v2.0.2

Currently on inngest the sealing task fails during decoration stating
that it can not find the step "xxx"

My running theory is that this was due to it being a
Promise.all(map(...)) even though that isn't explicitly disallowed.

This change turns it into a for loop collecting promises to be awaited
after the fact.

Local inngest testing looks promising.

apps/remix/app/components/dialogs/document-duplicate-dialog.tsx

@@ -49,20 +49,20 @@ export const DocumentDuplicateDialog = ({
       },
     );
 
-  const envelopeItems = envelopeItemsPayload?.envelopeItems || [];
+  const envelopeItems = envelopeItemsPayload?.data || [];
 
   const documentsPath = formatDocumentsPath(team.url);
 
   const { mutateAsync: duplicateEnvelope, isPending: isDuplicating } =
     trpcReact.envelope.duplicate.useMutation({
-      onSuccess: async ({ duplicatedEnvelopeId }) => {
+      onSuccess: async ({ id }) => {
         toast({
           title: _(msg`Document Duplicated`),
           description: _(msg`Your document has been successfully duplicated.`),
           duration: 5000,
         });
 
-        await navigate(`${documentsPath}/${duplicatedEnvelopeId}/edit`);
+        await navigate(`${documentsPath}/${id}/edit`);
         onOpenChange(false);
       },
     });

apps/remix/app/components/dialogs/envelope-download-dialog.tsx

@@ -61,12 +61,12 @@ export const EnvelopeDownloadDialog = ({
         access: token ? { type: 'recipient', token } : { type: 'user' },
       },
       {
-        initialData: initialEnvelopeItems ? { envelopeItems: initialEnvelopeItems } : undefined,
+        initialData: initialEnvelopeItems ? { data: initialEnvelopeItems } : undefined,
         enabled: open,
       },
     );
 
-  const envelopeItems = envelopeItemsPayload?.envelopeItems || [];
+  const envelopeItems = envelopeItemsPayload?.data || [];
 
   const onDownload = async (
     envelopeItem: EnvelopeItemToDownload,

apps/remix/app/components/dialogs/envelope-duplicate-dialog.tsx

@@ -43,7 +43,7 @@ export const EnvelopeDuplicateDialog = ({
 
   const { mutateAsync: duplicateEnvelope, isPending: isDuplicating } =
     trpc.envelope.duplicate.useMutation({
-      onSuccess: async ({ duplicatedEnvelopeId }) => {
+      onSuccess: async ({ id }) => {
         toast({
           title: t`Envelope Duplicated`,
           description: t`Your envelope has been successfully duplicated.`,
@@ -55,7 +55,7 @@ export const EnvelopeDuplicateDialog = ({
             ? formatDocumentsPath(team.url)
             : formatTemplatesPath(team.url);
 
-        await navigate(`${path}/${duplicatedEnvelopeId}/edit`);
+        await navigate(`${path}/${id}/edit`);
         setOpen(false);
       },
     });

apps/remix/app/components/dialogs/organisation-member-invite-dialog.tsx

@@ -185,6 +185,10 @@ export const OrganisationMemberInviteDialog = ({
       return 'form';
     }
 
+    if (fullOrganisation.members.length < fullOrganisation.organisationClaim.memberCount) {
+      return 'form';
+    }
+
     // This is probably going to screw us over in the future.
     if (fullOrganisation.organisationClaim.originalSubscriptionClaimId !== INTERNAL_CLAIM_ID.TEAM) {
       return 'alert';

apps/remix/app/components/dialogs/template-use-dialog.tsx

@@ -143,7 +143,7 @@ export function TemplateUseDialog({
     },
   );
 
-  const envelopeItems = response?.envelopeItems ?? [];
+  const envelopeItems = response?.data ?? [];
 
   const { mutateAsync: createDocumentFromTemplate } =
     trpc.template.createDocumentFromTemplate.useMutation();

apps/remix/app/components/embed/embed-authentication-required.tsx

@@ -9,6 +9,7 @@ export type EmbedAuthenticationRequiredProps = {
   email?: string;
   returnTo: string;
   isGoogleSSOEnabled?: boolean;
+  isMicrosoftSSOEnabled?: boolean;
   isOIDCSSOEnabled?: boolean;
   oidcProviderLabel?: string;
 };
@@ -17,6 +18,7 @@ export const EmbedAuthenticationRequired = ({
   email,
   returnTo,
   // isGoogleSSOEnabled,
+  // isMicrosoftSSOEnabled,
   // isOIDCSSOEnabled,
   // oidcProviderLabel,
 }: EmbedAuthenticationRequiredProps) => {
@@ -37,6 +39,7 @@ export const EmbedAuthenticationRequired = ({
         <SignInForm
           // Embed currently not supported.
           // isGoogleSSOEnabled={isGoogleSSOEnabled}
+          // isMicrosoftSSOEnabled={isMicrosoftSSOEnabled}
           // isOIDCSSOEnabled={isOIDCSSOEnabled}
           // oidcProviderLabel={oidcProviderLabel}
           className="mt-4"

apps/remix/app/components/embed/embed-document-signing-page-v1.tsx

@@ -40,7 +40,7 @@ import { EmbedDocumentCompleted } from './embed-document-completed';
 import { EmbedDocumentFields } from './embed-document-fields';
 import { EmbedDocumentRejected } from './embed-document-rejected';
 
-export type EmbedSignDocumentClientPageProps = {
+export type EmbedSignDocumentV1ClientPageProps = {
   token: string;
   documentId: number;
   envelopeId: string;
@@ -55,7 +55,7 @@ export type EmbedSignDocumentClientPageProps = {
   allRecipients?: RecipientWithFields[];
 };
 
-export const EmbedSignDocumentClientPage = ({
+export const EmbedSignDocumentV1ClientPage = ({
   token,
   documentId,
   envelopeId,
@@ -68,7 +68,7 @@ export const EmbedSignDocumentClientPage = ({
   hidePoweredBy = false,
   allowWhitelabelling = false,
   allRecipients = [],
-}: EmbedSignDocumentClientPageProps) => {
+}: EmbedSignDocumentV1ClientPageProps) => {
   const { _ } = useLingui();
   const { toast } = useToast();
 

apps/remix/app/components/embed/embed-document-signing-page-v2.tsx

@@ -0,0 +1,232 @@
+import { useEffect, useLayoutEffect, useState } from 'react';
+
+import { useLingui } from '@lingui/react';
+
+import { mapSecondaryIdToDocumentId } from '@documenso/lib/utils/envelope';
+
+import { ZSignDocumentEmbedDataSchema } from '~/types/embed-document-sign-schema';
+import { injectCss } from '~/utils/css-vars';
+
+import { DocumentSigningPageViewV2 } from '../general/document-signing/document-signing-page-view-v2';
+import { useRequiredEnvelopeSigningContext } from '../general/document-signing/envelope-signing-provider';
+import { EmbedClientLoading } from './embed-client-loading';
+import { EmbedDocumentCompleted } from './embed-document-completed';
+import { EmbedDocumentRejected } from './embed-document-rejected';
+import { EmbedSigningProvider } from './embed-signing-context';
+
+export type EmbedSignDocumentV2ClientPageProps = {
+  hidePoweredBy?: boolean;
+  allowWhitelabelling?: boolean;
+};
+
+export const EmbedSignDocumentV2ClientPage = ({
+  hidePoweredBy = false,
+  allowWhitelabelling = false,
+}: EmbedSignDocumentV2ClientPageProps) => {
+  const { _ } = useLingui();
+
+  const { envelope, recipient, envelopeData, setFullName, fullName } =
+    useRequiredEnvelopeSigningContext();
+
+  const { isCompleted, isRejected, recipientSignature } = envelopeData;
+
+  // !: Not used at the moment, may be removed in the future.
+  // const [hasDocumentLoaded, setHasDocumentLoaded] = useState(false);
+  const [hasFinishedInit, setHasFinishedInit] = useState(false);
+  const [allowDocumentRejection, setAllowDocumentRejection] = useState(false);
+  const [isNameLocked, setIsNameLocked] = useState(false);
+
+  const onDocumentCompleted = (data: {
+    token: string;
+    documentId: number;
+    envelopeId: string;
+    recipientId: number;
+  }) => {
+    if (window.parent) {
+      window.parent.postMessage(
+        {
+          action: 'document-completed',
+          data,
+        },
+        '*',
+      );
+    }
+  };
+
+  const onDocumentError = () => {
+    if (window.parent) {
+      window.parent.postMessage(
+        {
+          action: 'document-error',
+          data: null,
+        },
+        '*',
+      );
+    }
+  };
+
+  const onDocumentReady = () => {
+    if (window.parent) {
+      window.parent.postMessage(
+        {
+          action: 'document-ready',
+          data: null,
+        },
+        '*',
+      );
+    }
+  };
+
+  const onFieldSigned = (data: { fieldId?: number; value?: string; isBase64?: boolean }) => {
+    if (window.parent) {
+      window.parent.postMessage(
+        {
+          action: 'field-signed',
+          data,
+        },
+        '*',
+      );
+    }
+  };
+
+  const onFieldUnsigned = (data: { fieldId?: number }) => {
+    if (window.parent) {
+      window.parent.postMessage(
+        {
+          action: 'field-unsigned',
+          data,
+        },
+        '*',
+      );
+    }
+  };
+
+  const onDocumentRejected = (data: {
+    token: string;
+    documentId: number;
+    envelopeId: string;
+    recipientId: number;
+    reason?: string;
+  }) => {
+    if (window.parent) {
+      window.parent.postMessage(
+        {
+          action: 'document-rejected',
+          data,
+        },
+        '*',
+      );
+    }
+  };
+
+  useLayoutEffect(() => {
+    const hash = window.location.hash.slice(1);
+
+    try {
+      const data = ZSignDocumentEmbedDataSchema.parse(JSON.parse(decodeURIComponent(atob(hash))));
+
+      if (!isCompleted && data.name) {
+        setFullName(data.name);
+      }
+
+      // Since a recipient can be provided a name we can lock it without requiring
+      // a to be provided by the parent application, unlike direct templates.
+      setIsNameLocked(!!data.lockName);
+      setAllowDocumentRejection(!!data.allowDocumentRejection);
+
+      if (data.darkModeDisabled) {
+        document.documentElement.classList.add('dark-mode-disabled');
+      }
+
+      if (allowWhitelabelling) {
+        injectCss({
+          css: data.css,
+          cssVars: data.cssVars,
+        });
+      }
+    } catch (err) {
+      console.error(err);
+    }
+
+    setHasFinishedInit(true);
+
+    // !: While the setters are stable we still want to ensure we're avoiding
+    // !: re-renders.
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [allowWhitelabelling]);
+
+  useEffect(() => {
+    if (hasFinishedInit) {
+      onDocumentReady();
+    }
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [hasFinishedInit]);
+
+  // Listen for document completion events from the envelope signing context
+  useEffect(() => {
+    if (isCompleted) {
+      onDocumentCompleted({
+        token: recipient.token,
+        envelopeId: envelope.id,
+        documentId: mapSecondaryIdToDocumentId(envelope.secondaryId),
+        recipientId: recipient.id,
+      });
+    }
+  }, [isCompleted, envelope.id, recipient.id, recipient.token]);
+
+  // Listen for document rejection events
+  useEffect(() => {
+    if (isRejected) {
+      onDocumentRejected({
+        token: recipient.token,
+        envelopeId: envelope.id,
+        documentId: mapSecondaryIdToDocumentId(envelope.secondaryId),
+        recipientId: recipient.id,
+      });
+    }
+  }, [isRejected, envelope.id, recipient.id, recipient.token]);
+
+  if (isRejected) {
+    return <EmbedDocumentRejected />;
+  }
+
+  if (isCompleted) {
+    return (
+      <EmbedDocumentCompleted
+        name={fullName}
+        signature={
+          recipientSignature
+            ? {
+                id: 1,
+                fieldId: 1,
+                recipientId: recipient.id,
+                created: new Date(),
+                signatureImageAsBase64: recipientSignature.signatureImageAsBase64,
+                typedSignature: recipientSignature.typedSignature,
+              }
+            : undefined
+        }
+      />
+    );
+  }
+
+  return (
+    <EmbedSigningProvider
+      isNameLocked={isNameLocked}
+      hidePoweredBy={hidePoweredBy}
+      allowDocumentRejection={allowDocumentRejection}
+      onDocumentCompleted={onDocumentCompleted}
+      onDocumentError={onDocumentError}
+      onDocumentRejected={onDocumentRejected}
+      onDocumentReady={onDocumentReady}
+      onFieldSigned={onFieldSigned}
+      onFieldUnsigned={onFieldUnsigned}
+    >
+      <div className="embed--Root relative">
+        {!hasFinishedInit && <EmbedClientLoading />}
+
+        <DocumentSigningPageViewV2 />
+      </div>
+    </EmbedSigningProvider>
+  );
+};

apps/remix/app/components/embed/embed-signing-context.tsx

@@ -0,0 +1,101 @@
+import { createContext, useContext } from 'react';
+
+export type EmbedSigningContextValue = {
+  isEmbed: true;
+  allowDocumentRejection: boolean;
+  isNameLocked: boolean;
+  isEmailLocked: boolean;
+  hidePoweredBy: boolean;
+  onDocumentCompleted: (data: {
+    token: string;
+    documentId: number;
+    envelopeId: string;
+    recipientId: number;
+  }) => void;
+  onDocumentError: () => void;
+  onDocumentRejected: (data: {
+    token: string;
+    documentId: number;
+    envelopeId: string;
+    recipientId: number;
+    reason?: string;
+  }) => void;
+  onDocumentReady: () => void;
+  onFieldSigned: (data: { fieldId?: number; value?: string; isBase64?: boolean }) => void;
+  onFieldUnsigned: (data: { fieldId?: number }) => void;
+};
+
+const EmbedSigningContext = createContext<EmbedSigningContextValue | null>(null);
+
+export const useEmbedSigningContext = () => {
+  return useContext(EmbedSigningContext);
+};
+
+export const useRequiredEmbedSigningContext = () => {
+  const context = useEmbedSigningContext();
+
+  if (!context) {
+    throw new Error('useRequiredEmbedSigningContext must be used within EmbedSigningProvider');
+  }
+
+  return context;
+};
+
+export type EmbedSigningProviderProps = {
+  allowDocumentRejection?: boolean;
+  isNameLocked?: boolean;
+  isEmailLocked?: boolean;
+  hidePoweredBy?: boolean;
+  onDocumentCompleted: (data: {
+    token: string;
+    documentId: number;
+    envelopeId: string;
+    recipientId: number;
+  }) => void;
+  onDocumentError: () => void;
+  onDocumentRejected: (data: {
+    token: string;
+    documentId: number;
+    envelopeId: string;
+    recipientId: number;
+    reason?: string;
+  }) => void;
+  onDocumentReady: () => void;
+  onFieldSigned: (data: { fieldId?: number; value?: string; isBase64?: boolean }) => void;
+  onFieldUnsigned: (data: { fieldId?: number }) => void;
+  children: React.ReactNode;
+};
+
+export const EmbedSigningProvider = ({
+  allowDocumentRejection = false,
+  isNameLocked = false,
+  isEmailLocked = true,
+  hidePoweredBy = false,
+  onDocumentCompleted,
+  onDocumentError,
+  onDocumentRejected,
+  onDocumentReady,
+  onFieldSigned,
+  onFieldUnsigned,
+  children,
+}: EmbedSigningProviderProps) => {
+  return (
+    <EmbedSigningContext.Provider
+      value={{
+        isEmbed: true,
+        allowDocumentRejection,
+        isNameLocked,
+        isEmailLocked,
+        hidePoweredBy,
+        onDocumentCompleted,
+        onDocumentError,
+        onDocumentRejected,
+        onDocumentReady,
+        onFieldSigned,
+        onFieldUnsigned,
+      }}
+    >
+      {children}
+    </EmbedSigningContext.Provider>
+  );
+};

apps/remix/app/components/forms/signin.tsx

@@ -92,6 +92,7 @@ export const SignInForm = ({
 
   const [isTwoFactorAuthenticationDialogOpen, setIsTwoFactorAuthenticationDialogOpen] =
     useState(false);
+  const [isEmbeddedRedirect, setIsEmbeddedRedirect] = useState(false);
 
   const [twoFactorAuthenticationMethod, setTwoFactorAuthenticationMethod] = useState<
     'totp' | 'backup'
@@ -317,6 +318,8 @@ export const SignInForm = ({
     if (email) {
       form.setValue('email', email);
     }
+
+    setIsEmbeddedRedirect(params.get('embedded') === 'true');
   }, [form]);
 
   return (
@@ -383,56 +386,64 @@ export const SignInForm = ({
             {isSubmitting ? <Trans>Signing in...</Trans> : <Trans>Sign In</Trans>}
           </Button>
 
-          {hasSocialAuthEnabled && (
-            <div className="relative flex items-center justify-center gap-x-4 py-2 text-xs uppercase">
-              <div className="bg-border h-px flex-1" />
-              <span className="text-muted-foreground bg-transparent">
-                <Trans>Or continue with</Trans>
-              </span>
-              <div className="bg-border h-px flex-1" />
-            </div>
-          )}
+          {!isEmbeddedRedirect && (
+            <>
+              {hasSocialAuthEnabled && (
+                <div className="relative flex items-center justify-center gap-x-4 py-2 text-xs uppercase">
+                  <div className="bg-border h-px flex-1" />
+                  <span className="text-muted-foreground bg-transparent">
+                    <Trans>Or continue with</Trans>
+                  </span>
+                  <div className="bg-border h-px flex-1" />
+                </div>
+              )}
 
-          {isGoogleSSOEnabled && (
-            <Button
-              type="button"
-              size="lg"
-              variant="outline"
-              className="bg-background text-muted-foreground border"
-              disabled={isSubmitting}
-              onClick={onSignInWithGoogleClick}
-            >
-              <FcGoogle className="mr-2 h-5 w-5" />
-              Google
-            </Button>
-          )}
+              {isGoogleSSOEnabled && (
+                <Button
+                  type="button"
+                  size="lg"
+                  variant="outline"
+                  className="bg-background text-muted-foreground border"
+                  disabled={isSubmitting}
+                  onClick={onSignInWithGoogleClick}
+                >
+                  <FcGoogle className="mr-2 h-5 w-5" />
+                  Google
+                </Button>
+              )}
 
-          {isMicrosoftSSOEnabled && (
-            <Button
-              type="button"
-              size="lg"
-              variant="outline"
-              className="bg-background text-muted-foreground border"
-              disabled={isSubmitting}
-              onClick={onSignInWithMicrosoftClick}
-            >
-              <img className="mr-2 h-4 w-4" alt="Microsoft Logo" src={'/static/microsoft.svg'} />
-              Microsoft
-            </Button>
-          )}
+              {isMicrosoftSSOEnabled && (
+                <Button
+                  type="button"
+                  size="lg"
+                  variant="outline"
+                  className="bg-background text-muted-foreground border"
+                  disabled={isSubmitting}
+                  onClick={onSignInWithMicrosoftClick}
+                >
+                  <img
+                    className="mr-2 h-4 w-4"
+                    alt="Microsoft Logo"
+                    src={'/static/microsoft.svg'}
+                  />
+                  Microsoft
+                </Button>
+              )}
 
-          {isOIDCSSOEnabled && (
-            <Button
-              type="button"
-              size="lg"
-              variant="outline"
-              className="bg-background text-muted-foreground border"
-              disabled={isSubmitting}
-              onClick={onSignInWithOIDCClick}
-            >
-              <FaIdCardClip className="mr-2 h-5 w-5" />
-              {oidcProviderLabel || 'OIDC'}
-            </Button>
+              {isOIDCSSOEnabled && (
+                <Button
+                  type="button"
+                  size="lg"
+                  variant="outline"
+                  className="bg-background text-muted-foreground border"
+                  disabled={isSubmitting}
+                  onClick={onSignInWithOIDCClick}
+                >
+                  <FaIdCardClip className="mr-2 h-5 w-5" />
+                  {oidcProviderLabel || 'OIDC'}
+                </Button>
+              )}
+            </>
           )}
 
           <Button

apps/remix/app/components/forms/signup.tsx

@@ -68,6 +68,7 @@ export type SignUpFormProps = {
   isGoogleSSOEnabled?: boolean;
   isMicrosoftSSOEnabled?: boolean;
   isOIDCSSOEnabled?: boolean;
+  returnTo?: string;
 };
 
 export const SignUpForm = ({
@@ -76,6 +77,7 @@ export const SignUpForm = ({
   isGoogleSSOEnabled,
   isMicrosoftSSOEnabled,
   isOIDCSSOEnabled,
+  returnTo,
 }: SignUpFormProps) => {
   const { _ } = useLingui();
   const { toast } = useToast();
@@ -110,7 +112,7 @@ export const SignUpForm = ({
         signature,
       });
 
-      await navigate(`/unverified-account`);
+      await navigate(returnTo ? returnTo : '/unverified-account');
 
       toast({
         title: _(msg`Registration Successful`),

apps/remix/app/components/general/app-command-menu.tsx

@@ -9,6 +9,7 @@ import { useHotkeys } from 'react-hotkeys-hook';
 import { useNavigate } from 'react-router';
 import { Theme, useTheme } from 'remix-themes';
 
+import { useDebouncedValue } from '@documenso/lib/client-only/hooks/use-debounced-value';
 import { useSession } from '@documenso/lib/client-only/providers/session';
 import { SUPPORTED_LANGUAGES } from '@documenso/lib/constants/i18n';
 import {
@@ -63,10 +64,12 @@ export function AppCommandMenu({ open, onOpenChange }: AppCommandMenuProps) {
   const [search, setSearch] = useState('');
   const [pages, setPages] = useState<string[]>([]);
 
+  const debouncedSearch = useDebouncedValue(search, 200);
+
   const { data: searchDocumentsData, isPending: isSearchingDocuments } =
     trpcReact.document.search.useQuery(
       {
-        query: search,
+        query: debouncedSearch,
       },
       {
         placeholderData: (previousData) => previousData,
@@ -232,6 +235,7 @@ export function AppCommandMenu({ open, onOpenChange }: AppCommandMenuProps) {
             <Trans>No results found.</Trans>
           </CommandEmpty>
         )}
+
         {!currentPage && (
           <>
             {documentPageLinks.length > 0 && (
@@ -239,14 +243,17 @@ export function AppCommandMenu({ open, onOpenChange }: AppCommandMenuProps) {
                 <Commands push={push} pages={documentPageLinks} />
               </CommandGroup>
             )}
+
             {templatePageLinks.length > 0 && (
               <CommandGroup className="mx-2 p-0 pb-2" heading={_(msg`Templates`)}>
                 <Commands push={push} pages={templatePageLinks} />
               </CommandGroup>
             )}
+
             <CommandGroup className="mx-2 p-0 pb-2" heading={_(msg`Settings`)}>
               <Commands push={push} pages={SETTINGS_PAGES} />
             </CommandGroup>
+
             <CommandGroup className="mx-2 p-0 pb-2" heading={_(msg`Preferences`)}>
               <CommandItem className="-mx-2 -my-1 rounded-lg" onSelect={() => addPage('language')}>
                 Change language
@@ -255,6 +262,7 @@ export function AppCommandMenu({ open, onOpenChange }: AppCommandMenuProps) {
                 Change theme
               </CommandItem>
             </CommandGroup>
+
             {searchResults.length > 0 && (
               <CommandGroup className="mx-2 p-0 pb-2" heading={_(msg`Your documents`)}>
                 <Commands push={push} pages={searchResults} />

apps/remix/app/components/general/document-signing/document-signing-auth-account.tsx

@@ -22,7 +22,7 @@ export const DocumentSigningAuthAccount = ({
   actionVerb = 'sign',
   onOpenChange,
 }: DocumentSigningAuthAccountProps) => {
-  const { recipient } = useRequiredDocumentSigningAuthContext();
+  const { recipient, isDirectTemplate } = useRequiredDocumentSigningAuthContext();
 
   const { t } = useLingui();
 
@@ -34,8 +34,10 @@ export const DocumentSigningAuthAccount = ({
     try {
       setIsSigningOut(true);
 
+      const currentPath = `${window.location.pathname}${window.location.search}${window.location.hash}`;
+
       await authClient.signOut({
-        redirectPath: `/signin#email=${email}`,
+        redirectPath: `/signin?returnTo=${encodeURIComponent(currentPath)}#embedded=true&email=${isDirectTemplate ? '' : email}`,
       });
     } catch {
       setIsSigningOut(false);
@@ -55,16 +57,28 @@ export const DocumentSigningAuthAccount = ({
         <AlertDescription>
           {actionTarget === 'DOCUMENT' && recipient.role === RecipientRole.VIEWER ? (
             <span>
-              <Trans>
-                To mark this document as viewed, you need to be logged in as{' '}
-                <strong>{recipient.email}</strong>
-              </Trans>
+              {isDirectTemplate ? (
+                <Trans>To mark this document as viewed, you need to be logged in.</Trans>
+              ) : (
+                <Trans>
+                  To mark this document as viewed, you need to be logged in as{' '}
+                  <strong>{recipient.email}</strong>
+                </Trans>
+              )}
             </span>
           ) : (
             <span>
-              {/* Todo: Translate */}
-              To {actionVerb.toLowerCase()} this {actionTarget.toLowerCase()}, you need to be logged
-              in as <strong>{recipient.email}</strong>
+              {isDirectTemplate ? (
+                <Trans>
+                  To {actionVerb.toLowerCase()} this {actionTarget.toLowerCase()}, you need to be
+                  logged in.
+                </Trans>
+              ) : (
+                <Trans>
+                  To {actionVerb.toLowerCase()} this {actionTarget.toLowerCase()}, you need to be
+                  logged in as <strong>{recipient.email}</strong>
+                </Trans>
+              )}
             </span>
           )}
         </AlertDescription>

apps/remix/app/components/general/document-signing/document-signing-auth-dialog.tsx

@@ -47,7 +47,8 @@ export const DocumentSigningAuthDialog = ({
   onOpenChange,
   onReauthFormSubmit,
 }: DocumentSigningAuthDialogProps) => {
-  const { recipient, user, isCurrentlyAuthenticating } = useRequiredDocumentSigningAuthContext();
+  const { recipient, user, isCurrentlyAuthenticating, isDirectTemplate } =
+    useRequiredDocumentSigningAuthContext();
 
   // Filter out EXPLICIT_NONE from available auth types for the chooser
   const validAuthTypes = availableAuthTypes.filter(
@@ -168,7 +169,11 @@ export const DocumentSigningAuthDialog = ({
           match({ documentAuthType: selectedAuthType, user })
             .with(
               { documentAuthType: DocumentAuth.ACCOUNT },
-              { user: P.when((user) => !user || user.email !== recipient.email) }, // Assume all current auth methods requires them to be logged in.
+              {
+                user: P.when(
+                  (user) => !user || (user.email !== recipient.email && !isDirectTemplate),
+                ),
+              }, // Assume all current auth methods requires them to be logged in.
               () => <DocumentSigningAuthAccount onOpenChange={onOpenChange} />,
             )
             .with({ documentAuthType: DocumentAuth.PASSKEY }, () => (

apps/remix/app/components/general/document-signing/document-signing-auth-provider.tsx

@@ -40,6 +40,7 @@ export type DocumentSigningAuthContextValue = {
   derivedRecipientAccessAuth: TRecipientAccessAuthTypes[];
   derivedRecipientActionAuth: TRecipientActionAuthTypes[];
   isAuthRedirectRequired: boolean;
+  isDirectTemplate?: boolean;
   isCurrentlyAuthenticating: boolean;
   setIsCurrentlyAuthenticating: (_value: boolean) => void;
   passkeyData: PasskeyData;
@@ -68,6 +69,7 @@ export const useRequiredDocumentSigningAuthContext = () => {
 export interface DocumentSigningAuthProviderProps {
   documentAuthOptions: Envelope['authOptions'];
   recipient: SigningAuthRecipient;
+  isDirectTemplate?: boolean;
   user?: SessionUser | null;
   children: React.ReactNode;
 }
@@ -75,6 +77,7 @@ export interface DocumentSigningAuthProviderProps {
 export const DocumentSigningAuthProvider = ({
   documentAuthOptions: initialDocumentAuthOptions,
   recipient: initialRecipient,
+  isDirectTemplate = false,
   user,
   children,
 }: DocumentSigningAuthProviderProps) => {
@@ -204,6 +207,7 @@ export const DocumentSigningAuthProvider = ({
         derivedRecipientAccessAuth,
         derivedRecipientActionAuth,
         isAuthRedirectRequired,
+        isDirectTemplate,
         isCurrentlyAuthenticating,
         setIsCurrentlyAuthenticating,
         passkeyData,

apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx

@@ -34,6 +34,7 @@ import {
 } from '@documenso/ui/primitives/form/form';
 import { Input } from '@documenso/ui/primitives/input';
 
+import { useEmbedSigningContext } from '~/components/embed/embed-signing-context';
 import { AccessAuth2FAForm } from '~/components/general/document-signing/access-auth-2fa-form';
 import { DocumentSigningDisclosure } from '~/components/general/document-signing/document-signing-disclosure';
 
@@ -102,6 +103,8 @@ export const DocumentSigningCompleteDialog = ({
 
   const { derivedRecipientAccessAuth } = useRequiredDocumentSigningAuthContext();
 
+  const { isNameLocked, isEmailLocked } = useEmbedSigningContext() || {};
+
   const form = useForm<TNextSignerFormSchema>({
     resolver: allowDictateNextSigner ? zodResolver(ZNextSignerFormSchema) : undefined,
     defaultValues: {
@@ -267,7 +270,12 @@ export const DocumentSigningCompleteDialog = ({
                               <Trans>Your Name</Trans>
                             </FormLabel>
                             <FormControl>
-                              <Input {...field} className="mt-2" placeholder={t`Enter your name`} />
+                              <Input
+                                {...field}
+                                className="mt-2"
+                                placeholder={t`Enter your name`}
+                                disabled={isNameLocked}
+                              />
                             </FormControl>
 
                             <FormMessage />
@@ -289,6 +297,7 @@ export const DocumentSigningCompleteDialog = ({
                                 type="email"
                                 className="mt-2"
                                 placeholder={t`Enter your email`}
+                                disabled={!!field.value && isEmailLocked}
                               />
                             </FormControl>
                             <FormMessage />

apps/remix/app/components/general/document-signing/document-signing-mobile-widget.tsx

@@ -8,6 +8,9 @@ import { match } from 'ts-pattern';
 
 import { Button } from '@documenso/ui/primitives/button';
 
+import { useEmbedSigningContext } from '~/components/embed/embed-signing-context';
+
+import { BrandingLogo } from '../branding-logo';
 import EnvelopeSignerForm from '../envelope-signing/envelope-signer-form';
 import { EnvelopeSignerCompleteDialog } from '../envelope-signing/envelope-signing-complete-dialog';
 import { useRequiredEnvelopeSigningContext } from './envelope-signing-provider';
@@ -15,6 +18,8 @@ import { useRequiredEnvelopeSigningContext } from './envelope-signing-provider';
 export const DocumentSigningMobileWidget = () => {
   const [isExpanded, setIsExpanded] = useState(false);
 
+  const { hidePoweredBy = true } = useEmbedSigningContext() || {};
+
   const { recipientFieldsRemaining, recipient, requiredRecipientFields } =
     useRequiredEnvelopeSigningContext();
 
@@ -29,7 +34,7 @@ export const DocumentSigningMobileWidget = () => {
 
   return (
     <div className="pointer-events-none fixed bottom-0 left-0 right-0 z-50 flex justify-center px-2 pb-2 sm:px-4 sm:pb-6">
-      <div className="pointer-events-auto w-full max-w-2xl">
+      <div className="pointer-events-auto w-full max-w-[760px]">
         <div className="bg-card border-border overflow-hidden rounded-xl border shadow-2xl">
           {/* Main Header Bar */}
           <div className="flex items-center justify-between gap-4 p-4">
@@ -114,6 +119,13 @@ export const DocumentSigningMobileWidget = () => {
           {isExpanded && (
             <div className="border-border animate-in slide-in-from-bottom-2 border-t p-4 duration-200">
               <EnvelopeSignerForm />
+
+              {!hidePoweredBy && (
+                <div className="bg-primary text-primary-foreground mt-2 inline-block rounded px-2 py-1 text-xs font-medium opacity-60 hover:opacity-100 lg:hidden">
+                  <span>Powered by</span>
+                  <BrandingLogo className="ml-2 inline-block h-[14px]" />
+                </div>
+              )}
             </div>
           )}
         </div>

apps/remix/app/components/general/document-signing/document-signing-page-view-v2.tsx

@@ -22,7 +22,9 @@ import { SignFieldNameDialog } from '~/components/dialogs/sign-field-name-dialog
 import { SignFieldNumberDialog } from '~/components/dialogs/sign-field-number-dialog';
 import { SignFieldSignatureDialog } from '~/components/dialogs/sign-field-signature-dialog';
 import { SignFieldTextDialog } from '~/components/dialogs/sign-field-text-dialog';
+import { useEmbedSigningContext } from '~/components/embed/embed-signing-context';
 
+import { BrandingLogo } from '../branding-logo';
 import { DocumentSigningAttachmentsPopover } from '../document-signing/document-signing-attachments-popover';
 import { EnvelopeItemSelector } from '../envelope-editor/envelope-file-selector';
 import EnvelopeSignerForm from '../envelope-signing/envelope-signer-form';
@@ -48,6 +50,13 @@ export const DocumentSigningPageViewV2 = () => {
     selectedAssistantRecipientFields,
   } = useRequiredEnvelopeSigningContext();
 
+  const {
+    isEmbed = false,
+    allowDocumentRejection = true,
+    hidePoweredBy = true,
+    onDocumentRejected,
+  } = useEmbedSigningContext() || {};
+
   /**
    * The total remaining fields remaining for the current recipient or selected assistant recipient.
    *
@@ -77,7 +86,7 @@ export const DocumentSigningPageViewV2 = () => {
       {/* Main Content Area */}
       <div className="flex h-[calc(100vh-4rem)] w-screen">
         {/* Left Section - Step Navigation */}
-        <div className="bg-background border-border hidden w-80 flex-shrink-0 flex-col overflow-y-auto border-r py-4 lg:flex">
+        <div className="embed--DocumentWidgetContainer bg-background border-border hidden w-80 flex-shrink-0 flex-col overflow-y-auto border-r py-4 lg:flex">
           <div className="px-4">
             <h3 className="text-foreground flex items-end justify-between text-sm font-semibold">
               {match(recipient.role)
@@ -107,7 +116,7 @@ export const DocumentSigningPageViewV2 = () => {
               />
             </div>
 
-            <div className="mt-6 space-y-3">
+            <div className="embed--DocumentWidgetContent mt-6 space-y-3">
               <EnvelopeSignerForm />
             </div>
           </div>
@@ -116,7 +125,7 @@ export const DocumentSigningPageViewV2 = () => {
 
           {/* Quick Actions. */}
           {!isDirectTemplate && (
-            <div className="space-y-3 px-4">
+            <div className="embed--Actions space-y-3 px-4">
               <h4 className="text-foreground text-sm font-semibold">
                 <Trans>Actions</Trans>
               </h4>
@@ -145,10 +154,21 @@ export const DocumentSigningPageViewV2 = () => {
                 }
               />
 
-              {envelope.type === EnvelopeType.DOCUMENT && (
+              {envelope.type === EnvelopeType.DOCUMENT && allowDocumentRejection && (
                 <DocumentSigningRejectDialog
                   documentId={mapSecondaryIdToDocumentId(envelope.secondaryId)}
                   token={recipient.token}
+                  onRejected={
+                    onDocumentRejected &&
+                    ((reason) =>
+                      onDocumentRejected({
+                        token: recipient.token,
+                        documentId: mapSecondaryIdToDocumentId(envelope.secondaryId),
+                        envelopeId: envelope.id,
+                        recipientId: recipient.id,
+                        reason,
+                      }))
+                  }
                   trigger={
                     <Button
                       variant="ghost"
@@ -164,18 +184,22 @@ export const DocumentSigningPageViewV2 = () => {
             </div>
           )}
 
-          {/* Footer of left sidebar. */}
-          <div className="mt-auto px-4">
-            <Button asChild variant="ghost" className="w-full justify-start">
-              <Link to="/">
-                <ArrowLeftIcon className="mr-2 h-4 w-4" />
-                <Trans>Return</Trans>
-              </Link>
-            </Button>
+          <div className="embed--DocumentWidgetFooter">
+            {/* Footer of left sidebar. */}
+            {!isEmbed && (
+              <div className="mt-auto px-4">
+                <Button asChild variant="ghost" className="w-full justify-start">
+                  <Link to="/">
+                    <ArrowLeftIcon className="mr-2 h-4 w-4" />
+                    <Trans>Return</Trans>
+                  </Link>
+                </Button>
+              </div>
+            )}
           </div>
         </div>
 
-        <div className="flex-1 overflow-y-auto">
+        <div className="embed--DocumentContainer flex-1 overflow-y-auto">
           <div className="flex flex-col">
             {/* Horizontal envelope item selector */}
             {envelopeItems.length > 1 && (
@@ -202,7 +226,7 @@ export const DocumentSigningPageViewV2 = () => {
             )}
 
             {/* Document View */}
-            <div className="flex flex-col items-center justify-center p-2 sm:mt-4 sm:p-4">
+            <div className="embed--DocumentViewer flex flex-col items-center justify-center p-2 sm:mt-4 sm:p-4">
               {currentEnvelopeItem ? (
                 <PDFViewerKonvaLazy
                   renderer="signing"
@@ -218,9 +242,20 @@ export const DocumentSigningPageViewV2 = () => {
               )}
 
               {/* Mobile widget - Additional padding to allow users to scroll */}
-              <div className="block pb-16 md:hidden">
+              <div className="block pb-28 lg:hidden">
                 <DocumentSigningMobileWidget />
               </div>
+
+              {!hidePoweredBy && (
+                <a
+                  href="https://documenso.com"
+                  target="_blank"
+                  className="bg-primary text-primary-foreground fixed bottom-0 right-0 z-40 hidden cursor-pointer rounded-tl px-2 py-1 text-xs font-medium opacity-60 hover:opacity-100 lg:block"
+                >
+                  <span>Powered by</span>
+                  <BrandingLogo className="ml-2 inline-block h-[14px]" />
+                </a>
+              )}
             </div>
           </div>
         </div>

apps/remix/app/components/general/document-signing/envelope-signing-provider.tsx

@@ -56,7 +56,7 @@ export type EnvelopeSigningContextValue = {
     _fieldId: number,
     _value: TSignEnvelopeFieldValue,
     authOptions?: TRecipientActionAuth,
-  ) => Promise<void>;
+  ) => Promise<Pick<Field, 'id' | 'inserted'>>;
 };
 
 const EnvelopeSigningContext = createContext<EnvelopeSigningContextValue | null>(null);
@@ -296,16 +296,19 @@ export const EnvelopeSigningProvider = ({
   ) => {
     // Set the field locally for direct templates.
     if (isDirectTemplate) {
-      handleDirectTemplateFieldInsertion(fieldId, fieldValue);
-      return;
+      const signedField = handleDirectTemplateFieldInsertion(fieldId, fieldValue);
+
+      return signedField;
     }
 
-    await signEnvelopeField({
+    const { signedField } = await signEnvelopeField({
       token: envelopeData.recipient.token,
       fieldId,
       fieldValue,
       authOptions,
     });
+
+    return signedField;
   };
 
   const handleDirectTemplateFieldInsertion = (
@@ -363,6 +366,8 @@ export const EnvelopeSigningProvider = ({
         fields: prev.recipient.fields.map((field) => (field.id === fieldId ? updatedField : field)),
       },
     }));
+
+    return updatedField;
   };
 
   return (

apps/remix/app/components/general/envelope-editor/envelope-editor-preview-page.tsx

@@ -201,7 +201,7 @@ export const EnvelopeEditorPreviewPage = () => {
       envelope={envelope}
       token={undefined}
       fields={fieldsWithPlaceholders}
-      recipientIds={envelope.recipients.map((recipient) => recipient.id)}
+      recipients={envelope.recipients}
       overrideSettings={{
         mode: 'export',
       }}

apps/remix/app/components/general/envelope-editor/envelope-editor-upload-page.tsx

@@ -67,8 +67,8 @@ export const EnvelopeEditorUploadPage = () => {
 
   const { mutateAsync: createEnvelopeItems, isPending: isCreatingEnvelopeItems } =
     trpc.envelope.item.createMany.useMutation({
-      onSuccess: (data) => {
-        const createdEnvelopes = data.createdEnvelopeItems.filter(
+      onSuccess: ({ data }) => {
+        const createdEnvelopes = data.filter(
           (item) => !envelope.envelopeItems.find((envelopeItem) => envelopeItem.id === item.id),
         );
 
@@ -79,10 +79,10 @@ export const EnvelopeEditorUploadPage = () => {
     });
 
   const { mutateAsync: updateEnvelopeItems } = trpc.envelope.item.updateMany.useMutation({
-    onSuccess: (data) => {
+    onSuccess: ({ data }) => {
       setLocalEnvelope({
         envelopeItems: envelope.envelopeItems.map((originalItem) => {
-          const updatedItem = data.updatedEnvelopeItems.find((item) => item.id === originalItem.id);
+          const updatedItem = data.find((item) => item.id === originalItem.id);
 
           if (updatedItem) {
             return {
@@ -126,7 +126,7 @@ export const EnvelopeEditorUploadPage = () => {
       formData.append('files', file);
     }
 
-    const { createdEnvelopeItems } = await createEnvelopeItems(formData).catch((error) => {
+    const { data } = await createEnvelopeItems(formData).catch((error) => {
       console.error(error);
 
       // Set error state on files in batch upload.
@@ -148,7 +148,7 @@ export const EnvelopeEditorUploadPage = () => {
       );
 
       return filteredFiles.concat(
-        createdEnvelopeItems.map((item) => ({
+        data.map((item) => ({
           id: item.id,
           envelopeItemId: item.id,
           title: item.title,

apps/remix/app/components/general/envelope-editor/envelope-file-selector.tsx

@@ -29,7 +29,7 @@ export const EnvelopeItemSelector = ({
       {...buttonProps}
     >
       <div
-        className={`flex h-6 w-6 items-center justify-center rounded-full text-xs font-medium ${
+        className={`flex h-6 w-6 flex-shrink-0 items-center justify-center rounded-full text-xs font-medium ${
           isSelected ? 'bg-green-100 text-green-600' : 'bg-gray-200 text-gray-600'
         }`}
       >

apps/remix/app/components/general/envelope-editor/envelope-generic-page-renderer.tsx

@@ -1,6 +1,7 @@
 import { useEffect, useMemo } from 'react';
 
 import { useLingui } from '@lingui/react/macro';
+import { type Recipient, SigningStatus } from '@prisma/client';
 import type Konva from 'konva';
 
 import { usePageRenderer } from '@documenso/lib/client-only/hooks/use-page-renderer';
@@ -8,12 +9,23 @@ import { useCurrentEnvelopeRender } from '@documenso/lib/client-only/providers/e
 import type { TEnvelope } from '@documenso/lib/types/envelope';
 import { renderField } from '@documenso/lib/universal/field-renderer/render-field';
 import { getClientSideFieldTranslations } from '@documenso/lib/utils/fields';
+import { EnvelopeRecipientFieldTooltip } from '@documenso/ui/components/document/envelope-recipient-field-tooltip';
+
+type GenericLocalField = TEnvelope['fields'][number] & {
+  recipient: Pick<Recipient, 'id' | 'name' | 'email' | 'signingStatus'>;
+};
 
 export default function EnvelopeGenericPageRenderer() {
   const { i18n } = useLingui();
 
-  const { currentEnvelopeItem, fields, getRecipientColorKey, setRenderError, overrideSettings } =
-    useCurrentEnvelopeRender();
+  const {
+    currentEnvelopeItem,
+    fields,
+    recipients,
+    getRecipientColorKey,
+    setRenderError,
+    overrideSettings,
+  } = useCurrentEnvelopeRender();
 
   const {
     stage,
@@ -29,21 +41,38 @@ export default function EnvelopeGenericPageRenderer() {
 
   const { _className, scale } = pageContext;
 
-  const localPageFields = useMemo(
-    () =>
-      fields.filter(
+  const localPageFields = useMemo((): GenericLocalField[] => {
+    return fields
+      .filter(
         (field) =>
           field.page === pageContext.pageNumber && field.envelopeItemId === currentEnvelopeItem?.id,
-      ),
-    [fields, pageContext.pageNumber],
-  );
+      )
+      .map((field) => {
+        const recipient = recipients.find((recipient) => recipient.id === field.recipientId);
 
-  const unsafeRenderFieldOnLayer = (field: TEnvelope['fields'][number]) => {
+        if (!recipient) {
+          throw new Error(`Recipient not found for field ${field.id}`);
+        }
+
+        return {
+          ...field,
+          recipient,
+        };
+      });
+  }, [fields, pageContext.pageNumber, currentEnvelopeItem?.id, recipients]);
+
+  const unsafeRenderFieldOnLayer = (field: GenericLocalField) => {
     if (!pageLayer.current) {
       console.error('Layer not loaded yet');
       return;
     }
 
+    const { recipient } = field;
+
+    const fieldTranslations = getClientSideFieldTranslations(i18n);
+
+    const isInserted = recipient.signingStatus === SigningStatus.SIGNED && field.inserted;
+
     renderField({
       scale,
       pageLayer: pageLayer.current,
@@ -54,10 +83,14 @@ export default function EnvelopeGenericPageRenderer() {
         height: Number(field.height),
         positionX: Number(field.positionX),
         positionY: Number(field.positionY),
-        customText: field.inserted ? field.customText : '',
+        customText: isInserted ? field.customText : '',
         fieldMeta: field.fieldMeta,
+        signature: {
+          signatureImageAsBase64: '',
+          typedSignature: fieldTranslations.SIGNATURE,
+        },
       },
-      translations: getClientSideFieldTranslations(i18n),
+      translations: fieldTranslations,
       pageWidth: unscaledViewport.width,
       pageHeight: unscaledViewport.height,
       color: getRecipientColorKey(field.recipientId),
@@ -66,7 +99,7 @@ export default function EnvelopeGenericPageRenderer() {
     });
   };
 
-  const renderFieldOnLayer = (field: TEnvelope['fields'][number]) => {
+  const renderFieldOnLayer = (field: GenericLocalField) => {
     try {
       unsafeRenderFieldOnLayer(field);
     } catch (err) {
@@ -122,6 +155,16 @@ export default function EnvelopeGenericPageRenderer() {
       className="relative w-full"
       key={`${currentEnvelopeItem.id}-renderer-${pageContext.pageNumber}`}
     >
+      {overrideSettings?.showRecipientTooltip &&
+        localPageFields.map((field) => (
+          <EnvelopeRecipientFieldTooltip
+            key={field.id}
+            field={field}
+            showFieldStatus={overrideSettings?.showRecipientSigningStatus}
+            showRecipientTooltip={overrideSettings?.showRecipientTooltip}
+          />
+        ))}
+
       {/* The element Konva will inject it's canvas into. */}
       <div className="konva-container absolute inset-0 z-10 w-full" ref={konvaContainer}></div>
 

apps/remix/app/components/general/envelope-signing/envelope-signer-form.tsx

@@ -8,6 +8,8 @@ import { Label } from '@documenso/ui/primitives/label';
 import { RadioGroup, RadioGroupItem } from '@documenso/ui/primitives/radio-group';
 import { SignaturePadDialog } from '@documenso/ui/primitives/signature-pad/signature-pad-dialog';
 
+import { useEmbedSigningContext } from '~/components/embed/embed-signing-context';
+
 import { useRequiredEnvelopeSigningContext } from '../document-signing/envelope-signing-provider';
 
 export default function EnvelopeSignerForm() {
@@ -25,6 +27,8 @@ export default function EnvelopeSignerForm() {
     setSelectedAssistantRecipientId,
   } = useRequiredEnvelopeSigningContext();
 
+  const { isNameLocked, isEmailLocked } = useEmbedSigningContext() || {};
+
   const hasSignatureField = useMemo(() => {
     return recipientFields.some((field) => field.type === FieldType.SIGNATURE);
   }, [recipientFields]);
@@ -37,7 +41,7 @@ export default function EnvelopeSignerForm() {
 
   if (recipient.role === RecipientRole.ASSISTANT) {
     return (
-      <fieldset className="dark:bg-background border-border rounded-2xl sm:border sm:p-3">
+      <fieldset className="embed--DocumentWidgetForm dark:bg-background border-border rounded-2xl sm:border sm:p-3">
         <RadioGroup
           className="gap-0 space-y-2 shadow-none sm:space-y-3"
           value={selectedAssistantRecipient?.id?.toString()}
@@ -101,7 +105,8 @@ export default function EnvelopeSignerForm() {
             id="full-name"
             className="bg-background mt-2"
             value={fullName}
-            onChange={(e) => setFullName(e.target.value.trimStart())}
+            disabled={isNameLocked}
+            onChange={(e) => !isNameLocked && setFullName(e.target.value.trimStart())}
           />
         </div>
 

apps/remix/app/components/general/envelope-signing/envelope-signer-header.tsx

@@ -16,6 +16,7 @@ import {
 import { Separator } from '@documenso/ui/primitives/separator';
 
 import { EnvelopeDownloadDialog } from '~/components/dialogs/envelope-download-dialog';
+import { useEmbedSigningContext } from '~/components/embed/embed-signing-context';
 import { BrandingLogo } from '~/components/general/branding-logo';
 
 import { BrandingLogoIcon } from '../branding-logo-icon';
@@ -28,7 +29,7 @@ export const EnvelopeSignerHeader = () => {
     useRequiredEnvelopeSigningContext();
 
   return (
-    <nav className="bg-background border-border max-w-screen flex flex-row justify-between border-b px-4 py-3 md:px-6">
+    <nav className="embed--DocumentWidgetHeader bg-background border-border max-w-screen flex flex-row justify-between border-b px-4 py-3 md:px-6">
       {/* Left side - Logo and title */}
       <div className="flex min-w-0 flex-1 items-center space-x-2 md:w-auto md:flex-none">
         <Link to="/" className="flex-shrink-0">
@@ -72,7 +73,7 @@ export const EnvelopeSignerHeader = () => {
       </div>
 
       {/* Right side - Desktop content */}
-      <div className="hidden items-center space-x-2 md:flex">
+      <div className="hidden items-center space-x-2 lg:flex">
         <p className="text-muted-foreground mr-2 flex-shrink-0 text-sm">
           <Plural
             one="1 Field Remaining"
@@ -85,7 +86,7 @@ export const EnvelopeSignerHeader = () => {
       </div>
 
       {/* Mobile Actions button */}
-      <div className="flex-shrink-0 md:hidden">
+      <div className="flex-shrink-0 lg:hidden">
         <MobileDropdownMenu />
       </div>
     </nav>
@@ -95,6 +96,8 @@ export const EnvelopeSignerHeader = () => {
 const MobileDropdownMenu = () => {
   const { envelope, recipient } = useRequiredEnvelopeSigningContext();
 
+  const { allowDocumentRejection } = useEmbedSigningContext() || {};
+
   return (
     <DropdownMenu>
       <DropdownMenuTrigger asChild>
@@ -119,7 +122,7 @@ const MobileDropdownMenu = () => {
           }
         />
 
-        {envelope.type === EnvelopeType.DOCUMENT && (
+        {envelope.type === EnvelopeType.DOCUMENT && allowDocumentRejection !== false && (
           <DocumentSigningRejectDialog
             documentId={mapSecondaryIdToDocumentId(envelope.secondaryId)}
             token={recipient.token}

apps/remix/app/components/general/envelope-signing/envelope-signer-page-renderer.tsx

@@ -10,6 +10,7 @@ import { usePageRenderer } from '@documenso/lib/client-only/hooks/use-page-rende
 import { useCurrentEnvelopeRender } from '@documenso/lib/client-only/providers/envelope-render-provider';
 import { useOptionalSession } from '@documenso/lib/client-only/providers/session';
 import { DIRECT_TEMPLATE_RECIPIENT_EMAIL } from '@documenso/lib/constants/direct-templates';
+import { isBase64Image } from '@documenso/lib/constants/signatures';
 import type { TRecipientActionAuth } from '@documenso/lib/types/document-auth';
 import { ZFullFieldSchema } from '@documenso/lib/types/field';
 import { createSpinner } from '@documenso/lib/universal/field-renderer/field-generic-items';
@@ -22,6 +23,7 @@ import { EnvelopeFieldToolTip } from '@documenso/ui/components/field/envelope-fi
 import type { TRecipientColor } from '@documenso/ui/lib/recipient-colors';
 import { useToast } from '@documenso/ui/primitives/use-toast';
 
+import { useEmbedSigningContext } from '~/components/embed/embed-signing-context';
 import { handleCheckboxFieldClick } from '~/utils/field-signing/checkbox-field';
 import { handleDropdownFieldClick } from '~/utils/field-signing/dropdown-field';
 import { handleEmailFieldClick } from '~/utils/field-signing/email-field';
@@ -60,6 +62,8 @@ export default function EnvelopeSignerPageRenderer() {
     isDirectTemplate,
   } = useRequiredEnvelopeSigningContext();
 
+  const { onFieldSigned, onFieldUnsigned } = useEmbedSigningContext() || {};
+
   const {
     stage,
     pageLayer,
@@ -378,7 +382,19 @@ export default function EnvelopeSignerPageRenderer() {
     authOptions?: TRecipientActionAuth,
   ) => {
     try {
-      await signFieldInternal(fieldId, payload, authOptions);
+      const { inserted } = await signFieldInternal(fieldId, payload, authOptions);
+
+      // ?: The two callbacks below are used within the embedding context
+      if (inserted && onFieldSigned) {
+        const value = payload.value ? JSON.stringify(payload.value) : undefined;
+        const isBase64 = value ? isBase64Image(value) : undefined;
+
+        onFieldSigned({ fieldId, value, isBase64 });
+      }
+
+      if (!inserted && onFieldUnsigned) {
+        onFieldUnsigned({ fieldId });
+      }
     } catch (err) {
       console.error(err);
 
@@ -413,7 +429,6 @@ export default function EnvelopeSignerPageRenderer() {
     }
 
     localPageFields.forEach((field) => {
-      console.log('Field changed/inserted, rendering on canvas');
       renderFieldOnLayer(field);
     });
 

apps/remix/app/components/general/envelope-signing/envelope-signing-complete-dialog.tsx

@@ -2,16 +2,19 @@ import { useMemo } from 'react';
 
 import { useLingui } from '@lingui/react/macro';
 import { FieldType } from '@prisma/client';
-import { useNavigate, useSearchParams } from 'react-router';
+import { useNavigate, useRevalidator, useSearchParams } from 'react-router';
 
 import { useAnalytics } from '@documenso/lib/client-only/hooks/use-analytics';
 import { useCurrentEnvelopeRender } from '@documenso/lib/client-only/providers/envelope-render-provider';
 import { isBase64Image } from '@documenso/lib/constants/signatures';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import type { TRecipientAccessAuth } from '@documenso/lib/types/document-auth';
 import { mapSecondaryIdToDocumentId } from '@documenso/lib/utils/envelope';
 import { trpc } from '@documenso/trpc/react';
 import { useToast } from '@documenso/ui/primitives/use-toast';
 
+import { useEmbedSigningContext } from '~/components/embed/embed-signing-context';
+
 import { DocumentSigningCompleteDialog } from '../document-signing/document-signing-complete-dialog';
 import { useRequiredEnvelopeSigningContext } from '../document-signing/envelope-signing-provider';
 
@@ -19,8 +22,9 @@ export const EnvelopeSignerCompleteDialog = () => {
   const navigate = useNavigate();
   const analytics = useAnalytics();
 
-  const { toast } = useToast();
   const { t } = useLingui();
+  const { toast } = useToast();
+  const { revalidate } = useRevalidator();
 
   const [searchParams] = useSearchParams();
 
@@ -37,6 +41,8 @@ export const EnvelopeSignerCompleteDialog = () => {
 
   const { currentEnvelopeItem, setCurrentEnvelopeItem } = useCurrentEnvelopeRender();
 
+  const { onDocumentCompleted, onDocumentError } = useEmbedSigningContext() || {};
+
   const { mutateAsync: completeDocument, isPending } =
     trpc.recipient.completeDocumentWithToken.useMutation();
 
@@ -68,25 +74,54 @@ export const EnvelopeSignerCompleteDialog = () => {
     nextSigner?: { name: string; email: string },
     accessAuthOptions?: TRecipientAccessAuth,
   ) => {
-    const payload = {
-      token: recipient.token,
-      documentId: mapSecondaryIdToDocumentId(envelope.secondaryId),
-      authOptions: accessAuthOptions,
-      ...(nextSigner?.email && nextSigner?.name ? { nextSigner } : {}),
-    };
+    try {
+      const payload = {
+        token: recipient.token,
+        documentId: mapSecondaryIdToDocumentId(envelope.secondaryId),
+        authOptions: accessAuthOptions,
+        ...(nextSigner?.email && nextSigner?.name ? { nextSigner } : {}),
+      };
 
-    await completeDocument(payload);
+      await completeDocument(payload);
 
-    analytics.capture('App: Recipient has completed signing', {
-      signerId: recipient.id,
-      documentId: envelope.id,
-      timestamp: new Date().toISOString(),
-    });
+      analytics.capture('App: Recipient has completed signing', {
+        signerId: recipient.id,
+        documentId: envelope.id,
+        timestamp: new Date().toISOString(),
+      });
 
-    if (envelope.documentMeta.redirectUrl) {
-      window.location.href = envelope.documentMeta.redirectUrl;
-    } else {
-      await navigate(`/sign/${recipient.token}/complete`);
+      if (onDocumentCompleted) {
+        onDocumentCompleted({
+          token: recipient.token,
+          documentId: mapSecondaryIdToDocumentId(envelope.secondaryId),
+          recipientId: recipient.id,
+          envelopeId: envelope.id,
+        });
+
+        await revalidate();
+
+        return;
+      }
+
+      if (envelope.documentMeta.redirectUrl) {
+        window.location.href = envelope.documentMeta.redirectUrl;
+      } else {
+        await navigate(`/sign/${recipient.token}/complete`);
+      }
+    } catch (err) {
+      const error = AppError.parseError(err);
+
+      if (error.code !== AppErrorCode.TWO_FACTOR_AUTH_FAILED) {
+        toast({
+          title: t`Something went wrong`,
+          description: t`We were unable to submit this document at this time. Please try again later.`,
+          variant: 'destructive',
+        });
+
+        onDocumentError?.();
+      }
+
+      throw err;
     }
   };
 
@@ -105,8 +140,12 @@ export const EnvelopeSignerCompleteDialog = () => {
         directTemplateExternalId = decodeURIComponent(directTemplateExternalId);
       }
 
+      if (!recipient.directToken) {
+        throw new Error('Recipient direct token is required');
+      }
+
       const { token } = await createDocumentFromDirectTemplate({
-        directTemplateToken: recipient.token, // The direct template token is inserted into the recipient token for ease of use.
+        directTemplateToken: recipient.directToken, // The direct template token is inserted into the recipient token for ease of use.
         directTemplateExternalId,
         directRecipientName: recipientDetails?.name || fullName,
         directRecipientEmail: recipientDetails?.email || email,
@@ -132,18 +171,31 @@ export const EnvelopeSignerCompleteDialog = () => {
 
       const redirectUrl = envelope.documentMeta.redirectUrl;
 
+      if (onDocumentCompleted) {
+        await navigate({
+          pathname: `/embed/sign/${token}`,
+          search: window.location.search,
+          hash: window.location.hash,
+        });
+
+        return;
+      }
+
       if (redirectUrl) {
         window.location.href = redirectUrl;
       } else {
         await navigate(`/sign/${token}/complete`);
       }
     } catch (err) {
+      console.log('err', err);
       toast({
         title: t`Something went wrong`,
         description: t`We were unable to submit this document at this time. Please try again later.`,
         variant: 'destructive',
       });
 
+      onDocumentError?.();
+
       throw err;
     }
   };

apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id._index.tsx

@@ -148,8 +148,12 @@ export default function DocumentPage({ params }: Route.ComponentProps) {
             <EnvelopeRenderProvider
               envelope={envelope}
               token={undefined}
-              fields={envelope.status == DocumentStatus.COMPLETED ? [] : envelope.fields}
-              recipientIds={envelope.recipients.map((recipient) => recipient.id)}
+              fields={envelope.fields}
+              recipients={envelope.recipients}
+              overrideSettings={{
+                showRecipientSigningStatus: true,
+                showRecipientTooltip: true,
+              }}
             >
               {isMultiEnvelopeItem && (
                 <EnvelopeRendererFileSelector fields={envelope.fields} className="mb-4 p-0" />

apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id.edit.tsx

@@ -103,7 +103,7 @@ export default function EnvelopeEditorPage({ params }: Route.ComponentProps) {
         envelope={envelope}
         token={undefined}
         fields={envelope.fields}
-        recipientIds={envelope.recipients.map((recipient) => recipient.id)}
+        recipients={envelope.recipients}
       >
         <EnvelopeEditor />
       </EnvelopeRenderProvider>

apps/remix/app/routes/_authenticated+/t.$teamUrl+/templates.$id._index.tsx

@@ -172,7 +172,10 @@ export default function TemplatePage({ params }: Route.ComponentProps) {
               envelope={envelope}
               token={undefined}
               fields={envelope.fields}
-              recipientIds={envelope.recipients.map((recipient) => recipient.id)}
+              recipients={envelope.recipients}
+              overrideSettings={{
+                showRecipientTooltip: true,
+              }}
             >
               {isMultiEnvelopeItem && (
                 <EnvelopeRendererFileSelector fields={envelope.fields} className="mb-4 p-0" />

apps/remix/app/routes/_recipient+/d.$token+/_index.tsx

@@ -184,6 +184,7 @@ const DirectSigningPageV1 = ({ data }: { data: Awaited<ReturnType<typeof handleV
       <DocumentSigningAuthProvider
         documentAuthOptions={template.authOptions}
         recipient={directTemplateRecipient}
+        isDirectTemplate={true}
         user={user}
       >
         <>

apps/remix/app/routes/_unauthenticated+/signin.tsx

@@ -1,3 +1,5 @@
+import { useEffect, useState } from 'react';
+
 import { Trans } from '@lingui/react/macro';
 import { Link, redirect } from 'react-router';
 
@@ -9,6 +11,7 @@ import {
   OIDC_PROVIDER_LABEL,
 } from '@documenso/lib/constants/auth';
 import { env } from '@documenso/lib/utils/env';
+import { isValidReturnTo, normalizeReturnTo } from '@documenso/lib/utils/is-valid-return-to';
 
 import { SignInForm } from '~/components/forms/signin';
 import { appMetaTags } from '~/utils/meta';
@@ -28,8 +31,12 @@ export async function loader({ request }: Route.LoaderArgs) {
   const isOIDCSSOEnabled = IS_OIDC_SSO_ENABLED;
   const oidcProviderLabel = OIDC_PROVIDER_LABEL;
 
+  let returnTo = new URL(request.url).searchParams.get('returnTo') ?? undefined;
+
+  returnTo = isValidReturnTo(returnTo) ? normalizeReturnTo(returnTo) : undefined;
+
   if (isAuthenticated) {
-    throw redirect('/');
+    throw redirect(returnTo || '/');
   }
 
   return {
@@ -37,12 +44,28 @@ export async function loader({ request }: Route.LoaderArgs) {
     isMicrosoftSSOEnabled,
     isOIDCSSOEnabled,
     oidcProviderLabel,
+    returnTo,
   };
 }
 
 export default function SignIn({ loaderData }: Route.ComponentProps) {
-  const { isGoogleSSOEnabled, isMicrosoftSSOEnabled, isOIDCSSOEnabled, oidcProviderLabel } =
-    loaderData;
+  const {
+    isGoogleSSOEnabled,
+    isMicrosoftSSOEnabled,
+    isOIDCSSOEnabled,
+    oidcProviderLabel,
+    returnTo,
+  } = loaderData;
+
+  const [isEmbeddedRedirect, setIsEmbeddedRedirect] = useState(false);
+
+  useEffect(() => {
+    const hash = window.location.hash.slice(1);
+
+    const params = new URLSearchParams(hash);
+
+    setIsEmbeddedRedirect(params.get('embedded') === 'true');
+  }, []);
 
   return (
     <div className="w-screen max-w-lg px-4">
@@ -61,13 +84,17 @@ export default function SignIn({ loaderData }: Route.ComponentProps) {
           isMicrosoftSSOEnabled={isMicrosoftSSOEnabled}
           isOIDCSSOEnabled={isOIDCSSOEnabled}
           oidcProviderLabel={oidcProviderLabel}
+          returnTo={returnTo}
         />
 
-        {env('NEXT_PUBLIC_DISABLE_SIGNUP') !== 'true' && (
+        {!isEmbeddedRedirect && env('NEXT_PUBLIC_DISABLE_SIGNUP') !== 'true' && (
           <p className="text-muted-foreground mt-6 text-center text-sm">
             <Trans>
               Don't have an account?{' '}
-              <Link to="/signup" className="text-documenso-700 duration-200 hover:opacity-70">
+              <Link
+                to={returnTo ? `/signup?returnTo=${encodeURIComponent(returnTo)}` : '/signup'}
+                className="text-documenso-700 duration-200 hover:opacity-70"
+              >
                 Sign up
               </Link>
             </Trans>

apps/remix/app/routes/_unauthenticated+/signup.tsx

@@ -6,6 +6,7 @@ import {
   IS_OIDC_SSO_ENABLED,
 } from '@documenso/lib/constants/auth';
 import { env } from '@documenso/lib/utils/env';
+import { isValidReturnTo, normalizeReturnTo } from '@documenso/lib/utils/is-valid-return-to';
 
 import { SignUpForm } from '~/components/forms/signup';
 import { appMetaTags } from '~/utils/meta';
@@ -16,7 +17,7 @@ export function meta() {
   return appMetaTags('Sign Up');
 }
 
-export function loader() {
+export function loader({ request }: Route.LoaderArgs) {
   const NEXT_PUBLIC_DISABLE_SIGNUP = env('NEXT_PUBLIC_DISABLE_SIGNUP');
 
   // SSR env variables.
@@ -28,15 +29,20 @@ export function loader() {
     throw redirect('/signin');
   }
 
+  let returnTo = new URL(request.url).searchParams.get('returnTo') ?? undefined;
+
+  returnTo = isValidReturnTo(returnTo) ? normalizeReturnTo(returnTo) : undefined;
+
   return {
     isGoogleSSOEnabled,
     isMicrosoftSSOEnabled,
     isOIDCSSOEnabled,
+    returnTo,
   };
 }
 
 export default function SignUp({ loaderData }: Route.ComponentProps) {
-  const { isGoogleSSOEnabled, isMicrosoftSSOEnabled, isOIDCSSOEnabled } = loaderData;
+  const { isGoogleSSOEnabled, isMicrosoftSSOEnabled, isOIDCSSOEnabled, returnTo } = loaderData;
 
   return (
     <SignUpForm
@@ -44,6 +50,7 @@ export default function SignUp({ loaderData }: Route.ComponentProps) {
       isGoogleSSOEnabled={isGoogleSSOEnabled}
       isMicrosoftSSOEnabled={isMicrosoftSSOEnabled}
       isOIDCSSOEnabled={isOIDCSSOEnabled}
+      returnTo={returnTo}
     />
   );
 }

apps/remix/app/routes/embed+/_v0+/_layout.tsx

@@ -2,11 +2,14 @@ import { Outlet, isRouteErrorResponse, useRouteError } from 'react-router';
 
 import {
   IS_GOOGLE_SSO_ENABLED,
+  IS_MICROSOFT_SSO_ENABLED,
   IS_OIDC_SSO_ENABLED,
   OIDC_PROVIDER_LABEL,
 } from '@documenso/lib/constants/auth';
 
 import { EmbedAuthenticationRequired } from '~/components/embed/embed-authentication-required';
+import { EmbedDocumentCompleted } from '~/components/embed/embed-document-completed';
+import { EmbedDocumentRejected } from '~/components/embed/embed-document-rejected';
 import { EmbedDocumentWaitingForTurn } from '~/components/embed/embed-document-waiting-for-turn';
 import { EmbedPaywall } from '~/components/embed/embed-paywall';
 
@@ -29,11 +32,13 @@ export function headers({ loaderHeaders }: Route.HeadersArgs) {
 export function loader() {
   // SSR env variables.
   const isGoogleSSOEnabled = IS_GOOGLE_SSO_ENABLED;
+  const isMicrosoftSSOEnabled = IS_MICROSOFT_SSO_ENABLED;
   const isOIDCSSOEnabled = IS_OIDC_SSO_ENABLED;
   const oidcProviderLabel = OIDC_PROVIDER_LABEL;
 
   return {
     isGoogleSSOEnabled,
+    isMicrosoftSSOEnabled,
     isOIDCSSOEnabled,
     oidcProviderLabel,
   };
@@ -44,15 +49,19 @@ export default function Layout() {
 }
 
 export function ErrorBoundary({ loaderData }: Route.ErrorBoundaryProps) {
-  const { isGoogleSSOEnabled, isOIDCSSOEnabled, oidcProviderLabel } = loaderData || {};
+  const { isGoogleSSOEnabled, isMicrosoftSSOEnabled, isOIDCSSOEnabled, oidcProviderLabel } =
+    loaderData || {};
 
   const error = useRouteError();
 
+  console.log({ routeError: error });
+
   if (isRouteErrorResponse(error)) {
     if (error.status === 401 && error.data.type === 'embed-authentication-required') {
       return (
         <EmbedAuthenticationRequired
           isGoogleSSOEnabled={isGoogleSSOEnabled}
+          isMicrosoftSSOEnabled={isMicrosoftSSOEnabled}
           isOIDCSSOEnabled={isOIDCSSOEnabled}
           oidcProviderLabel={oidcProviderLabel}
           email={error.data.email}
@@ -68,6 +77,16 @@ export function ErrorBoundary({ loaderData }: Route.ErrorBoundaryProps) {
     if (error.status === 403 && error.data.type === 'embed-waiting-for-turn') {
       return <EmbedDocumentWaitingForTurn />;
     }
+
+    // !: Not used at the moment, may be removed in the future.
+    if (error.status === 403 && error.data.type === 'embed-document-rejected') {
+      return <EmbedDocumentRejected />;
+    }
+
+    // !: Not used at the moment, may be removed in the future.
+    if (error.status === 403 && error.data.type === 'embed-document-completed') {
+      return <EmbedDocumentCompleted name={error.data.name} signature={error.data.signature} />;
+    }
   }
 
   return <div>Not Found</div>;

apps/remix/app/routes/embed+/_v0+/direct.$token.tsx

@@ -0,0 +1,332 @@
+import { data } from 'react-router';
+import { match } from 'ts-pattern';
+
+import { getOptionalSession } from '@documenso/auth/server/lib/utils/get-session';
+import { EnvelopeRenderProvider } from '@documenso/lib/client-only/providers/envelope-render-provider';
+import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { getEnvelopeForDirectTemplateSigning } from '@documenso/lib/server-only/envelope/get-envelope-for-direct-template-signing';
+import { getEnvelopeRequiredAccessData } from '@documenso/lib/server-only/envelope/get-envelope-required-access-data';
+import { getOrganisationClaimByTeamId } from '@documenso/lib/server-only/organisation/get-organisation-claims';
+import { getTemplateByDirectLinkToken } from '@documenso/lib/server-only/template/get-template-by-direct-link-token';
+import { DocumentAccessAuth } from '@documenso/lib/types/document-auth';
+import { extractDocumentAuthMethods } from '@documenso/lib/utils/document-auth';
+import { prisma } from '@documenso/prisma';
+
+import { EmbedDirectTemplateClientPage } from '~/components/embed/embed-direct-template-client-page';
+import { EmbedSignDocumentV2ClientPage } from '~/components/embed/embed-document-signing-page-v2';
+import { DocumentSigningAuthProvider } from '~/components/general/document-signing/document-signing-auth-provider';
+import { DocumentSigningProvider } from '~/components/general/document-signing/document-signing-provider';
+import { DocumentSigningRecipientProvider } from '~/components/general/document-signing/document-signing-recipient-provider';
+import { EnvelopeSigningProvider } from '~/components/general/document-signing/envelope-signing-provider';
+import { superLoaderJson, useSuperLoaderData } from '~/utils/super-json-loader';
+
+import type { Route } from './+types/direct.$token';
+
+async function handleV1Loader({ params, request }: Route.LoaderArgs) {
+  if (!params.token) {
+    throw new Response('Not found', { status: 404 });
+  }
+
+  const token = params.token;
+
+  const template = await getTemplateByDirectLinkToken({
+    token,
+  }).catch(() => null);
+
+  // `template.directLink` is always available but we're doing this to
+  // satisfy the type checker.
+  if (!template || !template.directLink) {
+    throw new Response('Not found', { status: 404 });
+  }
+
+  const organisationClaim = await getOrganisationClaimByTeamId({ teamId: template.teamId });
+
+  const allowEmbedSigningWhitelabel = organisationClaim.flags.embedSigningWhiteLabel;
+  const hidePoweredBy = organisationClaim.flags.hidePoweredBy;
+
+  // TODO: Make this more robust, we need to ensure the owner is either
+  // TODO: the member of a team that has an active subscription, is an early
+  // TODO: adopter or is an enterprise user.
+  if (IS_BILLING_ENABLED() && !organisationClaim.flags.embedSigning) {
+    throw data(
+      {
+        type: 'embed-paywall',
+      },
+      {
+        status: 403,
+      },
+    );
+  }
+
+  const { user } = await getOptionalSession(request);
+
+  const { derivedRecipientAccessAuth } = extractDocumentAuthMethods({
+    documentAuth: template.authOptions,
+  });
+
+  const isAccessAuthValid = derivedRecipientAccessAuth.every((auth) =>
+    match(auth)
+      .with(DocumentAccessAuth.ACCOUNT, () => !!user)
+      .with(DocumentAccessAuth.TWO_FACTOR_AUTH, () => false) // Not supported for direct links
+      .exhaustive(),
+  );
+
+  if (!isAccessAuthValid) {
+    throw data(
+      {
+        type: 'embed-authentication-required',
+        returnTo: `/embed/direct/${token}`,
+      },
+      {
+        status: 401,
+      },
+    );
+  }
+
+  const { directTemplateRecipientId } = template.directLink;
+
+  const recipient = template.recipients.find(
+    (recipient) => recipient.id === directTemplateRecipientId,
+  );
+
+  if (!recipient) {
+    throw new Response('Not found', { status: 404 });
+  }
+
+  const fields = template.fields.filter((field) => field.recipientId === directTemplateRecipientId);
+
+  return {
+    token,
+    user,
+    template,
+    recipient,
+    fields,
+    hidePoweredBy,
+    allowEmbedSigningWhitelabel,
+  };
+}
+
+async function handleV2Loader({ params, request }: Route.LoaderArgs) {
+  if (!params.token) {
+    throw new Response('Not found', { status: 404 });
+  }
+
+  const token = params.token;
+
+  const { user } = await getOptionalSession(request);
+
+  const envelopeForSigning = await getEnvelopeForDirectTemplateSigning({
+    token,
+    userId: user?.id,
+  })
+    .then((envelopeForSigning) => {
+      return {
+        isDocumentAccessValid: true,
+        ...envelopeForSigning,
+      } as const;
+    })
+    .catch(async (e) => {
+      const error = AppError.parseError(e);
+
+      if (error.code === AppErrorCode.UNAUTHORIZED) {
+        const requiredAccessData = await getEnvelopeRequiredAccessData({ token });
+
+        return {
+          isDocumentAccessValid: false,
+          ...requiredAccessData,
+        } as const;
+      }
+
+      throw new Response('Not Found', { status: 404 });
+    });
+
+  if (!envelopeForSigning.isDocumentAccessValid) {
+    throw data(
+      {
+        type: 'embed-authentication-required',
+        email: envelopeForSigning.recipientEmail,
+        returnTo: `/embed/direct/${token}`,
+      },
+      {
+        status: 401,
+      },
+    );
+  }
+
+  const { envelope, recipient } = envelopeForSigning;
+
+  const organisationClaim = await getOrganisationClaimByTeamId({ teamId: envelope.teamId });
+
+  const allowEmbedSigningWhitelabel = organisationClaim.flags.embedSigningWhiteLabel;
+  const hidePoweredBy = organisationClaim.flags.hidePoweredBy;
+
+  if (IS_BILLING_ENABLED() && !organisationClaim.flags.embedSigning) {
+    throw data(
+      {
+        type: 'embed-paywall',
+      },
+      {
+        status: 403,
+      },
+    );
+  }
+
+  const { derivedRecipientAccessAuth } = extractDocumentAuthMethods({
+    documentAuth: envelope.authOptions,
+    recipientAuth: recipient.authOptions,
+  });
+
+  const isAccessAuthValid = derivedRecipientAccessAuth.every((accesssAuth) =>
+    match(accesssAuth)
+      .with(DocumentAccessAuth.ACCOUNT, () => user && user.email === recipient.email)
+      .with(DocumentAccessAuth.TWO_FACTOR_AUTH, () => false) // Not supported for direct links
+      .exhaustive(),
+  );
+
+  if (!isAccessAuthValid) {
+    throw data(
+      {
+        type: 'embed-authentication-required',
+        email: user?.email || recipient.email,
+        returnTo: `/embed/direct/${token}`,
+      },
+      {
+        status: 401,
+      },
+    );
+  }
+
+  return {
+    token,
+    user,
+    envelopeForSigning,
+    hidePoweredBy,
+    allowEmbedSigningWhitelabel,
+  };
+}
+
+export async function loader(loaderArgs: Route.LoaderArgs) {
+  const { token } = loaderArgs.params;
+
+  if (!token) {
+    throw new Response('Not Found', { status: 404 });
+  }
+
+  // Not efficient but works for now until we remove v1.
+  const foundDirectLink = await prisma.templateDirectLink.findFirst({
+    where: {
+      token,
+    },
+    select: {
+      envelope: {
+        select: {
+          internalVersion: true,
+        },
+      },
+    },
+  });
+
+  if (!foundDirectLink) {
+    throw new Response('Not Found', { status: 404 });
+  }
+
+  if (foundDirectLink.envelope.internalVersion === 2) {
+    const payloadV2 = await handleV2Loader(loaderArgs);
+
+    return superLoaderJson({
+      version: 2,
+      payload: payloadV2,
+    } as const);
+  }
+
+  const payloadV1 = await handleV1Loader(loaderArgs);
+
+  return superLoaderJson({
+    version: 1,
+    payload: payloadV1,
+  } as const);
+}
+
+export default function EmbedDirectTemplatePage() {
+  const { version, payload } = useSuperLoaderData<typeof loader>();
+
+  if (version === 1) {
+    return <EmbedDirectTemplatePageV1 data={payload} />;
+  }
+
+  return <EmbedDirectTemplatePageV2 data={payload} />;
+}
+
+const EmbedDirectTemplatePageV1 = ({
+  data,
+}: {
+  data: Awaited<ReturnType<typeof handleV1Loader>>;
+}) => {
+  const { token, user, template, recipient, fields, hidePoweredBy, allowEmbedSigningWhitelabel } =
+    data;
+
+  return (
+    <DocumentSigningProvider
+      email={user?.email}
+      fullName={user?.name}
+      signature={user?.signature}
+      typedSignatureEnabled={template.templateMeta?.typedSignatureEnabled}
+      uploadSignatureEnabled={template.templateMeta?.uploadSignatureEnabled}
+      drawSignatureEnabled={template.templateMeta?.drawSignatureEnabled}
+    >
+      <DocumentSigningAuthProvider
+        documentAuthOptions={template.authOptions}
+        recipient={recipient}
+        user={user}
+      >
+        <DocumentSigningRecipientProvider recipient={recipient}>
+          <EmbedDirectTemplateClientPage
+            token={token}
+            envelopeId={template.envelopeId}
+            updatedAt={template.updatedAt}
+            envelopeItems={template.envelopeItems}
+            recipient={recipient}
+            fields={fields}
+            metadata={template.templateMeta}
+            hidePoweredBy={hidePoweredBy}
+            allowWhiteLabelling={allowEmbedSigningWhitelabel}
+          />
+        </DocumentSigningRecipientProvider>
+      </DocumentSigningAuthProvider>
+    </DocumentSigningProvider>
+  );
+};
+
+const EmbedDirectTemplatePageV2 = ({
+  data,
+}: {
+  data: Awaited<ReturnType<typeof handleV2Loader>>;
+}) => {
+  const { token, user, envelopeForSigning, hidePoweredBy, allowEmbedSigningWhitelabel } = data;
+
+  const { envelope, recipient } = envelopeForSigning;
+
+  return (
+    <EnvelopeSigningProvider
+      envelopeData={envelopeForSigning}
+      email={user?.email}
+      fullName={user?.name}
+      signature={user?.signature}
+    >
+      <DocumentSigningAuthProvider
+        documentAuthOptions={envelope.authOptions}
+        recipient={recipient}
+        user={user}
+        isDirectTemplate={true}
+      >
+        <EnvelopeRenderProvider envelope={envelope} token={recipient.token}>
+          <EmbedSignDocumentV2ClientPage
+            hidePoweredBy={hidePoweredBy}
+            allowWhitelabelling={allowEmbedSigningWhitelabel}
+          />
+        </EnvelopeRenderProvider>
+      </DocumentSigningAuthProvider>
+    </EnvelopeSigningProvider>
+  );
+};

apps/remix/app/routes/embed+/_v0+/direct.$url.tsx

@@ -1,138 +0,0 @@
-import { data } from 'react-router';
-import { match } from 'ts-pattern';
-
-import { getOptionalSession } from '@documenso/auth/server/lib/utils/get-session';
-import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app';
-import { getOrganisationClaimByTeamId } from '@documenso/lib/server-only/organisation/get-organisation-claims';
-import { getTemplateByDirectLinkToken } from '@documenso/lib/server-only/template/get-template-by-direct-link-token';
-import { DocumentAccessAuth } from '@documenso/lib/types/document-auth';
-import { extractDocumentAuthMethods } from '@documenso/lib/utils/document-auth';
-
-import { EmbedDirectTemplateClientPage } from '~/components/embed/embed-direct-template-client-page';
-import { DocumentSigningAuthProvider } from '~/components/general/document-signing/document-signing-auth-provider';
-import { DocumentSigningProvider } from '~/components/general/document-signing/document-signing-provider';
-import { DocumentSigningRecipientProvider } from '~/components/general/document-signing/document-signing-recipient-provider';
-import { superLoaderJson, useSuperLoaderData } from '~/utils/super-json-loader';
-
-import type { Route } from './+types/direct.$url';
-
-export async function loader({ params, request }: Route.LoaderArgs) {
-  if (!params.url) {
-    throw new Response('Not found', { status: 404 });
-  }
-
-  const token = params.url;
-
-  const template = await getTemplateByDirectLinkToken({
-    token,
-  }).catch(() => null);
-
-  // `template.directLink` is always available but we're doing this to
-  // satisfy the type checker.
-  if (!template || !template.directLink) {
-    throw new Response('Not found', { status: 404 });
-  }
-
-  const organisationClaim = await getOrganisationClaimByTeamId({ teamId: template.teamId });
-
-  const allowEmbedSigningWhitelabel = organisationClaim.flags.embedSigningWhiteLabel;
-  const hidePoweredBy = organisationClaim.flags.hidePoweredBy;
-
-  // TODO: Make this more robust, we need to ensure the owner is either
-  // TODO: the member of a team that has an active subscription, is an early
-  // TODO: adopter or is an enterprise user.
-  if (IS_BILLING_ENABLED() && !organisationClaim.flags.embedSigning) {
-    throw data(
-      {
-        type: 'embed-paywall',
-      },
-      {
-        status: 403,
-      },
-    );
-  }
-
-  const { user } = await getOptionalSession(request);
-
-  const { derivedRecipientAccessAuth } = extractDocumentAuthMethods({
-    documentAuth: template.authOptions,
-  });
-
-  const isAccessAuthValid = derivedRecipientAccessAuth.every((auth) =>
-    match(auth)
-      .with(DocumentAccessAuth.ACCOUNT, () => !!user)
-      .with(DocumentAccessAuth.TWO_FACTOR_AUTH, () => false) // Not supported for direct links
-      .exhaustive(),
-  );
-
-  if (!isAccessAuthValid) {
-    throw data(
-      {
-        type: 'embed-authentication-required',
-        email: user?.email,
-        returnTo: `/embed/direct/${token}`,
-      },
-      {
-        status: 401,
-      },
-    );
-  }
-
-  const { directTemplateRecipientId } = template.directLink;
-
-  const recipient = template.recipients.find(
-    (recipient) => recipient.id === directTemplateRecipientId,
-  );
-
-  if (!recipient) {
-    throw new Response('Not found', { status: 404 });
-  }
-
-  const fields = template.fields.filter((field) => field.recipientId === directTemplateRecipientId);
-
-  return superLoaderJson({
-    token,
-    user,
-    template,
-    recipient,
-    fields,
-    hidePoweredBy,
-    allowEmbedSigningWhitelabel,
-  });
-}
-
-export default function EmbedDirectTemplatePage() {
-  const { token, user, template, recipient, fields, hidePoweredBy, allowEmbedSigningWhitelabel } =
-    useSuperLoaderData<typeof loader>();
-
-  return (
-    <DocumentSigningProvider
-      email={user?.email}
-      fullName={user?.name}
-      signature={user?.signature}
-      typedSignatureEnabled={template.templateMeta?.typedSignatureEnabled}
-      uploadSignatureEnabled={template.templateMeta?.uploadSignatureEnabled}
-      drawSignatureEnabled={template.templateMeta?.drawSignatureEnabled}
-    >
-      <DocumentSigningAuthProvider
-        documentAuthOptions={template.authOptions}
-        recipient={recipient}
-        user={user}
-      >
-        <DocumentSigningRecipientProvider recipient={recipient}>
-          <EmbedDirectTemplateClientPage
-            token={token}
-            envelopeId={template.envelopeId}
-            updatedAt={template.updatedAt}
-            envelopeItems={template.envelopeItems}
-            recipient={recipient}
-            fields={fields}
-            metadata={template.templateMeta}
-            hidePoweredBy={hidePoweredBy}
-            allowWhiteLabelling={allowEmbedSigningWhitelabel}
-          />
-        </DocumentSigningRecipientProvider>
-      </DocumentSigningAuthProvider>
-    </DocumentSigningProvider>
-  );
-}

apps/remix/app/routes/embed+/_v0+/sign.$token.tsx

@@ -0,0 +1,394 @@
+import { RecipientRole } from '@prisma/client';
+import { data } from 'react-router';
+import { match } from 'ts-pattern';
+
+import { getOptionalSession } from '@documenso/auth/server/lib/utils/get-session';
+import { EnvelopeRenderProvider } from '@documenso/lib/client-only/providers/envelope-render-provider';
+import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { getDocumentAndSenderByToken } from '@documenso/lib/server-only/document/get-document-by-token';
+import { viewedDocument } from '@documenso/lib/server-only/document/viewed-document';
+import { getEnvelopeForRecipientSigning } from '@documenso/lib/server-only/envelope/get-envelope-for-recipient-signing';
+import { getEnvelopeRequiredAccessData } from '@documenso/lib/server-only/envelope/get-envelope-required-access-data';
+import { getCompletedFieldsForToken } from '@documenso/lib/server-only/field/get-completed-fields-for-token';
+import { getFieldsForToken } from '@documenso/lib/server-only/field/get-fields-for-token';
+import { getOrganisationClaimByTeamId } from '@documenso/lib/server-only/organisation/get-organisation-claims';
+import { getIsRecipientsTurnToSign } from '@documenso/lib/server-only/recipient/get-is-recipient-turn';
+import { getRecipientByToken } from '@documenso/lib/server-only/recipient/get-recipient-by-token';
+import { getRecipientsForAssistant } from '@documenso/lib/server-only/recipient/get-recipients-for-assistant';
+import { DocumentAccessAuth } from '@documenso/lib/types/document-auth';
+import { isDocumentCompleted } from '@documenso/lib/utils/document';
+import { extractDocumentAuthMethods } from '@documenso/lib/utils/document-auth';
+import { prisma } from '@documenso/prisma';
+
+import { EmbedSignDocumentV1ClientPage } from '~/components/embed/embed-document-signing-page-v1';
+import { EmbedSignDocumentV2ClientPage } from '~/components/embed/embed-document-signing-page-v2';
+import { DocumentSigningAuthProvider } from '~/components/general/document-signing/document-signing-auth-provider';
+import { DocumentSigningProvider } from '~/components/general/document-signing/document-signing-provider';
+import { EnvelopeSigningProvider } from '~/components/general/document-signing/envelope-signing-provider';
+import { superLoaderJson, useSuperLoaderData } from '~/utils/super-json-loader';
+
+import { getOptionalLoaderContext } from '../../../../server/utils/get-loader-session';
+import type { Route } from './+types/sign.$token';
+
+async function handleV1Loader({ params, request }: Route.LoaderArgs) {
+  const { requestMetadata } = getOptionalLoaderContext();
+
+  if (!params.token) {
+    throw new Response('Not found', { status: 404 });
+  }
+
+  const token = params.token;
+
+  const { user } = await getOptionalSession(request);
+
+  const [document, fields, recipient, completedFields] = await Promise.all([
+    getDocumentAndSenderByToken({
+      token,
+      userId: user?.id,
+      requireAccessAuth: false,
+    }).catch(() => null),
+    getFieldsForToken({ token }),
+    getRecipientByToken({ token }).catch(() => null),
+    getCompletedFieldsForToken({ token }).catch(() => []),
+  ]);
+
+  // `document.directLink` is always available but we're doing this to
+  // satisfy the type checker.
+  if (!document || !recipient) {
+    throw new Response('Not found', { status: 404 });
+  }
+
+  const organisationClaim = await getOrganisationClaimByTeamId({ teamId: document.teamId });
+
+  const allowEmbedSigningWhitelabel = organisationClaim.flags.embedSigningWhiteLabel;
+  const hidePoweredBy = organisationClaim.flags.hidePoweredBy;
+
+  // TODO: Make this more robust, we need to ensure the owner is either
+  // TODO: the member of a team that has an active subscription, is an early
+  // TODO: adopter or is an enterprise user.
+  if (IS_BILLING_ENABLED() && !organisationClaim.flags.embedSigning) {
+    throw data(
+      {
+        type: 'embed-paywall',
+      },
+      {
+        status: 403,
+      },
+    );
+  }
+
+  const { derivedRecipientAccessAuth } = extractDocumentAuthMethods({
+    documentAuth: document.authOptions,
+  });
+
+  const isAccessAuthValid = derivedRecipientAccessAuth.every((accesssAuth) =>
+    match(accesssAuth)
+      .with(DocumentAccessAuth.ACCOUNT, () => user && user.email === recipient.email)
+      .with(DocumentAccessAuth.TWO_FACTOR_AUTH, () => true) // Allow without account requirement
+      .exhaustive(),
+  );
+
+  if (!isAccessAuthValid) {
+    throw data(
+      {
+        type: 'embed-authentication-required',
+        email: user?.email || recipient.email,
+        returnTo: `/embed/sign/${token}`,
+      },
+      {
+        status: 401,
+      },
+    );
+  }
+
+  const isRecipientsTurnToSign = await getIsRecipientsTurnToSign({ token });
+
+  if (!isRecipientsTurnToSign) {
+    throw data(
+      {
+        type: 'embed-waiting-for-turn',
+      },
+      {
+        status: 403,
+      },
+    );
+  }
+
+  await viewedDocument({
+    token,
+    requestMetadata,
+    recipientAccessAuth: derivedRecipientAccessAuth,
+  });
+
+  const allRecipients =
+    recipient.role === RecipientRole.ASSISTANT
+      ? await getRecipientsForAssistant({
+          token,
+        })
+      : [];
+
+  return {
+    token,
+    user,
+    document,
+    allRecipients,
+    recipient,
+    fields,
+    completedFields,
+    hidePoweredBy,
+    allowEmbedSigningWhitelabel,
+  };
+}
+
+async function handleV2Loader({ params, request }: Route.LoaderArgs) {
+  const { requestMetadata } = getOptionalLoaderContext();
+
+  if (!params.token) {
+    throw new Response('Not found', { status: 404 });
+  }
+
+  const token = params.token;
+
+  const { user } = await getOptionalSession(request);
+
+  const envelopeForSigning = await getEnvelopeForRecipientSigning({
+    token,
+    userId: user?.id,
+  })
+    .then((envelopeForSigning) => {
+      return {
+        isDocumentAccessValid: true,
+        ...envelopeForSigning,
+      } as const;
+    })
+    .catch(async (e) => {
+      const error = AppError.parseError(e);
+
+      if (error.code === AppErrorCode.UNAUTHORIZED) {
+        const requiredAccessData = await getEnvelopeRequiredAccessData({ token });
+
+        return {
+          isDocumentAccessValid: false,
+          ...requiredAccessData,
+        } as const;
+      }
+
+      throw new Response('Not Found', { status: 404 });
+    });
+
+  if (!envelopeForSigning.isDocumentAccessValid) {
+    throw data(
+      {
+        type: 'embed-authentication-required',
+        email: envelopeForSigning.recipientEmail,
+        returnTo: `/embed/sign/${token}`,
+      },
+      {
+        status: 401,
+      },
+    );
+  }
+
+  const { envelope, recipient, isRecipientsTurn } = envelopeForSigning;
+
+  const organisationClaim = await getOrganisationClaimByTeamId({ teamId: envelope.teamId });
+
+  const allowEmbedSigningWhitelabel = organisationClaim.flags.embedSigningWhiteLabel;
+  const hidePoweredBy = organisationClaim.flags.hidePoweredBy;
+
+  if (IS_BILLING_ENABLED() && !organisationClaim.flags.embedSigning) {
+    throw data(
+      {
+        type: 'embed-paywall',
+      },
+      {
+        status: 403,
+      },
+    );
+  }
+
+  if (!isRecipientsTurn) {
+    throw data(
+      {
+        type: 'embed-waiting-for-turn',
+      },
+      {
+        status: 403,
+      },
+    );
+  }
+
+  const { derivedRecipientAccessAuth } = extractDocumentAuthMethods({
+    documentAuth: envelope.authOptions,
+    recipientAuth: recipient.authOptions,
+  });
+
+  const isAccessAuthValid = derivedRecipientAccessAuth.every((accesssAuth) =>
+    match(accesssAuth)
+      .with(DocumentAccessAuth.ACCOUNT, () => user && user.email === recipient.email)
+      .with(DocumentAccessAuth.TWO_FACTOR_AUTH, () => true)
+      .exhaustive(),
+  );
+
+  if (!isAccessAuthValid) {
+    throw data(
+      {
+        type: 'embed-authentication-required',
+        email: user?.email || recipient.email,
+        returnTo: `/embed/sign/${token}`,
+      },
+      {
+        status: 401,
+      },
+    );
+  }
+
+  await viewedDocument({
+    token,
+    requestMetadata,
+    recipientAccessAuth: derivedRecipientAccessAuth,
+  }).catch(() => null);
+
+  return {
+    token,
+    user,
+    envelopeForSigning,
+    hidePoweredBy,
+    allowEmbedSigningWhitelabel,
+  };
+}
+
+export async function loader(loaderArgs: Route.LoaderArgs) {
+  const { token } = loaderArgs.params;
+
+  if (!token) {
+    throw new Response('Not Found', { status: 404 });
+  }
+
+  // Not efficient but works for now until we remove v1.
+  const foundRecipient = await prisma.recipient.findFirst({
+    where: {
+      token,
+    },
+    select: {
+      envelope: {
+        select: {
+          internalVersion: true,
+        },
+      },
+    },
+  });
+
+  if (!foundRecipient) {
+    throw new Response('Not Found', { status: 404 });
+  }
+
+  if (foundRecipient.envelope.internalVersion === 2) {
+    const payloadV2 = await handleV2Loader(loaderArgs);
+
+    return superLoaderJson({
+      version: 2,
+      payload: payloadV2,
+    } as const);
+  }
+
+  const payloadV1 = await handleV1Loader(loaderArgs);
+
+  return superLoaderJson({
+    version: 1,
+    payload: payloadV1,
+  } as const);
+}
+
+export default function EmbedSignDocumentPage() {
+  const { version, payload } = useSuperLoaderData<typeof loader>();
+
+  if (version === 1) {
+    return <EmbedSignDocumentPageV1 data={payload} />;
+  }
+
+  return <EmbedSignDocumentPageV2 data={payload} />;
+}
+
+const EmbedSignDocumentPageV1 = ({
+  data,
+}: {
+  data: Awaited<ReturnType<typeof handleV1Loader>>;
+}) => {
+  const {
+    token,
+    user,
+    document,
+    allRecipients,
+    recipient,
+    fields,
+    completedFields,
+    hidePoweredBy,
+    allowEmbedSigningWhitelabel,
+  } = data;
+
+  return (
+    <DocumentSigningProvider
+      email={recipient.email}
+      fullName={user?.email === recipient.email ? user?.name : recipient.name}
+      signature={user?.email === recipient.email ? user?.signature : undefined}
+      typedSignatureEnabled={document.documentMeta?.typedSignatureEnabled}
+      uploadSignatureEnabled={document.documentMeta?.uploadSignatureEnabled}
+      drawSignatureEnabled={document.documentMeta?.drawSignatureEnabled}
+    >
+      <DocumentSigningAuthProvider
+        documentAuthOptions={document.authOptions}
+        recipient={recipient}
+        user={user}
+      >
+        <EmbedSignDocumentV1ClientPage
+          token={token}
+          documentId={document.id}
+          envelopeId={document.envelopeId}
+          envelopeItems={document.envelopeItems}
+          recipient={recipient}
+          fields={fields}
+          completedFields={completedFields}
+          metadata={document.documentMeta}
+          isCompleted={isDocumentCompleted(document.status)}
+          hidePoweredBy={hidePoweredBy}
+          allowWhitelabelling={allowEmbedSigningWhitelabel}
+          allRecipients={allRecipients}
+        />
+      </DocumentSigningAuthProvider>
+    </DocumentSigningProvider>
+  );
+};
+
+const EmbedSignDocumentPageV2 = ({
+  data,
+}: {
+  data: Awaited<ReturnType<typeof handleV2Loader>>;
+}) => {
+  const { token, user, envelopeForSigning, hidePoweredBy, allowEmbedSigningWhitelabel } = data;
+
+  const { envelope, recipient } = envelopeForSigning;
+
+  return (
+    <EnvelopeSigningProvider
+      envelopeData={envelopeForSigning}
+      email={recipient.email}
+      fullName={user?.email === recipient.email ? user?.name : recipient.name}
+      signature={user?.email === recipient.email ? user?.signature : undefined}
+    >
+      <DocumentSigningAuthProvider
+        documentAuthOptions={envelope.authOptions}
+        recipient={recipient}
+        user={user}
+      >
+        <EnvelopeRenderProvider envelope={envelope} token={token}>
+          <EmbedSignDocumentV2ClientPage
+            hidePoweredBy={hidePoweredBy}
+            allowWhitelabelling={allowEmbedSigningWhitelabel}
+          />
+        </EnvelopeRenderProvider>
+      </DocumentSigningAuthProvider>
+    </EnvelopeSigningProvider>
+  );
+};

apps/remix/app/routes/embed+/_v0+/sign.$url.tsx

@@ -1,181 +0,0 @@
-import { RecipientRole } from '@prisma/client';
-import { data } from 'react-router';
-import { getOptionalLoaderContext } from 'server/utils/get-loader-session';
-import { match } from 'ts-pattern';
-
-import { getOptionalSession } from '@documenso/auth/server/lib/utils/get-session';
-import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app';
-import { getDocumentAndSenderByToken } from '@documenso/lib/server-only/document/get-document-by-token';
-import { viewedDocument } from '@documenso/lib/server-only/document/viewed-document';
-import { getCompletedFieldsForToken } from '@documenso/lib/server-only/field/get-completed-fields-for-token';
-import { getFieldsForToken } from '@documenso/lib/server-only/field/get-fields-for-token';
-import { getOrganisationClaimByTeamId } from '@documenso/lib/server-only/organisation/get-organisation-claims';
-import { getIsRecipientsTurnToSign } from '@documenso/lib/server-only/recipient/get-is-recipient-turn';
-import { getRecipientByToken } from '@documenso/lib/server-only/recipient/get-recipient-by-token';
-import { getRecipientsForAssistant } from '@documenso/lib/server-only/recipient/get-recipients-for-assistant';
-import { DocumentAccessAuth } from '@documenso/lib/types/document-auth';
-import { isDocumentCompleted } from '@documenso/lib/utils/document';
-import { extractDocumentAuthMethods } from '@documenso/lib/utils/document-auth';
-
-import { EmbedSignDocumentClientPage } from '~/components/embed/embed-document-signing-page';
-import { DocumentSigningAuthProvider } from '~/components/general/document-signing/document-signing-auth-provider';
-import { DocumentSigningProvider } from '~/components/general/document-signing/document-signing-provider';
-import { superLoaderJson, useSuperLoaderData } from '~/utils/super-json-loader';
-
-import type { Route } from './+types/sign.$url';
-
-export async function loader({ params, request }: Route.LoaderArgs) {
-  const { requestMetadata } = getOptionalLoaderContext();
-
-  if (!params.url) {
-    throw new Response('Not found', { status: 404 });
-  }
-
-  const token = params.url;
-
-  const { user } = await getOptionalSession(request);
-
-  const [document, fields, recipient, completedFields] = await Promise.all([
-    getDocumentAndSenderByToken({
-      token,
-      userId: user?.id,
-      requireAccessAuth: false,
-    }).catch(() => null),
-    getFieldsForToken({ token }),
-    getRecipientByToken({ token }).catch(() => null),
-    getCompletedFieldsForToken({ token }).catch(() => []),
-  ]);
-
-  // `document.directLink` is always available but we're doing this to
-  // satisfy the type checker.
-  if (!document || !recipient) {
-    throw new Response('Not found', { status: 404 });
-  }
-
-  const organisationClaim = await getOrganisationClaimByTeamId({ teamId: document.teamId });
-
-  const allowEmbedSigningWhitelabel = organisationClaim.flags.embedSigningWhiteLabel;
-  const hidePoweredBy = organisationClaim.flags.hidePoweredBy;
-
-  // TODO: Make this more robust, we need to ensure the owner is either
-  // TODO: the member of a team that has an active subscription, is an early
-  // TODO: adopter or is an enterprise user.
-  if (IS_BILLING_ENABLED() && !organisationClaim.flags.embedSigning) {
-    throw data(
-      {
-        type: 'embed-paywall',
-      },
-      {
-        status: 403,
-      },
-    );
-  }
-
-  const { derivedRecipientAccessAuth } = extractDocumentAuthMethods({
-    documentAuth: document.authOptions,
-  });
-
-  const isAccessAuthValid = derivedRecipientAccessAuth.every((accesssAuth) =>
-    match(accesssAuth)
-      .with(DocumentAccessAuth.ACCOUNT, () => user && user.email === recipient.email)
-      .with(DocumentAccessAuth.TWO_FACTOR_AUTH, () => true) // Allow without account requirement
-      .exhaustive(),
-  );
-
-  if (!isAccessAuthValid) {
-    throw data(
-      {
-        type: 'embed-authentication-required',
-        email: user?.email || recipient.email,
-        returnTo: `/embed/sign/${token}`,
-      },
-      {
-        status: 401,
-      },
-    );
-  }
-
-  const isRecipientsTurnToSign = await getIsRecipientsTurnToSign({ token });
-
-  if (!isRecipientsTurnToSign) {
-    throw data(
-      {
-        type: 'embed-waiting-for-turn',
-      },
-      {
-        status: 403,
-      },
-    );
-  }
-
-  await viewedDocument({
-    token,
-    requestMetadata,
-    recipientAccessAuth: derivedRecipientAccessAuth,
-  });
-
-  const allRecipients =
-    recipient.role === RecipientRole.ASSISTANT
-      ? await getRecipientsForAssistant({
-          token,
-        })
-      : [];
-
-  return superLoaderJson({
-    token,
-    user,
-    document,
-    allRecipients,
-    recipient,
-    fields,
-    completedFields,
-    hidePoweredBy,
-    allowEmbedSigningWhitelabel,
-  });
-}
-
-export default function EmbedSignDocumentPage() {
-  const {
-    token,
-    user,
-    document,
-    allRecipients,
-    recipient,
-    fields,
-    completedFields,
-    hidePoweredBy,
-    allowEmbedSigningWhitelabel,
-  } = useSuperLoaderData<typeof loader>();
-
-  return (
-    <DocumentSigningProvider
-      email={recipient.email}
-      fullName={user?.email === recipient.email ? user?.name : recipient.name}
-      signature={user?.email === recipient.email ? user?.signature : undefined}
-      typedSignatureEnabled={document.documentMeta?.typedSignatureEnabled}
-      uploadSignatureEnabled={document.documentMeta?.uploadSignatureEnabled}
-      drawSignatureEnabled={document.documentMeta?.drawSignatureEnabled}
-    >
-      <DocumentSigningAuthProvider
-        documentAuthOptions={document.authOptions}
-        recipient={recipient}
-        user={user}
-      >
-        <EmbedSignDocumentClientPage
-          token={token}
-          documentId={document.id}
-          envelopeId={document.envelopeId}
-          envelopeItems={document.envelopeItems}
-          recipient={recipient}
-          fields={fields}
-          completedFields={completedFields}
-          metadata={document.documentMeta}
-          isCompleted={isDocumentCompleted(document.status)}
-          hidePoweredBy={hidePoweredBy}
-          allowWhitelabelling={allowEmbedSigningWhitelabel}
-          allRecipients={allRecipients}
-        />
-      </DocumentSigningAuthProvider>
-    </DocumentSigningProvider>
-  );
-}

apps/remix/app/routes/embed+/v1+/multisign+/_index.tsx

@@ -67,6 +67,7 @@ export async function loader({ request }: Route.LoaderArgs) {
 export default function MultisignPage() {
   const { envelopes, user, hidePoweredBy, allowWhitelabelling } =
     useSuperLoaderData<typeof loader>();
+
   const revalidator = useRevalidator();
 
   const [selectedDocument, setSelectedDocument] = useState<

apps/remix/package.json

@@ -41,6 +41,7 @@
     "@simplewebauthn/server": "^9.0.3",
     "autoprefixer": "^10.4.13",
     "colord": "^2.9.3",
+    "content-disposition": "^0.5.4",
     "framer-motion": "^10.12.8",
     "hono": "4.7.0",
     "hono-rate-limiter": "^0.4.2",
@@ -87,6 +88,7 @@
     "@rollup/plugin-node-resolve": "^16.0.0",
     "@rollup/plugin-typescript": "^12.1.2",
     "@simplewebauthn/types": "^9.0.1",
+    "@types/content-disposition": "^0.5.9",
     "@types/formidable": "^2.0.6",
     "@types/luxon": "^3.3.1",
     "@types/node": "^20",
@@ -104,5 +106,5 @@
     "vite-plugin-babel-macros": "^1.0.6",
     "vite-tsconfig-paths": "^5.1.4"
   },
-  "version": "1.13.1"
+  "version": "2.0.2"
 }

apps/remix/server/api/download/download.ts

@@ -0,0 +1,192 @@
+import { sValidator } from '@hono/standard-validator';
+import { EnvelopeType } from '@prisma/client';
+import { Hono } from 'hono';
+
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { getEnvelopeById } from '@documenso/lib/server-only/envelope/get-envelope-by-id';
+import { getApiTokenByToken } from '@documenso/lib/server-only/public-api/get-api-token-by-token';
+import { buildTeamWhereQuery } from '@documenso/lib/utils/teams';
+import { prisma } from '@documenso/prisma';
+
+import type { HonoEnv } from '../../router';
+import { handleEnvelopeItemFileRequest } from '../files/files.helpers';
+import {
+  ZDownloadDocumentRequestParamsSchema,
+  ZDownloadEnvelopeItemRequestParamsSchema,
+} from './download.types';
+
+export const downloadRoute = new Hono<HonoEnv>()
+  /**
+   * Download an envelope item by its ID.
+   * Requires API key authentication via Authorization header.
+   */
+  .get(
+    '/envelopeItem/:envelopeItemId/download',
+    sValidator('param', ZDownloadEnvelopeItemRequestParamsSchema),
+    async (c) => {
+      const logger = c.get('logger');
+
+      try {
+        const { envelopeItemId, version } = c.req.valid('param');
+        const authorizationHeader = c.req.header('authorization');
+
+        // Support for both "Authorization: Bearer api_xxx" and "Authorization: api_xxx"
+        const [token] = (authorizationHeader || '').split('Bearer ').filter((s) => s.length > 0);
+
+        if (!token) {
+          throw new AppError(AppErrorCode.UNAUTHORIZED, {
+            message: 'API token was not provided',
+          });
+        }
+
+        const apiToken = await getApiTokenByToken({ token });
+
+        if (apiToken.user.disabled) {
+          throw new AppError(AppErrorCode.UNAUTHORIZED, {
+            message: 'User is disabled',
+          });
+        }
+
+        logger.info({
+          auth: 'api',
+          source: 'apiV2',
+          path: c.req.path,
+          userId: apiToken.user.id,
+          apiTokenId: apiToken.id,
+          envelopeItemId,
+          version,
+        });
+
+        const envelopeItem = await prisma.envelopeItem.findFirst({
+          where: {
+            id: envelopeItemId,
+            envelope: {
+              team: buildTeamWhereQuery({ teamId: apiToken.teamId, userId: apiToken.user.id }),
+            },
+          },
+          include: {
+            envelope: true,
+            documentData: true,
+          },
+        });
+
+        if (!envelopeItem) {
+          return c.json({ error: 'Envelope item not found' }, 404);
+        }
+
+        if (!envelopeItem.documentData) {
+          return c.json({ error: 'Document data not found' }, 404);
+        }
+
+        return await handleEnvelopeItemFileRequest({
+          title: envelopeItem.title,
+          status: envelopeItem.envelope.status,
+          documentData: envelopeItem.documentData,
+          version: version || 'signed',
+          isDownload: true,
+          context: c,
+        });
+      } catch (error) {
+        logger.error(error);
+
+        if (error instanceof AppError) {
+          if (error.code === AppErrorCode.UNAUTHORIZED) {
+            return c.json({ error: error.message }, 401);
+          }
+
+          return c.json({ error: error.message }, 400);
+        }
+
+        return c.json({ error: 'Internal server error' }, 500);
+      }
+    },
+  )
+  /**
+   * Download a document by its ID.
+   * Requires API key authentication via Authorization header.
+   */
+  .get(
+    '/document/:documentId/download',
+    sValidator('param', ZDownloadDocumentRequestParamsSchema),
+    async (c) => {
+      const logger = c.get('logger');
+
+      try {
+        const { documentId, version } = c.req.valid('param');
+        const authorizationHeader = c.req.header('authorization');
+
+        // Support for both "Authorization: Bearer api_xxx" and "Authorization: api_xxx"
+        const [token] = (authorizationHeader || '').split('Bearer ').filter((s) => s.length > 0);
+
+        if (!token) {
+          throw new AppError(AppErrorCode.UNAUTHORIZED, {
+            message: 'API token was not provided',
+          });
+        }
+
+        const apiToken = await getApiTokenByToken({ token });
+
+        if (apiToken.user.disabled) {
+          throw new AppError(AppErrorCode.UNAUTHORIZED, {
+            message: 'User is disabled',
+          });
+        }
+
+        logger.info({
+          auth: 'api',
+          source: 'apiV2',
+          path: c.req.path,
+          userId: apiToken.user.id,
+          apiTokenId: apiToken.id,
+          documentId,
+          version,
+        });
+
+        const envelope = await getEnvelopeById({
+          id: {
+            type: 'documentId',
+            id: documentId,
+          },
+          type: EnvelopeType.DOCUMENT,
+          userId: apiToken.user.id,
+          teamId: apiToken.teamId,
+        }).catch(() => null);
+
+        if (!envelope) {
+          return c.json({ error: 'Document not found' }, 404);
+        }
+
+        // Get the first envelope item (documents have exactly one)
+        const [envelopeItem] = envelope.envelopeItems;
+
+        if (!envelopeItem) {
+          return c.json({ error: 'Document item not found' }, 404);
+        }
+
+        if (!envelopeItem.documentData) {
+          return c.json({ error: 'Document data not found' }, 404);
+        }
+
+        return await handleEnvelopeItemFileRequest({
+          title: envelopeItem.title,
+          status: envelope.status,
+          documentData: envelopeItem.documentData,
+          version: version || 'signed',
+          isDownload: true,
+          context: c,
+        });
+      } catch (error) {
+        logger.error(error);
+
+        if (error instanceof AppError) {
+          if (error.code === AppErrorCode.UNAUTHORIZED) {
+            return c.json({ error: error.message }, 401);
+          }
+
+          return c.json({ error: error.message }, 400);
+        }
+
+        return c.json({ error: 'Internal server error' }, 500);
+      }
+    },
+  );

apps/remix/server/api/download/download.types.ts

@@ -0,0 +1,29 @@
+import { z } from 'zod';
+
+export const ZDownloadEnvelopeItemRequestParamsSchema = z.object({
+  envelopeItemId: z.string().describe('The ID of the envelope item to download.'),
+  version: z
+    .enum(['original', 'signed'])
+    .optional()
+    .default('signed')
+    .describe(
+      'The version of the envelope item to download. "signed" returns the completed document with signatures, "original" returns the original uploaded document.',
+    ),
+});
+
+export type TDownloadEnvelopeItemRequestParams = z.infer<
+  typeof ZDownloadEnvelopeItemRequestParamsSchema
+>;
+
+export const ZDownloadDocumentRequestParamsSchema = z.object({
+  documentId: z.coerce.number().describe('The ID of the document to download.'),
+  version: z
+    .enum(['original', 'signed'])
+    .optional()
+    .default('signed')
+    .describe(
+      'The version of the document to download. "signed" returns the completed document with signatures, "original" returns the original uploaded document.',
+    ),
+});
+
+export type TDownloadDocumentRequestParams = z.infer<typeof ZDownloadDocumentRequestParamsSchema>;

apps/remix/server/api/files/files.helpers.ts

@@ -1,10 +1,11 @@
 import { type DocumentDataType, DocumentStatus } from '@prisma/client';
+import contentDisposition from 'content-disposition';
 import { type Context } from 'hono';
 
 import { sha256 } from '@documenso/lib/universal/crypto';
 import { getFileServerSide } from '@documenso/lib/universal/upload/get-file.server';
 
-import type { HonoEnv } from '../router';
+import type { HonoEnv } from '../../router';
 
 type HandleEnvelopeItemFileRequestOptions = {
   title: string;
@@ -34,7 +35,7 @@ export const handleEnvelopeItemFileRequest = async ({
 
   const etag = Buffer.from(sha256(documentDataToUse)).toString('hex');
 
-  if (c.req.header('If-None-Match') === etag) {
+  if (c.req.header('If-None-Match') === etag && !isDownload) {
     return c.body(null, 304);
   }
 
@@ -52,15 +53,13 @@ export const handleEnvelopeItemFileRequest = async ({
   }
 
   c.header('Content-Type', 'application/pdf');
-  c.header('Content-Length', file.length.toString());
   c.header('ETag', etag);
 
   if (!isDownload) {
     if (status === DocumentStatus.COMPLETED) {
       c.header('Cache-Control', 'public, max-age=31536000, immutable');
     } else {
-      // Set a tiny 1 minute cache, with must-revalidate to ensure the client always checks for updates.
-      c.header('Cache-Control', 'public, max-age=60, must-revalidate');
+      c.header('Cache-Control', 'public, max-age=0, must-revalidate');
     }
   }
 
@@ -70,7 +69,7 @@ export const handleEnvelopeItemFileRequest = async ({
     const suffix = version === 'signed' ? '_signed.pdf' : '.pdf';
     const filename = `${baseTitle}${suffix}`;
 
-    c.header('Content-Disposition', `attachment; filename="${filename}"`);
+    c.header('Content-Disposition', contentDisposition(filename));
 
     // For downloads, prevent caching to ensure fresh data
     c.header('Cache-Control', 'no-cache, no-store, must-revalidate');

apps/remix/server/api/files/files.ts

@@ -10,7 +10,7 @@ import { putNormalizedPdfFileServerSide } from '@documenso/lib/universal/upload/
 import { getPresignPostUrl } from '@documenso/lib/universal/upload/server-actions';
 import { prisma } from '@documenso/prisma';
 
-import type { HonoEnv } from '../router';
+import type { HonoEnv } from '../../router';
 import { handleEnvelopeItemFileRequest } from './files.helpers';
 import {
   type TGetPresignedPostUrlResponse,

apps/remix/server/router.ts

@@ -14,7 +14,8 @@ import { getIpAddress } from '@documenso/lib/universal/get-ip-address';
 import { logger } from '@documenso/lib/utils/logger';
 import { openApiDocument } from '@documenso/trpc/server/open-api';
 
-import { filesRoute } from './api/files';
+import { downloadRoute } from './api/download/download';
+import { filesRoute } from './api/files/files';
 import { type AppContext, appContext } from './context';
 import { appMiddleware } from './middleware';
 import { openApiTrpcServerHandler } from './trpc/hono-trpc-open-api';
@@ -92,6 +93,8 @@ app.use('/api/trpc/*', reactRouterTrpcServer);
 // Unstable API server routes. Order matters for these two.
 app.get(`${API_V2_URL}/openapi.json`, (c) => c.json(openApiDocument));
 app.use(`${API_V2_URL}/*`, cors());
+// Shadows the download routes that tRPC defines since tRPC-to-openapi doesn't support their return types.
+app.route(`${API_V2_URL}`, downloadRoute);
 app.use(`${API_V2_URL}/*`, async (c) =>
   openApiTrpcServerHandler(c, {
     isBeta: false,
@@ -101,6 +104,8 @@ app.use(`${API_V2_URL}/*`, async (c) =>
 // Unstable API server routes. Order matters for these two.
 app.get(`${API_V2_BETA_URL}/openapi.json`, (c) => c.json(openApiDocument));
 app.use(`${API_V2_BETA_URL}/*`, cors());
+// Shadows the download routes that tRPC defines since tRPC-to-openapi doesn't support their return types.
+app.route(`${API_V2_BETA_URL}`, downloadRoute);
 app.use(`${API_V2_BETA_URL}/*`, async (c) =>
   openApiTrpcServerHandler(c, {
     isBeta: true,

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "@documenso/root",
-  "version": "1.13.1",
+  "version": "2.0.2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@documenso/root",
-      "version": "1.13.1",
+      "version": "2.0.2",
       "workspaces": [
         "apps/*",
         "packages/*"
@@ -100,7 +100,7 @@
     },
     "apps/remix": {
       "name": "@documenso/remix",
-      "version": "1.13.1",
+      "version": "2.0.2",
       "dependencies": {
         "@cantoo/pdf-lib": "^2.5.2",
         "@documenso/api": "*",
@@ -129,6 +129,7 @@
         "@simplewebauthn/server": "^9.0.3",
         "autoprefixer": "^10.4.13",
         "colord": "^2.9.3",
+        "content-disposition": "^0.5.4",
         "framer-motion": "^10.12.8",
         "hono": "4.7.0",
         "hono-rate-limiter": "^0.4.2",
@@ -175,6 +176,7 @@
         "@rollup/plugin-node-resolve": "^16.0.0",
         "@rollup/plugin-typescript": "^12.1.2",
         "@simplewebauthn/types": "^9.0.1",
+        "@types/content-disposition": "^0.5.9",
         "@types/formidable": "^2.0.6",
         "@types/luxon": "^3.3.1",
         "@types/node": "^20",
@@ -12315,6 +12317,13 @@
         "@types/node": "*"
       }
     },
+    "node_modules/@types/content-disposition": {
+      "version": "0.5.9",
+      "resolved": "https://registry.npmjs.org/@types/content-disposition/-/content-disposition-0.5.9.tgz",
+      "integrity": "sha512-8uYXI3Gw35MhiVYhG3s295oihrxRyytcRHjSjqnqZVDDy/xcGBRny7+Xj1Wgfhv5QzRtN2hB2dVRBUX9XW3UcQ==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@types/cross-spawn": {
       "version": "6.0.2",
       "resolved": "https://registry.npmjs.org/@types/cross-spawn/-/cross-spawn-6.0.2.tgz",

package.json

@@ -1,6 +1,6 @@
 {
   "private": true,
-  "version": "1.13.1",
+  "version": "2.0.2",
   "scripts": {
     "build": "turbo run build",
     "dev": "turbo run dev --filter=@documenso/remix",
@@ -95,4 +95,4 @@
   "trigger.dev": {
     "endpointId": "documenso-app"
   }
-}
+}

packages/app-tests/e2e/envelopes/envelope-alignment.spec.ts

@@ -25,7 +25,7 @@ import { DocumentStatus } from '@prisma/client';
 import fs from 'node:fs';
 import path from 'node:path';
 import * as pdfjsLib from 'pdfjs-dist/legacy/build/pdf.js';
-import { getEnvelopeDownloadUrl } from '@documenso/lib/utils/envelope-download';
+import { getEnvelopeItemPdfUrl } from '@documenso/lib/utils/envelope-download';
 import { prisma } from '@documenso/prisma';
 import { seedAlignmentTestDocument } from '@documenso/prisma/seed/initial-seed';
 import { seedUser } from '@documenso/prisma/seed/users';
@@ -34,7 +34,7 @@ import { apiSignin } from '../fixtures/authentication';
 
 test.describe.configure({ mode: 'parallel', timeout: 60000 });
 
-test('field placement visual regression', async ({ page }, testInfo) => {
+test.skip('field placement visual regression', async ({ page }, testInfo) => {
   const { user, team } = await seedUser();
 
   const envelope = await seedAlignmentTestDocument({
@@ -94,7 +94,8 @@ test('field placement visual regression', async ({ page }, testInfo) => {
 
   await Promise.all(
     completedDocument.envelopeItems.map(async (item) => {
-      const documentUrl = getEnvelopeDownloadUrl({
+      const documentUrl = getEnvelopeItemPdfUrl({
+        type: 'download',
         envelopeItem: item,
         token,
         version: 'signed',
@@ -179,7 +180,8 @@ test.skip('download envelope images', async ({ page }) => {
 
   await Promise.all(
     completedDocument.envelopeItems.map(async (item) => {
-      const documentUrl = getEnvelopeDownloadUrl({
+      const documentUrl = getEnvelopeItemPdfUrl({
+        type: 'download',
         envelopeItem: item,
         token,
         version: 'signed',

packages/app-tests/e2e/features/include-document-certificate.spec.ts

@@ -3,7 +3,7 @@ import { expect, test } from '@playwright/test';
 import { DocumentStatus, FieldType } from '@prisma/client';
 
 import { getDocumentByToken } from '@documenso/lib/server-only/document/get-document-by-token';
-import { getEnvelopeDownloadUrl } from '@documenso/lib/utils/envelope-download';
+import { getEnvelopeItemPdfUrl } from '@documenso/lib/utils/envelope-download';
 import { prisma } from '@documenso/prisma';
 import { seedPendingDocumentWithFullFields } from '@documenso/prisma/seed/documents';
 import { seedTeam } from '@documenso/prisma/seed/teams';
@@ -34,7 +34,8 @@ test.describe('Signing Certificate Tests', () => {
         },
       })
       .then(async (data) => {
-        const documentUrl = getEnvelopeDownloadUrl({
+        const documentUrl = getEnvelopeItemPdfUrl({
+          type: 'download',
           envelopeItem: data,
           token: recipient.token,
           version: 'signed',
@@ -85,7 +86,8 @@ test.describe('Signing Certificate Tests', () => {
 
     const firstDocumentData = completedDocument.envelopeItems[0];
 
-    const documentUrl = getEnvelopeDownloadUrl({
+    const documentUrl = getEnvelopeItemPdfUrl({
+      type: 'download',
       envelopeItem: firstDocumentData,
       token: recipient.token,
       version: 'signed',
@@ -139,7 +141,8 @@ test.describe('Signing Certificate Tests', () => {
         },
       })
       .then(async (data) => {
-        const documentUrl = getEnvelopeDownloadUrl({
+        const documentUrl = getEnvelopeItemPdfUrl({
+          type: 'download',
           envelopeItem: data,
           token: recipient.token,
           version: 'signed',
@@ -188,7 +191,8 @@ test.describe('Signing Certificate Tests', () => {
 
     const firstDocumentData = completedDocument.envelopeItems[0];
 
-    const documentUrl = getEnvelopeDownloadUrl({
+    const documentUrl = getEnvelopeItemPdfUrl({
+      type: 'download',
       envelopeItem: firstDocumentData,
       token: recipient.token,
       version: 'signed',
@@ -242,7 +246,8 @@ test.describe('Signing Certificate Tests', () => {
         },
       })
       .then(async (data) => {
-        const documentUrl = getEnvelopeDownloadUrl({
+        const documentUrl = getEnvelopeItemPdfUrl({
+          type: 'download',
           envelopeItem: data,
           token: recipient.token,
           version: 'signed',
@@ -289,7 +294,8 @@ test.describe('Signing Certificate Tests', () => {
       },
     });
 
-    const documentUrl = getEnvelopeDownloadUrl({
+    const documentUrl = getEnvelopeItemPdfUrl({
+      type: 'download',
       envelopeItem: completedDocument.envelopeItems[0],
       token: recipient.token,
       version: 'signed',

packages/app-tests/e2e/templates/create-document-from-template.spec.ts

@@ -1,6 +1,5 @@
 import { expect, test } from '@playwright/test';
 import { DocumentDataType, TeamMemberRole } from '@prisma/client';
-import fs from 'fs';
 import path from 'path';
 
 import { extractDocumentAuthMethods } from '@documenso/lib/utils/document-auth';
@@ -12,6 +11,10 @@ import { seedUser } from '@documenso/prisma/seed/users';
 import { apiSignin } from '../fixtures/authentication';
 
 const EXAMPLE_PDF_PATH = path.join(__dirname, '../../../../assets/example.pdf');
+const FIELD_ALIGNMENT_TEST_PDF_PATH = path.join(
+  __dirname,
+  '../../../../assets/field-font-alignment.pdf',
+);
 
 /**
  * 1. Create a template with all settings filled out
@@ -233,10 +236,6 @@ test('[TEMPLATE]: should create a document from a template with custom document'
   const { user, team } = await seedUser();
   const template = await seedBlankTemplate(user, team.id);
 
-  // Create a temporary PDF file for upload
-
-  const pdfContent = fs.readFileSync(EXAMPLE_PDF_PATH).toString('base64');
-
   await apiSignin({
     page,
     email: user.email,
@@ -277,7 +276,7 @@ test('[TEMPLATE]: should create a document from a template with custom document'
       }),
   ]);
 
-  await fileChooser.setFiles(EXAMPLE_PDF_PATH);
+  await fileChooser.setFiles(FIELD_ALIGNMENT_TEST_PDF_PATH);
 
   // Wait for upload to complete
   await expect(page.getByText('Remove')).toBeVisible();
@@ -314,8 +313,12 @@ test('[TEMPLATE]: should create a document from a template with custom document'
   expect(firstDocumentData.type).toEqual(expectedDocumentDataType);
 
   if (expectedDocumentDataType === DocumentDataType.BYTES_64) {
-    expect(firstDocumentData.data).toEqual(pdfContent);
-    expect(firstDocumentData.initialData).toEqual(pdfContent);
+    // Todo: Doesn't really work due to normalization of the PDF which won't let us directly compare the data.
+    // Probably need to do a pixel match
+    expect(firstDocumentData.data).not.toEqual(template.envelopeItems[0].documentData.data);
+    expect(firstDocumentData.initialData).not.toEqual(
+      template.envelopeItems[0].documentData.initialData,
+    );
   } else {
     // For S3, we expect the data/initialData to be the S3 path (non-empty string)
     expect(firstDocumentData.data).toBeTruthy();
@@ -336,8 +339,6 @@ test('[TEMPLATE]: should create a team document from a template with custom docu
 
   const template = await seedBlankTemplate(owner, team.id);
 
-  const pdfContent = fs.readFileSync(EXAMPLE_PDF_PATH).toString('base64');
-
   await apiSignin({
     page,
     email: owner.email,
@@ -378,7 +379,7 @@ test('[TEMPLATE]: should create a team document from a template with custom docu
       }),
   ]);
 
-  await fileChooser.setFiles(EXAMPLE_PDF_PATH);
+  await fileChooser.setFiles(FIELD_ALIGNMENT_TEST_PDF_PATH);
 
   // Wait for upload to complete
   await expect(page.getByText('Remove')).toBeVisible();
@@ -416,8 +417,12 @@ test('[TEMPLATE]: should create a team document from a template with custom docu
   expect(firstDocumentData.type).toEqual(expectedDocumentDataType);
 
   if (expectedDocumentDataType === DocumentDataType.BYTES_64) {
-    expect(firstDocumentData.data).toEqual(pdfContent);
-    expect(firstDocumentData.initialData).toEqual(pdfContent);
+    // Todo: Doesn't really work due to normalization of the PDF which won't let us directly compare the data.
+    // Probably need to do a pixel match
+    expect(firstDocumentData.data).not.toEqual(template.envelopeItems[0].documentData.data);
+    expect(firstDocumentData.initialData).not.toEqual(
+      template.envelopeItems[0].documentData.initialData,
+    );
   } else {
     // For S3, we expect the data/initialData to be the S3 path (non-empty string)
     expect(firstDocumentData.data).toBeTruthy();

packages/auth/server/lib/utils/handle-oauth-callback-url.ts

@@ -5,6 +5,7 @@ import { deleteCookie } from 'hono/cookie';
 
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { onCreateUserHook } from '@documenso/lib/server-only/user/create-user';
+import { isValidReturnTo, normalizeReturnTo } from '@documenso/lib/utils/is-valid-return-to';
 import { prisma } from '@documenso/prisma';
 
 import type { OAuthClientOptions } from '../../config';
@@ -177,6 +178,12 @@ export const validateOauth = async (options: HandleOAuthCallbackUrlOptions) => {
     redirectPath = '/';
   }
 
+  if (!isValidReturnTo(redirectPath)) {
+    redirectPath = '/';
+  }
+
+  redirectPath = normalizeReturnTo(redirectPath) || '/';
+
   const tokens = await oAuthClient.validateAuthorizationCode(
     token_endpoint,
     code,

packages/lib/client-only/download-pdf.ts

@@ -1,6 +1,6 @@
 import type { EnvelopeItem } from '@prisma/client';
 
-import { getEnvelopeDownloadUrl } from '../utils/envelope-download';
+import { getEnvelopeItemPdfUrl } from '../utils/envelope-download';
 import { downloadFile } from './download-file';
 
 type DocumentVersion = 'original' | 'signed';
@@ -24,7 +24,8 @@ export const downloadPDF = async ({
   fileName,
   version = 'signed',
 }: DownloadPDFProps) => {
-  const downloadUrl = getEnvelopeDownloadUrl({
+  const downloadUrl = getEnvelopeItemPdfUrl({
+    type: 'download',
     envelopeItem: envelopeItem,
     token,
     version,

packages/lib/client-only/providers/envelope-editor-provider.tsx

@@ -150,7 +150,7 @@ export const EnvelopeEditorProvider = ({
   });
 
   const envelopeRecipientSetMutationQuery = trpc.envelope.recipient.set.useMutation({
-    onSuccess: ({ recipients }) => {
+    onSuccess: ({ data: recipients }) => {
       setEnvelope((prev) => ({
         ...prev,
         recipients,
@@ -196,7 +196,7 @@ export const EnvelopeEditorProvider = ({
     });
 
     // Insert the IDs into the local fields.
-    envelopeFields.fields.forEach((field) => {
+    envelopeFields.data.forEach((field) => {
       const localField = localFields.find((localField) => localField.formId === field.formId);
 
       if (localField && !localField.id) {

packages/lib/client-only/providers/envelope-render-provider.tsx

@@ -1,11 +1,14 @@
 import { createContext, useCallback, useContext, useEffect, useMemo, useState } from 'react';
 import React from 'react';
 
+import type { Field, Recipient } from '@prisma/client';
+
 import type { TRecipientColor } from '@documenso/ui/lib/recipient-colors';
 import { AVAILABLE_RECIPIENT_COLORS } from '@documenso/ui/lib/recipient-colors';
 
 import type { TEnvelope } from '../../types/envelope';
-import { getEnvelopeDownloadUrl } from '../../utils/envelope-download';
+import type { FieldRenderMode } from '../../universal/field-renderer/render-field';
+import { getEnvelopeItemPdfUrl } from '../../utils/envelope-download';
 
 type FileData =
   | {
@@ -17,7 +20,9 @@ type FileData =
     };
 
 type EnvelopeRenderOverrideSettings = {
-  mode: 'edit' | 'sign' | 'export';
+  mode?: FieldRenderMode;
+  showRecipientTooltip?: boolean;
+  showRecipientSigningStatus?: boolean;
 };
 
 type EnvelopeRenderItem = TEnvelope['envelopeItems'][number];
@@ -27,7 +32,8 @@ type EnvelopeRenderProviderValue = {
   envelopeItems: EnvelopeRenderItem[];
   currentEnvelopeItem: EnvelopeRenderItem | null;
   setCurrentEnvelopeItem: (envelopeItemId: string) => void;
-  fields: TEnvelope['fields'];
+  fields: Field[];
+  recipients: Pick<Recipient, 'id' | 'name' | 'email' | 'signingStatus'>[];
   getRecipientColorKey: (recipientId: number) => TRecipientColor;
 
   renderError: boolean;
@@ -45,14 +51,15 @@ interface EnvelopeRenderProviderProps {
    *
    * Only pass if the CustomRenderer you are passing in wants fields.
    */
-  fields?: TEnvelope['fields'];
+  fields?: Field[];
 
   /**
-   * Optional recipient IDs used to determine the color of the fields.
+   * Optional recipient used to determine the color of the fields and hover
+   * previews.
    *
    * Only required for generic page renderers.
    */
-  recipientIds?: number[];
+  recipients?: Pick<Recipient, 'id' | 'name' | 'email' | 'signingStatus'>[];
 
   /**
    * The token to access the envelope.
@@ -87,7 +94,7 @@ export const EnvelopeRenderProvider = ({
   envelope,
   fields,
   token,
-  recipientIds = [],
+  recipients = [],
   overrideSettings,
 }: EnvelopeRenderProviderProps) => {
   // Indexed by documentDataId.
@@ -117,10 +124,10 @@ export const EnvelopeRenderProvider = ({
     }
 
     try {
-      const downloadUrl = getEnvelopeDownloadUrl({
+      const downloadUrl = getEnvelopeItemPdfUrl({
+        type: 'view',
         envelopeItem: envelopeItem,
         token,
-        version: 'signed',
       });
 
       const blob = await fetch(downloadUrl).then(async (res) => await res.blob());
@@ -175,6 +182,11 @@ export const EnvelopeRenderProvider = ({
     }
   }, [envelope.envelopeItems]);
 
+  const recipientIds = useMemo(
+    () => recipients.map((recipient) => recipient.id).sort(),
+    [recipients],
+  );
+
   const getRecipientColorKey = useCallback(
     (recipientId: number) => {
       const recipientIndex = recipientIds.findIndex((id) => id === recipientId);
@@ -194,6 +206,7 @@ export const EnvelopeRenderProvider = ({
         currentEnvelopeItem: currentItem,
         setCurrentEnvelopeItem,
         fields: fields ?? [],
+        recipients,
         getRecipientColorKey,
         renderError,
         setRenderError,

packages/lib/jobs/definitions/internal/seal-document.handler.ts

@@ -189,29 +189,34 @@ export const run = async ({
     settings,
   });
 
-  const newDocumentData = await Promise.all(
-    envelopeItems.map(async (envelopeItem) =>
-      io.runTask(`decorate-and-sign-envelope-item-${envelopeItem.id}`, async () => {
-        const envelopeItemFields = envelope.envelopeItems.find(
-          (item) => item.id === envelopeItem.id,
-        )?.field;
+  const decoratePromises: Array<Promise<{ oldDocumentDataId: string; newDocumentDataId: string }>> =
+    [];
 
-        if (!envelopeItemFields) {
-          throw new Error(`Envelope item fields not found for envelope item ${envelopeItem.id}`);
-        }
+  for (const envelopeItem of envelopeItems) {
+    const task = io.runTask(`decorate-${envelopeItem.id}`, async () => {
+      const envelopeItemFields = envelope.envelopeItems.find(
+        (item) => item.id === envelopeItem.id,
+      )?.field;
 
-        return decorateAndSignPdf({
-          envelope,
-          envelopeItem,
-          envelopeItemFields,
-          isRejected,
-          rejectionReason,
-          certificateData,
-          auditLogData,
-        });
-      }),
-    ),
-  );
+      if (!envelopeItemFields) {
+        throw new Error(`Envelope item fields not found for envelope item ${envelopeItem.id}`);
+      }
+
+      return decorateAndSignPdf({
+        envelope,
+        envelopeItem,
+        envelopeItemFields,
+        isRejected,
+        rejectionReason,
+        certificateData,
+        auditLogData,
+      });
+    });
+
+    decoratePromises.push(task);
+  }
+
+  const newDocumentData = await Promise.all(decoratePromises);
 
   const postHog = PostHogServerClient();
 

packages/lib/server-only/document/get-document-by-token.ts

@@ -91,7 +91,11 @@ export const getDocumentAndSenderByToken = async ({
         },
       },
       envelopeItems: {
-        include: {
+        select: {
+          id: true,
+          title: true,
+          order: true,
+          envelopeId: true,
           documentData: true,
         },
       },

packages/lib/server-only/envelope/get-envelope-for-direct-template-signing.ts

@@ -143,7 +143,7 @@ export const getEnvelopeForDirectTemplateSigning = async ({
     envelope,
     recipient: {
       ...recipient,
-      token: envelope.directLink?.token || '',
+      directToken: envelope.directLink?.token || '',
     },
     recipientSignature: null,
     isRecipientsTurn: true,

packages/lib/server-only/envelope/get-envelope-for-recipient-signing.ts

@@ -107,6 +107,7 @@ export const ZEnvelopeForSigningResponse = z.object({
     signingOrder: true,
     rejectionReason: true,
   }).extend({
+    directToken: z.string().nullish(),
     fields: ZFieldSchema.omit({
       documentId: true,
       templateId: true,

packages/lib/server-only/template/create-document-from-direct-template.ts

@@ -82,6 +82,7 @@ type CreatedDirectRecipientField = {
 
 export const ZCreateDocumentFromDirectTemplateResponseSchema = z.object({
   token: z.string(),
+  envelopeId: z.string(),
   documentId: z.number(),
   recipientId: z.number(),
 });
@@ -815,6 +816,7 @@ export const createDocumentFromDirectTemplate = async ({
 
   return {
     token,
+    envelopeId: createdEnvelope.id,
     documentId: incrementedDocumentId.documentId,
     recipientId,
   };

packages/lib/translations/en/web.po

@@ -53,7 +53,7 @@ msgstr "\"Team Name\" has invited you to sign \"example document\"."
 
 #: apps/remix/app/components/general/envelope-signing/envelope-signer-form.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-form.tsx
-#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page-v1.tsx
 msgid "(You)"
 msgstr "(You)"
 
@@ -1076,6 +1076,10 @@ msgstr "Add Placeholder Recipient"
 msgid "Add Placeholders"
 msgstr "Add Placeholders"
 
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Add Recipients"
+msgstr "Add Recipients"
+
 #: apps/remix/app/components/general/envelope-editor/envelope-editor-recipient-form.tsx
 #: apps/remix/app/components/embed/authoring/configure-document-recipients.tsx
 #: packages/ui/primitives/document-flow/add-signers.tsx
@@ -1124,6 +1128,8 @@ msgstr "Add this URL to your provider's allowed redirect URIs"
 msgid "Additional brand information to display at the bottom of emails"
 msgstr "Additional brand information to display at the bottom of emails"
 
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
 #: packages/lib/constants/teams-translations.ts
 #: packages/lib/constants/organisations-translations.ts
 msgid "Admin"
@@ -1363,17 +1369,6 @@ msgstr "An error occurred while disabling direct link signing."
 msgid "An error occurred while disabling the user."
 msgstr "An error occurred while disabling the user."
 
-#: apps/remix/app/components/tables/inbox-table.tsx
-#: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
-#: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
-#: apps/remix/app/components/tables/documents-table-action-button.tsx
-#: apps/remix/app/components/general/share-document-download-button.tsx
-#: apps/remix/app/components/general/document/document-page-view-dropdown.tsx
-#: apps/remix/app/components/general/document/document-page-view-dropdown.tsx
-#: apps/remix/app/components/general/document/document-page-view-button.tsx
-msgid "An error occurred while downloading your document."
-msgstr "An error occurred while downloading your document."
-
 #: apps/remix/app/components/dialogs/template-duplicate-dialog.tsx
 msgid "An error occurred while duplicating template."
 msgstr "An error occurred while duplicating template."
@@ -1455,6 +1450,10 @@ msgstr "An error occurred while signing as assistant."
 msgid "An error occurred while signing the document."
 msgstr "An error occurred while signing the document."
 
+#: apps/remix/app/components/general/envelope-signing/envelope-signer-page-renderer.tsx
+msgid "An error occurred while signing the field."
+msgstr "An error occurred while signing the field."
+
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/billing-plans.tsx
 msgid "An error occurred while trying to create a checkout session."
@@ -1538,6 +1537,7 @@ msgstr "An unexpected error occurred."
 #: apps/remix/app/components/dialogs/organisation-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-create-dialog.tsx
 #: apps/remix/app/components/dialogs/envelope-item-delete-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-organisation-create-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/account-delete-dialog.tsx
@@ -1694,7 +1694,7 @@ msgstr "Assist"
 msgid "Assist Document"
 msgstr "Assist Document"
 
-#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page-v1.tsx
 msgid "Assist with signing"
 msgstr "Assist with signing"
 
@@ -2038,6 +2038,7 @@ msgstr "Can prepare"
 #: apps/remix/app/components/dialogs/claim-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/claim-create-dialog.tsx
 #: apps/remix/app/components/dialogs/assistant-confirmation-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-organisation-create-dialog.tsx
 #: packages/ui/primitives/signature-pad/signature-pad-dialog.tsx
 #: packages/ui/primitives/document-flow/send-document-action-dialog.tsx
@@ -2165,10 +2166,6 @@ msgstr "Clear filters"
 msgid "Clear Signature"
 msgstr "Clear Signature"
 
-#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
-msgid "Click here to add a recipient"
-msgstr "Click here to add a recipient"
-
 #: apps/remix/app/components/tables/settings-public-profile-templates-table.tsx
 msgid "Click here to get started"
 msgstr "Click here to get started"
@@ -2191,7 +2188,7 @@ msgstr "Click to copy signing link for sending to recipient"
 #: apps/remix/app/components/general/envelope-signing/envelope-signer-page-renderer.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-form.tsx
 #: apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx
-#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page-v1.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 msgid "Click to insert field"
@@ -2234,10 +2231,6 @@ msgstr "Client secret is required"
 msgid "Close"
 msgstr "Close"
 
-#: apps/remix/app/components/general/envelope-editor/envelope-editor-preview-page.tsx
-msgid "Coming soon"
-msgstr "Coming soon"
-
 #: apps/remix/app/components/embed/authoring/configure-document-advanced-settings.tsx
 msgid "Communication"
 msgstr "Communication"
@@ -2249,8 +2242,8 @@ msgstr "Compare all plans and features in detail"
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
 #: apps/remix/app/components/forms/signup.tsx
-#: apps/remix/app/components/embed/embed-document-signing-page.tsx
-#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page-v1.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page-v1.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
@@ -2296,6 +2289,12 @@ msgstr "Completed Documents"
 msgid "Completed on {formattedDate}"
 msgstr "Completed on {formattedDate}"
 
+#: packages/ui/components/pdf-viewer/pdf-viewer-konva.tsx
+#: packages/ui/components/pdf-viewer/pdf-viewer-konva.tsx
+#: packages/ui/components/pdf-viewer/pdf-viewer-konva.tsx
+msgid "Configuration Error"
+msgstr "Configuration Error"
+
 #. placeholder {0}: parseMessageDescriptor(_, FRIENDLY_FIELD_TYPE[currentField.type])
 #: apps/remix/app/components/embed/authoring/field-advanced-settings-drawer.tsx
 msgid "Configure {0} Field"
@@ -3567,20 +3566,17 @@ msgstr "Domain Name"
 msgid "Don't have an account? <0>Sign up</0>"
 msgstr "Don't have an account? <0>Sign up</0>"
 
+#: apps/remix/app/routes/_recipient+/sign.$token+/complete.tsx
 #: apps/remix/app/components/tables/organisation-billing-invoices-table.tsx
 #: apps/remix/app/components/tables/inbox-table.tsx
 #: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
-#: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
 #: apps/remix/app/components/tables/documents-table-action-button.tsx
-#: apps/remix/app/components/tables/documents-table-action-button.tsx
-#: apps/remix/app/components/general/share-document-download-button.tsx
-#: apps/remix/app/components/general/document/document-page-view-dropdown.tsx
 #: apps/remix/app/components/general/document/document-page-view-dropdown.tsx
 #: apps/remix/app/components/general/document/document-page-view-button.tsx
-#: apps/remix/app/components/general/document/document-page-view-button.tsx
+#: apps/remix/app/components/general/document/document-certificate-qr-view.tsx
+#: apps/remix/app/components/general/document/document-certificate-qr-view.tsx
 #: apps/remix/app/components/forms/2fa/view-recovery-codes-dialog.tsx
 #: apps/remix/app/components/forms/2fa/enable-authenticator-app-dialog.tsx
-#: packages/ui/components/document/document-download-button.tsx
 #: packages/email/template-components/template-document-completed.tsx
 msgid "Download"
 msgstr "Download"
@@ -3597,11 +3593,6 @@ msgstr "Download Certificate"
 msgid "Download Files"
 msgstr "Download Files"
 
-#: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
-#: apps/remix/app/components/general/document/document-page-view-dropdown.tsx
-msgid "Download Original"
-msgstr "Download Original"
-
 #: apps/remix/app/components/general/envelope-signing/envelope-signer-header.tsx
 #: apps/remix/app/components/general/envelope-editor/envelope-editor.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-page-view-v2.tsx
@@ -3752,7 +3743,7 @@ msgstr "Electronic Signature Disclosure"
 #: apps/remix/app/components/forms/signin.tsx
 #: apps/remix/app/components/forms/profile.tsx
 #: apps/remix/app/components/forms/forgot-password.tsx
-#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page-v1.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 #: apps/remix/app/components/embed/authoring/configure-document-recipients.tsx
@@ -4023,10 +4014,6 @@ msgstr "Enter your text here"
 msgid "Enterprise"
 msgstr "Enterprise"
 
-#: packages/ui/primitives/document-upload.tsx
-msgid "Envelope (beta)"
-msgstr "Envelope (beta)"
-
 #: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
 msgid "Envelope distributed"
 msgstr "Envelope distributed"
@@ -4072,7 +4059,6 @@ msgstr "Envelope updated"
 #: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/users.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
-#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx
 #: apps/remix/app/components/general/verify-email-banner.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
@@ -4081,6 +4067,7 @@ msgstr "Envelope updated"
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
 #: apps/remix/app/components/general/template/template-edit-form.tsx
+#: apps/remix/app/components/general/envelope-signing/envelope-signer-page-renderer.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-text-field.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-text-field.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-signature-field.tsx
@@ -4429,7 +4416,7 @@ msgstr "Free Signature Settings"
 #: apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx
 #: apps/remix/app/components/forms/signup.tsx
 #: apps/remix/app/components/forms/profile.tsx
-#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page-v1.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 msgid "Full Name"
@@ -4574,7 +4561,7 @@ msgstr "has invited you to view this document"
 msgid "Having an assistant as the last signer means they will be unable to take any action as there are no subsequent signers to assist."
 msgstr "Having an assistant as the last signer means they will be unable to take any action as there are no subsequent signers to assist."
 
-#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page-v1.tsx
 msgid "Help complete the document for other signers."
 msgstr "Help complete the document for other signers."
 
@@ -5252,6 +5239,8 @@ msgstr "Manage your passkeys."
 msgid "Manage your site settings here"
 msgstr "Manage your site settings here"
 
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
 #: packages/lib/constants/teams-translations.ts
 #: packages/lib/constants/organisations-translations.ts
 msgid "Manager"
@@ -5300,6 +5289,8 @@ msgstr "Maximum number of uploaded files per envelope allowed"
 #: apps/remix/app/components/tables/team-members-table.tsx
 #: apps/remix/app/components/tables/admin-organisations-table.tsx
 #: apps/remix/app/components/dialogs/team-member-create-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
 #: packages/lib/constants/teams-translations.ts
 #: packages/lib/constants/organisations-translations.ts
 msgid "Member"
@@ -5310,10 +5301,6 @@ msgstr "Member"
 msgid "Member Count"
 msgstr "Member Count"
 
-#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
-msgid "Member promoted to owner successfully"
-msgstr "Member promoted to owner successfully"
-
 #: apps/remix/app/components/tables/organisation-members-table.tsx
 msgid "Member Since"
 msgstr "Member Since"
@@ -5346,6 +5333,10 @@ msgstr "Message <0>(Optional)</0>"
 msgid "Min"
 msgstr "Min"
 
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Missing Recipients"
+msgstr "Missing Recipients"
+
 #: apps/remix/app/components/general/template/template-page-view-recipients.tsx
 #: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 msgid "Modify recipients"
@@ -5484,7 +5475,7 @@ msgstr "New Password"
 msgid "New Template"
 msgstr "New Template"
 
-#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page-v1.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 #: apps/remix/app/components/dialogs/team-member-create-dialog.tsx
@@ -5932,9 +5923,15 @@ msgstr "Override organisation settings"
 #: apps/remix/app/components/tables/organisation-members-table.tsx
 #: apps/remix/app/components/tables/admin-organisations-table.tsx
 #: apps/remix/app/components/tables/admin-organisations-table.tsx
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
 msgid "Owner"
 msgstr "Owner"
 
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
+msgid "Ownership transferred to {organisationMemberName}."
+msgstr "Ownership transferred to {organisationMemberName}."
+
 #. placeholder {0}: table.getState().pagination.pageIndex + 1
 #. placeholder {1}: table.getPageCount() || 1
 #: packages/ui/primitives/data-table-pagination.tsx
@@ -6039,6 +6036,7 @@ msgstr "PDF Document"
 #: apps/remix/app/components/general/envelope-editor/envelope-editor-header.tsx
 #: apps/remix/app/components/general/document/document-status.tsx
 #: apps/remix/app/components/general/document/document-page-view-recipients.tsx
+#: packages/ui/components/document/envelope-recipient-field-tooltip.tsx
 #: packages/ui/components/document/document-read-only-fields.tsx
 #: packages/lib/constants/document.ts
 msgid "Pending"
@@ -6376,10 +6374,6 @@ msgstr "Profile updated"
 msgid "Progress"
 msgstr "Progress"
 
-#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
-msgid "Promote to owner"
-msgstr "Promote to owner"
-
 #: apps/remix/app/routes/_authenticated+/settings+/security.linked-accounts.tsx
 msgid "Provider"
 msgstr "Provider"
@@ -6880,6 +6874,7 @@ msgstr "Right"
 #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
 #: apps/remix/app/components/dialogs/team-group-update-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
 msgid "Role"
 msgstr "Role"
 
@@ -7339,7 +7334,7 @@ msgstr "Sign as<0>{0} <1>({1})</1></0>"
 msgid "Sign Checkbox Field"
 msgstr "Sign Checkbox Field"
 
-#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page-v1.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 msgid "Sign document"
@@ -7407,7 +7402,7 @@ msgstr "Sign Signature Field"
 msgid "Sign Text Field"
 msgstr "Sign Text Field"
 
-#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page-v1.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 msgid "Sign the document to complete the process."
@@ -7449,7 +7444,7 @@ msgstr "Sign your initials into the field"
 #: apps/remix/app/components/general/document-signing/document-signing-form.tsx
 #: apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx
 #: apps/remix/app/components/forms/profile.tsx
-#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page-v1.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/embed/multisign/multi-sign-document-signing-view.tsx
 #: packages/ui/primitives/template-flow/add-template-fields.tsx
@@ -7483,13 +7478,10 @@ msgstr "Signature types"
 msgid "Signatures Collected"
 msgstr "Signatures Collected"
 
-#: apps/remix/app/routes/_recipient+/sign.$token+/complete.tsx
-msgid "Signatures will appear once the document has been completed"
-msgstr "Signatures will appear once the document has been completed"
-
 #: apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx
 #: apps/remix/app/components/general/document/document-page-view-recipients.tsx
 #: apps/remix/app/components/dialogs/envelope-download-dialog.tsx
+#: packages/ui/components/document/envelope-recipient-field-tooltip.tsx
 #: packages/ui/components/document/document-read-only-fields.tsx
 msgid "Signed"
 msgstr "Signed"
@@ -7535,7 +7527,7 @@ msgstr "Signing certificate provided by"
 msgid "Signing Complete!"
 msgstr "Signing Complete!"
 
-#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page-v1.tsx
 msgid "Signing for"
 msgstr "Signing for"
 
@@ -7595,11 +7587,6 @@ msgstr "Some signers have not been assigned a signature field. Please assign at
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/tables/organisation-member-invites-table.tsx
 #: apps/remix/app/components/tables/organisation-member-invites-table.tsx
-#: apps/remix/app/components/tables/inbox-table.tsx
-#: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
-#: apps/remix/app/components/tables/documents-table-action-dropdown.tsx
-#: apps/remix/app/components/tables/documents-table-action-button.tsx
-#: apps/remix/app/components/general/share-document-download-button.tsx
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/billing-plans.tsx
 #: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
@@ -7610,16 +7597,14 @@ msgstr "Some signers have not been assigned a signature field. Please assign at
 #: apps/remix/app/components/general/organisations/organisation-billing-portal-button.tsx
 #: apps/remix/app/components/general/organisations/organisation-billing-banner.tsx
 #: apps/remix/app/components/general/envelope-signing/envelope-signing-complete-dialog.tsx
+#: apps/remix/app/components/general/envelope-signing/envelope-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-page.tsx
 #: apps/remix/app/components/general/document-signing/document-signing-auth-account.tsx
-#: apps/remix/app/components/general/document/document-page-view-dropdown.tsx
-#: apps/remix/app/components/general/document/document-page-view-dropdown.tsx
-#: apps/remix/app/components/general/document/document-page-view-button.tsx
 #: apps/remix/app/components/general/document/document-certificate-download-button.tsx
 #: apps/remix/app/components/general/document/document-audit-log-download-button.tsx
 #: apps/remix/app/components/general/direct-template/direct-template-signing-auth-page.tsx
 #: apps/remix/app/components/general/direct-template/direct-template-page.tsx
-#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page-v1.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 #: apps/remix/app/components/dialogs/template-direct-link-dialog.tsx
 #: apps/remix/app/components/dialogs/template-direct-link-dialog.tsx
@@ -7658,6 +7643,11 @@ msgstr "Something went wrong while loading the document."
 msgid "Something went wrong while loading your passkeys."
 msgstr "Something went wrong while loading your passkeys."
 
+#: packages/ui/components/pdf-viewer/pdf-viewer-konva.tsx
+#: packages/ui/components/pdf-viewer/pdf-viewer-konva.tsx
+msgid "Something went wrong while rendering the document, some fields may be missing or corrupted."
+msgstr "Something went wrong while rendering the document, some fields may be missing or corrupted."
+
 #: apps/remix/app/components/general/verify-email-banner.tsx
 msgid "Something went wrong while sending the confirmation email."
 msgstr "Something went wrong while sending the confirmation email."
@@ -7808,7 +7798,6 @@ msgstr "Subscription invalid"
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
-#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx
 #: apps/remix/app/components/tables/organisation-member-invites-table.tsx
@@ -7853,6 +7842,7 @@ msgstr "Subscription invalid"
 #: apps/remix/app/components/dialogs/organisation-delete-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-create-dialog.tsx
 #: apps/remix/app/components/dialogs/envelope-item-delete-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
 #: apps/remix/app/components/dialogs/admin-organisation-create-dialog.tsx
 msgid "Success"
 msgstr "Success"
@@ -8523,6 +8513,10 @@ msgstr "The token you have used to reset your password is either expired or it n
 msgid "The two-factor authentication code provided is incorrect"
 msgstr "The two-factor authentication code provided is incorrect"
 
+#: apps/remix/app/components/forms/editor/editor-field-signature-form.tsx
+msgid "The typed signature font size"
+msgstr "The typed signature font size"
+
 #: packages/ui/components/document/document-signature-settings-tooltip.tsx
 msgid "The types of signatures that recipients are allowed to use when signing the document."
 msgstr "The types of signatures that recipients are allowed to use when signing the document."
@@ -8576,6 +8570,10 @@ msgstr "There are no completed documents yet. Documents that you have created or
 msgid "There was an error uploading your file. Please try again."
 msgstr "There was an error uploading your file. Please try again."
 
+#: packages/ui/components/pdf-viewer/pdf-viewer-konva.tsx
+msgid "There was an issue rendering some fields, please review the fields and try again."
+msgstr "There was an issue rendering some fields, please review the fields and try again."
+
 #: packages/ui/components/document/document-global-auth-action-select.tsx
 msgid "These can be overriden by setting the authentication requirements directly on each recipient in the next step. Multiple methods can be selected."
 msgstr "These can be overriden by setting the authentication requirements directly on each recipient in the next step. Multiple methods can be selected."
@@ -8724,10 +8722,6 @@ msgstr "This envelope could not be distributed at this time. Please try again."
 msgid "This envelope could not be resent at this time. Please try again."
 msgstr "This envelope could not be resent at this time. Please try again."
 
-#: apps/remix/app/components/general/envelope-editor/envelope-editor-preview-page.tsx
-msgid "This feature is coming soon"
-msgstr "This feature is coming soon"
-
 #: packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx
 msgid "This field cannot be modified or deleted. When you share this template's direct link or add it to your public profile, anyone who accesses it can input their name and email, and fill in the fields assigned to them."
 msgstr "This field cannot be modified or deleted. When you share this template's direct link or add it to your public profile, anyone who accesses it can input their name and email, and fill in the fields assigned to them."
@@ -9199,6 +9193,7 @@ msgstr "Untitled Group"
 #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-email-update-dialog.tsx
 #: apps/remix/app/components/dialogs/folder-update-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 #: packages/ui/primitives/document-flow/add-subject.tsx
 msgid "Update"
@@ -9235,6 +9230,7 @@ msgstr "Update organisation"
 
 #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
 #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
 msgid "Update organisation member"
 msgstr "Update organisation member"
 
@@ -9255,9 +9251,11 @@ msgstr "Update profile"
 msgid "Update Recipient"
 msgstr "Update Recipient"
 
+#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
 #: apps/remix/app/components/tables/team-members-table.tsx
 #: apps/remix/app/components/tables/team-groups-table.tsx
 #: apps/remix/app/components/tables/organisation-members-table.tsx
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
 msgid "Update role"
 msgstr "Update role"
 
@@ -9296,6 +9294,10 @@ msgstr "Update user"
 msgid "Update webhook"
 msgstr "Update webhook"
 
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
+msgid "Updated {organisationMemberName} to {roleLabel}."
+msgstr "Updated {organisationMemberName} to {roleLabel}."
+
 #: apps/remix/app/components/forms/password.tsx
 msgid "Updating password..."
 msgstr "Updating password..."
@@ -9366,6 +9368,10 @@ msgstr "Upload Document"
 msgid "Upload documents and add recipients"
 msgstr "Upload documents and add recipients"
 
+#: packages/ui/primitives/document-upload.tsx
+msgid "Upload Envelope"
+msgstr "Upload Envelope"
+
 #: apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx
 #: apps/remix/app/components/general/envelope-editor/envelope-editor-upload-page.tsx
 #: apps/remix/app/components/general/document/envelope-upload-button.tsx
@@ -9662,10 +9668,6 @@ msgstr "View more"
 msgid "View next document"
 msgstr "View next document"
 
-#: apps/remix/app/routes/_recipient+/sign.$token+/complete.tsx
-msgid "View Original Document"
-msgstr "View Original Document"
-
 #: apps/remix/app/components/tables/admin-organisations-table.tsx
 msgid "View owner"
 msgstr "View owner"
@@ -9780,10 +9782,6 @@ msgstr "We are unable to update this passkey at the moment. Please try again lat
 msgid "We couldn't create a Stripe customer. Please try again."
 msgstr "We couldn't create a Stripe customer. Please try again."
 
-#: apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
-msgid "We couldn't promote the member to owner. Please try again."
-msgstr "We couldn't promote the member to owner. Please try again."
-
 #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx
 msgid "We couldn't update the group. Please try again."
 msgstr "We couldn't update the group. Please try again."
@@ -9946,6 +9944,7 @@ msgid "We encountered an unknown error while attempting to update the template.
 msgstr "We encountered an unknown error while attempting to update the template. Please try again later."
 
 #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
 msgid "We encountered an unknown error while attempting to update this organisation member. Please try again later."
 msgstr "We encountered an unknown error while attempting to update this organisation member. Please try again later."
 
@@ -10018,9 +10017,10 @@ msgstr "We were unable to set your public profile to public. Please try again."
 msgid "We were unable to setup two-factor authentication for your account. Please ensure that you have entered your code correctly and try again."
 msgstr "We were unable to setup two-factor authentication for your account. Please ensure that you have entered your code correctly and try again."
 
+#: apps/remix/app/components/general/envelope-signing/envelope-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/envelope-signing/envelope-signing-complete-dialog.tsx
 #: apps/remix/app/components/general/direct-template/direct-template-page.tsx
-#: apps/remix/app/components/embed/embed-document-signing-page.tsx
+#: apps/remix/app/components/embed/embed-document-signing-page-v1.tsx
 #: apps/remix/app/components/embed/embed-direct-template-client-page.tsx
 msgid "We were unable to submit this document at this time. Please try again later."
 msgstr "We were unable to submit this document at this time. Please try again later."
@@ -10322,6 +10322,7 @@ msgid "You are currently updating <0>{memberName}.</0>"
 msgstr "You are currently updating <0>{memberName}.</0>"
 
 #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
+#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
 msgid "You are currently updating <0>{organisationMemberName}.</0>"
 msgstr "You are currently updating <0>{organisationMemberName}.</0>"
 
@@ -10495,7 +10496,7 @@ msgid "You have been invited to join the following organisation"
 msgstr "You have been invited to join the following organisation"
 
 #: packages/lib/server-only/recipient/set-document-recipients.ts
-#: packages/lib/server-only/recipient/delete-document-recipient.ts
+#: packages/lib/server-only/recipient/delete-envelope-recipient.ts
 msgid "You have been removed from a document"
 msgstr "You have been removed from a document"
 
@@ -10664,6 +10665,7 @@ msgstr "You need to be an admin to manage API tokens."
 msgid "You need to be logged in as <0>{email}</0> to view this page."
 msgstr "You need to be logged in as <0>{email}</0> to view this page."
 
+#: apps/remix/app/components/general/document-signing/document-signing-auth-page.tsx
 #: apps/remix/app/components/general/direct-template/direct-template-signing-auth-page.tsx
 msgid "You need to be logged in to view this page."
 msgstr "You need to be logged in to view this page."

packages/lib/universal/field-renderer/field-renderer.ts

@@ -19,7 +19,7 @@ export type FieldToRender = Pick<
   positionX: number;
   positionY: number;
   fieldMeta?: TFieldMetaSchema | null;
-  signature?: Signature | null;
+  signature?: Pick<Signature, 'signatureImageAsBase64' | 'typedSignature'> | null;
 };
 
 export type RenderFieldElementOptions = {

packages/lib/universal/field-renderer/render-field.ts

@@ -15,6 +15,17 @@ import { renderSignatureFieldElement } from './render-signature-field';
 export const MIN_FIELD_HEIGHT_PX = 12;
 export const MIN_FIELD_WIDTH_PX = 36;
 
+/**
+ * The render type.
+ *
+ * @default 'edit'
+ *
+ * - `edit` - The field is rendered in editor page.
+ * - `sign` - The field is rendered for the signing page.
+ * - `export` - The field is rendered for exporting and sealing into the PDF. No backgrounds, interactive elements, etc.
+ */
+export type FieldRenderMode = 'edit' | 'sign' | 'export';
+
 export type FieldToRender = Pick<
   Field,
   'envelopeItemId' | 'recipientId' | 'type' | 'page' | 'customText' | 'inserted' | 'recipientId'
@@ -25,7 +36,7 @@ export type FieldToRender = Pick<
   positionX: number;
   positionY: number;
   fieldMeta?: TFieldMetaSchema | null;
-  signature?: Signature | null;
+  signature?: Pick<Signature, 'signatureImageAsBase64' | 'typedSignature'> | null;
 };
 
 type RenderFieldOptions = {
@@ -38,16 +49,7 @@ type RenderFieldOptions = {
 
   translations: Record<FieldType, string> | null;
 
-  /**
-   * The render type.
-   *
-   * @default 'edit'
-   *
-   * - `edit` - The field is rendered in editor page.
-   * - `sign` - The field is rendered for the signing page.
-   * - `export` - The field is rendered for exporting and sealing into the PDF. No backgrounds, interactive elements, etc.
-   */
-  mode: 'edit' | 'sign' | 'export';
+  mode: FieldRenderMode;
 
   scale: number;
   editable?: boolean;

packages/lib/universal/field-renderer/render-generic-text-field.ts

@@ -44,11 +44,9 @@ const upsertFieldText = (field: FieldToRender, options: RenderFieldElementOption
   if (mode === 'edit') {
     if (textMeta?.text) {
       textToRender = textMeta.text;
-    } else if (textMeta?.label) {
-      textToRender = textMeta.label;
     } else {
       // Show field name which is centered for the edit mode if no label/text is avaliable.
-      textToRender = fieldTypeName;
+      textToRender = textMeta?.label || fieldTypeName;
       textAlign = 'center';
     }
   }
@@ -58,11 +56,9 @@ const upsertFieldText = (field: FieldToRender, options: RenderFieldElementOption
     if (!field.inserted) {
       if (textMeta?.text) {
         textToRender = textMeta.text;
-      } else if (textMeta?.label) {
-        textToRender = textMeta.label;
       } else if (mode === 'sign') {
         // Only show the field name in sign mode if no text/label is avaliable.
-        textToRender = fieldTypeName;
+        textToRender = textMeta?.label || fieldTypeName;
         textAlign = 'center';
       }
     }

packages/lib/universal/upload/put-file.ts

@@ -6,7 +6,7 @@ import { env } from '@documenso/lib/utils/env';
 import type {
   TGetPresignedPostUrlResponse,
   TUploadPdfResponse,
-} from '@documenso/remix/server/api/files.types';
+} from '@documenso/remix/server/api/files/files.types';
 
 import { NEXT_PUBLIC_WEBAPP_URL } from '../../constants/app';
 import { AppError } from '../../errors/app-error';

packages/lib/utils/envelope-download.ts

@@ -2,18 +2,33 @@ import type { EnvelopeItem } from '@prisma/client';
 
 import { NEXT_PUBLIC_WEBAPP_URL } from '../constants/app';
 
-export type EnvelopeDownloadUrlOptions = {
-  envelopeItem: Pick<EnvelopeItem, 'id' | 'envelopeId'>;
-  token: string | undefined;
-  version: 'original' | 'signed';
-};
+export type EnvelopeItemPdfUrlOptions =
+  | {
+      type: 'download';
+      envelopeItem: Pick<EnvelopeItem, 'id' | 'envelopeId'>;
+      token: string | undefined;
+      version: 'original' | 'signed';
+    }
+  | {
+      type: 'view';
+      envelopeItem: Pick<EnvelopeItem, 'id' | 'envelopeId'>;
+      token: string | undefined;
+    };
 
-export const getEnvelopeDownloadUrl = (options: EnvelopeDownloadUrlOptions) => {
-  const { envelopeItem, token, version } = options;
+export const getEnvelopeItemPdfUrl = (options: EnvelopeItemPdfUrlOptions) => {
+  const { envelopeItem, token, type } = options;
 
   const { id, envelopeId } = envelopeItem;
 
+  if (type === 'download') {
+    const version = options.version;
+
+    return token
+      ? `${NEXT_PUBLIC_WEBAPP_URL()}/api/files/token/${token}/envelopeItem/${id}/download/${version}`
+      : `${NEXT_PUBLIC_WEBAPP_URL()}/api/files/envelope/${envelopeId}/envelopeItem/${id}/download/${version}`;
+  }
+
   return token
-    ? `${NEXT_PUBLIC_WEBAPP_URL()}/api/files/token/${token}/envelopeItem/${id}/download/${version}`
-    : `${NEXT_PUBLIC_WEBAPP_URL()}/api/files/envelope/${envelopeId}/envelopeItem/${id}/download/${version}`;
+    ? `${NEXT_PUBLIC_WEBAPP_URL()}/api/files/token/${token}/envelopeItem/${id}`
+    : `${NEXT_PUBLIC_WEBAPP_URL()}/api/files/envelope/${envelopeId}/envelopeItem/${id}`;
 };

packages/lib/utils/is-valid-return-to.ts

@@ -0,0 +1,37 @@
+import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+
+export const isValidReturnTo = (returnTo?: string) => {
+  if (!returnTo) {
+    return false;
+  }
+
+  try {
+    // Decode if it's URL encoded
+    const decodedReturnTo = decodeURIComponent(returnTo);
+    const returnToUrl = new URL(decodedReturnTo, NEXT_PUBLIC_WEBAPP_URL());
+
+    if (returnToUrl.origin !== NEXT_PUBLIC_WEBAPP_URL()) {
+      return false;
+    }
+
+    return true;
+  } catch {
+    return false;
+  }
+};
+
+export const normalizeReturnTo = (returnTo?: string) => {
+  if (!returnTo) {
+    return undefined;
+  }
+
+  try {
+    // Decode if it's URL encoded
+    const decodedReturnTo = decodeURIComponent(returnTo);
+    const returnToUrl = new URL(decodedReturnTo, NEXT_PUBLIC_WEBAPP_URL());
+
+    return `${returnToUrl.pathname}${returnToUrl.search}${returnToUrl.hash}`;
+  } catch {
+    return undefined;
+  }
+};

packages/trpc/server/context.ts

@@ -24,6 +24,7 @@ export const createTrpcContext = async ({
   const { session, user } = await getOptionalSession(c);
 
   const req = c.req.raw;
+  const res = c.res;
 
   const requestMetadata = c.get('context').requestMetadata;
 
@@ -54,6 +55,7 @@ export const createTrpcContext = async ({
       user: null,
       teamId,
       req,
+      res,
       metadata,
     };
   }
@@ -64,6 +66,7 @@ export const createTrpcContext = async ({
     user,
     teamId,
     req,
+    res,
     metadata,
   };
 };
@@ -80,6 +83,7 @@ export type TrpcContext = (
 ) & {
   teamId: number | undefined;
   req: Request;
+  res: Response;
   metadata: ApiRequestMetadata;
   logger: Logger;
 };

packages/trpc/server/document-router/download-document-beta.ts

@@ -0,0 +1,96 @@
+import type { DocumentData } from '@prisma/client';
+import { DocumentDataType, EnvelopeType } from '@prisma/client';
+
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { getEnvelopeById } from '@documenso/lib/server-only/envelope/get-envelope-by-id';
+import { getPresignGetUrl } from '@documenso/lib/universal/upload/server-actions';
+import { isDocumentCompleted } from '@documenso/lib/utils/document';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+  ZDownloadDocumentRequestSchema,
+  ZDownloadDocumentResponseSchema,
+  downloadDocumentMeta,
+} from './download-document-beta.types';
+
+export const downloadDocumentBetaRoute = authenticatedProcedure
+  .meta(downloadDocumentMeta)
+  .input(ZDownloadDocumentRequestSchema)
+  .output(ZDownloadDocumentResponseSchema)
+  .query(async ({ input, ctx }) => {
+    const { teamId, user } = ctx;
+    const { documentId, version } = input;
+
+    ctx.logger.info({
+      input: {
+        documentId,
+        version,
+      },
+    });
+
+    const envelope = await getEnvelopeById({
+      id: {
+        type: 'documentId',
+        id: documentId,
+      },
+      type: EnvelopeType.DOCUMENT,
+      userId: user.id,
+      teamId,
+    });
+
+    // This error is done AFTER the get envelope so we can test access controls without S3.
+    if (process.env.NEXT_PUBLIC_UPLOAD_TRANSPORT !== 's3') {
+      throw new AppError(AppErrorCode.INVALID_REQUEST, {
+        message: 'Document downloads are only available when S3 storage is configured.',
+      });
+    }
+
+    const documentData: DocumentData | undefined = envelope.envelopeItems[0]?.documentData;
+
+    if (envelope.envelopeItems.length !== 1 || !documentData) {
+      throw new AppError(AppErrorCode.INVALID_REQUEST, {
+        message:
+          'This endpoint only supports documents with a single item. Use envelopes API instead.',
+      });
+    }
+
+    if (documentData.type !== DocumentDataType.S3_PATH) {
+      throw new AppError(AppErrorCode.INVALID_REQUEST, {
+        message: 'Document is not stored in S3 and cannot be downloaded via URL.',
+      });
+    }
+
+    if (version === 'signed' && !isDocumentCompleted(envelope.status)) {
+      throw new AppError(AppErrorCode.INVALID_REQUEST, {
+        message: 'Document is not completed yet.',
+      });
+    }
+
+    try {
+      const data =
+        version === 'original' ? documentData.initialData || documentData.data : documentData.data;
+
+      const { url } = await getPresignGetUrl(data);
+
+      const baseTitle = envelope.title.replace(/\.pdf$/, '');
+      const suffix = version === 'signed' ? '_signed.pdf' : '.pdf';
+      const filename = `${baseTitle}${suffix}`;
+
+      return {
+        downloadUrl: url,
+        filename,
+        contentType: 'application/pdf',
+      };
+    } catch (error) {
+      ctx.logger.error({
+        error,
+        message: 'Failed to generate download URL',
+        documentId,
+        version,
+      });
+
+      throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+        message: 'Failed to generate download URL',
+      });
+    }
+  });

packages/trpc/server/document-router/download-document-beta.types.ts

@@ -0,0 +1,32 @@
+import { z } from 'zod';
+
+import type { TrpcRouteMeta } from '../trpc';
+
+export const downloadDocumentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'GET',
+    path: '/document/{documentId}/download-beta',
+    summary: 'Download document (beta)',
+    description: 'Get a pre-signed download URL for the original or signed version of a document',
+    tags: ['Document'],
+  },
+};
+
+export const ZDownloadDocumentRequestSchema = z.object({
+  documentId: z.number().describe('The ID of the document to download.'),
+  version: z
+    .enum(['original', 'signed'])
+    .describe(
+      'The version of the document to download. "signed" returns the completed document with signatures, "original" returns the original uploaded document.',
+    )
+    .default('signed'),
+});
+
+export const ZDownloadDocumentResponseSchema = z.object({
+  downloadUrl: z.string().describe('Pre-signed URL for downloading the PDF file'),
+  filename: z.string().describe('The filename of the PDF file'),
+  contentType: z.string().describe('MIME type of the file'),
+});
+
+export type TDownloadDocumentRequest = z.infer<typeof ZDownloadDocumentRequestSchema>;
+export type TDownloadDocumentResponse = z.infer<typeof ZDownloadDocumentResponseSchema>;

packages/trpc/server/document-router/download-document.ts

@@ -1,11 +1,3 @@
-import type { DocumentData } from '@prisma/client';
-import { DocumentDataType, EnvelopeType } from '@prisma/client';
-
-import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
-import { getEnvelopeById } from '@documenso/lib/server-only/envelope/get-envelope-by-id';
-import { getPresignGetUrl } from '@documenso/lib/universal/upload/server-actions';
-import { isDocumentCompleted } from '@documenso/lib/utils/document';
-
 import { authenticatedProcedure } from '../trpc';
 import {
   ZDownloadDocumentRequestSchema,
@@ -17,8 +9,7 @@ export const downloadDocumentRoute = authenticatedProcedure
   .meta(downloadDocumentMeta)
   .input(ZDownloadDocumentRequestSchema)
   .output(ZDownloadDocumentResponseSchema)
-  .query(async ({ input, ctx }) => {
-    const { teamId, user } = ctx;
+  .query(({ input, ctx }) => {
     const { documentId, version } = input;
 
     ctx.logger.info({
@@ -28,69 +19,5 @@ export const downloadDocumentRoute = authenticatedProcedure
       },
     });
 
-    const envelope = await getEnvelopeById({
-      id: {
-        type: 'documentId',
-        id: documentId,
-      },
-      type: EnvelopeType.DOCUMENT,
-      userId: user.id,
-      teamId,
-    });
-
-    // This error is done AFTER the get envelope so we can test access controls without S3.
-    if (process.env.NEXT_PUBLIC_UPLOAD_TRANSPORT !== 's3') {
-      throw new AppError(AppErrorCode.INVALID_REQUEST, {
-        message: 'Document downloads are only available when S3 storage is configured.',
-      });
-    }
-
-    const documentData: DocumentData | undefined = envelope.envelopeItems[0]?.documentData;
-
-    if (envelope.envelopeItems.length !== 1 || !documentData) {
-      throw new AppError(AppErrorCode.INVALID_REQUEST, {
-        message:
-          'This endpoint only supports documents with a single item. Use envelopes API instead.',
-      });
-    }
-
-    if (documentData.type !== DocumentDataType.S3_PATH) {
-      throw new AppError(AppErrorCode.INVALID_REQUEST, {
-        message: 'Document is not stored in S3 and cannot be downloaded via URL.',
-      });
-    }
-
-    if (version === 'signed' && !isDocumentCompleted(envelope.status)) {
-      throw new AppError(AppErrorCode.INVALID_REQUEST, {
-        message: 'Document is not completed yet.',
-      });
-    }
-
-    try {
-      const data =
-        version === 'original' ? documentData.initialData || documentData.data : documentData.data;
-
-      const { url } = await getPresignGetUrl(data);
-
-      const baseTitle = envelope.title.replace(/\.pdf$/, '');
-      const suffix = version === 'signed' ? '_signed.pdf' : '.pdf';
-      const filename = `${baseTitle}${suffix}`;
-
-      return {
-        downloadUrl: url,
-        filename,
-        contentType: 'application/pdf',
-      };
-    } catch (error) {
-      ctx.logger.error({
-        error,
-        message: 'Failed to generate download URL',
-        documentId,
-        version,
-      });
-
-      throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
-        message: 'Failed to generate download URL',
-      });
-    }
+    throw new Error('NOT_IMPLEMENTED');
   });

packages/trpc/server/document-router/download-document.types.ts

@@ -5,10 +5,12 @@ import type { TrpcRouteMeta } from '../trpc';
 export const downloadDocumentMeta: TrpcRouteMeta = {
   openapi: {
     method: 'GET',
-    path: '/document/{documentId}/download-beta',
-    summary: 'Download document (beta)',
-    description: 'Get a pre-signed download URL for the original or signed version of a document',
+    path: '/document/{documentId}/download',
+    summary: 'Download document',
     tags: ['Document'],
+    responseHeaders: z.object({
+      'Content-Type': z.literal('application/pdf'),
+    }),
   },
 };
 
@@ -22,11 +24,7 @@ export const ZDownloadDocumentRequestSchema = z.object({
     .default('signed'),
 });
 
-export const ZDownloadDocumentResponseSchema = z.object({
-  downloadUrl: z.string().describe('Pre-signed URL for downloading the PDF file'),
-  filename: z.string().describe('The filename of the PDF file'),
-  contentType: z.string().describe('MIME type of the file'),
-});
+export const ZDownloadDocumentResponseSchema = z.instanceof(Uint8Array);
 
 export type TDownloadDocumentRequest = z.infer<typeof ZDownloadDocumentRequestSchema>;
 export type TDownloadDocumentResponse = z.infer<typeof ZDownloadDocumentResponseSchema>;

packages/trpc/server/document-router/router.ts

@@ -11,6 +11,7 @@ import { deleteDocumentRoute } from './delete-document';
 import { distributeDocumentRoute } from './distribute-document';
 import { downloadDocumentRoute } from './download-document';
 import { downloadDocumentAuditLogsRoute } from './download-document-audit-logs';
+import { downloadDocumentBetaRoute } from './download-document-beta';
 import { downloadDocumentCertificateRoute } from './download-document-certificate';
 import { duplicateDocumentRoute } from './duplicate-document';
 import { findDocumentAuditLogsRoute } from './find-document-audit-logs';
@@ -39,6 +40,7 @@ export const documentRouter = router({
   share: shareDocumentRoute,
 
   // Temporary v2 beta routes to be removed once V2 is fully released.
+  downloadBeta: downloadDocumentBetaRoute,
   download: downloadDocumentRoute,
   createDocumentTemporary: createDocumentTemporaryRoute,
   createDocumentFormData: createDocumentFormDataRoute,

packages/trpc/server/embedding-router/_router.ts

@@ -1,5 +1,4 @@
 import { router } from '../trpc';
-import { applyMultiSignSignatureRoute } from './apply-multi-sign-signature';
 import { createEmbeddingDocumentRoute } from './create-embedding-document';
 import { createEmbeddingPresignTokenRoute } from './create-embedding-presign-token';
 import { createEmbeddingTemplateRoute } from './create-embedding-template';
@@ -15,6 +14,6 @@ export const embeddingPresignRouter = router({
   createEmbeddingTemplate: createEmbeddingTemplateRoute,
   updateEmbeddingDocument: updateEmbeddingDocumentRoute,
   updateEmbeddingTemplate: updateEmbeddingTemplateRoute,
-  applyMultiSignSignature: applyMultiSignSignatureRoute,
+  // applyMultiSignSignature: applyMultiSignSignatureRoute,
   getMultiSignDocument: getMultiSignDocumentRoute,
 });

packages/trpc/server/envelope-router/attachment/create-attachment.ts

@@ -4,18 +4,11 @@ import { authenticatedProcedure } from '../../trpc';
 import {
   ZCreateAttachmentRequestSchema,
   ZCreateAttachmentResponseSchema,
+  createAttachmentMeta,
 } from './create-attachment.types';
 
 export const createAttachmentRoute = authenticatedProcedure
-  .meta({
-    openapi: {
-      method: 'POST',
-      path: '/envelope/attachment/create',
-      summary: 'Create attachment',
-      description: 'Create a new attachment for an envelope',
-      tags: ['Envelope Attachments'],
-    },
-  })
+  .meta(createAttachmentMeta)
   .input(ZCreateAttachmentRequestSchema)
   .output(ZCreateAttachmentResponseSchema)
   .mutation(async ({ input, ctx }) => {

packages/trpc/server/envelope-router/attachment/create-attachment.types.ts

@@ -1,5 +1,17 @@
 import { z } from 'zod';
 
+import type { TrpcRouteMeta } from '../../trpc';
+
+export const createAttachmentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/envelope/attachment/create',
+    summary: 'Create attachment',
+    description: 'Create a new attachment for an envelope',
+    tags: ['Envelope Attachments'],
+  },
+};
+
 export const ZCreateAttachmentRequestSchema = z.object({
   envelopeId: z.string(),
   data: z.object({

packages/trpc/server/envelope-router/attachment/delete-attachment.ts

@@ -4,18 +4,11 @@ import { authenticatedProcedure } from '../../trpc';
 import {
   ZDeleteAttachmentRequestSchema,
   ZDeleteAttachmentResponseSchema,
+  deleteAttachmentMeta,
 } from './delete-attachment.types';
 
 export const deleteAttachmentRoute = authenticatedProcedure
-  .meta({
-    openapi: {
-      method: 'POST',
-      path: '/envelope/attachment/delete',
-      summary: 'Delete attachment',
-      description: 'Delete an attachment from an envelope',
-      tags: ['Envelope Attachments'],
-    },
-  })
+  .meta(deleteAttachmentMeta)
   .input(ZDeleteAttachmentRequestSchema)
   .output(ZDeleteAttachmentResponseSchema)
   .mutation(async ({ input, ctx }) => {

packages/trpc/server/envelope-router/attachment/delete-attachment.types.ts

@@ -1,5 +1,17 @@
 import { z } from 'zod';
 
+import type { TrpcRouteMeta } from '../../trpc';
+
+export const deleteAttachmentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/envelope/attachment/delete',
+    summary: 'Delete attachment',
+    description: 'Delete an attachment from an envelope',
+    tags: ['Envelope Attachments'],
+  },
+};
+
 export const ZDeleteAttachmentRequestSchema = z.object({
   id: z.string(),
 });

packages/trpc/server/envelope-router/attachment/find-attachments.ts

@@ -6,18 +6,11 @@ import { maybeAuthenticatedProcedure } from '../../trpc';
 import {
   ZFindAttachmentsRequestSchema,
   ZFindAttachmentsResponseSchema,
+  findAttachmentsMeta,
 } from './find-attachments.types';
 
 export const findAttachmentsRoute = maybeAuthenticatedProcedure
-  .meta({
-    openapi: {
-      method: 'GET',
-      path: '/envelope/attachment',
-      summary: 'Find attachments',
-      description: 'Find all attachments for an envelope',
-      tags: ['Envelope Attachments'],
-    },
-  })
+  .meta(findAttachmentsMeta)
   .input(ZFindAttachmentsRequestSchema)
   .output(ZFindAttachmentsResponseSchema)
   .query(async ({ input, ctx }) => {

packages/trpc/server/envelope-router/attachment/find-attachments.types.ts

@@ -2,6 +2,18 @@ import { z } from 'zod';
 
 import { ZEnvelopeAttachmentTypeSchema } from '@documenso/lib/types/envelope-attachment';
 
+import type { TrpcRouteMeta } from '../../trpc';
+
+export const findAttachmentsMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'GET',
+    path: '/envelope/attachment',
+    summary: 'Find attachments',
+    description: 'Find all attachments for an envelope',
+    tags: ['Envelope Attachments'],
+  },
+};
+
 export const ZFindAttachmentsRequestSchema = z.object({
   envelopeId: z.string(),
   token: z.string().optional(),

packages/trpc/server/envelope-router/attachment/update-attachment.ts

@@ -4,18 +4,11 @@ import { authenticatedProcedure } from '../../trpc';
 import {
   ZUpdateAttachmentRequestSchema,
   ZUpdateAttachmentResponseSchema,
+  updateAttachmentMeta,
 } from './update-attachment.types';
 
 export const updateAttachmentRoute = authenticatedProcedure
-  .meta({
-    openapi: {
-      method: 'POST',
-      path: '/envelope/attachment/update',
-      summary: 'Update attachment',
-      description: 'Update an existing attachment',
-      tags: ['Envelope Attachments'],
-    },
-  })
+  .meta(updateAttachmentMeta)
   .input(ZUpdateAttachmentRequestSchema)
   .output(ZUpdateAttachmentResponseSchema)
   .mutation(async ({ input, ctx }) => {

packages/trpc/server/envelope-router/attachment/update-attachment.types.ts

@@ -1,5 +1,17 @@
 import { z } from 'zod';
 
+import type { TrpcRouteMeta } from '../../trpc';
+
+export const updateAttachmentMeta: TrpcRouteMeta = {
+  openapi: {
+    method: 'POST',
+    path: '/envelope/attachment/update',
+    summary: 'Update attachment',
+    description: 'Update an existing attachment',
+    tags: ['Envelope Attachments'],
+  },
+};
+
 export const ZUpdateAttachmentRequestSchema = z.object({
   id: z.string(),
   data: z.object({

packages/trpc/server/envelope-router/create-envelope-items.ts

@@ -11,18 +11,11 @@ import { authenticatedProcedure } from '../trpc';
 import {
   ZCreateEnvelopeItemsRequestSchema,
   ZCreateEnvelopeItemsResponseSchema,
+  createEnvelopeItemsMeta,
 } from './create-envelope-items.types';
 
 export const createEnvelopeItemsRoute = authenticatedProcedure
-  .meta({
-    openapi: {
-      method: 'POST',
-      path: '/envelope/item/create-many',
-      summary: 'Create envelope items',
-      description: 'Create multiple envelope items for an envelope',
-      tags: ['Envelope Items'],
-    },
-  })
+  .meta(createEnvelopeItemsMeta)
   .input(ZCreateEnvelopeItemsRequestSchema)
   .output(ZCreateEnvelopeItemsResponseSchema)
   .mutation(async ({ input, ctx }) => {
@@ -142,6 +135,6 @@ export const createEnvelopeItemsRoute = authenticatedProcedure
     });
 
     return {
-      createdEnvelopeItems: result,
+      data: result,
     };
   });