Previously, the default was a week. As most instances don't set the setting, this leads to a bad user experience by default. ## :warning: Breaking If your instance requires a high level of security, you may want to set `[security].LOGIN_REMEMBER_DAYS` so that logins are not valid as long. --------- Co-authored-by: Jason Song <i@wolfogre.com>tags/v1.22.0-rc0
;INTERNAL_TOKEN_URI = file:/etc/gitea/internal_token | ;INTERNAL_TOKEN_URI = file:/etc/gitea/internal_token | ||||
;; | ;; | ||||
;; How long to remember that a user is logged in before requiring relogin (in days) | ;; How long to remember that a user is logged in before requiring relogin (in days) | ||||
;LOGIN_REMEMBER_DAYS = 7 | |||||
;LOGIN_REMEMBER_DAYS = 31 | |||||
;; | ;; | ||||
;; Name of the cookie used to store the current username. | ;; Name of the cookie used to store the current username. | ||||
;COOKIE_USERNAME = gitea_awesome | ;COOKIE_USERNAME = gitea_awesome |
- `INSTALL_LOCK`: **false**: Controls access to the installation page. When set to "true", the installation page is not accessible. | - `INSTALL_LOCK`: **false**: Controls access to the installation page. When set to "true", the installation page is not accessible. | ||||
- `SECRET_KEY`: **\<random at every install\>**: Global secret key. This key is VERY IMPORTANT, if you lost it, the data encrypted by it (like 2FA secret) can't be decrypted anymore. | - `SECRET_KEY`: **\<random at every install\>**: Global secret key. This key is VERY IMPORTANT, if you lost it, the data encrypted by it (like 2FA secret) can't be decrypted anymore. | ||||
- `SECRET_KEY_URI`: **_empty_**: Instead of defining SECRET_KEY, this option can be used to use the key stored in a file (example value: `file:/etc/gitea/secret_key`). It shouldn't be lost like SECRET_KEY. | - `SECRET_KEY_URI`: **_empty_**: Instead of defining SECRET_KEY, this option can be used to use the key stored in a file (example value: `file:/etc/gitea/secret_key`). It shouldn't be lost like SECRET_KEY. | ||||
- `LOGIN_REMEMBER_DAYS`: **7**: Cookie lifetime, in days. | |||||
- `LOGIN_REMEMBER_DAYS`: **31**: How long to remember that a user is logged in before requiring relogin (in days). | |||||
- `COOKIE_REMEMBER_NAME`: **gitea\_incredible**: Name of cookie used to store authentication | - `COOKIE_REMEMBER_NAME`: **gitea\_incredible**: Name of cookie used to store authentication | ||||
information. | information. | ||||
- `REVERSE_PROXY_AUTHENTICATION_USER`: **X-WEBAUTH-USER**: Header name for reverse proxy | - `REVERSE_PROXY_AUTHENTICATION_USER`: **X-WEBAUTH-USER**: Header name for reverse proxy |
- `INSTALL_LOCK`: **false**:控制是否能够访问安装向导页面,设置为 `true` 则禁止访问安装向导页面。 | - `INSTALL_LOCK`: **false**:控制是否能够访问安装向导页面,设置为 `true` 则禁止访问安装向导页面。 | ||||
- `SECRET_KEY`: **\<每次安装时随机生成\>**:全局服务器安全密钥。这个密钥非常重要,如果丢失将无法解密加密的数据(例如 2FA)。 | - `SECRET_KEY`: **\<每次安装时随机生成\>**:全局服务器安全密钥。这个密钥非常重要,如果丢失将无法解密加密的数据(例如 2FA)。 | ||||
- `SECRET_KEY_URI`: **_empty_**:与定义 `SECRET_KEY` 不同,此选项可用于使用存储在文件中的密钥(示例值:`file:/etc/gitea/secret_key`)。它不应该像 `SECRET_KEY` 一样容易丢失。 | - `SECRET_KEY_URI`: **_empty_**:与定义 `SECRET_KEY` 不同,此选项可用于使用存储在文件中的密钥(示例值:`file:/etc/gitea/secret_key`)。它不应该像 `SECRET_KEY` 一样容易丢失。 | ||||
- `LOGIN_REMEMBER_DAYS`: **7**:Cookie 保存时间,单位为天。 | |||||
- `LOGIN_REMEMBER_DAYS`: **31**:在要求重新登录之前,记住用户的登录状态多长时间(以天为单位)。 | |||||
- `COOKIE_REMEMBER_NAME`: **gitea\_incredible**:保存自动登录信息的 Cookie 名称。 | - `COOKIE_REMEMBER_NAME`: **gitea\_incredible**:保存自动登录信息的 Cookie 名称。 | ||||
- `REVERSE_PROXY_AUTHENTICATION_USER`: **X-WEBAUTH-USER**:反向代理认证的 HTTP 头部名称,用于提供用户信息。 | - `REVERSE_PROXY_AUTHENTICATION_USER`: **X-WEBAUTH-USER**:反向代理认证的 HTTP 头部名称,用于提供用户信息。 | ||||
- `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**:反向代理认证的 HTTP 头部名称,用于提供邮箱信息。 | - `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**:反向代理认证的 HTTP 头部名称,用于提供邮箱信息。 |
func loadSecurityFrom(rootCfg ConfigProvider) { | func loadSecurityFrom(rootCfg ConfigProvider) { | ||||
sec := rootCfg.Section("security") | sec := rootCfg.Section("security") | ||||
InstallLock = HasInstallLock(rootCfg) | InstallLock = HasInstallLock(rootCfg) | ||||
LogInRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt(7) | |||||
LogInRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt(31) | |||||
SecretKey = loadSecret(sec, "SECRET_KEY_URI", "SECRET_KEY") | SecretKey = loadSecret(sec, "SECRET_KEY_URI", "SECRET_KEY") | ||||
if SecretKey == "" { | if SecretKey == "" { | ||||
// FIXME: https://github.com/go-gitea/gitea/issues/16832 | // FIXME: https://github.com/go-gitea/gitea/issues/16832 |