@striae-org/striae 3.3.0 → 4.0.0

package/.env.example

@@ -64,7 +64,7 @@ DATA_BUCKET_NAME=your_data_bucket_name_here
 DATA_WORKER_DOMAIN=your_data_worker_domain_here
 # Auto-generated by scripts/deploy-config.sh when placeholders are detected.
 MANIFEST_SIGNING_PRIVATE_KEY=your_manifest_signing_private_key_here
-MANIFEST_SIGNING_KEY_ID=forensic-signing-key-v1
+MANIFEST_SIGNING_KEY_ID=your_manifest_signing_key_id_here
 MANIFEST_SIGNING_PUBLIC_KEY=your_manifest_signing_public_key_here
 
 # ================================

package/app/components/actions/case-export/core-export.ts

@@ -183,7 +183,8 @@ export async function exportAllCases(
 export async function exportCaseData(
   user: User,
   caseNumber: string,
-  options: ExportOptions = {}
+  options: ExportOptions = {},
+  onProgress?: (current: number, total: number, label: string) => void
 ): Promise<CaseExportData> {
   // NOTE: startTime and fileName tracking moved to download handlers
   
@@ -225,7 +226,8 @@ export async function exportCaseData(
     let earliestAnnotationDate: string | undefined;
     let latestAnnotationDate: string | undefined;
 
-    for (const file of files) {
+    for (let fileIndex = 0; fileIndex < files.length; fileIndex++) {
+      const file = files[fileIndex];
       let annotations: AnnotationData | undefined;
       let hasAnnotations = false;
 
@@ -287,6 +289,7 @@ export async function exportCaseData(
         annotations,
         hasAnnotations
       });
+      onProgress?.(fileIndex + 1, files.length, `Loading file ${fileIndex + 1} of ${files.length}`);
     }
 
     // Build export data

package/app/components/actions/case-import/confirmation-import.ts

@@ -1,14 +1,11 @@
 import type { User } from 'firebase/auth';
-import paths from '~/config/config.json';
-import { getDataApiKey } from '~/utils/auth';
+import { fetchDataApi } from '~/utils/data-api-client';
 import { type ConfirmationImportResult, type ConfirmationImportData } from '~/types';
 import { checkExistingCase } from '../case-manage';
 import { extractConfirmationImportPackage } from './confirmation-package';
 import { validateExporterUid, validateConfirmationHash, validateConfirmationSignatureFile } from './validation';
 import { auditService } from '~/services/audit';
 
-const DATA_WORKER_URL = paths.data_worker_url;
-
 interface CaseDataFile {
   id: string;
   originalFilename?: string;
@@ -113,13 +110,13 @@ export async function importConfirmationData(
     onProgress?.('Processing confirmations', 60, 'Validating timestamps and updating annotations...');
 
     // Get case data to find image IDs
-    const apiKey = await getDataApiKey();
-    const caseResponse = await fetch(`${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(result.caseNumber)}/data.json`, {
-      method: 'GET',
-      headers: {
-        'X-Custom-Auth-Key': apiKey
+    const caseResponse = await fetchDataApi(
+      user,
+      `/${encodeURIComponent(user.uid)}/${encodeURIComponent(result.caseNumber)}/data.json`,
+      {
+        method: 'GET'
       }
-    });
+    );
 
     if (!caseResponse.ok) {
       throw new Error(`Failed to fetch case data: ${caseResponse.status}`);
@@ -159,12 +156,13 @@ export async function importConfirmationData(
       const displayFilename = currentFile?.originalFilename || currentImageId;
 
       // Get current annotation data for this image
-      const annotationResponse = await fetch(`${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(result.caseNumber)}/${encodeURIComponent(currentImageId)}/data.json`, {
-        method: 'GET',
-        headers: {
-          'X-Custom-Auth-Key': apiKey
+      const annotationResponse = await fetchDataApi(
+        user,
+        `/${encodeURIComponent(user.uid)}/${encodeURIComponent(result.caseNumber)}/${encodeURIComponent(currentImageId)}/data.json`,
+        {
+          method: 'GET'
         }
-      });
+      );
 
       let annotationData: AnnotationImportData = {};
       if (annotationResponse.ok) {
@@ -216,14 +214,17 @@ export async function importConfirmationData(
       };
 
       // Save updated annotation data
-      const saveResponse = await fetch(`${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(result.caseNumber)}/${encodeURIComponent(currentImageId)}/data.json`, {
-        method: 'PUT',
-        headers: {
-          'Content-Type': 'application/json',
-          'X-Custom-Auth-Key': apiKey
-        },
-        body: JSON.stringify(updatedAnnotationData)
-      });
+      const saveResponse = await fetchDataApi(
+        user,
+        `/${encodeURIComponent(user.uid)}/${encodeURIComponent(result.caseNumber)}/${encodeURIComponent(currentImageId)}/data.json`,
+        {
+          method: 'PUT',
+          headers: {
+            'Content-Type': 'application/json'
+          },
+          body: JSON.stringify(updatedAnnotationData)
+        }
+      );
 
       if (saveResponse.ok) {
         result.imagesUpdated++;

package/app/components/actions/case-import/image-operations.ts

@@ -1,61 +1,32 @@
-import paths from '~/config/config.json';
-import { getImageApiKey } from '~/utils/auth';
-import { type FileData, type ImageUploadResponse } from '~/types';
-
-const IMAGE_WORKER_URL = paths.image_worker_url;
+import type { User } from 'firebase/auth';
+import { uploadImageApi } from '~/utils/image-api-client';
+import { type FileData } from '~/types';
 
 /**
  * Upload image blob to image worker and get file data
  */
 export async function uploadImageBlob(
+  user: User,
   imageBlob: Blob, 
   originalFilename: string,
   onProgress?: (filename: string, progress: number) => void
 ): Promise<FileData> {
-  const imagesApiToken = await getImageApiKey();
-  
-  return new Promise((resolve, reject) => {
-    const xhr = new XMLHttpRequest();
-    const formData = new FormData();
-    
-    // Create a File object from the blob to preserve the filename
-    const file = new File([imageBlob], originalFilename, { type: imageBlob.type });
-    formData.append('file', file);
-
-    xhr.upload.addEventListener('progress', (event) => {
-      if (event.lengthComputable && onProgress) {
-        const progress = Math.round((event.loaded / event.total) * 100);
-        onProgress(originalFilename, progress);
-      }
-    });
-
-    xhr.addEventListener('load', async () => {
-      if (xhr.status === 200) {
-        try {
-          const imageData = JSON.parse(xhr.responseText) as ImageUploadResponse;
-          if (!imageData.success) {
-            throw new Error(`Upload failed: ${imageData.errors?.join(', ') || 'Unknown error'}`);
-          }
-
-          const fileData: FileData = {
-            id: imageData.result.id,
-            originalFilename: originalFilename,
-            uploadedAt: new Date().toISOString()
-          };
-
-          resolve(fileData);
-        } catch (error) {
-          reject(error);
-        }
-      } else {
-        reject(new Error(`Upload failed with status ${xhr.status}`));
-      }
-    });
+  // Create a File object from the blob to preserve the filename
+  const file = new File([imageBlob], originalFilename, { type: imageBlob.type });
+  const imageData = await uploadImageApi(user, file, (progress) => {
+    if (onProgress) {
+      onProgress(originalFilename, progress);
+    }
+  });
 
-    xhr.addEventListener('error', () => reject(new Error('Upload failed')));
+  const uploadedImageId = imageData.result?.id;
+  if (!uploadedImageId) {
+    throw new Error('Upload failed: missing image identifier');
+  }
 
-    xhr.open('POST', IMAGE_WORKER_URL);
-    xhr.setRequestHeader('Authorization', `Bearer ${imagesApiToken}`);
-    xhr.send(formData);
-  });
+  return {
+    id: uploadedImageId,
+    originalFilename,
+    uploadedAt: new Date().toISOString()
+  };
 }

package/app/components/actions/case-import/orchestrator.ts

@@ -283,7 +283,7 @@ export async function importCaseForReview(
         const originalFileEntry = caseData.files.find(f => f.fileData.id === originalImageId);
         const originalFilename = originalFileEntry?.fileData.originalFilename || exportFilename;
         
-        const fileData = await uploadImageBlob(blob, originalFilename, (fname, progress) => {
+        const fileData = await uploadImageBlob(user, blob, originalFilename, (fname, progress) => {
           const overallProgress = 30 + (uploadedCount / totalImages) * 40 + (progress / totalImages) * 0.4;
           onProgress?.('Uploading images', overallProgress, `Uploading ${fname}...`);
         });

package/app/components/actions/case-import/storage-operations.ts

@@ -1,9 +1,5 @@
 import type { User } from 'firebase/auth';
-import paths from '~/config/config.json';
-import { 
-  getDataApiKey,
-  getUserApiKey
-} from '~/utils/auth';
+import { fetchDataApi } from '~/utils/data-api-client';
 import {
   getUserReadOnlyCases,
   updateUserData,
@@ -11,7 +7,6 @@ import {
 } from '~/utils/permissions';
 import { 
   type CaseExportData,   
-  type ExtendedUserData,
   type FileData,
   type CaseData,
   type ReadOnlyCaseMetadata
@@ -19,9 +14,6 @@ import {
 import { deleteFile } from '../image-manage';
 import { type SignedForensicManifest } from '~/utils/SHA256';
 
-const USER_WORKER_URL = paths.user_worker_url;
-const DATA_WORKER_URL = paths.data_worker_url;
-
 /**
  * Check if user already has a read-only case with the same number
  */
@@ -91,8 +83,6 @@ export async function storeCaseDataInR2(
   forensicManifest?: SignedForensicManifest
 ): Promise<void> {
   try {
-    const apiKey = await getDataApiKey();
-    
     // Convert the mapping to a plain object for JSON serialization
     const originalImageIds = originalImageIdMapping ? 
       Object.fromEntries(originalImageIdMapping) : undefined;
@@ -122,14 +112,17 @@ export async function storeCaseDataInR2(
     };
     
     // Store in R2
-    const response = await fetch(`${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`, {
-      method: 'PUT',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
-      },
-      body: JSON.stringify(r2CaseData)
-    });
+    const response = await fetchDataApi(
+      user,
+      `/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`,
+      {
+        method: 'PUT',
+        headers: {
+          'Content-Type': 'application/json'
+        },
+        body: JSON.stringify(r2CaseData)
+      }
+    );
 
     if (!response.ok) {
       throw new Error(`Failed to store case data: ${response.status}`);
@@ -146,24 +139,7 @@ export async function storeCaseDataInR2(
  */
 export async function listReadOnlyCases(user: User): Promise<ReadOnlyCaseMetadata[]> {
   try {
-    const apiKey = await getUserApiKey();
-    
-    const response = await fetch(`${USER_WORKER_URL}/${encodeURIComponent(user.uid)}`, {
-      method: 'GET',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
-      }
-    });
-
-    if (!response.ok) {
-      console.error('Failed to fetch user data:', response.status);
-      return [];
-    }
-
-    const userData: ExtendedUserData = await response.json();
-    
-    return userData.readOnlyCases || [];
+    return await getUserReadOnlyCases(user);
     
   } catch (error) {
     console.error('Error listing read-only cases:', error);
@@ -176,48 +152,20 @@ export async function listReadOnlyCases(user: User): Promise<ReadOnlyCaseMetadat
  */
 export async function removeReadOnlyCase(user: User, caseNumber: string): Promise<boolean> {
   try {
-    const apiKey = await getUserApiKey();
-    
-    // Get current user data
-    const response = await fetch(`${USER_WORKER_URL}/${encodeURIComponent(user.uid)}`, {
-      method: 'GET',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
-      }
-    });
-
-    if (!response.ok) {
-      throw new Error(`Failed to fetch user data: ${response.status}`);
-    }
-
-    const userData: ExtendedUserData = await response.json();
-    
-    if (!userData.readOnlyCases) {
+    const currentReadOnlyCases = await getUserReadOnlyCases(user);
+    if (!currentReadOnlyCases.length) {
       return false; // Nothing to remove
     }
     
     // Remove the case from the list
-    const initialLength = userData.readOnlyCases.length;
-    userData.readOnlyCases = userData.readOnlyCases.filter(c => c.caseNumber !== caseNumber);
+    const nextReadOnlyCases = currentReadOnlyCases.filter(c => c.caseNumber !== caseNumber);
     
-    if (userData.readOnlyCases.length === initialLength) {
+    if (nextReadOnlyCases.length === currentReadOnlyCases.length) {
       return false; // Case wasn't found
     }
     
     // Update user data
-    const updateResponse = await fetch(`${USER_WORKER_URL}/${encodeURIComponent(user.uid)}`, {
-      method: 'PUT',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
-      },
-      body: JSON.stringify(userData)
-    });
-
-    if (!updateResponse.ok) {
-      throw new Error(`Failed to update user data: ${updateResponse.status}`);
-    }
+    await updateUserData(user, { readOnlyCases: nextReadOnlyCases });
     
     return true;
     
@@ -232,30 +180,47 @@ export async function removeReadOnlyCase(user: User, caseNumber: string): Promis
  */
 export async function deleteReadOnlyCase(user: User, caseNumber: string): Promise<boolean> {
   try {
-    const dataApiKey = await getDataApiKey();
-    
     // Get case data first to get file IDs for deletion
-    const caseResponse = await fetch(`${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`, {
-      headers: { 'X-Custom-Auth-Key': dataApiKey }
-    });
+    const caseResponse = await fetchDataApi(
+      user,
+      `/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`,
+      {
+        method: 'GET'
+      }
+    );
+
+    if (caseResponse.status === 404) {
+      // No backing data object exists; only remove the case reference from user metadata.
+      await removeReadOnlyCase(user, caseNumber);
+      return true;
+    }
 
-    if (caseResponse.ok) {
-      const caseData = await caseResponse.json() as CaseData;
+    if (!caseResponse.ok) {
+      throw new Error(`Failed to fetch read-only case data for deletion: ${caseResponse.status}`);
+    }
+
+    const caseData = await caseResponse.json() as CaseData;
+
+    // Delete all files using data worker
+    if (caseData.files && caseData.files.length > 0) {
+      await Promise.all(
+        caseData.files.map((file: FileData) => 
+          deleteFile(user, caseNumber, file.id, 'Read-only case clearing - API operation')
+        )
+      );
+    }
 
-      // Delete all files using data worker
-      if (caseData.files && caseData.files.length > 0) {
-        await Promise.all(
-          caseData.files.map((file: FileData) => 
-            deleteFile(user, caseNumber, file.id, 'Read-only case clearing - API operation')
-          )
-        );
+    // Delete case file using data worker
+    const deleteCaseResponse = await fetchDataApi(
+      user,
+      `/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`,
+      {
+        method: 'DELETE'
       }
+    );
 
-      // Delete case file using data worker
-      await fetch(`${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`, {
-        method: 'DELETE',
-        headers: { 'X-Custom-Auth-Key': dataApiKey }
-      });
+    if (!deleteCaseResponse.ok && deleteCaseResponse.status !== 404) {
+      throw new Error(`Failed to delete read-only case data: ${deleteCaseResponse.status}`);
     }
     
     // Remove from user's read-only case list (separate from regular cases)

package/app/components/actions/case-import/validation.ts

@@ -1,27 +1,16 @@
 import type { User } from 'firebase/auth';
-import paths from '~/config/config.json';
-import { getUserApiKey } from '~/utils/auth';
+import { checkUserExistsApi } from '~/utils/user-api-client';
 import { type CaseExportData, type ConfirmationImportData } from '~/types';
 import { type ManifestSignatureVerificationResult } from '~/utils/SHA256';
 import { verifyConfirmationSignature } from '~/utils/confirmation-signature';
 export { removeForensicWarning, validateConfirmationHash } from '~/utils/export-verification';
 
-const USER_WORKER_URL = paths.user_worker_url;
-
 /**
  * Validate that a user exists in the database by UID and is not the current user
  */
 export async function validateExporterUid(exporterUid: string, currentUser: User): Promise<{ exists: boolean; isSelf: boolean }> {
   try {
-    const apiKey = await getUserApiKey();
-    const response = await fetch(`${USER_WORKER_URL}/${exporterUid}`, {
-      method: 'GET',
-      headers: {
-        'X-Custom-Auth-Key': apiKey
-      }
-    });
-    
-    const exists = response.status === 200;
+    const exists = await checkUserExistsApi(currentUser, exporterUid);
     const isSelf = exporterUid === currentUser.uid;
     
     return { exists, isSelf };

package/app/components/actions/case-manage.ts

@@ -15,8 +15,7 @@ import {
 } from '~/utils/data-operations';
 import { type CaseData, type ReadOnlyCaseData, type FileData } from '~/types';
 import { auditService } from '~/services/audit';
-import { getImageApiKey } from '~/utils/auth';
-import paths from '~/config/config.json';
+import { fetchImageApi } from '~/utils/image-api-client';
 
 /**
  * Delete a file without individual audit logging (for bulk operations)
@@ -34,34 +33,17 @@ const deleteFileWithoutAudit = async (user: User, caseNumber: string, fileId: st
     throw new Error('File not found in case');
   }
 
-  // Delete the image file from Cloudflare Images (but don't audit this individual operation)
-  try {
-    const IMAGE_URL = paths.image_worker_url;
-    
-    const imagesApiToken = await getImageApiKey();
-    const imageResponse = await fetch(`${IMAGE_URL}/${fileId}`, {
-      method: 'DELETE',
-      headers: {
-        'Authorization': `Bearer ${imagesApiToken}`
-      }
-    });
+  // Delete image file and fail fast on non-404 failures so case deletion can be retried safely
+  const imageResponse = await fetchImageApi(user, `/${encodeURIComponent(fileId)}`, {
+    method: 'DELETE'
+  });
 
-    // Only fail if it's not a 404 (file might already be deleted)
-    if (!imageResponse.ok && imageResponse.status !== 404) {
-      throw new Error(`Failed to delete image: ${imageResponse.statusText}`);
-    }
-  } catch (error) {
-    console.warn(`Image deletion warning for ${fileToDelete.originalFilename}:`, error);
-    // Continue with data cleanup even if image deletion fails
+  if (!imageResponse.ok && imageResponse.status !== 404) {
+    throw new Error(`Failed to delete image: ${imageResponse.status} ${imageResponse.statusText}`);
   }
 
-  // Delete annotation data
-  try {
-    await deleteFileAnnotations(user, caseNumber, fileId);
-  } catch (error) {
-    // Annotation file might not exist, continue
-    console.warn(`Annotation deletion warning for ${fileToDelete.originalFilename}:`, error);
-  }
+  // Delete annotation data (404s are handled by deleteFileAnnotations)
+  await deleteFileAnnotations(user, caseNumber, fileId);
 
   // Update case data to remove file reference
   const updatedData: CaseData = {
@@ -466,6 +448,12 @@ export const deleteCase = async (user: User, caseNumber: string): Promise<void>
       } catch (auditError) {
         console.error('⚠️  Failed to log batch file deletion (continuing with case deletion):', auditError);
       }
+
+      if (failedFiles.length > 0) {
+        throw new Error(
+          `Case deletion aborted: failed to delete ${failedFiles.length} file(s): ${failedFiles.map(f => f.originalFilename).join(', ')}`
+        );
+      }
     }
 
     // Remove case from user data first (so user loses access immediately)

package/app/components/actions/generate-pdf.ts

@@ -1,8 +1,7 @@
-import paths from '~/config/config.json';
 import { type AnnotationData } from '~/types/annotations';
 import { auditService } from '~/services/audit';
-import { getPdfApiKey } from '~/utils/auth';
 import type { User } from 'firebase/auth';
+import { fetchPdfApi } from '~/utils/pdf-api-client';
 
 interface GeneratePDFParams {
   user: User;
@@ -75,13 +74,10 @@ export const generatePDF = async ({
       data: pdfData,
     };
 
-    const pdfAuthKey = await getPdfApiKey();
-
-    const response = await fetch(paths.pdf_worker_url, {
+    const response = await fetchPdfApi(user, '/', {
       method: 'POST',
       headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': pdfAuthKey,
+        'Content-Type': 'application/json'
       },
       body: JSON.stringify(pdfRequest)
     });