From 07ec667483cb3d42f22ddd6cf1f79bd817143a28 Mon Sep 17 00:00:00 2001
From: Tiago Garcia <tiago.rgarcia@ua.pt>
Date: Wed, 20 Nov 2024 16:32:50 +0000
Subject: [PATCH] Add file checksum validation

---
 delivery1/server/requirements.txt | 3 +--
 delivery1/server/routes/file.py   | 7 +++++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/delivery1/server/requirements.txt b/delivery1/server/requirements.txt
index b65df60..f78b456 100644
--- a/delivery1/server/requirements.txt
+++ b/delivery1/server/requirements.txt
@@ -1,4 +1,3 @@
 cryptography
 flask
-flask_sqlalchemy
-pytest
\ No newline at end of file
+flask_sqlalchemy
\ No newline at end of file
diff --git a/delivery1/server/routes/file.py b/delivery1/server/routes/file.py
index 0c489bb..da64c67 100644
--- a/delivery1/server/routes/file.py
+++ b/delivery1/server/routes/file.py
@@ -83,6 +83,13 @@ def file_upload_content():
     if not file:
         return jsonify({"error": "Invalid file data"}), 400
 
+    file_sum = request.headers.get("File-Checksum")
+    if not file_sum:
+        return jsonify({"error": "No file checksum provided"}), 400
+
+    if file_sum != utils.get_hash(file.stream):
+        return jsonify({"error": "File checksum mismatch"}), 400
+
     file = upload_service.write_file(session_token, file.stream)
     if isinstance(file, tuple):
         return file