@striae-org/striae 3.2.2 → 4.0.0

package/app/components/actions/case-import/storage-operations.ts

@@ -1,9 +1,5 @@
 import type { User } from 'firebase/auth';
-import paths from '~/config/config.json';
-import { 
-  getDataApiKey,
-  getUserApiKey
-} from '~/utils/auth';
+import { fetchDataApi } from '~/utils/data-api-client';
 import {
   getUserReadOnlyCases,
   updateUserData,
@@ -11,7 +7,6 @@ import {
 } from '~/utils/permissions';
 import { 
   type CaseExportData,   
-  type ExtendedUserData,
   type FileData,
   type CaseData,
   type ReadOnlyCaseMetadata
@@ -19,9 +14,6 @@ import {
 import { deleteFile } from '../image-manage';
 import { type SignedForensicManifest } from '~/utils/SHA256';
 
-const USER_WORKER_URL = paths.user_worker_url;
-const DATA_WORKER_URL = paths.data_worker_url;
-
 /**
  * Check if user already has a read-only case with the same number
  */
@@ -91,8 +83,6 @@ export async function storeCaseDataInR2(
   forensicManifest?: SignedForensicManifest
 ): Promise<void> {
   try {
-    const apiKey = await getDataApiKey();
-    
     // Convert the mapping to a plain object for JSON serialization
     const originalImageIds = originalImageIdMapping ? 
       Object.fromEntries(originalImageIdMapping) : undefined;
@@ -122,14 +112,17 @@ export async function storeCaseDataInR2(
     };
     
     // Store in R2
-    const response = await fetch(`${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`, {
-      method: 'PUT',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
-      },
-      body: JSON.stringify(r2CaseData)
-    });
+    const response = await fetchDataApi(
+      user,
+      `/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`,
+      {
+        method: 'PUT',
+        headers: {
+          'Content-Type': 'application/json'
+        },
+        body: JSON.stringify(r2CaseData)
+      }
+    );
 
     if (!response.ok) {
       throw new Error(`Failed to store case data: ${response.status}`);
@@ -146,24 +139,7 @@ export async function storeCaseDataInR2(
  */
 export async function listReadOnlyCases(user: User): Promise<ReadOnlyCaseMetadata[]> {
   try {
-    const apiKey = await getUserApiKey();
-    
-    const response = await fetch(`${USER_WORKER_URL}/${encodeURIComponent(user.uid)}`, {
-      method: 'GET',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
-      }
-    });
-
-    if (!response.ok) {
-      console.error('Failed to fetch user data:', response.status);
-      return [];
-    }
-
-    const userData: ExtendedUserData = await response.json();
-    
-    return userData.readOnlyCases || [];
+    return await getUserReadOnlyCases(user);
     
   } catch (error) {
     console.error('Error listing read-only cases:', error);
@@ -176,48 +152,20 @@ export async function listReadOnlyCases(user: User): Promise<ReadOnlyCaseMetadat
  */
 export async function removeReadOnlyCase(user: User, caseNumber: string): Promise<boolean> {
   try {
-    const apiKey = await getUserApiKey();
-    
-    // Get current user data
-    const response = await fetch(`${USER_WORKER_URL}/${encodeURIComponent(user.uid)}`, {
-      method: 'GET',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
-      }
-    });
-
-    if (!response.ok) {
-      throw new Error(`Failed to fetch user data: ${response.status}`);
-    }
-
-    const userData: ExtendedUserData = await response.json();
-    
-    if (!userData.readOnlyCases) {
+    const currentReadOnlyCases = await getUserReadOnlyCases(user);
+    if (!currentReadOnlyCases.length) {
       return false; // Nothing to remove
     }
     
     // Remove the case from the list
-    const initialLength = userData.readOnlyCases.length;
-    userData.readOnlyCases = userData.readOnlyCases.filter(c => c.caseNumber !== caseNumber);
+    const nextReadOnlyCases = currentReadOnlyCases.filter(c => c.caseNumber !== caseNumber);
     
-    if (userData.readOnlyCases.length === initialLength) {
+    if (nextReadOnlyCases.length === currentReadOnlyCases.length) {
       return false; // Case wasn't found
     }
     
     // Update user data
-    const updateResponse = await fetch(`${USER_WORKER_URL}/${encodeURIComponent(user.uid)}`, {
-      method: 'PUT',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
-      },
-      body: JSON.stringify(userData)
-    });
-
-    if (!updateResponse.ok) {
-      throw new Error(`Failed to update user data: ${updateResponse.status}`);
-    }
+    await updateUserData(user, { readOnlyCases: nextReadOnlyCases });
     
     return true;
     
@@ -232,30 +180,47 @@ export async function removeReadOnlyCase(user: User, caseNumber: string): Promis
  */
 export async function deleteReadOnlyCase(user: User, caseNumber: string): Promise<boolean> {
   try {
-    const dataApiKey = await getDataApiKey();
-    
     // Get case data first to get file IDs for deletion
-    const caseResponse = await fetch(`${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`, {
-      headers: { 'X-Custom-Auth-Key': dataApiKey }
-    });
+    const caseResponse = await fetchDataApi(
+      user,
+      `/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`,
+      {
+        method: 'GET'
+      }
+    );
+
+    if (caseResponse.status === 404) {
+      // No backing data object exists; only remove the case reference from user metadata.
+      await removeReadOnlyCase(user, caseNumber);
+      return true;
+    }
 
-    if (caseResponse.ok) {
-      const caseData = await caseResponse.json() as CaseData;
+    if (!caseResponse.ok) {
+      throw new Error(`Failed to fetch read-only case data for deletion: ${caseResponse.status}`);
+    }
+
+    const caseData = await caseResponse.json() as CaseData;
+
+    // Delete all files using data worker
+    if (caseData.files && caseData.files.length > 0) {
+      await Promise.all(
+        caseData.files.map((file: FileData) => 
+          deleteFile(user, caseNumber, file.id, 'Read-only case clearing - API operation')
+        )
+      );
+    }
 
-      // Delete all files using data worker
-      if (caseData.files && caseData.files.length > 0) {
-        await Promise.all(
-          caseData.files.map((file: FileData) => 
-            deleteFile(user, caseNumber, file.id, 'Read-only case clearing - API operation')
-          )
-        );
+    // Delete case file using data worker
+    const deleteCaseResponse = await fetchDataApi(
+      user,
+      `/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`,
+      {
+        method: 'DELETE'
       }
+    );
 
-      // Delete case file using data worker
-      await fetch(`${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`, {
-        method: 'DELETE',
-        headers: { 'X-Custom-Auth-Key': dataApiKey }
-      });
+    if (!deleteCaseResponse.ok && deleteCaseResponse.status !== 404) {
+      throw new Error(`Failed to delete read-only case data: ${deleteCaseResponse.status}`);
     }
     
     // Remove from user's read-only case list (separate from regular cases)

package/app/components/actions/case-import/validation.ts

@@ -1,82 +1,16 @@
 import type { User } from 'firebase/auth';
-import paths from '~/config/config.json';
-import { getUserApiKey } from '~/utils/auth';
+import { checkUserExistsApi } from '~/utils/user-api-client';
 import { type CaseExportData, type ConfirmationImportData } from '~/types';
-import { calculateSHA256Secure, type ManifestSignatureVerificationResult } from '~/utils/SHA256';
+import { type ManifestSignatureVerificationResult } from '~/utils/SHA256';
 import { verifyConfirmationSignature } from '~/utils/confirmation-signature';
-
-const USER_WORKER_URL = paths.user_worker_url;
-
-/**
- * Remove forensic warning from content for hash validation (supports both JSON and CSV formats)
- * This function ensures exact match with the content used during export hash generation
- */
-export function removeForensicWarning(content: string): string {
-  // Handle JSON forensic warnings (block comment format)
-  // /* CASE DATA WARNING
-  //  * This file contains evidence data for forensic examination.
-  //  * Any modification may compromise the integrity of the evidence.
-  //  * Handle according to your organization's chain of custody procedures.
-  //  * 
-  //  * File generated: YYYY-MM-DDTHH:mm:ss.sssZ
-  //  */
-  const jsonForensicWarningRegex = /^\/\*\s*CASE\s+DATA\s+WARNING[\s\S]*?\*\/\s*\r?\n*/;
-  
-  // Handle CSV forensic warnings (quoted string format at the beginning of file)
-  // CRITICAL: The CSV forensic warning is ONLY the first quoted line, followed by two newlines
-  // Format: "CASE DATA WARNING: This file contains evidence data for forensic examination. Any modification may compromise the integrity of the evidence. Handle according to your organization's chain of custody procedures."\n\n
-  // 
-  // After removal, what remains should be the csvWithHash content:
-  // # Striae Case Export - Generated: ...
-  // # Case: ...
-  // # Total Files: ...
-  // # SHA256 Hash: ...
-  // # Verification: ...
-  //
-  // [actual CSV data]
-  // More robust regex to handle various line endings and exact format from generation
-  const csvForensicWarningRegex = /^"CASE DATA WARNING: This file contains evidence data for forensic examination\. Any modification may compromise the integrity of the evidence\. Handle according to your organization's chain of custody procedures\."(?:\r?\n){2}/;
-  
-  let cleaned = content;
-  
-  // Try JSON format first
-  if (jsonForensicWarningRegex.test(content)) {
-    cleaned = content.replace(jsonForensicWarningRegex, '');
-  }
-  // Try CSV format with exact pattern match
-  else if (csvForensicWarningRegex.test(content)) {
-    cleaned = content.replace(csvForensicWarningRegex, '');
-  }
-  // Fallback: try broader CSV pattern in case of slight format differences
-  else if (content.startsWith('"CASE DATA WARNING:')) {
-    // Find the end of the first quoted string followed by newlines
-    const match = content.match(/^"[^"]*"(?:\r?\n)+/);
-    if (match) {
-      cleaned = content.substring(match[0].length);
-    }
-  }
-  
-  // Additional cleanup: remove any leading whitespace that might remain
-  // This ensures we match exactly what the generation functions produce with protectForensicData: false
-  cleaned = cleaned.replace(/^\s+/, '');
-  
-  return cleaned;
-}
+export { removeForensicWarning, validateConfirmationHash } from '~/utils/export-verification';
 
 /**
  * Validate that a user exists in the database by UID and is not the current user
  */
 export async function validateExporterUid(exporterUid: string, currentUser: User): Promise<{ exists: boolean; isSelf: boolean }> {
   try {
-    const apiKey = await getUserApiKey();
-    const response = await fetch(`${USER_WORKER_URL}/${exporterUid}`, {
-      method: 'GET',
-      headers: {
-        'X-Custom-Auth-Key': apiKey
-      }
-    });
-    
-    const exists = response.status === 200;
+    const exists = await checkUserExistsApi(currentUser, exporterUid);
     const isSelf = exporterUid === currentUser.uid;
     
     return { exists, isSelf };
@@ -93,45 +27,6 @@ export function isConfirmationDataFile(filename: string): boolean {
   return filename.startsWith('confirmation-data') && filename.endsWith('.json');
 }
 
-/**
- * Validate confirmation data file hash
- */
-export async function validateConfirmationHash(jsonContent: string, expectedHash: string): Promise<boolean> {
-  try {
-    // Validate input parameters
-    if (!expectedHash || typeof expectedHash !== 'string') {
-      console.error('validateConfirmationHash: expected hash input is invalid');
-      return false;
-    }
-
-    // Create data without hash for validation
-    const data = JSON.parse(jsonContent);
-    const dataWithoutHash = {
-      ...data,
-      metadata: {
-        ...data.metadata,
-        hash: undefined
-      }
-    };
-    delete dataWithoutHash.metadata.hash;
-    delete dataWithoutHash.metadata.signature;
-    delete dataWithoutHash.metadata.signatureVersion;
-    
-    const contentForHash = JSON.stringify(dataWithoutHash, null, 2);
-    const actualHash = await calculateSHA256Secure(contentForHash);
-    
-    if (!actualHash) {
-      console.error('validateConfirmationHash: failed to calculate hash');
-      return false;
-    }
-    
-    return actualHash.toUpperCase() === expectedHash.toUpperCase();
-  } catch {
-    console.error('validateConfirmationHash: validation failed');
-    return false;
-  }
-}
-
 /**
  * Validate imported case data integrity (optional verification)
  */
@@ -183,7 +78,8 @@ export function validateCaseIntegrity(
  * Validate confirmation data file signature.
  */
 export async function validateConfirmationSignatureFile(
-  confirmationData: Partial<ConfirmationImportData>
+  confirmationData: Partial<ConfirmationImportData>,
+  verificationPublicKeyPem?: string
 ): Promise<ManifestSignatureVerificationResult> {
-  return verifyConfirmationSignature(confirmationData);
+  return verifyConfirmationSignature(confirmationData, verificationPublicKeyPem);
 }

package/app/components/actions/case-import/zip-processing.ts

@@ -9,6 +9,41 @@ import {
 } from '~/utils/SHA256';
 import { validateExporterUid, removeForensicWarning } from './validation';
 
+function getLeafFileName(path: string): string {
+  const segments = path.split('/').filter(Boolean);
+  return segments.length > 0 ? segments[segments.length - 1] : path;
+}
+
+function selectPreferredPemPath(pemPaths: string[]): string | undefined {
+  if (pemPaths.length === 0) {
+    return undefined;
+  }
+
+  const sortedPaths = [...pemPaths].sort((left, right) => left.localeCompare(right));
+  const preferred = sortedPaths.find((path) =>
+    /^striae-public-signing-key.*\.pem$/i.test(getLeafFileName(path))
+  );
+
+  return preferred ?? sortedPaths[0];
+}
+
+async function extractVerificationPublicKeyFromZip(
+  zip: {
+    files: Record<string, { dir: boolean }>;
+    file: (path: string) => { async: (type: 'text') => Promise<string> } | null;
+  }
+): Promise<string | undefined> {
+  const filePaths = Object.keys(zip.files).filter((path) => !zip.files[path].dir);
+  const pemPaths = filePaths.filter((path) => getLeafFileName(path).toLowerCase().endsWith('.pem'));
+  const preferredPemPath = selectPreferredPemPath(pemPaths);
+
+  if (!preferredPemPath) {
+    return undefined;
+  }
+
+  return zip.file(preferredPemPath)?.async('text');
+}
+
 /**
  * Extract original image ID from export filename format
  * Format: {originalFilename}-{id}.{extension}
@@ -51,6 +86,7 @@ export async function previewCaseImport(zipFile: File, currentUser: User): Promi
   
   try {
     const zip = await JSZip.loadAsync(zipFile);
+    const verificationPublicKeyPem = await extractVerificationPublicKeyFromZip(zip);
     
     // First, validate hash if forensic metadata exists
     let hashValid: boolean | undefined = undefined;
@@ -128,7 +164,10 @@ export async function previewCaseImport(zipFile: File, currentUser: User): Promi
               }));
             }
 
-            const signatureResult = await verifyForensicManifestSignature(forensicManifest);
+            const signatureResult = await verifyForensicManifestSignature(
+              forensicManifest,
+              verificationPublicKeyPem
+            );
           
             // Perform comprehensive validation
             const validation = await validateForensicIntegrity(
@@ -267,12 +306,14 @@ export async function parseImportZip(zipFile: File, currentUser: User): Promise<
   imageIdMapping: { [exportFilename: string]: string }; // exportFilename -> originalImageId
   metadata?: Record<string, unknown>;
   cleanedContent?: string; // Add cleaned content for hash validation
+  verificationPublicKeyPem?: string;
 }> {
   // Dynamic import of JSZip to avoid bundle size issues
   const JSZip = (await import('jszip')).default;
   
   try {
     const zip = await JSZip.loadAsync(zipFile);
+    const verificationPublicKeyPem = await extractVerificationPublicKeyFromZip(zip);
     
     // Find the main data file (JSON or CSV)
     const dataFiles = Object.keys(zip.files).filter(name => 
@@ -367,7 +408,8 @@ export async function parseImportZip(zipFile: File, currentUser: User): Promise<
       imageFiles,
       imageIdMapping,
       metadata,
-      cleanedContent
+      cleanedContent,
+      verificationPublicKeyPem
     };
     
   } catch (error) {

package/app/components/actions/case-manage.ts

@@ -15,8 +15,7 @@ import {
 } from '~/utils/data-operations';
 import { type CaseData, type ReadOnlyCaseData, type FileData } from '~/types';
 import { auditService } from '~/services/audit';
-import { getImageApiKey } from '~/utils/auth';
-import paths from '~/config/config.json';
+import { fetchImageApi } from '~/utils/image-api-client';
 
 /**
  * Delete a file without individual audit logging (for bulk operations)
@@ -34,34 +33,17 @@ const deleteFileWithoutAudit = async (user: User, caseNumber: string, fileId: st
     throw new Error('File not found in case');
   }
 
-  // Delete the image file from Cloudflare Images (but don't audit this individual operation)
-  try {
-    const IMAGE_URL = paths.image_worker_url;
-    
-    const imagesApiToken = await getImageApiKey();
-    const imageResponse = await fetch(`${IMAGE_URL}/${fileId}`, {
-      method: 'DELETE',
-      headers: {
-        'Authorization': `Bearer ${imagesApiToken}`
-      }
-    });
+  // Delete image file and fail fast on non-404 failures so case deletion can be retried safely
+  const imageResponse = await fetchImageApi(user, `/${encodeURIComponent(fileId)}`, {
+    method: 'DELETE'
+  });
 
-    // Only fail if it's not a 404 (file might already be deleted)
-    if (!imageResponse.ok && imageResponse.status !== 404) {
-      throw new Error(`Failed to delete image: ${imageResponse.statusText}`);
-    }
-  } catch (error) {
-    console.warn(`Image deletion warning for ${fileToDelete.originalFilename}:`, error);
-    // Continue with data cleanup even if image deletion fails
+  if (!imageResponse.ok && imageResponse.status !== 404) {
+    throw new Error(`Failed to delete image: ${imageResponse.status} ${imageResponse.statusText}`);
   }
 
-  // Delete annotation data
-  try {
-    await deleteFileAnnotations(user, caseNumber, fileId);
-  } catch (error) {
-    // Annotation file might not exist, continue
-    console.warn(`Annotation deletion warning for ${fileToDelete.originalFilename}:`, error);
-  }
+  // Delete annotation data (404s are handled by deleteFileAnnotations)
+  await deleteFileAnnotations(user, caseNumber, fileId);
 
   // Update case data to remove file reference
   const updatedData: CaseData = {
@@ -466,6 +448,12 @@ export const deleteCase = async (user: User, caseNumber: string): Promise<void>
       } catch (auditError) {
         console.error('⚠️  Failed to log batch file deletion (continuing with case deletion):', auditError);
       }
+
+      if (failedFiles.length > 0) {
+        throw new Error(
+          `Case deletion aborted: failed to delete ${failedFiles.length} file(s): ${failedFiles.map(f => f.originalFilename).join(', ')}`
+        );
+      }
     }
 
     // Remove case from user data first (so user loses access immediately)

package/app/components/actions/confirm-export.ts

@@ -3,6 +3,11 @@ import { calculateSHA256Secure } from '~/utils/SHA256';
 import { getUserData } from '~/utils/permissions';
 import { getCaseData, updateCaseData, signConfirmationData } from '~/utils/data-operations';
 import { type ConfirmationData, type CaseConfirmations, type CaseDataWithConfirmations, type ConfirmationImportData } from '~/types';
+import {
+  createPublicSigningKeyFileName,
+  getCurrentPublicSigningKeyDetails,
+  getVerificationPublicKey
+} from '~/utils/signature-utils';
 import { auditService } from '~/services/audit';
 
 /**
@@ -267,15 +272,8 @@ export async function exportConfirmationData(
       }
     };
 
-    // Convert final data to JSON blob
     const finalJsonString = JSON.stringify(finalExportData, null, 2);
-    const blob = new Blob([finalJsonString], { type: 'application/json' });
-    
-    // Create download
-    const url = URL.createObjectURL(blob);
-    const a = document.createElement('a');
-    a.href = url;
-    
+
     // Use local timezone for filename timestamp
     const now = new Date();
     const year = now.getFullYear();
@@ -285,14 +283,47 @@ export async function exportConfirmationData(
     const minutes = String(now.getMinutes()).padStart(2, '0');
     const seconds = String(now.getSeconds()).padStart(2, '0');
     const timestampString = `${year}${month}${day}-${hours}${minutes}${seconds}`;
+
+    const confirmationFileName = `confirmation-data-${caseNumber}-${timestampString}.json`;
+
+    const keyFromSignature = getVerificationPublicKey(signingResult.signature.keyId);
+    const currentKey = getCurrentPublicSigningKeyDetails();
+    const publicKeyPem = keyFromSignature ?? currentKey.publicKeyPem;
+    const publicKeyFileName = createPublicSigningKeyFileName(
+      keyFromSignature ? signingResult.signature.keyId : currentKey.keyId
+    );
+
+    if (!publicKeyPem || publicKeyPem.trim().length === 0) {
+      throw new Error('No public signing key is configured for confirmation export packaging.');
+    }
+
+    const JSZip = (await import('jszip')).default;
+    const zip = new JSZip();
+    const normalizedPem = publicKeyPem.endsWith('\n') ? publicKeyPem : `${publicKeyPem}\n`;
+
+    zip.file(confirmationFileName, finalJsonString);
+    zip.file(publicKeyFileName, normalizedPem);
+
+    const zipBlob = await zip.generateAsync({
+      type: 'blob',
+      compression: 'DEFLATE',
+      compressionOptions: { level: 6 }
+    });
+
+    const exportFileName = `confirmation-export-${caseNumber}-${timestampString}.zip`;
+
+    // Create download
+    const url = URL.createObjectURL(zipBlob);
+    const a = document.createElement('a');
+    a.href = url;
     
-    a.download = `confirmation-data-${caseNumber}-${timestampString}.json`;
+    a.download = exportFileName;
     document.body.appendChild(a);
     a.click();
     document.body.removeChild(a);
     URL.revokeObjectURL(url);
     
-    console.log(`Confirmation data exported for case ${caseNumber}`);
+    console.log(`Confirmation export ZIP generated for case ${caseNumber}`);
     
     // Log successful confirmation export
     const endTime = Date.now();
@@ -300,14 +331,14 @@ export async function exportConfirmationData(
     await auditService.logConfirmationExport(
       user,
       caseNumber,
-      `confirmation-data-${caseNumber}-${timestampString}.json`,
+      exportFileName,
       confirmationCount,
       'success',
       [],
       undefined, // Original examiner UID not available here
       {
         processingTimeMs: endTime - startTime,
-        fileSizeBytes: new Blob([jsonString]).size,
+        fileSizeBytes: zipBlob.size,
         validationStepsCompleted: confirmationCount,
         validationStepsFailed: 0
       },
@@ -328,7 +359,7 @@ export async function exportConfirmationData(
     await auditService.logConfirmationExport(
       user,
       caseNumber,
-      `confirmation-data-${caseNumber}-error.json`,
+      `confirmation-export-${caseNumber}-error.zip`,
       0,
       'failure',
       [error instanceof Error ? error.message : 'Unknown error'],

package/app/components/actions/generate-pdf.ts

@@ -1,8 +1,7 @@
-import paths from '~/config/config.json';
 import { type AnnotationData } from '~/types/annotations';
 import { auditService } from '~/services/audit';
-import { getPdfApiKey } from '~/utils/auth';
 import type { User } from 'firebase/auth';
+import { fetchPdfApi } from '~/utils/pdf-api-client';
 
 interface GeneratePDFParams {
   user: User;
@@ -75,13 +74,10 @@ export const generatePDF = async ({
       data: pdfData,
     };
 
-    const pdfAuthKey = await getPdfApiKey();
-
-    const response = await fetch(paths.pdf_worker_url, {
+    const response = await fetchPdfApi(user, '/', {
       method: 'POST',
       headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': pdfAuthKey,
+        'Content-Type': 'application/json'
       },
       body: JSON.stringify(pdfRequest)
     });