Harden quarantine provisioning; enforce strict permissions and update Ansible and docs

core/Services/HashService.php

@@ -0,0 +1,37 @@
+<?php
+declare(strict_types=1);
+namespace UploadLogger\Core\Services;
+
+use UploadLogger\Core\Config;
+
+final class HashService
+{
+    private Config $config;
+
+    public function __construct(?Config $config = null)
+    {
+        $this->config = $config ?? new Config(['modules' => []]);
+    }
+
+    /**
+     * @param string $tmpPath
+     * @param int $size
+     * @return array<string,string>
+     */
+    public function computeHashes(string $tmpPath, int $size): array
+    {
+        $max = (int)$this->config->get('limits.hash_max_filesize', 10 * 1024 * 1024);
+
+        if (!is_uploaded_file($tmpPath)) return [];
+        if ($size <= 0 || $size > $max) return [];
+
+        $sha1 = @hash_file('sha1', $tmpPath);
+        $md5 = @hash_file('md5', $tmpPath);
+
+        $out = [];
+        if (is_string($sha1)) $out['sha1'] = $sha1;
+        if (is_string($md5)) $out['md5'] = $md5;
+
+        return $out;
+    }
+}