test(bff): endpoints, JWT auth and public-safe projection (refs #8)

Failing tests for the BFF walking-skeleton endpoints:
- POST /self-service/registrations rejects missing/malformed/wrong-key/expired
  tokens (401) and, with a valid digid token, forwards the bsn to the domain and
  returns 202 (WebApplicationFactory + a local test signing key, ADR-0010).
- GET /openbaar/register serves public-safe rows anonymously (never the bsn) and
  filters by q.
- OpenbaarProjection.PublicView (pure) filters by id and maps to id+status only.

Endpoints and PublicView are stubs so the tests compile and fail on their
assertions; the green commit implements them.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-07-01 10:59:55 +02:00
parent fea806848b
commit 751ca006a7
10 changed files with 380 additions and 2 deletions

View File

@@ -0,0 +1,15 @@
namespace Bff.Api;
/// <summary>
/// The public view of the read projection: filters rows by the openbaar search term and maps each to
/// a public-safe <see cref="OpenbaarEntry"/> (only <c>id</c> + <c>status</c> — bsn/naam never leave the
/// BFF). Pure so it is unit- and mutation-tested directly (ADR-0010).
/// </summary>
public static class OpenbaarProjection
{
public static IReadOnlyList<OpenbaarEntry> PublicView(IReadOnlyList<ProjectionEntry> entries, string? q)
{
// STUB (red): returns nothing until the green commit implements filter + public-safe mapping.
return [];
}
}