fix: disable encrypted pdfs (#1130)

## Description Currently if you complete a pending encrypted document, it will prevent the document from being sealed due to the systems inability to decrypt it. This PR disables uploading any documents that cannot be loaded as a temporary measure. **Note** This is a client side only check ## Changes Made - Disable uploading documents that cannot be parsed - Refactor putFile to putDocumentFile - Add a flag as a backup incase something goes wrong
2025-11-13 00:03:33 +10:00 · 2024-05-03 22:25:24 +07:00
parent 15dee5ef35
commit 64e3e2c64b
10 changed files with 60 additions and 23 deletions
--- a/packages/lib/universal/upload/put-file.ts
+++ b/packages/lib/universal/upload/put-file.ts
@ -1,9 +1,12 @@
 import { base64 } from '@scure/base';
 import { env } from 'next-runtime-env';
+import { PDFDocument } from 'pdf-lib';
 import { match } from 'ts-pattern';

+import { getFlag } from '@documenso/lib/universal/get-feature-flag';
 import { DocumentDataType } from '@documenso/prisma/client';

+import { AppError } from '../../errors/app-error';
 import { createDocumentData } from '../../server-only/document-data/create-document-data';

 type File = {
@ -12,14 +15,38 @@ type File = {
  arrayBuffer: () => Promise<ArrayBuffer>;
 };

+/**
+ * Uploads a document file to the appropriate storage location and creates
+ * a document data record.
+ */
+export const putPdfFile = async (file: File) => {
+  const isEncryptedDocumentsAllowed = await getFlag('app_allow_encrypted_documents').catch(
+    () => false,
+  );
+
+  // This will prevent uploading encrypted PDFs or anything that can't be opened.
+  if (!isEncryptedDocumentsAllowed) {
+    await PDFDocument.load(await file.arrayBuffer()).catch((e) => {
+      console.error(`PDF upload parse error: ${e.message}`);
+
+      throw new AppError('INVALID_DOCUMENT_FILE');
+    });
+  }
+
+  const { type, data } = await putFile(file);
+
+  return await createDocumentData({ type, data });
+};
+
+/**
+ * Uploads a file to the appropriate storage location.
+ */
 export const putFile = async (file: File) => {
  const NEXT_PUBLIC_UPLOAD_TRANSPORT = env('NEXT_PUBLIC_UPLOAD_TRANSPORT');

-  const { type, data } = await match(NEXT_PUBLIC_UPLOAD_TRANSPORT)
+  return await match(NEXT_PUBLIC_UPLOAD_TRANSPORT)
    .with('s3', async () => putFileInS3(file))
    .otherwise(async () => putFileInDatabase(file));
-
-  return await createDocumentData({ type, data });
 };

 const putFileInDatabase = async (file: File) => {