Look signature for file type

src/Infrastructure/AzureBlob/AzureBlobStorageService.cs

@@ -44,7 +44,7 @@ public class AzureBlobStorageService : IAzureBlobStorageService
         }
         
         // Validate content type
-        if (!ContentTypes.IsAllowed(contentType))
+        if (!ContentTypes.IsAllowed(contentType, memoryStream))
         {
             _logger.LogInformation($"Blob storage: Unsupported file type {contentType}. Only PNG and JPEG are allowed.");
             throw new InvalidOperationException("Unsupported file type. Only PNG and JPEG are allowed.");

src/Infrastructure/AzureBlob/ContentTypes.cs

@@ -8,8 +8,29 @@ public static class ContentTypes
     
     public static HashSet<string> AllowedContentTypes = new HashSet<string> { ImagePng, ImageJpeg, ImageJpg };
 
-    public static bool IsAllowed(string contentType)
+    public static bool IsAllowed(string contentType, Stream fileStream)
     {
-        return AllowedContentTypes.Contains(contentType);
+        return IsValidFileType(fileStream) && AllowedContentTypes.Contains(contentType);
+    }
+    
+    private static bool IsValidFileType(Stream fileStream)
+    {
+        byte[] buffer = new byte[4];
+        fileStream.Read(buffer, 0, buffer.Length);
+        fileStream.Position = 0;
+
+        // PNG file signature: 89 50 4E 47 (in hex)
+        if (buffer[0] == 0x89 && buffer[1] == 0x50 && buffer[2] == 0x4E && buffer[3] == 0x47)
+        {
+            return true;
+        }
+
+        // JPEG file signature: FF D8 FF (in hex)
+        if (buffer[0] == 0xFF && buffer[1] == 0xD8 && buffer[2] == 0xFF)
+        {
+            return true;
+        }
+
+        return false;
     }
 }