go-gitea · lunny · May 29, 2018 · May 24, 2018 · May 24, 2018 · May 27, 2018
diff --git a/cmd/serv.go b/cmd/serv.go
@@ -268,7 +268,7 @@ func runServ(c *cli.Context) error {
 claims := jwt.MapClaims{
 "repo": repo.ID,
 "op": lfsVerb,
-"exp": now.Add(5 * time.Minute).Unix(),
+"exp": now.Add(time.Duration(setting.LFS.HTTPAuthExpiryMinutes) * time.Minute).Unix(),
 "nbf": now.Unix(),
 }
 if user != nil {

diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -115,6 +115,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `LFS_START_SERVER`: **false**: Enables git-lfs support.
 - `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files.
 - `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
+- `LFS_HTTP_AUTH_EXPIRY_MINUTES`: **5**: LFS authentication validity period in minutes, pushes taking longer than this may fail.
 - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, redirects http requests
  on another (https) port.
 - `PORT_TO_REDIRECT`: **80**: Port used when `REDIRECT_OTHER_PORT` is true.

diff --git a/modules/setting/setting.go b/modules/setting/setting.go
@@ -136,10 +136,11 @@ var (
 }
 
 LFS struct {
-StartServer bool `ini:"LFS_START_SERVER"`
-ContentPath string `ini:"LFS_CONTENT_PATH"`
-JWTSecretBase64 string `ini:"LFS_JWT_SECRET"`
-JWTSecretBytes []byte `ini:"-"`
+StartServer bool `ini:"LFS_START_SERVER"`
+ContentPath string `ini:"LFS_CONTENT_PATH"`
+JWTSecretBase64 string `ini:"LFS_JWT_SECRET"`
+JWTSecretBytes []byte `ini:"-"`
+HTTPAuthExpiryMinutes int `ini:"LFS_HTTP_AUTH_EXPIRY_MINUTES"`
 }
 
 // Security settings
@@ -827,6 +828,7 @@ func NewContext() {
 if !filepath.IsAbs(LFS.ContentPath) {
 LFS.ContentPath = filepath.Join(AppWorkPath, LFS.ContentPath)
 }
+LFS.HTTPAuthExpiryMinutes = sec.Key("LFS_HTTP_AUTH_EXPIRY_MINUTES").MustInt(5)
 
 if LFS.StartServer {