@striae-org/striae 4.0.3 → 4.1.0

package/app/routes/auth/login.example.tsx

@@ -26,6 +26,7 @@ import { getUserData, createUser } from '~/utils/data';
 import { auditService } from '~/services/audit';
 import { generateUniqueId } from '~/utils/common';
 import { evaluatePasswordPolicy, buildActionCodeSettings, userHasMFA } from '~/utils/auth';
+import type { UserData } from '~/types';
 
 const APP_CANONICAL_ORIGIN = 'PAGES_CUSTOM_DOMAIN';
 const SOCIAL_IMAGE_PATH = '/social-image.png';
@@ -143,6 +144,7 @@ export const Login = () => {
   const [error, setError] = useState('');
   const [success, setSuccess] = useState('');
   const [welcomeToastMessage, setWelcomeToastMessage] = useState('');
+  const [welcomeToastType, setWelcomeToastType] = useState<'success' | 'warning'>('success');
   const [isWelcomeToastVisible, setIsWelcomeToastVisible] = useState(false);
   const [isLogin, setIsLogin] = useState(true);
   const [isLoading, setIsLoading] = useState(false);
@@ -212,11 +214,9 @@ export const Login = () => {
   };  
 
   // Check if user exists in the USER_DB using centralized function
-  const checkUserExists = async (currentUser: User): Promise<boolean> => {
+  const checkUserExists = async (currentUser: User): Promise<UserData | null> => {
     try {
-      const userData = await getUserData(currentUser);
-      
-      return userData !== null;
+      return await getUserData(currentUser);
     } catch (error) {
       console.error('Error checking user existence:', error);
       // On network/API errors, throw error to prevent login
@@ -251,16 +251,19 @@ export const Login = () => {
       }      
       
       // Check if user exists in the USER_DB
+      let hasBadgeId = true;
       setIsCheckingUser(true);
       try {
-        const userExists = await checkUserExists(currentUser);
+        const userData = await checkUserExists(currentUser);
         setIsCheckingUser(false);
         
-        if (!userExists) {
+        if (!userData) {
           handleSignOut();
           setError('This account does not exist or has been deleted');
           return;
         }
+
+        hasBadgeId = Boolean(userData.badgeId?.trim());
       } catch (error) {
         setIsCheckingUser(false);
         handleSignOut();
@@ -279,7 +282,13 @@ export const Login = () => {
       setShowMfaEnrollment(false);
 
       if (shouldShowWelcomeToastRef.current) {
-        setWelcomeToastMessage(`Welcome to Striae, ${getUserFirstName(currentUser)}!`);
+        if (hasBadgeId) {
+          setWelcomeToastType('success');
+          setWelcomeToastMessage(`Welcome to Striae, ${getUserFirstName(currentUser)}!`);
+        } else {
+          setWelcomeToastType('warning');
+          setWelcomeToastMessage('Your badge or ID number is not set. You can set one in Manage Profile.');
+        }
         setIsWelcomeToastVisible(true);
         shouldShowWelcomeToastRef.current = false;
       }
@@ -302,6 +311,7 @@ export const Login = () => {
       setShowMfaEnrollment(false);
       setIsCheckingUser(false);
       setIsWelcomeToastVisible(false);
+      setWelcomeToastType('success');
       shouldShowWelcomeToastRef.current = false;
     }
   });
@@ -517,6 +527,7 @@ export const Login = () => {
       setShowMfaVerification(false);
       setMfaResolver(null);
       setIsWelcomeToastVisible(false);
+      setWelcomeToastType('success');
       shouldShowWelcomeToastRef.current = false;
     } catch (err) {
       console.error('Sign out error:', err);
@@ -762,7 +773,7 @@ export const Login = () => {
       {!shouldHandleEmailAction && (
         <Toast
           message={welcomeToastMessage}
-          type="success"
+          type={welcomeToastType}
           isVisible={isWelcomeToastVisible}
           onClose={() => setIsWelcomeToastVisible(false)}
         />

package/app/routes/auth/passwordReset.module.css

@@ -12,7 +12,8 @@
   background-color: color-mix(in lab, var(--backgroundLight) 95%, transparent);
   padding: var(--space2XL);
   border-radius: var(--spaceXS);
-  box-shadow: 0 var(--spaceXS) var(--spaceM) color-mix(in lab, var(--black) 10%, transparent);
+  box-shadow: 0 var(--spaceXS) var(--spaceM)
+    color-mix(in lab, var(--black) 10%, transparent);
   width: 100%;
   max-width: var(--maxWidthS);
 }
@@ -29,7 +30,7 @@
   left: var(--spaceL);
   width: 150px;
   height: 150px;
-  background-image: url('/logo-dark.png');
+  background-image: url("/logo-dark.png");
   background-size: contain;
   background-repeat: no-repeat;
   background-position: center;
@@ -114,7 +115,8 @@
   margin: var(--spaceXS) 0 var(--spaceS) 0;
   font-size: var(--fontSizeBodyXS);
   padding: var(--spaceS) var(--spaceM);
-  background: linear-gradient(135deg, 
+  background: linear-gradient(
+    135deg,
     color-mix(in lab, var(--error) 12%, transparent),
     color-mix(in lab, var(--error) 8%, transparent)
   );
@@ -128,7 +130,7 @@
 }
 
 .error::before {
-  content: '';
+  content: "";
   position: absolute;
   top: 0;
   left: 0;
@@ -144,7 +146,8 @@
   margin: var(--spaceXS) 0 var(--spaceS) 0;
   font-size: var(--fontSizeBodyXS);
   padding: var(--spaceS) var(--spaceM);
-  background: linear-gradient(135deg, 
+  background: linear-gradient(
+    135deg,
     color-mix(in lab, var(--success) 12%, transparent),
     color-mix(in lab, var(--success) 8%, transparent)
   );
@@ -158,7 +161,7 @@
 }
 
 .success::before {
-  content: '';
+  content: "";
   position: absolute;
   top: 0;
   left: 0;
@@ -176,6 +179,7 @@
   justify-content: center;
   align-items: center;
   z-index: var(--zIndex5);
+  cursor: default;
 }
 
 .modal {
@@ -183,9 +187,11 @@
   border-radius: var(--spaceXS);
   width: 90%;
   max-width: 500px;
-  box-shadow: 0 var(--spaceXS) var(--spaceL) color-mix(in lab, var(--black) 10%, transparent);
+  box-shadow: 0 var(--spaceXS) var(--spaceL)
+    color-mix(in lab, var(--black) 10%, transparent);
   overflow: hidden;
   padding: var(--space2XL);
+  cursor: default;
 }
 
 .modalHeader {
@@ -220,7 +226,8 @@
 }
 
 @keyframes errorPulse {
-  0%, 100% {
+  0%,
+  100% {
     opacity: 1;
     box-shadow: 0 0 0 0 color-mix(in lab, var(--error) 40%, transparent);
   }
@@ -252,7 +259,8 @@
 }
 
 @keyframes successPulse {
-  0%, 100% {
+  0%,
+  100% {
     opacity: 1;
     box-shadow: 0 0 0 0 color-mix(in lab, var(--success) 40%, transparent);
   }
@@ -264,11 +272,13 @@
 
 /* Reduce motion for accessibility */
 @media (prefers-reduced-motion: reduce) {
-  .error, .success {
+  .error,
+  .success {
     animation: none;
   }
-  
-  .error::before, .success::before {
+
+  .error::before,
+  .success::before {
     animation: none;
   }
-}
+}

package/app/routes/striae/striae.tsx

@@ -28,6 +28,8 @@ export const Striae = ({ user }: StriaePage) => {
   // User states
   const [userCompany, setUserCompany] = useState<string>('');
   const [userFirstName, setUserFirstName] = useState<string>('');
+  const [userLastName, setUserLastName] = useState<string>('');
+  const [userBadgeId, setUserBadgeId] = useState<string>('');
 
   // Case management states - All managed here
   const [currentCase, setCurrentCase] = useState<string>('');
@@ -80,9 +82,11 @@ export const Striae = ({ user }: StriaePage) => {
         });
         
         if (response.ok) {
-          const userData = await response.json() as { company?: string; firstName?: string };
+          const userData = await response.json() as { company?: string; firstName?: string; lastName?: string; badgeId?: string };
           setUserCompany(userData.company || '');
           setUserFirstName(userData.firstName || '');
+          setUserLastName(userData.lastName || '');
+          setUserBadgeId(userData.badgeId || '');
         }
       } catch (err) {
         console.error('Failed to load user company:', err);
@@ -167,6 +171,8 @@ export const Striae = ({ user }: StriaePage) => {
       selectedFilename,
       userCompany,
       userFirstName,
+      userLastName,
+      userBadgeId,
       currentCase,
       annotationData,
       activeAnnotations,
@@ -389,6 +395,7 @@ export const Striae = ({ user }: StriaePage) => {
             imageUrl={selectedImage} 
             filename={selectedFilename}
             company={userCompany}
+            badgeId={userBadgeId}
             firstName={userFirstName}
             error={error ?? ''}
             activeAnnotations={activeAnnotations}

package/app/routes.ts

@@ -0,0 +1,7 @@
+import { type RouteConfig, index, route } from "@react-router/dev/routes";
+
+export default [
+	index("routes/_index.tsx"),
+	route("auth", "routes/auth/route.ts"),
+	route("auth/login", "routes/auth/route.ts", { id: "routes/auth/login-alias" }),
+] satisfies RouteConfig;

package/app/services/audit/audit-export-csv.ts

@@ -30,6 +30,7 @@ export const AUDIT_CSV_ENTRY_HEADERS = [
   'Profile Field',
   'Old Value',
   'New Value',
+  'Badge/ID',
   'Total Confirmations In File',
   'Confirmations Successfully Imported',
   'Validation Steps Failed',
@@ -112,6 +113,7 @@ export const entryToCSVRow = (entry: ValidationAuditEntry): string => {
     formatForCSV(userProfileDetails?.profileField),
     formatForCSV(userProfileDetails?.oldValue),
     formatForCSV(userProfileDetails?.newValue),
+    formatForCSV(userProfileDetails?.badgeId),
     caseDetails?.totalAnnotations?.toString() || '',
     performanceMetrics?.validationStepsCompleted?.toString() || '',
     performanceMetrics?.validationStepsFailed?.toString() || '',

package/app/services/audit/audit.service.ts

@@ -60,6 +60,7 @@ export class AuditService {
   private static instance: AuditService;
   private auditBuffer: ValidationAuditEntry[] = [];
   private workflowId: string | null = null;
+  private userBadgeIdByUserId = new Map<string, string>();
 
   private constructor() {}
 
@@ -97,7 +98,26 @@ export class AuditService {
     const startTime = Date.now();
 
     try {
-      const auditEntry = buildValidationAuditEntry(params);
+      const providedBadgeId = params.userProfileDetails?.badgeId?.trim();
+      if (providedBadgeId && params.userId) {
+        this.userBadgeIdByUserId.set(params.userId, providedBadgeId);
+      }
+
+      const resolvedBadgeId =
+        providedBadgeId ||
+        (params.userId ? this.userBadgeIdByUserId.get(params.userId) : undefined);
+
+      const paramsWithBadgeId: CreateAuditEntryParams = resolvedBadgeId
+        ? {
+            ...params,
+            userProfileDetails: {
+              ...(params.userProfileDetails || {}),
+              badgeId: resolvedBadgeId
+            }
+          }
+        : params;
+
+      const auditEntry = buildValidationAuditEntry(paramsWithBadgeId);
 
       // Add to buffer for batch processing
       this.auditBuffer.push(auditEntry);
@@ -196,13 +216,15 @@ export class AuditService {
     originalExaminerUid?: string,
     performanceMetrics?: PerformanceMetrics,
     imageFileId?: string,
-    originalImageFileName?: string
+    originalImageFileName?: string,
+    badgeId?: string
   ): Promise<void> {
     await this.logEvent(
       buildConfirmationCreationAuditParams({
         user,
         caseNumber,
         confirmationId,
+        badgeId,
         result,
         errors,
         originalExaminerUid,
@@ -550,12 +572,13 @@ export class AuditService {
    */
   public async logUserProfileUpdate(
     user: User,
-    profileField: 'displayName' | 'email' | 'organization' | 'role' | 'preferences' | 'avatar',
+    profileField: 'displayName' | 'email' | 'organization' | 'role' | 'preferences' | 'avatar' | 'badgeId',
     oldValue: string,
     newValue: string,
     result: AuditResult,
     sessionId?: string,
-    errors: string[] = []
+    errors: string[] = [],
+    badgeId?: string
   ): Promise<void> {
     await this.logEvent(
       buildUserProfileUpdateAuditParams({
@@ -565,7 +588,8 @@ export class AuditService {
         newValue,
         result,
         sessionId,
-        errors
+        errors,
+        badgeId
       })
     );
   }

package/app/services/audit/builders/audit-entry-builder.ts

@@ -26,7 +26,8 @@ export const buildValidationAuditEntry = (
       fileDetails: params.fileDetails,
       annotationDetails: params.annotationDetails,
       sessionDetails: params.sessionDetails,
-      securityDetails: params.securityDetails
+      securityDetails: params.securityDetails,
+      userProfileDetails: params.userProfileDetails
     }
   };
 };

package/app/services/audit/builders/audit-event-builders-user-security.ts

@@ -57,9 +57,10 @@ export const buildUserLogoutAuditParams = (
 
 interface BuildUserProfileUpdateAuditParamsInput {
   user: User;
-  profileField: 'displayName' | 'email' | 'organization' | 'role' | 'preferences' | 'avatar';
+  profileField: 'displayName' | 'email' | 'organization' | 'role' | 'preferences' | 'avatar' | 'badgeId';
   oldValue: string;
   newValue: string;
+  badgeId?: string;
   result: AuditResult;
   sessionId?: string;
   errors?: string[];
@@ -85,7 +86,8 @@ export const buildUserProfileUpdateAuditParams = (
     userProfileDetails: {
       profileField: input.profileField,
       oldValue: input.oldValue,
-      newValue: input.newValue
+      newValue: input.newValue,
+      badgeId: input.badgeId
     }
   };
 };

package/app/services/audit/builders/audit-event-builders-workflow.ts

@@ -125,6 +125,7 @@ interface BuildConfirmationCreationAuditParamsInput {
   user: User;
   caseNumber: string;
   confirmationId: string;
+  badgeId?: string;
   result: AuditResult;
   errors?: string[];
   originalExaminerUid?: string;
@@ -156,6 +157,11 @@ export const buildConfirmationCreationAuditParams = (
     performanceMetrics: input.performanceMetrics,
     originalExaminerUid: input.originalExaminerUid,
     reviewingExaminerUid: input.user.uid,
+    userProfileDetails: input.badgeId
+      ? {
+          badgeId: input.badgeId
+        }
+      : undefined,
     fileDetails: input.imageFileId && input.originalImageFileName
       ? {
           fileId: input.imageFileId,

package/app/types/audit.ts

@@ -269,9 +269,10 @@ export interface SecurityAuditDetails {
  * User profile and authentication specific audit details
  */
 export interface UserProfileAuditDetails {
-  profileField?: 'displayName' | 'email' | 'organization' | 'role' | 'preferences' | 'avatar';
+  profileField?: 'displayName' | 'email' | 'organization' | 'role' | 'preferences' | 'avatar' | 'badgeId';
   oldValue?: string;
   newValue?: string;
+  badgeId?: string;
   resetMethod?: 'email' | 'sms' | 'security-questions' | 'admin-reset';
   resetToken?: string; // Partial token for tracking (last 4 chars)
   verificationMethod?: 'email-link' | 'sms-code' | 'totp' | 'backup-codes' | 'admin-verification';

package/app/types/user.ts

@@ -8,6 +8,7 @@ export interface UserData {
   firstName: string;
   lastName: string;
   company: string;
+  badgeId?: string;
   permitted: boolean;
   cases: Array<{
     caseNumber: string;

package/app/utils/data/permissions.ts

@@ -110,6 +110,7 @@ export const createUser = async (
       firstName,
       lastName,
       company,
+      badgeId: '',
       permitted,
       cases: [],
       readOnlyCases: [],

package/functions/api/pdf/[[path]].ts

@@ -6,6 +6,8 @@ interface PdfProxyContext {
 }
 
 const SUPPORTED_METHODS = new Set(['POST', 'OPTIONS']);
+const PRIMERSHEAR_FORMAT = 'primershear';
+const DEFAULT_FORMAT = 'striae';
 
 function textResponse(message: string, status: number): Response {
   return new Response(message, {
@@ -40,6 +42,12 @@ function extractProxyPath(url: URL): string | null {
   return remainder.length > 0 ? remainder : '/';
 }
 
+function resolveReportFormat(email: string | null, primershearEmails: string): string {
+  if (!email) return DEFAULT_FORMAT;
+  const allowed = primershearEmails.split(',').map(e => e.trim().toLowerCase()).filter(Boolean);
+  return allowed.includes(email.toLowerCase()) ? PRIMERSHEAR_FORMAT : DEFAULT_FORMAT;
+}
+
 export const onRequest = async ({ request, env }: PdfProxyContext): Promise<Response> => {
   if (!SUPPORTED_METHODS.has(request.method)) {
     return textResponse('Method not allowed', 405);
@@ -86,12 +94,35 @@ export const onRequest = async ({ request, env }: PdfProxyContext): Promise<Resp
 
   upstreamHeaders.set('X-Custom-Auth-Key', env.PDF_WORKER_AUTH);
 
+  // Resolve the report format server-side based on the verified user email.
+  // This prevents email lists from ever being exposed in the client bundle.
+  const reportFormat = resolveReportFormat(
+    identity.email,
+    env.PRIMERSHEAR_EMAILS ?? ''
+  );
+
+  let upstreamBody: BodyInit;
+  try {
+    const payload = await request.json() as Record<string, unknown>;
+    // Inject the server-resolved format, overriding any client-supplied value.
+    if (payload.data && typeof payload.data === 'object') {
+      payload.reportFormat = reportFormat;
+    } else {
+      // Legacy flat payload shape
+      payload.reportFormat = reportFormat;
+    }
+    upstreamBody = JSON.stringify(payload);
+    upstreamHeaders.set('Content-Type', 'application/json');
+  } catch {
+    return textResponse('Invalid request body', 400);
+  }
+
   let upstreamResponse: Response;
   try {
     upstreamResponse = await fetch(upstreamUrl, {
       method: request.method,
       headers: upstreamHeaders,
-      body: request.body
+      body: upstreamBody
     });
   } catch {
     return textResponse('Upstream PDF service unavailable', 502);

package/load-context.ts

@@ -0,0 +1,9 @@
+import { type PlatformProxy } from "wrangler";
+
+type Cloudflare = Omit<PlatformProxy<Env>, "dispose">;
+
+declare module "react-router" {
+  interface AppLoadContext {
+    cloudflare: Cloudflare;
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@striae-org/striae",
-  "version": "4.0.3",
+  "version": "4.1.0",
   "private": false,
   "description": "Striae is a specialized, cloud-native platform designed to streamline forensic firearms identification by providing an intuitive environment for digital comparison image annotation, authenticated confirmations, and automated report generation.",
   "license": "Apache-2.0",
@@ -43,8 +43,10 @@
     "app/entry.client.tsx",
     "app/entry.server.tsx",
     "app/root.tsx",
+    "app/routes.ts",
     "app/tailwind.css",
     "react-router.config.ts",
+    "load-context.ts",
     "functions/",
     "public/",
     "scripts/",
@@ -60,6 +62,7 @@
     "workers/pdf-worker/src/report-types.ts",
     "workers/*/wrangler.jsonc.example",
     ".env.example",
+    "primershear.emails.example",
     "firebase.json",
     "postcss.config.js",
     "tailwind.config.ts",
@@ -101,6 +104,7 @@
     "deploy-workers:secrets": "bash ./scripts/deploy-worker-secrets.sh",
     "deploy-pages:secrets": "bash ./scripts/deploy-pages-secrets.sh",
     "deploy-pages": "bash ./scripts/deploy-pages.sh",
+    "deploy-primershear": "bash ./scripts/deploy-primershear-emails.sh",
     "deploy-workers:audit": "cd workers/audit-worker && npm run deploy",
     "deploy-workers:data": "cd workers/data-worker && npm run deploy",
     "deploy-workers:image": "cd workers/image-worker && npm run deploy",

package/primershear.emails.example

@@ -0,0 +1,6 @@
+# PrimerShear PDF format - authorized email addresses
+# One email per line. Lines starting with # are ignored.
+# This file is untracked. Run: npm run deploy-primershear to push changes.
+#
+# Example:
+# analyst@organization.com

package/scripts/deploy-pages-secrets.sh

@@ -178,6 +178,12 @@ deploy_pages_environment_secrets() {
         set_pages_secret "API_TOKEN" "$optional_api_token" "$pages_env"
     fi
 
+    local optional_primershear_emails
+    optional_primershear_emails=$(get_optional_value "PRIMERSHEAR_EMAILS")
+    if [ -n "$optional_primershear_emails" ]; then
+        set_pages_secret "PRIMERSHEAR_EMAILS" "$optional_primershear_emails" "$pages_env"
+    fi
+
     echo -e "${GREEN}✅ Pages secrets deployed to $pages_env${NC}"
 }