From 0939e57c56b93a152d3251d9484cc763a5dd68bf Mon Sep 17 00:00:00 2001
From: TekH <h.tek@digitaldata.works>
Date: Mon, 25 Aug 2025 16:40:46 +0200
Subject: [PATCH] refactor(EnvelopeController): migrate envelope update to
 MediatR with annotations

- Renamed `Update` action to `CreateOrUpdate`.
- Replaced manual signing logic with `_mediator.SignDocAsync`.
- Added `ExpandoObject` parameter to handle document annotations.
- Improved authorization checks and logging for missing claims.
- Kept legacy `Reject` endpoint intact with obsolete services.
---
 .../Controllers/EnvelopeController.cs         | 38 ++++++++-----------
 EnvelopeGenerator.Web/wwwroot/js/app.js       |  1 -
 EnvelopeGenerator.Web/wwwroot/js/network.js   |  4 +-
 3 files changed, 18 insertions(+), 25 deletions(-)

diff --git a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
index 069cef38..508e84e5 100644
--- a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
@@ -7,10 +7,13 @@ using EnvelopeGenerator.Extensions;
 using EnvelopeGenerator.Application.Interfaces.Services;
 using static EnvelopeGenerator.Domain.Constants;
 using EnvelopeGenerator.Domain.Entities;
-using EnvelopeGenerator.Domain;
 using DigitalData.Core.Abstraction.Application.DTO;
 using EnvelopeGenerator.Web.Extensions;
 using MediatR;
+using System.Dynamic;
+using EnvelopeGenerator.Application.EnvelopeReceivers.Queries;
+using EnvelopeGenerator.Application.DocStatus.Commands;
+using Newtonsoft.Json;
 
 namespace EnvelopeGenerator.Web.Controllers;
 
@@ -47,34 +50,25 @@ public class EnvelopeController : BaseController
     [Authorize(Roles = ReceiverRole.FullyAuth)]
     [HttpPost("{envelopeKey}")]
     [Obsolete("Use MediatR")]
-    public async Task<IActionResult> Update(string envelopeKey, int index)
+    public async Task<IActionResult> CreateOrUpdate([FromRoute] string envelopeKey, int index, [FromBody] ExpandoObject annotations, CancellationToken cancel = default)
     {
-        envelopeKey = _urlEncoder.Encode(envelopeKey);
-
-        var authSignature = User.GetAuthReceiverSignature();
-
-        if (authSignature != envelopeKey.GetReceiverSignature())
-            return Unauthorized();
-
-        EnvelopeReceiver response = await envelopeService.LoadEnvelope(envelopeKey);
+        // get claims
+        var signature = User.GetAuthReceiverSignature();
+        var uuid = User.GetAuthEnvelopeUuid();
 
-        // Again check if receiver has already signed
-        if (envelopeService.ReceiverAlreadySigned(response.Envelope, response.Receiver.Id) == true)
+        if (signature is null || uuid is null)
         {
-            return Problem(statusCode: 403);
+            _logger.LogError("Authorization failed: authenticated user does not have a valid signature or envelope UUID.");
+            return Unauthorized("User authentication is incomplete. Missing required claims for processing this request.");
         }
 
-        var document = envelopeService.GetDocument(index, envelopeKey);
+        // Again check if receiver has already signed
+        if (await _mediator.IsSignedAsync(uuid, signature, cancel))
+            return Problem(statusCode: 403);
 
-        string? annotationData = await envelopeService.EnsureValidAnnotationData(Request);
+        await _mediator.SignDocAsync(uuid, signature, JsonConvert.SerializeObject(annotations), cancel);
 
-        envelopeService.InsertDocumentStatus(new Domain.Entities.DocumentStatus()
-        {
-            EnvelopeId = response.Envelope.Id,
-            ReceiverId = response.Receiver.Id,
-            Value = annotationData,
-            Status = Constants.DocumentStatus.Signed
-        });
+        EnvelopeReceiver response = await envelopeService.LoadEnvelope(envelopeKey);
 
         var signResult = actionService?.SignEnvelope(response.Envelope, ReceiverVM.From(response));
 
diff --git a/EnvelopeGenerator.Web/wwwroot/js/app.js b/EnvelopeGenerator.Web/wwwroot/js/app.js
index b2120eca..247936ce 100644
--- a/EnvelopeGenerator.Web/wwwroot/js/app.js
+++ b/EnvelopeGenerator.Web/wwwroot/js/app.js
@@ -277,7 +277,6 @@ class App {
                 try {
                     const json = await iJSON
                     const postEnvelopeResult = await this.Network.postEnvelope(
-                        this.envelopeKey,
                         this.currentDocument.id,
                         json
                     )
diff --git a/EnvelopeGenerator.Web/wwwroot/js/network.js b/EnvelopeGenerator.Web/wwwroot/js/network.js
index c3c53dc5..014a9707 100644
--- a/EnvelopeGenerator.Web/wwwroot/js/network.js
+++ b/EnvelopeGenerator.Web/wwwroot/js/network.js
@@ -15,8 +15,8 @@
      * @param {any} documentId
      * @param {any} json
      */
-    async postEnvelope(envelopeKey, documentId, json) {
-        return this.postRequest(`/api/envelope/${envelopeKey}?index=${documentId}`, json)
+    async postEnvelope(documentId, json) {
+        return this.postRequest(`/api/envelope?index=${documentId}`, json)
             .then(this.wrapJsonResponse.bind(this))
     }