feat: add document auth (#1029)

2024-03-28 13:13:29 +08:00
parent 956562d3b4
commit a54eb54ef7
77 changed files with 3904 additions and 846 deletions
--- a/packages/lib/server-only/document/complete-document-with-token.ts
+++ b/packages/lib/server-only/document/complete-document-with-token.ts
@@ -7,6 +7,7 @@ import { prisma } from '@documenso/prisma';
 import { DocumentStatus, SigningStatus } from '@documenso/prisma/client';
 import { WebhookTriggerEvents } from '@documenso/prisma/client';

+import type { TRecipientActionAuth } from '../../types/document-auth';
 import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
 import { sealDocument } from './seal-document';
 import { sendPendingEmail } from './send-pending-email';
@@ -14,6 +15,8 @@ import { sendPendingEmail } from './send-pending-email';
 export type CompleteDocumentWithTokenOptions = {
  token: string;
  documentId: number;
+  userId?: number;
+  authOptions?: TRecipientActionAuth;
  requestMetadata?: RequestMetadata;
 };

@@ -71,32 +74,54 @@ export const completeDocumentWithToken = async ({
    throw new Error(`Recipient ${recipient.id} has unsigned fields`);
  }

-  await prisma.recipient.update({
-    where: {
-      id: recipient.id,
-    },
-    data: {
-      signingStatus: SigningStatus.SIGNED,
-      signedAt: new Date(),
-    },
-  });
+  // Document reauth for completing documents is currently not required.

-  await prisma.documentAuditLog.create({
-    data: createDocumentAuditLogData({
-      type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_RECIPIENT_COMPLETED,
-      documentId: document.id,
-      user: {
-        name: recipient.name,
-        email: recipient.email,
+  // const { derivedRecipientActionAuth } = extractDocumentAuthMethods({
+  //   documentAuth: document.authOptions,
+  //   recipientAuth: recipient.authOptions,
+  // });
+
+  // const isValid = await isRecipientAuthorized({
+  //   type: 'ACTION',
+  //   document: document,
+  //   recipient: recipient,
+  //   userId,
+  //   authOptions,
+  // });
+
+  // if (!isValid) {
+  //   throw new AppError(AppErrorCode.UNAUTHORIZED, 'Invalid authentication values');
+  // }
+
+  await prisma.$transaction(async (tx) => {
+    await tx.recipient.update({
+      where: {
+        id: recipient.id,
      },
-      requestMetadata,
      data: {
-        recipientEmail: recipient.email,
-        recipientName: recipient.name,
-        recipientId: recipient.id,
-        recipientRole: recipient.role,
+        signingStatus: SigningStatus.SIGNED,
+        signedAt: new Date(),
      },
-    }),
+    });
+
+    await tx.documentAuditLog.create({
+      data: createDocumentAuditLogData({
+        type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_RECIPIENT_COMPLETED,
+        documentId: document.id,
+        user: {
+          name: recipient.name,
+          email: recipient.email,
+        },
+        requestMetadata,
+        data: {
+          recipientEmail: recipient.email,
+          recipientName: recipient.name,
+          recipientId: recipient.id,
+          recipientRole: recipient.role,
+          // actionAuth: derivedRecipientActionAuth || undefined,
+        },
+      }),
+    });
  });

  const pendingRecipients = await prisma.recipient.count({