Switch to Linode Object Storage

52poke · Oct 13, 2023 · d92a5aa · d92a5aa
1 parent a82ec63
commit d92a5aa
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 22 deletions.
diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
@@ -28,6 +28,8 @@ jobs:
       env:
         AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
         AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        S3_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY_ID }}
+        S3_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_ACCESS_KEY }}
     - name: serverless deploy
       uses: serverless/[email protected]
       if: ${{ github.ref_name == 'dev' }}
@@ -36,3 +38,5 @@ jobs:
       env:
         AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
         AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        S3_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY_ID }}
+        S3_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_ACCESS_KEY }}
diff --git a/serverless.yml b/serverless.yml
@@ -5,26 +5,29 @@ provider:
   runtime: nodejs16.x
   stage: ${opt:stage, 'dev'}
   region: ${opt:region, 'ap-northeast-1'}
-  iam:
-    role:
-      statements:
-        - Effect: "Allow"
-          Action:
-            - "s3:GetObject"
-          Resource: "arn:aws:s3:::${opt:bucket, 'media.52poke.com'}/*"
-        - Effect: "Allow"
-          Action:
-            - "s3:PutObject"
-          Resource:
-            - "arn:aws:s3:::${opt:bucket, 'media.52poke.com'}/wiki/thumb/*"
-            - "arn:aws:s3:::${opt:bucket, 'media.52poke.com'}/webp-cache/*"
-        - Effect: "Allow"
-          Action:
-            - "s3:DeleteObject"
-          Resource: "arn:aws:s3:::${opt:bucket, 'media.52poke.com'}/webp-cache/*"
+  # iam:
+  #   role:
+  #     statements:
+  #       - Effect: "Allow"
+  #         Action:
+  #           - "s3:GetObject"
+  #         Resource: "arn:aws:s3:::${env:S3_BUCKET, 'media.52poke.com'}/*"
+  #       - Effect: "Allow"
+  #         Action:
+  #           - "s3:PutObject"
+  #         Resource:
+  #           - "arn:aws:s3:::${env:S3_BUCKET, 'media.52poke.com'}/wiki/thumb/*"
+  #           - "arn:aws:s3:::${env:S3_BUCKET, 'media.52poke.com'}/webp-cache/*"
+  #       - Effect: "Allow"
+  #         Action:
+  #           - "s3:DeleteObject"
+  #         Resource: "arn:aws:s3:::${env:S3_BUCKET, 'media.52poke.com'}/webp-cache/*"
   environment:
-    BUCKET: ${opt:bucket, 'media.52poke.com'}
-    REGION: ${opt:region, 'ap-northeast-1'}
+    S3_BUCKET: ${env:S3_BUCKET, 'media.52poke.com'}
+    S3_REGION: ${env:S3_REGION, 'jp-osa-1'}
+    S3_ENDPOINT: ${env:S3_ENDPOINT, 'https://jp-osa-1.linodeobjects.com'}
+    S3_ACCESS_KEY_ID: ${env:S3_ACCESS_KEY_ID, ''}
+    S3_SECRET_ACCESS_KEY: ${env:S3_SECRET_ACCESS_KEY, ''}
   apiGateway:
     binaryMediaTypes:
       - '*/*'

diff --git a/src/utils/s3.ts b/src/utils/s3.ts
@@ -2,9 +2,16 @@ import stream, { Readable } from 'stream';
 import AWS, { S3, AWSError } from 'aws-sdk';
 import createHttpError from 'http-errors';
 
-AWS.config.region = process.env.REGION;
-const s3 = new S3();
-const bucket = process.env.BUCKET as string;
+const s3 = new S3({
+    credentials: process.env.S3_ACCESS_KEY_ID && process.env.S3_SECRET_ACCESS_KEY ? {
+        accessKeyId: process.env.S3_ACCESS_KEY_ID,
+        secretAccessKey: process.env.S3_SECRET_ACCESS_KEY,
+    } : undefined,
+    endpoint: process.env.S3_ENDPOINT,
+    region: process.env.S3_REGION,
+    s3ForcePathStyle: true,
+});
+const bucket = process.env.S3_BUCKET as string;
 
 export const existS3 = async (key: string): Promise<boolean> => {
     try {