LFS: make HTTP auth period configurable (#4035)

* LFS: make HTTP auth period configurable

* Formatting: Removed semicolon

Due to automated fmt-check failure (drone.gitea.io)

* applying code reviews

* Applied code review comment: Change HTTPAuthExpiry to time.Duration

* Updated config cheat sheet
tokarchuk/v1.17
Inon S 7 years ago committed by Lunny Xiao
parent 832ca509d3
commit 15f6ec9632
  1. 2
      cmd/serv.go
  2. 2
      custom/conf/app.ini.sample
  3. 1
      docs/content/doc/advanced/config-cheat-sheet.en-us.md
  4. 12
      modules/setting/setting.go

@ -268,7 +268,7 @@ func runServ(c *cli.Context) error {
claims := jwt.MapClaims{ claims := jwt.MapClaims{
"repo": repo.ID, "repo": repo.ID,
"op": lfsVerb, "op": lfsVerb,
"exp": now.Add(5 * time.Minute).Unix(), "exp": now.Add(setting.LFS.HTTPAuthExpiry).Unix(),
"nbf": now.Unix(), "nbf": now.Unix(),
} }
if user != nil { if user != nil {

@ -189,6 +189,8 @@ LFS_START_SERVER = false
LFS_CONTENT_PATH = data/lfs LFS_CONTENT_PATH = data/lfs
; LFS authentication secret, change this yourself ; LFS authentication secret, change this yourself
LFS_JWT_SECRET = LFS_JWT_SECRET =
; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
LFS_HTTP_AUTH_EXPIRY = 20m
; Define allowed algorithms and their minimum key length (use -1 to disable a type) ; Define allowed algorithms and their minimum key length (use -1 to disable a type)
[ssh.minimum_key_sizes] [ssh.minimum_key_sizes]

@ -115,6 +115,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
- `LFS_START_SERVER`: **false**: Enables git-lfs support. - `LFS_START_SERVER`: **false**: Enables git-lfs support.
- `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files. - `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files.
- `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string. - `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
- `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail.
- `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, redirects http requests - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, redirects http requests
on another (https) port. on another (https) port.
- `PORT_TO_REDIRECT`: **80**: Port used when `REDIRECT_OTHER_PORT` is true. - `PORT_TO_REDIRECT`: **80**: Port used when `REDIRECT_OTHER_PORT` is true.

@ -136,10 +136,11 @@ var (
} }
LFS struct { LFS struct {
StartServer bool `ini:"LFS_START_SERVER"` StartServer bool `ini:"LFS_START_SERVER"`
ContentPath string `ini:"LFS_CONTENT_PATH"` ContentPath string `ini:"LFS_CONTENT_PATH"`
JWTSecretBase64 string `ini:"LFS_JWT_SECRET"` JWTSecretBase64 string `ini:"LFS_JWT_SECRET"`
JWTSecretBytes []byte `ini:"-"` JWTSecretBytes []byte `ini:"-"`
HTTPAuthExpiry time.Duration `ini:"LFS_HTTP_AUTH_EXPIRY"`
} }
// Security settings // Security settings
@ -828,6 +829,9 @@ func NewContext() {
LFS.ContentPath = filepath.Join(AppWorkPath, LFS.ContentPath) LFS.ContentPath = filepath.Join(AppWorkPath, LFS.ContentPath)
} }
sec = Cfg.Section("LFS")
LFS.HTTPAuthExpiry = sec.Key("LFS_HTTP_AUTH_EXPIRY").MustDuration(20 * time.Minute)
if LFS.StartServer { if LFS.StartServer {
if err := os.MkdirAll(LFS.ContentPath, 0700); err != nil { if err := os.MkdirAll(LFS.ContentPath, 0700); err != nil {

Loading…
Cancel
Save