We are happy to announce that we have implemented multi-user support (along with some other features) and need your help to test it for bugs before release!
To install this beta with docker, please use the gokapi:latest-dev
tag.
Upgrading
⚠️ Make sure that you have a backup of all data! This beta might break your instance. It is not possible to downgrade afterwards
Upgrading when using OAuth2/OIDC authentication:
- A valid email must now be set for all users in the authentication backend
- Authentication is now only done by email and can be restricted by user groups
- Make sure that the env variable
GOKAPI_ADMIN_USER
is set when upgrading and contains the email of the super admin
Upgrading when using Header authentication:
- If restricting the users by username, make sure that you remove any wildcards (*) for usernames in the setup before upgrading.
- Make sure that the env variable
GOKAPI_ADMIN_USER
is set when upgrading and contains the username of the super admin (must be the same as passed in the header)
Upgrading when using no authentication:
- If you are restricting access with a proxy, make sure that you block the following urls:
- /admin
- /apiKeys
- /changePassword
- /e2eInfo
- /e2eSetup
- /logs
- /uploadChunk
- /uploadStatus
- /users
Breaking changes
Since v1.9 there have been a lot of changes to the API, please take note if you are using the API:
- A valid API key is now always required, API authentication by session is not possible anymore
/chunk/complete
and/files/duplicate
now expect the parameters as header, instead of encoded url form- Parameter
apiKeyToModify
has been renamed totargetKey
for/auth/modify
,/auth/delete
and/auth/friendlyname
- If a user, api key or file is not found, but a plausible ID was submitted, error 404 instead of 400 is returned now
- Before v2.0, if a boolean parameter was required, it was always false if anything else then "true" was sent, now it raises an error if any other value than 1, t, true, 0, f, or false is supplied
- Some API calls might be restricted by user permissions now, consult the API documentation for more information
- API keys now have a public ID as well, which can also be used for
/auth/modify
,/auth/delete
and/auth/friendlyname
astargetKey
instead of the private ID - When uploading a file through the API, defaults of 14 days, max 1 download and no password will be used, unless the respective parameters were passed. In v1.9, the previous values were used.