Ryan/documenso
1
0
Fork 1
mirror of https://github.com/documenso/documenso.git synced 2026-06-22 04:12:06 +10:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5ce222482c2da81a1b0e6740e7d829752ea8f7f
documenso/packages/ee/server-only/signing/csc/cookies/service-session-cookie.ts
T
Lucas Smith d5ce222482 feat: add CSC AES/QES signing (v1 instance-wide config) (#2874) 
Adds Cloud Signature Consortium (CSC) integration for AES/QES signing
against a configured TSP. v1 ships as instance-wide configuration via
environment variables, with per-envelope signature level selection,
license gating, and an OAuth-driven signing flow (capture + FIFO
signers, SAD session, blocking/in-progress recipient pages).

Includes signature level compatibility checks (role, signing order,
dictate next signer), envelope mutability assertions, Prisma migration
for signature level and CSC tables, and docs for the new signing
certificate options.
2026-06-16 23:37:34 +10:00

66 lines
2.5 KiB
TypeScript
Raw Blame History

import type { Context } from 'hono';
import { deleteCookie, getSignedCookie, setSignedCookie } from 'hono/cookie';
import { parseSigned } from 'hono/utils/cookie';
import { CSC_SERVICE_SESSION_COOKIE_NAME, cscCookieBaseOptions, getCscCookieSecret } from './shared';
/**
* `csc_service_session` — recipient-scoped attestation that this browser just
* completed a service-scope OAuth round-trip for `<recipientToken>`. The
* `/sign/{token}` loader compares the cookie value against the path token; on
* match it skips re-auth, breaking the redirect loop that would otherwise
* occur when the TSP silently re-grants from its cached SCA session.
*
* Covers the long-lived T1→T3 window (recipient on the signing page filling
* fields, before clicking Sign). `csc_sad_session` covers the much shorter
* T4→T5 window (active signing transaction); the two are complementary, not
* substitutes.
*
* TTL = TSP-asserted service-scope `expires_in` so the trust window can never
* outlive the underlying access token.
*/
type SetCscServiceSessionCookieOptions = {
c: Context;
recipientToken: string;
/** TSP service-scope `expires_in` in seconds. Mirrored as the cookie max-age. */
ttlSeconds: number;
};
export const setCscServiceSessionCookie = async (options: SetCscServiceSessionCookieOptions): Promise<void> => {
const { c, recipientToken, ttlSeconds } = options;
await setSignedCookie(c, CSC_SERVICE_SESSION_COOKIE_NAME, recipientToken, getCscCookieSecret(), {
...cscCookieBaseOptions,
maxAge: ttlSeconds,
});
};
export const getCscServiceSessionCookie = async (c: Context): Promise<string | null> => {
const value = await getSignedCookie(c, getCscCookieSecret(), CSC_SERVICE_SESSION_COOKIE_NAME);
return value ? value : null;
};
export const clearCscServiceSessionCookie = (c: Context): void => {
deleteCookie(c, CSC_SERVICE_SESSION_COOKIE_NAME, cscCookieBaseOptions);
};
/**
* Remix-compatible reader: parses + HMAC-verifies the service-session cookie
* from a raw `Cookie` header on a standard `Request`. Mirrors
* `getCscServiceSessionCookie` but works outside Hono's `Context`.
*/
export const readCscServiceSessionFromRequest = async (request: Request): Promise<string | null> => {
const cookieHeader = request.headers.get('cookie');
if (!cookieHeader) {
return null;
}
const parsed = await parseSigned(cookieHeader, getCscCookieSecret(), CSC_SERVICE_SESSION_COOKIE_NAME);
const value = parsed[CSC_SERVICE_SESSION_COOKIE_NAME];
return typeof value === 'string' ? value : null;
};
Reference in New Issue View Git Blame Copy Permalink