Added Secure Video Upload Validation

backend/app/security/video_validator.py

@@ -0,0 +1,62 @@
+import os
+import magic
+import cv2
+import tempfile
+from fastapi import UploadFile
+from typing import Tuple
+from app.core.logger import logger
+
+class VideoValidator:
+    ALLOWED_MIMES = {"video/mp4", "video/quicktime", "video/x-msvideo", "video/webm"}
+    ALLOWED_EXTENSIONS = {".mp4", ".mov", ".avi", ".webm"}
+    MAX_FILE_BYTES = 100 * 1024 * 1024 # 100 MB Limit
+
+    @classmethod
+    def validate_stream(cls, file: UploadFile) -> Tuple[bool, str]:
+        try:
+            ext = os.path.splitext(file.filename)[1].lower()
+            if ext not in cls.ALLOWED_EXTENSIONS:
+                logger.warning(f"Security Alert: Blocked illegal file extension '{ext}'")
+                return False, f"File extension {ext} is not allowed."
+
+            file_head = file.file.read(2048)
+            file.file.seek(0)
+
+            actual_mime = magic.from_buffer(file_head, mime=True)
+            if actual_mime not in cls.ALLOWED_MIMES:
+                logger.warning(f"Security Alert: Blocked illegal MIME type '{actual_mime}' masquerading as {ext}")
+                return False, f"Invalid file signature detected: {actual_mime}"
+            
+            bytes_read = 0
+
+            with tempfile.NamedTemporaryFile(delete=True, suffix=ext) as temp_video:
+                while chunk := file.file.read(1024 * 1024): # Read 1 MB at a time
+                    bytes_read += len(chunk)
+                    if bytes_read > cls.MAX_FILE_BYTES:
+                        logger.warning(f"Security Alert: Blocked upload exceeding {cls.MAX_FILE_BYTES} bytes")
+                        return False, "File size exceeds the maximum allowed limit"
+
+                    temp_video.write(chunk)
+                
+                temp_video.flush()
+                file.file.seek(0)
+
+                cap = cv2.VideoCapture(temp_video.name)
+
+                if not cap.isOpened():
+                    logger.warning("Security Alert: OpenCV failed to open the video container. File may be corrupted or disguised.")
+                    cap.release()
+                    return False, "Video container is corrupted or unreadable."
+
+                success, frame = cap.read()
+                cap.release()
+
+                if not success or frame is None:
+                    logger.warning("Security Alert: OpenCV opened container but failed to extract any visual frames.")
+                    return False, "Video contains no readable visual frames."
+            
+            return True, "Valid"
+        
+        except Exception as e:
+            logger.error(f"Critical error during video validation: {str(e)}")
+            return False, "An unexpected error occured while processing the video stream."

backend/app/utils/file_handler.py

@@ -4,6 +4,7 @@ import uuid
 import magic
 from PIL import Image, UnidentifiedImageError
 from fastapi import UploadFile, HTTPException
+from app.security.video_validator import VideoValidator
 
 
 UPLOAD_DIR = "uploads"
@@ -17,29 +18,37 @@ ALLOWED_TYPES = {
 }
 
 def validate_file(file: UploadFile):
+    ext = file.filename.split(".")[-1].lower() if "." in file.filename else ""
+
+    if ext in ["mp4", "mov", "avi", "webm"]:
+        is_valid, validation_reason = VideoValidator.validate_stream(file)
+
+        if not is_valid:
+            raise HTTPException(status_code=400, detail=validation_reason)
+        
+        return file.size or 0
+    
     file_bytes = file.file.read()
     size = len(file_bytes)
+
     if size > MAX_FILE_SIZE:
         raise HTTPException(status_code=400, detail="File size too large")
-
+    
     actual_mime = magic.from_buffer(file_bytes, mime=True)
-    if actual_mime not in ALLOWED_TYPES:
-        raise HTTPException(status_code=400, detail=f"Invalid file signature. Detected: {actual_mime}")
-
-    if "image" in actual_mime:
-        try:
-            file.file.seek(0)
-            with Image.open(file.file) as img:
-                img.verify()
-                width, height = img.size
-                
-                if width > 8000 or height > 8000:
-                    raise HTTPException(status_code=400, detail="Image resolution exceeds 8000x8000 limit")
-        except UnidentifiedImageError:
-            raise HTTPException(status_code=400, detail="Image file is corrupted or unreadable")
-        except Image.DecompressionBombError:
-            raise HTTPException(status_code=400, detail="Decompression Bomb detected! Image rejected")
 
+    if "image" not in actual_mime:
+        raise HTTPException(status_code=400, detail=f"Invalid image signature. Detected: {actual_mime}")
+    
+    try:
+        file.file.seek(0)
+        with Image.open(file.file) as img:
+            img.verify()
+            width, height = img.size
+            if width > 8000 or height > 8000:
+                raise HTTPException(status_code=400, detail="Image resolution exceeds 8000x8000 limit.")
+    except Image.DecompressionBombError:
+        raise HTTPException(status_code=400, detail="Decompression Bomb detected! Image rejected")
+    
     file.file.seek(0)
     return size
 

backend/main.py

@@ -2,7 +2,6 @@ from fastapi import FastAPI
 from contextlib import asynccontextmanager
 from slowapi import _rate_limit_exceeded_handler
 from slowapi.errors import RateLimitExceeded
-from app.db.init_db import init_db
 from app.api.user_routes import router as user_router
 from app.api.auth_routes import router as auth_router
 from app.api.profile_routes import router as profile_router
@@ -17,7 +16,7 @@ from app.middleware.security_headers import SecurityHeadersMiddleware
 
 @asynccontextmanager
 async def lifespan(app: FastAPI):
-    init_db()
+    pass
     yield
 
 app = FastAPI(

fake_video.mp4

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fd7a2612f459072921f03279a0e61ea7fb923a1231291632546fae6c4079ec5e
+size 15