[Enhancement] Files, photos, gallery, ansi: No duplicate detection on upload — identical files can be uploaded repeatedly to farm or clutter areas

Area: Files, photos, gallery, ansi (audit p5) · Surface: File upload (/files/{slug}/upload, bulk-upload) · Dimension: improve-existing · Severity: minor

Mature file libraries hash uploads to catch exact duplicates before they hit the moderation queue. Without it, the same archive can be uploaded to multiple areas (or re-uploaded after rejection), inflating storage and moderator workload, and — because credits are awarded on approval — creating a low-effort path to repeatedly submit near-identical content. A content hash also enables instant integrity checks and "already in the archive" warnings.

Evidence

storeUpload (FileController.php:1016-1244) stores each file under a fresh random UUID name with no content hash check; FileUpload::create takes no checksum and there is no sha256/md5 column or duplicate lookup (grep for sha256|md5|hash|duplicate|dedup|checksum in FileController.php / FileUpload.php finds only one unrelated comment at line 567). Bulk upload (line 1300) is the same.

Suggested fix. Compute a SHA-256 at upload, store it on file_uploads, index it, and warn (or block, configurably) when an identical hash already exists in an approved file. Surface the existing file's link to the uploader and the moderator instead of queuing a duplicate.

Filed by the automated tenant-app audit and adversarially evidence-verified. Status: verified. Open — not yet actioned.