@striae-org/striae 3.3.0 → 4.0.0

package/app/utils/data-operations.ts

@@ -6,8 +6,7 @@
 
 import type { User } from 'firebase/auth';
 import { type CaseData, type AnnotationData, type ConfirmationImportData } from '~/types';
-import paths from '~/config/config.json';
-import { getDataApiKey } from './auth';
+import { fetchDataApi } from './data-api-client';
 import { validateUserSession, canAccessCase, canModifyCase } from './permissions';
 import {
   type ForensicManifestData,
@@ -21,8 +20,6 @@ import {
   isValidAuditExportSigningPayload
 } from './audit-export-signature';
 
-const DATA_WORKER_URL = paths.data_worker_url;
-
 // ============================================================================
 // INTERFACES AND TYPES
 // ============================================================================
@@ -101,15 +98,13 @@ export const getCaseData = async (
       throw new Error('Invalid case number provided');
     }
 
-    const apiKey = await getDataApiKey();
-    const url = `${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`;
-
-    const response = await fetch(url, {
-      method: 'GET',
-      headers: {
-        'X-Custom-Auth-Key': apiKey
+    const response = await fetchDataApi(
+      user,
+      `/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`,
+      {
+        method: 'GET'
       }
-    });
+    );
 
     if (response.status === 404) {
       return null; // Case not found
@@ -163,23 +158,23 @@ export const updateCaseData = async (
       throw new Error('Invalid case data provided');
     }
 
-    const apiKey = await getDataApiKey();
-    const url = `${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`;
-
     // Add timestamp if requested (default: true)
     const dataToSave = options.includeTimestamp !== false ? {
       ...caseData,
       updatedAt: new Date().toISOString()
     } : caseData;
 
-    const response = await fetch(url, {
-      method: 'PUT',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
-      },
-      body: JSON.stringify(dataToSave)
-    });
+    const response = await fetchDataApi(
+      user,
+      `/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`,
+      {
+        method: 'PUT',
+        headers: {
+          'Content-Type': 'application/json'
+        },
+        body: JSON.stringify(dataToSave)
+      }
+    );
 
     if (!response.ok) {
       throw new Error(`Failed to update case data: ${response.status} ${response.statusText}`);
@@ -216,15 +211,13 @@ export const deleteCaseData = async (
       }
     }
 
-    const apiKey = await getDataApiKey();
-    const url = `${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`;
-
-    const response = await fetch(url, {
-      method: 'DELETE',
-      headers: {
-        'X-Custom-Auth-Key': apiKey
+    const response = await fetchDataApi(
+      user,
+      `/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`,
+      {
+        method: 'DELETE'
       }
-    });
+    );
 
     if (!response.ok && response.status !== 404) {
       throw new Error(`Failed to delete case data: ${response.status} ${response.statusText}`);
@@ -269,15 +262,13 @@ export const getFileAnnotations = async (
       throw new Error('Invalid file ID provided');
     }
 
-    const apiKey = await getDataApiKey();
-    const url = `${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/${encodeURIComponent(fileId)}/data.json`;
-
-    const response = await fetch(url, {
-      method: 'GET',
-      headers: {
-        'X-Custom-Auth-Key': apiKey
+    const response = await fetchDataApi(
+      user,
+      `/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/${encodeURIComponent(fileId)}/data.json`,
+      {
+        method: 'GET'
       }
-    });
+    );
 
     if (response.status === 404) {
       return null; // No annotations found
@@ -334,16 +325,14 @@ export const saveFileAnnotations = async (
       throw new Error('Invalid annotation data provided');
     }
 
-    const apiKey = await getDataApiKey();
-    const url = `${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/${encodeURIComponent(fileId)}/data.json`;
-
     // Enforce immutability once confirmation data exists on an image.
-    const existingResponse = await fetch(url, {
-      method: 'GET',
-      headers: {
-        'X-Custom-Auth-Key': apiKey
+    const existingResponse = await fetchDataApi(
+      user,
+      `/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/${encodeURIComponent(fileId)}/data.json`,
+      {
+        method: 'GET'
       }
-    });
+    );
 
     if (existingResponse.ok) {
       const existingAnnotations = await existingResponse.json() as AnnotationData;
@@ -360,14 +349,17 @@ export const saveFileAnnotations = async (
       updatedAt: new Date().toISOString()
     };
 
-    const response = await fetch(url, {
-      method: 'PUT',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
-      },
-      body: JSON.stringify(dataToSave)
-    });
+    const response = await fetchDataApi(
+      user,
+      `/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/${encodeURIComponent(fileId)}/data.json`,
+      {
+        method: 'PUT',
+        headers: {
+          'Content-Type': 'application/json'
+        },
+        body: JSON.stringify(dataToSave)
+      }
+    );
 
     if (!response.ok) {
       throw new Error(`Failed to save file annotations: ${response.status} ${response.statusText}`);
@@ -407,15 +399,13 @@ export const deleteFileAnnotations = async (
       }
     }
 
-    const apiKey = await getDataApiKey();
-    const url = `${DATA_WORKER_URL}/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/${encodeURIComponent(fileId)}/data.json`;
-
-    const response = await fetch(url, {
-      method: 'DELETE',
-      headers: {
-        'X-Custom-Auth-Key': apiKey
+    const response = await fetchDataApi(
+      user,
+      `/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/${encodeURIComponent(fileId)}/data.json`,
+      {
+        method: 'DELETE'
       }
-    });
+    );
 
     if (!response.ok && response.status !== 404) {
       throw new Error(`Failed to delete file annotations: ${response.status} ${response.statusText}`);
@@ -684,12 +674,10 @@ export const signForensicManifest = async (
       throw new Error(`Manifest signing denied: ${accessCheck.reason}`);
     }
 
-    const apiKey = await getDataApiKey();
-    const response = await fetch(`${DATA_WORKER_URL}/api/forensic/sign-manifest`, {
+    const response = await fetchDataApi(user, '/api/forensic/sign-manifest', {
       method: 'POST',
       headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
+        'Content-Type': 'application/json'
       },
       body: JSON.stringify({
         userId: user.uid,
@@ -752,12 +740,10 @@ export const signConfirmationData = async (
       throw new Error(`Confirmation signing denied: ${accessCheck.reason}`);
     }
 
-    const apiKey = await getDataApiKey();
-    const response = await fetch(`${DATA_WORKER_URL}/api/forensic/sign-confirmation`, {
+    const response = await fetchDataApi(user, '/api/forensic/sign-confirmation', {
       method: 'POST',
       headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
+        'Content-Type': 'application/json'
       },
       body: JSON.stringify({
         userId: user.uid,
@@ -828,12 +814,10 @@ export const signAuditExportData = async (
       }
     }
 
-    const apiKey = await getDataApiKey();
-    const response = await fetch(`${DATA_WORKER_URL}/api/forensic/sign-audit-export`, {
+    const response = await fetchDataApi(user, '/api/forensic/sign-audit-export', {
       method: 'POST',
       headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
+        'Content-Type': 'application/json'
       },
       body: JSON.stringify({
         userId: user.uid,

package/app/utils/image-api-client.ts

@@ -0,0 +1,130 @@
+import type { User } from 'firebase/auth';
+import { type ImageUploadResponse } from '~/types';
+
+const IMAGE_API_BASE = '/api/image';
+
+function normalizePath(path: string): string {
+  if (!path) {
+    return '/';
+  }
+
+  return path.startsWith('/') ? path : `/${path}`;
+}
+
+export async function fetchImageApi(
+  user: User,
+  path: string,
+  init: RequestInit = {}
+): Promise<Response> {
+  const normalizedPath = normalizePath(path);
+  const userWithOptionalToken = user as User & { getIdToken?: () => Promise<string> };
+
+  if (typeof userWithOptionalToken.getIdToken !== 'function') {
+    throw new Error('Unable to authenticate request: missing Firebase token provider');
+  }
+
+  let idToken: string;
+  try {
+    idToken = await userWithOptionalToken.getIdToken();
+  } catch {
+    throw new Error('Unable to authenticate request: failed to retrieve Firebase token');
+  }
+
+  if (!idToken) {
+    throw new Error('Unable to authenticate request: empty Firebase token');
+  }
+
+  const headers = new Headers(init.headers);
+  headers.set('Authorization', `Bearer ${idToken}`);
+
+  return fetch(`${IMAGE_API_BASE}${normalizedPath}`, {
+    ...init,
+    headers
+  });
+}
+
+interface XhrUploadResult {
+  status: number;
+  responseText: string;
+}
+
+function uploadWithXhr(
+  targetUrl: string,
+  authorizationValue: string,
+  file: File,
+  onProgress?: (progress: number) => void
+): Promise<XhrUploadResult> {
+  return new Promise((resolve, reject) => {
+    const xhr = new XMLHttpRequest();
+    const formData = new FormData();
+    formData.append('file', file);
+
+    xhr.upload.addEventListener('progress', (event) => {
+      if (event.lengthComputable && onProgress) {
+        const progress = Math.round((event.loaded / event.total) * 100);
+        onProgress(progress);
+      }
+    });
+
+    xhr.addEventListener('load', () => {
+      resolve({
+        status: xhr.status,
+        responseText: xhr.responseText
+      });
+    });
+
+    xhr.addEventListener('error', () => {
+      reject(new Error('Upload failed'));
+    });
+
+    xhr.open('POST', targetUrl);
+    xhr.setRequestHeader('Authorization', authorizationValue);
+    xhr.send(formData);
+  });
+}
+
+function parseUploadResponse(payload: string): ImageUploadResponse {
+  const parsed = JSON.parse(payload) as ImageUploadResponse;
+  if (!parsed.success || !parsed.result?.id) {
+    const errorMessage = parsed.errors?.map((entry) => entry.message).join(', ') || 'Upload failed';
+    throw new Error(errorMessage);
+  }
+
+  return parsed;
+}
+
+export async function uploadImageApi(
+  user: User,
+  file: File,
+  onProgress?: (progress: number) => void
+): Promise<ImageUploadResponse> {
+  const userWithOptionalToken = user as User & { getIdToken?: () => Promise<string> };
+
+  if (typeof userWithOptionalToken.getIdToken !== 'function') {
+    throw new Error('Unable to authenticate upload: missing Firebase token provider');
+  }
+
+  let idToken: string;
+  try {
+    idToken = await userWithOptionalToken.getIdToken();
+  } catch {
+    throw new Error('Unable to authenticate upload: failed to retrieve Firebase token');
+  }
+
+  if (!idToken) {
+    throw new Error('Unable to authenticate upload: empty Firebase token');
+  }
+
+  const proxyUploadResult = await uploadWithXhr(
+    `${IMAGE_API_BASE}/`,
+    `Bearer ${idToken}`,
+    file,
+    onProgress
+  );
+
+  if (proxyUploadResult.status < 200 || proxyUploadResult.status >= 300) {
+    throw new Error(`Upload failed with status ${proxyUploadResult.status}`);
+  }
+
+  return parseUploadResponse(proxyUploadResult.responseText);
+}

package/app/utils/pdf-api-client.ts

@@ -0,0 +1,43 @@
+import type { User } from 'firebase/auth';
+
+const PDF_API_BASE = '/api/pdf';
+
+function normalizePath(path: string): string {
+  if (!path) {
+    return '/';
+  }
+
+  return path.startsWith('/') ? path : `/${path}`;
+}
+
+export async function fetchPdfApi(
+  user: User,
+  path: string,
+  init: RequestInit = {}
+): Promise<Response> {
+  const normalizedPath = normalizePath(path);
+  const userWithOptionalToken = user as User & { getIdToken?: () => Promise<string> };
+
+  if (typeof userWithOptionalToken.getIdToken !== 'function') {
+    throw new Error('Unable to authenticate request: missing Firebase token provider');
+  }
+
+  let idToken: string;
+  try {
+    idToken = await userWithOptionalToken.getIdToken();
+  } catch {
+    throw new Error('Unable to authenticate request: failed to retrieve Firebase token');
+  }
+
+  if (!idToken) {
+    throw new Error('Unable to authenticate request: empty Firebase token');
+  }
+
+  const headers = new Headers(init.headers);
+  headers.set('Authorization', `Bearer ${idToken}`);
+
+  return fetch(`${PDF_API_BASE}${normalizedPath}`, {
+    ...init,
+    headers
+  });
+}

package/app/utils/permissions.ts

@@ -1,9 +1,8 @@
 import type { User } from 'firebase/auth';
 import type { UserData, ExtendedUserData, UserLimits, ReadOnlyCaseMetadata } from '~/types';
 import paths from '~/config/config.json';
-import { getUserApiKey } from './auth';
+import { fetchUserApi } from './user-api-client';
 
-const USER_WORKER_URL = paths.user_worker_url;
 const MAX_CASES_REVIEW = paths.max_cases_review;
 const MAX_FILES_PER_CASE_REVIEW = paths.max_files_per_case_review;
 
@@ -32,12 +31,8 @@ export interface CaseMetadata {
  */
 export const getUserData = async (user: User): Promise<UserData | null> => {
   try {
-    const apiKey = await getUserApiKey();
-    const response = await fetch(`${USER_WORKER_URL}/${encodeURIComponent(user.uid)}`, {
+    const response = await fetchUserApi(user, `/${encodeURIComponent(user.uid)}`, {
       method: 'GET',
-      headers: {
-        'X-Custom-Auth-Key': apiKey
-      }
     });
 
     if (response.ok) {
@@ -121,12 +116,10 @@ export const createUser = async (
       createdAt: new Date().toISOString()
     };
 
-    const apiKey = await getUserApiKey();
-    const response = await fetch(`${USER_WORKER_URL}/${encodeURIComponent(user.uid)}`, {
+    const response = await fetchUserApi(user, `/${encodeURIComponent(user.uid)}`, {
       method: 'PUT',
       headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
+        'Content-Type': 'application/json'
       },
       body: JSON.stringify(userData)
     });
@@ -280,12 +273,10 @@ export const updateUserData = async (user: User, updates: Partial<UserData>): Pr
     };
 
     // Perform the update with API key management
-    const apiKey = await getUserApiKey();
-    const response = await fetch(`${USER_WORKER_URL}/${encodeURIComponent(user.uid)}`, {
+    const response = await fetchUserApi(user, `/${encodeURIComponent(user.uid)}`, {
       method: 'PUT',
       headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
+        'Content-Type': 'application/json'
       },
       body: JSON.stringify(updatedUserData)
     });
@@ -489,12 +480,10 @@ export const addUserCase = async (user: User, caseData: CaseMetadata): Promise<v
     }
 
     // Use the dedicated /cases endpoint to add the case
-    const apiKey = await getUserApiKey();
-    const response = await fetch(`${USER_WORKER_URL}/${encodeURIComponent(user.uid)}/cases`, {
+    const response = await fetchUserApi(user, `/${encodeURIComponent(user.uid)}/cases`, {
       method: 'PUT',
       headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
+        'Content-Type': 'application/json'
       },
       body: JSON.stringify({
         cases: [caseData]
@@ -536,12 +525,10 @@ export const removeUserCase = async (user: User, caseNumber: string): Promise<vo
     }
 
     // Use the dedicated /cases DELETE endpoint to remove the case
-    const apiKey = await getUserApiKey();
-    const response = await fetch(`${USER_WORKER_URL}/${encodeURIComponent(user.uid)}/cases`, {
+    const response = await fetchUserApi(user, `/${encodeURIComponent(user.uid)}/cases`, {
       method: 'DELETE',
       headers: {
-        'Content-Type': 'application/json',
-        'X-Custom-Auth-Key': apiKey
+        'Content-Type': 'application/json'
       },
       body: JSON.stringify({
         casesToDelete: [caseNumber]

package/app/utils/user-api-client.ts

@@ -0,0 +1,90 @@
+import type { User } from 'firebase/auth';
+
+const USER_API_BASE = '/api/user';
+const USER_EXISTS_API_BASE = '/api/user/exists';
+
+function normalizePath(path: string): string {
+  if (!path) {
+    return '/';
+  }
+
+  return path.startsWith('/') ? path : `/${path}`;
+}
+
+export async function fetchUserApi(
+  user: User,
+  path: string,
+  init: RequestInit = {}
+): Promise<Response> {
+  const normalizedPath = normalizePath(path);
+  const userWithOptionalToken = user as User & { getIdToken?: () => Promise<string> };
+
+  if (typeof userWithOptionalToken.getIdToken !== 'function') {
+    throw new Error('Unable to authenticate request: missing Firebase token provider');
+  }
+
+  let idToken: string;
+  try {
+    idToken = await userWithOptionalToken.getIdToken();
+  } catch {
+    throw new Error('Unable to authenticate request: failed to retrieve Firebase token');
+  }
+
+  if (!idToken) {
+    throw new Error('Unable to authenticate request: empty Firebase token');
+  }
+
+  const headers = new Headers(init.headers);
+  headers.set('Authorization', `Bearer ${idToken}`);
+
+  return fetch(`${USER_API_BASE}${normalizedPath}`, {
+    ...init,
+    headers
+  });
+}
+
+export async function checkUserExistsApi(user: User, targetUid: string): Promise<boolean> {
+  const encodedTargetUid = encodeURIComponent(targetUid);
+  const userWithOptionalToken = user as User & { getIdToken?: () => Promise<string> };
+
+  if (typeof userWithOptionalToken.getIdToken !== 'function') {
+    throw new Error('Unable to authenticate request: missing Firebase token provider');
+  }
+
+  let idToken: string;
+  try {
+    idToken = await userWithOptionalToken.getIdToken();
+  } catch {
+    throw new Error('Unable to authenticate request: failed to retrieve Firebase token');
+  }
+
+  if (!idToken) {
+    throw new Error('Unable to authenticate request: empty Firebase token');
+  }
+
+  const proxyResponse = await fetch(`${USER_EXISTS_API_BASE}/${encodedTargetUid}`, {
+    method: 'GET',
+    headers: {
+      'Authorization': `Bearer ${idToken}`,
+      'Accept': 'application/json'
+    }
+  });
+
+  if (proxyResponse.status === 404) {
+    return false;
+  }
+
+  if (!proxyResponse.ok) {
+    throw new Error(`Failed to verify user existence: ${proxyResponse.status}`);
+  }
+
+  const responseData = await proxyResponse.json().catch(() => null) as {
+    exists?: boolean;
+  } | null;
+
+  if (typeof responseData?.exists === 'boolean') {
+    return responseData.exists;
+  }
+
+  return true;
+}