feat: setup direct access to minio endpoint to images and avatars buckets through /s3/ path
This commit is contained in:
@@ -19,6 +19,7 @@ package minioclient
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"fmt"
|
||||||
"slices"
|
"slices"
|
||||||
|
|
||||||
"github.com/minio/minio-go/v7"
|
"github.com/minio/minio-go/v7"
|
||||||
@@ -35,6 +36,15 @@ func setupBuckets(client *minio.Client) {
|
|||||||
"uploads": "uploads",
|
"uploads": "uploads",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
hiddenBuckets := []string{
|
||||||
|
"uploads",
|
||||||
|
}
|
||||||
|
|
||||||
|
// NOTICE: it has a formatting value in there for the bucket name!!
|
||||||
|
// I'm kind of ashamed for doing this, but the library did not have
|
||||||
|
// an API for configuring a policy, so we're left with JSON I guess
|
||||||
|
readOnlyPolicyTemplate := `{"Version": "2012-10-17","Statement": [{"Action": ["s3:GetObject"],"Effect": "Allow","Principal": {"AWS": ["*"]},"Resource": ["arn:aws:s3:::%s/*"],"Sid": ""}]}`
|
||||||
|
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
var newBuckets []string
|
var newBuckets []string
|
||||||
for key, value := range Buckets {
|
for key, value := range Buckets {
|
||||||
@@ -47,6 +57,10 @@ func setupBuckets(client *minio.Client) {
|
|||||||
panic("Failure to create bucket '" + value + "': " + err.Error())
|
panic("Failure to create bucket '" + value + "': " + err.Error())
|
||||||
}
|
}
|
||||||
newBuckets = append(newBuckets, key)
|
newBuckets = append(newBuckets, key)
|
||||||
|
|
||||||
|
if !slices.Contains(hiddenBuckets, key) {
|
||||||
|
client.SetBucketPolicy(ctx, value, fmt.Sprintf(readOnlyPolicyTemplate, value))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -55,7 +69,7 @@ func setupBuckets(client *minio.Client) {
|
|||||||
uploadsCfg.Rules = []lifecycle.Rule{
|
uploadsCfg.Rules = []lifecycle.Rule{
|
||||||
{
|
{
|
||||||
ID: "expire-uploads",
|
ID: "expire-uploads",
|
||||||
Status: "enabled",
|
Status: "Enabled",
|
||||||
Expiration: lifecycle.Expiration{Days: 1},
|
Expiration: lifecycle.Expiration{Days: 1},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|||||||
68
backend/internal/minioClient/ginEndpoint.go
Normal file
68
backend/internal/minioClient/ginEndpoint.go
Normal file
@@ -0,0 +1,68 @@
|
|||||||
|
// Copyright (c) 2025 Nikolai Papin
|
||||||
|
//
|
||||||
|
// This file is part of Easywish
|
||||||
|
//
|
||||||
|
// This program is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU General Public License as published by
|
||||||
|
// the Free Software Foundation, either version 3 of the License, or
|
||||||
|
// (at your option) any later version.
|
||||||
|
//
|
||||||
|
// This program is distributed in the hope that it will be useful,
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
|
||||||
|
// the GNU General Public License for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU General Public License
|
||||||
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
package minioclient
|
||||||
|
|
||||||
|
import (
|
||||||
|
"io"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"time"
|
||||||
|
"maps"
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
)
|
||||||
|
|
||||||
|
func setupGinEndpoint(router *gin.Engine) {
|
||||||
|
s3group := router.Group("/s3")
|
||||||
|
s3group.Any("/*path", func(c *gin.Context) {
|
||||||
|
path := c.Param("path")
|
||||||
|
minioURL := &url.URL{
|
||||||
|
Scheme: "http",
|
||||||
|
Host: "minio:9000", // XXX: hardcoded minio host
|
||||||
|
Path: path,
|
||||||
|
RawQuery: c.Request.URL.RawQuery,
|
||||||
|
}
|
||||||
|
req, err := http.NewRequest(c.Request.Method, minioURL.String(), c.Request.Body); if err != nil {
|
||||||
|
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"error": "Failed to create request"})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
req = req.WithContext(c.Request.Context())
|
||||||
|
maps.Copy(req.Header, c.Request.Header)
|
||||||
|
delete(req.Header, "Host")
|
||||||
|
client := &http.Client{
|
||||||
|
Timeout: 30 * time.Second, // XXX: magic number
|
||||||
|
CheckRedirect: func(req *http.Request, via []*http.Request) error {
|
||||||
|
return http.ErrUseLastResponse
|
||||||
|
},
|
||||||
|
}
|
||||||
|
resp, err := client.Do(req); if err != nil {
|
||||||
|
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"error": "Failed to forward request"})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
for key, values := range resp.Header {
|
||||||
|
for _, value := range values {
|
||||||
|
c.Writer.Header().Add(key, value)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
c.Status(resp.StatusCode)
|
||||||
|
_, err = io.Copy(c.Writer, resp.Body); if err != nil {
|
||||||
|
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"error": "Failed to copy response body"})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
@@ -22,11 +22,12 @@ import (
|
|||||||
"net/url"
|
"net/url"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
"github.com/minio/minio-go/v7"
|
"github.com/minio/minio-go/v7"
|
||||||
"github.com/minio/minio-go/v7/pkg/credentials"
|
"github.com/minio/minio-go/v7/pkg/credentials"
|
||||||
)
|
)
|
||||||
|
|
||||||
func NewMinioClient() *minio.Client {
|
func NewMinioClient(router *gin.Engine) *minio.Client {
|
||||||
cfg := config.GetConfig()
|
cfg := config.GetConfig()
|
||||||
|
|
||||||
if cfg.MinioUrl == "" {
|
if cfg.MinioUrl == "" {
|
||||||
@@ -54,6 +55,7 @@ func NewMinioClient() *minio.Client {
|
|||||||
}
|
}
|
||||||
|
|
||||||
setupBuckets(client)
|
setupBuckets(client)
|
||||||
|
setupGinEndpoint(router)
|
||||||
|
|
||||||
return client
|
return client
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user