terry/Arkie-Library-Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1
Some checks failed
Deploy API / deploy (push) Failing after 6s
Details

Browse Source
This commit is contained in:
thomas
2026-05-19 07:37:25 +08:00
parent 141d92dc15
commit 5226990e64
4 changed files with 112 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/config/config.go
View File

@@ -24,6 +24,8 @@ type Config struct {
AWSRegion string
S3UploadPrefix string
S3PublicBase string // optional CDN / website endpoint base URL for returned object URLs
// S3ObjectACL: optional canned ACL on PutObject (e.g. public-read). Empty = omit ACL (required for Bucket owner enforced buckets).
S3ObjectACL string
}
func Load() Config {
@@ -74,6 +76,7 @@ func Load() Config {
}
s3Prefix = strings.Trim(s3Prefix, "/")
s3Public := strings.TrimSpace(os.Getenv("S3_PUBLIC_BASE_URL"))
s3ObjectACL := strings.TrimSpace(os.Getenv("S3_OBJECT_ACL"))
return Config{
Addr: addr,
DatabaseURL: db,
@@ -89,6 +92,7 @@ func Load() Config {
AWSRegion: awsRegion,
S3UploadPrefix: s3Prefix,
S3PublicBase: s3Public,
S3ObjectACL: s3ObjectACL,
}
}

32
internal/handlers/upload.go
View File

@@ -11,6 +11,7 @@ import (
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/s3"
"github.com/aws/aws-sdk-go-v2/service/s3/types"
"github.com/google/uuid"
)
@@ -25,6 +26,7 @@ type UploadDeps struct {
AWSRegion string
S3Prefix string // e.g. "uploads" (no leading/trailing slashes)
S3PublicBase string // optional, e.g. https://cdn.example.com — else virtual-hosted S3 URL
S3ObjectACL string // optional canned ACL, e.g. public-read (bucket must allow ACLs)
}
func UploadFile(d UploadDeps) http.HandlerFunc {
@@ -71,12 +73,16 @@ func UploadFile(d UploadDeps) http.HandlerFunc {
}
key := pfx + "/" + name
ctx := r.Context()
_, err := d.S3.PutObject(ctx, &s3.PutObjectInput{
put := &s3.PutObjectInput{
Bucket: aws.String(d.S3Bucket),
Key: aws.String(key),
Body: bytes.NewReader(data),
ContentType: aws.String(ct),
})
}
if acl, ok := s3PutObjectCannedACL(d.S3ObjectACL); ok {
put.ACL = acl
}
_, err := d.S3.PutObject(ctx, put)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
@@ -105,6 +111,28 @@ func UploadFile(d UploadDeps) http.HandlerFunc {
}
}
// s3PutObjectCannedACL maps env S3_OBJECT_ACL to SDK enum; unknown values are ignored.
func s3PutObjectCannedACL(raw string) (types.ObjectCannedACL, bool) {
switch strings.TrimSpace(strings.ToLower(raw)) {
case "private":
return types.ObjectCannedACLPrivate, true
case "public-read":
return types.ObjectCannedACLPublicRead, true
case "public-read-write":
return types.ObjectCannedACLPublicReadWrite, true
case "authenticated-read":
return types.ObjectCannedACLAuthenticatedRead, true
case "bucket-owner-full-control":
return types.ObjectCannedACLBucketOwnerFullControl, true
case "bucket-owner-read":
return types.ObjectCannedACLBucketOwnerRead, true
case "aws-exec-read":
return types.ObjectCannedACLAwsExecRead, true
default:
return "", false
}
}
func publicObjectURL(base, bucket, region, key string) string {
base = strings.TrimSpace(base)
if base != "" {