From 54f399c4df7d3470fff570afc145cbec3f0dcd40 Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Wed, 10 May 2023 22:23:47 +0800
Subject: [PATCH] Increase default LFS auth timeout from 20m to 24h (#24628)

According to the discussion with DanielGibson, the default "20m" seems
too short. It would make LFS fail if the file is large / network is
slow.

I think relaxing this timeout doesn't have side affect. So change the
default value to 24h, IMO that should be long enough.

## :warning: BREAKING

If admins want the previous timeout, they should set the setting
`[server].LFS_HTTP_AUTH_EXPIRY`.
---
 custom/conf/app.example.ini                                 | 2 +-
 docs/content/doc/administration/config-cheat-sheet.en-us.md | 2 +-
 modules/setting/lfs.go                                      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 95ad9fe399..3ceb53dcd0 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -303,7 +303,7 @@ RUN_MODE = ; prod
 LFS_JWT_SECRET =
 ;;
 ;; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
-;LFS_HTTP_AUTH_EXPIRY = 20m
+;LFS_HTTP_AUTH_EXPIRY = 24h
 ;;
 ;; Maximum allowed LFS file size in bytes (Set to 0 for no limit).
 ;LFS_MAX_FILE_SIZE = 0
diff --git a/docs/content/doc/administration/config-cheat-sheet.en-us.md b/docs/content/doc/administration/config-cheat-sheet.en-us.md
index 294f50bc81..c1befed489 100644
--- a/docs/content/doc/administration/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/administration/config-cheat-sheet.en-us.md
@@ -364,7 +364,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `LFS_START_SERVER`: **false**: Enables Git LFS support.
 - `LFS_CONTENT_PATH`: **%(APP_DATA_PATH)s/lfs**: Default LFS content path. (if it is on local storage.) **DEPRECATED** use settings in `[lfs]`.
 - `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
-- `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail.
+- `LFS_HTTP_AUTH_EXPIRY`: **24h**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail.
 - `LFS_MAX_FILE_SIZE`: **0**: Maximum allowed LFS file size in bytes (Set to 0 for no limit).
 - `LFS_LOCKS_PAGING_NUM`: **50**: Maximum number of LFS Locks returned per page.
 
diff --git a/modules/setting/lfs.go b/modules/setting/lfs.go
index 1b659dd22b..a5c3631681 100644
--- a/modules/setting/lfs.go
+++ b/modules/setting/lfs.go
@@ -45,7 +45,7 @@ func loadLFSFrom(rootCfg ConfigProvider) {
 		LFS.LocksPagingNum = 50
 	}
 
-	LFS.HTTPAuthExpiry = sec.Key("LFS_HTTP_AUTH_EXPIRY").MustDuration(20 * time.Minute)
+	LFS.HTTPAuthExpiry = sec.Key("LFS_HTTP_AUTH_EXPIRY").MustDuration(24 * time.Hour)
 
 	if LFS.StartServer {
 		LFS.JWTSecretBytes = make([]byte, 32)