[BUG] OSS setting PUBLICREAD will cause inaccessibility

[cipchk]

OpenIM Server Version

3.8.1

Operating System and CPU Architecture

Linux (AMD)

Deployment Method

Docker Deployment

Bug Description and Steps to Reproduce

事实上在 #2317 已经有人报告过，但是被自动关闭了。

OPENIM_RPC_THIRD_OBJECT_ENABLE=oss
OPENIM_RPC_THIRD_OBJECT_OSS_ENDPOINT=https://xxxx.aliyuncs.com
OPENIM_RPC_THIRD_OBJECT_OSS_BUCKET=xxx-im
OPENIM_RPC_THIRD_OBJECT_OSS_BUCKETURL=https://xxxx.xxxx.xxxx
OPENIM_RPC_THIRD_OBJECT_OSS_ACCESSKEYID=xxxxx
OPENIM_RPC_THIRD_OBJECT_OSS_ACCESSKEYSECRET=xxxxx
OPENIM_RPC_THIRD_OBJECT_OSS_PUBLICREAD=true # 是否公开读取

Docker compose:

      - IMENV_OPENIM_RPC_THIRD_OBJECT_ENABLE=${OPENIM_RPC_THIRD_OBJECT_ENABLE}
      - IMENV_OPENIM_RPC_THIRD_OBJECT_OSS_ENDPOINT=${OPENIM_RPC_THIRD_OBJECT_OSS_ENDPOINT}
      - IMENV_OPENIM_RPC_THIRD_OBJECT_OSS_BUCKET=${OPENIM_RPC_THIRD_OBJECT_OSS_BUCKET}
      - IMENV_OPENIM_RPC_THIRD_OBJECT_OSS_BUCKETURL=${OPENIM_RPC_THIRD_OBJECT_OSS_BUCKETURL}
      - IMENV_OPENIM_RPC_THIRD_OBJECT_OSS_ACCESSKEYID=${OPENIM_RPC_THIRD_OBJECT_OSS_ACCESSKEYID}
      - IMENV_OPENIM_RPC_THIRD_OBJECT_OSS_ACCESSKEYSECRET=${OPENIM_RPC_THIRD_OBJECT_OSS_ACCESSKEYSECRET}
      - IMENV_OPENIM_RPC_THIRD_OBJECT_OSS_PUBLICREAD=${OPENIM_RPC_THIRD_OBJECT_OSS_PUBLICREAD}

图片的请求地址为：

https://im_api(port: 10002)/api/object/3/msg_picture_cc83598702168c07b2533b125b340f6d.jpg

会被 302 跳转到

请求网址:
https://xxx-im.oss-xxxx.aliyuncs.com/openim%2Fdata%2Fhash%2F14b34f8be36f792d0dc61c876df69129
请求方法:
GET
状态代码:
403 Forbidden

另外一个细节就是BUCKETURL

当我设置提自己的域名时（OSS已经绑定正确了），但是消息里面依然还是使用 OSS 域的址，就像 https://xxx-im.oss-xxxx.aliyuncs.com/openim%2Fdata%2Fhash%2F14b34f8be36f792d0dc61c876df69129 ，依然使用的是 aliyuncs.cm，而不是我所配置的域名。

当然这一点我不确认是不是因为 publicRead 错误产生的并发症。

Screenshots Link

No response

[WindRain20140210]

这个问题有人看下吗？

[OpenIM-Robot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Does anyone have a look at this issue?

[WindRain20140210]

请问这个bug修复了吗？

[OpenIM-Robot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Could you please ask this question?

[WindRain20140210]

oss是没实现分片上传吗？没看到调用UploadPart方法

[OpenIM-Robot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Does oss not implement multipart upload? I didn’t see the UploadPart method being called.

[WindRain20140210]

OSS 预签名url上传，如何让前端上传呢？

[OpenIM-Robot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

OSS pre-signed URL upload, how to let the front end upload it?

[withchao]

The returned URL is the API address and will be redirected to the corresponding S3
There is sharding, refer to SDK implementation, no OSS.
https://github.com/openimsdk/openim-sdk-core/blob/main/internal/third/file/upload.go

[cipchk]

@withchao 我觉得 BUCKETURL 的存在说明我们想走域名的流量（例如我们域名会通过 Cloudflare 来解决 CDN 问题），而不是再次重写向 aliyuncs.com 域名的吧。

我认可以讨论一下，而不是直接关掉 ISSUES，事实上我们所有 CDN 流量都会走我们自己的域名的，BUCKETURL 与 PUBLICREAD 的存在，应该是流量走向 CDN，而不是 aliyuncs.com。

[OpenIM-Robot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

@withchao I think the existence of BUCKETURL means that we want to use domain name traffic (for example, our domain name will use Cloudflare to solve CDN problems), rather than rewriting the domain name aliyuncs.com again.