From 28fb0ca1c8c641709f7b0709bebe18229ade1a4d Mon Sep 17 00:00:00 2001
From: cialloo <admin@cialloo.com>
Date: Sun, 26 Oct 2025 07:03:35 +0800
Subject: [PATCH] Refactor S3 client initialization to streamline configuration
 and add public read policy setup; improve error handling for bucket policy
 application

---
 app/internal/svc/servicecontext.go | 59 +++++++++++++++++-------------
 1 file changed, 34 insertions(+), 25 deletions(-)

diff --git a/app/internal/svc/servicecontext.go b/app/internal/svc/servicecontext.go
index 34944c1..4bdee4b 100644
--- a/app/internal/svc/servicecontext.go
+++ b/app/internal/svc/servicecontext.go
@@ -49,30 +49,7 @@ func initDatabase(dbConfig config.DatabaseConfig) *sql.DB {
 }
 
 func initS3Client(s3Config config.S3Config) *s3.Client {
-	var cfg aws.Config
-	var err error
-
-	if s3Config.Endpoint != "" {
-		// Custom endpoint (e.g., MinIO)
-		cfg, err = awsconfig.LoadDefaultConfig(context.Background(),
-			awsconfig.WithRegion(s3Config.Region),
-			awsconfig.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(
-				s3Config.AccessKeyID,
-				s3Config.SecretAccessKey,
-				"",
-			)),
-		)
-		if err != nil {
-			panic(err)
-		}
-		return s3.NewFromConfig(cfg, func(o *s3.Options) {
-			o.BaseEndpoint = aws.String(s3Config.Endpoint)
-			o.UsePathStyle = true
-		})
-	}
-
-	// Standard AWS S3
-	cfg, err = awsconfig.LoadDefaultConfig(context.Background(),
+	cfg, err := awsconfig.LoadDefaultConfig(context.Background(),
 		awsconfig.WithRegion(s3Config.Region),
 		awsconfig.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(
 			s3Config.AccessKeyID,
@@ -84,5 +61,37 @@ func initS3Client(s3Config config.S3Config) *s3.Client {
 		panic(err)
 	}
 
-	return s3.NewFromConfig(cfg)
+	client := s3.NewFromConfig(cfg, func(o *s3.Options) {
+		o.BaseEndpoint = aws.String(s3Config.Endpoint)
+		o.UsePathStyle = true
+	})
+
+	// Set bucket policy for public read access
+	setBucketPublicReadPolicy(client, s3Config.Bucket)
+
+	return client
+}
+
+func setBucketPublicReadPolicy(client *s3.Client, bucket string) {
+	policy := `{
+		"Version": "2012-10-17",
+		"Statement": [
+			{
+				"Effect": "Allow",
+				"Principal": "*",
+				"Action": "s3:GetObject",
+				"Resource": "arn:aws:s3:::` + bucket + `/*"
+			}
+		]
+	}`
+
+	_, err := client.PutBucketPolicy(context.Background(), &s3.PutBucketPolicyInput{
+		Bucket: aws.String(bucket),
+		Policy: aws.String(policy),
+	})
+	if err != nil {
+		// Log error but don't panic - bucket might already have the policy
+		// or the user might not have permission to set policies
+		println("Warning: Failed to set bucket policy:", err.Error())
+	}
 }