Merge branch 'main' into reattach-pdf

packages/api/index.ts

@@ -0,0 +1 @@
+export {};

packages/api/next.ts

@@ -0,0 +1 @@
+export { createNextRouter } from '@ts-rest/next';

packages/api/package.json

@@ -0,0 +1,30 @@
+{
+  "name": "@documenso/api",
+  "version": "1.0.0",
+  "main": "./index.ts",
+  "types": "./index.ts",
+  "license": "MIT",
+  "scripts": {
+    "lint": "eslint .",
+    "lint:fix": "eslint . --fix",
+    "clean": "rimraf node_modules"
+  },
+  "files": [
+    "index.ts",
+    "next.ts",
+    "v1/"
+  ],
+  "dependencies": {
+    "@documenso/lib": "*",
+    "@documenso/prisma": "*",
+    "@ts-rest/core": "^3.30.5",
+    "@ts-rest/next": "^3.30.5",
+    "@ts-rest/open-api": "^3.33.0",
+    "@types/swagger-ui-react": "^4.18.3",
+    "luxon": "^3.4.0",
+    "superjson": "^1.13.1",
+    "swagger-ui-react": "^5.11.0",
+    "ts-pattern": "^5.0.5",
+    "zod": "^3.22.4"
+  }
+}

packages/api/tsconfig.json

@@ -0,0 +1,8 @@
+{
+  "extends": "@documenso/tsconfig/react-library.json",
+  "include": ["."],
+  "exclude": ["dist", "build", "node_modules"],
+  "compilerOptions": {
+    "strict": true,
+  }
+}

packages/api/v1/api-documentation.tsx

@@ -0,0 +1,12 @@
+'use client';
+
+import SwaggerUI from 'swagger-ui-react';
+import 'swagger-ui-react/swagger-ui.css';
+
+import { OpenAPIV1 } from '@documenso/api/v1/openapi';
+
+export const OpenApiDocsPage = () => {
+  return <SwaggerUI spec={OpenAPIV1} displayOperationId={true} />;
+};
+
+export default OpenApiDocsPage;

packages/api/v1/contract.ts

@@ -0,0 +1,191 @@
+import { initContract } from '@ts-rest/core';
+
+import {
+  ZAuthorizationHeadersSchema,
+  ZCreateDocumentFromTemplateMutationResponseSchema,
+  ZCreateDocumentFromTemplateMutationSchema,
+  ZCreateDocumentMutationResponseSchema,
+  ZCreateDocumentMutationSchema,
+  ZCreateFieldMutationSchema,
+  ZCreateRecipientMutationSchema,
+  ZDeleteDocumentMutationSchema,
+  ZDeleteFieldMutationSchema,
+  ZDeleteRecipientMutationSchema,
+  ZGetDocumentsQuerySchema,
+  ZSendDocumentForSigningMutationSchema,
+  ZSuccessfulDocumentResponseSchema,
+  ZSuccessfulFieldResponseSchema,
+  ZSuccessfulGetDocumentResponseSchema,
+  ZSuccessfulRecipientResponseSchema,
+  ZSuccessfulResponseSchema,
+  ZSuccessfulSigningResponseSchema,
+  ZUnsuccessfulResponseSchema,
+  ZUpdateFieldMutationSchema,
+  ZUpdateRecipientMutationSchema,
+} from './schema';
+
+const c = initContract();
+
+export const ApiContractV1 = c.router(
+  {
+    getDocuments: {
+      method: 'GET',
+      path: '/api/v1/documents',
+      query: ZGetDocumentsQuerySchema,
+      responses: {
+        200: ZSuccessfulResponseSchema,
+        401: ZUnsuccessfulResponseSchema,
+        404: ZUnsuccessfulResponseSchema,
+      },
+      summary: 'Get all documents',
+    },
+
+    getDocument: {
+      method: 'GET',
+      path: '/api/v1/documents/:id',
+      responses: {
+        200: ZSuccessfulGetDocumentResponseSchema,
+        401: ZUnsuccessfulResponseSchema,
+        404: ZUnsuccessfulResponseSchema,
+      },
+      summary: 'Get a single document',
+    },
+
+    createDocument: {
+      method: 'POST',
+      path: '/api/v1/documents',
+      body: ZCreateDocumentMutationSchema,
+      responses: {
+        200: ZCreateDocumentMutationResponseSchema,
+        401: ZUnsuccessfulResponseSchema,
+        404: ZUnsuccessfulResponseSchema,
+      },
+      summary: 'Upload a new document and get a presigned URL',
+    },
+
+    createDocumentFromTemplate: {
+      method: 'POST',
+      path: '/api/v1/templates/:templateId/create-document',
+      body: ZCreateDocumentFromTemplateMutationSchema,
+      responses: {
+        200: ZCreateDocumentFromTemplateMutationResponseSchema,
+        401: ZUnsuccessfulResponseSchema,
+        404: ZUnsuccessfulResponseSchema,
+      },
+      summary: 'Create a new document from an existing template',
+    },
+
+    sendDocument: {
+      method: 'POST',
+      path: '/api/v1/documents/:id/send',
+      body: ZSendDocumentForSigningMutationSchema,
+      responses: {
+        200: ZSuccessfulSigningResponseSchema,
+        400: ZUnsuccessfulResponseSchema,
+        401: ZUnsuccessfulResponseSchema,
+        404: ZUnsuccessfulResponseSchema,
+        500: ZUnsuccessfulResponseSchema,
+      },
+      summary: 'Send a document for signing',
+    },
+
+    deleteDocument: {
+      method: 'DELETE',
+      path: '/api/v1/documents/:id',
+      body: ZDeleteDocumentMutationSchema,
+      responses: {
+        200: ZSuccessfulDocumentResponseSchema,
+        401: ZUnsuccessfulResponseSchema,
+        404: ZUnsuccessfulResponseSchema,
+      },
+      summary: 'Delete a document',
+    },
+
+    createRecipient: {
+      method: 'POST',
+      path: '/api/v1/documents/:id/recipients',
+      body: ZCreateRecipientMutationSchema,
+      responses: {
+        200: ZSuccessfulRecipientResponseSchema,
+        400: ZUnsuccessfulResponseSchema,
+        401: ZUnsuccessfulResponseSchema,
+        404: ZUnsuccessfulResponseSchema,
+        500: ZUnsuccessfulResponseSchema,
+      },
+      summary: 'Create a recipient for a document',
+    },
+
+    updateRecipient: {
+      method: 'PATCH',
+      path: '/api/v1/documents/:id/recipients/:recipientId',
+      body: ZUpdateRecipientMutationSchema,
+      responses: {
+        200: ZSuccessfulRecipientResponseSchema,
+        400: ZUnsuccessfulResponseSchema,
+        401: ZUnsuccessfulResponseSchema,
+        404: ZUnsuccessfulResponseSchema,
+        500: ZUnsuccessfulResponseSchema,
+      },
+      summary: 'Update a recipient for a document',
+    },
+
+    deleteRecipient: {
+      method: 'DELETE',
+      path: '/api/v1/documents/:id/recipients/:recipientId',
+      body: ZDeleteRecipientMutationSchema,
+      responses: {
+        200: ZSuccessfulRecipientResponseSchema,
+        400: ZUnsuccessfulResponseSchema,
+        401: ZUnsuccessfulResponseSchema,
+        404: ZUnsuccessfulResponseSchema,
+        500: ZUnsuccessfulResponseSchema,
+      },
+      summary: 'Delete a recipient from a document',
+    },
+
+    createField: {
+      method: 'POST',
+      path: '/api/v1/documents/:id/fields',
+      body: ZCreateFieldMutationSchema,
+      responses: {
+        200: ZSuccessfulFieldResponseSchema,
+        400: ZUnsuccessfulResponseSchema,
+        401: ZUnsuccessfulResponseSchema,
+        404: ZUnsuccessfulResponseSchema,
+        500: ZUnsuccessfulResponseSchema,
+      },
+      summary: 'Create a field for a document',
+    },
+
+    updateField: {
+      method: 'PATCH',
+      path: '/api/v1/documents/:id/fields/:fieldId',
+      body: ZUpdateFieldMutationSchema,
+      responses: {
+        200: ZSuccessfulFieldResponseSchema,
+        400: ZUnsuccessfulResponseSchema,
+        401: ZUnsuccessfulResponseSchema,
+        404: ZUnsuccessfulResponseSchema,
+        500: ZUnsuccessfulResponseSchema,
+      },
+      summary: 'Update a field for a document',
+    },
+
+    deleteField: {
+      method: 'DELETE',
+      path: '/api/v1/documents/:id/fields/:fieldId',
+      body: ZDeleteFieldMutationSchema,
+      responses: {
+        200: ZSuccessfulFieldResponseSchema,
+        400: ZUnsuccessfulResponseSchema,
+        401: ZUnsuccessfulResponseSchema,
+        404: ZUnsuccessfulResponseSchema,
+        500: ZUnsuccessfulResponseSchema,
+      },
+      summary: 'Delete a field from a document',
+    },
+  },
+  {
+    baseHeaders: ZAuthorizationHeadersSchema,
+  },
+);

packages/api/v1/examples/01-create-and-send-document.ts

@@ -0,0 +1,59 @@
+import { initClient } from '@ts-rest/core';
+
+import { ApiContractV1 } from '../contract';
+
+const main = async () => {
+  const client = initClient(ApiContractV1, {
+    baseUrl: 'http://localhost:3000/api/v1',
+    baseHeaders: {
+      authorization: 'Bearer <my-token>',
+    },
+  });
+
+  const { status, body } = await client.createDocument({
+    body: {
+      title: 'My Document',
+      recipients: [
+        {
+          name: 'John Doe',
+          email: 'john@example.com',
+          role: 'SIGNER',
+        },
+        {
+          name: 'Jane Doe',
+          email: 'jane@example.com',
+          role: 'APPROVER',
+        },
+      ],
+      meta: {
+        subject: 'Please sign this document',
+        message: 'Hey {signer.name}, please sign the following document: {document.name}',
+      },
+    },
+  });
+
+  if (status !== 200) {
+    throw new Error('Failed to create document');
+  }
+
+  const { uploadUrl, documentId } = body;
+
+  await fetch(uploadUrl, {
+    method: 'PUT',
+    headers: {
+      'Content-Type': 'application/octet-stream',
+    },
+    body: '<raw-binary-data>',
+  });
+
+  await client.sendDocument({
+    params: {
+      id: documentId.toString(),
+    },
+  });
+};
+
+main().catch((error) => {
+  console.error(error);
+  process.exit(1);
+});

packages/api/v1/examples/02-add-a-field.ts

@@ -0,0 +1,43 @@
+import { initClient } from '@ts-rest/core';
+
+import { ApiContractV1 } from '../contract';
+
+const main = async () => {
+  const client = initClient(ApiContractV1, {
+    baseUrl: 'http://localhost:3000/api/v1',
+    baseHeaders: {
+      authorization: 'Bearer <my-token>',
+    },
+  });
+
+  const documentId = '1';
+  const recipientId = 1;
+
+  const { status, body } = await client.createField({
+    params: {
+      id: documentId,
+    },
+    body: {
+      type: 'SIGNATURE',
+      pageHeight: 2.5, // percent of page to occupy in height
+      pageWidth: 5, // percent of page to occupy in width
+      pageX: 10, // percent from left
+      pageY: 10, // percent from top
+      pageNumber: 1,
+      recipientId,
+    },
+  });
+
+  if (status !== 200) {
+    throw new Error('Failed to create field');
+  }
+
+  const { id: fieldId } = body;
+
+  console.log(`Field created with id: ${fieldId}`);
+};
+
+main().catch((error) => {
+  console.error(error);
+  process.exit(1);
+});

packages/api/v1/examples/03-update-a-field.ts

@@ -0,0 +1,39 @@
+import { initClient } from '@ts-rest/core';
+
+import { ApiContractV1 } from '../contract';
+
+const main = async () => {
+  const client = initClient(ApiContractV1, {
+    baseUrl: 'http://localhost:3000/api/v1',
+    baseHeaders: {
+      authorization: 'Bearer <my-token>',
+    },
+  });
+
+  const documentId = '1';
+  const fieldId = '1';
+
+  const { status } = await client.updateField({
+    params: {
+      id: documentId,
+      fieldId,
+    },
+    body: {
+      type: 'SIGNATURE',
+      pageHeight: 2.5, // percent of page to occupy in height
+      pageWidth: 5, // percent of page to occupy in width
+      pageX: 10, // percent from left
+      pageY: 10, // percent from top
+      pageNumber: 1,
+    },
+  });
+
+  if (status !== 200) {
+    throw new Error('Failed to update field');
+  }
+};
+
+main().catch((error) => {
+  console.error(error);
+  process.exit(1);
+});

packages/api/v1/examples/04-remove-a-field.ts

@@ -0,0 +1,31 @@
+import { initClient } from '@ts-rest/core';
+
+import { ApiContractV1 } from '../contract';
+
+const main = async () => {
+  const client = initClient(ApiContractV1, {
+    baseUrl: 'http://localhost:3000/api/v1',
+    baseHeaders: {
+      authorization: 'Bearer <my-token>',
+    },
+  });
+
+  const documentId = '1';
+  const fieldId = '1';
+
+  const { status } = await client.deleteField({
+    params: {
+      id: documentId,
+      fieldId,
+    },
+  });
+
+  if (status !== 200) {
+    throw new Error('Failed to remove field');
+  }
+};
+
+main().catch((error) => {
+  console.error(error);
+  process.exit(1);
+});

packages/api/v1/examples/05-add-a-recipient.ts

@@ -0,0 +1,38 @@
+import { initClient } from '@ts-rest/core';
+
+import { ApiContractV1 } from '../contract';
+
+const main = async () => {
+  const client = initClient(ApiContractV1, {
+    baseUrl: 'http://localhost:3000/api/v1',
+    baseHeaders: {
+      authorization: 'Bearer <my-token>',
+    },
+  });
+
+  const documentId = '1';
+
+  const { status, body } = await client.createRecipient({
+    params: {
+      id: documentId,
+    },
+    body: {
+      name: 'John Doe',
+      email: 'john@example.com',
+      role: 'APPROVER',
+    },
+  });
+
+  if (status !== 200) {
+    throw new Error('Failed to add recipient');
+  }
+
+  const { id: recipientId } = body;
+
+  console.log(`Recipient added with id: ${recipientId}`);
+};
+
+main().catch((error) => {
+  console.error(error);
+  process.exit(1);
+});

packages/api/v1/examples/06-update-a-recipient.ts

@@ -0,0 +1,34 @@
+import { initClient } from '@ts-rest/core';
+
+import { ApiContractV1 } from '../contract';
+
+const main = async () => {
+  const client = initClient(ApiContractV1, {
+    baseUrl: 'http://localhost:3000/api/v1',
+    baseHeaders: {
+      authorization: 'Bearer <my-token>',
+    },
+  });
+
+  const documentId = '1';
+  const recipientId = '1';
+
+  const { status } = await client.updateRecipient({
+    params: {
+      id: documentId,
+      recipientId,
+    },
+    body: {
+      name: 'Johnathon Doe',
+    },
+  });
+
+  if (status !== 200) {
+    throw new Error('Failed to update recipient');
+  }
+};
+
+main().catch((error) => {
+  console.error(error);
+  process.exit(1);
+});

packages/api/v1/examples/07-remove-a-recipient.ts

@@ -0,0 +1,31 @@
+import { initClient } from '@ts-rest/core';
+
+import { ApiContractV1 } from '../contract';
+
+const main = async () => {
+  const client = initClient(ApiContractV1, {
+    baseUrl: 'http://localhost:3000/api/v1',
+    baseHeaders: {
+      authorization: 'Bearer <my-token>',
+    },
+  });
+
+  const documentId = '1';
+  const recipientId = '1';
+
+  const { status } = await client.deleteRecipient({
+    params: {
+      id: documentId,
+      recipientId,
+    },
+  });
+
+  if (status !== 200) {
+    throw new Error('Failed to update recipient');
+  }
+};
+
+main().catch((error) => {
+  console.error(error);
+  process.exit(1);
+});

packages/api/v1/examples/08-get-a-document.ts

@@ -0,0 +1,31 @@
+import { initClient } from '@ts-rest/core';
+
+import { ApiContractV1 } from '../contract';
+
+const main = async () => {
+  const client = initClient(ApiContractV1, {
+    baseUrl: 'http://localhost:3000/api/v1',
+    baseHeaders: {
+      authorization: 'Bearer <my-token>',
+    },
+  });
+
+  const documentId = '1';
+
+  const { status, body } = await client.getDocument({
+    params: {
+      id: documentId,
+    },
+  });
+
+  if (status !== 200) {
+    throw new Error('Failed to get document');
+  }
+
+  console.log(`Got document with id: ${documentId} and title: ${body.title}`);
+};
+
+main().catch((error) => {
+  console.error(error);
+  process.exit(1);
+});

packages/api/v1/examples/09-paginate-all-documents.ts

@@ -0,0 +1,37 @@
+import { initClient } from '@ts-rest/core';
+
+import { ApiContractV1 } from '../contract';
+
+const main = async () => {
+  const client = initClient(ApiContractV1, {
+    baseUrl: 'http://localhost:3000/api/v1',
+    baseHeaders: {
+      authorization: 'Bearer <my-token>',
+    },
+  });
+
+  const page = 1;
+  const perPage = 10;
+
+  const { status, body } = await client.getDocuments({
+    query: {
+      page,
+      perPage,
+    },
+  });
+
+  if (status !== 200) {
+    throw new Error('Failed to get documents');
+  }
+
+  for (const document of body.documents) {
+    console.log(`Got document with id: ${document.id} and title: ${document.title}`);
+  }
+
+  console.log(`Total documents: ${body.totalPages * perPage}`);
+};
+
+main().catch((error) => {
+  console.error(error);
+  process.exit(1);
+});

packages/api/v1/implementation.ts

@@ -0,0 +1,800 @@
+import { createNextRoute } from '@ts-rest/next';
+
+import { getServerLimits } from '@documenso/ee/server-only/limits/server';
+import { createDocumentData } from '@documenso/lib/server-only/document-data/create-document-data';
+import { upsertDocumentMeta } from '@documenso/lib/server-only/document-meta/upsert-document-meta';
+import { createDocument } from '@documenso/lib/server-only/document/create-document';
+import { deleteDocument } from '@documenso/lib/server-only/document/delete-document';
+import { findDocuments } from '@documenso/lib/server-only/document/find-documents';
+import { getDocumentById } from '@documenso/lib/server-only/document/get-document-by-id';
+import { sendDocument } from '@documenso/lib/server-only/document/send-document';
+import { updateDocument } from '@documenso/lib/server-only/document/update-document';
+import { createField } from '@documenso/lib/server-only/field/create-field';
+import { deleteField } from '@documenso/lib/server-only/field/delete-field';
+import { getFieldById } from '@documenso/lib/server-only/field/get-field-by-id';
+import { updateField } from '@documenso/lib/server-only/field/update-field';
+import { deleteRecipient } from '@documenso/lib/server-only/recipient/delete-recipient';
+import { getRecipientById } from '@documenso/lib/server-only/recipient/get-recipient-by-id';
+import { getRecipientsForDocument } from '@documenso/lib/server-only/recipient/get-recipients-for-document';
+import { setRecipientsForDocument } from '@documenso/lib/server-only/recipient/set-recipients-for-document';
+import { updateRecipient } from '@documenso/lib/server-only/recipient/update-recipient';
+import { createDocumentFromTemplate } from '@documenso/lib/server-only/template/create-document-from-template';
+import { extractNextApiRequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
+import { getPresignPostUrl } from '@documenso/lib/universal/upload/server-actions';
+import { DocumentDataType, DocumentStatus, SigningStatus } from '@documenso/prisma/client';
+
+import { ApiContractV1 } from './contract';
+import { authenticatedMiddleware } from './middleware/authenticated';
+
+export const ApiContractV1Implementation = createNextRoute(ApiContractV1, {
+  getDocuments: authenticatedMiddleware(async (args, user, team) => {
+    const page = Number(args.query.page) || 1;
+    const perPage = Number(args.query.perPage) || 10;
+
+    const { data: documents, totalPages } = await findDocuments({
+      page,
+      perPage,
+      userId: user.id,
+      teamId: team?.id,
+    });
+
+    return {
+      status: 200,
+      body: {
+        documents,
+        totalPages,
+      },
+    };
+  }),
+
+  getDocument: authenticatedMiddleware(async (args, user, team) => {
+    const { id: documentId } = args.params;
+
+    try {
+      const document = await getDocumentById({
+        id: Number(documentId),
+        userId: user.id,
+        teamId: team?.id,
+      });
+
+      const recipients = await getRecipientsForDocument({
+        documentId: Number(documentId),
+        teamId: team?.id,
+        userId: user.id,
+      });
+
+      return {
+        status: 200,
+        body: {
+          ...document,
+          recipients,
+        },
+      };
+    } catch (err) {
+      return {
+        status: 404,
+        body: {
+          message: 'Document not found',
+        },
+      };
+    }
+  }),
+
+  deleteDocument: authenticatedMiddleware(async (args, user, team) => {
+    const { id: documentId } = args.params;
+
+    try {
+      const document = await getDocumentById({
+        id: Number(documentId),
+        userId: user.id,
+        teamId: team?.id,
+      });
+
+      if (!document) {
+        return {
+          status: 404,
+          body: {
+            message: 'Document not found',
+          },
+        };
+      }
+
+      const deletedDocument = await deleteDocument({
+        id: document.id,
+        userId: user.id,
+        teamId: team?.id,
+      });
+
+      return {
+        status: 200,
+        body: deletedDocument,
+      };
+    } catch (err) {
+      return {
+        status: 404,
+        body: {
+          message: 'Document not found',
+        },
+      };
+    }
+  }),
+
+  createDocument: authenticatedMiddleware(async (args, user, team) => {
+    const { body } = args;
+
+    try {
+      if (process.env.NEXT_PUBLIC_UPLOAD_TRANSPORT !== 's3') {
+        return {
+          status: 500,
+          body: {
+            message: 'Create document is not available without S3 transport.',
+          },
+        };
+      }
+
+      const { remaining } = await getServerLimits({ email: user.email, teamId: team?.id });
+
+      if (remaining.documents <= 0) {
+        return {
+          status: 400,
+          body: {
+            message: 'You have reached the maximum number of documents allowed for this month',
+          },
+        };
+      }
+
+      const fileName = body.title.endsWith('.pdf') ? body.title : `${body.title}.pdf`;
+
+      const { url, key } = await getPresignPostUrl(fileName, 'application/pdf');
+
+      const documentData = await createDocumentData({
+        data: key,
+        type: DocumentDataType.S3_PATH,
+      });
+
+      const document = await createDocument({
+        title: body.title,
+        userId: user.id,
+        teamId: team?.id,
+        documentDataId: documentData.id,
+        requestMetadata: extractNextApiRequestMetadata(args.req),
+      });
+
+      const recipients = await setRecipientsForDocument({
+        userId: user.id,
+        teamId: team?.id,
+        documentId: document.id,
+        recipients: body.recipients,
+        requestMetadata: extractNextApiRequestMetadata(args.req),
+      });
+
+      return {
+        status: 200,
+        body: {
+          uploadUrl: url,
+          documentId: document.id,
+          recipients: recipients.map((recipient) => ({
+            recipientId: recipient.id,
+            name: recipient.name,
+            email: recipient.email,
+            token: recipient.token,
+            role: recipient.role,
+          })),
+        },
+      };
+    } catch (err) {
+      return {
+        status: 404,
+        body: {
+          message: 'An error has occured while uploading the file',
+        },
+      };
+    }
+  }),
+
+  createDocumentFromTemplate: authenticatedMiddleware(async (args, user, team) => {
+    const { body, params } = args;
+
+    const { remaining } = await getServerLimits({ email: user.email, teamId: team?.id });
+
+    if (remaining.documents <= 0) {
+      return {
+        status: 400,
+        body: {
+          message: 'You have reached the maximum number of documents allowed for this month',
+        },
+      };
+    }
+
+    const templateId = Number(params.templateId);
+
+    const fileName = body.title.endsWith('.pdf') ? body.title : `${body.title}.pdf`;
+
+    const document = await createDocumentFromTemplate({
+      templateId,
+      userId: user.id,
+      teamId: team?.id,
+      recipients: body.recipients,
+    });
+
+    await updateDocument({
+      documentId: document.id,
+      userId: user.id,
+      teamId: team?.id,
+      data: {
+        title: fileName,
+      },
+    });
+
+    if (body.meta) {
+      await upsertDocumentMeta({
+        documentId: document.id,
+        userId: user.id,
+        subject: body.meta.subject,
+        message: body.meta.message,
+        dateFormat: body.meta.dateFormat,
+        timezone: body.meta.timezone,
+        requestMetadata: extractNextApiRequestMetadata(args.req),
+      });
+    }
+
+    return {
+      status: 200,
+      body: {
+        documentId: document.id,
+        recipients: document.Recipient.map((recipient) => ({
+          recipientId: recipient.id,
+          name: recipient.name,
+          email: recipient.email,
+          token: recipient.token,
+          role: recipient.role,
+        })),
+      },
+    };
+  }),
+
+  sendDocument: authenticatedMiddleware(async (args, user, team) => {
+    const { id } = args.params;
+
+    const document = await getDocumentById({ id: Number(id), userId: user.id, teamId: team?.id });
+
+    if (!document) {
+      return {
+        status: 404,
+        body: {
+          message: 'Document not found',
+        },
+      };
+    }
+
+    if (document.status === DocumentStatus.COMPLETED) {
+      return {
+        status: 400,
+        body: {
+          message: 'Document is already complete',
+        },
+      };
+    }
+
+    try {
+      //   await setRecipientsForDocument({
+      //     userId: user.id,
+      //     documentId: Number(id),
+      //     recipients: [
+      //       {
+      //         email: body.signerEmail,
+      //         name: body.signerName ?? '',
+      //       },
+      //     ],
+      //   });
+
+      //   await setFieldsForDocument({
+      //     documentId: Number(id),
+      //     userId: user.id,
+      //     fields: body.fields.map((field) => ({
+      //       signerEmail: body.signerEmail,
+      //       type: field.fieldType,
+      //       pageNumber: field.pageNumber,
+      //       pageX: field.pageX,
+      //       pageY: field.pageY,
+      //       pageWidth: field.pageWidth,
+      //       pageHeight: field.pageHeight,
+      //     })),
+      //   });
+
+      //   if (body.emailBody || body.emailSubject) {
+      //     await upsertDocumentMeta({
+      //       documentId: Number(id),
+      //       subject: body.emailSubject ?? '',
+      //       message: body.emailBody ?? '',
+      //     });
+      //   }
+
+      await sendDocument({
+        documentId: Number(id),
+        userId: user.id,
+        teamId: team?.id,
+        requestMetadata: extractNextApiRequestMetadata(args.req),
+      });
+
+      return {
+        status: 200,
+        body: {
+          message: 'Document sent for signing successfully',
+        },
+      };
+    } catch (err) {
+      return {
+        status: 500,
+        body: {
+          message: 'An error has occured while sending the document for signing',
+        },
+      };
+    }
+  }),
+
+  createRecipient: authenticatedMiddleware(async (args, user, team) => {
+    const { id: documentId } = args.params;
+    const { name, email, role } = args.body;
+
+    const document = await getDocumentById({
+      id: Number(documentId),
+      userId: user.id,
+      teamId: team?.id,
+    });
+
+    if (!document) {
+      return {
+        status: 404,
+        body: {
+          message: 'Document not found',
+        },
+      };
+    }
+
+    if (document.status === DocumentStatus.COMPLETED) {
+      return {
+        status: 400,
+        body: {
+          message: 'Document is already completed',
+        },
+      };
+    }
+
+    const recipients = await getRecipientsForDocument({
+      documentId: Number(documentId),
+      userId: user.id,
+      teamId: team?.id,
+    });
+
+    const recipientAlreadyExists = recipients.some((recipient) => recipient.email === email);
+
+    if (recipientAlreadyExists) {
+      return {
+        status: 400,
+        body: {
+          message: 'Recipient already exists',
+        },
+      };
+    }
+
+    try {
+      const newRecipients = await setRecipientsForDocument({
+        documentId: Number(documentId),
+        userId: user.id,
+        teamId: team?.id,
+        recipients: [
+          ...recipients,
+          {
+            email,
+            name,
+            role,
+          },
+        ],
+        requestMetadata: extractNextApiRequestMetadata(args.req),
+      });
+
+      const newRecipient = newRecipients.find((recipient) => recipient.email === email);
+
+      if (!newRecipient) {
+        throw new Error('Recipient not found');
+      }
+
+      return {
+        status: 200,
+        body: {
+          ...newRecipient,
+          documentId: Number(documentId),
+        },
+      };
+    } catch (err) {
+      return {
+        status: 500,
+        body: {
+          message: 'An error has occured while creating the recipient',
+        },
+      };
+    }
+  }),
+
+  updateRecipient: authenticatedMiddleware(async (args, user, team) => {
+    const { id: documentId, recipientId } = args.params;
+    const { name, email, role } = args.body;
+
+    const document = await getDocumentById({
+      id: Number(documentId),
+      userId: user.id,
+      teamId: team?.id,
+    });
+
+    if (!document) {
+      return {
+        status: 404,
+        body: {
+          message: 'Document not found',
+        },
+      };
+    }
+
+    if (document.status === DocumentStatus.COMPLETED) {
+      return {
+        status: 400,
+        body: {
+          message: 'Document is already completed',
+        },
+      };
+    }
+
+    const updatedRecipient = await updateRecipient({
+      documentId: Number(documentId),
+      recipientId: Number(recipientId),
+      userId: user.id,
+      teamId: team?.id,
+      email,
+      name,
+      role,
+      requestMetadata: extractNextApiRequestMetadata(args.req),
+    }).catch(() => null);
+
+    if (!updatedRecipient) {
+      return {
+        status: 404,
+        body: {
+          message: 'Recipient not found',
+        },
+      };
+    }
+
+    return {
+      status: 200,
+      body: {
+        ...updatedRecipient,
+        documentId: Number(documentId),
+      },
+    };
+  }),
+
+  deleteRecipient: authenticatedMiddleware(async (args, user, team) => {
+    const { id: documentId, recipientId } = args.params;
+
+    const document = await getDocumentById({
+      id: Number(documentId),
+      userId: user.id,
+      teamId: team?.id,
+    });
+
+    if (!document) {
+      return {
+        status: 404,
+        body: {
+          message: 'Document not found',
+        },
+      };
+    }
+
+    if (document.status === DocumentStatus.COMPLETED) {
+      return {
+        status: 400,
+        body: {
+          message: 'Document is already completed',
+        },
+      };
+    }
+
+    const deletedRecipient = await deleteRecipient({
+      documentId: Number(documentId),
+      recipientId: Number(recipientId),
+      userId: user.id,
+      teamId: team?.id,
+      requestMetadata: extractNextApiRequestMetadata(args.req),
+    }).catch(() => null);
+
+    if (!deletedRecipient) {
+      return {
+        status: 400,
+        body: {
+          message: 'Unable to delete recipient',
+        },
+      };
+    }
+
+    return {
+      status: 200,
+      body: {
+        ...deletedRecipient,
+        documentId: Number(documentId),
+      },
+    };
+  }),
+
+  createField: authenticatedMiddleware(async (args, user, team) => {
+    const { id: documentId } = args.params;
+    const { recipientId, type, pageNumber, pageWidth, pageHeight, pageX, pageY } = args.body;
+
+    const document = await getDocumentById({
+      id: Number(documentId),
+      userId: user.id,
+      teamId: team?.id,
+    });
+
+    if (!document) {
+      return {
+        status: 404,
+        body: {
+          message: 'Document not found',
+        },
+      };
+    }
+
+    if (document.status === DocumentStatus.COMPLETED) {
+      return {
+        status: 400,
+        body: {
+          message: 'Document is already completed',
+        },
+      };
+    }
+
+    const recipient = await getRecipientById({
+      id: Number(recipientId),
+      documentId: Number(documentId),
+    }).catch(() => null);
+
+    if (!recipient) {
+      return {
+        status: 404,
+        body: {
+          message: 'Recipient not found',
+        },
+      };
+    }
+
+    if (recipient.signingStatus === SigningStatus.SIGNED) {
+      return {
+        status: 400,
+        body: {
+          message: 'Recipient has already signed the document',
+        },
+      };
+    }
+
+    const field = await createField({
+      documentId: Number(documentId),
+      recipientId: Number(recipientId),
+      userId: user.id,
+      teamId: team?.id,
+      type,
+      pageNumber,
+      pageX,
+      pageY,
+      pageWidth,
+      pageHeight,
+      requestMetadata: extractNextApiRequestMetadata(args.req),
+    });
+
+    const remappedField = {
+      id: field.id,
+      documentId: field.documentId,
+      recipientId: field.recipientId ?? -1,
+      type: field.type,
+      pageNumber: field.page,
+      pageX: Number(field.positionX),
+      pageY: Number(field.positionY),
+      pageWidth: Number(field.width),
+      pageHeight: Number(field.height),
+      customText: field.customText,
+      inserted: field.inserted,
+    };
+
+    return {
+      status: 200,
+      body: {
+        ...remappedField,
+        documentId: Number(documentId),
+      },
+    };
+  }),
+
+  updateField: authenticatedMiddleware(async (args, user, team) => {
+    const { id: documentId, fieldId } = args.params;
+    const { recipientId, type, pageNumber, pageWidth, pageHeight, pageX, pageY } = args.body;
+
+    const document = await getDocumentById({
+      id: Number(documentId),
+      userId: user.id,
+      teamId: team?.id,
+    });
+
+    if (!document) {
+      return {
+        status: 404,
+        body: {
+          message: 'Document not found',
+        },
+      };
+    }
+
+    if (document.status === DocumentStatus.COMPLETED) {
+      return {
+        status: 400,
+        body: {
+          message: 'Document is already completed',
+        },
+      };
+    }
+
+    const recipient = await getRecipientById({
+      id: Number(recipientId),
+      documentId: Number(documentId),
+    }).catch(() => null);
+
+    if (!recipient) {
+      return {
+        status: 404,
+        body: {
+          message: 'Recipient not found',
+        },
+      };
+    }
+
+    if (recipient.signingStatus === SigningStatus.SIGNED) {
+      return {
+        status: 400,
+        body: {
+          message: 'Recipient has already signed the document',
+        },
+      };
+    }
+
+    const updatedField = await updateField({
+      fieldId: Number(fieldId),
+      userId: user.id,
+      teamId: team?.id,
+      documentId: Number(documentId),
+      recipientId: recipientId ? Number(recipientId) : undefined,
+      type,
+      pageNumber,
+      pageX,
+      pageY,
+      pageWidth,
+      pageHeight,
+      requestMetadata: extractNextApiRequestMetadata(args.req),
+    });
+
+    const remappedField = {
+      id: updatedField.id,
+      documentId: updatedField.documentId,
+      recipientId: updatedField.recipientId ?? -1,
+      type: updatedField.type,
+      pageNumber: updatedField.page,
+      pageX: Number(updatedField.positionX),
+      pageY: Number(updatedField.positionY),
+      pageWidth: Number(updatedField.width),
+      pageHeight: Number(updatedField.height),
+      customText: updatedField.customText,
+      inserted: updatedField.inserted,
+    };
+
+    return {
+      status: 200,
+      body: {
+        ...remappedField,
+        documentId: Number(documentId),
+      },
+    };
+  }),
+
+  deleteField: authenticatedMiddleware(async (args, user, team) => {
+    const { id: documentId, fieldId } = args.params;
+
+    const document = await getDocumentById({
+      id: Number(documentId),
+      userId: user.id,
+    });
+
+    if (!document) {
+      return {
+        status: 404,
+        body: {
+          message: 'Document not found',
+        },
+      };
+    }
+
+    if (document.status === DocumentStatus.COMPLETED) {
+      return {
+        status: 400,
+        body: {
+          message: 'Document is already completed',
+        },
+      };
+    }
+
+    const field = await getFieldById({
+      fieldId: Number(fieldId),
+      documentId: Number(documentId),
+    }).catch(() => null);
+
+    if (!field) {
+      return {
+        status: 404,
+        body: {
+          message: 'Field not found',
+        },
+      };
+    }
+
+    const recipient = await getRecipientById({
+      id: Number(field.recipientId),
+      documentId: Number(documentId),
+    }).catch(() => null);
+
+    if (recipient?.signingStatus === SigningStatus.SIGNED) {
+      return {
+        status: 400,
+        body: {
+          message: 'Recipient has already signed the document',
+        },
+      };
+    }
+
+    const deletedField = await deleteField({
+      documentId: Number(documentId),
+      fieldId: Number(fieldId),
+      userId: user.id,
+      teamId: team?.id,
+      requestMetadata: extractNextApiRequestMetadata(args.req),
+    }).catch(() => null);
+
+    if (!deletedField) {
+      return {
+        status: 400,
+        body: {
+          message: 'Unable to delete field',
+        },
+      };
+    }
+
+    const remappedField = {
+      id: deletedField.id,
+      documentId: deletedField.documentId,
+      recipientId: deletedField.recipientId ?? -1,
+      type: deletedField.type,
+      pageNumber: deletedField.page,
+      pageX: Number(deletedField.positionX),
+      pageY: Number(deletedField.positionY),
+      pageWidth: Number(deletedField.width),
+      pageHeight: Number(deletedField.height),
+      customText: deletedField.customText,
+      inserted: deletedField.inserted,
+    };
+
+    return {
+      status: 200,
+      body: {
+        ...remappedField,
+        documentId: Number(documentId),
+      },
+    };
+  }),
+});

packages/api/v1/middleware/authenticated.ts

@@ -0,0 +1,41 @@
+import type { NextApiRequest } from 'next';
+
+import { getApiTokenByToken } from '@documenso/lib/server-only/public-api/get-api-token-by-token';
+import type { Team, User } from '@documenso/prisma/client';
+
+export const authenticatedMiddleware = <
+  T extends {
+    req: NextApiRequest;
+  },
+  R extends {
+    status: number;
+    body: unknown;
+  },
+>(
+  handler: (args: T, user: User, team?: Team | null) => Promise<R>,
+) => {
+  return async (args: T) => {
+    try {
+      const { authorization } = args.req.headers;
+
+      // Support for both "Authorization: Bearer api_xxx" and "Authorization: api_xxx"
+      const [token] = (authorization || '').split('Bearer ').filter((s) => s.length > 0);
+
+      if (!token) {
+        throw new Error('Token was not provided for authenticated middleware');
+      }
+
+      const apiToken = await getApiTokenByToken({ token });
+
+      return await handler(args, apiToken.user, apiToken.team);
+    } catch (_err) {
+      console.log({ _err });
+      return {
+        status: 401,
+        body: {
+          message: 'Unauthorized',
+        },
+      } as const;
+    }
+  };
+};

packages/api/v1/openapi.ts

@@ -0,0 +1,17 @@
+import { generateOpenApi } from '@ts-rest/open-api';
+
+import { ApiContractV1 } from './contract';
+
+export const OpenAPIV1 = generateOpenApi(
+  ApiContractV1,
+  {
+    info: {
+      title: 'Documenso API',
+      version: '1.0.0',
+      description: 'The Documenso API for retrieving, creating, updating and deleting documents.',
+    },
+  },
+  {
+    setOperationId: true,
+  },
+);

packages/api/v1/schema.ts

@@ -0,0 +1,241 @@
+import { z } from 'zod';
+
+import {
+  FieldType,
+  ReadStatus,
+  RecipientRole,
+  SendStatus,
+  SigningStatus,
+} from '@documenso/prisma/client';
+
+/**
+ * Documents
+ */
+export const ZGetDocumentsQuerySchema = z.object({
+  page: z.coerce.number().min(1).optional().default(1),
+  perPage: z.coerce.number().min(1).optional().default(1),
+});
+
+export type TGetDocumentsQuerySchema = z.infer<typeof ZGetDocumentsQuerySchema>;
+
+export const ZDeleteDocumentMutationSchema = null;
+
+export type TDeleteDocumentMutationSchema = typeof ZDeleteDocumentMutationSchema;
+
+export const ZSuccessfulDocumentResponseSchema = z.object({
+  id: z.number(),
+  userId: z.number(),
+  teamId: z.number().nullish(),
+  title: z.string(),
+  status: z.string(),
+  documentDataId: z.string(),
+  createdAt: z.date(),
+  updatedAt: z.date(),
+  completedAt: z.date().nullable(),
+});
+
+export const ZSuccessfulGetDocumentResponseSchema = ZSuccessfulDocumentResponseSchema.extend({
+  recipients: z.lazy(() => z.array(ZSuccessfulRecipientResponseSchema)),
+});
+
+export type TSuccessfulGetDocumentResponseSchema = z.infer<
+  typeof ZSuccessfulGetDocumentResponseSchema
+>;
+
+export type TSuccessfulDocumentResponseSchema = z.infer<typeof ZSuccessfulDocumentResponseSchema>;
+
+export const ZSendDocumentForSigningMutationSchema = null;
+
+export type TSendDocumentForSigningMutationSchema = typeof ZSendDocumentForSigningMutationSchema;
+
+export const ZUploadDocumentSuccessfulSchema = z.object({
+  url: z.string(),
+  key: z.string(),
+});
+
+export type TUploadDocumentSuccessfulSchema = z.infer<typeof ZUploadDocumentSuccessfulSchema>;
+
+export const ZCreateDocumentMutationSchema = z.object({
+  title: z.string().min(1),
+  recipients: z.array(
+    z.object({
+      name: z.string().min(1),
+      email: z.string().email().min(1),
+      role: z.nativeEnum(RecipientRole).optional().default(RecipientRole.SIGNER),
+    }),
+  ),
+  meta: z
+    .object({
+      subject: z.string(),
+      message: z.string(),
+      timezone: z.string(),
+      dateFormat: z.string(),
+      redirectUrl: z.string(),
+    })
+    .partial(),
+});
+
+export type TCreateDocumentMutationSchema = z.infer<typeof ZCreateDocumentMutationSchema>;
+
+export const ZCreateDocumentMutationResponseSchema = z.object({
+  uploadUrl: z.string().min(1),
+  documentId: z.number(),
+  recipients: z.array(
+    z.object({
+      recipientId: z.number(),
+      token: z.string(),
+      role: z.nativeEnum(RecipientRole),
+    }),
+  ),
+});
+
+export type TCreateDocumentMutationResponseSchema = z.infer<
+  typeof ZCreateDocumentMutationResponseSchema
+>;
+
+export const ZCreateDocumentFromTemplateMutationSchema = z.object({
+  title: z.string().min(1),
+  recipients: z.array(
+    z.object({
+      name: z.string().min(1),
+      email: z.string().email().min(1),
+      role: z.nativeEnum(RecipientRole).optional().default(RecipientRole.SIGNER),
+    }),
+  ),
+  meta: z
+    .object({
+      subject: z.string(),
+      message: z.string(),
+      timezone: z.string(),
+      dateFormat: z.string(),
+      redirectUrl: z.string(),
+    })
+    .partial()
+    .optional(),
+});
+
+export type TCreateDocumentFromTemplateMutationSchema = z.infer<
+  typeof ZCreateDocumentFromTemplateMutationSchema
+>;
+
+export const ZCreateDocumentFromTemplateMutationResponseSchema = z.object({
+  documentId: z.number(),
+  recipients: z.array(
+    z.object({
+      recipientId: z.number(),
+      name: z.string(),
+      email: z.string().email().min(1),
+      token: z.string(),
+      role: z.nativeEnum(RecipientRole).optional().default(RecipientRole.SIGNER),
+    }),
+  ),
+});
+
+export type TCreateDocumentFromTemplateMutationResponseSchema = z.infer<
+  typeof ZCreateDocumentFromTemplateMutationResponseSchema
+>;
+
+export const ZCreateRecipientMutationSchema = z.object({
+  name: z.string().min(1),
+  email: z.string().email().min(1),
+  role: z.nativeEnum(RecipientRole).optional().default(RecipientRole.SIGNER),
+});
+
+/**
+ * Recipients
+ */
+export type TCreateRecipientMutationSchema = z.infer<typeof ZCreateRecipientMutationSchema>;
+
+export const ZUpdateRecipientMutationSchema = ZCreateRecipientMutationSchema.partial();
+
+export type TUpdateRecipientMutationSchema = z.infer<typeof ZUpdateRecipientMutationSchema>;
+
+export const ZDeleteRecipientMutationSchema = null;
+
+export type TDeleteRecipientMutationSchema = typeof ZDeleteRecipientMutationSchema;
+
+export const ZSuccessfulRecipientResponseSchema = z.object({
+  id: z.number(),
+  // !: This handles the fact that we have null documentId's for templates
+  // !: while we won't need the default we must add it to satisfy typescript
+  documentId: z.number().nullish().default(-1),
+  email: z.string().email().min(1),
+  name: z.string(),
+  role: z.nativeEnum(RecipientRole),
+  token: z.string(),
+  // !: Not used for now
+  // expired: z.string(),
+  signedAt: z.date().nullable(),
+  readStatus: z.nativeEnum(ReadStatus),
+  signingStatus: z.nativeEnum(SigningStatus),
+  sendStatus: z.nativeEnum(SendStatus),
+});
+
+export type TSuccessfulRecipientResponseSchema = z.infer<typeof ZSuccessfulRecipientResponseSchema>;
+
+/**
+ * Fields
+ */
+export const ZCreateFieldMutationSchema = z.object({
+  recipientId: z.number(),
+  type: z.nativeEnum(FieldType),
+  pageNumber: z.number(),
+  pageX: z.number(),
+  pageY: z.number(),
+  pageWidth: z.number(),
+  pageHeight: z.number(),
+});
+
+export type TCreateFieldMutationSchema = z.infer<typeof ZCreateFieldMutationSchema>;
+
+export const ZUpdateFieldMutationSchema = ZCreateFieldMutationSchema.partial();
+
+export type TUpdateFieldMutationSchema = z.infer<typeof ZUpdateFieldMutationSchema>;
+
+export const ZDeleteFieldMutationSchema = null;
+
+export type TDeleteFieldMutationSchema = typeof ZDeleteFieldMutationSchema;
+
+export const ZSuccessfulFieldResponseSchema = z.object({
+  id: z.number(),
+  documentId: z.number(),
+  recipientId: z.number(),
+  type: z.nativeEnum(FieldType),
+  pageNumber: z.number(),
+  pageX: z.number(),
+  pageY: z.number(),
+  pageWidth: z.number(),
+  pageHeight: z.number(),
+  customText: z.string(),
+  inserted: z.boolean(),
+});
+
+export type TSuccessfulFieldResponseSchema = z.infer<typeof ZSuccessfulFieldResponseSchema>;
+
+export const ZSuccessfulResponseSchema = z.object({
+  documents: ZSuccessfulDocumentResponseSchema.array(),
+  totalPages: z.number(),
+});
+
+export type TSuccessfulResponseSchema = z.infer<typeof ZSuccessfulResponseSchema>;
+
+export const ZSuccessfulSigningResponseSchema = z.object({
+  message: z.string(),
+});
+
+export type TSuccessfulSigningResponseSchema = z.infer<typeof ZSuccessfulSigningResponseSchema>;
+
+/**
+ * General
+ */
+export const ZAuthorizationHeadersSchema = z.object({
+  authorization: z.string(),
+});
+
+export type TAuthorizationHeadersSchema = z.infer<typeof ZAuthorizationHeadersSchema>;
+
+export const ZUnsuccessfulResponseSchema = z.object({
+  message: z.string(),
+});
+
+export type TUnsuccessfulResponseSchema = z.infer<typeof ZUnsuccessfulResponseSchema>;

packages/app-tests/e2e/fixtures/authentication.ts

@@ -34,6 +34,7 @@ export const manualLogin = async ({
 };
 
 export const manualSignout = async ({ page }: ManualLoginOptions) => {
+  await page.waitForTimeout(1000);
   await page.getByTestId('menu-switcher').click();
   await page.getByRole('menuitem', { name: 'Sign Out' }).click();
   await page.waitForURL(`${WEBAPP_BASE_URL}/signin`);

packages/app-tests/e2e/templates/manage-templates.spec.ts

@@ -107,6 +107,8 @@ test('[TEMPLATES]: delete template', async ({ page }) => {
     await page.getByRole('menuitem', { name: 'Delete' }).click();
     await page.getByRole('button', { name: 'Delete' }).click();
     await expect(page.getByText('Template deleted').first()).toBeVisible();
+
+    await page.waitForTimeout(1000);
   }
 
   await unseedTeam(team.url);
@@ -187,15 +189,18 @@ test('[TEMPLATES]: use template', async ({ page }) => {
 
   // Use personal template.
   await page.getByRole('button', { name: 'Use Template' }).click();
+  await page.getByRole('button', { name: 'Create Document' }).click();
   await page.waitForURL(/documents/);
   await page.getByRole('main').getByRole('link', { name: 'Documents' }).click();
   await page.waitForURL('/documents');
   await expect(page.getByRole('main')).toContainText('Showing 1 result');
 
   await page.goto(`${WEBAPP_BASE_URL}/t/${team.url}/templates`);
+  await page.waitForTimeout(1000);
 
   // Use team template.
   await page.getByRole('button', { name: 'Use Template' }).click();
+  await page.getByRole('button', { name: 'Create Document' }).click();
   await page.waitForURL(/\/t\/.+\/documents/);
   await page.getByRole('main').getByRole('link', { name: 'Documents' }).click();
   await page.waitForURL(`/t/${team.url}/documents`);

packages/app-tests/e2e/test-auth-flow.spec.ts

@@ -29,7 +29,10 @@ test('user can sign up with email and password', async ({ page }: { page: Page }
     await page.mouse.up();
   }
 
-  await page.getByRole('button', { name: 'Sign Up', exact: true }).click();
+  await page.getByRole('button', { name: 'Next', exact: true }).click();
+  await page.getByLabel('Public profile username').fill('username-123');
+
+  await page.getByRole('button', { name: 'Complete', exact: true }).click();
 
   await page.waitForURL('/unverified-account');
 

packages/lib/constants/feature-flags.ts

@@ -25,6 +25,7 @@ export const LOCAL_FEATURE_FLAGS: Record<string, boolean> = {
   app_teams: true,
   app_document_page_view_history_sheet: false,
   marketing_header_single_player_mode: false,
+  marketing_profiles_announcement_bar: true,
 } as const;
 
 /**

packages/lib/constants/time.ts

@@ -1,5 +1,11 @@
+import { Duration } from 'luxon';
+
 export const ONE_SECOND = 1000;
 export const ONE_MINUTE = ONE_SECOND * 60;
 export const ONE_HOUR = ONE_MINUTE * 60;
 export const ONE_DAY = ONE_HOUR * 24;
 export const ONE_WEEK = ONE_DAY * 7;
+export const ONE_MONTH = Duration.fromObject({ months: 1 });
+export const THREE_MONTHS = Duration.fromObject({ months: 3 });
+export const SIX_MONTHS = Duration.fromObject({ months: 6 });
+export const ONE_YEAR = Duration.fromObject({ years: 1 });

packages/lib/errors/app-error.ts

@@ -18,6 +18,8 @@ export enum AppErrorCode {
   'RETRY_EXCEPTION' = 'RetryException',
   'SCHEMA_FAILED' = 'SchemaFailed',
   'TOO_MANY_REQUESTS' = 'TooManyRequests',
+  'PROFILE_URL_TAKEN' = 'ProfileUrlTaken',
+  'PREMIUM_PROFILE_URL' = 'PremiumProfileUrl',
 }
 
 const genericErrorCodeToTrpcErrorCodeMap: Record<string, TRPCError['code']> = {
@@ -32,6 +34,8 @@ const genericErrorCodeToTrpcErrorCodeMap: Record<string, TRPCError['code']> = {
   [AppErrorCode.RETRY_EXCEPTION]: 'INTERNAL_SERVER_ERROR',
   [AppErrorCode.SCHEMA_FAILED]: 'INTERNAL_SERVER_ERROR',
   [AppErrorCode.TOO_MANY_REQUESTS]: 'TOO_MANY_REQUESTS',
+  [AppErrorCode.PROFILE_URL_TAKEN]: 'BAD_REQUEST',
+  [AppErrorCode.PREMIUM_PROFILE_URL]: 'BAD_REQUEST',
 };
 
 export const ZAppErrorJsonSchema = z.object({

packages/lib/server-only/2fa/validate-2fa.ts

@@ -1,4 +1,4 @@
-import { User } from '@documenso/prisma/client';
+import type { User } from '@documenso/prisma/client';
 
 import { ErrorCode } from '../../next-auth/error-codes';
 import { verifyTwoFactorAuthenticationToken } from './verify-2fa-token';

packages/lib/server-only/2fa/verify-2fa-token.ts

@@ -1,7 +1,7 @@
 import { base32 } from '@scure/base';
 import { TOTPController } from 'oslo/otp';
 
-import { User } from '@documenso/prisma/client';
+import type { User } from '@documenso/prisma/client';
 
 import { DOCUMENSO_ENCRYPTION_KEY } from '../../constants/crypto';
 import { symmetricDecrypt } from '../../universal/crypto';

packages/lib/server-only/admin/get-all-documents.ts

@@ -1,5 +1,5 @@
 import { prisma } from '@documenso/prisma';
-import { Prisma } from '@documenso/prisma/client';
+import type { Prisma } from '@documenso/prisma/client';
 
 export interface FindDocumentsOptions {
   term?: string;

packages/lib/server-only/admin/update-user.ts

@@ -1,5 +1,5 @@
 import { prisma } from '@documenso/prisma';
-import { Role } from '@documenso/prisma/client';
+import type { Role } from '@documenso/prisma/client';
 
 export type UpdateUserOptions = {
   id: number;

packages/lib/server-only/auth/hash.ts

@@ -1,4 +1,5 @@
 import { compareSync as bcryptCompareSync, hashSync as bcryptHashSync } from 'bcrypt';
+import crypto from 'crypto';
 
 import { SALT_ROUNDS } from '../../constants/auth';
 
@@ -12,3 +13,7 @@ export const hashSync = (password: string) => {
 export const compareSync = (password: string, hash: string) => {
   return bcryptCompareSync(password, hash);
 };
+
+export const hashString = (input: string) => {
+  return crypto.createHash('sha512').update(input).digest('hex');
+};

packages/lib/server-only/crypto/sign.ts

@@ -0,0 +1,12 @@
+import { hashString } from '../auth/hash';
+import { encryptSecondaryData } from './encrypt';
+
+export const sign = (data: unknown) => {
+  const stringified = JSON.stringify(data);
+
+  const hashed = hashString(stringified);
+
+  const signature = encryptSecondaryData({ data: hashed });
+
+  return signature;
+};

packages/lib/server-only/crypto/verify.ts

@@ -0,0 +1,12 @@
+import { hashString } from '../auth/hash';
+import { decryptSecondaryData } from './decrypt';
+
+export const verify = (data: unknown, signature: string) => {
+  const stringified = JSON.stringify(data);
+
+  const hashed = hashString(stringified);
+
+  const decrypted = decryptSecondaryData(signature);
+
+  return decrypted === hashed;
+};

packages/lib/server-only/document/complete-document-with-token.ts

@@ -5,7 +5,9 @@ import type { RequestMetadata } from '@documenso/lib/universal/extract-request-m
 import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-logs';
 import { prisma } from '@documenso/prisma';
 import { DocumentStatus, SigningStatus } from '@documenso/prisma/client';
+import { WebhookTriggerEvents } from '@documenso/prisma/client';
 
+import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
 import { sealDocument } from './seal-document';
 import { sendPendingEmail } from './send-pending-email';
 
@@ -15,14 +17,8 @@ export type CompleteDocumentWithTokenOptions = {
   requestMetadata?: RequestMetadata;
 };
 
-export const completeDocumentWithToken = async ({
-  token,
-  documentId,
-  requestMetadata,
-}: CompleteDocumentWithTokenOptions) => {
-  'use server';
-
-  const document = await prisma.document.findFirstOrThrow({
+const getDocument = async ({ token, documentId }: CompleteDocumentWithTokenOptions) => {
+  return await prisma.document.findFirstOrThrow({
     where: {
       id: documentId,
       Recipient: {
@@ -39,6 +35,16 @@ export const completeDocumentWithToken = async ({
       },
     },
   });
+};
+
+export const completeDocumentWithToken = async ({
+  token,
+  documentId,
+  requestMetadata,
+}: CompleteDocumentWithTokenOptions) => {
+  'use server';
+
+  const document = await getDocument({ token, documentId });
 
   if (document.status === DocumentStatus.COMPLETED) {
     throw new Error(`Document ${document.id} has already been completed`);
@@ -124,4 +130,13 @@ export const completeDocumentWithToken = async ({
   if (documents.count > 0) {
     await sealDocument({ documentId: document.id, requestMetadata });
   }
+
+  const updatedDocument = await getDocument({ token, documentId });
+
+  await triggerWebhook({
+    event: WebhookTriggerEvents.DOCUMENT_SIGNED,
+    data: updatedDocument,
+    userId: updatedDocument.userId,
+    teamId: updatedDocument.teamId ?? undefined,
+  });
 };

packages/lib/server-only/document/create-document.ts

@@ -5,6 +5,9 @@ import { DOCUMENT_AUDIT_LOG_TYPE } from '@documenso/lib/types/document-audit-log
 import type { RequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
 import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-logs';
 import { prisma } from '@documenso/prisma';
+import { WebhookTriggerEvents } from '@documenso/prisma/client';
+
+import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
 
 export type CreateDocumentOptions = {
   title: string;
@@ -63,6 +66,13 @@ export const createDocument = async ({
       }),
     });
 
+    await triggerWebhook({
+      event: WebhookTriggerEvents.DOCUMENT_CREATED,
+      data: document,
+      userId,
+      teamId,
+    });
+
     return document;
   });
 };

packages/lib/server-only/document/delete-document.ts

@@ -17,41 +17,47 @@ import { createDocumentAuditLogData } from '../../utils/document-audit-logs';
 export type DeleteDocumentOptions = {
   id: number;
   userId: number;
-  status: DocumentStatus;
+  teamId?: number;
   requestMetadata?: RequestMetadata;
 };
 
 export const deleteDocument = async ({
   id,
   userId,
-  status,
+  teamId,
   requestMetadata,
 }: DeleteDocumentOptions) => {
-  await prisma.document.findFirstOrThrow({
+  const document = await prisma.document.findUnique({
     where: {
       id,
-      OR: [
-        {
-          userId,
-        },
-        {
-          team: {
-            members: {
-              some: {
-                userId,
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
               },
             },
-          },
-        },
-      ],
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
+    },
+    include: {
+      Recipient: true,
+      documentMeta: true,
+      User: true,
     },
   });
 
-  const user = await prisma.user.findFirstOrThrow({
-    where: {
-      id: userId,
-    },
-  });
+  if (!document) {
+    throw new Error('Document not found');
+  }
+
+  const { status, User: user } = document;
 
   // if the document is a draft, hard-delete
   if (status === DocumentStatus.DRAFT) {
@@ -75,51 +81,33 @@ export const deleteDocument = async ({
   }
 
   // if the document is pending, send cancellation emails to all recipients
-  if (status === DocumentStatus.PENDING) {
-    const document = await prisma.document.findUnique({
-      where: {
-        id,
-        status,
-        userId,
-      },
-      include: {
-        Recipient: true,
-        documentMeta: true,
-      },
-    });
+  if (status === DocumentStatus.PENDING && document.Recipient.length > 0) {
+    await Promise.all(
+      document.Recipient.map(async (recipient) => {
+        const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
 
-    if (!document) {
-      throw new Error('Document not found');
-    }
+        const template = createElement(DocumentCancelTemplate, {
+          documentName: document.title,
+          inviterName: user.name || undefined,
+          inviterEmail: user.email,
+          assetBaseUrl,
+        });
 
-    if (document.Recipient.length > 0) {
-      await Promise.all(
-        document.Recipient.map(async (recipient) => {
-          const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
-
-          const template = createElement(DocumentCancelTemplate, {
-            documentName: document.title,
-            inviterName: user.name || undefined,
-            inviterEmail: user.email,
-            assetBaseUrl,
-          });
-
-          await mailer.sendMail({
-            to: {
-              address: recipient.email,
-              name: recipient.name,
-            },
-            from: {
-              name: FROM_NAME,
-              address: FROM_ADDRESS,
-            },
-            subject: 'Document Cancelled',
-            html: render(template),
-            text: render(template, { plainText: true }),
-          });
-        }),
-      );
-    }
+        await mailer.sendMail({
+          to: {
+            address: recipient.email,
+            name: recipient.name,
+          },
+          from: {
+            name: FROM_NAME,
+            address: FROM_ADDRESS,
+          },
+          subject: 'Document Cancelled',
+          html: render(template),
+          text: render(template, { plainText: true }),
+        });
+      }),
+    );
   }
 
   // If the document is not a draft, only soft-delete.

packages/lib/server-only/document/get-document-by-token.ts

@@ -70,6 +70,6 @@ export const getDocumentAndRecipientByToken = async ({
 
   return {
     ...result,
-    Recipient: result.Recipient[0],
+    Recipient: result.Recipient,
   };
 };

packages/lib/server-only/document/seal-document.ts

@@ -9,12 +9,14 @@ import { DOCUMENT_AUDIT_LOG_TYPE } from '@documenso/lib/types/document-audit-log
 import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-logs';
 import { prisma } from '@documenso/prisma';
 import { DocumentStatus, RecipientRole, SigningStatus } from '@documenso/prisma/client';
+import { WebhookTriggerEvents } from '@documenso/prisma/client';
 import { signPdf } from '@documenso/signing';
 
 import type { RequestMetadata } from '../../universal/extract-request-metadata';
 import { getFile } from '../../universal/upload/get-file';
 import { putFile } from '../../universal/upload/put-file';
 import { insertFieldInPDF } from '../pdf/insert-field-in-pdf';
+import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
 import { sendCompletedEmail } from './send-completed-email';
 
 export type SealDocumentOptions = {
@@ -36,6 +38,7 @@ export const sealDocument = async ({
     },
     include: {
       documentData: true,
+      Recipient: true,
     },
   });
 
@@ -134,4 +137,11 @@ export const sealDocument = async ({
   if (sendEmail) {
     await sendCompletedEmail({ documentId, requestMetadata });
   }
+
+  await triggerWebhook({
+    event: WebhookTriggerEvents.DOCUMENT_COMPLETED,
+    data: document,
+    userId: document.userId,
+    teamId: document.teamId ?? undefined,
+  });
 };

packages/lib/server-only/document/send-document.tsx

@@ -10,22 +10,26 @@ import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-
 import { renderCustomEmailTemplate } from '@documenso/lib/utils/render-custom-email-template';
 import { prisma } from '@documenso/prisma';
 import { DocumentStatus, RecipientRole, SendStatus } from '@documenso/prisma/client';
+import { WebhookTriggerEvents } from '@documenso/prisma/client';
 
 import { NEXT_PUBLIC_WEBAPP_URL } from '../../constants/app';
 import {
   RECIPIENT_ROLES_DESCRIPTION,
   RECIPIENT_ROLE_TO_EMAIL_TYPE,
 } from '../../constants/recipient-roles';
+import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
 
 export type SendDocumentOptions = {
   documentId: number;
   userId: number;
+  teamId?: number;
   requestMetadata?: RequestMetadata;
 };
 
 export const sendDocument = async ({
   documentId,
   userId,
+  teamId,
   requestMetadata,
 }: SendDocumentOptions) => {
   const user = await prisma.user.findFirstOrThrow({
@@ -42,20 +46,21 @@ export const sendDocument = async ({
   const document = await prisma.document.findUnique({
     where: {
       id: documentId,
-      OR: [
-        {
-          userId,
-        },
-        {
-          team: {
-            members: {
-              some: {
-                userId,
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
               },
             },
-          },
-        },
-      ],
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
     },
     include: {
       Recipient: true,
@@ -177,8 +182,18 @@ export const sendDocument = async ({
       data: {
         status: DocumentStatus.PENDING,
       },
+      include: {
+        Recipient: true,
+      },
     });
   });
 
+  await triggerWebhook({
+    event: WebhookTriggerEvents.DOCUMENT_SENT,
+    data: updatedDocument,
+    userId,
+    teamId,
+  });
+
   return updatedDocument;
 };

packages/lib/server-only/document/update-document.ts

@@ -5,16 +5,36 @@ import type { Prisma } from '@prisma/client';
 import { prisma } from '@documenso/prisma';
 
 export type UpdateDocumentOptions = {
+  documentId: number;
   data: Prisma.DocumentUpdateInput;
   userId: number;
-  documentId: number;
+  teamId?: number;
 };
 
-export const updateDocument = async ({ documentId, userId, data }: UpdateDocumentOptions) => {
+export const updateDocument = async ({
+  documentId,
+  userId,
+  teamId,
+  data,
+}: UpdateDocumentOptions) => {
   return await prisma.document.update({
     where: {
       id: documentId,
-      userId,
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
+              },
+            },
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
     },
     data: {
       ...data,

packages/lib/server-only/document/update-title.ts

@@ -7,6 +7,7 @@ import { prisma } from '@documenso/prisma';
 
 export type UpdateTitleOptions = {
   userId: number;
+  teamId?: number;
   documentId: number;
   title: string;
   requestMetadata?: RequestMetadata;
@@ -14,6 +15,7 @@ export type UpdateTitleOptions = {
 
 export const updateTitle = async ({
   userId,
+  teamId,
   documentId,
   title,
   requestMetadata,
@@ -27,20 +29,21 @@ export const updateTitle = async ({
   const document = await prisma.document.findFirstOrThrow({
     where: {
       id: documentId,
-      OR: [
-        {
-          userId,
-        },
-        {
-          team: {
-            members: {
-              some: {
-                userId,
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
               },
             },
-          },
-        },
-      ],
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
     },
   });
 

packages/lib/server-only/document/viewed-document.ts

@@ -3,6 +3,10 @@ import type { RequestMetadata } from '@documenso/lib/universal/extract-request-m
 import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-logs';
 import { prisma } from '@documenso/prisma';
 import { ReadStatus } from '@documenso/prisma/client';
+import { WebhookTriggerEvents } from '@documenso/prisma/client';
+
+import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
+import { getDocumentAndRecipientByToken } from './get-document-by-token';
 
 export type ViewedDocumentOptions = {
   token: string;
@@ -51,4 +55,13 @@ export const viewedDocument = async ({ token, requestMetadata }: ViewedDocumentO
       }),
     });
   });
+
+  const document = await getDocumentAndRecipientByToken({ token });
+
+  await triggerWebhook({
+    event: WebhookTriggerEvents.DOCUMENT_OPENED,
+    data: document,
+    userId: document.userId,
+    teamId: document.teamId ?? undefined,
+  });
 };

packages/lib/server-only/field/create-field.ts

@@ -0,0 +1,126 @@
+import { prisma } from '@documenso/prisma';
+import type { FieldType, Team } from '@documenso/prisma/client';
+
+import type { RequestMetadata } from '../../universal/extract-request-metadata';
+import { createDocumentAuditLogData } from '../../utils/document-audit-logs';
+
+export type CreateFieldOptions = {
+  documentId: number;
+  userId: number;
+  teamId?: number;
+  recipientId: number;
+  type: FieldType;
+  pageNumber: number;
+  pageX: number;
+  pageY: number;
+  pageWidth: number;
+  pageHeight: number;
+  requestMetadata?: RequestMetadata;
+};
+
+export const createField = async ({
+  documentId,
+  userId,
+  teamId,
+  recipientId,
+  type,
+  pageNumber,
+  pageX,
+  pageY,
+  pageWidth,
+  pageHeight,
+  requestMetadata,
+}: CreateFieldOptions) => {
+  const document = await prisma.document.findFirst({
+    select: {
+      id: true,
+    },
+    where: {
+      id: documentId,
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
+              },
+            },
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
+    },
+  });
+
+  if (!document) {
+    throw new Error('Document not found');
+  }
+
+  const user = await prisma.user.findFirstOrThrow({
+    where: {
+      id: userId,
+    },
+    select: {
+      id: true,
+      name: true,
+      email: true,
+    },
+  });
+
+  let team: Team | null = null;
+
+  if (teamId) {
+    team = await prisma.team.findFirst({
+      where: {
+        id: teamId,
+        members: {
+          some: {
+            userId,
+          },
+        },
+      },
+    });
+  }
+
+  const field = await prisma.field.create({
+    data: {
+      documentId,
+      recipientId,
+      type,
+      page: pageNumber,
+      positionX: pageX,
+      positionY: pageY,
+      width: pageWidth,
+      height: pageHeight,
+      customText: '',
+      inserted: false,
+    },
+    include: {
+      Recipient: true,
+    },
+  });
+
+  await prisma.documentAuditLog.create({
+    data: createDocumentAuditLogData({
+      type: 'FIELD_CREATED',
+      documentId,
+      user: {
+        id: team?.id ?? user.id,
+        email: team?.name ?? user.email,
+        name: team ? '' : user.name,
+      },
+      data: {
+        fieldId: field.secondaryId,
+        fieldRecipientEmail: field.Recipient?.email ?? '',
+        fieldRecipientId: recipientId,
+        fieldType: field.type,
+      },
+      requestMetadata,
+    }),
+  });
+
+  return field;
+};

packages/lib/server-only/field/delete-field.ts

@@ -0,0 +1,90 @@
+import { prisma } from '@documenso/prisma';
+import type { Team } from '@documenso/prisma/client';
+
+import type { RequestMetadata } from '../../universal/extract-request-metadata';
+import { createDocumentAuditLogData } from '../../utils/document-audit-logs';
+
+export type DeleteFieldOptions = {
+  fieldId: number;
+  documentId: number;
+  userId: number;
+  teamId?: number;
+  requestMetadata?: RequestMetadata;
+};
+
+export const deleteField = async ({
+  fieldId,
+  userId,
+  teamId,
+  documentId,
+  requestMetadata,
+}: DeleteFieldOptions) => {
+  const field = await prisma.field.delete({
+    where: {
+      id: fieldId,
+      Document: {
+        id: documentId,
+        ...(teamId
+          ? {
+              team: {
+                id: teamId,
+                members: {
+                  some: {
+                    userId,
+                  },
+                },
+              },
+            }
+          : {
+              userId,
+              teamId: null,
+            }),
+      },
+    },
+    include: {
+      Recipient: true,
+    },
+  });
+
+  const user = await prisma.user.findFirstOrThrow({
+    where: {
+      id: userId,
+    },
+    select: {
+      id: true,
+      name: true,
+      email: true,
+    },
+  });
+
+  let team: Team | null = null;
+
+  if (teamId) {
+    team = await prisma.team.findFirstOrThrow({
+      where: {
+        id: teamId,
+      },
+    });
+  }
+
+  await prisma.documentAuditLog.create({
+    data: createDocumentAuditLogData({
+      type: 'FIELD_DELETED',
+      documentId,
+      user: {
+        id: team?.id ?? user.id,
+        email: team?.name ?? user.email,
+        name: team ? '' : user.name,
+      },
+      data: {
+        fieldId: field.secondaryId,
+        fieldRecipientEmail: field.Recipient?.email ?? '',
+        fieldRecipientId: field.recipientId ?? -1,
+        fieldType: field.type,
+      },
+      requestMetadata,
+    }),
+  });
+
+  return field;
+};

packages/lib/server-only/field/get-field-by-id.ts

@@ -0,0 +1,17 @@
+import { prisma } from '@documenso/prisma';
+
+export type GetFieldByIdOptions = {
+  fieldId: number;
+  documentId: number;
+};
+
+export const getFieldById = async ({ fieldId, documentId }: GetFieldByIdOptions) => {
+  const field = await prisma.field.findFirst({
+    where: {
+      id: fieldId,
+      documentId,
+    },
+  });
+
+  return field;
+};

packages/lib/server-only/field/update-field.ts

@@ -0,0 +1,122 @@
+import { prisma } from '@documenso/prisma';
+import type { FieldType, Team } from '@documenso/prisma/client';
+
+import type { RequestMetadata } from '../../universal/extract-request-metadata';
+import { createDocumentAuditLogData } from '../../utils/document-audit-logs';
+
+export type UpdateFieldOptions = {
+  fieldId: number;
+  documentId: number;
+  userId: number;
+  teamId?: number;
+  recipientId?: number;
+  type?: FieldType;
+  pageNumber?: number;
+  pageX?: number;
+  pageY?: number;
+  pageWidth?: number;
+  pageHeight?: number;
+  requestMetadata?: RequestMetadata;
+};
+
+export const updateField = async ({
+  fieldId,
+  documentId,
+  userId,
+  teamId,
+  recipientId,
+  type,
+  pageNumber,
+  pageX,
+  pageY,
+  pageWidth,
+  pageHeight,
+  requestMetadata,
+}: UpdateFieldOptions) => {
+  const field = await prisma.field.update({
+    where: {
+      id: fieldId,
+      Document: {
+        id: documentId,
+        ...(teamId
+          ? {
+              team: {
+                id: teamId,
+                members: {
+                  some: {
+                    userId,
+                  },
+                },
+              },
+            }
+          : {
+              userId,
+              teamId: null,
+            }),
+      },
+    },
+    data: {
+      recipientId,
+      type,
+      page: pageNumber,
+      positionX: pageX,
+      positionY: pageY,
+      width: pageWidth,
+      height: pageHeight,
+    },
+    include: {
+      Recipient: true,
+    },
+  });
+
+  if (!field) {
+    throw new Error('Field not found');
+  }
+
+  const user = await prisma.user.findFirstOrThrow({
+    where: {
+      id: userId,
+    },
+    select: {
+      id: true,
+      name: true,
+      email: true,
+    },
+  });
+
+  let team: Team | null = null;
+
+  if (teamId) {
+    team = await prisma.team.findFirst({
+      where: {
+        id: teamId,
+        members: {
+          some: {
+            userId,
+          },
+        },
+      },
+    });
+  }
+
+  await prisma.documentAuditLog.create({
+    data: createDocumentAuditLogData({
+      type: 'FIELD_UPDATED',
+      documentId,
+      user: {
+        id: team?.id ?? user.id,
+        email: team?.name ?? user.email,
+        name: team ? '' : user.name,
+      },
+      data: {
+        fieldId: field.secondaryId,
+        fieldRecipientEmail: field.Recipient?.email ?? '',
+        fieldRecipientId: recipientId ?? -1,
+        fieldType: field.type,
+      },
+      requestMetadata,
+    }),
+  });
+
+  return field;
+};

packages/lib/server-only/pdf/insert-field-in-pdf.ts

@@ -1,3 +1,4 @@
+// https://github.com/Hopding/pdf-lib/issues/20#issuecomment-412852821
 import fontkit from '@pdf-lib/fontkit';
 import { PDFDocument, StandardFonts } from 'pdf-lib';
 
@@ -73,13 +74,17 @@ export const insertFieldInPDF = async (pdf: PDFDocument, field: FieldWithSignatu
       height: imageHeight,
     });
   } else {
-    let textWidth = font.widthOfTextAtSize(field.customText, fontSize);
+    const longestLineInTextForWidth = field.customText
+      .split('\n')
+      .sort((a, b) => b.length - a.length)[0];
+
+    let textWidth = font.widthOfTextAtSize(longestLineInTextForWidth, fontSize);
     const textHeight = font.heightAtSize(fontSize);
 
     const scalingFactor = Math.min(fieldWidth / textWidth, fieldHeight / textHeight, 1);
 
     fontSize = Math.max(Math.min(fontSize * scalingFactor, maxFontSize), minFontSize);
-    textWidth = font.widthOfTextAtSize(field.customText, fontSize);
+    textWidth = font.widthOfTextAtSize(longestLineInTextForWidth, fontSize);
 
     const textX = fieldX + (fieldWidth - textWidth) / 2;
     let textY = fieldY + (fieldHeight - textHeight) / 2;

packages/lib/server-only/public-api/create-api-token.ts

@@ -0,0 +1,67 @@
+import type { Duration } from 'luxon';
+import { DateTime } from 'luxon';
+
+import { prisma } from '@documenso/prisma';
+import { TeamMemberRole } from '@documenso/prisma/client';
+
+// temporary choice for testing only
+import * as timeConstants from '../../constants/time';
+import { alphaid } from '../../universal/id';
+import { hashString } from '../auth/hash';
+
+type TimeConstants = typeof timeConstants & {
+  [key: string]: number | Duration;
+};
+
+type CreateApiTokenInput = {
+  userId: number;
+  teamId?: number;
+  tokenName: string;
+  expiresIn: string | null;
+};
+
+export const createApiToken = async ({
+  userId,
+  teamId,
+  tokenName,
+  expiresIn,
+}: CreateApiTokenInput) => {
+  const apiToken = `api_${alphaid(16)}`;
+
+  const hashedToken = hashString(apiToken);
+
+  const timeConstantsRecords: TimeConstants = timeConstants;
+
+  if (teamId) {
+    const member = await prisma.teamMember.findFirst({
+      where: {
+        userId,
+        teamId,
+        role: TeamMemberRole.ADMIN,
+      },
+    });
+
+    if (!member) {
+      throw new Error('You do not have permission to create a token for this team');
+    }
+  }
+
+  const storedToken = await prisma.apiToken.create({
+    data: {
+      name: tokenName,
+      token: hashedToken,
+      expires: expiresIn ? DateTime.now().plus(timeConstantsRecords[expiresIn]).toJSDate() : null,
+      userId: teamId ? null : userId,
+      teamId,
+    },
+  });
+
+  if (!storedToken) {
+    throw new Error('Failed to create the API token');
+  }
+
+  return {
+    id: storedToken.id,
+    token: apiToken,
+  };
+};

packages/lib/server-only/public-api/delete-api-token-by-id.ts

@@ -0,0 +1,32 @@
+import { prisma } from '@documenso/prisma';
+import { TeamMemberRole } from '@documenso/prisma/client';
+
+export type DeleteTokenByIdOptions = {
+  id: number;
+  userId: number;
+  teamId?: number;
+};
+
+export const deleteTokenById = async ({ id, userId, teamId }: DeleteTokenByIdOptions) => {
+  if (teamId) {
+    const member = await prisma.teamMember.findFirst({
+      where: {
+        userId,
+        teamId,
+        role: TeamMemberRole.ADMIN,
+      },
+    });
+
+    if (!member) {
+      throw new Error('You do not have permission to delete this token');
+    }
+  }
+
+  return await prisma.apiToken.delete({
+    where: {
+      id,
+      userId: teamId ? null : userId,
+      teamId,
+    },
+  });
+};

packages/lib/server-only/public-api/get-all-team-tokens.ts

@@ -0,0 +1,36 @@
+import { prisma } from '@documenso/prisma';
+import { TeamMemberRole } from '@documenso/prisma/client';
+
+export type GetUserTokensOptions = {
+  userId: number;
+  teamId: number;
+};
+
+export const getTeamTokens = async ({ userId, teamId }: GetUserTokensOptions) => {
+  const teamMember = await prisma.teamMember.findFirst({
+    where: {
+      userId,
+      teamId,
+    },
+  });
+
+  if (teamMember?.role !== TeamMemberRole.ADMIN) {
+    throw new Error('You do not have permission to view tokens for this team');
+  }
+
+  return await prisma.apiToken.findMany({
+    where: {
+      teamId,
+    },
+    select: {
+      id: true,
+      name: true,
+      algorithm: true,
+      createdAt: true,
+      expires: true,
+    },
+    orderBy: {
+      createdAt: 'desc',
+    },
+  });
+};

packages/lib/server-only/public-api/get-all-user-tokens.ts

@@ -0,0 +1,23 @@
+import { prisma } from '@documenso/prisma';
+
+export type GetUserTokensOptions = {
+  userId: number;
+};
+
+export const getUserTokens = async ({ userId }: GetUserTokensOptions) => {
+  return await prisma.apiToken.findMany({
+    where: {
+      userId,
+    },
+    select: {
+      id: true,
+      name: true,
+      algorithm: true,
+      createdAt: true,
+      expires: true,
+    },
+    orderBy: {
+      createdAt: 'desc',
+    },
+  });
+};

packages/lib/server-only/public-api/get-api-token-by-id.ts

@@ -0,0 +1,15 @@
+import { prisma } from '@documenso/prisma';
+
+export type GetApiTokenByIdOptions = {
+  id: number;
+  userId: number;
+};
+
+export const getApiTokenById = async ({ id, userId }: GetApiTokenByIdOptions) => {
+  return await prisma.apiToken.findFirstOrThrow({
+    where: {
+      id,
+      userId,
+    },
+  });
+};

packages/lib/server-only/public-api/get-api-token-by-token.ts

@@ -0,0 +1,41 @@
+import { prisma } from '@documenso/prisma';
+
+import { hashString } from '../auth/hash';
+
+export const getApiTokenByToken = async ({ token }: { token: string }) => {
+  const hashedToken = hashString(token);
+
+  const apiToken = await prisma.apiToken.findFirst({
+    where: {
+      token: hashedToken,
+    },
+    include: {
+      team: true,
+      user: true,
+    },
+  });
+
+  if (!apiToken) {
+    throw new Error('Invalid token');
+  }
+
+  if (apiToken.expires && apiToken.expires < new Date()) {
+    throw new Error('Expired token');
+  }
+
+  if (apiToken.team) {
+    apiToken.user = await prisma.user.findFirst({
+      where: {
+        id: apiToken.team.ownerUserId,
+      },
+    });
+  }
+
+  const { user } = apiToken;
+
+  if (!user) {
+    throw new Error('Invalid token');
+  }
+
+  return { ...apiToken, user };
+};

packages/lib/server-only/public-api/get-user-by-token.ts

@@ -0,0 +1,37 @@
+import { prisma } from '@documenso/prisma';
+
+import { hashString } from '../auth/hash';
+
+export const getUserByApiToken = async ({ token }: { token: string }) => {
+  const hashedToken = hashString(token);
+
+  const user = await prisma.user.findFirst({
+    where: {
+      ApiToken: {
+        some: {
+          token: hashedToken,
+        },
+      },
+    },
+    include: {
+      ApiToken: true,
+    },
+  });
+
+  if (!user) {
+    throw new Error('Invalid token');
+  }
+
+  const retrievedToken = user.ApiToken.find((apiToken) => apiToken.token === hashedToken);
+
+  // This should be impossible but we need to satisfy TypeScript
+  if (!retrievedToken) {
+    throw new Error('Invalid token');
+  }
+
+  if (retrievedToken.expires && retrievedToken.expires < new Date()) {
+    throw new Error('Expired token');
+  }
+
+  return user;
+};

packages/lib/server-only/public-api/test-credentials.ts

@@ -0,0 +1,19 @@
+import type { NextApiRequest, NextApiResponse } from 'next';
+
+import { validateApiToken } from '@documenso/lib/server-only/webhooks/zapier/validateApiToken';
+
+export const testCredentialsHandler = async (req: NextApiRequest, res: NextApiResponse) => {
+  try {
+    const { authorization } = req.headers;
+
+    const result = await validateApiToken({ authorization });
+
+    return res.status(200).json({
+      name: result.team?.name ?? result.user.name,
+    });
+  } catch (err) {
+    return res.status(500).json({
+      message: 'Internal Server Error',
+    });
+  }
+};

packages/lib/server-only/recipient/delete-recipient.ts

@@ -0,0 +1,106 @@
+import { prisma } from '@documenso/prisma';
+import type { Team } from '@documenso/prisma/client';
+import { SendStatus } from '@documenso/prisma/client';
+
+import type { RequestMetadata } from '../../universal/extract-request-metadata';
+import { createDocumentAuditLogData } from '../../utils/document-audit-logs';
+
+export type DeleteRecipientOptions = {
+  documentId: number;
+  recipientId: number;
+  userId: number;
+  teamId?: number;
+  requestMetadata?: RequestMetadata;
+};
+
+export const deleteRecipient = async ({
+  documentId,
+  recipientId,
+  userId,
+  teamId,
+  requestMetadata,
+}: DeleteRecipientOptions) => {
+  const recipient = await prisma.recipient.findFirst({
+    where: {
+      id: recipientId,
+      Document: {
+        id: documentId,
+        ...(teamId
+          ? {
+              team: {
+                id: teamId,
+                members: {
+                  some: {
+                    userId,
+                  },
+                },
+              },
+            }
+          : {
+              userId,
+              teamId: null,
+            }),
+      },
+    },
+  });
+
+  if (!recipient) {
+    throw new Error('Recipient not found');
+  }
+
+  if (recipient.sendStatus !== SendStatus.NOT_SENT) {
+    throw new Error('Can not delete a recipient that has already been sent a document');
+  }
+
+  const user = await prisma.user.findFirstOrThrow({
+    where: {
+      id: userId,
+    },
+  });
+
+  let team: Team | null = null;
+
+  if (teamId) {
+    team = await prisma.team.findFirst({
+      where: {
+        id: teamId,
+        members: {
+          some: {
+            userId,
+          },
+        },
+      },
+    });
+  }
+
+  const deletedRecipient = await prisma.$transaction(async (tx) => {
+    const deleted = await tx.recipient.delete({
+      where: {
+        id: recipient.id,
+      },
+    });
+
+    await tx.documentAuditLog.create({
+      data: createDocumentAuditLogData({
+        type: 'RECIPIENT_DELETED',
+        documentId,
+        user: {
+          id: team?.id ?? user.id,
+          email: team?.name ?? user.email,
+          name: team ? '' : user.name,
+        },
+        data: {
+          recipientEmail: recipient.email,
+          recipientName: recipient.name,
+          recipientId: recipient.id,
+          recipientRole: recipient.role,
+        },
+        requestMetadata,
+      }),
+    });
+
+    return deleted;
+  });
+
+  return deletedRecipient;
+};

packages/lib/server-only/recipient/get-recipient-by-email.ts

@@ -0,0 +1,21 @@
+import { prisma } from '@documenso/prisma';
+
+export type GetRecipientByEmailOptions = {
+  documentId: number;
+  email: string;
+};
+
+export const getRecipientByEmail = async ({ documentId, email }: GetRecipientByEmailOptions) => {
+  const recipient = await prisma.recipient.findFirst({
+    where: {
+      documentId,
+      email: email.toLowerCase(),
+    },
+  });
+
+  if (!recipient) {
+    throw new Error('Recipient not found');
+  }
+
+  return recipient;
+};

packages/lib/server-only/recipient/get-recipient-by-id.ts

@@ -0,0 +1,21 @@
+import { prisma } from '@documenso/prisma';
+
+export type GetRecipientByIdOptions = {
+  id: number;
+  documentId: number;
+};
+
+export const getRecipientById = async ({ documentId, id }: GetRecipientByIdOptions) => {
+  const recipient = await prisma.recipient.findFirst({
+    where: {
+      documentId,
+      id,
+    },
+  });
+
+  if (!recipient) {
+    throw new Error('Recipient not found');
+  }
+
+  return recipient;
+};

packages/lib/server-only/recipient/get-recipients-for-document.ts

@@ -3,11 +3,13 @@ import { prisma } from '@documenso/prisma';
 export interface GetRecipientsForDocumentOptions {
   documentId: number;
   userId: number;
+  teamId?: number;
 }
 
 export const getRecipientsForDocument = async ({
   documentId,
   userId,
+  teamId,
 }: GetRecipientsForDocumentOptions) => {
   const recipients = await prisma.recipient.findMany({
     where: {
@@ -18,6 +20,7 @@ export const getRecipientsForDocument = async ({
             userId,
           },
           {
+            teamId,
             team: {
               members: {
                 some: {

packages/lib/server-only/recipient/set-recipients-for-document.ts

@@ -11,6 +11,7 @@ import { SendStatus, SigningStatus } from '@documenso/prisma/client';
 
 export interface SetRecipientsForDocumentOptions {
   userId: number;
+  teamId?: number;
   documentId: number;
   recipients: {
     id?: number | null;
@@ -23,6 +24,7 @@ export interface SetRecipientsForDocumentOptions {
 
 export const setRecipientsForDocument = async ({
   userId,
+  teamId,
   documentId,
   recipients,
   requestMetadata,
@@ -30,20 +32,21 @@ export const setRecipientsForDocument = async ({
   const document = await prisma.document.findFirst({
     where: {
       id: documentId,
-      OR: [
-        {
-          userId,
-        },
-        {
-          team: {
-            members: {
-              some: {
-                userId,
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
               },
             },
-          },
-        },
-      ],
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
     },
   });
 
@@ -106,7 +109,7 @@ export const setRecipientsForDocument = async ({
     });
 
   const persistedRecipients = await prisma.$transaction(async (tx) => {
-    await Promise.all(
+    return await Promise.all(
       linkedRecipients.map(async (recipient) => {
         const upsertedRecipient = await tx.recipient.upsert({
           where: {

packages/lib/server-only/recipient/set-recipients-for-template.ts

@@ -1,4 +1,5 @@
 import { prisma } from '@documenso/prisma';
+import type { RecipientRole } from '@documenso/prisma/client';
 
 import { nanoid } from '../../universal/id';
 
@@ -9,6 +10,7 @@ export type SetRecipientsForTemplateOptions = {
     id?: number;
     email: string;
     name: string;
+    role: RecipientRole;
   }[];
 };
 
@@ -84,11 +86,13 @@ export const setRecipientsForTemplate = async ({
         update: {
           name: recipient.name,
           email: recipient.email,
+          role: recipient.role,
           templateId,
         },
         create: {
           name: recipient.name,
           email: recipient.email,
+          role: recipient.role,
           token: nanoid(),
           templateId,
         },

packages/lib/server-only/recipient/update-recipient.ts

@@ -0,0 +1,118 @@
+import { prisma } from '@documenso/prisma';
+import type { RecipientRole, Team } from '@documenso/prisma/client';
+
+import { DOCUMENT_AUDIT_LOG_TYPE } from '../../types/document-audit-logs';
+import type { RequestMetadata } from '../../universal/extract-request-metadata';
+import { createDocumentAuditLogData, diffRecipientChanges } from '../../utils/document-audit-logs';
+
+export type UpdateRecipientOptions = {
+  documentId: number;
+  recipientId: number;
+  email?: string;
+  name?: string;
+  role?: RecipientRole;
+  userId: number;
+  teamId?: number;
+  requestMetadata?: RequestMetadata;
+};
+
+export const updateRecipient = async ({
+  documentId,
+  recipientId,
+  email,
+  name,
+  role,
+  userId,
+  teamId,
+  requestMetadata,
+}: UpdateRecipientOptions) => {
+  const recipient = await prisma.recipient.findFirst({
+    where: {
+      id: recipientId,
+      Document: {
+        id: documentId,
+        ...(teamId
+          ? {
+              team: {
+                id: teamId,
+                members: {
+                  some: {
+                    userId,
+                  },
+                },
+              },
+            }
+          : {
+              userId,
+              teamId: null,
+            }),
+      },
+    },
+  });
+
+  let team: Team | null = null;
+
+  if (teamId) {
+    team = await prisma.team.findFirst({
+      where: {
+        id: teamId,
+        members: {
+          some: {
+            userId,
+          },
+        },
+      },
+    });
+  }
+
+  const user = await prisma.user.findFirstOrThrow({
+    where: {
+      id: userId,
+    },
+  });
+
+  if (!recipient) {
+    throw new Error('Recipient not found');
+  }
+
+  const updatedRecipient = await prisma.$transaction(async (tx) => {
+    const persisted = await prisma.recipient.update({
+      where: {
+        id: recipient.id,
+      },
+      data: {
+        email: email?.toLowerCase() ?? recipient.email,
+        name: name ?? recipient.name,
+        role: role ?? recipient.role,
+      },
+    });
+
+    const changes = diffRecipientChanges(recipient, persisted);
+
+    if (changes.length > 0) {
+      await tx.documentAuditLog.create({
+        data: createDocumentAuditLogData({
+          type: DOCUMENT_AUDIT_LOG_TYPE.RECIPIENT_UPDATED,
+          documentId: documentId,
+          user: {
+            id: team?.id ?? user.id,
+            name: team?.name ?? user.name,
+            email: team ? '' : user.email,
+          },
+          requestMetadata,
+          data: {
+            changes,
+            recipientId,
+            recipientEmail: persisted.email,
+            recipientName: persisted.name,
+            recipientRole: persisted.role,
+          },
+        }),
+      });
+
+      return persisted;
+    }
+  });
+
+  return updatedRecipient;
+};

packages/lib/server-only/site-settings/get-site-settings.ts

@@ -0,0 +1,9 @@
+import { prisma } from '@documenso/prisma';
+
+import { ZSiteSettingsSchema } from './schema';
+
+export const getSiteSettings = async () => {
+  const settings = await prisma.siteSettings.findMany();
+
+  return ZSiteSettingsSchema.parse(settings);
+};

packages/lib/server-only/site-settings/schema.ts

@@ -0,0 +1,12 @@
+import { z } from 'zod';
+
+import { ZSiteSettingsBannerSchema } from './schemas/banner';
+
+// TODO: Use `z.union([...])` once we have more than one setting
+export const ZSiteSettingSchema = ZSiteSettingsBannerSchema;
+
+export type TSiteSettingSchema = z.infer<typeof ZSiteSettingSchema>;
+
+export const ZSiteSettingsSchema = z.array(ZSiteSettingSchema);
+
+export type TSiteSettingsSchema = z.infer<typeof ZSiteSettingsSchema>;

packages/lib/server-only/site-settings/schemas/_base.ts

@@ -0,0 +1,9 @@
+import { z } from 'zod';
+
+export const ZSiteSettingsBaseSchema = z.object({
+  id: z.string().min(1),
+  enabled: z.boolean(),
+  data: z.never(),
+});
+
+export type TSiteSettingsBaseSchema = z.infer<typeof ZSiteSettingsBaseSchema>;

packages/lib/server-only/site-settings/schemas/banner.ts

@@ -0,0 +1,23 @@
+import { z } from 'zod';
+
+import { ZSiteSettingsBaseSchema } from './_base';
+
+export const SITE_SETTINGS_BANNER_ID = 'site.banner';
+
+export const ZSiteSettingsBannerSchema = ZSiteSettingsBaseSchema.extend({
+  id: z.literal(SITE_SETTINGS_BANNER_ID),
+  data: z
+    .object({
+      content: z.string(),
+      bgColor: z.string(),
+      textColor: z.string(),
+    })
+    .optional()
+    .default({
+      content: '',
+      bgColor: '#000000',
+      textColor: '#FFFFFF',
+    }),
+});
+
+export type TSiteSettingsBannerSchema = z.infer<typeof ZSiteSettingsBannerSchema>;

packages/lib/server-only/site-settings/upsert-site-setting.ts

@@ -0,0 +1,33 @@
+import { prisma } from '@documenso/prisma';
+
+import type { TSiteSettingSchema } from './schema';
+
+export type UpsertSiteSettingOptions = TSiteSettingSchema & {
+  userId: number;
+};
+
+export const upsertSiteSetting = async ({
+  id,
+  enabled,
+  data,
+  userId,
+}: UpsertSiteSettingOptions) => {
+  return await prisma.siteSettings.upsert({
+    where: {
+      id,
+    },
+    create: {
+      id,
+      enabled,
+      data,
+      lastModifiedByUserId: userId,
+      lastModifiedAt: new Date(),
+    },
+    update: {
+      enabled,
+      data,
+      lastModifiedByUserId: userId,
+      lastModifiedAt: new Date(),
+    },
+  });
+};

packages/lib/server-only/template/create-document-from-template.ts

@@ -1,32 +1,42 @@
 import { nanoid } from '@documenso/lib/universal/id';
 import { prisma } from '@documenso/prisma';
-import type { TCreateDocumentFromTemplateMutationSchema } from '@documenso/trpc/server/template-router/schema';
+import type { RecipientRole } from '@documenso/prisma/client';
 
-export type CreateDocumentFromTemplateOptions = TCreateDocumentFromTemplateMutationSchema & {
+export type CreateDocumentFromTemplateOptions = {
+  templateId: number;
   userId: number;
+  teamId?: number;
+  recipients?: {
+    name?: string;
+    email: string;
+    role?: RecipientRole;
+  }[];
 };
 
 export const createDocumentFromTemplate = async ({
   templateId,
   userId,
+  teamId,
+  recipients,
 }: CreateDocumentFromTemplateOptions) => {
   const template = await prisma.template.findUnique({
     where: {
       id: templateId,
-      OR: [
-        {
-          userId,
-        },
-        {
-          team: {
-            members: {
-              some: {
-                userId,
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
               },
             },
-          },
-        },
-      ],
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
     },
     include: {
       Recipient: true,
@@ -57,13 +67,18 @@ export const createDocumentFromTemplate = async ({
         create: template.Recipient.map((recipient) => ({
           email: recipient.email,
           name: recipient.name,
+          role: recipient.role,
           token: nanoid(),
         })),
       },
     },
 
     include: {
-      Recipient: true,
+      Recipient: {
+        orderBy: {
+          id: 'asc',
+        },
+      },
     },
   });
 
@@ -88,5 +103,34 @@ export const createDocumentFromTemplate = async ({
     }),
   });
 
+  if (recipients && recipients.length > 0) {
+    document.Recipient = await Promise.all(
+      recipients.map(async (recipient, index) => {
+        const existingRecipient = document.Recipient.at(index);
+
+        return await prisma.recipient.upsert({
+          where: {
+            documentId_email: {
+              documentId: document.id,
+              email: existingRecipient?.email ?? recipient.email,
+            },
+          },
+          update: {
+            name: recipient.name,
+            email: recipient.email,
+            role: recipient.role,
+          },
+          create: {
+            documentId: document.id,
+            email: recipient.email,
+            name: recipient.name,
+            role: recipient.role,
+            token: nanoid(),
+          },
+        });
+      }),
+    );
+  }
+
   return document;
 };

packages/lib/server-only/template/find-templates.ts

@@ -38,6 +38,7 @@ export const findTemplates = async ({
       include: {
         templateDocumentData: true,
         Field: true,
+        Recipient: true,
       },
       skip: Math.max(page - 1, 0) * perPage,
       orderBy: {

packages/lib/server-only/user/create-user.ts

@@ -7,15 +7,17 @@ import { IdentityProvider, Prisma, TeamMemberInviteStatus } from '@documenso/pri
 
 import { IS_BILLING_ENABLED } from '../../constants/app';
 import { SALT_ROUNDS } from '../../constants/auth';
+import { AppError, AppErrorCode } from '../../errors/app-error';
 
 export interface CreateUserOptions {
   name: string;
   email: string;
   password: string;
   signature?: string | null;
+  url?: string;
 }
 
-export const createUser = async ({ name, email, password, signature }: CreateUserOptions) => {
+export const createUser = async ({ name, email, password, signature, url }: CreateUserOptions) => {
   const hashedPassword = await hash(password, SALT_ROUNDS);
 
   const userExists = await prisma.user.findFirst({
@@ -28,6 +30,22 @@ export const createUser = async ({ name, email, password, signature }: CreateUse
     throw new Error('User already exists');
   }
 
+  if (url) {
+    const urlExists = await prisma.user.findFirst({
+      where: {
+        url,
+      },
+    });
+
+    if (urlExists) {
+      throw new AppError(
+        AppErrorCode.PROFILE_URL_TAKEN,
+        'Profile username is taken',
+        'The profile username is already taken',
+      );
+    }
+  }
+
   const user = await prisma.user.create({
     data: {
       name,
@@ -35,6 +53,7 @@ export const createUser = async ({ name, email, password, signature }: CreateUse
       password: hashedPassword,
       signature,
       identityProvider: IdentityProvider.DOCUMENSO,
+      url,
     },
   });
 

packages/lib/server-only/user/delete-user.ts

@@ -1,4 +1,7 @@
 import { prisma } from '@documenso/prisma';
+import { DocumentStatus } from '@documenso/prisma/client';
+
+import { deletedAccountServiceAccount } from './service-accounts/deleted-account';
 
 export type DeleteUserOptions = {
   email: string;
@@ -17,6 +20,22 @@ export const deleteUser = async ({ email }: DeleteUserOptions) => {
     throw new Error(`User with email ${email} not found`);
   }
 
+  const serviceAccount = await deletedAccountServiceAccount();
+
+  // TODO: Send out cancellations for all pending docs
+  await prisma.document.updateMany({
+    where: {
+      userId: user.id,
+      status: {
+        in: [DocumentStatus.PENDING, DocumentStatus.COMPLETED],
+      },
+    },
+    data: {
+      userId: serviceAccount.id,
+      deletedAt: new Date(),
+    },
+  });
+
   return await prisma.user.delete({
     where: {
       id: user.id,

packages/lib/server-only/user/service-accounts/deleted-account.ts

@@ -0,0 +1,17 @@
+import { prisma } from '@documenso/prisma';
+
+export const deletedAccountServiceAccount = async () => {
+  const serviceAccount = await prisma.user.findFirst({
+    where: {
+      email: 'deleted-account@documenso.com',
+    },
+  });
+
+  if (!serviceAccount) {
+    throw new Error(
+      'Deleted account service account not found, have you ran the appropriate migrations?',
+    );
+  }
+
+  return serviceAccount;
+};

packages/lib/server-only/user/update-public-profile.ts

@@ -0,0 +1,49 @@
+import { prisma } from '@documenso/prisma';
+
+import { AppError, AppErrorCode } from '../../errors/app-error';
+
+export type UpdatePublicProfileOptions = {
+  userId: number;
+  url: string;
+};
+
+export const updatePublicProfile = async ({ userId, url }: UpdatePublicProfileOptions) => {
+  const isUrlTaken = await prisma.user.findFirst({
+    select: {
+      id: true,
+    },
+    where: {
+      id: {
+        not: userId,
+      },
+      url,
+    },
+  });
+
+  if (isUrlTaken) {
+    throw new AppError(
+      AppErrorCode.PROFILE_URL_TAKEN,
+      'Profile username is taken',
+      'The profile username is already taken',
+    );
+  }
+
+  return await prisma.user.update({
+    where: {
+      id: userId,
+    },
+    data: {
+      url,
+      userProfile: {
+        upsert: {
+          create: {
+            bio: '',
+          },
+          update: {
+            bio: '',
+          },
+        },
+      },
+    },
+  });
+};

packages/lib/server-only/webhooks/create-webhook.ts

@@ -0,0 +1,44 @@
+import { prisma } from '@documenso/prisma';
+import type { WebhookTriggerEvents } from '@documenso/prisma/client';
+
+export interface CreateWebhookOptions {
+  webhookUrl: string;
+  eventTriggers: WebhookTriggerEvents[];
+  secret: string | null;
+  enabled: boolean;
+  userId: number;
+  teamId?: number;
+}
+
+export const createWebhook = async ({
+  webhookUrl,
+  eventTriggers,
+  secret,
+  enabled,
+  userId,
+  teamId,
+}: CreateWebhookOptions) => {
+  if (teamId) {
+    await prisma.team.findFirstOrThrow({
+      where: {
+        id: teamId,
+        members: {
+          some: {
+            userId,
+          },
+        },
+      },
+    });
+  }
+
+  return await prisma.webhook.create({
+    data: {
+      webhookUrl,
+      eventTriggers,
+      secret,
+      enabled,
+      userId,
+      teamId,
+    },
+  });
+};

packages/lib/server-only/webhooks/delete-webhook-by-id.ts

@@ -0,0 +1,30 @@
+import { prisma } from '@documenso/prisma';
+
+export type DeleteWebhookByIdOptions = {
+  id: string;
+  userId: number;
+  teamId?: number;
+};
+
+export const deleteWebhookById = async ({ id, userId, teamId }: DeleteWebhookByIdOptions) => {
+  return await prisma.webhook.delete({
+    where: {
+      id,
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
+              },
+            },
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
+    },
+  });
+};

packages/lib/server-only/webhooks/edit-webhook.ts

@@ -0,0 +1,36 @@
+import type { Prisma } from '@prisma/client';
+
+import { prisma } from '@documenso/prisma';
+
+export type EditWebhookOptions = {
+  id: string;
+  data: Omit<Prisma.WebhookUpdateInput, 'id' | 'userId' | 'teamId'>;
+  userId: number;
+  teamId?: number;
+};
+
+export const editWebhook = async ({ id, data, userId, teamId }: EditWebhookOptions) => {
+  return await prisma.webhook.update({
+    where: {
+      id,
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
+              },
+            },
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
+    },
+    data: {
+      ...data,
+    },
+  });
+};

packages/lib/server-only/webhooks/get-all-webhooks-by-event-trigger.ts

@@ -0,0 +1,38 @@
+import { prisma } from '@documenso/prisma';
+import type { WebhookTriggerEvents } from '@documenso/prisma/client';
+
+export type GetAllWebhooksByEventTriggerOptions = {
+  event: WebhookTriggerEvents;
+  userId: number;
+  teamId?: number;
+};
+
+export const getAllWebhooksByEventTrigger = async ({
+  event,
+  userId,
+  teamId,
+}: GetAllWebhooksByEventTriggerOptions) => {
+  return prisma.webhook.findMany({
+    where: {
+      enabled: true,
+      eventTriggers: {
+        has: event,
+      },
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
+              },
+            },
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
+    },
+  });
+};

packages/lib/server-only/webhooks/get-webhook-by-id.ts

@@ -0,0 +1,30 @@
+import { prisma } from '@documenso/prisma';
+
+export type GetWebhookByIdOptions = {
+  id: string;
+  userId: number;
+  teamId?: number;
+};
+
+export const getWebhookById = async ({ id, userId, teamId }: GetWebhookByIdOptions) => {
+  return await prisma.webhook.findFirstOrThrow({
+    where: {
+      id,
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
+              },
+            },
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
+    },
+  });
+};

packages/lib/server-only/webhooks/get-webhooks-by-team-id.ts

@@ -0,0 +1,19 @@
+import { prisma } from '@documenso/prisma';
+
+export const getWebhooksByTeamId = async (teamId: number, userId: number) => {
+  return await prisma.webhook.findMany({
+    where: {
+      team: {
+        id: teamId,
+        members: {
+          some: {
+            userId,
+          },
+        },
+      },
+    },
+    orderBy: {
+      createdAt: 'desc',
+    },
+  });
+};

packages/lib/server-only/webhooks/get-webhooks-by-user-id.ts

@@ -0,0 +1,12 @@
+import { prisma } from '@documenso/prisma';
+
+export const getWebhooksByUserId = async (userId: number) => {
+  return await prisma.webhook.findMany({
+    where: {
+      userId,
+    },
+    orderBy: {
+      createdAt: 'desc',
+    },
+  });
+};

packages/lib/server-only/webhooks/trigger/execute-webhook.ts

@@ -0,0 +1,58 @@
+import { prisma } from '@documenso/prisma';
+import {
+  Prisma,
+  type Webhook,
+  WebhookCallStatus,
+  type WebhookTriggerEvents,
+} from '@documenso/prisma/client';
+
+export type ExecuteWebhookOptions = {
+  event: WebhookTriggerEvents;
+  webhook: Webhook;
+  data: unknown;
+};
+
+export const executeWebhook = async ({ event, webhook, data }: ExecuteWebhookOptions) => {
+  const { webhookUrl: url, secret } = webhook;
+
+  console.log('Executing webhook', { event, url });
+
+  const payload = {
+    event,
+    payload: data,
+    createdAt: new Date().toISOString(),
+    webhookEndpoint: url,
+  };
+
+  const response = await fetch(url, {
+    method: 'POST',
+    body: JSON.stringify(payload),
+    headers: {
+      'Content-Type': 'application/json',
+      'X-Documenso-Secret': secret ?? '',
+    },
+  });
+
+  const body = await response.text();
+
+  let responseBody: Prisma.InputJsonValue | Prisma.JsonNullValueInput = Prisma.JsonNull;
+
+  try {
+    responseBody = JSON.parse(body);
+  } catch (err) {
+    responseBody = body;
+  }
+
+  await prisma.webhookCall.create({
+    data: {
+      url,
+      event,
+      status: response.ok ? WebhookCallStatus.SUCCESS : WebhookCallStatus.FAILED,
+      requestBody: payload as Prisma.InputJsonValue,
+      responseCode: response.status,
+      responseBody,
+      responseHeaders: Object.fromEntries(response.headers.entries()),
+      webhookId: webhook.id,
+    },
+  });
+};

packages/lib/server-only/webhooks/trigger/handler.ts

@@ -0,0 +1,58 @@
+import type { NextApiRequest, NextApiResponse } from 'next';
+
+import { verify } from '../../crypto/verify';
+import { getAllWebhooksByEventTrigger } from '../get-all-webhooks-by-event-trigger';
+import { executeWebhook } from './execute-webhook';
+import { ZTriggerWebhookBodySchema } from './schema';
+
+export type HandlerTriggerWebhooksResponse =
+  | {
+      success: true;
+      message: string;
+    }
+  | {
+      success: false;
+      error: string;
+    };
+
+export const handlerTriggerWebhooks = async (
+  req: NextApiRequest,
+  res: NextApiResponse<HandlerTriggerWebhooksResponse>,
+) => {
+  const signature = req.headers['x-webhook-signature'];
+
+  if (typeof signature !== 'string') {
+    console.log('Missing signature');
+    return res.status(400).json({ success: false, error: 'Missing signature' });
+  }
+
+  const valid = verify(req.body, signature);
+
+  if (!valid) {
+    console.log('Invalid signature');
+    return res.status(400).json({ success: false, error: 'Invalid signature' });
+  }
+
+  const result = ZTriggerWebhookBodySchema.safeParse(req.body);
+
+  if (!result.success) {
+    console.log('Invalid request body');
+    return res.status(400).json({ success: false, error: 'Invalid request body' });
+  }
+
+  const { event, data, userId, teamId } = result.data;
+
+  const allWebhooks = await getAllWebhooksByEventTrigger({ event, userId, teamId });
+
+  await Promise.allSettled(
+    allWebhooks.map(async (webhook) =>
+      executeWebhook({
+        event,
+        webhook,
+        data,
+      }),
+    ),
+  );
+
+  return res.status(200).json({ success: true, message: 'Webhooks executed successfully' });
+};

packages/lib/server-only/webhooks/trigger/schema.ts

@@ -0,0 +1,12 @@
+import { z } from 'zod';
+
+import { WebhookTriggerEvents } from '@documenso/prisma/client';
+
+export const ZTriggerWebhookBodySchema = z.object({
+  event: z.nativeEnum(WebhookTriggerEvents),
+  data: z.unknown(),
+  userId: z.number(),
+  teamId: z.number().optional(),
+});
+
+export type TTriggerWebhookBodySchema = z.infer<typeof ZTriggerWebhookBodySchema>;

packages/lib/server-only/webhooks/trigger/trigger-webhook.ts

@@ -0,0 +1,47 @@
+import type { WebhookTriggerEvents } from '@documenso/prisma/client';
+
+import { NEXT_PUBLIC_WEBAPP_URL } from '../../../constants/app';
+import { sign } from '../../crypto/sign';
+import { getAllWebhooksByEventTrigger } from '../get-all-webhooks-by-event-trigger';
+
+export type TriggerWebhookOptions = {
+  event: WebhookTriggerEvents;
+  data: Record<string, unknown>;
+  userId: number;
+  teamId?: number;
+};
+
+export const triggerWebhook = async ({ event, data, userId, teamId }: TriggerWebhookOptions) => {
+  try {
+    const body = {
+      event,
+      data,
+      userId,
+      teamId,
+    };
+
+    const registeredWebhooks = await getAllWebhooksByEventTrigger({ event, userId, teamId });
+
+    if (registeredWebhooks.length === 0) {
+      return;
+    }
+
+    const signature = sign(body);
+
+    await Promise.race([
+      fetch(`${NEXT_PUBLIC_WEBAPP_URL()}/api/webhook/trigger`, {
+        method: 'POST',
+        headers: {
+          'content-type': 'application/json',
+          'x-webhook-signature': signature,
+        },
+        body: JSON.stringify(body),
+      }),
+      new Promise((_, reject) => {
+        setTimeout(() => reject(new Error('Request timeout')), 500);
+      }),
+    ]).catch(() => null);
+  } catch (err) {
+    throw new Error(`Failed to trigger webhook`);
+  }
+};

packages/lib/server-only/webhooks/zapier/list-documents.ts

@@ -0,0 +1,67 @@
+import type { NextApiRequest, NextApiResponse } from 'next';
+
+import { findDocuments } from '@documenso/lib/server-only/document/find-documents';
+import { getRecipientsForDocument } from '@documenso/lib/server-only/recipient/get-recipients-for-document';
+import type { Webhook } from '@documenso/prisma/client';
+
+import { getWebhooksByTeamId } from '../get-webhooks-by-team-id';
+import { getWebhooksByUserId } from '../get-webhooks-by-user-id';
+import { validateApiToken } from './validateApiToken';
+
+export const listDocumentsHandler = async (req: NextApiRequest, res: NextApiResponse) => {
+  try {
+    const { authorization } = req.headers;
+    const { user, userId, teamId } = await validateApiToken({ authorization });
+
+    let allWebhooks: Webhook[] = [];
+
+    const documents = await findDocuments({
+      userId: userId ?? user.id,
+      teamId: teamId ?? undefined,
+      perPage: 1,
+    });
+
+    const recipients = await getRecipientsForDocument({
+      documentId: documents.data[0].id,
+      userId: userId ?? user.id,
+      teamId: teamId ?? undefined,
+    });
+
+    if (userId) {
+      allWebhooks = await getWebhooksByUserId(userId);
+    }
+
+    if (teamId) {
+      allWebhooks = await getWebhooksByTeamId(teamId, user.id);
+    }
+
+    if (documents && documents.data.length > 0 && allWebhooks.length > 0 && recipients.length > 0) {
+      const testWebhook = {
+        event: allWebhooks[0].eventTriggers.toString(),
+        createdAt: allWebhooks[0].createdAt,
+        webhookEndpoint: allWebhooks[0].webhookUrl,
+        payload: {
+          id: documents.data[0].id,
+          userId: documents.data[0].userId,
+          title: documents.data[0].title,
+          status: documents.data[0].status,
+          documentDataId: documents.data[0].documentDataId,
+          createdAt: documents.data[0].createdAt,
+          updatedAt: documents.data[0].updatedAt,
+          completedAt: documents.data[0].completedAt,
+          deletedAt: documents.data[0].deletedAt,
+          teamId: documents.data[0].teamId,
+          Recipient: recipients,
+        },
+      };
+
+      return res.status(200).json([testWebhook]);
+    }
+
+    return res.status(200).json([]);
+  } catch (err) {
+    return res.status(500).json({
+      message: 'Internal Server Error',
+    });
+  }
+};

packages/lib/server-only/webhooks/zapier/subscribe.ts

@@ -0,0 +1,32 @@
+import type { NextApiRequest, NextApiResponse } from 'next';
+
+import { prisma } from '@documenso/prisma';
+
+import { validateApiToken } from './validateApiToken';
+
+export const subscribeHandler = async (req: NextApiRequest, res: NextApiResponse) => {
+  try {
+    const { authorization } = req.headers;
+
+    const { webhookUrl, eventTrigger } = req.body;
+
+    const result = await validateApiToken({ authorization });
+
+    const createdWebhook = await prisma.webhook.create({
+      data: {
+        webhookUrl,
+        eventTriggers: [eventTrigger],
+        secret: null,
+        enabled: true,
+        userId: result.userId ?? result.user.id,
+        teamId: result.teamId ?? undefined,
+      },
+    });
+
+    return res.status(200).json(createdWebhook);
+  } catch (err) {
+    return res.status(500).json({
+      message: 'Internal Server Error',
+    });
+  }
+};

packages/lib/server-only/webhooks/zapier/unsubscribe.ts

@@ -0,0 +1,29 @@
+import type { NextApiRequest, NextApiResponse } from 'next';
+
+import { prisma } from '@documenso/prisma';
+
+import { validateApiToken } from './validateApiToken';
+
+export const unsubscribeHandler = async (req: NextApiRequest, res: NextApiResponse) => {
+  try {
+    const { authorization } = req.headers;
+
+    const { webhookId } = req.body;
+
+    const result = await validateApiToken({ authorization });
+
+    const deletedWebhook = await prisma.webhook.delete({
+      where: {
+        id: webhookId,
+        userId: result.userId ?? result.user.id,
+        teamId: result.teamId ?? undefined,
+      },
+    });
+
+    return res.status(200).json(deletedWebhook);
+  } catch (err) {
+    return res.status(500).json({
+      message: 'Internal Server Error',
+    });
+  }
+};

packages/lib/server-only/webhooks/zapier/validateApiToken.ts

@@ -0,0 +1,20 @@
+import { getApiTokenByToken } from '../../public-api/get-api-token-by-token';
+
+type ValidateApiTokenOptions = {
+  authorization: string | undefined;
+};
+
+export const validateApiToken = async ({ authorization }: ValidateApiTokenOptions) => {
+  try {
+    // Support for both "Authorization: Bearer api_xxx" and "Authorization: api_xxx"
+    const [token] = (authorization || '').split('Bearer ').filter((s) => s.length > 0);
+
+    if (!token) {
+      throw new Error('Missing API token');
+    }
+
+    return await getApiTokenByToken({ token });
+  } catch (err) {
+    throw new Error(`Failed to validate API token`);
+  }
+};

packages/lib/universal/webhook/to-friendly-webhook-event-name.ts

@@ -0,0 +1,3 @@
+export const toFriendlyWebhookEventName = (eventName: string) => {
+  return eventName.replace(/_/g, '.').toLowerCase();
+};

packages/prisma/migrations/20231123132053_public_api_api_token/migration.sql

@@ -0,0 +1,21 @@
+-- CreateEnum
+CREATE TYPE "ApiTokenAlgorithm" AS ENUM ('SHA512');
+
+-- CreateTable
+CREATE TABLE "ApiToken" (
+    "id" SERIAL NOT NULL,
+    "name" TEXT NOT NULL,
+    "token" TEXT NOT NULL,
+    "algorithm" "ApiTokenAlgorithm" NOT NULL DEFAULT 'SHA512',
+    "expires" TIMESTAMP(3) NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "userId" INTEGER NOT NULL,
+
+    CONSTRAINT "ApiToken_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "ApiToken_token_key" ON "ApiToken"("token");
+
+-- AddForeignKey
+ALTER TABLE "ApiToken" ADD CONSTRAINT "ApiToken_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE RESTRICT ON UPDATE CASCADE;

packages/prisma/migrations/20231220124343_add_cascade_delete_user_apitoken/migration.sql

@@ -0,0 +1,5 @@
+-- DropForeignKey
+ALTER TABLE "ApiToken" DROP CONSTRAINT "ApiToken_userId_fkey";
+
+-- AddForeignKey
+ALTER TABLE "ApiToken" ADD CONSTRAINT "ApiToken_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;

packages/prisma/migrations/20240205120648_create_delete_account/migration.sql

@@ -0,0 +1,30 @@
+-- Create deleted@documenso.com
+DO $$
+BEGIN  
+  IF NOT EXISTS (SELECT 1 FROM "public"."User" WHERE "email" = 'deleted-account@documenso.com') THEN  
+    INSERT INTO
+      "public"."User" (
+        "email",
+        "emailVerified",
+        "password",
+        "createdAt",
+        "updatedAt",
+        "lastSignedIn",
+        "roles",
+        "identityProvider",
+        "twoFactorEnabled"
+      )
+    VALUES
+      (
+        'deleted-account@documenso.com',
+        NOW(),
+        NULL,
+        NOW(),
+        NOW(),
+        NOW(),
+        ARRAY['USER'::TEXT]::"public"."Role" [],
+        CAST('GOOGLE'::TEXT AS "public"."IdentityProvider"),
+        FALSE
+      );
+  END IF;  
+END $$

packages/prisma/migrations/20240206131417_add_user_webhooks/migration.sql

@@ -0,0 +1,19 @@
+-- CreateEnum
+CREATE TYPE "WebhookTriggerEvents" AS ENUM ('DOCUMENT_CREATED', 'DOCUMENT_SIGNED');
+
+-- CreateTable
+CREATE TABLE "Webhook" (
+    "id" SERIAL NOT NULL,
+    "webhookUrl" TEXT NOT NULL,
+    "eventTriggers" "WebhookTriggerEvents"[],
+    "secret" TEXT,
+    "enabled" BOOLEAN NOT NULL DEFAULT true,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "userId" INTEGER NOT NULL,
+
+    CONSTRAINT "Webhook_pkey" PRIMARY KEY ("id")
+);
+
+-- AddForeignKey
+ALTER TABLE "Webhook" ADD CONSTRAINT "Webhook_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;

packages/prisma/migrations/20240208135802_make_expiry_date_optional_api_tokens/migration.sql

@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "ApiToken" ALTER COLUMN "expires" DROP NOT NULL;

packages/prisma/migrations/20240220115435_add_public_profile_url_bio/migration.sql

@@ -0,0 +1,25 @@
+/*
+  Warnings:
+
+  - A unique constraint covering the columns `[profileURL]` on the table `User` will be added. If there are existing duplicate values, this will fail.
+
+*/
+-- AlterTable
+ALTER TABLE "User" ADD COLUMN     "profileURL" TEXT;
+
+-- CreateTable
+CREATE TABLE "UserProfile" (
+    "profileURL" TEXT NOT NULL,
+    "profileBio" TEXT,
+
+    CONSTRAINT "UserProfile_pkey" PRIMARY KEY ("profileURL")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "UserProfile_profileURL_key" ON "UserProfile"("profileURL");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "User_profileURL_key" ON "User"("profileURL");
+
+-- AddForeignKey
+ALTER TABLE "User" ADD CONSTRAINT "User_profileURL_fkey" FOREIGN KEY ("profileURL") REFERENCES "UserProfile"("profileURL") ON DELETE CASCADE ON UPDATE CASCADE;

packages/prisma/migrations/20240221055920_support_team_tokens/migration.sql

@@ -0,0 +1,6 @@
+-- AlterTable
+ALTER TABLE "ApiToken" ADD COLUMN     "teamId" INTEGER,
+ALTER COLUMN "userId" DROP NOT NULL;
+
+-- AddForeignKey
+ALTER TABLE "ApiToken" ADD CONSTRAINT "ApiToken_teamId_fkey" FOREIGN KEY ("teamId") REFERENCES "Team"("id") ON DELETE CASCADE ON UPDATE CASCADE;

packages/prisma/migrations/20240222183156_display_banner/migration.sql

@@ -0,0 +1,12 @@
+-- CreateTable
+CREATE TABLE "Banner" (
+    "id" SERIAL NOT NULL,
+    "text" TEXT NOT NULL,
+    "customHTML" TEXT NOT NULL,
+    "userId" INTEGER,
+
+    CONSTRAINT "Banner_pkey" PRIMARY KEY ("id")
+);
+
+-- AddForeignKey
+ALTER TABLE "Banner" ADD CONSTRAINT "Banner_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE SET NULL ON UPDATE CASCADE;