Adjust YARP proxy to exclude specific API paths

Updated the middleware pipeline in `Program.cs` to use `app.MapWhen()` for conditional routing. The reverse proxy now excludes requests to `/swagger`, `/scalar`, and `/openapi` paths, ensuring these endpoints are handled separately. This change replaces the direct `app.MapReverseProxy()` call with a more selective approach, improving request handling for specific API paths.
Merge branch 'master' of http://git.dd:3000/AppStd/EnvelopeGenerator
2026-05-29 18:44:10 +02:00 · 2026-05-29 14:27:05 +02:00 · 2026-05-29 14:26:53 +02:00 · 2026-05-29 14:09:37 +02:00 · 2026-05-29 14:09:31 +02:00 · 2026-05-29 14:07:19 +02:00
17 changed files with 736 additions and 39 deletions
--- a/EnvelopeGenerator.API/Controllers/AuthController.cs
+++ b/EnvelopeGenerator.API/Controllers/AuthController.cs
@@ -1,3 +1,4 @@
+using DigitalData.Auth.Claims;
 using EnvelopeGenerator.API.Controllers.Interfaces;
 using EnvelopeGenerator.API.Models;
 using EnvelopeGenerator.Domain.Constants;
@@ -73,4 +74,44 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions,
        => role is not null && !User.IsInRole(role)
            ? Unauthorized()
            : Ok();
+
+    /// <summary>
+    /// Checks whether the caller holds a valid per-envelope receiver token for the given envelope key.
+    /// The request must carry a cookie named <c>AuthTokenSignFLOWReceiver.{envelopeKey}</c>.
+    /// </summary>
+    /// <param name="envelopeKey">The unique envelope key extracted from the route.</param>
+    /// <response code="200">Valid per-envelope token found.</response>
+    /// <response code="401">Token is missing, expired or invalid.</response>
+    [ProducesResponseType(typeof(void), StatusCodes.Status200OK)]
+    [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
+    [Authorize(Policy = AuthPolicy.Receiver)]
+    [HttpGet("check/envelope/{envelopeKey}")]
+    public IActionResult CheckEnvelopeReceiver([FromRoute] string envelopeKey) => Ok();
+
+    /// <summary>
+    /// Removes the per-envelope receiver cookie for the given envelope key.
+    /// </summary>
+    /// <param name="envelopeKey">The unique envelope key whose cookie should be deleted.</param>
+    /// <response code="200">Cookie successfully deleted.</response>
+    [ProducesResponseType(typeof(void), StatusCodes.Status200OK)]
+    [HttpPost("logout/envelope/{envelopeKey}")]
+    public IActionResult LogoutEnvelopeReceiver([FromRoute] string envelopeKey)
+    {
+        var cookieName = CookieNames.GetEnvelopeReceiverCookieName(authTokenKeys.Cookie, envelopeKey);
+        Response.Cookies.Delete(cookieName);
+        return Ok();
+    }
+
+    /// <summary>
+    /// Removes all per-envelope receiver cookies from the current request.
+    /// </summary>
+    /// <response code="200">All envelope receiver cookies successfully deleted.</response>
+    [ProducesResponseType(typeof(void), StatusCodes.Status200OK)]
+    [HttpPost("logout/envelope")]
+    public IActionResult LogoutAllEnvelopeReceivers()
+    {
+        foreach (var cookieName in Request.Cookies.Keys.Where(k => CookieNames.IsEnvelopeReceiverCookie(k, authTokenKeys.Cookie)))
+            Response.Cookies.Delete(cookieName);
+        return Ok();
+    }
 }
--- a/EnvelopeGenerator.API/Controllers/DocumentController.cs
+++ b/EnvelopeGenerator.API/Controllers/DocumentController.cs
@@ -1,3 +1,4 @@
+using DigitalData.Auth.Claims;
 using EnvelopeGenerator.API.Controllers.Interfaces;
 using EnvelopeGenerator.API.Extensions;
 using EnvelopeGenerator.Application.Documents.Queries;
@@ -5,6 +6,7 @@ using EnvelopeGenerator.Domain.Constants;
 using MediatR;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using System.Threading.Channels;

 namespace EnvelopeGenerator.API.Controllers;

@@ -17,7 +19,7 @@ namespace EnvelopeGenerator.API.Controllers;
 [Authorize]
 [ApiController]
 [Route("api/[controller]")]
-public class DocumentController(IMediator mediator, IAuthorizationService authService) : ControllerBase, IAuthController
+public class DocumentController(IMediator mediator, IAuthorizationService authService, ILogger<DocumentController> logger) : ControllerBase, IAuthController
 {
    /// <summary>
    /// 
@@ -60,4 +62,35 @@ public class DocumentController(IMediator mediator, IAuthorizationService authSe

        return Unauthorized();
    }
-}
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="envelopeKey"></param>
+    /// <param name="cancel"></param>
+    /// <returns></returns>
+    [HttpGet("{envelopeKey}")]
+    [Authorize(Policy = AuthPolicy.Receiver)]
+    public async Task<IActionResult> GetDocumentOfReceiver(string envelopeKey, CancellationToken cancel)
+    {
+        var envelopeIdStr = User.FindFirst(EnvelopeClaimNames.EnvelopeId)?.Value;
+
+        if (!int.TryParse(envelopeIdStr, out int envelopeId))
+        {
+            logger.LogError(
+                "Inner service error: Failed to parse Envelope ID from claims. Claim '{ClaimName}' had an invalid or missing value: '{ClaimValue}'.",
+                EnvelopeClaimNames.EnvelopeId,
+                envelopeIdStr ?? "null");
+
+            return StatusCode(StatusCodes.Status500InternalServerError, "Inner service error: Invalid envelope claim.");
+        }
+
+        var senderDoc = await mediator.Send(new ReadDocumentQuery() { EnvelopeId = envelopeId }, cancel);
+
+        if (senderDoc.ByteData is not byte[] senderDocByte)
+            return NotFound("Document is empty.");
+
+        Response.Headers.ContentDisposition = $"inline; filename=\"{envelopeKey}.pdf\"";
+        return File(senderDocByte, "application/pdf");
+    }
+}
--- a/EnvelopeGenerator.API/Controllers/EnvelopeReceiverController.cs
+++ b/EnvelopeGenerator.API/Controllers/EnvelopeReceiverController.cs
@@ -14,6 +14,7 @@ using EnvelopeGenerator.Application.Common.SQL;
 using EnvelopeGenerator.Application.Common.Dto.Receiver;
 using EnvelopeGenerator.Application.Common.Interfaces.SQLExecutor;
 using EnvelopeGenerator.API.Extensions;
+using EnvelopeGenerator.Domain.Constants;

 namespace EnvelopeGenerator.API.Controllers;

@@ -73,6 +74,24 @@ public class EnvelopeReceiverController : ControllerBase
        return Ok(result);
    }

+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="envelopeKey"></param>
+    /// <param name="cancel"></param>
+    /// <returns></returns>
+    [Authorize(Policy = AuthPolicy.Receiver)]
+    [HttpGet("{envelopeKey}")]
+    public async Task<IActionResult> GetEnvelopeReceiverOfReceiver([FromRoute] string envelopeKey, CancellationToken cancel)
+    {
+        var er = await _mediator.Send(new ReadEnvelopeReceiverQuery()
+        {
+            Key = envelopeKey
+        }, cancel);
+
+        return Ok(er);
+    }
+
    /// <summary>
    /// Ruft den Namen des zuletzt verwendeten Empfängers basierend auf der angegebenen E-Mail-Adresse ab.
    /// </summary>
--- a/EnvelopeGenerator.API/Documentation/AuthProxyDocumentFilter.cs
+++ b/EnvelopeGenerator.API/Documentation/AuthProxyDocumentFilter.cs
@@ -16,6 +16,12 @@ public sealed class AuthProxyDocumentFilter : IDocumentFilter
    /// <param name="swaggerDoc"></param>
    /// <param name="context"></param>
    public void Apply(OpenApiDocument swaggerDoc, DocumentFilterContext context)
+    {
+        AddLoginOperation(swaggerDoc, context);
+        AddEnvelopeReceiverLoginOperation(swaggerDoc, context);
+    }
+
+    private static void AddLoginOperation(OpenApiDocument swaggerDoc, DocumentFilterContext context)
    {
        const string path = "/api/auth";

@@ -67,4 +73,51 @@ public sealed class AuthProxyDocumentFilter : IDocumentFilter
            }
        };
    }
+
+    private static void AddEnvelopeReceiverLoginOperation(OpenApiDocument swaggerDoc, DocumentFilterContext context)
+    {
+        const string path = "/api/Auth/envelope-receiver/{key}";
+
+        var bodySchema = context.SchemaGenerator.GenerateSchema(typeof(EnvelopeReceiverLogin), context.SchemaRepository);
+
+        var operation = new OpenApiOperation
+        {
+            Summary = "Envelope receiver login (auth-hub proxy)",
+            Description = "Proxies the envelope receiver login to the auth service. " +
+                          "The `cookie` query parameter is always forwarded as `true` so the auth service sets the per-envelope cookie automatically.",
+            Tags = [new() { Name = "Auth" }],
+            Parameters =
+            {
+                new OpenApiParameter
+                {
+                    Name = "key",
+                    In = ParameterLocation.Path,
+                    Required = true,
+                    Schema = new OpenApiSchema { Type = "string" },
+                    Description = "The unique envelope receiver key."
+                }
+            },
+            RequestBody = new OpenApiRequestBody
+            {
+                Required = false,
+                Content =
+                {
+                    ["multipart/form-data"] = new OpenApiMediaType { Schema = bodySchema }
+                }
+            },
+            Responses =
+            {
+                ["200"] = new OpenApiResponse { Description = "OK – per-envelope cookie set by auth service." },
+                ["401"] = new OpenApiResponse { Description = "Unauthorized – invalid or missing access code." }
+            }
+        };
+
+        swaggerDoc.Paths[path] = new OpenApiPathItem
+        {
+            Operations =
+            {
+                [OperationType.Post] = operation
+            }
+        };
+    }
 }
--- a/EnvelopeGenerator.API/EnvelopeGenerator.API.csproj
+++ b/EnvelopeGenerator.API/EnvelopeGenerator.API.csproj
@@ -30,6 +30,7 @@

  <ItemGroup>
    <PackageReference Include="AspNetCore.Scalar" Version="1.1.8" />
+    <PackageReference Include="DigitalData.Auth.Claims" Version="1.0.3" />
    <PackageReference Include="DigitalData.Auth.Client" Version="1.3.7" />
    <PackageReference Include="DigitalData.Core.API" Version="2.2.1" />
    <PackageReference Include="HtmlSanitizer" Version="9.0.892" />
--- a/EnvelopeGenerator.API/Models/EnvelopeReceiverLogin.cs
+++ b/EnvelopeGenerator.API/Models/EnvelopeReceiverLogin.cs
@@ -0,0 +1,7 @@
+namespace EnvelopeGenerator.API.Models;
+
+/// <summary>
+/// Request body for the envelope-receiver login endpoint.
+/// </summary>
+/// <param name="AccessCode">The access code sent to the receiver.</param>
+public record EnvelopeReceiverLogin(string? AccessCode = null);
--- a/EnvelopeGenerator.API/Program.cs
+++ b/EnvelopeGenerator.API/Program.cs
@@ -19,6 +19,7 @@ using DigitalData.Core.Abstractions.Security.Extensions;
 using EnvelopeGenerator.API.Middleware;
 using NLog.Web;
 using NLog;
+using DigitalData.Auth.Claims;

 var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
 logger.Info("Logging initialized!");
@@ -112,7 +113,7 @@ try
    });
    builder.Services.AddOpenApi();

-    //AddEF Core dbcontext
+    //Add EF Core dbcontext
    var useDbMigration = Environment.GetEnvironmentVariable("MIGRATION_TEST_MODE") == true.ToString() || config.GetValue<bool>("UseDbMigration");
    var cnnStrName = useDbMigration ? "DbMigrationTest" : "Default";
    var connStr = config.GetConnectionString(cnnStrName)
@@ -126,6 +127,9 @@ try

    var authTokenKeys = config.GetOrDefault<AuthTokenKeys>();

+    // Scheme name used for per-envelope receiver JWT authentication.
+    const string EnvelopeReceiverScheme = "EnvelopeReceiverJwt";
+
    builder.Services.AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
@@ -163,6 +167,61 @@ try
                    return Task.CompletedTask;
                }
            };
+        })
+        // Per-envelope receiver scheme: reads the JWT from the cookie named
+        // AuthTokenSignFLOWReceiver.{envelope_key} where envelope_key is the
+        // last path segment of the request URL.
+        // This enables simultaneous authentication for multiple envelopes
+        // within the same browser session.
+        .AddJwtBearer(EnvelopeReceiverScheme, opt =>
+        {
+            opt.TokenValidationParameters = new TokenValidationParameters
+            {
+                ValidateIssuerSigningKey = true,
+                IssuerSigningKeyResolver = (token, securityToken, identifier, parameters) =>
+                {
+                    var clientParams = deferredProvider.GetOptions<ClientParams>();
+                    var publicKey = clientParams!.PublicKeys.Get(authTokenKeys.Issuer, authTokenKeys.Audience);
+                    return [publicKey.SecurityKey];
+                },
+                ValidateIssuer = true,
+                ValidIssuer = authTokenKeys.Issuer,
+                ValidateAudience = true,
+                ValidAudience = authTokenKeys.Audience,
+            };
+
+            opt.Events = new JwtBearerEvents
+            {
+                OnMessageReceived = context =>
+                {
+                    var paths = context.Request.Path.Value?.Split('/', StringSplitOptions.RemoveEmptyEntries);
+
+                    // Derive the envelope key from the last route segment: /{envelope_key}
+                    var envelopeKey = paths?.LastOrDefault();
+
+                    if (envelopeKey is not null)
+                    {
+                        var cookieName = CookieNames.GetEnvelopeReceiverCookieName(authTokenKeys.Cookie, envelopeKey);
+                        if (context.Request.Cookies.TryGetValue(cookieName, out var cookieToken) && cookieToken is not null)
+                            context.Token = cookieToken;
+                    }
+
+                    return Task.CompletedTask;
+                },
+                OnTokenValidated = context =>
+                {
+                    var paths = context.Request.Path.Value?.Split('/', StringSplitOptions.RemoveEmptyEntries);
+                    var envelopeKey = paths?.LastOrDefault();
+
+                    var sub = context.Principal?.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier)?.Value
+                           ?? context.Principal?.FindFirst("sub")?.Value;
+
+                    if (envelopeKey is null || sub != envelopeKey)
+                        context.Fail("Envelope key in the path does not match the token subject.");
+
+                    return Task.CompletedTask;
+                }
+            };
        });

    // Authentication
@@ -182,8 +241,13 @@ try
            policy.RequireRole(Role.Sender, Role.Receiver.Full))
        .AddPolicy(AuthPolicy.Sender, policy =>
            policy.RequireRole(Role.Sender))
+        // Per-envelope policy: uses the dedicated EnvelopeReceiverJwt scheme so it
+        // never conflicts with the default JwtBearer scheme.
        .AddPolicy(AuthPolicy.Receiver, policy =>
-            policy.RequireRole(Role.Receiver.Full))
+            policy
+                .AddAuthenticationSchemes(EnvelopeReceiverScheme)
+                .RequireAuthenticatedUser()
+            .RequireRole(Role.Receiver.Full, "receiver"))
        .AddPolicy(AuthPolicy.ReceiverTFA, policy =>
            policy.RequireRole(Role.Receiver.TFA));

@@ -258,9 +322,19 @@ try
    app.UseAuthentication();
    app.UseAuthorization();

-    app.MapReverseProxy();
    app.MapControllers();

+    // Catch-all YARP proxy — only forward requests that are not swagger/scalar/openapi paths.
+    app.MapWhen(
+        ctx =>
+        {
+            var path = ctx.Request.Path.Value ?? string.Empty;
+            return !path.StartsWith("/swagger", StringComparison.OrdinalIgnoreCase) &&
+                   !path.StartsWith("/scalar", StringComparison.OrdinalIgnoreCase) &&
+                   !path.StartsWith("/openapi", StringComparison.OrdinalIgnoreCase);
+        },
+        branch => branch.UseRouting().UseEndpoints(e => e.MapReverseProxy()));
+
    app.Run();
 }
 catch (Exception ex)
--- a/EnvelopeGenerator.API/appsettings.json
+++ b/EnvelopeGenerator.API/appsettings.json
@@ -1,6 +1,6 @@
 {
  "UseSwagger": true,
-  "UseDbMigration": true,
+  "UseDbMigration": false,
  "DiPMode": true,
  "Logging": {
    "LogLevel": {
--- a/EnvelopeGenerator.API/yarp.json
+++ b/EnvelopeGenerator.API/yarp.json
@@ -1,6 +1,14 @@
 {
  "ReverseProxy": {
    "Routes": {
+      "receiver-ui": {
+        "ClusterId": "receiver-ui",
+        "Order": 100,
+        "Match": {
+          "Path": "{**catch-all}",
+          "Methods": [ "GET", "HEAD" ]
+        }
+      },
      "auth-login": {
        "ClusterId": "auth-hub",
        "Match": {
@@ -10,9 +18,27 @@
        "Transforms": [
          { "PathSet": "/api/auth/sign-flow" }
        ]
+      },
+      "auth-envelope-receiver-login": {
+        "ClusterId": "auth-hub",
+        "Match": {
+          "Path": "/api/Auth/envelope-receiver/{key}",
+          "Methods": [ "POST" ]
+        },
+        "Transforms": [
+          { "PathPattern": "/api/auth/envelope-receiver/{key}" },
+          { "QueryValueParameter": "cookie", "Set": "true" }
+        ]
      }
    },
    "Clusters": {
+      "receiver-ui": {
+        "Destinations": {
+          "primary": {
+            "Address": "https://localhost:52936"
+          }
+        }
+      },
      "auth-hub": {
        "Destinations": {
          "primary": {
--- a/EnvelopeGenerator.Application/EnvelopeReceivers/Queries/ReadEnvelopeReceiverSecretQuery.cs
+++ b/EnvelopeGenerator.Application/EnvelopeReceivers/Queries/ReadEnvelopeReceiverSecretQuery.cs
@@ -0,0 +1,127 @@
+using AutoMapper;
+using DigitalData.Core.Abstraction.Application.Repository;
+using EnvelopeGenerator.Application.Envelopes.Queries;
+using EnvelopeGenerator.Application.Receivers.Queries;
+using MediatR;
+using EnvelopeGenerator.Domain.Entities;
+using Microsoft.EntityFrameworkCore;
+using EnvelopeGenerator.Application.Common.Dto.EnvelopeReceiver;
+using EnvelopeGenerator.Application.Common.Query;
+using EnvelopeGenerator.Application.Common.Extensions;
+
+namespace EnvelopeGenerator.Application.EnvelopeReceivers.Queries;
+
+/// <summary>
+/// Represents a query for reading an envelope receiver including sensitive fields
+/// (access code, phone number) that are excluded from the standard <see cref="ReadEnvelopeReceiverQuery"/>.
+/// </summary>
+/// <remarks>
+/// Returns a single <see cref="EnvelopeReceiverSecretDto"/> matched by UUID and receiver signature.
+/// Equivalent to the legacy <c>ReadWithSecretByUuidSignatureAsync</c> service method.
+/// </remarks>
+public record ReadEnvelopeReceiverSecretQuery
+    : EnvelopeReceiverQueryBase<ReadEnvelopeQuery, ReadReceiverQuery>,
+      IRequest<EnvelopeReceiverSecretDto?>;
+
+/// <summary>
+/// Extension methods for dispatching <see cref="ReadEnvelopeReceiverSecretQuery"/> via <see cref="IMediator"/>.
+/// </summary>
+public static class ReadEnvelopeReceiverSecretQueryExtensions
+{
+    /// <summary>
+    /// Sends a <see cref="ReadEnvelopeReceiverSecretQuery"/> using the composite key (uuid::signature).
+    /// </summary>
+    /// <param name="mediator">The mediator instance.</param>
+    /// <param name="key">Composite key in the format <c>uuid::signature</c>.</param>
+    /// <param name="cancel">Cancellation token.</param>
+    /// <returns>The matching <see cref="EnvelopeReceiverSecretDto"/>, or <c>null</c> if not found.</returns>
+    public static Task<EnvelopeReceiverSecretDto?> ReadEnvelopeReceiverSecretAsync(
+        this IMediator mediator,
+        string key,
+        CancellationToken cancel = default)
+        => mediator.Send(new ReadEnvelopeReceiverSecretQuery { Key = key }, cancel);
+
+    /// <summary>
+    /// Sends a <see cref="ReadEnvelopeReceiverSecretQuery"/> using UUID and receiver signature.
+    /// </summary>
+    /// <param name="mediator">The mediator instance.</param>
+    /// <param name="uuid">Envelope UUID.</param>
+    /// <param name="signature">Receiver signature.</param>
+    /// <param name="cancel">Cancellation token.</param>
+    /// <returns>The matching <see cref="EnvelopeReceiverSecretDto"/>, or <c>null</c> if not found.</returns>
+    public static Task<EnvelopeReceiverSecretDto?> ReadEnvelopeReceiverSecretAsync(
+        this IMediator mediator,
+        string uuid,
+        string signature,
+        CancellationToken cancel = default)
+    {
+        var q = new ReadEnvelopeReceiverSecretQuery();
+        q.Envelope.Uuid = uuid;
+        q.Receiver.Signature = signature;
+        return mediator.Send(q, cancel);
+    }
+
+    /// <summary>
+    /// Handles <see cref="ReadEnvelopeReceiverSecretQuery"/> and returns a
+    /// <see cref="EnvelopeReceiverSecretDto"/> containing sensitive fields.
+    /// </summary>
+    public class ReadEnvelopeReceiverSecretQueryHandler
+        : IRequestHandler<ReadEnvelopeReceiverSecretQuery, EnvelopeReceiverSecretDto?>
+    {
+        private readonly IRepository<EnvelopeReceiver> _repo;
+        private readonly IRepository<Receiver> _rcvRepo;
+        private readonly IMapper _mapper;
+
+        /// <summary>
+        /// Initializes a new instance of <see cref="ReadEnvelopeReceiverSecretQueryHandler"/>.
+        /// </summary>
+        /// <param name="envelopeReceiver">Repository for <see cref="EnvelopeReceiver"/>.</param>
+        /// <param name="rcvRepo">Repository for <see cref="Receiver"/>.</param>
+        /// <param name="mapper">AutoMapper instance.</param>
+        public ReadEnvelopeReceiverSecretQueryHandler(
+            IRepository<EnvelopeReceiver> envelopeReceiver,
+            IRepository<Receiver> rcvRepo,
+            IMapper mapper)
+        {
+            _repo = envelopeReceiver;
+            _rcvRepo = rcvRepo;
+            _mapper = mapper;
+        }
+
+        /// <summary>
+        /// Handles the query and returns the matching <see cref="EnvelopeReceiverSecretDto"/>.
+        /// </summary>
+        /// <param name="request">The query containing filter criteria.</param>
+        /// <param name="cancel">Cancellation token.</param>
+        /// <returns>
+        /// The matched <see cref="EnvelopeReceiverSecretDto"/>, or <c>null</c> if no record is found.
+        /// </returns>
+        public async Task<EnvelopeReceiverSecretDto?> Handle(
+            ReadEnvelopeReceiverSecretQuery request,
+            CancellationToken cancel)
+        {
+            var q = _repo.Query.Where(request, notnull: false);
+
+            var envRcvs = await q
+                .Include(er => er.Envelope).ThenInclude(e => e!.Documents!).ThenInclude(d => d.Elements)
+                .Include(er => er.Envelope).ThenInclude(e => e!.Histories)
+                .Include(er => er.Envelope).ThenInclude(e => e!.User)
+                .Include(er => er.Receiver)
+                .ToListAsync(cancel);
+
+            if (request.Receiver.HasAnyCriteria && envRcvs.Count != 0)
+            {
+                var receiver = await _rcvRepo.Query.Where(request.Receiver).FirstAsync(cancel);
+
+                foreach (var item in envRcvs)
+                    item.Envelope?.Documents?.FirstOrDefault()?.Elements?.RemoveAll(s => s.ReceiverId != receiver.Id);
+            }
+
+            var envRcv = envRcvs.FirstOrDefault();
+            if (envRcv is null)
+                return null;
+
+            return _mapper.Map<EnvelopeReceiverSecretDto>(envRcv);
+        }
+    }
+}
--- a/EnvelopeGenerator.DependencyInjection/DependencyInjection.cs
+++ b/EnvelopeGenerator.DependencyInjection/DependencyInjection.cs
@@ -0,0 +1,145 @@
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using EnvelopeGenerator.Application;
+using EnvelopeGenerator.Application.Common.Interfaces.Services;
+using EnvelopeGenerator.Application.Services;
+using EnvelopeGenerator.Infrastructure;
+using DigitalData.EmailProfilerDispatcher;
+using DigitalData.UserManager.DependencyInjection;
+
+namespace EnvelopeGenerator.DependencyInjection;
+
+/// <summary>
+/// Controls which optional services are registered by <see cref="DependencyInjection.AddEnvelopeGenerator"/>.
+/// All flags default to <c>true</c>. Set a flag to <c>false</c> if the consuming project
+/// already registers that service itself or simply does not need it.
+/// </summary>
+public sealed class EnvelopeGeneratorOptions
+{
+    /// <summary>Calls <c>AddHttpContextAccessor()</c>. Default: <c>true</c>.</summary>
+    public bool AddHttpContextAccessor { get; set; } = true;
+
+    /// <summary>
+    /// Calls <c>AddDistributedSqlServerCache()</c> with the supplied <see cref="SqlCacheOptions"/>.
+    /// Requires <see cref="SqlCacheOptions"/> to be configured. Default: <c>true</c>.
+    /// </summary>
+    public bool AddDistributedSqlServerCache { get; set; } = true;
+
+    /// <summary>
+    /// Options for the distributed SQL Server cache.
+    /// Required when <see cref="AddDistributedSqlServerCache"/> is <c>true</c>.
+    /// </summary>
+    public SqlCacheOptions? SqlCacheOptions { get; set; }
+
+    /// <summary>Calls <c>AddDispatcher&lt;TDbContext&gt;()</c>. Default: <c>true</c>.</summary>
+    public bool AddDispatcher { get; set; } = true;
+
+    /// <summary>Calls <c>AddMemoryCache()</c>. Default: <c>true</c>.</summary>
+    public bool AddMemoryCache { get; set; } = true;
+
+    /// <summary>Calls <c>AddUserManager&lt;TDbContext&gt;()</c>. Default: <c>true</c>.</summary>
+    public bool AddUserManager { get; set; } = true;
+}
+
+/// <summary>Options for <c>AddDistributedSqlServerCache</c>.</summary>
+public sealed class SqlCacheOptions
+{
+    /// <summary>SQL Server connection string.</summary>
+    public string ConnectionString { get; set; } = string.Empty;
+
+    /// <summary>Schema name. Default: <c>dbo</c>.</summary>
+    public string SchemaName { get; set; } = "dbo";
+
+    /// <summary>Table name. Default: <c>TBDD_CACHE</c>.</summary>
+    public string TableName { get; set; } = "TBDD_CACHE";
+}
+
+/// <summary>
+/// Extension methods for registering EnvelopeGenerator services into an <see cref="IServiceCollection"/>.
+/// Use <see cref="AddEnvelopeGenerator{TDbContext}"/> as the single entry-point for projects that need both the
+/// application layer (MediatR, AutoMapper, CRUD services, configuration sections) and the infrastructure
+/// layer (repositories, DbContext, SQL executors).
+/// For projects that do not need a database (e.g. lightweight API gateways or unit-test hosts), use
+/// <see cref="AddEnvelopeGeneratorCore"/> to register only the application layer.
+/// </summary>
+public static class DependencyInjection
+{
+    /// <summary>
+    /// Registers the full EnvelopeGenerator stack using <see cref="EGDbContext"/> as the DbContext type.
+    /// </summary>
+    public static IServiceCollection AddEnvelopeGenerator(
+        this IServiceCollection services,
+        IConfiguration configuration,
+        Action<EnvelopeGenerator.Infrastructure.DependencyInjection.Config>? infrastructureOptions = null,
+        Action<EnvelopeGeneratorOptions>? options = null)
+    {
+        var opt = new EnvelopeGeneratorOptions();
+        options?.Invoke(opt);
+
+#pragma warning disable CS0618
+        // Application layer: CRUD services, MediatR, AutoMapper, configuration sections.
+        services.AddEnvelopeGeneratorServices(configuration);
+
+        // Infrastructure layer: repositories, DbContext, Dapper type maps, SQL executors.
+        services.AddEnvelopeGeneratorInfrastructureServices(cfg =>
+        {
+            infrastructureOptions?.Invoke(cfg);
+        });
+#pragma warning restore CS0618
+
+        if (opt.AddHttpContextAccessor)
+            services.AddHttpContextAccessor();
+
+        if (opt.AddDistributedSqlServerCache && opt.SqlCacheOptions is { } cacheOpts)
+            services.AddDistributedSqlServerCache(o =>
+            {
+                o.ConnectionString = cacheOpts.ConnectionString;
+                o.SchemaName = cacheOpts.SchemaName;
+                o.TableName = cacheOpts.TableName;
+            });
+
+        if (opt.AddDispatcher)
+            services.AddDispatcher<EGDbContext>();
+
+        if (opt.AddMemoryCache)
+            services.AddMemoryCache();
+
+#pragma warning disable CS0618
+        if (opt.AddUserManager)
+            services.AddUserManager<EGDbContext>();
+#pragma warning restore CS0618
+
+        return services;
+    }
+
+    /// <summary>
+    /// Registers only the <em>application</em> layer services (MediatR handlers, AutoMapper profiles,
+    /// CRUD services, configuration sections) without any infrastructure / database dependencies.
+    /// </summary>
+    /// <param name="services">Service collection to register services into.</param>
+    /// <param name="configuration">Application configuration used to bind application-level option sections.</param>
+    /// <returns>The updated <see cref="IServiceCollection"/>.</returns>
+#pragma warning disable CS0618
+    public static IServiceCollection AddEnvelopeGeneratorCore(
+        this IServiceCollection services,
+        IConfiguration configuration)
+    {
+        services.AddEnvelopeGeneratorServices(configuration);
+        return services;
+    }
+#pragma warning restore CS0618
+
+    /// <summary>
+    /// Registers <see cref="EnvelopeMailService"/> as the <see cref="IEnvelopeMailService"/> scoped
+    /// implementation.
+    /// </summary>
+    /// <param name="services">Service collection to register services into.</param>
+    /// <returns>The updated <see cref="IServiceCollection"/>.</returns>
+#pragma warning disable CS0618
+    public static IServiceCollection AddEnvelopeMailService(this IServiceCollection services)
+    {
+        services.AddScoped<IEnvelopeMailService, EnvelopeMailService>();
+        return services;
+    }
+#pragma warning restore CS0618
+}
--- a/EnvelopeGenerator.DependencyInjection/EnvelopeGenerator.DependencyInjection.csproj
+++ b/EnvelopeGenerator.DependencyInjection/EnvelopeGenerator.DependencyInjection.csproj
@@ -0,0 +1,176 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFrameworks>net7.0;net8.0;net9.0</TargetFrameworks>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+
+    <!-- NuGet package metadata -->
+    <PackageId>EnvelopeGenerator</PackageId>
+    <Authors>Digital Data GmbH</Authors>
+    <Company>Digital Data GmbH</Company>
+    <Product>EnvelopeGenerator</Product>
+    <Description>
+      Envelope Generator ist eine Bibliothek zur Verwaltung und Verarbeitung digitaler Umschläge (Envelopes).
+      Dieses Paket enthält die Dependency-Injection-Erweiterungsmethoden und bündelt die Application-
+      sowie Infrastructure-Schicht in einer einzigen NuGet-Referenz.
+    </Description>
+    <Copyright>Copyright 2024 Digital Data GmbH</Copyright>
+    <RepositoryUrl>http://git.dd:3000/AppStd/EnvelopeGenerator.git</RepositoryUrl>
+    <PackageTags>digital data envelope generator di dependency injection</PackageTags>
+    <PackageRequireLicenseAcceptance>false</PackageRequireLicenseAcceptance>
+    <Version>1.2.0.3</Version>
+    <AssemblyVersion>1.2.0.3</AssemblyVersion>
+    <FileVersion>1.2.0.3</FileVersion>
+    <GeneratePackageOnBuild>false</GeneratePackageOnBuild>
+  </PropertyGroup>
+
+  <!-- ASP.NET Core shared framework (AddHttpContextAccessor, AddMemoryCache, etc.) -->
+  <ItemGroup>
+    <FrameworkReference Include="Microsoft.AspNetCore.App" />
+  </ItemGroup>
+
+  <!--
+    All dependencies are declared here.
+    Because Application and Infrastructure DLLs are bundled via PrivateAssets=all,
+    their PackageReferences have been moved to this project so that the correct
+    dependencies are written to the nuspec and a consuming project works with
+    a single package install.
+  -->
+  <ItemGroup>
+    <!-- DigitalData BaGet packages -->
+    <PackageReference Include="DigitalData.Core.Abstraction.Application" Version="1.6.0" />
+    <PackageReference Include="DigitalData.Core.Application" Version="3.4.0" />
+    <PackageReference Include="DigitalData.Core.Client" Version="2.1.0" />
+    <PackageReference Include="DigitalData.Core.Exceptions" Version="1.1.0" />
+    <PackageReference Include="DigitalData.Core.Infrastructure" Version="2.6.1" />
+    <PackageReference Include="DigitalData.EmailProfilerDispatcher" Version="3.1.1" />
+    <PackageReference Include="UserManager" Version="1.1.3" />
+
+    <!-- ORM / Database -->
+    <PackageReference Include="Dapper" Version="2.1.66" />
+    <PackageReference Include="Microsoft.Data.SqlClient" Version="5.2.2" />
+
+    <!-- Application services -->
+    <PackageReference Include="MediatR" Version="12.5.0" />
+    <PackageReference Include="QRCoder" Version="1.6.0" />
+    <PackageReference Include="QRCoder-ImageSharp" Version="0.10.0" />
+    <PackageReference Include="QuestPDF" Version="2025.7.1" />
+    <PackageReference Include="Otp.NET" Version="1.4.0" />
+
+    <!-- Security / Identity -->
+    <PackageReference Include="Microsoft.Identity.Client" Version="4.82.1" />
+
+    <!-- Utilities -->
+    <PackageReference Include="HtmlSanitizer" Version="9.0.892" />
+    <PackageReference Include="SixLabors.ImageSharp" Version="3.1.12" />
+    <PackageReference Include="System.Formats.Asn1" Version="10.0.3" />
+    <PackageReference Include="System.Security.AccessControl" Version="6.0.1" />
+
+    <!-- DI abstractions -->
+    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="9.0.6" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.6" />
+  </ItemGroup>
+
+  <!-- TFM-specific packages -->
+  <ItemGroup Condition="'$(TargetFramework)' == 'net7.0'">
+    <PackageReference Include="AutoMapper" Version="13.0.1" />
+    <PackageReference Include="CommandDotNet" Version="7.0.5" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="7.0.20" />
+    <PackageReference Include="Microsoft.Extensions.Caching.SqlServer" Version="7.0.20" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="7.0.20" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="7.0.20" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.20" />
+  </ItemGroup>
+
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <PackageReference Include="AutoMapper" Version="14.0.0" />
+    <PackageReference Include="CommandDotNet" Version="8.1.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.17" />
+    <PackageReference Include="Microsoft.Extensions.Caching.SqlServer" Version="8.0.17" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="8.0.17" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="8.0.17" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="8.0.17" />
+  </ItemGroup>
+
+  <ItemGroup Condition="'$(TargetFramework)' == 'net9.0'">
+    <PackageReference Include="AutoMapper" Version="14.0.0" />
+    <PackageReference Include="CommandDotNet" Version="8.1.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="9.0.6" />
+    <PackageReference Include="Microsoft.Extensions.Caching.SqlServer" Version="9.0.6" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="9.0.6" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="9.0.6" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="9.0.6" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\EnvelopeGenerator.Application\EnvelopeGenerator.Application.csproj">
+      <PrivateAssets>all</PrivateAssets>
+    </ProjectReference>
+    <ProjectReference Include="..\EnvelopeGenerator.Domain\EnvelopeGenerator.Domain.csproj">
+      <PrivateAssets>all</PrivateAssets>
+    </ProjectReference>
+    <ProjectReference Include="..\EnvelopeGenerator.Infrastructure\EnvelopeGenerator.Infrastructure.csproj">
+      <PrivateAssets>all</PrivateAssets>
+    </ProjectReference>
+  </ItemGroup>
+
+  <!-- Bundle dependency DLLs into the package lib folder -->
+  <Target Name="IncludeDependencyDlls" BeforeTargets="_GetPackageFiles">
+    <ItemGroup>
+      <_DepDlls Include="&#xD;&#xA;        ..\EnvelopeGenerator.Application\bin\$(Configuration)\%(ProjectReference.TargetFramework)\EnvelopeGenerator.Application.dll;&#xD;&#xA;        ..\EnvelopeGenerator.Domain\bin\$(Configuration)\%(ProjectReference.TargetFramework)\EnvelopeGenerator.Domain.dll;&#xD;&#xA;        ..\EnvelopeGenerator.Infrastructure\bin\$(Configuration)\%(ProjectReference.TargetFramework)\EnvelopeGenerator.Infrastructure.dll" />
+    </ItemGroup>
+  </Target>
+
+  <!--
+    Rebuild all dependency projects for every TFM before packing so that
+    the DLLs bundled into the package are always up-to-date.
+    Run with: dotnet pack -c Release
+  -->
+  <Target Name="RebuildDependenciesBeforePack" BeforeTargets="GenerateNuspec">
+    <MSBuild Projects="..\EnvelopeGenerator.Application\EnvelopeGenerator.Application.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net7.0" />
+    <MSBuild Projects="..\EnvelopeGenerator.Application\EnvelopeGenerator.Application.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net8.0" />
+    <MSBuild Projects="..\EnvelopeGenerator.Application\EnvelopeGenerator.Application.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net9.0" />
+
+    <MSBuild Projects="..\EnvelopeGenerator.Domain\EnvelopeGenerator.Domain.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net7.0" />
+    <MSBuild Projects="..\EnvelopeGenerator.Domain\EnvelopeGenerator.Domain.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net8.0" />
+    <MSBuild Projects="..\EnvelopeGenerator.Domain\EnvelopeGenerator.Domain.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net9.0" />
+
+    <MSBuild Projects="..\EnvelopeGenerator.Infrastructure\EnvelopeGenerator.Infrastructure.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net7.0" />
+    <MSBuild Projects="..\EnvelopeGenerator.Infrastructure\EnvelopeGenerator.Infrastructure.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net8.0" />
+    <MSBuild Projects="..\EnvelopeGenerator.Infrastructure\EnvelopeGenerator.Infrastructure.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net9.0" />
+  </Target>
+
+  <Target Name="BundleReferencedDlls" AfterTargets="Build">
+    <ItemGroup>
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Application\bin\$(Configuration)\net7.0\EnvelopeGenerator.Application.dll" TargetFramework="net7.0" />
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Application\bin\$(Configuration)\net8.0\EnvelopeGenerator.Application.dll" TargetFramework="net8.0" />
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Application\bin\$(Configuration)\net9.0\EnvelopeGenerator.Application.dll" TargetFramework="net9.0" />
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Domain\bin\$(Configuration)\net7.0\EnvelopeGenerator.Domain.dll" TargetFramework="net7.0" />
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Domain\bin\$(Configuration)\net8.0\EnvelopeGenerator.Domain.dll" TargetFramework="net8.0" />
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Domain\bin\$(Configuration)\net9.0\EnvelopeGenerator.Domain.dll" TargetFramework="net9.0" />
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Infrastructure\bin\$(Configuration)\net7.0\EnvelopeGenerator.Infrastructure.dll" TargetFramework="net7.0" />
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Infrastructure\bin\$(Configuration)\net8.0\EnvelopeGenerator.Infrastructure.dll" TargetFramework="net8.0" />
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Infrastructure\bin\$(Configuration)\net9.0\EnvelopeGenerator.Infrastructure.dll" TargetFramework="net9.0" />
+    </ItemGroup>
+  </Target>
+
+</Project>
--- a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
@@ -438,4 +438,10 @@ public class EnvelopeController : ViewControllerBase
            return this.ViewDocumentNotFound();
        }
    }
+
+    [HttpGet("EnvelopeReceiverWithSecretByMediatr")]
+    public async Task<IActionResult> EnvelopeReceiverWithSecretByMediatr([FromQuery] ReadEnvelopeReceiverSecretQuery q, CancellationToken cancel)
+    {
+        return await _mediator.Send(q, cancel) is EnvelopeReceiverSecretDto dto ? Ok(dto) : NotFound();
+    }
 }
--- a/EnvelopeGenerator.Web/EnvelopeGenerator.Web.csproj
+++ b/EnvelopeGenerator.Web/EnvelopeGenerator.Web.csproj
@@ -2175,6 +2175,7 @@

 	<ItemGroup>
 		<ProjectReference Include="..\EnvelopeGenerator.Application\EnvelopeGenerator.Application.csproj" />
+		<ProjectReference Include="..\EnvelopeGenerator.DependencyInjection\EnvelopeGenerator.DependencyInjection.csproj" />
 		<ProjectReference Include="..\EnvelopeGenerator.Infrastructure\EnvelopeGenerator.Infrastructure.csproj" />
 		<ProjectReference Include="..\EnvelopeGenerator.PdfEditor\EnvelopeGenerator.PdfEditor.csproj" />
 	</ItemGroup>
--- a/EnvelopeGenerator.Web/Program.cs
+++ b/EnvelopeGenerator.Web/Program.cs
@@ -1,4 +1,3 @@
-using EnvelopeGenerator.Application.Services;
 using Microsoft.EntityFrameworkCore;
 using NLog;
 using Quartz;
@@ -9,14 +8,12 @@ using EnvelopeGenerator.Web.Models;
 using System.Text.Encodings.Web;
 using Ganss.Xss;
 using Microsoft.Extensions.Options;
-using EnvelopeGenerator.Application;
 using DigitalData.EmailProfilerDispatcher;
 using EnvelopeGenerator.Infrastructure;
 using EnvelopeGenerator.Web.Sanitizers;
 using EnvelopeGenerator.Web.Models.Annotation;
-using DigitalData.UserManager.DependencyInjection;
 using EnvelopeGenerator.Web.Middleware;
-using EnvelopeGenerator.Application.Common.Interfaces.Services;
+using EnvelopeGenerator.DependencyInjection;
 using EnvelopeGenerator.Web;

 var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
@@ -57,8 +54,6 @@ try
        });
    });

-    builder.Services.AddHttpContextAccessor();
-
    builder.ConfigureBySection<TFARegParams>();

    // Add controllers and razor views
@@ -95,17 +90,9 @@ try
    var connStr = config.GetConnectionString(cnnStrName)
        ?? throw new InvalidOperationException($"Connection string '{cnnStrName}' is missing in the application configuration.");

-    builder.Services.AddDistributedSqlServerCache(options =>
-    {
-        options.ConnectionString = connStr;
-        options.SchemaName = "dbo";
-        options.TableName = "TBDD_CACHE";
-    });
-
    // Add envelope generator services
-#pragma warning disable CS0618 // Type or member is obsolete
-    builder.Services.AddEnvelopeGeneratorInfrastructureServices(
-        opt =>
+    builder.Services.AddEnvelopeGenerator(config,
+        infrastructureOptions: opt =>
        {
            opt.AddDbTriggerParams(config);
            opt.AddDbContext((provider, options) =>
@@ -116,12 +103,16 @@ try
                        .EnableSensitiveDataLogging()
                        .EnableDetailedErrors();
            });
+        },
+        options: opt =>
+        {
+            opt.SqlCacheOptions = new()
+            {
+                ConnectionString = connStr,
+                SchemaName = "dbo",
+                TableName = "TBDD_CACHE"
+            };
        });
-#pragma warning restore CS0618 // Type or member is obsolete
-
-#pragma warning disable CS0618 // Type or member is obsolete
-    builder.Services.AddEnvelopeGeneratorServices(config);
-#pragma warning restore CS0618 // Type or member is obsolete

    builder.Services.Configure<CookiePolicyOptions>(options =>
    {
@@ -169,22 +160,12 @@ try
    builder.Services.AddSingleton(sp => sp.GetRequiredService<IOptions<MultiCulture>>().Value);

    // Register mail services
-#pragma warning disable CS0618 // Type or member is obsolete
-    builder.Services.AddScoped<IEnvelopeMailService, EnvelopeMailService>();
-#pragma warning restore CS0618 // Type or member is obsolete
-
-    builder.Services.AddDispatcher<EGDbContext>();
-
-    builder.Services.AddMemoryCache();
+    builder.Services.AddEnvelopeMailService();

    builder.ConfigureBySection<CustomImages>();

    builder.ConfigureBySection<AnnotationParams>();

-#pragma warning disable CS0618 // Type or member is obsolete
-    builder.Services.AddUserManager<EGDbContext>();
-#pragma warning restore CS0618 // Type or member is obsolete
-
    var app = builder.Build();

    app.UseMiddleware<ExceptionHandlingMiddleware>();
--- a/EnvelopeGenerator.Web/wwwroot/js/util.min.js
+++ b/EnvelopeGenerator.Web/wwwroot/js/util.min.js
@@ -1 +1 @@
-function detailedCurrentDate(){return new Intl.DateTimeFormat(getCurrentCulture(),{day:"2-digit",month:"2-digit",year:"numeric",hour:"2-digit",minute:"2-digit",second:"2-digit",timeZoneName:"shortOffset"}).format()}function findNearest(e,t,o,n){const r=n.reduce(((n,r)=>{const i=Math.sqrt((t(e)-t(r))**2+(o(e)-o(r))**2);return i<n.dist?{dist:i,dest:r}:n}),{dist:1/0,dest:null});return r.dest}const getCurrentCulture=()=>("undefined"!=typeof localized&&localized.culture)?localized.culture:navigator.language||"en-US";const B64ToBuff=e=>new Uint8Array(Array.from(atob(e),e=>e.charCodeAt(0))).buffer;const getLocaleDateString=e=>new Date().toLocaleDateString(getCurrentCulture());
+function detailedCurrentDate(){return new Intl.DateTimeFormat(getCurrentCulture(),{day:"2-digit",month:"2-digit",year:"numeric",hour:"2-digit",minute:"2-digit",second:"2-digit",timeZoneName:"shortOffset"}).format()}function findNearest(n,t,i,r){const u=r=>Math.sqrt((t(n)-t(r))**2+(i(n)-i(r))**2);return r.reduce((n,t)=>{const i=u(t);return i<n.dist?{dist:i,dest:t}:n},{dist:Infinity,dest:null}).dest}const getCurrentCulture=()=>typeof localized!="undefined"&&localized.culture?localized.culture:navigator.language||"en-US",B64ToBuff=n=>new Uint8Array(Array.from(atob(n),n=>n.charCodeAt(0))).buffer,getLocaleDateString=()=>(new Date).toLocaleDateString(getCurrentCulture());
--- a/EnvelopeGenerator.sln
+++ b/EnvelopeGenerator.sln
@@ -37,6 +37,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EnvelopeGenerator.API", "En
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EnvelopeGenerator.ReceiverUI", "EnvelopeGenerator.ReceiverUI\EnvelopeGenerator.ReceiverUI.csproj", "{FB2D306B-1042-4A70-31ED-F991A1599371}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EnvelopeGenerator.DependencyInjection", "EnvelopeGenerator.DependencyInjection\EnvelopeGenerator.DependencyInjection.csproj", "{5DCCF9A1-C03F-90E6-87D3-E96DB25250C2}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -91,6 +93,10 @@ Global
 		{FB2D306B-1042-4A70-31ED-F991A1599371}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{FB2D306B-1042-4A70-31ED-F991A1599371}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{FB2D306B-1042-4A70-31ED-F991A1599371}.Release|Any CPU.Build.0 = Release|Any CPU
+		{5DCCF9A1-C03F-90E6-87D3-E96DB25250C2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{5DCCF9A1-C03F-90E6-87D3-E96DB25250C2}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{5DCCF9A1-C03F-90E6-87D3-E96DB25250C2}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{5DCCF9A1-C03F-90E6-87D3-E96DB25250C2}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -111,6 +117,7 @@ Global
 		{224C4845-1CDE-22B7-F3A9-1FF9297F70E8} = {0CBC2432-A561-4440-89BC-671B66A24146}
 		{EC768913-6270-14F4-1DD3-69C87A659462} = {E3C758DC-914D-4B7E-8457-0813F1FDB0CB}
 		{FB2D306B-1042-4A70-31ED-F991A1599371} = {E3C758DC-914D-4B7E-8457-0813F1FDB0CB}
+		{5DCCF9A1-C03F-90E6-87D3-E96DB25250C2} = {E3C758DC-914D-4B7E-8457-0813F1FDB0CB}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {73E60370-756D-45AD-A19A-C40A02DACCC7}
Author	SHA1	Message	Date
TekH	27ed3689f2	Adjust YARP proxy to exclude specific API paths Updated the middleware pipeline in `Program.cs` to use `app.MapWhen()` for conditional routing. The reverse proxy now excludes requests to `/swagger`, `/scalar`, and `/openapi` paths, ensuring these endpoints are handled separately. This change replaces the direct `app.MapReverseProxy()` call with a more selective approach, improving request handling for specific API paths.	2026-05-29 18:44:10 +02:00
TekH	d4f23e0e82	Merge branch 'master' of http://git.dd:3000/AppStd/EnvelopeGenerator	2026-05-29 14:27:05 +02:00
TekH	618f899440	Add receiver-ui route and cluster to YARP configuration Added a new `receiver-ui` route under the `ReverseProxy:Routes` section in `yarp.json` to match all paths for `GET` and `HEAD` methods. The route is associated with the `receiver-ui` cluster and has an `Order` value of 100. Configured a new `receiver-ui` cluster under the `ReverseProxy:Clusters` section with a single destination pointing to `https://localhost:52936`. This enables reverse proxying for the `receiver-ui` service.	2026-05-29 14:26:53 +02:00
TekH	2eb258d236	Merge branch 'master' of http://git.dd:3000/AppStd/EnvelopeGenerator	2026-05-29 14:09:37 +02:00
TekH	28df3f4ec1	Refactor document handling and improve file response Refactored the handling of `senderDoc.ByteData` by replacing the ternary operator with an explicit `if` statement for better readability. Added a `Content-Disposition` header to ensure the file is displayed inline with a proper filename. Updated the MIME type of the file response from `application/octet-stream` to `application/pdf` to reflect the expected content type.	2026-05-29 14:09:31 +02:00
TekH	3e37dc1eff	Merge branch 'master' of http://git.dd:3000/AppStd/EnvelopeGenerator	2026-05-29 14:07:19 +02:00
TekH	5fd8637913	Add DependencyInjection and ReceiverUI projects Added the `EnvelopeGenerator.DependencyInjection` project to the solution, including its build configurations for Debug and Release modes. Also added build configurations for the existing `EnvelopeGenerator.ReceiverUI` project. Both projects were associated with the parent project in the NestedProjects section.	2026-05-29 14:07:14 +02:00
TekH	31db160fba	Add signature panel and layout updates for ReportViewer Enhanced `ReportViewer.razor` with a new layout structure: - Added `receiver-page-layout` with `receiver-signature-panel` and `receiver-viewer-wrapper` for better organization. - Introduced a button to export signed PDFs, conditionally enabled based on `SignatureApplied`. - Added a `DxPopup` for capturing signatures with a "Close" button. Updated `MainLayout.razor` to remove unnecessary padding from `<article>`. Refined `app.css`: - Defined styles for `receiver-page-layout`, `receiver-signature-panel`, and `receiver-viewer-wrapper` to improve layout flexibility. - Adjusted `article` to use flexbox and ensure hidden overflow.	2026-05-29 14:06:59 +02:00
TekH	b6e63841cd	Disable automatic database migrations in appsettings.json The `UseDbMigration` setting in the `appsettings.json` file was updated from `true` to `false`. This change disables automatic application of database migrations, potentially requiring manual intervention or an alternative approach for managing schema updates.	2026-05-29 13:47:11 +02:00
TekH	f051896296	Add API endpoint to retrieve envelope receiver by key Added a new `GetEnvelopeReceiverOfReceiver` method in the `EnvelopeReceiverController` to retrieve an envelope receiver based on the provided `envelopeKey`. The method is secured with the `Receiver` authorization policy and uses the `_mediator.Send` method to process a `ReadEnvelopeReceiverQuery`. Included the `Microsoft.Extensions.Options` namespace to support potential configuration needs. Added XML documentation placeholders for the new method.	2026-05-29 13:46:06 +02:00
TekH	92b93e862e	Add GetDocumentOfReceiver endpoint and logging support Updated DocumentController to include a new GetDocumentOfReceiver endpoint for retrieving envelope documents. Added authorization based on the Receiver policy and implemented error handling for invalid or missing EnvelopeId claims. Integrated ILogger to log errors and provide detailed diagnostics. Included necessary namespace imports to support the new functionality.	2026-05-29 13:37:51 +02:00
TekH	8876f5c286	Add token validation for envelope key in request path Enhanced token validation logic by introducing an `OnTokenValidated` event handler. This ensures the `envelopeKey` in the request path matches the token's subject (`sub` claim). Added `return Task.CompletedTask;` to complete asynchronous operations. These changes improve security by preventing mismatches or unauthorized access.	2026-05-29 13:10:42 +02:00
TekH	e93c7e8bc1	Add envelope-receiver login endpoint support Added `AddEnvelopeReceiverLoginOperation` to `AuthProxyDocumentFilter` to define a new Swagger operation for the `/api/Auth/envelope-receiver/{key}` endpoint. Introduced the `EnvelopeReceiverLogin` record for the request body. Updated `yarp.json` to configure routing for the new endpoint, ensuring the `cookie` query parameter is always set to `true`. Modified `Apply` to include the new operation in Swagger documentation.	2026-05-29 12:44:51 +02:00
TekH	16493b4594	Add endpoints for envelope receiver logout functionality Added two new endpoints to `AuthController`: `LogoutEnvelopeReceiver` for removing a specific per-envelope receiver cookie and `LogoutAllEnvelopeReceivers` for clearing all such cookies. Updated `DigitalData.Auth.Claims` package to version 1.0.3. Introduced new `using` directives to support the added functionality. Included XML documentation for the new endpoints to improve code clarity.	2026-05-29 12:44:26 +02:00
TekH	938504b2d1	Add per-envelope JWT authentication and validation Introduced a new `EnvelopeReceiverJwt` authentication scheme to support per-envelope JWT validation using cookies specific to envelope keys. Added the `CheckEnvelopeReceiver` endpoint in `AuthController.cs` to validate these tokens, protected by the `AuthPolicy.Receiver` policy. Configured the `EnvelopeReceiverJwt` scheme to dynamically resolve issuer signing keys and validate tokens. Enhanced `JwtBearerEvents.OnMessageReceived` to extract envelope keys from the request path and retrieve tokens from corresponding cookies. Updated the `AuthPolicy.Receiver` policy to use the `EnvelopeReceiverJwt` scheme, ensuring isolated authentication for per-envelope scenarios. Added XML documentation for the `CheckEnvelopeReceiver` method.	2026-05-29 11:47:12 +02:00
TekH	3eb718f6ac	Add CheckReceiver endpoint to AuthController Introduce a new `CheckReceiver` action method in `AuthController`. This method is protected by the `Receiver` authorization policy and handles GET requests to the `check-receiver/{envelopeKey}` route. It accepts an `envelopeKey` parameter from the route and currently returns an HTTP 200 OK response.	2026-05-29 10:23:34 +02:00
TekH	99781aeb8a	Enhance authentication and database configuration - Added `using DigitalData.Auth.Claims` to support claims handling. - Improved EF Core DbContext comment for better clarity. - Added logic to dynamically select connection strings based on `MIGRATION_TEST_MODE` or `UseDbMigration` configuration. - Updated `AuthPolicy.Receiver` to include the `"receiver"` role.	2026-05-29 10:02:25 +02:00
TekH	ffcd41f4dc	Add DigitalData.Auth.Claims package dependency Added a reference to the `DigitalData.Auth.Claims` package (version 1.0.1) in the `EnvelopeGenerator.API.csproj` file. This introduces functionality related to handling authentication claims in the project.	2026-05-29 10:02:11 +02:00
TekH	a7ed9be1de	Update version and improve build process for packaging Updated project version to 1.2.0.3 in `EnvelopeGenerator.DependencyInjection.csproj`. Replaced line endings in `_DepDlls` for consistency. Added a new `RebuildDependenciesBeforePack` target to ensure all dependencies are rebuilt for `net7.0`, `net8.0`, and `net9.0` before packaging. Improved formatting in `BundleReferencedDlls` for better readability.	2026-05-29 08:45:56 +02:00
TekH	32fbf782fa	Update project version to 1.2.0 Bump the project version from 1.1.1 to 1.2.0 in the `EnvelopeGenerator.DependencyInjection.csproj` file. Updated the `<Version>`, `<AssemblyVersion>`, and `<FileVersion>` properties to reflect the new version.	2026-05-28 23:47:02 +02:00
TekH	bfae72529c	Add query for sensitive envelope receiver data Introduced `ReadEnvelopeReceiverSecretQuery` to fetch sensitive fields (e.g., access code, phone number) for envelope receivers. Added extension methods for dispatching the query via `IMediator` and implemented `ReadEnvelopeReceiverSecretQueryHandler` to process the query using repositories and AutoMapper. Updated `EnvelopeController` with a new HTTP GET endpoint `EnvelopeReceiverWithSecretByMediatr` to expose the query functionality. This endpoint returns sensitive data as `EnvelopeReceiverSecretDto` or a 404 response if no match is found. These changes improve modularity, testability, and separation of concerns by leveraging MediatR and CQRS patterns.	2026-05-28 23:46:31 +02:00
TekH	67e6f288eb	Bump version to 1.1.1 Updated project version from 1.1.0 to 1.1.1 in `EnvelopeGenerator.DependencyInjection.csproj`. This includes changes to `<Version>`, `<AssemblyVersion>`, and `<FileVersion>` properties. The update reflects minor improvements or bug fixes while maintaining backward compatibility.	2026-05-28 22:52:40 +02:00
TekH	823bafeeb9	Refactor project dependencies and add TFM-specific packages Restructured `EnvelopeGenerator.DependencyInjection.csproj` to: - Add multiple `PackageReference` entries for application services, ORM/Database, security/identity, utilities, and DI abstractions. - Introduce conditional `ItemGroup` sections for `net7.0`, `net8.0`, and `net9.0` with framework-specific package versions. - Move `UserManager` package reference to align with the updated dependency structure. - Update comments for clarity, including replacing a Turkish comment with an English one. - Add a comment explaining the rationale for centralizing `PackageReference` declarations to ensure correct `.nuspec` generation and simplify consumption.	2026-05-28 22:50:45 +02:00
TekH	750b9f1b57	Bump project version to 1.1.0 Updated the project version from 1.0.1 to 1.1.0 in the `EnvelopeGenerator.DependencyInjection.csproj` file. This includes changes to the `<Version>`, `<AssemblyVersion>`, and `<FileVersion>` properties, reflecting the addition of new features or improvements.	2026-05-28 21:57:19 +02:00
TekH	0a4daccc0f	Refactor service registration for modularity Introduced `EnvelopeGeneratorOptions` and `SqlCacheOptions` to enable fine-grained control over optional service registrations in `AddEnvelopeGenerator`. Updated `AddEnvelopeGenerator` to conditionally register services like `HttpContextAccessor`, `DistributedSqlServerCache`, `Dispatcher`, `MemoryCache`, and `UserManager` based on these options. Updated `DependencyInjection.csproj` to include necessary framework references and package dependencies. Simplified `Program.cs` by consolidating service registrations into `AddEnvelopeGenerator`, reducing boilerplate and improving maintainability. Improved extensibility by centralizing service registration logic, allowing consuming projects to customize configurations without modifying the core library. Updated documentation and removed unused directives.	2026-05-28 21:57:03 +02:00
TekH	bc4905d2f4	Refactor DI setup and simplify service registration Centralized dependency injection setup by adding a reference to `EnvelopeGenerator.DependencyInjection` in the project file and replacing multiple `using` directives with a single one. Replaced obsolete `AddEnvelopeGeneratorInfrastructureServices` and `AddEnvelopeGeneratorServices` methods with the new `AddEnvelopeGenerator` method, consolidating service and infrastructure setup. Encapsulated `EGDbContext` configuration within `AddEnvelopeGenerator` and removed obsolete `#pragma` directives. Simplified mail service registration by replacing manual `IEnvelopeMailService` setup with `AddEnvelopeMailService`. These changes improve maintainability, reduce redundancy, and modernize the codebase.	2026-05-28 20:23:14 +02:00
TekH	7c737ee6ad	Update project versioning and dependency handling Updated project version to 1.0.1, including `<Version>`, `<AssemblyVersion>`, and `<FileVersion>`. Added `<PrivateAssets>all</PrivateAssets>` to `<ProjectReference>` elements to prevent exposing referenced projects' assets. Introduced `IncludeDependencyDlls` and `BundleReferencedDlls` targets to include and bundle dependent project DLLs for multiple target frameworks (`net7.0`, `net8.0`, `net9.0`). Removed redundant `<ProjectReference>` entries and improved packaging to ensure proper handling of dependencies.	2026-05-28 20:13:51 +02:00
TekH	8a796a2eec	Support multi-targeting and add NuGet metadata Updated `EnvelopeGenerator.DependencyInjection.csproj` to support multiple target frameworks (`net7.0`, `net8.0`, `net9.0`) for broader compatibility. Added NuGet package metadata to enable publishing, including details like `PackageId`, `Authors`, and `RepositoryUrl`. Upgraded `Microsoft.Extensions.Configuration.Abstractions` and `Microsoft.Extensions.DependencyInjection.Abstractions` to version `9.0.6`. Added a project reference to `EnvelopeGenerator.Domain`. Modified `EnvelopeGenerator.sln` to adjust the build configuration for the project with GUID `{90FE0312-8C38-4347-9EA2-0A719E255D5C}`, setting `Debug` to use the `Release` configuration.	2026-05-28 16:54:59 +02:00
TekH	83957d28e9	Add DependencyInjection class for service registration in EnvelopeGenerator	2026-05-28 16:27:30 +02:00
TekH	fe3f1347d5	Add EnvelopeGenerator.DependencyInjection project and update solution file	2026-05-28 16:27:21 +02:00
TekH	1e35e0447f	Merge branch 'master' of http://git.dd:3000/AppStd/EnvelopeGenerator	2026-05-28 14:15:19 +02:00
TekH	7828ed237d	Refactor utility functions for clarity and consistency Updated `findNearest` for improved readability by renaming parameters, introducing a helper function for distance calculation, and using `Infinity` for clarity. Refactored `getCurrentCulture` to use modern `typeof` syntax. Updated `B64ToBuff` and `getLocaleDateString` for consistency with naming conventions and concise syntax. Re-added `detailedCurrentDate` to ensure consistency.	2026-05-27 16:16:50 +02:00