You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
modules/file/service_oss.go::UploadFile only calls client.CreateBucket(bucketName, oss.ACL(oss.ACLPublicRead)) when the bucket does not yet exist (bucket == nil). For deployments where the OSS bucket is pre-provisioned by an ops tool (Terraform, console, ossutil) with a non-public ACL, the server never reapplies ACLPublicRead, so anonymous browser GETs against the asset URL return 403.
This is the OSS-backend counterpart to #77 (MinIO equivalent), found while reviewing the fix for #77.
The function's implicit contract is "after this returns, the bucket exists AND is publicly readable." That contract is violated whenever the bucket pre-exists.
Also call from PresignedPutURL if/when that path is added (parity with MinIO, which bootstraps from both write entry points).
Impact
All OSS deployments where the bucket was created out-of-band without ACLPublicRead — image / file / avatar requests return 403, end-user impact is "broken images."
Out of scope (or in scope for a follow-up?)
Same class of bug may exist on the other backends: service_cos.go / service_qiniu.go / service_seaweedfs.go do not auto-create buckets at all (operator must pre-provision), so the policy assumption lives outside the process and there's nothing to fix in code. Documenting the operator requirement in the README would still help.
Summary
modules/file/service_oss.go::UploadFileonly callsclient.CreateBucket(bucketName, oss.ACL(oss.ACLPublicRead))when the bucket does not yet exist (bucket == nil). For deployments where the OSS bucket is pre-provisioned by an ops tool (Terraform, console,ossutil) with a non-public ACL, the server never reappliesACLPublicRead, so anonymous browser GETs against the asset URL return 403.This is the OSS-backend counterpart to #77 (MinIO equivalent), found while reviewing the fix for #77.
Root cause
The function's implicit contract is "after this returns, the bucket exists AND is publicly readable." That contract is violated whenever the bucket pre-exists.
Suggested fix shape (mirroring #77 fix)
ensureBucket(client, name)helper that:CreateBucket(..., ACLPublicRead)if absent,client.SetBucketACL(name, oss.ACLPublicRead)so a pre-provisioned bucket is self-healed on first upload.sync.Map[string]struct{}).PresignedPutURLif/when that path is added (parity with MinIO, which bootstraps from both write entry points).Impact
All OSS deployments where the bucket was created out-of-band without
ACLPublicRead— image / file / avatar requests return 403, end-user impact is "broken images."Out of scope (or in scope for a follow-up?)
service_cos.go/service_qiniu.go/service_seaweedfs.godo not auto-create buckets at all (operator must pre-provision), so the policy assumption lives outside the process and there's nothing to fix in code. Documenting the operator requirement in the README would still help.