chore: merged main

2025-11-12 15:53:02 +10:00 · 2024-01-25 13:43:11 +02:00
parent 4aefb80989 d766b58f42
commit ffee2b2c9a
65 changed files with 1043 additions and 234 deletions
--- a/packages/trpc/server/crypto/router.ts
+++ b/packages/trpc/server/crypto/router.ts
@ -0,0 +1,17 @@
+import { encryptSecondaryData } from '@documenso/lib/server-only/crypto/encrypt';
+
+import { procedure, router } from '../trpc';
+import { ZEncryptSecondaryDataMutationSchema } from './schema';
+
+export const cryptoRouter = router({
+  encryptSecondaryData: procedure
+    .input(ZEncryptSecondaryDataMutationSchema)
+    .mutation(({ input }) => {
+      try {
+        return encryptSecondaryData(input);
+      } catch {
+        // Never leak errors for crypto.
+        throw new Error('Failed to encrypt data');
+      }
+    }),
+});
--- a/packages/trpc/server/crypto/schema.ts
+++ b/packages/trpc/server/crypto/schema.ts
@ -0,0 +1,15 @@
+import { z } from 'zod';
+
+export const ZEncryptSecondaryDataMutationSchema = z.object({
+  data: z.string(),
+  expiresAt: z.number().optional(),
+});
+
+export const ZDecryptDataMutationSchema = z.object({
+  data: z.string(),
+});
+
+export type TEncryptSecondaryDataMutationSchema = z.infer<
+  typeof ZEncryptSecondaryDataMutationSchema
+>;
+export type TDecryptDataMutationSchema = z.infer<typeof ZDecryptDataMutationSchema>;
--- a/packages/trpc/server/document-router/router.ts
+++ b/packages/trpc/server/document-router/router.ts
@ -1,6 +1,7 @@
 import { TRPCError } from '@trpc/server';

 import { getServerLimits } from '@documenso/ee/server-only/limits/server';
+import { DOCUMENSO_ENCRYPTION_KEY } from '@documenso/lib/constants/crypto';
 import { upsertDocumentMeta } from '@documenso/lib/server-only/document-meta/upsert-document-meta';
 import { createDocument } from '@documenso/lib/server-only/document/create-document';
 import { deleteDocument } from '@documenso/lib/server-only/document/delete-document';
@ -13,6 +14,7 @@ import { sendDocument } from '@documenso/lib/server-only/document/send-document'
 import { updateTitle } from '@documenso/lib/server-only/document/update-title';
 import { setFieldsForDocument } from '@documenso/lib/server-only/field/set-fields-for-document';
 import { setRecipientsForDocument } from '@documenso/lib/server-only/recipient/set-recipients-for-document';
+import { symmetricEncrypt } from '@documenso/lib/universal/crypto';

 import { authenticatedProcedure, procedure, router } from '../trpc';
 import {
@ -24,6 +26,7 @@ import {
  ZSearchDocumentsMutationSchema,
  ZSendDocumentMutationSchema,
  ZSetFieldsForDocumentMutationSchema,
+  ZSetPasswordForDocumentMutationSchema,
  ZSetRecipientsForDocumentMutationSchema,
  ZSetTitleForDocumentMutationSchema,
 } from './schema';
@ -175,6 +178,38 @@ export const documentRouter = router({
      }
    }),

+  setPasswordForDocument: authenticatedProcedure
+    .input(ZSetPasswordForDocumentMutationSchema)
+    .mutation(async ({ input, ctx }) => {
+      try {
+        const { documentId, password } = input;
+
+        const key = DOCUMENSO_ENCRYPTION_KEY;
+
+        if (!key) {
+          throw new Error('Missing encryption key');
+        }
+
+        const securePassword = symmetricEncrypt({
+          data: password,
+          key,
+        });
+
+        await upsertDocumentMeta({
+          documentId,
+          password: securePassword,
+          userId: ctx.user.id,
+        });
+      } catch (err) {
+        console.error(err);
+
+        throw new TRPCError({
+          code: 'BAD_REQUEST',
+          message: 'We were unable to set the password for this document. Please try again later.',
+        });
+      }
+    }),
+
  sendDocument: authenticatedProcedure
    .input(ZSendDocumentMutationSchema)
    .mutation(async ({ input, ctx }) => {
--- a/packages/trpc/server/document-router/schema.ts
+++ b/packages/trpc/server/document-router/schema.ts
@ -73,6 +73,15 @@ export const ZSendDocumentMutationSchema = z.object({
  }),
 });

+export const ZSetPasswordForDocumentMutationSchema = z.object({
+  documentId: z.number(),
+  password: z.string(),
+});
+
+export type TSetPasswordForDocumentMutationSchema = z.infer<
+  typeof ZSetPasswordForDocumentMutationSchema
+>;
+
 export const ZResendDocumentMutationSchema = z.object({
  documentId: z.number(),
  recipients: z.array(z.number()).min(1),
--- a/packages/trpc/server/router.ts
+++ b/packages/trpc/server/router.ts
@ -1,5 +1,6 @@
 import { adminRouter } from './admin-router/router';
 import { authRouter } from './auth-router/router';
+import { cryptoRouter } from './crypto/router';
 import { documentRouter } from './document-router/router';
 import { fieldRouter } from './field-router/router';
 import { profileRouter } from './profile-router/router';
@ -12,6 +13,7 @@ import { twoFactorAuthenticationRouter } from './two-factor-authentication-route

 export const appRouter = router({
  auth: authRouter,
+  crypto: cryptoRouter,
  profile: profileRouter,
  document: documentRouter,
  field: fieldRouter,