POST /self-service/registrations requires a valid digid JWT, reads the bsn claim and forwards it to the domain, returning 202. GET /openbaar/register is anonymous and returns OpenbaarProjection.PublicView — rows filtered by q and mapped to the public-safe id+status only (bsn/naam never exposed). JwtBearer validates signature/issuer/expiry against the Keycloak digid authority (§8.3, ADR-0010). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
19 lines
733 B
C#
19 lines
733 B
C#
namespace Bff.Api;
|
|
|
|
/// <summary>
|
|
/// The public view of the read projection: filters rows by the openbaar search term and maps each to
|
|
/// a public-safe <see cref="OpenbaarEntry"/> (only <c>id</c> + <c>status</c> — bsn/naam never leave the
|
|
/// BFF). Pure so it is unit- and mutation-tested directly (ADR-0010).
|
|
/// </summary>
|
|
public static class OpenbaarProjection
|
|
{
|
|
public static IReadOnlyList<OpenbaarEntry> PublicView(IReadOnlyList<ProjectionEntry> entries, string? q)
|
|
{
|
|
var filtered = string.IsNullOrWhiteSpace(q)
|
|
? entries
|
|
: entries.Where(e => e.Id.Contains(q, StringComparison.OrdinalIgnoreCase));
|
|
|
|
return [.. filtered.Select(e => new OpenbaarEntry(e.Id, e.Status))];
|
|
}
|
|
}
|