159 add more block types

[shreyashkgupta]

Comprehensive Content Block Enhancements

• Purpose:
  This pull request introduces significant refactoring and new functionality across various content blocks in the application, including support for additional media types.
• Key Changes:
  • Refactored AudioBlock, VideoBlock, and FileBlock components to improve handling of content and metadata.
  • Added support for file uploads and dynamic rendering of audio and video controls.
  • Enhanced styling across multiple components for better responsiveness and alignment.
  • Introduced new functionality for checklist and table components, allowing for dynamic editing and updates.
  • Implemented improved error handling and content parsing for various block types.
  • Added Video, Audio, and File options to the AddBlockButton component.
  • Updated BlockFormatToolbar to manage video and audio controls.
  • Implemented file upload and deletion APIs for managing media files.
  • Enhanced BlockRenderer to render new media blocks appropriately.
  • Adjusted state management in ArticleEditorContent for handling media files.
• Impact:
  These changes significantly enhance the user experience by providing more interactive and flexible content blocks, improving maintainability and readability of the codebase, and expanding the capabilities of the editor to incorporate a wider range of media types.

✨ Generated with love by Kaizen ❤️

Original Description

# Enhance Content Management and Functionality

• **Purpose:
  **
  Improve the structure, functionality, and file management capabilities of the content editor.
• Key Changes:
  • Refactored AudioBlock, VideoBlock, and FileBlock to include upload functionality and better state management.
  • Enhanced CheckList and Table components to support dynamic editing and item management.
  • Added alignment and size options for media blocks, improving layout flexibility.
  • Introduced new props for metadata handling across multiple blocks, facilitating better content management.
  • Improved styling consistency and responsiveness across various components.
  • Added support for new block types: table, checkList, video, audio, and file.
  • Implemented functionality to upload, move, and delete files associated with the content.
  • Improved handling of image, video, and audio file management, including deleting unused files.
  • Added controls for video and audio block metadata (caption, alignment, size).
• **Impact:
  **
  These changes enhance the user experience by providing more interactive and flexible content management options, including the ability to better organize and manage associated files.

✨ Generated with love by Kaizen ❤️

Original Description

Editor changes - new blocks, upload apis and block format toolbar changes

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
akira-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Dec 7, 2024 5:26am

[kaizen-bot]

Consider implementing the following changes to improve the code.

[kaizen-bot]

Comment: Potential security risk with file uploads.

Solution: Implement file type and size validation for uploads.
!! Make sure the following suggestion is correct before committing it !!

Suggested change

	accept="video/*"
	accept='video/*' onChange={validateFileUpload}

[kaizen-bot]

Comment: Multiple fetch calls for file deletions and moves can be optimized.

Solution: Implement a batch API endpoint to handle multiple deletions/moves in a single request.
!! Make sure the following suggestion is correct before committing it !!

Suggested change

	// Delete files that were explicitly marked for deletion
	await Promise.all(
	deletedImages.map(filename =>
	fetch(`/api/upload/delete-from-root?filename=${encodeURIComponent(filename)}`, {
	method: 'DELETE'
	})
	await fetch('/api/upload/batch-delete',{
	method: 'POST',
	body: JSON.stringify({filenames: deletedImages})
	});

[kaizen-bot]

Comment: Potential security risk with file uploads due to lack of validation.

Solution: Implement server-side validation of file content to prevent malicious uploads.
!! Make sure the following suggestion is correct before committing it !!

Suggested change

	const ALLOWED_FILE_TYPES = new Set([
	// Images
	'image/jpeg',
	'image/png',
	'image/gif',
	'image/webp',
	'image/svg+xml',
	const isValidFileContent = (file) =>{/* implement content validation logic */};

[kaizen-bot]

Comment: Potential security risk with file uploads.

Solution: Add validation checks for file type and size before processing the upload.
!! Make sure the following suggestion is correct before committing it !!

Suggested change

	const file = e.target.files?.[0]
	if (!file) return
	if (!file || !['audio/mpeg', 'audio/wav'].includes(file.type) || file.size > 5 * 1024 * 1024){alert('Invalid file type or size.'); return;}

[kaizen-bot]

🔍 Code Review Summary

❗ Attention Required: This push has potential issues. 🚨

Overview

• Total Feedbacks: 5 (Critical: 5, Refinements: 0)
• Files Affected: 4
• Code Quality: [█████████████████░░░] 85% (Good)

🚨 Critical Issues

security (5 issues)

1. Potential XSS vulnerability with dangerouslySetInnerHTML.

---

📁 File: packages/akiradocs/src/components/blocks/CodeBlock.tsx
🔍 Reasoning:
Using dangerouslySetInnerHTML can expose the application to Cross-Site Scripting (XSS) attacks if the content is not properly sanitized.

💡 Solution:
Ensure that any content passed to dangerouslySetInnerHTML is sanitized to prevent XSS vulnerabilities.

Current Code:

dangerouslySetInnerHTML={{__html: code.replace(/\n/g, '<br>')}}

Suggested Code:

dangerouslySetInnerHTML={{__html: sanitizeHTML(code.replace(/\n/g, '<br>'))}}

2. Potential for XSS attacks when rendering user-generated content.

---

📁 File: packages/akiradocs/src/components/blocks/VideoBlock.tsx
🔍 Reasoning:
If block.content contains user-generated content, it should be sanitized before rendering to prevent XSS attacks.

💡 Solution:
Implement sanitization for any user-generated content before rendering it in the UI.

Current Code:

src={videoContent.url}

Suggested Code:

          src={sanitize(videoContent.url)}; // Ensure the URL is sanitized

3. Sanitize file names before using them in file paths

---

📁 File: packages/editor/src/app/api/upload/route.ts
🔍 Reasoning:
Using unsanitized file names in file paths can lead to directory traversal vulnerabilities, allowing attackers to access files outside the intended directory.

💡 Solution:
Implement a more robust file name sanitization process to ensure that only safe characters are used in the file names. This can be done by using a regular expression to replace any unsafe characters with a safe alternative, such as an underscore.

Current Code:

["const sanitizedFilename = baseFilename.replace(/[^a-zA-Z0-9]/g, '_');"]

Suggested Code:

["const sanitizedFilename = baseFilename.replace(/[^a-zA-Z0-9-_. ]/g, '_');"]

4. Optimize audio file loading and caching.

---

📁 File: packages/editor/src/components/blocks/AudioBlock.tsx
🔍 Reasoning:
Optimizing audio file loading and caching can improve the overall performance of the application, especially for users with slower internet connections.

💡 Solution:
Implement a caching strategy for the audio files, such as using the browser's cache or a content delivery network (CDN). Consider lazy-loading the audio files or using progressive web app (PWA) techniques to improve the initial load time.

Current Code:

<audio
  ref={audioRef}
  src={audioContent.url}
  controls
  className="w-full"
/>

Suggested Code:

      <audio
        ref={audioRef}
        src={audioContent.url}
        controls
        className="w-full"
        preload="metadata"
      />

5. Sanitize user input for the audio caption.

---

📁 File: packages/editor/src/components/blocks/AudioBlock.tsx
🔍 Reasoning:
Unsanitized user input can lead to potential cross-site scripting (XSS) vulnerabilities, which can be exploited by attackers to inject malicious code into the application.

💡 Solution:
Use a library like DOMPurify or sanitize-html to sanitize the audio caption before rendering it in the UI.

Current Code:

<figcaption className={cn(
  "mt-2 text-sm text-muted-foreground italic",
  alignment === 'left' && "text-left",
  alignment === 'center' && "text-center",
  alignment === 'right' && "text-right",
  metadata?.styles?.bold && "font-bold",
  metadata?.styles?.italic && "italic",
  metadata?.styles?.underline && "underline"
)}>
{audioContent.caption}
</figcaption>

Suggested Code:

        <figcaption className={cn(
          "mt-2 text-sm text-muted-foreground italic",
          alignment === 'left' && "text-left",
          alignment === 'center' && "text-center",
          alignment === 'right' && "text-right",
          metadata?.styles?.bold && "font-bold",
          metadata?.styles?.italic && "italic",
          metadata?.styles?.underline && "underline"
        )}>
        {DOMPurify.sanitize(audioContent.caption)}
        </figcaption>

---

Test Cases

31 file need updates to their tests. Run !unittest to generate create and update tests.

---

✨ Generated with love by Kaizen ❤️

Useful Commands

• Feedback: Share feedback on kaizens performance with !feedback [your message]
• Ask PR: Reply with !ask-pr [your question]
• Review: Reply with !review
• Update Tests: Reply with !unittest to create a PR with test changes

[kaizen-bot]

Consider implementing the following changes to improve the code.

[kaizen-bot]

Comment: Potential XSS vulnerability with dangerouslySetInnerHTML.

Solution: Ensure that any content passed to dangerouslySetInnerHTML is sanitized to prevent XSS vulnerabilities.
!! Make sure the following suggestion is correct before committing it !!

Suggested change

	dangerouslySetInnerHTML={{ __html: code.replace(/\n/g, '<br>') }}
	dangerouslySetInnerHTML={{__html: sanitizeHTML(code.replace(/\n/g, '<br>'))}}

[kaizen-bot]

Comment: Potential for XSS attacks when rendering user-generated content.

Solution: Implement sanitization for any user-generated content before rendering it in the UI.
!! Make sure the following suggestion is correct before committing it !!

Suggested change

	src={videoContent.url}
	src={sanitize(videoContent.url)}; // Ensure the URL is sanitized

[kaizen-bot]

Comment: Sanitize file names before using them in file paths

Solution: Implement a more robust file name sanitization process to ensure that only safe characters are used in the file names. This can be done by using a regular expression to replace any unsafe characters with a safe alternative, such as an underscore.
!! Make sure the following suggestion is correct before committing it !!

Suggested change

	const baseFilename = path.basename(file.name, fileExtension)
	const sanitizedFilename = baseFilename.replace(/[^a-zA-Z0-9]/g, '_')
	const uniqueFilename = `${Date.now()}-${sanitizedFilename}${fileExtension}`
	["const sanitizedFilename = baseFilename.replace(/[^a-zA-Z0-9-_. ]/g, '_');"]

[kaizen-bot]

Comment: Optimize audio file loading and caching.

Solution: Implement a caching strategy for the audio files, such as using the browser's cache or a content delivery network (CDN). Consider lazy-loading the audio files or using progressive web app (PWA) techniques to improve the initial load time.
!! Make sure the following suggestion is correct before committing it !!

Suggested change

	<audio
	ref={audioRef}
	src={audioContent.url}
	controls
	className="w-full"
	<audio
	ref={audioRef}
	src={audioContent.url}
	controls
	className="w-full"
	preload="metadata"
	/>

[kaizen-bot]

Comment: Sanitize user input for the audio caption.

Solution: Use a library like DOMPurify or sanitize-html to sanitize the audio caption before rendering it in the UI.
!! Make sure the following suggestion is correct before committing it !!

Suggested change

	{audioContent.caption && (
	<figcaption className={cn(
	"mt-2 text-sm text-muted-foreground italic",
	alignment === 'left' && "text-left",
	alignment === 'center' && "text-center",
	alignment === 'right' && "text-right",
	metadata?.styles?.bold && "font-bold",
	metadata?.styles?.italic && "italic",
	metadata?.styles?.underline && "underline"
	)}>
	{audioContent.caption}
	</figcaption>
	<figcaption className={cn(
	"mt-2 text-sm text-muted-foreground italic",
	alignment === 'left' && "text-left",
	alignment === 'center' && "text-center",
	alignment === 'right' && "text-right",
	metadata?.styles?.bold && "font-bold",
	metadata?.styles?.italic && "italic",
	metadata?.styles?.underline && "underline"
	)}>
	{DOMPurify.sanitize(audioContent.caption)}
	</figcaption>