, rr.Code)
}
func TestCloseConnectionHandler(t *testing.T) {
- tokenAuth, err := jwt.NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
- claims := jwt.NewClaims(tokenAudienceAPI, "", getTokenDuration(tokenAudienceAPI))
- claims.Username = defaultAdminUsername
- claims.SetExpiry(time.Now().UTC().Add(1 * time.Hour))
- _, err = tokenAuth.Sign(claims)
+ tokenAuth := jwtauth.New(jwa.HS256.String(), util.GenerateRandomBytes(32), nil)
+ claims := make(map[string]any)
+ claims["username"] = defaultAdminUsername
+ claims[jwt.ExpirationKey] = time.Now().UTC().Add(1 * time.Hour)
+ token, _, err := tokenAuth.Encode(claims)
assert.NoError(t, err)
req, err := http.NewRequest(http.MethodDelete, activeConnectionsPath+"/connectionID", nil)
assert.NoError(t, err)
rctx := chi.NewRouteContext()
rctx.URLParams.Add("connectionID", "")
req = req.WithContext(context.WithValue(req.Context(), chi.RouteCtxKey, rctx))
- req = req.WithContext(context.WithValue(req.Context(), jwt.TokenCtxKey, claims))
+ req = req.WithContext(context.WithValue(req.Context(), jwtauth.TokenCtxKey, token))
rr := httptest.NewRecorder()
handleCloseConnection(rr, req)
assert.Equal(t, http.StatusBadRequest, rr.Code)
@@ -2169,7 +1834,7 @@ func TestRenderInvalidTemplate(t *testing.T) {
}
func TestQuotaScanInvalidFs(t *testing.T) {
- user := &dataprovider.User{
+ user := dataprovider.User{
BaseUser: sdk.BaseUser{
Username: "test",
HomeDir: os.TempDir(),
@@ -2342,38 +2007,31 @@ func TestGetUserFromTemplate(t *testing.T) {
}
func TestJWTTokenCleanup(t *testing.T) {
- tokenAuth, err := jwt.NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
server := httpdServer{
- tokenAuth: tokenAuth,
+ tokenAuth: jwtauth.New(jwa.HS256.String(), util.GenerateRandomBytes(32), nil),
}
admin := dataprovider.Admin{
Username: "newtestadmin",
Password: "password",
Permissions: []string{dataprovider.PermAdminAny},
}
- claims := jwt.NewClaims(tokenAudienceAPI, "", getTokenDuration(tokenAudienceAPI))
- claims.Username = admin.Username
- claims.Permissions = admin.Permissions
- claims.Subject = admin.GetSignature()
- claims.SetExpiry(time.Now().Add(1 * time.Minute))
- token, err := server.tokenAuth.Sign(claims)
+ claims := make(map[string]any)
+ claims[claimUsernameKey] = admin.Username
+ claims[claimPermissionsKey] = admin.Permissions
+ claims[jwt.SubjectKey] = admin.GetSignature()
+ claims[jwt.ExpirationKey] = time.Now().Add(1 * time.Minute)
+ _, token, err := server.tokenAuth.Encode(claims)
assert.NoError(t, err)
req, _ := http.NewRequest(http.MethodGet, versionPath, nil)
assert.True(t, isTokenInvalidated(req))
- fakeToken := "abc"
- invalidateTokenString(req, fakeToken, -100*time.Millisecond)
- assert.True(t, invalidatedJWTTokens.Get(fakeToken))
+ req.Header.Set("Authorization", fmt.Sprintf("Bearer %v", token))
- req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
-
- invalidatedJWTTokens.Add(token, time.Now().Add(-getTokenDuration(tokenAudienceWebAdmin)).UTC())
+ invalidatedJWTTokens.Add(token, time.Now().Add(-tokenDuration).UTC())
require.True(t, isTokenInvalidated(req))
startCleanupTicker(100 * time.Millisecond)
assert.Eventually(t, func() bool { return !isTokenInvalidated(req) }, 1*time.Second, 200*time.Millisecond)
- assert.False(t, invalidatedJWTTokens.Get(fakeToken))
stopCleanupTicker()
}
@@ -2386,71 +2044,22 @@ func TestDbTokenManager(t *testing.T) {
testToken := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiV2ViQWRtaW4iLCI6OjEiXSwiZXhwIjoxNjk4NjYwMDM4LCJqdGkiOiJja3ZuazVrYjF1aHUzZXRmZmhyZyIsIm5iZiI6MTY5ODY1ODgwOCwicGVybWlzc2lvbnMiOlsiKiJdLCJzdWIiOiIxNjk3ODIwNDM3NTMyIiwidXNlcm5hbWUiOiJhZG1pbiJ9.LXuFFksvnSuzHqHat6r70yR0jEulNRju7m7SaWrOfy8; csrftoken=mP0C7DqjwpAXsptO2gGCaYBkYw3oNMWB"
key := dbTokenManager.getKey(testToken)
require.Len(t, key, 64)
- dbTokenManager.Add(testToken, time.Now().Add(-getTokenDuration(tokenAudienceWebClient)).UTC())
+ dbTokenManager.Add(testToken, time.Now().Add(-tokenDuration).UTC())
isInvalidated := dbTokenManager.Get(testToken)
assert.True(t, isInvalidated)
dbTokenManager.Cleanup()
isInvalidated = dbTokenManager.Get(testToken)
assert.False(t, isInvalidated)
- dbTokenManager.Add(testToken, time.Now().Add(getTokenDuration(tokenAudienceWebAdmin)).UTC())
+ dbTokenManager.Add(testToken, time.Now().Add(tokenDuration).UTC())
isInvalidated = dbTokenManager.Get(testToken)
assert.True(t, isInvalidated)
dbTokenManager.Cleanup()
isInvalidated = dbTokenManager.Get(testToken)
assert.True(t, isInvalidated)
- err := dataprovider.DeleteSharedSession(key, dataprovider.SessionTypeInvalidToken)
+ err := dataprovider.DeleteSharedSession(key)
assert.NoError(t, err)
}
-func TestDatabaseSharedSessions(t *testing.T) {
- if !isSharedProviderSupported() {
- t.Skip("this test it is not available with this provider")
- }
- session1 := dataprovider.Session{
- Key: "1",
- Data: map[string]string{"a": "b"},
- Type: dataprovider.SessionTypeOIDCAuth,
- Timestamp: 10,
- }
- err := dataprovider.AddSharedSession(session1)
- assert.NoError(t, err)
- // Adding another session with the same key but a different type should work
- session2 := session1
- session2.Type = dataprovider.SessionTypeOIDCToken
- err = dataprovider.AddSharedSession(session2)
- assert.NoError(t, err)
- err = dataprovider.DeleteSharedSession(session1.Key, dataprovider.SessionTypeInvalidToken)
- assert.ErrorIs(t, err, util.ErrNotFound)
- _, err = dataprovider.GetSharedSession(session1.Key, dataprovider.SessionTypeResetCode)
- assert.ErrorIs(t, err, util.ErrNotFound)
- session1Get, err := dataprovider.GetSharedSession(session1.Key, dataprovider.SessionTypeOIDCAuth)
- assert.NoError(t, err)
- assert.Equal(t, session1.Timestamp, session1Get.Timestamp)
- var stored map[string]string
- err = json.Unmarshal(session1Get.Data.([]byte), &stored)
- assert.NoError(t, err)
- assert.Equal(t, session1.Data, stored)
- session1.Timestamp = 20
- session1.Data = map[string]string{"c": "d"}
- err = dataprovider.AddSharedSession(session1)
- assert.NoError(t, err)
- session1Get, err = dataprovider.GetSharedSession(session1.Key, dataprovider.SessionTypeOIDCAuth)
- assert.NoError(t, err)
- assert.Equal(t, session1.Timestamp, session1Get.Timestamp)
- stored = make(map[string]string)
- err = json.Unmarshal(session1Get.Data.([]byte), &stored)
- assert.NoError(t, err)
- assert.Equal(t, session1.Data, stored)
- err = dataprovider.DeleteSharedSession(session1.Key, dataprovider.SessionTypeOIDCAuth)
- assert.NoError(t, err)
- err = dataprovider.DeleteSharedSession(session2.Key, dataprovider.SessionTypeOIDCToken)
- assert.NoError(t, err)
- _, err = dataprovider.GetSharedSession(session1.Key, dataprovider.SessionTypeOIDCAuth)
- assert.ErrorIs(t, err, util.ErrNotFound)
- _, err = dataprovider.GetSharedSession(session2.Key, dataprovider.SessionTypeOIDCToken)
- assert.ErrorIs(t, err, util.ErrNotFound)
-}
-
func TestAllowedProxyUnixDomainSocket(t *testing.T) {
b := Binding{
Address: filepath.Join(os.TempDir(), "sock"),
@@ -2463,15 +2072,6 @@ func TestAllowedProxyUnixDomainSocket(t *testing.T) {
}
}
-func TestProxyListenerWrapper(t *testing.T) {
- b := Binding{
- ProxyMode: 0,
- }
- require.Nil(t, b.listenerWrapper())
- b.ProxyMode = 1
- require.NotNil(t, b.listenerWrapper())
-}
-
func TestProxyHeaders(t *testing.T) {
username := "adminTest"
password := "testPwd"
@@ -2502,8 +2102,7 @@ func TestProxyHeaders(t *testing.T) {
err = b.parseAllowedProxy()
assert.NoError(t, err)
server := newHttpdServer(b, "", "", CorsConfig{Enabled: true}, "")
- err = server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
testServer := httptest.NewServer(server.router)
defer testServer.Close()
@@ -2516,7 +2115,7 @@ func TestProxyHeaders(t *testing.T) {
rr := httptest.NewRecorder()
testServer.Config.Handler.ServeHTTP(rr, req)
assert.Equal(t, http.StatusUnauthorized, rr.Code)
- assert.NotContains(t, rr.Body.String(), "login from IP 127.0.0.1 not allowed")
+ assert.Contains(t, rr.Body.String(), "login from IP 127.0.0.1 not allowed")
req.RemoteAddr = testIP
rr = httptest.NewRecorder()
@@ -2528,95 +2127,34 @@ func TestProxyHeaders(t *testing.T) {
testServer.Config.Handler.ServeHTTP(rr, req)
assert.Equal(t, http.StatusOK, rr.Code)
- req, err = http.NewRequest(http.MethodGet, webAdminLoginPath, nil)
- assert.NoError(t, err)
- req.RemoteAddr = testIP
- rr = httptest.NewRecorder()
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
- cookie := rr.Header().Get("Set-Cookie")
- assert.NotEmpty(t, cookie)
- req.Header.Set("Cookie", cookie)
- parsedToken, err := jwt.VerifyRequest(server.csrfTokenAuth, req, jwt.TokenFromCookie)
- assert.NoError(t, err)
- ctx := req.Context()
- ctx = jwt.NewContext(ctx, parsedToken, err)
- req = req.WithContext(ctx)
-
form := make(url.Values)
form.Set("username", username)
form.Set("password", password)
- form.Set(csrfFormToken, createCSRFToken(httptest.NewRecorder(), req, server.csrfTokenAuth, "", webBaseAdminPath))
+ form.Set(csrfFormToken, createCSRFToken(testIP))
req, err = http.NewRequest(http.MethodPost, webAdminLoginPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = testIP
- req.Header.Set("Cookie", cookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = httptest.NewRecorder()
testServer.Config.Handler.ServeHTTP(rr, req)
assert.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCredentials)
- req, err = http.NewRequest(http.MethodGet, webAdminLoginPath, nil)
- assert.NoError(t, err)
- req.RemoteAddr = validForwardedFor
- rr = httptest.NewRecorder()
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
- loginCookie := rr.Header().Get("Set-Cookie")
- assert.NotEmpty(t, loginCookie)
- req.Header.Set("Cookie", loginCookie)
- parsedToken, err = jwt.VerifyRequest(server.csrfTokenAuth, req, jwt.TokenFromCookie)
- assert.NoError(t, err)
- ctx = req.Context()
- ctx = jwt.NewContext(ctx, parsedToken, err)
- req = req.WithContext(ctx)
-
- form.Set(csrfFormToken, createCSRFToken(httptest.NewRecorder(), req, server.csrfTokenAuth, "", webBaseAdminPath))
+ form.Set(csrfFormToken, createCSRFToken(validForwardedFor))
req, err = http.NewRequest(http.MethodPost, webAdminLoginPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = testIP
- req.Header.Set("Cookie", loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("X-Forwarded-For", validForwardedFor)
rr = httptest.NewRecorder()
testServer.Config.Handler.ServeHTTP(rr, req)
assert.Equal(t, http.StatusFound, rr.Code, rr.Body.String())
- cookie = rr.Header().Get("Set-Cookie")
+ cookie := rr.Header().Get("Set-Cookie")
assert.NotContains(t, cookie, "Secure")
- // The login cookie is invalidated after a successful login, the same request will fail
req, err = http.NewRequest(http.MethodPost, webAdminLoginPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = testIP
- req.Header.Set("Cookie", loginCookie)
- req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
- req.Header.Set("X-Forwarded-For", validForwardedFor)
- rr = httptest.NewRecorder()
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
- assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidCSRF)
-
- req, err = http.NewRequest(http.MethodGet, webAdminLoginPath, nil)
- assert.NoError(t, err)
- req.RemoteAddr = validForwardedFor
- rr = httptest.NewRecorder()
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
- loginCookie = rr.Header().Get("Set-Cookie")
- assert.NotEmpty(t, loginCookie)
- req.Header.Set("Cookie", loginCookie)
- parsedToken, err = jwt.VerifyRequest(server.csrfTokenAuth, req, jwt.TokenFromCookie)
- assert.NoError(t, err)
- ctx = req.Context()
- ctx = jwt.NewContext(ctx, parsedToken, err)
- req = req.WithContext(ctx)
-
- form.Set(csrfFormToken, createCSRFToken(httptest.NewRecorder(), req, server.csrfTokenAuth, "", webBaseAdminPath))
- req, err = http.NewRequest(http.MethodPost, webAdminLoginPath, bytes.NewBuffer([]byte(form.Encode())))
- assert.NoError(t, err)
- req.RemoteAddr = testIP
- req.Header.Set("Cookie", loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("X-Forwarded-For", validForwardedFor)
req.Header.Set(xForwardedProto, "https")
@@ -2626,26 +2164,9 @@ func TestProxyHeaders(t *testing.T) {
cookie = rr.Header().Get("Set-Cookie")
assert.Contains(t, cookie, "Secure")
- req, err = http.NewRequest(http.MethodGet, webAdminLoginPath, nil)
- assert.NoError(t, err)
- req.RemoteAddr = validForwardedFor
- rr = httptest.NewRecorder()
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
- loginCookie = rr.Header().Get("Set-Cookie")
- assert.NotEmpty(t, loginCookie)
- req.Header.Set("Cookie", loginCookie)
- parsedToken, err = jwt.VerifyRequest(server.csrfTokenAuth, req, jwt.TokenFromCookie)
- assert.NoError(t, err)
- ctx = req.Context()
- ctx = jwt.NewContext(ctx, parsedToken, err)
- req = req.WithContext(ctx)
-
- form.Set(csrfFormToken, createCSRFToken(httptest.NewRecorder(), req, server.csrfTokenAuth, "", webBaseAdminPath))
req, err = http.NewRequest(http.MethodPost, webAdminLoginPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
req.RemoteAddr = testIP
- req.Header.Set("Cookie", loginCookie)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("X-Forwarded-For", validForwardedFor)
req.Header.Set(xForwardedProto, "http")
@@ -2669,8 +2190,7 @@ func TestRecoverer(t *testing.T) {
EnableRESTAPI: true,
}
server := newHttpdServer(b, "../static", "", CorsConfig{}, "../openapi")
- err := server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
server.router.Get(recoveryPath, func(_ http.ResponseWriter, _ *http.Request) {
panic("panic")
})
@@ -2731,11 +2251,10 @@ func TestCompressorAbortHandler(t *testing.T) {
assert.Equal(t, http.ErrAbortHandler, rcv)
}()
- connection := newConnection(
- common.NewBaseConnection(xid.New().String(), common.ProtocolHTTP, "", "", dataprovider.User{}),
- nil,
- nil,
- )
+ connection := &Connection{
+ BaseConnection: common.NewBaseConnection(xid.New().String(), common.ProtocolHTTP, "", "", dataprovider.User{}),
+ request: nil,
+ }
share := &dataprovider.Share{}
renderCompressedFiles(&failingWriter{}, connection, "", nil, share)
}
@@ -2757,11 +2276,10 @@ func TestZipErrors(t *testing.T) {
}
user.Permissions = make(map[string][]string)
user.Permissions["/"] = []string{dataprovider.PermAny}
- connection := newConnection(
- common.NewBaseConnection(xid.New().String(), common.ProtocolHTTP, "", "", user),
- nil,
- nil,
- )
+ connection := &Connection{
+ BaseConnection: common.NewBaseConnection(xid.New().String(), common.ProtocolHTTP, "", "", user),
+ request: nil,
+ }
testDir := filepath.Join(os.TempDir(), "testDir")
err := os.MkdirAll(testDir, os.ModePerm)
@@ -2773,14 +2291,14 @@ func TestZipErrors(t *testing.T) {
assert.Contains(t, err.Error(), "write error")
}
- err = addZipEntry(wr, connection, "/"+filepath.Base(testDir), "/", nil, 0)
+ err = addZipEntry(wr, connection, "/"+filepath.Base(testDir), "/", 0)
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "write error")
}
- err = addZipEntry(wr, connection, "/"+filepath.Base(testDir), "/", nil, 2000)
+ err = addZipEntry(wr, connection, "/"+filepath.Base(testDir), "/", 2000)
assert.ErrorIs(t, err, util.ErrRecursionTooDeep)
- err = addZipEntry(wr, connection, "/"+filepath.Base(testDir), path.Join("/", filepath.Base(testDir), "dir"), nil, 0)
+ err = addZipEntry(wr, connection, "/"+filepath.Base(testDir), path.Join("/", filepath.Base(testDir), "dir"), 0)
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "is outside base dir")
}
@@ -2789,14 +2307,14 @@ func TestZipErrors(t *testing.T) {
err = os.WriteFile(testFilePath, util.GenerateRandomBytes(65535), os.ModePerm)
assert.NoError(t, err)
err = addZipEntry(wr, connection, path.Join("/", filepath.Base(testDir), filepath.Base(testFilePath)),
- "/"+filepath.Base(testDir), nil, 0)
+ "/"+filepath.Base(testDir), 0)
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "write error")
}
connection.User.Permissions["/"] = []string{dataprovider.PermListItems}
err = addZipEntry(wr, connection, path.Join("/", filepath.Base(testDir), filepath.Base(testFilePath)),
- "/"+filepath.Base(testDir), nil, 0)
+ "/"+filepath.Base(testDir), 0)
assert.ErrorIs(t, err, os.ErrPermission)
// creating a virtual folder to a missing path stat is ok but readdir fails
@@ -2808,14 +2326,14 @@ func TestZipErrors(t *testing.T) {
})
connection.User = user
wr = zip.NewWriter(bytes.NewBuffer(make([]byte, 0)))
- err = addZipEntry(wr, connection, user.VirtualFolders[0].VirtualPath, "/", nil, 0)
+ err = addZipEntry(wr, connection, user.VirtualFolders[0].VirtualPath, "/", 0)
assert.Error(t, err)
user.Filters.FilePatterns = append(user.Filters.FilePatterns, sdk.PatternsFilter{
Path: "/",
DeniedPatterns: []string{"*.zip"},
})
- err = addZipEntry(wr, connection, "/"+filepath.Base(testDir), "/", nil, 0)
+ err = addZipEntry(wr, connection, "/"+filepath.Base(testDir), "/", 0)
assert.ErrorIs(t, err, os.ErrPermission)
err = os.RemoveAll(testDir)
@@ -2831,8 +2349,7 @@ func TestWebAdminRedirect(t *testing.T) {
EnableRESTAPI: true,
}
server := newHttpdServer(b, "../static", "", CorsConfig{}, "../openapi")
- err := server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
testServer := httptest.NewServer(server.router)
defer testServer.Close()
@@ -2983,11 +2500,10 @@ func TestConnection(t *testing.T) {
}
user.Permissions = make(map[string][]string)
user.Permissions["/"] = []string{dataprovider.PermAny}
- connection := newConnection(
- common.NewBaseConnection(xid.New().String(), common.ProtocolHTTP, "", "", user),
- nil,
- nil,
- )
+ connection := &Connection{
+ BaseConnection: common.NewBaseConnection(xid.New().String(), common.ProtocolHTTP, "", "", user),
+ request: nil,
+ }
assert.Empty(t, connection.GetClientVersion())
assert.Empty(t, connection.GetRemoteAddress())
assert.Empty(t, connection.GetCommand())
@@ -3008,11 +2524,10 @@ func TestGetFileWriterErrors(t *testing.T) {
}
user.Permissions = make(map[string][]string)
user.Permissions["/"] = []string{dataprovider.PermAny}
- connection := newConnection(
- common.NewBaseConnection(xid.New().String(), common.ProtocolHTTP, "", "", user),
- nil,
- nil,
- )
+ connection := &Connection{
+ BaseConnection: common.NewBaseConnection(xid.New().String(), common.ProtocolHTTP, "", "", user),
+ request: nil,
+ }
_, err := connection.getFileWriter("name")
assert.Error(t, err)
@@ -3025,11 +2540,10 @@ func TestGetFileWriterErrors(t *testing.T) {
},
AccessSecret: kms.NewPlainSecret("secret"),
}
- connection = newConnection(
- common.NewBaseConnection(xid.New().String(), common.ProtocolHTTP, "", "", user),
- nil,
- nil,
- )
+ connection = &Connection{
+ BaseConnection: common.NewBaseConnection(xid.New().String(), common.ProtocolHTTP, "", "", user),
+ request: nil,
+ }
_, err = connection.getFileWriter("/path")
assert.Error(t, err)
}
@@ -3058,11 +2572,9 @@ func TestHTTPDFile(t *testing.T) {
}
user.Permissions = make(map[string][]string)
user.Permissions["/"] = []string{dataprovider.PermAny}
- connection := newConnection(
- common.NewBaseConnection(xid.New().String(), common.ProtocolHTTP, "", "", user),
- nil,
- nil,
- )
+ connection := &Connection{
+ BaseConnection: common.NewBaseConnection(xid.New().String(), common.ProtocolHTTP, "", "", user),
+ }
fs, err := user.GetFilesystem("")
assert.NoError(t, err)
@@ -3120,8 +2632,7 @@ func TestChangeUserPwd(t *testing.T) {
func TestWebUserInvalidClaims(t *testing.T) {
server := httpdServer{}
- err := server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
rr := httptest.NewRecorder()
user := dataprovider.User{
@@ -3130,81 +2641,79 @@ func TestWebUserInvalidClaims(t *testing.T) {
Password: "pwd",
},
}
- c := &jwt.Claims{
+ c := jwtTokenClaims{
Username: user.Username,
Permissions: nil,
+ Signature: user.GetSignature(),
}
- c.Subject = user.GetSignature()
- c.SetExpiry(time.Now().Add(10 * time.Minute))
- c.Audience = []string{tokenAudienceAPI}
- token, err := server.tokenAuth.Sign(c)
+ token, err := c.createTokenResponse(server.tokenAuth, tokenAudienceWebClient, "")
assert.NoError(t, err)
req, _ := http.NewRequest(http.MethodGet, webClientFilesPath, nil)
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token))
+ req.Header.Set("Cookie", fmt.Sprintf("jwt=%v", token["access_token"]))
server.handleClientGetFiles(rr, req)
assert.Equal(t, http.StatusForbidden, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidToken)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodGet, webClientDirsPath, nil)
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token))
+ req.Header.Set("Cookie", fmt.Sprintf("jwt=%v", token["access_token"]))
server.handleClientGetDirContents(rr, req)
assert.Equal(t, http.StatusForbidden, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorDirList403)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodGet, webClientDownloadZipPath, nil)
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token))
+ req.Header.Set("Cookie", fmt.Sprintf("jwt=%v", token["access_token"]))
server.handleWebClientDownloadZip(rr, req)
assert.Equal(t, http.StatusForbidden, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidToken)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodGet, webClientEditFilePath, nil)
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token))
+ req.Header.Set("Cookie", fmt.Sprintf("jwt=%v", token["access_token"]))
server.handleClientEditFile(rr, req)
assert.Equal(t, http.StatusForbidden, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidToken)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodGet, webClientSharePath, nil)
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token))
+ req.Header.Set("Cookie", fmt.Sprintf("jwt=%v", token["access_token"]))
server.handleClientAddShareGet(rr, req)
assert.Equal(t, http.StatusForbidden, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidToken)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodGet, webClientSharePath, nil)
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token))
+ req.Header.Set("Cookie", fmt.Sprintf("jwt=%v", token["access_token"]))
server.handleClientUpdateShareGet(rr, req)
assert.Equal(t, http.StatusForbidden, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidToken)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodPost, webClientSharePath, nil)
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token))
+ req.Header.Set("Cookie", fmt.Sprintf("jwt=%v", token["access_token"]))
server.handleClientAddSharePost(rr, req)
assert.Equal(t, http.StatusForbidden, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidToken)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodPost, webClientSharePath+"/id", nil)
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token))
+ req.Header.Set("Cookie", fmt.Sprintf("jwt=%v", token["access_token"]))
server.handleClientUpdateSharePost(rr, req)
assert.Equal(t, http.StatusForbidden, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidToken)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodGet, webClientSharesPath+jsonAPISuffix, nil)
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token))
+ req.Header.Set("Cookie", fmt.Sprintf("jwt=%v", token["access_token"]))
getAllShares(rr, req)
assert.Equal(t, http.StatusForbidden, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidToken)
rr = httptest.NewRecorder()
req, _ = http.NewRequest(http.MethodGet, webClientViewPDFPath, nil)
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token))
+ req.Header.Set("Cookie", fmt.Sprintf("jwt=%v", token["access_token"]))
server.handleClientGetPDF(rr, req)
assert.Equal(t, http.StatusForbidden, rr.Code)
assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidToken)
@@ -3212,8 +2721,7 @@ func TestWebUserInvalidClaims(t *testing.T) {
func TestInvalidClaims(t *testing.T) {
server := httpdServer{}
- err := server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
rr := httptest.NewRecorder()
user := dataprovider.User{
@@ -3222,31 +2730,19 @@ func TestInvalidClaims(t *testing.T) {
Password: "pwd",
},
}
- c := &jwt.Claims{
+ c := jwtTokenClaims{
Username: user.Username,
Permissions: nil,
+ Signature: user.GetSignature(),
}
- c.Subject = user.GetSignature()
- token, err := server.tokenAuth.SignWithParams(c, tokenAudienceWebClient, "", getTokenDuration(tokenAudienceWebClient))
+ token, err := c.createTokenResponse(server.tokenAuth, tokenAudienceWebClient, "")
assert.NoError(t, err)
-
- req, err := http.NewRequest(http.MethodGet, webClientProfilePath, nil)
- assert.NoError(t, err)
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token))
- parsedToken, err := jwt.VerifyRequest(server.tokenAuth, req, jwt.TokenFromCookie)
- assert.NoError(t, err)
- ctx := req.Context()
- ctx = jwt.NewContext(ctx, parsedToken, err)
- req = req.WithContext(ctx)
-
form := make(url.Values)
- form.Set(csrfFormToken, createCSRFToken(rr, req, server.csrfTokenAuth, "", webBaseClientPath))
+ form.Set(csrfFormToken, createCSRFToken(""))
form.Set("public_keys", "")
- req, err = http.NewRequest(http.MethodPost, webClientProfilePath, bytes.NewBuffer([]byte(form.Encode())))
- assert.NoError(t, err)
- req = req.WithContext(ctx)
+ req, _ := http.NewRequest(http.MethodPost, webClientProfilePath, bytes.NewBuffer([]byte(form.Encode())))
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token))
+ req.Header.Set("Cookie", fmt.Sprintf("jwt=%v", token["access_token"]))
server.handleWebClientProfilePost(rr, req)
assert.Equal(t, http.StatusForbidden, rr.Code)
@@ -3254,34 +2750,21 @@ func TestInvalidClaims(t *testing.T) {
Username: "",
Password: user.Password,
}
- c = &jwt.Claims{
+ c = jwtTokenClaims{
Username: admin.Username,
Permissions: nil,
+ Signature: admin.GetSignature(),
}
- c.Subject = admin.GetSignature()
- token, err = server.tokenAuth.SignWithParams(c, tokenAudienceWebAdmin, "", getTokenDuration(tokenAudienceWebAdmin))
+ token, err = c.createTokenResponse(server.tokenAuth, tokenAudienceWebAdmin, "")
assert.NoError(t, err)
-
- req, err = http.NewRequest(http.MethodGet, webAdminProfilePath, nil)
- assert.NoError(t, err)
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token))
- parsedToken, err = jwt.VerifyRequest(server.tokenAuth, req, jwt.TokenFromCookie)
- assert.NoError(t, err)
- ctx = req.Context()
- ctx = jwt.NewContext(ctx, parsedToken, err)
- req = req.WithContext(ctx)
-
form = make(url.Values)
- form.Set(csrfFormToken, createCSRFToken(rr, req, server.csrfTokenAuth, "", webBaseAdminPath))
+ form.Set(csrfFormToken, createCSRFToken(""))
form.Set("allow_api_key_auth", "")
- req, err = http.NewRequest(http.MethodPost, webAdminProfilePath, bytes.NewBuffer([]byte(form.Encode())))
- assert.NoError(t, err)
- req = req.WithContext(ctx)
+ req, _ = http.NewRequest(http.MethodPost, webAdminProfilePath, bytes.NewBuffer([]byte(form.Encode())))
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token))
+ req.Header.Set("Cookie", fmt.Sprintf("jwt=%v", token["access_token"]))
server.handleWebAdminProfilePost(rr, req)
assert.Equal(t, http.StatusForbidden, rr.Code)
- assert.Contains(t, rr.Body.String(), util.I18nErrorInvalidToken)
}
func TestTLSReq(t *testing.T) {
@@ -3302,14 +2785,12 @@ func TestSigningKey(t *testing.T) {
server1 := httpdServer{
signingPassphrase: signingPassphrase,
}
- err := server1.initializeRouter()
- require.NoError(t, err)
+ server1.initializeRouter()
server2 := httpdServer{
signingPassphrase: signingPassphrase,
}
- err = server2.initializeRouter()
- require.NoError(t, err)
+ server2.initializeRouter()
user := dataprovider.User{
BaseUser: sdk.BaseUser{
@@ -3317,17 +2798,18 @@ func TestSigningKey(t *testing.T) {
Password: "pwd",
},
}
- c := &jwt.Claims{
+ c := jwtTokenClaims{
Username: user.Username,
Permissions: nil,
+ Signature: user.GetSignature(),
}
- c.Subject = user.GetSignature()
- token, err := server1.tokenAuth.SignWithParams(c, tokenAudienceWebClient, "", getTokenDuration(tokenAudienceWebClient))
+ token, err := c.createTokenResponse(server1.tokenAuth, tokenAudienceWebClient, "")
assert.NoError(t, err)
- assert.NotEmpty(t, token)
- _, err = jwt.VerifyToken(server1.tokenAuth, token)
+ accessToken := token["access_token"].(string)
+ assert.NotEmpty(t, accessToken)
+ _, err = server1.tokenAuth.Decode(accessToken)
assert.NoError(t, err)
- _, err = jwt.VerifyToken(server2.tokenAuth, token)
+ _, err = server2.tokenAuth.Decode(accessToken)
assert.NoError(t, err)
}
@@ -3456,15 +2938,11 @@ func TestSecureMiddlewareIntegration(t *testing.T) {
Value: "https",
},
},
- STSSeconds: 31536000,
- STSIncludeSubdomains: true,
- STSPreload: true,
- ContentTypeNosniff: true,
- CacheControl: "private",
- CrossOriginOpenerPolicy: "same-origin",
- CrossOriginResourcePolicy: "same-site",
- CrossOriginEmbedderPolicy: "require-corp",
- ReferrerPolicy: "no-referrer",
+ STSSeconds: 31536000,
+ STSIncludeSubdomains: true,
+ STSPreload: true,
+ ContentTypeNosniff: true,
+ CacheControl: "private",
},
},
enableWebAdmin: true,
@@ -3476,8 +2954,7 @@ func TestSecureMiddlewareIntegration(t *testing.T) {
assert.NoError(t, err)
assert.Equal(t, []string{forwardedHostHeader, xForwardedProto}, server.binding.Security.proxyHeaders)
assert.Equal(t, map[string]string{xForwardedProto: "https"}, server.binding.Security.getHTTPSProxyHeaders())
- err = server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
rr := httptest.NewRecorder()
r, err := http.NewRequest(http.MethodGet, webClientLoginPath, nil)
@@ -3520,10 +2997,6 @@ func TestSecureMiddlewareIntegration(t *testing.T) {
assert.NotEmpty(t, r.Header.Get(forwardedHostHeader))
assert.Equal(t, "max-age=31536000; includeSubDomains; preload", rr.Header().Get("Strict-Transport-Security"))
assert.Equal(t, "nosniff", rr.Header().Get("X-Content-Type-Options"))
- assert.Equal(t, "require-corp", rr.Header().Get("Cross-Origin-Embedder-Policy"))
- assert.Equal(t, "same-origin", rr.Header().Get("Cross-Origin-Opener-Policy"))
- assert.Equal(t, "same-site", rr.Header().Get("Cross-Origin-Resource-Policy"))
- assert.Equal(t, "no-referrer", rr.Header().Get("Referrer-Policy"))
server.binding.Security.Enabled = false
server.binding.Security.updateProxyHeaders()
@@ -3553,8 +3026,7 @@ func TestRESTAPIDisabled(t *testing.T) {
enableWebClient: true,
enableRESTAPI: false,
}
- err := server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
assert.False(t, server.enableRESTAPI)
rr := httptest.NewRecorder()
r, err := http.NewRequest(http.MethodGet, healthzPath, nil)
@@ -3591,34 +3063,26 @@ func TestWebAdminSetupWithInstallCode(t *testing.T) {
enableWebClient: true,
enableRESTAPI: true,
}
- err = server.initializeRouter()
- require.NoError(t, err)
-
- for _, webURL := range []string{"/", webBasePath, webBaseAdminPath, webAdminLoginPath, webClientLoginPath} {
- rr := httptest.NewRecorder()
- r, err := http.NewRequest(http.MethodGet, webURL, nil)
- assert.NoError(t, err)
- server.router.ServeHTTP(rr, r)
- assert.Equal(t, http.StatusFound, rr.Code)
- assert.Equal(t, webAdminSetupPath, rr.Header().Get("Location"))
- }
+ server.initializeRouter()
rr := httptest.NewRecorder()
r, err := http.NewRequest(http.MethodGet, webAdminSetupPath, nil)
assert.NoError(t, err)
server.router.ServeHTTP(rr, r)
assert.Equal(t, http.StatusOK, rr.Code)
- cookie := rr.Header().Get("Set-Cookie")
- r.Header.Set("Cookie", cookie)
- parsedToken, err := jwt.VerifyRequest(server.csrfTokenAuth, r, jwt.TokenFromCookie)
- assert.NoError(t, err)
- ctx := r.Context()
- ctx = jwt.NewContext(ctx, parsedToken, err)
- r = r.WithContext(ctx)
+
+ for _, webURL := range []string{"/", webBasePath, webBaseAdminPath, webAdminLoginPath, webClientLoginPath} {
+ rr = httptest.NewRecorder()
+ r, err = http.NewRequest(http.MethodGet, webURL, nil)
+ assert.NoError(t, err)
+ server.router.ServeHTTP(rr, r)
+ assert.Equal(t, http.StatusFound, rr.Code)
+ assert.Equal(t, webAdminSetupPath, rr.Header().Get("Location"))
+ }
form := make(url.Values)
- csrfToken := createCSRFToken(rr, r, server.csrfTokenAuth, "", webBaseAdminPath)
- form.Set(csrfFormToken, csrfToken)
+ csrfToken := createCSRFToken("")
+ form.Set("_form_token", csrfToken)
form.Set("install_code", installationCode+"5")
form.Set("username", defaultAdminUsername)
form.Set("password", "password")
@@ -3626,8 +3090,6 @@ func TestWebAdminSetupWithInstallCode(t *testing.T) {
rr = httptest.NewRecorder()
r, err = http.NewRequest(http.MethodPost, webAdminSetupPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
- r = r.WithContext(ctx)
- r.Header.Set("Cookie", cookie)
r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
server.router.ServeHTTP(rr, r)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -3639,8 +3101,6 @@ func TestWebAdminSetupWithInstallCode(t *testing.T) {
rr = httptest.NewRecorder()
r, err = http.NewRequest(http.MethodPost, webAdminSetupPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
- r = r.WithContext(ctx)
- r.Header.Set("Cookie", cookie)
r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
server.router.ServeHTTP(rr, r)
assert.Equal(t, http.StatusFound, rr.Code)
@@ -3662,6 +3122,12 @@ func TestWebAdminSetupWithInstallCode(t *testing.T) {
return "5678"
})
+ rr = httptest.NewRecorder()
+ r, err = http.NewRequest(http.MethodGet, webAdminSetupPath, nil)
+ assert.NoError(t, err)
+ server.router.ServeHTTP(rr, r)
+ assert.Equal(t, http.StatusOK, rr.Code)
+
for _, webURL := range []string{"/", webBasePath, webBaseAdminPath, webAdminLoginPath, webClientLoginPath} {
rr = httptest.NewRecorder()
r, err = http.NewRequest(http.MethodGet, webURL, nil)
@@ -3671,22 +3137,9 @@ func TestWebAdminSetupWithInstallCode(t *testing.T) {
assert.Equal(t, webAdminSetupPath, rr.Header().Get("Location"))
}
- rr = httptest.NewRecorder()
- r, err = http.NewRequest(http.MethodGet, webAdminSetupPath, nil)
- assert.NoError(t, err)
- server.router.ServeHTTP(rr, r)
- assert.Equal(t, http.StatusOK, rr.Code)
- cookie = rr.Header().Get("Set-Cookie")
- r.Header.Set("Cookie", cookie)
- parsedToken, err = jwt.VerifyRequest(server.csrfTokenAuth, r, jwt.TokenFromCookie)
- assert.NoError(t, err)
- ctx = r.Context()
- ctx = jwt.NewContext(ctx, parsedToken, err)
- r = r.WithContext(ctx)
-
form = make(url.Values)
- csrfToken = createCSRFToken(rr, r, server.csrfTokenAuth, "", webBaseAdminPath)
- form.Set(csrfFormToken, csrfToken)
+ csrfToken = createCSRFToken("")
+ form.Set("_form_token", csrfToken)
form.Set("install_code", installationCode)
form.Set("username", defaultAdminUsername)
form.Set("password", "password")
@@ -3694,8 +3147,6 @@ func TestWebAdminSetupWithInstallCode(t *testing.T) {
rr = httptest.NewRecorder()
r, err = http.NewRequest(http.MethodPost, webAdminSetupPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
- r = r.WithContext(ctx)
- r.Header.Set("Cookie", cookie)
r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
server.router.ServeHTTP(rr, r)
assert.Equal(t, http.StatusOK, rr.Code)
@@ -3707,8 +3158,6 @@ func TestWebAdminSetupWithInstallCode(t *testing.T) {
rr = httptest.NewRecorder()
r, err = http.NewRequest(http.MethodPost, webAdminSetupPath, bytes.NewBuffer([]byte(form.Encode())))
assert.NoError(t, err)
- r = r.WithContext(ctx)
- r.Header.Set("Cookie", cookie)
r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
server.router.ServeHTTP(rr, r)
assert.Equal(t, http.StatusFound, rr.Code)
@@ -3765,6 +3214,37 @@ func TestDbResetCodeManager(t *testing.T) {
}
}
+func TestDecodeToken(t *testing.T) {
+ nodeID := "nodeID"
+ token := map[string]any{
+ claimUsernameKey: defaultAdminUsername,
+ claimPermissionsKey: []string{dataprovider.PermAdminAny},
+ jwt.SubjectKey: "",
+ claimNodeID: nodeID,
+ claimMustChangePasswordKey: false,
+ claimMustSetSecondFactorKey: true,
+ }
+ c := jwtTokenClaims{}
+ c.Decode(token)
+ assert.Equal(t, defaultAdminUsername, c.Username)
+ assert.Equal(t, nodeID, c.NodeID)
+ assert.False(t, c.MustChangePassword)
+ assert.True(t, c.MustSetTwoFactorAuth)
+
+ token[claimMustChangePasswordKey] = 10
+ c = jwtTokenClaims{}
+ c.Decode(token)
+ assert.False(t, c.MustChangePassword)
+
+ token[claimMustChangePasswordKey] = true
+ c = jwtTokenClaims{}
+ c.Decode(token)
+ assert.True(t, c.MustChangePassword)
+
+ claims := c.asMap()
+ assert.Equal(t, token, claims)
+}
+
func TestEventRoleFilter(t *testing.T) {
defaultVal := "default"
req, err := http.NewRequest(http.MethodGet, fsEventsPath+"?role=role1", nil)
@@ -3895,8 +3375,7 @@ func TestHTTPSRedirect(t *testing.T) {
},
},
}
- err = server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
rr := httptest.NewRecorder()
r, err := http.NewRequest(http.MethodGet, path.Join(acmeChallengeURI, tokenName), nil)
@@ -3935,118 +3414,6 @@ func TestHTTPSRedirect(t *testing.T) {
assert.NoError(t, err)
}
-func TestDisabledAdminLoginMethods(t *testing.T) {
- server := httpdServer{
- binding: Binding{
- Address: "",
- Port: 8080,
- EnableWebAdmin: true,
- EnableWebClient: true,
- EnableRESTAPI: true,
- DisabledLoginMethods: 20,
- },
- enableWebAdmin: true,
- enableWebClient: true,
- enableRESTAPI: true,
- }
- err := server.initializeRouter()
- require.NoError(t, err)
- testServer := httptest.NewServer(server.router)
- defer testServer.Close()
-
- rr := httptest.NewRecorder()
- req, err := http.NewRequest(http.MethodGet, tokenPath, nil)
- require.NoError(t, err)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusNotFound, rr.Code)
-
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodPost, path.Join(adminPath, defaultAdminUsername, "forgot-password"), nil)
- require.NoError(t, err)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusNotFound, rr.Code)
-
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodPost, path.Join(adminPath, defaultAdminUsername, "reset-password"), nil)
- require.NoError(t, err)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusNotFound, rr.Code)
-
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodPost, webAdminLoginPath, nil)
- require.NoError(t, err)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusMethodNotAllowed, rr.Code)
-
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodPost, webAdminResetPwdPath, nil)
- require.NoError(t, err)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusNotFound, rr.Code)
-
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodPost, webAdminForgotPwdPath, nil)
- require.NoError(t, err)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusNotFound, rr.Code)
-}
-
-func TestDisabledUserLoginMethods(t *testing.T) {
- server := httpdServer{
- binding: Binding{
- Address: "",
- Port: 8080,
- EnableWebAdmin: true,
- EnableWebClient: true,
- EnableRESTAPI: true,
- DisabledLoginMethods: 40,
- },
- enableWebAdmin: true,
- enableWebClient: true,
- enableRESTAPI: true,
- }
- err := server.initializeRouter()
- require.NoError(t, err)
- testServer := httptest.NewServer(server.router)
- defer testServer.Close()
-
- rr := httptest.NewRecorder()
- req, err := http.NewRequest(http.MethodGet, userTokenPath, nil)
- require.NoError(t, err)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusNotFound, rr.Code)
-
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodPost, userPath+"/user/forgot-password", nil)
- require.NoError(t, err)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusNotFound, rr.Code)
-
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodPost, userPath+"/user/reset-password", nil)
- require.NoError(t, err)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusNotFound, rr.Code)
-
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodPost, webClientLoginPath, nil)
- require.NoError(t, err)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusMethodNotAllowed, rr.Code)
-
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodPost, webClientResetPwdPath, nil)
- require.NoError(t, err)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusNotFound, rr.Code)
-
- rr = httptest.NewRecorder()
- req, err = http.NewRequest(http.MethodPost, webClientForgotPwdPath, nil)
- require.NoError(t, err)
- testServer.Config.Handler.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusNotFound, rr.Code)
-}
-
func TestGetLogEventString(t *testing.T) {
assert.Equal(t, "Login failed", getLogEventString(notifier.LogEventTypeLoginFailed))
assert.Equal(t, "Login with non-existent user", getLogEventString(notifier.LogEventTypeLoginNoUser))
@@ -4214,153 +3581,6 @@ func TestI18NErrors(t *testing.T) {
assert.Equal(t, `{"a":"b"}`, errI18n.Args())
}
-func TestConvertEnabledLoginMethods(t *testing.T) {
- b := Binding{
- EnabledLoginMethods: 0,
- DisabledLoginMethods: 1,
- }
- b.convertLoginMethods()
- assert.Equal(t, 1, b.DisabledLoginMethods)
- b.DisabledLoginMethods = 0
- b.EnabledLoginMethods = 1
- b.convertLoginMethods()
- assert.Equal(t, 14, b.DisabledLoginMethods)
- b.DisabledLoginMethods = 0
- b.EnabledLoginMethods = 2
- b.convertLoginMethods()
- assert.Equal(t, 13, b.DisabledLoginMethods)
- b.DisabledLoginMethods = 0
- b.EnabledLoginMethods = 3
- b.convertLoginMethods()
- assert.Equal(t, 12, b.DisabledLoginMethods)
- b.DisabledLoginMethods = 0
- b.EnabledLoginMethods = 4
- b.convertLoginMethods()
- assert.Equal(t, 11, b.DisabledLoginMethods)
- b.DisabledLoginMethods = 0
- b.EnabledLoginMethods = 7
- b.convertLoginMethods()
- assert.Equal(t, 8, b.DisabledLoginMethods)
- b.DisabledLoginMethods = 0
- b.EnabledLoginMethods = 15
- b.convertLoginMethods()
- assert.Equal(t, 0, b.DisabledLoginMethods)
-}
-
-func TestValidateBaseURL(t *testing.T) {
- tests := []struct {
- name string
- inputURL string
- expectedURL string
- expectErr bool
- }{
- {
- name: "Valid HTTPS URL",
- inputURL: "https://sftp.example.com",
- expectedURL: "https://sftp.example.com",
- expectErr: false,
- },
- {
- name: "Remove trailing slash",
- inputURL: "https://sftp.example.com/",
- expectedURL: "https://sftp.example.com",
- expectErr: false,
- },
- {
- name: "Remove multiple trailing slashes",
- inputURL: "http://192.168.1.100:8080///",
- expectedURL: "http://192.168.1.100:8080",
- expectErr: false,
- },
- {
- name: "Empty BaseURL (optional case)",
- inputURL: "",
- expectedURL: "",
- expectErr: false,
- },
- {
- name: "Unsupported scheme (FTP)",
- inputURL: "ftp://files.example.com",
- expectErr: true,
- },
- {
- name: "Malformed URL string",
- inputURL: "not-a-url",
- expectErr: true,
- },
- {
- name: "Missing Host",
- inputURL: "https://",
- expectErr: true,
- },
- {
- name: "Preserve path without trailing slash",
- inputURL: "https://example.com/sftp/",
- expectedURL: "https://example.com/sftp",
- expectErr: false,
- },
- }
-
- for _, tt := range tests {
- t.Run(tt.name, func(t *testing.T) {
- b := &Binding{
- BaseURL: tt.inputURL,
- }
-
- err := b.validateBaseURL()
-
- if (err != nil) != tt.expectErr {
- t.Errorf("validateBaseURL() error = %v, expectErr %v", err, tt.expectErr)
- return
- }
-
- if !tt.expectErr && b.BaseURL != tt.expectedURL {
- t.Errorf("validateBaseURL() got = %v, want %v", b.BaseURL, tt.expectedURL)
- }
- })
- }
-}
-
-func getCSRFTokenFromBody(body io.Reader) (string, error) {
- doc, err := html.Parse(body)
- if err != nil {
- return "", err
- }
-
- var csrfToken string
- var f func(*html.Node)
-
- f = func(n *html.Node) {
- if n.Type == html.ElementNode && n.Data == "input" {
- var name, value string
- for _, attr := range n.Attr {
- if attr.Key == "value" {
- value = attr.Val
- }
- if attr.Key == "name" {
- name = attr.Val
- }
- }
- if name == csrfFormToken {
- csrfToken = value
- return
- }
- }
-
- for c := n.FirstChild; c != nil; c = c.NextSibling {
- f(c)
- }
- }
-
- f(doc)
-
- if csrfToken == "" {
- return "", errors.New("CSRF token not found")
- }
-
- return csrfToken, nil
-}
-
func isSharedProviderSupported() bool {
// SQLite shares the implementation with other SQL-based provider but it makes no sense
// to use it outside test cases
diff --git a/internal/httpd/middleware.go b/internal/httpd/middleware.go
index 199fa89f..2feea4ec 100644
--- a/internal/httpd/middleware.go
+++ b/internal/httpd/middleware.go
@@ -20,16 +20,15 @@ import (
"io/fs"
"net/http"
"net/url"
- "slices"
"strings"
- "time"
+ "github.com/go-chi/jwtauth/v5"
+ "github.com/lestrrat-go/jwx/v2/jwt"
"github.com/rs/xid"
"github.com/sftpgo/sdk"
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/util"
)
@@ -48,7 +47,7 @@ func (k *contextKey) String() string {
}
func validateJWTToken(w http.ResponseWriter, r *http.Request, audience tokenAudience) error {
- token, err := jwt.FromContext(r.Context())
+ token, _, err := jwtauth.FromContext(r.Context())
var redirectPath string
if audience == tokenAudienceWebAdmin {
@@ -70,48 +69,52 @@ func validateJWTToken(w http.ResponseWriter, r *http.Request, audience tokenAudi
}
}
- if err != nil {
+ if err != nil || token == nil {
logger.Debug(logSender, "", "error getting jwt token: %v", err)
doRedirect(http.StatusText(http.StatusUnauthorized), err)
return errInvalidToken
}
+ err = jwt.Validate(token)
+ if err != nil {
+ logger.Debug(logSender, "", "error validating jwt token: %v", err)
+ doRedirect(http.StatusText(http.StatusUnauthorized), err)
+ return errInvalidToken
+ }
if isTokenInvalidated(r) {
logger.Debug(logSender, "", "the token has been invalidated")
doRedirect("Your token is no longer valid", nil)
return errInvalidToken
}
// a user with a partial token will be always redirected to the appropriate two factor auth page
- if err := checkPartialAuth(w, r, audience, token.Audience); err != nil {
+ if err := checkPartialAuth(w, r, audience, token.Audience()); err != nil {
return err
}
- if !token.Audience.Contains(audience) {
+ if !util.Contains(token.Audience(), audience) {
logger.Debug(logSender, "", "the token is not valid for audience %q", audience)
doRedirect("Your token audience is not valid", nil)
return errInvalidToken
}
- ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := validateIPForToken(token, ipAddr); err != nil {
- logger.Debug(logSender, "", "the token with id %q is not valid for the ip address %q", token.ID, ipAddr)
- doRedirect("Your token is not valid", nil)
- return err
- }
- if err := checkTokenSignature(r, token); err != nil {
- doRedirect("Your token is no longer valid", nil)
- return err
+ if tokenValidationMode != tokenValidationNoIPMatch {
+ ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
+ if !util.Contains(token.Audience(), ipAddr) {
+ logger.Debug(logSender, "", "the token with id %q is not valid for the ip address %q", token.JwtID(), ipAddr)
+ doRedirect("Your token is not valid", nil)
+ return errInvalidToken
+ }
}
return nil
}
func (s *httpdServer) validateJWTPartialToken(w http.ResponseWriter, r *http.Request, audience tokenAudience) error {
- token, err := jwt.FromContext(r.Context())
+ token, _, err := jwtauth.FromContext(r.Context())
var notFoundFunc func(w http.ResponseWriter, r *http.Request, err error)
if audience == tokenAudienceWebAdminPartial {
notFoundFunc = s.renderNotFoundPage
} else {
notFoundFunc = s.renderClientNotFoundPage
}
- if err != nil {
+ if err != nil || token == nil || jwt.Validate(token) != nil {
notFoundFunc(w, r, nil)
return errInvalidToken
}
@@ -119,17 +122,11 @@ func (s *httpdServer) validateJWTPartialToken(w http.ResponseWriter, r *http.Req
notFoundFunc(w, r, nil)
return errInvalidToken
}
- if !token.Audience.Contains(audience) {
- logger.Debug(logSender, "", "the partial token with id %q is not valid for audience %q", token.ID, audience)
+ if !util.Contains(token.Audience(), audience) {
+ logger.Debug(logSender, "", "the token is not valid for audience %q", audience)
notFoundFunc(w, r, nil)
return errInvalidToken
}
- ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := validateIPForToken(token, ipAddr); err != nil {
- logger.Debug(logSender, "", "the partial token with id %q is not valid for the ip address %q", token.ID, ipAddr)
- notFoundFunc(w, r, nil)
- return err
- }
return nil
}
@@ -194,7 +191,7 @@ func jwtAuthenticatorWebClient(next http.Handler) http.Handler {
func (s *httpdServer) checkHTTPUserPerm(perm string) func(next http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- claims, err := jwt.FromContext(r.Context())
+ _, claims, err := jwtauth.FromContext(r.Context())
if err != nil {
if isWebRequest(r) {
s.renderClientBadRequestPage(w, r, err)
@@ -203,8 +200,10 @@ func (s *httpdServer) checkHTTPUserPerm(perm string) func(next http.Handler) htt
}
return
}
+ tokenClaims := jwtTokenClaims{}
+ tokenClaims.Decode(claims)
// for web client perms are negated and not granted
- if claims.HasPerm(perm) {
+ if tokenClaims.hasPerm(perm) {
if isWebRequest(r) {
s.renderClientForbiddenPage(w, r, errors.New("you don't have permission for this action"))
} else {
@@ -221,7 +220,7 @@ func (s *httpdServer) checkHTTPUserPerm(perm string) func(next http.Handler) htt
// checkAuthRequirements checks if the user must set a second factor auth or change the password
func (s *httpdServer) checkAuthRequirements(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- claims, err := jwt.FromContext(r.Context())
+ _, claims, err := jwtauth.FromContext(r.Context())
if err != nil {
if isWebRequest(r) {
if isWebClientRequest(r) {
@@ -234,11 +233,13 @@ func (s *httpdServer) checkAuthRequirements(next http.Handler) http.Handler {
}
return
}
- if claims.MustSetTwoFactorAuth || claims.MustChangePassword {
+ tokenClaims := jwtTokenClaims{}
+ tokenClaims.Decode(claims)
+ if tokenClaims.MustSetTwoFactorAuth || tokenClaims.MustChangePassword {
var err error
- if claims.MustSetTwoFactorAuth {
- if len(claims.RequiredTwoFactorProtocols) > 0 {
- protocols := strings.Join(claims.RequiredTwoFactorProtocols, ", ")
+ if tokenClaims.MustSetTwoFactorAuth {
+ if len(tokenClaims.RequiredTwoFactorProtocols) > 0 {
+ protocols := strings.Join(tokenClaims.RequiredTwoFactorProtocols, ", ")
err = util.NewI18nError(
util.NewGenericError(
fmt.Sprintf("Two-factor authentication requirements not met, please configure two-factor authentication for the following protocols: %v",
@@ -294,10 +295,10 @@ func (s *httpdServer) requireBuiltinLogin(next http.Handler) http.Handler {
})
}
-func (s *httpdServer) checkPerms(perms ...string) func(next http.Handler) http.Handler {
+func (s *httpdServer) checkPerm(perm string) func(next http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- claims, err := jwt.FromContext(r.Context())
+ _, claims, err := jwtauth.FromContext(r.Context())
if err != nil {
if isWebRequest(r) {
s.renderBadRequestPage(w, r, err)
@@ -306,16 +307,16 @@ func (s *httpdServer) checkPerms(perms ...string) func(next http.Handler) http.H
}
return
}
+ tokenClaims := jwtTokenClaims{}
+ tokenClaims.Decode(claims)
- for _, perm := range perms {
- if !claims.HasPerm(perm) {
- if isWebRequest(r) {
- s.renderForbiddenPage(w, r, util.NewI18nError(fs.ErrPermission, util.I18nError403Message))
- } else {
- sendAPIResponse(w, r, nil, http.StatusText(http.StatusForbidden), http.StatusForbidden)
- }
- return
+ if !tokenClaims.hasPerm(perm) {
+ if isWebRequest(r) {
+ s.renderForbiddenPage(w, r, util.NewI18nError(fs.ErrPermission, util.I18nError403Message))
+ } else {
+ sendAPIResponse(w, r, nil, http.StatusText(http.StatusForbidden), http.StatusForbidden)
}
+ return
}
next.ServeHTTP(w, r)
@@ -323,82 +324,70 @@ func (s *httpdServer) checkPerms(perms ...string) func(next http.Handler) http.H
}
}
-func (s *httpdServer) verifyCSRFHeader(next http.Handler) http.Handler {
+func verifyCSRFHeader(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
tokenString := r.Header.Get(csrfHeaderToken)
- token, err := jwt.VerifyToken(s.csrfTokenAuth, tokenString)
+ token, err := jwtauth.VerifyToken(csrfTokenAuth, tokenString)
if err != nil || token == nil {
logger.Debug(logSender, "", "error validating CSRF header: %v", err)
sendAPIResponse(w, r, err, "Invalid token", http.StatusForbidden)
return
}
- if !token.Audience.Contains(tokenAudienceCSRF) {
+ if !util.Contains(token.Audience(), tokenAudienceCSRF) {
logger.Debug(logSender, "", "error validating CSRF header token audience")
sendAPIResponse(w, r, errors.New("the token is not valid"), "", http.StatusForbidden)
return
}
- if err := validateIPForToken(token, util.GetIPFromRemoteAddress(r.RemoteAddr)); err != nil {
- logger.Debug(logSender, "", "error validating CSRF header IP audience")
- sendAPIResponse(w, r, errors.New("the token is not valid"), "", http.StatusForbidden)
- return
- }
- if err := checkCSRFTokenRef(r, token); err != nil {
- sendAPIResponse(w, r, errors.New("the token is not valid"), "", http.StatusForbidden)
- return
+ if tokenValidationMode != tokenValidationNoIPMatch {
+ if !util.Contains(token.Audience(), util.GetIPFromRemoteAddress(r.RemoteAddr)) {
+ logger.Debug(logSender, "", "error validating CSRF header IP audience")
+ sendAPIResponse(w, r, errors.New("the token is not valid"), "", http.StatusForbidden)
+ return
+ }
}
next.ServeHTTP(w, r)
})
}
-func checkNodeToken(tokenAuth *jwt.Signer) func(next http.Handler) http.Handler {
+func checkNodeToken(tokenAuth *jwtauth.JWTAuth) func(next http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- bearer := r.Header.Get(dataprovider.NodeTokenHeader)
- if bearer == "" {
+ token := r.Header.Get(dataprovider.NodeTokenHeader)
+ if token == "" {
next.ServeHTTP(w, r)
return
}
- const prefix = "Bearer "
- if len(bearer) >= len(prefix) && strings.EqualFold(bearer[:len(prefix)], prefix) {
- bearer = bearer[len(prefix):]
+ if len(token) > 7 && strings.ToUpper(token[0:6]) == "BEARER" {
+ token = token[7:]
}
- if invalidatedJWTTokens.Get(bearer) {
- logger.Debug(logSender, "", "the node token has been invalidated")
- sendAPIResponse(w, r, fmt.Errorf("the provided token is not valid"), "", http.StatusUnauthorized)
- return
- }
- claims, err := dataprovider.AuthenticateNodeToken(bearer)
+ admin, role, err := dataprovider.AuthenticateNodeToken(token)
if err != nil {
- logger.Debug(logSender, "", "unable to authenticate node token %q: %v", bearer, err)
+ logger.Debug(logSender, "", "unable to authenticate node token %q: %v", token, err)
sendAPIResponse(w, r, fmt.Errorf("the provided token cannot be authenticated"), "", http.StatusUnauthorized)
return
}
- defer invalidatedJWTTokens.Add(bearer, time.Now().Add(2*time.Minute).UTC())
-
- c := &jwt.Claims{
- Username: claims.Username,
- Permissions: claims.Permissions,
+ c := jwtTokenClaims{
+ Username: admin,
+ Permissions: []string{dataprovider.PermAdminViewConnections, dataprovider.PermAdminCloseConnections},
NodeID: dataprovider.GetNodeName(),
- Role: claims.Role,
+ Role: role,
}
-
- token, err := tokenAuth.SignWithParams(c, tokenAudienceAPI, util.GetIPFromRemoteAddress(r.RemoteAddr), getTokenDuration(tokenAudienceAPI))
+ resp, err := c.createTokenResponse(tokenAuth, tokenAudienceAPI, util.GetIPFromRemoteAddress(r.RemoteAddr))
if err != nil {
sendAPIResponse(w, r, err, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
- resp := c.BuildTokenResponse(token)
- r.Header.Set("Authorization", fmt.Sprintf("Bearer %s", resp.Token))
+ r.Header.Set("Authorization", fmt.Sprintf("Bearer %v", resp["access_token"]))
next.ServeHTTP(w, r)
})
}
}
-func checkAPIKeyAuth(tokenAuth *jwt.Signer, scope dataprovider.APIKeyScope) func(next http.Handler) http.Handler {
+func checkAPIKeyAuth(tokenAuth *jwtauth.JWTAuth, scope dataprovider.APIKeyScope) func(next http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
apiKey := r.Header.Get("X-SFTPGO-API-KEY")
@@ -422,7 +411,7 @@ func checkAPIKeyAuth(tokenAuth *jwt.Signer, scope dataprovider.APIKeyScope) func
k, err := dataprovider.APIKeyExists(keyID)
if err != nil {
handleDefenderEventLoginFailed(util.GetIPFromRemoteAddress(r.RemoteAddr), util.NewRecordNotFoundError("invalid api key")) //nolint:errcheck
- logger.Debug(logSender, "", "invalid api key %q: %v", apiKey, err)
+ logger.Debug(logSender, "invalid api key %q: %v", apiKey, err)
sendAPIResponse(w, r, errors.New("the provided api key is not valid"), "", http.StatusBadRequest)
return
}
@@ -460,7 +449,7 @@ func checkAPIKeyAuth(tokenAuth *jwt.Signer, scope dataprovider.APIKeyScope) func
logger.Debug(logSender, "", "unable to authenticate user %q associated with api key %q: %v",
apiUser, apiKey, err)
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: apiUser}},
- dataprovider.LoginMethodPassword, util.GetIPFromRemoteAddress(r.RemoteAddr), err, r)
+ dataprovider.LoginMethodPassword, util.GetIPFromRemoteAddress(r.RemoteAddr), err)
code := http.StatusUnauthorized
if errors.Is(err, common.ErrInternalFailure) {
code = http.StatusInternalServerError
@@ -470,7 +459,7 @@ func checkAPIKeyAuth(tokenAuth *jwt.Signer, scope dataprovider.APIKeyScope) func
return
}
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: apiUser}},
- dataprovider.LoginMethodPassword, util.GetIPFromRemoteAddress(r.RemoteAddr), nil, r)
+ dataprovider.LoginMethodPassword, util.GetIPFromRemoteAddress(r.RemoteAddr), nil)
}
dataprovider.UpdateAPIKeyLastUse(&k) //nolint:errcheck
@@ -481,7 +470,7 @@ func checkAPIKeyAuth(tokenAuth *jwt.Signer, scope dataprovider.APIKeyScope) func
func forbidAPIKeyAuthentication(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
@@ -495,7 +484,7 @@ func forbidAPIKeyAuthentication(next http.Handler) http.Handler {
})
}
-func authenticateAdminWithAPIKey(username, keyID string, tokenAuth *jwt.Signer, r *http.Request) error {
+func authenticateAdminWithAPIKey(username, keyID string, tokenAuth *jwtauth.JWTAuth, r *http.Request) error {
if username == "" {
return errors.New("the provided key is not associated with any admin and no username was provided")
}
@@ -510,32 +499,31 @@ func authenticateAdminWithAPIKey(username, keyID string, tokenAuth *jwt.Signer,
if err := admin.CanLogin(ipAddr); err != nil {
return err
}
- c := &jwt.Claims{
+ c := jwtTokenClaims{
Username: admin.Username,
Permissions: admin.Permissions,
+ Signature: admin.GetSignature(),
Role: admin.Role,
APIKeyID: keyID,
}
- c.Subject = admin.GetSignature()
- token, err := tokenAuth.SignWithParams(c, tokenAudienceAPI, ipAddr, getTokenDuration(tokenAudienceAPI))
+ resp, err := c.createTokenResponse(tokenAuth, tokenAudienceAPI, ipAddr)
if err != nil {
return err
}
- resp := c.BuildTokenResponse(token)
- r.Header.Set("Authorization", fmt.Sprintf("Bearer %s", resp.Token))
+ r.Header.Set("Authorization", fmt.Sprintf("Bearer %v", resp["access_token"]))
dataprovider.UpdateAdminLastLogin(&admin)
common.DelayLogin(nil)
return nil
}
-func authenticateUserWithAPIKey(username, keyID string, tokenAuth *jwt.Signer, r *http.Request) error {
+func authenticateUserWithAPIKey(username, keyID string, tokenAuth *jwtauth.JWTAuth, r *http.Request) error {
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
protocol := common.ProtocolHTTP
if username == "" {
err := errors.New("the provided key is not associated with any user and no username was provided")
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: username}},
- dataprovider.LoginMethodPassword, ipAddr, err, r)
+ dataprovider.LoginMethodPassword, ipAddr, err)
return err
}
if err := common.Config.ExecutePostConnectHook(ipAddr, protocol); err != nil {
@@ -544,56 +532,55 @@ func authenticateUserWithAPIKey(username, keyID string, tokenAuth *jwt.Signer, r
user, err := dataprovider.GetUserWithGroupSettings(username, "")
if err != nil {
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: username}},
- dataprovider.LoginMethodPassword, ipAddr, err, r)
+ dataprovider.LoginMethodPassword, ipAddr, err)
return err
}
if !user.Filters.AllowAPIKeyAuth {
err := fmt.Errorf("API key authentication disabled for user %q", user.Username)
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err, r)
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err)
return err
}
if err := user.CheckLoginConditions(); err != nil {
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err, r)
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err)
return err
}
connectionID := fmt.Sprintf("%v_%v", protocol, xid.New().String())
- if err := checkHTTPClientUser(&user, r, connectionID, true, false); err != nil {
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err, r)
+ if err := checkHTTPClientUser(&user, r, connectionID, true); err != nil {
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err)
return err
}
defer user.CloseFs() //nolint:errcheck
err = user.CheckFsRoot(connectionID)
if err != nil {
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure, r)
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure)
return common.ErrInternalFailure
}
- c := &jwt.Claims{
+ c := jwtTokenClaims{
Username: user.Username,
Permissions: user.Filters.WebClient,
+ Signature: user.GetSignature(),
Role: user.Role,
APIKeyID: keyID,
}
- c.Subject = user.GetSignature()
- token, err := tokenAuth.SignWithParams(c, tokenAudienceAPIUser, ipAddr, getTokenDuration(tokenAudienceAPIUser))
+ resp, err := c.createTokenResponse(tokenAuth, tokenAudienceAPIUser, ipAddr)
if err != nil {
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure, r)
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure)
return err
}
- resp := c.BuildTokenResponse(token)
- r.Header.Set("Authorization", fmt.Sprintf("Bearer %s", resp.Token))
+ r.Header.Set("Authorization", fmt.Sprintf("Bearer %v", resp["access_token"]))
dataprovider.UpdateLastLogin(&user)
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, nil, r)
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, nil)
return nil
}
func checkPartialAuth(w http.ResponseWriter, r *http.Request, audience string, tokenAudience []string) error {
- if audience == tokenAudienceWebAdmin && slices.Contains(tokenAudience, tokenAudienceWebAdminPartial) {
+ if audience == tokenAudienceWebAdmin && util.Contains(tokenAudience, tokenAudienceWebAdminPartial) {
http.Redirect(w, r, webAdminTwoFactorPath, http.StatusFound)
return errInvalidToken
}
- if audience == tokenAudienceWebClient && slices.Contains(tokenAudience, tokenAudienceWebClientPartial) {
+ if audience == tokenAudienceWebClient && util.Contains(tokenAudience, tokenAudienceWebClientPartial) {
http.Redirect(w, r, webClientTwoFactorPath, http.StatusFound)
return errInvalidToken
}
diff --git a/internal/httpd/oauth2.go b/internal/httpd/oauth2.go
index bb3e7806..88a599d3 100644
--- a/internal/httpd/oauth2.go
+++ b/internal/httpd/oauth2.go
@@ -20,8 +20,6 @@ import (
"sync"
"time"
- "golang.org/x/oauth2"
-
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
"github.com/drakkan/sftpgo/v2/internal/kms"
"github.com/drakkan/sftpgo/v2/internal/logger"
@@ -50,7 +48,6 @@ type oauth2PendingAuth struct {
ClientSecret *kms.Secret `json:"client_secret"`
RedirectURL string `json:"redirect_url"`
IssuedAt int64 `json:"issued_at"`
- Verifier string `json:"verifier"`
}
func newOAuth2PendingAuth(provider int, redirectURL, clientID string, clientSecret *kms.Secret) oauth2PendingAuth {
@@ -61,7 +58,6 @@ func newOAuth2PendingAuth(provider int, redirectURL, clientID string, clientSecr
ClientSecret: clientSecret,
RedirectURL: redirectURL,
IssuedAt: util.GetTimeAsMsSinceEpoch(time.Now()),
- Verifier: oauth2.GenerateVerifier(),
}
}
@@ -136,11 +132,11 @@ func (o *dbOAuth2Manager) addPendingAuth(pendingAuth oauth2PendingAuth) {
}
func (o *dbOAuth2Manager) removePendingAuth(state string) {
- dataprovider.DeleteSharedSession(state, dataprovider.SessionTypeOAuth2Auth) //nolint:errcheck
+ dataprovider.DeleteSharedSession(state) //nolint:errcheck
}
func (o *dbOAuth2Manager) getPendingAuth(state string) (oauth2PendingAuth, error) {
- session, err := dataprovider.GetSharedSession(state, dataprovider.SessionTypeOAuth2Auth)
+ session, err := dataprovider.GetSharedSession(state)
if err != nil {
return oauth2PendingAuth{}, errors.New("oauth2: unable to get the auth request for the specified state")
}
diff --git a/internal/httpd/oauth2_test.go b/internal/httpd/oauth2_test.go
index 0e488136..a676905d 100644
--- a/internal/httpd/oauth2_test.go
+++ b/internal/httpd/oauth2_test.go
@@ -86,7 +86,7 @@ func TestDbOAuth2Manager(t *testing.T) {
a, err := m.getPendingAuth(auth.State)
assert.NoError(t, err)
assert.Equal(t, sdkkms.SecretStatusPlain, a.ClientSecret.GetStatus())
- session, err := dataprovider.GetSharedSession(auth.State, dataprovider.SessionTypeOAuth2Auth)
+ session, err := dataprovider.GetSharedSession(auth.State)
assert.NoError(t, err)
authReq := oauth2PendingAuth{}
err = json.Unmarshal(session.Data.([]byte), &authReq)
@@ -107,10 +107,10 @@ func TestDbOAuth2Manager(t *testing.T) {
m.addPendingAuth(auth)
_, err = m.getPendingAuth(auth.State)
assert.Error(t, err)
- _, err = dataprovider.GetSharedSession(auth.State, dataprovider.SessionTypeOAuth2Auth)
+ _, err = dataprovider.GetSharedSession(auth.State)
assert.NoError(t, err)
m.cleanup()
- _, err = dataprovider.GetSharedSession(auth.State, dataprovider.SessionTypeOAuth2Auth)
+ _, err = dataprovider.GetSharedSession(auth.State)
assert.Error(t, err)
_, err = m.decodePendingAuthData("not a byte array")
require.Error(t, err)
@@ -126,7 +126,7 @@ func TestDbOAuth2Manager(t *testing.T) {
}
auth.ClientSecret.SetStatus(sdkkms.SecretStatusSecretBox)
m.addPendingAuth(auth)
- _, err = dataprovider.GetSharedSession(auth.State, dataprovider.SessionTypeOAuth2Auth)
+ _, err = dataprovider.GetSharedSession(auth.State)
assert.Error(t, err)
asJSON, err := json.Marshal(auth)
assert.NoError(t, err)
diff --git a/internal/httpd/oidc.go b/internal/httpd/oidc.go
index 7c43fac5..93068387 100644
--- a/internal/httpd/oidc.go
+++ b/internal/httpd/oidc.go
@@ -20,7 +20,6 @@ import (
"fmt"
"net/http"
"net/url"
- "slices"
"strings"
"time"
@@ -31,7 +30,6 @@ import (
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
"github.com/drakkan/sftpgo/v2/internal/httpclient"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/util"
)
@@ -39,7 +37,7 @@ import (
const (
oidcCookieKey = "oidc"
adminRoleFieldValue = "admin"
- authStateValidity = 2 * 60 * 1000 // 2 minutes
+ authStateValidity = 1 * 60 * 1000 // 1 minute
tokenUpdateInterval = 3 * 60 * 1000 // 3 minutes
tokenDeleteInterval = 2 * 3600 * 1000 // 2 hours
)
@@ -144,7 +142,7 @@ func (o *OIDC) initialize() error {
if o.RedirectBaseURL == "" {
return errors.New("oidc: redirect base URL cannot be empty")
}
- if !slices.Contains(o.Scopes, oidc.ScopeOpenID) {
+ if !util.Contains(o.Scopes, oidc.ScopeOpenID) {
return fmt.Errorf("oidc: required scope %q is not set", oidc.ScopeOpenID)
}
if o.ClientSecretFile != "" {
@@ -200,7 +198,6 @@ type oidcPendingAuth struct {
Nonce string `json:"nonce"`
Audience tokenAudience `json:"audience"`
IssuedAt int64 `json:"issued_at"`
- Verifier string `json:"verifier"`
}
func newOIDCPendingAuth(audience tokenAudience) oidcPendingAuth {
@@ -209,29 +206,25 @@ func newOIDCPendingAuth(audience tokenAudience) oidcPendingAuth {
Nonce: util.GenerateOpaqueString(),
Audience: audience,
IssuedAt: util.GetTimeAsMsSinceEpoch(time.Now()),
- Verifier: oauth2.GenerateVerifier(),
}
}
type oidcToken struct {
- AccessToken string `json:"access_token"`
- TokenType string `json:"token_type,omitempty"`
- RefreshToken string `json:"refresh_token,omitempty"`
- ExpiresAt int64 `json:"expires_at,omitempty"`
- SessionID string `json:"session_id"`
- IDToken string `json:"id_token"`
- Nonce string `json:"nonce"`
- Username string `json:"username"`
- Permissions []string `json:"permissions"`
- HideUserPageSections int `json:"hide_user_page_sections,omitempty"`
- MustSetTwoFactorAuth bool `json:"must_set_2fa,omitempty"`
- MustChangePassword bool `json:"must_change_password,omitempty"`
- RequiredTwoFactorProtocols []string `json:"required_two_factor_protocols,omitempty"`
- TokenRole string `json:"token_role,omitempty"` // SFTPGo role name
- Role any `json:"role"` // oidc user role: SFTPGo user or admin
- CustomFields *map[string]any `json:"custom_fields,omitempty"`
- Cookie string `json:"cookie"`
- UsedAt int64 `json:"used_at"`
+ AccessToken string `json:"access_token"`
+ TokenType string `json:"token_type,omitempty"`
+ RefreshToken string `json:"refresh_token,omitempty"`
+ ExpiresAt int64 `json:"expires_at,omitempty"`
+ SessionID string `json:"session_id"`
+ IDToken string `json:"id_token"`
+ Nonce string `json:"nonce"`
+ Username string `json:"username"`
+ Permissions []string `json:"permissions"`
+ HideUserPageSections int `json:"hide_user_page_sections,omitempty"`
+ TokenRole string `json:"token_role,omitempty"` // SFTPGo role name
+ Role any `json:"role"` // oidc user role: SFTPGo user or admin
+ CustomFields *map[string]any `json:"custom_fields,omitempty"`
+ Cookie string `json:"cookie"`
+ UsedAt int64 `json:"used_at"`
}
func (t *oidcToken) parseClaims(claims map[string]any, usernameField, roleField string, customFields []string,
@@ -399,14 +392,11 @@ func (t *oidcToken) refreshUser(r *http.Request) error {
if err := user.CheckLoginConditions(); err != nil {
return err
}
- if err := checkHTTPClientUser(&user, r, xid.New().String(), true, false); err != nil {
+ if err := checkHTTPClientUser(&user, r, xid.New().String(), true); err != nil {
return err
}
t.Permissions = user.Filters.WebClient
t.TokenRole = user.Role
- t.MustSetTwoFactorAuth = user.MustSetSecondFactor()
- t.MustChangePassword = user.MustChangePassword()
- t.RequiredTwoFactorProtocols = user.Filters.TwoFactorAuthProtocols
return nil
}
@@ -455,32 +445,29 @@ func (t *oidcToken) getUser(r *http.Request) error {
user = &u
}
if err := common.Config.ExecutePostConnectHook(ipAddr, common.ProtocolOIDC); err != nil {
- updateLoginMetrics(user, dataprovider.LoginMethodIDP, ipAddr, err, r)
+ updateLoginMetrics(user, dataprovider.LoginMethodIDP, ipAddr, err)
return fmt.Errorf("access denied: %w", err)
}
if err := user.CheckLoginConditions(); err != nil {
- updateLoginMetrics(user, dataprovider.LoginMethodIDP, ipAddr, err, r)
+ updateLoginMetrics(user, dataprovider.LoginMethodIDP, ipAddr, err)
return err
}
connectionID := fmt.Sprintf("%s_%s", common.ProtocolOIDC, xid.New().String())
- if err := checkHTTPClientUser(user, r, connectionID, true, true); err != nil {
- updateLoginMetrics(user, dataprovider.LoginMethodIDP, ipAddr, err, r)
+ if err := checkHTTPClientUser(user, r, connectionID, true); err != nil {
+ updateLoginMetrics(user, dataprovider.LoginMethodIDP, ipAddr, err)
return err
}
defer user.CloseFs() //nolint:errcheck
err = user.CheckFsRoot(connectionID)
if err != nil {
logger.Warn(logSender, connectionID, "unable to check fs root: %v", err)
- updateLoginMetrics(user, dataprovider.LoginMethodIDP, ipAddr, common.ErrInternalFailure, r)
+ updateLoginMetrics(user, dataprovider.LoginMethodIDP, ipAddr, common.ErrInternalFailure)
return err
}
- updateLoginMetrics(user, dataprovider.LoginMethodIDP, ipAddr, nil, r)
+ updateLoginMetrics(user, dataprovider.LoginMethodIDP, ipAddr, nil)
dataprovider.UpdateLastLogin(user)
t.Permissions = user.Filters.WebClient
t.TokenRole = user.Role
- t.MustSetTwoFactorAuth = user.MustSetSecondFactor()
- t.MustChangePassword = user.MustChangePassword()
- t.RequiredTwoFactorProtocols = user.Filters.TwoFactorAuthProtocols
return nil
}
@@ -554,20 +541,13 @@ func (s *httpdServer) oidcTokenAuthenticator(audience tokenAudience) func(next h
if err != nil {
return
}
- claims := jwt.Claims{
- Username: dataprovider.ConvertName(token.Username),
+ jwtTokenClaims := jwtTokenClaims{
+ Username: token.Username,
Permissions: token.Permissions,
Role: token.TokenRole,
HideUserPageSections: token.HideUserPageSections,
}
- claims.ID = token.Cookie
- if audience == tokenAudienceWebClient {
- claims.MustSetTwoFactorAuth = token.MustSetTwoFactorAuth
- claims.MustChangePassword = token.MustChangePassword
- claims.RequiredTwoFactorProtocols = token.RequiredTwoFactorProtocols
- }
- tokenString, err := s.tokenAuth.SignWithParams(&claims, audience, util.GetIPFromRemoteAddress(r.RemoteAddr),
- getTokenDuration(audience))
+ _, tokenString, err := jwtTokenClaims.createToken(s.tokenAuth, audience, util.GetIPFromRemoteAddress(r.RemoteAddr))
if err != nil {
setFlashMessage(w, r, newFlashMessage("Unable to create cookie", util.I18nError500Message))
if audience == tokenAudienceWebAdmin {
@@ -597,7 +577,7 @@ func (s *httpdServer) oidcLoginRedirect(w http.ResponseWriter, r *http.Request,
pendingAuth := newOIDCPendingAuth(audience)
oidcMgr.addPendingAuth(pendingAuth)
http.Redirect(w, r, s.binding.OIDC.oauth2Config.AuthCodeURL(pendingAuth.State,
- oidc.Nonce(pendingAuth.Nonce), oauth2.S256ChallengeOption(pendingAuth.Verifier)), http.StatusFound)
+ oidc.Nonce(pendingAuth.Nonce)), http.StatusFound)
}
func (s *httpdServer) debugTokenClaims(claims map[string]any, rawIDToken string) {
@@ -636,8 +616,7 @@ func (s *httpdServer) handleOIDCRedirect(w http.ResponseWriter, r *http.Request)
ctx, cancel := context.WithTimeout(r.Context(), 20*time.Second)
defer cancel()
- oauth2Token, err := s.binding.OIDC.oauth2Config.Exchange(ctx, r.URL.Query().Get("code"),
- oauth2.VerifierOption(authReq.Verifier))
+ oauth2Token, err := s.binding.OIDC.oauth2Config.Exchange(ctx, r.URL.Query().Get("code"))
if err != nil {
logger.Debug(logSender, "", "failed to exchange oidc token: %v", err)
setFlashMessage(w, r, newFlashMessage("Failed to exchange OpenID token", util.I18nOIDCErrTokenExchange))
@@ -812,7 +791,7 @@ func removeOIDCCookie(w http.ResponseWriter, r *http.Request) {
func canSkipOIDCValidation(r *http.Request) bool {
_, err := r.Cookie(oidcCookieKey)
if err != nil {
- _, err = r.Cookie(jwt.CookieKey)
+ _, err = r.Cookie(jwtCookieKey)
return err == nil
}
return false
diff --git a/internal/httpd/oidc_test.go b/internal/httpd/oidc_test.go
index 4a14c76c..636c9cfa 100644
--- a/internal/httpd/oidc_test.go
+++ b/internal/httpd/oidc_test.go
@@ -32,6 +32,8 @@ import (
"unsafe"
"github.com/coreos/go-oidc/v3/oidc"
+ "github.com/go-chi/jwtauth/v5"
+ "github.com/lestrrat-go/jwx/v2/jwa"
"github.com/rs/xid"
"github.com/sftpgo/sdk"
"github.com/stretchr/testify/assert"
@@ -40,7 +42,6 @@ import (
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/kms"
"github.com/drakkan/sftpgo/v2/internal/util"
"github.com/drakkan/sftpgo/v2/internal/vfs"
@@ -135,15 +136,12 @@ func TestOIDCInitialization(t *testing.T) {
}
func TestOIDCLoginLogout(t *testing.T) {
- tokenValidationMode = 2
-
oidcMgr, ok := oidcMgr.(*memoryOIDCManager)
require.True(t, ok)
server := getTestOIDCServer()
err := server.binding.OIDC.initialize()
assert.NoError(t, err)
- err = server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
rr := httptest.NewRecorder()
r, err := http.NewRequest(http.MethodGet, webOIDCRedirectPath, nil)
@@ -555,8 +553,6 @@ func TestOIDCLoginLogout(t *testing.T) {
assert.NoError(t, err)
err = dataprovider.DeleteUser(username, "", "", "")
assert.NoError(t, err)
-
- tokenValidationMode = 0
}
func TestOIDCRefreshToken(t *testing.T) {
@@ -769,8 +765,7 @@ func TestValidateOIDCToken(t *testing.T) {
server := getTestOIDCServer()
err := server.binding.OIDC.initialize()
assert.NoError(t, err)
- err = server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
rr := httptest.NewRecorder()
r, err := http.NewRequest(http.MethodGet, webClientLogoutPath, nil)
@@ -798,7 +793,7 @@ func TestValidateOIDCToken(t *testing.T) {
oidcMgr.removeToken(token.Cookie)
assert.Len(t, oidcMgr.tokens, 0)
- server.tokenAuth.SetSigner(&failingJoseSigner{})
+ server.tokenAuth = jwtauth.New("PS256", util.GenerateRandomBytes(32), nil)
token = oidcToken{
Cookie: util.GenerateOpaqueString(),
AccessToken: util.GenerateUniqueID(),
@@ -835,17 +830,16 @@ func TestSkipOIDCAuth(t *testing.T) {
server := getTestOIDCServer()
err := server.binding.OIDC.initialize()
assert.NoError(t, err)
- err = server.initializeRouter()
- require.NoError(t, err)
-
- claims := jwt.NewClaims(tokenAudienceWebClient, "", getTokenDuration(tokenAudienceWebClient))
- claims.Username = "user"
- tokenString, err := server.tokenAuth.Sign(claims)
+ server.initializeRouter()
+ jwtTokenClaims := jwtTokenClaims{
+ Username: "user",
+ }
+ _, tokenString, err := jwtTokenClaims.createToken(server.tokenAuth, tokenAudienceWebClient, "")
assert.NoError(t, err)
rr := httptest.NewRecorder()
r, err := http.NewRequest(http.MethodGet, webClientLogoutPath, nil)
assert.NoError(t, err)
- r.Header.Set("Cookie", fmt.Sprintf("%v=%v", jwt.CookieKey, tokenString))
+ r.Header.Set("Cookie", fmt.Sprintf("%v=%v", jwtCookieKey, tokenString))
server.router.ServeHTTP(rr, r)
assert.Equal(t, http.StatusFound, rr.Code)
assert.Equal(t, webClientLoginPath, rr.Header().Get("Location"))
@@ -909,8 +903,7 @@ func TestOIDCToken(t *testing.T) {
},
Filters: dataprovider.UserFilters{
BaseUserFilters: sdk.BaseUserFilters{
- DeniedProtocols: []string{common.ProtocolHTTP},
- DeniedLoginMethods: []string{dataprovider.LoginMethodPassword},
+ DeniedProtocols: []string{common.ProtocolHTTP},
},
},
}
@@ -971,8 +964,7 @@ func TestOIDCImplicitRoles(t *testing.T) {
server.binding.OIDC.ImplicitRoles = true
err := server.binding.OIDC.initialize()
assert.NoError(t, err)
- err = server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
authReq := newOIDCPendingAuth(tokenAudienceWebAdmin)
oidcMgr.addPendingAuth(authReq)
@@ -1098,7 +1090,7 @@ func TestMemoryOIDCManager(t *testing.T) {
assert.NoError(t, err)
oidcMgr.removePendingAuth(authReq.State)
require.Len(t, oidcMgr.pendingAuths, 0)
- authReq.IssuedAt = util.GetTimeAsMsSinceEpoch(time.Now().Add(-600 * time.Second))
+ authReq.IssuedAt = util.GetTimeAsMsSinceEpoch(time.Now().Add(-61 * time.Second))
oidcMgr.addPendingAuth(authReq)
require.Len(t, oidcMgr.pendingAuths, 1)
_, err = oidcMgr.getPendingAuth(authReq.State)
@@ -1184,20 +1176,20 @@ func TestOIDCEvMgrIntegration(t *testing.T) {
err = dataprovider.Initialize(newProviderConf, configDir, true)
assert.NoError(t, err)
// add a special chars to check json replacer
- username := `test_'oidc_eventmanager`
+ username := `test_"oidc_eventmanager`
u := map[string]any{
- "username": "{{.Name}}",
+ "username": "{{Name}}",
"status": 1,
- "home_dir": filepath.Join(os.TempDir(), "{{.IDPFieldcustom1.sub}}"),
+ "home_dir": filepath.Join(os.TempDir(), "{{IDPFieldcustom1.sub}}"),
"permissions": map[string][]string{
"/": {dataprovider.PermAny},
},
- "description": "{{.IDPFieldcustom2}}",
+ "description": "{{IDPFieldcustom2}}",
}
userTmpl, err := json.Marshal(u)
require.NoError(t, err)
a := map[string]any{
- "username": "{{.Name}}",
+ "username": "{{Name}}",
"status": 1,
"permissions": []string{dataprovider.PermAdminAny},
}
@@ -1245,8 +1237,7 @@ func TestOIDCEvMgrIntegration(t *testing.T) {
server.binding.OIDC.CustomFields = []string{"custom1.sub", "custom2"}
err = server.binding.OIDC.initialize()
assert.NoError(t, err)
- err = server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
// login a user with OIDC
_, err = dataprovider.UserExists(username, "")
assert.ErrorIs(t, err, util.ErrNotFound)
@@ -1383,8 +1374,7 @@ func TestOIDCPreLoginHook(t *testing.T) {
server.binding.OIDC.CustomFields = []string{"field1", "field2"}
err = server.binding.OIDC.initialize()
assert.NoError(t, err)
- err = server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
_, err = dataprovider.UserExists(username, "")
assert.ErrorIs(t, err, util.ErrNotFound)
@@ -1555,13 +1545,12 @@ func TestOIDCWithLoginFormsDisabled(t *testing.T) {
server := getTestOIDCServer()
server.binding.OIDC.ImplicitRoles = true
- server.binding.DisabledLoginMethods = 12
+ server.binding.EnabledLoginMethods = 3
server.binding.EnableWebAdmin = true
server.binding.EnableWebClient = true
err := server.binding.OIDC.initialize()
assert.NoError(t, err)
- err = server.initializeRouter()
- require.NoError(t, err)
+ server.initializeRouter()
// login with an admin user
authReq := newOIDCPendingAuth(tokenAudienceWebAdmin)
oidcMgr.addPendingAuth(authReq)
@@ -1597,9 +1586,12 @@ func TestOIDCWithLoginFormsDisabled(t *testing.T) {
tokenCookie = k
}
// we should be able to create admins without setting a password
+ if csrfTokenAuth == nil {
+ csrfTokenAuth = jwtauth.New(jwa.HS256.String(), util.GenerateRandomBytes(32), nil)
+ }
adminUsername := "testAdmin"
form := make(url.Values)
- form.Set(csrfFormToken, createCSRFToken(rr, r, server.csrfTokenAuth, tokenCookie, webBaseAdminPath))
+ form.Set(csrfFormToken, createCSRFToken(""))
form.Set("username", adminUsername)
form.Set("password", "")
form.Set("status", "1")
diff --git a/internal/httpd/oidcmanager.go b/internal/httpd/oidcmanager.go
index 79336748..d0acade6 100644
--- a/internal/httpd/oidcmanager.go
+++ b/internal/httpd/oidcmanager.go
@@ -167,11 +167,11 @@ func (o *dbOIDCManager) addPendingAuth(pendingAuth oidcPendingAuth) {
}
func (o *dbOIDCManager) removePendingAuth(state string) {
- dataprovider.DeleteSharedSession(state, dataprovider.SessionTypeOIDCAuth) //nolint:errcheck
+ dataprovider.DeleteSharedSession(state) //nolint:errcheck
}
func (o *dbOIDCManager) getPendingAuth(state string) (oidcPendingAuth, error) {
- session, err := dataprovider.GetSharedSession(state, dataprovider.SessionTypeOIDCAuth)
+ session, err := dataprovider.GetSharedSession(state)
if err != nil {
return oidcPendingAuth{}, errors.New("oidc: unable to get the auth request for the specified state")
}
@@ -204,7 +204,7 @@ func (o *dbOIDCManager) addToken(token oidcToken) {
}
func (o *dbOIDCManager) removeToken(cookie string) {
- dataprovider.DeleteSharedSession(cookie, dataprovider.SessionTypeOIDCToken) //nolint:errcheck
+ dataprovider.DeleteSharedSession(cookie) //nolint:errcheck
}
func (o *dbOIDCManager) updateTokenUsage(token oidcToken) {
@@ -215,7 +215,7 @@ func (o *dbOIDCManager) updateTokenUsage(token oidcToken) {
}
func (o *dbOIDCManager) getToken(cookie string) (oidcToken, error) {
- session, err := dataprovider.GetSharedSession(cookie, dataprovider.SessionTypeOIDCToken)
+ session, err := dataprovider.GetSharedSession(cookie)
if err != nil {
return oidcToken{}, errors.New("oidc: unable to get the token for the specified session")
}
diff --git a/internal/httpd/resetcode.go b/internal/httpd/resetcode.go
index 0be7d890..6e680c02 100644
--- a/internal/httpd/resetcode.go
+++ b/internal/httpd/resetcode.go
@@ -110,7 +110,7 @@ func (m *dbResetCodeManager) Add(code *resetCode) error {
}
func (m *dbResetCodeManager) Get(code string) (*resetCode, error) {
- session, err := dataprovider.GetSharedSession(code, dataprovider.SessionTypeResetCode)
+ session, err := dataprovider.GetSharedSession(code)
if err != nil {
return nil, err
}
@@ -132,7 +132,7 @@ func (m *dbResetCodeManager) decodeData(data any) (*resetCode, error) {
}
func (m *dbResetCodeManager) Delete(code string) error {
- return dataprovider.DeleteSharedSession(code, dataprovider.SessionTypeResetCode)
+ return dataprovider.DeleteSharedSession(code)
}
func (m *dbResetCodeManager) Cleanup() {
diff --git a/internal/httpd/resources.go b/internal/httpd/resources.go
index 54bc58c9..a68a7167 100644
--- a/internal/httpd/resources.go
+++ b/internal/httpd/resources.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build !bundle
+// +build !bundle
package httpd
diff --git a/internal/httpd/resources_embedded.go b/internal/httpd/resources_embedded.go
index e15bc985..66ac0a8e 100644
--- a/internal/httpd/resources_embedded.go
+++ b/internal/httpd/resources_embedded.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build bundle
+// +build bundle
package httpd
diff --git a/internal/httpd/server.go b/internal/httpd/server.go
index 3fa54c1b..d0f9073e 100644
--- a/internal/httpd/server.go
+++ b/internal/httpd/server.go
@@ -16,7 +16,6 @@ package httpd
import (
"context"
- "crypto/rand"
"crypto/tls"
"crypto/x509"
"errors"
@@ -25,16 +24,15 @@ import (
"net"
"net/http"
"net/url"
- "path"
"path/filepath"
- "slices"
"strings"
"time"
"github.com/go-chi/chi/v5"
"github.com/go-chi/chi/v5/middleware"
+ "github.com/go-chi/jwtauth/v5"
"github.com/go-chi/render"
- "github.com/go-jose/go-jose/v4"
+ "github.com/lestrrat-go/jwx/v2/jwa"
"github.com/rs/cors"
"github.com/rs/xid"
"github.com/sftpgo/sdk"
@@ -43,7 +41,6 @@ import (
"github.com/drakkan/sftpgo/v2/internal/acme"
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/mfa"
"github.com/drakkan/sftpgo/v2/internal/smtp"
@@ -70,8 +67,7 @@ type httpdServer struct {
renderOpenAPI bool
isShared int
router *chi.Mux
- tokenAuth *jwt.Signer
- csrfTokenAuth *jwt.Signer
+ tokenAuth *jwtauth.JWTAuth
signingPassphrase string
cors CorsConfig
}
@@ -100,12 +96,12 @@ func (s *httpdServer) setShared(value int) {
}
func (s *httpdServer) listenAndServe() error {
- if err := s.initializeRouter(); err != nil {
- return err
- }
+ s.initializeRouter()
httpServer := &http.Server{
Handler: s.router,
ReadHeaderTimeout: 30 * time.Second,
+ ReadTimeout: 60 * time.Second,
+ WriteTimeout: 60 * time.Second,
IdleTimeout: 60 * time.Second,
MaxHeaderBytes: 1 << 16, // 64KB
ErrorLog: log.New(&logger.StdLoggerWrapper{Sender: logSender}, "", 0),
@@ -129,11 +125,9 @@ func (s *httpdServer) listenAndServe() error {
httpServer.TLSConfig.ClientAuth = tls.RequireAndVerifyClientCert
httpServer.TLSConfig.VerifyConnection = s.verifyTLSConnection
}
- return util.HTTPListenAndServe(httpServer, s.binding.Address, s.binding.Port, true,
- s.binding.listenerWrapper(), logSender)
+ return util.HTTPListenAndServe(httpServer, s.binding.Address, s.binding.Port, true, logSender)
}
- return util.HTTPListenAndServe(httpServer, s.binding.Address, s.binding.Port, false,
- s.binding.listenerWrapper(), logSender)
+ return util.HTTPListenAndServe(httpServer, s.binding.Address, s.binding.Port, false, logSender)
}
func (s *httpdServer) verifyTLSConnection(state tls.ConnectionState) error {
@@ -170,15 +164,14 @@ func (s *httpdServer) refreshCookie(next http.Handler) http.Handler {
})
}
-func (s *httpdServer) renderClientLoginPage(w http.ResponseWriter, r *http.Request, err *util.I18nError) {
+func (s *httpdServer) renderClientLoginPage(w http.ResponseWriter, r *http.Request, err *util.I18nError, ip string) {
data := loginPage{
commonBasePage: getCommonBasePage(r),
Title: util.I18nLoginTitle,
CurrentURL: webClientLoginPath,
Error: err,
- CSRFToken: createCSRFToken(w, r, s.csrfTokenAuth, rand.Text(), webBaseClientPath),
- Branding: s.binding.webClientBranding(),
- Languages: s.binding.languages(),
+ CSRFToken: createCSRFToken(ip),
+ Branding: s.binding.Branding.WebClient,
FormDisabled: s.binding.isWebClientLoginFormDisabled(),
CheckRedirect: true,
}
@@ -187,7 +180,7 @@ func (s *httpdServer) renderClientLoginPage(w http.ResponseWriter, r *http.Reque
}
if s.binding.showAdminLoginURL() {
data.AltLoginURL = webAdminLoginPath
- data.AltLoginName = s.binding.webAdminBranding().ShortName
+ data.AltLoginName = s.binding.Branding.WebAdmin.ShortName
}
if smtp.IsEnabled() && !data.FormDisabled {
data.ForgotPwdURL = webClientForgotPwdPath
@@ -200,7 +193,8 @@ func (s *httpdServer) renderClientLoginPage(w http.ResponseWriter, r *http.Reque
func (s *httpdServer) handleWebClientLogout(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxLoginBodySize)
- removeCookie(w, r, webBaseClientPath)
+ c := jwtTokenClaims{}
+ c.removeCookie(w, r, webBaseClientPath)
s.logoutOIDCUser(w, r)
http.Redirect(w, r, webClientLoginPath, http.StatusFound)
@@ -212,7 +206,7 @@ func (s *httpdServer) handleWebClientChangePwdPost(w http.ResponseWriter, r *htt
s.renderClientChangePasswordPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm))
return
}
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), util.GetIPFromRemoteAddress(r.RemoteAddr)); err != nil {
s.renderClientForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -232,7 +226,7 @@ func (s *httpdServer) handleClientWebLogin(w http.ResponseWriter, r *http.Reques
return
}
msg := getFlashMessage(w, r)
- s.renderClientLoginPage(w, r, msg.getI18nError())
+ s.renderClientLoginPage(w, r, msg.getI18nError(), util.GetIPFromRemoteAddress(r.RemoteAddr))
}
func (s *httpdServer) handleWebClientLoginPost(w http.ResponseWriter, r *http.Request) {
@@ -240,43 +234,44 @@ func (s *httpdServer) handleWebClientLoginPost(w http.ResponseWriter, r *http.Re
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
if err := r.ParseForm(); err != nil {
- s.renderClientLoginPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm))
+ s.renderClientLoginPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm), ipAddr)
return
}
protocol := common.ProtocolHTTP
username := strings.TrimSpace(r.Form.Get("username"))
- password := r.Form.Get("password")
+ password := strings.TrimSpace(r.Form.Get("password"))
if username == "" || password == "" {
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: username}},
- dataprovider.LoginMethodPassword, ipAddr, common.ErrNoCredentials, r)
+ dataprovider.LoginMethodPassword, ipAddr, common.ErrNoCredentials)
s.renderClientLoginPage(w, r,
- util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials), ipAddr)
return
}
- if err := verifyLoginCookieAndCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: username}},
- dataprovider.LoginMethodPassword, ipAddr, err, r)
- s.renderClientLoginPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
+ dataprovider.LoginMethodPassword, ipAddr, err)
+ s.renderClientLoginPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF), ipAddr)
+ return
}
if err := common.Config.ExecutePostConnectHook(ipAddr, protocol); err != nil {
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: username}},
- dataprovider.LoginMethodPassword, ipAddr, err, r)
- s.renderClientLoginPage(w, r, util.NewI18nError(err, util.I18nError403Message))
+ dataprovider.LoginMethodPassword, ipAddr, err)
+ s.renderClientLoginPage(w, r, util.NewI18nError(err, util.I18nError403Message), ipAddr)
return
}
user, err := dataprovider.CheckUserAndPass(username, password, ipAddr, protocol)
if err != nil {
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err, r)
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err)
s.renderClientLoginPage(w, r,
- util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials), ipAddr)
return
}
connectionID := fmt.Sprintf("%v_%v", protocol, xid.New().String())
- if err := checkHTTPClientUser(&user, r, connectionID, true, false); err != nil {
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err, r)
- s.renderClientLoginPage(w, r, util.NewI18nError(err, util.I18nError403Message))
+ if err := checkHTTPClientUser(&user, r, connectionID, true); err != nil {
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err)
+ s.renderClientLoginPage(w, r, util.NewI18nError(err, util.I18nError403Message), ipAddr)
return
}
@@ -284,8 +279,8 @@ func (s *httpdServer) handleWebClientLoginPost(w http.ResponseWriter, r *http.Re
err = user.CheckFsRoot(connectionID)
if err != nil {
logger.Warn(logSender, connectionID, "unable to check fs root: %v", err)
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure, r)
- s.renderClientLoginPage(w, r, util.NewI18nError(err, util.I18nErrorFsGeneric))
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure)
+ s.renderClientLoginPage(w, r, util.NewI18nError(err, util.I18nErrorFsGeneric), ipAddr)
return
}
s.loginUser(w, r, &user, connectionID, ipAddr, false, s.renderClientLoginPage)
@@ -297,10 +292,10 @@ func (s *httpdServer) handleWebClientPasswordResetPost(w http.ResponseWriter, r
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
err := r.ParseForm()
if err != nil {
- s.renderClientResetPwdPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm))
+ s.renderClientResetPwdPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm), ipAddr)
return
}
- if err := verifyLoginCookieAndCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderClientForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -309,12 +304,12 @@ func (s *httpdServer) handleWebClientPasswordResetPost(w http.ResponseWriter, r
_, user, err := handleResetPassword(r, strings.TrimSpace(r.Form.Get("code")),
newPassword, confirmPassword, false)
if err != nil {
- s.renderClientResetPwdPage(w, r, util.NewI18nError(err, util.I18nErrorChangePwdGeneric))
+ s.renderClientResetPwdPage(w, r, util.NewI18nError(err, util.I18nErrorChangePwdGeneric), ipAddr)
return
}
connectionID := fmt.Sprintf("%v_%v", getProtocolFromRequest(r), xid.New().String())
- if err := checkHTTPClientUser(user, r, connectionID, true, false); err != nil {
- s.renderClientResetPwdPage(w, r, util.NewI18nError(err, util.I18nErrorLoginAfterReset))
+ if err := checkHTTPClientUser(user, r, connectionID, true); err != nil {
+ s.renderClientResetPwdPage(w, r, util.NewI18nError(err, util.I18nErrorLoginAfterReset), ipAddr)
return
}
@@ -322,7 +317,7 @@ func (s *httpdServer) handleWebClientPasswordResetPost(w http.ResponseWriter, r
err = user.CheckFsRoot(connectionID)
if err != nil {
logger.Warn(logSender, connectionID, "unable to check fs root: %v", err)
- s.renderClientResetPwdPage(w, r, util.NewI18nError(err, util.I18nErrorLoginAfterReset))
+ s.renderClientResetPwdPage(w, r, util.NewI18nError(err, util.I18nErrorLoginAfterReset), ipAddr)
return
}
s.loginUser(w, r, user, connectionID, ipAddr, false, s.renderClientResetPwdPage)
@@ -330,25 +325,25 @@ func (s *httpdServer) handleWebClientPasswordResetPost(w http.ResponseWriter, r
func (s *httpdServer) handleWebClientTwoFactorRecoveryPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxLoginBodySize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil {
s.renderNotFoundPage(w, r, nil)
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
if err := r.ParseForm(); err != nil {
- s.renderClientTwoFactorRecoveryPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm))
+ s.renderClientTwoFactorRecoveryPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm), ipAddr)
return
}
username := claims.Username
recoveryCode := strings.TrimSpace(r.Form.Get("recovery_code"))
if username == "" || recoveryCode == "" {
s.renderClientTwoFactorRecoveryPage(w, r,
- util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials), ipAddr)
return
}
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
- s.renderClientTwoFactorRecoveryPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
+ s.renderClientTwoFactorRecoveryPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF), ipAddr)
return
}
user, userMerged, err := dataprovider.GetUserVariants(username, "")
@@ -357,12 +352,12 @@ func (s *httpdServer) handleWebClientTwoFactorRecoveryPost(w http.ResponseWriter
handleDefenderEventLoginFailed(ipAddr, err) //nolint:errcheck
}
s.renderClientTwoFactorRecoveryPage(w, r,
- util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials), ipAddr)
return
}
- if !userMerged.Filters.TOTPConfig.Enabled || !slices.Contains(userMerged.Filters.TOTPConfig.Protocols, common.ProtocolHTTP) {
+ if !userMerged.Filters.TOTPConfig.Enabled || !util.Contains(userMerged.Filters.TOTPConfig.Protocols, common.ProtocolHTTP) {
s.renderClientTwoFactorPage(w, r, util.NewI18nError(
- util.NewValidationError("two factory authentication is not enabled"), util.I18n2FADisabled))
+ util.NewValidationError("two factory authentication is not enabled"), util.I18n2FADisabled), ipAddr)
return
}
for idx, code := range user.Filters.RecoveryCodes {
@@ -373,7 +368,7 @@ func (s *httpdServer) handleWebClientTwoFactorRecoveryPost(w http.ResponseWriter
if code.Secret.GetPayload() == recoveryCode {
if code.Used {
s.renderClientTwoFactorRecoveryPage(w, r,
- util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials), ipAddr)
return
}
user.Filters.RecoveryCodes[idx].Used = true
@@ -391,60 +386,60 @@ func (s *httpdServer) handleWebClientTwoFactorRecoveryPost(w http.ResponseWriter
}
handleDefenderEventLoginFailed(ipAddr, dataprovider.ErrInvalidCredentials) //nolint:errcheck
s.renderClientTwoFactorRecoveryPage(w, r,
- util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials), ipAddr)
}
func (s *httpdServer) handleWebClientTwoFactorPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxLoginBodySize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil {
s.renderNotFoundPage(w, r, nil)
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
if err := r.ParseForm(); err != nil {
- s.renderClientTwoFactorPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm))
+ s.renderClientTwoFactorPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm), ipAddr)
return
}
username := claims.Username
passcode := strings.TrimSpace(r.Form.Get("passcode"))
if username == "" || passcode == "" {
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: username}},
- dataprovider.LoginMethodPassword, ipAddr, common.ErrNoCredentials, r)
+ dataprovider.LoginMethodPassword, ipAddr, common.ErrNoCredentials)
s.renderClientTwoFactorPage(w, r,
- util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials), ipAddr)
return
}
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: username}},
- dataprovider.LoginMethodPassword, ipAddr, err, r)
- s.renderClientTwoFactorPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
+ dataprovider.LoginMethodPassword, ipAddr, err)
+ s.renderClientTwoFactorPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF), ipAddr)
return
}
user, err := dataprovider.GetUserWithGroupSettings(username, "")
if err != nil {
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: username}},
- dataprovider.LoginMethodPassword, ipAddr, err, r)
- s.renderClientTwoFactorPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCredentials))
+ dataprovider.LoginMethodPassword, ipAddr, err)
+ s.renderClientTwoFactorPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCredentials), ipAddr)
return
}
- if !user.Filters.TOTPConfig.Enabled || !slices.Contains(user.Filters.TOTPConfig.Protocols, common.ProtocolHTTP) {
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure, r)
- s.renderClientTwoFactorPage(w, r, util.NewI18nError(common.ErrInternalFailure, util.I18n2FADisabled))
+ if !user.Filters.TOTPConfig.Enabled || !util.Contains(user.Filters.TOTPConfig.Protocols, common.ProtocolHTTP) {
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure)
+ s.renderClientTwoFactorPage(w, r, util.NewI18nError(common.ErrInternalFailure, util.I18n2FADisabled), ipAddr)
return
}
err = user.Filters.TOTPConfig.Secret.Decrypt()
if err != nil {
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure, r)
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure)
s.renderClientInternalServerErrorPage(w, r, err)
return
}
match, err := mfa.ValidateTOTPPasscode(user.Filters.TOTPConfig.ConfigName, passcode,
user.Filters.TOTPConfig.Secret.GetPayload())
if !match || err != nil {
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, dataprovider.ErrInvalidCredentials, r)
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, dataprovider.ErrInvalidCredentials)
s.renderClientTwoFactorPage(w, r,
- util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials), ipAddr)
return
}
connectionID := fmt.Sprintf("%s_%s", getProtocolFromRequest(r), xid.New().String())
@@ -454,24 +449,25 @@ func (s *httpdServer) handleWebClientTwoFactorPost(w http.ResponseWriter, r *htt
func (s *httpdServer) handleWebAdminTwoFactorRecoveryPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxLoginBodySize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil {
s.renderNotFoundPage(w, r, nil)
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
if err := r.ParseForm(); err != nil {
- s.renderTwoFactorRecoveryPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm))
+ s.renderTwoFactorRecoveryPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm), ipAddr)
return
}
username := claims.Username
recoveryCode := strings.TrimSpace(r.Form.Get("recovery_code"))
if username == "" || recoveryCode == "" {
- s.renderTwoFactorRecoveryPage(w, r, util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ s.renderTwoFactorRecoveryPage(w, r, util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials),
+ ipAddr)
return
}
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
- s.renderTwoFactorRecoveryPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
+ s.renderTwoFactorRecoveryPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF), ipAddr)
return
}
admin, err := dataprovider.AdminExists(username)
@@ -479,11 +475,12 @@ func (s *httpdServer) handleWebAdminTwoFactorRecoveryPost(w http.ResponseWriter,
if errors.Is(err, util.ErrNotFound) {
handleDefenderEventLoginFailed(ipAddr, err) //nolint:errcheck
}
- s.renderTwoFactorRecoveryPage(w, r, util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ s.renderTwoFactorRecoveryPage(w, r, util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials),
+ ipAddr)
return
}
if !admin.Filters.TOTPConfig.Enabled {
- s.renderTwoFactorRecoveryPage(w, r, util.NewI18nError(util.NewValidationError("two factory authentication is not enabled"), util.I18n2FADisabled))
+ s.renderTwoFactorRecoveryPage(w, r, util.NewI18nError(util.NewValidationError("two factory authentication is not enabled"), util.I18n2FADisabled), ipAddr)
return
}
for idx, code := range admin.Filters.RecoveryCodes {
@@ -494,7 +491,7 @@ func (s *httpdServer) handleWebAdminTwoFactorRecoveryPost(w http.ResponseWriter,
if code.Secret.GetPayload() == recoveryCode {
if code.Used {
s.renderTwoFactorRecoveryPage(w, r,
- util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials), ipAddr)
return
}
admin.Filters.RecoveryCodes[idx].Used = true
@@ -509,30 +506,32 @@ func (s *httpdServer) handleWebAdminTwoFactorRecoveryPost(w http.ResponseWriter,
}
}
handleDefenderEventLoginFailed(ipAddr, dataprovider.ErrInvalidCredentials) //nolint:errcheck
- s.renderTwoFactorRecoveryPage(w, r, util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ s.renderTwoFactorRecoveryPage(w, r, util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials),
+ ipAddr)
}
func (s *httpdServer) handleWebAdminTwoFactorPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxLoginBodySize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil {
s.renderNotFoundPage(w, r, nil)
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
if err := r.ParseForm(); err != nil {
- s.renderTwoFactorPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm))
+ s.renderTwoFactorPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm), ipAddr)
return
}
username := claims.Username
passcode := strings.TrimSpace(r.Form.Get("passcode"))
if username == "" || passcode == "" {
- s.renderTwoFactorPage(w, r, util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ s.renderTwoFactorPage(w, r, util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials),
+ ipAddr)
return
}
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
- handleDefenderEventLoginFailed(ipAddr, err) //nolint:errcheck
- s.renderTwoFactorPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
+ err = handleDefenderEventLoginFailed(ipAddr, err)
+ s.renderTwoFactorPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF), ipAddr)
return
}
admin, err := dataprovider.AdminExists(username)
@@ -540,11 +539,11 @@ func (s *httpdServer) handleWebAdminTwoFactorPost(w http.ResponseWriter, r *http
if errors.Is(err, util.ErrNotFound) {
handleDefenderEventLoginFailed(ipAddr, err) //nolint:errcheck
}
- s.renderTwoFactorPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCredentials))
+ s.renderTwoFactorPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCredentials), ipAddr)
return
}
if !admin.Filters.TOTPConfig.Enabled {
- s.renderTwoFactorPage(w, r, util.NewI18nError(common.ErrInternalFailure, util.I18n2FADisabled))
+ s.renderTwoFactorPage(w, r, util.NewI18nError(common.ErrInternalFailure, util.I18n2FADisabled), ipAddr)
return
}
err = admin.Filters.TOTPConfig.Secret.Decrypt()
@@ -556,7 +555,8 @@ func (s *httpdServer) handleWebAdminTwoFactorPost(w http.ResponseWriter, r *http
admin.Filters.TOTPConfig.Secret.GetPayload())
if !match || err != nil {
handleDefenderEventLoginFailed(ipAddr, dataprovider.ErrInvalidCredentials) //nolint:errcheck
- s.renderTwoFactorPage(w, r, util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ s.renderTwoFactorPage(w, r, util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials),
+ ipAddr)
return
}
s.loginAdmin(w, r, &admin, true, s.renderTwoFactorPage, ipAddr)
@@ -567,43 +567,44 @@ func (s *httpdServer) handleWebAdminLoginPost(w http.ResponseWriter, r *http.Req
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
if err := r.ParseForm(); err != nil {
- s.renderAdminLoginPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm))
+ s.renderAdminLoginPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm), ipAddr)
return
}
username := strings.TrimSpace(r.Form.Get("username"))
password := strings.TrimSpace(r.Form.Get("password"))
if username == "" || password == "" {
- s.renderAdminLoginPage(w, r, util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ s.renderAdminLoginPage(w, r, util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials),
+ ipAddr)
return
}
- if err := verifyLoginCookieAndCSRFToken(r, s.csrfTokenAuth); err != nil {
- s.renderAdminLoginPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
+ s.renderAdminLoginPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF), ipAddr)
return
}
admin, err := dataprovider.CheckAdminAndPass(username, password, ipAddr)
if err != nil {
handleDefenderEventLoginFailed(ipAddr, err) //nolint:errcheck
- s.renderAdminLoginPage(w, r, util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ s.renderAdminLoginPage(w, r, util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials),
+ ipAddr)
return
}
s.loginAdmin(w, r, &admin, false, s.renderAdminLoginPage, ipAddr)
}
-func (s *httpdServer) renderAdminLoginPage(w http.ResponseWriter, r *http.Request, err *util.I18nError) {
+func (s *httpdServer) renderAdminLoginPage(w http.ResponseWriter, r *http.Request, err *util.I18nError, ip string) {
data := loginPage{
commonBasePage: getCommonBasePage(r),
Title: util.I18nLoginTitle,
CurrentURL: webAdminLoginPath,
Error: err,
- CSRFToken: createCSRFToken(w, r, s.csrfTokenAuth, rand.Text(), webBaseAdminPath),
- Branding: s.binding.webAdminBranding(),
- Languages: s.binding.languages(),
+ CSRFToken: createCSRFToken(ip),
+ Branding: s.binding.Branding.WebAdmin,
FormDisabled: s.binding.isWebAdminLoginFormDisabled(),
CheckRedirect: false,
}
if s.binding.showClientLoginURL() {
data.AltLoginURL = webClientLoginPath
- data.AltLoginName = s.binding.webClientBranding().ShortName
+ data.AltLoginName = s.binding.Branding.WebClient.ShortName
}
if smtp.IsEnabled() && !data.FormDisabled {
data.ForgotPwdURL = webAdminForgotPwdPath
@@ -621,12 +622,13 @@ func (s *httpdServer) handleWebAdminLogin(w http.ResponseWriter, r *http.Request
return
}
msg := getFlashMessage(w, r)
- s.renderAdminLoginPage(w, r, msg.getI18nError())
+ s.renderAdminLoginPage(w, r, msg.getI18nError(), util.GetIPFromRemoteAddress(r.RemoteAddr))
}
func (s *httpdServer) handleWebAdminLogout(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- removeCookie(w, r, webBaseAdminPath)
+ c := jwtTokenClaims{}
+ c.removeCookie(w, r, webBaseAdminPath)
s.logoutOIDCUser(w, r)
http.Redirect(w, r, webAdminLoginPath, http.StatusFound)
@@ -639,7 +641,7 @@ func (s *httpdServer) handleWebAdminChangePwdPost(w http.ResponseWriter, r *http
s.renderChangePasswordPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm))
return
}
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), util.GetIPFromRemoteAddress(r.RemoteAddr)); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -658,10 +660,10 @@ func (s *httpdServer) handleWebAdminPasswordResetPost(w http.ResponseWriter, r *
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
err := r.ParseForm()
if err != nil {
- s.renderResetPwdPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm))
+ s.renderResetPwdPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm), ipAddr)
return
}
- if err := verifyLoginCookieAndCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -670,7 +672,7 @@ func (s *httpdServer) handleWebAdminPasswordResetPost(w http.ResponseWriter, r *
admin, _, err := handleResetPassword(r, strings.TrimSpace(r.Form.Get("code")),
newPassword, confirmPassword, true)
if err != nil {
- s.renderResetPwdPage(w, r, util.NewI18nError(err, util.I18nErrorChangePwdGeneric))
+ s.renderResetPwdPage(w, r, util.NewI18nError(err, util.I18nErrorChangePwdGeneric), ipAddr)
return
}
@@ -686,10 +688,10 @@ func (s *httpdServer) handleWebAdminSetupPost(w http.ResponseWriter, r *http.Req
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
err := r.ParseForm()
if err != nil {
- s.renderAdminSetupPage(w, r, "", util.NewI18nError(err, util.I18nErrorInvalidForm))
+ s.renderAdminSetupPage(w, r, "", ipAddr, util.NewI18nError(err, util.I18nErrorInvalidForm))
return
}
- if err := verifyLoginCookieAndCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -698,7 +700,7 @@ func (s *httpdServer) handleWebAdminSetupPost(w http.ResponseWriter, r *http.Req
confirmPassword := strings.TrimSpace(r.Form.Get("confirm_password"))
installCode := strings.TrimSpace(r.Form.Get("install_code"))
if installationCode != "" && installCode != resolveInstallationCode() {
- s.renderAdminSetupPage(w, r, username,
+ s.renderAdminSetupPage(w, r, username, ipAddr,
util.NewI18nError(
util.NewValidationError(fmt.Sprintf("%v mismatch", installationCodeHint)),
util.I18nErrorSetupInstallCode),
@@ -706,17 +708,17 @@ func (s *httpdServer) handleWebAdminSetupPost(w http.ResponseWriter, r *http.Req
return
}
if username == "" {
- s.renderAdminSetupPage(w, r, username,
+ s.renderAdminSetupPage(w, r, username, ipAddr,
util.NewI18nError(util.NewValidationError("please set a username"), util.I18nError500Message))
return
}
if password == "" {
- s.renderAdminSetupPage(w, r, username,
+ s.renderAdminSetupPage(w, r, username, ipAddr,
util.NewI18nError(util.NewValidationError("please set a password"), util.I18nError500Message))
return
}
if password != confirmPassword {
- s.renderAdminSetupPage(w, r, username,
+ s.renderAdminSetupPage(w, r, username, ipAddr,
util.NewI18nError(errors.New("the two password fields do not match"), util.I18nErrorChangePwdNoMatch))
return
}
@@ -728,7 +730,7 @@ func (s *httpdServer) handleWebAdminSetupPost(w http.ResponseWriter, r *http.Req
}
err = dataprovider.AddAdmin(&admin, username, ipAddr, "")
if err != nil {
- s.renderAdminSetupPage(w, r, username, util.NewI18nError(err, util.I18nError500Message))
+ s.renderAdminSetupPage(w, r, username, ipAddr, util.NewI18nError(err, util.I18nError500Message))
return
}
s.loginAdmin(w, r, &admin, false, nil, ipAddr)
@@ -736,32 +738,34 @@ func (s *httpdServer) handleWebAdminSetupPost(w http.ResponseWriter, r *http.Req
func (s *httpdServer) loginUser(
w http.ResponseWriter, r *http.Request, user *dataprovider.User, connectionID, ipAddr string,
- isSecondFactorAuth bool, errorFunc func(w http.ResponseWriter, r *http.Request, err *util.I18nError),
+ isSecondFactorAuth bool, errorFunc func(w http.ResponseWriter, r *http.Request, err *util.I18nError, ip string),
) {
- c := &jwt.Claims{
+ c := jwtTokenClaims{
Username: user.Username,
Permissions: user.Filters.WebClient,
+ Signature: user.GetSignature(),
Role: user.Role,
MustSetTwoFactorAuth: user.MustSetSecondFactor(),
MustChangePassword: user.MustChangePassword(),
RequiredTwoFactorProtocols: user.Filters.TwoFactorAuthProtocols,
}
- c.Subject = user.GetSignature()
audience := tokenAudienceWebClient
- if user.Filters.TOTPConfig.Enabled && slices.Contains(user.Filters.TOTPConfig.Protocols, common.ProtocolHTTP) &&
+ if user.Filters.TOTPConfig.Enabled && util.Contains(user.Filters.TOTPConfig.Protocols, common.ProtocolHTTP) &&
user.CanManageMFA() && !isSecondFactorAuth {
audience = tokenAudienceWebClientPartial
}
- err := createAndSetCookie(w, r, c, s.tokenAuth, audience, ipAddr)
+ err := c.createAndSetCookie(w, r, s.tokenAuth, audience, ipAddr)
if err != nil {
logger.Warn(logSender, connectionID, "unable to set user login cookie %v", err)
- updateLoginMetrics(user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure, r)
- errorFunc(w, r, util.NewI18nError(err, util.I18nError500Message))
+ updateLoginMetrics(user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure)
+ errorFunc(w, r, util.NewI18nError(err, util.I18nError500Message), ipAddr)
return
}
- invalidateToken(r)
+ if isSecondFactorAuth {
+ invalidateToken(r)
+ }
if audience == tokenAudienceWebClientPartial {
redirectPath := webClientTwoFactorPath
if next := r.URL.Query().Get("next"); strings.HasPrefix(next, webClientFilesPath) {
@@ -770,7 +774,7 @@ func (s *httpdServer) loginUser(
http.Redirect(w, r, redirectPath, http.StatusFound)
return
}
- updateLoginMetrics(user, dataprovider.LoginMethodPassword, ipAddr, err, r)
+ updateLoginMetrics(user, dataprovider.LoginMethodPassword, ipAddr, err)
dataprovider.UpdateLastLogin(user)
if next := r.URL.Query().Get("next"); strings.HasPrefix(next, webClientFilesPath) {
http.Redirect(w, r, next, http.StatusFound)
@@ -781,35 +785,37 @@ func (s *httpdServer) loginUser(
func (s *httpdServer) loginAdmin(
w http.ResponseWriter, r *http.Request, admin *dataprovider.Admin,
- isSecondFactorAuth bool, errorFunc func(w http.ResponseWriter, r *http.Request, err *util.I18nError),
+ isSecondFactorAuth bool, errorFunc func(w http.ResponseWriter, r *http.Request, err *util.I18nError, ip string),
ipAddr string,
) {
- c := &jwt.Claims{
+ c := jwtTokenClaims{
Username: admin.Username,
Permissions: admin.Permissions,
Role: admin.Role,
+ Signature: admin.GetSignature(),
HideUserPageSections: admin.Filters.Preferences.HideUserPageSections,
MustSetTwoFactorAuth: admin.Filters.RequireTwoFactor && !admin.Filters.TOTPConfig.Enabled,
MustChangePassword: admin.Filters.RequirePasswordChange,
}
- c.Subject = admin.GetSignature()
audience := tokenAudienceWebAdmin
if admin.Filters.TOTPConfig.Enabled && admin.CanManageMFA() && !isSecondFactorAuth {
audience = tokenAudienceWebAdminPartial
}
- err := createAndSetCookie(w, r, c, s.tokenAuth, audience, ipAddr)
+ err := c.createAndSetCookie(w, r, s.tokenAuth, audience, ipAddr)
if err != nil {
logger.Warn(logSender, "", "unable to set admin login cookie %v", err)
if errorFunc == nil {
- s.renderAdminSetupPage(w, r, admin.Username, util.NewI18nError(err, util.I18nError500Message))
+ s.renderAdminSetupPage(w, r, admin.Username, ipAddr, util.NewI18nError(err, util.I18nError500Message))
return
}
- errorFunc(w, r, util.NewI18nError(err, util.I18nError500Message))
+ errorFunc(w, r, util.NewI18nError(err, util.I18nError500Message), ipAddr)
return
}
- invalidateToken(r)
+ if isSecondFactorAuth {
+ invalidateToken(r)
+ }
if audience == tokenAudienceWebAdminPartial {
http.Redirect(w, r, webAdminTwoFactorPath, http.StatusFound)
return
@@ -836,52 +842,52 @@ func (s *httpdServer) getUserToken(w http.ResponseWriter, r *http.Request) {
protocol := common.ProtocolHTTP
if !ok {
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: username}},
- dataprovider.LoginMethodPassword, ipAddr, common.ErrNoCredentials, r)
+ dataprovider.LoginMethodPassword, ipAddr, common.ErrNoCredentials)
w.Header().Set(common.HTTPAuthenticationHeader, basicRealm)
sendAPIResponse(w, r, nil, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
- if username == "" || strings.TrimSpace(password) == "" {
+ if username == "" || password == "" {
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: username}},
- dataprovider.LoginMethodPassword, ipAddr, common.ErrNoCredentials, r)
+ dataprovider.LoginMethodPassword, ipAddr, common.ErrNoCredentials)
w.Header().Set(common.HTTPAuthenticationHeader, basicRealm)
sendAPIResponse(w, r, nil, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
if err := common.Config.ExecutePostConnectHook(ipAddr, protocol); err != nil {
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: username}},
- dataprovider.LoginMethodPassword, ipAddr, err, r)
+ dataprovider.LoginMethodPassword, ipAddr, err)
sendAPIResponse(w, r, err, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
}
user, err := dataprovider.CheckUserAndPass(username, password, ipAddr, protocol)
if err != nil {
w.Header().Set(common.HTTPAuthenticationHeader, basicRealm)
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err, r)
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err)
sendAPIResponse(w, r, dataprovider.ErrInvalidCredentials, http.StatusText(http.StatusUnauthorized),
http.StatusUnauthorized)
return
}
connectionID := fmt.Sprintf("%v_%v", protocol, xid.New().String())
- if err := checkHTTPClientUser(&user, r, connectionID, true, false); err != nil {
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err, r)
+ if err := checkHTTPClientUser(&user, r, connectionID, true); err != nil {
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err)
sendAPIResponse(w, r, err, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
}
- if user.Filters.TOTPConfig.Enabled && slices.Contains(user.Filters.TOTPConfig.Protocols, common.ProtocolHTTP) {
+ if user.Filters.TOTPConfig.Enabled && util.Contains(user.Filters.TOTPConfig.Protocols, common.ProtocolHTTP) {
passcode := r.Header.Get(otpHeaderCode)
if passcode == "" {
logger.Debug(logSender, "", "TOTP enabled for user %q and not passcode provided, authentication refused", user.Username)
w.Header().Set(common.HTTPAuthenticationHeader, basicRealm)
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, dataprovider.ErrInvalidCredentials, r)
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, dataprovider.ErrInvalidCredentials)
sendAPIResponse(w, r, dataprovider.ErrInvalidCredentials, http.StatusText(http.StatusUnauthorized),
http.StatusUnauthorized)
return
}
err = user.Filters.TOTPConfig.Secret.Decrypt()
if err != nil {
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure, r)
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure)
sendAPIResponse(w, r, fmt.Errorf("unable to decrypt TOTP secret: %w", err), http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
@@ -890,7 +896,7 @@ func (s *httpdServer) getUserToken(w http.ResponseWriter, r *http.Request) {
if !match || err != nil {
logger.Debug(logSender, "invalid passcode for user %q, match? %v, err: %v", user.Username, match, err)
w.Header().Set(common.HTTPAuthenticationHeader, basicRealm)
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, dataprovider.ErrInvalidCredentials, r)
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, dataprovider.ErrInvalidCredentials)
sendAPIResponse(w, r, dataprovider.ErrInvalidCredentials, http.StatusText(http.StatusUnauthorized),
http.StatusUnauthorized)
return
@@ -901,7 +907,7 @@ func (s *httpdServer) getUserToken(w http.ResponseWriter, r *http.Request) {
err = user.CheckFsRoot(connectionID)
if err != nil {
logger.Warn(logSender, connectionID, "unable to check fs root: %v", err)
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure, r)
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure)
sendAPIResponse(w, r, err, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
@@ -910,26 +916,26 @@ func (s *httpdServer) getUserToken(w http.ResponseWriter, r *http.Request) {
}
func (s *httpdServer) generateAndSendUserToken(w http.ResponseWriter, r *http.Request, ipAddr string, user dataprovider.User) {
- c := &jwt.Claims{
+ c := jwtTokenClaims{
Username: user.Username,
Permissions: user.Filters.WebClient,
+ Signature: user.GetSignature(),
Role: user.Role,
MustSetTwoFactorAuth: user.MustSetSecondFactor(),
MustChangePassword: user.MustChangePassword(),
RequiredTwoFactorProtocols: user.Filters.TwoFactorAuthProtocols,
}
- c.Subject = user.GetSignature()
- token, err := s.tokenAuth.SignWithParams(c, tokenAudienceAPIUser, ipAddr, getTokenDuration(tokenAudienceAPIUser))
+ resp, err := c.createTokenResponse(s.tokenAuth, tokenAudienceAPIUser, ipAddr)
if err != nil {
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure, r)
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, common.ErrInternalFailure)
sendAPIResponse(w, r, err, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
- updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err, r)
+ updateLoginMetrics(&user, dataprovider.LoginMethodPassword, ipAddr, err)
dataprovider.UpdateLastLogin(&user)
- render.JSON(w, r, c.BuildTokenResponse(token))
+ render.JSON(w, r, resp)
}
func (s *httpdServer) getToken(w http.ResponseWriter, r *http.Request) {
@@ -942,10 +948,9 @@ func (s *httpdServer) getToken(w http.ResponseWriter, r *http.Request) {
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
admin, err := dataprovider.CheckAdminAndPass(username, password, ipAddr)
if err != nil {
- handleDefenderEventLoginFailed(ipAddr, err) //nolint:errcheck
+ err = handleDefenderEventLoginFailed(ipAddr, err)
w.Header().Set(common.HTTPAuthenticationHeader, basicRealm)
- sendAPIResponse(w, r, dataprovider.ErrInvalidCredentials, http.StatusText(http.StatusUnauthorized),
- http.StatusUnauthorized)
+ sendAPIResponse(w, r, err, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
if admin.Filters.TOTPConfig.Enabled {
@@ -979,16 +984,17 @@ func (s *httpdServer) getToken(w http.ResponseWriter, r *http.Request) {
}
func (s *httpdServer) generateAndSendToken(w http.ResponseWriter, r *http.Request, admin dataprovider.Admin, ip string) {
- c := &jwt.Claims{
+ c := jwtTokenClaims{
Username: admin.Username,
Permissions: admin.Permissions,
Role: admin.Role,
+ Signature: admin.GetSignature(),
MustSetTwoFactorAuth: admin.Filters.RequireTwoFactor && !admin.Filters.TOTPConfig.Enabled,
MustChangePassword: admin.Filters.RequirePasswordChange,
}
- c.Subject = admin.GetSignature()
- token, err := s.tokenAuth.SignWithParams(c, tokenAudienceAPI, ip, getTokenDuration(tokenAudienceAPI))
+ resp, err := c.createTokenResponse(s.tokenAuth, tokenAudienceAPI, ip)
+
if err != nil {
sendAPIResponse(w, r, err, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
@@ -996,39 +1002,38 @@ func (s *httpdServer) generateAndSendToken(w http.ResponseWriter, r *http.Reques
dataprovider.UpdateAdminLastLogin(&admin)
common.DelayLogin(nil)
- render.JSON(w, r, c.BuildTokenResponse(token))
+ render.JSON(w, r, resp)
}
func (s *httpdServer) checkCookieExpiration(w http.ResponseWriter, r *http.Request) {
if _, ok := r.Context().Value(oidcTokenKey).(string); ok {
return
}
- claims, err := jwt.FromContext(r.Context())
+ token, claims, err := jwtauth.FromContext(r.Context())
if err != nil {
return
}
- if claims.Username == "" || claims.Subject == "" {
+ tokenClaims := jwtTokenClaims{}
+ tokenClaims.Decode(claims)
+ if tokenClaims.Username == "" || tokenClaims.Signature == "" {
return
}
- if time.Until(claims.Expiry.Time()) > cookieRefreshThreshold {
+ if time.Until(token.Expiration()) > tokenRefreshThreshold {
return
}
- if (time.Since(claims.IssuedAt.Time()) + cookieTokenDuration) > maxTokenDuration {
- return
- }
- if claims.Audience.Contains(tokenAudienceWebClient) {
- s.refreshClientToken(w, r, claims)
+ if util.Contains(token.Audience(), tokenAudienceWebClient) {
+ s.refreshClientToken(w, r, tokenClaims)
} else {
- s.refreshAdminToken(w, r, claims)
+ s.refreshAdminToken(w, r, tokenClaims)
}
}
-func (s *httpdServer) refreshClientToken(w http.ResponseWriter, r *http.Request, tokenClaims *jwt.Claims) {
+func (s *httpdServer) refreshClientToken(w http.ResponseWriter, r *http.Request, tokenClaims jwtTokenClaims) {
user, err := dataprovider.GetUserWithGroupSettings(tokenClaims.Username, "")
if err != nil {
return
}
- if user.GetSignature() != tokenClaims.Subject {
+ if user.GetSignature() != tokenClaims.Signature {
logger.Debug(logSender, "", "signature mismatch for user %q, unable to refresh cookie", user.Username)
return
}
@@ -1036,7 +1041,7 @@ func (s *httpdServer) refreshClientToken(w http.ResponseWriter, r *http.Request,
logger.Debug(logSender, "", "unable to refresh cookie for user %q: %v", user.Username, err)
return
}
- if err := checkHTTPClientUser(&user, r, xid.New().String(), true, false); err != nil {
+ if err := checkHTTPClientUser(&user, r, xid.New().String(), true); err != nil {
logger.Debug(logSender, "", "unable to refresh cookie for user %q: %v", user.Username, err)
return
}
@@ -1044,15 +1049,15 @@ func (s *httpdServer) refreshClientToken(w http.ResponseWriter, r *http.Request,
tokenClaims.Permissions = user.Filters.WebClient
tokenClaims.Role = user.Role
logger.Debug(logSender, "", "cookie refreshed for user %q", user.Username)
- createAndSetCookie(w, r, tokenClaims, s.tokenAuth, tokenAudienceWebClient, util.GetIPFromRemoteAddress(r.RemoteAddr)) //nolint:errcheck
+ tokenClaims.createAndSetCookie(w, r, s.tokenAuth, tokenAudienceWebClient, util.GetIPFromRemoteAddress(r.RemoteAddr)) //nolint:errcheck
}
-func (s *httpdServer) refreshAdminToken(w http.ResponseWriter, r *http.Request, tokenClaims *jwt.Claims) {
+func (s *httpdServer) refreshAdminToken(w http.ResponseWriter, r *http.Request, tokenClaims jwtTokenClaims) {
admin, err := dataprovider.AdminExists(tokenClaims.Username)
if err != nil {
return
}
- if admin.GetSignature() != tokenClaims.Subject {
+ if admin.GetSignature() != tokenClaims.Signature {
logger.Debug(logSender, "", "signature mismatch for admin %q, unable to refresh cookie", admin.Username)
return
}
@@ -1065,18 +1070,18 @@ func (s *httpdServer) refreshAdminToken(w http.ResponseWriter, r *http.Request,
tokenClaims.Role = admin.Role
tokenClaims.HideUserPageSections = admin.Filters.Preferences.HideUserPageSections
logger.Debug(logSender, "", "cookie refreshed for admin %q", admin.Username)
- createAndSetCookie(w, r, tokenClaims, s.tokenAuth, tokenAudienceWebAdmin, ipAddr) //nolint:errcheck
+ tokenClaims.createAndSetCookie(w, r, s.tokenAuth, tokenAudienceWebAdmin, ipAddr) //nolint:errcheck
}
func (s *httpdServer) updateContextFromCookie(r *http.Request) *http.Request {
- _, err := jwt.FromContext(r.Context())
- if err != nil {
- _, err = r.Cookie(jwt.CookieKey)
+ token, _, err := jwtauth.FromContext(r.Context())
+ if token == nil || err != nil {
+ _, err = r.Cookie(jwtCookieKey)
if err != nil {
return r
}
- token, err := jwt.VerifyRequest(s.tokenAuth, r, jwt.TokenFromCookie)
- ctx := jwt.NewContext(r.Context(), token, err)
+ token, err = jwtauth.VerifyRequest(s.tokenAuth, r, jwtauth.TokenFromCookie)
+ ctx := jwtauth.NewContext(r.Context(), token, err)
return r.WithContext(ctx)
}
return r
@@ -1084,11 +1089,6 @@ func (s *httpdServer) updateContextFromCookie(r *http.Request) *http.Request {
func (s *httpdServer) parseHeaders(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- responseControllerDeadlines(
- http.NewResponseController(w),
- time.Now().Add(60*time.Second),
- time.Now().Add(60*time.Second),
- )
w.Header().Set("Server", version.GetServerVersion("/", false))
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
var ip net.IP
@@ -1190,9 +1190,8 @@ func (s *httpdServer) badHostHandler(w http.ResponseWriter, r *http.Request) {
break
}
}
- logger.Debug(logSender, "", "the host %q is not allowed", host)
s.sendForbiddenResponse(w, r, util.NewI18nError(
- util.NewGenericError(http.StatusText(http.StatusForbidden)),
+ util.NewGenericError(fmt.Sprintf("The host %q is not allowed", host)),
util.I18nErrorConnectionForbidden,
))
}
@@ -1234,18 +1233,9 @@ func (s *httpdServer) mustCheckPath(r *http.Request) bool {
return !strings.HasPrefix(urlPath, webStaticFilesPath) && !strings.HasPrefix(urlPath, acmeChallengeURI)
}
-func (s *httpdServer) initializeRouter() error {
- signer, err := jwt.NewSigner(jose.HS256, getSigningKey(s.signingPassphrase))
- if err != nil {
- return err
- }
- csrfSigner, err := jwt.NewSigner(jose.HS256, getSigningKey(s.signingPassphrase))
- if err != nil {
- return err
- }
+func (s *httpdServer) initializeRouter() {
var hasHTTPSRedirect bool
- s.tokenAuth = signer
- s.csrfTokenAuth = csrfSigner
+ s.tokenAuth = jwtauth.New(jwa.HS256.String(), getSigningKey(s.signingPassphrase), nil)
s.router = chi.NewRouter()
s.router.Use(middleware.RequestID)
@@ -1254,20 +1244,17 @@ func (s *httpdServer) initializeRouter() error {
s.router.Use(middleware.Recoverer)
if s.binding.Security.Enabled {
secureMiddleware := secure.New(secure.Options{
- AllowedHosts: s.binding.Security.AllowedHosts,
- AllowedHostsAreRegex: s.binding.Security.AllowedHostsAreRegex,
- HostsProxyHeaders: s.binding.Security.HostsProxyHeaders,
- SSLProxyHeaders: s.binding.Security.getHTTPSProxyHeaders(),
- STSSeconds: s.binding.Security.STSSeconds,
- STSIncludeSubdomains: s.binding.Security.STSIncludeSubdomains,
- STSPreload: s.binding.Security.STSPreload,
- ContentTypeNosniff: s.binding.Security.ContentTypeNosniff,
- ContentSecurityPolicy: s.binding.Security.ContentSecurityPolicy,
- PermissionsPolicy: s.binding.Security.PermissionsPolicy,
- CrossOriginOpenerPolicy: s.binding.Security.CrossOriginOpenerPolicy,
- CrossOriginResourcePolicy: s.binding.Security.CrossOriginResourcePolicy,
- CrossOriginEmbedderPolicy: s.binding.Security.CrossOriginEmbedderPolicy,
- ReferrerPolicy: s.binding.Security.ReferrerPolicy,
+ AllowedHosts: s.binding.Security.AllowedHosts,
+ AllowedHostsAreRegex: s.binding.Security.AllowedHostsAreRegex,
+ HostsProxyHeaders: s.binding.Security.HostsProxyHeaders,
+ SSLProxyHeaders: s.binding.Security.getHTTPSProxyHeaders(),
+ STSSeconds: s.binding.Security.STSSeconds,
+ STSIncludeSubdomains: s.binding.Security.STSIncludeSubdomains,
+ STSPreload: s.binding.Security.STSPreload,
+ ContentTypeNosniff: s.binding.Security.ContentTypeNosniff,
+ ContentSecurityPolicy: s.binding.Security.ContentSecurityPolicy,
+ PermissionsPolicy: s.binding.Security.PermissionsPolicy,
+ CrossOriginOpenerPolicy: s.binding.Security.CrossOriginOpenerPolicy,
})
secureMiddleware.SetBadHostHandler(http.HandlerFunc(s.badHostHandler))
if s.binding.Security.CacheControl == "private" {
@@ -1309,57 +1296,24 @@ func (s *httpdServer) initializeRouter() error {
}
}
- s.setupRESTAPIRoutes()
-
- if s.enableWebAdmin || s.enableWebClient {
- s.router.Group(func(router chi.Router) {
- router.Use(cleanCacheControlMiddleware)
- router.Use(compressor.Handler)
- serveStaticDir(router, webStaticFilesPath, s.staticFilesPath, true)
- })
- if s.binding.OIDC.isEnabled() {
- s.router.Get(webOIDCRedirectPath, s.handleOIDCRedirect)
- }
- if s.enableWebClient {
- s.router.Get(webRootPath, func(w http.ResponseWriter, r *http.Request) {
- r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- s.redirectToWebPath(w, r, webClientLoginPath)
- })
- s.router.Get(webBasePath, func(w http.ResponseWriter, r *http.Request) {
- r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- s.redirectToWebPath(w, r, webClientLoginPath)
- })
- } else {
- s.router.Get(webRootPath, func(w http.ResponseWriter, r *http.Request) {
- r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- s.redirectToWebPath(w, r, webAdminLoginPath)
- })
- s.router.Get(webBasePath, func(w http.ResponseWriter, r *http.Request) {
- r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- s.redirectToWebPath(w, r, webAdminLoginPath)
- })
- }
- }
-
- s.setupWebClientRoutes()
- s.setupWebAdminRoutes()
- return nil
-}
-
-func (s *httpdServer) setupRESTAPIRoutes() {
if s.enableRESTAPI {
- if !s.binding.isAdminTokenEndpointDisabled() {
- s.router.Get(tokenPath, s.getToken)
- s.router.Post(adminPath+"/{username}/forgot-password", forgotAdminPassword)
- s.router.Post(adminPath+"/{username}/reset-password", resetAdminPassword)
- }
+ // share API available to external users
+ s.router.Get(sharesPath+"/{id}", s.downloadFromShare) //nolint:goconst
+ s.router.Post(sharesPath+"/{id}", s.uploadFilesToShare)
+ s.router.Post(sharesPath+"/{id}/{name}", s.uploadFileToShare)
+ s.router.With(compressor.Handler).Get(sharesPath+"/{id}/dirs", s.readBrowsableShareContents)
+ s.router.Get(sharesPath+"/{id}/files", s.downloadBrowsableSharedFile)
+
+ s.router.Get(tokenPath, s.getToken)
+ s.router.Post(adminPath+"/{username}/forgot-password", forgotAdminPassword)
+ s.router.Post(adminPath+"/{username}/reset-password", resetAdminPassword)
+ s.router.Post(userPath+"/{username}/forgot-password", forgotUserPassword)
+ s.router.Post(userPath+"/{username}/reset-password", resetUserPassword)
s.router.Group(func(router chi.Router) {
router.Use(checkNodeToken(s.tokenAuth))
- if !s.binding.isAdminAPIKeyAuthDisabled() {
- router.Use(checkAPIKeyAuth(s.tokenAuth, dataprovider.APIKeyScopeAdmin))
- }
- router.Use(jwt.Verify(s.tokenAuth, jwt.TokenFromHeader))
+ router.Use(checkAPIKeyAuth(s.tokenAuth, dataprovider.APIKeyScopeAdmin))
+ router.Use(jwtauth.Verify(s.tokenAuth, jwtauth.TokenFromHeader))
router.Use(jwtAuthenticatorAPI)
router.Get(versionPath, func(w http.ResponseWriter, r *http.Request) {
@@ -1379,116 +1333,105 @@ func (s *httpdServer) setupRESTAPIRoutes() {
router.With(forbidAPIKeyAuthentication).Get(admin2FARecoveryCodesPath, getRecoveryCodes)
router.With(forbidAPIKeyAuthentication).Post(admin2FARecoveryCodesPath, generateRecoveryCodes)
- router.With(forbidAPIKeyAuthentication, s.checkPerms(dataprovider.PermAdminAny)).
+ router.With(forbidAPIKeyAuthentication, s.checkPerm(dataprovider.PermAdminAny)).
Get(apiKeysPath, getAPIKeys)
- router.With(forbidAPIKeyAuthentication, s.checkPerms(dataprovider.PermAdminAny)).
+ router.With(forbidAPIKeyAuthentication, s.checkPerm(dataprovider.PermAdminAny)).
Post(apiKeysPath, addAPIKey)
- router.With(forbidAPIKeyAuthentication, s.checkPerms(dataprovider.PermAdminAny)).
+ router.With(forbidAPIKeyAuthentication, s.checkPerm(dataprovider.PermAdminAny)).
Get(apiKeysPath+"/{id}", getAPIKeyByID)
- router.With(forbidAPIKeyAuthentication, s.checkPerms(dataprovider.PermAdminAny)).
+ router.With(forbidAPIKeyAuthentication, s.checkPerm(dataprovider.PermAdminAny)).
Put(apiKeysPath+"/{id}", updateAPIKey)
- router.With(forbidAPIKeyAuthentication, s.checkPerms(dataprovider.PermAdminAny)).
+ router.With(forbidAPIKeyAuthentication, s.checkPerm(dataprovider.PermAdminAny)).
Delete(apiKeysPath+"/{id}", deleteAPIKey)
router.Group(func(router chi.Router) {
router.Use(s.checkAuthRequirements)
- router.With(s.checkPerms(dataprovider.PermAdminViewServerStatus)).
+ router.With(s.checkPerm(dataprovider.PermAdminViewServerStatus)).
Get(serverStatusPath, func(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
render.JSON(w, r, getServicesStatus())
})
- router.With(s.checkPerms(dataprovider.PermAdminViewConnections)).Get(activeConnectionsPath, getActiveConnections)
- router.With(s.checkPerms(dataprovider.PermAdminCloseConnections)).
+ router.With(s.checkPerm(dataprovider.PermAdminViewConnections)).Get(activeConnectionsPath, getActiveConnections)
+ router.With(s.checkPerm(dataprovider.PermAdminCloseConnections)).
Delete(activeConnectionsPath+"/{connectionID}", handleCloseConnection)
- router.With(s.checkPerms(dataprovider.PermAdminQuotaScans)).Get(quotasBasePath+"/users/scans", getUsersQuotaScans)
- router.With(s.checkPerms(dataprovider.PermAdminQuotaScans)).Post(quotasBasePath+"/users/{username}/scan", startUserQuotaScan)
- router.With(s.checkPerms(dataprovider.PermAdminQuotaScans)).Get(quotasBasePath+"/folders/scans", getFoldersQuotaScans)
- router.With(s.checkPerms(dataprovider.PermAdminQuotaScans)).Post(quotasBasePath+"/folders/{name}/scan", startFolderQuotaScan)
- router.With(s.checkPerms(dataprovider.PermAdminViewUsers)).Get(userPath, getUsers)
- router.With(s.checkPerms(dataprovider.PermAdminAddUsers)).Post(userPath, addUser)
- router.With(s.checkPerms(dataprovider.PermAdminViewUsers)).Get(userPath+"/{username}", getUserByUsername) //nolint:goconst
- router.With(s.checkPerms(dataprovider.PermAdminChangeUsers)).Put(userPath+"/{username}", updateUser)
- router.With(s.checkPerms(dataprovider.PermAdminDeleteUsers)).Delete(userPath+"/{username}", deleteUser)
- router.With(s.checkPerms(dataprovider.PermAdminDisableMFA)).Put(userPath+"/{username}/2fa/disable", disableUser2FA) //nolint:goconst
- router.With(s.checkPerms(dataprovider.PermAdminManageFolders)).Get(folderPath, getFolders)
- router.With(s.checkPerms(dataprovider.PermAdminManageFolders)).Get(folderPath+"/{name}", getFolderByName) //nolint:goconst
- router.With(s.checkPerms(dataprovider.PermAdminManageFolders)).Post(folderPath, addFolder)
- router.With(s.checkPerms(dataprovider.PermAdminManageFolders)).Put(folderPath+"/{name}", updateFolder)
- router.With(s.checkPerms(dataprovider.PermAdminManageFolders)).Delete(folderPath+"/{name}", deleteFolder)
- router.With(s.checkPerms(dataprovider.PermAdminManageGroups)).Get(groupPath, getGroups)
- router.With(s.checkPerms(dataprovider.PermAdminManageGroups)).Get(groupPath+"/{name}", getGroupByName)
- router.With(s.checkPerms(dataprovider.PermAdminManageGroups)).Post(groupPath, addGroup)
- router.With(s.checkPerms(dataprovider.PermAdminManageGroups)).Put(groupPath+"/{name}", updateGroup)
- router.With(s.checkPerms(dataprovider.PermAdminManageGroups)).Delete(groupPath+"/{name}", deleteGroup)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Get(dumpDataPath, dumpData)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Get(loadDataPath, loadData)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(loadDataPath, loadDataFromRequest)
- router.With(s.checkPerms(dataprovider.PermAdminChangeUsers)).Put(quotasBasePath+"/users/{username}/usage",
+ router.With(s.checkPerm(dataprovider.PermAdminQuotaScans)).Get(quotasBasePath+"/users/scans", getUsersQuotaScans)
+ router.With(s.checkPerm(dataprovider.PermAdminQuotaScans)).Post(quotasBasePath+"/users/{username}/scan", startUserQuotaScan)
+ router.With(s.checkPerm(dataprovider.PermAdminQuotaScans)).Get(quotasBasePath+"/folders/scans", getFoldersQuotaScans)
+ router.With(s.checkPerm(dataprovider.PermAdminQuotaScans)).Post(quotasBasePath+"/folders/{name}/scan", startFolderQuotaScan)
+ router.With(s.checkPerm(dataprovider.PermAdminViewUsers)).Get(userPath, getUsers)
+ router.With(s.checkPerm(dataprovider.PermAdminAddUsers)).Post(userPath, addUser)
+ router.With(s.checkPerm(dataprovider.PermAdminViewUsers)).Get(userPath+"/{username}", getUserByUsername) //nolint:goconst
+ router.With(s.checkPerm(dataprovider.PermAdminChangeUsers)).Put(userPath+"/{username}", updateUser)
+ router.With(s.checkPerm(dataprovider.PermAdminDeleteUsers)).Delete(userPath+"/{username}", deleteUser)
+ router.With(s.checkPerm(dataprovider.PermAdminDisableMFA)).Put(userPath+"/{username}/2fa/disable", disableUser2FA) //nolint:goconst
+ router.With(s.checkPerm(dataprovider.PermAdminManageFolders)).Get(folderPath, getFolders)
+ router.With(s.checkPerm(dataprovider.PermAdminManageFolders)).Get(folderPath+"/{name}", getFolderByName) //nolint:goconst
+ router.With(s.checkPerm(dataprovider.PermAdminManageFolders)).Post(folderPath, addFolder)
+ router.With(s.checkPerm(dataprovider.PermAdminManageFolders)).Put(folderPath+"/{name}", updateFolder)
+ router.With(s.checkPerm(dataprovider.PermAdminManageFolders)).Delete(folderPath+"/{name}", deleteFolder)
+ router.With(s.checkPerm(dataprovider.PermAdminManageGroups)).Get(groupPath, getGroups)
+ router.With(s.checkPerm(dataprovider.PermAdminManageGroups)).Get(groupPath+"/{name}", getGroupByName)
+ router.With(s.checkPerm(dataprovider.PermAdminManageGroups)).Post(groupPath, addGroup)
+ router.With(s.checkPerm(dataprovider.PermAdminManageGroups)).Put(groupPath+"/{name}", updateGroup)
+ router.With(s.checkPerm(dataprovider.PermAdminManageGroups)).Delete(groupPath+"/{name}", deleteGroup)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Get(dumpDataPath, dumpData)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Get(loadDataPath, loadData)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(loadDataPath, loadDataFromRequest)
+ router.With(s.checkPerm(dataprovider.PermAdminChangeUsers)).Put(quotasBasePath+"/users/{username}/usage",
updateUserQuotaUsage)
- router.With(s.checkPerms(dataprovider.PermAdminChangeUsers)).Put(quotasBasePath+"/users/{username}/transfer-usage",
+ router.With(s.checkPerm(dataprovider.PermAdminChangeUsers)).Put(quotasBasePath+"/users/{username}/transfer-usage",
updateUserTransferQuotaUsage)
- router.With(s.checkPerms(dataprovider.PermAdminChangeUsers)).Put(quotasBasePath+"/folders/{name}/usage",
+ router.With(s.checkPerm(dataprovider.PermAdminChangeUsers)).Put(quotasBasePath+"/folders/{name}/usage",
updateFolderQuotaUsage)
- router.With(s.checkPerms(dataprovider.PermAdminViewDefender)).Get(defenderHosts, getDefenderHosts)
- router.With(s.checkPerms(dataprovider.PermAdminViewDefender)).Get(defenderHosts+"/{id}", getDefenderHostByID)
- router.With(s.checkPerms(dataprovider.PermAdminManageDefender)).Delete(defenderHosts+"/{id}", deleteDefenderHostByID)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Get(adminPath, getAdmins)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(adminPath, addAdmin)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Get(adminPath+"/{username}", getAdminByUsername)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Put(adminPath+"/{username}", updateAdmin)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Delete(adminPath+"/{username}", deleteAdmin)
- router.With(s.checkPerms(dataprovider.PermAdminDisableMFA)).Put(adminPath+"/{username}/2fa/disable", disableAdmin2FA)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Get(retentionChecksPath, getRetentionChecks)
- router.With(s.checkPerms(dataprovider.PermAdminViewEvents), compressor.Handler).
+ router.With(s.checkPerm(dataprovider.PermAdminViewDefender)).Get(defenderHosts, getDefenderHosts)
+ router.With(s.checkPerm(dataprovider.PermAdminViewDefender)).Get(defenderHosts+"/{id}", getDefenderHostByID)
+ router.With(s.checkPerm(dataprovider.PermAdminManageDefender)).Delete(defenderHosts+"/{id}", deleteDefenderHostByID)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Get(adminPath, getAdmins)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(adminPath, addAdmin)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Get(adminPath+"/{username}", getAdminByUsername)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Put(adminPath+"/{username}", updateAdmin)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Delete(adminPath+"/{username}", deleteAdmin)
+ router.With(s.checkPerm(dataprovider.PermAdminDisableMFA)).Put(adminPath+"/{username}/2fa/disable", disableAdmin2FA)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Get(retentionChecksPath, getRetentionChecks)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(retentionBasePath+"/{username}/check",
+ startRetentionCheck)
+ router.With(s.checkPerm(dataprovider.PermAdminViewEvents), compressor.Handler).
Get(fsEventsPath, searchFsEvents)
- router.With(s.checkPerms(dataprovider.PermAdminViewEvents), compressor.Handler).
+ router.With(s.checkPerm(dataprovider.PermAdminViewEvents), compressor.Handler).
Get(providerEventsPath, searchProviderEvents)
- router.With(s.checkPerms(dataprovider.PermAdminViewEvents), compressor.Handler).
+ router.With(s.checkPerm(dataprovider.PermAdminViewEvents), compressor.Handler).
Get(logEventsPath, searchLogEvents)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Get(eventActionsPath, getEventActions)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Get(eventActionsPath+"/{name}", getEventActionByName)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(eventActionsPath, addEventAction)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Put(eventActionsPath+"/{name}", updateEventAction)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Delete(eventActionsPath+"/{name}", deleteEventAction)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Get(eventRulesPath, getEventRules)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Get(eventRulesPath+"/{name}", getEventRuleByName)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(eventRulesPath, addEventRule)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Put(eventRulesPath+"/{name}", updateEventRule)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Delete(eventRulesPath+"/{name}", deleteEventRule)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(eventRulesPath+"/run/{name}", runOnDemandRule)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Get(rolesPath, getRoles)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(rolesPath, addRole)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Get(rolesPath+"/{name}", getRoleByName)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Put(rolesPath+"/{name}", updateRole)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Delete(rolesPath+"/{name}", deleteRole)
- router.With(s.checkPerms(dataprovider.PermAdminAny), compressor.Handler).Get(ipListsPath+"/{type}", getIPListEntries) //nolint:goconst
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(ipListsPath+"/{type}", addIPListEntry)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Get(ipListsPath+"/{type}/{ipornet}", getIPListEntry) //nolint:goconst
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Put(ipListsPath+"/{type}/{ipornet}", updateIPListEntry)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Delete(ipListsPath+"/{type}/{ipornet}", deleteIPListEntry)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Get(eventActionsPath, getEventActions)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Get(eventActionsPath+"/{name}", getEventActionByName)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(eventActionsPath, addEventAction)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Put(eventActionsPath+"/{name}", updateEventAction)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Delete(eventActionsPath+"/{name}", deleteEventAction)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Get(eventRulesPath, getEventRules)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Get(eventRulesPath+"/{name}", getEventRuleByName)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(eventRulesPath, addEventRule)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Put(eventRulesPath+"/{name}", updateEventRule)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Delete(eventRulesPath+"/{name}", deleteEventRule)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(eventRulesPath+"/run/{name}", runOnDemandRule)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Get(rolesPath, getRoles)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(rolesPath, addRole)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Get(rolesPath+"/{name}", getRoleByName)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Put(rolesPath+"/{name}", updateRole)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Delete(rolesPath+"/{name}", deleteRole)
+ router.With(s.checkPerm(dataprovider.PermAdminAny), compressor.Handler).Get(ipListsPath+"/{type}", getIPListEntries) //nolint:goconst
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(ipListsPath+"/{type}", addIPListEntry)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Get(ipListsPath+"/{type}/{ipornet}", getIPListEntry) //nolint:goconst
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Put(ipListsPath+"/{type}/{ipornet}", updateIPListEntry)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Delete(ipListsPath+"/{type}/{ipornet}", deleteIPListEntry)
})
})
- // share API available to external users
- s.router.Get(sharesPath+"/{id}", s.downloadFromShare)
- s.router.Post(sharesPath+"/{id}", s.uploadFilesToShare)
- s.router.Post(sharesPath+"/{id}/{name}", s.uploadFileToShare)
- s.router.With(compressor.Handler).Get(sharesPath+"/{id}/dirs", s.readBrowsableShareContents)
- s.router.Get(sharesPath+"/{id}/files", s.downloadBrowsableSharedFile)
-
- if !s.binding.isUserTokenEndpointDisabled() {
- s.router.Get(userTokenPath, s.getUserToken)
- s.router.Post(userPath+"/{username}/forgot-password", forgotUserPassword)
- s.router.Post(userPath+"/{username}/reset-password", resetUserPassword)
- }
+ s.router.Get(userTokenPath, s.getUserToken)
s.router.Group(func(router chi.Router) {
- if !s.binding.isUserAPIKeyAuthDisabled() {
- router.Use(checkAPIKeyAuth(s.tokenAuth, dataprovider.APIKeyScopeUser))
- }
- router.Use(jwt.Verify(s.tokenAuth, jwt.TokenFromHeader))
+ router.Use(checkAPIKeyAuth(s.tokenAuth, dataprovider.APIKeyScopeUser))
+ router.Use(jwtauth.Verify(s.tokenAuth, jwtauth.TokenFromHeader))
router.Use(jwtAuthenticatorAPIUser)
router.With(forbidAPIKeyAuthentication).Get(userLogoutPath, s.logout)
@@ -1553,6 +1496,39 @@ func (s *httpdServer) setupRESTAPIRoutes() {
})
}
}
+
+ if s.enableWebAdmin || s.enableWebClient {
+ s.router.Group(func(router chi.Router) {
+ router.Use(cleanCacheControlMiddleware)
+ router.Use(compressor.Handler)
+ serveStaticDir(router, webStaticFilesPath, s.staticFilesPath, true)
+ })
+ if s.binding.OIDC.isEnabled() {
+ s.router.Get(webOIDCRedirectPath, s.handleOIDCRedirect)
+ }
+ if s.enableWebClient {
+ s.router.Get(webRootPath, func(w http.ResponseWriter, r *http.Request) {
+ r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
+ s.redirectToWebPath(w, r, webClientLoginPath)
+ })
+ s.router.Get(webBasePath, func(w http.ResponseWriter, r *http.Request) {
+ r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
+ s.redirectToWebPath(w, r, webClientLoginPath)
+ })
+ } else {
+ s.router.Get(webRootPath, func(w http.ResponseWriter, r *http.Request) {
+ r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
+ s.redirectToWebPath(w, r, webAdminLoginPath)
+ })
+ s.router.Get(webBasePath, func(w http.ResponseWriter, r *http.Request) {
+ r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
+ s.redirectToWebPath(w, r, webAdminLoginPath)
+ })
+ }
+ }
+
+ s.setupWebClientRoutes()
+ s.setupWebAdminRoutes()
}
func (s *httpdServer) setupWebClientRoutes() {
@@ -1561,48 +1537,32 @@ func (s *httpdServer) setupWebClientRoutes() {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
http.Redirect(w, r, webClientLoginPath, http.StatusFound)
})
- s.router.With(cleanCacheControlMiddleware).Get(path.Join(webStaticFilesPath, "branding/webclient/logo.png"),
- func(w http.ResponseWriter, r *http.Request) {
- r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- renderPNGImage(w, r, dbBrandingConfig.getWebClientLogo())
- })
- s.router.With(cleanCacheControlMiddleware).Get(path.Join(webStaticFilesPath, "branding/webclient/favicon.png"),
- func(w http.ResponseWriter, r *http.Request) {
- r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- renderPNGImage(w, r, dbBrandingConfig.getWebClientFavicon())
- })
s.router.Get(webClientLoginPath, s.handleClientWebLogin)
if s.binding.OIDC.isEnabled() && !s.binding.isWebClientOIDCLoginDisabled() {
s.router.Get(webClientOIDCLoginPath, s.handleWebClientOIDCLogin)
}
if !s.binding.isWebClientLoginFormDisabled() {
- s.router.With(jwt.Verify(s.csrfTokenAuth, jwt.TokenFromCookie)).
- Post(webClientLoginPath, s.handleWebClientLoginPost)
+ s.router.Post(webClientLoginPath, s.handleWebClientLoginPost)
s.router.Get(webClientForgotPwdPath, s.handleWebClientForgotPwd)
- s.router.With(jwt.Verify(s.csrfTokenAuth, jwt.TokenFromCookie)).
- Post(webClientForgotPwdPath, s.handleWebClientForgotPwdPost)
- s.router.With(jwt.Verify(s.csrfTokenAuth, jwt.TokenFromCookie)).
- Get(webClientResetPwdPath, s.handleWebClientPasswordReset)
- s.router.With(jwt.Verify(s.csrfTokenAuth, jwt.TokenFromCookie)).
- Post(webClientResetPwdPath, s.handleWebClientPasswordResetPost)
- s.router.With(jwt.Verify(s.tokenAuth, jwt.TokenFromCookie),
+ s.router.Post(webClientForgotPwdPath, s.handleWebClientForgotPwdPost)
+ s.router.Get(webClientResetPwdPath, s.handleWebClientPasswordReset)
+ s.router.Post(webClientResetPwdPath, s.handleWebClientPasswordResetPost)
+ s.router.With(jwtauth.Verify(s.tokenAuth, jwtauth.TokenFromCookie),
s.jwtAuthenticatorPartial(tokenAudienceWebClientPartial)).
Get(webClientTwoFactorPath, s.handleWebClientTwoFactor)
- s.router.With(jwt.Verify(s.tokenAuth, jwt.TokenFromCookie),
+ s.router.With(jwtauth.Verify(s.tokenAuth, jwtauth.TokenFromCookie),
s.jwtAuthenticatorPartial(tokenAudienceWebClientPartial)).
Post(webClientTwoFactorPath, s.handleWebClientTwoFactorPost)
- s.router.With(jwt.Verify(s.tokenAuth, jwt.TokenFromCookie),
+ s.router.With(jwtauth.Verify(s.tokenAuth, jwtauth.TokenFromCookie),
s.jwtAuthenticatorPartial(tokenAudienceWebClientPartial)).
Get(webClientTwoFactorRecoveryPath, s.handleWebClientTwoFactorRecovery)
- s.router.With(jwt.Verify(s.tokenAuth, jwt.TokenFromCookie),
+ s.router.With(jwtauth.Verify(s.tokenAuth, jwtauth.TokenFromCookie),
s.jwtAuthenticatorPartial(tokenAudienceWebClientPartial)).
Post(webClientTwoFactorRecoveryPath, s.handleWebClientTwoFactorRecoveryPost)
}
// share routes available to external users
s.router.Get(webClientPubSharesPath+"/{id}/login", s.handleClientShareLoginGet)
- s.router.With(jwt.Verify(s.csrfTokenAuth, jwt.TokenFromCookie)).
- Post(webClientPubSharesPath+"/{id}/login", s.handleClientShareLoginPost)
- s.router.Get(webClientPubSharesPath+"/{id}/logout", s.handleClientShareLogout)
+ s.router.Post(webClientPubSharesPath+"/{id}/login", s.handleClientShareLoginPost)
s.router.Get(webClientPubSharesPath+"/{id}", s.downloadFromShare)
s.router.Post(webClientPubSharesPath+"/{id}/partial", s.handleClientSharePartialDownload)
s.router.Get(webClientPubSharesPath+"/{id}/browse", s.handleShareGetFiles)
@@ -1619,32 +1579,32 @@ func (s *httpdServer) setupWebClientRoutes() {
if s.binding.OIDC.isEnabled() {
router.Use(s.oidcTokenAuthenticator(tokenAudienceWebClient))
}
- router.Use(jwt.Verify(s.tokenAuth, oidcTokenFromContext, jwt.TokenFromCookie))
+ router.Use(jwtauth.Verify(s.tokenAuth, tokenFromContext, jwtauth.TokenFromCookie))
router.Use(jwtAuthenticatorWebClient)
router.Get(webClientLogoutPath, s.handleWebClientLogout)
router.With(s.checkAuthRequirements, s.refreshCookie).Get(webClientFilesPath, s.handleClientGetFiles)
router.With(s.checkAuthRequirements, s.refreshCookie).Get(webClientViewPDFPath, s.handleClientViewPDF)
router.With(s.checkAuthRequirements, s.refreshCookie).Get(webClientGetPDFPath, s.handleClientGetPDF)
- router.With(s.checkAuthRequirements, s.refreshCookie, s.verifyCSRFHeader).Get(webClientFilePath, getUserFile)
- router.With(s.checkAuthRequirements, s.refreshCookie, s.verifyCSRFHeader).Get(webClientTasksPath+"/{id}",
+ router.With(s.checkAuthRequirements, s.refreshCookie, verifyCSRFHeader).Get(webClientFilePath, getUserFile)
+ router.With(s.checkAuthRequirements, s.refreshCookie, verifyCSRFHeader).Get(webClientTasksPath+"/{id}",
getWebTask)
- router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientWriteDisabled), s.verifyCSRFHeader).
+ router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientWriteDisabled), verifyCSRFHeader).
Post(webClientFilePath, uploadUserFile)
- router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientWriteDisabled), s.verifyCSRFHeader).
+ router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientWriteDisabled), verifyCSRFHeader).
Post(webClientExistPath, s.handleClientCheckExist)
router.With(s.checkAuthRequirements, s.refreshCookie).Get(webClientEditFilePath, s.handleClientEditFile)
- router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientWriteDisabled), s.verifyCSRFHeader).
+ router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientWriteDisabled), verifyCSRFHeader).
Delete(webClientFilesPath, deleteUserFile)
router.With(s.checkAuthRequirements, compressor.Handler, s.refreshCookie).
Get(webClientDirsPath, s.handleClientGetDirContents)
- router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientWriteDisabled), s.verifyCSRFHeader).
+ router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientWriteDisabled), verifyCSRFHeader).
Post(webClientDirsPath, createUserDir)
- router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientWriteDisabled), s.verifyCSRFHeader).
+ router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientWriteDisabled), verifyCSRFHeader).
Delete(webClientDirsPath, taskDeleteDir)
- router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientWriteDisabled), s.verifyCSRFHeader).
+ router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientWriteDisabled), verifyCSRFHeader).
Post(webClientFileActionsPath+"/move", taskRenameFsEntry)
- router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientWriteDisabled), s.verifyCSRFHeader).
+ router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientWriteDisabled), verifyCSRFHeader).
Post(webClientFileActionsPath+"/copy", taskCopyFsEntry)
router.With(s.checkAuthRequirements, s.refreshCookie).
Post(webClientDownloadZipPath, s.handleWebClientDownloadZip)
@@ -1660,15 +1620,15 @@ func (s *httpdServer) setupWebClientRoutes() {
Get(webClientMFAPath, s.handleWebClientMFA)
router.With(s.checkHTTPUserPerm(sdk.WebClientMFADisabled), s.refreshCookie).
Get(webClientMFAPath+"/qrcode", getQRCode)
- router.With(s.checkHTTPUserPerm(sdk.WebClientMFADisabled), s.verifyCSRFHeader).
+ router.With(s.checkHTTPUserPerm(sdk.WebClientMFADisabled), verifyCSRFHeader).
Post(webClientTOTPGeneratePath, generateTOTPSecret)
- router.With(s.checkHTTPUserPerm(sdk.WebClientMFADisabled), s.verifyCSRFHeader).
+ router.With(s.checkHTTPUserPerm(sdk.WebClientMFADisabled), verifyCSRFHeader).
Post(webClientTOTPValidatePath, validateTOTPPasscode)
- router.With(s.checkHTTPUserPerm(sdk.WebClientMFADisabled), s.verifyCSRFHeader).
+ router.With(s.checkHTTPUserPerm(sdk.WebClientMFADisabled), verifyCSRFHeader).
Post(webClientTOTPSavePath, saveTOTPConfig)
- router.With(s.checkHTTPUserPerm(sdk.WebClientMFADisabled), s.verifyCSRFHeader, s.refreshCookie).
+ router.With(s.checkHTTPUserPerm(sdk.WebClientMFADisabled), verifyCSRFHeader, s.refreshCookie).
Get(webClientRecoveryCodesPath, getRecoveryCodes)
- router.With(s.checkHTTPUserPerm(sdk.WebClientMFADisabled), s.verifyCSRFHeader).
+ router.With(s.checkHTTPUserPerm(sdk.WebClientMFADisabled), verifyCSRFHeader).
Post(webClientRecoveryCodesPath, generateRecoveryCodes)
router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientSharesDisabled), compressor.Handler, s.refreshCookie).
Get(webClientSharesPath+jsonAPISuffix, getAllShares)
@@ -1682,7 +1642,7 @@ func (s *httpdServer) setupWebClientRoutes() {
Get(webClientSharePath+"/{id}", s.handleClientUpdateShareGet)
router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientSharesDisabled)).
Post(webClientSharePath+"/{id}", s.handleClientUpdateSharePost)
- router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientSharesDisabled), s.verifyCSRFHeader).
+ router.With(s.checkAuthRequirements, s.checkHTTPUserPerm(sdk.WebClientSharesDisabled), verifyCSRFHeader).
Delete(webClientSharePath+"/{id}", deleteShare)
})
}
@@ -1694,53 +1654,38 @@ func (s *httpdServer) setupWebAdminRoutes() {
r.Body = http.MaxBytesReader(w, r.Body, maxLoginBodySize)
s.redirectToWebPath(w, r, webAdminLoginPath)
})
- s.router.With(cleanCacheControlMiddleware).Get(path.Join(webStaticFilesPath, "branding/webadmin/logo.png"),
- func(w http.ResponseWriter, r *http.Request) {
- r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- renderPNGImage(w, r, dbBrandingConfig.getWebAdminLogo())
- })
- s.router.With(cleanCacheControlMiddleware).Get(path.Join(webStaticFilesPath, "branding/webadmin/favicon.png"),
- func(w http.ResponseWriter, r *http.Request) {
- r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- renderPNGImage(w, r, dbBrandingConfig.getWebAdminFavicon())
- })
s.router.Get(webAdminLoginPath, s.handleWebAdminLogin)
if s.binding.OIDC.hasRoles() && !s.binding.isWebAdminOIDCLoginDisabled() {
s.router.Get(webAdminOIDCLoginPath, s.handleWebAdminOIDCLogin)
}
s.router.Get(webOAuth2RedirectPath, s.handleOAuth2TokenRedirect)
s.router.Get(webAdminSetupPath, s.handleWebAdminSetupGet)
- s.router.With(jwt.Verify(s.csrfTokenAuth, jwt.TokenFromCookie)).
- Post(webAdminSetupPath, s.handleWebAdminSetupPost)
+ s.router.Post(webAdminSetupPath, s.handleWebAdminSetupPost)
if !s.binding.isWebAdminLoginFormDisabled() {
- s.router.With(jwt.Verify(s.csrfTokenAuth, jwt.TokenFromCookie)).
- Post(webAdminLoginPath, s.handleWebAdminLoginPost)
- s.router.With(jwt.Verify(s.tokenAuth, jwt.TokenFromCookie),
+ s.router.Post(webAdminLoginPath, s.handleWebAdminLoginPost)
+ s.router.With(jwtauth.Verify(s.tokenAuth, jwtauth.TokenFromCookie),
s.jwtAuthenticatorPartial(tokenAudienceWebAdminPartial)).
Get(webAdminTwoFactorPath, s.handleWebAdminTwoFactor)
- s.router.With(jwt.Verify(s.tokenAuth, jwt.TokenFromCookie),
+ s.router.With(jwtauth.Verify(s.tokenAuth, jwtauth.TokenFromCookie),
s.jwtAuthenticatorPartial(tokenAudienceWebAdminPartial)).
Post(webAdminTwoFactorPath, s.handleWebAdminTwoFactorPost)
- s.router.With(jwt.Verify(s.tokenAuth, jwt.TokenFromCookie),
+ s.router.With(jwtauth.Verify(s.tokenAuth, jwtauth.TokenFromCookie),
s.jwtAuthenticatorPartial(tokenAudienceWebAdminPartial)).
Get(webAdminTwoFactorRecoveryPath, s.handleWebAdminTwoFactorRecovery)
- s.router.With(jwt.Verify(s.tokenAuth, jwt.TokenFromCookie),
+ s.router.With(jwtauth.Verify(s.tokenAuth, jwtauth.TokenFromCookie),
s.jwtAuthenticatorPartial(tokenAudienceWebAdminPartial)).
Post(webAdminTwoFactorRecoveryPath, s.handleWebAdminTwoFactorRecoveryPost)
s.router.Get(webAdminForgotPwdPath, s.handleWebAdminForgotPwd)
- s.router.With(jwt.Verify(s.csrfTokenAuth, jwt.TokenFromCookie)).
- Post(webAdminForgotPwdPath, s.handleWebAdminForgotPwdPost)
- s.router.With(jwt.Verify(s.csrfTokenAuth, jwt.TokenFromCookie)).
- Get(webAdminResetPwdPath, s.handleWebAdminPasswordReset)
- s.router.With(jwt.Verify(s.csrfTokenAuth, jwt.TokenFromCookie)).
- Post(webAdminResetPwdPath, s.handleWebAdminPasswordResetPost)
+ s.router.Post(webAdminForgotPwdPath, s.handleWebAdminForgotPwdPost)
+ s.router.Get(webAdminResetPwdPath, s.handleWebAdminPasswordReset)
+ s.router.Post(webAdminResetPwdPath, s.handleWebAdminPasswordResetPost)
}
s.router.Group(func(router chi.Router) {
if s.binding.OIDC.isEnabled() {
router.Use(s.oidcTokenAuthenticator(tokenAudienceWebAdmin))
}
- router.Use(jwt.Verify(s.tokenAuth, oidcTokenFromContext, jwt.TokenFromCookie))
+ router.Use(jwtauth.Verify(s.tokenAuth, tokenFromContext, jwtauth.TokenFromCookie))
router.Use(jwtAuthenticatorWebAdmin)
router.Get(webLogoutPath, s.handleWebAdminLogout)
@@ -1752,168 +1697,167 @@ func (s *httpdServer) setupWebAdminRoutes() {
router.With(s.refreshCookie, s.requireBuiltinLogin).Get(webAdminMFAPath, s.handleWebAdminMFA)
router.With(s.refreshCookie, s.requireBuiltinLogin).Get(webAdminMFAPath+"/qrcode", getQRCode)
- router.With(s.verifyCSRFHeader, s.requireBuiltinLogin).Post(webAdminTOTPGeneratePath, generateTOTPSecret)
- router.With(s.verifyCSRFHeader, s.requireBuiltinLogin).Post(webAdminTOTPValidatePath, validateTOTPPasscode)
- router.With(s.verifyCSRFHeader, s.requireBuiltinLogin).Post(webAdminTOTPSavePath, saveTOTPConfig)
- router.With(s.verifyCSRFHeader, s.requireBuiltinLogin, s.refreshCookie).Get(webAdminRecoveryCodesPath,
+ router.With(verifyCSRFHeader, s.requireBuiltinLogin).Post(webAdminTOTPGeneratePath, generateTOTPSecret)
+ router.With(verifyCSRFHeader, s.requireBuiltinLogin).Post(webAdminTOTPValidatePath, validateTOTPPasscode)
+ router.With(verifyCSRFHeader, s.requireBuiltinLogin).Post(webAdminTOTPSavePath, saveTOTPConfig)
+ router.With(verifyCSRFHeader, s.requireBuiltinLogin, s.refreshCookie).Get(webAdminRecoveryCodesPath,
getRecoveryCodes)
- router.With(s.verifyCSRFHeader, s.requireBuiltinLogin).Post(webAdminRecoveryCodesPath, generateRecoveryCodes)
+ router.With(verifyCSRFHeader, s.requireBuiltinLogin).Post(webAdminRecoveryCodesPath, generateRecoveryCodes)
router.Group(func(router chi.Router) {
router.Use(s.checkAuthRequirements)
- router.With(s.checkPerms(dataprovider.PermAdminViewUsers), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminViewUsers), s.refreshCookie).
Get(webUsersPath, s.handleGetWebUsers)
- router.With(s.checkPerms(dataprovider.PermAdminViewUsers), compressor.Handler, s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminViewUsers), compressor.Handler, s.refreshCookie).
Get(webUsersPath+jsonAPISuffix, getAllUsers)
- router.With(s.checkPerms(dataprovider.PermAdminAddUsers), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAddUsers), s.refreshCookie).
Get(webUserPath, s.handleWebAddUserGet)
- router.With(s.checkPerms(dataprovider.PermAdminChangeUsers), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminChangeUsers), s.refreshCookie).
Get(webUserPath+"/{username}", s.handleWebUpdateUserGet)
- router.With(s.checkPerms(dataprovider.PermAdminAddUsers)).Post(webUserPath, s.handleWebAddUserPost)
- router.With(s.checkPerms(dataprovider.PermAdminChangeUsers)).Post(webUserPath+"/{username}",
+ router.With(s.checkPerm(dataprovider.PermAdminAddUsers)).Post(webUserPath, s.handleWebAddUserPost)
+ router.With(s.checkPerm(dataprovider.PermAdminChangeUsers)).Post(webUserPath+"/{username}",
s.handleWebUpdateUserPost)
- router.With(s.checkPerms(dataprovider.PermAdminManageGroups), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminManageGroups), s.refreshCookie).
Get(webGroupsPath, s.handleWebGetGroups)
- router.With(s.checkPerms(dataprovider.PermAdminManageGroups), compressor.Handler, s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminManageGroups), compressor.Handler, s.refreshCookie).
Get(webGroupsPath+jsonAPISuffix, getAllGroups)
- router.With(s.checkPerms(dataprovider.PermAdminManageGroups), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminManageGroups), s.refreshCookie).
Get(webGroupPath, s.handleWebAddGroupGet)
- router.With(s.checkPerms(dataprovider.PermAdminManageGroups)).Post(webGroupPath, s.handleWebAddGroupPost)
- router.With(s.checkPerms(dataprovider.PermAdminManageGroups), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminManageGroups)).Post(webGroupPath, s.handleWebAddGroupPost)
+ router.With(s.checkPerm(dataprovider.PermAdminManageGroups), s.refreshCookie).
Get(webGroupPath+"/{name}", s.handleWebUpdateGroupGet)
- router.With(s.checkPerms(dataprovider.PermAdminManageGroups)).Post(webGroupPath+"/{name}",
+ router.With(s.checkPerm(dataprovider.PermAdminManageGroups)).Post(webGroupPath+"/{name}",
s.handleWebUpdateGroupPost)
- router.With(s.checkPerms(dataprovider.PermAdminManageGroups), s.verifyCSRFHeader).
+ router.With(s.checkPerm(dataprovider.PermAdminManageGroups), verifyCSRFHeader).
Delete(webGroupPath+"/{name}", deleteGroup)
- router.With(s.checkPerms(dataprovider.PermAdminViewConnections), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminViewConnections), s.refreshCookie).
Get(webConnectionsPath, s.handleWebGetConnections)
- router.With(s.checkPerms(dataprovider.PermAdminViewConnections), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminViewConnections), s.refreshCookie).
Get(webConnectionsPath+jsonAPISuffix, getActiveConnections)
- router.With(s.checkPerms(dataprovider.PermAdminManageFolders), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminManageFolders), s.refreshCookie).
Get(webFoldersPath, s.handleWebGetFolders)
- router.With(s.checkPerms(dataprovider.PermAdminManageFolders), compressor.Handler, s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminManageFolders), compressor.Handler, s.refreshCookie).
Get(webFoldersPath+jsonAPISuffix, getAllFolders)
- router.With(s.checkPerms(dataprovider.PermAdminManageFolders), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminManageFolders), s.refreshCookie).
Get(webFolderPath, s.handleWebAddFolderGet)
- router.With(s.checkPerms(dataprovider.PermAdminManageFolders)).Post(webFolderPath, s.handleWebAddFolderPost)
- router.With(s.checkPerms(dataprovider.PermAdminViewServerStatus), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminManageFolders)).Post(webFolderPath, s.handleWebAddFolderPost)
+ router.With(s.checkPerm(dataprovider.PermAdminViewServerStatus), s.refreshCookie).
Get(webStatusPath, s.handleWebGetStatus)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).
Get(webAdminsPath, s.handleGetWebAdmins)
- router.With(s.checkPerms(dataprovider.PermAdminAny), compressor.Handler, s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), compressor.Handler, s.refreshCookie).
Get(webAdminsPath+jsonAPISuffix, getAllAdmins)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).
Get(webAdminPath, s.handleWebAddAdminGet)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).
Get(webAdminPath+"/{username}", s.handleWebUpdateAdminGet)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(webAdminPath, s.handleWebAddAdminPost)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(webAdminPath+"/{username}",
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(webAdminPath, s.handleWebAddAdminPost)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(webAdminPath+"/{username}",
s.handleWebUpdateAdminPost)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.verifyCSRFHeader).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), verifyCSRFHeader).
Delete(webAdminPath+"/{username}", deleteAdmin)
- router.With(s.checkPerms(dataprovider.PermAdminDisableMFA), s.verifyCSRFHeader).
+ router.With(s.checkPerm(dataprovider.PermAdminDisableMFA), verifyCSRFHeader).
Put(webAdminPath+"/{username}/2fa/disable", disableAdmin2FA)
- router.With(s.checkPerms(dataprovider.PermAdminCloseConnections), s.verifyCSRFHeader).
+ router.With(s.checkPerm(dataprovider.PermAdminCloseConnections), verifyCSRFHeader).
Delete(webConnectionsPath+"/{connectionID}", handleCloseConnection)
- router.With(s.checkPerms(dataprovider.PermAdminManageFolders), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminManageFolders), s.refreshCookie).
Get(webFolderPath+"/{name}", s.handleWebUpdateFolderGet)
- router.With(s.checkPerms(dataprovider.PermAdminManageFolders)).Post(webFolderPath+"/{name}",
+ router.With(s.checkPerm(dataprovider.PermAdminManageFolders)).Post(webFolderPath+"/{name}",
s.handleWebUpdateFolderPost)
- router.With(s.checkPerms(dataprovider.PermAdminManageFolders), s.verifyCSRFHeader).
+ router.With(s.checkPerm(dataprovider.PermAdminManageFolders), verifyCSRFHeader).
Delete(webFolderPath+"/{name}", deleteFolder)
- router.With(s.checkPerms(dataprovider.PermAdminQuotaScans), s.verifyCSRFHeader).
+ router.With(s.checkPerm(dataprovider.PermAdminQuotaScans), verifyCSRFHeader).
Post(webScanVFolderPath+"/{name}", startFolderQuotaScan)
- router.With(s.checkPerms(dataprovider.PermAdminDeleteUsers), s.verifyCSRFHeader).
+ router.With(s.checkPerm(dataprovider.PermAdminDeleteUsers), verifyCSRFHeader).
Delete(webUserPath+"/{username}", deleteUser)
- router.With(s.checkPerms(dataprovider.PermAdminDisableMFA), s.verifyCSRFHeader).
+ router.With(s.checkPerm(dataprovider.PermAdminDisableMFA), verifyCSRFHeader).
Put(webUserPath+"/{username}/2fa/disable", disableUser2FA)
- router.With(s.checkPerms(dataprovider.PermAdminQuotaScans), s.verifyCSRFHeader).
+ router.With(s.checkPerm(dataprovider.PermAdminQuotaScans), verifyCSRFHeader).
Post(webQuotaScanPath+"/{username}", startUserQuotaScan)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Get(webMaintenancePath, s.handleWebMaintenance)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Get(webBackupPath, dumpData)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(webRestorePath, s.handleWebRestore)
- router.With(s.checkPerms(dataprovider.PermAdminAddUsers, dataprovider.PermAdminChangeUsers), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Get(webMaintenancePath, s.handleWebMaintenance)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Get(webBackupPath, dumpData)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(webRestorePath, s.handleWebRestore)
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).
Get(webTemplateUser, s.handleWebTemplateUserGet)
- router.With(s.checkPerms(dataprovider.PermAdminAddUsers, dataprovider.PermAdminChangeUsers)).
- Post(webTemplateUser, s.handleWebTemplateUserPost)
- router.With(s.checkPerms(dataprovider.PermAdminManageFolders), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(webTemplateUser, s.handleWebTemplateUserPost)
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).
Get(webTemplateFolder, s.handleWebTemplateFolderGet)
- router.With(s.checkPerms(dataprovider.PermAdminManageFolders)).Post(webTemplateFolder, s.handleWebTemplateFolderPost)
- router.With(s.checkPerms(dataprovider.PermAdminViewDefender)).Get(webDefenderPath, s.handleWebDefenderPage)
- router.With(s.checkPerms(dataprovider.PermAdminViewDefender)).Get(webDefenderHostsPath, getDefenderHosts)
- router.With(s.checkPerms(dataprovider.PermAdminManageDefender), s.verifyCSRFHeader).
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(webTemplateFolder, s.handleWebTemplateFolderPost)
+ router.With(s.checkPerm(dataprovider.PermAdminViewDefender)).Get(webDefenderPath, s.handleWebDefenderPage)
+ router.With(s.checkPerm(dataprovider.PermAdminViewDefender)).Get(webDefenderHostsPath, getDefenderHosts)
+ router.With(s.checkPerm(dataprovider.PermAdminManageDefender), verifyCSRFHeader).
Delete(webDefenderHostsPath+"/{id}", deleteDefenderHostByID)
- router.With(s.checkPerms(dataprovider.PermAdminAny), compressor.Handler, s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), compressor.Handler, s.refreshCookie).
Get(webAdminEventActionsPath+jsonAPISuffix, getAllActions)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).
Get(webAdminEventActionsPath, s.handleWebGetEventActions)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).
Get(webAdminEventActionPath, s.handleWebAddEventActionGet)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(webAdminEventActionPath,
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(webAdminEventActionPath,
s.handleWebAddEventActionPost)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).
Get(webAdminEventActionPath+"/{name}", s.handleWebUpdateEventActionGet)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(webAdminEventActionPath+"/{name}",
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(webAdminEventActionPath+"/{name}",
s.handleWebUpdateEventActionPost)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.verifyCSRFHeader).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), verifyCSRFHeader).
Delete(webAdminEventActionPath+"/{name}", deleteEventAction)
- router.With(s.checkPerms(dataprovider.PermAdminAny), compressor.Handler, s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), compressor.Handler, s.refreshCookie).
Get(webAdminEventRulesPath+jsonAPISuffix, getAllRules)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).
Get(webAdminEventRulesPath, s.handleWebGetEventRules)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).
Get(webAdminEventRulePath, s.handleWebAddEventRuleGet)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(webAdminEventRulePath,
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(webAdminEventRulePath,
s.handleWebAddEventRulePost)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).
Get(webAdminEventRulePath+"/{name}", s.handleWebUpdateEventRuleGet)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(webAdminEventRulePath+"/{name}",
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(webAdminEventRulePath+"/{name}",
s.handleWebUpdateEventRulePost)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.verifyCSRFHeader).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), verifyCSRFHeader).
Delete(webAdminEventRulePath+"/{name}", deleteEventRule)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.verifyCSRFHeader).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), verifyCSRFHeader).
Post(webAdminEventRulePath+"/run/{name}", runOnDemandRule)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).
Get(webAdminRolesPath, s.handleWebGetRoles)
- router.With(s.checkPerms(dataprovider.PermAdminAny), compressor.Handler, s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), compressor.Handler, s.refreshCookie).
Get(webAdminRolesPath+jsonAPISuffix, getAllRoles)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).
Get(webAdminRolePath, s.handleWebAddRoleGet)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(webAdminRolePath, s.handleWebAddRolePost)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(webAdminRolePath, s.handleWebAddRolePost)
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).
Get(webAdminRolePath+"/{name}", s.handleWebUpdateRoleGet)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(webAdminRolePath+"/{name}",
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(webAdminRolePath+"/{name}",
s.handleWebUpdateRolePost)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.verifyCSRFHeader).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), verifyCSRFHeader).
Delete(webAdminRolePath+"/{name}", deleteRole)
- router.With(s.checkPerms(dataprovider.PermAdminViewEvents), s.refreshCookie).Get(webEventsPath,
+ router.With(s.checkPerm(dataprovider.PermAdminViewEvents), s.refreshCookie).Get(webEventsPath,
s.handleWebGetEvents)
- router.With(s.checkPerms(dataprovider.PermAdminViewEvents), compressor.Handler, s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminViewEvents), compressor.Handler, s.refreshCookie).
Get(webEventsFsSearchPath, searchFsEvents)
- router.With(s.checkPerms(dataprovider.PermAdminViewEvents), compressor.Handler, s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminViewEvents), compressor.Handler, s.refreshCookie).
Get(webEventsProviderSearchPath, searchProviderEvents)
- router.With(s.checkPerms(dataprovider.PermAdminViewEvents), compressor.Handler, s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminViewEvents), compressor.Handler, s.refreshCookie).
Get(webEventsLogSearchPath, searchLogEvents)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Get(webIPListsPath, s.handleWebIPListsPage)
- router.With(s.checkPerms(dataprovider.PermAdminAny), compressor.Handler, s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Get(webIPListsPath, s.handleWebIPListsPage)
+ router.With(s.checkPerm(dataprovider.PermAdminAny), compressor.Handler, s.refreshCookie).
Get(webIPListsPath+"/{type}", getIPListEntries)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.refreshCookie).Get(webIPListPath+"/{type}",
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).Get(webIPListPath+"/{type}",
s.handleWebAddIPListEntryGet)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(webIPListPath+"/{type}",
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(webIPListPath+"/{type}",
s.handleWebAddIPListEntryPost)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.refreshCookie).Get(webIPListPath+"/{type}/{ipornet}",
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).Get(webIPListPath+"/{type}/{ipornet}",
s.handleWebUpdateIPListEntryGet)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(webIPListPath+"/{type}/{ipornet}",
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(webIPListPath+"/{type}/{ipornet}",
s.handleWebUpdateIPListEntryPost)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.verifyCSRFHeader).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), verifyCSRFHeader).
Delete(webIPListPath+"/{type}/{ipornet}", deleteIPListEntry)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.refreshCookie).Get(webConfigsPath, s.handleWebConfigs)
- router.With(s.checkPerms(dataprovider.PermAdminAny)).Post(webConfigsPath, s.handleWebConfigsPost)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.verifyCSRFHeader, s.refreshCookie).
+ router.With(s.checkPerm(dataprovider.PermAdminAny), s.refreshCookie).Get(webConfigsPath, s.handleWebConfigs)
+ router.With(s.checkPerm(dataprovider.PermAdminAny)).Post(webConfigsPath, s.handleWebConfigsPost)
+ router.With(s.checkPerm(dataprovider.PermAdminAny), verifyCSRFHeader, s.refreshCookie).
Post(webConfigsPath+"/smtp/test", testSMTPConfig)
- router.With(s.checkPerms(dataprovider.PermAdminAny), s.verifyCSRFHeader, s.refreshCookie).
- Post(webOAuth2TokenPath, s.handleSMTPOAuth2TokenRequestPost)
+ router.With(s.checkPerm(dataprovider.PermAdminAny), verifyCSRFHeader, s.refreshCookie).
+ Post(webOAuth2TokenPath, handleSMTPOAuth2TokenRequestPost)
})
})
}
diff --git a/internal/httpd/token.go b/internal/httpd/token.go
index 4a0f9873..93413281 100644
--- a/internal/httpd/token.go
+++ b/internal/httpd/token.go
@@ -86,7 +86,7 @@ func (m *dbTokenManager) Add(token string, expiresAt time.Time) {
func (m *dbTokenManager) Get(token string) bool {
key := m.getKey(token)
- _, err := dataprovider.GetSharedSession(key, dataprovider.SessionTypeInvalidToken)
+ _, err := dataprovider.GetSharedSession(key)
return err == nil
}
diff --git a/internal/httpd/web.go b/internal/httpd/web.go
index da7e7542..35b2cd7b 100644
--- a/internal/httpd/web.go
+++ b/internal/httpd/web.go
@@ -27,20 +27,23 @@ import (
)
const (
- webDateTimeFormat = "2006-01-02 15:04:05" // YYYY-MM-DD HH:MM:SS
- redactedSecret = "[**redacted**]"
- csrfFormToken = "_form_token"
- csrfHeaderToken = "X-CSRF-TOKEN"
- templateCommonDir = "common"
- templateTwoFactor = "twofactor.html"
- templateTwoFactorRecovery = "twofactor-recovery.html"
- templateForgotPassword = "forgot-password.html"
- templateResetPassword = "reset-password.html"
- templateChangePwd = "changepassword.html"
- templateMessage = "message.html"
- templateCommonBase = "base.html"
- templateCommonBaseLogin = "baselogin.html"
- templateCommonLogin = "login.html"
+ pageMFATitle = "Two-factor authentication"
+ pageTwoFactorTitle = "Two-Factor authentication"
+ pageTwoFactorRecoveryTitle = "Two-Factor recovery"
+ webDateTimeFormat = "2006-01-02 15:04:05" // YYYY-MM-DD HH:MM:SS
+ redactedSecret = "[**redacted**]"
+ csrfFormToken = "_form_token"
+ csrfHeaderToken = "X-CSRF-TOKEN"
+ templateCommonDir = "common"
+ templateTwoFactor = "twofactor.html"
+ templateTwoFactorRecovery = "twofactor-recovery.html"
+ templateForgotPassword = "forgot-password.html"
+ templateResetPassword = "reset-password.html"
+ templateChangePwd = "changepassword.html"
+ templateMessage = "message.html"
+ templateCommonBase = "base.html"
+ templateCommonBaseLogin = "baselogin.html"
+ templateCommonLogin = "login.html"
)
var (
@@ -64,7 +67,6 @@ type loginPage struct {
OpenIDLoginURL string
Title string
Branding UIBranding
- Languages []string
FormDisabled bool
CheckRedirect bool
}
@@ -77,7 +79,6 @@ type twoFactorPage struct {
RecoveryURL string
Title string
Branding UIBranding
- Languages []string
CheckRedirect bool
}
@@ -89,7 +90,6 @@ type forgotPwdPage struct {
LoginURL string
Title string
Branding UIBranding
- Languages []string
CheckRedirect bool
}
@@ -101,13 +101,12 @@ type resetPwdPage struct {
LoginURL string
Title string
Branding UIBranding
- Languages []string
CheckRedirect bool
}
func getSliceFromDelimitedValues(values, delimiter string) []string {
result := []string{}
- for v := range strings.SplitSeq(values, delimiter) {
+ for _, v := range strings.Split(values, delimiter) {
cleaned := strings.TrimSpace(v)
if cleaned != "" {
result = append(result, cleaned)
diff --git a/internal/httpd/webadmin.go b/internal/httpd/webadmin.go
index a565c05e..c4158a6b 100644
--- a/internal/httpd/webadmin.go
+++ b/internal/httpd/webadmin.go
@@ -16,7 +16,6 @@ package httpd
import (
"context"
- "crypto/rand"
"encoding/json"
"errors"
"fmt"
@@ -26,21 +25,18 @@ import (
"net/url"
"os"
"path/filepath"
- "slices"
"sort"
"strconv"
"strings"
"time"
+ "github.com/go-chi/render"
"github.com/sftpgo/sdk"
sdkkms "github.com/sftpgo/sdk/kms"
- "golang.org/x/oauth2"
"github.com/drakkan/sftpgo/v2/internal/acme"
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/ftpd"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/kms"
"github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/mfa"
@@ -48,7 +44,6 @@ import (
"github.com/drakkan/sftpgo/v2/internal/smtp"
"github.com/drakkan/sftpgo/v2/internal/util"
"github.com/drakkan/sftpgo/v2/internal/vfs"
- "github.com/drakkan/sftpgo/v2/internal/webdavd"
)
type userPageMode int
@@ -75,36 +70,37 @@ const (
)
const (
- templateAdminDir = "webadmin"
- templateBase = "base.html"
- templateFsConfig = "fsconfig.html"
- templateUsers = "users.html"
- templateUser = "user.html"
- templateAdmins = "admins.html"
- templateAdmin = "admin.html"
- templateConnections = "connections.html"
- templateGroups = "groups.html"
- templateGroup = "group.html"
- templateFolders = "folders.html"
- templateFolder = "folder.html"
- templateEventRules = "eventrules.html"
- templateEventRule = "eventrule.html"
- templateEventActions = "eventactions.html"
- templateEventAction = "eventaction.html"
- templateRoles = "roles.html"
- templateRole = "role.html"
- templateEvents = "events.html"
- templateStatus = "status.html"
- templateDefender = "defender.html"
- templateIPLists = "iplists.html"
- templateIPList = "iplist.html"
- templateConfigs = "configs.html"
- templateProfile = "profile.html"
- templateMaintenance = "maintenance.html"
- templateMFA = "mfa.html"
- templateSetup = "adminsetup.html"
- defaultQueryLimit = 1000
- inversePatternType = "inverse"
+ templateAdminDir = "webadmin"
+ templateBase = "base.html"
+ templateFsConfig = "fsconfig.html"
+ templateSharedComponents = "sharedcomponents.html"
+ templateUsers = "users.html"
+ templateUser = "user.html"
+ templateAdmins = "admins.html"
+ templateAdmin = "admin.html"
+ templateConnections = "connections.html"
+ templateGroups = "groups.html"
+ templateGroup = "group.html"
+ templateFolders = "folders.html"
+ templateFolder = "folder.html"
+ templateEventRules = "eventrules.html"
+ templateEventRule = "eventrule.html"
+ templateEventActions = "eventactions.html"
+ templateEventAction = "eventaction.html"
+ templateRoles = "roles.html"
+ templateRole = "role.html"
+ templateEvents = "events.html"
+ templateStatus = "status.html"
+ templateDefender = "defender.html"
+ templateIPLists = "iplists.html"
+ templateIPList = "iplist.html"
+ templateConfigs = "configs.html"
+ templateProfile = "profile.html"
+ templateMaintenance = "maintenance.html"
+ templateMFA = "mfa.html"
+ templateSetup = "adminsetup.html"
+ defaultQueryLimit = 1000
+ inversePatternType = "inverse"
)
var (
@@ -154,9 +150,7 @@ type basePage struct {
HasSearcher bool
HasExternalLogin bool
LoggedUser *dataprovider.Admin
- IsLoggedToShare bool
Branding UIBranding
- Languages []string
}
type statusPage struct {
@@ -190,7 +184,6 @@ type userPage struct {
Roles []dataprovider.Role
CanImpersonate bool
FsWrapper fsWrapper
- CanUseTLSCerts bool
}
type adminPage struct {
@@ -264,7 +257,6 @@ type setupPage struct {
HideSupportLink bool
Title string
Branding UIBranding
- Languages []string
CheckRedirect bool
}
@@ -337,7 +329,6 @@ type configsPage struct {
RedactedSecret string
OAuth2TokenURL string
OAuth2RedirectURL string
- WebClientBranding UIBranding
Error *util.I18nError
}
@@ -349,10 +340,9 @@ type messagePage struct {
}
type userTemplateFields struct {
- Username string
- Password string
- PublicKeys []string
- RequirePwdChange bool
+ Username string
+ Password string
+ PublicKeys []string
}
func loadAdminTemplates(templatesPath string) {
@@ -624,10 +614,10 @@ func isServerManagerResource(currentURL string) bool {
currentURL == webConfigsPath
}
-func (s *httpdServer) getBasePageData(title, currentURL string, w http.ResponseWriter, r *http.Request) basePage {
+func (s *httpdServer) getBasePageData(title, currentURL string, r *http.Request) basePage {
var csrfToken string
if currentURL != "" {
- csrfToken = createCSRFToken(w, r, s.csrfTokenAuth, "", webBaseAdminPath)
+ csrfToken = createCSRFToken(util.GetIPFromRemoteAddress(r.RemoteAddr))
}
return basePage{
commonBasePage: getCommonBasePage(r),
@@ -672,8 +662,7 @@ func (s *httpdServer) getBasePageData(title, currentURL string, w http.ResponseW
HasSearcher: plugin.Handler.HasSearcher(),
HasExternalLogin: isLoggedInWithOIDC(r),
CSRFToken: csrfToken,
- Branding: s.binding.webAdminBranding(),
- Languages: s.binding.languages(),
+ Branding: s.binding.Branding.WebAdmin,
}
}
@@ -688,7 +677,7 @@ func (s *httpdServer) renderMessagePageWithString(w http.ResponseWriter, r *http
err error, message, text string,
) {
data := messagePage{
- basePage: s.getBasePageData(title, "", w, r),
+ basePage: s.getBasePageData(title, "", r),
Error: getI18nError(err),
Success: message,
Text: text,
@@ -723,64 +712,60 @@ func (s *httpdServer) renderNotFoundPage(w http.ResponseWriter, r *http.Request,
util.NewI18nError(err, util.I18nError404Message), "")
}
-func (s *httpdServer) renderForgotPwdPage(w http.ResponseWriter, r *http.Request, err *util.I18nError) {
+func (s *httpdServer) renderForgotPwdPage(w http.ResponseWriter, r *http.Request, err *util.I18nError, ip string) {
data := forgotPwdPage{
commonBasePage: getCommonBasePage(r),
CurrentURL: webAdminForgotPwdPath,
Error: err,
- CSRFToken: createCSRFToken(w, r, s.csrfTokenAuth, rand.Text(), webBaseAdminPath),
+ CSRFToken: createCSRFToken(ip),
LoginURL: webAdminLoginPath,
Title: util.I18nForgotPwdTitle,
- Branding: s.binding.webAdminBranding(),
- Languages: s.binding.languages(),
+ Branding: s.binding.Branding.WebAdmin,
}
renderAdminTemplate(w, templateForgotPassword, data)
}
-func (s *httpdServer) renderResetPwdPage(w http.ResponseWriter, r *http.Request, err *util.I18nError) {
+func (s *httpdServer) renderResetPwdPage(w http.ResponseWriter, r *http.Request, err *util.I18nError, ip string) {
data := resetPwdPage{
commonBasePage: getCommonBasePage(r),
CurrentURL: webAdminResetPwdPath,
Error: err,
- CSRFToken: createCSRFToken(w, r, s.csrfTokenAuth, "", webBaseAdminPath),
+ CSRFToken: createCSRFToken(ip),
LoginURL: webAdminLoginPath,
Title: util.I18nResetPwdTitle,
- Branding: s.binding.webAdminBranding(),
- Languages: s.binding.languages(),
+ Branding: s.binding.Branding.WebAdmin,
}
renderAdminTemplate(w, templateResetPassword, data)
}
-func (s *httpdServer) renderTwoFactorPage(w http.ResponseWriter, r *http.Request, err *util.I18nError) {
+func (s *httpdServer) renderTwoFactorPage(w http.ResponseWriter, r *http.Request, err *util.I18nError, ip string) {
data := twoFactorPage{
commonBasePage: getCommonBasePage(r),
- Title: util.I18n2FATitle,
+ Title: pageTwoFactorTitle,
CurrentURL: webAdminTwoFactorPath,
Error: err,
- CSRFToken: createCSRFToken(w, r, s.csrfTokenAuth, "", webBaseAdminPath),
+ CSRFToken: createCSRFToken(ip),
RecoveryURL: webAdminTwoFactorRecoveryPath,
- Branding: s.binding.webAdminBranding(),
- Languages: s.binding.languages(),
+ Branding: s.binding.Branding.WebAdmin,
}
renderAdminTemplate(w, templateTwoFactor, data)
}
-func (s *httpdServer) renderTwoFactorRecoveryPage(w http.ResponseWriter, r *http.Request, err *util.I18nError) {
+func (s *httpdServer) renderTwoFactorRecoveryPage(w http.ResponseWriter, r *http.Request, err *util.I18nError, ip string) {
data := twoFactorPage{
commonBasePage: getCommonBasePage(r),
- Title: util.I18n2FATitle,
+ Title: pageTwoFactorRecoveryTitle,
CurrentURL: webAdminTwoFactorRecoveryPath,
Error: err,
- CSRFToken: createCSRFToken(w, r, s.csrfTokenAuth, "", webBaseAdminPath),
- Branding: s.binding.webAdminBranding(),
- Languages: s.binding.languages(),
+ CSRFToken: createCSRFToken(ip),
+ Branding: s.binding.Branding.WebAdmin,
}
renderAdminTemplate(w, templateTwoFactorRecovery, data)
}
func (s *httpdServer) renderMFAPage(w http.ResponseWriter, r *http.Request) {
data := mfaPage{
- basePage: s.getBasePageData(util.I18n2FATitle, webAdminMFAPath, w, r),
+ basePage: s.getBasePageData(pageMFATitle, webAdminMFAPath, r),
TOTPConfigs: mfa.GetAvailableTOTPConfigNames(),
GenerateTOTPURL: webAdminTOTPGeneratePath,
ValidateTOTPURL: webAdminTOTPValidatePath,
@@ -799,7 +784,7 @@ func (s *httpdServer) renderMFAPage(w http.ResponseWriter, r *http.Request) {
func (s *httpdServer) renderProfilePage(w http.ResponseWriter, r *http.Request, err error) {
data := profilePage{
- basePage: s.getBasePageData(util.I18nProfileTitle, webAdminProfilePath, w, r),
+ basePage: s.getBasePageData(util.I18nProfileTitle, webAdminProfilePath, r),
Error: getI18nError(err),
}
admin, err := dataprovider.AdminExists(data.LoggedUser.Username)
@@ -816,7 +801,7 @@ func (s *httpdServer) renderProfilePage(w http.ResponseWriter, r *http.Request,
func (s *httpdServer) renderChangePasswordPage(w http.ResponseWriter, r *http.Request, err *util.I18nError) {
data := changePasswordPage{
- basePage: s.getBasePageData(util.I18nChangePwdTitle, webChangeAdminPwdPath, w, r),
+ basePage: s.getBasePageData(util.I18nChangePwdTitle, webChangeAdminPwdPath, r),
Error: err,
}
@@ -825,7 +810,7 @@ func (s *httpdServer) renderChangePasswordPage(w http.ResponseWriter, r *http.Re
func (s *httpdServer) renderMaintenancePage(w http.ResponseWriter, r *http.Request, err error) {
data := maintenancePage{
- basePage: s.getBasePageData(util.I18nMaintenanceTitle, webMaintenancePath, w, r),
+ basePage: s.getBasePageData(util.I18nMaintenanceTitle, webMaintenancePath, r),
BackupPath: webBackupPath,
RestorePath: webRestorePath,
Error: getI18nError(err),
@@ -847,32 +832,30 @@ func (s *httpdServer) renderConfigsPage(w http.ResponseWriter, r *http.Request,
configs.ACME.HTTP01Challenge.Port = 80
}
data := configsPage{
- basePage: s.getBasePageData(util.I18nConfigsTitle, webConfigsPath, w, r),
+ basePage: s.getBasePageData(util.I18nConfigsTitle, webConfigsPath, r),
Configs: configs,
ConfigSection: section,
RedactedSecret: redactedSecret,
OAuth2TokenURL: webOAuth2TokenPath,
OAuth2RedirectURL: webOAuth2RedirectPath,
- WebClientBranding: s.binding.webClientBranding(),
Error: getI18nError(err),
}
renderAdminTemplate(w, templateConfigs, data)
}
-func (s *httpdServer) renderAdminSetupPage(w http.ResponseWriter, r *http.Request, username string, err *util.I18nError) {
+func (s *httpdServer) renderAdminSetupPage(w http.ResponseWriter, r *http.Request, username, ip string, err *util.I18nError) {
data := setupPage{
commonBasePage: getCommonBasePage(r),
Title: util.I18nSetupTitle,
CurrentURL: webAdminSetupPath,
- CSRFToken: createCSRFToken(w, r, s.csrfTokenAuth, rand.Text(), webBaseAdminPath),
+ CSRFToken: createCSRFToken(ip),
Username: username,
HasInstallationCode: installationCode != "",
InstallationCodeHint: installationCodeHint,
HideSupportLink: hideSupportLink,
Error: err,
- Branding: s.binding.webAdminBranding(),
- Languages: s.binding.languages(),
+ Branding: s.binding.Branding.WebAdmin,
}
renderAdminTemplate(w, templateSetup, data)
@@ -895,7 +878,7 @@ func (s *httpdServer) renderAddUpdateAdminPage(w http.ResponseWriter, r *http.Re
title = util.I18nUpdateAdminTitle
}
data := adminPage{
- basePage: s.getBasePageData(title, currentURL, w, r),
+ basePage: s.getBasePageData(title, currentURL, r),
Admin: admin,
Groups: groups,
Roles: roles,
@@ -936,7 +919,7 @@ func (s *httpdServer) renderUserPage(w http.ResponseWriter, r *http.Request, use
}
}
user.FsConfig.RedactedSecret = redactedSecret
- basePage := s.getBasePageData(title, currentURL, w, r)
+ basePage := s.getBasePageData(title, currentURL, r)
if (mode == userPageModeAdd || mode == userPageModeTemplate) && len(user.Groups) == 0 && admin != nil {
for _, group := range admin.Groups {
user.Groups = append(user.Groups, sdk.GroupMapping{
@@ -976,7 +959,6 @@ func (s *httpdServer) renderUserPage(w http.ResponseWriter, r *http.Request, use
Groups: groups,
Roles: roles,
CanImpersonate: os.Getuid() == 0,
- CanUseTLSCerts: ftpd.GetStatus().IsActive || webdavd.GetStatus().IsActive,
FsWrapper: fsWrapper{
Filesystem: user.FsConfig,
IsUserPage: true,
@@ -1002,7 +984,7 @@ func (s *httpdServer) renderIPListPage(w http.ResponseWriter, r *http.Request, e
currentURL = fmt.Sprintf("%s/%d/%s", webIPListPath, entry.Type, url.PathEscape(entry.IPOrNet))
}
data := ipListPage{
- basePage: s.getBasePageData(title, currentURL, w, r),
+ basePage: s.getBasePageData(title, currentURL, r),
Error: getI18nError(err),
Entry: &entry,
Mode: mode,
@@ -1023,7 +1005,7 @@ func (s *httpdServer) renderRolePage(w http.ResponseWriter, r *http.Request, rol
currentURL = fmt.Sprintf("%s/%s", webAdminRolePath, url.PathEscape(role.Name))
}
data := rolePage{
- basePage: s.getBasePageData(title, currentURL, w, r),
+ basePage: s.getBasePageData(title, currentURL, r),
Error: getI18nError(err),
Role: &role,
Mode: mode,
@@ -1053,7 +1035,7 @@ func (s *httpdServer) renderGroupPage(w http.ResponseWriter, r *http.Request, gr
group.UserSettings.FsConfig.SetEmptySecretsIfNil()
data := groupPage{
- basePage: s.getBasePageData(title, currentURL, w, r),
+ basePage: s.getBasePageData(title, currentURL, r),
Error: getI18nError(err),
Group: &group,
Mode: mode,
@@ -1098,7 +1080,7 @@ func (s *httpdServer) renderEventActionPage(w http.ResponseWriter, r *http.Reque
}
data := eventActionPage{
- basePage: s.getBasePageData(title, currentURL, w, r),
+ basePage: s.getBasePageData(title, currentURL, r),
Action: action,
ActionTypes: dataprovider.EventActionTypes,
FsActions: dataprovider.FsActionTypes,
@@ -1129,7 +1111,7 @@ func (s *httpdServer) renderEventRulePage(w http.ResponseWriter, r *http.Request
}
data := eventRulePage{
- basePage: s.getBasePageData(title, currentURL, w, r),
+ basePage: s.getBasePageData(title, currentURL, r),
Rule: rule,
TriggerTypes: dataprovider.EventTriggerTypes,
Actions: actions,
@@ -1163,7 +1145,7 @@ func (s *httpdServer) renderFolderPage(w http.ResponseWriter, r *http.Request, f
folder.FsConfig.SetEmptySecretsIfNil()
data := folderPage{
- basePage: s.getBasePageData(title, currentURL, w, r),
+ basePage: s.getBasePageData(title, currentURL, r),
Error: getI18nError(err),
Folder: folder,
Mode: mode,
@@ -1227,10 +1209,9 @@ func getUsersForTemplate(r *http.Request) []userTemplateFields {
users[username] = true
res = append(res, userTemplateFields{
- Username: username,
- Password: password,
- PublicKeys: []string{publicKey},
- RequirePwdChange: r.Form.Get("tpl_require_password_change") != "",
+ Username: username,
+ Password: password,
+ PublicKeys: []string{publicKey},
})
}
@@ -1506,13 +1487,13 @@ func getFiltersFromUserPostFields(r *http.Request) (sdk.BaseUserFilters, error)
filters.PasswordStrength = passwordStrength
filters.AccessTime = getAccessTimeRestrictionsFromPostFields(r)
hooks := r.Form["hooks"]
- if slices.Contains(hooks, "external_auth_disabled") {
+ if util.Contains(hooks, "external_auth_disabled") {
filters.Hooks.ExternalAuthDisabled = true
}
- if slices.Contains(hooks, "pre_login_disabled") {
+ if util.Contains(hooks, "pre_login_disabled") {
filters.Hooks.PreLoginDisabled = true
}
- if slices.Contains(hooks, "check_password_disabled") {
+ if util.Contains(hooks, "check_password_disabled") {
filters.Hooks.CheckPasswordDisabled = true
}
filters.IsAnonymous = r.Form.Get("is_anonymous") != ""
@@ -1546,7 +1527,6 @@ func getS3Config(r *http.Request) (vfs.S3FsConfig, error) {
config.AccessKey = strings.TrimSpace(r.Form.Get("s3_access_key"))
config.RoleARN = strings.TrimSpace(r.Form.Get("s3_role_arn"))
config.AccessSecret = getSecretFromFormField(r, "s3_access_secret")
- config.SSECustomerKey = getSecretFromFormField(r, "s3_sse_customer_key")
config.Endpoint = strings.TrimSpace(r.Form.Get("s3_endpoint"))
config.StorageClass = strings.TrimSpace(r.Form.Get("s3_storage_class"))
config.ACL = strings.TrimSpace(r.Form.Get("s3_acl"))
@@ -1603,7 +1583,7 @@ func getGCSConfig(r *http.Request) (vfs.GCSFsConfig, error) {
config.AutomaticCredentials = 0
}
credentials, _, err := r.FormFile("gcs_credential_file")
- if errors.Is(err, http.ErrMissingFile) {
+ if err == http.ErrMissingFile {
return config, nil
}
if err != nil {
@@ -1872,10 +1852,6 @@ func getS3FsFromTemplate(fsConfig vfs.S3FsConfig, replacements map[string]string
payload := replacePlaceholders(fsConfig.AccessSecret.GetPayload(), replacements)
fsConfig.AccessSecret = kms.NewPlainSecret(payload)
}
- if fsConfig.SSECustomerKey != nil && fsConfig.SSECustomerKey.IsPlain() {
- payload := replacePlaceholders(fsConfig.SSECustomerKey.GetPayload(), replacements)
- fsConfig.SSECustomerKey = kms.NewPlainSecret(payload)
- }
return fsConfig
}
@@ -1913,7 +1889,6 @@ func getUserFromTemplate(user dataprovider.User, template userTemplateFields) da
user.Username = template.Username
user.Password = template.Password
user.PublicKeys = template.PublicKeys
- user.Filters.RequirePasswordChange = template.RequirePwdChange
replacements := make(map[string]string)
replacements["%username%"] = user.Username
if user.Password != "" && !user.IsPasswordHashed() {
@@ -1995,13 +1970,6 @@ func updateRepeaterFormFields(r *http.Request) {
}
continue
}
- if hasPrefixAndSuffix(k, "additional_emails[", "][additional_email]") {
- email := strings.TrimSpace(r.Form.Get(k))
- if email != "" {
- r.Form.Add("additional_emails", email)
- }
- continue
- }
if hasPrefixAndSuffix(k, "virtual_folders[", "][vfolder_path]") {
base, _ := strings.CutSuffix(k, "[vfolder_path]")
r.Form.Add("vfolder_path", strings.TrimSpace(r.Form.Get(k)))
@@ -2135,7 +2103,6 @@ func getUserFromPostFields(r *http.Request) (dataprovider.User, error) {
Filters: dataprovider.UserFilters{
BaseUserFilters: filters,
RequirePasswordChange: r.Form.Get("require_password_change") != "",
- AdditionalEmails: r.Form["additional_emails"],
},
VirtualFolders: getVirtualFoldersFromPostFields(r),
FsConfig: fsConfig,
@@ -2232,28 +2199,6 @@ func getKeyValsFromPostFields(r *http.Request, key, val string) []dataprovider.K
return res
}
-func getRenameConfigsFromPostFields(r *http.Request) []dataprovider.RenameConfig {
- var res []dataprovider.RenameConfig
- keys := r.Form["fs_rename_source"]
- values := r.Form["fs_rename_target"]
-
- for idx, k := range keys {
- v := values[idx]
- if k != "" && v != "" {
- opts := r.Form["fs_rename_options"+strconv.Itoa(idx)]
- res = append(res, dataprovider.RenameConfig{
- KeyValue: dataprovider.KeyValue{
- Key: k,
- Value: v,
- },
- UpdateModTime: slices.Contains(opts, "1"),
- })
- }
- }
-
- return res
-}
-
func getFoldersRetentionFromPostFields(r *http.Request) ([]dataprovider.FolderRetention, error) {
var res []dataprovider.FolderRetention
paths := r.Form["folder_retention_path"]
@@ -2269,7 +2214,7 @@ func getFoldersRetentionFromPostFields(r *http.Request) ([]dataprovider.FolderRe
res = append(res, dataprovider.FolderRetention{
Path: p,
Retention: retention,
- DeleteEmptyDirs: slices.Contains(opts, "1"),
+ DeleteEmptyDirs: util.Contains(opts, "1"),
})
}
}
@@ -2363,8 +2308,6 @@ func updateRepeaterFormActionFields(r *http.Request) {
base, _ := strings.CutSuffix(k, "[fs_rename_source]")
r.Form.Add("fs_rename_source", strings.TrimSpace(r.Form.Get(k)))
r.Form.Add("fs_rename_target", strings.TrimSpace(r.Form.Get(base+"[fs_rename_target]")))
- r.Form["fs_rename_options"+strconv.Itoa(len(r.Form["fs_rename_source"])-1)] =
- r.Form[base+"[fs_rename_options][]"]
continue
}
if hasPrefixAndSuffix(k, "fs_copy[", "][fs_copy_source]") {
@@ -2453,7 +2396,7 @@ func getEventActionOptionsFromPostFields(r *http.Request) (dataprovider.BaseEven
},
FsConfig: dataprovider.EventActionFilesystemConfig{
Type: fsActionType,
- Renames: getRenameConfigsFromPostFields(r),
+ Renames: getKeyValsFromPostFields(r, "fs_rename_source", "fs_rename_target"),
Deletes: getSliceFromDelimitedValues(r.Form.Get("fs_delete_paths"), ","),
MkDirs: getSliceFromDelimitedValues(r.Form.Get("fs_mkdir_paths"), ","),
Exist: getSliceFromDelimitedValues(r.Form.Get("fs_exist_paths"), ","),
@@ -2621,9 +2564,9 @@ func getEventRuleActionsFromPostFields(r *http.Request) []dataprovider.EventActi
},
Order: order + 1,
Options: dataprovider.EventActionOptions{
- IsFailureAction: slices.Contains(options, "1"),
- StopOnFailure: slices.Contains(options, "2"),
- ExecuteSync: slices.Contains(options, "3"),
+ IsFailureAction: util.Contains(options, "1"),
+ StopOnFailure: util.Contains(options, "2"),
+ ExecuteSync: util.Contains(options, "3"),
},
})
}
@@ -2826,95 +2769,31 @@ func getSMTPConfigsFromPostFields(r *http.Request) *dataprovider.SMTPConfigs {
}
}
-func getImageInputBytes(r *http.Request, fieldName, removeFieldName string, defaultVal []byte) ([]byte, error) {
- var result []byte
- remove := r.Form.Get(removeFieldName)
- if remove == "" || remove == "0" {
- result = defaultVal
- }
- f, _, err := r.FormFile(fieldName)
- if err != nil {
- if errors.Is(err, http.ErrMissingFile) {
- return result, nil
- }
- return nil, err
- }
- defer f.Close()
-
- return io.ReadAll(f)
-}
-
-func getBrandingConfigFromPostFields(r *http.Request, config *dataprovider.BrandingConfigs) (
- *dataprovider.BrandingConfigs, error,
-) {
- if config == nil {
- config = &dataprovider.BrandingConfigs{}
- }
- adminLogo, err := getImageInputBytes(r, "branding_webadmin_logo", "branding_webadmin_logo_remove", config.WebAdmin.Logo)
- if err != nil {
- return nil, util.NewI18nError(err, util.I18nErrorInvalidForm)
- }
- adminFavicon, err := getImageInputBytes(r, "branding_webadmin_favicon", "branding_webadmin_favicon_remove",
- config.WebAdmin.Favicon)
- if err != nil {
- return nil, util.NewI18nError(err, util.I18nErrorInvalidForm)
- }
- clientLogo, err := getImageInputBytes(r, "branding_webclient_logo", "branding_webclient_logo_remove",
- config.WebClient.Logo)
- if err != nil {
- return nil, util.NewI18nError(err, util.I18nErrorInvalidForm)
- }
- clientFavicon, err := getImageInputBytes(r, "branding_webclient_favicon", "branding_webclient_favicon_remove",
- config.WebClient.Favicon)
- if err != nil {
- return nil, util.NewI18nError(err, util.I18nErrorInvalidForm)
- }
-
- branding := &dataprovider.BrandingConfigs{
- WebAdmin: dataprovider.BrandingConfig{
- Name: strings.TrimSpace(r.Form.Get("branding_webadmin_name")),
- ShortName: strings.TrimSpace(r.Form.Get("branding_webadmin_short_name")),
- Logo: adminLogo,
- Favicon: adminFavicon,
- DisclaimerName: strings.TrimSpace(r.Form.Get("branding_webadmin_disclaimer_name")),
- DisclaimerURL: strings.TrimSpace(r.Form.Get("branding_webadmin_disclaimer_url")),
- },
- WebClient: dataprovider.BrandingConfig{
- Name: strings.TrimSpace(r.Form.Get("branding_webclient_name")),
- ShortName: strings.TrimSpace(r.Form.Get("branding_webclient_short_name")),
- Logo: clientLogo,
- Favicon: clientFavicon,
- DisclaimerName: strings.TrimSpace(r.Form.Get("branding_webclient_disclaimer_name")),
- DisclaimerURL: strings.TrimSpace(r.Form.Get("branding_webclient_disclaimer_url")),
- },
- }
- return branding, nil
-}
-
func (s *httpdServer) handleWebAdminForgotPwd(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
if !smtp.IsEnabled() {
s.renderNotFoundPage(w, r, errors.New("this page does not exist"))
return
}
- s.renderForgotPwdPage(w, r, nil)
+ s.renderForgotPwdPage(w, r, nil, util.GetIPFromRemoteAddress(r.RemoteAddr))
}
func (s *httpdServer) handleWebAdminForgotPwdPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
+ ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
err := r.ParseForm()
if err != nil {
- s.renderForgotPwdPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm))
+ s.renderForgotPwdPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm), ipAddr)
return
}
- if err := verifyLoginCookieAndCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
err = handleForgotPassword(r, r.Form.Get("username"), true)
if err != nil {
- s.renderForgotPwdPage(w, r, util.NewI18nError(err, util.I18nErrorPwdResetGeneric))
+ s.renderForgotPwdPage(w, r, util.NewI18nError(err, util.I18nErrorPwdResetGeneric), ipAddr)
return
}
http.Redirect(w, r, webAdminResetPwdPath, http.StatusFound)
@@ -2926,17 +2805,17 @@ func (s *httpdServer) handleWebAdminPasswordReset(w http.ResponseWriter, r *http
s.renderNotFoundPage(w, r, errors.New("this page does not exist"))
return
}
- s.renderResetPwdPage(w, r, nil)
+ s.renderResetPwdPage(w, r, nil, util.GetIPFromRemoteAddress(r.RemoteAddr))
}
func (s *httpdServer) handleWebAdminTwoFactor(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- s.renderTwoFactorPage(w, r, nil)
+ s.renderTwoFactorPage(w, r, nil, util.GetIPFromRemoteAddress(r.RemoteAddr))
}
func (s *httpdServer) handleWebAdminTwoFactorRecovery(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- s.renderTwoFactorRecoveryPage(w, r, nil)
+ s.renderTwoFactorRecoveryPage(w, r, nil, util.GetIPFromRemoteAddress(r.RemoteAddr))
}
func (s *httpdServer) handleWebAdminMFA(w http.ResponseWriter, r *http.Request) {
@@ -2962,11 +2841,11 @@ func (s *httpdServer) handleWebAdminProfilePost(w http.ResponseWriter, r *http.R
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderProfilePage(w, r, util.NewI18nError(err, util.I18nErrorInvalidToken))
return
@@ -2994,7 +2873,7 @@ func (s *httpdServer) handleWebMaintenance(w http.ResponseWriter, r *http.Reques
func (s *httpdServer) handleWebRestore(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, MaxRestoreSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -3007,7 +2886,7 @@ func (s *httpdServer) handleWebRestore(w http.ResponseWriter, r *http.Request) {
defer r.MultipartForm.RemoveAll() //nolint:errcheck
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -3047,7 +2926,7 @@ func (s *httpdServer) handleWebRestore(w http.ResponseWriter, r *http.Request) {
func getAllAdmins(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, nil, util.I18nErrorInvalidToken, http.StatusForbidden)
return
@@ -3068,7 +2947,7 @@ func getAllAdmins(w http.ResponseWriter, r *http.Request) {
func (s *httpdServer) handleGetWebAdmins(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- data := s.getBasePageData(util.I18nAdminsTitle, webAdminsPath, w, r)
+ data := s.getBasePageData(util.I18nAdminsTitle, webAdminsPath, r)
renderAdminTemplate(w, templateAdmins, data)
}
@@ -3078,7 +2957,7 @@ func (s *httpdServer) handleWebAdminSetupGet(w http.ResponseWriter, r *http.Requ
http.Redirect(w, r, webAdminLoginPath, http.StatusFound)
return
}
- s.renderAdminSetupPage(w, r, "", nil)
+ s.renderAdminSetupPage(w, r, "", util.GetIPFromRemoteAddress(r.RemoteAddr), nil)
}
func (s *httpdServer) handleWebAddAdminGet(w http.ResponseWriter, r *http.Request) {
@@ -3105,7 +2984,7 @@ func (s *httpdServer) handleWebUpdateAdminGet(w http.ResponseWriter, r *http.Req
func (s *httpdServer) handleWebAddAdminPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -3115,15 +2994,11 @@ func (s *httpdServer) handleWebAddAdminPost(w http.ResponseWriter, r *http.Reque
s.renderAddUpdateAdminPage(w, r, &admin, err, true)
return
}
- if admin.Password == "" {
- // Administrators can be used with OpenID Connect or for authentication
- // via API key, in these cases the password is not necessary, we create
- // a non-usable one. This feature is only useful for WebAdmin, in REST
- // API you can create an unusable password externally.
+ if admin.Password == "" && s.binding.isWebAdminLoginFormDisabled() {
admin.Password = util.GenerateUniqueID()
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -3154,7 +3029,7 @@ func (s *httpdServer) handleWebUpdateAdminPost(w http.ResponseWriter, r *http.Re
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -3165,7 +3040,7 @@ func (s *httpdServer) handleWebUpdateAdminPost(w http.ResponseWriter, r *http.Re
}
updatedAdmin.Filters.TOTPConfig = admin.Filters.TOTPConfig
updatedAdmin.Filters.RecoveryCodes = admin.Filters.RecoveryCodes
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderAddUpdateAdminPage(w, r, &updatedAdmin, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken), false)
return
@@ -3207,7 +3082,7 @@ func (s *httpdServer) handleWebUpdateAdminPost(w http.ResponseWriter, r *http.Re
func (s *httpdServer) handleWebDefenderPage(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
data := defenderHostsPage{
- basePage: s.getBasePageData(util.I18nDefenderTitle, webDefenderPath, w, r),
+ basePage: s.getBasePageData(util.I18nDefenderTitle, webDefenderPath, r),
DefenderHostsURL: webDefenderHostsPath,
}
@@ -3216,7 +3091,7 @@ func (s *httpdServer) handleWebDefenderPage(w http.ResponseWriter, r *http.Reque
func getAllUsers(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, nil, util.I18nErrorInvalidToken, http.StatusForbidden)
return
@@ -3236,12 +3111,12 @@ func getAllUsers(w http.ResponseWriter, r *http.Request) {
func (s *httpdServer) handleGetWebUsers(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
}
- data := s.getBasePageData(util.I18nUsersTitle, webUsersPath, w, r)
+ data := s.getBasePageData(util.I18nUsersTitle, webUsersPath, r)
renderAdminTemplate(w, templateUsers, data)
}
@@ -3266,7 +3141,7 @@ func (s *httpdServer) handleWebTemplateFolderGet(w http.ResponseWriter, r *http.
func (s *httpdServer) handleWebTemplateFolderPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -3280,7 +3155,7 @@ func (s *httpdServer) handleWebTemplateFolderPost(w http.ResponseWriter, r *http
defer r.MultipartForm.RemoveAll() //nolint:errcheck
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -3295,6 +3170,7 @@ func (s *httpdServer) handleWebTemplateFolderPost(w http.ResponseWriter, r *http
templateFolder.FsConfig = fsConfig
var dump dataprovider.BackupData
+ dump.Version = dataprovider.DumpVersion
foldersFields := getFoldersForTemplate(r)
for _, tmpl := range foldersFields {
@@ -3314,6 +3190,12 @@ func (s *httpdServer) handleWebTemplateFolderPost(w http.ResponseWriter, r *http
), "")
return
}
+ if r.Form.Get("form_action") == "export_from_template" {
+ w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"sftpgo-%v-folders-from-template.json\"",
+ len(dump.Folders)))
+ render.JSON(w, r, dump)
+ return
+ }
if err = RestoreFolders(dump.Folders, "", 1, 0, claims.Username, ipAddr, claims.Role); err != nil {
s.renderMessagePage(w, r, util.I18nTemplateFolderTitle, getRespStatus(err), err, "")
return
@@ -3336,7 +3218,6 @@ func (s *httpdServer) handleWebTemplateUserGet(w http.ResponseWriter, r *http.Re
user.SetEmptySecrets()
user.PublicKeys = nil
user.Email = ""
- user.Filters.AdditionalEmails = nil
user.Description = ""
if user.ExpirationDate == 0 && admin.Filters.Preferences.DefaultUsersExpiration > 0 {
user.ExpirationDate = util.GetTimeAsMsSinceEpoch(time.Now().Add(24 * time.Hour * time.Duration(admin.Filters.Preferences.DefaultUsersExpiration)))
@@ -3363,7 +3244,7 @@ func (s *httpdServer) handleWebTemplateUserGet(w http.ResponseWriter, r *http.Re
func (s *httpdServer) handleWebTemplateUserPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -3374,12 +3255,13 @@ func (s *httpdServer) handleWebTemplateUserPost(w http.ResponseWriter, r *http.R
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
var dump dataprovider.BackupData
+ dump.Version = dataprovider.DumpVersion
userTmplFields := getUsersForTemplate(r)
for _, tmpl := range userTmplFields {
@@ -3388,10 +3270,14 @@ func (s *httpdServer) handleWebTemplateUserPost(w http.ResponseWriter, r *http.R
s.renderMessagePage(w, r, util.I18nTemplateUserTitle, http.StatusBadRequest, err, "")
return
}
- if claims.Role != "" {
- u.Role = claims.Role
- }
+ // to create a template the "*" permission is required, so role admins cannot use
+ // this method, we don't need to force the role
dump.Users = append(dump.Users, u)
+ for _, folder := range u.VirtualFolders {
+ if !dump.HasFolder(folder.Name) {
+ dump.Folders = append(dump.Folders, folder.BaseVirtualFolder)
+ }
+ }
}
if len(dump.Users) == 0 {
@@ -3402,6 +3288,12 @@ func (s *httpdServer) handleWebTemplateUserPost(w http.ResponseWriter, r *http.R
), "")
return
}
+ if r.Form.Get("form_action") == "export_from_template" {
+ w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"sftpgo-%v-users-from-template.json\"",
+ len(dump.Users)))
+ render.JSON(w, r, dump)
+ return
+ }
if err = RestoreUsers(dump.Users, "", 1, 0, claims.Username, ipAddr, claims.Role); err != nil {
s.renderMessagePage(w, r, util.I18nTemplateUserTitle, getRespStatus(err), err, "")
return
@@ -3431,7 +3323,7 @@ func (s *httpdServer) handleWebAddUserGet(w http.ResponseWriter, r *http.Request
func (s *httpdServer) handleWebUpdateUserGet(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -3449,7 +3341,7 @@ func (s *httpdServer) handleWebUpdateUserGet(w http.ResponseWriter, r *http.Requ
func (s *httpdServer) handleWebAddUserPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -3460,15 +3352,14 @@ func (s *httpdServer) handleWebAddUserPost(w http.ResponseWriter, r *http.Reques
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
user = getUserFromTemplate(user, userTemplateFields{
- Username: user.Username,
- Password: user.Password,
- PublicKeys: user.PublicKeys,
- RequirePwdChange: user.Filters.RequirePasswordChange,
+ Username: user.Username,
+ Password: user.Password,
+ PublicKeys: user.PublicKeys,
})
if claims.Role != "" {
user.Role = claims.Role
@@ -3487,7 +3378,7 @@ func (s *httpdServer) handleWebAddUserPost(w http.ResponseWriter, r *http.Reques
func (s *httpdServer) handleWebUpdateUserPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -3507,7 +3398,7 @@ func (s *httpdServer) handleWebUpdateUserPost(w http.ResponseWriter, r *http.Req
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -3523,10 +3414,9 @@ func (s *httpdServer) handleWebUpdateUserPost(w http.ResponseWriter, r *http.Req
updateEncryptedSecrets(&updatedUser.FsConfig, &user.FsConfig)
updatedUser = getUserFromTemplate(updatedUser, userTemplateFields{
- Username: updatedUser.Username,
- Password: updatedUser.Password,
- PublicKeys: updatedUser.PublicKeys,
- RequirePwdChange: updatedUser.Filters.RequirePasswordChange,
+ Username: updatedUser.Username,
+ Password: updatedUser.Password,
+ PublicKeys: updatedUser.PublicKeys,
})
if claims.Role != "" {
updatedUser.Role = claims.Role
@@ -3546,7 +3436,7 @@ func (s *httpdServer) handleWebUpdateUserPost(w http.ResponseWriter, r *http.Req
func (s *httpdServer) handleWebGetStatus(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
data := statusPage{
- basePage: s.getBasePageData(util.I18nStatusTitle, webStatusPath, w, r),
+ basePage: s.getBasePageData(util.I18nStatusTitle, webStatusPath, r),
Status: getServicesStatus(),
}
renderAdminTemplate(w, templateStatus, data)
@@ -3554,13 +3444,13 @@ func (s *httpdServer) handleWebGetStatus(w http.ResponseWriter, r *http.Request)
func (s *httpdServer) handleWebGetConnections(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
}
- data := s.getBasePageData(util.I18nSessionsTitle, webConnectionsPath, w, r)
+ data := s.getBasePageData(util.I18nSessionsTitle, webConnectionsPath, r)
renderAdminTemplate(w, templateConnections, data)
}
@@ -3571,7 +3461,7 @@ func (s *httpdServer) handleWebAddFolderGet(w http.ResponseWriter, r *http.Reque
func (s *httpdServer) handleWebAddFolderPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -3585,7 +3475,7 @@ func (s *httpdServer) handleWebAddFolderPost(w http.ResponseWriter, r *http.Requ
defer r.MultipartForm.RemoveAll() //nolint:errcheck
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -3623,7 +3513,7 @@ func (s *httpdServer) handleWebUpdateFolderGet(w http.ResponseWriter, r *http.Re
func (s *httpdServer) handleWebUpdateFolderPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -3646,7 +3536,7 @@ func (s *httpdServer) handleWebUpdateFolderPost(w http.ResponseWriter, r *http.R
defer r.MultipartForm.RemoveAll() //nolint:errcheck
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -3709,7 +3599,7 @@ func getAllFolders(w http.ResponseWriter, r *http.Request) {
func (s *httpdServer) handleWebGetFolders(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- data := s.getBasePageData(util.I18nFoldersTitle, webFoldersPath, w, r)
+ data := s.getBasePageData(util.I18nFoldersTitle, webFoldersPath, r)
renderAdminTemplate(w, templateFolders, data)
}
@@ -3747,7 +3637,7 @@ func getAllGroups(w http.ResponseWriter, r *http.Request) {
func (s *httpdServer) handleWebGetGroups(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- data := s.getBasePageData(util.I18nGroupsTitle, webGroupsPath, w, r)
+ data := s.getBasePageData(util.I18nGroupsTitle, webGroupsPath, r)
renderAdminTemplate(w, templateGroups, data)
}
@@ -3758,7 +3648,7 @@ func (s *httpdServer) handleWebAddGroupGet(w http.ResponseWriter, r *http.Reques
func (s *httpdServer) handleWebAddGroupPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -3769,7 +3659,7 @@ func (s *httpdServer) handleWebAddGroupPost(w http.ResponseWriter, r *http.Reque
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -3796,7 +3686,7 @@ func (s *httpdServer) handleWebUpdateGroupGet(w http.ResponseWriter, r *http.Req
func (s *httpdServer) handleWebUpdateGroupPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -3816,7 +3706,7 @@ func (s *httpdServer) handleWebUpdateGroupPost(w http.ResponseWriter, r *http.Re
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -3869,7 +3759,7 @@ func getAllActions(w http.ResponseWriter, r *http.Request) {
func (s *httpdServer) handleWebGetEventActions(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- data := s.getBasePageData(util.I18nActionsTitle, webAdminEventActionsPath, w, r)
+ data := s.getBasePageData(util.I18nActionsTitle, webAdminEventActionsPath, r)
renderAdminTemplate(w, templateEventActions, data)
}
@@ -3883,7 +3773,7 @@ func (s *httpdServer) handleWebAddEventActionGet(w http.ResponseWriter, r *http.
func (s *httpdServer) handleWebAddEventActionPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -3894,7 +3784,7 @@ func (s *httpdServer) handleWebAddEventActionPost(w http.ResponseWriter, r *http
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -3920,7 +3810,7 @@ func (s *httpdServer) handleWebUpdateEventActionGet(w http.ResponseWriter, r *ht
func (s *httpdServer) handleWebUpdateEventActionPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -3940,7 +3830,7 @@ func (s *httpdServer) handleWebUpdateEventActionPost(w http.ResponseWriter, r *h
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -3979,7 +3869,7 @@ func getAllRules(w http.ResponseWriter, r *http.Request) {
func (s *httpdServer) handleWebGetEventRules(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- data := s.getBasePageData(util.I18nRulesTitle, webAdminEventRulesPath, w, r)
+ data := s.getBasePageData(util.I18nRulesTitle, webAdminEventRulesPath, r)
renderAdminTemplate(w, templateEventRules, data)
}
@@ -3994,7 +3884,7 @@ func (s *httpdServer) handleWebAddEventRuleGet(w http.ResponseWriter, r *http.Re
func (s *httpdServer) handleWebAddEventRulePost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -4005,7 +3895,7 @@ func (s *httpdServer) handleWebAddEventRulePost(w http.ResponseWriter, r *http.R
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- err = verifyCSRFToken(r, s.csrfTokenAuth)
+ err = verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr)
if err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
@@ -4032,7 +3922,7 @@ func (s *httpdServer) handleWebUpdateEventRuleGet(w http.ResponseWriter, r *http
func (s *httpdServer) handleWebUpdateEventRulePost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -4052,7 +3942,7 @@ func (s *httpdServer) handleWebUpdateEventRulePost(w http.ResponseWriter, r *htt
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -4099,7 +3989,7 @@ func getAllRoles(w http.ResponseWriter, r *http.Request) {
func (s *httpdServer) handleWebGetRoles(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- data := s.getBasePageData(util.I18nRolesTitle, webAdminRolesPath, w, r)
+ data := s.getBasePageData(util.I18nRolesTitle, webAdminRolesPath, r)
renderAdminTemplate(w, templateRoles, data)
}
@@ -4116,13 +4006,13 @@ func (s *httpdServer) handleWebAddRolePost(w http.ResponseWriter, r *http.Reques
s.renderRolePage(w, r, role, genericPageModeAdd, err)
return
}
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -4148,7 +4038,7 @@ func (s *httpdServer) handleWebUpdateRoleGet(w http.ResponseWriter, r *http.Requ
func (s *httpdServer) handleWebUpdateRolePost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -4168,7 +4058,7 @@ func (s *httpdServer) handleWebUpdateRolePost(w http.ResponseWriter, r *http.Req
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -4186,7 +4076,7 @@ func (s *httpdServer) handleWebGetEvents(w http.ResponseWriter, r *http.Request)
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
data := eventsPage{
- basePage: s.getBasePageData(util.I18nEventsTitle, webEventsPath, w, r),
+ basePage: s.getBasePageData(util.I18nEventsTitle, webEventsPath, r),
FsEventsSearchURL: webEventsFsSearchPath,
ProviderEventsSearchURL: webEventsProviderSearchPath,
LogEventsSearchURL: webEventsLogSearchPath,
@@ -4198,7 +4088,7 @@ func (s *httpdServer) handleWebIPListsPage(w http.ResponseWriter, r *http.Reques
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
rtlStatus, rtlProtocols := common.Config.GetRateLimitersStatus()
data := ipListsPage{
- basePage: s.getBasePageData(util.I18nIPListsTitle, webIPListsPath, w, r),
+ basePage: s.getBasePageData(util.I18nIPListsTitle, webIPListsPath, r),
RateLimitersStatus: rtlStatus,
RateLimitersProtocols: strings.Join(rtlProtocols, ", "),
IsAllowListEnabled: common.Config.IsAllowListEnabled(),
@@ -4230,13 +4120,13 @@ func (s *httpdServer) handleWebAddIPListEntryPost(w http.ResponseWriter, r *http
return
}
entry.Type = listType
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -4267,7 +4157,7 @@ func (s *httpdServer) handleWebUpdateIPListEntryGet(w http.ResponseWriter, r *ht
func (s *httpdServer) handleWebUpdateIPListEntryPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -4291,7 +4181,7 @@ func (s *httpdServer) handleWebUpdateIPListEntryPost(w http.ResponseWriter, r *h
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -4317,7 +4207,7 @@ func (s *httpdServer) handleWebConfigs(w http.ResponseWriter, r *http.Request) {
func (s *httpdServer) handleWebConfigsPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -4327,15 +4217,13 @@ func (s *httpdServer) handleWebConfigsPost(w http.ResponseWriter, r *http.Reques
s.renderInternalServerErrorPage(w, r, err)
return
}
- err = r.ParseMultipartForm(maxRequestSize)
+ err = r.ParseForm()
if err != nil {
s.renderBadRequestPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm))
return
}
- defer r.MultipartForm.RemoveAll() //nolint:errcheck
-
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -4359,15 +4247,6 @@ func (s *httpdServer) handleWebConfigsPost(w http.ResponseWriter, r *http.Reques
smtpConfigs := getSMTPConfigsFromPostFields(r)
updateSMTPSecrets(smtpConfigs, configs.SMTP)
configs.SMTP = smtpConfigs
- case "branding_submit":
- configSection = 4
- brandingConfigs, err := getBrandingConfigFromPostFields(r, configs.Branding)
- configs.Branding = brandingConfigs
- if err != nil {
- logger.Info(logSender, "", "unable to get branding config: %v", err)
- s.renderConfigsPage(w, r, configs, err, configSection)
- return
- }
default:
s.renderBadRequestPage(w, r, errors.New("unsupported form action"))
return
@@ -4378,22 +4257,15 @@ func (s *httpdServer) handleWebConfigsPost(w http.ResponseWriter, r *http.Reques
s.renderConfigsPage(w, r, configs, err, configSection)
return
}
- postConfigsUpdate(configSection, configs)
- s.renderMessagePage(w, r, util.I18nConfigsTitle, http.StatusOK, nil, util.I18nConfigsOK)
-}
-
-func postConfigsUpdate(section int, configs dataprovider.Configs) {
- switch section {
- case 3:
+ if configSection == 3 {
err := configs.SMTP.TryDecrypt()
if err == nil {
smtp.Activate(configs.SMTP)
} else {
logger.Error(logSender, "", "unable to decrypt SMTP configuration, cannot activate configuration: %v", err)
}
- case 4:
- dbBrandingConfig.Set(configs.Branding)
}
+ s.renderMessagePage(w, r, util.I18nConfigsTitle, http.StatusOK, nil, util.I18nConfigsOK)
}
func (s *httpdServer) handleOAuth2TokenRedirect(w http.ResponseWriter, r *http.Request) {
@@ -4401,7 +4273,7 @@ func (s *httpdServer) handleOAuth2TokenRedirect(w http.ResponseWriter, r *http.R
stateToken := r.URL.Query().Get("state")
- state, err := verifyOAuth2Token(s.csrfTokenAuth, stateToken, util.GetIPFromRemoteAddress(r.RemoteAddr))
+ state, err := verifyOAuth2Token(stateToken, util.GetIPFromRemoteAddress(r.RemoteAddr))
if err != nil {
s.renderMessagePage(w, r, util.I18nOAuth2ErrorTitle, http.StatusBadRequest, err, "")
return
@@ -4426,7 +4298,7 @@ func (s *httpdServer) handleOAuth2TokenRedirect(w http.ResponseWriter, r *http.R
cfg := oauth2Config.GetOAuth2()
cfg.RedirectURL = pendingAuth.RedirectURL
- token, err := cfg.Exchange(ctx, r.URL.Query().Get("code"), oauth2.VerifierOption(pendingAuth.Verifier))
+ token, err := cfg.Exchange(ctx, r.URL.Query().Get("code"))
if err != nil {
s.renderMessagePage(w, r, util.I18nOAuth2ErrorTitle, http.StatusInternalServerError,
util.NewI18nError(err, util.I18nOAuth2ErrTokenExchange), "")
diff --git a/internal/httpd/webclient.go b/internal/httpd/webclient.go
index 71aba2ce..10fd2c49 100644
--- a/internal/httpd/webclient.go
+++ b/internal/httpd/webclient.go
@@ -16,7 +16,6 @@ package httpd
import (
"bytes"
- "crypto/rand"
"encoding/json"
"errors"
"fmt"
@@ -28,7 +27,6 @@ import (
"os"
"path"
"path/filepath"
- "slices"
"strconv"
"strings"
"time"
@@ -39,7 +37,6 @@ import (
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
- "github.com/drakkan/sftpgo/v2/internal/jwt"
"github.com/drakkan/sftpgo/v2/internal/logger"
"github.com/drakkan/sftpgo/v2/internal/mfa"
"github.com/drakkan/sftpgo/v2/internal/smtp"
@@ -84,23 +81,21 @@ func isZeroTime(t time.Time) bool {
type baseClientPage struct {
commonBasePage
- Title string
- CurrentURL string
- FilesURL string
- SharesURL string
- ShareURL string
- ProfileURL string
- PingURL string
- ChangePwdURL string
- LogoutURL string
- LoginURL string
- EditURL string
- MFAURL string
- CSRFToken string
- LoggedUser *dataprovider.User
- IsLoggedToShare bool
- Branding UIBranding
- Languages []string
+ Title string
+ CurrentURL string
+ FilesURL string
+ SharesURL string
+ ShareURL string
+ ProfileURL string
+ PingURL string
+ ChangePwdURL string
+ LogoutURL string
+ LoginURL string
+ EditURL string
+ MFAURL string
+ CSRFToken string
+ LoggedUser *dataprovider.User
+ Branding UIBranding
}
type dirMapping struct {
@@ -110,10 +105,9 @@ type dirMapping struct {
type viewPDFPage struct {
commonBasePage
- Title string
- URL string
- Branding UIBranding
- Languages []string
+ Title string
+ URL string
+ Branding UIBranding
}
type editFilePage struct {
@@ -147,18 +141,15 @@ type filesPage struct {
Error *util.I18nError
Paths []dirMapping
QuotaUsage *userQuotaUsage
- KeepAliveInterval int
}
type shareLoginPage struct {
commonBasePage
- CurrentURL string
- Error *util.I18nError
- CSRFToken string
- Title string
- Branding UIBranding
- Languages []string
- CheckRedirect bool
+ CurrentURL string
+ Error *util.I18nError
+ CSRFToken string
+ Title string
+ Branding UIBranding
}
type shareDownloadPage struct {
@@ -181,15 +172,13 @@ type clientMessagePage struct {
type clientProfilePage struct {
baseClientPage
- PublicKeys []string
- TLSCerts []string
- CanSubmit bool
- AllowAPIKeyAuth bool
- Email string
- AdditionalEmails []string
- AdditionalEmailsString string
- Description string
- Error *util.I18nError
+ PublicKeys []string
+ TLSCerts []string
+ CanSubmit bool
+ AllowAPIKeyAuth bool
+ Email string
+ Description string
+ Error *util.I18nError
}
type changeClientPasswordPage struct {
@@ -212,7 +201,6 @@ type clientMFAPage struct {
type clientSharesPage struct {
baseClientPage
BasePublicSharesURL string
- BaseURL string
}
type clientSharePage struct {
@@ -535,30 +523,28 @@ func loadClientTemplates(templatesPath string) {
clientTemplates[templateShareDownload] = shareDownloadTmpl
}
-func (s *httpdServer) getBaseClientPageData(title, currentURL string, w http.ResponseWriter, r *http.Request) baseClientPage {
+func (s *httpdServer) getBaseClientPageData(title, currentURL string, r *http.Request) baseClientPage {
var csrfToken string
if currentURL != "" {
- csrfToken = createCSRFToken(w, r, s.csrfTokenAuth, "", webBaseClientPath)
+ csrfToken = createCSRFToken(util.GetIPFromRemoteAddress(r.RemoteAddr))
}
data := baseClientPage{
- commonBasePage: getCommonBasePage(r),
- Title: title,
- CurrentURL: currentURL,
- FilesURL: webClientFilesPath,
- SharesURL: webClientSharesPath,
- ShareURL: webClientSharePath,
- ProfileURL: webClientProfilePath,
- PingURL: webClientPingPath,
- ChangePwdURL: webChangeClientPwdPath,
- LogoutURL: webClientLogoutPath,
- EditURL: webClientEditFilePath,
- MFAURL: webClientMFAPath,
- CSRFToken: csrfToken,
- LoggedUser: getUserFromToken(r),
- IsLoggedToShare: false,
- Branding: s.binding.webClientBranding(),
- Languages: s.binding.languages(),
+ commonBasePage: getCommonBasePage(r),
+ Title: title,
+ CurrentURL: currentURL,
+ FilesURL: webClientFilesPath,
+ SharesURL: webClientSharesPath,
+ ShareURL: webClientSharePath,
+ ProfileURL: webClientProfilePath,
+ PingURL: webClientPingPath,
+ ChangePwdURL: webChangeClientPwdPath,
+ LogoutURL: webClientLogoutPath,
+ EditURL: webClientEditFilePath,
+ MFAURL: webClientMFAPath,
+ CSRFToken: csrfToken,
+ LoggedUser: getUserFromToken(r),
+ Branding: s.binding.Branding.WebClient,
}
if !strings.HasPrefix(r.RequestURI, webClientPubSharesPath) {
data.LoginURL = webClientLoginPath
@@ -566,44 +552,40 @@ func (s *httpdServer) getBaseClientPageData(title, currentURL string, w http.Res
return data
}
-func (s *httpdServer) renderClientForgotPwdPage(w http.ResponseWriter, r *http.Request, err *util.I18nError) {
+func (s *httpdServer) renderClientForgotPwdPage(w http.ResponseWriter, r *http.Request, err *util.I18nError, ip string) {
data := forgotPwdPage{
commonBasePage: getCommonBasePage(r),
CurrentURL: webClientForgotPwdPath,
Error: err,
- CSRFToken: createCSRFToken(w, r, s.csrfTokenAuth, rand.Text(), webBaseClientPath),
+ CSRFToken: createCSRFToken(ip),
LoginURL: webClientLoginPath,
Title: util.I18nForgotPwdTitle,
- Branding: s.binding.webClientBranding(),
- Languages: s.binding.languages(),
+ Branding: s.binding.Branding.WebClient,
}
renderClientTemplate(w, templateForgotPassword, data)
}
-func (s *httpdServer) renderClientResetPwdPage(w http.ResponseWriter, r *http.Request, err *util.I18nError) {
+func (s *httpdServer) renderClientResetPwdPage(w http.ResponseWriter, r *http.Request, err *util.I18nError, ip string) {
data := resetPwdPage{
commonBasePage: getCommonBasePage(r),
CurrentURL: webClientResetPwdPath,
Error: err,
- CSRFToken: createCSRFToken(w, r, s.csrfTokenAuth, "", webBaseClientPath),
+ CSRFToken: createCSRFToken(ip),
LoginURL: webClientLoginPath,
Title: util.I18nResetPwdTitle,
- Branding: s.binding.webClientBranding(),
- Languages: s.binding.languages(),
+ Branding: s.binding.Branding.WebClient,
}
renderClientTemplate(w, templateResetPassword, data)
}
-func (s *httpdServer) renderShareLoginPage(w http.ResponseWriter, r *http.Request, err *util.I18nError) {
+func (s *httpdServer) renderShareLoginPage(w http.ResponseWriter, r *http.Request, err *util.I18nError, ip string) {
data := shareLoginPage{
commonBasePage: getCommonBasePage(r),
Title: util.I18nShareLoginTitle,
CurrentURL: r.RequestURI,
Error: err,
- CSRFToken: createCSRFToken(w, r, s.csrfTokenAuth, rand.Text(), webBaseClientPath),
- Branding: s.binding.webClientBranding(),
- Languages: s.binding.languages(),
- CheckRedirect: false,
+ CSRFToken: createCSRFToken(ip),
+ Branding: s.binding.Branding.WebClient,
}
renderClientTemplate(w, templateShareLogin, data)
}
@@ -617,7 +599,7 @@ func renderClientTemplate(w http.ResponseWriter, tmplName string, data any) {
func (s *httpdServer) renderClientMessagePage(w http.ResponseWriter, r *http.Request, title string, statusCode int, err error, message string) {
data := clientMessagePage{
- baseClientPage: s.getBaseClientPageData(title, "", w, r),
+ baseClientPage: s.getBaseClientPageData(title, "", r),
Error: getI18nError(err),
Success: message,
}
@@ -645,16 +627,15 @@ func (s *httpdServer) renderClientNotFoundPage(w http.ResponseWriter, r *http.Re
util.NewI18nError(err, util.I18nError404Message), "")
}
-func (s *httpdServer) renderClientTwoFactorPage(w http.ResponseWriter, r *http.Request, err *util.I18nError) {
+func (s *httpdServer) renderClientTwoFactorPage(w http.ResponseWriter, r *http.Request, err *util.I18nError, ip string) {
data := twoFactorPage{
commonBasePage: getCommonBasePage(r),
- Title: util.I18n2FATitle,
+ Title: pageTwoFactorTitle,
CurrentURL: webClientTwoFactorPath,
Error: err,
- CSRFToken: createCSRFToken(w, r, s.csrfTokenAuth, "", webBaseClientPath),
+ CSRFToken: createCSRFToken(ip),
RecoveryURL: webClientTwoFactorRecoveryPath,
- Branding: s.binding.webClientBranding(),
- Languages: s.binding.languages(),
+ Branding: s.binding.Branding.WebClient,
}
if next := r.URL.Query().Get("next"); strings.HasPrefix(next, webClientFilesPath) {
data.CurrentURL += "?next=" + url.QueryEscape(next)
@@ -662,22 +643,21 @@ func (s *httpdServer) renderClientTwoFactorPage(w http.ResponseWriter, r *http.R
renderClientTemplate(w, templateTwoFactor, data)
}
-func (s *httpdServer) renderClientTwoFactorRecoveryPage(w http.ResponseWriter, r *http.Request, err *util.I18nError) {
+func (s *httpdServer) renderClientTwoFactorRecoveryPage(w http.ResponseWriter, r *http.Request, err *util.I18nError, ip string) {
data := twoFactorPage{
commonBasePage: getCommonBasePage(r),
- Title: util.I18n2FATitle,
+ Title: pageTwoFactorRecoveryTitle,
CurrentURL: webClientTwoFactorRecoveryPath,
Error: err,
- CSRFToken: createCSRFToken(w, r, s.csrfTokenAuth, "", webBaseClientPath),
- Branding: s.binding.webClientBranding(),
- Languages: s.binding.languages(),
+ CSRFToken: createCSRFToken(ip),
+ Branding: s.binding.Branding.WebClient,
}
renderClientTemplate(w, templateTwoFactorRecovery, data)
}
func (s *httpdServer) renderClientMFAPage(w http.ResponseWriter, r *http.Request) {
data := clientMFAPage{
- baseClientPage: s.getBaseClientPageData(util.I18n2FATitle, webClientMFAPath, w, r),
+ baseClientPage: s.getBaseClientPageData(util.I18n2FATitle, webClientMFAPath, r),
TOTPConfigs: mfa.GetAvailableTOTPConfigNames(),
GenerateTOTPURL: webClientTOTPGeneratePath,
ValidateTOTPURL: webClientTOTPValidatePath,
@@ -701,7 +681,7 @@ func (s *httpdServer) renderEditFilePage(w http.ResponseWriter, r *http.Request,
title = util.I18nEditFileTitle
}
data := editFilePage{
- baseClientPage: s.getBaseClientPageData(title, webClientEditFilePath, w, r),
+ baseClientPage: s.getBaseClientPageData(title, webClientEditFilePath, r),
Path: fileName,
Name: path.Base(fileName),
CurrentDir: path.Dir(fileName),
@@ -721,11 +701,8 @@ func (s *httpdServer) renderAddUpdateSharePage(w http.ResponseWriter, r *http.Re
currentURL = fmt.Sprintf("%v/%v", webClientSharePath, url.PathEscape(share.ShareID))
title = util.I18nShareUpdateTitle
}
- if share.IsPasswordHashed() {
- share.Password = redactedSecret
- }
data := clientSharePage{
- baseClientPage: s.getBaseClientPageData(title, currentURL, w, r),
+ baseClientPage: s.getBaseClientPageData(title, currentURL, r),
Share: share,
Error: err,
IsAdd: isAdd,
@@ -759,11 +736,9 @@ func (s *httpdServer) renderSharedFilesPage(w http.ResponseWriter, r *http.Reque
err *util.I18nError, share dataprovider.Share,
) {
currentURL := path.Join(webClientPubSharesPath, share.ShareID, "browse")
- baseData := s.getBaseClientPageData(util.I18nSharedFilesTitle, currentURL, w, r)
+ baseData := s.getBaseClientPageData(util.I18nSharedFilesTitle, currentURL, r)
baseData.FilesURL = currentURL
baseSharePath := path.Join(webClientPubSharesPath, share.ShareID)
- baseData.LogoutURL = path.Join(webClientPubSharesPath, share.ShareID, "logout")
- baseData.IsLoggedToShare = share.Password != ""
data := filesPage{
baseClientPage: baseData,
@@ -787,44 +762,32 @@ func (s *httpdServer) renderSharedFilesPage(w http.ResponseWriter, r *http.Reque
CanCopy: false,
Paths: getDirMapping(dirName, currentURL),
QuotaUsage: newUserQuotaUsage(&dataprovider.User{}),
- KeepAliveInterval: int(cookieRefreshThreshold / time.Millisecond),
}
renderClientTemplate(w, templateClientFiles, data)
}
-func (s *httpdServer) renderShareDownloadPage(w http.ResponseWriter, r *http.Request, share *dataprovider.Share,
- downloadLink string,
-) {
+func (s *httpdServer) renderShareDownloadPage(w http.ResponseWriter, r *http.Request, downloadLink string) {
data := shareDownloadPage{
- baseClientPage: s.getBaseClientPageData(util.I18nShareDownloadTitle, "", w, r),
+ baseClientPage: s.getBaseClientPageData(util.I18nShareDownloadTitle, "", r),
DownloadLink: downloadLink,
}
- data.LogoutURL = ""
- if share.Password != "" {
- data.LogoutURL = path.Join(webClientPubSharesPath, share.ShareID, "logout")
- }
-
renderClientTemplate(w, templateShareDownload, data)
}
-func (s *httpdServer) renderUploadToSharePage(w http.ResponseWriter, r *http.Request, share *dataprovider.Share) {
+func (s *httpdServer) renderUploadToSharePage(w http.ResponseWriter, r *http.Request, share dataprovider.Share) {
currentURL := path.Join(webClientPubSharesPath, share.ShareID, "upload")
data := shareUploadPage{
- baseClientPage: s.getBaseClientPageData(util.I18nShareUploadTitle, currentURL, w, r),
- Share: share,
+ baseClientPage: s.getBaseClientPageData(util.I18nShareUploadTitle, currentURL, r),
+ Share: &share,
UploadBasePath: path.Join(webClientPubSharesPath, share.ShareID),
}
- data.LogoutURL = ""
- if share.Password != "" {
- data.LogoutURL = path.Join(webClientPubSharesPath, share.ShareID, "logout")
- }
renderClientTemplate(w, templateUploadToShare, data)
}
func (s *httpdServer) renderFilesPage(w http.ResponseWriter, r *http.Request, dirName string,
err *util.I18nError, user *dataprovider.User) {
data := filesPage{
- baseClientPage: s.getBaseClientPageData(util.I18nFilesTitle, webClientFilesPath, w, r),
+ baseClientPage: s.getBaseClientPageData(util.I18nFilesTitle, webClientFilesPath, r),
Error: err,
CurrentDir: url.QueryEscape(dirName),
DownloadURL: webClientDownloadZipPath,
@@ -844,14 +807,13 @@ func (s *httpdServer) renderFilesPage(w http.ResponseWriter, r *http.Request, di
ShareUploadBaseURL: "",
Paths: getDirMapping(dirName, webClientFilesPath),
QuotaUsage: newUserQuotaUsage(user),
- KeepAliveInterval: int(cookieRefreshThreshold / time.Millisecond),
}
renderClientTemplate(w, templateClientFiles, data)
}
func (s *httpdServer) renderClientProfilePage(w http.ResponseWriter, r *http.Request, err *util.I18nError) {
data := clientProfilePage{
- baseClientPage: s.getBaseClientPageData(util.I18nProfileTitle, webClientProfilePath, w, r),
+ baseClientPage: s.getBaseClientPageData(util.I18nProfileTitle, webClientProfilePath, r),
Error: err,
}
user, userMerged, errUser := dataprovider.GetUserVariants(data.LoggedUser.Username, "")
@@ -863,8 +825,6 @@ func (s *httpdServer) renderClientProfilePage(w http.ResponseWriter, r *http.Req
data.TLSCerts = user.Filters.TLSCerts
data.AllowAPIKeyAuth = user.Filters.AllowAPIKeyAuth
data.Email = user.Email
- data.AdditionalEmails = user.Filters.AdditionalEmails
- data.AdditionalEmailsString = strings.Join(data.AdditionalEmails, ", ")
data.Description = user.Description
data.CanSubmit = userMerged.CanUpdateProfile()
renderClientTemplate(w, templateClientProfile, data)
@@ -872,7 +832,7 @@ func (s *httpdServer) renderClientProfilePage(w http.ResponseWriter, r *http.Req
func (s *httpdServer) renderClientChangePasswordPage(w http.ResponseWriter, r *http.Request, err *util.I18nError) {
data := changeClientPasswordPage{
- baseClientPage: s.getBaseClientPageData(util.I18nChangePwdTitle, webChangeClientPwdPath, w, r),
+ baseClientPage: s.getBaseClientPageData(util.I18nChangePwdTitle, webChangeClientPwdPath, r),
Error: err,
}
@@ -881,7 +841,7 @@ func (s *httpdServer) renderClientChangePasswordPage(w http.ResponseWriter, r *h
func (s *httpdServer) handleWebClientDownloadZip(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxMultipartMem)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderClientForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -890,7 +850,8 @@ func (s *httpdServer) handleWebClientDownloadZip(w http.ResponseWriter, r *http.
s.renderClientBadRequestPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm))
return
}
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderClientForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -905,12 +866,15 @@ func (s *httpdServer) handleWebClientDownloadZip(w http.ResponseWriter, r *http.
connID := xid.New().String()
protocol := getProtocolFromRequest(r)
connectionID := fmt.Sprintf("%v_%v", protocol, connID)
- if err := checkHTTPClientUser(&user, r, connectionID, false, false); err != nil {
+ if err := checkHTTPClientUser(&user, r, connectionID, false); err != nil {
s.renderClientForbiddenPage(w, r, err)
return
}
- baseConn := common.NewBaseConnection(connID, protocol, util.GetHTTPLocalAddress(r), r.RemoteAddr, user)
- connection := newConnection(baseConn, w, r)
+ connection := &Connection{
+ BaseConnection: common.NewBaseConnection(connID, protocol, util.GetHTTPLocalAddress(r),
+ r.RemoteAddr, user),
+ request: r,
+ }
if err = common.Connections.Add(connection); err != nil {
s.renderClientMessagePage(w, r, util.I18nError429Title, http.StatusTooManyRequests,
util.NewI18nError(err, util.I18nError429Message), "")
@@ -1009,7 +973,7 @@ func (s *httpdServer) handleShareGetDirContents(w http.ResponseWriter, r *http.R
}
defer lister.Close()
- dataGetter := func(limit, offset int) ([]byte, int, error) {
+ dataGetter := func(limit, _ int) ([]byte, int, error) {
contents, err := lister.Next(limit)
if errors.Is(err, io.EOF) {
err = nil
@@ -1018,12 +982,11 @@ func (s *httpdServer) handleShareGetDirContents(w http.ResponseWriter, r *http.R
return nil, 0, err
}
results := make([]map[string]any, 0, len(contents))
- for idx, info := range contents {
+ for _, info := range contents {
if !info.Mode().IsDir() && !info.Mode().IsRegular() {
continue
}
res := make(map[string]any)
- res["id"] = offset + idx + 1
if info.IsDir() {
res["type"] = "1"
res["size"] = ""
@@ -1060,7 +1023,7 @@ func (s *httpdServer) handleClientUploadToShare(w http.ResponseWriter, r *http.R
http.Redirect(w, r, path.Join(webClientPubSharesPath, share.ShareID, "browse"), http.StatusFound)
return
}
- s.renderUploadToSharePage(w, r, &share)
+ s.renderUploadToSharePage(w, r, share)
}
func (s *httpdServer) handleShareGetFiles(w http.ResponseWriter, r *http.Request) {
@@ -1125,8 +1088,7 @@ func (s *httpdServer) handleShareViewPDF(w http.ResponseWriter, r *http.Request)
Title: path.Base(name),
URL: fmt.Sprintf("%s?path=%s&_=%d", path.Join(webClientPubSharesPath, share.ShareID, "getpdf"),
url.QueryEscape(name), time.Now().UTC().Unix()),
- Branding: s.binding.webClientBranding(),
- Languages: s.binding.languages(),
+ Branding: s.binding.Branding.WebClient,
}
renderClientTemplate(w, templateClientViewPDF, data)
}
@@ -1178,7 +1140,7 @@ func (s *httpdServer) handleShareGetPDF(w http.ResponseWriter, r *http.Request)
func (s *httpdServer) handleClientGetDirContents(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, nil, util.I18nErrorDirList403, http.StatusForbidden)
return
@@ -1193,12 +1155,15 @@ func (s *httpdServer) handleClientGetDirContents(w http.ResponseWriter, r *http.
connID := xid.New().String()
protocol := getProtocolFromRequest(r)
connectionID := fmt.Sprintf("%s_%s", protocol, connID)
- if err := checkHTTPClientUser(&user, r, connectionID, false, false); err != nil {
+ if err := checkHTTPClientUser(&user, r, connectionID, false); err != nil {
sendAPIResponse(w, r, err, getI18NErrorString(err, util.I18nErrorDirList403), http.StatusForbidden)
return
}
- baseConn := common.NewBaseConnection(connID, protocol, util.GetHTTPLocalAddress(r), r.RemoteAddr, user)
- connection := newConnection(baseConn, w, r)
+ connection := &Connection{
+ BaseConnection: common.NewBaseConnection(connID, protocol, util.GetHTTPLocalAddress(r),
+ r.RemoteAddr, user),
+ request: r,
+ }
if err = common.Connections.Add(connection); err != nil {
sendAPIResponse(w, r, err, util.I18nErrorDirList429, http.StatusTooManyRequests)
return
@@ -1215,7 +1180,7 @@ func (s *httpdServer) handleClientGetDirContents(w http.ResponseWriter, r *http.
defer lister.Close()
dirTree := r.URL.Query().Get("dirtree") == "1"
- dataGetter := func(limit, offset int) ([]byte, int, error) {
+ dataGetter := func(limit, _ int) ([]byte, int, error) {
contents, err := lister.Next(limit)
if errors.Is(err, io.EOF) {
err = nil
@@ -1224,9 +1189,8 @@ func (s *httpdServer) handleClientGetDirContents(w http.ResponseWriter, r *http.
return nil, 0, err
}
results := make([]map[string]any, 0, len(contents))
- for idx, info := range contents {
+ for _, info := range contents {
res := make(map[string]any)
- res["id"] = offset + idx + 1
res["url"] = getFileObjectURL(name, info.Name(), webClientFilesPath)
if info.IsDir() {
res["type"] = "1"
@@ -1264,7 +1228,7 @@ func (s *httpdServer) handleClientGetDirContents(w http.ResponseWriter, r *http.
func (s *httpdServer) handleClientGetFiles(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderClientForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -1280,12 +1244,15 @@ func (s *httpdServer) handleClientGetFiles(w http.ResponseWriter, r *http.Reques
connID := xid.New().String()
protocol := getProtocolFromRequest(r)
connectionID := fmt.Sprintf("%v_%v", protocol, connID)
- if err := checkHTTPClientUser(&user, r, connectionID, false, false); err != nil {
+ if err := checkHTTPClientUser(&user, r, connectionID, false); err != nil {
s.renderClientForbiddenPage(w, r, err)
return
}
- baseConn := common.NewBaseConnection(connID, protocol, util.GetHTTPLocalAddress(r), r.RemoteAddr, user)
- connection := newConnection(baseConn, w, r)
+ connection := &Connection{
+ BaseConnection: common.NewBaseConnection(connID, protocol, util.GetHTTPLocalAddress(r),
+ r.RemoteAddr, user),
+ request: r,
+ }
if err = common.Connections.Add(connection); err != nil {
s.renderClientMessagePage(w, r, util.I18nError429Title, http.StatusTooManyRequests,
util.NewI18nError(err, util.I18nError429Message), "")
@@ -1322,7 +1289,7 @@ func (s *httpdServer) handleClientGetFiles(w http.ResponseWriter, r *http.Reques
func (s *httpdServer) handleClientEditFile(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderClientForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -1338,12 +1305,15 @@ func (s *httpdServer) handleClientEditFile(w http.ResponseWriter, r *http.Reques
connID := xid.New().String()
protocol := getProtocolFromRequest(r)
connectionID := fmt.Sprintf("%v_%v", protocol, connID)
- if err := checkHTTPClientUser(&user, r, connectionID, false, false); err != nil {
+ if err := checkHTTPClientUser(&user, r, connectionID, false); err != nil {
s.renderClientForbiddenPage(w, r, err)
return
}
- baseConn := common.NewBaseConnection(connID, protocol, util.GetHTTPLocalAddress(r), r.RemoteAddr, user)
- connection := newConnection(baseConn, w, r)
+ connection := &Connection{
+ BaseConnection: common.NewBaseConnection(connID, protocol, util.GetHTTPLocalAddress(r),
+ r.RemoteAddr, user),
+ request: r,
+ }
if err = common.Connections.Add(connection); err != nil {
s.renderClientMessagePage(w, r, util.I18nError429Title, http.StatusTooManyRequests,
util.NewI18nError(err, util.I18nError429Message), "")
@@ -1398,7 +1368,7 @@ func (s *httpdServer) handleClientEditFile(w http.ResponseWriter, r *http.Reques
func (s *httpdServer) handleClientAddShareGet(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderClientForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -1440,7 +1410,7 @@ func (s *httpdServer) handleClientAddShareGet(w http.ResponseWriter, r *http.Req
func (s *httpdServer) handleClientUpdateShareGet(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderClientForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -1448,6 +1418,7 @@ func (s *httpdServer) handleClientUpdateShareGet(w http.ResponseWriter, r *http.
shareID := getURLParam(r, "id")
share, err := dataprovider.ShareExists(shareID, claims.Username)
if err == nil {
+ share.HideConfidentialData()
s.renderAddUpdateSharePage(w, r, &share, nil, false)
} else if errors.Is(err, util.ErrNotFound) {
s.renderClientNotFoundPage(w, r, err)
@@ -1458,7 +1429,7 @@ func (s *httpdServer) handleClientUpdateShareGet(w http.ResponseWriter, r *http.
func (s *httpdServer) handleClientAddSharePost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderClientForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -1469,7 +1440,7 @@ func (s *httpdServer) handleClientAddSharePost(w http.ResponseWriter, r *http.Re
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderClientForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -1478,7 +1449,7 @@ func (s *httpdServer) handleClientAddSharePost(w http.ResponseWriter, r *http.Re
share.LastUseAt = 0
share.Username = claims.Username
if share.Password == "" {
- if slices.Contains(claims.Permissions, sdk.WebClientShareNoPasswordDisabled) {
+ if util.Contains(claims.Permissions, sdk.WebClientShareNoPasswordDisabled) {
s.renderAddUpdateSharePage(w, r, share,
util.NewI18nError(util.NewValidationError("You are not allowed to share files/folders without password"), util.I18nErrorShareNoPwd),
true)
@@ -1517,7 +1488,7 @@ func (s *httpdServer) handleClientAddSharePost(w http.ResponseWriter, r *http.Re
func (s *httpdServer) handleClientUpdateSharePost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderClientForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -1537,7 +1508,7 @@ func (s *httpdServer) handleClientUpdateSharePost(w http.ResponseWriter, r *http
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderClientForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
@@ -1547,7 +1518,7 @@ func (s *httpdServer) handleClientUpdateSharePost(w http.ResponseWriter, r *http
updatedShare.Password = share.Password
}
if updatedShare.Password == "" {
- if slices.Contains(claims.Permissions, sdk.WebClientShareNoPasswordDisabled) {
+ if util.Contains(claims.Permissions, sdk.WebClientShareNoPasswordDisabled) {
s.renderAddUpdateSharePage(w, r, updatedShare,
util.NewI18nError(util.NewValidationError("You are not allowed to share files/folders without password"), util.I18nErrorShareNoPwd),
false)
@@ -1586,7 +1557,7 @@ func (s *httpdServer) handleClientUpdateSharePost(w http.ResponseWriter, r *http
func getAllShares(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, nil, util.I18nErrorInvalidToken, http.StatusForbidden)
return
@@ -1608,9 +1579,8 @@ func (s *httpdServer) handleClientGetShares(w http.ResponseWriter, r *http.Reque
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
data := clientSharesPage{
- baseClientPage: s.getBaseClientPageData(util.I18nSharesTitle, webClientSharesPath, w, r),
+ baseClientPage: s.getBaseClientPageData(util.I18nSharesTitle, webClientSharesPath, r),
BasePublicSharesURL: webClientPubSharesPath,
- BaseURL: s.binding.BaseURL,
}
renderClientTemplate(w, templateClientShares, data)
}
@@ -1633,11 +1603,11 @@ func (s *httpdServer) handleWebClientProfilePost(w http.ResponseWriter, r *http.
return
}
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
- if err := verifyCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderClientForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderClientForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -1676,15 +1646,6 @@ func (s *httpdServer) handleWebClientProfilePost(w http.ResponseWriter, r *http.
if userMerged.CanChangeInfo() {
user.Email = strings.TrimSpace(r.Form.Get("email"))
user.Description = r.Form.Get("description")
- for k := range r.Form {
- if hasPrefixAndSuffix(k, "additional_emails[", "][additional_email]") {
- email := strings.TrimSpace(r.Form.Get(k))
- if email != "" {
- r.Form.Add("additional_emails", email)
- }
- }
- }
- user.Filters.AdditionalEmails = r.Form["additional_emails"]
}
err = dataprovider.UpdateUser(&user, dataprovider.ActionExecutorSelf, ipAddr, user.Role)
if err != nil {
@@ -1701,12 +1662,12 @@ func (s *httpdServer) handleWebClientMFA(w http.ResponseWriter, r *http.Request)
func (s *httpdServer) handleWebClientTwoFactor(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- s.renderClientTwoFactorPage(w, r, nil)
+ s.renderClientTwoFactorPage(w, r, nil, util.GetIPFromRemoteAddress(r.RemoteAddr))
}
func (s *httpdServer) handleWebClientTwoFactorRecovery(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
- s.renderClientTwoFactorRecoveryPage(w, r, nil)
+ s.renderClientTwoFactorRecoveryPage(w, r, nil, util.GetIPFromRemoteAddress(r.RemoteAddr))
}
func getShareFromPostFields(r *http.Request) (*dataprovider.Share, error) {
@@ -1758,25 +1719,26 @@ func (s *httpdServer) handleWebClientForgotPwd(w http.ResponseWriter, r *http.Re
s.renderClientNotFoundPage(w, r, errors.New("this page does not exist"))
return
}
- s.renderClientForgotPwdPage(w, r, nil)
+ s.renderClientForgotPwdPage(w, r, nil, util.GetIPFromRemoteAddress(r.RemoteAddr))
}
func (s *httpdServer) handleWebClientForgotPwdPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
+ ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
err := r.ParseForm()
if err != nil {
- s.renderClientForgotPwdPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm))
+ s.renderClientForgotPwdPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm), ipAddr)
return
}
- if err := verifyLoginCookieAndCSRFToken(r, s.csrfTokenAuth); err != nil {
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
s.renderClientForbiddenPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
return
}
username := strings.TrimSpace(r.Form.Get("username"))
err = handleForgotPassword(r, username, false)
if err != nil {
- s.renderClientForgotPwdPage(w, r, util.NewI18nError(err, util.I18nErrorPwdResetGeneric))
+ s.renderClientForgotPwdPage(w, r, util.NewI18nError(err, util.I18nErrorPwdResetGeneric), ipAddr)
return
}
http.Redirect(w, r, webClientResetPwdPath, http.StatusFound)
@@ -1788,7 +1750,7 @@ func (s *httpdServer) handleWebClientPasswordReset(w http.ResponseWriter, r *htt
s.renderClientNotFoundPage(w, r, errors.New("this page does not exist"))
return
}
- s.renderClientResetPwdPage(w, r, nil)
+ s.renderClientResetPwdPage(w, r, nil, util.GetIPFromRemoteAddress(r.RemoteAddr))
}
func (s *httpdServer) handleClientViewPDF(w http.ResponseWriter, r *http.Request) {
@@ -1803,15 +1765,14 @@ func (s *httpdServer) handleClientViewPDF(w http.ResponseWriter, r *http.Request
commonBasePage: getCommonBasePage(r),
Title: path.Base(name),
URL: fmt.Sprintf("%s?path=%s&_=%d", webClientGetPDFPath, url.QueryEscape(name), time.Now().UTC().Unix()),
- Branding: s.binding.webClientBranding(),
- Languages: s.binding.languages(),
+ Branding: s.binding.Branding.WebClient,
}
renderClientTemplate(w, templateClientViewPDF, data)
}
func (s *httpdServer) handleClientGetPDF(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxLoginBodySize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
s.renderClientForbiddenPage(w, r, util.NewI18nError(errInvalidTokenClaims, util.I18nErrorInvalidToken))
return
@@ -1832,12 +1793,15 @@ func (s *httpdServer) handleClientGetPDF(w http.ResponseWriter, r *http.Request)
connID := xid.New().String()
protocol := getProtocolFromRequest(r)
connectionID := fmt.Sprintf("%v_%v", protocol, connID)
- if err := checkHTTPClientUser(&user, r, connectionID, false, false); err != nil {
+ if err := checkHTTPClientUser(&user, r, connectionID, false); err != nil {
s.renderClientForbiddenPage(w, r, err)
return
}
- baseConn := common.NewBaseConnection(connID, protocol, util.GetHTTPLocalAddress(r), r.RemoteAddr, user)
- connection := newConnection(baseConn, w, r)
+ connection := &Connection{
+ BaseConnection: common.NewBaseConnection(connID, protocol, util.GetHTTPLocalAddress(r),
+ r.RemoteAddr, user),
+ request: r,
+ }
if err = common.Connections.Add(connection); err != nil {
s.renderClientMessagePage(w, r, util.I18nError429Title, http.StatusTooManyRequests,
util.NewI18nError(err, util.I18nError429Message), "")
@@ -1889,46 +1853,43 @@ func (s *httpdServer) ensurePDF(w http.ResponseWriter, r *http.Request, name str
func (s *httpdServer) handleClientShareLoginGet(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxLoginBodySize)
- s.renderShareLoginPage(w, r, nil)
+ s.renderShareLoginPage(w, r, nil, util.GetIPFromRemoteAddress(r.RemoteAddr))
}
func (s *httpdServer) handleClientShareLoginPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxLoginBodySize)
ipAddr := util.GetIPFromRemoteAddress(r.RemoteAddr)
if err := r.ParseForm(); err != nil {
- s.renderShareLoginPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm))
+ s.renderShareLoginPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidForm), ipAddr)
return
}
- if err := verifyLoginCookieAndCSRFToken(r, s.csrfTokenAuth); err != nil {
- s.renderShareLoginPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF))
+ if err := verifyCSRFToken(r.Form.Get(csrfFormToken), ipAddr); err != nil {
+ s.renderShareLoginPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCSRF), ipAddr)
return
}
- invalidateToken(r)
shareID := getURLParam(r, "id")
share, err := dataprovider.ShareExists(shareID, "")
if err != nil {
- s.renderShareLoginPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCredentials))
+ s.renderShareLoginPage(w, r, util.NewI18nError(err, util.I18nErrorInvalidCredentials), ipAddr)
return
}
match, err := share.CheckCredentials(strings.TrimSpace(r.Form.Get("share_password")))
if !match || err != nil {
- s.renderShareLoginPage(w, r, util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials))
+ s.renderShareLoginPage(w, r, util.NewI18nError(dataprovider.ErrInvalidCredentials, util.I18nErrorInvalidCredentials),
+ ipAddr)
+ return
+ }
+ c := jwtTokenClaims{
+ Username: shareID,
+ }
+ err = c.createAndSetCookie(w, r, s.tokenAuth, tokenAudienceWebShare, ipAddr)
+ if err != nil {
+ s.renderShareLoginPage(w, r, util.NewI18nError(err, util.I18nError500Message), ipAddr)
return
}
next := path.Clean(r.URL.Query().Get("next"))
baseShareURL := path.Join(webClientPubSharesPath, share.ShareID)
isRedirect, redirectTo := checkShareRedirectURL(next, baseShareURL)
- c := &jwt.Claims{
- Username: shareID,
- }
- if isRedirect {
- c.Ref = next
- }
- err = createAndSetCookie(w, r, c, s.tokenAuth, tokenAudienceWebShare, ipAddr)
- if err != nil {
- s.renderShareLoginPage(w, r, util.NewI18nError(err, util.I18nError500Message))
- return
- }
if isRedirect {
http.Redirect(w, r, redirectTo, http.StatusFound)
return
@@ -1936,22 +1897,6 @@ func (s *httpdServer) handleClientShareLoginPost(w http.ResponseWriter, r *http.
s.renderClientMessagePage(w, r, util.I18nSharedFilesTitle, http.StatusOK, nil, util.I18nShareLoginOK)
}
-func (s *httpdServer) handleClientShareLogout(w http.ResponseWriter, r *http.Request) {
- r.Body = http.MaxBytesReader(w, r.Body, maxLoginBodySize)
-
- shareID := getURLParam(r, "id")
- ctx, claims, err := s.getShareClaims(r, shareID)
- if err != nil {
- s.renderClientMessagePage(w, r, util.I18nShareAccessErrorTitle, http.StatusForbidden,
- util.NewI18nError(err, util.I18nErrorInvalidToken), "")
- return
- }
- removeCookie(w, r.WithContext(ctx), webBaseClientPath)
-
- redirectURL := path.Join(webClientPubSharesPath, shareID, fmt.Sprintf("login?next=%s", url.QueryEscape(claims.Ref)))
- http.Redirect(w, r, redirectURL, http.StatusFound)
-}
-
func (s *httpdServer) handleClientSharedFile(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
validScopes := []dataprovider.ShareScope{dataprovider.ShareScopeRead}
@@ -1963,7 +1908,7 @@ func (s *httpdServer) handleClientSharedFile(w http.ResponseWriter, r *http.Requ
if r.URL.RawQuery != "" {
query = "?" + r.URL.RawQuery
}
- s.renderShareDownloadPage(w, r, &share, path.Join(webClientPubSharesPath, share.ShareID)+query)
+ s.renderShareDownloadPage(w, r, path.Join(webClientPubSharesPath, share.ShareID)+query)
}
func (s *httpdServer) handleClientCheckExist(w http.ResponseWriter, r *http.Request) {
@@ -2038,7 +1983,7 @@ func doCheckExist(w http.ResponseWriter, r *http.Request, connection *Connection
}
existing := make([]map[string]any, 0)
for _, info := range contents {
- if slices.Contains(filesList.Files, info.Name()) {
+ if util.Contains(filesList.Files, info.Name()) {
res := make(map[string]any)
res["name"] = info.Name()
if info.IsDir() {
@@ -2086,7 +2031,7 @@ func checkShareRedirectURL(next, base string) (bool, string) {
func getWebTask(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxLoginBodySize)
- claims, err := jwt.FromContext(r.Context())
+ claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
return
diff --git a/internal/httpd/webtask.go b/internal/httpd/webtask.go
index 0c328c06..8375c9c0 100644
--- a/internal/httpd/webtask.go
+++ b/internal/httpd/webtask.go
@@ -93,7 +93,7 @@ func (m *dbTaskManager) Add(data webTaskData) error {
}
func (m *dbTaskManager) Get(ID string) (webTaskData, error) {
- sess, err := dataprovider.GetSharedSession(ID, dataprovider.SessionTypeWebTask)
+ sess, err := dataprovider.GetSharedSession(ID)
if err != nil {
return webTaskData{}, err
}
diff --git a/internal/httpdtest/httpdtest.go b/internal/httpdtest/httpdtest.go
index bacfa675..991e8774 100644
--- a/internal/httpdtest/httpdtest.go
+++ b/internal/httpdtest/httpdtest.go
@@ -37,6 +37,7 @@ import (
"github.com/drakkan/sftpgo/v2/internal/httpclient"
"github.com/drakkan/sftpgo/v2/internal/httpd"
"github.com/drakkan/sftpgo/v2/internal/kms"
+ "github.com/drakkan/sftpgo/v2/internal/util"
"github.com/drakkan/sftpgo/v2/internal/version"
"github.com/drakkan/sftpgo/v2/internal/vfs"
)
@@ -58,6 +59,7 @@ const (
adminPath = "/api/v2/admins"
adminPwdPath = "/api/v2/admin/changepwd"
apiKeysPath = "/api/v2/apikeys"
+ retentionBasePath = "/api/v2/retention/users"
retentionChecksPath = "/api/v2/retention/users/checks"
eventActionsPath = "/api/v2/eventactions"
eventRulesPath = "/api/v2/eventrules"
@@ -1172,6 +1174,20 @@ func GetRetentionChecks(expectedStatusCode int) ([]common.ActiveRetentionChecks,
return checks, body, err
}
+// StartRetentionCheck starts a new retention check
+func StartRetentionCheck(username string, retention []dataprovider.FolderRetention, expectedStatusCode int) ([]byte, error) {
+ var body []byte
+ asJSON, _ := json.Marshal(retention)
+ resp, err := sendHTTPRequest(http.MethodPost, buildURLRelativeToBase(retentionBasePath, username, "check"),
+ bytes.NewBuffer(asJSON), "application/json", getDefaultToken())
+ if err != nil {
+ return body, err
+ }
+ defer resp.Body.Close()
+ body, _ = getResponseBody(resp)
+ return body, checkResponse(resp.StatusCode, expectedStatusCode)
+}
+
// GetConnections returns status and stats for active SFTP/SCP connections
func GetConnections(expectedStatusCode int) ([]common.ConnectionStatus, []byte, error) {
var connections []common.ConnectionStatus
@@ -1664,7 +1680,7 @@ func checkEventConditionOptions(expected, actual dataprovider.ConditionOptions)
return errors.New("condition protocols mismatch")
}
for _, v := range expected.Protocols {
- if !slices.Contains(actual.Protocols, v) {
+ if !util.Contains(actual.Protocols, v) {
return errors.New("condition protocols content mismatch")
}
}
@@ -1680,7 +1696,7 @@ func checkEventConditionOptions(expected, actual dataprovider.ConditionOptions)
return errors.New("condition provider objects mismatch")
}
for _, v := range expected.ProviderObjects {
- if !slices.Contains(actual.ProviderObjects, v) {
+ if !util.Contains(actual.ProviderObjects, v) {
return errors.New("condition provider objects content mismatch")
}
}
@@ -1698,7 +1714,7 @@ func checkEventConditions(expected, actual dataprovider.EventConditions) error {
return errors.New("fs events mismatch")
}
for _, v := range expected.FsEvents {
- if !slices.Contains(actual.FsEvents, v) {
+ if !util.Contains(actual.FsEvents, v) {
return errors.New("fs events content mismatch")
}
}
@@ -1706,7 +1722,7 @@ func checkEventConditions(expected, actual dataprovider.EventConditions) error {
return errors.New("provider events mismatch")
}
for _, v := range expected.ProviderEvents {
- if !slices.Contains(actual.ProviderEvents, v) {
+ if !util.Contains(actual.ProviderEvents, v) {
return errors.New("provider events content mismatch")
}
}
@@ -1941,7 +1957,7 @@ func checkAdmin(expected, actual *dataprovider.Admin) error {
return errors.New("permissions mismatch")
}
for _, p := range expected.Permissions {
- if !slices.Contains(actual.Permissions, p) {
+ if !util.Contains(actual.Permissions, p) {
return errors.New("permissions content mismatch")
}
}
@@ -1959,7 +1975,7 @@ func compareAdminFilters(expected, actual dataprovider.AdminFilters) error {
return errors.New("allow list mismatch")
}
for _, v := range expected.AllowList {
- if !slices.Contains(actual.AllowList, v) {
+ if !util.Contains(actual.AllowList, v) {
return errors.New("allow list content mismatch")
}
}
@@ -2022,9 +2038,6 @@ func checkUser(expected *dataprovider.User, actual *dataprovider.User) error {
if expected.Email != actual.Email {
return errors.New("email mismatch")
}
- if !slices.Equal(expected.Filters.AdditionalEmails, actual.Filters.AdditionalEmails) {
- return errors.New("additional emails mismatch")
- }
if expected.Filters.RequirePasswordChange != actual.Filters.RequirePasswordChange {
return errors.New("require_password_change mismatch")
}
@@ -2053,7 +2066,7 @@ func compareUserPermissions(expected map[string][]string, actual map[string][]st
for dir, perms := range expected {
if actualPerms, ok := actual[dir]; ok {
for _, v := range actualPerms {
- if !slices.Contains(perms, v) {
+ if !util.Contains(perms, v) {
return errors.New("permissions contents mismatch")
}
}
@@ -2184,9 +2197,6 @@ func compareS3Config(expected *vfs.Filesystem, actual *vfs.Filesystem) error { /
if err := checkEncryptedSecret(expected.S3Config.AccessSecret, actual.S3Config.AccessSecret); err != nil {
return fmt.Errorf("fs S3 access secret mismatch: %v", err)
}
- if err := checkEncryptedSecret(expected.S3Config.SSECustomerKey, actual.S3Config.SSECustomerKey); err != nil {
- return fmt.Errorf("fs S3 SSE customer key mismatch: %v", err)
- }
if expected.S3Config.Endpoint != actual.S3Config.Endpoint {
return errors.New("fs S3 endpoint mismatch")
}
@@ -2309,7 +2319,7 @@ func compareSFTPFsConfig(expected *vfs.Filesystem, actual *vfs.Filesystem) error
return errors.New("SFTPFs fingerprints mismatch")
}
for _, value := range actual.SFTPConfig.Fingerprints {
- if !slices.Contains(expected.SFTPConfig.Fingerprints, value) {
+ if !util.Contains(expected.SFTPConfig.Fingerprints, value) {
return errors.New("SFTPFs fingerprints mismatch")
}
}
@@ -2400,27 +2410,27 @@ func checkEncryptedSecret(expected, actual *kms.Secret) error {
func compareUserFilterSubStructs(expected sdk.BaseUserFilters, actual sdk.BaseUserFilters) error {
for _, IPMask := range expected.AllowedIP {
- if !slices.Contains(actual.AllowedIP, IPMask) {
+ if !util.Contains(actual.AllowedIP, IPMask) {
return errors.New("allowed IP contents mismatch")
}
}
for _, IPMask := range expected.DeniedIP {
- if !slices.Contains(actual.DeniedIP, IPMask) {
+ if !util.Contains(actual.DeniedIP, IPMask) {
return errors.New("denied IP contents mismatch")
}
}
for _, method := range expected.DeniedLoginMethods {
- if !slices.Contains(actual.DeniedLoginMethods, method) {
+ if !util.Contains(actual.DeniedLoginMethods, method) {
return errors.New("denied login methods contents mismatch")
}
}
for _, protocol := range expected.DeniedProtocols {
- if !slices.Contains(actual.DeniedProtocols, protocol) {
+ if !util.Contains(actual.DeniedProtocols, protocol) {
return errors.New("denied protocols contents mismatch")
}
}
for _, options := range expected.WebClient {
- if !slices.Contains(actual.WebClient, options) {
+ if !util.Contains(actual.WebClient, options) {
return errors.New("web client options contents mismatch")
}
}
@@ -2429,7 +2439,7 @@ func compareUserFilterSubStructs(expected sdk.BaseUserFilters, actual sdk.BaseUs
return errors.New("TLS certs mismatch")
}
for _, cert := range expected.TLSCerts {
- if !slices.Contains(actual.TLSCerts, cert) {
+ if !util.Contains(actual.TLSCerts, cert) {
return errors.New("TLS certs content mismatch")
}
}
@@ -2526,7 +2536,7 @@ func checkFilterMatch(expected []string, actual []string) bool {
return false
}
for _, e := range expected {
- if !slices.Contains(actual, strings.ToLower(e)) {
+ if !util.Contains(actual, strings.ToLower(e)) {
return false
}
}
@@ -2569,7 +2579,7 @@ func compareUserBandwidthLimitFilters(expected sdk.BaseUserFilters, actual sdk.B
return errors.New("bandwidth filters sources mismatch")
}
for _, source := range actual.BandwidthLimits[idx].Sources {
- if !slices.Contains(l.Sources, source) {
+ if !util.Contains(l.Sources, source) {
return errors.New("bandwidth filters source mismatch")
}
}
@@ -2600,28 +2610,9 @@ func compareUserFilePatternsFilters(expected sdk.BaseUserFilters, actual sdk.Bas
return nil
}
-func compareRenameConfigs(expected, actual []dataprovider.RenameConfig) error {
- if len(expected) != len(actual) {
- return errors.New("rename configs mismatch")
- }
- for _, ex := range expected {
- found := false
- for _, ac := range actual {
- if ac.Key == ex.Key && ac.Value == ex.Value && ac.UpdateModTime == ex.UpdateModTime {
- found = true
- break
- }
- }
- if !found {
- return errors.New("rename configs mismatch")
- }
- }
- return nil
-}
-
func compareKeyValues(expected, actual []dataprovider.KeyValue) error {
if len(expected) != len(actual) {
- return errors.New("key values mismatch")
+ return errors.New("kay values mismatch")
}
for _, ex := range expected {
found := false
@@ -2632,7 +2623,7 @@ func compareKeyValues(expected, actual []dataprovider.KeyValue) error {
}
}
if !found {
- return errors.New("key values mismatch")
+ return errors.New("kay values mismatch")
}
}
return nil
@@ -2698,7 +2689,7 @@ func compareEventActionEmailConfigFields(expected, actual dataprovider.EventActi
return errors.New("email recipients mismatch")
}
for _, v := range expected.Recipients {
- if !slices.Contains(actual.Recipients, v) {
+ if !util.Contains(actual.Recipients, v) {
return errors.New("email recipients content mismatch")
}
}
@@ -2706,7 +2697,7 @@ func compareEventActionEmailConfigFields(expected, actual dataprovider.EventActi
return errors.New("email bcc mismatch")
}
for _, v := range expected.Bcc {
- if !slices.Contains(actual.Bcc, v) {
+ if !util.Contains(actual.Bcc, v) {
return errors.New("email bcc content mismatch")
}
}
@@ -2723,7 +2714,7 @@ func compareEventActionEmailConfigFields(expected, actual dataprovider.EventActi
return errors.New("email attachments mismatch")
}
for _, v := range expected.Attachments {
- if !slices.Contains(actual.Attachments, v) {
+ if !util.Contains(actual.Attachments, v) {
return errors.New("email attachments content mismatch")
}
}
@@ -2738,7 +2729,7 @@ func compareEventActionFsCompressFields(expected, actual dataprovider.EventActio
return errors.New("fs compress paths mismatch")
}
for _, v := range expected.Paths {
- if !slices.Contains(actual.Paths, v) {
+ if !util.Contains(actual.Paths, v) {
return errors.New("fs compress paths content mismatch")
}
}
@@ -2749,7 +2740,7 @@ func compareEventActionFsConfigFields(expected, actual dataprovider.EventActionF
if expected.Type != actual.Type {
return errors.New("fs type mismatch")
}
- if err := compareRenameConfigs(expected.Renames, actual.Renames); err != nil {
+ if err := compareKeyValues(expected.Renames, actual.Renames); err != nil {
return errors.New("fs renames mismatch")
}
if err := compareKeyValues(expected.Copy, actual.Copy); err != nil {
@@ -2759,7 +2750,7 @@ func compareEventActionFsConfigFields(expected, actual dataprovider.EventActionF
return errors.New("fs deletes mismatch")
}
for _, v := range expected.Deletes {
- if !slices.Contains(actual.Deletes, v) {
+ if !util.Contains(actual.Deletes, v) {
return errors.New("fs deletes content mismatch")
}
}
@@ -2767,7 +2758,7 @@ func compareEventActionFsConfigFields(expected, actual dataprovider.EventActionF
return errors.New("fs mkdirs mismatch")
}
for _, v := range expected.MkDirs {
- if !slices.Contains(actual.MkDirs, v) {
+ if !util.Contains(actual.MkDirs, v) {
return errors.New("fs mkdir content mismatch")
}
}
@@ -2775,7 +2766,7 @@ func compareEventActionFsConfigFields(expected, actual dataprovider.EventActionF
return errors.New("fs exist mismatch")
}
for _, v := range expected.Exist {
- if !slices.Contains(actual.Exist, v) {
+ if !util.Contains(actual.Exist, v) {
return errors.New("fs exist content mismatch")
}
}
@@ -2806,7 +2797,7 @@ func compareEventActionCmdConfigFields(expected, actual dataprovider.EventAction
return errors.New("cmd args mismatch")
}
for _, v := range expected.Args {
- if !slices.Contains(actual.Args, v) {
+ if !util.Contains(actual.Args, v) {
return errors.New("cmd args content mismatch")
}
}
diff --git a/internal/jwt/jwt.go b/internal/jwt/jwt.go
deleted file mode 100644
index 01493bc4..00000000
--- a/internal/jwt/jwt.go
+++ /dev/null
@@ -1,268 +0,0 @@
-// Copyright (C) 2025 Nicola Murino
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published
-// by the Free Software Foundation, version 3.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program. If not, see .
-
-// Package jwt provides functionality for creating, parsing, and validating
-// JSON Web Tokens (JWT) used in authentication and authorization workflows.
-package jwt
-
-import (
- "context"
- "errors"
- "fmt"
- "net/http"
- "slices"
- "strings"
- "time"
-
- "github.com/go-jose/go-jose/v4"
- "github.com/go-jose/go-jose/v4/jwt"
- "github.com/rs/xid"
-)
-
-const (
- CookieKey = "jwt"
-)
-
-var (
- TokenCtxKey = &contextKey{"Token"}
- ErrorCtxKey = &contextKey{"Error"}
-)
-
-// contextKey is a value for use with context.WithValue. It's used as
-// a pointer so it fits in an interface{} without allocation. This technique
-// for defining context keys was copied from Go 1.7's new use of context in net/http.
-type contextKey struct {
- name string
-}
-
-func (k *contextKey) String() string {
- return "jwt context value " + k.name
-}
-
-func NewClaims(audience, ip string, duration time.Duration) *Claims {
- now := time.Now()
- claims := &Claims{}
- claims.IssuedAt = jwt.NewNumericDate(now)
- claims.NotBefore = jwt.NewNumericDate(now.Add(-10 * time.Second))
- claims.Expiry = jwt.NewNumericDate(now.Add(duration))
- claims.Audience = []string{audience, ip}
- return claims
-}
-
-type Claims struct {
- jwt.Claims
- Username string `json:"username,omitempty"`
- Permissions []string `json:"permissions,omitempty"`
- Role string `json:"role,omitempty"`
- APIKeyID string `json:"api_key,omitempty"`
- NodeID string `json:"node_id,omitempty"`
- MustSetTwoFactorAuth bool `json:"2fa_required,omitempty"`
- MustChangePassword bool `json:"chpwd,omitempty"`
- RequiredTwoFactorProtocols []string `json:"2fa_protos,omitempty"`
- HideUserPageSections int `json:"hus,omitempty"`
- Ref string `json:"ref,omitempty"`
-}
-
-func (c *Claims) SetIssuedAt(t time.Time) {
- c.IssuedAt = jwt.NewNumericDate(t)
-}
-
-func (c *Claims) SetNotBefore(t time.Time) {
- c.NotBefore = jwt.NewNumericDate(t)
-}
-
-func (c *Claims) SetExpiry(t time.Time) {
- c.Expiry = jwt.NewNumericDate(t)
-}
-
-func (c *Claims) HasPerm(perm string) bool {
- for _, p := range c.Permissions {
- if p == "*" || p == perm {
- return true
- }
- }
- return false
-}
-
-func (c *Claims) HasAnyAudience(audiences []string) bool {
- for _, a := range c.Audience {
- if slices.Contains(audiences, a) {
- return true
- }
- }
- return false
-}
-
-func (c *Claims) GenerateTokenResponse(signer *Signer) (TokenResponse, error) {
- token, err := signer.Sign(c)
- if err != nil {
- return TokenResponse{}, err
- }
- return c.BuildTokenResponse(token), nil
-}
-
-func (c *Claims) BuildTokenResponse(token string) TokenResponse {
- return TokenResponse{Token: token, Expiry: c.Expiry.Time().UTC().Format(time.RFC3339)}
-}
-
-type TokenResponse struct {
- Token string `json:"access_token"`
- Expiry string `json:"expires_at"`
-}
-
-func NewSigner(algo jose.SignatureAlgorithm, key any) (*Signer, error) {
- opts := (&jose.SignerOptions{}).WithType("JWT")
- signer, err := jose.NewSigner(jose.SigningKey{Algorithm: algo, Key: key}, opts)
- if err != nil {
- return nil, err
- }
- return &Signer{
- signer: signer,
- algo: []jose.SignatureAlgorithm{algo},
- key: key,
- }, nil
-}
-
-type Signer struct {
- algo []jose.SignatureAlgorithm
- signer jose.Signer
- key any
-}
-
-func (s *Signer) Sign(claims *Claims) (string, error) {
- if claims.ID == "" {
- claims.ID = xid.New().String()
- }
- if claims.IssuedAt == nil {
- claims.IssuedAt = jwt.NewNumericDate(time.Now())
- }
- if claims.NotBefore == nil {
- claims.NotBefore = jwt.NewNumericDate(time.Now().Add(-10 * time.Second))
- }
- if claims.Expiry == nil {
- return "", errors.New("expiration must be set")
- }
- if len(claims.Audience) == 0 {
- return "", errors.New("audience must be set")
- }
-
- return jwt.Signed(s.signer).Claims(claims).Serialize()
-}
-
-func (s *Signer) Signer() jose.Signer {
- return s.signer
-}
-
-func (s *Signer) SetSigner(signer jose.Signer) {
- s.signer = signer
-}
-
-func (s *Signer) SignWithParams(claims *Claims, audience, ip string, duration time.Duration) (string, error) {
- claims.Expiry = jwt.NewNumericDate(time.Now().Add(duration))
- claims.Audience = []string{audience, ip}
- return s.Sign(claims)
-}
-
-func NewContext(ctx context.Context, claims *Claims, err error) context.Context {
- ctx = context.WithValue(ctx, TokenCtxKey, claims)
- ctx = context.WithValue(ctx, ErrorCtxKey, err)
- return ctx
-}
-
-func FromContext(ctx context.Context) (*Claims, error) {
- val := ctx.Value(TokenCtxKey)
- token, ok := val.(*Claims)
- if !ok && val != nil {
- return nil, fmt.Errorf("invalid type for TokenCtxKey: %T", val)
- }
-
- valErr := ctx.Value(ErrorCtxKey)
- err, ok := valErr.(error)
- if !ok && valErr != nil {
- return nil, fmt.Errorf("invalid type for ErrorCtxKey: %T", valErr)
- }
- if token == nil {
- return nil, errors.New("no token found")
- }
-
- return token, err
-}
-
-func Verify(s *Signer, findTokenFns ...func(r *http.Request) string) func(http.Handler) http.Handler {
- return func(next http.Handler) http.Handler {
- hfn := func(w http.ResponseWriter, r *http.Request) {
- ctx := r.Context()
- token, err := VerifyRequest(s, r, findTokenFns...)
- ctx = NewContext(ctx, token, err)
- next.ServeHTTP(w, r.WithContext(ctx))
- }
- return http.HandlerFunc(hfn)
- }
-}
-
-func VerifyRequest(s *Signer, r *http.Request, findTokenFns ...func(r *http.Request) string) (*Claims, error) {
- var tokenString string
- for _, fn := range findTokenFns {
- tokenString = fn(r)
- if tokenString != "" {
- break
- }
- }
- if tokenString == "" {
- return nil, errors.New("no token found")
- }
- return VerifyToken(s, tokenString)
-}
-
-func VerifyToken(s *Signer, payload string) (*Claims, error) {
- return VerifyTokenWithKey(payload, s.algo, s.key)
-}
-
-func VerifyTokenWithKey(payload string, algo []jose.SignatureAlgorithm, key any) (*Claims, error) {
- token, err := jwt.ParseSigned(payload, algo)
- if err != nil {
- return nil, err
- }
- var claims Claims
- err = token.Claims(key, &claims)
- if err != nil {
- return nil, err
- }
- if err := claims.ValidateWithLeeway(jwt.Expected{Time: time.Now()}, 30*time.Second); err != nil {
- return nil, err
- }
- return &claims, nil
-}
-
-// TokenFromCookie tries to retrieve the token string from a cookie named
-// "jwt".
-func TokenFromCookie(r *http.Request) string {
- cookie, err := r.Cookie(CookieKey)
- if err != nil {
- return ""
- }
- return cookie.Value
-}
-
-// TokenFromHeader tries to retrieve the token string from the
-// "Authorization" request header: "Authorization: BEARER T".
-func TokenFromHeader(r *http.Request) string {
- // Get token from authorization header.
- bearer := r.Header.Get("Authorization")
- const prefix = "Bearer "
- if len(bearer) >= len(prefix) && strings.EqualFold(bearer[:len(prefix)], prefix) {
- return bearer[len(prefix):]
- }
- return ""
-}
diff --git a/internal/jwt/jwt_test.go b/internal/jwt/jwt_test.go
deleted file mode 100644
index cc7fcddb..00000000
--- a/internal/jwt/jwt_test.go
+++ /dev/null
@@ -1,255 +0,0 @@
-package jwt
-
-import (
- "context"
- "errors"
- "fmt"
- "io/fs"
- "net/http"
- "net/http/httptest"
- "testing"
- "time"
-
- "github.com/go-jose/go-jose/v4"
- "github.com/go-jose/go-jose/v4/jwt"
- "github.com/stretchr/testify/assert"
- "github.com/stretchr/testify/require"
-
- "github.com/drakkan/sftpgo/v2/internal/util"
-)
-
-type failingJoseSigner struct{}
-
-func (s *failingJoseSigner) Sign(payload []byte) (*jose.JSONWebSignature, error) {
- return nil, errors.New("sign test error")
-}
-
-func (s *failingJoseSigner) Options() jose.SignerOptions {
- return jose.SignerOptions{}
-}
-
-func TestJWTToken(t *testing.T) {
- s, err := NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
- username := util.GenerateUniqueID()
- claims := Claims{
- Username: username,
- Claims: jwt.Claims{
- Audience: jwt.Audience{"test"},
- Expiry: jwt.NewNumericDate(time.Now().Add(5 * time.Minute)),
- NotBefore: jwt.NewNumericDate(time.Now()),
- IssuedAt: jwt.NewNumericDate(time.Now()),
- },
- }
- token, err := s.Sign(&claims)
- require.NoError(t, err)
- require.NotEmpty(t, token)
-
- parsed, err := VerifyToken(s, token)
- require.NoError(t, err)
- require.Equal(t, username, parsed.Username)
-
- ja1, err := NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
-
- token, err = ja1.Sign(&claims)
- require.NoError(t, err)
- require.NotEmpty(t, token)
- _, err = VerifyToken(s, token)
- require.Error(t, err)
- _, err = VerifyToken(ja1, token)
- require.NoError(t, err)
-}
-
-func TestClaims(t *testing.T) {
- claims := NewClaims(util.GenerateUniqueID(), "", 10*time.Minute)
- s, err := NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
- token, err := s.Sign(claims)
- require.NoError(t, err)
- assert.NotEmpty(t, token)
- assert.NotNil(t, claims.Expiry)
- assert.NotNil(t, claims.IssuedAt)
- assert.NotNil(t, claims.NotBefore)
-
- claims = &Claims{
- Permissions: []string{"myperm"},
- }
- claims.SetExpiry(time.Now().Add(1 * time.Minute))
- claims.Audience = []string{"testaudience"}
- _, err = s.Sign(claims)
- assert.NoError(t, err)
- assert.NotNil(t, claims.IssuedAt)
- assert.NotNil(t, claims.NotBefore)
- assert.True(t, claims.HasAnyAudience([]string{util.GenerateUniqueID(), util.GenerateUniqueID(), "testaudience"}))
- assert.False(t, claims.HasAnyAudience([]string{util.GenerateUniqueID()}))
- assert.True(t, claims.HasPerm("myperm"))
- assert.False(t, claims.HasPerm(util.GenerateUniqueID()))
- resp, err := claims.GenerateTokenResponse(s)
- require.NoError(t, err)
- assert.NotEmpty(t, resp.Token)
- assert.Equal(t, claims.Expiry.Time().UTC().Format(time.RFC3339), resp.Expiry)
- claims.SetIssuedAt(time.Now())
- claims.SetNotBefore(time.Now().Add(10 * time.Minute))
- token, err = s.SignWithParams(claims, util.GenerateUniqueID(), "127.0.0.1", time.Minute)
- assert.NoError(t, err)
- _, err = VerifyToken(s, token)
- assert.ErrorContains(t, err, "nbf")
- claims = &Claims{}
- _, err = s.Sign(claims)
- assert.ErrorContains(t, err, "expiration must be set")
- claims.SetExpiry(time.Now())
- _, err = s.Sign(claims)
- assert.ErrorContains(t, err, "audience must be set")
- claims = &Claims{}
- _, err = s.SignWithParams(claims, util.GenerateUniqueID(), "", time.Minute)
- assert.NoError(t, err)
-}
-
-func TestClaimsPermissions(t *testing.T) {
- c := Claims{
- Permissions: []string{"*"},
- }
- assert.True(t, c.HasPerm(util.GenerateUniqueID()))
- c.Permissions = []string{"list"}
- assert.False(t, c.HasPerm(util.GenerateUniqueID()))
- assert.True(t, c.HasPerm("list"))
-}
-
-func TestErrors(t *testing.T) {
- s, err := NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
- _, err = VerifyToken(s, util.GenerateUniqueID())
- assert.Error(t, err)
- claims := &Claims{}
- claims.SetExpiry(time.Now().Add(-1 * time.Minute))
- token, err := jwt.Signed(s.Signer()).Claims(claims).Serialize()
- assert.NoError(t, err)
- _, err = VerifyToken(s, token)
- assert.ErrorContains(t, err, "exp")
- claims.SetExpiry(time.Now().Add(2 * time.Minute))
- claims.SetIssuedAt(time.Now().Add(1 * time.Minute))
- token, err = jwt.Signed(s.Signer()).Claims(claims).Serialize()
- assert.NoError(t, err)
- _, err = VerifyToken(s, token)
- assert.ErrorContains(t, err, "iat")
- claims.SetIssuedAt(time.Now())
- claims.SetNotBefore(time.Now().Add(1 * time.Minute))
- token, err = jwt.Signed(s.Signer()).Claims(claims).Serialize()
- assert.NoError(t, err)
- _, err = VerifyToken(s, token)
- assert.ErrorContains(t, err, "nbf")
-
- s.SetSigner(&failingJoseSigner{})
- claims = NewClaims(util.GenerateUniqueID(), "", time.Minute)
- _, err = s.Sign(claims)
- assert.Error(t, err)
- _, err = claims.GenerateTokenResponse(s)
- assert.Error(t, err)
- // Wrong algorithm
- _, err = NewSigner("PS256", util.GenerateRandomBytes(32))
- assert.Error(t, err)
-}
-
-func TestTokenFromRequest(t *testing.T) {
- claims := NewClaims(util.GenerateUniqueID(), "", 10*time.Minute)
- s, err := NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
- token, err := s.Sign(claims)
- require.NoError(t, err)
- assert.NotEmpty(t, token)
- req, err := http.NewRequest(http.MethodGet, "/", nil)
- require.NoError(t, err)
- req.Header.Set("Cookie", fmt.Sprintf("jwt=%s", token))
- cookie := TokenFromCookie(req)
- assert.Equal(t, token, cookie)
- req, err = http.NewRequest(http.MethodGet, "/", nil)
- require.NoError(t, err)
- req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
- _, err = VerifyRequest(s, req, TokenFromHeader)
- assert.NoError(t, err)
- req.Header.Set("Authorization", token)
- assert.Empty(t, TokenFromHeader(req))
- assert.Empty(t, TokenFromCookie(req))
- _, err = VerifyRequest(s, req, TokenFromCookie)
- assert.ErrorContains(t, err, "no token found")
-}
-
-func TestContext(t *testing.T) {
- claims := &Claims{
- Username: util.GenerateUniqueID(),
- }
- s, err := NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
- token, err := s.SignWithParams(claims, util.GenerateUniqueID(), "", time.Minute)
- require.NoError(t, err)
-
- req, err := http.NewRequest(http.MethodGet, "/", nil)
- require.NoError(t, err)
- req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
-
- h := Verify(s, TokenFromHeader)
- wrapped := h(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- token, err := FromContext(r.Context())
- assert.Nil(t, err)
- assert.Equal(t, claims.Username, token.Username)
- w.WriteHeader(http.StatusOK)
- }))
- rr := httptest.NewRecorder()
- wrapped.ServeHTTP(rr, req)
- assert.Equal(t, http.StatusOK, rr.Code)
-
- _, err = FromContext(context.Background())
- assert.ErrorContains(t, err, "no token found")
-
- ctx := NewContext(context.Background(), &Claims{}, fs.ErrClosed)
- _, err = FromContext(ctx)
- assert.Equal(t, fs.ErrClosed, err)
-
- ctx = context.WithValue(context.Background(), TokenCtxKey, "1")
- _, err = FromContext(ctx)
- assert.ErrorContains(t, err, "invalid type for TokenCtxKey")
-
- ctx = context.WithValue(context.Background(), ErrorCtxKey, 2)
- _, err = FromContext(ctx)
- assert.ErrorContains(t, err, "invalid type for ErrorCtxKey")
- claims = NewClaims(util.GenerateUniqueID(), "127.1.1.1", time.Minute)
- _, err = s.Sign(claims)
- require.NoError(t, err)
- ctx = context.WithValue(context.Background(), TokenCtxKey, claims)
- claimsFromContext, err := FromContext(ctx)
- assert.NoError(t, err)
- assert.Equal(t, claims, claimsFromContext)
-
- assert.Equal(t, "jwt context value Token", TokenCtxKey.String())
-}
-
-func TestValidationLeeway(t *testing.T) {
- s, err := NewSigner(jose.HS256, util.GenerateRandomBytes(32))
- require.NoError(t, err)
- claims := &Claims{}
- claims.Audience = []string{util.GenerateUniqueID()}
- claims.SetIssuedAt(time.Now().Add(10 * time.Second)) // issued at in the future
- claims.SetExpiry(time.Now().Add(10 * time.Second))
- token, err := s.Sign(claims)
- require.NoError(t, err)
- _, err = VerifyToken(s, token)
- assert.NoError(t, err)
-
- claims = &Claims{}
- claims.Audience = []string{util.GenerateUniqueID()}
- claims.SetExpiry(time.Now().Add(-10 * time.Second)) // expired
- token, err = s.Sign(claims)
- require.NoError(t, err)
- _, err = VerifyToken(s, token)
- assert.NoError(t, err)
-
- claims = &Claims{}
- claims.Audience = []string{util.GenerateUniqueID()}
- claims.SetExpiry(time.Now().Add(30 * time.Second))
- claims.SetNotBefore(time.Now().Add(10 * time.Second)) // not before in the future
- token, err = s.Sign(claims)
- require.NoError(t, err)
- _, err = VerifyToken(s, token)
- assert.NoError(t, err)
-}
diff --git a/internal/kms/kms.go b/internal/kms/kms.go
index 914af4ea..cf6cf5ed 100644
--- a/internal/kms/kms.go
+++ b/internal/kms/kms.go
@@ -74,7 +74,7 @@ var (
ErrInvalidSecret = errors.New("invalid secret")
validSecretStatuses = []string{sdkkms.SecretStatusPlain, sdkkms.SecretStatusAES256GCM, sdkkms.SecretStatusSecretBox,
sdkkms.SecretStatusVaultTransit, sdkkms.SecretStatusAWS, sdkkms.SecretStatusGCP, sdkkms.SecretStatusAzureKeyVault,
- sdkkms.SecretStatusOracleKeyVault, sdkkms.SecretStatusRedacted}
+ "OracleKeyVault", sdkkms.SecretStatusRedacted}
config Configuration
secretProviders = make(map[string]registeredSecretProvider)
)
diff --git a/internal/logger/journald.go b/internal/logger/journald.go
new file mode 100644
index 00000000..fb63d0c2
--- /dev/null
+++ b/internal/logger/journald.go
@@ -0,0 +1,29 @@
+// Copyright (C) 2019 Nicola Murino
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published
+// by the Free Software Foundation, version 3.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+//go:build linux
+// +build linux
+
+package logger
+
+import (
+ "github.com/rs/zerolog"
+ "github.com/rs/zerolog/journald"
+)
+
+// InitJournalDLogger configures the logger to write to journald
+func InitJournalDLogger(level zerolog.Level) {
+ logger = zerolog.New(journald.NewJournalDWriter()).Level(level)
+ consoleLogger = zerolog.Nop()
+}
diff --git a/internal/logger/journald_nolinux.go b/internal/logger/journald_nolinux.go
new file mode 100644
index 00000000..242b11d0
--- /dev/null
+++ b/internal/logger/journald_nolinux.go
@@ -0,0 +1,25 @@
+// Copyright (C) 2019 Nicola Murino
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published
+// by the Free Software Foundation, version 3.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+//go:build !linux
+// +build !linux
+
+package logger
+
+import "github.com/rs/zerolog"
+
+// InitJournalDLogger configures the logger to write to journald
+func InitJournalDLogger(level zerolog.Level) {
+ InitStdErrLogger(level)
+}
diff --git a/internal/logger/logger.go b/internal/logger/logger.go
index 59ff863f..853c7f09 100644
--- a/internal/logger/logger.go
+++ b/internal/logger/logger.go
@@ -29,7 +29,9 @@ import (
"os"
"path/filepath"
"time"
+ "unsafe"
+ ftpserverlog "github.com/fclairamb/go-log"
"github.com/rs/zerolog"
lumberjack "gopkg.in/natefinch/lumberjack.v2"
)
@@ -266,26 +268,6 @@ func ConnectionFailedLog(user, ip, loginType, protocol, errorString string) {
Send()
}
-// LoginLog logs successful logins.
-func LoginLog(user, ip, loginMethod, protocol, connectionID, clientVersion string, encrypted bool, info string) {
- ev := logger.Info()
- ev.Timestamp().
- Str("sender", "login").
- Str("ip", ip).
- Str("username", user).
- Str("method", loginMethod).
- Str("protocol", protocol)
- if connectionID != "" {
- ev.Str("connection_id", connectionID)
- }
- ev.Str("client", clientVersion).
- Bool("encrypted", encrypted)
- if info != "" {
- ev.Str("info", info)
- }
- ev.Send()
-}
-
func isLogFilePathValid(logFilePath string) bool {
cleanInput := filepath.Clean(logFilePath)
if cleanInput == "." || cleanInput == ".." {
@@ -308,7 +290,7 @@ func (l *StdLoggerWrapper) Write(p []byte) (n int, err error) {
p = p[0 : n-1]
}
- Log(LevelError, l.Sender, "", "%s", p)
+ Log(LevelError, l.Sender, "", "%s", bytesToString(p))
return
}
@@ -380,3 +362,20 @@ func (l *LeveledLogger) Warn(msg string, keysAndValues ...any) {
func (l *LeveledLogger) Panic(msg string, keysAndValues ...any) {
l.Error(msg, keysAndValues...)
}
+
+// With returns a LeveledLogger with additional context specific keyvals
+func (l *LeveledLogger) With(keysAndValues ...any) ftpserverlog.Logger {
+ return &LeveledLogger{
+ Sender: l.Sender,
+ additionalKeyVals: append(l.additionalKeyVals, keysAndValues...),
+ }
+}
+
+func bytesToString(b []byte) string {
+ // unsafe.SliceData relies on cap whereas we want to rely on len
+ if len(b) == 0 {
+ return ""
+ }
+ // https://github.com/golang/go/blob/4ed358b57efdad9ed710be7f4fc51495a7620ce2/src/strings/builder.go#L41
+ return unsafe.String(unsafe.SliceData(b), len(b))
+}
diff --git a/internal/logger/request_logger.go b/internal/logger/request_logger.go
index 325f44b9..fa269d7e 100644
--- a/internal/logger/request_logger.go
+++ b/internal/logger/request_logger.go
@@ -15,7 +15,6 @@
package logger
import (
- "crypto/tls"
"fmt"
"net"
"net/http"
@@ -51,21 +50,17 @@ func NewStructuredLogger(logger *zerolog.Logger) func(next http.Handler) http.Ha
// NewLogEntry creates a new log entry for an HTTP request
func (l *StructuredLogger) NewLogEntry(r *http.Request) middleware.LogEntry {
scheme := "http"
- cipherSuite := ""
if r.TLS != nil {
scheme = "https"
- cipherSuite = tls.CipherSuiteName(r.TLS.CipherSuite)
}
fields := map[string]any{
- "local_addr": getLocalAddress(r),
- "remote_addr": r.RemoteAddr,
- "proto": r.Proto,
- "method": r.Method,
- "user_agent": r.UserAgent(),
- "uri": fmt.Sprintf("%s://%s%s", scheme, r.Host, r.RequestURI),
- "cipher_suite": cipherSuite,
- }
+ "local_addr": getLocalAddress(r),
+ "remote_addr": r.RemoteAddr,
+ "proto": r.Proto,
+ "method": r.Method,
+ "user_agent": r.UserAgent(),
+ "uri": fmt.Sprintf("%s://%s%s", scheme, r.Host, r.RequestURI)}
reqID := middleware.GetReqID(r.Context())
if reqID != "" {
diff --git a/internal/logger/slog.go b/internal/logger/slog.go
deleted file mode 100644
index e9a544d0..00000000
--- a/internal/logger/slog.go
+++ /dev/null
@@ -1,97 +0,0 @@
-// Copyright (C) 2025 Nicola Murino
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published
-// by the Free Software Foundation, version 3.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program. If not, see .
-
-package logger
-
-import (
- "context"
- "log/slog"
- "slices"
-
- "github.com/rs/zerolog"
-)
-
-// slogAdapter is an adapter for slog.Handler
-type slogAdapter struct {
- sender string
- attrs []slog.Attr
-}
-
-// NewSlogAdapter creates a slog.Handler adapter
-func NewSlogAdapter(sender string, attrs []slog.Attr) *slogAdapter {
- return &slogAdapter{
- sender: sender,
- attrs: attrs,
- }
-}
-
-func (l *slogAdapter) Enabled(ctx context.Context, level slog.Level) bool {
- // Log level is handled by our implementation
- return true
-}
-
-func (l *slogAdapter) Handle(ctx context.Context, r slog.Record) error {
- var ev *zerolog.Event
- switch r.Level {
- case slog.LevelDebug:
- ev = logger.Debug()
- case slog.LevelInfo:
- ev = logger.Info()
- case slog.LevelWarn:
- ev = logger.Warn()
- case slog.LevelError:
- ev = logger.Error()
- default:
- ev = logger.Debug()
- }
-
- ev.Timestamp()
- if l.sender != "" {
- ev.Str("sender", l.sender)
- }
-
- addSlogAttr := func(a slog.Attr) {
- if a.Key == "time" {
- return
- }
- ev.Any(a.Key, a.Value.Any())
- }
-
- for _, a := range l.attrs {
- addSlogAttr(a)
- }
-
- r.Attrs(func(a slog.Attr) bool {
- addSlogAttr(a)
- return true
- })
-
- ev.Msg(r.Message)
-
- return nil
-}
-
-func (l *slogAdapter) WithAttrs(attrs []slog.Attr) slog.Handler {
- newHandler := *l
- newHandler.attrs = slices.Concat(l.attrs, attrs)
- return &newHandler
-}
-
-func (l *slogAdapter) WithGroup(name string) slog.Handler {
- newHandler := *l
- if name != "" {
- newHandler.sender = name
- }
- return &newHandler
-}
diff --git a/internal/metric/metric.go b/internal/metric/metric.go
index 4e3e95d8..f192225d 100644
--- a/internal/metric/metric.go
+++ b/internal/metric/metric.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build !nometrics
+// +build !nometrics
// Package metric provides Prometheus metrics support
package metric
diff --git a/internal/metric/metric_disabled.go b/internal/metric/metric_disabled.go
index 78bacfdd..63369703 100644
--- a/internal/metric/metric_disabled.go
+++ b/internal/metric/metric_disabled.go
@@ -1,18 +1,5 @@
-// Copyright (C) 2019 Nicola Murino
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published
-// by the Free Software Foundation, version 3.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program. If not, see .
-
//go:build nometrics
+// +build nometrics
package metric
diff --git a/internal/plugin/kms.go b/internal/plugin/kms.go
index b4ed5be1..2da9acf9 100644
--- a/internal/plugin/kms.go
+++ b/internal/plugin/kms.go
@@ -17,7 +17,6 @@ package plugin
import (
"fmt"
"path/filepath"
- "slices"
"github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-plugin"
@@ -26,13 +25,14 @@ import (
"github.com/drakkan/sftpgo/v2/internal/kms"
"github.com/drakkan/sftpgo/v2/internal/logger"
+ "github.com/drakkan/sftpgo/v2/internal/util"
)
var (
validKMSSchemes = []string{sdkkms.SchemeAWS, sdkkms.SchemeGCP, sdkkms.SchemeVaultTransit,
- sdkkms.SchemeAzureKeyVault, sdkkms.SchemeOracleKeyVault}
+ sdkkms.SchemeAzureKeyVault, "ocikeyvault"}
validKMSEncryptedStatuses = []string{sdkkms.SecretStatusVaultTransit, sdkkms.SecretStatusAWS, sdkkms.SecretStatusGCP,
- sdkkms.SecretStatusAzureKeyVault, sdkkms.SecretStatusOracleKeyVault}
+ sdkkms.SecretStatusAzureKeyVault, "OracleKeyVault"}
)
// KMSConfig defines configuration parameters for kms plugins
@@ -42,10 +42,10 @@ type KMSConfig struct {
}
func (c *KMSConfig) validate() error {
- if !slices.Contains(validKMSSchemes, c.Scheme) {
+ if !util.Contains(validKMSSchemes, c.Scheme) {
return fmt.Errorf("invalid kms scheme: %v", c.Scheme)
}
- if !slices.Contains(validKMSEncryptedStatuses, c.EncryptedStatus) {
+ if !util.Contains(validKMSEncryptedStatuses, c.EncryptedStatus) {
return fmt.Errorf("invalid kms encrypted status: %v", c.EncryptedStatus)
}
return nil
diff --git a/internal/plugin/notifier.go b/internal/plugin/notifier.go
index 2a37c462..0e9ac9ec 100644
--- a/internal/plugin/notifier.go
+++ b/internal/plugin/notifier.go
@@ -16,7 +16,6 @@ package plugin
import (
"fmt"
- "slices"
"sync"
"time"
@@ -25,6 +24,7 @@ import (
"github.com/sftpgo/sdk/plugin/notifier"
"github.com/drakkan/sftpgo/v2/internal/logger"
+ "github.com/drakkan/sftpgo/v2/internal/util"
)
// NotifierConfig defines configuration parameters for notifiers plugins
@@ -50,19 +50,97 @@ func (c *NotifierConfig) hasActions() bool {
return false
}
-type notifierPlugin struct {
- config Config
- notifier notifier.Notifier
- client *plugin.Client
- mu sync.RWMutex
+type eventsQueue struct {
+ sync.RWMutex
fsEvents []*notifier.FsEvent
providerEvents []*notifier.ProviderEvent
logEvents []*notifier.LogEvent
}
+func (q *eventsQueue) addFsEvent(event *notifier.FsEvent) {
+ q.Lock()
+ defer q.Unlock()
+
+ q.fsEvents = append(q.fsEvents, event)
+}
+
+func (q *eventsQueue) addProviderEvent(event *notifier.ProviderEvent) {
+ q.Lock()
+ defer q.Unlock()
+
+ q.providerEvents = append(q.providerEvents, event)
+}
+
+func (q *eventsQueue) addLogEvent(event *notifier.LogEvent) {
+ q.Lock()
+ defer q.Unlock()
+
+ q.logEvents = append(q.logEvents, event)
+}
+
+func (q *eventsQueue) popFsEvent() *notifier.FsEvent {
+ q.Lock()
+ defer q.Unlock()
+
+ if len(q.fsEvents) == 0 {
+ return nil
+ }
+ truncLen := len(q.fsEvents) - 1
+ ev := q.fsEvents[truncLen]
+ q.fsEvents[truncLen] = nil
+ q.fsEvents = q.fsEvents[:truncLen]
+
+ return ev
+}
+
+func (q *eventsQueue) popProviderEvent() *notifier.ProviderEvent {
+ q.Lock()
+ defer q.Unlock()
+
+ if len(q.providerEvents) == 0 {
+ return nil
+ }
+ truncLen := len(q.providerEvents) - 1
+ ev := q.providerEvents[truncLen]
+ q.providerEvents[truncLen] = nil
+ q.providerEvents = q.providerEvents[:truncLen]
+
+ return ev
+}
+
+func (q *eventsQueue) popLogEvent() *notifier.LogEvent {
+ q.Lock()
+ defer q.Unlock()
+
+ if len(q.logEvents) == 0 {
+ return nil
+ }
+ truncLen := len(q.logEvents) - 1
+ ev := q.logEvents[truncLen]
+ q.logEvents[truncLen] = nil
+ q.logEvents = q.logEvents[:truncLen]
+
+ return ev
+}
+
+func (q *eventsQueue) getSize() int {
+ q.RLock()
+ defer q.RUnlock()
+
+ return len(q.providerEvents) + len(q.fsEvents) + len(q.logEvents)
+}
+
+type notifierPlugin struct {
+ config Config
+ notifier notifier.Notifier
+ client *plugin.Client
+ queue *eventsQueue
+}
+
func newNotifierPlugin(config Config) (*notifierPlugin, error) {
p := ¬ifierPlugin{
config: config,
+ queue: &eventsQueue{},
}
if err := p.initialize(); err != nil {
logger.Warn(logSender, "", "unable to create notifier plugin: %v, config %+v", err, config)
@@ -102,7 +180,7 @@ func (p *notifierPlugin) initialize() error {
Managed: false,
Logger: &logger.HCLogAdapter{
Logger: hclog.New(&hclog.LoggerOptions{
- Name: fmt.Sprintf("%s.%s", logSender, notifier.PluginName),
+ Name: fmt.Sprintf("%v.%v", logSender, notifier.PluginName),
Level: pluginsLogLevel,
DisableTime: true,
}),
@@ -126,34 +204,6 @@ func (p *notifierPlugin) initialize() error {
return nil
}
-func (p *notifierPlugin) queueSize() int {
- p.mu.RLock()
- defer p.mu.RUnlock()
-
- return len(p.providerEvents) + len(p.fsEvents) + len(p.logEvents)
-}
-
-func (p *notifierPlugin) queueFsEvent(ev *notifier.FsEvent) {
- p.mu.Lock()
- defer p.mu.Unlock()
-
- p.fsEvents = append(p.fsEvents, ev)
-}
-
-func (p *notifierPlugin) queueProviderEvent(ev *notifier.ProviderEvent) {
- p.mu.Lock()
- defer p.mu.Unlock()
-
- p.providerEvents = append(p.providerEvents, ev)
-}
-
-func (p *notifierPlugin) queueLogEvent(ev *notifier.LogEvent) {
- p.mu.Lock()
- defer p.mu.Unlock()
-
- p.logEvents = append(p.logEvents, ev)
-}
-
func (p *notifierPlugin) canQueueEvent(timestamp int64) bool {
if p.config.NotifierOptions.RetryMaxTime == 0 {
return false
@@ -164,105 +214,107 @@ func (p *notifierPlugin) canQueueEvent(timestamp int64) bool {
return false
}
if p.config.NotifierOptions.RetryQueueMaxSize > 0 {
- return p.queueSize() < p.config.NotifierOptions.RetryQueueMaxSize
+ return p.queue.getSize() < p.config.NotifierOptions.RetryQueueMaxSize
}
return true
}
func (p *notifierPlugin) notifyFsAction(event *notifier.FsEvent) {
- if !slices.Contains(p.config.NotifierOptions.FsEvents, event.Action) {
+ if !util.Contains(p.config.NotifierOptions.FsEvents, event.Action) {
return
}
- p.sendFsEvent(event)
+
+ go func() {
+ Handler.addTask()
+ defer Handler.removeTask()
+
+ p.sendFsEvent(event)
+ }()
}
func (p *notifierPlugin) notifyProviderAction(event *notifier.ProviderEvent, object Renderer) {
- if !slices.Contains(p.config.NotifierOptions.ProviderEvents, event.Action) ||
- !slices.Contains(p.config.NotifierOptions.ProviderObjects, event.ObjectType) {
+ if !util.Contains(p.config.NotifierOptions.ProviderEvents, event.Action) ||
+ !util.Contains(p.config.NotifierOptions.ProviderObjects, event.ObjectType) {
return
}
- p.sendProviderEvent(event, object)
+
+ go func() {
+ Handler.addTask()
+ defer Handler.removeTask()
+
+ objectAsJSON, err := object.RenderAsJSON(event.Action != "delete")
+ if err != nil {
+ logger.Warn(logSender, "", "unable to render user as json for action %v: %v", event.Action, err)
+ return
+ }
+ event.ObjectData = objectAsJSON
+ p.sendProviderEvent(event)
+ }()
}
func (p *notifierPlugin) notifyLogEvent(event *notifier.LogEvent) {
- p.sendLogEvent(event)
-}
-
-func (p *notifierPlugin) sendFsEvent(ev *notifier.FsEvent) {
- go func(event *notifier.FsEvent) {
+ go func() {
Handler.addTask()
defer Handler.removeTask()
- if err := p.notifier.NotifyFsEvent(event); err != nil {
- logger.Warn(logSender, "", "unable to send fs action notification to plugin %v: %v", p.config.Cmd, err)
- if p.canQueueEvent(event.Timestamp) {
- p.queueFsEvent(event)
- }
- }
- }(ev)
+ p.sendLogEvent(event)
+ }()
}
-func (p *notifierPlugin) sendProviderEvent(ev *notifier.ProviderEvent, object Renderer) {
- go func(event *notifier.ProviderEvent) {
- Handler.addTask()
- defer Handler.removeTask()
-
- if object != nil {
- objectAsJSON, err := object.RenderAsJSON(event.Action != "delete")
- if err != nil {
- logger.Error(logSender, "", "unable to render user as json for action %q: %v", event.Action, err)
- } else {
- event.ObjectData = objectAsJSON
- }
+func (p *notifierPlugin) sendFsEvent(event *notifier.FsEvent) {
+ if err := p.notifier.NotifyFsEvent(event); err != nil {
+ logger.Warn(logSender, "", "unable to send fs action notification to plugin %v: %v", p.config.Cmd, err)
+ if p.canQueueEvent(event.Timestamp) {
+ p.queue.addFsEvent(event)
}
-
- if err := p.notifier.NotifyProviderEvent(event); err != nil {
- logger.Warn(logSender, "", "unable to send user action notification to plugin %v: %v", p.config.Cmd, err)
- if p.canQueueEvent(event.Timestamp) {
- p.queueProviderEvent(event)
- }
- }
- }(ev)
+ }
}
-func (p *notifierPlugin) sendLogEvent(ev *notifier.LogEvent) {
- go func(event *notifier.LogEvent) {
- Handler.addTask()
- defer Handler.removeTask()
-
- if err := p.notifier.NotifyLogEvent(event); err != nil {
- logger.Warn(logSender, "", "unable to send log event to plugin %v: %v", p.config.Cmd, err)
- if p.canQueueEvent(event.Timestamp) {
- p.queueLogEvent(event)
- }
+func (p *notifierPlugin) sendProviderEvent(event *notifier.ProviderEvent) {
+ if err := p.notifier.NotifyProviderEvent(event); err != nil {
+ logger.Warn(logSender, "", "unable to send user action notification to plugin %v: %v", p.config.Cmd, err)
+ if p.canQueueEvent(event.Timestamp) {
+ p.queue.addProviderEvent(event)
}
- }(ev)
+ }
+}
+
+func (p *notifierPlugin) sendLogEvent(event *notifier.LogEvent) {
+ if err := p.notifier.NotifyLogEvent(event); err != nil {
+ logger.Warn(logSender, "", "unable to send log event to plugin %v: %v", p.config.Cmd, err)
+ if p.canQueueEvent(event.Timestamp) {
+ p.queue.addLogEvent(event)
+ }
+ }
}
func (p *notifierPlugin) sendQueuedEvents() {
- queueSize := p.queueSize()
+ queueSize := p.queue.getSize()
if queueSize == 0 {
return
}
- p.mu.Lock()
- defer p.mu.Unlock()
-
- logger.Debug(logSender, "", "send queued events for notifier %q, events size: %v", p.config.Cmd, queueSize)
-
- for _, ev := range p.fsEvents {
- p.sendFsEvent(ev)
+ logger.Debug(logSender, "", "check queued events for notifier %q, events size: %v", p.config.Cmd, queueSize)
+ fsEv := p.queue.popFsEvent()
+ for fsEv != nil {
+ go func(ev *notifier.FsEvent) {
+ p.sendFsEvent(ev)
+ }(fsEv)
+ fsEv = p.queue.popFsEvent()
}
- p.fsEvents = nil
- for _, ev := range p.providerEvents {
- p.sendProviderEvent(ev, nil)
+ providerEv := p.queue.popProviderEvent()
+ for providerEv != nil {
+ go func(ev *notifier.ProviderEvent) {
+ p.sendProviderEvent(ev)
+ }(providerEv)
+ providerEv = p.queue.popProviderEvent()
}
- p.providerEvents = nil
-
- for _, ev := range p.logEvents {
- p.sendLogEvent(ev)
+ logEv := p.queue.popLogEvent()
+ for logEv != nil {
+ go func(ev *notifier.LogEvent) {
+ p.sendLogEvent(ev)
+ }(logEv)
+ logEv = p.queue.popLogEvent()
}
- p.logEvents = nil
-
- logger.Debug(logSender, "", "%d queued events sent for notifier %q,", queueSize, p.config.Cmd)
+ logger.Debug(logSender, "", "queued events sent for notifier %q, new events size: %v", p.config.Cmd, p.queue.getSize())
}
diff --git a/internal/plugin/plugin.go b/internal/plugin/plugin.go
index 94479c81..d36f0926 100644
--- a/internal/plugin/plugin.go
+++ b/internal/plugin/plugin.go
@@ -24,7 +24,6 @@ import (
"os"
"os/exec"
"path/filepath"
- "slices"
"strings"
"sync"
"sync/atomic"
@@ -337,7 +336,7 @@ func (m *Manager) NotifyLogEvent(event notifier.LogEventType, protocol, username
var e *notifier.LogEvent
for _, n := range m.notifiers {
- if slices.Contains(n.config.NotifierOptions.LogEvents, int(event)) {
+ if util.Contains(n.config.NotifierOptions.LogEvents, int(event)) {
if e == nil {
message := ""
if err != nil {
@@ -642,9 +641,7 @@ func (m *Manager) restartNotifierPlugin(config Config, idx int) {
}
m.notifLock.Lock()
- plugin.fsEvents = m.notifiers[idx].fsEvents
- plugin.providerEvents = m.notifiers[idx].providerEvents
- plugin.logEvents = m.notifiers[idx].logEvents
+ plugin.queue = m.notifiers[idx].queue
m.notifiers[idx] = plugin
m.notifLock.Unlock()
plugin.sendQueuedEvents()
diff --git a/internal/service/awscontainer.go b/internal/service/awscontainer.go
new file mode 100644
index 00000000..481085e4
--- /dev/null
+++ b/internal/service/awscontainer.go
@@ -0,0 +1,182 @@
+// Copyright (C) 2019 Nicola Murino
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published
+// by the Free Software Foundation, version 3.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+//go:build awscontainer
+// +build awscontainer
+
+package service
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "time"
+
+ "github.com/aws/aws-sdk-go-v2/aws"
+ awsconfig "github.com/aws/aws-sdk-go-v2/config"
+ "github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
+ "github.com/aws/aws-sdk-go-v2/service/marketplacemetering"
+ "github.com/aws/aws-sdk-go-v2/service/secretsmanager"
+ "github.com/google/uuid"
+
+ "github.com/drakkan/sftpgo/v2/internal/config"
+ "github.com/drakkan/sftpgo/v2/internal/dataprovider"
+ "github.com/drakkan/sftpgo/v2/internal/httpd"
+ "github.com/drakkan/sftpgo/v2/internal/logger"
+ "github.com/drakkan/sftpgo/v2/internal/util"
+)
+
+const (
+ installCodeName = "SFTPGo_Installation_Code"
+)
+
+var (
+ awsProductCode = ""
+)
+
+func registerAWSContainer(disableAWSInstallationCode bool) error {
+ if awsProductCode == "" {
+ return errors.New("product code not set")
+ }
+ ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+ defer cancel()
+
+ cfg, err := getAWSConfig(ctx)
+ if err != nil {
+ return fmt.Errorf("unable to get config to register AWS container: %w", err)
+ }
+ if !disableAWSInstallationCode {
+ if err := setInstallationCode(cfg); err != nil {
+ return err
+ }
+ }
+ requestNonce, err := uuid.NewRandom()
+ if err != nil {
+ return fmt.Errorf("unable to generate nonce for metering API: %w", err)
+ }
+ svc := marketplacemetering.NewFromConfig(cfg)
+ result, err := svc.RegisterUsage(ctx, &marketplacemetering.RegisterUsageInput{
+ ProductCode: aws.String(awsProductCode),
+ PublicKeyVersion: aws.Int32(1),
+ Nonce: aws.String(requestNonce.String()),
+ })
+ if err != nil {
+ return fmt.Errorf("unable to register API operation for AWSMarketplace Metering: %w", err)
+ }
+ logger.Debug(logSender, "", "API operation for AWSMarketplace Metering registered, token %q",
+ util.GetStringFromPointer(result.Signature))
+ return nil
+}
+
+func getAWSConfig(ctx context.Context) (aws.Config, error) {
+ cfg, err := awsconfig.LoadDefaultConfig(ctx)
+ if err != nil {
+ return cfg, fmt.Errorf("unable to get config to register AWS container: %w", err)
+ }
+ if cfg.Region == "" {
+ svc := imds.NewFromConfig(cfg)
+ region, err := svc.GetRegion(ctx, &imds.GetRegionInput{})
+ if err == nil {
+ logger.Debug(logSender, "", "AWS region from imds %q", region.Region)
+ cfg.Region = region.Region
+ } else {
+ logger.Warn(logSender, "", "unable to get region from imds, continuing anyway, error: %v", err)
+ }
+ }
+ return cfg, nil
+}
+
+func setInstallationCode(cfg aws.Config) error {
+ if dataprovider.HasAdmin() {
+ return nil
+ }
+ installationCode := util.GenerateUniqueID()
+ requestToken, err := uuid.NewRandom()
+ if err != nil {
+ return fmt.Errorf("unable to generate client request token: %w", err)
+ }
+
+ ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+ defer cancel()
+
+ svc := secretsmanager.NewFromConfig(cfg)
+ _, err = svc.GetSecretValue(ctx, &secretsmanager.GetSecretValueInput{
+ SecretId: aws.String(installCodeName),
+ })
+ if err == nil {
+ // update existing secret
+ result, err := svc.UpdateSecret(ctx, &secretsmanager.UpdateSecretInput{
+ SecretId: aws.String(installCodeName),
+ ClientRequestToken: aws.String(requestToken.String()),
+ SecretString: aws.String(installationCode),
+ })
+ if err != nil {
+ return fmt.Errorf("unable to update installation code: %w", err)
+ }
+ logger.Debug(logSender, "", "installation code updated, secret name %q, arn %q, version id %q",
+ util.GetStringFromPointer(result.Name), util.GetStringFromPointer(result.ARN),
+ util.GetStringFromPointer(result.VersionId))
+ } else {
+ // create new secret
+ logger.Debug(logSender, "", "unable to get the current installation secret, trying to create a new one, error: %v", err)
+ result, err := svc.CreateSecret(ctx, &secretsmanager.CreateSecretInput{
+ Name: aws.String(installCodeName),
+ ClientRequestToken: aws.String(requestToken.String()),
+ SecretString: aws.String(installationCode),
+ })
+ if err != nil {
+ return fmt.Errorf("unable to create installation code: %w", err)
+ }
+ logger.Debug(logSender, "", "installation code set, secret name %q, arn %q, version id %q",
+ util.GetStringFromPointer(result.Name), util.GetStringFromPointer(result.ARN),
+ util.GetStringFromPointer(result.VersionId))
+ }
+ httpdConfig := config.GetHTTPDConfig()
+ httpdConfig.Setup.InstallationCode = installationCode
+ httpdConfig.Setup.InstallationCodeHint = "Installation code stored in Secrets Manager"
+ config.SetHTTPDConfig(httpdConfig)
+ httpd.SetInstallationCodeResolver(resolveInstallationCode)
+
+ return nil
+}
+
+// function called to validate the user provided secret
+func resolveInstallationCode(defaultInstallationCode string) string {
+ logger.Debug(logSender, "", "resolving installation code")
+ ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+ defer cancel()
+
+ cfg, err := getAWSConfig(ctx)
+ if err != nil {
+ logger.Error(logSender, "", "unable to get config to resolve installation code: %v", err)
+ return defaultInstallationCode
+ }
+
+ svc := secretsmanager.NewFromConfig(cfg)
+ result, err := svc.GetSecretValue(ctx, &secretsmanager.GetSecretValueInput{
+ SecretId: aws.String(installCodeName),
+ })
+ if err != nil {
+ logger.Error(logSender, "", "unable to resolve installation code: %v", err)
+ return defaultInstallationCode
+ }
+
+ resolvedCode := util.GetStringFromPointer(result.SecretString)
+ if resolvedCode == "" {
+ logger.Error(logSender, "", "resolved installation code is empty")
+ return defaultInstallationCode
+ }
+ logger.Debug(logSender, "", "installation code resolved")
+ return resolvedCode
+}
diff --git a/internal/service/awscontainer_disabled.go b/internal/service/awscontainer_disabled.go
new file mode 100644
index 00000000..130fa775
--- /dev/null
+++ b/internal/service/awscontainer_disabled.go
@@ -0,0 +1,22 @@
+// Copyright (C) 2019 Nicola Murino
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published
+// by the Free Software Foundation, version 3.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+//go:build !awscontainer
+// +build !awscontainer
+
+package service
+
+func registerAWSContainer(_ bool) error {
+ return nil
+}
diff --git a/internal/service/service.go b/internal/service/service.go
index 6cb9db8b..3a8d5c81 100644
--- a/internal/service/service.go
+++ b/internal/service/service.go
@@ -39,6 +39,7 @@ const (
)
var (
+ chars = []rune("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789")
graceTime int
)
@@ -88,7 +89,7 @@ func (s *Service) initLogger() {
}
// Start initializes and starts the service
-func (s *Service) Start() error {
+func (s *Service) Start(disableAWSInstallationCode bool) error {
s.initLogger()
logger.Info(logSender, "", "starting SFTPGo %s, config dir: %s, config file: %s, log max size: %d log max backups: %d "+
"log max age: %d log level: %s, log compress: %t, log utc time: %t, load data from: %q, grace time: %d secs",
@@ -109,7 +110,7 @@ func (s *Service) Start() error {
return errors.New(infoString)
}
- if err := s.initializeServices(); err != nil {
+ if err := s.initializeServices(disableAWSInstallationCode); err != nil {
return err
}
@@ -119,7 +120,7 @@ func (s *Service) Start() error {
return nil
}
-func (s *Service) initializeServices() error {
+func (s *Service) initializeServices(disableAWSInstallationCode bool) error {
providerConf := config.GetProviderConf()
kmsConfig := config.GetKMSConfig()
err := kmsConfig.Initialize()
@@ -179,6 +180,12 @@ func (s *Service) initializeServices() error {
}
}
+ if err := registerAWSContainer(disableAWSInstallationCode); err != nil {
+ logger.Error(logSender, "", "error registering AWS container: %v", err)
+ logger.ErrorToConsole("error registering AWS container: %v", err)
+ return err
+ }
+
httpConfig := config.GetHTTPConfig()
err = httpConfig.Initialize(s.ConfigDir)
if err != nil {
diff --git a/internal/service/service_portable.go b/internal/service/service_portable.go
index 91d5fc79..06b05f7a 100644
--- a/internal/service/service_portable.go
+++ b/internal/service/service_portable.go
@@ -13,13 +13,13 @@
// along with this program. If not, see .
//go:build !noportable
+// +build !noportable
package service
import (
"fmt"
"math/rand"
- "slices"
"strings"
"github.com/sftpgo/sdk"
@@ -69,7 +69,7 @@ func (s *Service) StartPortableMode(sftpdPort, ftpPort, webdavPort, httpPort int
configurePortableWebDAVService(webdavPort, webDavCert, webDavKey)
configurePortableHTTPService(httpPort, httpsCert, httpsKey)
- err = s.Start()
+ err = s.Start(true)
if err != nil {
return err
}
@@ -95,24 +95,24 @@ func (s *Service) StartPortableMode(sftpdPort, ftpPort, webdavPort, httpPort int
func (s *Service) getServiceOptionalInfoString() string {
var info strings.Builder
if config.GetSFTPDConfig().Bindings[0].IsValid() {
- fmt.Fprintf(&info, "SFTP port: %d ", config.GetSFTPDConfig().Bindings[0].Port)
+ info.WriteString(fmt.Sprintf("SFTP port: %v ", config.GetSFTPDConfig().Bindings[0].Port))
}
if config.GetFTPDConfig().Bindings[0].IsValid() {
- fmt.Fprintf(&info, "FTP port: %d ", config.GetFTPDConfig().Bindings[0].Port)
+ info.WriteString(fmt.Sprintf("FTP port: %v ", config.GetFTPDConfig().Bindings[0].Port))
}
if config.GetWebDAVDConfig().Bindings[0].IsValid() {
scheme := "http"
if config.GetWebDAVDConfig().CertificateFile != "" && config.GetWebDAVDConfig().CertificateKeyFile != "" {
scheme = "https"
}
- fmt.Fprintf(&info, "WebDAV URL: %v://:%v/ ", scheme, config.GetWebDAVDConfig().Bindings[0].Port)
+ info.WriteString(fmt.Sprintf("WebDAV URL: %v://:%v/ ", scheme, config.GetWebDAVDConfig().Bindings[0].Port))
}
if config.GetHTTPDConfig().Bindings[0].IsValid() {
scheme := "http"
if config.GetHTTPDConfig().CertificateFile != "" && config.GetHTTPDConfig().CertificateKeyFile != "" {
scheme = "https"
}
- fmt.Fprintf(&info, "WebClient URL: %s://:%d/ ", scheme, config.GetHTTPDConfig().Bindings[0].Port)
+ info.WriteString(fmt.Sprintf("WebClient URL: %v://:%v/ ", scheme, config.GetHTTPDConfig().Bindings[0].Port))
}
return info.String()
}
@@ -144,15 +144,16 @@ func (s *Service) configurePortableUser() string {
printablePassword = "[redacted]"
}
if len(s.PortableUser.PublicKeys) == 0 && s.PortableUser.Password == "" {
- s.PortableUser.Password = util.GenerateUniqueID()
+ var b strings.Builder
+ for i := 0; i < 16; i++ {
+ b.WriteRune(chars[rand.Intn(len(chars))])
+ }
+ s.PortableUser.Password = b.String()
printablePassword = s.PortableUser.Password
}
s.PortableUser.Filters.WebClient = []string{sdk.WebClientSharesDisabled, sdk.WebClientInfoChangeDisabled,
sdk.WebClientPubKeyChangeDisabled, sdk.WebClientPasswordChangeDisabled, sdk.WebClientAPIKeyAuthChangeDisabled,
- sdk.WebClientMFADisabled, sdk.WebClientPasswordResetDisabled, sdk.WebClientTLSCertChangeDisabled,
- }
- if !s.PortableUser.HasAnyPerm([]string{dataprovider.PermUpload, dataprovider.PermOverwrite}, "/") {
- s.PortableUser.Filters.WebClient = append(s.PortableUser.Filters.WebClient, sdk.WebClientWriteDisabled)
+ sdk.WebClientMFADisabled,
}
s.configurePortableSecrets()
return printablePassword
@@ -210,7 +211,7 @@ func configurePortableSFTPService(port int, enabledSSHCommands []string) {
} else {
sftpdConf.Bindings[0].Port = 0
}
- if slices.Contains(enabledSSHCommands, "*") {
+ if util.Contains(enabledSSHCommands, "*") {
sftpdConf.EnabledSSHCommands = sftpd.GetSupportedSSHCommands()
} else {
sftpdConf.EnabledSSHCommands = enabledSSHCommands
diff --git a/internal/service/service_windows.go b/internal/service/service_windows.go
index 16be97ae..bb1f7627 100644
--- a/internal/service/service_windows.go
+++ b/internal/service/service_windows.go
@@ -108,7 +108,7 @@ func (s *WindowsService) Execute(args []string, r <-chan svc.ChangeRequest, chan
changes <- svc.Status{State: svc.StartPending}
go func() {
- if err := s.Service.Start(); err != nil {
+ if err := s.Service.Start(false); err != nil {
logger.Error(logSender, "", "Windows service failed to start, error: %v", err)
s.Service.Error = err
s.Service.Shutdown <- true
diff --git a/internal/service/signals_unix.go b/internal/service/signals_unix.go
index cecbea9f..22b0c3f1 100644
--- a/internal/service/signals_unix.go
+++ b/internal/service/signals_unix.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build !windows
+// +build !windows
package service
diff --git a/internal/cmd/signals_unix.go b/internal/sftpd/cmd_unix.go
similarity index 58%
rename from internal/cmd/signals_unix.go
rename to internal/sftpd/cmd_unix.go
index 91849b9a..1d0eaca4 100644
--- a/internal/cmd/signals_unix.go
+++ b/internal/sftpd/cmd_unix.go
@@ -1,4 +1,4 @@
-// Copyright (C) 2025 Nicola Murino
+// Copyright (C) 2019 Nicola Murino
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published
@@ -13,29 +13,26 @@
// along with this program. If not, see .
//go:build !windows
+// +build !windows
-package cmd
+package sftpd
import (
"os"
- "os/signal"
+ "os/exec"
"syscall"
-
- "github.com/drakkan/sftpgo/v2/internal/logger"
- "github.com/drakkan/sftpgo/v2/internal/plugin"
)
-func registerSignals() {
- c := make(chan os.Signal, 1)
- signal.Notify(c, syscall.SIGINT, syscall.SIGTERM)
- go func() {
- for sig := range c {
- switch sig {
- case syscall.SIGINT, syscall.SIGTERM:
- logger.DebugToConsole("Received interrupt request")
- plugin.Handler.Cleanup()
- os.Exit(0)
- }
- }
- }()
+var (
+ processUID = os.Geteuid()
+ processGID = os.Getegid()
+)
+
+func wrapCmd(cmd *exec.Cmd, uid, gid int) *exec.Cmd {
+ isCurrentUser := processUID == uid && processGID == gid
+ if (uid > 0 || gid > 0) && !isCurrentUser {
+ cmd.SysProcAttr = &syscall.SysProcAttr{}
+ cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uint32(uid), Gid: uint32(gid)}
+ }
+ return cmd
}
diff --git a/internal/sftpd/cmd_windows.go b/internal/sftpd/cmd_windows.go
new file mode 100644
index 00000000..825045bf
--- /dev/null
+++ b/internal/sftpd/cmd_windows.go
@@ -0,0 +1,23 @@
+// Copyright (C) 2019 Nicola Murino
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published
+// by the Free Software Foundation, version 3.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+package sftpd
+
+import (
+ "os/exec"
+)
+
+func wrapCmd(cmd *exec.Cmd, _, _ int) *exec.Cmd {
+ return cmd
+}
diff --git a/internal/sftpd/handler.go b/internal/sftpd/handler.go
index ca8575f5..310e908a 100644
--- a/internal/sftpd/handler.go
+++ b/internal/sftpd/handler.go
@@ -19,7 +19,6 @@ import (
"net"
"os"
"path"
- "strings"
"time"
"github.com/pkg/sftp"
@@ -73,15 +72,10 @@ func (c *Connection) GetCommand() string {
// Fileread creates a reader for a file on the system and returns the reader back.
func (c *Connection) Fileread(request *sftp.Request) (io.ReaderAt, error) {
c.UpdateLastActivity()
- updateRequestPaths(request)
if !c.User.HasPerm(dataprovider.PermDownload, path.Dir(request.Filepath)) {
return nil, sftp.ErrSSHFxPermissionDenied
}
- if err := common.Connections.IsNewTransferAllowed(c.User.Username); err != nil {
- c.Log(logger.LevelInfo, "denying file read due to transfer count limits")
- return nil, c.GetPermissionDeniedError()
- }
transferQuota := c.GetTransferQuota()
if !transferQuota.HasDownloadSpace() {
c.Log(logger.LevelInfo, "denying file read due to quota limits")
@@ -126,14 +120,8 @@ func (c *Connection) Filewrite(request *sftp.Request) (io.WriterAt, error) {
return c.handleFilewrite(request)
}
-func (c *Connection) handleFilewrite(request *sftp.Request) (sftp.WriterAtReaderAt, error) { //nolint:gocyclo
+func (c *Connection) handleFilewrite(request *sftp.Request) (sftp.WriterAtReaderAt, error) {
c.UpdateLastActivity()
- updateRequestPaths(request)
-
- if err := common.Connections.IsNewTransferAllowed(c.User.Username); err != nil {
- c.Log(logger.LevelInfo, "denying file write due to transfer count limits")
- return nil, c.GetPermissionDeniedError()
- }
if ok, _ := c.User.IsFileAllowed(request.Filepath); !ok {
c.Log(logger.LevelWarn, "writing file %q is not allowed", request.Filepath)
@@ -192,7 +180,6 @@ func (c *Connection) handleFilewrite(request *sftp.Request) (sftp.WriterAtReader
// or writing to those files.
func (c *Connection) Filecmd(request *sftp.Request) error {
c.UpdateLastActivity()
- updateRequestPaths(request)
switch request.Method {
case "Setstat":
@@ -225,7 +212,6 @@ func (c *Connection) Filecmd(request *sftp.Request) error {
// a directory as well as perform file/folder stat calls.
func (c *Connection) Filelist(request *sftp.Request) (sftp.ListerAt, error) {
c.UpdateLastActivity()
- updateRequestPaths(request)
switch request.Method {
case "List":
@@ -235,9 +221,9 @@ func (c *Connection) Filelist(request *sftp.Request) (sftp.ListerAt, error) {
}
modTime := time.Unix(0, 0)
if request.Filepath != "/" {
- lister.Prepend(vfs.NewFileInfo("..", true, 0, modTime, false))
+ lister.Add(vfs.NewFileInfo("..", true, 0, modTime, false))
}
- lister.Prepend(vfs.NewFileInfo(".", true, 0, modTime, false))
+ lister.Add(vfs.NewFileInfo(".", true, 0, modTime, false))
return lister, nil
case "Stat":
if !c.User.HasPerm(dataprovider.PermListItems, path.Dir(request.Filepath)) {
@@ -257,7 +243,6 @@ func (c *Connection) Filelist(request *sftp.Request) (sftp.ListerAt, error) {
// Readlink implements the ReadlinkFileLister interface
func (c *Connection) Readlink(filePath string) (string, error) {
- filePath = util.CleanPath(filePath)
if err := c.canReadLink(filePath); err != nil {
return "", err
}
@@ -282,7 +267,6 @@ func (c *Connection) Readlink(filePath string) (string, error) {
// Lstat implements LstatFileLister interface
func (c *Connection) Lstat(request *sftp.Request) (sftp.ListerAt, error) {
c.UpdateLastActivity()
- updateRequestPaths(request)
if !c.User.HasPerm(dataprovider.PermListItems, path.Dir(request.Filepath)) {
return nil, sftp.ErrSSHFxPermissionDenied
@@ -298,14 +282,15 @@ func (c *Connection) Lstat(request *sftp.Request) (sftp.ListerAt, error) {
// RealPath implements the RealPathFileLister interface
func (c *Connection) RealPath(p string) (string, error) {
+ if !c.User.HasPerm(dataprovider.PermListItems, path.Dir(p)) {
+ return "", sftp.ErrSSHFxPermissionDenied
+ }
+
if c.User.Filters.StartDirectory == "" {
p = util.CleanPath(p)
} else {
p = util.CleanPathWithBase(c.User.Filters.StartDirectory, p)
}
- if !c.User.HasPerm(dataprovider.PermListItems, path.Dir(p)) {
- return "", sftp.ErrSSHFxPermissionDenied
- }
fs, fsPath, err := c.GetFsAndResolvedPath(p)
if err != nil {
return "", err
@@ -323,7 +308,6 @@ func (c *Connection) RealPath(p string) (string, error) {
// StatVFS implements StatVFSFileCmder interface
func (c *Connection) StatVFS(r *sftp.Request) (*sftp.StatVFS, error) {
c.UpdateLastActivity()
- updateRequestPaths(r)
// we are assuming that r.Filepath is a dir, this could be wrong but should
// not produce any side effect here.
@@ -473,7 +457,7 @@ func (c *Connection) handleSFTPUploadToExistingFile(fs vfs.Fs, pflags sftp.FileO
}
if common.Config.IsAtomicUploadEnabled() && fs.IsAtomicUploadSupported() {
- _, _, err = fs.Rename(resolvedPath, filePath, 0)
+ _, _, err = fs.Rename(resolvedPath, filePath)
if err != nil {
c.Log(logger.LevelError, "error renaming existing file for atomic upload, source: %q, dest: %q, err: %+v",
resolvedPath, filePath, err)
@@ -575,10 +559,13 @@ func (c *Connection) getStatVFSFromQuotaResult(fs vfs.Fs, name string, quotaResu
func (c *Connection) updateQuotaAfterTruncate(requestPath string, fileSize int64) {
vfolder, err := c.User.GetVirtualFolderForPath(path.Dir(requestPath))
if err == nil {
- dataprovider.UpdateUserFolderQuota(&vfolder, &c.User, 0, -fileSize, false)
- return
+ dataprovider.UpdateVirtualFolderQuota(&vfolder.BaseVirtualFolder, 0, -fileSize, false) //nolint:errcheck
+ if vfolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&c.User, 0, -fileSize, false) //nolint:errcheck
+ }
+ } else {
+ dataprovider.UpdateUserQuota(&c.User, 0, -fileSize, false) //nolint:errcheck
}
- dataprovider.UpdateUserQuota(&c.User, 0, -fileSize, false) //nolint:errcheck
}
func getOSOpenFlags(requestFlags sftp.FileOpenFlags) (flags int) {
@@ -603,15 +590,3 @@ func getOSOpenFlags(requestFlags sftp.FileOpenFlags) (flags int) {
}
return osFlags
}
-
-func updateRequestPaths(request *sftp.Request) {
- if request.Method == "Symlink" {
- request.Filepath = path.Clean(strings.ReplaceAll(request.Filepath, "\\", "/"))
- } else {
- request.Filepath = util.CleanPath(request.Filepath)
- }
-
- if request.Target != "" {
- request.Target = util.CleanPath(request.Target)
- }
-}
diff --git a/internal/sftpd/internal_test.go b/internal/sftpd/internal_test.go
index 44e93faa..bc96b68a 100644
--- a/internal/sftpd/internal_test.go
+++ b/internal/sftpd/internal_test.go
@@ -16,7 +16,6 @@ package sftpd
import (
"bytes"
- "context"
"errors"
"fmt"
"io"
@@ -25,7 +24,6 @@ import (
"os"
"path/filepath"
"runtime"
- "slices"
"testing"
"time"
@@ -147,7 +145,7 @@ func (fs MockOsFs) Remove(name string, _ bool) error {
}
// Rename renames (moves) source to target
-func (fs MockOsFs) Rename(source, target string, _ int) (int, int64, error) {
+func (fs MockOsFs) Rename(source, target string) (int, int64, error) {
if fs.err != nil {
return -1, -1, fs.err
}
@@ -271,7 +269,6 @@ func TestReadWriteErrors(t *testing.T) {
err = os.Remove(testfile)
assert.NoError(t, err)
assert.Len(t, conn.GetTransfers(), 0)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func TestUnsupportedListOP(t *testing.T) {
@@ -377,9 +374,8 @@ func TestWithInvalidHome(t *testing.T) {
c := Connection{
BaseConnection: common.NewBaseConnection("", common.ProtocolSFTP, "", "", u),
}
- resolved, err := fs.ResolvePath("../upper_path")
- assert.NoError(t, err)
- assert.Equal(t, filepath.Join(u.HomeDir, "upper_path"), resolved)
+ _, err = fs.ResolvePath("../upper_path")
+ assert.Error(t, err, "tested path is not a home subdir")
_, err = c.StatVFS(&sftp.Request{
Method: "StatVFS",
Filepath: "../unresolvable-path",
@@ -422,7 +418,7 @@ func TestSupportedSSHCommands(t *testing.T) {
assert.Equal(t, len(supportedSSHCommands), len(cmds))
for _, c := range cmds {
- assert.True(t, slices.Contains(supportedSSHCommands, c))
+ assert.True(t, util.Contains(supportedSSHCommands, c))
}
}
@@ -529,6 +525,14 @@ func TestSSHCommandErrors(t *testing.T) {
err = cmd.handle()
assert.Error(t, err, "ssh command must fail, we are requesting an invalid path")
+ cmd = sshCommand{
+ command: "git-receive-pack",
+ connection: &connection,
+ args: []string{"/../../testrepo"},
+ }
+ err = cmd.handle()
+ assert.Error(t, err, "ssh command must fail, we are requesting an invalid path")
+
user = dataprovider.User{}
user.Permissions = map[string][]string{
"/": {dataprovider.PermAny},
@@ -539,6 +543,43 @@ func TestSSHCommandErrors(t *testing.T) {
cmd.connection.User = user
_, err = cmd.connection.User.GetFilesystem("123")
assert.NoError(t, err)
+ err = cmd.handle()
+ assert.EqualError(t, err, common.ErrQuotaExceeded.Error())
+
+ cmd.connection.User.QuotaFiles = 0
+ cmd.connection.User.UsedQuotaFiles = 0
+ cmd.connection.User.Permissions = make(map[string][]string)
+ cmd.connection.User.Permissions["/"] = []string{dataprovider.PermListItems}
+ err = cmd.handle()
+ assert.EqualError(t, err, common.ErrPermissionDenied.Error())
+
+ cmd.connection.User.Permissions["/"] = []string{dataprovider.PermAny}
+ cmd.command = "invalid_command"
+ command, err := cmd.getSystemCommand()
+ assert.NoError(t, err)
+
+ err = cmd.executeSystemCommand(command)
+ assert.Error(t, err, "invalid command must fail")
+
+ command, err = cmd.getSystemCommand()
+ assert.NoError(t, err)
+
+ _, err = command.cmd.StderrPipe()
+ assert.NoError(t, err)
+
+ err = cmd.executeSystemCommand(command)
+ assert.Error(t, err, "command must fail, pipe was already assigned")
+
+ err = cmd.executeSystemCommand(command)
+ assert.Error(t, err, "command must fail, pipe was already assigned")
+
+ command, err = cmd.getSystemCommand()
+ assert.NoError(t, err)
+
+ _, err = command.cmd.StdoutPipe()
+ assert.NoError(t, err)
+ err = cmd.executeSystemCommand(command)
+ assert.Error(t, err, "command must fail, pipe was already assigned")
cmd = sshCommand{
command: "sftpgo-remove",
@@ -556,6 +597,23 @@ func TestSSHCommandErrors(t *testing.T) {
err = cmd.handle()
assert.Error(t, err, "ssh command must fail, we are requesting an invalid path")
+ cmd.connection.User.HomeDir = filepath.Clean(os.TempDir())
+
+ cmd = sshCommand{
+ command: "sftpgo-copy",
+ connection: &connection,
+ args: []string{"src", "dst"},
+ }
+
+ cmd.connection.User.Permissions = make(map[string][]string)
+ cmd.connection.User.Permissions["/"] = []string{dataprovider.PermAny}
+
+ common.WaitForTransfers(1)
+ _, err = cmd.getSystemCommand()
+ if assert.Error(t, err) {
+ assert.Contains(t, err.Error(), common.ErrShuttingDown.Error())
+ }
+
err = common.Initialize(common.Config, 0)
assert.NoError(t, err)
}
@@ -596,6 +654,38 @@ func TestCommandsWithExtensionsFilter(t *testing.T) {
}
err := cmd.handleHashCommands()
assert.EqualError(t, err, common.ErrPermissionDenied.Error())
+
+ cmd = sshCommand{
+ command: "rsync",
+ connection: connection,
+ args: []string{"--server", "-vlogDtprze.iLsfxC", ".", "/"},
+ }
+ _, err = cmd.getSystemCommand()
+ assert.EqualError(t, err, errUnsupportedConfig.Error())
+
+ cmd = sshCommand{
+ command: "git-receive-pack",
+ connection: connection,
+ args: []string{"/subdir"},
+ }
+ _, err = cmd.getSystemCommand()
+ assert.EqualError(t, err, errUnsupportedConfig.Error())
+
+ cmd = sshCommand{
+ command: "git-receive-pack",
+ connection: connection,
+ args: []string{"/subdir/dir"},
+ }
+ _, err = cmd.getSystemCommand()
+ assert.EqualError(t, err, errUnsupportedConfig.Error())
+
+ cmd = sshCommand{
+ command: "git-receive-pack",
+ connection: connection,
+ args: []string{"/adir/subdir"},
+ }
+ _, err = cmd.getSystemCommand()
+ assert.NoError(t, err)
}
func TestSSHCommandsRemoteFs(t *testing.T) {
@@ -626,7 +716,17 @@ func TestSSHCommandsRemoteFs(t *testing.T) {
args: []string{},
}
- err := cmd.handleSFTPGoCopy()
+ command, err := cmd.getSystemCommand()
+ assert.NoError(t, err)
+
+ err = cmd.executeSystemCommand(command)
+ assert.Error(t, err, "command must fail for a non local filesystem")
+ cmd = sshCommand{
+ command: "sftpgo-copy",
+ connection: connection,
+ args: []string{},
+ }
+ err = cmd.handleSFTPGoCopy()
assert.Error(t, err)
cmd = sshCommand{
command: "sftpgo-remove",
@@ -675,12 +775,282 @@ func TestSSHCmdGetFsErrors(t *testing.T) {
assert.NoError(t, err)
}
+func TestGitVirtualFolders(t *testing.T) {
+ permissions := make(map[string][]string)
+ permissions["/"] = []string{dataprovider.PermAny}
+ user := dataprovider.User{
+ BaseUser: sdk.BaseUser{
+ Permissions: permissions,
+ HomeDir: os.TempDir(),
+ },
+ }
+ conn := &Connection{
+ BaseConnection: common.NewBaseConnection("", common.ProtocolSFTP, "", "", user),
+ }
+ cmd := sshCommand{
+ command: "git-receive-pack",
+ connection: conn,
+ args: []string{"/vdir"},
+ }
+ cmd.connection.User.VirtualFolders = append(cmd.connection.User.VirtualFolders, vfs.VirtualFolder{
+ BaseVirtualFolder: vfs.BaseVirtualFolder{
+ MappedPath: os.TempDir(),
+ },
+ VirtualPath: "/vdir",
+ })
+ _, err := cmd.getSystemCommand()
+ assert.NoError(t, err)
+ cmd.args = []string{"/"}
+ _, err = cmd.getSystemCommand()
+ assert.EqualError(t, err, errUnsupportedConfig.Error())
+ cmd.args = []string{"/vdir1"}
+ _, err = cmd.getSystemCommand()
+ assert.NoError(t, err)
+
+ cmd.connection.User.VirtualFolders = nil
+ cmd.connection.User.VirtualFolders = append(cmd.connection.User.VirtualFolders, vfs.VirtualFolder{
+ BaseVirtualFolder: vfs.BaseVirtualFolder{
+ MappedPath: os.TempDir(),
+ },
+ VirtualPath: "/vdir",
+ })
+ cmd.args = []string{"/vdir/subdir"}
+ _, err = cmd.getSystemCommand()
+ assert.NoError(t, err)
+
+ cmd.args = []string{"/adir/subdir"}
+ _, err = cmd.getSystemCommand()
+ assert.NoError(t, err)
+}
+
+func TestRsyncOptions(t *testing.T) {
+ permissions := make(map[string][]string)
+ permissions["/"] = []string{dataprovider.PermAny}
+ user := dataprovider.User{
+ BaseUser: sdk.BaseUser{
+ Permissions: permissions,
+ HomeDir: os.TempDir(),
+ },
+ }
+ conn := &Connection{
+ BaseConnection: common.NewBaseConnection("", common.ProtocolSFTP, "", "", user),
+ }
+ sshCmd := sshCommand{
+ command: "rsync",
+ connection: conn,
+ args: []string{"--server", "-vlogDtprze.iLsfxC", ".", "/"},
+ }
+ cmd, err := sshCmd.getSystemCommand()
+ assert.NoError(t, err)
+ assert.True(t, util.Contains(cmd.cmd.Args, "--safe-links"),
+ "--safe-links must be added if the user has the create symlinks permission")
+
+ permissions["/"] = []string{dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermCreateDirs,
+ dataprovider.PermListItems, dataprovider.PermOverwrite, dataprovider.PermDelete, dataprovider.PermRename}
+ user.Permissions = permissions
+
+ conn = &Connection{
+ BaseConnection: common.NewBaseConnection("", common.ProtocolSFTP, "", "", user),
+ }
+ sshCmd = sshCommand{
+ command: "rsync",
+ connection: conn,
+ args: []string{"--server", "-vlogDtprze.iLsfxC", ".", "/"},
+ }
+ cmd, err = sshCmd.getSystemCommand()
+ assert.NoError(t, err)
+ assert.True(t, util.Contains(cmd.cmd.Args, "--munge-links"),
+ "--munge-links must be added if the user has the create symlinks permission")
+
+ sshCmd.connection.User.VirtualFolders = append(sshCmd.connection.User.VirtualFolders, vfs.VirtualFolder{
+ BaseVirtualFolder: vfs.BaseVirtualFolder{
+ MappedPath: os.TempDir(),
+ },
+ VirtualPath: "/vdir",
+ })
+ _, err = sshCmd.getSystemCommand()
+ assert.EqualError(t, err, errUnsupportedConfig.Error())
+}
+
+func TestSystemCommandSizeForPath(t *testing.T) {
+ permissions := make(map[string][]string)
+ permissions["/"] = []string{dataprovider.PermAny}
+ user := dataprovider.User{
+ BaseUser: sdk.BaseUser{
+ Permissions: permissions,
+ HomeDir: os.TempDir(),
+ },
+ }
+ fs, err := user.GetFilesystem("123")
+ assert.NoError(t, err)
+ conn := &Connection{
+ BaseConnection: common.NewBaseConnection("", common.ProtocolSFTP, "", "", user),
+ }
+ sshCmd := sshCommand{
+ command: "rsync",
+ connection: conn,
+ args: []string{"--server", "-vlogDtprze.iLsfxC", ".", "/"},
+ }
+ _, _, err = sshCmd.getSizeForPath(fs, "missing path")
+ assert.NoError(t, err)
+ testDir := filepath.Join(os.TempDir(), "dir")
+ err = os.MkdirAll(testDir, os.ModePerm)
+ assert.NoError(t, err)
+ testFile := filepath.Join(testDir, "testfile")
+ err = os.WriteFile(testFile, []byte("test content"), os.ModePerm)
+ assert.NoError(t, err)
+ err = os.Symlink(testFile, testFile+".link")
+ assert.NoError(t, err)
+ numFiles, size, err := sshCmd.getSizeForPath(fs, testFile+".link")
+ assert.NoError(t, err)
+ assert.Equal(t, 0, numFiles)
+ assert.Equal(t, int64(0), size)
+ numFiles, size, err = sshCmd.getSizeForPath(fs, testFile)
+ assert.NoError(t, err)
+ assert.Equal(t, 1, numFiles)
+ assert.Equal(t, int64(12), size)
+ if runtime.GOOS != osWindows {
+ err = os.Chmod(testDir, 0001)
+ assert.NoError(t, err)
+ _, _, err = sshCmd.getSizeForPath(fs, testFile)
+ assert.Error(t, err)
+ err = os.Chmod(testDir, os.ModePerm)
+ assert.NoError(t, err)
+ }
+ err = os.RemoveAll(testDir)
+ assert.NoError(t, err)
+}
+
+func TestSystemCommandErrors(t *testing.T) {
+ buf := make([]byte, 65535)
+ stdErrBuf := make([]byte, 65535)
+ readErr := fmt.Errorf("test read error")
+ writeErr := fmt.Errorf("test write error")
+ mockSSHChannel := MockChannel{
+ Buffer: bytes.NewBuffer(buf),
+ StdErrBuffer: bytes.NewBuffer(stdErrBuf),
+ ReadError: nil,
+ WriteError: writeErr,
+ }
+ permissions := make(map[string][]string)
+ permissions["/"] = []string{dataprovider.PermAny}
+ homeDir := filepath.Join(os.TempDir(), "adir")
+ err := os.MkdirAll(homeDir, os.ModePerm)
+ assert.NoError(t, err)
+ err = os.WriteFile(filepath.Join(homeDir, "afile"), []byte("content"), os.ModePerm)
+ assert.NoError(t, err)
+ user := dataprovider.User{
+ BaseUser: sdk.BaseUser{
+ Permissions: permissions,
+ HomeDir: homeDir,
+ },
+ }
+ fs, err := user.GetFilesystem("123")
+ assert.NoError(t, err)
+ connection := &Connection{
+ BaseConnection: common.NewBaseConnection("", common.ProtocolSFTP, "", "", user),
+ channel: &mockSSHChannel,
+ }
+ var sshCmd sshCommand
+ if runtime.GOOS == osWindows {
+ sshCmd = sshCommand{
+ command: "dir",
+ connection: connection,
+ args: []string{"/"},
+ }
+ } else {
+ sshCmd = sshCommand{
+ command: "ls",
+ connection: connection,
+ args: []string{"/"},
+ }
+ }
+ systemCmd, err := sshCmd.getSystemCommand()
+ assert.NoError(t, err)
+
+ systemCmd.cmd.Dir = os.TempDir()
+ // FIXME: the command completes but the fake client is unable to read the response
+ // no error is reported in this case. We can see that the expected code is executed
+ // reading the test coverage
+ sshCmd.executeSystemCommand(systemCmd) //nolint:errcheck
+
+ mockSSHChannel = MockChannel{
+ Buffer: bytes.NewBuffer(buf),
+ StdErrBuffer: bytes.NewBuffer(stdErrBuf),
+ ReadError: readErr,
+ WriteError: nil,
+ }
+ sshCmd.connection.channel = &mockSSHChannel
+ baseTransfer := common.NewBaseTransfer(nil, sshCmd.connection.BaseConnection, nil, "", "", "",
+ common.TransferUpload, 0, 0, 0, 0, false, fs, dataprovider.TransferQuota{})
+ transfer := newTransfer(baseTransfer, nil, nil, nil)
+ destBuff := make([]byte, 65535)
+ dst := bytes.NewBuffer(destBuff)
+ _, err = transfer.copyFromReaderToWriter(dst, sshCmd.connection.channel)
+ assert.EqualError(t, err, readErr.Error())
+
+ mockSSHChannel = MockChannel{
+ Buffer: bytes.NewBuffer(buf),
+ StdErrBuffer: bytes.NewBuffer(stdErrBuf),
+ ReadError: nil,
+ WriteError: nil,
+ }
+ sshCmd.connection.channel = &mockSSHChannel
+ transfer.MaxWriteSize = 1
+ _, err = transfer.copyFromReaderToWriter(dst, sshCmd.connection.channel)
+ assert.True(t, transfer.Connection.IsQuotaExceededError(err))
+
+ mockSSHChannel = MockChannel{
+ Buffer: bytes.NewBuffer(buf),
+ StdErrBuffer: bytes.NewBuffer(stdErrBuf),
+ ReadError: nil,
+ WriteError: nil,
+ ShortWriteErr: true,
+ }
+ sshCmd.connection.channel = &mockSSHChannel
+ _, err = transfer.copyFromReaderToWriter(sshCmd.connection.channel, dst)
+ assert.EqualError(t, err, io.ErrShortWrite.Error())
+ transfer.MaxWriteSize = -1
+ _, err = transfer.copyFromReaderToWriter(sshCmd.connection.channel, dst)
+ assert.True(t, transfer.Connection.IsQuotaExceededError(err))
+
+ baseTransfer = common.NewBaseTransfer(nil, sshCmd.connection.BaseConnection, nil, "", "", "",
+ common.TransferDownload, 0, 0, 0, 0, false, fs, dataprovider.TransferQuota{
+ AllowedDLSize: 1,
+ })
+ transfer = newTransfer(baseTransfer, nil, nil, nil)
+ mockSSHChannel = MockChannel{
+ Buffer: bytes.NewBuffer(buf),
+ StdErrBuffer: bytes.NewBuffer(stdErrBuf),
+ ReadError: nil,
+ WriteError: nil,
+ }
+ sshCmd.connection.channel = &mockSSHChannel
+ _, err = transfer.copyFromReaderToWriter(dst, sshCmd.connection.channel)
+ if assert.Error(t, err) {
+ assert.Contains(t, err.Error(), common.ErrReadQuotaExceeded.Error())
+ }
+
+ err = os.RemoveAll(homeDir)
+ assert.NoError(t, err)
+}
+
func TestCommandGetFsError(t *testing.T) {
user := dataprovider.User{
FsConfig: vfs.Filesystem{
Provider: sdk.CryptedFilesystemProvider,
},
}
+ conn := &Connection{
+ BaseConnection: common.NewBaseConnection("", common.ProtocolSFTP, "", "", user),
+ }
+ sshCmd := sshCommand{
+ command: "rsync",
+ connection: conn,
+ args: []string{"--server", "-vlogDtprze.iLsfxC", ".", "/"},
+ }
+ _, err := sshCmd.getSystemCommand()
+ assert.Error(t, err)
buf := make([]byte, 65535)
stdErrBuf := make([]byte, 65535)
@@ -689,7 +1059,7 @@ func TestCommandGetFsError(t *testing.T) {
StdErrBuffer: bytes.NewBuffer(stdErrBuf),
ReadError: nil,
}
- conn := &Connection{
+ conn = &Connection{
BaseConnection: common.NewBaseConnection("", common.ProtocolSCP, "", "", user),
channel: &mockSSHChannel,
}
@@ -701,7 +1071,7 @@ func TestCommandGetFsError(t *testing.T) {
},
}
- err := scpCommand.handleRecursiveUpload()
+ err = scpCommand.handleRecursiveUpload()
assert.Error(t, err)
err = scpCommand.handleDownload("")
assert.Error(t, err)
@@ -1346,7 +1716,6 @@ func TestSCPUploadFiledata(t *testing.T) {
if assert.Error(t, err) {
assert.EqualError(t, err, common.ErrTransferClosed.Error())
}
- transfer.Connection.RemoveTransfer(transfer)
mockSSHChannel = MockChannel{
Buffer: bytes.NewBuffer(buf),
@@ -1358,12 +1727,9 @@ func TestSCPUploadFiledata(t *testing.T) {
transfer.Connection.AddTransfer(transfer)
err = scpCommand.getUploadFileData(2, transfer)
assert.ErrorContains(t, err, os.ErrClosed.Error())
- transfer.Connection.RemoveTransfer(transfer)
err = os.Remove(testfile)
assert.NoError(t, err)
-
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func TestUploadError(t *testing.T) {
@@ -1479,9 +1845,9 @@ func TestConfigsFromProvider(t *testing.T) {
SFTPD: &dataprovider.SFTPDConfigs{
HostKeyAlgos: []string{ssh.KeyAlgoRSA},
KexAlgorithms: []string{ssh.InsecureKeyExchangeDHGEXSHA1},
- Ciphers: []string{ssh.InsecureCipherAES128CBC},
+ Ciphers: []string{ssh.InsecureCipherAES128CBC, ssh.InsecureCipherAES192CBC, ssh.InsecureCipherAES256CBC},
MACs: []string{ssh.HMACSHA512ETM},
- PublicKeyAlgos: []string{ssh.InsecureKeyAlgoDSA}, //nolint:staticcheck
+ PublicKeyAlgos: []string{ssh.InsecureKeyAlgoDSA},
},
}
err = dataprovider.UpdateConfigs(&configs, "", "", "")
@@ -1512,7 +1878,7 @@ func TestSupportedSecurityOptions(t *testing.T) {
var defaultKexs []string
for _, k := range supportedKexAlgos {
defaultKexs = append(defaultKexs, k)
- if k == ssh.KeyExchangeCurve25519 {
+ if k == ssh.KeyExchangeCurve25519SHA256 {
defaultKexs = append(defaultKexs, keyExchangeCurve25519SHA256LibSSH)
}
}
@@ -1529,7 +1895,7 @@ func TestSupportedSecurityOptions(t *testing.T) {
c.MACs = []string{
" hmac-sha2-256-etm@openssh.com ", " hmac-sha2-512-etm@openssh.com",
"hmac-sha2-256", "hmac-sha2-512 ",
- "hmac-sha1 ", " hmac-sha1-96",
+ " hmac-sha1-96", "hmac-sha1 ",
}
err = c.configureSecurityOptions(serverConfig)
assert.NoError(t, err)
@@ -1616,6 +1982,40 @@ func TestCertCheckerInitErrors(t *testing.T) {
assert.NoError(t, err)
}
+func TestSFTPSubSystem(t *testing.T) {
+ permissions := make(map[string][]string)
+ permissions["/"] = []string{dataprovider.PermAny}
+ user := &dataprovider.User{
+ BaseUser: sdk.BaseUser{
+ Permissions: permissions,
+ HomeDir: os.TempDir(),
+ },
+ }
+ user.FsConfig.Provider = sdk.AzureBlobFilesystemProvider
+ err := ServeSubSystemConnection(user, "connID", nil, nil)
+ assert.Error(t, err)
+ user.FsConfig.Provider = sdk.LocalFilesystemProvider
+
+ buf := make([]byte, 0, 4096)
+ stdErrBuf := make([]byte, 0, 4096)
+ mockSSHChannel := &MockChannel{
+ Buffer: bytes.NewBuffer(buf),
+ StdErrBuffer: bytes.NewBuffer(stdErrBuf),
+ }
+ // this is 327680 and it will result in packet too long error
+ _, err = mockSSHChannel.Write([]byte{0x00, 0x05, 0x00, 0x00, 0x00, 0x00})
+ assert.NoError(t, err)
+ err = ServeSubSystemConnection(user, "id", mockSSHChannel, mockSSHChannel)
+ assert.EqualError(t, err, "packet too long")
+
+ subsystemChannel := newSubsystemChannel(mockSSHChannel, mockSSHChannel)
+ n, err := subsystemChannel.Write([]byte{0x00})
+ assert.NoError(t, err)
+ assert.Equal(t, n, 1)
+ err = subsystemChannel.Close()
+ assert.NoError(t, err)
+}
+
func TestRecoverer(t *testing.T) {
c := Configuration{}
c.AcceptInboundConnection(nil, nil)
@@ -1639,7 +2039,6 @@ func TestRecoverer(t *testing.T) {
err = scpCmd.handle()
assert.EqualError(t, err, common.ErrGenericFailure.Error())
assert.Len(t, common.Connections.GetStats(""), 0)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func TestListernerAcceptErrors(t *testing.T) {
@@ -1746,27 +2145,9 @@ func TestMaxUserSessions(t *testing.T) {
c := Configuration{}
c.handleSftpConnection(nil, connection)
- buf := make([]byte, 65535)
- stdErrBuf := make([]byte, 65535)
- mockSSHChannel := MockChannel{
- Buffer: bytes.NewBuffer(buf),
- StdErrBuffer: bytes.NewBuffer(stdErrBuf),
- }
-
- conn := &Connection{
- BaseConnection: common.NewBaseConnection(xid.New().String(), common.ProtocolSFTP, "", "", dataprovider.User{
- BaseUser: sdk.BaseUser{
- Username: "user_max_sessions",
- HomeDir: filepath.Clean(os.TempDir()),
- MaxSessions: 1,
- },
- }),
- channel: &mockSSHChannel,
- }
-
sshCmd := sshCommand{
command: "cd",
- connection: conn,
+ connection: connection,
}
err = sshCmd.handle()
if assert.Error(t, err) {
@@ -1775,17 +2156,19 @@ func TestMaxUserSessions(t *testing.T) {
scpCmd := scpCommand{
sshCommand: sshCommand{
command: "scp",
- connection: conn,
+ connection: connection,
},
}
err = scpCmd.handle()
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "too many open sessions")
}
-
+ err = ServeSubSystemConnection(&connection.User, connection.ID, nil, nil)
+ if assert.Error(t, err) {
+ assert.Contains(t, err.Error(), "too many open sessions")
+ }
common.Connections.Remove(connection.GetID())
assert.Len(t, common.Connections.GetStats(""), 0)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func TestCanReadSymlink(t *testing.T) {
@@ -1820,7 +2203,6 @@ func TestCanReadSymlink(t *testing.T) {
}
func TestAuthenticationErrors(t *testing.T) {
- sftpAuthError := newAuthenticationError(nil, "", "")
loginMethod := dataprovider.SSHLoginMethodPassword
username := "test user"
err := newAuthenticationError(fmt.Errorf("cannot validate credentials: %w", util.NewRecordNotFoundError("not found")),
@@ -1845,42 +2227,3 @@ func TestAuthenticationErrors(t *testing.T) {
assert.ErrorIs(t, err, sftpAuthError)
assert.NotErrorIs(t, err, util.ErrNotFound)
}
-
-type mockCommandExecutor struct {
- Output []byte
- Err error
-}
-
-func (f mockCommandExecutor) CombinedOutput(ctx context.Context, name string, args ...string) ([]byte, error) {
- return f.Output, f.Err
-}
-
-func TestVerifyWithOPKSSH(t *testing.T) {
- sshCert := []byte(`ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg4+hKHVPKv183MU/Q7XD/mzDBFSc2YY3eraltxLMGJo0AAAADAQABAAABAQCe6jMoy1xCQgiZkZJ7gi6NLj4uRqz2OaUGK/OJYZTfBqK+SlS9iymAluHu9K+cc4+0qxx0gn7dRTJWINSgzvca6ayYe995EKgD1hE5krh9BH0bRrXB+hGqyslcZOgLNO+v8jYojClQbRtET2tS+xb4k33GCuL5wgla2790ZgOQgs7huQUjG0S8c1W+EYt6fI4cWE/DeEBnv9sqryS8rOb0PbM6WUd7XBadwySFWYQUX0ei56GNt12Z4gADEGlFQV/OnV0PvnTcAMGUl0rfToPgJ4jgogWKoTVWuZ9wyA/x+2LRLRvgm2a969ig937/AH0i0Wq+FzqfK7EXQ99Yf5K/AAAAAAAAAAAAAAACAAAAFGhvc3QuZXhhbXBsZS5jb20ta2V5AAAAFAAAABBob3N0LmV4YW1wbGUuY29tAAAAAGXEzYAAAAAAd8sP4wAAAAAAAAAAAAAAAAAAARcAAAAHc3NoLXJzYQAAAAMBAAEAAAEBAL4PXUPSERufZWCW/hhEnylk3IeMgaa+2HcNY5Cur77a8fYy6OYZAPF+vhJUT0akwGUpTeXAZumAgHECDrJlw1J+jo9ZVT0AKDo0wU77IzNzYxob7+dpB02NJ7DLAXmPauQ07Zc5pWJFVKtmuh7YH9pjYtNXSMOXye7k06PBGzX+ztIt7nPWvD9fR2mZeTSoljeBCGZHwdlnV2ESQlQbBoEI93RPxqxJh/UCDatQPhpDbyverr2ZvB9Y45rqsx6ZVmu5RXl3MfBU1U21W/4ia2di3PybyD4rSmVoam0efcqxo6cBKSHe26OFoTuS9zgdH0iCWL37vqOFmJ7eH91M3nMAAAEUAAAADHJzYS1zaGEyLTI1NgAAAQA/ByIegNZYJRRl413S/8LxGvTZnbxsPwaluoJ/54niGZV9P28THz7d9jXfSHPjalhH93jNPfTYXvI4opnDC37ua1Nu8KKfk40IWXnnDdZLWraUxEidIzhmfVtz8kGdGoFQ8H0EzubL7zKNOTlfSfOoDlmQVOuxT/+eh2mEp4ri0/+8J1mLfLBr8tREX0/iaNjK+RKdcyTMicKursAYMCDdu8vlaphxea+ocyHM9izSX/l33t44V13ueTqIOh2Zbl2UE2k+jk+0dc1CmV0SEoiWiIyt8TRM4yQry1vPlQLsrf28sYM/QMwnhCVhyZO3vs5F25aQWrB9d51VEzBW9/fd host.example.com`)
- key, _, _, _, err := ssh.ParseAuthorizedKey(sshCert) //nolint:dogsled
- require.NoError(t, err)
- cert, ok := key.(*ssh.Certificate)
- require.True(t, ok)
- c := Configuration{}
- c.executor = mockCommandExecutor{
- Err: errors.New("test error"),
- }
- err = c.verifyWithOPKSSH("user", cert)
- assert.Error(t, err)
-
- c.executor = mockCommandExecutor{}
- err = c.verifyWithOPKSSH("", cert)
- assert.Error(t, err)
-
- c.executor = mockCommandExecutor{
- Output: ssh.MarshalAuthorizedKey(cert),
- }
- err = c.verifyWithOPKSSH("", cert)
- assert.Error(t, err)
-
- c.executor = mockCommandExecutor{
- Output: ssh.MarshalAuthorizedKey(cert.SignatureKey),
- }
- err = c.verifyWithOPKSSH("", cert)
- assert.NoError(t, err)
-}
diff --git a/internal/sftpd/internal_unix_test.go b/internal/sftpd/internal_unix_test.go
new file mode 100644
index 00000000..3bb0207f
--- /dev/null
+++ b/internal/sftpd/internal_unix_test.go
@@ -0,0 +1,36 @@
+// Copyright (C) 2019 Nicola Murino
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published
+// by the Free Software Foundation, version 3.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+//go:build !windows
+// +build !windows
+
+package sftpd
+
+import (
+ "os/exec"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func TestWrapCmd(t *testing.T) {
+ cmd := exec.Command("ls")
+ cmd = wrapCmd(cmd, 3001, 3002)
+ assert.Equal(t, uint32(3001), cmd.SysProcAttr.Credential.Uid)
+ assert.Equal(t, uint32(3002), cmd.SysProcAttr.Credential.Gid)
+
+ cmd = exec.Command("cd")
+ cmd = wrapCmd(cmd, processUID, processGID)
+ assert.Nil(t, cmd.SysProcAttr)
+}
diff --git a/internal/sftpd/scp.go b/internal/sftpd/scp.go
index 2d91afe3..be4079ed 100644
--- a/internal/sftpd/scp.go
+++ b/internal/sftpd/scp.go
@@ -51,9 +51,8 @@ func (c *scpCommand) handle() (err error) {
}
}()
if err := common.Connections.Add(c.connection); err != nil {
- defer c.connection.CloseFS() //nolint:errcheck
logger.Info(logSender, "", "unable to add SCP connection: %v", err)
- return c.sendErrorResponse(err)
+ return err
}
defer common.Connections.Remove(c.connection.GetID())
@@ -228,12 +227,6 @@ func (c *scpCommand) getUploadFileData(sizeToRead int64, transfer *transfer) err
}
func (c *scpCommand) handleUploadFile(fs vfs.Fs, resolvedPath, filePath string, sizeToRead int64, isNewFile bool, fileSize int64, requestPath string) error {
- if err := common.Connections.IsNewTransferAllowed(c.connection.User.Username); err != nil {
- err := fmt.Errorf("denying file write due to transfer count limits")
- c.connection.Log(logger.LevelInfo, "denying file write due to transfer count limits")
- c.sendErrorMessage(nil, err)
- return err
- }
diskQuota, transferQuota := c.connection.HasSpace(isNewFile, false, requestPath)
if !diskQuota.HasSpace || !transferQuota.HasUploadSpace() {
err := fmt.Errorf("denying file write due to quota limits")
@@ -265,7 +258,10 @@ func (c *scpCommand) handleUploadFile(fs vfs.Fs, resolvedPath, filePath string,
if vfs.HasTruncateSupport(fs) {
vfolder, err := c.connection.User.GetVirtualFolderForPath(path.Dir(requestPath))
if err == nil {
- dataprovider.UpdateUserFolderQuota(&vfolder, &c.connection.User, 0, -fileSize, false)
+ dataprovider.UpdateVirtualFolderQuota(&vfolder.BaseVirtualFolder, 0, -fileSize, false) //nolint:errcheck
+ if vfolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&c.connection.User, 0, -fileSize, false) //nolint:errcheck
+ }
} else {
dataprovider.UpdateUserQuota(&c.connection.User, 0, -fileSize, false) //nolint:errcheck
}
@@ -337,7 +333,7 @@ func (c *scpCommand) handleUpload(uploadFilePath string, sizeToRead int64) error
}
if common.Config.IsAtomicUploadEnabled() && fs.IsAtomicUploadSupported() {
- _, _, err = fs.Rename(p, filePath, 0)
+ _, _, err = fs.Rename(p, filePath)
if err != nil {
c.connection.Log(logger.LevelError, "error renaming existing file for atomic upload, source: %q, dest: %q, err: %v",
p, filePath, err)
@@ -508,13 +504,6 @@ func (c *scpCommand) sendDownloadFileData(fs vfs.Fs, filePath string, stat os.Fi
func (c *scpCommand) handleDownload(filePath string) error {
c.connection.UpdateLastActivity()
-
- if err := common.Connections.IsNewTransferAllowed(c.connection.User.Username); err != nil {
- err := fmt.Errorf("denying file read due to transfer count limits")
- c.connection.Log(logger.LevelInfo, "denying file read due to transfer count limits")
- c.sendErrorMessage(nil, err)
- return err
- }
transferQuota := c.connection.GetTransferQuota()
if !transferQuota.HasDownloadSpace() {
c.connection.Log(logger.LevelInfo, "denying file read due to quota limits")
diff --git a/internal/sftpd/server.go b/internal/sftpd/server.go
index 3bee040d..fdad2d0f 100644
--- a/internal/sftpd/server.go
+++ b/internal/sftpd/server.go
@@ -16,21 +16,16 @@ package sftpd
import (
"bytes"
- "context"
- "crypto/sha256"
"encoding/hex"
"encoding/json"
"errors"
"fmt"
"io"
"io/fs"
- "maps"
"net"
"os"
- "os/exec"
"path/filepath"
"runtime/debug"
- "slices"
"strings"
"sync"
"time"
@@ -55,10 +50,6 @@ const (
defaultPrivateEd25519KeyName = "id_ed25519"
sourceAddressCriticalOption = "source-address"
keyExchangeCurve25519SHA256LibSSH = "curve25519-sha256@libssh.org"
- extraDataPartialSuccessErrKey = "partialSuccessErr"
- extraDataUserKey = "user"
- extraDataKeyIDKey = "keyID"
- extraDataLoginMethodKey = "login_method"
)
var (
@@ -85,20 +76,10 @@ var (
revokedCertManager = revokedCertificates{
certs: map[string]bool{},
}
+
+ sftpAuthError = newAuthenticationError(nil, "", "")
)
-type commandExecutor interface {
- CombinedOutput(ctx context.Context, name string, args ...string) ([]byte, error)
-}
-
-type defaultExecutor struct{}
-
-func (d defaultExecutor) CombinedOutput(ctx context.Context, name string, args ...string) ([]byte, error) {
- cmd := exec.CommandContext(ctx, name, args...)
- cmd.Env = []string{}
- return cmd.CombinedOutput()
-}
-
// Binding defines the configuration for a network listener
type Binding struct {
// The address to listen on. A blank value means listen on all available network interfaces.
@@ -147,6 +128,10 @@ type Configuration struct {
// KexAlgorithms specifies the available KEX (Key Exchange) algorithms in
// preference order.
KexAlgorithms []string `json:"kex_algorithms" mapstructure:"kex_algorithms"`
+ // MinDHGroupExchangeKeySize defines the minimum key size to allow for the
+ // key exchanges when using diffie-ellman-group-exchange-sha1 or sha256 key
+ // exchange algorithms.
+ MinDHGroupExchangeKeySize int `json:"min_dh_group_exchange_key_size" mapstructure:"min_dh_group_exchange_key_size"`
// Ciphers specifies the ciphers allowed
Ciphers []string `json:"ciphers" mapstructure:"ciphers"`
// MACs Specifies the available MAC (message authentication code) algorithms
@@ -163,10 +148,6 @@ type Configuration struct {
// Example content:
// ["SHA256:bsBRHC/xgiqBJdSuvSTNpJNLTISP/G356jNMCRYC5Es","SHA256:119+8cL/HH+NLMawRsJx6CzPF1I3xC+jpM60bQHXGE8"]
RevokedUserCertsFile string `json:"revoked_user_certs_file" mapstructure:"revoked_user_certs_file"`
- // Absolute path to the opkssh binary used for OpenPubkey SSH integration
- OPKSSHPath string `json:"opkssh_path" mapstructure:"opkssh_path"`
- // Expected SHA256 checksum of the opkssh binary. It is verified at application startup
- OPKSSHChecksum string `json:"opkssh_checksum" mapstructure:"opkssh_checksum"`
// LoginBannerFile the contents of the specified file, if any, are sent to
// the remote user before authentication is allowed.
LoginBannerFile string `json:"login_banner_file" mapstructure:"login_banner_file"`
@@ -202,7 +183,6 @@ type Configuration struct {
PasswordAuthentication bool `json:"password_authentication" mapstructure:"password_authentication"`
certChecker *ssh.CertChecker
parsedUserCAKeys []ssh.PublicKey
- executor commandExecutor
}
type authenticationError struct {
@@ -255,6 +235,10 @@ func (c *Configuration) getServerConfig() *ssh.ServerConfig {
MaxAuthTries: c.MaxAuthTries,
PublicKeyCallback: func(conn ssh.ConnMetadata, pubKey ssh.PublicKey) (*ssh.Permissions, error) {
sp, err := c.validatePublicKeyCredentials(conn, pubKey)
+ var partialSuccess *ssh.PartialSuccessError
+ if errors.As(err, &partialSuccess) {
+ return sp, err
+ }
if err != nil {
return nil, newAuthenticationError(fmt.Errorf("could not validate public key credentials: %w", err),
dataprovider.SSHLoginMethodPublicKey, conn.User())
@@ -262,35 +246,6 @@ func (c *Configuration) getServerConfig() *ssh.ServerConfig {
return sp, nil
},
- VerifiedPublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey, permissions *ssh.Permissions, signatureAlgorithm string) (*ssh.Permissions, error) {
- if partialErr, ok := permissions.ExtraData[extraDataPartialSuccessErrKey]; ok {
- logger.Info(logSender, hex.EncodeToString(conn.SessionID()), "user %q authenticated with partial success, signature algorithm %q",
- conn.User(), signatureAlgorithm)
- return nil, partialErr.(error)
- }
- method := dataprovider.SSHLoginMethodPublicKey
- user := permissions.ExtraData[extraDataUserKey].(dataprovider.User)
- keyID := permissions.ExtraData[extraDataKeyIDKey].(string)
- sshPerm, err := loginUser(&user, method, fmt.Sprintf("%s (%s)", keyID, signatureAlgorithm), conn)
- if err == nil {
- // if we have a SSH user cert we need to merge certificate permissions with our ones
- // we only set Extensions, so CriticalOptions are always the ones from the certificate
- sshPerm.CriticalOptions = permissions.CriticalOptions
- if permissions.Extensions != nil {
- if sshPerm.Extensions == nil {
- sshPerm.Extensions = make(map[string]string)
- }
- maps.Copy(sshPerm.Extensions, permissions.Extensions)
- }
- if sshPerm.ExtraData == nil {
- sshPerm.ExtraData = make(map[any]any)
- }
- }
- user.Username = conn.User()
- ipAddr := util.GetIPFromRemoteAddress(conn.RemoteAddr().String())
- updateLoginMetrics(&user, ipAddr, method, err)
- return sshPerm, err
- },
ServerVersion: fmt.Sprintf("SSH-2.0-%s", version.GetServerVersion("_", false)),
}
@@ -308,13 +263,13 @@ func (c *Configuration) getServerConfig() *ssh.ServerConfig {
func (c *Configuration) updateSupportedAuthentications() {
serviceStatus.Authentications = util.RemoveDuplicates(serviceStatus.Authentications, false)
- if slices.Contains(serviceStatus.Authentications, dataprovider.LoginMethodPassword) &&
- slices.Contains(serviceStatus.Authentications, dataprovider.SSHLoginMethodPublicKey) {
+ if util.Contains(serviceStatus.Authentications, dataprovider.LoginMethodPassword) &&
+ util.Contains(serviceStatus.Authentications, dataprovider.SSHLoginMethodPublicKey) {
serviceStatus.Authentications = append(serviceStatus.Authentications, dataprovider.SSHLoginMethodKeyAndPassword)
}
- if slices.Contains(serviceStatus.Authentications, dataprovider.SSHLoginMethodKeyboardInteractive) &&
- slices.Contains(serviceStatus.Authentications, dataprovider.SSHLoginMethodPublicKey) {
+ if util.Contains(serviceStatus.Authentications, dataprovider.SSHLoginMethodKeyboardInteractive) &&
+ util.Contains(serviceStatus.Authentications, dataprovider.SSHLoginMethodPublicKey) {
serviceStatus.Authentications = append(serviceStatus.Authentications, dataprovider.SSHLoginMethodKeyAndKeyboardInt)
}
}
@@ -360,7 +315,6 @@ func (c *Configuration) loadFromProvider() error {
// Initialize the SFTP server and add a persistent listener to handle inbound SFTP connections.
func (c *Configuration) Initialize(configDir string) error {
- c.executor = defaultExecutor{}
if err := c.loadFromProvider(); err != nil {
return fmt.Errorf("unable to load configs from provider: %w", err)
}
@@ -371,6 +325,9 @@ func (c *Configuration) Initialize(configDir string) error {
return common.ErrNoBinding
}
+ ssh.SetDHKexServerMinBits(uint32(c.MinDHGroupExchangeKeySize))
+ logger.Debug(logSender, "", "minimum key size allowed for diffie-ellman-group-exchange: %d",
+ ssh.GetDHKexServerMinBits())
sftp.SetSFTPExtensions(sftpExtensions...) //nolint:errcheck // we configure valid SFTP Extensions so we cannot get an error
sftp.MaxFilelist = 250
@@ -384,9 +341,6 @@ func (c *Configuration) Initialize(configDir string) error {
if err := c.initializeCertChecker(configDir); err != nil {
return err
}
- if err := c.initializeOPKSSH(); err != nil {
- return err
- }
c.configureKeyboardInteractiveAuth(serverConfig)
c.configureLoginBanner(serverConfig, configDir)
c.checkSSHCommands()
@@ -468,7 +422,7 @@ func (c *Configuration) configureKeyAlgos(serverConfig *ssh.ServerConfig) error
c.HostKeyAlgorithms = util.RemoveDuplicates(c.HostKeyAlgorithms, true)
}
for _, hostKeyAlgo := range c.HostKeyAlgorithms {
- if !slices.Contains(supportedHostKeyAlgos, hostKeyAlgo) {
+ if !util.Contains(supportedHostKeyAlgos, hostKeyAlgo) {
return fmt.Errorf("unsupported host key algorithm %q", hostKeyAlgo)
}
}
@@ -476,7 +430,7 @@ func (c *Configuration) configureKeyAlgos(serverConfig *ssh.ServerConfig) error
if len(c.PublicKeyAlgorithms) > 0 {
c.PublicKeyAlgorithms = util.RemoveDuplicates(c.PublicKeyAlgorithms, true)
for _, algo := range c.PublicKeyAlgorithms {
- if !slices.Contains(supportedPublicKeyAlgos, algo) {
+ if !util.Contains(supportedPublicKeyAlgos, algo) {
return fmt.Errorf("unsupported public key authentication algorithm %q", algo)
}
}
@@ -498,9 +452,9 @@ func (c *Configuration) checkKeyExchangeAlgorithms() {
}
kexs = append(kexs, k)
if strings.TrimSpace(k) == keyExchangeCurve25519SHA256LibSSH {
- kexs = append(kexs, ssh.KeyExchangeCurve25519)
+ kexs = append(kexs, ssh.KeyExchangeCurve25519SHA256)
}
- if strings.TrimSpace(k) == ssh.KeyExchangeCurve25519 {
+ if strings.TrimSpace(k) == ssh.KeyExchangeCurve25519SHA256 {
kexs = append(kexs, keyExchangeCurve25519SHA256LibSSH)
}
}
@@ -518,7 +472,7 @@ func (c *Configuration) configureSecurityOptions(serverConfig *ssh.ServerConfig)
if kex == keyExchangeCurve25519SHA256LibSSH {
continue
}
- if !slices.Contains(supportedKexAlgos, kex) {
+ if !util.Contains(supportedKexAlgos, kex) {
return fmt.Errorf("unsupported key-exchange algorithm %q", kex)
}
}
@@ -532,10 +486,7 @@ func (c *Configuration) configureSecurityOptions(serverConfig *ssh.ServerConfig)
if len(c.Ciphers) > 0 {
c.Ciphers = util.RemoveDuplicates(c.Ciphers, true)
for _, cipher := range c.Ciphers {
- if slices.Contains([]string{"aes192-cbc", "aes256-cbc"}, cipher) {
- continue
- }
- if !slices.Contains(supportedCiphers, cipher) {
+ if !util.Contains(supportedCiphers, cipher) {
return fmt.Errorf("unsupported cipher %q", cipher)
}
}
@@ -548,7 +499,7 @@ func (c *Configuration) configureSecurityOptions(serverConfig *ssh.ServerConfig)
if len(c.MACs) > 0 {
c.MACs = util.RemoveDuplicates(c.MACs, true)
for _, mac := range c.MACs {
- if !slices.Contains(supportedMACs, mac) {
+ if !util.Contains(supportedMACs, mac) {
return fmt.Errorf("unsupported MAC algorithm %q", mac)
}
}
@@ -611,7 +562,7 @@ func (c *Configuration) configureKeyboardInteractiveAuth(serverConfig *ssh.Serve
}
// AcceptInboundConnection handles an inbound connection to the server instance and determines if the request should be served or not.
-func (c *Configuration) AcceptInboundConnection(conn net.Conn, config *ssh.ServerConfig) { //nolint:gocyclo
+func (c *Configuration) AcceptInboundConnection(conn net.Conn, config *ssh.ServerConfig) {
defer func() {
if r := recover(); r != nil {
logger.Error(logSender, "", "panic in AcceptInboundConnection: %q stack trace: %v", r, string(debug.Stack()))
@@ -640,10 +591,14 @@ func (c *Configuration) AcceptInboundConnection(conn net.Conn, config *ssh.Serve
conn.SetDeadline(time.Time{}) //nolint:errcheck
go ssh.DiscardRequests(reqs)
- defer sconn.Close()
+ defer conn.Close()
- user := sconn.Permissions.ExtraData[extraDataUserKey].(dataprovider.User)
- loginType := sconn.Permissions.ExtraData[extraDataLoginMethodKey].(string)
+ var user dataprovider.User
+
+ // Unmarshal cannot fails here and even if it fails we'll have a user with no permissions
+ json.Unmarshal(util.StringToBytes(sconn.Permissions.Extensions["sftpgo_user"]), &user) //nolint:errcheck
+
+ loginType := sconn.Permissions.Extensions["sftpgo_login_method"]
connectionID := hex.EncodeToString(sconn.SessionID())
defer user.CloseFs() //nolint:errcheck
@@ -653,13 +608,13 @@ func (c *Configuration) AcceptInboundConnection(conn net.Conn, config *ssh.Serve
return
}
- logger.LoginLog(user.Username, ipAddr, loginType, common.ProtocolSSH, connectionID,
- util.BytesToString(sconn.ClientVersion()), true,
- fmt.Sprintf("negotiated algorithms: %+v", sconn.Conn.(ssh.AlgorithmsConnMetadata).Algorithms()))
-
+ logger.Log(logger.LevelInfo, common.ProtocolSSH, connectionID,
+ "User %q logged in with %q, from ip %q, client version %q, negotiated algorithms: %+v",
+ user.Username, loginType, ipAddr, util.BytesToString(sconn.ClientVersion()),
+ sconn.Conn.(ssh.AlgorithmsConnMetadata).Algorithms())
dataprovider.UpdateLastLogin(&user)
- sshConnection := common.NewSSHConnection(connectionID, sconn)
+ sshConnection := common.NewSSHConnection(connectionID, conn)
common.Connections.AddSSHConnection(sshConnection)
defer common.Connections.RemoveSSHConnection(connectionID)
@@ -682,6 +637,7 @@ func (c *Configuration) AcceptInboundConnection(conn net.Conn, config *ssh.Serve
}
channelCounter++
+ sshConnection.UpdateLastActivity()
// Channels have a type that is dependent on the protocol. For SFTP this is "subsystem"
// with a payload that (should) be "sftp". Discard anything else we receive ("pty", "shell", etc)
go func(in <-chan *ssh.Request, counter int64) {
@@ -691,9 +647,8 @@ func (c *Configuration) AcceptInboundConnection(conn net.Conn, config *ssh.Serve
switch req.Type {
case "subsystem":
- if bytes.Equal(req.Payload[4:], []byte("sftp")) {
+ if util.BytesToString(req.Payload[4:]) == "sftp" {
ok = true
- sshConnection.UpdateLastActivity()
connection := &Connection{
BaseConnection: common.NewBaseConnection(connID, common.ProtocolSFTP, conn.LocalAddr().String(),
conn.RemoteAddr().String(), user),
@@ -715,9 +670,6 @@ func (c *Configuration) AcceptInboundConnection(conn net.Conn, config *ssh.Serve
channel: channel,
}
ok = processSSHCommand(req.Payload, &connection, c.EnabledSSHCommands)
- if ok {
- sshConnection.UpdateLastActivity()
- }
}
if req.WantReply {
req.Reply(ok, nil) //nolint:errcheck
@@ -734,7 +686,6 @@ func (c *Configuration) handleSftpConnection(channel ssh.Channel, connection *Co
}
}()
if err := common.Connections.Add(connection); err != nil {
- defer connection.CloseFS() //nolint:errcheck
errClose := connection.Disconnect()
logger.Info(logSender, "", "unable to add connection: %v, close err: %v", err, errClose)
return
@@ -834,7 +785,7 @@ func loginUser(user *dataprovider.User, loginMethod, publicKey string, conn ssh.
user.Username, user.HomeDir)
return nil, fmt.Errorf("cannot login user with invalid home dir: %q", user.HomeDir)
}
- if slices.Contains(user.Filters.DeniedProtocols, common.ProtocolSSH) {
+ if util.Contains(user.Filters.DeniedProtocols, common.ProtocolSSH) {
logger.Info(logSender, connectionID, "cannot login user %q, protocol SSH is not allowed", user.Username)
return nil, fmt.Errorf("protocol SSH is not allowed for user %q", user.Username)
}
@@ -863,25 +814,30 @@ func loginUser(user *dataprovider.User, loginMethod, publicKey string, conn ssh.
return nil, fmt.Errorf("login for user %q is not allowed from this address: %v", user.Username, remoteAddr)
}
+ json, err := json.Marshal(user)
+ if err != nil {
+ logger.Warn(logSender, connectionID, "error serializing user info: %v, authentication rejected", err)
+ return nil, err
+ }
if publicKey != "" {
loginMethod = fmt.Sprintf("%v: %v", loginMethod, publicKey)
}
p := &ssh.Permissions{}
- p.ExtraData = make(map[any]any)
- p.ExtraData[extraDataUserKey] = *user
- p.ExtraData[extraDataLoginMethodKey] = loginMethod
+ p.Extensions = make(map[string]string)
+ p.Extensions["sftpgo_user"] = util.BytesToString(json)
+ p.Extensions["sftpgo_login_method"] = loginMethod
return p, nil
}
func (c *Configuration) checkSSHCommands() {
- if slices.Contains(c.EnabledSSHCommands, "*") {
+ if util.Contains(c.EnabledSSHCommands, "*") {
c.EnabledSSHCommands = GetSupportedSSHCommands()
return
}
sshCommands := []string{}
for _, command := range c.EnabledSSHCommands {
command = strings.TrimSpace(command)
- if slices.Contains(supportedSSHCommands, command) {
+ if util.Contains(supportedSSHCommands, command) {
sshCommands = append(sshCommands, command)
} else {
logger.Warn(logSender, "", "unsupported ssh command: %q ignored", command)
@@ -900,12 +856,11 @@ func (c *Configuration) generateDefaultHostKeys(configDir string) error {
if _, err = os.Stat(autoFile); errors.Is(err, fs.ErrNotExist) {
logger.Info(logSender, "", "No host keys configured and %q does not exist; try to create a new host key", autoFile)
logger.InfoToConsole("No host keys configured and %q does not exist; try to create a new host key", autoFile)
- switch k {
- case defaultPrivateRSAKeyName:
+ if k == defaultPrivateRSAKeyName {
err = util.GenerateRSAKeys(autoFile)
- case defaultPrivateECDSAKeyName:
+ } else if k == defaultPrivateECDSAKeyName {
err = util.GenerateECDSAKeys(autoFile)
- default:
+ } else {
err = util.GenerateEd25519Keys(autoFile)
}
if err != nil {
@@ -972,7 +927,7 @@ func (c *Configuration) checkHostKeyAutoGeneration(configDir string) error {
func (c *Configuration) getHostKeyAlgorithms(keyFormat string) []string {
var algos []string
for _, algo := range algorithmsForKeyFormat(keyFormat) {
- if slices.Contains(c.HostKeyAlgorithms, algo) {
+ if util.Contains(c.HostKeyAlgorithms, algo) {
algos = append(algos, algo)
}
}
@@ -1031,7 +986,7 @@ func (c *Configuration) checkAndLoadHostKeys(configDir string, serverConfig *ssh
var algos []string
for _, algo := range algorithmsForKeyFormat(signer.PublicKey().Type()) {
if underlyingAlgo, ok := certKeyAlgoNames[algo]; ok {
- if slices.Contains(mas.Algorithms(), underlyingAlgo) {
+ if util.Contains(mas.Algorithms(), underlyingAlgo) {
algos = append(algos, algo)
}
}
@@ -1091,49 +1046,6 @@ func (c *Configuration) loadHostCertificates(configDir string) ([]hostCertificat
return certs, nil
}
-func (c *Configuration) initializeOPKSSH() error {
- if c.OPKSSHPath != "" {
- if len(c.parsedUserCAKeys) > 0 {
- return errors.New("opkssh and certificate authorities are mutually exclusive")
- }
- if !util.IsFileInputValid(c.OPKSSHPath) || !filepath.IsAbs(c.OPKSSHPath) {
- return fmt.Errorf("opkssh path %q is not valid, it must be an absolute path", c.OPKSSHPath)
- }
- if c.OPKSSHChecksum == "" {
- if _, err := os.Stat(c.OPKSSHPath); err != nil {
- return fmt.Errorf("error validating opkssh path %q: %w", c.OPKSSHPath, err)
- }
- } else {
- if err := util.VerifyFileChecksum(c.OPKSSHPath, sha256.New(), c.OPKSSHChecksum, 100*1024*1024); err != nil {
- return fmt.Errorf("error validating opkssh checksum: %w", err)
- }
- }
- }
-
- return nil
-}
-
-func (c *Configuration) verifyWithOPKSSH(username string, cert *ssh.Certificate) error {
- ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
- defer cancel()
-
- args := []string{"verify", username, util.BytesToString(ssh.MarshalAuthorizedKey(cert)), cert.Type()}
- out, err := c.executor.CombinedOutput(ctx, c.OPKSSHPath, args...)
- if err != nil {
- logger.Debug(logSender, "", "unable to execute opk verifier: %s", string(out))
- return fmt.Errorf("unable to execute opk verifier: %w", err)
- }
- pubKey, _, _, _, err := ssh.ParseAuthorizedKey(out) //nolint:dogsled
- if err != nil {
- logger.Debug(logSender, "", "unable to validate the opk verifier output: %s", string(out))
- return fmt.Errorf("unable to validate the opk verifier output: %w", err)
- }
- if !bytes.Equal(pubKey.Marshal(), cert.SignatureKey.Marshal()) {
- return errors.New("unable to validate opk result")
- }
- return nil
-}
-
func (c *Configuration) initializeCertChecker(configDir string) error {
for _, keyPath := range c.TrustedUserCAKeys {
keyPath = strings.TrimSpace(keyPath)
@@ -1186,12 +1098,12 @@ func (c *Configuration) initializeCertChecker(configDir string) error {
func (c *Configuration) getPartialSuccessError(nextAuthMethods []string) error {
err := &ssh.PartialSuccessError{}
- if c.PasswordAuthentication && slices.Contains(nextAuthMethods, dataprovider.LoginMethodPassword) {
+ if c.PasswordAuthentication && util.Contains(nextAuthMethods, dataprovider.LoginMethodPassword) {
err.Next.PasswordCallback = func(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) {
return c.validatePasswordCredentials(conn, password, dataprovider.SSHLoginMethodKeyAndPassword)
}
}
- if c.KeyboardInteractiveAuthentication && slices.Contains(nextAuthMethods, dataprovider.SSHLoginMethodKeyboardInteractive) {
+ if c.KeyboardInteractiveAuthentication && util.Contains(nextAuthMethods, dataprovider.SSHLoginMethodKeyboardInteractive) {
err.Next.KeyboardInteractiveCallback = func(conn ssh.ConnMetadata, client ssh.KeyboardInteractiveChallenge) (*ssh.Permissions, error) {
return c.validateKeyboardInteractiveCredentials(conn, client, dataprovider.SSHLoginMethodKeyAndKeyboardInt, true)
}
@@ -1200,75 +1112,74 @@ func (c *Configuration) getPartialSuccessError(nextAuthMethods []string) error {
}
func (c *Configuration) validatePublicKeyCredentials(conn ssh.ConnMetadata, pubKey ssh.PublicKey) (*ssh.Permissions, error) {
+ var err error
var user dataprovider.User
+ var keyID string
+ var sshPerm *ssh.Permissions
var certPerm *ssh.Permissions
+ connectionID := hex.EncodeToString(conn.SessionID())
method := dataprovider.SSHLoginMethodPublicKey
ipAddr := util.GetIPFromRemoteAddress(conn.RemoteAddr().String())
cert, ok := pubKey.(*ssh.Certificate)
var certFingerprint string
if ok {
certFingerprint = ssh.FingerprintSHA256(cert.Key)
- if c.OPKSSHPath != "" {
- if err := c.verifyWithOPKSSH(conn.User(), cert); err != nil {
- err := fmt.Errorf("ssh: verification with OPK failed: %v", err)
- user.Username = conn.User()
- updateLoginMetrics(&user, ipAddr, method, err)
- return nil, err
- }
- } else {
- if cert.CertType != ssh.UserCert {
- err := fmt.Errorf("ssh: cert has type %d", cert.CertType)
- user.Username = conn.User()
- updateLoginMetrics(&user, ipAddr, method, err)
- return nil, err
- }
- if !c.certChecker.IsUserAuthority(cert.SignatureKey) {
- err := errors.New("ssh: certificate signed by unrecognized authority")
- user.Username = conn.User()
- updateLoginMetrics(&user, ipAddr, method, err)
- return nil, err
- }
- if len(cert.ValidPrincipals) == 0 {
- err := fmt.Errorf("ssh: certificate %s has no valid principals, user: \"%s\"", certFingerprint, conn.User())
- user.Username = conn.User()
- updateLoginMetrics(&user, ipAddr, method, err)
- return nil, err
- }
- if revokedCertManager.isRevoked(certFingerprint) {
- err := fmt.Errorf("ssh: certificate %s is revoked", certFingerprint)
- user.Username = conn.User()
- updateLoginMetrics(&user, ipAddr, method, err)
- return nil, err
- }
- if err := c.certChecker.CheckCert(conn.User(), cert); err != nil {
- user.Username = conn.User()
- updateLoginMetrics(&user, ipAddr, method, err)
- return nil, err
- }
+ if cert.CertType != ssh.UserCert {
+ err = fmt.Errorf("ssh: cert has type %d", cert.CertType)
+ user.Username = conn.User()
+ updateLoginMetrics(&user, ipAddr, method, err)
+ return nil, err
+ }
+ if !c.certChecker.IsUserAuthority(cert.SignatureKey) {
+ err = errors.New("ssh: certificate signed by unrecognized authority")
+ user.Username = conn.User()
+ updateLoginMetrics(&user, ipAddr, method, err)
+ return nil, err
+ }
+ if len(cert.ValidPrincipals) == 0 {
+ err = fmt.Errorf("ssh: certificate %s has no valid principals, user: \"%s\"", certFingerprint, conn.User())
+ user.Username = conn.User()
+ updateLoginMetrics(&user, ipAddr, method, err)
+ return nil, err
+ }
+ if revokedCertManager.isRevoked(certFingerprint) {
+ err = fmt.Errorf("ssh: certificate %s is revoked", certFingerprint)
+ user.Username = conn.User()
+ updateLoginMetrics(&user, ipAddr, method, err)
+ return nil, err
+ }
+ if err := c.certChecker.CheckCert(conn.User(), cert); err != nil {
+ user.Username = conn.User()
+ updateLoginMetrics(&user, ipAddr, method, err)
+ return nil, err
}
certPerm = &cert.Permissions
}
- user, keyID, err := dataprovider.CheckUserAndPubKey(conn.User(), pubKey.Marshal(), ipAddr, common.ProtocolSSH, ok)
- if err != nil {
- user.Username = conn.User()
- updateLoginMetrics(&user, ipAddr, method, err)
- return nil, err
+ if user, keyID, err = dataprovider.CheckUserAndPubKey(conn.User(), pubKey.Marshal(), ipAddr, common.ProtocolSSH, ok); err == nil {
+ if ok {
+ keyID = fmt.Sprintf("%s: ID: %s, serial: %v, CA %s %s", certFingerprint,
+ cert.KeyId, cert.Serial, cert.Type(), ssh.FingerprintSHA256(cert.SignatureKey))
+ }
+ if user.IsPartialAuth() {
+ logger.Debug(logSender, connectionID, "user %q authenticated with partial success", conn.User())
+ return certPerm, c.getPartialSuccessError(user.GetNextAuthMethods())
+ }
+ sshPerm, err = loginUser(&user, method, keyID, conn)
+ if err == nil && certPerm != nil {
+ // if we have a SSH user cert we need to merge certificate permissions with our ones
+ // we only set Extensions, so CriticalOptions are always the ones from the certificate
+ sshPerm.CriticalOptions = certPerm.CriticalOptions
+ if certPerm.Extensions != nil {
+ for k, v := range certPerm.Extensions {
+ sshPerm.Extensions[k] = v
+ }
+ }
+ }
}
- if ok {
- keyID = fmt.Sprintf("%s: ID: %s, serial: %v, CA %s %s", certFingerprint,
- cert.KeyId, cert.Serial, cert.Type(), ssh.FingerprintSHA256(cert.SignatureKey))
- }
- if certPerm == nil {
- certPerm = &ssh.Permissions{}
- }
- certPerm.ExtraData = make(map[any]any)
- certPerm.ExtraData[extraDataKeyIDKey] = keyID
- certPerm.ExtraData[extraDataUserKey] = user
- if user.IsPartialAuth() {
- certPerm.ExtraData[extraDataPartialSuccessErrKey] = c.getPartialSuccessError(user.GetNextAuthMethods())
- }
- return certPerm, nil
+ user.Username = conn.User()
+ updateLoginMetrics(&user, ipAddr, method, err)
+ return sshPerm, err
}
func (c *Configuration) validatePasswordCredentials(conn ssh.ConnMetadata, pass []byte, method string) (*ssh.Permissions, error) {
diff --git a/internal/sftpd/sftpd.go b/internal/sftpd/sftpd.go
index 3f69cdde..92f30460 100644
--- a/internal/sftpd/sftpd.go
+++ b/internal/sftpd/sftpd.go
@@ -31,15 +31,16 @@ const (
var (
supportedSSHCommands = []string{"scp", "md5sum", "sha1sum", "sha256sum", "sha384sum", "sha512sum", "cd", "pwd",
- "sftpgo-copy", "sftpgo-remove"}
+ "git-receive-pack", "git-upload-pack", "git-upload-archive", "rsync", "sftpgo-copy", "sftpgo-remove"}
defaultSSHCommands = []string{"md5sum", "sha1sum", "sha256sum", "cd", "pwd", "scp"}
sshHashCommands = []string{"md5sum", "sha1sum", "sha256sum", "sha384sum", "sha512sum"}
+ systemCommands = []string{"git-receive-pack", "git-upload-pack", "git-upload-archive", "rsync"}
serviceStatus ServiceStatus
certKeyAlgoNames = map[string]string{
ssh.CertAlgoRSAv01: ssh.KeyAlgoRSA,
ssh.CertAlgoRSASHA256v01: ssh.KeyAlgoRSASHA256,
ssh.CertAlgoRSASHA512v01: ssh.KeyAlgoRSASHA512,
- ssh.InsecureCertAlgoDSAv01: ssh.InsecureKeyAlgoDSA, //nolint:staticcheck
+ ssh.InsecureCertAlgoDSAv01: ssh.InsecureKeyAlgoDSA,
ssh.CertAlgoECDSA256v01: ssh.KeyAlgoECDSA256,
ssh.CertAlgoECDSA384v01: ssh.KeyAlgoECDSA384,
ssh.CertAlgoECDSA521v01: ssh.KeyAlgoECDSA521,
diff --git a/internal/sftpd/sftpd_test.go b/internal/sftpd/sftpd_test.go
index 44de3c31..f8fe779c 100644
--- a/internal/sftpd/sftpd_test.go
+++ b/internal/sftpd/sftpd_test.go
@@ -23,7 +23,6 @@ import (
"crypto/sha512"
"encoding/base64"
"encoding/binary"
- "encoding/hex"
"encoding/json"
"errors"
"fmt"
@@ -38,7 +37,6 @@ import (
"path"
"path/filepath"
"runtime"
- "slices"
"strconv"
"strings"
"sync"
@@ -259,7 +257,7 @@ func TestMain(m *testing.M) {
}
sftpdConf.KexAlgorithms = []string{"curve25519-sha256@libssh.org", ssh.KeyExchangeECDHP256,
ssh.KeyExchangeECDHP384}
- sftpdConf.Ciphers = []string{ssh.CipherChaCha20Poly1305, ssh.CipherAES128GCM,
+ sftpdConf.Ciphers = []string{ssh.CipherChacha20Poly1305, ssh.CipherAES128GCM,
ssh.CipherAES256CTR}
sftpdConf.LoginBannerFile = loginBannerFileName
// we need to test all supported ssh commands
@@ -488,17 +486,6 @@ func TestInitialization(t *testing.T) {
assert.NoError(t, err)
sftpdConf.HostKeys = nil
sftpdConf.HostCertificates = nil
- sftpdConf.OPKSSHPath = "relative path"
- err = sftpdConf.Initialize(configDir)
- assert.Error(t, err)
- sftpdConf.OPKSSHPath = filepath.Join(os.TempDir(), "missing path")
- err = sftpdConf.Initialize(configDir)
- assert.Error(t, err)
- sftpdConf.OPKSSHChecksum = "invalid checksum"
- err = sftpdConf.Initialize(configDir)
- assert.Error(t, err)
- sftpdConf.OPKSSHPath = ""
- sftpdConf.OPKSSHChecksum = ""
sftpdConf.RevokedUserCertsFile = "."
err = sftpdConf.Initialize(configDir)
assert.Error(t, err)
@@ -795,34 +782,6 @@ func TestSFTPFsEscapeHomeDir(t *testing.T) {
assert.NoError(t, err)
}
-func TestReadDirLongNames(t *testing.T) {
- usePubKey := true
- user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated)
- assert.NoError(t, err)
-
- conn, client, err := getSftpClient(user, usePubKey)
- if assert.NoError(t, err) {
- defer conn.Close()
- defer client.Close()
-
- numFiles := 1000
- for i := 0; i < 1000; i++ {
- fPath := filepath.Join(user.GetHomeDir(), hex.EncodeToString(util.GenerateRandomBytes(127)))
- err = os.WriteFile(fPath, util.GenerateRandomBytes(30), 0666)
- assert.NoError(t, err)
- }
-
- entries, err := client.ReadDir("/")
- assert.NoError(t, err)
- assert.Len(t, entries, numFiles)
- }
-
- _, err = httpdtest.RemoveUser(user, http.StatusOK)
- assert.NoError(t, err)
- err = os.RemoveAll(user.GetHomeDir())
- assert.NoError(t, err)
-}
-
func TestGroupSettingsOverride(t *testing.T) {
usePubKey := true
g := getTestGroup()
@@ -1213,7 +1172,6 @@ func TestConcurrency(t *testing.T) {
assert.Eventually(t, func() bool {
return len(common.Connections.GetStats("")) == 0
}, 1*time.Second, 50*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
err = os.Remove(testFilePath)
assert.NoError(t, err)
@@ -2485,7 +2443,7 @@ func TestLoginWithDatabaseCredentials(t *testing.T) {
u := getTestUser(usePubKey)
u.FsConfig.Provider = sdk.GCSFilesystemProvider
u.FsConfig.GCSConfig.Bucket = "testbucket"
- u.FsConfig.GCSConfig.Credentials = kms.NewPlainSecret(`{ "type": "service_account", "private_key": " ", "client_email": "example@iam.gserviceaccount.com" }`)
+ u.FsConfig.GCSConfig.Credentials = kms.NewPlainSecret(`{ "type": "service_account" }`)
user, _, err := httpdtest.AddUser(u, http.StatusCreated)
assert.NoError(t, err)
assert.Equal(t, sdkkms.SecretStatusSecretBox, user.FsConfig.GCSConfig.Credentials.GetStatus())
@@ -3011,15 +2969,6 @@ func TestPreLoginScript(t *testing.T) {
}
usePubKey := true
u := getTestUser(usePubKey)
- mappedPath := filepath.Join(os.TempDir(), "vdir")
- folderName := filepath.Base(mappedPath)
- folderMountPath := "/vpath"
- u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{
- BaseVirtualFolder: vfs.BaseVirtualFolder{
- Name: folderName,
- },
- VirtualPath: folderMountPath,
- })
err := dataprovider.Close()
assert.NoError(t, err)
err = config.LoadConfig(configDir, "")
@@ -3031,37 +2980,13 @@ func TestPreLoginScript(t *testing.T) {
err = dataprovider.Initialize(providerConf, configDir, true)
assert.NoError(t, err)
- f := vfs.BaseVirtualFolder{
- Name: folderName,
- MappedPath: mappedPath,
- FsConfig: vfs.Filesystem{
- Provider: sdk.CryptedFilesystemProvider,
- CryptConfig: vfs.CryptFsConfig{
- Passphrase: kms.NewPlainSecret(defaultPassword),
- },
- },
- }
- _, _, err = httpdtest.AddFolder(f, http.StatusCreated)
- assert.NoError(t, err)
-
user, _, err := httpdtest.AddUser(u, http.StatusCreated)
assert.NoError(t, err)
conn, client, err := getSftpClient(u, usePubKey)
if assert.NoError(t, err) {
defer conn.Close()
defer client.Close()
-
assert.NoError(t, checkBasicSFTP(client))
- testFilePath := filepath.Join(homeBasePath, testFileName)
- testData := []byte("test data")
- err = os.WriteFile(testFilePath, testData, 0666)
- assert.NoError(t, err)
- err = sftpUploadFile(testFilePath, path.Join(folderMountPath, testFileName), int64(len(testData)), client)
- assert.NoError(t, err)
- info, err := os.Stat(filepath.Join(mappedPath, testFileName))
- if assert.NoError(t, err) {
- assert.Greater(t, info.Size(), int64(len(testData)))
- }
}
err = os.WriteFile(preLoginPath, getPreLoginScriptContent(user, true), os.ModePerm)
assert.NoError(t, err)
@@ -3098,10 +3023,6 @@ func TestPreLoginScript(t *testing.T) {
assert.NoError(t, err)
err = os.RemoveAll(user.GetHomeDir())
assert.NoError(t, err)
- _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName}, http.StatusOK)
- assert.NoError(t, err)
- err = os.RemoveAll(mappedPath)
- assert.NoError(t, err)
err = dataprovider.Close()
assert.NoError(t, err)
err = config.LoadConfig(configDir, "")
@@ -3119,7 +3040,6 @@ func TestPreLoginUserCreation(t *testing.T) {
}
usePubKey := false
u := getTestUser(usePubKey)
- u.Permissions["/list"] = []string{"list", "download"}
err := dataprovider.Close()
assert.NoError(t, err)
err = config.LoadConfig(configDir, "")
@@ -3141,23 +3061,6 @@ func TestPreLoginUserCreation(t *testing.T) {
}
user, _, err := httpdtest.GetUserByUsername(defaultUsername, http.StatusOK)
assert.NoError(t, err)
- assert.Len(t, user.Permissions, 2)
- assert.Empty(t, user.Description)
- u.Description = "some desc"
- delete(u.Permissions, "/list")
- err = os.WriteFile(preLoginPath, getPreLoginScriptContent(u, false), os.ModePerm)
- assert.NoError(t, err)
- // The user should be updated and list permission removed
- conn, client, err = getSftpClient(u, usePubKey)
- if assert.NoError(t, err) {
- defer conn.Close()
- defer client.Close()
- assert.NoError(t, checkBasicSFTP(client))
- }
- user, _, err = httpdtest.GetUserByUsername(defaultUsername, http.StatusOK)
- assert.NoError(t, err)
- assert.Len(t, user.Permissions, 1)
- assert.NotEmpty(t, user.Description)
_, err = httpdtest.RemoveUser(user, http.StatusOK)
assert.NoError(t, err)
err = os.RemoveAll(user.GetHomeDir())
@@ -4458,78 +4361,6 @@ func TestMaxPerHostConnections(t *testing.T) {
common.Config.MaxPerHostConnections = oldValue
}
-func TestMaxTransfers(t *testing.T) {
- oldValue := common.Config.MaxPerHostConnections
- common.Config.MaxPerHostConnections = 2
-
- assert.Eventually(t, func() bool {
- return common.Connections.GetClientConnections() == 0
- }, 1000*time.Millisecond, 50*time.Millisecond)
-
- usePubKey := true
- user := getTestUser(usePubKey)
- err := dataprovider.AddUser(&user, "", "", "")
- assert.NoError(t, err)
- user.Password = ""
- conn, client, err := getSftpClient(user, usePubKey)
- if assert.NoError(t, err) {
- assert.NoError(t, checkBasicSFTP(client))
-
- testFilePath := filepath.Join(homeBasePath, testFileName)
- testFileSize := int64(65535)
- err = createTestFile(testFilePath, testFileSize)
- assert.NoError(t, err)
- err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
- assert.NoError(t, err)
-
- f1, err := client.Create("file1")
- assert.NoError(t, err)
- f2, err := client.Create("file2")
- assert.NoError(t, err)
- _, err = f1.Write([]byte(" "))
- assert.NoError(t, err)
- _, err = f2.Write([]byte(" "))
- assert.NoError(t, err)
-
- err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
- assert.ErrorContains(t, err, sftp.ErrSSHFxPermissionDenied.Error())
-
- remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/")
- err = scpUpload(testFilePath, remoteUpPath, false, false)
- assert.Error(t, err)
-
- localDownloadPath := filepath.Join(homeBasePath, testDLFileName)
- err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client)
- assert.ErrorContains(t, err, sftp.ErrSSHFxPermissionDenied.Error())
-
- remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName))
- err = scpDownload(localDownloadPath, remoteDownPath, false, false)
- assert.Error(t, err)
-
- err = f1.Close()
- assert.NoError(t, err)
- err = f2.Close()
- assert.NoError(t, err)
- err = os.Remove(testFilePath)
- assert.NoError(t, err)
- err = os.Remove(localDownloadPath)
- assert.NoError(t, err)
- err = client.Close()
- assert.NoError(t, err)
- err = conn.Close()
- assert.NoError(t, err)
- }
- err = dataprovider.DeleteUser(user.Username, "", "", "")
- assert.NoError(t, err)
- err = os.RemoveAll(user.GetHomeDir())
- assert.NoError(t, err)
- assert.Eventually(t, func() bool {
- return common.Connections.GetTotalTransfers() == 0
- }, 1000*time.Millisecond, 50*time.Millisecond)
-
- common.Config.MaxPerHostConnections = oldValue
-}
-
func TestMaxSessions(t *testing.T) {
usePubKey := false
u := getTestUser(usePubKey)
@@ -5079,7 +4910,6 @@ func TestBandwidthAndConnections(t *testing.T) {
assert.Eventually(t, func() bool {
return len(common.Connections.GetStats("")) == 0
}, 10*time.Second, 200*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
err = os.Remove(testFilePath)
assert.NoError(t, err)
err = os.Remove(localDownloadPath)
@@ -5663,13 +5493,13 @@ func TestNestedVirtualFolders(t *testing.T) {
folderGet, _, err = httpdtest.GetFolderByName(folderName, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), folderGet.UsedQuotaSize)
- assert.Equal(t, 0, folderGet.UsedQuotaFiles)
+ assert.Equal(t, int64(18769), folderGet.UsedQuotaSize)
+ assert.Equal(t, 1, folderGet.UsedQuotaFiles)
folderGet, _, err = httpdtest.GetFolderByName(folderNameNested, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), folderGet.UsedQuotaSize)
- assert.Equal(t, 0, folderGet.UsedQuotaFiles)
+ assert.Equal(t, int64(27658), folderGet.UsedQuotaSize)
+ assert.Equal(t, 1, folderGet.UsedQuotaFiles)
files, err := client.ReadDir("/")
if assert.NoError(t, err) {
@@ -6336,8 +6166,8 @@ func TestVirtualFoldersQuotaValues(t *testing.T) {
assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize)
f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize, f.UsedQuotaSize)
@@ -6456,8 +6286,8 @@ func TestQuotaRenameInsideSameVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize)
f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 2, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
@@ -6481,8 +6311,8 @@ func TestQuotaRenameInsideSameVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 2, f.UsedQuotaFiles)
// rename a file inside vdir2, it isn't included inside user quota, so we have:
// - vdir1/dir1/testFileName.rename
// - vdir1/dir2/testFileName1
@@ -6500,8 +6330,8 @@ func TestQuotaRenameInsideSameVirtualFolder(t *testing.T) {
assert.Equal(t, 2, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 2, f.UsedQuotaFiles)
// rename a file inside vdir2 overwriting an existing, we now have:
// - vdir1/dir1/testFileName.rename
// - vdir1/dir2/testFileName1
@@ -6518,8 +6348,8 @@ func TestQuotaRenameInsideSameVirtualFolder(t *testing.T) {
assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 2, f.UsedQuotaFiles)
// rename a file inside vdir1 overwriting an existing, we now have:
// - vdir1/dir1/testFileName.rename (initial testFileName1)
// - vdir2/dir1/testFileName.rename (initial testFileName1)
@@ -6531,8 +6361,8 @@ func TestQuotaRenameInsideSameVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize1, f.UsedQuotaSize)
@@ -6552,8 +6382,8 @@ func TestQuotaRenameInsideSameVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize1, f.UsedQuotaSize)
@@ -6674,8 +6504,8 @@ func TestQuotaRenameBetweenVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize, user.UsedQuotaSize)
f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize+testFileSize1+testFileSize1, f.UsedQuotaSize)
@@ -6693,8 +6523,8 @@ func TestQuotaRenameBetweenVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize*2, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize*2, f.UsedQuotaSize)
+ assert.Equal(t, 2, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize1*2, f.UsedQuotaSize)
@@ -6711,8 +6541,8 @@ func TestQuotaRenameBetweenVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize1+testFileSize, f.UsedQuotaSize)
@@ -6728,8 +6558,8 @@ func TestQuotaRenameBetweenVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize, f.UsedQuotaSize)
@@ -6759,8 +6589,8 @@ func TestQuotaRenameBetweenVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize1*3+testFileSize*2, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize1*3+testFileSize*2, f.UsedQuotaSize)
+ assert.Equal(t, 5, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, int64(0), f.UsedQuotaSize)
@@ -6774,8 +6604,8 @@ func TestQuotaRenameBetweenVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize1*2+testFileSize, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize1*2+testFileSize, f.UsedQuotaSize)
+ assert.Equal(t, 3, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
@@ -6896,8 +6726,8 @@ func TestQuotaRenameFromVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize)
f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
@@ -6915,8 +6745,8 @@ func TestQuotaRenameFromVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize+testFileSize1+testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize, f.UsedQuotaSize)
@@ -6979,8 +6809,8 @@ func TestQuotaRenameFromVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize*3+testFileSize1*3, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 2, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, int64(0), f.UsedQuotaSize)
@@ -7113,8 +6943,8 @@ func TestQuotaRenameToVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize)
f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
// rename a file from user home dir to vdir2, vdir2 is not included in user quota so we have:
// - /vdir2/dir1/testFileName
// - /vdir1/dir1/testFileName1
@@ -7153,8 +6983,8 @@ func TestQuotaRenameToVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize, f.UsedQuotaSize)
@@ -7170,8 +7000,8 @@ func TestQuotaRenameToVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize1, f.UsedQuotaSize)
@@ -7193,8 +7023,8 @@ func TestQuotaRenameToVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize*2+testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize1, f.UsedQuotaSize)
@@ -7211,8 +7041,8 @@ func TestQuotaRenameToVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize*2+testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize*2+testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 3, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize1, f.UsedQuotaSize)
@@ -7237,8 +7067,8 @@ func TestQuotaRenameToVirtualFolder(t *testing.T) {
assert.Equal(t, testFileSize*2+testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize*2+testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 3, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize1*2+testFileSize, f.UsedQuotaSize)
@@ -7506,8 +7336,8 @@ func TestVFolderQuotaSize(t *testing.T) {
f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize, f.UsedQuotaSize)
+ assert.Equal(t, 1, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize, f.UsedQuotaSize)
@@ -8584,12 +8414,18 @@ func TestResolvePaths(t *testing.T) {
assert.Equal(t, fs.Join(user.GetHomeDir(), "/test/sub"), resolved)
path = "../test/sub"
resolved, err = fs.ResolvePath(filepath.ToSlash(path))
- assert.NoError(t, err)
- assert.Equal(t, fs.Join(user.GetHomeDir(), "/test/sub"), resolved)
+ if vfs.IsLocalOsFs(fs) {
+ assert.Error(t, err, "Unexpected resolved path: %v for: %v, fs: %v", resolved, path, fs.Name())
+ } else {
+ assert.Equal(t, fs.Join(user.GetHomeDir(), "/test/sub"), resolved)
+ }
path = "../../../test/../sub"
resolved, err = fs.ResolvePath(filepath.ToSlash(path))
- assert.NoError(t, err)
- assert.Equal(t, fs.Join(user.GetHomeDir(), "/sub"), resolved)
+ if vfs.IsLocalOsFs(fs) {
+ assert.Error(t, err, "Unexpected resolved path: %v for: %v, fs: %v", resolved, path, fs.Name())
+ } else {
+ assert.Equal(t, fs.Join(user.GetHomeDir(), "/sub"), resolved)
+ }
}
err = os.RemoveAll(user.GetHomeDir())
assert.NoError(t, err)
@@ -8771,8 +8607,8 @@ func TestUserAllowedLoginMethods(t *testing.T) {
allowedMethods = user.GetAllowedLoginMethods()
assert.Equal(t, 4, len(allowedMethods))
- assert.True(t, slices.Contains(allowedMethods, dataprovider.SSHLoginMethodKeyAndKeyboardInt))
- assert.True(t, slices.Contains(allowedMethods, dataprovider.SSHLoginMethodKeyAndPassword))
+ assert.True(t, util.Contains(allowedMethods, dataprovider.SSHLoginMethodKeyAndKeyboardInt))
+ assert.True(t, util.Contains(allowedMethods, dataprovider.SSHLoginMethodKeyAndPassword))
}
func TestUserPartialAuth(t *testing.T) {
@@ -9279,8 +9115,8 @@ func TestSSHCopy(t *testing.T) {
assert.Equal(t, 2*testFileSize+2*testFileSize1, user.UsedQuotaSize)
f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 2, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize)
@@ -9358,8 +9194,8 @@ func TestSSHCopy(t *testing.T) {
assert.Equal(t, 5*testFileSize+4*testFileSize1, user.UsedQuotaSize)
f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, 2*testFileSize+2*testFileSize1, f.UsedQuotaSize)
+ assert.Equal(t, 4, f.UsedQuotaFiles)
}
// cross folder copy
newDir := "newdir"
@@ -9932,13 +9768,10 @@ func TestSSHRemoveCryptFs(t *testing.T) {
assert.NoError(t, err)
}
-func TestSSHCommandMaxTransfers(t *testing.T) {
+func TestBasicGitCommands(t *testing.T) {
if len(gitPath) == 0 || len(sshPath) == 0 || runtime.GOOS == osWindows {
t.Skip("git and/or ssh command not found or OS is windows, unable to execute this test")
}
- oldValue := common.Config.MaxPerHostConnections
- common.Config.MaxPerHostConnections = 2
-
usePubKey := true
u := getTestUser(usePubKey)
user, _, err := httpdtest.AddUser(u, http.StatusCreated)
@@ -9950,31 +9783,43 @@ func TestSSHCommandMaxTransfers(t *testing.T) {
assert.NoError(t, err)
err = os.RemoveAll(filepath.Join(homeBasePath, repoName))
assert.NoError(t, err)
+ out, err := initGitRepo(filepath.Join(user.HomeDir, repoName))
+ assert.NoError(t, err, "unexpected error, out: %v", string(out))
- conn, client, err := getSftpClient(user, usePubKey)
- if assert.NoError(t, err) {
- f1, err := client.Create("file1")
- assert.NoError(t, err)
- f2, err := client.Create("file2")
- assert.NoError(t, err)
- _, err = f1.Write([]byte(" "))
- assert.NoError(t, err)
- _, err = f2.Write([]byte(" "))
- assert.NoError(t, err)
+ out, err = cloneGitRepo(homeBasePath, "/"+repoName, user.Username)
+ assert.NoError(t, err, "unexpected error, out: %v", string(out))
- _, err = client.Create("file3")
- assert.Error(t, err)
+ out, err = addFileToGitRepo(clonePath, 128)
+ assert.NoError(t, err, "unexpected error, out: %v", string(out))
- err = f1.Close()
- assert.NoError(t, err)
- err = f2.Close()
- assert.NoError(t, err)
- err = client.Close()
- assert.NoError(t, err)
- err = conn.Close()
- assert.NoError(t, err)
+ user.QuotaFiles = 100000
+ _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "")
+ assert.NoError(t, err)
+
+ out, err = pushToGitRepo(clonePath)
+ if !assert.NoError(t, err, "unexpected error, out: %v", string(out)) {
+ printLatestLogs(10)
}
+ out, err = addFileToGitRepo(clonePath, 131072)
+ assert.NoError(t, err, "unexpected error, out: %v", string(out))
+
+ user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK)
+ assert.NoError(t, err)
+ user.QuotaSize = user.UsedQuotaSize + 1
+ _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "")
+ assert.NoError(t, err)
+ out, err = pushToGitRepo(clonePath)
+ assert.Error(t, err, "git push must fail if quota is exceeded, out: %v", string(out))
+
+ aDir := filepath.Join(user.GetHomeDir(), repoName, "adir")
+ err = os.MkdirAll(aDir, 0001)
+ assert.NoError(t, err)
+ _, err = pushToGitRepo(clonePath)
+ assert.Error(t, err)
+ err = os.Chmod(aDir, os.ModePerm)
+ assert.NoError(t, err)
+
_, err = httpdtest.RemoveUser(user, http.StatusOK)
assert.NoError(t, err)
@@ -9982,9 +9827,180 @@ func TestSSHCommandMaxTransfers(t *testing.T) {
assert.NoError(t, err)
err = os.RemoveAll(clonePath)
assert.NoError(t, err)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
+}
- common.Config.MaxPerHostConnections = oldValue
+func TestGitIncludedVirtualFolders(t *testing.T) {
+ if len(gitPath) == 0 || len(sshPath) == 0 || runtime.GOOS == osWindows {
+ t.Skip("git and/or ssh command not found or OS is windows, unable to execute this test")
+ }
+ usePubKey := true
+ repoName := "trepo"
+ u := getTestUser(usePubKey)
+ u.QuotaFiles = 10000
+ mappedPath := filepath.Join(os.TempDir(), "repo")
+ folderName := filepath.Base(mappedPath)
+ u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{
+ BaseVirtualFolder: vfs.BaseVirtualFolder{
+ Name: folderName,
+ },
+ VirtualPath: "/" + repoName,
+ QuotaFiles: -1,
+ QuotaSize: -1,
+ })
+ f := vfs.BaseVirtualFolder{
+ Name: folderName,
+ MappedPath: mappedPath,
+ }
+ _, _, err := httpdtest.AddFolder(f, http.StatusCreated)
+ assert.NoError(t, err)
+ user, _, err := httpdtest.AddUser(u, http.StatusCreated)
+ assert.NoError(t, err)
+
+ clonePath := filepath.Join(homeBasePath, repoName)
+ err = os.RemoveAll(user.GetHomeDir())
+ assert.NoError(t, err)
+ err = os.RemoveAll(filepath.Join(homeBasePath, repoName))
+ assert.NoError(t, err)
+ out, err := initGitRepo(mappedPath)
+ assert.NoError(t, err, "unexpected error, out: %v", string(out))
+
+ out, err = cloneGitRepo(homeBasePath, "/"+repoName, user.Username)
+ assert.NoError(t, err, "unexpected error, out: %v", string(out))
+
+ out, err = addFileToGitRepo(clonePath, 128)
+ assert.NoError(t, err, "unexpected error, out: %v", string(out))
+
+ out, err = pushToGitRepo(clonePath)
+ assert.NoError(t, err, "unexpected error, out: %v", string(out))
+
+ user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK)
+ assert.NoError(t, err)
+ if user.UsedQuotaFiles == 0 {
+ assert.Eventually(t, func() bool {
+ user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK)
+ if err != nil {
+ return false
+ }
+ return user.QuotaFiles > 0
+ }, 1*time.Second, 100*time.Millisecond)
+ }
+ user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK)
+ assert.NoError(t, err)
+ assert.Greater(t, user.UsedQuotaFiles, 0)
+ assert.Greater(t, user.UsedQuotaSize, int64(0))
+
+ folder, _, err := httpdtest.GetFolderByName(folderName, http.StatusOK)
+ assert.NoError(t, err)
+ assert.Equal(t, user.UsedQuotaFiles, folder.UsedQuotaFiles)
+ assert.Equal(t, user.UsedQuotaSize, folder.UsedQuotaSize)
+
+ _, err = httpdtest.RemoveUser(user, http.StatusOK)
+ assert.NoError(t, err)
+ err = os.RemoveAll(user.GetHomeDir())
+ assert.NoError(t, err)
+ _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName}, http.StatusOK)
+ assert.NoError(t, err)
+ err = os.RemoveAll(mappedPath)
+ assert.NoError(t, err)
+ err = os.RemoveAll(clonePath)
+ assert.NoError(t, err)
+}
+
+func TestGitQuotaVirtualFolders(t *testing.T) {
+ if len(gitPath) == 0 || len(sshPath) == 0 || runtime.GOOS == osWindows {
+ t.Skip("git and/or ssh command not found or OS is windows, unable to execute this test")
+ }
+ usePubKey := true
+ repoName := "testrepo"
+ u := getTestUser(usePubKey)
+ u.QuotaFiles = 1
+ u.QuotaSize = 131072
+ mappedPath := filepath.Join(os.TempDir(), "repo")
+ folderName := filepath.Base(mappedPath)
+ u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{
+ BaseVirtualFolder: vfs.BaseVirtualFolder{
+ Name: folderName,
+ },
+ VirtualPath: "/" + repoName,
+ QuotaFiles: 0,
+ QuotaSize: 0,
+ })
+ f := vfs.BaseVirtualFolder{
+ Name: folderName,
+ MappedPath: mappedPath,
+ }
+ _, _, err := httpdtest.AddFolder(f, http.StatusCreated)
+ assert.NoError(t, err)
+ err = os.MkdirAll(mappedPath, os.ModePerm)
+ assert.NoError(t, err)
+ user, _, err := httpdtest.AddUser(u, http.StatusCreated)
+ assert.NoError(t, err)
+ conn, client, err := getSftpClient(user, usePubKey)
+ if assert.NoError(t, err) {
+ // we upload a file so the user is over quota
+ defer conn.Close()
+ defer client.Close()
+ testFilePath := filepath.Join(homeBasePath, testFileName)
+ err = createTestFile(testFilePath, u.QuotaSize)
+ assert.NoError(t, err)
+ err = sftpUploadFile(testFilePath, testFileName, u.QuotaSize, client)
+ assert.NoError(t, err)
+ err = os.Remove(testFilePath)
+ assert.NoError(t, err)
+ }
+
+ clonePath := filepath.Join(homeBasePath, repoName)
+ err = os.RemoveAll(user.GetHomeDir())
+ assert.NoError(t, err)
+ err = os.RemoveAll(filepath.Join(homeBasePath, repoName))
+ assert.NoError(t, err)
+ out, err := initGitRepo(mappedPath)
+ assert.NoError(t, err, "unexpected error, out: %v", string(out))
+
+ out, err = cloneGitRepo(homeBasePath, "/"+repoName, user.Username)
+ assert.NoError(t, err, "unexpected error, out: %v", string(out))
+
+ out, err = addFileToGitRepo(clonePath, 128)
+ assert.NoError(t, err, "unexpected error, out: %v", string(out))
+
+ out, err = pushToGitRepo(clonePath)
+ assert.NoError(t, err, "unexpected error, out: %v", string(out))
+
+ _, err = httpdtest.RemoveUser(user, http.StatusOK)
+ assert.NoError(t, err)
+ err = os.RemoveAll(user.GetHomeDir())
+ assert.NoError(t, err)
+ _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName}, http.StatusOK)
+ assert.NoError(t, err)
+ err = os.RemoveAll(mappedPath)
+ assert.NoError(t, err)
+ err = os.RemoveAll(clonePath)
+ assert.NoError(t, err)
+}
+
+func TestGitErrors(t *testing.T) {
+ if len(gitPath) == 0 || len(sshPath) == 0 || runtime.GOOS == osWindows {
+ t.Skip("git and/or ssh command not found or OS is windows, unable to execute this test")
+ }
+ usePubKey := true
+ u := getTestUser(usePubKey)
+ user, _, err := httpdtest.AddUser(u, http.StatusCreated)
+ assert.NoError(t, err)
+ repoName := "testrepo"
+ clonePath := filepath.Join(homeBasePath, repoName)
+ err = os.RemoveAll(user.GetHomeDir())
+ assert.NoError(t, err)
+ err = os.RemoveAll(filepath.Join(homeBasePath, repoName))
+ assert.NoError(t, err)
+ out, err := cloneGitRepo(homeBasePath, "/"+repoName, user.Username)
+ assert.Error(t, err, "cloning a missing repo must fail, out: %v", string(out))
+
+ _, err = httpdtest.RemoveUser(user, http.StatusOK)
+ assert.NoError(t, err)
+ err = os.RemoveAll(user.GetHomeDir())
+ assert.NoError(t, err)
+ err = os.RemoveAll(clonePath)
+ assert.NoError(t, err)
}
// Start SCP tests
@@ -10661,8 +10677,8 @@ func TestSCPVirtualFoldersQuota(t *testing.T) {
assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize)
f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), f.UsedQuotaSize)
- assert.Equal(t, 0, f.UsedQuotaFiles)
+ assert.Equal(t, expectedQuotaSize, f.UsedQuotaSize)
+ assert.Equal(t, expectedQuotaFiles, f.UsedQuotaFiles)
f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK)
assert.NoError(t, err)
assert.Equal(t, expectedQuotaSize, f.UsedQuotaSize)
@@ -11058,7 +11074,6 @@ func TestSCPErrors(t *testing.T) {
err = cmd.Process.Kill()
assert.NoError(t, err)
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 2*time.Second, 100*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
cmd = getScpUploadCommand(testFilePath, remoteUpPath, false, false)
go func() {
err := cmd.Run()
@@ -11071,7 +11086,6 @@ func TestSCPErrors(t *testing.T) {
err = cmd.Process.Kill()
assert.NoError(t, err)
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 2*time.Second, 100*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
err = os.Remove(testFilePath)
assert.NoError(t, err)
os.Remove(localPath)
@@ -11594,6 +11608,64 @@ func checkSystemCommands() {
}
}
+func initGitRepo(path string) ([]byte, error) {
+ err := os.MkdirAll(path, os.ModePerm)
+ if err != nil {
+ return nil, err
+ }
+ args := []string{"init", "--bare"}
+ cmd := exec.Command(gitPath, args...)
+ cmd.Dir = path
+ return cmd.CombinedOutput()
+}
+
+func pushToGitRepo(repoPath string) ([]byte, error) {
+ cmd := exec.Command(gitPath, "push")
+ cmd.Dir = repoPath
+ cmd.Env = append(os.Environ(),
+ fmt.Sprintf("GIT_SSH=%v", gitWrapPath))
+ return cmd.CombinedOutput()
+}
+
+func cloneGitRepo(basePath, remotePath, username string) ([]byte, error) {
+ remoteURL := fmt.Sprintf("ssh://%v@127.0.0.1:2022%v", username, remotePath)
+ args := []string{"clone", remoteURL}
+ cmd := exec.Command(gitPath, args...)
+ cmd.Dir = basePath
+ cmd.Env = append(os.Environ(),
+ fmt.Sprintf("GIT_SSH=%v", gitWrapPath))
+ return cmd.CombinedOutput()
+}
+
+func addFileToGitRepo(repoPath string, fileSize int64) ([]byte, error) {
+ path := filepath.Join(repoPath, "test")
+ err := createTestFile(path, fileSize)
+ if err != nil {
+ return []byte(""), err
+ }
+ cmd := exec.Command(gitPath, "config", "user.email", "testuser@example.com")
+ cmd.Dir = repoPath
+ out, err := cmd.CombinedOutput()
+ if err != nil {
+ return out, err
+ }
+ cmd = exec.Command(gitPath, "config", "user.name", "testuser")
+ cmd.Dir = repoPath
+ out, err = cmd.CombinedOutput()
+ if err != nil {
+ return out, err
+ }
+ cmd = exec.Command(gitPath, "add", "test")
+ cmd.Dir = repoPath
+ out, err = cmd.CombinedOutput()
+ if err != nil {
+ return out, err
+ }
+ cmd = exec.Command(gitPath, "commit", "-am", "test")
+ cmd.Dir = repoPath
+ return cmd.CombinedOutput()
+}
+
func getKeyboardInteractiveScriptForBuiltinChecks(addPasscode bool, result int) []byte {
content := []byte("#!/bin/sh\n\n")
echos := []bool{false}
diff --git a/internal/sftpd/ssh_cmd.go b/internal/sftpd/ssh_cmd.go
index c82f3b89..8a342e99 100644
--- a/internal/sftpd/ssh_cmd.go
+++ b/internal/sftpd/ssh_cmd.go
@@ -23,12 +23,16 @@ import (
"fmt"
"hash"
"io"
+ "os"
+ "os/exec"
+ "path"
"runtime/debug"
- "slices"
"strings"
+ "sync"
"time"
"github.com/google/shlex"
+ "github.com/sftpgo/sdk"
"golang.org/x/crypto/ssh"
"github.com/drakkan/sftpgo/v2/internal/common"
@@ -44,6 +48,10 @@ const (
sshCommandLogSender = "SSHCommand"
)
+var (
+ errUnsupportedConfig = errors.New("command unsupported for this configuration")
+)
+
type sshCommand struct {
command string
args []string
@@ -51,13 +59,39 @@ type sshCommand struct {
startTime time.Time
}
+type systemCommand struct {
+ cmd *exec.Cmd
+ fsPath string
+ quotaCheckPath string
+ fs vfs.Fs
+}
+
+func (c *systemCommand) GetSTDs() (io.WriteCloser, io.ReadCloser, io.ReadCloser, error) {
+ stdin, err := c.cmd.StdinPipe()
+ if err != nil {
+ return nil, nil, nil, err
+ }
+ stdout, err := c.cmd.StdoutPipe()
+ if err != nil {
+ stdin.Close()
+ return nil, nil, nil, err
+ }
+ stderr, err := c.cmd.StderrPipe()
+ if err != nil {
+ stdin.Close()
+ stdout.Close()
+ return nil, nil, nil, err
+ }
+ return stdin, stdout, stderr, nil
+}
+
func processSSHCommand(payload []byte, connection *Connection, enabledSSHCommands []string) bool {
var msg sshSubsystemExecMsg
if err := ssh.Unmarshal(payload, &msg); err == nil {
name, args, err := parseCommandPayload(msg.Command)
connection.Log(logger.LevelDebug, "new ssh command: %q args: %v num args: %d user: %s, error: %v",
name, args, len(args), connection.User.Username, err)
- if err == nil && slices.Contains(enabledSSHCommands, name) {
+ if err == nil && util.Contains(enabledSSHCommands, name) {
connection.command = msg.Command
if name == scpCmdName && len(args) >= 2 {
connection.SetProtocol(common.ProtocolSCP)
@@ -99,15 +133,20 @@ func (c *sshCommand) handle() (err error) {
}
}()
if err := common.Connections.Add(c.connection); err != nil {
- defer c.connection.CloseFS() //nolint:errcheck
logger.Info(logSender, "", "unable to add SSH command connection: %v", err)
- return c.sendErrorResponse(err)
+ return err
}
defer common.Connections.Remove(c.connection.GetID())
c.connection.UpdateLastActivity()
- if slices.Contains(sshHashCommands, c.command) {
+ if util.Contains(sshHashCommands, c.command) {
return c.handleHashCommands()
+ } else if util.Contains(systemCommands, c.command) {
+ command, err := c.getSystemCommand()
+ if err != nil {
+ return c.sendErrorResponse(err)
+ }
+ return c.executeSystemCommand(command)
} else if c.command == "cd" {
c.sendExitStatus(nil)
} else if c.command == "pwd" {
@@ -150,18 +189,29 @@ func (c *sshCommand) handleSFTPGoRemove() error {
return nil
}
+func (c *sshCommand) updateQuota(sshDestPath string, filesNum int, filesSize int64) {
+ vfolder, err := c.connection.User.GetVirtualFolderForPath(sshDestPath)
+ if err == nil {
+ dataprovider.UpdateVirtualFolderQuota(&vfolder.BaseVirtualFolder, filesNum, filesSize, false) //nolint:errcheck
+ if vfolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&c.connection.User, filesNum, filesSize, false) //nolint:errcheck
+ }
+ } else {
+ dataprovider.UpdateUserQuota(&c.connection.User, filesNum, filesSize, false) //nolint:errcheck
+ }
+}
+
func (c *sshCommand) handleHashCommands() error {
var h hash.Hash
- switch c.command {
- case "md5sum":
+ if c.command == "md5sum" {
h = md5.New()
- case "sha1sum":
+ } else if c.command == "sha1sum" {
h = sha1.New()
- case "sha256sum":
+ } else if c.command == "sha256sum" {
h = sha256.New()
- case "sha384sum":
+ } else if c.command == "sha384sum" {
h = sha512.New384()
- default:
+ } else {
h = sha512.New()
}
var response string
@@ -198,6 +248,212 @@ func (c *sshCommand) handleHashCommands() error {
return nil
}
+func (c *sshCommand) executeSystemCommand(command systemCommand) error {
+ sshDestPath := c.getDestPath()
+ if !c.isLocalPath(sshDestPath) {
+ return c.sendErrorResponse(errUnsupportedConfig)
+ }
+ diskQuota, transferQuota := c.connection.HasSpace(true, false, command.quotaCheckPath)
+ if !diskQuota.HasSpace || !transferQuota.HasUploadSpace() || !transferQuota.HasDownloadSpace() {
+ return c.sendErrorResponse(common.ErrQuotaExceeded)
+ }
+ perms := []string{dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermCreateDirs, dataprovider.PermListItems,
+ dataprovider.PermOverwrite, dataprovider.PermDelete}
+ if !c.connection.User.HasPerms(perms, sshDestPath) {
+ return c.sendErrorResponse(c.connection.GetPermissionDeniedError())
+ }
+
+ initialFiles, initialSize, err := c.getSizeForPath(command.fs, command.fsPath)
+ if err != nil {
+ return c.sendErrorResponse(err)
+ }
+
+ stdin, stdout, stderr, err := command.GetSTDs()
+ if err != nil {
+ return c.sendErrorResponse(err)
+ }
+ err = command.cmd.Start()
+ if err != nil {
+ return c.sendErrorResponse(err)
+ }
+
+ closeCmdOnError := func() {
+ c.connection.Log(logger.LevelDebug, "kill cmd: %q and close ssh channel after read or write error",
+ c.connection.command)
+ killerr := command.cmd.Process.Kill()
+ closerr := c.connection.channel.Close()
+ c.connection.Log(logger.LevelDebug, "kill cmd error: %v close channel error: %v", killerr, closerr)
+ }
+ var once sync.Once
+ commandResponse := make(chan bool)
+
+ remainingQuotaSize := diskQuota.GetRemainingSize()
+
+ go func() {
+ defer stdin.Close()
+ baseTransfer := common.NewBaseTransfer(nil, c.connection.BaseConnection, nil, command.fsPath, command.fsPath, sshDestPath,
+ common.TransferUpload, 0, 0, remainingQuotaSize, 0, false, command.fs, transferQuota)
+ transfer := newTransfer(baseTransfer, nil, nil, nil)
+
+ w, e := transfer.copyFromReaderToWriter(stdin, c.connection.channel)
+ c.connection.Log(logger.LevelDebug, "command: %q, copy from remote command to sdtin ended, written: %v, "+
+ "initial remaining quota: %v, err: %v", c.connection.command, w, remainingQuotaSize, e)
+ if e != nil {
+ once.Do(closeCmdOnError)
+ }
+ }()
+
+ go func() {
+ baseTransfer := common.NewBaseTransfer(nil, c.connection.BaseConnection, nil, command.fsPath, command.fsPath, sshDestPath,
+ common.TransferDownload, 0, 0, 0, 0, false, command.fs, transferQuota)
+ transfer := newTransfer(baseTransfer, nil, nil, nil)
+
+ w, e := transfer.copyFromReaderToWriter(c.connection.channel, stdout)
+ c.connection.Log(logger.LevelDebug, "command: %q, copy from sdtout to remote command ended, written: %v err: %v",
+ c.connection.command, w, e)
+ if e != nil {
+ once.Do(closeCmdOnError)
+ }
+ commandResponse <- true
+ }()
+
+ go func() {
+ baseTransfer := common.NewBaseTransfer(nil, c.connection.BaseConnection, nil, command.fsPath, command.fsPath, sshDestPath,
+ common.TransferDownload, 0, 0, 0, 0, false, command.fs, transferQuota)
+ transfer := newTransfer(baseTransfer, nil, nil, nil)
+
+ w, e := transfer.copyFromReaderToWriter(c.connection.channel.(ssh.Channel).Stderr(), stderr)
+ c.connection.Log(logger.LevelDebug, "command: %q, copy from sdterr to remote command ended, written: %v err: %v",
+ c.connection.command, w, e)
+ // os.ErrClosed means that the command is finished so we don't need to do anything
+ if (e != nil && !errors.Is(e, os.ErrClosed)) || w > 0 {
+ once.Do(closeCmdOnError)
+ }
+ }()
+
+ <-commandResponse
+ err = command.cmd.Wait()
+ c.sendExitStatus(err)
+
+ numFiles, dirSize, errSize := c.getSizeForPath(command.fs, command.fsPath)
+ if errSize == nil {
+ c.updateQuota(sshDestPath, numFiles-initialFiles, dirSize-initialSize)
+ }
+ c.connection.Log(logger.LevelDebug, "command %q finished for path %q, initial files %v initial size %v "+
+ "current files %v current size %v size err: %v", c.connection.command, command.fsPath, initialFiles, initialSize,
+ numFiles, dirSize, errSize)
+ return c.connection.GetFsError(command.fs, err)
+}
+
+func (c *sshCommand) isSystemCommandAllowed() error {
+ sshDestPath := c.getDestPath()
+ if c.connection.User.IsVirtualFolder(sshDestPath) {
+ // overlapped virtual path are not allowed
+ return nil
+ }
+ if c.connection.User.HasVirtualFoldersInside(sshDestPath) {
+ c.connection.Log(logger.LevelDebug, "command %q is not allowed, path %q has virtual folders inside it, user %q",
+ c.command, sshDestPath, c.connection.User.Username)
+ return errUnsupportedConfig
+ }
+ for _, f := range c.connection.User.Filters.FilePatterns {
+ if f.Path == sshDestPath {
+ c.connection.Log(logger.LevelDebug,
+ "command %q is not allowed inside folders with file patterns filters %q user %q",
+ c.command, sshDestPath, c.connection.User.Username)
+ return errUnsupportedConfig
+ }
+ if len(sshDestPath) > len(f.Path) {
+ if strings.HasPrefix(sshDestPath, f.Path+"/") || f.Path == "/" {
+ c.connection.Log(logger.LevelDebug,
+ "command %q is not allowed it includes folders with file patterns filters %q user %q",
+ c.command, sshDestPath, c.connection.User.Username)
+ return errUnsupportedConfig
+ }
+ }
+ if len(sshDestPath) < len(f.Path) {
+ if strings.HasPrefix(sshDestPath+"/", f.Path) || sshDestPath == "/" {
+ c.connection.Log(logger.LevelDebug,
+ "command %q is not allowed inside folder with file patterns filters %q user %q",
+ c.command, sshDestPath, c.connection.User.Username)
+ return errUnsupportedConfig
+ }
+ }
+ }
+ return nil
+}
+
+func (c *sshCommand) getSystemCommand() (systemCommand, error) {
+ command := systemCommand{
+ cmd: nil,
+ fs: nil,
+ fsPath: "",
+ quotaCheckPath: "",
+ }
+ if err := common.CheckClosing(); err != nil {
+ return command, err
+ }
+ args := make([]string, len(c.args))
+ copy(args, c.args)
+ var fsPath, quotaPath string
+ sshPath := c.getDestPath()
+ fs, err := c.connection.User.GetFilesystemForPath(sshPath, c.connection.ID)
+ if err != nil {
+ return command, err
+ }
+ if len(c.args) > 0 {
+ var err error
+ fsPath, err = fs.ResolvePath(sshPath)
+ if err != nil {
+ return command, c.connection.GetFsError(fs, err)
+ }
+ quotaPath = sshPath
+ fi, err := fs.Stat(fsPath)
+ if err == nil && fi.IsDir() {
+ // if the target is an existing dir the command will write inside this dir
+ // so we need to check the quota for this directory and not its parent dir
+ quotaPath = path.Join(sshPath, "fakecontent")
+ }
+ if strings.HasSuffix(sshPath, "/") && !strings.HasSuffix(fsPath, string(os.PathSeparator)) {
+ fsPath += string(os.PathSeparator)
+ c.connection.Log(logger.LevelDebug, "path separator added to fsPath %q", fsPath)
+ }
+ args = args[:len(args)-1]
+ args = append(args, fsPath)
+ }
+ if err := c.isSystemCommandAllowed(); err != nil {
+ return command, errUnsupportedConfig
+ }
+ if c.command == "rsync" {
+ // we cannot avoid that rsync creates symlinks so if the user has the permission
+ // to create symlinks we add the option --safe-links to the received rsync command if
+ // it is not already set. This should prevent to create symlinks that point outside
+ // the home dir.
+ // If the user cannot create symlinks we add the option --munge-links, if it is not
+ // already set. This should make symlinks unusable (but manually recoverable)
+ if c.connection.User.HasPerm(dataprovider.PermCreateSymlinks, c.getDestPath()) {
+ if !util.Contains(args, "--safe-links") {
+ args = append([]string{"--safe-links"}, args...)
+ }
+ } else {
+ if !util.Contains(args, "--munge-links") {
+ args = append([]string{"--munge-links"}, args...)
+ }
+ }
+ }
+ c.connection.Log(logger.LevelDebug, "new system command %q, with args: %+v fs path %q quota check path %q",
+ c.command, args, fsPath, quotaPath)
+ cmd := exec.Command(c.command, args...)
+ uid := c.connection.User.GetUID()
+ gid := c.connection.User.GetGID()
+ cmd = wrapCmd(cmd, uid, gid)
+ command.cmd = cmd
+ command.fsPath = fsPath
+ command.quotaCheckPath = quotaPath
+ command.fs = fs
+ return command, nil
+}
+
// for the supported commands, the destination path, if any, is the last argument
func (c *sshCommand) getDestPath() string {
if len(c.args) == 0 {
@@ -236,6 +492,37 @@ func (c *sshCommand) getRemovePath() (string, error) {
return sshDestPath, nil
}
+func (c *sshCommand) isLocalPath(virtualPath string) bool {
+ folder, err := c.connection.User.GetVirtualFolderForPath(virtualPath)
+ if err != nil {
+ return c.connection.User.FsConfig.Provider == sdk.LocalFilesystemProvider
+ }
+ return folder.FsConfig.Provider == sdk.LocalFilesystemProvider
+}
+
+func (c *sshCommand) getSizeForPath(fs vfs.Fs, name string) (int, int64, error) {
+ if dataprovider.GetQuotaTracking() > 0 {
+ fi, err := fs.Lstat(name)
+ if err != nil {
+ if fs.IsNotExist(err) {
+ return 0, 0, nil
+ }
+ c.connection.Log(logger.LevelDebug, "unable to stat %q error: %v", name, err)
+ return 0, 0, err
+ }
+ if fi.IsDir() {
+ files, size, err := fs.GetDirSize(name)
+ if err != nil {
+ c.connection.Log(logger.LevelDebug, "unable to get size for dir %q error: %v", name, err)
+ }
+ return files, size, err
+ } else if fi.Mode().IsRegular() {
+ return 1, fi.Size(), nil
+ }
+ }
+ return 0, 0, nil
+}
+
func (c *sshCommand) sendErrorResponse(err error) error {
errorString := fmt.Sprintf("%v: %v %v\n", c.command, c.getDestPath(), err)
c.connection.channel.Write([]byte(errorString)) //nolint:errcheck
diff --git a/internal/sftpd/subsystem.go b/internal/sftpd/subsystem.go
new file mode 100644
index 00000000..b17bd62e
--- /dev/null
+++ b/internal/sftpd/subsystem.go
@@ -0,0 +1,87 @@
+// Copyright (C) 2019 Nicola Murino
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published
+// by the Free Software Foundation, version 3.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+package sftpd
+
+import (
+ "io"
+ "net"
+
+ "github.com/pkg/sftp"
+
+ "github.com/drakkan/sftpgo/v2/internal/common"
+ "github.com/drakkan/sftpgo/v2/internal/dataprovider"
+ "github.com/drakkan/sftpgo/v2/internal/logger"
+)
+
+type subsystemChannel struct {
+ reader io.Reader
+ writer io.Writer
+}
+
+func (s *subsystemChannel) Read(p []byte) (int, error) {
+ return s.reader.Read(p)
+}
+
+func (s *subsystemChannel) Write(p []byte) (int, error) {
+ return s.writer.Write(p)
+}
+
+func (s *subsystemChannel) Close() error {
+ return nil
+}
+
+func newSubsystemChannel(reader io.Reader, writer io.Writer) *subsystemChannel {
+ return &subsystemChannel{
+ reader: reader,
+ writer: writer,
+ }
+}
+
+// ServeSubSystemConnection handles a connection as SSH subsystem
+func ServeSubSystemConnection(user *dataprovider.User, connectionID string, reader io.Reader, writer io.Writer) error {
+ err := user.CheckFsRoot(connectionID)
+ if err != nil {
+ errClose := user.CloseFs()
+ logger.Warn(logSender, connectionID, "unable to check fs root: %v close fs error: %v", err, errClose)
+ return err
+ }
+
+ connection := &Connection{
+ BaseConnection: common.NewBaseConnection(connectionID, common.ProtocolSFTP, "", "", *user),
+ ClientVersion: "",
+ RemoteAddr: &net.IPAddr{},
+ LocalAddr: &net.IPAddr{},
+ channel: newSubsystemChannel(reader, writer),
+ }
+ err = common.Connections.Add(connection)
+ if err != nil {
+ errClose := user.CloseFs()
+ logger.Warn(logSender, connectionID, "unable to add connection: %v close fs error: %v", err, errClose)
+ return err
+ }
+ defer common.Connections.Remove(connection.GetID())
+
+ dataprovider.UpdateLastLogin(user)
+ sftp.SetSFTPExtensions(sftpExtensions...) //nolint:errcheck
+ server := sftp.NewRequestServer(connection.channel, sftp.Handlers{
+ FileGet: connection,
+ FilePut: connection,
+ FileCmd: connection,
+ FileList: connection,
+ })
+
+ defer server.Close()
+ return server.Serve()
+}
diff --git a/internal/sftpd/transfer.go b/internal/sftpd/transfer.go
index 465ad8c3..d3acc202 100644
--- a/internal/sftpd/transfer.go
+++ b/internal/sftpd/transfer.go
@@ -19,6 +19,7 @@ import (
"io"
"github.com/drakkan/sftpgo/v2/internal/common"
+ "github.com/drakkan/sftpgo/v2/internal/metric"
"github.com/drakkan/sftpgo/v2/internal/vfs"
)
@@ -176,7 +177,7 @@ func (t *transfer) closeIO() error {
} else if t.readerAt != nil {
err = t.readerAt.Close()
if metadater, ok := t.readerAt.(vfs.Metadater); ok {
- t.SetMetadata(metadater.Metadata())
+ t.BaseTransfer.SetMetadata(metadater.Metadata())
}
}
return err
@@ -191,3 +192,63 @@ func (t *transfer) setFinished() error {
t.isFinished = true
return nil
}
+
+// used for ssh commands.
+// It reads from src until EOF so it does not treat an EOF from Read as an error to be reported.
+// EOF from Write is reported as error
+func (t *transfer) copyFromReaderToWriter(dst io.Writer, src io.Reader) (int64, error) {
+ defer t.Connection.RemoveTransfer(t)
+
+ var written int64
+ var err error
+
+ if t.MaxWriteSize < 0 {
+ return 0, common.ErrQuotaExceeded
+ }
+ isDownload := t.GetType() == common.TransferDownload
+ buf := make([]byte, 32768)
+ for {
+ t.Connection.UpdateLastActivity()
+ nr, er := src.Read(buf)
+ if nr > 0 {
+ nw, ew := dst.Write(buf[0:nr])
+ if nw > 0 {
+ written += int64(nw)
+ if isDownload {
+ t.BytesSent.Store(written)
+ if errCheck := t.CheckRead(); errCheck != nil {
+ err = errCheck
+ break
+ }
+ } else {
+ t.BytesReceived.Store(written)
+ if errCheck := t.CheckWrite(); errCheck != nil {
+ err = errCheck
+ break
+ }
+ }
+ }
+ if ew != nil {
+ err = ew
+ break
+ }
+ if nr != nw {
+ err = io.ErrShortWrite
+ break
+ }
+ }
+ if er != nil {
+ if er != io.EOF {
+ err = er
+ }
+ break
+ }
+ t.HandleThrottle()
+ }
+ t.ErrTransfer = err
+ if written > 0 || err != nil {
+ metric.TransferCompleted(t.BytesSent.Load(), t.BytesReceived.Load(), t.GetType(),
+ t.ErrTransfer, vfs.IsSFTPFs(t.Fs))
+ }
+ return written, err
+}
diff --git a/internal/smtp/oauth2.go b/internal/smtp/oauth2.go
index 87997947..5fea89f5 100644
--- a/internal/smtp/oauth2.go
+++ b/internal/smtp/oauth2.go
@@ -19,7 +19,6 @@ import (
"context"
"errors"
"fmt"
- "slices"
"sync"
"time"
@@ -28,6 +27,7 @@ import (
"golang.org/x/oauth2/microsoft"
"github.com/drakkan/sftpgo/v2/internal/logger"
+ "github.com/drakkan/sftpgo/v2/internal/util"
)
// Supported OAuth2 providers
@@ -56,7 +56,7 @@ type OAuth2Config struct {
// Validate validates and initializes the configuration
func (c *OAuth2Config) Validate() error {
- if !slices.Contains(supportedOAuth2Providers, c.Provider) {
+ if !util.Contains(supportedOAuth2Providers, c.Provider) {
return fmt.Errorf("smtp oauth2: unsupported provider %d", c.Provider)
}
if c.ClientID == "" {
diff --git a/internal/smtp/smtp.go b/internal/smtp/smtp.go
index 94984249..893534de 100644
--- a/internal/smtp/smtp.go
+++ b/internal/smtp/smtp.go
@@ -279,15 +279,15 @@ func (c *Config) Initialize(configDir string, isService bool) error {
}
func (c *Config) getMailClientOptions() []mail.Option {
- options := []mail.Option{mail.WithPort(c.Port), mail.WithoutNoop()}
+ options := []mail.Option{mail.WithoutNoop()}
switch c.Encryption {
case 1:
- options = append(options, mail.WithSSL())
+ options = append(options, mail.WithSSLPort(false))
case 2:
- options = append(options, mail.WithTLSPolicy(mail.TLSMandatory))
+ options = append(options, mail.WithTLSPortPolicy(mail.TLSMandatory))
default:
- options = append(options, mail.WithTLSPolicy(mail.NoTLS))
+ options = append(options, mail.WithTLSPortPolicy(mail.NoTLS))
}
if c.User != "" {
options = append(options, mail.WithUsername(c.User))
@@ -317,6 +317,7 @@ func (c *Config) getMailClientOptions() []mail.Option {
}),
mail.WithDebugLog())
}
+ options = append(options, mail.WithPort(c.Port))
return options
}
@@ -415,6 +416,12 @@ func SendEmail(to, bcc []string, subject, body string, contentType EmailContentT
return config.sendEmail(to, bcc, subject, body, contentType, attachments...)
}
+// ReloadProviderConf reloads the configuration from the provider
+// and apply it if different from the active one
+func ReloadProviderConf() {
+ loadConfigFromProvider() //nolint:errcheck
+}
+
func loadConfigFromProvider() error {
configs, err := dataprovider.GetConfigs()
if err != nil {
diff --git a/internal/telemetry/telemetry.go b/internal/telemetry/telemetry.go
index 233636aa..dad7e869 100644
--- a/internal/telemetry/telemetry.go
+++ b/internal/telemetry/telemetry.go
@@ -135,9 +135,9 @@ func (c Conf) Initialize(configDir string) error {
}
logger.Debug(logSender, "", "configured TLS cipher suites: %v", config.CipherSuites)
httpServer.TLSConfig = config
- return util.HTTPListenAndServe(httpServer, c.BindAddress, c.BindPort, true, nil, logSender)
+ return util.HTTPListenAndServe(httpServer, c.BindAddress, c.BindPort, true, logSender)
}
- return util.HTTPListenAndServe(httpServer, c.BindAddress, c.BindPort, false, nil, logSender)
+ return util.HTTPListenAndServe(httpServer, c.BindAddress, c.BindPort, false, logSender)
}
// ReloadCertificateMgr reloads the certificate manager
diff --git a/internal/util/i18n.go b/internal/util/i18n.go
index 2b318310..56db5b60 100644
--- a/internal/util/i18n.go
+++ b/internal/util/i18n.go
@@ -114,7 +114,6 @@ const (
I18nErrorConnectionForbidden = "general.connection_forbidden"
I18nErrorReservedUsername = "user.username_reserved"
I18nErrorInvalidEmail = "general.email_invalid"
- I18nErrorInvalidInput = "general.invalid_input"
I18nErrorInvalidUser = "user.username_invalid"
I18nErrorInvalidName = "general.name_invalid"
I18nErrorHomeRequired = "user.home_required"
@@ -122,7 +121,6 @@ const (
I18nErrorPubKeyInvalid = "user.pub_key_invalid"
I18nErrorPrivKeyInvalid = "user.priv_key_invalid"
I18nErrorKeySizeInvalid = "user.key_invalid_size"
- I18nErrorKeyInsecure = "user.key_insecure"
I18nErrorPrimaryGroup = "user.err_primary_group"
I18nErrorDuplicateGroup = "user.err_duplicate_group"
I18nErrorNoPermission = "user.no_permissions"
@@ -242,9 +240,9 @@ const (
I18nErrorRestore = "maintenance.restore_error"
I18nErrorACMEGeneric = "acme.generic_error"
I18nErrorSMTPRequiredFields = "smtp.err_required_fields"
- I18nErrorClientIDRequired = "oauth2.client_id_required"
- I18nErrorClientSecretRequired = "oauth2.client_secret_required"
- I18nErrorRefreshTokenRequired = "oauth2.refresh_token_required"
+ I18nErrorSMTPClientIDRequired = "smtp.client_id_required"
+ I18nErrorSMTPClientSecretRequired = "smtp.client_secret_required"
+ I18nErrorSMTPRefreshTokenRequired = "smtp.refresh_token_required"
I18nErrorURLRequired = "actions.http_url_required"
I18nErrorURLInvalid = "actions.http_url_invalid"
I18nErrorHTTPPartNameRequired = "actions.http_part_name_required"
@@ -305,9 +303,6 @@ const (
I18nErrorEvSyncUnsupportedFs = "rules.sync_unsupported_fs_event"
I18nErrorRuleFailureActionsOnly = "rules.only_failure_actions"
I18nErrorRuleSyncActionRequired = "rules.sync_action_required"
- I18nErrorInvalidPNG = "branding.invalid_png"
- I18nErrorInvalidPNGSize = "branding.invalid_png_size"
- I18nErrorInvalidDisclaimerURL = "branding.invalid_disclaimer_url"
)
// NewI18nError returns a I18nError wrappring the provided error
diff --git a/internal/util/resources.go b/internal/util/resources.go
index 8cddd946..9d1a360c 100644
--- a/internal/util/resources.go
+++ b/internal/util/resources.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build !bundle
+// +build !bundle
package util
diff --git a/internal/util/resources_embedded.go b/internal/util/resources_embedded.go
index 685eaf72..0512cc70 100644
--- a/internal/util/resources_embedded.go
+++ b/internal/util/resources_embedded.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build bundle
+// +build bundle
package util
diff --git a/internal/util/timeoutlistener.go b/internal/util/timeoutlistener.go
new file mode 100644
index 00000000..643f7799
--- /dev/null
+++ b/internal/util/timeoutlistener.go
@@ -0,0 +1,100 @@
+// Copyright (C) 2019 Nicola Murino
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published
+// by the Free Software Foundation, version 3.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+package util
+
+import (
+ "net"
+ "sync/atomic"
+ "time"
+)
+
+type listener struct {
+ net.Listener
+ ReadTimeout time.Duration
+ WriteTimeout time.Duration
+}
+
+func (l *listener) Accept() (net.Conn, error) {
+ c, err := l.Listener.Accept()
+ if err != nil {
+ return nil, err
+ }
+ tc := &Conn{
+ Conn: c,
+ ReadTimeout: l.ReadTimeout,
+ WriteTimeout: l.WriteTimeout,
+ ReadThreshold: int32((l.ReadTimeout * 1024) / time.Second),
+ WriteThreshold: int32((l.WriteTimeout * 1024) / time.Second),
+ }
+ tc.BytesReadFromDeadline.Store(0)
+ tc.BytesWrittenFromDeadline.Store(0)
+ return tc, nil
+}
+
+// Conn wraps a net.Conn, and sets a deadline for every read
+// and write operation.
+type Conn struct {
+ net.Conn
+ ReadTimeout time.Duration
+ WriteTimeout time.Duration
+ ReadThreshold int32
+ WriteThreshold int32
+ BytesReadFromDeadline atomic.Int32
+ BytesWrittenFromDeadline atomic.Int32
+}
+
+func (c *Conn) Read(b []byte) (n int, err error) {
+ if c.BytesReadFromDeadline.Load() > c.ReadThreshold {
+ c.BytesReadFromDeadline.Store(0)
+ // we set both read and write deadlines here otherwise after the request
+ // is read writing the response fails with an i/o timeout error
+ err = c.Conn.SetDeadline(time.Now().Add(c.ReadTimeout))
+ if err != nil {
+ return 0, err
+ }
+ }
+ n, err = c.Conn.Read(b)
+ c.BytesReadFromDeadline.Add(int32(n))
+ return
+}
+
+func (c *Conn) Write(b []byte) (n int, err error) {
+ if c.BytesWrittenFromDeadline.Load() > c.WriteThreshold {
+ c.BytesWrittenFromDeadline.Store(0)
+ // we extend the read deadline too, not sure it's necessary,
+ // but it doesn't hurt
+ err = c.Conn.SetDeadline(time.Now().Add(c.WriteTimeout))
+ if err != nil {
+ return
+ }
+ }
+ n, err = c.Conn.Write(b)
+ c.BytesWrittenFromDeadline.Add(int32(n))
+ return
+}
+
+func newListener(network, addr string, readTimeout, writeTimeout time.Duration) (net.Listener, error) {
+ l, err := net.Listen(network, addr)
+ if err != nil {
+ return nil, err
+ }
+
+ tl := &listener{
+ Listener: l,
+ ReadTimeout: readTimeout,
+ WriteTimeout: writeTimeout,
+ }
+ return tl, nil
+}
diff --git a/internal/util/util.go b/internal/util/util.go
index 82cbbba2..fc61c00d 100644
--- a/internal/util/util.go
+++ b/internal/util/util.go
@@ -23,7 +23,6 @@ import (
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
- "crypto/subtle"
"crypto/tls"
"crypto/x509"
"encoding/hex"
@@ -31,7 +30,6 @@ import (
"encoding/pem"
"errors"
"fmt"
- "hash"
"io"
"io/fs"
"math"
@@ -52,7 +50,7 @@ import (
"unsafe"
"github.com/google/uuid"
- "github.com/lithammer/shortuuid/v4"
+ "github.com/lithammer/shortuuid/v3"
"golang.org/x/crypto/ssh"
"github.com/drakkan/sftpgo/v2/internal/logger"
@@ -132,6 +130,16 @@ var bytesSizeTable = map[string]uint64{
"e": eByte,
}
+// Contains reports whether v is present in elems.
+func Contains[T comparable](elems []T, v T) bool {
+ for _, s := range elems {
+ if v == s {
+ return true
+ }
+ }
+ return false
+}
+
// IsStringPrefixInSlice searches a string prefix in a slice and returns true
// if a matching prefix is found
func IsStringPrefixInSlice(obj string, list []string) bool {
@@ -163,48 +171,6 @@ func RemoveDuplicates(obj []string, trim bool) []string {
return obj[:validIdx]
}
-// IsNameValid validates that a name/username contains only safe characters.
-func IsNameValid(name string) bool {
- if name == "" {
- return false
- }
- if len(name) > 255 {
- return false
- }
- for _, r := range name {
- if unicode.IsControl(r) {
- return false
- }
-
- switch r {
- case '/', '\\':
- return false
- case ':', '*', '?', '"', '<', '>', '|':
- return false
- }
- }
-
- if name == "." || name == ".." {
- return false
- }
-
- upperName := strings.ToUpper(name)
- baseName := strings.Split(upperName, ".")[0]
-
- switch baseName {
- case "CON", "PRN", "AUX", "NUL",
- "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9",
- "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9":
- return false
- }
-
- if strings.HasSuffix(name, " ") || strings.HasSuffix(name, ".") {
- return false
- }
-
- return true
-}
-
// GetTimeAsMsSinceEpoch returns unix timestamp as milliseconds from a time struct
func GetTimeAsMsSinceEpoch(t time.Time) int64 {
return t.UnixMilli()
@@ -279,7 +245,7 @@ func ParseBytes(s string) (int64, error) {
lastDigit := 0
hasComma := false
for _, r := range s {
- if !unicode.IsDigit(r) && r != '.' && r != ',' {
+ if !(unicode.IsDigit(r) || r == '.' || r == ',') {
break
}
if r == ',' {
@@ -290,7 +256,7 @@ func ParseBytes(s string) (int64, error) {
num := s[:lastDigit]
if hasComma {
- num = strings.ReplaceAll(num, ",", "")
+ num = strings.Replace(num, ",", "", -1)
}
f, err := strconv.ParseFloat(num, 64)
@@ -533,7 +499,10 @@ func GetDirsForVirtualPath(virtualPath string) []string {
}
}
dirsForPath := []string{virtualPath}
- for virtualPath != "/" {
+ for {
+ if virtualPath == "/" {
+ break
+ }
virtualPath = path.Dir(virtualPath)
dirsForPath = append(dirsForPath, virtualPath)
}
@@ -548,7 +517,7 @@ func CleanPath(p string) string {
// CleanPathWithBase returns a clean POSIX (/) absolute path to work with.
// The specified base will be used if the provided path is not absolute
func CleanPathWithBase(base, p string) string {
- p = strings.ReplaceAll(p, "\\", "/")
+ p = filepath.ToSlash(p)
if !path.IsAbs(p) {
p = path.Join(base, p)
}
@@ -609,7 +578,7 @@ func GenerateOpaqueString() string {
return hex.EncodeToString(randomBytes[:])
}
-// GenerateUniqueID returns an unique ID
+// GenerateUniqueID retuens an unique ID
func GenerateUniqueID() string {
u, err := uuid.NewRandom()
if err != nil {
@@ -620,10 +589,7 @@ func GenerateUniqueID() string {
// HTTPListenAndServe is a wrapper for ListenAndServe that support both tcp
// and Unix-domain sockets
-func HTTPListenAndServe(srv *http.Server, address string, port int, isTLS bool,
- listenerWrapper func(net.Listener) (net.Listener, error),
- logSender string,
-) error {
+func HTTPListenAndServe(srv *http.Server, address string, port int, isTLS bool, logSender string) error {
var listener net.Listener
var err error
@@ -637,7 +603,7 @@ func HTTPListenAndServe(srv *http.Server, address string, port int, isTLS bool,
logger.Error(logSender, "", "error creating Unix-domain socket parent dir: %v", err)
}
os.Remove(address)
- listener, err = net.Listen("unix", address)
+ listener, err = newListener("unix", address, srv.ReadTimeout, srv.WriteTimeout)
if err == nil {
// should a chmod err be fatal?
if errChmod := os.Chmod(address, 0770); errChmod != nil {
@@ -646,17 +612,12 @@ func HTTPListenAndServe(srv *http.Server, address string, port int, isTLS bool,
}
} else {
CheckTCP4Port(port)
- listener, err = net.Listen("tcp", fmt.Sprintf("%s:%d", address, port))
+ listener, err = newListener("tcp", fmt.Sprintf("%s:%d", address, port), srv.ReadTimeout, srv.WriteTimeout)
}
if err != nil {
return err
}
- if listenerWrapper != nil {
- listener, err = listenerWrapper(listener)
- if err != nil {
- return err
- }
- }
+
logger.Info(logSender, "", "server listener registered, address: %s TLS enabled: %t", listener.Addr().String(), isTLS)
defer listener.Close()
@@ -677,11 +638,6 @@ func GetTLSCiphersFromNames(cipherNames []string) []uint16 {
ciphers = append(ciphers, c.ID)
}
}
- for _, c := range tls.InsecureCipherSuites() {
- if c.Name == strings.TrimSpace(name) {
- ciphers = append(ciphers, c.ID)
- }
- }
}
if len(ciphers) == 0 {
@@ -775,7 +731,7 @@ func GetRealIP(r *http.Request, header string, depth int) string {
var ipAddresses []string
for _, h := range r.Header.Values(header) {
- for ipStr := range strings.SplitSeq(h, ",") {
+ for _, ipStr := range strings.Split(h, ",") {
ipStr = strings.TrimSpace(ipStr)
ipAddresses = append(ipAddresses, ipStr)
}
@@ -843,9 +799,7 @@ func GetRedactedURL(rawurl string) string {
return u.Redacted()
}
-// GetTLSVersion returns the TLS version from an integer value:
-// - 10 means TLS 1.0
-// - 11 means TLS 1.1
+// GetTLSVersion returns the TLS version for integer:
// - 12 means TLS 1.2
// - 13 means TLS 1.3
// default is TLS 1.2
@@ -853,10 +807,6 @@ func GetTLSVersion(val int) uint16 {
switch val {
case 13:
return tls.VersionTLS13
- case 11:
- return tls.VersionTLS11
- case 10:
- return tls.VersionTLS10
default:
return tls.VersionTLS12
}
@@ -974,40 +924,3 @@ func SlicesEqual(s1, s2 []string) bool {
return true
}
-
-// VerifyFileChecksum computes the hash of the given file using the provided
-// hash algorithm and compares it against the expected checksum (in hex format).
-// It returns an error if the checksum does not match or if the operation fails.
-func VerifyFileChecksum(filePath string, h hash.Hash, expectedHex string, maxSize int64) error {
- expected, err := hex.DecodeString(expectedHex)
- if err != nil {
- return fmt.Errorf("invalid checksum %q: %w", expectedHex, err)
- }
-
- f, err := os.Open(filePath)
- if err != nil {
- return err
- }
- defer f.Close()
-
- if maxSize > 0 {
- fi, err := f.Stat()
- if err != nil {
- return err
- }
- if fi.Size() > maxSize {
- return fmt.Errorf("file too large: %s", ByteCountIEC(fi.Size()))
- }
- }
-
- if _, err := io.Copy(h, f); err != nil {
- return err
- }
-
- actual := h.Sum(nil)
- if subtle.ConstantTimeCompare(actual, expected) != 1 {
- return errors.New("checksum mismatch")
- }
-
- return nil
-}
diff --git a/internal/version/version.go b/internal/version/version.go
index c9e066ea..cd2e96f4 100644
--- a/internal/version/version.go
+++ b/internal/version/version.go
@@ -18,7 +18,7 @@ package version
import "strings"
const (
- version = "2.7.99-dev"
+ version = "2.6.4"
appName = "SFTPGo"
)
diff --git a/internal/vfs/azblobfs.go b/internal/vfs/azblobfs.go
index 46b7ae78..3d4e92c1 100644
--- a/internal/vfs/azblobfs.go
+++ b/internal/vfs/azblobfs.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build !noazblob
+// +build !noazblob
package vfs
@@ -38,10 +39,10 @@ import (
"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
- "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/blob"
"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/blockblob"
"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/container"
+ "github.com/eikenb/pipeat"
"github.com/google/uuid"
"github.com/pkg/sftp"
@@ -103,6 +104,10 @@ func NewAzBlobFs(connectionID, localTempDir, mountPath string, config AzBlobFsCo
return fs.initFromSASURL()
}
+ credential, err := blob.NewSharedKeyCredential(fs.config.AccountName, fs.config.AccountKey.GetPayload())
+ if err != nil {
+ return fs, fmt.Errorf("invalid credentials: %v", err)
+ }
var endpoint string
if fs.config.UseEmulator {
endpoint = fmt.Sprintf("%s/%s", fs.config.Endpoint, fs.config.AccountName)
@@ -110,25 +115,9 @@ func NewAzBlobFs(connectionID, localTempDir, mountPath string, config AzBlobFsCo
endpoint = fmt.Sprintf("https://%s.%s/", fs.config.AccountName, fs.config.Endpoint)
}
containerURL := runtime.JoinPaths(endpoint, fs.config.Container)
- if fs.config.AccountKey.GetPayload() != "" {
- credential, err := blob.NewSharedKeyCredential(fs.config.AccountName, fs.config.AccountKey.GetPayload())
- if err != nil {
- return fs, fmt.Errorf("invalid credentials: %v", err)
- }
- svc, err := container.NewClientWithSharedKeyCredential(containerURL, credential, getAzContainerClientOptions())
- if err != nil {
- return fs, fmt.Errorf("unable to create the storage client using shared key credentials: %v", err)
- }
- fs.containerClient = svc
- return fs, err
- }
- credential, err := azidentity.NewDefaultAzureCredential(nil)
+ svc, err := container.NewClientWithSharedKeyCredential(containerURL, credential, getAzContainerClientOptions())
if err != nil {
- return fs, fmt.Errorf("invalid default azure credentials: %v", err)
- }
- svc, err := container.NewClient(containerURL, credential, getAzContainerClientOptions())
- if err != nil {
- return fs, fmt.Errorf("unable to create the storage client using azure credentials: %v", err)
+ return fs, fmt.Errorf("invalid credentials: %v", err)
}
fs.containerClient = svc
return fs, err
@@ -197,11 +186,7 @@ func (fs *AzureBlobFs) Stat(name string) (os.FileInfo, error) {
if val := getAzureLastModified(attrs.Metadata); val > 0 {
lastModified = util.GetTimeFromMsecSinceEpoch(val)
}
- info := NewFileInfo(name, isDir, util.GetIntFromPointer(attrs.ContentLength), lastModified, false)
- if !isDir {
- info.setMetadataFromPointerVal(attrs.Metadata)
- }
- return info, nil
+ return NewFileInfo(name, isDir, util.GetIntFromPointer(attrs.ContentLength), lastModified, false), nil
}
if !fs.IsNotExist(err) {
return nil, err
@@ -224,7 +209,7 @@ func (fs *AzureBlobFs) Lstat(name string) (os.FileInfo, error) {
// Open opens the named file for reading
func (fs *AzureBlobFs) Open(name string, offset int64) (File, PipeReader, func(), error) {
- r, w, err := createPipeFn(fs.localTempDir, fs.config.DownloadPartSize*int64(fs.config.DownloadConcurrency)+1)
+ r, w, err := pipeat.PipeInDir(fs.localTempDir)
if err != nil {
return nil, nil, nil, err
}
@@ -252,7 +237,7 @@ func (fs *AzureBlobFs) Create(name string, flag, checks int) (File, PipeWriter,
return nil, nil, nil, err
}
}
- r, w, err := createPipeFn(fs.localTempDir, fs.config.UploadPartSize+1024*1024)
+ r, w, err := pipeat.PipeInDir(fs.localTempDir)
if err != nil {
return nil, nil, nil, err
}
@@ -317,21 +302,19 @@ func (fs *AzureBlobFs) Create(name string, flag, checks int) (File, PipeWriter,
}
// Rename renames (moves) source to target.
-func (fs *AzureBlobFs) Rename(source, target string, checks int) (int, int64, error) {
+func (fs *AzureBlobFs) Rename(source, target string) (int, int64, error) {
if source == target {
return -1, -1, nil
}
- if checks&CheckParentDir != 0 {
- _, err := fs.Stat(path.Dir(target))
- if err != nil {
- return -1, -1, err
- }
+ _, err := fs.Stat(path.Dir(target))
+ if err != nil {
+ return -1, -1, err
}
fi, err := fs.Stat(source)
if err != nil {
return -1, -1, err
}
- return fs.renameInternal(source, target, fi, 0, checks&CheckUpdateModTime != 0)
+ return fs.renameInternal(source, target, fi, 0)
}
// Remove removes the named file or (empty) directory.
@@ -413,7 +396,7 @@ func (fs *AzureBlobFs) Chtimes(name string, _, mtime time.Time, isUploading bool
}
found := false
for k := range metadata {
- if strings.EqualFold(k, lastModifiedField) {
+ if strings.ToLower(k) == lastModifiedField {
metadata[k] = to.Ptr(strconv.FormatInt(mtime.UnixMilli(), 10))
found = true
break
@@ -560,7 +543,7 @@ func (fs *AzureBlobFs) GetDirSize(dirname string) (int, int64, error) {
metric.AZListObjectsCompleted(err)
return numFiles, size, err
}
- for _, blobItem := range resp.Segment.BlobItems {
+ for _, blobItem := range resp.ListBlobsFlatSegmentResponse.Segment.BlobItems {
if blobItem.Properties != nil {
contentType := util.GetStringFromPointer(blobItem.Properties.ContentType)
isDir := checkDirectoryMarkers(contentType, blobItem.Metadata)
@@ -628,7 +611,7 @@ func (fs *AzureBlobFs) Walk(root string, walkFn filepath.WalkFunc) error {
metric.AZListObjectsCompleted(err)
return err
}
- for _, blobItem := range resp.Segment.BlobItems {
+ for _, blobItem := range resp.ListBlobsFlatSegmentResponse.Segment.BlobItems {
name := util.GetStringFromPointer(blobItem.Name)
if fs.isEqual(name, prefix) {
continue
@@ -669,18 +652,18 @@ func (*AzureBlobFs) HasVirtualFolders() bool {
// ResolvePath returns the matching filesystem path for the specified sftp path
func (fs *AzureBlobFs) ResolvePath(virtualPath string) (string, error) {
if fs.mountPath != "" {
- if after, found := strings.CutPrefix(virtualPath, fs.mountPath); found {
- virtualPath = after
- }
+ virtualPath = strings.TrimPrefix(virtualPath, fs.mountPath)
+ }
+ if !path.IsAbs(virtualPath) {
+ virtualPath = path.Clean("/" + virtualPath)
}
- virtualPath = path.Clean("/" + virtualPath)
return fs.Join(fs.config.KeyPrefix, strings.TrimPrefix(virtualPath, "/")), nil
}
// CopyFile implements the FsFileCopier interface
-func (fs *AzureBlobFs) CopyFile(source, target string, srcInfo os.FileInfo) (int, int64, error) {
+func (fs *AzureBlobFs) CopyFile(source, target string, srcSize int64) (int, int64, error) {
numFiles := 1
- sizeDiff := srcInfo.Size()
+ sizeDiff := srcSize
attrs, err := fs.headObject(target)
if err == nil {
sizeDiff -= util.GetIntFromPointer(attrs.ContentLength)
@@ -690,7 +673,7 @@ func (fs *AzureBlobFs) CopyFile(source, target string, srcInfo os.FileInfo) (int
return 0, 0, err
}
}
- if err := fs.copyFileInternal(source, target, srcInfo, true); err != nil {
+ if err := fs.copyFileInternal(source, target); err != nil {
return 0, 0, err
}
return numFiles, sizeDiff, nil
@@ -773,13 +756,13 @@ func (fs *AzureBlobFs) setConfigDefaults() {
}
}
-func (fs *AzureBlobFs) copyFileInternal(source, target string, srcInfo os.FileInfo, updateModTime bool) error {
+func (fs *AzureBlobFs) copyFileInternal(source, target string) error {
ctx, cancelFn := context.WithDeadline(context.Background(), time.Now().Add(fs.ctxLongTimeout))
defer cancelFn()
srcBlob := fs.containerClient.NewBlockBlobClient(source)
dstBlob := fs.containerClient.NewBlockBlobClient(target)
- resp, err := dstBlob.StartCopyFromURL(ctx, srcBlob.URL(), fs.getCopyOptions(srcInfo, updateModTime))
+ resp, err := dstBlob.StartCopyFromURL(ctx, srcBlob.URL(), fs.getCopyOptions())
if err != nil {
metric.AZCopyObjectCompleted(err)
return err
@@ -812,13 +795,11 @@ func (fs *AzureBlobFs) copyFileInternal(source, target string, srcInfo os.FileIn
return nil
}
-func (fs *AzureBlobFs) renameInternal(source, target string, srcInfo os.FileInfo, recursion int,
- updateModTime bool,
-) (int, int64, error) {
+func (fs *AzureBlobFs) renameInternal(source, target string, fi os.FileInfo, recursion int) (int, int64, error) {
var numFiles int
var filesSize int64
- if srcInfo.IsDir() {
+ if fi.IsDir() {
if renameMode == 0 {
hasContents, err := fs.hasContents(source)
if err != nil {
@@ -832,7 +813,7 @@ func (fs *AzureBlobFs) renameInternal(source, target string, srcInfo os.FileInfo
return numFiles, filesSize, err
}
if renameMode == 1 {
- files, size, err := doRecursiveRename(fs, source, target, fs.renameInternal, recursion, updateModTime)
+ files, size, err := doRecursiveRename(fs, source, target, fs.renameInternal, recursion)
numFiles += files
filesSize += size
if err != nil {
@@ -840,13 +821,13 @@ func (fs *AzureBlobFs) renameInternal(source, target string, srcInfo os.FileInfo
}
}
} else {
- if err := fs.copyFileInternal(source, target, srcInfo, updateModTime); err != nil {
+ if err := fs.copyFileInternal(source, target); err != nil {
return numFiles, filesSize, err
}
numFiles++
- filesSize += srcInfo.Size()
+ filesSize += fi.Size()
}
- err := fs.skipNotExistErr(fs.Remove(source, srcInfo.IsDir()))
+ err := fs.skipNotExistErr(fs.Remove(source, fi.IsDir()))
return numFiles, filesSize, err
}
@@ -885,7 +866,7 @@ func (fs *AzureBlobFs) hasContents(name string) (bool, error) {
return result, err
}
- result = len(resp.Segment.BlobItems) > 0
+ result = len(resp.ListBlobsFlatSegmentResponse.Segment.BlobItems) > 0
}
metric.AZListObjectsCompleted(nil)
@@ -908,14 +889,15 @@ func (fs *AzureBlobFs) downloadPart(ctx context.Context, blockBlob *blockblob.Cl
if err != nil {
return err
}
- defer resp.Body.Close()
+ defer resp.DownloadResponse.Body.Close()
- _, err = io.ReadAtLeast(resp.Body, buf, int(count))
+ _, err = io.ReadAtLeast(resp.DownloadResponse.Body, buf, int(count))
if err != nil {
return err
}
- return writeAtFull(w, buf, writeOffset, int(count))
+ _, err = fs.writeAtFull(w, buf, writeOffset, int(count))
+ return err
}
func (fs *AzureBlobFs) handleMultipartDownload(ctx context.Context, blockBlob *blockblob.Client,
@@ -945,8 +927,6 @@ func (fs *AzureBlobFs) handleMultipartDownload(ctx context.Context, blockBlob *b
guard := make(chan struct{}, fs.config.DownloadConcurrency)
blockCtxTimeout := time.Duration(fs.config.DownloadPartSize/(1024*1024)) * time.Minute
pool := newBufferAllocator(int(partSize))
- defer pool.free()
-
finished := false
var wg sync.WaitGroup
var errOnce sync.Once
@@ -1000,6 +980,7 @@ func (fs *AzureBlobFs) handleMultipartDownload(ctx context.Context, blockBlob *b
wg.Wait()
close(guard)
+ pool.free()
return poolError
}
@@ -1014,8 +995,6 @@ func (fs *AzureBlobFs) handleMultipartUpload(ctx context.Context, reader io.Read
// sync.Pool seems to use a lot of memory so prefer our own, very simple, allocator
// we only need to recycle few byte slices
pool := newBufferAllocator(int(partSize))
- defer pool.free()
-
finished := false
var blocks []string
var wg sync.WaitGroup
@@ -1026,17 +1005,10 @@ func (fs *AzureBlobFs) handleMultipartUpload(ctx context.Context, reader io.Read
poolCtx, poolCancel := context.WithCancel(ctx)
defer poolCancel()
- finalizeFailedUpload := func(err error) {
- fsLog(fs, logger.LevelDebug, "multipart upload error: %+v", err)
- hasError.Store(true)
- poolError = fmt.Errorf("multipart upload error: %w", err)
- poolCancel()
- }
-
for part := 0; !finished; part++ {
buf := pool.getBuffer()
- n, err := readFill(reader, buf)
+ n, err := fs.readFill(reader, buf)
if err == io.EOF {
// read finished, if n > 0 we need to process the last data chunck
if n == 0 {
@@ -1046,10 +1018,8 @@ func (fs *AzureBlobFs) handleMultipartUpload(ctx context.Context, reader io.Read
finished = true
} else if err != nil {
pool.releaseBuffer(buf)
- errOnce.Do(func() {
- finalizeFailedUpload(err)
- })
- break
+ pool.free()
+ return err
}
// Block IDs are unique values to avoid issue if 2+ clients are uploading blocks
@@ -1057,10 +1027,8 @@ func (fs *AzureBlobFs) handleMultipartUpload(ctx context.Context, reader io.Read
generatedUUID, err := uuid.NewRandom()
if err != nil {
pool.releaseBuffer(buf)
- errOnce.Do(func() {
- finalizeFailedUpload(err)
- })
- break
+ pool.free()
+ return fmt.Errorf("unable to generate block ID: %w", err)
}
blockID := base64.StdEncoding.EncodeToString([]byte(generatedUUID.String()))
blocks = append(blocks, blockID)
@@ -1090,7 +1058,9 @@ func (fs *AzureBlobFs) handleMultipartUpload(ctx context.Context, reader io.Read
if err != nil {
errOnce.Do(func() {
fsLog(fs, logger.LevelDebug, "multipart upload error: %+v", err)
- finalizeFailedUpload(err)
+ hasError.Store(true)
+ poolError = fmt.Errorf("multipart upload error: %w", err)
+ poolCancel()
})
}
}(blockID, buf, n)
@@ -1098,6 +1068,7 @@ func (fs *AzureBlobFs) handleMultipartUpload(ctx context.Context, reader io.Read
wg.Wait()
close(guard)
+ pool.free()
if poolError != nil {
return poolError
@@ -1115,27 +1086,33 @@ func (fs *AzureBlobFs) handleMultipartUpload(ctx context.Context, reader io.Read
return err
}
-func (fs *AzureBlobFs) getCopyOptions(srcInfo os.FileInfo, updateModTime bool) *blob.StartCopyFromURLOptions {
+func (*AzureBlobFs) writeAtFull(w io.WriterAt, buf []byte, offset int64, count int) (int, error) {
+ written := 0
+ for written < count {
+ n, err := w.WriteAt(buf[written:count], offset+int64(written))
+ written += n
+ if err != nil {
+ return written, err
+ }
+ }
+ return written, nil
+}
+
+// copied from rclone
+func (*AzureBlobFs) readFill(r io.Reader, buf []byte) (n int, err error) {
+ var nn int
+ for n < len(buf) && err == nil {
+ nn, err = r.Read(buf[n:])
+ n += nn
+ }
+ return n, err
+}
+
+func (fs *AzureBlobFs) getCopyOptions() *blob.StartCopyFromURLOptions {
copyOptions := &blob.StartCopyFromURLOptions{}
if fs.config.AccessTier != "" {
copyOptions.Tier = (*blob.AccessTier)(&fs.config.AccessTier)
}
- if updateModTime {
- metadata := make(map[string]*string)
- for k, v := range getMetadata(srcInfo) {
- if v != "" {
- if strings.EqualFold(k, lastModifiedField) {
- metadata[k] = to.Ptr("0")
- } else {
- metadata[k] = to.Ptr(v)
- }
- }
- }
- if len(metadata) > 0 {
- copyOptions.Metadata = metadata
- }
- }
-
return copyOptions
}
@@ -1158,8 +1135,8 @@ func checkDirectoryMarkers(contentType string, metadata map[string]*string) bool
return true
}
for k, v := range metadata {
- if strings.EqualFold(k, azFolderKey) {
- return strings.EqualFold(util.GetStringFromPointer(v), "true")
+ if strings.ToLower(k) == azFolderKey {
+ return strings.ToLower(util.GetStringFromPointer(v)) == "true"
}
}
return false
@@ -1175,6 +1152,66 @@ func getAzContainerClientOptions() *container.ClientOptions {
}
}
+type bytesReaderWrapper struct {
+ *bytes.Reader
+}
+
+func (b *bytesReaderWrapper) Close() error {
+ return nil
+}
+
+type bufferAllocator struct {
+ sync.Mutex
+ available [][]byte
+ bufferSize int
+ finalized bool
+}
+
+func newBufferAllocator(size int) *bufferAllocator {
+ return &bufferAllocator{
+ bufferSize: size,
+ finalized: false,
+ }
+}
+
+func (b *bufferAllocator) getBuffer() []byte {
+ b.Lock()
+ defer b.Unlock()
+
+ if len(b.available) > 0 {
+ var result []byte
+
+ truncLength := len(b.available) - 1
+ result = b.available[truncLength]
+
+ b.available[truncLength] = nil
+ b.available = b.available[:truncLength]
+
+ return result
+ }
+
+ return make([]byte, b.bufferSize)
+}
+
+func (b *bufferAllocator) releaseBuffer(buf []byte) {
+ b.Lock()
+ defer b.Unlock()
+
+ if b.finalized || len(buf) != b.bufferSize {
+ return
+ }
+
+ b.available = append(b.available, buf)
+}
+
+func (b *bufferAllocator) free() {
+ b.Lock()
+ defer b.Unlock()
+
+ b.available = nil
+ b.finalized = true
+}
+
type azureBlobDirLister struct {
baseDirLister
paginator *runtime.Pager[container.ListBlobsHierarchyResponse]
@@ -1207,7 +1244,7 @@ func (l *azureBlobDirLister) Next(limit int) ([]os.FileInfo, error) {
return l.cache, err
}
- for _, blobPrefix := range page.Segment.BlobPrefixes {
+ for _, blobPrefix := range page.ListBlobsHierarchySegmentResponse.Segment.BlobPrefixes {
name := util.GetStringFromPointer(blobPrefix.Name)
// we don't support prefixes == "/" this will be sent if a key starts with "/"
if name == "" || name == "/" {
@@ -1222,12 +1259,11 @@ func (l *azureBlobDirLister) Next(limit int) ([]os.FileInfo, error) {
l.prefixes[strings.TrimSuffix(name, "/")] = true
}
- for _, blobItem := range page.Segment.BlobItems {
+ for _, blobItem := range page.ListBlobsHierarchySegmentResponse.Segment.BlobItems {
name := util.GetStringFromPointer(blobItem.Name)
name = strings.TrimPrefix(name, l.prefix)
size := int64(0)
isDir := false
- var metadata map[string]*string
modTime := time.Unix(0, 0)
if blobItem.Properties != nil {
size = util.GetIntFromPointer(blobItem.Properties.ContentLength)
@@ -1240,16 +1276,12 @@ func (l *azureBlobDirLister) Next(limit int) ([]os.FileInfo, error) {
continue
}
l.prefixes[name] = true
- } else {
- metadata = blobItem.Metadata
}
if val := getAzureLastModified(blobItem.Metadata); val > 0 {
modTime = util.GetTimeFromMsecSinceEpoch(val)
}
}
- info := NewFileInfo(name, isDir, size, modTime, false)
- info.setMetadataFromPointerVal(metadata)
- l.cache = append(l.cache, info)
+ l.cache = append(l.cache, NewFileInfo(name, isDir, size, modTime, false))
}
return l.returnFromCache(limit), nil
diff --git a/internal/vfs/azblobfs_disabled.go b/internal/vfs/azblobfs_disabled.go
index 35b83e2b..34639d3d 100644
--- a/internal/vfs/azblobfs_disabled.go
+++ b/internal/vfs/azblobfs_disabled.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build noazblob
+// +build noazblob
package vfs
diff --git a/internal/vfs/cryptfs.go b/internal/vfs/cryptfs.go
index 8e76da30..3f20fb37 100644
--- a/internal/vfs/cryptfs.go
+++ b/internal/vfs/cryptfs.go
@@ -24,6 +24,7 @@ import (
"net/http"
"os"
+ "github.com/eikenb/pipeat"
"github.com/minio/sio"
"golang.org/x/crypto/hkdf"
@@ -59,8 +60,8 @@ func NewCryptFs(connectionID, rootDir, mountPath string, config CryptFsConfig) (
connectionID: connectionID,
rootDir: rootDir,
mountPath: getMountPath(mountPath),
- readBufferSize: config.ReadBufferSize * 1024 * 1024,
- writeBufferSize: config.WriteBufferSize * 1024 * 1024,
+ readBufferSize: config.OSFsConfig.ReadBufferSize * 1024 * 1024,
+ writeBufferSize: config.OSFsConfig.WriteBufferSize * 1024 * 1024,
},
masterKey: []byte(config.Passphrase.GetPayload()),
}
@@ -88,7 +89,7 @@ func (fs *CryptFs) Open(name string, offset int64) (File, PipeReader, func(), er
f.Close()
return nil, nil, nil, err
}
- r, w, err := createPipeFn(fs.localTempDir, 0)
+ r, w, err := pipeat.PipeInDir(fs.localTempDir)
if err != nil {
f.Close()
return nil, nil, nil, err
@@ -174,7 +175,7 @@ func (fs *CryptFs) Create(name string, _, _ int) (File, PipeWriter, func(), erro
f.Close()
return nil, nil, nil, err
}
- r, w, err := createPipeFn(fs.localTempDir, 0)
+ r, w, err := pipeat.PipeInDir(fs.localTempDir)
if err != nil {
f.Close()
return nil, nil, nil, err
diff --git a/internal/vfs/fileinfo.go b/internal/vfs/fileinfo.go
index c27fbf79..a6079443 100644
--- a/internal/vfs/fileinfo.go
+++ b/internal/vfs/fileinfo.go
@@ -18,8 +18,6 @@ import (
"os"
"path"
"time"
-
- "github.com/drakkan/sftpgo/v2/internal/util"
)
// FileInfo implements os.FileInfo for a Cloud Storage file.
@@ -28,7 +26,6 @@ type FileInfo struct {
sizeInBytes int64
modTime time.Time
mode os.FileMode
- metadata map[string]string
}
// NewFileInfo creates file info.
@@ -82,36 +79,5 @@ func (fi *FileInfo) SetMode(mode os.FileMode) {
// Sys provides the underlying data source (can return nil)
func (fi *FileInfo) Sys() any {
- return fi.metadata
-}
-
-func (fi *FileInfo) setMetadata(value map[string]string) {
- fi.metadata = value
-}
-
-func (fi *FileInfo) setMetadataFromPointerVal(value map[string]*string) {
- if len(value) == 0 {
- fi.metadata = nil
- return
- }
-
- fi.metadata = map[string]string{}
- for k, v := range value {
- val := util.GetStringFromPointer(v)
- if val != "" {
- fi.metadata[k] = val
- }
- }
-}
-
-func getMetadata(fi os.FileInfo) map[string]string {
- if fi.Sys() == nil {
- return nil
- }
- if val, ok := fi.Sys().(map[string]string); ok {
- if len(val) > 0 {
- return val
- }
- }
return nil
}
diff --git a/internal/vfs/filesystem.go b/internal/vfs/filesystem.go
index 59ce47dd..95b3df40 100644
--- a/internal/vfs/filesystem.go
+++ b/internal/vfs/filesystem.go
@@ -20,7 +20,6 @@ import (
"github.com/sftpgo/sdk"
"github.com/drakkan/sftpgo/v2/internal/kms"
- "github.com/drakkan/sftpgo/v2/internal/util"
)
// Filesystem defines filesystem details
@@ -39,7 +38,6 @@ type Filesystem struct {
// SetEmptySecrets sets the secrets to empty
func (f *Filesystem) SetEmptySecrets() {
f.S3Config.AccessSecret = kms.NewEmptySecret()
- f.S3Config.SSECustomerKey = kms.NewEmptySecret()
f.GCSConfig.Credentials = kms.NewEmptySecret()
f.AzBlobConfig.AccountKey = kms.NewEmptySecret()
f.AzBlobConfig.SASURL = kms.NewEmptySecret()
@@ -56,9 +54,6 @@ func (f *Filesystem) SetEmptySecretsIfNil() {
if f.S3Config.AccessSecret == nil {
f.S3Config.AccessSecret = kms.NewEmptySecret()
}
- if f.S3Config.SSECustomerKey == nil {
- f.S3Config.SSECustomerKey = kms.NewEmptySecret()
- }
if f.GCSConfig.Credentials == nil {
f.GCSConfig.Credentials = kms.NewEmptySecret()
}
@@ -95,9 +90,6 @@ func (f *Filesystem) SetNilSecretsIfEmpty() {
if f.S3Config.AccessSecret != nil && f.S3Config.AccessSecret.IsEmpty() {
f.S3Config.AccessSecret = nil
}
- if f.S3Config.SSECustomerKey != nil && f.S3Config.SSECustomerKey.IsEmpty() {
- f.S3Config.SSECustomerKey = nil
- }
if f.GCSConfig.Credentials != nil && f.GCSConfig.Credentials.IsEmpty() {
f.GCSConfig.Credentials = nil
}
@@ -240,7 +232,8 @@ func (f *Filesystem) Validate(additionalData string) error {
f.CryptConfig = CryptFsConfig{}
f.SFTPConfig = SFTPFsConfig{}
return nil
- case sdk.LocalFilesystemProvider:
+ default:
+ f.Provider = sdk.LocalFilesystemProvider
f.S3Config = S3FsConfig{}
f.GCSConfig = GCSFsConfig{}
f.AzBlobConfig = AzBlobFsConfig{}
@@ -248,11 +241,6 @@ func (f *Filesystem) Validate(additionalData string) error {
f.SFTPConfig = SFTPFsConfig{}
f.HTTPConfig = HTTPFsConfig{}
return validateOSFsConfig(&f.OSConfig)
- default:
- return util.NewI18nError(
- util.NewValidationError("invalid filesystem provider"),
- util.I18nErrorFsValidation,
- )
}
}
@@ -261,9 +249,6 @@ func (f *Filesystem) HasRedactedSecret() bool {
// TODO move vfs specific code into each *FsConfig struct
switch f.Provider {
case sdk.S3FilesystemProvider:
- if f.S3Config.SSECustomerKey.IsRedacted() {
- return true
- }
return f.S3Config.AccessSecret.IsRedacted()
case sdk.GCSFilesystemProvider:
return f.GCSConfig.Credentials.IsRedacted()
@@ -338,8 +323,7 @@ func (f *Filesystem) GetACopy() Filesystem {
ForcePathStyle: f.S3Config.ForcePathStyle,
SkipTLSVerify: f.S3Config.SkipTLSVerify,
},
- AccessSecret: f.S3Config.AccessSecret.Clone(),
- SSECustomerKey: f.S3Config.SSECustomerKey.Clone(),
+ AccessSecret: f.S3Config.AccessSecret.Clone(),
},
GCSConfig: GCSFsConfig{
BaseGCSFsConfig: sdk.BaseGCSFsConfig{
diff --git a/internal/vfs/folder.go b/internal/vfs/folder.go
index 5fcee524..b85d82ff 100644
--- a/internal/vfs/folder.go
+++ b/internal/vfs/folder.go
@@ -107,24 +107,18 @@ func (v *BaseVirtualFolder) HasRedactedSecret() bool {
// hasPathPlaceholder returns true if the folder has a path placeholder
func (v *BaseVirtualFolder) hasPathPlaceholder() bool {
- placeholders := []string{"%username%", "%role%"}
- var config string
+ placeholder := "%username%"
switch v.FsConfig.Provider {
case sdk.S3FilesystemProvider:
- config = v.FsConfig.S3Config.KeyPrefix
+ return strings.Contains(v.FsConfig.S3Config.KeyPrefix, placeholder)
case sdk.GCSFilesystemProvider:
- config = v.FsConfig.GCSConfig.KeyPrefix
+ return strings.Contains(v.FsConfig.GCSConfig.KeyPrefix, placeholder)
case sdk.AzureBlobFilesystemProvider:
- config = v.FsConfig.AzBlobConfig.KeyPrefix
+ return strings.Contains(v.FsConfig.AzBlobConfig.KeyPrefix, placeholder)
case sdk.SFTPFilesystemProvider:
- config = v.FsConfig.SFTPConfig.Prefix
+ return strings.Contains(v.FsConfig.SFTPConfig.Prefix, placeholder)
case sdk.LocalFilesystemProvider, sdk.CryptedFilesystemProvider:
- config = v.MappedPath
- }
- for _, placeholder := range placeholders {
- if strings.Contains(config, placeholder) {
- return true
- }
+ return strings.Contains(v.MappedPath, placeholder)
}
return false
}
diff --git a/internal/vfs/gcsfs.go b/internal/vfs/gcsfs.go
index b3cfa6c2..613e67ff 100644
--- a/internal/vfs/gcsfs.go
+++ b/internal/vfs/gcsfs.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build !nogcs
+// +build !nogcs
package vfs
@@ -31,6 +32,7 @@ import (
"time"
"cloud.google.com/go/storage"
+ "github.com/eikenb/pipeat"
"github.com/pkg/sftp"
"github.com/rs/xid"
"google.golang.org/api/googleapi"
@@ -87,20 +89,13 @@ func NewGCSFs(connectionID, localTempDir, mountPath string, config GCSFsConfig)
}
ctx := context.Background()
if fs.config.AutomaticCredentials > 0 {
- fs.svc, err = storage.NewClient(ctx,
- storage.WithJSONReads(),
- option.WithUserAgent(version.GetVersionHash()),
- )
+ fs.svc, err = storage.NewClient(ctx)
} else {
err = fs.config.Credentials.TryDecrypt()
if err != nil {
return fs, err
}
- fs.svc, err = storage.NewClient(ctx,
- storage.WithJSONReads(),
- option.WithUserAgent(version.GetVersionHash()),
- option.WithAuthCredentialsJSON(option.ServiceAccount, []byte(fs.config.Credentials.GetPayload())),
- )
+ fs.svc, err = storage.NewClient(ctx, option.WithCredentialsJSON([]byte(fs.config.Credentials.GetPayload())))
}
return fs, err
}
@@ -133,7 +128,7 @@ func (fs *GCSFs) Lstat(name string) (os.FileInfo, error) {
// Open opens the named file for reading
func (fs *GCSFs) Open(name string, offset int64) (File, PipeReader, func(), error) {
- r, w, err := createPipeFn(fs.localTempDir, 0)
+ r, w, err := pipeat.PipeInDir(fs.localTempDir)
if err != nil {
return nil, nil, nil, err
}
@@ -181,11 +176,7 @@ func (fs *GCSFs) Create(name string, flag, checks int) (File, PipeWriter, func()
return nil, nil, nil, err
}
}
- chunkSize := googleapi.DefaultUploadChunkSize
- if fs.config.UploadPartSize > 0 {
- chunkSize = int(fs.config.UploadPartSize) * 1024 * 1024
- }
- r, w, err := createPipeFn(fs.localTempDir, int64(chunkSize+1024*1024))
+ r, w, err := pipeat.PipeInDir(fs.localTempDir)
if err != nil {
return nil, nil, nil, err
}
@@ -229,7 +220,9 @@ func (fs *GCSFs) Create(name string, flag, checks int) (File, PipeWriter, func()
objectWriter = obj.NewWriter(ctx)
}
- objectWriter.ChunkSize = chunkSize
+ if fs.config.UploadPartSize > 0 {
+ objectWriter.ChunkSize = int(fs.config.UploadPartSize) * 1024 * 1024
+ }
if fs.config.UploadPartMaxTime > 0 {
objectWriter.ChunkRetryDeadline = time.Duration(fs.config.UploadPartMaxTime) * time.Second
}
@@ -262,21 +255,19 @@ func (fs *GCSFs) Create(name string, flag, checks int) (File, PipeWriter, func()
}
// Rename renames (moves) source to target.
-func (fs *GCSFs) Rename(source, target string, checks int) (int, int64, error) {
+func (fs *GCSFs) Rename(source, target string) (int, int64, error) {
if source == target {
return -1, -1, nil
}
- if checks&CheckParentDir != 0 {
- _, err := fs.Stat(path.Dir(target))
- if err != nil {
- return -1, -1, err
- }
+ _, err := fs.Stat(path.Dir(target))
+ if err != nil {
+ return -1, -1, err
}
fi, err := fs.getObjectStat(source)
if err != nil {
return -1, -1, err
}
- return fs.renameInternal(source, target, fi, 0, checks&CheckUpdateModTime != 0)
+ return fs.renameInternal(source, target, fi, 0)
}
// Remove removes the named file or (empty) directory.
@@ -428,12 +419,11 @@ func (*GCSFs) IsNotExist(err error) bool {
if err == nil {
return false
}
- if errors.Is(err, storage.ErrObjectNotExist) {
+ if err == storage.ErrObjectNotExist || err == storage.ErrBucketNotExist {
return true
}
- var apiErr *googleapi.Error
- if errors.As(err, &apiErr) {
- if apiErr.Code == http.StatusNotFound {
+ if e, ok := err.(*googleapi.Error); ok {
+ if e.Code == http.StatusNotFound {
return true
}
}
@@ -446,9 +436,8 @@ func (*GCSFs) IsPermission(err error) bool {
if err == nil {
return false
}
- var apiErr *googleapi.Error
- if errors.As(err, &apiErr) {
- if apiErr.Code == http.StatusForbidden || apiErr.Code == http.StatusUnauthorized {
+ if e, ok := err.(*googleapi.Error); ok {
+ if e.Code == http.StatusForbidden || e.Code == http.StatusUnauthorized {
return true
}
}
@@ -631,25 +620,25 @@ func (*GCSFs) Join(elem ...string) string {
}
// HasVirtualFolders returns true if folders are emulated
-func (*GCSFs) HasVirtualFolders() bool {
+func (GCSFs) HasVirtualFolders() bool {
return true
}
// ResolvePath returns the matching filesystem path for the specified virtual path
func (fs *GCSFs) ResolvePath(virtualPath string) (string, error) {
if fs.mountPath != "" {
- if after, found := strings.CutPrefix(virtualPath, fs.mountPath); found {
- virtualPath = after
- }
+ virtualPath = strings.TrimPrefix(virtualPath, fs.mountPath)
+ }
+ if !path.IsAbs(virtualPath) {
+ virtualPath = path.Clean("/" + virtualPath)
}
- virtualPath = path.Clean("/" + virtualPath)
return fs.Join(fs.config.KeyPrefix, strings.TrimPrefix(virtualPath, "/")), nil
}
// CopyFile implements the FsFileCopier interface
-func (fs *GCSFs) CopyFile(source, target string, srcInfo os.FileInfo) (int, int64, error) {
+func (fs *GCSFs) CopyFile(source, target string, srcSize int64) (int, int64, error) {
numFiles := 1
- sizeDiff := srcInfo.Size()
+ sizeDiff := srcSize
var conditions *storage.Conditions
attrs, err := fs.headObject(target)
if err == nil {
@@ -662,7 +651,7 @@ func (fs *GCSFs) CopyFile(source, target string, srcInfo os.FileInfo) (int, int6
}
conditions = &storage.Conditions{DoesNotExist: true}
}
- if err := fs.copyFileInternal(source, target, conditions, srcInfo, true); err != nil {
+ if err := fs.copyFileInternal(source, target, conditions); err != nil {
return 0, 0, err
}
return numFiles, sizeDiff, nil
@@ -690,11 +679,7 @@ func (fs *GCSFs) getObjectStat(name string) (os.FileInfo, error) {
objectModTime = util.GetTimeFromMsecSinceEpoch(val)
}
isDir := attrs.ContentType == dirMimeType || strings.HasSuffix(attrs.Name, "/")
- info := NewFileInfo(name, isDir, objSize, objectModTime, false)
- if !isDir {
- info.setMetadata(attrs.Metadata)
- }
- return info, nil
+ return NewFileInfo(name, isDir, objSize, objectModTime, false), nil
}
if !fs.IsNotExist(err) {
return nil, err
@@ -727,10 +712,10 @@ func (fs *GCSFs) setWriterAttrs(objectWriter *storage.Writer, flag int, name str
contentType = mime.TypeByExtension(path.Ext(name))
}
if contentType != "" {
- objectWriter.ContentType = contentType
+ objectWriter.ObjectAttrs.ContentType = contentType
}
if fs.config.StorageClass != "" {
- objectWriter.StorageClass = fs.config.StorageClass
+ objectWriter.ObjectAttrs.StorageClass = fs.config.StorageClass
}
if fs.config.ACL != "" {
objectWriter.PredefinedACL = fs.config.ACL
@@ -764,9 +749,7 @@ func (fs *GCSFs) composeObjects(ctx context.Context, dst, partialObject *storage
return err
}
-func (fs *GCSFs) copyFileInternal(source, target string, conditions *storage.Conditions,
- srcInfo os.FileInfo, updateModTime bool,
-) error {
+func (fs *GCSFs) copyFileInternal(source, target string, conditions *storage.Conditions) error {
src := fs.svc.Bucket(fs.config.Bucket).Object(source)
dst := fs.svc.Bucket(fs.config.Bucket).Object(target)
if conditions != nil {
@@ -797,25 +780,16 @@ func (fs *GCSFs) copyFileInternal(source, target string, conditions *storage.Con
if contentType != "" {
copier.ContentType = contentType
}
- metadata := getMetadata(srcInfo)
- if updateModTime && len(metadata) > 0 {
- delete(metadata, lastModifiedField)
- }
- if len(metadata) > 0 {
- copier.Metadata = metadata
- }
_, err := copier.Run(ctx)
metric.GCSCopyObjectCompleted(err)
return err
}
-func (fs *GCSFs) renameInternal(source, target string, srcInfo os.FileInfo, recursion int,
- updateModTime bool,
-) (int, int64, error) {
+func (fs *GCSFs) renameInternal(source, target string, fi os.FileInfo, recursion int) (int, int64, error) {
var numFiles int
var filesSize int64
- if srcInfo.IsDir() {
+ if fi.IsDir() {
if renameMode == 0 {
hasContents, err := fs.hasContents(source)
if err != nil {
@@ -829,7 +803,7 @@ func (fs *GCSFs) renameInternal(source, target string, srcInfo os.FileInfo, recu
return numFiles, filesSize, err
}
if renameMode == 1 {
- files, size, err := doRecursiveRename(fs, source, target, fs.renameInternal, recursion, updateModTime)
+ files, size, err := doRecursiveRename(fs, source, target, fs.renameInternal, recursion)
numFiles += files
filesSize += size
if err != nil {
@@ -837,13 +811,13 @@ func (fs *GCSFs) renameInternal(source, target string, srcInfo os.FileInfo, recu
}
}
} else {
- if err := fs.copyFileInternal(source, target, nil, srcInfo, updateModTime); err != nil {
+ if err := fs.copyFileInternal(source, target, nil); err != nil {
return numFiles, filesSize, err
}
numFiles++
- filesSize += srcInfo.Size()
+ filesSize += fi.Size()
}
- err := fs.Remove(source, srcInfo.IsDir())
+ err := fs.Remove(source, fi.IsDir())
if fs.IsNotExist(err) {
err = nil
}
@@ -1028,9 +1002,7 @@ func (l *gcsDirLister) Next(limit int) ([]os.FileInfo, error) {
if val := getLastModified(attrs.Metadata); val > 0 {
modTime = util.GetTimeFromMsecSinceEpoch(val)
}
- info := NewFileInfo(name, isDir, attrs.Size, modTime, false)
- info.setMetadata(attrs.Metadata)
- l.cache = append(l.cache, info)
+ l.cache = append(l.cache, NewFileInfo(name, isDir, attrs.Size, modTime, false))
}
}
diff --git a/internal/vfs/gcsfs_disabled.go b/internal/vfs/gcsfs_disabled.go
index cac24e60..edc0143f 100644
--- a/internal/vfs/gcsfs_disabled.go
+++ b/internal/vfs/gcsfs_disabled.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build nogcs
+// +build nogcs
package vfs
diff --git a/internal/vfs/httpfs.go b/internal/vfs/httpfs.go
index 76aa940c..331f72dc 100644
--- a/internal/vfs/httpfs.go
+++ b/internal/vfs/httpfs.go
@@ -32,6 +32,7 @@ import (
"strings"
"time"
+ "github.com/eikenb/pipeat"
"github.com/pkg/sftp"
"github.com/sftpgo/sdk"
@@ -316,7 +317,7 @@ func (fs *HTTPFs) Lstat(name string) (os.FileInfo, error) {
// Open opens the named file for reading
func (fs *HTTPFs) Open(name string, offset int64) (File, PipeReader, func(), error) {
- r, w, err := createPipeFn(fs.localTempDir, 0)
+ r, w, err := pipeat.PipeInDir(fs.localTempDir)
if err != nil {
return nil, nil, nil, err
}
@@ -350,7 +351,7 @@ func (fs *HTTPFs) Open(name string, offset int64) (File, PipeReader, func(), err
// Create creates or opens the named file for writing
func (fs *HTTPFs) Create(name string, flag, checks int) (File, PipeWriter, func(), error) {
- r, w, err := createPipeFn(fs.localTempDir, 0)
+ r, w, err := pipeat.PipeInDir(fs.localTempDir)
if err != nil {
return nil, nil, nil, err
}
@@ -383,7 +384,7 @@ func (fs *HTTPFs) Create(name string, flag, checks int) (File, PipeWriter, func(
}
// Rename renames (moves) source to target.
-func (fs *HTTPFs) Rename(source, target string, checks int) (int, int64, error) {
+func (fs *HTTPFs) Rename(source, target string) (int, int64, error) {
if source == target {
return -1, -1, nil
}
@@ -396,9 +397,6 @@ func (fs *HTTPFs) Rename(source, target string, checks int) (int, int64, error)
return -1, -1, err
}
defer resp.Body.Close()
- if checks&CheckUpdateModTime != 0 {
- fs.Chtimes(target, time.Now(), time.Now(), false) //nolint:errcheck
- }
return -1, -1, nil
}
@@ -638,11 +636,12 @@ func (*HTTPFs) HasVirtualFolders() bool {
// ResolvePath returns the matching filesystem path for the specified virtual path
func (fs *HTTPFs) ResolvePath(virtualPath string) (string, error) {
if fs.mountPath != "" {
- if after, found := strings.CutPrefix(virtualPath, fs.mountPath); found {
- virtualPath = after
- }
+ virtualPath = strings.TrimPrefix(virtualPath, fs.mountPath)
}
- return path.Clean("/" + virtualPath), nil
+ if !path.IsAbs(virtualPath) {
+ virtualPath = path.Clean("/" + virtualPath)
+ }
+ return virtualPath, nil
}
// GetMimeType returns the content type
diff --git a/internal/vfs/osfs.go b/internal/vfs/osfs.go
index 1f0a502f..affc44f4 100644
--- a/internal/vfs/osfs.go
+++ b/internal/vfs/osfs.go
@@ -24,16 +24,17 @@ import (
"os"
"path"
"path/filepath"
- "slices"
"strings"
"time"
+ "github.com/eikenb/pipeat"
fscopy "github.com/otiai10/copy"
"github.com/pkg/sftp"
"github.com/rs/xid"
"github.com/sftpgo/sdk"
"github.com/drakkan/sftpgo/v2/internal/logger"
+ "github.com/drakkan/sftpgo/v2/internal/util"
)
const (
@@ -115,7 +116,7 @@ func (fs *OsFs) Open(name string, offset int64) (File, PipeReader, func(), error
if fs.readBufferSize <= 0 {
return f, nil, nil, err
}
- r, w, err := createPipeFn(fs.localTempDir, 0)
+ r, w, err := pipeat.PipeInDir(fs.localTempDir)
if err != nil {
f.Close()
return nil, nil, nil, err
@@ -148,7 +149,7 @@ func (fs *OsFs) Create(name string, flag, _ int) (File, PipeWriter, func(), erro
if err != nil {
return nil, nil, nil, err
}
- r, w, err := createPipeFn(fs.localTempDir, 0)
+ r, w, err := pipeat.PipeInDir(fs.localTempDir)
if err != nil {
f.Close()
return nil, nil, nil, err
@@ -175,7 +176,7 @@ func (fs *OsFs) Create(name string, flag, _ int) (File, PipeWriter, func(), erro
}
// Rename renames (moves) source to target
-func (fs *OsFs) Rename(source, target string, checks int) (int, int64, error) {
+func (fs *OsFs) Rename(source, target string) (int, int64, error) {
if source == target {
return -1, -1, nil
}
@@ -198,15 +199,9 @@ func (fs *OsFs) Rename(source, target string, checks int) (int, int64, error) {
fsLog(fs, logger.LevelError, "cross device copy error: %v", err)
return -1, -1, err
}
- if checks&CheckUpdateModTime != 0 {
- fs.Chtimes(target, time.Now(), time.Now(), false) //nolint:errcheck
- }
err = os.RemoveAll(source)
return -1, -1, err
}
- if checks&CheckUpdateModTime != 0 && err == nil {
- fs.Chtimes(target, time.Now(), time.Now(), false) //nolint:errcheck
- }
return -1, -1, err
}
@@ -357,16 +352,12 @@ func (fs *OsFs) GetRelativePath(name string) string {
}
rel, err := filepath.Rel(fs.rootDir, filepath.Clean(name))
if err != nil {
- return virtualPath
+ return ""
}
- rel = filepath.ToSlash(rel)
- if rel == ".." || strings.HasPrefix(rel, "../") {
- return virtualPath
- }
- if rel == "." {
+ if rel == "." || strings.HasPrefix(rel, "..") {
rel = ""
}
- return path.Join(virtualPath, rel)
+ return path.Join(virtualPath, filepath.ToSlash(rel))
}
// Walk walks the file tree rooted at root, calling walkFn for each file or
@@ -386,11 +377,8 @@ func (fs *OsFs) ResolvePath(virtualPath string) (string, error) {
return "", fmt.Errorf("invalid root path %q", fs.rootDir)
}
if fs.mountPath != "" {
- if after, found := strings.CutPrefix(virtualPath, fs.mountPath); found {
- virtualPath = after
- }
+ virtualPath = strings.TrimPrefix(virtualPath, fs.mountPath)
}
- virtualPath = path.Clean("/" + virtualPath)
r := filepath.Clean(filepath.Join(fs.rootDir, virtualPath))
p, err := filepath.EvalSymlinks(r)
if isInvalidNameError(err) {
@@ -487,7 +475,7 @@ func (fs *OsFs) findNonexistentDirs(filePath string) ([]string, error) {
for fs.IsNotExist(err) {
results = append(results, parent)
parent = filepath.Dir(parent)
- if slices.Contains(results, parent) {
+ if util.Contains(results, parent) {
break
}
_, err = os.Stat(parent)
diff --git a/internal/vfs/s3fs.go b/internal/vfs/s3fs.go
index f0e9c093..b74d2877 100644
--- a/internal/vfs/s3fs.go
+++ b/internal/vfs/s3fs.go
@@ -13,16 +13,13 @@
// along with this program. If not, see .
//go:build !nos3
+// +build !nos3
package vfs
import (
- "bytes"
"context"
- "crypto/md5"
- "crypto/sha256"
"crypto/tls"
- "encoding/base64"
"errors"
"fmt"
"io"
@@ -33,7 +30,6 @@ import (
"os"
"path"
"path/filepath"
- "slices"
"sort"
"strings"
"sync"
@@ -45,9 +41,11 @@ import (
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/credentials"
"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
+ "github.com/aws/aws-sdk-go-v2/feature/s3/manager"
"github.com/aws/aws-sdk-go-v2/service/s3"
"github.com/aws/aws-sdk-go-v2/service/s3/types"
"github.com/aws/aws-sdk-go-v2/service/sts"
+ "github.com/eikenb/pipeat"
"github.com/pkg/sftp"
"github.com/drakkan/sftpgo/v2/internal/logger"
@@ -73,13 +71,10 @@ type S3Fs struct {
connectionID string
localTempDir string
// if not empty this fs is mouted as virtual folder in the specified path
- mountPath string
- config *S3FsConfig
- svc *s3.Client
- ctxTimeout time.Duration
- sseCustomerKey string
- sseCustomerKeyMD5 string
- sseCustomerAlgo string
+ mountPath string
+ config *S3FsConfig
+ svc *s3.Client
+ ctxTimeout time.Duration
}
func init() {
@@ -125,23 +120,6 @@ func NewS3Fs(connectionID, localTempDir, mountPath string, s3Config S3FsConfig)
fs.config.SessionToken),
)
}
- if !fs.config.SSECustomerKey.IsEmpty() {
- if err := fs.config.SSECustomerKey.TryDecrypt(); err != nil {
- return fs, err
- }
- key := fs.config.SSECustomerKey.GetPayload()
- if len(key) == 32 {
- md5sumBinary := md5.Sum([]byte(key))
- fs.sseCustomerKey = base64.StdEncoding.EncodeToString([]byte(key))
- fs.sseCustomerKeyMD5 = base64.StdEncoding.EncodeToString(md5sumBinary[:])
- } else {
- keyHash := sha256.Sum256([]byte(key))
- md5sumBinary := md5.Sum(keyHash[:])
- fs.sseCustomerKey = base64.StdEncoding.EncodeToString(keyHash[:])
- fs.sseCustomerKeyMD5 = base64.StdEncoding.EncodeToString(md5sumBinary[:])
- }
- fs.sseCustomerAlgo = "AES256"
- }
fs.setConfigDefaults()
@@ -153,8 +131,6 @@ func NewS3Fs(connectionID, localTempDir, mountPath string, s3Config S3FsConfig)
fs.svc = s3.NewFromConfig(awsConfig, func(o *s3.Options) {
o.AppID = version.GetVersionHash()
o.UsePathStyle = fs.config.ForcePathStyle
- o.RequestChecksumCalculation = aws.RequestChecksumCalculationWhenRequired
- o.ResponseChecksumValidation = aws.ResponseChecksumValidationWhenRequired
if fs.config.Endpoint != "" {
o.BaseEndpoint = aws.String(fs.config.Endpoint)
}
@@ -185,13 +161,12 @@ func (fs *S3Fs) Stat(name string) (os.FileInfo, error) {
if err == nil {
// Some S3 providers (like SeaweedFS) remove the trailing '/' from object keys.
// So we check some common content types to detect if this is a "directory".
- isDir := slices.Contains(s3DirMimeTypes, util.GetStringFromPointer(obj.ContentType))
+ isDir := util.Contains(s3DirMimeTypes, util.GetStringFromPointer(obj.ContentType))
if util.GetIntFromPointer(obj.ContentLength) == 0 && !isDir {
_, err = fs.headObject(name + "/")
isDir = err == nil
}
- info := NewFileInfo(name, isDir, util.GetIntFromPointer(obj.ContentLength), util.GetTimeFromPointer(obj.LastModified), false)
- return info, nil
+ return NewFileInfo(name, isDir, util.GetIntFromPointer(obj.ContentLength), util.GetTimeFromPointer(obj.LastModified), false), nil
}
if !fs.IsNotExist(err) {
return result, err
@@ -226,29 +201,50 @@ func (fs *S3Fs) Lstat(name string) (os.FileInfo, error) {
// Open opens the named file for reading
func (fs *S3Fs) Open(name string, offset int64) (File, PipeReader, func(), error) {
- attrs, err := fs.headObject(name)
- if err != nil {
- return nil, nil, nil, err
- }
- r, w, err := createPipeFn(fs.localTempDir, fs.config.DownloadPartSize*int64(fs.config.DownloadConcurrency)+1)
+ r, w, err := pipeat.PipeInDir(fs.localTempDir)
if err != nil {
return nil, nil, nil, err
}
p := NewPipeReader(r)
if readMetadata > 0 {
+ attrs, err := fs.headObject(name)
+ if err != nil {
+ r.Close()
+ w.Close()
+ return nil, nil, nil, err
+ }
p.setMetadata(attrs.Metadata)
}
+
ctx, cancelFn := context.WithCancel(context.Background())
+ downloader := manager.NewDownloader(fs.svc, func(d *manager.Downloader) {
+ d.Concurrency = fs.config.DownloadConcurrency
+ d.PartSize = fs.config.DownloadPartSize
+ if offset == 0 && fs.config.DownloadPartMaxTime > 0 {
+ d.ClientOptions = append(d.ClientOptions, func(o *s3.Options) {
+ o.HTTPClient = getAWSHTTPClient(fs.config.DownloadPartMaxTime, 100*time.Millisecond,
+ fs.config.SkipTLSVerify)
+ })
+ }
+ })
+
+ var streamRange *string
+ if offset > 0 {
+ streamRange = aws.String(fmt.Sprintf("bytes=%v-", offset))
+ }
go func() {
defer cancelFn()
- err := fs.handleDownload(ctx, name, offset, w, attrs)
+ n, err := downloader.Download(ctx, w, &s3.GetObjectInput{
+ Bucket: aws.String(fs.config.Bucket),
+ Key: aws.String(name),
+ Range: streamRange,
+ })
w.CloseWithError(err) //nolint:errcheck
- fsLog(fs, logger.LevelDebug, "download completed, path: %q size: %d, err: %+v", name, w.GetWrittenBytes(), err)
- metric.S3TransferCompleted(w.GetWrittenBytes(), 1, err)
+ fsLog(fs, logger.LevelDebug, "download completed, path: %q size: %v, err: %+v", name, n, err)
+ metric.S3TransferCompleted(n, 1, err)
}()
-
return nil, p, cancelFn, nil
}
@@ -260,7 +256,7 @@ func (fs *S3Fs) Create(name string, flag, checks int) (File, PipeWriter, func(),
return nil, nil, nil, err
}
}
- r, w, err := createPipeFn(fs.localTempDir, fs.config.UploadPartSize+1024*1024)
+ r, w, err := pipeat.PipeInDir(fs.localTempDir)
if err != nil {
return nil, nil, nil, err
}
@@ -271,6 +267,16 @@ func (fs *S3Fs) Create(name string, flag, checks int) (File, PipeWriter, func(),
p = NewPipeWriter(w)
}
ctx, cancelFn := context.WithCancel(context.Background())
+ uploader := manager.NewUploader(fs.svc, func(u *manager.Uploader) {
+ u.Concurrency = fs.config.UploadConcurrency
+ u.PartSize = fs.config.UploadPartSize
+ if fs.config.UploadPartMaxTime > 0 {
+ u.ClientOptions = append(u.ClientOptions, func(o *s3.Options) {
+ o.HTTPClient = getAWSHTTPClient(fs.config.UploadPartMaxTime, 100*time.Millisecond,
+ fs.config.SkipTLSVerify)
+ })
+ }
+ })
go func() {
defer cancelFn()
@@ -281,7 +287,14 @@ func (fs *S3Fs) Create(name string, flag, checks int) (File, PipeWriter, func(),
} else {
contentType = mime.TypeByExtension(path.Ext(name))
}
- err := fs.handleUpload(ctx, r, name, contentType)
+ _, err := uploader.Upload(ctx, &s3.PutObjectInput{
+ Bucket: aws.String(fs.config.Bucket),
+ Key: aws.String(name),
+ Body: r,
+ ACL: types.ObjectCannedACL(fs.config.ACL),
+ StorageClass: types.StorageClass(fs.config.StorageClass),
+ ContentType: util.NilIfEmpty(contentType),
+ })
r.CloseWithError(err) //nolint:errcheck
p.Done(err)
fsLog(fs, logger.LevelDebug, "upload completed, path: %q, acl: %q, readed bytes: %d, err: %+v",
@@ -316,21 +329,19 @@ func (fs *S3Fs) Create(name string, flag, checks int) (File, PipeWriter, func(),
}
// Rename renames (moves) source to target.
-func (fs *S3Fs) Rename(source, target string, checks int) (int, int64, error) {
+func (fs *S3Fs) Rename(source, target string) (int, int64, error) {
if source == target {
return -1, -1, nil
}
- if checks&CheckParentDir != 0 {
- _, err := fs.Stat(path.Dir(target))
- if err != nil {
- return -1, -1, err
- }
+ _, err := fs.Stat(path.Dir(target))
+ if err != nil {
+ return -1, -1, err
}
fi, err := fs.Stat(source)
if err != nil {
return -1, -1, err
}
- return fs.renameInternal(source, target, fi, 0, checks&CheckUpdateModTime != 0)
+ return fs.renameInternal(source, target, fi, 0)
}
// Remove removes the named file or (empty) directory.
@@ -611,18 +622,18 @@ func (*S3Fs) HasVirtualFolders() bool {
// ResolvePath returns the matching filesystem path for the specified virtual path
func (fs *S3Fs) ResolvePath(virtualPath string) (string, error) {
if fs.mountPath != "" {
- if after, found := strings.CutPrefix(virtualPath, fs.mountPath); found {
- virtualPath = after
- }
+ virtualPath = strings.TrimPrefix(virtualPath, fs.mountPath)
+ }
+ if !path.IsAbs(virtualPath) {
+ virtualPath = path.Clean("/" + virtualPath)
}
- virtualPath = path.Clean("/" + virtualPath)
return fs.Join(fs.config.KeyPrefix, strings.TrimPrefix(virtualPath, "/")), nil
}
// CopyFile implements the FsFileCopier interface
-func (fs *S3Fs) CopyFile(source, target string, srcInfo os.FileInfo) (int, int64, error) {
+func (fs *S3Fs) CopyFile(source, target string, srcSize int64) (int, int64, error) {
numFiles := 1
- sizeDiff := srcInfo.Size()
+ sizeDiff := srcSize
attrs, err := fs.headObject(target)
if err == nil {
sizeDiff -= util.GetIntFromPointer(attrs.ContentLength)
@@ -632,7 +643,7 @@ func (fs *S3Fs) CopyFile(source, target string, srcInfo os.FileInfo) (int, int64
return 0, 0, err
}
}
- if err := fs.copyFileInternal(source, target, srcInfo); err != nil {
+ if err := fs.copyFileInternal(source, target, srcSize); err != nil {
return 0, 0, err
}
return numFiles, sizeDiff, nil
@@ -648,73 +659,60 @@ func (fs *S3Fs) resolve(name *string, prefix string) (string, bool) {
}
func (fs *S3Fs) setConfigDefaults() {
- const defaultPartSize = 1024 * 1024 * 5
- const defaultConcurrency = 5
-
if fs.config.UploadPartSize == 0 {
- fs.config.UploadPartSize = defaultPartSize
+ fs.config.UploadPartSize = manager.DefaultUploadPartSize
} else {
if fs.config.UploadPartSize < 1024*1024 {
fs.config.UploadPartSize *= 1024 * 1024
}
}
if fs.config.UploadConcurrency == 0 {
- fs.config.UploadConcurrency = defaultConcurrency
+ fs.config.UploadConcurrency = manager.DefaultUploadConcurrency
}
if fs.config.DownloadPartSize == 0 {
- fs.config.DownloadPartSize = defaultPartSize
+ fs.config.DownloadPartSize = manager.DefaultDownloadPartSize
} else {
if fs.config.DownloadPartSize < 1024*1024 {
fs.config.DownloadPartSize *= 1024 * 1024
}
}
if fs.config.DownloadConcurrency == 0 {
- fs.config.DownloadConcurrency = defaultConcurrency
+ fs.config.DownloadConcurrency = manager.DefaultDownloadConcurrency
}
}
-func (fs *S3Fs) copyFileInternal(source, target string, srcInfo os.FileInfo) error {
+func (fs *S3Fs) copyFileInternal(source, target string, fileSize int64) error {
contentType := mime.TypeByExtension(path.Ext(source))
copySource := pathEscape(fs.Join(fs.config.Bucket, source))
- if srcInfo.Size() > s3CopyObjectThreshold {
+ if fileSize > s3CopyObjectThreshold {
fsLog(fs, logger.LevelDebug, "renaming file %q with size %d using multipart copy",
- source, srcInfo.Size())
- err := fs.doMultipartCopy(copySource, target, contentType, srcInfo.Size())
+ source, fileSize)
+ err := fs.doMultipartCopy(copySource, target, contentType, fileSize)
metric.S3CopyObjectCompleted(err)
return err
}
ctx, cancelFn := context.WithDeadline(context.Background(), time.Now().Add(fs.ctxTimeout))
defer cancelFn()
- copyObject := &s3.CopyObjectInput{
- Bucket: aws.String(fs.config.Bucket),
- CopySource: aws.String(copySource),
- Key: aws.String(target),
- StorageClass: types.StorageClass(fs.config.StorageClass),
- ACL: types.ObjectCannedACL(fs.config.ACL),
- ContentType: util.NilIfEmpty(contentType),
- CopySourceSSECustomerKey: util.NilIfEmpty(fs.sseCustomerKey),
- CopySourceSSECustomerAlgorithm: util.NilIfEmpty(fs.sseCustomerAlgo),
- CopySourceSSECustomerKeyMD5: util.NilIfEmpty(fs.sseCustomerKeyMD5),
- SSECustomerKey: util.NilIfEmpty(fs.sseCustomerKey),
- SSECustomerAlgorithm: util.NilIfEmpty(fs.sseCustomerAlgo),
- SSECustomerKeyMD5: util.NilIfEmpty(fs.sseCustomerKeyMD5),
- }
-
- _, err := fs.svc.CopyObject(ctx, copyObject)
+ _, err := fs.svc.CopyObject(ctx, &s3.CopyObjectInput{
+ Bucket: aws.String(fs.config.Bucket),
+ CopySource: aws.String(copySource),
+ Key: aws.String(target),
+ StorageClass: types.StorageClass(fs.config.StorageClass),
+ ACL: types.ObjectCannedACL(fs.config.ACL),
+ ContentType: util.NilIfEmpty(contentType),
+ })
metric.S3CopyObjectCompleted(err)
return err
}
-func (fs *S3Fs) renameInternal(source, target string, srcInfo os.FileInfo, recursion int,
- updateModTime bool,
-) (int, int64, error) {
+func (fs *S3Fs) renameInternal(source, target string, fi os.FileInfo, recursion int) (int, int64, error) {
var numFiles int
var filesSize int64
- if srcInfo.IsDir() {
+ if fi.IsDir() {
if renameMode == 0 {
hasContents, err := fs.hasContents(source)
if err != nil {
@@ -728,7 +726,7 @@ func (fs *S3Fs) renameInternal(source, target string, srcInfo os.FileInfo, recur
return numFiles, filesSize, err
}
if renameMode == 1 {
- files, size, err := doRecursiveRename(fs, source, target, fs.renameInternal, recursion, updateModTime)
+ files, size, err := doRecursiveRename(fs, source, target, fs.renameInternal, recursion)
numFiles += files
filesSize += size
if err != nil {
@@ -736,13 +734,13 @@ func (fs *S3Fs) renameInternal(source, target string, srcInfo os.FileInfo, recur
}
}
} else {
- if err := fs.copyFileInternal(source, target, srcInfo); err != nil {
+ if err := fs.copyFileInternal(source, target, fi.Size()); err != nil {
return numFiles, filesSize, err
}
numFiles++
- filesSize += srcInfo.Size()
+ filesSize += fi.Size()
}
- err := fs.Remove(source, srcInfo.IsDir())
+ err := fs.Remove(source, fi.IsDir())
if fs.IsNotExist(err) {
err = nil
}
@@ -793,340 +791,16 @@ func (fs *S3Fs) hasContents(name string) (bool, error) {
return false, nil
}
-func (fs *S3Fs) downloadPart(ctx context.Context, name string, buf []byte, w io.WriterAt, start, count, writeOffset int64) error {
- if count == 0 {
- return nil
- }
- rangeHeader := fmt.Sprintf("bytes=%d-%d", start, start+count-1)
-
- resp, err := fs.svc.GetObject(ctx, &s3.GetObjectInput{
- Bucket: aws.String(fs.config.Bucket),
- Key: aws.String(name),
- Range: &rangeHeader,
- SSECustomerKey: util.NilIfEmpty(fs.sseCustomerKey),
- SSECustomerAlgorithm: util.NilIfEmpty(fs.sseCustomerAlgo),
- SSECustomerKeyMD5: util.NilIfEmpty(fs.sseCustomerKeyMD5),
- })
- if err != nil {
- return err
- }
- defer resp.Body.Close()
-
- _, err = io.ReadAtLeast(resp.Body, buf, int(count))
- if err != nil {
- return err
- }
-
- return writeAtFull(w, buf, writeOffset, int(count))
-}
-
-func (fs *S3Fs) handleDownload(ctx context.Context, name string, offset int64, writer io.WriterAt, attrs *s3.HeadObjectOutput) error {
- contentLength := util.GetIntFromPointer(attrs.ContentLength)
- sizeToDownload := contentLength - offset
- if sizeToDownload < 0 {
- fsLog(fs, logger.LevelError, "invalid multipart download size or offset, size: %d, offset: %d, size to download: %d",
- contentLength, offset, sizeToDownload)
- return errors.New("the requested offset exceeds the file size")
- }
- if sizeToDownload == 0 {
- fsLog(fs, logger.LevelDebug, "nothing to download, offset %d, content length %d", offset, contentLength)
- return nil
- }
- partSize := fs.config.DownloadPartSize
- guard := make(chan struct{}, fs.config.DownloadConcurrency)
- var blockCtxTimeout time.Duration
- if fs.config.DownloadPartMaxTime > 0 {
- blockCtxTimeout = time.Duration(fs.config.DownloadPartMaxTime) * time.Second
- } else {
- blockCtxTimeout = time.Duration(fs.config.DownloadPartSize/(1024*1024)) * time.Minute
- }
- pool := newBufferAllocator(int(partSize))
- defer pool.free()
-
- finished := false
- var wg sync.WaitGroup
- var errOnce sync.Once
- var hasError atomic.Bool
- var poolError error
-
- poolCtx, poolCancel := context.WithCancel(ctx)
- defer poolCancel()
-
- for part := 0; !finished; part++ {
- start := offset
- end := offset + partSize
- if end >= contentLength {
- end = contentLength
- finished = true
- }
- writeOffset := int64(part) * partSize
- offset = end
-
- guard <- struct{}{}
- if hasError.Load() {
- fsLog(fs, logger.LevelDebug, "pool error, download for part %d not started", part)
- break
- }
-
- buf := pool.getBuffer()
- wg.Add(1)
- go func(start, end, writeOffset int64, buf []byte) {
- defer func() {
- pool.releaseBuffer(buf)
- <-guard
- wg.Done()
- }()
-
- innerCtx, cancelFn := context.WithDeadline(poolCtx, time.Now().Add(blockCtxTimeout))
- defer cancelFn()
-
- err := fs.downloadPart(innerCtx, name, buf, writer, start, end-start, writeOffset)
- if err != nil {
- errOnce.Do(func() {
- fsLog(fs, logger.LevelError, "multipart download error: %+v", err)
- hasError.Store(true)
- poolError = fmt.Errorf("multipart download error: %w", err)
- poolCancel()
- })
- }
- }(start, end, writeOffset, buf)
- }
-
- wg.Wait()
- close(guard)
-
- return poolError
-}
-
-func (fs *S3Fs) initiateMultipartUpload(ctx context.Context, name, contentType string) (string, error) {
- ctx, cancelFn := context.WithDeadline(ctx, time.Now().Add(fs.ctxTimeout))
- defer cancelFn()
-
- res, err := fs.svc.CreateMultipartUpload(ctx, &s3.CreateMultipartUploadInput{
- Bucket: aws.String(fs.config.Bucket),
- Key: aws.String(name),
- StorageClass: types.StorageClass(fs.config.StorageClass),
- ACL: types.ObjectCannedACL(fs.config.ACL),
- ContentType: util.NilIfEmpty(contentType),
- SSECustomerKey: util.NilIfEmpty(fs.sseCustomerKey),
- SSECustomerAlgorithm: util.NilIfEmpty(fs.sseCustomerAlgo),
- SSECustomerKeyMD5: util.NilIfEmpty(fs.sseCustomerKeyMD5),
- })
- if err != nil {
- return "", fmt.Errorf("unable to create multipart upload request: %w", err)
- }
- uploadID := util.GetStringFromPointer(res.UploadId)
- if uploadID == "" {
- return "", errors.New("unable to get multipart upload ID")
- }
- return uploadID, nil
-}
-
-func (fs *S3Fs) uploadPart(ctx context.Context, name, uploadID string, partNumber int32, data []byte) (*string, error) {
- timeout := time.Duration(fs.config.UploadPartSize/(1024*1024)) * time.Minute
- if fs.config.UploadPartMaxTime > 0 {
- timeout = time.Duration(fs.config.UploadPartMaxTime) * time.Second
- }
- ctx, cancelFn := context.WithDeadline(ctx, time.Now().Add(timeout))
- defer cancelFn()
-
- resp, err := fs.svc.UploadPart(ctx, &s3.UploadPartInput{
- Bucket: aws.String(fs.config.Bucket),
- Key: aws.String(name),
- PartNumber: &partNumber,
- UploadId: aws.String(uploadID),
- Body: bytes.NewReader(data),
- SSECustomerKey: util.NilIfEmpty(fs.sseCustomerKey),
- SSECustomerAlgorithm: util.NilIfEmpty(fs.sseCustomerAlgo),
- SSECustomerKeyMD5: util.NilIfEmpty(fs.sseCustomerKeyMD5),
- })
- if err != nil {
- return nil, fmt.Errorf("unable to upload part number %d: %w", partNumber, err)
- }
- return resp.ETag, nil
-}
-
-func (fs *S3Fs) completeMultipartUpload(ctx context.Context, name, uploadID string, completedParts []types.CompletedPart) error {
- ctx, cancelFn := context.WithDeadline(ctx, time.Now().Add(fs.ctxTimeout))
- defer cancelFn()
-
- _, err := fs.svc.CompleteMultipartUpload(ctx, &s3.CompleteMultipartUploadInput{
- Bucket: aws.String(fs.config.Bucket),
- Key: aws.String(name),
- UploadId: aws.String(uploadID),
- MultipartUpload: &types.CompletedMultipartUpload{
- Parts: completedParts,
- },
- })
- return err
-}
-
-func (fs *S3Fs) abortMultipartUpload(name, uploadID string) error {
- ctx, cancelFn := context.WithDeadline(context.Background(), time.Now().Add(fs.ctxTimeout))
- defer cancelFn()
-
- _, err := fs.svc.AbortMultipartUpload(ctx, &s3.AbortMultipartUploadInput{
- Bucket: aws.String(fs.config.Bucket),
- Key: aws.String(name),
- UploadId: aws.String(uploadID),
- })
- return err
-}
-
-func (fs *S3Fs) singlePartUpload(ctx context.Context, name, contentType string, data []byte) error {
- timeout := time.Duration(fs.config.UploadPartSize/(1024*1024)) * time.Minute
- if fs.config.UploadPartMaxTime > 0 {
- timeout = time.Duration(fs.config.UploadPartMaxTime) * time.Second
- }
- ctx, cancelFn := context.WithDeadline(ctx, time.Now().Add(timeout))
- defer cancelFn()
-
- contentLength := int64(len(data))
- _, err := fs.svc.PutObject(ctx, &s3.PutObjectInput{
- Bucket: aws.String(fs.config.Bucket),
- Key: aws.String(name),
- ACL: types.ObjectCannedACL(fs.config.ACL),
- Body: bytes.NewReader(data),
- ContentType: util.NilIfEmpty(contentType),
- ContentLength: &contentLength,
- SSECustomerKey: util.NilIfEmpty(fs.sseCustomerKey),
- SSECustomerAlgorithm: util.NilIfEmpty(fs.sseCustomerAlgo),
- SSECustomerKeyMD5: util.NilIfEmpty(fs.sseCustomerKeyMD5),
- StorageClass: types.StorageClass(fs.config.StorageClass),
- })
- return err
-}
-
-func (fs *S3Fs) handleUpload(ctx context.Context, reader io.Reader, name, contentType string) error {
- pool := newBufferAllocator(int(fs.config.UploadPartSize))
- defer pool.free()
-
- firstBuf := pool.getBuffer()
- firstReadSize, err := readFill(reader, firstBuf)
- if err == io.EOF {
- return fs.singlePartUpload(ctx, name, contentType, firstBuf[:firstReadSize])
- }
- if err != nil {
- return err
- }
-
- uploadID, err := fs.initiateMultipartUpload(ctx, name, contentType)
- if err != nil {
- return err
- }
- guard := make(chan struct{}, fs.config.UploadConcurrency)
- finished := false
- var partMutex sync.Mutex
- var completedParts []types.CompletedPart
- var wg sync.WaitGroup
- var hasError atomic.Bool
- var poolErr error
- var errOnce sync.Once
- var partNumber int32
-
- poolCtx, poolCancel := context.WithCancel(ctx)
- defer poolCancel()
-
- finalizeFailedUpload := func(err error) {
- fsLog(fs, logger.LevelError, "finalize failed multipart upload after error: %v", err)
- hasError.Store(true)
- poolErr = err
- poolCancel()
- if abortErr := fs.abortMultipartUpload(name, uploadID); abortErr != nil {
- fsLog(fs, logger.LevelError, "unable to abort multipart upload: %+v", abortErr)
- }
- }
-
- uploadPart := func(partNum int32, buf []byte, bytesRead int) {
- defer func() {
- pool.releaseBuffer(buf)
- <-guard
- wg.Done()
- }()
-
- etag, err := fs.uploadPart(poolCtx, name, uploadID, partNum, buf[:bytesRead])
- if err != nil {
- errOnce.Do(func() {
- finalizeFailedUpload(err)
- })
- return
- }
- partMutex.Lock()
- completedParts = append(completedParts, types.CompletedPart{
- PartNumber: &partNum,
- ETag: etag,
- })
- partMutex.Unlock()
- }
-
- partNumber = 1
- guard <- struct{}{}
-
- wg.Add(1)
- go uploadPart(partNumber, firstBuf, firstReadSize)
-
- for partNumber = 2; !finished; partNumber++ {
- buf := pool.getBuffer()
-
- n, err := readFill(reader, buf)
- if err == io.EOF {
- if n == 0 {
- pool.releaseBuffer(buf)
- break
- }
- finished = true
- } else if err != nil {
- pool.releaseBuffer(buf)
- errOnce.Do(func() {
- finalizeFailedUpload(err)
- })
- break
- }
- guard <- struct{}{}
- if hasError.Load() {
- fsLog(fs, logger.LevelError, "pool error, upload for part %d not started", partNumber)
- pool.releaseBuffer(buf)
- break
- }
-
- wg.Add(1)
- go uploadPart(partNumber, buf, n)
- }
-
- wg.Wait()
- close(guard)
-
- if poolErr != nil {
- return poolErr
- }
-
- sort.Slice(completedParts, func(i, j int) bool {
- getPartNumber := func(number *int32) int32 {
- if number == nil {
- return 0
- }
- return *number
- }
-
- return getPartNumber(completedParts[i].PartNumber) < getPartNumber(completedParts[j].PartNumber)
- })
-
- return fs.completeMultipartUpload(ctx, name, uploadID, completedParts)
-}
-
func (fs *S3Fs) doMultipartCopy(source, target, contentType string, fileSize int64) error {
ctx, cancelFn := context.WithDeadline(context.Background(), time.Now().Add(fs.ctxTimeout))
defer cancelFn()
res, err := fs.svc.CreateMultipartUpload(ctx, &s3.CreateMultipartUploadInput{
- Bucket: aws.String(fs.config.Bucket),
- Key: aws.String(target),
- StorageClass: types.StorageClass(fs.config.StorageClass),
- ACL: types.ObjectCannedACL(fs.config.ACL),
- ContentType: util.NilIfEmpty(contentType),
- SSECustomerKey: util.NilIfEmpty(fs.sseCustomerKey),
- SSECustomerAlgorithm: util.NilIfEmpty(fs.sseCustomerAlgo),
- SSECustomerKeyMD5: util.NilIfEmpty(fs.sseCustomerKeyMD5),
+ Bucket: aws.String(fs.config.Bucket),
+ Key: aws.String(target),
+ StorageClass: types.StorageClass(fs.config.StorageClass),
+ ACL: types.ObjectCannedACL(fs.config.ACL),
+ ContentType: util.NilIfEmpty(contentType),
})
if err != nil {
return fmt.Errorf("unable to create multipart copy request: %w", err)
@@ -1181,18 +855,12 @@ func (fs *S3Fs) doMultipartCopy(source, target, contentType string, fileSize int
defer innerCancelFn()
partResp, err := fs.svc.UploadPartCopy(innerCtx, &s3.UploadPartCopyInput{
- Bucket: aws.String(fs.config.Bucket),
- CopySource: aws.String(source),
- Key: aws.String(target),
- PartNumber: &partNum,
- UploadId: aws.String(uploadID),
- CopySourceRange: aws.String(fmt.Sprintf("bytes=%d-%d", partStart, partEnd-1)),
- CopySourceSSECustomerKey: util.NilIfEmpty(fs.sseCustomerKey),
- CopySourceSSECustomerAlgorithm: util.NilIfEmpty(fs.sseCustomerAlgo),
- CopySourceSSECustomerKeyMD5: util.NilIfEmpty(fs.sseCustomerKeyMD5),
- SSECustomerKey: util.NilIfEmpty(fs.sseCustomerKey),
- SSECustomerAlgorithm: util.NilIfEmpty(fs.sseCustomerAlgo),
- SSECustomerKeyMD5: util.NilIfEmpty(fs.sseCustomerKeyMD5),
+ Bucket: aws.String(fs.config.Bucket),
+ CopySource: aws.String(source),
+ Key: aws.String(target),
+ PartNumber: &partNum,
+ UploadId: aws.String(uploadID),
+ CopySourceRange: aws.String(fmt.Sprintf("bytes=%d-%d", partStart, partEnd-1)),
})
if err != nil {
errOnce.Do(func() {
@@ -1201,7 +869,15 @@ func (fs *S3Fs) doMultipartCopy(source, target, contentType string, fileSize int
copyError = fmt.Errorf("error copying part number %d: %w", partNum, err)
opCancel()
- if errAbort := fs.abortMultipartUpload(target, uploadID); errAbort != nil {
+ abortCtx, abortCancelFn := context.WithDeadline(context.Background(), time.Now().Add(fs.ctxTimeout))
+ defer abortCancelFn()
+
+ _, errAbort := fs.svc.AbortMultipartUpload(abortCtx, &s3.AbortMultipartUploadInput{
+ Bucket: aws.String(fs.config.Bucket),
+ Key: aws.String(target),
+ UploadId: aws.String(uploadID),
+ })
+ if errAbort != nil {
fsLog(fs, logger.LevelError, "unable to abort multipart copy: %+v", errAbort)
}
})
@@ -1267,11 +943,8 @@ func (fs *S3Fs) headObject(name string) (*s3.HeadObjectOutput, error) {
defer cancelFn()
obj, err := fs.svc.HeadObject(ctx, &s3.HeadObjectInput{
- Bucket: aws.String(fs.config.Bucket),
- Key: aws.String(name),
- SSECustomerKey: util.NilIfEmpty(fs.sseCustomerKey),
- SSECustomerAlgorithm: util.NilIfEmpty(fs.sseCustomerAlgo),
- SSECustomerKeyMD5: util.NilIfEmpty(fs.sseCustomerKeyMD5),
+ Bucket: aws.String(fs.config.Bucket),
+ Key: aws.String(name),
})
metric.S3HeadObjectCompleted(err)
return obj, err
@@ -1298,18 +971,28 @@ func (*S3Fs) GetAvailableDiskSize(_ string) (*sftp.StatVFS, error) {
func (fs *S3Fs) downloadToWriter(name string, w PipeWriter) (int64, error) {
fsLog(fs, logger.LevelDebug, "starting download before resuming upload, path %q", name)
- attrs, err := fs.headObject(name)
- if err != nil {
- return 0, err
- }
ctx, cancelFn := context.WithTimeout(context.Background(), preResumeTimeout)
defer cancelFn()
- err = fs.handleDownload(ctx, name, 0, w, attrs)
+ downloader := manager.NewDownloader(fs.svc, func(d *manager.Downloader) {
+ d.Concurrency = fs.config.DownloadConcurrency
+ d.PartSize = fs.config.DownloadPartSize
+ if fs.config.DownloadPartMaxTime > 0 {
+ d.ClientOptions = append(d.ClientOptions, func(o *s3.Options) {
+ o.HTTPClient = getAWSHTTPClient(fs.config.DownloadPartMaxTime, 100*time.Millisecond,
+ fs.config.SkipTLSVerify)
+ })
+ }
+ })
+
+ n, err := downloader.Download(ctx, w, &s3.GetObjectInput{
+ Bucket: aws.String(fs.config.Bucket),
+ Key: aws.String(name),
+ })
fsLog(fs, logger.LevelDebug, "download before resuming upload completed, path %q size: %d, err: %+v",
- name, w.GetWrittenBytes(), err)
- metric.S3TransferCompleted(w.GetWrittenBytes(), 1, err)
- return w.GetWrittenBytes(), err
+ name, n, err)
+ metric.S3TransferCompleted(n, 1, err)
+ return n, err
}
type s3DirLister struct {
diff --git a/internal/vfs/s3fs_disabled.go b/internal/vfs/s3fs_disabled.go
index 5c1f1b53..8f71384a 100644
--- a/internal/vfs/s3fs_disabled.go
+++ b/internal/vfs/s3fs_disabled.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build nos3
+// +build nos3
package vfs
diff --git a/internal/vfs/sftpfs.go b/internal/vfs/sftpfs.go
index 2f263dd3..869c315e 100644
--- a/internal/vfs/sftpfs.go
+++ b/internal/vfs/sftpfs.go
@@ -18,10 +18,9 @@ import (
"bufio"
"bytes"
"crypto/rsa"
- "crypto/sha256"
- "encoding/hex"
"errors"
"fmt"
+ "hash/fnv"
"io"
"io/fs"
"net"
@@ -29,13 +28,13 @@ import (
"os"
"path"
"path/filepath"
- "slices"
"strconv"
"strings"
"sync"
"sync/atomic"
"time"
+ "github.com/eikenb/pipeat"
"github.com/pkg/sftp"
"github.com/robfig/cron/v3"
"github.com/rs/xid"
@@ -70,17 +69,6 @@ type SFTPFsConfig struct {
forbiddenSelfUsernames []string `json:"-"`
}
-func (c *SFTPFsConfig) getKeySigner() (ssh.Signer, error) {
- privPayload := c.PrivateKey.GetPayload()
- if privPayload == "" {
- return nil, nil
- }
- if key := c.KeyPassphrase.GetPayload(); key != "" {
- return ssh.ParsePrivateKeyWithPassphrase([]byte(privPayload), []byte(key))
- }
- return ssh.ParsePrivateKey([]byte(privPayload))
-}
-
// HideConfidentialData hides confidential data
func (c *SFTPFsConfig) HideConfidentialData() {
if c.Password != nil {
@@ -126,7 +114,7 @@ func (c *SFTPFsConfig) isEqual(other SFTPFsConfig) bool {
return false
}
for _, fp := range c.Fingerprints {
- if !slices.Contains(other.Fingerprints, fp) {
+ if !util.Contains(other.Fingerprints, fp) {
return false
}
}
@@ -197,20 +185,25 @@ func (c *SFTPFsConfig) validate() error {
func (c *SFTPFsConfig) validatePrivateKey() error {
if c.PrivateKey.IsPlain() {
- signer, err := c.getKeySigner()
+ var signer ssh.Signer
+ var err error
+ if c.KeyPassphrase.IsPlain() {
+ signer, err = ssh.ParsePrivateKeyWithPassphrase([]byte(c.PrivateKey.GetPayload()),
+ []byte(c.KeyPassphrase.GetPayload()))
+ } else {
+ signer, err = ssh.ParsePrivateKey([]byte(c.PrivateKey.GetPayload()))
+ }
if err != nil {
return util.NewI18nError(fmt.Errorf("invalid private key: %w", err), util.I18nErrorPrivKeyInvalid)
}
- if signer != nil {
- if key, ok := signer.PublicKey().(ssh.CryptoPublicKey); ok {
- cryptoKey := key.CryptoPublicKey()
- if rsaKey, ok := cryptoKey.(*rsa.PublicKey); ok {
- if size := rsaKey.N.BitLen(); size < 2048 {
- return util.NewI18nError(
- fmt.Errorf("rsa key with size %d not accepted, minimum 2048", size),
- util.I18nErrorKeySizeInvalid,
- )
- }
+ if key, ok := signer.PublicKey().(ssh.CryptoPublicKey); ok {
+ cryptoKey := key.CryptoPublicKey()
+ if rsaKey, ok := cryptoKey.(*rsa.PublicKey); ok {
+ if size := rsaKey.N.BitLen(); size < 2048 {
+ return util.NewI18nError(
+ fmt.Errorf("rsa key with size %d not accepted, minimum 2048", size),
+ util.I18nErrorKeySizeInvalid,
+ )
}
}
}
@@ -284,8 +277,8 @@ func (c *SFTPFsConfig) ValidateAndEncryptCredentials(additionalData string) erro
}
// getUniqueID returns an hash of the settings used to connect to the SFTP server
-func (c *SFTPFsConfig) getUniqueID(partition int) string {
- h := sha256.New()
+func (c *SFTPFsConfig) getUniqueID(partition int) uint64 {
+ h := fnv.New64a()
var b bytes.Buffer
b.WriteString(c.Endpoint)
@@ -302,7 +295,7 @@ func (c *SFTPFsConfig) getUniqueID(partition int) string {
b.WriteString(strconv.Itoa(partition))
h.Write(b.Bytes())
- return hex.EncodeToString(h.Sum(nil))
+ return h.Sum64()
}
// SFTPFs is a Fs implementation for SFTP backends
@@ -338,19 +331,15 @@ func NewSFTPFs(connectionID, mountPath, localTempDir string, forbiddenSelfUserna
return nil, err
}
}
- conn, err := sftpConnsCache.Get(&config, connectionID)
- if err != nil {
- return nil, err
- }
config.forbiddenSelfUsernames = forbiddenSelfUsernames
sftpFs := &SFTPFs{
connectionID: connectionID,
mountPath: getMountPath(mountPath),
localTempDir: localTempDir,
config: &config,
- conn: conn,
+ conn: sftpConnsCache.Get(&config, connectionID),
}
- err = sftpFs.createConnection()
+ err := sftpFs.createConnection()
if err != nil {
sftpFs.Close() //nolint:errcheck
}
@@ -405,7 +394,7 @@ func (fs *SFTPFs) Open(name string, offset int64) (File, PipeReader, func(), err
if fs.config.BufferSize == 0 {
return f, nil, nil, nil
}
- r, w, err := createPipeFn(fs.localTempDir, 0)
+ r, w, err := pipeat.PipeInDir(fs.localTempDir)
if err != nil {
f.Close()
return nil, nil, nil, err
@@ -445,7 +434,7 @@ func (fs *SFTPFs) Create(name string, flag, _ int) (File, PipeWriter, func(), er
if err != nil {
return nil, nil, nil, err
}
- r, w, err := createPipeFn(fs.localTempDir, 0)
+ r, w, err := pipeat.PipeInDir(fs.localTempDir)
if err != nil {
f.Close()
return nil, nil, nil, err
@@ -479,7 +468,7 @@ func (fs *SFTPFs) Create(name string, flag, _ int) (File, PipeWriter, func(), er
}
// Rename renames (moves) source to target.
-func (fs *SFTPFs) Rename(source, target string, checks int) (int, int64, error) {
+func (fs *SFTPFs) Rename(source, target string) (int, int64, error) {
if source == target {
return -1, -1, nil
}
@@ -489,15 +478,9 @@ func (fs *SFTPFs) Rename(source, target string, checks int) (int, int64, error)
}
if _, ok := client.HasExtension("posix-rename@openssh.com"); ok {
err := client.PosixRename(source, target)
- if checks&CheckUpdateModTime != 0 && err == nil {
- fs.Chtimes(target, time.Now(), time.Now(), false) //nolint:errcheck
- }
return -1, -1, err
}
err = client.Rename(source, target)
- if checks&CheckUpdateModTime != 0 && err == nil {
- fs.Chtimes(target, time.Now(), time.Now(), false) //nolint:errcheck
- }
return -1, -1, err
}
@@ -541,7 +524,7 @@ func (fs *SFTPFs) Readlink(name string) (string, error) {
if err != nil {
return resolved, err
}
- resolved = path.Clean(strings.ReplaceAll(resolved, "\\", "/"))
+ resolved = path.Clean(resolved)
if !path.IsAbs(resolved) {
// we assume that multiple links are not followed
resolved = path.Join(path.Dir(name), resolved)
@@ -683,23 +666,13 @@ func (fs *SFTPFs) GetRelativePath(name string) string {
rel = ""
}
if !path.IsAbs(rel) {
- // If we have a relative path we assume it is already relative to the virtual root
- rel = "/" + rel
- } else if fs.config.Prefix != "/" {
- prefixDir := fs.config.Prefix
- if !strings.HasSuffix(prefixDir, "/") {
- prefixDir += "/"
- }
-
- if rel == fs.config.Prefix {
- rel = "/"
- } else if after, found := strings.CutPrefix(rel, prefixDir); found {
- rel = path.Clean("/" + after)
- } else {
- // Absolute path outside of the configured prefix
- fsLog(fs, logger.LevelWarn, "path %q is an absolute path outside %q", name, fs.config.Prefix)
+ return "/" + rel
+ }
+ if fs.config.Prefix != "/" {
+ if !strings.HasPrefix(rel, fs.config.Prefix) {
rel = "/"
}
+ rel = path.Clean("/" + strings.TrimPrefix(rel, fs.config.Prefix))
}
if fs.mountPath != "" {
rel = path.Join(fs.mountPath, rel)
@@ -741,11 +714,11 @@ func (*SFTPFs) HasVirtualFolders() bool {
// ResolvePath returns the matching filesystem path for the specified virtual path
func (fs *SFTPFs) ResolvePath(virtualPath string) (string, error) {
if fs.mountPath != "" {
- if after, found := strings.CutPrefix(virtualPath, fs.mountPath); found {
- virtualPath = after
- }
+ virtualPath = strings.TrimPrefix(virtualPath, fs.mountPath)
+ }
+ if !path.IsAbs(virtualPath) {
+ virtualPath = path.Clean("/" + virtualPath)
}
- virtualPath = path.Clean("/" + virtualPath)
fsPath := fs.Join(fs.config.Prefix, virtualPath)
if fs.config.Prefix != "/" && fsPath != "/" {
// we need to check if this path is a symlink outside the given prefix
@@ -792,7 +765,6 @@ func (fs *SFTPFs) RealPath(p string) (string, error) {
if err != nil {
return "", err
}
- resolved = path.Clean(strings.ReplaceAll(resolved, "\\", "/"))
if fs.config.Prefix != "/" {
if err := fs.isSubDir(resolved); err != nil {
fsLog(fs, logger.LevelError, "Invalid real path resolution, original path %q resolved %q err: %v",
@@ -822,7 +794,6 @@ func (fs *SFTPFs) getRealPath(name string) (string, error) {
if err != nil {
return name, fmt.Errorf("unable to resolve link to %q: %w", name, err)
}
- resolvedLink = strings.ReplaceAll(resolvedLink, "\\", "/")
resolvedLink = path.Clean(resolvedLink)
if path.IsAbs(resolvedLink) {
name = resolvedLink
@@ -939,7 +910,6 @@ type sftpConnection struct {
isConnected bool
sessions map[string]bool
lastActivity time.Time
- signer ssh.Signer
}
func newSFTPConnection(config *SFTPFsConfig, sessionID string) *sftpConnection {
@@ -949,7 +919,6 @@ func newSFTPConnection(config *SFTPFsConfig, sessionID string) *sftpConnection {
isConnected: false,
sessions: map[string]bool{},
lastActivity: time.Now().UTC(),
- signer: nil,
}
c.sessions[sessionID] = true
return c
@@ -962,6 +931,17 @@ func (c *sftpConnection) OpenConnection() error {
return c.openConnNoLock()
}
+func (c *sftpConnection) getKeySigner() (ssh.Signer, error) {
+ privPayload := c.config.PrivateKey.GetPayload()
+ if privPayload == "" {
+ return nil, nil
+ }
+ if key := c.config.KeyPassphrase.GetPayload(); key != "" {
+ return ssh.ParsePrivateKeyWithPassphrase([]byte(privPayload), []byte(key))
+ }
+ return ssh.ParsePrivateKey([]byte(privPayload))
+}
+
func (c *sftpConnection) openConnNoLock() error {
if c.isConnected {
logger.Debug(c.logSender, "", "reusing connection")
@@ -973,12 +953,12 @@ func (c *sftpConnection) openConnNoLock() error {
User: c.config.Username,
HostKeyCallback: func(_ string, _ net.Addr, key ssh.PublicKey) error {
fp := ssh.FingerprintSHA256(key)
- if slices.Contains(sftpFingerprints, fp) {
+ if util.Contains(sftpFingerprints, fp) {
if allowSelfConnections == 0 {
logger.Log(logger.LevelError, c.logSender, "", "SFTP self connections not allowed")
return ErrSFTPLoop
}
- if slices.Contains(c.config.forbiddenSelfUsernames, c.config.Username) {
+ if util.Contains(c.config.forbiddenSelfUsernames, c.config.Username) {
logger.Log(logger.LevelError, c.logSender, "",
"SFTP loop or nested local SFTP folders detected, username %q, forbidden usernames: %+v",
c.config.Username, c.config.forbiddenSelfUsernames)
@@ -999,8 +979,12 @@ func (c *sftpConnection) openConnNoLock() error {
Timeout: 15 * time.Second,
ClientVersion: fmt.Sprintf("SSH-2.0-%s", version.GetServerVersion("_", false)),
}
- if c.signer != nil {
- clientConfig.Auth = append(clientConfig.Auth, ssh.PublicKeys(c.signer))
+ signer, err := c.getKeySigner()
+ if err != nil {
+ return fmt.Errorf("sftpfs: unable to parse the private key: %w", err)
+ }
+ if signer != nil {
+ clientConfig.Auth = append(clientConfig.Auth, ssh.PublicKeys(signer))
}
if pwd := c.config.Password.GetPayload(); pwd != "" {
clientConfig.Auth = append(clientConfig.Auth, ssh.Password(pwd))
@@ -1008,7 +992,8 @@ func (c *sftpConnection) openConnNoLock() error {
supportedAlgos := ssh.SupportedAlgorithms()
insecureAlgos := ssh.InsecureAlgorithms()
// add all available ciphers, KEXs and MACs, they are negotiated according to the order
- clientConfig.Ciphers = append(supportedAlgos.Ciphers, ssh.InsecureCipherAES128CBC)
+ clientConfig.Ciphers = append(supportedAlgos.Ciphers, ssh.InsecureCipherAES128CBC,
+ ssh.InsecureCipherAES192CBC, ssh.InsecureCipherAES256CBC)
clientConfig.KeyExchanges = append(supportedAlgos.KeyExchanges, insecureAlgos.KeyExchanges...)
clientConfig.MACs = append(supportedAlgos.MACs, insecureAlgos.MACs...)
sshClient, err := ssh.Dial("tcp", c.config.Endpoint, clientConfig)
@@ -1156,14 +1141,14 @@ func (c *sftpConnection) GetLastActivity() time.Time {
type sftpConnectionsCache struct {
scheduler *cron.Cron
- sync.Mutex
- items map[string]*sftpConnection
+ sync.RWMutex
+ items map[uint64]*sftpConnection
}
func newSFTPConnectionCache() *sftpConnectionsCache {
c := &sftpConnectionsCache{
scheduler: cron.New(cron.WithLocation(time.UTC), cron.WithLogger(cron.DiscardLogger)),
- items: make(map[string]*sftpConnection),
+ items: make(map[uint64]*sftpConnection),
}
_, err := c.scheduler.AddFunc("@every 1m", c.Cleanup)
util.PanicOnError(err)
@@ -1171,62 +1156,65 @@ func newSFTPConnectionCache() *sftpConnectionsCache {
return c
}
-func (c *sftpConnectionsCache) Get(config *SFTPFsConfig, sessionID string) (*sftpConnection, error) {
+func (c *sftpConnectionsCache) Get(config *SFTPFsConfig, sessionID string) *sftpConnection {
partition := 0
key := config.getUniqueID(partition)
c.Lock()
defer c.Unlock()
+ var oldKey uint64
for {
if val, ok := c.items[key]; ok {
activeSessions := val.ActiveSessions()
- if activeSessions < maxSessionsPerConnection {
+ if activeSessions < maxSessionsPerConnection || key == oldKey {
logger.Debug(logSenderSFTPCache, "",
- "reusing connection for session ID %q, key %s, active sessions %d, active connections: %d",
+ "reusing connection for session ID %q, key: %d, active sessions %d, active connections: %d",
sessionID, key, activeSessions+1, len(c.items))
val.AddSession(sessionID)
- return val, nil
+ return val
}
partition++
+ oldKey = key
key = config.getUniqueID(partition)
logger.Debug(logSenderSFTPCache, "",
- "connection full, generated new key for partition: %d, active sessions: %d, key: %s",
- partition, activeSessions, key)
+ "connection full, generated new key for partition: %d, active sessions: %d, key: %d, old key: %d",
+ partition, activeSessions, oldKey, key)
} else {
conn := newSFTPConnection(config, sessionID)
- signer, err := config.getKeySigner()
- if err != nil {
- return nil, fmt.Errorf("sftpfs: unable to parse the private key: %w", err)
- }
- conn.signer = signer
c.items[key] = conn
logger.Debug(logSenderSFTPCache, "",
- "adding new connection for session ID %q, partition: %d, key: %s, active connections: %d",
+ "adding new connection for session ID %q, partition: %d, key: %d, active connections: %d",
sessionID, partition, key, len(c.items))
- return conn, nil
+ return conn
}
}
}
+func (c *sftpConnectionsCache) Remove(key uint64) {
+ c.Lock()
+ defer c.Unlock()
+
+ if conn, ok := c.items[key]; ok {
+ delete(c.items, key)
+ logger.Debug(logSenderSFTPCache, "", "removed connection with key %d, active connections: %d", key, len(c.items))
+
+ defer conn.Close()
+ }
+}
+
func (c *sftpConnectionsCache) Cleanup() {
- c.Lock()
-
- var connectionsToClose []*sftpConnection
+ c.RLock()
for k, conn := range c.items {
if val := conn.GetLastActivity(); val.Before(time.Now().Add(-30 * time.Second)) {
- delete(c.items, k)
- logger.Debug(logSenderSFTPCache, "", "removed connection with key %s, last activity %s, active connections: %d",
- k, val, len(c.items))
- connectionsToClose = append(connectionsToClose, conn)
+ logger.Debug(conn.logSender, "", "removing inactive connection, last activity %s", val)
+
+ defer func(key uint64) {
+ c.Remove(key)
+ }(k)
}
}
- c.Unlock()
-
- for _, conn := range connectionsToClose {
- err := conn.Close()
- logger.Debug(logSenderSFTPCache, "", "connection closed, err: %v", err)
- }
+ c.RUnlock()
}
diff --git a/internal/vfs/statvfs_fallback.go b/internal/vfs/statvfs_fallback.go
index 19d8e2c3..f857ffbe 100644
--- a/internal/vfs/statvfs_fallback.go
+++ b/internal/vfs/statvfs_fallback.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build !darwin && !linux && !freebsd
+// +build !darwin,!linux,!freebsd
package vfs
diff --git a/internal/vfs/statvfs_linux.go b/internal/vfs/statvfs_linux.go
index 772265fc..03b71459 100644
--- a/internal/vfs/statvfs_linux.go
+++ b/internal/vfs/statvfs_linux.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build linux
+// +build linux
package vfs
diff --git a/internal/vfs/statvfs_unix.go b/internal/vfs/statvfs_unix.go
index 53f43202..26482b1a 100644
--- a/internal/vfs/statvfs_unix.go
+++ b/internal/vfs/statvfs_unix.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build freebsd || darwin
+// +build freebsd darwin
package vfs
diff --git a/internal/vfs/sys_unix.go b/internal/vfs/sys_unix.go
index 427792f8..e2e01e13 100644
--- a/internal/vfs/sys_unix.go
+++ b/internal/vfs/sys_unix.go
@@ -13,6 +13,7 @@
// along with this program. If not, see .
//go:build !windows
+// +build !windows
package vfs
diff --git a/internal/vfs/vfs.go b/internal/vfs/vfs.go
index 6f883e6a..b8edcb34 100644
--- a/internal/vfs/vfs.go
+++ b/internal/vfs/vfs.go
@@ -16,7 +16,6 @@
package vfs
import (
- "bytes"
"errors"
"fmt"
"io"
@@ -25,7 +24,6 @@ import (
"path"
"path/filepath"
"runtime"
- "slices"
"strconv"
"strings"
"sync"
@@ -53,9 +51,8 @@ const (
// Additional checks for files
const (
- CheckParentDir = 1
- CheckResume = 2
- CheckUpdateModTime = 4
+ CheckParentDir = 1
+ CheckResume = 2
)
var (
@@ -74,12 +71,6 @@ var (
uploadMode int
)
-var (
- createPipeFn = func(dirPath string, _ int64) (pipeReaderAt, pipeWriterAt, error) {
- return pipeat.PipeInDir(dirPath)
- }
-)
-
// SetAllowSelfConnections sets the desired behaviour for self connections
func SetAllowSelfConnections(value int) {
allowSelfConnections = value
@@ -129,7 +120,7 @@ type Fs interface {
Lstat(name string) (os.FileInfo, error)
Open(name string, offset int64) (File, PipeReader, func(), error)
Create(name string, flag, checks int) (File, PipeWriter, func(), error)
- Rename(source, target string, checks int) (int, int64, error)
+ Rename(source, target string) (int, int64, error)
Remove(name string, isDir bool) error
Mkdir(name string) error
Symlink(source, target string) error
@@ -168,7 +159,7 @@ type FsRealPather interface {
// FsFileCopier is a Fs that implements the CopyFile method.
type FsFileCopier interface {
Fs
- CopyFile(source, target string, srcInfo os.FileInfo) (int, int64, error)
+ CopyFile(source, target string, srcSize int64) (int, int64, error)
}
// File defines an interface representing a SFTPGo file
@@ -203,22 +194,6 @@ type PipeReader interface {
Metadata() map[string]string
}
-type pipeReaderAt interface {
- Read(p []byte) (int, error)
- ReadAt(p []byte, offset int64) (int, error)
- GetReadedBytes() int64
- Close() error
- CloseWithError(err error) error
-}
-
-type pipeWriterAt interface {
- Write(p []byte) (int, error)
- WriteAt(p []byte, offset int64) (int, error)
- GetWrittenBytes() int64
- Close() error
- CloseWithError(err error) error
-}
-
// DirLister defines an interface for a directory lister
type DirLister interface {
Next(limit int) ([]os.FileInfo, error)
@@ -290,8 +265,7 @@ func (q *QuotaCheckResult) GetRemainingFiles() int {
// S3FsConfig defines the configuration for S3 based filesystem
type S3FsConfig struct {
sdk.BaseS3FsConfig
- AccessSecret *kms.Secret `json:"access_secret,omitempty"`
- SSECustomerKey *kms.Secret `json:"sse_customer_key,omitempty"`
+ AccessSecret *kms.Secret `json:"access_secret,omitempty"`
}
// HideConfidentialData hides confidential data
@@ -299,9 +273,6 @@ func (c *S3FsConfig) HideConfidentialData() {
if c.AccessSecret != nil {
c.AccessSecret.Hide()
}
- if c.SSECustomerKey != nil {
- c.SSECustomerKey.Hide()
- }
}
func (c *S3FsConfig) isEqual(other S3FsConfig) bool {
@@ -364,15 +335,6 @@ func (c *S3FsConfig) areMultipartFieldsEqual(other S3FsConfig) bool {
}
func (c *S3FsConfig) isSecretEqual(other S3FsConfig) bool {
- if c.SSECustomerKey == nil {
- c.SSECustomerKey = kms.NewEmptySecret()
- }
- if other.SSECustomerKey == nil {
- other.SSECustomerKey = kms.NewEmptySecret()
- }
- if !c.SSECustomerKey.IsEqual(other.SSECustomerKey) {
- return false
- }
if c.AccessSecret == nil {
c.AccessSecret = kms.NewEmptySecret()
}
@@ -401,12 +363,6 @@ func (c *S3FsConfig) checkCredentials() error {
if !c.AccessSecret.IsEmpty() && !c.AccessSecret.IsValidInput() {
return errors.New("invalid access_secret")
}
- if c.SSECustomerKey.IsEncrypted() && !c.SSECustomerKey.IsValid() {
- return errors.New("invalid encrypted sse_customer_key")
- }
- if !c.SSECustomerKey.IsEmpty() && !c.SSECustomerKey.IsValidInput() {
- return errors.New("invalid sse_customer_key")
- }
return nil
}
@@ -430,23 +386,13 @@ func (c *S3FsConfig) ValidateAndEncryptCredentials(additionalData string) error
)
}
}
- if c.SSECustomerKey.IsPlain() {
- c.SSECustomerKey.SetAdditionalData(additionalData)
- err := c.SSECustomerKey.Encrypt()
- if err != nil {
- return util.NewI18nError(
- util.NewValidationError(fmt.Sprintf("could not encrypt s3 SSE customer key: %v", err)),
- util.I18nErrorFsValidation,
- )
- }
- }
return nil
}
func (c *S3FsConfig) checkPartSizeAndConcurrency() error {
- if c.UploadPartSize != 0 && (c.UploadPartSize < 5 || c.UploadPartSize > 2000) {
+ if c.UploadPartSize != 0 && (c.UploadPartSize < 5 || c.UploadPartSize > 5000) {
return util.NewI18nError(
- errors.New("upload_part_size cannot be != 0, lower than 5 (MB) or greater than 2000 (MB)"),
+ errors.New("upload_part_size cannot be != 0, lower than 5 (MB) or greater than 5000 (MB)"),
util.I18nErrorULPartSizeInvalid,
)
}
@@ -456,9 +402,9 @@ func (c *S3FsConfig) checkPartSizeAndConcurrency() error {
util.I18nErrorULConcurrencyInvalid,
)
}
- if c.DownloadPartSize != 0 && (c.DownloadPartSize < 5 || c.DownloadPartSize > 2000) {
+ if c.DownloadPartSize != 0 && (c.DownloadPartSize < 5 || c.DownloadPartSize > 5000) {
return util.NewI18nError(
- errors.New("download_part_size cannot be != 0, lower than 5 (MB) or greater than 2000 (MB)"),
+ errors.New("download_part_size cannot be != 0, lower than 5 (MB) or greater than 5000 (MB)"),
util.I18nErrorDLPartSizeInvalid,
)
}
@@ -486,9 +432,6 @@ func (c *S3FsConfig) validate() error {
if c.AccessSecret == nil {
c.AccessSecret = kms.NewEmptySecret()
}
- if c.SSECustomerKey == nil {
- c.SSECustomerKey = kms.NewEmptySecret()
- }
if c.Bucket == "" {
return util.NewI18nError(errors.New("bucket cannot be empty"), util.I18nErrorBucketRequired)
}
@@ -586,7 +529,7 @@ func (c *GCSFsConfig) isSameResource(other GCSFsConfig) bool {
}
// validate returns an error if the configuration is not valid
-func (c *GCSFsConfig) validate() error { //nolint:gocyclo
+func (c *GCSFsConfig) validate() error {
if c.Credentials == nil || c.AutomaticCredentials == 1 {
c.Credentials = kms.NewEmptySecret()
}
@@ -610,7 +553,7 @@ func (c *GCSFsConfig) validate() error { //nolint:gocyclo
}
c.StorageClass = strings.TrimSpace(c.StorageClass)
c.ACL = strings.TrimSpace(c.ACL)
- if c.UploadPartSize < 0 || c.UploadPartSize > 2000 {
+ if c.UploadPartSize < 0 {
c.UploadPartSize = 0
}
if c.UploadPartMaxTime < 0 {
@@ -737,8 +680,8 @@ func (c *AzBlobFsConfig) checkCredentials() error {
if !c.SASURL.IsEmpty() {
return nil
}
- if c.AccountName == "" {
- return util.NewI18nError(errors.New("account name is required"), util.I18nErrorAccountNameRequired)
+ if c.AccountName == "" || !c.AccountKey.IsValidInput() {
+ return util.NewI18nError(errors.New("credentials cannot be empty or invalid"), util.I18nErrorAccountNameRequired)
}
if c.AccountKey.IsEncrypted() && !c.AccountKey.IsValid() {
return errors.New("invalid encrypted account_key")
@@ -747,7 +690,7 @@ func (c *AzBlobFsConfig) checkCredentials() error {
}
func (c *AzBlobFsConfig) checkPartSizeAndConcurrency() error {
- if c.UploadPartSize < 0 || c.UploadPartSize > 2000 {
+ if c.UploadPartSize < 0 || c.UploadPartSize > 100 {
return util.NewI18nError(
fmt.Errorf("invalid upload part size: %v", c.UploadPartSize),
util.I18nErrorULPartSizeInvalid,
@@ -759,7 +702,7 @@ func (c *AzBlobFsConfig) checkPartSizeAndConcurrency() error {
util.I18nErrorULConcurrencyInvalid,
)
}
- if c.DownloadPartSize < 0 || c.DownloadPartSize > 2000 {
+ if c.DownloadPartSize < 0 || c.DownloadPartSize > 100 {
return util.NewI18nError(
fmt.Errorf("invalid download part size: %v", c.DownloadPartSize),
util.I18nErrorDLPartSizeInvalid,
@@ -791,12 +734,6 @@ func (c *AzBlobFsConfig) isSameResource(other AzBlobFsConfig) bool {
if c.Endpoint != other.Endpoint {
return false
}
- if c.SASURL == nil {
- c.SASURL = kms.NewEmptySecret()
- }
- if other.SASURL == nil {
- other.SASURL = kms.NewEmptySecret()
- }
return c.SASURL.GetPayload() == other.SASURL.GetPayload()
}
@@ -827,7 +764,7 @@ func (c *AzBlobFsConfig) validate() error {
if err := c.checkPartSizeAndConcurrency(); err != nil {
return err
}
- if !slices.Contains(validAzAccessTier, c.AccessTier) {
+ if !util.Contains(validAzAccessTier, c.AccessTier) {
return fmt.Errorf("invalid access tier %q, valid values: \"''%v\"", c.AccessTier, strings.Join(validAzAccessTier, ", "))
}
return nil
@@ -896,25 +833,25 @@ func (c *CryptFsConfig) validate() error {
return nil
}
-// pipeWriter defines a wrapper for a pipeWriterAt.
+// pipeWriter defines a wrapper for pipeat.PipeWriterAt.
type pipeWriter struct {
- pipeWriterAt
+ *pipeat.PipeWriterAt
err error
done chan bool
}
// NewPipeWriter initializes a new PipeWriter
-func NewPipeWriter(w pipeWriterAt) PipeWriter {
+func NewPipeWriter(w *pipeat.PipeWriterAt) PipeWriter {
return &pipeWriter{
- pipeWriterAt: w,
+ PipeWriterAt: w,
err: nil,
done: make(chan bool),
}
}
-// Close waits for the upload to end, closes the pipeWriterAt and returns an error if any.
+// Close waits for the upload to end, closes the pipeat.PipeWriterAt and returns an error if any.
func (p *pipeWriter) Close() error {
- p.pipeWriterAt.Close() //nolint:errcheck // the returned error is always null
+ p.PipeWriterAt.Close() //nolint:errcheck // the returned error is always null
<-p.done
return p.err
}
@@ -926,10 +863,10 @@ func (p *pipeWriter) Done(err error) {
p.done <- true
}
-func newPipeWriterAtOffset(w pipeWriterAt, offset int64) PipeWriter {
+func newPipeWriterAtOffset(w *pipeat.PipeWriterAt, offset int64) PipeWriter {
return &pipeWriterAtOffset{
pipeWriter: &pipeWriter{
- pipeWriterAt: w,
+ PipeWriterAt: w,
err: nil,
done: make(chan bool),
},
@@ -958,15 +895,15 @@ func (p *pipeWriterAtOffset) Write(buf []byte) (int, error) {
}
// NewPipeReader initializes a new PipeReader
-func NewPipeReader(r pipeReaderAt) PipeReader {
+func NewPipeReader(r *pipeat.PipeReaderAt) PipeReader {
return &pipeReader{
- pipeReaderAt: r,
+ PipeReaderAt: r,
}
}
// pipeReader defines a wrapper for pipeat.PipeReaderAt.
type pipeReader struct {
- pipeReaderAt
+ *pipeat.PipeReaderAt
mu sync.RWMutex
metadata map[string]string
}
@@ -1146,7 +1083,7 @@ func IsUploadResumeSupported(fs Fs, size int64) bool {
}
func getLastModified(metadata map[string]string) int64 {
- if val, ok := metadata[lastModifiedField]; ok && val != "" {
+ if val, ok := metadata[lastModifiedField]; ok {
lastModified, err := strconv.ParseInt(val, 10, 64)
if err == nil {
return lastModified
@@ -1157,7 +1094,7 @@ func getLastModified(metadata map[string]string) int64 {
func getAzureLastModified(metadata map[string]*string) int64 {
for k, v := range metadata {
- if strings.EqualFold(k, lastModifiedField) {
+ if strings.ToLower(k) == lastModifiedField {
if val := util.GetStringFromPointer(v); val != "" {
lastModified, err := strconv.ParseInt(val, 10, 64)
if err == nil {
@@ -1229,8 +1166,8 @@ func getLocalTempDir() string {
}
func doRecursiveRename(fs Fs, source, target string,
- renameFn func(string, string, os.FileInfo, int, bool) (int, int64, error),
- recursion int, updateModTime bool,
+ renameFn func(string, string, os.FileInfo, int) (int, int64, error),
+ recursion int,
) (int, int64, error) {
var numFiles int
var filesSize int64
@@ -1255,7 +1192,7 @@ func doRecursiveRename(fs Fs, source, target string,
for _, info := range entries {
sourceEntry := fs.Join(source, info.Name())
targetEntry := fs.Join(target, info.Name())
- files, size, err := renameFn(sourceEntry, targetEntry, info, recursion, updateModTime)
+ files, size, err := renameFn(sourceEntry, targetEntry, info, recursion)
if err != nil {
if fs.IsNotExist(err) {
fsLog(fs, logger.LevelInfo, "skipping rename for %q: %v", sourceEntry, err)
@@ -1272,88 +1209,6 @@ func doRecursiveRename(fs Fs, source, target string,
}
}
-// copied from rclone
-func readFill(r io.Reader, buf []byte) (n int, err error) {
- var nn int
- for n < len(buf) && err == nil {
- nn, err = r.Read(buf[n:])
- n += nn
- }
- return n, err
-}
-
-func writeAtFull(w io.WriterAt, buf []byte, offset int64, count int) error {
- written := 0
- for written < count {
- n, err := w.WriteAt(buf[written:count], offset+int64(written))
- written += n
- if err != nil {
- return err
- }
- }
- return nil
-}
-
-type bytesReaderWrapper struct {
- *bytes.Reader
-}
-
-func (b *bytesReaderWrapper) Close() error {
- return nil
-}
-
-type bufferAllocator struct {
- sync.Mutex
- available [][]byte
- bufferSize int
- finalized bool
-}
-
-func newBufferAllocator(size int) *bufferAllocator {
- return &bufferAllocator{
- bufferSize: size,
- finalized: false,
- }
-}
-
-func (b *bufferAllocator) getBuffer() []byte {
- b.Lock()
- defer b.Unlock()
-
- if len(b.available) > 0 {
- var result []byte
-
- truncLength := len(b.available) - 1
- result = b.available[truncLength]
-
- b.available[truncLength] = nil
- b.available = b.available[:truncLength]
-
- return result
- }
-
- return make([]byte, b.bufferSize)
-}
-
-func (b *bufferAllocator) releaseBuffer(buf []byte) {
- b.Lock()
- defer b.Unlock()
-
- if b.finalized || len(buf) != b.bufferSize {
- return
- }
-
- b.available = append(b.available, buf)
-}
-
-func (b *bufferAllocator) free() {
- b.Lock()
- defer b.Unlock()
-
- b.available = nil
- b.finalized = true
-}
-
func fsLog(fs Fs, level logger.LogLevel, format string, v ...any) {
logger.Log(level, fs.Name(), fs.ConnectionID(), format, v...)
}
diff --git a/internal/webdavd/file.go b/internal/webdavd/file.go
index 88cc6bde..345c2714 100644
--- a/internal/webdavd/file.go
+++ b/internal/webdavd/file.go
@@ -23,11 +23,11 @@ import (
"net/http"
"os"
"path"
- "slices"
"sync/atomic"
"time"
"github.com/drakkan/webdav"
+ "github.com/eikenb/pipeat"
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
@@ -51,7 +51,7 @@ type webDavFile struct {
readTried atomic.Bool
}
-func newWebDavFile(baseTransfer *common.BaseTransfer, pipeWriter vfs.PipeWriter, pipeReader vfs.PipeReader) *webDavFile {
+func newWebDavFile(baseTransfer *common.BaseTransfer, pipeWriter vfs.PipeWriter, pipeReader *pipeat.PipeReaderAt) *webDavFile {
var writer io.WriteCloser
var reader io.ReadCloser
if baseTransfer.File != nil {
@@ -165,7 +165,7 @@ func (f *webDavFile) checkFirstRead() error {
if !f.Connection.User.HasPerm(dataprovider.PermDownload, path.Dir(f.GetVirtualPath())) {
return f.Connection.GetPermissionDeniedError()
}
- transferQuota := f.GetTransferQuota()
+ transferQuota := f.BaseTransfer.GetTransferQuota()
if !transferQuota.HasDownloadSpace() {
f.Connection.Log(logger.LevelInfo, "denying file read due to quota limits")
return f.Connection.GetReadQuotaExceededError()
@@ -212,7 +212,7 @@ func (f *webDavFile) Read(p []byte) (n int, err error) {
} else if r != nil {
f.reader = r
}
- f.SetCancelFn(cancelFn)
+ f.BaseTransfer.SetCancelFn(cancelFn)
}
f.ErrTransfer = e
f.startOffset = 0
@@ -322,10 +322,9 @@ func (f *webDavFile) Seek(offset int64, whence int) (int64, error) {
if f.GetType() == common.TransferDownload {
readOffset := f.startOffset + f.BytesSent.Load()
if offset == 0 && readOffset == 0 {
- switch whence {
- case io.SeekStart:
+ if whence == io.SeekStart {
return 0, nil
- case io.SeekEnd:
+ } else if whence == io.SeekEnd {
if err := f.updateStatInfo(); err != nil {
return 0, err
}
@@ -364,7 +363,7 @@ func (f *webDavFile) Seek(offset int64, whence int) (int64, error) {
f.reader = r
}
f.ErrTransfer = err
- f.SetCancelFn(cancelFn)
+ f.BaseTransfer.SetCancelFn(cancelFn)
f.Unlock()
return startByte, err
@@ -404,7 +403,7 @@ func (f *webDavFile) closeIO() error {
} else if f.reader != nil {
err = f.reader.Close()
if metadater, ok := f.reader.(vfs.Metadater); ok {
- f.SetMetadata(metadater.Metadata())
+ f.BaseTransfer.SetMetadata(metadater.Metadata())
}
}
return err
@@ -448,11 +447,11 @@ func (f *webDavFile) Patch(patches []webdav.Proppatch) ([]webdav.Propstat, error
pstat := webdav.Propstat{}
for _, p := range patch.Props {
if status == http.StatusForbidden && !hasError {
- if !patch.Remove && slices.Contains(lastModifiedProps, p.XMLName.Local) {
+ if !patch.Remove && util.Contains(lastModifiedProps, p.XMLName.Local) {
parsed, err := parseTime(util.BytesToString(p.InnerXML))
if err != nil {
f.Connection.Log(logger.LevelWarn, "unsupported last modification time: %q, err: %v",
- p.InnerXML, err)
+ util.BytesToString(p.InnerXML), err)
hasError = true
continue
}
diff --git a/internal/webdavd/handler.go b/internal/webdavd/handler.go
index 2fc3ca1b..674b5b72 100644
--- a/internal/webdavd/handler.go
+++ b/internal/webdavd/handler.go
@@ -36,17 +36,6 @@ import (
type Connection struct {
*common.BaseConnection
request *http.Request
- rc *http.ResponseController
-}
-
-func newConnection(conn *common.BaseConnection, w http.ResponseWriter, r *http.Request) *Connection {
- rc := http.NewResponseController(w)
- responseControllerDeadlines(rc, time.Time{}, time.Time{})
- return &Connection{
- BaseConnection: conn,
- request: r,
- rc: rc,
- }
}
func (c *Connection) getModificationTime() time.Time {
@@ -84,9 +73,6 @@ func (c *Connection) GetRemoteAddress() string {
// Disconnect closes the active transfer
func (c *Connection) Disconnect() error {
- if c.rc != nil {
- responseControllerDeadlines(c.rc, time.Now().Add(5*time.Second), time.Now().Add(5*time.Second))
- }
return c.SignalTransfersAbort()
}
@@ -159,11 +145,6 @@ func (c *Connection) RemoveAll(_ context.Context, name string) error {
func (c *Connection) OpenFile(_ context.Context, name string, flag int, _ os.FileMode) (webdav.File, error) {
c.UpdateLastActivity()
- if err := common.Connections.IsNewTransferAllowed(c.User.Username); err != nil {
- c.Log(logger.LevelInfo, "denying transfer due to count limits")
- return nil, c.GetPermissionDeniedError()
- }
-
name = util.CleanPath(name)
fs, p, err := c.GetFsAndResolvedPath(name)
if err != nil {
@@ -273,7 +254,7 @@ func (c *Connection) handleUploadToExistingFile(fs vfs.Fs, resolvedPath, filePat
maxWriteSize, _ := c.GetMaxWriteSize(diskQuota, false, fileSize, fs.IsUploadResumeSupported())
if common.Config.IsAtomicUploadEnabled() && fs.IsAtomicUploadSupported() {
- _, _, err = fs.Rename(resolvedPath, filePath, 0)
+ _, _, err = fs.Rename(resolvedPath, filePath)
if err != nil {
c.Log(logger.LevelError, "error renaming existing file for atomic upload, source: %q, dest: %q, err: %+v",
resolvedPath, filePath, err)
@@ -291,7 +272,10 @@ func (c *Connection) handleUploadToExistingFile(fs vfs.Fs, resolvedPath, filePat
if vfs.HasTruncateSupport(fs) {
vfolder, err := c.User.GetVirtualFolderForPath(path.Dir(requestPath))
if err == nil {
- dataprovider.UpdateUserFolderQuota(&vfolder, &c.User, 0, -fileSize, false)
+ dataprovider.UpdateVirtualFolderQuota(&vfolder.BaseVirtualFolder, 0, -fileSize, false) //nolint:errcheck
+ if vfolder.IsIncludedInUserQuota() {
+ dataprovider.UpdateUserQuota(&c.User, 0, -fileSize, false) //nolint:errcheck
+ }
} else {
dataprovider.UpdateUserQuota(&c.User, 0, -fileSize, false) //nolint:errcheck
}
diff --git a/internal/webdavd/internal_test.go b/internal/webdavd/internal_test.go
index 35f71035..0366c7d2 100644
--- a/internal/webdavd/internal_test.go
+++ b/internal/webdavd/internal_test.go
@@ -270,7 +270,6 @@ Ap157PUHTriSnxyMF2Sb3EhX/rQkmbnbCqqygHC14iBy8MrKzLG00X6BelZV5n0D
RKjnkiEZeG4+G91Xu7+HmcBLwV86k5I+tXK9O1Okomr6Zry8oqVcxU5TB6VRS+rA
ubwF00Drdvk2+kDZfxIM137nBiy7wgCJi2Ksm5ihN3dUF6Q0oNPl
-----END RSA PRIVATE KEY-----`
- osWindows = "windows"
)
// MockOsFs mockable OsFs
@@ -313,7 +312,7 @@ func (fs *MockOsFs) Remove(name string, _ bool) error {
}
// Rename renames (moves) source to target
-func (fs *MockOsFs) Rename(source, target string, _ int) (int, int64, error) {
+func (fs *MockOsFs) Rename(source, target string) (int, int64, error) {
err := os.Rename(source, target)
return -1, -1, err
}
@@ -379,15 +378,6 @@ func TestAllowedProxyUnixDomainSocket(t *testing.T) {
}
}
-func TestProxyListenerWrapper(t *testing.T) {
- b := Binding{
- ProxyMode: 0,
- }
- require.Nil(t, b.listenerWrapper())
- b.ProxyMode = 1
- require.NotNil(t, b.listenerWrapper())
-}
-
func TestRemoteAddress(t *testing.T) {
remoteAddr1 := "100.100.100.100"
remoteAddr2 := "172.172.172.172"
@@ -524,7 +514,7 @@ func TestResolvePathErrors(t *testing.T) {
assert.EqualError(t, err, common.ErrGenericFailure.Error())
}
- if runtime.GOOS != osWindows {
+ if runtime.GOOS != "windows" {
user.HomeDir = filepath.Clean(os.TempDir())
connection.User = user
fs := vfs.NewOsFs("connID", connection.User.HomeDir, "", nil)
@@ -761,8 +751,6 @@ func TestContentType(t *testing.T) {
assert.NoError(t, err)
assert.Equal(t, "application/sftpgo", ctype)
}
- err = davFile.Close()
- assert.NoError(t, err)
baseTransfer = common.NewBaseTransfer(nil, connection.BaseConnection, nil, testFilePath, testFilePath, testFile+".unknown2",
common.TransferDownload, 0, 0, 0, 0, false, fs, dataprovider.TransferQuota{})
@@ -809,7 +797,7 @@ func TestTransferReadWriteErrors(t *testing.T) {
r, w, err := pipeat.Pipe()
assert.NoError(t, err)
- davFile = newWebDavFile(baseTransfer, nil, vfs.NewPipeReader(r))
+ davFile = newWebDavFile(baseTransfer, nil, r)
davFile.Connection.RemoveTransfer(davFile.BaseTransfer)
davFile = newWebDavFile(baseTransfer, vfs.NewPipeWriter(w), nil)
davFile.Connection.RemoveTransfer(davFile.BaseTransfer)
@@ -817,8 +805,6 @@ func TestTransferReadWriteErrors(t *testing.T) {
assert.NoError(t, err)
err = w.Close()
assert.NoError(t, err)
- err = davFile.BaseTransfer.Close()
- assert.Error(t, err)
baseTransfer = common.NewBaseTransfer(nil, connection.BaseConnection, nil, testFilePath, testFilePath, testFile,
common.TransferDownload, 0, 0, 0, 0, false, fs, dataprovider.TransferQuota{})
@@ -827,8 +813,6 @@ func TestTransferReadWriteErrors(t *testing.T) {
assert.True(t, fs.IsNotExist(err))
_, err = davFile.Stat()
assert.True(t, fs.IsNotExist(err))
- err = davFile.Close()
- assert.Error(t, err)
baseTransfer = common.NewBaseTransfer(nil, connection.BaseConnection, nil, testFilePath, testFilePath, testFile,
common.TransferDownload, 0, 0, 0, 0, false, fs, dataprovider.TransferQuota{})
@@ -851,8 +835,6 @@ func TestTransferReadWriteErrors(t *testing.T) {
if assert.NoError(t, err) {
assert.Equal(t, int64(0), info.Size())
}
- err = davFile.Close()
- assert.Error(t, err)
r, w, err = pipeat.Pipe()
assert.NoError(t, err)
@@ -996,11 +978,8 @@ func TestTransferSeek(t *testing.T) {
res, err = davFile.Seek(2, io.SeekEnd)
assert.True(t, fs.IsNotExist(err))
assert.Equal(t, int64(0), res)
- err = davFile.Close()
- assert.NoError(t, err)
assert.Len(t, common.Connections.GetStats(""), 0)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
err = os.Remove(testFilePath)
assert.NoError(t, err)
@@ -1497,11 +1476,8 @@ func TestUserCacheIsolation(t *testing.T) {
LockSystem: webdav.NewMemLS(),
}
cachedUser.User.FsConfig.S3Config.AccessSecret = kms.NewPlainSecret("test secret")
- cachedUser.User.FsConfig.S3Config.SSECustomerKey = kms.NewPlainSecret("test key")
err = cachedUser.User.FsConfig.S3Config.AccessSecret.Encrypt()
assert.NoError(t, err)
- err = cachedUser.User.FsConfig.S3Config.SSECustomerKey.Encrypt()
- assert.NoError(t, err)
dataprovider.CacheWebDAVUser(cachedUser)
cachedUser, ok := dataprovider.GetCachedWebDAVUser(username)
@@ -1515,9 +1491,6 @@ func TestUserCacheIsolation(t *testing.T) {
assert.True(t, cachedUser.User.FsConfig.S3Config.AccessSecret.IsEncrypted())
err = cachedUser.User.FsConfig.S3Config.AccessSecret.Decrypt()
assert.NoError(t, err)
- assert.True(t, cachedUser.User.FsConfig.S3Config.SSECustomerKey.IsEncrypted())
- err = cachedUser.User.FsConfig.S3Config.SSECustomerKey.Decrypt()
- assert.NoError(t, err)
cachedUser.User.FsConfig.Provider = sdk.S3FilesystemProvider
_, err = cachedUser.User.GetFilesystem("")
assert.Error(t, err, "we don't have to get the previously cached filesystem!")
@@ -1526,7 +1499,6 @@ func TestUserCacheIsolation(t *testing.T) {
if assert.True(t, ok) {
assert.Equal(t, sdk.LocalFilesystemProvider, cachedUser.User.FsConfig.Provider)
assert.False(t, cachedUser.User.FsConfig.S3Config.AccessSecret.IsEncrypted())
- assert.False(t, cachedUser.User.FsConfig.S3Config.SSECustomerKey.IsEncrypted())
}
err = dataprovider.DeleteUser(username, "", "", "")
@@ -1741,68 +1713,3 @@ func TestGetCacheExpirationTime(t *testing.T) {
c.ExpirationTime = 1
assert.False(t, c.getExpirationTime().IsZero())
}
-
-func TestBindingGetAddress(t *testing.T) {
- tests := []struct {
- name string
- binding Binding
- want string
- }{
- {
- name: "IP address with port",
- binding: Binding{Address: "127.0.0.1", Port: 8080},
- want: "127.0.0.1:8080",
- },
- {
- name: "Unix socket path (no port)",
- binding: Binding{Address: "/tmp/app.sock", Port: 0},
- want: "/tmp/app.sock",
- },
- }
-
- for _, tt := range tests {
- t.Run(tt.name, func(t *testing.T) {
- if got := tt.binding.GetAddress(); got != tt.want {
- t.Errorf("GetAddress() = %v, want %v", got, tt.want)
- }
- })
- }
-}
-
-func TestBindingIsValid(t *testing.T) {
- tests := []struct {
- name string
- binding Binding
- want bool
- }{
- {
- name: "Valid: Positive port",
- binding: Binding{Address: "127.0.0.1", Port: 10080},
- want: true,
- },
- {
- name: "Valid: Absolute path on Unix (non-Windows)",
- binding: Binding{Address: "/var/run/app.sock", Port: 0},
- // This test outcome is dynamic based on the OS
- want: runtime.GOOS != osWindows,
- },
- {
- name: "Invalid: Port 0 and relative path",
- binding: Binding{Address: "relative/path", Port: 0},
- want: false,
- },
- {
- name: "Invalid: Empty address and port 0",
- binding: Binding{Address: "", Port: 0},
- want: false,
- },
- }
-
- for _, tt := range tests {
- t.Run(tt.name, func(t *testing.T) {
- if got := tt.binding.IsValid(); got != tt.want {
- t.Errorf("IsValid() = %v, want %v", got, tt.want)
- }
- })
- }
-}
diff --git a/internal/webdavd/server.go b/internal/webdavd/server.go
index 06533320..aad07040 100644
--- a/internal/webdavd/server.go
+++ b/internal/webdavd/server.go
@@ -26,7 +26,6 @@ import (
"path"
"path/filepath"
"runtime/debug"
- "slices"
"strings"
"time"
@@ -34,7 +33,6 @@ import (
"github.com/go-chi/chi/v5/middleware"
"github.com/rs/cors"
"github.com/rs/xid"
- "github.com/rs/zerolog"
"github.com/sftpgo/sdk/plugin/notifier"
"github.com/drakkan/sftpgo/v2/internal/common"
@@ -55,6 +53,8 @@ func (s *webDavServer) listenAndServe(compressor *middleware.Compressor) error {
handler := compressor.Handler(s)
httpServer := &http.Server{
ReadHeaderTimeout: 30 * time.Second,
+ ReadTimeout: 60 * time.Second,
+ WriteTimeout: 60 * time.Second,
IdleTimeout: 60 * time.Second,
MaxHeaderBytes: 1 << 16, // 64KB
ErrorLog: log.New(&logger.StdLoggerWrapper{Sender: logSender}, "", 0),
@@ -98,13 +98,11 @@ func (s *webDavServer) listenAndServe(compressor *middleware.Compressor) error {
httpServer.TLSConfig.ClientAuth = tls.VerifyClientCertIfGiven
}
}
- return util.HTTPListenAndServe(httpServer, s.binding.Address, s.binding.Port, true,
- s.binding.listenerWrapper(), logSender)
+ return util.HTTPListenAndServe(httpServer, s.binding.Address, s.binding.Port, true, logSender)
}
s.binding.EnableHTTPS = false
serviceStatus.Bindings = append(serviceStatus.Bindings, s.binding)
- return util.HTTPListenAndServe(httpServer, s.binding.Address, s.binding.Port, false,
- s.binding.listenerWrapper(), logSender)
+ return util.HTTPListenAndServe(httpServer, s.binding.Address, s.binding.Port, false, logSender)
}
func (s *webDavServer) verifyTLSConnection(state tls.ConnectionState) error {
@@ -168,11 +166,6 @@ func (s *webDavServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
}()
- responseControllerDeadlines(
- http.NewResponseController(w),
- time.Now().Add(60*time.Second),
- time.Now().Add(60*time.Second),
- )
w.Header().Set("Server", version.GetServerVersion("/", false))
ipAddr := s.checkRemoteAddress(r)
@@ -213,7 +206,7 @@ func (s *webDavServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if err != nil {
// remove the cached user, we have not yet validated its filesystem
dataprovider.RemoveCachedWebDAVUser(user.Username)
- updateLoginMetrics(&user, ipAddr, loginMethod, err, r)
+ updateLoginMetrics(&user, ipAddr, loginMethod, err)
http.Error(w, err.Error(), http.StatusForbidden)
return
}
@@ -226,24 +219,26 @@ func (s *webDavServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if err != nil {
errClose := user.CloseFs()
logger.Warn(logSender, connectionID, "unable to check fs root: %v close fs error: %v", err, errClose)
- updateLoginMetrics(&user, ipAddr, loginMethod, common.ErrInternalFailure, r)
+ updateLoginMetrics(&user, ipAddr, loginMethod, common.ErrInternalFailure)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
- baseConn := common.NewBaseConnection(connectionID, common.ProtocolWebDAV, util.GetHTTPLocalAddress(r),
- r.RemoteAddr, user)
- connection := newConnection(baseConn, w, r)
+ connection := &Connection{
+ BaseConnection: common.NewBaseConnection(connectionID, common.ProtocolWebDAV, util.GetHTTPLocalAddress(r),
+ r.RemoteAddr, user),
+ request: r,
+ }
if err = common.Connections.Add(connection); err != nil {
errClose := user.CloseFs()
logger.Warn(logSender, connectionID, "unable add connection: %v close fs error: %v", err, errClose)
- updateLoginMetrics(&user, ipAddr, loginMethod, err, r)
+ updateLoginMetrics(&user, ipAddr, loginMethod, err)
http.Error(w, err.Error(), http.StatusTooManyRequests)
return
}
defer common.Connections.Remove(connection.GetID())
- updateLoginMetrics(&user, ipAddr, loginMethod, err, r)
+ updateLoginMetrics(&user, ipAddr, loginMethod, err)
ctx := context.WithValue(r.Context(), requestIDKey, connectionID)
ctx = context.WithValue(ctx, requestStartKey, time.Now())
@@ -320,7 +315,7 @@ func (s *webDavServer) authenticate(r *http.Request, ip string) (dataprovider.Us
dataprovider.CacheWebDAVUser(cachedUser)
return cachedUser.User, false, cachedUser.LockSystem, loginMethod, nil
}
- updateLoginMetrics(&cachedUser.User, ip, loginMethod, dataprovider.ErrInvalidCredentials, r)
+ updateLoginMetrics(&cachedUser.User, ip, loginMethod, dataprovider.ErrInvalidCredentials)
return user, false, nil, loginMethod, dataprovider.ErrInvalidCredentials
}
}
@@ -328,7 +323,7 @@ func (s *webDavServer) authenticate(r *http.Request, ip string) (dataprovider.Us
common.ProtocolWebDAV, tlsCert)
if err != nil {
user.Username = username
- updateLoginMetrics(&user, ip, loginMethod, err, r)
+ updateLoginMetrics(&user, ip, loginMethod, err)
return user, false, nil, loginMethod, dataprovider.ErrInvalidCredentials
}
lockSystem := webdav.NewMemLS()
@@ -351,7 +346,7 @@ func (s *webDavServer) validateUser(user *dataprovider.User, r *http.Request, lo
user.Username, user.HomeDir)
return connID, fmt.Errorf("cannot login user with invalid home dir: %q", user.HomeDir)
}
- if slices.Contains(user.Filters.DeniedProtocols, common.ProtocolWebDAV) {
+ if util.Contains(user.Filters.DeniedProtocols, common.ProtocolWebDAV) {
logger.Info(logSender, connectionID, "cannot login user %q, protocol DAV is not allowed", user.Username)
return connID, fmt.Errorf("protocol DAV is not allowed for user %q", user.Username)
}
@@ -390,30 +385,17 @@ func (s *webDavServer) checkRemoteAddress(r *http.Request) string {
return ipAddr
}
-func responseControllerDeadlines(rc *http.ResponseController, read, write time.Time) {
- if err := rc.SetReadDeadline(read); err != nil {
- logger.Error(logSender, "", "unable to set read timeout to %s: %v", read, err)
- }
- if err := rc.SetWriteDeadline(write); err != nil {
- logger.Error(logSender, "", "unable to set write timeout to %s: %v", write, err)
- }
-}
-
func writeLog(r *http.Request, status int, err error) {
scheme := "http"
- cipherSuite := ""
if r.TLS != nil {
scheme = "https"
- cipherSuite = tls.CipherSuiteName(r.TLS.CipherSuite)
}
fields := map[string]any{
- "remote_addr": r.RemoteAddr,
- "proto": r.Proto,
- "method": r.Method,
- "user_agent": r.UserAgent(),
- "uri": fmt.Sprintf("%s://%s%s", scheme, r.Host, r.RequestURI),
- "cipher_suite": cipherSuite,
- }
+ "remote_addr": r.RemoteAddr,
+ "proto": r.Proto,
+ "method": r.Method,
+ "user_agent": r.UserAgent(),
+ "uri": fmt.Sprintf("%s://%s%s", scheme, r.Host, r.RequestURI)}
if reqID, ok := r.Context().Value(requestIDKey).(string); ok {
fields["request_id"] = reqID
}
@@ -432,15 +414,7 @@ func writeLog(r *http.Request, status int, err error) {
if status != 0 {
fields["resp_status"] = status
}
- var ev *zerolog.Event
- if status >= http.StatusInternalServerError {
- ev = logger.GetLogger().Error()
- } else if status >= http.StatusBadRequest {
- ev = logger.GetLogger().Warn()
- } else {
- ev = logger.GetLogger().Debug()
- }
- ev.
+ logger.GetLogger().Info().
Timestamp().
Str("sender", logSender).
Fields(fields).
@@ -448,10 +422,9 @@ func writeLog(r *http.Request, status int, err error) {
Send()
}
-func updateLoginMetrics(user *dataprovider.User, ip, loginMethod string, err error, r *http.Request) {
+func updateLoginMetrics(user *dataprovider.User, ip, loginMethod string, err error) {
metric.AddLoginAttempt(loginMethod)
if err == nil {
- logger.LoginLog(user.Username, ip, loginMethod, common.ProtocolWebDAV, "", r.UserAgent(), r.TLS != nil, "")
plugin.Handler.NotifyLogEvent(notifier.LogEventTypeLoginOK, common.ProtocolWebDAV, user.Username, ip, "", nil)
common.DelayLogin(nil)
} else if err != common.ErrInternalFailure && err != common.ErrNoCredentials {
diff --git a/internal/webdavd/webdavd.go b/internal/webdavd/webdavd.go
index 36b3b33c..62d37568 100644
--- a/internal/webdavd/webdavd.go
+++ b/internal/webdavd/webdavd.go
@@ -21,7 +21,6 @@ import (
"net/http"
"os"
"path/filepath"
- "runtime"
"time"
"github.com/go-chi/chi/v5/middleware"
@@ -139,9 +138,6 @@ type Binding struct {
// Prefix for WebDAV resources, if empty WebDAV resources will be available at the
// root ("/") URI. If defined it must be an absolute URI.
Prefix string `json:"prefix" mapstructure:"prefix"`
- // Defines whether to use the common proxy protocol configuration or the
- // binding-specific proxy header configuration.
- ProxyMode int `json:"proxy_mode" mapstructure:"proxy_mode"`
// List of IP addresses and IP ranges allowed to set client IP proxy headers
ProxyAllowed []string `json:"proxy_allowed" mapstructure:"proxy_allowed"`
// Allowed client IP proxy header such as "X-Forwarded-For", "X-Real-IP"
@@ -177,28 +173,12 @@ func (b *Binding) isMutualTLSEnabled() bool {
// GetAddress returns the binding address
func (b *Binding) GetAddress() string {
- if b.Port > 0 {
- return fmt.Sprintf("%s:%d", b.Address, b.Port)
- }
- return b.Address
+ return fmt.Sprintf("%s:%d", b.Address, b.Port)
}
-// IsValid returns true if the binding is valid
+// IsValid returns true if the binding port is > 0
func (b *Binding) IsValid() bool {
- if b.Port > 0 {
- return true
- }
- if filepath.IsAbs(b.Address) && runtime.GOOS != "windows" {
- return true
- }
- return false
-}
-
-func (b *Binding) listenerWrapper() func(net.Listener) (net.Listener, error) {
- if b.ProxyMode == 1 {
- return common.Config.GetProxyListener
- }
- return nil
+ return b.Port > 0
}
// Configuration defines the configuration for the WevDAV server
diff --git a/internal/webdavd/webdavd_test.go b/internal/webdavd/webdavd_test.go
index f7985c34..2c09d516 100644
--- a/internal/webdavd/webdavd_test.go
+++ b/internal/webdavd/webdavd_test.go
@@ -38,13 +38,11 @@ import (
"time"
"github.com/minio/sio"
- "github.com/pkg/sftp"
"github.com/rs/zerolog"
"github.com/sftpgo/sdk"
sdkkms "github.com/sftpgo/sdk/kms"
"github.com/stretchr/testify/assert"
"github.com/studio-b12/gowebdav"
- "golang.org/x/crypto/ssh"
"github.com/drakkan/sftpgo/v2/internal/common"
"github.com/drakkan/sftpgo/v2/internal/config"
@@ -639,7 +637,6 @@ func TestBasicHandling(t *testing.T) {
assert.NoError(t, err)
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
1*time.Second, 100*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
status := webdavd.GetStatus()
assert.True(t, status.IsActive)
}
@@ -724,7 +721,6 @@ func TestBasicHandlingCryptFs(t *testing.T) {
assert.NoError(t, err)
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
1*time.Second, 100*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func TestBufferedUser(t *testing.T) {
@@ -1014,8 +1010,6 @@ func TestRenameWithLock(t *testing.T) {
err = resp.Body.Close()
assert.NoError(t, err)
- err = os.Remove(testFilePath)
- assert.NoError(t, err)
_, err = httpdtest.RemoveUser(user, http.StatusOK)
assert.NoError(t, err)
err = os.RemoveAll(user.GetHomeDir())
@@ -1083,7 +1077,6 @@ func TestPropPatch(t *testing.T) {
assert.NoError(t, err)
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
1*time.Second, 100*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func TestLoginInvalidPwd(t *testing.T) {
@@ -1527,7 +1520,6 @@ func TestPreDownloadHook(t *testing.T) {
assert.NoError(t, err)
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
1*time.Second, 100*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
common.Config.Actions.ExecuteOn = []string{common.OperationPreDownload}
common.Config.Actions.Hook = preDownloadPath
@@ -1578,7 +1570,6 @@ func TestPreUploadHook(t *testing.T) {
assert.NoError(t, err)
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
1*time.Second, 100*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
common.Config.Actions.ExecuteOn = oldExecuteOn
common.Config.Actions.Hook = oldHook
@@ -1642,7 +1633,6 @@ func TestMaxConnections(t *testing.T) {
assert.NoError(t, err)
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
1*time.Second, 100*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
common.Config.MaxTotalConnections = oldValue
}
@@ -1675,61 +1665,6 @@ func TestMaxPerHostConnections(t *testing.T) {
assert.NoError(t, err)
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
1*time.Second, 100*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
-
- common.Config.MaxPerHostConnections = oldValue
-}
-
-func TestMaxTransfers(t *testing.T) {
- oldValue := common.Config.MaxPerHostConnections
- common.Config.MaxPerHostConnections = 2
-
- assert.Eventually(t, func() bool {
- return common.Connections.GetClientConnections() == 0
- }, 1000*time.Millisecond, 50*time.Millisecond)
-
- user, _, err := httpdtest.AddUser(getTestUser(), http.StatusCreated)
- assert.NoError(t, err)
- client := getWebDavClient(user, true, nil)
- assert.NoError(t, checkBasicFunc(client))
-
- conn, sftpClient, err := getSftpClient(user)
- assert.NoError(t, err)
- defer conn.Close()
- defer sftpClient.Close()
-
- f1, err := sftpClient.Create("file1")
- assert.NoError(t, err)
- f2, err := sftpClient.Create("file2")
- assert.NoError(t, err)
- _, err = f1.Write([]byte(" "))
- assert.NoError(t, err)
- _, err = f2.Write([]byte(" "))
- assert.NoError(t, err)
-
- testFilePath := filepath.Join(homeBasePath, testFileName)
- testFileSize := int64(65535)
- err = createTestFile(testFilePath, testFileSize)
- assert.NoError(t, err)
- err = uploadFileWithRawClient(testFilePath, testFileName, user.Username, defaultPassword,
- false, testFileSize, client)
- assert.Error(t, err)
-
- err = os.Remove(testFilePath)
- assert.NoError(t, err)
-
- err = f1.Close()
- assert.NoError(t, err)
- err = f2.Close()
- assert.NoError(t, err)
-
- _, err = httpdtest.RemoveUser(user, http.StatusOK)
- assert.NoError(t, err)
- err = os.RemoveAll(user.GetHomeDir())
- assert.NoError(t, err)
- assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
- 1*time.Second, 100*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
common.Config.MaxPerHostConnections = oldValue
}
@@ -1777,7 +1712,6 @@ func TestMaxSessions(t *testing.T) {
assert.NoError(t, err)
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
1*time.Second, 100*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func TestLoginWithIPilters(t *testing.T) {
@@ -2237,7 +2171,6 @@ func TestClientClose(t *testing.T) {
wg.Wait()
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
1*time.Second, 100*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
err = os.Remove(localDownloadPath)
assert.NoError(t, err)
@@ -2255,7 +2188,7 @@ func TestLoginWithDatabaseCredentials(t *testing.T) {
u := getTestUser()
u.FsConfig.Provider = sdk.GCSFilesystemProvider
u.FsConfig.GCSConfig.Bucket = "test"
- u.FsConfig.GCSConfig.Credentials = kms.NewPlainSecret(`{ "type": "service_account", "private_key": " ", "client_email": "example@iam.gserviceaccount.com" }`)
+ u.FsConfig.GCSConfig.Credentials = kms.NewPlainSecret(`{ "type": "service_account" }`)
user, _, err := httpdtest.AddUser(u, http.StatusCreated)
assert.NoError(t, err)
assert.Equal(t, sdkkms.SecretStatusSecretBox, user.FsConfig.GCSConfig.Credentials.GetStatus())
@@ -2606,7 +2539,6 @@ func TestStat(t *testing.T) {
func TestUploadOverwriteVfolder(t *testing.T) {
u := getTestUser()
- u.QuotaFiles = 1000
vdir := "/vdir"
mappedPath := filepath.Join(os.TempDir(), "mappedDir")
folderName := filepath.Base(mappedPath)
@@ -2653,25 +2585,15 @@ func TestUploadOverwriteVfolder(t *testing.T) {
assert.NoError(t, err)
folder, _, err := httpdtest.GetFolderByName(folderName, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), folder.UsedQuotaSize)
- assert.Equal(t, 0, folder.UsedQuotaFiles)
- user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK)
- assert.NoError(t, err)
- assert.Equal(t, testFileSize, user.UsedQuotaSize)
- assert.Equal(t, 1, user.UsedQuotaFiles)
-
+ assert.Equal(t, testFileSize, folder.UsedQuotaSize)
+ assert.Equal(t, 1, folder.UsedQuotaFiles)
err = uploadFileWithRawClient(testFilePath, path.Join(vdir, testFileName), user.Username,
defaultPassword, true, testFileSize, client)
assert.NoError(t, err)
folder, _, err = httpdtest.GetFolderByName(folderName, http.StatusOK)
assert.NoError(t, err)
- assert.Equal(t, int64(0), folder.UsedQuotaSize)
- assert.Equal(t, 0, folder.UsedQuotaFiles)
- user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK)
- assert.NoError(t, err)
- assert.Equal(t, testFileSize, user.UsedQuotaSize)
- assert.Equal(t, 1, user.UsedQuotaFiles)
-
+ assert.Equal(t, testFileSize, folder.UsedQuotaSize)
+ assert.Equal(t, 1, folder.UsedQuotaFiles)
err = os.Remove(testFilePath)
assert.NoError(t, err)
_, err = httpdtest.RemoveUser(user, http.StatusOK)
@@ -3343,7 +3265,6 @@ func TestNestedVirtualFolders(t *testing.T) {
assert.NoError(t, err)
assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 },
1*time.Second, 100*time.Millisecond)
- assert.Equal(t, int32(0), common.Connections.GetTotalTransfers())
}
func checkBasicFunc(client *gowebdav.Client) error {
@@ -3540,30 +3461,6 @@ func getTestUserWithCryptFs() dataprovider.User {
return user
}
-func getSftpClient(user dataprovider.User) (*ssh.Client, *sftp.Client, error) {
- var sftpClient *sftp.Client
- config := &ssh.ClientConfig{
- User: user.Username,
- HostKeyCallback: ssh.InsecureIgnoreHostKey(),
- Timeout: 5 * time.Second,
- }
- if user.Password != "" {
- config.Auth = []ssh.AuthMethod{ssh.Password(user.Password)}
- } else {
- config.Auth = []ssh.AuthMethod{ssh.Password(defaultPassword)}
- }
-
- conn, err := ssh.Dial("tcp", sftpServerAddr, config)
- if err != nil {
- return conn, sftpClient, err
- }
- sftpClient, err = sftp.NewClient(conn)
- if err != nil {
- conn.Close()
- }
- return conn, sftpClient, err
-}
-
func getEncryptedFileSize(size int64) (int64, error) {
encSize, err := sio.EncryptedSize(uint64(size))
return int64(encSize) + 33, err
diff --git a/main.go b/main.go
index 1d9cf48e..f147eb47 100644
--- a/main.go
+++ b/main.go
@@ -20,9 +20,17 @@
package main // import "github.com/drakkan/sftpgo"
import (
+ "fmt"
+
+ "go.uber.org/automaxprocs/maxprocs"
+
"github.com/drakkan/sftpgo/v2/internal/cmd"
)
func main() {
+ if undo, err := maxprocs.Set(); err != nil {
+ fmt.Printf("error setting max procs: %v\n", err)
+ undo()
+ }
cmd.Execute()
}
diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml
index 32dc3dc7..e8d19819 100644
--- a/openapi/openapi.yaml
+++ b/openapi/openapi.yaml
@@ -29,7 +29,7 @@ info:
SFTPGo supports groups to simplify the administration of multiple accounts by letting you assign settings once to a group, instead of multiple times to each individual user.
The SFTPGo WebClient allows end users to change their credentials, browse and manage their files in the browser and setup two-factor authentication which works with Authy, Google Authenticator and other compatible apps.
From the WebClient each authorized user can also create HTTP/S links to externally share files and folders securely, by setting limits to the number of downloads/uploads, protecting the share with a password, limiting access by source IP address, setting an automatic expiration date.
- version: v2.7.0
+ version: 2.6.4
contact:
name: API support
url: 'https://github.com/drakkan/sftpgo'
@@ -1088,6 +1088,60 @@ paths:
$ref: '#/components/responses/InternalServerError'
default:
$ref: '#/components/responses/DefaultResponse'
+ /retention/users/{username}/check:
+ parameters:
+ - name: username
+ in: path
+ description: the username
+ required: true
+ schema:
+ type: string
+ - name: notifications
+ in: query
+ description: 'specify how to notify results'
+ explode: false
+ schema:
+ type: array
+ items:
+ $ref: '#/components/schemas/RetentionCheckNotification'
+ post:
+ tags:
+ - data retention
+ summary: Start a retention check
+ description: 'Starts a new retention check for the given user. If a retention check for this user is already active a 409 status code is returned'
+ operationId: start_user_retention_check
+ requestBody:
+ required: true
+ description: 'Defines virtual paths to check and their retention time in hours'
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ $ref: '#/components/schemas/FolderRetention'
+ responses:
+ '202':
+ description: successful operation
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ApiResponse'
+ example:
+ message: Check started
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '409':
+ $ref: '#/components/responses/Conflict'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+ default:
+ $ref: '#/components/responses/DefaultResponse'
/quotas/users/scans:
get:
tags:
@@ -2678,7 +2732,7 @@ paths:
$ref: '#/components/responses/InternalServerError'
default:
$ref: '#/components/responses/DefaultResponse'
- /events/logs:
+ /events/log:
get:
tags:
- events
@@ -5088,6 +5142,15 @@ components:
* `shares-disabled` - sharing files and directories with external users is not allowed
* `password-reset-disabled` - resetting the password is not allowed
* `shares-without-password-disabled` - creating shares without password protection is not allowed
+ RetentionCheckNotification:
+ type: string
+ enum:
+ - Hook
+ - Email
+ description: |
+ Options:
+ * `Hook` - notify result using the defined hook. A "data_retention_hook" must be defined in your configuration file for this to work
+ * `Email` - notify results by email. The admin starting the retention check must have an associated email address and the SMTP server must be configured for this to work
APIKeyScope:
type: integer
enum:
@@ -5385,10 +5448,14 @@ components:
max_upload_file_size:
type: integer
format: int64
- description: 'maximum allowed size, as bytes, for a single file upload. The upload will be aborted if/when the size of the file being sent exceeds this limit. 0 means unlimited'
+ description: 'maximum allowed size, as bytes, for a single file upload. The upload will be aborted if/when the size of the file being sent exceeds this limit. 0 means unlimited. This restriction does not apply for SSH system commands such as `git` and `rsync`'
tls_username:
type: string
description: 'defines the TLS certificate field to use as username. For FTP clients it must match the name provided using the "USER" command. For WebDAV, if no username is provided, the CN will be used as username. For WebDAV clients it must match the implicit or provided username. Ignored if mutual TLS is disabled. Currently the only supported value is `CommonName`'
+ tls_certs:
+ type: array
+ items:
+ type: string
hooks:
$ref: '#/components/schemas/HooksFilter'
disable_fs_checks:
@@ -5460,15 +5527,6 @@ components:
type: array
items:
$ref: '#/components/schemas/RecoveryCode'
- tls_certs:
- type: array
- items:
- type: string
- additional_emails:
- type: array
- items:
- type: string
- format: email
Secret:
type: object
properties:
@@ -5507,8 +5565,6 @@ components:
type: string
access_secret:
$ref: '#/components/schemas/Secret'
- sse_customer_key:
- $ref: '#/components/schemas/Secret'
role_arn:
type: string
description: 'Optional IAM Role ARN to assume'
@@ -6208,6 +6264,9 @@ components:
delete_empty_dirs:
type: boolean
description: if enabled, empty directories will be deleted
+ ignore_user_permissions:
+ type: boolean
+ description: 'if enabled, files will be deleted even if the user does not have the delete permission. The default is "false" which means that files will be skipped if the user does not have permission to delete them. File patterns filters will always be silently ignored'
RetentionCheck:
type: object
properties:
@@ -6222,6 +6281,14 @@ components:
type: integer
format: int64
description: check start time as unix timestamp in milliseconds
+ notifications:
+ type: array
+ items:
+ $ref: '#/components/schemas/RetentionCheckNotification'
+ email:
+ type: string
+ format: email
+ description: 'if the notification method is set to "Email", this is the e-mail address that receives the retention check report. This field is automatically set to the email address associated with the administrator starting the check'
QuotaScan:
type: object
properties:
@@ -6895,14 +6962,6 @@ components:
type: string
value:
type: string
- RenameConfig:
- allOf:
- - $ref: '#/components/schemas/KeyValue'
- - type: object
- properties:
- update_modtime:
- type: boolean
- description: 'Update modification time. This setting is not recursive and only applies to storage providers that support changing modification times'
HTTPPart:
type: object
properties:
@@ -7035,7 +7094,7 @@ components:
renames:
type: array
items:
- $ref: '#/components/schemas/RenameConfig'
+ $ref: '#/components/schemas/KeyValue'
mkdirs:
type: array
items:
@@ -7214,19 +7273,6 @@ components:
max_size:
type: integer
format: int64
- event_statuses:
- type: array
- items:
- type: integer
- enum:
- - 1
- - 2
- - 3
- description: |
- Event status:
- - `1` OK
- - `2` Failed
- - `3` Quota exceeded
concurrent_execution:
type: boolean
description: allow concurrent execution from multiple nodes
diff --git a/openapi/swagger-ui/swagger-ui-bundle.js b/openapi/swagger-ui/swagger-ui-bundle.js
index 64a04935..45262199 100644
--- a/openapi/swagger-ui/swagger-ui-bundle.js
+++ b/openapi/swagger-ui/swagger-ui-bundle.js
@@ -1,2 +1,2 @@
/*! For license information please see swagger-ui-bundle.js.LICENSE.txt */
-!function webpackUniversalModuleDefinition(s,o){"object"==typeof exports&&"object"==typeof module?module.exports=o():"function"==typeof define&&define.amd?define([],o):"object"==typeof exports?exports.SwaggerUIBundle=o():s.SwaggerUIBundle=o()}(this,(()=>(()=>{var s={251:(s,o)=>{o.read=function(s,o,i,a,u){var _,w,x=8*u-a-1,C=(1<>1,L=-7,B=i?u-1:0,$=i?-1:1,U=s[o+B];for(B+=$,_=U&(1<<-L)-1,U>>=-L,L+=x;L>0;_=256*_+s[o+B],B+=$,L-=8);for(w=_&(1<<-L)-1,_>>=-L,L+=a;L>0;w=256*w+s[o+B],B+=$,L-=8);if(0===_)_=1-j;else{if(_===C)return w?NaN:1/0*(U?-1:1);w+=Math.pow(2,a),_-=j}return(U?-1:1)*w*Math.pow(2,_-a)},o.write=function(s,o,i,a,u,_){var w,x,C,j=8*_-u-1,L=(1<>1,$=23===u?Math.pow(2,-24)-Math.pow(2,-77):0,U=a?0:_-1,V=a?1:-1,z=o<0||0===o&&1/o<0?1:0;for(o=Math.abs(o),isNaN(o)||o===1/0?(x=isNaN(o)?1:0,w=L):(w=Math.floor(Math.log(o)/Math.LN2),o*(C=Math.pow(2,-w))<1&&(w--,C*=2),(o+=w+B>=1?$/C:$*Math.pow(2,1-B))*C>=2&&(w++,C/=2),w+B>=L?(x=0,w=L):w+B>=1?(x=(o*C-1)*Math.pow(2,u),w+=B):(x=o*Math.pow(2,B-1)*Math.pow(2,u),w=0));u>=8;s[i+U]=255&x,U+=V,x/=256,u-=8);for(w=w<0;s[i+U]=255&w,U+=V,w/=256,j-=8);s[i+U-V]|=128*z}},462:(s,o,i)=>{"use strict";var a=i(40975);s.exports=a},659:(s,o,i)=>{var a=i(51873),u=Object.prototype,_=u.hasOwnProperty,w=u.toString,x=a?a.toStringTag:void 0;s.exports=function getRawTag(s){var o=_.call(s,x),i=s[x];try{s[x]=void 0;var a=!0}catch(s){}var u=w.call(s);return a&&(o?s[x]=i:delete s[x]),u}},694:(s,o,i)=>{"use strict";i(91599);var a=i(37257);i(12560),s.exports=a},953:(s,o,i)=>{"use strict";s.exports=i(53375)},1733:s=>{var o=/[^\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f]+/g;s.exports=function asciiWords(s){return s.match(o)||[]}},1882:(s,o,i)=>{var a=i(72552),u=i(23805);s.exports=function isFunction(s){if(!u(s))return!1;var o=a(s);return"[object Function]"==o||"[object GeneratorFunction]"==o||"[object AsyncFunction]"==o||"[object Proxy]"==o}},1907:(s,o,i)=>{"use strict";var a=i(41505),u=Function.prototype,_=u.call,w=a&&u.bind.bind(_,_);s.exports=a?w:function(s){return function(){return _.apply(s,arguments)}}},2205:function(s,o,i){var a;a=void 0!==i.g?i.g:this,s.exports=function(s){if(s.CSS&&s.CSS.escape)return s.CSS.escape;var cssEscape=function(s){if(0==arguments.length)throw new TypeError("`CSS.escape` requires an argument.");for(var o,i=String(s),a=i.length,u=-1,_="",w=i.charCodeAt(0);++u=1&&o<=31||127==o||0==u&&o>=48&&o<=57||1==u&&o>=48&&o<=57&&45==w?"\\"+o.toString(16)+" ":0==u&&1==a&&45==o||!(o>=128||45==o||95==o||o>=48&&o<=57||o>=65&&o<=90||o>=97&&o<=122)?"\\"+i.charAt(u):i.charAt(u):_+="�";return _};return s.CSS||(s.CSS={}),s.CSS.escape=cssEscape,cssEscape}(a)},2209:(s,o,i)=>{"use strict";var a,u=i(9404),_=function productionTypeChecker(){invariant(!1,"ImmutablePropTypes type checking code is stripped in production.")};_.isRequired=_;var w=function getProductionTypeChecker(){return _};function getPropType(s){var o=typeof s;return Array.isArray(s)?"array":s instanceof RegExp?"object":s instanceof u.Iterable?"Immutable."+s.toSource().split(" ")[0]:o}function createChainableTypeChecker(s){function checkType(o,i,a,u,_,w){for(var x=arguments.length,C=Array(x>6?x-6:0),j=6;j>",null!=i[a]?s.apply(void 0,[i,a,u,_,w].concat(C)):o?new Error("Required "+_+" `"+w+"` was not specified in `"+u+"`."):void 0}var o=checkType.bind(null,!1);return o.isRequired=checkType.bind(null,!0),o}function createIterableSubclassTypeChecker(s,o){return function createImmutableTypeChecker(s,o){return createChainableTypeChecker((function validate(i,a,u,_,w){var x=i[a];if(!o(x)){var C=getPropType(x);return new Error("Invalid "+_+" `"+w+"` of type `"+C+"` supplied to `"+u+"`, expected `"+s+"`.")}return null}))}("Iterable."+s,(function(s){return u.Iterable.isIterable(s)&&o(s)}))}(a={listOf:w,mapOf:w,orderedMapOf:w,setOf:w,orderedSetOf:w,stackOf:w,iterableOf:w,recordOf:w,shape:w,contains:w,mapContains:w,orderedMapContains:w,list:_,map:_,orderedMap:_,set:_,orderedSet:_,stack:_,seq:_,record:_,iterable:_}).iterable.indexed=createIterableSubclassTypeChecker("Indexed",u.Iterable.isIndexed),a.iterable.keyed=createIterableSubclassTypeChecker("Keyed",u.Iterable.isKeyed),s.exports=a},2404:(s,o,i)=>{var a=i(60270);s.exports=function isEqual(s,o){return a(s,o)}},2523:s=>{s.exports=function baseFindIndex(s,o,i,a){for(var u=s.length,_=i+(a?1:-1);a?_--:++_{"use strict";var a=i(45951),u=Object.defineProperty;s.exports=function(s,o){try{u(a,s,{value:o,configurable:!0,writable:!0})}catch(i){a[s]=o}return o}},2694:(s,o,i)=>{"use strict";var a=i(6925);function emptyFunction(){}function emptyFunctionWithReset(){}emptyFunctionWithReset.resetWarningCache=emptyFunction,s.exports=function(){function shim(s,o,i,u,_,w){if(w!==a){var x=new Error("Calling PropTypes validators directly is not supported by the `prop-types` package. Use PropTypes.checkPropTypes() to call them. Read more at http://fb.me/use-check-prop-types");throw x.name="Invariant Violation",x}}function getShim(){return shim}shim.isRequired=shim;var s={array:shim,bigint:shim,bool:shim,func:shim,number:shim,object:shim,string:shim,symbol:shim,any:shim,arrayOf:getShim,element:shim,elementType:shim,instanceOf:getShim,node:shim,objectOf:getShim,oneOf:getShim,oneOfType:getShim,shape:getShim,exact:getShim,checkPropTypes:emptyFunctionWithReset,resetWarningCache:emptyFunction};return s.PropTypes=s,s}},2874:s=>{s.exports={}},2875:(s,o,i)=>{"use strict";var a=i(23045),u=i(80376);s.exports=Object.keys||function keys(s){return a(s,u)}},2955:(s,o,i)=>{"use strict";var a,u=i(65606);function _defineProperty(s,o,i){return(o=function _toPropertyKey(s){var o=function _toPrimitive(s,o){if("object"!=typeof s||null===s)return s;var i=s[Symbol.toPrimitive];if(void 0!==i){var a=i.call(s,o||"default");if("object"!=typeof a)return a;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===o?String:Number)(s)}(s,"string");return"symbol"==typeof o?o:String(o)}(o))in s?Object.defineProperty(s,o,{value:i,enumerable:!0,configurable:!0,writable:!0}):s[o]=i,s}var _=i(86238),w=Symbol("lastResolve"),x=Symbol("lastReject"),C=Symbol("error"),j=Symbol("ended"),L=Symbol("lastPromise"),B=Symbol("handlePromise"),$=Symbol("stream");function createIterResult(s,o){return{value:s,done:o}}function readAndResolve(s){var o=s[w];if(null!==o){var i=s[$].read();null!==i&&(s[L]=null,s[w]=null,s[x]=null,o(createIterResult(i,!1)))}}function onReadable(s){u.nextTick(readAndResolve,s)}var U=Object.getPrototypeOf((function(){})),V=Object.setPrototypeOf((_defineProperty(a={get stream(){return this[$]},next:function next(){var s=this,o=this[C];if(null!==o)return Promise.reject(o);if(this[j])return Promise.resolve(createIterResult(void 0,!0));if(this[$].destroyed)return new Promise((function(o,i){u.nextTick((function(){s[C]?i(s[C]):o(createIterResult(void 0,!0))}))}));var i,a=this[L];if(a)i=new Promise(function wrapForNext(s,o){return function(i,a){s.then((function(){o[j]?i(createIterResult(void 0,!0)):o[B](i,a)}),a)}}(a,this));else{var _=this[$].read();if(null!==_)return Promise.resolve(createIterResult(_,!1));i=new Promise(this[B])}return this[L]=i,i}},Symbol.asyncIterator,(function(){return this})),_defineProperty(a,"return",(function _return(){var s=this;return new Promise((function(o,i){s[$].destroy(null,(function(s){s?i(s):o(createIterResult(void 0,!0))}))}))})),a),U);s.exports=function createReadableStreamAsyncIterator(s){var o,i=Object.create(V,(_defineProperty(o={},$,{value:s,writable:!0}),_defineProperty(o,w,{value:null,writable:!0}),_defineProperty(o,x,{value:null,writable:!0}),_defineProperty(o,C,{value:null,writable:!0}),_defineProperty(o,j,{value:s._readableState.endEmitted,writable:!0}),_defineProperty(o,B,{value:function value(s,o){var a=i[$].read();a?(i[L]=null,i[w]=null,i[x]=null,s(createIterResult(a,!1))):(i[w]=s,i[x]=o)},writable:!0}),o));return i[L]=null,_(s,(function(s){if(s&&"ERR_STREAM_PREMATURE_CLOSE"!==s.code){var o=i[x];return null!==o&&(i[L]=null,i[w]=null,i[x]=null,o(s)),void(i[C]=s)}var a=i[w];null!==a&&(i[L]=null,i[w]=null,i[x]=null,a(createIterResult(void 0,!0))),i[j]=!0})),s.on("readable",onReadable.bind(null,i)),i}},3110:(s,o,i)=>{const a=i(5187),u=i(85015),_=i(98023),w=i(53812),x=i(23805),C=i(85105),j=i(86804);class Namespace{constructor(s){this.elementMap={},this.elementDetection=[],this.Element=j.Element,this.KeyValuePair=j.KeyValuePair,s&&s.noDefault||this.useDefault(),this._attributeElementKeys=[],this._attributeElementArrayKeys=[]}use(s){return s.namespace&&s.namespace({base:this}),s.load&&s.load({base:this}),this}useDefault(){return this.register("null",j.NullElement).register("string",j.StringElement).register("number",j.NumberElement).register("boolean",j.BooleanElement).register("array",j.ArrayElement).register("object",j.ObjectElement).register("member",j.MemberElement).register("ref",j.RefElement).register("link",j.LinkElement),this.detect(a,j.NullElement,!1).detect(u,j.StringElement,!1).detect(_,j.NumberElement,!1).detect(w,j.BooleanElement,!1).detect(Array.isArray,j.ArrayElement,!1).detect(x,j.ObjectElement,!1),this}register(s,o){return this._elements=void 0,this.elementMap[s]=o,this}unregister(s){return this._elements=void 0,delete this.elementMap[s],this}detect(s,o,i){return void 0===i||i?this.elementDetection.unshift([s,o]):this.elementDetection.push([s,o]),this}toElement(s){if(s instanceof this.Element)return s;let o;for(let i=0;i{const o=s[0].toUpperCase()+s.substr(1);this._elements[o]=this.elementMap[s]}))),this._elements}get serialiser(){return new C(this)}}C.prototype.Namespace=Namespace,s.exports=Namespace},3121:(s,o,i)=>{"use strict";var a=i(65482),u=Math.min;s.exports=function(s){var o=a(s);return o>0?u(o,9007199254740991):0}},3209:(s,o,i)=>{var a=i(91596),u=i(53320),_=i(36306),w="__lodash_placeholder__",x=128,C=Math.min;s.exports=function mergeData(s,o){var i=s[1],j=o[1],L=i|j,B=L<131,$=j==x&&8==i||j==x&&256==i&&s[7].length<=o[8]||384==j&&o[7].length<=o[8]&&8==i;if(!B&&!$)return s;1&j&&(s[2]=o[2],L|=1&i?0:4);var U=o[3];if(U){var V=s[3];s[3]=V?a(V,U,o[4]):U,s[4]=V?_(s[3],w):o[4]}return(U=o[5])&&(V=s[5],s[5]=V?u(V,U,o[6]):U,s[6]=V?_(s[5],w):o[6]),(U=o[7])&&(s[7]=U),j&x&&(s[8]=null==s[8]?o[8]:C(s[8],o[8])),null==s[9]&&(s[9]=o[9]),s[0]=o[0],s[1]=L,s}},3650:(s,o,i)=>{var a=i(74335)(Object.keys,Object);s.exports=a},3656:(s,o,i)=>{s=i.nmd(s);var a=i(9325),u=i(89935),_=o&&!o.nodeType&&o,w=_&&s&&!s.nodeType&&s,x=w&&w.exports===_?a.Buffer:void 0,C=(x?x.isBuffer:void 0)||u;s.exports=C},4509:(s,o,i)=>{var a=i(12651);s.exports=function mapCacheHas(s){return a(this,s).has(s)}},4640:s=>{"use strict";var o=String;s.exports=function(s){try{return o(s)}catch(s){return"Object"}}},4664:(s,o,i)=>{var a=i(79770),u=i(63345),_=Object.prototype.propertyIsEnumerable,w=Object.getOwnPropertySymbols,x=w?function(s){return null==s?[]:(s=Object(s),a(w(s),(function(o){return _.call(s,o)})))}:u;s.exports=x},4901:(s,o,i)=>{var a=i(72552),u=i(30294),_=i(40346),w={};w["[object Float32Array]"]=w["[object Float64Array]"]=w["[object Int8Array]"]=w["[object Int16Array]"]=w["[object Int32Array]"]=w["[object Uint8Array]"]=w["[object Uint8ClampedArray]"]=w["[object Uint16Array]"]=w["[object Uint32Array]"]=!0,w["[object Arguments]"]=w["[object Array]"]=w["[object ArrayBuffer]"]=w["[object Boolean]"]=w["[object DataView]"]=w["[object Date]"]=w["[object Error]"]=w["[object Function]"]=w["[object Map]"]=w["[object Number]"]=w["[object Object]"]=w["[object RegExp]"]=w["[object Set]"]=w["[object String]"]=w["[object WeakMap]"]=!1,s.exports=function baseIsTypedArray(s){return _(s)&&u(s.length)&&!!w[a(s)]}},4993:(s,o,i)=>{"use strict";var a=i(16946),u=i(74239);s.exports=function(s){return a(u(s))}},5187:s=>{s.exports=function isNull(s){return null===s}},5419:s=>{s.exports=function(s,o,i,a){var u=new Blob(void 0!==a?[a,s]:[s],{type:i||"application/octet-stream"});if(void 0!==window.navigator.msSaveBlob)window.navigator.msSaveBlob(u,o);else{var _=window.URL&&window.URL.createObjectURL?window.URL.createObjectURL(u):window.webkitURL.createObjectURL(u),w=document.createElement("a");w.style.display="none",w.href=_,w.setAttribute("download",o),void 0===w.download&&w.setAttribute("target","_blank"),document.body.appendChild(w),w.click(),setTimeout((function(){document.body.removeChild(w),window.URL.revokeObjectURL(_)}),200)}}},5556:(s,o,i)=>{s.exports=i(2694)()},5861:(s,o,i)=>{var a=i(55580),u=i(68223),_=i(32804),w=i(76545),x=i(28303),C=i(72552),j=i(47473),L="[object Map]",B="[object Promise]",$="[object Set]",U="[object WeakMap]",V="[object DataView]",z=j(a),Y=j(u),Z=j(_),ee=j(w),ie=j(x),ae=C;(a&&ae(new a(new ArrayBuffer(1)))!=V||u&&ae(new u)!=L||_&&ae(_.resolve())!=B||w&&ae(new w)!=$||x&&ae(new x)!=U)&&(ae=function(s){var o=C(s),i="[object Object]"==o?s.constructor:void 0,a=i?j(i):"";if(a)switch(a){case z:return V;case Y:return L;case Z:return B;case ee:return $;case ie:return U}return o}),s.exports=ae},6048:s=>{s.exports=function negate(s){if("function"!=typeof s)throw new TypeError("Expected a function");return function(){var o=arguments;switch(o.length){case 0:return!s.call(this);case 1:return!s.call(this,o[0]);case 2:return!s.call(this,o[0],o[1]);case 3:return!s.call(this,o[0],o[1],o[2])}return!s.apply(this,o)}}},6188:s=>{"use strict";s.exports=Math.max},6205:s=>{s.exports={ROOT:0,GROUP:1,POSITION:2,SET:3,RANGE:4,REPETITION:5,REFERENCE:6,CHAR:7}},6233:(s,o,i)=>{const a=i(6048),u=i(10316),_=i(92340);class ArrayElement extends u{constructor(s,o,i){super(s||[],o,i),this.element="array"}primitive(){return"array"}get(s){return this.content[s]}getValue(s){const o=this.get(s);if(o)return o.toValue()}getIndex(s){return this.content[s]}set(s,o){return this.content[s]=this.refract(o),this}remove(s){const o=this.content.splice(s,1);return o.length?o[0]:null}map(s,o){return this.content.map(s,o)}flatMap(s,o){return this.map(s,o).reduce(((s,o)=>s.concat(o)),[])}compactMap(s,o){const i=[];return this.forEach((a=>{const u=s.bind(o)(a);u&&i.push(u)})),i}filter(s,o){return new _(this.content.filter(s,o))}reject(s,o){return this.filter(a(s),o)}reduce(s,o){let i,a;void 0!==o?(i=0,a=this.refract(o)):(i=1,a="object"===this.primitive()?this.first.value:this.first);for(let o=i;o{s.bind(o)(i,this.refract(a))}))}shift(){return this.content.shift()}unshift(s){this.content.unshift(this.refract(s))}push(s){return this.content.push(this.refract(s)),this}add(s){this.push(s)}findElements(s,o){const i=o||{},a=!!i.recursive,u=void 0===i.results?[]:i.results;return this.forEach(((o,i,_)=>{a&&void 0!==o.findElements&&o.findElements(s,{results:u,recursive:a}),s(o,i,_)&&u.push(o)})),u}find(s){return new _(this.findElements(s,{recursive:!0}))}findByElement(s){return this.find((o=>o.element===s))}findByClass(s){return this.find((o=>o.classes.includes(s)))}getById(s){return this.find((o=>o.id.toValue()===s)).first}includes(s){return this.content.some((o=>o.equals(s)))}contains(s){return this.includes(s)}empty(){return new this.constructor([])}"fantasy-land/empty"(){return this.empty()}concat(s){return new this.constructor(this.content.concat(s.content))}"fantasy-land/concat"(s){return this.concat(s)}"fantasy-land/map"(s){return new this.constructor(this.map(s))}"fantasy-land/chain"(s){return this.map((o=>s(o)),this).reduce(((s,o)=>s.concat(o)),this.empty())}"fantasy-land/filter"(s){return new this.constructor(this.content.filter(s))}"fantasy-land/reduce"(s,o){return this.content.reduce(s,o)}get length(){return this.content.length}get isEmpty(){return 0===this.content.length}get first(){return this.getIndex(0)}get second(){return this.getIndex(1)}get last(){return this.getIndex(this.length-1)}}ArrayElement.empty=function empty(){return new this},ArrayElement["fantasy-land/empty"]=ArrayElement.empty,"undefined"!=typeof Symbol&&(ArrayElement.prototype[Symbol.iterator]=function symbol(){return this.content[Symbol.iterator]()}),s.exports=ArrayElement},6499:(s,o,i)=>{"use strict";var a=i(1907),u=0,_=Math.random(),w=a(1..toString);s.exports=function(s){return"Symbol("+(void 0===s?"":s)+")_"+w(++u+_,36)}},6549:s=>{"use strict";s.exports=Object.getOwnPropertyDescriptor},6925:s=>{"use strict";s.exports="SECRET_DO_NOT_PASS_THIS_OR_YOU_WILL_BE_FIRED"},7057:(s,o,i)=>{"use strict";var a=i(11470).charAt,u=i(90160),_=i(64932),w=i(60183),x=i(59550),C="String Iterator",j=_.set,L=_.getterFor(C);w(String,"String",(function(s){j(this,{type:C,string:u(s),index:0})}),(function next(){var s,o=L(this),i=o.string,u=o.index;return u>=i.length?x(void 0,!0):(s=a(i,u),o.index+=s.length,x(s,!1))}))},7176:(s,o,i)=>{"use strict";var a,u=i(73126),_=i(75795);try{a=[].__proto__===Array.prototype}catch(s){if(!s||"object"!=typeof s||!("code"in s)||"ERR_PROTO_ACCESS"!==s.code)throw s}var w=!!a&&_&&_(Object.prototype,"__proto__"),x=Object,C=x.getPrototypeOf;s.exports=w&&"function"==typeof w.get?u([w.get]):"function"==typeof C&&function getDunder(s){return C(null==s?s:x(s))}},7309:(s,o,i)=>{var a=i(62006)(i(24713));s.exports=a},7376:s=>{"use strict";s.exports=!0},7463:(s,o,i)=>{"use strict";var a=i(98828),u=i(62250),_=/#|\.prototype\./,isForced=function(s,o){var i=x[w(s)];return i===j||i!==C&&(u(o)?a(o):!!o)},w=isForced.normalize=function(s){return String(s).replace(_,".").toLowerCase()},x=isForced.data={},C=isForced.NATIVE="N",j=isForced.POLYFILL="P";s.exports=isForced},7666:(s,o,i)=>{var a=i(84851),u=i(953);function _extends(){var o;return s.exports=_extends=a?u(o=a).call(o):function(s){for(var o=1;o{const a=i(6205);o.wordBoundary=()=>({type:a.POSITION,value:"b"}),o.nonWordBoundary=()=>({type:a.POSITION,value:"B"}),o.begin=()=>({type:a.POSITION,value:"^"}),o.end=()=>({type:a.POSITION,value:"$"})},8068:s=>{"use strict";var o=(()=>{var s=Object.defineProperty,o=Object.getOwnPropertyDescriptor,i=Object.getOwnPropertyNames,a=Object.getOwnPropertySymbols,u=Object.prototype.hasOwnProperty,_=Object.prototype.propertyIsEnumerable,__defNormalProp=(o,i,a)=>i in o?s(o,i,{enumerable:!0,configurable:!0,writable:!0,value:a}):o[i]=a,__spreadValues=(s,o)=>{for(var i in o||(o={}))u.call(o,i)&&__defNormalProp(s,i,o[i]);if(a)for(var i of a(o))_.call(o,i)&&__defNormalProp(s,i,o[i]);return s},__publicField=(s,o,i)=>__defNormalProp(s,"symbol"!=typeof o?o+"":o,i),w={};((o,i)=>{for(var a in i)s(o,a,{get:i[a],enumerable:!0})})(w,{DEFAULT_OPTIONS:()=>C,DEFAULT_UUID_LENGTH:()=>x,default:()=>B});var x=6,C={dictionary:"alphanum",shuffle:!0,debug:!1,length:x,counter:0},j=class _ShortUniqueId{constructor(s={}){__publicField(this,"counter"),__publicField(this,"debug"),__publicField(this,"dict"),__publicField(this,"version"),__publicField(this,"dictIndex",0),__publicField(this,"dictRange",[]),__publicField(this,"lowerBound",0),__publicField(this,"upperBound",0),__publicField(this,"dictLength",0),__publicField(this,"uuidLength"),__publicField(this,"_digit_first_ascii",48),__publicField(this,"_digit_last_ascii",58),__publicField(this,"_alpha_lower_first_ascii",97),__publicField(this,"_alpha_lower_last_ascii",123),__publicField(this,"_hex_last_ascii",103),__publicField(this,"_alpha_upper_first_ascii",65),__publicField(this,"_alpha_upper_last_ascii",91),__publicField(this,"_number_dict_ranges",{digits:[this._digit_first_ascii,this._digit_last_ascii]}),__publicField(this,"_alpha_dict_ranges",{lowerCase:[this._alpha_lower_first_ascii,this._alpha_lower_last_ascii],upperCase:[this._alpha_upper_first_ascii,this._alpha_upper_last_ascii]}),__publicField(this,"_alpha_lower_dict_ranges",{lowerCase:[this._alpha_lower_first_ascii,this._alpha_lower_last_ascii]}),__publicField(this,"_alpha_upper_dict_ranges",{upperCase:[this._alpha_upper_first_ascii,this._alpha_upper_last_ascii]}),__publicField(this,"_alphanum_dict_ranges",{digits:[this._digit_first_ascii,this._digit_last_ascii],lowerCase:[this._alpha_lower_first_ascii,this._alpha_lower_last_ascii],upperCase:[this._alpha_upper_first_ascii,this._alpha_upper_last_ascii]}),__publicField(this,"_alphanum_lower_dict_ranges",{digits:[this._digit_first_ascii,this._digit_last_ascii],lowerCase:[this._alpha_lower_first_ascii,this._alpha_lower_last_ascii]}),__publicField(this,"_alphanum_upper_dict_ranges",{digits:[this._digit_first_ascii,this._digit_last_ascii],upperCase:[this._alpha_upper_first_ascii,this._alpha_upper_last_ascii]}),__publicField(this,"_hex_dict_ranges",{decDigits:[this._digit_first_ascii,this._digit_last_ascii],alphaDigits:[this._alpha_lower_first_ascii,this._hex_last_ascii]}),__publicField(this,"_dict_ranges",{_number_dict_ranges:this._number_dict_ranges,_alpha_dict_ranges:this._alpha_dict_ranges,_alpha_lower_dict_ranges:this._alpha_lower_dict_ranges,_alpha_upper_dict_ranges:this._alpha_upper_dict_ranges,_alphanum_dict_ranges:this._alphanum_dict_ranges,_alphanum_lower_dict_ranges:this._alphanum_lower_dict_ranges,_alphanum_upper_dict_ranges:this._alphanum_upper_dict_ranges,_hex_dict_ranges:this._hex_dict_ranges}),__publicField(this,"log",((...s)=>{const o=[...s];o[0]="[short-unique-id] ".concat(s[0]),!0!==this.debug||"undefined"==typeof console||null===console||console.log(...o)})),__publicField(this,"_normalizeDictionary",((s,o)=>{let i;if(s&&Array.isArray(s)&&s.length>1)i=s;else{i=[],this.dictIndex=0;const o="_".concat(s,"_dict_ranges"),a=this._dict_ranges[o];let u=0;for(const[,s]of Object.entries(a)){const[o,i]=s;u+=Math.abs(i-o)}i=new Array(u);let _=0;for(const[,s]of Object.entries(a)){this.dictRange=s,this.lowerBound=this.dictRange[0],this.upperBound=this.dictRange[1];const o=this.lowerBound<=this.upperBound,a=this.lowerBound,u=this.upperBound;if(o)for(let s=a;su;s--)i[_++]=String.fromCharCode(s),this.dictIndex=s}i.length=_}if(o){for(let s=i.length-1;s>0;s--){const o=Math.floor(Math.random()*(s+1));[i[s],i[o]]=[i[o],i[s]]}}return i})),__publicField(this,"setDictionary",((s,o)=>{this.dict=this._normalizeDictionary(s,o),this.dictLength=this.dict.length,this.setCounter(0)})),__publicField(this,"seq",(()=>this.sequentialUUID())),__publicField(this,"sequentialUUID",(()=>{const s=this.dictLength,o=this.dict;let i=this.counter;const a=[];do{const u=i%s;i=Math.trunc(i/s),a.push(o[u])}while(0!==i);const u=a.join("");return this.counter+=1,u})),__publicField(this,"rnd",((s=this.uuidLength||x)=>this.randomUUID(s))),__publicField(this,"randomUUID",((s=this.uuidLength||x)=>{if(null==s||s<1)throw new Error("Invalid UUID Length Provided");const o=new Array(s),i=this.dictLength,a=this.dict;for(let u=0;uthis.formattedUUID(s,o))),__publicField(this,"formattedUUID",((s,o)=>{const i={$r:this.randomUUID,$s:this.sequentialUUID,$t:this.stamp};return s.replace(/\$[rs]\d{0,}|\$t0|\$t[1-9]\d{1,}/g,(s=>{const a=s.slice(0,2),u=Number.parseInt(s.slice(2),10);return"$s"===a?i[a]().padStart(u,"0"):"$t"===a&&o?i[a](u,o):i[a](u)}))})),__publicField(this,"availableUUIDs",((s=this.uuidLength)=>Number.parseFloat(([...new Set(this.dict)].length**s).toFixed(0)))),__publicField(this,"_collisionCache",new Map),__publicField(this,"approxMaxBeforeCollision",((s=this.availableUUIDs(this.uuidLength))=>{const o=s,i=this._collisionCache.get(o);if(void 0!==i)return i;const a=Number.parseFloat(Math.sqrt(Math.PI/2*s).toFixed(20));return this._collisionCache.set(o,a),a})),__publicField(this,"collisionProbability",((s=this.availableUUIDs(this.uuidLength),o=this.uuidLength)=>Number.parseFloat((this.approxMaxBeforeCollision(s)/this.availableUUIDs(o)).toFixed(20)))),__publicField(this,"uniqueness",((s=this.availableUUIDs(this.uuidLength))=>{const o=Number.parseFloat((1-this.approxMaxBeforeCollision(s)/s).toFixed(20));return o>1?1:o<0?0:o})),__publicField(this,"getVersion",(()=>this.version)),__publicField(this,"stamp",((s,o)=>{const i=Math.floor(+(o||new Date)/1e3).toString(16);if("number"==typeof s&&0===s)return i;if("number"!=typeof s||s<10)throw new Error(["Param finalLength must be a number greater than or equal to 10,","or 0 if you want the raw hexadecimal timestamp"].join("\n"));const a=s-9,u=Math.round(Math.random()*(a>15?15:a)),_=this.randomUUID(a);return"".concat(_.substring(0,u)).concat(i).concat(_.substring(u)).concat(u.toString(16))})),__publicField(this,"parseStamp",((s,o)=>{if(o&&!/t0|t[1-9]\d{1,}/.test(o))throw new Error("Cannot extract date from a formated UUID with no timestamp in the format");const i=o?o.replace(/\$[rs]\d{0,}|\$t0|\$t[1-9]\d{1,}/g,(s=>{const o={$r:s=>[...Array(s)].map((()=>"r")).join(""),$s:s=>[...Array(s)].map((()=>"s")).join(""),$t:s=>[...Array(s)].map((()=>"t")).join("")},i=s.slice(0,2),a=Number.parseInt(s.slice(2),10);return o[i](a)})).replace(/^(.*?)(t{8,})(.*)$/g,((o,i,a)=>s.substring(i.length,i.length+a.length))):s;if(8===i.length)return new Date(1e3*Number.parseInt(i,16));if(i.length<10)throw new Error("Stamp length invalid");const a=Number.parseInt(i.substring(i.length-1),16);return new Date(1e3*Number.parseInt(i.substring(a,a+8),16))})),__publicField(this,"setCounter",(s=>{this.counter=s})),__publicField(this,"validate",((s,o)=>{const i=o?this._normalizeDictionary(o):this.dict;return s.split("").every((s=>i.includes(s)))}));const o=__spreadValues(__spreadValues({},C),s);this.counter=0,this.debug=!1,this.dict=[],this.version="5.3.2";const{dictionary:i,shuffle:a,length:u,counter:_}=o;this.uuidLength=u,this.setDictionary(i,a),this.setCounter(_),this.debug=o.debug,this.log(this.dict),this.log("Generator instantiated with Dictionary Size ".concat(this.dictLength," and counter set to ").concat(this.counter)),this.log=this.log.bind(this),this.setDictionary=this.setDictionary.bind(this),this.setCounter=this.setCounter.bind(this),this.seq=this.seq.bind(this),this.sequentialUUID=this.sequentialUUID.bind(this),this.rnd=this.rnd.bind(this),this.randomUUID=this.randomUUID.bind(this),this.fmt=this.fmt.bind(this),this.formattedUUID=this.formattedUUID.bind(this),this.availableUUIDs=this.availableUUIDs.bind(this),this.approxMaxBeforeCollision=this.approxMaxBeforeCollision.bind(this),this.collisionProbability=this.collisionProbability.bind(this),this.uniqueness=this.uniqueness.bind(this),this.getVersion=this.getVersion.bind(this),this.stamp=this.stamp.bind(this),this.parseStamp=this.parseStamp.bind(this)}};__publicField(j,"default",j);var L,B=j;return L=w,((a,_,w,x)=>{if(_&&"object"==typeof _||"function"==typeof _)for(let C of i(_))u.call(a,C)||C===w||s(a,C,{get:()=>_[C],enumerable:!(x=o(_,C))||x.enumerable});return a})(s({},"__esModule",{value:!0}),L)})();s.exports=o.default,"undefined"!=typeof window&&(o=o.default)},9325:(s,o,i)=>{var a=i(34840),u="object"==typeof self&&self&&self.Object===Object&&self,_=a||u||Function("return this")();s.exports=_},9404:function(s){s.exports=function(){"use strict";var s=Array.prototype.slice;function createClass(s,o){o&&(s.prototype=Object.create(o.prototype)),s.prototype.constructor=s}function Iterable(s){return isIterable(s)?s:Seq(s)}function KeyedIterable(s){return isKeyed(s)?s:KeyedSeq(s)}function IndexedIterable(s){return isIndexed(s)?s:IndexedSeq(s)}function SetIterable(s){return isIterable(s)&&!isAssociative(s)?s:SetSeq(s)}function isIterable(s){return!(!s||!s[o])}function isKeyed(s){return!(!s||!s[i])}function isIndexed(s){return!(!s||!s[a])}function isAssociative(s){return isKeyed(s)||isIndexed(s)}function isOrdered(s){return!(!s||!s[u])}createClass(KeyedIterable,Iterable),createClass(IndexedIterable,Iterable),createClass(SetIterable,Iterable),Iterable.isIterable=isIterable,Iterable.isKeyed=isKeyed,Iterable.isIndexed=isIndexed,Iterable.isAssociative=isAssociative,Iterable.isOrdered=isOrdered,Iterable.Keyed=KeyedIterable,Iterable.Indexed=IndexedIterable,Iterable.Set=SetIterable;var o="@@__IMMUTABLE_ITERABLE__@@",i="@@__IMMUTABLE_KEYED__@@",a="@@__IMMUTABLE_INDEXED__@@",u="@@__IMMUTABLE_ORDERED__@@",_="delete",w=5,x=1<>>0;if(""+i!==o||4294967295===i)return NaN;o=i}return o<0?ensureSize(s)+o:o}function returnTrue(){return!0}function wholeSlice(s,o,i){return(0===s||void 0!==i&&s<=-i)&&(void 0===o||void 0!==i&&o>=i)}function resolveBegin(s,o){return resolveIndex(s,o,0)}function resolveEnd(s,o){return resolveIndex(s,o,o)}function resolveIndex(s,o,i){return void 0===s?i:s<0?Math.max(0,o+s):void 0===o?s:Math.min(o,s)}var $=0,U=1,V=2,z="function"==typeof Symbol&&Symbol.iterator,Y="@@iterator",Z=z||Y;function Iterator(s){this.next=s}function iteratorValue(s,o,i,a){var u=0===s?o:1===s?i:[o,i];return a?a.value=u:a={value:u,done:!1},a}function iteratorDone(){return{value:void 0,done:!0}}function hasIterator(s){return!!getIteratorFn(s)}function isIterator(s){return s&&"function"==typeof s.next}function getIterator(s){var o=getIteratorFn(s);return o&&o.call(s)}function getIteratorFn(s){var o=s&&(z&&s[z]||s[Y]);if("function"==typeof o)return o}function isArrayLike(s){return s&&"number"==typeof s.length}function Seq(s){return null==s?emptySequence():isIterable(s)?s.toSeq():seqFromValue(s)}function KeyedSeq(s){return null==s?emptySequence().toKeyedSeq():isIterable(s)?isKeyed(s)?s.toSeq():s.fromEntrySeq():keyedSeqFromValue(s)}function IndexedSeq(s){return null==s?emptySequence():isIterable(s)?isKeyed(s)?s.entrySeq():s.toIndexedSeq():indexedSeqFromValue(s)}function SetSeq(s){return(null==s?emptySequence():isIterable(s)?isKeyed(s)?s.entrySeq():s:indexedSeqFromValue(s)).toSetSeq()}Iterator.prototype.toString=function(){return"[Iterator]"},Iterator.KEYS=$,Iterator.VALUES=U,Iterator.ENTRIES=V,Iterator.prototype.inspect=Iterator.prototype.toSource=function(){return this.toString()},Iterator.prototype[Z]=function(){return this},createClass(Seq,Iterable),Seq.of=function(){return Seq(arguments)},Seq.prototype.toSeq=function(){return this},Seq.prototype.toString=function(){return this.__toString("Seq {","}")},Seq.prototype.cacheResult=function(){return!this._cache&&this.__iterateUncached&&(this._cache=this.entrySeq().toArray(),this.size=this._cache.length),this},Seq.prototype.__iterate=function(s,o){return seqIterate(this,s,o,!0)},Seq.prototype.__iterator=function(s,o){return seqIterator(this,s,o,!0)},createClass(KeyedSeq,Seq),KeyedSeq.prototype.toKeyedSeq=function(){return this},createClass(IndexedSeq,Seq),IndexedSeq.of=function(){return IndexedSeq(arguments)},IndexedSeq.prototype.toIndexedSeq=function(){return this},IndexedSeq.prototype.toString=function(){return this.__toString("Seq [","]")},IndexedSeq.prototype.__iterate=function(s,o){return seqIterate(this,s,o,!1)},IndexedSeq.prototype.__iterator=function(s,o){return seqIterator(this,s,o,!1)},createClass(SetSeq,Seq),SetSeq.of=function(){return SetSeq(arguments)},SetSeq.prototype.toSetSeq=function(){return this},Seq.isSeq=isSeq,Seq.Keyed=KeyedSeq,Seq.Set=SetSeq,Seq.Indexed=IndexedSeq;var ee,ie,ae,ce="@@__IMMUTABLE_SEQ__@@";function ArraySeq(s){this._array=s,this.size=s.length}function ObjectSeq(s){var o=Object.keys(s);this._object=s,this._keys=o,this.size=o.length}function IterableSeq(s){this._iterable=s,this.size=s.length||s.size}function IteratorSeq(s){this._iterator=s,this._iteratorCache=[]}function isSeq(s){return!(!s||!s[ce])}function emptySequence(){return ee||(ee=new ArraySeq([]))}function keyedSeqFromValue(s){var o=Array.isArray(s)?new ArraySeq(s).fromEntrySeq():isIterator(s)?new IteratorSeq(s).fromEntrySeq():hasIterator(s)?new IterableSeq(s).fromEntrySeq():"object"==typeof s?new ObjectSeq(s):void 0;if(!o)throw new TypeError("Expected Array or iterable object of [k, v] entries, or keyed object: "+s);return o}function indexedSeqFromValue(s){var o=maybeIndexedSeqFromValue(s);if(!o)throw new TypeError("Expected Array or iterable object of values: "+s);return o}function seqFromValue(s){var o=maybeIndexedSeqFromValue(s)||"object"==typeof s&&new ObjectSeq(s);if(!o)throw new TypeError("Expected Array or iterable object of values, or keyed object: "+s);return o}function maybeIndexedSeqFromValue(s){return isArrayLike(s)?new ArraySeq(s):isIterator(s)?new IteratorSeq(s):hasIterator(s)?new IterableSeq(s):void 0}function seqIterate(s,o,i,a){var u=s._cache;if(u){for(var _=u.length-1,w=0;w<=_;w++){var x=u[i?_-w:w];if(!1===o(x[1],a?x[0]:w,s))return w+1}return w}return s.__iterateUncached(o,i)}function seqIterator(s,o,i,a){var u=s._cache;if(u){var _=u.length-1,w=0;return new Iterator((function(){var s=u[i?_-w:w];return w++>_?iteratorDone():iteratorValue(o,a?s[0]:w-1,s[1])}))}return s.__iteratorUncached(o,i)}function fromJS(s,o){return o?fromJSWith(o,s,"",{"":s}):fromJSDefault(s)}function fromJSWith(s,o,i,a){return Array.isArray(o)?s.call(a,i,IndexedSeq(o).map((function(i,a){return fromJSWith(s,i,a,o)}))):isPlainObj(o)?s.call(a,i,KeyedSeq(o).map((function(i,a){return fromJSWith(s,i,a,o)}))):o}function fromJSDefault(s){return Array.isArray(s)?IndexedSeq(s).map(fromJSDefault).toList():isPlainObj(s)?KeyedSeq(s).map(fromJSDefault).toMap():s}function isPlainObj(s){return s&&(s.constructor===Object||void 0===s.constructor)}function is(s,o){if(s===o||s!=s&&o!=o)return!0;if(!s||!o)return!1;if("function"==typeof s.valueOf&&"function"==typeof o.valueOf){if((s=s.valueOf())===(o=o.valueOf())||s!=s&&o!=o)return!0;if(!s||!o)return!1}return!("function"!=typeof s.equals||"function"!=typeof o.equals||!s.equals(o))}function deepEqual(s,o){if(s===o)return!0;if(!isIterable(o)||void 0!==s.size&&void 0!==o.size&&s.size!==o.size||void 0!==s.__hash&&void 0!==o.__hash&&s.__hash!==o.__hash||isKeyed(s)!==isKeyed(o)||isIndexed(s)!==isIndexed(o)||isOrdered(s)!==isOrdered(o))return!1;if(0===s.size&&0===o.size)return!0;var i=!isAssociative(s);if(isOrdered(s)){var a=s.entries();return o.every((function(s,o){var u=a.next().value;return u&&is(u[1],s)&&(i||is(u[0],o))}))&&a.next().done}var u=!1;if(void 0===s.size)if(void 0===o.size)"function"==typeof s.cacheResult&&s.cacheResult();else{u=!0;var _=s;s=o,o=_}var w=!0,x=o.__iterate((function(o,a){if(i?!s.has(o):u?!is(o,s.get(a,j)):!is(s.get(a,j),o))return w=!1,!1}));return w&&s.size===x}function Repeat(s,o){if(!(this instanceof Repeat))return new Repeat(s,o);if(this._value=s,this.size=void 0===o?1/0:Math.max(0,o),0===this.size){if(ie)return ie;ie=this}}function invariant(s,o){if(!s)throw new Error(o)}function Range(s,o,i){if(!(this instanceof Range))return new Range(s,o,i);if(invariant(0!==i,"Cannot step a Range by 0"),s=s||0,void 0===o&&(o=1/0),i=void 0===i?1:Math.abs(i),oa?iteratorDone():iteratorValue(s,u,i[o?a-u++:u++])}))},createClass(ObjectSeq,KeyedSeq),ObjectSeq.prototype.get=function(s,o){return void 0===o||this.has(s)?this._object[s]:o},ObjectSeq.prototype.has=function(s){return this._object.hasOwnProperty(s)},ObjectSeq.prototype.__iterate=function(s,o){for(var i=this._object,a=this._keys,u=a.length-1,_=0;_<=u;_++){var w=a[o?u-_:_];if(!1===s(i[w],w,this))return _+1}return _},ObjectSeq.prototype.__iterator=function(s,o){var i=this._object,a=this._keys,u=a.length-1,_=0;return new Iterator((function(){var w=a[o?u-_:_];return _++>u?iteratorDone():iteratorValue(s,w,i[w])}))},ObjectSeq.prototype[u]=!0,createClass(IterableSeq,IndexedSeq),IterableSeq.prototype.__iterateUncached=function(s,o){if(o)return this.cacheResult().__iterate(s,o);var i=getIterator(this._iterable),a=0;if(isIterator(i))for(var u;!(u=i.next()).done&&!1!==s(u.value,a++,this););return a},IterableSeq.prototype.__iteratorUncached=function(s,o){if(o)return this.cacheResult().__iterator(s,o);var i=getIterator(this._iterable);if(!isIterator(i))return new Iterator(iteratorDone);var a=0;return new Iterator((function(){var o=i.next();return o.done?o:iteratorValue(s,a++,o.value)}))},createClass(IteratorSeq,IndexedSeq),IteratorSeq.prototype.__iterateUncached=function(s,o){if(o)return this.cacheResult().__iterate(s,o);for(var i,a=this._iterator,u=this._iteratorCache,_=0;_=a.length){var o=i.next();if(o.done)return o;a[u]=o.value}return iteratorValue(s,u,a[u++])}))},createClass(Repeat,IndexedSeq),Repeat.prototype.toString=function(){return 0===this.size?"Repeat []":"Repeat [ "+this._value+" "+this.size+" times ]"},Repeat.prototype.get=function(s,o){return this.has(s)?this._value:o},Repeat.prototype.includes=function(s){return is(this._value,s)},Repeat.prototype.slice=function(s,o){var i=this.size;return wholeSlice(s,o,i)?this:new Repeat(this._value,resolveEnd(o,i)-resolveBegin(s,i))},Repeat.prototype.reverse=function(){return this},Repeat.prototype.indexOf=function(s){return is(this._value,s)?0:-1},Repeat.prototype.lastIndexOf=function(s){return is(this._value,s)?this.size:-1},Repeat.prototype.__iterate=function(s,o){for(var i=0;i=0&&o=0&&ii?iteratorDone():iteratorValue(s,_++,w)}))},Range.prototype.equals=function(s){return s instanceof Range?this._start===s._start&&this._end===s._end&&this._step===s._step:deepEqual(this,s)},createClass(Collection,Iterable),createClass(KeyedCollection,Collection),createClass(IndexedCollection,Collection),createClass(SetCollection,Collection),Collection.Keyed=KeyedCollection,Collection.Indexed=IndexedCollection,Collection.Set=SetCollection;var le="function"==typeof Math.imul&&-2===Math.imul(4294967295,2)?Math.imul:function imul(s,o){var i=65535&(s|=0),a=65535&(o|=0);return i*a+((s>>>16)*a+i*(o>>>16)<<16>>>0)|0};function smi(s){return s>>>1&1073741824|3221225471&s}function hash(s){if(!1===s||null==s)return 0;if("function"==typeof s.valueOf&&(!1===(s=s.valueOf())||null==s))return 0;if(!0===s)return 1;var o=typeof s;if("number"===o){if(s!=s||s===1/0)return 0;var i=0|s;for(i!==s&&(i^=4294967295*s);s>4294967295;)i^=s/=4294967295;return smi(i)}if("string"===o)return s.length>Se?cachedHashString(s):hashString(s);if("function"==typeof s.hashCode)return s.hashCode();if("object"===o)return hashJSObj(s);if("function"==typeof s.toString)return hashString(s.toString());throw new Error("Value type "+o+" cannot be hashed.")}function cachedHashString(s){var o=Pe[s];return void 0===o&&(o=hashString(s),xe===we&&(xe=0,Pe={}),xe++,Pe[s]=o),o}function hashString(s){for(var o=0,i=0;i0)switch(s.nodeType){case 1:return s.uniqueID;case 9:return s.documentElement&&s.documentElement.uniqueID}}var fe,ye="function"==typeof WeakMap;ye&&(fe=new WeakMap);var be=0,_e="__immutablehash__";"function"==typeof Symbol&&(_e=Symbol(_e));var Se=16,we=255,xe=0,Pe={};function assertNotInfinite(s){invariant(s!==1/0,"Cannot perform this action with an infinite size.")}function Map(s){return null==s?emptyMap():isMap(s)&&!isOrdered(s)?s:emptyMap().withMutations((function(o){var i=KeyedIterable(s);assertNotInfinite(i.size),i.forEach((function(s,i){return o.set(i,s)}))}))}function isMap(s){return!(!s||!s[Re])}createClass(Map,KeyedCollection),Map.of=function(){var o=s.call(arguments,0);return emptyMap().withMutations((function(s){for(var i=0;i=o.length)throw new Error("Missing value for key: "+o[i]);s.set(o[i],o[i+1])}}))},Map.prototype.toString=function(){return this.__toString("Map {","}")},Map.prototype.get=function(s,o){return this._root?this._root.get(0,void 0,s,o):o},Map.prototype.set=function(s,o){return updateMap(this,s,o)},Map.prototype.setIn=function(s,o){return this.updateIn(s,j,(function(){return o}))},Map.prototype.remove=function(s){return updateMap(this,s,j)},Map.prototype.deleteIn=function(s){return this.updateIn(s,(function(){return j}))},Map.prototype.update=function(s,o,i){return 1===arguments.length?s(this):this.updateIn([s],o,i)},Map.prototype.updateIn=function(s,o,i){i||(i=o,o=void 0);var a=updateInDeepMap(this,forceIterator(s),o,i);return a===j?void 0:a},Map.prototype.clear=function(){return 0===this.size?this:this.__ownerID?(this.size=0,this._root=null,this.__hash=void 0,this.__altered=!0,this):emptyMap()},Map.prototype.merge=function(){return mergeIntoMapWith(this,void 0,arguments)},Map.prototype.mergeWith=function(o){return mergeIntoMapWith(this,o,s.call(arguments,1))},Map.prototype.mergeIn=function(o){var i=s.call(arguments,1);return this.updateIn(o,emptyMap(),(function(s){return"function"==typeof s.merge?s.merge.apply(s,i):i[i.length-1]}))},Map.prototype.mergeDeep=function(){return mergeIntoMapWith(this,deepMerger,arguments)},Map.prototype.mergeDeepWith=function(o){var i=s.call(arguments,1);return mergeIntoMapWith(this,deepMergerWith(o),i)},Map.prototype.mergeDeepIn=function(o){var i=s.call(arguments,1);return this.updateIn(o,emptyMap(),(function(s){return"function"==typeof s.mergeDeep?s.mergeDeep.apply(s,i):i[i.length-1]}))},Map.prototype.sort=function(s){return OrderedMap(sortFactory(this,s))},Map.prototype.sortBy=function(s,o){return OrderedMap(sortFactory(this,o,s))},Map.prototype.withMutations=function(s){var o=this.asMutable();return s(o),o.wasAltered()?o.__ensureOwner(this.__ownerID):this},Map.prototype.asMutable=function(){return this.__ownerID?this:this.__ensureOwner(new OwnerID)},Map.prototype.asImmutable=function(){return this.__ensureOwner()},Map.prototype.wasAltered=function(){return this.__altered},Map.prototype.__iterator=function(s,o){return new MapIterator(this,s,o)},Map.prototype.__iterate=function(s,o){var i=this,a=0;return this._root&&this._root.iterate((function(o){return a++,s(o[1],o[0],i)}),o),a},Map.prototype.__ensureOwner=function(s){return s===this.__ownerID?this:s?makeMap(this.size,this._root,s,this.__hash):(this.__ownerID=s,this.__altered=!1,this)},Map.isMap=isMap;var Te,Re="@@__IMMUTABLE_MAP__@@",$e=Map.prototype;function ArrayMapNode(s,o){this.ownerID=s,this.entries=o}function BitmapIndexedNode(s,o,i){this.ownerID=s,this.bitmap=o,this.nodes=i}function HashArrayMapNode(s,o,i){this.ownerID=s,this.count=o,this.nodes=i}function HashCollisionNode(s,o,i){this.ownerID=s,this.keyHash=o,this.entries=i}function ValueNode(s,o,i){this.ownerID=s,this.keyHash=o,this.entry=i}function MapIterator(s,o,i){this._type=o,this._reverse=i,this._stack=s._root&&mapIteratorFrame(s._root)}function mapIteratorValue(s,o){return iteratorValue(s,o[0],o[1])}function mapIteratorFrame(s,o){return{node:s,index:0,__prev:o}}function makeMap(s,o,i,a){var u=Object.create($e);return u.size=s,u._root=o,u.__ownerID=i,u.__hash=a,u.__altered=!1,u}function emptyMap(){return Te||(Te=makeMap(0))}function updateMap(s,o,i){var a,u;if(s._root){var _=MakeRef(L),w=MakeRef(B);if(a=updateNode(s._root,s.__ownerID,0,void 0,o,i,_,w),!w.value)return s;u=s.size+(_.value?i===j?-1:1:0)}else{if(i===j)return s;u=1,a=new ArrayMapNode(s.__ownerID,[[o,i]])}return s.__ownerID?(s.size=u,s._root=a,s.__hash=void 0,s.__altered=!0,s):a?makeMap(u,a):emptyMap()}function updateNode(s,o,i,a,u,_,w,x){return s?s.update(o,i,a,u,_,w,x):_===j?s:(SetRef(x),SetRef(w),new ValueNode(o,a,[u,_]))}function isLeafNode(s){return s.constructor===ValueNode||s.constructor===HashCollisionNode}function mergeIntoNode(s,o,i,a,u){if(s.keyHash===a)return new HashCollisionNode(o,a,[s.entry,u]);var _,x=(0===i?s.keyHash:s.keyHash>>>i)&C,j=(0===i?a:a>>>i)&C;return new BitmapIndexedNode(o,1<>>=1)w[C]=1&i?o[_++]:void 0;return w[a]=u,new HashArrayMapNode(s,_+1,w)}function mergeIntoMapWith(s,o,i){for(var a=[],u=0;u>1&1431655765))+(s>>2&858993459))+(s>>4)&252645135,s+=s>>8,127&(s+=s>>16)}function setIn(s,o,i,a){var u=a?s:arrCopy(s);return u[o]=i,u}function spliceIn(s,o,i,a){var u=s.length+1;if(a&&o+1===u)return s[o]=i,s;for(var _=new Array(u),w=0,x=0;x=qe)return createNodes(s,C,a,u);var U=s&&s===this.ownerID,V=U?C:arrCopy(C);return $?x?L===B-1?V.pop():V[L]=V.pop():V[L]=[a,u]:V.push([a,u]),U?(this.entries=V,this):new ArrayMapNode(s,V)}},BitmapIndexedNode.prototype.get=function(s,o,i,a){void 0===o&&(o=hash(i));var u=1<<((0===s?o:o>>>s)&C),_=this.bitmap;return _&u?this.nodes[popCount(_&u-1)].get(s+w,o,i,a):a},BitmapIndexedNode.prototype.update=function(s,o,i,a,u,_,x){void 0===i&&(i=hash(a));var L=(0===o?i:i>>>o)&C,B=1<=ze)return expandNodes(s,z,$,L,Z);if(U&&!Z&&2===z.length&&isLeafNode(z[1^V]))return z[1^V];if(U&&Z&&1===z.length&&isLeafNode(Z))return Z;var ee=s&&s===this.ownerID,ie=U?Z?$:$^B:$|B,ae=U?Z?setIn(z,V,Z,ee):spliceOut(z,V,ee):spliceIn(z,V,Z,ee);return ee?(this.bitmap=ie,this.nodes=ae,this):new BitmapIndexedNode(s,ie,ae)},HashArrayMapNode.prototype.get=function(s,o,i,a){void 0===o&&(o=hash(i));var u=(0===s?o:o>>>s)&C,_=this.nodes[u];return _?_.get(s+w,o,i,a):a},HashArrayMapNode.prototype.update=function(s,o,i,a,u,_,x){void 0===i&&(i=hash(a));var L=(0===o?i:i>>>o)&C,B=u===j,$=this.nodes,U=$[L];if(B&&!U)return this;var V=updateNode(U,s,o+w,i,a,u,_,x);if(V===U)return this;var z=this.count;if(U){if(!V&&--z0&&a=0&&s>>o&C;if(a>=this.array.length)return new VNode([],s);var u,_=0===a;if(o>0){var x=this.array[a];if((u=x&&x.removeBefore(s,o-w,i))===x&&_)return this}if(_&&!u)return this;var j=editableVNode(this,s);if(!_)for(var L=0;L>>o&C;if(u>=this.array.length)return this;if(o>0){var _=this.array[u];if((a=_&&_.removeAfter(s,o-w,i))===_&&u===this.array.length-1)return this}var x=editableVNode(this,s);return x.array.splice(u+1),a&&(x.array[u]=a),x};var Xe,Qe,et={};function iterateList(s,o){var i=s._origin,a=s._capacity,u=getTailOffset(a),_=s._tail;return iterateNodeOrLeaf(s._root,s._level,0);function iterateNodeOrLeaf(s,o,i){return 0===o?iterateLeaf(s,i):iterateNode(s,o,i)}function iterateLeaf(s,w){var C=w===u?_&&_.array:s&&s.array,j=w>i?0:i-w,L=a-w;return L>x&&(L=x),function(){if(j===L)return et;var s=o?--L:j++;return C&&C[s]}}function iterateNode(s,u,_){var C,j=s&&s.array,L=_>i?0:i-_>>u,B=1+(a-_>>u);return B>x&&(B=x),function(){for(;;){if(C){var s=C();if(s!==et)return s;C=null}if(L===B)return et;var i=o?--B:L++;C=iterateNodeOrLeaf(j&&j[i],u-w,_+(i<=s.size||o<0)return s.withMutations((function(s){o<0?setListBounds(s,o).set(0,i):setListBounds(s,0,o+1).set(o,i)}));o+=s._origin;var a=s._tail,u=s._root,_=MakeRef(B);return o>=getTailOffset(s._capacity)?a=updateVNode(a,s.__ownerID,0,o,i,_):u=updateVNode(u,s.__ownerID,s._level,o,i,_),_.value?s.__ownerID?(s._root=u,s._tail=a,s.__hash=void 0,s.__altered=!0,s):makeList(s._origin,s._capacity,s._level,u,a):s}function updateVNode(s,o,i,a,u,_){var x,j=a>>>i&C,L=s&&j0){var B=s&&s.array[j],$=updateVNode(B,o,i-w,a,u,_);return $===B?s:((x=editableVNode(s,o)).array[j]=$,x)}return L&&s.array[j]===u?s:(SetRef(_),x=editableVNode(s,o),void 0===u&&j===x.array.length-1?x.array.pop():x.array[j]=u,x)}function editableVNode(s,o){return o&&s&&o===s.ownerID?s:new VNode(s?s.array.slice():[],o)}function listNodeFor(s,o){if(o>=getTailOffset(s._capacity))return s._tail;if(o<1<0;)i=i.array[o>>>a&C],a-=w;return i}}function setListBounds(s,o,i){void 0!==o&&(o|=0),void 0!==i&&(i|=0);var a=s.__ownerID||new OwnerID,u=s._origin,_=s._capacity,x=u+o,j=void 0===i?_:i<0?_+i:u+i;if(x===u&&j===_)return s;if(x>=j)return s.clear();for(var L=s._level,B=s._root,$=0;x+$<0;)B=new VNode(B&&B.array.length?[void 0,B]:[],a),$+=1<<(L+=w);$&&(x+=$,u+=$,j+=$,_+=$);for(var U=getTailOffset(_),V=getTailOffset(j);V>=1<U?new VNode([],a):z;if(z&&V>U&&x<_&&z.array.length){for(var Z=B=editableVNode(B,a),ee=L;ee>w;ee-=w){var ie=U>>>ee&C;Z=Z.array[ie]=editableVNode(Z.array[ie],a)}Z.array[U>>>w&C]=z}if(j<_&&(Y=Y&&Y.removeAfter(a,0,j)),x>=V)x-=V,j-=V,L=w,B=null,Y=Y&&Y.removeBefore(a,0,x);else if(x>u||V>>L&C;if(ae!==V>>>L&C)break;ae&&($+=(1<u&&(B=B.removeBefore(a,L,x-$)),B&&Vu&&(u=x.size),isIterable(w)||(x=x.map((function(s){return fromJS(s)}))),a.push(x)}return u>s.size&&(s=s.setSize(u)),mergeIntoCollectionWith(s,o,a)}function getTailOffset(s){return s>>w<=x&&w.size>=2*_.size?(a=(u=w.filter((function(s,o){return void 0!==s&&C!==o}))).toKeyedSeq().map((function(s){return s[0]})).flip().toMap(),s.__ownerID&&(a.__ownerID=u.__ownerID=s.__ownerID)):(a=_.remove(o),u=C===w.size-1?w.pop():w.set(C,void 0))}else if(L){if(i===w.get(C)[1])return s;a=_,u=w.set(C,[o,i])}else a=_.set(o,w.size),u=w.set(w.size,[o,i]);return s.__ownerID?(s.size=a.size,s._map=a,s._list=u,s.__hash=void 0,s):makeOrderedMap(a,u)}function ToKeyedSequence(s,o){this._iter=s,this._useKeys=o,this.size=s.size}function ToIndexedSequence(s){this._iter=s,this.size=s.size}function ToSetSequence(s){this._iter=s,this.size=s.size}function FromEntriesSequence(s){this._iter=s,this.size=s.size}function flipFactory(s){var o=makeSequence(s);return o._iter=s,o.size=s.size,o.flip=function(){return s},o.reverse=function(){var o=s.reverse.apply(this);return o.flip=function(){return s.reverse()},o},o.has=function(o){return s.includes(o)},o.includes=function(o){return s.has(o)},o.cacheResult=cacheResultThrough,o.__iterateUncached=function(o,i){var a=this;return s.__iterate((function(s,i){return!1!==o(i,s,a)}),i)},o.__iteratorUncached=function(o,i){if(o===V){var a=s.__iterator(o,i);return new Iterator((function(){var s=a.next();if(!s.done){var o=s.value[0];s.value[0]=s.value[1],s.value[1]=o}return s}))}return s.__iterator(o===U?$:U,i)},o}function mapFactory(s,o,i){var a=makeSequence(s);return a.size=s.size,a.has=function(o){return s.has(o)},a.get=function(a,u){var _=s.get(a,j);return _===j?u:o.call(i,_,a,s)},a.__iterateUncached=function(a,u){var _=this;return s.__iterate((function(s,u,w){return!1!==a(o.call(i,s,u,w),u,_)}),u)},a.__iteratorUncached=function(a,u){var _=s.__iterator(V,u);return new Iterator((function(){var u=_.next();if(u.done)return u;var w=u.value,x=w[0];return iteratorValue(a,x,o.call(i,w[1],x,s),u)}))},a}function reverseFactory(s,o){var i=makeSequence(s);return i._iter=s,i.size=s.size,i.reverse=function(){return s},s.flip&&(i.flip=function(){var o=flipFactory(s);return o.reverse=function(){return s.flip()},o}),i.get=function(i,a){return s.get(o?i:-1-i,a)},i.has=function(i){return s.has(o?i:-1-i)},i.includes=function(o){return s.includes(o)},i.cacheResult=cacheResultThrough,i.__iterate=function(o,i){var a=this;return s.__iterate((function(s,i){return o(s,i,a)}),!i)},i.__iterator=function(o,i){return s.__iterator(o,!i)},i}function filterFactory(s,o,i,a){var u=makeSequence(s);return a&&(u.has=function(a){var u=s.get(a,j);return u!==j&&!!o.call(i,u,a,s)},u.get=function(a,u){var _=s.get(a,j);return _!==j&&o.call(i,_,a,s)?_:u}),u.__iterateUncached=function(u,_){var w=this,x=0;return s.__iterate((function(s,_,C){if(o.call(i,s,_,C))return x++,u(s,a?_:x-1,w)}),_),x},u.__iteratorUncached=function(u,_){var w=s.__iterator(V,_),x=0;return new Iterator((function(){for(;;){var _=w.next();if(_.done)return _;var C=_.value,j=C[0],L=C[1];if(o.call(i,L,j,s))return iteratorValue(u,a?j:x++,L,_)}}))},u}function countByFactory(s,o,i){var a=Map().asMutable();return s.__iterate((function(u,_){a.update(o.call(i,u,_,s),0,(function(s){return s+1}))})),a.asImmutable()}function groupByFactory(s,o,i){var a=isKeyed(s),u=(isOrdered(s)?OrderedMap():Map()).asMutable();s.__iterate((function(_,w){u.update(o.call(i,_,w,s),(function(s){return(s=s||[]).push(a?[w,_]:_),s}))}));var _=iterableClass(s);return u.map((function(o){return reify(s,_(o))}))}function sliceFactory(s,o,i,a){var u=s.size;if(void 0!==o&&(o|=0),void 0!==i&&(i===1/0?i=u:i|=0),wholeSlice(o,i,u))return s;var _=resolveBegin(o,u),w=resolveEnd(i,u);if(_!=_||w!=w)return sliceFactory(s.toSeq().cacheResult(),o,i,a);var x,C=w-_;C==C&&(x=C<0?0:C);var j=makeSequence(s);return j.size=0===x?x:s.size&&x||void 0,!a&&isSeq(s)&&x>=0&&(j.get=function(o,i){return(o=wrapIndex(this,o))>=0&&ox)return iteratorDone();var s=u.next();return a||o===U?s:iteratorValue(o,C-1,o===$?void 0:s.value[1],s)}))},j}function takeWhileFactory(s,o,i){var a=makeSequence(s);return a.__iterateUncached=function(a,u){var _=this;if(u)return this.cacheResult().__iterate(a,u);var w=0;return s.__iterate((function(s,u,x){return o.call(i,s,u,x)&&++w&&a(s,u,_)})),w},a.__iteratorUncached=function(a,u){var _=this;if(u)return this.cacheResult().__iterator(a,u);var w=s.__iterator(V,u),x=!0;return new Iterator((function(){if(!x)return iteratorDone();var s=w.next();if(s.done)return s;var u=s.value,C=u[0],j=u[1];return o.call(i,j,C,_)?a===V?s:iteratorValue(a,C,j,s):(x=!1,iteratorDone())}))},a}function skipWhileFactory(s,o,i,a){var u=makeSequence(s);return u.__iterateUncached=function(u,_){var w=this;if(_)return this.cacheResult().__iterate(u,_);var x=!0,C=0;return s.__iterate((function(s,_,j){if(!x||!(x=o.call(i,s,_,j)))return C++,u(s,a?_:C-1,w)})),C},u.__iteratorUncached=function(u,_){var w=this;if(_)return this.cacheResult().__iterator(u,_);var x=s.__iterator(V,_),C=!0,j=0;return new Iterator((function(){var s,_,L;do{if((s=x.next()).done)return a||u===U?s:iteratorValue(u,j++,u===$?void 0:s.value[1],s);var B=s.value;_=B[0],L=B[1],C&&(C=o.call(i,L,_,w))}while(C);return u===V?s:iteratorValue(u,_,L,s)}))},u}function concatFactory(s,o){var i=isKeyed(s),a=[s].concat(o).map((function(s){return isIterable(s)?i&&(s=KeyedIterable(s)):s=i?keyedSeqFromValue(s):indexedSeqFromValue(Array.isArray(s)?s:[s]),s})).filter((function(s){return 0!==s.size}));if(0===a.length)return s;if(1===a.length){var u=a[0];if(u===s||i&&isKeyed(u)||isIndexed(s)&&isIndexed(u))return u}var _=new ArraySeq(a);return i?_=_.toKeyedSeq():isIndexed(s)||(_=_.toSetSeq()),(_=_.flatten(!0)).size=a.reduce((function(s,o){if(void 0!==s){var i=o.size;if(void 0!==i)return s+i}}),0),_}function flattenFactory(s,o,i){var a=makeSequence(s);return a.__iterateUncached=function(a,u){var _=0,w=!1;function flatDeep(s,x){var C=this;s.__iterate((function(s,u){return(!o||x0}function zipWithFactory(s,o,i){var a=makeSequence(s);return a.size=new ArraySeq(i).map((function(s){return s.size})).min(),a.__iterate=function(s,o){for(var i,a=this.__iterator(U,o),u=0;!(i=a.next()).done&&!1!==s(i.value,u++,this););return u},a.__iteratorUncached=function(s,a){var u=i.map((function(s){return s=Iterable(s),getIterator(a?s.reverse():s)})),_=0,w=!1;return new Iterator((function(){var i;return w||(i=u.map((function(s){return s.next()})),w=i.some((function(s){return s.done}))),w?iteratorDone():iteratorValue(s,_++,o.apply(null,i.map((function(s){return s.value}))))}))},a}function reify(s,o){return isSeq(s)?o:s.constructor(o)}function validateEntry(s){if(s!==Object(s))throw new TypeError("Expected [K, V] tuple: "+s)}function resolveSize(s){return assertNotInfinite(s.size),ensureSize(s)}function iterableClass(s){return isKeyed(s)?KeyedIterable:isIndexed(s)?IndexedIterable:SetIterable}function makeSequence(s){return Object.create((isKeyed(s)?KeyedSeq:isIndexed(s)?IndexedSeq:SetSeq).prototype)}function cacheResultThrough(){return this._iter.cacheResult?(this._iter.cacheResult(),this.size=this._iter.size,this):Seq.prototype.cacheResult.call(this)}function defaultComparator(s,o){return s>o?1:s=0;i--)o={value:arguments[i],next:o};return this.__ownerID?(this.size=s,this._head=o,this.__hash=void 0,this.__altered=!0,this):makeStack(s,o)},Stack.prototype.pushAll=function(s){if(0===(s=IndexedIterable(s)).size)return this;assertNotInfinite(s.size);var o=this.size,i=this._head;return s.reverse().forEach((function(s){o++,i={value:s,next:i}})),this.__ownerID?(this.size=o,this._head=i,this.__hash=void 0,this.__altered=!0,this):makeStack(o,i)},Stack.prototype.pop=function(){return this.slice(1)},Stack.prototype.unshift=function(){return this.push.apply(this,arguments)},Stack.prototype.unshiftAll=function(s){return this.pushAll(s)},Stack.prototype.shift=function(){return this.pop.apply(this,arguments)},Stack.prototype.clear=function(){return 0===this.size?this:this.__ownerID?(this.size=0,this._head=void 0,this.__hash=void 0,this.__altered=!0,this):emptyStack()},Stack.prototype.slice=function(s,o){if(wholeSlice(s,o,this.size))return this;var i=resolveBegin(s,this.size);if(resolveEnd(o,this.size)!==this.size)return IndexedCollection.prototype.slice.call(this,s,o);for(var a=this.size-i,u=this._head;i--;)u=u.next;return this.__ownerID?(this.size=a,this._head=u,this.__hash=void 0,this.__altered=!0,this):makeStack(a,u)},Stack.prototype.__ensureOwner=function(s){return s===this.__ownerID?this:s?makeStack(this.size,this._head,s,this.__hash):(this.__ownerID=s,this.__altered=!1,this)},Stack.prototype.__iterate=function(s,o){if(o)return this.reverse().__iterate(s);for(var i=0,a=this._head;a&&!1!==s(a.value,i++,this);)a=a.next;return i},Stack.prototype.__iterator=function(s,o){if(o)return this.reverse().__iterator(s);var i=0,a=this._head;return new Iterator((function(){if(a){var o=a.value;return a=a.next,iteratorValue(s,i++,o)}return iteratorDone()}))},Stack.isStack=isStack;var at,ct="@@__IMMUTABLE_STACK__@@",lt=Stack.prototype;function makeStack(s,o,i,a){var u=Object.create(lt);return u.size=s,u._head=o,u.__ownerID=i,u.__hash=a,u.__altered=!1,u}function emptyStack(){return at||(at=makeStack(0))}function mixin(s,o){var keyCopier=function(i){s.prototype[i]=o[i]};return Object.keys(o).forEach(keyCopier),Object.getOwnPropertySymbols&&Object.getOwnPropertySymbols(o).forEach(keyCopier),s}lt[ct]=!0,lt.withMutations=$e.withMutations,lt.asMutable=$e.asMutable,lt.asImmutable=$e.asImmutable,lt.wasAltered=$e.wasAltered,Iterable.Iterator=Iterator,mixin(Iterable,{toArray:function(){assertNotInfinite(this.size);var s=new Array(this.size||0);return this.valueSeq().__iterate((function(o,i){s[i]=o})),s},toIndexedSeq:function(){return new ToIndexedSequence(this)},toJS:function(){return this.toSeq().map((function(s){return s&&"function"==typeof s.toJS?s.toJS():s})).__toJS()},toJSON:function(){return this.toSeq().map((function(s){return s&&"function"==typeof s.toJSON?s.toJSON():s})).__toJS()},toKeyedSeq:function(){return new ToKeyedSequence(this,!0)},toMap:function(){return Map(this.toKeyedSeq())},toObject:function(){assertNotInfinite(this.size);var s={};return this.__iterate((function(o,i){s[i]=o})),s},toOrderedMap:function(){return OrderedMap(this.toKeyedSeq())},toOrderedSet:function(){return OrderedSet(isKeyed(this)?this.valueSeq():this)},toSet:function(){return Set(isKeyed(this)?this.valueSeq():this)},toSetSeq:function(){return new ToSetSequence(this)},toSeq:function(){return isIndexed(this)?this.toIndexedSeq():isKeyed(this)?this.toKeyedSeq():this.toSetSeq()},toStack:function(){return Stack(isKeyed(this)?this.valueSeq():this)},toList:function(){return List(isKeyed(this)?this.valueSeq():this)},toString:function(){return"[Iterable]"},__toString:function(s,o){return 0===this.size?s+o:s+" "+this.toSeq().map(this.__toStringMapper).join(", ")+" "+o},concat:function(){return reify(this,concatFactory(this,s.call(arguments,0)))},includes:function(s){return this.some((function(o){return is(o,s)}))},entries:function(){return this.__iterator(V)},every:function(s,o){assertNotInfinite(this.size);var i=!0;return this.__iterate((function(a,u,_){if(!s.call(o,a,u,_))return i=!1,!1})),i},filter:function(s,o){return reify(this,filterFactory(this,s,o,!0))},find:function(s,o,i){var a=this.findEntry(s,o);return a?a[1]:i},forEach:function(s,o){return assertNotInfinite(this.size),this.__iterate(o?s.bind(o):s)},join:function(s){assertNotInfinite(this.size),s=void 0!==s?""+s:",";var o="",i=!0;return this.__iterate((function(a){i?i=!1:o+=s,o+=null!=a?a.toString():""})),o},keys:function(){return this.__iterator($)},map:function(s,o){return reify(this,mapFactory(this,s,o))},reduce:function(s,o,i){var a,u;return assertNotInfinite(this.size),arguments.length<2?u=!0:a=o,this.__iterate((function(o,_,w){u?(u=!1,a=o):a=s.call(i,a,o,_,w)})),a},reduceRight:function(s,o,i){var a=this.toKeyedSeq().reverse();return a.reduce.apply(a,arguments)},reverse:function(){return reify(this,reverseFactory(this,!0))},slice:function(s,o){return reify(this,sliceFactory(this,s,o,!0))},some:function(s,o){return!this.every(not(s),o)},sort:function(s){return reify(this,sortFactory(this,s))},values:function(){return this.__iterator(U)},butLast:function(){return this.slice(0,-1)},isEmpty:function(){return void 0!==this.size?0===this.size:!this.some((function(){return!0}))},count:function(s,o){return ensureSize(s?this.toSeq().filter(s,o):this)},countBy:function(s,o){return countByFactory(this,s,o)},equals:function(s){return deepEqual(this,s)},entrySeq:function(){var s=this;if(s._cache)return new ArraySeq(s._cache);var o=s.toSeq().map(entryMapper).toIndexedSeq();return o.fromEntrySeq=function(){return s.toSeq()},o},filterNot:function(s,o){return this.filter(not(s),o)},findEntry:function(s,o,i){var a=i;return this.__iterate((function(i,u,_){if(s.call(o,i,u,_))return a=[u,i],!1})),a},findKey:function(s,o){var i=this.findEntry(s,o);return i&&i[0]},findLast:function(s,o,i){return this.toKeyedSeq().reverse().find(s,o,i)},findLastEntry:function(s,o,i){return this.toKeyedSeq().reverse().findEntry(s,o,i)},findLastKey:function(s,o){return this.toKeyedSeq().reverse().findKey(s,o)},first:function(){return this.find(returnTrue)},flatMap:function(s,o){return reify(this,flatMapFactory(this,s,o))},flatten:function(s){return reify(this,flattenFactory(this,s,!0))},fromEntrySeq:function(){return new FromEntriesSequence(this)},get:function(s,o){return this.find((function(o,i){return is(i,s)}),void 0,o)},getIn:function(s,o){for(var i,a=this,u=forceIterator(s);!(i=u.next()).done;){var _=i.value;if((a=a&&a.get?a.get(_,j):j)===j)return o}return a},groupBy:function(s,o){return groupByFactory(this,s,o)},has:function(s){return this.get(s,j)!==j},hasIn:function(s){return this.getIn(s,j)!==j},isSubset:function(s){return s="function"==typeof s.includes?s:Iterable(s),this.every((function(o){return s.includes(o)}))},isSuperset:function(s){return(s="function"==typeof s.isSubset?s:Iterable(s)).isSubset(this)},keyOf:function(s){return this.findKey((function(o){return is(o,s)}))},keySeq:function(){return this.toSeq().map(keyMapper).toIndexedSeq()},last:function(){return this.toSeq().reverse().first()},lastKeyOf:function(s){return this.toKeyedSeq().reverse().keyOf(s)},max:function(s){return maxFactory(this,s)},maxBy:function(s,o){return maxFactory(this,o,s)},min:function(s){return maxFactory(this,s?neg(s):defaultNegComparator)},minBy:function(s,o){return maxFactory(this,o?neg(o):defaultNegComparator,s)},rest:function(){return this.slice(1)},skip:function(s){return this.slice(Math.max(0,s))},skipLast:function(s){return reify(this,this.toSeq().reverse().skip(s).reverse())},skipWhile:function(s,o){return reify(this,skipWhileFactory(this,s,o,!0))},skipUntil:function(s,o){return this.skipWhile(not(s),o)},sortBy:function(s,o){return reify(this,sortFactory(this,o,s))},take:function(s){return this.slice(0,Math.max(0,s))},takeLast:function(s){return reify(this,this.toSeq().reverse().take(s).reverse())},takeWhile:function(s,o){return reify(this,takeWhileFactory(this,s,o))},takeUntil:function(s,o){return this.takeWhile(not(s),o)},valueSeq:function(){return this.toIndexedSeq()},hashCode:function(){return this.__hash||(this.__hash=hashIterable(this))}});var ut=Iterable.prototype;ut[o]=!0,ut[Z]=ut.values,ut.__toJS=ut.toArray,ut.__toStringMapper=quoteString,ut.inspect=ut.toSource=function(){return this.toString()},ut.chain=ut.flatMap,ut.contains=ut.includes,mixin(KeyedIterable,{flip:function(){return reify(this,flipFactory(this))},mapEntries:function(s,o){var i=this,a=0;return reify(this,this.toSeq().map((function(u,_){return s.call(o,[_,u],a++,i)})).fromEntrySeq())},mapKeys:function(s,o){var i=this;return reify(this,this.toSeq().flip().map((function(a,u){return s.call(o,a,u,i)})).flip())}});var pt=KeyedIterable.prototype;function keyMapper(s,o){return o}function entryMapper(s,o){return[o,s]}function not(s){return function(){return!s.apply(this,arguments)}}function neg(s){return function(){return-s.apply(this,arguments)}}function quoteString(s){return"string"==typeof s?JSON.stringify(s):String(s)}function defaultZipper(){return arrCopy(arguments)}function defaultNegComparator(s,o){return so?-1:0}function hashIterable(s){if(s.size===1/0)return 0;var o=isOrdered(s),i=isKeyed(s),a=o?1:0;return murmurHashOfSize(s.__iterate(i?o?function(s,o){a=31*a+hashMerge(hash(s),hash(o))|0}:function(s,o){a=a+hashMerge(hash(s),hash(o))|0}:o?function(s){a=31*a+hash(s)|0}:function(s){a=a+hash(s)|0}),a)}function murmurHashOfSize(s,o){return o=le(o,3432918353),o=le(o<<15|o>>>-15,461845907),o=le(o<<13|o>>>-13,5),o=le((o=o+3864292196^s)^o>>>16,2246822507),o=smi((o=le(o^o>>>13,3266489909))^o>>>16)}function hashMerge(s,o){return s^o+2654435769+(s<<6)+(s>>2)}return pt[i]=!0,pt[Z]=ut.entries,pt.__toJS=ut.toObject,pt.__toStringMapper=function(s,o){return JSON.stringify(o)+": "+quoteString(s)},mixin(IndexedIterable,{toKeyedSeq:function(){return new ToKeyedSequence(this,!1)},filter:function(s,o){return reify(this,filterFactory(this,s,o,!1))},findIndex:function(s,o){var i=this.findEntry(s,o);return i?i[0]:-1},indexOf:function(s){var o=this.keyOf(s);return void 0===o?-1:o},lastIndexOf:function(s){var o=this.lastKeyOf(s);return void 0===o?-1:o},reverse:function(){return reify(this,reverseFactory(this,!1))},slice:function(s,o){return reify(this,sliceFactory(this,s,o,!1))},splice:function(s,o){var i=arguments.length;if(o=Math.max(0|o,0),0===i||2===i&&!o)return this;s=resolveBegin(s,s<0?this.count():this.size);var a=this.slice(0,s);return reify(this,1===i?a:a.concat(arrCopy(arguments,2),this.slice(s+o)))},findLastIndex:function(s,o){var i=this.findLastEntry(s,o);return i?i[0]:-1},first:function(){return this.get(0)},flatten:function(s){return reify(this,flattenFactory(this,s,!1))},get:function(s,o){return(s=wrapIndex(this,s))<0||this.size===1/0||void 0!==this.size&&s>this.size?o:this.find((function(o,i){return i===s}),void 0,o)},has:function(s){return(s=wrapIndex(this,s))>=0&&(void 0!==this.size?this.size===1/0||s{"use strict";i(71340);var a=i(92046);s.exports=a.Object.assign},9957:(s,o,i)=>{"use strict";var a=Function.prototype.call,u=Object.prototype.hasOwnProperty,_=i(66743);s.exports=_.call(a,u)},9999:(s,o,i)=>{var a=i(37217),u=i(83729),_=i(16547),w=i(74733),x=i(43838),C=i(93290),j=i(23007),L=i(92271),B=i(48948),$=i(50002),U=i(83349),V=i(5861),z=i(76189),Y=i(77199),Z=i(35529),ee=i(56449),ie=i(3656),ae=i(87730),ce=i(23805),le=i(38440),pe=i(95950),de=i(37241),fe="[object Arguments]",ye="[object Function]",be="[object Object]",_e={};_e[fe]=_e["[object Array]"]=_e["[object ArrayBuffer]"]=_e["[object DataView]"]=_e["[object Boolean]"]=_e["[object Date]"]=_e["[object Float32Array]"]=_e["[object Float64Array]"]=_e["[object Int8Array]"]=_e["[object Int16Array]"]=_e["[object Int32Array]"]=_e["[object Map]"]=_e["[object Number]"]=_e[be]=_e["[object RegExp]"]=_e["[object Set]"]=_e["[object String]"]=_e["[object Symbol]"]=_e["[object Uint8Array]"]=_e["[object Uint8ClampedArray]"]=_e["[object Uint16Array]"]=_e["[object Uint32Array]"]=!0,_e["[object Error]"]=_e[ye]=_e["[object WeakMap]"]=!1,s.exports=function baseClone(s,o,i,Se,we,xe){var Pe,Te=1&o,Re=2&o,$e=4&o;if(i&&(Pe=we?i(s,Se,we,xe):i(s)),void 0!==Pe)return Pe;if(!ce(s))return s;var qe=ee(s);if(qe){if(Pe=z(s),!Te)return j(s,Pe)}else{var ze=V(s),We=ze==ye||"[object GeneratorFunction]"==ze;if(ie(s))return C(s,Te);if(ze==be||ze==fe||We&&!we){if(Pe=Re||We?{}:Z(s),!Te)return Re?B(s,x(Pe,s)):L(s,w(Pe,s))}else{if(!_e[ze])return we?s:{};Pe=Y(s,ze,Te)}}xe||(xe=new a);var He=xe.get(s);if(He)return He;xe.set(s,Pe),le(s)?s.forEach((function(a){Pe.add(baseClone(a,o,i,a,s,xe))})):ae(s)&&s.forEach((function(a,u){Pe.set(u,baseClone(a,o,i,u,s,xe))}));var Ye=qe?void 0:($e?Re?U:$:Re?de:pe)(s);return u(Ye||s,(function(a,u){Ye&&(a=s[u=a]),_(Pe,u,baseClone(a,o,i,u,s,xe))})),Pe}},10023:(s,o,i)=>{const a=i(6205),INTS=()=>[{type:a.RANGE,from:48,to:57}],WORDS=()=>[{type:a.CHAR,value:95},{type:a.RANGE,from:97,to:122},{type:a.RANGE,from:65,to:90}].concat(INTS()),WHITESPACE=()=>[{type:a.CHAR,value:9},{type:a.CHAR,value:10},{type:a.CHAR,value:11},{type:a.CHAR,value:12},{type:a.CHAR,value:13},{type:a.CHAR,value:32},{type:a.CHAR,value:160},{type:a.CHAR,value:5760},{type:a.RANGE,from:8192,to:8202},{type:a.CHAR,value:8232},{type:a.CHAR,value:8233},{type:a.CHAR,value:8239},{type:a.CHAR,value:8287},{type:a.CHAR,value:12288},{type:a.CHAR,value:65279}];o.words=()=>({type:a.SET,set:WORDS(),not:!1}),o.notWords=()=>({type:a.SET,set:WORDS(),not:!0}),o.ints=()=>({type:a.SET,set:INTS(),not:!1}),o.notInts=()=>({type:a.SET,set:INTS(),not:!0}),o.whitespace=()=>({type:a.SET,set:WHITESPACE(),not:!1}),o.notWhitespace=()=>({type:a.SET,set:WHITESPACE(),not:!0}),o.anyChar=()=>({type:a.SET,set:[{type:a.CHAR,value:10},{type:a.CHAR,value:13},{type:a.CHAR,value:8232},{type:a.CHAR,value:8233}],not:!0})},10043:(s,o,i)=>{"use strict";var a=i(54018),u=String,_=TypeError;s.exports=function(s){if(a(s))return s;throw new _("Can't set "+u(s)+" as a prototype")}},10076:s=>{"use strict";s.exports=Function.prototype.call},10124:(s,o,i)=>{var a=i(9325);s.exports=function(){return a.Date.now()}},10300:(s,o,i)=>{"use strict";var a=i(13930),u=i(82159),_=i(36624),w=i(4640),x=i(73448),C=TypeError;s.exports=function(s,o){var i=arguments.length<2?x(s):o;if(u(i))return _(a(i,s));throw new C(w(s)+" is not iterable")}},10316:(s,o,i)=>{const a=i(2404),u=i(55973),_=i(92340);class Element{constructor(s,o,i){o&&(this.meta=o),i&&(this.attributes=i),this.content=s}freeze(){Object.isFrozen(this)||(this._meta&&(this.meta.parent=this,this.meta.freeze()),this._attributes&&(this.attributes.parent=this,this.attributes.freeze()),this.children.forEach((s=>{s.parent=this,s.freeze()}),this),this.content&&Array.isArray(this.content)&&Object.freeze(this.content),Object.freeze(this))}primitive(){}clone(){const s=new this.constructor;return s.element=this.element,this.meta.length&&(s._meta=this.meta.clone()),this.attributes.length&&(s._attributes=this.attributes.clone()),this.content?this.content.clone?s.content=this.content.clone():Array.isArray(this.content)?s.content=this.content.map((s=>s.clone())):s.content=this.content:s.content=this.content,s}toValue(){return this.content instanceof Element?this.content.toValue():this.content instanceof u?{key:this.content.key.toValue(),value:this.content.value?this.content.value.toValue():void 0}:this.content&&this.content.map?this.content.map((s=>s.toValue()),this):this.content}toRef(s){if(""===this.id.toValue())throw Error("Cannot create reference to an element that does not contain an ID");const o=new this.RefElement(this.id.toValue());return s&&(o.path=s),o}findRecursive(...s){if(arguments.length>1&&!this.isFrozen)throw new Error("Cannot find recursive with multiple element names without first freezing the element. Call `element.freeze()`");const o=s.pop();let i=new _;const append=(s,o)=>(s.push(o),s),checkElement=(s,i)=>{i.element===o&&s.push(i);const a=i.findRecursive(o);return a&&a.reduce(append,s),i.content instanceof u&&(i.content.key&&checkElement(s,i.content.key),i.content.value&&checkElement(s,i.content.value)),s};return this.content&&(this.content.element&&checkElement(i,this.content),Array.isArray(this.content)&&this.content.reduce(checkElement,i)),s.isEmpty||(i=i.filter((o=>{let i=o.parents.map((s=>s.element));for(const o in s){const a=s[o],u=i.indexOf(a);if(-1===u)return!1;i=i.splice(0,u)}return!0}))),i}set(s){return this.content=s,this}equals(s){return a(this.toValue(),s)}getMetaProperty(s,o){if(!this.meta.hasKey(s)){if(this.isFrozen){const s=this.refract(o);return s.freeze(),s}this.meta.set(s,o)}return this.meta.get(s)}setMetaProperty(s,o){this.meta.set(s,o)}get element(){return this._storedElement||"element"}set element(s){this._storedElement=s}get content(){return this._content}set content(s){if(s instanceof Element)this._content=s;else if(s instanceof _)this.content=s.elements;else if("string"==typeof s||"number"==typeof s||"boolean"==typeof s||"null"===s||null==s)this._content=s;else if(s instanceof u)this._content=s;else if(Array.isArray(s))this._content=s.map(this.refract);else{if("object"!=typeof s)throw new Error("Cannot set content to given value");this._content=Object.keys(s).map((o=>new this.MemberElement(o,s[o])))}}get meta(){if(!this._meta){if(this.isFrozen){const s=new this.ObjectElement;return s.freeze(),s}this._meta=new this.ObjectElement}return this._meta}set meta(s){s instanceof this.ObjectElement?this._meta=s:this.meta.set(s||{})}get attributes(){if(!this._attributes){if(this.isFrozen){const s=new this.ObjectElement;return s.freeze(),s}this._attributes=new this.ObjectElement}return this._attributes}set attributes(s){s instanceof this.ObjectElement?this._attributes=s:this.attributes.set(s||{})}get id(){return this.getMetaProperty("id","")}set id(s){this.setMetaProperty("id",s)}get classes(){return this.getMetaProperty("classes",[])}set classes(s){this.setMetaProperty("classes",s)}get title(){return this.getMetaProperty("title","")}set title(s){this.setMetaProperty("title",s)}get description(){return this.getMetaProperty("description","")}set description(s){this.setMetaProperty("description",s)}get links(){return this.getMetaProperty("links",[])}set links(s){this.setMetaProperty("links",s)}get isFrozen(){return Object.isFrozen(this)}get parents(){let{parent:s}=this;const o=new _;for(;s;)o.push(s),s=s.parent;return o}get children(){if(Array.isArray(this.content))return new _(this.content);if(this.content instanceof u){const s=new _([this.content.key]);return this.content.value&&s.push(this.content.value),s}return this.content instanceof Element?new _([this.content]):new _}get recursiveChildren(){const s=new _;return this.children.forEach((o=>{s.push(o),o.recursiveChildren.forEach((o=>{s.push(o)}))})),s}}s.exports=Element},10392:s=>{s.exports=function getValue(s,o){return null==s?void 0:s[o]}},10487:(s,o,i)=>{"use strict";var a=i(96897),u=i(30655),_=i(73126),w=i(12205);s.exports=function callBind(s){var o=_(arguments),i=s.length-(arguments.length-1);return a(o,1+(i>0?i:0),!0)},u?u(s.exports,"apply",{value:w}):s.exports.apply=w},10776:(s,o,i)=>{var a=i(30756),u=i(95950);s.exports=function getMatchData(s){for(var o=u(s),i=o.length;i--;){var _=o[i],w=s[_];o[i]=[_,w,a(w)]}return o}},10866:(s,o,i)=>{const a=i(6048),u=i(92340);class ObjectSlice extends u{map(s,o){return this.elements.map((i=>s.bind(o)(i.value,i.key,i)))}filter(s,o){return new ObjectSlice(this.elements.filter((i=>s.bind(o)(i.value,i.key,i))))}reject(s,o){return this.filter(a(s.bind(o)))}forEach(s,o){return this.elements.forEach(((i,a)=>{s.bind(o)(i.value,i.key,i,a)}))}keys(){return this.map(((s,o)=>o.toValue()))}values(){return this.map((s=>s.toValue()))}}s.exports=ObjectSlice},11002:s=>{"use strict";s.exports=Function.prototype.apply},11042:(s,o,i)=>{"use strict";var a=i(85582),u=i(1907),_=i(24443),w=i(87170),x=i(36624),C=u([].concat);s.exports=a("Reflect","ownKeys")||function ownKeys(s){var o=_.f(x(s)),i=w.f;return i?C(o,i(s)):o}},11091:(s,o,i)=>{"use strict";var a=i(45951),u=i(76024),_=i(92361),w=i(62250),x=i(13846).f,C=i(7463),j=i(92046),L=i(28311),B=i(61626),$=i(49724);i(36128);var wrapConstructor=function(s){var Wrapper=function(o,i,a){if(this instanceof Wrapper){switch(arguments.length){case 0:return new s;case 1:return new s(o);case 2:return new s(o,i)}return new s(o,i,a)}return u(s,this,arguments)};return Wrapper.prototype=s.prototype,Wrapper};s.exports=function(s,o){var i,u,U,V,z,Y,Z,ee,ie,ae=s.target,ce=s.global,le=s.stat,pe=s.proto,de=ce?a:le?a[ae]:a[ae]&&a[ae].prototype,fe=ce?j:j[ae]||B(j,ae,{})[ae],ye=fe.prototype;for(V in o)u=!(i=C(ce?V:ae+(le?".":"#")+V,s.forced))&&de&&$(de,V),Y=fe[V],u&&(Z=s.dontCallGetSet?(ie=x(de,V))&&ie.value:de[V]),z=u&&Z?Z:o[V],(i||pe||typeof Y!=typeof z)&&(ee=s.bind&&u?L(z,a):s.wrap&&u?wrapConstructor(z):pe&&w(z)?_(z):z,(s.sham||z&&z.sham||Y&&Y.sham)&&B(ee,"sham",!0),B(fe,V,ee),pe&&($(j,U=ae+"Prototype")||B(j,U,{}),B(j[U],V,z),s.real&&ye&&(i||!ye[V])&&B(ye,V,z)))}},11287:s=>{s.exports=function getHolder(s){return s.placeholder}},11331:(s,o,i)=>{var a=i(72552),u=i(28879),_=i(40346),w=Function.prototype,x=Object.prototype,C=w.toString,j=x.hasOwnProperty,L=C.call(Object);s.exports=function isPlainObject(s){if(!_(s)||"[object Object]"!=a(s))return!1;var o=u(s);if(null===o)return!0;var i=j.call(o,"constructor")&&o.constructor;return"function"==typeof i&&i instanceof i&&C.call(i)==L}},11470:(s,o,i)=>{"use strict";var a=i(1907),u=i(65482),_=i(90160),w=i(74239),x=a("".charAt),C=a("".charCodeAt),j=a("".slice),createMethod=function(s){return function(o,i){var a,L,B=_(w(o)),$=u(i),U=B.length;return $<0||$>=U?s?"":void 0:(a=C(B,$))<55296||a>56319||$+1===U||(L=C(B,$+1))<56320||L>57343?s?x(B,$):a:s?j(B,$,$+2):L-56320+(a-55296<<10)+65536}};s.exports={codeAt:createMethod(!1),charAt:createMethod(!0)}},11842:(s,o,i)=>{var a=i(82819),u=i(9325);s.exports=function createBind(s,o,i){var _=1&o,w=a(s);return function wrapper(){return(this&&this!==u&&this instanceof wrapper?w:s).apply(_?i:this,arguments)}}},12205:(s,o,i)=>{"use strict";var a=i(66743),u=i(11002),_=i(13144);s.exports=function applyBind(){return _(a,u,arguments)}},12242:(s,o,i)=>{const a=i(10316);s.exports=class BooleanElement extends a{constructor(s,o,i){super(s,o,i),this.element="boolean"}primitive(){return"boolean"}}},12507:(s,o,i)=>{var a=i(28754),u=i(49698),_=i(63912),w=i(13222);s.exports=function createCaseFirst(s){return function(o){o=w(o);var i=u(o)?_(o):void 0,x=i?i[0]:o.charAt(0),C=i?a(i,1).join(""):o.slice(1);return x[s]()+C}}},12560:(s,o,i)=>{"use strict";i(99363);var a=i(19287),u=i(45951),_=i(14840),w=i(93742);for(var x in a)_(u[x],x),w[x]=w.Array},12651:(s,o,i)=>{var a=i(74218);s.exports=function getMapData(s,o){var i=s.__data__;return a(o)?i["string"==typeof o?"string":"hash"]:i.map}},12749:(s,o,i)=>{var a=i(81042),u=Object.prototype.hasOwnProperty;s.exports=function hashHas(s){var o=this.__data__;return a?void 0!==o[s]:u.call(o,s)}},13144:(s,o,i)=>{"use strict";var a=i(66743),u=i(11002),_=i(10076),w=i(47119);s.exports=w||a.call(_,u)},13222:(s,o,i)=>{var a=i(77556);s.exports=function toString(s){return null==s?"":a(s)}},13846:(s,o,i)=>{"use strict";var a=i(39447),u=i(13930),_=i(22574),w=i(75817),x=i(4993),C=i(70470),j=i(49724),L=i(73648),B=Object.getOwnPropertyDescriptor;o.f=a?B:function getOwnPropertyDescriptor(s,o){if(s=x(s),o=C(o),L)try{return B(s,o)}catch(s){}if(j(s,o))return w(!u(_.f,s,o),s[o])}},13930:(s,o,i)=>{"use strict";var a=i(41505),u=Function.prototype.call;s.exports=a?u.bind(u):function(){return u.apply(u,arguments)}},14248:s=>{s.exports=function arraySome(s,o){for(var i=-1,a=null==s?0:s.length;++i{s.exports=function arrayPush(s,o){for(var i=-1,a=o.length,u=s.length;++i{const a=i(10316);s.exports=class RefElement extends a{constructor(s,o,i){super(s||[],o,i),this.element="ref",this.path||(this.path="element")}get path(){return this.attributes.get("path")}set path(s){this.attributes.set("path",s)}}},14744:s=>{"use strict";var o=function isMergeableObject(s){return function isNonNullObject(s){return!!s&&"object"==typeof s}(s)&&!function isSpecial(s){var o=Object.prototype.toString.call(s);return"[object RegExp]"===o||"[object Date]"===o||function isReactElement(s){return s.$$typeof===i}(s)}(s)};var i="function"==typeof Symbol&&Symbol.for?Symbol.for("react.element"):60103;function cloneUnlessOtherwiseSpecified(s,o){return!1!==o.clone&&o.isMergeableObject(s)?deepmerge(function emptyTarget(s){return Array.isArray(s)?[]:{}}(s),s,o):s}function defaultArrayMerge(s,o,i){return s.concat(o).map((function(s){return cloneUnlessOtherwiseSpecified(s,i)}))}function getKeys(s){return Object.keys(s).concat(function getEnumerableOwnPropertySymbols(s){return Object.getOwnPropertySymbols?Object.getOwnPropertySymbols(s).filter((function(o){return Object.propertyIsEnumerable.call(s,o)})):[]}(s))}function propertyIsOnObject(s,o){try{return o in s}catch(s){return!1}}function mergeObject(s,o,i){var a={};return i.isMergeableObject(s)&&getKeys(s).forEach((function(o){a[o]=cloneUnlessOtherwiseSpecified(s[o],i)})),getKeys(o).forEach((function(u){(function propertyIsUnsafe(s,o){return propertyIsOnObject(s,o)&&!(Object.hasOwnProperty.call(s,o)&&Object.propertyIsEnumerable.call(s,o))})(s,u)||(propertyIsOnObject(s,u)&&i.isMergeableObject(o[u])?a[u]=function getMergeFunction(s,o){if(!o.customMerge)return deepmerge;var i=o.customMerge(s);return"function"==typeof i?i:deepmerge}(u,i)(s[u],o[u],i):a[u]=cloneUnlessOtherwiseSpecified(o[u],i))})),a}function deepmerge(s,i,a){(a=a||{}).arrayMerge=a.arrayMerge||defaultArrayMerge,a.isMergeableObject=a.isMergeableObject||o,a.cloneUnlessOtherwiseSpecified=cloneUnlessOtherwiseSpecified;var u=Array.isArray(i);return u===Array.isArray(s)?u?a.arrayMerge(s,i,a):mergeObject(s,i,a):cloneUnlessOtherwiseSpecified(i,a)}deepmerge.all=function deepmergeAll(s,o){if(!Array.isArray(s))throw new Error("first argument should be an array");return s.reduce((function(s,i){return deepmerge(s,i,o)}),{})};var a=deepmerge;s.exports=a},14792:(s,o,i)=>{var a=i(13222),u=i(55808);s.exports=function capitalize(s){return u(a(s).toLowerCase())}},14840:(s,o,i)=>{"use strict";var a=i(52623),u=i(74284).f,_=i(61626),w=i(49724),x=i(54878),C=i(76264)("toStringTag");s.exports=function(s,o,i,j){var L=i?s:s&&s.prototype;L&&(w(L,C)||u(L,C,{configurable:!0,value:o}),j&&!a&&_(L,"toString",x))}},14974:s=>{s.exports=function safeGet(s,o){if(("constructor"!==o||"function"!=typeof s[o])&&"__proto__"!=o)return s[o]}},15287:(s,o)=>{"use strict";var i=Symbol.for("react.element"),a=Symbol.for("react.portal"),u=Symbol.for("react.fragment"),_=Symbol.for("react.strict_mode"),w=Symbol.for("react.profiler"),x=Symbol.for("react.provider"),C=Symbol.for("react.context"),j=Symbol.for("react.forward_ref"),L=Symbol.for("react.suspense"),B=Symbol.for("react.memo"),$=Symbol.for("react.lazy"),U=Symbol.iterator;var V={isMounted:function(){return!1},enqueueForceUpdate:function(){},enqueueReplaceState:function(){},enqueueSetState:function(){}},z=Object.assign,Y={};function E(s,o,i){this.props=s,this.context=o,this.refs=Y,this.updater=i||V}function F(){}function G(s,o,i){this.props=s,this.context=o,this.refs=Y,this.updater=i||V}E.prototype.isReactComponent={},E.prototype.setState=function(s,o){if("object"!=typeof s&&"function"!=typeof s&&null!=s)throw Error("setState(...): takes an object of state variables to update or a function which returns an object of state variables.");this.updater.enqueueSetState(this,s,o,"setState")},E.prototype.forceUpdate=function(s){this.updater.enqueueForceUpdate(this,s,"forceUpdate")},F.prototype=E.prototype;var Z=G.prototype=new F;Z.constructor=G,z(Z,E.prototype),Z.isPureReactComponent=!0;var ee=Array.isArray,ie=Object.prototype.hasOwnProperty,ae={current:null},ce={key:!0,ref:!0,__self:!0,__source:!0};function M(s,o,a){var u,_={},w=null,x=null;if(null!=o)for(u in void 0!==o.ref&&(x=o.ref),void 0!==o.key&&(w=""+o.key),o)ie.call(o,u)&&!ce.hasOwnProperty(u)&&(_[u]=o[u]);var C=arguments.length-2;if(1===C)_.children=a;else if(1{var a=i(96131);s.exports=function arrayIncludes(s,o){return!!(null==s?0:s.length)&&a(s,o,0)>-1}},15340:()=>{},15377:(s,o,i)=>{"use strict";var a=i(92861).Buffer,u=i(64634),_=i(74372),w=ArrayBuffer.isView||function isView(s){try{return _(s),!0}catch(s){return!1}},x="undefined"!=typeof Uint8Array,C="undefined"!=typeof ArrayBuffer&&"undefined"!=typeof Uint8Array,j=C&&(a.prototype instanceof Uint8Array||a.TYPED_ARRAY_SUPPORT);s.exports=function toBuffer(s,o){if(s instanceof a)return s;if("string"==typeof s)return a.from(s,o);if(C&&w(s)){if(0===s.byteLength)return a.alloc(0);if(j){var i=a.from(s.buffer,s.byteOffset,s.byteLength);if(i.byteLength===s.byteLength)return i}var _=s instanceof Uint8Array?s:new Uint8Array(s.buffer,s.byteOffset,s.byteLength),L=a.from(_);if(L.length===s.byteLength)return L}if(x&&s instanceof Uint8Array)return a.from(s);var B=u(s);if(B)for(var $=0;$255||~~U!==U)throw new RangeError("Array items must be numbers in the range 0-255.")}if(B||a.isBuffer(s)&&s.constructor&&"function"==typeof s.constructor.isBuffer&&s.constructor.isBuffer(s))return a.from(s);throw new TypeError('The "data" argument must be a string, an Array, a Buffer, a Uint8Array, or a DataView.')}},15389:(s,o,i)=>{var a=i(93663),u=i(87978),_=i(83488),w=i(56449),x=i(50583);s.exports=function baseIteratee(s){return"function"==typeof s?s:null==s?_:"object"==typeof s?w(s)?u(s[0],s[1]):a(s):x(s)}},15972:(s,o,i)=>{"use strict";var a=i(49724),u=i(62250),_=i(39298),w=i(92522),x=i(57382),C=w("IE_PROTO"),j=Object,L=j.prototype;s.exports=x?j.getPrototypeOf:function(s){var o=_(s);if(a(o,C))return o[C];var i=o.constructor;return u(i)&&o instanceof i?i.prototype:o instanceof j?L:null}},16038:(s,o,i)=>{var a=i(5861),u=i(40346);s.exports=function baseIsSet(s){return u(s)&&"[object Set]"==a(s)}},16426:s=>{s.exports=function(){var s=document.getSelection();if(!s.rangeCount)return function(){};for(var o=document.activeElement,i=[],a=0;a{var a=i(43360),u=i(75288),_=Object.prototype.hasOwnProperty;s.exports=function assignValue(s,o,i){var w=s[o];_.call(s,o)&&u(w,i)&&(void 0!==i||o in s)||a(s,o,i)}},16708:(s,o,i)=>{"use strict";var a,u=i(65606);function CorkedRequest(s){var o=this;this.next=null,this.entry=null,this.finish=function(){!function onCorkedFinish(s,o,i){var a=s.entry;s.entry=null;for(;a;){var u=a.callback;o.pendingcb--,u(i),a=a.next}o.corkedRequestsFree.next=s}(o,s)}}s.exports=Writable,Writable.WritableState=WritableState;var _={deprecate:i(94643)},w=i(40345),x=i(48287).Buffer,C=(void 0!==i.g?i.g:"undefined"!=typeof window?window:"undefined"!=typeof self?self:{}).Uint8Array||function(){};var j,L=i(75896),B=i(65291).getHighWaterMark,$=i(86048).F,U=$.ERR_INVALID_ARG_TYPE,V=$.ERR_METHOD_NOT_IMPLEMENTED,z=$.ERR_MULTIPLE_CALLBACK,Y=$.ERR_STREAM_CANNOT_PIPE,Z=$.ERR_STREAM_DESTROYED,ee=$.ERR_STREAM_NULL_VALUES,ie=$.ERR_STREAM_WRITE_AFTER_END,ae=$.ERR_UNKNOWN_ENCODING,ce=L.errorOrDestroy;function nop(){}function WritableState(s,o,_){a=a||i(25382),s=s||{},"boolean"!=typeof _&&(_=o instanceof a),this.objectMode=!!s.objectMode,_&&(this.objectMode=this.objectMode||!!s.writableObjectMode),this.highWaterMark=B(this,s,"writableHighWaterMark",_),this.finalCalled=!1,this.needDrain=!1,this.ending=!1,this.ended=!1,this.finished=!1,this.destroyed=!1;var w=!1===s.decodeStrings;this.decodeStrings=!w,this.defaultEncoding=s.defaultEncoding||"utf8",this.length=0,this.writing=!1,this.corked=0,this.sync=!0,this.bufferProcessing=!1,this.onwrite=function(s){!function onwrite(s,o){var i=s._writableState,a=i.sync,_=i.writecb;if("function"!=typeof _)throw new z;if(function onwriteStateUpdate(s){s.writing=!1,s.writecb=null,s.length-=s.writelen,s.writelen=0}(i),o)!function onwriteError(s,o,i,a,_){--o.pendingcb,i?(u.nextTick(_,a),u.nextTick(finishMaybe,s,o),s._writableState.errorEmitted=!0,ce(s,a)):(_(a),s._writableState.errorEmitted=!0,ce(s,a),finishMaybe(s,o))}(s,i,a,o,_);else{var w=needFinish(i)||s.destroyed;w||i.corked||i.bufferProcessing||!i.bufferedRequest||clearBuffer(s,i),a?u.nextTick(afterWrite,s,i,w,_):afterWrite(s,i,w,_)}}(o,s)},this.writecb=null,this.writelen=0,this.bufferedRequest=null,this.lastBufferedRequest=null,this.pendingcb=0,this.prefinished=!1,this.errorEmitted=!1,this.emitClose=!1!==s.emitClose,this.autoDestroy=!!s.autoDestroy,this.bufferedRequestCount=0,this.corkedRequestsFree=new CorkedRequest(this)}function Writable(s){var o=this instanceof(a=a||i(25382));if(!o&&!j.call(Writable,this))return new Writable(s);this._writableState=new WritableState(s,this,o),this.writable=!0,s&&("function"==typeof s.write&&(this._write=s.write),"function"==typeof s.writev&&(this._writev=s.writev),"function"==typeof s.destroy&&(this._destroy=s.destroy),"function"==typeof s.final&&(this._final=s.final)),w.call(this)}function doWrite(s,o,i,a,u,_,w){o.writelen=a,o.writecb=w,o.writing=!0,o.sync=!0,o.destroyed?o.onwrite(new Z("write")):i?s._writev(u,o.onwrite):s._write(u,_,o.onwrite),o.sync=!1}function afterWrite(s,o,i,a){i||function onwriteDrain(s,o){0===o.length&&o.needDrain&&(o.needDrain=!1,s.emit("drain"))}(s,o),o.pendingcb--,a(),finishMaybe(s,o)}function clearBuffer(s,o){o.bufferProcessing=!0;var i=o.bufferedRequest;if(s._writev&&i&&i.next){var a=o.bufferedRequestCount,u=new Array(a),_=o.corkedRequestsFree;_.entry=i;for(var w=0,x=!0;i;)u[w]=i,i.isBuf||(x=!1),i=i.next,w+=1;u.allBuffers=x,doWrite(s,o,!0,o.length,u,"",_.finish),o.pendingcb++,o.lastBufferedRequest=null,_.next?(o.corkedRequestsFree=_.next,_.next=null):o.corkedRequestsFree=new CorkedRequest(o),o.bufferedRequestCount=0}else{for(;i;){var C=i.chunk,j=i.encoding,L=i.callback;if(doWrite(s,o,!1,o.objectMode?1:C.length,C,j,L),i=i.next,o.bufferedRequestCount--,o.writing)break}null===i&&(o.lastBufferedRequest=null)}o.bufferedRequest=i,o.bufferProcessing=!1}function needFinish(s){return s.ending&&0===s.length&&null===s.bufferedRequest&&!s.finished&&!s.writing}function callFinal(s,o){s._final((function(i){o.pendingcb--,i&&ce(s,i),o.prefinished=!0,s.emit("prefinish"),finishMaybe(s,o)}))}function finishMaybe(s,o){var i=needFinish(o);if(i&&(function prefinish(s,o){o.prefinished||o.finalCalled||("function"!=typeof s._final||o.destroyed?(o.prefinished=!0,s.emit("prefinish")):(o.pendingcb++,o.finalCalled=!0,u.nextTick(callFinal,s,o)))}(s,o),0===o.pendingcb&&(o.finished=!0,s.emit("finish"),o.autoDestroy))){var a=s._readableState;(!a||a.autoDestroy&&a.endEmitted)&&s.destroy()}return i}i(56698)(Writable,w),WritableState.prototype.getBuffer=function getBuffer(){for(var s=this.bufferedRequest,o=[];s;)o.push(s),s=s.next;return o},function(){try{Object.defineProperty(WritableState.prototype,"buffer",{get:_.deprecate((function writableStateBufferGetter(){return this.getBuffer()}),"_writableState.buffer is deprecated. Use _writableState.getBuffer instead.","DEP0003")})}catch(s){}}(),"function"==typeof Symbol&&Symbol.hasInstance&&"function"==typeof Function.prototype[Symbol.hasInstance]?(j=Function.prototype[Symbol.hasInstance],Object.defineProperty(Writable,Symbol.hasInstance,{value:function value(s){return!!j.call(this,s)||this===Writable&&(s&&s._writableState instanceof WritableState)}})):j=function realHasInstance(s){return s instanceof this},Writable.prototype.pipe=function(){ce(this,new Y)},Writable.prototype.write=function(s,o,i){var a=this._writableState,_=!1,w=!a.objectMode&&function _isUint8Array(s){return x.isBuffer(s)||s instanceof C}(s);return w&&!x.isBuffer(s)&&(s=function _uint8ArrayToBuffer(s){return x.from(s)}(s)),"function"==typeof o&&(i=o,o=null),w?o="buffer":o||(o=a.defaultEncoding),"function"!=typeof i&&(i=nop),a.ending?function writeAfterEnd(s,o){var i=new ie;ce(s,i),u.nextTick(o,i)}(this,i):(w||function validChunk(s,o,i,a){var _;return null===i?_=new ee:"string"==typeof i||o.objectMode||(_=new U("chunk",["string","Buffer"],i)),!_||(ce(s,_),u.nextTick(a,_),!1)}(this,a,s,i))&&(a.pendingcb++,_=function writeOrBuffer(s,o,i,a,u,_){if(!i){var w=function decodeChunk(s,o,i){s.objectMode||!1===s.decodeStrings||"string"!=typeof o||(o=x.from(o,i));return o}(o,a,u);a!==w&&(i=!0,u="buffer",a=w)}var C=o.objectMode?1:a.length;o.length+=C;var j=o.length-1))throw new ae(s);return this._writableState.defaultEncoding=s,this},Object.defineProperty(Writable.prototype,"writableBuffer",{enumerable:!1,get:function get(){return this._writableState&&this._writableState.getBuffer()}}),Object.defineProperty(Writable.prototype,"writableHighWaterMark",{enumerable:!1,get:function get(){return this._writableState.highWaterMark}}),Writable.prototype._write=function(s,o,i){i(new V("_write()"))},Writable.prototype._writev=null,Writable.prototype.end=function(s,o,i){var a=this._writableState;return"function"==typeof s?(i=s,s=null,o=null):"function"==typeof o&&(i=o,o=null),null!=s&&this.write(s,o),a.corked&&(a.corked=1,this.uncork()),a.ending||function endWritable(s,o,i){o.ending=!0,finishMaybe(s,o),i&&(o.finished?u.nextTick(i):s.once("finish",i));o.ended=!0,s.writable=!1}(this,a,i),this},Object.defineProperty(Writable.prototype,"writableLength",{enumerable:!1,get:function get(){return this._writableState.length}}),Object.defineProperty(Writable.prototype,"destroyed",{enumerable:!1,get:function get(){return void 0!==this._writableState&&this._writableState.destroyed},set:function set(s){this._writableState&&(this._writableState.destroyed=s)}}),Writable.prototype.destroy=L.destroy,Writable.prototype._undestroy=L.undestroy,Writable.prototype._destroy=function(s,o){o(s)}},16946:(s,o,i)=>{"use strict";var a=i(1907),u=i(98828),_=i(45807),w=Object,x=a("".split);s.exports=u((function(){return!w("z").propertyIsEnumerable(0)}))?function(s){return"String"===_(s)?x(s,""):w(s)}:w},16962:(s,o)=>{o.aliasToReal={each:"forEach",eachRight:"forEachRight",entries:"toPairs",entriesIn:"toPairsIn",extend:"assignIn",extendAll:"assignInAll",extendAllWith:"assignInAllWith",extendWith:"assignInWith",first:"head",conforms:"conformsTo",matches:"isMatch",property:"get",__:"placeholder",F:"stubFalse",T:"stubTrue",all:"every",allPass:"overEvery",always:"constant",any:"some",anyPass:"overSome",apply:"spread",assoc:"set",assocPath:"set",complement:"negate",compose:"flowRight",contains:"includes",dissoc:"unset",dissocPath:"unset",dropLast:"dropRight",dropLastWhile:"dropRightWhile",equals:"isEqual",identical:"eq",indexBy:"keyBy",init:"initial",invertObj:"invert",juxt:"over",omitAll:"omit",nAry:"ary",path:"get",pathEq:"matchesProperty",pathOr:"getOr",paths:"at",pickAll:"pick",pipe:"flow",pluck:"map",prop:"get",propEq:"matchesProperty",propOr:"getOr",props:"at",symmetricDifference:"xor",symmetricDifferenceBy:"xorBy",symmetricDifferenceWith:"xorWith",takeLast:"takeRight",takeLastWhile:"takeRightWhile",unapply:"rest",unnest:"flatten",useWith:"overArgs",where:"conformsTo",whereEq:"isMatch",zipObj:"zipObject"},o.aryMethod={1:["assignAll","assignInAll","attempt","castArray","ceil","create","curry","curryRight","defaultsAll","defaultsDeepAll","floor","flow","flowRight","fromPairs","invert","iteratee","memoize","method","mergeAll","methodOf","mixin","nthArg","over","overEvery","overSome","rest","reverse","round","runInContext","spread","template","trim","trimEnd","trimStart","uniqueId","words","zipAll"],2:["add","after","ary","assign","assignAllWith","assignIn","assignInAllWith","at","before","bind","bindAll","bindKey","chunk","cloneDeepWith","cloneWith","concat","conformsTo","countBy","curryN","curryRightN","debounce","defaults","defaultsDeep","defaultTo","delay","difference","divide","drop","dropRight","dropRightWhile","dropWhile","endsWith","eq","every","filter","find","findIndex","findKey","findLast","findLastIndex","findLastKey","flatMap","flatMapDeep","flattenDepth","forEach","forEachRight","forIn","forInRight","forOwn","forOwnRight","get","groupBy","gt","gte","has","hasIn","includes","indexOf","intersection","invertBy","invoke","invokeMap","isEqual","isMatch","join","keyBy","lastIndexOf","lt","lte","map","mapKeys","mapValues","matchesProperty","maxBy","meanBy","merge","mergeAllWith","minBy","multiply","nth","omit","omitBy","overArgs","pad","padEnd","padStart","parseInt","partial","partialRight","partition","pick","pickBy","propertyOf","pull","pullAll","pullAt","random","range","rangeRight","rearg","reject","remove","repeat","restFrom","result","sampleSize","some","sortBy","sortedIndex","sortedIndexOf","sortedLastIndex","sortedLastIndexOf","sortedUniqBy","split","spreadFrom","startsWith","subtract","sumBy","take","takeRight","takeRightWhile","takeWhile","tap","throttle","thru","times","trimChars","trimCharsEnd","trimCharsStart","truncate","union","uniqBy","uniqWith","unset","unzipWith","without","wrap","xor","zip","zipObject","zipObjectDeep"],3:["assignInWith","assignWith","clamp","differenceBy","differenceWith","findFrom","findIndexFrom","findLastFrom","findLastIndexFrom","getOr","includesFrom","indexOfFrom","inRange","intersectionBy","intersectionWith","invokeArgs","invokeArgsMap","isEqualWith","isMatchWith","flatMapDepth","lastIndexOfFrom","mergeWith","orderBy","padChars","padCharsEnd","padCharsStart","pullAllBy","pullAllWith","rangeStep","rangeStepRight","reduce","reduceRight","replace","set","slice","sortedIndexBy","sortedLastIndexBy","transform","unionBy","unionWith","update","xorBy","xorWith","zipWith"],4:["fill","setWith","updateWith"]},o.aryRearg={2:[1,0],3:[2,0,1],4:[3,2,0,1]},o.iterateeAry={dropRightWhile:1,dropWhile:1,every:1,filter:1,find:1,findFrom:1,findIndex:1,findIndexFrom:1,findKey:1,findLast:1,findLastFrom:1,findLastIndex:1,findLastIndexFrom:1,findLastKey:1,flatMap:1,flatMapDeep:1,flatMapDepth:1,forEach:1,forEachRight:1,forIn:1,forInRight:1,forOwn:1,forOwnRight:1,map:1,mapKeys:1,mapValues:1,partition:1,reduce:2,reduceRight:2,reject:1,remove:1,some:1,takeRightWhile:1,takeWhile:1,times:1,transform:2},o.iterateeRearg={mapKeys:[1],reduceRight:[1,0]},o.methodRearg={assignInAllWith:[1,0],assignInWith:[1,2,0],assignAllWith:[1,0],assignWith:[1,2,0],differenceBy:[1,2,0],differenceWith:[1,2,0],getOr:[2,1,0],intersectionBy:[1,2,0],intersectionWith:[1,2,0],isEqualWith:[1,2,0],isMatchWith:[2,1,0],mergeAllWith:[1,0],mergeWith:[1,2,0],padChars:[2,1,0],padCharsEnd:[2,1,0],padCharsStart:[2,1,0],pullAllBy:[2,1,0],pullAllWith:[2,1,0],rangeStep:[1,2,0],rangeStepRight:[1,2,0],setWith:[3,1,2,0],sortedIndexBy:[2,1,0],sortedLastIndexBy:[2,1,0],unionBy:[1,2,0],unionWith:[1,2,0],updateWith:[3,1,2,0],xorBy:[1,2,0],xorWith:[1,2,0],zipWith:[1,2,0]},o.methodSpread={assignAll:{start:0},assignAllWith:{start:0},assignInAll:{start:0},assignInAllWith:{start:0},defaultsAll:{start:0},defaultsDeepAll:{start:0},invokeArgs:{start:2},invokeArgsMap:{start:2},mergeAll:{start:0},mergeAllWith:{start:0},partial:{start:1},partialRight:{start:1},without:{start:1},zipAll:{start:0}},o.mutate={array:{fill:!0,pull:!0,pullAll:!0,pullAllBy:!0,pullAllWith:!0,pullAt:!0,remove:!0,reverse:!0},object:{assign:!0,assignAll:!0,assignAllWith:!0,assignIn:!0,assignInAll:!0,assignInAllWith:!0,assignInWith:!0,assignWith:!0,defaults:!0,defaultsAll:!0,defaultsDeep:!0,defaultsDeepAll:!0,merge:!0,mergeAll:!0,mergeAllWith:!0,mergeWith:!0},set:{set:!0,setWith:!0,unset:!0,update:!0,updateWith:!0}},o.realToAlias=function(){var s=Object.prototype.hasOwnProperty,i=o.aliasToReal,a={};for(var u in i){var _=i[u];s.call(a,_)?a[_].push(u):a[_]=[u]}return a}(),o.remap={assignAll:"assign",assignAllWith:"assignWith",assignInAll:"assignIn",assignInAllWith:"assignInWith",curryN:"curry",curryRightN:"curryRight",defaultsAll:"defaults",defaultsDeepAll:"defaultsDeep",findFrom:"find",findIndexFrom:"findIndex",findLastFrom:"findLast",findLastIndexFrom:"findLastIndex",getOr:"get",includesFrom:"includes",indexOfFrom:"indexOf",invokeArgs:"invoke",invokeArgsMap:"invokeMap",lastIndexOfFrom:"lastIndexOf",mergeAll:"merge",mergeAllWith:"mergeWith",padChars:"pad",padCharsEnd:"padEnd",padCharsStart:"padStart",propertyOf:"get",rangeStep:"range",rangeStepRight:"rangeRight",restFrom:"rest",spreadFrom:"spread",trimChars:"trim",trimCharsEnd:"trimEnd",trimCharsStart:"trimStart",zipAll:"zip"},o.skipFixed={castArray:!0,flow:!0,flowRight:!0,iteratee:!0,mixin:!0,rearg:!0,runInContext:!0},o.skipRearg={add:!0,assign:!0,assignIn:!0,bind:!0,bindKey:!0,concat:!0,difference:!0,divide:!0,eq:!0,gt:!0,gte:!0,isEqual:!0,lt:!0,lte:!0,matchesProperty:!0,merge:!0,multiply:!0,overArgs:!0,partial:!0,partialRight:!0,propertyOf:!0,random:!0,range:!0,rangeRight:!0,subtract:!0,zip:!0,zipObject:!0,zipObjectDeep:!0}},17255:(s,o,i)=>{var a=i(47422);s.exports=function basePropertyDeep(s){return function(o){return a(o,s)}}},17285:s=>{function source(s){return s?"string"==typeof s?s:s.source:null}function lookahead(s){return concat("(?=",s,")")}function concat(...s){return s.map((s=>source(s))).join("")}function either(...s){return"("+s.map((s=>source(s))).join("|")+")"}s.exports=function xml(s){const o=concat(/[A-Z_]/,function optional(s){return concat("(",s,")?")}(/[A-Z0-9_.-]*:/),/[A-Z0-9_.-]*/),i={className:"symbol",begin:/&[a-z]+;|&#[0-9]+;|&#x[a-f0-9]+;/},a={begin:/\s/,contains:[{className:"meta-keyword",begin:/#?[a-z_][a-z1-9_-]+/,illegal:/\n/}]},u=s.inherit(a,{begin:/\(/,end:/\)/}),_=s.inherit(s.APOS_STRING_MODE,{className:"meta-string"}),w=s.inherit(s.QUOTE_STRING_MODE,{className:"meta-string"}),x={endsWithParent:!0,illegal:/`]+/}]}]}]};return{name:"HTML, XML",aliases:["html","xhtml","rss","atom","xjb","xsd","xsl","plist","wsf","svg"],case_insensitive:!0,contains:[{className:"meta",begin://,relevance:10,contains:[a,w,_,u,{begin:/\[/,end:/\]/,contains:[{className:"meta",begin://,contains:[a,u,w,_]}]}]},s.COMMENT(//,{relevance:10}),{begin://,relevance:10},i,{className:"meta",begin:/<\?xml/,end:/\?>/,relevance:10},{className:"tag",begin:/)/,end:/>/,keywords:{name:"style"},contains:[x],starts:{end:/<\/style>/,returnEnd:!0,subLanguage:["css","xml"]}},{className:"tag",begin:/)/,end:/>/,keywords:{name:"script"},contains:[x],starts:{end:/<\/script>/,returnEnd:!0,subLanguage:["javascript","handlebars","xml"]}},{className:"tag",begin:/<>|<\/>/},{className:"tag",begin:concat(//,/>/,/\s/)))),end:/\/?>/,contains:[{className:"name",begin:o,relevance:0,starts:x}]},{className:"tag",begin:concat(/<\//,lookahead(concat(o,/>/))),contains:[{className:"name",begin:o,relevance:0},{begin:/>/,relevance:0,endsParent:!0}]}]}}},17400:(s,o,i)=>{var a=i(99374),u=1/0;s.exports=function toFinite(s){return s?(s=a(s))===u||s===-1/0?17976931348623157e292*(s<0?-1:1):s==s?s:0:0===s?s:0}},17533:s=>{s.exports=function yaml(s){var o="true false yes no null",i="[\\w#;/?:@&=+$,.~*'()[\\]]+",a={className:"string",relevance:0,variants:[{begin:/'/,end:/'/},{begin:/"/,end:/"/},{begin:/\S+/}],contains:[s.BACKSLASH_ESCAPE,{className:"template-variable",variants:[{begin:/\{\{/,end:/\}\}/},{begin:/%\{/,end:/\}/}]}]},u=s.inherit(a,{variants:[{begin:/'/,end:/'/},{begin:/"/,end:/"/},{begin:/[^\s,{}[\]]+/}]}),_={className:"number",begin:"\\b[0-9]{4}(-[0-9][0-9]){0,2}([Tt \\t][0-9][0-9]?(:[0-9][0-9]){2})?(\\.[0-9]*)?([ \\t])*(Z|[-+][0-9][0-9]?(:[0-9][0-9])?)?\\b"},w={end:",",endsWithParent:!0,excludeEnd:!0,keywords:o,relevance:0},x={begin:/\{/,end:/\}/,contains:[w],illegal:"\\n",relevance:0},C={begin:"\\[",end:"\\]",contains:[w],illegal:"\\n",relevance:0},j=[{className:"attr",variants:[{begin:"\\w[\\w :\\/.-]*:(?=[ \t]|$)"},{begin:'"\\w[\\w :\\/.-]*":(?=[ \t]|$)'},{begin:"'\\w[\\w :\\/.-]*':(?=[ \t]|$)"}]},{className:"meta",begin:"^---\\s*$",relevance:10},{className:"string",begin:"[\\|>]([1-9]?[+-])?[ ]*\\n( +)[^ ][^\\n]*\\n(\\2[^\\n]+\\n?)*"},{begin:"<%[%=-]?",end:"[%-]?%>",subLanguage:"ruby",excludeBegin:!0,excludeEnd:!0,relevance:0},{className:"type",begin:"!\\w+!"+i},{className:"type",begin:"!<"+i+">"},{className:"type",begin:"!"+i},{className:"type",begin:"!!"+i},{className:"meta",begin:"&"+s.UNDERSCORE_IDENT_RE+"$"},{className:"meta",begin:"\\*"+s.UNDERSCORE_IDENT_RE+"$"},{className:"bullet",begin:"-(?=[ ]|$)",relevance:0},s.HASH_COMMENT_MODE,{beginKeywords:o,keywords:{literal:o}},_,{className:"number",begin:s.C_NUMBER_RE+"\\b",relevance:0},x,C,a],L=[...j];return L.pop(),L.push(u),w.contains=L,{name:"YAML",case_insensitive:!0,aliases:["yml"],contains:j}}},17670:(s,o,i)=>{var a=i(12651);s.exports=function mapCacheDelete(s){var o=a(this,s).delete(s);return this.size-=o?1:0,o}},17965:(s,o,i)=>{"use strict";var a=i(16426),u={"text/plain":"Text","text/html":"Url",default:"Text"};s.exports=function copy(s,o){var i,_,w,x,C,j,L=!1;o||(o={}),i=o.debug||!1;try{if(w=a(),x=document.createRange(),C=document.getSelection(),(j=document.createElement("span")).textContent=s,j.ariaHidden="true",j.style.all="unset",j.style.position="fixed",j.style.top=0,j.style.clip="rect(0, 0, 0, 0)",j.style.whiteSpace="pre",j.style.webkitUserSelect="text",j.style.MozUserSelect="text",j.style.msUserSelect="text",j.style.userSelect="text",j.addEventListener("copy",(function(a){if(a.stopPropagation(),o.format)if(a.preventDefault(),void 0===a.clipboardData){i&&console.warn("unable to use e.clipboardData"),i&&console.warn("trying IE specific stuff"),window.clipboardData.clearData();var _=u[o.format]||u.default;window.clipboardData.setData(_,s)}else a.clipboardData.clearData(),a.clipboardData.setData(o.format,s);o.onCopy&&(a.preventDefault(),o.onCopy(a.clipboardData))})),document.body.appendChild(j),x.selectNodeContents(j),C.addRange(x),!document.execCommand("copy"))throw new Error("copy command was unsuccessful");L=!0}catch(a){i&&console.error("unable to copy using execCommand: ",a),i&&console.warn("trying IE specific stuff");try{window.clipboardData.setData(o.format||"text",s),o.onCopy&&o.onCopy(window.clipboardData),L=!0}catch(a){i&&console.error("unable to copy using clipboardData: ",a),i&&console.error("falling back to prompt"),_=function format(s){var o=(/mac os x/i.test(navigator.userAgent)?"⌘":"Ctrl")+"+C";return s.replace(/#{\s*key\s*}/g,o)}("message"in o?o.message:"Copy to clipboard: #{key}, Enter"),window.prompt(_,s)}}finally{C&&("function"==typeof C.removeRange?C.removeRange(x):C.removeAllRanges()),j&&document.body.removeChild(j),w()}return L}},18073:(s,o,i)=>{var a=i(85087),u=i(54641),_=i(70981);s.exports=function createRecurry(s,o,i,w,x,C,j,L,B,$){var U=8&o;o|=U?32:64,4&(o&=~(U?64:32))||(o&=-4);var V=[s,o,x,U?C:void 0,U?j:void 0,U?void 0:C,U?void 0:j,L,B,$],z=i.apply(void 0,V);return a(s)&&u(z,V),z.placeholder=w,_(z,s,o)}},19123:(s,o,i)=>{var a=i(65606),u=i(31499),_=i(88310).Stream;function resolve(s,o,i){var a,_=function create_indent(s,o){return new Array(o||0).join(s||"")}(o,i=i||0),w=s;if("object"==typeof s&&((w=s[a=Object.keys(s)[0]])&&w._elem))return w._elem.name=a,w._elem.icount=i,w._elem.indent=o,w._elem.indents=_,w._elem.interrupt=w,w._elem;var x,C=[],j=[];function get_attributes(s){Object.keys(s).forEach((function(o){C.push(function attribute(s,o){return s+'="'+u(o)+'"'}(o,s[o]))}))}switch(typeof w){case"object":if(null===w)break;w._attr&&get_attributes(w._attr),w._cdata&&j.push(("/g,"]]]]>")+"]]>"),w.forEach&&(x=!1,j.push(""),w.forEach((function(s){"object"==typeof s?"_attr"==Object.keys(s)[0]?get_attributes(s._attr):j.push(resolve(s,o,i+1)):(j.pop(),x=!0,j.push(u(s)))})),x||j.push(""));break;default:j.push(u(w))}return{name:a,interrupt:!1,attributes:C,content:j,icount:i,indents:_,indent:o}}function format(s,o,i){if("object"!=typeof o)return s(!1,o);var a=o.interrupt?1:o.content.length;function proceed(){for(;o.content.length;){var u=o.content.shift();if(void 0!==u){if(interrupt(u))return;format(s,u)}}s(!1,(a>1?o.indents:"")+(o.name?"":"")+(o.indent&&!i?"\n":"")),i&&i()}function interrupt(o){return!!o.interrupt&&(o.interrupt.append=s,o.interrupt.end=proceed,o.interrupt=!1,s(!0),!0)}if(s(!1,o.indents+(o.name?"<"+o.name:"")+(o.attributes.length?" "+o.attributes.join(" "):"")+(a?o.name?">":"":o.name?"/>":"")+(o.indent&&a>1?"\n":"")),!a)return s(!1,o.indent?"\n":"");interrupt(o)||proceed()}s.exports=function xml(s,o){"object"!=typeof o&&(o={indent:o});var i=o.stream?new _:null,u="",w=!1,x=o.indent?!0===o.indent?" ":o.indent:"",C=!0;function delay(s){C?a.nextTick(s):s()}function append(s,o){if(void 0!==o&&(u+=o),s&&!w&&(i=i||new _,w=!0),s&&w){var a=u;delay((function(){i.emit("data",a)})),u=""}}function add(s,o){format(append,resolve(s,x,x?1:0),o)}function end(){if(i){var s=u;delay((function(){i.emit("data",s),i.emit("end"),i.readable=!1,i.emit("close")}))}}return delay((function(){C=!1})),o.declaration&&function addXmlDeclaration(s){var o={version:"1.0",encoding:s.encoding||"UTF-8"};s.standalone&&(o.standalone=s.standalone),add({"?xml":{_attr:o}}),u=u.replace("/>","?>")}(o.declaration),s&&s.forEach?s.forEach((function(o,i){var a;i+1===s.length&&(a=end),add(o,a)})):add(s,end),i?(i.readable=!0,i):u},s.exports.element=s.exports.Element=function element(){var s={_elem:resolve(Array.prototype.slice.call(arguments)),push:function(s){if(!this.append)throw new Error("not assigned to a parent!");var o=this,i=this._elem.indent;format(this.append,resolve(s,i,this._elem.icount+(i?1:0)),(function(){o.append(!0)}))},close:function(s){void 0!==s&&this.push(s),this.end&&this.end()}};return s}},19219:s=>{s.exports=function cacheHas(s,o){return s.has(o)}},19287:s=>{"use strict";s.exports={CSSRuleList:0,CSSStyleDeclaration:0,CSSValueList:0,ClientRectList:0,DOMRectList:0,DOMStringList:0,DOMTokenList:1,DataTransferItemList:0,FileList:0,HTMLAllCollection:0,HTMLCollection:0,HTMLFormElement:0,HTMLSelectElement:0,MediaList:0,MimeTypeArray:0,NamedNodeMap:0,NodeList:1,PaintRequestList:0,Plugin:0,PluginArray:0,SVGLengthList:0,SVGNumberList:0,SVGPathSegList:0,SVGPointList:0,SVGStringList:0,SVGTransformList:0,SourceBufferList:0,StyleSheetList:0,TextTrackCueList:0,TextTrackList:0,TouchList:0}},19358:(s,o,i)=>{"use strict";var a=i(85582),u=i(49724),_=i(61626),w=i(88280),x=i(79192),C=i(19595),j=i(54829),L=i(34084),B=i(32096),$=i(39259),U=i(85884),V=i(39447),z=i(7376);s.exports=function(s,o,i,Y){var Z="stackTraceLimit",ee=Y?2:1,ie=s.split("."),ae=ie[ie.length-1],ce=a.apply(null,ie);if(ce){var le=ce.prototype;if(!z&&u(le,"cause")&&delete le.cause,!i)return ce;var pe=a("Error"),de=o((function(s,o){var i=B(Y?o:s,void 0),a=Y?new ce(s):new ce;return void 0!==i&&_(a,"message",i),U(a,de,a.stack,2),this&&w(le,this)&&L(a,this,de),arguments.length>ee&&$(a,arguments[ee]),a}));if(de.prototype=le,"Error"!==ae?x?x(de,pe):C(de,pe,{name:!0}):V&&Z in ce&&(j(de,ce,Z),j(de,ce,"prepareStackTrace")),C(de,ce),!z)try{le.name!==ae&&_(le,"name",ae),le.constructor=de}catch(s){}return de}}},19570:(s,o,i)=>{var a=i(37334),u=i(93243),_=i(83488),w=u?function(s,o){return u(s,"toString",{configurable:!0,enumerable:!1,value:a(o),writable:!0})}:_;s.exports=w},19595:(s,o,i)=>{"use strict";var a=i(49724),u=i(11042),_=i(13846),w=i(74284);s.exports=function(s,o,i){for(var x=u(o),C=w.f,j=_.f,L=0;L{"use strict";var a=i(23034);s.exports=a},19846:(s,o,i)=>{"use strict";var a=i(20798),u=i(98828),_=i(45951).String;s.exports=!!Object.getOwnPropertySymbols&&!u((function(){var s=Symbol("symbol detection");return!_(s)||!(Object(s)instanceof Symbol)||!Symbol.sham&&a&&a<41}))},19931:(s,o,i)=>{var a=i(31769),u=i(68090),_=i(68969),w=i(77797);s.exports=function baseUnset(s,o){return o=a(o,s),null==(s=_(s,o))||delete s[w(u(o))]}},20181:(s,o,i)=>{var a=/^\s+|\s+$/g,u=/^[-+]0x[0-9a-f]+$/i,_=/^0b[01]+$/i,w=/^0o[0-7]+$/i,x=parseInt,C="object"==typeof i.g&&i.g&&i.g.Object===Object&&i.g,j="object"==typeof self&&self&&self.Object===Object&&self,L=C||j||Function("return this")(),B=Object.prototype.toString,$=Math.max,U=Math.min,now=function(){return L.Date.now()};function isObject(s){var o=typeof s;return!!s&&("object"==o||"function"==o)}function toNumber(s){if("number"==typeof s)return s;if(function isSymbol(s){return"symbol"==typeof s||function isObjectLike(s){return!!s&&"object"==typeof s}(s)&&"[object Symbol]"==B.call(s)}(s))return NaN;if(isObject(s)){var o="function"==typeof s.valueOf?s.valueOf():s;s=isObject(o)?o+"":o}if("string"!=typeof s)return 0===s?s:+s;s=s.replace(a,"");var i=_.test(s);return i||w.test(s)?x(s.slice(2),i?2:8):u.test(s)?NaN:+s}s.exports=function debounce(s,o,i){var a,u,_,w,x,C,j=0,L=!1,B=!1,V=!0;if("function"!=typeof s)throw new TypeError("Expected a function");function invokeFunc(o){var i=a,_=u;return a=u=void 0,j=o,w=s.apply(_,i)}function shouldInvoke(s){var i=s-C;return void 0===C||i>=o||i<0||B&&s-j>=_}function timerExpired(){var s=now();if(shouldInvoke(s))return trailingEdge(s);x=setTimeout(timerExpired,function remainingWait(s){var i=o-(s-C);return B?U(i,_-(s-j)):i}(s))}function trailingEdge(s){return x=void 0,V&&a?invokeFunc(s):(a=u=void 0,w)}function debounced(){var s=now(),i=shouldInvoke(s);if(a=arguments,u=this,C=s,i){if(void 0===x)return function leadingEdge(s){return j=s,x=setTimeout(timerExpired,o),L?invokeFunc(s):w}(C);if(B)return x=setTimeout(timerExpired,o),invokeFunc(C)}return void 0===x&&(x=setTimeout(timerExpired,o)),w}return o=toNumber(o)||0,isObject(i)&&(L=!!i.leading,_=(B="maxWait"in i)?$(toNumber(i.maxWait)||0,o):_,V="trailing"in i?!!i.trailing:V),debounced.cancel=function cancel(){void 0!==x&&clearTimeout(x),j=0,a=C=u=x=void 0},debounced.flush=function flush(){return void 0===x?w:trailingEdge(now())},debounced}},20317:s=>{s.exports=function mapToArray(s){var o=-1,i=Array(s.size);return s.forEach((function(s,a){i[++o]=[a,s]})),i}},20334:(s,o,i)=>{"use strict";var a=i(48287).Buffer;class NonError extends Error{constructor(s){super(NonError._prepareSuperMessage(s)),Object.defineProperty(this,"name",{value:"NonError",configurable:!0,writable:!0}),Error.captureStackTrace&&Error.captureStackTrace(this,NonError)}static _prepareSuperMessage(s){try{return JSON.stringify(s)}catch{return String(s)}}}const u=[{property:"name",enumerable:!1},{property:"message",enumerable:!1},{property:"stack",enumerable:!1},{property:"code",enumerable:!0}],_=Symbol(".toJSON called"),destroyCircular=({from:s,seen:o,to_:i,forceEnumerable:w,maxDepth:x,depth:C})=>{const j=i||(Array.isArray(s)?[]:{});if(o.push(s),C>=x)return j;if("function"==typeof s.toJSON&&!0!==s[_])return(s=>{s[_]=!0;const o=s.toJSON();return delete s[_],o})(s);for(const[i,u]of Object.entries(s))"function"==typeof a&&a.isBuffer(u)?j[i]="[object Buffer]":"function"!=typeof u&&(u&&"object"==typeof u?o.includes(s[i])?j[i]="[Circular]":(C++,j[i]=destroyCircular({from:s[i],seen:o.slice(),forceEnumerable:w,maxDepth:x,depth:C})):j[i]=u);for(const{property:o,enumerable:i}of u)"string"==typeof s[o]&&Object.defineProperty(j,o,{value:s[o],enumerable:!!w||i,configurable:!0,writable:!0});return j};s.exports={serializeError:(s,o={})=>{const{maxDepth:i=Number.POSITIVE_INFINITY}=o;return"object"==typeof s&&null!==s?destroyCircular({from:s,seen:[],forceEnumerable:!0,maxDepth:i,depth:0}):"function"==typeof s?`[Function: ${s.name||"anonymous"}]`:s},deserializeError:(s,o={})=>{const{maxDepth:i=Number.POSITIVE_INFINITY}=o;if(s instanceof Error)return s;if("object"==typeof s&&null!==s&&!Array.isArray(s)){const o=new Error;return destroyCircular({from:s,seen:[],to_:o,maxDepth:i,depth:0}),o}return new NonError(s)}}},20426:s=>{var o=Object.prototype.hasOwnProperty;s.exports=function baseHas(s,i){return null!=s&&o.call(s,i)}},20575:(s,o,i)=>{"use strict";var a=i(3121);s.exports=function(s){return a(s.length)}},20798:(s,o,i)=>{"use strict";var a,u,_=i(45951),w=i(96794),x=_.process,C=_.Deno,j=x&&x.versions||C&&C.version,L=j&&j.v8;L&&(u=(a=L.split("."))[0]>0&&a[0]<4?1:+(a[0]+a[1])),!u&&w&&(!(a=w.match(/Edge\/(\d+)/))||a[1]>=74)&&(a=w.match(/Chrome\/(\d+)/))&&(u=+a[1]),s.exports=u},20850:(s,o,i)=>{"use strict";s.exports=i(46076)},20999:(s,o,i)=>{var a=i(69302),u=i(36800);s.exports=function createAssigner(s){return a((function(o,i){var a=-1,_=i.length,w=_>1?i[_-1]:void 0,x=_>2?i[2]:void 0;for(w=s.length>3&&"function"==typeof w?(_--,w):void 0,x&&u(i[0],i[1],x)&&(w=_<3?void 0:w,_=1),o=Object(o);++a<_;){var C=i[a];C&&s(o,C,a,w)}return o}))}},21549:(s,o,i)=>{var a=i(22032),u=i(63862),_=i(66721),w=i(12749),x=i(35749);function Hash(s){var o=-1,i=null==s?0:s.length;for(this.clear();++o{var a=i(16547),u=i(43360);s.exports=function copyObject(s,o,i,_){var w=!i;i||(i={});for(var x=-1,C=o.length;++x{var a=i(51873),u=i(37828),_=i(75288),w=i(25911),x=i(20317),C=i(84247),j=a?a.prototype:void 0,L=j?j.valueOf:void 0;s.exports=function equalByTag(s,o,i,a,j,B,$){switch(i){case"[object DataView]":if(s.byteLength!=o.byteLength||s.byteOffset!=o.byteOffset)return!1;s=s.buffer,o=o.buffer;case"[object ArrayBuffer]":return!(s.byteLength!=o.byteLength||!B(new u(s),new u(o)));case"[object Boolean]":case"[object Date]":case"[object Number]":return _(+s,+o);case"[object Error]":return s.name==o.name&&s.message==o.message;case"[object RegExp]":case"[object String]":return s==o+"";case"[object Map]":var U=x;case"[object Set]":var V=1&a;if(U||(U=C),s.size!=o.size&&!V)return!1;var z=$.get(s);if(z)return z==o;a|=2,$.set(s,o);var Y=w(U(s),U(o),a,j,B,$);return $.delete(s),Y;case"[object Symbol]":if(L)return L.call(s)==L.call(o)}return!1}},22032:(s,o,i)=>{var a=i(81042);s.exports=function hashClear(){this.__data__=a?a(null):{},this.size=0}},22225:s=>{var o="\\ud800-\\udfff",i="\\u2700-\\u27bf",a="a-z\\xdf-\\xf6\\xf8-\\xff",u="A-Z\\xc0-\\xd6\\xd8-\\xde",_="\\xac\\xb1\\xd7\\xf7\\x00-\\x2f\\x3a-\\x40\\x5b-\\x60\\x7b-\\xbf\\u2000-\\u206f \\t\\x0b\\f\\xa0\\ufeff\\n\\r\\u2028\\u2029\\u1680\\u180e\\u2000\\u2001\\u2002\\u2003\\u2004\\u2005\\u2006\\u2007\\u2008\\u2009\\u200a\\u202f\\u205f\\u3000",w="["+_+"]",x="\\d+",C="["+i+"]",j="["+a+"]",L="[^"+o+_+x+i+a+u+"]",B="(?:\\ud83c[\\udde6-\\uddff]){2}",$="[\\ud800-\\udbff][\\udc00-\\udfff]",U="["+u+"]",V="(?:"+j+"|"+L+")",z="(?:"+U+"|"+L+")",Y="(?:['’](?:d|ll|m|re|s|t|ve))?",Z="(?:['’](?:D|LL|M|RE|S|T|VE))?",ee="(?:[\\u0300-\\u036f\\ufe20-\\ufe2f\\u20d0-\\u20ff]|\\ud83c[\\udffb-\\udfff])?",ie="[\\ufe0e\\ufe0f]?",ae=ie+ee+("(?:\\u200d(?:"+["[^"+o+"]",B,$].join("|")+")"+ie+ee+")*"),ce="(?:"+[C,B,$].join("|")+")"+ae,le=RegExp([U+"?"+j+"+"+Y+"(?="+[w,U,"$"].join("|")+")",z+"+"+Z+"(?="+[w,U+V,"$"].join("|")+")",U+"?"+V+"+"+Y,U+"+"+Z,"\\d*(?:1ST|2ND|3RD|(?![123])\\dTH)(?=\\b|[a-z_])","\\d*(?:1st|2nd|3rd|(?![123])\\dth)(?=\\b|[A-Z_])",x,ce].join("|"),"g");s.exports=function unicodeWords(s){return s.match(le)||[]}},22551:(s,o,i)=>{"use strict";var a=i(96540),u=i(69982);function p(s){for(var o="https://reactjs.org/docs/error-decoder.html?invariant="+s,i=1;io}return!1}(o,i,u,a)&&(i=null),a||null===u?function oa(s){return!!C.call(B,s)||!C.call(L,s)&&(j.test(s)?B[s]=!0:(L[s]=!0,!1))}(o)&&(null===i?s.removeAttribute(o):s.setAttribute(o,""+i)):u.mustUseProperty?s[u.propertyName]=null===i?3!==u.type&&"":i:(o=u.attributeName,a=u.attributeNamespace,null===i?s.removeAttribute(o):(i=3===(u=u.type)||4===u&&!0===i?"":""+i,a?s.setAttributeNS(a,o,i):s.setAttribute(o,i))))}"accent-height alignment-baseline arabic-form baseline-shift cap-height clip-path clip-rule color-interpolation color-interpolation-filters color-profile color-rendering dominant-baseline enable-background fill-opacity fill-rule flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-name glyph-orientation-horizontal glyph-orientation-vertical horiz-adv-x horiz-origin-x image-rendering letter-spacing lighting-color marker-end marker-mid marker-start overline-position overline-thickness paint-order panose-1 pointer-events rendering-intent shape-rendering stop-color stop-opacity strikethrough-position strikethrough-thickness stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width text-anchor text-decoration text-rendering underline-position underline-thickness unicode-bidi unicode-range units-per-em v-alphabetic v-hanging v-ideographic v-mathematical vector-effect vert-adv-y vert-origin-x vert-origin-y word-spacing writing-mode xmlns:xlink x-height".split(" ").forEach((function(s){var o=s.replace(U,sa);$[o]=new v(o,1,!1,s,null,!1,!1)})),"xlink:actuate xlink:arcrole xlink:role xlink:show xlink:title xlink:type".split(" ").forEach((function(s){var o=s.replace(U,sa);$[o]=new v(o,1,!1,s,"http://www.w3.org/1999/xlink",!1,!1)})),["xml:base","xml:lang","xml:space"].forEach((function(s){var o=s.replace(U,sa);$[o]=new v(o,1,!1,s,"http://www.w3.org/XML/1998/namespace",!1,!1)})),["tabIndex","crossOrigin"].forEach((function(s){$[s]=new v(s,1,!1,s.toLowerCase(),null,!1,!1)})),$.xlinkHref=new v("xlinkHref",1,!1,"xlink:href","http://www.w3.org/1999/xlink",!0,!1),["src","href","action","formAction"].forEach((function(s){$[s]=new v(s,1,!1,s.toLowerCase(),null,!0,!0)}));var V=a.__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED,z=Symbol.for("react.element"),Y=Symbol.for("react.portal"),Z=Symbol.for("react.fragment"),ee=Symbol.for("react.strict_mode"),ie=Symbol.for("react.profiler"),ae=Symbol.for("react.provider"),ce=Symbol.for("react.context"),le=Symbol.for("react.forward_ref"),pe=Symbol.for("react.suspense"),de=Symbol.for("react.suspense_list"),fe=Symbol.for("react.memo"),ye=Symbol.for("react.lazy");Symbol.for("react.scope"),Symbol.for("react.debug_trace_mode");var be=Symbol.for("react.offscreen");Symbol.for("react.legacy_hidden"),Symbol.for("react.cache"),Symbol.for("react.tracing_marker");var _e=Symbol.iterator;function Ka(s){return null===s||"object"!=typeof s?null:"function"==typeof(s=_e&&s[_e]||s["@@iterator"])?s:null}var Se,we=Object.assign;function Ma(s){if(void 0===Se)try{throw Error()}catch(s){var o=s.stack.trim().match(/\n( *(at )?)/);Se=o&&o[1]||""}return"\n"+Se+s}var xe=!1;function Oa(s,o){if(!s||xe)return"";xe=!0;var i=Error.prepareStackTrace;Error.prepareStackTrace=void 0;try{if(o)if(o=function(){throw Error()},Object.defineProperty(o.prototype,"props",{set:function(){throw Error()}}),"object"==typeof Reflect&&Reflect.construct){try{Reflect.construct(o,[])}catch(s){var a=s}Reflect.construct(s,[],o)}else{try{o.call()}catch(s){a=s}s.call(o.prototype)}else{try{throw Error()}catch(s){a=s}s()}}catch(o){if(o&&a&&"string"==typeof o.stack){for(var u=o.stack.split("\n"),_=a.stack.split("\n"),w=u.length-1,x=_.length-1;1<=w&&0<=x&&u[w]!==_[x];)x--;for(;1<=w&&0<=x;w--,x--)if(u[w]!==_[x]){if(1!==w||1!==x)do{if(w--,0>--x||u[w]!==_[x]){var C="\n"+u[w].replace(" at new "," at ");return s.displayName&&C.includes("")&&(C=C.replace("",s.displayName)),C}}while(1<=w&&0<=x);break}}}finally{xe=!1,Error.prepareStackTrace=i}return(s=s?s.displayName||s.name:"")?Ma(s):""}function Pa(s){switch(s.tag){case 5:return Ma(s.type);case 16:return Ma("Lazy");case 13:return Ma("Suspense");case 19:return Ma("SuspenseList");case 0:case 2:case 15:return s=Oa(s.type,!1);case 11:return s=Oa(s.type.render,!1);case 1:return s=Oa(s.type,!0);default:return""}}function Qa(s){if(null==s)return null;if("function"==typeof s)return s.displayName||s.name||null;if("string"==typeof s)return s;switch(s){case Z:return"Fragment";case Y:return"Portal";case ie:return"Profiler";case ee:return"StrictMode";case pe:return"Suspense";case de:return"SuspenseList"}if("object"==typeof s)switch(s.$$typeof){case ce:return(s.displayName||"Context")+".Consumer";case ae:return(s._context.displayName||"Context")+".Provider";case le:var o=s.render;return(s=s.displayName)||(s=""!==(s=o.displayName||o.name||"")?"ForwardRef("+s+")":"ForwardRef"),s;case fe:return null!==(o=s.displayName||null)?o:Qa(s.type)||"Memo";case ye:o=s._payload,s=s._init;try{return Qa(s(o))}catch(s){}}return null}function Ra(s){var o=s.type;switch(s.tag){case 24:return"Cache";case 9:return(o.displayName||"Context")+".Consumer";case 10:return(o._context.displayName||"Context")+".Provider";case 18:return"DehydratedFragment";case 11:return s=(s=o.render).displayName||s.name||"",o.displayName||(""!==s?"ForwardRef("+s+")":"ForwardRef");case 7:return"Fragment";case 5:return o;case 4:return"Portal";case 3:return"Root";case 6:return"Text";case 16:return Qa(o);case 8:return o===ee?"StrictMode":"Mode";case 22:return"Offscreen";case 12:return"Profiler";case 21:return"Scope";case 13:return"Suspense";case 19:return"SuspenseList";case 25:return"TracingMarker";case 1:case 0:case 17:case 2:case 14:case 15:if("function"==typeof o)return o.displayName||o.name||null;if("string"==typeof o)return o}return null}function Sa(s){switch(typeof s){case"boolean":case"number":case"string":case"undefined":case"object":return s;default:return""}}function Ta(s){var o=s.type;return(s=s.nodeName)&&"input"===s.toLowerCase()&&("checkbox"===o||"radio"===o)}function Va(s){s._valueTracker||(s._valueTracker=function Ua(s){var o=Ta(s)?"checked":"value",i=Object.getOwnPropertyDescriptor(s.constructor.prototype,o),a=""+s[o];if(!s.hasOwnProperty(o)&&void 0!==i&&"function"==typeof i.get&&"function"==typeof i.set){var u=i.get,_=i.set;return Object.defineProperty(s,o,{configurable:!0,get:function(){return u.call(this)},set:function(s){a=""+s,_.call(this,s)}}),Object.defineProperty(s,o,{enumerable:i.enumerable}),{getValue:function(){return a},setValue:function(s){a=""+s},stopTracking:function(){s._valueTracker=null,delete s[o]}}}}(s))}function Wa(s){if(!s)return!1;var o=s._valueTracker;if(!o)return!0;var i=o.getValue(),a="";return s&&(a=Ta(s)?s.checked?"true":"false":s.value),(s=a)!==i&&(o.setValue(s),!0)}function Xa(s){if(void 0===(s=s||("undefined"!=typeof document?document:void 0)))return null;try{return s.activeElement||s.body}catch(o){return s.body}}function Ya(s,o){var i=o.checked;return we({},o,{defaultChecked:void 0,defaultValue:void 0,value:void 0,checked:null!=i?i:s._wrapperState.initialChecked})}function Za(s,o){var i=null==o.defaultValue?"":o.defaultValue,a=null!=o.checked?o.checked:o.defaultChecked;i=Sa(null!=o.value?o.value:i),s._wrapperState={initialChecked:a,initialValue:i,controlled:"checkbox"===o.type||"radio"===o.type?null!=o.checked:null!=o.value}}function ab(s,o){null!=(o=o.checked)&&ta(s,"checked",o,!1)}function bb(s,o){ab(s,o);var i=Sa(o.value),a=o.type;if(null!=i)"number"===a?(0===i&&""===s.value||s.value!=i)&&(s.value=""+i):s.value!==""+i&&(s.value=""+i);else if("submit"===a||"reset"===a)return void s.removeAttribute("value");o.hasOwnProperty("value")?cb(s,o.type,i):o.hasOwnProperty("defaultValue")&&cb(s,o.type,Sa(o.defaultValue)),null==o.checked&&null!=o.defaultChecked&&(s.defaultChecked=!!o.defaultChecked)}function db(s,o,i){if(o.hasOwnProperty("value")||o.hasOwnProperty("defaultValue")){var a=o.type;if(!("submit"!==a&&"reset"!==a||void 0!==o.value&&null!==o.value))return;o=""+s._wrapperState.initialValue,i||o===s.value||(s.value=o),s.defaultValue=o}""!==(i=s.name)&&(s.name=""),s.defaultChecked=!!s._wrapperState.initialChecked,""!==i&&(s.name=i)}function cb(s,o,i){"number"===o&&Xa(s.ownerDocument)===s||(null==i?s.defaultValue=""+s._wrapperState.initialValue:s.defaultValue!==""+i&&(s.defaultValue=""+i))}var Pe=Array.isArray;function fb(s,o,i,a){if(s=s.options,o){o={};for(var u=0;u"+o.valueOf().toString()+"",o=Te.firstChild;s.firstChild;)s.removeChild(s.firstChild);for(;o.firstChild;)s.appendChild(o.firstChild)}},"undefined"!=typeof MSApp&&MSApp.execUnsafeLocalFunction?function(s,o,i,a){MSApp.execUnsafeLocalFunction((function(){return Re(s,o)}))}:Re);function ob(s,o){if(o){var i=s.firstChild;if(i&&i===s.lastChild&&3===i.nodeType)return void(i.nodeValue=o)}s.textContent=o}var qe={animationIterationCount:!0,aspectRatio:!0,borderImageOutset:!0,borderImageSlice:!0,borderImageWidth:!0,boxFlex:!0,boxFlexGroup:!0,boxOrdinalGroup:!0,columnCount:!0,columns:!0,flex:!0,flexGrow:!0,flexPositive:!0,flexShrink:!0,flexNegative:!0,flexOrder:!0,gridArea:!0,gridRow:!0,gridRowEnd:!0,gridRowSpan:!0,gridRowStart:!0,gridColumn:!0,gridColumnEnd:!0,gridColumnSpan:!0,gridColumnStart:!0,fontWeight:!0,lineClamp:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,tabSize:!0,widows:!0,zIndex:!0,zoom:!0,fillOpacity:!0,floodOpacity:!0,stopOpacity:!0,strokeDasharray:!0,strokeDashoffset:!0,strokeMiterlimit:!0,strokeOpacity:!0,strokeWidth:!0},ze=["Webkit","ms","Moz","O"];function rb(s,o,i){return null==o||"boolean"==typeof o||""===o?"":i||"number"!=typeof o||0===o||qe.hasOwnProperty(s)&&qe[s]?(""+o).trim():o+"px"}function sb(s,o){for(var i in s=s.style,o)if(o.hasOwnProperty(i)){var a=0===i.indexOf("--"),u=rb(i,o[i],a);"float"===i&&(i="cssFloat"),a?s.setProperty(i,u):s[i]=u}}Object.keys(qe).forEach((function(s){ze.forEach((function(o){o=o+s.charAt(0).toUpperCase()+s.substring(1),qe[o]=qe[s]}))}));var We=we({menuitem:!0},{area:!0,base:!0,br:!0,col:!0,embed:!0,hr:!0,img:!0,input:!0,keygen:!0,link:!0,meta:!0,param:!0,source:!0,track:!0,wbr:!0});function ub(s,o){if(o){if(We[s]&&(null!=o.children||null!=o.dangerouslySetInnerHTML))throw Error(p(137,s));if(null!=o.dangerouslySetInnerHTML){if(null!=o.children)throw Error(p(60));if("object"!=typeof o.dangerouslySetInnerHTML||!("__html"in o.dangerouslySetInnerHTML))throw Error(p(61))}if(null!=o.style&&"object"!=typeof o.style)throw Error(p(62))}}function vb(s,o){if(-1===s.indexOf("-"))return"string"==typeof o.is;switch(s){case"annotation-xml":case"color-profile":case"font-face":case"font-face-src":case"font-face-uri":case"font-face-format":case"font-face-name":case"missing-glyph":return!1;default:return!0}}var He=null;function xb(s){return(s=s.target||s.srcElement||window).correspondingUseElement&&(s=s.correspondingUseElement),3===s.nodeType?s.parentNode:s}var Ye=null,Xe=null,Qe=null;function Bb(s){if(s=Cb(s)){if("function"!=typeof Ye)throw Error(p(280));var o=s.stateNode;o&&(o=Db(o),Ye(s.stateNode,s.type,o))}}function Eb(s){Xe?Qe?Qe.push(s):Qe=[s]:Xe=s}function Fb(){if(Xe){var s=Xe,o=Qe;if(Qe=Xe=null,Bb(s),o)for(s=0;s>>=0,0===s?32:31-(wt(s)/xt|0)|0},wt=Math.log,xt=Math.LN2;var kt=64,Ot=4194304;function tc(s){switch(s&-s){case 1:return 1;case 2:return 2;case 4:return 4;case 8:return 8;case 16:return 16;case 32:return 32;case 64:case 128:case 256:case 512:case 1024:case 2048:case 4096:case 8192:case 16384:case 32768:case 65536:case 131072:case 262144:case 524288:case 1048576:case 2097152:return 4194240&s;case 4194304:case 8388608:case 16777216:case 33554432:case 67108864:return 130023424&s;case 134217728:return 134217728;case 268435456:return 268435456;case 536870912:return 536870912;case 1073741824:return 1073741824;default:return s}}function uc(s,o){var i=s.pendingLanes;if(0===i)return 0;var a=0,u=s.suspendedLanes,_=s.pingedLanes,w=268435455&i;if(0!==w){var x=w&~u;0!==x?a=tc(x):0!==(_&=w)&&(a=tc(_))}else 0!==(w=i&~u)?a=tc(w):0!==_&&(a=tc(_));if(0===a)return 0;if(0!==o&&o!==a&&!(o&u)&&((u=a&-a)>=(_=o&-o)||16===u&&4194240&_))return o;if(4&a&&(a|=16&i),0!==(o=s.entangledLanes))for(s=s.entanglements,o&=a;0i;i++)o.push(s);return o}function Ac(s,o,i){s.pendingLanes|=o,536870912!==o&&(s.suspendedLanes=0,s.pingedLanes=0),(s=s.eventTimes)[o=31-Et(o)]=i}function Cc(s,o){var i=s.entangledLanes|=o;for(s=s.entanglements;i;){var a=31-Et(i),u=1<=wr),Or=String.fromCharCode(32),Ar=!1;function ge(s,o){switch(s){case"keyup":return-1!==Sr.indexOf(o.keyCode);case"keydown":return 229!==o.keyCode;case"keypress":case"mousedown":case"focusout":return!0;default:return!1}}function he(s){return"object"==typeof(s=s.detail)&&"data"in s?s.data:null}var Cr=!1;var jr={color:!0,date:!0,datetime:!0,"datetime-local":!0,email:!0,month:!0,number:!0,password:!0,range:!0,search:!0,tel:!0,text:!0,time:!0,url:!0,week:!0};function me(s){var o=s&&s.nodeName&&s.nodeName.toLowerCase();return"input"===o?!!jr[s.type]:"textarea"===o}function ne(s,o,i,a){Eb(a),0<(o=oe(o,"onChange")).length&&(i=new Qt("onChange","change",null,i,a),s.push({event:i,listeners:o}))}var Pr=null,Ir=null;function re(s){se(s,0)}function te(s){if(Wa(ue(s)))return s}function ve(s,o){if("change"===s)return o}var Tr=!1;if(x){var Nr;if(x){var Mr="oninput"in document;if(!Mr){var Rr=document.createElement("div");Rr.setAttribute("oninput","return;"),Mr="function"==typeof Rr.oninput}Nr=Mr}else Nr=!1;Tr=Nr&&(!document.documentMode||9=o)return{node:a,offset:o-s};s=i}e:{for(;a;){if(a.nextSibling){a=a.nextSibling;break e}a=a.parentNode}a=void 0}a=Je(a)}}function Le(s,o){return!(!s||!o)&&(s===o||(!s||3!==s.nodeType)&&(o&&3===o.nodeType?Le(s,o.parentNode):"contains"in s?s.contains(o):!!s.compareDocumentPosition&&!!(16&s.compareDocumentPosition(o))))}function Me(){for(var s=window,o=Xa();o instanceof s.HTMLIFrameElement;){try{var i="string"==typeof o.contentWindow.location.href}catch(s){i=!1}if(!i)break;o=Xa((s=o.contentWindow).document)}return o}function Ne(s){var o=s&&s.nodeName&&s.nodeName.toLowerCase();return o&&("input"===o&&("text"===s.type||"search"===s.type||"tel"===s.type||"url"===s.type||"password"===s.type)||"textarea"===o||"true"===s.contentEditable)}function Oe(s){var o=Me(),i=s.focusedElem,a=s.selectionRange;if(o!==i&&i&&i.ownerDocument&&Le(i.ownerDocument.documentElement,i)){if(null!==a&&Ne(i))if(o=a.start,void 0===(s=a.end)&&(s=o),"selectionStart"in i)i.selectionStart=o,i.selectionEnd=Math.min(s,i.value.length);else if((s=(o=i.ownerDocument||document)&&o.defaultView||window).getSelection){s=s.getSelection();var u=i.textContent.length,_=Math.min(a.start,u);a=void 0===a.end?_:Math.min(a.end,u),!s.extend&&_>a&&(u=a,a=_,_=u),u=Ke(i,_);var w=Ke(i,a);u&&w&&(1!==s.rangeCount||s.anchorNode!==u.node||s.anchorOffset!==u.offset||s.focusNode!==w.node||s.focusOffset!==w.offset)&&((o=o.createRange()).setStart(u.node,u.offset),s.removeAllRanges(),_>a?(s.addRange(o),s.extend(w.node,w.offset)):(o.setEnd(w.node,w.offset),s.addRange(o)))}for(o=[],s=i;s=s.parentNode;)1===s.nodeType&&o.push({element:s,left:s.scrollLeft,top:s.scrollTop});for("function"==typeof i.focus&&i.focus(),i=0;i=document.documentMode,Fr=null,Br=null,$r=null,qr=!1;function Ue(s,o,i){var a=i.window===i?i.document:9===i.nodeType?i:i.ownerDocument;qr||null==Fr||Fr!==Xa(a)||("selectionStart"in(a=Fr)&&Ne(a)?a={start:a.selectionStart,end:a.selectionEnd}:a={anchorNode:(a=(a.ownerDocument&&a.ownerDocument.defaultView||window).getSelection()).anchorNode,anchorOffset:a.anchorOffset,focusNode:a.focusNode,focusOffset:a.focusOffset},$r&&Ie($r,a)||($r=a,0<(a=oe(Br,"onSelect")).length&&(o=new Qt("onSelect","select",null,o,i),s.push({event:o,listeners:a}),o.target=Fr)))}function Ve(s,o){var i={};return i[s.toLowerCase()]=o.toLowerCase(),i["Webkit"+s]="webkit"+o,i["Moz"+s]="moz"+o,i}var Ur={animationend:Ve("Animation","AnimationEnd"),animationiteration:Ve("Animation","AnimationIteration"),animationstart:Ve("Animation","AnimationStart"),transitionend:Ve("Transition","TransitionEnd")},Vr={},zr={};function Ze(s){if(Vr[s])return Vr[s];if(!Ur[s])return s;var o,i=Ur[s];for(o in i)if(i.hasOwnProperty(o)&&o in zr)return Vr[s]=i[o];return s}x&&(zr=document.createElement("div").style,"AnimationEvent"in window||(delete Ur.animationend.animation,delete Ur.animationiteration.animation,delete Ur.animationstart.animation),"TransitionEvent"in window||delete Ur.transitionend.transition);var Wr=Ze("animationend"),Jr=Ze("animationiteration"),Hr=Ze("animationstart"),Kr=Ze("transitionend"),Gr=new Map,Yr="abort auxClick cancel canPlay canPlayThrough click close contextMenu copy cut drag dragEnd dragEnter dragExit dragLeave dragOver dragStart drop durationChange emptied encrypted ended error gotPointerCapture input invalid keyDown keyPress keyUp load loadedData loadedMetadata loadStart lostPointerCapture mouseDown mouseMove mouseOut mouseOver mouseUp paste pause play playing pointerCancel pointerDown pointerMove pointerOut pointerOver pointerUp progress rateChange reset resize seeked seeking stalled submit suspend timeUpdate touchCancel touchEnd touchStart volumeChange scroll toggle touchMove waiting wheel".split(" ");function ff(s,o){Gr.set(s,o),fa(o,[s])}for(var Xr=0;Xrbn||(s.current=vn[bn],vn[bn]=null,bn--)}function G(s,o){bn++,vn[bn]=s.current,s.current=o}var _n={},Sn=Uf(_n),En=Uf(!1),wn=_n;function Yf(s,o){var i=s.type.contextTypes;if(!i)return _n;var a=s.stateNode;if(a&&a.__reactInternalMemoizedUnmaskedChildContext===o)return a.__reactInternalMemoizedMaskedChildContext;var u,_={};for(u in i)_[u]=o[u];return a&&((s=s.stateNode).__reactInternalMemoizedUnmaskedChildContext=o,s.__reactInternalMemoizedMaskedChildContext=_),_}function Zf(s){return null!=(s=s.childContextTypes)}function $f(){E(En),E(Sn)}function ag(s,o,i){if(Sn.current!==_n)throw Error(p(168));G(Sn,o),G(En,i)}function bg(s,o,i){var a=s.stateNode;if(o=o.childContextTypes,"function"!=typeof a.getChildContext)return i;for(var u in a=a.getChildContext())if(!(u in o))throw Error(p(108,Ra(s)||"Unknown",u));return we({},i,a)}function cg(s){return s=(s=s.stateNode)&&s.__reactInternalMemoizedMergedChildContext||_n,wn=Sn.current,G(Sn,s),G(En,En.current),!0}function dg(s,o,i){var a=s.stateNode;if(!a)throw Error(p(169));i?(s=bg(s,o,wn),a.__reactInternalMemoizedMergedChildContext=s,E(En),E(Sn),G(Sn,s)):E(En),G(En,i)}var xn=null,kn=!1,On=!1;function hg(s){null===xn?xn=[s]:xn.push(s)}function jg(){if(!On&&null!==xn){On=!0;var s=0,o=At;try{var i=xn;for(At=1;s>=w,u-=w,Mn=1<<32-Et(o)+u|i<C?(j=x,x=null):j=x.sibling;var L=r(o,x,a[C],u);if(null===L){null===x&&(x=j);break}s&&x&&null===L.alternate&&b(o,x),i=f(L,i,C),null===w?_=L:w.sibling=L,w=L,x=j}if(C===a.length)return c(o,x),Fn&&tg(o,C),_;if(null===x){for(;CC?(j=x,x=null):j=x.sibling;var B=r(o,x,L.value,u);if(null===B){null===x&&(x=j);break}s&&x&&null===B.alternate&&b(o,x),i=f(B,i,C),null===w?_=B:w.sibling=B,w=B,x=j}if(L.done)return c(o,x),Fn&&tg(o,C),_;if(null===x){for(;!L.done;C++,L=a.next())null!==(L=q(o,L.value,u))&&(i=f(L,i,C),null===w?_=L:w.sibling=L,w=L);return Fn&&tg(o,C),_}for(x=d(o,x);!L.done;C++,L=a.next())null!==(L=y(x,o,C,L.value,u))&&(s&&null!==L.alternate&&x.delete(null===L.key?C:L.key),i=f(L,i,C),null===w?_=L:w.sibling=L,w=L);return s&&x.forEach((function(s){return b(o,s)})),Fn&&tg(o,C),_}return function J(s,o,i,a){if("object"==typeof i&&null!==i&&i.type===Z&&null===i.key&&(i=i.props.children),"object"==typeof i&&null!==i){switch(i.$$typeof){case z:e:{for(var u=i.key,_=o;null!==_;){if(_.key===u){if((u=i.type)===Z){if(7===_.tag){c(s,_.sibling),(o=e(_,i.props.children)).return=s,s=o;break e}}else if(_.elementType===u||"object"==typeof u&&null!==u&&u.$$typeof===ye&&Ng(u)===_.type){c(s,_.sibling),(o=e(_,i.props)).ref=Lg(s,_,i),o.return=s,s=o;break e}c(s,_);break}b(s,_),_=_.sibling}i.type===Z?((o=Tg(i.props.children,s.mode,a,i.key)).return=s,s=o):((a=Rg(i.type,i.key,i.props,null,s.mode,a)).ref=Lg(s,o,i),a.return=s,s=a)}return g(s);case Y:e:{for(_=i.key;null!==o;){if(o.key===_){if(4===o.tag&&o.stateNode.containerInfo===i.containerInfo&&o.stateNode.implementation===i.implementation){c(s,o.sibling),(o=e(o,i.children||[])).return=s,s=o;break e}c(s,o);break}b(s,o),o=o.sibling}(o=Sg(i,s.mode,a)).return=s,s=o}return g(s);case ye:return J(s,o,(_=i._init)(i._payload),a)}if(Pe(i))return n(s,o,i,a);if(Ka(i))return t(s,o,i,a);Mg(s,i)}return"string"==typeof i&&""!==i||"number"==typeof i?(i=""+i,null!==o&&6===o.tag?(c(s,o.sibling),(o=e(o,i)).return=s,s=o):(c(s,o),(o=Qg(i,s.mode,a)).return=s,s=o),g(s)):c(s,o)}}var qn=Og(!0),Un=Og(!1),Vn=Uf(null),zn=null,Wn=null,Jn=null;function $g(){Jn=Wn=zn=null}function ah(s){var o=Vn.current;E(Vn),s._currentValue=o}function bh(s,o,i){for(;null!==s;){var a=s.alternate;if((s.childLanes&o)!==o?(s.childLanes|=o,null!==a&&(a.childLanes|=o)):null!==a&&(a.childLanes&o)!==o&&(a.childLanes|=o),s===i)break;s=s.return}}function ch(s,o){zn=s,Jn=Wn=null,null!==(s=s.dependencies)&&null!==s.firstContext&&(!!(s.lanes&o)&&(bs=!0),s.firstContext=null)}function eh(s){var o=s._currentValue;if(Jn!==s)if(s={context:s,memoizedValue:o,next:null},null===Wn){if(null===zn)throw Error(p(308));Wn=s,zn.dependencies={lanes:0,firstContext:s}}else Wn=Wn.next=s;return o}var Hn=null;function gh(s){null===Hn?Hn=[s]:Hn.push(s)}function hh(s,o,i,a){var u=o.interleaved;return null===u?(i.next=i,gh(o)):(i.next=u.next,u.next=i),o.interleaved=i,ih(s,a)}function ih(s,o){s.lanes|=o;var i=s.alternate;for(null!==i&&(i.lanes|=o),i=s,s=s.return;null!==s;)s.childLanes|=o,null!==(i=s.alternate)&&(i.childLanes|=o),i=s,s=s.return;return 3===i.tag?i.stateNode:null}var Kn=!1;function kh(s){s.updateQueue={baseState:s.memoizedState,firstBaseUpdate:null,lastBaseUpdate:null,shared:{pending:null,interleaved:null,lanes:0},effects:null}}function lh(s,o){s=s.updateQueue,o.updateQueue===s&&(o.updateQueue={baseState:s.baseState,firstBaseUpdate:s.firstBaseUpdate,lastBaseUpdate:s.lastBaseUpdate,shared:s.shared,effects:s.effects})}function mh(s,o){return{eventTime:s,lane:o,tag:0,payload:null,callback:null,next:null}}function nh(s,o,i){var a=s.updateQueue;if(null===a)return null;if(a=a.shared,2&Ls){var u=a.pending;return null===u?o.next=o:(o.next=u.next,u.next=o),a.pending=o,ih(s,i)}return null===(u=a.interleaved)?(o.next=o,gh(a)):(o.next=u.next,u.next=o),a.interleaved=o,ih(s,i)}function oh(s,o,i){if(null!==(o=o.updateQueue)&&(o=o.shared,4194240&i)){var a=o.lanes;i|=a&=s.pendingLanes,o.lanes=i,Cc(s,i)}}function ph(s,o){var i=s.updateQueue,a=s.alternate;if(null!==a&&i===(a=a.updateQueue)){var u=null,_=null;if(null!==(i=i.firstBaseUpdate)){do{var w={eventTime:i.eventTime,lane:i.lane,tag:i.tag,payload:i.payload,callback:i.callback,next:null};null===_?u=_=w:_=_.next=w,i=i.next}while(null!==i);null===_?u=_=o:_=_.next=o}else u=_=o;return i={baseState:a.baseState,firstBaseUpdate:u,lastBaseUpdate:_,shared:a.shared,effects:a.effects},void(s.updateQueue=i)}null===(s=i.lastBaseUpdate)?i.firstBaseUpdate=o:s.next=o,i.lastBaseUpdate=o}function qh(s,o,i,a){var u=s.updateQueue;Kn=!1;var _=u.firstBaseUpdate,w=u.lastBaseUpdate,x=u.shared.pending;if(null!==x){u.shared.pending=null;var C=x,j=C.next;C.next=null,null===w?_=j:w.next=j,w=C;var L=s.alternate;null!==L&&((x=(L=L.updateQueue).lastBaseUpdate)!==w&&(null===x?L.firstBaseUpdate=j:x.next=j,L.lastBaseUpdate=C))}if(null!==_){var B=u.baseState;for(w=0,L=j=C=null,x=_;;){var $=x.lane,U=x.eventTime;if((a&$)===$){null!==L&&(L=L.next={eventTime:U,lane:0,tag:x.tag,payload:x.payload,callback:x.callback,next:null});e:{var V=s,z=x;switch($=o,U=i,z.tag){case 1:if("function"==typeof(V=z.payload)){B=V.call(U,B,$);break e}B=V;break e;case 3:V.flags=-65537&V.flags|128;case 0:if(null==($="function"==typeof(V=z.payload)?V.call(U,B,$):V))break e;B=we({},B,$);break e;case 2:Kn=!0}}null!==x.callback&&0!==x.lane&&(s.flags|=64,null===($=u.effects)?u.effects=[x]:$.push(x))}else U={eventTime:U,lane:$,tag:x.tag,payload:x.payload,callback:x.callback,next:null},null===L?(j=L=U,C=B):L=L.next=U,w|=$;if(null===(x=x.next)){if(null===(x=u.shared.pending))break;x=($=x).next,$.next=null,u.lastBaseUpdate=$,u.shared.pending=null}}if(null===L&&(C=B),u.baseState=C,u.firstBaseUpdate=j,u.lastBaseUpdate=L,null!==(o=u.shared.interleaved)){u=o;do{w|=u.lane,u=u.next}while(u!==o)}else null===_&&(u.shared.lanes=0);Ws|=w,s.lanes=w,s.memoizedState=B}}function sh(s,o,i){if(s=o.effects,o.effects=null,null!==s)for(o=0;oi?i:4,s(!0);var a=rs.transition;rs.transition={};try{s(!1),o()}finally{At=i,rs.transition=a}}function wi(){return Uh().memoizedState}function xi(s,o,i){var a=yi(s);if(i={lane:a,action:i,hasEagerState:!1,eagerState:null,next:null},zi(s))Ai(o,i);else if(null!==(i=hh(s,o,i,a))){gi(i,s,a,R()),Bi(i,o,a)}}function ii(s,o,i){var a=yi(s),u={lane:a,action:i,hasEagerState:!1,eagerState:null,next:null};if(zi(s))Ai(o,u);else{var _=s.alternate;if(0===s.lanes&&(null===_||0===_.lanes)&&null!==(_=o.lastRenderedReducer))try{var w=o.lastRenderedState,x=_(w,i);if(u.hasEagerState=!0,u.eagerState=x,Dr(x,w)){var C=o.interleaved;return null===C?(u.next=u,gh(o)):(u.next=C.next,C.next=u),void(o.interleaved=u)}}catch(s){}null!==(i=hh(s,o,u,a))&&(gi(i,s,a,u=R()),Bi(i,o,a))}}function zi(s){var o=s.alternate;return s===ss||null!==o&&o===ss}function Ai(s,o){ls=cs=!0;var i=s.pending;null===i?o.next=o:(o.next=i.next,i.next=o),s.pending=o}function Bi(s,o,i){if(4194240&i){var a=o.lanes;i|=a&=s.pendingLanes,o.lanes=i,Cc(s,i)}}var hs={readContext:eh,useCallback:P,useContext:P,useEffect:P,useImperativeHandle:P,useInsertionEffect:P,useLayoutEffect:P,useMemo:P,useReducer:P,useRef:P,useState:P,useDebugValue:P,useDeferredValue:P,useTransition:P,useMutableSource:P,useSyncExternalStore:P,useId:P,unstable_isNewReconciler:!1},ds={readContext:eh,useCallback:function(s,o){return Th().memoizedState=[s,void 0===o?null:o],s},useContext:eh,useEffect:mi,useImperativeHandle:function(s,o,i){return i=null!=i?i.concat([s]):null,ki(4194308,4,pi.bind(null,o,s),i)},useLayoutEffect:function(s,o){return ki(4194308,4,s,o)},useInsertionEffect:function(s,o){return ki(4,2,s,o)},useMemo:function(s,o){var i=Th();return o=void 0===o?null:o,s=s(),i.memoizedState=[s,o],s},useReducer:function(s,o,i){var a=Th();return o=void 0!==i?i(o):o,a.memoizedState=a.baseState=o,s={pending:null,interleaved:null,lanes:0,dispatch:null,lastRenderedReducer:s,lastRenderedState:o},a.queue=s,s=s.dispatch=xi.bind(null,ss,s),[a.memoizedState,s]},useRef:function(s){return s={current:s},Th().memoizedState=s},useState:hi,useDebugValue:ri,useDeferredValue:function(s){return Th().memoizedState=s},useTransition:function(){var s=hi(!1),o=s[0];return s=vi.bind(null,s[1]),Th().memoizedState=s,[o,s]},useMutableSource:function(){},useSyncExternalStore:function(s,o,i){var a=ss,u=Th();if(Fn){if(void 0===i)throw Error(p(407));i=i()}else{if(i=o(),null===Fs)throw Error(p(349));30&ns||di(a,o,i)}u.memoizedState=i;var _={value:i,getSnapshot:o};return u.queue=_,mi(ai.bind(null,a,_,s),[s]),a.flags|=2048,bi(9,ci.bind(null,a,_,i,o),void 0,null),i},useId:function(){var s=Th(),o=Fs.identifierPrefix;if(Fn){var i=Rn;o=":"+o+"R"+(i=(Mn&~(1<<32-Et(Mn)-1)).toString(32)+i),0<(i=us++)&&(o+="H"+i.toString(32)),o+=":"}else o=":"+o+"r"+(i=ps++).toString(32)+":";return s.memoizedState=o},unstable_isNewReconciler:!1},fs={readContext:eh,useCallback:si,useContext:eh,useEffect:$h,useImperativeHandle:qi,useInsertionEffect:ni,useLayoutEffect:oi,useMemo:ti,useReducer:Wh,useRef:ji,useState:function(){return Wh(Vh)},useDebugValue:ri,useDeferredValue:function(s){return ui(Uh(),os.memoizedState,s)},useTransition:function(){return[Wh(Vh)[0],Uh().memoizedState]},useMutableSource:Yh,useSyncExternalStore:Zh,useId:wi,unstable_isNewReconciler:!1},ms={readContext:eh,useCallback:si,useContext:eh,useEffect:$h,useImperativeHandle:qi,useInsertionEffect:ni,useLayoutEffect:oi,useMemo:ti,useReducer:Xh,useRef:ji,useState:function(){return Xh(Vh)},useDebugValue:ri,useDeferredValue:function(s){var o=Uh();return null===os?o.memoizedState=s:ui(o,os.memoizedState,s)},useTransition:function(){return[Xh(Vh)[0],Uh().memoizedState]},useMutableSource:Yh,useSyncExternalStore:Zh,useId:wi,unstable_isNewReconciler:!1};function Ci(s,o){if(s&&s.defaultProps){for(var i in o=we({},o),s=s.defaultProps)void 0===o[i]&&(o[i]=s[i]);return o}return o}function Di(s,o,i,a){i=null==(i=i(a,o=s.memoizedState))?o:we({},o,i),s.memoizedState=i,0===s.lanes&&(s.updateQueue.baseState=i)}var gs={isMounted:function(s){return!!(s=s._reactInternals)&&Vb(s)===s},enqueueSetState:function(s,o,i){s=s._reactInternals;var a=R(),u=yi(s),_=mh(a,u);_.payload=o,null!=i&&(_.callback=i),null!==(o=nh(s,_,u))&&(gi(o,s,u,a),oh(o,s,u))},enqueueReplaceState:function(s,o,i){s=s._reactInternals;var a=R(),u=yi(s),_=mh(a,u);_.tag=1,_.payload=o,null!=i&&(_.callback=i),null!==(o=nh(s,_,u))&&(gi(o,s,u,a),oh(o,s,u))},enqueueForceUpdate:function(s,o){s=s._reactInternals;var i=R(),a=yi(s),u=mh(i,a);u.tag=2,null!=o&&(u.callback=o),null!==(o=nh(s,u,a))&&(gi(o,s,a,i),oh(o,s,a))}};function Fi(s,o,i,a,u,_,w){return"function"==typeof(s=s.stateNode).shouldComponentUpdate?s.shouldComponentUpdate(a,_,w):!o.prototype||!o.prototype.isPureReactComponent||(!Ie(i,a)||!Ie(u,_))}function Gi(s,o,i){var a=!1,u=_n,_=o.contextType;return"object"==typeof _&&null!==_?_=eh(_):(u=Zf(o)?wn:Sn.current,_=(a=null!=(a=o.contextTypes))?Yf(s,u):_n),o=new o(i,_),s.memoizedState=null!==o.state&&void 0!==o.state?o.state:null,o.updater=gs,s.stateNode=o,o._reactInternals=s,a&&((s=s.stateNode).__reactInternalMemoizedUnmaskedChildContext=u,s.__reactInternalMemoizedMaskedChildContext=_),o}function Hi(s,o,i,a){s=o.state,"function"==typeof o.componentWillReceiveProps&&o.componentWillReceiveProps(i,a),"function"==typeof o.UNSAFE_componentWillReceiveProps&&o.UNSAFE_componentWillReceiveProps(i,a),o.state!==s&&gs.enqueueReplaceState(o,o.state,null)}function Ii(s,o,i,a){var u=s.stateNode;u.props=i,u.state=s.memoizedState,u.refs={},kh(s);var _=o.contextType;"object"==typeof _&&null!==_?u.context=eh(_):(_=Zf(o)?wn:Sn.current,u.context=Yf(s,_)),u.state=s.memoizedState,"function"==typeof(_=o.getDerivedStateFromProps)&&(Di(s,o,_,i),u.state=s.memoizedState),"function"==typeof o.getDerivedStateFromProps||"function"==typeof u.getSnapshotBeforeUpdate||"function"!=typeof u.UNSAFE_componentWillMount&&"function"!=typeof u.componentWillMount||(o=u.state,"function"==typeof u.componentWillMount&&u.componentWillMount(),"function"==typeof u.UNSAFE_componentWillMount&&u.UNSAFE_componentWillMount(),o!==u.state&&gs.enqueueReplaceState(u,u.state,null),qh(s,i,u,a),u.state=s.memoizedState),"function"==typeof u.componentDidMount&&(s.flags|=4194308)}function Ji(s,o){try{var i="",a=o;do{i+=Pa(a),a=a.return}while(a);var u=i}catch(s){u="\nError generating stack: "+s.message+"\n"+s.stack}return{value:s,source:o,stack:u,digest:null}}function Ki(s,o,i){return{value:s,source:null,stack:null!=i?i:null,digest:null!=o?o:null}}function Li(s,o){try{console.error(o.value)}catch(s){setTimeout((function(){throw s}))}}var ys="function"==typeof WeakMap?WeakMap:Map;function Ni(s,o,i){(i=mh(-1,i)).tag=3,i.payload={element:null};var a=o.value;return i.callback=function(){Zs||(Zs=!0,eo=a),Li(0,o)},i}function Qi(s,o,i){(i=mh(-1,i)).tag=3;var a=s.type.getDerivedStateFromError;if("function"==typeof a){var u=o.value;i.payload=function(){return a(u)},i.callback=function(){Li(0,o)}}var _=s.stateNode;return null!==_&&"function"==typeof _.componentDidCatch&&(i.callback=function(){Li(0,o),"function"!=typeof a&&(null===to?to=new Set([this]):to.add(this));var s=o.stack;this.componentDidCatch(o.value,{componentStack:null!==s?s:""})}),i}function Si(s,o,i){var a=s.pingCache;if(null===a){a=s.pingCache=new ys;var u=new Set;a.set(o,u)}else void 0===(u=a.get(o))&&(u=new Set,a.set(o,u));u.has(i)||(u.add(i),s=Ti.bind(null,s,o,i),o.then(s,s))}function Ui(s){do{var o;if((o=13===s.tag)&&(o=null===(o=s.memoizedState)||null!==o.dehydrated),o)return s;s=s.return}while(null!==s);return null}function Vi(s,o,i,a,u){return 1&s.mode?(s.flags|=65536,s.lanes=u,s):(s===o?s.flags|=65536:(s.flags|=128,i.flags|=131072,i.flags&=-52805,1===i.tag&&(null===i.alternate?i.tag=17:((o=mh(-1,1)).tag=2,nh(i,o,1))),i.lanes|=1),s)}var vs=V.ReactCurrentOwner,bs=!1;function Xi(s,o,i,a){o.child=null===s?Un(o,null,i,a):qn(o,s.child,i,a)}function Yi(s,o,i,a,u){i=i.render;var _=o.ref;return ch(o,u),a=Nh(s,o,i,a,_,u),i=Sh(),null===s||bs?(Fn&&i&&vg(o),o.flags|=1,Xi(s,o,a,u),o.child):(o.updateQueue=s.updateQueue,o.flags&=-2053,s.lanes&=~u,Zi(s,o,u))}function $i(s,o,i,a,u){if(null===s){var _=i.type;return"function"!=typeof _||aj(_)||void 0!==_.defaultProps||null!==i.compare||void 0!==i.defaultProps?((s=Rg(i.type,null,a,o,o.mode,u)).ref=o.ref,s.return=o,o.child=s):(o.tag=15,o.type=_,bj(s,o,_,a,u))}if(_=s.child,!(s.lanes&u)){var w=_.memoizedProps;if((i=null!==(i=i.compare)?i:Ie)(w,a)&&s.ref===o.ref)return Zi(s,o,u)}return o.flags|=1,(s=Pg(_,a)).ref=o.ref,s.return=o,o.child=s}function bj(s,o,i,a,u){if(null!==s){var _=s.memoizedProps;if(Ie(_,a)&&s.ref===o.ref){if(bs=!1,o.pendingProps=a=_,!(s.lanes&u))return o.lanes=s.lanes,Zi(s,o,u);131072&s.flags&&(bs=!0)}}return cj(s,o,i,a,u)}function dj(s,o,i){var a=o.pendingProps,u=a.children,_=null!==s?s.memoizedState:null;if("hidden"===a.mode)if(1&o.mode){if(!(1073741824&i))return s=null!==_?_.baseLanes|i:i,o.lanes=o.childLanes=1073741824,o.memoizedState={baseLanes:s,cachePool:null,transitions:null},o.updateQueue=null,G(Us,qs),qs|=s,null;o.memoizedState={baseLanes:0,cachePool:null,transitions:null},a=null!==_?_.baseLanes:i,G(Us,qs),qs|=a}else o.memoizedState={baseLanes:0,cachePool:null,transitions:null},G(Us,qs),qs|=i;else null!==_?(a=_.baseLanes|i,o.memoizedState=null):a=i,G(Us,qs),qs|=a;return Xi(s,o,u,i),o.child}function gj(s,o){var i=o.ref;(null===s&&null!==i||null!==s&&s.ref!==i)&&(o.flags|=512,o.flags|=2097152)}function cj(s,o,i,a,u){var _=Zf(i)?wn:Sn.current;return _=Yf(o,_),ch(o,u),i=Nh(s,o,i,a,_,u),a=Sh(),null===s||bs?(Fn&&a&&vg(o),o.flags|=1,Xi(s,o,i,u),o.child):(o.updateQueue=s.updateQueue,o.flags&=-2053,s.lanes&=~u,Zi(s,o,u))}function hj(s,o,i,a,u){if(Zf(i)){var _=!0;cg(o)}else _=!1;if(ch(o,u),null===o.stateNode)ij(s,o),Gi(o,i,a),Ii(o,i,a,u),a=!0;else if(null===s){var w=o.stateNode,x=o.memoizedProps;w.props=x;var C=w.context,j=i.contextType;"object"==typeof j&&null!==j?j=eh(j):j=Yf(o,j=Zf(i)?wn:Sn.current);var L=i.getDerivedStateFromProps,B="function"==typeof L||"function"==typeof w.getSnapshotBeforeUpdate;B||"function"!=typeof w.UNSAFE_componentWillReceiveProps&&"function"!=typeof w.componentWillReceiveProps||(x!==a||C!==j)&&Hi(o,w,a,j),Kn=!1;var $=o.memoizedState;w.state=$,qh(o,a,w,u),C=o.memoizedState,x!==a||$!==C||En.current||Kn?("function"==typeof L&&(Di(o,i,L,a),C=o.memoizedState),(x=Kn||Fi(o,i,x,a,$,C,j))?(B||"function"!=typeof w.UNSAFE_componentWillMount&&"function"!=typeof w.componentWillMount||("function"==typeof w.componentWillMount&&w.componentWillMount(),"function"==typeof w.UNSAFE_componentWillMount&&w.UNSAFE_componentWillMount()),"function"==typeof w.componentDidMount&&(o.flags|=4194308)):("function"==typeof w.componentDidMount&&(o.flags|=4194308),o.memoizedProps=a,o.memoizedState=C),w.props=a,w.state=C,w.context=j,a=x):("function"==typeof w.componentDidMount&&(o.flags|=4194308),a=!1)}else{w=o.stateNode,lh(s,o),x=o.memoizedProps,j=o.type===o.elementType?x:Ci(o.type,x),w.props=j,B=o.pendingProps,$=w.context,"object"==typeof(C=i.contextType)&&null!==C?C=eh(C):C=Yf(o,C=Zf(i)?wn:Sn.current);var U=i.getDerivedStateFromProps;(L="function"==typeof U||"function"==typeof w.getSnapshotBeforeUpdate)||"function"!=typeof w.UNSAFE_componentWillReceiveProps&&"function"!=typeof w.componentWillReceiveProps||(x!==B||$!==C)&&Hi(o,w,a,C),Kn=!1,$=o.memoizedState,w.state=$,qh(o,a,w,u);var V=o.memoizedState;x!==B||$!==V||En.current||Kn?("function"==typeof U&&(Di(o,i,U,a),V=o.memoizedState),(j=Kn||Fi(o,i,j,a,$,V,C)||!1)?(L||"function"!=typeof w.UNSAFE_componentWillUpdate&&"function"!=typeof w.componentWillUpdate||("function"==typeof w.componentWillUpdate&&w.componentWillUpdate(a,V,C),"function"==typeof w.UNSAFE_componentWillUpdate&&w.UNSAFE_componentWillUpdate(a,V,C)),"function"==typeof w.componentDidUpdate&&(o.flags|=4),"function"==typeof w.getSnapshotBeforeUpdate&&(o.flags|=1024)):("function"!=typeof w.componentDidUpdate||x===s.memoizedProps&&$===s.memoizedState||(o.flags|=4),"function"!=typeof w.getSnapshotBeforeUpdate||x===s.memoizedProps&&$===s.memoizedState||(o.flags|=1024),o.memoizedProps=a,o.memoizedState=V),w.props=a,w.state=V,w.context=C,a=j):("function"!=typeof w.componentDidUpdate||x===s.memoizedProps&&$===s.memoizedState||(o.flags|=4),"function"!=typeof w.getSnapshotBeforeUpdate||x===s.memoizedProps&&$===s.memoizedState||(o.flags|=1024),a=!1)}return jj(s,o,i,a,_,u)}function jj(s,o,i,a,u,_){gj(s,o);var w=!!(128&o.flags);if(!a&&!w)return u&&dg(o,i,!1),Zi(s,o,_);a=o.stateNode,vs.current=o;var x=w&&"function"!=typeof i.getDerivedStateFromError?null:a.render();return o.flags|=1,null!==s&&w?(o.child=qn(o,s.child,null,_),o.child=qn(o,null,x,_)):Xi(s,o,x,_),o.memoizedState=a.state,u&&dg(o,i,!0),o.child}function kj(s){var o=s.stateNode;o.pendingContext?ag(0,o.pendingContext,o.pendingContext!==o.context):o.context&&ag(0,o.context,!1),yh(s,o.containerInfo)}function lj(s,o,i,a,u){return Ig(),Jg(u),o.flags|=256,Xi(s,o,i,a),o.child}var _s,Ss,Es,ws,xs={dehydrated:null,treeContext:null,retryLane:0};function nj(s){return{baseLanes:s,cachePool:null,transitions:null}}function oj(s,o,i){var a,u=o.pendingProps,_=Zn.current,w=!1,x=!!(128&o.flags);if((a=x)||(a=(null===s||null!==s.memoizedState)&&!!(2&_)),a?(w=!0,o.flags&=-129):null!==s&&null===s.memoizedState||(_|=1),G(Zn,1&_),null===s)return Eg(o),null!==(s=o.memoizedState)&&null!==(s=s.dehydrated)?(1&o.mode?"$!"===s.data?o.lanes=8:o.lanes=1073741824:o.lanes=1,null):(x=u.children,s=u.fallback,w?(u=o.mode,w=o.child,x={mode:"hidden",children:x},1&u||null===w?w=pj(x,u,0,null):(w.childLanes=0,w.pendingProps=x),s=Tg(s,u,i,null),w.return=o,s.return=o,w.sibling=s,o.child=w,o.child.memoizedState=nj(i),o.memoizedState=xs,s):qj(o,x));if(null!==(_=s.memoizedState)&&null!==(a=_.dehydrated))return function rj(s,o,i,a,u,_,w){if(i)return 256&o.flags?(o.flags&=-257,sj(s,o,w,a=Ki(Error(p(422))))):null!==o.memoizedState?(o.child=s.child,o.flags|=128,null):(_=a.fallback,u=o.mode,a=pj({mode:"visible",children:a.children},u,0,null),(_=Tg(_,u,w,null)).flags|=2,a.return=o,_.return=o,a.sibling=_,o.child=a,1&o.mode&&qn(o,s.child,null,w),o.child.memoizedState=nj(w),o.memoizedState=xs,_);if(!(1&o.mode))return sj(s,o,w,null);if("$!"===u.data){if(a=u.nextSibling&&u.nextSibling.dataset)var x=a.dgst;return a=x,sj(s,o,w,a=Ki(_=Error(p(419)),a,void 0))}if(x=!!(w&s.childLanes),bs||x){if(null!==(a=Fs)){switch(w&-w){case 4:u=2;break;case 16:u=8;break;case 64:case 128:case 256:case 512:case 1024:case 2048:case 4096:case 8192:case 16384:case 32768:case 65536:case 131072:case 262144:case 524288:case 1048576:case 2097152:case 4194304:case 8388608:case 16777216:case 33554432:case 67108864:u=32;break;case 536870912:u=268435456;break;default:u=0}0!==(u=u&(a.suspendedLanes|w)?0:u)&&u!==_.retryLane&&(_.retryLane=u,ih(s,u),gi(a,s,u,-1))}return tj(),sj(s,o,w,a=Ki(Error(p(421))))}return"$?"===u.data?(o.flags|=128,o.child=s.child,o=uj.bind(null,s),u._reactRetry=o,null):(s=_.treeContext,Ln=Lf(u.nextSibling),Dn=o,Fn=!0,Bn=null,null!==s&&(In[Tn++]=Mn,In[Tn++]=Rn,In[Tn++]=Nn,Mn=s.id,Rn=s.overflow,Nn=o),o=qj(o,a.children),o.flags|=4096,o)}(s,o,x,u,a,_,i);if(w){w=u.fallback,x=o.mode,a=(_=s.child).sibling;var C={mode:"hidden",children:u.children};return 1&x||o.child===_?(u=Pg(_,C)).subtreeFlags=14680064&_.subtreeFlags:((u=o.child).childLanes=0,u.pendingProps=C,o.deletions=null),null!==a?w=Pg(a,w):(w=Tg(w,x,i,null)).flags|=2,w.return=o,u.return=o,u.sibling=w,o.child=u,u=w,w=o.child,x=null===(x=s.child.memoizedState)?nj(i):{baseLanes:x.baseLanes|i,cachePool:null,transitions:x.transitions},w.memoizedState=x,w.childLanes=s.childLanes&~i,o.memoizedState=xs,u}return s=(w=s.child).sibling,u=Pg(w,{mode:"visible",children:u.children}),!(1&o.mode)&&(u.lanes=i),u.return=o,u.sibling=null,null!==s&&(null===(i=o.deletions)?(o.deletions=[s],o.flags|=16):i.push(s)),o.child=u,o.memoizedState=null,u}function qj(s,o){return(o=pj({mode:"visible",children:o},s.mode,0,null)).return=s,s.child=o}function sj(s,o,i,a){return null!==a&&Jg(a),qn(o,s.child,null,i),(s=qj(o,o.pendingProps.children)).flags|=2,o.memoizedState=null,s}function vj(s,o,i){s.lanes|=o;var a=s.alternate;null!==a&&(a.lanes|=o),bh(s.return,o,i)}function wj(s,o,i,a,u){var _=s.memoizedState;null===_?s.memoizedState={isBackwards:o,rendering:null,renderingStartTime:0,last:a,tail:i,tailMode:u}:(_.isBackwards=o,_.rendering=null,_.renderingStartTime=0,_.last=a,_.tail=i,_.tailMode=u)}function xj(s,o,i){var a=o.pendingProps,u=a.revealOrder,_=a.tail;if(Xi(s,o,a.children,i),2&(a=Zn.current))a=1&a|2,o.flags|=128;else{if(null!==s&&128&s.flags)e:for(s=o.child;null!==s;){if(13===s.tag)null!==s.memoizedState&&vj(s,i,o);else if(19===s.tag)vj(s,i,o);else if(null!==s.child){s.child.return=s,s=s.child;continue}if(s===o)break e;for(;null===s.sibling;){if(null===s.return||s.return===o)break e;s=s.return}s.sibling.return=s.return,s=s.sibling}a&=1}if(G(Zn,a),1&o.mode)switch(u){case"forwards":for(i=o.child,u=null;null!==i;)null!==(s=i.alternate)&&null===Ch(s)&&(u=i),i=i.sibling;null===(i=u)?(u=o.child,o.child=null):(u=i.sibling,i.sibling=null),wj(o,!1,u,i,_);break;case"backwards":for(i=null,u=o.child,o.child=null;null!==u;){if(null!==(s=u.alternate)&&null===Ch(s)){o.child=u;break}s=u.sibling,u.sibling=i,i=u,u=s}wj(o,!0,i,null,_);break;case"together":wj(o,!1,null,null,void 0);break;default:o.memoizedState=null}else o.memoizedState=null;return o.child}function ij(s,o){!(1&o.mode)&&null!==s&&(s.alternate=null,o.alternate=null,o.flags|=2)}function Zi(s,o,i){if(null!==s&&(o.dependencies=s.dependencies),Ws|=o.lanes,!(i&o.childLanes))return null;if(null!==s&&o.child!==s.child)throw Error(p(153));if(null!==o.child){for(i=Pg(s=o.child,s.pendingProps),o.child=i,i.return=o;null!==s.sibling;)s=s.sibling,(i=i.sibling=Pg(s,s.pendingProps)).return=o;i.sibling=null}return o.child}function Dj(s,o){if(!Fn)switch(s.tailMode){case"hidden":o=s.tail;for(var i=null;null!==o;)null!==o.alternate&&(i=o),o=o.sibling;null===i?s.tail=null:i.sibling=null;break;case"collapsed":i=s.tail;for(var a=null;null!==i;)null!==i.alternate&&(a=i),i=i.sibling;null===a?o||null===s.tail?s.tail=null:s.tail.sibling=null:a.sibling=null}}function S(s){var o=null!==s.alternate&&s.alternate.child===s.child,i=0,a=0;if(o)for(var u=s.child;null!==u;)i|=u.lanes|u.childLanes,a|=14680064&u.subtreeFlags,a|=14680064&u.flags,u.return=s,u=u.sibling;else for(u=s.child;null!==u;)i|=u.lanes|u.childLanes,a|=u.subtreeFlags,a|=u.flags,u.return=s,u=u.sibling;return s.subtreeFlags|=a,s.childLanes=i,o}function Ej(s,o,i){var a=o.pendingProps;switch(wg(o),o.tag){case 2:case 16:case 15:case 0:case 11:case 7:case 8:case 12:case 9:case 14:return S(o),null;case 1:case 17:return Zf(o.type)&&$f(),S(o),null;case 3:return a=o.stateNode,zh(),E(En),E(Sn),Eh(),a.pendingContext&&(a.context=a.pendingContext,a.pendingContext=null),null!==s&&null!==s.child||(Gg(o)?o.flags|=4:null===s||s.memoizedState.isDehydrated&&!(256&o.flags)||(o.flags|=1024,null!==Bn&&(Fj(Bn),Bn=null))),Ss(s,o),S(o),null;case 5:Bh(o);var u=xh(Qn.current);if(i=o.type,null!==s&&null!=o.stateNode)Es(s,o,i,a,u),s.ref!==o.ref&&(o.flags|=512,o.flags|=2097152);else{if(!a){if(null===o.stateNode)throw Error(p(166));return S(o),null}if(s=xh(Yn.current),Gg(o)){a=o.stateNode,i=o.type;var _=o.memoizedProps;switch(a[hn]=o,a[dn]=_,s=!!(1&o.mode),i){case"dialog":D("cancel",a),D("close",a);break;case"iframe":case"object":case"embed":D("load",a);break;case"video":case"audio":for(u=0;u<\/script>",s=s.removeChild(s.firstChild)):"string"==typeof a.is?s=x.createElement(i,{is:a.is}):(s=x.createElement(i),"select"===i&&(x=s,a.multiple?x.multiple=!0:a.size&&(x.size=a.size))):s=x.createElementNS(s,i),s[hn]=o,s[dn]=a,_s(s,o,!1,!1),o.stateNode=s;e:{switch(x=vb(i,a),i){case"dialog":D("cancel",s),D("close",s),u=a;break;case"iframe":case"object":case"embed":D("load",s),u=a;break;case"video":case"audio":for(u=0;uXs&&(o.flags|=128,a=!0,Dj(_,!1),o.lanes=4194304)}else{if(!a)if(null!==(s=Ch(x))){if(o.flags|=128,a=!0,null!==(i=s.updateQueue)&&(o.updateQueue=i,o.flags|=4),Dj(_,!0),null===_.tail&&"hidden"===_.tailMode&&!x.alternate&&!Fn)return S(o),null}else 2*ht()-_.renderingStartTime>Xs&&1073741824!==i&&(o.flags|=128,a=!0,Dj(_,!1),o.lanes=4194304);_.isBackwards?(x.sibling=o.child,o.child=x):(null!==(i=_.last)?i.sibling=x:o.child=x,_.last=x)}return null!==_.tail?(o=_.tail,_.rendering=o,_.tail=o.sibling,_.renderingStartTime=ht(),o.sibling=null,i=Zn.current,G(Zn,a?1&i|2:1&i),o):(S(o),null);case 22:case 23:return Hj(),a=null!==o.memoizedState,null!==s&&null!==s.memoizedState!==a&&(o.flags|=8192),a&&1&o.mode?!!(1073741824&qs)&&(S(o),6&o.subtreeFlags&&(o.flags|=8192)):S(o),null;case 24:case 25:return null}throw Error(p(156,o.tag))}function Ij(s,o){switch(wg(o),o.tag){case 1:return Zf(o.type)&&$f(),65536&(s=o.flags)?(o.flags=-65537&s|128,o):null;case 3:return zh(),E(En),E(Sn),Eh(),65536&(s=o.flags)&&!(128&s)?(o.flags=-65537&s|128,o):null;case 5:return Bh(o),null;case 13:if(E(Zn),null!==(s=o.memoizedState)&&null!==s.dehydrated){if(null===o.alternate)throw Error(p(340));Ig()}return 65536&(s=o.flags)?(o.flags=-65537&s|128,o):null;case 19:return E(Zn),null;case 4:return zh(),null;case 10:return ah(o.type._context),null;case 22:case 23:return Hj(),null;default:return null}}_s=function(s,o){for(var i=o.child;null!==i;){if(5===i.tag||6===i.tag)s.appendChild(i.stateNode);else if(4!==i.tag&&null!==i.child){i.child.return=i,i=i.child;continue}if(i===o)break;for(;null===i.sibling;){if(null===i.return||i.return===o)return;i=i.return}i.sibling.return=i.return,i=i.sibling}},Ss=function(){},Es=function(s,o,i,a){var u=s.memoizedProps;if(u!==a){s=o.stateNode,xh(Yn.current);var _,x=null;switch(i){case"input":u=Ya(s,u),a=Ya(s,a),x=[];break;case"select":u=we({},u,{value:void 0}),a=we({},a,{value:void 0}),x=[];break;case"textarea":u=gb(s,u),a=gb(s,a),x=[];break;default:"function"!=typeof u.onClick&&"function"==typeof a.onClick&&(s.onclick=Bf)}for(L in ub(i,a),i=null,u)if(!a.hasOwnProperty(L)&&u.hasOwnProperty(L)&&null!=u[L])if("style"===L){var C=u[L];for(_ in C)C.hasOwnProperty(_)&&(i||(i={}),i[_]="")}else"dangerouslySetInnerHTML"!==L&&"children"!==L&&"suppressContentEditableWarning"!==L&&"suppressHydrationWarning"!==L&&"autoFocus"!==L&&(w.hasOwnProperty(L)?x||(x=[]):(x=x||[]).push(L,null));for(L in a){var j=a[L];if(C=null!=u?u[L]:void 0,a.hasOwnProperty(L)&&j!==C&&(null!=j||null!=C))if("style"===L)if(C){for(_ in C)!C.hasOwnProperty(_)||j&&j.hasOwnProperty(_)||(i||(i={}),i[_]="");for(_ in j)j.hasOwnProperty(_)&&C[_]!==j[_]&&(i||(i={}),i[_]=j[_])}else i||(x||(x=[]),x.push(L,i)),i=j;else"dangerouslySetInnerHTML"===L?(j=j?j.__html:void 0,C=C?C.__html:void 0,null!=j&&C!==j&&(x=x||[]).push(L,j)):"children"===L?"string"!=typeof j&&"number"!=typeof j||(x=x||[]).push(L,""+j):"suppressContentEditableWarning"!==L&&"suppressHydrationWarning"!==L&&(w.hasOwnProperty(L)?(null!=j&&"onScroll"===L&&D("scroll",s),x||C===j||(x=[])):(x=x||[]).push(L,j))}i&&(x=x||[]).push("style",i);var L=x;(o.updateQueue=L)&&(o.flags|=4)}},ws=function(s,o,i,a){i!==a&&(o.flags|=4)};var ks=!1,Os=!1,As="function"==typeof WeakSet?WeakSet:Set,Cs=null;function Lj(s,o){var i=s.ref;if(null!==i)if("function"==typeof i)try{i(null)}catch(i){W(s,o,i)}else i.current=null}function Mj(s,o,i){try{i()}catch(i){W(s,o,i)}}var js=!1;function Pj(s,o,i){var a=o.updateQueue;if(null!==(a=null!==a?a.lastEffect:null)){var u=a=a.next;do{if((u.tag&s)===s){var _=u.destroy;u.destroy=void 0,void 0!==_&&Mj(o,i,_)}u=u.next}while(u!==a)}}function Qj(s,o){if(null!==(o=null!==(o=o.updateQueue)?o.lastEffect:null)){var i=o=o.next;do{if((i.tag&s)===s){var a=i.create;i.destroy=a()}i=i.next}while(i!==o)}}function Rj(s){var o=s.ref;if(null!==o){var i=s.stateNode;s.tag,s=i,"function"==typeof o?o(s):o.current=s}}function Sj(s){var o=s.alternate;null!==o&&(s.alternate=null,Sj(o)),s.child=null,s.deletions=null,s.sibling=null,5===s.tag&&(null!==(o=s.stateNode)&&(delete o[hn],delete o[dn],delete o[mn],delete o[gn],delete o[yn])),s.stateNode=null,s.return=null,s.dependencies=null,s.memoizedProps=null,s.memoizedState=null,s.pendingProps=null,s.stateNode=null,s.updateQueue=null}function Tj(s){return 5===s.tag||3===s.tag||4===s.tag}function Uj(s){e:for(;;){for(;null===s.sibling;){if(null===s.return||Tj(s.return))return null;s=s.return}for(s.sibling.return=s.return,s=s.sibling;5!==s.tag&&6!==s.tag&&18!==s.tag;){if(2&s.flags)continue e;if(null===s.child||4===s.tag)continue e;s.child.return=s,s=s.child}if(!(2&s.flags))return s.stateNode}}function Vj(s,o,i){var a=s.tag;if(5===a||6===a)s=s.stateNode,o?8===i.nodeType?i.parentNode.insertBefore(s,o):i.insertBefore(s,o):(8===i.nodeType?(o=i.parentNode).insertBefore(s,i):(o=i).appendChild(s),null!=(i=i._reactRootContainer)||null!==o.onclick||(o.onclick=Bf));else if(4!==a&&null!==(s=s.child))for(Vj(s,o,i),s=s.sibling;null!==s;)Vj(s,o,i),s=s.sibling}function Wj(s,o,i){var a=s.tag;if(5===a||6===a)s=s.stateNode,o?i.insertBefore(s,o):i.appendChild(s);else if(4!==a&&null!==(s=s.child))for(Wj(s,o,i),s=s.sibling;null!==s;)Wj(s,o,i),s=s.sibling}var Ps=null,Is=!1;function Yj(s,o,i){for(i=i.child;null!==i;)Zj(s,o,i),i=i.sibling}function Zj(s,o,i){if(St&&"function"==typeof St.onCommitFiberUnmount)try{St.onCommitFiberUnmount(_t,i)}catch(s){}switch(i.tag){case 5:Os||Lj(i,o);case 6:var a=Ps,u=Is;Ps=null,Yj(s,o,i),Is=u,null!==(Ps=a)&&(Is?(s=Ps,i=i.stateNode,8===s.nodeType?s.parentNode.removeChild(i):s.removeChild(i)):Ps.removeChild(i.stateNode));break;case 18:null!==Ps&&(Is?(s=Ps,i=i.stateNode,8===s.nodeType?Kf(s.parentNode,i):1===s.nodeType&&Kf(s,i),bd(s)):Kf(Ps,i.stateNode));break;case 4:a=Ps,u=Is,Ps=i.stateNode.containerInfo,Is=!0,Yj(s,o,i),Ps=a,Is=u;break;case 0:case 11:case 14:case 15:if(!Os&&(null!==(a=i.updateQueue)&&null!==(a=a.lastEffect))){u=a=a.next;do{var _=u,w=_.destroy;_=_.tag,void 0!==w&&(2&_||4&_)&&Mj(i,o,w),u=u.next}while(u!==a)}Yj(s,o,i);break;case 1:if(!Os&&(Lj(i,o),"function"==typeof(a=i.stateNode).componentWillUnmount))try{a.props=i.memoizedProps,a.state=i.memoizedState,a.componentWillUnmount()}catch(s){W(i,o,s)}Yj(s,o,i);break;case 21:Yj(s,o,i);break;case 22:1&i.mode?(Os=(a=Os)||null!==i.memoizedState,Yj(s,o,i),Os=a):Yj(s,o,i);break;default:Yj(s,o,i)}}function ak(s){var o=s.updateQueue;if(null!==o){s.updateQueue=null;var i=s.stateNode;null===i&&(i=s.stateNode=new As),o.forEach((function(o){var a=bk.bind(null,s,o);i.has(o)||(i.add(o),o.then(a,a))}))}}function ck(s,o){var i=o.deletions;if(null!==i)for(var a=0;au&&(u=w),a&=~_}if(a=u,10<(a=(120>(a=ht()-a)?120:480>a?480:1080>a?1080:1920>a?1920:3e3>a?3e3:4320>a?4320:1960*Ns(a/1960))-a)){s.timeoutHandle=an(Pk.bind(null,s,Gs,Qs),a);break}Pk(s,Gs,Qs);break;default:throw Error(p(329))}}}return Dk(s,ht()),s.callbackNode===i?Gk.bind(null,s):null}function Nk(s,o){var i=Ks;return s.current.memoizedState.isDehydrated&&(Kk(s,o).flags|=256),2!==(s=Ik(s,o))&&(o=Gs,Gs=i,null!==o&&Fj(o)),s}function Fj(s){null===Gs?Gs=s:Gs.push.apply(Gs,s)}function Ck(s,o){for(o&=~Hs,o&=~Js,s.suspendedLanes|=o,s.pingedLanes&=~o,s=s.expirationTimes;0s?16:s,null===no)var a=!1;else{if(s=no,no=null,so=0,6&Ls)throw Error(p(331));var u=Ls;for(Ls|=4,Cs=s.current;null!==Cs;){var _=Cs,w=_.child;if(16&Cs.flags){var x=_.deletions;if(null!==x){for(var C=0;Cht()-Ys?Kk(s,0):Hs|=i),Dk(s,o)}function Yk(s,o){0===o&&(1&s.mode?(o=Ot,!(130023424&(Ot<<=1))&&(Ot=4194304)):o=1);var i=R();null!==(s=ih(s,o))&&(Ac(s,o,i),Dk(s,i))}function uj(s){var o=s.memoizedState,i=0;null!==o&&(i=o.retryLane),Yk(s,i)}function bk(s,o){var i=0;switch(s.tag){case 13:var a=s.stateNode,u=s.memoizedState;null!==u&&(i=u.retryLane);break;case 19:a=s.stateNode;break;default:throw Error(p(314))}null!==a&&a.delete(o),Yk(s,i)}function Fk(s,o){return ct(s,o)}function $k(s,o,i,a){this.tag=s,this.key=i,this.sibling=this.child=this.return=this.stateNode=this.type=this.elementType=null,this.index=0,this.ref=null,this.pendingProps=o,this.dependencies=this.memoizedState=this.updateQueue=this.memoizedProps=null,this.mode=a,this.subtreeFlags=this.flags=0,this.deletions=null,this.childLanes=this.lanes=0,this.alternate=null}function Bg(s,o,i,a){return new $k(s,o,i,a)}function aj(s){return!(!(s=s.prototype)||!s.isReactComponent)}function Pg(s,o){var i=s.alternate;return null===i?((i=Bg(s.tag,o,s.key,s.mode)).elementType=s.elementType,i.type=s.type,i.stateNode=s.stateNode,i.alternate=s,s.alternate=i):(i.pendingProps=o,i.type=s.type,i.flags=0,i.subtreeFlags=0,i.deletions=null),i.flags=14680064&s.flags,i.childLanes=s.childLanes,i.lanes=s.lanes,i.child=s.child,i.memoizedProps=s.memoizedProps,i.memoizedState=s.memoizedState,i.updateQueue=s.updateQueue,o=s.dependencies,i.dependencies=null===o?null:{lanes:o.lanes,firstContext:o.firstContext},i.sibling=s.sibling,i.index=s.index,i.ref=s.ref,i}function Rg(s,o,i,a,u,_){var w=2;if(a=s,"function"==typeof s)aj(s)&&(w=1);else if("string"==typeof s)w=5;else e:switch(s){case Z:return Tg(i.children,u,_,o);case ee:w=8,u|=8;break;case ie:return(s=Bg(12,i,o,2|u)).elementType=ie,s.lanes=_,s;case pe:return(s=Bg(13,i,o,u)).elementType=pe,s.lanes=_,s;case de:return(s=Bg(19,i,o,u)).elementType=de,s.lanes=_,s;case be:return pj(i,u,_,o);default:if("object"==typeof s&&null!==s)switch(s.$$typeof){case ae:w=10;break e;case ce:w=9;break e;case le:w=11;break e;case fe:w=14;break e;case ye:w=16,a=null;break e}throw Error(p(130,null==s?s:typeof s,""))}return(o=Bg(w,i,o,u)).elementType=s,o.type=a,o.lanes=_,o}function Tg(s,o,i,a){return(s=Bg(7,s,a,o)).lanes=i,s}function pj(s,o,i,a){return(s=Bg(22,s,a,o)).elementType=be,s.lanes=i,s.stateNode={isHidden:!1},s}function Qg(s,o,i){return(s=Bg(6,s,null,o)).lanes=i,s}function Sg(s,o,i){return(o=Bg(4,null!==s.children?s.children:[],s.key,o)).lanes=i,o.stateNode={containerInfo:s.containerInfo,pendingChildren:null,implementation:s.implementation},o}function al(s,o,i,a,u){this.tag=o,this.containerInfo=s,this.finishedWork=this.pingCache=this.current=this.pendingChildren=null,this.timeoutHandle=-1,this.callbackNode=this.pendingContext=this.context=null,this.callbackPriority=0,this.eventTimes=zc(0),this.expirationTimes=zc(-1),this.entangledLanes=this.finishedLanes=this.mutableReadLanes=this.expiredLanes=this.pingedLanes=this.suspendedLanes=this.pendingLanes=0,this.entanglements=zc(0),this.identifierPrefix=a,this.onRecoverableError=u,this.mutableSourceEagerHydrationData=null}function bl(s,o,i,a,u,_,w,x,C){return s=new al(s,o,i,x,C),1===o?(o=1,!0===_&&(o|=8)):o=0,_=Bg(3,null,null,o),s.current=_,_.stateNode=s,_.memoizedState={element:a,isDehydrated:i,cache:null,transitions:null,pendingSuspenseBoundaries:null},kh(_),s}function dl(s){if(!s)return _n;e:{if(Vb(s=s._reactInternals)!==s||1!==s.tag)throw Error(p(170));var o=s;do{switch(o.tag){case 3:o=o.stateNode.context;break e;case 1:if(Zf(o.type)){o=o.stateNode.__reactInternalMemoizedMergedChildContext;break e}}o=o.return}while(null!==o);throw Error(p(171))}if(1===s.tag){var i=s.type;if(Zf(i))return bg(s,i,o)}return o}function el(s,o,i,a,u,_,w,x,C){return(s=bl(i,a,!0,s,0,_,0,x,C)).context=dl(null),i=s.current,(_=mh(a=R(),u=yi(i))).callback=null!=o?o:null,nh(i,_,u),s.current.lanes=u,Ac(s,u,a),Dk(s,a),s}function fl(s,o,i,a){var u=o.current,_=R(),w=yi(u);return i=dl(i),null===o.context?o.context=i:o.pendingContext=i,(o=mh(_,w)).payload={element:s},null!==(a=void 0===a?null:a)&&(o.callback=a),null!==(s=nh(u,o,w))&&(gi(s,u,w,_),oh(s,u,w)),w}function gl(s){return(s=s.current).child?(s.child.tag,s.child.stateNode):null}function hl(s,o){if(null!==(s=s.memoizedState)&&null!==s.dehydrated){var i=s.retryLane;s.retryLane=0!==i&&i{"use strict";var i={}.propertyIsEnumerable,a=Object.getOwnPropertyDescriptor,u=a&&!i.call({1:2},1);o.f=u?function propertyIsEnumerable(s){var o=a(this,s);return!!o&&o.enumerable}:i},23007:s=>{s.exports=function copyArray(s,o){var i=-1,a=s.length;for(o||(o=Array(a));++i{"use strict";var a=i(88280),u=i(32567),_=Function.prototype;s.exports=function(s){var o=s.bind;return s===_||a(_,s)&&o===_.bind?u:o}},23045:(s,o,i)=>{"use strict";var a=i(1907),u=i(49724),_=i(4993),w=i(74436).indexOf,x=i(38530),C=a([].push);s.exports=function(s,o){var i,a=_(s),j=0,L=[];for(i in a)!u(x,i)&&u(a,i)&&C(L,i);for(;o.length>j;)u(a,i=o[j++])&&(~w(L,i)||C(L,i));return L}},23546:(s,o,i)=>{var a=i(72552),u=i(40346),_=i(11331);s.exports=function isError(s){if(!u(s))return!1;var o=a(s);return"[object Error]"==o||"[object DOMException]"==o||"string"==typeof s.message&&"string"==typeof s.name&&!_(s)}},23805:s=>{s.exports=function isObject(s){var o=typeof s;return null!=s&&("object"==o||"function"==o)}},23888:(s,o,i)=>{"use strict";var a=i(98828),u=i(75817);s.exports=!a((function(){var s=new Error("a");return!("stack"in s)||(Object.defineProperty(s,"stack",u(1,7)),7!==s.stack)}))},24107:(s,o,i)=>{"use strict";var a=i(56698),u=i(90392),_=i(92861).Buffer,w=[1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298],x=new Array(64);function Sha256(){this.init(),this._w=x,u.call(this,64,56)}function ch(s,o,i){return i^s&(o^i)}function maj(s,o,i){return s&o|i&(s|o)}function sigma0(s){return(s>>>2|s<<30)^(s>>>13|s<<19)^(s>>>22|s<<10)}function sigma1(s){return(s>>>6|s<<26)^(s>>>11|s<<21)^(s>>>25|s<<7)}function gamma0(s){return(s>>>7|s<<25)^(s>>>18|s<<14)^s>>>3}a(Sha256,u),Sha256.prototype.init=function(){return this._a=1779033703,this._b=3144134277,this._c=1013904242,this._d=2773480762,this._e=1359893119,this._f=2600822924,this._g=528734635,this._h=1541459225,this},Sha256.prototype._update=function(s){for(var o,i=this._w,a=0|this._a,u=0|this._b,_=0|this._c,x=0|this._d,C=0|this._e,j=0|this._f,L=0|this._g,B=0|this._h,$=0;$<16;++$)i[$]=s.readInt32BE(4*$);for(;$<64;++$)i[$]=0|(((o=i[$-2])>>>17|o<<15)^(o>>>19|o<<13)^o>>>10)+i[$-7]+gamma0(i[$-15])+i[$-16];for(var U=0;U<64;++U){var V=B+sigma1(C)+ch(C,j,L)+w[U]+i[U]|0,z=sigma0(a)+maj(a,u,_)|0;B=L,L=j,j=C,C=x+V|0,x=_,_=u,u=a,a=V+z|0}this._a=a+this._a|0,this._b=u+this._b|0,this._c=_+this._c|0,this._d=x+this._d|0,this._e=C+this._e|0,this._f=j+this._f|0,this._g=L+this._g|0,this._h=B+this._h|0},Sha256.prototype._hash=function(){var s=_.allocUnsafe(32);return s.writeInt32BE(this._a,0),s.writeInt32BE(this._b,4),s.writeInt32BE(this._c,8),s.writeInt32BE(this._d,12),s.writeInt32BE(this._e,16),s.writeInt32BE(this._f,20),s.writeInt32BE(this._g,24),s.writeInt32BE(this._h,28),s},s.exports=Sha256},24168:(s,o,i)=>{var a=i(91033),u=i(82819),_=i(9325);s.exports=function createPartial(s,o,i,w){var x=1&o,C=u(s);return function wrapper(){for(var o=-1,u=arguments.length,j=-1,L=w.length,B=Array(L+u),$=this&&this!==_&&this instanceof wrapper?C:s;++j{"use strict";var a=i(23045),u=i(80376).concat("length","prototype");o.f=Object.getOwnPropertyNames||function getOwnPropertyNames(s){return a(s,u)}},24647:(s,o,i)=>{var a=i(54552)({À:"A",Á:"A",Â:"A",Ã:"A",Ä:"A",Å:"A",à:"a",á:"a",â:"a",ã:"a",ä:"a",å:"a",Ç:"C",ç:"c",Ð:"D",ð:"d",È:"E",É:"E",Ê:"E",Ë:"E",è:"e",é:"e",ê:"e",ë:"e",Ì:"I",Í:"I",Î:"I",Ï:"I",ì:"i",í:"i",î:"i",ï:"i",Ñ:"N",ñ:"n",Ò:"O",Ó:"O",Ô:"O",Õ:"O",Ö:"O",Ø:"O",ò:"o",ó:"o",ô:"o",õ:"o",ö:"o",ø:"o",Ù:"U",Ú:"U",Û:"U",Ü:"U",ù:"u",ú:"u",û:"u",ü:"u",Ý:"Y",ý:"y",ÿ:"y",Æ:"Ae",æ:"ae",Þ:"Th",þ:"th",ß:"ss",Ā:"A",Ă:"A",Ą:"A",ā:"a",ă:"a",ą:"a",Ć:"C",Ĉ:"C",Ċ:"C",Č:"C",ć:"c",ĉ:"c",ċ:"c",č:"c",Ď:"D",Đ:"D",ď:"d",đ:"d",Ē:"E",Ĕ:"E",Ė:"E",Ę:"E",Ě:"E",ē:"e",ĕ:"e",ė:"e",ę:"e",ě:"e",Ĝ:"G",Ğ:"G",Ġ:"G",Ģ:"G",ĝ:"g",ğ:"g",ġ:"g",ģ:"g",Ĥ:"H",Ħ:"H",ĥ:"h",ħ:"h",Ĩ:"I",Ī:"I",Ĭ:"I",Į:"I",İ:"I",ĩ:"i",ī:"i",ĭ:"i",į:"i",ı:"i",Ĵ:"J",ĵ:"j",Ķ:"K",ķ:"k",ĸ:"k",Ĺ:"L",Ļ:"L",Ľ:"L",Ŀ:"L",Ł:"L",ĺ:"l",ļ:"l",ľ:"l",ŀ:"l",ł:"l",Ń:"N",Ņ:"N",Ň:"N",Ŋ:"N",ń:"n",ņ:"n",ň:"n",ŋ:"n",Ō:"O",Ŏ:"O",Ő:"O",ō:"o",ŏ:"o",ő:"o",Ŕ:"R",Ŗ:"R",Ř:"R",ŕ:"r",ŗ:"r",ř:"r",Ś:"S",Ŝ:"S",Ş:"S",Š:"S",ś:"s",ŝ:"s",ş:"s",š:"s",Ţ:"T",Ť:"T",Ŧ:"T",ţ:"t",ť:"t",ŧ:"t",Ũ:"U",Ū:"U",Ŭ:"U",Ů:"U",Ű:"U",Ų:"U",ũ:"u",ū:"u",ŭ:"u",ů:"u",ű:"u",ų:"u",Ŵ:"W",ŵ:"w",Ŷ:"Y",ŷ:"y",Ÿ:"Y",Ź:"Z",Ż:"Z",Ž:"Z",ź:"z",ż:"z",ž:"z",IJ:"IJ",ij:"ij",Œ:"Oe",œ:"oe",ʼn:"'n",ſ:"s"});s.exports=a},24677:(s,o,i)=>{"use strict";var a=i(81214).DebounceInput;a.DebounceInput=a,s.exports=a},24713:(s,o,i)=>{var a=i(2523),u=i(15389),_=i(61489),w=Math.max;s.exports=function findIndex(s,o,i){var x=null==s?0:s.length;if(!x)return-1;var C=null==i?0:_(i);return C<0&&(C=w(x+C,0)),a(s,u(o,3),C)}},24739:(s,o,i)=>{var a=i(26025);s.exports=function listCacheGet(s){var o=this.__data__,i=a(o,s);return i<0?void 0:o[i][1]}},24823:(s,o,i)=>{"use strict";var a=i(28311),u=i(13930),_=i(36624),w=i(4640),x=i(37812),C=i(20575),j=i(88280),L=i(10300),B=i(73448),$=i(40154),U=TypeError,Result=function(s,o){this.stopped=s,this.result=o},V=Result.prototype;s.exports=function(s,o,i){var z,Y,Z,ee,ie,ae,ce,le=i&&i.that,pe=!(!i||!i.AS_ENTRIES),de=!(!i||!i.IS_RECORD),fe=!(!i||!i.IS_ITERATOR),ye=!(!i||!i.INTERRUPTED),be=a(o,le),stop=function(s){return z&&$(z,"normal",s),new Result(!0,s)},callFn=function(s){return pe?(_(s),ye?be(s[0],s[1],stop):be(s[0],s[1])):ye?be(s,stop):be(s)};if(de)z=s.iterator;else if(fe)z=s;else{if(!(Y=B(s)))throw new U(w(s)+" is not iterable");if(x(Y)){for(Z=0,ee=C(s);ee>Z;Z++)if((ie=callFn(s[Z]))&&j(V,ie))return ie;return new Result(!1)}z=L(s,Y)}for(ae=de?s.next:z.next;!(ce=u(ae,z)).done;){try{ie=callFn(ce.value)}catch(s){$(z,"throw",s)}if("object"==typeof ie&&ie&&j(V,ie))return ie}return new Result(!1)}},25160:s=>{s.exports=function baseSlice(s,o,i){var a=-1,u=s.length;o<0&&(o=-o>u?0:u+o),(i=i>u?u:i)<0&&(i+=u),u=o>i?0:i-o>>>0,o>>>=0;for(var _=Array(u);++a{"use strict";function _typeof(s){return _typeof="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(s){return typeof s}:function(s){return s&&"function"==typeof Symbol&&s.constructor===Symbol&&s!==Symbol.prototype?"symbol":typeof s},_typeof(s)}Object.defineProperty(o,"__esModule",{value:!0}),o.CopyToClipboard=void 0;var a=_interopRequireDefault(i(96540)),u=_interopRequireDefault(i(17965)),_=["text","onCopy","options","children"];function _interopRequireDefault(s){return s&&s.__esModule?s:{default:s}}function ownKeys(s,o){var i=Object.keys(s);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(s);o&&(a=a.filter((function(o){return Object.getOwnPropertyDescriptor(s,o).enumerable}))),i.push.apply(i,a)}return i}function _objectSpread(s){for(var o=1;o=0||(u[i]=s[i]);return u}(s,o);if(Object.getOwnPropertySymbols){var _=Object.getOwnPropertySymbols(s);for(a=0;a<_.length;a++)i=_[a],o.indexOf(i)>=0||Object.prototype.propertyIsEnumerable.call(s,i)&&(u[i]=s[i])}return u}function _defineProperties(s,o){for(var i=0;i{"use strict";var a=i(65606),u=Object.keys||function(s){var o=[];for(var i in s)o.push(i);return o};s.exports=Duplex;var _=i(45412),w=i(16708);i(56698)(Duplex,_);for(var x=u(w.prototype),C=0;C{"use strict";var a=i(85582),u=i(62250),_=i(88280),w=i(51175),x=Object;s.exports=w?function(s){return"symbol"==typeof s}:function(s){var o=a("Symbol");return u(o)&&_(o.prototype,x(s))}},25767:(s,o,i)=>{"use strict";var a=i(82682),u=i(39209),_=i(10487),w=i(36556),x=i(75795),C=w("Object.prototype.toString"),j=i(49092)(),L="undefined"==typeof globalThis?i.g:globalThis,B=u(),$=w("String.prototype.slice"),U=Object.getPrototypeOf,V=w("Array.prototype.indexOf",!0)||function indexOf(s,o){for(var i=0;i-1?o:"Object"===o&&function tryAllSlices(s){var o=!1;return a(z,(function(i,a){if(!o)try{i(s),o=$(a,1)}catch(s){}})),o}(s)}return x?function tryAllTypedArrays(s){var o=!1;return a(z,(function(i,a){if(!o)try{"$"+i(s)===a&&(o=$(a,1))}catch(s){}})),o}(s):null}},25911:(s,o,i)=>{var a=i(38859),u=i(14248),_=i(19219);s.exports=function equalArrays(s,o,i,w,x,C){var j=1&i,L=s.length,B=o.length;if(L!=B&&!(j&&B>L))return!1;var $=C.get(s),U=C.get(o);if($&&U)return $==o&&U==s;var V=-1,z=!0,Y=2&i?new a:void 0;for(C.set(s,o),C.set(o,s);++V{var a=i(75288);s.exports=function assocIndexOf(s,o){for(var i=s.length;i--;)if(a(s[i][0],o))return i;return-1}},26311:s=>{!function(){var o;function format(s){for(var o,i,a,u,_=1,w=[].slice.call(arguments),x=0,C=s.length,j="",L=!1,B=!1,nextArg=function(){return w[_++]},slurpNumber=function(){for(var i="";/\d/.test(s[x]);)i+=s[x++],o=s[x];return i.length>0?parseInt(i):null};x{s.exports=function powershell(s){const o={$pattern:/-?[A-z\.\-]+\b/,keyword:"if else foreach return do while until elseif begin for trap data dynamicparam end break throw param continue finally in switch exit filter try process catch hidden static parameter",built_in:"ac asnp cat cd CFS chdir clc clear clhy cli clp cls clv cnsn compare copy cp cpi cpp curl cvpa dbp del diff dir dnsn ebp echo|0 epal epcsv epsn erase etsn exsn fc fhx fl ft fw gal gbp gc gcb gci gcm gcs gdr gerr ghy gi gin gjb gl gm gmo gp gps gpv group gsn gsnp gsv gtz gu gv gwmi h history icm iex ihy ii ipal ipcsv ipmo ipsn irm ise iwmi iwr kill lp ls man md measure mi mount move mp mv nal ndr ni nmo npssc nsn nv ogv oh popd ps pushd pwd r rbp rcjb rcsn rd rdr ren ri rjb rm rmdir rmo rni rnp rp rsn rsnp rujb rv rvpa rwmi sajb sal saps sasv sbp sc scb select set shcm si sl sleep sls sort sp spjb spps spsv start stz sujb sv swmi tee trcm type wget where wjb write"},i={begin:"`[\\s\\S]",relevance:0},a={className:"variable",variants:[{begin:/\$\B/},{className:"keyword",begin:/\$this/},{begin:/\$[\w\d][\w\d_:]*/}]},u={className:"string",variants:[{begin:/"/,end:/"/},{begin:/@"/,end:/^"@/}],contains:[i,a,{className:"variable",begin:/\$[A-z]/,end:/[^A-z]/}]},_={className:"string",variants:[{begin:/'/,end:/'/},{begin:/@'/,end:/^'@/}]},w=s.inherit(s.COMMENT(null,null),{variants:[{begin:/#/,end:/$/},{begin:/<#/,end:/#>/}],contains:[{className:"doctag",variants:[{begin:/\.(synopsis|description|example|inputs|outputs|notes|link|component|role|functionality)/},{begin:/\.(parameter|forwardhelptargetname|forwardhelpcategory|remotehelprunspace|externalhelp)\s+\S+/}]}]}),x={className:"built_in",variants:[{begin:"(".concat("Add|Clear|Close|Copy|Enter|Exit|Find|Format|Get|Hide|Join|Lock|Move|New|Open|Optimize|Pop|Push|Redo|Remove|Rename|Reset|Resize|Search|Select|Set|Show|Skip|Split|Step|Switch|Undo|Unlock|Watch|Backup|Checkpoint|Compare|Compress|Convert|ConvertFrom|ConvertTo|Dismount|Edit|Expand|Export|Group|Import|Initialize|Limit|Merge|Mount|Out|Publish|Restore|Save|Sync|Unpublish|Update|Approve|Assert|Build|Complete|Confirm|Deny|Deploy|Disable|Enable|Install|Invoke|Register|Request|Restart|Resume|Start|Stop|Submit|Suspend|Uninstall|Unregister|Wait|Debug|Measure|Ping|Repair|Resolve|Test|Trace|Connect|Disconnect|Read|Receive|Send|Write|Block|Grant|Protect|Revoke|Unblock|Unprotect|Use|ForEach|Sort|Tee|Where",")+(-)[\\w\\d]+")}]},C={className:"class",beginKeywords:"class enum",end:/\s*[{]/,excludeEnd:!0,relevance:0,contains:[s.TITLE_MODE]},j={className:"function",begin:/function\s+/,end:/\s*\{|$/,excludeEnd:!0,returnBegin:!0,relevance:0,contains:[{begin:"function",relevance:0,className:"keyword"},{className:"title",begin:/\w[\w\d]*((-)[\w\d]+)*/,relevance:0},{begin:/\(/,end:/\)/,className:"params",relevance:0,contains:[a]}]},L={begin:/using\s/,end:/$/,returnBegin:!0,contains:[u,_,{className:"keyword",begin:/(using|assembly|command|module|namespace|type)/}]},B={variants:[{className:"operator",begin:"(".concat("-and|-as|-band|-bnot|-bor|-bxor|-casesensitive|-ccontains|-ceq|-cge|-cgt|-cle|-clike|-clt|-cmatch|-cne|-cnotcontains|-cnotlike|-cnotmatch|-contains|-creplace|-csplit|-eq|-exact|-f|-file|-ge|-gt|-icontains|-ieq|-ige|-igt|-ile|-ilike|-ilt|-imatch|-in|-ine|-inotcontains|-inotlike|-inotmatch|-ireplace|-is|-isnot|-isplit|-join|-le|-like|-lt|-match|-ne|-not|-notcontains|-notin|-notlike|-notmatch|-or|-regex|-replace|-shl|-shr|-split|-wildcard|-xor",")\\b")},{className:"literal",begin:/(-)[\w\d]+/,relevance:0}]},$={className:"function",begin:/\[.*\]\s*[\w]+[ ]??\(/,end:/$/,returnBegin:!0,relevance:0,contains:[{className:"keyword",begin:"(".concat(o.keyword.toString().replace(/\s/g,"|"),")\\b"),endsParent:!0,relevance:0},s.inherit(s.TITLE_MODE,{endsParent:!0})]},U=[$,w,i,s.NUMBER_MODE,u,_,x,a,{className:"literal",begin:/\$(null|true|false)\b/},{className:"selector-tag",begin:/@\B/,relevance:0}],V={begin:/\[/,end:/\]/,excludeBegin:!0,excludeEnd:!0,relevance:0,contains:[].concat("self",U,{begin:"("+["string","char","byte","int","long","bool","decimal","single","double","DateTime","xml","array","hashtable","void"].join("|")+")",className:"built_in",relevance:0},{className:"type",begin:/[\.\w\d]+/,relevance:0})};return $.contains.unshift(V),{name:"PowerShell",aliases:["ps","ps1"],case_insensitive:!0,keywords:o,contains:U.concat(C,j,L,B,V)}}},26657:(s,o,i)=>{"use strict";var a=i(75208),u=function isClosingTag(s){return/<\/+[^>]+>/.test(s)},_=function isSelfClosingTag(s){return/<[^>]+\/>/.test(s)};function getType(s){return u(s)?"ClosingTag":function isOpeningTag(s){return function isTag(s){return/<[^>!]+>/.test(s)}(s)&&!u(s)&&!_(s)}(s)?"OpeningTag":_(s)?"SelfClosingTag":"Text"}s.exports=function(s){var o=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},i=o.indentor,u=o.textNodesOnSameLine,_=0,w=[];i=i||" ";var x=function lexer(s){return function splitOnTags(s){return s.split(/(<\/?[^>]+>)/g).filter((function(s){return""!==s.trim()}))}(s).map((function(s){return{value:s,type:getType(s)}}))}(s).map((function(s,o,x){var C=s.value,j=s.type;"ClosingTag"===j&&_--;var L=a(i,_),B=L+C;if("OpeningTag"===j&&_++,u){var $=x[o-1],U=x[o-2];"ClosingTag"===j&&"Text"===$.type&&"OpeningTag"===U.type&&(B=""+L+U.value+$.value+C,w.push(o-2,o-1))}return B}));return w.forEach((function(s){return x[s]=null})),x.filter((function(s){return!!s})).join("\n")}},26710:(s,o,i)=>{"use strict";var a=i(56698),u=i(24107),_=i(90392),w=i(92861).Buffer,x=new Array(64);function Sha224(){this.init(),this._w=x,_.call(this,64,56)}a(Sha224,u),Sha224.prototype.init=function(){return this._a=3238371032,this._b=914150663,this._c=812702999,this._d=4144912697,this._e=4290775857,this._f=1750603025,this._g=1694076839,this._h=3204075428,this},Sha224.prototype._hash=function(){var s=w.allocUnsafe(28);return s.writeInt32BE(this._a,0),s.writeInt32BE(this._b,4),s.writeInt32BE(this._c,8),s.writeInt32BE(this._d,12),s.writeInt32BE(this._e,16),s.writeInt32BE(this._f,20),s.writeInt32BE(this._g,24),s},s.exports=Sha224},27096:(s,o,i)=>{const a=i(87586),u=i(6205),_=i(10023),w=i(8048);s.exports=s=>{var o,i,x=0,C={type:u.ROOT,stack:[]},j=C,L=C.stack,B=[],repeatErr=o=>{a.error(s,"Nothing to repeat at column "+(o-1))},$=a.strToChars(s);for(o=$.length;x{s.exports=function baseUnary(s){return function(o){return s(o)}}},27374:(s,o)=>{"use strict";Object.defineProperty(o,"__esModule",{value:!0}),o.default=function(s,o,i){if(void 0===s)throw new Error('Reducer "'+o+'" returned undefined when handling "'+i.type+'" action. To ignore an action, you must explicitly return the previous state.')},s.exports=o.default},27534:(s,o,i)=>{var a=i(72552),u=i(40346);s.exports=function baseIsArguments(s){return u(s)&&"[object Arguments]"==a(s)}},27816:(s,o,i)=>{"use strict";var a=i(56698),u=i(90392),_=i(92861).Buffer,w=[1518500249,1859775393,-1894007588,-899497514],x=new Array(80);function Sha(){this.init(),this._w=x,u.call(this,64,56)}function rotl30(s){return s<<30|s>>>2}function ft(s,o,i,a){return 0===s?o&i|~o&a:2===s?o&i|o&a|i&a:o^i^a}a(Sha,u),Sha.prototype.init=function(){return this._a=1732584193,this._b=4023233417,this._c=2562383102,this._d=271733878,this._e=3285377520,this},Sha.prototype._update=function(s){for(var o,i=this._w,a=0|this._a,u=0|this._b,_=0|this._c,x=0|this._d,C=0|this._e,j=0;j<16;++j)i[j]=s.readInt32BE(4*j);for(;j<80;++j)i[j]=i[j-3]^i[j-8]^i[j-14]^i[j-16];for(var L=0;L<80;++L){var B=~~(L/20),$=0|((o=a)<<5|o>>>27)+ft(B,u,_,x)+C+i[L]+w[B];C=x,x=_,_=rotl30(u),u=a,a=$}this._a=a+this._a|0,this._b=u+this._b|0,this._c=_+this._c|0,this._d=x+this._d|0,this._e=C+this._e|0},Sha.prototype._hash=function(){var s=_.allocUnsafe(20);return s.writeInt32BE(0|this._a,0),s.writeInt32BE(0|this._b,4),s.writeInt32BE(0|this._c,8),s.writeInt32BE(0|this._d,12),s.writeInt32BE(0|this._e,16),s},s.exports=Sha},28077:s=>{s.exports=function baseHasIn(s,o){return null!=s&&o in Object(s)}},28303:(s,o,i)=>{var a=i(56110)(i(9325),"WeakMap");s.exports=a},28311:(s,o,i)=>{"use strict";var a=i(92361),u=i(82159),_=i(41505),w=a(a.bind);s.exports=function(s,o){return u(s),void 0===o?s:_?w(s,o):function(){return s.apply(o,arguments)}}},28586:(s,o,i)=>{var a=i(56449),u=i(44394),_=/\.|\[(?:[^[\]]*|(["'])(?:(?!\1)[^\\]|\\.)*?\1)\]/,w=/^\w*$/;s.exports=function isKey(s,o){if(a(s))return!1;var i=typeof s;return!("number"!=i&&"symbol"!=i&&"boolean"!=i&&null!=s&&!u(s))||(w.test(s)||!_.test(s)||null!=o&&s in Object(o))}},28754:(s,o,i)=>{var a=i(25160);s.exports=function castSlice(s,o,i){var u=s.length;return i=void 0===i?u:i,!o&&i>=u?s:a(s,o,i)}},28879:(s,o,i)=>{var a=i(74335)(Object.getPrototypeOf,Object);s.exports=a},29172:(s,o,i)=>{var a=i(5861),u=i(40346);s.exports=function baseIsMap(s){return u(s)&&"[object Map]"==a(s)}},29367:(s,o,i)=>{"use strict";var a=i(82159),u=i(87136);s.exports=function(s,o){var i=s[o];return u(i)?void 0:a(i)}},29538:(s,o,i)=>{"use strict";var a=i(39447),u=i(1907),_=i(13930),w=i(98828),x=i(2875),C=i(87170),j=i(22574),L=i(39298),B=i(16946),$=Object.assign,U=Object.defineProperty,V=u([].concat);s.exports=!$||w((function(){if(a&&1!==$({b:1},$(U({},"a",{enumerable:!0,get:function(){U(this,"b",{value:3,enumerable:!1})}}),{b:2})).b)return!0;var s={},o={},i=Symbol("assign detection"),u="abcdefghijklmnopqrst";return s[i]=7,u.split("").forEach((function(s){o[s]=s})),7!==$({},s)[i]||x($({},o)).join("")!==u}))?function assign(s,o){for(var i=L(s),u=arguments.length,w=1,$=C.f,U=j.f;u>w;)for(var z,Y=B(arguments[w++]),Z=$?V(x(Y),$(Y)):x(Y),ee=Z.length,ie=0;ee>ie;)z=Z[ie++],a&&!_(U,Y,z)||(i[z]=Y[z]);return i}:$},29817:s=>{s.exports=function stackHas(s){return this.__data__.has(s)}},29844:(s,o)=>{"use strict";function f(s,o){var i=s.length;s.push(o);e:for(;0>>1,u=s[a];if(!(0>>1;a<_;){var w=2*(a+1)-1,x=s[w],C=w+1,j=s[C];if(0>g(x,i))Cg(j,x)?(s[a]=j,s[C]=i,a=C):(s[a]=x,s[w]=i,a=w);else{if(!(Cg(j,i)))break e;s[a]=j,s[C]=i,a=C}}}return o}function g(s,o){var i=s.sortIndex-o.sortIndex;return 0!==i?i:s.id-o.id}if("object"==typeof performance&&"function"==typeof performance.now){var i=performance;o.unstable_now=function(){return i.now()}}else{var a=Date,u=a.now();o.unstable_now=function(){return a.now()-u}}var _=[],w=[],x=1,C=null,j=3,L=!1,B=!1,$=!1,U="function"==typeof setTimeout?setTimeout:null,V="function"==typeof clearTimeout?clearTimeout:null,z="undefined"!=typeof setImmediate?setImmediate:null;function G(s){for(var o=h(w);null!==o;){if(null===o.callback)k(w);else{if(!(o.startTime<=s))break;k(w),o.sortIndex=o.expirationTime,f(_,o)}o=h(w)}}function H(s){if($=!1,G(s),!B)if(null!==h(_))B=!0,I(J);else{var o=h(w);null!==o&&K(H,o.startTime-s)}}function J(s,i){B=!1,$&&($=!1,V(ie),ie=-1),L=!0;var a=j;try{for(G(i),C=h(_);null!==C&&(!(C.expirationTime>i)||s&&!M());){var u=C.callback;if("function"==typeof u){C.callback=null,j=C.priorityLevel;var x=u(C.expirationTime<=i);i=o.unstable_now(),"function"==typeof x?C.callback=x:C===h(_)&&k(_),G(i)}else k(_);C=h(_)}if(null!==C)var U=!0;else{var z=h(w);null!==z&&K(H,z.startTime-i),U=!1}return U}finally{C=null,j=a,L=!1}}"undefined"!=typeof navigator&&void 0!==navigator.scheduling&&void 0!==navigator.scheduling.isInputPending&&navigator.scheduling.isInputPending.bind(navigator.scheduling);var Y,Z=!1,ee=null,ie=-1,ae=5,ce=-1;function M(){return!(o.unstable_now()-ces||125u?(s.sortIndex=a,f(w,s),null===h(_)&&s===h(w)&&($?(V(ie),ie=-1):$=!0,K(H,a-u))):(s.sortIndex=C,f(_,s),B||L||(B=!0,I(J))),s},o.unstable_shouldYield=M,o.unstable_wrapCallback=function(s){var o=j;return function(){var i=j;j=o;try{return s.apply(this,arguments)}finally{j=i}}}},30041:(s,o,i)=>{"use strict";var a=i(30655),u=i(58068),_=i(69675),w=i(75795);s.exports=function defineDataProperty(s,o,i){if(!s||"object"!=typeof s&&"function"!=typeof s)throw new _("`obj` must be an object or a function`");if("string"!=typeof o&&"symbol"!=typeof o)throw new _("`property` must be a string or a symbol`");if(arguments.length>3&&"boolean"!=typeof arguments[3]&&null!==arguments[3])throw new _("`nonEnumerable`, if provided, must be a boolean or null");if(arguments.length>4&&"boolean"!=typeof arguments[4]&&null!==arguments[4])throw new _("`nonWritable`, if provided, must be a boolean or null");if(arguments.length>5&&"boolean"!=typeof arguments[5]&&null!==arguments[5])throw new _("`nonConfigurable`, if provided, must be a boolean or null");if(arguments.length>6&&"boolean"!=typeof arguments[6])throw new _("`loose`, if provided, must be a boolean");var x=arguments.length>3?arguments[3]:null,C=arguments.length>4?arguments[4]:null,j=arguments.length>5?arguments[5]:null,L=arguments.length>6&&arguments[6],B=!!w&&w(s,o);if(a)a(s,o,{configurable:null===j&&B?B.configurable:!j,enumerable:null===x&&B?B.enumerable:!x,value:i,writable:null===C&&B?B.writable:!C});else{if(!L&&(x||C||j))throw new u("This environment does not support defining a property as non-configurable, non-writable, or non-enumerable.");s[o]=i}}},30294:s=>{s.exports=function isLength(s){return"number"==typeof s&&s>-1&&s%1==0&&s<=9007199254740991}},30361:s=>{var o=/^(?:0|[1-9]\d*)$/;s.exports=function isIndex(s,i){var a=typeof s;return!!(i=null==i?9007199254740991:i)&&("number"==a||"symbol"!=a&&o.test(s))&&s>-1&&s%1==0&&s{"use strict";var a=i(30655),u=function hasPropertyDescriptors(){return!!a};u.hasArrayLengthDefineBug=function hasArrayLengthDefineBug(){if(!a)return null;try{return 1!==a([],"length",{value:1}).length}catch(s){return!0}},s.exports=u},30641:(s,o,i)=>{var a=i(86649),u=i(95950);s.exports=function baseForOwn(s,o){return s&&a(s,o,u)}},30655:s=>{"use strict";var o=Object.defineProperty||!1;if(o)try{o({},"a",{value:1})}catch(s){o=!1}s.exports=o},30756:(s,o,i)=>{var a=i(23805);s.exports=function isStrictComparable(s){return s==s&&!a(s)}},30980:(s,o,i)=>{var a=i(39344),u=i(94033);function LazyWrapper(s){this.__wrapped__=s,this.__actions__=[],this.__dir__=1,this.__filtered__=!1,this.__iteratees__=[],this.__takeCount__=4294967295,this.__views__=[]}LazyWrapper.prototype=a(u.prototype),LazyWrapper.prototype.constructor=LazyWrapper,s.exports=LazyWrapper},31175:(s,o,i)=>{var a=i(26025);s.exports=function listCacheSet(s,o){var i=this.__data__,u=a(i,s);return u<0?(++this.size,i.push([s,o])):i[u][1]=o,this}},31380:s=>{s.exports=function setCacheAdd(s){return this.__data__.set(s,"__lodash_hash_undefined__"),this}},31499:s=>{var o={"&":"&",'"':""","'":"'","<":"<",">":">"};s.exports=function escapeForXML(s){return s&&s.replace?s.replace(/([&"<>'])/g,(function(s,i){return o[i]})):s}},31769:(s,o,i)=>{var a=i(56449),u=i(28586),_=i(61802),w=i(13222);s.exports=function castPath(s,o){return a(s)?s:u(s,o)?[s]:_(w(s))}},31800:s=>{var o=/\s/;s.exports=function trimmedEndIndex(s){for(var i=s.length;i--&&o.test(s.charAt(i)););return i}},32096:(s,o,i)=>{"use strict";var a=i(90160);s.exports=function(s,o){return void 0===s?arguments.length<2?"":o:a(s)}},32567:(s,o,i)=>{"use strict";i(79307);var a=i(61747);s.exports=a("Function","bind")},32629:(s,o,i)=>{var a=i(9999);s.exports=function clone(s){return a(s,4)}},32804:(s,o,i)=>{var a=i(56110)(i(9325),"Promise");s.exports=a},32827:(s,o,i)=>{"use strict";var a=i(56698),u=i(82890),_=i(90392),w=i(92861).Buffer,x=new Array(160);function Sha384(){this.init(),this._w=x,_.call(this,128,112)}a(Sha384,u),Sha384.prototype.init=function(){return this._ah=3418070365,this._bh=1654270250,this._ch=2438529370,this._dh=355462360,this._eh=1731405415,this._fh=2394180231,this._gh=3675008525,this._hh=1203062813,this._al=3238371032,this._bl=914150663,this._cl=812702999,this._dl=4144912697,this._el=4290775857,this._fl=1750603025,this._gl=1694076839,this._hl=3204075428,this},Sha384.prototype._hash=function(){var s=w.allocUnsafe(48);function writeInt64BE(o,i,a){s.writeInt32BE(o,a),s.writeInt32BE(i,a+4)}return writeInt64BE(this._ah,this._al,0),writeInt64BE(this._bh,this._bl,8),writeInt64BE(this._ch,this._cl,16),writeInt64BE(this._dh,this._dl,24),writeInt64BE(this._eh,this._el,32),writeInt64BE(this._fh,this._fl,40),s},s.exports=Sha384},32865:(s,o,i)=>{var a=i(19570),u=i(51811)(a);s.exports=u},33855:(s,o,i)=>{var a=i(9999),u=i(15389);s.exports=function iteratee(s){return u("function"==typeof s?s:a(s,1))}},34035:(s,o,i)=>{const a=i(3110),u=i(86804);o.g$=a,o.KeyValuePair=i(55973),o.G6=u.ArraySlice,o.ot=u.ObjectSlice,o.Hg=u.Element,o.Om=u.StringElement,o.kT=u.NumberElement,o.bd=u.BooleanElement,o.Os=u.NullElement,o.wE=u.ArrayElement,o.Sh=u.ObjectElement,o.Pr=u.MemberElement,o.sI=u.RefElement,o.Ft=u.LinkElement,o.e=u.refract,i(85105),i(75147)},34084:(s,o,i)=>{"use strict";var a=i(62250),u=i(46285),_=i(79192);s.exports=function(s,o,i){var w,x;return _&&a(w=o.constructor)&&w!==i&&u(x=w.prototype)&&x!==i.prototype&&_(s,x),s}},34840:(s,o,i)=>{var a="object"==typeof i.g&&i.g&&i.g.Object===Object&&i.g;s.exports=a},34849:(s,o,i)=>{"use strict";var a=i(65482),u=Math.max,_=Math.min;s.exports=function(s,o){var i=a(s);return i<0?u(i+o,0):_(i,o)}},34932:s=>{s.exports=function arrayMap(s,o){for(var i=-1,a=null==s?0:s.length,u=Array(a);++i{function concat(...s){return s.map((s=>function source(s){return s?"string"==typeof s?s:s.source:null}(s))).join("")}s.exports=function bash(s){const o={},i={begin:/\$\{/,end:/\}/,contains:["self",{begin:/:-/,contains:[o]}]};Object.assign(o,{className:"variable",variants:[{begin:concat(/\$[\w\d#@][\w\d_]*/,"(?![\\w\\d])(?![$])")},i]});const a={className:"subst",begin:/\$\(/,end:/\)/,contains:[s.BACKSLASH_ESCAPE]},u={begin:/<<-?\s*(?=\w+)/,starts:{contains:[s.END_SAME_AS_BEGIN({begin:/(\w+)/,end:/(\w+)/,className:"string"})]}},_={className:"string",begin:/"/,end:/"/,contains:[s.BACKSLASH_ESCAPE,o,a]};a.contains.push(_);const w={begin:/\$\(\(/,end:/\)\)/,contains:[{begin:/\d+#[0-9a-f]+/,className:"number"},s.NUMBER_MODE,o]},x=s.SHEBANG({binary:`(${["fish","bash","zsh","sh","csh","ksh","tcsh","dash","scsh"].join("|")})`,relevance:10}),C={className:"function",begin:/\w[\w\d_]*\s*\(\s*\)\s*\{/,returnBegin:!0,contains:[s.inherit(s.TITLE_MODE,{begin:/\w[\w\d_]*/})],relevance:0};return{name:"Bash",aliases:["sh","zsh"],keywords:{$pattern:/\b[a-z._-]+\b/,keyword:"if then else elif fi for while in do done case esac function",literal:"true false",built_in:"break cd continue eval exec exit export getopts hash pwd readonly return shift test times trap umask unset alias bind builtin caller command declare echo enable help let local logout mapfile printf read readarray source type typeset ulimit unalias set shopt autoload bg bindkey bye cap chdir clone comparguments compcall compctl compdescribe compfiles compgroups compquote comptags comptry compvalues dirs disable disown echotc echoti emulate fc fg float functions getcap getln history integer jobs kill limit log noglob popd print pushd pushln rehash sched setcap setopt stat suspend ttyctl unfunction unhash unlimit unsetopt vared wait whence where which zcompile zformat zftp zle zmodload zparseopts zprof zpty zregexparse zsocket zstyle ztcp"},contains:[x,s.SHEBANG(),C,w,s.HASH_COMMENT_MODE,u,_,{className:"",begin:/\\"/},{className:"string",begin:/'/,end:/'/},o]}}},35345:s=>{"use strict";s.exports=URIError},35529:(s,o,i)=>{var a=i(39344),u=i(28879),_=i(55527);s.exports=function initCloneObject(s){return"function"!=typeof s.constructor||_(s)?{}:a(u(s))}},35680:(s,o,i)=>{"use strict";var a=i(25767);s.exports=function isTypedArray(s){return!!a(s)}},35749:(s,o,i)=>{var a=i(81042);s.exports=function hashSet(s,o){var i=this.__data__;return this.size+=this.has(s)?0:1,i[s]=a&&void 0===o?"__lodash_hash_undefined__":o,this}},35970:(s,o,i)=>{var a=i(83120);s.exports=function flatten(s){return(null==s?0:s.length)?a(s,1):[]}},36128:(s,o,i)=>{"use strict";var a=i(7376),u=i(45951),_=i(2532),w="__core-js_shared__",x=s.exports=u[w]||_(w,{});(x.versions||(x.versions=[])).push({version:"3.40.0",mode:a?"pure":"global",copyright:"© 2014-2025 Denis Pushkarev (zloirock.ru)",license:"https://github.com/zloirock/core-js/blob/v3.40.0/LICENSE",source:"https://github.com/zloirock/core-js"})},36306:s=>{var o="__lodash_placeholder__";s.exports=function replaceHolders(s,i){for(var a=-1,u=s.length,_=0,w=[];++a{"use strict";var a=i(11091),u=i(85582),_=i(76024),w=i(98828),x=i(19358),C="AggregateError",j=u(C),L=!w((function(){return 1!==j([1]).errors[0]}))&&w((function(){return 7!==j([1],C,{cause:7}).cause}));a({global:!0,constructor:!0,arity:2,forced:L},{AggregateError:x(C,(function(s){return function AggregateError(o,i){return _(s,this,arguments)}}),L,!0)})},36556:(s,o,i)=>{"use strict";var a=i(70453),u=i(73126),_=u([a("%String.prototype.indexOf%")]);s.exports=function callBoundIntrinsic(s,o){var i=a(s,!!o);return"function"==typeof i&&_(s,".prototype.")>-1?u([i]):i}},36624:(s,o,i)=>{"use strict";var a=i(46285),u=String,_=TypeError;s.exports=function(s){if(a(s))return s;throw new _(u(s)+" is not an object")}},36800:(s,o,i)=>{var a=i(75288),u=i(64894),_=i(30361),w=i(23805);s.exports=function isIterateeCall(s,o,i){if(!w(i))return!1;var x=typeof o;return!!("number"==x?u(i)&&_(o,i.length):"string"==x&&o in i)&&a(i[o],s)}},36833:(s,o,i)=>{"use strict";var a=i(39447),u=i(49724),_=Function.prototype,w=a&&Object.getOwnPropertyDescriptor,x=u(_,"name"),C=x&&"something"===function something(){}.name,j=x&&(!a||a&&w(_,"name").configurable);s.exports={EXISTS:x,PROPER:C,CONFIGURABLE:j}},37007:s=>{"use strict";var o,i="object"==typeof Reflect?Reflect:null,a=i&&"function"==typeof i.apply?i.apply:function ReflectApply(s,o,i){return Function.prototype.apply.call(s,o,i)};o=i&&"function"==typeof i.ownKeys?i.ownKeys:Object.getOwnPropertySymbols?function ReflectOwnKeys(s){return Object.getOwnPropertyNames(s).concat(Object.getOwnPropertySymbols(s))}:function ReflectOwnKeys(s){return Object.getOwnPropertyNames(s)};var u=Number.isNaN||function NumberIsNaN(s){return s!=s};function EventEmitter(){EventEmitter.init.call(this)}s.exports=EventEmitter,s.exports.once=function once(s,o){return new Promise((function(i,a){function errorListener(i){s.removeListener(o,resolver),a(i)}function resolver(){"function"==typeof s.removeListener&&s.removeListener("error",errorListener),i([].slice.call(arguments))}eventTargetAgnosticAddListener(s,o,resolver,{once:!0}),"error"!==o&&function addErrorHandlerIfEventEmitter(s,o,i){"function"==typeof s.on&&eventTargetAgnosticAddListener(s,"error",o,i)}(s,errorListener,{once:!0})}))},EventEmitter.EventEmitter=EventEmitter,EventEmitter.prototype._events=void 0,EventEmitter.prototype._eventsCount=0,EventEmitter.prototype._maxListeners=void 0;var _=10;function checkListener(s){if("function"!=typeof s)throw new TypeError('The "listener" argument must be of type Function. Received type '+typeof s)}function _getMaxListeners(s){return void 0===s._maxListeners?EventEmitter.defaultMaxListeners:s._maxListeners}function _addListener(s,o,i,a){var u,_,w;if(checkListener(i),void 0===(_=s._events)?(_=s._events=Object.create(null),s._eventsCount=0):(void 0!==_.newListener&&(s.emit("newListener",o,i.listener?i.listener:i),_=s._events),w=_[o]),void 0===w)w=_[o]=i,++s._eventsCount;else if("function"==typeof w?w=_[o]=a?[i,w]:[w,i]:a?w.unshift(i):w.push(i),(u=_getMaxListeners(s))>0&&w.length>u&&!w.warned){w.warned=!0;var x=new Error("Possible EventEmitter memory leak detected. "+w.length+" "+String(o)+" listeners added. Use emitter.setMaxListeners() to increase limit");x.name="MaxListenersExceededWarning",x.emitter=s,x.type=o,x.count=w.length,function ProcessEmitWarning(s){console&&console.warn&&console.warn(s)}(x)}return s}function onceWrapper(){if(!this.fired)return this.target.removeListener(this.type,this.wrapFn),this.fired=!0,0===arguments.length?this.listener.call(this.target):this.listener.apply(this.target,arguments)}function _onceWrap(s,o,i){var a={fired:!1,wrapFn:void 0,target:s,type:o,listener:i},u=onceWrapper.bind(a);return u.listener=i,a.wrapFn=u,u}function _listeners(s,o,i){var a=s._events;if(void 0===a)return[];var u=a[o];return void 0===u?[]:"function"==typeof u?i?[u.listener||u]:[u]:i?function unwrapListeners(s){for(var o=new Array(s.length),i=0;i0&&(w=o[0]),w instanceof Error)throw w;var x=new Error("Unhandled error."+(w?" ("+w.message+")":""));throw x.context=w,x}var C=_[s];if(void 0===C)return!1;if("function"==typeof C)a(C,this,o);else{var j=C.length,L=arrayClone(C,j);for(i=0;i=0;_--)if(i[_]===o||i[_].listener===o){w=i[_].listener,u=_;break}if(u<0)return this;0===u?i.shift():function spliceOne(s,o){for(;o+1=0;a--)this.removeListener(s,o[a]);return this},EventEmitter.prototype.listeners=function listeners(s){return _listeners(this,s,!0)},EventEmitter.prototype.rawListeners=function rawListeners(s){return _listeners(this,s,!1)},EventEmitter.listenerCount=function(s,o){return"function"==typeof s.listenerCount?s.listenerCount(o):listenerCount.call(s,o)},EventEmitter.prototype.listenerCount=listenerCount,EventEmitter.prototype.eventNames=function eventNames(){return this._eventsCount>0?o(this._events):[]}},37167:(s,o,i)=>{var a=i(4901),u=i(27301),_=i(86009),w=_&&_.isTypedArray,x=w?u(w):a;s.exports=x},37217:(s,o,i)=>{var a=i(80079),u=i(51420),_=i(90938),w=i(63605),x=i(29817),C=i(80945);function Stack(s){var o=this.__data__=new a(s);this.size=o.size}Stack.prototype.clear=u,Stack.prototype.delete=_,Stack.prototype.get=w,Stack.prototype.has=x,Stack.prototype.set=C,s.exports=Stack},37241:(s,o,i)=>{var a=i(70695),u=i(72903),_=i(64894);s.exports=function keysIn(s){return _(s)?a(s,!0):u(s)}},37257:(s,o,i)=>{"use strict";i(96605),i(64502),i(36371),i(99363),i(7057);var a=i(92046);s.exports=a.AggregateError},37334:s=>{s.exports=function constant(s){return function(){return s}}},37381:(s,o,i)=>{var a=i(48152),u=i(63950),_=a?function(s){return a.get(s)}:u;s.exports=_},37471:(s,o,i)=>{var a=i(91596),u=i(53320),_=i(58523),w=i(82819),x=i(18073),C=i(11287),j=i(68294),L=i(36306),B=i(9325);s.exports=function createHybrid(s,o,i,$,U,V,z,Y,Z,ee){var ie=128&o,ae=1&o,ce=2&o,le=24&o,pe=512&o,de=ce?void 0:w(s);return function wrapper(){for(var fe=arguments.length,ye=Array(fe),be=fe;be--;)ye[be]=arguments[be];if(le)var _e=C(wrapper),Se=_(ye,_e);if($&&(ye=a(ye,$,U,le)),V&&(ye=u(ye,V,z,le)),fe-=Se,le&&fe1&&ye.reverse(),ie&&Z{"use strict";var a=i(76264),u=i(93742),_=a("iterator"),w=Array.prototype;s.exports=function(s){return void 0!==s&&(u.Array===s||w[_]===s)}},37828:(s,o,i)=>{var a=i(9325).Uint8Array;s.exports=a},38221:(s,o,i)=>{var a=i(23805),u=i(10124),_=i(99374),w=Math.max,x=Math.min;s.exports=function debounce(s,o,i){var C,j,L,B,$,U,V=0,z=!1,Y=!1,Z=!0;if("function"!=typeof s)throw new TypeError("Expected a function");function invokeFunc(o){var i=C,a=j;return C=j=void 0,V=o,B=s.apply(a,i)}function shouldInvoke(s){var i=s-U;return void 0===U||i>=o||i<0||Y&&s-V>=L}function timerExpired(){var s=u();if(shouldInvoke(s))return trailingEdge(s);$=setTimeout(timerExpired,function remainingWait(s){var i=o-(s-U);return Y?x(i,L-(s-V)):i}(s))}function trailingEdge(s){return $=void 0,Z&&C?invokeFunc(s):(C=j=void 0,B)}function debounced(){var s=u(),i=shouldInvoke(s);if(C=arguments,j=this,U=s,i){if(void 0===$)return function leadingEdge(s){return V=s,$=setTimeout(timerExpired,o),z?invokeFunc(s):B}(U);if(Y)return clearTimeout($),$=setTimeout(timerExpired,o),invokeFunc(U)}return void 0===$&&($=setTimeout(timerExpired,o)),B}return o=_(o)||0,a(i)&&(z=!!i.leading,L=(Y="maxWait"in i)?w(_(i.maxWait)||0,o):L,Z="trailing"in i?!!i.trailing:Z),debounced.cancel=function cancel(){void 0!==$&&clearTimeout($),V=0,C=U=j=$=void 0},debounced.flush=function flush(){return void 0===$?B:trailingEdge(u())},debounced}},38329:(s,o,i)=>{var a=i(64894);s.exports=function createBaseEach(s,o){return function(i,u){if(null==i)return i;if(!a(i))return s(i,u);for(var _=i.length,w=o?_:-1,x=Object(i);(o?w--:++w<_)&&!1!==u(x[w],w,x););return i}}},38440:(s,o,i)=>{var a=i(16038),u=i(27301),_=i(86009),w=_&&_.isSet,x=w?u(w):a;s.exports=x},38530:s=>{"use strict";s.exports={}},38816:(s,o,i)=>{var a=i(35970),u=i(56757),_=i(32865);s.exports=function flatRest(s){return _(u(s,void 0,a),s+"")}},38859:(s,o,i)=>{var a=i(53661),u=i(31380),_=i(51459);function SetCache(s){var o=-1,i=null==s?0:s.length;for(this.__data__=new a;++o{"use strict";var a=i(76578),u="undefined"==typeof globalThis?i.g:globalThis;s.exports=function availableTypedArrays(){for(var s=[],o=0;o{"use strict";var a=i(46285),u=i(61626);s.exports=function(s,o){a(o)&&"cause"in o&&u(s,"cause",o.cause)}},39298:(s,o,i)=>{"use strict";var a=i(74239),u=Object;s.exports=function(s){return u(a(s))}},39344:(s,o,i)=>{var a=i(23805),u=Object.create,_=function(){function object(){}return function(s){if(!a(s))return{};if(u)return u(s);object.prototype=s;var o=new object;return object.prototype=void 0,o}}();s.exports=_},39447:(s,o,i)=>{"use strict";var a=i(98828);s.exports=!a((function(){return 7!==Object.defineProperty({},1,{get:function(){return 7}})[1]}))},40154:(s,o,i)=>{"use strict";var a=i(13930),u=i(36624),_=i(29367);s.exports=function(s,o,i){var w,x;u(s);try{if(!(w=_(s,"return"))){if("throw"===o)throw i;return i}w=a(w,s)}catch(s){x=!0,w=s}if("throw"===o)throw i;if(x)throw w;return u(w),i}},40239:(s,o,i)=>{const a=i(10316);s.exports=class NumberElement extends a{constructor(s,o,i){super(s,o,i),this.element="number"}primitive(){return"number"}}},40345:(s,o,i)=>{s.exports=i(37007).EventEmitter},40346:s=>{s.exports=function isObjectLike(s){return null!=s&&"object"==typeof s}},40551:(s,o,i)=>{"use strict";var a=i(45951),u=i(62250),_=a.WeakMap;s.exports=u(_)&&/native code/.test(String(_))},40860:(s,o,i)=>{var a=i(40882),u=i(80909),_=i(15389),w=i(85558),x=i(56449);s.exports=function reduce(s,o,i){var C=x(s)?a:w,j=arguments.length<3;return C(s,_(o,4),i,j,u)}},40882:s=>{s.exports=function arrayReduce(s,o,i,a){var u=-1,_=null==s?0:s.length;for(a&&_&&(i=s[++u]);++u<_;)i=o(i,s[u],u,s);return i}},40961:(s,o,i)=>{"use strict";!function checkDCE(){if("undefined"!=typeof __REACT_DEVTOOLS_GLOBAL_HOOK__&&"function"==typeof __REACT_DEVTOOLS_GLOBAL_HOOK__.checkDCE)try{__REACT_DEVTOOLS_GLOBAL_HOOK__.checkDCE(checkDCE)}catch(s){console.error(s)}}(),s.exports=i(22551)},40975:(s,o,i)=>{"use strict";var a=i(9748);s.exports=a},41067:(s,o,i)=>{const a=i(10316);s.exports=class NullElement extends a{constructor(s,o,i){super(s||null,o,i),this.element="null"}primitive(){return"null"}set(){return new Error("Cannot set the value of null")}}},41176:s=>{"use strict";var o=Math.ceil,i=Math.floor;s.exports=Math.trunc||function trunc(s){var a=+s;return(a>0?i:o)(a)}},41237:s=>{"use strict";s.exports=EvalError},41333:s=>{"use strict";s.exports=function hasSymbols(){if("function"!=typeof Symbol||"function"!=typeof Object.getOwnPropertySymbols)return!1;if("symbol"==typeof Symbol.iterator)return!0;var s={},o=Symbol("test"),i=Object(o);if("string"==typeof o)return!1;if("[object Symbol]"!==Object.prototype.toString.call(o))return!1;if("[object Symbol]"!==Object.prototype.toString.call(i))return!1;for(var a in s[o]=42,s)return!1;if("function"==typeof Object.keys&&0!==Object.keys(s).length)return!1;if("function"==typeof Object.getOwnPropertyNames&&0!==Object.getOwnPropertyNames(s).length)return!1;var u=Object.getOwnPropertySymbols(s);if(1!==u.length||u[0]!==o)return!1;if(!Object.prototype.propertyIsEnumerable.call(s,o))return!1;if("function"==typeof Object.getOwnPropertyDescriptor){var _=Object.getOwnPropertyDescriptor(s,o);if(42!==_.value||!0!==_.enumerable)return!1}return!0}},41505:(s,o,i)=>{"use strict";var a=i(98828);s.exports=!a((function(){var s=function(){}.bind();return"function"!=typeof s||s.hasOwnProperty("prototype")}))},41799:(s,o,i)=>{var a=i(37217),u=i(60270);s.exports=function baseIsMatch(s,o,i,_){var w=i.length,x=w,C=!_;if(null==s)return!x;for(s=Object(s);w--;){var j=i[w];if(C&&j[2]?j[1]!==s[j[0]]:!(j[0]in s))return!1}for(;++w{const a=i(27096),u=i(78004),_=a.types;s.exports=class RandExp{constructor(s,o){if(this._setDefaults(s),s instanceof RegExp)this.ignoreCase=s.ignoreCase,this.multiline=s.multiline,s=s.source;else{if("string"!=typeof s)throw new Error("Expected a regexp or string");this.ignoreCase=o&&-1!==o.indexOf("i"),this.multiline=o&&-1!==o.indexOf("m")}this.tokens=a(s)}_setDefaults(s){this.max=null!=s.max?s.max:null!=RandExp.prototype.max?RandExp.prototype.max:100,this.defaultRange=s.defaultRange?s.defaultRange:this.defaultRange.clone(),s.randInt&&(this.randInt=s.randInt)}gen(){return this._gen(this.tokens,[])}_gen(s,o){var i,a,u,w,x;switch(s.type){case _.ROOT:case _.GROUP:if(s.followedBy||s.notFollowedBy)return"";for(s.remember&&void 0===s.groupNumber&&(s.groupNumber=o.push(null)-1),a="",w=0,x=(i=s.options?this._randSelect(s.options):s.stack).length;w{var o="\\ud800-\\udfff",i="["+o+"]",a="[\\u0300-\\u036f\\ufe20-\\ufe2f\\u20d0-\\u20ff]",u="\\ud83c[\\udffb-\\udfff]",_="[^"+o+"]",w="(?:\\ud83c[\\udde6-\\uddff]){2}",x="[\\ud800-\\udbff][\\udc00-\\udfff]",C="(?:"+a+"|"+u+")"+"?",j="[\\ufe0e\\ufe0f]?",L=j+C+("(?:\\u200d(?:"+[_,w,x].join("|")+")"+j+C+")*"),B="(?:"+[_+a+"?",a,w,x,i].join("|")+")",$=RegExp(u+"(?="+u+")|"+B+L,"g");s.exports=function unicodeToArray(s){return s.match($)||[]}},42072:(s,o,i)=>{var a=i(34932),u=i(23007),_=i(56449),w=i(44394),x=i(61802),C=i(77797),j=i(13222);s.exports=function toPath(s){return _(s)?a(s,C):w(s)?[s]:u(x(j(s)))}},42156:s=>{"use strict";s.exports=function(){}},42220:(s,o,i)=>{"use strict";var a=i(39447),u=i(58661),_=i(74284),w=i(36624),x=i(4993),C=i(2875);o.f=a&&!u?Object.defineProperties:function defineProperties(s,o){w(s);for(var i,a=x(o),u=C(o),j=u.length,L=0;j>L;)_.f(s,i=u[L++],a[i]);return s}},42426:(s,o,i)=>{var a=i(14248),u=i(15389),_=i(90916),w=i(56449),x=i(36800);s.exports=function some(s,o,i){var C=w(s)?a:_;return i&&x(s,o,i)&&(o=void 0),C(s,u(o,3))}},42824:(s,o,i)=>{var a=i(87805),u=i(93290),_=i(71961),w=i(23007),x=i(35529),C=i(72428),j=i(56449),L=i(83693),B=i(3656),$=i(1882),U=i(23805),V=i(11331),z=i(37167),Y=i(14974),Z=i(69884);s.exports=function baseMergeDeep(s,o,i,ee,ie,ae,ce){var le=Y(s,i),pe=Y(o,i),de=ce.get(pe);if(de)a(s,i,de);else{var fe=ae?ae(le,pe,i+"",s,o,ce):void 0,ye=void 0===fe;if(ye){var be=j(pe),_e=!be&&B(pe),Se=!be&&!_e&&z(pe);fe=pe,be||_e||Se?j(le)?fe=le:L(le)?fe=w(le):_e?(ye=!1,fe=u(pe,!0)):Se?(ye=!1,fe=_(pe,!0)):fe=[]:V(pe)||C(pe)?(fe=le,C(le)?fe=Z(le):U(le)&&!$(le)||(fe=x(pe))):ye=!1}ye&&(ce.set(pe,fe),ie(fe,pe,ee,ae,ce),ce.delete(pe)),a(s,i,fe)}}},43360:(s,o,i)=>{var a=i(93243);s.exports=function baseAssignValue(s,o,i){"__proto__"==o&&a?a(s,o,{configurable:!0,enumerable:!0,value:i,writable:!0}):s[o]=i}},43768:(s,o,i)=>{"use strict";var a=i(45981),u=i(85587);o.highlight=highlight,o.highlightAuto=function highlightAuto(s,o){var i,w,x,C,j=o||{},L=j.subset||a.listLanguages(),B=j.prefix,$=L.length,U=-1;null==B&&(B=_);if("string"!=typeof s)throw u("Expected `string` for value, got `%s`",s);w={relevance:0,language:null,value:[]},i={relevance:0,language:null,value:[]};for(;++U<$;)C=L[U],a.getLanguage(C)&&((x=highlight(C,s,o)).language=C,x.relevance>w.relevance&&(w=x),x.relevance>i.relevance&&(w=i,i=x));w.language&&(i.secondBest=w);return i},o.registerLanguage=function registerLanguage(s,o){a.registerLanguage(s,o)},o.listLanguages=function listLanguages(){return a.listLanguages()},o.registerAlias=function registerAlias(s,o){var i,u=s;o&&((u={})[s]=o);for(i in u)a.registerAliases(u[i],{languageName:i})},Emitter.prototype.addText=function text(s){var o,i,a=this.stack;if(""===s)return;o=a[a.length-1],(i=o.children[o.children.length-1])&&"text"===i.type?i.value+=s:o.children.push({type:"text",value:s})},Emitter.prototype.addKeyword=function addKeyword(s,o){this.openNode(o),this.addText(s),this.closeNode()},Emitter.prototype.addSublanguage=function addSublanguage(s,o){var i=this.stack,a=i[i.length-1],u=s.rootNode.children,_=o?{type:"element",tagName:"span",properties:{className:[o]},children:u}:u;a.children=a.children.concat(_)},Emitter.prototype.openNode=function open(s){var o=this.stack,i=this.options.classPrefix+s,a=o[o.length-1],u={type:"element",tagName:"span",properties:{className:[i]},children:[]};a.children.push(u),o.push(u)},Emitter.prototype.closeNode=function close(){this.stack.pop()},Emitter.prototype.closeAllNodes=noop,Emitter.prototype.finalize=noop,Emitter.prototype.toHTML=function toHtmlNoop(){return""};var _="hljs-";function highlight(s,o,i){var w,x=a.configure({}),C=(i||{}).prefix;if("string"!=typeof s)throw u("Expected `string` for name, got `%s`",s);if(!a.getLanguage(s))throw u("Unknown language: `%s` is not registered",s);if("string"!=typeof o)throw u("Expected `string` for value, got `%s`",o);if(null==C&&(C=_),a.configure({__emitter:Emitter,classPrefix:C}),w=a.highlight(o,{language:s,ignoreIllegals:!0}),a.configure(x||{}),w.errorRaised)throw w.errorRaised;return{relevance:w.relevance,language:w.language,value:w.emitter.rootNode.children}}function Emitter(s){this.options=s,this.rootNode={children:[]},this.stack=[this.rootNode]}function noop(){}},43838:(s,o,i)=>{var a=i(21791),u=i(37241);s.exports=function baseAssignIn(s,o){return s&&a(o,u(o),s)}},44394:(s,o,i)=>{var a=i(72552),u=i(40346);s.exports=function isSymbol(s){return"symbol"==typeof s||u(s)&&"[object Symbol]"==a(s)}},44673:(s,o,i)=>{"use strict";var a=i(1907),u=i(82159),_=i(46285),w=i(49724),x=i(93427),C=i(41505),j=Function,L=a([].concat),B=a([].join),$={};s.exports=C?j.bind:function bind(s){var o=u(this),i=o.prototype,a=x(arguments,1),C=function bound(){var i=L(a,x(arguments));return this instanceof C?function(s,o,i){if(!w($,o)){for(var a=[],u=0;u{var a=i(1882),u=i(87296),_=i(23805),w=i(47473),x=/^\[object .+?Constructor\]$/,C=Function.prototype,j=Object.prototype,L=C.toString,B=j.hasOwnProperty,$=RegExp("^"+L.call(B).replace(/[\\^$.*+?()[\]{}|]/g,"\\$&").replace(/hasOwnProperty|(function).*?(?=\\\()| for .+?(?=\\\])/g,"$1.*?")+"$");s.exports=function baseIsNative(s){return!(!_(s)||u(s))&&(a(s)?$:x).test(w(s))}},45412:(s,o,i)=>{"use strict";var a,u=i(65606);s.exports=Readable,Readable.ReadableState=ReadableState;i(37007).EventEmitter;var _=function EElistenerCount(s,o){return s.listeners(o).length},w=i(40345),x=i(48287).Buffer,C=(void 0!==i.g?i.g:"undefined"!=typeof window?window:"undefined"!=typeof self?self:{}).Uint8Array||function(){};var j,L=i(79838);j=L&&L.debuglog?L.debuglog("stream"):function debug(){};var B,$,U,V=i(80345),z=i(75896),Y=i(65291).getHighWaterMark,Z=i(86048).F,ee=Z.ERR_INVALID_ARG_TYPE,ie=Z.ERR_STREAM_PUSH_AFTER_EOF,ae=Z.ERR_METHOD_NOT_IMPLEMENTED,ce=Z.ERR_STREAM_UNSHIFT_AFTER_END_EVENT;i(56698)(Readable,w);var le=z.errorOrDestroy,pe=["error","close","destroy","pause","resume"];function ReadableState(s,o,u){a=a||i(25382),s=s||{},"boolean"!=typeof u&&(u=o instanceof a),this.objectMode=!!s.objectMode,u&&(this.objectMode=this.objectMode||!!s.readableObjectMode),this.highWaterMark=Y(this,s,"readableHighWaterMark",u),this.buffer=new V,this.length=0,this.pipes=null,this.pipesCount=0,this.flowing=null,this.ended=!1,this.endEmitted=!1,this.reading=!1,this.sync=!0,this.needReadable=!1,this.emittedReadable=!1,this.readableListening=!1,this.resumeScheduled=!1,this.paused=!0,this.emitClose=!1!==s.emitClose,this.autoDestroy=!!s.autoDestroy,this.destroyed=!1,this.defaultEncoding=s.defaultEncoding||"utf8",this.awaitDrain=0,this.readingMore=!1,this.decoder=null,this.encoding=null,s.encoding&&(B||(B=i(83141).I),this.decoder=new B(s.encoding),this.encoding=s.encoding)}function Readable(s){if(a=a||i(25382),!(this instanceof Readable))return new Readable(s);var o=this instanceof a;this._readableState=new ReadableState(s,this,o),this.readable=!0,s&&("function"==typeof s.read&&(this._read=s.read),"function"==typeof s.destroy&&(this._destroy=s.destroy)),w.call(this)}function readableAddChunk(s,o,i,a,u){j("readableAddChunk",o);var _,w=s._readableState;if(null===o)w.reading=!1,function onEofChunk(s,o){if(j("onEofChunk"),o.ended)return;if(o.decoder){var i=o.decoder.end();i&&i.length&&(o.buffer.push(i),o.length+=o.objectMode?1:i.length)}o.ended=!0,o.sync?emitReadable(s):(o.needReadable=!1,o.emittedReadable||(o.emittedReadable=!0,emitReadable_(s)))}(s,w);else if(u||(_=function chunkInvalid(s,o){var i;(function _isUint8Array(s){return x.isBuffer(s)||s instanceof C})(o)||"string"==typeof o||void 0===o||s.objectMode||(i=new ee("chunk",["string","Buffer","Uint8Array"],o));return i}(w,o)),_)le(s,_);else if(w.objectMode||o&&o.length>0)if("string"==typeof o||w.objectMode||Object.getPrototypeOf(o)===x.prototype||(o=function _uint8ArrayToBuffer(s){return x.from(s)}(o)),a)w.endEmitted?le(s,new ce):addChunk(s,w,o,!0);else if(w.ended)le(s,new ie);else{if(w.destroyed)return!1;w.reading=!1,w.decoder&&!i?(o=w.decoder.write(o),w.objectMode||0!==o.length?addChunk(s,w,o,!1):maybeReadMore(s,w)):addChunk(s,w,o,!1)}else a||(w.reading=!1,maybeReadMore(s,w));return!w.ended&&(w.lengtho.highWaterMark&&(o.highWaterMark=function computeNewHighWaterMark(s){return s>=de?s=de:(s--,s|=s>>>1,s|=s>>>2,s|=s>>>4,s|=s>>>8,s|=s>>>16,s++),s}(s)),s<=o.length?s:o.ended?o.length:(o.needReadable=!0,0))}function emitReadable(s){var o=s._readableState;j("emitReadable",o.needReadable,o.emittedReadable),o.needReadable=!1,o.emittedReadable||(j("emitReadable",o.flowing),o.emittedReadable=!0,u.nextTick(emitReadable_,s))}function emitReadable_(s){var o=s._readableState;j("emitReadable_",o.destroyed,o.length,o.ended),o.destroyed||!o.length&&!o.ended||(s.emit("readable"),o.emittedReadable=!1),o.needReadable=!o.flowing&&!o.ended&&o.length<=o.highWaterMark,flow(s)}function maybeReadMore(s,o){o.readingMore||(o.readingMore=!0,u.nextTick(maybeReadMore_,s,o))}function maybeReadMore_(s,o){for(;!o.reading&&!o.ended&&(o.length0,o.resumeScheduled&&!o.paused?o.flowing=!0:s.listenerCount("data")>0&&s.resume()}function nReadingNextTick(s){j("readable nexttick read 0"),s.read(0)}function resume_(s,o){j("resume",o.reading),o.reading||s.read(0),o.resumeScheduled=!1,s.emit("resume"),flow(s),o.flowing&&!o.reading&&s.read(0)}function flow(s){var o=s._readableState;for(j("flow",o.flowing);o.flowing&&null!==s.read(););}function fromList(s,o){return 0===o.length?null:(o.objectMode?i=o.buffer.shift():!s||s>=o.length?(i=o.decoder?o.buffer.join(""):1===o.buffer.length?o.buffer.first():o.buffer.concat(o.length),o.buffer.clear()):i=o.buffer.consume(s,o.decoder),i);var i}function endReadable(s){var o=s._readableState;j("endReadable",o.endEmitted),o.endEmitted||(o.ended=!0,u.nextTick(endReadableNT,o,s))}function endReadableNT(s,o){if(j("endReadableNT",s.endEmitted,s.length),!s.endEmitted&&0===s.length&&(s.endEmitted=!0,o.readable=!1,o.emit("end"),s.autoDestroy)){var i=o._writableState;(!i||i.autoDestroy&&i.finished)&&o.destroy()}}function indexOf(s,o){for(var i=0,a=s.length;i=o.highWaterMark:o.length>0)||o.ended))return j("read: emitReadable",o.length,o.ended),0===o.length&&o.ended?endReadable(this):emitReadable(this),null;if(0===(s=howMuchToRead(s,o))&&o.ended)return 0===o.length&&endReadable(this),null;var a,u=o.needReadable;return j("need readable",u),(0===o.length||o.length-s0?fromList(s,o):null)?(o.needReadable=o.length<=o.highWaterMark,s=0):(o.length-=s,o.awaitDrain=0),0===o.length&&(o.ended||(o.needReadable=!0),i!==s&&o.ended&&endReadable(this)),null!==a&&this.emit("data",a),a},Readable.prototype._read=function(s){le(this,new ae("_read()"))},Readable.prototype.pipe=function(s,o){var i=this,a=this._readableState;switch(a.pipesCount){case 0:a.pipes=s;break;case 1:a.pipes=[a.pipes,s];break;default:a.pipes.push(s)}a.pipesCount+=1,j("pipe count=%d opts=%j",a.pipesCount,o);var w=(!o||!1!==o.end)&&s!==u.stdout&&s!==u.stderr?onend:unpipe;function onunpipe(o,u){j("onunpipe"),o===i&&u&&!1===u.hasUnpiped&&(u.hasUnpiped=!0,function cleanup(){j("cleanup"),s.removeListener("close",onclose),s.removeListener("finish",onfinish),s.removeListener("drain",x),s.removeListener("error",onerror),s.removeListener("unpipe",onunpipe),i.removeListener("end",onend),i.removeListener("end",unpipe),i.removeListener("data",ondata),C=!0,!a.awaitDrain||s._writableState&&!s._writableState.needDrain||x()}())}function onend(){j("onend"),s.end()}a.endEmitted?u.nextTick(w):i.once("end",w),s.on("unpipe",onunpipe);var x=function pipeOnDrain(s){return function pipeOnDrainFunctionResult(){var o=s._readableState;j("pipeOnDrain",o.awaitDrain),o.awaitDrain&&o.awaitDrain--,0===o.awaitDrain&&_(s,"data")&&(o.flowing=!0,flow(s))}}(i);s.on("drain",x);var C=!1;function ondata(o){j("ondata");var u=s.write(o);j("dest.write",u),!1===u&&((1===a.pipesCount&&a.pipes===s||a.pipesCount>1&&-1!==indexOf(a.pipes,s))&&!C&&(j("false write response, pause",a.awaitDrain),a.awaitDrain++),i.pause())}function onerror(o){j("onerror",o),unpipe(),s.removeListener("error",onerror),0===_(s,"error")&&le(s,o)}function onclose(){s.removeListener("finish",onfinish),unpipe()}function onfinish(){j("onfinish"),s.removeListener("close",onclose),unpipe()}function unpipe(){j("unpipe"),i.unpipe(s)}return i.on("data",ondata),function prependListener(s,o,i){if("function"==typeof s.prependListener)return s.prependListener(o,i);s._events&&s._events[o]?Array.isArray(s._events[o])?s._events[o].unshift(i):s._events[o]=[i,s._events[o]]:s.on(o,i)}(s,"error",onerror),s.once("close",onclose),s.once("finish",onfinish),s.emit("pipe",i),a.flowing||(j("pipe resume"),i.resume()),s},Readable.prototype.unpipe=function(s){var o=this._readableState,i={hasUnpiped:!1};if(0===o.pipesCount)return this;if(1===o.pipesCount)return s&&s!==o.pipes||(s||(s=o.pipes),o.pipes=null,o.pipesCount=0,o.flowing=!1,s&&s.emit("unpipe",this,i)),this;if(!s){var a=o.pipes,u=o.pipesCount;o.pipes=null,o.pipesCount=0,o.flowing=!1;for(var _=0;_0,!1!==a.flowing&&this.resume()):"readable"===s&&(a.endEmitted||a.readableListening||(a.readableListening=a.needReadable=!0,a.flowing=!1,a.emittedReadable=!1,j("on readable",a.length,a.reading),a.length?emitReadable(this):a.reading||u.nextTick(nReadingNextTick,this))),i},Readable.prototype.addListener=Readable.prototype.on,Readable.prototype.removeListener=function(s,o){var i=w.prototype.removeListener.call(this,s,o);return"readable"===s&&u.nextTick(updateReadableListening,this),i},Readable.prototype.removeAllListeners=function(s){var o=w.prototype.removeAllListeners.apply(this,arguments);return"readable"!==s&&void 0!==s||u.nextTick(updateReadableListening,this),o},Readable.prototype.resume=function(){var s=this._readableState;return s.flowing||(j("resume"),s.flowing=!s.readableListening,function resume(s,o){o.resumeScheduled||(o.resumeScheduled=!0,u.nextTick(resume_,s,o))}(this,s)),s.paused=!1,this},Readable.prototype.pause=function(){return j("call pause flowing=%j",this._readableState.flowing),!1!==this._readableState.flowing&&(j("pause"),this._readableState.flowing=!1,this.emit("pause")),this._readableState.paused=!0,this},Readable.prototype.wrap=function(s){var o=this,i=this._readableState,a=!1;for(var u in s.on("end",(function(){if(j("wrapped end"),i.decoder&&!i.ended){var s=i.decoder.end();s&&s.length&&o.push(s)}o.push(null)})),s.on("data",(function(u){(j("wrapped data"),i.decoder&&(u=i.decoder.write(u)),i.objectMode&&null==u)||(i.objectMode||u&&u.length)&&(o.push(u)||(a=!0,s.pause()))})),s)void 0===this[u]&&"function"==typeof s[u]&&(this[u]=function methodWrap(o){return function methodWrapReturnFunction(){return s[o].apply(s,arguments)}}(u));for(var _=0;_{var o=/[a-z][A-Z]|[A-Z]{2}[a-z]|[0-9][a-zA-Z]|[a-zA-Z][0-9]|[^a-zA-Z0-9 ]/;s.exports=function hasUnicodeWord(s){return o.test(s)}},45539:(s,o,i)=>{var a=i(40882),u=i(50828),_=i(66645),w=RegExp("['’]","g");s.exports=function createCompounder(s){return function(o){return a(_(u(o).replace(w,"")),s,"")}}},45807:(s,o,i)=>{"use strict";var a=i(1907),u=a({}.toString),_=a("".slice);s.exports=function(s){return _(u(s),8,-1)}},45891:(s,o,i)=>{var a=i(51873),u=i(72428),_=i(56449),w=a?a.isConcatSpreadable:void 0;s.exports=function isFlattenable(s){return _(s)||u(s)||!!(w&&s&&s[w])}},45951:function(s,o,i){"use strict";var check=function(s){return s&&s.Math===Math&&s};s.exports=check("object"==typeof globalThis&&globalThis)||check("object"==typeof window&&window)||check("object"==typeof self&&self)||check("object"==typeof i.g&&i.g)||check("object"==typeof this&&this)||function(){return this}()||Function("return this")()},45981:s=>{function deepFreeze(s){return s instanceof Map?s.clear=s.delete=s.set=function(){throw new Error("map is read-only")}:s instanceof Set&&(s.add=s.clear=s.delete=function(){throw new Error("set is read-only")}),Object.freeze(s),Object.getOwnPropertyNames(s).forEach((function(o){var i=s[o];"object"!=typeof i||Object.isFrozen(i)||deepFreeze(i)})),s}var o=deepFreeze,i=deepFreeze;o.default=i;class Response{constructor(s){void 0===s.data&&(s.data={}),this.data=s.data,this.isMatchIgnored=!1}ignoreMatch(){this.isMatchIgnored=!0}}function escapeHTML(s){return s.replace(/&/g,"&").replace(//g,">").replace(/"/g,""").replace(/'/g,"'")}function inherit(s,...o){const i=Object.create(null);for(const o in s)i[o]=s[o];return o.forEach((function(s){for(const o in s)i[o]=s[o]})),i}const emitsWrappingTags=s=>!!s.kind;class HTMLRenderer{constructor(s,o){this.buffer="",this.classPrefix=o.classPrefix,s.walk(this)}addText(s){this.buffer+=escapeHTML(s)}openNode(s){if(!emitsWrappingTags(s))return;let o=s.kind;s.sublanguage||(o=`${this.classPrefix}${o}`),this.span(o)}closeNode(s){emitsWrappingTags(s)&&(this.buffer+="")}value(){return this.buffer}span(s){this.buffer+=``}}class TokenTree{constructor(){this.rootNode={children:[]},this.stack=[this.rootNode]}get top(){return this.stack[this.stack.length-1]}get root(){return this.rootNode}add(s){this.top.children.push(s)}openNode(s){const o={kind:s,children:[]};this.add(o),this.stack.push(o)}closeNode(){if(this.stack.length>1)return this.stack.pop()}closeAllNodes(){for(;this.closeNode(););}toJSON(){return JSON.stringify(this.rootNode,null,4)}walk(s){return this.constructor._walk(s,this.rootNode)}static _walk(s,o){return"string"==typeof o?s.addText(o):o.children&&(s.openNode(o),o.children.forEach((o=>this._walk(s,o))),s.closeNode(o)),s}static _collapse(s){"string"!=typeof s&&s.children&&(s.children.every((s=>"string"==typeof s))?s.children=[s.children.join("")]:s.children.forEach((s=>{TokenTree._collapse(s)})))}}class TokenTreeEmitter extends TokenTree{constructor(s){super(),this.options=s}addKeyword(s,o){""!==s&&(this.openNode(o),this.addText(s),this.closeNode())}addText(s){""!==s&&this.add(s)}addSublanguage(s,o){const i=s.root;i.kind=o,i.sublanguage=!0,this.add(i)}toHTML(){return new HTMLRenderer(this,this.options).value()}finalize(){return!0}}function source(s){return s?"string"==typeof s?s:s.source:null}const a=/\[(?:[^\\\]]|\\.)*\]|\(\??|\\([1-9][0-9]*)|\\./;const u="[a-zA-Z]\\w*",_="[a-zA-Z_]\\w*",w="\\b\\d+(\\.\\d+)?",x="(-?)(\\b0[xX][a-fA-F0-9]+|(\\b\\d+(\\.\\d*)?|\\.\\d+)([eE][-+]?\\d+)?)",C="\\b(0b[01]+)",j={begin:"\\\\[\\s\\S]",relevance:0},L={className:"string",begin:"'",end:"'",illegal:"\\n",contains:[j]},B={className:"string",begin:'"',end:'"',illegal:"\\n",contains:[j]},$={begin:/\b(a|an|the|are|I'm|isn't|don't|doesn't|won't|but|just|should|pretty|simply|enough|gonna|going|wtf|so|such|will|you|your|they|like|more)\b/},COMMENT=function(s,o,i={}){const a=inherit({className:"comment",begin:s,end:o,contains:[]},i);return a.contains.push($),a.contains.push({className:"doctag",begin:"(?:TODO|FIXME|NOTE|BUG|OPTIMIZE|HACK|XXX):",relevance:0}),a},U=COMMENT("//","$"),V=COMMENT("/\\*","\\*/"),z=COMMENT("#","$"),Y={className:"number",begin:w,relevance:0},Z={className:"number",begin:x,relevance:0},ee={className:"number",begin:C,relevance:0},ie={className:"number",begin:w+"(%|em|ex|ch|rem|vw|vh|vmin|vmax|cm|mm|in|pt|pc|px|deg|grad|rad|turn|s|ms|Hz|kHz|dpi|dpcm|dppx)?",relevance:0},ae={begin:/(?=\/[^/\n]*\/)/,contains:[{className:"regexp",begin:/\//,end:/\/[gimuy]*/,illegal:/\n/,contains:[j,{begin:/\[/,end:/\]/,relevance:0,contains:[j]}]}]},ce={className:"title",begin:u,relevance:0},le={className:"title",begin:_,relevance:0},pe={begin:"\\.\\s*"+_,relevance:0};var de=Object.freeze({__proto__:null,MATCH_NOTHING_RE:/\b\B/,IDENT_RE:u,UNDERSCORE_IDENT_RE:_,NUMBER_RE:w,C_NUMBER_RE:x,BINARY_NUMBER_RE:C,RE_STARTERS_RE:"!|!=|!==|%|%=|&|&&|&=|\\*|\\*=|\\+|\\+=|,|-|-=|/=|/|:|;|<<|<<=|<=|<|===|==|=|>>>=|>>=|>=|>>>|>>|>|\\?|\\[|\\{|\\(|\\^|\\^=|\\||\\|=|\\|\\||~",SHEBANG:(s={})=>{const o=/^#![ ]*\//;return s.binary&&(s.begin=function concat(...s){return s.map((s=>source(s))).join("")}(o,/.*\b/,s.binary,/\b.*/)),inherit({className:"meta",begin:o,end:/$/,relevance:0,"on:begin":(s,o)=>{0!==s.index&&o.ignoreMatch()}},s)},BACKSLASH_ESCAPE:j,APOS_STRING_MODE:L,QUOTE_STRING_MODE:B,PHRASAL_WORDS_MODE:$,COMMENT,C_LINE_COMMENT_MODE:U,C_BLOCK_COMMENT_MODE:V,HASH_COMMENT_MODE:z,NUMBER_MODE:Y,C_NUMBER_MODE:Z,BINARY_NUMBER_MODE:ee,CSS_NUMBER_MODE:ie,REGEXP_MODE:ae,TITLE_MODE:ce,UNDERSCORE_TITLE_MODE:le,METHOD_GUARD:pe,END_SAME_AS_BEGIN:function(s){return Object.assign(s,{"on:begin":(s,o)=>{o.data._beginMatch=s[1]},"on:end":(s,o)=>{o.data._beginMatch!==s[1]&&o.ignoreMatch()}})}});function skipIfhasPrecedingDot(s,o){"."===s.input[s.index-1]&&o.ignoreMatch()}function beginKeywords(s,o){o&&s.beginKeywords&&(s.begin="\\b("+s.beginKeywords.split(" ").join("|")+")(?!\\.)(?=\\b|\\s)",s.__beforeBegin=skipIfhasPrecedingDot,s.keywords=s.keywords||s.beginKeywords,delete s.beginKeywords,void 0===s.relevance&&(s.relevance=0))}function compileIllegal(s,o){Array.isArray(s.illegal)&&(s.illegal=function either(...s){return"("+s.map((s=>source(s))).join("|")+")"}(...s.illegal))}function compileMatch(s,o){if(s.match){if(s.begin||s.end)throw new Error("begin & end are not supported with match");s.begin=s.match,delete s.match}}function compileRelevance(s,o){void 0===s.relevance&&(s.relevance=1)}const fe=["of","and","for","in","not","or","if","then","parent","list","value"];function compileKeywords(s,o,i="keyword"){const a={};return"string"==typeof s?compileList(i,s.split(" ")):Array.isArray(s)?compileList(i,s):Object.keys(s).forEach((function(i){Object.assign(a,compileKeywords(s[i],o,i))})),a;function compileList(s,i){o&&(i=i.map((s=>s.toLowerCase()))),i.forEach((function(o){const i=o.split("|");a[i[0]]=[s,scoreForKeyword(i[0],i[1])]}))}}function scoreForKeyword(s,o){return o?Number(o):function commonKeyword(s){return fe.includes(s.toLowerCase())}(s)?0:1}function compileLanguage(s,{plugins:o}){function langRe(o,i){return new RegExp(source(o),"m"+(s.case_insensitive?"i":"")+(i?"g":""))}class MultiRegex{constructor(){this.matchIndexes={},this.regexes=[],this.matchAt=1,this.position=0}addRule(s,o){o.position=this.position++,this.matchIndexes[this.matchAt]=o,this.regexes.push([o,s]),this.matchAt+=function countMatchGroups(s){return new RegExp(s.toString()+"|").exec("").length-1}(s)+1}compile(){0===this.regexes.length&&(this.exec=()=>null);const s=this.regexes.map((s=>s[1]));this.matcherRe=langRe(function join(s,o="|"){let i=0;return s.map((s=>{i+=1;const o=i;let u=source(s),_="";for(;u.length>0;){const s=a.exec(u);if(!s){_+=u;break}_+=u.substring(0,s.index),u=u.substring(s.index+s[0].length),"\\"===s[0][0]&&s[1]?_+="\\"+String(Number(s[1])+o):(_+=s[0],"("===s[0]&&i++)}return _})).map((s=>`(${s})`)).join(o)}(s),!0),this.lastIndex=0}exec(s){this.matcherRe.lastIndex=this.lastIndex;const o=this.matcherRe.exec(s);if(!o)return null;const i=o.findIndex(((s,o)=>o>0&&void 0!==s)),a=this.matchIndexes[i];return o.splice(0,i),Object.assign(o,a)}}class ResumableMultiRegex{constructor(){this.rules=[],this.multiRegexes=[],this.count=0,this.lastIndex=0,this.regexIndex=0}getMatcher(s){if(this.multiRegexes[s])return this.multiRegexes[s];const o=new MultiRegex;return this.rules.slice(s).forEach((([s,i])=>o.addRule(s,i))),o.compile(),this.multiRegexes[s]=o,o}resumingScanAtSamePosition(){return 0!==this.regexIndex}considerAll(){this.regexIndex=0}addRule(s,o){this.rules.push([s,o]),"begin"===o.type&&this.count++}exec(s){const o=this.getMatcher(this.regexIndex);o.lastIndex=this.lastIndex;let i=o.exec(s);if(this.resumingScanAtSamePosition())if(i&&i.index===this.lastIndex);else{const o=this.getMatcher(0);o.lastIndex=this.lastIndex+1,i=o.exec(s)}return i&&(this.regexIndex+=i.position+1,this.regexIndex===this.count&&this.considerAll()),i}}if(s.compilerExtensions||(s.compilerExtensions=[]),s.contains&&s.contains.includes("self"))throw new Error("ERR: contains `self` is not supported at the top-level of a language. See documentation.");return s.classNameAliases=inherit(s.classNameAliases||{}),function compileMode(o,i){const a=o;if(o.isCompiled)return a;[compileMatch].forEach((s=>s(o,i))),s.compilerExtensions.forEach((s=>s(o,i))),o.__beforeBegin=null,[beginKeywords,compileIllegal,compileRelevance].forEach((s=>s(o,i))),o.isCompiled=!0;let u=null;if("object"==typeof o.keywords&&(u=o.keywords.$pattern,delete o.keywords.$pattern),o.keywords&&(o.keywords=compileKeywords(o.keywords,s.case_insensitive)),o.lexemes&&u)throw new Error("ERR: Prefer `keywords.$pattern` to `mode.lexemes`, BOTH are not allowed. (see mode reference) ");return u=u||o.lexemes||/\w+/,a.keywordPatternRe=langRe(u,!0),i&&(o.begin||(o.begin=/\B|\b/),a.beginRe=langRe(o.begin),o.endSameAsBegin&&(o.end=o.begin),o.end||o.endsWithParent||(o.end=/\B|\b/),o.end&&(a.endRe=langRe(o.end)),a.terminatorEnd=source(o.end)||"",o.endsWithParent&&i.terminatorEnd&&(a.terminatorEnd+=(o.end?"|":"")+i.terminatorEnd)),o.illegal&&(a.illegalRe=langRe(o.illegal)),o.contains||(o.contains=[]),o.contains=[].concat(...o.contains.map((function(s){return function expandOrCloneMode(s){s.variants&&!s.cachedVariants&&(s.cachedVariants=s.variants.map((function(o){return inherit(s,{variants:null},o)})));if(s.cachedVariants)return s.cachedVariants;if(dependencyOnParent(s))return inherit(s,{starts:s.starts?inherit(s.starts):null});if(Object.isFrozen(s))return inherit(s);return s}("self"===s?o:s)}))),o.contains.forEach((function(s){compileMode(s,a)})),o.starts&&compileMode(o.starts,i),a.matcher=function buildModeRegex(s){const o=new ResumableMultiRegex;return s.contains.forEach((s=>o.addRule(s.begin,{rule:s,type:"begin"}))),s.terminatorEnd&&o.addRule(s.terminatorEnd,{type:"end"}),s.illegal&&o.addRule(s.illegal,{type:"illegal"}),o}(a),a}(s)}function dependencyOnParent(s){return!!s&&(s.endsWithParent||dependencyOnParent(s.starts))}function BuildVuePlugin(s){const o={props:["language","code","autodetect"],data:function(){return{detectedLanguage:"",unknownLanguage:!1}},computed:{className(){return this.unknownLanguage?"":"hljs "+this.detectedLanguage},highlighted(){if(!this.autoDetect&&!s.getLanguage(this.language))return console.warn(`The language "${this.language}" you specified could not be found.`),this.unknownLanguage=!0,escapeHTML(this.code);let o={};return this.autoDetect?(o=s.highlightAuto(this.code),this.detectedLanguage=o.language):(o=s.highlight(this.language,this.code,this.ignoreIllegals),this.detectedLanguage=this.language),o.value},autoDetect(){return!this.language||function hasValueOrEmptyAttribute(s){return Boolean(s||""===s)}(this.autodetect)},ignoreIllegals:()=>!0},render(s){return s("pre",{},[s("code",{class:this.className,domProps:{innerHTML:this.highlighted}})])}};return{Component:o,VuePlugin:{install(s){s.component("highlightjs",o)}}}}const ye={"after:highlightElement":({el:s,result:o,text:i})=>{const a=nodeStream(s);if(!a.length)return;const u=document.createElement("div");u.innerHTML=o.value,o.value=function mergeStreams(s,o,i){let a=0,u="";const _=[];function selectStream(){return s.length&&o.length?s[0].offset!==o[0].offset?s[0].offset"}function close(s){u+=""}function render(s){("start"===s.event?open:close)(s.node)}for(;s.length||o.length;){let o=selectStream();if(u+=escapeHTML(i.substring(a,o[0].offset)),a=o[0].offset,o===s){_.reverse().forEach(close);do{render(o.splice(0,1)[0]),o=selectStream()}while(o===s&&o.length&&o[0].offset===a);_.reverse().forEach(open)}else"start"===o[0].event?_.push(o[0].node):_.pop(),render(o.splice(0,1)[0])}return u+escapeHTML(i.substr(a))}(a,nodeStream(u),i)}};function tag(s){return s.nodeName.toLowerCase()}function nodeStream(s){const o=[];return function _nodeStream(s,i){for(let a=s.firstChild;a;a=a.nextSibling)3===a.nodeType?i+=a.nodeValue.length:1===a.nodeType&&(o.push({event:"start",offset:i,node:a}),i=_nodeStream(a,i),tag(a).match(/br|hr|img|input/)||o.push({event:"stop",offset:i,node:a}));return i}(s,0),o}const be={},error=s=>{console.error(s)},warn=(s,...o)=>{console.log(`WARN: ${s}`,...o)},deprecated=(s,o)=>{be[`${s}/${o}`]||(console.log(`Deprecated as of ${s}. ${o}`),be[`${s}/${o}`]=!0)},_e=escapeHTML,Se=inherit,we=Symbol("nomatch");var xe=function(s){const i=Object.create(null),a=Object.create(null),u=[];let _=!0;const w=/(^(<[^>]+>|\t|)+|\n)/gm,x="Could not find the language '{}', did you forget to load/include a language module?",C={disableAutodetect:!0,name:"Plain text",contains:[]};let j={noHighlightRe:/^(no-?highlight)$/i,languageDetectRe:/\blang(?:uage)?-([\w-]+)\b/i,classPrefix:"hljs-",tabReplace:null,useBR:!1,languages:null,__emitter:TokenTreeEmitter};function shouldNotHighlight(s){return j.noHighlightRe.test(s)}function highlight(s,o,i,a){let u="",_="";"object"==typeof o?(u=s,i=o.ignoreIllegals,_=o.language,a=void 0):(deprecated("10.7.0","highlight(lang, code, ...args) has been deprecated."),deprecated("10.7.0","Please use highlight(code, options) instead.\nhttps://github.com/highlightjs/highlight.js/issues/2277"),_=s,u=o);const w={code:u,language:_};fire("before:highlight",w);const x=w.result?w.result:_highlight(w.language,w.code,i,a);return x.code=w.code,fire("after:highlight",x),x}function _highlight(s,o,a,w){function keywordData(s,o){const i=L.case_insensitive?o[0].toLowerCase():o[0];return Object.prototype.hasOwnProperty.call(s.keywords,i)&&s.keywords[i]}function processBuffer(){null!=U.subLanguage?function processSubLanguage(){if(""===Y)return;let s=null;if("string"==typeof U.subLanguage){if(!i[U.subLanguage])return void z.addText(Y);s=_highlight(U.subLanguage,Y,!0,V[U.subLanguage]),V[U.subLanguage]=s.top}else s=highlightAuto(Y,U.subLanguage.length?U.subLanguage:null);U.relevance>0&&(Z+=s.relevance),z.addSublanguage(s.emitter,s.language)}():function processKeywords(){if(!U.keywords)return void z.addText(Y);let s=0;U.keywordPatternRe.lastIndex=0;let o=U.keywordPatternRe.exec(Y),i="";for(;o;){i+=Y.substring(s,o.index);const a=keywordData(U,o);if(a){const[s,u]=a;if(z.addText(i),i="",Z+=u,s.startsWith("_"))i+=o[0];else{const i=L.classNameAliases[s]||s;z.addKeyword(o[0],i)}}else i+=o[0];s=U.keywordPatternRe.lastIndex,o=U.keywordPatternRe.exec(Y)}i+=Y.substr(s),z.addText(i)}(),Y=""}function startNewMode(s){return s.className&&z.openNode(L.classNameAliases[s.className]||s.className),U=Object.create(s,{parent:{value:U}}),U}function endOfMode(s,o,i){let a=function startsWith(s,o){const i=s&&s.exec(o);return i&&0===i.index}(s.endRe,i);if(a){if(s["on:end"]){const i=new Response(s);s["on:end"](o,i),i.isMatchIgnored&&(a=!1)}if(a){for(;s.endsParent&&s.parent;)s=s.parent;return s}}if(s.endsWithParent)return endOfMode(s.parent,o,i)}function doIgnore(s){return 0===U.matcher.regexIndex?(Y+=s[0],1):(ae=!0,0)}function doBeginMatch(s){const o=s[0],i=s.rule,a=new Response(i),u=[i.__beforeBegin,i["on:begin"]];for(const i of u)if(i&&(i(s,a),a.isMatchIgnored))return doIgnore(o);return i&&i.endSameAsBegin&&(i.endRe=function escape(s){return new RegExp(s.replace(/[-/\\^$*+?.()|[\]{}]/g,"\\$&"),"m")}(o)),i.skip?Y+=o:(i.excludeBegin&&(Y+=o),processBuffer(),i.returnBegin||i.excludeBegin||(Y=o)),startNewMode(i),i.returnBegin?0:o.length}function doEndMatch(s){const i=s[0],a=o.substr(s.index),u=endOfMode(U,s,a);if(!u)return we;const _=U;_.skip?Y+=i:(_.returnEnd||_.excludeEnd||(Y+=i),processBuffer(),_.excludeEnd&&(Y=i));do{U.className&&z.closeNode(),U.skip||U.subLanguage||(Z+=U.relevance),U=U.parent}while(U!==u.parent);return u.starts&&(u.endSameAsBegin&&(u.starts.endRe=u.endRe),startNewMode(u.starts)),_.returnEnd?0:i.length}let C={};function processLexeme(i,u){const w=u&&u[0];if(Y+=i,null==w)return processBuffer(),0;if("begin"===C.type&&"end"===u.type&&C.index===u.index&&""===w){if(Y+=o.slice(u.index,u.index+1),!_){const o=new Error("0 width match regex");throw o.languageName=s,o.badRule=C.rule,o}return 1}if(C=u,"begin"===u.type)return doBeginMatch(u);if("illegal"===u.type&&!a){const s=new Error('Illegal lexeme "'+w+'" for mode "'+(U.className||"")+'"');throw s.mode=U,s}if("end"===u.type){const s=doEndMatch(u);if(s!==we)return s}if("illegal"===u.type&&""===w)return 1;if(ie>1e5&&ie>3*u.index){throw new Error("potential infinite loop, way more iterations than matches")}return Y+=w,w.length}const L=getLanguage(s);if(!L)throw error(x.replace("{}",s)),new Error('Unknown language: "'+s+'"');const B=compileLanguage(L,{plugins:u});let $="",U=w||B;const V={},z=new j.__emitter(j);!function processContinuations(){const s=[];for(let o=U;o!==L;o=o.parent)o.className&&s.unshift(o.className);s.forEach((s=>z.openNode(s)))}();let Y="",Z=0,ee=0,ie=0,ae=!1;try{for(U.matcher.considerAll();;){ie++,ae?ae=!1:U.matcher.considerAll(),U.matcher.lastIndex=ee;const s=U.matcher.exec(o);if(!s)break;const i=processLexeme(o.substring(ee,s.index),s);ee=s.index+i}return processLexeme(o.substr(ee)),z.closeAllNodes(),z.finalize(),$=z.toHTML(),{relevance:Math.floor(Z),value:$,language:s,illegal:!1,emitter:z,top:U}}catch(i){if(i.message&&i.message.includes("Illegal"))return{illegal:!0,illegalBy:{msg:i.message,context:o.slice(ee-100,ee+100),mode:i.mode},sofar:$,relevance:0,value:_e(o),emitter:z};if(_)return{illegal:!1,relevance:0,value:_e(o),emitter:z,language:s,top:U,errorRaised:i};throw i}}function highlightAuto(s,o){o=o||j.languages||Object.keys(i);const a=function justTextHighlightResult(s){const o={relevance:0,emitter:new j.__emitter(j),value:_e(s),illegal:!1,top:C};return o.emitter.addText(s),o}(s),u=o.filter(getLanguage).filter(autoDetection).map((o=>_highlight(o,s,!1)));u.unshift(a);const _=u.sort(((s,o)=>{if(s.relevance!==o.relevance)return o.relevance-s.relevance;if(s.language&&o.language){if(getLanguage(s.language).supersetOf===o.language)return 1;if(getLanguage(o.language).supersetOf===s.language)return-1}return 0})),[w,x]=_,L=w;return L.second_best=x,L}const L={"before:highlightElement":({el:s})=>{j.useBR&&(s.innerHTML=s.innerHTML.replace(/\n/g,"").replace(//g,"\n"))},"after:highlightElement":({result:s})=>{j.useBR&&(s.value=s.value.replace(/\n/g,"
"))}},B=/^(<[^>]+>|\t)+/gm,$={"after:highlightElement":({result:s})=>{j.tabReplace&&(s.value=s.value.replace(B,(s=>s.replace(/\t/g,j.tabReplace))))}};function highlightElement(s){let o=null;const i=function blockLanguage(s){let o=s.className+" ";o+=s.parentNode?s.parentNode.className:"";const i=j.languageDetectRe.exec(o);if(i){const o=getLanguage(i[1]);return o||(warn(x.replace("{}",i[1])),warn("Falling back to no-highlight mode for this block.",s)),o?i[1]:"no-highlight"}return o.split(/\s+/).find((s=>shouldNotHighlight(s)||getLanguage(s)))}(s);if(shouldNotHighlight(i))return;fire("before:highlightElement",{el:s,language:i}),o=s;const u=o.textContent,_=i?highlight(u,{language:i,ignoreIllegals:!0}):highlightAuto(u);fire("after:highlightElement",{el:s,result:_,text:u}),s.innerHTML=_.value,function updateClassName(s,o,i){const u=o?a[o]:i;s.classList.add("hljs"),u&&s.classList.add(u)}(s,i,_.language),s.result={language:_.language,re:_.relevance,relavance:_.relevance},_.second_best&&(s.second_best={language:_.second_best.language,re:_.second_best.relevance,relavance:_.second_best.relevance})}const initHighlighting=()=>{if(initHighlighting.called)return;initHighlighting.called=!0,deprecated("10.6.0","initHighlighting() is deprecated. Use highlightAll() instead.");document.querySelectorAll("pre code").forEach(highlightElement)};let U=!1;function highlightAll(){if("loading"===document.readyState)return void(U=!0);document.querySelectorAll("pre code").forEach(highlightElement)}function getLanguage(s){return s=(s||"").toLowerCase(),i[s]||i[a[s]]}function registerAliases(s,{languageName:o}){"string"==typeof s&&(s=[s]),s.forEach((s=>{a[s.toLowerCase()]=o}))}function autoDetection(s){const o=getLanguage(s);return o&&!o.disableAutodetect}function fire(s,o){const i=s;u.forEach((function(s){s[i]&&s[i](o)}))}"undefined"!=typeof window&&window.addEventListener&&window.addEventListener("DOMContentLoaded",(function boot(){U&&highlightAll()}),!1),Object.assign(s,{highlight,highlightAuto,highlightAll,fixMarkup:function deprecateFixMarkup(s){return deprecated("10.2.0","fixMarkup will be removed entirely in v11.0"),deprecated("10.2.0","Please see https://github.com/highlightjs/highlight.js/issues/2534"),function fixMarkup(s){return j.tabReplace||j.useBR?s.replace(w,(s=>"\n"===s?j.useBR?"
":s:j.tabReplace?s.replace(/\t/g,j.tabReplace):s)):s}(s)},highlightElement,highlightBlock:function deprecateHighlightBlock(s){return deprecated("10.7.0","highlightBlock will be removed entirely in v12.0"),deprecated("10.7.0","Please use highlightElement now."),highlightElement(s)},configure:function configure(s){s.useBR&&(deprecated("10.3.0","'useBR' will be removed entirely in v11.0"),deprecated("10.3.0","Please see https://github.com/highlightjs/highlight.js/issues/2559")),j=Se(j,s)},initHighlighting,initHighlightingOnLoad:function initHighlightingOnLoad(){deprecated("10.6.0","initHighlightingOnLoad() is deprecated. Use highlightAll() instead."),U=!0},registerLanguage:function registerLanguage(o,a){let u=null;try{u=a(s)}catch(s){if(error("Language definition for '{}' could not be registered.".replace("{}",o)),!_)throw s;error(s),u=C}u.name||(u.name=o),i[o]=u,u.rawDefinition=a.bind(null,s),u.aliases&®isterAliases(u.aliases,{languageName:o})},unregisterLanguage:function unregisterLanguage(s){delete i[s];for(const o of Object.keys(a))a[o]===s&&delete a[o]},listLanguages:function listLanguages(){return Object.keys(i)},getLanguage,registerAliases,requireLanguage:function requireLanguage(s){deprecated("10.4.0","requireLanguage will be removed entirely in v11."),deprecated("10.4.0","Please see https://github.com/highlightjs/highlight.js/pull/2844");const o=getLanguage(s);if(o)return o;throw new Error("The '{}' language is required, but not loaded.".replace("{}",s))},autoDetection,inherit:Se,addPlugin:function addPlugin(s){!function upgradePluginAPI(s){s["before:highlightBlock"]&&!s["before:highlightElement"]&&(s["before:highlightElement"]=o=>{s["before:highlightBlock"](Object.assign({block:o.el},o))}),s["after:highlightBlock"]&&!s["after:highlightElement"]&&(s["after:highlightElement"]=o=>{s["after:highlightBlock"](Object.assign({block:o.el},o))})}(s),u.push(s)},vuePlugin:BuildVuePlugin(s).VuePlugin}),s.debugMode=function(){_=!1},s.safeMode=function(){_=!0},s.versionString="10.7.3";for(const s in de)"object"==typeof de[s]&&o(de[s]);return Object.assign(s,de),s.addPlugin(L),s.addPlugin(ye),s.addPlugin($),s}({});s.exports=xe},46028:(s,o,i)=>{"use strict";var a=i(13930),u=i(46285),_=i(25594),w=i(29367),x=i(60581),C=i(76264),j=TypeError,L=C("toPrimitive");s.exports=function(s,o){if(!u(s)||_(s))return s;var i,C=w(s,L);if(C){if(void 0===o&&(o="default"),i=a(C,s,o),!u(i)||_(i))return i;throw new j("Can't convert object to primitive value")}return void 0===o&&(o="number"),x(s,o)}},46076:(s,o,i)=>{"use strict";i(91599);var a=i(68623);s.exports=a},46285:(s,o,i)=>{"use strict";var a=i(62250);s.exports=function(s){return"object"==typeof s?null!==s:a(s)}},46942:(s,o)=>{var i;!function(){"use strict";var a={}.hasOwnProperty;function classNames(){for(var s="",o=0;o{"use strict";s.exports="undefined"!=typeof Reflect&&Reflect&&Reflect.apply},47181:(s,o,i)=>{"use strict";var a=i(95116).IteratorPrototype,u=i(58075),_=i(75817),w=i(14840),x=i(93742),returnThis=function(){return this};s.exports=function(s,o,i,C){var j=o+" Iterator";return s.prototype=u(a,{next:_(+!C,i)}),w(s,j,!1,!0),x[j]=returnThis,s}},47237:s=>{s.exports=function baseProperty(s){return function(o){return null==o?void 0:o[s]}}},47248:(s,o,i)=>{var a=i(16547),u=i(51234);s.exports=function zipObject(s,o){return u(s||[],o||[],a)}},47422:(s,o,i)=>{var a=i(31769),u=i(77797);s.exports=function baseGet(s,o){for(var i=0,_=(o=a(o,s)).length;null!=s&&i<_;)s=s[u(o[i++])];return i&&i==_?s:void 0}},47473:s=>{var o=Function.prototype.toString;s.exports=function toSource(s){if(null!=s){try{return o.call(s)}catch(s){}try{return s+""}catch(s){}}return""}},47886:(s,o,i)=>{var a=i(5861),u=i(40346);s.exports=function isWeakMap(s){return u(s)&&"[object WeakMap]"==a(s)}},47934:(s,o,i)=>{s.exports={ary:i(64626),assign:i(74733),clone:i(32629),curry:i(49747),forEach:i(83729),isArray:i(56449),isError:i(23546),isFunction:i(1882),isWeakMap:i(47886),iteratee:i(33855),keys:i(88984),rearg:i(84195),toInteger:i(61489),toPath:i(42072)}},48152:(s,o,i)=>{var a=i(28303),u=a&&new a;s.exports=u},48287:(s,o,i)=>{"use strict";const a=i(67526),u=i(251),_="function"==typeof Symbol&&"function"==typeof Symbol.for?Symbol.for("nodejs.util.inspect.custom"):null;o.Buffer=Buffer,o.SlowBuffer=function SlowBuffer(s){+s!=s&&(s=0);return Buffer.alloc(+s)},o.INSPECT_MAX_BYTES=50;const w=2147483647;function createBuffer(s){if(s>w)throw new RangeError('The value "'+s+'" is invalid for option "size"');const o=new Uint8Array(s);return Object.setPrototypeOf(o,Buffer.prototype),o}function Buffer(s,o,i){if("number"==typeof s){if("string"==typeof o)throw new TypeError('The "string" argument must be of type string. Received type number');return allocUnsafe(s)}return from(s,o,i)}function from(s,o,i){if("string"==typeof s)return function fromString(s,o){"string"==typeof o&&""!==o||(o="utf8");if(!Buffer.isEncoding(o))throw new TypeError("Unknown encoding: "+o);const i=0|byteLength(s,o);let a=createBuffer(i);const u=a.write(s,o);u!==i&&(a=a.slice(0,u));return a}(s,o);if(ArrayBuffer.isView(s))return function fromArrayView(s){if(isInstance(s,Uint8Array)){const o=new Uint8Array(s);return fromArrayBuffer(o.buffer,o.byteOffset,o.byteLength)}return fromArrayLike(s)}(s);if(null==s)throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof s);if(isInstance(s,ArrayBuffer)||s&&isInstance(s.buffer,ArrayBuffer))return fromArrayBuffer(s,o,i);if("undefined"!=typeof SharedArrayBuffer&&(isInstance(s,SharedArrayBuffer)||s&&isInstance(s.buffer,SharedArrayBuffer)))return fromArrayBuffer(s,o,i);if("number"==typeof s)throw new TypeError('The "value" argument must not be of type number. Received type number');const a=s.valueOf&&s.valueOf();if(null!=a&&a!==s)return Buffer.from(a,o,i);const u=function fromObject(s){if(Buffer.isBuffer(s)){const o=0|checked(s.length),i=createBuffer(o);return 0===i.length||s.copy(i,0,0,o),i}if(void 0!==s.length)return"number"!=typeof s.length||numberIsNaN(s.length)?createBuffer(0):fromArrayLike(s);if("Buffer"===s.type&&Array.isArray(s.data))return fromArrayLike(s.data)}(s);if(u)return u;if("undefined"!=typeof Symbol&&null!=Symbol.toPrimitive&&"function"==typeof s[Symbol.toPrimitive])return Buffer.from(s[Symbol.toPrimitive]("string"),o,i);throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof s)}function assertSize(s){if("number"!=typeof s)throw new TypeError('"size" argument must be of type number');if(s<0)throw new RangeError('The value "'+s+'" is invalid for option "size"')}function allocUnsafe(s){return assertSize(s),createBuffer(s<0?0:0|checked(s))}function fromArrayLike(s){const o=s.length<0?0:0|checked(s.length),i=createBuffer(o);for(let a=0;a=w)throw new RangeError("Attempt to allocate Buffer larger than maximum size: 0x"+w.toString(16)+" bytes");return 0|s}function byteLength(s,o){if(Buffer.isBuffer(s))return s.length;if(ArrayBuffer.isView(s)||isInstance(s,ArrayBuffer))return s.byteLength;if("string"!=typeof s)throw new TypeError('The "string" argument must be one of type string, Buffer, or ArrayBuffer. Received type '+typeof s);const i=s.length,a=arguments.length>2&&!0===arguments[2];if(!a&&0===i)return 0;let u=!1;for(;;)switch(o){case"ascii":case"latin1":case"binary":return i;case"utf8":case"utf-8":return utf8ToBytes(s).length;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return 2*i;case"hex":return i>>>1;case"base64":return base64ToBytes(s).length;default:if(u)return a?-1:utf8ToBytes(s).length;o=(""+o).toLowerCase(),u=!0}}function slowToString(s,o,i){let a=!1;if((void 0===o||o<0)&&(o=0),o>this.length)return"";if((void 0===i||i>this.length)&&(i=this.length),i<=0)return"";if((i>>>=0)<=(o>>>=0))return"";for(s||(s="utf8");;)switch(s){case"hex":return hexSlice(this,o,i);case"utf8":case"utf-8":return utf8Slice(this,o,i);case"ascii":return asciiSlice(this,o,i);case"latin1":case"binary":return latin1Slice(this,o,i);case"base64":return base64Slice(this,o,i);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return utf16leSlice(this,o,i);default:if(a)throw new TypeError("Unknown encoding: "+s);s=(s+"").toLowerCase(),a=!0}}function swap(s,o,i){const a=s[o];s[o]=s[i],s[i]=a}function bidirectionalIndexOf(s,o,i,a,u){if(0===s.length)return-1;if("string"==typeof i?(a=i,i=0):i>2147483647?i=2147483647:i<-2147483648&&(i=-2147483648),numberIsNaN(i=+i)&&(i=u?0:s.length-1),i<0&&(i=s.length+i),i>=s.length){if(u)return-1;i=s.length-1}else if(i<0){if(!u)return-1;i=0}if("string"==typeof o&&(o=Buffer.from(o,a)),Buffer.isBuffer(o))return 0===o.length?-1:arrayIndexOf(s,o,i,a,u);if("number"==typeof o)return o&=255,"function"==typeof Uint8Array.prototype.indexOf?u?Uint8Array.prototype.indexOf.call(s,o,i):Uint8Array.prototype.lastIndexOf.call(s,o,i):arrayIndexOf(s,[o],i,a,u);throw new TypeError("val must be string, number or Buffer")}function arrayIndexOf(s,o,i,a,u){let _,w=1,x=s.length,C=o.length;if(void 0!==a&&("ucs2"===(a=String(a).toLowerCase())||"ucs-2"===a||"utf16le"===a||"utf-16le"===a)){if(s.length<2||o.length<2)return-1;w=2,x/=2,C/=2,i/=2}function read(s,o){return 1===w?s[o]:s.readUInt16BE(o*w)}if(u){let a=-1;for(_=i;_x&&(i=x-C),_=i;_>=0;_--){let i=!0;for(let a=0;au&&(a=u):a=u;const _=o.length;let w;for(a>_/2&&(a=_/2),w=0;w>8,u=i%256,_.push(u),_.push(a);return _}(o,s.length-i),s,i,a)}function base64Slice(s,o,i){return 0===o&&i===s.length?a.fromByteArray(s):a.fromByteArray(s.slice(o,i))}function utf8Slice(s,o,i){i=Math.min(s.length,i);const a=[];let u=o;for(;u239?4:o>223?3:o>191?2:1;if(u+w<=i){let i,a,x,C;switch(w){case 1:o<128&&(_=o);break;case 2:i=s[u+1],128==(192&i)&&(C=(31&o)<<6|63&i,C>127&&(_=C));break;case 3:i=s[u+1],a=s[u+2],128==(192&i)&&128==(192&a)&&(C=(15&o)<<12|(63&i)<<6|63&a,C>2047&&(C<55296||C>57343)&&(_=C));break;case 4:i=s[u+1],a=s[u+2],x=s[u+3],128==(192&i)&&128==(192&a)&&128==(192&x)&&(C=(15&o)<<18|(63&i)<<12|(63&a)<<6|63&x,C>65535&&C<1114112&&(_=C))}}null===_?(_=65533,w=1):_>65535&&(_-=65536,a.push(_>>>10&1023|55296),_=56320|1023&_),a.push(_),u+=w}return function decodeCodePointsArray(s){const o=s.length;if(o<=x)return String.fromCharCode.apply(String,s);let i="",a=0;for(;aa.length?(Buffer.isBuffer(o)||(o=Buffer.from(o)),o.copy(a,u)):Uint8Array.prototype.set.call(a,o,u);else{if(!Buffer.isBuffer(o))throw new TypeError('"list" argument must be an Array of Buffers');o.copy(a,u)}u+=o.length}return a},Buffer.byteLength=byteLength,Buffer.prototype._isBuffer=!0,Buffer.prototype.swap16=function swap16(){const s=this.length;if(s%2!=0)throw new RangeError("Buffer size must be a multiple of 16-bits");for(let o=0;oi&&(s+=" ... "),""},_&&(Buffer.prototype[_]=Buffer.prototype.inspect),Buffer.prototype.compare=function compare(s,o,i,a,u){if(isInstance(s,Uint8Array)&&(s=Buffer.from(s,s.offset,s.byteLength)),!Buffer.isBuffer(s))throw new TypeError('The "target" argument must be one of type Buffer or Uint8Array. Received type '+typeof s);if(void 0===o&&(o=0),void 0===i&&(i=s?s.length:0),void 0===a&&(a=0),void 0===u&&(u=this.length),o<0||i>s.length||a<0||u>this.length)throw new RangeError("out of range index");if(a>=u&&o>=i)return 0;if(a>=u)return-1;if(o>=i)return 1;if(this===s)return 0;let _=(u>>>=0)-(a>>>=0),w=(i>>>=0)-(o>>>=0);const x=Math.min(_,w),C=this.slice(a,u),j=s.slice(o,i);for(let s=0;s>>=0,isFinite(i)?(i>>>=0,void 0===a&&(a="utf8")):(a=i,i=void 0)}const u=this.length-o;if((void 0===i||i>u)&&(i=u),s.length>0&&(i<0||o<0)||o>this.length)throw new RangeError("Attempt to write outside buffer bounds");a||(a="utf8");let _=!1;for(;;)switch(a){case"hex":return hexWrite(this,s,o,i);case"utf8":case"utf-8":return utf8Write(this,s,o,i);case"ascii":case"latin1":case"binary":return asciiWrite(this,s,o,i);case"base64":return base64Write(this,s,o,i);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return ucs2Write(this,s,o,i);default:if(_)throw new TypeError("Unknown encoding: "+a);a=(""+a).toLowerCase(),_=!0}},Buffer.prototype.toJSON=function toJSON(){return{type:"Buffer",data:Array.prototype.slice.call(this._arr||this,0)}};const x=4096;function asciiSlice(s,o,i){let a="";i=Math.min(s.length,i);for(let u=o;ua)&&(i=a);let u="";for(let a=o;ai)throw new RangeError("Trying to access beyond buffer length")}function checkInt(s,o,i,a,u,_){if(!Buffer.isBuffer(s))throw new TypeError('"buffer" argument must be a Buffer instance');if(o>u||o<_)throw new RangeError('"value" argument is out of bounds');if(i+a>s.length)throw new RangeError("Index out of range")}function wrtBigUInt64LE(s,o,i,a,u){checkIntBI(o,a,u,s,i,7);let _=Number(o&BigInt(4294967295));s[i++]=_,_>>=8,s[i++]=_,_>>=8,s[i++]=_,_>>=8,s[i++]=_;let w=Number(o>>BigInt(32)&BigInt(4294967295));return s[i++]=w,w>>=8,s[i++]=w,w>>=8,s[i++]=w,w>>=8,s[i++]=w,i}function wrtBigUInt64BE(s,o,i,a,u){checkIntBI(o,a,u,s,i,7);let _=Number(o&BigInt(4294967295));s[i+7]=_,_>>=8,s[i+6]=_,_>>=8,s[i+5]=_,_>>=8,s[i+4]=_;let w=Number(o>>BigInt(32)&BigInt(4294967295));return s[i+3]=w,w>>=8,s[i+2]=w,w>>=8,s[i+1]=w,w>>=8,s[i]=w,i+8}function checkIEEE754(s,o,i,a,u,_){if(i+a>s.length)throw new RangeError("Index out of range");if(i<0)throw new RangeError("Index out of range")}function writeFloat(s,o,i,a,_){return o=+o,i>>>=0,_||checkIEEE754(s,0,i,4),u.write(s,o,i,a,23,4),i+4}function writeDouble(s,o,i,a,_){return o=+o,i>>>=0,_||checkIEEE754(s,0,i,8),u.write(s,o,i,a,52,8),i+8}Buffer.prototype.slice=function slice(s,o){const i=this.length;(s=~~s)<0?(s+=i)<0&&(s=0):s>i&&(s=i),(o=void 0===o?i:~~o)<0?(o+=i)<0&&(o=0):o>i&&(o=i),o>>=0,o>>>=0,i||checkOffset(s,o,this.length);let a=this[s],u=1,_=0;for(;++_>>=0,o>>>=0,i||checkOffset(s,o,this.length);let a=this[s+--o],u=1;for(;o>0&&(u*=256);)a+=this[s+--o]*u;return a},Buffer.prototype.readUint8=Buffer.prototype.readUInt8=function readUInt8(s,o){return s>>>=0,o||checkOffset(s,1,this.length),this[s]},Buffer.prototype.readUint16LE=Buffer.prototype.readUInt16LE=function readUInt16LE(s,o){return s>>>=0,o||checkOffset(s,2,this.length),this[s]|this[s+1]<<8},Buffer.prototype.readUint16BE=Buffer.prototype.readUInt16BE=function readUInt16BE(s,o){return s>>>=0,o||checkOffset(s,2,this.length),this[s]<<8|this[s+1]},Buffer.prototype.readUint32LE=Buffer.prototype.readUInt32LE=function readUInt32LE(s,o){return s>>>=0,o||checkOffset(s,4,this.length),(this[s]|this[s+1]<<8|this[s+2]<<16)+16777216*this[s+3]},Buffer.prototype.readUint32BE=Buffer.prototype.readUInt32BE=function readUInt32BE(s,o){return s>>>=0,o||checkOffset(s,4,this.length),16777216*this[s]+(this[s+1]<<16|this[s+2]<<8|this[s+3])},Buffer.prototype.readBigUInt64LE=defineBigIntMethod((function readBigUInt64LE(s){validateNumber(s>>>=0,"offset");const o=this[s],i=this[s+7];void 0!==o&&void 0!==i||boundsError(s,this.length-8);const a=o+256*this[++s]+65536*this[++s]+this[++s]*2**24,u=this[++s]+256*this[++s]+65536*this[++s]+i*2**24;return BigInt(a)+(BigInt(u)<>>=0,"offset");const o=this[s],i=this[s+7];void 0!==o&&void 0!==i||boundsError(s,this.length-8);const a=o*2**24+65536*this[++s]+256*this[++s]+this[++s],u=this[++s]*2**24+65536*this[++s]+256*this[++s]+i;return(BigInt(a)<>>=0,o>>>=0,i||checkOffset(s,o,this.length);let a=this[s],u=1,_=0;for(;++_=u&&(a-=Math.pow(2,8*o)),a},Buffer.prototype.readIntBE=function readIntBE(s,o,i){s>>>=0,o>>>=0,i||checkOffset(s,o,this.length);let a=o,u=1,_=this[s+--a];for(;a>0&&(u*=256);)_+=this[s+--a]*u;return u*=128,_>=u&&(_-=Math.pow(2,8*o)),_},Buffer.prototype.readInt8=function readInt8(s,o){return s>>>=0,o||checkOffset(s,1,this.length),128&this[s]?-1*(255-this[s]+1):this[s]},Buffer.prototype.readInt16LE=function readInt16LE(s,o){s>>>=0,o||checkOffset(s,2,this.length);const i=this[s]|this[s+1]<<8;return 32768&i?4294901760|i:i},Buffer.prototype.readInt16BE=function readInt16BE(s,o){s>>>=0,o||checkOffset(s,2,this.length);const i=this[s+1]|this[s]<<8;return 32768&i?4294901760|i:i},Buffer.prototype.readInt32LE=function readInt32LE(s,o){return s>>>=0,o||checkOffset(s,4,this.length),this[s]|this[s+1]<<8|this[s+2]<<16|this[s+3]<<24},Buffer.prototype.readInt32BE=function readInt32BE(s,o){return s>>>=0,o||checkOffset(s,4,this.length),this[s]<<24|this[s+1]<<16|this[s+2]<<8|this[s+3]},Buffer.prototype.readBigInt64LE=defineBigIntMethod((function readBigInt64LE(s){validateNumber(s>>>=0,"offset");const o=this[s],i=this[s+7];void 0!==o&&void 0!==i||boundsError(s,this.length-8);const a=this[s+4]+256*this[s+5]+65536*this[s+6]+(i<<24);return(BigInt(a)<>>=0,"offset");const o=this[s],i=this[s+7];void 0!==o&&void 0!==i||boundsError(s,this.length-8);const a=(o<<24)+65536*this[++s]+256*this[++s]+this[++s];return(BigInt(a)<>>=0,o||checkOffset(s,4,this.length),u.read(this,s,!0,23,4)},Buffer.prototype.readFloatBE=function readFloatBE(s,o){return s>>>=0,o||checkOffset(s,4,this.length),u.read(this,s,!1,23,4)},Buffer.prototype.readDoubleLE=function readDoubleLE(s,o){return s>>>=0,o||checkOffset(s,8,this.length),u.read(this,s,!0,52,8)},Buffer.prototype.readDoubleBE=function readDoubleBE(s,o){return s>>>=0,o||checkOffset(s,8,this.length),u.read(this,s,!1,52,8)},Buffer.prototype.writeUintLE=Buffer.prototype.writeUIntLE=function writeUIntLE(s,o,i,a){if(s=+s,o>>>=0,i>>>=0,!a){checkInt(this,s,o,i,Math.pow(2,8*i)-1,0)}let u=1,_=0;for(this[o]=255&s;++_>>=0,i>>>=0,!a){checkInt(this,s,o,i,Math.pow(2,8*i)-1,0)}let u=i-1,_=1;for(this[o+u]=255&s;--u>=0&&(_*=256);)this[o+u]=s/_&255;return o+i},Buffer.prototype.writeUint8=Buffer.prototype.writeUInt8=function writeUInt8(s,o,i){return s=+s,o>>>=0,i||checkInt(this,s,o,1,255,0),this[o]=255&s,o+1},Buffer.prototype.writeUint16LE=Buffer.prototype.writeUInt16LE=function writeUInt16LE(s,o,i){return s=+s,o>>>=0,i||checkInt(this,s,o,2,65535,0),this[o]=255&s,this[o+1]=s>>>8,o+2},Buffer.prototype.writeUint16BE=Buffer.prototype.writeUInt16BE=function writeUInt16BE(s,o,i){return s=+s,o>>>=0,i||checkInt(this,s,o,2,65535,0),this[o]=s>>>8,this[o+1]=255&s,o+2},Buffer.prototype.writeUint32LE=Buffer.prototype.writeUInt32LE=function writeUInt32LE(s,o,i){return s=+s,o>>>=0,i||checkInt(this,s,o,4,4294967295,0),this[o+3]=s>>>24,this[o+2]=s>>>16,this[o+1]=s>>>8,this[o]=255&s,o+4},Buffer.prototype.writeUint32BE=Buffer.prototype.writeUInt32BE=function writeUInt32BE(s,o,i){return s=+s,o>>>=0,i||checkInt(this,s,o,4,4294967295,0),this[o]=s>>>24,this[o+1]=s>>>16,this[o+2]=s>>>8,this[o+3]=255&s,o+4},Buffer.prototype.writeBigUInt64LE=defineBigIntMethod((function writeBigUInt64LE(s,o=0){return wrtBigUInt64LE(this,s,o,BigInt(0),BigInt("0xffffffffffffffff"))})),Buffer.prototype.writeBigUInt64BE=defineBigIntMethod((function writeBigUInt64BE(s,o=0){return wrtBigUInt64BE(this,s,o,BigInt(0),BigInt("0xffffffffffffffff"))})),Buffer.prototype.writeIntLE=function writeIntLE(s,o,i,a){if(s=+s,o>>>=0,!a){const a=Math.pow(2,8*i-1);checkInt(this,s,o,i,a-1,-a)}let u=0,_=1,w=0;for(this[o]=255&s;++u>>=0,!a){const a=Math.pow(2,8*i-1);checkInt(this,s,o,i,a-1,-a)}let u=i-1,_=1,w=0;for(this[o+u]=255&s;--u>=0&&(_*=256);)s<0&&0===w&&0!==this[o+u+1]&&(w=1),this[o+u]=(s/_|0)-w&255;return o+i},Buffer.prototype.writeInt8=function writeInt8(s,o,i){return s=+s,o>>>=0,i||checkInt(this,s,o,1,127,-128),s<0&&(s=255+s+1),this[o]=255&s,o+1},Buffer.prototype.writeInt16LE=function writeInt16LE(s,o,i){return s=+s,o>>>=0,i||checkInt(this,s,o,2,32767,-32768),this[o]=255&s,this[o+1]=s>>>8,o+2},Buffer.prototype.writeInt16BE=function writeInt16BE(s,o,i){return s=+s,o>>>=0,i||checkInt(this,s,o,2,32767,-32768),this[o]=s>>>8,this[o+1]=255&s,o+2},Buffer.prototype.writeInt32LE=function writeInt32LE(s,o,i){return s=+s,o>>>=0,i||checkInt(this,s,o,4,2147483647,-2147483648),this[o]=255&s,this[o+1]=s>>>8,this[o+2]=s>>>16,this[o+3]=s>>>24,o+4},Buffer.prototype.writeInt32BE=function writeInt32BE(s,o,i){return s=+s,o>>>=0,i||checkInt(this,s,o,4,2147483647,-2147483648),s<0&&(s=4294967295+s+1),this[o]=s>>>24,this[o+1]=s>>>16,this[o+2]=s>>>8,this[o+3]=255&s,o+4},Buffer.prototype.writeBigInt64LE=defineBigIntMethod((function writeBigInt64LE(s,o=0){return wrtBigUInt64LE(this,s,o,-BigInt("0x8000000000000000"),BigInt("0x7fffffffffffffff"))})),Buffer.prototype.writeBigInt64BE=defineBigIntMethod((function writeBigInt64BE(s,o=0){return wrtBigUInt64BE(this,s,o,-BigInt("0x8000000000000000"),BigInt("0x7fffffffffffffff"))})),Buffer.prototype.writeFloatLE=function writeFloatLE(s,o,i){return writeFloat(this,s,o,!0,i)},Buffer.prototype.writeFloatBE=function writeFloatBE(s,o,i){return writeFloat(this,s,o,!1,i)},Buffer.prototype.writeDoubleLE=function writeDoubleLE(s,o,i){return writeDouble(this,s,o,!0,i)},Buffer.prototype.writeDoubleBE=function writeDoubleBE(s,o,i){return writeDouble(this,s,o,!1,i)},Buffer.prototype.copy=function copy(s,o,i,a){if(!Buffer.isBuffer(s))throw new TypeError("argument should be a Buffer");if(i||(i=0),a||0===a||(a=this.length),o>=s.length&&(o=s.length),o||(o=0),a>0&&a=this.length)throw new RangeError("Index out of range");if(a<0)throw new RangeError("sourceEnd out of bounds");a>this.length&&(a=this.length),s.length-o>>=0,i=void 0===i?this.length:i>>>0,s||(s=0),"number"==typeof s)for(u=o;u=a+4;i-=3)o=`_${s.slice(i-3,i)}${o}`;return`${s.slice(0,i)}${o}`}function checkIntBI(s,o,i,a,u,_){if(s>i||s3?0===o||o===BigInt(0)?`>= 0${a} and < 2${a} ** ${8*(_+1)}${a}`:`>= -(2${a} ** ${8*(_+1)-1}${a}) and < 2 ** ${8*(_+1)-1}${a}`:`>= ${o}${a} and <= ${i}${a}`,new C.ERR_OUT_OF_RANGE("value",u,s)}!function checkBounds(s,o,i){validateNumber(o,"offset"),void 0!==s[o]&&void 0!==s[o+i]||boundsError(o,s.length-(i+1))}(a,u,_)}function validateNumber(s,o){if("number"!=typeof s)throw new C.ERR_INVALID_ARG_TYPE(o,"number",s)}function boundsError(s,o,i){if(Math.floor(s)!==s)throw validateNumber(s,i),new C.ERR_OUT_OF_RANGE(i||"offset","an integer",s);if(o<0)throw new C.ERR_BUFFER_OUT_OF_BOUNDS;throw new C.ERR_OUT_OF_RANGE(i||"offset",`>= ${i?1:0} and <= ${o}`,s)}E("ERR_BUFFER_OUT_OF_BOUNDS",(function(s){return s?`${s} is outside of buffer bounds`:"Attempt to access memory outside buffer bounds"}),RangeError),E("ERR_INVALID_ARG_TYPE",(function(s,o){return`The "${s}" argument must be of type number. Received type ${typeof o}`}),TypeError),E("ERR_OUT_OF_RANGE",(function(s,o,i){let a=`The value of "${s}" is out of range.`,u=i;return Number.isInteger(i)&&Math.abs(i)>2**32?u=addNumericalSeparator(String(i)):"bigint"==typeof i&&(u=String(i),(i>BigInt(2)**BigInt(32)||i<-(BigInt(2)**BigInt(32)))&&(u=addNumericalSeparator(u)),u+="n"),a+=` It must be ${o}. Received ${u}`,a}),RangeError);const j=/[^+/0-9A-Za-z-_]/g;function utf8ToBytes(s,o){let i;o=o||1/0;const a=s.length;let u=null;const _=[];for(let w=0;w55295&&i<57344){if(!u){if(i>56319){(o-=3)>-1&&_.push(239,191,189);continue}if(w+1===a){(o-=3)>-1&&_.push(239,191,189);continue}u=i;continue}if(i<56320){(o-=3)>-1&&_.push(239,191,189),u=i;continue}i=65536+(u-55296<<10|i-56320)}else u&&(o-=3)>-1&&_.push(239,191,189);if(u=null,i<128){if((o-=1)<0)break;_.push(i)}else if(i<2048){if((o-=2)<0)break;_.push(i>>6|192,63&i|128)}else if(i<65536){if((o-=3)<0)break;_.push(i>>12|224,i>>6&63|128,63&i|128)}else{if(!(i<1114112))throw new Error("Invalid code point");if((o-=4)<0)break;_.push(i>>18|240,i>>12&63|128,i>>6&63|128,63&i|128)}}return _}function base64ToBytes(s){return a.toByteArray(function base64clean(s){if((s=(s=s.split("=")[0]).trim().replace(j,"")).length<2)return"";for(;s.length%4!=0;)s+="=";return s}(s))}function blitBuffer(s,o,i,a){let u;for(u=0;u=o.length||u>=s.length);++u)o[u+i]=s[u];return u}function isInstance(s,o){return s instanceof o||null!=s&&null!=s.constructor&&null!=s.constructor.name&&s.constructor.name===o.name}function numberIsNaN(s){return s!=s}const L=function(){const s="0123456789abcdef",o=new Array(256);for(let i=0;i<16;++i){const a=16*i;for(let u=0;u<16;++u)o[a+u]=s[i]+s[u]}return o}();function defineBigIntMethod(s){return"undefined"==typeof BigInt?BufferBigIntNotDefined:s}function BufferBigIntNotDefined(){throw new Error("BigInt not supported")}},48590:(s,o)=>{"use strict";Object.defineProperty(o,"__esModule",{value:!0}),o.default=function(s){return s&&"@@redux/INIT"===s.type?"initialState argument passed to createStore":"previous state received by the reducer"},s.exports=o.default},48648:s=>{"use strict";s.exports="undefined"!=typeof Reflect&&Reflect.getPrototypeOf||null},48655:(s,o,i)=>{var a=i(26025);s.exports=function listCacheHas(s){return a(this.__data__,s)>-1}},48675:(s,o,i)=>{s.exports=i(20850)},48948:(s,o,i)=>{var a=i(21791),u=i(86375);s.exports=function copySymbolsIn(s,o){return a(s,u(s),o)}},49092:(s,o,i)=>{"use strict";var a=i(41333);s.exports=function hasToStringTagShams(){return a()&&!!Symbol.toStringTag}},49326:(s,o,i)=>{var a=i(31769),u=i(72428),_=i(56449),w=i(30361),x=i(30294),C=i(77797);s.exports=function hasPath(s,o,i){for(var j=-1,L=(o=a(o,s)).length,B=!1;++j{"use strict";var a=i(45951),u=i(46285),_=a.document,w=u(_)&&u(_.createElement);s.exports=function(s){return w?_.createElement(s):{}}},49653:(s,o,i)=>{var a=i(37828);s.exports=function cloneArrayBuffer(s){var o=new s.constructor(s.byteLength);return new a(o).set(new a(s)),o}},49698:s=>{var o=RegExp("[\\u200d\\ud800-\\udfff\\u0300-\\u036f\\ufe20-\\ufe2f\\u20d0-\\u20ff\\ufe0e\\ufe0f]");s.exports=function hasUnicode(s){return o.test(s)}},49724:(s,o,i)=>{"use strict";var a=i(1907),u=i(39298),_=a({}.hasOwnProperty);s.exports=Object.hasOwn||function hasOwn(s,o){return _(u(s),o)}},49747:(s,o,i)=>{var a=i(66977);function curry(s,o,i){var u=a(s,8,void 0,void 0,void 0,void 0,void 0,o=i?void 0:o);return u.placeholder=curry.placeholder,u}curry.placeholder={},s.exports=curry},50002:(s,o,i)=>{var a=i(82199),u=i(4664),_=i(95950);s.exports=function getAllKeys(s){return a(s,_,u)}},50104:(s,o,i)=>{var a=i(53661);function memoize(s,o){if("function"!=typeof s||null!=o&&"function"!=typeof o)throw new TypeError("Expected a function");var memoized=function(){var i=arguments,a=o?o.apply(this,i):i[0],u=memoized.cache;if(u.has(a))return u.get(a);var _=s.apply(this,i);return memoized.cache=u.set(a,_)||u,_};return memoized.cache=new(memoize.Cache||a),memoized}memoize.Cache=a,s.exports=memoize},50583:(s,o,i)=>{var a=i(47237),u=i(17255),_=i(28586),w=i(77797);s.exports=function property(s){return _(s)?a(w(s)):u(s)}},50689:(s,o,i)=>{var a=i(50002),u=Object.prototype.hasOwnProperty;s.exports=function equalObjects(s,o,i,_,w,x){var C=1&i,j=a(s),L=j.length;if(L!=a(o).length&&!C)return!1;for(var B=L;B--;){var $=j[B];if(!(C?$ in o:u.call(o,$)))return!1}var U=x.get(s),V=x.get(o);if(U&&V)return U==o&&V==s;var z=!0;x.set(s,o),x.set(o,s);for(var Y=C;++B{var a=i(24647),u=i(13222),_=/[\xc0-\xd6\xd8-\xf6\xf8-\xff\u0100-\u017f]/g,w=RegExp("[\\u0300-\\u036f\\ufe20-\\ufe2f\\u20d0-\\u20ff]","g");s.exports=function deburr(s){return(s=u(s))&&s.replace(_,a).replace(w,"")}},51175:(s,o,i)=>{"use strict";var a=i(19846);s.exports=a&&!Symbol.sham&&"symbol"==typeof Symbol.iterator},51234:s=>{s.exports=function baseZipObject(s,o,i){for(var a=-1,u=s.length,_=o.length,w={};++a{var a=i(80079);s.exports=function stackClear(){this.__data__=new a,this.size=0}},51459:s=>{s.exports=function setCacheHas(s){return this.__data__.has(s)}},51811:s=>{var o=Date.now;s.exports=function shortOut(s){var i=0,a=0;return function(){var u=o(),_=16-(u-a);if(a=u,_>0){if(++i>=800)return arguments[0]}else i=0;return s.apply(void 0,arguments)}}},51871:(s,o,i)=>{"use strict";var a=i(1907),u=i(82159);s.exports=function(s,o,i){try{return a(u(Object.getOwnPropertyDescriptor(s,o)[i]))}catch(s){}}},51873:(s,o,i)=>{var a=i(9325).Symbol;s.exports=a},52623:(s,o,i)=>{"use strict";var a={};a[i(76264)("toStringTag")]="z",s.exports="[object z]"===String(a)},53138:(s,o,i)=>{var a=i(11331);s.exports=function customOmitClone(s){return a(s)?void 0:s}},53209:(s,o,i)=>{"use strict";var a=i(65606),u=65536,_=4294967295;var w=i(92861).Buffer,x=i.g.crypto||i.g.msCrypto;x&&x.getRandomValues?s.exports=function randomBytes(s,o){if(s>_)throw new RangeError("requested too many random bytes");var i=w.allocUnsafe(s);if(s>0)if(s>u)for(var C=0;C{var o=Math.max;s.exports=function composeArgsRight(s,i,a,u){for(var _=-1,w=s.length,x=-1,C=a.length,j=-1,L=i.length,B=o(w-C,0),$=Array(B+L),U=!u;++_{"use strict";var a=i(93700);s.exports=a},53661:(s,o,i)=>{var a=i(63040),u=i(17670),_=i(90289),w=i(4509),x=i(72949);function MapCache(s){var o=-1,i=null==s?0:s.length;for(this.clear();++o{var a=i(30980),u=i(56017),_=i(94033),w=i(56449),x=i(40346),C=i(80257),j=Object.prototype.hasOwnProperty;function lodash(s){if(x(s)&&!w(s)&&!(s instanceof a)){if(s instanceof u)return s;if(j.call(s,"__wrapped__"))return C(s)}return new u(s)}lodash.prototype=_.prototype,lodash.prototype.constructor=lodash,s.exports=lodash},53812:(s,o,i)=>{var a=i(72552),u=i(40346);s.exports=function isBoolean(s){return!0===s||!1===s||u(s)&&"[object Boolean]"==a(s)}},54018:(s,o,i)=>{"use strict";var a=i(46285);s.exports=function(s){return a(s)||null===s}},54128:(s,o,i)=>{var a=i(31800),u=/^\s+/;s.exports=function baseTrim(s){return s?s.slice(0,a(s)+1).replace(u,""):s}},54552:s=>{s.exports=function basePropertyOf(s){return function(o){return null==s?void 0:s[o]}}},54641:(s,o,i)=>{var a=i(68882),u=i(51811)(a);s.exports=u},54829:(s,o,i)=>{"use strict";var a=i(74284).f;s.exports=function(s,o,i){i in s||a(s,i,{configurable:!0,get:function(){return o[i]},set:function(s){o[i]=s}})}},54878:(s,o,i)=>{"use strict";var a=i(52623),u=i(73948);s.exports=a?{}.toString:function toString(){return"[object "+u(this)+"]"}},55157:s=>{s.exports=function(){throw new Error("Readable.from is not available in the browser")}},55364:(s,o,i)=>{var a=i(85250),u=i(20999)((function(s,o,i){a(s,o,i)}));s.exports=u},55481:(s,o,i)=>{var a=i(9325)["__core-js_shared__"];s.exports=a},55527:s=>{var o=Object.prototype;s.exports=function isPrototype(s){var i=s&&s.constructor;return s===("function"==typeof i&&i.prototype||o)}},55580:(s,o,i)=>{var a=i(56110)(i(9325),"DataView");s.exports=a},55674:(s,o,i)=>{"use strict";Object.defineProperty(o,"__esModule",{value:!0}),o.validateNextState=o.getUnexpectedInvocationParameterMessage=o.getStateName=void 0;var a=_interopRequireDefault(i(48590)),u=_interopRequireDefault(i(82261)),_=_interopRequireDefault(i(27374));function _interopRequireDefault(s){return s&&s.__esModule?s:{default:s}}o.getStateName=a.default,o.getUnexpectedInvocationParameterMessage=u.default,o.validateNextState=_.default},55808:(s,o,i)=>{var a=i(12507)("toUpperCase");s.exports=a},55973:s=>{class KeyValuePair{constructor(s,o){this.key=s,this.value=o}clone(){const s=new KeyValuePair;return this.key&&(s.key=this.key.clone()),this.value&&(s.value=this.value.clone()),s}}s.exports=KeyValuePair},56017:(s,o,i)=>{var a=i(39344),u=i(94033);function LodashWrapper(s,o){this.__wrapped__=s,this.__actions__=[],this.__chain__=!!o,this.__index__=0,this.__values__=void 0}LodashWrapper.prototype=a(u.prototype),LodashWrapper.prototype.constructor=LodashWrapper,s.exports=LodashWrapper},56110:(s,o,i)=>{var a=i(45083),u=i(10392);s.exports=function getNative(s,o){var i=u(s,o);return a(i)?i:void 0}},56367:(s,o,i)=>{s.exports=i(77731)},56449:s=>{var o=Array.isArray;s.exports=o},56698:s=>{"function"==typeof Object.create?s.exports=function inherits(s,o){o&&(s.super_=o,s.prototype=Object.create(o.prototype,{constructor:{value:s,enumerable:!1,writable:!0,configurable:!0}}))}:s.exports=function inherits(s,o){if(o){s.super_=o;var TempCtor=function(){};TempCtor.prototype=o.prototype,s.prototype=new TempCtor,s.prototype.constructor=s}}},56757:(s,o,i)=>{var a=i(91033),u=Math.max;s.exports=function overRest(s,o,i){return o=u(void 0===o?s.length-1:o,0),function(){for(var _=arguments,w=-1,x=u(_.length-o,0),C=Array(x);++w{"use strict";var a=i(98828);s.exports=!a((function(){function F(){}return F.prototype.constructor=null,Object.getPrototypeOf(new F)!==F.prototype}))},57758:(s,o,i)=>{"use strict";var a;var u=i(86048).F,_=u.ERR_MISSING_ARGS,w=u.ERR_STREAM_DESTROYED;function noop(s){if(s)throw s}function call(s){s()}function pipe(s,o){return s.pipe(o)}s.exports=function pipeline(){for(var s=arguments.length,o=new Array(s),u=0;u0,(function(s){x||(x=s),s&&j.forEach(call),_||(j.forEach(call),C(x))}))}));return o.reduce(pipe)}},58068:s=>{"use strict";s.exports=SyntaxError},58075:(s,o,i)=>{"use strict";var a,u=i(36624),_=i(42220),w=i(80376),x=i(38530),C=i(62416),j=i(49552),L=i(92522),B="prototype",$="script",U=L("IE_PROTO"),EmptyConstructor=function(){},scriptTag=function(s){return"<"+$+">"+s+""},NullProtoObjectViaActiveX=function(s){s.write(scriptTag("")),s.close();var o=s.parentWindow.Object;return s=null,o},NullProtoObject=function(){try{a=new ActiveXObject("htmlfile")}catch(s){}var s,o,i;NullProtoObject="undefined"!=typeof document?document.domain&&a?NullProtoObjectViaActiveX(a):(o=j("iframe"),i="java"+$+":",o.style.display="none",C.appendChild(o),o.src=String(i),(s=o.contentWindow.document).open(),s.write(scriptTag("document.F=Object")),s.close(),s.F):NullProtoObjectViaActiveX(a);for(var u=w.length;u--;)delete NullProtoObject[B][w[u]];return NullProtoObject()};x[U]=!0,s.exports=Object.create||function create(s,o){var i;return null!==s?(EmptyConstructor[B]=u(s),i=new EmptyConstructor,EmptyConstructor[B]=null,i[U]=s):i=NullProtoObject(),void 0===o?i:_.f(i,o)}},58156:(s,o,i)=>{var a=i(47422);s.exports=function get(s,o,i){var u=null==s?void 0:a(s,o);return void 0===u?i:u}},58523:s=>{s.exports=function countHolders(s,o){for(var i=s.length,a=0;i--;)s[i]===o&&++a;return a}},58661:(s,o,i)=>{"use strict";var a=i(39447),u=i(98828);s.exports=a&&u((function(){return 42!==Object.defineProperty((function(){}),"prototype",{value:42,writable:!1}).prototype}))},58968:s=>{"use strict";s.exports=Math.floor},59350:s=>{var o=Object.prototype.toString;s.exports=function objectToString(s){return o.call(s)}},59399:(s,o,i)=>{"use strict";var a=i(25264).CopyToClipboard;a.CopyToClipboard=a,s.exports=a},59550:s=>{"use strict";s.exports=function(s,o){return{value:s,done:o}}},60183:(s,o,i)=>{"use strict";var a=i(11091),u=i(13930),_=i(7376),w=i(36833),x=i(62250),C=i(47181),j=i(15972),L=i(79192),B=i(14840),$=i(61626),U=i(68055),V=i(76264),z=i(93742),Y=i(95116),Z=w.PROPER,ee=w.CONFIGURABLE,ie=Y.IteratorPrototype,ae=Y.BUGGY_SAFARI_ITERATORS,ce=V("iterator"),le="keys",pe="values",de="entries",returnThis=function(){return this};s.exports=function(s,o,i,w,V,Y,fe){C(i,o,w);var ye,be,_e,getIterationMethod=function(s){if(s===V&&Te)return Te;if(!ae&&s&&s in xe)return xe[s];switch(s){case le:return function keys(){return new i(this,s)};case pe:return function values(){return new i(this,s)};case de:return function entries(){return new i(this,s)}}return function(){return new i(this)}},Se=o+" Iterator",we=!1,xe=s.prototype,Pe=xe[ce]||xe["@@iterator"]||V&&xe[V],Te=!ae&&Pe||getIterationMethod(V),Re="Array"===o&&xe.entries||Pe;if(Re&&(ye=j(Re.call(new s)))!==Object.prototype&&ye.next&&(_||j(ye)===ie||(L?L(ye,ie):x(ye[ce])||U(ye,ce,returnThis)),B(ye,Se,!0,!0),_&&(z[Se]=returnThis)),Z&&V===pe&&Pe&&Pe.name!==pe&&(!_&&ee?$(xe,"name",pe):(we=!0,Te=function values(){return u(Pe,this)})),V)if(be={values:getIterationMethod(pe),keys:Y?Te:getIterationMethod(le),entries:getIterationMethod(de)},fe)for(_e in be)(ae||we||!(_e in xe))&&U(xe,_e,be[_e]);else a({target:o,proto:!0,forced:ae||we},be);return _&&!fe||xe[ce]===Te||U(xe,ce,Te,{name:V}),z[o]=Te,be}},60270:(s,o,i)=>{var a=i(87068),u=i(40346);s.exports=function baseIsEqual(s,o,i,_,w){return s===o||(null==s||null==o||!u(s)&&!u(o)?s!=s&&o!=o:a(s,o,i,_,baseIsEqual,w))}},60581:(s,o,i)=>{"use strict";var a=i(13930),u=i(62250),_=i(46285),w=TypeError;s.exports=function(s,o){var i,x;if("string"===o&&u(i=s.toString)&&!_(x=a(i,s)))return x;if(u(i=s.valueOf)&&!_(x=a(i,s)))return x;if("string"!==o&&u(i=s.toString)&&!_(x=a(i,s)))return x;throw new w("Can't convert object to primitive value")}},60680:(s,o,i)=>{var a=i(13222),u=/[\\^$.*+?()[\]{}|]/g,_=RegExp(u.source);s.exports=function escapeRegExp(s){return(s=a(s))&&_.test(s)?s.replace(u,"\\$&"):s}},61045:(s,o,i)=>{const a=i(6048),u=i(23805),_=i(6233),w=i(87726),x=i(10866);s.exports=class ObjectElement extends _{constructor(s,o,i){super(s||[],o,i),this.element="object"}primitive(){return"object"}toValue(){return this.content.reduce(((s,o)=>(s[o.key.toValue()]=o.value?o.value.toValue():void 0,s)),{})}get(s){const o=this.getMember(s);if(o)return o.value}getMember(s){if(void 0!==s)return this.content.find((o=>o.key.toValue()===s))}remove(s){let o=null;return this.content=this.content.filter((i=>i.key.toValue()!==s||(o=i,!1))),o}getKey(s){const o=this.getMember(s);if(o)return o.key}set(s,o){if(u(s))return Object.keys(s).forEach((o=>{this.set(o,s[o])})),this;const i=s,a=this.getMember(i);return a?a.value=o:this.content.push(new w(i,o)),this}keys(){return this.content.map((s=>s.key.toValue()))}values(){return this.content.map((s=>s.value.toValue()))}hasKey(s){return this.content.some((o=>o.key.equals(s)))}items(){return this.content.map((s=>[s.key.toValue(),s.value.toValue()]))}map(s,o){return this.content.map((i=>s.bind(o)(i.value,i.key,i)))}compactMap(s,o){const i=[];return this.forEach(((a,u,_)=>{const w=s.bind(o)(a,u,_);w&&i.push(w)})),i}filter(s,o){return new x(this.content).filter(s,o)}reject(s,o){return this.filter(a(s),o)}forEach(s,o){return this.content.forEach((i=>s.bind(o)(i.value,i.key,i)))}}},61074:s=>{s.exports=function asciiToArray(s){return s.split("")}},61160:(s,o,i)=>{"use strict";var a=i(92063),u=i(73992),_=/^[\x00-\x20\u00a0\u1680\u2000-\u200a\u2028\u2029\u202f\u205f\u3000\ufeff]+/,w=/[\n\r\t]/g,x=/^[A-Za-z][A-Za-z0-9+-.]*:\/\//,C=/:\d+$/,j=/^([a-z][a-z0-9.+-]*:)?(\/\/)?([\\/]+)?([\S\s]*)/i,L=/^[a-zA-Z]:/;function trimLeft(s){return(s||"").toString().replace(_,"")}var B=[["#","hash"],["?","query"],function sanitize(s,o){return isSpecial(o.protocol)?s.replace(/\\/g,"/"):s},["/","pathname"],["@","auth",1],[NaN,"host",void 0,1,1],[/:(\d*)$/,"port",void 0,1],[NaN,"hostname",void 0,1,1]],$={hash:1,query:1};function lolcation(s){var o,a=("undefined"!=typeof window?window:void 0!==i.g?i.g:"undefined"!=typeof self?self:{}).location||{},u={},_=typeof(s=s||a);if("blob:"===s.protocol)u=new Url(unescape(s.pathname),{});else if("string"===_)for(o in u=new Url(s,{}),$)delete u[o];else if("object"===_){for(o in s)o in $||(u[o]=s[o]);void 0===u.slashes&&(u.slashes=x.test(s.href))}return u}function isSpecial(s){return"file:"===s||"ftp:"===s||"http:"===s||"https:"===s||"ws:"===s||"wss:"===s}function extractProtocol(s,o){s=(s=trimLeft(s)).replace(w,""),o=o||{};var i,a=j.exec(s),u=a[1]?a[1].toLowerCase():"",_=!!a[2],x=!!a[3],C=0;return _?x?(i=a[2]+a[3]+a[4],C=a[2].length+a[3].length):(i=a[2]+a[4],C=a[2].length):x?(i=a[3]+a[4],C=a[3].length):i=a[4],"file:"===u?C>=2&&(i=i.slice(2)):isSpecial(u)?i=a[4]:u?_&&(i=i.slice(2)):C>=2&&isSpecial(o.protocol)&&(i=a[4]),{protocol:u,slashes:_||isSpecial(u),slashesCount:C,rest:i}}function Url(s,o,i){if(s=(s=trimLeft(s)).replace(w,""),!(this instanceof Url))return new Url(s,o,i);var _,x,C,j,$,U,V=B.slice(),z=typeof o,Y=this,Z=0;for("object"!==z&&"string"!==z&&(i=o,o=null),i&&"function"!=typeof i&&(i=u.parse),_=!(x=extractProtocol(s||"",o=lolcation(o))).protocol&&!x.slashes,Y.slashes=x.slashes||_&&o.slashes,Y.protocol=x.protocol||o.protocol||"",s=x.rest,("file:"===x.protocol&&(2!==x.slashesCount||L.test(s))||!x.slashes&&(x.protocol||x.slashesCount<2||!isSpecial(Y.protocol)))&&(V[3]=[/(.*)/,"pathname"]);Z{var a=i(20426),u=i(49326);s.exports=function has(s,o){return null!=s&&u(s,o,a)}},61489:(s,o,i)=>{var a=i(17400);s.exports=function toInteger(s){var o=a(s),i=o%1;return o==o?i?o-i:o:0}},61626:(s,o,i)=>{"use strict";var a=i(39447),u=i(74284),_=i(75817);s.exports=a?function(s,o,i){return u.f(s,o,_(1,i))}:function(s,o,i){return s[o]=i,s}},61747:(s,o,i)=>{"use strict";var a=i(45951),u=i(92046);s.exports=function(s,o){var i=u[s+"Prototype"],_=i&&i[o];if(_)return _;var w=a[s],x=w&&w.prototype;return x&&x[o]}},61802:(s,o,i)=>{var a=i(62224),u=/[^.[\]]+|\[(?:(-?\d+(?:\.\d+)?)|(["'])((?:(?!\2)[^\\]|\\.)*?)\2)\]|(?=(?:\.|\[\])(?:\.|\[\]|$))/g,_=/\\(\\)?/g,w=a((function(s){var o=[];return 46===s.charCodeAt(0)&&o.push(""),s.replace(u,(function(s,i,a,u){o.push(a?u.replace(_,"$1"):i||s)})),o}));s.exports=w},62006:(s,o,i)=>{var a=i(15389),u=i(64894),_=i(95950);s.exports=function createFind(s){return function(o,i,w){var x=Object(o);if(!u(o)){var C=a(i,3);o=_(o),i=function(s){return C(x[s],s,x)}}var j=s(o,i,w);return j>-1?x[C?o[j]:j]:void 0}}},62060:s=>{var o=/\{(?:\n\/\* \[wrapped with .+\] \*\/)?\n?/;s.exports=function insertWrapDetails(s,i){var a=i.length;if(!a)return s;var u=a-1;return i[u]=(a>1?"& ":"")+i[u],i=i.join(a>2?", ":" "),s.replace(o,"{\n/* [wrapped with "+i+"] */\n")}},62193:(s,o,i)=>{var a=i(88984),u=i(5861),_=i(72428),w=i(56449),x=i(64894),C=i(3656),j=i(55527),L=i(37167),B=Object.prototype.hasOwnProperty;s.exports=function isEmpty(s){if(null==s)return!0;if(x(s)&&(w(s)||"string"==typeof s||"function"==typeof s.splice||C(s)||L(s)||_(s)))return!s.length;var o=u(s);if("[object Map]"==o||"[object Set]"==o)return!s.size;if(j(s))return!a(s).length;for(var i in s)if(B.call(s,i))return!1;return!0}},62224:(s,o,i)=>{var a=i(50104);s.exports=function memoizeCapped(s){var o=a(s,(function(s){return 500===i.size&&i.clear(),s})),i=o.cache;return o}},62250:s=>{"use strict";var o="object"==typeof document&&document.all;s.exports=void 0===o&&void 0!==o?function(s){return"function"==typeof s||s===o}:function(s){return"function"==typeof s}},62284:(s,o,i)=>{var a=i(84629),u=Object.prototype.hasOwnProperty;s.exports=function getFuncName(s){for(var o=s.name+"",i=a[o],_=u.call(a,o)?i.length:0;_--;){var w=i[_],x=w.func;if(null==x||x==s)return w.name}return o}},62416:(s,o,i)=>{"use strict";var a=i(85582);s.exports=a("document","documentElement")},62802:(s,o,i)=>{"use strict";s.exports=function SHA(o){var i=o.toLowerCase(),a=s.exports[i];if(!a)throw new Error(i+" is not supported (we accept pull requests)");return new a},s.exports.sha=i(27816),s.exports.sha1=i(63737),s.exports.sha224=i(26710),s.exports.sha256=i(24107),s.exports.sha384=i(32827),s.exports.sha512=i(82890)},63040:(s,o,i)=>{var a=i(21549),u=i(80079),_=i(68223);s.exports=function mapCacheClear(){this.size=0,this.__data__={hash:new a,map:new(_||u),string:new a}}},63345:s=>{s.exports=function stubArray(){return[]}},63560:(s,o,i)=>{var a=i(73170);s.exports=function set(s,o,i){return null==s?s:a(s,o,i)}},63600:(s,o,i)=>{"use strict";s.exports=PassThrough;var a=i(74610);function PassThrough(s){if(!(this instanceof PassThrough))return new PassThrough(s);a.call(this,s)}i(56698)(PassThrough,a),PassThrough.prototype._transform=function(s,o,i){i(null,s)}},63605:s=>{s.exports=function stackGet(s){return this.__data__.get(s)}},63702:s=>{s.exports=function listCacheClear(){this.__data__=[],this.size=0}},63737:(s,o,i)=>{"use strict";var a=i(56698),u=i(90392),_=i(92861).Buffer,w=[1518500249,1859775393,-1894007588,-899497514],x=new Array(80);function Sha1(){this.init(),this._w=x,u.call(this,64,56)}function rotl5(s){return s<<5|s>>>27}function rotl30(s){return s<<30|s>>>2}function ft(s,o,i,a){return 0===s?o&i|~o&a:2===s?o&i|o&a|i&a:o^i^a}a(Sha1,u),Sha1.prototype.init=function(){return this._a=1732584193,this._b=4023233417,this._c=2562383102,this._d=271733878,this._e=3285377520,this},Sha1.prototype._update=function(s){for(var o,i=this._w,a=0|this._a,u=0|this._b,_=0|this._c,x=0|this._d,C=0|this._e,j=0;j<16;++j)i[j]=s.readInt32BE(4*j);for(;j<80;++j)i[j]=(o=i[j-3]^i[j-8]^i[j-14]^i[j-16])<<1|o>>>31;for(var L=0;L<80;++L){var B=~~(L/20),$=rotl5(a)+ft(B,u,_,x)+C+i[L]+w[B]|0;C=x,x=_,_=rotl30(u),u=a,a=$}this._a=a+this._a|0,this._b=u+this._b|0,this._c=_+this._c|0,this._d=x+this._d|0,this._e=C+this._e|0},Sha1.prototype._hash=function(){var s=_.allocUnsafe(20);return s.writeInt32BE(0|this._a,0),s.writeInt32BE(0|this._b,4),s.writeInt32BE(0|this._c,8),s.writeInt32BE(0|this._d,12),s.writeInt32BE(0|this._e,16),s},s.exports=Sha1},63862:s=>{s.exports=function hashDelete(s){var o=this.has(s)&&delete this.__data__[s];return this.size-=o?1:0,o}},63912:(s,o,i)=>{var a=i(61074),u=i(49698),_=i(42054);s.exports=function stringToArray(s){return u(s)?_(s):a(s)}},63950:s=>{s.exports=function noop(){}},64039:(s,o,i)=>{"use strict";var a="undefined"!=typeof Symbol&&Symbol,u=i(41333);s.exports=function hasNativeSymbols(){return"function"==typeof a&&("function"==typeof Symbol&&("symbol"==typeof a("foo")&&("symbol"==typeof Symbol("bar")&&u())))}},64502:(s,o,i)=>{"use strict";i(82048)},64626:(s,o,i)=>{var a=i(66977);s.exports=function ary(s,o,i){return o=i?void 0:o,o=s&&null==o?s.length:o,a(s,128,void 0,void 0,void 0,void 0,o)}},64634:s=>{var o={}.toString;s.exports=Array.isArray||function(s){return"[object Array]"==o.call(s)}},64894:(s,o,i)=>{var a=i(1882),u=i(30294);s.exports=function isArrayLike(s){return null!=s&&u(s.length)&&!a(s)}},64932:(s,o,i)=>{"use strict";var a,u,_,w=i(40551),x=i(45951),C=i(46285),j=i(61626),L=i(49724),B=i(36128),$=i(92522),U=i(38530),V="Object already initialized",z=x.TypeError,Y=x.WeakMap;if(w||B.state){var Z=B.state||(B.state=new Y);Z.get=Z.get,Z.has=Z.has,Z.set=Z.set,a=function(s,o){if(Z.has(s))throw new z(V);return o.facade=s,Z.set(s,o),o},u=function(s){return Z.get(s)||{}},_=function(s){return Z.has(s)}}else{var ee=$("state");U[ee]=!0,a=function(s,o){if(L(s,ee))throw new z(V);return o.facade=s,j(s,ee,o),o},u=function(s){return L(s,ee)?s[ee]:{}},_=function(s){return L(s,ee)}}s.exports={set:a,get:u,has:_,enforce:function(s){return _(s)?u(s):a(s,{})},getterFor:function(s){return function(o){var i;if(!C(o)||(i=u(o)).type!==s)throw new z("Incompatible receiver, "+s+" required");return i}}}},65291:(s,o,i)=>{"use strict";var a=i(86048).F.ERR_INVALID_OPT_VALUE;s.exports={getHighWaterMark:function getHighWaterMark(s,o,i,u){var _=function highWaterMarkFrom(s,o,i){return null!=s.highWaterMark?s.highWaterMark:o?s[i]:null}(o,u,i);if(null!=_){if(!isFinite(_)||Math.floor(_)!==_||_<0)throw new a(u?i:"highWaterMark",_);return Math.floor(_)}return s.objectMode?16:16384}}},65482:(s,o,i)=>{"use strict";var a=i(41176);s.exports=function(s){var o=+s;return o!=o||0===o?0:a(o)}},65606:s=>{var o,i,a=s.exports={};function defaultSetTimout(){throw new Error("setTimeout has not been defined")}function defaultClearTimeout(){throw new Error("clearTimeout has not been defined")}function runTimeout(s){if(o===setTimeout)return setTimeout(s,0);if((o===defaultSetTimout||!o)&&setTimeout)return o=setTimeout,setTimeout(s,0);try{return o(s,0)}catch(i){try{return o.call(null,s,0)}catch(i){return o.call(this,s,0)}}}!function(){try{o="function"==typeof setTimeout?setTimeout:defaultSetTimout}catch(s){o=defaultSetTimout}try{i="function"==typeof clearTimeout?clearTimeout:defaultClearTimeout}catch(s){i=defaultClearTimeout}}();var u,_=[],w=!1,x=-1;function cleanUpNextTick(){w&&u&&(w=!1,u.length?_=u.concat(_):x=-1,_.length&&drainQueue())}function drainQueue(){if(!w){var s=runTimeout(cleanUpNextTick);w=!0;for(var o=_.length;o;){for(u=_,_=[];++x1)for(var i=1;i{s.exports=function json(s){const o={literal:"true false null"},i=[s.C_LINE_COMMENT_MODE,s.C_BLOCK_COMMENT_MODE],a=[s.QUOTE_STRING_MODE,s.C_NUMBER_MODE],u={end:",",endsWithParent:!0,excludeEnd:!0,contains:a,keywords:o},_={begin:/\{/,end:/\}/,contains:[{className:"attr",begin:/"/,end:/"/,contains:[s.BACKSLASH_ESCAPE],illegal:"\\n"},s.inherit(u,{begin:/:/})].concat(i),illegal:"\\S"},w={begin:"\\[",end:"\\]",contains:[s.inherit(u)],illegal:"\\S"};return a.push(_,w),i.forEach((function(s){a.push(s)})),{name:"JSON",contains:a,keywords:o,illegal:"\\S"}}},66645:(s,o,i)=>{var a=i(1733),u=i(45434),_=i(13222),w=i(22225);s.exports=function words(s,o,i){return s=_(s),void 0===(o=i?void 0:o)?u(s)?w(s):a(s):s.match(o)||[]}},66721:(s,o,i)=>{var a=i(81042),u=Object.prototype.hasOwnProperty;s.exports=function hashGet(s){var o=this.__data__;if(a){var i=o[s];return"__lodash_hash_undefined__"===i?void 0:i}return u.call(o,s)?o[s]:void 0}},66743:(s,o,i)=>{"use strict";var a=i(89353);s.exports=Function.prototype.bind||a},66977:(s,o,i)=>{var a=i(68882),u=i(11842),_=i(77078),w=i(37471),x=i(24168),C=i(37381),j=i(3209),L=i(54641),B=i(70981),$=i(61489),U=Math.max;s.exports=function createWrap(s,o,i,V,z,Y,Z,ee){var ie=2&o;if(!ie&&"function"!=typeof s)throw new TypeError("Expected a function");var ae=V?V.length:0;if(ae||(o&=-97,V=z=void 0),Z=void 0===Z?Z:U($(Z),0),ee=void 0===ee?ee:$(ee),ae-=z?z.length:0,64&o){var ce=V,le=z;V=z=void 0}var pe=ie?void 0:C(s),de=[s,o,i,V,z,ce,le,Y,Z,ee];if(pe&&j(de,pe),s=de[0],o=de[1],i=de[2],V=de[3],z=de[4],!(ee=de[9]=void 0===de[9]?ie?0:s.length:U(de[9]-ae,0))&&24&o&&(o&=-25),o&&1!=o)fe=8==o||16==o?_(s,o,ee):32!=o&&33!=o||z.length?w.apply(void 0,de):x(s,o,i,V);else var fe=u(s,o,i);return B((pe?a:L)(fe,de),s,o)}},67197:s=>{s.exports=function matchesStrictComparable(s,o){return function(i){return null!=i&&(i[s]===o&&(void 0!==o||s in Object(i)))}}},67526:(s,o)=>{"use strict";o.byteLength=function byteLength(s){var o=getLens(s),i=o[0],a=o[1];return 3*(i+a)/4-a},o.toByteArray=function toByteArray(s){var o,i,_=getLens(s),w=_[0],x=_[1],C=new u(function _byteLength(s,o,i){return 3*(o+i)/4-i}(0,w,x)),j=0,L=x>0?w-4:w;for(i=0;i>16&255,C[j++]=o>>8&255,C[j++]=255&o;2===x&&(o=a[s.charCodeAt(i)]<<2|a[s.charCodeAt(i+1)]>>4,C[j++]=255&o);1===x&&(o=a[s.charCodeAt(i)]<<10|a[s.charCodeAt(i+1)]<<4|a[s.charCodeAt(i+2)]>>2,C[j++]=o>>8&255,C[j++]=255&o);return C},o.fromByteArray=function fromByteArray(s){for(var o,a=s.length,u=a%3,_=[],w=16383,x=0,C=a-u;xC?C:x+w));1===u?(o=s[a-1],_.push(i[o>>2]+i[o<<4&63]+"==")):2===u&&(o=(s[a-2]<<8)+s[a-1],_.push(i[o>>10]+i[o>>4&63]+i[o<<2&63]+"="));return _.join("")};for(var i=[],a=[],u="undefined"!=typeof Uint8Array?Uint8Array:Array,_="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",w=0;w<64;++w)i[w]=_[w],a[_.charCodeAt(w)]=w;function getLens(s){var o=s.length;if(o%4>0)throw new Error("Invalid string. Length must be a multiple of 4");var i=s.indexOf("=");return-1===i&&(i=o),[i,i===o?0:4-i%4]}function encodeChunk(s,o,a){for(var u,_,w=[],x=o;x>18&63]+i[_>>12&63]+i[_>>6&63]+i[63&_]);return w.join("")}a["-".charCodeAt(0)]=62,a["_".charCodeAt(0)]=63},68002:s=>{"use strict";s.exports=Math.min},68055:(s,o,i)=>{"use strict";var a=i(61626);s.exports=function(s,o,i,u){return u&&u.enumerable?s[o]=i:a(s,o,i),s}},68090:s=>{s.exports=function last(s){var o=null==s?0:s.length;return o?s[o-1]:void 0}},68223:(s,o,i)=>{var a=i(56110)(i(9325),"Map");s.exports=a},68294:(s,o,i)=>{var a=i(23007),u=i(30361),_=Math.min;s.exports=function reorder(s,o){for(var i=s.length,w=_(o.length,i),x=a(s);w--;){var C=o[w];s[w]=u(C,i)?x[C]:void 0}return s}},68623:(s,o,i)=>{"use strict";var a=i(694);s.exports=a},68882:(s,o,i)=>{var a=i(83488),u=i(48152),_=u?function(s,o){return u.set(s,o),s}:a;s.exports=_},68969:(s,o,i)=>{var a=i(47422),u=i(25160);s.exports=function parent(s,o){return o.length<2?s:a(s,u(o,0,-1))}},69302:(s,o,i)=>{var a=i(83488),u=i(56757),_=i(32865);s.exports=function baseRest(s,o){return _(u(s,o,a),s+"")}},69383:s=>{"use strict";s.exports=Error},69600:s=>{"use strict";var o,i,a=Function.prototype.toString,u="object"==typeof Reflect&&null!==Reflect&&Reflect.apply;if("function"==typeof u&&"function"==typeof Object.defineProperty)try{o=Object.defineProperty({},"length",{get:function(){throw i}}),i={},u((function(){throw 42}),null,o)}catch(s){s!==i&&(u=null)}else u=null;var _=/^\s*class\b/,w=function isES6ClassFunction(s){try{var o=a.call(s);return _.test(o)}catch(s){return!1}},x=function tryFunctionToStr(s){try{return!w(s)&&(a.call(s),!0)}catch(s){return!1}},C=Object.prototype.toString,j="function"==typeof Symbol&&!!Symbol.toStringTag,L=!(0 in[,]),B=function isDocumentDotAll(){return!1};if("object"==typeof document){var $=document.all;C.call($)===C.call(document.all)&&(B=function isDocumentDotAll(s){if((L||!s)&&(void 0===s||"object"==typeof s))try{var o=C.call(s);return("[object HTMLAllCollection]"===o||"[object HTML document.all class]"===o||"[object HTMLCollection]"===o||"[object Object]"===o)&&null==s("")}catch(s){}return!1})}s.exports=u?function isCallable(s){if(B(s))return!0;if(!s)return!1;if("function"!=typeof s&&"object"!=typeof s)return!1;try{u(s,null,o)}catch(s){if(s!==i)return!1}return!w(s)&&x(s)}:function isCallable(s){if(B(s))return!0;if(!s)return!1;if("function"!=typeof s&&"object"!=typeof s)return!1;if(j)return x(s);if(w(s))return!1;var o=C.call(s);return!("[object Function]"!==o&&"[object GeneratorFunction]"!==o&&!/^\[object HTML/.test(o))&&x(s)}},69675:s=>{"use strict";s.exports=TypeError},69884:(s,o,i)=>{var a=i(21791),u=i(37241);s.exports=function toPlainObject(s){return a(s,u(s))}},69982:(s,o,i)=>{"use strict";s.exports=i(29844)},70080:(s,o,i)=>{var a=i(26025),u=Array.prototype.splice;s.exports=function listCacheDelete(s){var o=this.__data__,i=a(o,s);return!(i<0)&&(i==o.length-1?o.pop():u.call(o,i,1),--this.size,!0)}},70414:s=>{"use strict";s.exports=Math.round},70453:(s,o,i)=>{"use strict";var a,u=i(79612),_=i(69383),w=i(41237),x=i(79290),C=i(79538),j=i(58068),L=i(69675),B=i(35345),$=i(71514),U=i(58968),V=i(6188),z=i(68002),Y=i(75880),Z=i(70414),ee=i(73093),ie=Function,getEvalledConstructor=function(s){try{return ie('"use strict"; return ('+s+").constructor;")()}catch(s){}},ae=i(75795),ce=i(30655),throwTypeError=function(){throw new L},le=ae?function(){try{return throwTypeError}catch(s){try{return ae(arguments,"callee").get}catch(s){return throwTypeError}}}():throwTypeError,pe=i(64039)(),de=i(93628),fe=i(71064),ye=i(48648),be=i(11002),_e=i(10076),Se={},we="undefined"!=typeof Uint8Array&&de?de(Uint8Array):a,xe={__proto__:null,"%AggregateError%":"undefined"==typeof AggregateError?a:AggregateError,"%Array%":Array,"%ArrayBuffer%":"undefined"==typeof ArrayBuffer?a:ArrayBuffer,"%ArrayIteratorPrototype%":pe&&de?de([][Symbol.iterator]()):a,"%AsyncFromSyncIteratorPrototype%":a,"%AsyncFunction%":Se,"%AsyncGenerator%":Se,"%AsyncGeneratorFunction%":Se,"%AsyncIteratorPrototype%":Se,"%Atomics%":"undefined"==typeof Atomics?a:Atomics,"%BigInt%":"undefined"==typeof BigInt?a:BigInt,"%BigInt64Array%":"undefined"==typeof BigInt64Array?a:BigInt64Array,"%BigUint64Array%":"undefined"==typeof BigUint64Array?a:BigUint64Array,"%Boolean%":Boolean,"%DataView%":"undefined"==typeof DataView?a:DataView,"%Date%":Date,"%decodeURI%":decodeURI,"%decodeURIComponent%":decodeURIComponent,"%encodeURI%":encodeURI,"%encodeURIComponent%":encodeURIComponent,"%Error%":_,"%eval%":eval,"%EvalError%":w,"%Float32Array%":"undefined"==typeof Float32Array?a:Float32Array,"%Float64Array%":"undefined"==typeof Float64Array?a:Float64Array,"%FinalizationRegistry%":"undefined"==typeof FinalizationRegistry?a:FinalizationRegistry,"%Function%":ie,"%GeneratorFunction%":Se,"%Int8Array%":"undefined"==typeof Int8Array?a:Int8Array,"%Int16Array%":"undefined"==typeof Int16Array?a:Int16Array,"%Int32Array%":"undefined"==typeof Int32Array?a:Int32Array,"%isFinite%":isFinite,"%isNaN%":isNaN,"%IteratorPrototype%":pe&&de?de(de([][Symbol.iterator]())):a,"%JSON%":"object"==typeof JSON?JSON:a,"%Map%":"undefined"==typeof Map?a:Map,"%MapIteratorPrototype%":"undefined"!=typeof Map&&pe&&de?de((new Map)[Symbol.iterator]()):a,"%Math%":Math,"%Number%":Number,"%Object%":u,"%Object.getOwnPropertyDescriptor%":ae,"%parseFloat%":parseFloat,"%parseInt%":parseInt,"%Promise%":"undefined"==typeof Promise?a:Promise,"%Proxy%":"undefined"==typeof Proxy?a:Proxy,"%RangeError%":x,"%ReferenceError%":C,"%Reflect%":"undefined"==typeof Reflect?a:Reflect,"%RegExp%":RegExp,"%Set%":"undefined"==typeof Set?a:Set,"%SetIteratorPrototype%":"undefined"!=typeof Set&&pe&&de?de((new Set)[Symbol.iterator]()):a,"%SharedArrayBuffer%":"undefined"==typeof SharedArrayBuffer?a:SharedArrayBuffer,"%String%":String,"%StringIteratorPrototype%":pe&&de?de(""[Symbol.iterator]()):a,"%Symbol%":pe?Symbol:a,"%SyntaxError%":j,"%ThrowTypeError%":le,"%TypedArray%":we,"%TypeError%":L,"%Uint8Array%":"undefined"==typeof Uint8Array?a:Uint8Array,"%Uint8ClampedArray%":"undefined"==typeof Uint8ClampedArray?a:Uint8ClampedArray,"%Uint16Array%":"undefined"==typeof Uint16Array?a:Uint16Array,"%Uint32Array%":"undefined"==typeof Uint32Array?a:Uint32Array,"%URIError%":B,"%WeakMap%":"undefined"==typeof WeakMap?a:WeakMap,"%WeakRef%":"undefined"==typeof WeakRef?a:WeakRef,"%WeakSet%":"undefined"==typeof WeakSet?a:WeakSet,"%Function.prototype.call%":_e,"%Function.prototype.apply%":be,"%Object.defineProperty%":ce,"%Object.getPrototypeOf%":fe,"%Math.abs%":$,"%Math.floor%":U,"%Math.max%":V,"%Math.min%":z,"%Math.pow%":Y,"%Math.round%":Z,"%Math.sign%":ee,"%Reflect.getPrototypeOf%":ye};if(de)try{null.error}catch(s){var Pe=de(de(s));xe["%Error.prototype%"]=Pe}var Te=function doEval(s){var o;if("%AsyncFunction%"===s)o=getEvalledConstructor("async function () {}");else if("%GeneratorFunction%"===s)o=getEvalledConstructor("function* () {}");else if("%AsyncGeneratorFunction%"===s)o=getEvalledConstructor("async function* () {}");else if("%AsyncGenerator%"===s){var i=doEval("%AsyncGeneratorFunction%");i&&(o=i.prototype)}else if("%AsyncIteratorPrototype%"===s){var a=doEval("%AsyncGenerator%");a&&de&&(o=de(a.prototype))}return xe[s]=o,o},Re={__proto__:null,"%ArrayBufferPrototype%":["ArrayBuffer","prototype"],"%ArrayPrototype%":["Array","prototype"],"%ArrayProto_entries%":["Array","prototype","entries"],"%ArrayProto_forEach%":["Array","prototype","forEach"],"%ArrayProto_keys%":["Array","prototype","keys"],"%ArrayProto_values%":["Array","prototype","values"],"%AsyncFunctionPrototype%":["AsyncFunction","prototype"],"%AsyncGenerator%":["AsyncGeneratorFunction","prototype"],"%AsyncGeneratorPrototype%":["AsyncGeneratorFunction","prototype","prototype"],"%BooleanPrototype%":["Boolean","prototype"],"%DataViewPrototype%":["DataView","prototype"],"%DatePrototype%":["Date","prototype"],"%ErrorPrototype%":["Error","prototype"],"%EvalErrorPrototype%":["EvalError","prototype"],"%Float32ArrayPrototype%":["Float32Array","prototype"],"%Float64ArrayPrototype%":["Float64Array","prototype"],"%FunctionPrototype%":["Function","prototype"],"%Generator%":["GeneratorFunction","prototype"],"%GeneratorPrototype%":["GeneratorFunction","prototype","prototype"],"%Int8ArrayPrototype%":["Int8Array","prototype"],"%Int16ArrayPrototype%":["Int16Array","prototype"],"%Int32ArrayPrototype%":["Int32Array","prototype"],"%JSONParse%":["JSON","parse"],"%JSONStringify%":["JSON","stringify"],"%MapPrototype%":["Map","prototype"],"%NumberPrototype%":["Number","prototype"],"%ObjectPrototype%":["Object","prototype"],"%ObjProto_toString%":["Object","prototype","toString"],"%ObjProto_valueOf%":["Object","prototype","valueOf"],"%PromisePrototype%":["Promise","prototype"],"%PromiseProto_then%":["Promise","prototype","then"],"%Promise_all%":["Promise","all"],"%Promise_reject%":["Promise","reject"],"%Promise_resolve%":["Promise","resolve"],"%RangeErrorPrototype%":["RangeError","prototype"],"%ReferenceErrorPrototype%":["ReferenceError","prototype"],"%RegExpPrototype%":["RegExp","prototype"],"%SetPrototype%":["Set","prototype"],"%SharedArrayBufferPrototype%":["SharedArrayBuffer","prototype"],"%StringPrototype%":["String","prototype"],"%SymbolPrototype%":["Symbol","prototype"],"%SyntaxErrorPrototype%":["SyntaxError","prototype"],"%TypedArrayPrototype%":["TypedArray","prototype"],"%TypeErrorPrototype%":["TypeError","prototype"],"%Uint8ArrayPrototype%":["Uint8Array","prototype"],"%Uint8ClampedArrayPrototype%":["Uint8ClampedArray","prototype"],"%Uint16ArrayPrototype%":["Uint16Array","prototype"],"%Uint32ArrayPrototype%":["Uint32Array","prototype"],"%URIErrorPrototype%":["URIError","prototype"],"%WeakMapPrototype%":["WeakMap","prototype"],"%WeakSetPrototype%":["WeakSet","prototype"]},$e=i(66743),qe=i(9957),ze=$e.call(_e,Array.prototype.concat),We=$e.call(be,Array.prototype.splice),He=$e.call(_e,String.prototype.replace),Ye=$e.call(_e,String.prototype.slice),Xe=$e.call(_e,RegExp.prototype.exec),Qe=/[^%.[\]]+|\[(?:(-?\d+(?:\.\d+)?)|(["'])((?:(?!\2)[^\\]|\\.)*?)\2)\]|(?=(?:\.|\[\])(?:\.|\[\]|%$))/g,et=/\\(\\)?/g,tt=function getBaseIntrinsic(s,o){var i,a=s;if(qe(Re,a)&&(a="%"+(i=Re[a])[0]+"%"),qe(xe,a)){var u=xe[a];if(u===Se&&(u=Te(a)),void 0===u&&!o)throw new L("intrinsic "+s+" exists, but is not available. Please file an issue!");return{alias:i,name:a,value:u}}throw new j("intrinsic "+s+" does not exist!")};s.exports=function GetIntrinsic(s,o){if("string"!=typeof s||0===s.length)throw new L("intrinsic name must be a non-empty string");if(arguments.length>1&&"boolean"!=typeof o)throw new L('"allowMissing" argument must be a boolean');if(null===Xe(/^%?[^%]*%?$/,s))throw new j("`%` may not be present anywhere but at the beginning and end of the intrinsic name");var i=function stringToPath(s){var o=Ye(s,0,1),i=Ye(s,-1);if("%"===o&&"%"!==i)throw new j("invalid intrinsic syntax, expected closing `%`");if("%"===i&&"%"!==o)throw new j("invalid intrinsic syntax, expected opening `%`");var a=[];return He(s,Qe,(function(s,o,i,u){a[a.length]=i?He(u,et,"$1"):o||s})),a}(s),a=i.length>0?i[0]:"",u=tt("%"+a+"%",o),_=u.name,w=u.value,x=!1,C=u.alias;C&&(a=C[0],We(i,ze([0,1],C)));for(var B=1,$=!0;B=i.length){var Y=ae(w,U);w=($=!!Y)&&"get"in Y&&!("originalValue"in Y.get)?Y.get:w[U]}else $=qe(w,U),w=w[U];$&&!x&&(xe[_]=w)}}return w}},70470:(s,o,i)=>{"use strict";var a=i(46028),u=i(25594);s.exports=function(s){var o=a(s,"string");return u(o)?o:o+""}},70695:(s,o,i)=>{var a=i(78096),u=i(72428),_=i(56449),w=i(3656),x=i(30361),C=i(37167),j=Object.prototype.hasOwnProperty;s.exports=function arrayLikeKeys(s,o){var i=_(s),L=!i&&u(s),B=!i&&!L&&w(s),$=!i&&!L&&!B&&C(s),U=i||L||B||$,V=U?a(s.length,String):[],z=V.length;for(var Y in s)!o&&!j.call(s,Y)||U&&("length"==Y||B&&("offset"==Y||"parent"==Y)||$&&("buffer"==Y||"byteLength"==Y||"byteOffset"==Y)||x(Y,z))||V.push(Y);return V}},70981:(s,o,i)=>{var a=i(75251),u=i(62060),_=i(32865),w=i(75948);s.exports=function setWrapToString(s,o,i){var x=o+"";return _(s,u(x,w(a(x),i)))}},71064:(s,o,i)=>{"use strict";var a=i(79612);s.exports=a.getPrototypeOf||null},71167:(s,o,i)=>{const a=i(10316);s.exports=class StringElement extends a{constructor(s,o,i){super(s,o,i),this.element="string"}primitive(){return"string"}get length(){return this.content.length}}},71340:(s,o,i)=>{"use strict";var a=i(11091),u=i(29538);a({target:"Object",stat:!0,arity:2,forced:Object.assign!==u},{assign:u})},71514:s=>{"use strict";s.exports=Math.abs},71961:(s,o,i)=>{var a=i(49653);s.exports=function cloneTypedArray(s,o){var i=o?a(s.buffer):s.buffer;return new s.constructor(i,s.byteOffset,s.length)}},72428:(s,o,i)=>{var a=i(27534),u=i(40346),_=Object.prototype,w=_.hasOwnProperty,x=_.propertyIsEnumerable,C=a(function(){return arguments}())?a:function(s){return u(s)&&w.call(s,"callee")&&!x.call(s,"callee")};s.exports=C},72552:(s,o,i)=>{var a=i(51873),u=i(659),_=i(59350),w=a?a.toStringTag:void 0;s.exports=function baseGetTag(s){return null==s?void 0===s?"[object Undefined]":"[object Null]":w&&w in Object(s)?u(s):_(s)}},72903:(s,o,i)=>{var a=i(23805),u=i(55527),_=i(90181),w=Object.prototype.hasOwnProperty;s.exports=function baseKeysIn(s){if(!a(s))return _(s);var o=u(s),i=[];for(var x in s)("constructor"!=x||!o&&w.call(s,x))&&i.push(x);return i}},72949:(s,o,i)=>{var a=i(12651);s.exports=function mapCacheSet(s,o){var i=a(this,s),u=i.size;return i.set(s,o),this.size+=i.size==u?0:1,this}},73093:(s,o,i)=>{"use strict";var a=i(94459);s.exports=function sign(s){return a(s)||0===s?s:s<0?-1:1}},73126:(s,o,i)=>{"use strict";var a=i(66743),u=i(69675),_=i(10076),w=i(13144);s.exports=function callBindBasic(s){if(s.length<1||"function"!=typeof s[0])throw new u("a function is required");return w(a,_,s)}},73170:(s,o,i)=>{var a=i(16547),u=i(31769),_=i(30361),w=i(23805),x=i(77797);s.exports=function baseSet(s,o,i,C){if(!w(s))return s;for(var j=-1,L=(o=u(o,s)).length,B=L-1,$=s;null!=$&&++j{var o=/\w*$/;s.exports=function cloneRegExp(s){var i=new s.constructor(s.source,o.exec(s));return i.lastIndex=s.lastIndex,i}},73402:s=>{function concat(...s){return s.map((s=>function source(s){return s?"string"==typeof s?s:s.source:null}(s))).join("")}s.exports=function http(s){const o="HTTP/(2|1\\.[01])",i={className:"attribute",begin:concat("^",/[A-Za-z][A-Za-z0-9-]*/,"(?=\\:\\s)"),starts:{contains:[{className:"punctuation",begin:/: /,relevance:0,starts:{end:"$",relevance:0}}]}},a=[i,{begin:"\\n\\n",starts:{subLanguage:[],endsWithParent:!0}}];return{name:"HTTP",aliases:["https"],illegal:/\S/,contains:[{begin:"^(?="+o+" \\d{3})",end:/$/,contains:[{className:"meta",begin:o},{className:"number",begin:"\\b\\d{3}\\b"}],starts:{end:/\b\B/,illegal:/\S/,contains:a}},{begin:"(?=^[A-Z]+ (.*?) "+o+"$)",end:/$/,contains:[{className:"string",begin:" ",end:" ",excludeBegin:!0,excludeEnd:!0},{className:"meta",begin:o},{className:"keyword",begin:"[A-Z]+"}],starts:{end:/\b\B/,illegal:/\S/,contains:a}},s.inherit(i,{relevance:0})]}}},73424:(s,o,i)=>{var a=i(16962),u=i(2874),_=Array.prototype.push;function baseAry(s,o){return 2==o?function(o,i){return s(o,i)}:function(o){return s(o)}}function cloneArray(s){for(var o=s?s.length:0,i=Array(o);o--;)i[o]=s[o];return i}function wrapImmutable(s,o){return function(){var i=arguments.length;if(i){for(var a=Array(i);i--;)a[i]=arguments[i];var u=a[0]=o.apply(void 0,a);return s.apply(void 0,a),u}}}s.exports=function baseConvert(s,o,i,w){var x="function"==typeof o,C=o===Object(o);if(C&&(w=i,i=o,o=void 0),null==i)throw new TypeError;w||(w={});var j=!("cap"in w)||w.cap,L=!("curry"in w)||w.curry,B=!("fixed"in w)||w.fixed,$=!("immutable"in w)||w.immutable,U=!("rearg"in w)||w.rearg,V=x?i:u,z="curry"in w&&w.curry,Y="fixed"in w&&w.fixed,Z="rearg"in w&&w.rearg,ee=x?i.runInContext():void 0,ie=x?i:{ary:s.ary,assign:s.assign,clone:s.clone,curry:s.curry,forEach:s.forEach,isArray:s.isArray,isError:s.isError,isFunction:s.isFunction,isWeakMap:s.isWeakMap,iteratee:s.iteratee,keys:s.keys,rearg:s.rearg,toInteger:s.toInteger,toPath:s.toPath},ae=ie.ary,ce=ie.assign,le=ie.clone,pe=ie.curry,de=ie.forEach,fe=ie.isArray,ye=ie.isError,be=ie.isFunction,_e=ie.isWeakMap,Se=ie.keys,we=ie.rearg,xe=ie.toInteger,Pe=ie.toPath,Te=Se(a.aryMethod),Re={castArray:function(s){return function(){var o=arguments[0];return fe(o)?s(cloneArray(o)):s.apply(void 0,arguments)}},iteratee:function(s){return function(){var o=arguments[1],i=s(arguments[0],o),a=i.length;return j&&"number"==typeof o?(o=o>2?o-2:1,a&&a<=o?i:baseAry(i,o)):i}},mixin:function(s){return function(o){var i=this;if(!be(i))return s(i,Object(o));var a=[];return de(Se(o),(function(s){be(o[s])&&a.push([s,i.prototype[s]])})),s(i,Object(o)),de(a,(function(s){var o=s[1];be(o)?i.prototype[s[0]]=o:delete i.prototype[s[0]]})),i}},nthArg:function(s){return function(o){var i=o<0?1:xe(o)+1;return pe(s(o),i)}},rearg:function(s){return function(o,i){var a=i?i.length:0;return pe(s(o,i),a)}},runInContext:function(o){return function(i){return baseConvert(s,o(i),w)}}};function castCap(s,o){if(j){var i=a.iterateeRearg[s];if(i)return function iterateeRearg(s,o){return overArg(s,(function(s){var i=o.length;return function baseArity(s,o){return 2==o?function(o,i){return s.apply(void 0,arguments)}:function(o){return s.apply(void 0,arguments)}}(we(baseAry(s,i),o),i)}))}(o,i);var u=!x&&a.iterateeAry[s];if(u)return function iterateeAry(s,o){return overArg(s,(function(s){return"function"==typeof s?baseAry(s,o):s}))}(o,u)}return o}function castFixed(s,o,i){if(B&&(Y||!a.skipFixed[s])){var u=a.methodSpread[s],w=u&&u.start;return void 0===w?ae(o,i):function flatSpread(s,o){return function(){for(var i=arguments.length,a=i-1,u=Array(i);i--;)u[i]=arguments[i];var w=u[o],x=u.slice(0,o);return w&&_.apply(x,w),o!=a&&_.apply(x,u.slice(o+1)),s.apply(this,x)}}(o,w)}return o}function castRearg(s,o,i){return U&&i>1&&(Z||!a.skipRearg[s])?we(o,a.methodRearg[s]||a.aryRearg[i]):o}function cloneByPath(s,o){for(var i=-1,a=(o=Pe(o)).length,u=a-1,_=le(Object(s)),w=_;null!=w&&++i1?pe(o,i):o}(0,u=castCap(_,u),s),!1}})),!u})),u||(u=w),u==o&&(u=z?pe(u,1):function(){return o.apply(this,arguments)}),u.convert=createConverter(_,o),u.placeholder=o.placeholder=i,u}if(!C)return wrap(o,i,V);var $e=i,qe=[];return de(Te,(function(s){de(a.aryMethod[s],(function(s){var o=$e[a.remap[s]||s];o&&qe.push([s,wrap(s,o,$e)])}))})),de(Se($e),(function(s){var o=$e[s];if("function"==typeof o){for(var i=qe.length;i--;)if(qe[i][0]==s)return;o.convert=createConverter(s,o),qe.push([s,o])}})),de(qe,(function(s){$e[s[0]]=s[1]})),$e.convert=function convertLib(s){return $e.runInContext.convert(s)(void 0)},$e.placeholder=$e,de(Se($e),(function(s){de(a.realToAlias[s]||[],(function(o){$e[o]=$e[s]}))})),$e}},73448:(s,o,i)=>{"use strict";var a=i(73948),u=i(29367),_=i(87136),w=i(93742),x=i(76264)("iterator");s.exports=function(s){if(!_(s))return u(s,x)||u(s,"@@iterator")||w[a(s)]}},73648:(s,o,i)=>{"use strict";var a=i(39447),u=i(98828),_=i(49552);s.exports=!a&&!u((function(){return 7!==Object.defineProperty(_("div"),"a",{get:function(){return 7}}).a}))},73948:(s,o,i)=>{"use strict";var a=i(52623),u=i(62250),_=i(45807),w=i(76264)("toStringTag"),x=Object,C="Arguments"===_(function(){return arguments}());s.exports=a?_:function(s){var o,i,a;return void 0===s?"Undefined":null===s?"Null":"string"==typeof(i=function(s,o){try{return s[o]}catch(s){}}(o=x(s),w))?i:C?_(o):"Object"===(a=_(o))&&u(o.callee)?"Arguments":a}},73992:(s,o)=>{"use strict";var i=Object.prototype.hasOwnProperty;function decode(s){try{return decodeURIComponent(s.replace(/\+/g," "))}catch(s){return null}}function encode(s){try{return encodeURIComponent(s)}catch(s){return null}}o.stringify=function querystringify(s,o){o=o||"";var a,u,_=[];for(u in"string"!=typeof o&&(o="?"),s)if(i.call(s,u)){if((a=s[u])||null!=a&&!isNaN(a)||(a=""),u=encode(u),a=encode(a),null===u||null===a)continue;_.push(u+"="+a)}return _.length?o+_.join("&"):""},o.parse=function querystring(s){for(var o,i=/([^=?#&]+)=?([^&]*)/g,a={};o=i.exec(s);){var u=decode(o[1]),_=decode(o[2]);null===u||null===_||u in a||(a[u]=_)}return a}},74218:s=>{s.exports=function isKeyable(s){var o=typeof s;return"string"==o||"number"==o||"symbol"==o||"boolean"==o?"__proto__"!==s:null===s}},74239:(s,o,i)=>{"use strict";var a=i(87136),u=TypeError;s.exports=function(s){if(a(s))throw new u("Can't call method on "+s);return s}},74284:(s,o,i)=>{"use strict";var a=i(39447),u=i(73648),_=i(58661),w=i(36624),x=i(70470),C=TypeError,j=Object.defineProperty,L=Object.getOwnPropertyDescriptor,B="enumerable",$="configurable",U="writable";o.f=a?_?function defineProperty(s,o,i){if(w(s),o=x(o),w(i),"function"==typeof s&&"prototype"===o&&"value"in i&&U in i&&!i[U]){var a=L(s,o);a&&a[U]&&(s[o]=i.value,i={configurable:$ in i?i[$]:a[$],enumerable:B in i?i[B]:a[B],writable:!1})}return j(s,o,i)}:j:function defineProperty(s,o,i){if(w(s),o=x(o),w(i),u)try{return j(s,o,i)}catch(s){}if("get"in i||"set"in i)throw new C("Accessors not supported");return"value"in i&&(s[o]=i.value),s}},74335:s=>{s.exports=function overArg(s,o){return function(i){return s(o(i))}}},74372:(s,o,i)=>{"use strict";var a=i(69675),u=i(36556)("TypedArray.prototype.buffer",!0),_=i(35680);s.exports=u||function typedArrayBuffer(s){if(!_(s))throw new a("Not a Typed Array");return s.buffer}},74436:(s,o,i)=>{"use strict";var a=i(4993),u=i(34849),_=i(20575),createMethod=function(s){return function(o,i,w){var x=a(o),C=_(x);if(0===C)return!s&&-1;var j,L=u(w,C);if(s&&i!=i){for(;C>L;)if((j=x[L++])!=j)return!0}else for(;C>L;L++)if((s||L in x)&&x[L]===i)return s||L||0;return!s&&-1}};s.exports={includes:createMethod(!0),indexOf:createMethod(!1)}},74610:(s,o,i)=>{"use strict";s.exports=Transform;var a=i(86048).F,u=a.ERR_METHOD_NOT_IMPLEMENTED,_=a.ERR_MULTIPLE_CALLBACK,w=a.ERR_TRANSFORM_ALREADY_TRANSFORMING,x=a.ERR_TRANSFORM_WITH_LENGTH_0,C=i(25382);function afterTransform(s,o){var i=this._transformState;i.transforming=!1;var a=i.writecb;if(null===a)return this.emit("error",new _);i.writechunk=null,i.writecb=null,null!=o&&this.push(o),a(s);var u=this._readableState;u.reading=!1,(u.needReadable||u.length{var a=i(21791),u=i(95950);s.exports=function baseAssign(s,o){return s&&a(o,u(o),s)}},75147:(s,o,i)=>{const a=i(85105);s.exports=class JSON06Serialiser extends a{serialise(s){if(!(s instanceof this.namespace.elements.Element))throw new TypeError(`Given element \`${s}\` is not an Element instance`);let o;s._attributes&&s.attributes.get("variable")&&(o=s.attributes.get("variable"));const i={element:s.element};s._meta&&s._meta.length>0&&(i.meta=this.serialiseObject(s.meta));const a="enum"===s.element||-1!==s.attributes.keys().indexOf("enumerations");if(a){const o=this.enumSerialiseAttributes(s);o&&(i.attributes=o)}else if(s._attributes&&s._attributes.length>0){let{attributes:a}=s;a.get("metadata")&&(a=a.clone(),a.set("meta",a.get("metadata")),a.remove("metadata")),"member"===s.element&&o&&(a=a.clone(),a.remove("variable")),a.length>0&&(i.attributes=this.serialiseObject(a))}if(a)i.content=this.enumSerialiseContent(s,i);else if(this[`${s.element}SerialiseContent`])i.content=this[`${s.element}SerialiseContent`](s,i);else if(void 0!==s.content){let a;o&&s.content.key?(a=s.content.clone(),a.key.attributes.set("variable",o),a=this.serialiseContent(a)):a=this.serialiseContent(s.content),this.shouldSerialiseContent(s,a)&&(i.content=a)}else this.shouldSerialiseContent(s,s.content)&&s instanceof this.namespace.elements.Array&&(i.content=[]);return i}shouldSerialiseContent(s,o){return"parseResult"===s.element||"httpRequest"===s.element||"httpResponse"===s.element||"category"===s.element||"link"===s.element||void 0!==o&&(!Array.isArray(o)||0!==o.length)}refSerialiseContent(s,o){return delete o.attributes,{href:s.toValue(),path:s.path.toValue()}}sourceMapSerialiseContent(s){return s.toValue()}dataStructureSerialiseContent(s){return[this.serialiseContent(s.content)]}enumSerialiseAttributes(s){const o=s.attributes.clone(),i=o.remove("enumerations")||new this.namespace.elements.Array([]),a=o.get("default");let u=o.get("samples")||new this.namespace.elements.Array([]);if(a&&a.content&&(a.content.attributes&&a.content.attributes.remove("typeAttributes"),o.set("default",new this.namespace.elements.Array([a.content]))),u.forEach((s=>{s.content&&s.content.element&&s.content.attributes.remove("typeAttributes")})),s.content&&0!==i.length&&u.unshift(s.content),u=u.map((s=>s instanceof this.namespace.elements.Array?[s]:new this.namespace.elements.Array([s.content]))),u.length&&o.set("samples",u),o.length>0)return this.serialiseObject(o)}enumSerialiseContent(s){if(s._attributes){const o=s.attributes.get("enumerations");if(o&&o.length>0)return o.content.map((s=>{const o=s.clone();return o.attributes.remove("typeAttributes"),this.serialise(o)}))}if(s.content){const o=s.content.clone();return o.attributes.remove("typeAttributes"),[this.serialise(o)]}return[]}deserialise(s){if("string"==typeof s)return new this.namespace.elements.String(s);if("number"==typeof s)return new this.namespace.elements.Number(s);if("boolean"==typeof s)return new this.namespace.elements.Boolean(s);if(null===s)return new this.namespace.elements.Null;if(Array.isArray(s))return new this.namespace.elements.Array(s.map(this.deserialise,this));const o=this.namespace.getElementClass(s.element),i=new o;i.element!==s.element&&(i.element=s.element),s.meta&&this.deserialiseObject(s.meta,i.meta),s.attributes&&this.deserialiseObject(s.attributes,i.attributes);const a=this.deserialiseContent(s.content);if(void 0===a&&null!==i.content||(i.content=a),"enum"===i.element){i.content&&i.attributes.set("enumerations",i.content);let s=i.attributes.get("samples");if(i.attributes.remove("samples"),s){const a=s;s=new this.namespace.elements.Array,a.forEach((a=>{a.forEach((a=>{const u=new o(a);u.element=i.element,s.push(u)}))}));const u=s.shift();i.content=u?u.content:void 0,i.attributes.set("samples",s)}else i.content=void 0;let a=i.attributes.get("default");if(a&&a.length>0){a=a.get(0);const s=new o(a);s.element=i.element,i.attributes.set("default",s)}}else if("dataStructure"===i.element&&Array.isArray(i.content))[i.content]=i.content;else if("category"===i.element){const s=i.attributes.get("meta");s&&(i.attributes.set("metadata",s),i.attributes.remove("meta"))}else"member"===i.element&&i.key&&i.key._attributes&&i.key._attributes.getValue("variable")&&(i.attributes.set("variable",i.key.attributes.get("variable")),i.key.attributes.remove("variable"));return i}serialiseContent(s){if(s instanceof this.namespace.elements.Element)return this.serialise(s);if(s instanceof this.namespace.KeyValuePair){const o={key:this.serialise(s.key)};return s.value&&(o.value=this.serialise(s.value)),o}return s&&s.map?s.map(this.serialise,this):s}deserialiseContent(s){if(s){if(s.element)return this.deserialise(s);if(s.key){const o=new this.namespace.KeyValuePair(this.deserialise(s.key));return s.value&&(o.value=this.deserialise(s.value)),o}if(s.map)return s.map(this.deserialise,this)}return s}shouldRefract(s){return!!(s._attributes&&s.attributes.keys().length||s._meta&&s.meta.keys().length)||"enum"!==s.element&&(s.element!==s.primitive()||"member"===s.element)}convertKeyToRefract(s,o){return this.shouldRefract(o)?this.serialise(o):"enum"===o.element?this.serialiseEnum(o):"array"===o.element?o.map((o=>this.shouldRefract(o)||"default"===s?this.serialise(o):"array"===o.element||"object"===o.element||"enum"===o.element?o.children.map((s=>this.serialise(s))):o.toValue())):"object"===o.element?(o.content||[]).map(this.serialise,this):o.toValue()}serialiseEnum(s){return s.children.map((s=>this.serialise(s)))}serialiseObject(s){const o={};return s.forEach(((s,i)=>{if(s){const a=i.toValue();o[a]=this.convertKeyToRefract(a,s)}})),o}deserialiseObject(s,o){Object.keys(s).forEach((i=>{o.set(i,this.deserialise(s[i]))}))}}},75208:s=>{"use strict";var o,i="";s.exports=function repeat(s,a){if("string"!=typeof s)throw new TypeError("expected a string");if(1===a)return s;if(2===a)return s+s;var u=s.length*a;if(o!==s||void 0===o)o=s,i="";else if(i.length>=u)return i.substr(0,u);for(;u>i.length&&a>1;)1&a&&(i+=s),a>>=1,s+=s;return i=(i+=s).substr(0,u)}},75251:s=>{var o=/\{\n\/\* \[wrapped with (.+)\] \*/,i=/,? & /;s.exports=function getWrapDetails(s){var a=s.match(o);return a?a[1].split(i):[]}},75288:s=>{s.exports=function eq(s,o){return s===o||s!=s&&o!=o}},75795:(s,o,i)=>{"use strict";var a=i(6549);if(a)try{a([],"length")}catch(s){a=null}s.exports=a},75817:s=>{"use strict";s.exports=function(s,o){return{enumerable:!(1&s),configurable:!(2&s),writable:!(4&s),value:o}}},75880:s=>{"use strict";s.exports=Math.pow},75896:(s,o,i)=>{"use strict";var a=i(65606);function emitErrorAndCloseNT(s,o){emitErrorNT(s,o),emitCloseNT(s)}function emitCloseNT(s){s._writableState&&!s._writableState.emitClose||s._readableState&&!s._readableState.emitClose||s.emit("close")}function emitErrorNT(s,o){s.emit("error",o)}s.exports={destroy:function destroy(s,o){var i=this,u=this._readableState&&this._readableState.destroyed,_=this._writableState&&this._writableState.destroyed;return u||_?(o?o(s):s&&(this._writableState?this._writableState.errorEmitted||(this._writableState.errorEmitted=!0,a.nextTick(emitErrorNT,this,s)):a.nextTick(emitErrorNT,this,s)),this):(this._readableState&&(this._readableState.destroyed=!0),this._writableState&&(this._writableState.destroyed=!0),this._destroy(s||null,(function(s){!o&&s?i._writableState?i._writableState.errorEmitted?a.nextTick(emitCloseNT,i):(i._writableState.errorEmitted=!0,a.nextTick(emitErrorAndCloseNT,i,s)):a.nextTick(emitErrorAndCloseNT,i,s):o?(a.nextTick(emitCloseNT,i),o(s)):a.nextTick(emitCloseNT,i)})),this)},undestroy:function undestroy(){this._readableState&&(this._readableState.destroyed=!1,this._readableState.reading=!1,this._readableState.ended=!1,this._readableState.endEmitted=!1),this._writableState&&(this._writableState.destroyed=!1,this._writableState.ended=!1,this._writableState.ending=!1,this._writableState.finalCalled=!1,this._writableState.prefinished=!1,this._writableState.finished=!1,this._writableState.errorEmitted=!1)},errorOrDestroy:function errorOrDestroy(s,o){var i=s._readableState,a=s._writableState;i&&i.autoDestroy||a&&a.autoDestroy?s.destroy(o):s.emit("error",o)}}},75948:(s,o,i)=>{var a=i(83729),u=i(15325),_=[["ary",128],["bind",1],["bindKey",2],["curry",8],["curryRight",16],["flip",512],["partial",32],["partialRight",64],["rearg",256]];s.exports=function updateWrapDetails(s,o){return a(_,(function(i){var a="_."+i[0];o&i[1]&&!u(s,a)&&s.push(a)})),s.sort()}},76024:(s,o,i)=>{"use strict";var a=i(41505),u=Function.prototype,_=u.apply,w=u.call;s.exports="object"==typeof Reflect&&Reflect.apply||(a?w.bind(_):function(){return w.apply(_,arguments)})},76169:(s,o,i)=>{var a=i(49653);s.exports=function cloneDataView(s,o){var i=o?a(s.buffer):s.buffer;return new s.constructor(i,s.byteOffset,s.byteLength)}},76189:s=>{var o=Object.prototype.hasOwnProperty;s.exports=function initCloneArray(s){var i=s.length,a=new s.constructor(i);return i&&"string"==typeof s[0]&&o.call(s,"index")&&(a.index=s.index,a.input=s.input),a}},76264:(s,o,i)=>{"use strict";var a=i(45951),u=i(85816),_=i(49724),w=i(6499),x=i(19846),C=i(51175),j=a.Symbol,L=u("wks"),B=C?j.for||j:j&&j.withoutSetter||w;s.exports=function(s){return _(L,s)||(L[s]=x&&_(j,s)?j[s]:B("Symbol."+s)),L[s]}},76545:(s,o,i)=>{var a=i(56110)(i(9325),"Set");s.exports=a},76578:s=>{"use strict";s.exports=["Float16Array","Float32Array","Float64Array","Int8Array","Int16Array","Int32Array","Uint8Array","Uint8ClampedArray","Uint16Array","Uint32Array","BigInt64Array","BigUint64Array"]},76959:s=>{s.exports=function strictIndexOf(s,o,i){for(var a=i-1,u=s.length;++a{var a=i(91033),u=i(82819),_=i(37471),w=i(18073),x=i(11287),C=i(36306),j=i(9325);s.exports=function createCurry(s,o,i){var L=u(s);return function wrapper(){for(var u=arguments.length,B=Array(u),$=u,U=x(wrapper);$--;)B[$]=arguments[$];var V=u<3&&B[0]!==U&&B[u-1]!==U?[]:C(B,U);return(u-=V.length){var a=i(49653),u=i(76169),_=i(73201),w=i(93736),x=i(71961);s.exports=function initCloneByTag(s,o,i){var C=s.constructor;switch(o){case"[object ArrayBuffer]":return a(s);case"[object Boolean]":case"[object Date]":return new C(+s);case"[object DataView]":return u(s,i);case"[object Float32Array]":case"[object Float64Array]":case"[object Int8Array]":case"[object Int16Array]":case"[object Int32Array]":case"[object Uint8Array]":case"[object Uint8ClampedArray]":case"[object Uint16Array]":case"[object Uint32Array]":return x(s,i);case"[object Map]":case"[object Set]":return new C;case"[object Number]":case"[object String]":return new C(s);case"[object RegExp]":return _(s);case"[object Symbol]":return w(s)}}},77556:(s,o,i)=>{var a=i(51873),u=i(34932),_=i(56449),w=i(44394),x=a?a.prototype:void 0,C=x?x.toString:void 0;s.exports=function baseToString(s){if("string"==typeof s)return s;if(_(s))return u(s,baseToString)+"";if(w(s))return C?C.call(s):"";var o=s+"";return"0"==o&&1/s==-1/0?"-0":o}},77731:(s,o,i)=>{var a=i(79920)("set",i(63560));a.placeholder=i(2874),s.exports=a},77797:(s,o,i)=>{var a=i(44394);s.exports=function toKey(s){if("string"==typeof s||a(s))return s;var o=s+"";return"0"==o&&1/s==-1/0?"-0":o}},78004:s=>{"use strict";class SubRange{constructor(s,o){this.low=s,this.high=o,this.length=1+o-s}overlaps(s){return!(this.highs.high)}touches(s){return!(this.high+1s.high)}add(s){return new SubRange(Math.min(this.low,s.low),Math.max(this.high,s.high))}subtract(s){return s.low<=this.low&&s.high>=this.high?[]:s.low>this.low&&s.highs+o.length),0)}add(s,o){var _add=s=>{for(var o=0;o{for(var o=0;o{for(var o=0;o{for(var i=o.low;i<=o.high;)s.push(i),i++;return s}),[])}subranges(){return this.ranges.map((s=>({low:s.low,high:s.high,length:1+s.high-s.low})))}}s.exports=DRange},78096:s=>{s.exports=function baseTimes(s,o){for(var i=-1,a=Array(s);++i{"use strict";i(85160)},79192:(s,o,i)=>{"use strict";var a=i(51871),u=i(46285),_=i(74239),w=i(10043);s.exports=Object.setPrototypeOf||("__proto__"in{}?function(){var s,o=!1,i={};try{(s=a(Object.prototype,"__proto__","set"))(i,[]),o=i instanceof Array}catch(s){}return function setPrototypeOf(i,a){return _(i),w(a),u(i)?(o?s(i,a):i.__proto__=a,i):i}}():void 0)},79290:s=>{"use strict";s.exports=RangeError},79307:(s,o,i)=>{"use strict";var a=i(11091),u=i(44673);a({target:"Function",proto:!0,forced:Function.bind!==u},{bind:u})},79538:s=>{"use strict";s.exports=ReferenceError},79612:s=>{"use strict";s.exports=Object},79770:s=>{s.exports=function arrayFilter(s,o){for(var i=-1,a=null==s?0:s.length,u=0,_=[];++i{},79920:(s,o,i)=>{var a=i(73424),u=i(47934);s.exports=function convert(s,o,i){return a(u,s,o,i)}},80079:(s,o,i)=>{var a=i(63702),u=i(70080),_=i(24739),w=i(48655),x=i(31175);function ListCache(s){var o=-1,i=null==s?0:s.length;for(this.clear();++o{var a=i(13222);s.exports=function toLower(s){return a(s).toLowerCase()}},80257:(s,o,i)=>{var a=i(30980),u=i(56017),_=i(23007);s.exports=function wrapperClone(s){if(s instanceof a)return s.clone();var o=new u(s.__wrapped__,s.__chain__);return o.__actions__=_(s.__actions__),o.__index__=s.__index__,o.__values__=s.__values__,o}},80345:(s,o,i)=>{"use strict";function ownKeys(s,o){var i=Object.keys(s);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(s);o&&(a=a.filter((function(o){return Object.getOwnPropertyDescriptor(s,o).enumerable}))),i.push.apply(i,a)}return i}function _objectSpread(s){for(var o=1;o0?this.tail.next=o:this.head=o,this.tail=o,++this.length}},{key:"unshift",value:function unshift(s){var o={data:s,next:this.head};0===this.length&&(this.tail=o),this.head=o,++this.length}},{key:"shift",value:function shift(){if(0!==this.length){var s=this.head.data;return 1===this.length?this.head=this.tail=null:this.head=this.head.next,--this.length,s}}},{key:"clear",value:function clear(){this.head=this.tail=null,this.length=0}},{key:"join",value:function join(s){if(0===this.length)return"";for(var o=this.head,i=""+o.data;o=o.next;)i+=s+o.data;return i}},{key:"concat",value:function concat(s){if(0===this.length)return a.alloc(0);for(var o,i,u,_=a.allocUnsafe(s>>>0),w=this.head,x=0;w;)o=w.data,i=_,u=x,a.prototype.copy.call(o,i,u),x+=w.data.length,w=w.next;return _}},{key:"consume",value:function consume(s,o){var i;return su.length?u.length:s;if(_===u.length?a+=u:a+=u.slice(0,s),0===(s-=_)){_===u.length?(++i,o.next?this.head=o.next:this.head=this.tail=null):(this.head=o,o.data=u.slice(_));break}++i}return this.length-=i,a}},{key:"_getBuffer",value:function _getBuffer(s){var o=a.allocUnsafe(s),i=this.head,u=1;for(i.data.copy(o),s-=i.data.length;i=i.next;){var _=i.data,w=s>_.length?_.length:s;if(_.copy(o,o.length-s,0,w),0===(s-=w)){w===_.length?(++u,i.next?this.head=i.next:this.head=this.tail=null):(this.head=i,i.data=_.slice(w));break}++u}return this.length-=u,o}},{key:_,value:function value(s,o){return u(this,_objectSpread(_objectSpread({},o),{},{depth:0,customInspect:!1}))}}]),BufferList}()},80376:s=>{"use strict";s.exports=["constructor","hasOwnProperty","isPrototypeOf","propertyIsEnumerable","toLocaleString","toString","valueOf"]},80631:(s,o,i)=>{var a=i(28077),u=i(49326);s.exports=function hasIn(s,o){return null!=s&&u(s,o,a)}},80909:(s,o,i)=>{var a=i(30641),u=i(38329)(a);s.exports=u},80945:(s,o,i)=>{var a=i(80079),u=i(68223),_=i(53661);s.exports=function stackSet(s,o){var i=this.__data__;if(i instanceof a){var w=i.__data__;if(!u||w.length<199)return w.push([s,o]),this.size=++i.size,this;i=this.__data__=new _(w)}return i.set(s,o),this.size=i.size,this}},81042:(s,o,i)=>{var a=i(56110)(Object,"create");s.exports=a},81214:(s,o,i)=>{"use strict";function _typeof(s){return _typeof="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(s){return typeof s}:function(s){return s&&"function"==typeof Symbol&&s.constructor===Symbol&&s!==Symbol.prototype?"symbol":typeof s},_typeof(s)}Object.defineProperty(o,"__esModule",{value:!0}),o.DebounceInput=void 0;var a=_interopRequireDefault(i(96540)),u=_interopRequireDefault(i(20181)),_=["element","onChange","value","minLength","debounceTimeout","forceNotifyByEnter","forceNotifyOnBlur","onKeyDown","onBlur","inputRef"];function _interopRequireDefault(s){return s&&s.__esModule?s:{default:s}}function _objectWithoutProperties(s,o){if(null==s)return{};var i,a,u=function _objectWithoutPropertiesLoose(s,o){if(null==s)return{};var i,a,u={},_=Object.keys(s);for(a=0;a<_.length;a++)i=_[a],o.indexOf(i)>=0||(u[i]=s[i]);return u}(s,o);if(Object.getOwnPropertySymbols){var _=Object.getOwnPropertySymbols(s);for(a=0;a<_.length;a++)i=_[a],o.indexOf(i)>=0||Object.prototype.propertyIsEnumerable.call(s,i)&&(u[i]=s[i])}return u}function ownKeys(s,o){var i=Object.keys(s);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(s);o&&(a=a.filter((function(o){return Object.getOwnPropertyDescriptor(s,o).enumerable}))),i.push.apply(i,a)}return i}function _objectSpread(s){for(var o=1;o=a?i.notify(s):o.length>u.length&&i.notify(_objectSpread(_objectSpread({},s),{},{target:_objectSpread(_objectSpread({},s.target),{},{value:""})}))}))})),_defineProperty(_assertThisInitialized(i),"onKeyDown",(function(s){"Enter"===s.key&&i.forceNotify(s);var o=i.props.onKeyDown;o&&(s.persist(),o(s))})),_defineProperty(_assertThisInitialized(i),"onBlur",(function(s){i.forceNotify(s);var o=i.props.onBlur;o&&(s.persist(),o(s))})),_defineProperty(_assertThisInitialized(i),"createNotifier",(function(s){if(s<0)i.notify=function(){return null};else if(0===s)i.notify=i.doNotify;else{var o=(0,u.default)((function(s){i.isDebouncing=!1,i.doNotify(s)}),s);i.notify=function(s){i.isDebouncing=!0,o(s)},i.flush=function(){return o.flush()},i.cancel=function(){i.isDebouncing=!1,o.cancel()}}})),_defineProperty(_assertThisInitialized(i),"doNotify",(function(){i.props.onChange.apply(void 0,arguments)})),_defineProperty(_assertThisInitialized(i),"forceNotify",(function(s){var o=i.props.debounceTimeout;if(i.isDebouncing||!(o>0)){i.cancel&&i.cancel();var a=i.state.value,u=i.props.minLength;a.length>=u?i.doNotify(s):i.doNotify(_objectSpread(_objectSpread({},s),{},{target:_objectSpread(_objectSpread({},s.target),{},{value:a})}))}})),i.isDebouncing=!1,i.state={value:void 0===s.value||null===s.value?"":s.value};var a=i.props.debounceTimeout;return i.createNotifier(a),i}return function _createClass(s,o,i){return o&&_defineProperties(s.prototype,o),i&&_defineProperties(s,i),Object.defineProperty(s,"prototype",{writable:!1}),s}(DebounceInput,[{key:"componentDidUpdate",value:function componentDidUpdate(s){if(!this.isDebouncing){var o=this.props,i=o.value,a=o.debounceTimeout,u=s.debounceTimeout,_=s.value,w=this.state.value;void 0!==i&&_!==i&&w!==i&&this.setState({value:i}),a!==u&&this.createNotifier(a)}}},{key:"componentWillUnmount",value:function componentWillUnmount(){this.flush&&this.flush()}},{key:"render",value:function render(){var s,o,i=this.props,u=i.element,w=(i.onChange,i.value,i.minLength,i.debounceTimeout,i.forceNotifyByEnter),x=i.forceNotifyOnBlur,C=i.onKeyDown,j=i.onBlur,L=i.inputRef,B=_objectWithoutProperties(i,_),$=this.state.value;s=w?{onKeyDown:this.onKeyDown}:C?{onKeyDown:C}:{},o=x?{onBlur:this.onBlur}:j?{onBlur:j}:{};var U=L?{ref:L}:{};return a.default.createElement(u,_objectSpread(_objectSpread(_objectSpread(_objectSpread({},B),{},{onChange:this.onChange,value:$},s),o),U))}}]),DebounceInput}(a.default.PureComponent);o.DebounceInput=w,_defineProperty(w,"defaultProps",{element:"input",type:"text",onKeyDown:void 0,onBlur:void 0,value:void 0,minLength:0,debounceTimeout:100,forceNotifyByEnter:!0,forceNotifyOnBlur:!0,inputRef:void 0})},81919:(s,o,i)=>{"use strict";var a=i(48287).Buffer;function isSpecificValue(s){return s instanceof a||s instanceof Date||s instanceof RegExp}function cloneSpecificValue(s){if(s instanceof a){var o=a.alloc?a.alloc(s.length):new a(s.length);return s.copy(o),o}if(s instanceof Date)return new Date(s.getTime());if(s instanceof RegExp)return new RegExp(s);throw new Error("Unexpected situation")}function deepCloneArray(s){var o=[];return s.forEach((function(s,i){"object"==typeof s&&null!==s?Array.isArray(s)?o[i]=deepCloneArray(s):isSpecificValue(s)?o[i]=cloneSpecificValue(s):o[i]=u({},s):o[i]=s})),o}function safeGetProperty(s,o){return"__proto__"===o?void 0:s[o]}var u=s.exports=function(){if(arguments.length<1||"object"!=typeof arguments[0])return!1;if(arguments.length<2)return arguments[0];var s,o,i=arguments[0];return Array.prototype.slice.call(arguments,1).forEach((function(a){"object"!=typeof a||null===a||Array.isArray(a)||Object.keys(a).forEach((function(_){return o=safeGetProperty(i,_),(s=safeGetProperty(a,_))===i?void 0:"object"!=typeof s||null===s?void(i[_]=s):Array.isArray(s)?void(i[_]=deepCloneArray(s)):isSpecificValue(s)?void(i[_]=cloneSpecificValue(s)):"object"!=typeof o||null===o||Array.isArray(o)?void(i[_]=u({},s)):void(i[_]=u(o,s))}))})),i}},82048:(s,o,i)=>{"use strict";var a=i(11091),u=i(88280),_=i(15972),w=i(79192),x=i(19595),C=i(58075),j=i(61626),L=i(75817),B=i(39259),$=i(85884),U=i(24823),V=i(32096),z=i(76264)("toStringTag"),Y=Error,Z=[].push,ee=function AggregateError(s,o){var i,a=u(ie,this);w?i=w(new Y,a?_(this):ie):(i=a?this:C(ie),j(i,z,"Error")),void 0!==o&&j(i,"message",V(o)),$(i,ee,i.stack,1),arguments.length>2&&B(i,arguments[2]);var x=[];return U(s,Z,{that:x}),j(i,"errors",x),i};w?w(ee,Y):x(ee,Y,{name:!0});var ie=ee.prototype=C(Y.prototype,{constructor:L(1,ee),message:L(1,""),name:L(1,"AggregateError")});a({global:!0,constructor:!0,arity:2},{AggregateError:ee})},82159:(s,o,i)=>{"use strict";var a=i(62250),u=i(4640),_=TypeError;s.exports=function(s){if(a(s))return s;throw new _(u(s)+" is not a function")}},82199:(s,o,i)=>{var a=i(14528),u=i(56449);s.exports=function baseGetAllKeys(s,o,i){var _=o(s);return u(s)?_:a(_,i(s))}},82261:(s,o,i)=>{"use strict";Object.defineProperty(o,"__esModule",{value:!0});var a=_interopRequireDefault(i(9404)),u=_interopRequireDefault(i(48590));function _interopRequireDefault(s){return s&&s.__esModule?s:{default:s}}o.default=function(s,o,i){var _=Object.keys(o);if(!_.length)return"Store does not have a valid reducer. Make sure the argument passed to combineReducers is an object whose values are reducers.";var w=(0,u.default)(i);if(a.default.isImmutable?!a.default.isImmutable(s):!a.default.Iterable.isIterable(s))return"The "+w+' is of unexpected type. Expected argument to be an instance of Immutable.Collection or Immutable.Record with the following properties: "'+_.join('", "')+'".';var x=s.toSeq().keySeq().toArray().filter((function(s){return!o.hasOwnProperty(s)}));return x.length>0?"Unexpected "+(1===x.length?"property":"properties")+' "'+x.join('", "')+'" found in '+w+'. Expected to find one of the known reducer property names instead: "'+_.join('", "')+'". Unexpected properties will be ignored.':null},s.exports=o.default},82682:(s,o,i)=>{"use strict";var a=i(69600),u=Object.prototype.toString,_=Object.prototype.hasOwnProperty;s.exports=function forEach(s,o,i){if(!a(o))throw new TypeError("iterator must be a function");var w;arguments.length>=3&&(w=i),function isArray(s){return"[object Array]"===u.call(s)}(s)?function forEachArray(s,o,i){for(var a=0,u=s.length;a{var a=i(39344),u=i(23805);s.exports=function createCtor(s){return function(){var o=arguments;switch(o.length){case 0:return new s;case 1:return new s(o[0]);case 2:return new s(o[0],o[1]);case 3:return new s(o[0],o[1],o[2]);case 4:return new s(o[0],o[1],o[2],o[3]);case 5:return new s(o[0],o[1],o[2],o[3],o[4]);case 6:return new s(o[0],o[1],o[2],o[3],o[4],o[5]);case 7:return new s(o[0],o[1],o[2],o[3],o[4],o[5],o[6])}var i=a(s.prototype),_=s.apply(i,o);return u(_)?_:i}}},82890:(s,o,i)=>{"use strict";var a=i(56698),u=i(90392),_=i(92861).Buffer,w=[1116352408,3609767458,1899447441,602891725,3049323471,3964484399,3921009573,2173295548,961987163,4081628472,1508970993,3053834265,2453635748,2937671579,2870763221,3664609560,3624381080,2734883394,310598401,1164996542,607225278,1323610764,1426881987,3590304994,1925078388,4068182383,2162078206,991336113,2614888103,633803317,3248222580,3479774868,3835390401,2666613458,4022224774,944711139,264347078,2341262773,604807628,2007800933,770255983,1495990901,1249150122,1856431235,1555081692,3175218132,1996064986,2198950837,2554220882,3999719339,2821834349,766784016,2952996808,2566594879,3210313671,3203337956,3336571891,1034457026,3584528711,2466948901,113926993,3758326383,338241895,168717936,666307205,1188179964,773529912,1546045734,1294757372,1522805485,1396182291,2643833823,1695183700,2343527390,1986661051,1014477480,2177026350,1206759142,2456956037,344077627,2730485921,1290863460,2820302411,3158454273,3259730800,3505952657,3345764771,106217008,3516065817,3606008344,3600352804,1432725776,4094571909,1467031594,275423344,851169720,430227734,3100823752,506948616,1363258195,659060556,3750685593,883997877,3785050280,958139571,3318307427,1322822218,3812723403,1537002063,2003034995,1747873779,3602036899,1955562222,1575990012,2024104815,1125592928,2227730452,2716904306,2361852424,442776044,2428436474,593698344,2756734187,3733110249,3204031479,2999351573,3329325298,3815920427,3391569614,3928383900,3515267271,566280711,3940187606,3454069534,4118630271,4000239992,116418474,1914138554,174292421,2731055270,289380356,3203993006,460393269,320620315,685471733,587496836,852142971,1086792851,1017036298,365543100,1126000580,2618297676,1288033470,3409855158,1501505948,4234509866,1607167915,987167468,1816402316,1246189591],x=new Array(160);function Sha512(){this.init(),this._w=x,u.call(this,128,112)}function Ch(s,o,i){return i^s&(o^i)}function maj(s,o,i){return s&o|i&(s|o)}function sigma0(s,o){return(s>>>28|o<<4)^(o>>>2|s<<30)^(o>>>7|s<<25)}function sigma1(s,o){return(s>>>14|o<<18)^(s>>>18|o<<14)^(o>>>9|s<<23)}function Gamma0(s,o){return(s>>>1|o<<31)^(s>>>8|o<<24)^s>>>7}function Gamma0l(s,o){return(s>>>1|o<<31)^(s>>>8|o<<24)^(s>>>7|o<<25)}function Gamma1(s,o){return(s>>>19|o<<13)^(o>>>29|s<<3)^s>>>6}function Gamma1l(s,o){return(s>>>19|o<<13)^(o>>>29|s<<3)^(s>>>6|o<<26)}function getCarry(s,o){return s>>>0>>0?1:0}a(Sha512,u),Sha512.prototype.init=function(){return this._ah=1779033703,this._bh=3144134277,this._ch=1013904242,this._dh=2773480762,this._eh=1359893119,this._fh=2600822924,this._gh=528734635,this._hh=1541459225,this._al=4089235720,this._bl=2227873595,this._cl=4271175723,this._dl=1595750129,this._el=2917565137,this._fl=725511199,this._gl=4215389547,this._hl=327033209,this},Sha512.prototype._update=function(s){for(var o=this._w,i=0|this._ah,a=0|this._bh,u=0|this._ch,_=0|this._dh,x=0|this._eh,C=0|this._fh,j=0|this._gh,L=0|this._hh,B=0|this._al,$=0|this._bl,U=0|this._cl,V=0|this._dl,z=0|this._el,Y=0|this._fl,Z=0|this._gl,ee=0|this._hl,ie=0;ie<32;ie+=2)o[ie]=s.readInt32BE(4*ie),o[ie+1]=s.readInt32BE(4*ie+4);for(;ie<160;ie+=2){var ae=o[ie-30],ce=o[ie-30+1],le=Gamma0(ae,ce),pe=Gamma0l(ce,ae),de=Gamma1(ae=o[ie-4],ce=o[ie-4+1]),fe=Gamma1l(ce,ae),ye=o[ie-14],be=o[ie-14+1],_e=o[ie-32],Se=o[ie-32+1],we=pe+be|0,xe=le+ye+getCarry(we,pe)|0;xe=(xe=xe+de+getCarry(we=we+fe|0,fe)|0)+_e+getCarry(we=we+Se|0,Se)|0,o[ie]=xe,o[ie+1]=we}for(var Pe=0;Pe<160;Pe+=2){xe=o[Pe],we=o[Pe+1];var Te=maj(i,a,u),Re=maj(B,$,U),$e=sigma0(i,B),qe=sigma0(B,i),ze=sigma1(x,z),We=sigma1(z,x),He=w[Pe],Ye=w[Pe+1],Xe=Ch(x,C,j),Qe=Ch(z,Y,Z),et=ee+We|0,tt=L+ze+getCarry(et,ee)|0;tt=(tt=(tt=tt+Xe+getCarry(et=et+Qe|0,Qe)|0)+He+getCarry(et=et+Ye|0,Ye)|0)+xe+getCarry(et=et+we|0,we)|0;var rt=qe+Re|0,nt=$e+Te+getCarry(rt,qe)|0;L=j,ee=Z,j=C,Z=Y,C=x,Y=z,x=_+tt+getCarry(z=V+et|0,V)|0,_=u,V=U,u=a,U=$,a=i,$=B,i=tt+nt+getCarry(B=et+rt|0,et)|0}this._al=this._al+B|0,this._bl=this._bl+$|0,this._cl=this._cl+U|0,this._dl=this._dl+V|0,this._el=this._el+z|0,this._fl=this._fl+Y|0,this._gl=this._gl+Z|0,this._hl=this._hl+ee|0,this._ah=this._ah+i+getCarry(this._al,B)|0,this._bh=this._bh+a+getCarry(this._bl,$)|0,this._ch=this._ch+u+getCarry(this._cl,U)|0,this._dh=this._dh+_+getCarry(this._dl,V)|0,this._eh=this._eh+x+getCarry(this._el,z)|0,this._fh=this._fh+C+getCarry(this._fl,Y)|0,this._gh=this._gh+j+getCarry(this._gl,Z)|0,this._hh=this._hh+L+getCarry(this._hl,ee)|0},Sha512.prototype._hash=function(){var s=_.allocUnsafe(64);function writeInt64BE(o,i,a){s.writeInt32BE(o,a),s.writeInt32BE(i,a+4)}return writeInt64BE(this._ah,this._al,0),writeInt64BE(this._bh,this._bl,8),writeInt64BE(this._ch,this._cl,16),writeInt64BE(this._dh,this._dl,24),writeInt64BE(this._eh,this._el,32),writeInt64BE(this._fh,this._fl,40),writeInt64BE(this._gh,this._gl,48),writeInt64BE(this._hh,this._hl,56),s},s.exports=Sha512},83120:(s,o,i)=>{var a=i(14528),u=i(45891);s.exports=function baseFlatten(s,o,i,_,w){var x=-1,C=s.length;for(i||(i=u),w||(w=[]);++x0&&i(j)?o>1?baseFlatten(j,o-1,i,_,w):a(w,j):_||(w[w.length]=j)}return w}},83141:(s,o,i)=>{"use strict";var a=i(92861).Buffer,u=a.isEncoding||function(s){switch((s=""+s)&&s.toLowerCase()){case"hex":case"utf8":case"utf-8":case"ascii":case"binary":case"base64":case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":case"raw":return!0;default:return!1}};function StringDecoder(s){var o;switch(this.encoding=function normalizeEncoding(s){var o=function _normalizeEncoding(s){if(!s)return"utf8";for(var o;;)switch(s){case"utf8":case"utf-8":return"utf8";case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return"utf16le";case"latin1":case"binary":return"latin1";case"base64":case"ascii":case"hex":return s;default:if(o)return;s=(""+s).toLowerCase(),o=!0}}(s);if("string"!=typeof o&&(a.isEncoding===u||!u(s)))throw new Error("Unknown encoding: "+s);return o||s}(s),this.encoding){case"utf16le":this.text=utf16Text,this.end=utf16End,o=4;break;case"utf8":this.fillLast=utf8FillLast,o=4;break;case"base64":this.text=base64Text,this.end=base64End,o=3;break;default:return this.write=simpleWrite,void(this.end=simpleEnd)}this.lastNeed=0,this.lastTotal=0,this.lastChar=a.allocUnsafe(o)}function utf8CheckByte(s){return s<=127?0:s>>5==6?2:s>>4==14?3:s>>3==30?4:s>>6==2?-1:-2}function utf8FillLast(s){var o=this.lastTotal-this.lastNeed,i=function utf8CheckExtraBytes(s,o,i){if(128!=(192&o[0]))return s.lastNeed=0,"�";if(s.lastNeed>1&&o.length>1){if(128!=(192&o[1]))return s.lastNeed=1,"�";if(s.lastNeed>2&&o.length>2&&128!=(192&o[2]))return s.lastNeed=2,"�"}}(this,s);return void 0!==i?i:this.lastNeed<=s.length?(s.copy(this.lastChar,o,0,this.lastNeed),this.lastChar.toString(this.encoding,0,this.lastTotal)):(s.copy(this.lastChar,o,0,s.length),void(this.lastNeed-=s.length))}function utf16Text(s,o){if((s.length-o)%2==0){var i=s.toString("utf16le",o);if(i){var a=i.charCodeAt(i.length-1);if(a>=55296&&a<=56319)return this.lastNeed=2,this.lastTotal=4,this.lastChar[0]=s[s.length-2],this.lastChar[1]=s[s.length-1],i.slice(0,-1)}return i}return this.lastNeed=1,this.lastTotal=2,this.lastChar[0]=s[s.length-1],s.toString("utf16le",o,s.length-1)}function utf16End(s){var o=s&&s.length?this.write(s):"";if(this.lastNeed){var i=this.lastTotal-this.lastNeed;return o+this.lastChar.toString("utf16le",0,i)}return o}function base64Text(s,o){var i=(s.length-o)%3;return 0===i?s.toString("base64",o):(this.lastNeed=3-i,this.lastTotal=3,1===i?this.lastChar[0]=s[s.length-1]:(this.lastChar[0]=s[s.length-2],this.lastChar[1]=s[s.length-1]),s.toString("base64",o,s.length-i))}function base64End(s){var o=s&&s.length?this.write(s):"";return this.lastNeed?o+this.lastChar.toString("base64",0,3-this.lastNeed):o}function simpleWrite(s){return s.toString(this.encoding)}function simpleEnd(s){return s&&s.length?this.write(s):""}o.I=StringDecoder,StringDecoder.prototype.write=function(s){if(0===s.length)return"";var o,i;if(this.lastNeed){if(void 0===(o=this.fillLast(s)))return"";i=this.lastNeed,this.lastNeed=0}else i=0;return i=0)return u>0&&(s.lastNeed=u-1),u;if(--a=0)return u>0&&(s.lastNeed=u-2),u;if(--a=0)return u>0&&(2===u?u=0:s.lastNeed=u-3),u;return 0}(this,s,o);if(!this.lastNeed)return s.toString("utf8",o);this.lastTotal=i;var a=s.length-(i-this.lastNeed);return s.copy(this.lastChar,0,a),s.toString("utf8",o,a)},StringDecoder.prototype.fillLast=function(s){if(this.lastNeed<=s.length)return s.copy(this.lastChar,this.lastTotal-this.lastNeed,0,this.lastNeed),this.lastChar.toString(this.encoding,0,this.lastTotal);s.copy(this.lastChar,this.lastTotal-this.lastNeed,0,s.length),this.lastNeed-=s.length}},83221:s=>{s.exports=function createBaseFor(s){return function(o,i,a){for(var u=-1,_=Object(o),w=a(o),x=w.length;x--;){var C=w[s?x:++u];if(!1===i(_[C],C,_))break}return o}}},83349:(s,o,i)=>{var a=i(82199),u=i(86375),_=i(37241);s.exports=function getAllKeysIn(s){return a(s,_,u)}},83488:s=>{s.exports=function identity(s){return s}},83693:(s,o,i)=>{var a=i(64894),u=i(40346);s.exports=function isArrayLikeObject(s){return u(s)&&a(s)}},83729:s=>{s.exports=function arrayEach(s,o){for(var i=-1,a=null==s?0:s.length;++i{var a=i(14792),u=i(45539)((function(s,o,i){return o=o.toLowerCase(),s+(i?a(o):o)}));s.exports=u},84195:(s,o,i)=>{var a=i(66977),u=i(38816),_=u((function(s,o){return a(s,256,void 0,void 0,void 0,o)}));s.exports=_},84247:s=>{s.exports=function setToArray(s){var o=-1,i=Array(s.size);return s.forEach((function(s){i[++o]=s})),i}},84629:s=>{s.exports={}},84851:(s,o,i)=>{"use strict";s.exports=i(85401)},84977:(s,o,i)=>{"use strict";Object.defineProperty(o,"__esModule",{value:!0});var a=function _interopRequireDefault(s){return s&&s.__esModule?s:{default:s}}(i(9404)),u=i(55674);o.default=function(s){var o=arguments.length>1&&void 0!==arguments[1]?arguments[1]:a.default.Map,i=Object.keys(s);return function(){var a=arguments.length>0&&void 0!==arguments[0]?arguments[0]:o(),_=arguments[1];return a.withMutations((function(o){i.forEach((function(i){var a=(0,s[i])(o.get(i),_);(0,u.validateNextState)(a,i,_),o.set(i,a)}))}))}},s.exports=o.default},85015:(s,o,i)=>{var a=i(72552),u=i(56449),_=i(40346);s.exports=function isString(s){return"string"==typeof s||!u(s)&&_(s)&&"[object String]"==a(s)}},85087:(s,o,i)=>{var a=i(30980),u=i(37381),_=i(62284),w=i(53758);s.exports=function isLaziable(s){var o=_(s),i=w[o];if("function"!=typeof i||!(o in a.prototype))return!1;if(s===i)return!0;var x=u(i);return!!x&&s===x[0]}},85105:s=>{s.exports=class JSONSerialiser{constructor(s){this.namespace=s||new this.Namespace}serialise(s){if(!(s instanceof this.namespace.elements.Element))throw new TypeError(`Given element \`${s}\` is not an Element instance`);const o={element:s.element};s._meta&&s._meta.length>0&&(o.meta=this.serialiseObject(s.meta)),s._attributes&&s._attributes.length>0&&(o.attributes=this.serialiseObject(s.attributes));const i=this.serialiseContent(s.content);return void 0!==i&&(o.content=i),o}deserialise(s){if(!s.element)throw new Error("Given value is not an object containing an element name");const o=new(this.namespace.getElementClass(s.element));o.element!==s.element&&(o.element=s.element),s.meta&&this.deserialiseObject(s.meta,o.meta),s.attributes&&this.deserialiseObject(s.attributes,o.attributes);const i=this.deserialiseContent(s.content);return void 0===i&&null!==o.content||(o.content=i),o}serialiseContent(s){if(s instanceof this.namespace.elements.Element)return this.serialise(s);if(s instanceof this.namespace.KeyValuePair){const o={key:this.serialise(s.key)};return s.value&&(o.value=this.serialise(s.value)),o}if(s&&s.map){if(0===s.length)return;return s.map(this.serialise,this)}return s}deserialiseContent(s){if(s){if(s.element)return this.deserialise(s);if(s.key){const o=new this.namespace.KeyValuePair(this.deserialise(s.key));return s.value&&(o.value=this.deserialise(s.value)),o}if(s.map)return s.map(this.deserialise,this)}return s}serialiseObject(s){const o={};if(s.forEach(((s,i)=>{s&&(o[i.toValue()]=this.serialise(s))})),0!==Object.keys(o).length)return o}deserialiseObject(s,o){Object.keys(s).forEach((i=>{o.set(i,this.deserialise(s[i]))}))}}},85160:(s,o,i)=>{"use strict";var a=i(96540);var u="function"==typeof Object.is?Object.is:function is(s,o){return s===o&&(0!==s||1/s==1/o)||s!=s&&o!=o},_=a.useSyncExternalStore,w=a.useRef,x=a.useEffect,C=a.useMemo,j=a.useDebugValue},85250:(s,o,i)=>{var a=i(37217),u=i(87805),_=i(86649),w=i(42824),x=i(23805),C=i(37241),j=i(14974);s.exports=function baseMerge(s,o,i,L,B){s!==o&&_(o,(function(_,C){if(B||(B=new a),x(_))w(s,o,C,i,baseMerge,L,B);else{var $=L?L(j(s,C),_,C+"",s,o,B):void 0;void 0===$&&($=_),u(s,C,$)}}),C)}},85401:(s,o,i)=>{"use strict";var a=i(462);s.exports=a},85463:s=>{s.exports=function baseIsNaN(s){return s!=s}},85558:s=>{s.exports=function baseReduce(s,o,i,a,u){return u(s,(function(s,u,_){i=a?(a=!1,s):o(i,s,u,_)})),i}},85582:(s,o,i)=>{"use strict";var a=i(92046),u=i(45951),_=i(62250),aFunction=function(s){return _(s)?s:void 0};s.exports=function(s,o){return arguments.length<2?aFunction(a[s])||aFunction(u[s]):a[s]&&a[s][o]||u[s]&&u[s][o]}},85587:(s,o,i)=>{"use strict";var a=i(26311),u=create(Error);function create(s){return FormattedError.displayName=s.displayName||s.name,FormattedError;function FormattedError(o){return o&&(o=a.apply(null,arguments)),new s(o)}}s.exports=u,u.eval=create(EvalError),u.range=create(RangeError),u.reference=create(ReferenceError),u.syntax=create(SyntaxError),u.type=create(TypeError),u.uri=create(URIError),u.create=create},85762:(s,o,i)=>{"use strict";var a=i(1907),u=Error,_=a("".replace),w=String(new u("zxcasd").stack),x=/\n\s*at [^:]*:[^\n]*/,C=x.test(w);s.exports=function(s,o){if(C&&"string"==typeof s&&!u.prepareStackTrace)for(;o--;)s=_(s,x,"");return s}},85816:(s,o,i)=>{"use strict";var a=i(36128);s.exports=function(s,o){return a[s]||(a[s]=o||{})}},85884:(s,o,i)=>{"use strict";var a=i(61626),u=i(85762),_=i(23888),w=Error.captureStackTrace;s.exports=function(s,o,i,x){_&&(w?w(s,o):a(s,"stack",u(i,x)))}},86009:(s,o,i)=>{s=i.nmd(s);var a=i(34840),u=o&&!o.nodeType&&o,_=u&&s&&!s.nodeType&&s,w=_&&_.exports===u&&a.process,x=function(){try{var s=_&&_.require&&_.require("util").types;return s||w&&w.binding&&w.binding("util")}catch(s){}}();s.exports=x},86048:s=>{"use strict";var o={};function createErrorType(s,i,a){a||(a=Error);var u=function(s){function NodeError(o,a,u){return s.call(this,function getMessage(s,o,a){return"string"==typeof i?i:i(s,o,a)}(o,a,u))||this}return function _inheritsLoose(s,o){s.prototype=Object.create(o.prototype),s.prototype.constructor=s,s.__proto__=o}(NodeError,s),NodeError}(a);u.prototype.name=a.name,u.prototype.code=s,o[s]=u}function oneOf(s,o){if(Array.isArray(s)){var i=s.length;return s=s.map((function(s){return String(s)})),i>2?"one of ".concat(o," ").concat(s.slice(0,i-1).join(", "),", or ")+s[i-1]:2===i?"one of ".concat(o," ").concat(s[0]," or ").concat(s[1]):"of ".concat(o," ").concat(s[0])}return"of ".concat(o," ").concat(String(s))}createErrorType("ERR_INVALID_OPT_VALUE",(function(s,o){return'The value "'+o+'" is invalid for option "'+s+'"'}),TypeError),createErrorType("ERR_INVALID_ARG_TYPE",(function(s,o,i){var a,u;if("string"==typeof o&&function startsWith(s,o,i){return s.substr(!i||i<0?0:+i,o.length)===o}(o,"not ")?(a="must not be",o=o.replace(/^not /,"")):a="must be",function endsWith(s,o,i){return(void 0===i||i>s.length)&&(i=s.length),s.substring(i-o.length,i)===o}(s," argument"))u="The ".concat(s," ").concat(a," ").concat(oneOf(o,"type"));else{var _=function includes(s,o,i){return"number"!=typeof i&&(i=0),!(i+o.length>s.length)&&-1!==s.indexOf(o,i)}(s,".")?"property":"argument";u='The "'.concat(s,'" ').concat(_," ").concat(a," ").concat(oneOf(o,"type"))}return u+=". Received type ".concat(typeof i)}),TypeError),createErrorType("ERR_STREAM_PUSH_AFTER_EOF","stream.push() after EOF"),createErrorType("ERR_METHOD_NOT_IMPLEMENTED",(function(s){return"The "+s+" method is not implemented"})),createErrorType("ERR_STREAM_PREMATURE_CLOSE","Premature close"),createErrorType("ERR_STREAM_DESTROYED",(function(s){return"Cannot call "+s+" after a stream was destroyed"})),createErrorType("ERR_MULTIPLE_CALLBACK","Callback called multiple times"),createErrorType("ERR_STREAM_CANNOT_PIPE","Cannot pipe, not readable"),createErrorType("ERR_STREAM_WRITE_AFTER_END","write after end"),createErrorType("ERR_STREAM_NULL_VALUES","May not write null values to stream",TypeError),createErrorType("ERR_UNKNOWN_ENCODING",(function(s){return"Unknown encoding: "+s}),TypeError),createErrorType("ERR_STREAM_UNSHIFT_AFTER_END_EVENT","stream.unshift() after end event"),s.exports.F=o},86215:function(s,o){var i,a,u;a=[],i=function(){"use strict";var isNativeSmoothScrollEnabledOn=function(s){return s&&"getComputedStyle"in window&&"smooth"===window.getComputedStyle(s)["scroll-behavior"]};if("undefined"==typeof window||!("document"in window))return{};var makeScroller=function(s,o,i){var a;o=o||999,i||0===i||(i=9);var setScrollTimeoutId=function(s){a=s},stopScroll=function(){clearTimeout(a),setScrollTimeoutId(0)},getTopWithEdgeOffset=function(o){return Math.max(0,s.getTopOf(o)-i)},scrollToY=function(i,a,u){if(stopScroll(),0===a||a&&a<0||isNativeSmoothScrollEnabledOn(s.body))s.toY(i),u&&u();else{var _=s.getY(),w=Math.max(0,i)-_,x=(new Date).getTime();a=a||Math.min(Math.abs(w),o),function loopScroll(){setScrollTimeoutId(setTimeout((function(){var o=Math.min(1,((new Date).getTime()-x)/a),i=Math.max(0,Math.floor(_+w*(o<.5?2*o*o:o*(4-2*o)-1)));s.toY(i),o<1&&s.getHeight()+ix?scrollToElem(o,a,u):w+i>j?scrollToY(w-x+i,a,u):u&&u()},scrollToCenterOf=function(o,i,a,u){scrollToY(Math.max(0,s.getTopOf(o)-s.getHeight()/2+(a||o.getBoundingClientRect().height/2)),i,u)};return{setup:function(s,a){return(0===s||s)&&(o=s),(0===a||a)&&(i=a),{defaultDuration:o,edgeOffset:i}},to:scrollToElem,toY:scrollToY,intoView:scrollIntoView,center:scrollToCenterOf,stop:stopScroll,moving:function(){return!!a},getY:s.getY,getTopOf:s.getTopOf}},s=document.documentElement,getDocY=function(){return window.scrollY||s.scrollTop},o=makeScroller({body:document.scrollingElement||document.body,toY:function(s){window.scrollTo(0,s)},getY:getDocY,getHeight:function(){return window.innerHeight||s.clientHeight},getTopOf:function(o){return o.getBoundingClientRect().top+getDocY()-s.offsetTop}});if(o.createScroller=function(o,i,a){return makeScroller({body:o,toY:function(s){o.scrollTop=s},getY:function(){return o.scrollTop},getHeight:function(){return Math.min(o.clientHeight,window.innerHeight||s.clientHeight)},getTopOf:function(s){return s.offsetTop}},i,a)},"addEventListener"in window&&!window.noZensmooth&&!isNativeSmoothScrollEnabledOn(document.body)){var i="history"in window&&"pushState"in history,a=i&&"scrollRestoration"in history;a&&(history.scrollRestoration="auto"),window.addEventListener("load",(function(){a&&(setTimeout((function(){history.scrollRestoration="manual"}),9),window.addEventListener("popstate",(function(s){s.state&&"zenscrollY"in s.state&&o.toY(s.state.zenscrollY)}),!1)),window.location.hash&&setTimeout((function(){var s=o.setup().edgeOffset;if(s){var i=document.getElementById(window.location.href.split("#")[1]);if(i){var a=Math.max(0,o.getTopOf(i)-s),u=o.getY()-a;0<=u&&u<9&&window.scrollTo(0,a)}}}),9)}),!1);var u=new RegExp("(^|\\s)noZensmooth(\\s|$)");window.addEventListener("click",(function(s){for(var _=s.target;_&&"A"!==_.tagName;)_=_.parentNode;if(!(!_||1!==s.which||s.shiftKey||s.metaKey||s.ctrlKey||s.altKey)){if(a){var w=history.state&&"object"==typeof history.state?history.state:{};w.zenscrollY=o.getY();try{history.replaceState(w,"")}catch(s){}}var x=_.getAttribute("href")||"";if(0===x.indexOf("#")&&!u.test(_.className)){var C=0,j=document.getElementById(x.substring(1));if("#"!==x){if(!j)return;C=o.getTopOf(j)}s.preventDefault();var onDone=function(){window.location=x},L=o.setup().edgeOffset;L&&(C=Math.max(0,C-L),i&&(onDone=function(){history.pushState({},"",x)})),o.toY(C,null,onDone)}}}),!1)}return o}(),void 0===(u="function"==typeof i?i.apply(o,a):i)||(s.exports=u)},86238:(s,o,i)=>{"use strict";var a=i(86048).F.ERR_STREAM_PREMATURE_CLOSE;function noop(){}s.exports=function eos(s,o,i){if("function"==typeof o)return eos(s,null,o);o||(o={}),i=function once(s){var o=!1;return function(){if(!o){o=!0;for(var i=arguments.length,a=new Array(i),u=0;u{const a=i(10316);s.exports=class LinkElement extends a{constructor(s,o,i){super(s||[],o,i),this.element="link"}get relation(){return this.attributes.get("relation")}set relation(s){this.attributes.set("relation",s)}get href(){return this.attributes.get("href")}set href(s){this.attributes.set("href",s)}}},86375:(s,o,i)=>{var a=i(14528),u=i(28879),_=i(4664),w=i(63345),x=Object.getOwnPropertySymbols?function(s){for(var o=[];s;)a(o,_(s)),s=u(s);return o}:w;s.exports=x},86649:(s,o,i)=>{var a=i(83221)();s.exports=a},86804:(s,o,i)=>{const a=i(10316),u=i(41067),_=i(71167),w=i(40239),x=i(12242),C=i(6233),j=i(87726),L=i(61045),B=i(86303),$=i(14540),U=i(92340),V=i(10866),z=i(55973);function refract(s){if(s instanceof a)return s;if("string"==typeof s)return new _(s);if("number"==typeof s)return new w(s);if("boolean"==typeof s)return new x(s);if(null===s)return new u;if(Array.isArray(s))return new C(s.map(refract));if("object"==typeof s){return new L(s)}return s}a.prototype.ObjectElement=L,a.prototype.RefElement=$,a.prototype.MemberElement=j,a.prototype.refract=refract,U.prototype.refract=refract,s.exports={Element:a,NullElement:u,StringElement:_,NumberElement:w,BooleanElement:x,ArrayElement:C,MemberElement:j,ObjectElement:L,LinkElement:B,RefElement:$,refract,ArraySlice:U,ObjectSlice:V,KeyValuePair:z}},87068:(s,o,i)=>{var a=i(37217),u=i(25911),_=i(21986),w=i(50689),x=i(5861),C=i(56449),j=i(3656),L=i(37167),B="[object Arguments]",$="[object Array]",U="[object Object]",V=Object.prototype.hasOwnProperty;s.exports=function baseIsEqualDeep(s,o,i,z,Y,Z){var ee=C(s),ie=C(o),ae=ee?$:x(s),ce=ie?$:x(o),le=(ae=ae==B?U:ae)==U,pe=(ce=ce==B?U:ce)==U,de=ae==ce;if(de&&j(s)){if(!j(o))return!1;ee=!0,le=!1}if(de&&!le)return Z||(Z=new a),ee||L(s)?u(s,o,i,z,Y,Z):_(s,o,ae,i,z,Y,Z);if(!(1&i)){var fe=le&&V.call(s,"__wrapped__"),ye=pe&&V.call(o,"__wrapped__");if(fe||ye){var be=fe?s.value():s,_e=ye?o.value():o;return Z||(Z=new a),Y(be,_e,i,z,Z)}}return!!de&&(Z||(Z=new a),w(s,o,i,z,Y,Z))}},87136:s=>{"use strict";s.exports=function(s){return null==s}},87170:(s,o)=>{"use strict";o.f=Object.getOwnPropertySymbols},87296:(s,o,i)=>{var a,u=i(55481),_=(a=/[^.]+$/.exec(u&&u.keys&&u.keys.IE_PROTO||""))?"Symbol(src)_1."+a:"";s.exports=function isMasked(s){return!!_&&_ in s}},87586:(s,o,i)=>{const a=i(6205),u=i(10023),_={0:0,t:9,n:10,v:11,f:12,r:13};o.strToChars=function(s){return s=s.replace(/(\[\\b\])|(\\)?\\(?:u([A-F0-9]{4})|x([A-F0-9]{2})|(0?[0-7]{2})|c([@A-Z[\\\]^?])|([0tnvfr]))/g,(function(s,o,i,a,u,w,x,C){if(i)return s;var j=o?8:a?parseInt(a,16):u?parseInt(u,16):w?parseInt(w,8):x?"@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^ ?".indexOf(x):_[C],L=String.fromCharCode(j);return/[[\]{}^$.|?*+()]/.test(L)&&(L="\\"+L),L}))},o.tokenizeClass=(s,i)=>{for(var _,w,x=[],C=/\\(?:(w)|(d)|(s)|(W)|(D)|(S))|((?:(?:\\)(.)|([^\]\\]))-(?:\\)?([^\]]))|(\])|(?:\\)?([^])/g;null!=(_=C.exec(s));)if(_[1])x.push(u.words());else if(_[2])x.push(u.ints());else if(_[3])x.push(u.whitespace());else if(_[4])x.push(u.notWords());else if(_[5])x.push(u.notInts());else if(_[6])x.push(u.notWhitespace());else if(_[7])x.push({type:a.RANGE,from:(_[8]||_[9]).charCodeAt(0),to:_[10].charCodeAt(0)});else{if(!(w=_[12]))return[x,C.lastIndex];x.push({type:a.CHAR,value:w.charCodeAt(0)})}o.error(i,"Unterminated character class")},o.error=(s,o)=>{throw new SyntaxError("Invalid regular expression: /"+s+"/: "+o)}},87726:(s,o,i)=>{const a=i(55973),u=i(10316);s.exports=class MemberElement extends u{constructor(s,o,i,u){super(new a,i,u),this.element="member",this.key=s,this.value=o}get key(){return this.content.key}set key(s){this.content.key=this.refract(s)}get value(){return this.content.value}set value(s){this.content.value=this.refract(s)}}},87730:(s,o,i)=>{var a=i(29172),u=i(27301),_=i(86009),w=_&&_.isMap,x=w?u(w):a;s.exports=x},87805:(s,o,i)=>{var a=i(43360),u=i(75288);s.exports=function assignMergeValue(s,o,i){(void 0!==i&&!u(s[o],i)||void 0===i&&!(o in s))&&a(s,o,i)}},87978:(s,o,i)=>{var a=i(60270),u=i(58156),_=i(80631),w=i(28586),x=i(30756),C=i(67197),j=i(77797);s.exports=function baseMatchesProperty(s,o){return w(s)&&x(o)?C(j(s),o):function(i){var w=u(i,s);return void 0===w&&w===o?_(i,s):a(o,w,3)}}},88280:(s,o,i)=>{"use strict";var a=i(1907);s.exports=a({}.isPrototypeOf)},88310:(s,o,i)=>{s.exports=Stream;var a=i(37007).EventEmitter;function Stream(){a.call(this)}i(56698)(Stream,a),Stream.Readable=i(45412),Stream.Writable=i(16708),Stream.Duplex=i(25382),Stream.Transform=i(74610),Stream.PassThrough=i(63600),Stream.finished=i(86238),Stream.pipeline=i(57758),Stream.Stream=Stream,Stream.prototype.pipe=function(s,o){var i=this;function ondata(o){s.writable&&!1===s.write(o)&&i.pause&&i.pause()}function ondrain(){i.readable&&i.resume&&i.resume()}i.on("data",ondata),s.on("drain",ondrain),s._isStdio||o&&!1===o.end||(i.on("end",onend),i.on("close",onclose));var u=!1;function onend(){u||(u=!0,s.end())}function onclose(){u||(u=!0,"function"==typeof s.destroy&&s.destroy())}function onerror(s){if(cleanup(),0===a.listenerCount(this,"error"))throw s}function cleanup(){i.removeListener("data",ondata),s.removeListener("drain",ondrain),i.removeListener("end",onend),i.removeListener("close",onclose),i.removeListener("error",onerror),s.removeListener("error",onerror),i.removeListener("end",cleanup),i.removeListener("close",cleanup),s.removeListener("close",cleanup)}return i.on("error",onerror),s.on("error",onerror),i.on("end",cleanup),i.on("close",cleanup),s.on("close",cleanup),s.emit("pipe",i),s}},88984:(s,o,i)=>{var a=i(55527),u=i(3650),_=Object.prototype.hasOwnProperty;s.exports=function baseKeys(s){if(!a(s))return u(s);var o=[];for(var i in Object(s))_.call(s,i)&&"constructor"!=i&&o.push(i);return o}},89353:s=>{"use strict";var o=Object.prototype.toString,i=Math.max,a=function concatty(s,o){for(var i=[],a=0;a{"use strict";o.H=void 0;var a=function _interopRequireDefault(s){return s&&s.__esModule?s:{default:s}}(i(84977));o.H=a.default},89935:s=>{s.exports=function stubFalse(){return!1}},90160:(s,o,i)=>{"use strict";var a=i(73948),u=String;s.exports=function(s){if("Symbol"===a(s))throw new TypeError("Cannot convert a Symbol value to a string");return u(s)}},90179:(s,o,i)=>{var a=i(34932),u=i(9999),_=i(19931),w=i(31769),x=i(21791),C=i(53138),j=i(38816),L=i(83349),B=j((function(s,o){var i={};if(null==s)return i;var j=!1;o=a(o,(function(o){return o=w(o,s),j||(j=o.length>1),o})),x(s,L(s),i),j&&(i=u(i,7,C));for(var B=o.length;B--;)_(i,o[B]);return i}));s.exports=B},90181:s=>{s.exports=function nativeKeysIn(s){var o=[];if(null!=s)for(var i in Object(s))o.push(i);return o}},90289:(s,o,i)=>{var a=i(12651);s.exports=function mapCacheGet(s){return a(this,s).get(s)}},90392:(s,o,i)=>{"use strict";var a=i(92861).Buffer,u=i(15377);function Hash(s,o){this._block=a.alloc(s),this._finalSize=o,this._blockSize=s,this._len=0}Hash.prototype.update=function(s,o){s=u(s,o||"utf8");for(var i=this._block,a=this._blockSize,_=s.length,w=this._len,x=0;x<_;){for(var C=w%a,j=Math.min(_-x,a-C),L=0;L=this._finalSize&&(this._update(this._block),this._block.fill(0));var i=8*this._len;if(i<=4294967295)this._block.writeUInt32BE(i,this._blockSize-4);else{var a=(4294967295&i)>>>0,u=(i-a)/4294967296;this._block.writeUInt32BE(u,this._blockSize-8),this._block.writeUInt32BE(a,this._blockSize-4)}this._update(this._block);var _=this._hash();return s?_.toString(s):_},Hash.prototype._update=function(){throw new Error("_update must be implemented by subclass")},s.exports=Hash},90916:(s,o,i)=>{var a=i(80909);s.exports=function baseSome(s,o){var i;return a(s,(function(s,a,u){return!(i=o(s,a,u))})),!!i}},90938:s=>{s.exports=function stackDelete(s){var o=this.__data__,i=o.delete(s);return this.size=o.size,i}},91033:s=>{s.exports=function apply(s,o,i){switch(i.length){case 0:return s.call(o);case 1:return s.call(o,i[0]);case 2:return s.call(o,i[0],i[1]);case 3:return s.call(o,i[0],i[1],i[2])}return s.apply(o,i)}},91596:s=>{var o=Math.max;s.exports=function composeArgs(s,i,a,u){for(var _=-1,w=s.length,x=a.length,C=-1,j=i.length,L=o(w-x,0),B=Array(j+L),$=!u;++C{"use strict";i(64502)},92046:s=>{"use strict";s.exports={}},92063:s=>{"use strict";s.exports=function required(s,o){if(o=o.split(":")[0],!(s=+s))return!1;switch(o){case"http":case"ws":return 80!==s;case"https":case"wss":return 443!==s;case"ftp":return 21!==s;case"gopher":return 70!==s;case"file":return!1}return 0!==s}},92271:(s,o,i)=>{var a=i(21791),u=i(4664);s.exports=function copySymbols(s,o){return a(s,u(s),o)}},92340:(s,o,i)=>{const a=i(6048);function coerceElementMatchingCallback(s){return"string"==typeof s?o=>o.element===s:s.constructor&&s.extend?o=>o instanceof s:s}class ArraySlice{constructor(s){this.elements=s||[]}toValue(){return this.elements.map((s=>s.toValue()))}map(s,o){return this.elements.map(s,o)}flatMap(s,o){return this.map(s,o).reduce(((s,o)=>s.concat(o)),[])}compactMap(s,o){const i=[];return this.forEach((a=>{const u=s.bind(o)(a);u&&i.push(u)})),i}filter(s,o){return s=coerceElementMatchingCallback(s),new ArraySlice(this.elements.filter(s,o))}reject(s,o){return s=coerceElementMatchingCallback(s),new ArraySlice(this.elements.filter(a(s),o))}find(s,o){return s=coerceElementMatchingCallback(s),this.elements.find(s,o)}forEach(s,o){this.elements.forEach(s,o)}reduce(s,o){return this.elements.reduce(s,o)}includes(s){return this.elements.some((o=>o.equals(s)))}shift(){return this.elements.shift()}unshift(s){this.elements.unshift(this.refract(s))}push(s){return this.elements.push(this.refract(s)),this}add(s){this.push(s)}get(s){return this.elements[s]}getValue(s){const o=this.elements[s];if(o)return o.toValue()}get length(){return this.elements.length}get isEmpty(){return 0===this.elements.length}get first(){return this.elements[0]}}"undefined"!=typeof Symbol&&(ArraySlice.prototype[Symbol.iterator]=function symbol(){return this.elements[Symbol.iterator]()}),s.exports=ArraySlice},92361:(s,o,i)=>{"use strict";var a=i(45807),u=i(1907);s.exports=function(s){if("Function"===a(s))return u(s)}},92522:(s,o,i)=>{"use strict";var a=i(85816),u=i(6499),_=a("keys");s.exports=function(s){return _[s]||(_[s]=u(s))}},92861:(s,o,i)=>{var a=i(48287),u=a.Buffer;function copyProps(s,o){for(var i in s)o[i]=s[i]}function SafeBuffer(s,o,i){return u(s,o,i)}u.from&&u.alloc&&u.allocUnsafe&&u.allocUnsafeSlow?s.exports=a:(copyProps(a,o),o.Buffer=SafeBuffer),SafeBuffer.prototype=Object.create(u.prototype),copyProps(u,SafeBuffer),SafeBuffer.from=function(s,o,i){if("number"==typeof s)throw new TypeError("Argument must not be a number");return u(s,o,i)},SafeBuffer.alloc=function(s,o,i){if("number"!=typeof s)throw new TypeError("Argument must be a number");var a=u(s);return void 0!==o?"string"==typeof i?a.fill(o,i):a.fill(o):a.fill(0),a},SafeBuffer.allocUnsafe=function(s){if("number"!=typeof s)throw new TypeError("Argument must be a number");return u(s)},SafeBuffer.allocUnsafeSlow=function(s){if("number"!=typeof s)throw new TypeError("Argument must be a number");return a.SlowBuffer(s)}},93243:(s,o,i)=>{var a=i(56110),u=function(){try{var s=a(Object,"defineProperty");return s({},"",{}),s}catch(s){}}();s.exports=u},93290:(s,o,i)=>{s=i.nmd(s);var a=i(9325),u=o&&!o.nodeType&&o,_=u&&s&&!s.nodeType&&s,w=_&&_.exports===u?a.Buffer:void 0,x=w?w.allocUnsafe:void 0;s.exports=function cloneBuffer(s,o){if(o)return s.slice();var i=s.length,a=x?x(i):new s.constructor(i);return s.copy(a),a}},93427:(s,o,i)=>{"use strict";var a=i(1907);s.exports=a([].slice)},93628:(s,o,i)=>{"use strict";var a=i(48648),u=i(71064),_=i(7176);s.exports=a?function getProto(s){return a(s)}:u?function getProto(s){if(!s||"object"!=typeof s&&"function"!=typeof s)throw new TypeError("getProto: not an object");return u(s)}:_?function getProto(s){return _(s)}:null},93663:(s,o,i)=>{var a=i(41799),u=i(10776),_=i(67197);s.exports=function baseMatches(s){var o=u(s);return 1==o.length&&o[0][2]?_(o[0][0],o[0][1]):function(i){return i===s||a(i,s,o)}}},93700:(s,o,i)=>{"use strict";var a=i(19709);s.exports=a},93736:(s,o,i)=>{var a=i(51873),u=a?a.prototype:void 0,_=u?u.valueOf:void 0;s.exports=function cloneSymbol(s){return _?Object(_.call(s)):{}}},93742:s=>{"use strict";s.exports={}},94033:s=>{s.exports=function baseLodash(){}},94459:s=>{"use strict";s.exports=Number.isNaN||function isNaN(s){return s!=s}},94643:(s,o,i)=>{function config(s){try{if(!i.g.localStorage)return!1}catch(s){return!1}var o=i.g.localStorage[s];return null!=o&&"true"===String(o).toLowerCase()}s.exports=function deprecate(s,o){if(config("noDeprecation"))return s;var i=!1;return function deprecated(){if(!i){if(config("throwDeprecation"))throw new Error(o);config("traceDeprecation")?console.trace(o):console.warn(o),i=!0}return s.apply(this,arguments)}}},95089:s=>{const o="[A-Za-z$_][0-9A-Za-z$_]*",i=["as","in","of","if","for","while","finally","var","new","function","do","return","void","else","break","catch","instanceof","with","throw","case","default","try","switch","continue","typeof","delete","let","yield","const","class","debugger","async","await","static","import","from","export","extends"],a=["true","false","null","undefined","NaN","Infinity"],u=[].concat(["setInterval","setTimeout","clearInterval","clearTimeout","require","exports","eval","isFinite","isNaN","parseFloat","parseInt","decodeURI","decodeURIComponent","encodeURI","encodeURIComponent","escape","unescape"],["arguments","this","super","console","window","document","localStorage","module","global"],["Intl","DataView","Number","Math","Date","String","RegExp","Object","Function","Boolean","Error","Symbol","Set","Map","WeakSet","WeakMap","Proxy","Reflect","JSON","Promise","Float64Array","Int16Array","Int32Array","Int8Array","Uint16Array","Uint32Array","Float32Array","Array","Uint8Array","Uint8ClampedArray","ArrayBuffer","BigInt64Array","BigUint64Array","BigInt"],["EvalError","InternalError","RangeError","ReferenceError","SyntaxError","TypeError","URIError"]);function lookahead(s){return concat("(?=",s,")")}function concat(...s){return s.map((s=>function source(s){return s?"string"==typeof s?s:s.source:null}(s))).join("")}s.exports=function javascript(s){const _=o,w="<>",x="",C={begin:/<[A-Za-z0-9\\._:-]+/,end:/\/[A-Za-z0-9\\._:-]+>|\/>/,isTrulyOpeningTag:(s,o)=>{const i=s[0].length+s.index,a=s.input[i];"<"!==a?">"===a&&(((s,{after:o})=>{const i="",returnBegin:!0,end:"\\s*=>",contains:[{className:"params",variants:[{begin:s.UNDERSCORE_IDENT_RE,relevance:0},{className:null,begin:/\(\s*\)/,skip:!0},{begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,keywords:j,contains:ce}]}]},{begin:/,/,relevance:0},{className:"",begin:/\s/,end:/\s*/,skip:!0},{variants:[{begin:w,end:x},{begin:C.begin,"on:begin":C.isTrulyOpeningTag,end:C.end}],subLanguage:"xml",contains:[{begin:C.begin,end:C.end,skip:!0,contains:["self"]}]}],relevance:0},{className:"function",beginKeywords:"function",end:/[{;]/,excludeEnd:!0,keywords:j,contains:["self",s.inherit(s.TITLE_MODE,{begin:_}),le],illegal:/%/},{beginKeywords:"while if switch catch for"},{className:"function",begin:s.UNDERSCORE_IDENT_RE+"\\([^()]*(\\([^()]*(\\([^()]*\\)[^()]*)*\\)[^()]*)*\\)\\s*\\{",returnBegin:!0,contains:[le,s.inherit(s.TITLE_MODE,{begin:_})]},{variants:[{begin:"\\."+_},{begin:"\\$"+_}],relevance:0},{className:"class",beginKeywords:"class",end:/[{;=]/,excludeEnd:!0,illegal:/[:"[\]]/,contains:[{beginKeywords:"extends"},s.UNDERSCORE_TITLE_MODE]},{begin:/\b(?=constructor)/,end:/[{;]/,excludeEnd:!0,contains:[s.inherit(s.TITLE_MODE,{begin:_}),"self",le]},{begin:"(get|set)\\s+(?="+_+"\\()",end:/\{/,keywords:"get set",contains:[s.inherit(s.TITLE_MODE,{begin:_}),{begin:/\(\)/},le]},{begin:/\$[(.]/}]}}},95116:(s,o,i)=>{"use strict";var a,u,_,w=i(98828),x=i(62250),C=i(46285),j=i(58075),L=i(15972),B=i(68055),$=i(76264),U=i(7376),V=$("iterator"),z=!1;[].keys&&("next"in(_=[].keys())?(u=L(L(_)))!==Object.prototype&&(a=u):z=!0),!C(a)||w((function(){var s={};return a[V].call(s)!==s}))?a={}:U&&(a=j(a)),x(a[V])||B(a,V,(function(){return this})),s.exports={IteratorPrototype:a,BUGGY_SAFARI_ITERATORS:z}},95950:(s,o,i)=>{var a=i(70695),u=i(88984),_=i(64894);s.exports=function keys(s){return _(s)?a(s):u(s)}},96131:(s,o,i)=>{var a=i(2523),u=i(85463),_=i(76959);s.exports=function baseIndexOf(s,o,i){return o==o?_(s,o,i):a(s,u,i)}},96540:(s,o,i)=>{"use strict";s.exports=i(15287)},96605:(s,o,i)=>{"use strict";var a=i(11091),u=i(45951),_=i(76024),w=i(19358),x="WebAssembly",C=u[x],j=7!==new Error("e",{cause:7}).cause,exportGlobalErrorCauseWrapper=function(s,o){var i={};i[s]=w(s,o,j),a({global:!0,constructor:!0,arity:1,forced:j},i)},exportWebAssemblyErrorCauseWrapper=function(s,o){if(C&&C[s]){var i={};i[s]=w(x+"."+s,o,j),a({target:x,stat:!0,constructor:!0,arity:1,forced:j},i)}};exportGlobalErrorCauseWrapper("Error",(function(s){return function Error(o){return _(s,this,arguments)}})),exportGlobalErrorCauseWrapper("EvalError",(function(s){return function EvalError(o){return _(s,this,arguments)}})),exportGlobalErrorCauseWrapper("RangeError",(function(s){return function RangeError(o){return _(s,this,arguments)}})),exportGlobalErrorCauseWrapper("ReferenceError",(function(s){return function ReferenceError(o){return _(s,this,arguments)}})),exportGlobalErrorCauseWrapper("SyntaxError",(function(s){return function SyntaxError(o){return _(s,this,arguments)}})),exportGlobalErrorCauseWrapper("TypeError",(function(s){return function TypeError(o){return _(s,this,arguments)}})),exportGlobalErrorCauseWrapper("URIError",(function(s){return function URIError(o){return _(s,this,arguments)}})),exportWebAssemblyErrorCauseWrapper("CompileError",(function(s){return function CompileError(o){return _(s,this,arguments)}})),exportWebAssemblyErrorCauseWrapper("LinkError",(function(s){return function LinkError(o){return _(s,this,arguments)}})),exportWebAssemblyErrorCauseWrapper("RuntimeError",(function(s){return function RuntimeError(o){return _(s,this,arguments)}}))},96794:(s,o,i)=>{"use strict";var a=i(45951).navigator,u=a&&a.userAgent;s.exports=u?String(u):""},96897:(s,o,i)=>{"use strict";var a=i(70453),u=i(30041),_=i(30592)(),w=i(75795),x=i(69675),C=a("%Math.floor%");s.exports=function setFunctionLength(s,o){if("function"!=typeof s)throw new x("`fn` is not a function");if("number"!=typeof o||o<0||o>4294967295||C(o)!==o)throw new x("`length` must be a positive 32-bit integer");var i=arguments.length>2&&!!arguments[2],a=!0,j=!0;if("length"in s&&w){var L=w(s,"length");L&&!L.configurable&&(a=!1),L&&!L.writable&&(j=!1)}return(a||j||!i)&&(_?u(s,"length",o,!0,!0):u(s,"length",o)),s}},98023:(s,o,i)=>{var a=i(72552),u=i(40346);s.exports=function isNumber(s){return"number"==typeof s||u(s)&&"[object Number]"==a(s)}},98828:s=>{"use strict";s.exports=function(s){try{return!!s()}catch(s){return!0}}},99363:(s,o,i)=>{"use strict";var a=i(4993),u=i(42156),_=i(93742),w=i(64932),x=i(74284).f,C=i(60183),j=i(59550),L=i(7376),B=i(39447),$="Array Iterator",U=w.set,V=w.getterFor($);s.exports=C(Array,"Array",(function(s,o){U(this,{type:$,target:a(s),index:0,kind:o})}),(function(){var s=V(this),o=s.target,i=s.index++;if(!o||i>=o.length)return s.target=null,j(void 0,!0);switch(s.kind){case"keys":return j(i,!1);case"values":return j(o[i],!1)}return j([i,o[i]],!1)}),"values");var z=_.Arguments=_.Array;if(u("keys"),u("values"),u("entries"),!L&&B&&"values"!==z.name)try{x(z,"name",{value:"values"})}catch(s){}},99374:(s,o,i)=>{var a=i(54128),u=i(23805),_=i(44394),w=/^[-+]0x[0-9a-f]+$/i,x=/^0b[01]+$/i,C=/^0o[0-7]+$/i,j=parseInt;s.exports=function toNumber(s){if("number"==typeof s)return s;if(_(s))return NaN;if(u(s)){var o="function"==typeof s.valueOf?s.valueOf():s;s=u(o)?o+"":o}if("string"!=typeof s)return 0===s?s:+s;s=a(s);var i=x.test(s);return i||C.test(s)?j(s.slice(2),i?2:8):w.test(s)?NaN:+s}}},o={};function __webpack_require__(i){var a=o[i];if(void 0!==a)return a.exports;var u=o[i]={id:i,loaded:!1,exports:{}};return s[i].call(u.exports,u,u.exports,__webpack_require__),u.loaded=!0,u.exports}__webpack_require__.n=s=>{var o=s&&s.__esModule?()=>s.default:()=>s;return __webpack_require__.d(o,{a:o}),o},__webpack_require__.d=(s,o)=>{for(var i in o)__webpack_require__.o(o,i)&&!__webpack_require__.o(s,i)&&Object.defineProperty(s,i,{enumerable:!0,get:o[i]})},__webpack_require__.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(s){if("object"==typeof window)return window}}(),__webpack_require__.o=(s,o)=>Object.prototype.hasOwnProperty.call(s,o),__webpack_require__.r=s=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(s,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(s,"__esModule",{value:!0})},__webpack_require__.nmd=s=>(s.paths=[],s.children||(s.children=[]),s);var i={};return(()=>{"use strict";__webpack_require__.d(i,{default:()=>WT});var s={};__webpack_require__.r(s),__webpack_require__.d(s,{CLEAR:()=>at,CLEAR_BY:()=>ct,NEW_AUTH_ERR:()=>it,NEW_SPEC_ERR:()=>st,NEW_SPEC_ERR_BATCH:()=>ot,NEW_THROWN_ERR:()=>rt,NEW_THROWN_ERR_BATCH:()=>nt,clear:()=>clear,clearBy:()=>clearBy,newAuthErr:()=>newAuthErr,newSpecErr:()=>newSpecErr,newSpecErrBatch:()=>newSpecErrBatch,newThrownErr:()=>newThrownErr,newThrownErrBatch:()=>newThrownErrBatch});var o={};__webpack_require__.r(o),__webpack_require__.d(o,{AUTHORIZE:()=>Rt,AUTHORIZE_OAUTH2:()=>Lt,CONFIGURE_AUTH:()=>Ft,LOGOUT:()=>Dt,RESTORE_AUTHORIZATION:()=>Bt,SHOW_AUTH_POPUP:()=>Mt,authPopup:()=>authPopup,authorize:()=>authorize,authorizeAccessCodeWithBasicAuthentication:()=>authorizeAccessCodeWithBasicAuthentication,authorizeAccessCodeWithFormParams:()=>authorizeAccessCodeWithFormParams,authorizeApplication:()=>authorizeApplication,authorizeOauth2:()=>authorizeOauth2,authorizeOauth2WithPersistOption:()=>authorizeOauth2WithPersistOption,authorizePassword:()=>authorizePassword,authorizeRequest:()=>authorizeRequest,authorizeWithPersistOption:()=>authorizeWithPersistOption,configureAuth:()=>configureAuth,logout:()=>logout,logoutWithPersistOption:()=>logoutWithPersistOption,persistAuthorizationIfNeeded:()=>persistAuthorizationIfNeeded,preAuthorizeImplicit:()=>preAuthorizeImplicit,restoreAuthorization:()=>restoreAuthorization,showDefinitions:()=>showDefinitions});var a={};__webpack_require__.r(a),__webpack_require__.d(a,{authorized:()=>Jt,definitionsForRequirements:()=>definitionsForRequirements,definitionsToAuthorize:()=>Wt,getConfigs:()=>Ht,getDefinitionsByNames:()=>getDefinitionsByNames,isAuthorized:()=>isAuthorized,selectAuthPath:()=>selectAuthPath,shownDefinitions:()=>zt});var u={};__webpack_require__.r(u),__webpack_require__.d(u,{TOGGLE_CONFIGS:()=>gn,UPDATE_CONFIGS:()=>mn,downloadConfig:()=>downloadConfig,getConfigByUrl:()=>getConfigByUrl,loaded:()=>actions_loaded,toggle:()=>toggle,update:()=>update});var _={};__webpack_require__.r(_),__webpack_require__.d(_,{get:()=>get});var w={};__webpack_require__.r(w),__webpack_require__.d(w,{transform:()=>transform});var x={};__webpack_require__.r(x),__webpack_require__.d(x,{transform:()=>parameter_oneof_transform});var C={};__webpack_require__.r(C),__webpack_require__.d(C,{allErrors:()=>In,lastError:()=>Tn});var j={};__webpack_require__.r(j),__webpack_require__.d(j,{SHOW:()=>Fn,UPDATE_FILTER:()=>Dn,UPDATE_LAYOUT:()=>Rn,UPDATE_MODE:()=>Ln,changeMode:()=>changeMode,show:()=>actions_show,updateFilter:()=>updateFilter,updateLayout:()=>updateLayout});var L={};__webpack_require__.r(L),__webpack_require__.d(L,{current:()=>current,currentFilter:()=>currentFilter,isShown:()=>isShown,showSummary:()=>$n,whatMode:()=>whatMode});var B={};__webpack_require__.r(B),__webpack_require__.d(B,{taggedOperations:()=>taggedOperations});var $={};__webpack_require__.r($),__webpack_require__.d($,{getActiveLanguage:()=>Vn,getDefaultExpanded:()=>zn,getGenerators:()=>Un,getSnippetGenerators:()=>getSnippetGenerators});var U={};__webpack_require__.r(U),__webpack_require__.d(U,{JsonSchemaArrayItemFile:()=>JsonSchemaArrayItemFile,JsonSchemaArrayItemText:()=>JsonSchemaArrayItemText,JsonSchemaForm:()=>JsonSchemaForm,JsonSchema_array:()=>JsonSchema_array,JsonSchema_boolean:()=>JsonSchema_boolean,JsonSchema_object:()=>JsonSchema_object,JsonSchema_string:()=>JsonSchema_string});var V={};__webpack_require__.r(V),__webpack_require__.d(V,{allowTryItOutFor:()=>allowTryItOutFor,basePath:()=>Hs,canExecuteScheme:()=>canExecuteScheme,consumes:()=>Us,consumesOptionsFor:()=>consumesOptionsFor,contentTypeValues:()=>contentTypeValues,currentProducesFor:()=>currentProducesFor,definitions:()=>Js,externalDocs:()=>Ds,findDefinition:()=>findDefinition,getOAS3RequiredRequestBodyContentType:()=>getOAS3RequiredRequestBodyContentType,getParameter:()=>getParameter,hasHost:()=>ro,host:()=>Ks,info:()=>Rs,isMediaTypeSchemaPropertiesEqual:()=>isMediaTypeSchemaPropertiesEqual,isOAS3:()=>Ms,lastError:()=>Os,mutatedRequestFor:()=>mutatedRequestFor,mutatedRequests:()=>to,operationScheme:()=>operationScheme,operationWithMeta:()=>operationWithMeta,operations:()=>qs,operationsWithRootInherited:()=>Ys,operationsWithTags:()=>Qs,parameterInclusionSettingFor:()=>parameterInclusionSettingFor,parameterValues:()=>parameterValues,parameterWithMeta:()=>parameterWithMeta,parameterWithMetaByIdentity:()=>parameterWithMetaByIdentity,parametersIncludeIn:()=>parametersIncludeIn,parametersIncludeType:()=>parametersIncludeType,paths:()=>Bs,produces:()=>Vs,producesOptionsFor:()=>producesOptionsFor,requestFor:()=>requestFor,requests:()=>eo,responseFor:()=>responseFor,responses:()=>Zs,schemes:()=>Gs,security:()=>zs,securityDefinitions:()=>Ws,semver:()=>Fs,spec:()=>spec,specJS:()=>Is,specJson:()=>Ps,specJsonWithResolvedSubtrees:()=>Ns,specResolved:()=>Ts,specResolvedSubtree:()=>specResolvedSubtree,specSource:()=>js,specStr:()=>Cs,tagDetails:()=>tagDetails,taggedOperations:()=>selectors_taggedOperations,tags:()=>Xs,url:()=>As,validOperationMethods:()=>$s,validateBeforeExecute:()=>validateBeforeExecute,validationErrors:()=>validationErrors,version:()=>Ls});var z={};__webpack_require__.r(z),__webpack_require__.d(z,{CLEAR_REQUEST:()=>wo,CLEAR_RESPONSE:()=>Eo,CLEAR_VALIDATE_PARAMS:()=>xo,LOG_REQUEST:()=>So,SET_MUTATED_REQUEST:()=>_o,SET_REQUEST:()=>bo,SET_RESPONSE:()=>vo,SET_SCHEME:()=>Co,UPDATE_EMPTY_PARAM_INCLUSION:()=>go,UPDATE_JSON:()=>fo,UPDATE_OPERATION_META_VALUE:()=>ko,UPDATE_PARAM:()=>mo,UPDATE_RESOLVED:()=>Oo,UPDATE_RESOLVED_SUBTREE:()=>Ao,UPDATE_SPEC:()=>po,UPDATE_URL:()=>ho,VALIDATE_PARAMS:()=>yo,changeConsumesValue:()=>changeConsumesValue,changeParam:()=>changeParam,changeParamByIdentity:()=>changeParamByIdentity,changeProducesValue:()=>changeProducesValue,clearRequest:()=>clearRequest,clearResponse:()=>clearResponse,clearValidateParams:()=>clearValidateParams,execute:()=>actions_execute,executeRequest:()=>executeRequest,invalidateResolvedSubtreeCache:()=>invalidateResolvedSubtreeCache,logRequest:()=>logRequest,parseToJson:()=>parseToJson,requestResolvedSubtree:()=>requestResolvedSubtree,resolveSpec:()=>resolveSpec,setMutatedRequest:()=>setMutatedRequest,setRequest:()=>setRequest,setResponse:()=>setResponse,setScheme:()=>setScheme,updateEmptyParamInclusion:()=>updateEmptyParamInclusion,updateJsonSpec:()=>updateJsonSpec,updateResolved:()=>updateResolved,updateResolvedSubtree:()=>updateResolvedSubtree,updateSpec:()=>updateSpec,updateUrl:()=>updateUrl,validateParams:()=>validateParams});var Y={};__webpack_require__.r(Y),__webpack_require__.d(Y,{executeRequest:()=>wrap_actions_executeRequest,updateJsonSpec:()=>wrap_actions_updateJsonSpec,updateSpec:()=>wrap_actions_updateSpec,validateParams:()=>wrap_actions_validateParams});var Z={};__webpack_require__.r(Z),__webpack_require__.d(Z,{JsonPatchError:()=>Do,_areEquals:()=>_areEquals,applyOperation:()=>applyOperation,applyPatch:()=>applyPatch,applyReducer:()=>applyReducer,deepClone:()=>Lo,getValueByPointer:()=>getValueByPointer,validate:()=>validate,validator:()=>validator});var ee={};__webpack_require__.r(ee),__webpack_require__.d(ee,{compare:()=>compare,generate:()=>generate,observe:()=>observe,unobserve:()=>unobserve});var ie={};__webpack_require__.r(ie),__webpack_require__.d(ie,{hasElementSourceMap:()=>hasElementSourceMap,includesClasses:()=>includesClasses,includesSymbols:()=>includesSymbols,isAnnotationElement:()=>Fu,isArrayElement:()=>Mu,isBooleanElement:()=>Tu,isCommentElement:()=>Bu,isElement:()=>Cu,isLinkElement:()=>Du,isMemberElement:()=>Ru,isNullElement:()=>Iu,isNumberElement:()=>Pu,isObjectElement:()=>Nu,isParseResultElement:()=>$u,isPrimitiveElement:()=>isPrimitiveElement,isRefElement:()=>Lu,isStringElement:()=>ju});var ae={};__webpack_require__.r(ae),__webpack_require__.d(ae,{isJSONReferenceElement:()=>Ld,isJSONSchemaElement:()=>Dd,isLinkDescriptionElement:()=>Bd,isMediaElement:()=>Fd});var ce={};__webpack_require__.r(ce),__webpack_require__.d(ce,{isBooleanJsonSchemaElement:()=>isBooleanJsonSchemaElement,isCallbackElement:()=>Tm,isComponentsElement:()=>Nm,isContactElement:()=>Mm,isDiscriminatorElement:()=>og,isExampleElement:()=>Rm,isExternalDocumentationElement:()=>Dm,isHeaderElement:()=>Lm,isInfoElement:()=>Fm,isLicenseElement:()=>Bm,isLinkElement:()=>$m,isMediaTypeElement:()=>ng,isOpenApi3_0Element:()=>Um,isOpenapiElement:()=>qm,isOperationElement:()=>Vm,isParameterElement:()=>zm,isPathItemElement:()=>Wm,isPathsElement:()=>Jm,isReferenceElement:()=>Hm,isRequestBodyElement:()=>Km,isResponseElement:()=>Gm,isResponsesElement:()=>Ym,isSchemaElement:()=>Xm,isSecurityRequirementElement:()=>Qm,isSecuritySchemeElement:()=>Zm,isServerElement:()=>eg,isServerVariableElement:()=>rg,isServersElement:()=>sg});var le={};__webpack_require__.r(le),__webpack_require__.d(le,{isJSONReferenceElement:()=>Ld,isJSONSchemaElement:()=>g_,isLinkDescriptionElement:()=>y_,isMediaElement:()=>Fd});var pe={};__webpack_require__.r(pe),__webpack_require__.d(pe,{isJSONReferenceElement:()=>Ld,isJSONSchemaElement:()=>A_,isLinkDescriptionElement:()=>C_});var de={};__webpack_require__.r(de),__webpack_require__.d(de,{isJSONSchemaElement:()=>K_,isLinkDescriptionElement:()=>G_});var fe={};__webpack_require__.r(fe),__webpack_require__.d(fe,{isJSONSchemaElement:()=>oS,isLinkDescriptionElement:()=>iS});var ye={};__webpack_require__.r(ye),__webpack_require__.d(ye,{isBooleanJsonSchemaElement:()=>predicates_isBooleanJsonSchemaElement,isCallbackElement:()=>zS,isComponentsElement:()=>WS,isContactElement:()=>JS,isExampleElement:()=>HS,isExternalDocumentationElement:()=>KS,isHeaderElement:()=>GS,isInfoElement:()=>YS,isJsonSchemaDialectElement:()=>XS,isLicenseElement:()=>QS,isLinkElement:()=>ZS,isMediaTypeElement:()=>mE,isOpenApi3_1Element:()=>tE,isOpenapiElement:()=>eE,isOperationElement:()=>rE,isParameterElement:()=>nE,isPathItemElement:()=>sE,isPathItemElementExternal:()=>isPathItemElementExternal,isPathsElement:()=>oE,isReferenceElement:()=>iE,isReferenceElementExternal:()=>isReferenceElementExternal,isRequestBodyElement:()=>aE,isResponseElement:()=>cE,isResponsesElement:()=>lE,isSchemaElement:()=>uE,isSecurityRequirementElement:()=>pE,isSecuritySchemeElement:()=>hE,isServerElement:()=>dE,isServerVariableElement:()=>fE});var be={};__webpack_require__.r(be),__webpack_require__.d(be,{cookie:()=>cookie,header:()=>parameter_builders_header,path:()=>parameter_builders_path,query:()=>query});var _e={};__webpack_require__.r(_e),__webpack_require__.d(_e,{Button:()=>Button,Col:()=>Col,Collapse:()=>Collapse,Container:()=>Container,Input:()=>Input,Link:()=>layout_utils_Link,Row:()=>Row,Select:()=>Select,TextArea:()=>TextArea});var Se={};__webpack_require__.r(Se),__webpack_require__.d(Se,{basePath:()=>NP,consumes:()=>MP,definitions:()=>jP,findDefinition:()=>CP,hasHost:()=>PP,host:()=>TP,produces:()=>RP,schemes:()=>DP,securityDefinitions:()=>IP,validOperationMethods:()=>wrap_selectors_validOperationMethods});var we={};__webpack_require__.r(we),__webpack_require__.d(we,{definitionsToAuthorize:()=>LP});var xe={};__webpack_require__.r(xe),__webpack_require__.d(xe,{callbacksOperations:()=>$P,findSchema:()=>findSchema,isOAS3:()=>selectors_isOAS3,isOAS30:()=>selectors_isOAS30,isSwagger2:()=>selectors_isSwagger2,servers:()=>BP});var Pe={};__webpack_require__.r(Pe),__webpack_require__.d(Pe,{CLEAR_REQUEST_BODY_VALIDATE_ERROR:()=>iI,CLEAR_REQUEST_BODY_VALUE:()=>aI,SET_REQUEST_BODY_VALIDATE_ERROR:()=>oI,UPDATE_ACTIVE_EXAMPLES_MEMBER:()=>tI,UPDATE_REQUEST_BODY_INCLUSION:()=>eI,UPDATE_REQUEST_BODY_VALUE:()=>QP,UPDATE_REQUEST_BODY_VALUE_RETAIN_FLAG:()=>ZP,UPDATE_REQUEST_CONTENT_TYPE:()=>rI,UPDATE_RESPONSE_CONTENT_TYPE:()=>nI,UPDATE_SELECTED_SERVER:()=>XP,UPDATE_SERVER_VARIABLE_VALUE:()=>sI,clearRequestBodyValidateError:()=>clearRequestBodyValidateError,clearRequestBodyValue:()=>clearRequestBodyValue,initRequestBodyValidateError:()=>initRequestBodyValidateError,setActiveExamplesMember:()=>setActiveExamplesMember,setRequestBodyInclusion:()=>setRequestBodyInclusion,setRequestBodyValidateError:()=>setRequestBodyValidateError,setRequestBodyValue:()=>setRequestBodyValue,setRequestContentType:()=>setRequestContentType,setResponseContentType:()=>setResponseContentType,setRetainRequestBodyValueFlag:()=>setRetainRequestBodyValueFlag,setSelectedServer:()=>setSelectedServer,setServerVariableValue:()=>setServerVariableValue});var Te={};__webpack_require__.r(Te),__webpack_require__.d(Te,{activeExamplesMember:()=>gI,hasUserEditedBody:()=>dI,requestBodyErrors:()=>mI,requestBodyInclusionSetting:()=>fI,requestBodyValue:()=>pI,requestContentType:()=>yI,responseContentType:()=>vI,selectDefaultRequestBodyValue:()=>selectDefaultRequestBodyValue,selectedServer:()=>uI,serverEffectiveValue:()=>SI,serverVariableValue:()=>bI,serverVariables:()=>_I,shouldRetainRequestBodyValue:()=>hI,validOperationMethods:()=>wI,validateBeforeExecute:()=>EI,validateShallowRequired:()=>validateShallowRequired});var Re=__webpack_require__(96540);function formatProdErrorMessage(s){return`Minified Redux error #${s}; visit https://redux.js.org/Errors?code=${s} for the full message or use the non-minified dev environment for full errors. `}var $e=(()=>"function"==typeof Symbol&&Symbol.observable||"@@observable")(),randomString=()=>Math.random().toString(36).substring(7).split("").join("."),qe={INIT:`@@redux/INIT${randomString()}`,REPLACE:`@@redux/REPLACE${randomString()}`,PROBE_UNKNOWN_ACTION:()=>`@@redux/PROBE_UNKNOWN_ACTION${randomString()}`};function isPlainObject(s){if("object"!=typeof s||null===s)return!1;let o=s;for(;null!==Object.getPrototypeOf(o);)o=Object.getPrototypeOf(o);return Object.getPrototypeOf(s)===o||null===Object.getPrototypeOf(s)}function createStore(s,o,i){if("function"!=typeof s)throw new Error(formatProdErrorMessage(2));if("function"==typeof o&&"function"==typeof i||"function"==typeof i&&"function"==typeof arguments[3])throw new Error(formatProdErrorMessage(0));if("function"==typeof o&&void 0===i&&(i=o,o=void 0),void 0!==i){if("function"!=typeof i)throw new Error(formatProdErrorMessage(1));return i(createStore)(s,o)}let a=s,u=o,_=new Map,w=_,x=0,C=!1;function ensureCanMutateNextListeners(){w===_&&(w=new Map,_.forEach(((s,o)=>{w.set(o,s)})))}function getState(){if(C)throw new Error(formatProdErrorMessage(3));return u}function subscribe(s){if("function"!=typeof s)throw new Error(formatProdErrorMessage(4));if(C)throw new Error(formatProdErrorMessage(5));let o=!0;ensureCanMutateNextListeners();const i=x++;return w.set(i,s),function unsubscribe(){if(o){if(C)throw new Error(formatProdErrorMessage(6));o=!1,ensureCanMutateNextListeners(),w.delete(i),_=null}}}function dispatch(s){if(!isPlainObject(s))throw new Error(formatProdErrorMessage(7));if(void 0===s.type)throw new Error(formatProdErrorMessage(8));if("string"!=typeof s.type)throw new Error(formatProdErrorMessage(17));if(C)throw new Error(formatProdErrorMessage(9));try{C=!0,u=a(u,s)}finally{C=!1}return(_=w).forEach((s=>{s()})),s}dispatch({type:qe.INIT});return{dispatch,subscribe,getState,replaceReducer:function replaceReducer(s){if("function"!=typeof s)throw new Error(formatProdErrorMessage(10));a=s,dispatch({type:qe.REPLACE})},[$e]:function observable(){const s=subscribe;return{subscribe(o){if("object"!=typeof o||null===o)throw new Error(formatProdErrorMessage(11));function observeState(){const s=o;s.next&&s.next(getState())}observeState();return{unsubscribe:s(observeState)}},[$e](){return this}}}}}function bindActionCreator(s,o){return function(...i){return o(s.apply(this,i))}}function compose(...s){return 0===s.length?s=>s:1===s.length?s[0]:s.reduce(((s,o)=>(...i)=>s(o(...i))))}var ze=__webpack_require__(9404),We=__webpack_require__.n(ze),He=__webpack_require__(81919),Ye=__webpack_require__.n(He),Xe=__webpack_require__(89593),Qe=__webpack_require__(20334),et=__webpack_require__(55364),tt=__webpack_require__.n(et);const rt="err_new_thrown_err",nt="err_new_thrown_err_batch",st="err_new_spec_err",ot="err_new_spec_err_batch",it="err_new_auth_err",at="err_clear",ct="err_clear_by";function newThrownErr(s){return{type:rt,payload:(0,Qe.serializeError)(s)}}function newThrownErrBatch(s){return{type:nt,payload:s}}function newSpecErr(s){return{type:st,payload:s}}function newSpecErrBatch(s){return{type:ot,payload:s}}function newAuthErr(s){return{type:it,payload:s}}function clear(s={}){return{type:at,payload:s}}function clearBy(s=()=>!0){return{type:ct,payload:s}}const lt=function makeWindow(){var s={location:{},history:{},open:()=>{},close:()=>{},File:function(){},FormData:function(){}};if("undefined"==typeof window)return s;try{s=window;for(var o of["File","Blob","FormData"])o in window&&(s[o]=window[o])}catch(s){console.error(s)}return s}();__webpack_require__(84058),__webpack_require__(55808);var ut=__webpack_require__(50104),pt=__webpack_require__.n(ut),ht=__webpack_require__(7309),dt=__webpack_require__.n(ht),mt=__webpack_require__(42426),gt=__webpack_require__.n(mt),yt=__webpack_require__(75288),vt=__webpack_require__.n(yt),bt=__webpack_require__(1882),_t=__webpack_require__.n(bt),St=__webpack_require__(2205),Et=__webpack_require__.n(St),wt=__webpack_require__(53209),xt=__webpack_require__.n(wt),kt=__webpack_require__(62802),Ot=__webpack_require__.n(kt);const At=We().Set.of("type","format","items","default","maximum","exclusiveMaximum","minimum","exclusiveMinimum","maxLength","minLength","pattern","maxItems","minItems","uniqueItems","enum","multipleOf");function getParameterSchema(s,{isOAS3:o}={}){if(!We().Map.isMap(s))return{schema:We().Map(),parameterContentMediaType:null};if(!o)return"body"===s.get("in")?{schema:s.get("schema",We().Map()),parameterContentMediaType:null}:{schema:s.filter(((s,o)=>At.includes(o))),parameterContentMediaType:null};if(s.get("content")){const o=s.get("content",We().Map({})).keySeq().first();return{schema:s.getIn(["content",o,"schema"],We().Map()),parameterContentMediaType:o}}return{schema:s.get("schema")?s.get("schema",We().Map()):We().Map(),parameterContentMediaType:null}}var Ct=__webpack_require__(48287).Buffer;const jt="default",isImmutable=s=>We().Iterable.isIterable(s),immutableToJS=s=>isImmutable(s)?s.toJS():s;function objectify(s){return isObject(s)?immutableToJS(s):{}}function fromJSOrdered(s){if(isImmutable(s))return s;if(s instanceof lt.File)return s;if(!isObject(s))return s;if(Array.isArray(s))return We().Seq(s).map(fromJSOrdered).toList();if(_t()(s.entries)){const o=function createObjWithHashedKeys(s){if(!_t()(s.entries))return s;const o={},i="_**[]",a={};for(let u of s.entries())if(o[u[0]]||a[u[0]]&&a[u[0]].containsMultiple){if(!a[u[0]]){a[u[0]]={containsMultiple:!0,length:1},o[`${u[0]}${i}${a[u[0]].length}`]=o[u[0]],delete o[u[0]]}a[u[0]].length+=1,o[`${u[0]}${i}${a[u[0]].length}`]=u[1]}else o[u[0]]=u[1];return o}(s);return We().OrderedMap(o).map(fromJSOrdered)}return We().OrderedMap(s).map(fromJSOrdered)}function normalizeArray(s){return Array.isArray(s)?s:[s]}function isFn(s){return"function"==typeof s}function isObject(s){return!!s&&"object"==typeof s}function isFunc(s){return"function"==typeof s}function isArray(s){return Array.isArray(s)}const Pt=pt();function objMap(s,o){return Object.keys(s).reduce(((i,a)=>(i[a]=o(s[a],a),i)),{})}function objReduce(s,o){return Object.keys(s).reduce(((i,a)=>{let u=o(s[a],a);return u&&"object"==typeof u&&Object.assign(i,u),i}),{})}function systemThunkMiddleware(s){return({dispatch:o,getState:i})=>o=>i=>"function"==typeof i?i(s()):o(i)}function validateValueBySchema(s,o,i,a,u){if(!o)return[];let _=[],w=o.get("nullable"),x=o.get("required"),C=o.get("maximum"),j=o.get("minimum"),L=o.get("type"),B=o.get("format"),$=o.get("maxLength"),U=o.get("minLength"),V=o.get("uniqueItems"),z=o.get("maxItems"),Y=o.get("minItems"),Z=o.get("pattern");const ee=i||!0===x,ie=null!=s,ae=ee||ie&&"array"===L||!(!ee&&!ie),ce=w&&null===s;if(ee&&!ie&&!ce&&!a&&!L)return _.push("Required field is not provided"),_;if(ce||!L||!ae)return[];let le="string"===L&&s,pe="array"===L&&Array.isArray(s)&&s.length,de="array"===L&&We().List.isList(s)&&s.count();const fe=[le,pe,de,"array"===L&&"string"==typeof s&&s,"file"===L&&s instanceof lt.File,"boolean"===L&&(s||!1===s),"number"===L&&(s||0===s),"integer"===L&&(s||0===s),"object"===L&&"object"==typeof s&&null!==s,"object"===L&&"string"==typeof s&&s].some((s=>!!s));if(ee&&!fe&&!a)return _.push("Required field is not provided"),_;if("object"===L&&(null===u||"application/json"===u)){let i=s;if("string"==typeof s)try{i=JSON.parse(s)}catch(s){return _.push("Parameter string value must be valid JSON"),_}o&&o.has("required")&&isFunc(x.isList)&&x.isList()&&x.forEach((s=>{void 0===i[s]&&_.push({propKey:s,error:"Required property not found"})})),o&&o.has("properties")&&o.get("properties").forEach(((s,o)=>{const w=validateValueBySchema(i[o],s,!1,a,u);_.push(...w.map((s=>({propKey:o,error:s}))))}))}if(Z){let o=((s,o)=>{if(!new RegExp(o).test(s))return"Value must follow pattern "+o})(s,Z);o&&_.push(o)}if(Y&&"array"===L){let o=((s,o)=>{if(!s&&o>=1||s&&s.length{if(s&&s.length>o)return`Array must not contain more then ${o} item${1===o?"":"s"}`})(s,z);o&&_.push({needRemove:!0,error:o})}if(V&&"array"===L){let o=((s,o)=>{if(s&&("true"===o||!0===o)){const o=(0,ze.fromJS)(s),i=o.toSet();if(s.length>i.size){let s=(0,ze.Set)();if(o.forEach(((i,a)=>{o.filter((s=>isFunc(s.equals)?s.equals(i):s===i)).size>1&&(s=s.add(a))})),0!==s.size)return s.map((s=>({index:s,error:"No duplicates allowed."}))).toArray()}}})(s,V);o&&_.push(...o)}if($||0===$){let o=((s,o)=>{if(s.length>o)return`Value must be no longer than ${o} character${1!==o?"s":""}`})(s,$);o&&_.push(o)}if(U){let o=((s,o)=>{if(s.length{if(s>o)return`Value must be less than or equal to ${o}`})(s,C);o&&_.push(o)}if(j||0===j){let o=((s,o)=>{if(s{if(isNaN(Date.parse(s)))return"Value must be a DateTime"})(s):"uuid"===B?(s=>{if(s=s.toString().toLowerCase(),!/^[{(]?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}[)}]?$/.test(s))return"Value must be a Guid"})(s):(s=>{if(s&&"string"!=typeof s)return"Value must be a string"})(s),!o)return _;_.push(o)}else if("boolean"===L){let o=(s=>{if("true"!==s&&"false"!==s&&!0!==s&&!1!==s)return"Value must be a boolean"})(s);if(!o)return _;_.push(o)}else if("number"===L){let o=(s=>{if(!/^-?\d+(\.?\d+)?$/.test(s))return"Value must be a number"})(s);if(!o)return _;_.push(o)}else if("integer"===L){let o=(s=>{if(!/^-?\d+$/.test(s))return"Value must be an integer"})(s);if(!o)return _;_.push(o)}else if("array"===L){if(!pe&&!de)return _;s&&s.forEach(((s,i)=>{const w=validateValueBySchema(s,o.get("items"),!1,a,u);_.push(...w.map((s=>({index:i,error:s}))))}))}else if("file"===L){let o=(s=>{if(s&&!(s instanceof lt.File))return"Value must be a file"})(s);if(!o)return _;_.push(o)}return _}const utils_btoa=s=>{let o;return o=s instanceof Ct?s:Ct.from(s.toString(),"utf-8"),o.toString("base64")},It={operationsSorter:{alpha:(s,o)=>s.get("path").localeCompare(o.get("path")),method:(s,o)=>s.get("method").localeCompare(o.get("method"))},tagsSorter:{alpha:(s,o)=>s.localeCompare(o)}},buildFormData=s=>{let o=[];for(let i in s){let a=s[i];void 0!==a&&""!==a&&o.push([i,"=",encodeURIComponent(a).replace(/%20/g,"+")].join(""))}return o.join("&")},shallowEqualKeys=(s,o,i)=>!!dt()(i,(i=>vt()(s[i],o[i])));function requiresValidationURL(s){return!(!s||s.indexOf("localhost")>=0||s.indexOf("127.0.0.1")>=0||"none"===s)}const createDeepLinkPath=s=>"string"==typeof s||s instanceof String?s.trim().replace(/\s/g,"%20"):"",escapeDeepLinkPath=s=>Et()(createDeepLinkPath(s).replace(/%20/g,"_")),isExtension=s=>/^x-/.test(s),getExtensions=s=>ze.Map.isMap(s)?s.filter(((s,o)=>isExtension(o))):Object.keys(s).filter((s=>isExtension(s))),getCommonExtensions=s=>s.filter(((s,o)=>/^pattern|maxLength|minLength|maximum|minimum/.test(o)));function deeplyStripKey(s,o,i=()=>!0){if("object"!=typeof s||Array.isArray(s)||null===s||!o)return s;const a=Object.assign({},s);return Object.keys(a).forEach((s=>{s===o&&i(a[s],s)?delete a[s]:a[s]=deeplyStripKey(a[s],o,i)})),a}function stringify(s){if("string"==typeof s)return s;if(s&&s.toJS&&(s=s.toJS()),"object"==typeof s&&null!==s)try{return JSON.stringify(s,null,2)}catch(o){return String(s)}return null==s?"":s.toString()}function paramToIdentifier(s,{returnAll:o=!1,allowHashes:i=!0}={}){if(!We().Map.isMap(s))throw new Error("paramToIdentifier: received a non-Im.Map parameter as input");const a=s.get("name"),u=s.get("in");let _=[];return s&&s.hashCode&&u&&a&&i&&_.push(`${u}.${a}.hash-${s.hashCode()}`),u&&a&&_.push(`${u}.${a}`),_.push(a),o?_:_[0]||""}function paramToValue(s,o){return paramToIdentifier(s,{returnAll:!0}).map((s=>o[s])).filter((s=>void 0!==s))[0]}function b64toB64UrlEncoded(s){return s.replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}const isEmptyValue=s=>!s||!(!isImmutable(s)||!s.isEmpty()),idFn=s=>s;function createStoreWithMiddleware(s,o,i){let a=[systemThunkMiddleware(i)];return createStore(s,o,(lt.__REDUX_DEVTOOLS_EXTENSION_COMPOSE__||compose)(function applyMiddleware(...s){return o=>(i,a)=>{const u=o(i,a);let dispatch=()=>{throw new Error(formatProdErrorMessage(15))};const _={getState:u.getState,dispatch:(s,...o)=>dispatch(s,...o)},w=s.map((s=>s(_)));return dispatch=compose(...w)(u.dispatch),{...u,dispatch}}}(...a)))}class Store{constructor(s={}){Ye()(this,{state:{},plugins:[],system:{configs:{},fn:{},components:{},rootInjects:{},statePlugins:{}},boundSystem:{},toolbox:{}},s),this.getSystem=this._getSystem.bind(this),this.store=function configureStore(s,o,i){return createStoreWithMiddleware(s,o,i)}(idFn,(0,ze.fromJS)(this.state),this.getSystem),this.buildSystem(!1),this.register(this.plugins)}getStore(){return this.store}register(s,o=!0){var i=combinePlugins(s,this.getSystem());systemExtend(this.system,i),o&&this.buildSystem();callAfterLoad.call(this.system,s,this.getSystem())&&this.buildSystem()}buildSystem(s=!0){let o=this.getStore().dispatch,i=this.getStore().getState;this.boundSystem=Object.assign({},this.getRootInjects(),this.getWrappedAndBoundActions(o),this.getWrappedAndBoundSelectors(i,this.getSystem),this.getStateThunks(i),this.getFn(),this.getConfigs()),s&&this.rebuildReducer()}_getSystem(){return this.boundSystem}getRootInjects(){return Object.assign({getSystem:this.getSystem,getStore:this.getStore.bind(this),getComponents:this.getComponents.bind(this),getState:this.getStore().getState,getConfigs:this._getConfigs.bind(this),Im:We(),React:Re},this.system.rootInjects||{})}_getConfigs(){return this.system.configs}getConfigs(){return{configs:this.system.configs}}setConfigs(s){this.system.configs=s}rebuildReducer(){this.store.replaceReducer(function buildReducer(s,o){return function allReducers(s,o){let i=Object.keys(s).reduce(((i,a)=>(i[a]=function makeReducer(s,o){return(i=new ze.Map,a)=>{if(!s)return i;let u=s[a.type];if(u){const s=wrapWithTryCatch(u,o)(i,a);return null===s?i:s}return i}}(s[a],o),i)),{});if(!Object.keys(i).length)return idFn;return(0,Xe.H)(i)}(objMap(s,(s=>s.reducers)),o)}(this.system.statePlugins,this.getSystem))}getType(s){let o=s[0].toUpperCase()+s.slice(1);return objReduce(this.system.statePlugins,((i,a)=>{let u=i[s];if(u)return{[a+o]:u}}))}getSelectors(){return this.getType("selectors")}getActions(){return objMap(this.getType("actions"),(s=>objReduce(s,((s,o)=>{if(isFn(s))return{[o]:s}}))))}getWrappedAndBoundActions(s){return objMap(this.getBoundActions(s),((s,o)=>{let i=this.system.statePlugins[o.slice(0,-7)].wrapActions;return i?objMap(s,((s,o)=>{let a=i[o];return a?(Array.isArray(a)||(a=[a]),a.reduce(((s,o)=>{let newAction=(...i)=>o(s,this.getSystem())(...i);if(!isFn(newAction))throw new TypeError("wrapActions needs to return a function that returns a new function (ie the wrapped action)");return wrapWithTryCatch(newAction,this.getSystem)}),s||Function.prototype)):s})):s}))}getWrappedAndBoundSelectors(s,o){return objMap(this.getBoundSelectors(s,o),((o,i)=>{let a=[i.slice(0,-9)],u=this.system.statePlugins[a].wrapSelectors;return u?objMap(o,((o,i)=>{let _=u[i];return _?(Array.isArray(_)||(_=[_]),_.reduce(((o,i)=>{let wrappedSelector=(...u)=>i(o,this.getSystem())(s().getIn(a),...u);if(!isFn(wrappedSelector))throw new TypeError("wrapSelector needs to return a function that returns a new function (ie the wrapped action)");return wrappedSelector}),o||Function.prototype)):o})):o}))}getStates(s){return Object.keys(this.system.statePlugins).reduce(((o,i)=>(o[i]=s.get(i),o)),{})}getStateThunks(s){return Object.keys(this.system.statePlugins).reduce(((o,i)=>(o[i]=()=>s().get(i),o)),{})}getFn(){return{fn:this.system.fn}}getComponents(s){const o=this.system.components[s];return Array.isArray(o)?o.reduce(((s,o)=>o(s,this.getSystem()))):void 0!==s?this.system.components[s]:this.system.components}getBoundSelectors(s,o){return objMap(this.getSelectors(),((i,a)=>{let u=[a.slice(0,-9)];return objMap(i,(i=>(...a)=>{let _=wrapWithTryCatch(i,this.getSystem).apply(null,[s().getIn(u),...a]);return"function"==typeof _&&(_=wrapWithTryCatch(_,this.getSystem)(o())),_}))}))}getBoundActions(s){s=s||this.getStore().dispatch;const o=this.getActions(),process=s=>"function"!=typeof s?objMap(s,(s=>process(s))):(...o)=>{var i=null;try{i=s(...o)}catch(s){i={type:rt,error:!0,payload:(0,Qe.serializeError)(s)}}finally{return i}};return objMap(o,(o=>function bindActionCreators(s,o){if("function"==typeof s)return bindActionCreator(s,o);if("object"!=typeof s||null===s)throw new Error(formatProdErrorMessage(16));const i={};for(const a in s){const u=s[a];"function"==typeof u&&(i[a]=bindActionCreator(u,o))}return i}(process(o),s)))}getMapStateToProps(){return()=>Object.assign({},this.getSystem())}getMapDispatchToProps(s){return o=>Ye()({},this.getWrappedAndBoundActions(o),this.getFn(),s)}}function combinePlugins(s,o){return isObject(s)&&!isArray(s)?tt()({},s):isFunc(s)?combinePlugins(s(o),o):isArray(s)?s.map((s=>combinePlugins(s,o))).reduce(systemExtend,{components:o.getComponents()}):{}}function callAfterLoad(s,o,{hasLoaded:i}={}){let a=i;return isObject(s)&&!isArray(s)&&"function"==typeof s.afterLoad&&(a=!0,wrapWithTryCatch(s.afterLoad,o.getSystem).call(this,o)),isFunc(s)?callAfterLoad.call(this,s(o),o,{hasLoaded:a}):isArray(s)?s.map((s=>callAfterLoad.call(this,s,o,{hasLoaded:a}))):a}function systemExtend(s={},o={}){if(!isObject(s))return{};if(!isObject(o))return s;o.wrapComponents&&(objMap(o.wrapComponents,((i,a)=>{const u=s.components&&s.components[a];u&&Array.isArray(u)?(s.components[a]=u.concat([i]),delete o.wrapComponents[a]):u&&(s.components[a]=[u,i],delete o.wrapComponents[a])})),Object.keys(o.wrapComponents).length||delete o.wrapComponents);const{statePlugins:i}=s;if(isObject(i))for(let s in i){const a=i[s];if(!isObject(a))continue;const{wrapActions:u,wrapSelectors:_}=a;if(isObject(u))for(let i in u){let a=u[i];Array.isArray(a)||(a=[a],u[i]=a),o&&o.statePlugins&&o.statePlugins[s]&&o.statePlugins[s].wrapActions&&o.statePlugins[s].wrapActions[i]&&(o.statePlugins[s].wrapActions[i]=u[i].concat(o.statePlugins[s].wrapActions[i]))}if(isObject(_))for(let i in _){let a=_[i];Array.isArray(a)||(a=[a],_[i]=a),o&&o.statePlugins&&o.statePlugins[s]&&o.statePlugins[s].wrapSelectors&&o.statePlugins[s].wrapSelectors[i]&&(o.statePlugins[s].wrapSelectors[i]=_[i].concat(o.statePlugins[s].wrapSelectors[i]))}}return Ye()(s,o)}function wrapWithTryCatch(s,o,{logErrors:i=!0}={}){return"function"!=typeof s?s:function(...a){try{return s.call(this,...a)}catch(s){if(i){const{uncaughtExceptionHandler:i}=o().getConfigs();"function"==typeof i?i(s):console.error(s)}return null}}}var Tt=__webpack_require__(61160),Nt=__webpack_require__.n(Tt);const Mt="show_popup",Rt="authorize",Dt="logout",Lt="authorize_oauth2",Ft="configure_auth",Bt="restore_authorization";function showDefinitions(s){return{type:Mt,payload:s}}function authorize(s){return{type:Rt,payload:s}}const authorizeWithPersistOption=s=>({authActions:o})=>{o.authorize(s),o.persistAuthorizationIfNeeded()};function logout(s){return{type:Dt,payload:s}}const logoutWithPersistOption=s=>({authActions:o})=>{o.logout(s),o.persistAuthorizationIfNeeded()},preAuthorizeImplicit=s=>({authActions:o,errActions:i})=>{let{auth:a,token:u,isValid:_}=s,{schema:w,name:x}=a,C=w.get("flow");delete lt.swaggerUIRedirectOauth2,"accessCode"===C||_||i.newAuthErr({authId:x,source:"auth",level:"warning",message:"Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server"}),u.error?i.newAuthErr({authId:x,source:"auth",level:"error",message:JSON.stringify(u)}):o.authorizeOauth2WithPersistOption({auth:a,token:u})};function authorizeOauth2(s){return{type:Lt,payload:s}}const authorizeOauth2WithPersistOption=s=>({authActions:o})=>{o.authorizeOauth2(s),o.persistAuthorizationIfNeeded()},authorizePassword=s=>({authActions:o})=>{let{schema:i,name:a,username:u,password:_,passwordType:w,clientId:x,clientSecret:C}=s,j={grant_type:"password",scope:s.scopes.join(" "),username:u,password:_},L={};switch(w){case"request-body":!function setClientIdAndSecret(s,o,i){o&&Object.assign(s,{client_id:o});i&&Object.assign(s,{client_secret:i})}(j,x,C);break;case"basic":L.Authorization="Basic "+utils_btoa(x+":"+C);break;default:console.warn(`Warning: invalid passwordType ${w} was passed, not including client id and secret`)}return o.authorizeRequest({body:buildFormData(j),url:i.get("tokenUrl"),name:a,headers:L,query:{},auth:s})};const authorizeApplication=s=>({authActions:o})=>{let{schema:i,scopes:a,name:u,clientId:_,clientSecret:w}=s,x={Authorization:"Basic "+utils_btoa(_+":"+w)},C={grant_type:"client_credentials",scope:a.join(" ")};return o.authorizeRequest({body:buildFormData(C),name:u,url:i.get("tokenUrl"),auth:s,headers:x})},authorizeAccessCodeWithFormParams=({auth:s,redirectUrl:o})=>({authActions:i})=>{let{schema:a,name:u,clientId:_,clientSecret:w,codeVerifier:x}=s,C={grant_type:"authorization_code",code:s.code,client_id:_,client_secret:w,redirect_uri:o,code_verifier:x};return i.authorizeRequest({body:buildFormData(C),name:u,url:a.get("tokenUrl"),auth:s})},authorizeAccessCodeWithBasicAuthentication=({auth:s,redirectUrl:o})=>({authActions:i})=>{let{schema:a,name:u,clientId:_,clientSecret:w,codeVerifier:x}=s,C={Authorization:"Basic "+utils_btoa(_+":"+w)},j={grant_type:"authorization_code",code:s.code,client_id:_,redirect_uri:o,code_verifier:x};return i.authorizeRequest({body:buildFormData(j),name:u,url:a.get("tokenUrl"),auth:s,headers:C})},authorizeRequest=s=>({fn:o,getConfigs:i,authActions:a,errActions:u,oas3Selectors:_,specSelectors:w,authSelectors:x})=>{let C,{body:j,query:L={},headers:B={},name:$,url:U,auth:V}=s,{additionalQueryStringParams:z}=x.getConfigs()||{};if(w.isOAS3()){let s=_.serverEffectiveValue(_.selectedServer());C=Nt()(U,s,!0)}else C=Nt()(U,w.url(),!0);"object"==typeof z&&(C.query=Object.assign({},C.query,z));const Y=C.toString();let Z=Object.assign({Accept:"application/json, text/plain, */*","Content-Type":"application/x-www-form-urlencoded","X-Requested-With":"XMLHttpRequest"},B);o.fetch({url:Y,method:"post",headers:Z,query:L,body:j,requestInterceptor:i().requestInterceptor,responseInterceptor:i().responseInterceptor}).then((function(s){let o=JSON.parse(s.data),i=o&&(o.error||""),_=o&&(o.parseError||"");s.ok?i||_?u.newAuthErr({authId:$,level:"error",source:"auth",message:JSON.stringify(o)}):a.authorizeOauth2WithPersistOption({auth:V,token:o}):u.newAuthErr({authId:$,level:"error",source:"auth",message:s.statusText})})).catch((s=>{let o=new Error(s).message;if(s.response&&s.response.data){const i=s.response.data;try{const s="string"==typeof i?JSON.parse(i):i;s.error&&(o+=`, error: ${s.error}`),s.error_description&&(o+=`, description: ${s.error_description}`)}catch(s){}}u.newAuthErr({authId:$,level:"error",source:"auth",message:o})}))};function configureAuth(s){return{type:Ft,payload:s}}function restoreAuthorization(s){return{type:Bt,payload:s}}const persistAuthorizationIfNeeded=()=>({authSelectors:s,getConfigs:o})=>{if(!o().persistAuthorization)return;const i=s.authorized().toJS();localStorage.setItem("authorized",JSON.stringify(i))},authPopup=(s,o)=>()=>{lt.swaggerUIRedirectOauth2=o,lt.open(s)},$t={[Mt]:(s,{payload:o})=>s.set("showDefinitions",o),[Rt]:(s,{payload:o})=>{let i=(0,ze.fromJS)(o),a=s.get("authorized")||(0,ze.Map)();return i.entrySeq().forEach((([o,i])=>{if(!isFunc(i.getIn))return s.set("authorized",a);let u=i.getIn(["schema","type"]);if("apiKey"===u||"http"===u)a=a.set(o,i);else if("basic"===u){let s=i.getIn(["value","username"]),u=i.getIn(["value","password"]);a=a.setIn([o,"value"],{username:s,header:"Basic "+utils_btoa(s+":"+u)}),a=a.setIn([o,"schema"],i.get("schema"))}})),s.set("authorized",a)},[Lt]:(s,{payload:o})=>{let i,{auth:a,token:u}=o;a.token=Object.assign({},u),i=(0,ze.fromJS)(a);let _=s.get("authorized")||(0,ze.Map)();return _=_.set(i.get("name"),i),s.set("authorized",_)},[Dt]:(s,{payload:o})=>{let i=s.get("authorized").withMutations((s=>{o.forEach((o=>{s.delete(o)}))}));return s.set("authorized",i)},[Ft]:(s,{payload:o})=>s.set("configs",o),[Bt]:(s,{payload:o})=>s.set("authorized",(0,ze.fromJS)(o.authorized))};function assertIsFunction(s,o="expected a function, instead received "+typeof s){if("function"!=typeof s)throw new TypeError(o)}var ensureIsArray=s=>Array.isArray(s)?s:[s];function getDependencies(s){const o=Array.isArray(s[0])?s[0]:s;return function assertIsArrayOfFunctions(s,o="expected all items to be functions, instead received the following types: "){if(!s.every((s=>"function"==typeof s))){const i=s.map((s=>"function"==typeof s?`function ${s.name||"unnamed"}()`:typeof s)).join(", ");throw new TypeError(`${o}[${i}]`)}}(o,"createSelector expects all input-selectors to be functions, but received the following types: "),o}Symbol(),Object.getPrototypeOf({});var qt="undefined"!=typeof WeakRef?WeakRef:class{constructor(s){this.value=s}deref(){return this.value}};function weakMapMemoize(s,o={}){let i={s:0,v:void 0,o:null,p:null};const{resultEqualityCheck:a}=o;let u,_=0;function memoized(){let o=i;const{length:w}=arguments;for(let s=0,i=w;s{i={s:0,v:void 0,o:null,p:null},memoized.resetResultsCount()},memoized.resultsCount=()=>_,memoized.resetResultsCount=()=>{_=0},memoized}function createSelectorCreator(s,...o){const i="function"==typeof s?{memoize:s,memoizeOptions:o}:s,createSelector2=(...s)=>{let o,a=0,u=0,_={},w=s.pop();"object"==typeof w&&(_=w,w=s.pop()),assertIsFunction(w,`createSelector expects an output function after the inputs, but received: [${typeof w}]`);const x={...i,..._},{memoize:C,memoizeOptions:j=[],argsMemoize:L=weakMapMemoize,argsMemoizeOptions:B=[],devModeChecks:$={}}=x,U=ensureIsArray(j),V=ensureIsArray(B),z=getDependencies(s),Y=C((function recomputationWrapper(){return a++,w.apply(null,arguments)}),...U);const Z=L((function dependenciesChecker(){u++;const s=function collectInputSelectorResults(s,o){const i=[],{length:a}=s;for(let u=0;uu,resetDependencyRecomputations:()=>{u=0},lastResult:()=>o,recomputations:()=>a,resetRecomputations:()=>{a=0},memoize:C,argsMemoize:L})};return Object.assign(createSelector2,{withTypes:()=>createSelector2}),createSelector2}var Ut=createSelectorCreator(weakMapMemoize),Vt=Object.assign(((s,o=Ut)=>{!function assertIsObject(s,o="expected an object, instead received "+typeof s){if("object"!=typeof s)throw new TypeError(o)}(s,"createStructuredSelector expects first argument to be an object where each property is a selector, instead received a "+typeof s);const i=Object.keys(s);return o(i.map((o=>s[o])),((...s)=>s.reduce(((s,o,a)=>(s[i[a]]=o,s)),{})))}),{withTypes:()=>Vt});const state=s=>s,zt=Ut(state,(s=>s.get("showDefinitions"))),Wt=Ut(state,(()=>({specSelectors:s})=>{let o=s.securityDefinitions()||(0,ze.Map)({}),i=(0,ze.List)();return o.entrySeq().forEach((([s,o])=>{let a=(0,ze.Map)();a=a.set(s,o),i=i.push(a)})),i})),selectAuthPath=(s,o)=>({specSelectors:s})=>(0,ze.List)(s.isOAS3()?["components","securitySchemes",o]:["securityDefinitions",o]),getDefinitionsByNames=(s,o)=>({specSelectors:s})=>{console.warn("WARNING: getDefinitionsByNames is deprecated and will be removed in the next major version.");let i=s.securityDefinitions(),a=(0,ze.List)();return o.valueSeq().forEach((s=>{let o=(0,ze.Map)();s.entrySeq().forEach((([s,a])=>{let u,_=i.get(s);"oauth2"===_.get("type")&&a.size&&(u=_.get("scopes"),u.keySeq().forEach((s=>{a.contains(s)||(u=u.delete(s))})),_=_.set("allowedScopes",u)),o=o.set(s,_)})),a=a.push(o)})),a},definitionsForRequirements=(s,o=(0,ze.List)())=>({authSelectors:s})=>{const i=s.definitionsToAuthorize()||(0,ze.List)();let a=(0,ze.List)();return i.forEach((s=>{let i=o.find((o=>o.get(s.keySeq().first())));i&&(s.forEach(((o,a)=>{if("oauth2"===o.get("type")){const u=i.get(a);let _=o.get("scopes");ze.List.isList(u)&&ze.Map.isMap(_)&&(_.keySeq().forEach((s=>{u.contains(s)||(_=_.delete(s))})),s=s.set(a,o.set("scopes",_)))}})),a=a.push(s))})),a},Jt=Ut(state,(s=>s.get("authorized")||(0,ze.Map)())),isAuthorized=(s,o)=>({authSelectors:s})=>{let i=s.authorized();return ze.List.isList(o)?!!o.toJS().filter((s=>-1===Object.keys(s).map((s=>!!i.get(s))).indexOf(!1))).length:null},Ht=Ut(state,(s=>s.get("configs"))),execute=(s,{authSelectors:o,specSelectors:i})=>({path:a,method:u,operation:_,extras:w})=>{let x={authorized:o.authorized()&&o.authorized().toJS(),definitions:i.securityDefinitions()&&i.securityDefinitions().toJS(),specSecurity:i.security()&&i.security().toJS()};return s({path:a,method:u,operation:_,securities:x,...w})},loaded=(s,o)=>i=>{const{getConfigs:a,authActions:u}=o,_=a();if(s(i),_.persistAuthorization){const s=localStorage.getItem("authorized");s&&u.restoreAuthorization({authorized:JSON.parse(s)})}},wrap_actions_authorize=(s,o)=>i=>{s(i);if(o.getConfigs().persistAuthorization)try{const[{schema:s,value:o}]=Object.values(i),a=(0,ze.fromJS)(s),u="apiKey"===a.get("type"),_="cookie"===a.get("in");u&&_&&(document.cookie=`${a.get("name")}=${o}; SameSite=None; Secure`)}catch(s){console.error("Error persisting cookie based apiKey in document.cookie.",s)}},wrap_actions_logout=(s,o)=>i=>{const a=o.getConfigs(),u=o.authSelectors.authorized();try{a.persistAuthorization&&Array.isArray(i)&&i.forEach((s=>{const o=u.get(s,{}),i="apiKey"===o.getIn(["schema","type"]),a="cookie"===o.getIn(["schema","in"]);if(i&&a){const s=o.getIn(["schema","name"]);document.cookie=`${s}=; Max-Age=-99999999`}}))}catch(s){console.error("Error deleting cookie based apiKey from document.cookie.",s)}s(i)};var Kt=__webpack_require__(90179),Gt=__webpack_require__.n(Kt);class LockAuthIcon extends Re.Component{mapStateToProps(s,o){return{state:s,ownProps:Gt()(o,Object.keys(o.getSystem()))}}render(){const{getComponent:s,ownProps:o}=this.props,i=s("LockIcon");return Re.createElement(i,o)}}const Yt=LockAuthIcon;class UnlockAuthIcon extends Re.Component{mapStateToProps(s,o){return{state:s,ownProps:Gt()(o,Object.keys(o.getSystem()))}}render(){const{getComponent:s,ownProps:o}=this.props,i=s("UnlockIcon");return Re.createElement(i,o)}}const Xt=UnlockAuthIcon;function auth(){return{afterLoad(s){this.rootInjects=this.rootInjects||{},this.rootInjects.initOAuth=s.authActions.configureAuth,this.rootInjects.preauthorizeApiKey=preauthorizeApiKey.bind(null,s),this.rootInjects.preauthorizeBasic=preauthorizeBasic.bind(null,s)},components:{LockAuthIcon:Yt,UnlockAuthIcon:Xt,LockAuthOperationIcon:Yt,UnlockAuthOperationIcon:Xt},statePlugins:{auth:{reducers:$t,actions:o,selectors:a,wrapActions:{authorize:wrap_actions_authorize,logout:wrap_actions_logout}},configs:{wrapActions:{loaded}},spec:{wrapActions:{execute}}}}}function preauthorizeBasic(s,o,i,a){const{authActions:{authorize:u},specSelectors:{specJson:_,isOAS3:w}}=s,x=w()?["components","securitySchemes"]:["securityDefinitions"],C=_().getIn([...x,o]);return C?u({[o]:{value:{username:i,password:a},schema:C.toJS()}}):null}function preauthorizeApiKey(s,o,i){const{authActions:{authorize:a},specSelectors:{specJson:u,isOAS3:_}}=s,w=_()?["components","securitySchemes"]:["securityDefinitions"],x=u().getIn([...w,o]);return x?a({[o]:{value:i,schema:x.toJS()}}):null}function isNothing(s){return null==s}var Qt=function repeat(s,o){var i,a="";for(i=0;ix&&(o=a-x+(_=" ... ").length),i-a>x&&(i=a+x-(w=" ...").length),{str:_+s.slice(o,i).replace(/\t/g,"→")+w,pos:a-o+_.length}}function padStart(s,o){return er.repeat(" ",o-s.length)+s}var rr=function makeSnippet(s,o){if(o=Object.create(o||null),!s.buffer)return null;o.maxLength||(o.maxLength=79),"number"!=typeof o.indent&&(o.indent=1),"number"!=typeof o.linesBefore&&(o.linesBefore=3),"number"!=typeof o.linesAfter&&(o.linesAfter=2);for(var i,a=/\r?\n|\r|\0/g,u=[0],_=[],w=-1;i=a.exec(s.buffer);)_.push(i.index),u.push(i.index+i[0].length),s.position<=i.index&&w<0&&(w=u.length-2);w<0&&(w=u.length-1);var x,C,j="",L=Math.min(s.line+o.linesAfter,_.length).toString().length,B=o.maxLength-(o.indent+L+3);for(x=1;x<=o.linesBefore&&!(w-x<0);x++)C=getLine(s.buffer,u[w-x],_[w-x],s.position-(u[w]-u[w-x]),B),j=er.repeat(" ",o.indent)+padStart((s.line-x+1).toString(),L)+" | "+C.str+"\n"+j;for(C=getLine(s.buffer,u[w],_[w],s.position,B),j+=er.repeat(" ",o.indent)+padStart((s.line+1).toString(),L)+" | "+C.str+"\n",j+=er.repeat("-",o.indent+L+3+C.pos)+"^\n",x=1;x<=o.linesAfter&&!(w+x>=_.length);x++)C=getLine(s.buffer,u[w+x],_[w+x],s.position-(u[w]-u[w+x]),B),j+=er.repeat(" ",o.indent)+padStart((s.line+x+1).toString(),L)+" | "+C.str+"\n";return j.replace(/\n$/,"")},nr=["kind","multi","resolve","construct","instanceOf","predicate","represent","representName","defaultStyle","styleAliases"],sr=["scalar","sequence","mapping"];var ir=function Type$1(s,o){if(o=o||{},Object.keys(o).forEach((function(o){if(-1===nr.indexOf(o))throw new tr('Unknown option "'+o+'" is met in definition of "'+s+'" YAML type.')})),this.options=o,this.tag=s,this.kind=o.kind||null,this.resolve=o.resolve||function(){return!0},this.construct=o.construct||function(s){return s},this.instanceOf=o.instanceOf||null,this.predicate=o.predicate||null,this.represent=o.represent||null,this.representName=o.representName||null,this.defaultStyle=o.defaultStyle||null,this.multi=o.multi||!1,this.styleAliases=function compileStyleAliases(s){var o={};return null!==s&&Object.keys(s).forEach((function(i){s[i].forEach((function(s){o[String(s)]=i}))})),o}(o.styleAliases||null),-1===sr.indexOf(this.kind))throw new tr('Unknown kind "'+this.kind+'" is specified for "'+s+'" YAML type.')};function compileList(s,o){var i=[];return s[o].forEach((function(s){var o=i.length;i.forEach((function(i,a){i.tag===s.tag&&i.kind===s.kind&&i.multi===s.multi&&(o=a)})),i[o]=s})),i}function Schema$1(s){return this.extend(s)}Schema$1.prototype.extend=function extend(s){var o=[],i=[];if(s instanceof ir)i.push(s);else if(Array.isArray(s))i=i.concat(s);else{if(!s||!Array.isArray(s.implicit)&&!Array.isArray(s.explicit))throw new tr("Schema.extend argument should be a Type, [ Type ], or a schema definition ({ implicit: [...], explicit: [...] })");s.implicit&&(o=o.concat(s.implicit)),s.explicit&&(i=i.concat(s.explicit))}o.forEach((function(s){if(!(s instanceof ir))throw new tr("Specified list of YAML types (or a single Type object) contains a non-Type object.");if(s.loadKind&&"scalar"!==s.loadKind)throw new tr("There is a non-scalar type in the implicit list of a schema. Implicit resolving of such types is not supported.");if(s.multi)throw new tr("There is a multi type in the implicit list of a schema. Multi tags can only be listed as explicit.")})),i.forEach((function(s){if(!(s instanceof ir))throw new tr("Specified list of YAML types (or a single Type object) contains a non-Type object.")}));var a=Object.create(Schema$1.prototype);return a.implicit=(this.implicit||[]).concat(o),a.explicit=(this.explicit||[]).concat(i),a.compiledImplicit=compileList(a,"implicit"),a.compiledExplicit=compileList(a,"explicit"),a.compiledTypeMap=function compileMap(){var s,o,i={scalar:{},sequence:{},mapping:{},fallback:{},multi:{scalar:[],sequence:[],mapping:[],fallback:[]}};function collectType(s){s.multi?(i.multi[s.kind].push(s),i.multi.fallback.push(s)):i[s.kind][s.tag]=i.fallback[s.tag]=s}for(s=0,o=arguments.length;s=0?"0b"+s.toString(2):"-0b"+s.toString(2).slice(1)},octal:function(s){return s>=0?"0o"+s.toString(8):"-0o"+s.toString(8).slice(1)},decimal:function(s){return s.toString(10)},hexadecimal:function(s){return s>=0?"0x"+s.toString(16).toUpperCase():"-0x"+s.toString(16).toUpperCase().slice(1)}},defaultStyle:"decimal",styleAliases:{binary:[2,"bin"],octal:[8,"oct"],decimal:[10,"dec"],hexadecimal:[16,"hex"]}}),gr=new RegExp("^(?:[-+]?(?:[0-9][0-9_]*)(?:\\.[0-9_]*)?(?:[eE][-+]?[0-9]+)?|\\.[0-9_]+(?:[eE][-+]?[0-9]+)?|[-+]?\\.(?:inf|Inf|INF)|\\.(?:nan|NaN|NAN))$");var yr=/^[-+]?[0-9]+e/;var vr=new ir("tag:yaml.org,2002:float",{kind:"scalar",resolve:function resolveYamlFloat(s){return null!==s&&!(!gr.test(s)||"_"===s[s.length-1])},construct:function constructYamlFloat(s){var o,i;return i="-"===(o=s.replace(/_/g,"").toLowerCase())[0]?-1:1,"+-".indexOf(o[0])>=0&&(o=o.slice(1)),".inf"===o?1===i?Number.POSITIVE_INFINITY:Number.NEGATIVE_INFINITY:".nan"===o?NaN:i*parseFloat(o,10)},predicate:function isFloat(s){return"[object Number]"===Object.prototype.toString.call(s)&&(s%1!=0||er.isNegativeZero(s))},represent:function representYamlFloat(s,o){var i;if(isNaN(s))switch(o){case"lowercase":return".nan";case"uppercase":return".NAN";case"camelcase":return".NaN"}else if(Number.POSITIVE_INFINITY===s)switch(o){case"lowercase":return".inf";case"uppercase":return".INF";case"camelcase":return".Inf"}else if(Number.NEGATIVE_INFINITY===s)switch(o){case"lowercase":return"-.inf";case"uppercase":return"-.INF";case"camelcase":return"-.Inf"}else if(er.isNegativeZero(s))return"-0.0";return i=s.toString(10),yr.test(i)?i.replace("e",".e"):i},defaultStyle:"lowercase"}),br=pr.extend({implicit:[dr,fr,mr,vr]}),_r=br,Sr=new RegExp("^([0-9][0-9][0-9][0-9])-([0-9][0-9])-([0-9][0-9])$"),Er=new RegExp("^([0-9][0-9][0-9][0-9])-([0-9][0-9]?)-([0-9][0-9]?)(?:[Tt]|[ \\t]+)([0-9][0-9]?):([0-9][0-9]):([0-9][0-9])(?:\\.([0-9]*))?(?:[ \\t]*(Z|([-+])([0-9][0-9]?)(?::([0-9][0-9]))?))?$");var wr=new ir("tag:yaml.org,2002:timestamp",{kind:"scalar",resolve:function resolveYamlTimestamp(s){return null!==s&&(null!==Sr.exec(s)||null!==Er.exec(s))},construct:function constructYamlTimestamp(s){var o,i,a,u,_,w,x,C,j=0,L=null;if(null===(o=Sr.exec(s))&&(o=Er.exec(s)),null===o)throw new Error("Date resolve error");if(i=+o[1],a=+o[2]-1,u=+o[3],!o[4])return new Date(Date.UTC(i,a,u));if(_=+o[4],w=+o[5],x=+o[6],o[7]){for(j=o[7].slice(0,3);j.length<3;)j+="0";j=+j}return o[9]&&(L=6e4*(60*+o[10]+ +(o[11]||0)),"-"===o[9]&&(L=-L)),C=new Date(Date.UTC(i,a,u,_,w,x,j)),L&&C.setTime(C.getTime()-L),C},instanceOf:Date,represent:function representYamlTimestamp(s){return s.toISOString()}});var xr=new ir("tag:yaml.org,2002:merge",{kind:"scalar",resolve:function resolveYamlMerge(s){return"<<"===s||null===s}}),kr="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=\n\r";var Or=new ir("tag:yaml.org,2002:binary",{kind:"scalar",resolve:function resolveYamlBinary(s){if(null===s)return!1;var o,i,a=0,u=s.length,_=kr;for(i=0;i64)){if(o<0)return!1;a+=6}return a%8==0},construct:function constructYamlBinary(s){var o,i,a=s.replace(/[\r\n=]/g,""),u=a.length,_=kr,w=0,x=[];for(o=0;o>16&255),x.push(w>>8&255),x.push(255&w)),w=w<<6|_.indexOf(a.charAt(o));return 0===(i=u%4*6)?(x.push(w>>16&255),x.push(w>>8&255),x.push(255&w)):18===i?(x.push(w>>10&255),x.push(w>>2&255)):12===i&&x.push(w>>4&255),new Uint8Array(x)},predicate:function isBinary(s){return"[object Uint8Array]"===Object.prototype.toString.call(s)},represent:function representYamlBinary(s){var o,i,a="",u=0,_=s.length,w=kr;for(o=0;o<_;o++)o%3==0&&o&&(a+=w[u>>18&63],a+=w[u>>12&63],a+=w[u>>6&63],a+=w[63&u]),u=(u<<8)+s[o];return 0===(i=_%3)?(a+=w[u>>18&63],a+=w[u>>12&63],a+=w[u>>6&63],a+=w[63&u]):2===i?(a+=w[u>>10&63],a+=w[u>>4&63],a+=w[u<<2&63],a+=w[64]):1===i&&(a+=w[u>>2&63],a+=w[u<<4&63],a+=w[64],a+=w[64]),a}}),Ar=Object.prototype.hasOwnProperty,Cr=Object.prototype.toString;var jr=new ir("tag:yaml.org,2002:omap",{kind:"sequence",resolve:function resolveYamlOmap(s){if(null===s)return!0;var o,i,a,u,_,w=[],x=s;for(o=0,i=x.length;o>10),56320+(s-65536&1023))}function setProperty(s,o,i){"__proto__"===o?Object.defineProperty(s,o,{configurable:!0,enumerable:!0,writable:!0,value:i}):s[o]=i}for(var qr=new Array(256),Ur=new Array(256),Vr=0;Vr<256;Vr++)qr[Vr]=simpleEscapeSequence(Vr)?1:0,Ur[Vr]=simpleEscapeSequence(Vr);function State$1(s,o){this.input=s,this.filename=o.filename||null,this.schema=o.schema||Mr,this.onWarning=o.onWarning||null,this.legacy=o.legacy||!1,this.json=o.json||!1,this.listener=o.listener||null,this.implicitTypes=this.schema.compiledImplicit,this.typeMap=this.schema.compiledTypeMap,this.length=s.length,this.position=0,this.line=0,this.lineStart=0,this.lineIndent=0,this.firstTabInLine=-1,this.documents=[]}function generateError(s,o){var i={name:s.filename,buffer:s.input.slice(0,-1),position:s.position,line:s.line,column:s.position-s.lineStart};return i.snippet=rr(i),new tr(o,i)}function throwError(s,o){throw generateError(s,o)}function throwWarning(s,o){s.onWarning&&s.onWarning.call(null,generateError(s,o))}var zr={YAML:function handleYamlDirective(s,o,i){var a,u,_;null!==s.version&&throwError(s,"duplication of %YAML directive"),1!==i.length&&throwError(s,"YAML directive accepts exactly one argument"),null===(a=/^([0-9]+)\.([0-9]+)$/.exec(i[0]))&&throwError(s,"ill-formed argument of the YAML directive"),u=parseInt(a[1],10),_=parseInt(a[2],10),1!==u&&throwError(s,"unacceptable YAML version of the document"),s.version=i[0],s.checkLineBreaks=_<2,1!==_&&2!==_&&throwWarning(s,"unsupported YAML version of the document")},TAG:function handleTagDirective(s,o,i){var a,u;2!==i.length&&throwError(s,"TAG directive accepts exactly two arguments"),a=i[0],u=i[1],Br.test(a)||throwError(s,"ill-formed tag handle (first argument) of the TAG directive"),Rr.call(s.tagMap,a)&&throwError(s,'there is a previously declared suffix for "'+a+'" tag handle'),$r.test(u)||throwError(s,"ill-formed tag prefix (second argument) of the TAG directive");try{u=decodeURIComponent(u)}catch(o){throwError(s,"tag prefix is malformed: "+u)}s.tagMap[a]=u}};function captureSegment(s,o,i,a){var u,_,w,x;if(o1&&(s.result+=er.repeat("\n",o-1))}function readBlockSequence(s,o){var i,a,u=s.tag,_=s.anchor,w=[],x=!1;if(-1!==s.firstTabInLine)return!1;for(null!==s.anchor&&(s.anchorMap[s.anchor]=w),a=s.input.charCodeAt(s.position);0!==a&&(-1!==s.firstTabInLine&&(s.position=s.firstTabInLine,throwError(s,"tab characters must not be used in indentation")),45===a)&&is_WS_OR_EOL(s.input.charCodeAt(s.position+1));)if(x=!0,s.position++,skipSeparationSpace(s,!0,-1)&&s.lineIndent<=o)w.push(null),a=s.input.charCodeAt(s.position);else if(i=s.line,composeNode(s,o,3,!1,!0),w.push(s.result),skipSeparationSpace(s,!0,-1),a=s.input.charCodeAt(s.position),(s.line===i||s.lineIndent>o)&&0!==a)throwError(s,"bad indentation of a sequence entry");else if(s.lineIndento?V=1:s.lineIndent===o?V=0:s.lineIndento?V=1:s.lineIndent===o?V=0:s.lineIndento)&&(Z&&(w=s.line,x=s.lineStart,C=s.position),composeNode(s,o,4,!0,u)&&(Z?z=s.result:Y=s.result),Z||(storeMappingPair(s,$,U,V,z,Y,w,x,C),V=z=Y=null),skipSeparationSpace(s,!0,-1),j=s.input.charCodeAt(s.position)),(s.line===_||s.lineIndent>o)&&0!==j)throwError(s,"bad indentation of a mapping entry");else if(s.lineIndent=0))break;0===u?throwError(s,"bad explicit indentation width of a block scalar; it cannot be less than one"):j?throwError(s,"repeat of an indentation width identifier"):(L=o+u-1,j=!0)}if(is_WHITE_SPACE(_)){do{_=s.input.charCodeAt(++s.position)}while(is_WHITE_SPACE(_));if(35===_)do{_=s.input.charCodeAt(++s.position)}while(!is_EOL(_)&&0!==_)}for(;0!==_;){for(readLineBreak(s),s.lineIndent=0,_=s.input.charCodeAt(s.position);(!j||s.lineIndentL&&(L=s.lineIndent),is_EOL(_))B++;else{if(s.lineIndent0){for(u=w,_=0;u>0;u--)(w=fromHexCode(x=s.input.charCodeAt(++s.position)))>=0?_=(_<<4)+w:throwError(s,"expected hexadecimal character");s.result+=charFromCodepoint(_),s.position++}else throwError(s,"unknown escape sequence");i=a=s.position}else is_EOL(x)?(captureSegment(s,i,a,!0),writeFoldedLines(s,skipSeparationSpace(s,!1,o)),i=a=s.position):s.position===s.lineStart&&testDocumentSeparator(s)?throwError(s,"unexpected end of the document within a double quoted scalar"):(s.position++,a=s.position)}throwError(s,"unexpected end of the stream within a double quoted scalar")}(s,$)?Y=!0:!function readAlias(s){var o,i,a;if(42!==(a=s.input.charCodeAt(s.position)))return!1;for(a=s.input.charCodeAt(++s.position),o=s.position;0!==a&&!is_WS_OR_EOL(a)&&!is_FLOW_INDICATOR(a);)a=s.input.charCodeAt(++s.position);return s.position===o&&throwError(s,"name of an alias node must contain at least one character"),i=s.input.slice(o,s.position),Rr.call(s.anchorMap,i)||throwError(s,'unidentified alias "'+i+'"'),s.result=s.anchorMap[i],skipSeparationSpace(s,!0,-1),!0}(s)?function readPlainScalar(s,o,i){var a,u,_,w,x,C,j,L,B=s.kind,$=s.result;if(is_WS_OR_EOL(L=s.input.charCodeAt(s.position))||is_FLOW_INDICATOR(L)||35===L||38===L||42===L||33===L||124===L||62===L||39===L||34===L||37===L||64===L||96===L)return!1;if((63===L||45===L)&&(is_WS_OR_EOL(a=s.input.charCodeAt(s.position+1))||i&&is_FLOW_INDICATOR(a)))return!1;for(s.kind="scalar",s.result="",u=_=s.position,w=!1;0!==L;){if(58===L){if(is_WS_OR_EOL(a=s.input.charCodeAt(s.position+1))||i&&is_FLOW_INDICATOR(a))break}else if(35===L){if(is_WS_OR_EOL(s.input.charCodeAt(s.position-1)))break}else{if(s.position===s.lineStart&&testDocumentSeparator(s)||i&&is_FLOW_INDICATOR(L))break;if(is_EOL(L)){if(x=s.line,C=s.lineStart,j=s.lineIndent,skipSeparationSpace(s,!1,-1),s.lineIndent>=o){w=!0,L=s.input.charCodeAt(s.position);continue}s.position=_,s.line=x,s.lineStart=C,s.lineIndent=j;break}}w&&(captureSegment(s,u,_,!1),writeFoldedLines(s,s.line-x),u=_=s.position,w=!1),is_WHITE_SPACE(L)||(_=s.position+1),L=s.input.charCodeAt(++s.position)}return captureSegment(s,u,_,!1),!!s.result||(s.kind=B,s.result=$,!1)}(s,$,1===i)&&(Y=!0,null===s.tag&&(s.tag="?")):(Y=!0,null===s.tag&&null===s.anchor||throwError(s,"alias node should not have any properties")),null!==s.anchor&&(s.anchorMap[s.anchor]=s.result)):0===V&&(Y=x&&readBlockSequence(s,U))),null===s.tag)null!==s.anchor&&(s.anchorMap[s.anchor]=s.result);else if("?"===s.tag){for(null!==s.result&&"scalar"!==s.kind&&throwError(s,'unacceptable node kind for ! tag; it should be "scalar", not "'+s.kind+'"'),C=0,j=s.implicitTypes.length;C"),null!==s.result&&B.kind!==s.kind&&throwError(s,"unacceptable node kind for !<"+s.tag+'> tag; it should be "'+B.kind+'", not "'+s.kind+'"'),B.resolve(s.result,s.tag)?(s.result=B.construct(s.result,s.tag),null!==s.anchor&&(s.anchorMap[s.anchor]=s.result)):throwError(s,"cannot resolve a node with !<"+s.tag+"> explicit tag")}return null!==s.listener&&s.listener("close",s),null!==s.tag||null!==s.anchor||Y}function readDocument(s){var o,i,a,u,_=s.position,w=!1;for(s.version=null,s.checkLineBreaks=s.legacy,s.tagMap=Object.create(null),s.anchorMap=Object.create(null);0!==(u=s.input.charCodeAt(s.position))&&(skipSeparationSpace(s,!0,-1),u=s.input.charCodeAt(s.position),!(s.lineIndent>0||37!==u));){for(w=!0,u=s.input.charCodeAt(++s.position),o=s.position;0!==u&&!is_WS_OR_EOL(u);)u=s.input.charCodeAt(++s.position);for(a=[],(i=s.input.slice(o,s.position)).length<1&&throwError(s,"directive name must not be less than one character in length");0!==u;){for(;is_WHITE_SPACE(u);)u=s.input.charCodeAt(++s.position);if(35===u){do{u=s.input.charCodeAt(++s.position)}while(0!==u&&!is_EOL(u));break}if(is_EOL(u))break;for(o=s.position;0!==u&&!is_WS_OR_EOL(u);)u=s.input.charCodeAt(++s.position);a.push(s.input.slice(o,s.position))}0!==u&&readLineBreak(s),Rr.call(zr,i)?zr[i](s,i,a):throwWarning(s,'unknown document directive "'+i+'"')}skipSeparationSpace(s,!0,-1),0===s.lineIndent&&45===s.input.charCodeAt(s.position)&&45===s.input.charCodeAt(s.position+1)&&45===s.input.charCodeAt(s.position+2)?(s.position+=3,skipSeparationSpace(s,!0,-1)):w&&throwError(s,"directives end mark is expected"),composeNode(s,s.lineIndent-1,4,!1,!0),skipSeparationSpace(s,!0,-1),s.checkLineBreaks&&Lr.test(s.input.slice(_,s.position))&&throwWarning(s,"non-ASCII line breaks are interpreted as content"),s.documents.push(s.result),s.position===s.lineStart&&testDocumentSeparator(s)?46===s.input.charCodeAt(s.position)&&(s.position+=3,skipSeparationSpace(s,!0,-1)):s.position=55296&&a<=56319&&o+1=56320&&i<=57343?1024*(a-55296)+i-56320+65536:a}function needIndentIndicator(s){return/^\n* /.test(s)}function chooseScalarStyle(s,o,i,a,u,_,w,x){var C,j=0,L=null,B=!1,$=!1,U=-1!==a,V=-1,z=function isPlainSafeFirst(s){return isPrintable(s)&&s!==Kr&&!isWhitespace(s)&&45!==s&&63!==s&&58!==s&&44!==s&&91!==s&&93!==s&&123!==s&&125!==s&&35!==s&&38!==s&&42!==s&&33!==s&&124!==s&&61!==s&&62!==s&&39!==s&&34!==s&&37!==s&&64!==s&&96!==s}(codePointAt(s,0))&&function isPlainSafeLast(s){return!isWhitespace(s)&&58!==s}(codePointAt(s,s.length-1));if(o||w)for(C=0;C=65536?C+=2:C++){if(!isPrintable(j=codePointAt(s,C)))return 5;z=z&&isPlainSafe(j,L,x),L=j}else{for(C=0;C=65536?C+=2:C++){if(10===(j=codePointAt(s,C)))B=!0,U&&($=$||C-V-1>a&&" "!==s[V+1],V=C);else if(!isPrintable(j))return 5;z=z&&isPlainSafe(j,L,x),L=j}$=$||U&&C-V-1>a&&" "!==s[V+1]}return B||$?i>9&&needIndentIndicator(s)?5:w?2===_?5:2:$?4:3:!z||w||u(s)?2===_?5:2:1}function writeScalar(s,o,i,a,u){s.dump=function(){if(0===o.length)return 2===s.quotingType?'""':"''";if(!s.noCompatMode&&(-1!==Yr.indexOf(o)||Xr.test(o)))return 2===s.quotingType?'"'+o+'"':"'"+o+"'";var _=s.indent*Math.max(1,i),w=-1===s.lineWidth?-1:Math.max(Math.min(s.lineWidth,40),s.lineWidth-_),x=a||s.flowLevel>-1&&i>=s.flowLevel;switch(chooseScalarStyle(o,x,s.indent,w,(function testAmbiguity(o){return function testImplicitResolving(s,o){var i,a;for(i=0,a=s.implicitTypes.length;i"+blockHeader(o,s.indent)+dropEndingNewline(indentString(function foldString(s,o){var i,a,u=/(\n+)([^\n]*)/g,_=(x=s.indexOf("\n"),x=-1!==x?x:s.length,u.lastIndex=x,foldLine(s.slice(0,x),o)),w="\n"===s[0]||" "===s[0];var x;for(;a=u.exec(s);){var C=a[1],j=a[2];i=" "===j[0],_+=C+(w||i||""===j?"":"\n")+foldLine(j,o),w=i}return _}(o,w),_));case 5:return'"'+function escapeString(s){for(var o,i="",a=0,u=0;u=65536?u+=2:u++)a=codePointAt(s,u),!(o=Gr[a])&&isPrintable(a)?(i+=s[u],a>=65536&&(i+=s[u+1])):i+=o||encodeHex(a);return i}(o)+'"';default:throw new tr("impossible error: invalid scalar style")}}()}function blockHeader(s,o){var i=needIndentIndicator(s)?String(o):"",a="\n"===s[s.length-1];return i+(a&&("\n"===s[s.length-2]||"\n"===s)?"+":a?"":"-")+"\n"}function dropEndingNewline(s){return"\n"===s[s.length-1]?s.slice(0,-1):s}function foldLine(s,o){if(""===s||" "===s[0])return s;for(var i,a,u=/ [^ ]/g,_=0,w=0,x=0,C="";i=u.exec(s);)(x=i.index)-_>o&&(a=w>_?w:x,C+="\n"+s.slice(_,a),_=a+1),w=x;return C+="\n",s.length-_>o&&w>_?C+=s.slice(_,w)+"\n"+s.slice(w+1):C+=s.slice(_),C.slice(1)}function writeBlockSequence(s,o,i,a){var u,_,w,x="",C=s.tag;for(u=0,_=i.length;u<_;u+=1)w=i[u],s.replacer&&(w=s.replacer.call(i,String(u),w)),(writeNode(s,o+1,w,!0,!0,!1,!0)||void 0===w&&writeNode(s,o+1,null,!0,!0,!1,!0))&&(a&&""===x||(x+=generateNextLine(s,o)),s.dump&&10===s.dump.charCodeAt(0)?x+="-":x+="- ",x+=s.dump);s.tag=C,s.dump=x||"[]"}function detectType(s,o,i){var a,u,_,w,x,C;for(_=0,w=(u=i?s.explicitTypes:s.implicitTypes).length;_ tag resolver accepts not "'+C+'" style');a=x.represent[C](o,C)}s.dump=a}return!0}return!1}function writeNode(s,o,i,a,u,_,w){s.tag=null,s.dump=i,detectType(s,i,!1)||detectType(s,i,!0);var x,C=Jr.call(s.dump),j=a;a&&(a=s.flowLevel<0||s.flowLevel>o);var L,B,$="[object Object]"===C||"[object Array]"===C;if($&&(B=-1!==(L=s.duplicates.indexOf(i))),(null!==s.tag&&"?"!==s.tag||B||2!==s.indent&&o>0)&&(u=!1),B&&s.usedDuplicates[L])s.dump="*ref_"+L;else{if($&&B&&!s.usedDuplicates[L]&&(s.usedDuplicates[L]=!0),"[object Object]"===C)a&&0!==Object.keys(s.dump).length?(!function writeBlockMapping(s,o,i,a){var u,_,w,x,C,j,L="",B=s.tag,$=Object.keys(i);if(!0===s.sortKeys)$.sort();else if("function"==typeof s.sortKeys)$.sort(s.sortKeys);else if(s.sortKeys)throw new tr("sortKeys must be a boolean or a function");for(u=0,_=$.length;u<_;u+=1)j="",a&&""===L||(j+=generateNextLine(s,o)),x=i[w=$[u]],s.replacer&&(x=s.replacer.call(i,w,x)),writeNode(s,o+1,w,!0,!0,!0)&&((C=null!==s.tag&&"?"!==s.tag||s.dump&&s.dump.length>1024)&&(s.dump&&10===s.dump.charCodeAt(0)?j+="?":j+="? "),j+=s.dump,C&&(j+=generateNextLine(s,o)),writeNode(s,o+1,x,!0,C)&&(s.dump&&10===s.dump.charCodeAt(0)?j+=":":j+=": ",L+=j+=s.dump));s.tag=B,s.dump=L||"{}"}(s,o,s.dump,u),B&&(s.dump="&ref_"+L+s.dump)):(!function writeFlowMapping(s,o,i){var a,u,_,w,x,C="",j=s.tag,L=Object.keys(i);for(a=0,u=L.length;a1024&&(x+="? "),x+=s.dump+(s.condenseFlow?'"':"")+":"+(s.condenseFlow?"":" "),writeNode(s,o,w,!1,!1)&&(C+=x+=s.dump));s.tag=j,s.dump="{"+C+"}"}(s,o,s.dump),B&&(s.dump="&ref_"+L+" "+s.dump));else if("[object Array]"===C)a&&0!==s.dump.length?(s.noArrayIndent&&!w&&o>0?writeBlockSequence(s,o-1,s.dump,u):writeBlockSequence(s,o,s.dump,u),B&&(s.dump="&ref_"+L+s.dump)):(!function writeFlowSequence(s,o,i){var a,u,_,w="",x=s.tag;for(a=0,u=i.length;a",s.dump=x+" "+s.dump)}return!0}function getDuplicateReferences(s,o){var i,a,u=[],_=[];for(inspectNode(s,u,_),i=0,a=_.length;i()=>{},downloadConfig=s=>o=>{const{fn:{fetch:i}}=o;return i(s)},getConfigByUrl=(s,o)=>i=>{const{specActions:a,configsActions:u}=i;if(s)return u.downloadConfig(s).then(next,next);function next(u){u instanceof Error||u.status>=400?(a.updateLoadingStatus("failedConfig"),a.updateLoadingStatus("failedConfig"),a.updateUrl(""),console.error(u.statusText+" "+s.url),o(null)):o(((s,o)=>{try{return fn.load(s)}catch(s){return o&&o.errActions.newThrownErr(new Error(s)),{}}})(u.text,i))}},get=(s,o)=>s.getIn(Array.isArray(o)?o:[o]),yn={[mn]:(s,o)=>s.merge((0,ze.fromJS)(o.payload)),[gn]:(s,o)=>{const i=o.payload,a=s.get(i);return s.set(i,!a)}};function configsPlugin(){return{statePlugins:{configs:{reducers:yn,actions:u,selectors:_}}}}const setHash=s=>s?history.pushState(null,null,`#${s}`):window.location.hash="";var vn=__webpack_require__(86215),bn=__webpack_require__.n(vn);const _n="layout_scroll_to",Sn="layout_clear_scroll";const En={fn:{getScrollParent:function getScrollParent(s,o){const i=document.documentElement;let a=getComputedStyle(s);const u="absolute"===a.position,_=o?/(auto|scroll|hidden)/:/(auto|scroll)/;if("fixed"===a.position)return i;for(let o=s;o=o.parentElement;)if(a=getComputedStyle(o),(!u||"static"!==a.position)&&_.test(a.overflow+a.overflowY+a.overflowX))return o;return i}},statePlugins:{layout:{actions:{scrollToElement:(s,o)=>i=>{try{o=o||i.fn.getScrollParent(s),bn().createScroller(o).to(s)}catch(s){console.error(s)}},scrollTo:s=>({type:_n,payload:Array.isArray(s)?s:[s]}),clearScrollTo:()=>({type:Sn}),readyToScroll:(s,o)=>i=>{const a=i.layoutSelectors.getScrollToKey();We().is(a,(0,ze.fromJS)(s))&&(i.layoutActions.scrollToElement(o),i.layoutActions.clearScrollTo())},parseDeepLinkHash:s=>({layoutActions:o,layoutSelectors:i,getConfigs:a})=>{if(a().deepLinking&&s){let a=s.slice(1);"!"===a[0]&&(a=a.slice(1)),"/"===a[0]&&(a=a.slice(1));const u=a.split("/").map((s=>s||"")),_=i.isShownKeyFromUrlHashArray(u),[w,x="",C=""]=_;if("operations"===w){const s=i.isShownKeyFromUrlHashArray([x]);x.indexOf("_")>-1&&(console.warn("Warning: escaping deep link whitespace with `_` will be unsupported in v4.0, use `%20` instead."),o.show(s.map((s=>s.replace(/_/g," "))),!0)),o.show(s,!0)}(x.indexOf("_")>-1||C.indexOf("_")>-1)&&(console.warn("Warning: escaping deep link whitespace with `_` will be unsupported in v4.0, use `%20` instead."),o.show(_.map((s=>s.replace(/_/g," "))),!0)),o.show(_,!0),o.scrollTo(_)}}},selectors:{getScrollToKey:s=>s.get("scrollToKey"),isShownKeyFromUrlHashArray(s,o){const[i,a]=o;return a?["operations",i,a]:i?["operations-tag",i]:[]},urlHashArrayFromIsShownKey(s,o){let[i,a,u]=o;return"operations"==i?[a,u]:"operations-tag"==i?[a]:[]}},reducers:{[_n]:(s,o)=>s.set("scrollToKey",We().fromJS(o.payload)),[Sn]:s=>s.delete("scrollToKey")},wrapActions:{show:(s,{getConfigs:o,layoutSelectors:i})=>(...a)=>{if(s(...a),o().deepLinking)try{let[s,o]=a;s=Array.isArray(s)?s:[s];const u=i.urlHashArrayFromIsShownKey(s);if(!u.length)return;const[_,w]=u;if(!o)return setHash("/");2===u.length?setHash(createDeepLinkPath(`/${encodeURIComponent(_)}/${encodeURIComponent(w)}`)):1===u.length&&setHash(createDeepLinkPath(`/${encodeURIComponent(_)}`))}catch(s){console.error(s)}}}}}};var wn=__webpack_require__(2209),xn=__webpack_require__.n(wn);const operation_wrapper=(s,o)=>class OperationWrapper extends Re.Component{onLoad=s=>{const{operation:i}=this.props,{tag:a,operationId:u}=i.toObject();let{isShownKey:_}=i.toObject();_=_||["operations",a,u],o.layoutActions.readyToScroll(_,s)};render(){return Re.createElement("span",{ref:this.onLoad},Re.createElement(s,this.props))}},operation_tag_wrapper=(s,o)=>class OperationTagWrapper extends Re.Component{onLoad=s=>{const{tag:i}=this.props,a=["operations-tag",i];o.layoutActions.readyToScroll(a,s)};render(){return Re.createElement("span",{ref:this.onLoad},Re.createElement(s,this.props))}};function deep_linking(){return[En,{statePlugins:{configs:{wrapActions:{loaded:(s,o)=>(...i)=>{s(...i);const a=decodeURIComponent(window.location.hash);o.layoutActions.parseDeepLinkHash(a)}}}},wrapComponents:{operation:operation_wrapper,OperationTag:operation_tag_wrapper}}]}var kn=__webpack_require__(40860),On=__webpack_require__.n(kn);function transform(s){return s.map((s=>{let o="is not of a type(s)",i=s.get("message").indexOf(o);if(i>-1){let o=s.get("message").slice(i+19).split(",");return s.set("message",s.get("message").slice(0,i)+function makeNewMessage(s){return s.reduce(((s,o,i,a)=>i===a.length-1&&a.length>1?s+"or "+o:a[i+1]&&a.length>2?s+o+", ":a[i+1]?s+o+" ":s+o),"should be a")}(o))}return s}))}var An=__webpack_require__(58156),Cn=__webpack_require__.n(An);function parameter_oneof_transform(s,{jsSpec:o}){return s}const jn=[w,x];function transformErrors(s){let o={jsSpec:{}},i=On()(jn,((s,i)=>{try{return i.transform(s,o).filter((s=>!!s))}catch(o){return console.error("Transformer error:",o),s}}),s);return i.filter((s=>!!s)).map((s=>(!s.get("line")&&s.get("path"),s)))}let Pn={line:0,level:"error",message:"Unknown error"};const In=Ut((s=>s),(s=>s.get("errors",(0,ze.List)()))),Tn=Ut(In,(s=>s.last()));function err(o){return{statePlugins:{err:{reducers:{[rt]:(s,{payload:o})=>{let i=Object.assign(Pn,o,{type:"thrown"});return s.update("errors",(s=>(s||(0,ze.List)()).push((0,ze.fromJS)(i)))).update("errors",(s=>transformErrors(s)))},[nt]:(s,{payload:o})=>(o=o.map((s=>(0,ze.fromJS)(Object.assign(Pn,s,{type:"thrown"})))),s.update("errors",(s=>(s||(0,ze.List)()).concat((0,ze.fromJS)(o)))).update("errors",(s=>transformErrors(s)))),[st]:(s,{payload:o})=>{let i=(0,ze.fromJS)(o);return i=i.set("type","spec"),s.update("errors",(s=>(s||(0,ze.List)()).push((0,ze.fromJS)(i)).sortBy((s=>s.get("line"))))).update("errors",(s=>transformErrors(s)))},[ot]:(s,{payload:o})=>(o=o.map((s=>(0,ze.fromJS)(Object.assign(Pn,s,{type:"spec"})))),s.update("errors",(s=>(s||(0,ze.List)()).concat((0,ze.fromJS)(o)))).update("errors",(s=>transformErrors(s)))),[it]:(s,{payload:o})=>{let i=(0,ze.fromJS)(Object.assign({},o));return i=i.set("type","auth"),s.update("errors",(s=>(s||(0,ze.List)()).push((0,ze.fromJS)(i)))).update("errors",(s=>transformErrors(s)))},[at]:(s,{payload:o})=>{if(!o||!s.get("errors"))return s;let i=s.get("errors").filter((s=>s.keySeq().every((i=>{const a=s.get(i),u=o[i];return!u||a!==u}))));return s.merge({errors:i})},[ct]:(s,{payload:o})=>{if(!o||"function"!=typeof o)return s;let i=s.get("errors").filter((s=>o(s)));return s.merge({errors:i})}},actions:s,selectors:C}}}}function opsFilter(s,o){return s.filter(((s,i)=>-1!==i.indexOf(o)))}function filter(){return{fn:{opsFilter}}}var Nn=__webpack_require__(7666),Mn=__webpack_require__.n(Nn);const arrow_up=({className:s=null,width:o=20,height:i=20,...a})=>Re.createElement("svg",Mn()({xmlns:"http://www.w3.org/2000/svg",viewBox:"0 0 20 20",className:s,width:o,height:i,"aria-hidden":"true",focusable:"false"},a),Re.createElement("path",{d:"M 17.418 14.908 C 17.69 15.176 18.127 15.176 18.397 14.908 C 18.667 14.64 18.668 14.207 18.397 13.939 L 10.489 6.109 C 10.219 5.841 9.782 5.841 9.51 6.109 L 1.602 13.939 C 1.332 14.207 1.332 14.64 1.602 14.908 C 1.873 15.176 2.311 15.176 2.581 14.908 L 10 7.767 L 17.418 14.908 Z"})),arrow_down=({className:s=null,width:o=20,height:i=20,...a})=>Re.createElement("svg",Mn()({xmlns:"http://www.w3.org/2000/svg",viewBox:"0 0 20 20",className:s,width:o,height:i,"aria-hidden":"true",focusable:"false"},a),Re.createElement("path",{d:"M17.418 6.109c.272-.268.709-.268.979 0s.271.701 0 .969l-7.908 7.83c-.27.268-.707.268-.979 0l-7.908-7.83c-.27-.268-.27-.701 0-.969.271-.268.709-.268.979 0L10 13.25l7.418-7.141z"})),arrow=({className:s=null,width:o=20,height:i=20,...a})=>Re.createElement("svg",Mn()({xmlns:"http://www.w3.org/2000/svg",viewBox:"0 0 20 20",className:s,width:o,height:i,"aria-hidden":"true",focusable:"false"},a),Re.createElement("path",{d:"M13.25 10L6.109 2.58c-.268-.27-.268-.707 0-.979.268-.27.701-.27.969 0l7.83 7.908c.268.271.268.709 0 .979l-7.83 7.908c-.268.271-.701.27-.969 0-.268-.269-.268-.707 0-.979L13.25 10z"})),components_close=({className:s=null,width:o=20,height:i=20,...a})=>Re.createElement("svg",Mn()({xmlns:"http://www.w3.org/2000/svg",viewBox:"0 0 20 20",className:s,width:o,height:i,"aria-hidden":"true",focusable:"false"},a),Re.createElement("path",{d:"M14.348 14.849c-.469.469-1.229.469-1.697 0L10 11.819l-2.651 3.029c-.469.469-1.229.469-1.697 0-.469-.469-.469-1.229 0-1.697l2.758-3.15-2.759-3.152c-.469-.469-.469-1.228 0-1.697.469-.469 1.228-.469 1.697 0L10 8.183l2.651-3.031c.469-.469 1.228-.469 1.697 0 .469.469.469 1.229 0 1.697l-2.758 3.152 2.758 3.15c.469.469.469 1.229 0 1.698z"})),copy=({className:s=null,width:o=15,height:i=16,...a})=>Re.createElement("svg",Mn()({xmlns:"http://www.w3.org/2000/svg",viewBox:"0 0 15 16",className:s,width:o,height:i,"aria-hidden":"true",focusable:"false"},a),Re.createElement("g",{transform:"translate(2, -1)"},Re.createElement("path",{fill:"#ffffff",fillRule:"evenodd",d:"M2 13h4v1H2v-1zm5-6H2v1h5V7zm2 3V8l-3 3 3 3v-2h5v-2H9zM4.5 9H2v1h2.5V9zM2 12h2.5v-1H2v1zm9 1h1v2c-.02.28-.11.52-.3.7-.19.18-.42.28-.7.3H1c-.55 0-1-.45-1-1V4c0-.55.45-1 1-1h3c0-1.11.89-2 2-2 1.11 0 2 .89 2 2h3c.55 0 1 .45 1 1v5h-1V6H1v9h10v-2zM2 5h8c0-.55-.45-1-1-1H8c-.55 0-1-.45-1-1s-.45-1-1-1-1 .45-1 1-.45 1-1 1H3c-.55 0-1 .45-1 1z"}))),lock=({className:s=null,width:o=20,height:i=20,...a})=>Re.createElement("svg",Mn()({xmlns:"http://www.w3.org/2000/svg",viewBox:"0 0 20 20",className:s,width:o,height:i,"aria-hidden":"true",focusable:"false"},a),Re.createElement("path",{d:"M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8zM12 8H8V5.199C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8z"})),unlock=({className:s=null,width:o=20,height:i=20,...a})=>Re.createElement("svg",Mn()({xmlns:"http://www.w3.org/2000/svg",viewBox:"0 0 20 20",className:s,width:o,height:i,"aria-hidden":"true",focusable:"false"},a),Re.createElement("path",{d:"M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V6h2v-.801C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8z"})),icons=()=>({components:{ArrowUpIcon:arrow_up,ArrowDownIcon:arrow_down,ArrowIcon:arrow,CloseIcon:components_close,CopyIcon:copy,LockIcon:lock,UnlockIcon:unlock}}),Rn="layout_update_layout",Dn="layout_update_filter",Ln="layout_update_mode",Fn="layout_show";function updateLayout(s){return{type:Rn,payload:s}}function updateFilter(s){return{type:Dn,payload:s}}function actions_show(s,o=!0){return s=normalizeArray(s),{type:Fn,payload:{thing:s,shown:o}}}function changeMode(s,o=""){return s=normalizeArray(s),{type:Ln,payload:{thing:s,mode:o}}}const Bn={[Rn]:(s,o)=>s.set("layout",o.payload),[Dn]:(s,o)=>s.set("filter",o.payload),[Fn]:(s,o)=>{const i=o.payload.shown,a=(0,ze.fromJS)(o.payload.thing);return s.update("shown",(0,ze.fromJS)({}),(s=>s.set(a,i)))},[Ln]:(s,o)=>{let i=o.payload.thing,a=o.payload.mode;return s.setIn(["modes"].concat(i),(a||"")+"")}},current=s=>s.get("layout"),currentFilter=s=>s.get("filter"),isShown=(s,o,i)=>(o=normalizeArray(o),s.get("shown",(0,ze.fromJS)({})).get((0,ze.fromJS)(o),i)),whatMode=(s,o,i="")=>(o=normalizeArray(o),s.getIn(["modes",...o],i)),$n=Ut((s=>s),(s=>!isShown(s,"editor"))),taggedOperations=(s,o)=>(i,...a)=>{let u=s(i,...a);const{fn:_,layoutSelectors:w,getConfigs:x}=o.getSystem(),C=x(),{maxDisplayedTags:j}=C;let L=w.currentFilter();return L&&!0!==L&&(u=_.opsFilter(u,L)),j>=0&&(u=u.slice(0,j)),u};function plugins_layout(){return{statePlugins:{layout:{reducers:Bn,actions:j,selectors:L},spec:{wrapSelectors:B}}}}function logs({configs:s}){const o={debug:0,info:1,log:2,warn:3,error:4},getLevel=s=>o[s]||-1;let{logLevel:i}=s,a=getLevel(i);function log(s,...o){getLevel(s)>=a&&console[s](...o)}return log.warn=log.bind(null,"warn"),log.error=log.bind(null,"error"),log.info=log.bind(null,"info"),log.debug=log.bind(null,"debug"),{rootInjects:{log}}}let qn=!1;function on_complete(){return{statePlugins:{spec:{wrapActions:{updateSpec:s=>(...o)=>(qn=!0,s(...o)),updateJsonSpec:(s,o)=>(...i)=>{const a=o.getConfigs().onComplete;return qn&&"function"==typeof a&&(setTimeout(a,0),qn=!1),s(...i)}}}}}}const extractKey=s=>{const o="_**[]";return s.indexOf(o)<0?s:s.split(o)[0].trim()},escapeShell=s=>"-d "===s||/^[_\/-]/g.test(s)?s:"'"+s.replace(/'/g,"'\\''")+"'",escapeCMD=s=>"-d "===(s=s.replace(/\^/g,"^^").replace(/\\"/g,'\\\\"').replace(/"/g,'""').replace(/\n/g,"^\n"))?s.replace(/-d /g,"-d ^\n"):/^[_\/-]/g.test(s)?s:'"'+s+'"',escapePowershell=s=>{if("-d "===s)return s;if(/\n/.test(s)){return`@"\n${s.replace(/`/g,"``").replace(/\$/g,"`$")}\n"@`}if(!/^[_\/-]/.test(s)){return`'${s.replace(/'/g,"''")}'`}return s};const curlify=(s,o,i,a="")=>{let u=!1,_="";const addWords=(...s)=>_+=" "+s.map(o).join(" "),addWordsWithoutLeadingSpace=(...s)=>_+=s.map(o).join(" "),addNewLine=()=>_+=` ${i}`,addIndent=(s=1)=>_+=" ".repeat(s);let w=s.get("headers");_+="curl"+a;const x=s.get("curlOptions");if(ze.List.isList(x)&&!x.isEmpty()&&addWords(...s.get("curlOptions")),addWords("-X",s.get("method")),addNewLine(),addIndent(),addWordsWithoutLeadingSpace(`${s.get("url")}`),w&&w.size)for(let o of s.get("headers").entries()){addNewLine(),addIndent();let[s,i]=o;addWordsWithoutLeadingSpace("-H",`${s}: ${i}`),u=u||/^content-type$/i.test(s)&&/^multipart\/form-data$/i.test(i)}const C=s.get("body");if(C)if(u&&["POST","PUT","PATCH"].includes(s.get("method")))for(let[s,o]of C.entrySeq()){let i=extractKey(s);addNewLine(),addIndent(),addWordsWithoutLeadingSpace("-F"),o instanceof lt.File&&"string"==typeof o.valueOf()?addWords(`${i}=${o.data}${o.type?`;type=${o.type}`:""}`):o instanceof lt.File?addWords(`${i}=@${o.name}${o.type?`;type=${o.type}`:""}`):addWords(`${i}=${o}`)}else if(C instanceof lt.File)addNewLine(),addIndent(),addWordsWithoutLeadingSpace(`--data-binary '@${C.name}'`);else{addNewLine(),addIndent(),addWordsWithoutLeadingSpace("-d ");let o=C;ze.Map.isMap(o)?addWordsWithoutLeadingSpace(function getStringBodyOfMap(s){let o=[];for(let[i,a]of s.get("body").entrySeq()){let s=extractKey(i);a instanceof lt.File?o.push(` "${s}": {\n "name": "${a.name}"${a.type?`,\n "type": "${a.type}"`:""}\n }`):o.push(` "${s}": ${JSON.stringify(a,null,2).replace(/(\r\n|\r|\n)/g,"\n ")}`)}return`{\n${o.join(",\n")}\n}`}(s)):("string"!=typeof o&&(o=JSON.stringify(o)),addWordsWithoutLeadingSpace(o))}else C||"POST"!==s.get("method")||(addNewLine(),addIndent(),addWordsWithoutLeadingSpace("-d ''"));return _},requestSnippetGenerator_curl_powershell=s=>curlify(s,escapePowershell,"`\n",".exe"),requestSnippetGenerator_curl_bash=s=>curlify(s,escapeShell,"\\\n"),requestSnippetGenerator_curl_cmd=s=>curlify(s,escapeCMD,"^\n"),request_snippets_selectors_state=s=>s||(0,ze.Map)(),Un=Ut(request_snippets_selectors_state,(s=>{const o=s.get("languages"),i=s.get("generators",(0,ze.Map)());return!o||o.isEmpty()?i:i.filter(((s,i)=>o.includes(i)))})),getSnippetGenerators=s=>({fn:o})=>Un(s).map(((s,i)=>{const a=(s=>o[`requestSnippetGenerator_${s}`])(i);return"function"!=typeof a?null:s.set("fn",a)})).filter((s=>s)),Vn=Ut(request_snippets_selectors_state,(s=>s.get("activeLanguage"))),zn=Ut(request_snippets_selectors_state,(s=>s.get("defaultExpanded")));var Wn=__webpack_require__(46942),Jn=__webpack_require__.n(Wn),Hn=__webpack_require__(59399);const Kn={cursor:"pointer",lineHeight:1,display:"inline-flex",backgroundColor:"rgb(250, 250, 250)",paddingBottom:"0",paddingTop:"0",border:"1px solid rgb(51, 51, 51)",borderRadius:"4px 4px 0 0",boxShadow:"none",borderBottom:"none"},Gn={cursor:"pointer",lineHeight:1,display:"inline-flex",backgroundColor:"rgb(51, 51, 51)",boxShadow:"none",border:"1px solid rgb(51, 51, 51)",paddingBottom:"0",paddingTop:"0",borderRadius:"4px 4px 0 0",marginTop:"-5px",marginRight:"-5px",marginLeft:"-5px",zIndex:"9999",borderBottom:"none"},request_snippets=({request:s,requestSnippetsSelectors:o,getComponent:i})=>{const a=(0,Re.useRef)(null),u=i("ArrowUpIcon"),_=i("ArrowDownIcon"),w=i("SyntaxHighlighter",!0),[x,C]=(0,Re.useState)(o.getSnippetGenerators()?.keySeq().first()),[j,L]=(0,Re.useState)(o?.getDefaultExpanded()),B=o.getSnippetGenerators(),$=B.get(x),U=$.get("fn")(s),handleSetIsExpanded=()=>{L(!j)},handleGetBtnStyle=s=>s===x?Gn:Kn,handlePreventYScrollingBeyondElement=s=>{const{target:o,deltaY:i}=s,{scrollHeight:a,offsetHeight:u,scrollTop:_}=o;a>u&&(0===_&&i<0||u+_>=a&&i>0)&&s.preventDefault()};return(0,Re.useEffect)((()=>{}),[]),(0,Re.useEffect)((()=>{const s=Array.from(a.current.childNodes).filter((s=>!!s.nodeType&&s.classList?.contains("curl-command")));return s.forEach((s=>s.addEventListener("mousewheel",handlePreventYScrollingBeyondElement,{passive:!1}))),()=>{s.forEach((s=>s.removeEventListener("mousewheel",handlePreventYScrollingBeyondElement)))}}),[s]),Re.createElement("div",{className:"request-snippets",ref:a},Re.createElement("div",{style:{width:"100%",display:"flex",justifyContent:"flex-start",alignItems:"center",marginBottom:"15px"}},Re.createElement("h4",{onClick:()=>handleSetIsExpanded(),style:{cursor:"pointer"}},"Snippets"),Re.createElement("button",{onClick:()=>handleSetIsExpanded(),style:{border:"none",background:"none"},title:j?"Collapse operation":"Expand operation"},j?Re.createElement(_,{className:"arrow",width:"10",height:"10"}):Re.createElement(u,{className:"arrow",width:"10",height:"10"}))),j&&Re.createElement("div",{className:"curl-command"},Re.createElement("div",{style:{paddingLeft:"15px",paddingRight:"10px",width:"100%",display:"flex"}},B.entrySeq().map((([s,o])=>Re.createElement("div",{className:Jn()("btn",{active:s===x}),style:handleGetBtnStyle(s),key:s,onClick:()=>(s=>{x!==s&&C(s)})(s)},Re.createElement("h4",{style:s===x?{color:"white"}:{}},o.get("title")))))),Re.createElement("div",{className:"copy-to-clipboard"},Re.createElement(Hn.CopyToClipboard,{text:U},Re.createElement("button",null))),Re.createElement("div",null,Re.createElement(w,{language:$.get("syntax"),className:"curl microlight",renderPlainText:({children:s,PlainTextViewer:o})=>Re.createElement(o,{className:"curl"},s)},U))))},plugins_request_snippets=()=>({components:{RequestSnippets:request_snippets},fn:{requestSnippetGenerator_curl_bash,requestSnippetGenerator_curl_cmd,requestSnippetGenerator_curl_powershell},statePlugins:{requestSnippets:{selectors:$}}});class ModelCollapse extends Re.Component{static defaultProps={collapsedContent:"{...}",expanded:!1,title:null,onToggle:()=>{},hideSelfOnExpand:!1,specPath:We().List([])};constructor(s,o){super(s,o);let{expanded:i,collapsedContent:a}=this.props;this.state={expanded:i,collapsedContent:a||ModelCollapse.defaultProps.collapsedContent}}componentDidMount(){const{hideSelfOnExpand:s,expanded:o,modelName:i}=this.props;s&&o&&this.props.onToggle(i,o)}UNSAFE_componentWillReceiveProps(s){this.props.expanded!==s.expanded&&this.setState({expanded:s.expanded})}toggleCollapsed=()=>{this.props.onToggle&&this.props.onToggle(this.props.modelName,!this.state.expanded),this.setState({expanded:!this.state.expanded})};onLoad=s=>{if(s&&this.props.layoutSelectors){const o=this.props.layoutSelectors.getScrollToKey();We().is(o,this.props.specPath)&&this.toggleCollapsed(),this.props.layoutActions.readyToScroll(this.props.specPath,s.parentElement)}};render(){const{title:s,classes:o}=this.props;return this.state.expanded&&this.props.hideSelfOnExpand?Re.createElement("span",{className:o||""},this.props.children):Re.createElement("span",{className:o||"",ref:this.onLoad},Re.createElement("button",{"aria-expanded":this.state.expanded,className:"model-box-control",onClick:this.toggleCollapsed},s&&Re.createElement("span",{className:"pointer"},s),Re.createElement("span",{className:"model-toggle"+(this.state.expanded?"":" collapsed")}),!this.state.expanded&&Re.createElement("span",null,this.state.collapsedContent)),this.state.expanded&&this.props.children)}}const useTabs=({initialTab:s,isExecute:o,schema:i,example:a})=>{const u=(0,Re.useMemo)((()=>({example:"example",model:"model"})),[]),_=(0,Re.useMemo)((()=>Object.keys(u)),[u]).includes(s)&&i&&!o?s:u.example,w=(s=>{const o=(0,Re.useRef)();return(0,Re.useEffect)((()=>{o.current=s})),o.current})(o),[x,C]=(0,Re.useState)(_),j=(0,Re.useCallback)((s=>{C(s.target.dataset.name)}),[]);return(0,Re.useEffect)((()=>{w&&!o&&a&&C(u.example)}),[w,o,a]),{activeTab:x,onTabChange:j,tabs:u}},model_example=({schema:s,example:o,isExecute:i=!1,specPath:a,includeWriteOnly:u=!1,includeReadOnly:_=!1,getComponent:w,getConfigs:x,specSelectors:C})=>{const{defaultModelRendering:j,defaultModelExpandDepth:L}=x(),B=w("ModelWrapper"),$=w("HighlightCode",!0),U=xt()(5).toString("base64"),V=xt()(5).toString("base64"),z=xt()(5).toString("base64"),Y=xt()(5).toString("base64"),Z=C.isOAS3(),{activeTab:ee,tabs:ie,onTabChange:ae}=useTabs({initialTab:j,isExecute:i,schema:s,example:o});return Re.createElement("div",{className:"model-example"},Re.createElement("ul",{className:"tab",role:"tablist"},Re.createElement("li",{className:Jn()("tabitem",{active:ee===ie.example}),role:"presentation"},Re.createElement("button",{"aria-controls":V,"aria-selected":ee===ie.example,className:"tablinks","data-name":"example",id:U,onClick:ae,role:"tab"},i?"Edit Value":"Example Value")),s&&Re.createElement("li",{className:Jn()("tabitem",{active:ee===ie.model}),role:"presentation"},Re.createElement("button",{"aria-controls":Y,"aria-selected":ee===ie.model,className:Jn()("tablinks",{inactive:i}),"data-name":"model",id:z,onClick:ae,role:"tab"},Z?"Schema":"Model"))),ee===ie.example&&Re.createElement("div",{"aria-hidden":ee!==ie.example,"aria-labelledby":U,"data-name":"examplePanel",id:V,role:"tabpanel",tabIndex:"0"},o||Re.createElement($,null,"(no example available")),ee===ie.model&&Re.createElement("div",{className:"model-container","aria-hidden":ee===ie.example,"aria-labelledby":z,"data-name":"modelPanel",id:Y,role:"tabpanel",tabIndex:"0"},Re.createElement(B,{schema:s,getComponent:w,getConfigs:x,specSelectors:C,expandDepth:L,specPath:a,includeReadOnly:_,includeWriteOnly:u})))};class ModelWrapper extends Re.Component{onToggle=(s,o)=>{this.props.layoutActions&&this.props.layoutActions.show(this.props.fullPath,o)};render(){let{getComponent:s,getConfigs:o}=this.props;const i=s("Model");let a;return this.props.layoutSelectors&&(a=this.props.layoutSelectors.isShown(this.props.fullPath)),Re.createElement("div",{className:"model-box"},Re.createElement(i,Mn()({},this.props,{getConfigs:o,expanded:a,depth:1,onToggle:this.onToggle,expandDepth:this.props.expandDepth||0})))}}function _typeof(s){return _typeof="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(s){return typeof s}:function(s){return s&&"function"==typeof Symbol&&s.constructor===Symbol&&s!==Symbol.prototype?"symbol":typeof s},_typeof(s)}function _defineProperties(s,o){for(var i=0;i1&&void 0!==arguments[1]?arguments[1]:{},i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{},a=function createChecker(s,o){return function(i){if("string"==typeof i)return(0,ze.is)(o[i],s[i]);if(Array.isArray(i))return(0,ze.is)(getIn(o,i),getIn(s,i));throw new TypeError("Invalid key: expected Array or string: "+i)}}(o,i),u=s||Object.keys(function _objectSpread2(s){for(var o=1;o1&&void 0!==arguments[1]?arguments[1]:{};return!check(this.updateOnProps,this.props,s,"updateOnProps")||!check(this.updateOnStates,this.state,o,"updateOnStates")}}]),ImmutablePureComponent}(Re.Component);var Qn,Zn=__webpack_require__(5556),es=__webpack_require__.n(Zn);function _extends(){return _extends=Object.assign?Object.assign.bind():function(s){for(var o=1;oRe.createElement("svg",_extends({xmlns:"http://www.w3.org/2000/svg",width:200,height:200,className:"rolling-load_svg__lds-rolling",preserveAspectRatio:"xMidYMid",style:{backgroundImage:"none",backgroundPosition:"initial initial",backgroundRepeat:"initial initial"},viewBox:"0 0 100 100"},s),Qn||(Qn=Re.createElement("circle",{cx:50,cy:50,r:35,fill:"none",stroke:"#555",strokeDasharray:"164.93361431346415 56.97787143782138",strokeWidth:10},Re.createElement("animateTransform",{attributeName:"transform",begin:"0s",calcMode:"linear",dur:"1s",keyTimes:"0;1",repeatCount:"indefinite",type:"rotate",values:"0 50 50;360 50 50"})))),decodeRefName=s=>{const o=s.replace(/~1/g,"/").replace(/~0/g,"~");try{return decodeURIComponent(o)}catch{return o}};class Model extends Xn{static propTypes={schema:xn().map.isRequired,getComponent:es().func.isRequired,getConfigs:es().func.isRequired,specSelectors:es().object.isRequired,name:es().string,displayName:es().string,isRef:es().bool,required:es().bool,expandDepth:es().number,depth:es().number,specPath:xn().list.isRequired,includeReadOnly:es().bool,includeWriteOnly:es().bool};getModelName=s=>-1!==s.indexOf("#/definitions/")?decodeRefName(s.replace(/^.*#\/definitions\//,"")):-1!==s.indexOf("#/components/schemas/")?decodeRefName(s.replace(/^.*#\/components\/schemas\//,"")):void 0;getRefSchema=s=>{let{specSelectors:o}=this.props;return o.findDefinition(s)};render(){let{getComponent:s,getConfigs:o,specSelectors:i,schema:a,required:u,name:_,isRef:w,specPath:x,displayName:C,includeReadOnly:j,includeWriteOnly:L}=this.props;const B=s("ObjectModel"),$=s("ArrayModel"),U=s("PrimitiveModel");let V="object",z=a&&a.get("$$ref"),Y=a&&a.get("$ref");if(!_&&z&&(_=this.getModelName(z)),Y){const s=this.getModelName(Y),o=this.getRefSchema(s);ze.Map.isMap(o)?(a=o.mergeDeep(a),z||(a=a.set("$$ref",Y),z=Y)):ze.Map.isMap(a)&&1===a.size&&(a=null,_=Y)}if(!a)return Re.createElement("span",{className:"model model-title"},Re.createElement("span",{className:"model-title__text"},C||_),!Y&&Re.createElement(rolling_load,{height:"20px",width:"20px"}));const Z=i.isOAS3()&&a.get("deprecated");switch(w=void 0!==w?w:!!z,V=a&&a.get("type")||V,V){case"object":return Re.createElement(B,Mn()({className:"object"},this.props,{specPath:x,getConfigs:o,schema:a,name:_,deprecated:Z,isRef:w,includeReadOnly:j,includeWriteOnly:L}));case"array":return Re.createElement($,Mn()({className:"array"},this.props,{getConfigs:o,schema:a,name:_,deprecated:Z,required:u,includeReadOnly:j,includeWriteOnly:L}));default:return Re.createElement(U,Mn()({},this.props,{getComponent:s,getConfigs:o,schema:a,name:_,deprecated:Z,required:u}))}}}class Models extends Re.Component{getSchemaBasePath=()=>this.props.specSelectors.isOAS3()?["components","schemas"]:["definitions"];getCollapsedContent=()=>" ";handleToggle=(s,o)=>{const{layoutActions:i}=this.props;i.show([...this.getSchemaBasePath(),s],o),o&&this.props.specActions.requestResolvedSubtree([...this.getSchemaBasePath(),s])};onLoadModels=s=>{s&&this.props.layoutActions.readyToScroll(this.getSchemaBasePath(),s)};onLoadModel=s=>{if(s){const o=s.getAttribute("data-name");this.props.layoutActions.readyToScroll([...this.getSchemaBasePath(),o],s)}};render(){let{specSelectors:s,getComponent:o,layoutSelectors:i,layoutActions:a,getConfigs:u}=this.props,_=s.definitions(),{docExpansion:w,defaultModelsExpandDepth:x}=u();if(!_.size||x<0)return null;const C=this.getSchemaBasePath();let j=i.isShown(C,x>0&&"none"!==w);const L=s.isOAS3(),B=o("ModelWrapper"),$=o("Collapse"),U=o("ModelCollapse"),V=o("JumpToPath",!0),z=o("ArrowUpIcon"),Y=o("ArrowDownIcon");return Re.createElement("section",{className:j?"models is-open":"models",ref:this.onLoadModels},Re.createElement("h4",null,Re.createElement("button",{"aria-expanded":j,className:"models-control",onClick:()=>a.show(C,!j)},Re.createElement("span",null,L?"Schemas":"Models"),j?Re.createElement(z,null):Re.createElement(Y,null))),Re.createElement($,{isOpened:j},_.entrySeq().map((([_])=>{const w=[...C,_],j=We().List(w),L=s.specResolvedSubtree(w),$=s.specJson().getIn(w),z=ze.Map.isMap(L)?L:We().Map(),Y=ze.Map.isMap($)?$:We().Map(),Z=z.get("title")||Y.get("title")||_,ee=i.isShown(w,!1);ee&&0===z.size&&Y.size>0&&this.props.specActions.requestResolvedSubtree(w);const ie=Re.createElement(B,{name:_,expandDepth:x,schema:z||We().Map(),displayName:Z,fullPath:w,specPath:j,getComponent:o,specSelectors:s,getConfigs:u,layoutSelectors:i,layoutActions:a,includeReadOnly:!0,includeWriteOnly:!0}),ae=Re.createElement("span",{className:"model-box"},Re.createElement("span",{className:"model model-title"},Z));return Re.createElement("div",{id:`model-${_}`,className:"model-container",key:`models-section-${_}`,"data-name":_,ref:this.onLoadModel},Re.createElement("span",{className:"models-jump-to-path"},Re.createElement(V,{path:j})),Re.createElement(U,{classes:"model-box",collapsedContent:this.getCollapsedContent(_),onToggle:this.handleToggle,title:ae,displayName:Z,modelName:_,specPath:j,layoutSelectors:i,layoutActions:a,hideSelfOnExpand:!0,expanded:x>0&&ee},ie))})).toArray()))}}const enum_model=({value:s,getComponent:o})=>{let i=o("ModelCollapse"),a=Re.createElement("span",null,"Array [ ",s.count()," ]");return Re.createElement("span",{className:"prop-enum"},"Enum:",Re.createElement("br",null),Re.createElement(i,{collapsedContent:a},"[ ",s.map(String).join(", ")," ]"))};function isAbsoluteUrl(s){return s.match(/^(?:[a-z]+:)?\/\//i)}function buildBaseUrl(s,o){return s?isAbsoluteUrl(s)?function addProtocol(s){return s.match(/^\/\//i)?`${window.location.protocol}${s}`:s}(s):new URL(s,o).href:o}function safeBuildUrl(s,o,{selectedServer:i=""}={}){try{return function buildUrl(s,o,{selectedServer:i=""}={}){if(!s)return;if(isAbsoluteUrl(s))return s;const a=buildBaseUrl(i,o);return isAbsoluteUrl(a)?new URL(s,a).href:new URL(s,window.location.href).href}(s,o,{selectedServer:i})}catch{return}}function sanitizeUrl(s){if("string"!=typeof s||""===s.trim())return"";const o=s.trim(),i="about:blank";try{const s=`https://base${String(Math.random()).slice(2)}`,a=new URL(o,s),u=a.protocol.slice(0,-1);if(["javascript","data","vbscript"].includes(u.toLowerCase()))return i;if(a.origin===s){if(o.startsWith("/"))return`${a.pathname}${a.search}${a.hash}`;if(o.startsWith("./")||o.startsWith("../")){const s=o.match(/^(\.\.?\/)+/)[0];return`${s}${a.pathname.substring(1)}${a.search}${a.hash}`}return`${a.pathname.substring(1)}${a.search}${a.hash}`}return String(a)}catch{return i}}class ObjectModel extends Re.Component{render(){let{schema:s,name:o,displayName:i,isRef:a,getComponent:u,getConfigs:_,depth:w,onToggle:x,expanded:C,specPath:j,...L}=this.props,{specSelectors:B,expandDepth:$,includeReadOnly:U,includeWriteOnly:V}=L;const{isOAS3:z}=B,Y=w>2||2===w&&"items"!==j.last();if(!s)return null;const{showExtensions:Z}=_(),ee=Z?getExtensions(s):(0,ze.List)();let ie=s.get("description"),ae=s.get("properties"),ce=s.get("additionalProperties"),le=s.get("title")||i||o,pe=s.get("required"),de=s.filter(((s,o)=>-1!==["maxProperties","minProperties","nullable","example"].indexOf(o))),fe=s.get("deprecated"),ye=s.getIn(["externalDocs","url"]),be=s.getIn(["externalDocs","description"]);const _e=u("JumpToPath",!0),Se=u("Markdown",!0),we=u("Model"),xe=u("ModelCollapse"),Pe=u("Property"),Te=u("Link"),$e=u("ModelExtensions"),JumpToPathSection=()=>Re.createElement("span",{className:"model-jump-to-path"},Re.createElement(_e,{path:j})),qe=Re.createElement("span",null,Re.createElement("span",null,"{"),"...",Re.createElement("span",null,"}"),a?Re.createElement(JumpToPathSection,null):""),We=B.isOAS3()?s.get("allOf"):null,He=B.isOAS3()?s.get("anyOf"):null,Ye=B.isOAS3()?s.get("oneOf"):null,Xe=B.isOAS3()?s.get("not"):null,Qe=le&&Re.createElement("span",{className:"model-title"},a&&s.get("$$ref")&&Re.createElement("span",{className:Jn()("model-hint",{"model-hint--embedded":Y})},s.get("$$ref")),Re.createElement("span",{className:"model-title__text"},le));return Re.createElement("span",{className:"model"},Re.createElement(xe,{modelName:o,title:Qe,onToggle:x,expanded:!!C||w<=$,collapsedContent:qe},Re.createElement("span",{className:"brace-open object"},"{"),a?Re.createElement(JumpToPathSection,null):null,Re.createElement("span",{className:"inner-object"},Re.createElement("table",{className:"model"},Re.createElement("tbody",null,ie?Re.createElement("tr",{className:"description"},Re.createElement("td",null,"description:"),Re.createElement("td",null,Re.createElement(Se,{source:ie}))):null,ye&&Re.createElement("tr",{className:"external-docs"},Re.createElement("td",null,"externalDocs:"),Re.createElement("td",null,Re.createElement(Te,{target:"_blank",href:sanitizeUrl(ye)},be||ye))),fe?Re.createElement("tr",{className:"property"},Re.createElement("td",null,"deprecated:"),Re.createElement("td",null,"true")):null,ae&&ae.size?ae.entrySeq().filter((([,s])=>(!s.get("readOnly")||U)&&(!s.get("writeOnly")||V))).map((([s,i])=>{let a=z()&&i.get("deprecated"),x=ze.List.isList(pe)&&pe.contains(s),C=["property-row"];return a&&C.push("deprecated"),x&&C.push("required"),Re.createElement("tr",{key:s,className:C.join(" ")},Re.createElement("td",null,s,x&&Re.createElement("span",{className:"star"},"*")),Re.createElement("td",null,Re.createElement(we,Mn()({key:`object-${o}-${s}_${i}`},L,{required:x,getComponent:u,specPath:j.push("properties",s),getConfigs:_,schema:i,depth:w+1}))))})).toArray():null,0===ee.size?null:Re.createElement(Re.Fragment,null,Re.createElement("tr",null,Re.createElement("td",null," ")),Re.createElement($e,{extensions:ee,propClass:"extension"})),ce&&ce.size?Re.createElement("tr",null,Re.createElement("td",null,"< * >:"),Re.createElement("td",null,Re.createElement(we,Mn()({},L,{required:!1,getComponent:u,specPath:j.push("additionalProperties"),getConfigs:_,schema:ce,depth:w+1})))):null,We?Re.createElement("tr",null,Re.createElement("td",null,"allOf ->"),Re.createElement("td",null,We.map(((s,o)=>Re.createElement("div",{key:o},Re.createElement(we,Mn()({},L,{required:!1,getComponent:u,specPath:j.push("allOf",o),getConfigs:_,schema:s,depth:w+1}))))))):null,He?Re.createElement("tr",null,Re.createElement("td",null,"anyOf ->"),Re.createElement("td",null,He.map(((s,o)=>Re.createElement("div",{key:o},Re.createElement(we,Mn()({},L,{required:!1,getComponent:u,specPath:j.push("anyOf",o),getConfigs:_,schema:s,depth:w+1}))))))):null,Ye?Re.createElement("tr",null,Re.createElement("td",null,"oneOf ->"),Re.createElement("td",null,Ye.map(((s,o)=>Re.createElement("div",{key:o},Re.createElement(we,Mn()({},L,{required:!1,getComponent:u,specPath:j.push("oneOf",o),getConfigs:_,schema:s,depth:w+1}))))))):null,Xe?Re.createElement("tr",null,Re.createElement("td",null,"not ->"),Re.createElement("td",null,Re.createElement("div",null,Re.createElement(we,Mn()({},L,{required:!1,getComponent:u,specPath:j.push("not"),getConfigs:_,schema:Xe,depth:w+1}))))):null))),Re.createElement("span",{className:"brace-close"},"}")),de.size?de.entrySeq().map((([s,o])=>Re.createElement(Pe,{key:`${s}-${o}`,propKey:s,propVal:o,propClass:"property"}))):null)}}class ArrayModel extends Re.Component{render(){let{getComponent:s,getConfigs:o,schema:i,depth:a,expandDepth:u,name:_,displayName:w,specPath:x}=this.props,C=i.get("description"),j=i.get("items"),L=i.get("title")||w||_,B=i.filter(((s,o)=>-1===["type","items","description","$$ref","externalDocs"].indexOf(o))),$=i.getIn(["externalDocs","url"]),U=i.getIn(["externalDocs","description"]);const V=s("Markdown",!0),z=s("ModelCollapse"),Y=s("Model"),Z=s("Property"),ee=s("Link"),ie=L&&Re.createElement("span",{className:"model-title"},Re.createElement("span",{className:"model-title__text"},L));return Re.createElement("span",{className:"model"},Re.createElement(z,{title:ie,expanded:a<=u,collapsedContent:"[...]"},"[",B.size?B.entrySeq().map((([s,o])=>Re.createElement(Z,{key:`${s}-${o}`,propKey:s,propVal:o,propClass:"property"}))):null,C?Re.createElement(V,{source:C}):B.size?Re.createElement("div",{className:"markdown"}):null,$&&Re.createElement("div",{className:"external-docs"},Re.createElement(ee,{target:"_blank",href:sanitizeUrl($)},U||$)),Re.createElement("span",null,Re.createElement(Y,Mn()({},this.props,{getConfigs:o,specPath:x.push("items"),name:null,schema:j,required:!1,depth:a+1}))),"]"))}}const ts="property primitive";class Primitive extends Re.Component{render(){let{schema:s,getComponent:o,getConfigs:i,name:a,displayName:u,depth:_,expandDepth:w}=this.props;const{showExtensions:x}=i();if(!s||!s.get)return Re.createElement("div",null);let C=s.get("type"),j=s.get("format"),L=s.get("xml"),B=s.get("enum"),$=s.get("title")||u||a,U=s.get("description");const V=getExtensions(s);let z=s.filter(((s,o)=>-1===["enum","type","format","description","$$ref","externalDocs"].indexOf(o))).filterNot(((s,o)=>V.has(o))),Y=s.getIn(["externalDocs","url"]),Z=s.getIn(["externalDocs","description"]);const ee=o("Markdown",!0),ie=o("EnumModel"),ae=o("Property"),ce=o("ModelCollapse"),le=o("Link"),pe=o("ModelExtensions"),de=$&&Re.createElement("span",{className:"model-title"},Re.createElement("span",{className:"model-title__text"},$));return Re.createElement("span",{className:"model"},Re.createElement(ce,{title:de,expanded:_<=w,collapsedContent:"[...]"},Re.createElement("span",{className:"prop"},a&&_>1&&Re.createElement("span",{className:"prop-name"},$),Re.createElement("span",{className:"prop-type"},C),j&&Re.createElement("span",{className:"prop-format"},"($",j,")"),z.size?z.entrySeq().map((([s,o])=>Re.createElement(ae,{key:`${s}-${o}`,propKey:s,propVal:o,propClass:ts}))):null,x&&V.size>0?Re.createElement(pe,{extensions:V,propClass:`${ts} extension`}):null,U?Re.createElement(ee,{source:U}):null,Y&&Re.createElement("div",{className:"external-docs"},Re.createElement(le,{target:"_blank",href:sanitizeUrl(Y)},Z||Y)),L&&L.size?Re.createElement("span",null,Re.createElement("br",null),Re.createElement("span",{className:ts},"xml:"),L.entrySeq().map((([s,o])=>Re.createElement("span",{key:`${s}-${o}`,className:ts},Re.createElement("br",null)," ",s,": ",String(o)))).toArray()):null,B&&Re.createElement(ie,{value:B,getComponent:o}))))}}class Schemes extends Re.Component{UNSAFE_componentWillMount(){let{schemes:s}=this.props;this.setScheme(s.first())}UNSAFE_componentWillReceiveProps(s){this.props.currentScheme&&s.schemes.includes(this.props.currentScheme)||this.setScheme(s.schemes.first())}onChange=s=>{this.setScheme(s.target.value)};setScheme=s=>{let{path:o,method:i,specActions:a}=this.props;a.setScheme(s,o,i)};render(){let{schemes:s,currentScheme:o}=this.props;return Re.createElement("label",{htmlFor:"schemes"},Re.createElement("span",{className:"schemes-title"},"Schemes"),Re.createElement("select",{onChange:this.onChange,value:o,id:"schemes"},s.valueSeq().map((s=>Re.createElement("option",{value:s,key:s},s))).toArray()))}}class SchemesContainer extends Re.Component{render(){const{specActions:s,specSelectors:o,getComponent:i}=this.props,a=o.operationScheme(),u=o.schemes(),_=i("schemes");return u&&u.size?Re.createElement(_,{currentScheme:a,schemes:u,specActions:s}):null}}var rs=__webpack_require__(24677),ns=__webpack_require__.n(rs);const ss={value:"",onChange:()=>{},schema:{},keyName:"",required:!1,errors:(0,ze.List)()};class JsonSchemaForm extends Re.Component{static defaultProps=ss;componentDidMount(){const{dispatchInitialValue:s,value:o,onChange:i}=this.props;s?i(o):!1===s&&i("")}render(){let{schema:s,errors:o,value:i,onChange:a,getComponent:u,fn:_,disabled:w}=this.props;const x=s&&s.get?s.get("format"):null,C=s&&s.get?s.get("type"):null,j=_.getSchemaObjectType(s),L=_.isFileUploadIntended(s);let getComponentSilently=s=>u(s,!1,{failSilently:!0}),B=C?getComponentSilently(x?`JsonSchema_${C}_${x}`:`JsonSchema_${C}`):u("JsonSchema_string");return L||!ze.List.isList(C)||"array"!==j&&"object"!==j||(B=u("JsonSchema_object")),B||(B=u("JsonSchema_string")),Re.createElement(B,Mn()({},this.props,{errors:o,fn:_,getComponent:u,value:i,onChange:a,schema:s,disabled:w}))}}class JsonSchema_string extends Re.Component{static defaultProps=ss;onChange=s=>{const o=this.props.schema&&"file"===this.props.schema.get("type")?s.target.files[0]:s.target.value;this.props.onChange(o,this.props.keyName)};onEnumChange=s=>this.props.onChange(s);render(){let{getComponent:s,value:o,schema:i,errors:a,required:u,description:_,disabled:w}=this.props;const x=i&&i.get?i.get("enum"):null,C=i&&i.get?i.get("format"):null,j=i&&i.get?i.get("type"):null,L=i&&i.get?i.get("in"):null;if(o?(isImmutable(o)||"object"==typeof o)&&(o=stringify(o)):o="",a=a.toJS?a.toJS():[],x){const i=s("Select");return Re.createElement(i,{className:a.length?"invalid":"",title:a.length?a:"",allowedValues:[...x],value:o,allowEmptyValue:!u,disabled:w,onChange:this.onEnumChange})}const B=w||L&&"formData"===L&&!("FormData"in window),$=s("Input");return j&&"file"===j?Re.createElement($,{type:"file",className:a.length?"invalid":"",title:a.length?a:"",onChange:this.onChange,disabled:B}):Re.createElement(ns(),{type:C&&"password"===C?"password":"text",className:a.length?"invalid":"",title:a.length?a:"",value:o,minLength:0,debounceTimeout:350,placeholder:_,onChange:this.onChange,disabled:B})}}class JsonSchema_array extends Re.PureComponent{static defaultProps=ss;constructor(s,o){super(s,o),this.state={value:valueOrEmptyList(s.value),schema:s.schema}}UNSAFE_componentWillReceiveProps(s){const o=valueOrEmptyList(s.value);o!==this.state.value&&this.setState({value:o}),s.schema!==this.state.schema&&this.setState({schema:s.schema})}onChange=()=>{this.props.onChange(this.state.value)};onItemChange=(s,o)=>{this.setState((({value:i})=>({value:i.set(o,s)})),this.onChange)};removeItem=s=>{this.setState((({value:o})=>({value:o.delete(s)})),this.onChange)};addItem=()=>{const{fn:s}=this.props;let o=valueOrEmptyList(this.state.value);this.setState((()=>({value:o.push(s.getSampleSchema(this.state.schema.get("items"),!1,{includeWriteOnly:!0}))})),this.onChange)};onEnumChange=s=>{this.setState((()=>({value:s})),this.onChange)};render(){let{getComponent:s,required:o,schema:i,errors:a,fn:u,disabled:_}=this.props;a=a.toJS?a.toJS():Array.isArray(a)?a:[];const w=a.filter((s=>"string"==typeof s)),x=a.filter((s=>void 0!==s.needRemove)).map((s=>s.error)),C=this.state.value,j=!!(C&&C.count&&C.count()>0),L=i.getIn(["items","enum"]),B=i.get("items"),$=u.getSchemaObjectType(B),U=u.getSchemaObjectTypeLabel(B),V=i.getIn(["items","format"]),z=i.get("items");let Y,Z=!1,ee="file"===$||"string"===$&&"binary"===V;if($&&V?Y=s(`JsonSchema_${$}_${V}`):"boolean"!==$&&"array"!==$&&"object"!==$||(Y=s(`JsonSchema_${$}`)),!ze.List.isList(B?.get("type"))||"array"!==$&&"object"!==$||(Y=s("JsonSchema_object")),Y||ee||(Z=!0),L){const i=s("Select");return Re.createElement(i,{className:a.length?"invalid":"",title:a.length?a:"",multiple:!0,value:C,disabled:_,allowedValues:L,allowEmptyValue:!o,onChange:this.onEnumChange})}const ie=s("Button");return Re.createElement("div",{className:"json-schema-array"},j?C.map(((o,i)=>{const w=(0,ze.fromJS)([...a.filter((s=>s.index===i)).map((s=>s.error))]);return Re.createElement("div",{key:i,className:"json-schema-form-item"},ee?Re.createElement(JsonSchemaArrayItemFile,{value:o,onChange:s=>this.onItemChange(s,i),disabled:_,errors:w,getComponent:s}):Z?Re.createElement(JsonSchemaArrayItemText,{value:o,onChange:s=>this.onItemChange(s,i),disabled:_,errors:w}):Re.createElement(Y,Mn()({},this.props,{value:o,onChange:s=>this.onItemChange(s,i),disabled:_,errors:w,schema:z,getComponent:s,fn:u})),_?null:Re.createElement(ie,{className:`btn btn-sm json-schema-form-item-remove ${x.length?"invalid":null}`,title:x.length?x:"",onClick:()=>this.removeItem(i)}," - "))})):null,_?null:Re.createElement(ie,{className:`btn btn-sm json-schema-form-item-add ${w.length?"invalid":null}`,title:w.length?w:"",onClick:this.addItem},"Add ",U," item"))}}class JsonSchemaArrayItemText extends Re.Component{static defaultProps=ss;onChange=s=>{const o=s.target.value;this.props.onChange(o,this.props.keyName)};render(){let{value:s,errors:o,description:i,disabled:a}=this.props;return s?(isImmutable(s)||"object"==typeof s)&&(s=stringify(s)):s="",o=o.toJS?o.toJS():[],Re.createElement(ns(),{type:"text",className:o.length?"invalid":"",title:o.length?o:"",value:s,minLength:0,debounceTimeout:350,placeholder:i,onChange:this.onChange,disabled:a})}}class JsonSchemaArrayItemFile extends Re.Component{static defaultProps=ss;onFileChange=s=>{const o=s.target.files[0];this.props.onChange(o,this.props.keyName)};render(){let{getComponent:s,errors:o,disabled:i}=this.props;const a=s("Input"),u=i||!("FormData"in window);return Re.createElement(a,{type:"file",className:o.length?"invalid":"",title:o.length?o:"",onChange:this.onFileChange,disabled:u})}}class JsonSchema_boolean extends Re.Component{static defaultProps=ss;onEnumChange=s=>this.props.onChange(s);render(){let{getComponent:s,value:o,errors:i,schema:a,required:u,disabled:_}=this.props;i=i.toJS?i.toJS():[];let w=a&&a.get?a.get("enum"):null,x=!w||!u,C=!w&&["true","false"];const j=s("Select");return Re.createElement(j,{className:i.length?"invalid":"",title:i.length?i:"",value:String(o),disabled:_,allowedValues:w?[...w]:C,allowEmptyValue:x,onChange:this.onEnumChange})}}const stringifyObjectErrors=s=>s.map((s=>{const o=void 0!==s.propKey?s.propKey:s.index;let i="string"==typeof s?s:"string"==typeof s.error?s.error:null;if(!o&&i)return i;let a=s.error,u=`/${s.propKey}`;for(;"object"==typeof a;){const s=void 0!==a.propKey?a.propKey:a.index;if(void 0===s)break;if(u+=`/${s}`,!a.error)break;a=a.error}return`${u}: ${a}`}));class JsonSchema_object extends Re.PureComponent{constructor(){super()}static defaultProps=ss;onChange=s=>{this.props.onChange(s)};handleOnChange=s=>{const o=s.target.value;this.onChange(o)};render(){let{getComponent:s,value:o,errors:i,disabled:a}=this.props;const u=s("TextArea");return i=i.toJS?i.toJS():Array.isArray(i)?i:[],Re.createElement("div",null,Re.createElement(u,{className:Jn()({invalid:i.length}),title:i.length?stringifyObjectErrors(i).join(", "):"",value:stringify(o),disabled:a,onChange:this.handleOnChange}))}}function valueOrEmptyList(s){return ze.List.isList(s)?s:Array.isArray(s)?(0,ze.fromJS)(s):(0,ze.List)()}const ModelExtensions=({extensions:s,propClass:o=""})=>s.entrySeq().map((([s,i])=>{const a=immutableToJS(i)??null;return Re.createElement("tr",{key:s,className:o},Re.createElement("td",null,s),Re.createElement("td",null,JSON.stringify(a)))})).toArray();var os=__webpack_require__(11331),as=__webpack_require__.n(os);const hasSchemaType=(s,o)=>{const i=ze.Map.isMap(s);if(!i&&!as()(s))return!1;const a=i?s.get("type"):s.type;return o===a||Array.isArray(o)&&o.includes(a)},getType=(s,o=new WeakSet)=>{if(null==s)return"any";if(o.has(s))return"any";o.add(s);const{type:i,items:a}=s;return Object.hasOwn(s,"items")?(()=>{if(a)return`array<${getType(a,o)}>`;return"array"})():i},getSchemaObjectTypeLabel=s=>getType(immutableToJS(s)),json_schema_5=()=>({components:{modelExample:model_example,ModelWrapper,ModelCollapse,Model,Models,EnumModel:enum_model,ObjectModel,ArrayModel,PrimitiveModel:Primitive,ModelExtensions,schemes:Schemes,SchemesContainer,...U},fn:{hasSchemaType,getSchemaObjectTypeLabel}});var cs=__webpack_require__(19123),ls=__webpack_require__.n(cs),us=__webpack_require__(41859),ps=__webpack_require__.n(us),hs=__webpack_require__(62193),ds=__webpack_require__.n(hs);const shallowArrayEquals=s=>o=>Array.isArray(s)&&Array.isArray(o)&&s.length===o.length&&s.every(((s,i)=>s===o[i])),list=(...s)=>s;class Cache extends Map{delete(s){const o=Array.from(this.keys()).find(shallowArrayEquals(s));return super.delete(o)}get(s){const o=Array.from(this.keys()).find(shallowArrayEquals(s));return super.get(o)}has(s){return-1!==Array.from(this.keys()).findIndex(shallowArrayEquals(s))}}const utils_memoizeN=(s,o=list)=>{const{Cache:i}=pt();pt().Cache=Cache;const a=pt()(s,o);return pt().Cache=i,a},fs={string:s=>s.pattern?(s=>{try{const o=/(?<=(?"user@example.com","string_date-time":()=>(new Date).toISOString(),string_date:()=>(new Date).toISOString().substring(0,10),string_time:()=>(new Date).toISOString().substring(11),string_uuid:()=>"3fa85f64-5717-4562-b3fc-2c963f66afa6",string_hostname:()=>"example.com",string_ipv4:()=>"198.51.100.42",string_ipv6:()=>"2001:0db8:5b96:0000:0000:426f:8e17:642a",number:()=>0,number_float:()=>0,integer:()=>0,boolean:s=>"boolean"!=typeof s.default||s.default},primitive=s=>{s=objectify(s);let{type:o,format:i}=s,a=fs[`${o}_${i}`]||fs[o];return isFunc(a)?a(s):"Unknown Type: "+s.type},sanitizeRef=s=>deeplyStripKey(s,"$$ref",(s=>"string"==typeof s&&s.indexOf("#")>-1)),ms=["maxProperties","minProperties"],gs=["minItems","maxItems"],ys=["minimum","maximum","exclusiveMinimum","exclusiveMaximum"],vs=["minLength","maxLength"],mergeJsonSchema=(s,o,i={})=>{const a={...s};if(["example","default","enum","xml","type",...ms,...gs,...ys,...vs].forEach((s=>(s=>{void 0===a[s]&&void 0!==o[s]&&(a[s]=o[s])})(s))),void 0!==o.required&&Array.isArray(o.required)&&(void 0!==a.required&&a.required.length||(a.required=[]),o.required.forEach((s=>{a.required.includes(s)||a.required.push(s)}))),o.properties){a.properties||(a.properties={});let s=objectify(o.properties);for(let u in s)Object.prototype.hasOwnProperty.call(s,u)&&(s[u]&&s[u].deprecated||s[u]&&s[u].readOnly&&!i.includeReadOnly||s[u]&&s[u].writeOnly&&!i.includeWriteOnly||a.properties[u]||(a.properties[u]=s[u],!o.required&&Array.isArray(o.required)&&-1!==o.required.indexOf(u)&&(a.required?a.required.push(u):a.required=[u])))}return o.items&&(a.items||(a.items={}),a.items=mergeJsonSchema(a.items,o.items,i)),a},sampleFromSchemaGeneric=(s,o={},i=void 0,a=!1)=>{s&&isFunc(s.toJS)&&(s=s.toJS());let u=void 0!==i||s&&void 0!==s.example||s&&void 0!==s.default;const _=!u&&s&&s.oneOf&&s.oneOf.length>0,w=!u&&s&&s.anyOf&&s.anyOf.length>0;if(!u&&(_||w)){const i=objectify(_?s.oneOf[0]:s.anyOf[0]);if(!(s=mergeJsonSchema(s,i,o)).xml&&i.xml&&(s.xml=i.xml),void 0!==s.example&&void 0!==i.example)u=!0;else if(i.properties){s.properties||(s.properties={});let a=objectify(i.properties);for(let u in a)Object.prototype.hasOwnProperty.call(a,u)&&(a[u]&&a[u].deprecated||a[u]&&a[u].readOnly&&!o.includeReadOnly||a[u]&&a[u].writeOnly&&!o.includeWriteOnly||s.properties[u]||(s.properties[u]=a[u],!i.required&&Array.isArray(i.required)&&-1!==i.required.indexOf(u)&&(s.required?s.required.push(u):s.required=[u])))}}const x={};let{xml:C,type:j,example:L,properties:B,additionalProperties:$,items:U}=s||{},{includeReadOnly:V,includeWriteOnly:z}=o;C=C||{};let Y,{name:Z,prefix:ee,namespace:ie}=C,ae={};if(a&&(Z=Z||"notagname",Y=(ee?ee+":":"")+Z,ie)){x[ee?"xmlns:"+ee:"xmlns"]=ie}a&&(ae[Y]=[]);const schemaHasAny=o=>o.some((o=>Object.prototype.hasOwnProperty.call(s,o)));s&&!j&&(B||$||schemaHasAny(ms)?j="object":U||schemaHasAny(gs)?j="array":schemaHasAny(ys)?(j="number",s.type="number"):u||s.enum||(j="string",s.type="string"));const handleMinMaxItems=o=>{if(null!=s?.maxItems&&(o=o.slice(0,s?.maxItems)),null!=s?.minItems){let i=0;for(;o.lengths&&null!==s.maxProperties&&void 0!==s.maxProperties&&pe>=s.maxProperties,canAddProperty=o=>!s||null===s.maxProperties||void 0===s.maxProperties||!hasExceededMaxProperties()&&(!(o=>!(s&&s.required&&s.required.length&&s.required.includes(o)))(o)||s.maxProperties-pe-(()=>{if(!s||!s.required)return 0;let o=0;return a?s.required.forEach((s=>o+=void 0===ae[s]?0:1)):s.required.forEach((s=>o+=void 0===ae[Y]?.find((o=>void 0!==o[s]))?0:1)),s.required.length-o})()>0);if(le=a?(i,u=void 0)=>{if(s&&ce[i]){if(ce[i].xml=ce[i].xml||{},ce[i].xml.attribute){const s=Array.isArray(ce[i].enum)?ce[i].enum[0]:void 0,o=ce[i].example,a=ce[i].default;return void(x[ce[i].xml.name||i]=void 0!==o?o:void 0!==a?a:void 0!==s?s:primitive(ce[i]))}ce[i].xml.name=ce[i].xml.name||i}else ce[i]||!1===$||(ce[i]={xml:{name:i}});let _=sampleFromSchemaGeneric(s&&ce[i]||void 0,o,u,a);canAddProperty(i)&&(pe++,Array.isArray(_)?ae[Y]=ae[Y].concat(_):ae[Y].push(_))}:(i,u)=>{if(canAddProperty(i)){if(Object.prototype.hasOwnProperty.call(s,"discriminator")&&s.discriminator&&Object.prototype.hasOwnProperty.call(s.discriminator,"mapping")&&s.discriminator.mapping&&Object.prototype.hasOwnProperty.call(s,"$$ref")&&s.$$ref&&s.discriminator.propertyName===i){for(let o in s.discriminator.mapping)if(-1!==s.$$ref.search(s.discriminator.mapping[o])){ae[i]=o;break}}else ae[i]=sampleFromSchemaGeneric(ce[i],o,u,a);pe++}},u){let u;if(u=sanitizeRef(void 0!==i?i:void 0!==L?L:s.default),!a){if("number"==typeof u&&"string"===j)return`${u}`;if("string"!=typeof u||"string"===j)return u;try{return JSON.parse(u)}catch(s){return u}}if(s||(j=Array.isArray(u)?"array":typeof u),"array"===j){if(!Array.isArray(u)){if("string"==typeof u)return u;u=[u]}const i=s?s.items:void 0;i&&(i.xml=i.xml||C||{},i.xml.name=i.xml.name||C.name);let _=u.map((s=>sampleFromSchemaGeneric(i,o,s,a)));return _=handleMinMaxItems(_),C.wrapped?(ae[Y]=_,ds()(x)||ae[Y].push({_attr:x})):ae=_,ae}if("object"===j){if("string"==typeof u)return u;for(let o in u)Object.prototype.hasOwnProperty.call(u,o)&&(s&&ce[o]&&ce[o].readOnly&&!V||s&&ce[o]&&ce[o].writeOnly&&!z||(s&&ce[o]&&ce[o].xml&&ce[o].xml.attribute?x[ce[o].xml.name||o]=u[o]:le(o,u[o])));return ds()(x)||ae[Y].push({_attr:x}),ae}return ae[Y]=ds()(x)?u:[{_attr:x},u],ae}if("object"===j){for(let s in ce)Object.prototype.hasOwnProperty.call(ce,s)&&(ce[s]&&ce[s].deprecated||ce[s]&&ce[s].readOnly&&!V||ce[s]&&ce[s].writeOnly&&!z||le(s));if(a&&x&&ae[Y].push({_attr:x}),hasExceededMaxProperties())return ae;if(!0===$)a?ae[Y].push({additionalProp:"Anything can be here"}):ae.additionalProp1={},pe++;else if($){const i=objectify($),u=sampleFromSchemaGeneric(i,o,void 0,a);if(a&&i.xml&&i.xml.name&&"notagname"!==i.xml.name)ae[Y].push(u);else{const o=i["x-additionalPropertiesName"]||"additionalProp",_=null!==s.minProperties&&void 0!==s.minProperties&&pesampleFromSchemaGeneric(mergeJsonSchema(s,U,o),o,void 0,a)));else if(Array.isArray(U.oneOf))i=U.oneOf.map((s=>sampleFromSchemaGeneric(mergeJsonSchema(s,U,o),o,void 0,a)));else{if(!(!a||a&&C.wrapped))return sampleFromSchemaGeneric(U,o,void 0,a);i=[sampleFromSchemaGeneric(U,o,void 0,a)]}return i=handleMinMaxItems(i),a&&C.wrapped?(ae[Y]=i,ds()(x)||ae[Y].push({_attr:x}),ae):i}let de;if(s&&Array.isArray(s.enum))de=normalizeArray(s.enum)[0];else{if(!s)return;if(de=primitive(s),"number"==typeof de){let o=s.minimum;null!=o&&(s.exclusiveMinimum&&o++,de=o);let i=s.maximum;null!=i&&(s.exclusiveMaximum&&i--,de=i)}if("string"==typeof de&&(null!==s.maxLength&&void 0!==s.maxLength&&(de=de.slice(0,s.maxLength)),null!==s.minLength&&void 0!==s.minLength)){let o=0;for(;de.length(s.schema&&(s=s.schema),s.properties&&(s.type="object"),s),createXMLExample=(s,o,i)=>{const a=sampleFromSchemaGeneric(s,o,i,!0);if(a)return"string"==typeof a?a:ls()(a,{declaration:!0,indent:"\t"})},sampleFromSchema=(s,o,i)=>sampleFromSchemaGeneric(s,o,i,!1),resolver=(s,o,i)=>[s,JSON.stringify(o),JSON.stringify(i)],bs=utils_memoizeN(createXMLExample,resolver),_s=utils_memoizeN(sampleFromSchema,resolver),getSchemaObjectType=s=>immutableToJS(s)?.type??"string",Ss=[{when:/json/,shouldStringifyTypes:["string"]}],Es=["object"],get_json_sample_schema=s=>(o,i,a,u)=>{const{fn:_}=s(),w=_.memoizedSampleFromSchema(o,i,u),x=typeof w,C=Ss.reduce(((s,o)=>o.when.test(a)?[...s,...o.shouldStringifyTypes]:s),Es);return gt()(C,(s=>s===x))?JSON.stringify(w,null,2):w},get_yaml_sample_schema=s=>(o,i,a,u)=>{const{fn:_}=s(),w=_.getJsonSampleSchema(o,i,a,u);let x;try{x=fn.dump(fn.load(w),{lineWidth:-1},{schema:rn}),"\n"===x[x.length-1]&&(x=x.slice(0,x.length-1))}catch(s){return console.error(s),"error: could not generate yaml example"}return x.replace(/\t/g," ")},get_xml_sample_schema=s=>(o,i,a)=>{const{fn:u}=s();if(o&&!o.xml&&(o.xml={}),o&&!o.xml.name){if(!o.$$ref&&(o.type||o.items||o.properties||o.additionalProperties))return'\n\x3c!-- XML example cannot be generated; root element name is undefined --\x3e';if(o.$$ref){let s=o.$$ref.match(/\S*\/(\S+)$/);o.xml.name=s[1]}}return u.memoizedCreateXMLExample(o,i,a)},get_sample_schema=s=>(o,i="",a={},u=void 0)=>{const{fn:_}=s();return"function"==typeof o?.toJS&&(o=o.toJS()),"function"==typeof u?.toJS&&(u=u.toJS()),/xml/.test(i)?_.getXmlSampleSchema(o,a,u):/(yaml|yml)/.test(i)?_.getYamlSampleSchema(o,a,i,u):_.getJsonSampleSchema(o,a,i,u)},json_schema_5_samples=({getSystem:s})=>{const o=get_json_sample_schema(s),i=get_yaml_sample_schema(s),a=get_xml_sample_schema(s),u=get_sample_schema(s);return{fn:{jsonSchema5:{inferSchema,sampleFromSchema,sampleFromSchemaGeneric,createXMLExample,memoizedSampleFromSchema:_s,memoizedCreateXMLExample:bs,getJsonSampleSchema:o,getYamlSampleSchema:i,getXmlSampleSchema:a,getSampleSchema:u,mergeJsonSchema},inferSchema,sampleFromSchema,sampleFromSchemaGeneric,createXMLExample,memoizedSampleFromSchema:_s,memoizedCreateXMLExample:bs,getJsonSampleSchema:o,getYamlSampleSchema:i,getXmlSampleSchema:a,getSampleSchema:u,mergeJsonSchema,getSchemaObjectType}}};var ws=__webpack_require__(37334),xs=__webpack_require__.n(ws);const ks=["get","put","post","delete","options","head","patch","trace"],spec_selectors_state=s=>s||(0,ze.Map)(),Os=Ut(spec_selectors_state,(s=>s.get("lastError"))),As=Ut(spec_selectors_state,(s=>s.get("url"))),Cs=Ut(spec_selectors_state,(s=>s.get("spec")||"")),js=Ut(spec_selectors_state,(s=>s.get("specSource")||"not-editor")),Ps=Ut(spec_selectors_state,(s=>s.get("json",(0,ze.Map)()))),Is=Ut(Ps,(s=>s.toJS())),Ts=Ut(spec_selectors_state,(s=>s.get("resolved",(0,ze.Map)()))),specResolvedSubtree=(s,o)=>s.getIn(["resolvedSubtrees",...o],void 0),mergerFn=(s,o)=>ze.Map.isMap(s)&&ze.Map.isMap(o)?o.get("$$ref")?o:(0,ze.OrderedMap)().mergeWith(mergerFn,s,o):o,Ns=Ut(spec_selectors_state,(s=>(0,ze.OrderedMap)().mergeWith(mergerFn,s.get("json"),s.get("resolvedSubtrees")))),spec=s=>Ps(s),Ms=Ut(spec,(()=>!1)),Rs=Ut(spec,(s=>returnSelfOrNewMap(s&&s.get("info")))),Ds=Ut(spec,(s=>returnSelfOrNewMap(s&&s.get("externalDocs")))),Ls=Ut(Rs,(s=>s&&s.get("version"))),Fs=Ut(Ls,(s=>/v?([0-9]*)\.([0-9]*)\.([0-9]*)/i.exec(s).slice(1))),Bs=Ut(Ns,(s=>s.get("paths"))),$s=xs()(["get","put","post","delete","options","head","patch"]),qs=Ut(Bs,(s=>{let o=(0,ze.List)();return!ze.Map.isMap(s)||s.isEmpty()||s.forEach(((s,i)=>{if(!s||!s.forEach)return{};s.forEach(((s,a)=>{ks.indexOf(a)<0||(o=o.push((0,ze.fromJS)({path:i,method:a,operation:s,id:`${a}-${i}`})))}))})),o})),Us=Ut(spec,(s=>(0,ze.Set)(s.get("consumes")))),Vs=Ut(spec,(s=>(0,ze.Set)(s.get("produces")))),zs=Ut(spec,(s=>s.get("security",(0,ze.List)()))),Ws=Ut(spec,(s=>s.get("securityDefinitions"))),findDefinition=(s,o)=>{const i=s.getIn(["resolvedSubtrees","definitions",o],null),a=s.getIn(["json","definitions",o],null);return i||a||null},Js=Ut(spec,(s=>{const o=s.get("definitions");return ze.Map.isMap(o)?o:(0,ze.Map)()})),Hs=Ut(spec,(s=>s.get("basePath"))),Ks=Ut(spec,(s=>s.get("host"))),Gs=Ut(spec,(s=>s.get("schemes",(0,ze.Map)()))),Ys=Ut([qs,Us,Vs],((s,o,i)=>s.map((s=>s.update("operation",(s=>ze.Map.isMap(s)?s.withMutations((s=>(s.get("consumes")||s.update("consumes",(s=>(0,ze.Set)(s).merge(o))),s.get("produces")||s.update("produces",(s=>(0,ze.Set)(s).merge(i))),s))):(0,ze.Map)())))))),Xs=Ut(spec,(s=>{const o=s.get("tags",(0,ze.List)());return ze.List.isList(o)?o.filter((s=>ze.Map.isMap(s))):(0,ze.List)()})),tagDetails=(s,o)=>(Xs(s)||(0,ze.List)()).filter(ze.Map.isMap).find((s=>s.get("name")===o),(0,ze.Map)()),Qs=Ut(Ys,Xs,((s,o)=>s.reduce(((s,o)=>{let i=(0,ze.Set)(o.getIn(["operation","tags"]));return i.count()<1?s.update("default",(0,ze.List)(),(s=>s.push(o))):i.reduce(((s,i)=>s.update(i,(0,ze.List)(),(s=>s.push(o)))),s)}),o.reduce(((s,o)=>s.set(o.get("name"),(0,ze.List)())),(0,ze.OrderedMap)())))),selectors_taggedOperations=s=>({getConfigs:o})=>{let{tagsSorter:i,operationsSorter:a}=o();return Qs(s).sortBy(((s,o)=>o),((s,o)=>{let a="function"==typeof i?i:It.tagsSorter[i];return a?a(s,o):null})).map(((o,i)=>{let u="function"==typeof a?a:It.operationsSorter[a],_=u?o.sort(u):o;return(0,ze.Map)({tagDetails:tagDetails(s,i),operations:_})}))},Zs=Ut(spec_selectors_state,(s=>s.get("responses",(0,ze.Map)()))),eo=Ut(spec_selectors_state,(s=>s.get("requests",(0,ze.Map)()))),to=Ut(spec_selectors_state,(s=>s.get("mutatedRequests",(0,ze.Map)()))),responseFor=(s,o,i)=>Zs(s).getIn([o,i],null),requestFor=(s,o,i)=>eo(s).getIn([o,i],null),mutatedRequestFor=(s,o,i)=>to(s).getIn([o,i],null),allowTryItOutFor=()=>!0,parameterWithMetaByIdentity=(s,o,i)=>{const a=Ns(s).getIn(["paths",...o,"parameters"],(0,ze.OrderedMap)()),u=s.getIn(["meta","paths",...o,"parameters"],(0,ze.OrderedMap)());return a.map((s=>{const o=u.get(`${i.get("in")}.${i.get("name")}`),a=u.get(`${i.get("in")}.${i.get("name")}.hash-${i.hashCode()}`);return(0,ze.OrderedMap)().merge(s,o,a)})).find((s=>s.get("in")===i.get("in")&&s.get("name")===i.get("name")),(0,ze.OrderedMap)())},parameterInclusionSettingFor=(s,o,i,a)=>{const u=`${a}.${i}`;return s.getIn(["meta","paths",...o,"parameter_inclusions",u],!1)},parameterWithMeta=(s,o,i,a)=>{const u=Ns(s).getIn(["paths",...o,"parameters"],(0,ze.OrderedMap)()).find((s=>s.get("in")===a&&s.get("name")===i),(0,ze.OrderedMap)());return parameterWithMetaByIdentity(s,o,u)},operationWithMeta=(s,o,i)=>{const a=Ns(s).getIn(["paths",o,i],(0,ze.OrderedMap)()),u=s.getIn(["meta","paths",o,i],(0,ze.OrderedMap)()),_=a.get("parameters",(0,ze.List)()).map((a=>parameterWithMetaByIdentity(s,[o,i],a)));return(0,ze.OrderedMap)().merge(a,u).set("parameters",_)};function getParameter(s,o,i,a){return o=o||[],s.getIn(["meta","paths",...o,"parameters"],(0,ze.fromJS)([])).find((s=>ze.Map.isMap(s)&&s.get("name")===i&&s.get("in")===a))||(0,ze.Map)()}const ro=Ut(spec,(s=>{const o=s.get("host");return"string"==typeof o&&o.length>0&&"/"!==o[0]}));function parameterValues(s,o,i){return o=o||[],operationWithMeta(s,...o).get("parameters",(0,ze.List)()).reduce(((s,o)=>{let a=i&&"body"===o.get("in")?o.get("value_xml"):o.get("value");return ze.List.isList(a)&&(a=a.filter((s=>""!==s))),s.set(paramToIdentifier(o,{allowHashes:!1}),a)}),(0,ze.fromJS)({}))}function parametersIncludeIn(s,o=""){if(ze.List.isList(s))return s.some((s=>ze.Map.isMap(s)&&s.get("in")===o))}function parametersIncludeType(s,o=""){if(ze.List.isList(s))return s.some((s=>ze.Map.isMap(s)&&s.get("type")===o))}function contentTypeValues(s,o){o=o||[];let i=Ns(s).getIn(["paths",...o],(0,ze.fromJS)({})),a=s.getIn(["meta","paths",...o],(0,ze.fromJS)({})),u=currentProducesFor(s,o);const _=i.get("parameters")||new ze.List,w=a.get("consumes_value")?a.get("consumes_value"):parametersIncludeType(_,"file")?"multipart/form-data":parametersIncludeType(_,"formData")?"application/x-www-form-urlencoded":void 0;return(0,ze.fromJS)({requestContentType:w,responseContentType:u})}function currentProducesFor(s,o){o=o||[];const i=Ns(s).getIn(["paths",...o],null);if(null===i)return;const a=s.getIn(["meta","paths",...o,"produces_value"],null),u=i.getIn(["produces",0],null);return a||u||"application/json"}function producesOptionsFor(s,o){o=o||[];const i=Ns(s),a=i.getIn(["paths",...o],null);if(null===a)return;const[u]=o,_=a.get("produces",null),w=i.getIn(["paths",u,"produces"],null),x=i.getIn(["produces"],null);return _||w||x}function consumesOptionsFor(s,o){o=o||[];const i=Ns(s),a=i.getIn(["paths",...o],null);if(null===a)return;const[u]=o,_=a.get("consumes",null),w=i.getIn(["paths",u,"consumes"],null),x=i.getIn(["consumes"],null);return _||w||x}const operationScheme=(s,o,i)=>{let a=s.get("url").match(/^([a-z][a-z0-9+\-.]*):/),u=Array.isArray(a)?a[1]:null;return s.getIn(["scheme",o,i])||s.getIn(["scheme","_defaultScheme"])||u||""},canExecuteScheme=(s,o,i)=>["http","https"].indexOf(operationScheme(s,o,i))>-1,validationErrors=(s,o)=>{o=o||[];const i=s.getIn(["meta","paths",...o,"parameters"],(0,ze.fromJS)([])),a=[];if(0===i.length)return a;const getErrorsWithPaths=(s,o=[])=>{const getNestedErrorsWithPaths=(s,o)=>{const i=[...o,s.get("propKey")||s.get("index")];return ze.Map.isMap(s.get("error"))?getErrorsWithPaths(s.get("error"),i):{error:s.get("error"),path:i}};return ze.List.isList(s)?s.map((s=>ze.Map.isMap(s)?getNestedErrorsWithPaths(s,o):{error:s,path:o})):getNestedErrorsWithPaths(s,o)};return i.forEach(((s,o)=>{const i=o.split(".").slice(1,-1).join("."),u=s.get("errors");if(u&&u.count()){getErrorsWithPaths(u).forEach((({error:s,path:o})=>{a.push(((s,o,i)=>`For '${i}'${(o=o.reduce(((s,o)=>"number"==typeof o?`${s}[${o}]`:s?`${s}.${o}`:o),""))?` at path '${o}'`:""}: ${s}.`)(s,o,i))}))}})),a},validateBeforeExecute=(s,o)=>0===validationErrors(s,o).length,getOAS3RequiredRequestBodyContentType=(s,o)=>{let i={requestBody:!1,requestContentType:{}},a=s.getIn(["resolvedSubtrees","paths",...o,"requestBody"],(0,ze.fromJS)([]));return a.size<1||(a.getIn(["required"])&&(i.requestBody=a.getIn(["required"])),a.getIn(["content"]).entrySeq().forEach((s=>{const o=s[0];if(s[1].getIn(["schema","required"])){const a=s[1].getIn(["schema","required"]).toJS();i.requestContentType[o]=a}}))),i},isMediaTypeSchemaPropertiesEqual=(s,o,i,a)=>{if((i||a)&&i===a)return!0;let u=s.getIn(["resolvedSubtrees","paths",...o,"requestBody","content"],(0,ze.fromJS)([]));if(u.size<2||!i||!a)return!1;let _=u.getIn([i,"schema","properties"],(0,ze.fromJS)([])),w=u.getIn([a,"schema","properties"],(0,ze.fromJS)([]));return!!_.equals(w)};function returnSelfOrNewMap(s){return ze.Map.isMap(s)?s:new ze.Map}var no=__webpack_require__(85015),so=__webpack_require__.n(no),oo=__webpack_require__(38221),io=__webpack_require__.n(oo),ao=__webpack_require__(63560),co=__webpack_require__.n(ao),lo=__webpack_require__(56367),uo=__webpack_require__.n(lo);const po="spec_update_spec",ho="spec_update_url",fo="spec_update_json",mo="spec_update_param",go="spec_update_empty_param_inclusion",yo="spec_validate_param",vo="spec_set_response",bo="spec_set_request",_o="spec_set_mutated_request",So="spec_log_request",Eo="spec_clear_response",wo="spec_clear_request",xo="spec_clear_validate_param",ko="spec_update_operation_meta_value",Oo="spec_update_resolved",Ao="spec_update_resolved_subtree",Co="set_scheme",toStr=s=>so()(s)?s:"";function updateSpec(s){const o=toStr(s).replace(/\t/g," ");if("string"==typeof s)return{type:po,payload:o}}function updateResolved(s){return{type:Oo,payload:s}}function updateUrl(s){return{type:ho,payload:s}}function updateJsonSpec(s){return{type:fo,payload:s}}const parseToJson=s=>({specActions:o,specSelectors:i,errActions:a})=>{let{specStr:u}=i,_=null;try{s=s||u(),a.clear({source:"parser"}),_=fn.load(s,{schema:rn})}catch(s){return console.error(s),a.newSpecErr({source:"parser",level:"error",message:s.reason,line:s.mark&&s.mark.line?s.mark.line+1:void 0})}return _&&"object"==typeof _?o.updateJsonSpec(_):o.updateJsonSpec({})};let jo=!1;const resolveSpec=(s,o)=>({specActions:i,specSelectors:a,errActions:u,fn:{fetch:_,resolve:w,AST:x={}},getConfigs:C})=>{jo||(console.warn("specActions.resolveSpec is deprecated since v3.10.0 and will be removed in v4.0.0; use requestResolvedSubtree instead!"),jo=!0);const{modelPropertyMacro:j,parameterMacro:L,requestInterceptor:B,responseInterceptor:$}=C();void 0===s&&(s=a.specJson()),void 0===o&&(o=a.url());let U=x.getLineNumberForPath?x.getLineNumberForPath:()=>{},V=a.specStr();return w({fetch:_,spec:s,baseDoc:String(new URL(o,document.baseURI)),modelPropertyMacro:j,parameterMacro:L,requestInterceptor:B,responseInterceptor:$}).then((({spec:s,errors:o})=>{if(u.clear({type:"thrown"}),Array.isArray(o)&&o.length>0){let s=o.map((s=>(console.error(s),s.line=s.fullPath?U(V,s.fullPath):null,s.path=s.fullPath?s.fullPath.join("."):null,s.level="error",s.type="thrown",s.source="resolver",Object.defineProperty(s,"message",{enumerable:!0,value:s.message}),s)));u.newThrownErrBatch(s)}return i.updateResolved(s)}))};let Po=[];const Io=io()((()=>{const s=Po.reduce(((s,{path:o,system:i})=>(s.has(i)||s.set(i,[]),s.get(i).push(o),s)),new Map);Po=[],s.forEach((async(s,o)=>{if(!o)return void console.error("debResolveSubtrees: don't have a system to operate on, aborting.");if(!o.fn.resolveSubtree)return void console.error("Error: Swagger-Client did not provide a `resolveSubtree` method, doing nothing.");const{errActions:i,errSelectors:a,fn:{resolveSubtree:u,fetch:_,AST:w={}},specSelectors:x,specActions:C}=o,j=w.getLineNumberForPath??xs()(void 0),L=x.specStr(),{modelPropertyMacro:B,parameterMacro:$,requestInterceptor:U,responseInterceptor:V}=o.getConfigs();try{const o=await s.reduce((async(s,o)=>{let{resultMap:w,specWithCurrentSubtrees:C}=await s;const{errors:z,spec:Y}=await u(C,o,{baseDoc:String(new URL(x.url(),document.baseURI)),modelPropertyMacro:B,parameterMacro:$,requestInterceptor:U,responseInterceptor:V});if(a.allErrors().size&&i.clearBy((s=>"thrown"!==s.get("type")||"resolver"!==s.get("source")||!s.get("fullPath")?.every(((s,i)=>s===o[i]||void 0===o[i])))),Array.isArray(z)&&z.length>0){let s=z.map((s=>(s.line=s.fullPath?j(L,s.fullPath):null,s.path=s.fullPath?s.fullPath.join("."):null,s.level="error",s.type="thrown",s.source="resolver",Object.defineProperty(s,"message",{enumerable:!0,value:s.message}),s)));i.newThrownErrBatch(s)}return Y&&x.isOAS3()&&"components"===o[0]&&"securitySchemes"===o[1]&&await Promise.all(Object.values(Y).filter((s=>"openIdConnect"===s?.type)).map((async s=>{const o={url:s.openIdConnectUrl,requestInterceptor:U,responseInterceptor:V};try{const i=await _(o);i instanceof Error||i.status>=400?console.error(i.statusText+" "+o.url):s.openIdConnectData=JSON.parse(i.text)}catch(s){console.error(s)}}))),co()(w,o,Y),C=uo()(o,Y,C),{resultMap:w,specWithCurrentSubtrees:C}}),Promise.resolve({resultMap:(x.specResolvedSubtree([])||(0,ze.Map)()).toJS(),specWithCurrentSubtrees:x.specJS()}));C.updateResolvedSubtree([],o.resultMap)}catch(s){console.error(s)}}))}),35),requestResolvedSubtree=s=>o=>{Po.find((({path:i,system:a})=>a===o&&i.toString()===s.toString()))||(Po.push({path:s,system:o}),Io())};function changeParam(s,o,i,a,u){return{type:mo,payload:{path:s,value:a,paramName:o,paramIn:i,isXml:u}}}function changeParamByIdentity(s,o,i,a){return{type:mo,payload:{path:s,param:o,value:i,isXml:a}}}const updateResolvedSubtree=(s,o)=>({type:Ao,payload:{path:s,value:o}}),invalidateResolvedSubtreeCache=()=>({type:Ao,payload:{path:[],value:(0,ze.Map)()}}),validateParams=(s,o)=>({type:yo,payload:{pathMethod:s,isOAS3:o}}),updateEmptyParamInclusion=(s,o,i,a)=>({type:go,payload:{pathMethod:s,paramName:o,paramIn:i,includeEmptyValue:a}});function clearValidateParams(s){return{type:xo,payload:{pathMethod:s}}}function changeConsumesValue(s,o){return{type:ko,payload:{path:s,value:o,key:"consumes_value"}}}function changeProducesValue(s,o){return{type:ko,payload:{path:s,value:o,key:"produces_value"}}}const setResponse=(s,o,i)=>({payload:{path:s,method:o,res:i},type:vo}),setRequest=(s,o,i)=>({payload:{path:s,method:o,req:i},type:bo}),setMutatedRequest=(s,o,i)=>({payload:{path:s,method:o,req:i},type:_o}),logRequest=s=>({payload:s,type:So}),executeRequest=s=>({fn:o,specActions:i,specSelectors:a,getConfigs:u,oas3Selectors:_})=>{let{pathName:w,method:x,operation:C}=s,{requestInterceptor:j,responseInterceptor:L}=u(),B=C.toJS();if(C&&C.get("parameters")&&C.get("parameters").filter((s=>s&&!0===s.get("allowEmptyValue"))).forEach((o=>{if(a.parameterInclusionSettingFor([w,x],o.get("name"),o.get("in"))){s.parameters=s.parameters||{};const i=paramToValue(o,s.parameters);(!i||i&&0===i.size)&&(s.parameters[o.get("name")]="")}})),s.contextUrl=Nt()(a.url()).toString(),B&&B.operationId?s.operationId=B.operationId:B&&w&&x&&(s.operationId=o.opId(B,w,x)),a.isOAS3()){const o=`${w}:${x}`;s.server=_.selectedServer(o)||_.selectedServer();const i=_.serverVariables({server:s.server,namespace:o}).toJS(),a=_.serverVariables({server:s.server}).toJS();s.serverVariables=Object.keys(i).length?i:a,s.requestContentType=_.requestContentType(w,x),s.responseContentType=_.responseContentType(w,x)||"*/*";const u=_.requestBodyValue(w,x),C=_.requestBodyInclusionSetting(w,x);u&&u.toJS?s.requestBody=u.map((s=>ze.Map.isMap(s)?s.get("value"):s)).filter(((s,o)=>(Array.isArray(s)?0!==s.length:!isEmptyValue(s))||C.get(o))).toJS():s.requestBody=u}let $=Object.assign({},s);$=o.buildRequest($),i.setRequest(s.pathName,s.method,$);s.requestInterceptor=async o=>{let a=await j.apply(void 0,[o]),u=Object.assign({},a);return i.setMutatedRequest(s.pathName,s.method,u),a},s.responseInterceptor=L;const U=Date.now();return o.execute(s).then((o=>{o.duration=Date.now()-U,i.setResponse(s.pathName,s.method,o)})).catch((o=>{"Failed to fetch"===o.message&&(o.name="",o.message='**Failed to fetch.** \n**Possible Reasons:** \n - CORS \n - Network Failure \n - URL scheme must be "http" or "https" for CORS request.'),i.setResponse(s.pathName,s.method,{error:!0,err:o})}))},actions_execute=({path:s,method:o,...i}={})=>a=>{let{fn:{fetch:u},specSelectors:_,specActions:w}=a,x=_.specJsonWithResolvedSubtrees().toJS(),C=_.operationScheme(s,o),{requestContentType:j,responseContentType:L}=_.contentTypeValues([s,o]).toJS(),B=/xml/i.test(j),$=_.parameterValues([s,o],B).toJS();return w.executeRequest({...i,fetch:u,spec:x,pathName:s,method:o,parameters:$,requestContentType:j,scheme:C,responseContentType:L})};function clearResponse(s,o){return{type:Eo,payload:{path:s,method:o}}}function clearRequest(s,o){return{type:wo,payload:{path:s,method:o}}}function setScheme(s,o,i){return{type:Co,payload:{scheme:s,path:o,method:i}}}const To={[po]:(s,o)=>"string"==typeof o.payload?s.set("spec",o.payload):s,[ho]:(s,o)=>s.set("url",o.payload+""),[fo]:(s,o)=>s.set("json",fromJSOrdered(o.payload)),[Oo]:(s,o)=>s.setIn(["resolved"],fromJSOrdered(o.payload)),[Ao]:(s,o)=>{const{value:i,path:a}=o.payload;return s.setIn(["resolvedSubtrees",...a],fromJSOrdered(i))},[mo]:(s,{payload:o})=>{let{path:i,paramName:a,paramIn:u,param:_,value:w,isXml:x}=o,C=_?paramToIdentifier(_):`${u}.${a}`;const j=x?"value_xml":"value";return s.setIn(["meta","paths",...i,"parameters",C,j],(0,ze.fromJS)(w))},[go]:(s,{payload:o})=>{let{pathMethod:i,paramName:a,paramIn:u,includeEmptyValue:_}=o;if(!a||!u)return console.warn("Warning: UPDATE_EMPTY_PARAM_INCLUSION could not generate a paramKey."),s;const w=`${u}.${a}`;return s.setIn(["meta","paths",...i,"parameter_inclusions",w],_)},[yo]:(s,{payload:{pathMethod:o,isOAS3:i}})=>{const a=Ns(s).getIn(["paths",...o]),u=parameterValues(s,o).toJS();return s.updateIn(["meta","paths",...o,"parameters"],(0,ze.fromJS)({}),(_=>a.get("parameters",(0,ze.List)()).reduce(((a,_)=>{const w=paramToValue(_,u),x=parameterInclusionSettingFor(s,o,_.get("name"),_.get("in")),C=((s,o,{isOAS3:i=!1,bypassRequiredCheck:a=!1}={})=>{let u=s.get("required"),{schema:_,parameterContentMediaType:w}=getParameterSchema(s,{isOAS3:i});return validateValueBySchema(o,_,u,a,w)})(_,w,{bypassRequiredCheck:x,isOAS3:i});return a.setIn([paramToIdentifier(_),"errors"],(0,ze.fromJS)(C))}),_)))},[xo]:(s,{payload:{pathMethod:o}})=>s.updateIn(["meta","paths",...o,"parameters"],(0,ze.fromJS)([]),(s=>s.map((s=>s.set("errors",(0,ze.fromJS)([])))))),[vo]:(s,{payload:{res:o,path:i,method:a}})=>{let u;u=o.error?Object.assign({error:!0,name:o.err.name,message:o.err.message,statusCode:o.err.statusCode},o.err.response):o,u.headers=u.headers||{};let _=s.setIn(["responses",i,a],fromJSOrdered(u));return lt.Blob&&u.data instanceof lt.Blob&&(_=_.setIn(["responses",i,a,"text"],u.data)),_},[bo]:(s,{payload:{req:o,path:i,method:a}})=>s.setIn(["requests",i,a],fromJSOrdered(o)),[_o]:(s,{payload:{req:o,path:i,method:a}})=>s.setIn(["mutatedRequests",i,a],fromJSOrdered(o)),[ko]:(s,{payload:{path:o,value:i,key:a}})=>{let u=["paths",...o],_=["meta","paths",...o];return s.getIn(["json",...u])||s.getIn(["resolved",...u])||s.getIn(["resolvedSubtrees",...u])?s.setIn([..._,a],(0,ze.fromJS)(i)):s},[Eo]:(s,{payload:{path:o,method:i}})=>s.deleteIn(["responses",o,i]),[wo]:(s,{payload:{path:o,method:i}})=>s.deleteIn(["requests",o,i]),[Co]:(s,{payload:{scheme:o,path:i,method:a}})=>i&&a?s.setIn(["scheme",i,a],o):i||a?void 0:s.setIn(["scheme","_defaultScheme"],o)},wrap_actions_updateSpec=(s,{specActions:o})=>(...i)=>{s(...i),o.parseToJson(...i)},wrap_actions_updateJsonSpec=(s,{specActions:o})=>(...i)=>{s(...i),o.invalidateResolvedSubtreeCache();const[a]=i,u=Cn()(a,["paths"])||{};Object.keys(u).forEach((s=>{const i=Cn()(u,[s]);as()(i)&&i.$ref&&o.requestResolvedSubtree(["paths",s])})),o.requestResolvedSubtree(["components","securitySchemes"])},wrap_actions_executeRequest=(s,{specActions:o})=>i=>(o.logRequest(i),s(i)),wrap_actions_validateParams=(s,{specSelectors:o})=>i=>s(i,o.isOAS3()),plugins_spec=()=>({statePlugins:{spec:{wrapActions:{...Y},reducers:{...To},actions:{...z},selectors:{...V}}}});var No=function(){var extendStatics=function(s,o){return extendStatics=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(s,o){s.__proto__=o}||function(s,o){for(var i in o)o.hasOwnProperty(i)&&(s[i]=o[i])},extendStatics(s,o)};return function(s,o){function __(){this.constructor=s}extendStatics(s,o),s.prototype=null===o?Object.create(o):(__.prototype=o.prototype,new __)}}(),Mo=Object.prototype.hasOwnProperty;function module_helpers_hasOwnProperty(s,o){return Mo.call(s,o)}function _objectKeys(s){if(Array.isArray(s)){for(var o=new Array(s.length),i=0;i=48&&o<=57))return!1;i++}return!0}function escapePathComponent(s){return-1===s.indexOf("/")&&-1===s.indexOf("~")?s:s.replace(/~/g,"~0").replace(/\//g,"~1")}function unescapePathComponent(s){return s.replace(/~1/g,"/").replace(/~0/g,"~")}function hasUndefined(s){if(void 0===s)return!0;if(s)if(Array.isArray(s)){for(var o=0,i=s.length;o0&&"constructor"==x[j-1]))throw new TypeError("JSON-Patch: modifying `__proto__` or `constructor/prototype` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README");if(i&&void 0===B&&(void 0===C[$]?B=x.slice(0,j).join("/"):j==L-1&&(B=o.path),void 0!==B&&U(o,0,s,B)),j++,Array.isArray(C)){if("-"===$)$=C.length;else{if(i&&!helpers_isInteger($))throw new Do("Expected an unsigned base-10 integer value, making the new referenced value the array element with the zero-based index","OPERATION_PATH_ILLEGAL_ARRAY_INDEX",_,o,s);helpers_isInteger($)&&($=~~$)}if(j>=L){if(i&&"add"===o.op&&$>C.length)throw new Do("The specified index MUST NOT be greater than the number of elements in the array","OPERATION_VALUE_OUT_OF_BOUNDS",_,o,s);if(!1===(w=Bo[o.op].call(o,C,$,s)).test)throw new Do("Test operation failed","TEST_OPERATION_FAILED",_,o,s);return w}}else if(j>=L){if(!1===(w=Fo[o.op].call(o,C,$,s)).test)throw new Do("Test operation failed","TEST_OPERATION_FAILED",_,o,s);return w}if(C=C[$],i&&j0)throw new Do('Operation `path` property must start with "/"',"OPERATION_PATH_INVALID",o,s,i);if(("move"===s.op||"copy"===s.op)&&"string"!=typeof s.from)throw new Do("Operation `from` property is not present (applicable in `move` and `copy` operations)","OPERATION_FROM_REQUIRED",o,s,i);if(("add"===s.op||"replace"===s.op||"test"===s.op)&&void 0===s.value)throw new Do("Operation `value` property is not present (applicable in `add`, `replace` and `test` operations)","OPERATION_VALUE_REQUIRED",o,s,i);if(("add"===s.op||"replace"===s.op||"test"===s.op)&&hasUndefined(s.value))throw new Do("Operation `value` property is not present (applicable in `add`, `replace` and `test` operations)","OPERATION_VALUE_CANNOT_CONTAIN_UNDEFINED",o,s,i);if(i)if("add"==s.op){var u=s.path.split("/").length,_=a.split("/").length;if(u!==_+1&&u!==_)throw new Do("Cannot perform an `add` operation at the desired path","OPERATION_PATH_CANNOT_ADD",o,s,i)}else if("replace"===s.op||"remove"===s.op||"_get"===s.op){if(s.path!==a)throw new Do("Cannot perform the operation at a path that does not exist","OPERATION_PATH_UNRESOLVABLE",o,s,i)}else if("move"===s.op||"copy"===s.op){var w=validate([{op:"_get",path:s.from,value:void 0}],i);if(w&&"OPERATION_PATH_UNRESOLVABLE"===w.name)throw new Do("Cannot perform the operation from a path that does not exist","OPERATION_FROM_UNRESOLVABLE",o,s,i)}}function validate(s,o,i){try{if(!Array.isArray(s))throw new Do("Patch sequence must be an array","SEQUENCE_NOT_AN_ARRAY");if(o)applyPatch(_deepClone(o),_deepClone(s),i||!0);else{i=i||validator;for(var a=0;a0&&(s.patches=[],s.callback&&s.callback(a)),a}function _generate(s,o,i,a,u){if(o!==s){"function"==typeof o.toJSON&&(o=o.toJSON());for(var _=_objectKeys(o),w=_objectKeys(s),x=!1,C=w.length-1;C>=0;C--){var j=s[B=w[C]];if(!module_helpers_hasOwnProperty(o,B)||void 0===o[B]&&void 0!==j&&!1===Array.isArray(o))Array.isArray(s)===Array.isArray(o)?(u&&i.push({op:"test",path:a+"/"+escapePathComponent(B),value:_deepClone(j)}),i.push({op:"remove",path:a+"/"+escapePathComponent(B)}),x=!0):(u&&i.push({op:"test",path:a,value:s}),i.push({op:"replace",path:a,value:o}),!0);else{var L=o[B];"object"==typeof j&&null!=j&&"object"==typeof L&&null!=L&&Array.isArray(j)===Array.isArray(L)?_generate(j,L,i,a+"/"+escapePathComponent(B),u):j!==L&&(u&&i.push({op:"test",path:a+"/"+escapePathComponent(B),value:_deepClone(j)}),i.push({op:"replace",path:a+"/"+escapePathComponent(B),value:_deepClone(L)}))}}if(x||_.length!=w.length)for(C=0;C<_.length;C++){var B;module_helpers_hasOwnProperty(s,B=_[C])||void 0===o[B]||i.push({op:"add",path:a+"/"+escapePathComponent(B),value:_deepClone(o[B])})}}}function compare(s,o,i){void 0===i&&(i=!1);var a=[];return _generate(s,o,a,"",i),a}Object.assign({},Z,ee,{JsonPatchError:Ro,deepClone:_deepClone,escapePathComponent,unescapePathComponent});var Vo=__webpack_require__(14744),zo=__webpack_require__.n(Vo);const Wo={add:function add(s,o){return{op:"add",path:s,value:o}},replace,remove:function remove(s){return{op:"remove",path:s}},merge:function lib_merge(s,o){return{type:"mutation",op:"merge",path:s,value:o}},mergeDeep:function mergeDeep(s,o){return{type:"mutation",op:"mergeDeep",path:s,value:o}},context:function context(s,o){return{type:"context",path:s,value:o}},getIn:function lib_getIn(s,o){return o.reduce(((s,o)=>void 0!==o&&s?s[o]:s),s)},applyPatch:function lib_applyPatch(s,o,i){if(i=i||{},"merge"===(o={...o,path:o.path&&normalizeJSONPath(o.path)}).op){const i=getInByJsonPath(s,o.path);Object.assign(i,o.value),applyPatch(s,[replace(o.path,i)])}else if("mergeDeep"===o.op){const i=getInByJsonPath(s,o.path),a=zo()(i,o.value,{customMerge:s=>{if("enum"===s)return(s,o)=>Array.isArray(s)&&Array.isArray(o)?[...new Set([...s,...o])]:zo()(s,o)}});s=applyPatch(s,[replace(o.path,a)]).newDocument}else if("add"===o.op&&""===o.path&&lib_isObject(o.value)){applyPatch(s,Object.keys(o.value).reduce(((s,i)=>(s.push({op:"add",path:`/${normalizeJSONPath(i)}`,value:o.value[i]}),s)),[]))}else if("replace"===o.op&&""===o.path){let{value:a}=o;i.allowMetaPatches&&o.meta&&isAdditiveMutation(o)&&(Array.isArray(o.value)||lib_isObject(o.value))&&(a={...a,...o.meta}),s=a}else if(applyPatch(s,[o]),i.allowMetaPatches&&o.meta&&isAdditiveMutation(o)&&(Array.isArray(o.value)||lib_isObject(o.value))){const i={...getInByJsonPath(s,o.path),...o.meta};applyPatch(s,[replace(o.path,i)])}return s},parentPathMatch:function parentPathMatch(s,o){if(!Array.isArray(o))return!1;for(let i=0,a=o.length;i(s+"").replace(/~/g,"~0").replace(/\//g,"~1"))).join("/")}`:s}function replace(s,o,i){return{op:"replace",path:s,value:o,meta:i}}function forEachNewPatch(s,o,i){return cleanArray(flatten(s.filter(isAdditiveMutation).map((s=>o(s.value,i,s.path)))||[]))}function forEachPrimitive(s,o,i){return i=i||[],Array.isArray(s)?s.map(((s,a)=>forEachPrimitive(s,o,i.concat(a)))):lib_isObject(s)?Object.keys(s).map((a=>forEachPrimitive(s[a],o,i.concat(a)))):o(s,i[i.length-1],i)}function forEach(s,o,i){let a=[];if((i=i||[]).length>0){const u=o(s,i[i.length-1],i);u&&(a=a.concat(u))}if(Array.isArray(s)){const u=s.map(((s,a)=>forEach(s,o,i.concat(a))));u&&(a=a.concat(u))}else if(lib_isObject(s)){const u=Object.keys(s).map((a=>forEach(s[a],o,i.concat(a))));u&&(a=a.concat(u))}return a=flatten(a),a}function lib_normalizeArray(s){return Array.isArray(s)?s:[s]}function flatten(s){return[].concat(...s.map((s=>Array.isArray(s)?flatten(s):s)))}function cleanArray(s){return s.filter((s=>void 0!==s))}function lib_isObject(s){return s&&"object"==typeof s}function lib_isFunction(s){return s&&"function"==typeof s}function isJsonPatch(s){if(isPatch(s)){const{op:o}=s;return"add"===o||"remove"===o||"replace"===o}return!1}function isMutation(s){return isJsonPatch(s)||isPatch(s)&&"mutation"===s.type}function isAdditiveMutation(s){return isMutation(s)&&("add"===s.op||"replace"===s.op||"merge"===s.op||"mergeDeep"===s.op)}function isPatch(s){return s&&"object"==typeof s}function getInByJsonPath(s,o){try{return getValueByPointer(s,o)}catch(s){return console.error(s),{}}}var Jo=__webpack_require__(48675);const Ho=class ApiDOMAggregateError extends Jo{constructor(s,o,i){if(super(s,o,i),this.name=this.constructor.name,"string"==typeof o&&(this.message=o),"function"==typeof Error.captureStackTrace?Error.captureStackTrace(this,this.constructor):this.stack=new Error(o).stack,null!=i&&"object"==typeof i&&Object.hasOwn(i,"cause")&&!("cause"in this)){const{cause:s}=i;this.cause=s,s instanceof Error&&"stack"in s&&(this.stack=`${this.stack}\nCAUSE: ${s.stack}`)}}};class ApiDOMError extends Error{static[Symbol.hasInstance](s){return super[Symbol.hasInstance](s)||Function.prototype[Symbol.hasInstance].call(Ho,s)}constructor(s,o){if(super(s,o),this.name=this.constructor.name,"string"==typeof s&&(this.message=s),"function"==typeof Error.captureStackTrace?Error.captureStackTrace(this,this.constructor):this.stack=new Error(s).stack,null!=o&&"object"==typeof o&&Object.hasOwn(o,"cause")&&!("cause"in this)){const{cause:s}=o;this.cause=s,s instanceof Error&&"stack"in s&&(this.stack=`${this.stack}\nCAUSE: ${s.stack}`)}}}const Ko=ApiDOMError;const Go=class ApiDOMStructuredError extends Ko{constructor(s,o){if(super(s,o),null!=o&&"object"==typeof o){const{cause:s,...i}=o;Object.assign(this,i)}}};var Yo=__webpack_require__(65606);function _isPlaceholder(s){return null!=s&&"object"==typeof s&&!0===s["@@functional/placeholder"]}function _curry1(s){return function f1(o){return 0===arguments.length||_isPlaceholder(o)?f1:s.apply(this,arguments)}}function _curry2(s){return function f2(o,i){switch(arguments.length){case 0:return f2;case 1:return _isPlaceholder(o)?f2:_curry1((function(i){return s(o,i)}));default:return _isPlaceholder(o)&&_isPlaceholder(i)?f2:_isPlaceholder(o)?_curry1((function(o){return s(o,i)})):_isPlaceholder(i)?_curry1((function(i){return s(o,i)})):s(o,i)}}}function _curry3(s){return function f3(o,i,a){switch(arguments.length){case 0:return f3;case 1:return _isPlaceholder(o)?f3:_curry2((function(i,a){return s(o,i,a)}));case 2:return _isPlaceholder(o)&&_isPlaceholder(i)?f3:_isPlaceholder(o)?_curry2((function(o,a){return s(o,i,a)})):_isPlaceholder(i)?_curry2((function(i,a){return s(o,i,a)})):_curry1((function(a){return s(o,i,a)}));default:return _isPlaceholder(o)&&_isPlaceholder(i)&&_isPlaceholder(a)?f3:_isPlaceholder(o)&&_isPlaceholder(i)?_curry2((function(o,i){return s(o,i,a)})):_isPlaceholder(o)&&_isPlaceholder(a)?_curry2((function(o,a){return s(o,i,a)})):_isPlaceholder(i)&&_isPlaceholder(a)?_curry2((function(i,a){return s(o,i,a)})):_isPlaceholder(o)?_curry1((function(o){return s(o,i,a)})):_isPlaceholder(i)?_curry1((function(i){return s(o,i,a)})):_isPlaceholder(a)?_curry1((function(a){return s(o,i,a)})):s(o,i,a)}}}const Xo=Number.isInteger||function _isInteger(s){return(s|0)===s};function _isString(s){return"[object String]"===Object.prototype.toString.call(s)}function _nth(s,o){var i=s<0?o.length+s:s;return _isString(o)?o.charAt(i):o[i]}function _path(s,o){for(var i=o,a=0;a=0;)_has(o=Pi[i],s)&&!Ri(a,o)&&(a[a.length]=o),i-=1;return a})):_curry1((function keys(s){return Object(s)!==s?[]:Object.keys(s)}));const ea=Wi;const ra=_curry1((function type(s){return null===s?"Null":void 0===s?"Undefined":Object.prototype.toString.call(s).slice(8,-1)}));function _uniqContentEquals(s,o,i,a){var u=_arrayFromIterator(s);function eq(s,o){return _equals(s,o,i.slice(),a.slice())}return!_includesWith((function(s,o){return!_includesWith(eq,o,s)}),_arrayFromIterator(o),u)}function _equals(s,o,i,a){if(Zo(s,o))return!0;var u=ra(s);if(u!==ra(o))return!1;if("function"==typeof s["fantasy-land/equals"]||"function"==typeof o["fantasy-land/equals"])return"function"==typeof s["fantasy-land/equals"]&&s["fantasy-land/equals"](o)&&"function"==typeof o["fantasy-land/equals"]&&o["fantasy-land/equals"](s);if("function"==typeof s.equals||"function"==typeof o.equals)return"function"==typeof s.equals&&s.equals(o)&&"function"==typeof o.equals&&o.equals(s);switch(u){case"Arguments":case"Array":case"Object":if("function"==typeof s.constructor&&"Promise"===function _functionName(s){var o=String(s).match(/^function (\w*)/);return null==o?"":o[1]}(s.constructor))return s===o;break;case"Boolean":case"Number":case"String":if(typeof s!=typeof o||!Zo(s.valueOf(),o.valueOf()))return!1;break;case"Date":if(!Zo(s.valueOf(),o.valueOf()))return!1;break;case"Error":return s.name===o.name&&s.message===o.message;case"RegExp":if(s.source!==o.source||s.global!==o.global||s.ignoreCase!==o.ignoreCase||s.multiline!==o.multiline||s.sticky!==o.sticky||s.unicode!==o.unicode)return!1}for(var _=i.length-1;_>=0;){if(i[_]===s)return a[_]===o;_-=1}switch(u){case"Map":return s.size===o.size&&_uniqContentEquals(s.entries(),o.entries(),i.concat([s]),a.concat([o]));case"Set":return s.size===o.size&&_uniqContentEquals(s.values(),o.values(),i.concat([s]),a.concat([o]));case"Arguments":case"Array":case"Object":case"Boolean":case"Number":case"String":case"Date":case"Error":case"RegExp":case"Int8Array":case"Uint8Array":case"Uint8ClampedArray":case"Int16Array":case"Uint16Array":case"Int32Array":case"Uint32Array":case"Float32Array":case"Float64Array":case"ArrayBuffer":break;default:return!1}var w=ea(s);if(w.length!==ea(o).length)return!1;var x=i.concat([s]),C=a.concat([o]);for(_=w.length-1;_>=0;){var j=w[_];if(!_has(j,o)||!_equals(o[j],s[j],x,C))return!1;_-=1}return!0}const na=_curry2((function equals(s,o){return _equals(s,o,[],[])}));function _includes(s,o){return function _indexOf(s,o,i){var a,u;if("function"==typeof s.indexOf)switch(typeof o){case"number":if(0===o){for(a=1/o;i=0}function _map(s,o){for(var i=0,a=o.length,u=Array(a);i=0&&"[object Array]"===Object.prototype.toString.call(s)};function _dispatchable(s,o,i){return function(){if(0===arguments.length)return i();var a=arguments[arguments.length-1];if(!ca(a)){for(var u=0;u":_toString_toString(i,a)},mapPairs=function(s,o){return _map((function(o){return _quote(o)+": "+i(s[o])}),o.slice().sort())};switch(Object.prototype.toString.call(s)){case"[object Arguments]":return"(function() { return arguments; }("+_map(i,s).join(", ")+"))";case"[object Array]":return"["+_map(i,s).concat(mapPairs(s,ma((function(s){return/^\d+$/.test(s)}),ea(s)))).join(", ")+"]";case"[object Boolean]":return"object"==typeof s?"new Boolean("+i(s.valueOf())+")":s.toString();case"[object Date]":return"new Date("+(isNaN(s.valueOf())?i(NaN):_quote(aa(s)))+")";case"[object Map]":return"new Map("+i(Array.from(s))+")";case"[object Null]":return"null";case"[object Number]":return"object"==typeof s?"new Number("+i(s.valueOf())+")":1/s==-1/0?"-0":s.toString(10);case"[object Set]":return"new Set("+i(Array.from(s).sort())+")";case"[object String]":return"object"==typeof s?"new String("+i(s.valueOf())+")":_quote(s);case"[object Undefined]":return"undefined";default:if("function"==typeof s.toString){var a=s.toString();if("[object Object]"!==a)return a}return"{"+mapPairs(s,ea(s)).join(", ")+"}"}}const ga=_curry1((function toString(s){return _toString_toString(s,[])}));var ya=_curry2((function test(s,o){if(!function _isRegExp(s){return"[object RegExp]"===Object.prototype.toString.call(s)}(s))throw new TypeError("‘test’ requires a value of type RegExp as its first argument; received "+ga(s));return _cloneRegExp(s).test(o)}));const va=ya;function _arity(s,o){switch(s){case 0:return function(){return o.apply(this,arguments)};case 1:return function(s){return o.apply(this,arguments)};case 2:return function(s,i){return o.apply(this,arguments)};case 3:return function(s,i,a){return o.apply(this,arguments)};case 4:return function(s,i,a,u){return o.apply(this,arguments)};case 5:return function(s,i,a,u,_){return o.apply(this,arguments)};case 6:return function(s,i,a,u,_,w){return o.apply(this,arguments)};case 7:return function(s,i,a,u,_,w,x){return o.apply(this,arguments)};case 8:return function(s,i,a,u,_,w,x,C){return o.apply(this,arguments)};case 9:return function(s,i,a,u,_,w,x,C,j){return o.apply(this,arguments)};case 10:return function(s,i,a,u,_,w,x,C,j,L){return o.apply(this,arguments)};default:throw new Error("First argument to _arity must be a non-negative integer no greater than ten")}}function _pipe(s,o){return function(){return o.call(this,s.apply(this,arguments))}}const ba=_curry1((function isArrayLike(s){return!!ca(s)||!!s&&("object"==typeof s&&(!_isString(s)&&(0===s.length||s.length>0&&(s.hasOwnProperty(0)&&s.hasOwnProperty(s.length-1)))))}));var _a="undefined"!=typeof Symbol?Symbol.iterator:"@@iterator";function _createReduce(s,o,i){return function _reduce(a,u,_){if(ba(_))return s(a,u,_);if(null==_)return u;if("function"==typeof _["fantasy-land/reduce"])return o(a,u,_,"fantasy-land/reduce");if(null!=_[_a])return i(a,u,_[_a]());if("function"==typeof _.next)return i(a,u,_);if("function"==typeof _.reduce)return o(a,u,_,"reduce");throw new TypeError("reduce: list must be array or iterable")}}function _xArrayReduce(s,o,i){for(var a=0,u=i.length;a=arguments.length)?C=o[w]:(C=arguments[u],u+=1),a[w]=C,_isPlaceholder(C)?x=!0:_-=1,w+=1}return!x&&_<=0?i.apply(this,a):_arity(Math.max(0,_),_curryN(s,a,i))}}const $a=_curry2((function curryN(s,o){return 1===s?_curry1(o):_arity(s,_curryN(s,[],o))}));const za=_curry1((function curry(s){return $a(s.length,s)}));function _isFunction(s){var o=Object.prototype.toString.call(s);return"[object Function]"===o||"[object AsyncFunction]"===o||"[object GeneratorFunction]"===o||"[object AsyncGeneratorFunction]"===o}const Ja=_curry2((function invoker(s,o){return $a(s+1,(function(){var i=arguments[s];if(null!=i&&_isFunction(i[o]))return i[o].apply(i,Array.prototype.slice.call(arguments,0,s));throw new TypeError(ga(i)+' does not have a method named "'+o+'"')}))}));const Ha=Ja(1,"split");function dropLastWhile(s,o){for(var i=o.length-1;i>=0&&s(o[i]);)i-=1;return ja(0,i+1,o)}var Ga=function(){function XDropLastWhile(s,o){this.f=s,this.retained=[],this.xf=o}return XDropLastWhile.prototype["@@transducer/init"]=_xfBase_init,XDropLastWhile.prototype["@@transducer/result"]=function(s){return this.retained=null,this.xf["@@transducer/result"](s)},XDropLastWhile.prototype["@@transducer/step"]=function(s,o){return this.f(o)?this.retain(s,o):this.flush(s,o)},XDropLastWhile.prototype.flush=function(s,o){return s=wa(this.xf,s,this.retained),this.retained=[],this.xf["@@transducer/step"](s,o)},XDropLastWhile.prototype.retain=function(s,o){return this.retained.push(o),s},XDropLastWhile}();function _xdropLastWhile(s){return function(o){return new Ga(s,o)}}const ec=_curry2(_dispatchable([],_xdropLastWhile,dropLastWhile));const rc=Ja(1,"join");const sc=_curry1((function flip(s){return $a(s.length,(function(o,i){var a=Array.prototype.slice.call(arguments,0);return a[0]=i,a[1]=o,s.apply(this,a)}))}))(_curry2(_includes));const oc=za((function(s,o){return pipe(Ha(""),ec(sc(s)),rc(""))(o)}));function _iterableReduce(s,o,i){for(var a=i.next();!a.done;)o=s(o,a.value),a=i.next();return o}function _methodReduce(s,o,i,a){return i[a](s,o)}const ic=_createReduce(_arrayReduce,_methodReduce,_iterableReduce);var ac=function(){function XMap(s,o){this.xf=o,this.f=s}return XMap.prototype["@@transducer/init"]=_xfBase_init,XMap.prototype["@@transducer/result"]=_xfBase_result,XMap.prototype["@@transducer/step"]=function(s,o){return this.xf["@@transducer/step"](s,this.f(o))},XMap}();const cc=_curry2(_dispatchable(["fantasy-land/map","map"],(function _xmap(s){return function(o){return new ac(s,o)}}),(function map(s,o){switch(Object.prototype.toString.call(o)){case"[object Function]":return $a(o.length,(function(){return s.call(this,o.apply(this,arguments))}));case"[object Object]":return _arrayReduce((function(i,a){return i[a]=s(o[a]),i}),{},ea(o));default:return _map(s,o)}})));const lc=_curry2((function ap(s,o){return"function"==typeof o["fantasy-land/ap"]?o["fantasy-land/ap"](s):"function"==typeof s.ap?s.ap(o):"function"==typeof s?function(i){return s(i)(o(i))}:ic((function(s,i){return function _concat(s,o){var i;o=o||[];var a=(s=s||[]).length,u=o.length,_=[];for(i=0;io!=o>s)return o>s?o:s}var i=safeMax(s,o);if(void 0!==i)return i;var a=safeMax(typeof s,typeof o);if(void 0!==a)return a===typeof s?s:o;var u=ga(s),_=safeMax(u,ga(o));return void 0!==_&&_===u?s:o}));var kc=_curry2((function pluck(s,o){return cc(Da(s),o)}));const Oc=kc;const jc=_curry1((function anyPass(s){return $a(Aa(Ec,0,Oc("length",s)),(function(){for(var o=0,i=s.length;oQo(va(/^win/),["platform"],Yo),getProtocol=s=>{try{const o=new URL(s);return oc(":",o.protocol)}catch{return}},ul=(pipe(getProtocol,_c),s=>{if(Yo.browser)return!1;const o=getProtocol(s);return bc(o)||"file"===o||/^[a-zA-Z]$/.test(o)}),isHttpUrl=s=>{const o=getProtocol(s);return"http"===o||"https"===o},toFileSystemPath=(s,o)=>{const i=[/%23/g,"#",/%24/g,"$",/%26/g,"&",/%2C/g,",",/%40/g,"@"],a=La(!1,"keepFileProtocol",o),u=La(isWindows,"isWindows",o);let _=decodeURI(s);for(let s=0;s{const o=s.indexOf("#");return-1!==o?s.substring(o):"#"},stripHash=s=>{const o=s.indexOf("#");let i=s;return o>=0&&(i=s.substring(0,o)),i},url_cwd=()=>{if(Yo.browser)return stripHash(globalThis.location.href);const s=Yo.cwd(),o=Ba(s);return["/","\\"].includes(o)?s:s+(isWindows()?"\\":"/")},resolve=(s,o)=>{const i=new URL(o,new URL(s,"resolve://"));if("resolve:"===i.protocol){const{pathname:s,search:o,hash:a}=i;return s+o+a}return i.toString()},sanitize=s=>{if(ul(s))return(s=>{const o=[/\?/g,"%3F",/#/g,"%23"];let i=s;isWindows()&&(i=i.replace(/\\/g,"/")),i=encodeURI(i);for(let s=0;sul(s)?toFileSystemPath(s):decodeURI(s),{fetch:yl,Response:vl,Headers:_l,Request:Sl,FormData:El,File:wl,Blob:xl}=globalThis;function _array_like_to_array(s,o){(null==o||o>s.length)&&(o=s.length);for(var i=0,a=new Array(o);i2&&void 0!==arguments[2]?arguments[2]:Nl,a=[],u=[],_=!0,w=i.includeSymbols?own_enumerable_keys:Object.keys,x=!!i.immutable;return function walker(s){var C=x?legacy_copy(s,i):s,j={},L=!0,B={node:C,node_:s,path:[].concat(a),parent:u[u.length-1],parents:u,key:a[a.length-1],isRoot:0===a.length,level:a.length,circular:void 0,isLeaf:!1,notLeaf:!0,notRoot:!0,isFirst:!1,isLast:!1,update:function update(s){var o=arguments.length>1&&void 0!==arguments[1]&&arguments[1];B.isRoot||(B.parent.node[B.key]=s),B.node=s,o&&(L=!1)},delete:function _delete(s){delete B.parent.node[B.key],s&&(L=!1)},remove:function remove(s){kl(B.parent.node)?B.parent.node.splice(B.key,1):delete B.parent.node[B.key],s&&(L=!1)},keys:null,before:function before(s){j.before=s},after:function after(s){j.after=s},pre:function pre(s){j.pre=s},post:function post(s){j.post=s},stop:function stop(){_=!1},block:function block(){L=!1}};if(!_)return B;function update_state(){if("object"===_type_of(B.node)&&null!==B.node){B.keys&&B.node_===B.node||(B.keys=w(B.node)),B.isLeaf=0===B.keys.length;for(var o=0;o1&&void 0!==arguments[1]?arguments[1]:Nl;!function _class_call_check(s,o){if(!(s instanceof o))throw new TypeError("Cannot call a class as a function")}(this,Traverse),__privateAdd(this,Il),__privateAdd(this,Tl),__privateSet(this,Il,s),__privateSet(this,Tl,o)}return function _create_class(s,o,i){return o&&legacy_defineProperties(s.prototype,o),i&&legacy_defineProperties(s,i),s}(Traverse,[{key:"get",value:function get(s){for(var o=__privateGet(this,Il),i=0;o&&i-1&&-1===Ul.indexOf(i)||Vl.indexOf(a)>-1||zl.some((s=>a.indexOf(s)>-1))}function absolutifyPointer(s,o){const[i,a]=s.split("#"),u=null!=o?o:"",_=null!=i?i:"";let w;if(isHttpUrl(u))w=resolve(u,_);else{const s=resolve(Ll,u),o=resolve(s,_).replace(Ll,"");w=_.startsWith("/")?o:o.substring(1)}return a?`${w}#${a}`:w}const Wl=/^([a-z]+:\/\/|\/\/)/i;class JSONRefError extends Go{}const Jl={},Hl=new WeakMap,Kl=[s=>"paths"===s[0]&&"responses"===s[3]&&"examples"===s[5],s=>"paths"===s[0]&&"responses"===s[3]&&"content"===s[5]&&"example"===s[7],s=>"paths"===s[0]&&"responses"===s[3]&&"content"===s[5]&&"examples"===s[7]&&"value"===s[9],s=>"paths"===s[0]&&"requestBody"===s[3]&&"content"===s[4]&&"example"===s[6],s=>"paths"===s[0]&&"requestBody"===s[3]&&"content"===s[4]&&"examples"===s[6]&&"value"===s[8],s=>"paths"===s[0]&&"parameters"===s[2]&&"example"===s[4],s=>"paths"===s[0]&&"parameters"===s[3]&&"example"===s[5],s=>"paths"===s[0]&&"parameters"===s[2]&&"examples"===s[4]&&"value"===s[6],s=>"paths"===s[0]&&"parameters"===s[3]&&"examples"===s[5]&&"value"===s[7],s=>"paths"===s[0]&&"parameters"===s[2]&&"content"===s[4]&&"example"===s[6],s=>"paths"===s[0]&&"parameters"===s[2]&&"content"===s[4]&&"examples"===s[6]&&"value"===s[8],s=>"paths"===s[0]&&"parameters"===s[3]&&"content"===s[4]&&"example"===s[7],s=>"paths"===s[0]&&"parameters"===s[3]&&"content"===s[5]&&"examples"===s[7]&&"value"===s[9]],Gl={key:"$ref",plugin:(s,o,i,a)=>{const u=a.getInstance(),_=i.slice(0,-1);if(isFreelyNamed(_)||(s=>Kl.some((o=>o(s))))(_))return;const{baseDoc:w}=a.getContext(i);if("string"!=typeof s)return new JSONRefError("$ref: must be a string (JSON-Ref)",{$ref:s,baseDoc:w,fullPath:i});const x=refs_split(s),C=x[0],j=x[1]||"";let L,B,$;try{L=w||C?absoluteify(C,w):null}catch(o){return wrapError(o,{pointer:j,$ref:s,basePath:L,fullPath:i})}if(function pointerAlreadyInPath(s,o,i,a){let u=Hl.get(a);u||(u={},Hl.set(a,u));const _=function arrayToJsonPointer(s){if(0===s.length)return"";return`/${s.map(escapeJsonPointerToken).join("/")}`}(i),w=`${o||""}#${s}`,x=_.replace(/allOf\/\d+\/?/g,""),C=a.contextTree.get([]).baseDoc;if(o===C&&pointerIsAParent(x,s))return!0;let j="";const L=i.some((s=>(j=`${j}/${escapeJsonPointerToken(s)}`,u[j]&&u[j].some((s=>pointerIsAParent(s,w)||pointerIsAParent(w,s))))));if(L)return!0;return void(u[x]=(u[x]||[]).concat(w))}(j,L,_,a)&&!u.useCircularStructures){const o=absolutifyPointer(s,L);return s===o?null:Wo.replace(i,o)}if(null==L?($=jsonPointerToArray(j),B=a.get($),void 0===B&&(B=new JSONRefError(`Could not resolve reference: ${s}`,{pointer:j,$ref:s,baseDoc:w,fullPath:i}))):(B=extractFromDoc(L,j),B=null!=B.__value?B.__value:B.catch((o=>{throw wrapError(o,{pointer:j,$ref:s,baseDoc:w,fullPath:i})}))),B instanceof Error)return[Wo.remove(i),B];const U=absolutifyPointer(s,L),V=Wo.replace(_,B,{$$ref:U});if(L&&L!==w)return[V,Wo.context(_,{baseDoc:L})];try{if(!function patchValueAlreadyInPath(s,o){const i=[s];return o.path.reduce(((s,o)=>(i.push(s[o]),s[o])),s),pointToAncestor(o.value);function pointToAncestor(s){return Wo.isObject(s)&&(i.indexOf(s)>=0||Object.keys(s).some((o=>pointToAncestor(s[o]))))}}(a.state,V)||u.useCircularStructures)return V}catch(s){return null}}},Yl=Object.assign(Gl,{docCache:Jl,absoluteify,clearCache:function clearCache(s){void 0!==s?delete Jl[s]:Object.keys(Jl).forEach((s=>{delete Jl[s]}))},JSONRefError,wrapError,getDoc,split:refs_split,extractFromDoc,fetchJSON:function fetchJSON(s){return fetch(s,{headers:{Accept:Dl},loadSpec:!0}).then((s=>s.text())).then((s=>fn.load(s)))},extract,jsonPointerToArray,unescapeJsonPointerToken}),Xl=Yl;function absoluteify(s,o){if(!Wl.test(s)){if(!o)throw new JSONRefError(`Tried to resolve a relative URL, without having a basePath. path: '${s}' basePath: '${o}'`);return resolve(o,s)}return s}function wrapError(s,o){let i;return i=s&&s.response&&s.response.body?`${s.response.body.code} ${s.response.body.message}`:s.message,new JSONRefError(`Could not resolve reference: ${i}`,{...o,cause:s})}function refs_split(s){return(s+"").split("#")}function extractFromDoc(s,o){const i=Jl[s];if(i&&!Wo.isPromise(i))try{const s=extract(o,i);return Object.assign(Promise.resolve(s),{__value:s})}catch(s){return Promise.reject(s)}return getDoc(s).then((s=>extract(o,s)))}function getDoc(s){const o=Jl[s];return o?Wo.isPromise(o)?o:Promise.resolve(o):(Jl[s]=Yl.fetchJSON(s).then((o=>(Jl[s]=o,o))),Jl[s])}function extract(s,o){const i=jsonPointerToArray(s);if(i.length<1)return o;const a=Wo.getIn(o,i);if(void 0===a)throw new JSONRefError(`Could not resolve pointer: ${s} does not exist in document`,{pointer:s});return a}function jsonPointerToArray(s){if("string"!=typeof s)throw new TypeError("Expected a string, got a "+typeof s);return"/"===s[0]&&(s=s.substr(1)),""===s?[]:s.split("/").map(unescapeJsonPointerToken)}function unescapeJsonPointerToken(s){if("string"!=typeof s)return s;return new URLSearchParams(`=${s.replace(/~1/g,"/").replace(/~0/g,"~")}`).get("")}function escapeJsonPointerToken(s){return new URLSearchParams([["",s.replace(/~/g,"~0").replace(/\//g,"~1")]]).toString().slice(1)}const pointerBoundaryChar=s=>!s||"/"===s||"#"===s;function pointerIsAParent(s,o){if(pointerBoundaryChar(o))return!0;const i=s.charAt(o.length),a=o.slice(-1);return 0===s.indexOf(o)&&(!i||"/"===i||"#"===i)&&"#"!==a}const Ql={key:"allOf",plugin:(s,o,i,a,u)=>{if(u.meta&&u.meta.$$ref)return;const _=i.slice(0,-1);if(isFreelyNamed(_))return;if(!Array.isArray(s)){const s=new TypeError("allOf must be an array");return s.fullPath=i,s}let w=!1,x=u.value;if(_.forEach((s=>{x&&(x=x[s])})),x={...x},0===Object.keys(x).length)return;delete x.allOf;const C=[];return C.push(a.replace(_,{})),s.forEach(((s,o)=>{if(!a.isObject(s)){if(w)return null;w=!0;const s=new TypeError("Elements in allOf must be objects");return s.fullPath=i,C.push(s)}C.push(a.mergeDeep(_,s));const u=function generateAbsoluteRefPatches(s,o,{specmap:i,getBaseUrlForNodePath:a=s=>i.getContext([...o,...s]).baseDoc,targetKeys:u=["$ref","$$ref"]}={}){const _=[];return Rl(s).forEach((function callback(){if(u.includes(this.key)&&"string"==typeof this.node){const s=this.path,u=o.concat(this.path),w=absolutifyPointer(this.node,a(s));_.push(i.replace(u,w))}})),_}(s,i.slice(0,-1),{getBaseUrlForNodePath:s=>a.getContext([...i,o,...s]).baseDoc,specmap:a});C.push(...u)})),x.example&&C.push(a.remove([].concat(_,"example"))),C.push(a.mergeDeep(_,x)),x.$$ref||C.push(a.remove([].concat(_,"$$ref"))),C}},Zl={key:"parameters",plugin:(s,o,i,a)=>{if(Array.isArray(s)&&s.length){const o=Object.assign([],s),u=i.slice(0,-1),_={...Wo.getIn(a.spec,u)};for(let u=0;u{const u={...s};for(const o in s)try{u[o].default=a.modelPropertyMacro(u[o])}catch(s){const o=new Error(s);return o.fullPath=i,o}return Wo.replace(i,u)}};class ContextTree{constructor(s){this.root=context_tree_createNode(s||{})}set(s,o){const i=this.getParent(s,!0);if(!i)return void context_tree_updateNode(this.root,o,null);const a=s[s.length-1],{children:u}=i;u[a]?context_tree_updateNode(u[a],o,i):u[a]=context_tree_createNode(o,i)}get(s){if((s=s||[]).length<1)return this.root.value;let o,i,a=this.root;for(let u=0;u{if(!s)return s;const{children:a}=s;return!a[i]&&o&&(a[i]=context_tree_createNode(null,s)),a[i]}),this.root)}}function context_tree_createNode(s,o){return context_tree_updateNode({children:{}},s,o)}function context_tree_updateNode(s,o,i){return s.value=o||{},s.protoValue=i?{...i.protoValue,...s.value}:s.value,Object.keys(s.children).forEach((o=>{const i=s.children[o];s.children[o]=context_tree_updateNode(i,i.value,s)})),s}const specmap_noop=()=>{};class SpecMap{static getPluginName(s){return s.pluginName}static getPatchesOfType(s,o){return s.filter(o)}constructor(s){Object.assign(this,{spec:"",debugLevel:"info",plugins:[],pluginHistory:{},errors:[],mutations:[],promisedPatches:[],state:{},patches:[],context:{},contextTree:new ContextTree,showDebug:!1,allPatches:[],pluginProp:"specMap",libMethods:Object.assign(Object.create(this),Wo,{getInstance:()=>this}),allowMetaPatches:!1},s),this.get=this._get.bind(this),this.getContext=this._getContext.bind(this),this.hasRun=this._hasRun.bind(this),this.wrappedPlugins=this.plugins.map(this.wrapPlugin.bind(this)).filter(Wo.isFunction),this.patches.push(Wo.add([],this.spec)),this.patches.push(Wo.context([],this.context)),this.updatePatches(this.patches)}debug(s,...o){this.debugLevel===s&&console.log(...o)}verbose(s,...o){"verbose"===this.debugLevel&&console.log(`[${s}] `,...o)}wrapPlugin(s,o){const{pathDiscriminator:i}=this;let a,u=null;return s[this.pluginProp]?(u=s,a=s[this.pluginProp]):Wo.isFunction(s)?a=s:Wo.isObject(s)&&(a=function createKeyBasedPlugin(s){const isSubPath=(s,o)=>!Array.isArray(s)||s.every(((s,i)=>s===o[i]));return function*generator(o,a){const u={};for(const[s,i]of o.filter(Wo.isAdditiveMutation).entries()){if(!(sthis.getMutationsForPlugin(s).length>0))}nextPromisedPatch(){if(this.promisedPatches.length>0)return Promise.race(this.promisedPatches.map((s=>s.value)))}getPluginHistory(s){const o=this.constructor.getPluginName(s);return this.pluginHistory[o]||[]}getPluginRunCount(s){return this.getPluginHistory(s).length}getPluginHistoryTip(s){const o=this.getPluginHistory(s);return o&&o[o.length-1]||{}}getPluginMutationIndex(s){const o=this.getPluginHistoryTip(s).mutationIndex;return"number"!=typeof o?-1:o}updatePluginHistory(s,o){const i=this.constructor.getPluginName(s);this.pluginHistory[i]=this.pluginHistory[i]||[],this.pluginHistory[i].push(o)}updatePatches(s){Wo.normalizeArray(s).forEach((s=>{if(s instanceof Error)this.errors.push(s);else try{if(!Wo.isObject(s))return void this.debug("updatePatches","Got a non-object patch",s);if(this.showDebug&&this.allPatches.push(s),Wo.isPromise(s.value))return this.promisedPatches.push(s),void this.promisedPatchThen(s);if(Wo.isContextPatch(s))return void this.setContext(s.path,s.value);Wo.isMutation(s)&&this.updateMutations(s)}catch(s){console.error(s),this.errors.push(s)}}))}updateMutations(s){"object"==typeof s.value&&!Array.isArray(s.value)&&this.allowMetaPatches&&(s.value={...s.value});const o=Wo.applyPatch(this.state,s,{allowMetaPatches:this.allowMetaPatches});o&&(this.mutations.push(s),this.state=o)}removePromisedPatch(s){const o=this.promisedPatches.indexOf(s);o<0?this.debug("Tried to remove a promisedPatch that isn't there!"):this.promisedPatches.splice(o,1)}promisedPatchThen(s){return s.value=s.value.then((o=>{const i={...s,value:o};this.removePromisedPatch(s),this.updatePatches(i)})).catch((o=>{this.removePromisedPatch(s),this.updatePatches(o)})),s.value}getMutations(s,o){return s=s||0,"number"!=typeof o&&(o=this.mutations.length),this.mutations.slice(s,o)}getCurrentMutations(){return this.getMutationsForPlugin(this.getCurrentPlugin())}getMutationsForPlugin(s){const o=this.getPluginMutationIndex(s);return this.getMutations(o+1)}getCurrentPlugin(){return this.currentPlugin}getLib(){return this.libMethods}_get(s){return Wo.getIn(this.state,s)}_getContext(s){return this.contextTree.get(s)}setContext(s,o){return this.contextTree.set(s,o)}_hasRun(s){return this.getPluginRunCount(this.getCurrentPlugin())>(s||0)}dispatch(){const s=this,o=this.nextPlugin();if(!o){const s=this.nextPromisedPatch();if(s)return s.then((()=>this.dispatch())).catch((()=>this.dispatch()));const o={spec:this.state,errors:this.errors};return this.showDebug&&(o.patches=this.allPatches),Promise.resolve(o)}if(s.pluginCount=s.pluginCount||new WeakMap,s.pluginCount.set(o,(s.pluginCount.get(o)||0)+1),s.pluginCount[o]>100)return Promise.resolve({spec:s.state,errors:s.errors.concat(new Error("We've reached a hard limit of 100 plugin runs"))});if(o!==this.currentPlugin&&this.promisedPatches.length){const s=this.promisedPatches.map((s=>s.value));return Promise.all(s.map((s=>s.then(specmap_noop,specmap_noop)))).then((()=>this.dispatch()))}return function executePlugin(){s.currentPlugin=o;const i=s.getCurrentMutations(),a=s.mutations.length-1;try{if(o.isGenerator)for(const a of o(i,s.getLib()))updatePatches(a);else{updatePatches(o(i,s.getLib()))}}catch(s){console.error(s),updatePatches([Object.assign(Object.create(s),{plugin:o})])}finally{s.updatePluginHistory(o,{mutationIndex:a})}return s.dispatch()}();function updatePatches(i){i&&(i=Wo.fullyNormalizeArray(i),s.updatePatches(i,o))}}}const tu={refs:Xl,allOf:Ql,parameters:Zl,properties:eu};function makeFetchJSON(s,o={}){const{requestInterceptor:i,responseInterceptor:a}=o,u=s.withCredentials?"include":"same-origin";return o=>s({url:o,loadSpec:!0,requestInterceptor:i,responseInterceptor:a,headers:{Accept:Dl},credentials:u}).then((s=>s.body))}function isFile(s,o){return o||"undefined"==typeof navigator||(o=navigator),o&&"ReactNative"===o.product?!(!s||"object"!=typeof s||"string"!=typeof s.uri):"undefined"!=typeof File&&s instanceof File||("undefined"!=typeof Blob&&s instanceof Blob||(!!ArrayBuffer.isView(s)||null!==s&&"object"==typeof s&&"function"==typeof s.pipe))}function isArrayOfFile(s,o){return Array.isArray(s)&&s.some((s=>isFile(s,o)))}class FileWithData extends File{constructor(s,o="",i={}){super([s],o,i),this.data=s}valueOf(){return this.data}toString(){return this.valueOf()}}const isRfc3986Reserved=s=>":/?#[]@!$&'()*+,;=".indexOf(s)>-1,isRfc3986Unreserved=s=>/^[a-z0-9\-._~]+$/i.test(s);function encodeCharacters(s,o="reserved"){return[...s].map((s=>{if(isRfc3986Unreserved(s))return s;if(isRfc3986Reserved(s)&&"unsafe"===o)return s;const i=new TextEncoder;return Array.from(i.encode(s)).map((s=>`0${s.toString(16).toUpperCase()}`.slice(-2))).map((s=>`%${s}`)).join("")})).join("")}function stylize(s){const{value:o}=s;return Array.isArray(o)?function encodeArray({key:s,value:o,style:i,explode:a,escape:u}){if("simple"===i)return o.map((s=>valueEncoder(s,u))).join(",");if("label"===i)return`.${o.map((s=>valueEncoder(s,u))).join(".")}`;if("matrix"===i)return o.map((s=>valueEncoder(s,u))).reduce(((o,i)=>!o||a?`${o||""};${s}=${i}`:`${o},${i}`),"");if("form"===i){const i=a?`&${s}=`:",";return o.map((s=>valueEncoder(s,u))).join(i)}if("spaceDelimited"===i){const i=a?`${s}=`:"";return o.map((s=>valueEncoder(s,u))).join(` ${i}`)}if("pipeDelimited"===i){const i=a?`${s}=`:"";return o.map((s=>valueEncoder(s,u))).join(`|${i}`)}return}(s):"object"==typeof o?function encodeObject({key:s,value:o,style:i,explode:a,escape:u}){const _=Object.keys(o);if("simple"===i)return _.reduce(((s,i)=>{const _=valueEncoder(o[i],u);return`${s?`${s},`:""}${i}${a?"=":","}${_}`}),"");if("label"===i)return _.reduce(((s,i)=>{const _=valueEncoder(o[i],u);return`${s?`${s}.`:"."}${i}${a?"=":"."}${_}`}),"");if("matrix"===i&&a)return _.reduce(((s,i)=>`${s?`${s};`:";"}${i}=${valueEncoder(o[i],u)}`),"");if("matrix"===i)return _.reduce(((i,a)=>{const _=valueEncoder(o[a],u);return`${i?`${i},`:`;${s}=`}${a},${_}`}),"");if("form"===i)return _.reduce(((s,i)=>{const _=valueEncoder(o[i],u);return`${s?`${s}${a?"&":","}`:""}${i}${a?"=":","}${_}`}),"");return}(s):function encodePrimitive({key:s,value:o,style:i,escape:a}){if("simple"===i)return valueEncoder(o,a);if("label"===i)return`.${valueEncoder(o,a)}`;if("matrix"===i)return`;${s}=${valueEncoder(o,a)}`;if("form"===i)return valueEncoder(o,a);if("deepObject"===i)return valueEncoder(o,a);return}(s)}function valueEncoder(s,o=!1){return Array.isArray(s)||null!==s&&"object"==typeof s?s=JSON.stringify(s):"number"!=typeof s&&"boolean"!=typeof s||(s=String(s)),o&&"string"==typeof s&&s.length>0?encodeCharacters(s,o):null!=s?s:""}const ru={form:",",spaceDelimited:"%20",pipeDelimited:"|"},nu={csv:",",ssv:"%20",tsv:"%09",pipes:"|"};function formatKeyValue(s,o,i=!1){const{collectionFormat:a,allowEmptyValue:u,serializationOption:_,encoding:w}=o,x="object"!=typeof o||Array.isArray(o)?o:o.value,C=i?s=>s.toString():s=>encodeURIComponent(s),j=C(s);if(void 0===x&&u)return[[j,""]];if(isFile(x)||isArrayOfFile(x))return[[j,x]];if(_)return formatKeyValueBySerializationOption(s,x,i,_);if(w){if([typeof w.style,typeof w.explode,typeof w.allowReserved].some((s=>"undefined"!==s))){const{style:o,explode:a,allowReserved:u}=w;return formatKeyValueBySerializationOption(s,x,i,{style:o,explode:a,allowReserved:u})}if("string"==typeof w.contentType){if(w.contentType.startsWith("application/json")){const s=C("string"==typeof x?x:JSON.stringify(x));return[[j,new FileWithData(s,"blob",{type:w.contentType})]]}const s=C(String(x));return[[j,new FileWithData(s,"blob",{type:w.contentType})]]}return"object"!=typeof x?[[j,C(x)]]:Array.isArray(x)&&x.every((s=>"object"!=typeof s))?[[j,x.map(C).join(",")]]:[[j,C(JSON.stringify(x))]]}return"object"!=typeof x?[[j,C(x)]]:Array.isArray(x)?"multi"===a?[[j,x.map(C)]]:[[j,x.map(C).join(nu[a||"csv"])]]:[[j,""]]}function formatKeyValueBySerializationOption(s,o,i,a){const u=a.style||"form",_=void 0===a.explode?"form"===u:a.explode,w=!i&&(a&&a.allowReserved?"unsafe":"reserved"),encodeFn=s=>valueEncoder(s,w),x=i?s=>s:s=>encodeFn(s);return"object"!=typeof o?[[x(s),encodeFn(o)]]:Array.isArray(o)?_?[[x(s),o.map(encodeFn)]]:[[x(s),o.map(encodeFn).join(ru[u])]]:"deepObject"===u?Object.keys(o).map((i=>[x(`${s}[${i}]`),encodeFn(o[i])])):_?Object.keys(o).map((s=>[x(s),encodeFn(o[s])])):[[x(s),Object.keys(o).map((s=>[`${x(s)},${encodeFn(o[s])}`])).join(",")]]}function encodeFormOrQuery(s){return((s,{encode:o=!0}={})=>{const buildNestedParams=(s,o,i)=>(Array.isArray(i)?i.reduce(((i,a)=>buildNestedParams(s,o,a)),s):i instanceof Date?s.append(o,i.toISOString()):"object"==typeof i?Object.entries(i).reduce(((i,[a,u])=>buildNestedParams(s,`${o}[${a}]`,u)),s):s.append(o,i),s),i=Object.entries(s).reduce(((s,[o,i])=>buildNestedParams(s,o,i)),new URLSearchParams),a=String(i);return o?a:decodeURIComponent(a)})(Object.keys(s).reduce(((o,i)=>{for(const[a,u]of formatKeyValue(i,s[i]))o[a]=u instanceof FileWithData?u.valueOf():u;return o}),{}),{encode:!1})}function serializeRequest(s={}){const{url:o="",query:i,form:a}=s;if(a){const o=Object.keys(a).some((s=>{const{value:o}=a[s];return isFile(o)||isArrayOfFile(o)})),i=s.headers["content-type"]||s.headers["Content-Type"];if(o||/multipart\/form-data/i.test(i)){const o=function request_buildFormData(s){return Object.entries(s).reduce(((s,[o,i])=>{for(const[a,u]of formatKeyValue(o,i,!0))if(Array.isArray(u))for(const o of u)if(ArrayBuffer.isView(o)){const i=new Blob([o]);s.append(a,i)}else s.append(a,o);else if(ArrayBuffer.isView(u)){const o=new Blob([u]);s.append(a,o)}else s.append(a,u);return s}),new FormData)}(s.form);s.formdata=o,s.body=o}else s.body=encodeFormOrQuery(a);delete s.form}if(i){const[a,u]=o.split("?");let _="";if(u){const s=new URLSearchParams(u);Object.keys(i).forEach((o=>s.delete(o))),_=String(s)}const w=((...s)=>{const o=s.filter((s=>s)).join("&");return o?`?${o}`:""})(_,encodeFormOrQuery(i));s.url=a+w,delete s.query}return s}function serializeHeaders(s={}){return"function"!=typeof s.entries?{}:Array.from(s.entries()).reduce(((s,[o,i])=>(s[o]=function serializeHeaderValue(s){return s.includes(", ")?s.split(", "):s}(i),s)),{})}function serializeResponse(s,o,{loadSpec:i=!1}={}){const a={ok:s.ok,url:s.url||o,status:s.status,statusText:s.statusText,headers:serializeHeaders(s.headers)},u=a.headers["content-type"],_=i||((s="")=>/(json|xml|yaml|text)\b/.test(s))(u);return(_?s.text:s.blob||s.buffer).call(s).then((s=>{if(a.text=s,a.data=s,_)try{const o=function parseBody(s,o){if(o){if(0===o.indexOf("application/json")||o.indexOf("+json")>0)return JSON.parse(s);if(0===o.indexOf("application/xml")||o.indexOf("+xml")>0)return s}return fn.load(s)}(s,u);a.body=o,a.obj=o}catch(s){a.parseError=s}return a}))}async function http_http(s,o={}){"object"==typeof s&&(s=(o=s).url),o.headers=o.headers||{},(o=serializeRequest(o)).headers&&Object.keys(o.headers).forEach((s=>{const i=o.headers[s];"string"==typeof i&&(o.headers[s]=i.replace(/\n+/g," "))})),o.requestInterceptor&&(o=await o.requestInterceptor(o)||o);const i=o.headers["content-type"]||o.headers["Content-Type"];let a;/multipart\/form-data/i.test(i)&&(delete o.headers["content-type"],delete o.headers["Content-Type"]);try{a=await(o.userFetch||fetch)(o.url,o),a=await serializeResponse(a,s,o),o.responseInterceptor&&(a=await o.responseInterceptor(a)||a)}catch(s){if(!a)throw s;const o=new Error(a.statusText||`response status is ${a.status}`);throw o.status=a.status,o.statusCode=a.status,o.responseError=s,o}if(!a.ok){const s=new Error(a.statusText||`response status is ${a.status}`);throw s.status=a.status,s.statusCode=a.status,s.response=a,s}return a}const options_retrievalURI=s=>{var o,i;const{baseDoc:a,url:u}=s,_=null!==(o=null!=a?a:u)&&void 0!==o?o:"";return"string"==typeof(null===(i=globalThis.document)||void 0===i?void 0:i.baseURI)?String(new URL(_,globalThis.document.baseURI)):_},options_httpClient=s=>{const{fetch:o,http:i}=s;return o||i||http_http};async function resolveGenericStrategy(s){const{spec:o,mode:i,allowMetaPatches:a=!0,pathDiscriminator:u,modelPropertyMacro:_,parameterMacro:w,requestInterceptor:x,responseInterceptor:C,skipNormalization:j=!1,useCircularStructures:L,strategies:B}=s,$=options_retrievalURI(s),U=options_httpClient(s),V=B.find((s=>s.match(o)));return async function doResolve(s){$&&(tu.refs.docCache[$]=s);tu.refs.fetchJSON=makeFetchJSON(U,{requestInterceptor:x,responseInterceptor:C});const o=[tu.refs];"function"==typeof w&&o.push(tu.parameters);"function"==typeof _&&o.push(tu.properties);"strict"!==i&&o.push(tu.allOf);const B=await function mapSpec(s){return new SpecMap(s).dispatch()}({spec:s,context:{baseDoc:$},plugins:o,allowMetaPatches:a,pathDiscriminator:u,parameterMacro:w,modelPropertyMacro:_,useCircularStructures:L});j||(B.spec=V.normalize(B.spec));return B}(o)}const su=_curry2((function and(s,o){return s&&o}));const ou=_curry2((function both(s,o){return _isFunction(s)?function _both(){return s.apply(this,arguments)&&o.apply(this,arguments)}:hc(su)(s,o)}));const iu=na(null);const au=dc(iu);function isOfTypeObject_typeof(s){return isOfTypeObject_typeof="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(s){return typeof s}:function(s){return s&&"function"==typeof Symbol&&s.constructor===Symbol&&s!==Symbol.prototype?"symbol":typeof s},isOfTypeObject_typeof(s)}const cu=function isOfTypeObject(s){return"object"===isOfTypeObject_typeof(s)};const lu=$a(1,ou(au,cu));var uu=pipe(ra,Pc("Object")),pu=pipe(ga,na(ga(Object))),hu=Qo(ou(Mc,pu),["constructor"]),du=$a(1,(function(s){if(!lu(s)||!uu(s))return!1;var o=Object.getPrototypeOf(s);return!!iu(o)||hu(o)}));const fu=du,replace_special_chars_with_underscore=s=>s.replace(/\W/gi,"_");function opId(s,o,i="",{v2OperationIdCompatibilityMode:a}={}){if(!s||"object"!=typeof s)return null;return(s.operationId||"").replace(/\s/g,"").length?replace_special_chars_with_underscore(s.operationId):function idFromPathMethod(s,o,{v2OperationIdCompatibilityMode:i}={}){if(i){let i=`${o.toLowerCase()}_${s}`.replace(/[\s!@#$%^&*()_+=[{\]};:<>|./?,\\'""-]/g,"_");return i=i||`${s.substring(1)}_${o}`,i.replace(/((_){2,})/g,"_").replace(/^(_)*/g,"").replace(/([_])*$/g,"")}return`${o.toLowerCase()}${replace_special_chars_with_underscore(s)}`}(o,i,{v2OperationIdCompatibilityMode:a})}function normalize_normalize(s){const{spec:o}=s,{paths:i}=o,a={};if(!i||o.$$normalized)return s;for(const s in i){const u=i[s];if(null==u||!["object","function"].includes(typeof u))continue;const _=u.parameters;for(const i in u){const w=u[i];if(null==w||!["object","function"].includes(typeof w))continue;const x=opId(w,s,i);if(x){a[x]?a[x].push(w):a[x]=[w];const s=a[x];if(s.length>1)s.forEach(((s,o)=>{s.__originalOperationId=s.__originalOperationId||s.operationId,s.operationId=`${x}${o+1}`}));else if(void 0!==w.operationId){const o=s[0];o.__originalOperationId=o.__originalOperationId||w.operationId,o.operationId=x}}if("parameters"!==i){const s=[],i={};for(const a in o)"produces"!==a&&"consumes"!==a&&"security"!==a||(i[a]=o[a],s.push(i));if(_&&(i.parameters=_,s.push(i)),s.length)for(const o of s)for(const s in o)if(Array.isArray(w[s])){if("parameters"===s)for(const i of o[s]){w[s].some((s=>!(!fu(s)&&!fu(i))&&(s===i||["name","$ref","$$ref"].some((o=>"string"==typeof s[o]&&"string"==typeof i[o]&&s[o]===i[o])))))||w[s].push(i)}}else w[s]=o[s]}}}return o.$$normalized=!0,s}const mu={name:"generic",match:()=>!0,normalize(s){const{spec:o}=normalize_normalize({spec:s});return o},resolve:async s=>resolveGenericStrategy(s)},gu=mu;const isOpenAPI30=s=>{try{const{openapi:o}=s;return"string"==typeof o&&/^3\.0\.(?:[1-9]\d*|0)$/.test(o)}catch{return!1}},isOpenAPI31=s=>{try{const{openapi:o}=s;return"string"==typeof o&&/^3\.1\.(?:[1-9]\d*|0)$/.test(o)}catch{return!1}},isOpenAPI3=s=>isOpenAPI30(s)||isOpenAPI31(s),yu={name:"openapi-2",match:s=>(s=>{try{const{swagger:o}=s;return"2.0"===o}catch{return!1}})(s),normalize(s){const{spec:o}=normalize_normalize({spec:s});return o},resolve:async s=>async function resolveOpenAPI2Strategy(s){return resolveGenericStrategy(s)}(s)},vu=yu;const bu={name:"openapi-3-0",match:s=>isOpenAPI30(s),normalize(s){const{spec:o}=normalize_normalize({spec:s});return o},resolve:async s=>async function resolveOpenAPI30Strategy(s){return resolveGenericStrategy(s)}(s)},_u=bu;var Su=__webpack_require__(34035);function _reduced(s){return s&&s["@@transducer/reduced"]?s:{"@@transducer/value":s,"@@transducer/reduced":!0}}var Eu=function(){function XAll(s,o){this.xf=o,this.f=s,this.all=!0}return XAll.prototype["@@transducer/init"]=_xfBase_init,XAll.prototype["@@transducer/result"]=function(s){return this.all&&(s=this.xf["@@transducer/step"](s,!0)),this.xf["@@transducer/result"](s)},XAll.prototype["@@transducer/step"]=function(s,o){return this.f(o)||(this.all=!1,s=_reduced(this.xf["@@transducer/step"](s,!1))),s},XAll}();function _xall(s){return function(o){return new Eu(s,o)}}var wu=_curry2(_dispatchable(["all"],_xall,(function all(s,o){for(var i=0;is.classes.contains("api"))).first}get results(){return this.children.filter((s=>s.classes.contains("result")))}get result(){return this.results.first}get annotations(){return this.children.filter((s=>"annotation"===s.element))}get warnings(){return this.children.filter((s=>"annotation"===s.element&&s.classes.contains("warning")))}get errors(){return this.children.filter((s=>"annotation"===s.element&&s.classes.contains("error")))}get isEmpty(){return this.children.reject((s=>"annotation"===s.element)).isEmpty}replaceResult(s){const{result:o}=this;if(bc(o))return!1;const i=this.content.findIndex((s=>s===o));return-1!==i&&(this.content[i]=s,!0)}}const Au=ParseResult,hasMethod=(s,o)=>"object"==typeof o&&null!==o&&s in o&&"function"==typeof o[s],hasBasicElementProps=s=>"object"==typeof s&&null!=s&&"_storedElement"in s&&"string"==typeof s._storedElement&&"_content"in s,primitiveEq=(s,o)=>"object"==typeof o&&null!==o&&"primitive"in o&&("function"==typeof o.primitive&&o.primitive()===s),hasClass=(s,o)=>"object"==typeof o&&null!==o&&"classes"in o&&(Array.isArray(o.classes)||o.classes instanceof Su.wE)&&o.classes.includes(s),isElementType=(s,o)=>"object"==typeof o&&null!==o&&"element"in o&&o.element===s,helpers=s=>s({hasMethod,hasBasicElementProps,primitiveEq,isElementType,hasClass}),Cu=helpers((({hasBasicElementProps:s,primitiveEq:o})=>i=>i instanceof Su.Hg||s(i)&&o(void 0,i))),ju=helpers((({hasBasicElementProps:s,primitiveEq:o})=>i=>i instanceof Su.Om||s(i)&&o("string",i))),Pu=helpers((({hasBasicElementProps:s,primitiveEq:o})=>i=>i instanceof Su.kT||s(i)&&o("number",i))),Iu=helpers((({hasBasicElementProps:s,primitiveEq:o})=>i=>i instanceof Su.Os||s(i)&&o("null",i))),Tu=helpers((({hasBasicElementProps:s,primitiveEq:o})=>i=>i instanceof Su.bd||s(i)&&o("boolean",i))),Nu=helpers((({hasBasicElementProps:s,primitiveEq:o,hasMethod:i})=>a=>a instanceof Su.Sh||s(a)&&o("object",a)&&i("keys",a)&&i("values",a)&&i("items",a))),Mu=helpers((({hasBasicElementProps:s,primitiveEq:o,hasMethod:i})=>a=>a instanceof Su.wE&&!(a instanceof Su.Sh)||s(a)&&o("array",a)&&i("push",a)&&i("unshift",a)&&i("map",a)&&i("reduce",a))),Ru=helpers((({hasBasicElementProps:s,isElementType:o,primitiveEq:i})=>a=>a instanceof Su.Pr||s(a)&&o("member",a)&&i(void 0,a))),Du=helpers((({hasBasicElementProps:s,isElementType:o,primitiveEq:i})=>a=>a instanceof Su.Ft||s(a)&&o("link",a)&&i(void 0,a))),Lu=helpers((({hasBasicElementProps:s,isElementType:o,primitiveEq:i})=>a=>a instanceof Su.sI||s(a)&&o("ref",a)&&i(void 0,a))),Fu=helpers((({hasBasicElementProps:s,isElementType:o,primitiveEq:i})=>a=>a instanceof ku||s(a)&&o("annotation",a)&&i("array",a))),Bu=helpers((({hasBasicElementProps:s,isElementType:o,primitiveEq:i})=>a=>a instanceof Ou||s(a)&&o("comment",a)&&i("string",a))),$u=helpers((({hasBasicElementProps:s,isElementType:o,primitiveEq:i})=>a=>a instanceof Au||s(a)&&o("parseResult",a)&&i("array",a))),isPrimitiveElement=s=>isElementType("object",s)||isElementType("array",s)||isElementType("boolean",s)||isElementType("number",s)||isElementType("string",s)||isElementType("null",s)||isElementType("member",s),hasElementSourceMap=s=>!!Cu(s)&&(Number.isInteger(s.startPositionRow)&&Number.isInteger(s.startPositionColumn)&&Number.isInteger(s.startIndex)&&Number.isInteger(s.endPositionRow)&&Number.isInteger(s.endPositionColumn)&&Number.isInteger(s.endIndex)),includesSymbols=(s,o)=>{if(0===s.length)return!0;const i=o.attributes.get("symbols");return!!Mu(i)&&xu(sc(i.toValue()),s)},includesClasses=(s,o)=>0===s.length||xu(sc(o.classes.toValue()),s);const es_T=function(){return!0};const es_F=function(){return!1},getVisitFn=(s,o,i)=>{const a=s[o];if(null!=a){if(!i&&"function"==typeof a)return a;const s=i?a.leave:a.enter;if("function"==typeof s)return s}else{const a=i?s.leave:s.enter;if(null!=a){if("function"==typeof a)return a;const s=a[o];if("function"==typeof s)return s}}return null},qu={},getNodeType=s=>null==s?void 0:s.type,isNode=s=>"string"==typeof getNodeType(s),cloneNode=s=>Object.create(Object.getPrototypeOf(s),Object.getOwnPropertyDescriptors(s)),mergeAll=(s,{visitFnGetter:o=getVisitFn,nodeTypeGetter:i=getNodeType,breakSymbol:a=qu,deleteNodeSymbol:u=null,skipVisitingNodeSymbol:_=!1,exposeEdits:w=!1}={})=>{const x=Symbol("skip"),C=new Array(s.length).fill(x);return{enter(j,L,B,$,U,V){let z=j,Y=!1;const Z={...V,replaceWith(s,o){V.replaceWith(s,o),z=s}};for(let j=0;j{const x=Symbol("skip"),C=new Array(s.length).fill(x);return{async enter(j,L,B,$,U,V){let z=j,Y=!1;const Z={...V,replaceWith(s,o){V.replaceWith(s,o),z=s}};for(let j=0;j{const U=i||{};let V,z,Y=Array.isArray(s),Z=[s],ee=-1,ie=[],ae=s;const ce=[],le=[];do{ee+=1;const s=ee===Z.length;let i;const fe=s&&0!==ie.length;if(s){if(i=0===le.length?void 0:ce.pop(),ae=z,z=le.pop(),fe)if(Y){ae=ae.slice();let s=0;for(const[o,i]of ie){const a=o-s;i===_?(ae.splice(a,1),s+=1):ae[a]=i}}else{ae=L(ae);for(const[s,o]of ie)ae[s]=o}ee=V.index,Z=V.keys,ie=V.edits,Y=V.inArray,V=V.prev}else if(z!==_&&void 0!==z){if(i=Y?ee:Z[ee],ae=z[i],ae===_||void 0===ae)continue;ce.push(i)}let ye;if(!Array.isArray(ae)){var pe;if(!j(ae))throw new Go(`Invalid AST Node: ${String(ae)}`,{node:ae});if(B&&le.includes(ae)){"function"==typeof $&&$(ae,i,z,ce,le),ce.pop();continue}const _=x(o,C(ae),s);if(_){for(const[s,i]of Object.entries(a))o[s]=i;const u={replaceWith(o,a){"function"==typeof a?a(o,ae,i,z,ce,le):z&&(z[i]=o),s||(ae=o)}};ye=_.call(o,ae,i,z,ce,le,u)}if("function"==typeof(null===(pe=ye)||void 0===pe?void 0:pe.then))throw new Go("Async visitor not supported in sync mode",{visitor:o,visitFn:_});if(ye===u)break;if(ye===w){if(!s){ce.pop();continue}}else if(void 0!==ye&&(ie.push([i,ye]),!s)){if(!j(ye)){ce.pop();continue}ae=ye}}var de;if(void 0===ye&&fe&&ie.push([i,ae]),!s)V={inArray:Y,index:ee,keys:Z,edits:ie,prev:V},Y=Array.isArray(ae),Z=Y?ae:null!==(de=U[C(ae)])&&void 0!==de?de:[],ee=-1,ie=[],z!==_&&void 0!==z&&le.push(z),z=ae}while(void 0!==V);return 0!==ie.length?ie[ie.length-1][1]:s};visit[Symbol.for("nodejs.util.promisify.custom")]=async(s,o,{keyMap:i=null,state:a={},breakSymbol:u=qu,deleteNodeSymbol:_=null,skipVisitingNodeSymbol:w=!1,visitFnGetter:x=getVisitFn,nodeTypeGetter:C=getNodeType,nodePredicate:j=isNode,nodeCloneFn:L=cloneNode,detectCycles:B=!0,detectCyclesCallback:$=null}={})=>{const U=i||{};let V,z,Y=Array.isArray(s),Z=[s],ee=-1,ie=[],ae=s;const ce=[],le=[];do{ee+=1;const s=ee===Z.length;let i;const de=s&&0!==ie.length;if(s){if(i=0===le.length?void 0:ce.pop(),ae=z,z=le.pop(),de)if(Y){ae=ae.slice();let s=0;for(const[o,i]of ie){const a=o-s;i===_?(ae.splice(a,1),s+=1):ae[a]=i}}else{ae=L(ae);for(const[s,o]of ie)ae[s]=o}ee=V.index,Z=V.keys,ie=V.edits,Y=V.inArray,V=V.prev}else if(z!==_&&void 0!==z){if(i=Y?ee:Z[ee],ae=z[i],ae===_||void 0===ae)continue;ce.push(i)}let fe;if(!Array.isArray(ae)){if(!j(ae))throw new Go(`Invalid AST Node: ${String(ae)}`,{node:ae});if(B&&le.includes(ae)){"function"==typeof $&&$(ae,i,z,ce,le),ce.pop();continue}const _=x(o,C(ae),s);if(_){for(const[s,i]of Object.entries(a))o[s]=i;const u={replaceWith(o,a){"function"==typeof a?a(o,ae,i,z,ce,le):z&&(z[i]=o),s||(ae=o)}};fe=await _.call(o,ae,i,z,ce,le,u)}if(fe===u)break;if(fe===w){if(!s){ce.pop();continue}}else if(void 0!==fe&&(ie.push([i,fe]),!s)){if(!j(fe)){ce.pop();continue}ae=fe}}var pe;if(void 0===fe&&de&&ie.push([i,ae]),!s)V={inArray:Y,index:ee,keys:Z,edits:ie,prev:V},Y=Array.isArray(ae),Z=Y?ae:null!==(pe=U[C(ae)])&&void 0!==pe?pe:[],ee=-1,ie=[],z!==_&&void 0!==z&&le.push(z),z=ae}while(void 0!==V);return 0!==ie.length?ie[ie.length-1][1]:s};const Uu=class CloneError extends Go{value;constructor(s,o){super(s,o),void 0!==o&&(this.value=o.value)}};const Vu=class DeepCloneError extends Uu{};const zu=class ShallowCloneError extends Uu{};const Wu=_curry2((function mapObjIndexed(s,o){return _arrayReduce((function(i,a){return i[a]=s(o[a],a,o),i}),{},ea(o))}));const Ju=_curry1((function isNil(s){return null==s}));var Hu=_curry2((function hasPath(s,o){if(0===s.length||Ju(o))return!1;for(var i=o,a=0;a{const i=Na(s,o);return Wu((s=>{if(fu(s)&&Yu("$ref",s)&&Xu(Jc,"$ref",s)){const o=Qu(["$ref"],s),a=tp("#/",o);return Qu(a.split("/"),i)}return fu(s)?dereference(s,i):s}),s)},assignSourceMap=(s,o)=>(s.startPositionRow=null==o?void 0:o.startPositionRow,s.startPositionColumn=null==o?void 0:o.startPositionColumn,s.startIndex=null==o?void 0:o.startIndex,s.endPositionRow=null==o?void 0:o.endPositionRow,s.endPositionColumn=null==o?void 0:o.endPositionColumn,s.endIndex=null==o?void 0:o.endIndex,s),cloneDeep=(s,o={})=>{const{visited:i=new WeakMap}=o,a={...o,visited:i};if(i.has(s))return i.get(s);if(s instanceof Su.KeyValuePair){const{key:o,value:u}=s,_=Cu(o)?cloneDeep(o,a):o,w=Cu(u)?cloneDeep(u,a):u,x=new Su.KeyValuePair(_,w);return i.set(s,x),x}if(s instanceof Su.ot){const mapper=s=>cloneDeep(s,a),o=[...s].map(mapper),u=new Su.ot(o);return i.set(s,u),u}if(s instanceof Su.G6){const mapper=s=>cloneDeep(s,a),o=[...s].map(mapper),u=new Su.G6(o);return i.set(s,u),u}if(Cu(s)){const o=cloneShallow(s);if(i.set(s,o),s.content)if(Cu(s.content))o.content=cloneDeep(s.content,a);else if(s.content instanceof Su.KeyValuePair)o.content=cloneDeep(s.content,a);else if(Array.isArray(s.content)){const mapper=s=>cloneDeep(s,a);o.content=s.content.map(mapper)}else o.content=s.content;else o.content=s.content;return o}throw new Vu("Value provided to cloneDeep function couldn't be cloned",{value:s})};cloneDeep.safe=s=>{try{return cloneDeep(s)}catch{return s}};const cloneShallowKeyValuePair=s=>{const{key:o,value:i}=s;return new Su.KeyValuePair(o,i)},cloneShallowElement=s=>{const o=new s.constructor;if(o.element=s.element,hasElementSourceMap(s)&&assignSourceMap(o,s),s.meta.length>0&&(o._meta=cloneDeep(s.meta)),s.attributes.length>0&&(o._attributes=cloneDeep(s.attributes)),Cu(s.content)){const i=s.content;o.content=cloneShallowElement(i)}else Array.isArray(s.content)?o.content=[...s.content]:s.content instanceof Su.KeyValuePair?o.content=cloneShallowKeyValuePair(s.content):o.content=s.content;return o},cloneShallow=s=>{if(s instanceof Su.KeyValuePair)return cloneShallowKeyValuePair(s);if(s instanceof Su.ot)return(s=>{const o=[...s];return new Su.ot(o)})(s);if(s instanceof Su.G6)return(s=>{const o=[...s];return new Su.G6(o)})(s);if(Cu(s))return cloneShallowElement(s);throw new zu("Value provided to cloneShallow function couldn't be cloned",{value:s})};cloneShallow.safe=s=>{try{return cloneShallow(s)}catch{return s}};const visitor_getNodeType=s=>Nu(s)?"ObjectElement":Mu(s)?"ArrayElement":Ru(s)?"MemberElement":ju(s)?"StringElement":Tu(s)?"BooleanElement":Pu(s)?"NumberElement":Iu(s)?"NullElement":Du(s)?"LinkElement":Lu(s)?"RefElement":void 0,visitor_cloneNode=s=>Cu(s)?cloneShallow(s):cloneNode(s),rp=pipe(visitor_getNodeType,Jc),np={ObjectElement:["content"],ArrayElement:["content"],MemberElement:["key","value"],StringElement:[],BooleanElement:[],NumberElement:[],NullElement:[],RefElement:[],LinkElement:[],Annotation:[],Comment:[],ParseResultElement:["content"]};class PredicateVisitor{result;predicate;returnOnTrue;returnOnFalse;constructor({predicate:s=es_F,returnOnTrue:o,returnOnFalse:i}={}){this.result=[],this.predicate=s,this.returnOnTrue=o,this.returnOnFalse=i}enter(s){return this.predicate(s)?(this.result.push(s),this.returnOnTrue):this.returnOnFalse}}const visitor_visit=(s,o,{keyMap:i=np,...a}={})=>visit(s,o,{keyMap:i,nodeTypeGetter:visitor_getNodeType,nodePredicate:rp,nodeCloneFn:visitor_cloneNode,...a});visitor_visit[Symbol.for("nodejs.util.promisify.custom")]=async(s,o,{keyMap:i=np,...a}={})=>visit[Symbol.for("nodejs.util.promisify.custom")](s,o,{keyMap:i,nodeTypeGetter:visitor_getNodeType,nodePredicate:rp,nodeCloneFn:visitor_cloneNode,...a});const nodeTypeGetter=s=>"string"==typeof(null==s?void 0:s.type)?s.type:visitor_getNodeType(s),sp={EphemeralObject:["content"],EphemeralArray:["content"],...np},value_visitor_visit=(s,o,{keyMap:i=sp,...a}={})=>visitor_visit(s,o,{keyMap:i,nodeTypeGetter,nodePredicate:es_T,detectCycles:!1,deleteNodeSymbol:Symbol.for("delete-node"),skipVisitingNodeSymbol:Symbol.for("skip-visiting-node"),...a});value_visitor_visit[Symbol.for("nodejs.util.promisify.custom")]=async(s,{keyMap:o=sp,...i}={})=>visitor_visit[Symbol.for("nodejs.util.promisify.custom")](s,visitor,{keyMap:o,nodeTypeGetter,nodePredicate:es_T,detectCycles:!1,deleteNodeSymbol:Symbol.for("delete-node"),skipVisitingNodeSymbol:Symbol.for("skip-visiting-node"),...i});const op=class EphemeralArray{type="EphemeralArray";content=[];reference=void 0;constructor(s){this.content=s,this.reference=[]}toReference(){return this.reference}toArray(){return this.reference.push(...this.content),this.reference}};const ip=class EphemeralObject{type="EphemeralObject";content=[];reference=void 0;constructor(s){this.content=s,this.reference={}}toReference(){return this.reference}toObject(){return Object.assign(this.reference,Object.fromEntries(this.content))}};class Visitor{ObjectElement={enter:s=>{if(this.references.has(s))return this.references.get(s).toReference();const o=new ip(s.content);return this.references.set(s,o),o}};EphemeralObject={leave:s=>s.toObject()};MemberElement={enter:s=>[s.key,s.value]};ArrayElement={enter:s=>{if(this.references.has(s))return this.references.get(s).toReference();const o=new op(s.content);return this.references.set(s,o),o}};EphemeralArray={leave:s=>s.toArray()};references=new WeakMap;BooleanElement(s){return s.toValue()}NumberElement(s){return s.toValue()}StringElement(s){return s.toValue()}NullElement(){return null}RefElement(s,...o){var i;const a=o[3];return"EphemeralObject"===(null===(i=a[a.length-1])||void 0===i?void 0:i.type)?Symbol.for("delete-node"):String(s.toValue())}LinkElement(s){return ju(s.href)?s.href.toValue():""}}const serializers_value=s=>Cu(s)?ju(s)||Pu(s)||Tu(s)||Iu(s)?s.toValue():value_visitor_visit(s,new Visitor):s;const cp=_curry3((function mergeWithKey(s,o,i){var a,u={};for(a in i=i||{},o=o||{})_has(a,o)&&(u[a]=_has(a,i)?s(a,o[a],i[a]):o[a]);for(a in i)_has(a,i)&&!_has(a,u)&&(u[a]=i[a]);return u}));const lp=_curry3((function mergeDeepWithKey(s,o,i){return cp((function(o,i,a){return _isObject(i)&&_isObject(a)?mergeDeepWithKey(s,i,a):s(o,i,a)}),o,i)}));const up=_curry2((function mergeDeepRight(s,o){return lp((function(s,o,i){return i}),s,o)}));const pp=ja(0,-1);const hp=_curry2((function apply(s,o){return s.apply(this,o)}));const dp=dc(Mc);var fp=_curry1((function empty(s){return null!=s&&"function"==typeof s["fantasy-land/empty"]?s["fantasy-land/empty"]():null!=s&&null!=s.constructor&&"function"==typeof s.constructor["fantasy-land/empty"]?s.constructor["fantasy-land/empty"]():null!=s&&"function"==typeof s.empty?s.empty():null!=s&&null!=s.constructor&&"function"==typeof s.constructor.empty?s.constructor.empty():ca(s)?[]:_isString(s)?"":_isObject(s)?{}:Ei(s)?function(){return arguments}():function _isTypedArray(s){var o=Object.prototype.toString.call(s);return"[object Uint8ClampedArray]"===o||"[object Int8Array]"===o||"[object Uint8Array]"===o||"[object Int16Array]"===o||"[object Uint16Array]"===o||"[object Int32Array]"===o||"[object Uint32Array]"===o||"[object Float32Array]"===o||"[object Float64Array]"===o||"[object BigInt64Array]"===o||"[object BigUint64Array]"===o}(s)?s.constructor.from(""):void 0}));const mp=fp;const gp=_curry1((function isEmpty(s){return null!=s&&na(s,mp(s))}));const yp=$a(1,Mc(Array.isArray)?Array.isArray:pipe(ra,Pc("Array")));const vp=ou(yp,gp);var bp=$a(3,(function(s,o,i){var a=Qu(s,i),u=Qu(pp(s),i);if(!dp(a)&&!vp(s)){var _=Ea(a,u);return hp(_,o)}}));const _p=bp;class Namespace extends Su.g${constructor(){super(),this.register("annotation",ku),this.register("comment",Ou),this.register("parseResult",Au)}}const Sp=new Namespace,createNamespace=s=>{const o=new Namespace;return fu(s)&&o.use(s),o},Ep=Sp,toolbox=()=>({predicates:{...ie},namespace:Ep}),wp={toolboxCreator:toolbox,visitorOptions:{nodeTypeGetter:visitor_getNodeType,exposeEdits:!0}},dispatchPluginsSync=(s,o,i={})=>{if(0===o.length)return s;const a=up(wp,i),{toolboxCreator:u,visitorOptions:_}=a,w=u(),x=o.map((s=>s(w))),C=mergeAll(x.map(La({},"visitor")),{..._});x.forEach(_p(["pre"],[]));const j=visitor_visit(s,C,_);return x.forEach(_p(["post"],[])),j};dispatchPluginsSync[Symbol.for("nodejs.util.promisify.custom")]=async(s,o,i={})=>{if(0===o.length)return s;const a=up(wp,i),{toolboxCreator:u,visitorOptions:_}=a,w=u(),x=o.map((s=>s(w))),C=mergeAll[Symbol.for("nodejs.util.promisify.custom")],j=visitor_visit[Symbol.for("nodejs.util.promisify.custom")],L=C(x.map(La({},"visitor")),{..._});await Promise.allSettled(x.map(_p(["pre"],[])));const B=await j(s,L,_);return await Promise.allSettled(x.map(_p(["post"],[]))),B};const refract=(s,{Type:o,plugins:i=[]})=>{const a=new o(s);return Cu(s)&&(s.meta.length>0&&(a.meta=cloneDeep(s.meta)),s.attributes.length>0&&(a.attributes=cloneDeep(s.attributes))),dispatchPluginsSync(a,i,{toolboxCreator:toolbox,visitorOptions:{nodeTypeGetter:visitor_getNodeType}})},createRefractor=s=>(o,i={})=>refract(o,{...i,Type:s});Su.Sh.refract=createRefractor(Su.Sh),Su.wE.refract=createRefractor(Su.wE),Su.Om.refract=createRefractor(Su.Om),Su.bd.refract=createRefractor(Su.bd),Su.Os.refract=createRefractor(Su.Os),Su.kT.refract=createRefractor(Su.kT),Su.Ft.refract=createRefractor(Su.Ft),Su.sI.refract=createRefractor(Su.sI),ku.refract=createRefractor(ku),Ou.refract=createRefractor(Ou),Au.refract=createRefractor(Au);const computeEdges=(s,o=new WeakMap)=>(Ru(s)?(o.set(s.key,s),computeEdges(s.key,o),o.set(s.value,s),computeEdges(s.value,o)):s.children.forEach((i=>{o.set(i,s),computeEdges(i,o)})),o);const xp=class Transcluder_Transcluder{element;edges;constructor({element:s}){this.element=s}transclude(s,o){var i;if(s===this.element)return o;if(s===o)return this.element;this.edges=null!==(i=this.edges)&&void 0!==i?i:computeEdges(this.element);const a=this.edges.get(s);return bc(a)?void 0:(Nu(a)?((s,o,i)=>{const a=i.get(s);Nu(a)&&(a.content=a.map(((u,_,w)=>w===s?(i.delete(s),i.set(o,a),o):w)))})(s,o,this.edges):Mu(a)?((s,o,i)=>{const a=i.get(s);Mu(a)&&(a.content=a.map((u=>u===s?(i.delete(s),i.set(o,a),o):u)))})(s,o,this.edges):Ru(a)&&((s,o,i)=>{const a=i.get(s);Ru(a)&&(a.key===s&&(a.key=o,i.delete(s),i.set(o,a)),a.value===s&&(a.value=o,i.delete(s),i.set(o,a)))})(s,o,this.edges),this.element)}},fromURIReference=s=>{const o=s.indexOf("#");return(s=>{try{const o=s.startsWith("#")?s.slice(1):s;return decodeURIComponent(o)}catch{return s}})(-1===o?"#":s.substring(o))},kp=function fnparser(){const s=Pp,o=jp,i=this,a="parser.js: Parser(): ";i.ast=void 0,i.stats=void 0,i.trace=void 0,i.callbacks=[];let u,_,w,x,C,j,L,B=0,$=0,U=0,V=0,z=0,Y=new function systemData(){this.state=s.ACTIVE,this.phraseLength=0,this.refresh=()=>{this.state=s.ACTIVE,this.phraseLength=0}};i.parse=(Z,ee,ie,ae)=>{const ce=`${a}parse(): `;B=0,$=0,U=0,V=0,z=0,u=void 0,_=void 0,w=void 0,x=void 0,Y.refresh(),C=void 0,j=void 0,L=void 0,x=o.stringToChars(ie),u=Z.rules,_=Z.udts;const le=ee.toLowerCase();let pe;for(const s in u)if(u.hasOwnProperty(s)&&le===u[s].lower){pe=u[s].index;break}if(void 0===pe)throw new Error(`${ce}start rule name '${startRule}' not recognized`);(()=>{const s=`${a}initializeCallbacks(): `;let o,w;for(C=[],j=[],o=0;o{if(i.phraseLength>u){let s=`${a}opRNM(${o.name}): callback function error: `;throw s+=`sysData.phraseLength: ${i.phraseLength}`,s+=` must be <= remaining chars: ${u}`,new Error(s)}switch(i.state){case s.ACTIVE:if(!_)throw new Error(`${a}opRNM(${o.name}): callback function return error. ACTIVE state not allowed.`);break;case s.EMPTY:i.phraseLength=0;break;case s.MATCH:0===i.phraseLength&&(i.state=s.EMPTY);break;case s.NOMATCH:i.phraseLength=0;break;default:throw new Error(`${a}opRNM(${o.name}): callback function return error. Unrecognized return state: ${i.state}`)}},opUDT=(o,C)=>{let $,U,V;const z=w[o],Z=_[z.index];Y.UdtIndex=Z.index,B||(V=i.ast&&i.ast.udtDefined(z.index),V&&(U=u.length+z.index,$=i.ast.getLength(),i.ast.down(U,Z.name)));const ee=x.length-C;j[z.index](Y,x,C,L),((o,i,u)=>{if(i.phraseLength>u){let s=`${a}opUDT(${o.name}): callback function error: `;throw s+=`sysData.phraseLength: ${i.phraseLength}`,s+=` must be <= remaining chars: ${u}`,new Error(s)}switch(i.state){case s.ACTIVE:throw new Error(`${a}opUDT(${o.name}) ACTIVE state return not allowed.`);case s.EMPTY:if(!o.empty)throw new Error(`${a}opUDT(${o.name}) may not return EMPTY.`);i.phraseLength=0;break;case s.MATCH:if(0===i.phraseLength){if(!o.empty)throw new Error(`${a}opUDT(${o.name}) may not return EMPTY.`);i.state=s.EMPTY}break;case s.NOMATCH:i.phraseLength=0;break;default:throw new Error(`${a}opUDT(${o.name}): callback function return error. Unrecognized return state: ${i.state}`)}})(Z,Y,ee),B||V&&(Y.state===s.NOMATCH?i.ast.setLength($):i.ast.up(U,Z.name,C,Y.phraseLength))},opExecute=(o,_)=>{const j=`${a}opExecute(): `,Z=w[o];switch(V+=1,$>U&&(U=$),$+=1,Y.refresh(),i.trace&&i.trace.down(Z,_),Z.type){case s.ALT:((o,i)=>{const a=w[o];for(let o=0;o{let u,_,x,C;const j=w[o];i.ast&&(_=i.ast.getLength()),u=!0,x=a,C=0;for(let o=0;o{let u,_,C,j;const L=w[o];if(0===L.max)return Y.state=s.EMPTY,void(Y.phraseLength=0);for(_=a,C=0,j=0,i.ast&&(u=i.ast.getLength());!(_>=x.length)&&(opExecute(o+1,_),Y.state!==s.NOMATCH)&&Y.state!==s.EMPTY&&(j+=1,C+=Y.phraseLength,_+=Y.phraseLength,j!==L.max););Y.state===s.EMPTY||j>=L.min?(Y.state=0===C?s.EMPTY:s.MATCH,Y.phraseLength=C):(Y.state=s.NOMATCH,Y.phraseLength=0,i.ast&&i.ast.setLength(u))})(o,_);break;case s.RNM:((o,a)=>{let _,j,$;const U=w[o],V=u[U.index],z=C[V.index];if(B||(j=i.ast&&i.ast.ruleDefined(U.index),j&&(_=i.ast.getLength(),i.ast.down(U.index,u[U.index].name))),z){const o=x.length-a;z(Y,x,a,L),validateRnmCallbackResult(V,Y,o,!0),Y.state===s.ACTIVE&&($=w,w=V.opcodes,opExecute(0,a),w=$,z(Y,x,a,L),validateRnmCallbackResult(V,Y,o,!1))}else $=w,w=V.opcodes,opExecute(0,a,Y),w=$;B||j&&(Y.state===s.NOMATCH?i.ast.setLength(_):i.ast.up(U.index,V.name,a,Y.phraseLength))})(o,_);break;case s.TRG:((o,i)=>{const a=w[o];Y.state=s.NOMATCH,i{const a=w[o],u=a.string.length;if(Y.state=s.NOMATCH,i+u<=x.length){for(let s=0;s{let a;const u=w[o];Y.state=s.NOMATCH;const _=u.string.length;if(0!==_){if(i+_<=x.length){for(let s=0;s<_;s+=1)if(a=x[i+s],a>=65&&a<=90&&(a+=32),a!==u.string[s])return;Y.state=s.MATCH,Y.phraseLength=_}}else Y.state=s.EMPTY})(o,_);break;case s.UDT:opUDT(o,_);break;case s.AND:((o,i)=>{switch(B+=1,opExecute(o+1,i),B-=1,Y.phraseLength=0,Y.state){case s.EMPTY:case s.MATCH:Y.state=s.EMPTY;break;case s.NOMATCH:Y.state=s.NOMATCH;break;default:throw new Error(`opAND: invalid state ${Y.state}`)}})(o,_);break;case s.NOT:((o,i)=>{switch(B+=1,opExecute(o+1,i),B-=1,Y.phraseLength=0,Y.state){case s.EMPTY:case s.MATCH:Y.state=s.NOMATCH;break;case s.NOMATCH:Y.state=s.EMPTY;break;default:throw new Error(`opNOT: invalid state ${Y.state}`)}})(o,_);break;default:throw new Error(`${j}unrecognized operator`)}B||_+Y.phraseLength>z&&(z=_+Y.phraseLength),i.stats&&i.stats.collect(Z,Y),i.trace&&i.trace.up(Z,Y.state,_,Y.phraseLength),$-=1}},Op=function fnast(){const s=Pp,o=jp,i=this;let a,u,_,w=0;const x=[],C=[],j=[];function indent(s){let o="";for(;s-- >0;)o+=" ";return o}i.callbacks=[],i.init=(s,o,L)=>{let B;C.length=0,j.length=0,w=0,a=s,u=o,_=L;const $=[];for(B=0;B