Merge from docusealco/wip

Author: AlexBTurchyn

.gitignore

@@ -37,3 +37,4 @@ yarn-debug.log*
 /docuseal
 /ee
 dump.rdb
+*.onnx

Dockerfile

@@ -9,6 +9,7 @@ RUN apk --no-cache add fontforge wget && \
     wget https://cdn.jsdelivr.net/gh/notofonts/notofonts.github.io/fonts/NotoSansSymbols2/hinted/ttf/NotoSansSymbols2-Regular.ttf && \
     wget https://github.com/Maxattax97/gnu-freefont/raw/master/ttf/FreeSans.ttf && \
     wget https://github.com/impallari/DancingScript/raw/master/OFL.txt && \
+    wget -O /model.onnx "https://github.com/docusealco/fields-detection/releases/download/1.0.0/model_704_int8.onnx" && \
     wget -O pdfium-linux.tgz "https://github.com/docusealco/pdfium-binaries/releases/latest/download/pdfium-linux-$(uname -m | sed 's/x86_64/x64/;s/aarch64/arm64/').tgz" && \
     mkdir -p /pdfium-linux && \
     tar -xzf pdfium-linux.tgz -C /pdfium-linux
@@ -50,7 +51,7 @@ ENV OPENSSL_CONF=/app/openssl_legacy.cnf
 
 WORKDIR /app
 
-RUN echo '@edge https://dl-cdn.alpinelinux.org/alpine/edge/community' >> /etc/apk/repositories && apk add --no-cache sqlite-dev libpq-dev mariadb-dev vips-dev@edge yaml-dev redis libheif@edge vips-heif@edge gcompat ttf-freefont && mkdir /fonts && rm /usr/share/fonts/freefont/FreeSans.otf
+RUN apk add --no-cache sqlite-dev libpq-dev mariadb-dev vips-dev yaml-dev redis libheif vips-heif gcompat ttf-freefont && mkdir /fonts && rm /usr/share/fonts/freefont/FreeSans.otf
 
 RUN echo $'.include = /etc/ssl/openssl.cnf\n\
 \n\
@@ -66,7 +67,9 @@ activate = 1' >> /app/openssl_legacy.cnf
 
 COPY ./Gemfile ./Gemfile.lock ./
 
-RUN apk add --no-cache build-base && bundle install && apk del --no-cache build-base && rm -rf ~/.bundle /usr/local/bundle/cache && ruby -e "puts Dir['/usr/local/bundle/**/{spec,rdoc,resources/shared,resources/collation,resources/locales}']" | xargs rm -rf
+RUN apk add --no-cache build-base && bundle install && apk del --no-cache build-base && rm -rf ~/.bundle /usr/local/bundle/cache && ruby -e "puts Dir['/usr/local/bundle/**/{spec,rdoc,resources/shared,resources/collation,resources/locales}']" | xargs rm -rf && ln -sf /usr/lib/libonnxruntime.so.1 $(ruby -e "print Dir[Gem::Specification.find_by_name('onnxruntime').gem_dir + '/vendor/*.so'].first")
+
+RUN echo 'https://dl-cdn.alpinelinux.org/alpine/edge/main' >> /etc/apk/repositories && echo 'https://dl-cdn.alpinelinux.org/alpine/edge/community' >> /etc/apk/repositories && apk add --no-cache onnxruntime
 
 COPY ./bin ./bin
 COPY ./app ./app
@@ -83,6 +86,7 @@ COPY --from=download /fonts/GoNotoKurrent-Regular.ttf /fonts/GoNotoKurrent-Bold.
 COPY --from=download /fonts/FreeSans.ttf /usr/share/fonts/freefont
 COPY --from=download /pdfium-linux/lib/libpdfium.so /usr/lib/libpdfium.so
 COPY --from=download /pdfium-linux/licenses/pdfium.txt /usr/lib/libpdfium-LICENSE.txt
+COPY --from=download /model.onnx /app/tmp/model.onnx
 COPY --from=webpack /app/public/packs ./public/packs
 
 RUN ln -s /fonts /app/public/fonts

Gemfile

@@ -24,7 +24,9 @@ gem 'image_processing'
 gem 'jwt'
 gem 'lograge'
 gem 'mysql2', require: false
+gem 'numo-narray'
 gem 'oj'
+gem 'onnxruntime'
 gem 'pagy'
 gem 'pg', require: false
 gem 'premailer-rails'

Gemfile.lock

@@ -357,9 +357,18 @@ GEM
       racc (~> 1.4)
     nokogiri (1.18.9-x86_64-linux-musl)
       racc (~> 1.4)
+    numo-narray (0.9.2.1)
     oj (3.16.11)
       bigdecimal (>= 3.0)
       ostruct (>= 0.2)
+    onnxruntime (0.10.1)
+      ffi
+    onnxruntime (0.10.1-aarch64-linux)
+      ffi
+    onnxruntime (0.10.1-arm64-darwin)
+      ffi
+    onnxruntime (0.10.1-x86_64-linux)
+      ffi
     openssl (3.3.0)
     orm_adapter (0.5.0)
     os (1.1.4)
@@ -638,7 +647,9 @@ DEPENDENCIES
   letter_opener_web
   lograge
   mysql2
+  numo-narray
   oj
+  onnxruntime
   pagy
   pg
   premailer-rails

app/controllers/accounts_controller.rb

@@ -47,6 +47,7 @@ def destroy
     authorize!(:manage, current_account)
 
     true_user.update!(locked_at: Time.current, email: true_user.email.sub('@', '+removed@'))
+    true_user.account.update!(archived_at: Time.current)
 
     # rubocop:disable Layout/LineLength
     render turbo_stream: turbo_stream.replace(

app/controllers/api/attachments_controller.rb

@@ -34,6 +34,10 @@ def create
       end
 
       render json: attachment.as_json(only: %i[uuid created_at], methods: %i[url filename content_type])
+    rescue Submitters::MaliciousFileExtension => e
+      Rollbar.error(e) if defined?(Rollbar)
+
+      render json: { error: e.message }, status: :unprocessable_entity
     end
 
     def build_new_cookie_signatures_json(submitter, attachment)

app/controllers/console_redirect_controller.rb

@@ -17,8 +17,10 @@ def index
                                scope: :console,
                                exp: 1.minute.from_now.to_i)
 
-    path = Addressable::URI.parse(params[:redir]).path if params[:redir].to_s.starts_with?(Docuseal::CONSOLE_URL)
+    redir_uri = Addressable::URI.parse(params[:redir])
+    path = redir_uri.path if params[:redir].to_s.starts_with?(Docuseal::CONSOLE_URL)
 
-    redirect_to("#{Docuseal::CONSOLE_URL}#{path}?#{{ auth: }.to_query}", allow_other_host: true)
+    redirect_to "#{Docuseal::CONSOLE_URL}#{path}?#{{ **redir_uri&.query_values, 'auth' => auth }.to_query}",
+                allow_other_host: true
   end
 end

app/controllers/send_submission_email_controller.rb

@@ -29,7 +29,7 @@ def create
 
     RateLimit.call("send-email-#{@submitter.id}", limit: 2, ttl: 5.minutes)
 
-    SubmitterMailer.documents_copy_email(@submitter, sig: true).deliver_later! unless already_sent?(@submitter)
+    SubmitterMailer.documents_copy_email(@submitter, sig: true).deliver_later! if can_send?(@submitter)
 
     respond_to do |f|
       f.html { render :success }
@@ -39,8 +39,11 @@ def create
 
   private
 
-  def already_sent?(submitter)
-    EmailEvent.exists?(tag: :submitter_documents_copy, email: submitter.email, emailable: submitter,
-                       event_type: :send, created_at: SEND_DURATION.ago..Time.current)
+  def can_send?(submitter)
+    return false if submitter.account.archived_at?
+    return false if EmailEvent.exists?(tag: :submitter_documents_copy, email: submitter.email, emailable: submitter,
+                                       event_type: :send, created_at: SEND_DURATION.ago..Time.current)
+
+    true
   end
 end

app/controllers/submissions_preview_controller.rb

@@ -41,6 +41,9 @@ def show
 
   def completed
     @submission = Submission.find_by!(slug: params[:submissions_preview_slug])
+
+    raise ActionController::RoutingError, I18n.t('not_found') if @submission.account.archived_at?
+
     @template = @submission.template
 
     render :completed, layout: 'form'

app/controllers/submit_form_controller.rb

@@ -75,7 +75,9 @@ def update
     render json: { error: e.message }, status: :unprocessable_content
   end
 
-  def completed; end
+  def completed
+    raise ActionController::RoutingError, I18n.t('not_found') if @submitter.account.archived_at?
+  end
 
   def success; end