@striae-org/striae 3.0.4

package/app/components/actions/case-import/storage-operations.ts

@@ -0,0 +1,270 @@
+import { User } from 'firebase/auth';
+import paths from '~/config/config.json';
+import { 
+  getDataApiKey,
+  getUserApiKey
+} from '~/utils/auth';
+import {
+  getUserReadOnlyCases,
+  updateUserData,
+  validateUserSession
+} from '~/utils/permissions';
+import { 
+  CaseExportData,   
+  ExtendedUserData,
+  FileData,
+  CaseData,
+  ReadOnlyCaseMetadata
+} from '~/types';
+import { deleteFile } from '../image-manage';
+import { SignedForensicManifest } from '~/utils/SHA256';
+
+const USER_WORKER_URL = paths.user_worker_url;
+const DATA_WORKER_URL = paths.data_worker_url;
+
+/**
+ * Check if user already has a read-only case with the same number
+ */
+export async function checkReadOnlyCaseExists(
+  user: User, 
+  caseNumber: string
+): Promise<ReadOnlyCaseMetadata | null> {
+  try {
+    // Use centralized function to get read-only cases
+    const readOnlyCases = await getUserReadOnlyCases(user);
+    return readOnlyCases.find(c => c.caseNumber === caseNumber) || null;
+    
+  } catch (error) {
+    console.error('Error checking read-only case existence:', error);
+    return null;
+  }
+}
+
+/**
+ * Create read-only case entry in user database
+ * Note: Only one read-only case is allowed at a time. This function will clear any existing 
+ * read-only cases before adding the new one to prevent accumulation of multiple read-only cases.
+ */
+export async function addReadOnlyCaseToUser(
+  user: User, 
+  caseMetadata: ReadOnlyCaseMetadata
+): Promise<void> {
+  try {
+    // Validate user session
+    const sessionValidation = await validateUserSession(user);
+    if (!sessionValidation.valid) {
+      throw new Error(`Session validation failed: ${sessionValidation.reason}`);
+    }
+
+    // Get current read-only cases
+    const currentReadOnlyCases = await getUserReadOnlyCases(user);
+    
+    // IMPORTANT: Only allow one read-only case at a time
+    // Clear any existing read-only cases before adding the new one
+    if (currentReadOnlyCases.length > 0) {
+      const existingCaseNumbers = currentReadOnlyCases.map(c => c.caseNumber).join(', ');
+      console.log(`Clearing ${currentReadOnlyCases.length} existing read-only case(s) (${existingCaseNumbers}) before importing new case: ${caseMetadata.caseNumber}`);
+    }
+    
+    // Update user data with the new read-only case (replacing any existing ones)
+    await updateUserData(user, { 
+      readOnlyCases: [caseMetadata] // Only the new case
+    });
+    
+    console.log(`Added new read-only case to user profile: ${caseMetadata.caseNumber}`);
+    
+  } catch (error) {
+    console.error('Error adding read-only case to user:', error);
+    throw error;
+  }
+}
+
+/**
+ * Store case data in R2 storage
+ */
+export async function storeCaseDataInR2(
+  user: User,
+  caseNumber: string,
+  caseData: CaseExportData,
+  importedFiles: FileData[],
+  originalImageIdMapping?: Map<string, string>,
+  forensicManifest?: SignedForensicManifest
+): Promise<void> {
+  try {
+    const apiKey = await getDataApiKey();
+    
+    // Convert the mapping to a plain object for JSON serialization
+    const originalImageIds = originalImageIdMapping ? 
+      Object.fromEntries(originalImageIdMapping) : undefined;
+
+    const forensicManifestMetadata = forensicManifest ? {
+      manifestVersion: forensicManifest.manifestVersion,
+      createdAt: forensicManifest.createdAt,
+      dataHash: forensicManifest.dataHash,
+      manifestHash: forensicManifest.manifestHash,
+      signature: forensicManifest.signature
+    } : undefined;
+    
+    // Create the case data structure that matches normal cases
+    const r2CaseData = {
+      createdAt: new Date().toISOString(),
+      caseNumber: caseNumber,
+      files: importedFiles,
+      // Add read-only metadata
+      isReadOnly: true,
+      importedAt: new Date().toISOString(),
+      // Add original image ID mapping for confirmation linking
+      originalImageIds: originalImageIds,
+      // Add forensic manifest timestamp if available for confirmation exports
+      ...(forensicManifest?.createdAt && { forensicManifestCreatedAt: forensicManifest.createdAt }),
+      // Store full forensic manifest metadata for chain-of-custody validation
+      ...(forensicManifestMetadata && { forensicManifest: forensicManifestMetadata })
+    };
+    
+    // Store in R2
+    const response = await fetch(`${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`, {
+      method: 'PUT',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Custom-Auth-Key': apiKey
+      },
+      body: JSON.stringify(r2CaseData)
+    });
+
+    if (!response.ok) {
+      throw new Error(`Failed to store case data: ${response.status}`);
+    }
+    
+  } catch (error) {
+    console.error('Error storing case data in R2:', error);
+    throw error;
+  }
+}
+
+/**
+ * List all read-only cases for a user
+ */
+export async function listReadOnlyCases(user: User): Promise<ReadOnlyCaseMetadata[]> {
+  try {
+    const apiKey = await getUserApiKey();
+    
+    const response = await fetch(`${USER_WORKER_URL}/${encodeURIComponent(user.uid)}`, {
+      method: 'GET',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Custom-Auth-Key': apiKey
+      }
+    });
+
+    if (!response.ok) {
+      console.error('Failed to fetch user data:', response.status);
+      return [];
+    }
+
+    const userData: ExtendedUserData = await response.json();
+    
+    return userData.readOnlyCases || [];
+    
+  } catch (error) {
+    console.error('Error listing read-only cases:', error);
+    return [];
+  }
+}
+
+/**
+ * Remove a read-only case (does not delete the actual case data, just removes from user's read-only list)
+ */
+export async function removeReadOnlyCase(user: User, caseNumber: string): Promise<boolean> {
+  try {
+    const apiKey = await getUserApiKey();
+    
+    // Get current user data
+    const response = await fetch(`${USER_WORKER_URL}/${encodeURIComponent(user.uid)}`, {
+      method: 'GET',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Custom-Auth-Key': apiKey
+      }
+    });
+
+    if (!response.ok) {
+      throw new Error(`Failed to fetch user data: ${response.status}`);
+    }
+
+    const userData: ExtendedUserData = await response.json();
+    
+    if (!userData.readOnlyCases) {
+      return false; // Nothing to remove
+    }
+    
+    // Remove the case from the list
+    const initialLength = userData.readOnlyCases.length;
+    userData.readOnlyCases = userData.readOnlyCases.filter(c => c.caseNumber !== caseNumber);
+    
+    if (userData.readOnlyCases.length === initialLength) {
+      return false; // Case wasn't found
+    }
+    
+    // Update user data
+    const updateResponse = await fetch(`${USER_WORKER_URL}/${encodeURIComponent(user.uid)}`, {
+      method: 'PUT',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Custom-Auth-Key': apiKey
+      },
+      body: JSON.stringify(userData)
+    });
+
+    if (!updateResponse.ok) {
+      throw new Error(`Failed to update user data: ${updateResponse.status}`);
+    }
+    
+    return true;
+    
+  } catch (error) {
+    console.error('Error removing read-only case:', error);
+    return false;
+  }
+}
+
+/**
+ * Completely delete a read-only case including all associated data (R2, Images, user references)
+ */
+export async function deleteReadOnlyCase(user: User, caseNumber: string): Promise<boolean> {
+  try {
+    const dataApiKey = await getDataApiKey();
+    
+    // Get case data first to get file IDs for deletion
+    const caseResponse = await fetch(`${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`, {
+      headers: { 'X-Custom-Auth-Key': dataApiKey }
+    });
+
+    if (caseResponse.ok) {
+      const caseData = await caseResponse.json() as CaseData;
+
+      // Delete all files using data worker
+      if (caseData.files && caseData.files.length > 0) {
+        await Promise.all(
+          caseData.files.map((file: FileData) => 
+            deleteFile(user, caseNumber, file.id, 'Read-only case clearing - API operation')
+          )
+        );
+      }
+
+      // Delete case file using data worker
+      await fetch(`${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`, {
+        method: 'DELETE',
+        headers: { 'X-Custom-Auth-Key': dataApiKey }
+      });
+    }
+    
+    // Remove from user's read-only case list (separate from regular cases)
+    await removeReadOnlyCase(user, caseNumber);
+    
+    return true;
+    
+  } catch (error) {
+    console.error('Error deleting read-only case:', error);
+    return false;
+  }
+}

package/app/components/actions/case-import/validation.ts

@@ -0,0 +1,189 @@
+import { User } from 'firebase/auth';
+import paths from '~/config/config.json';
+import { getUserApiKey } from '~/utils/auth';
+import { CaseExportData, ConfirmationImportData } from '~/types';
+import { calculateSHA256Secure, ManifestSignatureVerificationResult } from '~/utils/SHA256';
+import { verifyConfirmationSignature } from '~/utils/confirmation-signature';
+
+const USER_WORKER_URL = paths.user_worker_url;
+
+/**
+ * Remove forensic warning from content for hash validation (supports both JSON and CSV formats)
+ * This function ensures exact match with the content used during export hash generation
+ */
+export function removeForensicWarning(content: string): string {
+  // Handle JSON forensic warnings (block comment format)
+  // /* CASE DATA WARNING
+  //  * This file contains evidence data for forensic examination.
+  //  * Any modification may compromise the integrity of the evidence.
+  //  * Handle according to your organization's chain of custody procedures.
+  //  * 
+  //  * File generated: YYYY-MM-DDTHH:mm:ss.sssZ
+  //  */
+  const jsonForensicWarningRegex = /^\/\*\s*CASE\s+DATA\s+WARNING[\s\S]*?\*\/\s*\r?\n*/;
+  
+  // Handle CSV forensic warnings (quoted string format at the beginning of file)
+  // CRITICAL: The CSV forensic warning is ONLY the first quoted line, followed by two newlines
+  // Format: "CASE DATA WARNING: This file contains evidence data for forensic examination. Any modification may compromise the integrity of the evidence. Handle according to your organization's chain of custody procedures."\n\n
+  // 
+  // After removal, what remains should be the csvWithHash content:
+  // # Striae Case Export - Generated: ...
+  // # Case: ...
+  // # Total Files: ...
+  // # SHA256 Hash: ...
+  // # Verification: ...
+  //
+  // [actual CSV data]
+  // More robust regex to handle various line endings and exact format from generation
+  const csvForensicWarningRegex = /^"CASE DATA WARNING: This file contains evidence data for forensic examination\. Any modification may compromise the integrity of the evidence\. Handle according to your organization's chain of custody procedures\."(?:\r?\n){2}/;
+  
+  let cleaned = content;
+  
+  // Try JSON format first
+  if (jsonForensicWarningRegex.test(content)) {
+    cleaned = content.replace(jsonForensicWarningRegex, '');
+  }
+  // Try CSV format with exact pattern match
+  else if (csvForensicWarningRegex.test(content)) {
+    cleaned = content.replace(csvForensicWarningRegex, '');
+  }
+  // Fallback: try broader CSV pattern in case of slight format differences
+  else if (content.startsWith('"CASE DATA WARNING:')) {
+    // Find the end of the first quoted string followed by newlines
+    const match = content.match(/^"[^"]*"(?:\r?\n)+/);
+    if (match) {
+      cleaned = content.substring(match[0].length);
+    }
+  }
+  
+  // Additional cleanup: remove any leading whitespace that might remain
+  // This ensures we match exactly what the generation functions produce with protectForensicData: false
+  cleaned = cleaned.replace(/^\s+/, '');
+  
+  return cleaned;
+}
+
+/**
+ * Validate that a user exists in the database by UID and is not the current user
+ */
+export async function validateExporterUid(exporterUid: string, currentUser: User): Promise<{ exists: boolean; isSelf: boolean }> {
+  try {
+    const apiKey = await getUserApiKey();
+    const response = await fetch(`${USER_WORKER_URL}/${exporterUid}`, {
+      method: 'GET',
+      headers: {
+        'X-Custom-Auth-Key': apiKey
+      }
+    });
+    
+    const exists = response.status === 200;
+    const isSelf = exporterUid === currentUser.uid;
+    
+    return { exists, isSelf };
+  } catch (error) {
+    console.error('Error validating exporter UID:', error);
+    return { exists: false, isSelf: false };
+  }
+}
+
+/**
+ * Check if file is a confirmation data import
+ */
+export function isConfirmationDataFile(filename: string): boolean {
+  return filename.startsWith('confirmation-data') && filename.endsWith('.json');
+}
+
+/**
+ * Validate confirmation data file hash
+ */
+export async function validateConfirmationHash(jsonContent: string, expectedHash: string): Promise<boolean> {
+  try {
+    // Validate input parameters
+    if (!expectedHash || typeof expectedHash !== 'string') {
+      console.error('validateConfirmationHash: expectedHash is invalid:', expectedHash);
+      return false;
+    }
+
+    // Create data without hash for validation
+    const data = JSON.parse(jsonContent);
+    const dataWithoutHash = {
+      ...data,
+      metadata: {
+        ...data.metadata,
+        hash: undefined
+      }
+    };
+    delete dataWithoutHash.metadata.hash;
+    delete dataWithoutHash.metadata.signature;
+    delete dataWithoutHash.metadata.signatureVersion;
+    
+    const contentForHash = JSON.stringify(dataWithoutHash, null, 2);
+    const actualHash = await calculateSHA256Secure(contentForHash);
+    
+    if (!actualHash) {
+      console.error('validateConfirmationHash: failed to calculate hash');
+      return false;
+    }
+    
+    return actualHash.toUpperCase() === expectedHash.toUpperCase();
+  } catch (error) {
+    console.error('validateConfirmationHash: validation failed:', error);
+    return false;
+  }
+}
+
+/**
+ * Validate imported case data integrity (optional verification)
+ */
+export function validateCaseIntegrity(
+  caseData: CaseExportData,
+  imageFiles: { [filename: string]: Blob }
+): { isValid: boolean; issues: string[] } {
+  const issues: string[] = [];
+  
+  // Check if all referenced images exist
+  for (const fileEntry of caseData.files) {
+    const filename = fileEntry.fileData.originalFilename;
+    if (!imageFiles[filename]) {
+      issues.push(`Missing image file: ${filename}`);
+    }
+  }
+  
+  // Check if there are extra images not referenced in case data
+  const referencedFiles = new Set(caseData.files.map(f => f.fileData.originalFilename));
+  for (const filename of Object.keys(imageFiles)) {
+    if (!referencedFiles.has(filename)) {
+      issues.push(`Unreferenced image file: ${filename}`);
+    }
+  }
+  
+  // Validate metadata completeness
+  if (!caseData.metadata.caseNumber) {
+    issues.push('Missing case number in metadata');
+  }
+  
+  if (!caseData.metadata.exportDate) {
+    issues.push('Missing export date in metadata');
+  }
+  
+  // Validate annotation data
+  for (const fileEntry of caseData.files) {
+    if (fileEntry.hasAnnotations && !fileEntry.annotations) {
+      issues.push(`File ${fileEntry.fileData.originalFilename} marked as having annotations but no annotation data found`);
+    }
+  }
+  
+  return {
+    isValid: issues.length === 0,
+    issues
+  };
+}
+
+/**
+ * Validate confirmation data file signature.
+ */
+export async function validateConfirmationSignatureFile(
+  confirmationData: Partial<ConfirmationImportData>
+): Promise<ManifestSignatureVerificationResult> {
+  return verifyConfirmationSignature(confirmationData);
+}