gendesign/tradein-mvp/backend/app/api/v1
lekss361 9d87f80e7e fix(tradein-photos): sanitize uploaded images via Pillow re-encode
upload_photo endpoint stored raw uploaded bytes verbatim — EXIF GPS/device
fingerprint leaked, polyglot files (image + appended payload) survived MIME
check and were served back with image/* content-type.

Add services/image_sanitizer.py: open via Pillow, force full decode, drop
EXIF, normalize to RGB, cap longest edge at 2400px, re-encode as JPEG
quality=85. Pipe upload_photo through it; reject undecodable input with 400.

Pin Pillow>=10.3.0 explicitly (was transitive via weasyprint).

Closes finding #6 from 2026-05-24 trade-in audit.
2026-05-24 14:24:55 +03:00
..
__init__.py feat: add tradein-mvp subproject (Trade-In Estimator под /trade-in) 2026-05-21 00:25:39 +03:00
admin.py fix(tradein/avito): anti-bot hardening — sleep + abort + shared session (#487) 2026-05-23 20:08:40 +00:00
brand.py feat: add tradein-mvp subproject (Trade-In Estimator под /trade-in) 2026-05-21 00:25:39 +03:00
geocode.py feat(tradein): postgres_fdw live read of gendesign.cad_buildings (replaces snapshot) (#493) 2026-05-24 08:57:30 +00:00
search.py feat(tradein): Phase 3.2 — /api/v1/search endpoint + Redis cache (#479) 2026-05-23 14:44:22 +00:00
trade_in.py fix(tradein-photos): sanitize uploaded images via Pillow re-encode 2026-05-24 14:24:55 +03:00