mirror of
https://github.com/documenso/documenso.git
synced 2026-06-22 04:12:06 +10:00
Lucas Smith
d5ce222482
Adds Cloud Signature Consortium (CSC) integration for AES/QES signing against a configured TSP. v1 ships as instance-wide configuration via environment variables, with per-envelope signature level selection, license gating, and an OAuth-driven signing flow (capture + FIFO signers, SAD session, blocking/in-progress recipient pages). Includes signature level compatibility checks (role, signing order, dictate next signer), envelope mutability assertions, Prisma migration for signature level and CSC tables, and docs for the new signing certificate options.
36 lines
1.2 KiB
TypeScript
36 lines
1.2 KiB
TypeScript
import { AppError, AppErrorCode } from '../../errors/app-error';
|
|
import { isTspEnvelope } from '../../types/signature-level';
|
|
|
|
type AssertCompatibleDictateNextSignerOptions = {
|
|
signatureLevel: string;
|
|
allowDictateNextSigner: boolean | null | undefined;
|
|
};
|
|
|
|
/**
|
|
* Reject `allowDictateNextSigner = true` on AES/QES envelopes.
|
|
*
|
|
* The TSP sign path has no nextSigner dictation — `prepareCscRecipientSigning`
|
|
* doesn't accept one and `executeTspSign` always advances to the strict
|
|
* SEQUENTIAL next signer. Allowing the flag to persist on a TSP envelope
|
|
* would advertise a UX feature the sign-time flow silently drops.
|
|
*
|
|
* SES envelopes pass through unchanged. A `null` / `undefined` / `false`
|
|
* value also passes through.
|
|
*/
|
|
export const assertCompatibleDictateNextSigner = ({
|
|
signatureLevel,
|
|
allowDictateNextSigner,
|
|
}: AssertCompatibleDictateNextSignerOptions): void => {
|
|
if (!isTspEnvelope({ signatureLevel })) {
|
|
return;
|
|
}
|
|
|
|
if (allowDictateNextSigner !== true) {
|
|
return;
|
|
}
|
|
|
|
throw new AppError(AppErrorCode.INVALID_BODY, {
|
|
message: `Envelopes signed at '${signatureLevel}' do not support next-signer dictation — the TSP sign path always advances to the strict SEQUENTIAL next recipient.`,
|
|
});
|
|
};
|