@striae-org/striae 3.2.2 → 4.0.0

package/.env.example

@@ -64,7 +64,7 @@ DATA_BUCKET_NAME=your_data_bucket_name_here
 DATA_WORKER_DOMAIN=your_data_worker_domain_here
 # Auto-generated by scripts/deploy-config.sh when placeholders are detected.
 MANIFEST_SIGNING_PRIVATE_KEY=your_manifest_signing_private_key_here
-MANIFEST_SIGNING_KEY_ID=forensic-signing-key-v1
+MANIFEST_SIGNING_KEY_ID=your_manifest_signing_key_id_here
 MANIFEST_SIGNING_PUBLIC_KEY=your_manifest_signing_public_key_here
 
 # ================================

package/app/components/actions/case-export/core-export.ts

@@ -183,7 +183,8 @@ export async function exportAllCases(
 export async function exportCaseData(
   user: User,
   caseNumber: string,
-  options: ExportOptions = {}
+  options: ExportOptions = {},
+  onProgress?: (current: number, total: number, label: string) => void
 ): Promise<CaseExportData> {
   // NOTE: startTime and fileName tracking moved to download handlers
   
@@ -225,7 +226,8 @@ export async function exportCaseData(
     let earliestAnnotationDate: string | undefined;
     let latestAnnotationDate: string | undefined;
 
-    for (const file of files) {
+    for (let fileIndex = 0; fileIndex < files.length; fileIndex++) {
+      const file = files[fileIndex];
       let annotations: AnnotationData | undefined;
       let hasAnnotations = false;
 
@@ -287,6 +289,7 @@ export async function exportCaseData(
         annotations,
         hasAnnotations
       });
+      onProgress?.(fileIndex + 1, files.length, `Loading file ${fileIndex + 1} of ${files.length}`);
     }
 
     // Build export data

package/app/components/actions/case-export/download-handlers.ts

@@ -4,6 +4,11 @@ import { type FileData, type AllCasesExportData, type CaseExportData, type Expor
 import { getImageUrl } from '../image-manage';
 import { generateForensicManifestSecure, calculateSHA256Secure } from '~/utils/SHA256';
 import { signForensicManifest } from '~/utils/data-operations';
+import {
+  createPublicSigningKeyFileName,
+  getCurrentPublicSigningKeyDetails,
+  getVerificationPublicKey
+} from '~/utils/signature-utils';
 import { type ExportFormat, formatDateForFilename, CSV_HEADERS } from './types-constants';
 import { protectExcelWorksheet, addForensicDataWarning } from './metadata-helpers';
 import { generateMetadataRows, generateCSVContent, processFileDataForTabular, sanitizeTabularMatrix } from './data-processing';
@@ -115,6 +120,30 @@ function generateExportFilename(originalFilename: string, id: string): string {
   return `${basename}-${id}${extension}`;
 }
 
+function addPublicSigningKeyPemToZip(
+  zip: { file: (path: string, data: string) => unknown },
+  preferredKeyId?: string
+): string {
+  const preferredPublicKey =
+    typeof preferredKeyId === 'string' && preferredKeyId.trim().length > 0
+      ? getVerificationPublicKey(preferredKeyId)
+      : null;
+
+  const currentKey = getCurrentPublicSigningKeyDetails();
+  const keyId = preferredPublicKey ? preferredKeyId ?? null : currentKey.keyId;
+  const publicKeyPem = preferredPublicKey ?? currentKey.publicKeyPem;
+
+  if (!publicKeyPem || publicKeyPem.trim().length === 0) {
+    throw new Error('No public signing key is configured for ZIP export packaging.');
+  }
+
+  const publicKeyFileName = createPublicSigningKeyFileName(keyId);
+  const normalizedPem = publicKeyPem.endsWith('\n') ? publicKeyPem : `${publicKeyPem}\n`;
+  zip.file(publicKeyFileName, normalizedPem);
+
+  return publicKeyFileName;
+}
+
 /**
  * Download all cases data as JSON file
  */
@@ -609,6 +638,7 @@ export async function downloadCaseAsZip(
   const startTime = Date.now();
   let manifestSignatureKeyId: string | undefined;
   let manifestSigned = false;
+  let publicKeyFileName: string | undefined;
   
   try {
     // Start audit workflow
@@ -672,6 +702,8 @@ export async function downloadCaseAsZip(
       manifestSignatureKeyId = signingResult.signature.keyId;
       manifestSigned = true;
 
+      publicKeyFileName = addPublicSigningKeyPemToZip(zip, signingResult.signature.keyId);
+
       const signedForensicManifest = {
         ...forensicManifest,
         manifestVersion: signingResult.manifestVersion,
@@ -696,6 +728,7 @@ Archive Contents:
 - ${caseNumber}_data.${format}: Complete case data in ${format.toUpperCase()} format
 - images/: Original image files with annotations
 - FORENSIC_MANIFEST.json: File integrity validation manifest
+- ${publicKeyFileName}: Public signing key PEM for verification
 - README.txt: General information about this export
 
 Case Information:
@@ -713,7 +746,11 @@ For questions about this export, contact your Striae system administrator.
       zip.file('READ_ONLY_INSTRUCTIONS.txt', instructionContent);
       
       // Add README 
-      const readme = generateZipReadme(exportData, options.protectForensicData);
+      const readme = generateZipReadme(
+        exportData,
+        options.protectForensicData,
+        publicKeyFileName
+      );
       zip.file('README.txt', readme);
       onProgress?.(85);
       
@@ -772,8 +809,14 @@ For questions about this export, contact your Striae system administrator.
       return; // Exit early as we've handled the forensic case
     }
 
+    publicKeyFileName = addPublicSigningKeyPemToZip(zip);
+
     // Add README (standard or enhanced for forensic)
-    const readme = generateZipReadme(exportData, options.protectForensicData);
+    const readme = generateZipReadme(
+      exportData,
+      options.protectForensicData,
+      publicKeyFileName
+    );
     zip.file('README.txt', readme);
     onProgress?.(85);
     
@@ -878,7 +921,11 @@ async function fetchImageAsBlob(user: User, fileData: FileData, caseNumber: stri
 /**
  * Generate README content for ZIP export with optional forensic protection
  */
-function generateZipReadme(exportData: CaseExportData, protectForensicData: boolean = true): string {
+function generateZipReadme(
+  exportData: CaseExportData,
+  protectForensicData: boolean = true,
+  publicKeyFileName: string = createPublicSigningKeyFileName()
+): string {
   const totalFiles = exportData.files?.length || 0;
   const filesWithAnnotations = exportData.summary?.filesWithAnnotations || 0;
   const totalBoxAnnotations = exportData.summary?.totalBoxAnnotations || 0;
@@ -912,6 +959,7 @@ Summary:
 Contents:
 - ${exportData.metadata.caseNumber}_data.json/.csv: Case data and annotations
 - images/: Original uploaded images
+- ${publicKeyFileName}: Public signing key PEM for verification
 - README.txt: This file`;
 
   const forensicAddition = `

package/app/components/actions/case-import/confirmation-import.ts

@@ -1,13 +1,11 @@
 import type { User } from 'firebase/auth';
-import paths from '~/config/config.json';
-import { getDataApiKey } from '~/utils/auth';
+import { fetchDataApi } from '~/utils/data-api-client';
 import { type ConfirmationImportResult, type ConfirmationImportData } from '~/types';
 import { checkExistingCase } from '../case-manage';
+import { extractConfirmationImportPackage } from './confirmation-package';
 import { validateExporterUid, validateConfirmationHash, validateConfirmationSignatureFile } from './validation';
 import { auditService } from '~/services/audit';
 
-const DATA_WORKER_URL = paths.data_worker_url;
-
 interface CaseDataFile {
   id: string;
   originalFilename?: string;
@@ -36,6 +34,8 @@ export async function importConfirmationData(
   let signatureValid = false;
   let signaturePresent = false;
   let signatureKeyId: string | undefined;
+  let confirmationDataForAudit: ConfirmationImportData | null = null;
+  let confirmationJsonFileNameForAudit = confirmationFile.name;
   
   const result: ConfirmationImportResult = {
     success: false,
@@ -47,11 +47,17 @@ export async function importConfirmationData(
   };
 
   try {
-    onProgress?.('Reading confirmation file', 10, 'Loading JSON data...');
+    onProgress?.('Reading confirmation file', 10, 'Loading confirmation package...');
+
+    const {
+      confirmationData,
+      confirmationJsonContent,
+      verificationPublicKeyPem,
+      confirmationFileName
+    } = await extractConfirmationImportPackage(confirmationFile);
 
-    // Read and parse the JSON file
-    const fileContent = await confirmationFile.text();
-    const confirmationData: ConfirmationImportData = JSON.parse(fileContent);
+    confirmationDataForAudit = confirmationData;
+    confirmationJsonFileNameForAudit = confirmationFileName;
     result.caseNumber = confirmationData.metadata.caseNumber;
     
     // Start audit workflow
@@ -60,14 +66,17 @@ export async function importConfirmationData(
     onProgress?.('Validating hash', 20, 'Verifying data integrity...');
 
     // Validate hash
-    hashValid = await validateConfirmationHash(fileContent, confirmationData.metadata.hash);
+    hashValid = await validateConfirmationHash(confirmationJsonContent, confirmationData.metadata.hash);
     if (!hashValid) {
       throw new Error('Confirmation data hash validation failed. The file may have been tampered with or corrupted.');
     }
 
     onProgress?.('Validating signature', 30, 'Verifying signed confirmation metadata...');
 
-    const signatureResult = await validateConfirmationSignatureFile(confirmationData);
+    const signatureResult = await validateConfirmationSignatureFile(
+      confirmationData,
+      verificationPublicKeyPem
+    );
     signaturePresent = !!confirmationData.metadata.signature;
     signatureValid = signatureResult.isValid;
     signatureKeyId = signatureResult.keyId;
@@ -101,13 +110,13 @@ export async function importConfirmationData(
     onProgress?.('Processing confirmations', 60, 'Validating timestamps and updating annotations...');
 
     // Get case data to find image IDs
-    const apiKey = await getDataApiKey();
-    const caseResponse = await fetch(`${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(result.caseNumber)}/data.json`, {
-      method: 'GET',
-      headers: {
-        'X-Custom-Auth-Key': apiKey
+    const caseResponse = await fetchDataApi(
+      user,
+      `/${encodeURIComponent(user.uid)}/${encodeURIComponent(result.caseNumber)}/data.json`,
+      {
+        method: 'GET'
       }
-    });
+    );
 
     if (!caseResponse.ok) {
       throw new Error(`Failed to fetch case data: ${caseResponse.status}`);
@@ -147,12 +156,13 @@ export async function importConfirmationData(
       const displayFilename = currentFile?.originalFilename || currentImageId;
 
       // Get current annotation data for this image
-      const annotationResponse = await fetch(`${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(result.caseNumber)}/${encodeURIComponent(currentImageId)}/data.json`, {
-        method: 'GET',
-        headers: {
-          'X-Custom-Auth-Key': apiKey
+      const annotationResponse = await fetchDataApi(
+        user,
+        `/${encodeURIComponent(user.uid)}/${encodeURIComponent(result.caseNumber)}/${encodeURIComponent(currentImageId)}/data.json`,
+        {
+          method: 'GET'
         }
-      });
+      );
 
       let annotationData: AnnotationImportData = {};
       if (annotationResponse.ok) {
@@ -204,14 +214,17 @@ export async function importConfirmationData(
       };
 
       // Save updated annotation data
-      const saveResponse = await fetch(`${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(result.caseNumber)}/${encodeURIComponent(currentImageId)}/data.json`, {
-        method: 'PUT',
-        headers: {
-          'Content-Type': 'application/json',
-          'X-Custom-Auth-Key': apiKey
-        },
-        body: JSON.stringify(updatedAnnotationData)
-      });
+      const saveResponse = await fetchDataApi(
+        user,
+        `/${encodeURIComponent(user.uid)}/${encodeURIComponent(result.caseNumber)}/${encodeURIComponent(currentImageId)}/data.json`,
+        {
+          method: 'PUT',
+          headers: {
+            'Content-Type': 'application/json'
+          },
+          body: JSON.stringify(updatedAnnotationData)
+        }
+      );
 
       if (saveResponse.ok) {
         result.imagesUpdated++;
@@ -276,7 +289,7 @@ export async function importConfirmationData(
     await auditService.logConfirmationImport(
       user,
       result.caseNumber,
-      confirmationFile.name,
+      confirmationJsonFileNameForAudit,
       result.success ? (result.errors && result.errors.length > 0 ? 'warning' : 'success') : 'failure',
       hashValid,
       result.confirmationsImported, // Successfully imported confirmations
@@ -318,19 +331,31 @@ export async function importConfirmationData(
     let signatureValidForAudit = signatureValid;
     let signatureKeyIdForAudit = signatureKeyId;
     
+    const auditConfirmationData = confirmationDataForAudit;
+
     // First, try to extract basic metadata for audit purposes (if file is parseable)
-    try {
-      const confirmationData = JSON.parse(await confirmationFile.text()) as ConfirmationImportData;
-      reviewingExaminerUidForAudit = confirmationData.metadata?.exportedByUid;
-      totalConfirmationsForAudit = confirmationData.metadata?.totalConfirmations || 0;
-      if (confirmationData.metadata?.signature) {
+    if (auditConfirmationData) {
+      reviewingExaminerUidForAudit = auditConfirmationData.metadata?.exportedByUid;
+      totalConfirmationsForAudit = auditConfirmationData.metadata?.totalConfirmations || 0;
+      if (auditConfirmationData.metadata?.signature) {
         signaturePresentForAudit = true;
-        signatureKeyIdForAudit = confirmationData.metadata.signature.keyId;
+        signatureKeyIdForAudit = auditConfirmationData.metadata.signature.keyId;
+      }
+    } else {
+      try {
+        const extracted = await extractConfirmationImportPackage(confirmationFile);
+        reviewingExaminerUidForAudit = extracted.confirmationData.metadata?.exportedByUid;
+        totalConfirmationsForAudit = extracted.confirmationData.metadata?.totalConfirmations || 0;
+        confirmationJsonFileNameForAudit = extracted.confirmationFileName;
+        if (extracted.confirmationData.metadata?.signature) {
+          signaturePresentForAudit = true;
+          signatureKeyIdForAudit = extracted.confirmationData.metadata.signature.keyId;
+        }
+      } catch {
+        // If we can't parse the file, keep undefined/default values
       }
-    } catch {
-      // If we can't parse the file, keep undefined/default values
     }
-    
+
     const errorMessage = error instanceof Error ? error.message : 'Unknown error';
     if (errorMessage.includes('hash validation failed')) {
       // Hash failed - only flag file integrity, don't affect other validations
@@ -352,7 +377,7 @@ export async function importConfirmationData(
     await auditService.logConfirmationImport(
       user,
       result.caseNumber || 'unknown',
-      confirmationFile.name,
+      confirmationJsonFileNameForAudit,
       'failure',
       hashValidForAudit,
       0, // No confirmations successfully imported for failures

package/app/components/actions/case-import/confirmation-package.ts

@@ -0,0 +1,86 @@
+import { type ConfirmationImportData } from '~/types';
+
+const CONFIRMATION_EXPORT_FILE_REGEX = /^confirmation-data-.*\.json$/i;
+
+export interface ConfirmationImportPackage {
+  confirmationData: ConfirmationImportData;
+  confirmationJsonContent: string;
+  verificationPublicKeyPem?: string;
+  confirmationFileName: string;
+}
+
+function getLeafFileName(path: string): string {
+  const segments = path.split('/').filter(Boolean);
+  return segments.length > 0 ? segments[segments.length - 1] : path;
+}
+
+function selectPreferredPemPath(pemPaths: string[]): string | undefined {
+  if (pemPaths.length === 0) {
+    return undefined;
+  }
+
+  const sortedPaths = [...pemPaths].sort((left, right) => left.localeCompare(right));
+  const preferred = sortedPaths.find((path) =>
+    /^striae-public-signing-key.*\.pem$/i.test(getLeafFileName(path))
+  );
+
+  return preferred ?? sortedPaths[0];
+}
+
+async function extractConfirmationPackageFromZip(file: File): Promise<ConfirmationImportPackage> {
+  const JSZip = (await import('jszip')).default;
+  const zip = await JSZip.loadAsync(file);
+  const fileEntries = Object.keys(zip.files).filter((path) => !zip.files[path].dir);
+
+  const confirmationPaths = fileEntries.filter((path) =>
+    CONFIRMATION_EXPORT_FILE_REGEX.test(getLeafFileName(path))
+  );
+
+  if (confirmationPaths.length !== 1) {
+    throw new Error('Confirmation ZIP must contain exactly one confirmation-data JSON file.');
+  }
+
+  const confirmationPath = confirmationPaths[0];
+  const confirmationJsonContent = await zip.file(confirmationPath)?.async('text');
+  if (!confirmationJsonContent) {
+    throw new Error('Failed to read confirmation JSON from ZIP package.');
+  }
+
+  const confirmationData = JSON.parse(confirmationJsonContent) as ConfirmationImportData;
+
+  const pemPaths = fileEntries.filter((path) => getLeafFileName(path).toLowerCase().endsWith('.pem'));
+  const preferredPemPath = selectPreferredPemPath(pemPaths);
+
+  let verificationPublicKeyPem: string | undefined;
+  if (preferredPemPath) {
+    verificationPublicKeyPem = await zip.file(preferredPemPath)?.async('text');
+  }
+
+  return {
+    confirmationData,
+    confirmationJsonContent,
+    verificationPublicKeyPem,
+    confirmationFileName: getLeafFileName(confirmationPath)
+  };
+}
+
+export async function extractConfirmationImportPackage(file: File): Promise<ConfirmationImportPackage> {
+  const lowerName = file.name.toLowerCase();
+
+  if (lowerName.endsWith('.json')) {
+    const confirmationJsonContent = await file.text();
+    const confirmationData = JSON.parse(confirmationJsonContent) as ConfirmationImportData;
+
+    return {
+      confirmationData,
+      confirmationJsonContent,
+      confirmationFileName: file.name
+    };
+  }
+
+  if (lowerName.endsWith('.zip')) {
+    return extractConfirmationPackageFromZip(file);
+  }
+
+  throw new Error('Unsupported confirmation import file type. Use a confirmation JSON or confirmation ZIP file.');
+}

package/app/components/actions/case-import/image-operations.ts

@@ -1,61 +1,32 @@
-import paths from '~/config/config.json';
-import { getImageApiKey } from '~/utils/auth';
-import { type FileData, type ImageUploadResponse } from '~/types';
-
-const IMAGE_WORKER_URL = paths.image_worker_url;
+import type { User } from 'firebase/auth';
+import { uploadImageApi } from '~/utils/image-api-client';
+import { type FileData } from '~/types';
 
 /**
  * Upload image blob to image worker and get file data
  */
 export async function uploadImageBlob(
+  user: User,
   imageBlob: Blob, 
   originalFilename: string,
   onProgress?: (filename: string, progress: number) => void
 ): Promise<FileData> {
-  const imagesApiToken = await getImageApiKey();
-  
-  return new Promise((resolve, reject) => {
-    const xhr = new XMLHttpRequest();
-    const formData = new FormData();
-    
-    // Create a File object from the blob to preserve the filename
-    const file = new File([imageBlob], originalFilename, { type: imageBlob.type });
-    formData.append('file', file);
-
-    xhr.upload.addEventListener('progress', (event) => {
-      if (event.lengthComputable && onProgress) {
-        const progress = Math.round((event.loaded / event.total) * 100);
-        onProgress(originalFilename, progress);
-      }
-    });
-
-    xhr.addEventListener('load', async () => {
-      if (xhr.status === 200) {
-        try {
-          const imageData = JSON.parse(xhr.responseText) as ImageUploadResponse;
-          if (!imageData.success) {
-            throw new Error(`Upload failed: ${imageData.errors?.join(', ') || 'Unknown error'}`);
-          }
-
-          const fileData: FileData = {
-            id: imageData.result.id,
-            originalFilename: originalFilename,
-            uploadedAt: new Date().toISOString()
-          };
-
-          resolve(fileData);
-        } catch (error) {
-          reject(error);
-        }
-      } else {
-        reject(new Error(`Upload failed with status ${xhr.status}`));
-      }
-    });
+  // Create a File object from the blob to preserve the filename
+  const file = new File([imageBlob], originalFilename, { type: imageBlob.type });
+  const imageData = await uploadImageApi(user, file, (progress) => {
+    if (onProgress) {
+      onProgress(originalFilename, progress);
+    }
+  });
 
-    xhr.addEventListener('error', () => reject(new Error('Upload failed')));
+  const uploadedImageId = imageData.result?.id;
+  if (!uploadedImageId) {
+    throw new Error('Upload failed: missing image identifier');
+  }
 
-    xhr.open('POST', IMAGE_WORKER_URL);
-    xhr.setRequestHeader('Authorization', `Bearer ${imagesApiToken}`);
-    xhr.send(formData);
-  });
+  return {
+    id: uploadedImageId,
+    originalFilename,
+    uploadedAt: new Date().toISOString()
+  };
 }

package/app/components/actions/case-import/index.ts

@@ -34,6 +34,7 @@ export { importAnnotations } from './annotation-import';
 
 // Confirmation import
 export { importConfirmationData } from './confirmation-import';
+export { extractConfirmationImportPackage } from './confirmation-package';
 
 // Main orchestrator
 export { importCaseForReview } from './orchestrator';

package/app/components/actions/case-import/orchestrator.ts

@@ -137,7 +137,14 @@ export async function importCaseForReview(
     onProgress?.('Parsing ZIP file', 10, 'Extracting archive contents...');
     
     // Step 1: Parse ZIP file
-    const { caseData, imageFiles, imageIdMapping, metadata, cleanedContent } = await parseImportZip(zipFile, user);
+    const {
+      caseData,
+      imageFiles,
+      imageIdMapping,
+      metadata,
+      cleanedContent,
+      verificationPublicKeyPem
+    } = await parseImportZip(zipFile, user);
     parsedForensicManifest = metadata?.forensicManifest as SignedForensicManifest | undefined;
     result.caseNumber = caseData.metadata.caseNumber;
     importState.caseNumber = result.caseNumber;
@@ -181,7 +188,10 @@ export async function importCaseForReview(
         );
       }
 
-      const signatureResult = await verifyForensicManifestSignature(parsedForensicManifest);
+      const signatureResult = await verifyForensicManifestSignature(
+        parsedForensicManifest,
+        verificationPublicKeyPem
+      );
       signatureValidationPassed = signatureResult.isValid;
       signatureKeyId = signatureResult.keyId;
 
@@ -273,7 +283,7 @@ export async function importCaseForReview(
         const originalFileEntry = caseData.files.find(f => f.fileData.id === originalImageId);
         const originalFilename = originalFileEntry?.fileData.originalFilename || exportFilename;
         
-        const fileData = await uploadImageBlob(blob, originalFilename, (fname, progress) => {
+        const fileData = await uploadImageBlob(user, blob, originalFilename, (fname, progress) => {
           const overallProgress = 30 + (uploadedCount / totalImages) * 40 + (progress / totalImages) * 0.4;
           onProgress?.('Uploading images', overallProgress, `Uploading ${fname}...`);
         });