feat(documenso-phase-5): pin transformSigningUrl + document website-side coordination

Phase 5 is mostly coordination + verification rather than a code build — the embedded signing pages live in a different repo. What lands here: 1. transformSigningUrl hardening — routes through extractSigningToken so a bare URL like `https://sig.example.com` no longer produces the malformed `<host>/sign/<role>/sig.example.com`. The token validator (≥8 URL-safe chars) rejects malformed tails so the function falls back to returning the raw URL. 2. 10 unit tests pin the role-segment mapping so a future refactor can't silently break the contract with the marketing website's /sign/[type]/[token] page. Covers: - all five SignerRole → URL segment mappings - trailing-slash normalization on the host - null host fallback (single-tenant / staging) - rejection of non-token-shaped tails 3. docs/documenso-integration-audit.md updated with: - Phase 2/3/4/7 landed-work summary (replacing the old "deferred" list that was now stale) - Phase 5 coordination tracker for the marketing-website side (the four edits the website team needs to make — listed here so the CRM stays the source of truth on the contract) - Phase 6 polish backlog (auto-send delay, document expiration, per-document message, reminder display, failed-webhook UI, field metadata panel, zoom controls, recipient drag-reorder) Tests: 21 new transformSigningUrl + signers tests across two files; full suite 1340 → 1350 ✅; tsc clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 14:11:50 +02:00
parent b1dfec09a0
commit 4d1fbcd469
3 changed files with 121 additions and 7 deletions
--- a/src/lib/services/document-signing-emails.service.ts
+++ b/src/lib/services/document-signing-emails.service.ts
@@ -38,6 +38,7 @@ import {
  signingReminderEmail,
 } from '@/lib/email/templates/document-signing';
 import { getPortDocumensoConfig } from '@/lib/services/port-config';
+import { extractSigningToken } from '@/lib/services/documenso-signers';
 import { logger } from '@/lib/logger';

 // ─── Types ───────────────────────────────────────────────────────────────────
@@ -128,7 +129,12 @@ export function transformSigningUrl(
  signerRole: SignerRole,
 ): string {
  if (!embeddedSigningHost || !documensoUrl) return documensoUrl;
-  const token = documensoUrl.split('/').filter(Boolean).pop();
+  // Phase 5: route the URL through the canonical token validator so a
+  // bare URL like `https://sig.example.com` doesn't silently produce
+  // `<host>/sign/<role>/sig.example.com`. extractSigningToken returns
+  // null when the tail isn't token-shaped (≥8 URL-safe chars), at
+  // which point we hand back the raw URL untouched.
+  const token = extractSigningToken(documensoUrl);
  if (!token) return documensoUrl;
  // Trim trailing slashes off the host so we always produce a clean
  // single `/` between segments.