Commit Graph

393 Commits

Author SHA1 Message Date
David Nguyen 8671f269e8 fix: lint project (#2693) 2026-05-08 16:04:22 +10:00
David Nguyen edbf65969b fix: replace linter with biome (#2645) 2026-05-08 15:40:31 +10:00
Lucas Smith f66751668a fix: paginate and search member/group pickers (#2768) 2026-05-07 15:03:38 +10:00
Ephraim Duncan 8c0e029b1b feat: add pending signed PDF downloads (#2730) 2026-05-05 17:25:24 +10:00
David Nguyen f10d3284ba feat: remove default personal orgs from custom sso (#2741) 2026-05-05 14:50:07 +10:00
Lucas Smith aebb5e2067 fix: assistant signing auth (#2753) 2026-05-01 15:51:58 +10:00
David Nguyen e19b1d00d0 fix: improve embed error messages (#2752) 2026-05-01 14:24:42 +10:00
David Nguyen c428170b5c fix: allow users to download templates (#2746) 2026-04-30 16:50:07 +10:00
David Nguyen 5d92aaf20a feat: render signatures on pending envelopes (#2743) 2026-04-30 14:43:48 +10:00
Catalin Pit ae497092d7 fix: security improvements (#2593) 2026-04-30 14:43:20 +10:00
Catalin Pit e063af628f feat: allow admins to remove organisation and team members (#2705) 2026-04-22 23:08:16 +10:00
Lucas Smith dc575f5c80 fix: don't block organisation member removal on billing checks (#2706) 2026-04-22 21:59:22 +10:00
Ephraim Duncan e5da5bca38 fix: unwrap webhook payload before test and resend (#2710) 2026-04-22 15:42:16 +10:00
Catalin Pit d38d703fd3 fix: error message (update title) (#2691) 2026-04-22 15:42:07 +10:00
David Nguyen bc82b2e70e fix: admin org sorting (#2694) 2026-04-14 21:17:16 +10:00
Ephraim Duncan 4935f387bf feat: signing reminders (#1749) 2026-04-14 21:01:53 +10:00
Ephraim Duncan 9bfaa08d38 fix: documents table team email recipient lookup (#2578) 2026-04-07 20:10:38 +00:00
Swalih kolakkadan 6f650e1c2f feat: add document rename feature (#2542) (#2595) 2026-04-02 19:07:52 +11:00
David Nguyen e3b7a9e7cb feat: add ability to save documents as template (#2661) 2026-04-01 16:03:26 +11:00
Catalin Pit a71c44570b feat: admin panel org improvements (#2548)
## Description

- Add a new team page showing team details, global settings, members,
and pending invites
- Update the organisation page to display organisation usage and global
settings
- Show the role and ID of each organisation member, with navigation to
their teams

## Checklist

<!--- Please check the boxes that apply to this pull request. -->
<!--- You can add or remove items as needed. -->

- [ ] I have tested these changes locally and they work as expected.
- [ ] I have added/updated tests that prove the effectiveness of these
changes.
- [ ] I have updated the documentation to reflect these changes, if
applicable.
- [ ] I have followed the project's coding style guidelines.
- [ ] I have addressed the code review feedback from the previous
submission, if applicable.
2026-03-27 11:55:33 +02:00
Lucas Smith 2346de83a6 fix: replace z.string().email() with RFC 5322 compliant zEmail() (#2656) 2026-03-26 16:31:21 +11:00
Lucas Smith 814f6e62de fix: replace z.string().email() with RFC 5322 compliant ZEmail/zEmail (#2655) 2026-03-26 13:31:26 +11:00
David Nguyen ace472c294 fix: prevent managers from deleting admin invitations (#2636) 2026-03-20 22:26:59 +11:00
David Nguyen 48fb066b9a feat: allow editing pending envelope titles (#2604) 2026-03-19 14:03:30 +11:00
David Nguyen 0b605d61c6 feat: add envelope pdf replacement (#2602) 2026-03-18 22:53:28 +11:00
Abdul Alim f48aa84c9e fix(recipient): filter invalid emails in suggestions (#2510) 2026-03-18 14:43:44 +11:00
Ephraim Duncan 36bbd97514 feat: add organisation template type (#2611) 2026-03-17 01:29:34 +11:00
Lucas Smith 6b1b1d0417 fix: improve webhook execution (#2608)
Webhook URLs were being fetched without validating whether they
resolved to private/loopback addresses, exposing the server to SSRF.

Current SSRF is best effort and fail open, you should never host
services that
you cant risk exposure of.

This extracts webhook execution into a shared module that validates
URLs against private IP ranges (including DNS resolution), enforces
timeouts, and disables redirect following. The resend route now
queues through the job system instead of calling fetch inline.
2026-03-13 15:02:09 +11:00
Lucas Smith 9f680c7a61 perf: set global prisma transaction timeouts and reduce transaction scope (#2607)
Configure default transaction options (5s maxWait, 10s timeout) on the
PrismaClient instead of per-transaction overrides. Move side effects
like email sending, webhook triggers, and job dispatches out of
$transaction blocks to avoid holding database connections open during
network I/O.

Also extracts the direct template email into a background job and fixes
a bug where prisma was used instead of tx inside a transaction.
2026-03-13 14:51:53 +11:00
Lucas Smith af346b179c feat: add recipient role editing and audit log PDF download in admin (#2594)
- Allow admins to update recipient role from document detail page
- Add download button to export audit logs as PDF
- Display recipient status details in accordion
- Add LocalTime component with hover popover for timestamps
2026-03-10 21:41:46 +11:00
Catalin Pit c4754553c9 feat: implement template search functionality (#2376)
- Added  function to handle template searches based on user input
- Introduced in the TRPC router to facilitate authenticated template
searches
- Updated to include template search results alongside document search
results
- Enhanced query handling by enabling searches only when the input is
valid
- Created corresponding Zod schemas for request and response validation
in
2026-03-09 10:44:51 +11:00
David Nguyen 7ea664214a feat: add embedded envelopes (#2564)
## Description

Add envelopes V2 embedded support

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2026-03-06 14:11:27 +11:00
David Nguyen 6faa01d384 feat: add pdf image renderer (#2554)
## Description

Replace the PDF renderer with an custom image renderer.

This allows us to remove the "react-pdf" dependency and allows us to use
a virtual list to improve performance.
2026-03-06 12:39:03 +11:00
Lucas Smith 0ce909a298 refactor: find envelopes (#2557) 2026-03-06 12:38:40 +11:00
Lucas Smith 7f5f2b22ed feat: add seal-document sweep job and admin unsealed documents page (#2563) 2026-03-05 13:56:40 +11:00
Lucas Smith 7d3a56a006 feat: add admin ability to move subscription between orgs (#2558)
## Summary

- Adds a new admin action to move a subscription (and Stripe customerId)
from one organisation to another owned by the same user
- The target organisation must be on the free plan (no active
subscription) — enforces paid → free only
- The source organisation's claim is reset to the free plan after the
move

## How it works

A "Move Subscription" option appears in the actions dropdown of the
organisations table (on the admin user detail page) for any org with an
active or past-due subscription. Clicking it opens a dialog where the
admin selects a target org from a filtered list of eligible (free-plan)
orgs owned by the same user.

The backend performs the swap atomically in a single Prisma transaction:
1. Deletes any stale inactive subscription on the target org
2. Moves the `customerId` from source to target org
3. Reassigns the `Subscription` record to the target org
4. Copies claim entitlements to the target org
5. Resets the source org's claim to FREE

No Stripe API calls are made — the Stripe subscription and customer
remain unchanged; only the DB-level org association is updated.

## Files changed

- **New:**
`packages/trpc/server/admin-router/swap-organisation-subscription.types.ts`
— Zod schemas
- **New:**
`packages/trpc/server/admin-router/swap-organisation-subscription.ts` —
Admin mutation
- **New:**
`apps/remix/app/components/dialogs/admin-swap-subscription-dialog.tsx` —
Dialog component
- **Modified:** `packages/trpc/server/admin-router/router.ts` — Register
route
- **Modified:**
`apps/remix/app/components/tables/admin-organisations-table.tsx` — Add
action menu item
2026-03-04 22:34:53 +11:00
Lucas Smith c112392da9 feat: add admin email domain management and sync job (#2538) 2026-02-25 15:14:18 +11:00
Lucas Smith 36eef79b1a fix: omit fieldId from embed create endpoints (#2523) 2026-02-21 21:14:51 +11:00
Lucas Smith 653ab3678a feat: better ratelimiting (#2520)
Replace hono-rate-limiter with a Prisma/PostgreSQL bucketed counter
approach that works correctly across multiple instances without sticky
sessions.

- Add RateLimit model with composite PK (key, action, bucket) and atomic
upsert
- Create rate limit factory with window parsing, bucket computation, and
fail-open
- Define auth-tier and API-tier rate limit instances
- Add Hono middleware, rateLimitResponse helper, and tRPC
assertRateLimit helper
- Wire rate limit headers through AppError constructor (was declared but
never assigned)
- Apply rate limits to auth routes (email-password, passkey), tRPC
routes
  (2FA email, link org account), API routes, and file upload endpoints
- Add cleanup cron job for expired rate limit rows (batched delete every
15 min)
- Remove hono-rate-limiter dependency
2026-02-20 12:23:02 +11:00
Lucas Smith 006b1d0a57 feat: per-recipient envelope expiration (#2519) 2026-02-20 11:36:20 +11:00
Lucas Smith 9a66d0ebf6 fix: simplify openapi field schemas to fix SDK generation (#2503) 2026-02-18 17:07:46 +11:00
Lucas Smith a5ef1d23e6 feat: add team memberships section to admin user detail page (#2457) 2026-02-09 17:35:22 +11:00
David Nguyen a4d0e3e873 fix: resolve safari cert download issues (#2430) 2026-01-29 14:08:07 +11:00
David Nguyen 1b0df2d082 feat: add license integration (#2346)
Changes:
- Adds integration for the license server.
- Prevent adding flags that the instance is not allowed to add
2026-01-29 13:30:48 +11:00
Catalin Pit d18dcb4d60 feat: autoplace fields from placeholders (#2111)
This PR introduces automatic detection and placement of fields and
recipients based on PDF placeholders.

The placeholders have the following structure:
- `{{fieldType,recipientPosition,fieldMeta}}` 
- `{{text,r1,required=true,textAlign=right,fontSize=50}}`

When the user uploads a PDF document containing such placeholders, they
get converted automatically to Documenso fields and assigned to
recipients.
2026-01-29 13:13:45 +11:00
Catalin Pit 155310b028 feat: add bulk document selection and move functionality (#2387)
This PR introduces bulk actions for documents, allowing users to select
multiple envelopes and perform actions such as moving or deleting 1 or
more documents simultaneously.
2026-01-28 18:27:32 +11:00
Catalin Pit 28bc2dc975 fix: send organisation member removal email to correct user (#2405) 2026-01-28 09:18:58 +02:00
Lucas Smith 65e30b88be fix: persist formValues in document creation endpoints (#2419) 2026-01-27 16:21:09 +11:00
Ted Liang 9c6ee88cc4 fix: security CVE-2026-23527 (#2399) 2026-01-27 15:52:34 +11:00
Lucas Smith 7fc6f5bb6e fix: make teamId optional in support form validation (#2417)
The contact form accepts teamId as an optional param based on
where the user clicks "Support" from. Previously, when opened
from a non-team context, the null teamId would be parsed to NaN
and fail validation, causing the form to error out. Now the
validation only runs when a teamId is actually provided.
2026-01-27 15:00:53 +11:00