Browse Source
Add max-file-size to LFS (#10463)
* Add max-file-size to LFS * Update modules/lfs/server.go * As per @silverwind Co-Authored-By: silverwind <me@silverwind.io> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>tags/v1.21.12.1
zeripath
GitHub
5 years ago
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 10 additions and 0 deletions
Unified View
Diff Options
-
+2 -0custom/conf/app.ini.sample
-
+1 -0docs/content/doc/advanced/config-cheat-sheet.en-us.md
-
+6 -0modules/lfs/server.go
-
+1 -0modules/setting/setting.go
+ 2
- 0
custom/conf/app.ini.sample
View File
| @@ -311,6 +311,8 @@ LFS_CONTENT_PATH = data/lfs | |||||
| LFS_JWT_SECRET = | LFS_JWT_SECRET = | ||||
| ; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail. | ; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail. | ||||
| LFS_HTTP_AUTH_EXPIRY = 20m | LFS_HTTP_AUTH_EXPIRY = 20m | ||||
| ; Maximum allowed LFS file size in bytes (Set to 0 for no limit). | |||||
| LFS_MAX_FILE_SIZE = 0 | |||||
| ; Allow graceful restarts using SIGHUP to fork | ; Allow graceful restarts using SIGHUP to fork | ||||
| ALLOW_GRACEFUL_RESTARTS = true | ALLOW_GRACEFUL_RESTARTS = true | ||||
| ; After a restart the parent will finish ongoing requests before | ; After a restart the parent will finish ongoing requests before | ||||
+ 1
- 0
docs/content/doc/advanced/config-cheat-sheet.en-us.md
View File
| @@ -192,6 +192,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. | |||||
| - `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files. | - `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files. | ||||
| - `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string. | - `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string. | ||||
| - `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail. | - `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail. | ||||
| - `LFS_MAX_FILE_SIZE`: **0**: Maximum allowed LFS file size in bytes (Set to 0 for no limit). | |||||
| - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, allows redirecting http requests on `PORT_TO_REDIRECT` to the https port Gitea listens on. | - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, allows redirecting http requests on `PORT_TO_REDIRECT` to the https port Gitea listens on. | ||||
| - `PORT_TO_REDIRECT`: **80**: Port for the http redirection service to listen on. Used when `REDIRECT_OTHER_PORT` is true. | - `PORT_TO_REDIRECT`: **80**: Port for the http redirection service to listen on. Used when `REDIRECT_OTHER_PORT` is true. | ||||
| - `ENABLE_LETSENCRYPT`: **false**: If enabled you must set `DOMAIN` to valid internet facing domain (ensure DNS is set and port 80 is accessible by letsencrypt validation server). | - `ENABLE_LETSENCRYPT`: **false**: If enabled you must set `DOMAIN` to valid internet facing domain (ensure DNS is set and port 80 is accessible by letsencrypt validation server). | ||||
+ 6
- 0
modules/lfs/server.go
View File
| @@ -233,6 +233,12 @@ func PostHandler(ctx *context.Context) { | |||||
| return | return | ||||
| } | } | ||||
| if setting.LFS.MaxFileSize > 0 && rv.Size > setting.LFS.MaxFileSize { | |||||
| log.Info("Denied LFS upload of size %d to %s/%s because of LFS_MAX_FILE_SIZE=%d", rv.Size, rv.User, rv.Repo, setting.LFS.MaxFileSize) | |||||
| writeStatus(ctx, 413) | |||||
| return | |||||
| } | |||||
| meta, err := models.NewLFSMetaObject(&models.LFSMetaObject{Oid: rv.Oid, Size: rv.Size, RepositoryID: repository.ID}) | meta, err := models.NewLFSMetaObject(&models.LFSMetaObject{Oid: rv.Oid, Size: rv.Size, RepositoryID: repository.ID}) | ||||
| if err != nil { | if err != nil { | ||||
| writeStatus(ctx, 404) | writeStatus(ctx, 404) | ||||
+ 1
- 0
modules/setting/setting.go
View File
| @@ -140,6 +140,7 @@ var ( | |||||
| JWTSecretBase64 string `ini:"LFS_JWT_SECRET"` | JWTSecretBase64 string `ini:"LFS_JWT_SECRET"` | ||||
| JWTSecretBytes []byte `ini:"-"` | JWTSecretBytes []byte `ini:"-"` | ||||
| HTTPAuthExpiry time.Duration `ini:"LFS_HTTP_AUTH_EXPIRY"` | HTTPAuthExpiry time.Duration `ini:"LFS_HTTP_AUTH_EXPIRY"` | ||||
| MaxFileSize int64 `ini:"LFS_MAX_FILE_SIZE"` | |||||
| } | } | ||||
| // Security settings | // Security settings | ||||