@striae-org/striae 6.1.8 → 7.0.0

package/workers/image-worker/src/handlers/mint-signed-url.ts

@@ -1,4 +1,3 @@
-import { hasValidToken } from '../auth';
 import {
   normalizeSignedUrlTtlSeconds,
   parseSignedUrlBaseUrl,
@@ -21,10 +20,6 @@ export async function handleSignedUrlMinting(
   fileId: string,
   createJsonResponse: CreateImageWorkerResponse
 ): Promise<Response> {
-  if (!hasValidToken(request, env)) {
-    return createJsonResponse({ error: 'Unauthorized' }, 403);
-  }
-
   requireSignedUrlConfig(env);
 
   const existing = await env.STRIAE_FILES.head(fileId);

package/workers/image-worker/src/handlers/serve-image.ts

@@ -1,4 +1,3 @@
-import { hasValidToken } from '../auth';
 import {
   decryptBinaryWithRegistry,
   requireEncryptionRetrievalConfig
@@ -29,7 +28,7 @@ export async function handleImageServing(
     if (!tokenValid) {
       return createJsonResponse({ error: 'Invalid or expired signed URL token' }, 403);
     }
-  } else if (!hasValidToken(request, env)) {
+  } else {
     return createJsonResponse({ error: 'Unauthorized' }, 403);
   }
 

package/workers/image-worker/src/handlers/upload-image.ts

@@ -1,4 +1,3 @@
-import { hasValidToken } from '../auth';
 import { encryptBinaryForStorage } from '../encryption-utils';
 import { requireEncryptionUploadConfig } from '../security/key-registry';
 import type { CreateImageWorkerResponse, Env } from '../types';
@@ -9,10 +8,6 @@ export async function handleImageUpload(
   env: Env,
   createJsonResponse: CreateImageWorkerResponse
 ): Promise<Response> {
-  if (!hasValidToken(request, env)) {
-    return createJsonResponse({ error: 'Unauthorized' }, 403);
-  }
-
   requireEncryptionUploadConfig(env);
 
   const formData = await request.formData();

package/workers/image-worker/src/security/signed-url.ts

@@ -51,7 +51,7 @@ export function normalizeSignedUrlTtlSeconds(requestedTtlSeconds: unknown, env:
 }
 
 export function requireSignedUrlConfig(env: Env): void {
-  const resolvedSecret = (env.IMAGE_SIGNED_URL_SECRET || env.IMAGES_API_TOKEN || '').trim();
+  const resolvedSecret = (env.IMAGE_SIGNED_URL_SECRET || '').trim();
   if (resolvedSecret.length === 0) {
     throw new Error('Signed URL configuration is missing');
   }
@@ -77,7 +77,7 @@ export function parseSignedUrlBaseUrl(raw: string): string {
 }
 
 async function getSignedUrlHmacKey(env: Env): Promise<CryptoKey> {
-  const resolvedSecret = (env.IMAGE_SIGNED_URL_SECRET || env.IMAGES_API_TOKEN || '').trim();
+  const resolvedSecret = (env.IMAGE_SIGNED_URL_SECRET || '').trim();
   const keyBytes = new TextEncoder().encode(resolvedSecret);
 
   return crypto.subtle.importKey(

package/workers/image-worker/src/types.ts

@@ -1,5 +1,4 @@
 export interface Env {
-  IMAGES_API_TOKEN: string;
   STRIAE_FILES: R2Bucket;
   DATA_AT_REST_ENCRYPTION_PRIVATE_KEY?: string;
   DATA_AT_REST_ENCRYPTION_PUBLIC_KEY: string;

package/workers/image-worker/wrangler.jsonc.example

@@ -2,7 +2,8 @@
   "name": "IMAGES_WORKER_NAME",
   "account_id": "ACCOUNT_ID",
   "main": "src/image-worker.ts",
-  "compatibility_date": "2026-04-20",
+  "workers_dev": false,
+  "compatibility_date": "2026-04-21",
   "compatibility_flags": [
     "nodejs_compat"
   ], 

package/workers/pdf-worker/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pdf-worker",
-  "version": "6.1.8",
+  "version": "7.0.0",
   "private": true,
   "scripts": {
     "generate:assets": "node scripts/generate-assets.js",
@@ -9,6 +9,6 @@
     "start": "wrangler dev"
   },
   "devDependencies": {
-    "wrangler": "^4.84.0"
+    "wrangler": "^4.84.1"
   }
 }

package/workers/pdf-worker/src/pdf-worker.ts

@@ -2,7 +2,6 @@ import type { PDFGenerationData, PDFGenerationRequest, ReportModule, ReportPdfOp
 import { getAuditTrailPdfOptions, isAuditTrailReportMode, renderAuditTrailReport } from './audit-trail-report';
 
 interface Env {
-  PDF_WORKER_AUTH: string;
   ACCOUNT_ID?: string;
   BROWSER_API_TOKEN?: string;
 }
@@ -40,9 +39,6 @@ const reportModuleLoaders: Record<string, () => Promise<ReportModule>> = {
 
 };
 
-const hasValidHeader = (request: Request, env: Env): boolean =>
-  request.headers.get('X-Custom-Auth-Key') === env.PDF_WORKER_AUTH;
-
 function isTimeoutError(error: unknown): boolean {
   return error instanceof Error && (
     error.name === 'AbortError' ||
@@ -193,10 +189,6 @@ async function renderPdfViaRestEndpoint(env: Env, html: string, pdfOptions: Repo
 
 export default {
   async fetch(request: Request, env: Env): Promise<Response> {
-    if (!hasValidHeader(request, env)) {
-      return jsonResponse({ error: 'Forbidden' }, 403);
-    }
-
     if (request.method === 'POST') {
       try {
         const payload = await request.json() as unknown;

package/workers/pdf-worker/wrangler.jsonc.example

@@ -2,7 +2,8 @@
   "name": "PDF_WORKER_NAME",
   "account_id": "ACCOUNT_ID",
   "main": "src/pdf-worker.ts",
-  "compatibility_date": "2026-04-20",
+  "workers_dev": false,
+  "compatibility_date": "2026-04-21",
   "compatibility_flags": [
     "nodejs_compat"
   ],

package/workers/user-worker/package.json

@@ -1,6 +1,6 @@
 {
   "name": "user-worker",
-  "version": "6.1.8",
+  "version": "7.0.0",
   "private": true,
   "scripts": {
     "deploy": "wrangler deploy",
@@ -8,6 +8,6 @@
     "start": "wrangler dev"
   },
   "devDependencies": {
-    "wrangler": "^4.84.0"
+    "wrangler": "^4.84.1"
   }
 }

package/workers/user-worker/src/auth.ts

@@ -1,12 +1,5 @@
 import type { Env } from './types';
 
-export async function authenticate(request: Request, env: Env): Promise<void> {
-  const authKey = request.headers.get('X-Custom-Auth-Key');
-  if (authKey !== env.USER_DB_AUTH) {
-    throw new Error('Unauthorized');
-  }
-}
-
 export function requireUserKvReadConfig(env: Env): void {
   const hasLegacyPrivateKey = typeof env.USER_KV_ENCRYPTION_PRIVATE_KEY === 'string' && env.USER_KV_ENCRYPTION_PRIVATE_KEY.trim().length > 0;
   const hasRegistryPrivateKeys = typeof env.USER_KV_ENCRYPTION_KEYS_JSON === 'string' && env.USER_KV_ENCRYPTION_KEYS_JSON.trim().length > 0;

package/workers/user-worker/src/types.ts

@@ -1,9 +1,7 @@
 export interface Env {
-  USER_DB_AUTH: string;
   USER_DB: KVNamespace;
   STRIAE_DATA: R2Bucket;
   STRIAE_FILES: R2Bucket;
-  R2_KEY_SECRET: string;
   DATA_AT_REST_ENCRYPTION_PRIVATE_KEY?: string;
   DATA_AT_REST_ENCRYPTION_KEY_ID?: string;
   DATA_AT_REST_ENCRYPTION_KEYS_JSON?: string;

package/workers/user-worker/src/user-worker.ts

@@ -1,4 +1,4 @@
-import { authenticate, requireUserKvReadConfig, requireUserKvWriteConfig } from './auth';
+import { requireUserKvReadConfig, requireUserKvWriteConfig } from './auth';
 import { USER_CASES_SEGMENT } from './config';
 import {
   handleAddCases,
@@ -20,8 +20,6 @@ function createTextResponse(message: string, status: number): Response {
 export default {
   async fetch(request: Request, env: Env): Promise<Response> {
     try {
-      await authenticate(request, env);
-
       // DELETE can mutate user KV data (for example /:uid/cases), so non-GET methods require write config.
       if (request.method === 'GET') {
         requireUserKvReadConfig(env);

package/workers/user-worker/wrangler.jsonc.example

@@ -2,7 +2,8 @@
   "name": "USER_WORKER_NAME",
   "account_id": "ACCOUNT_ID",
   "main": "src/user-worker.ts",
-  "compatibility_date": "2026-04-20",
+  "workers_dev": false,
+  "compatibility_date": "2026-04-21",
   "compatibility_flags": [
     "nodejs_compat"
   ], 

package/wrangler.toml.example

@@ -1,8 +1,28 @@
 #:schema node_modules/wrangler/config-schema.json
 name = "PAGES_PROJECT_NAME"
-compatibility_date = "2026-04-20"
+compatibility_date = "2026-04-21"
 compatibility_flags = ["nodejs_compat"]
 pages_build_output_dir = "./build/client"
 
 [placement]
-mode = "smart"
+mode = "smart"
+
+[[services]]
+binding = "USER_WORKER"
+service = "USER_WORKER_NAME"
+
+[[services]]
+binding = "DATA_WORKER"
+service = "DATA_WORKER_NAME"
+
+[[services]]
+binding = "AUDIT_WORKER"
+service = "AUDIT_WORKER_NAME"
+
+[[services]]
+binding = "IMAGE_WORKER"
+service = "IMAGES_WORKER_NAME"
+
+[[services]]
+binding = "PDF_WORKER"
+service = "PDF_WORKER_NAME"