soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Add checksum validation for archived media
Some checks failed
linter / quality (push) Has been cancelled
Details
tests / ci (push) Has been cancelled
Details
tests / ui (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Codex Agent
2026-01-30 11:29:40 +01:00
parent 9a8305d986
commit eeffe4c6f1
7 changed files with 406 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
app/Jobs/ArchiveEventMediaAssets.php
View File

@@ -71,12 +71,44 @@ class ArchiveEventMediaAssets implements ShouldQueue
Storage::disk($archiveDisk)->put($archivePath, $stream);
$checksumMeta = null;
$archiveChecksum = null;
if ($this->checksumValidationEnabled()) {
$archiveChecksum = $this->computeChecksum($archiveDisk, $archivePath);
if (! $archiveChecksum) {
throw new \RuntimeException('Archive checksum unavailable');
}
$expectedChecksum = $asset->checksum;
if ($expectedChecksum) {
if (! hash_equals($expectedChecksum, $archiveChecksum)) {
$this->handleChecksumMismatch($asset, $expectedChecksum, $archiveChecksum, $sourceDisk, $archiveDisk);
$this->deleteArchiveCopy($archiveDisk, $archivePath);
continue;
}
$checksumMeta = [
'checksum_status' => 'verified',
'checksum_verified_at' => now()->toIso8601String(),
];
} else {
$asset->checksum = $archiveChecksum;
$checksumMeta = [
'checksum_status' => 'seeded',
'checksum_verified_at' => now()->toIso8601String(),
];
}
}
$asset->fill([
'disk' => $archiveDisk,
'media_storage_target_id' => $archiveTargetId,
'status' => 'archived',
'archived_at' => now(),
'error_message' => null,
'checksum' => $asset->checksum,
'meta' => $this->mergeMeta($asset->meta, $checksumMeta),
])->save();
if ($this->deleteSource) {
@@ -102,4 +134,92 @@ class ArchiveEventMediaAssets implements ShouldQueue
}
}
}
private function checksumValidationEnabled(): bool
{
return (bool) config('storage-monitor.checksum_validation.enabled', true);
}
private function computeChecksum(string $disk, string $path): ?string
{
try {
$stream = Storage::disk($disk)->readStream($path);
} catch (\Throwable $e) {
Log::channel('storage-jobs')->warning('Failed to open stream for checksum', [
'disk' => $disk,
'path' => $path,
'error' => $e->getMessage(),
]);
return null;
}
if (! $stream) {
return null;
}
try {
$context = hash_init('sha256');
$ok = hash_update_stream($context, $stream);
if ($ok === false) {
return null;
}
return hash_final($context);
} finally {
if (is_resource($stream)) {
fclose($stream);
}
}
}
private function handleChecksumMismatch(
EventMediaAsset $asset,
string $expectedChecksum,
string $actualChecksum,
string $sourceDisk,
string $archiveDisk,
): void {
Log::channel('storage-jobs')->alert('Checksum mismatch detected during archive', [
'asset_id' => $asset->id,
'event_id' => $asset->event_id,
'source_disk' => $sourceDisk,
'archive_disk' => $archiveDisk,
'expected_checksum' => $expectedChecksum,
'actual_checksum' => $actualChecksum,
]);
$asset->update([
'status' => 'failed',
'error_message' => 'checksum_mismatch',
'meta' => $this->mergeMeta($asset->meta, [
'checksum_status' => 'mismatch',
'checksum_verified_at' => now()->toIso8601String(),
'checksum_expected' => $expectedChecksum,
'checksum_actual' => $actualChecksum,
]),
]);
}
private function deleteArchiveCopy(string $archiveDisk, string $path): void
{
try {
Storage::disk($archiveDisk)->delete($path);
} catch (\Throwable $e) {
Log::channel('storage-jobs')->warning('Failed to clean up archive copy after checksum mismatch', [
'disk' => $archiveDisk,
'path' => $path,
'error' => $e->getMessage(),
]);
}
}
private function mergeMeta(?array $meta, ?array $updates): ?array
{
if (! $updates) {
return $meta;
}
return array_merge($meta ?? [], $updates);
}
}