wangwei
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
Browse Source

LFS: make HTTP auth period configurable (#4035) 

* LFS: make HTTP auth period configurable

* Formatting: Removed semicolon

Due to automated fmt-check failure (drone.gitea.io)

* applying code reviews

* Applied code review comment: Change HTTPAuthExpiry to time.Duration

* Updated config cheat sheet
tags/v1.21.12.1
Inon S Lunny Xiao 7 years ago
parent
832ca509d3
commit
15f6ec9632
4 changed files with 12 additions and 5 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      cmd/serv.go
  2. +2
    -0
      custom/conf/app.ini.sample
  3. +1
    -0
      docs/content/doc/advanced/config-cheat-sheet.en-us.md
  4. +8
    -4
      modules/setting/setting.go

+ 1
- 1
cmd/serv.go View File

@@ -268,7 +268,7 @@ func runServ(c *cli.Context) error {
claims := jwt.MapClaims{ claims := jwt.MapClaims{
"repo": repo.ID, "repo": repo.ID,
"op": lfsVerb, "op": lfsVerb,
"exp": now.Add(5 * time.Minute).Unix(),
"exp": now.Add(setting.LFS.HTTPAuthExpiry).Unix(),
"nbf": now.Unix(), "nbf": now.Unix(),
} }
if user != nil { if user != nil {


+ 2
- 0
custom/conf/app.ini.sample View File

@@ -189,6 +189,8 @@ LFS_START_SERVER = false
LFS_CONTENT_PATH = data/lfs LFS_CONTENT_PATH = data/lfs
; LFS authentication secret, change this yourself ; LFS authentication secret, change this yourself
LFS_JWT_SECRET = LFS_JWT_SECRET =
; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
LFS_HTTP_AUTH_EXPIRY = 20m


; Define allowed algorithms and their minimum key length (use -1 to disable a type) ; Define allowed algorithms and their minimum key length (use -1 to disable a type)
[ssh.minimum_key_sizes] [ssh.minimum_key_sizes]


+ 1
- 0
docs/content/doc/advanced/config-cheat-sheet.en-us.md View File

@@ -115,6 +115,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
- `LFS_START_SERVER`: **false**: Enables git-lfs support. - `LFS_START_SERVER`: **false**: Enables git-lfs support.
- `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files. - `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files.
- `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string. - `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
- `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail.
- `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, redirects http requests - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, redirects http requests
on another (https) port. on another (https) port.
- `PORT_TO_REDIRECT`: **80**: Port used when `REDIRECT_OTHER_PORT` is true. - `PORT_TO_REDIRECT`: **80**: Port used when `REDIRECT_OTHER_PORT` is true.


+ 8
- 4
modules/setting/setting.go View File

@@ -136,10 +136,11 @@ var (
} }


LFS struct { LFS struct {
StartServer bool `ini:"LFS_START_SERVER"`
ContentPath string `ini:"LFS_CONTENT_PATH"`
JWTSecretBase64 string `ini:"LFS_JWT_SECRET"`
JWTSecretBytes []byte `ini:"-"`
StartServer bool `ini:"LFS_START_SERVER"`
ContentPath string `ini:"LFS_CONTENT_PATH"`
JWTSecretBase64 string `ini:"LFS_JWT_SECRET"`
JWTSecretBytes []byte `ini:"-"`
HTTPAuthExpiry time.Duration `ini:"LFS_HTTP_AUTH_EXPIRY"`
} }


// Security settings // Security settings
@@ -828,6 +829,9 @@ func NewContext() {
LFS.ContentPath = filepath.Join(AppWorkPath, LFS.ContentPath) LFS.ContentPath = filepath.Join(AppWorkPath, LFS.ContentPath)
} }


sec = Cfg.Section("LFS")
LFS.HTTPAuthExpiry = sec.Key("LFS_HTTP_AUTH_EXPIRY").MustDuration(20 * time.Minute)

if LFS.StartServer { if LFS.StartServer {


if err := os.MkdirAll(LFS.ContentPath, 0700); err != nil { if err := os.MkdirAll(LFS.ContentPath, 0700); err != nil {


Write Preview
Loading…
Cancel
Save