const { S3Client, PutBucketPolicyCommand } = require("@aws-sdk/client-s3");

const BUCKET_NAME = process.env.MINIO_BUCKET || "portal-transparencia";

const s3Client = new S3Client({
    endpoint: `http://${process.env.MINIO_ENDPOINT || "localhost"}:${process.env.MINIO_PORT || 9000}`,
    region: "us-east-1",
    credentials: {
        accessKeyId: process.env.MINIO_ACCESS_KEY || "admin",
        secretAccessKey: process.env.MINIO_SECRET_KEY || "password123",
    },
    forcePathStyle: true,
});

const publicPolicy = {
    Version: "2012-10-17",
    Statement: [
        {
            Effect: "Allow",
            Principal: "*",
            Action: ["s3:GetObject"],
            Resource: [`arn:aws:s3:::${BUCKET_NAME}/*`],
        },
    ],
};

async function main() {
    try {
        await s3Client.send(
            new PutBucketPolicyCommand({
                Bucket: BUCKET_NAME,
                Policy: JSON.stringify(publicPolicy),
            })
        );
        console.log(`✅ Bucket ${BUCKET_NAME} configurado como público!`);
    } catch (error) {
        console.error("Erro:", error.message);
    }
}

main();