Ryan/documenso
1
0
Fork 1
mirror of https://github.com/documenso/documenso.git synced 2025-11-15 01:01:49 +10:00
Code Issues Packages Projects Releases Wiki Activity

🔒🐛 sign authentication via token instead of user jwt

Browse Source
This commit is contained in:
Timur Ercan
2023-03-09 11:47:36 +01:00
parent 30e186d82a
commit d4c6732772
1 changed files with 22 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
apps/web/pages/api/documents/[id].ts
View File

@ -10,16 +10,33 @@ import { getDocument } from "@documenso/lib/query";
import { addDigitalSignature } from "@documenso/signing/addDigitalSignature"; import { addDigitalSignature } from "@documenso/signing/addDigitalSignature";
async function getHandler(req: NextApiRequest, res: NextApiResponse) { async function getHandler(req: NextApiRequest, res: NextApiResponse) {
const user = await getUserFromToken(req, res);
const { id: documentId } = req.query; const { id: documentId } = req.query;
const { token: recipientToken } = req.query;
if (!user) return;
if (!documentId) { if (!documentId) {
res.status(400).send("Missing parameter documentId."); return res.status(400).send("Missing parameter documentId.");
return;
} }
let user = null;
if (recipientToken) {
// Request from signing page without login
const recipient = await prisma.recipient.findFirst({
where: {
token: recipientToken?.toString(),
},
include: {
Document: { include: { User: true } },
},
});
user = recipient?.Document.User;
} else {
// Request from editor with valid user login
user = await getUserFromToken(req, res);
}
if (!user) return res.status(401).end();
const document: PrismaDocument = await getDocument(+documentId, req, res); const document: PrismaDocument = await getDocument(+documentId, req, res);
if (!document) if (!document)