From e831d5a022383c0c468dc7e30b45e8dd1d5d8167 Mon Sep 17 00:00:00 2001
From: shum <github.shum@liber.li>
Date: Thu, 2 Apr 2026 12:45:06 +0000
Subject: [PATCH] fix: add CHECK constraint on file_size > 0

Prevents negative or zero file_size values at the database level.
Without this, corrupted data from import or direct DB access could
cause incorrect storage accounting (getUsedStorage sums file_size,
and expiredFiles casts to Word32 which wraps negative values).
---
 .../Server/Store/Postgres/Migrations.hs           | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/Simplex/FileTransfer/Server/Store/Postgres/Migrations.hs b/src/Simplex/FileTransfer/Server/Store/Postgres/Migrations.hs
index 1914ecbd6..84f6b209e 100644
--- a/src/Simplex/FileTransfer/Server/Store/Postgres/Migrations.hs
+++ b/src/Simplex/FileTransfer/Server/Store/Postgres/Migrations.hs
@@ -14,7 +14,8 @@ import Text.RawString.QQ (r)
 
 xftpSchemaMigrations :: [(String, Text, Maybe Text)]
 xftpSchemaMigrations =
-  [ ("20260325_initial", m20260325_initial, Nothing)
+  [ ("20260325_initial", m20260325_initial, Nothing),
+    ("20260402_file_size_check", m20260402_file_size_check, Just down_m20260402_file_size_check)
   ]
 
 -- | The list of migrations in ascending order by date
@@ -45,3 +46,15 @@ CREATE TABLE recipients (
 CREATE INDEX idx_recipients_sender_id ON recipients (sender_id);
 CREATE INDEX idx_files_created_at ON files (created_at);
 |]
+
+m20260402_file_size_check :: Text
+m20260402_file_size_check =
+  [r|
+ALTER TABLE files ADD CONSTRAINT check_file_size_positive CHECK (file_size > 0);
+|]
+
+down_m20260402_file_size_check :: Text
+down_m20260402_file_size_check =
+  [r|
+ALTER TABLE files DROP CONSTRAINT check_file_size_positive;
+|]