mosenioring/back001/README.md

# Mosenioring Backend

Production-ready Kotlin/Spring Boot 3 modular monolith skeleton for patient-caregiver-doctor coordination.

## 🏛 Architecture
This project follows a **Modular Monolith** architecture:
- `app`: Main entry point, configuration, and shared controllers.
- `common`: Cross-cutting concerns (security, tenant handling, outbox pattern).
- `modules/*`: Independent business modules (Clinical, Identity, Messaging, etc.).
- `workers/*`: Background event consumers/processors.

## 🛠 Requirements
- Java 17
- Docker + Docker Compose
  - CI uses a custom `gradle:8.12-jdk17`-based image (see `ci/images/gradle-node/Dockerfile`); match that locally to avoid toolchain download delays.

## 🚀 Local Run

### 1. Start Dependencies
```bash
docker compose up -d
```

### 2. Run the API
Choose a profile:

**Local Development (with mock auth):**
```bash
SPRING_PROFILES_ACTIVE=local ALLOW_LOCAL_AUTH=true ./gradlew :app:bootRun
```
*Allows bypassing Keycloak using `X-Local-*` headers.*

**Dev Mode (with Keycloak):**
```bash
SPRING_PROFILES_ACTIVE=dev ./gradlew :app:bootRun
```

### 3. Run the Worker (Optional)
```bash
./gradlew :workers:notification-worker:bootRun
```

## 🧪 Testing
Run all tests:
```bash
./gradlew test
```

## 🔐 Auth & Multi-tenancy
- **JWT Resource Server**: Uses Keycloak by default.
- **Multi-tenancy**: Enforced via `X-Tenant-Id` header (local) or `tenant_id` JWT claim.
- **Local Auth Headers** (only when `ALLOW_LOCAL_AUTH=true`):
  - `X-Local-Email`: User identity.
  - `X-Local-Roles`: e.g., `ADMIN, DOCTOR, CAREGIVER`.
  - `X-Tenant-Id`: Target tenant.

## 📨 Invitation Onboarding
- **Invite-only registration**: Admins create invites; users accept with a token.
- **Resolve endpoint**: `POST /api/v1/invites/resolve` returns only masked email + expiry.
- **Accept endpoint**: `POST /api/v1/invites/accept` links the authenticated user to a patient.
- **Token hashing**: Invitation tokens are stored as HMAC-SHA256 with a server-side pepper.
- **Config**: Set `app.invites.token-pepper` in `back001/app/src/main/resources/application.yml` for non-dev environments.

## 🔗 Key Services & Links
- **OpenAPI**: [http://localhost:8080/swagger-ui/index.html](http://localhost:8080/swagger-ui/index.html)
- **Health**: [http://localhost:8080/health](http://localhost:8080/health)
- **Postgres**: `localhost:5432` (mosenioring/mosenioring)
- **Keycloak**: [http://localhost:8081](http://localhost:8081) (admin/admin)
- **RabbitMQ**: [http://localhost:15672](http://localhost:15672) (guest/guest)
- **MinIO**: [http://localhost:9001](http://localhost:9001) (minio/minio123)

## 📝 Notes
- **Outbox Pattern**: Medication plans publish events to an outbox table for reliable messaging.
- **Idempotency**: Workers use Redis to ensure events are processed only once.
init backend 2026-01-09 18:35:06 +01:00			`# Mosenioring Backend`

			`Production-ready Kotlin/Spring Boot 3 modular monolith skeleton for patient-caregiver-doctor coordination.`

Improved `README.md` with restructured sections, better formatting, and added examples for local development, testing, and architecture overview. 2026-01-12 22:50:15 +01:00			`## 🏛 Architecture`
			`This project follows a Modular Monolith architecture:`
			- `app`: Main entry point, configuration, and shared controllers.
			- `common`: Cross-cutting concerns (security, tenant handling, outbox pattern).
			- `modules/*`: Independent business modules (Clinical, Identity, Messaging, etc.).
			- `workers/*`: Background event consumers/processors.

			`## 🛠 Requirements`
ci 2026-01-16 14:56:22 +01:00			`- Java 17`
init backend 2026-01-09 18:35:06 +01:00			`- Docker + Docker Compose`
ci 2026-01-16 14:56:22 +01:00			- CI uses a custom `gradle:8.12-jdk17`-based image (see `ci/images/gradle-node/Dockerfile`); match that locally to avoid toolchain download delays.
init backend 2026-01-09 18:35:06 +01:00
Improved `README.md` with restructured sections, better formatting, and added examples for local development, testing, and architecture overview. 2026-01-12 22:50:15 +01:00			`## 🚀 Local Run`
init backend 2026-01-09 18:35:06 +01:00
Improved `README.md` with restructured sections, better formatting, and added examples for local development, testing, and architecture overview. 2026-01-12 22:50:15 +01:00			`### 1. Start Dependencies`
init backend 2026-01-09 18:35:06 +01:00			```bash
			`docker compose up -d`
			```

Improved `README.md` with restructured sections, better formatting, and added examples for local development, testing, and architecture overview. 2026-01-12 22:50:15 +01:00			`### 2. Run the API`
			`Choose a profile:`
init backend 2026-01-09 18:35:06 +01:00
Improved `README.md` with restructured sections, better formatting, and added examples for local development, testing, and architecture overview. 2026-01-12 22:50:15 +01:00			`Local Development (with mock auth):`
init backend 2026-01-09 18:35:06 +01:00			```bash
Improved `README.md` with restructured sections, better formatting, and added examples for local development, testing, and architecture overview. 2026-01-12 22:50:15 +01:00			`SPRING_PROFILES_ACTIVE=local ALLOW_LOCAL_AUTH=true ./gradlew :app:bootRun`
init backend 2026-01-09 18:35:06 +01:00			```
Improved `README.md` with restructured sections, better formatting, and added examples for local development, testing, and architecture overview. 2026-01-12 22:50:15 +01:00			Allows bypassing Keycloak using `X-Local-` headers.*
init backend 2026-01-09 18:35:06 +01:00
Improved `README.md` with restructured sections, better formatting, and added examples for local development, testing, and architecture overview. 2026-01-12 22:50:15 +01:00			`Dev Mode (with Keycloak):`
doesnt work 2026-01-12 18:38:15 +01:00			```bash
Improved `README.md` with restructured sections, better formatting, and added examples for local development, testing, and architecture overview. 2026-01-12 22:50:15 +01:00			`SPRING_PROFILES_ACTIVE=dev ./gradlew :app:bootRun`
doesnt work 2026-01-12 18:38:15 +01:00			```

Improved `README.md` with restructured sections, better formatting, and added examples for local development, testing, and architecture overview. 2026-01-12 22:50:15 +01:00			`### 3. Run the Worker (Optional)`
init backend 2026-01-09 18:35:06 +01:00			```bash
			`./gradlew :workers:notification-worker:bootRun`
			```

Improved `README.md` with restructured sections, better formatting, and added examples for local development, testing, and architecture overview. 2026-01-12 22:50:15 +01:00			`## 🧪 Testing`
			`Run all tests:`
			```bash
			`./gradlew test`
			```
init backend 2026-01-09 18:35:06 +01:00
Improved `README.md` with restructured sections, better formatting, and added examples for local development, testing, and architecture overview. 2026-01-12 22:50:15 +01:00			`## 🔐 Auth & Multi-tenancy`
			`- JWT Resource Server: Uses Keycloak by default.`
			- Multi-tenancy: Enforced via `X-Tenant-Id` header (local) or `tenant_id` JWT claim.
			- Local Auth Headers (only when `ALLOW_LOCAL_AUTH=true`):
			- `X-Local-Email`: User identity.
			- `X-Local-Roles`: e.g., `ADMIN, DOCTOR, CAREGIVER`.
			- `X-Tenant-Id`: Target tenant.
init backend 2026-01-09 18:35:06 +01:00
Implement invitation management for patients and add supporting APIs, services, and tests oka: not tested yet - Introduced `Invitation` entity, table schema, and repository. - Added `InvitationController` with APIs for creating, resolving, and accepting invitations. - Implemented `InvitationService` to handle invitation workflows, including token generation and validation. - Created unit tests for controller, service, and repository layers. - Added support for patient-subject relationships with `PatientSubject` entity and repository. - Updated `PatientAccessChecker` to handle subject-based access control. - Extended Keycloak provisioning service for invitation role management. - Updated database migrations to include invitations and patient-subject tables. - Enhanced security configuration to permit invitation resolution API. - Updated build scripts and dependencies for testing support. 2026-01-14 15:12:10 +01:00			`## 📨 Invitation Onboarding`
			`- Invite-only registration: Admins create invites; users accept with a token.`
			- Resolve endpoint: `POST /api/v1/invites/resolve` returns only masked email + expiry.
			- Accept endpoint: `POST /api/v1/invites/accept` links the authenticated user to a patient.
			`- Token hashing: Invitation tokens are stored as HMAC-SHA256 with a server-side pepper.`
			- Config: Set `app.invites.token-pepper` in `back001/app/src/main/resources/application.yml` for non-dev environments.

Improved `README.md` with restructured sections, better formatting, and added examples for local development, testing, and architecture overview. 2026-01-12 22:50:15 +01:00			`## 🔗 Key Services & Links`
			`- OpenAPI: [http://localhost:8080/swagger-ui/index.html](http://localhost:8080/swagger-ui/index.html)`
			`- Health: [http://localhost:8080/health](http://localhost:8080/health)`
			- Postgres: `localhost:5432` (mosenioring/mosenioring)
			`- Keycloak: [http://localhost:8081](http://localhost:8081) (admin/admin)`
			`- RabbitMQ: [http://localhost:15672](http://localhost:15672) (guest/guest)`
			`- MinIO: [http://localhost:9001](http://localhost:9001) (minio/minio123)`
init backend 2026-01-09 18:35:06 +01:00
Improved `README.md` with restructured sections, better formatting, and added examples for local development, testing, and architecture overview. 2026-01-12 22:50:15 +01:00			`## 📝 Notes`
			`- Outbox Pattern: Medication plans publish events to an outbox table for reliable messaging.`
			`- Idempotency: Workers use Redis to ensure events are processed only once.`