mirror of
https://github.com/documenso/documenso.git
synced 2026-07-06 02:55:00 +10:00
d5ce222482
Adds Cloud Signature Consortium (CSC) integration for AES/QES signing against a configured TSP. v1 ships as instance-wide configuration via environment variables, with per-envelope signature level selection, license gating, and an OAuth-driven signing flow (capture + FIFO signers, SAD session, blocking/in-progress recipient pages). Includes signature level compatibility checks (role, signing order, dictate next signer), envelope mutability assertions, Prisma migration for signature level and CSC tables, and docs for the new signing certificate options.
136 lines
4.9 KiB
TypeScript
136 lines
4.9 KiB
TypeScript
declare namespace NodeJS {
|
|
export interface ProcessEnv {
|
|
PORT?: string;
|
|
NEXT_PUBLIC_WEBAPP_URL?: string;
|
|
NEXT_PRIVATE_DOCUMENSO_LICENSE_KEY?: string;
|
|
|
|
NEXT_PRIVATE_GOOGLE_CLIENT_ID?: string;
|
|
NEXT_PRIVATE_GOOGLE_CLIENT_SECRET?: string;
|
|
|
|
NEXT_PRIVATE_OIDC_WELL_KNOWN?: string;
|
|
NEXT_PRIVATE_OIDC_CLIENT_ID?: string;
|
|
NEXT_PRIVATE_OIDC_CLIENT_SECRET?: string;
|
|
NEXT_PRIVATE_OIDC_PROVIDER_LABEL?: string;
|
|
NEXT_PRIVATE_OIDC_SKIP_VERIFY?: string;
|
|
|
|
NEXT_PRIVATE_DATABASE_URL: string;
|
|
NEXT_PRIVATE_ENCRYPTION_KEY: string;
|
|
NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY: string;
|
|
|
|
NEXT_PRIVATE_LOGGER_FILE_PATH?: string;
|
|
|
|
NEXT_PRIVATE_STRIPE_API_KEY: string;
|
|
NEXT_PRIVATE_STRIPE_WEBHOOK_SECRET: string;
|
|
|
|
NEXT_PUBLIC_UPLOAD_TRANSPORT?: 'database' | 's3' | 'azure-blob';
|
|
NEXT_PRIVATE_UPLOAD_ENDPOINT?: string;
|
|
NEXT_PRIVATE_UPLOAD_FORCE_PATH_STYLE?: string;
|
|
NEXT_PRIVATE_UPLOAD_REGION?: string;
|
|
NEXT_PRIVATE_UPLOAD_BUCKET?: string;
|
|
NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID?: string;
|
|
NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY?: string;
|
|
NEXT_PRIVATE_UPLOAD_DISTRIBUTION_DOMAIN?: string;
|
|
NEXT_PRIVATE_UPLOAD_DISTRIBUTION_KEY_ID?: string;
|
|
NEXT_PRIVATE_UPLOAD_DISTRIBUTION_KEY_CONTENTS?: string;
|
|
NEXT_PRIVATE_UPLOAD_AZURE_ACCOUNT_NAME?: string;
|
|
NEXT_PRIVATE_UPLOAD_AZURE_ACCOUNT_KEY?: string;
|
|
NEXT_PRIVATE_UPLOAD_AZURE_CONTAINER?: string;
|
|
NEXT_PRIVATE_UPLOAD_AZURE_ENDPOINT?: string;
|
|
|
|
NEXT_PRIVATE_SIGNING_TRANSPORT?: 'local' | 'http' | 'gcloud-hsm' | 'csc';
|
|
/**
|
|
* Derived from `NEXT_PRIVATE_SIGNING_TRANSPORT` in `createPublicEnv()`; do
|
|
* not set manually. Lets the client detect CSC mode for authoring UI gating.
|
|
*/
|
|
NEXT_PUBLIC_SIGNING_TRANSPORT_IS_CSC?: 'true' | 'false';
|
|
NEXT_PRIVATE_SIGNING_PASSPHRASE?: string;
|
|
NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH?: string;
|
|
NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS?: string;
|
|
NEXT_PRIVATE_SIGNING_LOCAL_FILE_ENCODING?: string;
|
|
NEXT_PRIVATE_SIGNING_GCLOUD_HSM_KEY_PATH?: string;
|
|
NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_PATH?: string;
|
|
NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_CONTENTS?: string;
|
|
NEXT_PRIVATE_SIGNING_GCLOUD_APPLICATION_CREDENTIALS_CONTENTS?: string;
|
|
NEXT_PRIVATE_SIGNING_GCLOUD_HSM_CERT_CHAIN_FILE_PATH?: string;
|
|
NEXT_PRIVATE_SIGNING_GCLOUD_HSM_CERT_CHAIN_CONTENTS?: string;
|
|
NEXT_PRIVATE_SIGNING_GCLOUD_HSM_SECRET_MANAGER_CERT_PATH?: string;
|
|
NEXT_PRIVATE_SIGNING_CSC_PROVIDER_BASE_URL?: string;
|
|
NEXT_PRIVATE_SIGNING_CSC_OAUTH_CLIENT_ID?: string;
|
|
NEXT_PRIVATE_SIGNING_CSC_OAUTH_CLIENT_SECRET?: string;
|
|
NEXT_PRIVATE_SIGNING_CSC_SIGNATURE_LEVEL?: 'AES' | 'QES';
|
|
NEXT_PRIVATE_SIGNING_TIMESTAMP_AUTHORITY?: string;
|
|
NEXT_PUBLIC_SIGNING_CONTACT_INFO?: string;
|
|
NEXT_PRIVATE_USE_LEGACY_SIGNING_SUBFILTER?: string;
|
|
|
|
NEXT_PRIVATE_SMTP_TRANSPORT?: 'mailchannels' | 'resend' | 'smtp-auth' | 'smtp-api';
|
|
|
|
NEXT_PRIVATE_RESEND_API_KEY?: string;
|
|
|
|
NEXT_PRIVATE_MAILCHANNELS_API_KEY?: string;
|
|
NEXT_PRIVATE_MAILCHANNELS_DKIM_DOMAIN?: string;
|
|
NEXT_PRIVATE_MAILCHANNELS_DKIM_SELECTOR?: string;
|
|
NEXT_PRIVATE_MAILCHANNELS_DKIM_PRIVATE_KEY?: string;
|
|
NEXT_PRIVATE_MAILCHANNELS_ENDPOINT?: string;
|
|
|
|
NEXT_PRIVATE_SMTP_HOST?: string;
|
|
NEXT_PRIVATE_SMTP_PORT?: string;
|
|
NEXT_PRIVATE_SMTP_USERNAME?: string;
|
|
NEXT_PRIVATE_SMTP_PASSWORD?: string;
|
|
|
|
NEXT_PRIVATE_SMTP_APIKEY_USER?: string;
|
|
NEXT_PRIVATE_SMTP_APIKEY?: string;
|
|
|
|
NEXT_PRIVATE_SMTP_SECURE?: string;
|
|
NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS?: string;
|
|
|
|
NEXT_PRIVATE_SMTP_FROM_NAME?: string;
|
|
NEXT_PRIVATE_SMTP_FROM_ADDRESS?: string;
|
|
|
|
NEXT_PUBLIC_DISABLE_SIGNUP?: string;
|
|
NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNUP?: string;
|
|
NEXT_PUBLIC_DISABLE_GOOGLE_SIGNUP?: string;
|
|
NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNUP?: string;
|
|
NEXT_PUBLIC_DISABLE_OIDC_SIGNUP?: string;
|
|
NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS?: string;
|
|
|
|
NEXT_PRIVATE_BROWSERLESS_URL?: string;
|
|
|
|
NEXT_PRIVATE_JOBS_PROVIDER?: 'inngest' | 'local' | 'bullmq';
|
|
|
|
NEXT_PUBLIC_USE_INTERNAL_URL_BROWSERLESS?: string;
|
|
|
|
/**
|
|
* Redis / BullMQ environment variables
|
|
*/
|
|
NEXT_PRIVATE_REDIS_URL?: string;
|
|
NEXT_PRIVATE_REDIS_PREFIX?: string;
|
|
NEXT_PRIVATE_BULLMQ_CONCURRENCY?: string;
|
|
|
|
/**
|
|
* Inngest environment variables
|
|
*/
|
|
INNGEST_EVENT_KEY?: string;
|
|
INNGEST_SIGNING_KEY?: string;
|
|
NEXT_PRIVATE_INNGEST_APP_ID?: string;
|
|
NEXT_PRIVATE_INNGEST_EVENT_KEY?: string;
|
|
|
|
POSTGRES_URL?: string;
|
|
DATABASE_URL?: string;
|
|
POSTGRES_PRISMA_URL?: string;
|
|
POSTGRES_URL_NON_POOLING?: string;
|
|
|
|
/**
|
|
* Cloudflare Turnstile environment variables
|
|
*/
|
|
NEXT_PUBLIC_TURNSTILE_SITE_KEY?: string;
|
|
NEXT_PRIVATE_TURNSTILE_SECRET_KEY?: string;
|
|
|
|
/**
|
|
* Google Vertex AI environment variables
|
|
*/
|
|
GOOGLE_VERTEX_PROJECT_ID?: string;
|
|
GOOGLE_VERTEX_LOCATION?: string;
|
|
GOOGLE_VERTEX_API_KEY?: string;
|
|
}
|
|
}
|