diff --git a/cmd/serv.go b/cmd/serv.go index 5d567e6d641e3..990355be98cf6 100644 --- a/cmd/serv.go +++ b/cmd/serv.go @@ -268,7 +268,7 @@ func runServ(c *cli.Context) error { claims := jwt.MapClaims{ "repo": repo.ID, "op": lfsVerb, - "exp": now.Add(5 * time.Minute).Unix(), + "exp": now.Add(setting.LFS.HTTPAuthExpiry).Unix(), "nbf": now.Unix(), } if user != nil { diff --git a/custom/conf/app.ini.sample b/custom/conf/app.ini.sample index 184fa8e8cc031..ef88e5c3277d3 100644 --- a/custom/conf/app.ini.sample +++ b/custom/conf/app.ini.sample @@ -189,6 +189,8 @@ LFS_START_SERVER = false LFS_CONTENT_PATH = data/lfs ; LFS authentication secret, change this yourself LFS_JWT_SECRET = +; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail. +LFS_HTTP_AUTH_EXPIRY = 20m ; Define allowed algorithms and their minimum key length (use -1 to disable a type) [ssh.minimum_key_sizes] diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index 69f588ebe820e..3f8ebea61f860 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -115,6 +115,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. - `LFS_START_SERVER`: **false**: Enables git-lfs support. - `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files. - `LFS_JWT_SECRET`: **\**: LFS authentication secret, change this a unique string. +- `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail. - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, redirects http requests on another (https) port. - `PORT_TO_REDIRECT`: **80**: Port used when `REDIRECT_OTHER_PORT` is true. diff --git a/modules/setting/setting.go b/modules/setting/setting.go index b23a68e3ac1e8..c8add5fd31a5f 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -136,10 +136,11 @@ var ( } LFS struct { - StartServer bool `ini:"LFS_START_SERVER"` - ContentPath string `ini:"LFS_CONTENT_PATH"` - JWTSecretBase64 string `ini:"LFS_JWT_SECRET"` - JWTSecretBytes []byte `ini:"-"` + StartServer bool `ini:"LFS_START_SERVER"` + ContentPath string `ini:"LFS_CONTENT_PATH"` + JWTSecretBase64 string `ini:"LFS_JWT_SECRET"` + JWTSecretBytes []byte `ini:"-"` + HTTPAuthExpiry time.Duration `ini:"LFS_HTTP_AUTH_EXPIRY"` } // Security settings @@ -828,6 +829,9 @@ func NewContext() { LFS.ContentPath = filepath.Join(AppWorkPath, LFS.ContentPath) } + sec = Cfg.Section("LFS") + LFS.HTTPAuthExpiry = sec.Key("LFS_HTTP_AUTH_EXPIRY").MustDuration(20 * time.Minute) + if LFS.StartServer { if err := os.MkdirAll(LFS.ContentPath, 0700); err != nil {