From ab988b1dae67a04dbcfc7af14052a1b033946029 Mon Sep 17 00:00:00 2001 From: Rutger Broekhoff Date: Tue, 2 Jan 2024 21:38:45 +0100 Subject: Make tokens short-lived --- cmd/git-lfs-authenticate/main.go | 2 +- cmd/git-lfs-server/main.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/git-lfs-authenticate/main.go b/cmd/git-lfs-authenticate/main.go index a76fdff..3d2c1ea 100644 --- a/cmd/git-lfs-authenticate/main.go +++ b/cmd/git-lfs-authenticate/main.go @@ -180,7 +180,7 @@ func main() { die("forbidden") } - expiresIn := time.Hour * 24 + expiresIn := time.Minute * 5 claims := customClaims{ Gitolfs3: gitolfs3Claims{ Type: "batch-api", diff --git a/cmd/git-lfs-server/main.go b/cmd/git-lfs-server/main.go index cfad3e0..eec7d00 100644 --- a/cmd/git-lfs-server/main.go +++ b/cmd/git-lfs-server/main.go @@ -150,7 +150,6 @@ func sha256AsBase64(hash string) string { func (h *handler) handleDownloadObject(ctx context.Context, repo string, obj parsedBatchObject) batchResponseObject { fullPath := path.Join(repo+".git", "lfs/objects", obj.firstByte, obj.secondByte, obj.fullHash) - expiresIn := time.Hour * 24 info, err := h.mc.StatObject(ctx, h.bucket, fullPath, minio.StatObjectOptions{Checksum: true}) if err != nil { @@ -170,6 +169,7 @@ func (h *handler) handleDownloadObject(ctx context.Context, repo string, obj par return makeObjError(obj, "Incorrect size specified for object or object currupted", http.StatusUnprocessableEntity) } + expiresIn := time.Minute * 10 claims := handleObjectCustomClaims{ Gitolfs3: handleObjectGitolfs3Claims{ Type: "basic-transfer", @@ -242,7 +242,7 @@ func (h *handler) handleUploadObject(ctx context.Context, repo string, obj parse return &objErr } - expiresIn := time.Hour * 24 + expiresIn := time.Minute * 10 claims := handleObjectCustomClaims{ Gitolfs3: handleObjectGitolfs3Claims{ Type: "basic-transfer", -- cgit v1.2.3