From d4c673277266bb84d8855e21810ae11ae43caeec Mon Sep 17 00:00:00 2001
From: Timur Ercan <timur.ercan31@gmail.com>
Date: Thu, 9 Mar 2023 11:47:36 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20=F0=9F=90=9B=20sign=20a?=
 =?UTF-8?q?uthentication=20via=20token=20instead=20of=20user=20jwt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/web/pages/api/documents/[id].ts | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/apps/web/pages/api/documents/[id].ts b/apps/web/pages/api/documents/[id].ts
index d969ec348..517e11757 100644
--- a/apps/web/pages/api/documents/[id].ts
+++ b/apps/web/pages/api/documents/[id].ts
@@ -10,16 +10,33 @@ import { getDocument } from "@documenso/lib/query";
 import { addDigitalSignature } from "@documenso/signing/addDigitalSignature";
 
 async function getHandler(req: NextApiRequest, res: NextApiResponse) {
-  const user = await getUserFromToken(req, res);
   const { id: documentId } = req.query;
-
-  if (!user) return;
+  const { token: recipientToken } = req.query;
 
   if (!documentId) {
-    res.status(400).send("Missing parameter documentId.");
-    return;
+    return res.status(400).send("Missing parameter documentId.");
   }
 
+  let user = null;
+
+  if (recipientToken) {
+    // Request from signing page without login
+    const recipient = await prisma.recipient.findFirst({
+      where: {
+        token: recipientToken?.toString(),
+      },
+      include: {
+        Document: { include: { User: true } },
+      },
+    });
+    user = recipient?.Document.User;
+  } else {
+    // Request from editor with valid user login
+    user = await getUserFromToken(req, res);
+  }
+
+  if (!user) return res.status(401).end();
+
   const document: PrismaDocument = await getDocument(+documentId, req, res);
 
   if (!document)