Allow middleware to detect locale from users browser

[NumericalAdvantage]

The middleware extracts locale from Accept-Language header and use it downstream to deal with format parsing and translations.

[claude]

PR Review: Allow middleware to detect locale from users browser

Thank you for this contribution! This PR adds a Selection output type for extraction fields with dynamic options management. Overall, the implementation is well-structured with good test coverage. Below are my findings across different aspects:

---

✅ Strengths

1. Good test coverage: The PR includes comprehensive tests for the form validation logic in test_forms.py
2. Proper validation: Both form-level and model-level validation ensure data integrity
3. User-friendly UI: The Alpine.js integration provides a clean, dynamic interface for managing selection options
4. Type safety: Uses Literal types in Pydantic for runtime validation of selection values
5. Internationalization: Enables USE_I18N = True and adds LocaleMiddleware as described in the PR

---

🐛 Potential Bugs & Issues

High Priority

1. Migration field inconsistency (radis/extractions/migrations/0004_outputfield_selection_options.py:13)

   • The migration sets default=list which creates a mutable default
   • This is a Django anti-pattern that can cause the same list instance to be shared across model instances
   • Recommendation: Change to default=list in migration (Django handles this correctly), but be aware that Python's mutable default behavior doesn't apply here since Django evaluates callables

2. Missing duplicate validation (radis/extractions/models.py:106-132, radis/extractions/forms.py:232-258)

   • No validation prevents duplicate selection options (e.g., ["Grade 1", "Grade 1"])
   • This could cause confusion in the UI and potentially issues with AI extraction
   • Recommendation: Add uniqueness validation in both form and model clean() methods:

   if len(cleaned_options) != len(set(cleaned_options)):
       raise ValidationError({"selection_options": "Selection options must be unique."})

3. Hardcoded output type value (radis/core/static/core/core.js:144)

   • Uses hardcoded string "S" to check for Selection type
   • If the model choice value ever changes, this will break
   • Recommendation: Consider passing the value from Django template or use a data attribute

Medium Priority

4. Alpine.js $nextTick not guaranteed (radis/core/static/core/core.js:161)

   • Uses this.$nextTick() but SelectionOptions is not an Alpine component
   • This will work if Alpine is available globally, but it's fragile
   • Recommendation: Use setTimeout() or properly integrate with Alpine's component lifecycle

5. Form whitespace handling inconsistency (radis/core/templates/cotton/formset.html)

   • The whitespace-only changes appear unintentional (lines indented vs not indented)
   • Recommendation: Revert these formatting changes unless they're intentional

6. No max length validation on individual options

   • Selection options have no maximum character length constraint
   • Could cause UI layout issues or database performance problems
   • Recommendation: Add max_length validation (e.g., 100 characters per option)

7. Error handling in JS could be more specific (radis/core/static/core/core.js:138)

   • Catches all JSON parse errors with generic console.warn
   • Recommendation: Consider more specific error messages for debugging

---

🔒 Security Concerns

Low Risk

1. JSON injection via hidden input (radis/extractions/forms.py:189-192)

   • The hidden input field accepts JSON strings that are parsed
   • While Django's form validation sanitizes this, ensure the frontend can't inject malicious JSON
   • ✅ Current status: Properly validated with json.loads() in clean_selection_options() with exception handling

2. XSS in template (radis/extractions/templates/extractions/_selection_options_field.html)

   • Uses x-model which binds user input directly to the data model
   • ✅ Current status: Alpine.js properly escapes content, no issue detected

---

⚡ Performance Considerations

1. Database queries in loop (radis/extractions/utils/processor_utils.py:13)

   • Uses fields.all() which evaluates the queryset
   • Since this is called during extraction processing, it could impact performance with many fields
   • Recommendation: This is likely fine for max 5 fields, but consider if performance becomes an issue

2. No database index on selection_options

   • The JSONField doesn't have a database index
   • If you plan to query by selection options later, consider adding a GIN index
   • Current status: Acceptable for now since this field is only used for display/validation

---

🧪 Test Coverage

Good ✅

• Form validation for selection options
• Model validation for selection type
• Empty and non-empty option handling
• Type mismatch validation

Missing ⚠️

• Integration tests: No tests for the JavaScript functionality
• Edge cases:
  • Duplicate options (e.g., ["A", "A"])
  • Very long option strings
  • Unicode/special characters in options
  • Maximum limit boundary (exactly 7 options)
  • Concurrent edits in formsets
• Migration test: No test ensuring the migration runs successfully

Recommendation: Add tests for duplicate validation and JavaScript component behavior

---

📝 Code Quality & Style

Follows Google Python Style Guide ✅

• Proper type hints
• Clear docstrings in JavaScript
• Consistent naming conventions

Minor Issues

1. Magic number (radis/core/static/core/core.js:109 and elsewhere)

   • The value 7 for maxOptions appears in multiple places
   • Recommendation: Consider making this a constant or configuration value

2. Inconsistent error messages

   • Form: "Add at least one selection to use the Selection type."
   • Model: "Add at least one selection option."
   • Recommendation: Use consistent wording across form and model validation

3. Missing JSDoc type annotations

   • The SelectionOptions function has basic JSDoc but could benefit from more detailed type information
   • Recommendation: Add @typedef for the return object structure

---

🎯 Recommendations Summary

Must Fix Before Merge

1. Add duplicate option validation
2. Fix Alpine.js $nextTick usage or verify it works correctly

Should Fix

1. Add test for duplicate options
2. Make error messages consistent
3. Consider max length per option
4. Revert unintentional whitespace changes in formset.html

Nice to Have

1. Extract magic number (7) to a constant
2. Add integration tests for JavaScript
3. Consider adding more edge case tests

---

Overall Assessment

This is a solid contribution that adds useful functionality with good separation of concerns. The main concerns are around edge case validation (duplicates) and ensuring the JavaScript integration works reliably. With the suggested fixes, this will be production-ready.

Recommended Action: Request changes for duplicate validation and Alpine.js $nextTick verification, then approve.

Great work on the comprehensive test coverage for the form validation! 🎉