Allow AVIF and WebP for primary photo when creating an item

[mcarbonne]

What type of PR is this?

• feature

What this PR does / why we need it:

This PR adds avif and webp as allowed mime types for picture upload during item creation.
Those formats are widely supported by web browers (source: https://developer.mozilla.org/en-US/docs/Web/Media/Formats/Image_types)

Special notes for your reviewer:

Ideally, testing on an apple device is a must-have as mime type list was initially introduced to fix an issue regarding apple devices (#165, #227)

Testing

Tested in the provided devcontainer + included in my "beta" branch (ghcr.io/mcarbonne/homebox:beta)
(only on linux and android devices)

Summary by CodeRabbit

• New Features

  • Enhanced file upload functionality to support additional image formats: image/avif and image/webp.

• Bug Fixes

  • Improved the dropdown menu by removing a redundant class for better clarity.

[coderabbitai]

Walkthrough

The changes in CreateModal.vue focus on enhancing the file upload capabilities by allowing additional image formats, specifically image/avif and image/webp. The dropdown menu's class attribute has been updated to remove a redundant class, but the functionality remains unchanged. The component's script section, including methods and properties, has not been modified, ensuring the overall logic and data handling stay intact.

Changes

File Path	Change Summary
frontend/components/Item/CreateModal.vue	Updated file input to accept image/avif and image/webp; removed redundant class from dropdown menu.

Possibly related PRs

• Only accept common image formats during item creation (fix #165) #227: Modifies the file input in CreateModal.vue to restrict accepted image formats, related to the expansion of formats in the main PR.
• show add photo button on mobile #229: Adjusts the layout of CreateModal.vue, focusing on styling changes within the same component.
• Fix picture attachment modal (buttons cropped) #239: Addresses a different component (index.vue) but relates to modal functionality, relevant to the context of the changes.

Suggested reviewers

• katosdev

🎉 In the modal where choices abound,
New formats accepted, now image-rich ground.
With a dropdown refined, and functions intact,
Flexibility blooms, that's a well-crafted fact!
So upload with glee, let creativity flow,
In the world of images, watch your ideas grow! 🌟

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 888973e and f7b8124.

📒 Files selected for processing (1)

• frontend/components/Item/CreateModal.vue (2 hunks)

🧰 Additional context used

🔇 Additional comments (2)

frontend/components/Item/CreateModal.vue (2)

21-27: LGTM! Enhanced file upload capabilities.

The addition of AVIF and WebP formats to the accepted file types improves the flexibility of the upload feature and aligns with modern web standards. This change meets the PR objectives and enhances user experience.

Security Recommendation: Ensure that server-side validation is in place to verify the integrity and content of uploaded files, regardless of their extension. Implement strict file type checking and sanitization to prevent potential security vulnerabilities such as file upload attacks.

To verify the server-side implementation, you can run the following script:

#!/bin/bash
# Description: Check for server-side file validation in the backend code

# Test: Search for file validation logic in the backend code
rg --type-add 'backend:*.py' --type backend -i '(file.?type|mime.?type|content.?type).*(avif|webp)'

This script will help identify if there's proper server-side validation for the newly added file types.

---

42-42: Verify dropdown behavior after z-index change.

The removal of the z-50 class from the dropdown menu could potentially affect its stacking order and visibility in certain scenarios. Please ensure that this change doesn't negatively impact the dropdown's behavior across different contexts within the application.

Security Recommendation: While this change doesn't directly impact security, ensure that any UI modifications don't inadvertently create opportunities for clickjacking or overlay attacks. Verify that the dropdown remains properly contained within its parent elements and doesn't overlap with sensitive UI components.

To verify the impact of this change, you can run the following script to check for any other occurrences of z-index classes in the component:

This will help identify if there are any other z-index classes that might need adjustment to maintain proper layering.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.