npm - @striae-org/striae - Versions diffs - 4.0.1 → 4.0.3 - Mend

@striae-org/striae 4.0.1 → 4.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (89) hide show

package/package.json CHANGED Viewed

@@ -1,20 +1,18 @@
 {
   "name": "@striae-org/striae",
-  "version": "4.0.1",
+  "version": "4.0.3",
   "private": false,
   "description": "Striae is a specialized, cloud-native platform designed to streamline forensic firearms identification by providing an intuitive environment for digital comparison image annotation, authenticated confirmations, and automated report generation.",
   "license": "Apache-2.0",
-  "homepage": "https://striae.app",
+  "homepage": "https://github.com/striae-org/striae/wiki",
   "repository": {
     "type": "git",
     "url": "https://github.com/striae-org/striae.git"
   },
-  "funding": [
-    {
-      "type": "patreon",
-      "url": "https://www.patreon.com/striae"
-    }
-  ],
+  "funding": {
+    "type": "github",
+    "url": "https://github.com/sponsors/striae-org"
+  },
   "bugs": {
     "url": "https://github.com/striae-org/striae/issues"
   },
@@ -114,7 +112,7 @@
     "@react-router/cloudflare": "^7.13.1",
     "exceljs": "^4.4.0",
     "firebase": "^12.10.0",
-    "isbot": "^5.1.35",
+    "isbot": "^5.1.36",
     "jszip": "^3.10.1",
     "react": "^19.2.4",
     "react-dom": "^19.2.4",
@@ -123,23 +121,23 @@
   "devDependencies": {
     "@react-router/dev": "^7.13.1",
     "@react-router/fs-routes": "^7.13.1",
-    "@types/react": "^19.1.10",
-    "@types/react-dom": "^19.1.7",
-    "@typescript-eslint/eslint-plugin": "^8.54.0",
-    "@typescript-eslint/parser": "^8.56.1",
+    "@types/react": "^19.2.14",
+    "@types/react-dom": "^19.2.3",
+    "@typescript-eslint/eslint-plugin": "^8.57.1",
+    "@typescript-eslint/parser": "^8.57.1",
     "autoprefixer": "^10.4.27",
-    "eslint": "^9.39.2",
+    "eslint": "^9.39.4",
     "eslint-import-resolver-typescript": "^4.4.4",
     "eslint-plugin-import": "^2.32.0",
-    "eslint-plugin-jsx-a11y": "^6.7.1",
-    "eslint-plugin-react": "^7.37.4",
+    "eslint-plugin-jsx-a11y": "^6.10.2",
+    "eslint-plugin-react": "^7.37.5",
     "eslint-plugin-react-hooks": "^7.0.1",
-    "postcss": "^8.5.6",
-    "tailwindcss": "^3.4.0",
+    "postcss": "^8.5.8",
+    "tailwindcss": "^3.4.19",
     "typescript": "^5.9.3",
     "vite": "^6.4.1",
     "vite-tsconfig-paths": "^6.1.1",
-    "wrangler": "^4.73.0"
+    "wrangler": "^4.74.0"
   },
   "overrides": {
     "tar": "7.5.11",
@@ -155,4 +153,4 @@
     "node": ">=20.0.0"
   },
   "packageManager": "npm@11.11.0"
-}
+}

package/public/.well-known/keybase.txt ADDED Viewed

@@ -0,0 +1,56 @@
+==================================================================
+https://keybase.io/stephenjlu
+--------------------------------------------------------------------
+I hereby claim:
+  * I am an admin of https://striae.app
+  * I am stephenjlu (https://keybase.io/stephenjlu) on keybase.
+  * I have a public key ASAKWYuLxhqhdePAuDulLzWWUusZk7mQi-1lMyjF8lsSbgo
+To do so, I am signing this object:
+{
+  "body": {
+    "key": {
+      "eldest_kid": "01200a598b8bc61aa175e3c0b83ba52f359652eb1993b9908bed653328c5f25b126e0a",
+      "host": "keybase.io",
+      "kid": "01200a598b8bc61aa175e3c0b83ba52f359652eb1993b9908bed653328c5f25b126e0a",
+      "uid": "ef43479353eb3b8be30c76fd0919c219",
+      "username": "stephenjlu"
+    },
+    "merkle_root": {
+      "ctime": 1773711528,
+      "hash": "9519e4709ef4b2ab7ea27c6633fd91e00989841d63cf53dd15500ccbec43152fdb37efd0cefcae90edcae7d84e2584620026334e98ef2feb36241c6aa38aca11",
+      "hash_meta": "a8ed0ac295c8a433c99b4606da6e569399fae2b052a5f8d053a2d735d110b265",
+      "seqno": 27471249
+    },
+    "service": {
+      "entropy": "e8nGKp/3/msv+czv8R/pIZOA",
+      "hostname": "striae.app",
+      "protocol": "https:"
+    },
+    "type": "web_service_binding",
+    "version": 2
+  },
+  "client": {
+    "name": "keybase.io go client",
+    "version": "6.6.0"
+  },
+  "ctime": 1773711539,
+  "expire_in": 504576000,
+  "prev": "20fa9a69a64b9008e2ba1d18171c4eda04d49fc68c2b419cf5156b78faa8b75b",
+  "seqno": 26,
+  "tag": "signature"
+}
+which yields the signature:
+hKRib2R5hqhkZXRhY2hlZMOpaGFzaF90eXBlCqNrZXnEIwEgClmLi8YaoXXjwLg7pS81llLrGZO5kIvtZTMoxfJbEm4Kp3BheWxvYWTESpcCGsQgIPqaaaZLkAjiuh0YFxxO2gTUn8aMK0Gc9RVrePqot1vEIOlO7j2uG/S+PR0TZqsul0pFPx7wKWbK+YYm6cWb9OQYAgHCo3NpZ8RAUVB1DF+DBdsDrp5BVL0eqUuueayhIrABHB63O9f9e03e8MJpZUAWdv8r7eLRcOoSf5p3I+CtsDgeyklUXy6oCKhzaWdfdHlwZSCkaGFzaIKkdHlwZQildmFsdWXEIH2d3PmZB6Yydgvkp783wyinfEsZBLRlgM2WXItXvkvTo3RhZ80CAqd2ZXJzaW9uAQ==
+And finally, I am proving ownership of this host by posting or
+appending to this document.
+View my publicly-auditable identity here: https://keybase.io/stephenjlu
+==================================================================

package/scripts/deploy-config.sh CHANGED Viewed

@@ -559,6 +559,7 @@ required_vars=(
     "PDF_WORKER_AUTH"
     "ACCOUNT_HASH"
     "API_TOKEN"
+    "BROWSER_API_TOKEN"
     "HMAC_KEY"
     "MANIFEST_SIGNING_PRIVATE_KEY"
     "MANIFEST_SIGNING_KEY_ID"
@@ -696,6 +697,8 @@ validate_generated_configs() {
         "app/config/config.json"
         "app/config/firebase.ts"
         "app/config/admin-service.json"
+        "app/routes/auth/login.tsx"
+        "app/routes/auth/login.module.css"
         "workers/audit-worker/wrangler.jsonc"
         "workers/data-worker/wrangler.jsonc"
         "workers/image-worker/wrangler.jsonc"
@@ -740,6 +743,7 @@ validate_generated_configs() {
     assert_contains_literal "app/config/config.json" "https://$PAGES_CUSTOM_DOMAIN" "PAGES_CUSTOM_DOMAIN missing in app/config/config.json"
     assert_contains_literal "app/config/config.json" "$ACCOUNT_HASH" "ACCOUNT_HASH missing in app/config/config.json"
+    assert_contains_literal "app/routes/auth/login.tsx" "const APP_CANONICAL_ORIGIN = 'https://$PAGES_CUSTOM_DOMAIN';" "PAGES_CUSTOM_DOMAIN missing in app/routes/auth/login.tsx canonical origin"
     assert_contains_literal "app/config/firebase.ts" "$API_KEY" "API_KEY missing in app/config/firebase.ts"
     assert_contains_literal "app/config/firebase.ts" "$AUTH_DOMAIN" "AUTH_DOMAIN missing in app/config/firebase.ts"
@@ -775,6 +779,7 @@ validate_generated_configs() {
         "workers/user-worker/src/user-worker.ts"
         "app/config/config.json"
         "app/config/firebase.ts"
+        "app/routes/auth/login.tsx"
     )
     for file_path in "${files_to_scan[@]}"; do
@@ -861,6 +866,23 @@ copy_example_configs() {
         echo -e "${GREEN}    ✅ app: copied $copied_config_files config file(s) from config-example${NC}"
     fi
+    # Copy auth route template files
+    echo -e "${YELLOW}  Copying auth route template files...${NC}"
+    if [ -f "app/routes/auth/login.example.tsx" ] && { [ "$update_env" = "true" ] || [ ! -f "app/routes/auth/login.tsx" ]; }; then
+        cp app/routes/auth/login.example.tsx app/routes/auth/login.tsx
+        echo -e "${GREEN}    ✅ auth: login.tsx created from example${NC}"
+    elif [ -f "app/routes/auth/login.tsx" ]; then
+        echo -e "${YELLOW}    ⚠️  auth: login.tsx already exists, skipping copy${NC}"
+    fi
+    if [ -f "app/routes/auth/login.module.example.css" ] && { [ "$update_env" = "true" ] || [ ! -f "app/routes/auth/login.module.css" ]; }; then
+        cp app/routes/auth/login.module.example.css app/routes/auth/login.module.css
+        echo -e "${GREEN}    ✅ auth: login.module.css created from example${NC}"
+    elif [ -f "app/routes/auth/login.module.css" ]; then
+        echo -e "${YELLOW}    ⚠️  auth: login.module.css already exists, skipping copy${NC}"
+    fi
     # Navigate to each worker directory and copy the example file
     echo -e "${YELLOW}  Copying worker configuration files...${NC}"
@@ -1284,6 +1306,7 @@ prompt_for_secrets() {
     prompt_for_var "PDF_WORKER_AUTH" "PDF worker authentication token (generate with: openssl rand -hex 16)"
     prompt_for_var "ACCOUNT_HASH" "Cloudflare Images Account Hash"
     prompt_for_var "API_TOKEN" "Cloudflare Images API token (for Images Worker)"
+    prompt_for_var "BROWSER_API_TOKEN" "Cloudflare Browser Rendering API token (for PDF Worker)"
     prompt_for_var "HMAC_KEY" "Cloudflare Images HMAC signing key"
     configure_manifest_signing_credentials
@@ -1448,6 +1471,12 @@ update_wrangler_configs() {
         sed -i "s|\"YOUR_FIREBASE_MEASUREMENT_ID\"|\"$MEASUREMENT_ID\"|g" app/config/firebase.ts
         echo -e "${GREEN}      ✅ app firebase.ts updated${NC}"
     fi
+    if [ -f "app/routes/auth/login.tsx" ]; then
+        echo -e "${YELLOW}    Updating app/routes/auth/login.tsx...${NC}"
+        sed -i "s|^const APP_CANONICAL_ORIGIN = .*;|const APP_CANONICAL_ORIGIN = 'https://$escaped_pages_custom_domain';|g" app/routes/auth/login.tsx
+        echo -e "${GREEN}      ✅ app login.tsx canonical origin updated${NC}"
+    fi
     echo -e "${GREEN}✅ All configuration files updated${NC}"
 }

package/scripts/deploy-worker-secrets.sh CHANGED Viewed

@@ -197,10 +197,9 @@ if ! set_worker_secrets "Images Worker" "workers/image-worker" \
     echo -e "${YELLOW}⚠️  Skipping Images Worker (not configured)${NC}"
 fi
-# PDF Worker (no secrets needed)
 # PDF Worker
 if ! set_worker_secrets "PDF Worker" "workers/pdf-worker" \
-    "PDF_WORKER_AUTH"; then
+    "PDF_WORKER_AUTH" "ACCOUNT_ID" "BROWSER_API_TOKEN"; then
     echo -e "${YELLOW}⚠️  Skipping PDF Worker (not configured)${NC}"
 fi

package/workers/audit-worker/wrangler.jsonc.example CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "AUDIT_WORKER_NAME",
   "account_id": "ACCOUNT_ID",
   "main": "src/audit-worker.ts",
-  "compatibility_date": "2026-03-15",
+  "compatibility_date": "2026-03-18",
   "compatibility_flags": [
     "nodejs_compat"
   ],

package/workers/data-worker/wrangler.jsonc.example CHANGED Viewed

@@ -3,7 +3,7 @@
   "name": "DATA_WORKER_NAME",
   "account_id": "ACCOUNT_ID",
   "main": "src/data-worker.ts",
-  "compatibility_date": "2026-03-15",
+  "compatibility_date": "2026-03-18",
   "compatibility_flags": [
     "nodejs_compat"
   ],

package/workers/image-worker/wrangler.jsonc.example CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "IMAGES_WORKER_NAME",
   "account_id": "ACCOUNT_ID",
   "main": "src/image-worker.ts",
-  "compatibility_date": "2026-03-15",
+  "compatibility_date": "2026-03-18",
   "compatibility_flags": [
     "nodejs_compat"
   ],

package/workers/keys-worker/wrangler.jsonc.example CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "KEYS_WORKER_NAME",
   "account_id": "ACCOUNT_ID",
   "main": "src/keys.ts",
-  "compatibility_date": "2026-03-15",
+  "compatibility_date": "2026-03-18",
   "compatibility_flags": [
     "nodejs_compat"
   ],

package/workers/pdf-worker/src/pdf-worker.example.ts CHANGED Viewed

@@ -1,12 +1,28 @@
-import { launch } from "@cloudflare/puppeteer";
 import type { PDFGenerationData, PDFGenerationRequest, ReportModule } from './report-types';
 interface Env {
   BROWSER: Fetcher;
   PDF_WORKER_AUTH: string;
+  ACCOUNT_ID?: string;
+  CLOUDFLARE_ACCOUNT_ID?: string;
+  BROWSER_API_TOKEN?: string;
+  API_TOKEN?: string;
 }
 const DEFAULT_REPORT_FORMAT = 'striae';
+const BROWSER_PDF_TIMEOUT_MS = 90_000;
+const BROWSER_RENDERING_API_BASE = 'https://api.cloudflare.com/client/v4/accounts';
+const DEFAULT_PDF_OPTIONS = {
+  printBackground: true,
+  format: 'letter',
+  margin: {
+    top: '0.5in',
+    bottom: '0.5in',
+    left: '0.5in',
+    right: '0.5in',
+  },
+};
 const reportModuleLoaders: Record<string, () => Promise<ReportModule>> = {
   // Default Striae report format module
@@ -22,6 +38,45 @@ const corsHeaders: Record<string, string> = {
 const hasValidHeader = (request: Request, env: Env): boolean =>
   request.headers.get('X-Custom-Auth-Key') === env.PDF_WORKER_AUTH;
+function isTimeoutError(error: unknown): boolean {
+  return error instanceof Error && (
+    error.name === 'AbortError' ||
+    error.name === 'TimeoutError' ||
+    /timed out/i.test(error.message)
+  );
+}
+function jsonResponse(body: unknown, status: number): Response {
+  return new Response(JSON.stringify(body), {
+    status,
+    headers: { ...corsHeaders, 'content-type': 'application/json' },
+  });
+}
+function resolveBrowserApiToken(env: Env): string {
+  const candidates = [env.BROWSER_API_TOKEN, env.API_TOKEN];
+  for (const candidate of candidates) {
+    if (typeof candidate === 'string' && candidate.trim().length > 0) {
+      return candidate.trim();
+    }
+  }
+  return '';
+}
+function resolveAccountId(env: Env): string {
+  const candidates = [env.ACCOUNT_ID, env.CLOUDFLARE_ACCOUNT_ID];
+  for (const candidate of candidates) {
+    if (typeof candidate === 'string' && candidate.trim().length > 0) {
+      return candidate.trim();
+    }
+  }
+  return '';
+}
 function normalizeReportFormat(format: unknown): string {
   if (typeof format !== 'string') {
     return DEFAULT_REPORT_FORMAT;
@@ -69,6 +124,84 @@ async function renderReport(reportFormat: string, data: PDFGenerationData): Prom
   return reportModule.renderReport(data);
 }
+async function renderPdfViaRestEndpoint(env: Env, html: string): Promise<Response> {
+  const accountId = resolveAccountId(env);
+  const browserApiToken = resolveBrowserApiToken(env);
+  if (!accountId || !browserApiToken) {
+    return jsonResponse(
+      {
+        error: 'Missing required Browser Rendering credentials',
+        requiredSecrets: ['ACCOUNT_ID', 'BROWSER_API_TOKEN'],
+        note: 'Set ACCOUNT_ID and a Browser Rendering - Edit token (BROWSER_API_TOKEN) on this worker.',
+      },
+      502
+    );
+  }
+  const endpoint = `${BROWSER_RENDERING_API_BASE}/${accountId}/browser-rendering/pdf`;
+  const requestBody = JSON.stringify({
+    html,
+    pdfOptions: DEFAULT_PDF_OPTIONS,
+  });
+  let endpointResponse: Response;
+  try {
+    endpointResponse = await fetch(endpoint, {
+      method: 'POST',
+      headers: {
+        Authorization: `Bearer ${browserApiToken}`,
+        'Content-Type': 'application/json',
+      },
+      body: requestBody,
+      signal: AbortSignal.timeout(BROWSER_PDF_TIMEOUT_MS),
+    });
+  } catch (error) {
+    const message = error instanceof Error ? error.message : 'Unknown browser endpoint error';
+    return jsonResponse(
+      {
+        error: 'Unable to reach Browser Rendering endpoint',
+        endpoint,
+        message,
+      },
+      isTimeoutError(error) ? 504 : 502
+    );
+  }
+  if (!endpointResponse.ok) {
+    const failureText = await endpointResponse.text().catch(() => '');
+    return jsonResponse(
+      {
+        error: 'Browser Rendering endpoint returned an error',
+        endpoint,
+        status: endpointResponse.status,
+        details: failureText.slice(0, 512) || endpointResponse.statusText || 'Unknown endpoint failure',
+      },
+      endpointResponse.status === 504 ? 504 : 502
+    );
+  }
+  const responseHeaders = new Headers(endpointResponse.headers);
+  if (!responseHeaders.has('content-type')) {
+    responseHeaders.set('content-type', 'application/pdf');
+  }
+  if (!responseHeaders.has('cache-control')) {
+    responseHeaders.set('cache-control', 'no-store');
+  }
+  for (const [headerName, headerValue] of Object.entries(corsHeaders)) {
+    responseHeaders.set(headerName, headerValue);
+  }
+  return new Response(endpointResponse.body, {
+    status: endpointResponse.status,
+    statusText: endpointResponse.statusText,
+    headers: responseHeaders,
+  });
+}
 export default {
   async fetch(request: Request, env: Env): Promise<Response> {
     if (request.method === 'OPTIONS') {
@@ -76,55 +209,27 @@ export default {
     }
     if (!hasValidHeader(request, env)) {
-      return new Response(JSON.stringify({ error: 'Forbidden' }), {
-        status: 403,
-        headers: { ...corsHeaders, 'content-type': 'application/json' },
-      });
+      return jsonResponse({ error: 'Forbidden' }, 403);
     }
     if (request.method === 'POST') {
-      let browser: Awaited<ReturnType<typeof launch>> | undefined;
       try {
         const payload = await request.json() as PDFGenerationData | PDFGenerationRequest;
         const { reportFormat, data } = resolveReportRequest(payload);
-        browser = await launch(env.BROWSER);
-        const page = await browser.newPage();
-        // Render report from module selected by report format name.
         const document = await renderReport(reportFormat, data);
-        await page.setContent(document);
-        const pdfBuffer = await page.pdf({
-          printBackground: true,
-          format: 'letter',
-          margin: { top: '0.5in', bottom: '0.5in', left: '0.5in', right: '0.5in' },
-        });
-        return new Response(new Uint8Array(pdfBuffer), {
-          headers: {
-            ...corsHeaders,
-            'content-type': 'application/pdf',
-          },
-        });
-      } catch (error) {
-        const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred';
-        return new Response(JSON.stringify({ error: errorMessage }), {
-          status: 500,
-          headers: { ...corsHeaders, 'content-type': 'application/json' },
-        });
-      } finally {
-        if (browser) {
-          await browser.close();
+        return await renderPdfViaRestEndpoint(env, document);
+      } catch (error) {
+        if (isTimeoutError(error)) {
+          const timeoutMessage = error instanceof Error ? error.message : 'PDF generation timed out';
+          return jsonResponse({ error: timeoutMessage }, 504);
         }
+        const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred';
+        return jsonResponse({ error: errorMessage }, 500);
       }
     }
-    return new Response(JSON.stringify({ error: 'Method not allowed' }), {
-      status: 405,
-      headers: { ...corsHeaders, 'content-type': 'application/json' },
-    });
+    return jsonResponse({ error: 'Method not allowed' }, 405);
   },
 };

package/workers/pdf-worker/wrangler.jsonc.example CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "PDF_WORKER_NAME",
   "account_id": "ACCOUNT_ID",
   "main": "src/pdf-worker.ts",
-  "compatibility_date": "2026-03-15",
+  "compatibility_date": "2026-03-18",
   "compatibility_flags": [
     "nodejs_compat"
   ],

package/workers/user-worker/wrangler.jsonc.example CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "USER_WORKER_NAME",
   "account_id": "ACCOUNT_ID",
   "main": "src/user-worker.ts",
-  "compatibility_date": "2026-03-15",
+  "compatibility_date": "2026-03-18",
   "compatibility_flags": [
     "nodejs_compat"
   ],

package/wrangler.toml.example CHANGED Viewed

@@ -1,6 +1,6 @@
 #:schema node_modules/wrangler/config-schema.json
 name = "PAGES_PROJECT_NAME"
-compatibility_date = "2026-03-15"
+compatibility_date = "2026-03-18"
 compatibility_flags = ["nodejs_compat"]
 pages_build_output_dir = "./build/client"

package/public/.well-known/publickey.info@striae.org.asc DELETED Viewed

@@ -1,17 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-xjMEaJ+SaRYJKwYBBAHaRw8BAQdAtWcW9OcCVtFNTBf+4lwASGgVBGNIGb6z
-GNIq37cw83zNIWluZm9Ac3RyaWFlLm9yZyA8aW5mb0BzdHJpYWUub3JnPsLA
-EQQTFgoAgwWCaJ+SaQMLCQcJkC2UdiWEnC1iRRQAAAAAABwAIHNhbHRAbm90
-YXRpb25zLm9wZW5wZ3Bqcy5vcmfhki1wbo0xW0HoW6jsyBK/iWN/u01JBBJd
-YGiCbEL+sAMVCggEFgACAQIZAQKbAwIeARYhBCw6mxgiRn72TJictC2UdiWE
-nC1iAADDlgD+Jlmez0pVz0u3kllpSt6S3MOuUCJla6p4ZEbjTniCJaUA/R7X
-kykgKaNm/PUolRZhnUwhcNWT48EMHo1jMkyGKUQEzjgEaJ+SaRIKKwYBBAGX
-VQEFAQEHQNEibB8TSeDgzURCgYgXn32lYJ6vVLl87FeJRsEQY4BfAwEIB8K+
-BBgWCgBwBYJon5JpCZAtlHYlhJwtYkUUAAAAAAAcACBzYWx0QG5vdGF0aW9u
-cy5vcGVucGdwanMub3Jn5sADmb+wNJJLschl/7wW5OxuG8sTK8hrYrYAMu8f
-lsgCmwwWIQQsOpsYIkZ+9kyYnLQtlHYlhJwtYgAADjQBAPLqpZXfz6LF3QCT
-ljTevmSNC+/XPUPUe0pWwmt3O+CFAQCoYARnr6O+e9K2RKTGiji5yY5EvHIo
-GsOM90I360PhCw==
-=MSt/
------END PGP PUBLIC KEY BLOCK-----