mirror of
https://github.com/documenso/documenso.git
synced 2026-06-22 04:12:06 +10:00
Lucas Smith
d5ce222482
Adds Cloud Signature Consortium (CSC) integration for AES/QES signing against a configured TSP. v1 ships as instance-wide configuration via environment variables, with per-envelope signature level selection, license gating, and an OAuth-driven signing flow (capture + FIFO signers, SAD session, blocking/in-progress recipient pages). Includes signature level compatibility checks (role, signing order, dictate next signer), envelope mutability assertions, Prisma migration for signature level and CSC tables, and docs for the new signing certificate options.
34 lines
1.2 KiB
TypeScript
34 lines
1.2 KiB
TypeScript
import { RecipientRole } from '@prisma/client';
|
|
|
|
import { AppError, AppErrorCode } from '../../errors/app-error';
|
|
import { isTspEnvelope } from '../../types/signature-level';
|
|
|
|
type AssertCompatibleRecipientRoleOptions = {
|
|
signatureLevel: string;
|
|
role: RecipientRole;
|
|
};
|
|
|
|
/**
|
|
* Reject `RecipientRole.ASSISTANT` on AES/QES envelopes.
|
|
*
|
|
* Assistant recipients pre-fill fields on behalf of downstream signers. The
|
|
* TSP flow signs each recipient's complete PDF state with their own CSC
|
|
* credential, so an assistant role has no sign-time identity to bind to and
|
|
* `prepareCscRecipientSigning` has no handler for it.
|
|
*
|
|
* SES envelopes pass through unchanged.
|
|
*/
|
|
export const assertCompatibleRecipientRole = ({ signatureLevel, role }: AssertCompatibleRecipientRoleOptions): void => {
|
|
if (!isTspEnvelope({ signatureLevel })) {
|
|
return;
|
|
}
|
|
|
|
if (role === RecipientRole.ASSISTANT) {
|
|
throw new AppError(AppErrorCode.INVALID_BODY, {
|
|
message: `Envelopes signed at '${signatureLevel}' do not support the ASSISTANT role — the TSP flow signs each recipient's bytes with their own CSC credential and has no sign-time path for an assistant.`,
|
|
});
|
|
}
|
|
|
|
return;
|
|
};
|