implement type guard and set undefined when the value is invalid

apps/app/src/server/service/file-uploader/aws.ts

@@ -48,12 +48,28 @@ const isFileExists = async(s3: S3Client, params: HeadObjectCommandInput) => {
   return true;
 };
 
-const getS3PutObjectCannedAcl = (): ObjectCannedACL => {
-  // NOTE: When ACLs are disabled in an S3 bucket, use the Canned ACL "private"
-  if (configManager.getConfig('crowi', 'aws:s3BucketAclsDisable')){
-      return ObjectCannedACL.private;
+const ObjectCannedACLs = [
+  ObjectCannedACL.authenticated_read,
+  ObjectCannedACL.aws_exec_read,
+  ObjectCannedACL.bucket_owner_full_control,
+  ObjectCannedACL.bucket_owner_read,
+  ObjectCannedACL.private,
+  ObjectCannedACL.public_read,
+  ObjectCannedACL.public_read_write,
+];
+const isValidObjectCannedACL = (acl: string | null): acl is ObjectCannedACL => {
+  return ObjectCannedACLs.includes(acl as ObjectCannedACL);
+};
+/**
+ * @see: https://dev.growi.org/5d091f611fe336003eec5bfdz
+ * @returns ObjectCannedACL
+ */
+const getS3PutObjectCannedAcl = (): ObjectCannedACL | undefined => {
+  const s3ObjectCannedACL = configManager.getConfig('crowi', 'aws:s3ObjectCannedACL');
+  if (isValidObjectCannedACL(s3ObjectCannedACL)) {
+    return s3ObjectCannedACL;
   }
-  return ObjectCannedACL.public_read;
+  return undefined;
 };
 
 const getS3Bucket = (): string | undefined => {