From 6a41f82e5b7164bb3c6b32bfbbcea089f4a1fa13 Mon Sep 17 00:00:00 2001
From: Alex Turchyn <lexfox777@gmail.com>
Date: Sun, 28 May 2023 23:20:48 +0300
Subject: [PATCH] add pdf generation

---
 Gemfile                                       |   2 +-
 Gemfile.lock                                  |  13 +-
 app/controllers/api/attachments_controller.rb |   5 +-
 app/controllers/esign_settings_controller.rb  |  26 ++++
 app/controllers/setup_controller.rb           |   3 +
 .../submissions_debug_controller.rb           |  27 ++++
 app/javascript/application.js                 |   2 +
 app/javascript/elements/file_dropzone.js      |  82 +++++++++++
 app/javascript/flow_builder/page.vue          |   2 +-
 app/javascript/flow_form/area.vue             |   4 +-
 app/javascript/flow_form/signature_step.vue   |   2 +-
 app/models/encrypted_config.rb                |   1 +
 app/models/submission.rb                      |   2 -
 app/views/dashboard/index.html.erb            |   1 +
 app/views/esign_settings/index.html.erb       |  10 ++
 config/routes.rb                              |   2 +
 lib/generate_certificate.rb                   |  90 +++++++++++++
 lib/pdf_icons.rb                              |  15 +++
 lib/pdf_icons/check.png                       | Bin 0 -> 1077 bytes
 lib/pdf_icons/paperclip.png                   | Bin 0 -> 4383 bytes
 .../generate_result_attachments.rb            | 127 ++++++++++++++----
 21 files changed, 375 insertions(+), 41 deletions(-)
 create mode 100644 app/controllers/esign_settings_controller.rb
 create mode 100644 app/controllers/submissions_debug_controller.rb
 create mode 100644 app/javascript/elements/file_dropzone.js
 create mode 100644 app/views/esign_settings/index.html.erb
 create mode 100644 lib/generate_certificate.rb
 create mode 100644 lib/pdf_icons.rb
 create mode 100644 lib/pdf_icons/check.png
 create mode 100644 lib/pdf_icons/paperclip.png

diff --git a/Gemfile b/Gemfile
index 20482287..bf3e17eb 100644
--- a/Gemfile
+++ b/Gemfile
@@ -8,11 +8,11 @@ gem 'audited'
 gem 'aws-sdk-s3'
 gem 'azure-storage-blob'
 gem 'bootsnap', require: false
-gem 'combine_pdf'
 gem 'devise'
 gem 'faraday'
 gem 'geoip'
 gem 'google-cloud-storage'
+gem 'hexapdf'
 gem 'image_processing'
 gem 'lograge'
 gem 'oj'
diff --git a/Gemfile.lock b/Gemfile.lock
index 11f0cb24..293e9ada 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -123,10 +123,8 @@ GEM
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
+    cmdparse (3.0.7)
     coderay (1.1.3)
-    combine_pdf (1.0.23)
-      matrix
-      ruby-rc4 (>= 0.1.5)
     concurrent-ruby (1.2.2)
     connection_pool (2.4.0)
     crack (0.4.5)
@@ -199,6 +197,7 @@ GEM
       websocket-driver (>= 0.6, < 0.8)
     ffi (1.15.5)
     geoip (1.6.4)
+    geom2d (0.3.1)
     globalid (1.1.0)
       activesupport (>= 5.0)
     google-apis-core (0.11.0)
@@ -236,6 +235,10 @@ GEM
       os (>= 0.9, < 2.0)
       signet (>= 0.16, < 2.a)
     hashdiff (1.0.1)
+    hexapdf (0.32.2)
+      cmdparse (~> 3.0, >= 3.0.3)
+      geom2d (~> 0.3)
+      openssl (>= 2.2.1)
     htmlentities (4.3.4)
     httpclient (2.8.3)
     i18n (1.13.0)
@@ -296,6 +299,7 @@ GEM
     nokogiri (1.15.0-arm64-darwin)
       racc (~> 1.4)
     oj (3.14.3)
+    openssl (3.1.0)
     orm_adapter (0.5.0)
     os (1.1.4)
     pagy (6.0.4)
@@ -412,7 +416,6 @@ GEM
       rubocop-capybara (~> 2.17)
       rubocop-factory_bot (~> 2.22)
     ruby-progressbar (1.13.0)
-    ruby-rc4 (0.1.5)
     ruby-vips (2.1.4)
       ffi (~> 1.12)
     ruby2_keywords (0.0.5)
@@ -483,7 +486,6 @@ DEPENDENCIES
   bootsnap
   bullet
   capybara
-  combine_pdf
   cuprite
   debug
   devise
@@ -493,6 +495,7 @@ DEPENDENCIES
   faraday
   geoip
   google-cloud-storage
+  hexapdf
   image_processing
   letter_opener_web
   lograge
diff --git a/app/controllers/api/attachments_controller.rb b/app/controllers/api/attachments_controller.rb
index 1386220e..12c6a606 100644
--- a/app/controllers/api/attachments_controller.rb
+++ b/app/controllers/api/attachments_controller.rb
@@ -5,13 +5,14 @@ module Api
     skip_before_action :authenticate_user!
 
     def create
-      submission = Submission.find_by!(slug: params[:submission_slug])
+      submission = Submission.find_by!(slug: params[:submission_slug]) unless current_account
+
       blob = ActiveStorage::Blob.find_signed(params[:blob_signed_id])
 
       attachment = ActiveStorage::Attachment.create!(
         blob:,
         name: params[:name],
-        record: submission
+        record: submission || current_account
       )
 
       render json: attachment.as_json(only: %i[uuid], methods: %i[url filename content_type])
diff --git a/app/controllers/esign_settings_controller.rb b/app/controllers/esign_settings_controller.rb
new file mode 100644
index 00000000..d0d307f7
--- /dev/null
+++ b/app/controllers/esign_settings_controller.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+class EsignSettingsController < ApplicationController
+  before_action :load_encrypted_config
+
+  def create
+    attachment = ActiveStorage::Attachment.find_by!(uuid: params[:attachment_uuid])
+
+    pdf = HexaPDF::Document.new(io: StringIO.new(attachment.download))
+
+    pdf.signatures
+  end
+
+  private
+
+  def load_encrypted_config
+    @encrypted_config =
+      EncryptedConfig.find_or_initialize_by(account: current_account, key: EncryptedConfig::ESIGN_CERTS_KEY)
+  end
+
+  def storage_configs
+    params.require(:encrypted_config).permit(value: {}).tap do |e|
+      e[:value].compact_blank!
+    end
+  end
+end
diff --git a/app/controllers/setup_controller.rb b/app/controllers/setup_controller.rb
index 90b6424a..43817ef2 100644
--- a/app/controllers/setup_controller.rb
+++ b/app/controllers/setup_controller.rb
@@ -17,6 +17,9 @@ class SetupController < ApplicationController
     @user = @account.users.new(user_params)
 
     if @user.save
+      @account.encrypted_configs.create!(key: EncryptedConfig::ESIGN_CERTS_KEY,
+                                         value: GenerateCertificate.call)
+
       sign_in(@user)
 
       redirect_to root_path
diff --git a/app/controllers/submissions_debug_controller.rb b/app/controllers/submissions_debug_controller.rb
new file mode 100644
index 00000000..6f681a78
--- /dev/null
+++ b/app/controllers/submissions_debug_controller.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+class SubmissionsDebugController < ApplicationController
+  layout 'flow'
+
+  skip_before_action :authenticate_user!
+
+  def index
+    @submission = Submission.preload({ attachments_attachments: :blob },
+                                     flow: { documents_attachments: :blob })
+                            .find_by(slug: params[:submission_slug])
+
+    respond_to do |f|
+      f.html do
+        render 'submit_flow/show'
+      end
+      f.pdf do
+        Submissions::GenerateResultAttachments.call(@submission)
+
+        send_data ActiveStorage::Attachment.where(name: :documents).last.download,
+                  filename: 'debug.pdf',
+                  disposition: 'inline',
+                  type: 'application/pdf'
+      end
+    end
+  end
+end
diff --git a/app/javascript/application.js b/app/javascript/application.js
index d4748616..226850d3 100644
--- a/app/javascript/application.js
+++ b/app/javascript/application.js
@@ -5,12 +5,14 @@ import { createApp, reactive } from 'vue'
 import ToggleVisible from './elements/toggle_visible'
 import DisableHidden from './elements/disable_hidden'
 import TurboModal from './elements/turbo_modal'
+import FileDropzone from './elements/file_dropzone'
 
 import FlowBuilder from './flow_builder/builder'
 
 window.customElements.define('toggle-visible', ToggleVisible)
 window.customElements.define('disable-hidden', DisableHidden)
 window.customElements.define('turbo-modal', TurboModal)
+window.customElements.define('file-dropzone', FileDropzone)
 
 window.customElements.define('flow-builder', class extends HTMLElement {
   connectedCallback () {
diff --git a/app/javascript/elements/file_dropzone.js b/app/javascript/elements/file_dropzone.js
new file mode 100644
index 00000000..b4c4128a
--- /dev/null
+++ b/app/javascript/elements/file_dropzone.js
@@ -0,0 +1,82 @@
+import { DirectUpload } from '@rails/activestorage'
+
+import { actionable } from '@github/catalyst/lib/actionable'
+import { target, targetable } from '@github/catalyst/lib/targetable'
+
+export default actionable(targetable(class extends HTMLElement {
+  static [target.static] = [
+    'loading',
+    'input',
+    'valueField'
+  ]
+
+  connectedCallback () {
+    this.addEventListener('drop', this.onDrop)
+
+    this.addEventListener('dragover', (e) => e.preventDefault())
+  }
+
+  onDrop (e) {
+    e.preventDefault()
+
+    this.uploadFiles(e.dataTransfer.files)
+  }
+
+  onSelectFiles (e) {
+    e.preventDefault()
+
+    this.uploadFiles(this.input.files).then(() => {
+      this.input.value = ''
+    })
+  }
+
+  async uploadFiles (files) {
+    console.log( files )
+    const blobs = await Promise.all(
+      Array.from(files).map(async (file) => {
+        const upload = new DirectUpload(
+          file,
+          '/direct_uploads',
+          this.input
+        )
+
+        return new Promise((resolve, reject) => {
+          upload.create((error, blob) => {
+            if (error) {
+              console.error(error)
+
+              return reject(error)
+            } else {
+              return resolve(blob)
+            }
+          })
+        }).catch((error) => {
+          console.error(error)
+        })
+      })
+    )
+
+    await Promise.all(
+      blobs.map((blob) => {
+        return fetch('/api/attachments', {
+          method: 'POST',
+          body: JSON.stringify({
+            name: this.dataset.name,
+            blob_signed_id: blob.signed_id,
+            submission_slug: this.dataset.submissionSlug
+          }),
+          headers: { 'Content-Type': 'application/json' }
+        }).then(resp => resp.json()).then((data) => {
+          return data
+        })
+      })).then((result) => {
+      result.forEach((attachment) => {
+        if (this.valueField) {
+          this.valueField.value = attachment.uuid
+        }
+
+        this.dispatchEvent(new CustomEvent('upload', { detail: attachment }))
+      })
+    })
+  }
+}))
diff --git a/app/javascript/flow_builder/page.vue b/app/javascript/flow_builder/page.vue
index 70d56ec7..58722b24 100644
--- a/app/javascript/flow_builder/page.vue
+++ b/app/javascript/flow_builder/page.vue
@@ -91,7 +91,7 @@ export default {
     onDrop (e) {
       this.$emit('drop-field', {
         x: e.layerX / this.$refs.mask.clientWidth,
-        y: e.layerY / this.$refs.mask.clientHeight,
+        y: e.layerY / this.$refs.mask.clientHeight - (this.$refs.mask.clientWidth / 30 / this.$refs.mask.clientWidth) / 2,
         w: this.$refs.mask.clientWidth / 5 / this.$refs.mask.clientWidth,
         h: this.$refs.mask.clientWidth / 30 / this.$refs.mask.clientWidth,
         page: this.number
diff --git a/app/javascript/flow_form/area.vue b/app/javascript/flow_form/area.vue
index 3b298de2..feb03cf1 100644
--- a/app/javascript/flow_form/area.vue
+++ b/app/javascript/flow_form/area.vue
@@ -1,14 +1,16 @@
 <template>
   <div
-    class="flex cursor-pointer bg-red-100 absolute"
+    class="flex cursor-pointer bg-red-100 bg-opacity-60 absolute"
     :style="computedStyle"
   >
     <img
       v-if="field.type === 'image' && image"
+      class="object-contain"
       :src="image.url"
     >
     <img
       v-else-if="field.type === 'signature' && signature"
+      class="object-contain"
       :src="signature.url"
     >
     <div v-else-if="field.type === 'attachment'">
diff --git a/app/javascript/flow_form/signature_step.vue b/app/javascript/flow_form/signature_step.vue
index 03283c25..a69e91e2 100644
--- a/app/javascript/flow_form/signature_step.vue
+++ b/app/javascript/flow_form/signature_step.vue
@@ -83,7 +83,7 @@ export default {
               body: JSON.stringify({
                 submission_slug: this.submissionSlug,
                 blob_signed_id: data.signed_id,
-                name: 'signatures'
+                name: 'attachments'
               }),
               headers: { 'Content-Type': 'application/json' }
             }).then((resp) => resp.json()).then((attachment) => {
diff --git a/app/models/encrypted_config.rb b/app/models/encrypted_config.rb
index ca2de91b..0f11dd10 100644
--- a/app/models/encrypted_config.rb
+++ b/app/models/encrypted_config.rb
@@ -23,6 +23,7 @@
 class EncryptedConfig < ApplicationRecord
   FILES_STORAGE_KEY = 'active_storage'
   EMAIL_SMTP_KEY = 'action_mailer_smtp'
+  ESIGN_CERTS_KEY = 'esign_certs'
 
   belongs_to :account
 
diff --git a/app/models/submission.rb b/app/models/submission.rb
index c5d7744d..6e0b3c0b 100644
--- a/app/models/submission.rb
+++ b/app/models/submission.rb
@@ -40,8 +40,6 @@ class Submission < ApplicationRecord
   has_many_attached :documents
 
   has_many_attached :attachments
-  has_many_attached :images
-  has_many_attached :signatures
 
   scope :active, -> { where(deleted_at: nil) }
 end
diff --git a/app/views/dashboard/index.html.erb b/app/views/dashboard/index.html.erb
index 1ff1c7b6..7ce4ab25 100644
--- a/app/views/dashboard/index.html.erb
+++ b/app/views/dashboard/index.html.erb
@@ -3,6 +3,7 @@ Hellp
   <%= link_to 'Create Flow', new_flow_path, data: { turbo_frame: :modal } %>
   <%= link_to 'Storage settings', settings_storage_index_path %>
   <%= link_to 'Email settings', settings_email_index_path %>
+  <%= link_to 'eSign', settings_esign_index_path %>
   <%= link_to 'Users', settings_users_path %>
 </div>
 <div>
diff --git a/app/views/esign_settings/index.html.erb b/app/views/esign_settings/index.html.erb
new file mode 100644
index 00000000..16a9bf6e
--- /dev/null
+++ b/app/views/esign_settings/index.html.erb
@@ -0,0 +1,10 @@
+<%= form_for '', url: settings_esign_index_path, method: :post do |f| %>
+  <file-dropzone data-name="verify_attachments">
+    <label for="file">
+      <input id="attachment_uuid" name="attachment_uuid" class="hidden" data-target="file-dropzone.valueField" type="text">
+      <input id="file" class="hidden" data-action="change:file-dropzone#onSelectFiles" data-target="file-dropzone.input" type="file">
+      LCick to upload
+    </label>
+  </file-dropzone>
+  <%= f.button button_title %>
+<% end %>
diff --git a/config/routes.rb b/config/routes.rb
index 2ad06b89..52fcd7d6 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -48,11 +48,13 @@ Rails.application.routes.draw do
 
   resources :submissions, only: %i[], param: 'slug' do
     resources :download, only: %i[index], controller: 'submissions_download'
+    resources :debug, only: %i[index], controller: 'submissions_debug'
   end
 
   scope '/settings', as: :settings do
     resources :storage, only: %i[index create], controller: 'storage_settings'
     resources :email, only: %i[index create], controller: 'email_settings'
+    resources :esign, only: %i[index create], controller: 'esign_settings'
     resources :users, only: %i[index]
   end
 end
diff --git a/lib/generate_certificate.rb b/lib/generate_certificate.rb
new file mode 100644
index 00000000..ae809a65
--- /dev/null
+++ b/lib/generate_certificate.rb
@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+module GenerateCertificate
+  NAME = 'DocuSeal'
+  SIZE = 2**11
+
+  module_function
+
+  def call(name = NAME)
+    root_cert, root_key = generate_root_ca(name)
+
+    sub_cert, sub_key = generate_sub_ca(name, root_cert, root_key)
+    cert, key = generate_certificate(name, sub_cert, sub_key)
+
+    {
+      cert: cert.to_pem,
+      key: key.to_pem,
+      root_ca: root_cert.to_pem,
+      root_key: root_key.to_pem,
+      sub_ca: sub_cert.to_pem,
+      sub_key: sub_key.to_pem
+    }
+  end
+
+  def generate_root_ca(name)
+    key = OpenSSL::PKey::RSA.new(SIZE)
+
+    cert = OpenSSL::X509::Certificate.new
+    cert.subject = OpenSSL::X509::Name.parse("/C=AT/O=#{name}/CN=#{name} Root CA")
+    cert.issuer = cert.subject
+    cert.not_before = Time.current
+    cert.not_after = 100.years.from_now
+    cert.public_key = key.public_key
+    cert.serial = OpenSSL::BN.rand(160)
+
+    ef = OpenSSL::X509::ExtensionFactory.new
+    ef.subject_certificate = cert
+    ef.issuer_certificate = cert
+    cert.add_extension(ef.create_extension('basicConstraints', 'CA:TRUE', true))
+    cert.add_extension(ef.create_extension('keyUsage', 'Certificate Sign, CRL Sign', true))
+    cert.add_extension(ef.create_extension('subjectKeyIdentifier', 'hash', false))
+    cert.sign(key, OpenSSL::Digest.new('SHA256'))
+
+    [cert, key]
+  end
+
+  def generate_sub_ca(name, root_ca_cert, root_ca_key)
+    key = OpenSSL::PKey::RSA.new(SIZE)
+
+    cert = OpenSSL::X509::Certificate.new
+    cert.subject = OpenSSL::X509::Name.parse("/C=AT/O=#{name}/CN=#{name} Sub-CA")
+    cert.issuer = root_ca_cert.subject
+    cert.not_before = Time.current
+    cert.not_after = 100.years.from_now
+    cert.public_key = key.public_key
+    cert.serial = OpenSSL::BN.rand(160)
+
+    ef = OpenSSL::X509::ExtensionFactory.new
+    ef.subject_certificate = cert
+    ef.issuer_certificate = root_ca_cert
+    cert.add_extension(ef.create_extension('basicConstraints', 'CA:TRUE', true))
+    cert.add_extension(ef.create_extension('keyUsage', 'Certificate Sign, CRL Sign', true))
+    cert.add_extension(ef.create_extension('subjectKeyIdentifier', 'hash', false))
+    cert.sign(root_ca_key, OpenSSL::Digest.new('SHA256'))
+
+    [cert, key]
+  end
+
+  def generate_certificate(name, ca_cert, ca_key)
+    key = OpenSSL::PKey::RSA.new(SIZE)
+
+    cert = OpenSSL::X509::Certificate.new
+    cert.subject = OpenSSL::X509::Name.parse("/C=AT/O=#{name}/CN=#{name} Certificate")
+    cert.issuer = ca_cert.subject
+    cert.not_before = Time.current
+    cert.not_after = 100.years.from_now
+    cert.public_key = key.public_key
+    cert.serial = OpenSSL::BN.rand(160)
+
+    ef = OpenSSL::X509::ExtensionFactory.new
+    ef.subject_certificate = cert
+    ef.issuer_certificate = ca_cert
+    cert.add_extension(ef.create_extension('basicConstraints', 'CA:FALSE', true))
+    cert.add_extension(ef.create_extension('keyUsage', 'Digital Signature', true))
+    cert.add_extension(ef.create_extension('subjectKeyIdentifier', 'hash', false))
+    cert.sign(ca_key, OpenSSL::Digest.new('SHA256'))
+
+    [cert, key]
+  end
+end
diff --git a/lib/pdf_icons.rb b/lib/pdf_icons.rb
new file mode 100644
index 00000000..8fb83646
--- /dev/null
+++ b/lib/pdf_icons.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module PdfIcons
+  PATH = Rails.root.join('lib/pdf_icons')
+
+  module_function
+
+  def check_io
+    @check_io ||= StringIO.new(PATH.join('check.png').read)
+  end
+
+  def paperclip_io
+    @paperclip_io ||= StringIO.new(PATH.join('paperclip.png').read)
+  end
+end
diff --git a/lib/pdf_icons/check.png b/lib/pdf_icons/check.png
new file mode 100644
index 0000000000000000000000000000000000000000..e5ec0332ef8c1b29ed3379cdc40cd7152e781387
GIT binary patch
literal 1077
zcmeAS@N?(olHy`uVBq!ia0vp^A3&Ic4M^IBzMKT4*pj^6T^Rm@;DWu&Co?cGzw&f(
z45^s&_O5T<?J$Y9i{e=i^)57LMc;BX>e{TX$g!nejhX)rXRnl>=*&k?&mXVmD^O?R
z?GTgyFxkVA6KEt^Am_02q~uA<Ri3MyKWxR{FWa8m&|B$K<oT&6Ikqjgk=H`S@@d(Q
z_t!IjL?@`WtIRjHySH7CS$l@m``1Q(hY#_2+ND<Q(f8b^{xkceI=^kU<onmZs!z%`
z#BG(DeSiIW?{_R;GS*eZPpXM7uwP(Z+;cYn`uU^ZSgef8fx7-hW~DDsFYY_*mNDaE
z(8pf_+)~j=Id!{Z+?w2`^?k3tbAr)V$I@)S-u56T=IkS{PxD+jAoa1XZ@uuL6z~1d
zYdt@yo|NZ)BmHJp#X^mbPJxeF7aiet?G*14(ic&U)9~68Foil2Zj~NIKA)yMne(JF
z;`zgkk2mms{`~k>&!-trCf(NmlzL;@&yMN*)+&~%f4J+q#B2B-rB11S^!3nr=RG~2
zB-jsxbxaSGn^faHoB5&lB>U;Lzji;moaSb|>@TC@qmM^U$L>4kvCS;mxIEj`&f4Lf
za-7=FnU(G)kH3^2OH=zj@h888;D4_@CWhBJa#MDnyWwM8T+{KCVVB<?ldHdsF1-(X
z|9H#Bna`r`olt!A`pD^=s5@SkX<yAQNzR^mcZ$BT#esFg`rQQ!wmz>vwdh*a{B6g-
zAG!B=6PKXBdR&<5qu-s=eFZ*NJW36A`BV5Pb+Sv%?24Nvg7NBcUIHK2AMw^y`qy8f
z>3QVQ(jD`Z#q@VyNIvo?HN2`TV$Yi(e!=ePvA2tXa@^HD5qnBf{ec2{Zxxe1UfOy}
zuv<LHIO*dd>8VO$`hWVlfc(1T(?HTLp&LlL-3U7JsMR_LsQ3^|wwq2|M#9?ryq}_7
zFPxA{cTSJX$XE|FEbomj(6G6CU3B7hh1vp{dshMVvSr64&Ds>B)l|M}PUqaphh1yk
zb>em;t_B&Nkqt8ZmKVtIwXz#45*KaNGu#=%(yLReR`#s**fgNa4JPjddgV;cx{jmV
z+?gOniEDw5T$7Ro)HPLh(i|hZd%-c!ThCVb6rFrqpnrJVfnzo*mTHw=MSh=b)_neO
iqwoeOFOvfrcz=oCF<f3VJ$Z{ENWZ76pUXO@geCy!IlvA8

literal 0
HcmV?d00001

diff --git a/lib/pdf_icons/paperclip.png b/lib/pdf_icons/paperclip.png
new file mode 100644
index 0000000000000000000000000000000000000000..f3e65b0fc95e02495738a2ffbee6ff942d57ee91
GIT binary patch
literal 4383
zcma)Ac{mhaxE^FFdkivmWv4WDhGJ$IYlJLWLKu6DeVeH;_V6qFHcgVOA%sSy>@lN|
zm=PLe8B3Wg>C$umzxO%MIp;a=+1~H{zVpX-Qm<JWbDj}C0{{Rx5hhTZ<9_p`vauYu
z`gSY1#~q7@nK2ab_oP&GKg|OGcs?PZS8bz8)=Q%^%Itt262VX2N3b|)us;#*)sWx;
z&cLq1plVnThuSA;MY#6O6n5OzYi~HE?UmAm1WzfYTg$;t&F}~cJe1>qV&caO#l8u;
zZfe$Nu%U^X{<y77FF8n{MJEg(%ydy@OXM&rnHEoDG-Q*!&+~sb{gzfp2Hf)%=Cadk
zEauGnnAdPXEdz@%q5hN@gBU=gL$OX?!JViC#u#CkFpfO|b6<LPm5+2+F^Pa7;XAUM
zigRyn8cJ6(3OrU7)ylPPNdd%y5(x*GVvHNpWDeY463TAQki{&(WCggF<RKlxeo1_a
z_^F9Uea?OEjJxRfw1^fVfB?fq&9IA5K@yV)OnAjq5ZQc(^%8f1`<R#^iW$;#(_Q{M
z`-|CjP{F;jZ&-J|@(tlTed%A(f<A$gk_!EnJ&dGxl_XfcZrLdnneKD}TtpXh)PLJa
z-lExz#y);v$+Tt&^3yDIZ+<%?9ntXa{<709!;$%(hXOE?ffY5AX2?G$M4Db8!EANx
znSwVOm6Jlgm-es>3R>A6Qx28oRJbqr)cUo1jj-Etg-g<<CxY$hZJ5n3hbdo0Nd=>e
zn~*_4<F;PSuYR{BIj(KJ6!d8!P8fQ@-hXwBtN1P;D8<*^Lzj0uH7f$bXtqvo+Ce+D
zU!}Xwb>fx7?dGjXTUy+CyZjA-htc9lyH6+*ub!P#Lzi$A1EP(GYI}Rph4YYKs}#l4
z^GQI@oXM3T?reM6HoN7K$*NDxY2xK4>5-5S^$@-2$#Yf=mcEBySJ|VT9}u&7zFynL
zd{(fzJKCawDDp06)}t;4%4t-(n7_r^NYixY0tQ9oG&z5ZY(}xi=w=$5#8xHs!=KH&
znCs9w)SA&3e(&j1`W|7gq#}28=4@Gm>n?Mbr?`MHOWM(A)vJ2@V+9+_Q#v%X(WnQd
z;kq*!u61c#a@Ji0eCv&?PYU3#?!JEou?*Rk_Jbdvkc}DOB8N6XRvttSX*i}uD5na@
zt8OQhZ|F(HGlpDv8Mp)2)WoeGV@D4*l*p1Y44Uqf`kDuhytC%da@x4A_dc7_pNc6g
z2NE-@qjZ-5r0+iV&HR#Z=r}d5B*P-M&ge#Q8t+(tartT^vaO>`2KtNG@BdCIV8Zg^
zmYQTuCfwCo-|A>LmT~Iy`2A`b1=rZBoR<dFpgul`1@=cJvRT|sCehh-@y8Y0Gnrkl
z*APX!)PT`g7g6kBMNS(>`T(UKd{Y!VUmZ21nsOKz+x48u`akSA6@d?oN=F}<Xr2%9
zJxs7(pvh<>S7b%~i<{#K%Xk-l8IP^kKnK;k^>v=G1%F6;(`iUuZ*~bP{Vr6I>`F>~
zSm)=8?xupL$JFf)-#awOnfK1G_cr`;98QU-2*f+2XH7p-Rv_=b4b|xmV~KZ8>H9ME
zw$RtAIBee~YrR$G?+89j&egZtj{k~u@Y1bl^b8H`AKzMO|1Bd;)9PkW^<L4iQ}*Rg
z3L@59)bs<+aJM4IRS~1Qx2NN&BcN4|R<{Dj)wts^12FhV=oQ-xBd{^*j74#v;dS3z
zS!t6hKY7dwaPzI4Lz5<L-V-&GCN9bPJJTORTOJq*Rpw0UE9Kj4cvR5OCC9+vwq3io
zx(mPA75?I?7~yciq_v497(8@re#sZXus`f9PB0j)bq4J#TDlnHh}F%Mgl)H|D(P?q
z^HO76PIV`xgJnNEjHKd(-x%mp=RH(W-K_Aut!PsEG)J2E4b6O8eC;UG_zw;tl>vR1
zI!{+DY~juh?$F^`ID6~7uq8i1*E6i6aD%O$$2vC}Ymz|tR7GwwoJ_aJ%8mC+O6|42
znmcf^;`2aBWkPvIX}>J|0@T&w>j61%DeMwG{$x0jE0Bb}3k9X(_Tp7mZYn<)H^oU1
zbG3^o$R3D=Z-A!j4<A^7MGMkPjgW^fE*hH(IvgBHol5qVwpJtXp`RZkh^{vynNxRt
zrE?Cc*@TLb0~l80>_CHs?~*lx+S!5Ntlyl%@w3*Khk~=F*z`vGa)k`XP4-5BZeiQ!
zg?|Dl@Bt-4X<woV?O~Gi(tPnSZ&eQOpCHDph&va`=0)Q2v<FT2iL_|_m%Ti+51NIK
zGoZYG$e8tCDjtei0F4T-N0g7A>W$ecsyS2K4ykUe#zk=WPA7wl;15%S5X}Tp5#;$a
zY9!x^XF&*#wVm-o^C30WDn^K}SQ|+An5mYTu^d^M4&LHF@Qj={{OR?`?baZ4E+S4x
zb6U+NAxYck`rq<lA{^(N@a~1d9<BY^v=#NA^|w}-gDT0TAmzfxdz>S2Yr6EygEC?G
z6R9e{F#OhhS$e=nVtR4*pSql*OO5L@lxsm-F)cZAMU+iFCZV4Cuzc%{st(@)k&y<#
zYmCcMJ>%}L<`>K-4sg3F9IsrTB642Y)nH<DPyl+sAvDt9+sM<&<vO?Qsr8Q$?4C=L
zGp&oiV9n>dJT4PTJWRV4$5_lo28b*!dt(35e4uhem%-uGjPYPAXC~#M-{CCY<A+Eg
z+aY_grT!$bkLTZQ=r%@0_*iRrt#4dloi<Ccr7PFZy)S_I3t><Kd(l{XxKhQ3^6|R*
zRJ}Ljr&RMC6Py+2r&WQ)DK`>(=yw&4Mb+SIEw(JbZ{Z_OUA}tk(vc6Lei1CcG8buU
z6zw0`yFZ`_y4ed5PKV2-s8Y`jE&~#R0GHYelvSat-5N;gr)bgV=wIlJOn;6E;V1{9
z@dcqwd!QwL*>xXb-|T{6-alNw9h*F*8k4&?ceEPw?(On{SF=iv@d+H-&GaaFuj$@K
zyosQPeBt-D+3NTF`<{!z1q&JK!Q6*mu0$?+Wi7V}a5vRo2!34qHldHWQmCE{437<$
zA{0Mfb(6LLh)D-OKJ0PWG2c$~7FWid#F@%d7Itl}^NH_<!4q+*80zwX2r*dsk&Tm5
z`OMHY8hJ`dE46HxcsSt=Hrnv?{EMue+^#OKJ~rQF_~Bxp$j~T37vK+Gt+QEzn^Aoe
zEZXzBIMpcER=b9so`352Cp}+G|6euw?c|t-(c17RXv{Go^;;}^AU{p%x<7cMK_#6V
z(mCS9!=g~RXwVN;qq>Hn+HkpgXq!|F??{7oUrt+75cpF}gm>M&9+w_|qY+QulaLJm
z=CT;rIK<KFn(w$Ou^DRA{lB<0T_#~De}V2j5p%C{q6z!xnE$KX1D52l43y=mvi{o7
z2L;a9{1Y@U7C0fBf!fG%T#`AYUC26FD)7yJF|ddG+)7EQ;}RhQl?89{%A&RjQ6z(<
z%e?SA6~j7zeeq%Eamr3uY9vT6F^xkfp~14hZhRF#>`LMuh}4QVFwxu^VJ<@*mKi~J
zoJ%59l7$uZeeqyA|Nd3!(s!vEnHki!vn57k7RaoLPaC8+?c`?r<e4Q?$Jg+|ZmyWD
zoQacX6a3`2L^SASu|VjISB0w6W#b)Z?NITjo*n;%B2M&B1pi3?w>8&u;A>AC$nTH&
z32d_+;Qh~T`$tCoU;F<a%NONcXLJWx+HF*FrPj-S%N{#p70HTu3PP?+|BYGx2Ai3z
zsuDkktns+~JW3JHy+;$!nYu=^0{e@KnIXWr-qFBKO(Te%nKv*PHV{u38%TDl<8B3=
zO0ayj6|&DpNu(zyyJ;;~+nnql1}+BvHsffG5mD6D6Jt4o?n}}e7wC2WCM`FVlemRe
zAqLIlniLHgtZGxc(|5<@82Z}{)L>0g+Kr5%odF6j?b1YC6NXxoR5gN=j~PhpuKvE{
zj)n~U{n=$&IS*8BD(Dh@k-STO{_<@f*uUP?cUsAb`goBhv}&{<lVdp{=MtiAB;DYf
zp8tRlRv$42VRt}QbVGd?fq~7Udj{9*StCNn^kthj&Q|8!Kn;)fQ><x`q=aP5F55uu
zd>wCxCY?K1<6CU_#0}1$&M8$RQlRlBM~N-C?4Rx)L#99WTj6TkX~PcYj}vJ>0G315
zvr-xiK8}UKjG0~P)Y2)`+_x+-3CNVwLqzOH2SlN6Ve(kNb6CVFmVQcV;#&eAT`KeF
zNqU6bhD7(SLK2)TaWl!n=k@G3^d6$8Pp)$<6u8MtBDOyn>jz;y8&}4FR|t=@zYR-d
z>X&sElu5XNU!-(*t6FcdcuFCy8en}1?}>dTYp_>2cQ_*kI+IcQyWn`G%+xeZxsKof
zp|s2%cG36@xB=2MQ5pH(;puBJ)_O^ZUNgCusH8ydS-U&(uJ-DjnEQ+Jhj$7&x{7}K
z`KYc`ylP5|iC^%qXZRR!NU+;xQgFqr6V;b=_kB~=(X;4o3=^m+a$&UQ$ky(?BKqg%
zZPAEQ{mD^Np`SG-0hsTk-p@S=3HE;3aMvbIa1-RiFMU#rEh_og$%8&k7WXNPR$*b+
z4Q#tS%=a-VjTYGF@|`x%oQXcJM1I;^eN`2sRN@(85R6}R?A~bnmGm)_8IB8SH>88}
zo5iE;l`{ozJRa@!R4r`5LXTZtI69Yii2$>DYCOO4J2=O7YXX~!kFOI;4HJ*C(ko#?
zA6RdtaeWc&3@17F`3;u2TLa0->s&QChUL-z!>pSYRY^Vkf<B*d-0eJ+mlOS<`>@|K
zpCLWzH%sj9<pUCp-z#P;vu=FQ>?k{*X`-w1TM;I{$xI?6Y4e|3w1q|)j#3hF5I~7Z
zH$2UibbEE;Ir%t5l(kAwN7qyFolIJ9$vEu>+0q$D9H(8^UHUbZJr)EFo{j6wZ4}fJ
zZh!b9@aa4dO_9oOns+6MTIqsf*YB4ig!8RmcOOf{{_#ni4OgxhV3uu|DdJN2j7S~=
zd|z?XF>Bg<8S`)|S!_;fP<Cn4!N_zXZ?pT{Esf0}(yGRg5%2Wr%q|bxm}joM+}W%M
zXF&?92;*AWo1Kl!#8rM0ce;&LZgFb*wXGu3b*C#VG3Xuibu)Hk?q~ccehB?n<0$q5
za$xz&f`8QmGI7JC=n>6S__mLACNc(G!Wvg#+i#d*1{4dBw<*!KbUUpoC2PF_X_A^{
z{YAbLi@>UCaYSWo4~Qt+=Ln>-5mgW72@yJ>hrp?)&&qglh<$_=(o8mTcEP45Y@n!G
z^66Zp+!ee7d&!KU0UJ@{fU)hm{>tjvwo3Wt5O1kXWKDBdBWU3cNfEd16c8)<LbbRh
zq64Lha-PZHI^qLXrn~@6cgl;M5Bya9t_ETa-bas{&@Pz?ntt|BUTH54a(pGv*en~O
z|1v)#(u@PZjy@;aTFt{;aMhGt6F9JgRmXF(#r{hqy%ms=<Dr9skHYm%l`ya6R?gn9
z=KsnN%u<hcO~1;59zra6tvr0d_Qq?@!CiH>V*z=R6PL%7hb#BCufd&g(W0Ld?slJb
zFx27ox{>#Y2S)7d{#ba$sV4f;rqi7Ie+POUMJUvo1>XO9@P&0EP#wlxQts-WI442k
z)oT6{Ct_LuY}J(XuzE<CKxUsoOdEE{kJEWv&}XLdSMY{qZ>V7n5fZ=%@#0{Zh(!0G
v6HM4{QsZb%(uSx%U*q)u`Zj<L9f}JQ8}E77_hcUbcmNPEOK82J``!NmR9#^S

literal 0
HcmV?d00001

diff --git a/lib/submissions/generate_result_attachments.rb b/lib/submissions/generate_result_attachments.rb
index c03c07b1..ec216a1f 100644
--- a/lib/submissions/generate_result_attachments.rb
+++ b/lib/submissions/generate_result_attachments.rb
@@ -2,53 +2,124 @@
 
 module Submissions
   module GenerateResultAttachments
+    FONT_SIZE = 12
+    FONT_NAME = 'Helvetica'
+
     module_function
 
+    # rubocop:disable Metrics
     def call(submission)
+      cert = submission.flow.account.encrypted_configs
+                       .find_by(key: EncryptedConfig::ESIGN_CERTS_KEY).value
+
       zip_file = Tempfile.new
       zip_stream = Zip::ZipOutputStream.open(zip_file)
 
-      submission.flow.schema.map do |item|
-        document = submission.flow.documents.find { |e| e.uuid == item['attachment_uuid'] }
-        field_area_index = Flows.build_field_areas_index(submission.flow)
+      pdfs_index =
+        submission.flow.documents.to_h do |attachment|
+          [attachment.uuid, HexaPDF::Document.new(io: StringIO.new(attachment.download))]
+        end
+
+      submission.flow.fields.each do |field|
+        field.fetch('areas', []).each do |area|
+          pdf = pdfs_index[area['attachment_uuid']]
+
+          page = pdf.pages[area['page']]
+
+          width = page.box.width
+          height = page.box.height
+
+          value = submission.values[field['uuid']]
+
+          canvas = page.canvas(type: :overlay)
+
+          case field['type']
+          when 'image', 'signature'
+            attachment = submission.attachments.find { |a| a.uuid == value }
+            io = StringIO.new(attachment.download)
+
+            Vips::Image.new_from_buffer(io.read, '')
 
-        document.open do |tempfile|
-          pdf = CombinePDF.load(tempfile.path)
+            scale = [(area['w'] * width) / attachment.metadata['width'],
+                     (area['h'] * height) / attachment.metadata['height']].min
 
-          pdf.pages.each_with_index do |page, index|
-            blocks = field_area_index.dig(document.uuid, index)
+            canvas.image(io, at: [area['x'] * width,
+                                  height - (area['y'] * height) -
+                                  (((attachment.metadata['height'] * scale) + (area['h'] * height)) / 2)],
+                             width: attachment.metadata['width'] * scale,
+                             height: attachment.metadata['height'] * scale)
+          when 'attachment'
+            Array.wrap(value).each_with_index do |uuid, index|
+              attachment = submission.attachments.find { |a| a.uuid == uuid }
 
-            next if blocks.blank?
+              canvas.image(PdfIcons.paperclip_io,
+                           at: [area['x'] * width,
+                                height - ((area['y'] * height) + (1.2 * FONT_SIZE) - (FONT_SIZE * index))],
+                           width: FONT_SIZE, height: FONT_SIZE)
 
-            blocks.each do |block|
-              area, field = block.values_at(:area, :field)
-              page.textbox(submission.values[field['uuid']],
-                           x: area['x'] * page.page_size[2],
-                           y: page.page_size[3] - (area['y'] * page.page_size[3]),
-                           width: area['w'] * page.page_size[2],
-                           height: area['h'] * page.page_size[3])
+              canvas.font(FONT_NAME, size: FONT_SIZE)
+              canvas.text(attachment.filename.to_s,
+                          at: [(area['x'] * width) + FONT_SIZE,
+                               height - ((area['y'] * height) + FONT_SIZE - (FONT_SIZE * index))])
+
+              page[:Annots] ||= []
+              page[:Annots] << pdf.add({
+                                         Type: :Annot, Subtype: :Link,
+                                         Rect: [
+                                           area['x'] * width,
+                                           height - (area['y'] * height),
+                                           (area['x'] * width) + (area['w'] * width),
+                                           height - (area['y'] * height) - FONT_SIZE
+                                         ],
+                                         A: { Type: :Action, S: :URI, URI: attachment.url }
+                                       })
+            end
+          when 'checkbox'
+            Array.wrap(value).each_with_index do |value, index|
+              canvas.image(PdfIcons.check_io,
+                           at: [area['x'] * width,
+                                height - ((area['y'] * height) + (1.2 * FONT_SIZE) - (FONT_SIZE * index))],
+                           width: FONT_SIZE, height: FONT_SIZE)
+
+              canvas.font(FONT_NAME, size: FONT_SIZE)
+              canvas.text(value,
+                          at: [(area['x'] * width) + FONT_SIZE,
+                               height - ((area['y'] * height) + FONT_SIZE - (FONT_SIZE * index))])
             end
+          when 'date'
+            canvas.font(FONT_NAME, size: FONT_SIZE)
+            canvas.text(I18n.l(Date.parse(value)), at: [area['x'] * width, height - ((area['y'] * height) + FONT_SIZE)])
+          else
+            canvas.font(FONT_NAME, size: FONT_SIZE)
+            canvas.text(value.to_s, at: [area['x'] * width, height - ((area['y'] * height) + FONT_SIZE)])
           end
+        end
+      end
 
-          string = pdf.to_pdf
-          io = StringIO.new(string)
+      submission.flow.schema.map do |item|
+        document = submission.flow.documents.find { |a| a.uuid == item['attachment_uuid'] }
 
-          zip_stream.put_next_entry("#{item['name']}.pdf")
-          zip_stream.write(string)
+        io = StringIO.new
 
-          ActiveStorage::Attachment.create!(
-            blob: ActiveStorage::Blob.create_and_upload!(
-              io:, filename: "#{item['name']}.pdf"
-            ),
-            name: 'documents',
-            record: submission
-          )
-        end
+        zip_stream.put_next_entry("#{item['name']}.pdf")
+        zip_stream.write(io.string)
+
+        pdf = pdfs_index[item['attachment_uuid']]
+
+        pdf.sign(io, reason: "Signed by #{submission.email}",
+                     doc_mdp_permissions: :no_changes,
+                     certificate: OpenSSL::X509::Certificate.new(cert['cert']),
+                     key: OpenSSL::PKey::RSA.new(cert['key']),
+                     certificate_chain: [OpenSSL::X509::Certificate.new(cert['sub_ca']),
+                                         OpenSSL::X509::Certificate.new(cert['root_ca'])])
+
+        submission.documents.attach(io: StringIO.new(io.string), filename: document.filename)
       end
 
       zip_stream.close
 
-      submission.archive.attach(io: zip_file, filename: 'submission.zip')
+      submission.archive.attach(io: zip_file, filename: "#{submission.flow.name}.zip")
     end
+    # rubocop:enable Metrics
   end
 end