Merge pull request #204 from GreyOBox/increase-size-of-name-fields

fix: increase size of name fields
2020-08-19 18:27:33 +02:00 · 2020-08-19 18:23:36 +02:00 · 2020-08-10 18:22:45 +02:00 · 2020-08-10 18:22:15 +02:00 · 2020-08-09 17:14:22 +02:00 · 2020-08-09 00:30:36 +02:00
28 changed files with 332 additions and 1104 deletions
--- a/.assets/bastion.jpg
+++ b/.assets/bastion.jpg
--- a/.assets/cluster-mysql.svg
+++ b/.assets/cluster-mysql.svg
--- a/.assets/demo.gif
+++ b/.assets/demo.gif
--- a/.assets/flow-diagram.png
+++ b/.assets/flow-diagram.png
--- a/.assets/flow-diagram.svg
+++ b/.assets/flow-diagram.svg
--- a/.assets/overview.png
+++ b/.assets/overview.png
--- a/.assets/overview.svg
+++ b/.assets/overview.svg
--- a/.assets/sql-schema.svg
+++ b/.assets/sql-schema.svg
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,7 +1,7 @@
 defaults: &defaults
  working_directory: /go/src/moul.io/sshportal
  docker:
-    - image: circleci/golang:1.14.4
+    - image: circleci/golang:1.14.7
  environment:
    GO111MODULE: "on"

--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,17 @@
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Collapse vendored and generated files on GitHub
+AUTHORS linguist-generated
+vendor/* linguist-vendored
+rules.mk linguist-vendored
+*/vendor/* linguist-vendored
+*.gen.* linguist-generated
+*.pb.go linguist-generated
+*.pb.gw.go linguist-generated
+go.sum linguist-generated
+go.mod linguist-generated
+gen.sum linguist-generated
+
+# Reduce conflicts on markdown files
+*.md merge=union
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -22,7 +22,7 @@ jobs:
      - name: lint
        uses: golangci/golangci-lint-action@v0.1.7
        with:
-          version: v1.26
+          version: v1.28
          github-token: ${{ secrets.GITHUB_TOKEN }}
  tests-on-windows:
    needs: golangci-lint # run after golangci-lint action to not produce duplicated errors
--- a/.gitignore
+++ b/.gitignore
@@ -7,4 +7,6 @@ dist/
 /log/
 /sshportal
 *.db
-/data
+/data
+sshportal.history
+.idea
--- a/2
+++ b/2
@@ -7,6 +7,7 @@ Alexander Turner <me@alexturner.co>
 bozzo <bozzo@users.noreply.github.com>
 fossabot <badges@fossa.io>
 Jean-Louis Férey <jeanlouis.ferey@orange.com>
+jerard@alfa-safety.fr <jrrdev@users.noreply.github.com>
 Jess <jessachandler@gmail.com>
 Jonathan Lestrelin <jonathan.lestrelin@gmail.com>
 Julien Dessaux <julien.dessaux@adyxax.org>
@@ -18,6 +19,7 @@ Manuel Sabban <msa@nbs-system.com>
 Mathieu Pasquet <mathieu.pasquet@alterway.fr>
 Mikael Rapp <micke.rapp@gmail.com>
 MitaliBo <mitali.bisht14@gmail.com>
+moul-bot <bot@moul.io>
 Nelly Asher <karmelylle@rambler.ru>
 NocFlame <aad@nocflame.se>
 Quentin Perez <qperez42@gmail.com>
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,121 +1,3 @@
 # Changelog

-## master (unreleased)
-
-* No entry
-
-## v1.10.0 (2019-06-24)
-
-* Bump deps, now using github.com/gliderlabs/ssh upstream
-* Fix Windows build ([#101](https://github.com/moul/sshportal/pull/101)) by [@Raerten](https://github.com/Raerten)
-* Use environment variables for settings ([#98](https://github.com/moul/sshportal/pull/98)) by [@Raerten](https://github.com/Raerten)
-* Fix 'userkey create' ([#111](https://github.com/moul/sshportal/pull/111)) by [@shawn111](https://github.com/shawn111)
-* Set log files mode to 440 instead of 640 ([#134](https://github.com/moul/sshportal/pull/134)) by [@jle64](https://github.com/jle64)
-* Allow to create a host using an IP as name ([#135](https://github.com/moul/sshportal/pull/135)) by [@jle64](https://github.com/jle64)
-* Add username and session ID to session log filename ([#133](https://github.com/moul/sshportal/pull/133)) by [@jle64](https://github.com/jle64)
-* Unable to use encrypted SSH private keys ([#124](https://github.com/moul/sshportal/pull/124)) by [@welderpb](https://github.com/welderpb)
-* Fix format of ID in new session + closing channel if host is unreachable ([#123](https://github.com/moul/sshportal/pull/123)) by [@vdaviot](https://github.com/vdaviot)
-* Refactor the main package with a focus on splitting up into packages ([#113](https://github.com/moul/sshportal/pull/113)) by [@ahamidullah](https://github.com/ahamidullah)
-
-
-## v1.9.0 (2018-11-18)
-
-* Add `hostgroup update` and `usergroup update` commands ([#58](https://github.com/moul/sshportal/pull/58)) by [@adyxax](https://github.com/adyxax)
-* Add socket timeout ([#80](https://github.com/moul/sshportal/pull/80)) by [@ahhx](https://github.com/ahhx)
-* Add a flag to list only active sessions ([#76](https://github.com/moul/sshportal/pull/76)) by [@vdaviot](https://github.com/vdaviot)
-* Unset hop on host ([#74](https://github.com/moul/sshportal/pull/74)) by [@vdaviot](https://github.com/vdaviot)
-* Fix session status and duration display ([#75](https://github.com/moul/sshportal/pull/75)) by [@vdaviot](https://github.com/vdaviot)
-* Fix log path and filename on Windows ([#78](https://github.com/moul/sshportal/pull/78)) by [@Raerten](https://github.com/Raerten)
-* Admin user is not editable ([#69](https://github.com/moul/sshportal/pull/69)) by [@alenn-m](https://github.com/alenn-m)
-* Switch to go modules (go1.11) ([#83](https://github.com/moul/sshportal/pull/83))
-* Switch to moul.io/sshportal canonical URL ([#86](https://github.com/moul/sshportal/pull/86))
-* Switch to golangci-lint ([#87](https://github.com/moul/sshportal/pull/87))
-
-## v1.8.0 (2018-04-02)
-
-* The default created user now has the same username as the user starting sshportal (was hardcoded "admin")
-* Add Telnet support
-* Add TTY audit feature ([#23](https://github.com/moul/sshportal/issues/23)) by [@sabban](https://github.com/sabban)
-* Fix `--assign-*` commands when using MySQL driver ([#45](https://github.com/moul/sshportal/issues/45))
-* Add *HOP* support, an efficient and integrated way of using a jump host transparently ([#47](https://github.com/moul/sshportal/issues/47)) by [@mathieui](https://github.com/mathieui)
-* Fix panic on some `ls` commands ([#54](https://github.com/moul/sshportal/pull/54)) by [@jle64](https://github.com/jle64)
-* Add tunnels (`direct-tcp`) support with logging ([#44](https://github.com/moul/sshportal/issues/44)) by [@sabban](https://github.com/sabban)
-* Add `key import` command ([#52](https://github.com/moul/sshportal/issues/52)) by [@adyxax](https://github.com/adyxax)
-* Add 'exec' logging ([#40](https://github.com/moul/sshportal/issues/40)) by [@sabban](https://github.com/sabban)
-
-## v1.7.1 (2018-01-03)
-
-* Return non-null exit-code on authentication error
-* **hotfix**: repair invite system (broken in v1.7.0)
-
-## v1.7.0 (2018-01-02)
-
-Breaking changes:
-* Use `sshportal server` instead of `sshportal` to start a new server (nothing to change if using the docker image)
-* Remove `--config-user` and `--healthcheck-user` global options
-
-Changes:
-* Fix connection failure when sending too many environment variables (fix [#22](https://github.com/moul/sshportal/issues/22))
-* Fix panic when entering empty command (fix [#13](https://github.com/moul/sshportal/issues/13))
-* Add `config backup --ignore-events` option
-* Add `sshportal healthcheck [--addr=] [--wait] [--quiet]` cli command
-* Add [Docker Healthcheck](https://docs.docker.com/engine/reference/builder/#healthcheck) helper
-* Support Putty (fix [#24](https://github.com/moul/sshportal/issues/24))
-
-## v1.6.0 (2017-12-12)
-
-* Add `--latest` and `--quiet` options to `ls` commands
-* Add `healthcheck` user
-* Add `key show KEY` command
-
-## v1.5.0 (2017-12-02)
-
-* Create Session objects on each connections (history)
-* Connection history
-* Audit log
-* Add dynamic strict host key checking (learning on the first time, strict on the next ones)
-* Add-back MySQL support (experimental)
-* Fix some backup/restore bugs
-
-## v1.4.0 (2017-11-24)
-
-* Add 'key setup' command (easy SSH key installation)
-* Add Updated and Created fields in 'ls' commands
-* Add `--aes-key` option to encrypt sensitive data
-
-## v1.3.0 (2017-11-23)
-
-* More details in 'ls' commands
-* Add 'host update' command (fix [#2](https://github.com/moul/sshportal/issues/2))
-* Add 'user update' command (fix [#3](https://github.com/moul/sshportal/issues/3))
-* Add 'acl update' command (fix [#4](https://github.com/moul/sshportal/issues/4))
-* Allow connecting to the shell mode with the registered username or email (fix [#5](https://github.com/moul/sshportal/issues/5))
-* Add 'listhosts' role (fix [#5](https://github.com/moul/sshportal/issues/5))
-
-## v1.2.0 (2017-11-22)
-
-* Support adding multiple `--group` links on `host create` and `user create`
-* Use govalidator to perform more consistent input validation
-* Use a database migration system
-
-## v1.1.0 (2017-11-15)
-
-* Improve versionning (static VERSION + dynamic GIT_* info)
-* Configuration management (backup + restore)
-* Implement Exit (fix [#6](https://github.com/moul/sshportal/pull/6))
-* Disable mysql support (not fully working right now)
-* Set random seed properly
-
-## v1.0.0 (2017-11-14)
-
-Initial version
-
-* Host management
-* User management
-* User Group management
-* Host Group management
-* Host Key management
-* User Key management
-* ACL management
-* Connect to host using key or password
-* Admin commands can be run directly or in an interactive shell
+Here: https://github.com/moul/sshportal/releases
--- a/2
+++ b/2
@@ -1,5 +1,5 @@
 # build
-FROM golang:1.14.4 as builder
+FROM golang:1.14.7 as builder
 ENV             GO111MODULE=on
 WORKDIR         /go/src/moul.io/sshportal
 COPY            go.mod go.sum ./
--- a/1
+++ b/1
@@ -5,6 +5,7 @@ DOCKER_IMAGE ?= moul/sshportal
 VERSION ?= `git describe --tags --always`
 VCS_REF ?= `git rev-parse --short HEAD`
 GO_INSTALL_OPTS = -ldflags="-X main.GitSha=$(VCS_REF) -X main.GitTag=$(VERSION)"
+PORT ?= 2222

 include rules.mk

--- a/README.md
+++ b/README.md
@@ -9,6 +9,8 @@

 Jump host/Jump server without the jump, a.k.a Transparent SSH bastion

+<img src="https://raw.githubusercontent.com/moul/sshportal/master/.assets/bastion.jpg" width="50%">
+
 Features include: independence of users and hosts, convenient user invite system, connecting to servers that don't support SSH keys, various levels of access, and many more. Easy to install, run and configure.

 ![Flow Diagram](https://raw.githubusercontent.com/moul/sshportal/master/.assets/flow-diagram.png)
@@ -326,11 +328,11 @@ event inspect [-h] EVENT...

 # host management
 host help
-host create [-h] [--name=<value>] [--password=<value>] [--comment=<value>] [--key=KEY] [--group=HOSTGROUP...] [--hop=HOST] <username>[:<password>]@<host>[:<port>]
+host create [-h] [--name=<value>] [--password=<value>] [--comment=<value>] [--key=KEY] [--group=HOSTGROUP...] [--hop=HOST] [--logging=MODE] <username>[:<password>]@<host>[:<port>]
 host inspect [-h] [--decrypt] HOST...
 host ls [-h] [--latest] [--quiet]
 host rm [-h] HOST...
-host update [-h] [--name=<value>] [--comment=<value>] [--key=KEY] [--assign-group=HOSTGROUP...] [--unassign-group=HOSTGROUP...] [--set-hop=HOST] [--unset-hop] HOST...
+host update [-h] [--name=<value>] [--comment=<value>] [--key=KEY] [--assign-group=HOSTGROUP...] [--unassign-group=HOSTGROUP...] [--logging-MODE] [--set-hop=HOST] [--unset-hop] HOST...

 # hostgroup management
 hostgroup help
@@ -499,3 +501,7 @@ Support this project with your organization. Your logo will show up here with a
 <a href="https://opencollective.com/sshportal/organization/7/website"><img src="https://opencollective.com/sshportal/organization/7/avatar.svg"></a>
 <a href="https://opencollective.com/sshportal/organization/8/website"><img src="https://opencollective.com/sshportal/organization/8/avatar.svg"></a>
 <a href="https://opencollective.com/sshportal/organization/9/website"><img src="https://opencollective.com/sshportal/organization/9/avatar.svg"></a>
+
+### Stargazers over time
+
+[![Stargazers over time](https://starchart.cc/moul/sshportal.svg)](https://starchart.cc/moul/sshportal)
--- a/go.mod
+++ b/go.mod
@@ -9,22 +9,23 @@ require (
 	github.com/docker/docker v1.13.1
 	github.com/dustin/go-humanize v1.0.0
 	github.com/gliderlabs/ssh v0.3.0
-	github.com/go-sql-driver/mysql v1.5.0 // indirect
+	github.com/go-sql-driver/mysql v1.5.0
 	github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect
-	github.com/jinzhu/gorm v1.9.14
+	github.com/jinzhu/gorm v1.9.15
 	github.com/kr/pty v1.1.8
 	github.com/mattn/go-colorable v0.1.6 // indirect
 	github.com/mattn/go-runewidth v0.0.9 // indirect
 	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
-	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b
+	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d
 	github.com/olekukonko/tablewriter v0.0.4
+	github.com/pkg/errors v0.9.1
 	github.com/reiver/go-oi v1.0.0
 	github.com/reiver/go-telnet v0.0.0-20180421082511-9ff0b2ab096e
 	github.com/sabban/bastion v0.0.0-20180110125408-b9d3c9b1f4d3
 	github.com/smartystreets/assertions v0.0.0-20190401211740-f487f9de1cd3 // indirect
 	github.com/smartystreets/goconvey v1.6.4
 	github.com/urfave/cli v1.22.4
-	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
+	golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
 	golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980 // indirect
 	gopkg.in/gormigrate.v1 v1.6.0
 	moul.io/srand v1.4.0
--- a/go.sum
+++ b/go.sum
@@ -6,11 +6,9 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY=
 github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/creack/pty v1.1.7 h1:6pwm8kMQKCmgUg0ZHTm5+/YvRK0s3THD/28+T6/kk4A=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -28,11 +26,9 @@ github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 h1:Yzb9+7DP
 github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0=
 github.com/gliderlabs/ssh v0.3.0 h1:7GcKy4erEljCE/QeQ2jTVpu+3f3zkpZOxOJjFYkMqYU=
 github.com/gliderlabs/ssh v0.3.0/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
-github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
-github.com/gofrs/uuid v3.2.0+incompatible h1:y12jRkkFxsd7GpqdSZ+/KCs/fJbqpEXSGd4+jfEaewE=
 github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
@@ -41,17 +37,12 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e h1:JKmoR8x90Iww1ks85zJ1lfDGgIiMDuIptTOhJq+zKyg=
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/jinzhu/gorm v1.9.2 h1:lCvgEaqe/HVE+tjAR2mt4HbbHAZsQOv3XAZiEZV37iw=
 github.com/jinzhu/gorm v1.9.2/go.mod h1:Vla75njaFJ8clLU1W44h34PjIkijhjHIYnZxMqCdxqo=
-github.com/jinzhu/gorm v1.9.12 h1:Drgk1clyWT9t9ERbzHza6Mj/8FY/CqMyVzOiHviMo6Q=
-github.com/jinzhu/gorm v1.9.12/go.mod h1:vhTjlKSJUTWNtcbQtrMBFCxy7eXTzeCAzfL5fBZT/Qs=
-github.com/jinzhu/gorm v1.9.14 h1:Kg3ShyTPcM6nzVo148fRrcMO6MNKuqtOUwnzqMgVniM=
-github.com/jinzhu/gorm v1.9.14/go.mod h1:G3LB3wezTOWM2ITLzPxEXgSkOXAntiLHS7UdBefADcs=
-github.com/jinzhu/inflection v0.0.0-20180308033659-04140366298a h1:eeaG9XMUvRBYXJi4pg1ZKM7nxc5AfXfojeLLW7O5J3k=
+github.com/jinzhu/gorm v1.9.15 h1:OdR1qFvtXktlxk73XFYMiYn9ywzTwytqe4QkuMRqc38=
+github.com/jinzhu/gorm v1.9.15/go.mod h1:G3LB3wezTOWM2ITLzPxEXgSkOXAntiLHS7UdBefADcs=
 github.com/jinzhu/inflection v0.0.0-20180308033659-04140366298a/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
-github.com/jinzhu/now v0.0.0-20181116074157-8ec929ed50c3 h1:xvj06l8iSwiWpYgm8MbPp+naBg+pwfqmdXabzqPCn/8=
 github.com/jinzhu/now v0.0.0-20181116074157-8ec929ed50c3/go.mod h1:oHTiXerJ20+SfYcrdlBO7rzZRJWGwSTQ0iUY2jI6Gfc=
 github.com/jinzhu/now v1.0.1 h1:HjfetcXq097iXP0uoPCdnM4Efp5/9MsM0/M+XOTeR3M=
 github.com/jinzhu/now v1.0.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
@@ -61,7 +52,6 @@ github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI=
 github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
-github.com/lib/pq v1.0.0 h1:X5PMW56eZitiTeO7tKzZxFCSpbFZJtkMMooicw2us9A=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.1.1 h1:sJZmqHoEaY7f+NPP8pgLB/WxulyR3fewgCM2qaSlBb4=
 github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
@@ -72,16 +62,16 @@ github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Ky
 github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
-github.com/mattn/go-sqlite3 v1.10.0 h1:jbhqpg7tQe4SupckyijYiy0mJJ/pRyHvXf7JdWK860o=
 github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.14.0/go.mod h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71ShQilpsus=
-github.com/mattn/go-sqlite3 v2.0.1+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
 github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b h1:j7+1HpAFS1zy5+Q4qx1fWh90gTKwiN4QCGoY9TWyyO4=
-github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
+github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
+github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
 github.com/olekukonko/tablewriter v0.0.4 h1:vHD/YYe1Wolo78koG299f7V/VAS08c6IpCLn+Ejf/w8=
 github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/reiver/go-oi v1.0.0 h1:nvECWD7LF+vOs8leNGV/ww+F2iZKf3EYjYZ527turzM=
@@ -108,10 +98,8 @@ golang.org/x/crypto v0.0.0-20181112202954-3d3f9f413869/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 h1:vEg9joUBmeBcK9iSJftGNf3coIG4HqZElCPehJsfAYM=
-golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
+golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -128,7 +116,6 @@ golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/gormigrate.v1 v1.6.0 h1:XpYM6RHQPmzwY7Uyu+t+xxMXc86JYFJn4nEc9HzQjsI=
 gopkg.in/gormigrate.v1 v1.6.0/go.mod h1:Lf00lQrHqfSYWiTtPcyQabsDdM6ejZaMgV0OU6JMSlw=
--- a/main.go
+++ b/main.go
@@ -6,7 +6,9 @@ import (
 	"os"
 	"path"

+	_ "github.com/go-sql-driver/mysql"
 	_ "github.com/jinzhu/gorm/dialects/mysql"
+	_ "github.com/jinzhu/gorm/dialects/postgres"
 	_ "github.com/jinzhu/gorm/dialects/sqlite"
 	"github.com/urfave/cli"
 	"moul.io/srand"
--- a/pkg/bastion/acl.go
+++ b/pkg/bastion/acl.go
@@ -1,7 +1,8 @@
-package bastion // import "moul.io/sshportal/pkg/bastion"
+package bastion

 import (
 	"sort"
+	"time"

 	"moul.io/sshportal/pkg/dbmodels"
 )
@@ -13,6 +14,8 @@ func (a byWeight) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
 func (a byWeight) Less(i, j int) bool { return a[i].Weight < a[j].Weight }

 func checkACLs(user dbmodels.User, host dbmodels.Host) string {
+	currentTime := time.Now()
+
 	// shared ACLs between user and host
 	aclMap := map[uint]*dbmodels.ACL{}
 	for _, userGroup := range user.Groups {
@@ -20,7 +23,10 @@ func checkACLs(user dbmodels.User, host dbmodels.Host) string {
 			for _, hostGroup := range host.Groups {
 				for _, hostGroupACL := range hostGroup.ACLs {
 					if userGroupACL.ID == hostGroupACL.ID {
-						aclMap[userGroupACL.ID] = userGroupACL
+						if (userGroupACL.Inception == nil || currentTime.After(*userGroupACL.Inception)) &&
+							(userGroupACL.Expiration == nil || currentTime.Before(*userGroupACL.Expiration)) {
+							aclMap[userGroupACL.ID] = userGroupACL
+						}
 					}
 				}
 			}
--- a/pkg/bastion/dbinit.go
+++ b/pkg/bastion/dbinit.go
@@ -40,14 +40,13 @@ func DBInit(db *gorm.DB) error {
 			ID: "2",
 			Migrate: func(tx *gorm.DB) error {
 				type SSHKey struct {
-					// FIXME: use uuid for ID
 					gorm.Model
 					Name        string
 					Type        string
 					Length      uint
 					Fingerprint string
-					PrivKey     string           `sql:"size:10000"`
-					PubKey      string           `sql:"size:10000"`
+					PrivKey     string           `sql:"size:5000"`
+					PubKey      string           `sql:"size:1000"`
 					Hosts       []*dbmodels.Host `gorm:"ForeignKey:SSHKeyID"`
 					Comment     string
 				}
@@ -60,7 +59,6 @@ func DBInit(db *gorm.DB) error {
 			ID: "3",
 			Migrate: func(tx *gorm.DB) error {
 				type Host struct {
-					// FIXME: use uuid for ID
 					gorm.Model
 					Name        string `gorm:"size:32"`
 					Addr        string
@@ -82,7 +80,7 @@ func DBInit(db *gorm.DB) error {
 			Migrate: func(tx *gorm.DB) error {
 				type UserKey struct {
 					gorm.Model
-					Key     []byte         `sql:"size:10000"`
+					Key     []byte         `sql:"size:1000"`
 					UserID  uint           ``
 					User    *dbmodels.User `gorm:"ForeignKey:UserID"`
 					Comment string
@@ -96,7 +94,6 @@ func DBInit(db *gorm.DB) error {
 			ID: "5",
 			Migrate: func(tx *gorm.DB) error {
 				type User struct {
-					// FIXME: use uuid for ID
 					gorm.Model
 					IsAdmin     bool
 					Email       string
@@ -344,8 +341,8 @@ func DBInit(db *gorm.DB) error {
 			Migrate: func(tx *gorm.DB) error {
 				type UserKey struct {
 					gorm.Model
-					Key           []byte         `sql:"size:10000" valid:"required,length(1|10000)"`
-					AuthorizedKey string         `sql:"size:10000" valid:"required,length(1|10000)"`
+					Key           []byte         `sql:"size:1000" valid:"required,length(1|1000)"`
+					AuthorizedKey string         `sql:"size:1000" valid:"required,length(1|1000)"`
 					UserID        uint           ``
 					User          *dbmodels.User `gorm:"ForeignKey:UserID"`
 					Comment       string         `valid:"optional"`
@@ -382,17 +379,16 @@ func DBInit(db *gorm.DB) error {
 			ID: "25",
 			Migrate: func(tx *gorm.DB) error {
 				type Host struct {
-					// FIXME: use uuid for ID
 					gorm.Model
 					Name        string                `gorm:"size:32" valid:"required,length(1|32),unix_user"`
 					Addr        string                `valid:"required"`
 					User        string                `valid:"optional"`
 					Password    string                `valid:"optional"`
-					SSHKey      *dbmodels.SSHKey      `gorm:"ForeignKey:SSHKeyID"` // SSHKey used to connect by the client
+					SSHKey      *dbmodels.SSHKey      `gorm:"ForeignKey:SSHKeyID"`
 					SSHKeyID    uint                  `gorm:"index"`
-					HostKey     []byte                `sql:"size:10000" valid:"optional"`
+					HostKey     []byte                `sql:"size:1000" valid:"optional"`
 					Groups      []*dbmodels.HostGroup `gorm:"many2many:host_host_groups;"`
-					Fingerprint string                `valid:"optional"` // FIXME: replace with hostKey ?
+					Fingerprint string                `valid:"optional"`
 					Comment     string                `valid:"optional"`
 				}
 				return tx.AutoMigrate(&Host{}).Error
@@ -443,7 +439,6 @@ func DBInit(db *gorm.DB) error {
 			ID: "28",
 			Migrate: func(tx *gorm.DB) error {
 				type Host struct {
-					// FIXME: use uuid for ID
 					gorm.Model
 					Name     string `gorm:"size:32"`
 					Addr     string
@@ -452,7 +447,7 @@ func DBInit(db *gorm.DB) error {
 					URL      string
 					SSHKey   *dbmodels.SSHKey      `gorm:"ForeignKey:SSHKeyID"`
 					SSHKeyID uint                  `gorm:"index"`
-					HostKey  []byte                `sql:"size:10000"`
+					HostKey  []byte                `sql:"size:1000"`
 					Groups   []*dbmodels.HostGroup `gorm:"many2many:host_host_groups;"`
 					Comment  string
 				}
@@ -465,7 +460,29 @@ func DBInit(db *gorm.DB) error {
 			ID: "29",
 			Migrate: func(tx *gorm.DB) error {
 				type Host struct {
-					// FIXME: use uuid for ID
+					gorm.Model
+					Name     string `gorm:"size:32"`
+					Addr     string
+					User     string
+					Password string
+					URL      string
+					SSHKey   *dbmodels.SSHKey      `gorm:"ForeignKey:SSHKeyID"`
+					SSHKeyID uint                  `gorm:"index"`
+					HostKey  []byte                `sql:"size:1000"`
+					Groups   []*dbmodels.HostGroup `gorm:"many2many:host_host_groups;"`
+					Comment  string
+					Hop      *dbmodels.Host
+					HopID    uint
+				}
+				return tx.AutoMigrate(&Host{}).Error
+			},
+			Rollback: func(tx *gorm.DB) error {
+				return fmt.Errorf("not implemented")
+			},
+		}, {
+			ID: "30",
+			Migrate: func(tx *gorm.DB) error {
+				type Host struct {
 					gorm.Model
 					Name     string `gorm:"size:32"`
 					Addr     string
@@ -478,13 +495,35 @@ func DBInit(db *gorm.DB) error {
 					Groups   []*dbmodels.HostGroup `gorm:"many2many:host_host_groups;"`
 					Comment  string
 					Hop      *dbmodels.Host
+					Logging  string
 					HopID    uint
 				}
 				return tx.AutoMigrate(&Host{}).Error
 			},
-			Rollback: func(tx *gorm.DB) error {
-				return fmt.Errorf("not implemented")
+			Rollback: func(tx *gorm.DB) error { return fmt.Errorf("not implemented") },
+		}, {
+			ID: "31",
+			Migrate: func(tx *gorm.DB) error {
+				return tx.Model(&dbmodels.Host{}).Updates(&dbmodels.Host{Logging: "everything"}).Error
 			},
+			Rollback: func(tx *gorm.DB) error { return fmt.Errorf("not implemented") },
+		}, {
+			ID: "32",
+			Migrate: func(tx *gorm.DB) error {
+				type ACL struct {
+					gorm.Model
+					HostGroups  []*dbmodels.HostGroup `gorm:"many2many:host_group_acls;"`
+					UserGroups  []*dbmodels.UserGroup `gorm:"many2many:user_group_acls;"`
+					HostPattern string                `valid:"optional"`
+					Action      string                `valid:"required"`
+					Weight      uint                  ``
+					Comment     string                `valid:"optional"`
+					Inception   *time.Time
+					Expiration  *time.Time
+				}
+				return tx.AutoMigrate(&ACL{}).Error
+			},
+			Rollback: func(tx *gorm.DB) error { return fmt.Errorf("not implemented") },
 		},
 	})
 	if err := m.Migrate(); err != nil {
--- a/pkg/bastion/session.go
+++ b/pkg/bastion/session.go
@@ -3,20 +3,23 @@ package bastion // import "moul.io/sshportal/pkg/bastion"
 import (
 	"fmt"
 	"io"
+	"io/ioutil"
 	"log"
 	"os"
-	"strings"
+	"path/filepath"
 	"time"

 	"github.com/gliderlabs/ssh"
+	"github.com/pkg/errors"
 	"github.com/sabban/bastion/pkg/logchannel"
 	gossh "golang.org/x/crypto/ssh"
 )

 type sessionConfig struct {
 	Addr         string
-	Logs         string
+	LogsLocation string
 	ClientConfig *gossh.ClientConfig
+	LoggingMode  string
 }

 func multiChannelHandler(conn *gossh.ServerConn, newChan gossh.NewChannel, ctx ssh.Context, configs []sessionConfig, sessionID uint) error {
@@ -62,7 +65,7 @@ func multiChannelHandler(conn *gossh.ServerConn, newChan gossh.NewChannel, ctx s
 		actx := ctx.Value(authContextKey).(*authContext)
 		username := actx.user.Name
 		// pipe everything
-		return pipe(lreqs, rreqs, lch, rch, configs[len(configs)-1].Logs, user, username, sessionID, newChan)
+		return pipe(lreqs, rreqs, lch, rch, configs[len(configs)-1], user, username, sessionID, newChan)
 	case "direct-tcpip":
 		lch, lreqs, err := newChan.Accept()
 		// TODO: defer clean closer
@@ -107,7 +110,7 @@ func multiChannelHandler(conn *gossh.ServerConn, newChan gossh.NewChannel, ctx s
 		actx := ctx.Value(authContextKey).(*authContext)
 		username := actx.user.Name
 		// pipe everything
-		return pipe(lreqs, rreqs, lch, rch, configs[len(configs)-1].Logs, user, username, sessionID, newChan)
+		return pipe(lreqs, rreqs, lch, rch, configs[len(configs)-1], user, username, sessionID, newChan)
 	default:
 		if err := newChan.Reject(gossh.UnknownChannelType, "unsupported channel type"); err != nil {
 			log.Printf("failed to reject chan: %v", err)
@@ -116,7 +119,7 @@ func multiChannelHandler(conn *gossh.ServerConn, newChan gossh.NewChannel, ctx s
 	}
 }

-func pipe(lreqs, rreqs <-chan *gossh.Request, lch, rch gossh.Channel, logsLocation string, user string, username string, sessionID uint, newChan gossh.NewChannel) error {
+func pipe(lreqs, rreqs <-chan *gossh.Request, lch, rch gossh.Channel, sessConfig sessionConfig, user string, username string, sessionID uint, newChan gossh.NewChannel) error {
 	defer func() {
 		_ = lch.Close()
 		_ = rch.Close()
@@ -126,36 +129,51 @@ func pipe(lreqs, rreqs <-chan *gossh.Request, lch, rch gossh.Channel, logsLocati
 	quit := make(chan string, 1)
 	channeltype := newChan.ChannelType()

-	filename := strings.Join([]string{logsLocation, "/", user, "-", username, "-", channeltype, "-", fmt.Sprint(sessionID), "-", time.Now().Format(time.RFC3339)}, "") // get user
-	f, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0440)
-	defer func() {
-		_ = f.Close()
-	}()
-
-	if err != nil {
-		log.Fatalf("error: %v", err)
+	var logWriter io.WriteCloser = newDiscardWriteCloser()
+	if sessConfig.LoggingMode != "disabled" {
+		filename := filepath.Join(sessConfig.LogsLocation, fmt.Sprintf("%s-%s-%s-%d-%s", user, username, channeltype, sessionID, time.Now().Format(time.RFC3339)))
+		f, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0440)
+		if err != nil {
+			return errors.Wrap(err, "open log file")
+		}
+		defer func() {
+			_ = f.Close()
+		}()
+		log.Printf("Session %v is recorded in %v", channeltype, filename)
+		logWriter = f
 	}

-	log.Printf("Session %v is recorded in %v", channeltype, filename)
 	if channeltype == "session" {
-		wrappedlch := logchannel.New(lch, f)
-		go func(quit chan string) {
-			_, _ = io.Copy(wrappedlch, rch)
-			quit <- "rch"
-		}(quit)
-
-		go func(quit chan string) {
-			_, _ = io.Copy(rch, lch)
-			quit <- "lch"
-		}(quit)
+		switch sessConfig.LoggingMode {
+		case "input":
+			wrappedrch := logchannel.New(rch, logWriter)
+			go func(quit chan string) {
+				_, _ = io.Copy(lch, rch)
+				quit <- "rch"
+			}(quit)
+			go func(quit chan string) {
+				_, _ = io.Copy(wrappedrch, lch)
+				quit <- "lch"
+			}(quit)
+		default: // everything, disabled
+			wrappedlch := logchannel.New(lch, logWriter)
+			go func(quit chan string) {
+				_, _ = io.Copy(wrappedlch, rch)
+				quit <- "rch"
+			}(quit)
+			go func(quit chan string) {
+				_, _ = io.Copy(rch, lch)
+				quit <- "lch"
+			}(quit)
+		}
 	}
 	if channeltype == "direct-tcpip" {
 		d := logTunnelForwardData{}
 		if err := gossh.Unmarshal(newChan.ExtraData(), &d); err != nil {
 			return err
 		}
-		wrappedlch := newLogTunnel(lch, f, d.SourceHost)
-		wrappedrch := newLogTunnel(rch, f, d.DestinationHost)
+		wrappedlch := newLogTunnel(lch, logWriter, d.SourceHost)
+		wrappedrch := newLogTunnel(rch, logWriter, d.DestinationHost)
 		go func(quit chan string) {
 			_, _ = io.Copy(wrappedlch, rch)
 			quit <- "rch"
@@ -171,7 +189,7 @@ func pipe(lreqs, rreqs <-chan *gossh.Request, lch, rch gossh.Channel, logsLocati
 		for req := range lreqs {
 			b, err := rch.SendRequest(req.Type, req.WantReply, req.Payload)
 			if req.Type == "exec" {
-				wrappedlch := logchannel.New(lch, f)
+				wrappedlch := logchannel.New(lch, logWriter)
 				command := append(req.Payload, []byte("\n")...)
 				if _, err := wrappedlch.LogWrite(command); err != nil {
 					log.Printf("failed to write log: %v", err)
@@ -234,3 +252,13 @@ func pipe(lreqs, rreqs <-chan *gossh.Request, lch, rch gossh.Channel, logsLocati
 		}
 	}
 }
+
+func newDiscardWriteCloser() io.WriteCloser { return &discardWriteCloser{ioutil.Discard} }
+
+type discardWriteCloser struct {
+	io.Writer
+}
+
+func (discardWriteCloser) Close() error {
+	return nil
+}
--- a/pkg/bastion/shell.go
+++ b/pkg/bastion/shell.go
@@ -90,17 +90,31 @@ GLOBAL OPTIONS:
 						cli.StringFlag{Name: "comment", Usage: "Adds a comment"},
 						cli.StringFlag{Name: "action", Usage: "Assigns the ACL action (allow,deny)", Value: string(dbmodels.ACLActionAllow)},
 						cli.UintFlag{Name: "weight, w", Usage: "Assigns the ACL weight (priority)"},
+						cli.StringFlag{Name: "inception, i", Usage: "Assigns inception date-time"},
+						cli.StringFlag{Name: "expiration, e", Usage: "Assigns expiration date-time"},
 					},
 					Action: func(c *cli.Context) error {
 						if err := myself.CheckRoles([]string{"admin"}); err != nil {
 							return err
 						}
+
+						inception, err := parseOptionalTime(c.String("inception"))
+						if err != nil {
+							return err
+						}
+						expiration, err := parseOptionalTime(c.String("expiration"))
+						if err != nil {
+							return err
+						}
+
 						acl := dbmodels.ACL{
 							Comment:     c.String("comment"),
 							HostPattern: c.String("pattern"),
 							UserGroups:  []*dbmodels.UserGroup{},
 							HostGroups:  []*dbmodels.HostGroup{},
 							Weight:      c.Uint("weight"),
+							Inception:   inception,
+							Expiration:  expiration,
 							Action:      c.String("action"),
 						}
 						if acl.Action != string(dbmodels.ACLActionAllow) && acl.Action != string(dbmodels.ACLActionDeny) {
@@ -186,7 +200,7 @@ GLOBAL OPTIONS:
 						}

 						table := tablewriter.NewWriter(s)
-						table.SetHeader([]string{"ID", "Weight", "User groups", "Host groups", "Host pattern", "Action", "Updated", "Created", "Comment"})
+						table.SetHeader([]string{"ID", "Weight", "User groups", "Host groups", "Host pattern", "Action", "Inception", "Expiration", "Updated", "Created", "Comment"})
 						table.SetBorder(false)
 						table.SetCaption(true, fmt.Sprintf("Total: %d ACLs.", len(acls)))
 						for _, acl := range acls {
@@ -199,6 +213,15 @@ GLOBAL OPTIONS:
 								hostGroups = append(hostGroups, entity.Name)
 							}

+							inception := ""
+							if acl.Inception != nil {
+								inception = acl.Inception.Format("2006-01-02 15:04 MST")
+							}
+							expiration := ""
+							if acl.Expiration != nil {
+								expiration = acl.Expiration.Format("2006-01-02 15:04 MST")
+							}
+
 							table.Append([]string{
 								fmt.Sprintf("%d", acl.ID),
 								fmt.Sprintf("%d", acl.Weight),
@@ -206,6 +229,8 @@ GLOBAL OPTIONS:
 								strings.Join(hostGroups, ", "),
 								acl.HostPattern,
 								acl.Action,
+								inception,
+								expiration,
 								humanize.Time(acl.UpdatedAt),
 								humanize.Time(acl.CreatedAt),
 								acl.Comment,
@@ -236,6 +261,10 @@ GLOBAL OPTIONS:
 						cli.StringFlag{Name: "action, a", Usage: "Update action"},
 						cli.StringFlag{Name: "pattern, p", Usage: "Update host-pattern"},
 						cli.UintFlag{Name: "weight, w", Usage: "Update weight"},
+						cli.StringFlag{Name: "inception, i", Usage: "Update inception date-time"},
+						cli.BoolFlag{Name: "unset-inception", Usage: "Unset inception date-time"},
+						cli.BoolFlag{Name: "unset-expiration", Usage: "Unset expiration date-time"},
+						cli.StringFlag{Name: "expiration, e", Usage: "Update expiration date-time"},
 						cli.StringFlag{Name: "comment, c", Usage: "Update comment"},
 						cli.StringSliceFlag{Name: "assign-usergroup, ug", Usage: "Assign the ACL to new `USERGROUPS`"},
 						cli.StringSliceFlag{Name: "unassign-usergroup", Usage: "Unassign the ACL from `USERGROUPS`"},
@@ -258,10 +287,21 @@ GLOBAL OPTIONS:
 						tx := db.Begin()
 						for _, acl := range acls {
 							model := tx.Model(acl)
+							inception, err := parseOptionalTime(c.String("inception"))
+							if err != nil {
+								return err
+							}
+							expiration, err := parseOptionalTime(c.String("expiration"))
+							if err != nil {
+								return err
+							}
+
 							update := dbmodels.ACL{
 								Action:      c.String("action"),
 								HostPattern: c.String("pattern"),
 								Weight:      c.Uint("weight"),
+								Inception:   inception,
+								Expiration:  expiration,
 								Comment:     c.String("comment"),
 							}
 							if err := model.Updates(update).Error; err != nil {
@@ -269,6 +309,19 @@ GLOBAL OPTIONS:
 								return err
 							}

+							if c.Bool("unset-inception") {
+								if err := model.Update("inception", nil).Error; err != nil {
+									tx.Rollback()
+									return err
+								}
+							}
+							if c.Bool("unset-expiration") {
+								if err := model.Update("expiration", nil).Error; err != nil {
+									tx.Rollback()
+									return err
+								}
+							}
+
 							// associations
 							var appendUserGroups []dbmodels.UserGroup
 							var deleteUserGroups []dbmodels.UserGroup
@@ -672,6 +725,7 @@ GLOBAL OPTIONS:
 						cli.StringFlag{Name: "comment, c"},
 						cli.StringFlag{Name: "key, k", Usage: "`KEY` to use for authentication"},
 						cli.StringFlag{Name: "hop, o", Usage: "Hop to use for connecting to the server"},
+						cli.StringFlag{Name: "logging, l", Usage: "Logging mode (disabled, input, everything)"},
 						cli.StringSliceFlag{Name: "group, g", Usage: "Assigns the host to `HOSTGROUPS` (default: \"default\")"},
 					},
 					Action: func(c *cli.Context) error {
@@ -714,6 +768,11 @@ GLOBAL OPTIONS:
 						if c.String("name") != "" {
 							host.Name = c.String("name")
 						}
+
+						host.Logging = "everything" // default is everything
+						if c.String("logging") != "" {
+							host.Logging = c.String("logging")
+						}
 						// FIXME: check if name already exists

 						if _, err := govalidator.ValidateStruct(host); err != nil {
@@ -819,7 +878,7 @@ GLOBAL OPTIONS:
 						}

 						table := tablewriter.NewWriter(s)
-						table.SetHeader([]string{"ID", "Name", "URL", "Key", "Groups", "Updated", "Created", "Comment", "Hop"})
+						table.SetHeader([]string{"ID", "Name", "URL", "Key", "Groups", "Updated", "Created", "Comment", "Hop", "Logging"})
 						table.SetBorder(false)
 						table.SetCaption(true, fmt.Sprintf("Total: %d hosts.", len(hosts)))
 						for _, host := range hosts {
@@ -851,6 +910,7 @@ GLOBAL OPTIONS:
 								humanize.Time(host.CreatedAt),
 								host.Comment,
 								hop,
+								host.Logging,
 								//FIXME: add some stats about last access time etc
 							})
 						}
@@ -882,6 +942,7 @@ GLOBAL OPTIONS:
 						cli.StringFlag{Name: "comment, c", Usage: "Update/set a host comment"},
 						cli.StringFlag{Name: "key, k", Usage: "Link a `KEY` to use for authentication"},
 						cli.StringFlag{Name: "hop, o", Usage: "Change the hop to use for connecting to the server"},
+						cli.StringFlag{Name: "logging, l", Usage: "Logging mode (disabled, input, everything)"},
 						cli.BoolFlag{Name: "unset-hop", Usage: "Remove the hop set for this host"},
 						cli.StringSliceFlag{Name: "assign-group, g", Usage: "Assign the host to a new `HOSTGROUPS`"},
 						cli.StringSliceFlag{Name: "unassign-group", Usage: "Unassign the host from a `HOSTGROUPS`"},
@@ -944,6 +1005,17 @@ GLOBAL OPTIONS:
 								}
 							}

+							// logging
+							if logging := c.String("logging"); logging != "" {
+								if !dbmodels.IsValidHostLoggingMode(logging) {
+									return fmt.Errorf("invalid host logging mode: %q", logging)
+								}
+								if err := model.Update("logging", logging).Error; err != nil {
+									tx.Rollback()
+									return err
+								}
+							}
+
 							// remove the hop
 							if c.Bool("unset-hop") {
 								var hopHost dbmodels.Host
@@ -2243,3 +2315,14 @@ func parseInputURL(input string) (*url.URL, error) {
 	}
 	return u, nil
 }
+
+func parseOptionalTime(input string) (*time.Time, error) {
+	if input != "" {
+		parsed, err := time.ParseInLocation("2006-01-02 15:04", input, time.Local)
+		if err != nil {
+			return nil, err
+		}
+		return &parsed, nil
+	}
+	return nil, nil
+}
--- a/pkg/bastion/ssh.go
+++ b/pkg/bastion/ssh.go
@@ -122,7 +122,8 @@ func ChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.NewCh
 				sessionConfigs = append([]sessionConfig{{
 					Addr:         currentHost.DialAddr(),
 					ClientConfig: clientConfig,
-					Logs:         actx.logsLocation,
+					LogsLocation: actx.logsLocation,
+					LoggingMode:  currentHost.Logging,
 				}}, sessionConfigs...)
 				if currentHost.HopID != 0 {
 					var newHost dbmodels.Host
--- a/pkg/dbmodels/dbmodels.go
+++ b/pkg/dbmodels/dbmodels.go
@@ -38,12 +38,12 @@ type Setting struct {
 type SSHKey struct {
 	// FIXME: use uuid for ID
 	gorm.Model
-	Name        string  `valid:"required,length(1|32),unix_user"`
+	Name        string  `valid:"required,length(1|255),unix_user"`
 	Type        string  `valid:"required"`
 	Length      uint    `valid:"required"`
 	Fingerprint string  `valid:"optional"`
-	PrivKey     string  `sql:"size:10000" valid:"required"`
-	PubKey      string  `sql:"size:10000" valid:"optional"`
+	PrivKey     string  `sql:"size:5000" valid:"required"`
+	PubKey      string  `sql:"size:1000" valid:"optional"`
 	Hosts       []*Host `gorm:"ForeignKey:SSHKeyID"`
 	Comment     string  `valid:"optional"`
 }
@@ -51,16 +51,17 @@ type SSHKey struct {
 type Host struct {
 	// FIXME: use uuid for ID
 	gorm.Model
-	Name     string       `gorm:"size:32" valid:"required,length(1|32)"`
+	Name     string       `gorm:"size:255" valid:"required,length(1|255)"`
 	Addr     string       `valid:"optional"` // FIXME: to be removed in a future version in favor of URL
 	User     string       `valid:"optional"` // FIXME: to be removed in a future version in favor of URL
 	Password string       `valid:"optional"` // FIXME: to be removed in a future version in favor of URL
 	URL      string       `valid:"optional"`
 	SSHKey   *SSHKey      `gorm:"ForeignKey:SSHKeyID"` // SSHKey used to connect by the client
 	SSHKeyID uint         `gorm:"index"`
-	HostKey  []byte       `sql:"size:10000" valid:"optional"`
+	HostKey  []byte       `sql:"size:1000" valid:"optional"`
 	Groups   []*HostGroup `gorm:"many2many:host_host_groups;"`
 	Comment  string       `valid:"optional"`
+	Logging  string       `valid:"optional,host_logging_mode"`
 	Hop      *Host
 	HopID    uint
 }
@@ -68,8 +69,8 @@ type Host struct {
 // UserKey defines a user public key used by sshportal to identify the user
 type UserKey struct {
 	gorm.Model
-	Key           []byte `sql:"size:10000" valid:"length(1|10000)"`
-	AuthorizedKey string `sql:"size:10000" valid:"required,length(1|10000)"`
+	Key           []byte `sql:"size:1000" valid:"length(1|1000)"`
+	AuthorizedKey string `sql:"size:1000" valid:"required,length(1|1000)"`
 	UserID        uint   ``
 	User          *User  `gorm:"ForeignKey:UserID"`
 	Comment       string `valid:"optional"`
@@ -77,7 +78,7 @@ type UserKey struct {

 type UserRole struct {
 	gorm.Model
-	Name  string  `valid:"required,length(1|32),unix_user"`
+	Name  string  `valid:"required,length(1|255),unix_user"`
 	Users []*User `gorm:"many2many:user_user_roles"`
 }

@@ -86,7 +87,7 @@ type User struct {
 	gorm.Model
 	Roles       []*UserRole  `gorm:"many2many:user_user_roles"`
 	Email       string       `valid:"required,email"`
-	Name        string       `valid:"required,length(1|32),unix_user"`
+	Name        string       `valid:"required,length(1|255),unix_user"`
 	Keys        []*UserKey   `gorm:"ForeignKey:UserID"`
 	Groups      []*UserGroup `gorm:"many2many:user_user_groups;"`
 	Comment     string       `valid:"optional"`
@@ -95,7 +96,7 @@ type User struct {

 type UserGroup struct {
 	gorm.Model
-	Name    string  `valid:"required,length(1|32),unix_user"`
+	Name    string  `valid:"required,length(1|255),unix_user"`
 	Users   []*User `gorm:"many2many:user_user_groups;"`
 	ACLs    []*ACL  `gorm:"many2many:user_group_acls;"`
 	Comment string  `valid:"optional"`
@@ -103,7 +104,7 @@ type UserGroup struct {

 type HostGroup struct {
 	gorm.Model
-	Name    string  `valid:"required,length(1|32),unix_user"`
+	Name    string  `valid:"required,length(1|255),unix_user"`
 	Hosts   []*Host `gorm:"many2many:host_host_groups;"`
 	ACLs    []*ACL  `gorm:"many2many:host_group_acls;"`
 	Comment string  `valid:"optional"`
@@ -117,6 +118,8 @@ type ACL struct {
 	Action      string       `valid:"required"`
 	Weight      uint         ``
 	Comment     string       `valid:"optional"`
+	Inception   *time.Time
+	Expiration  *time.Time
 }

 type Session struct {
--- a/pkg/dbmodels/validator.go
+++ b/pkg/dbmodels/validator.go
@@ -16,4 +16,18 @@ func InitValidator() {
 		}
 		return unixUserRegexp.MatchString(name)
 	}))
+	govalidator.CustomTypeTagMap.Set("host_logging_mode", govalidator.CustomTypeValidator(func(i interface{}, context interface{}) bool {
+		name, ok := i.(string)
+		if !ok {
+			return false
+		}
+		if name == "" {
+			return true
+		}
+		return IsValidHostLoggingMode(name)
+	}))
+}
+
+func IsValidHostLoggingMode(name string) bool {
+	return name == "disabled" || name == "input" || name == "everything"
 }
--- a/rules.mk
+++ b/rules.mk
@@ -30,6 +30,7 @@ all: help
 ##

 rwildcard = $(foreach d,$(wildcard $1*),$(call rwildcard,$d/,$2) $(filter $(subst *,%,$2),$d))
+check-program = $(foreach exec,$(1),$(if $(shell PATH="$(PATH)" which $(exec)),,$(error "No $(exec) in PATH")))

 ##
 ## rules.mk
@@ -72,18 +73,31 @@ GO_INSTALL_OPTS ?=
 GO_TEST_OPTS ?= -test.timeout=30s
 GOMOD_DIR ?= .
 GOCOVERAGE_FILE ?= ./coverage.txt
+GOTESTJSON_FILE ?= ./go-test.json
+GOBUILDLOG_FILE ?= ./go-build.log
+GOINSTALLLOG_FILE ?= ./go-install.log

 ifdef GOBINS
 .PHONY: go.install
 go.install:
+ifeq ($(CI),true)
+	@rm -f /tmp/goinstall.log
+	@set -e; for dir in $(GOBINS); do ( set -xe; \
+	  cd $$dir; \
+	  $(GO) install -v $(GO_INSTALL_OPTS) .; \
+	); done 2>&1 | tee $(GOINSTALLLOG_FILE)
+
+else
 	@set -e; for dir in $(GOBINS); do ( set -xe; \
 	  cd $$dir; \
 	  $(GO) install $(GO_INSTALL_OPTS) .; \
 	); done
+endif
 INSTALL_STEPS += go.install

 .PHONY: go.release
 go.release:
+	$(call check-program, goreleaser)
 	goreleaser --snapshot --skip-publish --rm-dist
 	@echo -n "Do you want to release? [y/N] " && read ans && \
 	  if [ $${ans:-N} = y ]; then set -xe; goreleaser --rm-dist; fi
@@ -92,15 +106,29 @@ endif

 .PHONY: go.unittest
 go.unittest:
+ifeq ($(CI),true)
+	@echo "mode: atomic" > /tmp/gocoverage
+	@rm -f $(GOTESTJSON_FILE)
+	@set -e; for dir in `find $(GOMOD_DIR) -type f -name "go.mod" | grep -v /vendor/ | sed 's@/[^/]*$$@@' | sort | uniq`; do (set -e; (set -euf pipefail; \
+	    cd $$dir; \
+	    ($(GO) test ./... $(GO_TEST_OPTS) -cover -coverprofile=/tmp/profile.out -covermode=atomic -race -json | tee -a $(GOTESTJSON_FILE) 3>&1 1>&2 2>&3 | tee -a $(GOBUILDLOG_FILE); \
+	  ); \
+	  if [ -f /tmp/profile.out ]; then \
+	    cat /tmp/profile.out | sed "/mode: atomic/d" >> /tmp/gocoverage; \
+	    rm -f /tmp/profile.out; \
+	  fi)); done
+	@mv /tmp/gocoverage $(GOCOVERAGE_FILE)
+else
 	@echo "mode: atomic" > /tmp/gocoverage
 	@set -e; for dir in `find $(GOMOD_DIR) -type f -name "go.mod" | grep -v /vendor/ | sed 's@/[^/]*$$@@' | sort | uniq`; do (set -e; (set -xe; \
 	  cd $$dir; \
-	  $(GO) test $(GO_TEST_OPTS) -cover -coverprofile=/tmp/profile.out -covermode=atomic -race ./...); \
+	  $(GO) test ./... $(GO_TEST_OPTS) -cover -coverprofile=/tmp/profile.out -covermode=atomic -race); \
 	  if [ -f /tmp/profile.out ]; then \
 	    cat /tmp/profile.out | sed "/mode: atomic/d" >> /tmp/gocoverage; \
 	    rm -f /tmp/profile.out; \
 	  fi); done
 	@mv /tmp/gocoverage $(GOCOVERAGE_FILE)
+endif

 .PHONY: go.checkdoc
 go.checkdoc:
@@ -154,6 +182,20 @@ UNITTEST_STEPS += go.unittest
 FMT_STEPS += go.fmt
 endif

+##
+## Gitattributes
+##
+
+ifneq ($(wildcard .gitattributes),)
+.PHONY: _linguist-ignored
+_linguist-kept:
+	@git check-attr linguist-vendored $(shell git check-attr linguist-generated $(shell find . -type f | grep -v .git/) | grep unspecified | cut -d: -f1) | grep unspecified | cut -d: -f1 | sort
+
+.PHONY: _linguist-kept
+_linguist-ignored:
+	@git check-attr linguist-vendored linguist-ignored `find . -not -path './.git/*' -type f` | grep '\ set$$' | cut -d: -f1 | sort -u
+endif
+
 ##
 ## Node
 ##
@@ -198,6 +240,7 @@ ifdef DOCKER_IMAGE
 ifneq ($(DOCKER_IMAGE),none)
 .PHONY: docker.build
 docker.build:
+	$(call check-program, docker)
 	$(call docker_build,$(DOCKERFILE_PATH),$(DOCKER_IMAGE))

 BUILD_STEPS += docker.build
Author	SHA1	Message	Date
Manfred Touron	4c947ce391	Merge pull request #204 from GreyOBox/increase-size-of-name-fields fix: increase size of name fields	2020-08-19 18:27:33 +02:00
Sergey Yashchuk	44559f0547	fix: increase size of name fields	2020-08-19 18:23:36 +02:00
Manfred Touron	8234119cd4	Merge pull request #197 from moul/renovate/all chore(deps): update golang.org/x/crypto commit hash to 123391f	2020-08-10 18:22:45 +02:00
Manfred Touron	7a75c13ac4	Merge pull request #200 from moul/renovate/docker-all chore(deps): update all docker tags to v1.14.7	2020-08-10 18:22:15 +02:00
Manfred Touron	4b10131790	Merge pull request #201 from moul/imgbot [ImgBot] Optimize images	2020-08-09 17:14:22 +02:00
Manfred Touron	a29c6e8338	chore: add intro image	2020-08-09 00:30:36 +02:00
ImgBotApp	198e0717b5	[ImgBot] Optimize images *Total -- 887.71kb -> 587.48kb (33.82%) /.assets/bastion.jpg -- 503.44kb -> 249.40kb (50.46%) /.assets/flow-diagram.png -- 104.11kb -> 79.45kb (23.69%) /.assets/overview.png -- 32.65kb -> 26.50kb (18.82%) /.assets/cluster-mysql.svg -- 8.50kb -> 7.08kb (16.74%) /.assets/overview.svg -- 9.23kb -> 8.03kb (13.03%) /.assets/flow-diagram.svg -- 13.85kb -> 12.39kb (10.51%) /.assets/sql-schema.svg -- 36.89kb -> 33.99kb (7.85%) /.assets/demo.gif -- 179.03kb -> 170.63kb (4.69%) Signed-off-by: ImgBotApp <ImgBotHelp@gmail.com>	2020-08-08 22:28:50 +00:00
Manfred Touron	d8fa2f6925	Add files via upload	2020-08-09 00:28:34 +02:00
Renovate Bot	16c8c0092e	chore(deps): update all docker tags to v1.14.7	2020-08-08 00:28:27 +00:00
Renovate Bot	b0dfff2d90	chore(deps): update golang.org/x/crypto commit hash to 123391f	2020-07-28 20:38:36 +00:00
Manfred Touron	9d2badf253	Merge pull request #196 from moul/dev/moul/pr-194	2020-07-23 18:55:42 +02:00
Konstantin Bakaras	428344da17	feat: MySQL, Postgres support Signed-off-by: Manfred Touron <94029+moul@users.noreply.github.com>	2020-07-23 18:50:42 +02:00
Konstantin Bakaras	0c07ac790a	feat: ACL Check with inception and expiration Signed-off-by: Manfred Touron <94029+moul@users.noreply.github.com>	2020-07-23 18:50:35 +02:00
Konstantin Bakaras	365a37959a	chore: Model and edit Signed-off-by: Manfred Touron <94029+moul@users.noreply.github.com>	2020-07-23 18:50:35 +02:00
Manfred Touron	90fd6057cf	Merge pull request #193 from moul/renovate/docker-all chore(deps): update all docker tags to v1.14.6	2020-07-23 18:24:07 +02:00
Manfred Touron	4220f3fb89	Merge pull request #190 from moul/renovate/all chore(deps): update all	2020-07-23 17:22:27 +02:00
Renovate Bot	3e2acfc992	chore(deps): update all	2020-07-20 06:19:00 +00:00
Renovate Bot	9c464b2610	chore(deps): update all docker tags to v1.14.6	2020-07-18 00:55:40 +00:00
Manfred Touron	5760aece65	Merge pull request #192 from moul/dev/moul/maintenance chore: repo maintenance 🤖	2020-07-12 14:08:51 +02:00
moul-bot	a24e20252a	chore: repo maintenance 🤖 more details: https://github.com/moul/repoman Signed-off-by: moul-bot <bot@moul.io>	2020-07-12 14:04:09 +02:00
Manfred Touron	37a7fa1917	Merge pull request #189 from moul/renovate/all chore(deps): update all	2020-07-09 17:47:46 +02:00
Renovate Bot	f1b28b0363	chore(deps): update all	2020-07-08 08:14:45 +00:00
Manfred Touron	e43bb55e70	Merge pull request #188 from moul/dev/moul/fix-166	2020-07-08 10:12:52 +02:00
Manfred Touron	763ced7524	feat: host logging modes (disabled, commands, everything) Signed-off-by: Manfred Touron <94029+moul@users.noreply.github.com>	2020-07-04 22:16:46 +02:00
Manfred Touron	54128beb12	chore: point CHANGELOG.md to releases page Signed-off-by: Manfred Touron <94029+moul@users.noreply.github.com>	2020-07-04 21:53:26 +02:00
Manfred Touron	64ba179cc7	chore: add .gitattributes Signed-off-by: Manfred Touron <94029+moul@users.noreply.github.com>	2020-07-04 21:53:26 +02:00
Manfred Touron	bbdb4851a5	Merge pull request #187 from moul/dev/moul/maintenance chore: repo maintenance 🤖	2020-07-04 01:59:48 +02:00
moul-bot	63719ec00e	chore: repo maintenance 🤖 more details: https://github.com/moul/repoman Signed-off-by: moul-bot <bot@moul.io>	2020-07-02 00:41:50 +02:00
Manfred Touron	0722497336	Update README.md	2020-07-01 14:51:57 +02:00