LFS: make HTTP auth period configurable (#4035)
* LFS: make HTTP auth period configurable * Formatting: Removed semicolon Due to automated fmt-check failure (drone.gitea.io) * applying code reviews * Applied code review comment: Change HTTPAuthExpiry to time.Duration * Updated config cheat sheet
This commit is contained in:
parent
832ca509d3
commit
15f6ec9632
4 changed files with 12 additions and 5 deletions
|
@ -268,7 +268,7 @@ func runServ(c *cli.Context) error {
|
||||||
claims := jwt.MapClaims{
|
claims := jwt.MapClaims{
|
||||||
"repo": repo.ID,
|
"repo": repo.ID,
|
||||||
"op": lfsVerb,
|
"op": lfsVerb,
|
||||||
"exp": now.Add(5 * time.Minute).Unix(),
|
"exp": now.Add(setting.LFS.HTTPAuthExpiry).Unix(),
|
||||||
"nbf": now.Unix(),
|
"nbf": now.Unix(),
|
||||||
}
|
}
|
||||||
if user != nil {
|
if user != nil {
|
||||||
|
|
|
@ -189,6 +189,8 @@ LFS_START_SERVER = false
|
||||||
LFS_CONTENT_PATH = data/lfs
|
LFS_CONTENT_PATH = data/lfs
|
||||||
; LFS authentication secret, change this yourself
|
; LFS authentication secret, change this yourself
|
||||||
LFS_JWT_SECRET =
|
LFS_JWT_SECRET =
|
||||||
|
; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
|
||||||
|
LFS_HTTP_AUTH_EXPIRY = 20m
|
||||||
|
|
||||||
; Define allowed algorithms and their minimum key length (use -1 to disable a type)
|
; Define allowed algorithms and their minimum key length (use -1 to disable a type)
|
||||||
[ssh.minimum_key_sizes]
|
[ssh.minimum_key_sizes]
|
||||||
|
|
|
@ -115,6 +115,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
|
||||||
- `LFS_START_SERVER`: **false**: Enables git-lfs support.
|
- `LFS_START_SERVER`: **false**: Enables git-lfs support.
|
||||||
- `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files.
|
- `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files.
|
||||||
- `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
|
- `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
|
||||||
|
- `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail.
|
||||||
- `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, redirects http requests
|
- `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, redirects http requests
|
||||||
on another (https) port.
|
on another (https) port.
|
||||||
- `PORT_TO_REDIRECT`: **80**: Port used when `REDIRECT_OTHER_PORT` is true.
|
- `PORT_TO_REDIRECT`: **80**: Port used when `REDIRECT_OTHER_PORT` is true.
|
||||||
|
|
|
@ -140,6 +140,7 @@ var (
|
||||||
ContentPath string `ini:"LFS_CONTENT_PATH"`
|
ContentPath string `ini:"LFS_CONTENT_PATH"`
|
||||||
JWTSecretBase64 string `ini:"LFS_JWT_SECRET"`
|
JWTSecretBase64 string `ini:"LFS_JWT_SECRET"`
|
||||||
JWTSecretBytes []byte `ini:"-"`
|
JWTSecretBytes []byte `ini:"-"`
|
||||||
|
HTTPAuthExpiry time.Duration `ini:"LFS_HTTP_AUTH_EXPIRY"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Security settings
|
// Security settings
|
||||||
|
@ -828,6 +829,9 @@ func NewContext() {
|
||||||
LFS.ContentPath = filepath.Join(AppWorkPath, LFS.ContentPath)
|
LFS.ContentPath = filepath.Join(AppWorkPath, LFS.ContentPath)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sec = Cfg.Section("LFS")
|
||||||
|
LFS.HTTPAuthExpiry = sec.Key("LFS_HTTP_AUTH_EXPIRY").MustDuration(20 * time.Minute)
|
||||||
|
|
||||||
if LFS.StartServer {
|
if LFS.StartServer {
|
||||||
|
|
||||||
if err := os.MkdirAll(LFS.ContentPath, 0700); err != nil {
|
if err := os.MkdirAll(LFS.ContentPath, 0700); err != nil {
|
||||||
|
|
Reference in a new issue