packages/lib/server-only/document/get-document-by-token.ts

import { prisma } from '@documenso/prisma';
import type { DocumentWithRecipient } from '@documenso/prisma/types/document-with-recipient';

import { AppError, AppErrorCode } from '../../errors/app-error';
import type { TDocumentAuthMethods } from '../../types/document-auth';
import { isRecipientAuthorized } from './is-recipient-authorized';

export interface GetDocumentAndSenderByTokenOptions {
  token: string;
  userId?: number;
  accessAuth?: TDocumentAuthMethods;

  /**
   * Whether we enforce the access requirement.
   *
   * Defaults to true.
   */
  requireAccessAuth?: boolean;
}

export interface GetDocumentAndRecipientByTokenOptions {
  token: string;
  userId?: number;
  accessAuth?: TDocumentAuthMethods;

  /**
   * Whether we enforce the access requirement.
   *
   * Defaults to true.
   */
  requireAccessAuth?: boolean;
}
export type GetDocumentByTokenOptions = {
  token: string;
};

export const getDocumentByToken = async ({ token }: GetDocumentByTokenOptions) => {
  if (!token) {
    throw new Error('Missing token');
  }

  const result = await prisma.document.findFirstOrThrow({
    where: {
      recipients: {
        some: {
          token,
        },
      },
    },
  });

  return result;
};

export type DocumentAndSender = Awaited<ReturnType<typeof getDocumentAndSenderByToken>>;

export const getDocumentAndSenderByToken = async ({
  token,
  userId,
  accessAuth,
  requireAccessAuth = true,
}: GetDocumentAndSenderByTokenOptions) => {
  if (!token) {
    throw new Error('Missing token');
  }

  const result = await prisma.document.findFirstOrThrow({
    where: {
      recipients: {
        some: {
          token,
        },
      },
    },
    include: {
      user: true,
      documentData: true,
      documentMeta: true,
      recipients: {
        where: {
          token,
        },
      },
      team: {
        select: {
          name: true,
          teamEmail: true,
          teamGlobalSettings: {
            select: {
              includeSenderDetails: true,
            },
          },
        },
      },
    },
  });

  // eslint-disable-next-line no-unused-vars, @typescript-eslint/no-unused-vars
  const { password: _password, ...user } = result.user;

  const recipient = result.recipients[0];

  // Sanity check, should not be possible.
  if (!recipient) {
    throw new Error('Missing recipient');
  }

  let documentAccessValid = true;

  if (requireAccessAuth) {
    documentAccessValid = await isRecipientAuthorized({
      type: 'ACCESS',
      documentAuthOptions: result.authOptions,
      recipient,
      userId,
      authOptions: accessAuth,
    });
  }

  if (!documentAccessValid) {
    throw new AppError(AppErrorCode.UNAUTHORIZED, {
      message: 'Invalid access values',
    });
  }

  return {
    ...result,
    user,
  };
};

/**
 * Get a Document and a Recipient by the recipient token.
 */
export const getDocumentAndRecipientByToken = async ({
  token,
  userId,
  accessAuth,
  requireAccessAuth = true,
}: GetDocumentAndRecipientByTokenOptions): Promise<DocumentWithRecipient> => {
  if (!token) {
    throw new Error('Missing token');
  }

  const result = await prisma.document.findFirstOrThrow({
    where: {
      recipients: {
        some: {
          token,
        },
      },
    },
    include: {
      recipients: {
        where: {
          token,
        },
      },
      documentData: true,
    },
  });

  const [recipient] = result.recipients;

  // Sanity check, should not be possible.
  if (!recipient) {
    throw new Error('Missing recipient');
  }

  let documentAccessValid = true;

  if (requireAccessAuth) {
    documentAccessValid = await isRecipientAuthorized({
      type: 'ACCESS',
      documentAuthOptions: result.authOptions,
      recipient,
      userId,
      authOptions: accessAuth,
    });
  }

  if (!documentAccessValid) {
    throw new AppError(AppErrorCode.UNAUTHORIZED, {
      message: 'Invalid access values',
    });
  }

  return result;
};
feat: document authoring 2023-08-17 19:56:18 +10:00			`import { prisma } from '@documenso/prisma';`
fix: mask documents in search 2024-01-22 12:32:19 +11:00			`import type { DocumentWithRecipient } from '@documenso/prisma/types/document-with-recipient';`
feat: document authoring 2023-08-17 19:56:18 +10:00
feat: add document auth (#1029) 2024-03-28 13:13:29 +08:00			`import { AppError, AppErrorCode } from '../../errors/app-error';`
			`import type { TDocumentAuthMethods } from '../../types/document-auth';`
			`import { isRecipientAuthorized } from './is-recipient-authorized';`

			`export interface GetDocumentAndSenderByTokenOptions {`
			`token: string;`
			`userId?: number;`
			`accessAuth?: TDocumentAuthMethods;`

			`/**`
			`* Whether we enforce the access requirement.`
			`*`
			`* Defaults to true.`
			`*/`
			`requireAccessAuth?: boolean;`
			`}`

			`export interface GetDocumentAndRecipientByTokenOptions {`
			`token: string;`
			`userId?: number;`
			`accessAuth?: TDocumentAuthMethods;`

			`/**`
			`* Whether we enforce the access requirement.`
			`*`
			`* Defaults to true.`
			`*/`
			`requireAccessAuth?: boolean;`
			`}`
chore: test signing a document 2024-03-21 16:15:29 +00:00			`export type GetDocumentByTokenOptions = {`
feat: document authoring 2023-08-17 19:56:18 +10:00			`token: string;`
chore: test signing a document 2024-03-21 16:15:29 +00:00			`};`
feat: document authoring 2023-08-17 19:56:18 +10:00
chore: test signing a document 2024-03-21 16:15:29 +00:00			`export const getDocumentByToken = async ({ token }: GetDocumentByTokenOptions) => {`
			`if (!token) {`
			`throw new Error('Missing token');`
			`}`

			`const result = await prisma.document.findFirstOrThrow({`
			`where: {`
fix: refactor prisma relations (#1581) 2025-01-13 13:41:53 +11:00			`recipients: {`
chore: test signing a document 2024-03-21 16:15:29 +00:00			`some: {`
			`token,`
			`},`
			`},`
			`},`
			`});`

			`return result;`
			`};`
feat: add single player mode 2023-09-20 13:48:30 +10:00
feat: add document auth (#1029) 2024-03-28 13:13:29 +08:00			`export type DocumentAndSender = Awaited<ReturnType<typeof getDocumentAndSenderByToken>>;`

feat: document authoring 2023-08-17 19:56:18 +10:00			`export const getDocumentAndSenderByToken = async ({`
			`token,`
feat: add document auth (#1029) 2024-03-28 13:13:29 +08:00			`userId,`
			`accessAuth,`
			`requireAccessAuth = true,`
feat: document authoring 2023-08-17 19:56:18 +10:00			`}: GetDocumentAndSenderByTokenOptions) => {`
feat: add single player mode 2023-09-20 13:48:30 +10:00			`if (!token) {`
			`throw new Error('Missing token');`
			`}`

feat: document authoring 2023-08-17 19:56:18 +10:00			`const result = await prisma.document.findFirstOrThrow({`
			`where: {`
fix: refactor prisma relations (#1581) 2025-01-13 13:41:53 +11:00			`recipients: {`
feat: document authoring 2023-08-17 19:56:18 +10:00			`some: {`
			`token,`
			`},`
			`},`
			`},`
			`include: {`
fix: refactor prisma relations (#1581) 2025-01-13 13:41:53 +11:00			`user: true,`
feat: separate document data from document 2023-09-07 19:27:21 +10:00			`documentData: true,`
chore: finish and clean-up redirect post signing Signed-off-by: Adithya Krishna <adi@documenso.com> 2024-02-06 18:04:56 +05:30			`documentMeta: true,`
fix: refactor prisma relations (#1581) 2025-01-13 13:41:53 +11:00			`recipients: {`
feat: add document auth (#1029) 2024-03-28 13:13:29 +08:00			`where: {`
			`token,`
			`},`
			`},`
fix: wrong signing invitation message (#1497) 2024-12-01 22:47:11 +02:00			`team: {`
			`select: {`
			`name: true,`
			`teamEmail: true,`
			`teamGlobalSettings: {`
			`select: {`
			`includeSenderDetails: true,`
			`},`
			`},`
			`},`
			`},`
feat: document authoring 2023-08-17 19:56:18 +10:00			`},`
			`});`

			`// eslint-disable-next-line no-unused-vars, @typescript-eslint/no-unused-vars`
fix: refactor prisma relations (#1581) 2025-01-13 13:41:53 +11:00			`const { password: _password, ...user } = result.user;`
feat: document authoring 2023-08-17 19:56:18 +10:00
fix: refactor prisma relations (#1581) 2025-01-13 13:41:53 +11:00			`const recipient = result.recipients[0];`
feat: add document auth (#1029) 2024-03-28 13:13:29 +08:00
			`// Sanity check, should not be possible.`
			`if (!recipient) {`
			`throw new Error('Missing recipient');`
			`}`

			`let documentAccessValid = true;`

			`if (requireAccessAuth) {`
			`documentAccessValid = await isRecipientAuthorized({`
			`type: 'ACCESS',`
feat: add direct templates links (#1165) ## Description Direct templates links is a feature that provides template owners the ability to allow users to create documents based of their templates. ## General outline This works by allowing the template owner to configure a "direct recipient" in the template. When a user opens the direct link to the template, it will create a flow where they sign the fields configured by the template owner for the direct recipient. After these fields are signed the following will occur: - A document will be created where the owner is the template owner - The direct recipient fields will be signed - The document will be sent to any other recipients configured in the template - If there are none the document will be immediately completed ## Notes There's a custom prisma migration to migrate all documents to have 'DOCUMENT' as the source, then sets the column to required. --------- Co-authored-by: Lucas Smith <me@lucasjamessmith.me> 2024-06-02 15:49:09 +10:00			`documentAuthOptions: result.authOptions,`
feat: add document auth (#1029) 2024-03-28 13:13:29 +08:00			`recipient,`
			`userId,`
			`authOptions: accessAuth,`
			`});`
			`}`

			`if (!documentAccessValid) {`
feat: add initial api logging (#1494) Improve API logging and error handling between client and server side. 2024-11-28 16:05:37 +07:00			`throw new AppError(AppErrorCode.UNAUTHORIZED, {`
			`message: 'Invalid access values',`
			`});`
feat: add document auth (#1029) 2024-03-28 13:13:29 +08:00			`}`

feat: document authoring 2023-08-17 19:56:18 +10:00			`return {`
			`...result,`
fix: refactor prisma relations (#1581) 2025-01-13 13:41:53 +11:00			`user,`
feat: document authoring 2023-08-17 19:56:18 +10:00			`};`
			`};`
feat: add single player mode 2023-09-20 13:48:30 +10:00
			`/**`
			`* Get a Document and a Recipient by the recipient token.`
			`*/`
			`export const getDocumentAndRecipientByToken = async ({`
			`token,`
feat: add document auth (#1029) 2024-03-28 13:13:29 +08:00			`userId,`
			`accessAuth,`
			`requireAccessAuth = true,`
feat: add single player mode 2023-09-20 13:48:30 +10:00			`}: GetDocumentAndRecipientByTokenOptions): Promise<DocumentWithRecipient> => {`
			`if (!token) {`
			`throw new Error('Missing token');`
			`}`

			`const result = await prisma.document.findFirstOrThrow({`
			`where: {`
fix: refactor prisma relations (#1581) 2025-01-13 13:41:53 +11:00			`recipients: {`
feat: add single player mode 2023-09-20 13:48:30 +10:00			`some: {`
			`token,`
			`},`
			`},`
			`},`
			`include: {`
fix: refactor prisma relations (#1581) 2025-01-13 13:41:53 +11:00			`recipients: {`
fix: mask documents in search 2024-01-22 12:32:19 +11:00			`where: {`
			`token,`
			`},`
			`},`
feat: add single player mode 2023-09-20 13:48:30 +10:00			`documentData: true,`
			`},`
			`});`

fix: refactor prisma relations (#1581) 2025-01-13 13:41:53 +11:00			`const [recipient] = result.recipients;`
feat: add document auth (#1029) 2024-03-28 13:13:29 +08:00
			`// Sanity check, should not be possible.`
			`if (!recipient) {`
			`throw new Error('Missing recipient');`
			`}`

			`let documentAccessValid = true;`

			`if (requireAccessAuth) {`
			`documentAccessValid = await isRecipientAuthorized({`
			`type: 'ACCESS',`
feat: add direct templates links (#1165) ## Description Direct templates links is a feature that provides template owners the ability to allow users to create documents based of their templates. ## General outline This works by allowing the template owner to configure a "direct recipient" in the template. When a user opens the direct link to the template, it will create a flow where they sign the fields configured by the template owner for the direct recipient. After these fields are signed the following will occur: - A document will be created where the owner is the template owner - The direct recipient fields will be signed - The document will be sent to any other recipients configured in the template - If there are none the document will be immediately completed ## Notes There's a custom prisma migration to migrate all documents to have 'DOCUMENT' as the source, then sets the column to required. --------- Co-authored-by: Lucas Smith <me@lucasjamessmith.me> 2024-06-02 15:49:09 +10:00			`documentAuthOptions: result.authOptions,`
feat: add document auth (#1029) 2024-03-28 13:13:29 +08:00			`recipient,`
			`userId,`
			`authOptions: accessAuth,`
			`});`
			`}`

			`if (!documentAccessValid) {`
feat: add initial api logging (#1494) Improve API logging and error handling between client and server side. 2024-11-28 16:05:37 +07:00			`throw new AppError(AppErrorCode.UNAUTHORIZED, {`
			`message: 'Invalid access values',`
			`});`
feat: add document auth (#1029) 2024-03-28 13:13:29 +08:00			`}`

fix: refactor prisma relations (#1581) 2025-01-13 13:41:53 +11:00			`return result;`
feat: add single player mode 2023-09-20 13:48:30 +10:00			`};`