LFS: make HTTP auth period configurable (#4035)
* LFS: make HTTP auth period configurable * Formatting: Removed semicolon Due to automated fmt-check failure (drone.gitea.io) * applying code reviews * Applied code review comment: Change HTTPAuthExpiry to time.Duration * Updated config cheat sheet
This commit is contained in:
parent
832ca509d3
commit
15f6ec9632
4 changed files with 12 additions and 5 deletions
|
@ -268,7 +268,7 @@ func runServ(c *cli.Context) error {
|
|||
claims := jwt.MapClaims{
|
||||
"repo": repo.ID,
|
||||
"op": lfsVerb,
|
||||
"exp": now.Add(5 * time.Minute).Unix(),
|
||||
"exp": now.Add(setting.LFS.HTTPAuthExpiry).Unix(),
|
||||
"nbf": now.Unix(),
|
||||
}
|
||||
if user != nil {
|
||||
|
|
|
@ -189,6 +189,8 @@ LFS_START_SERVER = false
|
|||
LFS_CONTENT_PATH = data/lfs
|
||||
; LFS authentication secret, change this yourself
|
||||
LFS_JWT_SECRET =
|
||||
; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
|
||||
LFS_HTTP_AUTH_EXPIRY = 20m
|
||||
|
||||
; Define allowed algorithms and their minimum key length (use -1 to disable a type)
|
||||
[ssh.minimum_key_sizes]
|
||||
|
|
|
@ -115,6 +115,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
|
|||
- `LFS_START_SERVER`: **false**: Enables git-lfs support.
|
||||
- `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files.
|
||||
- `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
|
||||
- `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail.
|
||||
- `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, redirects http requests
|
||||
on another (https) port.
|
||||
- `PORT_TO_REDIRECT`: **80**: Port used when `REDIRECT_OTHER_PORT` is true.
|
||||
|
|
|
@ -136,10 +136,11 @@ var (
|
|||
}
|
||||
|
||||
LFS struct {
|
||||
StartServer bool `ini:"LFS_START_SERVER"`
|
||||
ContentPath string `ini:"LFS_CONTENT_PATH"`
|
||||
JWTSecretBase64 string `ini:"LFS_JWT_SECRET"`
|
||||
JWTSecretBytes []byte `ini:"-"`
|
||||
StartServer bool `ini:"LFS_START_SERVER"`
|
||||
ContentPath string `ini:"LFS_CONTENT_PATH"`
|
||||
JWTSecretBase64 string `ini:"LFS_JWT_SECRET"`
|
||||
JWTSecretBytes []byte `ini:"-"`
|
||||
HTTPAuthExpiry time.Duration `ini:"LFS_HTTP_AUTH_EXPIRY"`
|
||||
}
|
||||
|
||||
// Security settings
|
||||
|
@ -828,6 +829,9 @@ func NewContext() {
|
|||
LFS.ContentPath = filepath.Join(AppWorkPath, LFS.ContentPath)
|
||||
}
|
||||
|
||||
sec = Cfg.Section("LFS")
|
||||
LFS.HTTPAuthExpiry = sec.Key("LFS_HTTP_AUTH_EXPIRY").MustDuration(20 * time.Minute)
|
||||
|
||||
if LFS.StartServer {
|
||||
|
||||
if err := os.MkdirAll(LFS.ContentPath, 0700); err != nil {
|
||||
|
|
Loading…
Reference in a new issue