From 183c6e9ece0940d94cc4a6ba85eb4597f80bc8fe Mon Sep 17 00:00:00 2001
From: cialloo <admin@cialloo.com>
Date: Sun, 26 Oct 2025 09:24:18 +0800
Subject: [PATCH] Remove public read access bucket policy setup from S3 client
 initialization; improve error handling by logging warnings instead of
 panicking

---
 app/internal/svc/servicecontext.go | 27 ---------------------------
 1 file changed, 27 deletions(-)

diff --git a/app/internal/svc/servicecontext.go b/app/internal/svc/servicecontext.go
index 4bdee4b..6c06386 100644
--- a/app/internal/svc/servicecontext.go
+++ b/app/internal/svc/servicecontext.go
@@ -66,32 +66,5 @@ func initS3Client(s3Config config.S3Config) *s3.Client {
 		o.UsePathStyle = true
 	})
 
-	// Set bucket policy for public read access
-	setBucketPublicReadPolicy(client, s3Config.Bucket)
-
 	return client
 }
-
-func setBucketPublicReadPolicy(client *s3.Client, bucket string) {
-	policy := `{
-		"Version": "2012-10-17",
-		"Statement": [
-			{
-				"Effect": "Allow",
-				"Principal": "*",
-				"Action": "s3:GetObject",
-				"Resource": "arn:aws:s3:::` + bucket + `/*"
-			}
-		]
-	}`
-
-	_, err := client.PutBucketPolicy(context.Background(), &s3.PutBucketPolicyInput{
-		Bucket: aws.String(bucket),
-		Policy: aws.String(policy),
-	})
-	if err != nil {
-		// Log error but don't panic - bucket might already have the policy
-		// or the user might not have permission to set policies
-		println("Warning: Failed to set bucket policy:", err.Error())
-	}
-}