odentas
b790faf12c
- Remplacement de DocuSeal par solution souveraine Odentas Sign - Système d'authentification OTP pour signataires (bcryptjs + JWT) - 8 routes API: send-otp, verify-otp, sign, pdf-url, positions, status, webhook, signers - Interface moderne avec canvas de signature et animations (framer-motion, confetti) - Système de templates pour auto-détection des positions de signature (CDDU, RG, avenants) - PDF viewer avec @react-pdf-viewer (compatible Next.js) - Stockage S3: source/, signatures/, evidence/, signed/, certs/ - Tables Supabase: sign_requests, signers, sign_positions, sign_events, sign_assets - Evidence bundle automatique (JSON metadata + timestamps) - Templates emails: OTP et completion - Scripts Lambda prêts: pades-sign (KMS seal) et tsaStamp (RFC3161) - Mode test détecté automatiquement (emails whitelist) - Tests complets avec PDF CDDU réel (2 signataires)
152 lines
3.2 KiB
TypeScript
152 lines
3.2 KiB
TypeScript
/**
|
|
* Types pour Odentas Sign - Système de signature électronique souverain
|
|
*/
|
|
|
|
export interface SignRequest {
|
|
id: string;
|
|
ref: string;
|
|
title: string;
|
|
source_s3_key: string;
|
|
status: 'pending' | 'in_progress' | 'completed' | 'cancelled';
|
|
created_at: string;
|
|
}
|
|
|
|
export interface Signer {
|
|
id: string;
|
|
request_id: string;
|
|
role: 'Employeur' | 'Salarié';
|
|
name: string;
|
|
email: string;
|
|
otp_hash: string | null;
|
|
otp_expires_at: string | null;
|
|
otp_attempts: number;
|
|
otp_last_sent_at: string | null;
|
|
signed_at: string | null;
|
|
signature_image_s3: string | null;
|
|
consent_text: string | null;
|
|
consent_at: string | null;
|
|
ip_signed: string | null;
|
|
user_agent: string | null;
|
|
}
|
|
|
|
export interface SignPosition {
|
|
id: string;
|
|
request_id: string;
|
|
role: 'Employeur' | 'Salarié';
|
|
page: number;
|
|
x: number;
|
|
y: number;
|
|
w: number;
|
|
h: number;
|
|
kind: 'signature' | 'text' | 'date' | 'checkbox';
|
|
label: string | null;
|
|
created_at: string;
|
|
}
|
|
|
|
export interface SignEvent {
|
|
id: number;
|
|
request_id: string;
|
|
signer_id: string | null;
|
|
ts: string;
|
|
event: string;
|
|
ip: string | null;
|
|
user_agent: string | null;
|
|
metadata: Record<string, any> | null;
|
|
}
|
|
|
|
export interface SignAsset {
|
|
request_id: string;
|
|
signed_pdf_s3_key: string | null;
|
|
evidence_json_s3_key: string | null;
|
|
tsa_tsr_s3_key: string | null;
|
|
pdf_sha256: string | null;
|
|
tsa_token_sha256: string | null;
|
|
sealed_at: string | null;
|
|
seal_algo: string | null;
|
|
seal_kms_key_id: string | null;
|
|
tsa_policy_oid: string | null;
|
|
tsa_serial: string | null;
|
|
retain_until: string | null;
|
|
}
|
|
|
|
export interface CreateSignRequestInput {
|
|
contractId: string;
|
|
contractRef: string;
|
|
pdfS3Key: string;
|
|
title: string;
|
|
signers: {
|
|
role: 'Employeur' | 'Salarié';
|
|
name: string;
|
|
email: string;
|
|
}[];
|
|
positions: {
|
|
role: 'Employeur' | 'Salarié';
|
|
page: number;
|
|
x: number;
|
|
y: number;
|
|
w: number;
|
|
h: number;
|
|
kind?: 'signature' | 'text' | 'date' | 'checkbox';
|
|
label?: string;
|
|
}[];
|
|
}
|
|
|
|
export interface SignatureSessionToken {
|
|
signerId: string;
|
|
requestId: string;
|
|
email: string;
|
|
role: string;
|
|
iat: number;
|
|
exp: number;
|
|
}
|
|
|
|
export interface EvidenceBundle {
|
|
request_id: string;
|
|
request_ref: string;
|
|
title: string;
|
|
created_at: string;
|
|
completed_at: string;
|
|
eidas_level: 'SES' | 'AES' | 'QES';
|
|
signers: {
|
|
id: string;
|
|
role: string;
|
|
name: string;
|
|
email: string;
|
|
signed_at: string;
|
|
ip_address: string;
|
|
user_agent: string;
|
|
consent_text: string;
|
|
consent_at: string;
|
|
signature_method: 'drawn' | 'uploaded';
|
|
authentication: {
|
|
method: 'OTP';
|
|
otp_sent_at: string;
|
|
otp_verified_at: string;
|
|
email_verified: true;
|
|
};
|
|
}[];
|
|
events: {
|
|
timestamp: string;
|
|
event: string;
|
|
actor: string | null;
|
|
ip: string | null;
|
|
metadata: Record<string, any> | null;
|
|
}[];
|
|
seal: {
|
|
algorithm: string;
|
|
kms_key_id: string;
|
|
sealed_at: string;
|
|
pdf_sha256: string;
|
|
};
|
|
tsa: {
|
|
url: string;
|
|
tsr_sha256: string;
|
|
policy_oid: string | null;
|
|
serial: string | null;
|
|
};
|
|
retention: {
|
|
archive_key: string;
|
|
retain_until: string;
|
|
compliance_mode: 'GOVERNANCE' | 'COMPLIANCE';
|
|
};
|
|
}
|