upload_finalize does not validate cryptifytoken

## Description

The `upload_finalize` handler (`POST /fileupload/finalize/<uuid>`) does not validate the `cryptifytoken` header, despite the frontend sending it with every finalize request.

The `FinalizeHeaders` extractor only reads `content_range`:

```rust
struct FinalizeHeaders {
    content_range: ContentRange,
}
```

This means **anyone who knows a valid UUID can finalize an upload** without possessing the correct token, bypassing the token chain established during `init` and `upload_chunk`.

## Expected behaviour

`upload_finalize` should validate the `cryptifytoken` header against `state.cryptify_token`, the same way `upload_chunk` does:

```rust
if headers.cryptify_token != state.cryptify_token {
    return Err(Error::BadRequest(Some(
        "Cryptify Token header does not match".to_owned(),
    )));
}
```

## Steps to reproduce

1. Start an upload and obtain a valid UUID from `POST /fileupload/init`
2. Upload all chunks normally
3. Send `POST /fileupload/finalize/<uuid>` with a **wrong or missing** `cryptifytoken` — the request succeeds

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

upload_finalize does not validate cryptifytoken #45

Description

Expected behaviour

Steps to reproduce

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

upload_finalize does not validate cryptifytoken #45

Description

Description

Expected behaviour

Steps to reproduce

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions