npm - @striae-org/striae - Versions diffs - 5.5.2 → 6.0.1 - Mend

@striae-org/striae 5.5.2 → 6.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

package/README.md CHANGED Viewed

@@ -8,6 +8,7 @@ This npm package publishes the Striae application source for teams that run/deve
 - Application: [https://striae.app](https://striae.app)
 - Source repository: [https://github.com/striae-org/striae](https://github.com/striae-org/striae)
+- Installation guide: [https://github.com/striae-org/striae/wiki/Installation-Guide](https://github.com/striae-org/striae/wiki/Installation-Guide)
 - Releases: [https://github.com/striae-org/striae/releases](https://github.com/striae-org/striae/releases)
 - Security policy: [https://github.com/striae-org/striae/security/policy](https://github.com/striae-org/striae/security/policy)
@@ -55,9 +56,10 @@ Excluded (by design):
 ## License
-See `LICENSE` and `NOTICE`.
+See `LICENSE`.
 ## Support
+- Striae Community: [https://community.striae.org](https://community.striae.org)
 - Support page: [https://www.striae.org/support](https://www.striae.org/support)
 - Contact: [info@striae.org](mailto:info@striae.org)

package/app/components/actions/case-export/download-handlers.ts CHANGED Viewed

@@ -8,13 +8,14 @@ import {
   getCurrentPublicSigningKeyDetails,
   getVerificationPublicKey,
   getCurrentEncryptionPublicKeyDetails,
-  encryptExportDataWithAllImages
+  encryptExportDataWithAllImages,
 } from '~/utils/forensics';
 import { signForensicManifest } from '~/utils/data';
 import { formatDateForFilename } from './types-constants';
 import { addForensicDataWarning } from './metadata-helpers';
 import { exportCaseData } from './core-export';
 import { auditService } from '~/services/audit';
+import { buildArchivePackage } from '~/components/actions/case-manage/archive-package-builder';
 /**
  * Generate export filename with embedded ID to prevent collisions
@@ -23,15 +24,15 @@ import { auditService } from '~/services/audit';
  */
 function generateExportFilename(originalFilename: string, id: string): string {
   const lastDotIndex = originalFilename.lastIndexOf('.');
   if (lastDotIndex === -1) {
     // No extension found
     return `${originalFilename}-${id}`;
   }
   const basename = originalFilename.substring(0, lastDotIndex);
   const extension = originalFilename.substring(lastDotIndex);
   return `${basename}-${id}${extension}`;
 }
@@ -73,25 +74,99 @@ export async function downloadCaseAsZip(
   let manifestSigned = false;
   let publicKeyFileName: string | undefined;
   const protectForensicData = true;
   try {
     // Start audit workflow
     auditService.startWorkflow(caseNumber);
     onProgress?.(10);
     // Get case data
     const exportData = await exportCaseData(user, caseNumber, options);
     onProgress?.(30);
+    const archivePackageMode = options.archivePackageMode;
+    if (archivePackageMode) {
+      const archivedAt = exportData.metadata.archivedAt || new Date().toISOString();
+      const archivedByDisplay =
+        exportData.metadata.archivedByDisplay ||
+        exportData.metadata.archivedBy ||
+        exportData.metadata.exportedByName ||
+        exportData.metadata.exportedBy ||
+        'Unknown';
+      const caseJsonContent = await generateJSONContent(
+        exportData,
+        options.includeUserInfo,
+        protectForensicData
+      );
+      const archivePackage = await buildArchivePackage({
+        user,
+        caseNumber,
+        caseJsonContent,
+        files: exportData.files,
+        auditConfig: {
+          startDate: exportData.metadata.caseCreatedDate,
+          endDate: archivedAt,
+        },
+        readmeConfig: {
+          archivedAt,
+          archivedByDisplay,
+          archiveReason: exportData.metadata.archiveReason,
+        },
+      });
+      manifestSignatureKeyId = archivePackage.manifestSignatureKeyId;
+      manifestSigned = true;
+      onProgress?.(95);
+      const url = URL.createObjectURL(archivePackage.zipBlob);
+      const exportFileName = `striae-case-${caseNumber}-archive-${formatDateForFilename(new Date())}-encrypted.zip`;
+      const linkElement = document.createElement('a');
+      linkElement.href = url;
+      linkElement.setAttribute('download', exportFileName);
+      linkElement.setAttribute('title', 'Encrypted Striae case package');
+      linkElement.click();
+      URL.revokeObjectURL(url);
+      onProgress?.(100);
+      const endTime = Date.now();
+      await auditService.logCaseExport(
+        user,
+        caseNumber,
+        exportFileName,
+        'success',
+        [],
+        {
+          processingTimeMs: endTime - startTime,
+          fileSizeBytes: archivePackage.zipBlob.size,
+          validationStepsCompleted: exportData.files?.length || 0,
+          validationStepsFailed: 0,
+        },
+        'zip',
+        protectForensicData,
+        {
+          present: true,
+          valid: true,
+          keyId: manifestSignatureKeyId,
+        }
+      );
+      auditService.endWorkflow();
+      return;
+    }
     // Create ZIP
     const JSZip = (await import('jszip')).default;
     const zip = new JSZip();
     const jsonContent = await generateJSONContent(exportData, options.includeUserInfo, protectForensicData);
     zip.file(`${caseNumber}_data.json`, jsonContent);
     onProgress?.(50);
     // Add images and collect them for manifest generation
     const imageFolder = zip.folder('images');
     const imageFiles: { [filename: string]: Blob } = {};
@@ -101,7 +176,6 @@ export async function downloadCaseAsZip(
         try {
           const imageBlob = await fetchImageAsBlob(user, file.fileData, caseNumber);
           if (imageBlob) {
-            // Generate export filename with embedded ID to prevent collisions
             const exportFilename = generateExportFilename(file.fileData.originalFilename, file.fileData.id);
             imageFolder.file(exportFilename, imageBlob);
             imageFiles[exportFilename] = imageBlob;
@@ -112,9 +186,7 @@ export async function downloadCaseAsZip(
         onProgress?.(50 + (i / exportData.files.length) * 30);
       }
     }
-    // CRITICAL: Get the content that will be used for hash calculation.
-    // This must match the exported package content before encryption.
     const contentForHash = await generateJSONContent(exportData, options.includeUserInfo, false);
     const forensicManifest = await generateForensicManifestSecure(contentForHash, imageFiles);
@@ -128,7 +200,7 @@ export async function downloadCaseAsZip(
     const signedForensicManifest = {
       ...forensicManifest,
       manifestVersion: signingResult.manifestVersion,
-      signature: signingResult.signature
+      signature: signingResult.signature,
     };
     zip.file('FORENSIC_MANIFEST.json', JSON.stringify(signedForensicManifest, null, 2));
@@ -143,24 +215,30 @@ export async function downloadCaseAsZip(
     }
     try {
-      const imagesToEncrypt = Object.entries(imageFiles).map(([filename, blob]) => ({
-        filename,
-        blob
-      }));
+      const filesToEncrypt = [
+        ...Object.entries(imageFiles).map(([filename, blob]) => ({
+          filename,
+          blob,
+        })),
+      ];
       const encryptionResult = await encryptExportDataWithAllImages(
         contentForHash,
-        imagesToEncrypt,
+        filesToEncrypt,
         encKeyDetails.publicKeyPem,
         encKeyDetails.keyId
       );
       zip.file(`${caseNumber}_data.json`, encryptionResult.ciphertext);
-      if (imageFolder && encryptionResult.encryptedImages.length > 0) {
-        for (let i = 0; i < imagesToEncrypt.length; i++) {
-          const originalFilename = imagesToEncrypt[i].filename;
-          imageFolder.file(originalFilename, encryptionResult.encryptedImages[i]);
+      if (encryptionResult.encryptedImages.length > 0) {
+        for (let i = 0; i < filesToEncrypt.length; i++) {
+          const originalFilename = filesToEncrypt[i].filename;
+          const encryptedContent = encryptionResult.encryptedImages[i];
+          if (imageFolder) {
+            imageFolder.file(originalFilename, encryptedContent);
+          }
         }
       }
@@ -213,28 +291,27 @@ For questions about this export, contact your Striae system administrator.
     );
     zip.file('README.txt', readme);
     onProgress?.(85);
-    const zipBlob = await zip.generateAsync({
+    const zipBlob = await zip.generateAsync({
       type: 'blob',
       compression: 'DEFLATE',
-      compressionOptions: { level: 6 }
+      compressionOptions: { level: 6 },
     });
     onProgress?.(95);
     const url = URL.createObjectURL(zipBlob);
     const exportFileName = `striae-case-${caseNumber}-encrypted-package-${formatDateForFilename(new Date())}.zip`;
     const linkElement = document.createElement('a');
     linkElement.href = url;
     linkElement.setAttribute('download', exportFileName);
     linkElement.setAttribute('title', 'Encrypted Striae case package');
     linkElement.click();
     URL.revokeObjectURL(url);
     onProgress?.(100);
-    // Log successful export audit event (standard case)
     const endTime = Date.now();
     await auditService.logCaseExport(
       user,
@@ -246,24 +323,21 @@ For questions about this export, contact your Striae system administrator.
         processingTimeMs: endTime - startTime,
         fileSizeBytes: zipBlob.size,
         validationStepsCompleted: exportData.files?.length || 0,
-        validationStepsFailed: 0
+        validationStepsFailed: 0,
       },
       'zip',
       protectForensicData,
       {
         present: true,
         valid: true,
-        keyId: manifestSignatureKeyId
+        keyId: manifestSignatureKeyId,
       }
     );
-    // End audit workflow
     auditService.endWorkflow();
   } catch (error) {
     console.error('ZIP export failed:', error);
-    // Log failed export audit event
     const endTime = Date.now();
     await auditService.logCaseExport(
       user,
@@ -275,20 +349,19 @@ For questions about this export, contact your Striae system administrator.
         processingTimeMs: endTime - startTime,
         fileSizeBytes: 0,
         validationStepsCompleted: 0,
-        validationStepsFailed: 1
+        validationStepsFailed: 1,
       },
       'zip',
       protectForensicData,
       {
         present: manifestSigned,
         valid: manifestSigned,
-        keyId: manifestSignatureKeyId
+        keyId: manifestSignatureKeyId,
       }
     );
-    // End audit workflow
     auditService.endWorkflow();
     throw new Error('Failed to export encrypted case package');
   }
 }
@@ -305,8 +378,8 @@ async function fetchImageAsBlob(user: User, fileData: FileData, caseNumber: stri
       const signedResponse = await fetch(url, {
         method: 'GET',
         headers: {
-          'Accept': 'application/octet-stream,image/*'
-        }
+          Accept: 'application/octet-stream,image/*',
+        },
       });
       if (!signedResponse.ok) {
@@ -394,13 +467,12 @@ https://striae.app`;
  * Generate JSON content for case export with forensic protection options
  */
 async function generateJSONContent(
-  exportData: CaseExportData,
-  includeUserInfo: boolean = true,
+  exportData: CaseExportData,
+  includeUserInfo: boolean = true,
   protectForensicData: boolean = true
 ): Promise<string> {
   const jsonData = { ...exportData };
-  // Remove sensitive user info if not included
   if (!includeUserInfo) {
     if (jsonData.metadata.exportedBy) {
       jsonData.metadata.exportedBy = '[User Info Excluded]';
@@ -418,28 +490,24 @@ async function generateJSONContent(
       jsonData.metadata.exportedByBadgeId = '[User Info Excluded]';
     }
   }
   const jsonString = JSON.stringify(jsonData, null, 2);
-  // Calculate hash for integrity verification
   const hash = await calculateSHA256Secure(jsonString);
-  // Add hash to metadata
   const finalJsonData = {
     ...jsonData,
     metadata: {
       ...jsonData.metadata,
       hash: hash.toUpperCase(),
-      integrityNote: 'Verify by recalculating SHA256 of this entire JSON content'
-    }
+      integrityNote: 'Verify by recalculating SHA256 of this entire JSON content',
+    },
   };
   const finalJsonString = JSON.stringify(finalJsonData, null, 2);
-  // Add forensic protection warning if enabled
   if (protectForensicData) {
     return addForensicDataWarning(finalJsonString);
   }
   return finalJsonString;
-}
+}

package/app/components/actions/case-manage/archive-package-builder.ts ADDED Viewed

@@ -0,0 +1,299 @@
+import type { User } from 'firebase/auth';
+import { type AuditTrail, type CaseExportData, type ValidationAuditEntry } from '~/types';
+import { signForensicManifest } from '~/utils/data';
+import {
+  calculateSHA256Secure,
+  createPublicSigningKeyFileName,
+  encryptExportDataWithAllImages,
+  generateForensicManifestSecure,
+  getCurrentEncryptionPublicKeyDetails,
+  getCurrentPublicSigningKeyDetails,
+  getVerificationPublicKey,
+} from '~/utils/forensics';
+import { signAuditExport } from '~/services/audit/audit-export-signing';
+import { generateAuditSummary, sortAuditEntriesNewestFirst } from '~/services/audit/audit-query-helpers';
+import { auditService } from '~/services/audit';
+import { getImageUrl } from '../image-manage';
+export interface ArchiveBundleAuditConfig {
+  startDate: string;
+  endDate: string;
+  additionalEntries?: ValidationAuditEntry[];
+}
+export interface ArchiveBundleReadmeConfig {
+  archivedAt: string;
+  archivedByDisplay: string;
+  archiveReason?: string;
+}
+export interface BuildArchivePackageInput {
+  user: User;
+  caseNumber: string;
+  caseJsonContent: string;
+  files: CaseExportData['files'];
+  auditConfig: ArchiveBundleAuditConfig;
+  readmeConfig: ArchiveBundleReadmeConfig;
+}
+export interface BuildArchivePackageResult {
+  zipBlob: Blob;
+  publicKeyFileName: string;
+  manifestSignatureKeyId: string;
+}
+function generateArchiveImageFilename(originalFilename: string, id: string): string {
+  const lastDotIndex = originalFilename.lastIndexOf('.');
+  if (lastDotIndex === -1) {
+    return `${originalFilename}-${id}`;
+  }
+  const basename = originalFilename.substring(0, lastDotIndex);
+  const extension = originalFilename.substring(lastDotIndex);
+  return `${basename}-${id}${extension}`;
+}
+function getVerificationPublicSigningKey(preferredKeyId?: string): { keyId: string | null; publicKeyPem: string } {
+  const preferredKey = preferredKeyId ? getVerificationPublicKey(preferredKeyId) : null;
+  const currentDetails = getCurrentPublicSigningKeyDetails();
+  const resolvedPem = preferredKey ?? currentDetails.publicKeyPem;
+  const resolvedKeyId = preferredKey ? preferredKeyId ?? null : currentDetails.keyId;
+  if (!resolvedPem || resolvedPem.trim().length === 0) {
+    throw new Error('No public signing key is configured for archive packaging.');
+  }
+  return {
+    keyId: resolvedKeyId,
+    publicKeyPem: resolvedPem.endsWith('\n') ? resolvedPem : `${resolvedPem}\n`,
+  };
+}
+async function fetchImageAsBlob(user: User, fileData: CaseExportData['files'][number]['fileData'], caseNumber: string): Promise<Blob | null> {
+  try {
+    const imageAccess = await getImageUrl(user, fileData, caseNumber, 'Archive Package');
+    const { blob, revoke, url } = imageAccess;
+    if (!blob) {
+      const signedResponse = await fetch(url, {
+        method: 'GET',
+        headers: {
+          Accept: 'application/octet-stream,image/*',
+        },
+      });
+      if (!signedResponse.ok) {
+        throw new Error(`Signed URL fetch failed with status ${signedResponse.status}`);
+      }
+      return await signedResponse.blob();
+    }
+    try {
+      return blob;
+    } finally {
+      revoke();
+    }
+  } catch (error) {
+    console.error('Failed to fetch image for archive package:', error);
+    return null;
+  }
+}
+export async function buildArchivePackage(input: BuildArchivePackageInput): Promise<BuildArchivePackageResult> {
+  const { user, caseNumber, caseJsonContent, files, auditConfig, readmeConfig } = input;
+  const JSZip = (await import('jszip')).default;
+  const zip = new JSZip();
+  zip.file(`${caseNumber}_data.json`, caseJsonContent);
+  const imageFolder = zip.folder('images');
+  const imageBlobs: Record<string, Blob> = {};
+  if (imageFolder && files) {
+    for (const fileEntry of files) {
+      const imageBlob = await fetchImageAsBlob(user, fileEntry.fileData, caseNumber);
+      if (!imageBlob) {
+        continue;
+      }
+      const exportFileName = generateArchiveImageFilename(
+        fileEntry.fileData.originalFilename,
+        fileEntry.fileData.id
+      );
+      imageFolder.file(exportFileName, imageBlob);
+      imageBlobs[exportFileName] = imageBlob;
+    }
+  }
+  const forensicManifest = await generateForensicManifestSecure(caseJsonContent, imageBlobs);
+  const manifestSigningResponse = await signForensicManifest(user, caseNumber, forensicManifest);
+  const signingKey = getVerificationPublicSigningKey(manifestSigningResponse.signature.keyId);
+  const publicKeyFileName = createPublicSigningKeyFileName(signingKey.keyId);
+  zip.file(publicKeyFileName, signingKey.publicKeyPem);
+  zip.file(
+    'FORENSIC_MANIFEST.json',
+    JSON.stringify(
+      {
+        ...forensicManifest,
+        manifestVersion: manifestSigningResponse.manifestVersion,
+        signature: manifestSigningResponse.signature,
+      },
+      null,
+      2
+    )
+  );
+  const auditEntries = await auditService.getAuditEntriesForUser(user.uid, {
+    caseNumber,
+    startDate: auditConfig.startDate,
+    endDate: auditConfig.endDate,
+  });
+  const auditEntriesWithExtras = sortAuditEntriesNewestFirst([
+    ...auditEntries,
+    ...(auditConfig.additionalEntries ?? []),
+  ]);
+  const auditTrail: AuditTrail = {
+    caseNumber,
+    workflowId: `${caseNumber}-archive-${Date.now()}`,
+    entries: auditEntriesWithExtras,
+    summary: generateAuditSummary(auditEntriesWithExtras),
+  };
+  const auditTrailPayload = {
+    metadata: {
+      exportTimestamp: new Date().toISOString(),
+      exportVersion: '1.0',
+      totalEntries: auditTrail.summary.totalEvents,
+      application: 'Striae',
+      exportType: 'trail' as const,
+      scopeType: 'case' as const,
+      scopeIdentifier: caseNumber,
+    },
+    auditTrail,
+  };
+  const auditTrailRawContent = JSON.stringify(auditTrailPayload, null, 2);
+  const auditTrailHash = await calculateSHA256Secure(auditTrailRawContent);
+  const signedAuditExportPayload = await signAuditExport(
+    {
+      exportFormat: 'json',
+      exportType: 'trail',
+      generatedAt: auditTrailPayload.metadata.exportTimestamp,
+      totalEntries: auditTrail.summary.totalEvents,
+      hash: auditTrailHash.toUpperCase(),
+    },
+    {
+      user,
+      scopeType: 'case',
+      scopeIdentifier: caseNumber,
+      caseNumber,
+    }
+  );
+  const signedAuditTrail = {
+    metadata: {
+      ...auditTrailPayload.metadata,
+      hash: auditTrailHash.toUpperCase(),
+      signatureVersion: signedAuditExportPayload.signatureMetadata.signatureVersion,
+      signatureMetadata: signedAuditExportPayload.signatureMetadata,
+      signature: signedAuditExportPayload.signature,
+    },
+    auditTrail,
+  };
+  const auditTrailJson = JSON.stringify(signedAuditTrail, null, 2);
+  const auditSignatureJson = JSON.stringify(signedAuditExportPayload, null, 2);
+  zip.file('audit/case-audit-trail.json', auditTrailJson);
+  zip.file('audit/case-audit-signature.json', auditSignatureJson);
+  const encryptionKeyDetails = getCurrentEncryptionPublicKeyDetails();
+  if (!encryptionKeyDetails.publicKeyPem || !encryptionKeyDetails.keyId) {
+    throw new Error(
+      'Archive encryption is mandatory. Your Striae instance does not have a configured encryption public key. ' +
+      'Please contact your administrator to set up export encryption.'
+    );
+  }
+  const filesToEncrypt: Array<{ filename: string; blob: Blob }> = [
+    ...Object.entries(imageBlobs).map(([filename, blob]) => ({
+      filename,
+      blob,
+    })),
+    {
+      filename: 'audit/case-audit-trail.json',
+      blob: new Blob([auditTrailJson], { type: 'application/json' }),
+    },
+    {
+      filename: 'audit/case-audit-signature.json',
+      blob: new Blob([auditSignatureJson], { type: 'application/json' }),
+    },
+  ];
+  const encryptionResult = await encryptExportDataWithAllImages(
+    caseJsonContent,
+    filesToEncrypt,
+    encryptionKeyDetails.publicKeyPem,
+    encryptionKeyDetails.keyId
+  );
+  zip.file(`${caseNumber}_data.json`, encryptionResult.ciphertext);
+  for (let index = 0; index < filesToEncrypt.length; index += 1) {
+    const originalFilename = filesToEncrypt[index].filename;
+    const encryptedContent = encryptionResult.encryptedImages[index];
+    if (originalFilename.startsWith('audit/')) {
+      zip.file(originalFilename, encryptedContent);
+      continue;
+    }
+    if (imageFolder) {
+      imageFolder.file(originalFilename, encryptedContent);
+    }
+  }
+  zip.file('ENCRYPTION_MANIFEST.json', JSON.stringify(encryptionResult.encryptionManifest, null, 2));
+  zip.file(
+    'README.txt',
+    [
+      'Striae Archived Case Package',
+      '===========================',
+      '',
+      `Case Number: ${caseNumber}`,
+      `Archived At: ${readmeConfig.archivedAt}`,
+      `Archived By: ${readmeConfig.archivedByDisplay}`,
+      `Archive Reason: ${readmeConfig.archiveReason?.trim() || 'Not provided'}`,
+      '',
+      'Package Contents',
+      '- Case data JSON export with all image references',
+      '- images/ folder with exported image files (encrypted)',
+      '- Full case audit trail export and signed audit metadata',
+      '- Forensic manifest with server-side signature',
+      '- ENCRYPTION_MANIFEST.json with encryption metadata and encrypted image hashes',
+      `- ${publicKeyFileName} for verification`,
+      '',
+      'This package is intended for read-only review and verification workflows.',
+      'This package is encrypted. Only Striae can decrypt and re-import it.',
+    ].join('\n')
+  );
+  const zipBlob = await zip.generateAsync({
+    type: 'blob',
+    compression: 'DEFLATE',
+    compressionOptions: { level: 6 },
+  });
+  return {
+    zipBlob,
+    publicKeyFileName,
+    manifestSignatureKeyId: manifestSigningResponse.signature.keyId,
+  };
+}