Adds Cloud Signature Consortium (CSC) integration for AES/QES signing
against a configured TSP. v1 ships as instance-wide configuration via
environment variables, with per-envelope signature level selection,
license gating, and an OAuth-driven signing flow (capture + FIFO
signers, SAD session, blocking/in-progress recipient pages).
Includes signature level compatibility checks (role, signing order,
dictate next signer), envelope mutability assertions, Prisma migration
for signature level and CSC tables, and docs for the new signing
certificate options.
Add a new BullMQ/Redis-backed job provider as an alternative to the
existing Inngest and Local providers. Includes Bull Board UI for job
monitoring at /api/jobs/board (admin-only in production, open in dev).
Migrate from @documenso/pdf-sign and @cantoo/pdf-lib to @libpdf/core
for all PDF manipulation and signing operations. This includes:
- New signing transports for Google Cloud KMS and local certificates
- Consolidated PDF operations using libpdf API
- Added TSA (timestamp authority) helper for digital signatures
- Removed deprecated flatten and insert utilities
- Updated tests to use new PDF library
This change will allow for user registration when users are federated
through oidc provider even if the general signup is disabled
additionally the users email address can now be automatically set as
trusted. This will force corporate users to signin using SSO instead of
creating manual accounts.
## Description
This PR introduces an initial i18n implementation using
[Lingui](https://lingui.dev).
We plan to combine it with Crowdin which will provide AI translations
when PRs are merged into main.
We plan to rollout i18n to only marketing for now, and will review how
everything goes before continuing to introduce it into the main
application.
## Reasoning
Why not use i18n-next or other alternatives?
To hopefully provide the best DX we chose Lingui because it allows us to
simply wrap text that we want to translate in tags, instead of forcing
users to do things such as:
- Update the text to `t('some-text')`
- Extract it to the file
- The text becomes a bit unreadable unless done correctly
Yes, plugins such as i18n-ally and Sherlock exist to simplify these
chores, but these require the user to be correctly setup in vscode, and
it also does not seem to provide the required configurations for our
multi app and multi UI package setup.
## Super simple demo
```html
// Before
<p>Text to update</p>
// After
<p>
<Trans>Text to update</Trans>
</p>
```
## Related Issue
Relates to #885 but is only for marketing for now.
Another branch is slowly being prepared for the changes required for the
web application while we wait to see how this goes for marketing.
## Changes Made
Our configuration does not follow the general standard since we have
translations that cross:
- Web app
- Marketing app
- Constants package
- UI package
This means we want to separate translations into:
1. Marketing - Only translations extracted from `apps/marketing`
2. Web - Only translations extracted from `apps/web`
3. Common - Translations from `packages/constants` and `packages/ui`
Then we bundle, compile and minify the translations for production as
follows:
1. Marketing = Marketing + Common
2. Web = Web + Common
This allows us to only load the required translations when running each
application.
Overall general changes:
- Add i18n to marketing
- Add core i18n setup to web
- Add pre-commit hook and GH action to extract any new <Trans> tags into
the translation files
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added Romanian localization for marketing messages to improve
accessibility for Romanian-speaking users.
- Introduced German and English translation modules and PO files to
enhance the application's internationalization capabilities.
- Integrated internationalization support in the RootLayout component
for dynamic language settings based on server-side configurations.
- Enhanced the Enterprise component with translation support to adapt to
user language preferences.
- Added a `<meta>` tag to prevent Google from translating the page
content, supporting internationalization efforts.
- **Bug Fixes**
- Resolved minor issues related to the structure and accessibility of
translation files.
- **Chores**
- Updated project dependencies to support the new localization features
and ensure stability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Lucas Smith <me@lucasjamessmith.me>
Co-authored-by: Crowdin Bot <support+bot@crowdin.com>
Co-authored-by: github-actions <github-actions@documenso.com>
Introduces the ability to use anonymous SMTP authentication where no username or password is provided.
Also introduces a new flag to disable TLS avoiding cases also where STARTTLS is used despite `secure` being
set to `false`
Use Noto Sans to gracefully handle inserting custom text
on PDF's. Previously we were using Helvetica which is a
standard PDF font but that would fail for any character
that couldn't be encoded in WinANSI.
Noto Sans was chosen as it has support for a large number
of languages and glyphs with challenges now being adding
support for CJK glyphs.
## Description
Currently we are required to ensure PII data is not passed around in
search parameters and in the open for GDPR reasons.
Allowing us to encrypt and decrypt values with expiry dates will allow
us to ensure this doesn't happen.
## Changes Made
- Added TPRC router for encryption method
## Testing Performed
- Tested encrypting and decrypting data with and without `expiredAt`
- Tested via directly accessing API and also via trpc in react
components
- Tested parsing en email search param in a page and decrypting it
successfully
## Checklist
- [X] I have tested these changes locally and they work as expected.
- [X] I have followed the project's coding style guidelines.
## Description
Previously we assumed that there can only be 1 subscription per user.
However, that will soon no longer the case with the introduction of the
Teams subscription.
This PR will apply the required migrations to support multiple
subscriptions.
## Changes Made
- Updated the Prisma schema to allow for multiple `Subscriptions` per
`User`
- Added a Stripe `customerId` field to the `User` model
- Updated relevant billing sections to support multiple subscriptions
## Testing Performed
- Tested running the Prisma migration on a demo database created on the
main branch
Will require a lot of additional testing.
## Checklist
- [ ] I have tested these changes locally and they work as expected.
- [ ] I have added/updated tests that prove the effectiveness of these
changes.
- [X] I have followed the project's coding style guidelines.
## Additional Notes
Added the following custom SQL statement to the migration:
> DELETE FROM "Subscription" WHERE "planId" IS NULL OR "priceId" IS
NULL;
Prior to deployment this will require changes to Stripe products:
- Adding `type` meta attribute
---------
Co-authored-by: Lucas Smith <me@lucasjamessmith.me>
Implementation of a universal upload allowing for multiple storage backends
starting with `database` and `s3`.
Allows clients to put and retrieve files from either client or server using
a blend of client and server actions.
Lucas Smith
Kendry Grullon
Ephraim Duncan
David Nguyen
Matteo Sillitti
Rene Steen
Matt Kilgore
Valentin Lestoille
Navindu Amarakoon
Nafees Nazik