@striae-org/striae 5.2.1 → 5.3.1

package/app/components/actions/case-export/index.ts

@@ -2,40 +2,16 @@
 // This maintains backward compatibility with existing imports
 
 // Types and constants
-export type { ExportFormat } from './types-constants';
-export { CSV_HEADERS, formatDateForFilename } from './types-constants';
+export { formatDateForFilename } from './types-constants';
 
-// Metadata and protection helpers
-export {
-  getUserExportMetadata,
-  addForensicDataWarning,
-  generateRandomPassword,
-  protectExcelWorksheet
-} from './metadata-helpers';
-
-// Data processing functions
-export {
-  generateMetadataRows,
-  processFileDataForTabular,
-  generateCSVContent
-} from './data-processing';
+// Metadata helpers
+export { getUserExportMetadata } from './metadata-helpers';
 
 // Core export functions
-export {
-  exportAllCases,
-  exportCaseData
-} from './core-export';
+export { exportCaseData } from './core-export';
 
 // Download handlers
-export {
-  downloadAllCasesAsJSON,
-  downloadAllCasesAsCSV,
-  downloadCaseAsJSON,
-  downloadCaseAsCSV,
-  downloadCaseAsZip
-} from './download-handlers';
+export { downloadCaseAsZip } from './download-handlers';
 
 // Validation utilities
-export {
-  validateCaseNumberForExport
-} from './validation-utils';
+export { validateCaseNumberForExport } from './validation-utils';

package/app/components/actions/case-export/metadata-helpers.ts

@@ -46,81 +46,3 @@ export function addForensicDataWarning(content: string, format: 'csv' | 'json'):
   return warning + content;
 }
 
-/**
- * Generate a secure random password for Excel protection
- */
-export function generateRandomPassword(): string {
-  const charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*';
-  const length = 16;
-  let password = '';
-  
-  // Ensure we have at least one of each type
-  password += 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'[Math.floor(Math.random() * 26)]; // Uppercase
-  password += 'abcdefghijklmnopqrstuvwxyz'[Math.floor(Math.random() * 26)]; // Lowercase
-  password += '0123456789'[Math.floor(Math.random() * 10)]; // Number
-  password += '!@#$%^&*'[Math.floor(Math.random() * 8)]; // Special char
-  
-  // Fill remaining length with random characters
-  for (let i = password.length; i < length; i++) {
-    password += charset[Math.floor(Math.random() * charset.length)];
-  }
-  
-  // Shuffle the password to randomize character positions
-  return password.split('').sort(() => Math.random() - 0.5).join('');
-}
-
-type WorksheetProtectionOptions = {
-  selectLockedCells: boolean;
-  selectUnlockedCells: boolean;
-  formatCells: boolean;
-  formatColumns: boolean;
-  formatRows: boolean;
-  insertColumns: boolean;
-  insertRows: boolean;
-  insertHyperlinks: boolean;
-  deleteColumns: boolean;
-  deleteRows: boolean;
-  sort: boolean;
-  autoFilter: boolean;
-  pivotTables: boolean;
-  objects: boolean;
-  scenarios: boolean;
-  spinCount: number;
-};
-
-type ProtectableWorksheet = {
-  protect: (password: string, options: Record<string, unknown>) => Promise<unknown> | unknown;
-};
-
-/**
- * Protect Excel worksheet from editing
- */
-export async function protectExcelWorksheet(worksheet: ProtectableWorksheet, sheetPassword?: string): Promise<string> {
-  // Generate random password if none provided
-  const password = sheetPassword || generateRandomPassword();
-
-  const protectionOptions: WorksheetProtectionOptions = {
-    // Keep read-only defaults and prevent structural edits.
-    selectLockedCells: true,
-    selectUnlockedCells: true,
-    formatCells: false,
-    formatColumns: false,
-    formatRows: false,
-    insertColumns: false,
-    insertRows: false,
-    insertHyperlinks: false,
-    deleteColumns: false,
-    deleteRows: false,
-    sort: false,
-    autoFilter: false,
-    pivotTables: false,
-    objects: false,
-    scenarios: false,
-    spinCount: 100000
-  };
-
-  await Promise.resolve(worksheet.protect(password, protectionOptions as Record<string, unknown>));
-  
-  // Return the password for inclusion in metadata
-  return password;
-}

package/app/components/actions/case-export/types-constants.ts

@@ -1,46 +1,3 @@
-export type ExportFormat = 'json' | 'csv';
-
-// Shared CSV headers for all tabular exports
-export const CSV_HEADERS = [
-  'File ID',
-  'Original Filename',
-  'Upload Date',
-  'Has Annotations',
-  'Left Case',
-  'Right Case',
-  'Left Item',
-  'Right Item',
-  'Case Font Color',
-  'Class Type',
-  'Custom Class',
-  'Class Note',
-  'Index Type',
-  'Index Number',
-  'Index Color',
-  'Support Level',
-  'Has Subclass',
-  'Include Confirmation',
-  'Confirmation Status',
-  'Confirming Examiner Name',
-  'Confirming Examiner Badge ID',
-  'Confirming Examiner Email',
-  'Confirming Examiner Company',
-  'Confirmation ID',
-  'Confirmation Timestamp',
-  'Confirmation Date (ISO)',
-  'Total Box Annotations',
-  'Box ID',
-  'Box X',
-  'Box Y',
-  'Box Width',
-  'Box Height',
-  'Box Color',
-  'Box Label',
-  'Box Timestamp',
-  'Additional Notes',
-  'Last Updated'
-];
-
 /**
  * Helper function to format timestamp for filename using user's local timezone
  */

package/app/components/actions/case-import/confirmation-import.ts

@@ -39,6 +39,41 @@ function isEncryptionManifest(value: unknown): value is EncryptionManifest {
   );
 }
 
+/**
+ * Validates that an encryption manifest is well-formed for a confirmation import.
+ * Confirmation packages must not contain encrypted images — this is a structural
+ * invariant. Fails closed with a clear message before decryptExportBatch is called.
+ */
+function validateConfirmationEncryptionManifest(manifest: EncryptionManifest): void {
+  if (
+    !manifest.encryptionVersion ||
+    !manifest.algorithm ||
+    !manifest.keyId ||
+    !manifest.wrappedKey ||
+    !manifest.dataIv
+  ) {
+    throw new Error(
+      'Malformed encryption manifest: one or more required fields (encryptionVersion, algorithm, keyId, wrappedKey, dataIv) are missing.'
+    );
+  }
+
+  // Confirmation packages must never carry image payloads. Reject any manifest
+  // that references encrypted images — this indicates a wrong package type or
+  // a tampered/malformed file.
+  const candidate = manifest as unknown as Record<string, unknown>;
+  const encryptedImages = candidate['encryptedImages'];
+  if (
+    encryptedImages !== undefined &&
+    (typeof encryptedImages !== 'object' ||
+      Object.keys(encryptedImages as object).length > 0)
+  ) {
+    throw new Error(
+      'Invalid confirmation package: this manifest contains encrypted image references. ' +
+      'Confirmation packages must not include image data. The file may be a case export or may have been tampered with.'
+    );
+  }
+}
+
 /**
  * Import confirmation data from JSON file
  */
@@ -75,31 +110,36 @@ export async function importConfirmationData(
     const verificationPublicKeyPem = packageData.verificationPublicKeyPem;
     const confirmationFileName = packageData.confirmationFileName;
 
-    // Handle encrypted confirmation data
-    if (packageData.isEncrypted && packageData.encryptionManifest && packageData.encryptedDataBase64) {
-      onProgress?.('Decrypting confirmation data', 15, 'Decrypting exported confirmation...');
+    // All confirmation imports are encrypted — fail closed if manifest is missing
+    if (!packageData.encryptionManifest || !packageData.encryptedDataBase64) {
+      throw new Error(
+        'This confirmation package is not encrypted. Only encrypted confirmation packages exported from Striae can be imported.'
+      );
+    }
 
-      try {
-        if (!isEncryptionManifest(packageData.encryptionManifest)) {
-          throw new Error('Invalid encryption manifest format.');
-        }
+    if (!isEncryptionManifest(packageData.encryptionManifest)) {
+      throw new Error('Invalid encryption manifest format.');
+    }
 
-        const decryptResult = await decryptExportBatch(
-          user,
-          packageData.encryptionManifest,
-          packageData.encryptedDataBase64,
-          {} // No image hashes for confirmation-only exports
-        );
+    // Enforce confirmation-specific manifest shape before attempting decryption
+    validateConfirmationEncryptionManifest(packageData.encryptionManifest);
 
-        // Parse decrypted plaintext as confirmation data
-        const decryptedJsonString = decryptResult.plaintext;
-        confirmationData = JSON.parse(decryptedJsonString) as ConfirmationImportData;
-        confirmationJsonContent = decryptedJsonString;
-      } catch (error) {
-        throw new Error(
-          `Failed to decrypt confirmation data: ${error instanceof Error ? error.message : 'Unknown decryption error'}`
-        );
-      }
+    onProgress?.('Decrypting confirmation data', 15, 'Decrypting exported confirmation...');
+    try {
+      const decryptResult = await decryptExportBatch(
+        user,
+        packageData.encryptionManifest,
+        packageData.encryptedDataBase64,
+        {}
+      );
+
+      const decryptedJsonString = decryptResult.plaintext;
+      confirmationData = JSON.parse(decryptedJsonString) as ConfirmationImportData;
+      confirmationJsonContent = decryptedJsonString;
+    } catch (error) {
+      throw new Error(
+        `Failed to decrypt confirmation data: ${error instanceof Error ? error.message : 'Unknown decryption error'}`
+      );
     }
 
     confirmationDataForAudit = confirmationData;
@@ -297,15 +337,14 @@ export async function importConfirmationData(
         
         // Audit log successful confirmation import
         try {
-          await auditService.logAnnotationEdit(
+          await auditService.logConfirmationImport(
             user,
-            `${result.caseNumber}-${currentImageId}`,
-            annotationData, // Previous state (without confirmation)
-            updatedAnnotationData, // New state (with confirmation)
             result.caseNumber,
-            'confirmation-import',
-            currentImageId,
-            displayFilename
+            displayFilename,
+            'success',
+            true,
+            confirmations.length,
+            [displayFilename]
           );
         } catch (auditError) {
           console.error('Failed to log confirmation import audit:', auditError);
@@ -315,15 +354,15 @@ export async function importConfirmationData(
         
         // Audit log failed confirmation import
         try {
-          await auditService.logAnnotationEdit(
+          await auditService.logConfirmationImport(
             user,
-            `${result.caseNumber}-${currentImageId}`,
-            annotationData, // Previous state
-            null, // Failed save
             result.caseNumber,
-            'confirmation-import',
-            currentImageId,
-            displayFilename
+            displayFilename,
+            'failure',
+            false,
+            0,
+            [],
+            [`Failed to update image ${displayFilename}: ${saveResponse.status}`]
           );
         } catch (auditError) {
           console.error('Failed to log failed confirmation import audit:', auditError);

package/app/components/actions/case-import/confirmation-package.ts

@@ -1,4 +1,22 @@
-import { type ConfirmationImportData } from '~/types';
+import type { User } from 'firebase/auth';
+import { type ConfirmationImportData, type ConfirmationImportPreview } from '~/types';
+import type { EncryptionManifest } from '~/utils/forensics/export-encryption';
+import { decryptExportBatch } from '~/utils/data/operations/signing-operations';
+
+function isEncryptionManifest(value: unknown): value is EncryptionManifest {
+  if (!value || typeof value !== 'object') {
+    return false;
+  }
+  const candidate = value as Partial<EncryptionManifest>;
+  return (
+    typeof candidate.encryptionVersion === 'string' &&
+    typeof candidate.algorithm === 'string' &&
+    typeof candidate.keyId === 'string' &&
+    typeof candidate.wrappedKey === 'string' &&
+    typeof candidate.dataIv === 'string' &&
+    Array.isArray(candidate.encryptedImages)
+  );
+}
 
 const CONFIRMATION_EXPORT_FILE_REGEX = /^confirmation-data-.*\.json$/i;
 const ENCRYPTION_MANIFEST_FILE_NAME = 'encryption_manifest.json';
@@ -145,6 +163,55 @@ async function extractConfirmationPackageFromZip(file: File): Promise<Confirmati
   };
 }
 
+export async function previewConfirmationImport(
+  file: File,
+  user: User
+): Promise<ConfirmationImportPreview> {
+  const pkg = await extractConfirmationImportPackage(file);
+
+  if (!pkg.isEncrypted || !pkg.encryptedDataBase64) {
+    throw new Error(
+      'Confirmation imports require an encrypted confirmation ZIP package exported from Striae.'
+    );
+  }
+
+  if (!isEncryptionManifest(pkg.encryptionManifest)) {
+    throw new Error('Encrypted confirmation manifest is missing required fields.');
+  }
+
+  let parsed: ConfirmationImportData;
+  try {
+    const decryptResult = await decryptExportBatch(
+      user,
+      pkg.encryptionManifest,
+      pkg.encryptedDataBase64,
+      {}
+    );
+    parsed = JSON.parse(decryptResult.plaintext) as ConfirmationImportData;
+  } catch (error) {
+    throw new Error(
+      `Failed to decrypt confirmation package for preview: ${
+        error instanceof Error ? error.message : 'Unknown error'
+      }`
+    );
+  }
+
+  const meta = parsed.metadata;
+  if (!meta?.caseNumber) {
+    throw new Error('Decrypted confirmation data is missing required case number.');
+  }
+
+  return {
+    caseNumber: meta.caseNumber,
+    exportedBy: meta.exportedBy ?? '',
+    exportedByName: meta.exportedByName ?? '',
+    exportedByCompany: meta.exportedByCompany ?? '',
+    exportedByBadgeId: meta.exportedByBadgeId,
+    exportDate: meta.exportDate ?? new Date().toISOString(),
+    totalConfirmations: meta.totalConfirmations ?? 0
+  };
+}
+
 export async function extractConfirmationImportPackage(file: File): Promise<ConfirmationImportPackage> {
   const lowerName = file.name.toLowerCase();
 

package/app/components/actions/case-import/index.ts

@@ -34,7 +34,7 @@ export { importAnnotations } from './annotation-import';
 
 // Confirmation import
 export { importConfirmationData } from './confirmation-import';
-export { extractConfirmationImportPackage } from './confirmation-package';
+export { extractConfirmationImportPackage, previewConfirmationImport } from './confirmation-package';
 
 // Main orchestrator
 export { importCaseForReview } from './orchestrator';

package/app/components/actions/case-import/orchestrator.ts

@@ -207,7 +207,6 @@ export async function importCaseForReview(
     // Step 1: Parse ZIP file
     const {
       caseData: initialCaseData,
-      imageFiles: initialImageFiles,
       imageIdMapping,
       isArchivedExport,
       bundledAuditFiles,
@@ -217,71 +216,65 @@ export async function importCaseForReview(
       encryptionManifest,
       encryptedDataBase64,
       encryptedImages,
-      isEncrypted
-    } = await parseImportZip(zipFile, user);
+      dataFileName
+    } = await parseImportZip(zipFile);
 
-    // Step 1.2: Handle decryption if export is encrypted
+    // Step 1.2: Decrypt export — all imports are encrypted (fail closed if manifest is missing)
     let caseData = initialCaseData;
     let cleanedContent = initialCleanedContent || '';
-    let imageFiles = initialImageFiles;
+    let imageFiles: { [filename: string]: Blob } = {};
     let resolvedBundledAuditFiles = bundledAuditFiles;
-    let decryptedImageBlobMap: { [filename: string]: Blob } | undefined;
 
-    if (isEncrypted && isEncryptionManifest(encryptionManifest) && encryptedDataBase64) {
-      onProgress?.('Decrypting export', 11, 'Decrypting case data and images...');
-      
-      try {
-        // Call decrypt endpoint on data-worker
-        const decryptResult = await decryptExportBatch(
-          user,
-          encryptionManifest,
-          encryptedDataBase64,
-          encryptedImages ?? {}
-        );
+    if (!isEncryptionManifest(encryptionManifest) || !encryptedDataBase64) {
+      throw new Error(
+        'This case package is not encrypted. Only encrypted case packages exported from Striae can be imported.'
+      );
+    }
 
-        // Decrypted data is plaintext JSON
-        cleanedContent = decryptResult.plaintext;
-        const parsedCaseData = JSON.parse(cleanedContent) as unknown;
-        caseData = parsedCaseData as CaseExportData;
+    onProgress?.('Decrypting export', 11, 'Decrypting case data and images...');
+    try {
+      const decryptResult = await decryptExportBatch(
+        user,
+        encryptionManifest,
+        encryptedDataBase64,
+        encryptedImages ?? {}
+      );
 
-        const decryptedFiles = decryptResult.decryptedImages;
-        const decryptedAuditTrailBlob = decryptedFiles['audit/case-audit-trail.json'];
-        const decryptedAuditSignatureBlob = decryptedFiles['audit/case-audit-signature.json'];
+      cleanedContent = decryptResult.plaintext;
+      const parsedCaseData = JSON.parse(cleanedContent) as unknown;
+      caseData = parsedCaseData as CaseExportData;
 
-        if (decryptedAuditTrailBlob || decryptedAuditSignatureBlob) {
-          resolvedBundledAuditFiles = {
-            ...(resolvedBundledAuditFiles ?? {}),
-            auditTrailContent: decryptedAuditTrailBlob
-              ? await decryptedAuditTrailBlob.text()
-              : resolvedBundledAuditFiles?.auditTrailContent,
-            auditSignatureContent: decryptedAuditSignatureBlob
-              ? await decryptedAuditSignatureBlob.text()
-              : resolvedBundledAuditFiles?.auditSignatureContent
-          };
-        }
+      const decryptedFiles = decryptResult.decryptedImages;
+      const decryptedAuditTrailBlob = decryptedFiles['audit/case-audit-trail.json'];
+      const decryptedAuditSignatureBlob = decryptedFiles['audit/case-audit-signature.json'];
 
-        decryptedImageBlobMap = Object.fromEntries(
-          Object.entries(decryptedFiles).filter(([filename]) => !filename.startsWith('audit/'))
-        );
+      if (decryptedAuditTrailBlob || decryptedAuditSignatureBlob) {
+        resolvedBundledAuditFiles = {
+          ...(resolvedBundledAuditFiles ?? {}),
+          auditTrailContent: decryptedAuditTrailBlob
+            ? await decryptedAuditTrailBlob.text()
+            : resolvedBundledAuditFiles?.auditTrailContent,
+          auditSignatureContent: decryptedAuditSignatureBlob
+            ? await decryptedAuditSignatureBlob.text()
+            : resolvedBundledAuditFiles?.auditSignatureContent
+        };
+      }
 
-        // Update imageFiles with decrypted images only
-        imageFiles = { ...imageFiles, ...decryptedImageBlobMap };
+      const decryptedImageBlobMap = Object.fromEntries(
+        Object.entries(decryptedFiles).filter(([filename]) => !filename.startsWith('audit/'))
+      );
+      imageFiles = decryptedImageBlobMap;
 
-        onProgress?.('Decryption successful', 13, `Decrypted case data and ${Object.keys(decryptedImageBlobMap).length} images`);
-      } catch (decryptError) {
-        throw new Error(
-          `Failed to decrypt export: ${decryptError instanceof Error ? decryptError.message : 'Unknown error'}. ` +
-          'Ensure your Striae instance has export encryption configured.'
-        );
-      }
+      onProgress?.('Decryption successful', 13, `Decrypted case data and ${Object.keys(decryptedImageBlobMap).length} images`);
+    } catch (decryptError) {
+      throw new Error(
+        `Failed to decrypt export: ${decryptError instanceof Error ? decryptError.message : 'Unknown error'}. ` +
+        'Ensure your Striae instance has export encryption configured.'
+      );
     }
 
-    if (isEncrypted) {
-      await validateCaseExporterUidForImport(caseData, user);
-      exporterUidValidationPassed = true;
-    } else {
-      exporterUidValidationPassed = true;
-    }
+    await validateCaseExporterUidForImport(caseData, user);
+    exporterUidValidationPassed = true;
 
     // Now validate case number and format
     if (!caseData.metadata?.caseNumber) {
@@ -292,6 +285,38 @@ export async function importCaseForReview(
       throw new Error(`Invalid case number format: ${caseData.metadata.caseNumber}`);
     }
 
+    // Validate that the data file name matches the decrypted case number — fail closed if it doesn't.
+    // Guards against corrupt archives and cases where parseImportZip returned a mismatched file.
+    if (dataFileName) {
+      const dataFileLeaf = dataFileName.split('/').filter(Boolean).pop()?.toLowerCase() ?? '';
+      const expectedDataFile = `${caseData.metadata.caseNumber.toLowerCase()}_data.json`;
+      if (dataFileLeaf !== expectedDataFile) {
+        throw new Error(
+          `Data file name does not match case number. ` +
+          `Expected "${expectedDataFile}", found "${dataFileLeaf}". ` +
+          'The archive may be corrupt or tampered.'
+        );
+      }
+    }
+
+    // Enforce designated reviewer before any writes occur.
+    // This mirrors previewCaseImport enforcement and cannot be bypassed by
+    // skipping preview or submitting a modified client request.
+    const designatedReviewerEmail = caseData.metadata.designatedReviewerEmail;
+    if (designatedReviewerEmail) {
+      if (!user.email) {
+        throw new Error(
+          'Your account does not have an email address. This case export is restricted to a designated reviewer and cannot be imported.'
+        );
+      }
+      if (user.email.toLowerCase() !== designatedReviewerEmail.toLowerCase()) {
+        throw new Error(
+          `This case export is restricted to the designated reviewer (${designatedReviewerEmail}). ` +
+          'You are not authorized to import this case.'
+        );
+      }
+    }
+
     const resolvedIsArchivedExport =
       isArchivedExport ||
       caseData.metadata.archived === true ||