|
|
@@ -48,6 +48,14 @@ const isFileExists = async(s3: S3Client, params: HeadObjectCommandInput) => {
|
|
|
return true;
|
|
|
};
|
|
|
|
|
|
+const getS3PutObjectCannedAcl = (): ObjectCannedACL => {
|
|
|
+ // NOTE: When ACLs are disabled in an S3 bucket, use the Canned ACL "private"
|
|
|
+ if (configManager.getConfig('crowi', 'aws:s3BucketAclsDisable')){
|
|
|
+ return ObjectCannedACL.private;
|
|
|
+ }
|
|
|
+ return ObjectCannedACL.public_read;
|
|
|
+};
|
|
|
+
|
|
|
const getS3Bucket = (): string | undefined => {
|
|
|
return configManager.getConfig('crowi', 'aws:s3Bucket') ?? undefined; // return undefined when getConfig() returns null
|
|
|
};
|
|
|
@@ -212,7 +220,8 @@ module.exports = (crowi) => {
|
|
|
configManager.getConfig('crowi', 'aws:s3Region') != null
|
|
|
|| configManager.getConfig('crowi', 'aws:s3CustomEndpoint') != null
|
|
|
)
|
|
|
- && configManager.getConfig('crowi', 'aws:s3Bucket') != null;
|
|
|
+ && configManager.getConfig('crowi', 'aws:s3Bucket') != null
|
|
|
+ && configManager.getConfig('crowi', 'aws:s3BucketAclsDisable') != null;
|
|
|
};
|
|
|
|
|
|
(lib as any).deleteFile = async function(attachment) {
|
|
|
@@ -274,7 +283,7 @@ module.exports = (crowi) => {
|
|
|
Bucket: getS3Bucket(),
|
|
|
Key: filePath,
|
|
|
Body: fileStream,
|
|
|
- ACL: ObjectCannedACL.public_read,
|
|
|
+ ACL: getS3PutObjectCannedAcl(),
|
|
|
// put type and the file name for reference information when uploading
|
|
|
ContentType: contentHeaders.contentType?.value.toString(),
|
|
|
ContentDisposition: contentHeaders.contentDisposition?.value.toString(),
|
|
|
@@ -289,7 +298,7 @@ module.exports = (crowi) => {
|
|
|
ContentType: contentType,
|
|
|
Key: filePath,
|
|
|
Body: data,
|
|
|
- ACL: ObjectCannedACL.public_read,
|
|
|
+ ACL: getS3PutObjectCannedAcl(),
|
|
|
}));
|
|
|
};
|
|
|
|
Yuki Takei