gendesign/tradein-mvp/backend/app/api
lekss361 9d87f80e7e fix(tradein-photos): sanitize uploaded images via Pillow re-encode
upload_photo endpoint stored raw uploaded bytes verbatim — EXIF GPS/device
fingerprint leaked, polyglot files (image + appended payload) survived MIME
check and were served back with image/* content-type.

Add services/image_sanitizer.py: open via Pillow, force full decode, drop
EXIF, normalize to RGB, cap longest edge at 2400px, re-encode as JPEG
quality=85. Pipe upload_photo through it; reject undecodable input with 400.

Pin Pillow>=10.3.0 explicitly (was transitive via weasyprint).

Closes finding #6 from 2026-05-24 trade-in audit.
2026-05-24 14:24:55 +03:00
..
v1 fix(tradein-photos): sanitize uploaded images via Pillow re-encode 2026-05-24 14:24:55 +03:00
__init__.py feat: add tradein-mvp subproject (Trade-In Estimator под /trade-in) 2026-05-21 00:25:39 +03:00