DIREKT File Storage Architecture¶
Classes¶
- Public provider media.
- Private verification evidence.
- Private complaint/incident attachments.
- Generated receipts/exports.
- Temporary uploads.
Each class has separate bucket/prefix, access and retention rules.
Evidence lifecycle¶
- API authorizes upload with expected MIME, size and purpose.
- Client uploads to private temporary path.
- Backend finalizes using checksum and ownership.
- File is scanned/validated.
- Immutable evidence version is created.
- Reviewer receives short-lived view authorization.
- Access is audited.
- Retention/hold/deletion policy applies.
Controls¶
- private by default;
- random object keys;
- no user filename as key;
- MIME signature validation;
- size/page limits;
- malware/scanning service where available;
- image metadata stripping where appropriate;
- server-generated public derivatives only for public media;
- encryption at rest/in transit;
- no permanent public evidence URLs;
- lifecycle cleanup for abandoned uploads.
Public media¶
Moderated portfolio/premises marketing images are distinct from verification evidence. Publishing a derivative never exposes the original evidence object.
Backups¶
Database backup must preserve references and storage backup/versioning strategy must be compatible. Restore tests verify both metadata and object availability.