1 год назад · 51808e0aac
--- a/apps/app/src/server/service/config-loader.ts
+++ b/apps/app/src/server/service/config-loader.ts
@@ -471,6 +471,12 @@ const ENV_VAR_NAME_TO_CONFIG_INFO = {
 
				     type:    ValueType.NUMBER,
			
 
				     default: 120,
			
 
				   },
			
 
				+  S3_OBJECT_ACL: {
			
 
				+    ns:      'crowi',
			
 
				+    key:     'aws:s3ObjectCannedACL',
			
 
				+    type:    ValueType.STRING,
			
 
				+    default: 'public-read',
			
 
				+  },
			
 
				   GCS_API_KEY_JSON_PATH: {
			
 
				     ns:      'crowi',
			
 
				     key:     'gcs:apiKeyJsonPath',
			
--- a/apps/app/src/server/service/file-uploader/aws.ts
+++ b/apps/app/src/server/service/file-uploader/aws.ts
@@ -48,6 +48,30 @@ const isFileExists = async(s3: S3Client, params: HeadObjectCommandInput) => {
 
				   return true;
			
 
				 };
			
 
				 
			
 
				+const ObjectCannedACLs = [
			
 
				+  ObjectCannedACL.authenticated_read,
			
 
				+  ObjectCannedACL.aws_exec_read,
			
 
				+  ObjectCannedACL.bucket_owner_full_control,
			
 
				+  ObjectCannedACL.bucket_owner_read,
			
 
				+  ObjectCannedACL.private,
			
 
				+  ObjectCannedACL.public_read,
			
 
				+  ObjectCannedACL.public_read_write,
			
 
				+];
			
 
				+const isValidObjectCannedACL = (acl: string | null): acl is ObjectCannedACL => {
			
 
				+  return ObjectCannedACLs.includes(acl as ObjectCannedACL);
			
 
				+};
			
 
				+/**
			
 
				+ * @see: https://dev.growi.org/5d091f611fe336003eec5bfdz
			
 
				+ * @returns ObjectCannedACL
			
 
				+ */
			
 
				+const getS3PutObjectCannedAcl = (): ObjectCannedACL | undefined => {
			
 
				+  const s3ObjectCannedACL = configManager.getConfig('crowi', 'aws:s3ObjectCannedACL');
			
 
				+  if (isValidObjectCannedACL(s3ObjectCannedACL)) {
			
 
				+    return s3ObjectCannedACL;
			
 
				+  }
			
 
				+  return undefined;
			
 
				+};
			
 
				+
			
 
				 const getS3Bucket = (): string | undefined => {
			
 
				   return configManager.getConfig('crowi', 'aws:s3Bucket') ?? undefined; // return undefined when getConfig() returns null
			
 
				 };
			
@@ -212,7 +236,8 @@ module.exports = (crowi) => {
 
				         configManager.getConfig('crowi', 'aws:s3Region') != null
			
 
				           || configManager.getConfig('crowi', 'aws:s3CustomEndpoint') != null
			
 
				       )
			
 
				-      && configManager.getConfig('crowi', 'aws:s3Bucket') != null;
			
 
				+      && configManager.getConfig('crowi', 'aws:s3Bucket') != null
			
 
				+      && configManager.getConfig('crowi', 'aws:s3BucketAclsDisable') != null;
			
 
				   };
			
 
				 
			
 
				   (lib as any).deleteFile = async function(attachment) {
			
@@ -274,7 +299,7 @@ module.exports = (crowi) => {
 
				       Bucket: getS3Bucket(),
			
 
				       Key: filePath,
			
 
				       Body: fileStream,
			
 
				-      ACL: ObjectCannedACL.public_read,
			
 
				+      ACL: getS3PutObjectCannedAcl(),
			
 
				       // put type and the file name for reference information when uploading
			
 
				       ContentType: contentHeaders.contentType?.value.toString(),
			
 
				       ContentDisposition: contentHeaders.contentDisposition?.value.toString(),
			
@@ -289,7 +314,7 @@ module.exports = (crowi) => {
 
				       ContentType: contentType,
			
 
				       Key: filePath,
			
 
				       Body: data,
			
 
				-      ACL: ObjectCannedACL.public_read,
			
 
				+      ACL: getS3PutObjectCannedAcl(),
			
 
				     }));
			
 
				   };