fix: refactor api routes

## Description

<!--- Describe the changes introduced by this pull request. -->
<!--- Explain what problem it solves or what feature/fix it adds. -->

## Related Issue

<!--- If this pull request is related to a specific issue, reference it
here using #issue_number. -->
<!--- For example, "Fixes #123" or "Addresses #456". -->

## Changes Made

<!--- Provide a summary of the changes made in this pull request. -->
<!--- Include any relevant technical details or architecture changes.
-->

- Change 1
- Change 2
- ...

## Testing Performed

<!--- Describe the testing that you have performed to validate these
changes. -->
<!--- Include information about test cases, testing environments, and
results. -->

- Tested feature X in scenario Y.
- Ran unit tests for component Z.
- Tested on browsers A, B, and C.
- ...

## Checklist

<!--- Please check the boxes that apply to this pull request. -->
<!--- You can add or remove items as needed. -->

- [ ] I have tested these changes locally and they work as expected.
- [ ] I have added/updated tests that prove the effectiveness of these
changes.
- [ ] I have updated the documentation to reflect these changes, if
applicable.
- [ ] I have followed the project's coding style guidelines.
- [ ] I have addressed the code review feedback from the previous
submission, if applicable.

## Additional Notes

<!--- Provide any additional context or notes for the reviewers. -->
<!--- This might include details about design decisions, potential
concerns, or anything else relevant. -->

.github/workflows/e2e-tests.yml

@@ -8,7 +8,7 @@ jobs:
   e2e_tests:
     name: 'E2E Tests'
     timeout-minutes: 60
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
 

apps/documentation/pages/_app.mdx

@@ -4,7 +4,7 @@ import '../styles.css';
 export default function App({ Component, pageProps }) {
   return (
     <PlausibleProvider>
-      <Component {...pageProps} />;
+      <Component {...pageProps} />
     </PlausibleProvider>
   );
 }

apps/documentation/pages/users/teams/document-visibility.mdx

@@ -17,23 +17,25 @@ The default document visibility option allows you to control who can view and ac
 
 The default document visibility is set to "_EVERYONE_" by default. You can change this setting by going to the [team's general preferences page](/users/teams/preferences) and selecting a different visibility option.
 
-<Callout type="warning">
-  If the team member uploading the document has a role lower than the default document visibility,
-  the document visibility will be set to a lower visibility level matching the team member's role.
-</Callout>
-
 Here's how it works:
 
-- If a user with the "_Member_" role creates a document and the default document visibility is set to "_Admin_" or "_Managers and above_", the document's visibility is set to "_Everyone_".
-- If a user with the "_Manager_" role creates a document and the default document visibility is set to "_Admin_", the document's visibility is set to "_Managers and above_".
-- Otherwise, the document's visibility is set to the default document visibility.
+- If a user with the "_Member_" role creates a document and the default document visibility is set to "_Everyone_", the document's visibility is set to "_EVERYONE_".
+  - The user can't change the visibility of the document in the document editor.
+- If a user with the "_Member_" role creates a document and the default document visibility is set to "_Admin_" or "_Managers and above_", the document's visibility is set to the default document visibility ("_Admin_" or "_Managers and above_" in this case).
+  - The user can't change the visibility of the document in the document editor.
+- If a user with the "_Manager_" role creates a document and the default document visibility is set to "_Everyone_" or "_Managers and above_", the document's visibility is set to the default document visibility ("_Everyone_" or "_Managers and above_" in this case).
+  - The user can change the visibility of the document to any of these options, except "_Admin_", in the document editor.
+- If a user with the "_Manager_" role creates a document and the default document visibility is set to "_Admin_", the document's visibility is set to "_Admin_".
+  - The user can't change the visibility of the document in the document editor.
+- If a user with the "_Admin_" role creates a document, and the default document visibility is set to "_Everyone_", "_Managers and above_", or "_Admin_", the document's visibility is set to the default document visibility.
+  - The user can change the visibility of the document to any of these options in the document editor.
 
 You can change the visibility of a document at any time by editing the document and selecting a different visibility option.
 
 ![A screenshot of the Documenso's document editor page where you can update the document visibility](/teams/document-visibility-settings.webp)
 
 <Callout type="warning">
-  Updating the default document visibility in the team's general settings will not affect the
+  Updating the default document visibility in the team's general preferences will not affect the
   visibility of existing documents. You will need to update the visibility of each document
   individually.
 </Callout>

apps/marketing/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@documenso/marketing",
-  "version": "1.9.0-rc.1",
+  "version": "1.9.0-rc.5",
   "private": true,
   "license": "AGPL-3.0",
   "scripts": {
@@ -47,7 +47,7 @@
     "recharts": "^2.7.2",
     "sharp": "0.32.6",
     "typescript": "5.2.2",
-    "zod": "^3.23.8"
+    "zod": "3.24.1"
   },
   "devDependencies": {
     "@lingui/loader": "^4.11.3",

apps/marketing/src/app/(marketing)/singleplayer/client.tsx

@@ -10,16 +10,13 @@ import { msg } from '@lingui/macro';
 import { useAnalytics } from '@documenso/lib/client-only/hooks/use-analytics';
 import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
 import { base64 } from '@documenso/lib/universal/base64';
-import { putPdfFile } from '@documenso/lib/universal/upload/put-file';
 import type { Field, Recipient } from '@documenso/prisma/client';
 import { DocumentDataType, Prisma } from '@documenso/prisma/client';
-import { trpc } from '@documenso/trpc/react';
 import { Card, CardContent } from '@documenso/ui/primitives/card';
 import { DocumentDropzone } from '@documenso/ui/primitives/document-dropzone';
 import { AddFieldsFormPartial } from '@documenso/ui/primitives/document-flow/add-fields';
 import type { TAddFieldsFormSchema } from '@documenso/ui/primitives/document-flow/add-fields.types';
 import { AddSignatureFormPartial } from '@documenso/ui/primitives/document-flow/add-signature';
-import type { TAddSignatureFormSchema } from '@documenso/ui/primitives/document-flow/add-signature.types';
 import { DocumentFlowFormContainer } from '@documenso/ui/primitives/document-flow/document-flow-root';
 import type { DocumentFlowStep } from '@documenso/ui/primitives/document-flow/types';
 import { LazyPDFViewer } from '@documenso/ui/primitives/lazy-pdf-viewer';
@@ -43,9 +40,6 @@ export const SinglePlayerClient = () => {
   const [step, setStep] = useState<SinglePlayerModeStep>('fields');
   const [fields, setFields] = useState<Field[]>([]);
 
-  const { mutateAsync: createSinglePlayerDocument } =
-    trpc.singleplayer.createSinglePlayerDocument.useMutation();
-
   const documentFlow: Record<SinglePlayerModeStep, DocumentFlowStep> = {
     fields: {
       title: msg`Add document`,
@@ -112,38 +106,35 @@ export const SinglePlayerClient = () => {
   /**
    * Upload, create, sign and send the document.
    */
-  const onSignSubmit = async (data: TAddSignatureFormSchema) => {
+  const onSignSubmit = (data: unknown) => {
     if (!uploadedFile) {
       return;
     }
 
     try {
-      const putFileData = await putPdfFile(uploadedFile.file);
-
-      const documentToken = await createSinglePlayerDocument({
-        documentData: {
-          type: putFileData.type,
-          data: putFileData.data,
-        },
-        documentName: uploadedFile.file.name,
-        signer: data,
-        fields: fields.map((field) => ({
-          page: field.page,
-          type: field.type,
-          positionX: field.positionX.toNumber(),
-          positionY: field.positionY.toNumber(),
-          width: field.width.toNumber(),
-          height: field.height.toNumber(),
-          fieldMeta: field.fieldMeta,
-        })),
-        fieldMeta: { type: undefined },
-      });
-
-      analytics.capture('Marketing: SPM - Document signed', {
-        signer: data.email,
-      });
-
-      router.push(`/singleplayer/${documentToken}/success`);
+      // const putFileData = await putPdfFile(uploadedFile.file);
+      // const documentToken = await createSinglePlayerDocument({
+      //   documentData: {
+      //     type: putFileData.type,
+      //     data: putFileData.data,
+      //   },
+      //   documentName: uploadedFile.file.name,
+      //   signer: data,
+      //   fields: fields.map((field) => ({
+      //     page: field.page,
+      //     type: field.type,
+      //     positionX: field.positionX.toNumber(),
+      //     positionY: field.positionY.toNumber(),
+      //     width: field.width.toNumber(),
+      //     height: field.height.toNumber(),
+      //     fieldMeta: field.fieldMeta,
+      //   })),
+      //   fieldMeta: { type: undefined },
+      // });
+      // analytics.capture('Marketing: SPM - Document signed', {
+      //   signer: data.email,
+      // });
+      // router.push(`/singleplayer/${documentToken}/success`);
     } catch {
       toast({
         title: 'Something went wrong',

apps/openpage-api/app/growth/total-users/route.ts

@@ -2,7 +2,7 @@ import cors from '@/lib/cors';
 import { getUserMonthlyGrowth } from '@/lib/growth/get-user-monthly-growth';
 
 export async function GET(request: Request) {
-  const totalUsers = await getUserMonthlyGrowth("cumulative");
+  const totalUsers = await getUserMonthlyGrowth('cumulative');
 
   return cors(
     request,

apps/openpage-api/lib/cors.ts

@@ -30,10 +30,10 @@ function isOriginAllowed(origin: string, allowed: StaticOrigin): boolean {
   return Array.isArray(allowed)
     ? allowed.some((o) => isOriginAllowed(origin, o))
     : typeof allowed === 'string'
-    ? origin === allowed
-    : allowed instanceof RegExp
-    ? allowed.test(origin)
-    : !!allowed;
+      ? origin === allowed
+      : allowed instanceof RegExp
+        ? allowed.test(origin)
+        : !!allowed;
 }
 
 function getOriginHeaders(reqOrigin: string | undefined, origin: StaticOrigin) {

apps/web/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@documenso/web",
-  "version": "1.9.0-rc.1",
+  "version": "1.9.0-rc.5",
   "private": true,
   "license": "AGPL-3.0",
   "scripts": {
@@ -56,10 +56,11 @@
     "recharts": "^2.7.2",
     "remeda": "^2.17.3",
     "sharp": "0.32.6",
+    "trpc-openapi": "^1.2.0",
     "ts-pattern": "^5.0.5",
     "ua-parser-js": "^1.0.37",
     "uqr": "^0.1.2",
-    "zod": "^3.23.8"
+    "zod": "3.24.1"
   },
   "devDependencies": {
     "@documenso/tailwind-config": "*",

apps/web/src/app/(dashboard)/admin/leaderboard/data-table-leaderboard.tsx

@@ -134,7 +134,7 @@ export const LeaderboardTable = ({
     startTransition(() => {
       updateSearchParams({
         sortBy: column,
-        sortOrder: sortOrder === 'asc' ? 'desc' : 'asc',
+        sortOrder: sortBy === column && sortOrder === 'asc' ? 'desc' : 'asc',
       });
     });
   };

apps/web/src/app/(dashboard)/admin/users/[id]/delete-user-dialog.tsx

@@ -30,8 +30,8 @@ export type DeleteUserDialogProps = {
 };
 
 export const DeleteUserDialog = ({ className, user }: DeleteUserDialogProps) => {
-  const { toast } = useToast();
   const { _ } = useLingui();
+  const { toast } = useToast();
 
   const router = useRouter();
 
@@ -44,7 +44,6 @@ export const DeleteUserDialog = ({ className, user }: DeleteUserDialogProps) =>
     try {
       await deleteUser({
         id: user.id,
-        email,
       });
 
       toast({
@@ -78,7 +77,7 @@ export const DeleteUserDialog = ({ className, user }: DeleteUserDialogProps) =>
   return (
     <div className={className}>
       <Alert
-        className="flex flex-col items-center justify-between gap-4 p-6 md:flex-row "
+        className="flex flex-col items-center justify-between gap-4 p-6 md:flex-row"
         variant="neutral"
       >
         <div>

apps/web/src/app/(dashboard)/admin/users/[id]/disable-user-dialog.tsx

@@ -0,0 +1,141 @@
+'use client';
+
+import { useState } from 'react';
+
+import { Trans, msg } from '@lingui/macro';
+import { useLingui } from '@lingui/react';
+import { match } from 'ts-pattern';
+
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import type { User } from '@documenso/prisma/client';
+import { trpc } from '@documenso/trpc/react';
+import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert';
+import { Button } from '@documenso/ui/primitives/button';
+import {
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+  DialogTrigger,
+} from '@documenso/ui/primitives/dialog';
+import { Input } from '@documenso/ui/primitives/input';
+import { useToast } from '@documenso/ui/primitives/use-toast';
+
+export type DisableUserDialogProps = {
+  className?: string;
+  userToDisable: User;
+};
+
+export const DisableUserDialog = ({ className, userToDisable }: DisableUserDialogProps) => {
+  const { _ } = useLingui();
+  const { toast } = useToast();
+
+  const [email, setEmail] = useState('');
+
+  const { mutateAsync: disableUser, isLoading: isDisablingUser } =
+    trpc.admin.disableUser.useMutation();
+
+  const onDisableAccount = async () => {
+    try {
+      await disableUser({
+        id: userToDisable.id,
+      });
+
+      toast({
+        title: _(msg`Account disabled`),
+        description: _(msg`The account has been disabled successfully.`),
+        duration: 5000,
+      });
+    } catch (err) {
+      const error = AppError.parseError(err);
+
+      const errorMessage = match(error.code)
+        .with(AppErrorCode.NOT_FOUND, () => msg`User not found.`)
+        .with(AppErrorCode.UNAUTHORIZED, () => msg`You are not authorized to disable this user.`)
+        .otherwise(() => msg`An error occurred while disabling the user.`);
+
+      toast({
+        title: _(msg`Error`),
+        description: _(errorMessage),
+        variant: 'destructive',
+        duration: 7500,
+      });
+    }
+  };
+
+  return (
+    <div className={className}>
+      <Alert
+        className="flex flex-col items-center justify-between gap-4 p-6 md:flex-row"
+        variant="neutral"
+      >
+        <div>
+          <AlertTitle>Disable Account</AlertTitle>
+          <AlertDescription className="mr-2">
+            <Trans>
+              Disabling the user results in the user not being able to use the account. It also
+              disables all the related contents such as subscription, webhooks, teams, and API keys.
+            </Trans>
+          </AlertDescription>
+        </div>
+
+        <div className="flex-shrink-0">
+          <Dialog>
+            <DialogTrigger asChild>
+              <Button variant="destructive">
+                <Trans>Disable Account</Trans>
+              </Button>
+            </DialogTrigger>
+
+            <DialogContent>
+              <DialogHeader className="space-y-4">
+                <DialogTitle>
+                  <Trans>Disable Account</Trans>
+                </DialogTitle>
+
+                <Alert variant="destructive">
+                  <AlertDescription className="selection:bg-red-100">
+                    <Trans>
+                      This action is reversible, but please be careful as the account may be
+                      affected permanently (e.g. their settings and contents not being restored
+                      properly).
+                    </Trans>
+                  </AlertDescription>
+                </Alert>
+              </DialogHeader>
+
+              <div>
+                <DialogDescription>
+                  <Trans>
+                    To confirm, please enter the accounts email address <br />({userToDisable.email}
+                    ).
+                  </Trans>
+                </DialogDescription>
+
+                <Input
+                  className="mt-2"
+                  type="email"
+                  value={email}
+                  onChange={(e) => setEmail(e.target.value)}
+                />
+              </div>
+
+              <DialogFooter>
+                <Button
+                  onClick={onDisableAccount}
+                  loading={isDisablingUser}
+                  variant="destructive"
+                  disabled={email !== userToDisable.email}
+                >
+                  <Trans>Disable account</Trans>
+                </Button>
+              </DialogFooter>
+            </DialogContent>
+          </Dialog>
+        </div>
+      </Alert>
+    </div>
+  );
+};

apps/web/src/app/(dashboard)/admin/users/[id]/enable-user-dialog.tsx

@@ -0,0 +1,130 @@
+'use client';
+
+import { useState } from 'react';
+
+import { Trans, msg } from '@lingui/macro';
+import { useLingui } from '@lingui/react';
+import { match } from 'ts-pattern';
+
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import type { User } from '@documenso/prisma/client';
+import { trpc } from '@documenso/trpc/react';
+import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert';
+import { Button } from '@documenso/ui/primitives/button';
+import {
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+  DialogTrigger,
+} from '@documenso/ui/primitives/dialog';
+import { Input } from '@documenso/ui/primitives/input';
+import { useToast } from '@documenso/ui/primitives/use-toast';
+
+export type EnableUserDialogProps = {
+  className?: string;
+  userToEnable: User;
+};
+
+export const EnableUserDialog = ({ className, userToEnable }: EnableUserDialogProps) => {
+  const { toast } = useToast();
+  const { _ } = useLingui();
+
+  const [email, setEmail] = useState('');
+
+  const { mutateAsync: enableUser, isLoading: isEnablingUser } =
+    trpc.admin.enableUser.useMutation();
+
+  const onEnableAccount = async () => {
+    try {
+      await enableUser({
+        id: userToEnable.id,
+      });
+
+      toast({
+        title: _(msg`Account enabled`),
+        description: _(msg`The account has been enabled successfully.`),
+        duration: 5000,
+      });
+    } catch (err) {
+      const error = AppError.parseError(err);
+
+      const errorMessage = match(error.code)
+        .with(AppErrorCode.NOT_FOUND, () => msg`User not found.`)
+        .with(AppErrorCode.UNAUTHORIZED, () => msg`You are not authorized to enable this user.`)
+        .otherwise(() => msg`An error occurred while enabling the user.`);
+
+      toast({
+        title: _(msg`Error`),
+        description: _(errorMessage),
+        variant: 'destructive',
+        duration: 7500,
+      });
+    }
+  };
+
+  return (
+    <div className={className}>
+      <Alert
+        className="flex flex-col items-center justify-between gap-4 p-6 md:flex-row"
+        variant="neutral"
+      >
+        <div>
+          <AlertTitle>Enable Account</AlertTitle>
+          <AlertDescription className="mr-2">
+            <Trans>
+              Enabling the account results in the user being able to use the account again, and all
+              the related features such as webhooks, teams, and API keys for example.
+            </Trans>
+          </AlertDescription>
+        </div>
+
+        <div className="flex-shrink-0">
+          <Dialog>
+            <DialogTrigger asChild>
+              <Button>
+                <Trans>Enable Account</Trans>
+              </Button>
+            </DialogTrigger>
+
+            <DialogContent>
+              <DialogHeader className="space-y-4">
+                <DialogTitle>
+                  <Trans>Enable Account</Trans>
+                </DialogTitle>
+              </DialogHeader>
+
+              <div>
+                <DialogDescription>
+                  <Trans>
+                    To confirm, please enter the accounts email address <br />({userToEnable.email}
+                    ).
+                  </Trans>
+                </DialogDescription>
+
+                <Input
+                  className="mt-2"
+                  type="email"
+                  value={email}
+                  onChange={(e) => setEmail(e.target.value)}
+                />
+              </div>
+
+              <DialogFooter>
+                <Button
+                  onClick={onEnableAccount}
+                  loading={isEnablingUser}
+                  disabled={email !== userToEnable.email}
+                >
+                  <Trans>Enable account</Trans>
+                </Button>
+              </DialogFooter>
+            </DialogContent>
+          </Dialog>
+        </div>
+      </Alert>
+    </div>
+  );
+};

apps/web/src/app/(dashboard)/admin/users/[id]/page.tsx

@@ -23,6 +23,8 @@ import { Input } from '@documenso/ui/primitives/input';
 import { useToast } from '@documenso/ui/primitives/use-toast';
 
 import { DeleteUserDialog } from './delete-user-dialog';
+import { DisableUserDialog } from './disable-user-dialog';
+import { EnableUserDialog } from './enable-user-dialog';
 import { MultiSelectRoleCombobox } from './multiselect-role-combobox';
 
 const ZUserFormSchema = ZAdminUpdateProfileMutationSchema.omit({ id: true });
@@ -35,7 +37,7 @@ export default function UserPage({ params }: { params: { id: number } }) {
 
   const router = useRouter();
 
-  const { data: user } = trpc.profile.getUser.useQuery(
+  const { data: user } = trpc.admin.getUser.useQuery(
     {
       id: Number(params.id),
     },
@@ -153,7 +155,11 @@ export default function UserPage({ params }: { params: { id: number } }) {
 
       <hr className="my-4" />
 
-      {user && <DeleteUserDialog user={user} />}
+      <div className="flex flex-col items-center gap-4">
+        {user && <DeleteUserDialog user={user} />}
+        {user && user.disabled && <EnableUserDialog userToEnable={user} />}
+        {user && !user.disabled && <DisableUserDialog userToDisable={user} />}
+      </div>
     </div>
   );
 }

apps/web/src/app/(dashboard)/documents/[id]/document-page-view-recent-activity.tsx

@@ -37,10 +37,8 @@ export const DocumentPageViewRecentActivity = ({
     {
       documentId,
       filterForRecentActivity: true,
-      orderBy: {
-        column: 'createdAt',
-        direction: 'asc',
-      },
+      orderByColumn: 'createdAt',
+      orderByDirection: 'asc',
       perPage: 10,
     },
     {

apps/web/src/app/(dashboard)/documents/[id]/edit-document.tsx

@@ -12,8 +12,8 @@ import {
   DO_NOT_INVALIDATE_QUERY_ON_MUTATION,
   SKIP_QUERY_BATCH_META,
 } from '@documenso/lib/constants/trpc';
+import type { TGetDocumentWithDetailsByIdResponse } from '@documenso/lib/server-only/document/get-document-with-details-by-id';
 import { DocumentDistributionMethod, DocumentStatus } from '@documenso/prisma/client';
-import type { DocumentWithDetails } from '@documenso/prisma/types/document';
 import { trpc } from '@documenso/trpc/react';
 import { cn } from '@documenso/ui/lib/utils';
 import { Card, CardContent } from '@documenso/ui/primitives/card';
@@ -35,7 +35,7 @@ import { useOptionalCurrentTeam } from '~/providers/team';
 
 export type EditDocumentFormProps = {
   className?: string;
-  initialDocument: DocumentWithDetails;
+  initialDocument: TGetDocumentWithDetailsByIdResponse;
   documentRootPath: string;
   isDocumentEnterprise: boolean;
 };
@@ -103,7 +103,7 @@ export const EditDocumentForm = ({
 
   const { mutateAsync: addFields } = trpc.field.addFields.useMutation({
     ...DO_NOT_INVALIDATE_QUERY_ON_MUTATION,
-    onSuccess: (newFields) => {
+    onSuccess: ({ fields: newFields }) => {
       utils.document.getDocumentWithDetailsById.setData(
         {
           documentId: initialDocument.id,
@@ -132,9 +132,9 @@ export const EditDocumentForm = ({
       },
     });
 
-  const { mutateAsync: addSigners } = trpc.recipient.addSigners.useMutation({
+  const { mutateAsync: addSigners } = trpc.recipient.setDocumentRecipients.useMutation({
     ...DO_NOT_INVALIDATE_QUERY_ON_MUTATION,
-    onSuccess: (newRecipients) => {
+    onSuccess: ({ recipients: newRecipients }) => {
       utils.document.getDocumentWithDetailsById.setData(
         {
           documentId: initialDocument.id,

apps/web/src/app/(dashboard)/documents/data-table.tsx

@@ -9,8 +9,8 @@ import { DateTime } from 'luxon';
 import { useSession } from 'next-auth/react';
 
 import { useUpdateSearchParams } from '@documenso/lib/client-only/hooks/use-update-search-params';
-import type { FindResultResponse } from '@documenso/lib/types/search-params';
-import type { Document, Recipient, Team, User } from '@documenso/prisma/client';
+import type { TFindDocumentsResponse } from '@documenso/lib/server-only/document/find-documents';
+import type { Team } from '@documenso/prisma/client';
 import { ExtendedDocumentStatus } from '@documenso/prisma/types/extended-document-status';
 import type { DataTableColumnDef } from '@documenso/ui/primitives/data-table';
 import { DataTable } from '@documenso/ui/primitives/data-table';
@@ -24,13 +24,7 @@ import { DataTableActionDropdown } from './data-table-action-dropdown';
 import { DataTableTitle } from './data-table-title';
 
 export type DocumentsDataTableProps = {
-  results: FindResultResponse<
-    Document & {
-      Recipient: Recipient[];
-      User: Pick<User, 'id' | 'name' | 'email'>;
-      team: Pick<Team, 'id' | 'url'> | null;
-    }
-  >;
+  results: TFindDocumentsResponse;
   showSenderColumn?: boolean;
   team?: Pick<Team, 'id' | 'url'> & { teamEmail?: string };
 };

apps/web/src/app/(dashboard)/templates/[id]/template-page-view-recent-activity.tsx

@@ -26,10 +26,8 @@ export const TemplatePageViewRecentActivity = ({
   const { data, isLoading, isLoadingError, refetch } = trpc.document.findDocuments.useQuery({
     templateId,
     teamId,
-    orderBy: {
-      column: 'createdAt',
-      direction: 'asc',
-    },
+    orderByColumn: 'createdAt',
+    orderByDirection: 'asc',
     perPage: 5,
   });
 

apps/web/src/app/(dashboard)/templates/move-template-dialog.tsx

@@ -4,8 +4,10 @@ import { useRouter } from 'next/navigation';
 
 import { Trans, msg } from '@lingui/macro';
 import { useLingui } from '@lingui/react';
+import { match } from 'ts-pattern';
 
 import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { trpc } from '@documenso/trpc/react';
 import { Avatar, AvatarFallback, AvatarImage } from '@documenso/ui/primitives/avatar';
 import { Button } from '@documenso/ui/primitives/button';
@@ -51,10 +53,20 @@ export const MoveTemplateDialog = ({ templateId, open, onOpenChange }: MoveTempl
       });
       onOpenChange(false);
     },
-    onError: (error) => {
+    onError: (err) => {
+      const error = AppError.parseError(err);
+
+      const errorMessage = match(error.code)
+        .with(
+          AppErrorCode.NOT_FOUND,
+          () => msg`Template not found or already associated with a team.`,
+        )
+        .with(AppErrorCode.UNAUTHORIZED, () => msg`You are not a member of this team.`)
+        .otherwise(() => msg`An error occurred while moving the template.`);
+
       toast({
         title: _(msg`Error`),
-        description: error.message || _(msg`An error occurred while moving the template.`),
+        description: _(errorMessage),
         variant: 'destructive',
         duration: 7500,
       });

apps/web/src/app/(signing)/sign/[token]/checkbox-field.tsx

@@ -12,6 +12,7 @@ import { DO_NOT_INVALIDATE_QUERY_ON_MUTATION } from '@documenso/lib/constants/tr
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import type { TRecipientActionAuth } from '@documenso/lib/types/document-auth';
 import { ZCheckboxFieldMeta } from '@documenso/lib/types/field-meta';
+import { fromCheckboxValue, toCheckboxValue } from '@documenso/lib/universal/field-checkbox';
 import type { Recipient } from '@documenso/prisma/client';
 import type { FieldWithSignatureAndFieldMeta } from '@documenso/prisma/types/field-with-signature-and-fieldmeta';
 import { trpc } from '@documenso/trpc/react';
@@ -54,6 +55,7 @@ export const CheckboxField = ({
     ...item,
     value: item.value.length > 0 ? item.value : `empty-value-${item.id}`,
   }));
+
   const [checkedValues, setCheckedValues] = useState(
     values
       ?.map((item) =>
@@ -97,7 +99,7 @@ export const CheckboxField = ({
       const payload: TSignFieldWithTokenMutationSchema = {
         token: recipient.token,
         fieldId: field.id,
-        value: checkedValues.join(','),
+        value: toCheckboxValue(checkedValues),
         isBase64: true,
         authOptions,
       };
@@ -191,7 +193,7 @@ export const CheckboxField = ({
           await signFieldWithToken({
             token: recipient.token,
             fieldId: field.id,
-            value: updatedValues.join(','),
+            value: toCheckboxValue(checkedValues),
             isBase64: true,
           });
         }
@@ -228,6 +230,11 @@ export const CheckboxField = ({
     }
   }, [checkedValues, isLengthConditionMet, field.inserted]);
 
+  const parsedCheckedValues = useMemo(
+    () => fromCheckboxValue(field.customText),
+    [field.customText],
+  );
+
   return (
     <SigningFieldContainer field={field} onSign={onSign} onRemove={onRemove} type="Checkbox">
       {isLoading && (
@@ -277,9 +284,7 @@ export const CheckboxField = ({
                   className="h-3 w-3"
                   checkClassName="text-white"
                   id={`checkbox-${index}`}
-                  checked={field.customText
-                    .split(',')
-                    .some((customValue) => customValue === itemValue)}
+                  checked={parsedCheckedValues.includes(itemValue)}
                   disabled={isLoading}
                   onCheckedChange={() => void handleCheckboxOptionClick(item)}
                 />

apps/web/src/app/(signing)/sign/[token]/dropdown-field.tsx

@@ -178,7 +178,7 @@ export const DropdownField = ({
         )}
 
         {!field.inserted && (
-          <p className="group-hover:text-primary text-muted-foreground flex flex-col items-center justify-center duration-200 ">
+          <p className="group-hover:text-primary text-muted-foreground flex flex-col items-center justify-center duration-200">
             <Select value={localChoice} onValueChange={handleSelectItem}>
               <SelectTrigger
                 className={cn(

apps/web/src/app/(signing)/sign/[token]/form.tsx

@@ -11,6 +11,7 @@ import { useForm } from 'react-hook-form';
 import { useAnalytics } from '@documenso/lib/client-only/hooks/use-analytics';
 import type { DocumentAndSender } from '@documenso/lib/server-only/document/get-document-by-token';
 import type { TRecipientActionAuth } from '@documenso/lib/types/document-auth';
+import { isFieldUnsignedAndRequired } from '@documenso/lib/utils/advanced-fields-helpers';
 import { sortFieldsByPosition, validateFieldsInserted } from '@documenso/lib/utils/fields';
 import { type Field, FieldType, type Recipient, RecipientRole } from '@documenso/prisma/client';
 import { trpc } from '@documenso/trpc/react';
@@ -57,26 +58,31 @@ export const SigningForm = ({
   // Keep the loading state going if successful since the redirect may take some time.
   const isSubmitting = formState.isSubmitting || formState.isSubmitSuccessful;
 
+  const fieldsRequiringValidation = useMemo(
+    () => fields.filter(isFieldUnsignedAndRequired),
+    [fields],
+  );
+
   const hasSignatureField = fields.some((field) => field.type === FieldType.SIGNATURE);
 
   const uninsertedFields = useMemo(() => {
-    return sortFieldsByPosition(fields.filter((field) => !field.inserted));
+    return sortFieldsByPosition(fieldsRequiringValidation.filter((field) => !field.inserted));
   }, [fields]);
 
   const fieldsValidated = () => {
     setValidateUninsertedFields(true);
-    validateFieldsInserted(fields);
+    validateFieldsInserted(fieldsRequiringValidation);
   };
 
   const onFormSubmit = async () => {
     setValidateUninsertedFields(true);
 
+    const isFieldsValid = validateFieldsInserted(fieldsRequiringValidation);
+
     if (hasSignatureField && !signatureValid) {
       return;
     }
 
-    const isFieldsValid = validateFieldsInserted(fields);
-
     if (!isFieldsValid) {
       return;
     }

apps/web/src/app/(signing)/sign/[token]/name-field.tsx

@@ -205,7 +205,7 @@ export const NameField = ({ field, recipient, onSignField, onUnsignField }: Name
             <div className="flex w-full flex-1 flex-nowrap gap-4">
               <Button
                 type="button"
-                className="dark:bg-muted dark:hover:bg-muted/80 flex-1  bg-black/5 hover:bg-black/10"
+                className="dark:bg-muted dark:hover:bg-muted/80 flex-1 bg-black/5 hover:bg-black/10"
                 variant="secondary"
                 onClick={() => {
                   setShowFullNameModal(false);

apps/web/src/app/(signing)/sign/[token]/number-field.tsx

@@ -318,7 +318,7 @@ export const NumberField = ({ field, recipient, onSignField, onUnsignField }: Nu
             <div className="flex w-full flex-1 flex-nowrap gap-4">
               <Button
                 type="button"
-                className="dark:bg-muted dark:hover:bg-muted/80 flex-1  bg-black/5 hover:bg-black/10"
+                className="dark:bg-muted dark:hover:bg-muted/80 flex-1 bg-black/5 hover:bg-black/10"
                 variant="secondary"
                 onClick={() => {
                   setShowRadioModal(false);

apps/web/src/app/(signing)/sign/[token]/sign-dialog.tsx

@@ -1,7 +1,8 @@
-import { useState } from 'react';
+import { useMemo, useState } from 'react';
 
 import { Trans } from '@lingui/macro';
 
+import { fieldsContainUnsignedRequiredField } from '@documenso/lib/utils/advanced-fields-helpers';
 import type { Field } from '@documenso/prisma/client';
 import { RecipientRole } from '@documenso/prisma/client';
 import { Button } from '@documenso/ui/primitives/button';
@@ -36,7 +37,7 @@ export const SignDialog = ({
 }: SignDialogProps) => {
   const [showDialog, setShowDialog] = useState(false);
 
-  const isComplete = fields.every((field) => field.inserted);
+  const isComplete = useMemo(() => !fieldsContainUnsignedRequiredField(fields), [fields]);
 
   const handleOpenChange = (open: boolean) => {
     if (isSubmitting || !isComplete) {

apps/web/src/app/(signing)/sign/[token]/text-field.tsx

@@ -214,15 +214,15 @@ export const TextField = ({ field, recipient, onSignField, onUnsignField }: Text
     parsedField?.label && parsedField.label.length < 20
       ? parsedField.label
       : parsedField?.label
-      ? parsedField?.label.substring(0, 20) + '...'
-      : undefined;
+        ? parsedField?.label.substring(0, 20) + '...'
+        : undefined;
 
   const textDisplay =
     parsedField?.text && parsedField.text.length < 20
       ? parsedField.text
       : parsedField?.text
-      ? parsedField?.text.substring(0, 20) + '...'
-      : undefined;
+        ? parsedField?.text.substring(0, 20) + '...'
+        : undefined;
 
   const fieldDisplayName = labelDisplay ? labelDisplay : textDisplay;
   const charactersRemaining = (parsedFieldMeta?.characterLimit ?? 0) - (localText.length ?? 0);
@@ -325,7 +325,7 @@ export const TextField = ({ field, recipient, onSignField, onUnsignField }: Text
             <div className="mt-4 flex w-full flex-1 flex-nowrap gap-4">
               <Button
                 type="button"
-                className="dark:bg-muted dark:hover:bg-muted/80 flex-1  bg-black/5 hover:bg-black/10"
+                className="dark:bg-muted dark:hover:bg-muted/80 flex-1 bg-black/5 hover:bg-black/10"
                 variant="secondary"
                 onClick={() => {
                   setShowCustomTextModal(false);

apps/web/src/app/(teams)/t/[teamUrl]/settings/billing/page.tsx

@@ -2,6 +2,7 @@ import { Plural, Trans, msg } from '@lingui/macro';
 import { useLingui } from '@lingui/react';
 import { DateTime } from 'luxon';
 import type Stripe from 'stripe';
+import { match } from 'ts-pattern';
 
 import { setupI18nSSR } from '@documenso/lib/client-only/providers/i18n.server';
 import { getRequiredServerComponentSession } from '@documenso/lib/next-auth/get-server-component-session';
@@ -44,15 +45,24 @@ export default async function TeamsSettingBillingPage({ params }: TeamsSettingsB
 
     const numberOfSeats = subscription.items.data[0].quantity ?? 0;
 
-    const formattedTeamMemberQuanity = (
-      <Plural value={numberOfSeats} one="# member" other="# members" />
-    );
-
     const formattedDate = DateTime.fromSeconds(subscription.current_period_end).toFormat(
       'LLL dd, yyyy',
     );
 
-    return _(msg`${formattedTeamMemberQuanity} • Monthly • Renews: ${formattedDate}`);
+    const subscriptionInterval = match(subscription?.items.data[0].plan.interval)
+      .with('year', () => _(msg`Yearly`))
+      .with('month', () => _(msg`Monthly`))
+      .otherwise(() => _(msg`Unknown`));
+
+    return (
+      <span>
+        <Plural value={numberOfSeats} one="# member" other="# members" />
+        {' • '}
+        <span>{subscriptionInterval}</span>
+        {' • '}
+        <Trans>Renews: {formattedDate}</Trans>
+      </span>
+    );
   };
 
   return (
@@ -66,10 +76,6 @@ export default async function TeamsSettingBillingPage({ params }: TeamsSettingsB
         <CardContent className="flex flex-row items-center justify-between p-4">
           <div className="flex flex-col text-sm">
             <p className="text-foreground font-semibold">
-              <Trans>Current plan: {teamSubscription ? 'Team' : 'Early Adopter Team'}</Trans>
-            </p>
-
-            <p className="text-muted-foreground mt-0.5">
               {formatTeamSubscriptionDetails(teamSubscription)}
             </p>
           </div>

apps/web/src/components/(dashboard)/avatar/stack-avatar.tsx

@@ -47,10 +47,7 @@ export const StackAvatar = ({ first, zIndex, fallbackText = '', type }: StackAva
 
   return (
     <Avatar
-      className={`
-        ${zIndexClass}
-        ${firstClass}
-        dark:border-border h-10 w-10 border-2 border-solid border-white`}
+      className={` ${zIndexClass} ${firstClass} dark:border-border h-10 w-10 border-2 border-solid border-white`}
     >
       <AvatarFallback className={classes}>{fallbackText}</AvatarFallback>
     </Avatar>

apps/web/src/components/(teams)/dialogs/add-team-email-dialog.tsx

@@ -14,7 +14,7 @@ import type { z } from 'zod';
 
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { trpc } from '@documenso/trpc/react';
-import { ZCreateTeamEmailVerificationMutationSchema } from '@documenso/trpc/server/team-router/schema';
+import { ZCreateTeamEmailVerificationRequestSchema } from '@documenso/trpc/server/team-router/create-team-email-verification-route';
 import { Button } from '@documenso/ui/primitives/button';
 import {
   Dialog,
@@ -41,7 +41,7 @@ export type AddTeamEmailDialogProps = {
   trigger?: React.ReactNode;
 } & Omit<DialogPrimitive.DialogProps, 'children'>;
 
-const ZCreateTeamEmailFormSchema = ZCreateTeamEmailVerificationMutationSchema.pick({
+const ZCreateTeamEmailFormSchema = ZCreateTeamEmailVerificationRequestSchema.pick({
   name: true,
   email: true,
 });

apps/web/src/components/(teams)/dialogs/create-team-dialog.tsx

@@ -15,7 +15,7 @@ import { useUpdateSearchParams } from '@documenso/lib/client-only/hooks/use-upda
 import { WEBAPP_BASE_URL } from '@documenso/lib/constants/app';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { trpc } from '@documenso/trpc/react';
-import { ZCreateTeamMutationSchema } from '@documenso/trpc/server/team-router/schema';
+import { ZCreateTeamRequestSchema } from '@documenso/trpc/server/team-router/create-team-route';
 import { Button } from '@documenso/ui/primitives/button';
 import {
   Dialog,
@@ -41,7 +41,7 @@ export type CreateTeamDialogProps = {
   trigger?: React.ReactNode;
 } & Omit<DialogPrimitive.DialogProps, 'children'>;
 
-const ZCreateTeamFormSchema = ZCreateTeamMutationSchema.pick({
+const ZCreateTeamFormSchema = ZCreateTeamRequestSchema.pick({
   teamName: true,
   teamUrl: true,
 });

apps/web/src/components/(teams)/dialogs/invite-team-member-dialog.tsx

@@ -15,7 +15,7 @@ import { downloadFile } from '@documenso/lib/client-only/download-file';
 import { TEAM_MEMBER_ROLE_HIERARCHY, TEAM_MEMBER_ROLE_MAP } from '@documenso/lib/constants/teams';
 import { TeamMemberRole } from '@documenso/prisma/client';
 import { trpc } from '@documenso/trpc/react';
-import { ZCreateTeamMemberInvitesMutationSchema } from '@documenso/trpc/server/team-router/schema';
+import { ZCreateTeamMemberInvitesRequestSchema } from '@documenso/trpc/server/team-router/create-team-member-invites-route';
 import { cn } from '@documenso/ui/lib/utils';
 import { Button } from '@documenso/ui/primitives/button';
 import { Card, CardContent } from '@documenso/ui/primitives/card';
@@ -55,7 +55,7 @@ export type InviteTeamMembersDialogProps = {
 
 const ZInviteTeamMembersFormSchema = z
   .object({
-    invitations: ZCreateTeamMemberInvitesMutationSchema.shape.invitations,
+    invitations: ZCreateTeamMemberInvitesRequestSchema.shape.invitations,
   })
   // Display exactly which rows are duplicates.
   .superRefine((items, ctx) => {

apps/web/src/components/(teams)/forms/update-team-form.tsx

@@ -12,7 +12,7 @@ import type { z } from 'zod';
 import { WEBAPP_BASE_URL } from '@documenso/lib/constants/app';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { trpc } from '@documenso/trpc/react';
-import { ZUpdateTeamMutationSchema } from '@documenso/trpc/server/team-router/schema';
+import { ZUpdateTeamRequestSchema } from '@documenso/trpc/server/team-router/update-team-route';
 import { Button } from '@documenso/ui/primitives/button';
 import {
   Form,
@@ -31,7 +31,7 @@ export type UpdateTeamDialogProps = {
   teamUrl: string;
 };
 
-const ZUpdateTeamFormSchema = ZUpdateTeamMutationSchema.shape.data.pick({
+const ZUpdateTeamFormSchema = ZUpdateTeamRequestSchema.shape.data.pick({
   name: true,
   url: true,
 });

apps/web/src/components/forms/public-profile-form.tsx

@@ -17,8 +17,8 @@ import { formatUserProfilePath } from '@documenso/lib/utils/public-profiles';
 import type { TeamProfile, UserProfile } from '@documenso/prisma/client';
 import {
   MAX_PROFILE_BIO_LENGTH,
-  ZUpdatePublicProfileMutationSchema,
-} from '@documenso/trpc/server/profile-router/schema';
+  ZUpdatePublicProfileRequestSchema,
+} from '@documenso/trpc/server/profile-router/update-public-profile-route';
 import { cn } from '@documenso/ui/lib/utils';
 import { Button } from '@documenso/ui/primitives/button';
 import {
@@ -33,7 +33,7 @@ import { Input } from '@documenso/ui/primitives/input';
 import { Textarea } from '@documenso/ui/primitives/textarea';
 import { useToast } from '@documenso/ui/primitives/use-toast';
 
-export const ZPublicProfileFormSchema = ZUpdatePublicProfileMutationSchema.pick({
+export const ZPublicProfileFormSchema = ZUpdatePublicProfileRequestSchema.pick({
   bio: true,
   enabled: true,
   url: true,

apps/web/src/components/forms/signin.tsx

@@ -53,6 +53,7 @@ const ERROR_MESSAGES: Partial<Record<keyof typeof ErrorCode, string>> = {
   [ErrorCode.INCORRECT_TWO_FACTOR_BACKUP_CODE]: 'The backup code provided is incorrect',
   [ErrorCode.UNVERIFIED_EMAIL]:
     'This account has not been verified. Please verify your account before signing in.',
+  [ErrorCode.ACCOUNT_DISABLED]: 'This account has been disabled. Please contact support.',
 };
 
 const TwoFactorEnabledErrorCode = ErrorCode.TWO_FACTOR_MISSING_CREDENTIALS;

apps/web/src/components/forms/v2/signup.tsx

@@ -70,6 +70,7 @@ export const ZSignUpFormV2Schema = z
     },
     {
       message: msg`Password should not be common or based on personal information`.id,
+      path: ['password'],
     },
   );
 

apps/web/src/pages/api/beta/[...trpc].ts

@@ -0,0 +1,47 @@
+import type { NextApiRequest, NextApiResponse } from 'next';
+
+import { createOpenApiNextHandler } from 'trpc-openapi';
+
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { buildLogger } from '@documenso/lib/utils/logger';
+import type { TRPCError } from '@documenso/trpc/server';
+import { createTrpcContext } from '@documenso/trpc/server/context';
+import { appRouter } from '@documenso/trpc/server/router';
+
+const logger = buildLogger();
+
+export default createOpenApiNextHandler<typeof appRouter>({
+  router: appRouter,
+  createContext: async ({ req, res }: { req: NextApiRequest; res: NextApiResponse }) =>
+    createTrpcContext({ req, res }),
+  onError: ({ error, path }: { error: TRPCError; path?: string }) => {
+    // Always log the error for now.
+    console.error(error.message);
+
+    const appError = AppError.parseError(error.cause || error);
+
+    const isAppError = error.cause instanceof AppError;
+
+    // Only log AppErrors that are explicitly set to 500 or the error code
+    // is in the errorCodesToAlertOn list.
+    const isLoggableAppError =
+      isAppError && (appError.statusCode === 500 || errorCodesToAlertOn.includes(appError.code));
+
+    // Only log TRPC errors that are in the `errorCodesToAlertOn` list and is
+    // not an AppError.
+    const isLoggableTrpcError = !isAppError && errorCodesToAlertOn.includes(error.code);
+
+    if (isLoggableAppError || isLoggableTrpcError) {
+      logger.error(error, {
+        method: path,
+        context: {
+          source: '/v2/api',
+          appError: AppError.toJSON(appError),
+        },
+      });
+    }
+  },
+  responseMeta: () => {},
+});
+
+const errorCodesToAlertOn = [AppErrorCode.UNKNOWN_ERROR, 'INTERNAL_SERVER_ERROR'];

apps/web/src/pages/api/beta/open-api.json.ts

@@ -0,0 +1,9 @@
+import type { NextApiRequest, NextApiResponse } from 'next';
+
+import { openApiDocument } from '@documenso/trpc/server/open-api';
+
+const handler = (_req: NextApiRequest, res: NextApiResponse) => {
+  res.status(200).send(openApiDocument);
+};
+
+export default handler;

apps/web/src/pages/api/trpc/[trpc].ts

@@ -45,6 +45,7 @@ export default trpcNext.createNextApiHandler({
       logger.error(error, {
         method: path,
         context: {
+          source: 'trpc',
           appError: AppError.toJSON(appError),
         },
       });

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "@documenso/root",
-  "version": "1.9.0-rc.1",
+  "version": "1.9.0-rc.5",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@documenso/root",
-      "version": "1.9.0-rc.1",
+      "version": "1.9.0-rc.5",
       "workspaces": [
         "apps/*",
         "packages/*"
@@ -17,8 +17,10 @@
         "@lingui/core": "^4.11.3",
         "inngest-cli": "^0.29.1",
         "luxon": "^3.5.0",
+        "mupdf": "^1.0.0",
         "next-runtime-env": "^3.2.0",
-        "react": "^18"
+        "react": "^18",
+        "zod": "3.24.1"
       },
       "devDependencies": {
         "@commitlint/cli": "^17.7.1",
@@ -79,7 +81,7 @@
     },
     "apps/marketing": {
       "name": "@documenso/marketing",
-      "version": "1.9.0-rc.1",
+      "version": "1.9.0-rc.5",
       "license": "AGPL-3.0",
       "dependencies": {
         "@documenso/assets": "*",
@@ -115,7 +117,7 @@
         "recharts": "^2.7.2",
         "sharp": "0.32.6",
         "typescript": "5.2.2",
-        "zod": "^3.23.8"
+        "zod": "3.24.1"
       },
       "devDependencies": {
         "@lingui/loader": "^4.11.3",
@@ -492,7 +494,7 @@
     },
     "apps/web": {
       "name": "@documenso/web",
-      "version": "1.9.0-rc.1",
+      "version": "1.9.0-rc.5",
       "license": "AGPL-3.0",
       "dependencies": {
         "@documenso/api": "*",
@@ -536,10 +538,11 @@
         "recharts": "^2.7.2",
         "remeda": "^2.17.3",
         "sharp": "0.32.6",
+        "trpc-openapi": "^1.2.0",
         "ts-pattern": "^5.0.5",
         "ua-parser-js": "^1.0.37",
         "uqr": "^0.1.2",
-        "zod": "^3.23.8"
+        "zod": "3.24.1"
       },
       "devDependencies": {
         "@documenso/tailwind-config": "*",
@@ -3494,6 +3497,11 @@
         "node": ">=6"
       }
     },
+    "node_modules/@hapi/bourne": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@hapi/bourne/-/bourne-3.0.0.tgz",
+      "integrity": "sha512-Waj1cwPXJDucOib4a3bAISsKJVb15MKi9IvmTI/7ssVEm6sywXGjVJDhl6/umt1pK1ZS7PacXU3A1PmFKHEZ2w=="
+    },
     "node_modules/@hapi/hoek": {
       "version": "9.3.0",
       "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.3.0.tgz",
@@ -10717,15 +10725,6 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/@trigger.dev/cli/node_modules/zod": {
-      "version": "3.22.3",
-      "resolved": "https://registry.npmjs.org/zod/-/zod-3.22.3.tgz",
-      "integrity": "sha512-EjIevzuJRiRPbVH4mGc8nApb/lVLKVpmUhAaR5R5doKGfAnGJ6Gr3CViAVjP+4FWSxCsybeWQdcgCtbX+7oZug==",
-      "dev": true,
-      "funding": {
-        "url": "https://github.com/sponsors/colinhacks"
-      }
-    },
     "node_modules/@trigger.dev/core": {
       "version": "2.3.18",
       "resolved": "https://registry.npmjs.org/@trigger.dev/core/-/core-2.3.18.tgz",
@@ -10747,14 +10746,6 @@
         "node": ">=18.0.0"
       }
     },
-    "node_modules/@trigger.dev/core/node_modules/zod": {
-      "version": "3.22.3",
-      "resolved": "https://registry.npmjs.org/zod/-/zod-3.22.3.tgz",
-      "integrity": "sha512-EjIevzuJRiRPbVH4mGc8nApb/lVLKVpmUhAaR5R5doKGfAnGJ6Gr3CViAVjP+4FWSxCsybeWQdcgCtbX+7oZug==",
-      "funding": {
-        "url": "https://github.com/sponsors/colinhacks"
-      }
-    },
     "node_modules/@trigger.dev/nextjs": {
       "version": "2.3.18",
       "resolved": "https://registry.npmjs.org/@trigger.dev/nextjs/-/nextjs-2.3.18.tgz",
@@ -10818,14 +10809,6 @@
         "uuid": "dist/bin/uuid"
       }
     },
-    "node_modules/@trigger.dev/sdk/node_modules/zod": {
-      "version": "3.22.3",
-      "resolved": "https://registry.npmjs.org/zod/-/zod-3.22.3.tgz",
-      "integrity": "sha512-EjIevzuJRiRPbVH4mGc8nApb/lVLKVpmUhAaR5R5doKGfAnGJ6Gr3CViAVjP+4FWSxCsybeWQdcgCtbX+7oZug==",
-      "funding": {
-        "url": "https://github.com/sponsors/colinhacks"
-      }
-    },
     "node_modules/@trigger.dev/yalt": {
       "version": "2.3.18",
       "resolved": "https://registry.npmjs.org/@trigger.dev/yalt/-/yalt-2.3.18.tgz",
@@ -10842,15 +10825,6 @@
         "node": ">=18.0.0"
       }
     },
-    "node_modules/@trigger.dev/yalt/node_modules/zod": {
-      "version": "3.22.3",
-      "resolved": "https://registry.npmjs.org/zod/-/zod-3.22.3.tgz",
-      "integrity": "sha512-EjIevzuJRiRPbVH4mGc8nApb/lVLKVpmUhAaR5R5doKGfAnGJ6Gr3CViAVjP+4FWSxCsybeWQdcgCtbX+7oZug==",
-      "dev": true,
-      "funding": {
-        "url": "https://github.com/sponsors/colinhacks"
-      }
-    },
     "node_modules/@trivago/prettier-plugin-sort-imports": {
       "version": "4.3.0",
       "resolved": "https://registry.npmjs.org/@trivago/prettier-plugin-sort-imports/-/prettier-plugin-sort-imports-4.3.0.tgz",
@@ -12007,6 +11981,18 @@
         "node": ">=6.5"
       }
     },
+    "node_modules/accepts": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
+      "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
+      "dependencies": {
+        "mime-types": "~2.1.34",
+        "negotiator": "0.6.3"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
     "node_modules/acorn": {
       "version": "8.11.3",
       "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz",
@@ -14311,6 +14297,21 @@
         }
       }
     },
+    "node_modules/co-body": {
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/co-body/-/co-body-6.2.0.tgz",
+      "integrity": "sha512-Kbpv2Yd1NdL1V/V4cwLVxraHDV6K8ayohr2rmH0J87Er8+zJjcTa6dAn9QMPC9CRgU8+aNajKbSf1TzDB1yKPA==",
+      "dependencies": {
+        "@hapi/bourne": "^3.0.0",
+        "inflation": "^2.0.0",
+        "qs": "^6.5.2",
+        "raw-body": "^2.3.3",
+        "type-is": "^1.6.16"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
     "node_modules/code-block-writer": {
       "version": "12.0.0",
       "resolved": "https://registry.npmjs.org/code-block-writer/-/code-block-writer-12.0.0.tgz",
@@ -14612,6 +14613,14 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/consola": {
+      "version": "3.2.3",
+      "resolved": "https://registry.npmjs.org/consola/-/consola-3.2.3.tgz",
+      "integrity": "sha512-I5qxpzLv+sJhTVEoLYNcTW+bThDCPsit0vLNKShZx6rLtpilNpmmeTPaeqJb9ZE9dV3DGaeby6Vuhrw38WjeyQ==",
+      "engines": {
+        "node": "^14.18.0 || >=16.10.0"
+      }
+    },
     "node_modules/console-control-strings": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz",
@@ -14627,6 +14636,17 @@
         "simple-wcswidth": "^1.0.1"
       }
     },
+    "node_modules/content-disposition": {
+      "version": "0.5.4",
+      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
+      "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==",
+      "dependencies": {
+        "safe-buffer": "5.2.1"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
     "node_modules/content-type": {
       "version": "1.0.4",
       "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
@@ -14712,9 +14732,9 @@
       }
     },
     "node_modules/cookie-es": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/cookie-es/-/cookie-es-1.0.0.tgz",
-      "integrity": "sha512-mWYvfOLrfEc996hlKcdABeIiPHUPC6DM2QYZdGGOvhOTbA3tjm2eBwqlJpoFdjC89NI4Qt6h0Pu06Mp+1Pj5OQ=="
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/cookie-es/-/cookie-es-1.2.2.tgz",
+      "integrity": "sha512-+W7VmiVINB+ywl1HGXJXmrqkOhpKrIiVZV6tQuV54ZyQC7MMuBt81Vc336GMLoHBq5hV/F9eXgt5Mnx0Rha5Fg=="
     },
     "node_modules/copy-anything": {
       "version": "3.0.5",
@@ -14880,6 +14900,14 @@
         "node": ">= 8"
       }
     },
+    "node_modules/crossws": {
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/crossws/-/crossws-0.3.1.tgz",
+      "integrity": "sha512-HsZgeVYaG+b5zA+9PbIPGq4+J/CJynJuearykPsXx4V/eMhyQ5EDVg3Ak2FBZtVXCiOLu/U7IiwDHTr9MA+IKw==",
+      "dependencies": {
+        "uncrypto": "^0.1.3"
+      }
+    },
     "node_modules/crypto-js": {
       "version": "4.2.0",
       "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.2.0.tgz",
@@ -15587,6 +15615,11 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/defu": {
+      "version": "6.1.4",
+      "resolved": "https://registry.npmjs.org/defu/-/defu-6.1.4.tgz",
+      "integrity": "sha512-mEQCMmwJu317oSz8CwdIOdwf3xMif1ttiM8LTufzc3g6kR+9Pe236twL8j3IYT1F7GfRgGcW6MWxzZjLIkuHIg=="
+    },
     "node_modules/degenerator": {
       "version": "5.0.1",
       "resolved": "https://registry.npmjs.org/degenerator/-/degenerator-5.0.1.tgz",
@@ -15693,6 +15726,11 @@
         "node": ">=6"
       }
     },
+    "node_modules/destr": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/destr/-/destr-2.0.3.tgz",
+      "integrity": "sha512-2N3BOUU4gYMpTP24s5rF5iP7BDr7uNTCs4ozw3kf/eKfvWSIu93GEBi5m427YoyJoeOzQ5smuu4nNAPGb8idSQ=="
+    },
     "node_modules/detect-indent": {
       "version": "6.1.0",
       "resolved": "https://registry.npmjs.org/detect-indent/-/detect-indent-6.1.0.tgz",
@@ -18123,6 +18161,14 @@
         }
       }
     },
+    "node_modules/fresh": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
+      "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
     "node_modules/from": {
       "version": "0.1.7",
       "resolved": "https://registry.npmjs.org/from/-/from-0.1.7.tgz",
@@ -18793,6 +18839,23 @@
         "js-yaml": "bin/js-yaml.js"
       }
     },
+    "node_modules/h3": {
+      "version": "1.13.0",
+      "resolved": "https://registry.npmjs.org/h3/-/h3-1.13.0.tgz",
+      "integrity": "sha512-vFEAu/yf8UMUcB4s43OaDaigcqpQd14yanmOsn+NcRX3/guSKncyE2rOYhq8RIchgJrPSs/QiIddnTTR1ddiAg==",
+      "dependencies": {
+        "cookie-es": "^1.2.2",
+        "crossws": ">=0.2.0 <0.4.0",
+        "defu": "^6.1.4",
+        "destr": "^2.0.3",
+        "iron-webcrypto": "^1.2.1",
+        "ohash": "^1.1.4",
+        "radix3": "^1.1.2",
+        "ufo": "^1.5.4",
+        "uncrypto": "^0.1.3",
+        "unenv": "^1.10.0"
+      }
+    },
     "node_modules/hard-rejection": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/hard-rejection/-/hard-rejection-2.1.0.tgz",
@@ -19844,6 +19907,14 @@
       "integrity": "sha512-IClj+Xz94+d7irH5qRyfJonOdfTzuDaifE6ZPWfx0N0+/ATZCbuTPq2prFl526urkQd90WyUKIh1DfBQ2hMz9A==",
       "dev": true
     },
+    "node_modules/inflation": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/inflation/-/inflation-2.1.0.tgz",
+      "integrity": "sha512-t54PPJHG1Pp7VQvxyVCJ9mBbjG3Hqryges9bXoOO6GExCPa+//i/d5GSuFtpx3ALLd7lgIAur6zrIlBQyJuMlQ==",
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
     "node_modules/inflection": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/inflection/-/inflection-2.0.1.tgz",
@@ -20000,14 +20071,6 @@
         "node": ">=6"
       }
     },
-    "node_modules/inngest/node_modules/zod": {
-      "version": "3.22.5",
-      "resolved": "https://registry.npmjs.org/zod/-/zod-3.22.5.tgz",
-      "integrity": "sha512-HqnGsCdVZ2xc0qWPLdO25WnseXThh0kEYKIdV5F/hTHO75hNZFp8thxSeHhiPrHZKrFTo1SOgkAj9po5bexZlw==",
-      "funding": {
-        "url": "https://github.com/sponsors/colinhacks"
-      }
-    },
     "node_modules/input-otp": {
       "version": "1.2.4",
       "resolved": "https://registry.npmjs.org/input-otp/-/input-otp-1.2.4.tgz",
@@ -20219,6 +20282,14 @@
         "node": ">= 10"
       }
     },
+    "node_modules/iron-webcrypto": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/iron-webcrypto/-/iron-webcrypto-1.2.1.tgz",
+      "integrity": "sha512-feOM6FaSr6rEABp/eDfVseKyTMDt+KGpeB35SkVn9Tyn0CqvVsY3EwI0v5i8nMHyJnzCIQf7nsy3p41TPkJZhg==",
+      "funding": {
+        "url": "https://github.com/sponsors/brc-dd"
+      }
+    },
     "node_modules/is-alphabetical": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/is-alphabetical/-/is-alphabetical-2.0.1.tgz",
@@ -22035,8 +22106,7 @@
     "node_modules/lodash.clonedeep": {
       "version": "4.5.0",
       "resolved": "https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz",
-      "integrity": "sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ==",
-      "dev": true
+      "integrity": "sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ=="
     },
     "node_modules/lodash.debounce": {
       "version": "4.0.8",
@@ -22863,6 +22933,14 @@
         "esbuild": "0.*"
       }
     },
+    "node_modules/media-typer": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
+      "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
     "node_modules/memfs": {
       "version": "3.5.3",
       "resolved": "https://registry.npmjs.org/memfs/-/memfs-3.5.3.tgz",
@@ -22917,6 +22995,14 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/merge-descriptors": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz",
+      "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==",
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/merge-refs": {
       "version": "1.2.2",
       "resolved": "https://registry.npmjs.org/merge-refs/-/merge-refs-1.2.2.tgz",
@@ -22990,6 +23076,14 @@
         "uuid": "dist/bin/uuid"
       }
     },
+    "node_modules/methods": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
+      "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
     "node_modules/micro": {
       "version": "10.0.1",
       "resolved": "https://registry.npmjs.org/micro/-/micro-10.0.1.tgz",
@@ -23733,6 +23827,17 @@
         "node": ">=8.6"
       }
     },
+    "node_modules/mime": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
+      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
+      "bin": {
+        "mime": "cli.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
     "node_modules/mime-db": {
       "version": "1.52.0",
       "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
@@ -24139,6 +24244,12 @@
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
       "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
     },
+    "node_modules/mupdf": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/mupdf/-/mupdf-1.0.0.tgz",
+      "integrity": "sha512-AWT27abYSX5gQmWs7+jDEtmGJpWyZrqdxROpYf5BDAJBA+iYqlNztk2EMlKvuRLBzajj00kf4PtFiergDSKDTg==",
+      "license": "AGPL-3.0-or-later"
+    },
     "node_modules/mute-stream": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/mute-stream/-/mute-stream-1.0.0.tgz",
@@ -24196,7 +24307,6 @@
       "version": "0.6.3",
       "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
       "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==",
-      "dev": true,
       "engines": {
         "node": ">= 0.6"
       }
@@ -24665,6 +24775,11 @@
         "url": "https://opencollective.com/node-fetch"
       }
     },
+    "node_modules/node-fetch-native": {
+      "version": "1.6.4",
+      "resolved": "https://registry.npmjs.org/node-fetch-native/-/node-fetch-native-1.6.4.tgz",
+      "integrity": "sha512-IhOigYzAKHd244OC0JIMIUrjzctirCmPkaIfhDeGcEETWof5zKYUW7e7MYvChGWh/4CJeXEgsRyGzuF334rOOQ=="
+    },
     "node_modules/node-gyp": {
       "version": "9.4.1",
       "resolved": "https://registry.npmjs.org/node-gyp/-/node-gyp-9.4.1.tgz",
@@ -24993,6 +25108,38 @@
         "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
       }
     },
+    "node_modules/node-mocks-http": {
+      "version": "1.16.2",
+      "resolved": "https://registry.npmjs.org/node-mocks-http/-/node-mocks-http-1.16.2.tgz",
+      "integrity": "sha512-2Sh6YItRp1oqewZNlck3LaFp5vbyW2u51HX2p1VLxQ9U/bG90XV8JY9O7Nk+HDd6OOn/oV3nA5Tx5k4Rki0qlg==",
+      "dependencies": {
+        "accepts": "^1.3.7",
+        "content-disposition": "^0.5.3",
+        "depd": "^1.1.0",
+        "fresh": "^0.5.2",
+        "merge-descriptors": "^1.0.1",
+        "methods": "^1.1.2",
+        "mime": "^1.3.4",
+        "parseurl": "^1.3.3",
+        "range-parser": "^1.2.0",
+        "type-is": "^1.6.18"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@types/express": "^4.17.21 || ^5.0.0",
+        "@types/node": "*"
+      },
+      "peerDependenciesMeta": {
+        "@types/express": {
+          "optional": true
+        },
+        "@types/node": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/node-releases": {
       "version": "2.0.14",
       "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz",
@@ -25580,6 +25727,11 @@
       "integrity": "sha512-PX1wu0AmAdPqOL1mWhqmlOd8kOIZQwGZw6rh7uby9fTc5lhaOWFLX3I6R1hrF9k3zUY40e6igsLGkDXK92LJNg==",
       "dev": true
     },
+    "node_modules/ohash": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/ohash/-/ohash-1.1.4.tgz",
+      "integrity": "sha512-FlDryZAahJmEF3VR3w1KogSEdWX3WhA5GPakFx4J81kEAiHyLMpdLLElS8n8dfNadMgAne/MywcvmogzscVt4g=="
+    },
     "node_modules/oidc-token-hash": {
       "version": "5.0.3",
       "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.3.tgz",
@@ -25681,6 +25833,11 @@
         }
       }
     },
+    "node_modules/openapi-types": {
+      "version": "12.1.3",
+      "resolved": "https://registry.npmjs.org/openapi-types/-/openapi-types-12.1.3.tgz",
+      "integrity": "sha512-N4YtSYJqghVu4iek2ZUvcN/0aqH1kRDuNqzcycDxhOUpg7GdvLa2F3DgS6yBNhInhv2r/6I0Flkn7CqL8+nIcw=="
+    },
     "node_modules/openapi3-ts": {
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/openapi3-ts/-/openapi3-ts-2.0.2.tgz",
@@ -26440,6 +26597,14 @@
         "url": "https://ko-fi.com/killymxi"
       }
     },
+    "node_modules/parseurl": {
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
+      "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/partysocket": {
       "version": "0.0.17",
       "resolved": "https://registry.npmjs.org/partysocket/-/partysocket-0.0.17.tgz",
@@ -26595,8 +26760,7 @@
     "node_modules/pathe": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/pathe/-/pathe-1.1.2.tgz",
-      "integrity": "sha512-whLdWMYL2TwI08hn8/ZqAbrVemu0LNaNNJZX73O6qaIdCTfXutsLhMkjdENX0qhsQ9uIimo4/aQOmXkoon2nDQ==",
-      "dev": true
+      "integrity": "sha512-whLdWMYL2TwI08hn8/ZqAbrVemu0LNaNNJZX73O6qaIdCTfXutsLhMkjdENX0qhsQ9uIimo4/aQOmXkoon2nDQ=="
     },
     "node_modules/pathval": {
       "version": "1.1.1",
@@ -27908,6 +28072,11 @@
         "node": ">=8"
       }
     },
+    "node_modules/radix3": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/radix3/-/radix3-1.1.2.tgz",
+      "integrity": "sha512-b484I/7b8rDEdSDKckSSBA8knMpcdsXudlE/LNL639wFoHKwLbEkQFZHWEYwDC0wa0FKUcCY+GAF73Z7wxNVFA=="
+    },
     "node_modules/raf-schd": {
       "version": "4.0.3",
       "resolved": "https://registry.npmjs.org/raf-schd/-/raf-schd-4.0.3.tgz",
@@ -27946,6 +28115,14 @@
         "safe-buffer": "^5.1.0"
       }
     },
+    "node_modules/range-parser": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
+      "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
     "node_modules/raw-body": {
       "version": "2.4.1",
       "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.1.tgz",
@@ -32782,6 +32959,32 @@
         "url": "https://github.com/sponsors/wooorm"
       }
     },
+    "node_modules/trpc-openapi": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/trpc-openapi/-/trpc-openapi-1.2.0.tgz",
+      "integrity": "sha512-pfYoCd/3KYXWXvUPZBKJw455OOwngKN/6SIcj7Yit19OMLJ+8yVZkEvGEeg5wUSwfsiTdRsKuvqkRPXVSwV7ew==",
+      "workspaces": [
+        ".",
+        "examples/with-nextjs",
+        "examples/with-express",
+        "examples/with-interop",
+        "examples/with-serverless",
+        "examples/with-fastify",
+        "examples/with-nuxtjs"
+      ],
+      "dependencies": {
+        "co-body": "^6.1.0",
+        "h3": "^1.6.4",
+        "lodash.clonedeep": "^4.5.0",
+        "node-mocks-http": "^1.12.2",
+        "openapi-types": "^12.1.1",
+        "zod-to-json-schema": "^3.21.1"
+      },
+      "peerDependencies": {
+        "@trpc/server": "^10.0.0",
+        "zod": "^3.14.4"
+      }
+    },
     "node_modules/ts-api-utils": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.0.3.tgz",
@@ -33547,6 +33750,18 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/type-is": {
+      "version": "1.6.18",
+      "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
+      "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
+      "dependencies": {
+        "media-typer": "0.3.0",
+        "mime-types": "~2.1.24"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
     "node_modules/typed-array-buffer": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/typed-array-buffer/-/typed-array-buffer-1.0.0.tgz",
@@ -33665,10 +33880,9 @@
       }
     },
     "node_modules/ufo": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.4.0.tgz",
-      "integrity": "sha512-Hhy+BhRBleFjpJ2vchUNN40qgkh0366FWJGqVLYBHev0vpHTrXSA0ryT+74UiW6KWsldNurQMKGqCm1M2zBciQ==",
-      "dev": true
+      "version": "1.5.4",
+      "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.5.4.tgz",
+      "integrity": "sha512-UsUk3byDzKd04EyoZ7U4DOlxQaD14JUKQl6/P7wiX4FNvUfm3XL246n9W5AmqwW5RSFJ27NAuM0iLscAOYUiGQ=="
     },
     "node_modules/ulid": {
       "version": "2.3.0",
@@ -33703,6 +33917,11 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/uncrypto": {
+      "version": "0.1.3",
+      "resolved": "https://registry.npmjs.org/uncrypto/-/uncrypto-0.1.3.tgz",
+      "integrity": "sha512-Ql87qFHB3s/De2ClA9e0gsnS6zXG27SkTiSJwjCc9MebbfapQfuPzumMIUMi38ezPZVNFcHI9sUIepeQfw8J8Q=="
+    },
     "node_modules/undici": {
       "version": "5.28.2",
       "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.2.tgz",
@@ -33720,6 +33939,29 @@
       "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==",
       "dev": true
     },
+    "node_modules/unenv": {
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/unenv/-/unenv-1.10.0.tgz",
+      "integrity": "sha512-wY5bskBQFL9n3Eca5XnhH6KbUo/tfvkwm9OpcdCvLaeA7piBNbavbOKJySEwQ1V0RH6HvNlSAFRTpvTqgKRQXQ==",
+      "dependencies": {
+        "consola": "^3.2.3",
+        "defu": "^6.1.4",
+        "mime": "^3.0.0",
+        "node-fetch-native": "^1.6.4",
+        "pathe": "^1.1.2"
+      }
+    },
+    "node_modules/unenv/node_modules/mime": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-3.0.0.tgz",
+      "integrity": "sha512-jSCU7/VB1loIWBZe14aEYHU/+1UMEHoaO7qxCOVJOw9GgH72VAWppxNcjU+x9a2k3GSIBXNKxXQFqRvvZ7vr3A==",
+      "bin": {
+        "mime": "cli.js"
+      },
+      "engines": {
+        "node": ">=10.0.0"
+      }
+    },
     "node_modules/unified": {
       "version": "10.1.2",
       "resolved": "https://registry.npmjs.org/unified/-/unified-10.1.2.tgz",
@@ -35409,9 +35651,9 @@
       }
     },
     "node_modules/zod": {
-      "version": "3.23.8",
-      "resolved": "https://registry.npmjs.org/zod/-/zod-3.23.8.tgz",
-      "integrity": "sha512-XBx9AXhXktjUqnepgTiE5flcKIYWi/rme0Eaj+5Y0lftuGBq+jyRu/md4WnuxqgP1ubdpNCsYEYPxrzVHD8d6g==",
+      "version": "3.24.1",
+      "resolved": "https://registry.npmjs.org/zod/-/zod-3.24.1.tgz",
+      "integrity": "sha512-muH7gBL9sI1nciMZV67X5fTKKBLtwpZ5VBp1vsOQzj1MhrBZ4wlVCm3gedKZWLp0Oyel8sIGfeiz54Su+OVT+A==",
       "funding": {
         "url": "https://github.com/sponsors/colinhacks"
       }
@@ -35454,6 +35696,14 @@
         "@prisma/debug": "5.22.0"
       }
     },
+    "node_modules/zod-to-json-schema": {
+      "version": "3.24.1",
+      "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.24.1.tgz",
+      "integrity": "sha512-3h08nf3Vw3Wl3PK+q3ow/lIil81IT2Oa7YpQyUUDsEWbXveMesdfK1xBd2RhCkynwZndAxixji/7SYJJowr62w==",
+      "peerDependencies": {
+        "zod": "^3.24.1"
+      }
+    },
     "node_modules/zwitch": {
       "version": "2.0.4",
       "resolved": "https://registry.npmjs.org/zwitch/-/zwitch-2.0.4.tgz",
@@ -35478,7 +35728,7 @@
         "superjson": "^1.13.1",
         "swagger-ui-react": "^5.11.0",
         "ts-pattern": "^5.0.5",
-        "zod": "^3.23.8"
+        "zod": "3.24.1"
       }
     },
     "packages/api/node_modules/@ts-rest/next": {
@@ -35543,7 +35793,7 @@
         "next-auth": "4.24.5",
         "react": "^18",
         "ts-pattern": "^5.0.5",
-        "zod": "^3.23.8"
+        "zod": "3.24.1"
       }
     },
     "packages/email": {
@@ -36752,7 +37002,7 @@
         "sharp": "0.32.6",
         "stripe": "^12.7.0",
         "ts-pattern": "^5.0.5",
-        "zod": "^3.23.8"
+        "zod": "3.24.1"
       },
       "devDependencies": {
         "@playwright/browser-chromium": "1.43.0",
@@ -36890,7 +37140,7 @@
         "luxon": "^3.4.0",
         "superjson": "^1.13.1",
         "ts-pattern": "^5.0.5",
-        "zod": "^3.23.8"
+        "zod": "3.24.1"
       }
     },
     "packages/trpc/node_modules/@ts-rest/next": {
@@ -36970,7 +37220,7 @@
         "tailwind-merge": "^1.12.0",
         "tailwindcss-animate": "^1.0.5",
         "ts-pattern": "^5.0.5",
-        "zod": "^3.23.8"
+        "zod": "3.24.1"
       },
       "devDependencies": {
         "@documenso/tailwind-config": "*",

package.json

@@ -1,6 +1,6 @@
 {
   "private": true,
-  "version": "1.9.0-rc.1",
+  "version": "1.9.0-rc.5",
   "scripts": {
     "build": "turbo run build",
     "build:web": "turbo run build --filter=@documenso/web",
@@ -68,11 +68,14 @@
     "@lingui/core": "^4.11.3",
     "inngest-cli": "^0.29.1",
     "luxon": "^3.5.0",
+    "mupdf": "^1.0.0",
     "next-runtime-env": "^3.2.0",
-    "react": "^18"
+    "react": "^18",
+    "zod": "3.24.1"
   },
   "overrides": {
-    "next": "14.2.6"
+    "next": "14.2.6",
+    "zod": "3.24.1"
   },
   "trigger.dev": {
     "endpointId": "documenso-app"

packages/api/package.json

@@ -25,6 +25,6 @@
     "superjson": "^1.13.1",
     "swagger-ui-react": "^5.11.0",
     "ts-pattern": "^5.0.5",
-    "zod": "^3.23.8"
+    "zod": "3.24.1"
   }
-}
+}

packages/api/v1/implementation.ts

@@ -23,18 +23,19 @@ import { getFieldsForDocument } from '@documenso/lib/server-only/field/get-field
 import { updateField } from '@documenso/lib/server-only/field/update-field';
 import { insertFormValuesInPdf } from '@documenso/lib/server-only/pdf/insert-form-values-in-pdf';
 import { deleteRecipient } from '@documenso/lib/server-only/recipient/delete-recipient';
-import { getRecipientById } from '@documenso/lib/server-only/recipient/get-recipient-by-id';
+import { getRecipientByIdV1Api } from '@documenso/lib/server-only/recipient/get-recipient-by-id-v1-api';
 import { getRecipientsForDocument } from '@documenso/lib/server-only/recipient/get-recipients-for-document';
 import { setRecipientsForDocument } from '@documenso/lib/server-only/recipient/set-recipients-for-document';
 import { updateRecipient } from '@documenso/lib/server-only/recipient/update-recipient';
 import { createTeamMemberInvites } from '@documenso/lib/server-only/team/create-team-member-invites';
 import { deleteTeamMembers } from '@documenso/lib/server-only/team/delete-team-members';
-import type { CreateDocumentFromTemplateResponse } from '@documenso/lib/server-only/template/create-document-from-template';
+import type { TCreateDocumentFromTemplateResponse } from '@documenso/lib/server-only/template/create-document-from-template';
 import { createDocumentFromTemplate } from '@documenso/lib/server-only/template/create-document-from-template';
 import { createDocumentFromTemplateLegacy } from '@documenso/lib/server-only/template/create-document-from-template-legacy';
 import { deleteTemplate } from '@documenso/lib/server-only/template/delete-template';
 import { findTemplates } from '@documenso/lib/server-only/template/find-templates';
 import { getTemplateById } from '@documenso/lib/server-only/template/get-template-by-id';
+import { extractDerivedDocumentEmailSettings } from '@documenso/lib/types/document-email';
 import { ZFieldMetaSchema } from '@documenso/lib/types/field-meta';
 import {
   ZCheckboxFieldMeta,
@@ -344,7 +345,7 @@ export const ApiContractV1Implementation = createNextRoute(ApiContractV1, {
         });
       }
 
-      const recipients = await setRecipientsForDocument({
+      const { recipients } = await setRecipientsForDocument({
         userId: user.id,
         teamId: team?.id,
         documentId: document.id,
@@ -559,7 +560,7 @@ export const ApiContractV1Implementation = createNextRoute(ApiContractV1, {
 
     const templateId = Number(params.templateId);
 
-    let document: CreateDocumentFromTemplateResponse | null = null;
+    let document: TCreateDocumentFromTemplateResponse | null = null;
 
     try {
       document = await createDocumentFromTemplate({
@@ -629,7 +630,6 @@ export const ApiContractV1Implementation = createNextRoute(ApiContractV1, {
           token: recipient.token,
           role: recipient.role,
           signingOrder: recipient.signingOrder,
-
           signingUrl: `${NEXT_PUBLIC_WEBAPP_URL()}/sign/${recipient.token}`,
         })),
       },
@@ -637,69 +637,52 @@ export const ApiContractV1Implementation = createNextRoute(ApiContractV1, {
   }),
 
   sendDocument: authenticatedMiddleware(async (args, user, team) => {
-    const { id } = args.params;
-    const { sendEmail = true } = args.body ?? {};
-
-    const document = await getDocumentById({
-      documentId: Number(id),
-      userId: user.id,
-      teamId: team?.id,
-    });
-
-    if (!document) {
-      return {
-        status: 404,
-        body: {
-          message: 'Document not found',
-        },
-      };
-    }
-
-    if (document.status === DocumentStatus.COMPLETED) {
-      return {
-        status: 400,
-        body: {
-          message: 'Document is already complete',
-        },
-      };
-    }
+    const { id: documentId } = args.params;
+    const { sendEmail, sendCompletionEmails } = args.body;
 
     try {
-      //   await setRecipientsForDocument({
-      //     userId: user.id,
-      //     documentId: Number(id),
-      //     recipients: [
-      //       {
-      //         email: body.signerEmail,
-      //         name: body.signerName ?? '',
-      //       },
-      //     ],
-      //   });
+      const document = await getDocumentById({
+        documentId: Number(documentId),
+        userId: user.id,
+        teamId: team?.id,
+      });
 
-      //   await setFieldsForDocument({
-      //     documentId: Number(id),
-      //     userId: user.id,
-      //     fields: body.fields.map((field) => ({
-      //       signerEmail: body.signerEmail,
-      //       type: field.fieldType,
-      //       pageNumber: field.pageNumber,
-      //       pageX: field.pageX,
-      //       pageY: field.pageY,
-      //       pageWidth: field.pageWidth,
-      //       pageHeight: field.pageHeight,
-      //     })),
-      //   });
+      if (!document) {
+        return {
+          status: 404,
+          body: {
+            message: 'Document not found',
+          },
+        };
+      }
 
-      //   if (body.emailBody || body.emailSubject) {
-      //     await upsertDocumentMeta({
-      //       documentId: Number(id),
-      //       subject: body.emailSubject ?? '',
-      //       message: body.emailBody ?? '',
-      //     });
-      //   }
+      if (document.status === DocumentStatus.COMPLETED) {
+        return {
+          status: 400,
+          body: {
+            message: 'Document is already complete',
+          },
+        };
+      }
+
+      const emailSettings = extractDerivedDocumentEmailSettings(document.documentMeta);
+
+      // Update document email settings if sendCompletionEmails is provided
+      if (typeof sendCompletionEmails === 'boolean') {
+        await upsertDocumentMeta({
+          documentId: document.id,
+          userId: user.id,
+          emailSettings: {
+            ...emailSettings,
+            documentCompleted: sendCompletionEmails,
+            ownerDocumentCompleted: sendCompletionEmails,
+          },
+          requestMetadata: extractNextApiRequestMetadata(args.req),
+        });
+      }
 
       const { Recipient: recipients, ...sentDocument } = await sendDocument({
-        documentId: Number(id),
+        documentId: document.id,
         userId: user.id,
         teamId: team?.id,
         sendEmail,
@@ -802,7 +785,7 @@ export const ApiContractV1Implementation = createNextRoute(ApiContractV1, {
     }
 
     try {
-      const newRecipients = await setRecipientsForDocument({
+      const { recipients: newRecipients } = await setRecipientsForDocument({
         documentId: Number(documentId),
         userId: user.id,
         teamId: team?.id,
@@ -1016,7 +999,7 @@ export const ApiContractV1Implementation = createNextRoute(ApiContractV1, {
               throw new Error('Invalid page number');
             }
 
-            const recipient = await getRecipientById({
+            const recipient = await getRecipientByIdV1Api({
               id: Number(recipientId),
               documentId: Number(documentId),
             }).catch(() => null);
@@ -1161,7 +1144,7 @@ export const ApiContractV1Implementation = createNextRoute(ApiContractV1, {
       };
     }
 
-    const recipient = await getRecipientById({
+    const recipient = await getRecipientByIdV1Api({
       id: Number(recipientId),
       documentId: Number(documentId),
     }).catch(() => null);
@@ -1265,7 +1248,7 @@ export const ApiContractV1Implementation = createNextRoute(ApiContractV1, {
       };
     }
 
-    const recipient = await getRecipientById({
+    const recipient = await getRecipientByIdV1Api({
       id: Number(field.recipientId),
       documentId: Number(documentId),
     }).catch(() => null);

packages/api/v1/middleware/authenticated.ts

@@ -1,5 +1,6 @@
 import type { NextApiRequest } from 'next';
 
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { getApiTokenByToken } from '@documenso/lib/server-only/public-api/get-api-token-by-token';
 import type { Team, User } from '@documenso/prisma/client';
 
@@ -22,18 +23,33 @@ export const authenticatedMiddleware = <
       const [token] = (authorization || '').split('Bearer ').filter((s) => s.length > 0);
 
       if (!token) {
-        throw new Error('Token was not provided for authenticated middleware');
+        throw new AppError(AppErrorCode.UNAUTHORIZED, {
+          message: 'API token was not provided',
+        });
       }
 
       const apiToken = await getApiTokenByToken({ token });
 
+      if (apiToken.user.disabled) {
+        throw new AppError(AppErrorCode.UNAUTHORIZED, {
+          message: 'User is disabled',
+        });
+      }
+
       return await handler(args, apiToken.user, apiToken.team);
-    } catch (_err) {
-      console.log({ _err });
+    } catch (err) {
+      console.log({ err: err });
+
+      let message = 'Unauthorized';
+
+      if (err instanceof AppError) {
+        message = err.message;
+      }
+
       return {
         status: 401,
         body: {
-          message: 'Unauthorized',
+          message,
         },
       } as const;
     }

packages/api/v1/schema.ts

@@ -88,8 +88,12 @@ export const ZSendDocumentForSigningMutationSchema = z
       description:
         'Whether to send an email to the recipients asking them to action the document. If you disable this, you will need to manually distribute the document to the recipients using the generated signing links.',
     }),
+    sendCompletionEmails: z.boolean().optional().openapi({
+      description:
+        'Whether to send completion emails when the document is fully signed. This will override the document email settings.',
+    }),
   })
-  .or(z.literal('').transform(() => ({ sendEmail: true })));
+  .or(z.literal('').transform(() => ({ sendEmail: true, sendCompletionEmails: undefined })));
 
 export type TSendDocumentForSigningMutationSchema = typeof ZSendDocumentForSigningMutationSchema;
 

packages/app-tests/e2e/api/v1/document-sending.spec.ts

@@ -0,0 +1,137 @@
+import { expect, test } from '@playwright/test';
+
+import { WEBAPP_BASE_URL } from '@documenso/lib/constants/app';
+import { createApiToken } from '@documenso/lib/server-only/public-api/create-api-token';
+import { prisma } from '@documenso/prisma';
+import { seedPendingDocumentWithFullFields } from '@documenso/prisma/seed/documents';
+import { seedUser } from '@documenso/prisma/seed/users';
+
+test.describe('Document API', () => {
+  test('sendDocument: should respect sendCompletionEmails setting', async ({ request }) => {
+    const user = await seedUser();
+
+    const { document } = await seedPendingDocumentWithFullFields({
+      owner: user,
+      recipients: ['signer@example.com'],
+    });
+
+    const { token } = await createApiToken({
+      userId: user.id,
+      tokenName: 'test',
+      expiresIn: null,
+    });
+
+    // Test with sendCompletionEmails: false
+    const response = await request.post(`${WEBAPP_BASE_URL}/api/v1/documents/${document.id}/send`, {
+      headers: {
+        Authorization: `Bearer ${token}`,
+        'Content-Type': 'application/json',
+      },
+      data: {
+        sendCompletionEmails: false,
+      },
+    });
+
+    expect(response.ok()).toBeTruthy();
+    expect(response.status()).toBe(200);
+
+    // Verify email settings were updated
+    const updatedDocument = await prisma.document.findUnique({
+      where: { id: document.id },
+      include: { documentMeta: true },
+    });
+
+    expect(updatedDocument?.documentMeta?.emailSettings).toMatchObject({
+      documentCompleted: false,
+      ownerDocumentCompleted: false,
+    });
+
+    // Test with sendCompletionEmails: true
+    const response2 = await request.post(
+      `${WEBAPP_BASE_URL}/api/v1/documents/${document.id}/send`,
+      {
+        headers: {
+          Authorization: `Bearer ${token}`,
+          'Content-Type': 'application/json',
+        },
+        data: {
+          sendCompletionEmails: true,
+        },
+      },
+    );
+
+    expect(response2.ok()).toBeTruthy();
+    expect(response2.status()).toBe(200);
+
+    // Verify email settings were updated
+    const updatedDocument2 = await prisma.document.findUnique({
+      where: { id: document.id },
+      include: { documentMeta: true },
+    });
+
+    expect(updatedDocument2?.documentMeta?.emailSettings ?? {}).toMatchObject({
+      documentCompleted: true,
+      ownerDocumentCompleted: true,
+    });
+  });
+
+  test('sendDocument: should not modify email settings when sendCompletionEmails is not provided', async ({
+    request,
+  }) => {
+    const user = await seedUser();
+
+    const { document } = await seedPendingDocumentWithFullFields({
+      owner: user,
+      recipients: ['signer@example.com'],
+    });
+
+    // Set initial email settings
+    await prisma.documentMeta.upsert({
+      where: { documentId: document.id },
+      create: {
+        documentId: document.id,
+        emailSettings: {
+          documentCompleted: true,
+          ownerDocumentCompleted: false,
+        },
+      },
+      update: {
+        documentId: document.id,
+        emailSettings: {
+          documentCompleted: true,
+          ownerDocumentCompleted: false,
+        },
+      },
+    });
+
+    const { token } = await createApiToken({
+      userId: user.id,
+      tokenName: 'test',
+      expiresIn: null,
+    });
+
+    const response = await request.post(`${WEBAPP_BASE_URL}/api/v1/documents/${document.id}/send`, {
+      headers: {
+        Authorization: `Bearer ${token}`,
+        'Content-Type': 'application/json',
+      },
+      data: {
+        sendEmail: true,
+      },
+    });
+
+    expect(response.ok()).toBeTruthy();
+    expect(response.status()).toBe(200);
+
+    // Verify email settings were not modified
+    const updatedDocument = await prisma.document.findUnique({
+      where: { id: document.id },
+      include: { documentMeta: true },
+    });
+
+    expect(updatedDocument?.documentMeta?.emailSettings ?? {}).toMatchObject({
+      documentCompleted: true,
+      ownerDocumentCompleted: false,
+    });
+  });
+});

packages/app-tests/e2e/teams/team-documents.spec.ts

@@ -1,6 +1,7 @@
 import { expect, test } from '@playwright/test';
 
-import { DocumentStatus, TeamMemberRole } from '@documenso/prisma/client';
+import { DocumentStatus, DocumentVisibility, TeamMemberRole } from '@documenso/prisma/client';
+import { seedBlankDocument } from '@documenso/prisma/seed/documents';
 import { seedDocuments, seedTeamDocuments } from '@documenso/prisma/seed/documents';
 import { seedTeam, seedTeamEmail, seedTeamMember } from '@documenso/prisma/seed/teams';
 import { seedUser } from '@documenso/prisma/seed/users';
@@ -538,7 +539,7 @@ test('[TEAMS]: ensure recipient can see document regardless of visibility', asyn
   await apiSignout({ page });
 });
 
-test('[TEAMS]: check that members cannot see ADMIN-only documents', async ({ page }) => {
+test('[TEAMS]: check that MEMBER role cannot see ADMIN-only documents', async ({ page }) => {
   const team = await seedTeam();
 
   // Seed a member user
@@ -575,7 +576,46 @@ test('[TEAMS]: check that members cannot see ADMIN-only documents', async ({ pag
   await apiSignout({ page });
 });
 
-test('[TEAMS]: check that managers cannot see ADMIN-only documents', async ({ page }) => {
+test('[TEAMS]: check that MEMBER role cannot see MANAGER_AND_ABOVE-only documents', async ({
+  page,
+}) => {
+  const team = await seedTeam();
+
+  // Seed a member user
+  const memberUser = await seedTeamMember({
+    teamId: team.id,
+    role: TeamMemberRole.MEMBER,
+  });
+
+  // Seed an ADMIN-only document
+  await seedDocuments([
+    {
+      sender: team.owner,
+      recipients: [],
+      type: DocumentStatus.COMPLETED,
+      documentOptions: {
+        teamId: team.id,
+        visibility: 'MANAGER_AND_ABOVE',
+        title: 'Manager and Above Only Document',
+      },
+    },
+  ]);
+
+  await apiSignin({
+    page,
+    email: memberUser.email,
+    redirectPath: `/t/${team.url}/documents?status=COMPLETED`,
+  });
+
+  // Check that the member user cannot see the ADMIN-only document
+  await expect(
+    page.getByRole('link', { name: 'Admin Only Document', exact: true }),
+  ).not.toBeVisible();
+
+  await apiSignout({ page });
+});
+
+test('[TEAMS]: check that MANAGER role cannot see ADMIN-only documents', async ({ page }) => {
   const team = await seedTeam();
 
   // Seed a manager user
@@ -612,7 +652,7 @@ test('[TEAMS]: check that managers cannot see ADMIN-only documents', async ({ pa
   await apiSignout({ page });
 });
 
-test('[TEAMS]: check that admin can see MANAGER_AND_ABOVE documents', async ({ page }) => {
+test('[TEAMS]: check that ADMIN role can see MANAGER_AND_ABOVE documents', async ({ page }) => {
   const team = await seedTeam();
 
   // Seed an admin user
@@ -649,6 +689,187 @@ test('[TEAMS]: check that admin can see MANAGER_AND_ABOVE documents', async ({ p
   await apiSignout({ page });
 });
 
+test('[TEAMS]: check that ADMIN role can change document visibility', async ({ page }) => {
+  const team = await seedTeam({
+    createTeamOptions: {
+      teamGlobalSettings: {
+        create: {
+          documentVisibility: DocumentVisibility.MANAGER_AND_ABOVE,
+        },
+      },
+    },
+  });
+
+  const adminUser = await seedTeamMember({
+    teamId: team.id,
+    role: TeamMemberRole.ADMIN,
+  });
+
+  const document = await seedBlankDocument(adminUser, {
+    createDocumentOptions: {
+      teamId: team.id,
+      visibility: team.teamGlobalSettings?.documentVisibility,
+    },
+  });
+
+  await apiSignin({
+    page,
+    email: adminUser.email,
+    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+  });
+
+  await page.getByTestId('documentVisibilitySelectValue').click();
+  await page.getByLabel('Admins only').click();
+
+  await page.getByRole('button', { name: 'Continue' }).click();
+  await expect(page.getByRole('heading', { name: 'Add Signers' })).toBeVisible();
+
+  await page.getByRole('button', { name: 'Go Back' }).click();
+  await expect(page.getByRole('heading', { name: 'General' })).toBeVisible();
+
+  await expect(page.getByTestId('documentVisibilitySelectValue')).toContainText('Admins only');
+});
+
+test('[TEAMS]: check that MEMBER role cannot change visibility of EVERYONE documents', async ({
+  page,
+}) => {
+  const team = await seedTeam({
+    createTeamOptions: {
+      teamGlobalSettings: {
+        create: {
+          documentVisibility: DocumentVisibility.EVERYONE,
+        },
+      },
+    },
+  });
+
+  const teamMember = await seedTeamMember({
+    teamId: team.id,
+    role: TeamMemberRole.MEMBER,
+  });
+
+  const document = await seedBlankDocument(teamMember, {
+    createDocumentOptions: {
+      teamId: team.id,
+      visibility: team.teamGlobalSettings?.documentVisibility,
+    },
+  });
+
+  await apiSignin({
+    page,
+    email: teamMember.email,
+    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+  });
+
+  await expect(page.getByTestId('documentVisibilitySelectValue')).toHaveText('Everyone');
+  await expect(page.getByTestId('documentVisibilitySelectValue')).toBeDisabled();
+});
+
+test('[TEAMS]: check that MEMBER role cannot change visibility of MANAGER_AND_ABOVE documents', async ({
+  page,
+}) => {
+  const team = await seedTeam({
+    createTeamOptions: {
+      teamGlobalSettings: {
+        create: {
+          documentVisibility: DocumentVisibility.MANAGER_AND_ABOVE,
+        },
+      },
+    },
+  });
+
+  const teamMember = await seedTeamMember({
+    teamId: team.id,
+    role: TeamMemberRole.MEMBER,
+  });
+
+  const document = await seedBlankDocument(teamMember, {
+    createDocumentOptions: {
+      teamId: team.id,
+      visibility: team.teamGlobalSettings?.documentVisibility,
+    },
+  });
+
+  await apiSignin({
+    page,
+    email: teamMember.email,
+    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+  });
+
+  await expect(page.getByTestId('documentVisibilitySelectValue')).toHaveText('Managers and above');
+  await expect(page.getByTestId('documentVisibilitySelectValue')).toBeDisabled();
+});
+
+test('[TEAMS]: check that MEMBER role cannot change visibility of ADMIN documents', async ({
+  page,
+}) => {
+  const team = await seedTeam({
+    createTeamOptions: {
+      teamGlobalSettings: {
+        create: {
+          documentVisibility: DocumentVisibility.ADMIN,
+        },
+      },
+    },
+  });
+
+  const teamMember = await seedTeamMember({
+    teamId: team.id,
+    role: TeamMemberRole.MEMBER,
+  });
+
+  const document = await seedBlankDocument(teamMember, {
+    createDocumentOptions: {
+      teamId: team.id,
+      visibility: team.teamGlobalSettings?.documentVisibility,
+    },
+  });
+
+  await apiSignin({
+    page,
+    email: teamMember.email,
+    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+  });
+
+  await expect(page.getByTestId('documentVisibilitySelectValue')).toHaveText('Admins only');
+  await expect(page.getByTestId('documentVisibilitySelectValue')).toBeDisabled();
+});
+
+test('[TEAMS]: check that MANAGER role cannot change visibility of ADMIN documents', async ({
+  page,
+}) => {
+  const team = await seedTeam({
+    createTeamOptions: {
+      teamGlobalSettings: {
+        create: {
+          documentVisibility: DocumentVisibility.ADMIN,
+        },
+      },
+    },
+  });
+
+  const teamManager = await seedTeamMember({
+    teamId: team.id,
+    role: TeamMemberRole.MANAGER,
+  });
+
+  const document = await seedBlankDocument(teamManager, {
+    createDocumentOptions: {
+      teamId: team.id,
+      visibility: team.teamGlobalSettings?.documentVisibility,
+    },
+  });
+
+  await apiSignin({
+    page,
+    email: teamManager.email,
+    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+  });
+
+  await expect(page.getByTestId('documentVisibilitySelectValue')).toHaveText('Admins only');
+  await expect(page.getByTestId('documentVisibilitySelectValue')).toBeDisabled();
+});
+
 test('[TEAMS]: users cannot see documents from other teams', async ({ page }) => {
   // Seed two teams with documents
   const { team: teamA, teamMember2: teamAMember } = await seedTeamDocuments();

packages/ee/package.json

@@ -21,6 +21,6 @@
     "next-auth": "4.24.5",
     "react": "^18",
     "ts-pattern": "^5.0.5",
-    "zod": "^3.23.8"
+    "zod": "3.24.1"
   }
-}
+}

packages/ee/server-only/util/is-document-enterprise.ts

@@ -1,8 +1,10 @@
 import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app';
-import { subscriptionsContainActiveEnterprisePlan } from '@documenso/lib/utils/billing';
+import { subscriptionsContainsActivePlan } from '@documenso/lib/utils/billing';
 import { prisma } from '@documenso/prisma';
 import type { Subscription } from '@documenso/prisma/client';
 
+import { getEnterprisePlanPriceIds } from '../stripe/get-enterprise-plan-prices';
+
 export type IsUserEnterpriseOptions = {
   userId: number;
   teamId?: number;
@@ -52,5 +54,11 @@ export const isUserEnterprise = async ({
       .then((user) => user.Subscription);
   }
 
-  return subscriptionsContainActiveEnterprisePlan(subscriptions);
+  if (subscriptions.length === 0) {
+    return false;
+  }
+
+  const enterprisePlanPriceIds = await getEnterprisePlanPriceIds();
+
+  return subscriptionsContainsActivePlan(subscriptions, enterprisePlanPriceIds, true);
 };

packages/email/template-components/template-document-recipient-signed.tsx

@@ -0,0 +1,56 @@
+import { Trans } from '@lingui/macro';
+
+import { Column, Img, Section, Text } from '../components';
+import { TemplateDocumentImage } from './template-document-image';
+
+export interface TemplateDocumentRecipientSignedProps {
+  documentName: string;
+  recipientName: string;
+  recipientEmail: string;
+  assetBaseUrl: string;
+}
+
+export const TemplateDocumentRecipientSigned = ({
+  documentName,
+  recipientName,
+  recipientEmail,
+  assetBaseUrl,
+}: TemplateDocumentRecipientSignedProps) => {
+  const getAssetUrl = (path: string) => {
+    return new URL(path, assetBaseUrl).toString();
+  };
+
+  const recipientReference = recipientName || recipientEmail;
+
+  return (
+    <>
+      <TemplateDocumentImage className="mt-6" assetBaseUrl={assetBaseUrl} />
+
+      <Section>
+        <Section className="mb-4">
+          <Column align="center">
+            <Text className="text-base font-semibold text-[#7AC455]">
+              <Img
+                src={getAssetUrl('/static/completed.png')}
+                className="-mt-0.5 mr-2 inline h-7 w-7 align-middle"
+              />
+              <Trans>Completed</Trans>
+            </Text>
+          </Column>
+        </Section>
+
+        <Text className="text-primary mb-0 text-center text-lg font-semibold">
+          <Trans>
+            {recipientReference} has signed "{documentName}"
+          </Trans>
+        </Text>
+
+        <Text className="mx-auto mb-6 mt-1 max-w-[80%] text-center text-base text-slate-400">
+          <Trans>{recipientReference} has completed signing the document.</Trans>
+        </Text>
+      </Section>
+    </>
+  );
+};
+
+export default TemplateDocumentRecipientSigned;

packages/email/templates/document-recipient-signed.tsx

@@ -0,0 +1,70 @@
+import { msg } from '@lingui/macro';
+import { useLingui } from '@lingui/react';
+
+import { Body, Container, Head, Html, Img, Preview, Section } from '../components';
+import { useBranding } from '../providers/branding';
+import { TemplateDocumentRecipientSigned } from '../template-components/template-document-recipient-signed';
+import { TemplateFooter } from '../template-components/template-footer';
+
+export interface DocumentRecipientSignedEmailTemplateProps {
+  documentName?: string;
+  recipientName?: string;
+  recipientEmail?: string;
+  assetBaseUrl?: string;
+}
+
+export const DocumentRecipientSignedEmailTemplate = ({
+  documentName = 'Open Source Pledge.pdf',
+  recipientName = 'John Doe',
+  recipientEmail = 'lucas@documenso.com',
+  assetBaseUrl = 'http://localhost:3002',
+}: DocumentRecipientSignedEmailTemplateProps) => {
+  const { _ } = useLingui();
+  const branding = useBranding();
+
+  const recipientReference = recipientName || recipientEmail;
+
+  const previewText = msg`${recipientReference} has signed ${documentName}`;
+
+  const getAssetUrl = (path: string) => {
+    return new URL(path, assetBaseUrl).toString();
+  };
+
+  return (
+    <Html>
+      <Head />
+      <Preview>{_(previewText)}</Preview>
+
+      <Body className="mx-auto my-auto font-sans">
+        <Section className="bg-white">
+          <Container className="mx-auto mb-2 mt-8 max-w-xl rounded-lg border border-solid border-slate-200 p-2 backdrop-blur-sm">
+            <Section className="p-2">
+              {branding.brandingEnabled && branding.brandingLogo ? (
+                <Img src={branding.brandingLogo} alt="Branding Logo" className="mb-4 h-6" />
+              ) : (
+                <Img
+                  src={getAssetUrl('/static/logo.png')}
+                  alt="Documenso Logo"
+                  className="mb-4 h-6"
+                />
+              )}
+
+              <TemplateDocumentRecipientSigned
+                documentName={documentName}
+                recipientName={recipientName}
+                recipientEmail={recipientEmail}
+                assetBaseUrl={assetBaseUrl}
+              />
+            </Section>
+          </Container>
+
+          <Container className="mx-auto max-w-xl">
+            <TemplateFooter />
+          </Container>
+        </Section>
+      </Body>
+    </Html>
+  );
+};
+
+export default DocumentRecipientSignedEmailTemplate;

packages/lib/client-only/hooks/use-copy-share-link.ts

@@ -12,7 +12,7 @@ export function useCopyShareLink({ onSuccess, onError }: UseCopyShareLinkOptions
   const [, copyToClipboard] = useCopyToClipboard();
 
   const { mutateAsync: createOrGetShareLink, isLoading: isCreatingShareLink } =
-    trpc.shareLink.createOrGetShareLink.useMutation();
+    trpc.document.createOrGetShareLink.useMutation();
 
   /**
    * Copy a newly created, or pre-existing share link to the user's clipboard.

packages/lib/jobs/client.ts

@@ -1,5 +1,6 @@
 import { JobClient } from './client/client';
 import { SEND_CONFIRMATION_EMAIL_JOB_DEFINITION } from './definitions/emails/send-confirmation-email';
+import { SEND_RECIPIENT_SIGNED_EMAIL_JOB_DEFINITION } from './definitions/emails/send-recipient-signed-email';
 import { SEND_SIGNING_REJECTION_EMAILS_JOB_DEFINITION } from './definitions/emails/send-rejection-emails';
 import { SEND_SIGNING_EMAIL_JOB_DEFINITION } from './definitions/emails/send-signing-email';
 import { SEND_TEAM_DELETED_EMAIL_JOB_DEFINITION } from './definitions/emails/send-team-deleted-email';
@@ -19,6 +20,7 @@ export const jobsClient = new JobClient([
   SEND_TEAM_DELETED_EMAIL_JOB_DEFINITION,
   SEAL_DOCUMENT_JOB_DEFINITION,
   SEND_SIGNING_REJECTION_EMAILS_JOB_DEFINITION,
+  SEND_RECIPIENT_SIGNED_EMAIL_JOB_DEFINITION,
 ] as const);
 
 export const jobs = jobsClient;

packages/lib/jobs/definitions/emails/send-confirmation-email.handler.ts

@@ -0,0 +1,9 @@
+import { sendConfirmationToken } from '../../../server-only/user/send-confirmation-token';
+import type { TSendConfirmationEmailJobDefinition } from './send-confirmation-email';
+
+export const run = async ({ payload }: { payload: TSendConfirmationEmailJobDefinition }) => {
+  await sendConfirmationToken({
+    email: payload.email,
+    force: payload.force,
+  });
+};

packages/lib/jobs/definitions/emails/send-confirmation-email.ts

@@ -1,6 +1,5 @@
 import { z } from 'zod';
 
-import { sendConfirmationToken } from '../../../server-only/user/send-confirmation-token';
 import type { JobDefinition } from '../../client/_internal/job';
 
 const SEND_CONFIRMATION_EMAIL_JOB_DEFINITION_ID = 'send.signup.confirmation.email';
@@ -10,6 +9,10 @@ const SEND_CONFIRMATION_EMAIL_JOB_DEFINITION_SCHEMA = z.object({
   force: z.boolean().optional(),
 });
 
+export type TSendConfirmationEmailJobDefinition = z.infer<
+  typeof SEND_CONFIRMATION_EMAIL_JOB_DEFINITION_SCHEMA
+>;
+
 export const SEND_CONFIRMATION_EMAIL_JOB_DEFINITION = {
   id: SEND_CONFIRMATION_EMAIL_JOB_DEFINITION_ID,
   name: 'Send Confirmation Email',
@@ -19,12 +22,11 @@ export const SEND_CONFIRMATION_EMAIL_JOB_DEFINITION = {
     schema: SEND_CONFIRMATION_EMAIL_JOB_DEFINITION_SCHEMA,
   },
   handler: async ({ payload }) => {
-    await sendConfirmationToken({
-      email: payload.email,
-      force: payload.force,
-    });
+    const handler = await import('./send-confirmation-email.handler');
+
+    await handler.run({ payload });
   },
 } as const satisfies JobDefinition<
   typeof SEND_CONFIRMATION_EMAIL_JOB_DEFINITION_ID,
-  z.infer<typeof SEND_CONFIRMATION_EMAIL_JOB_DEFINITION_SCHEMA>
+  TSendConfirmationEmailJobDefinition
 >;

packages/lib/jobs/definitions/emails/send-recipient-signed-email.ts

@@ -0,0 +1,130 @@
+import { createElement } from 'react';
+
+import { msg } from '@lingui/macro';
+import { z } from 'zod';
+
+import { mailer } from '@documenso/email/mailer';
+import { DocumentRecipientSignedEmailTemplate } from '@documenso/email/templates/document-recipient-signed';
+import { prisma } from '@documenso/prisma';
+
+import { getI18nInstance } from '../../../client-only/providers/i18n.server';
+import { NEXT_PUBLIC_WEBAPP_URL } from '../../../constants/app';
+import { FROM_ADDRESS, FROM_NAME } from '../../../constants/email';
+import { extractDerivedDocumentEmailSettings } from '../../../types/document-email';
+import { renderEmailWithI18N } from '../../../utils/render-email-with-i18n';
+import { teamGlobalSettingsToBranding } from '../../../utils/team-global-settings-to-branding';
+import { type JobDefinition } from '../../client/_internal/job';
+
+const SEND_RECIPIENT_SIGNED_EMAIL_JOB_DEFINITION_ID = 'send.recipient.signed.email';
+
+const SEND_RECIPIENT_SIGNED_EMAIL_JOB_DEFINITION_SCHEMA = z.object({
+  documentId: z.number(),
+  recipientId: z.number(),
+});
+
+export const SEND_RECIPIENT_SIGNED_EMAIL_JOB_DEFINITION = {
+  id: SEND_RECIPIENT_SIGNED_EMAIL_JOB_DEFINITION_ID,
+  name: 'Send Recipient Signed Email',
+  version: '1.0.0',
+  trigger: {
+    name: SEND_RECIPIENT_SIGNED_EMAIL_JOB_DEFINITION_ID,
+    schema: SEND_RECIPIENT_SIGNED_EMAIL_JOB_DEFINITION_SCHEMA,
+  },
+  handler: async ({ payload, io }) => {
+    const { documentId, recipientId } = payload;
+
+    const document = await prisma.document.findFirst({
+      where: {
+        id: documentId,
+        Recipient: {
+          some: {
+            id: recipientId,
+          },
+        },
+      },
+      include: {
+        Recipient: {
+          where: {
+            id: recipientId,
+          },
+        },
+        User: true,
+        documentMeta: true,
+        team: {
+          include: {
+            teamGlobalSettings: true,
+          },
+        },
+      },
+    });
+
+    if (!document) {
+      throw new Error('Document not found');
+    }
+
+    if (document.Recipient.length === 0) {
+      throw new Error('Document has no recipients');
+    }
+
+    const isRecipientSignedEmailEnabled = extractDerivedDocumentEmailSettings(
+      document.documentMeta,
+    ).recipientSigned;
+
+    if (!isRecipientSignedEmailEnabled) {
+      return;
+    }
+
+    const [recipient] = document.Recipient;
+    const { email: recipientEmail, name: recipientName } = recipient;
+    const { User: owner } = document;
+
+    const recipientReference = recipientName || recipientEmail;
+
+    // Don't send notification if the owner is the one who signed
+    if (owner.email === recipientEmail) {
+      return;
+    }
+
+    const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
+    const i18n = await getI18nInstance(document.documentMeta?.language);
+
+    const template = createElement(DocumentRecipientSignedEmailTemplate, {
+      documentName: document.title,
+      recipientName,
+      recipientEmail,
+      assetBaseUrl,
+    });
+
+    await io.runTask('send-recipient-signed-email', async () => {
+      const branding = document.team?.teamGlobalSettings
+        ? teamGlobalSettingsToBranding(document.team.teamGlobalSettings)
+        : undefined;
+
+      const [html, text] = await Promise.all([
+        renderEmailWithI18N(template, { lang: document.documentMeta?.language, branding }),
+        renderEmailWithI18N(template, {
+          lang: document.documentMeta?.language,
+          branding,
+          plainText: true,
+        }),
+      ]);
+
+      await mailer.sendMail({
+        to: {
+          name: owner.name ?? '',
+          address: owner.email,
+        },
+        from: {
+          name: FROM_NAME,
+          address: FROM_ADDRESS,
+        },
+        subject: i18n._(msg`${recipientReference} has signed "${document.title}"`),
+        html,
+        text,
+      });
+    });
+  },
+} as const satisfies JobDefinition<
+  typeof SEND_RECIPIENT_SIGNED_EMAIL_JOB_DEFINITION_ID,
+  z.infer<typeof SEND_RECIPIENT_SIGNED_EMAIL_JOB_DEFINITION_SCHEMA>
+>;

packages/lib/jobs/definitions/emails/send-rejection-emails.handler.ts

@@ -0,0 +1,156 @@
+import { createElement } from 'react';
+
+import { msg } from '@lingui/macro';
+
+import { mailer } from '@documenso/email/mailer';
+import DocumentRejectedEmail from '@documenso/email/templates/document-rejected';
+import DocumentRejectionConfirmedEmail from '@documenso/email/templates/document-rejection-confirmed';
+import { prisma } from '@documenso/prisma';
+import { SendStatus, SigningStatus } from '@documenso/prisma/client';
+
+import { getI18nInstance } from '../../../client-only/providers/i18n.server';
+import { NEXT_PUBLIC_WEBAPP_URL } from '../../../constants/app';
+import { FROM_ADDRESS, FROM_NAME } from '../../../constants/email';
+import { extractDerivedDocumentEmailSettings } from '../../../types/document-email';
+import { renderEmailWithI18N } from '../../../utils/render-email-with-i18n';
+import { teamGlobalSettingsToBranding } from '../../../utils/team-global-settings-to-branding';
+import { formatDocumentsPath } from '../../../utils/teams';
+import type { JobRunIO } from '../../client/_internal/job';
+import type { TSendSigningRejectionEmailsJobDefinition } from './send-rejection-emails';
+
+export const run = async ({
+  payload,
+  io,
+}: {
+  payload: TSendSigningRejectionEmailsJobDefinition;
+  io: JobRunIO;
+}) => {
+  const { documentId, recipientId } = payload;
+
+  const [document, recipient] = await Promise.all([
+    prisma.document.findFirstOrThrow({
+      where: {
+        id: documentId,
+      },
+      include: {
+        User: true,
+        documentMeta: true,
+        team: {
+          select: {
+            teamEmail: true,
+            name: true,
+            url: true,
+            teamGlobalSettings: true,
+          },
+        },
+      },
+    }),
+    prisma.recipient.findFirstOrThrow({
+      where: {
+        id: recipientId,
+        signingStatus: SigningStatus.REJECTED,
+      },
+    }),
+  ]);
+
+  const { documentMeta, team, User: documentOwner } = document;
+
+  const isEmailEnabled = extractDerivedDocumentEmailSettings(
+    document.documentMeta,
+  ).recipientSigningRequest;
+
+  if (!isEmailEnabled) {
+    return;
+  }
+
+  const i18n = await getI18nInstance(documentMeta?.language);
+
+  // Send confirmation email to the recipient who rejected
+  await io.runTask('send-rejection-confirmation-email', async () => {
+    const recipientTemplate = createElement(DocumentRejectionConfirmedEmail, {
+      recipientName: recipient.name,
+      documentName: document.title,
+      documentOwnerName: document.User.name || document.User.email,
+      reason: recipient.rejectionReason || '',
+      assetBaseUrl: NEXT_PUBLIC_WEBAPP_URL(),
+    });
+
+    const branding = document.team?.teamGlobalSettings
+      ? teamGlobalSettingsToBranding(document.team.teamGlobalSettings)
+      : undefined;
+
+    const [html, text] = await Promise.all([
+      renderEmailWithI18N(recipientTemplate, { lang: documentMeta?.language, branding }),
+      renderEmailWithI18N(recipientTemplate, {
+        lang: documentMeta?.language,
+        branding,
+        plainText: true,
+      }),
+    ]);
+
+    await mailer.sendMail({
+      to: {
+        name: recipient.name,
+        address: recipient.email,
+      },
+      from: {
+        name: FROM_NAME,
+        address: FROM_ADDRESS,
+      },
+      subject: i18n._(msg`Document "${document.title}" - Rejection Confirmed`),
+      html,
+      text,
+    });
+  });
+
+  // Send notification email to document owner
+  await io.runTask('send-owner-notification-email', async () => {
+    const ownerTemplate = createElement(DocumentRejectedEmail, {
+      recipientName: recipient.name,
+      documentName: document.title,
+      documentUrl: `${NEXT_PUBLIC_WEBAPP_URL()}${formatDocumentsPath(document.team?.url)}/${
+        document.id
+      }`,
+      rejectionReason: recipient.rejectionReason || '',
+      assetBaseUrl: NEXT_PUBLIC_WEBAPP_URL(),
+    });
+
+    const branding = document.team?.teamGlobalSettings
+      ? teamGlobalSettingsToBranding(document.team.teamGlobalSettings)
+      : undefined;
+
+    const [html, text] = await Promise.all([
+      renderEmailWithI18N(ownerTemplate, { lang: documentMeta?.language, branding }),
+      renderEmailWithI18N(ownerTemplate, {
+        lang: documentMeta?.language,
+        branding,
+        plainText: true,
+      }),
+    ]);
+
+    await mailer.sendMail({
+      to: {
+        name: documentOwner.name || '',
+        address: documentOwner.email,
+      },
+      from: {
+        name: FROM_NAME,
+        address: FROM_ADDRESS,
+      },
+      subject: i18n._(msg`Document "${document.title}" - Rejected by ${recipient.name}`),
+      html,
+      text,
+    });
+  });
+
+  await io.runTask('update-recipient', async () => {
+    await prisma.recipient.update({
+      where: {
+        id: recipient.id,
+      },
+      data: {
+        sendStatus: SendStatus.SENT,
+      },
+    });
+  });
+};

packages/lib/jobs/definitions/emails/send-rejection-emails.ts

@@ -1,21 +1,5 @@
-import { createElement } from 'react';
-
-import { msg } from '@lingui/macro';
 import { z } from 'zod';
 
-import { mailer } from '@documenso/email/mailer';
-import DocumentRejectedEmail from '@documenso/email/templates/document-rejected';
-import DocumentRejectionConfirmedEmail from '@documenso/email/templates/document-rejection-confirmed';
-import { prisma } from '@documenso/prisma';
-import { SendStatus, SigningStatus } from '@documenso/prisma/client';
-
-import { getI18nInstance } from '../../../client-only/providers/i18n.server';
-import { NEXT_PUBLIC_WEBAPP_URL } from '../../../constants/app';
-import { FROM_ADDRESS, FROM_NAME } from '../../../constants/email';
-import { extractDerivedDocumentEmailSettings } from '../../../types/document-email';
-import { renderEmailWithI18N } from '../../../utils/render-email-with-i18n';
-import { teamGlobalSettingsToBranding } from '../../../utils/team-global-settings-to-branding';
-import { formatDocumentsPath } from '../../../utils/teams';
 import { type JobDefinition } from '../../client/_internal/job';
 
 const SEND_SIGNING_REJECTION_EMAILS_JOB_DEFINITION_ID = 'send.signing.rejected.emails';
@@ -25,6 +9,10 @@ const SEND_SIGNING_REJECTION_EMAILS_JOB_DEFINITION_SCHEMA = z.object({
   recipientId: z.number(),
 });
 
+export type TSendSigningRejectionEmailsJobDefinition = z.infer<
+  typeof SEND_SIGNING_REJECTION_EMAILS_JOB_DEFINITION_SCHEMA
+>;
+
 export const SEND_SIGNING_REJECTION_EMAILS_JOB_DEFINITION = {
   id: SEND_SIGNING_REJECTION_EMAILS_JOB_DEFINITION_ID,
   name: 'Send Rejection Emails',
@@ -34,136 +22,11 @@ export const SEND_SIGNING_REJECTION_EMAILS_JOB_DEFINITION = {
     schema: SEND_SIGNING_REJECTION_EMAILS_JOB_DEFINITION_SCHEMA,
   },
   handler: async ({ payload, io }) => {
-    const { documentId, recipientId } = payload;
+    const handler = await import('./send-rejection-emails.handler');
 
-    const [document, recipient] = await Promise.all([
-      prisma.document.findFirstOrThrow({
-        where: {
-          id: documentId,
-        },
-        include: {
-          User: true,
-          documentMeta: true,
-          team: {
-            select: {
-              teamEmail: true,
-              name: true,
-              url: true,
-              teamGlobalSettings: true,
-            },
-          },
-        },
-      }),
-      prisma.recipient.findFirstOrThrow({
-        where: {
-          id: recipientId,
-          signingStatus: SigningStatus.REJECTED,
-        },
-      }),
-    ]);
-
-    const { documentMeta, team, User: documentOwner } = document;
-
-    const isEmailEnabled = extractDerivedDocumentEmailSettings(
-      document.documentMeta,
-    ).recipientSigningRequest;
-
-    if (!isEmailEnabled) {
-      return;
-    }
-
-    const i18n = await getI18nInstance(documentMeta?.language);
-
-    // Send confirmation email to the recipient who rejected
-    await io.runTask('send-rejection-confirmation-email', async () => {
-      const recipientTemplate = createElement(DocumentRejectionConfirmedEmail, {
-        recipientName: recipient.name,
-        documentName: document.title,
-        documentOwnerName: document.User.name || document.User.email,
-        reason: recipient.rejectionReason || '',
-        assetBaseUrl: NEXT_PUBLIC_WEBAPP_URL(),
-      });
-
-      const branding = document.team?.teamGlobalSettings
-        ? teamGlobalSettingsToBranding(document.team.teamGlobalSettings)
-        : undefined;
-
-      const [html, text] = await Promise.all([
-        renderEmailWithI18N(recipientTemplate, { lang: documentMeta?.language, branding }),
-        renderEmailWithI18N(recipientTemplate, {
-          lang: documentMeta?.language,
-          branding,
-          plainText: true,
-        }),
-      ]);
-
-      await mailer.sendMail({
-        to: {
-          name: recipient.name,
-          address: recipient.email,
-        },
-        from: {
-          name: FROM_NAME,
-          address: FROM_ADDRESS,
-        },
-        subject: i18n._(msg`Document "${document.title}" - Rejection Confirmed`),
-        html,
-        text,
-      });
-    });
-
-    // Send notification email to document owner
-    await io.runTask('send-owner-notification-email', async () => {
-      const ownerTemplate = createElement(DocumentRejectedEmail, {
-        recipientName: recipient.name,
-        documentName: document.title,
-        documentUrl: `${NEXT_PUBLIC_WEBAPP_URL()}${formatDocumentsPath(document.team?.url)}/${
-          document.id
-        }`,
-        rejectionReason: recipient.rejectionReason || '',
-        assetBaseUrl: NEXT_PUBLIC_WEBAPP_URL(),
-      });
-
-      const branding = document.team?.teamGlobalSettings
-        ? teamGlobalSettingsToBranding(document.team.teamGlobalSettings)
-        : undefined;
-
-      const [html, text] = await Promise.all([
-        renderEmailWithI18N(ownerTemplate, { lang: documentMeta?.language, branding }),
-        renderEmailWithI18N(ownerTemplate, {
-          lang: documentMeta?.language,
-          branding,
-          plainText: true,
-        }),
-      ]);
-
-      await mailer.sendMail({
-        to: {
-          name: documentOwner.name || '',
-          address: documentOwner.email,
-        },
-        from: {
-          name: FROM_NAME,
-          address: FROM_ADDRESS,
-        },
-        subject: i18n._(msg`Document "${document.title}" - Rejected by ${recipient.name}`),
-        html,
-        text,
-      });
-    });
-
-    await io.runTask('update-recipient', async () => {
-      await prisma.recipient.update({
-        where: {
-          id: recipient.id,
-        },
-        data: {
-          sendStatus: SendStatus.SENT,
-        },
-      });
-    });
+    await handler.run({ payload, io });
   },
 } as const satisfies JobDefinition<
   typeof SEND_SIGNING_REJECTION_EMAILS_JOB_DEFINITION_ID,
-  z.infer<typeof SEND_SIGNING_REJECTION_EMAILS_JOB_DEFINITION_SCHEMA>
+  TSendSigningRejectionEmailsJobDefinition
 >;

packages/lib/jobs/definitions/emails/send-signing-email.handler.ts

@@ -0,0 +1,215 @@
+import { createElement } from 'react';
+
+import { msg } from '@lingui/macro';
+
+import { mailer } from '@documenso/email/mailer';
+import DocumentInviteEmailTemplate from '@documenso/email/templates/document-invite';
+import { prisma } from '@documenso/prisma';
+import {
+  DocumentSource,
+  DocumentStatus,
+  RecipientRole,
+  SendStatus,
+} from '@documenso/prisma/client';
+
+import { getI18nInstance } from '../../../client-only/providers/i18n.server';
+import { NEXT_PUBLIC_WEBAPP_URL } from '../../../constants/app';
+import { FROM_ADDRESS, FROM_NAME } from '../../../constants/email';
+import {
+  RECIPIENT_ROLES_DESCRIPTION,
+  RECIPIENT_ROLE_TO_EMAIL_TYPE,
+} from '../../../constants/recipient-roles';
+import { DOCUMENT_AUDIT_LOG_TYPE } from '../../../types/document-audit-logs';
+import { extractDerivedDocumentEmailSettings } from '../../../types/document-email';
+import { createDocumentAuditLogData } from '../../../utils/document-audit-logs';
+import { renderCustomEmailTemplate } from '../../../utils/render-custom-email-template';
+import { renderEmailWithI18N } from '../../../utils/render-email-with-i18n';
+import { teamGlobalSettingsToBranding } from '../../../utils/team-global-settings-to-branding';
+import type { JobRunIO } from '../../client/_internal/job';
+import type { TSendSigningEmailJobDefinition } from './send-signing-email';
+
+export const run = async ({
+  payload,
+  io,
+}: {
+  payload: TSendSigningEmailJobDefinition;
+  io: JobRunIO;
+}) => {
+  const { userId, documentId, recipientId, requestMetadata } = payload;
+
+  const [user, document, recipient] = await Promise.all([
+    prisma.user.findFirstOrThrow({
+      where: {
+        id: userId,
+      },
+    }),
+    prisma.document.findFirstOrThrow({
+      where: {
+        id: documentId,
+        status: DocumentStatus.PENDING,
+      },
+      include: {
+        documentMeta: true,
+        team: {
+          select: {
+            teamEmail: true,
+            name: true,
+            teamGlobalSettings: true,
+          },
+        },
+      },
+    }),
+    prisma.recipient.findFirstOrThrow({
+      where: {
+        id: recipientId,
+      },
+    }),
+  ]);
+
+  const { documentMeta, team } = document;
+
+  if (recipient.role === RecipientRole.CC) {
+    return;
+  }
+
+  const isRecipientSigningRequestEmailEnabled = extractDerivedDocumentEmailSettings(
+    document.documentMeta,
+  ).recipientSigningRequest;
+
+  if (!isRecipientSigningRequestEmailEnabled) {
+    return;
+  }
+
+  const customEmail = document?.documentMeta;
+  const isDirectTemplate = document.source === DocumentSource.TEMPLATE_DIRECT_LINK;
+  const isTeamDocument = document.teamId !== null;
+
+  const recipientEmailType = RECIPIENT_ROLE_TO_EMAIL_TYPE[recipient.role];
+
+  const { email, name } = recipient;
+  const selfSigner = email === user.email;
+
+  const i18n = await getI18nInstance(documentMeta?.language);
+
+  const recipientActionVerb = i18n
+    ._(RECIPIENT_ROLES_DESCRIPTION[recipient.role].actionVerb)
+    .toLowerCase();
+
+  let emailMessage = customEmail?.message || '';
+  let emailSubject = i18n._(msg`Please ${recipientActionVerb} this document`);
+
+  if (selfSigner) {
+    emailMessage = i18n._(
+      msg`You have initiated the document ${`"${document.title}"`} that requires you to ${recipientActionVerb} it.`,
+    );
+    emailSubject = i18n._(msg`Please ${recipientActionVerb} your document`);
+  }
+
+  if (isDirectTemplate) {
+    emailMessage = i18n._(
+      msg`A document was created by your direct template that requires you to ${recipientActionVerb} it.`,
+    );
+    emailSubject = i18n._(
+      msg`Please ${recipientActionVerb} this document created by your direct template`,
+    );
+  }
+
+  if (isTeamDocument && team) {
+    emailSubject = i18n._(msg`${team.name} invited you to ${recipientActionVerb} a document`);
+    emailMessage = customEmail?.message ?? '';
+
+    if (!emailMessage) {
+      emailMessage = i18n._(
+        team.teamGlobalSettings?.includeSenderDetails
+          ? msg`${user.name} on behalf of "${team.name}" has invited you to ${recipientActionVerb} the document "${document.title}".`
+          : msg`${team.name} has invited you to ${recipientActionVerb} the document "${document.title}".`,
+      );
+    }
+  }
+
+  const customEmailTemplate = {
+    'signer.name': name,
+    'signer.email': email,
+    'document.name': document.title,
+  };
+
+  const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
+  const signDocumentLink = `${NEXT_PUBLIC_WEBAPP_URL()}/sign/${recipient.token}`;
+
+  const template = createElement(DocumentInviteEmailTemplate, {
+    documentName: document.title,
+    inviterName: user.name || undefined,
+    inviterEmail: isTeamDocument ? team?.teamEmail?.email || user.email : user.email,
+    assetBaseUrl,
+    signDocumentLink,
+    customBody: renderCustomEmailTemplate(emailMessage, customEmailTemplate),
+    role: recipient.role,
+    selfSigner,
+    isTeamInvite: isTeamDocument,
+    teamName: team?.name,
+    teamEmail: team?.teamEmail?.email,
+    includeSenderDetails: team?.teamGlobalSettings?.includeSenderDetails,
+  });
+
+  await io.runTask('send-signing-email', async () => {
+    const branding = document.team?.teamGlobalSettings
+      ? teamGlobalSettingsToBranding(document.team.teamGlobalSettings)
+      : undefined;
+
+    const [html, text] = await Promise.all([
+      renderEmailWithI18N(template, { lang: documentMeta?.language, branding }),
+      renderEmailWithI18N(template, {
+        lang: documentMeta?.language,
+        branding,
+        plainText: true,
+      }),
+    ]);
+
+    await mailer.sendMail({
+      to: {
+        name: recipient.name,
+        address: recipient.email,
+      },
+      from: {
+        name: FROM_NAME,
+        address: FROM_ADDRESS,
+      },
+      subject: renderCustomEmailTemplate(
+        documentMeta?.subject || emailSubject,
+        customEmailTemplate,
+      ),
+      html,
+      text,
+    });
+  });
+
+  await io.runTask('update-recipient', async () => {
+    await prisma.recipient.update({
+      where: {
+        id: recipient.id,
+      },
+      data: {
+        sendStatus: SendStatus.SENT,
+      },
+    });
+  });
+
+  await io.runTask('store-audit-log', async () => {
+    await prisma.documentAuditLog.create({
+      data: createDocumentAuditLogData({
+        type: DOCUMENT_AUDIT_LOG_TYPE.EMAIL_SENT,
+        documentId: document.id,
+        user,
+        requestMetadata,
+        data: {
+          emailType: recipientEmailType,
+          recipientId: recipient.id,
+          recipientName: recipient.name,
+          recipientEmail: recipient.email,
+          recipientRole: recipient.role,
+          isResending: false,
+        },
+      }),
+    });
+  });
+};

packages/lib/jobs/definitions/emails/send-signing-email.ts

@@ -1,32 +1,6 @@
-import { createElement } from 'react';
-
-import { msg } from '@lingui/macro';
 import { z } from 'zod';
 
-import { mailer } from '@documenso/email/mailer';
-import DocumentInviteEmailTemplate from '@documenso/email/templates/document-invite';
-import { prisma } from '@documenso/prisma';
-import {
-  DocumentSource,
-  DocumentStatus,
-  RecipientRole,
-  SendStatus,
-} from '@documenso/prisma/client';
-
-import { getI18nInstance } from '../../../client-only/providers/i18n.server';
-import { NEXT_PUBLIC_WEBAPP_URL } from '../../../constants/app';
-import { FROM_ADDRESS, FROM_NAME } from '../../../constants/email';
-import {
-  RECIPIENT_ROLES_DESCRIPTION,
-  RECIPIENT_ROLE_TO_EMAIL_TYPE,
-} from '../../../constants/recipient-roles';
-import { DOCUMENT_AUDIT_LOG_TYPE } from '../../../types/document-audit-logs';
-import { extractDerivedDocumentEmailSettings } from '../../../types/document-email';
 import { ZRequestMetadataSchema } from '../../../universal/extract-request-metadata';
-import { createDocumentAuditLogData } from '../../../utils/document-audit-logs';
-import { renderCustomEmailTemplate } from '../../../utils/render-custom-email-template';
-import { renderEmailWithI18N } from '../../../utils/render-email-with-i18n';
-import { teamGlobalSettingsToBranding } from '../../../utils/team-global-settings-to-branding';
 import { type JobDefinition } from '../../client/_internal/job';
 
 const SEND_SIGNING_EMAIL_JOB_DEFINITION_ID = 'send.signing.requested.email';
@@ -38,6 +12,10 @@ const SEND_SIGNING_EMAIL_JOB_DEFINITION_SCHEMA = z.object({
   requestMetadata: ZRequestMetadataSchema.optional(),
 });
 
+export type TSendSigningEmailJobDefinition = z.infer<
+  typeof SEND_SIGNING_EMAIL_JOB_DEFINITION_SCHEMA
+>;
+
 export const SEND_SIGNING_EMAIL_JOB_DEFINITION = {
   id: SEND_SIGNING_EMAIL_JOB_DEFINITION_ID,
   name: 'Send Signing Email',
@@ -47,185 +25,11 @@ export const SEND_SIGNING_EMAIL_JOB_DEFINITION = {
     schema: SEND_SIGNING_EMAIL_JOB_DEFINITION_SCHEMA,
   },
   handler: async ({ payload, io }) => {
-    const { userId, documentId, recipientId, requestMetadata } = payload;
+    const handler = await import('./send-signing-email.handler');
 
-    const [user, document, recipient] = await Promise.all([
-      prisma.user.findFirstOrThrow({
-        where: {
-          id: userId,
-        },
-      }),
-      prisma.document.findFirstOrThrow({
-        where: {
-          id: documentId,
-          status: DocumentStatus.PENDING,
-        },
-        include: {
-          documentMeta: true,
-          team: {
-            select: {
-              teamEmail: true,
-              name: true,
-              teamGlobalSettings: true,
-            },
-          },
-        },
-      }),
-      prisma.recipient.findFirstOrThrow({
-        where: {
-          id: recipientId,
-        },
-      }),
-    ]);
-
-    const { documentMeta, team } = document;
-
-    if (recipient.role === RecipientRole.CC) {
-      return;
-    }
-
-    const isRecipientSigningRequestEmailEnabled = extractDerivedDocumentEmailSettings(
-      document.documentMeta,
-    ).recipientSigningRequest;
-
-    if (!isRecipientSigningRequestEmailEnabled) {
-      return;
-    }
-
-    const customEmail = document?.documentMeta;
-    const isDirectTemplate = document.source === DocumentSource.TEMPLATE_DIRECT_LINK;
-    const isTeamDocument = document.teamId !== null;
-
-    const recipientEmailType = RECIPIENT_ROLE_TO_EMAIL_TYPE[recipient.role];
-
-    const { email, name } = recipient;
-    const selfSigner = email === user.email;
-
-    const i18n = await getI18nInstance(documentMeta?.language);
-
-    const recipientActionVerb = i18n
-      ._(RECIPIENT_ROLES_DESCRIPTION[recipient.role].actionVerb)
-      .toLowerCase();
-
-    let emailMessage = customEmail?.message || '';
-    let emailSubject = i18n._(msg`Please ${recipientActionVerb} this document`);
-
-    if (selfSigner) {
-      emailMessage = i18n._(
-        msg`You have initiated the document ${`"${document.title}"`} that requires you to ${recipientActionVerb} it.`,
-      );
-      emailSubject = i18n._(msg`Please ${recipientActionVerb} your document`);
-    }
-
-    if (isDirectTemplate) {
-      emailMessage = i18n._(
-        msg`A document was created by your direct template that requires you to ${recipientActionVerb} it.`,
-      );
-      emailSubject = i18n._(
-        msg`Please ${recipientActionVerb} this document created by your direct template`,
-      );
-    }
-
-    if (isTeamDocument && team) {
-      emailSubject = i18n._(msg`${team.name} invited you to ${recipientActionVerb} a document`);
-      emailMessage = customEmail?.message ?? '';
-
-      if (!emailMessage) {
-        emailMessage = i18n._(
-          team.teamGlobalSettings?.includeSenderDetails
-            ? msg`${user.name} on behalf of "${team.name}" has invited you to ${recipientActionVerb} the document "${document.title}".`
-            : msg`${team.name} has invited you to ${recipientActionVerb} the document "${document.title}".`,
-        );
-      }
-    }
-
-    const customEmailTemplate = {
-      'signer.name': name,
-      'signer.email': email,
-      'document.name': document.title,
-    };
-
-    const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
-    const signDocumentLink = `${NEXT_PUBLIC_WEBAPP_URL()}/sign/${recipient.token}`;
-
-    const template = createElement(DocumentInviteEmailTemplate, {
-      documentName: document.title,
-      inviterName: user.name || undefined,
-      inviterEmail: isTeamDocument ? team?.teamEmail?.email || user.email : user.email,
-      assetBaseUrl,
-      signDocumentLink,
-      customBody: renderCustomEmailTemplate(emailMessage, customEmailTemplate),
-      role: recipient.role,
-      selfSigner,
-      isTeamInvite: isTeamDocument,
-      teamName: team?.name,
-      teamEmail: team?.teamEmail?.email,
-      includeSenderDetails: team?.teamGlobalSettings?.includeSenderDetails,
-    });
-
-    await io.runTask('send-signing-email', async () => {
-      const branding = document.team?.teamGlobalSettings
-        ? teamGlobalSettingsToBranding(document.team.teamGlobalSettings)
-        : undefined;
-
-      const [html, text] = await Promise.all([
-        renderEmailWithI18N(template, { lang: documentMeta?.language, branding }),
-        renderEmailWithI18N(template, {
-          lang: documentMeta?.language,
-          branding,
-          plainText: true,
-        }),
-      ]);
-
-      await mailer.sendMail({
-        to: {
-          name: recipient.name,
-          address: recipient.email,
-        },
-        from: {
-          name: FROM_NAME,
-          address: FROM_ADDRESS,
-        },
-        subject: renderCustomEmailTemplate(
-          documentMeta?.subject || emailSubject,
-          customEmailTemplate,
-        ),
-        html,
-        text,
-      });
-    });
-
-    await io.runTask('update-recipient', async () => {
-      await prisma.recipient.update({
-        where: {
-          id: recipient.id,
-        },
-        data: {
-          sendStatus: SendStatus.SENT,
-        },
-      });
-    });
-
-    await io.runTask('store-audit-log', async () => {
-      await prisma.documentAuditLog.create({
-        data: createDocumentAuditLogData({
-          type: DOCUMENT_AUDIT_LOG_TYPE.EMAIL_SENT,
-          documentId: document.id,
-          user,
-          requestMetadata,
-          data: {
-            emailType: recipientEmailType,
-            recipientId: recipient.id,
-            recipientName: recipient.name,
-            recipientEmail: recipient.email,
-            recipientRole: recipient.role,
-            isResending: false,
-          },
-        }),
-      });
-    });
+    await handler.run({ payload, io });
   },
 } as const satisfies JobDefinition<
   typeof SEND_SIGNING_EMAIL_JOB_DEFINITION_ID,
-  z.infer<typeof SEND_SIGNING_EMAIL_JOB_DEFINITION_SCHEMA>
+  TSendSigningEmailJobDefinition
 >;

packages/lib/jobs/definitions/emails/send-team-deleted-email.handler.ts

@@ -0,0 +1,23 @@
+import { sendTeamDeleteEmail } from '../../../server-only/team/delete-team';
+import type { JobRunIO } from '../../client/_internal/job';
+import type { TSendTeamDeletedEmailJobDefinition } from './send-team-deleted-email';
+
+export const run = async ({
+  payload,
+  io,
+}: {
+  payload: TSendTeamDeletedEmailJobDefinition;
+  io: JobRunIO;
+}) => {
+  const { team, members } = payload;
+
+  for (const member of members) {
+    await io.runTask(`send-team-deleted-email--${team.url}_${member.id}`, async () => {
+      await sendTeamDeleteEmail({
+        email: member.email,
+        team,
+        isOwner: member.id === team.ownerUserId,
+      });
+    });
+  }
+};

packages/lib/jobs/definitions/emails/send-team-deleted-email.ts

@@ -2,7 +2,6 @@ import { z } from 'zod';
 
 import { DocumentVisibility } from '@documenso/prisma/client';
 
-import { sendTeamDeleteEmail } from '../../../server-only/team/delete-team';
 import type { JobDefinition } from '../../client/_internal/job';
 
 const SEND_TEAM_DELETED_EMAIL_JOB_DEFINITION_ID = 'send.team-deleted.email';
@@ -37,6 +36,10 @@ const SEND_TEAM_DELETED_EMAIL_JOB_DEFINITION_SCHEMA = z.object({
   ),
 });
 
+export type TSendTeamDeletedEmailJobDefinition = z.infer<
+  typeof SEND_TEAM_DELETED_EMAIL_JOB_DEFINITION_SCHEMA
+>;
+
 export const SEND_TEAM_DELETED_EMAIL_JOB_DEFINITION = {
   id: SEND_TEAM_DELETED_EMAIL_JOB_DEFINITION_ID,
   name: 'Send Team Deleted Email',
@@ -46,19 +49,11 @@ export const SEND_TEAM_DELETED_EMAIL_JOB_DEFINITION = {
     schema: SEND_TEAM_DELETED_EMAIL_JOB_DEFINITION_SCHEMA,
   },
   handler: async ({ payload, io }) => {
-    const { team, members } = payload;
+    const handler = await import('./send-team-deleted-email.handler');
 
-    for (const member of members) {
-      await io.runTask(`send-team-deleted-email--${team.url}_${member.id}`, async () => {
-        await sendTeamDeleteEmail({
-          email: member.email,
-          team,
-          isOwner: member.id === team.ownerUserId,
-        });
-      });
-    }
+    await handler.run({ payload, io });
   },
 } as const satisfies JobDefinition<
   typeof SEND_TEAM_DELETED_EMAIL_JOB_DEFINITION_ID,
-  z.infer<typeof SEND_TEAM_DELETED_EMAIL_JOB_DEFINITION_SCHEMA>
+  TSendTeamDeletedEmailJobDefinition
 >;

packages/lib/jobs/definitions/emails/send-team-member-joined-email.handler.ts

@@ -0,0 +1,105 @@
+import { createElement } from 'react';
+
+import { msg } from '@lingui/macro';
+
+import { mailer } from '@documenso/email/mailer';
+import TeamJoinEmailTemplate from '@documenso/email/templates/team-join';
+import { prisma } from '@documenso/prisma';
+import { TeamMemberRole } from '@documenso/prisma/client';
+
+import { getI18nInstance } from '../../../client-only/providers/i18n.server';
+import { WEBAPP_BASE_URL } from '../../../constants/app';
+import { FROM_ADDRESS, FROM_NAME } from '../../../constants/email';
+import { renderEmailWithI18N } from '../../../utils/render-email-with-i18n';
+import { teamGlobalSettingsToBranding } from '../../../utils/team-global-settings-to-branding';
+import type { JobRunIO } from '../../client/_internal/job';
+import type { TSendTeamMemberJoinedEmailJobDefinition } from './send-team-member-joined-email';
+
+export const run = async ({
+  payload,
+  io,
+}: {
+  payload: TSendTeamMemberJoinedEmailJobDefinition;
+  io: JobRunIO;
+}) => {
+  const team = await prisma.team.findFirstOrThrow({
+    where: {
+      id: payload.teamId,
+    },
+    include: {
+      members: {
+        where: {
+          role: {
+            in: [TeamMemberRole.ADMIN, TeamMemberRole.MANAGER],
+          },
+        },
+        include: {
+          user: true,
+        },
+      },
+      teamGlobalSettings: true,
+    },
+  });
+
+  const invitedMember = await prisma.teamMember.findFirstOrThrow({
+    where: {
+      id: payload.memberId,
+      teamId: payload.teamId,
+    },
+    include: {
+      user: true,
+    },
+  });
+
+  for (const member of team.members) {
+    if (member.id === invitedMember.id) {
+      continue;
+    }
+
+    await io.runTask(
+      `send-team-member-joined-email--${invitedMember.id}_${member.id}`,
+      async () => {
+        const emailContent = createElement(TeamJoinEmailTemplate, {
+          assetBaseUrl: WEBAPP_BASE_URL,
+          baseUrl: WEBAPP_BASE_URL,
+          memberName: invitedMember.user.name || '',
+          memberEmail: invitedMember.user.email,
+          teamName: team.name,
+          teamUrl: team.url,
+        });
+
+        const branding = team.teamGlobalSettings
+          ? teamGlobalSettingsToBranding(team.teamGlobalSettings)
+          : undefined;
+
+        const lang = team.teamGlobalSettings?.documentLanguage;
+
+        // !: Replace with the actual language of the recipient later
+        const [html, text] = await Promise.all([
+          renderEmailWithI18N(emailContent, {
+            lang,
+            branding,
+          }),
+          renderEmailWithI18N(emailContent, {
+            lang,
+            branding,
+            plainText: true,
+          }),
+        ]);
+
+        const i18n = await getI18nInstance(lang);
+
+        await mailer.sendMail({
+          to: member.user.email,
+          from: {
+            name: FROM_NAME,
+            address: FROM_ADDRESS,
+          },
+          subject: i18n._(msg`A new member has joined your team`),
+          html,
+          text,
+        });
+      },
+    );
+  }
+};

packages/lib/jobs/definitions/emails/send-team-member-joined-email.ts

@@ -1,18 +1,5 @@
-import { createElement } from 'react';
-
-import { msg } from '@lingui/macro';
 import { z } from 'zod';
 
-import { mailer } from '@documenso/email/mailer';
-import TeamJoinEmailTemplate from '@documenso/email/templates/team-join';
-import { prisma } from '@documenso/prisma';
-import { TeamMemberRole } from '@documenso/prisma/client';
-
-import { getI18nInstance } from '../../../client-only/providers/i18n.server';
-import { WEBAPP_BASE_URL } from '../../../constants/app';
-import { FROM_ADDRESS, FROM_NAME } from '../../../constants/email';
-import { renderEmailWithI18N } from '../../../utils/render-email-with-i18n';
-import { teamGlobalSettingsToBranding } from '../../../utils/team-global-settings-to-branding';
 import type { JobDefinition } from '../../client/_internal/job';
 
 const SEND_TEAM_MEMBER_JOINED_EMAIL_JOB_DEFINITION_ID = 'send.team-member-joined.email';
@@ -22,6 +9,10 @@ const SEND_TEAM_MEMBER_JOINED_EMAIL_JOB_DEFINITION_SCHEMA = z.object({
   memberId: z.number(),
 });
 
+export type TSendTeamMemberJoinedEmailJobDefinition = z.infer<
+  typeof SEND_TEAM_MEMBER_JOINED_EMAIL_JOB_DEFINITION_SCHEMA
+>;
+
 export const SEND_TEAM_MEMBER_JOINED_EMAIL_JOB_DEFINITION = {
   id: SEND_TEAM_MEMBER_JOINED_EMAIL_JOB_DEFINITION_ID,
   name: 'Send Team Member Joined Email',
@@ -31,88 +22,11 @@ export const SEND_TEAM_MEMBER_JOINED_EMAIL_JOB_DEFINITION = {
     schema: SEND_TEAM_MEMBER_JOINED_EMAIL_JOB_DEFINITION_SCHEMA,
   },
   handler: async ({ payload, io }) => {
-    const team = await prisma.team.findFirstOrThrow({
-      where: {
-        id: payload.teamId,
-      },
-      include: {
-        members: {
-          where: {
-            role: {
-              in: [TeamMemberRole.ADMIN, TeamMemberRole.MANAGER],
-            },
-          },
-          include: {
-            user: true,
-          },
-        },
-        teamGlobalSettings: true,
-      },
-    });
+    const handler = await import('./send-team-member-joined-email.handler');
 
-    const invitedMember = await prisma.teamMember.findFirstOrThrow({
-      where: {
-        id: payload.memberId,
-        teamId: payload.teamId,
-      },
-      include: {
-        user: true,
-      },
-    });
-
-    for (const member of team.members) {
-      if (member.id === invitedMember.id) {
-        continue;
-      }
-
-      await io.runTask(
-        `send-team-member-joined-email--${invitedMember.id}_${member.id}`,
-        async () => {
-          const emailContent = createElement(TeamJoinEmailTemplate, {
-            assetBaseUrl: WEBAPP_BASE_URL,
-            baseUrl: WEBAPP_BASE_URL,
-            memberName: invitedMember.user.name || '',
-            memberEmail: invitedMember.user.email,
-            teamName: team.name,
-            teamUrl: team.url,
-          });
-
-          const branding = team.teamGlobalSettings
-            ? teamGlobalSettingsToBranding(team.teamGlobalSettings)
-            : undefined;
-
-          const lang = team.teamGlobalSettings?.documentLanguage;
-
-          // !: Replace with the actual language of the recipient later
-          const [html, text] = await Promise.all([
-            renderEmailWithI18N(emailContent, {
-              lang,
-              branding,
-            }),
-            renderEmailWithI18N(emailContent, {
-              lang,
-              branding,
-              plainText: true,
-            }),
-          ]);
-
-          const i18n = await getI18nInstance(lang);
-
-          await mailer.sendMail({
-            to: member.user.email,
-            from: {
-              name: FROM_NAME,
-              address: FROM_ADDRESS,
-            },
-            subject: i18n._(msg`A new member has joined your team`),
-            html,
-            text,
-          });
-        },
-      );
-    }
+    await handler.run({ payload, io });
   },
 } as const satisfies JobDefinition<
   typeof SEND_TEAM_MEMBER_JOINED_EMAIL_JOB_DEFINITION_ID,
-  z.infer<typeof SEND_TEAM_MEMBER_JOINED_EMAIL_JOB_DEFINITION_SCHEMA>
+  TSendTeamMemberJoinedEmailJobDefinition
 >;

packages/lib/jobs/definitions/emails/send-team-member-left-email.handler.ts

@@ -0,0 +1,93 @@
+import { createElement } from 'react';
+
+import { msg } from '@lingui/macro';
+
+import { mailer } from '@documenso/email/mailer';
+import TeamJoinEmailTemplate from '@documenso/email/templates/team-join';
+import { prisma } from '@documenso/prisma';
+import { TeamMemberRole } from '@documenso/prisma/client';
+
+import { getI18nInstance } from '../../../client-only/providers/i18n.server';
+import { WEBAPP_BASE_URL } from '../../../constants/app';
+import { FROM_ADDRESS, FROM_NAME } from '../../../constants/email';
+import { renderEmailWithI18N } from '../../../utils/render-email-with-i18n';
+import { teamGlobalSettingsToBranding } from '../../../utils/team-global-settings-to-branding';
+import type { JobRunIO } from '../../client/_internal/job';
+import type { TSendTeamMemberLeftEmailJobDefinition } from './send-team-member-left-email';
+
+export const run = async ({
+  payload,
+  io,
+}: {
+  payload: TSendTeamMemberLeftEmailJobDefinition;
+  io: JobRunIO;
+}) => {
+  const team = await prisma.team.findFirstOrThrow({
+    where: {
+      id: payload.teamId,
+    },
+    include: {
+      members: {
+        where: {
+          role: {
+            in: [TeamMemberRole.ADMIN, TeamMemberRole.MANAGER],
+          },
+        },
+        include: {
+          user: true,
+        },
+      },
+      teamGlobalSettings: true,
+    },
+  });
+
+  const oldMember = await prisma.user.findFirstOrThrow({
+    where: {
+      id: payload.memberUserId,
+    },
+  });
+
+  for (const member of team.members) {
+    await io.runTask(`send-team-member-left-email--${oldMember.id}_${member.id}`, async () => {
+      const emailContent = createElement(TeamJoinEmailTemplate, {
+        assetBaseUrl: WEBAPP_BASE_URL,
+        baseUrl: WEBAPP_BASE_URL,
+        memberName: oldMember.name || '',
+        memberEmail: oldMember.email,
+        teamName: team.name,
+        teamUrl: team.url,
+      });
+
+      const branding = team.teamGlobalSettings
+        ? teamGlobalSettingsToBranding(team.teamGlobalSettings)
+        : undefined;
+
+      const lang = team.teamGlobalSettings?.documentLanguage;
+
+      const [html, text] = await Promise.all([
+        renderEmailWithI18N(emailContent, {
+          lang,
+          branding,
+        }),
+        renderEmailWithI18N(emailContent, {
+          lang,
+          branding,
+          plainText: true,
+        }),
+      ]);
+
+      const i18n = await getI18nInstance(lang);
+
+      await mailer.sendMail({
+        to: member.user.email,
+        from: {
+          name: FROM_NAME,
+          address: FROM_ADDRESS,
+        },
+        subject: i18n._(msg`A team member has left ${team.name}`),
+        html,
+        text,
+      });
+    });
+  }
+};

packages/lib/jobs/definitions/emails/send-team-member-left-email.ts

@@ -1,18 +1,5 @@
-import { createElement } from 'react';
-
-import { msg } from '@lingui/macro';
 import { z } from 'zod';
 
-import { mailer } from '@documenso/email/mailer';
-import TeamJoinEmailTemplate from '@documenso/email/templates/team-join';
-import { prisma } from '@documenso/prisma';
-import { TeamMemberRole } from '@documenso/prisma/client';
-
-import { getI18nInstance } from '../../../client-only/providers/i18n.server';
-import { WEBAPP_BASE_URL } from '../../../constants/app';
-import { FROM_ADDRESS, FROM_NAME } from '../../../constants/email';
-import { renderEmailWithI18N } from '../../../utils/render-email-with-i18n';
-import { teamGlobalSettingsToBranding } from '../../../utils/team-global-settings-to-branding';
 import type { JobDefinition } from '../../client/_internal/job';
 
 const SEND_TEAM_MEMBER_LEFT_EMAIL_JOB_DEFINITION_ID = 'send.team-member-left.email';
@@ -22,6 +9,10 @@ const SEND_TEAM_MEMBER_LEFT_EMAIL_JOB_DEFINITION_SCHEMA = z.object({
   memberUserId: z.number(),
 });
 
+export type TSendTeamMemberLeftEmailJobDefinition = z.infer<
+  typeof SEND_TEAM_MEMBER_LEFT_EMAIL_JOB_DEFINITION_SCHEMA
+>;
+
 export const SEND_TEAM_MEMBER_LEFT_EMAIL_JOB_DEFINITION = {
   id: SEND_TEAM_MEMBER_LEFT_EMAIL_JOB_DEFINITION_ID,
   name: 'Send Team Member Left Email',
@@ -31,76 +22,11 @@ export const SEND_TEAM_MEMBER_LEFT_EMAIL_JOB_DEFINITION = {
     schema: SEND_TEAM_MEMBER_LEFT_EMAIL_JOB_DEFINITION_SCHEMA,
   },
   handler: async ({ payload, io }) => {
-    const team = await prisma.team.findFirstOrThrow({
-      where: {
-        id: payload.teamId,
-      },
-      include: {
-        members: {
-          where: {
-            role: {
-              in: [TeamMemberRole.ADMIN, TeamMemberRole.MANAGER],
-            },
-          },
-          include: {
-            user: true,
-          },
-        },
-        teamGlobalSettings: true,
-      },
-    });
+    const handler = await import('./send-team-member-left-email.handler');
 
-    const oldMember = await prisma.user.findFirstOrThrow({
-      where: {
-        id: payload.memberUserId,
-      },
-    });
-
-    for (const member of team.members) {
-      await io.runTask(`send-team-member-left-email--${oldMember.id}_${member.id}`, async () => {
-        const emailContent = createElement(TeamJoinEmailTemplate, {
-          assetBaseUrl: WEBAPP_BASE_URL,
-          baseUrl: WEBAPP_BASE_URL,
-          memberName: oldMember.name || '',
-          memberEmail: oldMember.email,
-          teamName: team.name,
-          teamUrl: team.url,
-        });
-
-        const branding = team.teamGlobalSettings
-          ? teamGlobalSettingsToBranding(team.teamGlobalSettings)
-          : undefined;
-
-        const lang = team.teamGlobalSettings?.documentLanguage;
-
-        const [html, text] = await Promise.all([
-          renderEmailWithI18N(emailContent, {
-            lang,
-            branding,
-          }),
-          renderEmailWithI18N(emailContent, {
-            lang,
-            branding,
-            plainText: true,
-          }),
-        ]);
-
-        const i18n = await getI18nInstance(lang);
-
-        await mailer.sendMail({
-          to: member.user.email,
-          from: {
-            name: FROM_NAME,
-            address: FROM_ADDRESS,
-          },
-          subject: i18n._(msg`A team member has left ${team.name}`),
-          html,
-          text,
-        });
-      });
-    }
+    await handler.run({ payload, io });
   },
 } as const satisfies JobDefinition<
   typeof SEND_TEAM_MEMBER_LEFT_EMAIL_JOB_DEFINITION_ID,
-  z.infer<typeof SEND_TEAM_MEMBER_LEFT_EMAIL_JOB_DEFINITION_SCHEMA>
+  TSendTeamMemberLeftEmailJobDefinition
 >;

packages/lib/jobs/definitions/internal/seal-document.handler.ts

@@ -0,0 +1,256 @@
+import { nanoid } from 'nanoid';
+import path from 'node:path';
+import { PDFDocument } from 'pdf-lib';
+
+import { prisma } from '@documenso/prisma';
+import {
+  DocumentStatus,
+  RecipientRole,
+  SigningStatus,
+  WebhookTriggerEvents,
+} from '@documenso/prisma/client';
+import { signPdf } from '@documenso/signing';
+
+import { sendCompletedEmail } from '../../../server-only/document/send-completed-email';
+import PostHogServerClient from '../../../server-only/feature-flags/get-post-hog-server-client';
+import { getCertificatePdf } from '../../../server-only/htmltopdf/get-certificate-pdf';
+import { flattenAnnotations } from '../../../server-only/pdf/flatten-annotations';
+import { flattenForm } from '../../../server-only/pdf/flatten-form';
+import { insertFieldInPDF } from '../../../server-only/pdf/insert-field-in-pdf';
+import { normalizeSignatureAppearances } from '../../../server-only/pdf/normalize-signature-appearances';
+import { triggerWebhook } from '../../../server-only/webhooks/trigger/trigger-webhook';
+import { DOCUMENT_AUDIT_LOG_TYPE } from '../../../types/document-audit-logs';
+import { ZWebhookDocumentSchema } from '../../../types/webhook-payload';
+import { getFile } from '../../../universal/upload/get-file';
+import { putPdfFile } from '../../../universal/upload/put-file';
+import { fieldsContainUnsignedRequiredField } from '../../../utils/advanced-fields-helpers';
+import { createDocumentAuditLogData } from '../../../utils/document-audit-logs';
+import type { JobRunIO } from '../../client/_internal/job';
+import type { TSealDocumentJobDefinition } from './seal-document';
+
+export const run = async ({
+  payload,
+  io,
+}: {
+  payload: TSealDocumentJobDefinition;
+  io: JobRunIO;
+}) => {
+  const { documentId, sendEmail = true, isResealing = false, requestMetadata } = payload;
+
+  const document = await prisma.document.findFirstOrThrow({
+    where: {
+      id: documentId,
+      Recipient: {
+        every: {
+          signingStatus: SigningStatus.SIGNED,
+        },
+      },
+    },
+    include: {
+      documentMeta: true,
+      Recipient: true,
+      team: {
+        select: {
+          teamGlobalSettings: {
+            select: {
+              includeSigningCertificate: true,
+            },
+          },
+        },
+      },
+    },
+  });
+
+  // Seems silly but we need to do this in case the job is re-ran
+  // after it has already run through the update task further below.
+  // eslint-disable-next-line @typescript-eslint/require-await
+  const documentStatus = await io.runTask('get-document-status', async () => {
+    return document.status;
+  });
+
+  // This is the same case as above.
+  // eslint-disable-next-line @typescript-eslint/require-await
+  const documentDataId = await io.runTask('get-document-data-id', async () => {
+    return document.documentDataId;
+  });
+
+  const documentData = await prisma.documentData.findFirst({
+    where: {
+      id: documentDataId,
+    },
+  });
+
+  if (!documentData) {
+    throw new Error(`Document ${document.id} has no document data`);
+  }
+
+  const recipients = await prisma.recipient.findMany({
+    where: {
+      documentId: document.id,
+      role: {
+        not: RecipientRole.CC,
+      },
+    },
+  });
+
+  if (recipients.some((recipient) => recipient.signingStatus !== SigningStatus.SIGNED)) {
+    throw new Error(`Document ${document.id} has unsigned recipients`);
+  }
+
+  const fields = await prisma.field.findMany({
+    where: {
+      documentId: document.id,
+    },
+    include: {
+      Signature: true,
+    },
+  });
+
+  if (fieldsContainUnsignedRequiredField(fields)) {
+    throw new Error(`Document ${document.id} has unsigned required fields`);
+  }
+
+  if (isResealing) {
+    // If we're resealing we want to use the initial data for the document
+    // so we aren't placing fields on top of eachother.
+    documentData.data = documentData.initialData;
+  }
+
+  const pdfData = await getFile(documentData);
+
+  const certificateData =
+    (document.team?.teamGlobalSettings?.includeSigningCertificate ?? true)
+      ? await getCertificatePdf({
+          documentId,
+          language: document.documentMeta?.language,
+        }).catch(() => null)
+      : null;
+
+  const newDataId = await io.runTask('decorate-and-sign-pdf', async () => {
+    const pdfDoc = await PDFDocument.load(pdfData);
+
+    // Normalize and flatten layers that could cause issues with the signature
+    normalizeSignatureAppearances(pdfDoc);
+    flattenForm(pdfDoc);
+    flattenAnnotations(pdfDoc);
+
+    if (certificateData) {
+      const certificateDoc = await PDFDocument.load(certificateData);
+
+      const certificatePages = await pdfDoc.copyPages(
+        certificateDoc,
+        certificateDoc.getPageIndices(),
+      );
+
+      certificatePages.forEach((page) => {
+        pdfDoc.addPage(page);
+      });
+    }
+
+    for (const field of fields) {
+      if (field.inserted) {
+        await insertFieldInPDF(pdfDoc, field);
+      }
+    }
+
+    // Re-flatten the form to handle our checkbox and radio fields that
+    // create native arcoFields
+    flattenForm(pdfDoc);
+
+    const pdfBytes = await pdfDoc.save();
+    const pdfBuffer = await signPdf({ pdf: Buffer.from(pdfBytes) });
+
+    const { name } = path.parse(document.title);
+
+    const documentData = await putPdfFile({
+      name: `${name}_signed.pdf`,
+      type: 'application/pdf',
+      arrayBuffer: async () => Promise.resolve(pdfBuffer),
+    });
+
+    return documentData.id;
+  });
+
+  const postHog = PostHogServerClient();
+
+  if (postHog) {
+    postHog.capture({
+      distinctId: nanoid(),
+      event: 'App: Document Sealed',
+      properties: {
+        documentId: document.id,
+      },
+    });
+  }
+
+  await io.runTask('update-document', async () => {
+    await prisma.$transaction(async (tx) => {
+      const newData = await tx.documentData.findFirstOrThrow({
+        where: {
+          id: newDataId,
+        },
+      });
+
+      await tx.document.update({
+        where: {
+          id: document.id,
+        },
+        data: {
+          status: DocumentStatus.COMPLETED,
+          completedAt: new Date(),
+        },
+      });
+
+      await tx.documentData.update({
+        where: {
+          id: documentData.id,
+        },
+        data: {
+          data: newData.data,
+        },
+      });
+
+      await tx.documentAuditLog.create({
+        data: createDocumentAuditLogData({
+          type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_COMPLETED,
+          documentId: document.id,
+          requestMetadata,
+          user: null,
+          data: {
+            transactionId: nanoid(),
+          },
+        }),
+      });
+    });
+  });
+
+  await io.runTask('send-completed-email', async () => {
+    let shouldSendCompletedEmail = sendEmail && !isResealing;
+
+    if (isResealing && documentStatus !== DocumentStatus.COMPLETED) {
+      shouldSendCompletedEmail = sendEmail;
+    }
+
+    if (shouldSendCompletedEmail) {
+      await sendCompletedEmail({ documentId, requestMetadata });
+    }
+  });
+
+  const updatedDocument = await prisma.document.findFirstOrThrow({
+    where: {
+      id: document.id,
+    },
+    include: {
+      documentData: true,
+      documentMeta: true,
+      Recipient: true,
+    },
+  });
+
+  await triggerWebhook({
+    event: WebhookTriggerEvents.DOCUMENT_COMPLETED,
+    data: ZWebhookDocumentSchema.parse(updatedDocument),
+    userId: updatedDocument.userId,
+    teamId: updatedDocument.teamId ?? undefined,
+  });
+};

packages/lib/jobs/definitions/internal/seal-document.ts

@@ -1,31 +1,6 @@
-import { nanoid } from 'nanoid';
-import path from 'node:path';
-import { PDFDocument } from 'pdf-lib';
 import { z } from 'zod';
 
-import { prisma } from '@documenso/prisma';
-import {
-  DocumentStatus,
-  RecipientRole,
-  SigningStatus,
-  WebhookTriggerEvents,
-} from '@documenso/prisma/client';
-import { signPdf } from '@documenso/signing';
-
-import { sendCompletedEmail } from '../../../server-only/document/send-completed-email';
-import PostHogServerClient from '../../../server-only/feature-flags/get-post-hog-server-client';
-import { getCertificatePdf } from '../../../server-only/htmltopdf/get-certificate-pdf';
-import { flattenAnnotations } from '../../../server-only/pdf/flatten-annotations';
-import { flattenForm } from '../../../server-only/pdf/flatten-form';
-import { insertFieldInPDF } from '../../../server-only/pdf/insert-field-in-pdf';
-import { normalizeSignatureAppearances } from '../../../server-only/pdf/normalize-signature-appearances';
-import { triggerWebhook } from '../../../server-only/webhooks/trigger/trigger-webhook';
-import { DOCUMENT_AUDIT_LOG_TYPE } from '../../../types/document-audit-logs';
-import { ZWebhookDocumentSchema } from '../../../types/webhook-payload';
 import { ZRequestMetadataSchema } from '../../../universal/extract-request-metadata';
-import { getFile } from '../../../universal/upload/get-file';
-import { putPdfFile } from '../../../universal/upload/put-file';
-import { createDocumentAuditLogData } from '../../../utils/document-audit-logs';
 import { type JobDefinition } from '../../client/_internal/job';
 
 const SEAL_DOCUMENT_JOB_DEFINITION_ID = 'internal.seal-document';
@@ -37,6 +12,8 @@ const SEAL_DOCUMENT_JOB_DEFINITION_SCHEMA = z.object({
   requestMetadata: ZRequestMetadataSchema.optional(),
 });
 
+export type TSealDocumentJobDefinition = z.infer<typeof SEAL_DOCUMENT_JOB_DEFINITION_SCHEMA>;
+
 export const SEAL_DOCUMENT_JOB_DEFINITION = {
   id: SEAL_DOCUMENT_JOB_DEFINITION_ID,
   name: 'Seal Document',
@@ -46,223 +23,11 @@ export const SEAL_DOCUMENT_JOB_DEFINITION = {
     schema: SEAL_DOCUMENT_JOB_DEFINITION_SCHEMA,
   },
   handler: async ({ payload, io }) => {
-    const { documentId, sendEmail = true, isResealing = false, requestMetadata } = payload;
+    const handler = await import('./seal-document.handler');
 
-    const document = await prisma.document.findFirstOrThrow({
-      where: {
-        id: documentId,
-        Recipient: {
-          every: {
-            signingStatus: SigningStatus.SIGNED,
-          },
-        },
-      },
-      include: {
-        documentMeta: true,
-        Recipient: true,
-        team: {
-          select: {
-            teamGlobalSettings: {
-              select: {
-                includeSigningCertificate: true,
-              },
-            },
-          },
-        },
-      },
-    });
-
-    // Seems silly but we need to do this in case the job is re-ran
-    // after it has already run through the update task further below.
-    // eslint-disable-next-line @typescript-eslint/require-await
-    const documentStatus = await io.runTask('get-document-status', async () => {
-      return document.status;
-    });
-
-    // This is the same case as above.
-    // eslint-disable-next-line @typescript-eslint/require-await
-    const documentDataId = await io.runTask('get-document-data-id', async () => {
-      return document.documentDataId;
-    });
-
-    const documentData = await prisma.documentData.findFirst({
-      where: {
-        id: documentDataId,
-      },
-    });
-
-    if (!documentData) {
-      throw new Error(`Document ${document.id} has no document data`);
-    }
-
-    const recipients = await prisma.recipient.findMany({
-      where: {
-        documentId: document.id,
-        role: {
-          not: RecipientRole.CC,
-        },
-      },
-    });
-
-    if (recipients.some((recipient) => recipient.signingStatus !== SigningStatus.SIGNED)) {
-      throw new Error(`Document ${document.id} has unsigned recipients`);
-    }
-
-    const fields = await prisma.field.findMany({
-      where: {
-        documentId: document.id,
-      },
-      include: {
-        Signature: true,
-      },
-    });
-
-    if (fields.some((field) => !field.inserted)) {
-      throw new Error(`Document ${document.id} has unsigned fields`);
-    }
-
-    if (isResealing) {
-      // If we're resealing we want to use the initial data for the document
-      // so we aren't placing fields on top of eachother.
-      documentData.data = documentData.initialData;
-    }
-
-    const pdfData = await getFile(documentData);
-    const certificateData =
-      (document.team?.teamGlobalSettings?.includeSigningCertificate ?? true)
-        ? await getCertificatePdf({
-            documentId,
-            language: document.documentMeta?.language,
-          }).catch(() => null)
-        : null;
-
-    const newDataId = await io.runTask('decorate-and-sign-pdf', async () => {
-      const pdfDoc = await PDFDocument.load(pdfData);
-
-      // Normalize and flatten layers that could cause issues with the signature
-      normalizeSignatureAppearances(pdfDoc);
-      flattenForm(pdfDoc);
-      flattenAnnotations(pdfDoc);
-
-      if (certificateData) {
-        const certificateDoc = await PDFDocument.load(certificateData);
-
-        const certificatePages = await pdfDoc.copyPages(
-          certificateDoc,
-          certificateDoc.getPageIndices(),
-        );
-
-        certificatePages.forEach((page) => {
-          pdfDoc.addPage(page);
-        });
-      }
-
-      for (const field of fields) {
-        await insertFieldInPDF(pdfDoc, field);
-      }
-
-      // Re-flatten the form to handle our checkbox and radio fields that
-      // create native arcoFields
-      flattenForm(pdfDoc);
-
-      const pdfBytes = await pdfDoc.save();
-      const pdfBuffer = await signPdf({ pdf: Buffer.from(pdfBytes) });
-
-      const { name } = path.parse(document.title);
-
-      const documentData = await putPdfFile({
-        name: `${name}_signed.pdf`,
-        type: 'application/pdf',
-        arrayBuffer: async () => Promise.resolve(pdfBuffer),
-      });
-
-      return documentData.id;
-    });
-
-    const postHog = PostHogServerClient();
-
-    if (postHog) {
-      postHog.capture({
-        distinctId: nanoid(),
-        event: 'App: Document Sealed',
-        properties: {
-          documentId: document.id,
-        },
-      });
-    }
-
-    await io.runTask('update-document', async () => {
-      await prisma.$transaction(async (tx) => {
-        const newData = await tx.documentData.findFirstOrThrow({
-          where: {
-            id: newDataId,
-          },
-        });
-
-        await tx.document.update({
-          where: {
-            id: document.id,
-          },
-          data: {
-            status: DocumentStatus.COMPLETED,
-            completedAt: new Date(),
-          },
-        });
-
-        await tx.documentData.update({
-          where: {
-            id: documentData.id,
-          },
-          data: {
-            data: newData.data,
-          },
-        });
-
-        await tx.documentAuditLog.create({
-          data: createDocumentAuditLogData({
-            type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_COMPLETED,
-            documentId: document.id,
-            requestMetadata,
-            user: null,
-            data: {
-              transactionId: nanoid(),
-            },
-          }),
-        });
-      });
-    });
-
-    await io.runTask('send-completed-email', async () => {
-      let shouldSendCompletedEmail = sendEmail && !isResealing;
-
-      if (isResealing && documentStatus !== DocumentStatus.COMPLETED) {
-        shouldSendCompletedEmail = sendEmail;
-      }
-
-      if (shouldSendCompletedEmail) {
-        await sendCompletedEmail({ documentId, requestMetadata });
-      }
-    });
-
-    const updatedDocument = await prisma.document.findFirstOrThrow({
-      where: {
-        id: document.id,
-      },
-      include: {
-        documentData: true,
-        documentMeta: true,
-        Recipient: true,
-      },
-    });
-
-    await triggerWebhook({
-      event: WebhookTriggerEvents.DOCUMENT_COMPLETED,
-      data: ZWebhookDocumentSchema.parse(updatedDocument),
-      userId: updatedDocument.userId,
-      teamId: updatedDocument.teamId ?? undefined,
-    });
+    await handler.run({ payload, io });
   },
 } as const satisfies JobDefinition<
   typeof SEAL_DOCUMENT_JOB_DEFINITION_ID,
-  z.infer<typeof SEAL_DOCUMENT_JOB_DEFINITION_SCHEMA>
+  TSealDocumentJobDefinition
 >;

packages/lib/next-auth/auth-options.ts

@@ -121,6 +121,10 @@ export const NEXT_AUTH_OPTIONS: AuthOptions = {
           throw new Error(ErrorCode.UNVERIFIED_EMAIL);
         }
 
+        if (user.disabled) {
+          throw new Error(ErrorCode.ACCOUNT_DISABLED);
+        }
+
         return {
           id: Number(user.id),
           email: user.email,

packages/lib/next-auth/error-codes.ts

@@ -20,4 +20,5 @@ export const ErrorCode = {
   MISSING_ENCRYPTION_KEY: 'MISSING_ENCRYPTION_KEY',
   MISSING_BACKUP_CODE: 'MISSING_BACKUP_CODE',
   UNVERIFIED_EMAIL: 'UNVERIFIED_EMAIL',
+  ACCOUNT_DISABLED: 'ACCOUNT_DISABLED',
 } as const;

packages/lib/next-auth/get-server-component-session.ts

@@ -21,6 +21,10 @@ export const getServerComponentSession = cache(async () => {
     },
   });
 
+  if (user.disabled) {
+    return { user: null, session: null };
+  }
+
   return { user, session };
 });
 

packages/lib/package.json

@@ -56,11 +56,11 @@
     "sharp": "0.32.6",
     "stripe": "^12.7.0",
     "ts-pattern": "^5.0.5",
-    "zod": "^3.23.8"
+    "zod": "3.24.1"
   },
   "devDependencies": {
     "@playwright/browser-chromium": "1.43.0",
     "@types/luxon": "^3.3.1",
     "@types/pg": "^8.11.4"
   }
-}
+}

packages/lib/server-only/admin/get-signing-volume.ts

@@ -1,5 +1,5 @@
 import { prisma } from '@documenso/prisma';
-import { Prisma } from '@documenso/prisma/client';
+import { DocumentStatus, Prisma } from '@documenso/prisma/client';
 
 export type SigningVolume = {
   id: number;
@@ -43,34 +43,41 @@ export async function getSigningVolume({
     ],
   });
 
-  const orderByClause = getOrderByClause({ sortBy, sortOrder });
-
   const [subscriptions, totalCount] = await Promise.all([
     prisma.subscription.findMany({
       where: whereClause,
       include: {
         User: {
-          include: {
+          select: {
+            name: true,
+            email: true,
             Document: {
               where: {
-                status: 'COMPLETED',
+                status: DocumentStatus.COMPLETED,
                 deletedAt: null,
+                teamId: null,
               },
             },
           },
         },
         team: {
-          include: {
+          select: {
+            name: true,
             document: {
               where: {
-                status: 'COMPLETED',
+                status: DocumentStatus.COMPLETED,
                 deletedAt: null,
               },
             },
           },
         },
       },
-      orderBy: orderByClause,
+      orderBy:
+        sortBy === 'name'
+          ? [{ User: { name: sortOrder } }, { team: { name: sortOrder } }, { createdAt: 'desc' }]
+          : sortBy === 'createdAt'
+            ? [{ createdAt: sortOrder }]
+            : undefined,
       skip: Math.max(page - 1, 0) * perPage,
       take: perPage,
     }),
@@ -82,10 +89,8 @@ export async function getSigningVolume({
   const leaderboardWithVolume: SigningVolume[] = subscriptions.map((subscription) => {
     const name =
       subscription.User?.name || subscription.team?.name || subscription.User?.email || 'Unknown';
-
     const userSignedDocs = subscription.User?.Document?.length || 0;
     const teamSignedDocs = subscription.team?.document?.length || 0;
-
     return {
       id: subscription.id,
       name,
@@ -95,54 +100,16 @@ export async function getSigningVolume({
     };
   });
 
+  if (sortBy === 'signingVolume') {
+    leaderboardWithVolume.sort((a, b) => {
+      return sortOrder === 'desc'
+        ? b.signingVolume - a.signingVolume
+        : a.signingVolume - b.signingVolume;
+    });
+  }
+
   return {
     leaderboard: leaderboardWithVolume,
     totalPages: Math.ceil(totalCount / perPage),
   };
 }
-
-function getOrderByClause(options: {
-  sortBy: string;
-  sortOrder: 'asc' | 'desc';
-}): Prisma.SubscriptionOrderByWithRelationInput | Prisma.SubscriptionOrderByWithRelationInput[] {
-  const { sortBy, sortOrder } = options;
-
-  if (sortBy === 'name') {
-    return [
-      {
-        User: {
-          name: sortOrder,
-        },
-      },
-      {
-        team: {
-          name: sortOrder,
-        },
-      },
-    ];
-  }
-
-  if (sortBy === 'createdAt') {
-    return {
-      createdAt: sortOrder,
-    };
-  }
-
-  // Default: sort by signing volume
-  return [
-    {
-      User: {
-        Document: {
-          _count: sortOrder,
-        },
-      },
-    },
-    {
-      team: {
-        document: {
-          _count: sortOrder,
-        },
-      },
-    },
-  ];
-}

packages/lib/server-only/document/complete-document-with-token.ts

@@ -1,5 +1,6 @@
 import { DOCUMENT_AUDIT_LOG_TYPE } from '@documenso/lib/types/document-audit-logs';
 import type { RequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
+import { fieldsContainUnsignedRequiredField } from '@documenso/lib/utils/advanced-fields-helpers';
 import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-logs';
 import { prisma } from '@documenso/prisma';
 import {
@@ -8,8 +9,8 @@ import {
   RecipientRole,
   SendStatus,
   SigningStatus,
+  WebhookTriggerEvents,
 } from '@documenso/prisma/client';
-import { WebhookTriggerEvents } from '@documenso/prisma/client';
 
 import { jobs } from '../../jobs/client';
 import type { TRecipientActionAuth } from '../../types/document-auth';
@@ -85,7 +86,7 @@ export const completeDocumentWithToken = async ({
     },
   });
 
-  if (fields.some((field) => !field.inserted)) {
+  if (fieldsContainUnsignedRequiredField(fields)) {
     throw new Error(`Recipient ${recipient.id} has unsigned fields`);
   }
 
@@ -139,6 +140,14 @@ export const completeDocumentWithToken = async ({
     });
   });
 
+  await jobs.triggerJob({
+    name: 'send.recipient.signed.email',
+    payload: {
+      documentId: document.id,
+      recipientId: recipient.id,
+    },
+  });
+
   const pendingRecipients = await prisma.recipient.findMany({
     select: {
       id: true,

packages/lib/server-only/document/create-document.ts

@@ -1,6 +1,9 @@
 'use server';
 
+import type { z } from 'zod';
+
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { normalizePdf as makeNormalizedPdf } from '@documenso/lib/server-only/pdf/normalize-pdf';
 import { DOCUMENT_AUDIT_LOG_TYPE } from '@documenso/lib/types/document-audit-logs';
 import type { RequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
 import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-logs';
@@ -8,8 +11,11 @@ import { prisma } from '@documenso/prisma';
 import { DocumentSource, DocumentVisibility, WebhookTriggerEvents } from '@documenso/prisma/client';
 import type { Team, TeamGlobalSettings } from '@documenso/prisma/client';
 import { TeamMemberRole } from '@documenso/prisma/client';
+import { DocumentSchema } from '@documenso/prisma/generated/zod';
 
 import { ZWebhookDocumentSchema } from '../../types/webhook-payload';
+import { getFile } from '../../universal/upload/get-file';
+import { putPdfFile } from '../../universal/upload/put-file';
 import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
 
 export type CreateDocumentOptions = {
@@ -19,18 +25,24 @@ export type CreateDocumentOptions = {
   teamId?: number;
   documentDataId: string;
   formValues?: Record<string, string | number | boolean>;
+  normalizePdf?: boolean;
   requestMetadata?: RequestMetadata;
 };
 
+export const ZCreateDocumentResponseSchema = DocumentSchema;
+
+export type TCreateDocumentResponse = z.infer<typeof ZCreateDocumentResponseSchema>;
+
 export const createDocument = async ({
   userId,
   title,
   externalId,
   documentDataId,
   teamId,
+  normalizePdf,
   formValues,
   requestMetadata,
-}: CreateDocumentOptions) => {
+}: CreateDocumentOptions): Promise<TCreateDocumentResponse> => {
   const user = await prisma.user.findFirstOrThrow({
     where: {
       id: userId,
@@ -82,22 +94,44 @@ export const createDocument = async ({
     globalVisibility: DocumentVisibility | null | undefined,
     userRole: TeamMemberRole,
   ): DocumentVisibility => {
-    const defaultVisibility = globalVisibility ?? DocumentVisibility.EVERYONE;
+    if (globalVisibility) {
+      return globalVisibility;
+    }
 
     if (userRole === TeamMemberRole.ADMIN) {
-      return defaultVisibility;
+      return DocumentVisibility.ADMIN;
     }
 
     if (userRole === TeamMemberRole.MANAGER) {
-      if (defaultVisibility === DocumentVisibility.ADMIN) {
-        return DocumentVisibility.MANAGER_AND_ABOVE;
-      }
-      return defaultVisibility;
+      return DocumentVisibility.MANAGER_AND_ABOVE;
     }
 
     return DocumentVisibility.EVERYONE;
   };
 
+  if (normalizePdf) {
+    const documentData = await prisma.documentData.findFirst({
+      where: {
+        id: documentDataId,
+      },
+    });
+
+    if (documentData) {
+      const buffer = await getFile(documentData);
+
+      const normalizedPdf = await makeNormalizedPdf(Buffer.from(buffer));
+
+      const newDocumentData = await putPdfFile({
+        name: title.endsWith('.pdf') ? title : `${title}.pdf`,
+        type: 'application/pdf',
+        arrayBuffer: async () => Promise.resolve(normalizedPdf),
+      });
+
+      // eslint-disable-next-line require-atomic-updates
+      documentDataId = newDocumentData.id;
+    }
+  }
+
   return await prisma.$transaction(async (tx) => {
     const document = await tx.document.create({
       data: {

packages/lib/server-only/document/duplicate-document-by-id.ts

@@ -1,19 +1,27 @@
+import { z } from 'zod';
+
 import { prisma } from '@documenso/prisma';
 import { DocumentSource, type Prisma } from '@documenso/prisma/client';
 
 import { getDocumentWhereInput } from './get-document-by-id';
 
-export interface DuplicateDocumentByIdOptions {
+export interface DuplicateDocumentOptions {
   documentId: number;
   userId: number;
   teamId?: number;
 }
 
-export const duplicateDocumentById = async ({
+export const ZDuplicateDocumentResponseSchema = z.object({
+  documentId: z.number(),
+});
+
+export type TDuplicateDocumentResponse = z.infer<typeof ZDuplicateDocumentResponseSchema>;
+
+export const duplicateDocument = async ({
   documentId,
   userId,
   teamId,
-}: DuplicateDocumentByIdOptions) => {
+}: DuplicateDocumentOptions): Promise<TDuplicateDocumentResponse> => {
   const documentWhereInput = await getDocumentWhereInput({
     documentId,
     userId,
@@ -78,5 +86,7 @@ export const duplicateDocumentById = async ({
 
   const createdDocument = await prisma.document.create(createDocumentArguments);
 
-  return createdDocument.id;
+  return {
+    documentId: createdDocument.id,
+  };
 };

packages/lib/server-only/document/find-documents.ts

@@ -1,5 +1,6 @@
 import { DateTime } from 'luxon';
 import { match } from 'ts-pattern';
+import type { z } from 'zod';
 
 import { prisma } from '@documenso/prisma';
 import type {
@@ -11,10 +12,16 @@ import type {
   User,
 } from '@documenso/prisma/client';
 import { RecipientRole, SigningStatus, TeamMemberRole } from '@documenso/prisma/client';
+import {
+  DocumentSchema,
+  RecipientSchema,
+  TeamSchema,
+  UserSchema,
+} from '@documenso/prisma/generated/zod';
 import { ExtendedDocumentStatus } from '@documenso/prisma/types/extended-document-status';
 
 import { DocumentVisibility } from '../../types/document-visibility';
-import type { FindResultResponse } from '../../types/search-params';
+import { type FindResultResponse, ZFindResultResponse } from '../../types/search-params';
 import { maskRecipientTokensForDocument } from '../../utils/mask-recipient-tokens-for-document';
 
 export type PeriodSelectorValue = '' | '7d' | '14d' | '30d';
@@ -36,6 +43,23 @@ export type FindDocumentsOptions = {
   query?: string;
 };
 
+export const ZFindDocumentsResponseSchema = ZFindResultResponse.extend({
+  data: DocumentSchema.extend({
+    User: UserSchema.pick({
+      id: true,
+      name: true,
+      email: true,
+    }),
+    Recipient: RecipientSchema.array(),
+    team: TeamSchema.pick({
+      id: true,
+      url: true,
+    }).nullable(),
+  }).array(), // Todo: openapi remap.
+});
+
+export type TFindDocumentsResponse = z.infer<typeof ZFindDocumentsResponseSchema>;
+
 export const findDocuments = async ({
   userId,
   teamId,
@@ -48,7 +72,7 @@ export const findDocuments = async ({
   period,
   senderIds,
   query,
-}: FindDocumentsOptions) => {
+}: FindDocumentsOptions): Promise<TFindDocumentsResponse> => {
   const user = await prisma.user.findFirstOrThrow({
     where: {
       id: userId,

packages/lib/server-only/document/get-document-with-details-by-id.ts

@@ -1,6 +1,15 @@
-import { prisma } from '@documenso/prisma';
-import type { DocumentWithDetails } from '@documenso/prisma/types/document';
+import type { z } from 'zod';
 
+import { prisma } from '@documenso/prisma';
+import {
+  DocumentDataSchema,
+  DocumentMetaSchema,
+  DocumentSchema,
+  FieldSchema,
+  RecipientSchema,
+} from '@documenso/prisma/generated/zod';
+
+import { AppError, AppErrorCode } from '../../errors/app-error';
 import { getDocumentWhereInput } from './get-document-by-id';
 
 export type GetDocumentWithDetailsByIdOptions = {
@@ -9,18 +18,29 @@ export type GetDocumentWithDetailsByIdOptions = {
   teamId?: number;
 };
 
+export const ZGetDocumentWithDetailsByIdResponseSchema = DocumentSchema.extend({
+  documentData: DocumentDataSchema,
+  documentMeta: DocumentMetaSchema.nullable(),
+  Recipient: RecipientSchema.array(),
+  Field: FieldSchema.array(),
+});
+
+export type TGetDocumentWithDetailsByIdResponse = z.infer<
+  typeof ZGetDocumentWithDetailsByIdResponseSchema
+>;
+
 export const getDocumentWithDetailsById = async ({
   documentId,
   userId,
   teamId,
-}: GetDocumentWithDetailsByIdOptions): Promise<DocumentWithDetails> => {
+}: GetDocumentWithDetailsByIdOptions): Promise<TGetDocumentWithDetailsByIdResponse> => {
   const documentWhereInput = await getDocumentWhereInput({
     documentId,
     userId,
     teamId,
   });
 
-  return await prisma.document.findFirstOrThrow({
+  const document = await prisma.document.findFirst({
     where: documentWhereInput,
     include: {
       documentData: true,
@@ -29,4 +49,12 @@ export const getDocumentWithDetailsById = async ({
       Field: true,
     },
   });
+
+  if (!document) {
+    throw new AppError(AppErrorCode.NOT_FOUND, {
+      message: 'Document not found',
+    });
+  }
+
+  return document;
 };

packages/lib/server-only/document/move-document-to-team.ts

@@ -1,7 +1,9 @@
 import { TRPCError } from '@trpc/server';
+import type { z } from 'zod';
 
 import type { RequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
 import { prisma } from '@documenso/prisma';
+import { DocumentSchema } from '@documenso/prisma/generated/zod';
 
 import { DOCUMENT_AUDIT_LOG_TYPE } from '../../types/document-audit-logs';
 import { createDocumentAuditLogData } from '../../utils/document-audit-logs';
@@ -13,12 +15,16 @@ export type MoveDocumentToTeamOptions = {
   requestMetadata?: RequestMetadata;
 };
 
+export const ZMoveDocumentToTeamResponseSchema = DocumentSchema;
+
+export type TMoveDocumentToTeamResponse = z.infer<typeof ZMoveDocumentToTeamResponseSchema>;
+
 export const moveDocumentToTeam = async ({
   documentId,
   teamId,
   userId,
   requestMetadata,
-}: MoveDocumentToTeamOptions) => {
+}: MoveDocumentToTeamOptions): Promise<TMoveDocumentToTeamResponse> => {
   return await prisma.$transaction(async (tx) => {
     const user = await tx.user.findUniqueOrThrow({
       where: { id: userId },

packages/lib/server-only/document/resend-document.tsx

@@ -38,7 +38,7 @@ export const resendDocument = async ({
   recipients,
   teamId,
   requestMetadata,
-}: ResendDocumentOptions) => {
+}: ResendDocumentOptions): Promise<void> => {
   const user = await prisma.user.findFirstOrThrow({
     where: {
       id: userId,

packages/lib/server-only/document/seal-document.ts

@@ -6,14 +6,19 @@ import PostHogServerClient from '@documenso/lib/server-only/feature-flags/get-po
 import { DOCUMENT_AUDIT_LOG_TYPE } from '@documenso/lib/types/document-audit-logs';
 import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-logs';
 import { prisma } from '@documenso/prisma';
-import { DocumentStatus, RecipientRole, SigningStatus } from '@documenso/prisma/client';
-import { WebhookTriggerEvents } from '@documenso/prisma/client';
+import {
+  DocumentStatus,
+  RecipientRole,
+  SigningStatus,
+  WebhookTriggerEvents,
+} from '@documenso/prisma/client';
 import { signPdf } from '@documenso/signing';
 
 import { ZWebhookDocumentSchema } from '../../types/webhook-payload';
 import type { RequestMetadata } from '../../universal/extract-request-metadata';
 import { getFile } from '../../universal/upload/get-file';
 import { putPdfFile } from '../../universal/upload/put-file';
+import { fieldsContainUnsignedRequiredField } from '../../utils/advanced-fields-helpers';
 import { getCertificatePdf } from '../htmltopdf/get-certificate-pdf';
 import { flattenAnnotations } from '../pdf/flatten-annotations';
 import { flattenForm } from '../pdf/flatten-form';
@@ -88,8 +93,8 @@ export const sealDocument = async ({
     },
   });
 
-  if (fields.some((field) => !field.inserted)) {
-    throw new Error(`Document ${document.id} has unsigned fields`);
+  if (fieldsContainUnsignedRequiredField(fields)) {
+    throw new Error(`Document ${document.id} has unsigned required fields`);
   }
 
   if (isResealing) {

packages/lib/server-only/document/send-completed-email.ts

@@ -72,14 +72,19 @@ export const sendCompletedEmail = async ({ documentId, requestMetadata }: SendDo
 
   const i18n = await getI18nInstance(document.documentMeta?.language);
 
-  const isDocumentCompletedEmailEnabled = extractDerivedDocumentEmailSettings(
-    document.documentMeta,
-  ).documentCompleted;
+  const emailSettings = extractDerivedDocumentEmailSettings(document.documentMeta);
+  const isDocumentCompletedEmailEnabled = emailSettings.documentCompleted;
+  const isOwnerDocumentCompletedEmailEnabled = emailSettings.ownerDocumentCompleted;
 
-  // If the document owner is not a recipient, OR recipient emails are disabled, then send the email to them separately.
+  // Send email to document owner if:
+  // 1. Owner document completed emails are enabled AND
+  // 2. Either:
+  //    - The owner is not a recipient, OR
+  //    - Recipient emails are disabled
   if (
-    !document.Recipient.find((recipient) => recipient.email === owner.email) ||
-    !isDocumentCompletedEmailEnabled
+    isOwnerDocumentCompletedEmailEnabled &&
+    (!document.Recipient.find((recipient) => recipient.email === owner.email) ||
+      !isDocumentCompletedEmailEnabled)
   ) {
     const template = createElement(DocumentCompletedEmailTemplate, {
       documentName: document.title,

packages/lib/server-only/document/send-document.tsx

@@ -1,3 +1,5 @@
+import type { z } from 'zod';
+
 import { DOCUMENT_AUDIT_LOG_TYPE } from '@documenso/lib/types/document-audit-logs';
 import type { RequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
 import { putPdfFile } from '@documenso/lib/universal/upload/put-file';
@@ -9,8 +11,13 @@ import {
   RecipientRole,
   SendStatus,
   SigningStatus,
+  WebhookTriggerEvents,
 } from '@documenso/prisma/client';
-import { WebhookTriggerEvents } from '@documenso/prisma/client';
+import {
+  DocumentMetaSchema,
+  DocumentSchema,
+  RecipientSchema,
+} from '@documenso/prisma/generated/zod';
 
 import { jobs } from '../../jobs/client';
 import { extractDerivedDocumentEmailSettings } from '../../types/document-email';
@@ -27,13 +34,20 @@ export type SendDocumentOptions = {
   requestMetadata?: RequestMetadata;
 };
 
+export const ZSendDocumentResponseSchema = DocumentSchema.extend({
+  documentMeta: DocumentMetaSchema.nullable(),
+  Recipient: RecipientSchema.array(),
+});
+
+export type TSendDocumentResponse = z.infer<typeof ZSendDocumentResponseSchema>;
+
 export const sendDocument = async ({
   documentId,
   userId,
   teamId,
   sendEmail,
   requestMetadata,
-}: SendDocumentOptions) => {
+}: SendDocumentOptions): Promise<TSendDocumentResponse> => {
   const user = await prisma.user.findFirstOrThrow({
     where: {
       id: userId,
@@ -211,6 +225,7 @@ export const sendDocument = async ({
         id: documentId,
       },
       include: {
+        documentMeta: true,
         Recipient: true,
       },
     });

packages/lib/server-only/document/update-document-settings.ts

@@ -1,6 +1,7 @@
 'use server';
 
 import { match } from 'ts-pattern';
+import type { z } from 'zod';
 
 import { isUserEnterprise } from '@documenso/ee/server-only/util/is-document-enterprise';
 import { DOCUMENT_AUDIT_LOG_TYPE } from '@documenso/lib/types/document-audit-logs';
@@ -10,6 +11,7 @@ import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-
 import { prisma } from '@documenso/prisma';
 import { DocumentVisibility } from '@documenso/prisma/client';
 import { DocumentStatus, TeamMemberRole } from '@documenso/prisma/client';
+import { DocumentSchema } from '@documenso/prisma/generated/zod';
 
 import { AppError, AppErrorCode } from '../../errors/app-error';
 import type { TDocumentAccessAuthTypes, TDocumentActionAuthTypes } from '../../types/document-auth';
@@ -29,13 +31,17 @@ export type UpdateDocumentSettingsOptions = {
   requestMetadata?: RequestMetadata;
 };
 
+export const ZUpdateDocumentSettingsResponseSchema = DocumentSchema;
+
+export type TUpdateDocumentSettingsResponse = z.infer<typeof ZUpdateDocumentSettingsResponseSchema>;
+
 export const updateDocumentSettings = async ({
   userId,
   teamId,
   documentId,
   data,
   requestMetadata,
-}: UpdateDocumentSettingsOptions) => {
+}: UpdateDocumentSettingsOptions): Promise<TUpdateDocumentSettingsResponse> => {
   if (!data.title && !data.globalAccessAuth && !data.globalActionAuth) {
     throw new AppError(AppErrorCode.INVALID_BODY, {
       message: 'Missing data to update',
@@ -85,39 +91,43 @@ export const updateDocumentSettings = async ({
 
   if (teamId) {
     const currentUserRole = document.team?.members[0]?.role;
+    const isDocumentOwner = document.userId === userId;
+    const requestedVisibility = data.visibility;
 
-    match(currentUserRole)
-      .with(TeamMemberRole.ADMIN, () => true)
-      .with(TeamMemberRole.MANAGER, () => {
-        const allowedVisibilities: DocumentVisibility[] = [
-          DocumentVisibility.EVERYONE,
-          DocumentVisibility.MANAGER_AND_ABOVE,
-        ];
+    if (!isDocumentOwner) {
+      match(currentUserRole)
+        .with(TeamMemberRole.ADMIN, () => true)
+        .with(TeamMemberRole.MANAGER, () => {
+          const allowedVisibilities: DocumentVisibility[] = [
+            DocumentVisibility.EVERYONE,
+            DocumentVisibility.MANAGER_AND_ABOVE,
+          ];
 
-        if (
-          !allowedVisibilities.includes(document.visibility) ||
-          (data.visibility && !allowedVisibilities.includes(data.visibility))
-        ) {
+          if (
+            !allowedVisibilities.includes(document.visibility) ||
+            (requestedVisibility && !allowedVisibilities.includes(requestedVisibility))
+          ) {
+            throw new AppError(AppErrorCode.UNAUTHORIZED, {
+              message: 'You do not have permission to update the document visibility',
+            });
+          }
+        })
+        .with(TeamMemberRole.MEMBER, () => {
+          if (
+            document.visibility !== DocumentVisibility.EVERYONE ||
+            (requestedVisibility && requestedVisibility !== DocumentVisibility.EVERYONE)
+          ) {
+            throw new AppError(AppErrorCode.UNAUTHORIZED, {
+              message: 'You do not have permission to update the document visibility',
+            });
+          }
+        })
+        .otherwise(() => {
           throw new AppError(AppErrorCode.UNAUTHORIZED, {
-            message: 'You do not have permission to update the document visibility',
+            message: 'You do not have permission to update the document',
           });
-        }
-      })
-      .with(TeamMemberRole.MEMBER, () => {
-        if (
-          document.visibility !== DocumentVisibility.EVERYONE ||
-          (data.visibility && data.visibility !== DocumentVisibility.EVERYONE)
-        ) {
-          throw new AppError(AppErrorCode.UNAUTHORIZED, {
-            message: 'You do not have permission to update the document visibility',
-          });
-        }
-      })
-      .otherwise(() => {
-        throw new AppError(AppErrorCode.UNAUTHORIZED, {
-          message: 'You do not have permission to update the document',
         });
-      });
+    }
   }
 
   const { documentAuthOption } = extractDocumentAuthMethods({

packages/lib/server-only/field/get-field-by-id.ts

@@ -1,4 +1,9 @@
+import type { z } from 'zod';
+
 import { prisma } from '@documenso/prisma';
+import { FieldSchema } from '@documenso/prisma/generated/zod';
+
+import { AppError, AppErrorCode } from '../../errors/app-error';
 
 export type GetFieldByIdOptions = {
   userId: number;
@@ -8,13 +13,17 @@ export type GetFieldByIdOptions = {
   templateId?: number;
 };
 
+export const ZGetFieldByIdResponseSchema = FieldSchema;
+
+export type TGetFieldByIdResponse = z.infer<typeof ZGetFieldByIdResponseSchema>;
+
 export const getFieldById = async ({
   userId,
   teamId,
   fieldId,
   documentId,
   templateId,
-}: GetFieldByIdOptions) => {
+}: GetFieldByIdOptions): Promise<TGetFieldByIdResponse> => {
   const field = await prisma.field.findFirst({
     where: {
       id: fieldId,
@@ -45,5 +54,11 @@ export const getFieldById = async ({
     },
   });
 
+  if (!field) {
+    throw new AppError(AppErrorCode.NOT_FOUND, {
+      message: 'Field not found',
+    });
+  }
+
   return field;
 };

packages/lib/server-only/field/set-fields-for-document.ts

@@ -1,4 +1,5 @@
 import { isDeepEqual } from 'remeda';
+import { z } from 'zod';
 
 import { validateCheckboxField } from '@documenso/lib/advanced-fields-validation/validate-checkbox';
 import { validateDropdownField } from '@documenso/lib/advanced-fields-validation/validate-dropdown';
@@ -23,6 +24,7 @@ import {
 import { prisma } from '@documenso/prisma';
 import type { Field } from '@documenso/prisma/client';
 import { FieldType } from '@documenso/prisma/client';
+import { FieldSchema } from '@documenso/prisma/generated/zod';
 
 import { AppError, AppErrorCode } from '../../errors/app-error';
 import { canRecipientFieldsBeModified } from '../../utils/recipients';
@@ -34,12 +36,18 @@ export interface SetFieldsForDocumentOptions {
   requestMetadata?: RequestMetadata;
 }
 
+export const ZSetFieldsForDocumentResponseSchema = z.object({
+  fields: z.array(FieldSchema),
+});
+
+export type TSetFieldsForDocumentResponse = z.infer<typeof ZSetFieldsForDocumentResponseSchema>;
+
 export const setFieldsForDocument = async ({
   userId,
   documentId,
   fields,
   requestMetadata,
-}: SetFieldsForDocumentOptions): Promise<Field[]> => {
+}: SetFieldsForDocumentOptions): Promise<TSetFieldsForDocumentResponse> => {
   const document = await prisma.document.findFirst({
     where: {
       id: documentId,
@@ -75,11 +83,15 @@ export const setFieldsForDocument = async ({
   });
 
   if (!document) {
-    throw new Error('Document not found');
+    throw new AppError(AppErrorCode.NOT_FOUND, {
+      message: 'Document not found',
+    });
   }
 
   if (document.completedAt) {
-    throw new Error('Document already complete');
+    throw new AppError(AppErrorCode.INVALID_REQUEST, {
+      message: 'Document already complete',
+    });
   }
 
   const existingFields = await prisma.field.findMany({
@@ -335,7 +347,9 @@ export const setFieldsForDocument = async ({
     return !isRemoved && !isUpdated;
   });
 
-  return [...filteredFields, ...persistedFields];
+  return {
+    fields: [...filteredFields, ...persistedFields],
+  };
 };
 
 /**

packages/lib/server-only/field/set-fields-for-template.ts

@@ -1,3 +1,5 @@
+import { z } from 'zod';
+
 import { validateCheckboxField } from '@documenso/lib/advanced-fields-validation/validate-checkbox';
 import { validateDropdownField } from '@documenso/lib/advanced-fields-validation/validate-dropdown';
 import { validateNumberField } from '@documenso/lib/advanced-fields-validation/validate-number';
@@ -14,6 +16,7 @@ import {
 } from '@documenso/lib/types/field-meta';
 import { prisma } from '@documenso/prisma';
 import { FieldType } from '@documenso/prisma/client';
+import { FieldSchema } from '@documenso/prisma/generated/zod';
 
 export type SetFieldsForTemplateOptions = {
   userId: number;
@@ -31,11 +34,17 @@ export type SetFieldsForTemplateOptions = {
   }[];
 };
 
+export const ZSetFieldsForTemplateResponseSchema = z.object({
+  fields: z.array(FieldSchema),
+});
+
+export type TSetFieldsForTemplateResponse = z.infer<typeof ZSetFieldsForTemplateResponseSchema>;
+
 export const setFieldsForTemplate = async ({
   userId,
   templateId,
   fields,
-}: SetFieldsForTemplateOptions) => {
+}: SetFieldsForTemplateOptions): Promise<TSetFieldsForTemplateResponse> => {
   const template = await prisma.template.findFirst({
     where: {
       id: templateId,
@@ -206,5 +215,7 @@ export const setFieldsForTemplate = async ({
     return !isRemoved && !isUpdated;
   });
 
-  return [...filteredFields, ...persistedFields];
+  return {
+    fields: [...filteredFields, ...persistedFields],
+  };
 };

packages/lib/server-only/field/sign-field-with-token.ts

@@ -8,6 +8,7 @@ import { validateDropdownField } from '@documenso/lib/advanced-fields-validation
 import { validateNumberField } from '@documenso/lib/advanced-fields-validation/validate-number';
 import { validateRadioField } from '@documenso/lib/advanced-fields-validation/validate-radio';
 import { validateTextField } from '@documenso/lib/advanced-fields-validation/validate-text';
+import { fromCheckboxValue } from '@documenso/lib/universal/field-checkbox';
 import { prisma } from '@documenso/prisma';
 import { DocumentStatus, FieldType, SigningStatus } from '@documenso/prisma/client';
 
@@ -119,7 +120,8 @@ export const signFieldWithToken = async ({
 
   if (field.type === FieldType.CHECKBOX && field.fieldMeta) {
     const checkboxFieldParsedMeta = ZCheckboxFieldMeta.parse(field.fieldMeta);
-    const checkboxFieldValues = value.split(',');
+    const checkboxFieldValues: string[] = fromCheckboxValue(value);
+
     const errors = validateCheckboxField(checkboxFieldValues, checkboxFieldParsedMeta, true);
 
     if (errors.length > 0) {

packages/lib/server-only/pdf/flatten-form.ts

@@ -1,9 +1,11 @@
 import type { PDFField, PDFWidgetAnnotation } from 'pdf-lib';
-import { PDFCheckBox, PDFRadioGroup, PDFRef } from 'pdf-lib';
 import {
+  PDFCheckBox,
   PDFDict,
   type PDFDocument,
   PDFName,
+  PDFRadioGroup,
+  PDFRef,
   drawObject,
   popGraphicsState,
   pushGraphicsState,
@@ -11,7 +13,17 @@ import {
   translate,
 } from 'pdf-lib';
 
+export const removeOptionalContentGroups = (document: PDFDocument) => {
+  const context = document.context;
+  const catalog = context.lookup(context.trailerInfo.Root);
+  if (catalog instanceof PDFDict) {
+    catalog.delete(PDFName.of('OCProperties'));
+  }
+};
+
 export const flattenForm = (document: PDFDocument) => {
+  removeOptionalContentGroups(document);
+
   const form = document.getForm();
 
   form.updateFieldAppearances();

packages/lib/server-only/pdf/insert-field-in-pdf.ts

@@ -10,6 +10,7 @@ import {
   MIN_HANDWRITING_FONT_SIZE,
   MIN_STANDARD_FONT_SIZE,
 } from '@documenso/lib/constants/pdf';
+import { fromCheckboxValue } from '@documenso/lib/universal/field-checkbox';
 import { FieldType } from '@documenso/prisma/client';
 import { isSignatureFieldType } from '@documenso/prisma/guards/is-signature-field';
 import type { FieldWithSignature } from '@documenso/prisma/types/field-with-signature';
@@ -194,7 +195,7 @@ export const insertFieldInPDF = async (pdf: PDFDocument, field: FieldWithSignatu
         value: item.value.length > 0 ? item.value : `empty-value-${item.id}`,
       }));
 
-      const selected = field.customText.split(',');
+      const selected: string[] = fromCheckboxValue(field.customText);
 
       for (const [index, item] of (values ?? []).entries()) {
         const offsetY = index * 16;

packages/lib/server-only/pdf/normalize-pdf.ts

@@ -0,0 +1,18 @@
+import { PDFDocument } from 'pdf-lib';
+
+import { flattenAnnotations } from './flatten-annotations';
+import { flattenForm, removeOptionalContentGroups } from './flatten-form';
+
+export const normalizePdf = async (pdf: Buffer) => {
+  const pdfDoc = await PDFDocument.load(pdf).catch(() => null);
+
+  if (!pdfDoc) {
+    return pdf;
+  }
+
+  removeOptionalContentGroups(pdfDoc);
+  flattenForm(pdfDoc);
+  flattenAnnotations(pdfDoc);
+
+  return Buffer.from(await pdfDoc.save());
+};

packages/lib/server-only/recipient/get-recipient-by-id-v1-api.ts

@@ -0,0 +1,21 @@
+import { prisma } from '@documenso/prisma';
+
+export type GetRecipientByIdOptions = {
+  id: number;
+  documentId: number;
+};
+
+export const getRecipientByIdV1Api = async ({ documentId, id }: GetRecipientByIdOptions) => {
+  const recipient = await prisma.recipient.findFirst({
+    where: {
+      documentId,
+      id,
+    },
+  });
+
+  if (!recipient) {
+    throw new Error('Recipient not found');
+  }
+
+  return recipient;
+};

packages/lib/server-only/recipient/get-recipient-by-id.ts

@@ -1,20 +1,54 @@
 import { prisma } from '@documenso/prisma';
 
+import { AppError, AppErrorCode } from '../../errors/app-error';
+
 export type GetRecipientByIdOptions = {
-  id: number;
-  documentId: number;
+  recipientId: number;
+  userId: number;
+  teamId?: number;
 };
 
-export const getRecipientById = async ({ documentId, id }: GetRecipientByIdOptions) => {
+/**
+ * Get a recipient by ID. This will also return the recipient signing token so
+ * be careful when using this.
+ */
+export const getRecipientById = async ({
+  recipientId,
+  userId,
+  teamId,
+}: GetRecipientByIdOptions) => {
   const recipient = await prisma.recipient.findFirst({
     where: {
-      documentId,
-      id,
+      id: recipientId,
+      Document: {
+        OR: [
+          teamId === undefined
+            ? {
+                userId,
+                teamId: null,
+              }
+            : {
+                teamId,
+                team: {
+                  members: {
+                    some: {
+                      userId,
+                    },
+                  },
+                },
+              },
+        ],
+      },
+    },
+    include: {
+      Field: true,
     },
   });
 
   if (!recipient) {
-    throw new Error('Recipient not found');
+    throw new AppError(AppErrorCode.NOT_FOUND, {
+      message: 'Recipient not found',
+    });
   }
 
   return recipient;

packages/lib/server-only/recipient/set-recipients-for-document.ts

@@ -45,7 +45,7 @@ export const setRecipientsForDocument = async ({
   documentId,
   recipients,
   requestMetadata,
-}: SetRecipientsForDocumentOptions): Promise<Recipient[]> => {
+}: SetRecipientsForDocumentOptions) => {
   const document = await prisma.document.findFirst({
     where: {
       id: documentId,
@@ -344,7 +344,9 @@ export const setRecipientsForDocument = async ({
     return !isRemoved && !isUpdated;
   });
 
-  return [...filteredRecipients, ...persistedRecipients];
+  return {
+    recipients: [...filteredRecipients, ...persistedRecipients],
+  };
 };
 
 /**

packages/lib/server-only/recipient/set-recipients-for-template.ts

@@ -220,5 +220,7 @@ export const setRecipientsForTemplate = async ({
     return !isRemoved && !isUpdated;
   });
 
-  return [...filteredRecipients, ...persistedRecipients];
+  return {
+    recipients: [...filteredRecipients, ...persistedRecipients],
+  };
 };

packages/lib/server-only/template/create-document-from-template.ts

@@ -1,3 +1,5 @@
+import type { z } from 'zod';
+
 import { nanoid } from '@documenso/lib/universal/id';
 import { prisma } from '@documenso/prisma';
 import type { DocumentDistributionMethod } from '@documenso/prisma/client';
@@ -11,6 +13,11 @@ import {
   SigningStatus,
   WebhookTriggerEvents,
 } from '@documenso/prisma/client';
+import {
+  DocumentDataSchema,
+  DocumentSchema,
+  RecipientSchema,
+} from '@documenso/prisma/generated/zod';
 
 import type { SupportedLanguageCodes } from '../../constants/i18n';
 import { AppError, AppErrorCode } from '../../errors/app-error';
@@ -36,10 +43,6 @@ type FinalRecipient = Pick<
   fields: Field[];
 };
 
-export type CreateDocumentFromTemplateResponse = Awaited<
-  ReturnType<typeof createDocumentFromTemplate>
->;
-
 export type CreateDocumentFromTemplateOptions = {
   templateId: number;
   externalId?: string | null;
@@ -72,6 +75,15 @@ export type CreateDocumentFromTemplateOptions = {
   requestMetadata?: RequestMetadata;
 };
 
+export const ZCreateDocumentFromTemplateResponseSchema = DocumentSchema.extend({
+  documentData: DocumentDataSchema,
+  Recipient: RecipientSchema.array(),
+});
+
+export type TCreateDocumentFromTemplateResponse = z.infer<
+  typeof ZCreateDocumentFromTemplateResponseSchema
+>;
+
 export const createDocumentFromTemplate = async ({
   templateId,
   externalId,
@@ -80,7 +92,7 @@ export const createDocumentFromTemplate = async ({
   recipients,
   override,
   requestMetadata,
-}: CreateDocumentFromTemplateOptions) => {
+}: CreateDocumentFromTemplateOptions): Promise<TCreateDocumentFromTemplateResponse> => {
   const user = await prisma.user.findFirstOrThrow({
     where: {
       id: userId,

packages/lib/server-only/template/create-template-direct-link.ts

@@ -7,7 +7,7 @@ import {
   DIRECT_TEMPLATE_RECIPIENT_NAME,
 } from '@documenso/lib/constants/direct-templates';
 import { prisma } from '@documenso/prisma';
-import type { Recipient, TemplateDirectLink } from '@documenso/prisma/client';
+import type { Recipient } from '@documenso/prisma/client';
 
 import { AppError, AppErrorCode } from '../../errors/app-error';
 
@@ -21,7 +21,7 @@ export const createTemplateDirectLink = async ({
   templateId,
   userId,
   directRecipientId,
-}: CreateTemplateDirectLinkOptions): Promise<TemplateDirectLink> => {
+}: CreateTemplateDirectLinkOptions) => {
   const template = await prisma.template.findFirst({
     where: {
       id: templateId,

packages/lib/server-only/template/find-templates.ts

@@ -1,7 +1,7 @@
 import { prisma } from '@documenso/prisma';
 import type { Prisma, Template } from '@documenso/prisma/client';
 
-import type { FindResultResponse } from '../../types/search-params';
+import { type FindResultResponse } from '../../types/search-params';
 
 export type FindTemplatesOptions = {
   userId: number;
@@ -11,9 +11,6 @@ export type FindTemplatesOptions = {
   perPage?: number;
 };
 
-export type FindTemplatesResponse = Awaited<ReturnType<typeof findTemplates>>;
-export type FindTemplateRow = FindTemplatesResponse['data'][number];
-
 export const findTemplates = async ({
   userId,
   teamId,

packages/lib/server-only/template/get-template-by-id.ts

@@ -1,16 +1,5 @@
-import type { z } from 'zod';
-
 import { prisma } from '@documenso/prisma';
 import type { Prisma } from '@documenso/prisma/client';
-import {
-  DocumentDataSchema,
-  FieldSchema,
-  RecipientSchema,
-  TemplateDirectLinkSchema,
-  TemplateMetaSchema,
-  TemplateSchema,
-  UserSchema,
-} from '@documenso/prisma/generated/zod';
 
 import { AppError, AppErrorCode } from '../../errors/app-error';
 
@@ -20,26 +9,7 @@ export type GetTemplateByIdOptions = {
   teamId?: number;
 };
 
-export const ZGetTemplateByIdResponseSchema = TemplateSchema.extend({
-  directLink: TemplateDirectLinkSchema.nullable(),
-  templateDocumentData: DocumentDataSchema,
-  templateMeta: TemplateMetaSchema.nullable(),
-  Recipient: RecipientSchema.array(),
-  Field: FieldSchema.array(),
-  User: UserSchema.pick({
-    id: true,
-    name: true,
-    email: true,
-  }),
-});
-
-export type TGetTemplateByIdResponse = z.infer<typeof ZGetTemplateByIdResponseSchema>;
-
-export const getTemplateById = async ({
-  id,
-  userId,
-  teamId,
-}: GetTemplateByIdOptions): Promise<TGetTemplateByIdResponse> => {
+export const getTemplateById = async ({ id, userId, teamId }: GetTemplateByIdOptions) => {
   const whereFilter: Prisma.TemplateWhereInput = {
     id,
     OR:

packages/lib/server-only/template/move-template-to-team.ts

@@ -1,7 +1,7 @@
-import { TRPCError } from '@trpc/server';
-
 import { prisma } from '@documenso/prisma';
 
+import { AppError, AppErrorCode } from '../../errors/app-error';
+
 export type MoveTemplateToTeamOptions = {
   templateId: number;
   teamId: number;
@@ -23,8 +23,7 @@ export const moveTemplateToTeam = async ({
     });
 
     if (!template) {
-      throw new TRPCError({
-        code: 'NOT_FOUND',
+      throw new AppError(AppErrorCode.NOT_FOUND, {
         message: 'Template not found or already associated with a team.',
       });
     }
@@ -41,9 +40,8 @@ export const moveTemplateToTeam = async ({
     });
 
     if (!team) {
-      throw new TRPCError({
-        code: 'FORBIDDEN',
-        message: 'You are not a member of this team.',
+      throw new AppError(AppErrorCode.UNAUTHORIZED, {
+        message: 'Team does not exist or you are not a member of this team.',
       });
     }
 

packages/lib/server-only/user/disable-user.ts

@@ -0,0 +1,69 @@
+import { AppError } from '@documenso/lib/errors/app-error';
+import { prisma } from '@documenso/prisma';
+
+export type DisableUserOptions = {
+  id: number;
+};
+
+export const disableUser = async ({ id }: DisableUserOptions) => {
+  const user = await prisma.user.findFirst({
+    where: {
+      id,
+    },
+    include: {
+      ApiToken: true,
+      Webhooks: true,
+      passkeys: true,
+      VerificationToken: true,
+      PasswordResetToken: true,
+    },
+  });
+
+  if (!user) {
+    throw new AppError('There was an error disabling the user');
+  }
+
+  try {
+    await prisma.$transaction(async (tx) => {
+      await tx.user.update({
+        where: { id },
+        data: { disabled: true },
+      });
+
+      await tx.apiToken.updateMany({
+        where: { userId: id },
+        data: {
+          expires: new Date(),
+        },
+      });
+
+      await tx.webhook.updateMany({
+        where: { userId: id },
+        data: {
+          enabled: false,
+        },
+      });
+
+      await tx.verificationToken.updateMany({
+        where: { userId: id },
+        data: {
+          expires: new Date(),
+        },
+      });
+
+      await tx.passwordResetToken.updateMany({
+        where: { userId: id },
+        data: {
+          expiry: new Date(),
+        },
+      });
+
+      await tx.passkey.deleteMany({
+        where: { userId: id },
+      });
+    });
+  } catch (error) {
+    console.error('Error disabling user', error);
+    throw error;
+  }
+};

packages/lib/server-only/user/enable-user.ts

@@ -0,0 +1,27 @@
+import { AppError } from '@documenso/lib/errors/app-error';
+import { prisma } from '@documenso/prisma';
+
+export type EnableUserOptions = {
+  id: number;
+};
+
+export const enableUser = async ({ id }: EnableUserOptions) => {
+  const user = await prisma.user.findFirst({
+    where: {
+      id,
+    },
+  });
+
+  if (!user) {
+    throw new AppError('There was an error enabling the user');
+  }
+
+  await prisma.user.update({
+    where: {
+      id,
+    },
+    data: {
+      disabled: false,
+    },
+  });
+};