@striae-org/striae 3.2.2 → 4.0.0

package/functions/api/pdf/[[path]].ts

@@ -0,0 +1,110 @@
+import { verifyFirebaseIdentityFromRequest } from '../_shared/firebase-auth';
+
+interface PdfProxyContext {
+  request: Request;
+  env: Env;
+}
+
+const SUPPORTED_METHODS = new Set(['POST', 'OPTIONS']);
+
+function textResponse(message: string, status: number): Response {
+  return new Response(message, {
+    status,
+    headers: {
+      'Cache-Control': 'no-store',
+      'Content-Type': 'text/plain; charset=utf-8'
+    }
+  });
+}
+
+function normalizeWorkerBaseUrl(workerDomain: string): string {
+  if (typeof workerDomain !== 'string' || workerDomain.trim().length === 0) {
+    throw new Error('Invalid worker domain');
+  }
+
+  const trimmedDomain = workerDomain.trim().replace(/\/+$/, '');
+  if (trimmedDomain.startsWith('http://') || trimmedDomain.startsWith('https://')) {
+    return trimmedDomain;
+  }
+
+  return `https://${trimmedDomain}`;
+}
+
+function extractProxyPath(url: URL): string | null {
+  const routePrefix = '/api/pdf';
+  if (!url.pathname.startsWith(routePrefix)) {
+    return null;
+  }
+
+  const remainder = url.pathname.slice(routePrefix.length);
+  return remainder.length > 0 ? remainder : '/';
+}
+
+export const onRequest = async ({ request, env }: PdfProxyContext): Promise<Response> => {
+  if (!SUPPORTED_METHODS.has(request.method)) {
+    return textResponse('Method not allowed', 405);
+  }
+
+  if (request.method === 'OPTIONS') {
+    return new Response(null, {
+      status: 204,
+      headers: {
+        'Allow': 'POST, OPTIONS',
+        'Cache-Control': 'no-store'
+      }
+    });
+  }
+
+  const identity = await verifyFirebaseIdentityFromRequest(request, env);
+  if (!identity) {
+    return textResponse('Unauthorized', 401);
+  }
+
+  const requestUrl = new URL(request.url);
+  const proxyPath = extractProxyPath(requestUrl);
+  if (!proxyPath) {
+    return textResponse('Not Found', 404);
+  }
+
+  if (!env.PDF_WORKER_DOMAIN || !env.PDF_WORKER_AUTH) {
+    return textResponse('PDF service not configured', 502);
+  }
+
+  const pdfWorkerBaseUrl = normalizeWorkerBaseUrl(env.PDF_WORKER_DOMAIN);
+  const upstreamUrl = `${pdfWorkerBaseUrl}${proxyPath}${requestUrl.search}`;
+
+  const upstreamHeaders = new Headers();
+  const contentTypeHeader = request.headers.get('Content-Type');
+  if (contentTypeHeader) {
+    upstreamHeaders.set('Content-Type', contentTypeHeader);
+  }
+
+  const acceptHeader = request.headers.get('Accept');
+  if (acceptHeader) {
+    upstreamHeaders.set('Accept', acceptHeader);
+  }
+
+  upstreamHeaders.set('X-Custom-Auth-Key', env.PDF_WORKER_AUTH);
+
+  let upstreamResponse: Response;
+  try {
+    upstreamResponse = await fetch(upstreamUrl, {
+      method: request.method,
+      headers: upstreamHeaders,
+      body: request.body
+    });
+  } catch {
+    return textResponse('Upstream PDF service unavailable', 502);
+  }
+
+  const responseHeaders = new Headers(upstreamResponse.headers);
+  if (!responseHeaders.has('Cache-Control')) {
+    responseHeaders.set('Cache-Control', 'no-store');
+  }
+
+  return new Response(upstreamResponse.body, {
+    status: upstreamResponse.status,
+    statusText: upstreamResponse.statusText,
+    headers: responseHeaders
+  });
+};

package/functions/api/user/[[path]].ts

@@ -0,0 +1,196 @@
+import { verifyFirebaseIdentityFromRequest } from '../_shared/firebase-auth';
+
+interface UserProxyContext {
+  request: Request;
+  env: Env;
+}
+
+const SUPPORTED_METHODS = new Set(['GET', 'PUT', 'DELETE', 'OPTIONS']);
+const USER_EXISTS_PATH_PREFIX = '/exists/';
+
+function textResponse(message: string, status: number): Response {
+  return new Response(message, {
+    status,
+    headers: {
+      'Cache-Control': 'no-store',
+      'Content-Type': 'text/plain; charset=utf-8'
+    }
+  });
+}
+
+function jsonResponse(payload: Record<string, unknown>, status: number = 200): Response {
+  return new Response(JSON.stringify(payload), {
+    status,
+    headers: {
+      'Cache-Control': 'no-store',
+      'Content-Type': 'application/json; charset=utf-8'
+    }
+  });
+}
+
+function normalizeWorkerBaseUrl(workerDomain: string): string {
+  if (typeof workerDomain !== 'string' || workerDomain.trim().length === 0) {
+    throw new Error('Invalid worker domain');
+  }
+
+  const trimmedDomain = workerDomain.trim().replace(/\/+$/, '');
+  if (trimmedDomain.startsWith('http://') || trimmedDomain.startsWith('https://')) {
+    return trimmedDomain;
+  }
+
+  return `https://${trimmedDomain}`;
+}
+
+function extractProxyPath(url: URL): string | null {
+  const routePrefix = '/api/user';
+  if (!url.pathname.startsWith(routePrefix)) {
+    return null;
+  }
+
+  const remainder = url.pathname.slice(routePrefix.length);
+  return remainder.length > 0 ? remainder : '/';
+}
+
+function extractUserIdFromProxyPath(proxyPath: string): string | null {
+  const firstSegment = proxyPath.split('/').filter(Boolean)[0];
+  if (!firstSegment) {
+    return null;
+  }
+
+  try {
+    return decodeURIComponent(firstSegment);
+  } catch {
+    return null;
+  }
+}
+
+function extractExistenceCheckUserId(proxyPath: string): string | null {
+  if (!proxyPath.startsWith(USER_EXISTS_PATH_PREFIX)) {
+    return null;
+  }
+
+  const remainder = proxyPath.slice(USER_EXISTS_PATH_PREFIX.length);
+  const firstSegment = remainder.split('/').filter(Boolean)[0];
+  if (!firstSegment) {
+    return null;
+  }
+
+  try {
+    return decodeURIComponent(firstSegment);
+  } catch {
+    return null;
+  }
+}
+
+export const onRequest = async ({ request, env }: UserProxyContext): Promise<Response> => {
+  if (!SUPPORTED_METHODS.has(request.method)) {
+    return textResponse('Method not allowed', 405);
+  }
+
+  if (request.method === 'OPTIONS') {
+    return new Response(null, {
+      status: 204,
+      headers: {
+        'Allow': 'GET, PUT, DELETE, OPTIONS',
+        'Cache-Control': 'no-store'
+      }
+    });
+  }
+
+  const identity = await verifyFirebaseIdentityFromRequest(request, env);
+  if (!identity) {
+    return textResponse('Unauthorized', 401);
+  }
+
+  const requestUrl = new URL(request.url);
+  const proxyPath = extractProxyPath(requestUrl);
+  if (!proxyPath) {
+    return textResponse('Not Found', 404);
+  }
+
+  if (!env.USER_WORKER_DOMAIN || !env.USER_DB_AUTH) {
+    return textResponse('User service not configured', 502);
+  }
+
+  const userWorkerBaseUrl = normalizeWorkerBaseUrl(env.USER_WORKER_DOMAIN);
+
+  const existenceCheckUserId = extractExistenceCheckUserId(proxyPath);
+  if (existenceCheckUserId !== null) {
+    if (request.method !== 'GET') {
+      return textResponse('Method not allowed', 405);
+    }
+
+    let existenceResponse: Response;
+    try {
+      existenceResponse = await fetch(
+        `${userWorkerBaseUrl}/${encodeURIComponent(existenceCheckUserId)}`,
+        {
+          method: 'GET',
+          headers: {
+            'Accept': 'application/json',
+            'X-Custom-Auth-Key': env.USER_DB_AUTH
+          }
+        }
+      );
+    } catch {
+      return textResponse('Upstream user service unavailable', 502);
+    }
+
+    if (existenceResponse.status === 404) {
+      return jsonResponse({ exists: false });
+    }
+
+    if (!existenceResponse.ok) {
+      return textResponse('Upstream user service unavailable', 502);
+    }
+
+    return jsonResponse({ exists: true });
+  }
+
+  const requestedUserId = extractUserIdFromProxyPath(proxyPath);
+  if (!requestedUserId) {
+    return textResponse('Missing user identifier', 400);
+  }
+
+  if (requestedUserId !== identity.uid) {
+    return textResponse('Forbidden', 403);
+  }
+  const upstreamUrl = `${userWorkerBaseUrl}${proxyPath}${requestUrl.search}`;
+
+  const upstreamHeaders = new Headers();
+  const contentTypeHeader = request.headers.get('Content-Type');
+  if (contentTypeHeader) {
+    upstreamHeaders.set('Content-Type', contentTypeHeader);
+  }
+
+  const acceptHeader = request.headers.get('Accept');
+  if (acceptHeader) {
+    upstreamHeaders.set('Accept', acceptHeader);
+  }
+
+  upstreamHeaders.set('X-Custom-Auth-Key', env.USER_DB_AUTH);
+
+  const shouldForwardBody = request.method !== 'GET' && request.method !== 'HEAD';
+
+  let upstreamResponse: Response;
+  try {
+    upstreamResponse = await fetch(upstreamUrl, {
+      method: request.method,
+      headers: upstreamHeaders,
+      body: shouldForwardBody ? request.body : undefined
+    });
+  } catch {
+    return textResponse('Upstream user service unavailable', 502);
+  }
+
+  const responseHeaders = new Headers(upstreamResponse.headers);
+  if (!responseHeaders.has('Cache-Control')) {
+    responseHeaders.set('Cache-Control', 'no-store');
+  }
+
+  return new Response(upstreamResponse.body, {
+    status: upstreamResponse.status,
+    statusText: upstreamResponse.statusText,
+    headers: responseHeaders
+  });
+};

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "@striae-org/striae",
-  "version": "3.2.2",
+  "version": "4.0.0",
   "private": false,
-  "description": "Striae is a cloud-native forensic annotation application for firearms identification, built with React Router and Cloudflare Workers.",
+  "description": "Striae is a specialized, cloud-native platform designed to streamline forensic firearms identification by providing an intuitive environment for digital comparison image annotation, authenticated confirmations, and automated report generation.",
   "license": "Apache-2.0",
   "homepage": "https://www.striae.org",
   "repository": {
@@ -24,6 +24,8 @@
     "annotation",
     "react",
     "cloudflare-workers",
+    "authenticated",
+    "confirmations",
     "chain-of-custody",
     "audit-trail"
   ],
@@ -44,6 +46,7 @@
     "app/entry.server.tsx",
     "app/root.tsx",
     "app/tailwind.css",
+    "react-router.config.ts",
     "functions/",
     "public/",
     "scripts/",
@@ -51,8 +54,8 @@
     "workers/*/src/*.example.ts",
     "workers/*/src/*.example.js",
     "workers/*/src/*.ts",
-    "workers/*/src/assets/*.ts",
-    "workers/*/src/formats/*.ts",
+    "workers/pdf-worker/scripts/*.js",
+    "workers/pdf-worker/src/assets/icon-256.png",
     "!workers/*/src/*worker.ts",
     "workers/pdf-worker/src/assets/generated-assets.ts",
     "workers/pdf-worker/src/formats/format-striae.ts",
@@ -98,6 +101,7 @@
     "install-workers": "bash ./scripts/install-workers.sh",
     "deploy-workers": "npm run deploy-workers:audit && npm run deploy-workers:data && npm run deploy-workers:image && npm run deploy-workers:keys && npm run deploy-workers:pdf && npm run deploy-workers:user",
     "deploy-workers:secrets": "bash ./scripts/deploy-worker-secrets.sh",
+    "deploy-pages:secrets": "bash ./scripts/deploy-pages-secrets.sh",
     "deploy-pages": "bash ./scripts/deploy-pages.sh",
     "deploy-workers:audit": "cd workers/audit-worker && npm run deploy",
     "deploy-workers:data": "cd workers/data-worker && npm run deploy",

package/public/manifest.json

@@ -0,0 +1,39 @@
+{
+  "id": "/",
+  "name": "Striae: A Firearms Examiner's Comparison Companion",
+  "short_name": "Striae",
+  "description": "Striae is a specialized, cloud-native platform designed to streamline forensic firearms identification by providing an intuitive environment for digital comparison image annotation, authenticated confirmations, and automated report generation.",
+  "start_url": "/",
+  "scope": "/",
+  "display": "standalone",
+  "orientation": "any",
+  "lang": "en-US",
+  "dir": "ltr",
+  "theme_color": "#377087",
+  "background_color": "#f5f5f5",
+  "categories": [
+    "business",
+    "productivity",
+    "utilities"
+  ],
+  "icons": [
+    {
+      "src": "shortcut.png",
+      "sizes": "64x64",
+      "type": "image/png",
+      "purpose": "any"
+    },
+    {
+      "src": "icon-256.png",
+      "sizes": "256x256",
+      "type": "image/png",
+      "purpose": "any"
+    },
+    {
+      "src": "icon-512.png",
+      "sizes": "512x512",
+      "type": "image/png",
+      "purpose": "any"
+    }
+  ]
+}

package/react-router.config.ts

@@ -0,0 +1,5 @@
+import type { Config } from "@react-router/dev/config";
+
+export default {
+  ssr: true,
+} satisfies Config;

package/scripts/deploy-all.sh

@@ -8,7 +8,8 @@
 # 2. Worker dependencies installation
 # 3. Workers (all 7 workers)
 # 4. Worker secrets/environment variables
-# 5. Pages (frontend)
+# 5. Pages secrets/environment variables
+# 6. Pages (frontend)
 
 set -e
 set -o pipefail
@@ -66,6 +67,7 @@ require_command wrangler
 assert_file_exists "$SCRIPT_DIR/deploy-config.sh"
 assert_file_exists "$SCRIPT_DIR/install-workers.sh"
 assert_file_exists "$SCRIPT_DIR/deploy-worker-secrets.sh"
+assert_file_exists "$SCRIPT_DIR/deploy-pages-secrets.sh"
 assert_file_exists "package.json"
 
 if [ ! -f ".env" ] && [ ! -f ".env.example" ]; then
@@ -77,7 +79,7 @@ echo -e "${GREEN}✅ Preflight checks passed${NC}"
 echo ""
 
 # Step 1: Configuration Setup
-echo -e "${PURPLE}Step 1/5: Configuration Setup${NC}"
+echo -e "${PURPLE}Step 1/6: Configuration Setup${NC}"
 echo "------------------------------"
 echo -e "${YELLOW}⚙️  Setting up configuration files and replacing placeholders...${NC}"
 if ! bash "$SCRIPT_DIR/deploy-config.sh"; then
@@ -90,7 +92,7 @@ run_config_checkpoint
 echo ""
 
 # Step 2: Install Worker Dependencies
-echo -e "${PURPLE}Step 2/5: Installing Worker Dependencies${NC}"
+echo -e "${PURPLE}Step 2/6: Installing Worker Dependencies${NC}"
 echo "----------------------------------------"
 echo -e "${YELLOW}📦 Installing npm dependencies for all workers...${NC}"
 if ! bash "$SCRIPT_DIR/install-workers.sh"; then
@@ -101,7 +103,7 @@ echo -e "${GREEN}✅ All worker dependencies installed successfully${NC}"
 echo ""
 
 # Step 3: Deploy Workers
-echo -e "${PURPLE}Step 3/5: Deploying Workers${NC}"
+echo -e "${PURPLE}Step 3/6: Deploying Workers${NC}"
 echo "----------------------------"
 echo -e "${YELLOW}🔧 Deploying all 7 Cloudflare Workers...${NC}"
 if ! npm run deploy-workers; then
@@ -112,7 +114,7 @@ echo -e "${GREEN}✅ All workers deployed successfully${NC}"
 echo ""
 
 # Step 4: Deploy Worker Secrets
-echo -e "${PURPLE}Step 4/5: Deploying Worker Secrets${NC}"
+echo -e "${PURPLE}Step 4/6: Deploying Worker Secrets${NC}"
 echo "-----------------------------------"
 echo -e "${YELLOW}🔐 Deploying worker environment variables...${NC}"
 if ! bash "$SCRIPT_DIR/deploy-worker-secrets.sh"; then
@@ -122,8 +124,19 @@ fi
 echo -e "${GREEN}✅ Worker secrets deployed successfully${NC}"
 echo ""
 
-# Step 5: Deploy Pages
-echo -e "${PURPLE}Step 5/5: Deploying Pages${NC}"
+# Step 5: Deploy Pages Secrets
+echo -e "${PURPLE}Step 5/6: Deploying Pages Secrets${NC}"
+echo "----------------------------------"
+echo -e "${YELLOW}🔐 Deploying Pages environment variables...${NC}"
+if ! bash "$SCRIPT_DIR/deploy-pages-secrets.sh"; then
+    echo -e "${RED}❌ Pages secrets deployment failed!${NC}"
+    exit 1
+fi
+echo -e "${GREEN}✅ Pages secrets deployed successfully${NC}"
+echo ""
+
+# Step 6: Deploy Pages
+echo -e "${PURPLE}Step 6/6: Deploying Pages${NC}"
 echo "--------------------------"
 echo -e "${YELLOW}🌐 Building and deploying Pages...${NC}"
 if ! npm run deploy-pages; then
@@ -142,11 +155,12 @@ echo -e "${BLUE}Deployed Components:${NC}"
 echo "  ✅ Worker dependencies (npm install)"
 echo "  ✅ 7 Cloudflare Workers"
 echo "  ✅ Worker environment variables"
+echo "  ✅ Pages environment variables"
 echo "  ✅ Cloudflare Pages frontend"
 echo ""
 echo -e "${BLUE}Next Steps:${NC}"
 echo "  1. Test your application endpoints"
 echo "  2. Verify all services are working"
-echo "  3. Configure custom domain (optional)"
+echo "  3. Verify worker and Pages secrets are set as expected"
 echo ""
 echo -e "${GREEN}✨ Your Striae application is now fully deployed!${NC}"