@striae-org/striae 5.0.0 → 5.1.0

package/.env.example

@@ -61,6 +61,7 @@ KV_STORE_ID=your_kv_store_id_here
 # ================================
 DATA_WORKER_NAME=your_data_worker_name_here
 DATA_BUCKET_NAME=your_data_bucket_name_here
+FILES_BUCKET_NAME=your_files_bucket_name_here
 DATA_WORKER_DOMAIN=your_data_worker_domain_here
 # Auto-generated by scripts/deploy-config.sh when placeholders are detected.
 MANIFEST_SIGNING_PRIVATE_KEY=your_manifest_signing_private_key_here
@@ -69,6 +70,10 @@ MANIFEST_SIGNING_PUBLIC_KEY=your_manifest_signing_public_key_here
 EXPORT_ENCRYPTION_PRIVATE_KEY=your_export_encryption_private_key_here
 EXPORT_ENCRYPTION_KEY_ID=your_export_encryption_key_id_here
 EXPORT_ENCRYPTION_PUBLIC_KEY=your_export_encryption_public_key_here
+DATA_AT_REST_ENCRYPTION_ENABLED=true
+DATA_AT_REST_ENCRYPTION_PRIVATE_KEY=your_data_at_rest_encryption_private_key_here
+DATA_AT_REST_ENCRYPTION_KEY_ID=your_data_at_rest_encryption_key_id_here
+DATA_AT_REST_ENCRYPTION_PUBLIC_KEY=your_data_at_rest_encryption_public_key_here
 
 
 # ================================
@@ -83,8 +88,6 @@ AUDIT_WORKER_DOMAIN=your_audit_worker_domain_here
 # ================================
 IMAGES_WORKER_NAME=your_images_worker_name_here
 IMAGES_WORKER_DOMAIN=your_images_worker_domain_here
-API_TOKEN=your_cloudflare_images_api_token_here
-HMAC_KEY=your_cloudflare_images_hmac_key_here
 
 # ================================
 # PDF WORKER ENVIRONMENT VARIABLES

package/app/components/actions/case-export/download-handlers.ts

@@ -965,13 +965,12 @@ For questions about this export, contact your Striae system administrator.
  */
 async function fetchImageAsBlob(user: User, fileData: FileData, caseNumber: string): Promise<Blob | null> {
   try {
-    const imageUrl = await getImageUrl(user, fileData, caseNumber, 'Export Package');
-    if (!imageUrl) return null;
-    
-    const response = await fetch(imageUrl);
-    if (!response.ok) return null;
-    
-    return await response.blob();
+    const { blob, revoke } = await getImageUrl(user, fileData, caseNumber, 'Export Package');
+    try {
+      return blob;
+    } finally {
+      revoke();
+    }
   } catch (error) {
     console.error('Failed to fetch image blob:', error);
     return null;

package/app/components/actions/case-manage.ts

@@ -12,6 +12,7 @@ import {
   duplicateCaseData,
   deleteFileAnnotations,
   signForensicManifest,
+  moveCaseConfirmationSummary,
   removeCaseConfirmationSummary
 } from '~/utils/data';
 import { type CaseData, type ReadOnlyCaseData, type FileData, type AuditTrail, type CaseExportData, type ValidationAuditEntry } from '~/types';
@@ -392,7 +393,10 @@ export const renameCase = async (
     // 4) Delete R2 case data with old case number
     await deleteCaseData(user, oldCaseNumber);
 
-    // 5) Delete old case number in user's KV entry
+    // 5) Move confirmation summary metadata to the new case number
+    await moveCaseConfirmationSummary(user, oldCaseNumber, newCaseNumber);
+
+    // 6) Delete old case number in user's KV entry
     await removeUserCase(user, oldCaseNumber);
 
     // Log successful case rename under the original case number context
@@ -681,18 +685,13 @@ const getVerificationPublicSigningKey = (preferredKeyId?: string): { keyId: stri
 
 const fetchImageAsBlob = async (user: User, fileData: FileData, caseNumber: string): Promise<Blob | null> => {
   try {
-    const imageUrl = await getImageUrl(user, fileData, caseNumber, 'Archive Package');
-
-    if (!imageUrl) {
-      return null;
-    }
+    const { blob, revoke } = await getImageUrl(user, fileData, caseNumber, 'Archive Package');
 
-    const response = await fetch(imageUrl);
-    if (!response.ok) {
-      return null;
+    try {
+      return blob;
+    } finally {
+      revoke();
     }
-
-    return await response.blob();
   } catch (error) {
     console.error('Failed to fetch image for archive package:', error);
     return null;

package/app/components/actions/generate-pdf.ts

@@ -21,6 +21,46 @@ interface GeneratePDFParams {
   setToastDuration?: (duration: number) => void;
 }
 
+const CLEAR_IMAGE_SENTINEL = '/clear.jpg';
+
+const blobToDataUrl = async (blob: Blob): Promise<string> => {
+  return await new Promise<string>((resolve, reject) => {
+    const reader = new FileReader();
+    reader.onloadend = () => {
+      if (typeof reader.result === 'string') {
+        resolve(reader.result);
+        return;
+      }
+
+      reject(new Error('Failed to read image blob as data URL'));
+    };
+    reader.onerror = () => reject(new Error('Failed to convert image for PDF rendering'));
+    reader.readAsDataURL(blob);
+  });
+};
+
+const resolvePdfImageUrl = async (selectedImage: string | undefined): Promise<string | undefined> => {
+  if (!selectedImage || selectedImage === CLEAR_IMAGE_SENTINEL) {
+    return selectedImage;
+  }
+
+  if (selectedImage.startsWith('data:')) {
+    return selectedImage;
+  }
+
+  if (selectedImage.startsWith('blob:')) {
+    const imageResponse = await fetch(selectedImage);
+    if (!imageResponse.ok) {
+      throw new Error('Failed to load selected image for PDF generation');
+    }
+
+    const imageBlob = await imageResponse.blob();
+    return await blobToDataUrl(imageBlob);
+  }
+
+  return selectedImage;
+};
+
 export const generatePDF = async ({
   user,
   selectedImage,
@@ -61,8 +101,10 @@ export const generatePDF = async ({
       notesUpdatedFormatted = `${(updatedDate.getMonth() + 1).toString().padStart(2, '0')}/${updatedDate.getDate().toString().padStart(2, '0')}/${updatedDate.getFullYear()}`;
     }
 
+    const resolvedImageUrl = await resolvePdfImageUrl(selectedImage);
+
     const pdfData = {
-      imageUrl: selectedImage,
+      imageUrl: resolvedImageUrl,
       filename: selectedFilename,
       userCompany: userCompany,
       firstName: userFirstName,

package/app/components/actions/image-manage.ts

@@ -1,7 +1,4 @@
 import type { User } from 'firebase/auth';
-import { 
-  getAccountHash 
-} from '~/utils/auth';
 import { fetchImageApi, uploadImageApi } from '~/utils/api';
 import { canUploadFile, getCaseData, updateCaseData, deleteFileAnnotations } from '~/utils/data';
 import type { CaseData, FileData, ImageUploadResponse } from '~/types';
@@ -258,30 +255,15 @@ export const deleteFile = async (
   }
 };
 
-const DEFAULT_VARIANT = 'striae';
-interface ImageDeliveryConfig {
-  accountHash: string;
-}
-
-const getImageConfig = async (): Promise<ImageDeliveryConfig> => {
-  const accountHash = await getAccountHash();
-  return { accountHash };
-};
-
-
-export const getImageUrl = async (user: User, fileData: FileData, caseNumber: string, accessReason?: string): Promise<string> => {
+export const getImageUrl = async (user: User, fileData: FileData, caseNumber: string, accessReason?: string): Promise<{ blob: Blob; url: string; revoke: () => void }> => {
   const startTime = Date.now();
   const defaultAccessReason = accessReason || 'Image viewer access';
   
   try {
-    const { accountHash } = await getImageConfig();
-    const imageDeliveryUrl = `https://imagedelivery.net/${accountHash}/${fileData.id}/${DEFAULT_VARIANT}`;
-    const encodedImageDeliveryUrl = encodeURIComponent(imageDeliveryUrl);
-
-    const workerResponse = await fetchImageApi(user, `/${encodedImageDeliveryUrl}`, {
+    const workerResponse = await fetchImageApi(user, `/${encodeURIComponent(fileData.id)}`, {
       method: 'GET',
       headers: {
-        'Accept': 'text/plain'
+        'Accept': 'application/octet-stream,image/*'
       }
     });
     
@@ -291,39 +273,25 @@ export const getImageUrl = async (user: User, fileData: FileData, caseNumber: st
         user,
         fileData.originalFilename || fileData.id,
         fileData.id,
-        'signed-url',
-        caseNumber,
-        'failure',
-        Date.now() - startTime,
-        'Image URL generation failed',
-        fileData.originalFilename
-      );
-      throw new Error('Failed to get signed image URL');
-    }
-    
-    const signedUrl = await workerResponse.text();
-    if (!signedUrl.includes('sig=') || !signedUrl.includes('exp=')) {
-      // Log invalid URL response
-      await auditService.logFileAccess(
-        user,
-        fileData.originalFilename || fileData.id,
-        fileData.id,
-        'signed-url',
+        'direct-url',
         caseNumber,
         'failure',
         Date.now() - startTime,
-        'Invalid signed URL returned',
+        'Image retrieval failed',
         fileData.originalFilename
       );
-      throw new Error('Invalid signed URL returned');
+      throw new Error('Failed to retrieve image');
     }
+
+    const blob = await workerResponse.blob();
+    const objectUrl = URL.createObjectURL(blob);
     
     // Log successful image access
     await auditService.logFileAccess(
       user,
       fileData.originalFilename || fileData.id,
       fileData.id,
-      'signed-url',
+      'direct-url',
       caseNumber,
       'success',
       Date.now() - startTime,
@@ -331,15 +299,15 @@ export const getImageUrl = async (user: User, fileData: FileData, caseNumber: st
       fileData.originalFilename
     );
     
-    return signedUrl;
+    return { blob, url: objectUrl, revoke: () => URL.revokeObjectURL(objectUrl) };
   } catch (error) {
     // Log any unexpected errors if not already logged
-    if (!(error instanceof Error && error.message.includes('Failed to get signed image URL'))) {
+    if (!(error instanceof Error && error.message.includes('Failed to retrieve image'))) {
       await auditService.logFileAccess(
         user,
         fileData.originalFilename || fileData.id,
         fileData.id,
-        'signed-url',
+        'direct-url',
         caseNumber,
         'failure',
         Date.now() - startTime,

package/app/routes/striae/hooks/use-striae-reset-helpers.ts

@@ -26,6 +26,7 @@ interface UseStriaeResetHelpersProps {
   setShowNotes: Dispatch<SetStateAction<boolean>>;
   setIsAuditTrailOpen: Dispatch<SetStateAction<boolean>>;
   setIsRenameCaseModalOpen: Dispatch<SetStateAction<boolean>>;
+  onRevokeImage?: () => void;
 }
 
 export const useStriaeResetHelpers = ({
@@ -45,8 +46,10 @@ export const useStriaeResetHelpers = ({
   setShowNotes,
   setIsAuditTrailOpen,
   setIsRenameCaseModalOpen,
+  onRevokeImage,
 }: UseStriaeResetHelpersProps) => {
   const clearSelectedImageState = useCallback(() => {
+    onRevokeImage?.();
     setSelectedImage('/clear.jpg');
     setSelectedFilename(undefined);
     setImageId(undefined);
@@ -54,6 +57,7 @@ export const useStriaeResetHelpers = ({
     setError(undefined);
     setImageLoaded(false);
   }, [
+    onRevokeImage,
     setSelectedImage,
     setSelectedFilename,
     setImageId,

package/app/routes/striae/striae.tsx

@@ -1,5 +1,5 @@
 import type { User } from 'firebase/auth';
-import { useState, useEffect } from 'react';
+import { useState, useEffect, useRef, useCallback } from 'react';
 import { SidebarContainer } from '~/components/sidebar/sidebar-container';
 import { Navbar } from '~/components/navbar/navbar';
 import { RenameCaseModal } from '~/components/navbar/case-modals/rename-case-modal';
@@ -47,6 +47,7 @@ export const Striae = ({ user }: StriaePage) => {
   const [imageId, setImageId] = useState<string>();
   const [error, setError] = useState<string>();
   const [imageLoaded, setImageLoaded] = useState(false);
+  const currentRevokeRef = useRef<(() => void) | null>(null);
 
   // User states
   const [userCompany, setUserCompany] = useState<string>('');
@@ -98,6 +99,11 @@ export const Striae = ({ user }: StriaePage) => {
     archiveReason?: string;
   }>({ archived: false });
 
+  const handleRevokeImage = useCallback(() => {
+    currentRevokeRef.current?.();
+    currentRevokeRef.current = null;
+  }, []);
+
   const {
     clearSelectedImageState,
     clearCaseContextState,
@@ -119,6 +125,7 @@ export const Striae = ({ user }: StriaePage) => {
     setShowNotes,
     setIsAuditTrailOpen,
     setIsRenameCaseModalOpen,
+    onRevokeImage: handleRevokeImage,
   });
 
 
@@ -574,6 +581,8 @@ export const Striae = ({ user }: StriaePage) => {
   useEffect(() => {
     // Cleanup function to clear image when component unmounts
     return () => {
+      currentRevokeRef.current?.();
+      currentRevokeRef.current = null;
       setSelectedImage(undefined);
       setSelectedFilename(undefined);
       setError(undefined);
@@ -645,14 +654,16 @@ export const Striae = ({ user }: StriaePage) => {
 
   try {
       setError(undefined);
+      currentRevokeRef.current?.();
+      currentRevokeRef.current = null;
       setSelectedImage(undefined);
       setSelectedFilename(undefined);
       setImageLoaded(false);
     
-    const signedUrl = await getImageUrl(user, file, currentCase);
-    if (!signedUrl) throw new Error('No URL returned');
+    const { url, revoke } = await getImageUrl(user, file, currentCase);
+    currentRevokeRef.current = revoke;
 
-    setSelectedImage(signedUrl);
+    setSelectedImage(url);
       setSelectedFilename(file.originalFilename);
       setImageId(file.id); 
       setImageLoaded(true);

package/app/utils/data/operations/case-operations.ts

@@ -43,7 +43,19 @@ export const getCaseData = async (
     }
 
     if (!response.ok) {
-      throw new Error(`Failed to fetch case data: ${response.status} ${response.statusText}`);
+      let errorDetails = '';
+
+      try {
+        const errorPayload = await response.json() as { error?: unknown };
+        if (typeof errorPayload?.error === 'string' && errorPayload.error.trim().length > 0) {
+          errorDetails = errorPayload.error.trim();
+        }
+      } catch {
+        // Ignore parse errors and fall back to status text only.
+      }
+
+      const baseMessage = `Failed to fetch case data: ${response.status} ${response.statusText}`;
+      throw new Error(errorDetails ? `${baseMessage} - ${errorDetails}` : baseMessage);
     }
 
     const caseData = await response.json() as CaseData;

package/app/utils/data/operations/confirmation-summary-operations.ts

@@ -86,7 +86,19 @@ export const getConfirmationSummaryDocument = async (
   });
 
   if (!response.ok) {
-    throw new Error(`Failed to fetch confirmation summary: ${response.status} ${response.statusText}`);
+    let errorDetails = '';
+
+    try {
+      const errorPayload = await response.json() as { error?: unknown };
+      if (typeof errorPayload?.error === 'string' && errorPayload.error.trim().length > 0) {
+        errorDetails = errorPayload.error.trim();
+      }
+    } catch {
+      // Ignore parse errors and fall back to status text only.
+    }
+
+    const baseMessage = `Failed to fetch confirmation summary: ${response.status} ${response.statusText}`;
+    throw new Error(errorDetails ? `${baseMessage} - ${errorDetails}` : baseMessage);
   }
 
   const payload = await response.json().catch(() => null) as unknown;
@@ -299,3 +311,28 @@ export const removeCaseConfirmationSummary = async (
 
   await saveConfirmationSummaryDocument(user, summary);
 };
+
+export const moveCaseConfirmationSummary = async (
+  user: User,
+  fromCaseNumber: string,
+  toCaseNumber: string
+): Promise<void> => {
+  if (fromCaseNumber === toCaseNumber) {
+    return;
+  }
+
+  const summary = await getConfirmationSummaryDocument(user);
+  const existingCaseSummary = summary.cases[fromCaseNumber];
+  if (!existingCaseSummary) {
+    return;
+  }
+
+  delete summary.cases[fromCaseNumber];
+  summary.cases[toCaseNumber] = {
+    ...existingCaseSummary,
+    updatedAt: getIsoNow(),
+  };
+  summary.updatedAt = getIsoNow();
+
+  await saveConfirmationSummaryDocument(user, summary);
+};

package/app/utils/data/operations/file-annotation-operations.ts

@@ -42,7 +42,19 @@ export const getFileAnnotations = async (
     }
 
     if (!response.ok) {
-      throw new Error(`Failed to fetch file annotations: ${response.status} ${response.statusText}`);
+      let errorDetails = '';
+
+      try {
+        const errorPayload = await response.json() as { error?: unknown };
+        if (typeof errorPayload?.error === 'string' && errorPayload.error.trim().length > 0) {
+          errorDetails = errorPayload.error.trim();
+        }
+      } catch {
+        // Ignore parse errors and fall back to status text only.
+      }
+
+      const baseMessage = `Failed to fetch file annotations: ${response.status} ${response.statusText}`;
+      throw new Error(errorDetails ? `${baseMessage} - ${errorDetails}` : baseMessage);
     }
 
     return await response.json() as AnnotationData;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@striae-org/striae",
-  "version": "5.0.0",
+  "version": "5.1.0",
   "private": false,
   "description": "Striae is a specialized, cloud-native platform designed to streamline forensic firearms identification by providing an intuitive environment for digital comparison image annotation, authenticated confirmations, and automated report generation.",
   "license": "Apache-2.0",
@@ -106,7 +106,7 @@
     "deploy-workers:image": "cd workers/image-worker && npm run deploy",
     "deploy-workers:keys": "cd workers/keys-worker && npm run deploy",
     "deploy-workers:pdf": "cd workers/pdf-worker && npm run deploy",
-    "deploy-workers:user": "cd workers/user-worker && npm run deploy"
+    "deploy-workers:user": "cd workers/user-worker && npm run deploy"    
   },
   "dependencies": {
     "@react-router/cloudflare": "^7.13.2",