Merge branch 'main' into feat/enhance-posthog-tracking

packages/app-tests/e2e/pr-711-deletion-of-documents.spec.ts

@@ -0,0 +1,192 @@
+import { expect, test } from '@playwright/test';
+
+import { TEST_USERS } from '@documenso/prisma/seed/pr-711-deletion-of-documents';
+
+test.describe.configure({ mode: 'serial' });
+
+test('[PR-711]: seeded documents should be visible', async ({ page }) => {
+  const [sender, ...recipients] = TEST_USERS;
+
+  await page.goto('/signin');
+
+  await page.getByLabel('Email').fill(sender.email);
+  await page.getByLabel('Password', { exact: true }).fill(sender.password);
+  await page.getByRole('button', { name: 'Sign In' }).click();
+
+  await page.waitForURL('/documents');
+
+  await expect(page.getByRole('link', { name: 'Document 1 - Completed' })).toBeVisible();
+  await expect(page.getByRole('link', { name: 'Document 1 - Pending' })).toBeVisible();
+  await expect(page.getByRole('link', { name: 'Document 1 - Draft' })).toBeVisible();
+
+  await page.getByTitle('Profile Dropdown').click();
+  await page.getByRole('menuitem', { name: 'Sign Out' }).click();
+
+  await page.waitForURL('/signin');
+
+  for (const recipient of recipients) {
+    await page.goto('/signin');
+
+    await page.getByLabel('Email').fill(recipient.email);
+    await page.getByLabel('Password', { exact: true }).fill(recipient.password);
+    await page.getByRole('button', { name: 'Sign In' }).click();
+
+    await page.waitForURL('/documents');
+
+    await expect(page.getByRole('link', { name: 'Document 1 - Completed' })).toBeVisible();
+    await expect(page.getByRole('link', { name: 'Document 1 - Pending' })).toBeVisible();
+
+    await expect(page.getByRole('link', { name: 'Document 1 - Draft' })).not.toBeVisible();
+
+    await page.getByTitle('Profile Dropdown').click();
+    await page.getByRole('menuitem', { name: 'Sign Out' }).click();
+
+    await page.waitForURL('/signin');
+  }
+});
+
+test('[PR-711]: deleting a completed document should not remove it from recipients', async ({
+  page,
+}) => {
+  const [sender, ...recipients] = TEST_USERS;
+
+  await page.goto('/signin');
+
+  // sign in
+  await page.getByLabel('Email').fill(sender.email);
+  await page.getByLabel('Password', { exact: true }).fill(sender.password);
+  await page.getByRole('button', { name: 'Sign In' }).click();
+
+  await page.waitForURL('/documents');
+
+  // open actions menu
+  await page
+    .locator('tr', { hasText: 'Document 1 - Completed' })
+    .getByRole('cell', { name: 'Download' })
+    .getByRole('button')
+    .nth(1)
+    .click();
+
+  // delete document
+  await page.getByRole('menuitem', { name: 'Delete' }).click();
+  await page.getByPlaceholder("Type 'delete' to confirm").fill('delete');
+  await page.getByRole('button', { name: 'Delete' }).click();
+
+  await expect(page.getByRole('row', { name: /Document 1 - Completed/ })).not.toBeVisible();
+
+  // signout
+  await page.getByTitle('Profile Dropdown').click();
+  await page.getByRole('menuitem', { name: 'Sign Out' }).click();
+
+  await page.waitForURL('/signin');
+
+  for (const recipient of recipients) {
+    await page.goto('/signin');
+
+    // sign in
+    await page.getByLabel('Email').fill(recipient.email);
+    await page.getByLabel('Password', { exact: true }).fill(recipient.password);
+    await page.getByRole('button', { name: 'Sign In' }).click();
+
+    await page.waitForURL('/documents');
+
+    await expect(page.getByRole('link', { name: 'Document 1 - Completed' })).toBeVisible();
+
+    await page.goto(`/sign/completed-token-${recipients.indexOf(recipient)}`);
+    await expect(page.getByText('Everyone has signed').nth(0)).toBeVisible();
+
+    await page.goto('/documents');
+
+    await page.getByTitle('Profile Dropdown').click();
+    await page.getByRole('menuitem', { name: 'Sign Out' }).click();
+
+    await page.waitForURL('/signin');
+  }
+});
+
+test('[PR-711]: deleting a pending document should remove it from recipients', async ({ page }) => {
+  const [sender, ...recipients] = TEST_USERS;
+
+  for (const recipient of recipients) {
+    await page.goto(`/sign/pending-token-${recipients.indexOf(recipient)}`);
+
+    await expect(page.getByText('Waiting for others to sign').nth(0)).toBeVisible();
+  }
+
+  await page.goto('/signin');
+
+  // sign in
+  await page.getByLabel('Email').fill(sender.email);
+  await page.getByLabel('Password', { exact: true }).fill(sender.password);
+  await page.getByRole('button', { name: 'Sign In' }).click();
+
+  await page.waitForURL('/documents');
+
+  // open actions menu
+  await page.locator('tr', { hasText: 'Document 1 - Pending' }).getByRole('button').nth(1).click();
+
+  // delete document
+  await page.getByRole('menuitem', { name: 'Delete' }).click();
+  await page.getByPlaceholder("Type 'delete' to confirm").fill('delete');
+  await page.getByRole('button', { name: 'Delete' }).click();
+
+  await expect(page.getByRole('row', { name: /Document 1 - Pending/ })).not.toBeVisible();
+
+  // signout
+  await page.getByTitle('Profile Dropdown').click();
+  await page.getByRole('menuitem', { name: 'Sign Out' }).click();
+
+  await page.waitForURL('/signin');
+
+  for (const recipient of recipients) {
+    await page.goto('/signin');
+
+    // sign in
+    await page.getByLabel('Email').fill(recipient.email);
+    await page.getByLabel('Password', { exact: true }).fill(recipient.password);
+    await page.getByRole('button', { name: 'Sign In' }).click();
+
+    await page.waitForURL('/documents');
+
+    await expect(page.getByRole('link', { name: 'Document 1 - Pending' })).not.toBeVisible();
+
+    await page.goto(`/sign/pending-token-${recipients.indexOf(recipient)}`);
+    await expect(page.getByText(/document.*cancelled/i).nth(0)).toBeVisible();
+
+    await page.goto('/documents');
+
+    await page.getByTitle('Profile Dropdown').click();
+    await page.getByRole('menuitem', { name: 'Sign Out' }).click();
+
+    await page.waitForURL('/signin');
+  }
+});
+
+test('[PR-711]: deleting a draft document should remove it without additional prompting', async ({
+  page,
+}) => {
+  const [sender] = TEST_USERS;
+
+  await page.goto('/signin');
+
+  // sign in
+  await page.getByLabel('Email').fill(sender.email);
+  await page.getByLabel('Password', { exact: true }).fill(sender.password);
+  await page.getByRole('button', { name: 'Sign In' }).click();
+
+  await page.waitForURL('/documents');
+
+  // open actions menu
+  await page
+    .locator('tr', { hasText: 'Document 1 - Draft' })
+    .getByRole('cell', { name: 'Edit' })
+    .getByRole('button')
+    .click();
+
+  // delete document
+  await page.getByRole('menuitem', { name: 'Delete' }).click();
+  await expect(page.getByPlaceholder("Type 'delete' to confirm")).not.toBeVisible();
+  await page.getByRole('button', { name: 'Delete' }).click();
+
+  await expect(page.getByRole('row', { name: /Document 1 - Draft/ })).not.toBeVisible();
+});

packages/app-tests/e2e/pr-713-add-document-search-to-command-menu.spec.ts

@@ -0,0 +1,72 @@
+import { expect, test } from '@playwright/test';
+
+import { TEST_USERS } from '@documenso/prisma/seed/pr-713-add-document-search-to-command-menu';
+
+test('[PR-713]: should see sent documents', async ({ page }) => {
+  const [user] = TEST_USERS;
+
+  await page.goto('/signin');
+
+  await page.getByLabel('Email').fill(user.email);
+  await page.getByLabel('Password', { exact: true }).fill(user.password);
+  await page.getByRole('button', { name: 'Sign In' }).click();
+
+  await page.waitForURL('/documents');
+
+  await page.keyboard.press('Meta+K');
+
+  await page.getByPlaceholder('Type a command or search...').fill('sent');
+  await expect(page.getByRole('option', { name: '[713] Document - Sent' })).toBeVisible();
+
+  await page.keyboard.press('Escape');
+
+  // signout
+  await page.getByTitle('Profile Dropdown').click();
+  await page.getByRole('menuitem', { name: 'Sign Out' }).click();
+});
+
+test('[PR-713]: should see received documents', async ({ page }) => {
+  const [user] = TEST_USERS;
+
+  await page.goto('/signin');
+
+  await page.getByLabel('Email').fill(user.email);
+  await page.getByLabel('Password', { exact: true }).fill(user.password);
+  await page.getByRole('button', { name: 'Sign In' }).click();
+
+  await page.waitForURL('/documents');
+
+  await page.keyboard.press('Meta+K');
+
+  await page.getByPlaceholder('Type a command or search...').fill('received');
+  await expect(page.getByRole('option', { name: '[713] Document - Received' })).toBeVisible();
+
+  await page.keyboard.press('Escape');
+
+  // signout
+  await page.getByTitle('Profile Dropdown').click();
+  await page.getByRole('menuitem', { name: 'Sign Out' }).click();
+});
+
+test('[PR-713]: should be able to search by recipient', async ({ page }) => {
+  const [user, recipient] = TEST_USERS;
+
+  await page.goto('/signin');
+
+  await page.getByLabel('Email').fill(user.email);
+  await page.getByLabel('Password', { exact: true }).fill(user.password);
+  await page.getByRole('button', { name: 'Sign In' }).click();
+
+  await page.waitForURL('/documents');
+
+  await page.keyboard.press('Meta+K');
+
+  await page.getByPlaceholder('Type a command or search...').fill(recipient.email);
+  await expect(page.getByRole('option', { name: '[713] Document - Sent' })).toBeVisible();
+
+  await page.keyboard.press('Escape');
+
+  // signout
+  await page.getByTitle('Profile Dropdown').click();
+  await page.getByRole('menuitem', { name: 'Sign Out' }).click();
+});

packages/app-tests/e2e/pr-718-add-stepper-component.spec.ts

@@ -0,0 +1,75 @@
+import { expect, test } from '@playwright/test';
+import path from 'node:path';
+
+import { TEST_USER } from '@documenso/prisma/seed/pr-718-add-stepper-component';
+
+test(`[PR-718]: should be able to create a document`, async ({ page }) => {
+  await page.goto('/signin');
+
+  const documentTitle = `example-${Date.now()}.pdf`;
+
+  // Sign in
+  await page.getByLabel('Email').fill(TEST_USER.email);
+  await page.getByLabel('Password', { exact: true }).fill(TEST_USER.password);
+  await page.getByRole('button', { name: 'Sign In' }).click();
+
+  // Upload document
+  const [fileChooser] = await Promise.all([
+    page.waitForEvent('filechooser'),
+    page.locator('input[type=file]').evaluate((e) => {
+      if (e instanceof HTMLInputElement) {
+        e.click();
+      }
+    }),
+  ]);
+
+  await fileChooser.setFiles(path.join(__dirname, '../../../assets/example.pdf'));
+
+  // Wait to be redirected to the edit page
+  await page.waitForURL(/\/documents\/\d+/);
+
+  // Set title
+  await expect(page.getByRole('heading', { name: 'Add Title' })).toBeVisible();
+
+  await page.getByLabel('Title').fill(documentTitle);
+
+  await page.getByRole('button', { name: 'Continue' }).click();
+
+  // Add signers
+  await expect(page.getByRole('heading', { name: 'Add Signers' })).toBeVisible();
+
+  await page.getByLabel('Email*').fill('user1@example.com');
+  await page.getByLabel('Name').fill('User 1');
+
+  await page.getByRole('button', { name: 'Continue' }).click();
+
+  // Add fields
+  await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible();
+
+  await page.getByRole('button', { name: 'User 1 Signature' }).click();
+  await page.locator('canvas').click({
+    position: {
+      x: 100,
+      y: 100,
+    },
+  });
+
+  await page.getByRole('button', { name: 'Email Email' }).click();
+  await page.locator('canvas').click({
+    position: {
+      x: 100,
+      y: 200,
+    },
+  });
+
+  await page.getByRole('button', { name: 'Continue' }).click();
+
+  // Add subject and send
+  await expect(page.getByRole('heading', { name: 'Add Subject' })).toBeVisible();
+  await page.getByRole('button', { name: 'Send' }).click();
+
+  await page.waitForURL('/documents');
+
+  // Assert document was created
+  await expect(page.getByRole('link', { name: documentTitle })).toBeVisible();
+});

packages/app-tests/e2e/test-auth-flow.spec.ts

@@ -4,15 +4,15 @@ import { deleteUser } from '@documenso/lib/server-only/user/delete-user';
 
 test.use({ storageState: { cookies: [], origins: [] } });
 
-/* 
+/*
   Using them sequentially so the 2nd test
   uses the details from the 1st (registration) test
 */
 test.describe.configure({ mode: 'serial' });
 
-const username = process.env.E2E_TEST_AUTHENTICATE_USERNAME;
-const email = process.env.E2E_TEST_AUTHENTICATE_USER_EMAIL;
-const password = process.env.E2E_TEST_AUTHENTICATE_USER_PASSWORD;
+const username = 'Test User';
+const email = 'test-user@auth-flow.documenso.com';
+const password = 'Password123';
 
 test('user can sign up with email and password', async ({ page }: { page: Page }) => {
   await page.goto('/signup');

packages/app-tests/package.json

@@ -6,13 +6,14 @@
   "main": "index.js",
   "scripts": {
     "test:dev": "playwright test",
-    "test:e2e": "start-server-and-test \"(cd ../../apps/web && npm run start)\" http://localhost:3000 \"playwright test\""
+    "test:e2e": "start-server-and-test \"npm run start -w @documenso/web\" http://localhost:3000 \"playwright test\""
   },
   "keywords": [],
   "author": "",
   "devDependencies": {
     "@playwright/test": "^1.18.1",
     "@types/node": "^20.8.2",
+    "@documenso/prisma": "*",
     "@documenso/web": "*"
   },
   "dependencies": {

packages/app-tests/playwright.config.ts

@@ -28,8 +28,12 @@ export default defineConfig({
 
     /* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */
     trace: 'on-first-retry',
+
+    video: 'retain-on-failure',
   },
 
+  timeout: 30_000,
+
   /* Configure projects for major browsers */
   projects: [
     {

packages/app-tests/tsconfig.json

@@ -0,0 +1,8 @@
+{
+  "extends": "@documenso/tsconfig/react-library.json",
+  "compilerOptions": {
+    "types": ["@documenso/tsconfig/process-env.d.ts"]
+  },
+  "include": ["**/*.ts", "**/*.tsx", "**/*.d.ts"],
+  "exclude": ["dist", "build", "node_modules"]
+}

packages/ee/package.json

@@ -17,8 +17,8 @@
     "@documenso/prisma": "*",
     "luxon": "^3.4.0",
     "micro": "^10.0.1",
-    "next": "14.0.0",
-    "next-auth": "4.24.3",
+    "next": "14.0.3",
+    "next-auth": "4.24.5",
     "react": "18.2.0",
     "ts-pattern": "^5.0.5",
     "zod": "^3.22.4"

packages/email/components.ts

@@ -0,0 +1,17 @@
+export * from '@react-email/body';
+export * from '@react-email/button';
+export * from '@react-email/column';
+export * from '@react-email/container';
+export * from '@react-email/font';
+export * from '@react-email/head';
+export * from '@react-email/heading';
+export * from '@react-email/hr';
+export * from '@react-email/html';
+export * from '@react-email/img';
+export * from '@react-email/link';
+export * from '@react-email/preview';
+export * from '@react-email/render';
+export * from '@react-email/row';
+export * from '@react-email/section';
+export * from '@react-email/tailwind';
+export * from '@react-email/text';

packages/email/mailer.ts

@@ -42,12 +42,8 @@ const getTransport = () => {
     });
   }
 
-  if (!process.env.NEXT_PRIVATE_SMTP_HOST) {
-    throw new Error('SMTP transport requires NEXT_PRIVATE_SMTP_HOST');
-  }
-
   return createTransport({
-    host: process.env.NEXT_PRIVATE_SMTP_HOST,
+    host: process.env.NEXT_PRIVATE_SMTP_HOST ?? 'localhost:2500',
     port: Number(process.env.NEXT_PRIVATE_SMTP_PORT) || 587,
     secure: process.env.NEXT_PRIVATE_SMTP_SECURE === 'true',
     auth: {

packages/email/package.json

@@ -17,11 +17,27 @@
     "worker:test": "tsup worker/index.ts --format esm"
   },
   "dependencies": {
-    "@documenso/nodemailer-resend": "1.0.0",
-    "@react-email/components": "^0.0.7",
+    "@documenso/nodemailer-resend": "2.0.0",
+    "@react-email/body": "0.0.4",
+    "@react-email/button": "0.0.11",
+    "@react-email/column": "0.0.8",
+    "@react-email/container": "0.0.10",
+    "@react-email/font": "0.0.4",
+    "@react-email/head": "0.0.6",
+    "@react-email/heading": "0.0.9",
+    "@react-email/hr": "0.0.6",
+    "@react-email/html": "0.0.6",
+    "@react-email/img": "0.0.6",
+    "@react-email/link": "0.0.6",
+    "@react-email/preview": "0.0.7",
+    "@react-email/render": "0.0.9",
+    "@react-email/row": "0.0.6",
+    "@react-email/section": "0.0.10",
+    "@react-email/tailwind": "0.0.9",
+    "@react-email/text": "0.0.6",
     "nodemailer": "^6.9.3",
-    "react-email": "^1.9.4",
-    "resend": "^1.1.0"
+    "react-email": "^1.9.5",
+    "resend": "^2.0.0"
   },
   "devDependencies": {
     "@documenso/tailwind-config": "*",

packages/email/render.ts

@@ -1 +1 @@
-export { render } from '@react-email/components';
+export { render, renderAsync } from '@react-email/render';

packages/email/template-components/template-confirmation-email.tsx

@@ -0,0 +1,41 @@
+import { Button, Section, Text } from '../components';
+import { TemplateDocumentImage } from './template-document-image';
+
+export type TemplateConfirmationEmailProps = {
+  confirmationLink: string;
+  assetBaseUrl: string;
+};
+
+export const TemplateConfirmationEmail = ({
+  confirmationLink,
+  assetBaseUrl,
+}: TemplateConfirmationEmailProps) => {
+  return (
+    <>
+      <TemplateDocumentImage className="mt-6" assetBaseUrl={assetBaseUrl} />
+
+      <Section className="flex-row items-center justify-center">
+        <Text className="text-primary mx-auto mb-0 max-w-[80%] text-center text-lg font-semibold">
+          Welcome to Documenso!
+        </Text>
+
+        <Text className="my-1 text-center text-base text-slate-400">
+          Before you get started, please confirm your email address by clicking the button below:
+        </Text>
+
+        <Section className="mb-6 mt-8 text-center">
+          <Button
+            className="bg-documenso-500 inline-flex items-center justify-center rounded-lg px-6 py-3 text-center text-sm font-medium text-black no-underline"
+            href={confirmationLink}
+          >
+            Confirm email
+          </Button>
+          <Text className="mt-8 text-center text-sm italic text-slate-400">
+            You can also copy and paste this link into your browser: {confirmationLink} (link
+            expires in 1 hour)
+          </Text>
+        </Section>
+      </Section>
+    </>
+  );
+};

packages/email/template-components/template-document-cancel.tsx

@@ -0,0 +1,34 @@
+import { Section, Text } from '../components';
+import { TemplateDocumentImage } from './template-document-image';
+
+export interface TemplateDocumentCancelProps {
+  inviterName: string;
+  inviterEmail: string;
+  documentName: string;
+  assetBaseUrl: string;
+}
+
+export const TemplateDocumentCancel = ({
+  inviterName,
+  documentName,
+  assetBaseUrl,
+}: TemplateDocumentCancelProps) => {
+  return (
+    <>
+      <TemplateDocumentImage className="mt-6" assetBaseUrl={assetBaseUrl} />
+
+      <Section>
+        <Text className="text-primary mx-auto mb-0 max-w-[80%] text-center text-lg font-semibold">
+          {inviterName} has cancelled the document
+          <br />"{documentName}"
+        </Text>
+
+        <Text className="my-1 text-center text-base text-slate-400">
+          You don't need to sign it anymore.
+        </Text>
+      </Section>
+    </>
+  );
+};
+
+export default TemplateDocumentCancel;

packages/email/template-components/template-document-completed.tsx

@@ -1,7 +1,4 @@
-import { Button, Column, Img, Section, Tailwind, Text } from '@react-email/components';
-
-import * as config from '@documenso/tailwind-config';
-
+import { Button, Column, Img, Section, Text } from '../components';
 import { TemplateDocumentImage } from './template-document-image';
 
 export interface TemplateDocumentCompletedProps {
@@ -20,15 +17,7 @@ export const TemplateDocumentCompleted = ({
   };
 
   return (
-    <Tailwind
-      config={{
-        theme: {
-          extend: {
-            colors: config.theme.extend.colors,
-          },
-        },
-      }}
-    >
+    <>
       <TemplateDocumentImage className="mt-6" assetBaseUrl={assetBaseUrl} />
 
       <Section>
@@ -72,7 +61,7 @@ export const TemplateDocumentCompleted = ({
           </Button>
         </Section>
       </Section>
-    </Tailwind>
+    </>
   );
 };
 

packages/email/template-components/template-document-image.tsx

@@ -1,4 +1,4 @@
-import { Column, Img, Row, Section } from '@react-email/components';
+import { Column, Img, Row, Section } from '../components';
 
 export interface TemplateDocumentImageProps {
   assetBaseUrl: string;

packages/email/template-components/template-document-invite.tsx

@@ -1,7 +1,4 @@
-import { Button, Section, Tailwind, Text } from '@react-email/components';
-
-import * as config from '@documenso/tailwind-config';
-
+import { Button, Section, Text } from '../components';
 import { TemplateDocumentImage } from './template-document-image';
 
 export interface TemplateDocumentInviteProps {
@@ -19,15 +16,7 @@ export const TemplateDocumentInvite = ({
   assetBaseUrl,
 }: TemplateDocumentInviteProps) => {
   return (
-    <Tailwind
-      config={{
-        theme: {
-          extend: {
-            colors: config.theme.extend.colors,
-          },
-        },
-      }}
-    >
+    <>
       <TemplateDocumentImage className="mt-6" assetBaseUrl={assetBaseUrl} />
 
       <Section>
@@ -49,7 +38,7 @@ export const TemplateDocumentInvite = ({
           </Button>
         </Section>
       </Section>
-    </Tailwind>
+    </>
   );
 };
 

packages/email/template-components/template-document-pending.tsx

@@ -1,7 +1,4 @@
-import { Column, Img, Section, Tailwind, Text } from '@react-email/components';
-
-import * as config from '@documenso/tailwind-config';
-
+import { Column, Img, Section, Text } from '../components';
 import { TemplateDocumentImage } from './template-document-image';
 
 export interface TemplateDocumentPendingProps {
@@ -18,15 +15,7 @@ export const TemplateDocumentPending = ({
   };
 
   return (
-    <Tailwind
-      config={{
-        theme: {
-          extend: {
-            colors: config.theme.extend.colors,
-          },
-        },
-      }}
-    >
+    <>
       <TemplateDocumentImage className="mt-6" assetBaseUrl={assetBaseUrl} />
 
       <Section>
@@ -52,7 +41,7 @@ export const TemplateDocumentPending = ({
           We'll notify you as soon as it's ready.
         </Text>
       </Section>
-    </Tailwind>
+    </>
   );
 };
 

packages/email/template-components/template-document-self-signed.tsx

@@ -1,7 +1,4 @@
-import { Button, Column, Img, Link, Section, Tailwind, Text } from '@react-email/components';
-
-import * as config from '@documenso/tailwind-config';
-
+import { Button, Column, Img, Link, Section, Text } from '../components';
 import { TemplateDocumentImage } from './template-document-image';
 
 export interface TemplateDocumentSelfSignedProps {
@@ -20,15 +17,7 @@ export const TemplateDocumentSelfSigned = ({
   };
 
   return (
-    <Tailwind
-      config={{
-        theme: {
-          extend: {
-            colors: config.theme.extend.colors,
-          },
-        },
-      }}
-    >
+    <>
       <TemplateDocumentImage className="mt-6" assetBaseUrl={assetBaseUrl} />
 
       <Section className="flex-row items-center justify-center">
@@ -84,7 +73,7 @@ export const TemplateDocumentSelfSigned = ({
           </Button>
         </Section>
       </Section>
-    </Tailwind>
+    </>
   );
 };
 

packages/email/template-components/template-footer.tsx

@@ -1,4 +1,4 @@
-import { Link, Section, Text } from '@react-email/components';
+import { Link, Section, Text } from '../components';
 
 export type TemplateFooterProps = {
   isDocument?: boolean;

packages/email/template-components/template-forgot-password.tsx

@@ -1,7 +1,4 @@
-import { Button, Section, Tailwind, Text } from '@react-email/components';
-
-import * as config from '@documenso/tailwind-config';
-
+import { Button, Section, Text } from '../components';
 import { TemplateDocumentImage } from './template-document-image';
 
 export type TemplateForgotPasswordProps = {
@@ -14,15 +11,7 @@ export const TemplateForgotPassword = ({
   assetBaseUrl,
 }: TemplateForgotPasswordProps) => {
   return (
-    <Tailwind
-      config={{
-        theme: {
-          extend: {
-            colors: config.theme.extend.colors,
-          },
-        },
-      }}
-    >
+    <>
       <TemplateDocumentImage className="mt-6" assetBaseUrl={assetBaseUrl} />
 
       <Section className="flex-row items-center justify-center">
@@ -43,7 +32,7 @@ export const TemplateForgotPassword = ({
           </Button>
         </Section>
       </Section>
-    </Tailwind>
+    </>
   );
 };
 

packages/email/template-components/template-reset-password.tsx

@@ -1,7 +1,4 @@
-import { Button, Section, Tailwind, Text } from '@react-email/components';
-
-import * as config from '@documenso/tailwind-config';
-
+import { Button, Section, Text } from '../components';
 import { TemplateDocumentImage } from './template-document-image';
 
 export interface TemplateResetPasswordProps {
@@ -12,15 +9,7 @@ export interface TemplateResetPasswordProps {
 
 export const TemplateResetPassword = ({ assetBaseUrl }: TemplateResetPasswordProps) => {
   return (
-    <Tailwind
-      config={{
-        theme: {
-          extend: {
-            colors: config.theme.extend.colors,
-          },
-        },
-      }}
-    >
+    <>
       <TemplateDocumentImage className="mt-6" assetBaseUrl={assetBaseUrl} />
 
       <Section className="flex-row items-center justify-center">
@@ -41,7 +30,7 @@ export const TemplateResetPassword = ({ assetBaseUrl }: TemplateResetPasswordPro
           </Button>
         </Section>
       </Section>
-    </Tailwind>
+    </>
   );
 };
 

packages/email/templates/confirm-email.tsx

@@ -0,0 +1,57 @@
+import config from '@documenso/tailwind-config';
+
+import { Body, Container, Head, Html, Img, Preview, Section, Tailwind } from '../components';
+import type { TemplateConfirmationEmailProps } from '../template-components/template-confirmation-email';
+import { TemplateConfirmationEmail } from '../template-components/template-confirmation-email';
+import { TemplateFooter } from '../template-components/template-footer';
+
+export const ConfirmEmailTemplate = ({
+  confirmationLink,
+  assetBaseUrl,
+}: TemplateConfirmationEmailProps) => {
+  const previewText = `Please confirm your email address`;
+
+  const getAssetUrl = (path: string) => {
+    return new URL(path, assetBaseUrl).toString();
+  };
+
+  return (
+    <Html>
+      <Head />
+      <Preview>{previewText}</Preview>
+      <Tailwind
+        config={{
+          theme: {
+            extend: {
+              colors: config.theme.extend.colors,
+            },
+          },
+        }}
+      >
+        <Body className="mx-auto my-auto bg-white font-sans">
+          <Section>
+            <Container className="mx-auto mb-2 mt-8 max-w-xl rounded-lg border border-solid border-slate-200 p-4 backdrop-blur-sm">
+              <Section>
+                <Img
+                  src={getAssetUrl('/static/logo.png')}
+                  alt="Documenso Logo"
+                  className="mb-4 h-6"
+                />
+
+                <TemplateConfirmationEmail
+                  confirmationLink={confirmationLink}
+                  assetBaseUrl={assetBaseUrl}
+                />
+              </Section>
+            </Container>
+            <div className="mx-auto mt-12 max-w-xl" />
+
+            <Container className="mx-auto max-w-xl">
+              <TemplateFooter isDocument={false} />
+            </Container>
+          </Section>
+        </Body>
+      </Tailwind>
+    </Html>
+  );
+};

packages/email/templates/document-cancel.tsx

@@ -0,0 +1,66 @@
+import config from '@documenso/tailwind-config';
+
+import { Body, Container, Head, Hr, Html, Img, Preview, Section, Tailwind } from '../components';
+import type { TemplateDocumentCancelProps } from '../template-components/template-document-cancel';
+import { TemplateDocumentCancel } from '../template-components/template-document-cancel';
+import { TemplateFooter } from '../template-components/template-footer';
+
+export type DocumentCancelEmailTemplateProps = Partial<TemplateDocumentCancelProps>;
+
+export const DocumentCancelTemplate = ({
+  inviterName = 'Lucas Smith',
+  inviterEmail = 'lucas@documenso.com',
+  documentName = 'Open Source Pledge.pdf',
+  assetBaseUrl = 'http://localhost:3002',
+}: DocumentCancelEmailTemplateProps) => {
+  const previewText = `${inviterName} has cancelled the document ${documentName}, you don't need to sign it anymore.`;
+
+  const getAssetUrl = (path: string) => {
+    return new URL(path, assetBaseUrl).toString();
+  };
+
+  return (
+    <Html>
+      <Head />
+      <Preview>{previewText}</Preview>
+      <Tailwind
+        config={{
+          theme: {
+            extend: {
+              colors: config.theme.extend.colors,
+            },
+          },
+        }}
+      >
+        <Body className="mx-auto my-auto bg-white font-sans">
+          <Section>
+            <Container className="mx-auto mb-2 mt-8 max-w-xl rounded-lg border border-solid border-slate-200 p-4 backdrop-blur-sm">
+              <Section>
+                <Img
+                  src={getAssetUrl('/static/logo.png')}
+                  alt="Documenso Logo"
+                  className="mb-4 h-6"
+                />
+
+                <TemplateDocumentCancel
+                  inviterName={inviterName}
+                  inviterEmail={inviterEmail}
+                  documentName={documentName}
+                  assetBaseUrl={assetBaseUrl}
+                />
+              </Section>
+            </Container>
+
+            <Hr className="mx-auto mt-12 max-w-xl" />
+
+            <Container className="mx-auto max-w-xl">
+              <TemplateFooter />
+            </Container>
+          </Section>
+        </Body>
+      </Tailwind>
+    </Html>
+  );
+};
+
+export default DocumentCancelTemplate;

packages/email/templates/document-completed.tsx

@@ -1,20 +1,8 @@
-import {
-  Body,
-  Container,
-  Head,
-  Html,
-  Img,
-  Preview,
-  Section,
-  Tailwind,
-} from '@react-email/components';
-
 import config from '@documenso/tailwind-config';
 
-import {
-  TemplateDocumentCompleted,
-  TemplateDocumentCompletedProps,
-} from '../template-components/template-document-completed';
+import { Body, Container, Head, Html, Img, Preview, Section, Tailwind } from '../components';
+import type { TemplateDocumentCompletedProps } from '../template-components/template-document-completed';
+import { TemplateDocumentCompleted } from '../template-components/template-document-completed';
 import { TemplateFooter } from '../template-components/template-footer';
 
 export type DocumentCompletedEmailTemplateProps = Partial<TemplateDocumentCompletedProps>;

packages/email/templates/document-invite.tsx

@@ -1,3 +1,5 @@
+import config from '@documenso/tailwind-config';
+
 import {
   Body,
   Container,
@@ -10,14 +12,9 @@ import {
   Section,
   Tailwind,
   Text,
-} from '@react-email/components';
-
-import config from '@documenso/tailwind-config';
-
-import {
-  TemplateDocumentInvite,
-  TemplateDocumentInviteProps,
-} from '../template-components/template-document-invite';
+} from '../components';
+import type { TemplateDocumentInviteProps } from '../template-components/template-document-invite';
+import { TemplateDocumentInvite } from '../template-components/template-document-invite';
 import { TemplateFooter } from '../template-components/template-footer';
 
 export type DocumentInviteEmailTemplateProps = Partial<TemplateDocumentInviteProps> & {

packages/email/templates/document-pending.tsx

@@ -1,20 +1,8 @@
-import {
-  Body,
-  Container,
-  Head,
-  Html,
-  Img,
-  Preview,
-  Section,
-  Tailwind,
-} from '@react-email/components';
-
 import config from '@documenso/tailwind-config';
 
-import {
-  TemplateDocumentPending,
-  TemplateDocumentPendingProps,
-} from '../template-components/template-document-pending';
+import { Body, Container, Head, Html, Img, Preview, Section, Tailwind } from '../components';
+import type { TemplateDocumentPendingProps } from '../template-components/template-document-pending';
+import { TemplateDocumentPending } from '../template-components/template-document-pending';
 import { TemplateFooter } from '../template-components/template-footer';
 
 export type DocumentPendingEmailTemplateProps = Partial<TemplateDocumentPendingProps>;

packages/email/templates/document-self-signed.tsx

@@ -1,20 +1,8 @@
-import {
-  Body,
-  Container,
-  Head,
-  Html,
-  Img,
-  Preview,
-  Section,
-  Tailwind,
-} from '@react-email/components';
-
 import config from '@documenso/tailwind-config';
 
-import {
-  TemplateDocumentSelfSigned,
-  TemplateDocumentSelfSignedProps,
-} from '../template-components/template-document-self-signed';
+import { Body, Container, Head, Html, Img, Preview, Section, Tailwind } from '../components';
+import type { TemplateDocumentSelfSignedProps } from '../template-components/template-document-self-signed';
+import { TemplateDocumentSelfSigned } from '../template-components/template-document-self-signed';
 import { TemplateFooter } from '../template-components/template-footer';
 
 export type DocumentSelfSignedTemplateProps = TemplateDocumentSelfSignedProps;

packages/email/templates/forgot-password.tsx

@@ -1,21 +1,9 @@
-import {
-  Body,
-  Container,
-  Head,
-  Html,
-  Img,
-  Preview,
-  Section,
-  Tailwind,
-} from '@react-email/components';
-
 import config from '@documenso/tailwind-config';
 
+import { Body, Container, Head, Html, Img, Preview, Section, Tailwind } from '../components';
 import { TemplateFooter } from '../template-components/template-footer';
-import {
-  TemplateForgotPassword,
-  TemplateForgotPasswordProps,
-} from '../template-components/template-forgot-password';
+import type { TemplateForgotPasswordProps } from '../template-components/template-forgot-password';
+import { TemplateForgotPassword } from '../template-components/template-forgot-password';
 
 export type ForgotPasswordTemplateProps = Partial<TemplateForgotPasswordProps>;
 

packages/email/templates/reset-password.tsx

@@ -1,3 +1,5 @@
+import config from '@documenso/tailwind-config';
+
 import {
   Body,
   Container,
@@ -10,15 +12,10 @@ import {
   Section,
   Tailwind,
   Text,
-} from '@react-email/components';
-
-import config from '@documenso/tailwind-config';
-
+} from '../components';
 import { TemplateFooter } from '../template-components/template-footer';
-import {
-  TemplateResetPassword,
-  TemplateResetPasswordProps,
-} from '../template-components/template-reset-password';
+import type { TemplateResetPasswordProps } from '../template-components/template-reset-password';
+import { TemplateResetPassword } from '../template-components/template-reset-password';
 
 export type ResetPasswordTemplateProps = Partial<TemplateResetPasswordProps>;
 

packages/lib/constants/crypto.ts

@@ -0,0 +1 @@
+export const DOCUMENSO_ENCRYPTION_KEY = process.env.NEXT_PRIVATE_ENCRYPTION_KEY;

packages/lib/next-auth/auth-options.ts

@@ -1,12 +1,17 @@
+/// <reference types="../types/next-auth.d.ts" />
 import { PrismaAdapter } from '@next-auth/prisma-adapter';
 import { compare } from 'bcrypt';
 import { DateTime } from 'luxon';
-import { AuthOptions, Session, User } from 'next-auth';
+import type { AuthOptions, Session, User } from 'next-auth';
+import type { JWT } from 'next-auth/jwt';
 import CredentialsProvider from 'next-auth/providers/credentials';
-import GoogleProvider, { GoogleProfile } from 'next-auth/providers/google';
+import type { GoogleProfile } from 'next-auth/providers/google';
+import GoogleProvider from 'next-auth/providers/google';
 
 import { prisma } from '@documenso/prisma';
 
+import { isTwoFactorAuthenticationEnabled } from '../server-only/2fa/is-2fa-availble';
+import { validateTwoFactorAuthentication } from '../server-only/2fa/validate-2fa';
 import { getUserByEmail } from '../server-only/user/get-user-by-email';
 import { ErrorCode } from './error-codes';
 
@@ -22,13 +27,19 @@ export const NEXT_AUTH_OPTIONS: AuthOptions = {
       credentials: {
         email: { label: 'Email', type: 'email' },
         password: { label: 'Password', type: 'password' },
+        totpCode: {
+          label: 'Two-factor Code',
+          type: 'input',
+          placeholder: 'Code from authenticator app',
+        },
+        backupCode: { label: 'Backup Code', type: 'input', placeholder: 'Two-factor backup code' },
       },
       authorize: async (credentials, _req) => {
         if (!credentials) {
           throw new Error(ErrorCode.CREDENTIALS_NOT_FOUND);
         }
 
-        const { email, password } = credentials;
+        const { email, password, backupCode, totpCode } = credentials;
 
         const user = await getUserByEmail({ email }).catch(() => {
           throw new Error(ErrorCode.INCORRECT_EMAIL_PASSWORD);
@@ -44,10 +55,25 @@ export const NEXT_AUTH_OPTIONS: AuthOptions = {
           throw new Error(ErrorCode.INCORRECT_EMAIL_PASSWORD);
         }
 
+        const is2faEnabled = isTwoFactorAuthenticationEnabled({ user });
+
+        if (is2faEnabled) {
+          const isValid = await validateTwoFactorAuthentication({ backupCode, totpCode, user });
+
+          if (!isValid) {
+            throw new Error(
+              totpCode
+                ? ErrorCode.INCORRECT_TWO_FACTOR_CODE
+                : ErrorCode.INCORRECT_TWO_FACTOR_BACKUP_CODE,
+            );
+          }
+        }
+
         return {
           id: Number(user.id),
           email: user.email,
           name: user.name,
+          emailVerified: user.emailVerified?.toISOString() ?? null,
         } satisfies User;
       },
     }),
@@ -61,6 +87,7 @@ export const NEXT_AUTH_OPTIONS: AuthOptions = {
           id: Number(profile.sub),
           name: profile.name || `${profile.given_name} ${profile.family_name}`.trim(),
           email: profile.email,
+          emailVerified: profile.email_verified ? new Date().toISOString() : null,
         };
       },
     }),
@@ -70,9 +97,10 @@ export const NEXT_AUTH_OPTIONS: AuthOptions = {
       const merged = {
         ...token,
         ...user,
-      };
+        emailVerified: user?.emailVerified ? new Date(user.emailVerified).toISOString() : null,
+      } satisfies JWT;
 
-      if (!merged.email) {
+      if (!merged.email || typeof merged.emailVerified !== 'string') {
         const userId = Number(merged.id ?? token.sub);
 
         const retrieved = await prisma.user.findFirst({
@@ -88,6 +116,7 @@ export const NEXT_AUTH_OPTIONS: AuthOptions = {
         merged.id = retrieved.id;
         merged.name = retrieved.name;
         merged.email = retrieved.email;
+        merged.emailVerified = retrieved.emailVerified?.toISOString() ?? null;
       }
 
       if (
@@ -97,7 +126,7 @@ export const NEXT_AUTH_OPTIONS: AuthOptions = {
       ) {
         merged.lastSignedIn = new Date().toISOString();
 
-        await prisma.user.update({
+        const user = await prisma.user.update({
           where: {
             id: Number(merged.id),
           },
@@ -105,6 +134,8 @@ export const NEXT_AUTH_OPTIONS: AuthOptions = {
             lastSignedIn: merged.lastSignedIn,
           },
         });
+
+        merged.emailVerified = user.emailVerified?.toISOString() ?? null;
       }
 
       return {
@@ -112,7 +143,8 @@ export const NEXT_AUTH_OPTIONS: AuthOptions = {
         name: merged.name,
         email: merged.email,
         lastSignedIn: merged.lastSignedIn,
-      };
+        emailVerified: merged.emailVerified,
+      } satisfies JWT;
     },
 
     session({ token, session }) {
@@ -123,6 +155,7 @@ export const NEXT_AUTH_OPTIONS: AuthOptions = {
             id: Number(token.id),
             name: token.name,
             email: token.email,
+            emailVerified: token.emailVerified ?? null,
           },
         } satisfies Session;
       }

packages/lib/next-auth/error-codes.ts

@@ -8,4 +8,15 @@ export const ErrorCode = {
   INCORRECT_EMAIL_PASSWORD: 'INCORRECT_EMAIL_PASSWORD',
   USER_MISSING_PASSWORD: 'USER_MISSING_PASSWORD',
   CREDENTIALS_NOT_FOUND: 'CREDENTIALS_NOT_FOUND',
+  INTERNAL_SEVER_ERROR: 'INTERNAL_SEVER_ERROR',
+  TWO_FACTOR_ALREADY_ENABLED: 'TWO_FACTOR_ALREADY_ENABLED',
+  TWO_FACTOR_SETUP_REQUIRED: 'TWO_FACTOR_SETUP_REQUIRED',
+  TWO_FACTOR_MISSING_SECRET: 'TWO_FACTOR_MISSING_SECRET',
+  TWO_FACTOR_MISSING_CREDENTIALS: 'TWO_FACTOR_MISSING_CREDENTIALS',
+  INCORRECT_TWO_FACTOR_CODE: 'INCORRECT_TWO_FACTOR_CODE',
+  INCORRECT_TWO_FACTOR_BACKUP_CODE: 'INCORRECT_TWO_FACTOR_BACKUP_CODE',
+  INCORRECT_IDENTITY_PROVIDER: 'INCORRECT_IDENTITY_PROVIDER',
+  INCORRECT_PASSWORD: 'INCORRECT_PASSWORD',
+  MISSING_ENCRYPTION_KEY: 'MISSING_ENCRYPTION_KEY',
+  MISSING_BACKUP_CODE: 'MISSING_BACKUP_CODE',
 } as const;

packages/lib/package.json

@@ -20,10 +20,13 @@
     "@aws-sdk/cloudfront-signer": "^3.410.0",
     "@aws-sdk/s3-request-presigner": "^3.410.0",
     "@aws-sdk/signature-v4-crt": "^3.410.0",
+    "@documenso/assets": "*",
     "@documenso/email": "*",
     "@documenso/prisma": "*",
     "@documenso/signing": "*",
     "@next-auth/prisma-adapter": "1.0.7",
+    "@noble/ciphers": "0.4.0",
+    "@noble/hashes": "1.3.2",
     "@pdf-lib/fontkit": "^1.1.1",
     "@scure/base": "^1.1.3",
     "@sindresorhus/slugify": "^2.2.1",
@@ -31,8 +34,9 @@
     "bcrypt": "^5.1.0",
     "luxon": "^3.4.0",
     "nanoid": "^4.0.2",
-    "next": "14.0.0",
-    "next-auth": "4.24.3",
+    "next": "14.0.3",
+    "next-auth": "4.24.5",
+    "oslo": "^0.17.0",
     "pdf-lib": "^1.17.1",
     "react": "18.2.0",
     "remeda": "^1.27.1",

packages/lib/server-only/2fa/disable-2fa.ts

@@ -0,0 +1,48 @@
+import { compare } from 'bcrypt';
+
+import { prisma } from '@documenso/prisma';
+import { User } from '@documenso/prisma/client';
+
+import { ErrorCode } from '../../next-auth/error-codes';
+import { validateTwoFactorAuthentication } from './validate-2fa';
+
+type DisableTwoFactorAuthenticationOptions = {
+  user: User;
+  backupCode: string;
+  password: string;
+};
+
+export const disableTwoFactorAuthentication = async ({
+  backupCode,
+  user,
+  password,
+}: DisableTwoFactorAuthenticationOptions) => {
+  if (!user.password) {
+    throw new Error(ErrorCode.USER_MISSING_PASSWORD);
+  }
+
+  const isCorrectPassword = await compare(password, user.password);
+
+  if (!isCorrectPassword) {
+    throw new Error(ErrorCode.INCORRECT_PASSWORD);
+  }
+
+  const isValid = await validateTwoFactorAuthentication({ backupCode, user });
+
+  if (!isValid) {
+    throw new Error(ErrorCode.INCORRECT_TWO_FACTOR_BACKUP_CODE);
+  }
+
+  await prisma.user.update({
+    where: {
+      id: user.id,
+    },
+    data: {
+      twoFactorEnabled: false,
+      twoFactorBackupCodes: null,
+      twoFactorSecret: null,
+    },
+  });
+
+  return true;
+};

packages/lib/server-only/2fa/enable-2fa.ts

@@ -0,0 +1,47 @@
+import { ErrorCode } from '@documenso/lib/next-auth/error-codes';
+import { prisma } from '@documenso/prisma';
+import { User } from '@documenso/prisma/client';
+
+import { getBackupCodes } from './get-backup-code';
+import { verifyTwoFactorAuthenticationToken } from './verify-2fa-token';
+
+type EnableTwoFactorAuthenticationOptions = {
+  user: User;
+  code: string;
+};
+
+export const enableTwoFactorAuthentication = async ({
+  user,
+  code,
+}: EnableTwoFactorAuthenticationOptions) => {
+  if (user.identityProvider !== 'DOCUMENSO') {
+    throw new Error(ErrorCode.INCORRECT_IDENTITY_PROVIDER);
+  }
+
+  if (user.twoFactorEnabled) {
+    throw new Error(ErrorCode.TWO_FACTOR_ALREADY_ENABLED);
+  }
+
+  if (!user.twoFactorSecret) {
+    throw new Error(ErrorCode.TWO_FACTOR_SETUP_REQUIRED);
+  }
+
+  const isValidToken = await verifyTwoFactorAuthenticationToken({ user, totpCode: code });
+
+  if (!isValidToken) {
+    throw new Error(ErrorCode.INCORRECT_TWO_FACTOR_CODE);
+  }
+
+  const updatedUser = await prisma.user.update({
+    where: {
+      id: user.id,
+    },
+    data: {
+      twoFactorEnabled: true,
+    },
+  });
+
+  const recoveryCodes = getBackupCodes({ user: updatedUser });
+
+  return { recoveryCodes };
+};

packages/lib/server-only/2fa/get-backup-code.ts

@@ -0,0 +1,38 @@
+import { z } from 'zod';
+
+import { User } from '@documenso/prisma/client';
+
+import { DOCUMENSO_ENCRYPTION_KEY } from '../../constants/crypto';
+import { symmetricDecrypt } from '../../universal/crypto';
+
+interface GetBackupCodesOptions {
+  user: User;
+}
+
+const ZBackupCodeSchema = z.array(z.string());
+
+export const getBackupCodes = ({ user }: GetBackupCodesOptions) => {
+  const key = DOCUMENSO_ENCRYPTION_KEY;
+
+  if (!user.twoFactorEnabled) {
+    throw new Error('User has not enabled 2FA');
+  }
+
+  if (!user.twoFactorBackupCodes) {
+    throw new Error('User has no backup codes');
+  }
+
+  const secret = Buffer.from(symmetricDecrypt({ key, data: user.twoFactorBackupCodes })).toString(
+    'utf-8',
+  );
+
+  const data = JSON.parse(secret);
+
+  const result = ZBackupCodeSchema.safeParse(data);
+
+  if (result.success) {
+    return result.data;
+  }
+
+  return null;
+};

packages/lib/server-only/2fa/is-2fa-availble.ts

@@ -0,0 +1,17 @@
+import { User } from '@documenso/prisma/client';
+
+import { DOCUMENSO_ENCRYPTION_KEY } from '../../constants/crypto';
+
+type IsTwoFactorAuthenticationEnabledOptions = {
+  user: User;
+};
+
+export const isTwoFactorAuthenticationEnabled = ({
+  user,
+}: IsTwoFactorAuthenticationEnabledOptions) => {
+  return (
+    user.twoFactorEnabled &&
+    user.identityProvider === 'DOCUMENSO' &&
+    typeof DOCUMENSO_ENCRYPTION_KEY === 'string'
+  );
+};

packages/lib/server-only/2fa/setup-2fa.ts

@@ -0,0 +1,76 @@
+import { base32 } from '@scure/base';
+import { compare } from 'bcrypt';
+import crypto from 'crypto';
+import { createTOTPKeyURI } from 'oslo/otp';
+
+import { ErrorCode } from '@documenso/lib/next-auth/error-codes';
+import { prisma } from '@documenso/prisma';
+import { User } from '@documenso/prisma/client';
+
+import { DOCUMENSO_ENCRYPTION_KEY } from '../../constants/crypto';
+import { symmetricEncrypt } from '../../universal/crypto';
+
+type SetupTwoFactorAuthenticationOptions = {
+  user: User;
+  password: string;
+};
+
+const ISSUER = 'Documenso';
+
+export const setupTwoFactorAuthentication = async ({
+  user,
+  password,
+}: SetupTwoFactorAuthenticationOptions) => {
+  const key = DOCUMENSO_ENCRYPTION_KEY;
+
+  if (!key) {
+    throw new Error(ErrorCode.MISSING_ENCRYPTION_KEY);
+  }
+
+  if (user.identityProvider !== 'DOCUMENSO') {
+    throw new Error(ErrorCode.INCORRECT_IDENTITY_PROVIDER);
+  }
+
+  if (!user.password) {
+    throw new Error(ErrorCode.USER_MISSING_PASSWORD);
+  }
+
+  const isCorrectPassword = await compare(password, user.password);
+
+  if (!isCorrectPassword) {
+    throw new Error(ErrorCode.INCORRECT_PASSWORD);
+  }
+
+  const secret = crypto.randomBytes(10);
+
+  const backupCodes = new Array(10)
+    .fill(null)
+    .map(() => crypto.randomBytes(5).toString('hex'))
+    .map((code) => `${code.slice(0, 5)}-${code.slice(5)}`.toUpperCase());
+
+  const accountName = user.email;
+  const uri = createTOTPKeyURI(ISSUER, accountName, secret);
+  const encodedSecret = base32.encode(secret);
+
+  await prisma.user.update({
+    where: {
+      id: user.id,
+    },
+    data: {
+      twoFactorEnabled: false,
+      twoFactorBackupCodes: symmetricEncrypt({
+        data: JSON.stringify(backupCodes),
+        key: key,
+      }),
+      twoFactorSecret: symmetricEncrypt({
+        data: encodedSecret,
+        key: key,
+      }),
+    },
+  });
+
+  return {
+    secret: encodedSecret,
+    uri,
+  };
+};

packages/lib/server-only/2fa/validate-2fa.ts

@@ -0,0 +1,35 @@
+import { User } from '@documenso/prisma/client';
+
+import { ErrorCode } from '../../next-auth/error-codes';
+import { verifyTwoFactorAuthenticationToken } from './verify-2fa-token';
+import { verifyBackupCode } from './verify-backup-code';
+
+type ValidateTwoFactorAuthenticationOptions = {
+  totpCode?: string;
+  backupCode?: string;
+  user: User;
+};
+
+export const validateTwoFactorAuthentication = async ({
+  backupCode,
+  totpCode,
+  user,
+}: ValidateTwoFactorAuthenticationOptions) => {
+  if (!user.twoFactorEnabled) {
+    throw new Error(ErrorCode.TWO_FACTOR_SETUP_REQUIRED);
+  }
+
+  if (!user.twoFactorSecret) {
+    throw new Error(ErrorCode.TWO_FACTOR_MISSING_SECRET);
+  }
+
+  if (totpCode) {
+    return await verifyTwoFactorAuthenticationToken({ user, totpCode });
+  }
+
+  if (backupCode) {
+    return await verifyBackupCode({ user, backupCode });
+  }
+
+  throw new Error(ErrorCode.TWO_FACTOR_MISSING_CREDENTIALS);
+};

packages/lib/server-only/2fa/verify-2fa-token.ts

@@ -0,0 +1,33 @@
+import { base32 } from '@scure/base';
+import { TOTPController } from 'oslo/otp';
+
+import { User } from '@documenso/prisma/client';
+
+import { DOCUMENSO_ENCRYPTION_KEY } from '../../constants/crypto';
+import { symmetricDecrypt } from '../../universal/crypto';
+
+const totp = new TOTPController();
+
+type VerifyTwoFactorAuthenticationTokenOptions = {
+  user: User;
+  totpCode: string;
+};
+
+export const verifyTwoFactorAuthenticationToken = async ({
+  user,
+  totpCode,
+}: VerifyTwoFactorAuthenticationTokenOptions) => {
+  const key = DOCUMENSO_ENCRYPTION_KEY;
+
+  if (!user.twoFactorSecret) {
+    throw new Error('user missing 2fa secret');
+  }
+
+  const secret = Buffer.from(symmetricDecrypt({ key, data: user.twoFactorSecret })).toString(
+    'utf-8',
+  );
+
+  const isValidToken = await totp.verify(totpCode, base32.decode(secret));
+
+  return isValidToken;
+};

packages/lib/server-only/2fa/verify-backup-code.ts

@@ -0,0 +1,18 @@
+import { User } from '@documenso/prisma/client';
+
+import { getBackupCodes } from './get-backup-code';
+
+type VerifyBackupCodeParams = {
+  user: User;
+  backupCode: string;
+};
+
+export const verifyBackupCode = async ({ user, backupCode }: VerifyBackupCodeParams) => {
+  const userBackupCodes = await getBackupCodes({ user });
+
+  if (!userBackupCodes) {
+    throw new Error('User has no backup codes');
+  }
+
+  return userBackupCodes.includes(backupCode);
+};

packages/lib/server-only/auth/hash.ts

@@ -1,4 +1,4 @@
-import { hashSync as bcryptHashSync } from 'bcrypt';
+import { compareSync as bcryptCompareSync, hashSync as bcryptHashSync } from 'bcrypt';
 
 import { SALT_ROUNDS } from '../../constants/auth';
 
@@ -8,3 +8,7 @@ import { SALT_ROUNDS } from '../../constants/auth';
 export const hashSync = (password: string) => {
   return bcryptHashSync(password, SALT_ROUNDS);
 };
+
+export const compareSync = (password: string, hash: string) => {
+  return bcryptCompareSync(password, hash);
+};

packages/lib/server-only/auth/send-confirmation-email.ts

@@ -0,0 +1,56 @@
+import { createElement } from 'react';
+
+import { mailer } from '@documenso/email/mailer';
+import { render } from '@documenso/email/render';
+import { ConfirmEmailTemplate } from '@documenso/email/templates/confirm-email';
+import { prisma } from '@documenso/prisma';
+
+export interface SendConfirmationEmailProps {
+  userId: number;
+}
+
+export const sendConfirmationEmail = async ({ userId }: SendConfirmationEmailProps) => {
+  const user = await prisma.user.findFirstOrThrow({
+    where: {
+      id: userId,
+    },
+    include: {
+      VerificationToken: {
+        orderBy: {
+          createdAt: 'desc',
+        },
+        take: 1,
+      },
+    },
+  });
+
+  const [verificationToken] = user.VerificationToken;
+
+  if (!verificationToken?.token) {
+    throw new Error('Verification token not found for the user');
+  }
+
+  const assetBaseUrl = process.env.NEXT_PUBLIC_WEBAPP_URL || 'http://localhost:3000';
+  const confirmationLink = `${assetBaseUrl}/verify-email/${verificationToken.token}`;
+  const senderName = process.env.NEXT_PRIVATE_SMTP_FROM_NAME || 'Documenso';
+  const senderAdress = process.env.NEXT_PRIVATE_SMTP_FROM_ADDRESS || 'noreply@documenso.com';
+
+  const confirmationTemplate = createElement(ConfirmEmailTemplate, {
+    assetBaseUrl,
+    confirmationLink,
+  });
+
+  return mailer.sendMail({
+    to: {
+      address: user.email,
+      name: user.name || '',
+    },
+    from: {
+      name: senderName,
+      address: senderAdress,
+    },
+    subject: 'Please confirm your email',
+    html: render(confirmationTemplate),
+    text: render(confirmationTemplate, { plainText: true }),
+  });
+};

packages/lib/server-only/document/delete-document.ts

@@ -0,0 +1,88 @@
+'use server';
+
+import { createElement } from 'react';
+
+import { mailer } from '@documenso/email/mailer';
+import { render } from '@documenso/email/render';
+import DocumentCancelTemplate from '@documenso/email/templates/document-cancel';
+import { prisma } from '@documenso/prisma';
+import { DocumentStatus } from '@documenso/prisma/client';
+
+import { FROM_ADDRESS, FROM_NAME } from '../../constants/email';
+
+export type DeleteDocumentOptions = {
+  id: number;
+  userId: number;
+  status: DocumentStatus;
+};
+
+export const deleteDocument = async ({ id, userId, status }: DeleteDocumentOptions) => {
+  // if the document is a draft, hard-delete
+  if (status === DocumentStatus.DRAFT) {
+    return await prisma.document.delete({ where: { id, userId, status: DocumentStatus.DRAFT } });
+  }
+
+  // if the document is pending, send cancellation emails to all recipients
+  if (status === DocumentStatus.PENDING) {
+    const user = await prisma.user.findFirstOrThrow({
+      where: {
+        id: userId,
+      },
+    });
+
+    const document = await prisma.document.findUnique({
+      where: {
+        id,
+        status,
+        userId,
+      },
+      include: {
+        Recipient: true,
+        documentMeta: true,
+      },
+    });
+
+    if (!document) {
+      throw new Error('Document not found');
+    }
+
+    if (document.Recipient.length > 0) {
+      await Promise.all(
+        document.Recipient.map(async (recipient) => {
+          const assetBaseUrl = process.env.NEXT_PUBLIC_WEBAPP_URL || 'http://localhost:3000';
+
+          const template = createElement(DocumentCancelTemplate, {
+            documentName: document.title,
+            inviterName: user.name || undefined,
+            inviterEmail: user.email,
+            assetBaseUrl,
+          });
+
+          await mailer.sendMail({
+            to: {
+              address: recipient.email,
+              name: recipient.name,
+            },
+            from: {
+              name: FROM_NAME,
+              address: FROM_ADDRESS,
+            },
+            subject: 'Document Cancelled',
+            html: render(template),
+            text: render(template, { plainText: true }),
+          });
+        }),
+      );
+    }
+  }
+
+  // If the document is not a draft, only soft-delete.
+  return await prisma.document.update({
+    where: {
+      id,
+    },
+    data: {
+      deletedAt: new Date().toISOString(),
+    },
+  });
+};

packages/lib/server-only/document/delete-draft-document.ts

@@ -1,13 +0,0 @@
-'use server';
-
-import { prisma } from '@documenso/prisma';
-import { DocumentStatus } from '@documenso/prisma/client';
-
-export type DeleteDraftDocumentOptions = {
-  id: number;
-  userId: number;
-};
-
-export const deleteDraftDocument = async ({ id, userId }: DeleteDraftDocumentOptions) => {
-  return await prisma.document.delete({ where: { id, userId, status: DocumentStatus.DRAFT } });
-};

packages/lib/server-only/document/find-documents.ts

@@ -55,17 +55,25 @@ export const findDocuments = async ({
       OR: [
         {
           userId,
+          deletedAt: null,
         },
         {
-          status: {
-            not: ExtendedDocumentStatus.DRAFT,
-          },
+          status: ExtendedDocumentStatus.COMPLETED,
           Recipient: {
             some: {
               email: user.email,
             },
           },
         },
+        {
+          status: ExtendedDocumentStatus.PENDING,
+          Recipient: {
+            some: {
+              email: user.email,
+            },
+          },
+          deletedAt: null,
+        },
       ],
     }))
     .with(ExtendedDocumentStatus.INBOX, () => ({
@@ -78,26 +86,29 @@ export const findDocuments = async ({
           signingStatus: SigningStatus.NOT_SIGNED,
         },
       },
+      deletedAt: null,
     }))
     .with(ExtendedDocumentStatus.DRAFT, () => ({
       userId,
       status: ExtendedDocumentStatus.DRAFT,
+      deletedAt: null,
     }))
     .with(ExtendedDocumentStatus.PENDING, () => ({
       OR: [
         {
           userId,
           status: ExtendedDocumentStatus.PENDING,
+          deletedAt: null,
         },
         {
           status: ExtendedDocumentStatus.PENDING,
-
           Recipient: {
             some: {
               email: user.email,
               signingStatus: SigningStatus.SIGNED,
             },
           },
+          deletedAt: null,
         },
       ],
     }))
@@ -106,6 +117,7 @@ export const findDocuments = async ({
         {
           userId,
           status: ExtendedDocumentStatus.COMPLETED,
+          deletedAt: null,
         },
         {
           status: ExtendedDocumentStatus.COMPLETED,

packages/lib/server-only/document/get-stats.ts

@@ -1,5 +1,6 @@
 import { prisma } from '@documenso/prisma';
-import { SigningStatus, User } from '@documenso/prisma/client';
+import type { User } from '@documenso/prisma/client';
+import { SigningStatus } from '@documenso/prisma/client';
 import { isExtendedDocumentStatus } from '@documenso/prisma/guards/is-extended-document-status';
 import { ExtendedDocumentStatus } from '@documenso/prisma/types/extended-document-status';
 
@@ -16,6 +17,7 @@ export const getStats = async ({ user }: GetStatsInput) => {
       },
       where: {
         userId: user.id,
+        deletedAt: null,
       },
     }),
     prisma.document.groupBy({
@@ -31,6 +33,7 @@ export const getStats = async ({ user }: GetStatsInput) => {
             signingStatus: SigningStatus.NOT_SIGNED,
           },
         },
+        deletedAt: null,
       },
     }),
     prisma.document.groupBy({
@@ -39,15 +42,27 @@ export const getStats = async ({ user }: GetStatsInput) => {
         _all: true,
       },
       where: {
-        status: {
-          not: ExtendedDocumentStatus.DRAFT,
-        },
-        Recipient: {
-          some: {
-            email: user.email,
-            signingStatus: SigningStatus.SIGNED,
+        OR: [
+          {
+            status: ExtendedDocumentStatus.PENDING,
+            Recipient: {
+              some: {
+                email: user.email,
+                signingStatus: SigningStatus.SIGNED,
+              },
+            },
+            deletedAt: null,
           },
-        },
+          {
+            status: ExtendedDocumentStatus.COMPLETED,
+            Recipient: {
+              some: {
+                email: user.email,
+                signingStatus: SigningStatus.SIGNED,
+              },
+            },
+          },
+        ],
       },
     }),
   ]);

packages/lib/server-only/document/resend-document.tsx

@@ -57,7 +57,7 @@ export const resendDocument = async ({ documentId, userId, recipients }: ResendD
     throw new Error('Can not send completed document');
   }
 
-  await Promise.all([
+  await Promise.all(
     document.Recipient.map(async (recipient) => {
       const { email, name } = recipient;
 
@@ -95,5 +95,5 @@ export const resendDocument = async ({ documentId, userId, recipients }: ResendD
         text: render(template, { plainText: true }),
       });
     }),
-  ]);
+  );
 };

packages/lib/server-only/document/search-documents-with-keyword.ts

@@ -0,0 +1,81 @@
+import { prisma } from '@documenso/prisma';
+import { DocumentStatus } from '@documenso/prisma/client';
+
+export type SearchDocumentsWithKeywordOptions = {
+  query: string;
+  userId: number;
+  limit?: number;
+};
+
+export const searchDocumentsWithKeyword = async ({
+  query,
+  userId,
+  limit = 5,
+}: SearchDocumentsWithKeywordOptions) => {
+  const user = await prisma.user.findFirstOrThrow({
+    where: {
+      id: userId,
+    },
+  });
+
+  const documents = await prisma.document.findMany({
+    where: {
+      OR: [
+        {
+          title: {
+            contains: query,
+            mode: 'insensitive',
+          },
+          userId: userId,
+          deletedAt: null,
+        },
+        {
+          Recipient: {
+            some: {
+              email: {
+                contains: query,
+                mode: 'insensitive',
+              },
+            },
+          },
+          userId: userId,
+          deletedAt: null,
+        },
+        {
+          status: DocumentStatus.COMPLETED,
+          Recipient: {
+            some: {
+              email: user.email,
+            },
+          },
+          title: {
+            contains: query,
+            mode: 'insensitive',
+          },
+        },
+        {
+          status: DocumentStatus.PENDING,
+          Recipient: {
+            some: {
+              email: user.email,
+            },
+          },
+          title: {
+            contains: query,
+            mode: 'insensitive',
+          },
+          deletedAt: null,
+        },
+      ],
+    },
+    include: {
+      Recipient: true,
+    },
+    orderBy: {
+      createdAt: 'desc',
+    },
+    take: limit,
+  });
+
+  return documents;
+};

packages/lib/server-only/document/send-completed-email.ts

@@ -32,7 +32,7 @@ export const sendCompletedEmail = async ({ documentId }: SendDocumentOptions) =>
 
   const buffer = await getFile(document.documentData);
 
-  await Promise.all([
+  await Promise.all(
     document.Recipient.map(async (recipient) => {
       const { email, name, token } = recipient;
 
@@ -64,5 +64,5 @@ export const sendCompletedEmail = async ({ documentId }: SendDocumentOptions) =>
         ],
       });
     }),
-  ]);
+  );
 };

packages/lib/server-only/document/send-document.tsx

@@ -45,7 +45,7 @@ export const sendDocument = async ({ documentId, userId }: SendDocumentOptions)
     throw new Error('Can not send completed document');
   }
 
-  await Promise.all([
+  await Promise.all(
     document.Recipient.map(async (recipient) => {
       const { email, name } = recipient;
 
@@ -96,7 +96,7 @@ export const sendDocument = async ({ documentId, userId }: SendDocumentOptions)
         },
       });
     }),
-  ]);
+  );
 
   const updatedDocument = await prisma.document.update({
     where: {

packages/lib/server-only/document/update-title.ts

@@ -0,0 +1,21 @@
+'use server';
+
+import { prisma } from '@documenso/prisma';
+
+export type UpdateTitleOptions = {
+  userId: number;
+  documentId: number;
+  title: string;
+};
+
+export const updateTitle = async ({ userId, documentId, title }: UpdateTitleOptions) => {
+  return await prisma.document.update({
+    where: {
+      id: documentId,
+      userId,
+    },
+    data: {
+      title,
+    },
+  });
+};

packages/lib/server-only/field/sign-field-with-token.ts

@@ -37,6 +37,10 @@ export const signFieldWithToken = async ({
     throw new Error(`Document ${document.id} has already been completed`);
   }
 
+  if (document.deletedAt) {
+    throw new Error(`Document ${document.id} has been deleted`);
+  }
+
   if (recipient?.signingStatus === SigningStatus.SIGNED) {
     throw new Error(`Recipient ${recipient.id} has already signed`);
   }
@@ -54,6 +58,7 @@ export const signFieldWithToken = async ({
     field.type === FieldType.SIGNATURE || field.type === FieldType.FREE_SIGNATURE;
 
   let customText = !isSignatureField ? value : undefined;
+
   const signatureImageAsBase64 = isSignatureField && isBase64 ? value : undefined;
   const typedSignature = isSignatureField && !isBase64 ? value : undefined;
 
@@ -61,29 +66,48 @@ export const signFieldWithToken = async ({
     customText = DateTime.now().toFormat('yyyy-MM-dd hh:mm a');
   }
 
-  await prisma.field.update({
-    where: {
-      id: field.id,
-    },
-    data: {
-      customText,
-      inserted: true,
-      Signature: isSignatureField
-        ? {
-            upsert: {
-              create: {
-                recipientId: field.recipientId,
-                signatureImageAsBase64,
-                typedSignature,
-              },
-              update: {
-                recipientId: field.recipientId,
-                signatureImageAsBase64,
-                typedSignature,
-              },
-            },
-          }
-        : undefined,
-    },
+  if (isSignatureField && !signatureImageAsBase64 && !typedSignature) {
+    throw new Error('Signature field must have a signature');
+  }
+
+  return await prisma.$transaction(async (tx) => {
+    const updatedField = await tx.field.update({
+      where: {
+        id: field.id,
+      },
+      data: {
+        customText,
+        inserted: true,
+      },
+    });
+
+    if (isSignatureField) {
+      if (!field.recipientId) {
+        throw new Error('Field has no recipientId');
+      }
+
+      const signature = await tx.signature.upsert({
+        where: {
+          fieldId: field.id,
+        },
+        create: {
+          fieldId: field.id,
+          recipientId: field.recipientId,
+          signatureImageAsBase64: signatureImageAsBase64,
+          typedSignature: typedSignature,
+        },
+        update: {
+          signatureImageAsBase64: signatureImageAsBase64,
+          typedSignature: typedSignature,
+        },
+      });
+
+      // Dirty but I don't want to deal with type information
+      Object.assign(updatedField, {
+        Signature: signature,
+      });
+    }
+
+    return updatedField;
   });
 };

packages/lib/server-only/pdf/insert-field-in-pdf.ts

@@ -2,7 +2,6 @@ import fontkit from '@pdf-lib/fontkit';
 import { PDFDocument, StandardFonts } from 'pdf-lib';
 
 import {
-  CAVEAT_FONT_PATH,
   DEFAULT_HANDWRITING_FONT_SIZE,
   DEFAULT_STANDARD_FONT_SIZE,
   MIN_HANDWRITING_FONT_SIZE,
@@ -10,12 +9,12 @@ import {
 } from '@documenso/lib/constants/pdf';
 import { FieldType } from '@documenso/prisma/client';
 import { isSignatureFieldType } from '@documenso/prisma/guards/is-signature-field';
-import { FieldWithSignature } from '@documenso/prisma/types/field-with-signature';
+import type { FieldWithSignature } from '@documenso/prisma/types/field-with-signature';
 
 export const insertFieldInPDF = async (pdf: PDFDocument, field: FieldWithSignature) => {
-  // Fetch the font file from the public URL.
-  const fontResponse = await fetch(CAVEAT_FONT_PATH);
-  const fontCaveat = await fontResponse.arrayBuffer();
+  const fontCaveat = await fetch(process.env.FONT_CAVEAT_URI).then(async (res) =>
+    res.arrayBuffer(),
+  );
 
   const isSignatureField = isSignatureFieldType(field.type);
 

packages/lib/server-only/user/generate-confirmation-token.ts

@@ -0,0 +1,41 @@
+import crypto from 'crypto';
+
+import { prisma } from '@documenso/prisma';
+
+import { ONE_HOUR } from '../../constants/time';
+import { sendConfirmationEmail } from '../auth/send-confirmation-email';
+
+const IDENTIFIER = 'confirmation-email';
+
+export const generateConfirmationToken = async ({ email }: { email: string }) => {
+  const token = crypto.randomBytes(20).toString('hex');
+
+  const user = await prisma.user.findFirst({
+    where: {
+      email: email,
+    },
+  });
+
+  if (!user) {
+    throw new Error('User not found');
+  }
+
+  const createdToken = await prisma.verificationToken.create({
+    data: {
+      identifier: IDENTIFIER,
+      token: token,
+      expires: new Date(Date.now() + ONE_HOUR),
+      user: {
+        connect: {
+          id: user.id,
+        },
+      },
+    },
+  });
+
+  if (!createdToken) {
+    throw new Error(`Failed to create the verification token`);
+  }
+
+  return sendConfirmationEmail({ userId: user.id });
+};

packages/lib/server-only/user/get-all-users.ts

@@ -32,7 +32,7 @@ export const findUsers = async ({
   });
 
   const [users, count] = await Promise.all([
-    await prisma.user.findMany({
+    prisma.user.findMany({
       include: {
         Subscription: true,
         Document: {
@@ -45,7 +45,7 @@ export const findUsers = async ({
       skip: Math.max(page - 1, 0) * perPage,
       take: perPage,
     }),
-    await prisma.user.count({
+    prisma.user.count({
       where: whereClause,
     }),
   ]);

packages/lib/server-only/user/send-confirmation-token.ts

@@ -0,0 +1,41 @@
+import crypto from 'crypto';
+
+import { prisma } from '@documenso/prisma';
+
+import { ONE_HOUR } from '../../constants/time';
+import { sendConfirmationEmail } from '../auth/send-confirmation-email';
+
+const IDENTIFIER = 'confirmation-email';
+
+export const sendConfirmationToken = async ({ email }: { email: string }) => {
+  const token = crypto.randomBytes(20).toString('hex');
+
+  const user = await prisma.user.findFirst({
+    where: {
+      email: email,
+    },
+  });
+
+  if (!user) {
+    throw new Error('User not found');
+  }
+
+  const createdToken = await prisma.verificationToken.create({
+    data: {
+      identifier: IDENTIFIER,
+      token: token,
+      expires: new Date(Date.now() + ONE_HOUR),
+      user: {
+        connect: {
+          id: user.id,
+        },
+      },
+    },
+  });
+
+  if (!createdToken) {
+    throw new Error(`Failed to create the verification token`);
+  }
+
+  return sendConfirmationEmail({ userId: user.id });
+};

packages/lib/server-only/user/verify-email.ts

@@ -0,0 +1,70 @@
+import { DateTime } from 'luxon';
+
+import { prisma } from '@documenso/prisma';
+
+import { sendConfirmationToken } from './send-confirmation-token';
+
+export type VerifyEmailProps = {
+  token: string;
+};
+
+export const verifyEmail = async ({ token }: VerifyEmailProps) => {
+  const verificationToken = await prisma.verificationToken.findFirst({
+    include: {
+      user: true,
+    },
+    where: {
+      token,
+    },
+  });
+
+  if (!verificationToken) {
+    return null;
+  }
+
+  // check if the token is valid or expired
+  const valid = verificationToken.expires > new Date();
+
+  if (!valid) {
+    const mostRecentToken = await prisma.verificationToken.findFirst({
+      where: {
+        userId: verificationToken.userId,
+      },
+      orderBy: {
+        createdAt: 'desc',
+      },
+    });
+
+    // If there isn't a recent token or it's older than 1 hour, send a new token
+    if (
+      !mostRecentToken ||
+      DateTime.now().minus({ hours: 1 }).toJSDate() > mostRecentToken.createdAt
+    ) {
+      await sendConfirmationToken({ email: verificationToken.user.email });
+    }
+
+    return valid;
+  }
+
+  const [updatedUser, deletedToken] = await prisma.$transaction([
+    prisma.user.update({
+      where: {
+        id: verificationToken.userId,
+      },
+      data: {
+        emailVerified: new Date(),
+      },
+    }),
+    prisma.verificationToken.deleteMany({
+      where: {
+        userId: verificationToken.userId,
+      },
+    }),
+  ]);
+
+  if (!updatedUser || !deletedToken) {
+    throw new Error('Something went wrong while verifying your email. Please try again.');
+  }
+
+  return !!updatedUser && !!deletedToken;
+};

packages/lib/types/next-auth.d.ts

@@ -6,11 +6,11 @@ declare module 'next-auth' {
     user: User;
   }
 
-  interface User extends Omit<DefaultUser, 'id' | 'image'> {
+  interface User extends Omit<DefaultUser, 'id' | 'image' | 'emailVerified'> {
     id: PrismaUser['id'];
     name?: PrismaUser['name'];
     email?: PrismaUser['email'];
-    emailVerified?: PrismaUser['emailVerified'];
+    emailVerified?: string | null;
   }
 }
 
@@ -19,6 +19,7 @@ declare module 'next-auth/jwt' {
     id: string | number;
     name?: string | null;
     email: string | null;
+    emailVerified?: string | null;
     lastSignedIn?: string | null;
   }
 }

packages/lib/universal/crypto.ts

@@ -0,0 +1,32 @@
+import { xchacha20poly1305 } from '@noble/ciphers/chacha';
+import { bytesToHex, hexToBytes, utf8ToBytes } from '@noble/ciphers/utils';
+import { managedNonce } from '@noble/ciphers/webcrypto/utils';
+import { sha256 } from '@noble/hashes/sha256';
+
+export type SymmetricEncryptOptions = {
+  key: string;
+  data: string;
+};
+
+export const symmetricEncrypt = ({ key, data }: SymmetricEncryptOptions) => {
+  const keyAsBytes = sha256(key);
+  const dataAsBytes = utf8ToBytes(data);
+
+  const chacha = managedNonce(xchacha20poly1305)(keyAsBytes); // manages nonces for you
+
+  return bytesToHex(chacha.encrypt(dataAsBytes));
+};
+
+export type SymmetricDecryptOptions = {
+  key: string;
+  data: string;
+};
+
+export const symmetricDecrypt = ({ key, data }: SymmetricDecryptOptions) => {
+  const keyAsBytes = sha256(key);
+  const dataAsBytes = hexToBytes(data);
+
+  const chacha = managedNonce(xchacha20poly1305)(keyAsBytes); // manages nonces for you
+
+  return chacha.decrypt(dataAsBytes);
+};

packages/lib/universal/upload/server-actions.ts

@@ -1,5 +1,8 @@
 'use server';
 
+import { headers } from 'next/headers';
+import { NextRequest } from 'next/server';
+
 import {
   DeleteObjectCommand,
   GetObjectCommand,
@@ -7,10 +10,11 @@ import {
   S3Client,
 } from '@aws-sdk/client-s3';
 import slugify from '@sindresorhus/slugify';
+import { type JWT, getToken } from 'next-auth/jwt';
 import path from 'node:path';
 
+import { APP_BASE_URL } from '../../constants/app';
 import { ONE_HOUR, ONE_SECOND } from '../../constants/time';
-import { getServerComponentSession } from '../../next-auth/get-server-component-session';
 import { alphaid } from '../id';
 
 export const getPresignPostUrl = async (fileName: string, contentType: string) => {
@@ -18,15 +22,25 @@ export const getPresignPostUrl = async (fileName: string, contentType: string) =
 
   const { getSignedUrl } = await import('@aws-sdk/s3-request-presigner');
 
-  const { user } = await getServerComponentSession();
+  let token: JWT | null = null;
+
+  try {
+    token = await getToken({
+      req: new NextRequest(APP_BASE_URL ?? 'http://localhost:3000', {
+        headers: headers(),
+      }),
+    });
+  } catch (err) {
+    // Non server-component environment
+  }
 
   // Get the basename and extension for the file
   const { name, ext } = path.parse(fileName);
 
   let key = `${alphaid(12)}/${slugify(name)}${ext}`;
 
-  if (user) {
-    key = `${user.id}/${key}`;
+  if (token) {
+    key = `${token.id}/${key}`;
   }
 
   const putObjectCommand = new PutObjectCommand({

packages/prisma/migrations/20231025074705_add_email_confirmation_registration/migration.sql

@@ -0,0 +1,17 @@
+-- CreateTable
+CREATE TABLE "VerificationToken" (
+    "id" SERIAL NOT NULL,
+    "identifier" TEXT NOT NULL,
+    "token" TEXT NOT NULL,
+    "expires" TIMESTAMP(3) NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "userId" INTEGER NOT NULL,
+
+    CONSTRAINT "VerificationToken_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "VerificationToken_token_key" ON "VerificationToken"("token");
+
+-- AddForeignKey
+ALTER TABLE "VerificationToken" ADD CONSTRAINT "VerificationToken_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE RESTRICT ON UPDATE CASCADE;

packages/prisma/migrations/20231031072857_verify_existing_users/migration.sql

@@ -0,0 +1,3 @@
+UPDATE "User"
+SET "emailVerified" = CURRENT_TIMESTAMP
+WHERE "emailVerified" IS NULL;

packages/prisma/migrations/20231105184518_add_2fa/migration.sql

@@ -0,0 +1,4 @@
+-- AlterTable
+ALTER TABLE "User" ADD COLUMN     "twoFactorBackupCodes" TEXT,
+ADD COLUMN     "twoFactorEnabled" BOOLEAN NOT NULL DEFAULT false,
+ADD COLUMN     "twoFactorSecret" TEXT;

packages/prisma/migrations/20231202134005_deletedocuments/migration.sql

@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "Document" ADD COLUMN     "deletedAt" TIMESTAMP(3);

packages/prisma/migrations/20231205000309_add_cascade_delete_for_verification_tokens/migration.sql

@@ -0,0 +1,5 @@
+-- DropForeignKey
+ALTER TABLE "VerificationToken" DROP CONSTRAINT "VerificationToken_userId_fkey";
+
+-- AddForeignKey
+ALTER TABLE "VerificationToken" ADD CONSTRAINT "VerificationToken_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;

packages/prisma/schema.prisma

@@ -19,23 +19,27 @@ enum Role {
 }
 
 model User {
-  id                 Int                  @id @default(autoincrement())
-  name               String?
-  email              String               @unique
-  emailVerified      DateTime?
-  password           String?
-  source             String?
-  signature          String?
-  createdAt          DateTime             @default(now())
-  updatedAt          DateTime             @default(now()) @updatedAt
-  lastSignedIn       DateTime             @default(now())
-  roles              Role[]               @default([USER])
-  identityProvider   IdentityProvider     @default(DOCUMENSO)
-  accounts           Account[]
-  sessions           Session[]
-  Document           Document[]
-  Subscription       Subscription?
-  PasswordResetToken PasswordResetToken[]
+  id                   Int                  @id @default(autoincrement())
+  name                 String?
+  email                String               @unique
+  emailVerified        DateTime?
+  password             String?
+  source               String?
+  signature            String?
+  createdAt            DateTime             @default(now())
+  updatedAt            DateTime             @default(now()) @updatedAt
+  lastSignedIn         DateTime             @default(now())
+  roles                Role[]               @default([USER])
+  identityProvider     IdentityProvider     @default(DOCUMENSO)
+  accounts             Account[]
+  sessions             Session[]
+  Document             Document[]
+  Subscription         Subscription?
+  PasswordResetToken   PasswordResetToken[]
+  twoFactorSecret      String?
+  twoFactorEnabled     Boolean              @default(false)
+  twoFactorBackupCodes String?
+  VerificationToken    VerificationToken[]
 
   @@index([email])
 }
@@ -49,6 +53,16 @@ model PasswordResetToken {
   User      User     @relation(fields: [userId], references: [id])
 }
 
+model VerificationToken {
+  id         Int      @id @default(autoincrement())
+  identifier String
+  token      String   @unique
+  expires    DateTime
+  createdAt  DateTime @default(now())
+  userId     Int
+  user       User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+}
+
 enum SubscriptionStatus {
   ACTIVE
   PAST_DUE
@@ -121,6 +135,7 @@ model Document {
   createdAt      DateTime            @default(now())
   updatedAt      DateTime            @default(now()) @updatedAt
   completedAt    DateTime?
+  deletedAt      DateTime?
 
   @@unique([documentDataId])
   @@index([userId])

packages/prisma/seed-database.ts

@@ -1,74 +1,22 @@
-import { DocumentDataType, Role } from '@prisma/client';
 import fs from 'node:fs';
 import path from 'node:path';
 
-import { hashSync } from '@documenso/lib/server-only/auth/hash';
-
-import { prisma } from './index';
-
 const seedDatabase = async () => {
-  const examplePdf = fs
-    .readFileSync(path.join(__dirname, '../../assets/example.pdf'))
-    .toString('base64');
+  const files = fs.readdirSync(path.join(__dirname, './seed'));
 
-  const exampleUser = await prisma.user.upsert({
-    where: {
-      email: 'example@documenso.com',
-    },
-    create: {
-      name: 'Example User',
-      email: 'example@documenso.com',
-      password: hashSync('password'),
-      roles: [Role.USER],
-    },
-    update: {},
-  });
+  for (const file of files) {
+    const stat = fs.statSync(path.join(__dirname, './seed', file));
 
-  const adminUser = await prisma.user.upsert({
-    where: {
-      email: 'admin@documenso.com',
-    },
-    create: {
-      name: 'Admin User',
-      email: 'admin@documenso.com',
-      password: hashSync('password'),
-      roles: [Role.USER, Role.ADMIN],
-    },
-    update: {},
-  });
+    if (stat.isFile()) {
+      // eslint-disable-next-line @typescript-eslint/no-var-requires
+      const mod = require(path.join(__dirname, './seed', file));
 
-  const examplePdfData = await prisma.documentData.upsert({
-    where: {
-      id: 'clmn0kv5k0000pe04vcqg5zla',
-    },
-    create: {
-      id: 'clmn0kv5k0000pe04vcqg5zla',
-      type: DocumentDataType.BYTES_64,
-      data: examplePdf,
-      initialData: examplePdf,
-    },
-    update: {},
-  });
-
-  await prisma.document.upsert({
-    where: {
-      id: 1,
-    },
-    create: {
-      id: 1,
-      title: 'Example Document',
-      documentDataId: examplePdfData.id,
-      userId: exampleUser.id,
-      Recipient: {
-        create: {
-          name: String(adminUser.name),
-          email: adminUser.email,
-          token: Math.random().toString(36).slice(2, 9),
-        },
-      },
-    },
-    update: {},
-  });
+      if ('seedDatabase' in mod && typeof mod.seedDatabase === 'function') {
+        console.log(`[SEEDING]: ${file}`);
+        await mod.seedDatabase();
+      }
+    }
+  }
 };
 
 seedDatabase()

packages/prisma/seed/initial-seed.ts

@@ -0,0 +1,67 @@
+import fs from 'node:fs';
+import path from 'node:path';
+
+import { hashSync } from '@documenso/lib/server-only/auth/hash';
+
+import { prisma } from '..';
+import { DocumentDataType, Role } from '../client';
+
+export const seedDatabase = async () => {
+  const examplePdf = fs
+    .readFileSync(path.join(__dirname, '../../../assets/example.pdf'))
+    .toString('base64');
+
+  const exampleUser = await prisma.user.upsert({
+    where: {
+      email: 'example@documenso.com',
+    },
+    create: {
+      name: 'Example User',
+      email: 'example@documenso.com',
+      password: hashSync('password'),
+      roles: [Role.USER],
+    },
+    update: {},
+  });
+
+  const adminUser = await prisma.user.upsert({
+    where: {
+      email: 'admin@documenso.com',
+    },
+    create: {
+      name: 'Admin User',
+      email: 'admin@documenso.com',
+      password: hashSync('password'),
+      roles: [Role.USER, Role.ADMIN],
+    },
+    update: {},
+  });
+
+  const examplePdfData = await prisma.documentData.upsert({
+    where: {
+      id: 'clmn0kv5k0000pe04vcqg5zla',
+    },
+    create: {
+      id: 'clmn0kv5k0000pe04vcqg5zla',
+      type: DocumentDataType.BYTES_64,
+      data: examplePdf,
+      initialData: examplePdf,
+    },
+    update: {},
+  });
+
+  await prisma.document.create({
+    data: {
+      title: 'Example Document',
+      documentDataId: examplePdfData.id,
+      userId: exampleUser.id,
+      Recipient: {
+        create: {
+          name: String(adminUser.name),
+          email: adminUser.email,
+          token: Math.random().toString(36).slice(2, 9),
+        },
+      },
+    },
+  });
+};

packages/prisma/seed/pr-711-deletion-of-documents.ts

@@ -0,0 +1,221 @@
+import type { User } from '@prisma/client';
+import fs from 'node:fs';
+import path from 'node:path';
+
+import { hashSync } from '@documenso/lib/server-only/auth/hash';
+
+import { prisma } from '..';
+import {
+  DocumentDataType,
+  DocumentStatus,
+  FieldType,
+  Prisma,
+  ReadStatus,
+  SendStatus,
+  SigningStatus,
+} from '../client';
+
+const PULL_REQUEST_NUMBER = 711;
+const EMAIL_DOMAIN = `pr-${PULL_REQUEST_NUMBER}.documenso.com`;
+
+export const TEST_USERS = [
+  {
+    name: 'Sender 1',
+    email: `sender1@${EMAIL_DOMAIN}`,
+    password: 'Password123',
+  },
+  {
+    name: 'Sender 2',
+    email: `sender2@${EMAIL_DOMAIN}`,
+    password: 'Password123',
+  },
+  {
+    name: 'Sender 3',
+    email: `sender3@${EMAIL_DOMAIN}`,
+    password: 'Password123',
+  },
+] as const;
+
+const examplePdf = fs
+  .readFileSync(path.join(__dirname, '../../../assets/example.pdf'))
+  .toString('base64');
+
+export const seedDatabase = async () => {
+  const users = await Promise.all(
+    TEST_USERS.map(async (u) =>
+      prisma.user.create({
+        data: {
+          name: u.name,
+          email: u.email,
+          password: hashSync(u.password),
+          emailVerified: new Date(),
+        },
+      }),
+    ),
+  );
+
+  const [user1, user2, user3] = users;
+
+  await createDraftDocument(user1, [user2, user3]);
+  await createPendingDocument(user1, [user2, user3]);
+  await createCompletedDocument(user1, [user2, user3]);
+};
+
+const createDraftDocument = async (sender: User, recipients: User[]) => {
+  const documentData = await prisma.documentData.create({
+    data: {
+      type: DocumentDataType.BYTES_64,
+      data: examplePdf,
+      initialData: examplePdf,
+    },
+  });
+
+  const document = await prisma.document.create({
+    data: {
+      title: `[${PULL_REQUEST_NUMBER}] Document 1 - Draft`,
+      status: DocumentStatus.DRAFT,
+      documentDataId: documentData.id,
+      userId: sender.id,
+    },
+  });
+
+  for (const recipient of recipients) {
+    const index = recipients.indexOf(recipient);
+
+    await prisma.recipient.create({
+      data: {
+        email: String(recipient.email),
+        name: String(recipient.name),
+        token: `draft-token-${index}`,
+        readStatus: ReadStatus.NOT_OPENED,
+        sendStatus: SendStatus.NOT_SENT,
+        signingStatus: SigningStatus.NOT_SIGNED,
+        signedAt: new Date(),
+        Document: {
+          connect: {
+            id: document.id,
+          },
+        },
+        Field: {
+          create: {
+            page: 1,
+            type: FieldType.NAME,
+            inserted: true,
+            customText: String(recipient.name),
+            positionX: new Prisma.Decimal(1),
+            positionY: new Prisma.Decimal(1),
+            width: new Prisma.Decimal(1),
+            height: new Prisma.Decimal(1),
+            documentId: document.id,
+          },
+        },
+      },
+    });
+  }
+};
+
+const createPendingDocument = async (sender: User, recipients: User[]) => {
+  const documentData = await prisma.documentData.create({
+    data: {
+      type: DocumentDataType.BYTES_64,
+      data: examplePdf,
+      initialData: examplePdf,
+    },
+  });
+
+  const document = await prisma.document.create({
+    data: {
+      title: `[${PULL_REQUEST_NUMBER}] Document 1 - Pending`,
+      status: DocumentStatus.PENDING,
+      documentDataId: documentData.id,
+      userId: sender.id,
+    },
+  });
+
+  for (const recipient of recipients) {
+    const index = recipients.indexOf(recipient);
+
+    await prisma.recipient.create({
+      data: {
+        email: String(recipient.email),
+        name: String(recipient.name),
+        token: `pending-token-${index}`,
+        readStatus: ReadStatus.OPENED,
+        sendStatus: SendStatus.SENT,
+        signingStatus: SigningStatus.SIGNED,
+        signedAt: new Date(),
+        Document: {
+          connect: {
+            id: document.id,
+          },
+        },
+        Field: {
+          create: {
+            page: 1,
+            type: FieldType.NAME,
+            inserted: true,
+            customText: String(recipient.name),
+            positionX: new Prisma.Decimal(1),
+            positionY: new Prisma.Decimal(1),
+            width: new Prisma.Decimal(1),
+            height: new Prisma.Decimal(1),
+            documentId: document.id,
+          },
+        },
+      },
+    });
+  }
+};
+
+const createCompletedDocument = async (sender: User, recipients: User[]) => {
+  const documentData = await prisma.documentData.create({
+    data: {
+      type: DocumentDataType.BYTES_64,
+      data: examplePdf,
+      initialData: examplePdf,
+    },
+  });
+
+  const document = await prisma.document.create({
+    data: {
+      title: `[${PULL_REQUEST_NUMBER}] Document 1 - Completed`,
+      status: DocumentStatus.COMPLETED,
+      documentDataId: documentData.id,
+      userId: sender.id,
+    },
+  });
+
+  for (const recipient of recipients) {
+    const index = recipients.indexOf(recipient);
+
+    await prisma.recipient.create({
+      data: {
+        email: String(recipient.email),
+        name: String(recipient.name),
+        token: `completed-token-${index}`,
+        readStatus: ReadStatus.OPENED,
+        sendStatus: SendStatus.SENT,
+        signingStatus: SigningStatus.SIGNED,
+        signedAt: new Date(),
+        Document: {
+          connect: {
+            id: document.id,
+          },
+        },
+        Field: {
+          create: {
+            page: 1,
+            type: FieldType.NAME,
+            inserted: true,
+            customText: String(recipient.name),
+            positionX: new Prisma.Decimal(1),
+            positionY: new Prisma.Decimal(1),
+            width: new Prisma.Decimal(1),
+            height: new Prisma.Decimal(1),
+            documentId: document.id,
+          },
+        },
+      },
+    });
+  }
+};

packages/prisma/seed/pr-713-add-document-search-to-command-menu.ts

@@ -0,0 +1,167 @@
+import type { User } from '@prisma/client';
+import fs from 'node:fs';
+import path from 'node:path';
+
+import { hashSync } from '@documenso/lib/server-only/auth/hash';
+
+import { prisma } from '..';
+import {
+  DocumentDataType,
+  DocumentStatus,
+  FieldType,
+  Prisma,
+  ReadStatus,
+  SendStatus,
+  SigningStatus,
+} from '../client';
+
+//
+// https://github.com/documenso/documenso/pull/713
+//
+
+const PULL_REQUEST_NUMBER = 713;
+
+const EMAIL_DOMAIN = `pr-${PULL_REQUEST_NUMBER}.documenso.com`;
+
+export const TEST_USERS = [
+  {
+    name: 'User 1',
+    email: `user1@${EMAIL_DOMAIN}`,
+    password: 'Password123',
+  },
+  {
+    name: 'User 2',
+    email: `user2@${EMAIL_DOMAIN}`,
+    password: 'Password123',
+  },
+] as const;
+
+const examplePdf = fs
+  .readFileSync(path.join(__dirname, '../../../assets/example.pdf'))
+  .toString('base64');
+
+export const seedDatabase = async () => {
+  const users = await Promise.all(
+    TEST_USERS.map(async (u) =>
+      prisma.user.create({
+        data: {
+          name: u.name,
+          email: u.email,
+          password: hashSync(u.password),
+          emailVerified: new Date(),
+        },
+      }),
+    ),
+  );
+
+  const [user1, user2] = users;
+
+  await createSentDocument(user1, [user2]);
+  await createReceivedDocument(user2, [user1]);
+};
+
+const createSentDocument = async (sender: User, recipients: User[]) => {
+  const documentData = await prisma.documentData.create({
+    data: {
+      type: DocumentDataType.BYTES_64,
+      data: examplePdf,
+      initialData: examplePdf,
+    },
+  });
+
+  const document = await prisma.document.create({
+    data: {
+      title: `[${PULL_REQUEST_NUMBER}] Document - Sent`,
+      status: DocumentStatus.PENDING,
+      documentDataId: documentData.id,
+      userId: sender.id,
+    },
+  });
+
+  for (const recipient of recipients) {
+    const index = recipients.indexOf(recipient);
+
+    await prisma.recipient.create({
+      data: {
+        email: String(recipient.email),
+        name: String(recipient.name),
+        token: `sent-token-${index}`,
+        readStatus: ReadStatus.NOT_OPENED,
+        sendStatus: SendStatus.SENT,
+        signingStatus: SigningStatus.NOT_SIGNED,
+        signedAt: new Date(),
+        Document: {
+          connect: {
+            id: document.id,
+          },
+        },
+        Field: {
+          create: {
+            page: 1,
+            type: FieldType.NAME,
+            inserted: true,
+            customText: String(recipient.name),
+            positionX: new Prisma.Decimal(1),
+            positionY: new Prisma.Decimal(1),
+            width: new Prisma.Decimal(1),
+            height: new Prisma.Decimal(1),
+            documentId: document.id,
+          },
+        },
+      },
+    });
+  }
+};
+
+const createReceivedDocument = async (sender: User, recipients: User[]) => {
+  const documentData = await prisma.documentData.create({
+    data: {
+      type: DocumentDataType.BYTES_64,
+      data: examplePdf,
+      initialData: examplePdf,
+    },
+  });
+
+  const document = await prisma.document.create({
+    data: {
+      title: `[${PULL_REQUEST_NUMBER}] Document - Received`,
+      status: DocumentStatus.PENDING,
+      documentDataId: documentData.id,
+      userId: sender.id,
+    },
+  });
+
+  for (const recipient of recipients) {
+    const index = recipients.indexOf(recipient);
+
+    await prisma.recipient.create({
+      data: {
+        email: String(recipient.email),
+        name: String(recipient.name),
+        token: `received-token-${index}`,
+        readStatus: ReadStatus.NOT_OPENED,
+        sendStatus: SendStatus.SENT,
+        signingStatus: SigningStatus.NOT_SIGNED,
+        signedAt: new Date(),
+        Document: {
+          connect: {
+            id: document.id,
+          },
+        },
+        Field: {
+          create: {
+            page: 1,
+            type: FieldType.NAME,
+            inserted: true,
+            customText: String(recipient.name),
+            positionX: new Prisma.Decimal(1),
+            positionY: new Prisma.Decimal(1),
+            width: new Prisma.Decimal(1),
+            height: new Prisma.Decimal(1),
+            documentId: document.id,
+          },
+        },
+      },
+    });
+  }
+};

packages/prisma/seed/pr-718-add-stepper-component.ts

@@ -0,0 +1,28 @@
+import { hashSync } from '@documenso/lib/server-only/auth/hash';
+
+import { prisma } from '..';
+
+//
+// https://github.com/documenso/documenso/pull/713
+//
+
+const PULL_REQUEST_NUMBER = 718;
+
+const EMAIL_DOMAIN = `pr-${PULL_REQUEST_NUMBER}.documenso.com`;
+
+export const TEST_USER = {
+  name: 'User 1',
+  email: `user1@${EMAIL_DOMAIN}`,
+  password: 'Password123',
+} as const;
+
+export const seedDatabase = async () => {
+  await prisma.user.create({
+    data: {
+      name: TEST_USER.name,
+      email: TEST_USER.email,
+      password: hashSync(TEST_USER.password),
+      emailVerified: new Date(),
+    },
+  });
+};

packages/tailwind-config/package.json

@@ -9,7 +9,7 @@
   "dependencies": {
     "autoprefixer": "^10.4.13",
     "postcss": "^8.4.21",
-    "tailwindcss": "^3.2.7",
+    "tailwindcss": "3.3.2",
     "tailwindcss-animate": "^1.0.5"
   },
   "devDependencies": {

packages/trpc/package.json

@@ -17,7 +17,10 @@
     "@trpc/next": "^10.36.0",
     "@trpc/react-query": "^10.36.0",
     "@trpc/server": "^10.36.0",
+    "luxon": "^3.4.0",
     "superjson": "^1.13.1",
+    "ts-pattern": "^5.0.5",
     "zod": "^3.22.4"
-  }
+  },
+  "devDependencies": {}
 }

packages/trpc/server/auth-router/router.ts

@@ -1,16 +1,23 @@
 import { TRPCError } from '@trpc/server';
 
+import { ErrorCode } from '@documenso/lib/next-auth/error-codes';
+import { compareSync } from '@documenso/lib/server-only/auth/hash';
 import { createUser } from '@documenso/lib/server-only/user/create-user';
+import { sendConfirmationToken } from '@documenso/lib/server-only/user/send-confirmation-token';
 
-import { procedure, router } from '../trpc';
-import { ZSignUpMutationSchema } from './schema';
+import { authenticatedProcedure, procedure, router } from '../trpc';
+import { ZSignUpMutationSchema, ZVerifyPasswordMutationSchema } from './schema';
 
 export const authRouter = router({
   signup: procedure.input(ZSignUpMutationSchema).mutation(async ({ input }) => {
     try {
       const { name, email, password, signature } = input;
 
-      return await createUser({ name, email, password, signature });
+      const user = await createUser({ name, email, password, signature });
+
+      await sendConfirmationToken({ email: user.email });
+
+      return user;
     } catch (err) {
       let message =
         'We were unable to create your account. Please review the information you provided and try again.';
@@ -25,4 +32,23 @@ export const authRouter = router({
       });
     }
   }),
+
+  verifyPassword: authenticatedProcedure
+    .input(ZVerifyPasswordMutationSchema)
+    .mutation(({ ctx, input }) => {
+      const user = ctx.user;
+
+      const { password } = input;
+
+      if (!user.password) {
+        throw new TRPCError({
+          code: 'BAD_REQUEST',
+          message: ErrorCode.INCORRECT_PASSWORD,
+        });
+      }
+
+      const valid = compareSync(password, user.password);
+
+      return valid;
+    }),
 });

packages/trpc/server/auth-router/schema.ts

@@ -8,3 +8,5 @@ export const ZSignUpMutationSchema = z.object({
 });
 
 export type TSignUpMutationSchema = z.infer<typeof ZSignUpMutationSchema>;
+
+export const ZVerifyPasswordMutationSchema = ZSignUpMutationSchema.pick({ password: true });

packages/trpc/server/document-router/router.ts

@@ -1,13 +1,16 @@
 import { TRPCError } from '@trpc/server';
 
 import { getServerLimits } from '@documenso/ee/server-only/limits/server';
+import { upsertDocumentMeta } from '@documenso/lib/server-only/document-meta/upsert-document-meta';
 import { createDocument } from '@documenso/lib/server-only/document/create-document';
-import { deleteDraftDocument } from '@documenso/lib/server-only/document/delete-draft-document';
+import { deleteDocument } from '@documenso/lib/server-only/document/delete-document';
 import { duplicateDocumentById } from '@documenso/lib/server-only/document/duplicate-document-by-id';
 import { getDocumentById } from '@documenso/lib/server-only/document/get-document-by-id';
 import { getDocumentAndSenderByToken } from '@documenso/lib/server-only/document/get-document-by-token';
 import { resendDocument } from '@documenso/lib/server-only/document/resend-document';
+import { searchDocumentsWithKeyword } from '@documenso/lib/server-only/document/search-documents-with-keyword';
 import { sendDocument } from '@documenso/lib/server-only/document/send-document';
+import { updateTitle } from '@documenso/lib/server-only/document/update-title';
 import { setFieldsForDocument } from '@documenso/lib/server-only/field/set-fields-for-document';
 import { setRecipientsForDocument } from '@documenso/lib/server-only/recipient/set-recipients-for-document';
 
@@ -18,9 +21,11 @@ import {
   ZGetDocumentByIdQuerySchema,
   ZGetDocumentByTokenQuerySchema,
   ZResendDocumentMutationSchema,
+  ZSearchDocumentsMutationSchema,
   ZSendDocumentMutationSchema,
   ZSetFieldsForDocumentMutationSchema,
   ZSetRecipientsForDocumentMutationSchema,
+  ZSetTitleForDocumentMutationSchema,
 } from './schema';
 
 export const documentRouter = router({
@@ -94,15 +99,15 @@ export const documentRouter = router({
       }
     }),
 
-  deleteDraftDocument: authenticatedProcedure
+  deleteDocument: authenticatedProcedure
     .input(ZDeleteDraftDocumentMutationSchema)
     .mutation(async ({ input, ctx }) => {
       try {
-        const { id } = input;
+        const { id, status } = input;
 
         const userId = ctx.user.id;
 
-        return await deleteDraftDocument({ id, userId });
+        return await deleteDocument({ id, userId, status });
       } catch (err) {
         console.error(err);
 
@@ -113,6 +118,20 @@ export const documentRouter = router({
       }
     }),
 
+  setTitleForDocument: authenticatedProcedure
+    .input(ZSetTitleForDocumentMutationSchema)
+    .mutation(async ({ input, ctx }) => {
+      const { documentId, title } = input;
+
+      const userId = ctx.user.id;
+
+      return await updateTitle({
+        title,
+        userId,
+        documentId,
+      });
+    }),
+
   setRecipientsForDocument: authenticatedProcedure
     .input(ZSetRecipientsForDocumentMutationSchema)
     .mutation(async ({ input, ctx }) => {
@@ -160,7 +179,15 @@ export const documentRouter = router({
     .input(ZSendDocumentMutationSchema)
     .mutation(async ({ input, ctx }) => {
       try {
-        const { documentId } = input;
+        const { documentId, email } = input;
+
+        if (email.message || email.subject) {
+          await upsertDocumentMeta({
+            documentId,
+            subject: email.subject,
+            message: email.message,
+          });
+        }
 
         return await sendDocument({
           userId: ctx.user.id,
@@ -215,4 +242,23 @@ export const documentRouter = router({
         });
       }
     }),
+
+  searchDocuments: authenticatedProcedure
+    .input(ZSearchDocumentsMutationSchema)
+    .query(async ({ input, ctx }) => {
+      const { query } = input;
+
+      try {
+        const documents = await searchDocumentsWithKeyword({
+          query,
+          userId: ctx.user.id,
+        });
+        return documents;
+      } catch (error) {
+        throw new TRPCError({
+          code: 'BAD_REQUEST',
+          message: 'We are unable to search for documents. Please try again later.',
+        });
+      }
+    }),
 });

packages/trpc/server/document-router/schema.ts

@@ -1,6 +1,6 @@
 import { z } from 'zod';
 
-import { FieldType } from '@documenso/prisma/client';
+import { DocumentStatus, FieldType } from '@documenso/prisma/client';
 
 export const ZGetDocumentByIdQuerySchema = z.object({
   id: z.number().min(1),
@@ -21,6 +21,13 @@ export const ZCreateDocumentMutationSchema = z.object({
 
 export type TCreateDocumentMutationSchema = z.infer<typeof ZCreateDocumentMutationSchema>;
 
+export const ZSetTitleForDocumentMutationSchema = z.object({
+  documentId: z.number(),
+  title: z.string().min(1),
+});
+
+export type TSetTitleForDocumentMutationSchema = z.infer<typeof ZSetTitleForDocumentMutationSchema>;
+
 export const ZSetRecipientsForDocumentMutationSchema = z.object({
   documentId: z.number(),
   recipients: z.array(
@@ -58,6 +65,10 @@ export type TSetFieldsForDocumentMutationSchema = z.infer<
 
 export const ZSendDocumentMutationSchema = z.object({
   documentId: z.number(),
+  email: z.object({
+    subject: z.string(),
+    message: z.string(),
+  }),
 });
 
 export const ZResendDocumentMutationSchema = z.object({
@@ -69,6 +80,11 @@ export type TSendDocumentMutationSchema = z.infer<typeof ZSendDocumentMutationSc
 
 export const ZDeleteDraftDocumentMutationSchema = z.object({
   id: z.number().min(1),
+  status: z.nativeEnum(DocumentStatus),
 });
 
 export type TDeleteDraftDocumentMutationSchema = z.infer<typeof ZDeleteDraftDocumentMutationSchema>;
+
+export const ZSearchDocumentsMutationSchema = z.object({
+  query: z.string(),
+});

packages/trpc/server/field-router/router.ts

@@ -1,15 +1,47 @@
 import { TRPCError } from '@trpc/server';
 
 import { removeSignedFieldWithToken } from '@documenso/lib/server-only/field/remove-signed-field-with-token';
+import { setFieldsForDocument } from '@documenso/lib/server-only/field/set-fields-for-document';
 import { signFieldWithToken } from '@documenso/lib/server-only/field/sign-field-with-token';
 
-import { procedure, router } from '../trpc';
+import { authenticatedProcedure, procedure, router } from '../trpc';
 import {
+  ZAddFieldsMutationSchema,
   ZRemovedSignedFieldWithTokenMutationSchema,
   ZSignFieldWithTokenMutationSchema,
 } from './schema';
 
 export const fieldRouter = router({
+  addFields: authenticatedProcedure
+    .input(ZAddFieldsMutationSchema)
+    .mutation(async ({ input, ctx }) => {
+      try {
+        const { documentId, fields } = input;
+
+        return await setFieldsForDocument({
+          documentId,
+          userId: ctx.user.id,
+          fields: fields.map((field) => ({
+            id: field.nativeId,
+            signerEmail: field.signerEmail,
+            type: field.type,
+            pageNumber: field.pageNumber,
+            pageX: field.pageX,
+            pageY: field.pageY,
+            pageWidth: field.pageWidth,
+            pageHeight: field.pageHeight,
+          })),
+        });
+      } catch (err) {
+        console.error(err);
+
+        throw new TRPCError({
+          code: 'BAD_REQUEST',
+          message: 'We were unable to sign this field. Please try again later.',
+        });
+      }
+    }),
+
   signFieldWithToken: procedure
     .input(ZSignFieldWithTokenMutationSchema)
     .mutation(async ({ input }) => {

packages/trpc/server/field-router/schema.ts

@@ -1,5 +1,26 @@
 import { z } from 'zod';
 
+import { FieldType } from '@documenso/prisma/client';
+
+export const ZAddFieldsMutationSchema = z.object({
+  documentId: z.number(),
+  fields: z.array(
+    z.object({
+      formId: z.string().min(1),
+      nativeId: z.number().optional(),
+      type: z.nativeEnum(FieldType),
+      signerEmail: z.string().min(1),
+      pageNumber: z.number().min(1),
+      pageX: z.number().min(0),
+      pageY: z.number().min(0),
+      pageWidth: z.number().min(0),
+      pageHeight: z.number().min(0),
+    }),
+  ),
+});
+
+export type TAddFieldsMutationSchema = z.infer<typeof ZAddFieldsMutationSchema>;
+
 export const ZSignFieldWithTokenMutationSchema = z.object({
   token: z.string(),
   fieldId: z.number(),

packages/trpc/server/profile-router/router.ts

@@ -3,11 +3,13 @@ import { TRPCError } from '@trpc/server';
 import { forgotPassword } from '@documenso/lib/server-only/user/forgot-password';
 import { getUserById } from '@documenso/lib/server-only/user/get-user-by-id';
 import { resetPassword } from '@documenso/lib/server-only/user/reset-password';
+import { sendConfirmationToken } from '@documenso/lib/server-only/user/send-confirmation-token';
 import { updatePassword } from '@documenso/lib/server-only/user/update-password';
 import { updateProfile } from '@documenso/lib/server-only/user/update-profile';
 
 import { adminProcedure, authenticatedProcedure, procedure, router } from '../trpc';
 import {
+  ZConfirmEmailMutationSchema,
   ZForgotPasswordFormSchema,
   ZResetPasswordFormSchema,
   ZRetrieveUserByIdQuerySchema,
@@ -110,4 +112,25 @@ export const profileRouter = router({
       });
     }
   }),
+
+  sendConfirmationEmail: procedure
+    .input(ZConfirmEmailMutationSchema)
+    .mutation(async ({ input }) => {
+      try {
+        const { email } = input;
+
+        return sendConfirmationToken({ email });
+      } catch (err) {
+        let message = 'We were unable to send a confirmation email. Please try again.';
+
+        if (err instanceof Error) {
+          message = err.message;
+        }
+
+        throw new TRPCError({
+          code: 'BAD_REQUEST',
+          message,
+        });
+      }
+    }),
 });

packages/trpc/server/profile-router/schema.ts

@@ -23,8 +23,13 @@ export const ZResetPasswordFormSchema = z.object({
   token: z.string().min(1),
 });
 
+export const ZConfirmEmailMutationSchema = z.object({
+  email: z.string().email().min(1),
+});
+
 export type TRetrieveUserByIdQuerySchema = z.infer<typeof ZRetrieveUserByIdQuerySchema>;
 export type TUpdateProfileMutationSchema = z.infer<typeof ZUpdateProfileMutationSchema>;
 export type TUpdatePasswordMutationSchema = z.infer<typeof ZUpdatePasswordMutationSchema>;
 export type TForgotPasswordFormSchema = z.infer<typeof ZForgotPasswordFormSchema>;
 export type TResetPasswordFormSchema = z.infer<typeof ZResetPasswordFormSchema>;
+export type TConfirmEmailMutationSchema = z.infer<typeof ZConfirmEmailMutationSchema>;

packages/trpc/server/recipient-router/router.ts

@@ -0,0 +1,54 @@
+import { TRPCError } from '@trpc/server';
+
+import { completeDocumentWithToken } from '@documenso/lib/server-only/document/complete-document-with-token';
+import { setRecipientsForDocument } from '@documenso/lib/server-only/recipient/set-recipients-for-document';
+
+import { authenticatedProcedure, procedure, router } from '../trpc';
+import { ZAddSignersMutationSchema, ZCompleteDocumentWithTokenMutationSchema } from './schema';
+
+export const recipientRouter = router({
+  addSigners: authenticatedProcedure
+    .input(ZAddSignersMutationSchema)
+    .mutation(async ({ input, ctx }) => {
+      try {
+        const { documentId, signers } = input;
+
+        return await setRecipientsForDocument({
+          userId: ctx.user.id,
+          documentId,
+          recipients: signers.map((signer) => ({
+            id: signer.nativeId,
+            email: signer.email,
+            name: signer.name,
+          })),
+        });
+      } catch (err) {
+        console.error(err);
+
+        throw new TRPCError({
+          code: 'BAD_REQUEST',
+          message: 'We were unable to sign this field. Please try again later.',
+        });
+      }
+    }),
+
+  completeDocumentWithToken: procedure
+    .input(ZCompleteDocumentWithTokenMutationSchema)
+    .mutation(async ({ input }) => {
+      try {
+        const { token, documentId } = input;
+
+        return await completeDocumentWithToken({
+          token,
+          documentId,
+        });
+      } catch (err) {
+        console.error(err);
+
+        throw new TRPCError({
+          code: 'BAD_REQUEST',
+          message: 'We were unable to sign this field. Please try again later.',
+        });
+      }
+    }),
+});

packages/trpc/server/recipient-router/schema.ts

@@ -0,0 +1,33 @@
+import { z } from 'zod';
+
+export const ZAddSignersMutationSchema = z
+  .object({
+    documentId: z.number(),
+    signers: z.array(
+      z.object({
+        nativeId: z.number().optional(),
+        email: z.string().email().min(1),
+        name: z.string(),
+      }),
+    ),
+  })
+  .refine(
+    (schema) => {
+      const emails = schema.signers.map((signer) => signer.email.toLowerCase());
+
+      return new Set(emails).size === emails.length;
+    },
+    // Dirty hack to handle errors when .root is populated for an array type
+    { message: 'Signers must have unique emails', path: ['signers__root'] },
+  );
+
+export type TAddSignersMutationSchema = z.infer<typeof ZAddSignersMutationSchema>;
+
+export const ZCompleteDocumentWithTokenMutationSchema = z.object({
+  token: z.string(),
+  documentId: z.number(),
+});
+
+export type TCompleteDocumentWithTokenMutationSchema = z.infer<
+  typeof ZCompleteDocumentWithTokenMutationSchema
+>;

packages/trpc/server/router.ts

@@ -3,19 +3,22 @@ import { authRouter } from './auth-router/router';
 import { documentRouter } from './document-router/router';
 import { fieldRouter } from './field-router/router';
 import { profileRouter } from './profile-router/router';
+import { recipientRouter } from './recipient-router/router';
 import { shareLinkRouter } from './share-link-router/router';
-import { procedure, router } from './trpc';
+import { singleplayerRouter } from './singleplayer-router/router';
+import { router } from './trpc';
+import { twoFactorAuthenticationRouter } from './two-factor-authentication-router/router';
 
 export const appRouter = router({
-  health: procedure.query(() => {
-    return { status: 'ok' };
-  }),
   auth: authRouter,
   profile: profileRouter,
   document: documentRouter,
   field: fieldRouter,
+  recipient: recipientRouter,
   admin: adminRouter,
   shareLink: shareLinkRouter,
+  singleplayer: singleplayerRouter,
+  twoFactorAuthentication: twoFactorAuthenticationRouter,
 });
 
 export type AppRouter = typeof appRouter;

packages/trpc/server/singleplayer-router/helper.ts

@@ -0,0 +1,37 @@
+import { DateTime } from 'luxon';
+import { match } from 'ts-pattern';
+
+import { FieldType, Prisma } from '@documenso/prisma/client';
+
+import type { TCreateSinglePlayerDocumentMutationSchema } from './schema';
+
+/**
+ * Map the fields provided by the user to fields compatible with Prisma.
+ *
+ * Signature fields are handled separately.
+ *
+ * @param field The field passed in by the user.
+ * @param signer The details of the person who is signing this document.
+ * @returns A field compatible with Prisma.
+ */
+export const mapField = (
+  field: TCreateSinglePlayerDocumentMutationSchema['fields'][number],
+  signer: TCreateSinglePlayerDocumentMutationSchema['signer'],
+) => {
+  const customText = match(field.type)
+    .with(FieldType.DATE, () => DateTime.now().toFormat('yyyy-MM-dd hh:mm a'))
+    .with(FieldType.EMAIL, () => signer.email)
+    .with(FieldType.NAME, () => signer.name)
+    .otherwise(() => '');
+
+  return {
+    type: field.type,
+    page: field.page,
+    positionX: new Prisma.Decimal(field.positionX),
+    positionY: new Prisma.Decimal(field.positionY),
+    width: new Prisma.Decimal(field.width),
+    height: new Prisma.Decimal(field.height),
+    customText,
+    inserted: true,
+  };
+};

packages/trpc/server/singleplayer-router/router.ts

@@ -0,0 +1,176 @@
+import { createElement } from 'react';
+
+import { PDFDocument } from 'pdf-lib';
+
+import { mailer } from '@documenso/email/mailer';
+import { renderAsync } from '@documenso/email/render';
+import { DocumentSelfSignedEmailTemplate } from '@documenso/email/templates/document-self-signed';
+import { FROM_ADDRESS, FROM_NAME, SERVICE_USER_EMAIL } from '@documenso/lib/constants/email';
+import { insertFieldInPDF } from '@documenso/lib/server-only/pdf/insert-field-in-pdf';
+import { alphaid } from '@documenso/lib/universal/id';
+import { getFile } from '@documenso/lib/universal/upload/get-file';
+import { putFile } from '@documenso/lib/universal/upload/put-file';
+import { prisma } from '@documenso/prisma';
+import {
+  DocumentStatus,
+  FieldType,
+  ReadStatus,
+  SendStatus,
+  SigningStatus,
+} from '@documenso/prisma/client';
+import { signPdf } from '@documenso/signing';
+
+import { procedure, router } from '../trpc';
+import { mapField } from './helper';
+import { ZCreateSinglePlayerDocumentMutationSchema } from './schema';
+
+export const singleplayerRouter = router({
+  createSinglePlayerDocument: procedure
+    .input(ZCreateSinglePlayerDocumentMutationSchema)
+    .mutation(async ({ input }) => {
+      const { signer, fields, documentData, documentName } = input;
+
+      const document = await getFile({
+        data: documentData.data,
+        type: documentData.type,
+      });
+
+      const doc = await PDFDocument.load(document);
+
+      const createdAt = new Date();
+
+      const isBase64 = signer.signature.startsWith('data:image/png;base64,');
+      const signatureImageAsBase64 = isBase64 ? signer.signature : null;
+      const typedSignature = !isBase64 ? signer.signature : null;
+
+      // Update the document with the fields inserted.
+      for (const field of fields) {
+        const isSignatureField = field.type === FieldType.SIGNATURE;
+
+        await insertFieldInPDF(doc, {
+          ...mapField(field, signer),
+          Signature: isSignatureField
+            ? {
+                created: createdAt,
+                signatureImageAsBase64,
+                typedSignature,
+                // Dummy data.
+                id: -1,
+                recipientId: -1,
+                fieldId: -1,
+              }
+            : null,
+          // Dummy data.
+          id: -1,
+          documentId: -1,
+          recipientId: -1,
+        });
+      }
+
+      const unsignedPdfBytes = await doc.save();
+
+      const signedPdfBuffer = await signPdf({ pdf: Buffer.from(unsignedPdfBytes) });
+
+      const { token } = await prisma.$transaction(
+        async (tx) => {
+          const token = alphaid();
+
+          // Fetch service user who will be the owner of the document.
+          const serviceUser = await tx.user.findFirstOrThrow({
+            where: {
+              email: SERVICE_USER_EMAIL,
+            },
+          });
+
+          const { id: documentDataId } = await putFile({
+            name: `${documentName}.pdf`,
+            type: 'application/pdf',
+            arrayBuffer: async () => Promise.resolve(signedPdfBuffer),
+          });
+
+          // Create document.
+          const document = await tx.document.create({
+            data: {
+              title: documentName,
+              status: DocumentStatus.COMPLETED,
+              documentDataId,
+              userId: serviceUser.id,
+              createdAt,
+            },
+          });
+
+          // Create recipient.
+          const recipient = await tx.recipient.create({
+            data: {
+              documentId: document.id,
+              name: signer.name,
+              email: signer.email,
+              token,
+              signedAt: createdAt,
+              readStatus: ReadStatus.OPENED,
+              signingStatus: SigningStatus.SIGNED,
+              sendStatus: SendStatus.SENT,
+            },
+          });
+
+          // Create fields and signatures.
+          await Promise.all(
+            fields.map(async (field) => {
+              const insertedField = await tx.field.create({
+                data: {
+                  documentId: document.id,
+                  recipientId: recipient.id,
+                  ...mapField(field, signer),
+                },
+              });
+
+              if (field.type === FieldType.SIGNATURE || field.type === FieldType.FREE_SIGNATURE) {
+                await tx.signature.create({
+                  data: {
+                    fieldId: insertedField.id,
+                    signatureImageAsBase64,
+                    typedSignature,
+                    recipientId: recipient.id,
+                  },
+                });
+              }
+            }),
+          );
+
+          return { document, token };
+        },
+        {
+          maxWait: 5000,
+          timeout: 30000,
+        },
+      );
+
+      const template = createElement(DocumentSelfSignedEmailTemplate, {
+        documentName: documentName,
+        assetBaseUrl: process.env.NEXT_PUBLIC_WEBAPP_URL || 'http://localhost:3000',
+      });
+
+      const [html, text] = await Promise.all([
+        renderAsync(template),
+        renderAsync(template, { plainText: true }),
+      ]);
+
+      // Send email to signer.
+      await mailer.sendMail({
+        to: {
+          address: signer.email,
+          name: signer.name,
+        },
+        from: {
+          name: FROM_NAME,
+          address: FROM_ADDRESS,
+        },
+        subject: 'Document signed',
+        html,
+        text,
+        attachments: [{ content: signedPdfBuffer, filename: documentName }],
+      });
+
+      return token;
+    }),
+});

packages/trpc/server/singleplayer-router/schema.ts

@@ -0,0 +1,30 @@
+import { z } from 'zod';
+
+import { DocumentDataType, FieldType } from '@documenso/prisma/client';
+
+export const ZCreateSinglePlayerDocumentMutationSchema = z.object({
+  documentData: z.object({
+    data: z.string(),
+    type: z.nativeEnum(DocumentDataType),
+  }),
+  documentName: z.string(),
+  signer: z.object({
+    email: z.string().email().min(1),
+    name: z.string(),
+    signature: z.string(),
+  }),
+  fields: z.array(
+    z.object({
+      page: z.number(),
+      type: z.nativeEnum(FieldType),
+      positionX: z.number(),
+      positionY: z.number(),
+      width: z.number(),
+      height: z.number(),
+    }),
+  ),
+});
+
+export type TCreateSinglePlayerDocumentMutationSchema = z.infer<
+  typeof ZCreateSinglePlayerDocumentMutationSchema
+>;

packages/trpc/server/two-factor-authentication-router/router.ts

@@ -0,0 +1,105 @@
+import { TRPCError } from '@trpc/server';
+
+import { ErrorCode } from '@documenso/lib/next-auth/error-codes';
+import { disableTwoFactorAuthentication } from '@documenso/lib/server-only/2fa/disable-2fa';
+import { enableTwoFactorAuthentication } from '@documenso/lib/server-only/2fa/enable-2fa';
+import { getBackupCodes } from '@documenso/lib/server-only/2fa/get-backup-code';
+import { setupTwoFactorAuthentication } from '@documenso/lib/server-only/2fa/setup-2fa';
+import { compareSync } from '@documenso/lib/server-only/auth/hash';
+
+import { authenticatedProcedure, router } from '../trpc';
+import {
+  ZDisableTwoFactorAuthenticationMutationSchema,
+  ZEnableTwoFactorAuthenticationMutationSchema,
+  ZSetupTwoFactorAuthenticationMutationSchema,
+  ZViewRecoveryCodesMutationSchema,
+} from './schema';
+
+export const twoFactorAuthenticationRouter = router({
+  setup: authenticatedProcedure
+    .input(ZSetupTwoFactorAuthenticationMutationSchema)
+    .mutation(async ({ ctx, input }) => {
+      const user = ctx.user;
+
+      const { password } = input;
+
+      return await setupTwoFactorAuthentication({ user, password });
+    }),
+
+  enable: authenticatedProcedure
+    .input(ZEnableTwoFactorAuthenticationMutationSchema)
+    .mutation(async ({ ctx, input }) => {
+      try {
+        const user = ctx.user;
+
+        const { code } = input;
+
+        return await enableTwoFactorAuthentication({ user, code });
+      } catch (err) {
+        console.error(err);
+
+        throw new TRPCError({
+          code: 'BAD_REQUEST',
+          message: 'We were unable to enable two-factor authentication. Please try again later.',
+        });
+      }
+    }),
+
+  disable: authenticatedProcedure
+    .input(ZDisableTwoFactorAuthenticationMutationSchema)
+    .mutation(async ({ ctx, input }) => {
+      try {
+        const user = ctx.user;
+
+        const { password, backupCode } = input;
+
+        return await disableTwoFactorAuthentication({ user, password, backupCode });
+      } catch (err) {
+        console.error(err);
+
+        throw new TRPCError({
+          code: 'BAD_REQUEST',
+          message: 'We were unable to disable two-factor authentication. Please try again later.',
+        });
+      }
+    }),
+
+  viewRecoveryCodes: authenticatedProcedure
+    .input(ZViewRecoveryCodesMutationSchema)
+    .mutation(async ({ ctx, input }) => {
+      try {
+        const user = ctx.user;
+
+        const { password } = input;
+
+        if (!user.twoFactorEnabled) {
+          throw new TRPCError({
+            code: 'BAD_REQUEST',
+            message: ErrorCode.TWO_FACTOR_SETUP_REQUIRED,
+          });
+        }
+
+        if (!user.password || !compareSync(password, user.password)) {
+          throw new TRPCError({
+            code: 'UNAUTHORIZED',
+            message: ErrorCode.INCORRECT_PASSWORD,
+          });
+        }
+
+        const recoveryCodes = await getBackupCodes({ user });
+
+        return { recoveryCodes };
+      } catch (err) {
+        console.error(err);
+
+        if (err instanceof TRPCError) {
+          throw err;
+        }
+
+        throw new TRPCError({
+          code: 'BAD_REQUEST',
+          message: 'We were unable to view your recovery codes. Please try again later.',
+        });
+      }
+    }),
+});

packages/trpc/server/two-factor-authentication-router/schema.ts

@@ -0,0 +1,32 @@
+import { z } from 'zod';
+
+export const ZSetupTwoFactorAuthenticationMutationSchema = z.object({
+  password: z.string().min(1),
+});
+
+export type TSetupTwoFactorAuthenticationMutationSchema = z.infer<
+  typeof ZSetupTwoFactorAuthenticationMutationSchema
+>;
+
+export const ZEnableTwoFactorAuthenticationMutationSchema = z.object({
+  code: z.string().min(6).max(6),
+});
+
+export type TEnableTwoFactorAuthenticationMutationSchema = z.infer<
+  typeof ZEnableTwoFactorAuthenticationMutationSchema
+>;
+
+export const ZDisableTwoFactorAuthenticationMutationSchema = z.object({
+  password: z.string().min(6).max(72),
+  backupCode: z.string().trim(),
+});
+
+export type TDisableTwoFactorAuthenticationMutationSchema = z.infer<
+  typeof ZDisableTwoFactorAuthenticationMutationSchema
+>;
+
+export const ZViewRecoveryCodesMutationSchema = z.object({
+  password: z.string().min(6).max(72),
+});
+
+export type TViewRecoveryCodesMutationSchema = z.infer<typeof ZViewRecoveryCodesMutationSchema>;

packages/tsconfig/process-env.d.ts

@@ -7,6 +7,7 @@ declare namespace NodeJS {
     NEXT_PRIVATE_GOOGLE_CLIENT_SECRET?: string;
 
     NEXT_PRIVATE_DATABASE_URL: string;
+    NEXT_PRIVATE_ENCRYPTION_KEY: string;
 
     NEXT_PUBLIC_STRIPE_COMMUNITY_PLAN_MONTHLY_PRICE_ID: string;
     NEXT_PUBLIC_STRIPE_COMMUNITY_PLAN_YEARLY_PRICE_ID: string;
@@ -62,6 +63,7 @@ declare namespace NodeJS {
     VERCEL_URL?: string;
 
     DEPLOYMENT_TARGET?: 'webapp' | 'marketing';
+    FONT_CAVEAT_URI: string;
 
     POSTGRES_URL?: string;
     DATABASE_URL?: string;

packages/ui/components/document/document-download-button.tsx

@@ -7,8 +7,9 @@ import { Download } from 'lucide-react';
 
 import { getFile } from '@documenso/lib/universal/upload/get-file';
 import type { DocumentData } from '@documenso/prisma/client';
-import { Button } from '@documenso/ui/primitives/button';
-import { useToast } from '@documenso/ui/primitives/use-toast';
+
+import { Button } from '../../primitives/button';
+import { useToast } from '../../primitives/use-toast';
 
 export type DownloadButtonProps = HTMLAttributes<HTMLButtonElement> & {
   disabled?: boolean;

packages/ui/components/document/document-share-button.tsx

@@ -13,8 +13,9 @@ import {
 } from '@documenso/lib/constants/toast';
 import { generateTwitterIntent } from '@documenso/lib/universal/generate-twitter-intent';
 import { trpc } from '@documenso/trpc/react';
-import { cn } from '@documenso/ui/lib/utils';
-import { Button } from '@documenso/ui/primitives/button';
+
+import { cn } from '../../lib/utils';
+import { Button } from '../../primitives/button';
 import {
   Dialog,
   DialogContent,
@@ -22,8 +23,8 @@ import {
   DialogHeader,
   DialogTitle,
   DialogTrigger,
-} from '@documenso/ui/primitives/dialog';
-import { useToast } from '@documenso/ui/primitives/use-toast';
+} from '../../primitives/dialog';
+import { useToast } from '../../primitives/use-toast';
 
 export type DocumentShareButtonProps = HTMLAttributes<HTMLButtonElement> & {
   token?: string;

packages/ui/components/field/field-tooltip.tsx

@@ -1,17 +1,18 @@
 import { TooltipArrow } from '@radix-ui/react-tooltip';
-import { VariantProps, cva } from 'class-variance-authority';
+import type { VariantProps } from 'class-variance-authority';
+import { cva } from 'class-variance-authority';
 import { createPortal } from 'react-dom';
 
 import { useFieldPageCoords } from '@documenso/lib/client-only/hooks/use-field-page-coords';
-import { cn } from '@documenso/ui/lib/utils';
+
+import { cn } from '../..//lib/utils';
 import {
   Tooltip,
   TooltipContent,
   TooltipProvider,
   TooltipTrigger,
-} from '@documenso/ui/primitives/tooltip';
-
-import { Field } from '.prisma/client';
+} from '../..//primitives/tooltip';
+import type { Field } from '.prisma/client';
 
 const tooltipVariants = cva('font-semibold', {
   variants: {

packages/ui/components/field/field.tsx

@@ -5,9 +5,10 @@ import React, { useEffect, useState } from 'react';
 import { createPortal } from 'react-dom';
 
 import { useFieldPageCoords } from '@documenso/lib/client-only/hooks/use-field-page-coords';
-import { Field } from '@documenso/prisma/client';
-import { cn } from '@documenso/ui/lib/utils';
-import { Card, CardContent } from '@documenso/ui/primitives/card';
+import type { Field } from '@documenso/prisma/client';
+
+import { cn } from '../../lib/utils';
+import { Card, CardContent } from '../../primitives/card';
 
 export type FieldRootContainerProps = {
   field: Field;

packages/ui/components/signing-card.tsx

@@ -2,14 +2,16 @@
 
 import { useCallback, useEffect, useRef, useState } from 'react';
 
-import Image, { StaticImageData } from 'next/image';
+import type { StaticImageData } from 'next/image';
+import Image from 'next/image';
 
 import { animate, motion, useMotionTemplate, useMotionValue, useTransform } from 'framer-motion';
 import { P, match } from 'ts-pattern';
 
-import { Signature } from '@documenso/prisma/client';
-import { cn } from '@documenso/ui/lib/utils';
-import { Card, CardContent } from '@documenso/ui/primitives/card';
+import type { Signature } from '@documenso/prisma/client';
+
+import { cn } from '../lib/utils';
+import { Card, CardContent } from '../primitives/card';
 
 export type SigningCardProps = {
   className?: string;

packages/ui/package.json

@@ -62,7 +62,7 @@
     "framer-motion": "^10.12.8",
     "lucide-react": "^0.279.0",
     "luxon": "^3.4.2",
-    "next": "14.0.0",
+    "next": "14.0.3",
     "pdfjs-dist": "3.6.172",
     "react-day-picker": "^8.7.1",
     "react-hook-form": "^7.45.4",

packages/ui/primitives/combobox.tsx

@@ -3,16 +3,11 @@ import * as React from 'react';
 import { Check, ChevronsUpDown } from 'lucide-react';
 
 import { Role } from '@documenso/prisma/client';
-import { cn } from '@documenso/ui/lib/utils';
-import { Button } from '@documenso/ui/primitives/button';
-import {
-  Command,
-  CommandEmpty,
-  CommandGroup,
-  CommandInput,
-  CommandItem,
-} from '@documenso/ui/primitives/command';
-import { Popover, PopoverContent, PopoverTrigger } from '@documenso/ui/primitives/popover';
+
+import { cn } from '../lib/utils';
+import { Button } from './button';
+import { Command, CommandEmpty, CommandGroup, CommandInput, CommandItem } from './command';
+import { Popover, PopoverContent, PopoverTrigger } from './popover';
 
 type ComboboxProps = {
   listValues: string[];

packages/ui/primitives/document-dropzone.tsx

@@ -1,12 +1,14 @@
 'use client';
 
-import { Variants, motion } from 'framer-motion';
+import type { Variants } from 'framer-motion';
+import { motion } from 'framer-motion';
 import { Plus } from 'lucide-react';
 import { useDropzone } from 'react-dropzone';
 
 import { megabytesToBytes } from '@documenso/lib/universal/unit-convertions';
-import { cn } from '@documenso/ui/lib/utils';
-import { Card, CardContent } from '@documenso/ui/primitives/card';
+
+import { cn } from '../lib/utils';
+import { Card, CardContent } from './card';
 
 const DocumentDropzoneContainerVariants: Variants = {
   initial: {