Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LFS: make HTTP auth period configurable #4035

Merged

Conversation

InonS
Copy link
Contributor

@InonS InonS commented May 24, 2018

Authentication period is hard-coded for 5 minutes. For LFS this may be too short, so we made the HTTP auth period configurable.

Inon Sharony and others added 2 commits May 24, 2018 14:14
Due to automated fmt-check failure (drone.gitea.io)
@bkcsoft bkcsoft added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label May 24, 2018
@jonasfranz
Copy link
Member

Please run make fmt.

@InonS
Copy link
Contributor Author

InonS commented May 24, 2018

@JonasFranzDEV I pushed the commit which removes the semicolon, running make fmt changes nothing, but drone keeps referrencing the previous commit. How can we trigger drone ro rerun on this PR?

@@ -115,6 +115,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
- `LFS_START_SERVER`: **false**: Enables git-lfs support.
- `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files.
- `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
- `LFS_HTTP_AUTH_EXPIRY_MINUTES`: **5**: LFS authentication validity period in minutes, pushes taking longer than this may fail.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you also add this to /custom/conf/app.ini.sample

@lafriks
Copy link
Member

lafriks commented May 24, 2018

I think default should be increased to at least 20 minutes or half hour as I think this really does create problems for it being so small

@techknowlogick techknowlogick added the type/enhancement An improvement of existing functionality label May 24, 2018
@techknowlogick techknowlogick added this to the 1.5.0 milestone May 24, 2018
Copy link
Member

@sapk sapk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

time.Duration is a better format for expiry time option.

ContentPath string `ini:"LFS_CONTENT_PATH"`
JWTSecretBase64 string `ini:"LFS_JWT_SECRET"`
JWTSecretBytes []byte `ini:"-"`
HTTPAuthExpiryMinutes int `ini:"LFS_HTTP_AUTH_EXPIRY_MINUTES"`
Copy link
Member

@sapk sapk May 24, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I find more logic and allow more flexible configuration to set this directly as time.Duration you can use mirror option like MIN_INTERVAL as an example and use a more short option name like LFS_HTTP_AUTH_EXPIRY.

@techknowlogick techknowlogick modified the milestones: 1.5.0, 1.6.0 May 27, 2018
@codecov-io
Copy link

codecov-io commented May 27, 2018

Codecov Report

Merging #4035 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #4035   +/-   ##
=======================================
  Coverage   19.97%   19.97%           
=======================================
  Files         153      153           
  Lines       30491    30491           
=======================================
  Hits         6091     6091           
  Misses      23486    23486           
  Partials      914      914

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 832ca50...fa99e1b. Read the comment docs.

@InonS
Copy link
Contributor Author

InonS commented May 27, 2018

@techknowlogick @sapk I've implemented your requests

@bkcsoft bkcsoft added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels May 27, 2018
@lafriks
Copy link
Member

lafriks commented May 27, 2018

I think we should move this to 1.5 as it is quite safe change and should increase stability of LFS

@techknowlogick
Copy link
Member

@lafriks Sounds good. Let me do that. I had just moved it in preparation of release, however I agree that this would be good to get in sooner.

@techknowlogick techknowlogick modified the milestones: 1.6.0, 1.5.0 May 27, 2018
@lafriks
Copy link
Member

lafriks commented May 27, 2018

@sapk need your approval

Copy link
Member

@sapk sapk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code is good. The documentation need to be updated to the new duration format. Near to be merged :-).

@@ -115,6 +115,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
- `LFS_START_SERVER`: **false**: Enables git-lfs support.
- `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files.
- `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
- `LFS_HTTP_AUTH_EXPIRY_MINUTES`: **20**: LFS authentication validity period in minutes, pushes taking longer than this may fail.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The doc isn't updated to new duration format.

@lunny
Copy link
Member

lunny commented May 29, 2018

@InonS maybe you could follow @sapk 's advice

@lunny
Copy link
Member

lunny commented May 29, 2018

@sapk need your approval.

Copy link
Member

@sapk sapk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, for this good PR.

@ohwgiles
Copy link

ohwgiles commented Jun 4, 2018

Why was this line introduced?
ebdab89#diff-60f5fca6d29eafbb30eb645a0cd4041fR832

It separates the new configuration variable from the other LFS_ variables

@InonS
Copy link
Contributor Author

InonS commented Jun 4, 2018

@ohwgiles points out that the config section should, in fact, still be in accordance with the "server" struct, which contains the "LFS" struct. I should just remove the line

sec = Cfg.Section("LFS")

@lafriks @lunny @techknowlogick @appleboy @sapk , would any of you mind doing this directly on master? It doesn't sound like something warranting an entirely new PR.

@sapk
Copy link
Member

sapk commented Jun 4, 2018

@ohwgiles Good catch. Thanks

@InonS It is best to do a PR as it will follow all checks (CI, validation, ...) and keep history of why change has been maid. (And I personally doesn't have push right ^^)

InonS added a commit to L4B-Software/gitea that referenced this pull request Jun 4, 2018
go-gitea#4035 (comment)

@ohwgiles points out that the config section should, in fact, still be in accordance with the "server" struct, which contains the "LFS" struct. I should just remove the line
```
sec = Cfg.Section("LFS")
```
InonS added a commit to L4B-Software/gitea that referenced this pull request Jun 4, 2018
go-gitea#4035 (comment)

@ohwgiles points out that the config section should, in fact, still be in accordance with the "server" struct, which contains the "LFS" struct. I should just remove the line
```
sec = Cfg.Section("LFS")
```
lafriks pushed a commit that referenced this pull request Jun 4, 2018
#4035 (comment)

@ohwgiles points out that the config section should, in fact, still be in accordance with the "server" struct, which contains the "LFS" struct. I should just remove the line
```
sec = Cfg.Section("LFS")
```
@lafriks lafriks added the type/changelog Adds the changelog for a new Gitea version label Jul 3, 2018
aswild added a commit to aswild/gitea that referenced this pull request Jul 6, 2018
* SECURITY
  * Limit uploaded avatar image-size to 4096x3072 by default (go-gitea#4353)
  * Do not allow to reuse TOTP passcode (go-gitea#3878)
* FEATURE
  * Add cli commands to regen hooks & keys (go-gitea#3979)
  * Add support for FIDO U2F (go-gitea#3971)
  * Added user language setting (go-gitea#3875)
  * LDAP Public SSH Keys synchronization (go-gitea#1844)
  * Add topic support (go-gitea#3711)
  * Multiple assignees (go-gitea#3705)
  * Add protected branch whitelists for merging (go-gitea#3689)
  * Global code search support (go-gitea#3664)
  * Add label descriptions (go-gitea#3662)
  * Add issue search via API (go-gitea#3612)
  * Add repository setting to enable/disable health checks (go-gitea#3607)
  * Emoji Autocomplete (go-gitea#3433)
  * Implements generator cli for secrets (go-gitea#3531)
* ENHANCEMENT
  * Add more webhooks support and refactor webhook templates directory (go-gitea#3929)
  * Add new option to allow only OAuth2/OpenID user registration (go-gitea#3910)
  * Add option to use paged LDAP search when synchronizing users (go-gitea#3895)
  * Symlink icons (go-gitea#1416)
  * Improve release page UI (go-gitea#3693)
  * Add admin dashboard option to run health checks (go-gitea#3606)
  * Add branch link in branch list (go-gitea#3576)
  * Reduce sql query times in retrieveFeeds (go-gitea#3547)
  * Option to enable or disable swagger endpoints (go-gitea#3502)
  * Add missing licenses (go-gitea#3497)
  * Reduce repo indexer disk usage (go-gitea#3452)
  * Enable caching on assets and avatars (go-gitea#3376)
  * Add repository search ordered by stars/forks. Forks column in admin repo list (go-gitea#3969)
  * Add Environment Variables to Docker template (go-gitea#4012)
  * LFS: make HTTP auth period configurable (go-gitea#4035)
  * Add config path as an optionial flag when changing pass via CLI (go-gitea#4184)
  * Refactor User Settings sections (go-gitea#3900)
  * Allow square brackets in external issue patterns (go-gitea#3408)
  * Add Attachment API (go-gitea#3478)
  * Add EnableTimetracking option to app settings (go-gitea#3719)
  * Add config option to enable or disable log executed SQL (go-gitea#3726)
  * Shows total tracked time in issue and milestone list (go-gitea#3341)
* TRANSLATION
  * Improve English grammar and consistency (go-gitea#3614)
* DEPLOYMENT
  * Allow Gitea to run as different USER in Docker (go-gitea#3961)
  * Provide compressed release binaries (go-gitea#3991)
  * Sign release binaries (go-gitea#4188)
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
@delvh delvh removed the type/changelog Adds the changelog for a new Gitea version label Oct 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/enhancement An improvement of existing functionality
Projects
None yet
Development

Successfully merging this pull request may close these issues.