mirror of https://github.com/docusealco/docuseal
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
159 lines
4.4 KiB
159 lines
4.4 KiB
# frozen_string_literal: true
|
|
|
|
module Wabosign
|
|
PRODUCT_URL = ENV.fetch('PRODUCT_URL', 'https://sign.wabo.cc')
|
|
PRODUCT_EMAIL_URL = ENV.fetch('PRODUCT_EMAIL_URL', PRODUCT_URL)
|
|
PRODUCT_NAME = 'WaboSign'
|
|
# AGPLv3 §7(b) upstream attribution — must remain visible in interactive UIs.
|
|
UPSTREAM_NAME = 'DocuSeal'
|
|
UPSTREAM_URL = 'https://github.com/docusealco/docuseal'
|
|
DEFAULT_APP_URL = ENV.fetch('APP_URL', 'http://localhost:3000')
|
|
GITHUB_URL = 'https://github.com/wabolabs/wabosign'
|
|
SUPPORT_EMAIL = 'wabosign@wabo.cc'
|
|
HOST = ENV.fetch('HOST', 'localhost')
|
|
AATL_CERT_NAME = 'wabosign_aatl'
|
|
GOOGLE_DEFAULT_ACCOUNT_ID = ENV.fetch('GOOGLE_DEFAULT_ACCOUNT_ID', nil)
|
|
|
|
CERTS = JSON.parse(ENV.fetch('CERTS', '{}'))
|
|
TIMESERVER_URL = ENV.fetch('TIMESERVER_URL', nil)
|
|
VERSION_FILE_PATH = Rails.root.join('.version')
|
|
VERSION_FILE2_PATH = Rails.public_path.join('version')
|
|
|
|
DEFAULT_URL_OPTIONS = {
|
|
host: HOST,
|
|
protocol: ENV['FORCE_SSL'].present? ? 'https' : 'http'
|
|
}.freeze
|
|
|
|
module_function
|
|
|
|
def version
|
|
@version ||=
|
|
if VERSION_FILE_PATH.exist?
|
|
VERSION_FILE_PATH.read.strip
|
|
elsif VERSION_FILE2_PATH.exist?
|
|
VERSION_FILE2_PATH.each_line.first.to_s.strip
|
|
end
|
|
end
|
|
|
|
def multitenant?
|
|
ENV['MULTITENANT'] == 'true'
|
|
end
|
|
|
|
def advanced_formats?
|
|
multitenant?
|
|
end
|
|
|
|
def demo?
|
|
ENV['DEMO'] == 'true'
|
|
end
|
|
|
|
def active_storage_public?
|
|
ENV['ACTIVE_STORAGE_PUBLIC'] == 'true'
|
|
end
|
|
|
|
def default_pkcs
|
|
return if Wabosign::CERTS['enabled'] == false
|
|
|
|
@default_pkcs ||= GenerateCertificate.load_pkcs(Wabosign::CERTS)
|
|
end
|
|
|
|
def fulltext_search?
|
|
return @fulltext_search unless @fulltext_search.nil?
|
|
|
|
@fulltext_search =
|
|
if SearchEntry.table_exists?
|
|
Wabosign.multitenant? || AccountConfig.exists?(key: :fulltext_search, value: true)
|
|
else
|
|
false
|
|
end
|
|
end
|
|
|
|
def enable_pwa?
|
|
true
|
|
end
|
|
|
|
def pdf_format
|
|
@pdf_format ||= ENV['PDF_FORMAT'].to_s.downcase
|
|
end
|
|
|
|
def trusted_certs
|
|
@trusted_certs ||=
|
|
ENV['TRUSTED_CERTS'].to_s.gsub('\\n', "\n").split("\n\n").map do |base64|
|
|
OpenSSL::X509::Certificate.new(base64)
|
|
end
|
|
end
|
|
|
|
def default_url_options
|
|
return DEFAULT_URL_OPTIONS if multitenant?
|
|
|
|
@default_url_options ||= begin
|
|
value = EncryptedConfig.find_by(key: EncryptedConfig::APP_URL_KEY)&.value if ENV['APP_URL'].blank?
|
|
value ||= DEFAULT_APP_URL
|
|
url = Addressable::URI.parse(value)
|
|
{ host: url.host, port: url.port, protocol: url.scheme }
|
|
end
|
|
end
|
|
|
|
def product_name
|
|
PRODUCT_NAME
|
|
end
|
|
|
|
def refresh_default_url_options!
|
|
@default_url_options = nil
|
|
end
|
|
|
|
# Returns the live Google SSO credentials, merging ENV (priority) with the
|
|
# `google_sso_configs` EncryptedConfig (UI fallback). Called at request
|
|
# time by the Devise OmniAuth setup proc and the sign-in page partial.
|
|
#
|
|
# Shape: { client_id:, client_secret:, allowed_domains:, source: :env|:db|:none }
|
|
def google_sso_credentials
|
|
env_id = ENV.fetch('GOOGLE_CLIENT_ID', nil)
|
|
env_secret = ENV.fetch('GOOGLE_CLIENT_SECRET', nil)
|
|
if env_id.present? && env_secret.present?
|
|
return {
|
|
client_id: env_id,
|
|
client_secret: env_secret,
|
|
allowed_domains: ENV.fetch('GOOGLE_ALLOWED_DOMAINS', '')
|
|
.split(',').map(&:strip).reject(&:empty?),
|
|
source: :env
|
|
}
|
|
end
|
|
|
|
db_value = google_sso_db_value
|
|
if db_value.is_a?(Hash) && db_value['enabled'] &&
|
|
db_value['client_id'].to_s.present? && db_value['client_secret'].to_s.present?
|
|
return {
|
|
client_id: db_value['client_id'].to_s,
|
|
client_secret: db_value['client_secret'].to_s,
|
|
allowed_domains: Array(db_value['allowed_domains']).filter_map { |d| d.to_s.strip.presence },
|
|
source: :db
|
|
}
|
|
end
|
|
|
|
{ client_id: nil, client_secret: nil, allowed_domains: [], source: :none }
|
|
end
|
|
|
|
def google_sso_db_value
|
|
return nil unless defined?(EncryptedConfig) && EncryptedConfig.table_exists?
|
|
|
|
EncryptedConfig.find_by(key: EncryptedConfig::GOOGLE_SSO_KEY)&.value
|
|
rescue ActiveRecord::StatementInvalid, ActiveRecord::ConnectionNotEstablished
|
|
nil
|
|
end
|
|
|
|
def google_sso_enabled?
|
|
creds = google_sso_credentials
|
|
creds[:client_id].present? && creds[:client_secret].present?
|
|
end
|
|
|
|
def google_domain_allowed?(hosted_domain)
|
|
return false if hosted_domain.blank?
|
|
|
|
domains = google_sso_credentials[:allowed_domains]
|
|
return true if domains.empty?
|
|
|
|
domains.include?(hosted_domain)
|
|
end
|
|
end
|