diff --git a/EnvelopeGenerator.API/Documentation/AuthProxyDocumentFilter.cs b/EnvelopeGenerator.API/Documentation/AuthProxyDocumentFilter.cs
index d4ae7480..8cb9c6c0 100644
--- a/EnvelopeGenerator.API/Documentation/AuthProxyDocumentFilter.cs
+++ b/EnvelopeGenerator.API/Documentation/AuthProxyDocumentFilter.cs
@@ -16,6 +16,12 @@ public sealed class AuthProxyDocumentFilter : IDocumentFilter
///
///
public void Apply(OpenApiDocument swaggerDoc, DocumentFilterContext context)
+ {
+ AddLoginOperation(swaggerDoc, context);
+ AddEnvelopeReceiverLoginOperation(swaggerDoc, context);
+ }
+
+ private static void AddLoginOperation(OpenApiDocument swaggerDoc, DocumentFilterContext context)
{
const string path = "/api/auth";
@@ -67,4 +73,51 @@ public sealed class AuthProxyDocumentFilter : IDocumentFilter
}
};
}
+
+ private static void AddEnvelopeReceiverLoginOperation(OpenApiDocument swaggerDoc, DocumentFilterContext context)
+ {
+ const string path = "/api/Auth/envelope-receiver/{key}";
+
+ var bodySchema = context.SchemaGenerator.GenerateSchema(typeof(EnvelopeReceiverLogin), context.SchemaRepository);
+
+ var operation = new OpenApiOperation
+ {
+ Summary = "Envelope receiver login (auth-hub proxy)",
+ Description = "Proxies the envelope receiver login to the auth service. " +
+ "The `cookie` query parameter is always forwarded as `true` so the auth service sets the per-envelope cookie automatically.",
+ Tags = [new() { Name = "Auth" }],
+ Parameters =
+ {
+ new OpenApiParameter
+ {
+ Name = "key",
+ In = ParameterLocation.Path,
+ Required = true,
+ Schema = new OpenApiSchema { Type = "string" },
+ Description = "The unique envelope receiver key."
+ }
+ },
+ RequestBody = new OpenApiRequestBody
+ {
+ Required = false,
+ Content =
+ {
+ ["multipart/form-data"] = new OpenApiMediaType { Schema = bodySchema }
+ }
+ },
+ Responses =
+ {
+ ["200"] = new OpenApiResponse { Description = "OK – per-envelope cookie set by auth service." },
+ ["401"] = new OpenApiResponse { Description = "Unauthorized – invalid or missing access code." }
+ }
+ };
+
+ swaggerDoc.Paths[path] = new OpenApiPathItem
+ {
+ Operations =
+ {
+ [OperationType.Post] = operation
+ }
+ };
+ }
}
\ No newline at end of file
diff --git a/EnvelopeGenerator.API/Models/EnvelopeReceiverLogin.cs b/EnvelopeGenerator.API/Models/EnvelopeReceiverLogin.cs
new file mode 100644
index 00000000..fa53ec61
--- /dev/null
+++ b/EnvelopeGenerator.API/Models/EnvelopeReceiverLogin.cs
@@ -0,0 +1,7 @@
+namespace EnvelopeGenerator.API.Models;
+
+///
+/// Request body for the envelope-receiver login endpoint.
+///
+/// The access code sent to the receiver.
+public record EnvelopeReceiverLogin(string? AccessCode = null);
diff --git a/EnvelopeGenerator.API/yarp.json b/EnvelopeGenerator.API/yarp.json
index dc38a955..cd16812a 100644
--- a/EnvelopeGenerator.API/yarp.json
+++ b/EnvelopeGenerator.API/yarp.json
@@ -10,6 +10,17 @@
"Transforms": [
{ "PathSet": "/api/auth/sign-flow" }
]
+ },
+ "auth-envelope-receiver-login": {
+ "ClusterId": "auth-hub",
+ "Match": {
+ "Path": "/api/Auth/envelope-receiver/{key}",
+ "Methods": [ "POST" ]
+ },
+ "Transforms": [
+ { "PathPattern": "/api/auth/envelope-receiver/{key}" },
+ { "QueryValueParameter": "cookie", "Set": "true" }
+ ]
}
},
"Clusters": {