fix(upload): remove file type allowlist to support all file types (#329)

* fix(upload): remove file type allowlist to support all file types Removes the hardcoded MIME type allowlist from both frontend and backend that was blocking uploads of file types like Word documents (.docx). File size limit (10 MB) is still enforced. Content type detection is preserved for metadata storage. Closes MUL-123 * feat(upload): increase file size limit from 10 MB to 100 MB Updates both frontend and backend to allow uploads up to 100 MB.
2026-04-02 13:55:50 +08:00 · 2026-04-02 13:55:50 +08:00 · ff616de82b
commit ff616de82b
parent f353e8db59
2 changed files with 3 additions and 60 deletions
--- a/server/internal/handler/file.go
+++ b/server/internal/handler/file.go
@ -9,7 +9,6 @@ import (
 	"log/slog"
 	"net/http"
 	"path"
-	"strings"
 	"time"

 	"github.com/go-chi/chi/v5"
@ -17,32 +16,7 @@ import (
 	db "github.com/multica-ai/multica/server/pkg/db/generated"
 )

-const maxUploadSize = 10 << 20 // 10 MB
-
-// Allowed MIME type prefixes and exact types for uploads.
-var allowedContentTypes = map[string]bool{
-	"image/png":        true,
-	"image/jpeg":       true,
-	"image/gif":        true,
-	"image/webp":       true,
-	"image/svg+xml":    true,
-	"application/pdf":  true,
-	"text/plain":       true,
-	"text/csv":         true,
-	"application/json": true,
-	"video/mp4":        true,
-	"video/webm":       true,
-	"audio/mpeg":       true,
-	"audio/wav":        true,
-	"application/zip":  true,
-}
-
-func isContentTypeAllowed(ct string) bool {
-	// Normalize: take only the media type, strip parameters like charset.
-	ct = strings.TrimSpace(strings.SplitN(ct, ";", 2)[0])
-	ct = strings.ToLower(ct)
-	return allowedContentTypes[ct]
-}
+const maxUploadSize = 100 << 20 // 100 MB

 // ---------------------------------------------------------------------------
 // Response types
@ -148,10 +122,6 @@ func (h *Handler) UploadFile(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	contentType := http.DetectContentType(buf[:n])
-	if !isContentTypeAllowed(contentType) {
-		writeError(w, http.StatusBadRequest, fmt.Sprintf("file type not allowed: %s", contentType))
-		return
-	}
 	// Seek back so the full file is uploaded.
 	if _, err := file.Seek(0, io.SeekStart); err != nil {
 		writeError(w, http.StatusInternalServerError, "failed to read file")