@striae-org/striae 5.2.0 → 5.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/.env.example +41 -30
  2. package/package.json +2 -2
  3. package/scripts/deploy-config/modules/scaffolding.sh +14 -6
package/.env.example CHANGED
@@ -34,6 +34,47 @@ PROJECT_ID=your_firebase_project_id_here
34
34
  FIREBASE_SERVICE_ACCOUNT_EMAIL=your_firebase_service_account_email_here
35
35
  FIREBASE_SERVICE_ACCOUNT_PRIVATE_KEY=your_firebase_service_account_private_key_here
36
36
 
37
+ # ================================
38
+ # SIGNING & ENCRYPTION KEYS & REGISTRIES
39
+ # ================================
40
+
41
+ # USER WORKER KV ENCRYPTION CONFIGURATION
42
+ USER_KV_ENCRYPTION_PRIVATE_KEY=your_user_kv_encryption_private_key_here
43
+ USER_KV_ENCRYPTION_KEY_ID=your_user_kv_encryption_key_id_here
44
+ USER_KV_ENCRYPTION_PUBLIC_KEY=your_user_kv_encryption_public_key_here
45
+ # Optional write toggle for USER_DB mutation endpoints.
46
+ # true (default): require USER_KV_ENCRYPTION_PUBLIC_KEY and USER_KV_ENCRYPTION_KEY_ID for encrypt-on-write.
47
+ # false: allow read-only deployments using private key material (legacy key or key registry) without write-path keys.
48
+ USER_KV_WRITE_ENDPOINTS_ENABLED=true
49
+ # Optional key registry for rotation-safe USER_DB reads.
50
+ # JSON shape: {"activeKeyId":"kid_current","keys":{"kid_current":"-----BEGIN PRIVATE KEY-----\\n...","kid_previous":"-----BEGIN PRIVATE KEY-----\\n..."}}
51
+ USER_KV_ENCRYPTION_KEYS_JSON='{}'
52
+ USER_KV_ENCRYPTION_ACTIVE_KEY_ID=
53
+
54
+ # DATA WORKER MANIFEST SIGNING CONFIGURATION
55
+ MANIFEST_SIGNING_PRIVATE_KEY=your_manifest_signing_private_key_here
56
+ MANIFEST_SIGNING_KEY_ID=your_manifest_signing_key_id_here
57
+ MANIFEST_SIGNING_PUBLIC_KEY=your_manifest_signing_public_key_here
58
+
59
+ # DATA EXPORT ENCRYPTION CONFIGURATION
60
+ EXPORT_ENCRYPTION_PRIVATE_KEY=your_export_encryption_private_key_here
61
+ EXPORT_ENCRYPTION_KEY_ID=your_export_encryption_key_id_here
62
+ EXPORT_ENCRYPTION_PUBLIC_KEY=your_export_encryption_public_key_here
63
+ # Optional key registry for export decrypt compatibility.
64
+ # JSON shape: {"activeKeyId":"kid_current","keys":{"kid_current":"-----BEGIN PRIVATE KEY-----\\n...","kid_previous":"-----BEGIN PRIVATE KEY-----\\n..."}}
65
+ EXPORT_ENCRYPTION_KEYS_JSON='{}'
66
+ EXPORT_ENCRYPTION_ACTIVE_KEY_ID=
67
+
68
+ # DATA-AT-REST ENCRYPTION CONFIGURATION
69
+ DATA_AT_REST_ENCRYPTION_ENABLED=true
70
+ DATA_AT_REST_ENCRYPTION_PRIVATE_KEY=your_data_at_rest_encryption_private_key_here
71
+ DATA_AT_REST_ENCRYPTION_KEY_ID=your_data_at_rest_encryption_key_id_here
72
+ DATA_AT_REST_ENCRYPTION_PUBLIC_KEY=your_data_at_rest_encryption_public_key_here
73
+ # Optional key registry for data/files/audit decryption compatibility.
74
+ # JSON shape: {"activeKeyId":"kid_current","keys":{"kid_current":"-----BEGIN PRIVATE KEY-----\\n...","kid_previous":"-----BEGIN PRIVATE KEY-----\\n..."}}
75
+ DATA_AT_REST_ENCRYPTION_KEYS_JSON='{}'
76
+ DATA_AT_REST_ENCRYPTION_ACTIVE_KEY_ID=
77
+
37
78
  # ================================
38
79
  # PAGES WORKER ENVIRONMENT VARIABLES
39
80
  # ================================
@@ -54,17 +95,6 @@ KEYS_AUTH=your_custom_keys_auth_token_here
54
95
  USER_WORKER_NAME=your_user_worker_name_here
55
96
  USER_WORKER_DOMAIN=your_user_worker_domain_here
56
97
  KV_STORE_ID=your_kv_store_id_here
57
- USER_KV_ENCRYPTION_PRIVATE_KEY=your_user_kv_encryption_private_key_here
58
- USER_KV_ENCRYPTION_KEY_ID=your_user_kv_encryption_key_id_here
59
- USER_KV_ENCRYPTION_PUBLIC_KEY=your_user_kv_encryption_public_key_here
60
- # Optional write toggle for USER_DB mutation endpoints.
61
- # true (default): require USER_KV_ENCRYPTION_PUBLIC_KEY and USER_KV_ENCRYPTION_KEY_ID for encrypt-on-write.
62
- # false: allow read-only deployments using private key material (legacy key or key registry) without write-path keys.
63
- USER_KV_WRITE_ENDPOINTS_ENABLED=true
64
- # Optional key registry for rotation-safe USER_DB reads.
65
- # JSON shape: {"activeKeyId":"kid_current","keys":{"kid_current":"-----BEGIN PRIVATE KEY-----\\n...","kid_previous":"-----BEGIN PRIVATE KEY-----\\n..."}}
66
- USER_KV_ENCRYPTION_KEYS_JSON='{"activeKeyId":"your_user_kv_active_encryption_key_id_here","keys":{"your_user_kv_active_encryption_key_id_here":"your_user_kv_encryption_private_key_here"}}'
67
- USER_KV_ENCRYPTION_ACTIVE_KEY_ID=your_user_kv_active_encryption_key_id_here
68
98
 
69
99
  # ================================
70
100
  # DATA WORKER ENVIRONMENT VARIABLES
@@ -73,25 +103,6 @@ DATA_WORKER_NAME=your_data_worker_name_here
73
103
  DATA_BUCKET_NAME=your_data_bucket_name_here
74
104
  FILES_BUCKET_NAME=your_files_bucket_name_here
75
105
  DATA_WORKER_DOMAIN=your_data_worker_domain_here
76
- # Auto-generated by scripts/deploy-config.sh when placeholders are detected.
77
- MANIFEST_SIGNING_PRIVATE_KEY=your_manifest_signing_private_key_here
78
- MANIFEST_SIGNING_KEY_ID=your_manifest_signing_key_id_here
79
- MANIFEST_SIGNING_PUBLIC_KEY=your_manifest_signing_public_key_here
80
- EXPORT_ENCRYPTION_PRIVATE_KEY=your_export_encryption_private_key_here
81
- EXPORT_ENCRYPTION_KEY_ID=your_export_encryption_key_id_here
82
- EXPORT_ENCRYPTION_PUBLIC_KEY=your_export_encryption_public_key_here
83
- # Optional key registry for export decrypt compatibility.
84
- # JSON shape: {"activeKeyId":"kid_current","keys":{"kid_current":"-----BEGIN PRIVATE KEY-----\\n...","kid_previous":"-----BEGIN PRIVATE KEY-----\\n..."}}
85
- EXPORT_ENCRYPTION_KEYS_JSON='{"activeKeyId":"your_export_encryption_active_key_id_here","keys":{"your_export_encryption_active_key_id_here":"your_export_encryption_private_key_here"}}'
86
- EXPORT_ENCRYPTION_ACTIVE_KEY_ID=your_export_encryption_active_key_id_here
87
- DATA_AT_REST_ENCRYPTION_ENABLED=true
88
- DATA_AT_REST_ENCRYPTION_PRIVATE_KEY=your_data_at_rest_encryption_private_key_here
89
- DATA_AT_REST_ENCRYPTION_KEY_ID=your_data_at_rest_encryption_key_id_here
90
- DATA_AT_REST_ENCRYPTION_PUBLIC_KEY=your_data_at_rest_encryption_public_key_here
91
- # Optional key registry for data/files/audit decryption compatibility.
92
- # JSON shape: {"activeKeyId":"kid_current","keys":{"kid_current":"-----BEGIN PRIVATE KEY-----\\n...","kid_previous":"-----BEGIN PRIVATE KEY-----\\n..."}}
93
- DATA_AT_REST_ENCRYPTION_KEYS_JSON='{"activeKeyId":"your_data_at_rest_active_encryption_key_id_here","keys":{"your_data_at_rest_active_encryption_key_id_here":"your_data_at_rest_encryption_private_key_here"}}'
94
- DATA_AT_REST_ENCRYPTION_ACTIVE_KEY_ID=your_data_at_rest_active_encryption_key_id_here
95
106
 
96
107
  # ================================
97
108
  # AUDIT WORKER ENVIRONMENT VARIABLES
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@striae-org/striae",
3
- "version": "5.2.0",
3
+ "version": "5.2.1",
4
4
  "private": false,
5
5
  "description": "Striae is a specialized, cloud-native platform designed to streamline forensic firearms identification by providing an intuitive environment for digital comparison image annotation, authenticated confirmations, and automated report generation.",
6
6
  "license": "Apache-2.0",
@@ -135,7 +135,7 @@
135
135
  "typescript": "^5.9.3",
136
136
  "vite": "^6.4.1",
137
137
  "vite-tsconfig-paths": "^6.1.1",
138
- "wrangler": "^4.74.0"
138
+ "wrangler": "^4.77.0"
139
139
  },
140
140
  "overrides": {
141
141
  "tar": "7.5.11",
package/scripts/deploy-config/modules/scaffolding.sh CHANGED
@@ -193,9 +193,17 @@ copy_example_configs() {
193
193
  update_wrangler_configs() {
194
194
  echo -e "\n${BLUE}🔧 Updating wrangler configuration files...${NC}"
195
195
 
196
+ local normalized_account_id
197
+ local escaped_account_id
196
198
  local normalized_pages_custom_domain
197
199
  local escaped_pages_custom_domain
198
200
 
201
+ normalized_account_id=$(printf '%s' "$ACCOUNT_ID" | tr -d '\r' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
202
+ ACCOUNT_ID="$normalized_account_id"
203
+ export ACCOUNT_ID
204
+ write_env_var "ACCOUNT_ID" "$ACCOUNT_ID"
205
+ escaped_account_id=$(escape_for_sed_replacement "$ACCOUNT_ID")
206
+
199
207
  normalized_pages_custom_domain=$(normalize_domain_value "$PAGES_CUSTOM_DOMAIN")
200
208
  PAGES_CUSTOM_DOMAIN="$normalized_pages_custom_domain"
201
209
  export PAGES_CUSTOM_DOMAIN
@@ -206,7 +214,7 @@ update_wrangler_configs() {
206
214
  if [ -f "workers/audit-worker/wrangler.jsonc" ]; then
207
215
  echo -e "${YELLOW} Updating audit-worker/wrangler.jsonc...${NC}"
208
216
  sed -i "s/\"AUDIT_WORKER_NAME\"/\"$AUDIT_WORKER_NAME\"/g" workers/audit-worker/wrangler.jsonc
209
- sed -i "s/\"ACCOUNT_ID\"/\"$ACCOUNT_ID\"/g" workers/audit-worker/wrangler.jsonc
217
+ sed -i "s/\"ACCOUNT_ID\"/\"$escaped_account_id\"/g" workers/audit-worker/wrangler.jsonc
210
218
  sed -i "s/\"AUDIT_BUCKET_NAME\"/\"$AUDIT_BUCKET_NAME\"/g" workers/audit-worker/wrangler.jsonc
211
219
  echo -e "${GREEN} ✅ audit-worker configuration updated${NC}"
212
220
  fi
@@ -220,7 +228,7 @@ update_wrangler_configs() {
220
228
  if [ -f "workers/data-worker/wrangler.jsonc" ]; then
221
229
  echo -e "${YELLOW} Updating data-worker/wrangler.jsonc...${NC}"
222
230
  sed -i "s/\"DATA_WORKER_NAME\"/\"$DATA_WORKER_NAME\"/g" workers/data-worker/wrangler.jsonc
223
- sed -i "s/\"ACCOUNT_ID\"/\"$ACCOUNT_ID\"/g" workers/data-worker/wrangler.jsonc
231
+ sed -i "s/\"ACCOUNT_ID\"/\"$escaped_account_id\"/g" workers/data-worker/wrangler.jsonc
224
232
  sed -i "s/\"DATA_BUCKET_NAME\"/\"$DATA_BUCKET_NAME\"/g" workers/data-worker/wrangler.jsonc
225
233
  echo -e "${GREEN} ✅ data-worker configuration updated${NC}"
226
234
  fi
@@ -234,7 +242,7 @@ update_wrangler_configs() {
234
242
  if [ -f "workers/image-worker/wrangler.jsonc" ]; then
235
243
  echo -e "${YELLOW} Updating image-worker/wrangler.jsonc...${NC}"
236
244
  sed -i "s/\"IMAGES_WORKER_NAME\"/\"$IMAGES_WORKER_NAME\"/g" workers/image-worker/wrangler.jsonc
237
- sed -i "s/\"ACCOUNT_ID\"/\"$ACCOUNT_ID\"/g" workers/image-worker/wrangler.jsonc
245
+ sed -i "s/\"ACCOUNT_ID\"/\"$escaped_account_id\"/g" workers/image-worker/wrangler.jsonc
238
246
  sed -i "s/\"FILES_BUCKET_NAME\"/\"$FILES_BUCKET_NAME\"/g" workers/image-worker/wrangler.jsonc
239
247
  echo -e "${GREEN} ✅ image-worker configuration updated${NC}"
240
248
  fi
@@ -248,7 +256,7 @@ update_wrangler_configs() {
248
256
  if [ -f "workers/keys-worker/wrangler.jsonc" ]; then
249
257
  echo -e "${YELLOW} Updating keys-worker/wrangler.jsonc...${NC}"
250
258
  sed -i "s/\"KEYS_WORKER_NAME\"/\"$KEYS_WORKER_NAME\"/g" workers/keys-worker/wrangler.jsonc
251
- sed -i "s/\"ACCOUNT_ID\"/\"$ACCOUNT_ID\"/g" workers/keys-worker/wrangler.jsonc
259
+ sed -i "s/\"ACCOUNT_ID\"/\"$escaped_account_id\"/g" workers/keys-worker/wrangler.jsonc
252
260
  echo -e "${GREEN} ✅ keys-worker configuration updated${NC}"
253
261
  fi
254
262
 
@@ -261,7 +269,7 @@ update_wrangler_configs() {
261
269
  if [ -f "workers/pdf-worker/wrangler.jsonc" ]; then
262
270
  echo -e "${YELLOW} Updating pdf-worker/wrangler.jsonc...${NC}"
263
271
  sed -i "s/\"PDF_WORKER_NAME\"/\"$PDF_WORKER_NAME\"/g" workers/pdf-worker/wrangler.jsonc
264
- sed -i "s/\"ACCOUNT_ID\"/\"$ACCOUNT_ID\"/g" workers/pdf-worker/wrangler.jsonc
272
+ sed -i "s/\"ACCOUNT_ID\"/\"$escaped_account_id\"/g" workers/pdf-worker/wrangler.jsonc
265
273
  echo -e "${GREEN} ✅ pdf-worker configuration updated${NC}"
266
274
  fi
267
275
 
@@ -274,7 +282,7 @@ update_wrangler_configs() {
274
282
  if [ -f "workers/user-worker/wrangler.jsonc" ]; then
275
283
  echo -e "${YELLOW} Updating user-worker/wrangler.jsonc...${NC}"
276
284
  sed -i "s/\"USER_WORKER_NAME\"/\"$USER_WORKER_NAME\"/g" workers/user-worker/wrangler.jsonc
277
- sed -i "s/\"ACCOUNT_ID\"/\"$ACCOUNT_ID\"/g" workers/user-worker/wrangler.jsonc
285
+ sed -i "s/\"ACCOUNT_ID\"/\"$escaped_account_id\"/g" workers/user-worker/wrangler.jsonc
278
286
  sed -i "s/\"KV_STORE_ID\"/\"$KV_STORE_ID\"/g" workers/user-worker/wrangler.jsonc
279
287
  echo -e "${GREEN} ✅ user-worker configuration updated${NC}"
280
288
  fi