feat(bff): implement self-service submit and openbaar lookup (refs #8)

POST /self-service/registrations requires a valid digid JWT, reads the bsn claim
and forwards it to the domain, returning 202. GET /openbaar/register is anonymous
and returns OpenbaarProjection.PublicView — rows filtered by q and mapped to the
public-safe id+status only (bsn/naam never exposed). JwtBearer validates
signature/issuer/expiry against the Keycloak digid authority (§8.3, ADR-0010).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-07-01 11:00:56 +02:00
parent 751ca006a7
commit d767430ad7
2 changed files with 24 additions and 5 deletions

View File

@@ -9,7 +9,10 @@ public static class OpenbaarProjection
{
public static IReadOnlyList<OpenbaarEntry> PublicView(IReadOnlyList<ProjectionEntry> entries, string? q)
{
// STUB (red): returns nothing until the green commit implements filter + public-safe mapping.
return [];
var filtered = string.IsNullOrWhiteSpace(q)
? entries
: entries.Where(e => e.Id.Contains(q, StringComparison.OrdinalIgnoreCase));
return [.. filtered.Select(e => new OpenbaarEntry(e.Id, e.Status))];
}
}