Compare commits
22 Commits
feat/65-nx
...
feat/68-e2
| Author | SHA1 | Date | |
|---|---|---|---|
| 986e36bc7d | |||
| 7e152e4432 | |||
| 5bf25f094d | |||
| 0e6c7d2066 | |||
| 39923e0e68 | |||
| 2e00ad38ba | |||
| be016f920c | |||
| d3f23a4da3 | |||
| 490e7347b0 | |||
| 4f311c9b5a | |||
| a55ba1160d | |||
| 4416d1f4ed | |||
| 074101e836 | |||
| 5089c2aea6 | |||
| 29f3dcc6cf | |||
| 2c196245c2 | |||
| 72c2bdfae7 | |||
| 311aab0aba | |||
| fcdb117768 | |||
| c3f0710a18 | |||
| 7c363099ff | |||
| a069ab07a2 |
@@ -124,10 +124,12 @@ jobs:
|
|||||||
run: make verify-domain
|
run: make verify-domain
|
||||||
- name: BFF → Keycloak + domain + projection
|
- name: BFF → Keycloak + domain + projection
|
||||||
run: make verify-bff
|
run: make verify-bff
|
||||||
|
- name: Self-service e2e (Playwright, login → submit → success)
|
||||||
|
run: make verify-e2e
|
||||||
# Log dump must precede teardown (which removes the containers).
|
# Log dump must precede teardown (which removes the containers).
|
||||||
- name: Dump container logs on failure
|
- name: Dump container logs on failure
|
||||||
if: failure()
|
if: failure()
|
||||||
run: docker compose -f infra/docker-compose.yml logs --no-color --tail=100 oz-init openzaak nrc-init nrc-web nrc-celery nrc-beat flowable-db flowable-rest flowable-init keycloak acl bff domain projection-db event-subscriber projection-api 2>&1 || true
|
run: docker compose -f infra/docker-compose.yml logs --no-color --tail=100 oz-init openzaak nrc-init nrc-web nrc-celery nrc-beat flowable-db flowable-rest flowable-init keycloak acl bff domain projection-db event-subscriber projection-api self-service 2>&1 || true
|
||||||
- name: Tear down
|
- name: Tear down
|
||||||
if: always()
|
if: always()
|
||||||
run: make down
|
run: make down
|
||||||
|
|||||||
7
.gitignore
vendored
7
.gitignore
vendored
@@ -50,3 +50,10 @@ out-tsc/
|
|||||||
.nx/polygraph
|
.nx/polygraph
|
||||||
vite.config.*.timestamp*
|
vite.config.*.timestamp*
|
||||||
vitest.config.*.timestamp*
|
vitest.config.*.timestamp*
|
||||||
|
|
||||||
|
.angular
|
||||||
|
|
||||||
|
# Playwright e2e (installed/generated in-container or on local runs)
|
||||||
|
tests/e2e/node_modules/
|
||||||
|
tests/e2e/test-results/
|
||||||
|
tests/e2e/playwright-report/
|
||||||
|
|||||||
19
Makefile
19
Makefile
@@ -10,7 +10,7 @@ COMPOSE := infra/docker-compose.yml
|
|||||||
# Long-running services with a healthcheck — the smoke polls these for readiness
|
# Long-running services with a healthcheck — the smoke polls these for readiness
|
||||||
# (infra/wait-healthy.sh). One-shot init jobs (oz-init, nrc-init, flowable-init)
|
# (infra/wait-healthy.sh). One-shot init jobs (oz-init, nrc-init, flowable-init)
|
||||||
# are not polled; they only need to have run. See docs/runbooks/gitea-actions-gotchas.md.
|
# are not polled; they only need to have run. See docs/runbooks/gitea-actions-gotchas.md.
|
||||||
WAIT_SVCS := openzaak nrc-web acl bff domain event-subscriber projection-api
|
WAIT_SVCS := openzaak nrc-web acl bff domain event-subscriber projection-api self-service
|
||||||
# Config files (OpenZaak data.yaml, Keycloak realms, Flowable BPMN) are streamed
|
# Config files (OpenZaak data.yaml, Keycloak realms, Flowable BPMN) are streamed
|
||||||
# into external named volumes via `docker cp` (infra/seed-config.sh) instead of
|
# into external named volumes via `docker cp` (infra/seed-config.sh) instead of
|
||||||
# bind-mounted, because bind mounts don't reach sibling containers on the
|
# bind-mounted, because bind mounts don't reach sibling containers on the
|
||||||
@@ -50,9 +50,16 @@ endif
|
|||||||
ci: lint build unit mutation frontend verify
|
ci: lint build unit mutation frontend verify
|
||||||
|
|
||||||
## frontend: install deps and run the Nx lint/test/build for the portals (pnpm + Node required)
|
## frontend: install deps and run the Nx lint/test/build for the portals (pnpm + Node required)
|
||||||
|
# Tests run in their own phase, ahead of the build. The @angular/build:unit-test
|
||||||
|
# (Vitest) runner spawns a worker with a hard-coded 60s/90s startup timeout that is
|
||||||
|
# not configurable. When the ~5min production build shares the run-many pool, it
|
||||||
|
# starves that worker of CPU on constrained CI runners and Vitest fails with
|
||||||
|
# "Timeout waiting for worker to respond". Splitting the phases keeps tests off the
|
||||||
|
# heavy build's back so the worker starts well inside its window.
|
||||||
frontend:
|
frontend:
|
||||||
pnpm install --frozen-lockfile
|
pnpm install --frozen-lockfile
|
||||||
pnpm nx run-many -t lint test build
|
pnpm nx run-many -t lint test
|
||||||
|
pnpm nx run-many -t build
|
||||||
|
|
||||||
## lint: verify formatting (no changes)
|
## lint: verify formatting (no changes)
|
||||||
lint:
|
lint:
|
||||||
@@ -153,6 +160,11 @@ verify-domain:
|
|||||||
verify-bff:
|
verify-bff:
|
||||||
bash infra/run-bff-check.sh
|
bash infra/run-bff-check.sh
|
||||||
|
|
||||||
|
## verify-e2e: walking-skeleton Playwright e2e (S-08d) against the up stack — DigiD login →
|
||||||
|
## submit → confirmation, driven inside the compose network.
|
||||||
|
verify-e2e:
|
||||||
|
bash infra/run-e2e-check.sh
|
||||||
|
|
||||||
## verify: local mirror of the CI verify-stack job — full stack up once, all checks,
|
## verify: local mirror of the CI verify-stack job — full stack up once, all checks,
|
||||||
## tear down (always). For fast single-concern local iteration use `integration`
|
## tear down (always). For fast single-concern local iteration use `integration`
|
||||||
## (oz-only) or `verify-notifications` (oz+nrc) instead.
|
## (oz-only) or `verify-notifications` (oz+nrc) instead.
|
||||||
@@ -165,7 +177,8 @@ verify:
|
|||||||
&& bash infra/run-notification-check.sh \
|
&& bash infra/run-notification-check.sh \
|
||||||
&& bash infra/run-projection-check.sh \
|
&& bash infra/run-projection-check.sh \
|
||||||
&& bash infra/run-domain-check.sh \
|
&& bash infra/run-domain-check.sh \
|
||||||
&& bash infra/run-bff-check.sh || rc=$$?; \
|
&& bash infra/run-bff-check.sh \
|
||||||
|
&& bash infra/run-e2e-check.sh || rc=$$?; \
|
||||||
docker compose -f $(COMPOSE) down --volumes >/dev/null 2>&1; \
|
docker compose -f $(COMPOSE) down --volumes >/dev/null 2>&1; \
|
||||||
docker volume rm -f $(CFG_VOLS) >/dev/null 2>&1; \
|
docker volume rm -f $(CFG_VOLS) >/dev/null 2>&1; \
|
||||||
exit $$rc'
|
exit $$rc'
|
||||||
|
|||||||
23
apps/self-service/Dockerfile
Normal file
23
apps/self-service/Dockerfile
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
# Multi-stage build for the self-service portal (Angular → nginx).
|
||||||
|
# Build context is the repo root (the app needs the pnpm workspace + libs). See infra/docker-compose.yml.
|
||||||
|
FROM node:24-slim AS build
|
||||||
|
WORKDIR /src
|
||||||
|
RUN corepack enable && corepack prepare pnpm@11.5.2 --activate
|
||||||
|
|
||||||
|
# Restore first (cached unless the manifests change).
|
||||||
|
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml nx.json tsconfig.base.json eslint.config.mjs ./
|
||||||
|
RUN pnpm install --frozen-lockfile
|
||||||
|
|
||||||
|
# Sources (only what the app + its libs need).
|
||||||
|
COPY apps/self-service apps/self-service
|
||||||
|
COPY libs libs
|
||||||
|
RUN pnpm nx build self-service
|
||||||
|
|
||||||
|
FROM nginx:1.27-alpine AS runtime
|
||||||
|
COPY apps/self-service/nginx.conf /etc/nginx/conf.d/default.conf
|
||||||
|
COPY --from=build /src/dist/apps/self-service/browser /usr/share/nginx/html
|
||||||
|
# Compose-time OIDC config: the browser (Playwright, on the compose network) reaches Keycloak by
|
||||||
|
# service name, so the token issuer matches the BFF's authority (host-consistent, ADR-0010).
|
||||||
|
RUN printf '{ "authority": "http://keycloak:8080/realms/digid" }\n' > /usr/share/nginx/html/config.json
|
||||||
|
|
||||||
|
EXPOSE 80
|
||||||
29
apps/self-service/nginx.conf
Normal file
29
apps/self-service/nginx.conf
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name _;
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
index index.html;
|
||||||
|
|
||||||
|
# Resolve the BFF via Docker's embedded DNS at request time (variable proxy_pass), so nginx starts
|
||||||
|
# even before the BFF is up and picks up restarts — instead of failing to load the config.
|
||||||
|
resolver 127.0.0.11 ipv6=off valid=30s;
|
||||||
|
|
||||||
|
# Same-origin API: proxy the BFF endpoint groups to the bff service. The api-client uses relative
|
||||||
|
# URLs, so the browser calls this origin and nginx forwards to the BFF — no CORS, and the DigiD
|
||||||
|
# token (same-origin) is attached by the app's interceptor (S-08d/ADR-0010).
|
||||||
|
location /self-service/ {
|
||||||
|
set $bff http://bff:8080;
|
||||||
|
proxy_pass $bff;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
}
|
||||||
|
location /openbaar/ {
|
||||||
|
set $bff http://bff:8080;
|
||||||
|
proxy_pass $bff;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
}
|
||||||
|
|
||||||
|
# SPA fallback — Angular client-side routing.
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ /index.html;
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -27,8 +27,8 @@
|
|||||||
"budgets": [
|
"budgets": [
|
||||||
{
|
{
|
||||||
"type": "initial",
|
"type": "initial",
|
||||||
"maximumWarning": "500kb",
|
"maximumWarning": "1mb",
|
||||||
"maximumError": "1mb"
|
"maximumError": "2mb"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "anyComponentStyle",
|
"type": "anyComponentStyle",
|
||||||
|
|||||||
3
apps/self-service/public/config.json
Normal file
3
apps/self-service/public/config.json
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
{
|
||||||
|
"authority": "http://localhost:8180/realms/digid"
|
||||||
|
}
|
||||||
65
apps/self-service/src/app/app.config.spec.ts
Normal file
65
apps/self-service/src/app/app.config.spec.ts
Normal file
@@ -0,0 +1,65 @@
|
|||||||
|
import { provideHttpClient, withInterceptors } from '@angular/common/http';
|
||||||
|
import { HttpTestingController, provideHttpClientTesting } from '@angular/common/http/testing';
|
||||||
|
import { TestBed } from '@angular/core/testing';
|
||||||
|
import { BffApiV1Service } from 'api-client';
|
||||||
|
import { authInterceptor } from 'auth';
|
||||||
|
import { AbstractSecurityStorage, ConfigurationService } from 'angular-auth-oidc-client';
|
||||||
|
import { SECURE_API_ROUTES } from './app.config';
|
||||||
|
|
||||||
|
// Guards the DigiD token wiring end-to-end. The api-client calls the BFF with RELATIVE URLs, and the
|
||||||
|
// angular-auth-oidc-client interceptor attaches the token only when `req.url` starts with a configured
|
||||||
|
// secureRoute. A regression to an absolute origin (as once shipped) makes the relative URL never match,
|
||||||
|
// so the submit goes out unauthenticated and fails silently. This drives the REAL interceptor and the
|
||||||
|
// REAL api-client against the REAL production route value (SECURE_API_ROUTES); only the config source
|
||||||
|
// and the token storage are faked, so the assertion turns on the actual route-matching.
|
||||||
|
describe('self-service DigiD token wiring', () => {
|
||||||
|
let http: HttpTestingController;
|
||||||
|
let bff: BffApiV1Service;
|
||||||
|
const token = 'digid-access-token';
|
||||||
|
|
||||||
|
beforeEach(() => {
|
||||||
|
TestBed.configureTestingModule({
|
||||||
|
providers: [
|
||||||
|
provideHttpClient(withInterceptors([authInterceptor()])),
|
||||||
|
provideHttpClientTesting(),
|
||||||
|
{
|
||||||
|
provide: ConfigurationService,
|
||||||
|
useValue: {
|
||||||
|
hasAtLeastOneConfig: () => true,
|
||||||
|
getAllConfigurations: () => [{ configId: 'digid', secureRoutes: SECURE_API_ROUTES }],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
// A signed-in session: the storage the interceptor's token lookup reads from.
|
||||||
|
provide: AbstractSecurityStorage,
|
||||||
|
useValue: {
|
||||||
|
read: () => JSON.stringify({ authzData: token, authnResult: { id_token: 'id-token' } }),
|
||||||
|
write: () => undefined,
|
||||||
|
remove: () => undefined,
|
||||||
|
clear: () => undefined,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
],
|
||||||
|
});
|
||||||
|
http = TestBed.inject(HttpTestingController);
|
||||||
|
bff = TestBed.inject(BffApiV1Service);
|
||||||
|
});
|
||||||
|
|
||||||
|
afterEach(() => http.verify());
|
||||||
|
|
||||||
|
it('attaches the bearer token to the relative self-service BFF call', () => {
|
||||||
|
bff.postSelfServiceRegistrations().subscribe();
|
||||||
|
|
||||||
|
const req = http.expectOne('/self-service/registrations');
|
||||||
|
expect(req.request.headers.get('Authorization')).toBe(`Bearer ${token}`);
|
||||||
|
req.flush({ registrationId: 'reg-1', status: 'Ingediend' });
|
||||||
|
});
|
||||||
|
|
||||||
|
it('leaves the anonymous openbaar register call unauthenticated', () => {
|
||||||
|
bff.getOpenbaarRegister().subscribe();
|
||||||
|
|
||||||
|
const req = http.expectOne((r) => r.url === '/openbaar/register');
|
||||||
|
expect(req.request.headers.has('Authorization')).toBe(false);
|
||||||
|
req.flush([]);
|
||||||
|
});
|
||||||
|
});
|
||||||
@@ -1,10 +1,42 @@
|
|||||||
|
import { provideHttpClient, withInterceptors } from '@angular/common/http';
|
||||||
import {
|
import {
|
||||||
ApplicationConfig,
|
ApplicationConfig,
|
||||||
provideBrowserGlobalErrorListeners,
|
provideBrowserGlobalErrorListeners,
|
||||||
} from '@angular/core';
|
} from '@angular/core';
|
||||||
import { provideRouter } from '@angular/router';
|
import { provideRouter } from '@angular/router';
|
||||||
|
import { authInterceptor, provideDigiadAuth } from 'auth';
|
||||||
import { appRoutes } from './app.routes';
|
import { appRoutes } from './app.routes';
|
||||||
|
|
||||||
export const appConfig: ApplicationConfig = {
|
/** Environment-specific settings fetched from /config.json at startup (see main.ts). */
|
||||||
providers: [provideBrowserGlobalErrorListeners(), provideRouter(appRoutes)],
|
export interface RuntimeConfig {
|
||||||
};
|
/** The Keycloak `digid` realm issuer as the browser reaches it (dev: localhost; compose: keycloak:8080). */
|
||||||
|
authority: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Route prefixes whose requests carry the DigiD token. These MUST match the **relative** URLs the
|
||||||
|
* api-client actually calls (same-origin via the nginx proxy) — the interceptor matches on `req.url`,
|
||||||
|
* which stays relative, so an absolute origin would never match and the token would go unattached.
|
||||||
|
* `/openbaar/` is deliberately excluded: it is the anonymous public register.
|
||||||
|
*/
|
||||||
|
export const SECURE_API_ROUTES = ['/self-service/'];
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Build the app providers from runtime config. `redirectUrl` is the app's own origin (where Keycloak
|
||||||
|
* redirects back). `secureRoutes` uses {@link SECURE_API_ROUTES} — relative prefixes, not the origin.
|
||||||
|
*/
|
||||||
|
export function appConfig(runtime: RuntimeConfig): ApplicationConfig {
|
||||||
|
const origin = typeof window !== 'undefined' ? window.location.origin : '/';
|
||||||
|
return {
|
||||||
|
providers: [
|
||||||
|
provideBrowserGlobalErrorListeners(),
|
||||||
|
provideRouter(appRoutes),
|
||||||
|
provideHttpClient(withInterceptors([authInterceptor()])),
|
||||||
|
provideDigiadAuth({
|
||||||
|
authority: runtime.authority,
|
||||||
|
redirectUrl: origin,
|
||||||
|
secureRoutes: SECURE_API_ROUTES,
|
||||||
|
}),
|
||||||
|
],
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|||||||
@@ -1,5 +1 @@
|
|||||||
<main>
|
<router-outlet></router-outlet>
|
||||||
<h1>Zelfservice — BIG-registratie</h1>
|
|
||||||
<p>Portaal voor zorgprofessionals. Inloggen en indienen volgt in S-08c.</p>
|
|
||||||
<router-outlet></router-outlet>
|
|
||||||
</main>
|
|
||||||
|
|||||||
@@ -1,3 +1,7 @@
|
|||||||
import { Route } from '@angular/router';
|
import { Route } from '@angular/router';
|
||||||
|
import { authenticatedGuard } from 'auth';
|
||||||
|
import { RegistrationPage } from './registration/registration-page';
|
||||||
|
|
||||||
export const appRoutes: Route[] = [];
|
export const appRoutes: Route[] = [
|
||||||
|
{ path: '', component: RegistrationPage, canActivate: [authenticatedGuard] },
|
||||||
|
];
|
||||||
|
|||||||
@@ -1,17 +1,15 @@
|
|||||||
import { TestBed } from '@angular/core/testing';
|
import { provideRouter } from '@angular/router';
|
||||||
|
import { render, screen } from '@testing-library/angular';
|
||||||
import { App } from './app';
|
import { App } from './app';
|
||||||
|
|
||||||
describe('App', () => {
|
describe('App', () => {
|
||||||
beforeEach(async () => {
|
it('renders the router outlet shell', async () => {
|
||||||
await TestBed.configureTestingModule({
|
const { container } = await render(App, {
|
||||||
imports: [App],
|
providers: [provideRouter([])],
|
||||||
}).compileComponents();
|
});
|
||||||
});
|
|
||||||
|
|
||||||
it('renders the self-service portal heading', async () => {
|
// The shell is a thin host for routed pages (the RegistrationPage owns the heading).
|
||||||
const fixture = TestBed.createComponent(App);
|
expect(container.querySelector('router-outlet')).toBeTruthy();
|
||||||
await fixture.whenStable();
|
expect(screen).toBeTruthy();
|
||||||
const compiled = fixture.nativeElement as HTMLElement;
|
|
||||||
expect(compiled.querySelector('h1')?.textContent).toContain('Zelfservice');
|
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -0,0 +1,27 @@
|
|||||||
|
<main utrecht-document class="utrecht-theme">
|
||||||
|
<utrecht-article>
|
||||||
|
<utrecht-heading-1>Zelfservice — BIG-registratie</utrecht-heading-1>
|
||||||
|
|
||||||
|
@if (submitted()) {
|
||||||
|
<p utrecht-paragraph role="status">
|
||||||
|
Uw registratie is ontvangen. Referentie: {{ reference() }}.
|
||||||
|
</p>
|
||||||
|
} @else {
|
||||||
|
<p utrecht-paragraph>U bent ingelogd met BSN {{ bsn() }}.</p>
|
||||||
|
@if (failed()) {
|
||||||
|
<p utrecht-paragraph role="alert">
|
||||||
|
Er ging iets mis bij het indienen van uw registratie. Probeer het opnieuw.
|
||||||
|
</p>
|
||||||
|
}
|
||||||
|
<button
|
||||||
|
utrecht-button
|
||||||
|
appearance="primary-action-button"
|
||||||
|
type="button"
|
||||||
|
[disabled]="submitting()"
|
||||||
|
(click)="submit()"
|
||||||
|
>
|
||||||
|
Registratie indienen
|
||||||
|
</button>
|
||||||
|
}
|
||||||
|
</utrecht-article>
|
||||||
|
</main>
|
||||||
@@ -0,0 +1,71 @@
|
|||||||
|
import { signal } from '@angular/core';
|
||||||
|
import { fireEvent, render, screen } from '@testing-library/angular';
|
||||||
|
import { of, throwError } from 'rxjs';
|
||||||
|
import { AuthService } from 'auth';
|
||||||
|
import { BffApiV1Service } from 'api-client';
|
||||||
|
import { axe } from 'vitest-axe';
|
||||||
|
import { RegistrationPage } from './registration-page';
|
||||||
|
|
||||||
|
class FakeAuth extends AuthService {
|
||||||
|
readonly isAuthenticated = signal(true);
|
||||||
|
readonly bsn = signal<string | undefined>('123456782');
|
||||||
|
login(): void {
|
||||||
|
/* noop */
|
||||||
|
}
|
||||||
|
logout(): void {
|
||||||
|
/* noop */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function providers(post = vi.fn().mockReturnValue(of({ registrationId: 'reg-9', status: 'Ingediend' }))) {
|
||||||
|
return {
|
||||||
|
post,
|
||||||
|
providers: [
|
||||||
|
{ provide: AuthService, useClass: FakeAuth },
|
||||||
|
{ provide: BffApiV1Service, useValue: { postSelfServiceRegistrations: post } },
|
||||||
|
],
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
describe('RegistrationPage', () => {
|
||||||
|
it('shows the signed-in BSN', async () => {
|
||||||
|
await render(RegistrationPage, { providers: providers().providers });
|
||||||
|
expect(screen.getByText(/123456782/)).toBeTruthy();
|
||||||
|
});
|
||||||
|
|
||||||
|
it('submits the registration and confirms', async () => {
|
||||||
|
const { post, providers: p } = providers();
|
||||||
|
await render(RegistrationPage, { providers: p });
|
||||||
|
|
||||||
|
fireEvent.click(screen.getByRole('button', { name: /indienen/i }));
|
||||||
|
|
||||||
|
expect(post).toHaveBeenCalledTimes(1);
|
||||||
|
expect(await screen.findByText(/ontvangen/i)).toBeTruthy();
|
||||||
|
});
|
||||||
|
|
||||||
|
it('shows an error and keeps the submit available when the BFF call fails', async () => {
|
||||||
|
const { post, providers: p } = providers(vi.fn().mockReturnValue(throwError(() => new Error('BFF rejected'))));
|
||||||
|
await render(RegistrationPage, { providers: p });
|
||||||
|
|
||||||
|
fireEvent.click(screen.getByRole('button', { name: /indienen/i }));
|
||||||
|
|
||||||
|
expect(post).toHaveBeenCalledTimes(1);
|
||||||
|
// The failure is surfaced (not swallowed), the confirmation is not shown, and the user can retry.
|
||||||
|
expect(await screen.findByRole('alert')).toBeTruthy();
|
||||||
|
expect(screen.queryByText(/ontvangen/i)).toBeNull();
|
||||||
|
expect(screen.getByRole('button', { name: /indienen/i })).toBeTruthy();
|
||||||
|
});
|
||||||
|
|
||||||
|
it('has no WCAG 2.1 AA violations on the submit page', async () => {
|
||||||
|
// The portal is Dutch; the real index.html sets lang. Set it here so the document-level
|
||||||
|
// html-has-lang rule reflects the app, not the bare jsdom document.
|
||||||
|
document.documentElement.lang = 'nl';
|
||||||
|
const { container } = await render(RegistrationPage, { providers: providers().providers });
|
||||||
|
|
||||||
|
const results = await axe(container, {
|
||||||
|
runOnly: { type: 'tag', values: ['wcag2a', 'wcag2aa', 'wcag21a', 'wcag21aa'] },
|
||||||
|
});
|
||||||
|
|
||||||
|
expect(results.violations).toEqual([]);
|
||||||
|
});
|
||||||
|
});
|
||||||
42
apps/self-service/src/app/registration/registration-page.ts
Normal file
42
apps/self-service/src/app/registration/registration-page.ts
Normal file
@@ -0,0 +1,42 @@
|
|||||||
|
import { Component, inject, signal } from '@angular/core';
|
||||||
|
import { BffApiV1Service, type SubmitAccepted } from 'api-client';
|
||||||
|
import { AuthService } from 'auth';
|
||||||
|
import { UtrechtComponentsModule } from 'ui';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The self-service submit page: a signed-in zorgprofessional confirms and submits their BIG
|
||||||
|
* registration. The bsn comes from the DigiD token (not a form field), so this is a confirm-and-
|
||||||
|
* submit flow that posts to the BFF and shows the returned reference (ADR-0010; S-08c).
|
||||||
|
*/
|
||||||
|
@Component({
|
||||||
|
selector: 'app-registration-page',
|
||||||
|
imports: [UtrechtComponentsModule],
|
||||||
|
templateUrl: './registration-page.html',
|
||||||
|
})
|
||||||
|
export class RegistrationPage {
|
||||||
|
private readonly auth = inject(AuthService);
|
||||||
|
private readonly bff = inject(BffApiV1Service);
|
||||||
|
|
||||||
|
protected readonly bsn = this.auth.bsn;
|
||||||
|
protected readonly submitting = signal(false);
|
||||||
|
protected readonly reference = signal<string | undefined>(undefined);
|
||||||
|
protected readonly submitted = signal(false);
|
||||||
|
protected readonly failed = signal(false);
|
||||||
|
|
||||||
|
submit(): void {
|
||||||
|
this.submitting.set(true);
|
||||||
|
this.failed.set(false);
|
||||||
|
this.bff.postSelfServiceRegistrations().subscribe({
|
||||||
|
next: (accepted: SubmitAccepted) => {
|
||||||
|
this.reference.set(accepted.registrationId);
|
||||||
|
this.submitted.set(true);
|
||||||
|
this.submitting.set(false);
|
||||||
|
},
|
||||||
|
// Surface the failure instead of swallowing it: re-enable the button so the user can retry.
|
||||||
|
error: () => {
|
||||||
|
this.failed.set(true);
|
||||||
|
this.submitting.set(false);
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
<!doctype html>
|
<!doctype html>
|
||||||
<html lang="en">
|
<html lang="nl">
|
||||||
<head>
|
<head>
|
||||||
<meta charset="utf-8" />
|
<meta charset="utf-8" />
|
||||||
<title>self-service</title>
|
<title>self-service</title>
|
||||||
|
|||||||
@@ -1,5 +1,10 @@
|
|||||||
import { bootstrapApplication } from '@angular/platform-browser';
|
import { bootstrapApplication } from '@angular/platform-browser';
|
||||||
import { appConfig } from './app/app.config';
|
|
||||||
import { App } from './app/app';
|
import { App } from './app/app';
|
||||||
|
import { appConfig, type RuntimeConfig } from './app/app.config';
|
||||||
|
|
||||||
bootstrapApplication(App, appConfig).catch((err) => console.error(err));
|
// Load environment config before bootstrap so the OIDC authority is set per environment
|
||||||
|
// (dev: localhost; compose: keycloak:8080) from a single build — 12-factor (S-08d).
|
||||||
|
fetch('config.json')
|
||||||
|
.then((response) => response.json() as Promise<RuntimeConfig>)
|
||||||
|
.then((config) => bootstrapApplication(App, appConfig(config)))
|
||||||
|
.catch((err) => console.error(err));
|
||||||
|
|||||||
@@ -1 +1,2 @@
|
|||||||
/* You can add global styles to this file, and also import other style files */
|
/* NL Design System theme — Utrecht design tokens (docs/frontend-decisions.md). */
|
||||||
|
@import '@utrecht/design-tokens/dist/index.css';
|
||||||
|
|||||||
@@ -5,6 +5,51 @@ copy-pasteable walkthrough against a local `make up` stack.
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
## S-08d — Walking skeleton complete: browser → submit, end-to-end
|
||||||
|
|
||||||
|
**Outcome:** the self-service portal is served in the stack and the full front-of-house happy path
|
||||||
|
runs in a real browser — **mock DigiD login → submit → confirmation** — closing the walking skeleton
|
||||||
|
(portal → BFF → domain → Flowable → ACL → OpenZaak, with the openbaar register reading the projection).
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# 1. Bring the whole stack up (portal served on :8140, BFF :8080, Keycloak :8180).
|
||||||
|
make up
|
||||||
|
|
||||||
|
# 2. Automated happy path — Playwright, inside the compose network (issuer-consistent):
|
||||||
|
make verify-e2e # → login as jan-burger → submit → "ontvangen" confirmation
|
||||||
|
|
||||||
|
# 3. By hand: open the portal, log in as jan-burger / test123, click "Registratie indienen".
|
||||||
|
open http://localhost:8140
|
||||||
|
```
|
||||||
|
|
||||||
|
> The portal is served same-origin with the BFF (nginx proxies `/self-service` + `/openbaar`), so no
|
||||||
|
> CORS; the OIDC authority comes from `/config.json` at runtime. See `docs/frontend-decisions.md`.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## S-08c — Self-service submit form (NL Design System + DigiD)
|
||||||
|
|
||||||
|
**Outcome:** a zorgprofessional logs in via mock DigiD and submits a BIG registration through the
|
||||||
|
self-service portal (NL Design System styling); the page confirms with the reference returned by the
|
||||||
|
BFF. The bsn comes from the DigiD token, so it's a confirm-and-submit flow (no bsn field).
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# 1. Bring the backend + Keycloak up (BFF on :8080, Keycloak on :8180).
|
||||||
|
make up
|
||||||
|
|
||||||
|
# 2. Serve the portal (dev server); it redirects to Keycloak for DigiD login.
|
||||||
|
pnpm nx serve self-service # → http://localhost:4200
|
||||||
|
|
||||||
|
# 3. In the browser: log in as the mock DigiD user jan-burger / test123, then submit.
|
||||||
|
# The page shows the returned registration reference.
|
||||||
|
```
|
||||||
|
|
||||||
|
> First real UI. The full **login → submit → success** happy path is automated in **S-08d**
|
||||||
|
> (Playwright, against the compose-served app). Component tests + an axe WCAG 2.1 AA check on the
|
||||||
|
> submit page run headless in the `frontend` CI lane. See `docs/frontend-decisions.md`.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
## S-08a — Nx workspace + self-service portal skeleton
|
## S-08a — Nx workspace + self-service portal skeleton
|
||||||
|
|
||||||
**Outcome:** the frontend foundation — an Nx (pnpm) monorepo with the `self-service` Angular app
|
**Outcome:** the frontend foundation — an Nx (pnpm) monorepo with the `self-service` Angular app
|
||||||
|
|||||||
@@ -29,3 +29,75 @@ The portals live in an **Nx monorepo at the repository root**, alongside the .NE
|
|||||||
|
|
||||||
**NL Design System:** not yet introduced — the S-08a app is a placeholder. NL DS components arrive
|
**NL Design System:** not yet introduced — the S-08a app is a placeholder. NL DS components arrive
|
||||||
with the submit form (S-08c, #67); any deviation from NL DS will be recorded here.
|
with the submit form (S-08c, #67); any deviation from NL DS will be recorded here.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## API client generator (S-08b, #66)
|
||||||
|
|
||||||
|
`libs/api-client` is **generated from `services/bff/openapi.json`** — never hand-written (§10).
|
||||||
|
|
||||||
|
- **Generator: orval** (`client: 'angular'`), a **node-based** generator (no Java, unlike
|
||||||
|
`openapi-generator`), so it runs in the pnpm/Node CI lane. It emits an injectable
|
||||||
|
`BffApiV1Service` using Angular's `HttpClient` — which means the DigiD bearer token can be attached
|
||||||
|
by an **`HttpInterceptor`** (S-08c), the idiomatic Angular approach; a fetch-based SDK would bypass
|
||||||
|
the interceptor pipeline.
|
||||||
|
- **Config:** `libs/api-client/orval.config.ts` (single-file output into `src/lib/generated/`,
|
||||||
|
`clean: true`, prettier). **Regenerate with `nx run api-client:generate`** after the BFF spec
|
||||||
|
changes; the output is deterministic (idempotent), and `src/lib/generated/` is never hand-edited.
|
||||||
|
- **Tested** against a mocked BFF via `HttpClientTesting` (`libs/api-client/src/lib/bff-api.spec.ts`).
|
||||||
|
- The BFF endpoints carry no `operationId`, so orval synthesises method names
|
||||||
|
(`postSelfServiceRegistrations`, `getOpenbaarRegister`); adding explicit operation ids to the BFF
|
||||||
|
is a possible later polish.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Self-service form: NL DS, DigiD auth, testing (S-08c, #67)
|
||||||
|
|
||||||
|
- **NL Design System via `@utrecht/component-library-angular`** (`libs/ui`) + `@utrecht/design-tokens`
|
||||||
|
(imported once in `apps/self-service/src/styles.css`). Utrecht is NL DS's reference Angular
|
||||||
|
implementation. Its v3 components are **NgModule-based, not standalone**, so `libs/ui` re-exports
|
||||||
|
`UtrechtComponentsModule` (and the component classes, so the AOT compiler resolves the template
|
||||||
|
directives through the barrel); standalone components consume it via `imports: [UtrechtComponentsModule]`.
|
||||||
|
§10's "no NgModules in new code" governs *our* code — consuming a third-party module is fine.
|
||||||
|
- **DigiD login via `angular-auth-oidc-client`** (`libs/auth`): auth-code + PKCE against the Keycloak
|
||||||
|
`digid` realm (public client `big-portal`). A small **`AuthService` abstraction** (bsn /
|
||||||
|
isAuthenticated / login) wraps the library so components and the `authenticatedGuard` depend on a
|
||||||
|
mockable surface; a **token `HttpInterceptor`** attaches the bearer to BFF calls (secure route).
|
||||||
|
The OIDC `authority`/`secureApiOrigin` are dev defaults in `app.config.ts`; the compose-served app
|
||||||
|
overrides them (S-08d), and the browser-vs-container issuer alignment is handled there (ADR-0010).
|
||||||
|
- **Testing:** component tests use **`@testing-library/angular`** (§10) with `AuthService` and the
|
||||||
|
api-client mocked; the **axe** (`vitest-axe`) check runs scoped to WCAG 2.1 AA tags
|
||||||
|
(`wcag2a/2aa/21a/21aa`) with the document `lang` set, asserting zero violations on the submit page.
|
||||||
|
The real DigiD browser round-trip is exercised in S-08d (Playwright).
|
||||||
|
- **Module boundaries:** replaced the demo eslint `depConstraints` (`scope:shop`/`scope:shared`, left
|
||||||
|
over from the Nx angular template) with a permissive `*` default; scope/type tags can be
|
||||||
|
introduced when the portal set grows.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Serving + e2e (S-08d, #68)
|
||||||
|
|
||||||
|
- **Served by nginx, same-origin as the BFF.** The compose `self-service` image serves the built app
|
||||||
|
and **reverse-proxies** `/self-service/*` + `/openbaar/*` to the `bff` service. Because the
|
||||||
|
api-client uses **relative URLs**, the browser calls the app's own origin → nginx forwards to the
|
||||||
|
BFF: **no CORS**, and the DigiD token (same-origin) is attached by the interceptor. nginx resolves
|
||||||
|
the BFF at request time (a `resolver` + variable `proxy_pass`) so it starts before the BFF is up.
|
||||||
|
- **Runtime config.** The app fetches `/config.json` before bootstrap (`main.ts`); `appConfig` is a
|
||||||
|
factory. The dev default (`public/config.json`) points at `localhost:8180`; the Docker image bakes
|
||||||
|
the compose value (`keycloak:8080`). One build, per-environment OIDC authority.
|
||||||
|
- **e2e runs inside the compose network.** `infra/run-e2e-check.sh` runs Playwright in a `node`
|
||||||
|
container on `cg`, so the browser reaches Keycloak as `keycloak:8080` — the **same issuer** the BFF
|
||||||
|
validates against (resolves the browser-vs-container mismatch, ADR-0010). Chromium is installed at
|
||||||
|
runtime, so there's no Playwright-image-version pinning to keep in sync. The spec is copied in
|
||||||
|
(`docker cp`), not mounted, so it leaves nothing root-owned on the host. Wired as `verify-e2e` in
|
||||||
|
the `verify-stack` CI job.
|
||||||
|
- **e2e treats the portal origin as secure.** In-network the portal is served over plain HTTP on a
|
||||||
|
non-localhost origin (`http://self-service`), which is **not a secure context**, so Web Crypto
|
||||||
|
(`crypto.subtle`) is unavailable. angular-auth-oidc-client needs it for the PKCE code challenge, so
|
||||||
|
`authorize()` throws and the login redirect never fires. Production runs behind HTTPS where this is
|
||||||
|
a non-issue; rather than terminate TLS in the throwaway stack, the Playwright config passes
|
||||||
|
`--unsafely-treat-insecure-origin-as-secure` (honoured only by the full `channel: 'chromium'`
|
||||||
|
build, not the default headless-shell). This emulates the production HTTPS secure context without
|
||||||
|
touching the app or its production config.
|
||||||
|
- `tests/e2e` is a standalone Playwright project (its own `package.json`), not an Nx project — it's a
|
||||||
|
live-stack check like the other `verify-*` runners, not part of the `frontend` unit lane.
|
||||||
|
|||||||
@@ -19,22 +19,12 @@ export default [
|
|||||||
{
|
{
|
||||||
enforceBuildableLibDependency: true,
|
enforceBuildableLibDependency: true,
|
||||||
allow: ['^.*/eslint(\\.base)?\\.config\\.[cm]?[jt]s$'],
|
allow: ['^.*/eslint(\\.base)?\\.config\\.[cm]?[jt]s$'],
|
||||||
|
// Permissive default — apps/libs are untagged for now. Introduce scope/type tags
|
||||||
|
// when the portal set grows (docs/frontend-decisions.md).
|
||||||
depConstraints: [
|
depConstraints: [
|
||||||
{
|
{
|
||||||
sourceTag: 'scope:shared',
|
sourceTag: '*',
|
||||||
onlyDependOnLibsWithTags: ['scope:shared'],
|
onlyDependOnLibsWithTags: ['*'],
|
||||||
},
|
|
||||||
{
|
|
||||||
sourceTag: 'scope:shop',
|
|
||||||
onlyDependOnLibsWithTags: ['scope:shop', 'scope:shared'],
|
|
||||||
},
|
|
||||||
{
|
|
||||||
sourceTag: 'scope:api',
|
|
||||||
onlyDependOnLibsWithTags: ['scope:api', 'scope:shared'],
|
|
||||||
},
|
|
||||||
{
|
|
||||||
sourceTag: 'type:data',
|
|
||||||
onlyDependOnLibsWithTags: ['type:data'],
|
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -433,6 +433,31 @@ services:
|
|||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
networks: [cg]
|
networks: [cg]
|
||||||
|
|
||||||
|
# ── Self-Service portal (S-08d) ────────────────────────────────────────────
|
||||||
|
# nginx serves the Angular app and reverse-proxies /self-service + /openbaar to the BFF
|
||||||
|
# (same-origin, no CORS). The Playwright e2e drives it inside this network so the DigiD
|
||||||
|
# token issuer (keycloak:8080) matches the BFF's authority (ADR-0010).
|
||||||
|
self-service:
|
||||||
|
build:
|
||||||
|
context: ..
|
||||||
|
dockerfile: apps/self-service/Dockerfile
|
||||||
|
image: register-referentie/self-service:dev
|
||||||
|
ports:
|
||||||
|
- "8140:80"
|
||||||
|
healthcheck:
|
||||||
|
# 127.0.0.1, not localhost: nginx listens on IPv4 only, but localhost resolves to ::1 first.
|
||||||
|
test: ["CMD-SHELL", "wget -q -O /dev/null http://127.0.0.1/ || exit 1"]
|
||||||
|
interval: 5s
|
||||||
|
timeout: 3s
|
||||||
|
retries: 5
|
||||||
|
start_period: 10s
|
||||||
|
depends_on:
|
||||||
|
bff:
|
||||||
|
condition: service_healthy
|
||||||
|
keycloak:
|
||||||
|
condition: service_started
|
||||||
|
networks: [cg]
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
oz-db:
|
oz-db:
|
||||||
nrc-db:
|
nrc-db:
|
||||||
|
|||||||
25
infra/run-e2e-check.sh
Executable file
25
infra/run-e2e-check.sh
Executable file
@@ -0,0 +1,25 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
#
|
||||||
|
# Walking-skeleton e2e (S-08d) against an ALREADY-RUNNING full stack: drive the self-service portal
|
||||||
|
# in a real browser through mock-DigiD login → submit → confirmation (login → BFF → domain).
|
||||||
|
#
|
||||||
|
# Runs Playwright INSIDE the compose network (a node container on `cg`), so the browser reaches
|
||||||
|
# Keycloak by service name (keycloak:8080) — the same authority the BFF validates against, so the
|
||||||
|
# token issuer matches (ADR-0010). The spec is copied into the container (docker cp), not mounted,
|
||||||
|
# so it leaves no root-owned files on the host. The caller owns stack bring-up + teardown.
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
here="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||||
|
root="$(cd "$here/.." && pwd)"
|
||||||
|
|
||||||
|
ss="$(docker ps -q --filter 'name=self-service' | head -1)"
|
||||||
|
[ -n "$ss" ] || { echo "ERROR: no running self-service container — bring the stack up first" >&2; exit 1; }
|
||||||
|
net="$(docker inspect -f '{{range $k,$_ := .NetworkSettings.Networks}}{{$k}}{{"\n"}}{{end}}' "$ss" | head -1)"
|
||||||
|
echo ">> running Playwright e2e on network $net against http://self-service"
|
||||||
|
|
||||||
|
cid="$(docker create --network "$net" -w /e2e --ipc=host \
|
||||||
|
-e SELF_SERVICE_URL=http://self-service \
|
||||||
|
node:24 sh -c 'npm install --no-audit --no-fund && npx playwright install --with-deps chromium && npx playwright test')"
|
||||||
|
trap 'docker rm -f "$cid" >/dev/null 2>&1 || true' EXIT
|
||||||
|
docker cp "$root/tests/e2e/." "$cid:/e2e" >/dev/null
|
||||||
|
docker start -a "$cid"
|
||||||
7
libs/api-client/README.md
Normal file
7
libs/api-client/README.md
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
# api-client
|
||||||
|
|
||||||
|
This library was generated with [Nx](https://nx.dev).
|
||||||
|
|
||||||
|
## Running unit tests
|
||||||
|
|
||||||
|
Run `nx test api-client` to execute the unit tests.
|
||||||
34
libs/api-client/eslint.config.mjs
Normal file
34
libs/api-client/eslint.config.mjs
Normal file
@@ -0,0 +1,34 @@
|
|||||||
|
import nx from '@nx/eslint-plugin';
|
||||||
|
import baseConfig from '../../eslint.config.mjs';
|
||||||
|
|
||||||
|
export default [
|
||||||
|
...nx.configs['flat/angular'],
|
||||||
|
...nx.configs['flat/angular-template'],
|
||||||
|
...baseConfig,
|
||||||
|
{
|
||||||
|
files: ['**/*.ts'],
|
||||||
|
rules: {
|
||||||
|
'@angular-eslint/directive-selector': [
|
||||||
|
'error',
|
||||||
|
{
|
||||||
|
type: 'attribute',
|
||||||
|
prefix: 'lib',
|
||||||
|
style: 'camelCase',
|
||||||
|
},
|
||||||
|
],
|
||||||
|
'@angular-eslint/component-selector': [
|
||||||
|
'error',
|
||||||
|
{
|
||||||
|
type: 'element',
|
||||||
|
prefix: 'lib',
|
||||||
|
style: 'kebab-case',
|
||||||
|
},
|
||||||
|
],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
files: ['**/*.html'],
|
||||||
|
// Override or add rules here
|
||||||
|
rules: {},
|
||||||
|
},
|
||||||
|
];
|
||||||
17
libs/api-client/orval.config.ts
Normal file
17
libs/api-client/orval.config.ts
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
import { defineConfig } from 'orval';
|
||||||
|
|
||||||
|
// Generates the BFF client (Angular HttpClient service + models) from the committed
|
||||||
|
// OpenAPI contract. Never hand-edit the generated output — re-run `nx run api-client:generate`
|
||||||
|
// after the BFF spec changes (CLAUDE.md §10; docs/frontend-decisions.md).
|
||||||
|
export default defineConfig({
|
||||||
|
bff: {
|
||||||
|
input: '../../services/bff/openapi.json',
|
||||||
|
output: {
|
||||||
|
target: './src/lib/generated/bff-api.ts',
|
||||||
|
client: 'angular',
|
||||||
|
mode: 'single',
|
||||||
|
clean: true,
|
||||||
|
prettier: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
});
|
||||||
20
libs/api-client/project.json
Normal file
20
libs/api-client/project.json
Normal file
@@ -0,0 +1,20 @@
|
|||||||
|
{
|
||||||
|
"name": "api-client",
|
||||||
|
"$schema": "../../node_modules/nx/schemas/project-schema.json",
|
||||||
|
"sourceRoot": "libs/api-client/src",
|
||||||
|
"prefix": "lib",
|
||||||
|
"projectType": "library",
|
||||||
|
"tags": [],
|
||||||
|
"targets": {
|
||||||
|
"lint": {
|
||||||
|
"executor": "@nx/eslint:lint"
|
||||||
|
},
|
||||||
|
"generate": {
|
||||||
|
"executor": "nx:run-commands",
|
||||||
|
"options": {
|
||||||
|
"command": "orval --config orval.config.ts",
|
||||||
|
"cwd": "libs/api-client"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
3
libs/api-client/src/index.ts
Normal file
3
libs/api-client/src/index.ts
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
// The BFF API client is generated from services/bff/openapi.json (orval); never hand-edit
|
||||||
|
// src/lib/generated. Re-run `nx run api-client:generate` after the BFF spec changes.
|
||||||
|
export * from './lib/generated/bff-api';
|
||||||
50
libs/api-client/src/lib/bff-api.spec.ts
Normal file
50
libs/api-client/src/lib/bff-api.spec.ts
Normal file
@@ -0,0 +1,50 @@
|
|||||||
|
import { provideHttpClient } from '@angular/common/http';
|
||||||
|
import {
|
||||||
|
HttpTestingController,
|
||||||
|
provideHttpClientTesting,
|
||||||
|
} from '@angular/common/http/testing';
|
||||||
|
import { TestBed } from '@angular/core/testing';
|
||||||
|
import {
|
||||||
|
BffApiV1Service,
|
||||||
|
type OpenbaarEntry,
|
||||||
|
type SubmitAccepted,
|
||||||
|
} from '../index';
|
||||||
|
|
||||||
|
describe('BffApiV1Service (generated from services/bff/openapi.json)', () => {
|
||||||
|
let service: BffApiV1Service;
|
||||||
|
let http: HttpTestingController;
|
||||||
|
|
||||||
|
beforeEach(() => {
|
||||||
|
TestBed.configureTestingModule({
|
||||||
|
providers: [provideHttpClient(), provideHttpClientTesting()],
|
||||||
|
});
|
||||||
|
service = TestBed.inject(BffApiV1Service);
|
||||||
|
http = TestBed.inject(HttpTestingController);
|
||||||
|
});
|
||||||
|
|
||||||
|
afterEach(() => http.verify());
|
||||||
|
|
||||||
|
it('submits a registration via POST /self-service/registrations', () => {
|
||||||
|
let result: SubmitAccepted | undefined;
|
||||||
|
service.postSelfServiceRegistrations().subscribe((r) => (result = r));
|
||||||
|
|
||||||
|
const req = http.expectOne('/self-service/registrations');
|
||||||
|
expect(req.request.method).toBe('POST');
|
||||||
|
req.flush({ registrationId: 'reg-1', status: 'Ingediend' });
|
||||||
|
|
||||||
|
expect(result?.registrationId).toBe('reg-1');
|
||||||
|
expect(result?.status).toBe('Ingediend');
|
||||||
|
});
|
||||||
|
|
||||||
|
it('reads the openbaar register via GET /openbaar/register with the query', () => {
|
||||||
|
let rows: OpenbaarEntry[] | undefined;
|
||||||
|
service.getOpenbaarRegister({ q: 'abc' }).subscribe((r) => (rows = r));
|
||||||
|
|
||||||
|
const req = http.expectOne((r) => r.url === '/openbaar/register');
|
||||||
|
expect(req.request.method).toBe('GET');
|
||||||
|
expect(req.request.params.get('q')).toBe('abc');
|
||||||
|
req.flush([{ id: 'abc-111', status: 'INGEDIEND' }]);
|
||||||
|
|
||||||
|
expect(rows?.[0].id).toBe('abc-111');
|
||||||
|
});
|
||||||
|
});
|
||||||
216
libs/api-client/src/lib/generated/bff-api.ts
Normal file
216
libs/api-client/src/lib/generated/bff-api.ts
Normal file
@@ -0,0 +1,216 @@
|
|||||||
|
/**
|
||||||
|
* Generated by orval v8.19.0 🍺
|
||||||
|
* Do not edit manually.
|
||||||
|
* Bff.Api | v1
|
||||||
|
* OpenAPI spec version: 1.0.0
|
||||||
|
*/
|
||||||
|
import {
|
||||||
|
HttpClient,
|
||||||
|
HttpHeaders,
|
||||||
|
HttpResponse as AngularHttpResponse
|
||||||
|
} from '@angular/common/http';
|
||||||
|
import type {
|
||||||
|
HttpContext,
|
||||||
|
HttpEvent,
|
||||||
|
HttpParams
|
||||||
|
} from '@angular/common/http';
|
||||||
|
|
||||||
|
import {
|
||||||
|
Injectable,
|
||||||
|
inject
|
||||||
|
} from '@angular/core';
|
||||||
|
|
||||||
|
import {
|
||||||
|
Observable
|
||||||
|
} from 'rxjs';
|
||||||
|
|
||||||
|
export interface OpenbaarEntry {
|
||||||
|
id: string;
|
||||||
|
status: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
export interface SubmitAccepted {
|
||||||
|
registrationId: string;
|
||||||
|
status: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
export type GetOpenbaarRegisterParams = {
|
||||||
|
q?: string;
|
||||||
|
};
|
||||||
|
|
||||||
|
interface HttpClientOptions {
|
||||||
|
readonly headers?: HttpHeaders | Record<string, string | string[]>;
|
||||||
|
readonly context?: HttpContext;
|
||||||
|
readonly params?:
|
||||||
|
| HttpParams
|
||||||
|
| Record<string, string | number | boolean | Array<string | number | boolean>>;
|
||||||
|
readonly reportProgress?: boolean;
|
||||||
|
readonly withCredentials?: boolean;
|
||||||
|
readonly credentials?: RequestCredentials;
|
||||||
|
readonly keepalive?: boolean;
|
||||||
|
readonly priority?: RequestPriority;
|
||||||
|
readonly cache?: RequestCache;
|
||||||
|
readonly mode?: RequestMode;
|
||||||
|
readonly redirect?: RequestRedirect;
|
||||||
|
readonly referrer?: string;
|
||||||
|
readonly integrity?: string;
|
||||||
|
readonly referrerPolicy?: ReferrerPolicy;
|
||||||
|
readonly transferCache?: {includeHeaders?: string[]} | boolean;
|
||||||
|
readonly timeout?: number;
|
||||||
|
}
|
||||||
|
|
||||||
|
type HttpClientBodyOptions = HttpClientOptions & {
|
||||||
|
readonly observe?: 'body';
|
||||||
|
};
|
||||||
|
|
||||||
|
type HttpClientEventOptions = HttpClientOptions & {
|
||||||
|
readonly observe: 'events';
|
||||||
|
};
|
||||||
|
|
||||||
|
type HttpClientResponseOptions = HttpClientOptions & {
|
||||||
|
readonly observe: 'response';
|
||||||
|
};
|
||||||
|
|
||||||
|
type HttpClientObserveOptions = HttpClientOptions & {
|
||||||
|
readonly observe?: 'body' | 'events' | 'response';
|
||||||
|
};
|
||||||
|
|
||||||
|
type AngularHttpParamValue = string | number | boolean | Array<string | number | boolean>;
|
||||||
|
type AngularHttpParamValueWithNullable = AngularHttpParamValue | null;
|
||||||
|
|
||||||
|
function filterParams(
|
||||||
|
params: Record<string, unknown>,
|
||||||
|
requiredNullableKeys?: ReadonlySet<string>,
|
||||||
|
preserveRequiredNullables?: false,
|
||||||
|
passthroughKeys?: undefined,
|
||||||
|
): Record<string, AngularHttpParamValue>;
|
||||||
|
function filterParams(
|
||||||
|
params: Record<string, unknown>,
|
||||||
|
requiredNullableKeys: ReadonlySet<string> | undefined,
|
||||||
|
preserveRequiredNullables: true,
|
||||||
|
passthroughKeys?: undefined,
|
||||||
|
): Record<string, AngularHttpParamValueWithNullable>;
|
||||||
|
function filterParams(
|
||||||
|
params: Record<string, unknown>,
|
||||||
|
requiredNullableKeys: ReadonlySet<string> | undefined,
|
||||||
|
preserveRequiredNullables: boolean | undefined,
|
||||||
|
passthroughKeys: ReadonlySet<string>,
|
||||||
|
): Record<string, unknown>;
|
||||||
|
function filterParams(
|
||||||
|
params: Record<string, unknown>,
|
||||||
|
requiredNullableKeys: ReadonlySet<string> = new Set(),
|
||||||
|
preserveRequiredNullables = false,
|
||||||
|
passthroughKeys: ReadonlySet<string> = new Set(),
|
||||||
|
): Record<string, unknown> {
|
||||||
|
const filteredParams: Record<string, unknown> = {};
|
||||||
|
for (const [key, value] of Object.entries(params)) {
|
||||||
|
if (passthroughKeys.has(key)) {
|
||||||
|
if (value !== undefined) {
|
||||||
|
filteredParams[key] = value;
|
||||||
|
}
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (Array.isArray(value)) {
|
||||||
|
const filtered = value.filter(
|
||||||
|
(item) =>
|
||||||
|
item != null &&
|
||||||
|
(typeof item === 'string' ||
|
||||||
|
typeof item === 'number' ||
|
||||||
|
typeof item === 'boolean'),
|
||||||
|
) as Array<string | number | boolean>;
|
||||||
|
if (filtered.length) {
|
||||||
|
filteredParams[key] = filtered;
|
||||||
|
}
|
||||||
|
} else if (
|
||||||
|
preserveRequiredNullables &&
|
||||||
|
value === null &&
|
||||||
|
requiredNullableKeys.has(key)
|
||||||
|
) {
|
||||||
|
filteredParams[key] = null;
|
||||||
|
} else if (
|
||||||
|
value != null &&
|
||||||
|
(typeof value === 'string' ||
|
||||||
|
typeof value === 'number' ||
|
||||||
|
typeof value === 'boolean')
|
||||||
|
) {
|
||||||
|
filteredParams[key] = value;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return filteredParams;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@Injectable({ providedIn: 'root' })
|
||||||
|
export class BffApiV1Service {
|
||||||
|
private readonly http = inject(HttpClient);
|
||||||
|
postSelfServiceRegistrations<TData = SubmitAccepted>( options?: HttpClientBodyOptions): Observable<TData>;
|
||||||
|
postSelfServiceRegistrations<TData = SubmitAccepted>( options?: HttpClientEventOptions): Observable<HttpEvent<TData>>;
|
||||||
|
postSelfServiceRegistrations<TData = SubmitAccepted>( options?: HttpClientResponseOptions): Observable<AngularHttpResponse<TData>>;
|
||||||
|
postSelfServiceRegistrations<TData = SubmitAccepted>(
|
||||||
|
options?: HttpClientObserveOptions): Observable<TData | HttpEvent<TData> | AngularHttpResponse<TData>> {
|
||||||
|
if (options?.observe === 'events') {
|
||||||
|
return this.http.post<TData>(
|
||||||
|
`/self-service/registrations`,
|
||||||
|
undefined,{
|
||||||
|
...(options as Omit<NonNullable<typeof options>, 'observe'>),
|
||||||
|
observe: 'events',
|
||||||
|
}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (options?.observe === 'response') {
|
||||||
|
return this.http.post<TData>(
|
||||||
|
`/self-service/registrations`,
|
||||||
|
undefined,{
|
||||||
|
...(options as Omit<NonNullable<typeof options>, 'observe'>),
|
||||||
|
observe: 'response',
|
||||||
|
}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
return this.http.post<TData>(
|
||||||
|
`/self-service/registrations`,
|
||||||
|
undefined,{
|
||||||
|
...(options as Omit<NonNullable<typeof options>, 'observe'>),
|
||||||
|
observe: 'body',
|
||||||
|
}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
getOpenbaarRegister<TData = OpenbaarEntry[]>(params?: GetOpenbaarRegisterParams, options?: HttpClientBodyOptions): Observable<TData>;
|
||||||
|
getOpenbaarRegister<TData = OpenbaarEntry[]>(params?: GetOpenbaarRegisterParams, options?: HttpClientEventOptions): Observable<HttpEvent<TData>>;
|
||||||
|
getOpenbaarRegister<TData = OpenbaarEntry[]>(params?: GetOpenbaarRegisterParams, options?: HttpClientResponseOptions): Observable<AngularHttpResponse<TData>>;
|
||||||
|
getOpenbaarRegister<TData = OpenbaarEntry[]>(
|
||||||
|
params?: GetOpenbaarRegisterParams, options?: HttpClientObserveOptions): Observable<TData | HttpEvent<TData> | AngularHttpResponse<TData>> {
|
||||||
|
const filteredParams = filterParams({...params, ...options?.params}, new Set<string>([]));
|
||||||
|
|
||||||
|
if (options?.observe === 'events') {
|
||||||
|
return this.http.get<TData>(
|
||||||
|
`/openbaar/register`,{
|
||||||
|
...(options as Omit<NonNullable<typeof options>, 'observe'>),
|
||||||
|
observe: 'events',
|
||||||
|
params: filteredParams,}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (options?.observe === 'response') {
|
||||||
|
return this.http.get<TData>(
|
||||||
|
`/openbaar/register`,{
|
||||||
|
...(options as Omit<NonNullable<typeof options>, 'observe'>),
|
||||||
|
observe: 'response',
|
||||||
|
params: filteredParams,}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
return this.http.get<TData>(
|
||||||
|
`/openbaar/register`,{
|
||||||
|
...(options as Omit<NonNullable<typeof options>, 'observe'>),
|
||||||
|
observe: 'body',
|
||||||
|
params: filteredParams,}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
};
|
||||||
5
libs/api-client/src/test-setup.ts
Normal file
5
libs/api-client/src/test-setup.ts
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
import '@angular/compiler';
|
||||||
|
import '@analogjs/vitest-angular/setup-snapshots';
|
||||||
|
import { setupTestBed } from '@analogjs/vitest-angular/setup-testbed';
|
||||||
|
|
||||||
|
setupTestBed({ zoneless: false });
|
||||||
31
libs/api-client/tsconfig.json
Normal file
31
libs/api-client/tsconfig.json
Normal file
@@ -0,0 +1,31 @@
|
|||||||
|
{
|
||||||
|
"extends": "../../tsconfig.base.json",
|
||||||
|
"compilerOptions": {
|
||||||
|
"isolatedModules": true,
|
||||||
|
"target": "es2022",
|
||||||
|
"moduleResolution": "bundler",
|
||||||
|
"strict": true,
|
||||||
|
"noImplicitOverride": true,
|
||||||
|
"noPropertyAccessFromIndexSignature": true,
|
||||||
|
"noImplicitReturns": true,
|
||||||
|
"noFallthroughCasesInSwitch": true,
|
||||||
|
"emitDecoratorMetadata": false,
|
||||||
|
"module": "preserve"
|
||||||
|
},
|
||||||
|
"angularCompilerOptions": {
|
||||||
|
"enableI18nLegacyMessageIdFormat": false,
|
||||||
|
"strictInjectionParameters": true,
|
||||||
|
"strictInputAccessModifiers": true,
|
||||||
|
"strictTemplates": true
|
||||||
|
},
|
||||||
|
"files": [],
|
||||||
|
"include": [],
|
||||||
|
"references": [
|
||||||
|
{
|
||||||
|
"path": "./tsconfig.lib.json"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"path": "./tsconfig.spec.json"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
26
libs/api-client/tsconfig.lib.json
Normal file
26
libs/api-client/tsconfig.lib.json
Normal file
@@ -0,0 +1,26 @@
|
|||||||
|
{
|
||||||
|
"extends": "./tsconfig.json",
|
||||||
|
"compilerOptions": {
|
||||||
|
"outDir": "../../dist/out-tsc",
|
||||||
|
"declaration": true,
|
||||||
|
"declarationMap": true,
|
||||||
|
"inlineSources": true,
|
||||||
|
"types": []
|
||||||
|
},
|
||||||
|
"include": ["src/**/*.ts"],
|
||||||
|
"exclude": [
|
||||||
|
"src/**/*.spec.ts",
|
||||||
|
"src/**/*.test.ts",
|
||||||
|
"vite.config.ts",
|
||||||
|
"vite.config.mts",
|
||||||
|
"vitest.config.ts",
|
||||||
|
"vitest.config.mts",
|
||||||
|
"src/**/*.test.tsx",
|
||||||
|
"src/**/*.spec.tsx",
|
||||||
|
"src/**/*.test.js",
|
||||||
|
"src/**/*.spec.js",
|
||||||
|
"src/**/*.test.jsx",
|
||||||
|
"src/**/*.spec.jsx",
|
||||||
|
"src/test-setup.ts"
|
||||||
|
]
|
||||||
|
}
|
||||||
29
libs/api-client/tsconfig.spec.json
Normal file
29
libs/api-client/tsconfig.spec.json
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
{
|
||||||
|
"extends": "./tsconfig.json",
|
||||||
|
"compilerOptions": {
|
||||||
|
"outDir": "../../dist/out-tsc",
|
||||||
|
"types": [
|
||||||
|
"vitest/globals",
|
||||||
|
"vitest/importMeta",
|
||||||
|
"vite/client",
|
||||||
|
"node",
|
||||||
|
"vitest"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"include": [
|
||||||
|
"vite.config.ts",
|
||||||
|
"vite.config.mts",
|
||||||
|
"vitest.config.ts",
|
||||||
|
"vitest.config.mts",
|
||||||
|
"src/**/*.test.ts",
|
||||||
|
"src/**/*.spec.ts",
|
||||||
|
"src/**/*.test.tsx",
|
||||||
|
"src/**/*.spec.tsx",
|
||||||
|
"src/**/*.test.js",
|
||||||
|
"src/**/*.spec.js",
|
||||||
|
"src/**/*.test.jsx",
|
||||||
|
"src/**/*.spec.jsx",
|
||||||
|
"src/**/*.d.ts"
|
||||||
|
],
|
||||||
|
"files": ["src/test-setup.ts"]
|
||||||
|
}
|
||||||
28
libs/api-client/vite.config.mts
Normal file
28
libs/api-client/vite.config.mts
Normal file
@@ -0,0 +1,28 @@
|
|||||||
|
/// <reference types='vitest' />
|
||||||
|
import { defineConfig } from 'vite';
|
||||||
|
import angular from '@analogjs/vite-plugin-angular';
|
||||||
|
import { nxViteTsPaths } from '@nx/vite/plugins/nx-tsconfig-paths.plugin';
|
||||||
|
import { nxCopyAssetsPlugin } from '@nx/vite/plugins/nx-copy-assets.plugin';
|
||||||
|
|
||||||
|
export default defineConfig(() => ({
|
||||||
|
root: __dirname,
|
||||||
|
cacheDir: '../../node_modules/.vite/libs/api-client',
|
||||||
|
plugins: [angular(), nxViteTsPaths(), nxCopyAssetsPlugin(['*.md'])],
|
||||||
|
// Uncomment this if you are using workers.
|
||||||
|
// worker: {
|
||||||
|
// plugins: () => [ nxViteTsPaths() ],
|
||||||
|
// },
|
||||||
|
test: {
|
||||||
|
name: 'api-client',
|
||||||
|
watch: false,
|
||||||
|
globals: true,
|
||||||
|
environment: 'jsdom',
|
||||||
|
include: ['{src,tests}/**/*.{test,spec}.{js,mjs,cjs,ts,mts,cts,jsx,tsx}'],
|
||||||
|
setupFiles: ['src/test-setup.ts'],
|
||||||
|
reporters: ['default'],
|
||||||
|
coverage: {
|
||||||
|
reportsDirectory: '../../coverage/libs/api-client',
|
||||||
|
provider: 'v8' as const,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}));
|
||||||
7
libs/auth/README.md
Normal file
7
libs/auth/README.md
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
# auth
|
||||||
|
|
||||||
|
This library was generated with [Nx](https://nx.dev).
|
||||||
|
|
||||||
|
## Running unit tests
|
||||||
|
|
||||||
|
Run `nx test auth` to execute the unit tests.
|
||||||
34
libs/auth/eslint.config.mjs
Normal file
34
libs/auth/eslint.config.mjs
Normal file
@@ -0,0 +1,34 @@
|
|||||||
|
import nx from '@nx/eslint-plugin';
|
||||||
|
import baseConfig from '../../eslint.config.mjs';
|
||||||
|
|
||||||
|
export default [
|
||||||
|
...nx.configs['flat/angular'],
|
||||||
|
...nx.configs['flat/angular-template'],
|
||||||
|
...baseConfig,
|
||||||
|
{
|
||||||
|
files: ['**/*.ts'],
|
||||||
|
rules: {
|
||||||
|
'@angular-eslint/directive-selector': [
|
||||||
|
'error',
|
||||||
|
{
|
||||||
|
type: 'attribute',
|
||||||
|
prefix: 'lib',
|
||||||
|
style: 'camelCase',
|
||||||
|
},
|
||||||
|
],
|
||||||
|
'@angular-eslint/component-selector': [
|
||||||
|
'error',
|
||||||
|
{
|
||||||
|
type: 'element',
|
||||||
|
prefix: 'lib',
|
||||||
|
style: 'kebab-case',
|
||||||
|
},
|
||||||
|
],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
files: ['**/*.html'],
|
||||||
|
// Override or add rules here
|
||||||
|
rules: {},
|
||||||
|
},
|
||||||
|
];
|
||||||
13
libs/auth/project.json
Normal file
13
libs/auth/project.json
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
{
|
||||||
|
"name": "auth",
|
||||||
|
"$schema": "../../node_modules/nx/schemas/project-schema.json",
|
||||||
|
"sourceRoot": "libs/auth/src",
|
||||||
|
"prefix": "lib",
|
||||||
|
"projectType": "library",
|
||||||
|
"tags": [],
|
||||||
|
"targets": {
|
||||||
|
"lint": {
|
||||||
|
"executor": "@nx/eslint:lint"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
4
libs/auth/src/index.ts
Normal file
4
libs/auth/src/index.ts
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
export * from './lib/auth.service';
|
||||||
|
export * from './lib/digid-auth.service';
|
||||||
|
export * from './lib/digid-auth.providers';
|
||||||
|
export * from './lib/authenticated.guard';
|
||||||
16
libs/auth/src/lib/auth.service.ts
Normal file
16
libs/auth/src/lib/auth.service.ts
Normal file
@@ -0,0 +1,16 @@
|
|||||||
|
import { Signal } from '@angular/core';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The portal's view of the signed-in user. An abstraction over the OIDC library so components and
|
||||||
|
* guards depend on a small, mockable surface (the real implementation is DigiadAuthService).
|
||||||
|
*/
|
||||||
|
export abstract class AuthService {
|
||||||
|
/** Whether a DigiD session is active. */
|
||||||
|
abstract readonly isAuthenticated: Signal<boolean>;
|
||||||
|
/** The citizen-service number from the DigiD token, once authenticated. */
|
||||||
|
abstract readonly bsn: Signal<string | undefined>;
|
||||||
|
/** Start the DigiD login (redirects to Keycloak). */
|
||||||
|
abstract login(): void;
|
||||||
|
/** End the session. */
|
||||||
|
abstract logout(): void;
|
||||||
|
}
|
||||||
42
libs/auth/src/lib/authenticated.guard.spec.ts
Normal file
42
libs/auth/src/lib/authenticated.guard.spec.ts
Normal file
@@ -0,0 +1,42 @@
|
|||||||
|
import { signal } from '@angular/core';
|
||||||
|
import { TestBed } from '@angular/core/testing';
|
||||||
|
import { AuthService } from './auth.service';
|
||||||
|
import { authenticatedGuard } from './authenticated.guard';
|
||||||
|
|
||||||
|
class FakeAuth extends AuthService {
|
||||||
|
readonly isAuthenticated = signal(false);
|
||||||
|
readonly bsn = signal<string | undefined>(undefined);
|
||||||
|
login(): void {
|
||||||
|
/* spied in tests */
|
||||||
|
}
|
||||||
|
logout(): void {
|
||||||
|
/* noop */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function runGuard(authenticated: boolean) {
|
||||||
|
const auth = new FakeAuth();
|
||||||
|
auth.isAuthenticated.set(authenticated);
|
||||||
|
const loginSpy = vi.spyOn(auth, 'login');
|
||||||
|
TestBed.configureTestingModule({
|
||||||
|
providers: [{ provide: AuthService, useValue: auth }],
|
||||||
|
});
|
||||||
|
const result = TestBed.runInInjectionContext(() =>
|
||||||
|
authenticatedGuard(null as never, null as never),
|
||||||
|
);
|
||||||
|
return { result, loginSpy };
|
||||||
|
}
|
||||||
|
|
||||||
|
describe('authenticatedGuard', () => {
|
||||||
|
it('allows the route for an authenticated user', () => {
|
||||||
|
const { result, loginSpy } = runGuard(true);
|
||||||
|
expect(result).toBe(true);
|
||||||
|
expect(loginSpy).not.toHaveBeenCalled();
|
||||||
|
});
|
||||||
|
|
||||||
|
it('blocks and starts DigiD login when not authenticated', () => {
|
||||||
|
const { result, loginSpy } = runGuard(false);
|
||||||
|
expect(result).toBe(false);
|
||||||
|
expect(loginSpy).toHaveBeenCalledTimes(1);
|
||||||
|
});
|
||||||
|
});
|
||||||
13
libs/auth/src/lib/authenticated.guard.ts
Normal file
13
libs/auth/src/lib/authenticated.guard.ts
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
import { inject } from '@angular/core';
|
||||||
|
import { CanActivateFn } from '@angular/router';
|
||||||
|
import { AuthService } from './auth.service';
|
||||||
|
|
||||||
|
/** Allow the route only when a DigiD session is active; otherwise start the login. */
|
||||||
|
export const authenticatedGuard: CanActivateFn = () => {
|
||||||
|
const auth = inject(AuthService);
|
||||||
|
if (auth.isAuthenticated()) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
auth.login();
|
||||||
|
return false;
|
||||||
|
};
|
||||||
55
libs/auth/src/lib/digid-auth.providers.ts
Normal file
55
libs/auth/src/lib/digid-auth.providers.ts
Normal file
@@ -0,0 +1,55 @@
|
|||||||
|
import { EnvironmentProviders, makeEnvironmentProviders } from '@angular/core';
|
||||||
|
import {
|
||||||
|
authInterceptor,
|
||||||
|
LogLevel,
|
||||||
|
provideAuth,
|
||||||
|
withAppInitializerAuthCheck,
|
||||||
|
} from 'angular-auth-oidc-client';
|
||||||
|
import { AuthService } from './auth.service';
|
||||||
|
import { DigiadAuthService } from './digid-auth.service';
|
||||||
|
|
||||||
|
export interface DigiadAuthOptions {
|
||||||
|
/** The Keycloak `digid` realm issuer, as reachable from the browser. */
|
||||||
|
authority: string;
|
||||||
|
/** Where Keycloak redirects back to after login (usually the app origin). */
|
||||||
|
redirectUrl: string;
|
||||||
|
/**
|
||||||
|
* Route prefixes whose requests get the bearer token attached. The api-client calls the BFF with
|
||||||
|
* **relative** URLs (same-origin via the nginx proxy), so these must be relative path prefixes
|
||||||
|
* (e.g. `/self-service/`) — angular-auth-oidc-client matches `req.url.startsWith(route)`, and a
|
||||||
|
* relative `req.url` never starts with an absolute origin.
|
||||||
|
*/
|
||||||
|
secureRoutes: string[];
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Configure DigiD login (Keycloak `digid` realm, public client `big-portal`, auth-code + PKCE) and
|
||||||
|
* bind {@link AuthService} to the OIDC-backed implementation. Register {@link authInterceptor} in the
|
||||||
|
* app's HttpClient so BFF calls carry the token.
|
||||||
|
*/
|
||||||
|
export function provideDigiadAuth(options: DigiadAuthOptions): EnvironmentProviders {
|
||||||
|
return makeEnvironmentProviders([
|
||||||
|
provideAuth(
|
||||||
|
{
|
||||||
|
config: {
|
||||||
|
authority: options.authority,
|
||||||
|
redirectUrl: options.redirectUrl,
|
||||||
|
postLogoutRedirectUri: options.redirectUrl,
|
||||||
|
clientId: 'big-portal',
|
||||||
|
scope: 'openid profile',
|
||||||
|
responseType: 'code',
|
||||||
|
silentRenew: true,
|
||||||
|
useRefreshToken: true,
|
||||||
|
secureRoutes: options.secureRoutes,
|
||||||
|
logLevel: LogLevel.Warn,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
// Run checkAuth() at startup so the DigiD callback (?code=…) is processed before the router
|
||||||
|
// and guard run — without it the guard sees "not authenticated" and re-triggers login (loop).
|
||||||
|
withAppInitializerAuthCheck(),
|
||||||
|
),
|
||||||
|
{ provide: AuthService, useClass: DigiadAuthService },
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
export { authInterceptor };
|
||||||
29
libs/auth/src/lib/digid-auth.service.ts
Normal file
29
libs/auth/src/lib/digid-auth.service.ts
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
import { inject, Injectable, Signal } from '@angular/core';
|
||||||
|
import { toSignal } from '@angular/core/rxjs-interop';
|
||||||
|
import { OidcSecurityService } from 'angular-auth-oidc-client';
|
||||||
|
import { map } from 'rxjs';
|
||||||
|
import { AuthService } from './auth.service';
|
||||||
|
|
||||||
|
/** DigiD-backed AuthService over angular-auth-oidc-client (Keycloak `digid` realm). */
|
||||||
|
@Injectable()
|
||||||
|
export class DigiadAuthService extends AuthService {
|
||||||
|
private readonly oidc = inject(OidcSecurityService);
|
||||||
|
|
||||||
|
readonly isAuthenticated: Signal<boolean> = toSignal(
|
||||||
|
this.oidc.isAuthenticated$.pipe(map((result) => result.isAuthenticated)),
|
||||||
|
{ initialValue: false },
|
||||||
|
);
|
||||||
|
|
||||||
|
readonly bsn: Signal<string | undefined> = toSignal(
|
||||||
|
this.oidc.userData$.pipe(map((data) => (data.userData as { bsn?: string } | null)?.bsn)),
|
||||||
|
{ initialValue: undefined },
|
||||||
|
);
|
||||||
|
|
||||||
|
override login(): void {
|
||||||
|
this.oidc.authorize();
|
||||||
|
}
|
||||||
|
|
||||||
|
override logout(): void {
|
||||||
|
this.oidc.logoff().subscribe();
|
||||||
|
}
|
||||||
|
}
|
||||||
5
libs/auth/src/test-setup.ts
Normal file
5
libs/auth/src/test-setup.ts
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
import '@angular/compiler';
|
||||||
|
import '@analogjs/vitest-angular/setup-snapshots';
|
||||||
|
import { setupTestBed } from '@analogjs/vitest-angular/setup-testbed';
|
||||||
|
|
||||||
|
setupTestBed({ zoneless: false });
|
||||||
31
libs/auth/tsconfig.json
Normal file
31
libs/auth/tsconfig.json
Normal file
@@ -0,0 +1,31 @@
|
|||||||
|
{
|
||||||
|
"extends": "../../tsconfig.base.json",
|
||||||
|
"compilerOptions": {
|
||||||
|
"isolatedModules": true,
|
||||||
|
"target": "es2022",
|
||||||
|
"moduleResolution": "bundler",
|
||||||
|
"strict": true,
|
||||||
|
"noImplicitOverride": true,
|
||||||
|
"noPropertyAccessFromIndexSignature": true,
|
||||||
|
"noImplicitReturns": true,
|
||||||
|
"noFallthroughCasesInSwitch": true,
|
||||||
|
"emitDecoratorMetadata": false,
|
||||||
|
"module": "preserve"
|
||||||
|
},
|
||||||
|
"angularCompilerOptions": {
|
||||||
|
"enableI18nLegacyMessageIdFormat": false,
|
||||||
|
"strictInjectionParameters": true,
|
||||||
|
"strictInputAccessModifiers": true,
|
||||||
|
"strictTemplates": true
|
||||||
|
},
|
||||||
|
"files": [],
|
||||||
|
"include": [],
|
||||||
|
"references": [
|
||||||
|
{
|
||||||
|
"path": "./tsconfig.lib.json"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"path": "./tsconfig.spec.json"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
26
libs/auth/tsconfig.lib.json
Normal file
26
libs/auth/tsconfig.lib.json
Normal file
@@ -0,0 +1,26 @@
|
|||||||
|
{
|
||||||
|
"extends": "./tsconfig.json",
|
||||||
|
"compilerOptions": {
|
||||||
|
"outDir": "../../dist/out-tsc",
|
||||||
|
"declaration": true,
|
||||||
|
"declarationMap": true,
|
||||||
|
"inlineSources": true,
|
||||||
|
"types": []
|
||||||
|
},
|
||||||
|
"include": ["src/**/*.ts"],
|
||||||
|
"exclude": [
|
||||||
|
"src/**/*.spec.ts",
|
||||||
|
"src/**/*.test.ts",
|
||||||
|
"vite.config.ts",
|
||||||
|
"vite.config.mts",
|
||||||
|
"vitest.config.ts",
|
||||||
|
"vitest.config.mts",
|
||||||
|
"src/**/*.test.tsx",
|
||||||
|
"src/**/*.spec.tsx",
|
||||||
|
"src/**/*.test.js",
|
||||||
|
"src/**/*.spec.js",
|
||||||
|
"src/**/*.test.jsx",
|
||||||
|
"src/**/*.spec.jsx",
|
||||||
|
"src/test-setup.ts"
|
||||||
|
]
|
||||||
|
}
|
||||||
29
libs/auth/tsconfig.spec.json
Normal file
29
libs/auth/tsconfig.spec.json
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
{
|
||||||
|
"extends": "./tsconfig.json",
|
||||||
|
"compilerOptions": {
|
||||||
|
"outDir": "../../dist/out-tsc",
|
||||||
|
"types": [
|
||||||
|
"vitest/globals",
|
||||||
|
"vitest/importMeta",
|
||||||
|
"vite/client",
|
||||||
|
"node",
|
||||||
|
"vitest"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"include": [
|
||||||
|
"vite.config.ts",
|
||||||
|
"vite.config.mts",
|
||||||
|
"vitest.config.ts",
|
||||||
|
"vitest.config.mts",
|
||||||
|
"src/**/*.test.ts",
|
||||||
|
"src/**/*.spec.ts",
|
||||||
|
"src/**/*.test.tsx",
|
||||||
|
"src/**/*.spec.tsx",
|
||||||
|
"src/**/*.test.js",
|
||||||
|
"src/**/*.spec.js",
|
||||||
|
"src/**/*.test.jsx",
|
||||||
|
"src/**/*.spec.jsx",
|
||||||
|
"src/**/*.d.ts"
|
||||||
|
],
|
||||||
|
"files": ["src/test-setup.ts"]
|
||||||
|
}
|
||||||
28
libs/auth/vite.config.mts
Normal file
28
libs/auth/vite.config.mts
Normal file
@@ -0,0 +1,28 @@
|
|||||||
|
/// <reference types='vitest' />
|
||||||
|
import { defineConfig } from 'vite';
|
||||||
|
import angular from '@analogjs/vite-plugin-angular';
|
||||||
|
import { nxViteTsPaths } from '@nx/vite/plugins/nx-tsconfig-paths.plugin';
|
||||||
|
import { nxCopyAssetsPlugin } from '@nx/vite/plugins/nx-copy-assets.plugin';
|
||||||
|
|
||||||
|
export default defineConfig(() => ({
|
||||||
|
root: __dirname,
|
||||||
|
cacheDir: '../../node_modules/.vite/libs/auth',
|
||||||
|
plugins: [angular(), nxViteTsPaths(), nxCopyAssetsPlugin(['*.md'])],
|
||||||
|
// Uncomment this if you are using workers.
|
||||||
|
// worker: {
|
||||||
|
// plugins: () => [ nxViteTsPaths() ],
|
||||||
|
// },
|
||||||
|
test: {
|
||||||
|
name: 'auth',
|
||||||
|
watch: false,
|
||||||
|
globals: true,
|
||||||
|
environment: 'jsdom',
|
||||||
|
include: ['{src,tests}/**/*.{test,spec}.{js,mjs,cjs,ts,mts,cts,jsx,tsx}'],
|
||||||
|
setupFiles: ['src/test-setup.ts'],
|
||||||
|
reporters: ['default'],
|
||||||
|
coverage: {
|
||||||
|
reportsDirectory: '../../coverage/libs/auth',
|
||||||
|
provider: 'v8' as const,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}));
|
||||||
7
libs/ui/README.md
Normal file
7
libs/ui/README.md
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
# ui
|
||||||
|
|
||||||
|
This library was generated with [Nx](https://nx.dev).
|
||||||
|
|
||||||
|
## Running unit tests
|
||||||
|
|
||||||
|
Run `nx test ui` to execute the unit tests.
|
||||||
34
libs/ui/eslint.config.mjs
Normal file
34
libs/ui/eslint.config.mjs
Normal file
@@ -0,0 +1,34 @@
|
|||||||
|
import nx from '@nx/eslint-plugin';
|
||||||
|
import baseConfig from '../../eslint.config.mjs';
|
||||||
|
|
||||||
|
export default [
|
||||||
|
...nx.configs['flat/angular'],
|
||||||
|
...nx.configs['flat/angular-template'],
|
||||||
|
...baseConfig,
|
||||||
|
{
|
||||||
|
files: ['**/*.ts'],
|
||||||
|
rules: {
|
||||||
|
'@angular-eslint/directive-selector': [
|
||||||
|
'error',
|
||||||
|
{
|
||||||
|
type: 'attribute',
|
||||||
|
prefix: 'lib',
|
||||||
|
style: 'camelCase',
|
||||||
|
},
|
||||||
|
],
|
||||||
|
'@angular-eslint/component-selector': [
|
||||||
|
'error',
|
||||||
|
{
|
||||||
|
type: 'element',
|
||||||
|
prefix: 'lib',
|
||||||
|
style: 'kebab-case',
|
||||||
|
},
|
||||||
|
],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
files: ['**/*.html'],
|
||||||
|
// Override or add rules here
|
||||||
|
rules: {},
|
||||||
|
},
|
||||||
|
];
|
||||||
13
libs/ui/project.json
Normal file
13
libs/ui/project.json
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
{
|
||||||
|
"name": "ui",
|
||||||
|
"$schema": "../../node_modules/nx/schemas/project-schema.json",
|
||||||
|
"sourceRoot": "libs/ui/src",
|
||||||
|
"prefix": "lib",
|
||||||
|
"projectType": "library",
|
||||||
|
"tags": [],
|
||||||
|
"targets": {
|
||||||
|
"lint": {
|
||||||
|
"executor": "@nx/eslint:lint"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
11
libs/ui/src/index.ts
Normal file
11
libs/ui/src/index.ts
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
// NL Design System building blocks — Utrecht is NL DS's reference Angular implementation
|
||||||
|
// (docs/frontend-decisions.md). The portals depend on the design system through this one lib.
|
||||||
|
// The design tokens/theme CSS is imported once, at the app level (apps/*/src/styles.css).
|
||||||
|
//
|
||||||
|
// The Utrecht v3 components are NgModule-based (not standalone), so we re-export the module.
|
||||||
|
// A standalone component consumes them by importing UtrechtComponentsModule in its `imports`
|
||||||
|
// (CLAUDE.md §10 forbids *declaring* NgModules in our code, not consuming a third-party one).
|
||||||
|
// Re-export the whole Utrecht package: importing UtrechtComponentsModule pulls every component it
|
||||||
|
// exports into the compiler's scope, so the AOT build needs all of them resolvable through this
|
||||||
|
// barrel (a partial re-export fails with NG3004 for the first unused component).
|
||||||
|
export * from '@utrecht/component-library-angular';
|
||||||
7
libs/ui/src/lib/ui.spec.ts
Normal file
7
libs/ui/src/lib/ui.spec.ts
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
import { UtrechtComponentsModule } from '../index';
|
||||||
|
|
||||||
|
describe('ui barrel', () => {
|
||||||
|
it('re-exports the NL Design System (Utrecht) module', () => {
|
||||||
|
expect(UtrechtComponentsModule).toBeTruthy();
|
||||||
|
});
|
||||||
|
});
|
||||||
5
libs/ui/src/test-setup.ts
Normal file
5
libs/ui/src/test-setup.ts
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
import '@angular/compiler';
|
||||||
|
import '@analogjs/vitest-angular/setup-snapshots';
|
||||||
|
import { setupTestBed } from '@analogjs/vitest-angular/setup-testbed';
|
||||||
|
|
||||||
|
setupTestBed({ zoneless: false });
|
||||||
31
libs/ui/tsconfig.json
Normal file
31
libs/ui/tsconfig.json
Normal file
@@ -0,0 +1,31 @@
|
|||||||
|
{
|
||||||
|
"extends": "../../tsconfig.base.json",
|
||||||
|
"compilerOptions": {
|
||||||
|
"isolatedModules": true,
|
||||||
|
"target": "es2022",
|
||||||
|
"moduleResolution": "bundler",
|
||||||
|
"strict": true,
|
||||||
|
"noImplicitOverride": true,
|
||||||
|
"noPropertyAccessFromIndexSignature": true,
|
||||||
|
"noImplicitReturns": true,
|
||||||
|
"noFallthroughCasesInSwitch": true,
|
||||||
|
"emitDecoratorMetadata": false,
|
||||||
|
"module": "preserve"
|
||||||
|
},
|
||||||
|
"angularCompilerOptions": {
|
||||||
|
"enableI18nLegacyMessageIdFormat": false,
|
||||||
|
"strictInjectionParameters": true,
|
||||||
|
"strictInputAccessModifiers": true,
|
||||||
|
"strictTemplates": true
|
||||||
|
},
|
||||||
|
"files": [],
|
||||||
|
"include": [],
|
||||||
|
"references": [
|
||||||
|
{
|
||||||
|
"path": "./tsconfig.lib.json"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"path": "./tsconfig.spec.json"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
26
libs/ui/tsconfig.lib.json
Normal file
26
libs/ui/tsconfig.lib.json
Normal file
@@ -0,0 +1,26 @@
|
|||||||
|
{
|
||||||
|
"extends": "./tsconfig.json",
|
||||||
|
"compilerOptions": {
|
||||||
|
"outDir": "../../dist/out-tsc",
|
||||||
|
"declaration": true,
|
||||||
|
"declarationMap": true,
|
||||||
|
"inlineSources": true,
|
||||||
|
"types": []
|
||||||
|
},
|
||||||
|
"include": ["src/**/*.ts"],
|
||||||
|
"exclude": [
|
||||||
|
"src/**/*.spec.ts",
|
||||||
|
"src/**/*.test.ts",
|
||||||
|
"vite.config.ts",
|
||||||
|
"vite.config.mts",
|
||||||
|
"vitest.config.ts",
|
||||||
|
"vitest.config.mts",
|
||||||
|
"src/**/*.test.tsx",
|
||||||
|
"src/**/*.spec.tsx",
|
||||||
|
"src/**/*.test.js",
|
||||||
|
"src/**/*.spec.js",
|
||||||
|
"src/**/*.test.jsx",
|
||||||
|
"src/**/*.spec.jsx",
|
||||||
|
"src/test-setup.ts"
|
||||||
|
]
|
||||||
|
}
|
||||||
29
libs/ui/tsconfig.spec.json
Normal file
29
libs/ui/tsconfig.spec.json
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
{
|
||||||
|
"extends": "./tsconfig.json",
|
||||||
|
"compilerOptions": {
|
||||||
|
"outDir": "../../dist/out-tsc",
|
||||||
|
"types": [
|
||||||
|
"vitest/globals",
|
||||||
|
"vitest/importMeta",
|
||||||
|
"vite/client",
|
||||||
|
"node",
|
||||||
|
"vitest"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"include": [
|
||||||
|
"vite.config.ts",
|
||||||
|
"vite.config.mts",
|
||||||
|
"vitest.config.ts",
|
||||||
|
"vitest.config.mts",
|
||||||
|
"src/**/*.test.ts",
|
||||||
|
"src/**/*.spec.ts",
|
||||||
|
"src/**/*.test.tsx",
|
||||||
|
"src/**/*.spec.tsx",
|
||||||
|
"src/**/*.test.js",
|
||||||
|
"src/**/*.spec.js",
|
||||||
|
"src/**/*.test.jsx",
|
||||||
|
"src/**/*.spec.jsx",
|
||||||
|
"src/**/*.d.ts"
|
||||||
|
],
|
||||||
|
"files": ["src/test-setup.ts"]
|
||||||
|
}
|
||||||
28
libs/ui/vite.config.mts
Normal file
28
libs/ui/vite.config.mts
Normal file
@@ -0,0 +1,28 @@
|
|||||||
|
/// <reference types='vitest' />
|
||||||
|
import { defineConfig } from 'vite';
|
||||||
|
import angular from '@analogjs/vite-plugin-angular';
|
||||||
|
import { nxViteTsPaths } from '@nx/vite/plugins/nx-tsconfig-paths.plugin';
|
||||||
|
import { nxCopyAssetsPlugin } from '@nx/vite/plugins/nx-copy-assets.plugin';
|
||||||
|
|
||||||
|
export default defineConfig(() => ({
|
||||||
|
root: __dirname,
|
||||||
|
cacheDir: '../../node_modules/.vite/libs/ui',
|
||||||
|
plugins: [angular(), nxViteTsPaths(), nxCopyAssetsPlugin(['*.md'])],
|
||||||
|
// Uncomment this if you are using workers.
|
||||||
|
// worker: {
|
||||||
|
// plugins: () => [ nxViteTsPaths() ],
|
||||||
|
// },
|
||||||
|
test: {
|
||||||
|
name: 'ui',
|
||||||
|
watch: false,
|
||||||
|
globals: true,
|
||||||
|
environment: 'jsdom',
|
||||||
|
include: ['{src,tests}/**/*.{test,spec}.{js,mjs,cjs,ts,mts,cts,jsx,tsx}'],
|
||||||
|
setupFiles: ['src/test-setup.ts'],
|
||||||
|
reporters: ['default'],
|
||||||
|
coverage: {
|
||||||
|
reportsDirectory: '../../coverage/libs/ui',
|
||||||
|
provider: 'v8' as const,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}));
|
||||||
2
nx.json
2
nx.json
@@ -97,7 +97,7 @@
|
|||||||
{
|
{
|
||||||
"plugin": "@nx/vitest",
|
"plugin": "@nx/vitest",
|
||||||
"options": {
|
"options": {
|
||||||
"testTargetName": "vite:test"
|
"testTargetName": "test"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
|||||||
@@ -12,6 +12,9 @@
|
|||||||
"@angular/forms": "21.2.9",
|
"@angular/forms": "21.2.9",
|
||||||
"@angular/platform-browser": "21.2.9",
|
"@angular/platform-browser": "21.2.9",
|
||||||
"@angular/router": "21.2.9",
|
"@angular/router": "21.2.9",
|
||||||
|
"@utrecht/component-library-angular": "^3.0.2",
|
||||||
|
"@utrecht/design-tokens": "^6.2.1",
|
||||||
|
"angular-auth-oidc-client": "^21.0.2",
|
||||||
"rxjs": "~7.8.0",
|
"rxjs": "~7.8.0",
|
||||||
"zone.js": "0.16.0"
|
"zone.js": "0.16.0"
|
||||||
},
|
},
|
||||||
@@ -40,11 +43,13 @@
|
|||||||
"@swc-node/register": "1.11.1",
|
"@swc-node/register": "1.11.1",
|
||||||
"@swc/core": "1.15.8",
|
"@swc/core": "1.15.8",
|
||||||
"@swc/helpers": "0.5.18",
|
"@swc/helpers": "0.5.18",
|
||||||
|
"@testing-library/angular": "^19.4.1",
|
||||||
"@types/node": "20.19.9",
|
"@types/node": "20.19.9",
|
||||||
"@typescript-eslint/utils": "^8.40.0",
|
"@typescript-eslint/utils": "^8.40.0",
|
||||||
"@vitest/coverage-v8": "~4.1.0",
|
"@vitest/coverage-v8": "~4.1.0",
|
||||||
"@vitest/ui": "~4.1.0",
|
"@vitest/ui": "~4.1.0",
|
||||||
"angular-eslint": "21.3.1",
|
"angular-eslint": "21.3.1",
|
||||||
|
"axe-core": "^4.12.1",
|
||||||
"esbuild": "^0.27.0",
|
"esbuild": "^0.27.0",
|
||||||
"eslint": "^9.8.0",
|
"eslint": "^9.8.0",
|
||||||
"eslint-config-prettier": "^10.0.0",
|
"eslint-config-prettier": "^10.0.0",
|
||||||
@@ -52,6 +57,7 @@
|
|||||||
"jsdom": "~22.1.0",
|
"jsdom": "~22.1.0",
|
||||||
"jsonc-eslint-parser": "^2.1.0",
|
"jsonc-eslint-parser": "^2.1.0",
|
||||||
"nx": "23.0.1",
|
"nx": "23.0.1",
|
||||||
|
"orval": "^8.19.0",
|
||||||
"prettier": "^3.8.1",
|
"prettier": "^3.8.1",
|
||||||
"ts-node": "10.9.1",
|
"ts-node": "10.9.1",
|
||||||
"tslib": "^2.3.0",
|
"tslib": "^2.3.0",
|
||||||
@@ -59,6 +65,7 @@
|
|||||||
"typescript-eslint": "^8.40.0",
|
"typescript-eslint": "^8.40.0",
|
||||||
"vite": "8.0.9",
|
"vite": "8.0.9",
|
||||||
"vite-tsconfig-paths": "^5.1.4",
|
"vite-tsconfig-paths": "^5.1.4",
|
||||||
"vitest": "~4.1.0"
|
"vitest": "~4.1.0",
|
||||||
|
"vitest-axe": "^0.1.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
1077
pnpm-lock.yaml
generated
1077
pnpm-lock.yaml
generated
File diff suppressed because it is too large
Load Diff
8
tests/e2e/package.json
Normal file
8
tests/e2e/package.json
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
{
|
||||||
|
"name": "e2e",
|
||||||
|
"private": true,
|
||||||
|
"description": "Playwright walking-skeleton e2e (S-08d) — run inside the compose network by infra/run-e2e-check.sh.",
|
||||||
|
"devDependencies": {
|
||||||
|
"@playwright/test": "1.61.1"
|
||||||
|
}
|
||||||
|
}
|
||||||
28
tests/e2e/playwright.config.ts
Normal file
28
tests/e2e/playwright.config.ts
Normal file
@@ -0,0 +1,28 @@
|
|||||||
|
import { defineConfig, devices } from '@playwright/test';
|
||||||
|
|
||||||
|
// The e2e runs inside the compose network (infra/run-e2e-check.sh); baseURL defaults to the
|
||||||
|
// self-service service. Keep timeouts generous — the first navigation triggers the DigiD flow.
|
||||||
|
const baseURL = process.env.SELF_SERVICE_URL ?? 'http://self-service';
|
||||||
|
|
||||||
|
export default defineConfig({
|
||||||
|
testDir: '.',
|
||||||
|
timeout: 90_000,
|
||||||
|
expect: { timeout: 15_000 },
|
||||||
|
retries: 1,
|
||||||
|
reporter: [['list']],
|
||||||
|
use: {
|
||||||
|
baseURL,
|
||||||
|
trace: 'on-first-retry',
|
||||||
|
// The portal is served over plain HTTP on a non-localhost origin (http://self-service) inside the
|
||||||
|
// compose network, so it is NOT a secure context — and Web Crypto (`crypto.subtle`) is undefined
|
||||||
|
// there. angular-auth-oidc-client needs SubtleCrypto to build the PKCE code challenge, so
|
||||||
|
// `authorize()` throws and the login redirect never fires (the login form never appears). In
|
||||||
|
// production the portal runs behind HTTPS, where this works. Rather than terminate TLS in the
|
||||||
|
// throwaway e2e stack, tell Chromium to treat this origin as secure — which faithfully emulates
|
||||||
|
// the production HTTPS context. This flag is only honoured by the full Chromium build (new
|
||||||
|
// headless), not Playwright's default headless-shell, so pin `channel: 'chromium'`.
|
||||||
|
channel: 'chromium',
|
||||||
|
launchOptions: { args: [`--unsafely-treat-insecure-origin-as-secure=${baseURL}`] },
|
||||||
|
},
|
||||||
|
projects: [{ name: 'chromium', use: { ...devices['Desktop Chrome'] } }],
|
||||||
|
});
|
||||||
21
tests/e2e/registration.spec.ts
Normal file
21
tests/e2e/registration.spec.ts
Normal file
@@ -0,0 +1,21 @@
|
|||||||
|
import { expect, test } from '@playwright/test';
|
||||||
|
|
||||||
|
// Walking-skeleton happy path (S-08d): a zorgprofessional logs in via mock DigiD and submits a
|
||||||
|
// registration through the self-service portal → BFF → domain. The confirmation shows the reference.
|
||||||
|
test('DigiD login → submit → confirmation', async ({ page }) => {
|
||||||
|
// Visiting the guarded page redirects to the Keycloak (mock DigiD) login.
|
||||||
|
await page.goto('/');
|
||||||
|
|
||||||
|
// Keycloak's default login form (stable ids across themes).
|
||||||
|
await page.locator('#username').fill('jan-burger');
|
||||||
|
await page.locator('#password').fill('test123');
|
||||||
|
await page.locator('#kc-login').click();
|
||||||
|
|
||||||
|
// Back on the portal, authenticated.
|
||||||
|
await expect(page.getByRole('heading', { name: /Zelfservice/i })).toBeVisible();
|
||||||
|
|
||||||
|
await page.getByRole('button', { name: /indienen/i }).click();
|
||||||
|
|
||||||
|
// The BFF accepted it and the page shows the confirmation.
|
||||||
|
await expect(page.getByText(/ontvangen/i)).toBeVisible();
|
||||||
|
});
|
||||||
@@ -10,17 +10,15 @@
|
|||||||
"importHelpers": true,
|
"importHelpers": true,
|
||||||
"target": "es2015",
|
"target": "es2015",
|
||||||
"module": "esnext",
|
"module": "esnext",
|
||||||
"lib": [
|
"lib": ["es2020", "dom"],
|
||||||
"es2020",
|
|
||||||
"dom"
|
|
||||||
],
|
|
||||||
"skipLibCheck": true,
|
"skipLibCheck": true,
|
||||||
"skipDefaultLibCheck": true,
|
"skipDefaultLibCheck": true,
|
||||||
"baseUrl": ".",
|
"baseUrl": ".",
|
||||||
"paths": {}
|
"paths": {
|
||||||
|
"api-client": ["./libs/api-client/src/index.ts"],
|
||||||
|
"ui": ["./libs/ui/src/index.ts"],
|
||||||
|
"auth": ["./libs/auth/src/index.ts"]
|
||||||
|
}
|
||||||
},
|
},
|
||||||
"exclude": [
|
"exclude": ["node_modules", "tmp"]
|
||||||
"node_modules",
|
|
||||||
"tmp"
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
4
vitest.workspace.ts
Normal file
4
vitest.workspace.ts
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
export default [
|
||||||
|
'**/vite.config.{mjs,js,ts,mts}',
|
||||||
|
'**/vitest.config.{mjs,js,ts,mts}',
|
||||||
|
];
|
||||||
Reference in New Issue
Block a user