Add explicit public-read ACL to public S3 uploads. Closes #496.

knadh · Oct 2, 2021 · 7aa8508 · 7aa8508
1 parent 05585b7
commit 7aa8508
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/internal/media/providers/s3/s3.go b/internal/media/providers/s3/s3.go
@@ -61,7 +61,7 @@ func NewS3Store(opt Opt) (media.Store, error) {
 // Put takes in the filename, the content type and file object itself and uploads to S3.
 func (c *Client) Put(name string, cType string, file io.ReadSeeker) (string, error) {
 	// Upload input parameters
-	upParams := simples3.UploadInput{
+	p := simples3.UploadInput{
 		Bucket:      c.opts.Bucket,
 		ContentType: cType,
 		FileName:    name,
@@ -70,8 +70,13 @@ func (c *Client) Put(name string, cType string, file io.ReadSeeker) (string, err
 		// Paths inside the bucket should not start with /.
 		ObjectKey: c.makeBucketPath(name),
 	}
-	// Perform an upload.
-	if _, err := c.s3.FileUpload(upParams); err != nil {
+
+	if c.opts.BucketType == "public" {
+		p.ACL = "public-read"
+	}
+
+	// Upload.
+	if _, err := c.s3.FileUpload(p); err != nil {
 		return "", err
 	}
 	return name, nil