From 345fa18847bd8f2750d35bd158ce432e78f7a595 Mon Sep 17 00:00:00 2001
From: xiangmy21 <90919434+xiangmy21@users.noreply.github.com>
Date: Tue, 3 Oct 2023 02:47:35 +0800
Subject: [PATCH] =?UTF-8?q?fix(static):=20=E5=A2=9E=E6=B7=BB=E6=99=AE?=
 =?UTF-8?q?=E9=80=9A=E7=94=A8=E6=88=B7=E5=AF=B9COS=20upload=E7=9A=84?=
 =?UTF-8?q?=E4=B8=8B=E8=BD=BD=E6=9D=83=E9=99=90=20(#1284)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/routes/static.ts | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/routes/static.ts b/src/routes/static.ts
index 7eeac8ef..3131ad34 100644
--- a/src/routes/static.ts
+++ b/src/routes/static.ts
@@ -19,6 +19,11 @@ const generalActions = [
   "name/cos:DeleteObject",
   "name/cos:GetBucket",
 ];
+const viewActions = [
+  "name/cos:HeadObject",
+  "name/cos:GetObject",
+  "name/cos:GetBucket",
+]
 
 router.get("/team_code", async (req, res) => {
   try{
@@ -153,7 +158,6 @@ router.get("/chat_record", async (req, res) => {
 //General Template
 router.get("/", async (req, res) => {
   try{
-    const action = generalActions;
     const authHeader = req.get("Authorization");
     if (!authHeader) {
       return res.status(401).send("401 Unauthorized: Missing token");
@@ -168,10 +172,13 @@ router.get("/", async (req, res) => {
         }
         const payload = decoded as JwtPayload;
         if (payload.role == 'counselor' || payload.role == 'root' || payload.role == 'admin') {
-          const sts = await getSTS(action, "*");
+          const sts = await getSTS(generalActions, "*");
+          return res.status(200).send(sts);
+        }
+        else {
+          const sts = await getSTS(viewActions, "upload/*");
           return res.status(200).send(sts);
         }
-        else return res.status(401).send("401 Unauthorized");
       } catch (err) {
         return res.status(500).send(err);
       }