fix: give the possibility to use internal webapp url in browserless requests (get-certificate-pdf and get-audit-logs-pdf) (#2127)

2025-11-23 05:01:54 +10:00 · 2025-11-22 10:36:24 +01:00
parent 2d7a4d0dde
commit 921c3d1ff3
8 changed files with 17 additions and 7 deletions
--- a/.env.example
+++ b/.env.example
@ -138,6 +138,8 @@ NEXT_PUBLIC_POSTHOG_KEY=""
 NEXT_PUBLIC_FEATURE_BILLING_ENABLED=
 # OPTIONAL: Leave blank to allow users to signup through /signup page.
 NEXT_PUBLIC_DISABLE_SIGNUP=
+# OPTIONAL: Set to true to use internal webapp url in browserless requests.
+NEXT_PUBLIC_USE_INTERNAL_URL_BROWSERLESS=false

 # [[E2E Tests]]
 E2E_TEST_AUTHENTICATE_USERNAME="Test User"
@ -149,4 +151,4 @@ E2E_TEST_AUTHENTICATE_USER_PASSWORD="test_Password123"
 NEXT_PRIVATE_LOGGER_FILE_PATH=

 # [[PLAIN SUPPORT]]
-NEXT_PRIVATE_PLAIN_API_KEY=
+NEXT_PRIVATE_PLAIN_API_KEY=
--- a/docker/production/compose.yml
+++ b/docker/production/compose.yml
@ -61,6 +61,7 @@ services:
      - NEXT_PUBLIC_DISABLE_SIGNUP=${NEXT_PUBLIC_DISABLE_SIGNUP}
      - NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH=${NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH:-/opt/documenso/cert.p12}
      - NEXT_PRIVATE_SIGNING_PASSPHRASE=${NEXT_PRIVATE_SIGNING_PASSPHRASE}
+      - NEXT_PUBLIC_USE_INTERNAL_URL_BROWSERLESS=${NEXT_PUBLIC_USE_INTERNAL_URL_BROWSERLESS}
    ports:
      - ${PORT:-3000}:${PORT:-3000}
    volumes:
--- a/packages/lib/constants/app.ts
+++ b/packages/lib/constants/app.ts
@ -15,3 +15,5 @@ export const API_V2_BETA_URL = '/api/v2-beta';
 export const API_V2_URL = '/api/v2';

 export const SUPPORT_EMAIL = env('NEXT_PUBLIC_SUPPORT_EMAIL') ?? 'support@documenso.com';
+
+export const USE_INTERNAL_URL_BROWSERLESS = env('NEXT_PUBLIC_USE_INTERNAL_URL_BROWSERLESS') === 'true';
--- a/packages/lib/server-only/htmltopdf/get-audit-logs-pdf.ts
+++ b/packages/lib/server-only/htmltopdf/get-audit-logs-pdf.ts
@ -1,7 +1,7 @@
 import { DateTime } from 'luxon';
 import type { Browser } from 'playwright';

-import { NEXT_PUBLIC_WEBAPP_URL } from '../../constants/app';
+import { NEXT_PUBLIC_WEBAPP_URL, NEXT_PRIVATE_INTERNAL_WEBAPP_URL, USE_INTERNAL_URL_BROWSERLESS } from '../../constants/app';
 import { type SupportedLanguageCodes, isValidLanguageCode } from '../../constants/i18n';
 import { env } from '../../utils/env';
 import { encryptSecondaryData } from '../crypto/encrypt';
@ -48,11 +48,11 @@ export const getAuditLogsPdf = async ({ documentId, language }: GetAuditLogsPdfO
    {
      name: 'language',
      value: lang,
-      url: NEXT_PUBLIC_WEBAPP_URL(),
+      url: USE_INTERNAL_URL_BROWSERLESS() ? NEXT_PUBLIC_WEBAPP_URL() : NEXT_PRIVATE_INTERNAL_WEBAPP_URL(),
    },
  ]);

-  await page.goto(`${NEXT_PUBLIC_WEBAPP_URL()}/__htmltopdf/audit-log?d=${encryptedId}`, {
+  await page.goto(`${USE_INTERNAL_URL_BROWSERLESS() ? NEXT_PUBLIC_WEBAPP_URL() : NEXT_PRIVATE_INTERNAL_WEBAPP_URL()}/__htmltopdf/audit-log?d=${encryptedId}`, {
    waitUntil: 'networkidle',
    timeout: 10_000,
  });
--- a/packages/lib/server-only/htmltopdf/get-certificate-pdf.ts
+++ b/packages/lib/server-only/htmltopdf/get-certificate-pdf.ts
@ -1,7 +1,7 @@
 import { DateTime } from 'luxon';
 import type { Browser } from 'playwright';

-import { NEXT_PUBLIC_WEBAPP_URL } from '../../constants/app';
+import { NEXT_PUBLIC_WEBAPP_URL, NEXT_PRIVATE_INTERNAL_WEBAPP_URL, USE_INTERNAL_URL_BROWSERLESS} from '../../constants/app';
 import { type SupportedLanguageCodes, isValidLanguageCode } from '../../constants/i18n';
 import { env } from '../../utils/env';
 import { encryptSecondaryData } from '../crypto/encrypt';
@ -48,11 +48,11 @@ export const getCertificatePdf = async ({ documentId, language }: GetCertificate
    {
      name: 'lang',
      value: lang,
-      url: NEXT_PUBLIC_WEBAPP_URL(),
+      url: USE_INTERNAL_URL_BROWSERLESS() ? NEXT_PUBLIC_WEBAPP_URL() : NEXT_PRIVATE_INTERNAL_WEBAPP_URL(),
    },
  ]);

-  await page.goto(`${NEXT_PUBLIC_WEBAPP_URL()}/__htmltopdf/certificate?d=${encryptedId}`, {
+  await page.goto(`${USE_INTERNAL_URL_BROWSERLESS() ? NEXT_PUBLIC_WEBAPP_URL() : NEXT_PRIVATE_INTERNAL_WEBAPP_URL()}/__htmltopdf/certificate?d=${encryptedId}`, {
    waitUntil: 'networkidle',
    timeout: 10_000,
  });
--- a/packages/tsconfig/process-env.d.ts
+++ b/packages/tsconfig/process-env.d.ts
@ -72,6 +72,8 @@ declare namespace NodeJS {

    NEXT_PRIVATE_JOBS_PROVIDER?: 'inngest' | 'local';

+    NEXT_PUBLIC_USE_INTERNAL_URL_BROWSERLESS?: string;
+
    /**
     * Inngest environment variables
     */
--- a/render.yaml
+++ b/render.yaml
@ -143,6 +143,8 @@ services:
      # Features Optional
      - key: NEXT_PUBLIC_DISABLE_SIGNUP
        sync: false
+      - key: NEXT_PUBLIC_USE_INTERNAL_URL_BROWSERLESS
+        sync: false

 databases:
  - name: documenso-db
--- a/turbo.json
+++ b/turbo.json
@ -120,6 +120,7 @@
    "E2E_TEST_AUTHENTICATE_USERNAME",
    "E2E_TEST_AUTHENTICATE_USER_EMAIL",
    "E2E_TEST_AUTHENTICATE_USER_PASSWORD",
+    "NEXT_PUBLIC_USE_INTERNAL_URL_BROWSERLESS",
    "NEXT_PRIVATE_OIDC_PROMPT"
  ]
 }