Add support to restrict @Core.AcceptableMediaTypes

[samyuktaprabhu]

Add Support to Restrict Media Types

New Features

✨ Introduced support for restricting allowed MIME types for attachments using the @Core.AcceptableMediaTypes annotation. This feature enables validation of file types during upload, ensuring only specified media types are accepted.

Changes

• README.md:

  • Added new section documenting the @Core.AcceptableMediaTypes annotation with examples showing exact matches and wildcard patterns
  • Updated table of contents with link to "Restrict allowed MIME types" section

• CreateAttachmentsHandler.java:

  • Added new @Before handler method processBeforeForMetadata that validates acceptable media types early in the request lifecycle at HandlerOrder.BEFORE
  • Integrated validation logic using ApplicationHandlerHelper.validateAcceptableMediaTypes()
  • Added CdsRuntime dependency to support metadata validation

• AttachmentValidationHelper.java (new file):

  • Created comprehensive helper class for media type validation with extensive MIME type mapping (70+ common formats)
  • Implements validateMediaTypeForAttachment() to validate file names and resolve MIME types
  • Supports wildcard patterns (e.g., image/*) and default fallback behavior using URLConnection.guessContentTypeFromName()

• ApplicationHandlerHelper.java:

  • Added FILE_NAME_FILTER constant for extracting file names during validation
  • Implemented validateAcceptableMediaTypes() method coordinating the validation flow
  • Added getEntityAcceptableMediaTypes() to read @Core.AcceptableMediaTypes annotation from entity
  • Implemented extractFileName() to safely extract file names from attachment data
  • Returns */* (allow all) when no annotation is specified

• Registration.java:

  • Updated handler registration to pass CdsRuntime instance to CreateAttachmentsHandler
  • Reformatted comments for better readability

• Test files:

  • CreateAttachmentsHandlerTest.java: Added tests for new metadata validation handler
  • AttachmentValidationHelperTest.java (new): Comprehensive test suite with 16 test cases covering MIME type detection, validation, wildcards, error scenarios, and edge cases
  • ApplicationHandlerHelperTest.java: Added tests for extractFileName(), getEntityAcceptableMediaTypes(), and validateAcceptableMediaTypes() methods
  • MediaValidatedAttachmentsDraftTest.java (new): Integration tests for draft service media validation
  • MediaValidatedAttachmentsNonDraftTest.java (new): Integration tests for non-draft service media validation
  • SizeLimitedAttachmentsSizeValidationDraftTest.java: Updated with file name assignments
  • SizeLimitedAttachmentValidationNonDraftTest.java: Updated with file name assignments

• Integration test configuration:

  • data-model.cds: Added mediaValidatedAttachments composition to Roots entity
  • test-service.cds: Configured annotation to only accept JPEG and PNG images
  • RootEntityBuilder.java: Enhanced builder to support media-validated attachments

• Sample configuration (samples/bookshop/srv/attachments.cds):

  • Added mediaValidatedAttachments composition to Books entity
  • Configured annotation to accept only JPEG and PNG images: @Core.AcceptableMediaTypes: ['image/jpeg', 'image/png']
  • Updated AdminService UI to display media-validated attachments
  • Added non-draft service example

• 🔄 Regenerate and Update Summary

---

📬 Subscribe to the Hyperspace PR Bot DL to get the latest announcements and pilot features!

PR Bot Information

Version: 1.17.61 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback

• Output Template: Default Template
• Event Trigger: pull_request.edited
• Correlation ID: 1cdf0b90-0be2-11f1-9988-99fe6992d9d8
• Summary Prompt: Default Prompt
• LLM: anthropic--claude-4.5-sonnet

[hyperspace-insights]

The PR adds media type restriction support for attachments. I've identified a few issues: a typo in MIME type definitions (application/txt should be text/plain), potential security concerns with filename validation (missing path traversal checks), and a minor note about null handling. Overall the implementation is reasonable but needs these corrections before merging.

PR Bot Information

Version: 1.17.53 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback

• Event Trigger: pull_request.opened
• LLM: anthropic--claude-4.5-sonnet
• Correlation ID: 78c854a0-0757-11f1-833c-299ee35f3dc8

[hyperspace-insights]

---

Summary

The pull request introduces MIME type validation for attachments with good test coverage. However, several null safety issues were identified in the validation logic that could lead to NullPointerException errors. Additionally, a minor CDS syntax inconsistency and a misleading test variable name should be addressed.

PR Bot Information

Version: 1.17.61 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback

• Event Trigger: issue_comment.created
• Correlation ID: b7b79080-0bdb-11f1-9b97-78cdc3653ab1
• LLM: anthropic--claude-4.5-sonnet