LFS: make HTTP auth period configurable

cmd/serv.go

@@ -268,7 +268,7 @@ func runServ(c *cli.Context) error {
 		claims := jwt.MapClaims{
 			"repo": repo.ID,
 			"op":   lfsVerb,
-			"exp":  now.Add(5 * time.Minute).Unix(),
+			"exp":  now.Add(time.Duration(setting.LFS.HTTPAuthExpiryMinutes) * time.Minute).Unix(),
 			"nbf":  now.Unix(),
 		}
 		if user != nil {

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -115,6 +115,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `LFS_START_SERVER`: **false**: Enables git-lfs support.
 - `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files.
 - `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
+- `LFS_HTTP_AUTH_EXPIRY_MINUTES`: **5**: LFS authentication validity period in minutes, pushes taking longer than this may fail.
 - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, redirects http requests
    on another (https) port.
 - `PORT_TO_REDIRECT`: **80**: Port used when `REDIRECT_OTHER_PORT` is true.

modules/setting/setting.go

@@ -136,10 +136,11 @@ var (
 	}
 
 	LFS struct {
-		StartServer     bool   `ini:"LFS_START_SERVER"`
-		ContentPath     string `ini:"LFS_CONTENT_PATH"`
-		JWTSecretBase64 string `ini:"LFS_JWT_SECRET"`
-		JWTSecretBytes  []byte `ini:"-"`
+		StartServer           bool   `ini:"LFS_START_SERVER"`
+		ContentPath           string `ini:"LFS_CONTENT_PATH"`
+		JWTSecretBase64       string `ini:"LFS_JWT_SECRET"`
+		JWTSecretBytes        []byte `ini:"-"`
+		HTTPAuthExpiryMinutes int    `ini:"LFS_HTTP_AUTH_EXPIRY_MINUTES"`
 	}
 
 	// Security settings
@@ -827,6 +828,7 @@ func NewContext() {
 	if !filepath.IsAbs(LFS.ContentPath) {
 		LFS.ContentPath = filepath.Join(AppWorkPath, LFS.ContentPath)
 	}
+	LFS.HTTPAuthExpiryMinutes = sec.Key("LFS_HTTP_AUTH_EXPIRY_MINUTES").MustInt(5)
 
 	if LFS.StartServer {