Skip to content
mzchat Documentation

Media Handling

mzchat handles media uploads using a chunked, multi-origin approach designed for security and scalability.

Storage Protocol

Section titled “Storage Protocol”

To decouple storage from delivery and enable future S3 compatibility, the database does not store full URLs for user-uploaded assets. Instead, it stores only the fileId (a UUID plus file extension).

When assets are transmitted over the wire (e.g., in a user profile or message), the server dynamically constructs the public URL using the configured ASSETS_DOMAIN. This allows for seamless migration of assets to different domains or CDNs without database updates.

Integrity Verification

Section titled “Integrity Verification”

Uploads use a multipart SHA-256 verification protocol inspired by Amazon S3 to ensure data integrity during parallel chunked uploads.

  1. Chunk Integrity: Each chunk is hashed with SHA-256 and verified individually by the server upon receipt.
  2. Multipart Finalization: The final file hash is not a hash of the entire file in one pass. Instead, it is computed by:
    • Collecting the raw bytes of the SHA-256 hashes for each chunk in sequence.
    • Concatenating these raw bytes.
    • Computing the SHA-256 hash of the concatenated buffer.

This allows the client and server to verify the integrity of the reassembled file without reading the entire file into memory at once.

Security

Section titled “Security”

User-uploaded content is served from ASSETS_DOMAIN, which should ideally be a different origin from the main application. This mitigates the risk of Cross-Site Scripting (XSS) and other origin-based security vulnerabilities by isolating user-controlled content.