mirror of
https://github.com/documenso/documenso.git
synced 2025-11-13 00:03:33 +10:00
chore: sign document
This commit is contained in:
Mythie
@ -19,6 +19,7 @@
|
||||
"@aws-sdk/signature-v4-crt": "^3.410.0",
|
||||
"@documenso/email": "*",
|
||||
"@documenso/prisma": "*",
|
||||
"@documenso/signing": "*",
|
||||
"@next-auth/prisma-adapter": "1.0.7",
|
||||
"@pdf-lib/fontkit": "^1.1.1",
|
||||
"@scure/base": "^1.1.3",
|
||||
@ -38,4 +39,4 @@
|
||||
"@types/bcrypt": "^5.0.0",
|
||||
"@types/luxon": "^3.3.1"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -5,6 +5,7 @@ import { PDFDocument } from 'pdf-lib';
|
||||
|
||||
import { prisma } from '@documenso/prisma';
|
||||
import { DocumentStatus, SigningStatus } from '@documenso/prisma/client';
|
||||
import { signPdf } from '@documenso/signing';
|
||||
|
||||
import { getFile } from '../../universal/upload/get-file';
|
||||
import { putFile } from '../../universal/upload/put-file';
|
||||
@ -71,12 +72,14 @@ export const sealDocument = async ({ documentId }: SealDocumentOptions) => {
|
||||
|
||||
const pdfBytes = await doc.save();
|
||||
|
||||
const pdfBuffer = await signPdf({ pdf: Buffer.from(pdfBytes) });
|
||||
|
||||
const { name, ext } = path.parse(document.title);
|
||||
|
||||
const { data: newData } = await putFile({
|
||||
name: `${name}_signed${ext}`,
|
||||
type: 'application/pdf',
|
||||
arrayBuffer: async () => Promise.resolve(Buffer.from(pdfBytes)),
|
||||
arrayBuffer: async () => Promise.resolve(pdfBuffer),
|
||||
});
|
||||
|
||||
await prisma.documentData.update({
|
||||
|
||||
73
packages/signing/helpers/addSigningPlaceholder.ts
Normal file
73
packages/signing/helpers/addSigningPlaceholder.ts
Normal file
@ -0,0 +1,73 @@
|
||||
import signer from 'node-signpdf';
|
||||
import { PDFArray, PDFDocument, PDFHexString, PDFName, PDFNumber, PDFString } from 'pdf-lib';
|
||||
|
||||
export type AddSigningPlaceholderOptions = {
|
||||
pdf: Buffer;
|
||||
};
|
||||
|
||||
export const addSigningPlaceholder = async ({ pdf }: AddSigningPlaceholderOptions) => {
|
||||
const doc = await PDFDocument.load(pdf);
|
||||
const pages = doc.getPages();
|
||||
|
||||
const byteRange = PDFArray.withContext(doc.context);
|
||||
|
||||
byteRange.push(PDFNumber.of(0));
|
||||
byteRange.push(PDFName.of(signer.byteRangePlaceholder));
|
||||
byteRange.push(PDFName.of(signer.byteRangePlaceholder));
|
||||
byteRange.push(PDFName.of(signer.byteRangePlaceholder));
|
||||
|
||||
const signature = doc.context.obj({
|
||||
Type: 'Sig',
|
||||
Filter: 'Adobe.PPKLite',
|
||||
SubFilter: 'adbe.pkcs7.detached',
|
||||
ByteRange: byteRange,
|
||||
Contents: PDFHexString.fromText(' '.repeat(8192)),
|
||||
Reason: PDFString.of('Signed by Documenso'),
|
||||
M: PDFString.fromDate(new Date()),
|
||||
});
|
||||
|
||||
const signatureRef = doc.context.register(signature);
|
||||
|
||||
const widget = doc.context.obj({
|
||||
Type: 'Annot',
|
||||
Subtype: 'Widget',
|
||||
FT: 'Sig',
|
||||
Rect: [0, 0, 0, 0],
|
||||
V: signatureRef,
|
||||
T: PDFString.of('Signature1'),
|
||||
F: 4,
|
||||
P: pages[0].ref,
|
||||
});
|
||||
|
||||
const widgetRef = doc.context.register(widget);
|
||||
|
||||
let widgets = pages[0].node.get(PDFName.of('Annots'));
|
||||
|
||||
if (widgets instanceof PDFArray) {
|
||||
widgets.push(widgetRef);
|
||||
} else {
|
||||
const newWidgets = PDFArray.withContext(doc.context);
|
||||
|
||||
newWidgets.push(widgetRef);
|
||||
|
||||
pages[0].node.set(PDFName.of('Annots'), newWidgets);
|
||||
|
||||
widgets = pages[0].node.get(PDFName.of('Annots'));
|
||||
}
|
||||
|
||||
if (!widgets) {
|
||||
throw new Error('No widgets');
|
||||
}
|
||||
|
||||
pages[0].node.set(PDFName.of('Annots'), widgets);
|
||||
|
||||
doc.catalog.set(
|
||||
PDFName.of('AcroForm'),
|
||||
doc.context.obj({
|
||||
SigFlags: 3,
|
||||
Fields: [widgetRef],
|
||||
}),
|
||||
);
|
||||
|
||||
return Buffer.from(await doc.save({ useObjectStreams: false }));
|
||||
};
|
||||
17
packages/signing/index.ts
Normal file
17
packages/signing/index.ts
Normal file
@ -0,0 +1,17 @@
|
||||
import { match } from 'ts-pattern';
|
||||
|
||||
import { signWithLocalCert } from './transports/local-cert';
|
||||
|
||||
export type SignOptions = {
|
||||
pdf: Buffer;
|
||||
};
|
||||
|
||||
export const signPdf = async ({ pdf }: SignOptions) => {
|
||||
const transport = process.env.NEXT_PRIVATE_SIGNING_TRANSPORT || 'local';
|
||||
|
||||
return await match(transport)
|
||||
.with('local', async () => signWithLocalCert({ pdf }))
|
||||
.otherwise(() => {
|
||||
throw new Error(`Unsupported signing transport: ${transport}`);
|
||||
});
|
||||
};
|
||||
23
packages/signing/package.json
Normal file
23
packages/signing/package.json
Normal file
@ -0,0 +1,23 @@
|
||||
{
|
||||
"name": "@documenso/signing",
|
||||
"version": "1.0.0",
|
||||
"main": "./index.ts",
|
||||
"types": "./index.ts",
|
||||
"license": "AGPLv3",
|
||||
"files": [
|
||||
"transports/",
|
||||
"index.ts"
|
||||
],
|
||||
"scripts": {
|
||||
},
|
||||
"dependencies": {
|
||||
"@documenso/tsconfig": "*",
|
||||
"node-forge": "^1.3.1",
|
||||
"node-signpdf": "^2.0.0",
|
||||
"pdf-lib": "^1.17.1",
|
||||
"ts-pattern": "^5.0.5"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/node-forge": "^1.3.4"
|
||||
}
|
||||
}
|
||||
32
packages/signing/transports/local-cert.ts
Normal file
32
packages/signing/transports/local-cert.ts
Normal file
@ -0,0 +1,32 @@
|
||||
import signer from 'node-signpdf';
|
||||
import fs from 'node:fs';
|
||||
|
||||
import { addSigningPlaceholder } from '../helpers/addSigningPlaceholder';
|
||||
|
||||
export type SignWithLocalCertOptions = {
|
||||
pdf: Buffer;
|
||||
};
|
||||
|
||||
export const signWithLocalCert = async ({ pdf }: SignWithLocalCertOptions) => {
|
||||
const pdfWithPlaceholder = await addSigningPlaceholder({ pdf });
|
||||
|
||||
let p12Cert: Buffer | null = null;
|
||||
|
||||
if (process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS) {
|
||||
p12Cert = Buffer.from(process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS, 'base64');
|
||||
}
|
||||
|
||||
if (!p12Cert) {
|
||||
p12Cert = Buffer.from(
|
||||
fs.readFileSync(process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH || './example/cert.p12'),
|
||||
);
|
||||
}
|
||||
|
||||
if (process.env.NEXT_PRIVATE_SIGNING_PASSPHRASE) {
|
||||
return signer.sign(pdfWithPlaceholder, p12Cert, {
|
||||
passphrase: process.env.NEXT_PRIVATE_SIGNING_PASSPHRASE,
|
||||
});
|
||||
}
|
||||
|
||||
return signer.sign(pdfWithPlaceholder, p12Cert);
|
||||
};
|
||||
8
packages/signing/tsconfig.json
Normal file
8
packages/signing/tsconfig.json
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"extends": "@documenso/tsconfig/react-library.json",
|
||||
"compilerOptions": {
|
||||
"types": ["@documenso/tsconfig/process-env.d.ts", "@types/node"]
|
||||
},
|
||||
"include": ["**/*.ts", "**/*.tsx", "**/*.d.ts", "**/*.json"],
|
||||
"exclude": ["dist", "build", "node_modules"]
|
||||
}
|
||||
6
packages/tsconfig/process-env.d.ts
vendored
6
packages/tsconfig/process-env.d.ts
vendored
@ -21,6 +21,12 @@ declare namespace NodeJS {
|
||||
NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID?: string;
|
||||
NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY?: string;
|
||||
|
||||
NEXT_PRIVATE_SIGNING_TRANSPORT?: 'local' | 'http' | 'gcloud-hsm';
|
||||
NEXT_PRIVATE_SIGNING_PASSPHRASE?: string;
|
||||
NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH?: string;
|
||||
NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS?: string;
|
||||
NEXT_PRIVATE_SIGNING_LOCAL_FILE_ENCODING?: string;
|
||||
|
||||
NEXT_PRIVATE_SMTP_TRANSPORT?: 'mailchannels' | 'smtp-auth' | 'smtp-api';
|
||||
|
||||
NEXT_PRIVATE_MAILCHANNELS_API_KEY?: string;
|
||||
|
||||
Reference in New Issue
Block a user