diff options
| author |  Rutger Broekhoff | 2024-01-02 21:38:45 +0100 |
|---|---|---|
| committer | Rutger Broekhoff | 2024-01-02 21:38:45 +0100 |
| commit | ab988b1dae67a04dbcfc7af14052a1b033946029 (patch) | |
| tree | 046c674d10c4edb31398b9e802246ea1c197a52e | |
| parent | f8b10c51e3f850203201e2cf926f5203192f93c7 (diff) | |
| download | gitolfs3-ab988b1dae67a04dbcfc7af14052a1b033946029.tar.gz gitolfs3-ab988b1dae67a04dbcfc7af14052a1b033946029.zip | |
Make tokens short-lived
| -rw-r--r-- | cmd/git-lfs-authenticate/main.go | 2 | ||||
| -rw-r--r-- | cmd/git-lfs-server/main.go | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/cmd/git-lfs-authenticate/main.go b/cmd/git-lfs-authenticate/main.go index a76fdff..3d2c1ea 100644 --- a/cmd/git-lfs-authenticate/main.go +++ b/cmd/git-lfs-authenticate/main.go | |||
| @@ -180,7 +180,7 @@ func main() { | |||
| 180 | die("forbidden") | 180 | die("forbidden") |
| 181 | } | 181 | } |
| 182 | 182 | ||
| 183 | expiresIn := time.Hour * 24 | 183 | expiresIn := time.Minute * 5 |
| 184 | claims := customClaims{ | 184 | claims := customClaims{ |
| 185 | Gitolfs3: gitolfs3Claims{ | 185 | Gitolfs3: gitolfs3Claims{ |
| 186 | Type: "batch-api", | 186 | Type: "batch-api", |
diff --git a/cmd/git-lfs-server/main.go b/cmd/git-lfs-server/main.go index cfad3e0..eec7d00 100644 --- a/cmd/git-lfs-server/main.go +++ b/cmd/git-lfs-server/main.go | |||
| @@ -150,7 +150,6 @@ func sha256AsBase64(hash string) string { | |||
| 150 | 150 | ||
| 151 | func (h *handler) handleDownloadObject(ctx context.Context, repo string, obj parsedBatchObject) batchResponseObject { | 151 | func (h *handler) handleDownloadObject(ctx context.Context, repo string, obj parsedBatchObject) batchResponseObject { |
| 152 | fullPath := path.Join(repo+".git", "lfs/objects", obj.firstByte, obj.secondByte, obj.fullHash) | 152 | fullPath := path.Join(repo+".git", "lfs/objects", obj.firstByte, obj.secondByte, obj.fullHash) |
| 153 | expiresIn := time.Hour * 24 | ||
| 154 | 153 | ||
| 155 | info, err := h.mc.StatObject(ctx, h.bucket, fullPath, minio.StatObjectOptions{Checksum: true}) | 154 | info, err := h.mc.StatObject(ctx, h.bucket, fullPath, minio.StatObjectOptions{Checksum: true}) |
| 156 | if err != nil { | 155 | if err != nil { |
| @@ -170,6 +169,7 @@ func (h *handler) handleDownloadObject(ctx context.Context, repo string, obj par | |||
| 170 | return makeObjError(obj, "Incorrect size specified for object or object currupted", http.StatusUnprocessableEntity) | 169 | return makeObjError(obj, "Incorrect size specified for object or object currupted", http.StatusUnprocessableEntity) |
| 171 | } | 170 | } |
| 172 | 171 | ||
| 172 | expiresIn := time.Minute * 10 | ||
| 173 | claims := handleObjectCustomClaims{ | 173 | claims := handleObjectCustomClaims{ |
| 174 | Gitolfs3: handleObjectGitolfs3Claims{ | 174 | Gitolfs3: handleObjectGitolfs3Claims{ |
| 175 | Type: "basic-transfer", | 175 | Type: "basic-transfer", |
| @@ -242,7 +242,7 @@ func (h *handler) handleUploadObject(ctx context.Context, repo string, obj parse | |||
| 242 | return &objErr | 242 | return &objErr |
| 243 | } | 243 | } |
| 244 | 244 | ||
| 245 | expiresIn := time.Hour * 24 | 245 | expiresIn := time.Minute * 10 |
| 246 | claims := handleObjectCustomClaims{ | 246 | claims := handleObjectCustomClaims{ |
| 247 | Gitolfs3: handleObjectGitolfs3Claims{ | 247 | Gitolfs3: handleObjectGitolfs3Claims{ |
| 248 | Type: "basic-transfer", | 248 | Type: "basic-transfer", |