Ryan/documenso
1
0
Fork 1
mirror of https://github.com/documenso/documenso.git synced 2025-11-22 04:31:39 +10:00
Code Issues Packages Projects Releases Wiki Activity

fix: wip

Browse Source
This commit is contained in:
David Nguyen
2025-01-31 14:09:02 +11:00
parent f7a98180d7
commit d7d0fca501
146 changed files with 1250 additions and 1263 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/signing/index.ts
View File

@ -1,5 +1,7 @@
import { match } from 'ts-pattern';
import { env } from '@documenso/lib/utils/env';
import { signWithGoogleCloudHSM } from './transports/google-cloud-hsm';
import { signWithLocalCert } from './transports/local-cert';
@ -8,7 +10,7 @@ export type SignOptions = {
};
export const signPdf = async ({ pdf }: SignOptions) => {
const transport = process.env.NEXT_PRIVATE_SIGNING_TRANSPORT || 'local';
const transport = env('NEXT_PRIVATE_SIGNING_TRANSPORT') || 'local';
return await match(transport)
.with('local', async () => signWithLocalCert({ pdf }))

25
packages/signing/transports/google-cloud-hsm.ts
View File

@ -1,5 +1,6 @@
import fs from 'node:fs';
import { env } from '@documenso/lib/utils/env';
import { signWithGCloud } from '@documenso/pdf-sign';
import { addSigningPlaceholder } from '../helpers/add-signing-placeholder';
@ -10,7 +11,7 @@ export type SignWithGoogleCloudHSMOptions = {
};
export const signWithGoogleCloudHSM = async ({ pdf }: SignWithGoogleCloudHSMOptions) => {
const keyPath = process.env.NEXT_PRIVATE_SIGNING_GCLOUD_HSM_KEY_PATH;
const keyPath = env('NEXT_PRIVATE_SIGNING_GCLOUD_HSM_KEY_PATH');
if (!keyPath) {
throw new Error('No certificate path provided for Google Cloud HSM signing');
@ -19,18 +20,15 @@ export const signWithGoogleCloudHSM = async ({ pdf }: SignWithGoogleCloudHSMOpti
// To handle hosting in serverless environments like Vercel we can supply the base64 encoded
// application credentials as an environment variable and write it to a file if it doesn't exist
if (
process.env.GOOGLE_APPLICATION_CREDENTIALS &&
process.env.NEXT_PRIVATE_SIGNING_GCLOUD_APPLICATION_CREDENTIALS_CONTENTS
env('GOOGLE_APPLICATION_CREDENTIALS') &&
env('NEXT_PRIVATE_SIGNING_GCLOUD_APPLICATION_CREDENTIALS_CONTENTS')
) {
if (!fs.existsSync(process.env.GOOGLE_APPLICATION_CREDENTIALS)) {
if (!fs.existsSync(env('GOOGLE_APPLICATION_CREDENTIALS'))) {
const contents = new Uint8Array(
Buffer.from(
process.env.NEXT_PRIVATE_SIGNING_GCLOUD_APPLICATION_CREDENTIALS_CONTENTS,
'base64',
),
Buffer.from(env('NEXT_PRIVATE_SIGNING_GCLOUD_APPLICATION_CREDENTIALS_CONTENTS'), 'base64'),
);
fs.writeFileSync(process.env.GOOGLE_APPLICATION_CREDENTIALS, contents);
fs.writeFileSync(env('GOOGLE_APPLICATION_CREDENTIALS'), contents);
}
}
@ -47,17 +45,14 @@ export const signWithGoogleCloudHSM = async ({ pdf }: SignWithGoogleCloudHSMOpti
let cert: Buffer | null = null;
if (process.env.NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_CONTENTS) {
cert = Buffer.from(
process.env.NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_CONTENTS,
'base64',
);
if (env('NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_CONTENTS')) {
cert = Buffer.from(env('NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_CONTENTS'), 'base64');
}
if (!cert) {
cert = Buffer.from(
fs.readFileSync(
process.env.NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_PATH || './example/cert.crt',
env('NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_PATH') || './example/cert.crt',
),
);
}

13
packages/signing/transports/local-cert.ts
View File

@ -1,5 +1,6 @@
import fs from 'node:fs';
import { env } from '@documenso/lib/utils/env';
import { signWithP12 } from '@documenso/pdf-sign';
import { addSigningPlaceholder } from '../helpers/add-signing-placeholder';
@ -23,20 +24,20 @@ export const signWithLocalCert = async ({ pdf }: SignWithLocalCertOptions) => {
let cert: Buffer | null = null;
if (process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS) {
cert = Buffer.from(process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS, 'base64');
if (env('NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS')) {
cert = Buffer.from(env('NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS'), 'base64');
}
if (!cert) {
let certPath = process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH || '/opt/documenso/cert.p12';
let certPath = env('NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH') || '/opt/documenso/cert.p12';
// We don't want to make the development server suddenly crash when using the `dx` script
// so we retain this when NODE_ENV isn't set to production which it should be in most production
// deployments.
//
// Our docker image automatically sets this so it shouldn't be an issue for self-hosters.
if (process.env.NODE_ENV !== 'production') {
certPath = process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH || './example/cert.p12';
if (env('NODE_ENV') !== 'production') {
certPath = env('NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH') || './example/cert.p12';
}
cert = Buffer.from(fs.readFileSync(certPath));
@ -45,7 +46,7 @@ export const signWithLocalCert = async ({ pdf }: SignWithLocalCertOptions) => {
const signature = signWithP12({
cert,
content: pdfWithoutSignature,
password: process.env.NEXT_PRIVATE_SIGNING_PASSPHRASE || undefined,
password: env('NEXT_PRIVATE_SIGNING_PASSPHRASE') || undefined,
});
const signatureAsHex = signature.toString('hex');