-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LFS: make HTTP auth period configurable #4035
LFS: make HTTP auth period configurable #4035
Conversation
Due to automated fmt-check failure (drone.gitea.io)
Please run |
@JonasFranzDEV I pushed the commit which removes the semicolon, running |
@@ -115,6 +115,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. | |||
- `LFS_START_SERVER`: **false**: Enables git-lfs support. | |||
- `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files. | |||
- `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string. | |||
- `LFS_HTTP_AUTH_EXPIRY_MINUTES`: **5**: LFS authentication validity period in minutes, pushes taking longer than this may fail. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you also add this to /custom/conf/app.ini.sample
I think default should be increased to at least 20 minutes or half hour as I think this really does create problems for it being so small |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
time.Duration is a better format for expiry time option.
modules/setting/setting.go
Outdated
ContentPath string `ini:"LFS_CONTENT_PATH"` | ||
JWTSecretBase64 string `ini:"LFS_JWT_SECRET"` | ||
JWTSecretBytes []byte `ini:"-"` | ||
HTTPAuthExpiryMinutes int `ini:"LFS_HTTP_AUTH_EXPIRY_MINUTES"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I find more logic and allow more flexible configuration to set this directly as time.Duration you can use mirror option like MIN_INTERVAL as an example and use a more short option name like LFS_HTTP_AUTH_EXPIRY.
Codecov Report
@@ Coverage Diff @@
## master #4035 +/- ##
=======================================
Coverage 19.97% 19.97%
=======================================
Files 153 153
Lines 30491 30491
=======================================
Hits 6091 6091
Misses 23486 23486
Partials 914 914 Continue to review full report at Codecov.
|
…ithub.com/L4B-Software/gitea into feature/lfs-http-auth-period-configurable
@techknowlogick @sapk I've implemented your requests |
I think we should move this to 1.5 as it is quite safe change and should increase stability of LFS |
@lafriks Sounds good. Let me do that. I had just moved it in preparation of release, however I agree that this would be good to get in sooner. |
@sapk need your approval |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code is good. The documentation need to be updated to the new duration format. Near to be merged :-).
@@ -115,6 +115,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. | |||
- `LFS_START_SERVER`: **false**: Enables git-lfs support. | |||
- `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files. | |||
- `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string. | |||
- `LFS_HTTP_AUTH_EXPIRY_MINUTES`: **20**: LFS authentication validity period in minutes, pushes taking longer than this may fail. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The doc isn't updated to new duration format.
@sapk need your approval. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, for this good PR.
Why was this line introduced? It separates the new configuration variable from the other |
@ohwgiles points out that the config section should, in fact, still be in accordance with the "server" struct, which contains the "LFS" struct. I should just remove the line
@lafriks @lunny @techknowlogick @appleboy @sapk , would any of you mind doing this directly on |
go-gitea#4035 (comment) @ohwgiles points out that the config section should, in fact, still be in accordance with the "server" struct, which contains the "LFS" struct. I should just remove the line ``` sec = Cfg.Section("LFS") ```
go-gitea#4035 (comment) @ohwgiles points out that the config section should, in fact, still be in accordance with the "server" struct, which contains the "LFS" struct. I should just remove the line ``` sec = Cfg.Section("LFS") ```
#4035 (comment) @ohwgiles points out that the config section should, in fact, still be in accordance with the "server" struct, which contains the "LFS" struct. I should just remove the line ``` sec = Cfg.Section("LFS") ```
* SECURITY * Limit uploaded avatar image-size to 4096x3072 by default (go-gitea#4353) * Do not allow to reuse TOTP passcode (go-gitea#3878) * FEATURE * Add cli commands to regen hooks & keys (go-gitea#3979) * Add support for FIDO U2F (go-gitea#3971) * Added user language setting (go-gitea#3875) * LDAP Public SSH Keys synchronization (go-gitea#1844) * Add topic support (go-gitea#3711) * Multiple assignees (go-gitea#3705) * Add protected branch whitelists for merging (go-gitea#3689) * Global code search support (go-gitea#3664) * Add label descriptions (go-gitea#3662) * Add issue search via API (go-gitea#3612) * Add repository setting to enable/disable health checks (go-gitea#3607) * Emoji Autocomplete (go-gitea#3433) * Implements generator cli for secrets (go-gitea#3531) * ENHANCEMENT * Add more webhooks support and refactor webhook templates directory (go-gitea#3929) * Add new option to allow only OAuth2/OpenID user registration (go-gitea#3910) * Add option to use paged LDAP search when synchronizing users (go-gitea#3895) * Symlink icons (go-gitea#1416) * Improve release page UI (go-gitea#3693) * Add admin dashboard option to run health checks (go-gitea#3606) * Add branch link in branch list (go-gitea#3576) * Reduce sql query times in retrieveFeeds (go-gitea#3547) * Option to enable or disable swagger endpoints (go-gitea#3502) * Add missing licenses (go-gitea#3497) * Reduce repo indexer disk usage (go-gitea#3452) * Enable caching on assets and avatars (go-gitea#3376) * Add repository search ordered by stars/forks. Forks column in admin repo list (go-gitea#3969) * Add Environment Variables to Docker template (go-gitea#4012) * LFS: make HTTP auth period configurable (go-gitea#4035) * Add config path as an optionial flag when changing pass via CLI (go-gitea#4184) * Refactor User Settings sections (go-gitea#3900) * Allow square brackets in external issue patterns (go-gitea#3408) * Add Attachment API (go-gitea#3478) * Add EnableTimetracking option to app settings (go-gitea#3719) * Add config option to enable or disable log executed SQL (go-gitea#3726) * Shows total tracked time in issue and milestone list (go-gitea#3341) * TRANSLATION * Improve English grammar and consistency (go-gitea#3614) * DEPLOYMENT * Allow Gitea to run as different USER in Docker (go-gitea#3961) * Provide compressed release binaries (go-gitea#3991) * Sign release binaries (go-gitea#4188)
Authentication period is hard-coded for 5 minutes. For LFS this may be too short, so we made the HTTP auth period configurable.