chore: merged main

2024-01-25 13:43:11 +02:00
parent 4aefb80989 d766b58f42
commit ffee2b2c9a
65 changed files with 1043 additions and 234 deletions
--- a/packages/lib/server-only/crypto/decrypt.ts
+++ b/packages/lib/server-only/crypto/decrypt.ts
@@ -0,0 +1,33 @@
+import { DOCUMENSO_ENCRYPTION_SECONDARY_KEY } from '@documenso/lib/constants/crypto';
+import { ZEncryptedDataSchema } from '@documenso/lib/server-only/crypto/encrypt';
+import { symmetricDecrypt } from '@documenso/lib/universal/crypto';
+
+/**
+ * Decrypt the passed in data. This uses the secondary encrypt key for miscellaneous data.
+ *
+ * @param encryptedData The data encrypted with the `encryptSecondaryData` function.
+ * @returns The decrypted value, or `null` if the data is invalid or expired.
+ */
+export const decryptSecondaryData = (encryptedData: string): string | null => {
+  if (!DOCUMENSO_ENCRYPTION_SECONDARY_KEY) {
+    throw new Error('Missing encryption key');
+  }
+
+  const decryptedBufferValue = symmetricDecrypt({
+    key: DOCUMENSO_ENCRYPTION_SECONDARY_KEY,
+    data: encryptedData,
+  });
+
+  const decryptedValue = Buffer.from(decryptedBufferValue).toString('utf-8');
+  const result = ZEncryptedDataSchema.safeParse(JSON.parse(decryptedValue));
+
+  if (!result.success) {
+    return null;
+  }
+
+  if (result.data.expiresAt !== undefined && result.data.expiresAt < Date.now()) {
+    return null;
+  }
+
+  return result.data.data;
+};
--- a/packages/lib/server-only/crypto/encrypt.ts
+++ b/packages/lib/server-only/crypto/encrypt.ts
@@ -0,0 +1,42 @@
+import { z } from 'zod';
+
+import { DOCUMENSO_ENCRYPTION_SECONDARY_KEY } from '@documenso/lib/constants/crypto';
+import { symmetricEncrypt } from '@documenso/lib/universal/crypto';
+import type { TEncryptSecondaryDataMutationSchema } from '@documenso/trpc/server/crypto/schema';
+
+export const ZEncryptedDataSchema = z.object({
+  data: z.string(),
+  expiresAt: z.number().optional(),
+});
+
+export type EncryptDataOptions = {
+  data: string;
+
+  /**
+   * When the data should no longer be allowed to be decrypted.
+   *
+   * Leave this empty to never expire the data.
+   */
+  expiresAt?: number;
+};
+
+/**
+ * Encrypt the passed in data. This uses the secondary encrypt key for miscellaneous data.
+ *
+ * @returns The encrypted data.
+ */
+export const encryptSecondaryData = ({ data, expiresAt }: TEncryptSecondaryDataMutationSchema) => {
+  if (!DOCUMENSO_ENCRYPTION_SECONDARY_KEY) {
+    throw new Error('Missing encryption key');
+  }
+
+  const dataToEncrypt: z.infer<typeof ZEncryptedDataSchema> = {
+    data,
+    expiresAt,
+  };
+
+  return symmetricEncrypt({
+    key: DOCUMENSO_ENCRYPTION_SECONDARY_KEY,
+    data: JSON.stringify(dataToEncrypt),
+  });
+};
--- a/packages/lib/server-only/document-meta/upsert-document-meta.ts
+++ b/packages/lib/server-only/document-meta/upsert-document-meta.ts
@@ -4,10 +4,11 @@ import { prisma } from '@documenso/prisma';

 export type CreateDocumentMetaOptions = {
  documentId: number;
-  subject: string;
-  message: string;
-  timezone: string;
-  dateFormat: string;
+  subject?: string;
+  message?: string;
+  timezone?: string;
+  password?: string;
+  dateFormat?: string;
  userId: number;
 };

@@ -18,6 +19,7 @@ export const upsertDocumentMeta = async ({
  dateFormat,
  documentId,
  userId,
+  password,
 }: CreateDocumentMetaOptions) => {
  await prisma.document.findFirstOrThrow({
    where: {
@@ -35,12 +37,14 @@ export const upsertDocumentMeta = async ({
      message,
      dateFormat,
      timezone,
+      password,
      documentId,
    },
    update: {
      subject,
      message,
      dateFormat,
+      password,
      timezone,
    },
  });
--- a/packages/lib/server-only/document/duplicate-document-by-id.ts
+++ b/packages/lib/server-only/document/duplicate-document-by-id.ts
@@ -26,6 +26,7 @@ export const duplicateDocumentById = async ({ id, userId }: DuplicateDocumentByI
          message: true,
          subject: true,
          dateFormat: true,
+          password: true,
          timezone: true,
        },
      },
--- a/packages/lib/server-only/document/find-documents.ts
+++ b/packages/lib/server-only/document/find-documents.ts
@@ -7,6 +7,7 @@ import { SigningStatus } from '@documenso/prisma/client';
 import { ExtendedDocumentStatus } from '@documenso/prisma/types/extended-document-status';

 import type { FindResultSet } from '../../types/find-result-set';
+import { maskRecipientTokensForDocument } from '../../utils/mask-recipient-tokens-for-document';

 export type FindDocumentsOptions = {
  userId: number;
@@ -173,8 +174,15 @@ export const findDocuments = async ({
    }),
  ]);

+  const maskedData = data.map((document) =>
+    maskRecipientTokensForDocument({
+      document,
+      user,
+    }),
+  );
+
  return {
-    data,
+    data: maskedData,
    count,
    currentPage: Math.max(page, 1),
    perPage,
--- a/packages/lib/server-only/document/get-document-by-token.ts
+++ b/packages/lib/server-only/document/get-document-by-token.ts
@@ -1,5 +1,5 @@
 import { prisma } from '@documenso/prisma';
-import { DocumentWithRecipient } from '@documenso/prisma/types/document-with-recipient';
+import type { DocumentWithRecipient } from '@documenso/prisma/types/document-with-recipient';

 export interface GetDocumentAndSenderByTokenOptions {
  token: string;
@@ -58,7 +58,11 @@ export const getDocumentAndRecipientByToken = async ({
      },
    },
    include: {
-      Recipient: true,
+      Recipient: {
+        where: {
+          token,
+        },
+      },
      documentData: true,
    },
  });
--- a/packages/lib/server-only/document/get-stats.ts
+++ b/packages/lib/server-only/document/get-stats.ts
@@ -42,6 +42,11 @@ export const getStats = async ({ user }: GetStatsInput) => {
        _all: true,
      },
      where: {
+        User: {
+          email: {
+            not: user.email,
+          },
+        },
        OR: [
          {
            status: ExtendedDocumentStatus.PENDING,
--- a/packages/lib/server-only/document/search-documents-with-keyword.ts
+++ b/packages/lib/server-only/document/search-documents-with-keyword.ts
@@ -1,6 +1,8 @@
 import { prisma } from '@documenso/prisma';
 import { DocumentStatus } from '@documenso/prisma/client';

+import { maskRecipientTokensForDocument } from '../../utils/mask-recipient-tokens-for-document';
+
 export type SearchDocumentsWithKeywordOptions = {
  query: string;
  userId: number;
@@ -77,5 +79,12 @@ export const searchDocumentsWithKeyword = async ({
    take: limit,
  });

-  return documents;
+  const maskedDocuments = documents.map((document) =>
+    maskRecipientTokensForDocument({
+      document,
+      user,
+    }),
+  );
+
+  return maskedDocuments;
 };
--- a/packages/lib/server-only/document/update-document.ts
+++ b/packages/lib/server-only/document/update-document.ts
@@ -5,14 +5,16 @@ import type { Prisma } from '@prisma/client';
 import { prisma } from '@documenso/prisma';

 export type UpdateDocumentOptions = {
-  documentId: number;
  data: Prisma.DocumentUpdateInput;
+  userId: number;
+  documentId: number;
 };

-export const updateDocument = async ({ documentId, data }: UpdateDocumentOptions) => {
+export const updateDocument = async ({ documentId, userId, data }: UpdateDocumentOptions) => {
  return await prisma.document.update({
    where: {
      id: documentId,
+      userId,
    },
    data: {
      ...data,