config: add ALLOW_PURE_SSH option

ConcurrentCrab · ConcurrentCrab · commit 5009913b9bd8 · 2024-09-26T23:20:09.000+05:30
diff --git a/cmd/serv.go b/cmd/serv.go
@@ -287,6 +287,9 @@ func runServ(c *cli.Context) error {
 			if !setting.LFS.StartServer {
 				return fail(ctx, "Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
 			}
+			if verb == verbLfsTransfer && !setting.LFS.AllowPureSSH {
+				return fail(ctx, "Unknown git command", "LFS SSH transfer connection denied, pure SSH protocol is disabled")
+			}
 			if len(words) > 2 {
 				lfsVerb = words[2]
 			}
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
@@ -306,6 +306,8 @@ RUN_USER = ; git
 ;; Enables git-lfs support. true or false, default is false.
 ;LFS_START_SERVER = false
 ;;
+;; Enables git-lfs SSH protocol support. true or false, default is false.
+;LFS_ALLOW_PURE_SSH = false
 ;;
 ;; LFS authentication secret, change this yourself
 ;LFS_JWT_SECRET =
diff --git a/modules/setting/lfs.go b/modules/setting/lfs.go
@@ -13,6 +13,7 @@ import (
 // LFS represents the configuration for Git LFS
 var LFS = struct {
 	StartServer    bool          `ini:"LFS_START_SERVER"`
+	AllowPureSSH   bool          `ini:"LFS_ALLOW_PURE_SSH"`
 	JWTSecretBytes []byte        `ini:"-"`
 	HTTPAuthExpiry time.Duration `ini:"LFS_HTTP_AUTH_EXPIRY"`
 	MaxFileSize    int64         `ini:"LFS_MAX_FILE_SIZE"`

Original file line number	Diff line number	Diff line change
`@@ -287,6 +287,9 @@ func runServ(c *cli.Context) error {`
`287`	`287`	`if !setting.LFS.StartServer {`
`288`	`288`	`return fail(ctx, "Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")`
`289`	`289`	`}`
	`290`	`+ if verb == verbLfsTransfer && !setting.LFS.AllowPureSSH {`
	`291`	`+ return fail(ctx, "Unknown git command", "LFS SSH transfer connection denied, pure SSH protocol is disabled")`
	`292`	`+ }`
`290`	`293`	`if len(words) > 2 {`
`291`	`294`	`lfsVerb = words[2]`
`292`	`295`	`}`