revert(meditrak): RN-1788: restore image upload payload validation

[jaskfla]

RN-1788

Partially reverts #6564, keeping the improved error messages

[gemini-code-assist]

Summary of Changes

Hello @jaskfla, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request reverts a temporary hotfix related to image upload payload validation that was previously implemented to address issue RN-1788. By removing the permissive validation logic, the system now enforces the intended stricter validation for image data, thereby ensuring data integrity. Additionally, it incorporates minor code quality improvements within the S3 client utility.

Highlights

• Reverted Temporary Image Upload Validation Hotfix: The hasContentPermissive function, which was a temporary workaround to unblock client synchronization by swallowing validation errors for image uploads, has been removed.
• Restored Strict Image Payload Validation: The AddSurveyImage action now utilizes the stricter hasContent validator for image data, ensuring proper and robust validation.
• S3Client Enhancements: Minor code improvements in S3Client.ts include updating property existence checks to Object.hasOwn, refining regex syntax, and adding explicit type annotations for enhanced type safety.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Summary of Changes

Hello @jaskfla, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request partially reverts a previous change to restore critical image upload payload validation within the meditrak application. The temporary permissive validation, initially introduced as a hotfix for issue RN-1788, has been removed, ensuring that image data adheres to expected content standards. Additionally, the PR includes minor code quality enhancements in the S3 client related to property checking, regex usage, and type annotations, contributing to overall code robustness.

Highlights

• Image Upload Validation Restored: The pull request re-enables strict content validation for image uploads by reverting the AddSurveyImage payload validation from a permissive hasContentPermissive function back to the standard hasContent validation.
• Temporary Hotfix Removal: The hasContentPermissive function, which was a temporary workaround to bypass validation errors for a specific client, has been completely removed from the codebase.
• S3 Client Code Refinements: Minor code quality improvements were made in the S3Client.ts file, including updating property checking to use Object.hasOwn, refactoring a regular expression to a literal, and adding explicit type annotations for contentType and contentEncoding.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Summary of Changes

Hello @jaskfla, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on re-establishing crucial image upload payload validation within the Meditrak application, addressing issue RN-1788. It achieves this by partially reverting a previous change that introduced a temporary permissive validation workaround. The core objective is to restore data integrity for image uploads while intelligently retaining the improved error messaging that was part of the earlier modification, thereby strengthening the robustness of the system's image handling capabilities.

Highlights

• Image Upload Validation Restored: The temporary hasContentPermissive function, which previously allowed image upload payloads to bypass strict validation, has been removed. This restores the original, more stringent hasContent validation for AddSurveyImage actions, ensuring data integrity.
• Partial Revert of Previous Change: This pull request partially reverts changes introduced in fix(meditrak): RN-1788: temporarily allow empty image upload #6564. The intent is to re-enable critical validation logic while preserving the improved error messages that were part of the original modification.
• S3 Client Code Refinements: Minor code quality improvements have been applied to the S3Client.ts file. These include transitioning from hasOwnProperty to Object.hasOwn for property checks, using literal regular expressions, and adding explicit type annotations for enhanced type safety.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[jaskfla]

My bad; I should’ve done this from the start in #6502

See:

• MDN docs for Object.hasOwn()
• Biome’s noPrototypeBuiltins rule

[gemini-code-assist]

Code Review

This pull request reverts a temporary hotfix that bypassed image upload payload validation, which is the correct course of action now that the underlying issue is resolved. The changes in postChanges.js correctly restore the validation. The accompanying changes in S3Client.ts are mostly good housekeeping, such as using Object.hasOwn and improving TypeScript types. However, I've found a potential bug in S3Client.ts related to how base64 data URIs are parsed, which could lead to incorrect behavior with certain inputs. My review includes a suggestion to fix this.

[gemini-code-assist]

The regex used here to strip the data URI prefix is greedy (.*). This can lead to incorrect behavior if the base64-encoded data itself contains a data URI string. For example, for a data URI like data:text/plain;base64,data:image/png;base64,abc, the greedy regex will strip everything up to the last ;base64,, resulting in abc as the data. However, getContentTypeFromBase64 finds the first ;base64, and would extract text/plain as the content type. This inconsistency can lead to bugs.

It's safer to use string manipulation methods like indexOf and substring to ensure only the prefix of the top-level data URI is removed, which aligns with how getContentTypeFromBase64 works.

Suggested change

	const encodedFileString = encodedFile.replace(/(data:)(.*)(;base64,)/, '');
	const encodedFileString = encodedFile.substring(encodedFile.indexOf(';base64,') + 8);

[jaskfla]

Gonna leave this out-of-scope

• It is true that this regular expression is greedy; but
• ; and , are illegal characters in Base64, so so unless convertEncodedFileToBuffer is given bad data this won’t happen

Would be nice to tighten up, but only our own code ever calls convertEncodedFileToBuffer so it’s exceptionally unlikely that we’ll ever get an invalid Base64 string

[gemini-code-assist]

Code Review

This pull request correctly reverts a temporary hotfix related to RN-1788, restoring the image upload payload validation. The changes are clean and also include several small but valuable code quality improvements, such as using modern JavaScript features and more specific TypeScript types. I have one suggestion to make a regular expression more robust. Overall, this is a solid pull request.

[gemini-code-assist]

The regular expression used to strip the data URI prefix is not anchored to the start of the string and is a bit too broad. This could lead to unexpected behavior if a data URI-like pattern appears in the middle of the string, and it's less efficient than it could be. Anchoring the regex and making it more specific would improve robustness and performance.

Suggested change

	const encodedFileString = encodedFile.replace(/(data:)(.*)(;base64,)/, '');
	const encodedFileString = encodedFile.replace(/^data:[^;]+;base64,/, '');

[jaskfla]

Accept the ^ suggestion and removal of redundant parens, but not accepting [^;]

b988c06

[gemini-code-assist]

Code Review

This pull request reverts a temporary hotfix that was put in place to handle invalid image upload payloads. The changes restore the validation logic and remove the permissive handling of image data. The code also includes some minor improvements like using Object.hasOwn and adding more specific TypeScript types. Overall, the changes are good and correctly implement the revert. I've added one suggestion to improve the robustness of a public method.

[chris-bes]

LGTM since it's just reverting