fix: wildcard MIME types validation

[kyrers]

Resolves #2202.

---

PR-Codex overview

This PR modifies the file type validation logic in the AtlasProvider.tsx file to allow for more flexible MIME type checks, accommodating wildcard patterns.

Detailed summary

• Replaced the direct check of allowedMimeTypes with a more complex validation using some.
• Added support for MIME types with a wildcard suffix (e.g., image/*).
• The new validation checks if the file type starts with the prefix derived from the wildcard.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

• Bug Fixes
  • Improved file upload validation to support wildcard MIME type patterns (e.g., image/*), enabling more flexible file type acceptance and better error handling for unsupported files.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[netlify]

❌ Deploy Preview for kleros-v2-testnet failed. Why did it fail? →

Name	Link
🔨 Latest commit	5e2741f
🔍 Latest deploy log	https://app.netlify.com/projects/kleros-v2-testnet/deploys/693ae525c1e3310008eddc7b

[netlify]

✅ Deploy Preview for kleros-v2-neo ready!

Name	Link
🔨 Latest commit	5e2741f
🔍 Latest deploy log	https://app.netlify.com/projects/kleros-v2-neo/deploys/693ae52565861e0007c25fe5
😎 Deploy Preview	https://deploy-preview-2203--kleros-v2-neo.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

❌ Deploy Preview for kleros-v2-testnet-devtools failed. Why did it fail? →

Name	Link
🔨 Latest commit	5e2741f
🔍 Latest deploy log	https://app.netlify.com/projects/kleros-v2-testnet-devtools/deploys/693ae5253ec59c00077d75ff

[coderabbitai]

Walkthrough

Modified MIME type validation in AtlasProvider.uploadFile to support wildcard patterns (e.g., image/*). The function now iterates through allowed MIME types, treats entries ending with /* as prefixes, and validates file types accordingly. Exact matches remain required for non-wildcard entries. Error handling updated to throw "Unsupported file type." when validation fails.

Changes

Cohort / File(s)	Summary
MIME type wildcard validation kleros-app/src/lib/atlas/providers/AtlasProvider.tsx	Updated file type validation logic to support wildcard MIME patterns (e.g., image/*) by iterating through allowed types, checking for wildcard suffixes, and matching accordingly

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify wildcard detection logic (entries ending with /*)
• Confirm prefix matching behavior for wildcard types
• Check exact match handling for non-wildcard types
• Validate error message consistency

Poem

🐰 Wildcards dance in MIME type fields,
No more rejection of images revealed,
From image/* the files now bloom,
Flexibility floods the upload room! 📸

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely describes the main change: implementing support for wildcard MIME type validation in the AtlasProvider.
Linked Issues check	✅ Passed	The code changes directly address the requirements in issue #2202 by modifying the MIME type validation logic to support wildcard patterns and prevent false 'Unsupported file type' errors.
Out of Scope Changes check	✅ Passed	All changes are scoped to the MIME type validation logic in AtlasProvider.tsx, directly addressing the linked issue with no unrelated modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/allow-wildcard-mimetypes

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

kleros-app/src/lib/atlas/providers/AtlasProvider.tsx (1)

283-293: Wildcard MIME validation works for image/*; consider a clearer prefix derivation and */* behavior

The .some logic correctly handles patterns like image/* and exact matches, so it should unblock the Curate V2 image/* use case. Two small nits you may want to consider:

• allowedType.replace("/*", "/") is a bit opaque and will replace the first /* anywhere in the string. Using a simple slice is clearer and safer for future patterns:

-          const isValidMimeType = restrictions.restriction.allowedMimeTypes.some((allowedType) => {
-            if (allowedType.endsWith("/*")) {
-              const prefix = allowedType.replace("/*", "/");
-              return file.type.startsWith(prefix);
-            }
-            return allowedType === file.type;
-          });
+          const isValidMimeType = restrictions.restriction.allowedMimeTypes.some((allowedType) => {
+            if (allowedType.endsWith("/*")) {
+              // e.g. "image/*" -> "image/"
+              const prefix = allowedType.slice(0, -1); // drop only the '*'
+              return file.type.startsWith(prefix);
+            }
+            return allowedType === file.type;
+          });

• If you ever plan to support */* as a true “any MIME type” wildcard, the current logic won’t match anything (prefix becomes */). You might want to either explicitly special‑case */* now or document that only type/* wildcards are supported.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e16934e and 5e2741f.

📒 Files selected for processing (1)

• kleros-app/src/lib/atlas/providers/AtlasProvider.tsx (1 hunks)

🧰 Additional context used

🧠 Learnings (8)

📓 Common learnings

Learnt from: Harman-singh-waraich
Repo: kleros/kleros-v2 PR: 1727
File: web/src/context/AtlasProvider.tsx:159-171
Timestamp: 2024-10-29T06:46:13.522Z
Learning: Both `SubmitEvidenceModal.tsx` and `Policy/index.tsx` use the `uploadFile` function from `AtlasProvider`, which includes the `fetchWithAuthErrorHandling` error handling utility.

📚 Learning: 2024-10-15T16:18:32.543Z

Learnt from: Harman-singh-waraich
Repo: kleros/kleros-v2 PR: 1687
File: web/src/context/AtlasProvider.tsx:225-244
Timestamp: 2024-10-15T16:18:32.543Z
Learning: In `web/src/context/AtlasProvider.tsx`, the `atlasUri` variable comes from environment variables and does not change, so it does not need to be included in dependency arrays.

Applied to files:

• kleros-app/src/lib/atlas/providers/AtlasProvider.tsx

📚 Learning: 2024-11-21T06:14:26.307Z

Learnt from: Harman-singh-waraich
Repo: kleros/kleros-v2 PR: 1755
File: kleros-app/src/lib/atlas/utils/addUser.ts:18-37
Timestamp: 2024-11-21T06:14:26.307Z
Learning: In the `kleros-app/src/lib/atlas/utils/addUser.ts` file, email format validation is performed by the server in the `addUser` function. The library does not include client-side email validation, and it's the responsibility of the library consumers to perform any pre-checks if desired.

Applied to files:

• kleros-app/src/lib/atlas/providers/AtlasProvider.tsx

📚 Learning: 2024-10-29T06:46:13.522Z

Learnt from: Harman-singh-waraich
Repo: kleros/kleros-v2 PR: 1727
File: web/src/context/AtlasProvider.tsx:159-171
Timestamp: 2024-10-29T06:46:13.522Z
Learning: Both `SubmitEvidenceModal.tsx` and `Policy/index.tsx` use the `uploadFile` function from `AtlasProvider`, which includes the `fetchWithAuthErrorHandling` error handling utility.

Applied to files:

• kleros-app/src/lib/atlas/providers/AtlasProvider.tsx

📚 Learning: 2024-11-21T05:47:08.973Z

Learnt from: Harman-singh-waraich
Repo: kleros/kleros-v2 PR: 1755
File: kleros-app/src/lib/atlas/providers/AtlasProvider.tsx:130-144
Timestamp: 2024-11-21T05:47:08.973Z
Learning: In `kleros-app/src/lib/atlas/providers/AtlasProvider.tsx`, it is acceptable to pass `queryClient` as a positional parameter to the `useQuery` hook.

Applied to files:

• kleros-app/src/lib/atlas/providers/AtlasProvider.tsx

📚 Learning: 2024-10-28T12:20:19.884Z

Learnt from: Harman-singh-waraich
Repo: kleros/kleros-v2 PR: 1727
File: web/src/utils/atlas/updateEmail.ts:34-37
Timestamp: 2024-10-28T12:20:19.884Z
Learning: In `web/src/utils/atlas/updateEmail.ts`, the error coming from the `GraphQLError` array already has the necessary structure, so additional specificity in error handling is unnecessary.

Applied to files:

• kleros-app/src/lib/atlas/providers/AtlasProvider.tsx

📚 Learning: 2024-10-28T12:21:21.532Z

Learnt from: Harman-singh-waraich
Repo: kleros/kleros-v2 PR: 1727
File: web/src/utils/atlas/uploadToIpfs.ts:45-0
Timestamp: 2024-10-28T12:21:21.532Z
Learning: In the `uploadToIpfs` function in `web/src/utils/atlas/uploadToIpfs.ts`, the API error responses always include a defined `error.message`, so additional handling for undefined messages is unnecessary.

Applied to files:

• kleros-app/src/lib/atlas/providers/AtlasProvider.tsx

📚 Learning: 2024-10-28T12:20:36.536Z

Learnt from: Harman-singh-waraich
Repo: kleros/kleros-v2 PR: 1727
File: web/src/utils/atlas/updateEmail.ts:32-33
Timestamp: 2024-10-28T12:20:36.536Z
Learning: In the 'kleros-v2' project, it's acceptable to log raw error objects in production code, including in the `updateEmail` function within `web/src/utils/atlas/updateEmail.ts`.

Applied to files:

• kleros-app/src/lib/atlas/providers/AtlasProvider.tsx

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (14)

• GitHub Check: Redirect rules - kleros-v2-neo
• GitHub Check: Redirect rules - kleros-v2-testnet-devtools
• GitHub Check: Header rules - kleros-v2-neo
• GitHub Check: Redirect rules - kleros-v2-testnet
• GitHub Check: Redirect rules - kleros-v2-testnet
• GitHub Check: Header rules - kleros-v2-testnet-devtools
• GitHub Check: Header rules - kleros-v2-testnet
• GitHub Check: Header rules - kleros-v2-testnet
• GitHub Check: Pages changed - kleros-v2-testnet-devtools
• GitHub Check: Pages changed - kleros-v2-neo
• GitHub Check: Pages changed - kleros-v2-testnet
• GitHub Check: Pages changed - kleros-v2-testnet
• GitHub Check: Analyze (javascript)
• GitHub Check: hardhat-tests