Add max-file-size to LFS (#10463)

zeripath · silverwind · lafriks · web-flow · commit 513b962c1df0 · 2020-02-28T01:46:57.000-03:00
* Add max-file-size to LFS * Update modules/lfs/server.go * As per @silverwind Co-Authored-By: silverwind <me@silverwind.io> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
diff --git a/custom/conf/app.ini.sample b/custom/conf/app.ini.sample
@@ -311,6 +311,8 @@ LFS_CONTENT_PATH = data/lfs
 LFS_JWT_SECRET =
 ; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
 LFS_HTTP_AUTH_EXPIRY = 20m
+; Maximum allowed LFS file size in bytes (Set to 0 for no limit).
+LFS_MAX_FILE_SIZE = 0
 ; Allow graceful restarts using SIGHUP to fork
 ALLOW_GRACEFUL_RESTARTS = true
 ; After a restart the parent will finish ongoing requests before
diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -192,6 +192,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files.
 - `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
 - `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail.
+- `LFS_MAX_FILE_SIZE`: **0**: Maximum allowed LFS file size in bytes (Set to 0 for no limit).
 - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, allows redirecting http requests on `PORT_TO_REDIRECT` to the https port Gitea listens on.
 - `PORT_TO_REDIRECT`: **80**: Port for the http redirection service to listen on. Used when `REDIRECT_OTHER_PORT` is true.
 - `ENABLE_LETSENCRYPT`: **false**: If enabled you must set `DOMAIN` to valid internet facing domain (ensure DNS is set and port 80 is accessible by letsencrypt validation server).
diff --git a/modules/lfs/server.go b/modules/lfs/server.go
@@ -233,6 +233,12 @@ func PostHandler(ctx *context.Context) {
 		return
 	}
 
+	if setting.LFS.MaxFileSize > 0 && rv.Size > setting.LFS.MaxFileSize {
+		log.Info("Denied LFS upload of size %d to %s/%s because of LFS_MAX_FILE_SIZE=%d", rv.Size, rv.User, rv.Repo, setting.LFS.MaxFileSize)
+		writeStatus(ctx, 413)
+		return
+	}
+
 	meta, err := models.NewLFSMetaObject(&models.LFSMetaObject{Oid: rv.Oid, Size: rv.Size, RepositoryID: repository.ID})
 	if err != nil {
 		writeStatus(ctx, 404)
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
@@ -140,6 +140,7 @@ var (
 		JWTSecretBase64 string        `ini:"LFS_JWT_SECRET"`
 		JWTSecretBytes  []byte        `ini:"-"`
 		HTTPAuthExpiry  time.Duration `ini:"LFS_HTTP_AUTH_EXPIRY"`
+		MaxFileSize     int64         `ini:"LFS_MAX_FILE_SIZE"`
 	}
 
 	// Security settings

Original file line number	Diff line number	Diff line change
`@@ -140,6 +140,7 @@ var (`
`140`	`140`	JWTSecretBase64 string `ini:"LFS_JWT_SECRET"`
`141`	`141`	JWTSecretBytes []byte `ini:"-"`
`142`	`142`	HTTPAuthExpiry time.Duration `ini:"LFS_HTTP_AUTH_EXPIRY"`
	`143`	+ MaxFileSize int64 `ini:"LFS_MAX_FILE_SIZE"`
`143`	`144`	`}`
`144`	`145`
`145`	`146`	`// Security settings`