add MINIO_CA_CERT and extra logging

meower-media · Aug 16, 2024 · 4d6dc8f · 4d6dc8f
1 parent 94bfe9f
commit 4d6dc8f
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 6 deletions.
diff --git a/file.go b/file.go
@@ -6,6 +6,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"io"
+	"log"
 	"time"
 
 	"github.com/discord/lilliput"
@@ -138,6 +139,7 @@ func CreateFile(bucket string, fileBytes []byte, filename string, mime string, u
 				ContentType: mime,
 			},
 		); err != nil {
+			log.Println(err)
 			return f, err
 		}
 	}

diff --git a/main.go b/main.go
@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"crypto/tls"
+	"crypto/x509"
 
 	"github.com/getsentry/sentry-go"
 	_ "github.com/glebarez/go-sqlite"
@@ -79,14 +80,19 @@ func main() {
 		endpoint := region[1]
 		opts := &minio.Options{
 			Creds:  credentials.NewStaticV4(os.Getenv("MINIO_ACCESS_KEY"), os.Getenv("MINIO_SECRET_KEY"), ""),
-			Secure: true,
+			Secure: os.Getenv("MINIO_SECURE") == "1",
 		}
-		if os.Getenv("MINIO_SECURE") != "1" {
-			opts.Secure = false
-		}
-		if os.Getenv("MINIO_NO_TLS_VERIFY") == "1" {
+		if os.Getenv("MINIO_CA_CERT") != "" {
+			caCert, err := os.ReadFile(os.Getenv("MINIO_CA_CERT"))
+			if err != nil {
+				log.Fatalln(err)
+			}
+			caCertPool := x509.NewCertPool()
+			caCertPool.AppendCertsFromPEM(caCert)
 			opts.Transport = &http.Transport{
-				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+				TLSClientConfig: &tls.Config{
+					RootCAs: caCertPool,
+				},
 			}
 		}
 		s3Clients[name], err = minio.New(endpoint, opts)