Add YARP reverse proxy for auth request forwarding

Added the `Yarp.ReverseProxy` package and configured the app to use
YARP for forwarding specific authentication-related API requests
to an external service (`auth-hub`). Updated `Program.cs` to load
YARP configuration from a new `yarp.json` file and added middleware
to map unmatched requests to the reverse proxy.

Replaced old routes and clusters with new routes (`auth-login`,
`auth-envelope-receiver-login`) and a new cluster (`auth-hub`)
pointing to `https://localhost:9090`. Configured route
transformations for path and query parameter adjustments.

These changes improve modularity and scalability by enabling
dynamic reverse proxy configuration and external service
integration.

EnvelopeGenerator.Server/EnvelopeGenerator.Server/EnvelopeGenerator.Server.csproj

@@ -42,6 +42,7 @@
     <PackageReference Include="System.DirectoryServices" Version="8.0.0" />
     <PackageReference Include="System.DirectoryServices.AccountManagement" Version="8.0.1" />
     <PackageReference Include="System.DirectoryServices.Protocols" Version="8.0.1" />
+    <PackageReference Include="Yarp.ReverseProxy" Version="2.3.0" />
   </ItemGroup>
 
   <ItemGroup>

EnvelopeGenerator.Server/EnvelopeGenerator.Server/Program.cs

@@ -32,6 +32,9 @@ try
 {
     var builder = WebApplication.CreateBuilder(args);
 
+    // Load YARP configuration from yarp.json
+    builder.Configuration.AddJsonFile("yarp.json", optional: true, reloadOnChange: true);
+
     builder.Logging.SetMinimumLevel(Microsoft.Extensions.Logging.LogLevel.Trace);
 
     if (!builder.Environment.IsDevelopment())
@@ -53,6 +56,10 @@ try
     builder.Services.AddControllers();
     builder.Services.AddHttpClient();
 
+    // YARP Reverse Proxy (for forwarding auth requests to AuthHub)
+    builder.Services.AddReverseProxy()
+        .LoadFromConfig(builder.Configuration.GetSection("ReverseProxy"));
+
     // HttpContextAccessor needed for SSR HttpClient configuration
     builder.Services.AddHttpContextAccessor();
 
@@ -370,6 +377,9 @@ try
     // API Controllers (map before Blazor routing)
     app.MapControllers();
 
+    // YARP Reverse Proxy - forwards unmatched requests to configured backends
+    app.MapReverseProxy();
+
     // Blazor routing
     app.MapRazorComponents<App>()
         .AddInteractiveServerRenderMode()

EnvelopeGenerator.Server/EnvelopeGenerator.Server/yarp.json

@@ -1,39 +1,39 @@
 {
   "ReverseProxy": {
     "Routes": {
-      "api-route": {
-        "ClusterId": "api-cluster",
+      "auth-login": {
+        "ClusterId": "auth-hub",
         "Match": {
-          "Path": "/api/{**catch-all}"
-        }
+          "Path": "/api/auth",
+          "Methods": [ "POST" ]
+        },
+        "Transforms": [
+          { "PathSet": "/api/auth/sign-flow" }
+        ]
       },
-      "swagger-route": {
-        "ClusterId": "api-cluster",
+      "auth-envelope-receiver-login": {
+        "ClusterId": "auth-hub",
         "Match": {
-          "Path": "/swagger/{**catch-all}"
-        }
-      },
-      "openapi-route": {
-        "ClusterId": "api-cluster",
-        "Match": {
-          "Path": "/openapi/{**catch-all}"
-        }
-      },
-      "scalar-route": {
-        "ClusterId": "api-cluster",
-        "Match": {
-          "Path": "/scalar/{**catch-all}"
-        }
+          "Path": "/api/Auth/envelope-receiver/{key}",
+          "Methods": [ "POST" ]
+        },
+        "Transforms": [
+          { "PathPattern": "/api/auth/envelope-receiver/{key}" },
+          {
+            "QueryValueParameter": "cookie",
+            "Set": "true"
+          }
+        ]
       }
     },
     "Clusters": {
-      "api-cluster": {
+      "auth-hub": {
         "Destinations": {
-          "api-destination": {
-            "Address": "https://localhost:8088"
+          "primary": {
+            "Address": "https://localhost:9090"
           }
         }
       }
     }
   }
-}
+}