feat: add envelopes api (#2105)

2025-11-16 09:41:35 +10:00 · 2025-11-07 14:17:52 +11:00
parent d2a009d52e
commit d05bfa9fed
230 changed files with 10066 additions and 2812 deletions
--- a/apps/remix/server/api/files/files.helpers.ts
+++ b/apps/remix/server/api/files/files.helpers.ts
@ -0,0 +1,81 @@
+import { type DocumentDataType, DocumentStatus } from '@prisma/client';
+import { type Context } from 'hono';
+
+import { sha256 } from '@documenso/lib/universal/crypto';
+import { getFileServerSide } from '@documenso/lib/universal/upload/get-file.server';
+
+import type { HonoEnv } from '../../router';
+
+type HandleEnvelopeItemFileRequestOptions = {
+  title: string;
+  status: DocumentStatus;
+  documentData: {
+    type: DocumentDataType;
+    data: string;
+    initialData: string;
+  };
+  version: 'signed' | 'original';
+  isDownload: boolean;
+  context: Context<HonoEnv>;
+};
+
+/**
+ * Helper function to handle envelope item file requests (both view and download)
+ */
+export const handleEnvelopeItemFileRequest = async ({
+  title,
+  status,
+  documentData,
+  version,
+  isDownload,
+  context: c,
+}: HandleEnvelopeItemFileRequestOptions) => {
+  const documentDataToUse = version === 'signed' ? documentData.data : documentData.initialData;
+
+  const etag = Buffer.from(sha256(documentDataToUse)).toString('hex');
+
+  if (c.req.header('If-None-Match') === etag) {
+    return c.body(null, 304);
+  }
+
+  const file = await getFileServerSide({
+    type: documentData.type,
+    data: documentDataToUse,
+  }).catch((error) => {
+    console.error(error);
+
+    return null;
+  });
+
+  if (!file) {
+    return c.json({ error: 'File not found' }, 404);
+  }
+
+  c.header('Content-Type', 'application/pdf');
+  c.header('ETag', etag);
+
+  if (!isDownload) {
+    if (status === DocumentStatus.COMPLETED) {
+      c.header('Cache-Control', 'public, max-age=31536000, immutable');
+    } else {
+      // Set a tiny 1 minute cache, with must-revalidate to ensure the client always checks for updates.
+      c.header('Cache-Control', 'public, max-age=60, must-revalidate');
+    }
+  }
+
+  if (isDownload) {
+    // Generate filename following the pattern from envelope-download-dialog.tsx
+    const baseTitle = title.replace(/\.pdf$/, '');
+    const suffix = version === 'signed' ? '_signed.pdf' : '.pdf';
+    const filename = `${baseTitle}${suffix}`;
+
+    c.header('Content-Disposition', `attachment; filename="${filename}"`);
+
+    // For downloads, prevent caching to ensure fresh data
+    c.header('Cache-Control', 'no-cache, no-store, must-revalidate');
+    c.header('Pragma', 'no-cache');
+    c.header('Expires', '0');
+  }
+
+  return c.body(file);
+};
--- a/apps/remix/server/api/files/files.ts
+++ b/apps/remix/server/api/files/files.ts
@ -0,0 +1,307 @@
+import { sValidator } from '@hono/standard-validator';
+import type { Prisma } from '@prisma/client';
+import { Hono } from 'hono';
+
+import { getOptionalSession } from '@documenso/auth/server/lib/utils/get-session';
+import { APP_DOCUMENT_UPLOAD_SIZE_LIMIT } from '@documenso/lib/constants/app';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { getTeamById } from '@documenso/lib/server-only/team/get-team';
+import { putNormalizedPdfFileServerSide } from '@documenso/lib/universal/upload/put-file.server';
+import { getPresignPostUrl } from '@documenso/lib/universal/upload/server-actions';
+import { prisma } from '@documenso/prisma';
+
+import type { HonoEnv } from '../../router';
+import { handleEnvelopeItemFileRequest } from './files.helpers';
+import {
+  type TGetPresignedPostUrlResponse,
+  ZGetEnvelopeItemFileDownloadRequestParamsSchema,
+  ZGetEnvelopeItemFileRequestParamsSchema,
+  ZGetEnvelopeItemFileTokenDownloadRequestParamsSchema,
+  ZGetEnvelopeItemFileTokenRequestParamsSchema,
+  ZGetPresignedPostUrlRequestSchema,
+  ZUploadPdfRequestSchema,
+} from './files.types';
+
+export const filesRoute = new Hono<HonoEnv>()
+  /**
+   * Uploads a document file to the appropriate storage location and creates
+   * a document data record.
+   */
+  .post('/upload-pdf', sValidator('form', ZUploadPdfRequestSchema), async (c) => {
+    try {
+      const { file } = c.req.valid('form');
+
+      if (!file) {
+        return c.json({ error: 'No file provided' }, 400);
+      }
+
+      // Todo: (RR7) This is new.
+      // Add file size validation.
+      // Convert MB to bytes (1 MB = 1024 * 1024 bytes)
+      const MAX_FILE_SIZE = APP_DOCUMENT_UPLOAD_SIZE_LIMIT * 1024 * 1024;
+
+      if (file.size > MAX_FILE_SIZE) {
+        return c.json({ error: 'File too large' }, 400);
+      }
+
+      const result = await putNormalizedPdfFileServerSide(file);
+
+      return c.json(result);
+    } catch (error) {
+      console.error('Upload failed:', error);
+      return c.json({ error: 'Upload failed' }, 500);
+    }
+  })
+  .post('/presigned-post-url', sValidator('json', ZGetPresignedPostUrlRequestSchema), async (c) => {
+    const { fileName, contentType } = c.req.valid('json');
+
+    try {
+      const { key, url } = await getPresignPostUrl(fileName, contentType);
+
+      return c.json({ key, url } satisfies TGetPresignedPostUrlResponse);
+    } catch (err) {
+      console.error(err);
+
+      throw new AppError(AppErrorCode.UNKNOWN_ERROR);
+    }
+  })
+  .get(
+    '/envelope/:envelopeId/envelopeItem/:envelopeItemId',
+    sValidator('param', ZGetEnvelopeItemFileRequestParamsSchema),
+    async (c) => {
+      const { envelopeId, envelopeItemId } = c.req.valid('param');
+
+      const session = await getOptionalSession(c);
+
+      if (!session.user) {
+        return c.json({ error: 'Unauthorized' }, 401);
+      }
+
+      const envelope = await prisma.envelope.findFirst({
+        where: {
+          id: envelopeId,
+        },
+        include: {
+          envelopeItems: {
+            where: {
+              id: envelopeItemId,
+            },
+            include: {
+              documentData: true,
+            },
+          },
+        },
+      });
+
+      if (!envelope) {
+        return c.json({ error: 'Envelope not found' }, 404);
+      }
+
+      const [envelopeItem] = envelope.envelopeItems;
+
+      if (!envelopeItem) {
+        return c.json({ error: 'Envelope item not found' }, 404);
+      }
+
+      const team = await getTeamById({
+        userId: session.user.id,
+        teamId: envelope.teamId,
+      }).catch((error) => {
+        console.error(error);
+
+        return null;
+      });
+
+      if (!team) {
+        return c.json(
+          { error: 'User does not have access to the team that this envelope is associated with' },
+          403,
+        );
+      }
+
+      if (!envelopeItem.documentData) {
+        return c.json({ error: 'Document data not found' }, 404);
+      }
+
+      return await handleEnvelopeItemFileRequest({
+        title: envelopeItem.title,
+        status: envelope.status,
+        documentData: envelopeItem.documentData,
+        version: 'signed',
+        isDownload: false,
+        context: c,
+      });
+    },
+  )
+  .get(
+    '/envelope/:envelopeId/envelopeItem/:envelopeItemId/download/:version?',
+    sValidator('param', ZGetEnvelopeItemFileDownloadRequestParamsSchema),
+    async (c) => {
+      const { envelopeId, envelopeItemId, version } = c.req.valid('param');
+
+      const session = await getOptionalSession(c);
+
+      if (!session.user) {
+        return c.json({ error: 'Unauthorized' }, 401);
+      }
+
+      const envelope = await prisma.envelope.findFirst({
+        where: {
+          id: envelopeId,
+        },
+        include: {
+          envelopeItems: {
+            where: {
+              id: envelopeItemId,
+            },
+            include: {
+              documentData: true,
+            },
+          },
+        },
+      });
+
+      if (!envelope) {
+        return c.json({ error: 'Envelope not found' }, 404);
+      }
+
+      const [envelopeItem] = envelope.envelopeItems;
+
+      if (!envelopeItem) {
+        return c.json({ error: 'Envelope item not found' }, 404);
+      }
+
+      const team = await getTeamById({
+        userId: session.user.id,
+        teamId: envelope.teamId,
+      }).catch((error) => {
+        console.error(error);
+
+        return null;
+      });
+
+      if (!team) {
+        return c.json(
+          { error: 'User does not have access to the team that this envelope is associated with' },
+          403,
+        );
+      }
+
+      if (!envelopeItem.documentData) {
+        return c.json({ error: 'Document data not found' }, 404);
+      }
+
+      return await handleEnvelopeItemFileRequest({
+        title: envelopeItem.title,
+        status: envelope.status,
+        documentData: envelopeItem.documentData,
+        version,
+        isDownload: true,
+        context: c,
+      });
+    },
+  )
+  .get(
+    '/token/:token/envelopeItem/:envelopeItemId',
+    sValidator('param', ZGetEnvelopeItemFileTokenRequestParamsSchema),
+    async (c) => {
+      const { token, envelopeItemId } = c.req.valid('param');
+
+      let envelopeWhereQuery: Prisma.EnvelopeItemWhereUniqueInput = {
+        id: envelopeItemId,
+        envelope: {
+          recipients: {
+            some: {
+              token,
+            },
+          },
+        },
+      };
+
+      if (token.startsWith('qr_')) {
+        envelopeWhereQuery = {
+          id: envelopeItemId,
+          envelope: {
+            qrToken: token,
+          },
+        };
+      }
+
+      const envelopeItem = await prisma.envelopeItem.findUnique({
+        where: envelopeWhereQuery,
+        include: {
+          envelope: true,
+          documentData: true,
+        },
+      });
+
+      if (!envelopeItem) {
+        return c.json({ error: 'Envelope item not found' }, 404);
+      }
+
+      if (!envelopeItem.documentData) {
+        return c.json({ error: 'Document data not found' }, 404);
+      }
+
+      return await handleEnvelopeItemFileRequest({
+        title: envelopeItem.title,
+        status: envelopeItem.envelope.status,
+        documentData: envelopeItem.documentData,
+        version: 'signed',
+        isDownload: false,
+        context: c,
+      });
+    },
+  )
+  .get(
+    '/token/:token/envelopeItem/:envelopeItemId/download/:version?',
+    sValidator('param', ZGetEnvelopeItemFileTokenDownloadRequestParamsSchema),
+    async (c) => {
+      const { token, envelopeItemId, version } = c.req.valid('param');
+
+      let envelopeWhereQuery: Prisma.EnvelopeItemWhereUniqueInput = {
+        id: envelopeItemId,
+        envelope: {
+          recipients: {
+            some: {
+              token,
+            },
+          },
+        },
+      };
+
+      if (token.startsWith('qr_')) {
+        envelopeWhereQuery = {
+          id: envelopeItemId,
+          envelope: {
+            qrToken: token,
+          },
+        };
+      }
+
+      const envelopeItem = await prisma.envelopeItem.findUnique({
+        where: envelopeWhereQuery,
+        include: {
+          envelope: true,
+          documentData: true,
+        },
+      });
+
+      if (!envelopeItem) {
+        return c.json({ error: 'Envelope item not found' }, 404);
+      }
+
+      if (!envelopeItem.documentData) {
+        return c.json({ error: 'Document data not found' }, 404);
+      }
+
+      return await handleEnvelopeItemFileRequest({
+        title: envelopeItem.title,
+        status: envelopeItem.envelope.status,
+        documentData: envelopeItem.documentData,
+        version,
+        isDownload: true,
+        context: c,
+      });
+    },
+  );
--- a/apps/remix/server/api/files/files.types.ts
+++ b/apps/remix/server/api/files/files.types.ts
@ -0,0 +1,66 @@
+import { z } from 'zod';
+
+import DocumentDataSchema from '@documenso/prisma/generated/zod/modelSchema/DocumentDataSchema';
+
+export const ZUploadPdfRequestSchema = z.object({
+  file: z.instanceof(File),
+});
+
+export const ZUploadPdfResponseSchema = DocumentDataSchema.pick({
+  type: true,
+  id: true,
+});
+
+export type TUploadPdfRequest = z.infer<typeof ZUploadPdfRequestSchema>;
+export type TUploadPdfResponse = z.infer<typeof ZUploadPdfResponseSchema>;
+
+export const ZGetPresignedPostUrlRequestSchema = z.object({
+  fileName: z.string().min(1),
+  contentType: z.string().min(1),
+});
+
+export const ZGetPresignedPostUrlResponseSchema = z.object({
+  key: z.string().min(1),
+  url: z.string().min(1),
+});
+
+export type TGetPresignedPostUrlRequest = z.infer<typeof ZGetPresignedPostUrlRequestSchema>;
+export type TGetPresignedPostUrlResponse = z.infer<typeof ZGetPresignedPostUrlResponseSchema>;
+
+export const ZGetEnvelopeItemFileRequestParamsSchema = z.object({
+  envelopeId: z.string().min(1),
+  envelopeItemId: z.string().min(1),
+});
+
+export type TGetEnvelopeItemFileRequestParams = z.infer<
+  typeof ZGetEnvelopeItemFileRequestParamsSchema
+>;
+
+export const ZGetEnvelopeItemFileTokenRequestParamsSchema = z.object({
+  token: z.string().min(1),
+  envelopeItemId: z.string().min(1),
+});
+
+export type TGetEnvelopeItemFileTokenRequestParams = z.infer<
+  typeof ZGetEnvelopeItemFileTokenRequestParamsSchema
+>;
+
+export const ZGetEnvelopeItemFileDownloadRequestParamsSchema = z.object({
+  envelopeId: z.string().min(1),
+  envelopeItemId: z.string().min(1),
+  version: z.enum(['signed', 'original']).default('signed'),
+});
+
+export type TGetEnvelopeItemFileDownloadRequestParams = z.infer<
+  typeof ZGetEnvelopeItemFileDownloadRequestParamsSchema
+>;
+
+export const ZGetEnvelopeItemFileTokenDownloadRequestParamsSchema = z.object({
+  token: z.string().min(1),
+  envelopeItemId: z.string().min(1),
+  version: z.enum(['signed', 'original']).default('signed'),
+});
+
+export type TGetEnvelopeItemFileTokenDownloadRequestParams = z.infer<
+  typeof ZGetEnvelopeItemFileTokenDownloadRequestParamsSchema
+>;