fix: add new env variable for allowed file extensions to upload

[tomrndom]

ref: https://app.clickup.com/t/86ba0v63v

Signed-off-by: Tomás Castillo tcastilloboireau@gmail.com

Summary by CodeRabbit

• New Features
  • File upload restrictions are now configurable via an environment variable. Upload components (documents, images, sponsor/inventory forms and downloads) will respect the configured allowed extensions (defaults include PDF plus common image/document types), enabling admins to change accepted file types without code changes.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds FILE_UPLOAD_ALLOWED_EXTENSIONS (example env), exposes it as window.FILE_UPLOAD_ALLOWED_EXTENSIONS in app init, adds getFileUploadAllowedExtensions() to parse it, and updates three upload components to use that parsed list for their allowedExtensions.

Changes

File Upload Extensions Configuration

Layer / File(s)	Summary
Configuration and utility setup .env.example, src/app.js, src/utils/methods.js	FILE_UPLOAD_ALLOWED_EXTENSIONS is added to the example env, assigned to window.FILE_UPLOAD_ALLOWED_EXTENSIONS at app startup, and parsed by new getFileUploadAllowedExtensions() which splits comma-separated values and returns an array (or [] when unset).
Upload component integration src/pages/sponsors-global/form-templates/sponsor-inventory-popup.js, src/pages/sponsors-global/page-templates/page-template-popup/modules/page-template-document-download-module.js, src/pages/sponsors/sponsor-form-item-list-page/components/sponsor-form-item-form.js	Three components import and call getFileUploadAllowedExtensions() to populate MuiFormikUpload's allowedExtensions prop, replacing earlier hardcoded arrays that prefixed "pdf" to ALLOWED_INVENTORY_IMAGE_FORMATS.

Sequence Diagram

sequenceDiagram
  participant Build as Build/Server
  participant App as App Init (src/app.js)
  participant Window as window
  participant Util as getFileUploadAllowedExtensions()
  participant Component as Upload Components

  Build->>App: provide process.env.FILE_UPLOAD_ALLOWED_EXTENSIONS
  App->>Window: set window.FILE_UPLOAD_ALLOWED_EXTENSIONS
  Component->>Util: call getFileUploadAllowedExtensions()
  Util-->>Component: return parsed extensions array

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• fntechgit/summit-admin#913: Adds allowedExtensions prop to MuiFormikUpload, which this PR populates with dynamic values.

Suggested reviewers

• smarcet

Poem

🐰 A nibble of env, a hop to the window,

Parsed commas and lists in a neat little row,
Three uploads now follow the rule,
No more hardcode, the rabbit’s so cool,
Hooray for extensions that properly flow!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately and specifically describes the main change: introducing a new environment variable for configuring allowed file extensions for uploads.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/allowed-extensions-file-env

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

src/utils/methods.js (1)

633-634: ⚡ Quick win

Normalize extension tokens before returning them.

Line 634 currently keeps whitespace/dot/case as-is, so values like "pdf, jpg" or ".PDF" can produce unusable entries.

Suggested patch

-export const getFileUploadAllowedExtensions = () =>
-  window.FILE_UPLOAD_ALLOWED_EXTENSIONS?.split(",").filter(Boolean) ?? [];
+export const getFileUploadAllowedExtensions = () =>
+  (window.FILE_UPLOAD_ALLOWED_EXTENSIONS ?? "")
+    .split(",")
+    .map((ext) => ext.trim().replace(/^\./, "").toLowerCase())
+    .filter(Boolean);

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/utils/methods.js` around lines 633 - 634, getFileUploadAllowedExtensions
currently returns raw tokens which may contain whitespace, leading dots or mixed
case; update the function (getFileUploadAllowedExtensions) to normalize each
token after split by trimming whitespace, stripping any leading dot(s),
converting to lowercase, and then filtering out empty strings so the returned
array contains clean extension tokens (preserve the existing null/undefined
handling with optional chaining and the fallback empty array).

src/pages/sponsors-global/form-templates/sponsor-inventory-popup.js (1)

81-82: ⚡ Quick win

Remove debug logging from upload dialog.

Line 81 introduces a console debug statement that should not ship.

Suggested patch

-  console.log("CHECK!", getFileUploadAllowedExtensions());
-

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/pages/sponsors-global/form-templates/sponsor-inventory-popup.js` around
lines 81 - 82, Remove the stray debug console.log call so it doesn't ship;
specifically delete the console.log("CHECK!", getFileUploadAllowedExtensions())
statement in the sponsor upload/dialog code (the line invoking
getFileUploadAllowedExtensions()). Leave any real logging or error handling
intact and, if needed, replace with a proper processLogger or debug-flagged
logger rather than console.log.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/pages/sponsors-global/form-templates/sponsor-inventory-popup.js`:
- Around line 81-82: Remove the stray debug console.log call so it doesn't ship;
specifically delete the console.log("CHECK!", getFileUploadAllowedExtensions())
statement in the sponsor upload/dialog code (the line invoking
getFileUploadAllowedExtensions()). Leave any real logging or error handling
intact and, if needed, replace with a proper processLogger or debug-flagged
logger rather than console.log.

In `@src/utils/methods.js`:
- Around line 633-634: getFileUploadAllowedExtensions currently returns raw
tokens which may contain whitespace, leading dots or mixed case; update the
function (getFileUploadAllowedExtensions) to normalize each token after split by
trimming whitespace, stripping any leading dot(s), converting to lowercase, and
then filtering out empty strings so the returned array contains clean extension
tokens (preserve the existing null/undefined handling with optional chaining and
the fallback empty array).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3a3a2583-87b6-41e3-a3a6-c67acc8dd3fe

📥 Commits

Reviewing files that changed from the base of the PR and between 6505d4e and 39d9804.

📒 Files selected for processing (6)

• .env.example
• src/app.js
• src/pages/sponsors-global/form-templates/sponsor-inventory-popup.js
• src/pages/sponsors-global/page-templates/page-template-popup/modules/page-template-document-download-module.js
• src/pages/sponsors/sponsor-form-item-list-page/components/sponsor-form-item-form.js
• src/utils/methods.js

[smarcet]

@tomrndom please review

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/app.js`:
- Around line 109-110: The assignment to window.FILE_UPLOAD_ALLOWED_EXTENSIONS
falls back to ALLOWED_INVENTORY_IMAGE_FORMATS which is likely an array, breaking
the env contract that expects a CSV string; update the fallback in the
window.FILE_UPLOAD_ALLOWED_EXTENSIONS assignment so it always yields a CSV
string (e.g. convert ALLOWED_INVENTORY_IMAGE_FORMATS to a comma-separated string
or use the same CSV literal used in .env.example) so downstream parsing receives
a consistent string type.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 71b09160-31b4-42d0-8bf5-39976608da83

📥 Commits

Reviewing files that changed from the base of the PR and between 39d9804 and 96796bd.

📒 Files selected for processing (5)

• .env.example
• src/app.js
• src/pages/sponsors-global/form-templates/sponsor-inventory-popup.js
• src/pages/sponsors-global/page-templates/page-template-popup/modules/page-template-document-download-module.js
• src/pages/sponsors/sponsor-form-item-list-page/components/sponsor-form-item-form.js

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Keep fallback format/content aligned with the env contract.

This fallback uses ALLOWED_INVENTORY_IMAGE_FORMATS, but .env.example defines a broader CSV list for FILE_UPLOAD_ALLOWED_EXTENSIONS. If the env var is missing, behavior can diverge and the value type may differ from the parser’s expected string contract.

Proposed fix

+const DEFAULT_FILE_UPLOAD_ALLOWED_EXTENSIONS = [
+  "pdf",
+  ...ALLOWED_INVENTORY_IMAGE_FORMATS
+].join(",");
+
 window.FILE_UPLOAD_ALLOWED_EXTENSIONS =
-  process.env.FILE_UPLOAD_ALLOWED_EXTENSIONS || ALLOWED_INVENTORY_IMAGE_FORMATS;
+  process.env.FILE_UPLOAD_ALLOWED_EXTENSIONS ||
+  DEFAULT_FILE_UPLOAD_ALLOWED_EXTENSIONS;

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/app.js` around lines 109 - 110, The assignment to
window.FILE_UPLOAD_ALLOWED_EXTENSIONS falls back to
ALLOWED_INVENTORY_IMAGE_FORMATS which is likely an array, breaking the env
contract that expects a CSV string; update the fallback in the
window.FILE_UPLOAD_ALLOWED_EXTENSIONS assignment so it always yields a CSV
string (e.g. convert ALLOWED_INVENTORY_IMAGE_FORMATS to a comma-separated string
or use the same CSV literal used in .env.example) so downstream parsing receives
a consistent string type.

[smarcet]

LGTM