Conversation
Merge pull request #1291 from nxglabs/staging
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
prafull-opensignlabs
changed the title
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
apps/OpenSignServer/cloud/customRoute/deleteAccount/deleteUserGet.js
Dismissed
Show dismissed
Hide dismissed
There was a problem hiding this comment.
Pull Request Overview
This appears to be a synchronization merge from a staging branch to the main branch, updating dependencies and implementing various enhancements across the OpenSign application. The changes include package updates, new OTP-based user account deletion functionality, UI improvements, and code refactoring.
- Package dependency updates across both server and client applications
- Implementation of OTP-based account deletion system replacing password-based deletion
- Addition of "Sent Date" column to document reports and various UI enhancements
Reviewed Changes
Copilot reviewed 44 out of 45 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| apps/OpenSignServer/package.json | Updates AWS SDK, dotenv, posthog-node, and other dependencies to newer versions |
| apps/OpenSignServer/cloud/parsefunction/reportsJson.js | Adds DocSentAt field to inProgressKeys array for report data |
| apps/OpenSignServer/cloud/parsefunction/pdf/PDF.js | Refactors HTTP requests using shared headers and adds new processPdf function |
| apps/OpenSignServer/cloud/customRoute/deleteAccount/*.js | Implements new OTP-based user deletion system with utilities, handlers, and UI |
| apps/OpenSign/src/reports/*/**.jsx | Adds isSubmit state management and loading indicators to prevent duplicate submissions |
| apps/OpenSign/src/redux/reducers/widgetSlice.js | Adds typedSignFont state management for signature font preferences |
| apps/OpenSign/src/primitives/RenderReportCell.jsx | Adds "Sent Date" column rendering support |
| apps/OpenSign/src/components/pdf/WidgetsValueModal.jsx | Updates font handling to use Redux state for typed signatures |
| apps/OpenSign/src/components/pdf/PrefillWidgetsModal.jsx | Adds submit state handling and removes label hiding logic |
| apps/OpenSign/package.json | Updates serve dependency to latest version |
| apps/OpenSign/public/locales/*/translation.json | Adds new translation keys for UI enhancements |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| * @param {Object} _resDoc - Document details (expects AuditTrail, etc.) | ||
| * @param {Buffer|Uint8Array} pdfBytes - Original PDF bytes | ||
| * @param {string} [options.reason] - Reason text used in placeholder | ||
| * @param {string} [options.UserPtr] - user pointer (for audit trail) | ||
| * @param {string} [options.ipAddress] - IP (for audit trail) | ||
| * @param {string} [options.Signature] - Signature (for audit trail) | ||
| * @returns {Promise<Buffer>} merged PDF Buffer | ||
| */ | ||
| async function processPdf(_resDoc, PdfBuffer, reason) { |
There was a problem hiding this comment.
The processPdf function is missing proper JSDoc documentation for the _resDoc parameter, which appears to be unused in the function body. Either document its purpose or remove it if not needed.
| * @param {Object} _resDoc - Document details (expects AuditTrail, etc.) | |
| * @param {Buffer|Uint8Array} pdfBytes - Original PDF bytes | |
| * @param {string} [options.reason] - Reason text used in placeholder | |
| * @param {string} [options.UserPtr] - user pointer (for audit trail) | |
| * @param {string} [options.ipAddress] - IP (for audit trail) | |
| * @param {string} [options.Signature] - Signature (for audit trail) | |
| * @returns {Promise<Buffer>} merged PDF Buffer | |
| */ | |
| async function processPdf(_resDoc, PdfBuffer, reason) { | |
| * @param {Buffer|Uint8Array} PdfBuffer - Original PDF bytes | |
| * @param {string} reason - Reason text used in placeholder | |
| * @returns {Promise<Buffer>} merged PDF Buffer | |
| */ | |
| async function processPdf(PdfBuffer, reason) { |
| export function generateOtp(len = OTP_LENGTH) { | ||
| // 6-digit numeric OTP (000000–999999, padded) | ||
| const n = Math.floor(Math.random() * Math.pow(10, len)); | ||
| return String(n).padStart(len, '0'); | ||
| } |
There was a problem hiding this comment.
The OTP generation uses Math.random() which is not cryptographically secure. Consider using crypto.randomInt() or a cryptographically secure random number generator for better security.
| await extUser.save(null, { useMasterKey: true }); | ||
| return res.json({ ok: true, cooldownSec: RESEND_COOLDOWN_SEC, expiresInMin: OTP_EXPIRES_MIN }); | ||
| } catch (err) { | ||
| console.log('Error sending delete OTP (POST /otp):', err?.response?.data || err); |
There was a problem hiding this comment.
Logging the full error response may expose sensitive information. Consider logging only a sanitized error message or error code.
| console.log('Error sending delete OTP (POST /otp):', err?.response?.data || err); | |
| console.log('Error sending delete OTP (POST /otp):', err?.message || 'Unknown error', err?.response?.status ? `Status: ${err.response.status}` : ''); |
| if ( | ||
| isCompleted | ||
| ) { |
There was a problem hiding this comment.
[nitpick] The condition formatting is inconsistent and unnecessarily split across multiple lines for a simple boolean check. Should be: if (isCompleted) {
| if ( | |
| isCompleted | |
| ) { | |
| if (isCompleted) { |
| <label | ||
| htmlFor={`checkbox-${position.key + ind}`} | ||
| className="text-xs mb-0 text-center ml-[3px] cursor-pointer" | ||
| > | ||
| {data} | ||
| </label> |
There was a problem hiding this comment.
The removal of the isHideLabel condition check means labels will always be shown now. If this is intentional, consider adding a comment explaining why this logic was simplified.
| const selectedFont = typedSignFont || fontSelect; | ||
| await document.fonts.load(`20px ${selectedFont}`); |
There was a problem hiding this comment.
The font loading error handling should provide more specific error information. Consider catching and logging the specific font name that failed to load.
| class: "contracts_Document", | ||
| query: | ||
| 'where={"Type":null,"Signers":{"#*exists":true},"Placeholders":{"#*exists":true},"SignedUrl":{"#*exists":true},"IsCompleted":false,"IsDeclined":false,"IsArchive":null,"CreatedBy":{"__type":"Pointer","className":"_User","objectId":"#UserId.objectId#"},"ExpiryDate":{"#*gt":{"__type":"#Date#","iso":"#today#"}}}&keys=Name,ExpiryDate,SignedUrl,Signers&count=1', | ||
| 'where={"Type":{"#*ne":"Folder"},"Signers":{"#*exists":true},"Placeholders":{"#*exists":true},"SignedUrl":{"#*exists":true},"IsCompleted":{"#*ne":true},"IsDeclined":{"#*ne":true},"IsArchive":{"#*ne":true},"CreatedBy":{"__type":"Pointer","className":"_User","objectId":"#UserId.objectId#"},"ExpiryDate":{"#*gt":{"__type":"#Date#","iso":"#today#"}}}&count=1&limit=0', |
There was a problem hiding this comment.
[nitpick] This query string is extremely long and hard to read. Consider breaking it into multiple lines or using a query builder pattern for better maintainability.
| 'where={"Type":{"#*ne":"Folder"},"Signers":{"#*exists":true},"Placeholders":{"#*exists":true},"SignedUrl":{"#*exists":true},"IsCompleted":{"#*ne":true},"IsDeclined":{"#*ne":true},"IsArchive":{"#*ne":true},"CreatedBy":{"__type":"Pointer","className":"_User","objectId":"#UserId.objectId#"},"ExpiryDate":{"#*gt":{"__type":"#Date#","iso":"#today#"}}}&count=1&limit=0', | |
| `where={ | |
| "Type":{"#*ne":"Folder"}, | |
| "Signers":{"#*exists":true}, | |
| "Placeholders":{"#*exists":true}, | |
| "SignedUrl":{"#*exists":true}, | |
| "IsCompleted":{"#*ne":true}, | |
| "IsDeclined":{"#*ne":true}, | |
| "IsArchive":{"#*ne":true}, | |
| "CreatedBy":{"__type":"Pointer","className":"_User","objectId":"#UserId.objectId#"}, | |
| "ExpiryDate":{"#*gt":{"__type":"#Date#","iso":"#today#"}} | |
| }&count=1&limit=0`, |
No description provided.