feat(redaction): 🛡️ Implement PDF redaction service and API endpoints

Introduce a secure PDF redaction service (`pdf-lib`) and API endpoints for:
- Applying permanent, irreversible redactions to PDF documents (MP-6 compliance).
- Generating previews of redaction areas.
- Retrieving PDF document metadata (page count/dimensions).
- Redacting PII patterns from log text (AU-3 compliance).

Refactor logging middleware:
- Centralize logger configuration using Effect Schema for validation.
- Expand PII redaction paths for comprehensive log sanitization.

Other changes:
- Rename Astro components for consistency (e.g., `AgenciesPage.tsx` -> `agencies-page.tsx`).
- Update encryption/decryption utilities to be asynchronous.
- Add missing copyright headers to several files.

Author: WomB0ComB0

apps/api/drizzle/0001_careless_tyrannus.sql

@@ -1,3 +1,23 @@
+-- Copyright (c) 2025 Foia Stream
+--
+-- Permission is hereby granted, free of charge, to any person obtaining a copy
+-- of this software and associated documentation files (the "Software"), to deal
+-- in the Software without restriction, including without limitation the rights
+-- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+-- copies of the Software, and to permit persons to whom the Software is
+-- furnished to do so, subject to the following conditions:
+--
+-- The above copyright notice and this permission notice shall be included in all
+-- copies or substantial portions of the Software.
+--
+-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+-- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+-- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+-- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+-- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+-- SOFTWARE.
+
 CREATE TABLE `api_keys` (
 	`id` text PRIMARY KEY NOT NULL,
 	`user_id` text NOT NULL,

apps/api/drizzle/meta/_journal.json

@@ -24,4 +24,4 @@
       "breakpoints": true
     }
   ]
-}
+}

apps/api/package.json

@@ -33,6 +33,7 @@
     "hono-pino": "^0.10.3",
     "jose": "^6.1.3",
     "nanoid": "^5.1.6",
+    "pdf-lib": "^1.17.1",
     "pino": "^10.1.0",
     "pino-pretty": "^13.1.3",
     "stoker": "^2.0.1",

apps/api/src/app.ts

@@ -43,7 +43,7 @@ import { env } from './config/env';
 import configureOpenAPI from './lib/configure-open-api';
 import createApp from './lib/create-app';
 import { httpsEnforcement, requestId } from './middleware/security.middleware';
-import { agencyRoutes, authRoutes, requestRoutes, templateRoutes } from './routes';
+import { agencyRoutes, authRoutes, redactionRoutes, requestRoutes, templateRoutes } from './routes';
 import agenciesOpenAPIRoute from './routes/agencies';
 import authOpenAPIRoute from './routes/auth';
 import indexRoute from './routes/index.route';
@@ -148,6 +148,7 @@ api.route('/auth', authRoutes);
 api.route('/requests', requestRoutes);
 api.route('/agencies', agencyRoutes);
 api.route('/templates', templateRoutes);
+api.route('/redaction', redactionRoutes);
 
 app.route('/api/v1', api);
 

apps/api/src/lib/logger.ts

@@ -1,3 +1,25 @@
+/**
+ * Copyright (c) 2025 Foia Stream
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
 /**
  * @file Standalone Logger
  * @module lib/logger
@@ -32,9 +54,11 @@ export const logger = pino(
     level: env.NODE_ENV === 'production' ? 'info' : 'debug',
     name: 'foia-stream-api',
   },
-  env.NODE_ENV === 'production' ? undefined : pretty({
-    colorize: true,
-    translateTime: 'SYS:standard',
-    ignore: 'pid,hostname',
-  }),
+  env.NODE_ENV === 'production'
+    ? undefined
+    : pretty({
+        colorize: true,
+        translateTime: 'SYS:standard',
+        ignore: 'pid,hostname',
+      }),
 );

apps/api/src/middleware/rate-limit.middleware.ts

@@ -706,8 +706,8 @@ export {
   KeyedThrottle,
   LeakyBucketLimiter,
   SlidingWindowCounter,
-  throttle,
   TokenBucketLimiter,
+  throttle,
 } from '@foia-stream/shared';
 // Re-export banlist functions for convenience
 export {

apps/api/src/middleware/security.middleware.ts

@@ -1,3 +1,25 @@
+/**
+ * Copyright (c) 2025 Foia Stream
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
 /**
  * @file Security Middleware
  * @module middleware/security
@@ -79,14 +101,14 @@ export function securityHeaders(): MiddlewareHandler {
     // Permissions policy (formerly Feature-Policy)
     c.header(
       'Permissions-Policy',
-      'accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()'
+      'accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()',
     );
 
     // Content Security Policy
     if (env.NODE_ENV === 'production') {
       c.header(
         'Content-Security-Policy',
-        "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self'; frame-ancestors 'none';"
+        "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self'; frame-ancestors 'none';",
       );
     }