feat(aoc): add RequireAocGuard route helper and associated tests

- Introduced RequireAocGuard extension method for RouteHandlerBuilder to enforce AOC guard on routes. - Implemented two overloads of RequireAocGuard to support different payload selection strategies. - Added unit tests for RequireAocGuard to ensure correct behavior and exception handling. - Updated TASKS.md to reflect the addition of RequireAocGuard and related documentation. - Made internal members of Concelier.WebService visible to its test project.
2025-11-06 17:23:31 +02:00
parent 950f238a93
commit e536492da9
12 changed files with 2128 additions and 1895 deletions
--- a/src/Concelier/StellaOps.Concelier.WebService/Program.cs
+++ b/src/Concelier/StellaOps.Concelier.WebService/Program.cs
@@ -15,7 +15,7 @@ using System.Diagnostics;
 using System.Text.Json;
 using System.Text.Json.Serialization;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options;
 using MongoDB.Bson;
 using MongoDB.Driver;
 using StellaOps.Concelier.Core.Events;
@@ -40,6 +40,7 @@ using StellaOps.Auth.Abstractions;
 using StellaOps.Auth.Client;
 using StellaOps.Auth.ServerIntegration;
 using StellaOps.Aoc;
+using StellaOps.Aoc.AspNetCore.Routing;
 using StellaOps.Aoc.AspNetCore.Results;
 using StellaOps.Concelier.WebService.Contracts;
 using StellaOps.Concelier.Core.Aoc;
@@ -427,6 +428,41 @@ var advisoryIngestEndpoint = app.MapPost("/ingest/advisory", async (
        return MapAocGuardException(context, guardException);
    }
 });
+
+var advisoryIngestGuardOptions = AocGuardOptions.Default with
+{
+    RequireTenant = false,
+    RequiredTopLevelFields = AocGuardOptions.Default.RequiredTopLevelFields.Remove("tenant")
+};
+
+advisoryIngestEndpoint.RequireAocGuard<AdvisoryIngestRequest>(request =>
+{
+    if (request?.Source is null || request.Upstream is null || request.Content is null || request.Identifiers is null)
+    {
+        return Array.Empty<object?>();
+    }
+
+    var linkset = request.Linkset ?? new AdvisoryLinksetRequest(
+        Array.Empty<string>(),
+        Array.Empty<string>(),
+        Array.Empty<string>(),
+        Array.Empty<AdvisoryLinksetReferenceRequest>(),
+        Array.Empty<string>(),
+        new Dictionary<string, string>(StringComparer.Ordinal));
+
+    var payload = new
+    {
+        tenant = "guard-tenant",
+        source = request.Source,
+        upstream = request.Upstream,
+        content = request.Content,
+        identifiers = request.Identifiers,
+        linkset
+    };
+
+    return new object?[] { payload };
+}, guardOptions: advisoryIngestGuardOptions);
+
 if (authorityConfigured)
 {
    advisoryIngestEndpoint.RequireAuthorization(AdvisoryIngestPolicyName);