feat: migrate nextjs to rr7

packages/signing/index.ts

@@ -1,5 +1,7 @@
 import { match } from 'ts-pattern';
 
+import { env } from '@documenso/lib/utils/env';
+
 import { signWithGoogleCloudHSM } from './transports/google-cloud-hsm';
 import { signWithLocalCert } from './transports/local-cert';
 
@@ -8,7 +10,7 @@ export type SignOptions = {
 };
 
 export const signPdf = async ({ pdf }: SignOptions) => {
-  const transport = process.env.NEXT_PRIVATE_SIGNING_TRANSPORT || 'local';
+  const transport = env('NEXT_PRIVATE_SIGNING_TRANSPORT') || 'local';
 
   return await match(transport)
     .with('local', async () => signWithLocalCert({ pdf }))

packages/signing/package.json

@@ -18,6 +18,6 @@
     "ts-pattern": "^5.0.5"
   },
   "devDependencies": {
-    "vitest": "^1.3.1"
+    "vitest": "^2.1.8"
   }
 }

packages/signing/transports/google-cloud-hsm.ts

@@ -1,5 +1,6 @@
 import fs from 'node:fs';
 
+import { env } from '@documenso/lib/utils/env';
 import { signWithGCloud } from '@documenso/pdf-sign';
 
 import { addSigningPlaceholder } from '../helpers/add-signing-placeholder';
@@ -10,27 +11,24 @@ export type SignWithGoogleCloudHSMOptions = {
 };
 
 export const signWithGoogleCloudHSM = async ({ pdf }: SignWithGoogleCloudHSMOptions) => {
-  const keyPath = process.env.NEXT_PRIVATE_SIGNING_GCLOUD_HSM_KEY_PATH;
+  const keyPath = env('NEXT_PRIVATE_SIGNING_GCLOUD_HSM_KEY_PATH');
 
   if (!keyPath) {
     throw new Error('No certificate path provided for Google Cloud HSM signing');
   }
 
+  const googleApplicationCredentials = env('GOOGLE_APPLICATION_CREDENTIALS');
+  const googleApplicationCredentialsContents = env(
+    'NEXT_PRIVATE_SIGNING_GCLOUD_APPLICATION_CREDENTIALS_CONTENTS',
+  );
+
   // To handle hosting in serverless environments like Vercel we can supply the base64 encoded
   // application credentials as an environment variable and write it to a file if it doesn't exist
-  if (
-    process.env.GOOGLE_APPLICATION_CREDENTIALS &&
-    process.env.NEXT_PRIVATE_SIGNING_GCLOUD_APPLICATION_CREDENTIALS_CONTENTS
-  ) {
-    if (!fs.existsSync(process.env.GOOGLE_APPLICATION_CREDENTIALS)) {
-      const contents = new Uint8Array(
-        Buffer.from(
-          process.env.NEXT_PRIVATE_SIGNING_GCLOUD_APPLICATION_CREDENTIALS_CONTENTS,
-          'base64',
-        ),
-      );
+  if (googleApplicationCredentials && googleApplicationCredentialsContents) {
+    if (!fs.existsSync(googleApplicationCredentials)) {
+      const contents = new Uint8Array(Buffer.from(googleApplicationCredentialsContents, 'base64'));
 
-      fs.writeFileSync(process.env.GOOGLE_APPLICATION_CREDENTIALS, contents);
+      fs.writeFileSync(googleApplicationCredentials, contents);
     }
   }
 
@@ -47,17 +45,18 @@ export const signWithGoogleCloudHSM = async ({ pdf }: SignWithGoogleCloudHSMOpti
 
   let cert: Buffer | null = null;
 
-  if (process.env.NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_CONTENTS) {
-    cert = Buffer.from(
-      process.env.NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_CONTENTS,
-      'base64',
-    );
+  const googleCloudHsmPublicCrtFileContents = env(
+    'NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_CONTENTS',
+  );
+
+  if (googleCloudHsmPublicCrtFileContents) {
+    cert = Buffer.from(googleCloudHsmPublicCrtFileContents, 'base64');
   }
 
   if (!cert) {
     cert = Buffer.from(
       fs.readFileSync(
-        process.env.NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_PATH || './example/cert.crt',
+        env('NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_PATH') || './example/cert.crt',
       ),
     );
   }

packages/signing/transports/local-cert.ts

@@ -1,5 +1,6 @@
 import fs from 'node:fs';
 
+import { env } from '@documenso/lib/utils/env';
 import { signWithP12 } from '@documenso/pdf-sign';
 
 import { addSigningPlaceholder } from '../helpers/add-signing-placeholder';
@@ -23,20 +24,22 @@ export const signWithLocalCert = async ({ pdf }: SignWithLocalCertOptions) => {
 
   let cert: Buffer | null = null;
 
-  if (process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS) {
-    cert = Buffer.from(process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS, 'base64');
+  const localFileContents = env('NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS');
+
+  if (localFileContents) {
+    cert = Buffer.from(localFileContents, 'base64');
   }
 
   if (!cert) {
-    let certPath = process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH || '/opt/documenso/cert.p12';
+    let certPath = env('NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH') || '/opt/documenso/cert.p12';
 
     // We don't want to make the development server suddenly crash when using the `dx` script
     // so we retain this when NODE_ENV isn't set to production which it should be in most production
     // deployments.
     //
     // Our docker image automatically sets this so it shouldn't be an issue for self-hosters.
-    if (process.env.NODE_ENV !== 'production') {
-      certPath = process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH || './example/cert.p12';
+    if (env('NODE_ENV') !== 'production') {
+      certPath = env('NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH') || './example/cert.p12';
     }
 
     cert = Buffer.from(fs.readFileSync(certPath));
@@ -45,7 +48,7 @@ export const signWithLocalCert = async ({ pdf }: SignWithLocalCertOptions) => {
   const signature = signWithP12({
     cert,
     content: pdfWithoutSignature,
-    password: process.env.NEXT_PRIVATE_SIGNING_PASSPHRASE || undefined,
+    password: env('NEXT_PRIVATE_SIGNING_PASSPHRASE') || undefined,
   });
 
   const signatureAsHex = signature.toString('hex');