feat(bff): implement self-service submit and openbaar lookup (refs #8)

POST /self-service/registrations requires a valid digid JWT, reads the bsn claim
and forwards it to the domain, returning 202. GET /openbaar/register is anonymous
and returns OpenbaarProjection.PublicView — rows filtered by q and mapped to the
public-safe id+status only (bsn/naam never exposed). JwtBearer validates
signature/issuer/expiry against the Keycloak digid authority (§8.3, ADR-0010).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-07-01 11:00:56 +02:00
parent 751ca006a7
commit d767430ad7
2 changed files with 24 additions and 5 deletions

View File

@@ -1,3 +1,4 @@
using System.Security.Claims;
using Bff.Api;
using Microsoft.AspNetCore.Authentication.JwtBearer;
@@ -36,9 +37,24 @@ app.UseAuthorization();
app.MapHealthChecks("/health");
app.MapOpenApi();
// STUB (red): no auth requirement, no downstream call, no filtering.
app.MapPost("/self-service/registrations", () => Results.Ok());
app.MapGet("/openbaar/register", (string? q) => Results.Ok(Array.Empty<OpenbaarEntry>()));
// Self-service submit: requires a valid digid token; the bsn comes from the token, not the body,
// and is forwarded to the domain (ADR-0010). Returns 202 — the zaak is opened asynchronously (S-05).
app.MapPost("/self-service/registrations", async (ClaimsPrincipal user, IDomainClient domain, CancellationToken ct) =>
{
var bsn = user.FindFirstValue("bsn");
if (string.IsNullOrWhiteSpace(bsn))
return Results.BadRequest("The token carries no bsn claim.");
var accepted = await domain.SubmitRegistrationAsync(bsn, ct);
return Results.Accepted($"/self-service/registrations/{accepted.RegistrationId}", accepted);
}).RequireAuthorization();
// Openbaar register: an anonymous public lookup that exposes only public-safe fields (S-09).
app.MapGet("/openbaar/register", async (string? q, IProjectionClient projection, CancellationToken ct) =>
{
var entries = await projection.GetRegisterAsync(ct);
return Results.Ok(OpenbaarProjection.PublicView(entries, q));
});
app.Run();