feat: add support for Aliyun OSS and Tencent COS storage providers

- Updated documentation to include Aliyun OSS and Tencent COS as storage options.
- Introduced configuration examples for both providers in the storage providers documentation.
- Enhanced the storage provider registration to accommodate new providers.
- Updated the storage configuration interfaces to support OSS and COS.
- Modified the S3 client and provider implementations to handle requests for OSS and COS.
- Added environment variable configurations for OSS and COS.
- Implemented necessary changes in the UI schema and routes to reflect the new providers.
- Updated localization files for new storage provider types.

Signed-off-by: Innei <[email protected]>

Author: Innei

apps/docs/contents/storage/providers/cos.mdx

@@ -0,0 +1,64 @@
+---
+title: Tencent COS
+description: Configure Tencent Cloud Object Storage (COS) for deployments within the Tencent ecosystem.
+createdAt: 2025-11-24T10:06:00+08:00
+lastModified: 2025-11-24T22:26:48+08:00
+order: 38
+---
+
+# Tencent COS Storage
+
+Tencent Cloud COS is fully compatible with the S3 API and now has a dedicated provider inside Afilmory. Using `provider: 'cos'` takes care of bucket/APPID handling and builds the default `cos.<region>.myqcloud.com` endpoint for you.
+
+## Configuration
+
+```typescript
+import { defineBuilderConfig } from '@afilmory/builder'
+
+export default defineBuilderConfig(() => ({
+  storage: {
+    provider: 'cos',
+    bucket: process.env.COS_BUCKET!, // include the -APPID suffix, e.g. gallery-1250000000
+    region: process.env.COS_REGION || 'ap-shanghai',
+    accessKeyId: process.env.COS_SECRET_ID!,
+    secretAccessKey: process.env.COS_SECRET_KEY!,
+    endpoint: process.env.COS_ENDPOINT, // optional, defaults to https://<bucket>.cos.<region>.myqcloud.com
+    prefix: process.env.COS_PREFIX || 'photos/',
+    customDomain: process.env.COS_CUSTOM_DOMAIN,
+  },
+}))
+```
+
+## Environment Variables
+
+```bash
+# Required
+COS_BUCKET=gallery-1250000000
+COS_REGION=ap-shanghai
+COS_SECRET_ID=AKIDxxxxxxxx
+COS_SECRET_KEY=yyyyyyyyyyyy
+
+# Optional
+COS_ENDPOINT=https://cos.ap-shanghai.myqcloud.com
+COS_PREFIX=photos/
+COS_CUSTOM_DOMAIN=https://assets.example.com
+```
+
+## COS-specific Considerations
+
+- Buckets MUST include the APPID suffix (`bucketname-125xxxxxxx`).
+- Regional endpoints follow the pattern `https://<bucket>.cos.<region>.myqcloud.com`.
+- SigV4 service defaults to `s3`, matching Tencent's AWS compatibility layer. Override `sigV4Service` only for private gateways.
+- COS supports acceleration and CDN domains; set `customDomain` so generated URLs point to your preferred edge domain.
+
+## Best Practices
+
+- **Use permanent keys** for builder workloads and scope permissions with CAM policies (`name/cos:GetObject`, `cos:PutObject`, etc.).
+- **Leverage CLS logs** and bucket inventory to monitor sync health.
+- **Combine with SCF or CI** pipelines if you need to trigger builder runs after uploads.
+
+## Troubleshooting
+
+- _403 or 404 errors_: confirm the bucket region matches `COS_REGION` and that the IAM policy allows the requested action.
+- _Slow scans_: reduce `downloadConcurrency` or run builder from a Tencent CVM within the same region to minimize latency.
+- _Invalid bucket name_: double-check the `-APPID` suffix and that the bucket really exists in the selected region.

apps/docs/contents/storage/providers/index.mdx

@@ -2,7 +2,7 @@
 title: Storage Providers
 description: Choose a storage provider for your photo collection.
 createdAt: 2025-11-14T22:40:00+08:00
-lastModified: 2025-11-23T19:40:52+08:00
+lastModified: 2025-11-24T22:26:48+08:00
 order: 30
 ---
 
@@ -21,6 +21,24 @@ Afilmory supports multiple storage providers for your photo collection. Choose t
 - Works with AWS S3, MinIO, Cloudflare R2, and other S3-compatible services
 - Recommended for large collections
 
+### [Aliyun OSS](/storage/providers/oss)
+
+**China-mainland optimized**
+
+- Native endpoint defaults for `oss-` regions
+- Works with classic or internal network OSS domains
+- Ideal when data residency or ICP compliance is required
+- Supports CDN fronting via `customDomain`
+
+### [Tencent COS](/storage/providers/cos)
+
+**Tencent Cloud ecosystems**
+
+- First-class support for COS buckets (`bucket-appid`)
+- Automatic `cos.<region>.myqcloud.com` endpoint handling
+- Compatible with COS acceleration domains and CLS logging
+- Preferred for deployments already on Tencent Cloud
+
 ### [B2 (Backblaze B2)](/storage/providers/b2)
 
 **Cost-effective cloud storage**
@@ -60,13 +78,16 @@ Afilmory supports multiple storage providers for your photo collection. Choose t
 ## Choosing a Provider
 
 **For production:**
+
 - Use **S3** or **B2** for scalability and reliability
 
 **For development:**
+
 - Use **Local** for fastest iteration
 - Use **GitHub** for simple demos
 
 **For existing workflows:**
+
 - Use **Eagle** if you already manage photos there
 - Use **GitHub** if your photos are already in a repo
 
@@ -88,4 +109,3 @@ export default defineBuilderConfig(() => ({
 Credentials and sensitive information should be stored in `.env` and referenced via `process.env`.
 
 See each provider's documentation for specific configuration options.
-

apps/docs/contents/storage/providers/oss.mdx

@@ -0,0 +1,63 @@
+---
+title: Aliyun OSS
+description: Configure Aliyun Object Storage Service (OSS) for China-mainland friendly deployments.
+createdAt: 2025-11-24T10:05:00+08:00
+lastModified: 2025-11-24T22:26:48+08:00
+order: 37
+---
+
+# Aliyun OSS Storage
+
+Aliyun OSS is ideal when you need data residency in mainland China or want to leverage Alibaba Cloud's backbone network. The new `provider: 'oss'` option in Afilmory automatically sets sane defaults for endpoints and SigV4 signing so you only fill in the essentials.
+
+## Configuration
+
+```typescript
+import { defineBuilderConfig } from '@afilmory/builder'
+
+export default defineBuilderConfig(() => ({
+  storage: {
+    provider: 'oss',
+    bucket: process.env.OSS_BUCKET!,
+    region: process.env.OSS_REGION || 'oss-cn-hangzhou',
+    accessKeyId: process.env.OSS_ACCESS_KEY_ID!,
+    secretAccessKey: process.env.OSS_ACCESS_KEY_SECRET!,
+    endpoint: process.env.OSS_ENDPOINT, // optional, defaults to bucket.region.aliyuncs.com
+    prefix: process.env.OSS_PREFIX || 'photos/',
+    customDomain: process.env.OSS_CUSTOM_DOMAIN, // optional CDN or acceleration domain
+  },
+}))
+```
+
+## Environment Variables
+
+```bash
+# Required
+OSS_BUCKET=my-gallery-assets
+OSS_REGION=oss-cn-hangzhou
+OSS_ACCESS_KEY_ID=xxxxxxxx
+OSS_ACCESS_KEY_SECRET=yyyyyyyy
+
+# Optional
+OSS_ENDPOINT=https://oss-cn-hangzhou.aliyuncs.com
+OSS_PREFIX=photos/
+OSS_CUSTOM_DOMAIN=https://img.example.cn
+```
+
+## Notes on Endpoints
+
+- If you omit `endpoint`, the provider emits `https://<bucket>.<region>.aliyuncs.com`.
+- You can point `endpoint` to an internal VPC domain or acceleration endpoint; public URLs still honor `customDomain` when provided.
+- The SigV4 service defaults to `oss`. Override `sigV4Service` only when using custom gateways that expect a different service name.
+
+## Best Practices
+
+- **Use ICP-ready domains**: set `customDomain` to an OSS-bound domain that has completed ICP filing for production in mainland China.
+- **Prefix per tenant**: combine `prefix` with tenant IDs or years to simplify lifecycle policies.
+- **Network paths**: pair `endpoint` with the closest region (e.g., `oss-cn-shanghai-internal.aliyuncs.com`) when running builder inside Alibaba Cloud to avoid public egress.
+
+## Troubleshooting
+
+- _Signature mismatch_: verify your AccessKey pair and ensure system clock drift is under 5 minutes.
+- _403 Forbidden after upload_: confirm the RAM policy allows `oss:PutObject` / `oss:GetObject` for the bucket prefix.
+- _Slow downloads outside China_: front OSS with a CDN and set `customDomain` so generated URLs route through the CDN.

apps/docs/src/routes.json

@@ -94,7 +94,7 @@
       "title": "Storage Providers",
       "description": "Choose a storage provider for your photo collection.",
       "createdAt": "2025-11-14T22:40:00+08:00",
-      "lastModified": "2025-11-23T19:40:52+08:00",
+      "lastModified": "2025-11-24T10:15:00+08:00",
       "order": "30"
     }
   },
@@ -109,6 +109,28 @@
       "order": "32"
     }
   },
+  {
+    "path": "/storage/providers/oss",
+    "title": "Aliyun OSS",
+    "meta": {
+      "title": "Aliyun OSS",
+      "description": "Configure Aliyun Object Storage Service (OSS) for China-mainland friendly deployments.",
+      "createdAt": "2025-11-24T10:05:00+08:00",
+      "lastModified": "2025-11-24T10:05:00+08:00",
+      "order": "37"
+    }
+  },
+  {
+    "path": "/storage/providers/cos",
+    "title": "Tencent COS",
+    "meta": {
+      "title": "Tencent COS",
+      "description": "Configure Tencent Cloud Object Storage (COS) for deployments within the Tencent ecosystem.",
+      "createdAt": "2025-11-24T10:06:00+08:00",
+      "lastModified": "2025-11-24T10:06:00+08:00",
+      "order": "38"
+    }
+  },
   {
     "path": "/storage/providers/b2",
     "title": "B2 (Backblaze B2)",

apps/docs/src/routes.ts

@@ -22,10 +22,12 @@ import Route23 from '../contents/saas/cms.mdx'
 import Route15 from '../contents/saas/deployment.mdx'
 import Route22 from '../contents/saas/index.mdx'
 import Route10 from '../contents/storage/providers/b2.mdx'
+import Route26 from '../contents/storage/providers/cos.mdx'
 import Route14 from '../contents/storage/providers/eagle.mdx'
 import Route11 from '../contents/storage/providers/github.mdx'
 import Route8 from '../contents/storage/providers/index.mdx'
 import Route12 from '../contents/storage/providers/local.mdx'
+import Route25 from '../contents/storage/providers/oss.mdx'
 import Route9 from '../contents/storage/providers/s3.mdx'
 
 export interface RouteConfig {
@@ -140,7 +142,7 @@ export const routes: RouteConfig[] = [
       title: 'Storage Providers',
       description: 'Choose a storage provider for your photo collection.',
       createdAt: '2025-11-14T22:40:00+08:00',
-      lastModified: '2025-11-23T19:40:52+08:00',
+      lastModified: '2025-11-24T10:15:00+08:00',
       order: '30',
     },
   },
@@ -156,6 +158,30 @@ export const routes: RouteConfig[] = [
       order: '32',
     },
   },
+  {
+    path: '/storage/providers/oss',
+    component: Route25,
+    title: 'Aliyun OSS',
+    meta: {
+      title: 'Aliyun OSS',
+      description: 'Configure Aliyun Object Storage Service (OSS) for China-mainland friendly deployments.',
+      createdAt: '2025-11-24T10:05:00+08:00',
+      lastModified: '2025-11-24T10:05:00+08:00',
+      order: '37',
+    },
+  },
+  {
+    path: '/storage/providers/cos',
+    component: Route26,
+    title: 'Tencent COS',
+    meta: {
+      title: 'Tencent COS',
+      description: 'Configure Tencent Cloud Object Storage (COS) for deployments within the Tencent ecosystem.',
+      createdAt: '2025-11-24T10:06:00+08:00',
+      lastModified: '2025-11-24T10:06:00+08:00',
+      order: '38',
+    },
+  },
   {
     path: '/storage/providers/b2',
     component: Route10,

be/apps/core/src/modules/configuration/setting/storage-provider.constants.ts

@@ -2,6 +2,8 @@ export const STORAGE_PROVIDERS_SETTING_KEY = 'builder.storage.providers'
 
 export const STORAGE_PROVIDER_SENSITIVE_FIELDS: Record<string, readonly string[]> = {
   s3: ['secretAccessKey'],
+  oss: ['secretAccessKey'],
+  cos: ['secretAccessKey'],
   github: ['token'],
   b2: ['applicationKey'],
 }