✨ feat(file): add presigned URL support for file access

- add getPresignedFileUrl method in MinioService to generate time-limited access URLs
- update FileService to use presigned URLs instead of direct URLs for secure file access
- add 3600 seconds (1 hour) default expiration time for presigned URLs
- add logging for presigned URL generation success and failure cases

src/server/modules/files/file.service.ts

@@ -88,7 +88,7 @@ export class FileService extends GenericCrudService<File> {
       throw new Error('文件不存在');
     }
     
-    return this.minioService.getFileUrl(this.minioService.bucketName, file.path);
+    return this.minioService.getPresignedFileUrl(this.minioService.bucketName, file.path);
   }
 
   /**

src/server/modules/files/minio.service.ts

@@ -95,6 +95,18 @@ export class MinioService {
     return `${protocol}://${process.env.MINIO_HOST}${port}/${bucketName}/${fileKey}`;
   }
 
+  // 生成预签名文件访问URL（用于私有bucket）
+  async getPresignedFileUrl(bucketName: string, fileKey: string, expiresInSeconds = 3600) {
+    try {
+      const url = await this.client.presignedGetObject(bucketName, fileKey, expiresInSeconds);
+      logger.db(`Generated presigned URL for ${bucketName}/${fileKey}, expires in ${expiresInSeconds}s`);
+      return url;
+    } catch (error) {
+      logger.error(`Failed to generate presigned URL for ${bucketName}/${fileKey}:`, error);
+      throw error;
+    }
+  }
+
   // 创建分段上传会话
   async createMultipartUpload(bucketName: string, objectName: string) {
     try {