1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
|
# Git LFS File Locking API
Added: v2.0
The File Locking API is used to create, list, and delete locks, as well as
verify that locks are respected in Git pushes. The locking URLs are built
by adding a suffix to the LFS Server URL.
Git remote: https://git-server.com/foo/bar<br>
LFS server: https://git-server.com/foo/bar.git/info/lfs<br>
Locks API: https://git-server.com/foo/bar.git/info/lfs/locks<br>
See the [Server Discovery doc](./server-discovery.md) for more info on how LFS
builds the LFS server URL.
All File Locking requests require the following HTTP headers:
Accept: application/vnd.git-lfs+json
Content-Type: application/vnd.git-lfs+json
The client may also include a `charset=utf-8` parameter in the
`Content-Type` header, which servers should be prepared to accept.
See the [Authentication doc](./authentication.md) for more info on how LFS
gets authorizes Batch API requests.
Note: This is the first version of the File Locking API, supporting only the
simplest use case: single branch locking. The API is designed to be extensible
as we experiment with more advanced locking scenarios, as defined in the
[original proposal](/docs/proposals/locking.md).
The [Batch API's `ref` property docs](./batch.md#ref-property) describe how the `ref` property can be used to support auth schemes that include the server ref. Locking API implementations should also only use it for authentication, until advanced locking scenarios have been developed.
## Create Lock
The client sends the following to create a lock by sending a `POST` to `/locks`
(appended to the LFS server url, as described above). Servers should ensure that
users have push access to the repository, and that files are locked exclusively
to one user.
* `path` - String path name of the file that is locked. This should be
relative to the root of the repository working directory.
* `ref` - Optional object describing the server ref that the locks belong to. Note: Added in v2.4.
* `name` - Fully-qualified server refspec.
```js
// POST https://lfs-server.com/locks
// Accept: application/vnd.git-lfs+json
// Content-Type: application/vnd.git-lfs+json
// Authorization: Basic ...
{
"path": "foo/bar.zip",
"ref": {
"name": "refs/heads/my-feature"
}
}
```
### Successful Response
Successful responses return the created lock:
* `id` - String ID of the Lock. Git LFS doesn't enforce what type of ID is used,
as long as it's returned as a string.
* `path` - String path name of the locked file. This should be relative to the
root of the repository working directory.
* `locked_at` - The timestamp the lock was created, as an uppercase
RFC 3339-formatted string with second precision.
* `owner` - Optional name of the user that created the Lock. This should be set from
the user credentials posted when creating the lock.
```js
// HTTP/1.1 201 Created
// Content-Type: application/vnd.git-lfs+json
{
"lock": {
"id": "some-uuid",
"path": "foo/bar.zip",
"locked_at": "2016-05-17T15:49:06+00:00",
"owner": {
"name": "Jane Doe"
}
}
}
```
### Bad Response: Lock Exists
Lock services should reject lock creations if one already exists for the given
path on the current repository.
* `lock` - The existing Lock that clashes with the request.
* `message` - String error message.
* `request_id` - Optional String unique identifier for the request. Useful for
debugging.
* `documentation_url` - Optional String to give the user a place to report
errors.
```js
// HTTP/1.1 409 Conflict
// Content-Type: application/vnd.git-lfs+json
{
"lock": {
// details of existing lock
},
"message": "already created lock",
"documentation_url": "https://lfs-server.com/docs/errors",
"request_id": "123"
}
```
### Unauthorized Response
Lock servers should require that users have push access to the repository before
they can create locks.
* `message` - String error message.
* `request_id` - Optional String unique identifier for the request. Useful for
debugging.
* `documentation_url` - Optional String to give the user a place to report
errors.
```js
// HTTP/1.1 403 Forbidden
// Content-Type: application/vnd.git-lfs+json
{
"message": "You must have push access to create a lock",
"documentation_url": "https://lfs-server.com/docs/errors",
"request_id": "123"
}
```
### Error Response
* `message` - String error message.
* `request_id` - Optional String unique identifier for the request. Useful for
debugging.
* `documentation_url` - Optional String to give the user a place to report
errors.
```js
// HTTP/1.1 500 Internal server error
// Content-Type: application/vnd.git-lfs+json
{
"message": "internal server error",
"documentation_url": "https://lfs-server.com/docs/errors",
"request_id": "123"
}
```
## List Locks
The client can request the current active locks for a repository by sending a
`GET` to `/locks` (appended to the LFS server url, as described above). LFS
Servers should ensure that users have at least pull access to the repository.
The properties are sent as URI query values, instead of through a JSON body:
* `path` - Optional string path to match against locks on the server.
* `id` - Optional string ID to match against a lock on the server.
* `cursor` - The optional string value to continue listing locks. This value
should be the `next_cursor` from a previous request.
* `limit` - The integer limit of the number of locks to return. The server
should have its own upper and lower bounds on the supported limits.
* `refspec` - Optional fully qualified server refspec
from which to search for locks.
```js
// GET https://lfs-server.com/locks?path=&id=&cursor=&limit=&refspec=
// Accept: application/vnd.git-lfs+json
// Authorization: Basic ... (if needed)
```
### Successful Response
A successful response will list the matching locks:
* `locks` - Array of matching Lock objects. See the "Create Lock" successful
response section to see what Lock properties are possible.
* `next_cursor` - Optional string cursor that the server can return if there
are more locks matching the given filters. The client will re-do the request,
setting the `?cursor` query value with this `next_cursor` value.
Note: If the server has no locks, it must return an empty `locks` array.
```js
// HTTP/1.1 200 Ok
// Content-Type: application/vnd.git-lfs+json
{
"locks": [
{
"id": "some-uuid",
"path": "/path/to/file",
"locked_at": "2016-05-17T15:49:06+00:00",
"owner": {
"name": "Jane Doe"
}
}
],
"next_cursor": "optional next ID"
}
```
### Unauthorized Response
Lock servers should require that users have pull access to the repository before
they can list locks.
* `message` - String error message.
* `request_id` - Optional String unique identifier for the request. Useful for
debugging.
* `documentation_url` - Optional String to give the user a place to report
errors.
```js
// HTTP/1.1 403 Forbidden
// Content-Type: application/vnd.git-lfs+json
{
"message": "You must have pull access to list locks",
"documentation_url": "https://lfs-server.com/docs/errors",
"request_id": "123"
}
```
### Error Response
* `message` - String error message.
* `request_id` - Optional String unique identifier for the request. Useful for
debugging.
* `documentation_url` - Optional String to give the user a place to report
errors.
```js
// HTTP/1.1 500 Internal server error
// Content-Type: application/vnd.git-lfs+json
{
"message": "unable to list locks",
"documentation_url": "https://lfs-server.com/docs/errors",
"request_id": "123"
}
```
## List Locks for Verification
The client can use the Lock Verification endpoint to check for active locks
that can affect a Git push. For a caller, this endpoint is very similar to the
"List Locks" endpoint above, except:
* Verification requires a `POST` request.
* The `cursor`, `ref` and `limit` values are sent as properties in the json
request body.
* The response includes locks partitioned into `ours` and `theirs` properties.
LFS Servers should ensure that users have push access to the repository.
Clients send the following to list locks for verification by sending a `POST`
to `/locks/verify` (appended to the LFS server url, as described above):
* `ref` - Optional object describing the server ref that the locks belong to. Note: Added in v2.4.
* `name` - Fully-qualified server refspec.
* `cursor` - Optional cursor to allow pagination. Servers can determine how cursors are formatted based on how they are stored internally.
* `limit` - Optional limit to how many locks to
return.
```js
// POST https://lfs-server.com/locks/verify
// Accept: application/vnd.git-lfs+json
// Content-Type: application/vnd.git-lfs+json
// Authorization: Basic ...
{
"cursor": "optional cursor",
"limit": 100, // also optional
"ref": {
"name": "refs/heads/my-feature"
}
}
```
Note: As more advanced locking workflows are implemented, more details will
likely be added to this request body in future iterations.
### Successful Response
A successful response will list the relevant locks:
* `ours` - Array of Lock objects currently owned by the authenticated user.
modify.
* `theirs` - Array of Lock objects currently owned by other users.
* `next_cursor` - Optional string cursor that the server can return if there
are more locks matching the given filters. The client will re-do the request,
setting the `cursor` property with this `next_cursor` value.
If a Git push updates any files matching any of "our" locks, Git LFS will list
them in the push output, in case the user will want to unlock them after the
push. However, any updated files matching one of "their" locks will halt the
push. At this point, it is up to the user to resolve the lock conflict with
their team.
Note: If the server has no locks, it must return an empty array in the `ours` or
`theirs` properties.
```js
// HTTP/1.1 200 Ok
// Content-Type: application/vnd.git-lfs+json
{
"ours": [
{
"id": "some-uuid",
"path": "/path/to/file",
"locked_at": "2016-05-17T15:49:06+00:00",
"owner": {
"name": "Jane Doe"
}
}
],
"theirs": [],
"next_cursor": "optional next ID"
}
```
### Not Found Response
By default, an LFS server that doesn't implement any locking endpoints should
return 404. This response will not halt any Git pushes.
Any 404 will do, but Git LFS will show a better error message with a json
response.
* `message` - String error message.
* `request_id` - Optional String unique identifier for the request. Useful for
debugging.
* `documentation_url` - Optional String to give the user a place to report
errors.
```js
// HTTP/1.1 404 Not found
// Content-Type: application/vnd.git-lfs+json
{
"message": "Not found",
"documentation_url": "https://lfs-server.com/docs/errors",
"request_id": "123"
}
```
### Unauthorized Response
Lock servers should require that users have push access to the repository before
they can get a list of locks to verify a Git push.
* `message` - String error message.
* `request_id` - Optional String unique identifier for the request. Useful for
debugging.
* `documentation_url` - Optional String to give the user a place to report
errors.
```js
// HTTP/1.1 403 Forbidden
// Content-Type: application/vnd.git-lfs+json
{
"message": "You must have push access to verify locks",
"documentation_url": "https://lfs-server.com/docs/errors",
"request_id": "123"
}
```
### Error Response
* `message` - String error message.
* `request_id` - Optional String unique identifier for the request. Useful for
debugging.
* `documentation_url` - Optional String to give the user a place to report
errors.
```js
// HTTP/1.1 500 Internal server error
// Content-Type: application/vnd.git-lfs+json
{
"message": "unable to list locks",
"documentation_url": "https://lfs-server.com/docs/errors",
"request_id": "123"
}
```
## Delete Lock
The client can delete a lock, given its ID, by sending a `POST` to
`/locks/:id/unlock` (appended to the LFS server url, as described above). LFS
servers should ensure that callers have push access to the repository. They
should also prevent a user from deleting another user's lock, unless the `force`
property is given.
Properties:
* `force` - Optional boolean specifying that the user is deleting another user's
lock.
* `ref` - Optional object describing the server ref that the locks belong to. Note: Added in v2.4.
* `name` - Fully-qualified server refspec.
```js
// POST https://lfs-server.com/locks/:id/unlock
// Accept: application/vnd.git-lfs+json
// Content-Type: application/vnd.git-lfs+json
// Authorization: Basic ...
{
"force": true,
"ref": {
"name": "refs/heads/my-feature"
}
}
```
### Successful Response
Successful deletions return the deleted lock. See the "Create Lock" successful
response section to see what Lock properties are possible.
```js
// HTTP/1.1 200 Ok
// Content-Type: application/vnd.git-lfs+json
{
"lock": {
"id": "some-uuid",
"path": "/path/to/file",
"locked_at": "2016-05-17T15:49:06+00:00",
"owner": {
"name": "Jane Doe"
}
}
}
```
### Unauthorized Response
Lock servers should require that users have push access to the repository before
they can delete locks. Also, if the `force` parameter is omitted, or false,
the user should only be allowed to delete locks that they created.
* `message` - String error message.
* `request_id` - Optional String unique identifier for the request. Useful for
debugging.
* `documentation_url` - Optional String to give the user a place to report
errors.
```js
// HTTP/1.1 403 Forbidden
// Content-Type: application/vnd.git-lfs+json
{
"message": "You must have push access to delete locks",
"documentation_url": "https://lfs-server.com/docs/errors",
"request_id": "123"
}
```
### Error response
* `message` - String error message.
* `request_id` - Optional String unique identifier for the request. Useful for
debugging.
* `documentation_url` - Optional String to give the user a place to report
errors.
```js
// HTTP/1.1 500 Internal server error
// Content-Type: application/vnd.git-lfs+json
{
"message": "unable to delete lock",
"documentation_url": "https://lfs-server.com/docs/errors",
"request_id": "123"
}
```
|
