5 năm trước cách đây · c1194d558c
--- a/dataprovider/dataprovider.go
+++ b/dataprovider/dataprovider.go
@@ -801,6 +801,17 @@ func validateBaseParams(user *User) error {
 
				 	return nil
			
 
				 }
			
 
				 
			
 
				+func createUserPasswordHash(user *User) error {
			
 
				+	if len(user.Password) > 0 && !utils.IsStringPrefixInSlice(user.Password, hashPwdPrefixes) {
			
 
				+		pwd, err := argon2id.CreateHash(user.Password, argon2id.DefaultParams)
			
 
				+		if err != nil {
			
 
				+			return err
			
 
				+		}
			
 
				+		user.Password = pwd
			
 
				+	}
			
 
				+	return nil
			
 
				+}
			
 
				+
			
 
				 func validateUser(user *User) error {
			
 
				 	buildUserHomeDir(user)
			
 
				 	if err := validateBaseParams(user); err != nil {
			
@@ -818,12 +829,8 @@ func validateUser(user *User) error {
 
				 	if user.Status < 0 || user.Status > 1 {
			
 
				 		return &ValidationError{err: fmt.Sprintf("invalid user status: %v", user.Status)}
			
 
				 	}
			
 
				-	if len(user.Password) > 0 && !utils.IsStringPrefixInSlice(user.Password, hashPwdPrefixes) {
			
 
				-		pwd, err := argon2id.CreateHash(user.Password, argon2id.DefaultParams)
			
 
				-		if err != nil {
			
 
				-			return err
			
 
				-		}
			
 
				-		user.Password = pwd
			
 
				+	if err := createUserPasswordHash(user); err != nil {
			
 
				+		return err
			
 
				 	}
			
 
				 	if err := validatePublicKeys(user); err != nil {
			
 
				 		return err
			
--- a/docs/account.md
+++ b/docs/account.md
@@ -42,7 +42,7 @@ For each account, the following properties can be configured:
 
				 - `s3_bucket`, required for S3 filesystem
			
 
				 - `s3_region`, required for S3 filesystem. Must match the region for your bucket. You can find here the list of available [AWS regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). For example if your bucket is at `Frankfurt` you have to set the region to `eu-central-1`
			
 
				 - `s3_access_key`
			
 
				-- `s3_access_secret`, if provided it is stored encrypted (AES-256-GCM)
			
 
				+- `s3_access_secret`, if provided it is stored encrypted (AES-256-GCM). You can leave access key and access secret blank to use credentials from environment
			
 
				 - `s3_endpoint`, specifies a S3 endpoint (server) different from AWS. It is not required if you are connecting to AWS
			
 
				 - `s3_storage_class`, leave blank to use the default or specify a valid AWS [storage class](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
			
 
				 - `s3_key_prefix`, allows to restrict access to the virtual folder identified by this prefix and its contents
			
--- a/docs/google-cloud-storage.md
+++ b/docs/google-cloud-storage.md
@@ -1,6 +1,6 @@
 
				 # Google Cloud Storage backend
			
 
				 
			
 
				-To connect SFTPGo to Google Cloud Storage, you can use use the Application Default Credentials (ADC) strategy to try to find your application's credentials automatically or you can explicitly provide a JSON credentials file that you can obtain from the Google Cloud Console. Take a look [here](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application) for details.
			
 
				+To connect SFTPGo to Google Cloud Storage you can use use the Application Default Credentials (ADC) strategy to try to find your application's credentials automatically or you can explicitly provide a JSON credentials file that you can obtain from the Google Cloud Console. Take a look [here](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application) for details.
			
 
				 
			
 
				 Specifying a different `key_prefix`, you can assign different virtual folders of the same bucket to different users. This is similar to a chroot directory for local filesystem. Each SFTP/SCP user can only access the assigned virtual folder and its contents. The virtual folder identified by `key_prefix` does not need to be pre-created.
			
 
				 
			
--- a/docs/performance.md
+++ b/docs/performance.md
@@ -128,8 +128,8 @@ Stream|Baseline MB/s|Optimized MB/s|Balanced MB/s|OpenSSH MB/s|
 
				 8|897|903|823|887|
			
 
				 
			
 
				 ### Optimizations applied
			
 
				-- AES-CTR optimization of Golang compiler, the patch hasn't been merged yet, you can apply it yourself. [Patch](https://go-review.googlesource.com/c/go/+/51670)
			
 
				-- Use [minio/sha256-simd](https://github.com/minio/sha256-simd) to accelerate MAC (Message Authentication Code) computation. In this way the tested hardware will use `Intel SHA Extensions` for SHA256 computation. This will give a significant performance boost compared to `AVX2` extensions used with the Golang's SHA256 implementation.
			
 
				+- AES-CTR optimization of Go compiler for x86_64, there is a [patch](https://go-review.googlesource.com/c/go/+/51670) that hasn't been merged yet, you can apply it yourself.
			
 
				+- Use [minio/sha256-simd](https://github.com/minio/sha256-simd) to accelerate MAC (Message Authentication Code) computation. In this way the tested hardware will use `Intel SHA Extensions` for SHA256 computation. This will give a significant performance boost compared to `AVX2` extensions used with the Go's SHA256 implementation. This patch is now included in SFTPGo master branch.
			
 
				 ```
			
 
				 diff --git a/go.mod b/go.mod
			
 
				 index f1b2caa..109e064 100644
			
@@ -142,7 +142,7 @@ index f1b2caa..109e064 100644
 
				 +
			
 
				 +replace golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20200303175438-17ef3d252b1c
			
 
				 ```
			
 
				-- A new allocator for `pkg/sftp` which greatly improve parallel loads. We are discussing about this patch with `pkg/sftp` maintainers [here](https://github.com/pkg/sftp/issues/334).
			
 
				+- A new allocator for `pkg/sftp` which greatly improve parallel loads. We are discussing about this patch with `pkg/sftp` maintainers [here](https://github.com/pkg/sftp/pull/344).
			
 
				 ```
			
 
				 diff --git a/go.mod b/go.mod
			
 
				 index 109e064..4d67a47 100644
			
@@ -152,7 +152,7 @@ index 109e064..4d67a47 100644
 
				  replace github.com/eikenb/pipeat v0.0.0-20190316224601-fb1f3a9aa29f => github.com/drakkan/pipeat v0.0.0-20200123131427-11c048cfc0ec
			
 
				 
			
 
				  replace golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20200303175438-17ef3d252b1c
			
 
				-+replace github.com/pkg/sftp => github.com/drakkan/sftp v0.0.0-20200227085621-6b4abaad1b9a
			
 
				++replace github.com/pkg/sftp => github.com/drakkan/sftp v0.0.0-20200319122022-2fc68482d27f
			
 
				 ```
			
 
				 
			
 
				 ### HAProxy configuration
			
--- a/docs/profiling.md
+++ b/docs/profiling.md
@@ -16,7 +16,7 @@ The following profiles are available, you can obtain them via HTTP GET requests:
 
				 - `threadcreate`, stack traces that led to the creation of new OS threads
			
 
				 - `trace`, a trace of execution of the current program. You can specify the duration in the `seconds` GET parameter. After you get the trace file, use the `go tool trace` command to investigate the trace
			
 
				 
			
 
				-Let's see some examples:
			
 
				+For example you can:
			
 
				 
			
 
				 - download a 30 seconds CPU profile from the URL `/debug/pprof/profile?seconds=30`
			
 
				 - download a sampling of memory allocations of live objects from the URL `/debug/pprof/heap?gc=1`