oskar 8ced1f7925 Implement invitation management for patients and add supporting APIs, services, and tests

oka: not tested yet

- Introduced `Invitation` entity, table schema, and repository.
- Added `InvitationController` with APIs for creating, resolving, and accepting invitations.
- Implemented `InvitationService` to handle invitation workflows, including token generation and validation.
- Created unit tests for controller, service, and repository layers.
- Added support for patient-subject relationships with `PatientSubject` entity and repository.
- Updated `PatientAccessChecker` to handle subject-based access control.
- Extended Keycloak provisioning service for invitation role management.
- Updated database migrations to include invitations and patient-subject tables.
- Enhanced security configuration to permit invitation resolution API.
- Updated build scripts and dependencies for testing support.

2026-01-14 15:12:10 +01:00

2.6 KiB

Raw Blame History

Mosenioring Backend

Production-ready Kotlin/Spring Boot 3 modular monolith skeleton for patient-caregiver-doctor coordination.

🏛 Architecture

This project follows a Modular Monolith architecture:

app: Main entry point, configuration, and shared controllers.
common: Cross-cutting concerns (security, tenant handling, outbox pattern).
modules/*: Independent business modules (Clinical, Identity, Messaging, etc.).
workers/*: Background event consumers/processors.

🛠 Requirements

Java 21
Docker + Docker Compose

🚀 Local Run

1. Start Dependencies

docker compose up -d

2. Run the API

Choose a profile:

Local Development (with mock auth):

SPRING_PROFILES_ACTIVE=local ALLOW_LOCAL_AUTH=true ./gradlew :app:bootRun

Allows bypassing Keycloak using X-Local-* headers.

Dev Mode (with Keycloak):

SPRING_PROFILES_ACTIVE=dev ./gradlew :app:bootRun

3. Run the Worker (Optional)

./gradlew :workers:notification-worker:bootRun

🧪 Testing

Run all tests:

./gradlew test

🔐 Auth & Multi-tenancy

JWT Resource Server: Uses Keycloak by default.
Multi-tenancy: Enforced via X-Tenant-Id header (local) or tenant_id JWT claim.
Local Auth Headers (only when ALLOW_LOCAL_AUTH=true):
- X-Local-Email: User identity.
- X-Local-Roles: e.g., ADMIN, DOCTOR, CAREGIVER.
- X-Tenant-Id: Target tenant.

📨 Invitation Onboarding

Invite-only registration: Admins create invites; users accept with a token.
Resolve endpoint: POST /api/v1/invites/resolve returns only masked email + expiry.
Accept endpoint: POST /api/v1/invites/accept links the authenticated user to a patient.
Token hashing: Invitation tokens are stored as HMAC-SHA256 with a server-side pepper.
Config: Set app.invites.token-pepper in back001/app/src/main/resources/application.yml for non-dev environments.

🔗 Key Services & Links

OpenAPI: http://localhost:8080/swagger-ui/index.html
Health: http://localhost:8080/health
Postgres: localhost:5432 (mosenioring/mosenioring)
Keycloak: http://localhost:8081 (admin/admin)
RabbitMQ: http://localhost:15672 (guest/guest)
MinIO: http://localhost:9001 (minio/minio123)

📝 Notes

Outbox Pattern: Medication plans publish events to an outbox table for reliable messaging.
Idempotency: Workers use Redis to ensure events are processed only once.

2.6 KiB Raw Blame History