mirror of
https://github.com/documenso/documenso.git
synced 2026-06-22 04:12:06 +10:00
Lucas Smith
d5ce222482
Adds Cloud Signature Consortium (CSC) integration for AES/QES signing against a configured TSP. v1 ships as instance-wide configuration via environment variables, with per-envelope signature level selection, license gating, and an OAuth-driven signing flow (capture + FIFO signers, SAD session, blocking/in-progress recipient pages). Includes signature level compatibility checks (role, signing order, dictate next signer), envelope mutability assertions, Prisma migration for signature level and CSC tables, and docs for the new signing certificate options.
47 lines
2.0 KiB
TypeScript
47 lines
2.0 KiB
TypeScript
import { formatSecureCookieName, getCookieDomain, useSecureCookies } from '@documenso/lib/constants/auth';
|
|
import { requireEnv } from '@documenso/lib/utils/env';
|
|
|
|
/**
|
|
* Shared HMAC secret + base attribute set for the CSC cookies.
|
|
*
|
|
* `NEXTAUTH_SECRET` is reused so signed-cookie verification stays uniform
|
|
* across the auth + CSC surfaces. The `sameSite` conditional matches
|
|
* `sessionCookieOptions` in `@documenso/auth` so a future embedding flow
|
|
* (CSC inside an `<iframe>` on a partner host) works without a separate
|
|
* cookie-attribute regime.
|
|
*/
|
|
|
|
/** HMAC secret for hono `setSignedCookie` / `getSignedCookie`. */
|
|
export const getCscCookieSecret = (): string => requireEnv('NEXTAUTH_SECRET');
|
|
|
|
/**
|
|
* CSC cookie names; prefixed with `__Secure-` in production over HTTPS.
|
|
*
|
|
* Naming maps 1:1 to the CSC OAuth scope each cookie attests:
|
|
* - `csc_service_session` — service-scope grant (long-lived per-browser SCA
|
|
* attestation; lifetime = TSP `expires_in`).
|
|
* - `csc_sad_session` — credential-scope grant in progress (in-flight signing
|
|
* transaction; lifetime = SAD lifetime).
|
|
* - `csc_oauth_flow` — single-round-trip carrier across authorize → callback
|
|
* (scope-agnostic; both flows reuse it).
|
|
* - `csc_blocking_error` — callback failure surface; carries an unresolvable
|
|
* service-scope error (e.g. empty credential list, refused algorithm) to
|
|
* the next `/sign/{token}` loader, read-once.
|
|
*/
|
|
export const CSC_SERVICE_SESSION_COOKIE_NAME = formatSecureCookieName('csc_service_session');
|
|
export const CSC_SAD_SESSION_COOKIE_NAME = formatSecureCookieName('csc_sad_session');
|
|
export const CSC_OAUTH_FLOW_COOKIE_NAME = formatSecureCookieName('csc_oauth_flow');
|
|
export const CSC_BLOCKING_ERROR_COOKIE_NAME = formatSecureCookieName('csc_blocking_error');
|
|
|
|
/**
|
|
* Base options spread into every CSC cookie. Callers add per-cookie expiry
|
|
* (`maxAge` or `expires`) on top.
|
|
*/
|
|
export const cscCookieBaseOptions = {
|
|
httpOnly: true,
|
|
path: '/',
|
|
sameSite: useSecureCookies ? 'none' : 'lax',
|
|
secure: useSecureCookies,
|
|
domain: getCookieDomain(),
|
|
} as const;
|