feat: setup direct access to minio endpoint to images and avatars buckets through /s3/ path

2025-07-29 20:57:36 +03:00
parent e15ee90a62
commit ed044590a0
3 changed files with 86 additions and 2 deletions
--- a/backend/internal/minioClient/buckets.go
+++ b/backend/internal/minioClient/buckets.go
@@ -19,6 +19,7 @@ package minioclient

 import (
 	"context"
+	"fmt"
 	"slices"

 	"github.com/minio/minio-go/v7"
@@ -35,6 +36,15 @@ func setupBuckets(client *minio.Client) {
 		"uploads": "uploads",
 	}

+	hiddenBuckets := []string{
+		"uploads",
+	}
+
+	// NOTICE: it has a formatting value in there for the bucket name!!
+	// I'm kind of ashamed for doing this, but the library did not have
+	// an API for configuring a policy, so we're left with JSON I guess
+	readOnlyPolicyTemplate := `{"Version": "2012-10-17","Statement": [{"Action": ["s3:GetObject"],"Effect": "Allow","Principal": {"AWS": ["*"]},"Resource": ["arn:aws:s3:::%s/*"],"Sid": ""}]}`
+
 	ctx := context.Background()
 	var newBuckets []string
 	for key, value := range Buckets {
@@ -47,6 +57,10 @@ func setupBuckets(client *minio.Client) {
 				panic("Failure to create bucket '" + value + "': " + err.Error())
 			}
 			newBuckets = append(newBuckets, key)
+
+			if !slices.Contains(hiddenBuckets, key) {
+				client.SetBucketPolicy(ctx, value, fmt.Sprintf(readOnlyPolicyTemplate, value))
+			}
 		}
 	}

@@ -55,7 +69,7 @@ func setupBuckets(client *minio.Client) {
 		uploadsCfg.Rules = []lifecycle.Rule{
 			{
 				ID:		"expire-uploads",
-				Status: "enabled",
+				Status: "Enabled",
 				Expiration: lifecycle.Expiration{Days: 1},
 			},
 		}