Attachments

You can attach receipts, invoices, cheque images, and other supporting documents to a donation or expense. Sukrit Nidhi stores attachments content-addressed: the file is identified by the SHA-256 of its bytes, and every download goes through a short-lived signed URL.

What you can upload

The upload pipeline

Antivirus scanning

Every upload is scanned before it is linked to the record. The scanner has two modes controlled by deployment config:

• Stub mode — signature-based scan for known test patterns (the EICAR string). Fine for dev / CI; should not be used for a production tenant unless paired with something else upstream.
• clamd mode — a real ClamAV daemon is queried over TCP. If the daemon is unreachable, the upload is marked SKIPPED (not CLEAN), so you never get a silent pass on infrastructure failure.

An infected file is rejected: the bytes are not persisted, the row is not created, and a ATTACHMENT_INFECTED_BLOCKED audit event is written for forensic follow-up.

Deduplication

If you attach the same file twice to the same record (same SHA-256), Sukrit Nidhi does not write a second blob. The UI shows a note “Already attached” and links to the existing row. This keeps storage lean and makes chain-of- custody proofs simpler.

Downloading

Click a thumbnail or the filename to download. Under the hood the link is a presigned URL with a short (10-minute) expiry, HMAC-signed with the server’s secret key. The URL is single-purpose:

• It encodes the attachment ID and an expiry timestamp.
• It is signed so a tampered URL fails HMAC verification.
• After expiry it 403s; you just click again on the UI to get a fresh one.

Where attachments show up

• Inline on the donation / expense detail page.
• In the audit log entry for the upload event.
• Optionally in the audit bundle (the bundle does not embed binary files; it records hashes and filenames so auditors can request originals separately).