5210fe2963
## Description Add support to login with passkeys. Passkeys can be added via the user security settings page. Note: Currently left out adding the type of authentication method for the 'user security audit logs' because we're using the `signIn` next-auth event which doesn't appear to provide the context. Will look into it at another time. ## Changes Made - Add passkeys to login - Add passkeys feature flag - Add page to manage passkeys - Add audit logs relating to passkeys - Updated prisma schema to support passkeys & anonymous verification tokens ## Testing Performed To be done. MacOS: - Safari ✅ - Chrome ✅ - Firefox ✅ Windows: - Chrome [Untested] - Firefox [Untested] Linux: - Chrome [Untested] - Firefox [Untested] iOS: - Safari ✅ ## Checklist <!--- Please check the boxes that apply to this pull request. --> <!--- You can add or remove items as needed. --> - [X] I have tested these changes locally and they work as expected. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Introduced Passkey authentication, including creation, sign-in, and management of passkeys. - Added a Passkeys section in Security Settings for managing user passkeys. - Implemented UI updates for Passkey authentication, including a new dialog for creating passkeys and a data table for managing them. - Enhanced security settings with server-side feature flags to conditionally display new security features. - **Bug Fixes** - Improved UI consistency in the Settings Security Activity Page. - Updated button styling in the 2FA Recovery Codes component for better visibility. - **Refactor** - Streamlined authentication options to include WebAuthn credentials provider. - **Chores** - Updated database schema to support passkeys and related functionality. - Added new audit log types for passkey-related activities. - Enhanced server-only authentication utilities for passkey registration and management. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
The Open Source DocuSign Alternative.
Learn more »
Discord
·
Website
·
Issues
·
Upcoming Releases
·
Roadmap
About this project
Signing documents digitally should be fast and easy and should be the best practice for every document signed worldwide.
This is technically quite easy today, but it also introduces a new party to every signature: The signing tool providers. While this is not a problem in itself, it should make us think about how we want these providers of trust to work.
Documenso aims to be the world's most trusted document-signing tool. This trust is built by empowering you to self-host Documenso and review how it works under the hood.
Join us in creating the next generation of open trust infrastructure.
Recognition
Community and Next Steps 🎯
We're currently working on a redesign of the application, including a revamp of the codebase, so Documenso can be more intuitive to use and robust to develop upon.
- Check out the first source code release in this repository and test it.
- Tell us what you think in the Discussions.
- Join the Discord server for any questions and getting to know to other community members.
- ⭐ the repository to help us raise awareness.
- Spread the word on Twitter that Documenso is working towards a more open signing tool.
- Fix or create issues, that are needed for the first production release.
Contributing
- To contribute, please see our contribution guide.
Contact us
Contact us if you are interested in our Enterprise plan for large organizations that need extra flexibility and control.
Tech Stack
- Typescript - Language
- Next.js - Framework
- Prisma - ORM
- Tailwind - CSS
- shadcn/ui - Component Library
- NextAuth.js - Authentication
- react-email - Email Templates
- tRPC - API
- Node SignPDF - Digital Signature
- React-PDF - Viewing PDFs
- PDF-Lib - PDF manipulation
- Stripe - Payments
- Vercel - Hosting
Local Development
Requirements
To run Documenso locally, you will need
- Node.js (v18 or above)
- Postgres SQL Database
- Docker (optional)
Developer Quickstart
Note
: This is a quickstart for developers. It assumes that you have both docker and docker-compose installed on your machine.
Want to get up and running quickly? Follow these steps:
- Fork this repository to your GitHub account.
After forking the repository, clone it to your local device by using the following command:
git clone https://github.com/<your-username>/documenso
-
Set up your
.envfile using the recommendations in the.env.examplefile. Alternatively, just runcp .env.example .envto get started with our handpicked defaults. -
Run
npm run dxin the root directory- This will spin up a postgres database and inbucket mailserver in a docker container.
-
Run
npm run devin the root directory -
Want it even faster? Just use
npm run d
Access Points for Your Application
-
App - http://localhost:3000
-
Incoming Mail Access - http://localhost:9000
-
Database Connection Details
- Port: 54320
- Connection: Use your favorite database client to connect using the provided port.
-
S3 Storage Dashboard - http://localhost:9001
Developer Setup
Manual Setup
Follow these steps to setup Documenso on your local machine:
- Fork this repository to your GitHub account.
After forking the repository, clone it to your local device by using the following command:
git clone https://github.com/<your-username>/documenso
-
Run
npm iin the root directory -
Create your
.envfrom the.env.example. You can usecp .env.example .envto get started with our handpicked defaults. -
Set the following environment variables:
- NEXTAUTH_URL
- NEXTAUTH_SECRET
- NEXT_PUBLIC_WEBAPP_URL
- NEXT_PUBLIC_MARKETING_URL
- NEXT_PRIVATE_DATABASE_URL
- NEXT_PRIVATE_DIRECT_DATABASE_URL
- NEXT_PRIVATE_SMTP_FROM_NAME
- NEXT_PRIVATE_SMTP_FROM_ADDRESS
-
Create the database schema by running
npm run prisma:migrate-dev -
Run
npm run devin the root directory to start -
Register a new user at http://localhost:3000/signup
- Optional: Seed the database using
npm run prisma:seed -w @documenso/prismato create a test user and document. - Optional: Create your own signing certificate.
- To generate your own using these steps and a Linux Terminal or Windows Subsystem for Linux (WSL), see Create your own signing certificate.
Run in Gitpod
- Click below to launch a ready-to-use Gitpod workspace in your browser.
Run in DevContainer
We support DevContainers for VSCode. Click here to get started.
Video walkthrough
If you're a visual learner and prefer to watch a video walkthrough of setting up Documenso locally, check out this video:
Docker
We provide a Docker container for Documenso, which is published on both DockerHub and GitHub Container Registry.
- DockerHub: https://hub.docker.com/r/documenso/documenso
- GitHub Container Registry: https://ghcr.io/documenso/documenso
You can pull the Docker image from either of these registries and run it with your preferred container hosting provider.
Please note that you will need to provide environment variables for connecting to the database, mailserver, and so forth.
For detailed instructions on how to configure and run the Docker container, please refer to the Docker README in the docker directory.
Self Hosting
We support a variety of deployment methods, and are actively working on adding more. Stay tuned for updates!
Please note that the below deployment methods are for v0.9, we will update these to v1.0 once it has been released.
Fetch, configure, and build
First, clone the code from Github:
git clone https://github.com/documenso/documenso.git
Then, inside the documenso folder, copy the example env file:
cp .env.example .env
The following environment variables must be set:
NEXTAUTH_URLNEXTAUTH_SECRETNEXT_PUBLIC_WEBAPP_URLNEXT_PUBLIC_MARKETING_URLNEXT_PRIVATE_DATABASE_URLNEXT_PRIVATE_DIRECT_DATABASE_URLNEXT_PRIVATE_SMTP_FROM_NAMENEXT_PRIVATE_SMTP_FROM_ADDRESS
If you are using a reverse proxy in front of Documenso, don't forget to provide the public URL for both
NEXTAUTH_URLandNEXT_PUBLIC_WEBAPP_URLvariables!
Now you can install the dependencies and build it:
npm i
npm run build:web
npm run prisma:migrate-deploy
Finally, you can start it with:
npm run start
This will start the server on localhost:3000. For now, any reverse proxy can then do the frontend and SSL termination.
If you want to run with another port than 3000, you can start the application with
next -p <ANY PORT>from theapps/webfolder.
Run as a service
You can use a systemd service file to run the app. Here is a simple example of the service running on port 3500 (using 3000 by default):
[Unit]
Description=documenso
After=network.target
[Service]
Environment=PATH=/path/to/your/node/binaries
Type=simple
User=www-data
WorkingDirectory=/var/www/documenso/apps/web
ExecStart=/usr/bin/next start -p 3500
TimeoutSec=15
Restart=always
[Install]
WantedBy=multi-user.target
Railway
Render
Koyeb
Troubleshooting
I'm not receiving any emails when using the developer quickstart.
When using the developer quickstart, an Inbucket server will be spun up in a docker container that will store all outgoing emails locally for you to view.
The Web UI can be found at http://localhost:9000, while the SMTP port will be on localhost:2500.
Support IPv6
If you are deploying to a cluster that uses only IPv6, You can use a custom command to pass a parameter to the Next.js start command
For local docker run
docker run -it documenso:latest npm run start -- -H ::
For k8s or docker-compose
containers:
- name: documenso
image: documenso:latest
imagePullPolicy: IfNotPresent
command:
- npm
args:
- run
- start
- --
- -H
- '::'
I can't see environment variables in my package scripts.
Wrap your package script with the with:env script like such:
npm run with:env -- npm run myscript
The same can be done when using npx for one of the bin scripts:
npm run with:env -- npx myscript
This will load environment variables from your .env and .env.local files.
Repo Activity
