documenso/packages/prisma/schema.prisma

generator kysely {
  provider = "prisma-kysely"
}

generator client {
  provider = "prisma-client-js"
}

generator json {
  provider = "prisma-json-types-generator"
}

generator zod {
  provider             = "zod-prisma-types"
  createInputTypes     = false
  writeBarrelFiles     = false
  useMultipleFiles     = true
  useDefaultValidators = false
}

datasource db {
  provider  = "postgresql"
  url       = env("NEXT_PRIVATE_DATABASE_URL")
  directUrl = env("NEXT_PRIVATE_DIRECT_DATABASE_URL")
}

// Todo: (RR7) Remove after RR7 migration.
enum IdentityProvider {
  DOCUMENSO
  GOOGLE
  OIDC
}

enum Role {
  ADMIN
  USER
}

model User {
  id               Int              @id @default(autoincrement())
  name             String?
  customerId       String?          @unique
  email            String           @unique
  emailVerified    DateTime?
  password         String? // Todo: (RR7) Remove after RR7 migration.
  source           String?
  signature        String?
  createdAt        DateTime         @default(now())
  updatedAt        DateTime         @default(now()) @updatedAt
  lastSignedIn     DateTime         @default(now())
  roles            Role[]           @default([USER])
  identityProvider IdentityProvider @default(DOCUMENSO) // Todo: (RR7) Remove after RR7 migration.
  avatarImageId    String?
  disabled         Boolean          @default(false)

  accounts             Account[]
  sessions             Session[]
  documents            Document[]
  subscriptions        Subscription[]
  passwordResetTokens  PasswordResetToken[]
  ownedTeams           Team[]
  ownedPendingTeams    TeamPending[]
  teamMembers          TeamMember[]
  twoFactorSecret      String?
  twoFactorEnabled     Boolean              @default(false)
  twoFactorBackupCodes String?
  url                  String?              @unique

  profile            UserProfile?
  verificationTokens VerificationToken[]
  apiTokens          ApiToken[]
  templates          Template[]
  securityAuditLogs  UserSecurityAuditLog[]
  webhooks           Webhook[]
  siteSettings       SiteSettings[]
  passkeys           Passkey[]
  avatarImage        AvatarImage?           @relation(fields: [avatarImageId], references: [id], onDelete: SetNull)

  @@index([email])
}

model UserProfile {
  id      String  @id @default(cuid())
  enabled Boolean @default(false)
  userId  Int     @unique
  bio     String?

  User User? @relation(fields: [userId], references: [id], onDelete: Cascade)
}

model TeamProfile {
  id      String  @id @default(cuid())
  enabled Boolean @default(false)
  teamId  Int     @unique
  bio     String?

  team Team? @relation(fields: [teamId], references: [id], onDelete: Cascade)
}

enum UserSecurityAuditLogType {
  ACCOUNT_PROFILE_UPDATE
  ACCOUNT_SSO_LINK
  AUTH_2FA_DISABLE
  AUTH_2FA_ENABLE
  PASSKEY_CREATED
  PASSKEY_DELETED
  PASSKEY_UPDATED
  PASSWORD_RESET
  PASSWORD_UPDATE
  SIGN_OUT
  SIGN_IN
  SIGN_IN_FAIL
  SIGN_IN_2FA_FAIL
  SIGN_IN_PASSKEY_FAIL
}

model UserSecurityAuditLog {
  id        Int                      @id @default(autoincrement())
  userId    Int
  createdAt DateTime                 @default(now())
  type      UserSecurityAuditLogType
  userAgent String?
  ipAddress String?

  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
}

model PasswordResetToken {
  id        Int      @id @default(autoincrement())
  token     String   @unique
  createdAt DateTime @default(now())
  expiry    DateTime
  userId    Int
  user      User     @relation(fields: [userId], references: [id], onDelete: Cascade)
}

model Passkey {
  id                   String    @id @default(cuid())
  userId               Int
  name                 String
  createdAt            DateTime  @default(now())
  updatedAt            DateTime  @default(now())
  lastUsedAt           DateTime?
  credentialId         Bytes
  credentialPublicKey  Bytes
  counter              BigInt
  credentialDeviceType String
  credentialBackedUp   Boolean
  transports           String[]

  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
}

model AnonymousVerificationToken {
  id        String   @id @unique @default(cuid())
  token     String   @unique
  expiresAt DateTime
  createdAt DateTime @default(now())
}

model VerificationToken {
  id          Int      @id @default(autoincrement())
  secondaryId String   @unique @default(cuid())
  identifier  String
  token       String   @unique
  completed   Boolean  @default(false)
  expires     DateTime
  createdAt   DateTime @default(now())
  userId      Int
  user        User     @relation(fields: [userId], references: [id], onDelete: Cascade)
}

enum WebhookTriggerEvents {
  DOCUMENT_CREATED
  DOCUMENT_SENT
  DOCUMENT_OPENED
  DOCUMENT_SIGNED
  DOCUMENT_COMPLETED
  DOCUMENT_REJECTED
  DOCUMENT_CANCELLED
}

model Webhook {
  id            String                 @id @default(cuid())
  webhookUrl    String
  eventTriggers WebhookTriggerEvents[]
  secret        String?
  enabled       Boolean                @default(true)
  createdAt     DateTime               @default(now())
  updatedAt     DateTime               @default(now()) @updatedAt
  userId        Int
  user          User                   @relation(fields: [userId], references: [id], onDelete: Cascade)
  teamId        Int?
  team          Team?                  @relation(fields: [teamId], references: [id], onDelete: Cascade)
  webhookCalls  WebhookCall[]
}

enum WebhookCallStatus {
  SUCCESS
  FAILED
}

model WebhookCall {
  id              String               @id @default(cuid())
  status          WebhookCallStatus
  url             String
  event           WebhookTriggerEvents
  requestBody     Json
  responseCode    Int
  responseHeaders Json?
  responseBody    Json?
  createdAt       DateTime             @default(now())
  webhookId       String
  webhook         Webhook              @relation(fields: [webhookId], references: [id], onDelete: Cascade)
}

enum ApiTokenAlgorithm {
  SHA512
}

model ApiToken {
  id        Int               @id @default(autoincrement())
  name      String
  token     String            @unique
  algorithm ApiTokenAlgorithm @default(SHA512)
  expires   DateTime?
  createdAt DateTime          @default(now())
  userId    Int?
  user      User?             @relation(fields: [userId], references: [id], onDelete: Cascade)
  teamId    Int?
  team      Team?             @relation(fields: [teamId], references: [id], onDelete: Cascade)
}

enum SubscriptionStatus {
  ACTIVE
  PAST_DUE
  INACTIVE
}

model Subscription {
  id                Int                @id @default(autoincrement())
  status            SubscriptionStatus @default(INACTIVE)
  planId            String             @unique
  priceId           String
  periodEnd         DateTime?
  userId            Int?
  teamId            Int?               @unique
  createdAt         DateTime           @default(now())
  updatedAt         DateTime           @updatedAt
  cancelAtPeriodEnd Boolean            @default(false)

  team Team? @relation(fields: [teamId], references: [id], onDelete: Cascade)
  user User? @relation(fields: [userId], references: [id], onDelete: Cascade)

  @@index([userId])
}

model Account {
  id                String  @id @default(cuid())
  userId            Int
  type              String
  provider          String
  providerAccountId String
  refresh_token     String? @db.Text
  access_token      String? @db.Text
  expires_at        Int?
  // Some providers return created_at so we need to make it optional
  created_at        Int?
  // Stops next-auth from crashing when dealing with AzureAD
  ext_expires_in    Int?
  token_type        String?
  scope             String?
  id_token          String? @db.Text
  session_state     String?
  password          String?

  user User @relation(fields: [userId], references: [id], onDelete: Cascade)

  @@unique([provider, providerAccountId])
}

model Session {
  id           String @id @default(cuid())
  sessionToken String @unique
  userId       Int

  ipAddress String?
  userAgent String?
  expiresAt DateTime
  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt

  user User? @relation(fields: [userId], references: [id], onDelete: Cascade)
}

enum DocumentStatus {
  DRAFT
  PENDING
  COMPLETED
  REJECTED
}

enum DocumentSource {
  DOCUMENT
  TEMPLATE
  TEMPLATE_DIRECT_LINK
}

enum DocumentVisibility {
  EVERYONE
  MANAGER_AND_ABOVE
  ADMIN
}

/// @zod.import(["import { ZDocumentAuthOptionsSchema } from '@documenso/lib/types/document-auth';", "import { ZDocumentFormValuesSchema } from '@documenso/lib/types/document-form-values';"])
model Document {
  id             Int                 @id @default(autoincrement())
  externalId     String? /// @zod.string.describe("A custom external ID you can use to identify the document.")
  userId         Int /// @zod.number.describe("The ID of the user that created this document.")
  user           User                @relation(fields: [userId], references: [id], onDelete: Cascade)
  authOptions    Json? /// [DocumentAuthOptions] @zod.custom.use(ZDocumentAuthOptionsSchema)
  formValues     Json? /// [DocumentFormValues] @zod.custom.use(ZDocumentFormValuesSchema)
  visibility     DocumentVisibility  @default(EVERYONE)
  title          String
  status         DocumentStatus      @default(DRAFT)
  recipients     Recipient[]
  fields         Field[]
  shareLinks     DocumentShareLink[]
  documentDataId String
  documentMeta   DocumentMeta?
  createdAt      DateTime            @default(now())
  updatedAt      DateTime            @default(now()) @updatedAt
  completedAt    DateTime?
  deletedAt      DateTime?
  teamId         Int?
  templateId     Int?
  source         DocumentSource

  useLegacyFieldInsertion Boolean @default(false)

  documentData DocumentData @relation(fields: [documentDataId], references: [id], onDelete: Cascade)
  team         Team?        @relation(fields: [teamId], references: [id])
  template     Template?    @relation(fields: [templateId], references: [id], onDelete: SetNull)

  auditLogs DocumentAuditLog[]

  @@unique([documentDataId])
  @@index([userId])
  @@index([status])
}

model DocumentAuditLog {
  id         String   @id @default(cuid())
  documentId Int
  createdAt  DateTime @default(now())
  type       String
  data       Json

  // Details of the person who performed the action which caused the audit log.
  name      String?
  email     String?
  userId    Int?
  userAgent String?
  ipAddress String?

  Document Document @relation(fields: [documentId], references: [id], onDelete: Cascade)
}

enum DocumentDataType {
  S3_PATH
  BYTES
  BYTES_64
}

enum DocumentSigningOrder {
  PARALLEL
  SEQUENTIAL
}

model DocumentData {
  id          String           @id @default(cuid())
  type        DocumentDataType
  data        String
  initialData String
  document    Document?
  template    Template?
}

enum DocumentDistributionMethod {
  EMAIL
  NONE
}

/// @zod.import(["import { ZDocumentEmailSettingsSchema } from '@documenso/lib/types/document-email';"])
model DocumentMeta {
  id                     String               @id @default(cuid())
  subject                String?
  message                String?
  timezone               String?              @default("Etc/UTC") @db.Text
  password               String?
  dateFormat             String?              @default("yyyy-MM-dd hh:mm a") @db.Text
  documentId             Int                  @unique
  document               Document             @relation(fields: [documentId], references: [id], onDelete: Cascade)
  redirectUrl            String?
  signingOrder           DocumentSigningOrder @default(PARALLEL)
  allowDictateNextSigner Boolean              @default(false)

  typedSignatureEnabled  Boolean @default(true)
  uploadSignatureEnabled Boolean @default(true)
  drawSignatureEnabled   Boolean @default(true)

  language           String                     @default("en")
  distributionMethod DocumentDistributionMethod @default(EMAIL)
  emailSettings      Json? /// [DocumentEmailSettings] @zod.custom.use(ZDocumentEmailSettingsSchema)
}

enum ReadStatus {
  NOT_OPENED
  OPENED
}

enum SendStatus {
  NOT_SENT
  SENT
}

enum SigningStatus {
  NOT_SIGNED
  SIGNED
  REJECTED
}

enum RecipientRole {
  CC
  SIGNER
  VIEWER
  APPROVER
  ASSISTANT
}

/// @zod.import(["import { ZRecipientAuthOptionsSchema } from '@documenso/lib/types/document-auth';"])
model Recipient {
  id                Int           @id @default(autoincrement())
  documentId        Int?
  templateId        Int?
  email             String        @db.VarChar(255)
  name              String        @default("") @db.VarChar(255)
  token             String
  documentDeletedAt DateTime?
  expired           DateTime?
  signedAt          DateTime?
  authOptions       Json? /// [RecipientAuthOptions] @zod.custom.use(ZRecipientAuthOptionsSchema)
  signingOrder      Int? /// @zod.number.describe("The order in which the recipient should sign the document. Only works if the document is set to sequential signing.")
  rejectionReason   String?
  role              RecipientRole @default(SIGNER)
  readStatus        ReadStatus    @default(NOT_OPENED)
  signingStatus     SigningStatus @default(NOT_SIGNED)
  sendStatus        SendStatus    @default(NOT_SENT)
  document          Document?     @relation(fields: [documentId], references: [id], onDelete: Cascade)
  template          Template?     @relation(fields: [templateId], references: [id], onDelete: Cascade)
  fields            Field[]
  signatures        Signature[]

  @@unique([documentId, email])
  @@unique([templateId, email])
  @@index([documentId])
  @@index([templateId])
  @@index([token])
}

enum FieldType {
  SIGNATURE
  FREE_SIGNATURE
  INITIALS
  NAME
  EMAIL
  DATE
  TEXT
  NUMBER
  RADIO
  CHECKBOX
  DROPDOWN
}

/// @zod.import(["import { ZFieldMetaNotOptionalSchema } from '@documenso/lib/types/field-meta';"])
model Field {
  id          Int        @id @default(autoincrement())
  secondaryId String     @unique @default(cuid())
  documentId  Int?
  templateId  Int?
  recipientId Int
  type        FieldType
  page        Int /// @zod.number.describe("The page number of the field on the document. Starts from 1.")
  positionX   Decimal    @default(0)
  positionY   Decimal    @default(0)
  width       Decimal    @default(-1)
  height      Decimal    @default(-1)
  customText  String
  inserted    Boolean
  document    Document?  @relation(fields: [documentId], references: [id], onDelete: Cascade)
  template    Template?  @relation(fields: [templateId], references: [id], onDelete: Cascade)
  recipient   Recipient  @relation(fields: [recipientId], references: [id], onDelete: Cascade)
  signature   Signature?
  fieldMeta   Json? /// [FieldMeta] @zod.custom.use(ZFieldMetaNotOptionalSchema)

  @@index([documentId])
  @@index([templateId])
  @@index([recipientId])
}

model Signature {
  id                     Int      @id @default(autoincrement())
  created                DateTime @default(now())
  recipientId            Int
  fieldId                Int      @unique
  signatureImageAsBase64 String?
  typedSignature         String?

  recipient Recipient @relation(fields: [recipientId], references: [id], onDelete: Cascade)
  field     Field     @relation(fields: [fieldId], references: [id], onDelete: Cascade)

  @@index([recipientId])
}

model DocumentShareLink {
  id         Int      @id @default(autoincrement())
  email      String
  slug       String   @unique
  documentId Int
  createdAt  DateTime @default(now())
  updatedAt  DateTime @updatedAt

  document Document @relation(fields: [documentId], references: [id], onDelete: Cascade)

  @@unique([documentId, email])
}

enum TeamMemberRole {
  ADMIN
  MANAGER
  MEMBER
}

enum TeamMemberInviteStatus {
  ACCEPTED
  PENDING
  DECLINED
}

model TeamGlobalSettings {
  teamId                    Int                @unique
  documentVisibility        DocumentVisibility @default(EVERYONE)
  documentLanguage          String             @default("en")
  includeSenderDetails      Boolean            @default(true)
  includeSigningCertificate Boolean            @default(true)

  typedSignatureEnabled  Boolean @default(true)
  uploadSignatureEnabled Boolean @default(true)
  drawSignatureEnabled   Boolean @default(true)

  brandingEnabled        Boolean @default(false)
  brandingLogo           String  @default("")
  brandingUrl            String  @default("")
  brandingCompanyDetails String  @default("")
  brandingHidePoweredBy  Boolean @default(false)

  team Team @relation(fields: [teamId], references: [id], onDelete: Cascade)
}

model Team {
  id            Int      @id @default(autoincrement())
  name          String
  url           String   @unique
  createdAt     DateTime @default(now())
  avatarImageId String?
  customerId    String?  @unique
  ownerUserId   Int

  members              TeamMember[]
  invites              TeamMemberInvite[]
  teamEmail            TeamEmail?
  emailVerification    TeamEmailVerification?
  transferVerification TeamTransferVerification?
  teamGlobalSettings   TeamGlobalSettings?
  avatarImage          AvatarImage?              @relation(fields: [avatarImageId], references: [id], onDelete: SetNull)

  profile      TeamProfile?
  owner        User          @relation(fields: [ownerUserId], references: [id], onDelete: Cascade)
  subscription Subscription?

  documents Document[]
  templates Template[]
  apiTokens ApiToken[]
  webhooks  Webhook[]
}

model TeamPending {
  id          Int      @id @default(autoincrement())
  name        String
  url         String   @unique
  createdAt   DateTime @default(now())
  customerId  String   @unique
  ownerUserId Int

  owner User @relation(fields: [ownerUserId], references: [id], onDelete: Cascade)
}

model TeamMember {
  id        Int            @id @default(autoincrement())
  teamId    Int
  createdAt DateTime       @default(now())
  role      TeamMemberRole
  userId    Int
  user      User           @relation(fields: [userId], references: [id], onDelete: Cascade)
  team      Team           @relation(fields: [teamId], references: [id], onDelete: Cascade)

  @@unique([userId, teamId])
}

model TeamEmail {
  teamId    Int      @id @unique
  createdAt DateTime @default(now())
  name      String
  email     String   @unique
  team      Team     @relation(fields: [teamId], references: [id], onDelete: Cascade)
}

model TeamEmailVerification {
  teamId    Int      @id @unique
  name      String
  email     String
  token     String   @unique
  completed Boolean  @default(false)
  expiresAt DateTime
  createdAt DateTime @default(now())

  team Team @relation(fields: [teamId], references: [id], onDelete: Cascade)
}

model TeamTransferVerification {
  teamId              Int      @id @unique
  userId              Int
  name                String
  email               String
  token               String   @unique
  completed           Boolean  @default(false)
  expiresAt           DateTime
  createdAt           DateTime @default(now())
  clearPaymentMethods Boolean  @default(false)

  team Team @relation(fields: [teamId], references: [id], onDelete: Cascade)
}

model TeamMemberInvite {
  id        Int                    @id @default(autoincrement())
  teamId    Int
  createdAt DateTime               @default(now())
  email     String
  status    TeamMemberInviteStatus @default(PENDING)
  role      TeamMemberRole
  token     String                 @unique
  team      Team                   @relation(fields: [teamId], references: [id], onDelete: Cascade)

  @@unique([teamId, email])
}

enum TemplateType {
  PUBLIC
  PRIVATE
}

/// @zod.import(["import { ZDocumentEmailSettingsSchema } from '@documenso/lib/types/document-email';"])
model TemplateMeta {
  id                     String                     @id @default(cuid())
  subject                String?
  message                String?
  timezone               String?                    @default("Etc/UTC") @db.Text
  password               String?
  dateFormat             String?                    @default("yyyy-MM-dd hh:mm a") @db.Text
  signingOrder           DocumentSigningOrder?      @default(PARALLEL)
  allowDictateNextSigner Boolean                    @default(false)
  distributionMethod     DocumentDistributionMethod @default(EMAIL)

  typedSignatureEnabled  Boolean @default(true)
  uploadSignatureEnabled Boolean @default(true)
  drawSignatureEnabled   Boolean @default(true)

  templateId    Int      @unique
  template      Template @relation(fields: [templateId], references: [id], onDelete: Cascade)
  redirectUrl   String?
  language      String   @default("en")
  emailSettings Json? /// [DocumentEmailSettings] @zod.custom.use(ZDocumentEmailSettingsSchema)
}

/// @zod.import(["import { ZDocumentAuthOptionsSchema } from '@documenso/lib/types/document-auth';"])
model Template {
  id                     Int                @id @default(autoincrement())
  externalId             String?
  type                   TemplateType       @default(PRIVATE)
  title                  String
  userId                 Int
  teamId                 Int?
  visibility             DocumentVisibility @default(EVERYONE)
  authOptions            Json? /// [DocumentAuthOptions] @zod.custom.use(ZDocumentAuthOptionsSchema)
  templateMeta           TemplateMeta?
  templateDocumentDataId String
  createdAt              DateTime           @default(now())
  updatedAt              DateTime           @default(now()) @updatedAt
  publicTitle            String             @default("")
  publicDescription      String             @default("")

  useLegacyFieldInsertion Boolean @default(false)

  team                 Team?               @relation(fields: [teamId], references: [id], onDelete: Cascade)
  templateDocumentData DocumentData        @relation(fields: [templateDocumentDataId], references: [id], onDelete: Cascade)
  user                 User                @relation(fields: [userId], references: [id], onDelete: Cascade)
  recipients           Recipient[]
  fields               Field[]
  directLink           TemplateDirectLink?
  documents            Document[]

  @@unique([templateDocumentDataId])
}

model TemplateDirectLink {
  id         String   @id @unique @default(cuid())
  templateId Int      @unique
  token      String   @unique
  createdAt  DateTime @default(now())
  enabled    Boolean

  directTemplateRecipientId Int

  template Template @relation(fields: [templateId], references: [id], onDelete: Cascade)
}

model SiteSettings {
  id                   String   @id
  enabled              Boolean  @default(false)
  data                 Json
  lastModifiedByUserId Int?
  lastModifiedAt       DateTime @default(now())
  lastModifiedByUser   User?    @relation(fields: [lastModifiedByUserId], references: [id], onDelete: SetNull)
}

enum BackgroundJobStatus {
  PENDING
  PROCESSING
  COMPLETED
  FAILED
}

model BackgroundJob {
  id         String              @id @default(cuid())
  status     BackgroundJobStatus @default(PENDING)
  payload    Json?
  retried    Int                 @default(0)
  maxRetries Int                 @default(3)

  // Taken from the job definition
  jobId   String
  name    String
  version String

  submittedAt   DateTime  @default(now())
  updatedAt     DateTime  @updatedAt
  completedAt   DateTime?
  lastRetriedAt DateTime?

  tasks BackgroundJobTask[]
}

enum BackgroundJobTaskStatus {
  PENDING
  COMPLETED
  FAILED
}

model BackgroundJobTask {
  id     String                  @id
  name   String
  status BackgroundJobTaskStatus @default(PENDING)

  result     Json?
  retried    Int   @default(0)
  maxRetries Int   @default(3)

  createdAt   DateTime  @default(now())
  updatedAt   DateTime  @updatedAt
  completedAt DateTime?

  jobId         String
  backgroundJob BackgroundJob @relation(fields: [jobId], references: [id], onDelete: Cascade)
}

model AvatarImage {
  id    String @id @default(cuid())
  bytes String

  team Team[]
  user User[]
}