Merge branch 'main' into feat/bin-tab

packages/trpc/server/document-router/router.ts

@@ -24,7 +24,6 @@ import { resendDocument } from '@documenso/lib/server-only/document/resend-docum
 import { restoreDocument } from '@documenso/lib/server-only/document/restore-document';
 import { searchDocumentsWithKeyword } from '@documenso/lib/server-only/document/search-documents-with-keyword';
 import { sendDocument } from '@documenso/lib/server-only/document/send-document';
-import { updateDocument } from '@documenso/lib/server-only/document/update-document';
 import { getTeamById } from '@documenso/lib/server-only/team/get-team';
 import { getPresignPostUrl } from '@documenso/lib/universal/upload/server-actions';
 import { isDocumentCompleted } from '@documenso/lib/utils/document';
@@ -58,9 +57,8 @@ import {
   ZSearchDocumentsMutationSchema,
   ZSetSigningOrderForDocumentMutationSchema,
   ZSuccessResponseSchema,
-  ZUpdateDocumentRequestSchema,
-  ZUpdateDocumentResponseSchema,
 } from './schema';
+import { updateDocumentRoute } from './update-document';
 
 export const documentRouter = router({
   /**
@@ -337,55 +335,7 @@ export const documentRouter = router({
       });
     }),
 
-  /**
-   * @public
-   *
-   * Todo: Refactor to updateDocument.
-   */
-  setSettingsForDocument: authenticatedProcedure
-    .meta({
-      openapi: {
-        method: 'POST',
-        path: '/document/update',
-        summary: 'Update document',
-        tags: ['Document'],
-      },
-    })
-    .input(ZUpdateDocumentRequestSchema)
-    .output(ZUpdateDocumentResponseSchema)
-    .mutation(async ({ input, ctx }) => {
-      const { teamId } = ctx;
-      const { documentId, data, meta = {} } = input;
-
-      const userId = ctx.user.id;
-
-      if (Object.values(meta).length > 0) {
-        await upsertDocumentMeta({
-          userId: ctx.user.id,
-          teamId,
-          documentId,
-          subject: meta.subject,
-          message: meta.message,
-          timezone: meta.timezone,
-          dateFormat: meta.dateFormat,
-          language: meta.language,
-          typedSignatureEnabled: meta.typedSignatureEnabled,
-          redirectUrl: meta.redirectUrl,
-          distributionMethod: meta.distributionMethod,
-          signingOrder: meta.signingOrder,
-          emailSettings: meta.emailSettings,
-          requestMetadata: ctx.metadata,
-        });
-      }
-
-      return await updateDocument({
-        userId,
-        teamId,
-        documentId,
-        data,
-        requestMetadata: ctx.metadata,
-      });
-    }),
+  updateDocument: updateDocumentRoute,
 
   /**
    * @public

packages/trpc/server/document-router/schema.ts

@@ -109,6 +109,14 @@ export const ZDocumentMetaTypedSignatureEnabledSchema = z
   .boolean()
   .describe('Whether to allow recipients to sign using a typed signature.');
 
+export const ZDocumentMetaDrawSignatureEnabledSchema = z
+  .boolean()
+  .describe('Whether to allow recipients to sign using a draw signature.');
+
+export const ZDocumentMetaUploadSignatureEnabledSchema = z
+  .boolean()
+  .describe('Whether to allow recipients to sign using an uploaded signature.');
+
 export const ZFindDocumentsRequestSchema = ZFindSearchParamsSchema.extend({
   templateId: z
     .number()
@@ -234,6 +242,8 @@ export const ZCreateDocumentV2RequestSchema = z.object({
       redirectUrl: ZDocumentMetaRedirectUrlSchema.optional(),
       language: ZDocumentMetaLanguageSchema.optional(),
       typedSignatureEnabled: ZDocumentMetaTypedSignatureEnabledSchema.optional(),
+      drawSignatureEnabled: ZDocumentMetaDrawSignatureEnabledSchema.optional(),
+      uploadSignatureEnabled: ZDocumentMetaUploadSignatureEnabledSchema.optional(),
       emailSettings: ZDocumentEmailSettingsSchema.optional(),
     })
     .optional(),
@@ -250,35 +260,6 @@ export const ZCreateDocumentV2ResponseSchema = z.object({
     ),
 });
 
-export const ZUpdateDocumentRequestSchema = z.object({
-  documentId: z.number(),
-  data: z
-    .object({
-      title: ZDocumentTitleSchema.optional(),
-      externalId: ZDocumentExternalIdSchema.nullish(),
-      visibility: ZDocumentVisibilitySchema.optional(),
-      globalAccessAuth: ZDocumentAccessAuthTypesSchema.nullish(),
-      globalActionAuth: ZDocumentActionAuthTypesSchema.nullish(),
-    })
-    .optional(),
-  meta: z
-    .object({
-      subject: ZDocumentMetaSubjectSchema.optional(),
-      message: ZDocumentMetaMessageSchema.optional(),
-      timezone: ZDocumentMetaTimezoneSchema.optional(),
-      dateFormat: ZDocumentMetaDateFormatSchema.optional(),
-      distributionMethod: ZDocumentMetaDistributionMethodSchema.optional(),
-      signingOrder: z.nativeEnum(DocumentSigningOrder).optional(),
-      redirectUrl: ZDocumentMetaRedirectUrlSchema.optional(),
-      language: ZDocumentMetaLanguageSchema.optional(),
-      typedSignatureEnabled: ZDocumentMetaTypedSignatureEnabledSchema.optional(),
-      emailSettings: ZDocumentEmailSettingsSchema.optional(),
-    })
-    .optional(),
-});
-
-export const ZUpdateDocumentResponseSchema = ZDocumentLiteSchema;
-
 export const ZSetFieldsForDocumentMutationSchema = z.object({
   documentId: z.number(),
   fields: z.array(

packages/trpc/server/document-router/update-document.ts

@@ -0,0 +1,53 @@
+import { upsertDocumentMeta } from '@documenso/lib/server-only/document-meta/upsert-document-meta';
+import { updateDocument } from '@documenso/lib/server-only/document/update-document';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZUpdateDocumentRequestSchema,
+  ZUpdateDocumentResponseSchema,
+} from './update-document.types';
+import { updateDocumentMeta } from './update-document.types';
+
+/**
+ * Public route.
+ */
+export const updateDocumentRoute = authenticatedProcedure
+  .meta(updateDocumentMeta)
+  .input(ZUpdateDocumentRequestSchema)
+  .output(ZUpdateDocumentResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { teamId } = ctx;
+    const { documentId, data, meta = {} } = input;
+
+    const userId = ctx.user.id;
+
+    if (Object.values(meta).length > 0) {
+      await upsertDocumentMeta({
+        userId: ctx.user.id,
+        teamId,
+        documentId,
+        subject: meta.subject,
+        message: meta.message,
+        timezone: meta.timezone,
+        dateFormat: meta.dateFormat,
+        language: meta.language,
+        typedSignatureEnabled: meta.typedSignatureEnabled,
+        uploadSignatureEnabled: meta.uploadSignatureEnabled,
+        drawSignatureEnabled: meta.drawSignatureEnabled,
+        redirectUrl: meta.redirectUrl,
+        distributionMethod: meta.distributionMethod,
+        signingOrder: meta.signingOrder,
+        allowDictateNextSigner: meta.allowDictateNextSigner,
+        emailSettings: meta.emailSettings,
+        requestMetadata: ctx.metadata,
+      });
+    }
+
+    return await updateDocument({
+      userId,
+      teamId,
+      documentId,
+      data,
+      requestMetadata: ctx.metadata,
+    });
+  });

packages/trpc/server/document-router/update-document.types.ts

@@ -0,0 +1,68 @@
+import { DocumentSigningOrder } from '@prisma/client';
+// import type { OpenApiMeta } from 'trpc-to-openapi';
+import { z } from 'zod';
+
+import { ZDocumentLiteSchema } from '@documenso/lib/types/document';
+import {
+  ZDocumentAccessAuthTypesSchema,
+  ZDocumentActionAuthTypesSchema,
+} from '@documenso/lib/types/document-auth';
+import { ZDocumentEmailSettingsSchema } from '@documenso/lib/types/document-email';
+
+import type { TrpcRouteMeta } from '../trpc';
+import {
+  ZDocumentExternalIdSchema,
+  ZDocumentMetaDateFormatSchema,
+  ZDocumentMetaDistributionMethodSchema,
+  ZDocumentMetaDrawSignatureEnabledSchema,
+  ZDocumentMetaLanguageSchema,
+  ZDocumentMetaMessageSchema,
+  ZDocumentMetaRedirectUrlSchema,
+  ZDocumentMetaSubjectSchema,
+  ZDocumentMetaTimezoneSchema,
+  ZDocumentMetaTypedSignatureEnabledSchema,
+  ZDocumentMetaUploadSignatureEnabledSchema,
+  ZDocumentTitleSchema,
+  ZDocumentVisibilitySchema,
+} from './schema';
+
+export const updateDocumentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/document/update',
+    summary: 'Update document',
+    tags: ['Document'],
+  },
+};
+
+export const ZUpdateDocumentRequestSchema = z.object({
+  documentId: z.number(),
+  data: z
+    .object({
+      title: ZDocumentTitleSchema.optional(),
+      externalId: ZDocumentExternalIdSchema.nullish(),
+      visibility: ZDocumentVisibilitySchema.optional(),
+      globalAccessAuth: ZDocumentAccessAuthTypesSchema.nullish(),
+      globalActionAuth: ZDocumentActionAuthTypesSchema.nullish(),
+    })
+    .optional(),
+  meta: z
+    .object({
+      subject: ZDocumentMetaSubjectSchema.optional(),
+      message: ZDocumentMetaMessageSchema.optional(),
+      timezone: ZDocumentMetaTimezoneSchema.optional(),
+      dateFormat: ZDocumentMetaDateFormatSchema.optional(),
+      distributionMethod: ZDocumentMetaDistributionMethodSchema.optional(),
+      signingOrder: z.nativeEnum(DocumentSigningOrder).optional(),
+      allowDictateNextSigner: z.boolean().optional(),
+      redirectUrl: ZDocumentMetaRedirectUrlSchema.optional(),
+      language: ZDocumentMetaLanguageSchema.optional(),
+      typedSignatureEnabled: ZDocumentMetaTypedSignatureEnabledSchema.optional(),
+      uploadSignatureEnabled: ZDocumentMetaUploadSignatureEnabledSchema.optional(),
+      drawSignatureEnabled: ZDocumentMetaDrawSignatureEnabledSchema.optional(),
+      emailSettings: ZDocumentEmailSettingsSchema.optional(),
+    })
+    .optional(),
+});
+
+export const ZUpdateDocumentResponseSchema = ZDocumentLiteSchema;

packages/trpc/server/embedding-router/_router.ts

@@ -0,0 +1,14 @@
+import { router } from '../trpc';
+import { createEmbeddingDocumentRoute } from './create-embedding-document';
+import { createEmbeddingPresignTokenRoute } from './create-embedding-presign-token';
+import { createEmbeddingTemplateRoute } from './create-embedding-template';
+import { getEmbeddingDocumentRoute } from './get-embedding-document';
+import { verifyEmbeddingPresignTokenRoute } from './verify-embedding-presign-token';
+
+export const embeddingPresignRouter = router({
+  createEmbeddingPresignToken: createEmbeddingPresignTokenRoute,
+  verifyEmbeddingPresignToken: verifyEmbeddingPresignTokenRoute,
+  createEmbeddingDocument: createEmbeddingDocumentRoute,
+  createEmbeddingTemplate: createEmbeddingTemplateRoute,
+  getEmbeddingDocument: getEmbeddingDocumentRoute,
+});

packages/trpc/server/embedding-router/create-embedding-document.ts

@@ -0,0 +1,63 @@
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { createDocumentV2 } from '@documenso/lib/server-only/document/create-document-v2';
+import { verifyEmbeddingPresignToken } from '@documenso/lib/server-only/embedding-presign/verify-embedding-presign-token';
+
+import { procedure } from '../trpc';
+import {
+  ZCreateEmbeddingDocumentRequestSchema,
+  ZCreateEmbeddingDocumentResponseSchema,
+} from './create-embedding-document.types';
+
+export const createEmbeddingDocumentRoute = procedure
+  .input(ZCreateEmbeddingDocumentRequestSchema)
+  .output(ZCreateEmbeddingDocumentResponseSchema)
+  .mutation(async ({ input, ctx: { req, metadata } }) => {
+    try {
+      const authorizationHeader = req.headers.get('authorization');
+
+      const [presignToken] = (authorizationHeader || '')
+        .split('Bearer ')
+        .filter((s) => s.length > 0);
+
+      if (!presignToken) {
+        throw new AppError(AppErrorCode.UNAUTHORIZED, {
+          message: 'No presign token provided',
+        });
+      }
+
+      const apiToken = await verifyEmbeddingPresignToken({ token: presignToken });
+
+      const { title, documentDataId, externalId, recipients, meta } = input;
+
+      const document = await createDocumentV2({
+        data: {
+          title,
+          externalId,
+          recipients,
+        },
+        meta,
+        documentDataId,
+        userId: apiToken.userId,
+        teamId: apiToken.teamId ?? undefined,
+        requestMetadata: metadata,
+      });
+
+      if (!document.id) {
+        throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+          message: 'Failed to create document: missing document ID',
+        });
+      }
+
+      return {
+        documentId: document.id,
+      };
+    } catch (error) {
+      if (error instanceof AppError) {
+        throw error;
+      }
+
+      throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+        message: 'Failed to create document',
+      });
+    }
+  });

packages/trpc/server/embedding-router/create-embedding-document.types.ts

@@ -0,0 +1,83 @@
+import { z } from 'zod';
+
+import { ZDocumentEmailSettingsSchema } from '@documenso/lib/types/document-email';
+import {
+  ZFieldHeightSchema,
+  ZFieldPageNumberSchema,
+  ZFieldPageXSchema,
+  ZFieldPageYSchema,
+  ZFieldWidthSchema,
+} from '@documenso/lib/types/field';
+import { ZFieldAndMetaSchema } from '@documenso/lib/types/field-meta';
+import { DocumentSigningOrder } from '@documenso/prisma/generated/types';
+
+import {
+  ZDocumentExternalIdSchema,
+  ZDocumentMetaDateFormatSchema,
+  ZDocumentMetaDistributionMethodSchema,
+  ZDocumentMetaDrawSignatureEnabledSchema,
+  ZDocumentMetaLanguageSchema,
+  ZDocumentMetaMessageSchema,
+  ZDocumentMetaRedirectUrlSchema,
+  ZDocumentMetaSubjectSchema,
+  ZDocumentMetaTimezoneSchema,
+  ZDocumentMetaTypedSignatureEnabledSchema,
+  ZDocumentMetaUploadSignatureEnabledSchema,
+  ZDocumentTitleSchema,
+} from '../document-router/schema';
+import { ZCreateRecipientSchema } from '../recipient-router/schema';
+
+export const ZCreateEmbeddingDocumentRequestSchema = z.object({
+  title: ZDocumentTitleSchema,
+  documentDataId: z.string(),
+  externalId: ZDocumentExternalIdSchema.optional(),
+  recipients: z
+    .array(
+      ZCreateRecipientSchema.extend({
+        fields: ZFieldAndMetaSchema.and(
+          z.object({
+            pageNumber: ZFieldPageNumberSchema,
+            pageX: ZFieldPageXSchema,
+            pageY: ZFieldPageYSchema,
+            width: ZFieldWidthSchema,
+            height: ZFieldHeightSchema,
+          }),
+        )
+          .array()
+          .optional(),
+      }),
+    )
+    .refine(
+      (recipients) => {
+        const emails = recipients.map((recipient) => recipient.email);
+
+        return new Set(emails).size === emails.length;
+      },
+      { message: 'Recipients must have unique emails' },
+    )
+    .optional(),
+  meta: z
+    .object({
+      subject: ZDocumentMetaSubjectSchema.optional(),
+      message: ZDocumentMetaMessageSchema.optional(),
+      timezone: ZDocumentMetaTimezoneSchema.optional(),
+      dateFormat: ZDocumentMetaDateFormatSchema.optional(),
+      distributionMethod: ZDocumentMetaDistributionMethodSchema.optional(),
+      signingOrder: z.nativeEnum(DocumentSigningOrder).optional(),
+      redirectUrl: ZDocumentMetaRedirectUrlSchema.optional(),
+      language: ZDocumentMetaLanguageSchema.optional(),
+      typedSignatureEnabled: ZDocumentMetaTypedSignatureEnabledSchema.optional(),
+      drawSignatureEnabled: ZDocumentMetaDrawSignatureEnabledSchema.optional(),
+      uploadSignatureEnabled: ZDocumentMetaUploadSignatureEnabledSchema.optional(),
+      emailSettings: ZDocumentEmailSettingsSchema.optional(),
+    })
+    .optional(),
+});
+
+export const ZCreateEmbeddingDocumentResponseSchema = z.object({
+  documentId: z.number(),
+});
+
+export type TCreateEmbeddingDocumentRequestSchema = z.infer<
+  typeof ZCreateEmbeddingDocumentRequestSchema
+>;

packages/trpc/server/embedding-router/create-embedding-presign-token.ts

@@ -0,0 +1,73 @@
+import { isCommunityPlan } from '@documenso/ee/server-only/util/is-community-plan';
+import { isUserEnterprise } from '@documenso/ee/server-only/util/is-document-enterprise';
+import { isDocumentPlatform } from '@documenso/ee/server-only/util/is-document-platform';
+import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { createEmbeddingPresignToken } from '@documenso/lib/server-only/embedding-presign/create-embedding-presign-token';
+import { getApiTokenByToken } from '@documenso/lib/server-only/public-api/get-api-token-by-token';
+
+import { procedure } from '../trpc';
+import {
+  ZCreateEmbeddingPresignTokenRequestSchema,
+  ZCreateEmbeddingPresignTokenResponseSchema,
+  createEmbeddingPresignTokenMeta,
+} from './create-embedding-presign-token.types';
+
+/**
+ * Route to create embedding presign tokens.
+ */
+export const createEmbeddingPresignTokenRoute = procedure
+  .meta(createEmbeddingPresignTokenMeta)
+  .input(ZCreateEmbeddingPresignTokenRequestSchema)
+  .output(ZCreateEmbeddingPresignTokenResponseSchema)
+  .mutation(async ({ input, ctx: { req } }) => {
+    try {
+      const authorizationHeader = req.headers.get('authorization');
+      const [apiToken] = (authorizationHeader || '').split('Bearer ').filter((s) => s.length > 0);
+
+      if (!apiToken) {
+        throw new AppError(AppErrorCode.UNAUTHORIZED, {
+          message: 'No API token provided',
+        });
+      }
+
+      const { expiresIn } = input;
+
+      if (IS_BILLING_ENABLED()) {
+        const token = await getApiTokenByToken({ token: apiToken });
+
+        if (!token.userId) {
+          throw new AppError(AppErrorCode.UNAUTHORIZED, {
+            message: 'Invalid API token',
+          });
+        }
+
+        const [hasCommunityPlan, hasPlatformPlan, hasEnterprisePlan] = await Promise.all([
+          isCommunityPlan({ userId: token.userId, teamId: token.teamId ?? undefined }),
+          isDocumentPlatform({ userId: token.userId, teamId: token.teamId }),
+          isUserEnterprise({ userId: token.userId, teamId: token.teamId ?? undefined }),
+        ]);
+
+        if (!hasCommunityPlan && !hasPlatformPlan && !hasEnterprisePlan) {
+          throw new AppError(AppErrorCode.UNAUTHORIZED, {
+            message: 'You do not have permission to create embedding presign tokens',
+          });
+        }
+      }
+
+      const presignToken = await createEmbeddingPresignToken({
+        apiToken,
+        expiresIn,
+      });
+
+      return { ...presignToken };
+    } catch (error) {
+      if (error instanceof AppError) {
+        throw error;
+      }
+
+      throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+        message: 'Failed to create embedding presign token',
+      });
+    }
+  });

packages/trpc/server/embedding-router/create-embedding-presign-token.types.ts

@@ -0,0 +1,38 @@
+import { z } from 'zod';
+
+import type { TrpcRouteMeta } from '../trpc';
+
+export const createEmbeddingPresignTokenMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/embedding/create-presign-token',
+    summary: 'Create embedding presign token',
+    description:
+      'Creates a presign token for embedding operations with configurable expiration time',
+    tags: ['Embedding'],
+  },
+};
+
+export const ZCreateEmbeddingPresignTokenRequestSchema = z.object({
+  expiresIn: z
+    .number()
+    .min(0)
+    .max(10080)
+    .optional()
+    .default(60)
+    .describe('Expiration time in minutes (default: 60, max: 10,080)'),
+});
+
+export const ZCreateEmbeddingPresignTokenResponseSchema = z.object({
+  token: z.string(),
+  expiresAt: z.date(),
+  expiresIn: z.number().describe('Expiration time in seconds'),
+});
+
+export type TCreateEmbeddingPresignTokenRequestSchema = z.infer<
+  typeof ZCreateEmbeddingPresignTokenRequestSchema
+>;
+
+export type TCreateEmbeddingPresignTokenResponseSchema = z.infer<
+  typeof ZCreateEmbeddingPresignTokenResponseSchema
+>;

packages/trpc/server/embedding-router/create-embedding-template.ts

@@ -0,0 +1,112 @@
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { verifyEmbeddingPresignToken } from '@documenso/lib/server-only/embedding-presign/verify-embedding-presign-token';
+import { createTemplate } from '@documenso/lib/server-only/template/create-template';
+import { prisma } from '@documenso/prisma';
+
+import { procedure } from '../trpc';
+import {
+  ZCreateEmbeddingTemplateRequestSchema,
+  ZCreateEmbeddingTemplateResponseSchema,
+} from './create-embedding-template.types';
+
+export const createEmbeddingTemplateRoute = procedure
+  .input(ZCreateEmbeddingTemplateRequestSchema)
+  .output(ZCreateEmbeddingTemplateResponseSchema)
+  .mutation(async ({ input, ctx: { req } }) => {
+    try {
+      const authorizationHeader = req.headers.get('authorization');
+
+      const [presignToken] = (authorizationHeader || '')
+        .split('Bearer ')
+        .filter((s) => s.length > 0);
+
+      if (!presignToken) {
+        throw new AppError(AppErrorCode.UNAUTHORIZED, {
+          message: 'No presign token provided',
+        });
+      }
+
+      const apiToken = await verifyEmbeddingPresignToken({ token: presignToken });
+
+      const { title, documentDataId, recipients, meta } = input;
+
+      // First create the template
+      const template = await createTemplate({
+        userId: apiToken.userId,
+        title,
+        templateDocumentDataId: documentDataId,
+        teamId: apiToken.teamId ?? undefined,
+      });
+
+      await Promise.all(
+        recipients.map(async (recipient) => {
+          const createdRecipient = await prisma.recipient.create({
+            data: {
+              templateId: template.id,
+              email: recipient.email,
+              name: recipient.name || '',
+              role: recipient.role || 'SIGNER',
+              token: `template-${template.id}-${recipient.email}`,
+              signingOrder: recipient.signingOrder,
+            },
+          });
+
+          const fields = recipient.fields ?? [];
+
+          const createdFields = await prisma.field.createMany({
+            data: fields.map((field) => ({
+              recipientId: createdRecipient.id,
+              type: field.type,
+              page: field.pageNumber,
+              positionX: field.pageX,
+              positionY: field.pageY,
+              width: field.width,
+              height: field.height,
+              customText: '',
+              inserted: false,
+              templateId: template.id,
+            })),
+          });
+
+          return {
+            ...createdRecipient,
+            fields: createdFields,
+          };
+        }),
+      );
+
+      // Update the template meta if needed
+      if (meta) {
+        await prisma.templateMeta.upsert({
+          where: {
+            templateId: template.id,
+          },
+          create: {
+            templateId: template.id,
+            ...meta,
+          },
+          update: {
+            ...meta,
+          },
+        });
+      }
+
+      if (!template.id) {
+        throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+          message: 'Failed to create template: missing template ID',
+        });
+      }
+
+      return {
+        templateId: template.id,
+      };
+    } catch (error) {
+      if (error instanceof AppError) {
+        throw error;
+      }
+
+      throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+        message: 'Failed to create template',
+      });
+    }
+  });

packages/trpc/server/embedding-router/create-embedding-template.types.ts

@@ -0,0 +1,74 @@
+import { DocumentSigningOrder, FieldType, RecipientRole } from '@prisma/client';
+import { z } from 'zod';
+
+import { ZDocumentEmailSettingsSchema } from '@documenso/lib/types/document-email';
+import {
+  ZFieldHeightSchema,
+  ZFieldPageNumberSchema,
+  ZFieldPageXSchema,
+  ZFieldPageYSchema,
+  ZFieldWidthSchema,
+} from '@documenso/lib/types/field';
+import { ZFieldMetaSchema } from '@documenso/lib/types/field-meta';
+
+import {
+  ZDocumentMetaDateFormatSchema,
+  ZDocumentMetaDistributionMethodSchema,
+  ZDocumentMetaDrawSignatureEnabledSchema,
+  ZDocumentMetaLanguageSchema,
+  ZDocumentMetaMessageSchema,
+  ZDocumentMetaRedirectUrlSchema,
+  ZDocumentMetaSubjectSchema,
+  ZDocumentMetaTimezoneSchema,
+  ZDocumentMetaTypedSignatureEnabledSchema,
+  ZDocumentMetaUploadSignatureEnabledSchema,
+  ZDocumentTitleSchema,
+} from '../document-router/schema';
+
+const ZFieldSchema = z.object({
+  type: z.nativeEnum(FieldType),
+  pageNumber: ZFieldPageNumberSchema,
+  pageX: ZFieldPageXSchema,
+  pageY: ZFieldPageYSchema,
+  width: ZFieldWidthSchema,
+  height: ZFieldHeightSchema,
+  fieldMeta: ZFieldMetaSchema.optional(),
+});
+
+export const ZCreateEmbeddingTemplateRequestSchema = z.object({
+  title: ZDocumentTitleSchema,
+  documentDataId: z.string(),
+  recipients: z.array(
+    z.object({
+      email: z.string().email(),
+      name: z.string().optional(),
+      role: z.nativeEnum(RecipientRole).optional(),
+      signingOrder: z.number().optional(),
+      fields: z.array(ZFieldSchema).optional(),
+    }),
+  ),
+  meta: z
+    .object({
+      subject: ZDocumentMetaSubjectSchema.optional(),
+      message: ZDocumentMetaMessageSchema.optional(),
+      timezone: ZDocumentMetaTimezoneSchema.optional(),
+      dateFormat: ZDocumentMetaDateFormatSchema.optional(),
+      distributionMethod: ZDocumentMetaDistributionMethodSchema.optional(),
+      signingOrder: z.nativeEnum(DocumentSigningOrder).optional(),
+      redirectUrl: ZDocumentMetaRedirectUrlSchema.optional(),
+      language: ZDocumentMetaLanguageSchema.optional(),
+      typedSignatureEnabled: ZDocumentMetaTypedSignatureEnabledSchema.optional(),
+      drawSignatureEnabled: ZDocumentMetaDrawSignatureEnabledSchema.optional(),
+      uploadSignatureEnabled: ZDocumentMetaUploadSignatureEnabledSchema.optional(),
+      emailSettings: ZDocumentEmailSettingsSchema.optional(),
+    })
+    .optional(),
+});
+
+export const ZCreateEmbeddingTemplateResponseSchema = z.object({
+  templateId: z.number(),
+});
+
+export type TCreateEmbeddingTemplateRequestSchema = z.infer<
+  typeof ZCreateEmbeddingTemplateRequestSchema
+>;

packages/trpc/server/embedding-router/get-embedding-document.ts

@@ -0,0 +1,63 @@
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { verifyEmbeddingPresignToken } from '@documenso/lib/server-only/embedding-presign/verify-embedding-presign-token';
+import { prisma } from '@documenso/prisma';
+
+import { procedure } from '../trpc';
+import {
+  ZGetEmbeddingDocumentRequestSchema,
+  ZGetEmbeddingDocumentResponseSchema,
+} from './get-embedding-document.types';
+
+export const getEmbeddingDocumentRoute = procedure
+  .input(ZGetEmbeddingDocumentRequestSchema)
+  .output(ZGetEmbeddingDocumentResponseSchema)
+  .query(async ({ input, ctx: { req } }) => {
+    try {
+      const authorizationHeader = req.headers.get('authorization');
+
+      const [presignToken] = (authorizationHeader || '')
+        .split('Bearer ')
+        .filter((s) => s.length > 0);
+
+      if (!presignToken) {
+        throw new AppError(AppErrorCode.UNAUTHORIZED, {
+          message: 'No presign token provided',
+        });
+      }
+
+      const apiToken = await verifyEmbeddingPresignToken({ token: presignToken });
+
+      const { documentId } = input;
+
+      const document = await prisma.document.findFirst({
+        where: {
+          id: documentId,
+          userId: apiToken.userId,
+          ...(apiToken.teamId ? { teamId: apiToken.teamId } : {}),
+        },
+        include: {
+          documentData: true,
+          recipients: true,
+          fields: true,
+        },
+      });
+
+      if (!document) {
+        throw new AppError(AppErrorCode.NOT_FOUND, {
+          message: 'Document not found',
+        });
+      }
+
+      return {
+        document,
+      };
+    } catch (error) {
+      if (error instanceof AppError) {
+        throw error;
+      }
+
+      throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+        message: 'Failed to get document',
+      });
+    }
+  });

packages/trpc/server/embedding-router/get-embedding-document.types.ts

@@ -0,0 +1,34 @@
+import { DocumentDataType, type Field, type Recipient } from '@prisma/client';
+import { z } from 'zod';
+
+export const ZGetEmbeddingDocumentRequestSchema = z.object({
+  documentId: z.number(),
+});
+
+export const ZGetEmbeddingDocumentResponseSchema = z.object({
+  document: z
+    .object({
+      id: z.number(),
+      title: z.string(),
+      status: z.string(),
+      documentDataId: z.string(),
+      userId: z.number(),
+      teamId: z.number().nullable(),
+      createdAt: z.date(),
+      updatedAt: z.date(),
+      documentData: z.object({
+        id: z.string(),
+        type: z.nativeEnum(DocumentDataType),
+        data: z.string(),
+        initialData: z.string(),
+      }),
+      recipients: z.array(z.custom<Recipient>()),
+      fields: z.array(z.custom<Field>()),
+    })
+    .nullable(),
+});
+
+export type TGetEmbeddingDocumentRequestSchema = z.infer<typeof ZGetEmbeddingDocumentRequestSchema>;
+export type TGetEmbeddingDocumentResponseSchema = z.infer<
+  typeof ZGetEmbeddingDocumentResponseSchema
+>;

packages/trpc/server/embedding-router/verify-embedding-presign-token.ts

@@ -0,0 +1,36 @@
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { verifyEmbeddingPresignToken } from '@documenso/lib/server-only/embedding-presign/verify-embedding-presign-token';
+
+import { procedure } from '../trpc';
+import {
+  ZVerifyEmbeddingPresignTokenRequestSchema,
+  ZVerifyEmbeddingPresignTokenResponseSchema,
+  verifyEmbeddingPresignTokenMeta,
+} from './verify-embedding-presign-token.types';
+
+/**
+ * Public route.
+ */
+export const verifyEmbeddingPresignTokenRoute = procedure
+  .meta(verifyEmbeddingPresignTokenMeta)
+  .input(ZVerifyEmbeddingPresignTokenRequestSchema)
+  .output(ZVerifyEmbeddingPresignTokenResponseSchema)
+  .mutation(async ({ input }) => {
+    try {
+      const { token } = input;
+
+      const apiToken = await verifyEmbeddingPresignToken({
+        token,
+      }).catch(() => null);
+
+      return { success: !!apiToken };
+    } catch (error) {
+      if (error instanceof AppError) {
+        throw error;
+      }
+
+      throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+        message: 'Failed to verify embedding presign token',
+      });
+    }
+  });

packages/trpc/server/embedding-router/verify-embedding-presign-token.types.ts

@@ -0,0 +1,33 @@
+import { z } from 'zod';
+
+import type { TrpcRouteMeta } from '../trpc';
+
+export const verifyEmbeddingPresignTokenMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/embedding/verify-presign-token',
+    summary: 'Verify embedding presign token',
+    description:
+      'Verifies a presign token for embedding operations and returns the associated API token',
+    tags: ['Embedding'],
+  },
+};
+
+export const ZVerifyEmbeddingPresignTokenRequestSchema = z.object({
+  token: z
+    .string()
+    .min(1, { message: 'Token is required' })
+    .describe('The presign token to verify'),
+});
+
+export const ZVerifyEmbeddingPresignTokenResponseSchema = z.object({
+  success: z.boolean(),
+});
+
+export type TVerifyEmbeddingPresignTokenRequestSchema = z.infer<
+  typeof ZVerifyEmbeddingPresignTokenRequestSchema
+>;
+
+export type TVerifyEmbeddingPresignTokenResponseSchema = z.infer<
+  typeof ZVerifyEmbeddingPresignTokenResponseSchema
+>;

packages/trpc/server/recipient-router/router.ts

@@ -436,12 +436,13 @@ export const recipientRouter = router({
   completeDocumentWithToken: procedure
     .input(ZCompleteDocumentWithTokenMutationSchema)
     .mutation(async ({ input, ctx }) => {
-      const { token, documentId, authOptions } = input;
+      const { token, documentId, authOptions, nextSigner } = input;
 
       return await completeDocumentWithToken({
         token,
         documentId,
         authOptions,
+        nextSigner,
         userId: ctx.user?.id,
         requestMetadata: ctx.metadata.requestMetadata,
       });

packages/trpc/server/recipient-router/schema.ts

@@ -212,6 +212,12 @@ export const ZCompleteDocumentWithTokenMutationSchema = z.object({
   token: z.string(),
   documentId: z.number(),
   authOptions: ZRecipientActionAuthSchema.optional(),
+  nextSigner: z
+    .object({
+      email: z.string().email(),
+      name: z.string().min(1),
+    })
+    .optional(),
 });
 
 export type TCompleteDocumentWithTokenMutationSchema = z.infer<

packages/trpc/server/router.ts

@@ -2,6 +2,7 @@ import { adminRouter } from './admin-router/router';
 import { apiTokenRouter } from './api-token-router/router';
 import { authRouter } from './auth-router/router';
 import { documentRouter } from './document-router/router';
+import { embeddingPresignRouter } from './embedding-router/_router';
 import { fieldRouter } from './field-router/router';
 import { profileRouter } from './profile-router/router';
 import { recipientRouter } from './recipient-router/router';
@@ -23,6 +24,7 @@ export const appRouter = router({
   team: teamRouter,
   template: templateRouter,
   webhook: webhookRouter,
+  embeddingPresign: embeddingPresignRouter,
 });
 
 export type AppRouter = typeof appRouter;

packages/trpc/server/team-router/router.ts

@@ -33,7 +33,6 @@ import { resendTeamEmailVerification } from '@documenso/lib/server-only/team/res
 import { resendTeamMemberInvitation } from '@documenso/lib/server-only/team/resend-team-member-invitation';
 import { updateTeam } from '@documenso/lib/server-only/team/update-team';
 import { updateTeamBrandingSettings } from '@documenso/lib/server-only/team/update-team-branding-settings';
-import { updateTeamDocumentSettings } from '@documenso/lib/server-only/team/update-team-document-settings';
 import { updateTeamEmail } from '@documenso/lib/server-only/team/update-team-email';
 import { updateTeamMember } from '@documenso/lib/server-only/team/update-team-member';
 import { updateTeamPublicProfile } from '@documenso/lib/server-only/team/update-team-public-profile';
@@ -66,12 +65,12 @@ import {
   ZResendTeamEmailVerificationMutationSchema,
   ZResendTeamMemberInvitationMutationSchema,
   ZUpdateTeamBrandingSettingsMutationSchema,
-  ZUpdateTeamDocumentSettingsMutationSchema,
   ZUpdateTeamEmailMutationSchema,
   ZUpdateTeamMemberMutationSchema,
   ZUpdateTeamMutationSchema,
   ZUpdateTeamPublicProfileMutationSchema,
 } from './schema';
+import { updateTeamDocumentSettingsRoute } from './update-team-document-settings';
 
 export const teamRouter = router({
   // Internal endpoint for now.
@@ -571,18 +570,7 @@ export const teamRouter = router({
     return await getTeamPrices();
   }),
 
-  // Internal endpoint. Use updateTeam instead.
-  updateTeamDocumentSettings: authenticatedProcedure
-    .input(ZUpdateTeamDocumentSettingsMutationSchema)
-    .mutation(async ({ ctx, input }) => {
-      const { teamId, settings } = input;
-
-      return await updateTeamDocumentSettings({
-        userId: ctx.user.id,
-        teamId,
-        settings,
-      });
-    }),
+  updateTeamDocumentSettings: updateTeamDocumentSettingsRoute,
 
   // Internal endpoint for now.
   acceptTeamInvitation: authenticatedProcedure

packages/trpc/server/team-router/schema.ts

@@ -1,7 +1,6 @@
-import { DocumentVisibility, TeamMemberRole } from '@prisma/client';
+import { TeamMemberRole } from '@prisma/client';
 import { z } from 'zod';
 
-import { SUPPORTED_LANGUAGE_CODES } from '@documenso/lib/constants/i18n';
 import { PROTECTED_TEAM_URLS } from '@documenso/lib/constants/teams';
 import { ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
 
@@ -195,20 +194,6 @@ export const ZUpdateTeamBrandingSettingsMutationSchema = z.object({
   }),
 });
 
-export const ZUpdateTeamDocumentSettingsMutationSchema = z.object({
-  teamId: z.number(),
-  settings: z.object({
-    documentVisibility: z
-      .nativeEnum(DocumentVisibility)
-      .optional()
-      .default(DocumentVisibility.EVERYONE),
-    documentLanguage: z.enum(SUPPORTED_LANGUAGE_CODES).optional().default('en'),
-    includeSenderDetails: z.boolean().optional().default(false),
-    typedSignatureEnabled: z.boolean().optional().default(true),
-    includeSigningCertificate: z.boolean().optional().default(true),
-  }),
-});
-
 export type TCreateTeamMutationSchema = z.infer<typeof ZCreateTeamMutationSchema>;
 export type TCreateTeamEmailVerificationMutationSchema = z.infer<
   typeof ZCreateTeamEmailVerificationMutationSchema
@@ -247,6 +232,3 @@ export type TResendTeamMemberInvitationMutationSchema = z.infer<
 export type TUpdateTeamBrandingSettingsMutationSchema = z.infer<
   typeof ZUpdateTeamBrandingSettingsMutationSchema
 >;
-export type TUpdateTeamDocumentSettingsMutationSchema = z.infer<
-  typeof ZUpdateTeamDocumentSettingsMutationSchema
->;

packages/trpc/server/team-router/update-team-document-settings.ts

@@ -0,0 +1,71 @@
+import { TEAM_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/teams';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { prisma } from '@documenso/prisma';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZUpdateTeamDocumentSettingsRequestSchema,
+  ZUpdateTeamDocumentSettingsResponseSchema,
+} from './update-team-document-settings.types';
+
+/**
+ * Private route.
+ */
+export const updateTeamDocumentSettingsRoute = authenticatedProcedure
+  .input(ZUpdateTeamDocumentSettingsRequestSchema)
+  .output(ZUpdateTeamDocumentSettingsResponseSchema)
+  .mutation(async ({ ctx, input }) => {
+    const { user } = ctx;
+    const { teamId, settings } = input;
+
+    const {
+      documentVisibility,
+      documentLanguage,
+      includeSenderDetails,
+      includeSigningCertificate,
+      typedSignatureEnabled,
+      uploadSignatureEnabled,
+      drawSignatureEnabled,
+    } = settings;
+
+    const member = await prisma.teamMember.findFirst({
+      where: {
+        userId: user.id,
+        teamId,
+        role: {
+          in: TEAM_MEMBER_ROLE_PERMISSIONS_MAP.MANAGE_TEAM,
+        },
+      },
+    });
+
+    if (!member) {
+      throw new AppError(AppErrorCode.UNAUTHORIZED, {
+        message: 'You do not have permission to update this team.',
+      });
+    }
+
+    return await prisma.teamGlobalSettings.upsert({
+      where: {
+        teamId,
+      },
+      create: {
+        teamId,
+        documentVisibility,
+        documentLanguage,
+        includeSenderDetails,
+        includeSigningCertificate,
+        typedSignatureEnabled,
+        uploadSignatureEnabled,
+        drawSignatureEnabled,
+      },
+      update: {
+        documentVisibility,
+        documentLanguage,
+        includeSenderDetails,
+        includeSigningCertificate,
+        typedSignatureEnabled,
+        uploadSignatureEnabled,
+        drawSignatureEnabled,
+      },
+    });
+  });

packages/trpc/server/team-router/update-team-document-settings.types.ts

@@ -0,0 +1,23 @@
+import { z } from 'zod';
+
+import { SUPPORTED_LANGUAGE_CODES } from '@documenso/lib/constants/i18n';
+import { DocumentVisibility } from '@documenso/lib/types/document-visibility';
+import TeamGlobalSettingsSchema from '@documenso/prisma/generated/zod/modelSchema/TeamGlobalSettingsSchema';
+
+export const ZUpdateTeamDocumentSettingsRequestSchema = z.object({
+  teamId: z.number(),
+  settings: z.object({
+    documentVisibility: z
+      .nativeEnum(DocumentVisibility)
+      .optional()
+      .default(DocumentVisibility.EVERYONE),
+    documentLanguage: z.enum(SUPPORTED_LANGUAGE_CODES).optional().default('en'),
+    includeSenderDetails: z.boolean().optional().default(false),
+    includeSigningCertificate: z.boolean().optional().default(true),
+    typedSignatureEnabled: z.boolean().optional().default(true),
+    uploadSignatureEnabled: z.boolean().optional().default(true),
+    drawSignatureEnabled: z.boolean().optional().default(true),
+  }),
+});
+
+export const ZUpdateTeamDocumentSettingsResponseSchema = TeamGlobalSettingsSchema;

packages/trpc/server/template-router/schema.ts

@@ -19,12 +19,14 @@ import { TemplateDirectLinkSchema } from '@documenso/prisma/generated/zod/modelS
 import {
   ZDocumentMetaDateFormatSchema,
   ZDocumentMetaDistributionMethodSchema,
+  ZDocumentMetaDrawSignatureEnabledSchema,
   ZDocumentMetaLanguageSchema,
   ZDocumentMetaMessageSchema,
   ZDocumentMetaRedirectUrlSchema,
   ZDocumentMetaSubjectSchema,
   ZDocumentMetaTimezoneSchema,
   ZDocumentMetaTypedSignatureEnabledSchema,
+  ZDocumentMetaUploadSignatureEnabledSchema,
 } from '../document-router/schema';
 import { ZSignFieldWithTokenMutationSchema } from '../field-router/schema';
 
@@ -164,7 +166,10 @@ export const ZUpdateTemplateRequestSchema = z.object({
       redirectUrl: ZDocumentMetaRedirectUrlSchema.optional(),
       language: ZDocumentMetaLanguageSchema.optional(),
       typedSignatureEnabled: ZDocumentMetaTypedSignatureEnabledSchema.optional(),
+      uploadSignatureEnabled: ZDocumentMetaUploadSignatureEnabledSchema.optional(),
+      drawSignatureEnabled: ZDocumentMetaDrawSignatureEnabledSchema.optional(),
       signingOrder: z.nativeEnum(DocumentSigningOrder).optional(),
+      allowDictateNextSigner: z.boolean().optional(),
     })
     .optional(),
 });

packages/trpc/server/trpc.ts

@@ -9,8 +9,8 @@ import { isAdmin } from '@documenso/lib/utils/is-admin';
 
 import type { TrpcContext } from './context';
 
-// Can't import type from trpc-to-openapi because it breaks nextjs build, not sure why.
-type OpenApiMeta = {
+// Can't import type from trpc-to-openapi because it breaks build, not sure why.
+export type TrpcRouteMeta = {
   openapi?: {
     enabled?: boolean;
     method: 'GET' | 'POST' | 'PATCH' | 'PUT' | 'DELETE';
@@ -30,7 +30,7 @@ type OpenApiMeta = {
 } & Record<string, unknown>;
 
 const t = initTRPC
-  .meta<OpenApiMeta>()
+  .meta<TrpcRouteMeta>()
   .context<TrpcContext>()
   .create({
     transformer: SuperJSON,