Verify integrity after chunked download

3 files changed, 11 insertions, 2 deletions

diff --git a/activestorage/lib/active_storage/downloader.rb b/activestorage/lib/active_storage/downloader.rb
index 0e7039e104..5953fd08fb 100644
--- a/activestorage/lib/active_storage/downloader.rb
+++ b/activestorage/lib/active_storage/downloader.rb
@@ -10,6 +10,7 @@ module ActiveStorage
     def download_blob_to_tempfile
       open_tempfile do |file|
         download_blob_to file
+        verify_integrity_of file
         yield file
       end
     end
@@ -34,6 +35,12 @@ module ActiveStorage
         file.rewind
       end
 
+      def verify_integrity_of(file)
+        unless Digest::MD5.file(file).base64digest == checksum
+          raise ActiveStorage::IntegrityError
+        end
+      end
+
       def tempfile_extension_with_delimiter
         blob.filename.extension_with_delimiter
       end
diff --git a/activestorage/lib/active_storage/errors.rb b/activestorage/lib/active_storage/errors.rb
index f099b13f5b..bedcd080c4 100644
--- a/activestorage/lib/active_storage/errors.rb
+++ b/activestorage/lib/active_storage/errors.rb
@@ -4,4 +4,8 @@ module ActiveStorage
   class InvariableError < StandardError; end
   class UnpreviewableError < StandardError; end
   class UnrepresentableError < StandardError; end
+
+  # Raised when uploaded or downloaded data does not match a precomputed checksum.
+  # Indicates that a network error or a software bug caused data corruption.
+  class IntegrityError < StandardError; end
 end
diff --git a/activestorage/lib/active_storage/service.rb b/activestorage/lib/active_storage/service.rb
index 949969fc95..da1af4f745 100644
--- a/activestorage/lib/active_storage/service.rb
+++ b/activestorage/lib/active_storage/service.rb
@@ -3,8 +3,6 @@
 require "active_storage/log_subscriber"
 
 module ActiveStorage
-  class IntegrityError < StandardError; end
-
   # Abstract class serving as an interface for concrete services.
   #
   # The available services are: