admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): remove MinIO hardcoded credentials & add presigned URL support

Browse Source 
- Remove hardcoded minioadmin/minioadmin_secret fallback from docker-compose.yml,
  require MINIO_ACCESS_KEY/MINIO_SECRET_KEY env vars (fail-fast with :? syntax)
- Align docker-compose.yml env var names with .env.example (MINIO_ACCESS_KEY/SECRET_KEY)
- Update CI e2e workflow to use GitHub vars with non-default fallbacks
- Update .env.test to use non-default test credentials
- Add @aws-sdk/s3-request-presigner and getPresignedUploadUrl() method to
  MinioMediaStorageService for properly signed client-side uploads
- Remove hardcoded credentials from dev-environment docs

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Ho Ngoc Hai
2026-04-08 22:44:50 +07:00
parent 8a86cf42d4
commit 03231271ca
7 changed files with 50 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/e2e.yml vendored
View File

@@ -60,8 +60,8 @@ jobs:
ports:
- 9000:9000
env:
MINIO_ROOT_USER: minioadmin
MINIO_ROOT_PASSWORD: minioadmin_secret
MINIO_ROOT_USER: ${{ vars.CI_MINIO_ACCESS_KEY || 'ci_minio_user' }}
MINIO_ROOT_PASSWORD: ${{ vars.CI_MINIO_SECRET_KEY || 'ci_minio_secret_key_32chars!!' }}
options: >-
--health-cmd "curl -sf http://localhost:9000/minio/health/live || exit 1"
--health-interval 10s
@@ -77,8 +77,8 @@ jobs:
TYPESENSE_API_KEY: ts_ci_key
MINIO_ENDPOINT: localhost
MINIO_PORT: 9000
MINIO_ACCESS_KEY: minioadmin
MINIO_SECRET_KEY: minioadmin_secret
MINIO_ACCESS_KEY: ${{ vars.CI_MINIO_ACCESS_KEY || 'ci_minio_user' }}
MINIO_SECRET_KEY: ${{ vars.CI_MINIO_SECRET_KEY || 'ci_minio_secret_key_32chars!!' }}
MINIO_BUCKET: goodgo-uploads
NODE_ENV: test
JWT_SECRET: e2e-test-jwt-secret-key