From 692fba51d84c4319a682bf96756ac3087821b47a Mon Sep 17 00:00:00 2001
From: Ruben Talstra <RubenTalstra1211@outlook.com>
Date: Thu, 20 Mar 2025 14:00:59 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=80=20feat:=20Add=20support=20for=20cu?=
 =?UTF-8?q?stom=20AWS=20endpoint=20in=20S3=20initialization=20(#6431)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .env.example                               |  1 +
 api/server/services/Files/S3/initialize.js | 14 ++++++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/.env.example b/.env.example
index d9a4d52d92..54f9c4a96c 100644
--- a/.env.example
+++ b/.env.example
@@ -480,6 +480,7 @@ FIREBASE_APP_ID=
 # S3 AWS Bucket          #
 #========================#
 
+AWS_ENDPOINT_URL=
 AWS_ACCESS_KEY_ID=
 AWS_SECRET_ACCESS_KEY=
 AWS_REGION=
diff --git a/api/server/services/Files/S3/initialize.js b/api/server/services/Files/S3/initialize.js
index d85945f708..2daec25235 100644
--- a/api/server/services/Files/S3/initialize.js
+++ b/api/server/services/Files/S3/initialize.js
@@ -9,6 +9,8 @@ let s3 = null;
  * If AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are provided, they will be used.
  * Otherwise, the AWS SDK's default credentials chain (including IRSA) is used.
  *
+ * If AWS_ENDPOINT_URL is provided, it will be used as the endpoint.
+ *
  * @returns {S3Client|null} An instance of S3Client if the region is provided; otherwise, null.
  */
 const initializeS3 = () => {
@@ -22,18 +24,26 @@ const initializeS3 = () => {
     return null;
   }
 
+  // Read the custom endpoint if provided.
+  const endpoint = process.env.AWS_ENDPOINT_URL;
   const accessKeyId = process.env.AWS_ACCESS_KEY_ID;
   const secretAccessKey = process.env.AWS_SECRET_ACCESS_KEY;
 
+  const config = {
+    region,
+    // Conditionally add the endpoint if it is provided
+    ...(endpoint ? { endpoint } : {}),
+  };
+
   if (accessKeyId && secretAccessKey) {
     s3 = new S3Client({
-      region,
+      ...config,
       credentials: { accessKeyId, secretAccessKey },
     });
     logger.info('[initializeS3] S3 initialized with provided credentials.');
   } else {
     // When using IRSA, credentials are automatically provided via the IAM Role attached to the ServiceAccount.
-    s3 = new S3Client({ region });
+    s3 = new S3Client(config);
     logger.info('[initializeS3] S3 initialized using default credentials (IRSA).');
   }