Files
documenso/packages/lib/server-only/document/validate-field-auth.ts
ephraimduncan bd56929db1 refactor(signing-2fa): simplify server-side and UI code for external 2FA
- Extract throwVerificationError helper in verify-signing-two-factor-token.ts
- Extract throwIssuanceDenied helper in issue-signing-two-factor-token.ts
- Eliminate duplicated attemptsRemaining state in UI component
- Use imported SIGNING_2FA_VERIFY_REASON_CODES constants
- Add statusQuery.refetch() after failed verify for single source of truth
- Fix TypeScript control flow with explicit returns after throws
2026-02-10 12:39:13 +00:00

52 lines
1.3 KiB
TypeScript

import type { Envelope, Field, Recipient } from '@prisma/client';
import { FieldType } from '@prisma/client';
import { AppError, AppErrorCode } from '../../errors/app-error';
import type { TRecipientActionAuth } from '../../types/document-auth';
import { isRecipientAuthorized } from './is-recipient-authorized';
export type ValidateFieldAuthOptions = {
documentAuthOptions: Envelope['authOptions'];
recipient: Pick<Recipient, 'authOptions' | 'email' | 'envelopeId'>;
field: Field;
userId?: number;
authOptions?: TRecipientActionAuth;
recipientToken?: string;
};
/**
* Throws an error if the reauth for a field is invalid.
*
* Returns the derived recipient action authentication if valid.
*/
export const validateFieldAuth = async ({
documentAuthOptions,
recipient,
field,
userId,
authOptions,
recipientToken,
}: ValidateFieldAuthOptions) => {
// Override all non-signature fields to not require any auth.
if (field.type !== FieldType.SIGNATURE) {
return undefined;
}
const isValid = await isRecipientAuthorized({
type: 'ACTION',
documentAuthOptions,
recipient,
userId,
authOptions,
recipientToken,
});
if (!isValid) {
throw new AppError(AppErrorCode.UNAUTHORIZED, {
message: 'Invalid authentication values',
});
}
return authOptions?.type;
};