From 1329d5b85daa813607b05f836cffc5f955875a46 Mon Sep 17 00:00:00 2001
From: Cizz22 <cisatraa@gmail.com>
Date: Wed, 11 Feb 2026 15:55:26 +0700
Subject: [PATCH] feat: validate uploaded file content type is
 application/octet-stream

---
 src/aeros_project/service.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/aeros_project/service.py b/src/aeros_project/service.py
index c244b4f..bb64823 100644
--- a/src/aeros_project/service.py
+++ b/src/aeros_project/service.py
@@ -38,6 +38,13 @@ async def import_aro_project(*, db_session: DbSession, aeros_project_in: AerosPr
             status_code=400,
             detail=f"Invalid filename: {str(e)}"
         )
+    
+    # Check if mime type is application/octet-stream 
+    if file.content_type != "application/octet-stream":
+        raise HTTPException(
+            status_code=400,
+            detail="Invalid file type. Allowed: application/octet-stream"
+        )
 
     # Get filename
     filename_without_ext = os.path.splitext(clean_filename)[0]