Skip to content

[Backend] -- Add Export Artifact Integrity Checks (Checksum + Expiry) #1122

Description

@Devsol-01

Description:
Exports (CSV/JSON/PDF) are sensitive and can become stale or tampered with if stored incorrectly. Add integrity controls so exported artifacts are:

  • immutable after creation
  • verifiable by checksum
  • only accessible within their validity window

Implement:

  • checksum generation when export is finalized (e.g., SHA-256 stored in metadata)
  • store checksum and metadata with export record
  • when serving an artifact, verify checksum (or verify at upload/finalization time)
  • enforce TTL and automatic cleanup

Optionally:

  • sign download URLs
  • prevent path traversal by ensuring artifacts are retrieved only by export id

Acceptance Criteria:

  • Checksum stored with export metadata.
  • TTL enforced for export download.
  • Tests verify artifact access after expiry is denied.

Metadata

Metadata

Assignees

Labels

BackendbackendStellar WaveIssues in the Stellar wave program

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions