feat(sftp-server): support disable password login (#1357)

internal/bootstrap/data/setting.go

@@ -213,12 +213,11 @@ func InitialSettings() []model.SettingItem {
 		// ftp settings
 		{Key: conf.FTPPublicHost, Value: "127.0.0.1", Type: conf.TypeString, Group: model.FTP, Flag: model.PRIVATE},
 		{Key: conf.FTPPasvPortMap, Value: "", Type: conf.TypeText, Group: model.FTP, Flag: model.PRIVATE},
-		{Key: conf.FTPProxyUserAgent, Value: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) " +
-			"Chrome/87.0.4280.88 Safari/537.36", Type: conf.TypeString, Group: model.FTP, Flag: model.PRIVATE},
 		{Key: conf.FTPMandatoryTLS, Value: "false", Type: conf.TypeBool, Group: model.FTP, Flag: model.PRIVATE},
 		{Key: conf.FTPImplicitTLS, Value: "false", Type: conf.TypeBool, Group: model.FTP, Flag: model.PRIVATE},
 		{Key: conf.FTPTLSPrivateKeyPath, Value: "", Type: conf.TypeString, Group: model.FTP, Flag: model.PRIVATE},
 		{Key: conf.FTPTLSPublicCertPath, Value: "", Type: conf.TypeString, Group: model.FTP, Flag: model.PRIVATE},
+		{Key: conf.SFTPDisablePasswordLogin, Value: "false", Type: conf.TypeBool, Group: model.FTP, Flag: model.PRIVATE},
 
 		// traffic settings
 		{Key: conf.TaskOfflineDownloadThreadsNum, Value: strconv.Itoa(conf.Conf.Tasks.Download.Workers), Type: conf.TypeNumber, Group: model.TRAFFIC, Flag: model.PRIVATE},

internal/conf/const.go

@@ -125,13 +125,13 @@ const (
 	QbittorrentSeedtime = "qbittorrent_seedtime"
 
 	// ftp
-	FTPPublicHost        = "ftp_public_host"
-	FTPPasvPortMap       = "ftp_pasv_port_map"
-	FTPProxyUserAgent    = "ftp_proxy_user_agent"
-	FTPMandatoryTLS      = "ftp_mandatory_tls"
-	FTPImplicitTLS       = "ftp_implicit_tls"
-	FTPTLSPrivateKeyPath = "ftp_tls_private_key_path"
-	FTPTLSPublicCertPath = "ftp_tls_public_cert_path"
+	FTPPublicHost            = "ftp_public_host"
+	FTPPasvPortMap           = "ftp_pasv_port_map"
+	FTPMandatoryTLS          = "ftp_mandatory_tls"
+	FTPImplicitTLS           = "ftp_implicit_tls"
+	FTPTLSPrivateKeyPath     = "ftp_tls_private_key_path"
+	FTPTLSPublicCertPath     = "ftp_tls_public_cert_path"
+	SFTPDisablePasswordLogin = "sftp_disable_password_login"
 
 	// traffic
 	TaskOfflineDownloadThreadsNum         = "offline_download_task_threads_num"

server/ftp.go

@@ -13,6 +13,7 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/OpenListTeam/OpenList/v4/drivers/base"
 	"github.com/OpenListTeam/OpenList/v4/internal/conf"
 	"github.com/OpenListTeam/OpenList/v4/internal/model"
 	"github.com/OpenListTeam/OpenList/v4/internal/op"
@@ -80,7 +81,7 @@ func NewMainDriver() (*FtpMainDriver, error) {
 			PasvConnectionsCheck:     pasvConnCheck,
 		},
 		proxyHeader: http.Header{
-			"User-Agent": {setting.GetStr(conf.FTPProxyUserAgent)},
+			"User-Agent": {base.UserAgent},
 		},
 		clients:      make(map[uint32]ftpserver.ClientContext),
 		shutdownLock: sync.RWMutex{},

server/sftp.go

@@ -5,6 +5,7 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/OpenListTeam/OpenList/v4/drivers/base"
 	"github.com/OpenListTeam/OpenList/v4/internal/conf"
 	"github.com/OpenListTeam/OpenList/v4/internal/model"
 	"github.com/OpenListTeam/OpenList/v4/internal/op"
@@ -27,7 +28,7 @@ func NewSftpDriver() (*SftpDriver, error) {
 	sftp.InitHostKey()
 	return &SftpDriver{
 		proxyHeader: http.Header{
-			"User-Agent": {setting.GetStr(conf.FTPProxyUserAgent)},
+			"User-Agent": {base.UserAgent},
 		},
 	}, nil
 }
@@ -36,10 +37,14 @@ func (d *SftpDriver) GetConfig() *sftpd.Config {
 	if d.config != nil {
 		return d.config
 	}
+	var pwdAuth func(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) = nil
+	if !setting.GetBool(conf.SFTPDisablePasswordLogin) {
+		pwdAuth = d.PasswordAuth
+	}
 	serverConfig := ssh.ServerConfig{
 		NoClientAuth:         true,
 		NoClientAuthCallback: d.NoClientAuth,
-		PasswordCallback:     d.PasswordAuth,
+		PasswordCallback:     pwdAuth,
 		PublicKeyCallback:    d.PublicKeyAuth,
 		AuthLogCallback:      d.AuthLogCallback,
 		BannerCallback:       d.GetBanner,