Add Swagger doc filter for /api/auth proxy login endpoint

Introduced AuthProxyDocumentFilter to programmatically document the POST /api/auth proxy login endpoint in Swagger. The filter defines request body schemas, example values, query parameter, and response codes. Registered the filter in Program.cs for OpenAPI generation.

EnvelopeGenerator.API/Controllers/AnnotationController.cs

@@ -0,0 +1,118 @@
+using DigitalData.Core.Abstraction.Application.DTO;
+using DigitalData.Core.Exceptions;
+using EnvelopeGenerator.Application.Common.Extensions;
+using EnvelopeGenerator.Application.Common.Interfaces.Services;
+using EnvelopeGenerator.Application.Common.Notifications.DocSigned;
+using EnvelopeGenerator.Application.EnvelopeReceivers.Queries;
+using EnvelopeGenerator.Application.Histories.Queries;
+using EnvelopeGenerator.Domain.Constants;
+using EnvelopeGenerator.API.Extensions;
+using MediatR;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace EnvelopeGenerator.API.Controllers;
+
+/// <summary>
+/// Manages annotations and signature lifecycle for envelopes.
+/// </summary>
+[Authorize(Roles = Role.Receiver.FullyAuth)]
+[ApiController]
+[Route("api/[controller]")]
+public class AnnotationController : ControllerBase
+{
+    [Obsolete("Use MediatR")]
+    private readonly IEnvelopeHistoryService _historyService;
+
+    [Obsolete("Use MediatR")]
+    private readonly IEnvelopeReceiverService _envelopeReceiverService;
+
+    private readonly IMediator _mediator;
+
+    private readonly ILogger<AnnotationController> _logger;
+
+    /// <summary>
+    /// Initializes a new instance of <see cref="AnnotationController"/>.
+    /// </summary>
+    [Obsolete("Use MediatR")]
+    public AnnotationController(
+        ILogger<AnnotationController> logger,
+        IEnvelopeHistoryService envelopeHistoryService,
+        IEnvelopeReceiverService envelopeReceiverService,
+        IMediator mediator)
+    {
+        _historyService = envelopeHistoryService;
+        _envelopeReceiverService = envelopeReceiverService;
+        _mediator = mediator;
+        _logger = logger;
+    }
+
+    /// <summary>
+    /// Creates or updates annotations for the authenticated envelope receiver.
+    /// </summary>
+    /// <param name="psPdfKitAnnotation">Annotation payload.</param>
+    /// <param name="cancel">Cancellation token.</param>
+    [Authorize(Roles = Role.Receiver.FullyAuth)]
+    [HttpPost]
+    [Obsolete("PSPDF Kit will no longer be used.")]
+    public async Task<IActionResult> CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default)
+    {
+        var signature = User.GetReceiverSignatureOfReceiver();
+        var uuid = User.GetEnvelopeUuidOfReceiver();
+
+        var envelopeReceiver = await _mediator.ReadEnvelopeReceiverAsync(uuid, signature, cancel).ThrowIfNull(Exceptions.NotFound);
+
+        if (!envelopeReceiver.Envelope!.ReadOnly && psPdfKitAnnotation is null)
+            return BadRequest();
+
+        if (await _mediator.IsSignedAsync(uuid, signature, cancel))
+            return Problem(statusCode: StatusCodes.Status409Conflict);
+        else if (await _mediator.AnyHistoryAsync(uuid, new[] { EnvelopeStatus.EnvelopeRejected, EnvelopeStatus.DocumentRejected }, cancel))
+            return Problem(statusCode: StatusCodes.Status423Locked);
+
+        var docSignedNotification = await _mediator
+            .ReadEnvelopeReceiverAsync(uuid, signature, cancel)
+            .ToDocSignedNotification(psPdfKitAnnotation)
+            ?? throw new NotFoundException("Envelope receiver is not found.");
+
+        await _mediator.PublishSafely(docSignedNotification, cancel);
+        await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+
+        return Ok();
+    }
+
+    /// <summary>
+    /// Rejects the document for the current receiver.
+    /// </summary>
+    /// <param name="reason">Optional rejection reason.</param>
+    [Authorize(Roles = Role.Receiver.FullyAuth)]
+    [HttpPost("reject")]
+    [Obsolete("Use MediatR")]
+    public async Task<IActionResult> Reject([FromBody] string? reason = null)
+    {
+        var signature = User.GetReceiverSignatureOfReceiver();
+        var uuid = User.GetEnvelopeUuidOfReceiver();
+        var mail = User.GetReceiverMailOfReceiver();
+
+        var envRcvRes = await _envelopeReceiverService.ReadByUuidSignatureAsync(uuid: uuid, signature: signature);
+
+        if (envRcvRes.IsFailed)
+        {
+            _logger.LogNotice(envRcvRes.Notices);
+            return Unauthorized("you are not authorized");
+        }
+
+        var histRes = await _historyService.RecordAsync(envRcvRes.Data.EnvelopeId, userReference: mail, EnvelopeStatus.DocumentRejected, comment: reason);
+        if (histRes.IsSuccess)
+        {
+            await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+            return NoContent();
+        }
+
+        _logger.LogEnvelopeError(uuid: uuid, signature: signature, message: "Unexpected error happened in api/envelope/reject");
+        _logger.LogNotice(histRes.Notices);
+        return StatusCode(500, histRes.Messages);
+    }
+}

EnvelopeGenerator.API/Controllers/AuthController.cs

@@ -0,0 +1,59 @@
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using EnvelopeGenerator.API.Models;
+
+namespace EnvelopeGenerator.API.Controllers;
+
+/// <summary>
+/// Controller verantwortlich für die Benutzer-Authentifizierung, einschließlich Anmelden, Abmelden und Überprüfung des Authentifizierungsstatus.
+/// </summary>
+/// <param name="logger"></param>
+[Route("api/[controller]")]
+[ApiController]
+public partial class AuthController(ILogger<AuthController> logger) : ControllerBase
+{
+
+    /// <summary>
+    /// Entfernt das Authentifizierungs-Cookie des Benutzers (AuthCookie)
+    /// </summary>
+    /// <returns>
+    /// Gibt eine HTTP 200 oder 401.
+    /// </returns>
+    /// <remarks>
+    /// Sample request:
+    ///
+    ///     POST /api/auth/logout
+    ///
+    /// </remarks>
+    /// <response code="200">Erfolgreich gelöscht, wenn der Benutzer ein berechtigtes Cookie hat.</response>
+    /// <response code="401">Wenn es kein zugelassenes Cookie gibt, wird „nicht zugelassen“ zurückgegeben.</response>
+    [ProducesResponseType(typeof(string), StatusCodes.Status200OK, "text/javascript")]
+    [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
+    [Authorize]
+    [HttpPost("logout")]
+    public async Task<IActionResult> Logout()
+    {
+        await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+        return Ok();
+    }
+
+    /// <summary>
+    /// Prüft, ob der Benutzer ein autorisiertes Token hat.
+    /// </summary>
+    /// <returns>Wenn ein autorisiertes Token vorhanden ist HTTP 200 asynchron 401</returns>
+    /// <remarks>
+    /// Sample request:
+    ///
+    ///     GET /api/auth
+    ///
+    /// </remarks>
+    /// <response code="200">Wenn es einen autorisierten Cookie gibt.</response>
+    /// <response code="401">Wenn kein Cookie vorhanden ist oder nicht autorisierte.</response>
+    [ProducesResponseType(typeof(string), StatusCodes.Status200OK, "text/javascript")]
+    [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
+    [Authorize]
+    [HttpGet]
+    public IActionResult IsAuthenticated() => Ok();
+}

EnvelopeGenerator.API/Controllers/ConfigController.cs

@@ -0,0 +1,30 @@
+using EnvelopeGenerator.API.Models.PsPdfKitAnnotation;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Options;
+
+namespace EnvelopeGenerator.API.Controllers;
+
+/// <summary>
+/// Exposes configuration data required by the client applications.
+/// </summary>
+/// <remarks>
+/// Initializes a new instance of <see cref="ConfigController"/>.
+/// </remarks>
+[Route("api/[controller]")]
+[ApiController]
+[Authorize]
+public class ConfigController(IOptionsMonitor<AnnotationParams> annotationParamsOptions) : ControllerBase
+{
+    private readonly AnnotationParams _annotationParams = annotationParamsOptions.CurrentValue;
+
+    /// <summary>
+    /// Returns annotation configuration that was previously rendered by MVC.
+    /// </summary>
+    [HttpGet("Annotations")]
+    [Obsolete("PSPDF Kit will no longer be used.")]
+    public IActionResult GetAnnotationParams()
+    {
+        return Ok(_annotationParams.AnnotationJSObject);
+    }
+}

EnvelopeGenerator.API/Controllers/DocumentController.cs

@@ -0,0 +1,57 @@
+using EnvelopeGenerator.API.Extensions;
+using EnvelopeGenerator.Application.Documents.Queries;
+using EnvelopeGenerator.Domain.Constants;
+using MediatR;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace EnvelopeGenerator.API.Controllers;
+
+/// <summary>
+/// Provides access to envelope documents for authenticated receivers.
+/// </summary>
+/// <remarks>
+/// Initializes a new instance of the <see cref="DocumentController"/> class.
+/// </remarks>
+[Authorize]
+[ApiController]
+[Route("api/[controller]")]
+public class DocumentController(IMediator mediator, ILogger<DocumentController> logger) : ControllerBase
+{
+    /// <summary>
+    /// Returns the document bytes receiver.
+    /// </summary>
+    /// <param name="query">Encoded envelope key.</param>
+    /// <param name="cancel">Cancellation token.</param>
+    [HttpGet]
+    [Authorize(Roles = $"{Role.Sender},{Role.Receiver.FullyAuth}")]
+    public async Task<IActionResult> GetDocument(CancellationToken cancel, [FromQuery] ReadDocumentQuery? query = null)
+    {
+        // Sender: expects query with envelope key
+        if (User.IsInRole(Role.Sender))
+        {
+            if (query is null)
+                return BadRequest("Missing document query.");
+
+            var senderDoc = await mediator.Send(query, cancel);
+            return senderDoc.ByteData is byte[] senderDocByte
+                ? File(senderDocByte, "application/octet-stream")
+                : NotFound("Document is empty.");
+        }
+
+        // Receiver: resolve envelope id from claims
+        if (User.IsInRole(Role.Receiver.FullyAuth))
+        {           
+            if (query is not null)
+                return BadRequest("Query parameters are not allowed for receiver role.");
+
+            var envelopeId = User.GetEnvelopeIdOfReceiver();
+            var receiverDoc = await mediator.Send(new ReadDocumentQuery { EnvelopeId = envelopeId }, cancel);
+            return receiverDoc.ByteData is byte[] receiverDocByte
+                ? File(receiverDocByte, "application/octet-stream")
+                : NotFound("Document is empty.");
+        }
+
+        return Unauthorized();
+    }
+}

EnvelopeGenerator.API/Controllers/EmailTemplateController.cs

@@ -7,12 +7,12 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using MediatR;
 using System.Threading.Tasks;
-using DigitalData.UserManager.Application.Services;
-using DigitalData.Core.Exceptions;
 using EnvelopeGenerator.Application.Common.Dto;
-using EnvelopeGenerator.Application.Common.Interfaces.Repositories;
+using DigitalData.Core.Abstraction.Application.Repository;
+using EnvelopeGenerator.Domain.Entities;
+using Microsoft.EntityFrameworkCore;
 
-namespace EnvelopeGenerator.GeneratorAPI.Controllers;
+namespace EnvelopeGenerator.API.Controllers;
 
 /// <summary>
 /// Controller for managing temp templates.
@@ -23,12 +23,9 @@ namespace EnvelopeGenerator.GeneratorAPI.Controllers;
 [Authorize]
 public class EmailTemplateController : ControllerBase
 {
-    private readonly ILogger<EmailTemplateController> _logger;
-
     private readonly IMapper _mapper;
 
-    [Obsolete("Use IRepository")]
-    private readonly IEmailTemplateRepository _repository;
+    private readonly IRepository<EmailTemplate> _repository;
 
     private readonly IMediator _mediator;
 
@@ -39,12 +36,11 @@ public class EmailTemplateController : ControllerBase
     /// <param name="repository">
     /// Die AutoMapper-Instanz, die zum Zuordnen von Objekten verwendet wird.
     /// </param>
-    [Obsolete("Use IRepository")]
-    public EmailTemplateController(IMapper mapper, IEmailTemplateRepository repository, ILogger<EmailTemplateController> logger, IMediator mediator)
+    [Obsolete("Use MediatR")]
+    public EmailTemplateController(IMapper mapper, IRepository<EmailTemplate> repository, IMediator mediator)
     {
         _mapper = mapper;
         _repository = repository;
-        _logger = logger;
         _mediator = mediator;
     }
 
@@ -67,7 +63,7 @@ public class EmailTemplateController : ControllerBase
     {
         if (emailTemplate is null || (emailTemplate.Id is null && emailTemplate.Type is null))
         {
-            var temps = await _repository.ReadAllAsync();
+            var temps = await _repository.Query.ToListAsync();
             return Ok(_mapper.Map<IEnumerable<EmailTemplateDto>>(temps));
         }
         else

EnvelopeGenerator.API/Controllers/EnvelopeController.cs

@@ -0,0 +1,111 @@
+using EnvelopeGenerator.API.Extensions;
+using EnvelopeGenerator.Application.Envelopes.Commands;
+using EnvelopeGenerator.Application.Envelopes.Queries;
+using MediatR;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Newtonsoft.Json;
+
+namespace EnvelopeGenerator.API.Controllers;
+
+/// <summary>
+/// Dieser Controller stellt Endpunkte für die Verwaltung von Umschlägen bereit.
+/// </summary>
+/// <remarks>
+/// Die API ermöglicht das Abrufen und Verwalten von Umschlägen basierend auf Benutzerinformationen und Statusfiltern.
+/// 
+/// Mögliche Antworten:
+/// - 200 OK: Die Anfrage war erfolgreich, und die angeforderten Daten werden zurückgegeben.
+/// - 400 Bad Request: Die Anfrage war fehlerhaft oder unvollständig.
+/// - 401 Unauthorized: Der Benutzer ist nicht authentifiziert.
+/// - 403 Forbidden: Der Benutzer hat keine Berechtigung, auf die Ressource zuzugreifen.
+/// - 404 Not Found: Die angeforderte Ressource wurde nicht gefunden.
+/// - 500 Internal Server Error: Ein unerwarteter Fehler ist aufgetreten.
+/// </remarks>
+[Route("api/[controller]")]
+[ApiController]
+[Authorize]
+public class EnvelopeController : ControllerBase
+{
+    private readonly ILogger<EnvelopeController> _logger;
+    private readonly IMediator _mediator;
+
+    /// <summary>
+    /// Erstellt eine neue Instanz des EnvelopeControllers.
+    /// </summary>
+    /// <param name="logger">Der Logger, der für das Protokollieren von Informationen verwendet wird.</param>
+    /// <param name="mediator"></param>
+    public EnvelopeController(ILogger<EnvelopeController> logger, IMediator mediator)
+    {
+        _logger = logger;
+        _mediator = mediator;
+    }
+
+    /// <summary>
+    /// Ruft eine Liste von Umschlägen basierend auf dem Benutzer und den angegebenen Statusfiltern ab.
+    /// </summary>
+    /// <param name="envelope"></param>
+    /// <returns>Eine IActionResult-Instanz, die die abgerufenen Umschläge oder einen Fehlerstatus enthält.</returns>
+    /// <response code="200">Die Anfrage war erfolgreich, und die Umschläge werden zurückgegeben.</response>
+    /// <response code="400">Die Anfrage war fehlerhaft oder unvollständig.</response>
+    /// <response code="401">Der Benutzer ist nicht authentifiziert.</response>
+    /// <response code="403">Der Benutzer hat keine Berechtigung, auf die Ressource zuzugreifen.</response>
+    /// <response code="500">Ein unerwarteter Fehler ist aufgetreten.</response>
+    [Authorize]
+    [HttpGet]
+    public async Task<IActionResult> GetAsync([FromQuery] ReadEnvelopeQuery envelope)
+    {
+        var result = await _mediator.Send(envelope.Authorize(User.GetId()));
+        return result.Any() ? Ok(result) : NotFound();
+    }
+
+    /// <summary>
+    /// Ruft das Ergebnis eines Dokuments basierend auf der ID ab.
+    /// </summary>
+    /// <param name="query"></param>
+    /// <param name="view">Gibt an, ob das Dokument inline angezeigt werden soll (true) oder als Download bereitgestellt wird (false).</param>
+    /// <returns>Eine IActionResult-Instanz, die das Dokument oder einen Fehlerstatus enthält.</returns>
+    /// <response code="200">Das Dokument wurde erfolgreich abgerufen.</response>
+    /// <response code="404">Das Dokument wurde nicht gefunden oder ist nicht verfügbar.</response>
+    /// <response code="500">Ein unerwarteter Fehler ist aufgetreten.</response>
+    [HttpGet("doc-result")]
+    public async Task<IActionResult> GetDocResultAsync([FromQuery] ReadEnvelopeQuery query, [FromQuery] bool view = false)
+    {
+        var envelopes = await _mediator.Send(query.Authorize(User.GetId()));
+        var envelope = envelopes.FirstOrDefault();
+
+        if (envelope is null)
+            return NotFound("Envelope not available.");
+        if (envelope.DocResult is null)
+            return NotFound("The document has not been fully signed or the result has not yet been released.");
+
+        if (view)
+        {
+            Response.Headers.Append("Content-Disposition", "inline; filename=\"" + envelope.Uuid + ".pdf\"");
+            return File(envelope.DocResult, "application/pdf");
+        }
+
+        return File(envelope.DocResult, "application/pdf", $"{envelope.Uuid}.pdf");
+    }
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="command"></param>
+    /// <returns></returns>
+    [NonAction]
+    [Authorize]
+    [HttpPost]
+    public async Task<IActionResult> CreateAsync([FromBody] CreateEnvelopeCommand command)
+    {
+        var res = await _mediator.Send(command.Authorize(User.GetId()));
+
+        if (res is null)
+        {
+            _logger.LogError("Failed to create envelope. Envelope details: {EnvelopeDetails}", JsonConvert.SerializeObject(command));
+            return StatusCode(StatusCodes.Status500InternalServerError);
+        }
+        else
+            return Ok(res);
+    }
+}

EnvelopeGenerator.API/Controllers/EnvelopeReceiverController.cs

@@ -1,25 +1,21 @@
 using AutoMapper;
-using DigitalData.Core.Abstraction.Application.DTO;
 using EnvelopeGenerator.Application.EnvelopeReceivers.Commands;
 using EnvelopeGenerator.Application.EnvelopeReceivers.Queries;
 using EnvelopeGenerator.Application.Envelopes.Queries;
 using EnvelopeGenerator.Domain.Entities;
-using EnvelopeGenerator.GeneratorAPI.Models;
+using EnvelopeGenerator.API.Models;
 using MediatR;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Data.SqlClient;
 using Microsoft.Extensions.Options;
 using System.Data;
-using System.Reflection.Metadata;
-using EnvelopeGenerator.Domain;
-using EnvelopeGenerator.Domain.Constants;
 using EnvelopeGenerator.Application.Common.SQL;
 using EnvelopeGenerator.Application.Common.Dto.Receiver;
-using EnvelopeGenerator.Application.Common.Interfaces.Services;
 using EnvelopeGenerator.Application.Common.Interfaces.SQLExecutor;
+using EnvelopeGenerator.API.Extensions;
 
-namespace EnvelopeGenerator.GeneratorAPI.Controllers;
+namespace EnvelopeGenerator.API.Controllers;
 
 /// <summary>
 /// Controller für die Verwaltung von Umschlagempfängern.
@@ -33,38 +29,19 @@ namespace EnvelopeGenerator.GeneratorAPI.Controllers;
 public class EnvelopeReceiverController : ControllerBase
 {
     private readonly ILogger<EnvelopeReceiverController> _logger;
-
-    [Obsolete("Use MediatR")]
-    private readonly IEnvelopeReceiverService _erService;
-
     private readonly IMediator _mediator;
-
     private readonly IMapper _mapper;
-
     private readonly IEnvelopeExecutor _envelopeExecutor;
-
     private readonly IEnvelopeReceiverExecutor _erExecutor;
-
     private readonly IDocumentExecutor _documentExecutor;
-
     private readonly string _cnnStr;
 
     /// <summary>
     /// Konstruktor für den EnvelopeReceiverController.
     /// </summary>
-    /// <param name="logger">Logger-Instanz zur Protokollierung von Informationen und Fehlern.</param>
-    /// <param name="envelopeReceiverService">Service zur Verwaltung von Umschlagempfängern.</param>
-    /// <param name="mediator">Mediator-Instanz zur Verarbeitung von Befehlen und Abfragen.</param>
-    /// <param name="mapper"></param>
-    /// <param name="envelopeExecutor"></param>
-    /// <param name="erExecutor"></param>
-    /// <param name="documentExecutor"></param>
-    /// <param name="csOpt"></param>
-    [Obsolete("Use MediatR")]
-    public EnvelopeReceiverController(ILogger<EnvelopeReceiverController> logger, IEnvelopeReceiverService envelopeReceiverService, IMediator mediator, IMapper mapper, IEnvelopeExecutor envelopeExecutor, IEnvelopeReceiverExecutor erExecutor, IDocumentExecutor documentExecutor, IOptions<ConnectionString> csOpt)
+    public EnvelopeReceiverController(ILogger<EnvelopeReceiverController> logger, IMediator mediator, IMapper mapper, IEnvelopeExecutor envelopeExecutor, IEnvelopeReceiverExecutor erExecutor, IDocumentExecutor documentExecutor, IOptions<ConnectionString> csOpt)
     {
         _logger = logger;
-        _erService = envelopeReceiverService;
         _mediator = mediator;
         _mapper = mapper;
         _envelopeExecutor = envelopeExecutor;
@@ -87,32 +64,13 @@ public class EnvelopeReceiverController : ControllerBase
     /// <response code="500">Ein unerwarteter Fehler ist aufgetreten.</response>
     [Authorize]
     [HttpGet]
-    [Obsolete("Use MediatR")]
     public async Task<IActionResult> GetEnvelopeReceiver([FromQuery] ReadEnvelopeReceiverQuery envelopeReceiver)
     {
-        var username = User.GetUsernameOrDefault();
+        envelopeReceiver = envelopeReceiver with { Username = User.GetUsername() };
 
-        if (username is null)
-        {
-            _logger.LogError(@"Envelope Receiver dto cannot be sent because username claim is null. Potential authentication and authorization error. The value of other claims are [id: {id}], [username: {username}], [name: {name}], [prename: {prename}], [email: {email}].",
-                User.GetId(), User.GetUsernameOrDefault(), User.GetNameOrDefault(), User.GetPrenameOrDefault(), User.GetEmailOrDefault());
-            return StatusCode(StatusCodes.Status500InternalServerError);
-        }
+        var result = await _mediator.Send(envelopeReceiver);
 
-        return await _erService.ReadByUsernameAsync(
-            username: username,
-            min_status: envelopeReceiver.Envelope.Status?.Min,
-            max_status: envelopeReceiver.Envelope.Status?.Max,
-            envelopeQuery: envelopeReceiver.Envelope,
-            receiverQuery: envelopeReceiver.Receiver,
-            ignore_statuses: envelopeReceiver.Envelope.Status?.Ignore ?? Array.Empty<EnvelopeStatus>())
-            .ThenAsync(
-                Success: Ok,
-                Fail: IActionResult (msg, ntc) =>
-                {
-                    _logger.LogNotice(ntc);
-                    return StatusCode(StatusCodes.Status500InternalServerError, msg);
-                });
+        return Ok(result);
     }
 
     /// <summary>
@@ -129,25 +87,17 @@ public class EnvelopeReceiverController : ControllerBase
     /// <response code="500">Ein unerwarteter Fehler ist aufgetreten.</response>
     [Authorize]
     [HttpGet("salute")]
-    [Obsolete("Use MediatR")]
     public async Task<IActionResult> GetReceiverName([FromQuery] ReadReceiverNameQuery receiver)
     {
-        return await _erService.ReadLastUsedReceiverNameByMailAsync(receiver.EmailAddress, receiver.Id, receiver.Signature).ThenAsync(
-                        Success: res => res is null ? NotFound() : Ok(res),
-                        Fail: IActionResult (msg, ntc) =>
-                        {
-                            if (ntc.HasFlag(Flag.NotFound))
-                                return NotFound();
-
-                            _logger.LogNotice(ntc);
-                            return StatusCode(StatusCodes.Status500InternalServerError);
-                        });
+        var name = await _mediator.Send(receiver);
+        return name is null ? NotFound() : Ok(name);
     }
 
     /// <summary>
     /// Datenübertragungsobjekt mit Informationen zu Umschlägen, Empfängern und Unterschriften.
     /// </summary>
     /// <param name="request"></param>
+    /// <param name="cancel"></param>
     /// <returns>HTTP-Antwort</returns>
     /// <remarks>
     /// Sample request:
@@ -183,13 +133,10 @@ public class EnvelopeReceiverController : ControllerBase
     /// <response code="500">Es handelt sich um einen unerwarteten Fehler. Die Protokolle sollten überprüft werden.</response>
     [Authorize]
     [HttpPost]
-    public async Task<IActionResult> CreateAsync([FromBody] CreateEnvelopeReceiverCommand request)
+    public async Task<IActionResult> CreateAsync([FromBody] CreateEnvelopeReceiverCommand request, CancellationToken cancel)
     {
-        CancellationToken cancel = default;
-        int userId = User.GetId();
-
         #region Create Envelope
-        var envelope = await _envelopeExecutor.CreateEnvelopeAsync(userId, request.Title, request.Message, request.TFAEnabled, cancel);
+        var envelope = await _envelopeExecutor.CreateEnvelopeAsync(User.GetId(), request.Title, request.Message, request.TFAEnabled, cancel);
         #endregion
 
         #region Add receivers
@@ -270,18 +217,14 @@ public class EnvelopeReceiverController : ControllerBase
         using (SqlConnection conn = new(_cnnStr))
         {
             conn.Open();
-            var formattedSQL_hist = string.Format(sql_hist, envelope.Uuid.ToSqlParam(), 1003.ToSqlParam(), userId.ToSqlParam());
-            using (SqlCommand cmd = new SqlCommand(formattedSQL_hist, conn))
-            {
-                cmd.CommandType = CommandType.Text;
+            var formattedSQL_hist = string.Format(sql_hist, envelope.Uuid.ToSqlParam(), 1003.ToSqlParam(), User.GetId().ToSqlParam());
+            using SqlCommand cmd = new(formattedSQL_hist, conn);
+            cmd.CommandType = CommandType.Text;
 
-                using (SqlDataReader reader = cmd.ExecuteReader())
-                {
-                    if (reader.Read())
-                    {
-                        bool outSuccess = reader.GetBoolean(0);
-                    }
-                }
+            using SqlDataReader reader = cmd.ExecuteReader();
+            if (reader.Read())
+            {
+                bool outSuccess = reader.GetBoolean(0);
             }
         }
         #endregion

EnvelopeGenerator.API/Controllers/EnvelopeTypeController.cs

@@ -0,0 +1,39 @@
+using MediatR;
+using EnvelopeGenerator.Application.EnvelopeTypes.Queries;
+using Microsoft.AspNetCore.Mvc;
+
+namespace EnvelopeGenerator.GeneratorAPI.Controllers;
+
+/// <summary>
+/// 
+/// </summary>
+[ApiExplorerSettings(IgnoreApi = true)]
+[Route("api/[controller]")]
+[ApiController]
+public class EnvelopeTypeController : ControllerBase
+{
+    private readonly ILogger<EnvelopeTypeController> _logger;
+    private readonly IMediator _mediator;
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="logger"></param>
+    /// <param name="mediator"></param>
+    public EnvelopeTypeController(ILogger<EnvelopeTypeController> logger, IMediator mediator)
+    {
+        _logger = logger;
+        _mediator = mediator;
+    }
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <returns></returns>
+    [HttpGet]
+    public async Task<IActionResult> GetAllAsync()
+    {
+        var result = await _mediator.Send(new ReadEnvelopeTypesQuery());
+        return Ok(result);
+    }
+}

EnvelopeGenerator.API/Controllers/HistoryController.cs

@@ -6,7 +6,7 @@ using EnvelopeGenerator.Application.Histories.Queries;
 using EnvelopeGenerator.Domain.Constants;
 using EnvelopeGenerator.Application.Common.Extensions;
 
-namespace EnvelopeGenerator.GeneratorAPI.Controllers;
+namespace EnvelopeGenerator.API.Controllers;
 
 /// <summary>
 /// Dieser Controller stellt Endpunkte für den Zugriff auf die Umschlaghistorie bereit.
@@ -113,6 +113,6 @@ public class HistoryController : ControllerBase
     public async Task<IActionResult> GetAllAsync([FromQuery] ReadHistoryQuery historyQuery, CancellationToken cancel)
     {
         var history = await _mediator.Send(historyQuery, cancel).ThrowIfEmpty(Exceptions.NotFound);
-        return Ok((historyQuery.OnlyLast ?? false) ? history.MaxBy(h => h.AddedWhen) : history);
+        return Ok((historyQuery.OnlyLast) ? history.MaxBy(h => h.AddedWhen) : history);
     }
 }

EnvelopeGenerator.API/Controllers/LocalizationController.cs

@@ -1,12 +1,12 @@
 using DigitalData.Core.API;
 using EnvelopeGenerator.Application.Resources;
-using EnvelopeGenerator.CommonServices;
 using Microsoft.AspNetCore.Localization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Localization;
+using EnvelopeGenerator.Application.Resources;
 
-namespace EnvelopeGenerator.GeneratorAPI.Controllers;
+namespace EnvelopeGenerator.API.Controllers;
 
 /// <summary>
 /// Controller für die Verwaltung der Lokalisierung und Spracheinstellungen.
@@ -19,7 +19,7 @@ public class LocalizationController : ControllerBase
     private static readonly Guid L_KEY = Guid.NewGuid();
 
     private readonly ILogger<LocalizationController> _logger;
-    private readonly IStringLocalizer<Model> _mLocalizer;
+    private readonly IStringLocalizer<Resource> _mLocalizer;
     private readonly IStringLocalizer<Resource> _localizer;
     private readonly IMemoryCache _cache;
 
@@ -34,7 +34,7 @@ public class LocalizationController : ControllerBase
         ILogger<LocalizationController> logger,
         IStringLocalizer<Resource> localizer,
         IMemoryCache memoryCache,
-        IStringLocalizer<Model> _modelLocalizer)
+        IStringLocalizer<Resource> _modelLocalizer)
     {
         _logger = logger;
         _localizer = localizer;

EnvelopeGenerator.API/Controllers/ReadOnlyController.cs

@@ -0,0 +1,90 @@
+using DigitalData.Core.Abstraction.Application.DTO;
+using EnvelopeGenerator.Application.Common.Dto.EnvelopeReceiverReadOnly;
+using EnvelopeGenerator.Application.Common.Interfaces.Services;
+using EnvelopeGenerator.Domain.Constants;
+using EnvelopeGenerator.API.Extensions;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Newtonsoft.Json;
+
+namespace EnvelopeGenerator.API.Controllers;
+
+/// <summary>
+/// Manages read-only envelope sharing flows.
+/// </summary>
+[Route("api/[controller]")]
+[ApiController]
+public class ReadOnlyController : ControllerBase
+{
+    private readonly ILogger<ReadOnlyController> _logger;
+    private readonly IEnvelopeReceiverReadOnlyService _readOnlyService;
+    private readonly IEnvelopeMailService _mailService;
+    private readonly IEnvelopeHistoryService _historyService;
+
+    /// <summary>
+    /// Initializes a new instance of the <see cref="ReadOnlyController"/> class.
+    /// </summary>
+    public ReadOnlyController(ILogger<ReadOnlyController> logger, IEnvelopeReceiverReadOnlyService readOnlyService, IEnvelopeMailService mailService, IEnvelopeHistoryService historyService)
+    {
+        _logger = logger;
+        _readOnlyService = readOnlyService;
+        _mailService = mailService;
+        _historyService = historyService;
+    }
+
+    /// <summary>
+    /// Creates a new read-only receiver for the current envelope.
+    /// </summary>
+    /// <param name="createDto">Creation payload.</param>
+    [HttpPost]
+    [Authorize(Roles = Role.Receiver.FullyAuth)]
+    public async Task<IActionResult> CreateAsync([FromBody] EnvelopeReceiverReadOnlyCreateDto createDto)
+    {
+        var authReceiverMail = User.GetReceiverMailOfReceiver();
+        if (authReceiverMail is null)
+        {
+            _logger.LogError("EmailAddress claim is not found in envelope-receiver-read-only creation process. Create DTO is:\n {dto}", JsonConvert.SerializeObject(createDto));
+            return Unauthorized();
+        }
+
+        var envelopeId = User.GetEnvelopeIdOfReceiver();
+
+        createDto.AddedWho = authReceiverMail;
+        createDto.EnvelopeId = envelopeId;
+
+        var creationRes = await _readOnlyService.CreateAsync(createDto: createDto);
+
+        if (creationRes.IsFailed)
+        {
+            _logger.LogNotice(creationRes);
+            return StatusCode(StatusCodes.Status500InternalServerError);
+        }
+
+        var readRes = await _readOnlyService.ReadByIdAsync(creationRes.Data.Id);
+        if (readRes.IsFailed)
+        {
+            _logger.LogNotice(creationRes);
+            return StatusCode(StatusCodes.Status500InternalServerError);
+        }
+
+        var newReadOnly = readRes.Data;
+
+        return await _mailService.SendAsync(newReadOnly).ThenAsync<int, IActionResult>(SuccessAsync: async _ =>
+        {
+            var histRes = await _historyService.RecordAsync((int)createDto.EnvelopeId, createDto.AddedWho, EnvelopeStatus.EnvelopeShared);
+            if (histRes.IsFailed)
+            {
+                _logger.LogError("Although the envelope was sent as read-only, the EnvelopeShared history could not be saved. Create DTO:\n{createDto}", JsonConvert.SerializeObject(createDto));
+                _logger.LogNotice(histRes.Notices);
+            }
+
+            return Ok();
+        },
+
+        Fail: (msg, ntc) =>
+        {
+            _logger.LogNotice(ntc);
+            return StatusCode(StatusCodes.Status500InternalServerError);
+        });
+    }
+}

EnvelopeGenerator.API/Controllers/ReceiverController.cs

@@ -0,0 +1,47 @@
+using MediatR;
+using EnvelopeGenerator.Application.Receivers.Queries;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace EnvelopeGenerator.GeneratorAPI.Controllers;
+
+/// <summary>
+/// Controller für die Verwaltung von Empfängern.
+/// </summary>
+/// <remarks>
+/// Dieser Controller bietet Endpunkte für das Abrufen von Empfängern basierend auf E-Mail-Adresse oder Signatur.
+/// </remarks>
+[Route("api/[controller]")]
+[ApiController]
+[Authorize]
+public class ReceiverController : ControllerBase
+{
+    private readonly IMediator _mediator;
+
+    /// <summary>
+    /// Initialisiert eine neue Instanz des <see cref="ReceiverController"/>-Controllers.
+    /// </summary>
+    /// <param name="mediator">Mediator für Anfragen.</param>
+    public ReceiverController(IMediator mediator)
+    {
+        _mediator = mediator;
+    }
+
+    /// <summary>
+    /// Ruft eine Liste von Empfängern ab, basierend auf den angegebenen Abfrageparametern.
+    /// </summary>
+    /// <param name="receiver">Die Abfrageparameter, einschließlich E-Mail-Adresse und Signatur.</param>
+    /// <returns>Eine Liste von Empfängern oder ein Fehlerstatus.</returns>
+    [HttpGet]
+    public async Task<IActionResult> Get([FromQuery] ReadReceiverQuery receiver)
+    {
+        if (!receiver.HasAnyCriteria)
+        {
+            var all = await _mediator.Send(new ReadReceiverQuery());
+            return Ok(all);
+        }
+
+        var result = await _mediator.Send(receiver);
+        return result is null ? NotFound() : Ok(result);
+    }
+}

EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs

@@ -0,0 +1,129 @@
+using DigitalData.Core.Abstraction.Application.DTO;
+using EnvelopeGenerator.Application.Common.Extensions;
+using EnvelopeGenerator.Application.Common.Interfaces.Services;
+using EnvelopeGenerator.Application.Resources;
+using EnvelopeGenerator.Domain.Constants;
+using EnvelopeGenerator.API.Models;
+using Ganss.Xss;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Localization;
+using Microsoft.Extensions.Options;
+
+namespace EnvelopeGenerator.API.Controllers;
+
+/// <summary>
+/// Exposes endpoints for registering and managing two-factor authentication for envelope receivers.
+/// </summary>
+[ApiController]
+[Route("api/tfa")]
+public class TfaRegistrationController : ControllerBase
+{
+    private readonly ILogger<TfaRegistrationController> _logger;
+    private readonly IEnvelopeReceiverService _envelopeReceiverService;
+    private readonly IAuthenticator _authenticator;
+    private readonly IReceiverService _receiverService;
+    private readonly TFARegParams _parameters;
+    private readonly IStringLocalizer<Resource> _localizer;
+
+    /// <summary>
+    /// Initializes a new instance of the <see cref="TfaRegistrationController"/> class.
+    /// </summary>
+    public TfaRegistrationController(
+        ILogger<TfaRegistrationController> logger,
+        IEnvelopeReceiverService envelopeReceiverService,
+        IAuthenticator authenticator,
+        IReceiverService receiverService,
+        IOptions<TFARegParams> tfaRegParamsOptions,
+        IStringLocalizer<Resource> localizer)
+    {
+        _logger = logger;
+        _envelopeReceiverService = envelopeReceiverService;
+        _authenticator = authenticator;
+        _receiverService = receiverService;
+        _parameters = tfaRegParamsOptions.Value;
+        _localizer = localizer;
+    }
+
+    /// <summary>
+    /// Generates registration metadata (QR code and deadline) for a receiver.
+    /// </summary>
+    /// <param name="envelopeReceiverId">Encoded envelope receiver id.</param>
+    [Authorize]
+    [HttpGet("{envelopeReceiverId}")]
+    public async Task<IActionResult> RegisterAsync(string envelopeReceiverId)
+    {
+        try
+        {
+            var (uuid, signature) = envelopeReceiverId.DecodeEnvelopeReceiverId();
+
+            if (uuid is null || signature is null)
+            {
+                _logger.LogEnvelopeError(uuid: uuid, signature: signature, message: _localizer.WrongEnvelopeReceiverId());
+                return Unauthorized(new { message = _localizer.WrongEnvelopeReceiverId() });
+            }
+
+            var secretResult = await _envelopeReceiverService.ReadWithSecretByUuidSignatureAsync(uuid: uuid, signature: signature);
+            if (secretResult.IsFailed)
+            {
+                _logger.LogNotice(secretResult.Notices);
+                return NotFound(new { message = _localizer.WrongEnvelopeReceiverId() });
+            }
+
+            var envelopeReceiver = secretResult.Data;
+
+            if (!envelopeReceiver.Envelope!.TFAEnabled)
+                return Unauthorized(new { message = _localizer.WrongAccessCode() });
+
+            var receiver = envelopeReceiver.Receiver;
+            receiver!.TotpSecretkey = _authenticator.GenerateTotpSecretKey();
+            await _receiverService.UpdateAsync(receiver);
+            var totpQr64 = _authenticator.GenerateTotpQrCode(userEmail: receiver.EmailAddress, secretKey: receiver.TotpSecretkey).ToBase64String();
+
+            if (receiver.TfaRegDeadline is null)
+            {
+                receiver.TfaRegDeadline = _parameters.Deadline;
+                await _receiverService.UpdateAsync(receiver);
+            }
+            else if (receiver.TfaRegDeadline <= DateTime.Now)
+            {
+                return StatusCode(StatusCodes.Status410Gone, new { message = _localizer.WrongAccessCode() });
+            }
+
+            return Ok(new
+            {
+                envelopeReceiver.EnvelopeId,
+                envelopeReceiver.Envelope!.Uuid,
+                envelopeReceiver.Receiver!.Signature,
+                receiver.TfaRegDeadline,
+                TotpQR64 = totpQr64
+            });
+        }
+        catch (Exception ex)
+        {
+            _logger.LogEnvelopeError(envelopeReceiverId: envelopeReceiverId, exception: ex, message: _localizer.WrongEnvelopeReceiverId());
+            return StatusCode(StatusCodes.Status500InternalServerError, new { message = _localizer.UnexpectedError() });
+        }
+    }
+
+    /// <summary>
+    /// Logs out the envelope receiver from cookie authentication.
+    /// </summary>
+    [Authorize(Roles = Role.FullyAuth)]
+    [HttpPost("auth/logout")]
+    public async Task<IActionResult> LogOutAsync()
+    {
+        try
+        {
+            await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+            return Ok();
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "{message}", ex.Message);
+            return StatusCode(StatusCodes.Status500InternalServerError, new { message = _localizer.UnexpectedError() });
+        }
+    }
+}

EnvelopeGenerator.API/Documentation/AuthProxyDocumentFilter.cs

@@ -0,0 +1,70 @@
+using EnvelopeGenerator.API.Models;
+using Microsoft.OpenApi.Any;
+using Microsoft.OpenApi.Models;
+using Swashbuckle.AspNetCore.SwaggerGen;
+
+namespace EnvelopeGenerator.API.Documentation;
+
+/// <summary>
+/// 
+/// </summary>
+public sealed class AuthProxyDocumentFilter : IDocumentFilter
+{
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="swaggerDoc"></param>
+    /// <param name="context"></param>
+    public void Apply(OpenApiDocument swaggerDoc, DocumentFilterContext context)
+    {
+        const string path = "/api/auth";
+
+        var loginSchema = context.SchemaGenerator.GenerateSchema(typeof(Login), context.SchemaRepository);
+        var loginExample = new OpenApiObject
+        {
+            ["password"] = new OpenApiString(""),
+            ["username"] = new OpenApiString("")
+        };
+
+        var operation = new OpenApiOperation
+        {
+            Summary = "Proxy login (auth-hub)",
+            Description = "Proxies the request to the auth service. Add query parameter `cookie=true|false`.",
+            Tags = [new() { Name = "Auth" }],
+            Parameters =
+            {
+                new OpenApiParameter
+                {
+                    Name = "cookie",
+                    In = ParameterLocation.Query,
+                    Required = false,
+                    Schema = new OpenApiSchema { Type = "boolean", Default = new OpenApiBoolean(true) },
+                    Example = new OpenApiBoolean(true),
+                    Description = "If true, auth service sets the auth cookie."
+                }
+            },
+            RequestBody = new OpenApiRequestBody
+            {
+                Required = true,
+                Content =
+                {
+                    ["application/json"] = new OpenApiMediaType { Schema = loginSchema, Example = loginExample },
+                    ["multipart/form-data"] = new OpenApiMediaType { Schema = loginSchema, Example = loginExample }
+                }
+            },
+            Responses =
+            {
+                ["200"] = new OpenApiResponse { Description = "OK (proxied response)" },
+                ["401"] = new OpenApiResponse { Description = "Unauthorized" }
+            }
+        };
+
+        swaggerDoc.Paths[path] = new OpenApiPathItem
+        {
+            Operations =
+            {
+                [OperationType.Post] = operation
+            }
+        };
+    }
+}

EnvelopeGenerator.API/EnvelopeClaimTypes.cs

@@ -0,0 +1,17 @@
+namespace EnvelopeGenerator.API;
+
+/// <summary>
+/// Provides custom claim types for envelope-related information.
+/// </summary>
+public static class EnvelopeClaimTypes
+{
+    /// <summary>
+    /// Claim type for the title of an envelope.
+    /// </summary>
+    public static readonly string Title = $"Envelope{nameof(Title)}";
+
+    /// <summary>
+    /// Claim type for the ID of an envelope.
+    /// </summary>
+    public static readonly string Id = $"Envelope{nameof(Id)}";
+}

EnvelopeGenerator.API/EnvelopeGenerator.API.csproj

@@ -17,6 +17,17 @@
 	<DocumentationFile>bin\$(Configuration)\$(TargetFramework)\$(AssemblyName).xml</DocumentationFile>
   </PropertyGroup>
 
+  <ItemGroup>
+    <Compile Remove="ClientApp\**" />
+    <Content Remove="ClientApp\**" />
+    <EmbeddedResource Remove="ClientApp\**" />
+    <None Remove="ClientApp\**" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <None Include="yarp.json" CopyToOutputDirectory="PreserveNewest" />
+  </ItemGroup>
+
   <ItemGroup>
     <PackageReference Include="AspNetCore.Scalar" Version="1.1.8" />
     <PackageReference Include="DigitalData.Auth.Client" Version="1.3.7" />
@@ -28,6 +39,7 @@
     <PackageReference Include="Scalar.AspNetCore" Version="2.2.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="8.1.1" />
     <PackageReference Include="DigitalData.EmailProfilerDispatcher.Abstraction" Version="3.2.0" />
+    <PackageReference Include="Yarp.ReverseProxy" Version="2.1.0" />
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'net7.0'">
@@ -49,41 +61,13 @@
   </ItemGroup>
 
   <ItemGroup>
-    <Folder Include="ClientApp\" />
+    <Folder Include="wwwroot\" />
   </ItemGroup>
 
   <ItemGroup>
     <ProjectReference Include="..\EnvelopeGenerator.Application\EnvelopeGenerator.Application.csproj" />
-    <ProjectReference Include="..\EnvelopeGenerator.CommonServices\EnvelopeGenerator.CommonServices.vbproj" />
     <ProjectReference Include="..\EnvelopeGenerator.Domain\EnvelopeGenerator.Domain.csproj" />
     <ProjectReference Include="..\EnvelopeGenerator.Infrastructure\EnvelopeGenerator.Infrastructure.csproj" />
   </ItemGroup>
 
-  <ItemGroup>
-    <None Update="ClientApp\envelope-generator-ui\dist\envelope-generator-ui\browser\chunk-35PBLQEP.js">
-      <CopyToOutputDirectory>Never</CopyToOutputDirectory>
-    </None>
-    <None Update="ClientApp\envelope-generator-ui\dist\envelope-generator-ui\browser\chunk-IUSOII6E.js">
-      <CopyToOutputDirectory>Never</CopyToOutputDirectory>
-    </None>
-    <None Update="ClientApp\envelope-generator-ui\dist\envelope-generator-ui\browser\favicon.ico">
-      <CopyToOutputDirectory>Never</CopyToOutputDirectory>
-    </None>
-    <None Update="ClientApp\envelope-generator-ui\dist\envelope-generator-ui\browser\index.html">
-      <CopyToOutputDirectory>Never</CopyToOutputDirectory>
-    </None>
-    <None Update="ClientApp\envelope-generator-ui\dist\envelope-generator-ui\browser\login\index.html">
-      <CopyToOutputDirectory>Never</CopyToOutputDirectory>
-    </None>
-    <None Update="ClientApp\envelope-generator-ui\dist\envelope-generator-ui\browser\main-ZN7C4PGY.js">
-      <CopyToOutputDirectory>Never</CopyToOutputDirectory>
-    </None>
-    <None Update="ClientApp\envelope-generator-ui\dist\envelope-generator-ui\browser\polyfills-N6LQB2YD.js">
-      <CopyToOutputDirectory>Never</CopyToOutputDirectory>
-    </None>
-    <None Update="ClientApp\envelope-generator-ui\dist\envelope-generator-ui\browser\styles-S5ZWIC2V.css">
-      <CopyToOutputDirectory>Never</CopyToOutputDirectory>
-    </None>
-  </ItemGroup>
-
 </Project>

EnvelopeGenerator.API/Extensions/ReceiverClaimExtensions.cs

@@ -0,0 +1,101 @@
+using System.Linq;
+using System.Security.Claims;
+using EnvelopeGenerator.Application.Common.Dto.EnvelopeReceiver;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+
+namespace EnvelopeGenerator.API.Extensions;
+
+/// <summary>
+/// Provides helper methods for working with envelope-specific authentication claims.
+/// </summary>
+public static class ReceiverClaimExtensions
+{
+    private static string GetRequiredClaimOfReceiver(this ClaimsPrincipal user, string claimType)
+    {
+        var value = user.FindFirstValue(claimType);
+        if (value is not null)
+        {
+            return value;
+        }
+
+        var identity = user.Identity;
+        var principalName = identity?.Name ?? "(anonymous)";
+        var authType = identity?.AuthenticationType ?? "(none)";
+        var availableClaims = string.Join(", ", user.Claims.Select(c => $"{c.Type}={c.Value}"));
+        var message = $"Required claim '{claimType}' is missing for user '{principalName}' (auth: {authType}). Available claims: [{availableClaims}].";
+        throw new InvalidOperationException(message);
+    }
+
+    /// <summary>
+    /// Gets the authenticated envelope UUID from the claims.
+    /// </summary>
+    public static string GetEnvelopeUuidOfReceiver(this ClaimsPrincipal user) => user.GetRequiredClaimOfReceiver(ClaimTypes.NameIdentifier);
+
+    /// <summary>
+    /// Gets the authenticated receiver signature from the claims.
+    /// </summary>
+    public static string GetReceiverSignatureOfReceiver(this ClaimsPrincipal user) => user.GetRequiredClaimOfReceiver(ClaimTypes.Hash);
+
+    /// <summary>
+    /// Gets the authenticated receiver display name from the claims.
+    /// </summary>
+    public static string GetReceiverNameOfReceiver(this ClaimsPrincipal user) => user.GetRequiredClaimOfReceiver(ClaimTypes.Name);
+
+    /// <summary>
+    /// Gets the authenticated receiver email address from the claims.
+    /// </summary>
+    public static string GetReceiverMailOfReceiver(this ClaimsPrincipal user) => user.GetRequiredClaimOfReceiver(ClaimTypes.Email);
+
+    /// <summary>
+    /// Gets the authenticated envelope title from the claims.
+    /// </summary>
+    public static string GetEnvelopeTitleOfReceiver(this ClaimsPrincipal user) => user.GetRequiredClaimOfReceiver(EnvelopeClaimTypes.Title);
+
+    /// <summary>
+    /// Gets the authenticated envelope identifier from the claims.
+    /// </summary>
+    public static int GetEnvelopeIdOfReceiver(this ClaimsPrincipal user)
+    {
+        var envIdStr = user.GetRequiredClaimOfReceiver(EnvelopeClaimTypes.Id);
+        if (!int.TryParse(envIdStr, out var envId))
+        {
+            throw new InvalidOperationException($"Claim '{EnvelopeClaimTypes.Id}' is not a valid integer.");
+        }
+
+        return envId;
+    }
+
+    /// <summary>
+    /// Signs in an envelope receiver using cookie authentication and attaches envelope claims.
+    /// </summary>
+    /// <param name="context">The current HTTP context.</param>
+    /// <param name="envelopeReceiver">Envelope receiver DTO to extract claims from.</param>
+    /// <param name="receiverRole">Role to attach to the authentication ticket.</param>
+    public static async Task SignInEnvelopeAsync(this HttpContext context, EnvelopeReceiverDto envelopeReceiver, string receiverRole)
+    {
+        var claims = new List<Claim>
+        {
+            new(ClaimTypes.NameIdentifier, envelopeReceiver.Envelope!.Uuid),
+            new(ClaimTypes.Hash, envelopeReceiver.Receiver!.Signature),
+            new(ClaimTypes.Name, envelopeReceiver.Name ?? string.Empty),
+            new(ClaimTypes.Email, envelopeReceiver.Receiver.EmailAddress),
+            new(EnvelopeClaimTypes.Title, envelopeReceiver.Envelope.Title),
+            new(EnvelopeClaimTypes.Id, envelopeReceiver.Envelope.Id.ToString()),
+            new(ClaimTypes.Role, receiverRole)
+        };
+
+        var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
+
+        var authProperties = new AuthenticationProperties
+        {
+            AllowRefresh = false,
+            IsPersistent = false
+        };
+
+        await context.SignInAsync(
+            CookieAuthenticationDefaults.AuthenticationScheme,
+            new ClaimsPrincipal(claimsIdentity),
+            authProperties);
+    }
+}

EnvelopeGenerator.API/Extensions/SenderClaimExtensions.cs

@@ -0,0 +1,95 @@
+using System.Security.Claims;
+
+namespace EnvelopeGenerator.API.Extensions
+{
+    /// <summary>
+    /// Provides extension methods for extracting user information from a <see cref="ClaimsPrincipal"/>.
+    /// </summary>
+    public static class SenderClaimExtensions
+    {
+        private static string GetRequiredClaimOfSender(this ClaimsPrincipal user, string claimType)
+        {
+            var value = user.FindFirstValue(claimType);
+            if (value is not null)
+            {
+                return value;
+            }
+
+            var identity = user.Identity;
+            var principalName = identity?.Name ?? "(anonymous)";
+            var authType = identity?.AuthenticationType ?? "(none)";
+            var availableClaims = string.Join(", ", user.Claims.Select(c => $"{c.Type}={c.Value}"));
+            var message = $"Required claim '{claimType}' is missing for user '{principalName}' (auth: {authType}). Available claims: [{availableClaims}].";
+            throw new InvalidOperationException(message);
+        }
+
+        private static string GetRequiredClaimOfSender(this ClaimsPrincipal user, params string[] claimTypes)
+        {
+            string? value = null;
+
+            foreach (var claimType in claimTypes)
+            {
+                value = user.FindFirstValue(claimType);
+                if (value is not null)
+                    return value;
+            }
+
+            var identity = user.Identity;
+            var principalName = identity?.Name ?? "(anonymous)";
+            var authType = identity?.AuthenticationType ?? "(none)";
+            var availableClaims = string.Join(", ", user.Claims.Select(c => $"{c.Type}={c.Value}"));
+            var message = $"Required claim among [{string.Join(", ", claimTypes)}] is missing for user '{principalName}' (auth: {authType}). Available claims: [{availableClaims}].";
+            throw new InvalidOperationException(message);
+        }
+
+        /// <summary>
+        /// Retrieves the user's ID from the claims. Throws an exception if the ID is missing or invalid.
+        /// </summary>
+        /// <param name="user">The <see cref="ClaimsPrincipal"/> representing the user.</param>
+        /// <returns>The user's ID as an integer.</returns>
+        /// <exception cref="InvalidOperationException">Thrown if the user ID claim is missing or invalid.</exception>
+        public static int GetId(this ClaimsPrincipal user)
+        {
+            var idValue = user.GetRequiredClaimOfSender(ClaimTypes.NameIdentifier, "sub");
+
+            if (!int.TryParse(idValue, out var result))
+            {
+                throw new InvalidOperationException("User ID claim is missing or invalid. This may indicate a misconfigured or forged JWT token.");
+            }
+
+            return result;
+        }
+
+        /// <summary>
+        /// Retrieves the username from the claims.
+        /// </summary>
+        /// <param name="user">The <see cref="ClaimsPrincipal"/> representing the user.</param>
+        /// <returns>The username as a string.</returns>
+        public static string GetUsername(this ClaimsPrincipal user)
+            => user.GetRequiredClaimOfSender(ClaimTypes.Name);
+
+        /// <summary>
+        /// Retrieves the user's surname (last name) from the claims.
+        /// </summary>
+        /// <param name="user">The <see cref="ClaimsPrincipal"/> representing the user.</param>
+        /// <returns>The surname as a string.</returns>
+        public static string GetName(this ClaimsPrincipal user)
+            => user.GetRequiredClaimOfSender(ClaimTypes.Surname);
+
+        /// <summary>
+        /// Retrieves the user's given name (first name) from the claims.
+        /// </summary>
+        /// <param name="user">The <see cref="ClaimsPrincipal"/> representing the user.</param>
+        /// <returns>The given name as a string.</returns>
+        public static string GetPrename(this ClaimsPrincipal user)
+            => user.GetRequiredClaimOfSender(ClaimTypes.GivenName);
+
+        /// <summary>
+        /// Retrieves the user's email address from the claims.
+        /// </summary>
+        /// <param name="user">The <see cref="ClaimsPrincipal"/> representing the user.</param>
+        /// <returns>The email address as a string.</returns>
+        public static string GetEmail(this ClaimsPrincipal user)
+            => user.GetRequiredClaimOfSender(ClaimTypes.Email);
+    }
+}

EnvelopeGenerator.API/Middleware/ExceptionHandlingMiddleware.cs

@@ -1,4 +1,4 @@
-namespace EnvelopeGenerator.GeneratorAPI.Middleware;
+namespace EnvelopeGenerator.API.Middleware;
 
 using DigitalData.Core.Exceptions;
 using Microsoft.AspNetCore.Http;

EnvelopeGenerator.API/Models/Auth.cs

@@ -0,0 +1,14 @@
+namespace EnvelopeGenerator.API.Models;
+
+public record Auth(string? AccessCode = null, string? SmsCode = null, string? AuthenticatorCode = null, bool UserSelectSMS = default)
+{
+    public bool HasAccessCode => AccessCode is not null;
+
+    public bool HasSmsCode => SmsCode is not null;
+
+    public bool HasAuthenticatorCode => AuthenticatorCode is not null;
+
+    public bool HasMulti => new[] { HasAccessCode, HasSmsCode, HasAuthenticatorCode }.Count(state => state) > 1;
+
+    public bool HasNone => !(HasAccessCode || HasSmsCode || HasAuthenticatorCode);
+}

EnvelopeGenerator.API/Models/AuthTokenKeys.cs

@@ -1,4 +1,4 @@
-namespace EnvelopeGenerator.GeneratorAPI.Models;
+namespace EnvelopeGenerator.API.Models;
 
 /// <summary>
 /// Represents the keys and default values used for authentication token handling 
@@ -24,5 +24,5 @@ public class AuthTokenKeys
     /// <summary>
     /// Gets the expected audience value for the authentication token.
     /// </summary>
-    public string Audience { get; init; } = "sign-flow-gen.digitaldata.works";
+    public string Audience { get; init; } = "sign-flow.digitaldata.works";
 }

EnvelopeGenerator.API/Models/ConnectionString.cs

@@ -1,4 +1,4 @@
-namespace EnvelopeGenerator.GeneratorAPI.Models;
+namespace EnvelopeGenerator.API.Models;
 
 /// <summary>
 /// 

EnvelopeGenerator.API/Models/ContactLink.cs

@@ -0,0 +1,60 @@
+namespace EnvelopeGenerator.API.Models
+{
+    /// <summary>
+    /// Represents a hyperlink for contact purposes with various HTML attributes.
+    /// </summary>
+    public class ContactLink
+    {
+        /// <summary>
+        /// Gets or sets the label of the hyperlink.
+        /// </summary>
+        public string Label { get; init; } = "Contact";
+
+        /// <summary>
+        /// Gets or sets the URL that the hyperlink points to.
+        /// </summary>
+        public string Href { get; set; } = string.Empty;
+
+        /// <summary>
+        /// Gets or sets the target where the hyperlink should open.
+        /// Commonly used values are "_blank", "_self", "_parent", "_top".
+        /// </summary>
+        public string Target { get; set; } = "_blank";
+
+        /// <summary>
+        /// Gets or sets the relationship of the linked URL as space-separated link types.
+        /// Examples include "nofollow", "noopener", "noreferrer".
+        /// </summary>
+        public string Rel { get; set; } = string.Empty;
+
+        /// <summary>
+        /// Gets or sets the filename that should be downloaded when clicking the hyperlink.
+        /// This attribute will only have an effect if the href attribute is set.
+        /// </summary>
+        public string Download { get; set; } = string.Empty;
+
+        /// <summary>
+        /// Gets or sets the language of the linked resource. Useful when linking to
+        /// content in another language.
+        /// </summary>
+        public string HrefLang { get; set; } = "en";
+
+        /// <summary>
+        /// Gets or sets the MIME type of the linked URL. Helps browsers to handle
+        /// the type correctly when the link is clicked.
+        /// </summary>
+        public string Type { get; set; } = string.Empty;
+
+        /// <summary>
+        /// Gets or sets additional information about the hyperlink, typically viewed
+        /// as a tooltip when the mouse hovers over the link.
+        /// </summary>
+        public string Title { get; set; } = string.Empty;
+
+        /// <summary>
+        /// Gets or sets an identifier for the hyperlink, unique within the HTML document.
+        /// </summary>
+        public string Id { get; set; } = string.Empty;
+    }
+
+}

EnvelopeGenerator.API/Models/Culture.cs

@@ -0,0 +1,17 @@
+using System.Globalization;
+
+namespace EnvelopeGenerator.API.Models;
+
+public class Culture
+{
+    private string _language = string.Empty;
+    public string Language { get => _language;
+        init {
+            _language = value;
+            Info = new(value);
+        } 
+    }
+    public string FIClass { get; init; } = string.Empty;
+
+    public CultureInfo? Info { get; init; }
+}

EnvelopeGenerator.API/Models/Cultures.cs

@@ -0,0 +1,12 @@
+namespace EnvelopeGenerator.API.Models;
+
+public class Cultures : List<Culture>
+{
+    public IEnumerable<string> Languages => this.Select(c => c.Language);
+
+    public IEnumerable<string> FIClasses => this.Select(c => c.FIClass);
+
+    public Culture Default => this.First();
+    
+    public Culture? this[string? language] => language is null ? null : this.Where(c => c.Language == language).FirstOrDefault();
+}

EnvelopeGenerator.API/Models/CustomImages.cs

@@ -0,0 +1,6 @@
+namespace EnvelopeGenerator.API.Models;
+
+public class CustomImages : Dictionary<string, Image>
+{
+    public new Image this[string key] => TryGetValue(key, out var img) && img is not null ? img : new();
+}

EnvelopeGenerator.API/Models/ErrorViewModel.cs

@@ -0,0 +1,10 @@
+namespace EnvelopeGenerator.API.Models;
+
+public class ErrorViewModel
+{
+    public string Title { get; init; } = "404";
+
+    public string Subtitle { get; init; } = "Hmmm...";
+
+    public string Body { get; init; } = "It looks like one of the developers fell asleep";
+}

EnvelopeGenerator.API/Models/Image.cs

@@ -0,0 +1,10 @@
+namespace EnvelopeGenerator.API.Models;
+
+public class Image
+{
+    public string Src { get; init; } = string.Empty;
+
+    public Dictionary<string, string> Classes { get; init; } = new();
+
+    public string GetClassIn(string page) => Classes.TryGetValue(page, out var cls) && cls is not null ? cls : string.Empty;
+}

EnvelopeGenerator.API/Models/Login.cs

@@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 
-namespace EnvelopeGenerator.GeneratorAPI.Models;
+namespace EnvelopeGenerator.API.Models;
 
 /// <summary>
 /// Repräsentiert ein Login-Modell mit erforderlichem Passwort und optionaler ID und Benutzername.

EnvelopeGenerator.API/Models/MainViewModel.cs

@@ -0,0 +1,6 @@
+namespace EnvelopeGenerator.API.Models;
+
+public class MainViewModel
+{
+    public string? Title { get; init; }
+}

EnvelopeGenerator.API/Models/PsPdfKitAnnotation/Annotation.cs

@@ -0,0 +1,93 @@
+using EnvelopeGenerator.API.Models.PsPdfKitAnnotation;
+using System.Text.Json.Serialization;
+
+namespace EnvelopeGenerator.API.Models.PsPdfKitAnnotation;
+
+public record Annotation : IAnnotation
+{
+    public required string Name { get; init; }
+
+    #region Bound Annotation
+    [JsonIgnore]
+    public string? HorBoundAnnotName { get; init; }
+
+    [JsonIgnore]
+    public string? VerBoundAnnotName { get; init; }
+    #endregion
+
+    #region Layout
+    [JsonIgnore]
+    public double? MarginLeft { get; set; }
+
+    [JsonIgnore]
+    public double MarginLeftRatio { get; init; } = 1;
+
+    [JsonIgnore]
+    public double? MarginTop { get; set; }
+
+    [JsonIgnore]
+    public double MarginTopRatio { get; init; } = 1;
+
+    public double? Width { get; set; }
+
+    [JsonIgnore]
+    public double WidthRatio { get; init; } = 1;
+
+    public double? Height { get; set; }
+
+    [JsonIgnore]
+    public double HeightRatio { get; init; } = 1;
+    #endregion
+
+    #region Position
+    public double Left => (MarginLeft ?? 0) + (HorBoundAnnot?.HorBoundary ?? 0);
+
+    public double Top => (MarginTop ?? 0) + (VerBoundAnnot?.VerBoundary ?? 0);
+    #endregion
+
+    #region Boundary
+    [JsonIgnore]
+    public double HorBoundary => Left + (Width ?? 0);
+
+    [JsonIgnore]
+    public double VerBoundary => Top + (Height ?? 0);
+    #endregion
+
+    #region BoundAnnot
+    [JsonIgnore]
+    public Annotation? HorBoundAnnot { get; set; }
+
+    [JsonIgnore]
+    public Annotation? VerBoundAnnot { get; set; }
+    #endregion
+
+    public Color? BackgroundColor { get; init; }
+
+    #region Border
+    public Color? BorderColor { get; init; }
+
+    public string? BorderStyle { get; init; }
+
+    public int? BorderWidth { get; set; }
+    #endregion
+
+    [JsonIgnore]
+    internal Annotation Default 
+    { 
+        set 
+        {
+            // To set null value, annotation must have null (0) value but null must has non-null value
+            if (MarginLeft == null && value.MarginLeft != null)
+                MarginLeft = value.MarginLeft * MarginLeftRatio;
+
+            if (MarginTop == null && value.MarginTop != null)
+                MarginTop = value.MarginTop * MarginTopRatio;
+
+            if (Width == null && value.Width != null)
+                Width = value.Width * WidthRatio;
+
+            if (Height == null && value.Height != null)
+                Height = value.Height * HeightRatio;
+        }
+    }
+};

EnvelopeGenerator.API/Models/PsPdfKitAnnotation/AnnotationParams.cs

@@ -0,0 +1,80 @@
+using EnvelopeGenerator.API.Models.PsPdfKitAnnotation;
+using System.Text.Json.Serialization;
+
+namespace EnvelopeGenerator.API.Models.PsPdfKitAnnotation;
+
+public class AnnotationParams
+{
+    public AnnotationParams()
+    {
+        _AnnotationJSObjectInitor = new(CreateAnnotationJSObject);
+    }
+
+    public Background? Background { get; init; }
+
+    #region Annotation
+    [JsonIgnore]
+    public Annotation? DefaultAnnotation { get; init; }
+
+    private readonly List<Annotation> _annots = new List<Annotation>();
+
+    public bool TryGet(string name, out Annotation annotation)
+    {
+#pragma warning disable CS8601 // Possible null reference assignment.
+        annotation = _annots.FirstOrDefault(a => a.Name == name);
+#pragma warning restore CS8601 // Possible null reference assignment.
+        return annotation is not null;
+    }
+
+    public required IEnumerable<Annotation> Annotations
+    {
+        get => _annots;
+        init
+        {
+            _annots = value.ToList();
+
+            if (DefaultAnnotation is not null)
+                foreach (var annot in _annots)
+                    annot.Default = DefaultAnnotation;
+
+            for (int i = 0; i < _annots.Count; i++)
+            {
+                #region set bound annotations
+                // horizontal
+                if (_annots[i].HorBoundAnnotName is string horBoundAnnotName)
+                    if (TryGet(horBoundAnnotName, out var horBoundAnnot))
+                        _annots[i].HorBoundAnnot = horBoundAnnot;
+                    else
+                        throw new InvalidOperationException($"{horBoundAnnotName} added as bound anotation. However, it is not defined.");
+
+                // vertical
+                if (_annots[i].VerBoundAnnotName is string verBoundAnnotName)
+                    if (TryGet(verBoundAnnotName, out var verBoundAnnot))
+                        _annots[i].VerBoundAnnot = verBoundAnnot;
+                    else
+                        throw new InvalidOperationException($"{verBoundAnnotName} added as bound anotation. However, it is not defined.");
+                #endregion
+            }
+        }
+    }
+    #endregion
+
+    #region AnnotationJSObject
+    private Dictionary<string, IAnnotation> CreateAnnotationJSObject()
+    {
+        var dict = _annots.ToDictionary(a => a.Name.ToLower(), a => a as IAnnotation);
+
+        if (Background is not null)
+        {
+            Background.Locate(_annots);
+            dict.Add(Background.Name.ToLower(), Background);
+        }            
+
+        return dict;
+    }
+
+    private readonly Lazy<Dictionary<string, IAnnotation>> _AnnotationJSObjectInitor;
+
+    public Dictionary<string, IAnnotation> AnnotationJSObject => _AnnotationJSObjectInitor.Value;
+    #endregion
+}

EnvelopeGenerator.API/Models/PsPdfKitAnnotation/Background.cs

@@ -0,0 +1,58 @@
+using System.Text.Json.Serialization;
+
+namespace EnvelopeGenerator.API.Models.PsPdfKitAnnotation;
+
+/// <summary>
+/// The Background is an annotation for the PSPDF Kit. However, it has no function.
+/// It is only the first annotation as a background for other annotations.
+/// </summary>
+public record Background : IAnnotation
+{
+    [JsonIgnore]
+    public double Margin { get; init; }
+
+    public string Name { get; } = "Background";
+
+    public double? Width { get; set; }
+
+    public double? Height { get; set; }
+
+    public double Left { get; set; }
+
+    public double Top { get; set; }
+
+    public Color? BackgroundColor { get; init; }
+
+    #region Border
+    public Color? BorderColor { get; init; }
+
+    public string? BorderStyle { get; init; }
+
+    public int? BorderWidth { get; set; }
+    #endregion
+
+    public void Locate(IEnumerable<IAnnotation> annotations)
+    {
+        // set Top
+        if (annotations.MinBy(a => a.Top)?.Top is double minTop)
+            Top = minTop;
+
+        // set Left
+        if (annotations.MinBy(a => a.Left)?.Left is double minLeft)
+            Left = minLeft;
+
+        // set Width
+        if(annotations.MaxBy(a => a.GetRight())?.GetRight() is double maxRight)
+            Width = maxRight - Left;
+
+        // set Height
+        if (annotations.MaxBy(a => a.GetBottom())?.GetBottom() is double maxBottom)
+            Height = maxBottom - Top;
+
+        // add margins
+        Top -= Margin;
+        Left -= Margin;
+        Width += Margin * 2;
+        Height += Margin * 2;
+    }
+}

EnvelopeGenerator.API/Models/PsPdfKitAnnotation/Color.cs

@@ -0,0 +1,10 @@
+namespace EnvelopeGenerator.API.Models.PsPdfKitAnnotation;
+
+public record Color
+{
+    public int R { get; init; } = 0;
+
+    public int G { get; init; } = 0;
+
+    public int B { get; init; } = 0;
+}

EnvelopeGenerator.API/Models/PsPdfKitAnnotation/Extensions.cs

@@ -0,0 +1,8 @@
+namespace EnvelopeGenerator.API.Models.PsPdfKitAnnotation;
+
+public static class Extensions
+{
+    public static double GetRight(this IAnnotation annotation) => annotation.Left + annotation?.Width ?? 0;
+
+    public static double GetBottom(this IAnnotation annotation) => annotation.Top + annotation?.Height ?? 0;
+}

EnvelopeGenerator.API/Models/PsPdfKitAnnotation/IAnnotation.cs

@@ -0,0 +1,22 @@
+namespace EnvelopeGenerator.API.Models.PsPdfKitAnnotation;
+
+public interface IAnnotation
+{
+    string Name { get; }
+
+    double? Width { get; }
+
+    double? Height { get; }
+
+    double Left { get; }
+
+    double Top { get; }
+
+    Color? BackgroundColor { get; }
+
+    Color? BorderColor { get; }
+
+    string? BorderStyle { get; }
+
+    int? BorderWidth { get; }
+}

EnvelopeGenerator.API/Models/TFARegParams.cs

@@ -0,0 +1,17 @@
+namespace EnvelopeGenerator.API.Models;
+
+/// <summary>
+/// Represents the parameters for two-factor authentication (2FA) registration.
+/// </summary>
+public class TFARegParams
+{
+    /// <summary>
+    /// The maximum allowed time for completing the registration process.
+    /// </summary>
+    public TimeSpan TimeLimit { get; init; } = new(0, 30, 0);
+
+    /// <summary>
+    /// The deadline for registration, calculated as the current time plus the <see cref="TimeLimit"/>.
+    /// </summary>
+    public DateTime Deadline => DateTime.Now.AddTicks(TimeLimit.Ticks);
+}

EnvelopeGenerator.API/Program.cs

@@ -11,11 +11,11 @@ using DigitalData.UserManager.DependencyInjection;
 using EnvelopeGenerator.Application;
 using DigitalData.Auth.Client;
 using DigitalData.Core.Abstractions;
-using EnvelopeGenerator.GeneratorAPI.Models;
+using EnvelopeGenerator.API.Models;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.IdentityModel.Tokens;
 using DigitalData.Core.Abstractions.Security.Extensions;
-using EnvelopeGenerator.GeneratorAPI.Middleware;
+using EnvelopeGenerator.API.Middleware;
 using NLog.Web;
 using NLog;
 
@@ -26,6 +26,8 @@ try
 {
     var builder = WebApplication.CreateBuilder(args);
 
+    builder.Configuration.AddJsonFile("yarp.json", optional: true, reloadOnChange: true);
+
     builder.Logging.SetMinimumLevel(Microsoft.Extensions.Logging.LogLevel.Trace);
 
     if (!builder.Environment.IsDevelopment())
@@ -39,6 +41,8 @@ try
     var deferredProvider = new DeferredServiceProvider();
 
     builder.Services.AddControllers();
+    builder.Services.AddHttpClient();
+    builder.Services.AddReverseProxy().LoadFromConfig(builder.Configuration.GetSection("ReverseProxy"));
 
     // CORS Policy
     var allowedOrigins = config.GetSection("AllowedOrigins").Get<string[]>() ??
@@ -102,6 +106,8 @@ try
         {
             options.IncludeXmlComments(xmlFile);
         }
+
+        options.DocumentFilter<EnvelopeGenerator.API.Documentation.AuthProxyDocumentFilter>();
     });
     builder.Services.AddOpenApi();
 
@@ -241,6 +247,7 @@ try
     app.UseAuthentication();
     app.UseAuthorization();
 
+    app.MapReverseProxy();
     app.MapControllers();
 
     app.Run();

EnvelopeGenerator.API/appsettings.Development.json

@@ -6,11 +6,11 @@
     }
   },
   "AuthClientParams": {
-    "Url": "https://localhost:7192/auth-hub",
+    "Url": "http://172.24.12.39:9090/auth-hub",
     "PublicKeys": [
       {
         "Issuer": "auth.digitaldata.works",
-        "Audience": "sign-flow-gen.digitaldata.works"
+        "Audience": "sign-flow.digitaldata.works"
       }
     ],
     "RetryDelay": "00:00:05"

EnvelopeGenerator.API/appsettings.json

@@ -9,7 +9,7 @@
     }
   },
   "AllowedHosts": "*",
-  "AllowedOrigins": [ "http://localhost:4200" ],
+  "AllowedOrigins": [ "http://localhost:4200", "http://172.24.12.39:9090", "https://localhost:8088", "http://localhost:5131", "http://localhost:7192" ],
   "ConnectionStrings": {
     "Default": "Server=SDD-VMP04-SQL17\\DD_DEVELOP01;Database=DD_ECM;User Id=sa;Password=dd;Encrypt=false;TrustServerCertificate=True;",
     "DbMigrationTest": "Server=SDD-VMP04-SQL17\\DD_DEVELOP01;Database=DD_ECM_DATA_MIGR_TEST;User Id=sa;Password=dd;Encrypt=false;TrustServerCertificate=True;"
@@ -24,11 +24,11 @@
     }
   },
   "AuthClientParams": {
-    "Url": "https://localhost:7192/auth-hub",
+    "Url": "http://172.24.12.39:9090/auth-hub",
     "PublicKeys": [
       {
         "Issuer": "auth.digitaldata.works",
-        "Audience": "sign-flow-gen.digitaldata.works"
+        "Audience": "sign-flow.digitaldata.works"
       }
     ],
     "RetryDelay": "00:00:05"
@@ -37,7 +37,7 @@
     "Cookie": "AuthToken",
     "QueryString": "AuthToken",
     "Issuer": "auth.digitaldata.works",
-    "Audience": "work-flow.digitaldata.works"
+    "Audience": "sign-flow.digitaldata.works"
   },
   "PSPDFKitLicenseKey": "SXCtGGY9XA-31OGUXQK-r7c6AkdLGPm2ljuyDr1qu0kkhLvydg-Do-fxpNUF4Rq3fS_xAnZRNFRHbXpE6sQ2BMcCSVTcXVJO6tPviexjpiT-HnrDEySlUERJnnvh-tmeOWprxS6BySPnSILkmaVQtUfOIUS-cUbvvEYHTvQBKbSF8di4XHQFyfv49ihr51axm3NVV3AXwh2EiKL5C5XdqBZ4sQ4O7vXBjM2zvxdPxlxdcNYmiU83uAzw7B83O_jubPzya4CdUHh_YH7Nlp2gP56MeG1Sw2JhMtfG3Rj14Sg4ctaeL9p6AEWca5dDjJ2li5tFIV2fQSsw6A_cowLu0gtMm5i8IfJXeIcQbMC2-0wGv1oe9hZYJvFMdzhTM_FiejM0agemxt3lJyzuyP8zbBSOgp7Si6A85krLWPZptyZBTG7pp7IHboUHfPMxCXqi-zMsqewOJtQBE2mjntU-lPryKnssOpMPfswwQX7QSkJYV5EMqNmEhQX6mEkp2wcqFzMC7bJQew1aO4pOpvChUaMvb1vgRek0HxLag0nwQYX2YrYGh7F_xXJs-8HNwJe8H0-eW4x4faayCgM5rB5772CCCsD9ThZcvXFrjNHHLGJ8WuBUFm6LArvSfFQdii_7j-_sqHMpeKZt26NFgivj1A==",
   "Content-Security-Policy": [ // The first format parameter {0} will be replaced by the nonce value.

EnvelopeGenerator.API/yarp.json

@@ -0,0 +1,25 @@
+{
+  "ReverseProxy": {
+    "Routes": {
+      "auth-login": {
+        "ClusterId": "auth-hub",
+        "Match": {
+          "Path": "/api/auth",
+          "Methods": [ "POST" ]
+        },
+        "Transforms": [
+          { "PathSet": "/api/auth/sign-flow" }
+        ]
+      }
+    },
+    "Clusters": {
+      "auth-hub": {
+        "Destinations": {
+          "primary": {
+            "Address": "http://172.24.12.39:9090"
+          }
+        }
+      }
+    }
+  }
+}

EnvelopeGenerator.Application/Common/Dto/EnvelopeDto.cs

@@ -74,6 +74,11 @@ public record EnvelopeDto
     /// </summary>
     public int? EnvelopeTypeId { get; set; }
 
+    /// <summary>
+    /// 
+    /// </summary>
+    public bool ReadOnly => EnvelopeTypeId == 2;
+
     /// <summary>
     /// 
     /// </summary>

EnvelopeGenerator.Application/Common/Extensions/LoggerExtensions.cs

@@ -3,8 +3,19 @@ using System.Text;
 
 namespace EnvelopeGenerator.Application.Common.Extensions
 {
+    /// <summary>
+    /// 
+    /// </summary>
     public static class LoggerExtensions
     {
+        /// <summary>
+        /// 
+        /// </summary>
+        /// <param name="logger"></param>
+        /// <param name="envelopeReceiverId"></param>
+        /// <param name="exception"></param>
+        /// <param name="message"></param>
+        /// <param name="args"></param>
         public static void LogEnvelopeError(this ILogger logger, string envelopeReceiverId, Exception? exception = null, string? message = null, params object?[] args)
         {
             var sb = new StringBuilder().AppendLine(envelopeReceiverId.DecodeEnvelopeReceiverId().ToTitle());
@@ -18,6 +29,15 @@ namespace EnvelopeGenerator.Application.Common.Extensions
                 logger.Log(LogLevel.Error, exception, sb.AppendLine(exception.Message).ToString(), args);
         }
 
+        /// <summary>
+        /// 
+        /// </summary>
+        /// <param name="logger"></param>
+        /// <param name="uuid"></param>
+        /// <param name="signature"></param>
+        /// <param name="exception"></param>
+        /// <param name="message"></param>
+        /// <param name="args"></param>
         public static void LogEnvelopeError(this ILogger logger, string? uuid, string? signature = null, Exception? exception = null, string? message = null, params object?[] args)
         {
             var sb = new StringBuilder($"Envelope Uuid: {uuid}");
@@ -34,6 +54,11 @@ namespace EnvelopeGenerator.Application.Common.Extensions
                 logger.Log(LogLevel.Error, exception, sb.ToString(), args);
         }
 
+        /// <summary>
+        /// 
+        /// </summary>
+        /// <param name="envelopeReceiverTuple"></param>
+        /// <returns></returns>
         public static string ToTitle(this (string? UUID, string? Signature) envelopeReceiverTuple)
         {
             return $"UUID is {envelopeReceiverTuple.UUID} and signature is {envelopeReceiverTuple.Signature}";

EnvelopeGenerator.Application/Common/Extensions/TaskExtensions.cs

@@ -5,6 +5,7 @@ namespace EnvelopeGenerator.Application.Common.Extensions;
 /// <summary>
 /// Extension methods for tasks
 /// </summary>
+[Obsolete("Implement Mediator behaviors in the Osolete .NET project.")]
 public static class TaskExtensions
 {
     /// <summary>
@@ -17,6 +18,7 @@ public static class TaskExtensions
     /// <param name="factory">Exception provider</param>
     /// <returns>The awaited result if not <c>null</c>.</returns>
     /// <exception>Thrown if the result is <c>null</c>.</exception>
+    [Obsolete("Implement Mediator behaviors in the Osolete .NET project.")]
     public static async Task<T> ThrowIfNull<T, TException>(this Task<T?> task, Func<TException> factory) where TException : Exception
     {
         var result = await task;
@@ -33,6 +35,7 @@ public static class TaskExtensions
     /// <param name="factory">Exception provider</param>
     /// <returns>The awaited collection if it is not <c>null</c> or empty.</returns>
     /// <exception cref="NotFoundException">Thrown if the result is <c>null</c> or empty.</exception>
+    [Obsolete("Implement Mediator behaviors in the Osolete .NET project.")]
     public static async Task<IEnumerable<T>> ThrowIfEmpty<T, TException>(this Task<IEnumerable<T>> task, Func<TException> factory) where TException : Exception
     {
         var result = await task;
@@ -47,11 +50,33 @@ public static class TaskExtensions
     /// <param name="task"></param>
     /// <param name="act"></param>
     /// <returns></returns>
+    [Obsolete("Implement Mediator behaviors in the Osolete .NET project.")]
     public static async Task<I> Then<T, I>(this Task<T> task, Func<T, I> act)
     {
         var res = await task;
         return act(res);
     }
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <typeparam name="T"></typeparam>
+    /// <param name="task"></param>
+    /// <returns></returns>
+    [Obsolete("Implement Mediator behaviors in the Osolete .NET project.")]
+    public static Task<T?> FirstOrDefaultAsync<T>(this Task<IEnumerable<T>> task) => task.Then(t => t.FirstOrDefault());
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <typeparam name="T"></typeparam>
+    /// <typeparam name="TException"></typeparam>
+    /// <param name="task"></param>
+    /// <param name="factory"></param>
+    /// <returns></returns>
+    public static Task<T> FirstAsync<T, TException>(this Task<IEnumerable<T>> task, Func<TException> factory) 
+        where TException : Exception 
+        => task.Then(t => t.FirstOrDefault() ?? throw factory());
 }
 
 /// <summary>
@@ -68,11 +93,13 @@ public static class Exceptions
     /// 
     /// </summary>
     /// <returns></returns>
+    [Obsolete("Implement Mediator behaviors in the Osolete .NET project.")]
     public static BadRequestException BadRequest() => new();
 
     /// <summary>
     /// 
     /// </summary>
     /// <returns></returns>
+    [Obsolete("Implement Mediator behaviors in the Osolete .NET project.")]
     public static ForbiddenException Forbidden() => new();
 }

EnvelopeGenerator.Application/Common/Extensions/XSSExtensions.cs

@@ -2,16 +2,42 @@
 using Microsoft.Extensions.Localization;
 using System.Text.Encodings.Web;
 
-namespace EnvelopeGenerator.Application.Common.Extensions
+namespace EnvelopeGenerator.Application.Common.Extensions;
+
+/// <summary>
+/// 
+/// </summary>
+public static class XSSExtensions
 {
-    public static class XSSExtensions
-    {
-        public static string? TryEncode(this string? value, UrlEncoder encoder) => value is null ? value : encoder.Encode(value);
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="value"></param>
+    /// <param name="encoder"></param>
+    /// <returns></returns>
+    public static string? TryEncode(this string? value, UrlEncoder encoder) => value is null ? value : encoder.Encode(value);
 
-        public static string? TryEncode(this LocalizedString? value, UrlEncoder encoder) => value is null ? null : encoder.Encode(value);
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="value"></param>
+    /// <param name="encoder"></param>
+    /// <returns></returns>
+    public static string? TryEncode(this LocalizedString? value, UrlEncoder encoder) => value is null ? null : encoder.Encode(value);
 
-        public static string? TrySanitize(this string? html, HtmlSanitizer sanitizer) => html is null ? html : sanitizer.Sanitize(html);
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="html"></param>
+    /// <param name="sanitizer"></param>
+    /// <returns></returns>
+    public static string? TrySanitize(this string? html, HtmlSanitizer sanitizer) => html is null ? html : sanitizer.Sanitize(html);
 
-        public static string? TrySanitize(this LocalizedString? html, HtmlSanitizer sanitizer) => html is null ? null : sanitizer.Sanitize(html);
-    }
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="html"></param>
+    /// <param name="sanitizer"></param>
+    /// <returns></returns>
+    public static string? TrySanitize(this LocalizedString? html, HtmlSanitizer sanitizer) => html is null ? null : sanitizer.Sanitize(html);
 }

EnvelopeGenerator.Application/Common/Notifications/DocSigned/DocSignedNotification.cs

@@ -24,7 +24,7 @@ public record DocSignedNotification(EnvelopeReceiverDto Original) : EnvelopeRece
     /// <summary>
     /// 
     /// </summary>
-    public PsPdfKitAnnotation PsPdfKitAnnotation { get; init; } = null!;
+    public PsPdfKitAnnotation? PsPdfKitAnnotation { get; init; }
 
     /// <summary>
     /// 
@@ -59,7 +59,7 @@ public static class DocSignedNotificationExtensions
     /// <param name="dtoTask"></param>
     /// <param name="psPdfKitAnnotation"></param>
     /// <returns></returns>
-    public static async Task<DocSignedNotification?> ToDocSignedNotification(this Task<EnvelopeReceiverDto?> dtoTask, PsPdfKitAnnotation psPdfKitAnnotation)
+    public static async Task<DocSignedNotification?> ToDocSignedNotification(this Task<EnvelopeReceiverDto?> dtoTask, PsPdfKitAnnotation? psPdfKitAnnotation)
         => await dtoTask is EnvelopeReceiverDto dto ? new(dto) { PsPdfKitAnnotation = psPdfKitAnnotation } : null;
 
     /// <summary>

EnvelopeGenerator.Application/Common/Notifications/DocSigned/Handlers/AnnotationHandler.cs

@@ -29,6 +29,9 @@ public class AnnotationHandler : INotificationHandler<DocSignedNotification>
     /// <param name="notification"></param>
     /// <param name="cancel"></param>
     /// <returns></returns>
-    public Task Handle(DocSignedNotification notification, CancellationToken cancel)
-        => _repo.CreateAsync(notification.PsPdfKitAnnotation.Structured, cancel);
+    public async Task Handle(DocSignedNotification notification, CancellationToken cancel)
+    {
+        if (notification.PsPdfKitAnnotation is PsPdfKitAnnotation annot)
+            await _repo.CreateAsync(annot.Structured, cancel);
+    }
 }

EnvelopeGenerator.Application/Common/Notifications/DocSigned/Handlers/DocStatusHandler.cs

@@ -10,6 +10,8 @@ namespace EnvelopeGenerator.Application.Common.Notifications.DocSigned.Handlers;
 /// </summary>
 public class DocStatusHandler : INotificationHandler<DocSignedNotification>
 {
+    private const string BlankAnnotationJson = "{}";
+
     private readonly ISender _sender;
 
     /// <summary>
@@ -33,7 +35,9 @@ public class DocStatusHandler : INotificationHandler<DocSignedNotification>
         {
             Envelope = new() { Id = notification.EnvelopeId },
             Receiver = new() { Id = notification.ReceiverId},
-            Value = JsonSerializer.Serialize(notification.PsPdfKitAnnotation.Instant, Format.Json.ForAnnotations)
+            Value = notification.PsPdfKitAnnotation is PsPdfKitAnnotation annot 
+                    ? JsonSerializer.Serialize(annot.Instant, Format.Json.ForAnnotations) 
+                    : BlankAnnotationJson
         }, cancel);
     }
 }

EnvelopeGenerator.Application/Documents/Queries/ReadDocumentQuery.cs

@@ -4,6 +4,7 @@ using EnvelopeGenerator.Domain.Entities;
 using Microsoft.EntityFrameworkCore;
 using AutoMapper;
 using EnvelopeGenerator.Application.Common.Dto;
+using DigitalData.Core.Exceptions;
 
 namespace EnvelopeGenerator.Application.Documents.Queries;
 
@@ -12,14 +13,14 @@ namespace EnvelopeGenerator.Application.Documents.Queries;
 /// </summary>
 /// <param name="Id">The unique identifier of the document. Optional.</param>
 /// <param name="EnvelopeId">The identifier of the envelope associated with the document. Optional.</param>
-public record ReadDocumentQuery(int? Id = null, int? EnvelopeId = null) : IRequest<DocumentDto?>
+public record ReadDocumentQuery(int? Id = null, int? EnvelopeId = null) : IRequest<DocumentDto>
 {
 }
 
 /// <summary>
 /// Handles queries for reading <see cref="Document"/> data based on either the document ID or the envelope ID.
 /// </summary>
-public class ReadDocumentQueryHandler : IRequestHandler<ReadDocumentQuery, DocumentDto?>
+public class ReadDocumentQueryHandler : IRequestHandler<ReadDocumentQuery, DocumentDto>
 {
     /// <summary>
     /// TempRepo for accessing <see cref="Document"/> entities.
@@ -50,20 +51,19 @@ public class ReadDocumentQueryHandler : IRequestHandler<ReadDocumentQuery, Docum
     /// <exception cref="InvalidOperationException">
     /// Thrown when neither <see cref="ReadDocumentQuery.Id"/> nor <see cref="ReadDocumentQuery.EnvelopeId"/> is provided.
     /// </exception>
-    public async Task<DocumentDto?> Handle(ReadDocumentQuery query, CancellationToken cancel)
+    public async Task<DocumentDto> Handle(ReadDocumentQuery query, CancellationToken cancel)
     {
         if (query.Id is not null)
         {
-            var doc = await _repo.ReadOnly().Where(d => d.Id == query.Id).FirstOrDefaultAsync(cancel);
+            var doc = await _repo.Query.Where(d => d.Id == query.Id).FirstOrDefaultAsync(cancel);
             return _mapper.Map<DocumentDto>(doc);
         }            
         else if (query.EnvelopeId is not null)
         {
-            var doc = await _repo.ReadOnly().Where(d => d.EnvelopeId == query.EnvelopeId).FirstOrDefaultAsync(cancel);
+            var doc = await _repo.Query.Where(d => d.EnvelopeId == query.EnvelopeId).FirstOrDefaultAsync(cancel);
             return _mapper.Map<DocumentDto>(doc);
         }
 
-        throw new InvalidOperationException(
-            $"Invalid {nameof(ReadDocumentQuery)}: either {nameof(query.Id)} or {nameof(query.EnvelopeId)} must be provided.");
+        throw new NotFoundException();
     }
 }

EnvelopeGenerator.Application/EmailTemplates/Commands/Update/UpdateEmailTemplateCommandHandler.cs

@@ -22,6 +22,7 @@ public class UpdateEmailTemplateCommandHandler : IRequestHandler<UpdateEmailTemp
     /// 
     /// </summary>
     /// <param name="repository"></param>
+    /// <param name="mapper"></param>
     public UpdateEmailTemplateCommandHandler(IRepository<EmailTemplate> repository, IMapper mapper)
     {
         _repository = repository;

EnvelopeGenerator.Application/EnvelopeGenerator.Application.csproj

@@ -14,7 +14,7 @@
 
 	<ItemGroup>
 		<PackageReference Include="Dapper" Version="2.1.66" />
-		<PackageReference Include="DigitalData.Core.Abstraction.Application" Version="1.4.0" />
+		<PackageReference Include="DigitalData.Core.Abstraction.Application" Version="1.6.0" />
 		<PackageReference Include="DigitalData.Core.Application" Version="3.4.0" />
 		<PackageReference Include="DigitalData.Core.Client" Version="2.1.0" />
 		<PackageReference Include="DigitalData.Core.Exceptions" Version="1.1.0" />

EnvelopeGenerator.Application/EnvelopeReceivers/Queries/ReadEnvelopeReceiverQuery.cs

@@ -1,4 +1,4 @@
-using AutoMapper;
+using AutoMapper;
 using DigitalData.Core.Abstraction.Application.Repository;
 using DigitalData.Core.Exceptions;
 using EnvelopeGenerator.Application.Envelopes.Queries;
@@ -47,7 +47,13 @@ namespace EnvelopeGenerator.Application.EnvelopeReceivers.Queries;
 /// Die Antwort enthält Details wie den Include, die Zuordnung zwischen Umschlag und Empfänger 
 /// sowie zusätzliche Metadaten.
 /// </remarks>
-public record ReadEnvelopeReceiverQuery : EnvelopeReceiverQueryBase<ReadEnvelopeQuery, ReadReceiverQuery>, IRequest<IEnumerable<EnvelopeReceiverDto>>;
+public record ReadEnvelopeReceiverQuery : EnvelopeReceiverQueryBase<ReadEnvelopeQuery, ReadReceiverQuery>, IRequest<IEnumerable<EnvelopeReceiverDto>>
+{
+    /// <summary>
+    /// Optionaler Benutzernamefilter, um Ergebnisse auf Umschläge eines bestimmten Besitzers einzuschränken.
+    /// </summary>
+    public string? Username { get; init; }
+}
 
 /// <summary>
 /// 
@@ -61,10 +67,11 @@ public static class Extensions
     /// <param name="key"></param>
     /// <param name="cancel"></param>
     /// <returns></returns>
-    public static Task<EnvelopeReceiverDto?> ReadEnvelopeReceiverAsync(this IMediator mediator, string key, CancellationToken cancel = default)
+    public static async Task<EnvelopeReceiverDto?> ReadEnvelopeReceiverAsync(this IMediator mediator, string key, CancellationToken cancel = default)
     {
         var q = new ReadEnvelopeReceiverQuery() { Key = key };
-        return mediator.Send(q, cancel).Then(envRcvs => envRcvs.FirstOrDefault());
+        var envRcvs = await mediator.Send(q, cancel);
+        return envRcvs.FirstOrDefault();
     }
 
     /// <summary>
@@ -75,80 +82,82 @@ public static class Extensions
     /// <param name="signature"></param>
     /// <param name="cancel"></param>
     /// <returns></returns>
-    public static Task<EnvelopeReceiverDto?> ReadEnvelopeReceiverAsync(this IMediator mediator, string uuid, string signature, CancellationToken cancel = default)
+    public static async Task<EnvelopeReceiverDto?> ReadEnvelopeReceiverAsync(this IMediator mediator, string uuid, string signature, CancellationToken cancel = default)
     {
         var q = new ReadEnvelopeReceiverQuery();
         q.Envelope.Uuid = uuid;
         q.Receiver.Signature = signature;
-        return mediator.Send(q, cancel).Then(envRcvs => envRcvs.FirstOrDefault());
+        var envRcvs = await mediator.Send(q, cancel);
+        return envRcvs.FirstOrDefault();
     }
-}
-
-/// <summary>
-/// 
-/// </summary>
-public class ReadEnvelopeReceiverQueryHandler : IRequestHandler<ReadEnvelopeReceiverQuery, IEnumerable<EnvelopeReceiverDto>>
-{
-    private readonly IRepository<EnvelopeReceiver> _repo;
-
-    private readonly IRepository<Receiver> _rcvRepo;
-
-    private readonly IMapper _mapper;
-
     /// <summary>
-    /// 
+    /// Verarbeitet <see cref="ReadEnvelopeReceiverQuery"/> und liefert passende <see cref="EnvelopeReceiverDto"/>-Ergebnisse.
     /// </summary>
-    /// <param name="envelopeReceiver"></param>
-    /// <param name="mapper"></param>
-    public ReadEnvelopeReceiverQueryHandler(IRepository<EnvelopeReceiver> envelopeReceiver, IRepository<Receiver> rcvRepo, IMapper mapper)
+    public class ReadEnvelopeReceiverQueryHandler : IRequestHandler<ReadEnvelopeReceiverQuery, IEnumerable<EnvelopeReceiverDto>>
     {
-        _repo = envelopeReceiver;
-        _mapper = mapper;
-        _rcvRepo = rcvRepo;
-    }
+        private readonly IRepository<EnvelopeReceiver> _repo;
+        private readonly IRepository<Receiver> _rcvRepo;
+        private readonly IMapper _mapper;
 
-    /// <summary>
-    /// 
-    /// </summary>
-    /// <param name="request"></param>
-    /// <param name="cancel"></param>
-    /// <returns></returns>
-    /// <exception cref="BadRequestException"></exception>
-    public async Task<IEnumerable<EnvelopeReceiverDto>> Handle(ReadEnvelopeReceiverQuery request, CancellationToken cancel)
-    {
-        var q = _repo.ReadOnly().Where(request, notnull: false);
-
-        if (request.Envelope.Status is not null)
+        /// <summary>
+        /// 
+        /// </summary>
+        /// <param name="envelopeReceiver"></param>
+        /// <param name="rcvRepo"></param>
+        /// <param name="mapper"></param>
+        public ReadEnvelopeReceiverQueryHandler(IRepository<EnvelopeReceiver> envelopeReceiver, IRepository<Receiver> rcvRepo, IMapper mapper)
         {
-            var status = request.Envelope.Status;
-            if (status.Min is not null)
-                q = q.Where(er => er.Envelope!.Status >= status.Min);
-
-            if (status.Max is not null)
-                q = q.Where(er => er.Envelope!.Status <= status.Max);
-
-            if (status.Include?.Length > 0)
-                q = q.Where(er => status.Include.Contains(er.Envelope!.Status));
-
-            if (status.Ignore is not null)
-                q = q.Where(er => !status.Ignore.Contains(er.Envelope!.Status));
+            _repo = envelopeReceiver;
+            _mapper = mapper;
+            _rcvRepo = rcvRepo;
         }
 
-        var envRcvs = await q
-                        .Include(er => er.Envelope).ThenInclude(e => e!.Documents!).ThenInclude(d => d.Elements)
-                        .Include(er => er.Envelope).ThenInclude(e => e!.Histories)
-                        .Include(er => er.Envelope).ThenInclude(e => e!.User)
-                        .Include(er => er.Receiver)
-                        .ToListAsync(cancel);
-
-        if (request.Receiver.HasAnyCriteria && envRcvs.Any())
+        /// <summary>
+        /// 
+        /// </summary>
+        /// <param name="request"></param>
+        /// <param name="cancel"></param>
+        /// <returns></returns>
+        /// <exception cref="BadRequestException"></exception>
+        public async Task<IEnumerable<EnvelopeReceiverDto>> Handle(ReadEnvelopeReceiverQuery request, CancellationToken cancel)
         {
-            var receiver = await _rcvRepo.ReadOnly().Where(request.Receiver).FirstAsync(cancel);
+            var q = _repo.Query.Where(request, notnull: false);
 
-            foreach (var envRcv in envRcvs)
-                envRcv.Envelope?.Documents?.First().Elements.RemoveAll(s => s.ReceiverId != receiver.Id);
+            if (request.Username is string username)
+                q = q.Where(er => er.Envelope!.User.Username == username);
+
+            if (request.Envelope.Status is not null)
+            {
+                var status = request.Envelope.Status;
+                if (status.Min is not null)
+                    q = q.Where(er => er.Envelope!.Status >= status.Min);
+
+                if (status.Max is not null)
+                    q = q.Where(er => er.Envelope!.Status <= status.Max);
+
+                if (status.Include?.Length > 0)
+                    q = q.Where(er => status.Include.Contains(er.Envelope!.Status));
+
+                if (status.Ignore is not null)
+                    q = q.Where(er => !status.Ignore.Contains(er.Envelope!.Status));
+            }
+
+            var envRcvs = await q
+                            .Include(er => er.Envelope).ThenInclude(e => e!.Documents!).ThenInclude(d => d.Elements)
+                            .Include(er => er.Envelope).ThenInclude(e => e!.Histories)
+                            .Include(er => er.Envelope).ThenInclude(e => e!.User)
+                            .Include(er => er.Receiver)
+                            .ToListAsync(cancel);
+
+            if (request.Receiver.HasAnyCriteria && envRcvs.Count != 0)
+            {
+                var receiver = await _rcvRepo.Query.Where(request.Receiver).FirstAsync(cancel);
+
+                foreach (var envRcv in envRcvs)
+                    envRcv.Envelope?.Documents?.FirstOrDefault()?.Elements?.RemoveAll(s => s.ReceiverId != receiver.Id);
+            }
+
+            return _mapper.Map<List<EnvelopeReceiverDto>>(envRcvs);
         }
-
-        return _mapper.Map<List<EnvelopeReceiverDto>>(envRcvs);
     }
-} 
+}

EnvelopeGenerator.Application/EnvelopeReceivers/Queries/ReceiverAlreadySignedQuery.cs

@@ -68,6 +68,6 @@ public class ReceiverAlreadySignedQueryHandler : IRequestHandler<ReceiverAlready
     /// <returns></returns>
     public async Task<bool> Handle(ReceiverAlreadySignedQuery request, CancellationToken cancel = default)
     {
-        return await _repo.ReadOnly().Where(request).Where(h => h.Status == EnvelopeStatus.DocumentSigned).AnyAsync(cancel);
+        return await _repo.Query.Where(request).Where(h => h.Status == EnvelopeStatus.DocumentSigned).AnyAsync(cancel);
     }
 }

EnvelopeGenerator.Application/EnvelopeTypes/Queries/ReadEnvelopeTypesQuery.cs

@@ -0,0 +1,45 @@
+using EnvelopeGenerator.Application.Common.Dto;
+using MediatR;
+using AutoMapper;
+using DigitalData.Core.Abstraction.Application.Repository;
+using EnvelopeGenerator.Domain.Entities;
+using Microsoft.EntityFrameworkCore;
+
+namespace EnvelopeGenerator.Application.EnvelopeTypes.Queries;
+
+/// <summary>
+/// 
+/// </summary>
+public record ReadEnvelopeTypesQuery : IRequest<IEnumerable<EnvelopeTypeDto>>;
+
+/// <summary>
+/// 
+/// </summary>
+public class ReadEnvelopeTypesQueryHandler : IRequestHandler<ReadEnvelopeTypesQuery, IEnumerable<EnvelopeTypeDto>>
+{
+    private readonly IRepository<EnvelopeType> _repository;
+    private readonly IMapper _mapper;
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="repository"></param>
+    /// <param name="mapper"></param>
+    public ReadEnvelopeTypesQueryHandler(IRepository<EnvelopeType> repository, IMapper mapper)
+    {
+        _repository = repository;
+        _mapper = mapper;
+    }
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="request"></param>
+    /// <param name="cancellationToken"></param>
+    /// <returns></returns>
+    public async Task<IEnumerable<EnvelopeTypeDto>> Handle(ReadEnvelopeTypesQuery request, CancellationToken cancellationToken)
+    {
+        var types = await _repository.Query.ToListAsync(cancellationToken);
+        return _mapper.Map<IEnumerable<EnvelopeTypeDto>>(types);
+    }
+}

EnvelopeGenerator.Application/Envelopes/Commands/CreateEnvelopeCommand.cs

@@ -33,7 +33,18 @@ public record CreateEnvelopeCommand : IRequest<EnvelopeDto?>
     /// <summary>
     /// ID des Absenders
     /// </summary>
-    public int UserId { get; set; }
+    internal int UserId { get; private set; }
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="userId"></param>
+    /// <returns></returns>
+    public bool Authorize(int userId)
+    {
+        UserId = userId;
+        return true;
+    }
 
     /// <summary>
     /// Determines which component is used for envelope processing.

EnvelopeGenerator.Application/Envelopes/Queries/ReadEnvelopeQuery.cs

@@ -1,18 +1,33 @@
 using MediatR;
 using EnvelopeGenerator.Domain.Constants;
 using EnvelopeGenerator.Application.Common.Query;
+using EnvelopeGenerator.Application.Common.Dto;
+using AutoMapper;
+using DigitalData.Core.Abstraction.Application.Repository;
+using EnvelopeGenerator.Domain.Entities;
+using Microsoft.EntityFrameworkCore;
 
 namespace EnvelopeGenerator.Application.Envelopes.Queries;
 
 /// <summary>
 /// Repräsentiert eine Abfrage für Umschläge.
 /// </summary>
-public record ReadEnvelopeQuery : EnvelopeQueryBase, IRequest
+public record ReadEnvelopeQuery : EnvelopeQueryBase, IRequest<IEnumerable<EnvelopeDto>>
 {
     /// <summary>
     /// Abfrage des Include des Umschlags
     /// </summary>
     public EnvelopeStatusQuery? Status { get; init; }
+
+    /// <summary>
+    /// Optionaler Benutzerfilter; wenn gesetzt, werden nur Umschläge des Benutzers geladen.
+    /// </summary>
+    public int? UserId { get; init; }
+
+    /// <summary>
+    /// Setzt den Benutzerkontext für die Abfrage.
+    /// </summary>
+    public ReadEnvelopeQuery Authorize(int userId) => this with { UserId = userId };
 }
 
 /// <summary>
@@ -65,4 +80,62 @@ public record EnvelopeStatusQuery
     /// Eine Liste von Statuswerten, die ignoriert werden werden.
     /// </summary>
     public EnvelopeStatus[]? Ignore { get; init; }
+}
+
+/// <summary>
+/// Verarbeitet <see cref="ReadEnvelopeQuery"/> und liefert passende <see cref="EnvelopeDto"/>-Ergebnisse.
+/// </summary>
+public class ReadEnvelopeQueryHandler : IRequestHandler<ReadEnvelopeQuery, IEnumerable<EnvelopeDto>>
+{
+    private readonly IRepository<Envelope> _repository;
+    private readonly IMapper _mapper;
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="repository"></param>
+    /// <param name="mapper"></param>
+    public ReadEnvelopeQueryHandler(IRepository<Envelope> repository, IMapper mapper)
+    {
+        _repository = repository;
+        _mapper = mapper;
+    }
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="request"></param>
+    /// <param name="cancel"></param>
+    /// <returns></returns>
+    public async Task<IEnumerable<EnvelopeDto>> Handle(ReadEnvelopeQuery request, CancellationToken cancel)
+    {
+        var query = _repository.Query;
+
+        if (request.UserId is int userId)
+            query = query.Where(e => e.UserId == userId);
+
+        if (request.Id is int id)
+            query = query.Where(e => e.Id == id);
+
+        if (request.Uuid is string uuid)
+            query = query.Where(e => e.Uuid == uuid);
+
+        if (request.Status is { } status)
+        {
+            if (status.Min is not null)
+                query = query.Where(e => e.Status >= status.Min);
+            if (status.Max is not null)
+                query = query.Where(e => e.Status <= status.Max);
+            if (status.Include?.Length > 0)
+                query = query.Where(e => status.Include.Contains(e.Status));
+            if (status.Ignore?.Length > 0)
+                query = query.Where(e => !status.Ignore.Contains(e.Status));
+        }
+
+        var envelopes = await query
+            .Include(e => e.Documents)
+            .ToListAsync(cancel);
+
+        return _mapper.Map<IEnumerable<EnvelopeDto>>(envelopes);
+    }
 }

EnvelopeGenerator.Application/Envelopes/Queries/ReadReceiverNameQuery.cs

@@ -1,4 +1,8 @@
-using EnvelopeGenerator.Application.Receivers.Queries;
+using DigitalData.Core.Abstraction.Application.Repository;
+using EnvelopeGenerator.Application.Common.Query;
+using MediatR;
+using EnvelopeGenerator.Domain.Entities;
+using Microsoft.EntityFrameworkCore;
 
 namespace EnvelopeGenerator.Application.Envelopes.Queries;
 
@@ -6,6 +10,54 @@ namespace EnvelopeGenerator.Application.Envelopes.Queries;
 /// Eine Abfrage, um die zuletzt verwendete Anrede eines Empfängers zu ermitteln, 
 /// damit diese für zukünftige Umschläge wiederverwendet werden kann.
 /// </summary>
-public record ReadReceiverNameQuery() : ReadReceiverQuery
+public record ReadReceiverNameQuery() : ReceiverQueryBase, IRequest<string?>;
+
+/// <summary>
+/// 
+/// </summary>
+public class ReadReceiverNameQueryHandler : IRequestHandler<ReadReceiverNameQuery, string?>
 {
-}
+    private readonly IRepository<EnvelopeReceiver> _envelopeReceiverRepository;
+    private readonly IRepository<Receiver> _receiverRepository;
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="envelopeReceiverRepository"></param>
+    /// <param name="receiverRepository"></param>
+    public ReadReceiverNameQueryHandler(IRepository<EnvelopeReceiver> envelopeReceiverRepository, IRepository<Receiver> receiverRepository)
+    {
+        _envelopeReceiverRepository = envelopeReceiverRepository;
+        _receiverRepository = receiverRepository;
+    }
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="request"></param>
+    /// <param name="cancellationToken"></param>
+    /// <returns></returns>
+    public async Task<string?> Handle(ReadReceiverNameQuery request, CancellationToken cancellationToken)
+    {
+        var receiverQuery = _receiverRepository.Query.AsNoTracking();
+
+        if (request.Id is int id)
+            receiverQuery = receiverQuery.Where(r => r.Id == id);
+        if (request.EmailAddress is string email)
+            receiverQuery = receiverQuery.Where(r => r.EmailAddress == email);
+        if (request.Signature is string signature)
+            receiverQuery = receiverQuery.Where(r => r.Signature == signature);
+
+        var receiver = await receiverQuery.FirstOrDefaultAsync(cancellationToken);
+        if (receiver is null)
+            return null;
+
+        var erName = await _envelopeReceiverRepository.Query
+            .Where(er => er.ReceiverId == receiver.Id)
+            .OrderByDescending(er => er.AddedWhen)
+            .Select(er => er.Name)
+            .FirstOrDefaultAsync(cancellationToken);
+
+        return erName;
+    }
+}

EnvelopeGenerator.Application/Histories/Commands/CreateHistoryCommand.cs

@@ -82,7 +82,7 @@ public class CreateHistoryCommandHandler : IRequestHandler<CreateHistoryCommand,
         if(request.UserReference is null)
         {
             var receivers = await _erRepo
-                .ReadOnly()
+                .Query
                 .Where(request)
                 .Include(er => er.Receiver)
                 .ToListAsync(cancel);

EnvelopeGenerator.Application/Receivers/Commands/CreateReceiverCommand.cs

@@ -67,6 +67,7 @@ public class CreateReceiverCommandHandler : IRequestHandler<CreateReceiverComman
     /// 
     /// </summary>
     /// <param name="repo"></param>
+    /// <param name="mapper"></param>
     public CreateReceiverCommandHandler(IRepository<Receiver> repo, IMapper mapper)
     {
         _repo = repo;
@@ -81,7 +82,7 @@ public class CreateReceiverCommandHandler : IRequestHandler<CreateReceiverComman
     /// <returns></returns>
     public async Task<(ReceiverDto Receiver, bool AlreadyExists)> Handle(CreateReceiverCommand request, CancellationToken cancel)
     {
-        var receiver = await _repo.ReadOnly()
+        var receiver = await _repo.Query
             .Where(r => r.EmailAddress == request.EmailAddress)
             .SingleOrDefaultAsync(cancel);
 

EnvelopeGenerator.Application/Receivers/Queries/ReadReceiverQuery.cs

@@ -1,4 +1,10 @@
-using EnvelopeGenerator.Application.Common.Query;
+using AutoMapper;
+using DigitalData.Core.Abstraction.Application.Repository;
+using EnvelopeGenerator.Application.Common.Dto.Receiver;
+using EnvelopeGenerator.Application.Common.Query;
+using MediatR;
+using EnvelopeGenerator.Domain.Entities;
+using Microsoft.EntityFrameworkCore;
 
 namespace EnvelopeGenerator.Application.Receivers.Queries;
 
@@ -6,4 +12,53 @@ namespace EnvelopeGenerator.Application.Receivers.Queries;
 /// Stellt eine Abfrage dar, um die Details eines Empfängers zu lesen.
 /// um spezifische Informationen über einen Empfänger abzurufen.
 /// </summary>
-public record ReadReceiverQuery : ReceiverQueryBase;
+public record ReadReceiverQuery : ReceiverQueryBase, IRequest<IEnumerable<ReceiverDto>>;
+
+/// <summary>
+/// 
+/// </summary>
+public class ReadReceiverQueryHandler : IRequestHandler<ReadReceiverQuery, IEnumerable<ReceiverDto>>
+{
+    private readonly IRepository<Receiver> _repository;
+    private readonly IMapper _mapper;
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="repository"></param>
+    /// <param name="mapper"></param>
+    public ReadReceiverQueryHandler(IRepository<Receiver> repository, IMapper mapper)
+    {
+        _repository = repository;
+        _mapper = mapper;
+    }
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="request"></param>
+    /// <param name="cancellationToken"></param>
+    /// <returns></returns>
+    public async Task<IEnumerable<ReceiverDto>> Handle(ReadReceiverQuery request, CancellationToken cancellationToken)
+    {
+        var query = _repository.Query;
+
+        if (request.Id is int id)
+        {
+            query = query.Where(r => r.Id == id);
+        }
+
+        if (request.EmailAddress is string email)
+        {
+            query = query.Where(r => r.EmailAddress == email);
+        }
+
+        if (request.Signature is string signature)
+        {
+            query = query.Where(r => r.Signature == signature);
+        }
+
+        var receiver = await query.ToListAsync(cancellationToken);
+        return _mapper.Map<IEnumerable<ReceiverDto>>(receiver);
+    }
+}

EnvelopeGenerator.BBTests/EnvelopeGenerator.BBTests.vbproj

@@ -70,8 +70,8 @@
     <Reference Include="DigitalData.Controls.DocumentViewer, Version=1.9.8.0, Culture=neutral, processorArchitecture=MSIL">
       <HintPath>..\packages\DigitalData.Controls.DocumentViewer.1.9.8\lib\net462\DigitalData.Controls.DocumentViewer.dll</HintPath>
     </Reference>
-    <Reference Include="DigitalData.Core.Abstraction.Application, Version=1.4.0.0, Culture=neutral, processorArchitecture=MSIL">
-      <HintPath>..\packages\DigitalData.Core.Abstraction.Application.1.4.0\lib\net462\DigitalData.Core.Abstraction.Application.dll</HintPath>
+    <Reference Include="DigitalData.Core.Abstraction.Application, Version=1.6.0.0, Culture=neutral, processorArchitecture=MSIL">
+      <HintPath>..\packages\DigitalData.Core.Abstraction.Application.1.6.0\lib\net462\DigitalData.Core.Abstraction.Application.dll</HintPath>
     </Reference>
     <Reference Include="DigitalData.Core.Abstractions, Version=4.3.0.0, Culture=neutral, processorArchitecture=MSIL">
       <HintPath>..\packages\DigitalData.Core.Abstractions.4.3.0\lib\net462\DigitalData.Core.Abstractions.dll</HintPath>
@@ -109,9 +109,6 @@
     <Reference Include="EntityFramework.SqlServer, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=MSIL">
       <HintPath>..\packages\EntityFramework.6.5.1\lib\net45\EntityFramework.SqlServer.dll</HintPath>
     </Reference>
-    <Reference Include="EnvelopeGenerator.CommonServices">
-      <HintPath>..\EnvelopeGenerator.CommonServices\bin\Debug\EnvelopeGenerator.CommonServices.dll</HintPath>
-    </Reference>
     <Reference Include="FirebirdSql.Data.FirebirdClient, Version=7.5.0.0, Culture=neutral, PublicKeyToken=3750abcc3150b00c, processorArchitecture=MSIL">
       <HintPath>..\packages\FirebirdSql.Data.FirebirdClient.7.5.0\lib\net452\FirebirdSql.Data.FirebirdClient.dll</HintPath>
     </Reference>
@@ -466,8 +463,12 @@
       <Project>{6EA0C51F-C2B1-4462-8198-3DE0B32B74F8}</Project>
       <Name>EnvelopeGenerator.CommonServices</Name>
     </ProjectReference>
+    <ProjectReference Include="..\EnvelopeGenerator.CommonServices\EnvelopeGenerator.CommonServices.vbproj">
+      <Project>{6ea0c51f-c2b1-4462-8198-3de0b32b74f8}</Project>
+      <Name>EnvelopeGenerator.CommonServices</Name>
+    </ProjectReference>
     <ProjectReference Include="..\EnvelopeGenerator.Domain\EnvelopeGenerator.Domain.csproj">
-      <Project>{4F32A98D-E6F0-4A09-BD97-1CF26107E837}</Project>
+      <Project>{4f32a98d-e6f0-4a09-bd97-1cf26107e837}</Project>
       <Name>EnvelopeGenerator.Domain</Name>
     </ProjectReference>
     <ProjectReference Include="..\EnvelopeGenerator.Infrastructure\EnvelopeGenerator.Infrastructure.csproj">
@@ -495,6 +496,9 @@
     <Content Include="MailLicense.xml" />
     <Content Include="README.txt" />
   </ItemGroup>
+  <ItemGroup>
+    <WCFMetadata Include="Connected Services\" />
+  </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.VisualBasic.targets" />
   <Import Project="..\packages\GdPicture.runtimes.windows.14.3.3\build\net462\GdPicture.runtimes.windows.targets" Condition="Exists('..\packages\GdPicture.runtimes.windows.14.3.3\build\net462\GdPicture.runtimes.windows.targets')" />
   <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">

EnvelopeGenerator.BBTests/packages.config

@@ -3,7 +3,7 @@
   <package id="AutoMapper" version="10.1.1" targetFramework="net462" />
   <package id="BouncyCastle.Cryptography" version="2.5.0" targetFramework="net462" />
   <package id="DigitalData.Controls.DocumentViewer" version="1.9.8" targetFramework="net462" />
-  <package id="DigitalData.Core.Abstraction.Application" version="1.4.0" targetFramework="net462" />
+  <package id="DigitalData.Core.Abstraction.Application" version="1.6.0" targetFramework="net462" />
   <package id="DigitalData.Core.Abstractions" version="4.3.0" targetFramework="net462" />
   <package id="DigitalData.Modules.Base" version="1.3.8" targetFramework="net462" />
   <package id="DigitalData.Modules.Config" version="1.3.0" targetFramework="net462" />

EnvelopeGenerator.CommonServices/EnvelopeGenerator.CommonServices.vbproj

@@ -72,8 +72,8 @@
     <Reference Include="DevExpress.XtraEditors.v21.2, Version=21.2.4.0, Culture=neutral, PublicKeyToken=b88d1754d700e49a" />
     <Reference Include="DevExpress.XtraGauges.v21.2.Core, Version=21.2.4.0, Culture=neutral, PublicKeyToken=b88d1754d700e49a, processorArchitecture=MSIL" />
     <Reference Include="DevExpress.XtraReports.v21.2, Version=21.2.4.0, Culture=neutral, PublicKeyToken=b88d1754d700e49a, processorArchitecture=MSIL" />
-    <Reference Include="DigitalData.Core.Abstraction.Application, Version=1.4.0.0, Culture=neutral, processorArchitecture=MSIL">
-      <HintPath>..\packages\DigitalData.Core.Abstraction.Application.1.4.0\lib\net462\DigitalData.Core.Abstraction.Application.dll</HintPath>
+    <Reference Include="DigitalData.Core.Abstraction.Application, Version=1.6.0.0, Culture=neutral, processorArchitecture=MSIL">
+      <HintPath>..\packages\DigitalData.Core.Abstraction.Application.1.6.0\lib\net462\DigitalData.Core.Abstraction.Application.dll</HintPath>
     </Reference>
     <Reference Include="DigitalData.Core.Abstractions, Version=4.3.0.0, Culture=neutral, processorArchitecture=MSIL">
       <HintPath>..\packages\DigitalData.Core.Abstractions.4.3.0\lib\net462\DigitalData.Core.Abstractions.dll</HintPath>

EnvelopeGenerator.CommonServices/Jobs/FinalizeDocument/FinalizeDocumentJob.vb

@@ -422,7 +422,7 @@ Namespace Jobs
         End Function
 
         Private Function GetEnvelopeData(pEnvelopeId As Integer) As EnvelopeData
-            Dim oSql = $"SELECT T.GUID, T.ENVELOPE_UUID,T2.FILEPATH, T2.BYTE_DATA FROM [dbo].[TBSIG_ENVELOPE] T
+            Dim oSql = $"SELECT T.GUID, T.ENVELOPE_UUID, T.ENVELOPE_TYPE, T2.FILEPATH, T2.BYTE_DATA FROM [dbo].[TBSIG_ENVELOPE] T
                 JOIN TBSIG_ENVELOPE_DOCUMENT T2 ON T.GUID = T2.ENVELOPE_ID
                 WHERE T.GUID = {pEnvelopeId}"
             Dim oTable As DataTable = Database.GetDatatable(oSql)

EnvelopeGenerator.CommonServices/Jobs/FinalizeDocument/PDFBurner.vb

@@ -37,6 +37,15 @@ Namespace Jobs.FinalizeDocument
         Public Function BurnAnnotsToPDF(pSourceBuffer As Byte(), pInstantJSONList As List(Of String), envelopeId As Integer) As Byte()
             'read the elements of envelope with their annotations
             Using scope = Factory.Shared.ScopeFactory.CreateScope()
+
+                Dim envRepo = scope.ServiceProvider.Repository(Of Envelope)()
+                Dim envelope = envRepo.Where(Function(env) env.Id = envelopeId).FirstOrDefault()
+                If envelope Is Nothing Then
+                    Throw New BurnAnnotationException($"Envelope with Id {envelopeId} not found.")
+                ElseIf envelope.ReadOnly Then
+                    Return pSourceBuffer
+                End If
+
                 Dim sigRepo = scope.ServiceProvider.Repository(Of Signature)()
                 Dim elements = sigRepo _
                     .Where(Function(sig) sig.Document.EnvelopeId = envelopeId) _
@@ -160,8 +169,19 @@ Namespace Jobs.FinalizeDocument
 #End Region
 
 #Region "Add Value"
-        Exit Select
-        Case AnnotationType.Ink
+        Private Sub AddInstantJSONAnnotationToPDF(pInstantJSON As String)
+            Dim oAnnotationData = JsonConvert.DeserializeObject(Of AnnotationData)(pInstantJSON)
+
+            oAnnotationData.annotations.Reverse()
+
+            For Each oAnnotation In oAnnotationData.annotations
+                Logger.Debug("Adding AnnotationID: " + oAnnotation.id)
+
+                Select Case oAnnotation.type
+                    Case AnnotationType.Image
+                        AddImageAnnotation(oAnnotation, oAnnotationData.attachments)
+                        Exit Select
+                    Case AnnotationType.Ink
                         AddInkAnnotation(oAnnotation)
                         Exit Select
                     Case AnnotationType.Widget
@@ -261,7 +281,7 @@ Namespace Jobs.FinalizeDocument
             ant.FontSize = _pdfBurnerParams.FontSize
             ant.FontStyle = _pdfBurnerParams.FontStyle
             Manager.SaveAnnotationsToPage()
-            End Sub
+        End Sub
 #End Region
 
 #Region "Helpers"

EnvelopeGenerator.CommonServices/packages.config

@@ -2,7 +2,7 @@
 <packages>
   <package id="AutoMapper" version="10.1.1" targetFramework="net462" />
   <package id="BouncyCastle.Cryptography" version="2.5.0" targetFramework="net462" />
-  <package id="DigitalData.Core.Abstraction.Application" version="1.4.0" targetFramework="net462" />
+  <package id="DigitalData.Core.Abstraction.Application" version="1.6.0" targetFramework="net462" />
   <package id="DigitalData.Core.Abstractions" version="4.3.0" targetFramework="net462" />
   <package id="DigitalData.Modules.Base" version="1.3.8" targetFramework="net462" />
   <package id="DigitalData.Modules.Config" version="1.3.0" targetFramework="net462" />

EnvelopeGenerator.Domain/Constants/ReceiverRole.cs

@@ -1,8 +0,0 @@
-namespace EnvelopeGenerator.Domain.Constants
-{
-    public static class ReceiverRole
-    {
-        public const string PreAuth = "PreAuth";
-        public const string FullyAuth = "FullyAuth";
-    }
-}

EnvelopeGenerator.Domain/Constants/Role.cs

@@ -0,0 +1,23 @@
+#if NETFRAMEWORK
+using System;
+#endif
+
+namespace EnvelopeGenerator.Domain.Constants
+{
+    public static class Role
+    {
+        [Obsolete("Use Receiver.PreAuth or Receiver.FullyAuth")]
+        public const string PreAuth = "PreAuth";
+
+        [Obsolete("Use Receiver.PreAuth or Receiver.FullyAuth")]
+        public const string FullyAuth = "FullyAuth";
+
+        public static class Receiver
+        {
+            public const string PreAuth = "PreAuth";
+            public const string FullyAuth = "FullyAuth";
+        }
+
+        public const string Sender = "Sender";
+    }
+}

EnvelopeGenerator.Domain/Entities/Envelope.cs

@@ -2,6 +2,7 @@
 using System.ComponentModel.DataAnnotations;
 using System.ComponentModel.DataAnnotations.Schema;
 using EnvelopeGenerator.Domain.Constants;
+using Newtonsoft.Json;
 
 #if NETFRAMEWORK
 using System;
@@ -107,6 +108,10 @@ public class Envelope
     [Column("ENVELOPE_TYPE")]
     public int? EnvelopeTypeId { get; set; }
 
+    [JsonIgnore]
+    [NotMapped]
+    public bool ReadOnly => EnvelopeTypeId == 2;
+    
     [Column("CERTIFICATION_TYPE")]
     public int? CertificationType { get; set; }
 

EnvelopeGenerator.GeneratorAPI/.config/dotnet-tools.json

@@ -1,13 +0,0 @@
-{
-  "version": 1,
-  "isRoot": true,
-  "tools": {
-    "dotnet-ef": {
-      "version": "9.0.3",
-      "commands": [
-        "dotnet-ef"
-      ],
-      "rollForward": false
-    }
-  }
-}

EnvelopeGenerator.GeneratorAPI/Controllers/AuthController.cs

@@ -1,144 +0,0 @@
-using DigitalData.Core.Abstraction.Application;
-using DigitalData.UserManager.Application.Contracts;
-using Microsoft.AspNetCore.Authentication.Cookies;
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Authorization;
-using EnvelopeGenerator.GeneratorAPI.Models;
-
-namespace EnvelopeGenerator.GeneratorAPI.Controllers;
-
-/// <summary>
-/// Controller verantwortlich für die Benutzer-Authentifizierung, einschließlich Anmelden, Abmelden und Überprüfung des Authentifizierungsstatus.
-/// </summary>
-[Route("api/[controller]")]
-[ApiController]
-public partial class AuthController : ControllerBase
-{
-    private readonly ILogger<AuthController> _logger;
-    [Obsolete("Use MediatR")]
-    private readonly IUserService _userService;
-    private readonly IDirectorySearchService _dirSearchService;
-
-    /// <summary>
-    /// Initializes a new instance of the <see cref="AuthController"/> class.
-    /// </summary>
-    /// <param name="logger">The logger instance.</param>
-    /// <param name="userService">The user service instance.</param>
-    /// <param name="dirSearchService">The directory search service instance.</param>
-    [Obsolete("Use MediatR")]
-    public AuthController(ILogger<AuthController> logger, IUserService userService, IDirectorySearchService dirSearchService)
-    {
-        _logger = logger;
-        _userService = userService;
-        _dirSearchService = dirSearchService;
-    }
-
-    /// <summary>
-    /// Authentifiziert einen Benutzer und generiert ein JWT-Token. Wenn 'cookie' wahr ist, wird das Token als HTTP-Only-Cookie zurückgegeben.
-    /// </summary>
-    /// <param name="login">Benutzeranmeldedaten (Benutzername und Passwort).</param>
-    /// <param name="cookie">Wenn wahr, wird das JWT-Token auch als HTTP-Only-Cookie gesendet.</param>
-    /// <returns>
-    /// Gibt eine HTTP 200 oder 401.
-    /// </returns>
-    /// <remarks>
-    /// Sample request:
-    ///
-    ///     POST /api/auth?cookie=true
-    ///     {
-    ///        "username": "MaxMustermann",
-    ///        "password": "Geheim123!"
-    ///     }
-    ///     
-    ///     POST /api/auth?cookie=true
-    ///     {
-    ///        "id": "1",
-    ///        "password": "Geheim123!"
-    ///     }
-    ///
-    /// </remarks>
-    /// <response code="200">Erfolgreiche Anmeldung. Gibt das JWT-Token im Antwortkörper oder als Cookie zurück, wenn 'cookie' wahr ist.</response>
-    /// <response code="401">Unbefugt. Ungültiger Benutzername oder Passwort.</response>
-    [ProducesResponseType(typeof(string), StatusCodes.Status200OK, "text/javascript")]
-    [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
-    [AllowAnonymous]
-    [HttpPost]
-    public Task<IActionResult> Login([FromBody] Login login, [FromQuery] bool cookie = false)
-    {
-        // added to configure open API (swagger and scalar)
-        throw new NotImplementedException();
-    }
-
-    /// <summary>
-    /// Authentifiziert einen Benutzer und generiert ein JWT-Token. Das Token wird als HTTP-only-Cookie zurückgegeben.
-    /// </summary>
-    /// <param name="login">Benutzeranmeldedaten (Benutzername und Passwort).</param>
-    /// <returns>
-    /// Gibt eine HTTP 200 oder 401.
-    /// </returns>
-    /// <remarks>
-    /// Sample request:
-    ///
-    ///     POST /api/auth/form
-    ///     {
-    ///        "username": "MaxMustermann",
-    ///        "password": "Geheim123!"
-    ///     }
-    ///
-    /// </remarks>
-    /// <response code="200">Erfolgreiche Anmeldung. Gibt das JWT-Token im Antwortkörper oder als Cookie zurück, wenn 'cookie' wahr ist.</response>
-    /// <response code="401">Unbefugt. Ungültiger Benutzername oder Passwort.</response>
-    [ProducesResponseType(typeof(string), StatusCodes.Status200OK, "text/javascript")]
-    [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
-    [AllowAnonymous]
-    [HttpPost]
-    [Route("form")]
-    public Task<IActionResult> Login([FromForm] Login login)
-    {
-        // added to configure open API (swagger and scalar)
-        throw new NotImplementedException();
-    }
-
-    /// <summary>
-    /// Entfernt das Authentifizierungs-Cookie des Benutzers (AuthCookie)
-    /// </summary>
-    /// <returns>
-    /// Gibt eine HTTP 200 oder 401.
-    /// </returns>
-    /// <remarks>
-    /// Sample request:
-    ///
-    ///     POST /api/auth/logout
-    ///
-    /// </remarks>
-    /// <response code="200">Erfolgreich gelöscht, wenn der Benutzer ein berechtigtes Cookie hat.</response>
-    /// <response code="401">Wenn es kein zugelassenes Cookie gibt, wird „nicht zugelassen“ zurückgegeben.</response>
-    [ProducesResponseType(typeof(string), StatusCodes.Status200OK, "text/javascript")]
-    [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
-    [Authorize]
-    [HttpPost("logout")]
-    public async Task<IActionResult> Logout()
-    {
-        await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
-        return Ok();
-    }
-
-    /// <summary>
-    /// Prüft, ob der Benutzer ein autorisiertes Token hat.
-    /// </summary>
-    /// <returns>Wenn ein autorisiertes Token vorhanden ist HTTP 200 asynchron 401</returns>
-    /// <remarks>
-    /// Sample request:
-    ///
-    ///     GET /api/auth
-    ///
-    /// </remarks>
-    /// <response code="200">Wenn es einen autorisierten Cookie gibt.</response>
-    /// <response code="401">Wenn kein Cookie vorhanden ist oder nicht autorisierte.</response>
-    [ProducesResponseType(typeof(string), StatusCodes.Status200OK, "text/javascript")]
-    [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
-    [Authorize]
-    [HttpGet]
-    public IActionResult IsAuthenticated() => Ok();
-}

EnvelopeGenerator.GeneratorAPI/Controllers/ControllerExtensions.cs

@@ -1,62 +0,0 @@
-using Microsoft.AspNetCore.Mvc;
-using System.Security.Claims;
-
-namespace EnvelopeGenerator.GeneratorAPI.Controllers
-{
-    /// <summary>
-    /// Provides extension methods for extracting user information from a <see cref="ClaimsPrincipal"/>.
-    /// </summary>
-    public static class ControllerExtensions
-    {
-        /// <summary>
-        /// Attempts to retrieve the user's ID from the claims. Returns null if the ID is not found or invalid.
-        /// </summary>
-        /// <param name="user">The <see cref="ClaimsPrincipal"/> representing the user.</param>
-        /// <returns>The user's ID as an integer, or null if not found or invalid.</returns>
-        public static int? GetIdOrDefault(this ClaimsPrincipal user)
-            => int.TryParse(user.FindFirstValue(ClaimTypes.NameIdentifier) ?? user.FindFirstValue("sub"), out int result)
-                ? result : null;
-
-        /// <summary>
-        /// Retrieves the user's ID from the claims. Throws an exception if the ID is missing or invalid.
-        /// </summary>
-        /// <param name="user">The <see cref="ClaimsPrincipal"/> representing the user.</param>
-        /// <returns>The user's ID as an integer.</returns>
-        /// <exception cref="InvalidOperationException">Thrown if the user ID claim is missing or invalid.</exception>
-        public static int GetId(this ClaimsPrincipal user)
-            => user.GetIdOrDefault()
-            ?? throw new InvalidOperationException("User ID claim is missing or invalid. This may indicate a misconfigured or forged JWT token.");
-
-        /// <summary>
-        /// Retrieves the username from the claims, if available.
-        /// </summary>
-        /// <param name="user">The <see cref="ClaimsPrincipal"/> representing the user.</param>
-        /// <returns>The username as a string, or null if not found.</returns>
-        public static string? GetUsernameOrDefault(this ClaimsPrincipal user)
-            => user.FindFirst(ClaimTypes.Name)?.Value;
-
-        /// <summary>
-        /// Retrieves the user's surname (last name) from the claims, if available.
-        /// </summary>
-        /// <param name="user">The <see cref="ClaimsPrincipal"/> representing the user.</param>
-        /// <returns>The surname as a string, or null if not found.</returns>
-        public static string? GetNameOrDefault(this ClaimsPrincipal user)
-            => user.FindFirst(ClaimTypes.Surname)?.Value;
-
-        /// <summary>
-        /// Retrieves the user's given name (first name) from the claims, if available.
-        /// </summary>
-        /// <param name="user">The <see cref="ClaimsPrincipal"/> representing the user.</param>
-        /// <returns>The given name as a string, or null if not found.</returns>
-        public static string? GetPrenameOrDefault(this ClaimsPrincipal user)
-            => user.FindFirst(ClaimTypes.GivenName)?.Value;
-
-        /// <summary>
-        /// Retrieves the user's email address from the claims, if available.
-        /// </summary>
-        /// <param name="user">The <see cref="ClaimsPrincipal"/> representing the user.</param>
-        /// <returns>The email address as a string, or null if not found.</returns>
-        public static string? GetEmailOrDefault(this ClaimsPrincipal user)
-            => user.FindFirst(ClaimTypes.Email)?.Value;
-    }
-}

EnvelopeGenerator.GeneratorAPI/Controllers/EnvelopeController.cs

@@ -1,159 +0,0 @@
-using DigitalData.Core.Abstraction.Application.DTO;
-using EnvelopeGenerator.Application.Envelopes.Commands;
-using EnvelopeGenerator.Application.Envelopes.Queries;
-using MediatR;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Mvc;
-using Newtonsoft.Json;
-using EnvelopeGenerator.Application.Common.Interfaces.Services;
-
-namespace EnvelopeGenerator.GeneratorAPI.Controllers;
-
-/// <summary>
-/// Dieser Controller stellt Endpunkte für die Verwaltung von Umschlägen bereit.
-/// </summary>
-/// <remarks>
-/// Die API ermöglicht das Abrufen und Verwalten von Umschlägen basierend auf Benutzerinformationen und Statusfiltern.
-/// 
-/// Mögliche Antworten:
-/// - 200 OK: Die Anfrage war erfolgreich, und die angeforderten Daten werden zurückgegeben.
-/// - 400 Bad Request: Die Anfrage war fehlerhaft oder unvollständig.
-/// - 401 Unauthorized: Der Benutzer ist nicht authentifiziert.
-/// - 403 Forbidden: Der Benutzer hat keine Berechtigung, auf die Ressource zuzugreifen.
-/// - 404 Not Found: Die angeforderte Ressource wurde nicht gefunden.
-/// - 500 Internal Server Error: Ein unerwarteter Fehler ist aufgetreten.
-/// </remarks>
-[Route("api/[controller]")]
-[ApiController]
-[Authorize]
-public class EnvelopeController : ControllerBase
-{
-    private readonly ILogger<EnvelopeController> _logger;
-    [Obsolete("Use MediatR")]
-    private readonly IEnvelopeService _envelopeService;
-    private readonly IMediator _mediator;
-
-    /// <summary>
-    /// Erstellt eine neue Instanz des EnvelopeControllers.
-    /// </summary>
-    /// <param name="logger">Der Logger, der für das Protokollieren von Informationen verwendet wird.</param>
-    /// <param name="envelopeService">Der Dienst, der für die Verarbeitung von Umschlägen zuständig ist.</param>
-    /// <param name="mediator"></param>
-    [Obsolete("Use MediatR")]
-    public EnvelopeController(ILogger<EnvelopeController> logger, IEnvelopeService envelopeService, IMediator mediator)
-    {
-        _logger = logger;
-        _envelopeService = envelopeService;
-        _mediator = mediator;
-    }
-
-    /// <summary>
-    /// Ruft eine Liste von Umschlägen basierend auf dem Benutzer und den angegebenen Statusfiltern ab.
-    /// </summary>
-    /// <param name="envelope"></param>
-    /// <returns>Eine IActionResult-Instanz, die die abgerufenen Umschläge oder einen Fehlerstatus enthält.</returns>
-    /// <response code="200">Die Anfrage war erfolgreich, und die Umschläge werden zurückgegeben.</response>
-    /// <response code="400">Die Anfrage war fehlerhaft oder unvollständig.</response>
-    /// <response code="401">Der Benutzer ist nicht authentifiziert.</response>
-    /// <response code="403">Der Benutzer hat keine Berechtigung, auf die Ressource zuzugreifen.</response>
-    /// <response code="500">Ein unerwarteter Fehler ist aufgetreten.</response>
-    [Authorize]
-    [HttpGet]
-    [Obsolete("Use MediatR")]
-    public async Task<IActionResult> GetAsync([FromQuery] ReadEnvelopeQuery envelope)
-    {
-        if (User.GetId() is int intId)
-            return await _envelopeService.ReadByUserAsync(intId, min_status: envelope.Status?.Min, max_status: envelope.Status?.Max).ThenAsync(
-                Success: envelopes =>
-                {
-                    if (envelope.Id is int id)
-                        envelopes = envelopes.Where(e => e.Id == id);
-
-                    if (envelope.Status is EnvelopeStatusQuery status)
-                        envelopes = envelopes.Where(e => e.Status == status);
-
-                    if (envelope.Uuid is string uuid)
-                        envelopes = envelopes.Where(e => e.Uuid == uuid);
-
-                    return envelopes.Any() ? Ok(envelopes) : NotFound();
-                },
-                Fail: IActionResult (msg, ntc) =>
-                {
-                    _logger.LogNotice(ntc);
-                    return StatusCode(StatusCodes.Status500InternalServerError);
-                });
-        else
-        {
-            _logger.LogError("Trotz erfolgreicher Autorisierung wurde die Benutzer-ID nicht als Ganzzahl erkannt. Dies könnte auf eine fehlerhafte Erstellung der Anspruchsliste zurückzuführen sein.");
-            return StatusCode(StatusCodes.Status500InternalServerError);
-        }
-    }
-
-    /// <summary>
-    /// Ruft das Ergebnis eines Dokuments basierend auf der ID ab.
-    /// </summary>
-    /// <param name="id">Die eindeutige ID des Umschlags.</param>
-    /// <param name="view">Gibt an, ob das Dokument inline angezeigt werden soll (true) oder als Download bereitgestellt wird (false).</param>
-    /// <returns>Eine IActionResult-Instanz, die das Dokument oder einen Fehlerstatus enthält.</returns>
-    /// <response code="200">Das Dokument wurde erfolgreich abgerufen.</response>
-    /// <response code="404">Das Dokument wurde nicht gefunden oder ist nicht verfügbar.</response>
-    /// <response code="500">Ein unerwarteter Fehler ist aufgetreten.</response>
-    [HttpGet("doc-result")]
-    [Obsolete("Use MediatR")]
-    public async Task<IActionResult> GetDocResultAsync([FromQuery] int id, [FromQuery] bool view = false)
-    {
-        if (User.GetId() is int intId)
-            return await _envelopeService.ReadByUserAsync(intId).ThenAsync(
-                Success: envelopes =>
-                {
-                    var envelope = envelopes.Where(e => e.Id == id).FirstOrDefault();
-
-                    if (envelope is null)
-                        return NotFound("Envelope not available.");
-                    else if (envelope?.DocResult is null)
-                        return NotFound("The document has not been fully signed or the result has not yet been released.");
-                    else
-                    {
-                        if (view)
-                        {
-                            Response.Headers.Append("Content-Disposition", "inline; filename=\"" + envelope.Uuid + ".pdf\"");
-                            return File(envelope.DocResult, "application/pdf");
-                        }
-                        else
-                            return File(envelope.DocResult, "application/pdf", $"{envelope.Uuid}.pdf");
-                    }
-                },
-                Fail: IActionResult (msg, ntc) =>
-                {
-                    _logger.LogNotice(ntc);
-                    return StatusCode(StatusCodes.Status500InternalServerError);
-                });
-        else
-        {
-            _logger.LogError("Trotz erfolgreicher Autorisierung wurde die Benutzer-ID nicht als Ganzzahl erkannt. Dies könnte auf eine fehlerhafte Erstellung der Anspruchsliste zurückzuführen sein.");
-            return StatusCode(StatusCodes.Status500InternalServerError);
-        }
-    }
-
-    /// <summary>
-    /// 
-    /// </summary>
-    /// <param name="envelope"></param>
-    /// <returns></returns>
-    [NonAction]
-    [Authorize]
-    [HttpPost]
-    public async Task<IActionResult> CreateAsync([FromQuery] CreateEnvelopeCommand envelope)
-    {
-        envelope.UserId = User.GetId();
-        var res = await _mediator.Send(envelope);
-
-        if (res is null)
-        {
-            _logger.LogError("Failed to create envelope. Envelope details: {EnvelopeDetails}", JsonConvert.SerializeObject(envelope));
-            return StatusCode(StatusCodes.Status500InternalServerError);
-        }
-        else
-            return Ok(res);
-    }
-}

EnvelopeGenerator.GeneratorAPI/Controllers/EnvelopeTypeController.cs

@@ -1,48 +0,0 @@
-using DigitalData.Core.Abstraction.Application.DTO;
-using EnvelopeGenerator.Application.Common.Interfaces.Services;
-using Microsoft.AspNetCore.Mvc;
-
-namespace EnvelopeGenerator.GeneratorAPI.Controllers;
-
-/// <summary>
-/// 
-/// </summary>
-[ApiExplorerSettings(IgnoreApi = true)]
-[Route("api/[controller]")]
-[ApiController]
-public class EnvelopeTypeController : ControllerBase
-{
-    private readonly ILogger<EnvelopeTypeController> _logger;
-
-    [Obsolete("Use MediatR")]
-    private readonly IEnvelopeTypeService _service;
-
-    /// <summary>
-    /// 
-    /// </summary>
-    /// <param name="logger"></param>
-    /// <param name="service"></param>
-    [Obsolete("Use MediatR")]
-    public EnvelopeTypeController(ILogger<EnvelopeTypeController> logger, IEnvelopeTypeService service)
-    {
-        _logger = logger;
-        _service = service;
-    }
-
-    /// <summary>
-    /// 
-    /// </summary>
-    /// <returns></returns>
-    [Obsolete("Use MediatR")]
-    [HttpGet]
-    public async Task<IActionResult> GetAllAsync()
-    {
-        return await _service.ReadAllAsync().ThenAsync(
-            Success: Ok,
-            Fail: IActionResult (msg, ntc) =>
-            {
-                _logger.LogNotice(ntc);
-                return ntc.HasFlag(Flag.NotFound) ? NotFound() : StatusCode(StatusCodes.Status500InternalServerError);
-            });
-    }
-}

EnvelopeGenerator.GeneratorAPI/Controllers/ReceiverController.cs

@@ -1,99 +0,0 @@
-using DigitalData.Core.Abstraction.Application.DTO;
-using DigitalData.Core.API;
-using EnvelopeGenerator.Application.Receivers.Queries;
-using EnvelopeGenerator.Domain.Entities;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Mvc;
-using EnvelopeGenerator.Application.Receivers.Commands;
-using EnvelopeGenerator.Application.Common.Dto.Receiver;
-using EnvelopeGenerator.Application.Common.Interfaces.Services;
-
-namespace EnvelopeGenerator.GeneratorAPI.Controllers;
-
-/// <summary>
-/// Controller für die Verwaltung von Empfängern.
-/// </summary>
-/// <remarks>
-/// Dieser Controller bietet Endpunkte für CRUD-Operationen (Erstellen, Lesen, Aktualisieren, Löschen) 
-/// sowie zusätzliche Funktionen wie das Abrufen von Empfängern basierend auf E-Mail-Adresse oder Signatur.
-/// </remarks>
-[Route("api/[controller]")]
-[ApiController]
-[Authorize]
-[Obsolete("Use MediatR")]
-public class ReceiverController : CRUDControllerBaseWithErrorHandling<IReceiverService, CreateReceiverCommand, ReceiverDto, UpdateReceiverCommand, Receiver, int>
-{
-    /// <summary>
-    /// Initialisiert eine neue Instanz des <see cref="ReceiverController"/>-Controllers.
-    /// </summary>
-    /// <param name="logger">Der Logger für die Protokollierung.</param>
-    /// <param name="service">Der Dienst für Empfängeroperationen.</param>
-    public ReceiverController(ILogger<ReceiverController> logger, IReceiverService service) : base(logger, service)
-    {
-    }
-
-    /// <summary>
-    /// Ruft eine Liste von Empfängern ab, basierend auf den angegebenen Abfrageparametern.
-    /// </summary>
-    /// <param name="receiver">Die Abfrageparameter, einschließlich E-Mail-Adresse und Signatur.</param>
-    /// <returns>Eine Liste von Empfängern oder ein Fehlerstatus.</returns>
-    [HttpGet]
-    public async Task<IActionResult> Get([FromQuery] ReadReceiverQuery receiver)
-    {
-        if (receiver.Id is null && receiver.EmailAddress is null && receiver.Signature is null)
-            return await base.GetAll();
-
-        if (receiver.Id is int id)
-            return await _service.ReadByIdAsync(id).ThenAsync(
-                Success: Ok,
-                Fail: IActionResult (msg, ntc) =>
-                {
-                    return NotFound();
-                });
-
-        return await _service.ReadByAsync(emailAddress: receiver.EmailAddress, signature: receiver.Signature).ThenAsync(
-                Success: Ok,
-                Fail: IActionResult (msg, ntc) =>
-                {
-                    return NotFound();
-                });
-    }
-
-    #region REMOVED ENDPOINTS
-    /// <summary>
-    /// Diese Methode ist deaktiviert und wird nicht verwendet.
-    /// </summary>
-    [NonAction]
-    public override Task<IActionResult> GetAll() => base.GetAll();
-
-    /// <summary>
-    /// Diese Methode ist deaktiviert und wird nicht verwendet.
-    /// </summary>
-    [NonAction]
-    public override Task<IActionResult> Delete([FromRoute] int id) => base.Delete(id);
-
-    /// <summary>
-    /// Diese Methode ist deaktiviert und wird nicht verwendet.
-    /// </summary>
-    [NonAction]
-    public override Task<IActionResult> Update(UpdateReceiverCommand updateDto) => base.Update(updateDto);
-
-    /// <summary>
-    /// Diese Methode ist deaktiviert und wird nicht verwendet.
-    /// </summary>
-    [NonAction]
-    public override Task<IActionResult> Create(CreateReceiverCommand createDto)
-    {
-        return base.Create(createDto);
-    }
-
-    /// <summary>
-    /// Diese Methode ist deaktiviert und wird nicht verwendet.
-    /// </summary>
-    [NonAction]
-    public override Task<IActionResult> GetById([FromRoute] int id)
-    {
-        return base.GetById(id);
-    }
-    #endregion
-}

EnvelopeGenerator.GeneratorAPI/Properties/PublishProfiles/IISProfileNet7Win64.pubxml

@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-https://go.microsoft.com/fwlink/?LinkID=208121.
--->
-<Project>
-  <PropertyGroup>
-    <WebPublishMethod>Package</WebPublishMethod>
-    <LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
-    <LastUsedPlatform>Any CPU</LastUsedPlatform>
-    <SiteUrlToLaunchAfterPublish />
-    <LaunchSiteAfterPublish>true</LaunchSiteAfterPublish>
-    <ExcludeApp_Data>false</ExcludeApp_Data>
-    <ProjectGuid>4fdae4ba-f512-444a-9e18-111047d3ef02</ProjectGuid>
-    <DesktopBuildPackageLocation>P:\Install .Net\0 DD - Smart UP\signFLOW\Gen\Api\net7\win64\$(Version)\$(Version).zip</DesktopBuildPackageLocation>
-    <PackageAsSingleFile>true</PackageAsSingleFile>
-    <DeployIisAppPath>SignFlowGen</DeployIisAppPath>
-    <_TargetId>IISWebDeployPackage</_TargetId>
-    <TargetFramework>net7.0</TargetFramework>
-    <RuntimeIdentifier>win-x64</RuntimeIdentifier>
-    <SelfContained>true</SelfContained>
-  </PropertyGroup>
-</Project>

EnvelopeGenerator.GeneratorAPI/Properties/PublishProfiles/IISProfileNet9Win64.pubxml

@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-https://go.microsoft.com/fwlink/?LinkID=208121.
--->
-<Project>
-  <PropertyGroup>
-    <WebPublishMethod>Package</WebPublishMethod>
-    <LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
-    <LastUsedPlatform>Any CPU</LastUsedPlatform>
-    <SiteUrlToLaunchAfterPublish />
-    <LaunchSiteAfterPublish>true</LaunchSiteAfterPublish>
-    <ExcludeApp_Data>false</ExcludeApp_Data>
-    <ProjectGuid>4fdae4ba-f512-444a-9e18-111047d3ef02</ProjectGuid>
-    <DesktopBuildPackageLocation>P:\Install .Net\0 DD - Smart UP\signFLOW\Gen\Api\net9\win64\$(Version)\$(Version).zip</DesktopBuildPackageLocation>
-    <PackageAsSingleFile>true</PackageAsSingleFile>
-    <DeployIisAppPath>SignFlowGen</DeployIisAppPath>
-    <_TargetId>IISWebDeployPackage</_TargetId>
-    <TargetFramework>net9.0</TargetFramework>
-    <RuntimeIdentifier>win-x64</RuntimeIdentifier>
-    <SelfContained>true</SelfContained>
-  </PropertyGroup>
-</Project>

EnvelopeGenerator.GeneratorAPI/wwwroot/assets/img/login_logo.svg

@@ -1,4 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="3em" height="2.5em" viewBox="0 0 24 24" style="stroke: #a9a8ad;">
-<path opacity="0.5" d="M15.9998 2L14.9998 2C12.1714 2 10.7576 2.00023 9.87891 2.87891C9.00023 3.75759 9.00023 5.1718 9.00023 8.00023L9.00023 16.0002C9.00023 18.8287 9.00023 20.2429 9.87891 21.1215C10.7574 22 12.1706 22 14.9976 22L14.9998 22L15.9998 22C18.8282 22 20.2424 22 21.1211 21.1213C21.9998 20.2426 21.9998 18.8284 21.9998 16L21.9998 8L21.9998 7.99998C21.9998 5.17157 21.9998 3.75736 21.1211 2.87868C20.2424 2 18.8282 2 15.9998 2Z" fill="#1C274C"/>
-<path fill-rule="evenodd" clip-rule="evenodd" d="M1.25098 11.999C1.25098 11.5848 1.58676 11.249 2.00098 11.249L13.9735 11.249L12.0129 9.56845C11.6984 9.29889 11.662 8.82541 11.9315 8.51092C12.2011 8.19642 12.6746 8.16 12.9891 8.42957L16.4891 11.4296C16.6553 11.5721 16.751 11.7801 16.751 11.999C16.751 12.218 16.6553 12.426 16.4891 12.5685L12.9891 15.5685C12.6746 15.838 12.2011 15.8016 11.9315 15.4871C11.662 15.1726 11.6984 14.6991 12.0129 14.4296L13.9735 12.749L2.00098 12.749C1.58676 12.749 1.25098 12.4132 1.25098 11.999Z" fill="#1C274C"/>
-</svg>

EnvelopeGenerator.Infrastructure/EGDbContextFactory.cs

@@ -12,7 +12,7 @@ namespace EnvelopeGenerator.Infrastructure
         public EGDbContext CreateDbContext(string[] args)
         {
             var config = new ConfigurationBuilder()
-                .SetBasePath(Directory.GetCurrentDirectory()) // Önemli!
+                .SetBasePath(Directory.GetCurrentDirectory())
                 .AddJsonFile("appsettings.migration.json")
                 .Build();
 

EnvelopeGenerator.Infrastructure/EnvelopeGenerator.Infrastructure.csproj

@@ -22,8 +22,8 @@
 
   <ItemGroup>
     <PackageReference Include="Dapper" Version="2.1.66" />
-    <PackageReference Include="DigitalData.Core.Abstraction.Application" Version="1.4.0" />
-    <PackageReference Include="DigitalData.Core.Infrastructure" Version="2.4.5" />
+    <PackageReference Include="DigitalData.Core.Abstraction.Application" Version="1.6.0" />
+    <PackageReference Include="DigitalData.Core.Infrastructure" Version="2.6.1" />
     <PackageReference Include="QuestPDF" Version="2025.7.1" />
   </ItemGroup>
 

EnvelopeGenerator.Jobs/EnvelopeGenerator.Jobs.csproj

@@ -0,0 +1,22 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Quartz" Version="3.9.0" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.2" />
+    <PackageReference Include="Microsoft.Data.SqlClient" Version="6.0.2" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\EnvelopeGenerator.Domain\EnvelopeGenerator.Domain.csproj" />
+    <ProjectReference Include="..\EnvelopeGenerator.Infrastructure\EnvelopeGenerator.Infrastructure.csproj" />
+    <ProjectReference Include="..\EnvelopeGenerator.PdfEditor\EnvelopeGenerator.PdfEditor.csproj" />
+  </ItemGroup>
+
+</Project>

EnvelopeGenerator.Jobs/Jobs/APIBackendJobs/APIEnvelopeJob.cs

@@ -0,0 +1,151 @@
+using System.Collections.Generic;
+using System.Data;
+using System.Threading.Tasks;
+using EnvelopeGenerator.Domain.Constants;
+using Microsoft.Data.SqlClient;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Logging.Abstractions;
+using Quartz;
+
+namespace EnvelopeGenerator.Jobs.APIBackendJobs;
+
+public class APIEnvelopeJob(ILogger<APIEnvelopeJob>? logger = null) : IJob
+{
+    private readonly ILogger<APIEnvelopeJob> _logger = logger ?? NullLogger<APIEnvelopeJob>.Instance;
+
+    public async Task Execute(IJobExecutionContext context)
+    {
+        var jobId = context.JobDetail.Key.ToString();
+        _logger.LogDebug("API Envelopes - Starting job {JobId}", jobId);
+
+        try
+        {
+            var connectionString = context.MergedJobDataMap.GetString(Value.DATABASE);
+            if (string.IsNullOrWhiteSpace(connectionString))
+            {
+                _logger.LogWarning("API Envelopes - Connection string missing");
+                return;
+            }
+
+            await using var connection = new SqlConnection(connectionString);
+            await connection.OpenAsync(context.CancellationToken);
+
+            await ProcessInvitationsAsync(connection, context.CancellationToken);
+            await ProcessWithdrawnAsync(connection, context.CancellationToken);
+
+            _logger.LogDebug("API Envelopes - Completed job {JobId} successfully", jobId);
+        }
+        catch (System.Exception ex)
+        {
+            _logger.LogError(ex, "API Envelopes job failed");
+        }
+        finally
+        {
+            _logger.LogDebug("API Envelopes execution for {JobId} ended", jobId);
+        }
+    }
+
+    private async Task ProcessInvitationsAsync(SqlConnection connection, System.Threading.CancellationToken cancellationToken)
+    {
+        const string sql = "SELECT GUID FROM TBSIG_ENVELOPE WHERE SOURCE = 'API' AND STATUS = 1003 ORDER BY GUID";
+        var envelopeIds = new List<int>();
+
+        await using (var command = new SqlCommand(sql, connection))
+        await using (var reader = await command.ExecuteReaderAsync(cancellationToken))
+        {
+            while (await reader.ReadAsync(cancellationToken))
+            {
+                if (reader[0] is int id)
+                {
+                    envelopeIds.Add(id);
+                }
+            }
+        }
+
+        if (envelopeIds.Count == 0)
+        {
+            _logger.LogDebug("SendInvMail - No envelopes found");
+            return;
+        }
+
+        _logger.LogInformation("SendInvMail - Found {Count} envelopes", envelopeIds.Count);
+        var total = envelopeIds.Count;
+        var current = 1;
+
+        foreach (var id in envelopeIds)
+        {
+            _logger.LogInformation("SendInvMail - Processing Envelope {EnvelopeId} ({Current}/{Total})", id, current, total);
+            try
+            {
+                // Placeholder for invitation email sending logic.
+                _logger.LogDebug("SendInvMail - Marking envelope {EnvelopeId} as queued", id);
+                const string updateSql = "UPDATE TBSIG_ENVELOPE SET CURRENT_WORK_APP = @App WHERE GUID = @Id";
+                await using var updateCommand = new SqlCommand(updateSql, connection);
+                updateCommand.Parameters.AddWithValue("@App", "signFLOW_API_EnvJob_InvMail");
+                updateCommand.Parameters.AddWithValue("@Id", id);
+                await updateCommand.ExecuteNonQueryAsync(cancellationToken);
+            }
+            catch (System.Exception ex)
+            {
+                _logger.LogWarning(ex, "SendInvMail - Unhandled exception while working envelope {EnvelopeId}", id);
+            }
+
+            current++;
+            _logger.LogInformation("SendInvMail - Envelope finalized");
+        }
+    }
+
+    private async Task ProcessWithdrawnAsync(SqlConnection connection, System.Threading.CancellationToken cancellationToken)
+    {
+        const string sql = @"SELECT ENV.GUID, REJ.COMMENT AS REJECTION_REASON FROM 
+                (SELECT * FROM TBSIG_ENVELOPE WHERE STATUS = 1009 AND SOURCE = 'API') ENV INNER JOIN
+                (SELECT MAX(GUID) GUID, ENVELOPE_ID, MAX(ADDED_WHEN) ADDED_WHEN, MAX(ACTION_DATE) ACTION_DATE, COMMENT FROM TBSIG_ENVELOPE_HISTORY WHERE STATUS = 1009 GROUP BY ENVELOPE_ID, COMMENT ) REJ ON ENV.GUID = REJ.ENVELOPE_ID LEFT JOIN
+                (SELECT * FROM TBSIG_ENVELOPE_HISTORY WHERE STATUS = 3004 ) M_Send ON ENV.GUID = M_Send.ENVELOPE_ID
+                WHERE M_Send.GUID IS NULL";
+
+        var withdrawn = new List<(int EnvelopeId, string Reason)>();
+        await using (var command = new SqlCommand(sql, connection))
+        await using (var reader = await command.ExecuteReaderAsync(cancellationToken))
+        {
+            while (await reader.ReadAsync(cancellationToken))
+            {
+                var id = reader.GetInt32(0);
+                var reason = reader.IsDBNull(1) ? string.Empty : reader.GetString(1);
+                withdrawn.Add((id, reason));
+            }
+        }
+
+        if (withdrawn.Count == 0)
+        {
+            _logger.LogDebug("WithdrawnEnv - No envelopes found");
+            return;
+        }
+
+        _logger.LogInformation("WithdrawnEnv - Found {Count} envelopes", withdrawn.Count);
+        var total = withdrawn.Count;
+        var current = 1;
+
+        foreach (var (envelopeId, reason) in withdrawn)
+        {
+            _logger.LogInformation("WithdrawnEnv - Processing Envelope {EnvelopeId} ({Current}/{Total})", envelopeId, current, total);
+            try
+            {
+                // Log withdrawn mail trigger placeholder
+                const string insertHistory = "INSERT INTO TBSIG_ENVELOPE_HISTORY (ENVELOPE_ID, STATUS, USER_REFERENCE, ADDED_WHEN, ACTION_DATE, COMMENT) VALUES (@EnvelopeId, @Status, @UserReference, GETDATE(), GETDATE(), @Comment)";
+                await using var insertCommand = new SqlCommand(insertHistory, connection);
+                insertCommand.Parameters.AddWithValue("@EnvelopeId", envelopeId);
+                insertCommand.Parameters.AddWithValue("@Status", 3004);
+                insertCommand.Parameters.AddWithValue("@UserReference", "API");
+                insertCommand.Parameters.AddWithValue("@Comment", reason ?? string.Empty);
+                await insertCommand.ExecuteNonQueryAsync(cancellationToken);
+            }
+            catch (System.Exception ex)
+            {
+                _logger.LogWarning(ex, "WithdrawnEnv - Unhandled exception while working envelope {EnvelopeId}", envelopeId);
+            }
+
+            current++;
+            _logger.LogInformation("WithdrawnEnv - Envelope finalized");
+        }
+    }
+}

EnvelopeGenerator.Jobs/Jobs/DataRowExtensions.cs

@@ -0,0 +1,30 @@
+using System;
+using System.Data;
+
+namespace EnvelopeGenerator.Jobs;
+
+public static class DataRowExtensions
+{
+    public static T? GetValueOrDefault<T>(this DataRow row, string columnName, T? defaultValue = default)
+    {
+        if (!row.Table.Columns.Contains(columnName))
+        {
+            return defaultValue;
+        }
+
+        var value = row[columnName];
+        if (value == DBNull.Value)
+        {
+            return defaultValue;
+        }
+
+        try
+        {
+            return (T)Convert.ChangeType(value, typeof(T));
+        }
+        catch
+        {
+            return defaultValue;
+        }
+    }
+}

EnvelopeGenerator.Jobs/Jobs/FinalizeDocument/FinalizeDocumentExceptions.cs

@@ -0,0 +1,28 @@
+namespace EnvelopeGenerator.Jobs.FinalizeDocument;
+
+public static class FinalizeDocumentExceptions
+{
+    public class MergeDocumentException : ApplicationException
+    {
+        public MergeDocumentException(string message) : base(message) { }
+        public MergeDocumentException(string message, Exception innerException) : base(message, innerException) { }
+    }
+
+    public class BurnAnnotationException : ApplicationException
+    {
+        public BurnAnnotationException(string message) : base(message) { }
+        public BurnAnnotationException(string message, Exception innerException) : base(message, innerException) { }
+    }
+
+    public class CreateReportException : ApplicationException
+    {
+        public CreateReportException(string message) : base(message) { }
+        public CreateReportException(string message, Exception innerException) : base(message, innerException) { }
+    }
+
+    public class ExportDocumentException : ApplicationException
+    {
+        public ExportDocumentException(string message) : base(message) { }
+        public ExportDocumentException(string message, Exception innerException) : base(message, innerException) { }
+    }
+}

EnvelopeGenerator.Jobs/Jobs/FinalizeDocument/FinalizeDocumentJob.cs

@@ -0,0 +1,229 @@
+using System.Collections.Generic;
+using System.Data;
+using System.IO;
+using System.Linq;
+using System.Threading;
+using System.Threading.Tasks;
+using EnvelopeGenerator.Domain.Constants;
+using EnvelopeGenerator.Domain.Entities;
+using Microsoft.Data.SqlClient;
+using Microsoft.Extensions.Logging;
+using Quartz;
+using static EnvelopeGenerator.Jobs.FinalizeDocument.FinalizeDocumentExceptions;
+
+namespace EnvelopeGenerator.Jobs.FinalizeDocument;
+
+public class FinalizeDocumentJob : IJob
+{
+    private readonly ILogger<FinalizeDocumentJob> _logger;
+    private readonly PDFBurner _pdfBurner;
+    private readonly PDFMerger _pdfMerger;
+    private readonly ReportCreator _reportCreator;
+
+    private record ConfigSettings(string DocumentPath, string DocumentPathOrigin, string ExportPath);
+
+    public FinalizeDocumentJob(
+        ILogger<FinalizeDocumentJob> logger,
+        PDFBurner pdfBurner,
+        PDFMerger pdfMerger,
+        ReportCreator reportCreator)
+    {
+        _logger = logger;
+        _pdfBurner = pdfBurner;
+        _pdfMerger = pdfMerger;
+        _reportCreator = reportCreator;
+    }
+
+    public async Task Execute(IJobExecutionContext context)
+    {
+        var jobId = context.JobDetail.Key.ToString();
+        _logger.LogDebug("Starting job {JobId}", jobId);
+
+        try
+        {
+            var connectionString = context.MergedJobDataMap.GetString(Value.DATABASE);
+            if (string.IsNullOrWhiteSpace(connectionString))
+            {
+                _logger.LogWarning("FinalizeDocument - Connection string missing");
+                return;
+            }
+
+            await using var connection = new SqlConnection(connectionString);
+            await connection.OpenAsync(context.CancellationToken);
+
+            var config = await LoadConfigurationAsync(connection, context.CancellationToken);
+            var envelopes = await LoadCompletedEnvelopesAsync(connection, context.CancellationToken);
+
+            if (envelopes.Count == 0)
+            {
+                _logger.LogInformation("No completed envelopes found");
+                return;
+            }
+
+            var total = envelopes.Count;
+            var current = 1;
+
+            foreach (var envelopeId in envelopes)
+            {
+                _logger.LogInformation("Finalizing Envelope {EnvelopeId} ({Current}/{Total})", envelopeId, current, total);
+                try
+                {
+                    var envelopeData = await GetEnvelopeDataAsync(connection, envelopeId, context.CancellationToken);
+                    if (envelopeData is null)
+                    {
+                        _logger.LogWarning("Envelope data not found for {EnvelopeId}", envelopeId);
+                        continue;
+                    }
+
+                    var data = envelopeData.Value;
+
+                    var envelope = new Envelope
+                    {
+                        Id = envelopeId,
+                        Uuid = data.EnvelopeUuid ?? string.Empty,
+                        Title = data.Title ?? string.Empty,
+                        FinalEmailToCreator = (int)FinalEmailType.No,
+                        FinalEmailToReceivers = (int)FinalEmailType.No
+                    };
+
+                    var burned = _pdfBurner.BurnAnnotsToPDF(data.DocumentBytes, data.AnnotationData, envelopeId);
+                    var report = _reportCreator.CreateReport(connection, envelope);
+                    var merged = _pdfMerger.MergeDocuments(burned, report);
+
+                    var outputDirectory = Path.Combine(config.ExportPath, data.ParentFolderUid);
+                    Directory.CreateDirectory(outputDirectory);
+                    var outputPath = Path.Combine(outputDirectory, $"{envelope.Uuid}.pdf");
+                    await File.WriteAllBytesAsync(outputPath, merged, context.CancellationToken);
+
+                    await UpdateDocumentResultAsync(connection, envelopeId, merged, context.CancellationToken);
+                    await ArchiveEnvelopeAsync(connection, envelopeId, context.CancellationToken);
+                }
+                catch (MergeDocumentException ex)
+                {
+                    _logger.LogWarning(ex, "Certificate Document job failed at merging documents");
+                }
+                catch (ExportDocumentException ex)
+                {
+                    _logger.LogWarning(ex, "Certificate Document job failed at exporting document");
+                }
+                catch (Exception ex)
+                {
+                    _logger.LogError(ex, "Unhandled exception while working envelope {EnvelopeId}", envelopeId);
+                }
+
+                current++;
+                _logger.LogInformation("Envelope {EnvelopeId} finalized", envelopeId);
+            }
+
+            _logger.LogDebug("Completed job {JobId} successfully", jobId);
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "Certificate Document job failed");
+        }
+        finally
+        {
+            _logger.LogDebug("Job execution for {JobId} ended", jobId);
+        }
+    }
+
+    private async Task<ConfigSettings> LoadConfigurationAsync(SqlConnection connection, CancellationToken cancellationToken)
+    {
+        const string sql = "SELECT TOP 1 DOCUMENT_PATH, EXPORT_PATH FROM TBSIG_CONFIG";
+        await using var command = new SqlCommand(sql, connection);
+        await using var reader = await command.ExecuteReaderAsync(cancellationToken);
+        if (await reader.ReadAsync(cancellationToken))
+        {
+            var documentPath = reader.IsDBNull(0) ? string.Empty : reader.GetString(0);
+            var exportPath = reader.IsDBNull(1) ? string.Empty : reader.GetString(1);
+            return new ConfigSettings(documentPath, documentPath, exportPath);
+        }
+
+        return new ConfigSettings(string.Empty, string.Empty, Path.GetTempPath());
+    }
+
+    private async Task<List<int>> LoadCompletedEnvelopesAsync(SqlConnection connection, CancellationToken cancellationToken)
+    {
+        const string sql = "SELECT GUID FROM TBSIG_ENVELOPE WHERE STATUS = @Status AND DATEDIFF(minute, CHANGED_WHEN, GETDATE()) >= 1 ORDER BY GUID";
+        var ids = new List<int>();
+        await using var command = new SqlCommand(sql, connection);
+        command.Parameters.AddWithValue("@Status", (int)EnvelopeStatus.EnvelopeCompletelySigned);
+        await using var reader = await command.ExecuteReaderAsync(cancellationToken);
+        while (await reader.ReadAsync(cancellationToken))
+        {
+            ids.Add(reader.GetInt32(0));
+        }
+
+        return ids;
+    }
+
+    private async Task<(int EnvelopeId, string? EnvelopeUuid, string? Title, byte[] DocumentBytes, List<string> AnnotationData, string ParentFolderUid)?> GetEnvelopeDataAsync(SqlConnection connection, int envelopeId, CancellationToken cancellationToken)
+    {
+        const string sql = @"SELECT T.GUID, T.ENVELOPE_UUID, T.TITLE, T2.FILEPATH, T2.BYTE_DATA FROM [dbo].[TBSIG_ENVELOPE] T
+                JOIN TBSIG_ENVELOPE_DOCUMENT T2 ON T.GUID = T2.ENVELOPE_ID
+                WHERE T.GUID = @EnvelopeId";
+
+        await using var command = new SqlCommand(sql, connection);
+        command.Parameters.AddWithValue("@EnvelopeId", envelopeId);
+        await using var reader = await command.ExecuteReaderAsync(CommandBehavior.SingleRow, cancellationToken);
+        if (!await reader.ReadAsync(cancellationToken))
+        {
+            return null;
+        }
+
+        var envelopeUuid = reader.IsDBNull(1) ? string.Empty : reader.GetString(1);
+        var title = reader.IsDBNull(2) ? string.Empty : reader.GetString(2);
+        var filePath = reader.IsDBNull(3) ? string.Empty : reader.GetString(3);
+        var bytes = reader.IsDBNull(4) ? Array.Empty<byte>() : (byte[])reader[4];
+        await reader.CloseAsync();
+
+        if (bytes.Length == 0 && !string.IsNullOrWhiteSpace(filePath) && File.Exists(filePath))
+        {
+            bytes = await File.ReadAllBytesAsync(filePath, cancellationToken);
+        }
+
+        var annotations = await GetAnnotationDataAsync(connection, envelopeId, cancellationToken);
+
+        var parentFolderUid = !string.IsNullOrWhiteSpace(filePath)
+            ? Path.GetFileName(Path.GetDirectoryName(filePath) ?? string.Empty)
+            : envelopeUuid;
+
+        return (envelopeId, envelopeUuid, title, bytes, annotations, parentFolderUid ?? envelopeUuid ?? envelopeId.ToString());
+    }
+
+    private async Task<List<string>> GetAnnotationDataAsync(SqlConnection connection, int envelopeId, CancellationToken cancellationToken)
+    {
+        const string sql = "SELECT VALUE FROM TBSIG_DOCUMENT_STATUS WHERE ENVELOPE_ID = @EnvelopeId";
+        var result = new List<string>();
+        await using var command = new SqlCommand(sql, connection);
+        command.Parameters.AddWithValue("@EnvelopeId", envelopeId);
+        await using var reader = await command.ExecuteReaderAsync(cancellationToken);
+        while (await reader.ReadAsync(cancellationToken))
+        {
+            if (!reader.IsDBNull(0))
+            {
+                result.Add(reader.GetString(0));
+            }
+        }
+
+        return result;
+    }
+
+    private static async Task UpdateDocumentResultAsync(SqlConnection connection, int envelopeId, byte[] bytes, CancellationToken cancellationToken)
+    {
+        const string sql = "UPDATE TBSIG_ENVELOPE SET DOC_RESULT = @ImageData WHERE GUID = @EnvelopeId";
+        await using var command = new SqlCommand(sql, connection);
+        command.Parameters.AddWithValue("@ImageData", bytes);
+        command.Parameters.AddWithValue("@EnvelopeId", envelopeId);
+        await command.ExecuteNonQueryAsync(cancellationToken);
+    }
+
+    private static async Task ArchiveEnvelopeAsync(SqlConnection connection, int envelopeId, CancellationToken cancellationToken)
+    {
+        const string sql = "UPDATE TBSIG_ENVELOPE SET STATUS = @Status, CHANGED_WHEN = GETDATE() WHERE GUID = @EnvelopeId";
+        await using var command = new SqlCommand(sql, connection);
+        command.Parameters.AddWithValue("@Status", (int)EnvelopeStatus.EnvelopeArchived);
+        command.Parameters.AddWithValue("@EnvelopeId", envelopeId);
+        await command.ExecuteNonQueryAsync(cancellationToken);
+    }
+}

EnvelopeGenerator.Jobs/Jobs/FinalizeDocument/PDFBurner.cs

@@ -0,0 +1,277 @@
+using System.Collections.Generic;
+using System.Drawing;
+using System.Linq;
+using iText.IO.Image;
+using iText.Kernel.Colors;
+using iText.Kernel.Pdf;
+using iText.Kernel.Pdf.Canvas;
+using iText.Layout;
+using iText.Layout.Element;
+using iText.Layout.Font;
+using iText.Layout.Properties;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Logging.Abstractions;
+using Newtonsoft.Json;
+using static EnvelopeGenerator.Jobs.FinalizeDocument.FinalizeDocumentExceptions;
+using LayoutImage = iText.Layout.Element.Image;
+
+namespace EnvelopeGenerator.Jobs.FinalizeDocument;
+
+public class PDFBurner
+{
+    private static readonly FontProvider FontProvider = CreateFontProvider();
+    private readonly ILogger<PDFBurner> _logger;
+    private readonly PDFBurnerParams _pdfBurnerParams;
+
+    public PDFBurner() : this(NullLogger<PDFBurner>.Instance, new PDFBurnerParams())
+    {
+    }
+
+    public PDFBurner(ILogger<PDFBurner> logger, PDFBurnerParams? pdfBurnerParams = null)
+    {
+        _logger = logger;
+        _pdfBurnerParams = pdfBurnerParams ?? new PDFBurnerParams();
+    }
+
+    public byte[] BurnAnnotsToPDF(byte[] sourceBuffer, IList<string> instantJsonList, int envelopeId)
+    {
+        if (sourceBuffer is null || sourceBuffer.Length == 0)
+        {
+            throw new BurnAnnotationException("Source document is empty");
+        }
+
+        try
+        {
+            using var inputStream = new MemoryStream(sourceBuffer);
+            using var outputStream = new MemoryStream();
+            using var reader = new PdfReader(inputStream);
+            using var writer = new PdfWriter(outputStream);
+            using var pdf = new PdfDocument(reader, writer);
+
+            foreach (var json in instantJsonList ?? Enumerable.Empty<string>())
+            {
+                if (string.IsNullOrWhiteSpace(json))
+                {
+                    continue;
+                }
+
+                var annotationData = JsonConvert.DeserializeObject<AnnotationData>(json);
+                if (annotationData?.annotations is null)
+                {
+                    continue;
+                }
+
+                annotationData.annotations.Reverse();
+
+                foreach (var annotation in annotationData.annotations)
+                {
+                    try
+                    {
+                        switch (annotation.type)
+                        {
+                            case AnnotationType.Image:
+                                AddImageAnnotation(pdf, annotation, annotationData.attachments);
+                                break;
+                            case AnnotationType.Ink:
+                                AddInkAnnotation(pdf, annotation);
+                                break;
+                            case AnnotationType.Widget:
+                                var formFieldValue = annotationData.formFieldValues?.FirstOrDefault(fv => fv.name == annotation.id);
+                                if (formFieldValue is not null && !_pdfBurnerParams.IgnoredLabels.Contains(formFieldValue.value))
+                                {
+                                    AddFormFieldValue(pdf, annotation, formFieldValue.value);
+                                }
+                                break;
+                        }
+                    }
+                    catch (Exception ex)
+                    {
+                        _logger.LogWarning(ex, "Error applying annotation {AnnotationId} on envelope {EnvelopeId}", annotation.id, envelopeId);
+                        throw new BurnAnnotationException("Adding annotation failed", ex);
+                    }
+                }
+            }
+
+            pdf.Close();
+            return outputStream.ToArray();
+        }
+        catch (BurnAnnotationException)
+        {
+            throw;
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "Failed to burn annotations for envelope {EnvelopeId}", envelopeId);
+            throw new BurnAnnotationException("Annotations could not be burned", ex);
+        }
+    }
+
+    private void AddImageAnnotation(PdfDocument pdf, Annotation annotation, Dictionary<string, Attachment>? attachments)
+    {
+        if (attachments is null || string.IsNullOrWhiteSpace(annotation.imageAttachmentId) || !attachments.TryGetValue(annotation.imageAttachmentId, out var attachment))
+        {
+            return;
+        }
+
+        var page = pdf.GetPage(annotation.pageIndex + 1);
+        var bounds = annotation.bbox.Select(ToInches).ToList();
+        var x = (float)bounds[0];
+        var y = (float)bounds[1];
+        var width = (float)bounds[2];
+        var height = (float)bounds[3];
+
+        var imageBytes = Convert.FromBase64String(attachment.binary);
+        var imageData = ImageDataFactory.Create(imageBytes);
+        var image = new LayoutImage(imageData)
+            .ScaleAbsolute(width, height)
+            .SetFixedPosition(annotation.pageIndex + 1, x, y);
+
+        using var canvas = new Canvas(new PdfCanvas(page), page.GetPageSize());
+        canvas.Add(image);
+    }
+
+    private void AddInkAnnotation(PdfDocument pdf, Annotation annotation)
+    {
+        if (annotation.lines?.points is null)
+        {
+            return;
+        }
+
+        var page = pdf.GetPage(annotation.pageIndex + 1);
+        var canvas = new PdfCanvas(page);
+        var color = ParseColor(annotation.strokeColor);
+        canvas.SetStrokeColor(color);
+        canvas.SetLineWidth(1);
+
+        foreach (var segment in annotation.lines.points)
+        {
+            var first = true;
+            foreach (var point in segment)
+            {
+                var (px, py) = (ToInches(point[0]), ToInches(point[1]));
+                if (first)
+                {
+                    canvas.MoveTo(px, py);
+                    first = false;
+                }
+                else
+                {
+                    canvas.LineTo(px, py);
+                }
+            }
+            canvas.Stroke();
+        }
+    }
+
+    private static FontProvider CreateFontProvider()
+    {
+        var provider = new FontProvider();
+        provider.AddStandardPdfFonts();
+        provider.AddSystemFonts();
+        return provider;
+    }
+
+    private void AddFormFieldValue(PdfDocument pdf, Annotation annotation, string value)
+    {
+        var bounds = annotation.bbox.Select(ToInches).ToList();
+        var x = (float)bounds[0];
+        var y = (float)bounds[1];
+        var width = (float)bounds[2];
+        var height = (float)bounds[3];
+
+        var page = pdf.GetPage(annotation.pageIndex + 1);
+        var canvas = new Canvas(new PdfCanvas(page), page.GetPageSize());
+        canvas.SetProperty(Property.FONT_PROVIDER, FontProvider);
+        canvas.SetProperty(Property.FONT, FontProvider.GetFontSet());
+
+        var paragraph = new Paragraph(value)
+            .SetFontSize(_pdfBurnerParams.FontSize)
+            .SetFontColor(ColorConstants.BLACK)
+            .SetFontFamily(_pdfBurnerParams.FontName);
+
+        if (_pdfBurnerParams.FontStyle.HasFlag(FontStyle.Italic))
+        {
+            paragraph.SetItalic();
+        }
+
+        if (_pdfBurnerParams.FontStyle.HasFlag(FontStyle.Bold))
+        {
+            paragraph.SetBold();
+        }
+
+        canvas.ShowTextAligned(
+            paragraph,
+            x + (float)_pdfBurnerParams.TopMargin,
+            y + (float)_pdfBurnerParams.YOffset,
+            annotation.pageIndex + 1,
+            iText.Layout.Properties.TextAlignment.LEFT,
+            iText.Layout.Properties.VerticalAlignment.TOP,
+            0);
+    }
+
+    private static DeviceRgb ParseColor(string? color)
+    {
+        if (string.IsNullOrWhiteSpace(color))
+        {
+            return new DeviceRgb(0, 0, 0);
+        }
+
+        try
+        {
+            var drawingColor = ColorTranslator.FromHtml(color);
+            return new DeviceRgb(drawingColor.R, drawingColor.G, drawingColor.B);
+        }
+        catch
+        {
+            return new DeviceRgb(0, 0, 0);
+        }
+    }
+
+    private static double ToInches(double value) => value / 72d;
+    private static double ToInches(float value) => value / 72d;
+
+    #region Model
+    private static class AnnotationType
+    {
+        public const string Image = "pspdfkit/image";
+        public const string Ink = "pspdfkit/ink";
+        public const string Widget = "pspdfkit/widget";
+    }
+
+    private sealed class AnnotationData
+    {
+        public List<Annotation>? annotations { get; set; }
+        public Dictionary<string, Attachment>? attachments { get; set; }
+        public List<FormFieldValue>? formFieldValues { get; set; }
+    }
+
+    private sealed class Annotation
+    {
+        public string id { get; set; } = string.Empty;
+        public List<double> bbox { get; set; } = new();
+        public string type { get; set; } = string.Empty;
+        public string imageAttachmentId { get; set; } = string.Empty;
+        public Lines? lines { get; set; }
+        public int pageIndex { get; set; }
+        public string strokeColor { get; set; } = string.Empty;
+        public string egName { get; set; } = string.Empty;
+    }
+
+    private sealed class Lines
+    {
+        public List<List<List<float>>> points { get; set; } = new();
+    }
+
+    private sealed class Attachment
+    {
+        public string binary { get; set; } = string.Empty;
+        public string contentType { get; set; } = string.Empty;
+    }
+
+    private sealed class FormFieldValue
+    {
+        public string name { get; set; } = string.Empty;
+        public string value { get; set; } = string.Empty;
+    }
+    #endregion
+}

EnvelopeGenerator.Jobs/Jobs/FinalizeDocument/PDFBurnerParams.cs

@@ -0,0 +1,19 @@
+using System.Collections.Generic;
+using System.Drawing;
+
+namespace EnvelopeGenerator.Jobs.FinalizeDocument;
+
+public class PDFBurnerParams
+{
+    public List<string> IgnoredLabels { get; } = new() { "Date", "Datum", "ZIP", "PLZ", "Place", "Ort", "Position", "Stellung" };
+
+    public double TopMargin { get; set; } = 0.1;
+
+    public double YOffset { get; set; } = -0.3;
+
+    public string FontName { get; set; } = "Arial";
+
+    public int FontSize { get; set; } = 8;
+
+    public FontStyle FontStyle { get; set; } = FontStyle.Italic;
+}