✍️ Sign documents without stress
A modern, full-featured document signing platform with multi-signer workflows, email notifications, and comprehensive API. Built with Go and Vue.js, goSign provides enterprise-grade capabilities for secure digital document signing.
goSign is a complete document signing solution that combines powerful backend services with an intuitive frontend interface. It supports multi-party signing workflows, automated notifications, embedded signing, and extensive API integration capabilities.
- 🔐 Digital Signatures: X.509 certificates with PKCS7/CMS standards
- ✅ Document Verification: Full certificate chain validation
- 🎨 Visual Signatures: Customizable signature appearance and placement
- 📜 Certificate Management: Generate, manage, and revoke certificates with CRL
- 🔄 Trust Updates: Automatic trust certificate updates (every 12h)
- 👥 Multi-signer Workflow: Sequential or parallel signing with state machine
- 📧 Email Notifications: Automated invitations, reminders, and status updates
- 📱 SMS Support: Optional SMS notifications for signers
- ⏰ Scheduled Reminders: Configurable reminder system
- 📊 Status Tracking: Real-time submission and signer status
- 🔑 Dual Authentication: JWT tokens and API keys with rate limiting
- 📚 Swagger Documentation: Interactive API documentation
- 🔗 Webhook Support: Real-time event notifications
- 🖼️ Embedded Signing: JavaScript SDK for iframe integration
- 📦 Bulk Operations: CSV/XLSX import for mass submissions
- 📁 Template System: Reusable document templates with 14 field types
- 🗄️ Flexible Storage: Local, S3, GCS, or Azure Blob storage
- ⚡ Rate Limiting: Configurable API rate limits
- 🔍 Event Logging: Comprehensive audit trail
- 🎯 Generic CRUD API: Consistent REST API design
- 🏢 Organizations & Teams: Multi-tenant organization management
- 👥 Role-Based Access Control: Owner, Admin, Member, Viewer roles
- 🔐 Organization Context: JWT tokens with organization scope
- 📋 Team Collaboration: Invite members, manage permissions
- 🗂️ Organization Templates: Templates scoped to organizations
- 📊 Team Analytics: Organization-level statistics and insights
- Language: Go 1.22+
- Framework: Fiber v2 (HTTP server)
- Database: PostgreSQL 14+ with JSONB
- Cache: Redis 6+
- Authentication: JWT + API Keys
- Email: SMTP/SendGrid support
- Storage: Local, S3, GCS, Azure
- PDF Processing:
- digitorus/pdf - Digital signing
- pdfcpu - Document manipulation
- signintech/gopdf - PDF generation
- Task Scheduling: robfig/cron v3
- Logging: zerolog
- API Docs: Swagger/OpenAPI
- Framework: Vue 3 + TypeScript (Composition API)
- State Management: Pinia
- Routing: Vue Router
- Styling: Tailwind CSS v4
- Build Tool: Vite
- Package Manager: Bun
- Components:
- UI Library: 21 reusable components (Button, Input, Modal, Table, etc.)
- Common Components: FieldInput (14 field types), ResourceTable, FormModal
- Template Components: Area, Document, Page, Preview
- signature_pad for capture
goSign/
├── cmd/ # Command-line applications
│ ├── goSign/ # Main application
│ ├── cert/ # Certificate utilities
│ ├── pdf/ # PDF utilities
│ └── pdf-cert/ # PDF certificate examples
├── internal/ # Private application code
│ ├── config/ # Configuration management
│ ├── handlers/
│ │ ├── api/ # REST API v1 handlers
│ │ ├── public/ # Public endpoints
│ │ └── private/ # Protected admin endpoints
│ ├── middleware/ # JWT, rate limiting, CORS
│ ├── models/ # Data models (14 models)
│ ├── queries/ # Database repositories
│ ├── routes/ # API v1 routes
│ ├── services/ # Business logic
│ │ ├── submission/ # Multi-signer workflow
│ │ ├── apikey/ # API key management
│ │ └── reminder/ # Reminder scheduling
│ ├── trust/ # Trust certificate management
│ └── worker/ # Background tasks
├── pkg/ # Public libraries
│ ├── pdf/
│ │ ├── sign/ # Digital signing
│ │ ├── verify/ # Signature verification
│ │ ├── fill/ # PDF form filling
│ │ └── revocation/ # CRL management
│ ├── notification/ # Email/SMS service
│ ├── webhook/ # Webhook dispatcher
│ ├── storage/ # Multi-provider storage
│ │ ├── local/ # Local filesystem
│ │ ├── s3/ # AWS S3/MinIO
│ │ ├── postgres/ # Database
│ │ └── redis/ # Cache
│ ├── security/
│ │ ├── cert/ # Certificate operations
│ │ └── password/ # Hashing and validation
│ └── utils/ # Helper functions
├── web/ # Frontend application
│ ├── src/
│ │ ├── components/
│ │ │ ├── ui/ # 21 reusable UI components
│ │ │ ├── common/ # Generic components (FieldInput, FormModal, ResourceTable)
│ │ │ ├── field/ # Field-specific components
│ │ │ └── template/ # Document template components
│ │ ├── composables/ # Vue composables
│ │ ├── layouts/ # Page layouts (Profile, Sidebar)
│ │ ├── models/ # TypeScript models
│ │ ├── pages/ # Application pages (9 pages)
│ │ ├── stores/ # Pinia stores
│ │ └── utils/ # Frontend utilities
├── migrations/ # Database migrations
├── fixtures/ # Test data and fixtures
└── docker/ # Docker configuration
- Go 1.22 or higher
- PostgreSQL 14+
- Redis 6+
- Bun (for frontend development)
- Node.js 18+ (alternative to Bun)
- Clone the repository:
git clone https://github.com/shurco/gosign.git
cd gosign- Install Go dependencies:
go mod download- Generate configuration file:
go run cmd/goSign/main.go gen --config-
Configure database connection in the generated config file
-
Run database migrations:
./scripts/migration up- (Optional) Load test data for development:
./scripts/migration dev upThis will create test users:
- Admin:
[email protected]/admin123 - User 1:
[email protected]/user123 - User 2:
[email protected]/user234
See fixtures/migration/README.md for more details about test data.
- Navigate to the web directory:
cd web- Install dependencies:
bun install
# or
npm install- Start development server:
bun run dev
# or
npm run devRun the main application:
go run cmd/goSign/main.go serveThe application will start on http://localhost:8080 (default) with three interfaces:
- Public UI:
http://localhost:8080/- Document signing and verification - Admin UI:
http://localhost:8080/_/- Administration panel - API:
http://localhost:8080/api/- REST API endpoints
# Start the server
go run cmd/goSign/main.go serve
# Generate configuration
go run cmd/goSign/main.go gen --config
# Run certificate utilities
go run cmd/cert/main.go [options]POST /verify/pdf- Verify signed documentPOST /sign- Sign PDF documentGET /s/:slug- Submitter signing portalGET /health- Health check
POST /auth/signup- User registrationPOST /auth/signin- User login (returns JWT + refresh token)POST /auth/refresh- Refresh access tokenPOST /auth/signout- User logoutPOST /auth/password/forgot- Request password resetPOST /auth/password/reset- Reset password with tokenGET /auth/verify-email- Verify email addressPOST /auth/2fa/enable- Enable two-factor authenticationPOST /auth/2fa/verify- Verify 2FA codePOST /auth/2fa/disable- Disable 2FAGET /auth/oauth/google- Google OAuth loginGET /auth/oauth/github- GitHub OAuth login
Note: Below are key examples. Full API includes 42+ endpoints across all resources.
Submissions (8 endpoints)
GET /api/v1/submissions- List submissionsGET /api/v1/submissions/:id- Get submission detailsPOST /api/v1/submissions- Create submissionPUT /api/v1/submissions/:id- Update submissionPOST /api/v1/submissions/send- Send to signersPOST /api/v1/submissions/bulk- Bulk import from CSV
Submitters (6 endpoints)
GET /api/v1/submitters- List submittersGET /api/v1/submitters/:id- Get submitter detailsPOST /api/v1/submitters/:id/resend- Resend invitationPOST /api/v1/submitters/:id/complete- Complete signingPOST /api/v1/submitters/:id/decline- Decline signing
Templates (7 endpoints)
GET /api/v1/templates- List templatesGET /api/v1/templates/:id- Get template detailsPOST /api/v1/templates- Create templatePUT /api/v1/templates/:id- Update templatePOST /api/v1/templates/clone- Clone templatePOST /api/v1/templates/from-file- Create from PDF
Organizations (6 endpoints)
GET /api/v1/organizations- List user's organizationsGET /api/v1/organizations/:id- Get organization detailsPOST /api/v1/organizations- Create organizationPUT /api/v1/organizations/:id- Update organizationDELETE /api/v1/organizations/:id- Delete organizationPOST /api/v1/organizations/:id/switch- Switch organization context
Organization Members (7 endpoints)
GET /api/v1/organizations/:id/members- List membersPOST /api/v1/organizations/:id/members- Add memberPUT /api/v1/organizations/:id/members/:user_id- Update member roleDELETE /api/v1/organizations/:id/members/:user_id- Remove member
Organization Invitations (5 endpoints)
GET /api/v1/organizations/:id/invitations- List invitationsPOST /api/v1/organizations/:id/invitations- Send invitationPOST /api/v1/invitations/:token/accept- Accept invitationDELETE /api/v1/invitations/:id- Revoke invitation
API Keys (6 endpoints)
GET /api/v1/apikeys- List API keysPOST /api/v1/apikeys- Create API keyDELETE /api/v1/apikeys/:id- Revoke keyPOST /api/v1/apikeys/:id/enable- Enable keyPOST /api/v1/apikeys/:id/disable- Disable key
Webhooks (5 endpoints)
GET /api/v1/webhooks- List webhooksPOST /api/v1/webhooks- Create webhookPUT /api/v1/webhooks/:id- Update webhookDELETE /api/v1/webhooks/:id- Delete webhook
Settings (4 endpoints)
GET /api/v1/settings- Get settingsPUT /api/v1/settings/email- Update email configPUT /api/v1/settings/storage- Update storage configPUT /api/v1/settings/branding- Update branding
📚 Complete API Reference:
- Interactive Docs: Swagger UI
- Full Endpoint List: docs/SWAGGER.md
- Authentication Guide: docs/API_AUTHENTICATION.md
Configuration is managed through a TOML file (cmd/goSign/gosign.toml).
-
Copy example configuration:
cp cmd/goSign/gosign.example.toml cmd/goSign/gosign.toml
-
Update required values in
gosign.toml:- Database connection (PostgreSQL)
- Redis connection (for authentication features)
- SMTP settings (for email notifications)
- HTTPAddr: Server address (default:
0.0.0.0:8088) - DevMode: Development mode flag
- Postgres: Database connection settings
- Redis: Session storage and caching
- Settings: Email, Storage, Webhook, Features
- Trust: Certificate trust sources and updates
See cmd/goSign/gosign.example.toml for all configuration options.
# Run all tests
go test ./...
# Run tests with coverage
go test -cover ./...
# Run specific package tests
go test ./pkg/pdf/sign/...Backend:
go build -o gosign cmd/goSign/main.goFrontend:
cd web
bun run build
# or
npm run builddocker-compose -f docker/docker-compose.yaml up -d- Supports PAdES (PDF Advanced Electronic Signatures)
- PKCS#7/CMS signature format
- Visual signature placement
- Multiple signature fields support
- Timestamp support
- X.509 certificate generation
- Certificate Revocation Lists (CRL)
- Certificate chain validation
- Trust store management
- Automatic trust certificate updates
- JWT-based authentication with refresh tokens (7 days)
- Password hashing with bcrypt
- Two-factor authentication (2FA) support
- OAuth integration (Google, GitHub)
- Email verification system
- Password reset with secure tokens
- Secure certificate storage
- Input validation with ozzo-validation
Utility scripts are located in the scripts/ directory:
clean- Clean build artifacts and temporary fileskey- Generate cryptographic keysmigration- Database migration managementmodels- Generate data modelstools- Development tools
This project is licensed under the GNU General Public License v3.0 (GPL-3.0).
See the LICENSE file for the full license text.
Summary:
- ✅ You are free to use, modify, and distribute this software
- ✅ You must keep the same license when distributing
- ✅ You must include the full license text and source code
- ❌ You cannot use this software in proprietary (closed-source) applications
For more information about GPL-3.0, visit: https://www.gnu.org/licenses/gpl-3.0.html
Contributions are welcome! Please read the contributing guidelines before submitting pull requests.
For issues and questions:
- GitHub Issues: https://github.com/shurco/gosign/issues
- Documentation: docs/README.md
- API Reference: http://localhost:8088/swagger/index.html
goSign v2.0 introduces enterprise document signing capabilities:
- ✅ Multi-party Signing: Complete workflow with sequential/parallel signing
- ✅ Notification System: Automated emails, SMS, and reminders
- ✅ API Keys: Secure service-to-service authentication
- ✅ Rate Limiting: Protection against abuse (100-10 req/min)
- ✅ Embedded Signing: JavaScript SDK for iframe integration
- ✅ Bulk Operations: CSV/XLSX import for mass creation
- ✅ Webhooks: Real-time event notifications
- ✅ Storage Options: S3, GCS, Azure, or local
- ✅ Swagger Docs: Interactive API documentation
goSign v2.1 adds enterprise team collaboration features:
- ✅ Organizations: Multi-tenant organization management
- ✅ Role-Based Access: Four roles (Owner, Admin, Member, Viewer)
- ✅ Team Invitations: Email-based member invitations
- ✅ Organization Context: JWT tokens with organization scope
- ✅ Team Templates: Templates shared within organizations
- ✅ Organization Isolation: Data separation between organizations
See IMPLEMENTATION_COMPLETE.md for full details.
Comprehensive documentation is available in the docs/ directory:
- Implementation Report - Full feature list and architecture
- API Authentication - JWT and API key setup
- Embedded Signing - JavaScript SDK integration
- Frontend Components - Component architecture and UI library
- Swagger Guide - API documentation generation
Quick Links:
- Swagger UI: http://localhost:8088/swagger/index.html
- Documentation Index: docs/README.md
- Multi-signer workflows
- Email/SMS notifications
- API keys and rate limiting
- Embedded signing SDK
- Bulk operations
- Webhook system
- Swagger documentation
- Multi-language support
- Advanced analytics dashboard
- External CA integration
- Mobile application
- E-signature standards (eIDAS)
- Advanced PDF form automation
- Split monolith into microservices
Made with ❤️ for secure document signing