Skip to content

feat(data-export): Add export artifact integrity checks#1183

Open
Whiznificent wants to merge 3 commits into
Devsol-01:mainfrom
Whiznificent:main
Open

feat(data-export): Add export artifact integrity checks#1183
Whiznificent wants to merge 3 commits into
Devsol-01:mainfrom
Whiznificent:main

Conversation

@Whiznificent

Copy link
Copy Markdown
Contributor

Description

Add integrity controls for exported artifacts (CSV/JSON/PDF) to ensure they are immutable, verifiable, and time-limited.

Changes

  • Checksum Generation: SHA-256 checksums are generated when exports are finalized and stored with metadata
  • Checksum Verification: Implemented verification of checksums at download time
  • TTL Enforcement: Enforces time-to-live (TTL) for export downloads with automatic cleanup
  • Path Traversal Prevention: Artifacts are only retrievable by export ID to prevent unauthorized access

Acceptance Criteria ✓

  • ✅ Checksum stored with export metadata
  • ✅ TTL enforced for export download
  • ✅ Tests verify artifact access after expiry is denied

Implementation Highlights

  • Immutable exports after creation
  • Checksums verifiable by SHA-256
  • Exports only accessible within their validity window
  • Secure artifact retrieval by ID only

Fixes #1122

- Add SHA-256 checksum computation at export finalization
- Store checksum and fileSize in data_export_requests table
- Verify checksum before serving download (tamper detection)
- Enforce TTL: reject downloads after expiresAt, mark as EXPIRED
- Add daily cron (04:00 UTC) to purge expired export files/records
- Migration: add checksum (VARCHAR 64) and fileSize (BIGINT) columns
- Tests: cover checksum match/mismatch, TTL expiry denial, purge cron
…integrity

feat(data-export): Add Export Artifact Integrity Checks (Checksum + Expiry) Devsol-01#1122
@drips-wave

drips-wave Bot commented Jul 2, 2026

Copy link
Copy Markdown

@Whiznificent Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Backend] -- Add Export Artifact Integrity Checks (Checksum + Expiry)

1 participant