All checks were successful
## What & why First half of **S-12c** (behandel-portal backend), per **ADR-0013** (decisions recorded in #84): - **BFF multi-realm auth.** A second JWT bearer scheme (`medewerker`) alongside the default `digid` scheme. On validation it lifts Keycloak's `realm_access.roles` onto the principal, and a `behandelaar` policy (medewerker scheme + `behandelaar` role) gates `/behandel/*`. Self-service keeps the digid scheme. - **Werkbak = Flowable tasks.** The domain `Werkbak` query reads the open `Beoordelen` tasks (§8.2, S-12b's `IUserTaskClient`) and enriches each with its aggregate's bsn + status; `GET /behandel/werkbak` (domain) is proxied by the BFF `GET /behandel/werkbak` behind the behandelaar policy. The read projection stays the anonymous openbaar model (no premature `IN_BEHANDELING`/personal-data plumbing — deferred in ADR-0008). Behavior: `/behandel/werkbak` is **401** without a token, **403** for a medewerker lacking the role, **200 + werkbak** for a behandelaar. **S-12c-2** (next): `POST /behandel/registrations/{id}/decide` → domain decision + complete the Flowable task. ## Definition of Done - [x] Linked issue: #13 (umbrella, `refs`); closes the adr-proposal #84 - [x] Tests first; red → green per layer - [x] Unit + acceptance green (`make unit`): domain 78, bff 23, acceptance 9 (+ acl/event-subscriber unaffected) - [x] api-client `test` green; openapi.json regenerated (drift guard passes) - [x] Mutation ≥ break(90): **domain 100%, bff 100%** - [x] ADR-0013 added; `Keycloak__MedewerkerAuthority` wired into compose - [ ] CI green (pending) Part of #13. closes #84 Reviewed-on: #85
105 lines
5.3 KiB
C#
105 lines
5.3 KiB
C#
using Big.Application;
|
|
using Big.Domain;
|
|
using Big.Infrastructure;
|
|
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
|
|
// Options bound from configuration (compose sets Flowable__* and Acl__* env vars).
|
|
builder.Services.AddSingleton(sp => sp.GetRequiredService<IConfiguration>()
|
|
.GetSection("Flowable").Get<FlowableOptions>()
|
|
?? throw new InvalidOperationException("Missing configuration section 'Flowable'"));
|
|
builder.Services.AddSingleton(sp => sp.GetRequiredService<IConfiguration>()
|
|
.GetSection("Acl").Get<AclOptions>()
|
|
?? throw new InvalidOperationException("Missing configuration section 'Acl'"));
|
|
|
|
// The in-memory registration store is shared between the submit endpoint and the worker (ADR-0009).
|
|
builder.Services.AddSingleton<IRegistrationStore, InMemoryRegistrationStore>();
|
|
|
|
// The Workflow Client is one type behind two ports (start side + worker side); both resolve to the
|
|
// same HttpClient-backed implementation — the only code that talks to Flowable (§8.2).
|
|
builder.Services.AddHttpClient<FlowableWorkflowClient>();
|
|
builder.Services.AddTransient<IWorkflowClient>(sp => sp.GetRequiredService<FlowableWorkflowClient>());
|
|
builder.Services.AddTransient<IExternalWorkerClient>(sp => sp.GetRequiredService<FlowableWorkflowClient>());
|
|
builder.Services.AddTransient<IUserTaskClient>(sp => sp.GetRequiredService<FlowableWorkflowClient>());
|
|
builder.Services.AddHttpClient<IAclClient, AclHttpClient>();
|
|
|
|
builder.Services.AddScoped<SubmitRegistration>();
|
|
builder.Services.AddScoped<ApproveRegistration>();
|
|
builder.Services.AddScoped<BeoordeelRegistratie>();
|
|
builder.Services.AddScoped<Werkbak>();
|
|
builder.Services.AddScoped<OpenZaakWorker>();
|
|
builder.Services.AddScoped<OpenZaakJobProcessor>();
|
|
|
|
// The hosted external-task job worker polls Flowable and drives OpenZaakAanmaken to completion.
|
|
builder.Services.AddHostedService<OpenZaakJobPump>();
|
|
|
|
var app = builder.Build();
|
|
|
|
app.MapGet("/health", () => "Healthy");
|
|
|
|
// Submit a registration. The aggregate is created (INGEDIEND) and the registratie process started;
|
|
// the zaak is opened later, off the request path, by the worker — so this returns 202 Accepted with
|
|
// a location to read the registration's progress (ADR-0009, eventual consistency).
|
|
app.MapPost("/registrations", async (SubmitRegistrationRequest body, SubmitRegistration submit, CancellationToken ct) =>
|
|
{
|
|
var id = await submit.HandleAsync(new SubmitRegistrationCommand(body.Bsn), ct);
|
|
return Results.Accepted($"/registrations/{id}", new RegistrationResponse(id.ToString(), RegistrationStatus.Ingediend.ToString(), null));
|
|
});
|
|
|
|
// Temporary admin endpoint (S-09b): approve a registration — the behandelaar's decision, until the
|
|
// behandel-portal exists (S-12). The zaak's final status is set via the ACL, which flows back over
|
|
// NRC to the projection, making the entry publicly visible as INGESCHREVEN. Idempotent.
|
|
app.MapPost("/registrations/{id}/approve", async (string id, ApproveRegistration approve, CancellationToken ct) =>
|
|
{
|
|
if (!Guid.TryParse(id, out var guid))
|
|
return Results.NotFound();
|
|
|
|
await approve.HandleAsync(new ApproveRegistrationCommand(new RegistrationId(guid)), ct);
|
|
return Results.NoContent();
|
|
});
|
|
|
|
// The behandelaar's beoordeling (S-12): decide a registration goedkeuren (→ INGESCHREVEN, sets the
|
|
// zaak's final status via the ACL) or afwijzen (→ AFGEWEZEN). Idempotent. This is the domain contract
|
|
// the behandel-portal's decision reaches through the BFF; it supersedes the temporary /approve above,
|
|
// which is retired once the portal lands.
|
|
app.MapPost("/registrations/{id}/decide", async (string id, DecideRequest body, BeoordeelRegistratie beoordeel, CancellationToken ct) =>
|
|
{
|
|
if (!Guid.TryParse(id, out var guid))
|
|
return Results.NotFound();
|
|
|
|
if (!Enum.TryParse<BeoordelingsBesluit>(body.Besluit, ignoreCase: true, out var besluit))
|
|
return Results.BadRequest(new { error = $"Unknown besluit '{body.Besluit}'. Expected 'goedkeuren' or 'afwijzen'." });
|
|
|
|
await beoordeel.HandleAsync(new BeoordeelRegistratieCommand(new RegistrationId(guid), besluit), ct);
|
|
return Results.NoContent();
|
|
});
|
|
|
|
// The behandelaar's werkbak (S-12): the registrations awaiting beoordeling, read from the open
|
|
// Beoordelen user tasks (§8.2) and enriched with bsn + status. The BFF proxies this behind
|
|
// medewerker-realm + behandelaar-role authorization; the domain trusts its callers (§8.3).
|
|
app.MapGet("/behandel/werkbak", async (Werkbak werkbak, CancellationToken ct) =>
|
|
Results.Ok(await werkbak.GetAsync(ct)));
|
|
|
|
// Read a registration. Its zaak URL appears once the worker has opened the zaak (eventually).
|
|
app.MapGet("/registrations/{id}", async (string id, IRegistrationStore store, CancellationToken ct) =>
|
|
{
|
|
if (!Guid.TryParse(id, out var guid))
|
|
return Results.NotFound();
|
|
|
|
var registration = await store.GetAsync(new RegistrationId(guid), ct);
|
|
return registration is null
|
|
? Results.NotFound()
|
|
: Results.Ok(new RegistrationResponse(
|
|
registration.Id.ToString(), registration.Status.ToString(), registration.ZaakUrl?.ToString()));
|
|
});
|
|
|
|
await app.RunAsync();
|
|
|
|
public sealed record SubmitRegistrationRequest(string Bsn);
|
|
|
|
public sealed record DecideRequest(string Besluit);
|
|
|
|
public sealed record RegistrationResponse(string RegistrationId, string Status, string? ZaakUrl);
|
|
|
|
public partial class Program;
|