fix: reverse SOC/CAC detection order in POST /chunks handler

Try SOC parsing before CAC in the chunk upload handler. CAC parsing
accepts any data between 8-4104 bytes, so valid SOC data was always
misclassified as CAC and stored at the wrong content-addressed hash
instead of the correct SOC address (Hash(Identifier || Owner)).

Author: significance

pkg/api/chunk.go

@@ -138,29 +138,33 @@ func (s *Service) chunkUploadHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	chunk, err := cac.NewWithDataSpan(data)
-	if err != nil {
-		// not a valid cac chunk. Check if it's a replica soc chunk.
-		logger.Debug("chunk upload: create chunk failed", "error", err)
-
-		// FromChunk only uses the chunk data to recreate the soc chunk. So the address is irrelevant.
-		sch, err := soc.FromChunk(swarm.NewChunk(swarm.EmptyAddress, data))
-		if err != nil {
-			logger.Debug("chunk upload: create soc chunk from data failed", "error", err)
-			logger.Error(nil, "chunk upload: create chunk error")
-			jsonhttp.InternalServerError(ow, "create chunk error")
-			return
-		}
+	// Try SOC first — CAC parsing is too permissive (accepts any 8-4104 byte data),
+	// so valid SOCs would always be misclassified as CACs if we tried CAC first.
+	var chunk swarm.Chunk
+	sch, err := soc.FromChunk(swarm.NewChunk(swarm.EmptyAddress, data))
+	if err == nil {
 		chunk, err = sch.Chunk()
 		if err != nil {
 			logger.Debug("chunk upload: create chunk from soc failed", "error", err)
 			logger.Error(nil, "chunk upload: create chunk error")
 			jsonhttp.InternalServerError(ow, "create chunk error")
 			return
 		}
-
 		if !soc.Valid(chunk) {
-			logger.Debug("chunk upload: invalid soc chunk")
+			// Parsed as SOC structure but invalid — fall through to CAC
+			chunk, err = cac.NewWithDataSpan(data)
+			if err != nil {
+				logger.Debug("chunk upload: create chunk failed", "error", err)
+				logger.Error(nil, "chunk upload: create chunk error")
+				jsonhttp.InternalServerError(ow, "create chunk error")
+				return
+			}
+		}
+	} else {
+		// Not a SOC — try CAC
+		chunk, err = cac.NewWithDataSpan(data)
+		if err != nil {
+			logger.Debug("chunk upload: create chunk failed", "error", err)
 			logger.Error(nil, "chunk upload: create chunk error")
 			jsonhttp.InternalServerError(ow, "create chunk error")
 			return

pkg/api/chunk_test.go

@@ -328,16 +328,28 @@ func TestChunkUploadSOC(t *testing.T) {
 			})
 		)
 
-		// drain pusher feed
-		go func() { <-storerMock.PusherFeed() }()
+		tag, err := storerMock.NewSession()
+		if err != nil {
+			t.Fatal(err)
+		}
 
-		// upload
+		// upload with tag so chunk is stored in ChunkStore (deferred upload path)
 		jsonhttptest.Request(t, client, http.MethodPost, chunksEndpoint, http.StatusCreated,
+			jsonhttptest.WithRequestHeader(api.SwarmTagHeader, fmt.Sprintf("%d", tag.TagID)),
 			jsonhttptest.WithRequestHeader(api.SwarmPostageBatchIdHeader, batchOkStr),
 			jsonhttptest.WithRequestBody(bytes.NewReader(socChunk.Data())),
 			jsonhttptest.WithExpectedJSONResponse(api.ChunkAddressResponse{Reference: mockSOC.Address()}),
 		)
 
+		// verify chunk exists in store at SOC address
+		has, err := storerMock.ChunkStore().Has(context.Background(), mockSOC.Address())
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !has {
+			t.Fatal("soc chunk not found in store at soc address")
+		}
+
 		// retrieve by SOC address
 		jsonhttptest.Request(t, client, http.MethodGet, chunksResource(mockSOC.Address()), http.StatusOK,
 			jsonhttptest.WithExpectedResponse(socChunk.Data()),