mirror of
https://github.com/documenso/documenso.git
synced 2026-07-10 13:06:00 +10:00
138d663c25
Merge origin/main into feat/external-2fa-codes. Resolve formatting conflicts caused by biome rollout; preserve both feature streams: PR's external 2FA token + signing-session 2FA proof additions plus main's RateLimit/RecipientExpired/signingReminders/date-auto-insert. In complete-document-with-token.ts, drop the duplicate early field-fetching block introduced when main moved that logic later with date auto-insert support; keep the EXTERNAL_TWO_FACTOR_AUTH check using derivedRecipientActionAuth.
41 lines
1.0 KiB
TypeScript
41 lines
1.0 KiB
TypeScript
import { DOCUMENSO_ENCRYPTION_SECONDARY_KEY } from '@documenso/lib/constants/crypto';
|
|
import { symmetricEncrypt } from '@documenso/lib/universal/crypto';
|
|
import { z } from 'zod';
|
|
|
|
export const ZEncryptedDataSchema = z.object({
|
|
data: z.string(),
|
|
expiresAt: z.number().optional(),
|
|
});
|
|
|
|
export type EncryptDataOptions = {
|
|
data: string;
|
|
|
|
/**
|
|
* When the data should no longer be allowed to be decrypted.
|
|
*
|
|
* Leave this empty to never expire the data.
|
|
*/
|
|
expiresAt?: number;
|
|
};
|
|
|
|
/**
|
|
* Encrypt the passed in data. This uses the secondary encrypt key for miscellaneous data.
|
|
*
|
|
* @returns The encrypted data.
|
|
*/
|
|
export const encryptSecondaryData = ({ data, expiresAt }: EncryptDataOptions) => {
|
|
if (!DOCUMENSO_ENCRYPTION_SECONDARY_KEY) {
|
|
throw new Error('Missing encryption key');
|
|
}
|
|
|
|
const dataToEncrypt: z.infer<typeof ZEncryptedDataSchema> = {
|
|
data,
|
|
expiresAt,
|
|
};
|
|
|
|
return symmetricEncrypt({
|
|
key: DOCUMENSO_ENCRYPTION_SECONDARY_KEY,
|
|
data: JSON.stringify(dataToEncrypt),
|
|
});
|
|
};
|