@lighthouse/common 4.36.0 → 4.37.0-canary-1

package/dist/helpers/build-fetch-url/index.js

@@ -8,12 +8,25 @@ exports.buildFetchUrl = buildFetchUrl;
 function buildFetchUrl(url, options) {
   const {
     awsS3BaseUrl,
+    cloudfrontBaseUrl = '',
     cloudinaryBaseUrl,
     fit,
     height,
     width,
     quality
   } = options;
+
+  if (cloudfrontBaseUrl) {
+    const transformations = [];
+    let transformationsString = '';
+    if (width) transformations.push(`w_${width.toString()}`);
+    if (height) transformations.push(`h_${height.toString()}`);
+    if (quality) transformations.push(`q_${quality.toString()}`);
+    if (fit) transformations.push('c_fit');
+    const fetchUrl = `${cloudfrontBaseUrl}/${transformationsString}${awsS3BaseUrl}/${url}`;
+    return fetchUrl;
+  }
+
   const transformations = [];
   let transformationsString = '';
   if (width) transformations.push(`w_${width.toString()}`);

package/dist/helpers/fetch-image/index.js

@@ -20,6 +20,8 @@ var _constants = require("../../constants");
 
 var _images = require("../../images");
 
+var _getCloudfrontCookies = require("../get-cloudfront-cookies");
+
 // NOTE use the native fetch if it's available in the browser, because the
 // ponyfill (which actually uses the github polyfill) does not support all the
 // same options as native fetch
@@ -46,6 +48,18 @@ function fetchImage(url, options = {}) {
   const fetchOptions = { ...defaultOptions,
     ...options
   };
+  const applicationId = options.applicationId;
+
+  if (url.contains('.cloudfront.net')) {
+    fetchOptions.credentials = 'include'; // Ensure cookies are sent with the request
+
+    const signedCookies = (0, _getCloudfrontCookies.generateCloudFrontCookies)({
+      userId: 'anonymous',
+      applicationId
+    });
+    fetchOptions.headers.Cookie = Object.entries(signedCookies).map(([key, value]) => `${key}=${value}`).join('; ');
+  }
+
   const {
     isHeader = false
   } = options;

package/dist/helpers/get-audit-items-data/index.js

@@ -13,7 +13,8 @@ function getAuditItemsData(items, data) {
   const {
     settings: {
       awsS3BaseUrl,
-      cloudinaryBaseUrl
+      cloudinaryBaseUrl,
+      cloudfrontBaseUrl
     } = {},
     entity: {
       groupScores
@@ -56,6 +57,7 @@ function getAuditItemsData(items, data) {
       const assets = rawAssets.map((asset, assetIndex) => {
         const assetUrl = (0, _.buildFetchUrl)(asset, {
           awsS3BaseUrl,
+          cloudfrontBaseUrl,
           cloudinaryBaseUrl,
           fit: true,
           height: 400,
@@ -65,6 +67,7 @@ function getAuditItemsData(items, data) {
         const link = `${awsS3BaseUrl}/${asset}`;
         const thumbnailUrl = (0, _.buildFetchUrl)(asset, {
           awsS3BaseUrl,
+          cloudfrontBaseUrl,
           cloudinaryBaseUrl,
           width: 100,
           quality: 50

package/dist/helpers/get-cloudfront-cookies/index.js

@@ -0,0 +1,118 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.generateCloudFrontCookies = generateCloudFrontCookies;
+
+const {
+  getSignedCookies
+} = require('@aws-sdk/cloudfront-signer');
+
+const {
+  getSecretValue
+} = require('../../aws/secrets-manager');
+
+const logger = require('../../logger');
+/**
+ * Generate CloudFront signed cookies for authenticated users
+ * @param {Object} options - Configuration options
+ * @param {string} options.userId - User ID for logging purposes
+ * @param {string} options.applicationId - Application ID for resource scoping
+ * Return Type: https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-cloudfront-signer/Interface/CloudfrontSignedCookiesOutput/
+ * @returns {Promise<{
+ *   "CloudFront-Key-Pair-Id": string,
+ *   "CloudFront-Signature": string,
+ *   "CloudFront-Expires"?: number,
+ *   "CloudFront-Policy"?: string
+ * } | null>} Signed cookies object or null if disabled/failed
+ */
+
+
+async function generateCloudFrontCookies({
+  userId,
+  applicationId
+}) {
+  // Early return if CloudFront is not configured
+  if (!process.env.CLOUDFRONT_DOMAIN || !process.env.CLOUDFRONT_KEY_PAIR_ID) {
+    logger.debug('CloudFront cookie generation skipped - not configured');
+    return null;
+  }
+
+  try {
+    // Get private key from AWS Secrets Manager
+    const privateKey = await getPrivateKey();
+
+    if (!privateKey) {
+      logger.warn('CloudFront private key not available');
+      return null;
+    } // Set expiration time (14 days from now)
+
+
+    const expiration = new Date();
+    expiration.setTime(expiration.getTime() + 14 * 24 * 60 * 60 * 1000); // Generate resource URL pattern for wildcard access
+
+    const distributionDomain = `https://${process.env.CLOUDFRONT_DOMAIN}`;
+    const resourcePath = applicationId ? `${applicationId}/*` : '*';
+    const urlPattern = `${distributionDomain}/${resourcePath}`; // Generate signed cookies
+
+    const signedCookies = getSignedCookies({
+      url: urlPattern,
+      keyPairId: process.env.CLOUDFRONT_KEY_PAIR_ID,
+      privateKey: privateKey,
+      dateLessThan: expiration.getTime() // Use epoch timestamp in milliseconds
+
+    });
+    logger.info('CloudFront cookies generated successfully', {
+      userId,
+      applicationId,
+      resourcePath,
+      expiration: expiration.toISOString()
+    });
+    return signedCookies;
+  } catch (error) {
+    logger.error('Failed to generate CloudFront cookies', {
+      userId,
+      applicationId,
+      error: {
+        message: error.message,
+        code: error.code
+      }
+    });
+    return null;
+  }
+}
+
+let privateKeyCache = null;
+let cacheExpiry = null;
+const CACHE_TTL = 5 * 60 * 1000; // 5 minutes
+
+async function getPrivateKey() {
+  const now = Date.now();
+
+  if (privateKeyCache && cacheExpiry && now < cacheExpiry) {
+    return privateKeyCache;
+  }
+
+  if (!process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID) {
+    logger.warn('CLOUDFRONT_PRIVATE_KEY_SECRET_ID not configured');
+    return null;
+  }
+
+  try {
+    const privateKey = await getSecretValue(process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID, 'CLOUDFRONT_PRIVATE_KEY');
+    privateKeyCache = privateKey;
+    cacheExpiry = now + CACHE_TTL;
+    logger.debug('CloudFront private key retrieved and cached');
+    return privateKey;
+  } catch (error) {
+    logger.error('Failed to retrieve CloudFront private key', {
+      secretId: process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID,
+      error: {
+        message: error.message,
+        code: error.code
+      }
+    });
+    return null;
+  }
+}

package/dist/helpers/get-secret-value/index.js

@@ -0,0 +1,49 @@
+"use strict";
+
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = getSecretValue;
+
+var _commonErrors = require("@lighthouse/common-errors");
+
+var _awsSdk = _interopRequireDefault(require("aws-sdk"));
+
+var _lodash = require("lodash");
+
+function getSecretValue(secretId, secretKey) {
+  if (!secretId) {
+    return Promise.reject(new _commonErrors.errors.ValidationError(`Missing required param: secretId:${secretId}`));
+  } // TODO: update these credentials to specific values for service
+
+
+  const secretsClient = new _awsSdk.default.SecretsManager({
+    accessKeyId: process.env.AWS_KEY,
+    region: process.env.AWS_SECRET_MANAGER_REGION,
+    secretAccessKey: process.env.AWS_SECRET
+  });
+  return secretsClient.getSecretValue({
+    SecretId: secretId
+  }).promise().then(payload => {
+    const secret = parseSecretString(payload); // Return early if secretKey isn't defined (we want the full set of key/values)
+
+    if (!secretKey) return secret;
+    const secretValue = secret[secretKey];
+
+    if (!secretValue) {
+      throw new _commonErrors.errors.NotFoundError('Secret value could not be found');
+    }
+
+    return secretValue;
+  }).catch(err => {
+    throw new _commonErrors.errors.UnknownError(`AWSSecretFetchError: ${err.code}, ${err.message}`);
+  });
+}
+
+function parseSecretString(payload) {
+  const secretString = payload.SecretString || '';
+  const parsed = (0, _lodash.attempt)(JSON.parse, secretString);
+  return (0, _lodash.isError)(parsed) ? {} : parsed;
+}

package/dist/pdf/audit/index.js

@@ -155,37 +155,31 @@ function generateContent(data) {
     style: 'totalScore'
   });
   const body = renderThirdRow ? [firstRow, secondRow, thirdRow] : [firstRow, secondRow];
-  const entityFields = Object.keys(entity);
-  const formDurationFieldsPresent = ['formDuration', 'startedAt', 'submittedAt'].some(field => entityFields.includes(field)); // NOTE: stand in for flag rolloutFormDuration
-
-  if (formDurationFieldsPresent) {
-    const startedAtInTimezone = entity.startedAt ? (0, _momentTimezone.default)(entity.startedAt).tz(timezone).format('YYYY-MM-DD HH:mm:ss z') : 'Not recorded';
-    const startedAt = (0, _helpers.text)(`Started: ${startedAtInTimezone}`, {
-      colSpan: 2,
-      style: 'small'
-    });
-    const submittedAtInTimezone = entity.submittedAt ? (0, _momentTimezone.default)(entity.submittedAt).tz(timezone).format('YYYY-MM-DD HH:mm:ss z') : 'Not recorded';
-    const submittedAt = (0, _helpers.text)(`Submitted: ${submittedAtInTimezone}`, {
-      colSpan: 2,
-      style: 'small'
-    });
-
-    const momentDuration = _momentTimezone.default.duration(Math.abs(entity.formDuration));
+  const startedAtInTimezone = entity.startedAt ? (0, _momentTimezone.default)(entity.startedAt).tz(timezone).format('YYYY-MM-DD HH:mm:ss z') : 'Not recorded';
+  const startedAt = (0, _helpers.text)(`Started: ${startedAtInTimezone}`, {
+    colSpan: 2,
+    style: 'small'
+  });
+  const submittedAtInTimezone = entity.submittedAt ? (0, _momentTimezone.default)(entity.submittedAt).tz(timezone).format('YYYY-MM-DD HH:mm:ss z') : 'Not recorded';
+  const submittedAt = (0, _helpers.text)(`Submitted: ${submittedAtInTimezone}`, {
+    colSpan: 2,
+    style: 'small'
+  });
 
-    const days = Math.floor(momentDuration.asDays()).toString().padStart(2, '0');
-    const hours = Math.floor(momentDuration.hours()).toString().padStart(2, '0');
-    const minutes = momentDuration.minutes().toString().padStart(2, '0');
-    const seconds = momentDuration.seconds().toString().padStart(2, '0');
-    const formattedFormDuration = entity.formDuration ? `${entity.formDuration < 0 ? '-' : ''}${days}:${hours}:${minutes}:${seconds}` : 'Not recorded';
-    const formDuration = (0, _helpers.text)(`Form Duration (DD:HH:MM:SS): ${formattedFormDuration}`, {
-      colSpan: 2,
-      style: 'small'
-    });
-    body.push([startedAt, dummyColumn]);
-    body.push([submittedAt, dummyColumn]);
-    body.push([formDuration, dummyColumn]);
-  }
+  const momentDuration = _momentTimezone.default.duration(Math.abs(entity.formDuration));
 
+  const days = Math.floor(momentDuration.asDays()).toString().padStart(2, '0');
+  const hours = Math.floor(momentDuration.hours()).toString().padStart(2, '0');
+  const minutes = momentDuration.minutes().toString().padStart(2, '0');
+  const seconds = momentDuration.seconds().toString().padStart(2, '0');
+  const formattedFormDuration = entity.formDuration ? `${entity.formDuration < 0 ? '-' : ''}${days}:${hours}:${minutes}:${seconds}` : 'Not recorded';
+  const formDuration = (0, _helpers.text)(`Form Duration (DD:HH:MM:SS): ${formattedFormDuration}`, {
+    colSpan: 2,
+    style: 'small'
+  });
+  body.push([startedAt, dummyColumn]);
+  body.push([submittedAt, dummyColumn]);
+  body.push([formDuration, dummyColumn]);
   const titleTable = (0, _helpers.twoColumnTable)({
     body,
     layout: 'noBorders',

package/dist/pdf/helpers/fields/index.js

@@ -50,7 +50,8 @@ function buildImage(options) {
   } = options;
   const {
     awsS3BaseUrl,
-    cloudinaryBaseUrl
+    cloudinaryBaseUrl,
+    cloudfrontBaseUrl
   } = settings;
   const isVideoType = new RegExp('.mp4$').test(filepath);
   const link = `${awsS3BaseUrl}/${filepath}`;
@@ -66,6 +67,7 @@ function buildImage(options) {
 
   const url = (0, _helpers.buildFetchUrl)(filepath, {
     awsS3BaseUrl,
+    cloudfrontBaseUrl,
     cloudinaryBaseUrl,
     fit: true,
     height: 400,

package/dist/pdf/issue/index.js

@@ -92,34 +92,28 @@ function generateContent(data) {
     style: 'small'
   });
   const body = !(0, _lodash.isEmpty)(reverseGeocoded) ? [[headerTitle], [headerSubTitle], [headerAddress]] : [[headerTitle], [headerSubTitle]];
-  const entityFields = Object.keys(entity);
-  const formDurationFieldsPresent = ['formDuration', 'startedAt', 'submittedAt'].some(field => entityFields.includes(field)); // NOTE: stand in for flag rolloutFormDuration
-
-  if (formDurationFieldsPresent) {
-    const startedAtInTimezone = entity.startedAt ? (0, _momentTimezone.default)(entity.startedAt).tz(timezone).format('YYYY-MM-DD HH:mm:ss z') : 'Not recorded';
-    const startedAt = (0, _helpers.text)(`Started: ${startedAtInTimezone}`, {
-      style: 'small'
-    });
-    const submittedAtInTimezone = entity.submittedAt ? (0, _momentTimezone.default)(entity.submittedAt).tz(timezone).format('YYYY-MM-DD HH:mm:ss z') : 'Not recorded';
-    const submittedAt = (0, _helpers.text)(`Submitted: ${submittedAtInTimezone}`, {
-      style: 'small'
-    });
-
-    const momentDuration = _momentTimezone.default.duration(Math.abs(entity.formDuration));
+  const startedAtInTimezone = entity.startedAt ? (0, _momentTimezone.default)(entity.startedAt).tz(timezone).format('YYYY-MM-DD HH:mm:ss z') : 'Not recorded';
+  const startedAt = (0, _helpers.text)(`Started: ${startedAtInTimezone}`, {
+    style: 'small'
+  });
+  const submittedAtInTimezone = entity.submittedAt ? (0, _momentTimezone.default)(entity.submittedAt).tz(timezone).format('YYYY-MM-DD HH:mm:ss z') : 'Not recorded';
+  const submittedAt = (0, _helpers.text)(`Submitted: ${submittedAtInTimezone}`, {
+    style: 'small'
+  });
 
-    const days = Math.floor(momentDuration.asDays()).toString().padStart(2, '0');
-    const hours = Math.floor(momentDuration.hours()).toString().padStart(2, '0');
-    const minutes = momentDuration.minutes().toString().padStart(2, '0');
-    const seconds = momentDuration.seconds().toString().padStart(2, '0');
-    const formattedFormDuration = entity.formDuration ? `${entity.formDuration < 0 ? '-' : ''}${days}:${hours}:${minutes}:${seconds}` : 'Not recorded';
-    const formDuration = (0, _helpers.text)(`Form Duration (DD:HH:MM:SS): ${formattedFormDuration}`, {
-      style: 'small'
-    });
-    body.push([startedAt]);
-    body.push([submittedAt]);
-    body.push([formDuration]);
-  }
+  const momentDuration = _momentTimezone.default.duration(Math.abs(entity.formDuration));
 
+  const days = Math.floor(momentDuration.asDays()).toString().padStart(2, '0');
+  const hours = Math.floor(momentDuration.hours()).toString().padStart(2, '0');
+  const minutes = momentDuration.minutes().toString().padStart(2, '0');
+  const seconds = momentDuration.seconds().toString().padStart(2, '0');
+  const formattedFormDuration = entity.formDuration ? `${entity.formDuration < 0 ? '-' : ''}${days}:${hours}:${minutes}:${seconds}` : 'Not recorded';
+  const formDuration = (0, _helpers.text)(`Form Duration (DD:HH:MM:SS): ${formattedFormDuration}`, {
+    style: 'small'
+  });
+  body.push([startedAt]);
+  body.push([submittedAt]);
+  body.push([formDuration]);
   const titleTable = (0, _helpers.table)({
     body,
     layout: 'noBorders',

package/dist/pdf/task/index.js

@@ -94,34 +94,28 @@ function generateContent(data) {
     body.push([headerAddress]);
   }
 
-  const entityFields = Object.keys(entity);
-  const formDurationFieldsPresent = ['formDuration', 'startedAt', 'submittedAt'].some(field => entityFields.includes(field)); // NOTE: stand in for flag rolloutFormDuration
-
-  if (formDurationFieldsPresent) {
-    const startedAtInTimezone = entity.startedAt ? (0, _momentTimezone.default)(entity.startedAt).tz(timezone).format('YYYY-MM-DD HH:mm:ss z') : 'Not recorded';
-    const startedAt = (0, _helpers.text)(`Started: ${startedAtInTimezone}`, {
-      style: 'small'
-    });
-    const submittedAtInTimezone = entity.submittedAt ? (0, _momentTimezone.default)(entity.submittedAt).tz(timezone).format('YYYY-MM-DD HH:mm:ss z') : 'Not recorded';
-    const submittedAt = (0, _helpers.text)(`Submitted: ${submittedAtInTimezone}`, {
-      style: 'small'
-    });
-
-    const momentDuration = _momentTimezone.default.duration(Math.abs(entity.formDuration));
+  const startedAtInTimezone = entity.startedAt ? (0, _momentTimezone.default)(entity.startedAt).tz(timezone).format('YYYY-MM-DD HH:mm:ss z') : 'Not recorded';
+  const startedAt = (0, _helpers.text)(`Started: ${startedAtInTimezone}`, {
+    style: 'small'
+  });
+  const submittedAtInTimezone = entity.submittedAt ? (0, _momentTimezone.default)(entity.submittedAt).tz(timezone).format('YYYY-MM-DD HH:mm:ss z') : 'Not recorded';
+  const submittedAt = (0, _helpers.text)(`Submitted: ${submittedAtInTimezone}`, {
+    style: 'small'
+  });
 
-    const days = Math.floor(momentDuration.asDays()).toString().padStart(2, '0');
-    const hours = Math.floor(momentDuration.hours()).toString().padStart(2, '0');
-    const minutes = momentDuration.minutes().toString().padStart(2, '0');
-    const seconds = momentDuration.seconds().toString().padStart(2, '0');
-    const formattedFormDuration = entity.formDuration ? `${entity.formDuration < 0 ? '-' : ''}${days}:${hours}:${minutes}:${seconds}` : 'Not recorded';
-    const formDuration = (0, _helpers.text)(`Form Duration (DD:HH:MM:SS): ${formattedFormDuration}`, {
-      style: 'small'
-    });
-    body.push([startedAt]);
-    body.push([submittedAt]);
-    body.push([formDuration]);
-  }
+  const momentDuration = _momentTimezone.default.duration(Math.abs(entity.formDuration));
 
+  const days = Math.floor(momentDuration.asDays()).toString().padStart(2, '0');
+  const hours = Math.floor(momentDuration.hours()).toString().padStart(2, '0');
+  const minutes = momentDuration.minutes().toString().padStart(2, '0');
+  const seconds = momentDuration.seconds().toString().padStart(2, '0');
+  const formattedFormDuration = entity.formDuration ? `${entity.formDuration < 0 ? '-' : ''}${days}:${hours}:${minutes}:${seconds}` : 'Not recorded';
+  const formDuration = (0, _helpers.text)(`Form Duration (DD:HH:MM:SS): ${formattedFormDuration}`, {
+    style: 'small'
+  });
+  body.push([startedAt]);
+  body.push([submittedAt]);
+  body.push([formDuration]);
   const titleTable = (0, _helpers.table)({
     body,
     layout: 'noBorders',

package/lib/helpers/build-fetch-url/index.js

@@ -1,10 +1,26 @@
 export function buildFetchUrl(url, options) {
   var awsS3BaseUrl = options.awsS3BaseUrl,
+      _options$cloudfrontBa = options.cloudfrontBaseUrl,
+      cloudfrontBaseUrl = _options$cloudfrontBa === void 0 ? '' : _options$cloudfrontBa,
       cloudinaryBaseUrl = options.cloudinaryBaseUrl,
       fit = options.fit,
       height = options.height,
       width = options.width,
       quality = options.quality;
+
+  if (cloudfrontBaseUrl) {
+    var _transformations = [];
+    var _transformationsString = '';
+    if (width) _transformations.push("w_".concat(width.toString()));
+    if (height) _transformations.push("h_".concat(height.toString()));
+    if (quality) _transformations.push("q_".concat(quality.toString()));
+    if (fit) _transformations.push('c_fit');
+
+    var _fetchUrl = "".concat(cloudfrontBaseUrl, "/").concat(_transformationsString).concat(awsS3BaseUrl, "/").concat(url);
+
+    return _fetchUrl;
+  }
+
   var transformations = [];
   var transformationsString = '';
   if (width) transformations.push("w_".concat(width.toString()));

package/lib/helpers/build-fetch-url/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/helpers/build-fetch-url/index.js"],"names":["buildFetchUrl","url","options","awsS3BaseUrl","cloudinaryBaseUrl","fit","height","width","quality","transformations","transformationsString","push","toString","join","fetchUrl"],"mappings":"AAAA,OAAO,SAASA,aAAT,CAAuBC,GAAvB,EAA4BC,OAA5B,EAAqC;AAAA,MAExCC,YAFwC,GAQtCD,OARsC,CAExCC,YAFwC;AAAA,MAGxCC,iBAHwC,GAQtCF,OARsC,CAGxCE,iBAHwC;AAAA,MAIxCC,GAJwC,GAQtCH,OARsC,CAIxCG,GAJwC;AAAA,MAKxCC,MALwC,GAQtCJ,OARsC,CAKxCI,MALwC;AAAA,MAMxCC,KANwC,GAQtCL,OARsC,CAMxCK,KANwC;AAAA,MAOxCC,OAPwC,GAQtCN,OARsC,CAOxCM,OAPwC;AAU1C,MAAMC,eAAe,GAAG,EAAxB;AACA,MAAIC,qBAAqB,GAAG,EAA5B;AAEA,MAAIH,KAAJ,EAAWE,eAAe,CAACE,IAAhB,aAA0BJ,KAAK,CAACK,QAAN,EAA1B;AACX,MAAIN,MAAJ,EAAYG,eAAe,CAACE,IAAhB,aAA0BL,MAAM,CAACM,QAAP,EAA1B;AACZ,MAAIJ,OAAJ,EAAaC,eAAe,CAACE,IAAhB,aAA0BH,OAAO,CAACI,QAAR,EAA1B;AACb,MAAIP,GAAJ,EAASI,eAAe,CAACE,IAAhB,CAAqB,OAArB;AAETD,EAAAA,qBAAqB,aAAMD,eAAe,CAACI,IAAhB,CAAqB,GAArB,CAAN,MAArB;AAEA,MAAMC,QAAQ,aAAMV,iBAAN,cAA2BM,qBAA3B,SAAmDP,YAAnD,cAAmEF,GAAnE,CAAd;AAEA,SAAOa,QAAP;AACD","sourcesContent":["export function buildFetchUrl(url, options) {\n  const {\n    awsS3BaseUrl,\n    cloudinaryBaseUrl,\n    fit,\n    height,\n    width,\n    quality,\n  } = options\n\n  const transformations = []\n  let transformationsString = ''\n\n  if (width) transformations.push(`w_${width.toString()}`)\n  if (height) transformations.push(`h_${height.toString()}`)\n  if (quality) transformations.push(`q_${quality.toString()}`)\n  if (fit) transformations.push('c_fit')\n\n  transformationsString = `${transformations.join(',')}/`\n\n  const fetchUrl = `${cloudinaryBaseUrl}/${transformationsString}${awsS3BaseUrl}/${url}`\n\n  return fetchUrl\n}\n"],"file":"index.js"}
+{"version":3,"sources":["../../../src/helpers/build-fetch-url/index.js"],"names":["buildFetchUrl","url","options","awsS3BaseUrl","cloudfrontBaseUrl","cloudinaryBaseUrl","fit","height","width","quality","transformations","transformationsString","push","toString","fetchUrl","join"],"mappings":"AAAA,OAAO,SAASA,aAAT,CAAuBC,GAAvB,EAA4BC,OAA5B,EAAqC;AAAA,MAExCC,YAFwC,GAStCD,OATsC,CAExCC,YAFwC;AAAA,8BAStCD,OATsC,CAGxCE,iBAHwC;AAAA,MAGxCA,iBAHwC,sCAGpB,EAHoB;AAAA,MAIxCC,iBAJwC,GAStCH,OATsC,CAIxCG,iBAJwC;AAAA,MAKxCC,GALwC,GAStCJ,OATsC,CAKxCI,GALwC;AAAA,MAMxCC,MANwC,GAStCL,OATsC,CAMxCK,MANwC;AAAA,MAOxCC,KAPwC,GAStCN,OATsC,CAOxCM,KAPwC;AAAA,MAQxCC,OARwC,GAStCP,OATsC,CAQxCO,OARwC;;AAW1C,MAAIL,iBAAJ,EAAuB;AACrB,QAAMM,gBAAe,GAAG,EAAxB;AACA,QAAIC,sBAAqB,GAAG,EAA5B;AAEA,QAAIH,KAAJ,EAAWE,gBAAe,CAACE,IAAhB,aAA0BJ,KAAK,CAACK,QAAN,EAA1B;AACX,QAAIN,MAAJ,EAAYG,gBAAe,CAACE,IAAhB,aAA0BL,MAAM,CAACM,QAAP,EAA1B;AACZ,QAAIJ,OAAJ,EAAaC,gBAAe,CAACE,IAAhB,aAA0BH,OAAO,CAACI,QAAR,EAA1B;AACb,QAAIP,GAAJ,EAASI,gBAAe,CAACE,IAAhB,CAAqB,OAArB;;AAET,QAAME,SAAQ,aAAMV,iBAAN,cAA2BO,sBAA3B,SAAmDR,YAAnD,cAAmEF,GAAnE,CAAd;;AACA,WAAOa,SAAP;AACD;;AAED,MAAMJ,eAAe,GAAG,EAAxB;AACA,MAAIC,qBAAqB,GAAG,EAA5B;AAEA,MAAIH,KAAJ,EAAWE,eAAe,CAACE,IAAhB,aAA0BJ,KAAK,CAACK,QAAN,EAA1B;AACX,MAAIN,MAAJ,EAAYG,eAAe,CAACE,IAAhB,aAA0BL,MAAM,CAACM,QAAP,EAA1B;AACZ,MAAIJ,OAAJ,EAAaC,eAAe,CAACE,IAAhB,aAA0BH,OAAO,CAACI,QAAR,EAA1B;AACb,MAAIP,GAAJ,EAASI,eAAe,CAACE,IAAhB,CAAqB,OAArB;AAETD,EAAAA,qBAAqB,aAAMD,eAAe,CAACK,IAAhB,CAAqB,GAArB,CAAN,MAArB;AAEA,MAAMD,QAAQ,aAAMT,iBAAN,cAA2BM,qBAA3B,SAAmDR,YAAnD,cAAmEF,GAAnE,CAAd;AAEA,SAAOa,QAAP;AACD","sourcesContent":["export function buildFetchUrl(url, options) {\n  const {\n    awsS3BaseUrl,\n    cloudfrontBaseUrl = '',\n    cloudinaryBaseUrl,\n    fit,\n    height,\n    width,\n    quality,\n  } = options\n\n  if (cloudfrontBaseUrl) {\n    const transformations = []\n    let transformationsString = ''\n\n    if (width) transformations.push(`w_${width.toString()}`)\n    if (height) transformations.push(`h_${height.toString()}`)\n    if (quality) transformations.push(`q_${quality.toString()}`)\n    if (fit) transformations.push('c_fit')\n\n    const fetchUrl = `${cloudfrontBaseUrl}/${transformationsString}${awsS3BaseUrl}/${url}`\n    return fetchUrl\n  }\n\n  const transformations = []\n  let transformationsString = ''\n\n  if (width) transformations.push(`w_${width.toString()}`)\n  if (height) transformations.push(`h_${height.toString()}`)\n  if (quality) transformations.push(`q_${quality.toString()}`)\n  if (fit) transformations.push('c_fit')\n\n  transformationsString = `${transformations.join(',')}/`\n\n  const fetchUrl = `${cloudinaryBaseUrl}/${transformationsString}${awsS3BaseUrl}/${url}`\n\n  return fetchUrl\n}\n"],"file":"index.js"}

package/lib/helpers/fetch-image/index.js

@@ -1,3 +1,4 @@
+import _slicedToArray from "@babel/runtime/helpers/slicedToArray";
 import _defineProperty from "@babel/runtime/helpers/defineProperty";
 import _typeof from "@babel/runtime/helpers/typeof";
 
@@ -9,7 +10,8 @@ import { atob, btoa } from '@lighthouse/abab';
 import fetchPonyfill from 'fetch-ponyfill';
 import Promise from 'bluebird';
 import { LIGHTHOUSE_LOGO_URL } from '../../constants';
-import { imageNotFound } from '../../images'; // NOTE use the native fetch if it's available in the browser, because the
+import { imageNotFound } from '../../images';
+import { generateCloudFrontCookies } from '../get-cloudfront-cookies'; // NOTE use the native fetch if it's available in the browser, because the
 // ponyfill (which actually uses the github polyfill) does not support all the
 // same options as native fetch
 
@@ -36,6 +38,24 @@ export function fetchImage(url) {
 
   var fetchOptions = _objectSpread(_objectSpread({}, defaultOptions), options);
 
+  var applicationId = options.applicationId;
+
+  if (url.contains('.cloudfront.net')) {
+    fetchOptions.credentials = 'include'; // Ensure cookies are sent with the request
+
+    var signedCookies = generateCloudFrontCookies({
+      userId: 'anonymous',
+      applicationId: applicationId
+    });
+    fetchOptions.headers.Cookie = Object.entries(signedCookies).map(function (_ref) {
+      var _ref2 = _slicedToArray(_ref, 2),
+          key = _ref2[0],
+          value = _ref2[1];
+
+      return "".concat(key, "=").concat(value);
+    }).join('; ');
+  }
+
   var _options$isHeader = options.isHeader,
       isHeader = _options$isHeader === void 0 ? false : _options$isHeader;
   return fetch(encodedUrl, fetchOptions).then(function (response) {
@@ -58,9 +78,9 @@ export function fetchImage(url) {
         imageType: imageType
       };
     });
-  }).then(function (_ref) {
-    var buffer = _ref.buffer,
-        imageType = _ref.imageType;
+  }).then(function (_ref3) {
+    var buffer = _ref3.buffer,
+        imageType = _ref3.imageType;
     var base64Flag = "data:image/".concat(imageType, ";base64,");
     var imageStr = arrayBufferToBase64(buffer);
     var base64 = "".concat(base64Flag).concat(imageStr);

package/lib/helpers/fetch-image/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/helpers/fetch-image/index.js"],"names":["atob","btoa","fetchPonyfill","Promise","LIGHTHOUSE_LOGO_URL","imageNotFound","fetch","self","contentTypes","defaultOptions","cache","fetchImage","url","options","encodedUrl","encodeURI","fetchOptions","isHeader","then","response","contentHeader","headers","get","contentType","reject","Error","ok","imageType","arrayBuffer","buffer","base64Flag","imageStr","arrayBufferToBase64","base64","isValid","validateBase64Image","catch","error","console","binary","bytes","slice","call","Uint8Array","forEach","b","String","fromCharCode","base64String","isJpeg","startsWith","validateJpegImage","isPng","validatePngImage","base64string","src","imageData","from","replace","c","charCodeAt","imageCorrupted","length","sequence","i"],"mappings":";;;;;;;AAAA,SAASA,IAAT,EAAeC,IAAf,QAA2B,kBAA3B;AACA,OAAOC,aAAP,MAA0B,gBAA1B;AACA,OAAOC,OAAP,MAAoB,UAApB;AACA,SAASC,mBAAT,QAAoC,iBAApC;AACA,SAASC,aAAT,QAA8B,cAA9B,C,CAEA;AACA;AACA;;AACA,IAAMC,KAAK,GACR,QAAOC,IAAP,yCAAOA,IAAP,OAAgB,QAAhB,IAA4BA,IAAI,CAACD,KAAlC,IAA4CJ,aAAa,CAAC;AAAEC,EAAAA,OAAO,EAAPA;AAAF,CAAD,CAAb,CAA2BG,KADzE;AAGA,IAAME,YAAY,GAAG;AACnB,eAAa,KADM;AAEnB,gBAAc;AAFK,CAArB;AAKA,IAAMC,cAAc,GAAG;AACrB;AACA;AACA;AACA;AACA;AACA;AACA;AACAC,EAAAA,KAAK,EAAE;AARc,CAAvB;AAWA,OAAO,SAASC,UAAT,CAAoBC,GAApB,EAAuC;AAAA,MAAdC,OAAc,uEAAJ,EAAI;AAC5C,MAAMC,UAAU,GAAGC,SAAS,CAACH,GAAD,CAA5B;;AACA,MAAMI,YAAY,mCACbP,cADa,GAEbI,OAFa,CAAlB;;AAF4C,0BAMfA,OANe,CAMpCI,QANoC;AAAA,MAMpCA,QANoC,kCAMzB,KANyB;AAQ5C,SAAOX,KAAK,CAACQ,UAAD,EAAaE,YAAb,CAAL,CACJE,IADI,CACC,UAAAC,QAAQ,EAAI;AAChB,QAAMC,aAAa,GAAGD,QAAQ,CAACE,OAAT,CAAiBC,GAAjB,CAAqB,gBAArB,CAAtB;AACA,QAAMC,WAAW,GAAGJ,QAAQ,CAACE,OAAT,CAAiBC,GAAjB,CAAqB,cAArB,CAApB,CAFgB,CAIhB;AACA;;AACA,QAAIF,aAAa,KAAK,GAAtB,EAA2B;AACzB,aAAOjB,OAAO,CAACqB,MAAR,CACL,IAAIC,KAAJ,uDAAyDX,UAAzD,EADK,CAAP;AAGD;;AAED,QAAI,CAACK,QAAQ,CAACO,EAAd,EAAkB;AAChB,aAAOvB,OAAO,CAACqB,MAAR,CAAe,IAAIC,KAAJ,kCAAoCX,UAApC,EAAf,CAAP;AACD;;AAED,QAAMa,SAAS,GAAGnB,YAAY,CAACe,WAAD,CAA9B;AAEA,WAAOJ,QAAQ,CAACS,WAAT,GAAuBV,IAAvB,CAA4B,UAAAW,MAAM;AAAA,aAAK;AAC5CA,QAAAA,MAAM,EAANA,MAD4C;AAE5CF,QAAAA,SAAS,EAATA;AAF4C,OAAL;AAAA,KAAlC,CAAP;AAID,GAvBI,EAwBJT,IAxBI,CAwBC,gBAA2B;AAAA,QAAxBW,MAAwB,QAAxBA,MAAwB;AAAA,QAAhBF,SAAgB,QAAhBA,SAAgB;AAC/B,QAAMG,UAAU,wBAAiBH,SAAjB,aAAhB;AACA,QAAMI,QAAQ,GAAGC,mBAAmB,CAACH,MAAD,CAApC;AAEA,QAAMI,MAAM,aAAMH,UAAN,SAAmBC,QAAnB,CAAZ;AACA,QAAMG,OAAO,GAAGC,mBAAmB,CAACF,MAAD,CAAnC;;AAEA,QAAI,CAACC,OAAL,EAAc;AACZ,aAAO/B,OAAO,CAACqB,MAAR,CAAe,IAAIC,KAAJ,CAAU,mBAAV,CAAf,CAAP;AACD;;AAED,WAAOQ,MAAP;AACD,GApCI,EAqCJG,KArCI,CAqCE,UAAAC,KAAK,EAAI;AACd,QAAIpB,QAAJ,EAAc;AACZ;AACAqB,MAAAA,OAAO,CAACD,KAAR,CAAc,uBAAd,EAAuCA,KAAvC;AACA,aAAO1B,UAAU,CAACP,mBAAD,EAAsBK,cAAtB,CAAjB;AACD;;AAED6B,IAAAA,OAAO,CAACD,KAAR,CAAcA,KAAd;AACA,WAAOhC,aAAP;AACD,GA9CI,CAAP;AA+CD;;AAED,SAAS2B,mBAAT,CAA6BH,MAA7B,EAAqC;AACnC,MAAIU,MAAM,GAAG,EAAb;AACA,MAAMC,KAAK,GAAG,GAAGC,KAAH,CAASC,IAAT,CAAc,IAAIC,UAAJ,CAAed,MAAf,CAAd,CAAd;AAEAW,EAAAA,KAAK,CAACI,OAAN,CAAc,UAAAC,CAAC;AAAA,WAAKN,MAAM,IAAIO,MAAM,CAACC,YAAP,CAAoBF,CAApB,CAAf;AAAA,GAAf;AAEA,SAAO5C,IAAI,CAACsC,MAAD,CAAX;AACD;;AAED,OAAO,SAASJ,mBAAT,CAA6Ba,YAA7B,EAA2C;AAChD,MAAMC,MAAM,GAAGD,YAAY,CAACE,UAAb,CAAwB,yBAAxB,CAAf;AAEA,MAAID,MAAJ,EAAY,OAAOE,iBAAiB,CAACH,YAAD,CAAxB;AAEZ,MAAMI,KAAK,GAAGJ,YAAY,CAACE,UAAb,CAAwB,wBAAxB,CAAd;AAEA,MAAIE,KAAJ,EAAW,OAAOC,gBAAgB,CAACL,YAAD,CAAvB;AAEX,SAAO,KAAP;AACD,C,CAED;AACA;;AACA,OAAO,SAASG,iBAAT,CAA2BG,YAA3B,EAAyC;AAC9C,MAAMC,GAAG,GAAGD,YAAZ;AACA,MAAME,SAAS,GAAGb,UAAU,CAACc,IAAX,CAChBzD,IAAI,CAACuD,GAAG,CAACG,OAAJ,CAAY,yBAAZ,EAAuC,EAAvC,CAAD,CADY,EAEhB,UAAAC,CAAC;AAAA,WAAIA,CAAC,CAACC,UAAF,CAAa,CAAb,CAAJ;AAAA,GAFe,CAAlB;AAIA,MAAMC,cAAc,GAClBL,SAAS,CAACA,SAAS,CAACM,MAAV,GAAmB,CAApB,CAAT,KAAoC,GAApC,IACAN,SAAS,CAACA,SAAS,CAACM,MAAV,GAAmB,CAApB,CAAT,KAAoC,GAFtC;AAIA,SAAOD,cAAP;AACD,C,CAED;AACA;;AACA,OAAO,SAASR,gBAAT,CAA0BC,YAA1B,EAAwC;AAC7C,MAAMC,GAAG,GAAGD,YAAZ;AACA,MAAME,SAAS,GAAGb,UAAU,CAACc,IAAX,CAChBzD,IAAI,CAACuD,GAAG,CAACG,OAAJ,CAAY,wBAAZ,EAAsC,EAAtC,CAAD,CADY,EAEhB,UAAAC,CAAC;AAAA,WAAIA,CAAC,CAACC,UAAF,CAAa,CAAb,CAAJ;AAAA,GAFe,CAAlB;AAIA,MAAMG,QAAQ,GAAG,CAAC,CAAD,EAAI,CAAJ,EAAO,CAAP,EAAU,CAAV,EAAa,EAAb,EAAiB,EAAjB,EAAqB,EAArB,EAAyB,EAAzB,EAA6B,GAA7B,EAAkC,EAAlC,EAAsC,EAAtC,EAA0C,GAA1C,CAAjB,CAN6C,CAMmB;AAEhE;;AACA,OAAK,IAAIC,CAAC,GAAG,EAAb,EAAiBA,CAAC,GAAG,CAArB,EAAwBA,CAAC,EAAzB,EAA6B;AAC3B,QAAIR,SAAS,CAACA,SAAS,CAACM,MAAV,GAAmBE,CAApB,CAAT,KAAoCD,QAAQ,CAAC,KAAKC,CAAN,CAAhD,EAA0D;AACxD,aAAO,KAAP;AACD;AACF;;AAED,SAAO,IAAP;AACD","sourcesContent":["import { atob, btoa } from '@lighthouse/abab'\nimport fetchPonyfill from 'fetch-ponyfill'\nimport Promise from 'bluebird'\nimport { LIGHTHOUSE_LOGO_URL } from '../../constants'\nimport { imageNotFound } from '../../images'\n\n// NOTE use the native fetch if it's available in the browser, because the\n// ponyfill (which actually uses the github polyfill) does not support all the\n// same options as native fetch\nconst fetch =\n  (typeof self === 'object' && self.fetch) || fetchPonyfill({ Promise }).fetch\n\nconst contentTypes = {\n  'image/png': 'png',\n  'image/jpeg': 'jpeg',\n}\n\nconst defaultOptions = {\n  // NOTE The cache: no-cache option is important to avoid an issue with CORS\n  // and caching on Chrome. Here's a good explanation of the issue:\n  // https://stackoverflow.com/a/37455118\n  // In our case, when loading the web version of a form, the signature image is\n  // cached without the correct CORS headers. If the pdf is then generated,\n  // there's a mismatch between the cached image headers and the CORS headers\n  // sent from the fetch request, causing an error\n  cache: 'no-cache',\n}\n\nexport function fetchImage(url, options = {}) {\n  const encodedUrl = encodeURI(url)\n  const fetchOptions = {\n    ...defaultOptions,\n    ...options,\n  }\n  const { isHeader = false } = options\n\n  return fetch(encodedUrl, fetchOptions)\n    .then(response => {\n      const contentHeader = response.headers.get('content-length')\n      const contentType = response.headers.get('content-type')\n\n      // NOTE: the response will be ok but we won't be able to render any\n      // image meaning pdfmake will error. Raise error here and return early.\n      if (contentHeader === '0') {\n        return Promise.reject(\n          new Error(`Failed to fetch image as no content length: ${encodedUrl}`)\n        )\n      }\n\n      if (!response.ok) {\n        return Promise.reject(new Error(`Failed to fetch image: ${encodedUrl}`))\n      }\n\n      const imageType = contentTypes[contentType]\n\n      return response.arrayBuffer().then(buffer => ({\n        buffer,\n        imageType,\n      }))\n    })\n    .then(({ buffer, imageType }) => {\n      const base64Flag = `data:image/${imageType};base64,`\n      const imageStr = arrayBufferToBase64(buffer)\n\n      const base64 = `${base64Flag}${imageStr}`\n      const isValid = validateBase64Image(base64)\n\n      if (!isValid) {\n        return Promise.reject(new Error('InvalidImageError'))\n      }\n\n      return base64\n    })\n    .catch(error => {\n      if (isHeader) {\n        // NOTE: Replace failed headers with LH logo\n        console.error('FetchImageHeaderError', error)\n        return fetchImage(LIGHTHOUSE_LOGO_URL, defaultOptions)\n      }\n\n      console.error(error)\n      return imageNotFound\n    })\n}\n\nfunction arrayBufferToBase64(buffer) {\n  let binary = ''\n  const bytes = [].slice.call(new Uint8Array(buffer))\n\n  bytes.forEach(b => (binary += String.fromCharCode(b)))\n\n  return btoa(binary)\n}\n\nexport function validateBase64Image(base64String) {\n  const isJpeg = base64String.startsWith('data:image/jpeg;base64,')\n\n  if (isJpeg) return validateJpegImage(base64String)\n\n  const isPng = base64String.startsWith('data:image/png;base64,')\n\n  if (isPng) return validatePngImage(base64String)\n\n  return false\n}\n\n// See SO for more info: https://stackoverflow.com/a/41635312\n// Fiddle: https://jsfiddle.net/Lnyxuchw/\nexport function validateJpegImage(base64string) {\n  const src = base64string\n  const imageData = Uint8Array.from(\n    atob(src.replace('data:image/jpeg;base64,', '')),\n    c => c.charCodeAt(0)\n  )\n  const imageCorrupted =\n    imageData[imageData.length - 1] === 217 &&\n    imageData[imageData.length - 2] === 255\n\n  return imageCorrupted\n}\n\n// See SO for more info: https://stackoverflow.com/a/41635312\n// Fiddle: https://jsfiddle.net/Lnyxuchw/\nexport function validatePngImage(base64string) {\n  const src = base64string\n  const imageData = Uint8Array.from(\n    atob(src.replace('data:image/png;base64,', '')),\n    c => c.charCodeAt(0)\n  )\n  const sequence = [0, 0, 0, 0, 73, 69, 78, 68, 174, 66, 96, 130] // in hex:\n\n  //check last 12 elements of array so they contains needed values\n  for (let i = 12; i > 0; i--) {\n    if (imageData[imageData.length - i] !== sequence[12 - i]) {\n      return false\n    }\n  }\n\n  return true\n}\n"],"file":"index.js"}
+{"version":3,"sources":["../../../src/helpers/fetch-image/index.js"],"names":["atob","btoa","fetchPonyfill","Promise","LIGHTHOUSE_LOGO_URL","imageNotFound","generateCloudFrontCookies","fetch","self","contentTypes","defaultOptions","cache","fetchImage","url","options","encodedUrl","encodeURI","fetchOptions","applicationId","contains","credentials","signedCookies","userId","headers","Cookie","Object","entries","map","key","value","join","isHeader","then","response","contentHeader","get","contentType","reject","Error","ok","imageType","arrayBuffer","buffer","base64Flag","imageStr","arrayBufferToBase64","base64","isValid","validateBase64Image","catch","error","console","binary","bytes","slice","call","Uint8Array","forEach","b","String","fromCharCode","base64String","isJpeg","startsWith","validateJpegImage","isPng","validatePngImage","base64string","src","imageData","from","replace","c","charCodeAt","imageCorrupted","length","sequence","i"],"mappings":";;;;;;;;AAAA,SAASA,IAAT,EAAeC,IAAf,QAA2B,kBAA3B;AACA,OAAOC,aAAP,MAA0B,gBAA1B;AACA,OAAOC,OAAP,MAAoB,UAApB;AACA,SAASC,mBAAT,QAAoC,iBAApC;AACA,SAASC,aAAT,QAA8B,cAA9B;AACA,SAASC,yBAAT,QAA0C,2BAA1C,C,CACA;AACA;AACA;;AACA,IAAMC,KAAK,GACR,QAAOC,IAAP,yCAAOA,IAAP,OAAgB,QAAhB,IAA4BA,IAAI,CAACD,KAAlC,IAA4CL,aAAa,CAAC;AAAEC,EAAAA,OAAO,EAAPA;AAAF,CAAD,CAAb,CAA2BI,KADzE;AAGA,IAAME,YAAY,GAAG;AACnB,eAAa,KADM;AAEnB,gBAAc;AAFK,CAArB;AAKA,IAAMC,cAAc,GAAG;AACrB;AACA;AACA;AACA;AACA;AACA;AACA;AACAC,EAAAA,KAAK,EAAE;AARc,CAAvB;AAWA,OAAO,SAASC,UAAT,CAAoBC,GAApB,EAAuC;AAAA,MAAdC,OAAc,uEAAJ,EAAI;AAC5C,MAAMC,UAAU,GAAGC,SAAS,CAACH,GAAD,CAA5B;;AACA,MAAMI,YAAY,mCACbP,cADa,GAEbI,OAFa,CAAlB;;AAKA,MAAMI,aAAa,GAAGJ,OAAO,CAACI,aAA9B;;AAEA,MAAIL,GAAG,CAACM,QAAJ,CAAa,iBAAb,CAAJ,EAAqC;AACnCF,IAAAA,YAAY,CAACG,WAAb,GAA2B,SAA3B,CADmC,CACE;;AAErC,QAAMC,aAAa,GAAGf,yBAAyB,CAAC;AAC9CgB,MAAAA,MAAM,EAAE,WADsC;AAE9CJ,MAAAA,aAAa,EAAbA;AAF8C,KAAD,CAA/C;AAKAD,IAAAA,YAAY,CAACM,OAAb,CAAqBC,MAArB,GAA8BC,MAAM,CAACC,OAAP,CAAeL,aAAf,EAC3BM,GAD2B,CACvB;AAAA;AAAA,UAAEC,GAAF;AAAA,UAAOC,KAAP;;AAAA,uBAAqBD,GAArB,cAA4BC,KAA5B;AAAA,KADuB,EAE3BC,IAF2B,CAEtB,IAFsB,CAA9B;AAGD;;AApB2C,0BAsBfhB,OAtBe,CAsBpCiB,QAtBoC;AAAA,MAsBpCA,QAtBoC,kCAsBzB,KAtByB;AAwB5C,SAAOxB,KAAK,CAACQ,UAAD,EAAaE,YAAb,CAAL,CACJe,IADI,CACC,UAAAC,QAAQ,EAAI;AAChB,QAAMC,aAAa,GAAGD,QAAQ,CAACV,OAAT,CAAiBY,GAAjB,CAAqB,gBAArB,CAAtB;AACA,QAAMC,WAAW,GAAGH,QAAQ,CAACV,OAAT,CAAiBY,GAAjB,CAAqB,cAArB,CAApB,CAFgB,CAIhB;AACA;;AACA,QAAID,aAAa,KAAK,GAAtB,EAA2B;AACzB,aAAO/B,OAAO,CAACkC,MAAR,CACL,IAAIC,KAAJ,uDAAyDvB,UAAzD,EADK,CAAP;AAGD;;AAED,QAAI,CAACkB,QAAQ,CAACM,EAAd,EAAkB;AAChB,aAAOpC,OAAO,CAACkC,MAAR,CAAe,IAAIC,KAAJ,kCAAoCvB,UAApC,EAAf,CAAP;AACD;;AAED,QAAMyB,SAAS,GAAG/B,YAAY,CAAC2B,WAAD,CAA9B;AAEA,WAAOH,QAAQ,CAACQ,WAAT,GAAuBT,IAAvB,CAA4B,UAAAU,MAAM;AAAA,aAAK;AAC5CA,QAAAA,MAAM,EAANA,MAD4C;AAE5CF,QAAAA,SAAS,EAATA;AAF4C,OAAL;AAAA,KAAlC,CAAP;AAID,GAvBI,EAwBJR,IAxBI,CAwBC,iBAA2B;AAAA,QAAxBU,MAAwB,SAAxBA,MAAwB;AAAA,QAAhBF,SAAgB,SAAhBA,SAAgB;AAC/B,QAAMG,UAAU,wBAAiBH,SAAjB,aAAhB;AACA,QAAMI,QAAQ,GAAGC,mBAAmB,CAACH,MAAD,CAApC;AAEA,QAAMI,MAAM,aAAMH,UAAN,SAAmBC,QAAnB,CAAZ;AACA,QAAMG,OAAO,GAAGC,mBAAmB,CAACF,MAAD,CAAnC;;AAEA,QAAI,CAACC,OAAL,EAAc;AACZ,aAAO5C,OAAO,CAACkC,MAAR,CAAe,IAAIC,KAAJ,CAAU,mBAAV,CAAf,CAAP;AACD;;AAED,WAAOQ,MAAP;AACD,GApCI,EAqCJG,KArCI,CAqCE,UAAAC,KAAK,EAAI;AACd,QAAInB,QAAJ,EAAc;AACZ;AACAoB,MAAAA,OAAO,CAACD,KAAR,CAAc,uBAAd,EAAuCA,KAAvC;AACA,aAAOtC,UAAU,CAACR,mBAAD,EAAsBM,cAAtB,CAAjB;AACD;;AAEDyC,IAAAA,OAAO,CAACD,KAAR,CAAcA,KAAd;AACA,WAAO7C,aAAP;AACD,GA9CI,CAAP;AA+CD;;AAED,SAASwC,mBAAT,CAA6BH,MAA7B,EAAqC;AACnC,MAAIU,MAAM,GAAG,EAAb;AACA,MAAMC,KAAK,GAAG,GAAGC,KAAH,CAASC,IAAT,CAAc,IAAIC,UAAJ,CAAed,MAAf,CAAd,CAAd;AAEAW,EAAAA,KAAK,CAACI,OAAN,CAAc,UAAAC,CAAC;AAAA,WAAKN,MAAM,IAAIO,MAAM,CAACC,YAAP,CAAoBF,CAApB,CAAf;AAAA,GAAf;AAEA,SAAOzD,IAAI,CAACmD,MAAD,CAAX;AACD;;AAED,OAAO,SAASJ,mBAAT,CAA6Ba,YAA7B,EAA2C;AAChD,MAAMC,MAAM,GAAGD,YAAY,CAACE,UAAb,CAAwB,yBAAxB,CAAf;AAEA,MAAID,MAAJ,EAAY,OAAOE,iBAAiB,CAACH,YAAD,CAAxB;AAEZ,MAAMI,KAAK,GAAGJ,YAAY,CAACE,UAAb,CAAwB,wBAAxB,CAAd;AAEA,MAAIE,KAAJ,EAAW,OAAOC,gBAAgB,CAACL,YAAD,CAAvB;AAEX,SAAO,KAAP;AACD,C,CAED;AACA;;AACA,OAAO,SAASG,iBAAT,CAA2BG,YAA3B,EAAyC;AAC9C,MAAMC,GAAG,GAAGD,YAAZ;AACA,MAAME,SAAS,GAAGb,UAAU,CAACc,IAAX,CAChBtE,IAAI,CAACoE,GAAG,CAACG,OAAJ,CAAY,yBAAZ,EAAuC,EAAvC,CAAD,CADY,EAEhB,UAAAC,CAAC;AAAA,WAAIA,CAAC,CAACC,UAAF,CAAa,CAAb,CAAJ;AAAA,GAFe,CAAlB;AAIA,MAAMC,cAAc,GAClBL,SAAS,CAACA,SAAS,CAACM,MAAV,GAAmB,CAApB,CAAT,KAAoC,GAApC,IACAN,SAAS,CAACA,SAAS,CAACM,MAAV,GAAmB,CAApB,CAAT,KAAoC,GAFtC;AAIA,SAAOD,cAAP;AACD,C,CAED;AACA;;AACA,OAAO,SAASR,gBAAT,CAA0BC,YAA1B,EAAwC;AAC7C,MAAMC,GAAG,GAAGD,YAAZ;AACA,MAAME,SAAS,GAAGb,UAAU,CAACc,IAAX,CAChBtE,IAAI,CAACoE,GAAG,CAACG,OAAJ,CAAY,wBAAZ,EAAsC,EAAtC,CAAD,CADY,EAEhB,UAAAC,CAAC;AAAA,WAAIA,CAAC,CAACC,UAAF,CAAa,CAAb,CAAJ;AAAA,GAFe,CAAlB;AAIA,MAAMG,QAAQ,GAAG,CAAC,CAAD,EAAI,CAAJ,EAAO,CAAP,EAAU,CAAV,EAAa,EAAb,EAAiB,EAAjB,EAAqB,EAArB,EAAyB,EAAzB,EAA6B,GAA7B,EAAkC,EAAlC,EAAsC,EAAtC,EAA0C,GAA1C,CAAjB,CAN6C,CAMmB;AAEhE;;AACA,OAAK,IAAIC,CAAC,GAAG,EAAb,EAAiBA,CAAC,GAAG,CAArB,EAAwBA,CAAC,EAAzB,EAA6B;AAC3B,QAAIR,SAAS,CAACA,SAAS,CAACM,MAAV,GAAmBE,CAApB,CAAT,KAAoCD,QAAQ,CAAC,KAAKC,CAAN,CAAhD,EAA0D;AACxD,aAAO,KAAP;AACD;AACF;;AAED,SAAO,IAAP;AACD","sourcesContent":["import { atob, btoa } from '@lighthouse/abab'\nimport fetchPonyfill from 'fetch-ponyfill'\nimport Promise from 'bluebird'\nimport { LIGHTHOUSE_LOGO_URL } from '../../constants'\nimport { imageNotFound } from '../../images'\nimport { generateCloudFrontCookies } from '../get-cloudfront-cookies'\n// NOTE use the native fetch if it's available in the browser, because the\n// ponyfill (which actually uses the github polyfill) does not support all the\n// same options as native fetch\nconst fetch =\n  (typeof self === 'object' && self.fetch) || fetchPonyfill({ Promise }).fetch\n\nconst contentTypes = {\n  'image/png': 'png',\n  'image/jpeg': 'jpeg',\n}\n\nconst defaultOptions = {\n  // NOTE The cache: no-cache option is important to avoid an issue with CORS\n  // and caching on Chrome. Here's a good explanation of the issue:\n  // https://stackoverflow.com/a/37455118\n  // In our case, when loading the web version of a form, the signature image is\n  // cached without the correct CORS headers. If the pdf is then generated,\n  // there's a mismatch between the cached image headers and the CORS headers\n  // sent from the fetch request, causing an error\n  cache: 'no-cache',\n}\n\nexport function fetchImage(url, options = {}) {\n  const encodedUrl = encodeURI(url)\n  const fetchOptions = {\n    ...defaultOptions,\n    ...options,\n  }\n\n  const applicationId = options.applicationId\n\n  if (url.contains('.cloudfront.net')) {\n    fetchOptions.credentials = 'include' // Ensure cookies are sent with the request\n\n    const signedCookies = generateCloudFrontCookies({\n      userId: 'anonymous',\n      applicationId,\n    })\n\n    fetchOptions.headers.Cookie = Object.entries(signedCookies)\n      .map(([key, value]) => `${key}=${value}`)\n      .join('; ')\n  }\n\n  const { isHeader = false } = options\n\n  return fetch(encodedUrl, fetchOptions)\n    .then(response => {\n      const contentHeader = response.headers.get('content-length')\n      const contentType = response.headers.get('content-type')\n\n      // NOTE: the response will be ok but we won't be able to render any\n      // image meaning pdfmake will error. Raise error here and return early.\n      if (contentHeader === '0') {\n        return Promise.reject(\n          new Error(`Failed to fetch image as no content length: ${encodedUrl}`)\n        )\n      }\n\n      if (!response.ok) {\n        return Promise.reject(new Error(`Failed to fetch image: ${encodedUrl}`))\n      }\n\n      const imageType = contentTypes[contentType]\n\n      return response.arrayBuffer().then(buffer => ({\n        buffer,\n        imageType,\n      }))\n    })\n    .then(({ buffer, imageType }) => {\n      const base64Flag = `data:image/${imageType};base64,`\n      const imageStr = arrayBufferToBase64(buffer)\n\n      const base64 = `${base64Flag}${imageStr}`\n      const isValid = validateBase64Image(base64)\n\n      if (!isValid) {\n        return Promise.reject(new Error('InvalidImageError'))\n      }\n\n      return base64\n    })\n    .catch(error => {\n      if (isHeader) {\n        // NOTE: Replace failed headers with LH logo\n        console.error('FetchImageHeaderError', error)\n        return fetchImage(LIGHTHOUSE_LOGO_URL, defaultOptions)\n      }\n\n      console.error(error)\n      return imageNotFound\n    })\n}\n\nfunction arrayBufferToBase64(buffer) {\n  let binary = ''\n  const bytes = [].slice.call(new Uint8Array(buffer))\n\n  bytes.forEach(b => (binary += String.fromCharCode(b)))\n\n  return btoa(binary)\n}\n\nexport function validateBase64Image(base64String) {\n  const isJpeg = base64String.startsWith('data:image/jpeg;base64,')\n\n  if (isJpeg) return validateJpegImage(base64String)\n\n  const isPng = base64String.startsWith('data:image/png;base64,')\n\n  if (isPng) return validatePngImage(base64String)\n\n  return false\n}\n\n// See SO for more info: https://stackoverflow.com/a/41635312\n// Fiddle: https://jsfiddle.net/Lnyxuchw/\nexport function validateJpegImage(base64string) {\n  const src = base64string\n  const imageData = Uint8Array.from(\n    atob(src.replace('data:image/jpeg;base64,', '')),\n    c => c.charCodeAt(0)\n  )\n  const imageCorrupted =\n    imageData[imageData.length - 1] === 217 &&\n    imageData[imageData.length - 2] === 255\n\n  return imageCorrupted\n}\n\n// See SO for more info: https://stackoverflow.com/a/41635312\n// Fiddle: https://jsfiddle.net/Lnyxuchw/\nexport function validatePngImage(base64string) {\n  const src = base64string\n  const imageData = Uint8Array.from(\n    atob(src.replace('data:image/png;base64,', '')),\n    c => c.charCodeAt(0)\n  )\n  const sequence = [0, 0, 0, 0, 73, 69, 78, 68, 174, 66, 96, 130] // in hex:\n\n  //check last 12 elements of array so they contains needed values\n  for (let i = 12; i > 0; i--) {\n    if (imageData[imageData.length - i] !== sequence[12 - i]) {\n      return false\n    }\n  }\n\n  return true\n}\n"],"file":"index.js"}

package/lib/helpers/get-audit-items-data/index.js

@@ -5,6 +5,7 @@ export function getAuditItemsData(items, data) {
   _data$settings = _data$settings === void 0 ? {} : _data$settings;
   var awsS3BaseUrl = _data$settings.awsS3BaseUrl,
       cloudinaryBaseUrl = _data$settings.cloudinaryBaseUrl,
+      cloudfrontBaseUrl = _data$settings.cloudfrontBaseUrl,
       _data$entity = data.entity;
   _data$entity = _data$entity === void 0 ? {} : _data$entity;
   var groupScores = _data$entity.groupScores;
@@ -45,6 +46,7 @@ export function getAuditItemsData(items, data) {
       var assets = rawAssets.map(function (asset, assetIndex) {
         var assetUrl = buildFetchUrl(asset, {
           awsS3BaseUrl: awsS3BaseUrl,
+          cloudfrontBaseUrl: cloudfrontBaseUrl,
           cloudinaryBaseUrl: cloudinaryBaseUrl,
           fit: true,
           height: 400,
@@ -54,6 +56,7 @@ export function getAuditItemsData(items, data) {
         var link = "".concat(awsS3BaseUrl, "/").concat(asset);
         var thumbnailUrl = buildFetchUrl(asset, {
           awsS3BaseUrl: awsS3BaseUrl,
+          cloudfrontBaseUrl: cloudfrontBaseUrl,
           cloudinaryBaseUrl: cloudinaryBaseUrl,
           width: 100,
           quality: 50