Webhook URLs were being fetched without validating whether they
resolved to private/loopback addresses, exposing the server to SSRF.
Current SSRF is best effort and fail open, you should never host
services that
you cant risk exposure of.
This extracts webhook execution into a shared module that validates
URLs against private IP ranges (including DNS resolution), enforces
timeouts, and disables redirect following. The resend route now
queues through the job system instead of calling fetch inline.
This PR is handles the changes required to support envelopes. The new
envelope editor/signing page will be hidden during release.
The core changes here is to migrate the documents and templates model to
a centralized envelopes model.
Even though Documents and Templates are removed, from the user
perspective they will still exist as we remap envelopes to documents and
templates.