From 90d74282d87219ff3f407d7f68be9ed1cbb87736 Mon Sep 17 00:00:00 2001
From: TekH <h.tek@digitaldata.works>
Date: Fri, 29 May 2026 00:21:36 +0200
Subject: [PATCH] Add envelope receiver token endpoint to AuthController

Refactor `AuthController` to include `IMediator` dependency and
introduce a new `CreateTokenForEnvelopeReceiver` API endpoint
to handle envelope receiver authentication.

- Updated `using` directives to remove unused namespaces and
  add required ones for new functionality.
- Added `ReceiverLogin` model to represent envelope receiver
  login credentials.
- Implemented `ReadEnvelopeReceiverSecretQuery` to validate
  access codes for envelope receivers.
- Cleaned up unused fields and dependencies in `AuthController`.
---
 .../Controllers/AuthController.cs             | 43 +++++++++++++++----
 .../Models/ReceiverLogin.cs                   |  4 ++
 2 files changed, 38 insertions(+), 9 deletions(-)
 create mode 100644 src/DigitalData.Auth.API/Models/ReceiverLogin.cs

diff --git a/src/DigitalData.Auth.API/Controllers/AuthController.cs b/src/DigitalData.Auth.API/Controllers/AuthController.cs
index 6652962..09a6a34 100644
--- a/src/DigitalData.Auth.API/Controllers/AuthController.cs
+++ b/src/DigitalData.Auth.API/Controllers/AuthController.cs
@@ -1,16 +1,24 @@
 using DigitalData.Auth.API.Config;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Options;
-using DigitalData.UserManager.Application.Contracts;
-using DigitalData.UserManager.Application.DTOs.User;
+using DigitalData.Auth.API.Entities;
 using DigitalData.Auth.API.Models;
 using DigitalData.Auth.API.Services.Contracts;
-using DigitalData.Auth.API.Entities;
-using DigitalData.Core.Abstractions.Security.Services;
-using DigitalData.Core.Abstractions.Security.Extensions;
 using DigitalData.Core.Abstraction.Application;
 using DigitalData.Core.Abstraction.Application.DTO;
+using DigitalData.Core.Abstractions.Security.Extensions;
+using DigitalData.Core.Abstractions.Security.Services;
+using DigitalData.UserManager.Application.Contracts;
+using DigitalData.UserManager.Application.DTOs.User;
+using EnvelopeGenerator.Application.Common.Extensions;
+using EnvelopeGenerator.Application.Common.Interfaces.Services;
+using EnvelopeGenerator.Application.EnvelopeReceivers.Queries;
+using EnvelopeGenerator.Application.Receivers.Queries;
+using EnvelopeGenerator.Domain.Entities;
+using MediatR;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.FileSystemGlobbing;
+using Microsoft.Extensions.Options;
+using System.Text;
 
 namespace DigitalData.Auth.API.Controllers
 {
@@ -36,7 +44,9 @@ namespace DigitalData.Auth.API.Controllers
 
         private readonly IOptionsMonitor<BackdoorParams> _backdoorMonitor;
 
-        public AuthController(IJwtSignatureHandler<UserReadDto> userSignatureHandler, IOptions<AuthApiParams> cookieParamsOptions, IAsymmetricKeyPool keyPool, ILogger<AuthController> logger, IUserService userService, IDirectorySearchService dirSearchService, IConsumerService consumerService, IJwtSignatureHandler<Consumer> apiSignatureHandler, IOptionsMonitor<BackdoorParams> backdoorMonitor)
+        private readonly IMediator _mediator;
+
+        public AuthController(IJwtSignatureHandler<UserReadDto> userSignatureHandler, IOptions<AuthApiParams> cookieParamsOptions, IAsymmetricKeyPool keyPool, ILogger<AuthController> logger, IUserService userService, IDirectorySearchService dirSearchService, IConsumerService consumerService, IJwtSignatureHandler<Consumer> apiSignatureHandler, IOptionsMonitor<BackdoorParams> backdoorMonitor, IMediator mediator)
         {
             _apiParams = cookieParamsOptions.Value;
             _userSignatureHandler = userSignatureHandler;
@@ -47,6 +57,7 @@ namespace DigitalData.Auth.API.Controllers
             _consumerService = consumerService;
             _consumerSignatureHandler = apiSignatureHandler;
             _backdoorMonitor = backdoorMonitor;
+            _mediator = mediator;
         }
 
         private async Task<IActionResult> CreateTokenAsync(UserLogin login, string consumerName, bool cookie = true)
@@ -210,5 +221,19 @@ namespace DigitalData.Auth.API.Controllers
         [HttpGet("check")]
         [Authorize]
         public IActionResult Check() => Ok();
+
+        [HttpPost("envelope-receiver/{key}")]
+        public async Task<IActionResult> CreateTokenForEnvelopeReceiver([FromRoute]string key, [FromForm] ReceiverLogin receiverLogin, CancellationToken cancel)
+        {
+            var er = await _mediator.Send(new ReadEnvelopeReceiverSecretQuery()
+            {
+                Key = key
+            }, cancel);
+
+            if(er is null)
+                return NotFound();
+
+            return er.AccessCode == receiverLogin.AccessCode ? Ok() : Unauthorized();
+        }
     }
 }
\ No newline at end of file
diff --git a/src/DigitalData.Auth.API/Models/ReceiverLogin.cs b/src/DigitalData.Auth.API/Models/ReceiverLogin.cs
new file mode 100644
index 0000000..f4cf297
--- /dev/null
+++ b/src/DigitalData.Auth.API/Models/ReceiverLogin.cs
@@ -0,0 +1,4 @@
+namespace DigitalData.Auth.API.Models
+{
+    public record ReceiverLogin(string AccessCode);
+}