@jtl-software/cloud-app-template-backend-dotnet 0.0.1

package/CHANGELOG.md

@@ -0,0 +1,7 @@
+# @jtl/cloud-app-template-backend-dotnet
+
+## 0.0.1
+
+### Patch Changes
+
+- [`845f751`](https://github.com/jtl-software/cloud-apps-cli/commit/845f751930774ebbd0af55abcba505443494befe) Thanks [@tobilen](https://github.com/tobilen)! - initial

package/HelloWorldApp.Api/Endpoints/ConnectTenantEndpoint.cs

@@ -0,0 +1,41 @@
+using FastEndpoints;
+using {{APP_NAME_PASCAL}}.Api.Models;
+using {{APP_NAME_PASCAL}}.Api.Services;
+
+namespace {{APP_NAME_PASCAL}}.Api.Endpoints;
+
+public class ConnectTenantEndpoint : Endpoint<ConnectTenantRequest>
+{
+    private readonly JwtVerificationService _jwtService;
+    private readonly TenantMappingService _tenantMapping;
+
+    public ConnectTenantEndpoint(JwtVerificationService jwtService, TenantMappingService tenantMapping)
+    {
+        _jwtService = jwtService;
+        _tenantMapping = tenantMapping;
+    }
+
+    public override void Configure()
+    {
+        Post("/connect-tenant");
+        AllowAnonymous();
+    }
+
+    public override async Task HandleAsync(ConnectTenantRequest req, CancellationToken ct)
+    {
+        var payload = await _jwtService.VerifySessionTokenAsync(req.SessionToken);
+
+        // Use current timestamp as local tenant ID.
+        // In a real application this would come from your own auth system.
+        var localTenantId = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds().ToString();
+
+        _tenantMapping.Set(localTenantId, payload.TenantId, payload.TenantSlug);
+
+        await Send.OkAsync(new
+        {
+            tenantId = localTenantId,
+            jtlTenantId = payload.TenantId,
+            tenantSlug = payload.TenantSlug
+        }, ct);
+    }
+}

package/HelloWorldApp.Api/Endpoints/CurrentTenantEndpoint.cs

@@ -0,0 +1,37 @@
+using FastEndpoints;
+using {{APP_NAME_PASCAL}}.Api.Services;
+
+namespace {{APP_NAME_PASCAL}}.Api.Endpoints;
+
+public class CurrentTenantEndpoint : EndpointWithoutRequest
+{
+    private readonly TenantMappingService _tenantMapping;
+
+    public CurrentTenantEndpoint(TenantMappingService tenantMapping)
+        => _tenantMapping = tenantMapping;
+
+    public override void Configure()
+    {
+        Get("/current-tenant");
+        AllowAnonymous();
+    }
+
+    public override async Task HandleAsync(CancellationToken ct)
+    {
+        var all = _tenantMapping.GetAll();
+        if (all.Count == 0)
+        {
+            await Send.NotFoundAsync(cancellation: ct);
+            return;
+        }
+
+        var latest = all.MaxBy(kv => long.TryParse(kv.Key, out var n) ? n : 0);
+
+        await Send.OkAsync(new
+        {
+            tenantId = latest.Key,
+            jtlTenantId = latest.Value.JtlTenantId,
+            tenantSlug = latest.Value.TenantSlug
+        }, ct);
+    }
+}

package/HelloWorldApp.Api/Endpoints/ErpInfoEndpoint.cs

@@ -0,0 +1,74 @@
+using System.Text.Json;
+using FastEndpoints;
+using {{APP_NAME_PASCAL}}.Api.Services;
+
+namespace {{APP_NAME_PASCAL}}.Api.Endpoints;
+
+/// <summary>
+/// Proxies requests to the JTL Platform ERP API.
+/// Resolves the local tenant ID to the JTL tenant ID before forwarding.
+/// </summary>
+public class ErpInfoEndpoint : EndpointWithoutRequest
+{
+    private readonly ErpApiService _erpApiService;
+    private readonly TenantMappingService _tenantMapping;
+
+    public ErpInfoEndpoint(ErpApiService erpApiService, TenantMappingService tenantMapping)
+    {
+        _erpApiService = erpApiService;
+        _tenantMapping = tenantMapping;
+    }
+
+    public override void Configure()
+    {
+        Verbs(Http.GET, Http.POST, Http.PUT, Http.PATCH, Http.DELETE);
+        Routes("/erp-info/{tenantId}/{*endpoint}");
+        AllowAnonymous();
+    }
+
+    public override async Task HandleAsync(CancellationToken ct)
+    {
+        var localTenantId = Route<string>("tenantId")!;
+        var endpoint = Route<string>("endpoint")!;
+        var method = new HttpMethod(HttpContext.Request.Method);
+        string? jsonBody = null;
+
+        if (HttpContext.Request.Method is "POST" or "PUT" or "PATCH")
+        {
+            using var reader = new StreamReader(HttpContext.Request.Body);
+            var rawBody = await reader.ReadToEndAsync(ct);
+
+            if (!string.IsNullOrWhiteSpace(rawBody))
+            {
+                var bodyJson = JsonSerializer.Deserialize<JsonElement>(rawBody);
+
+                // Allow overriding tenantId and endpoint from request body
+                if (bodyJson.TryGetProperty("_tenantId", out var tenantOverride))
+                    localTenantId = tenantOverride.GetString()!;
+
+                if (bodyJson.TryGetProperty("_endpoint", out var endpointOverride))
+                    endpoint = endpointOverride.GetString()!;
+
+                var cleaned = bodyJson.EnumerateObject()
+                    .Where(p => p.Name is not "_tenantId" and not "_endpoint")
+                    .ToDictionary(p => p.Name, p => p.Value);
+
+                jsonBody = JsonSerializer.Serialize(cleaned);
+            }
+        }
+
+        var entry = _tenantMapping.Get(localTenantId);
+        if (entry is null)
+        {
+            await Send.NotFoundAsync(cancellation: ct);
+            return;
+        }
+
+        var (statusCode, responseBody) = await _erpApiService.ProxyErpRequestAsync(
+            entry.JtlTenantId, endpoint, method, jsonBody);
+
+        HttpContext.Response.StatusCode = statusCode;
+        HttpContext.Response.ContentType = "application/json";
+        await HttpContext.Response.WriteAsync(responseBody, ct);
+    }
+}

package/HelloWorldApp.Api/Endpoints/HomeEndpoint.cs

@@ -0,0 +1,15 @@
+using FastEndpoints;
+
+namespace {{APP_NAME_PASCAL}}.Api.Endpoints;
+
+public class HomeEndpoint : EndpointWithoutRequest<string>
+{
+    public override void Configure()
+    {
+        Get("/");
+        AllowAnonymous();
+    }
+
+    public override async Task HandleAsync(CancellationToken ct)
+        => await Send.OkAsync("Hello from C# + FastEndpoints!", ct);
+}

package/HelloWorldApp.Api/HelloWorldApp.Api.csproj

@@ -0,0 +1,18 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <RootNamespace>{{APP_NAME_PASCAL}}.Api</RootNamespace>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <!-- Ed25519 signature verification for JWKS token validation -->
+    <PackageReference Include="NSec.Cryptography" Version="25.4.0" />
+    <!-- FastEndpoints + Swagger -->
+    <PackageReference Include="FastEndpoints" Version="7.1.1" />
+    <PackageReference Include="FastEndpoints.Swagger" Version="7.1.1" />
+  </ItemGroup>
+
+</Project>

package/HelloWorldApp.Api/Models/ConnectTenantRequest.cs

@@ -0,0 +1,3 @@
+namespace {{APP_NAME_PASCAL}}.Api.Models;
+
+public record ConnectTenantRequest(string SessionToken);

package/HelloWorldApp.Api/Models/SessionTokenPayload.cs

@@ -0,0 +1,3 @@
+namespace {{APP_NAME_PASCAL}}.Api.Models;
+
+public record SessionTokenPayload(string UserId, string TenantId, string? TenantSlug);

package/HelloWorldApp.Api/Program.cs

@@ -0,0 +1,29 @@
+using FastEndpoints;
+using FastEndpoints.Swagger;
+using {{APP_NAME_PASCAL}}.Api.Services;
+
+var builder = WebApplication.CreateBuilder(args);
+
+builder.Configuration.AddJsonFile("appsettings.Local.json", optional: true, reloadOnChange: false);
+
+builder.Services.AddFastEndpoints();
+builder.Services.SwaggerDocument();
+
+builder.Services.AddHttpClient();
+builder.Services.AddSingleton<TenantMappingService>();
+builder.Services.AddScoped<ErpApiService>();
+builder.Services.AddScoped<JwtVerificationService>();
+
+builder.Services.AddCors(options =>
+    options.AddDefaultPolicy(policy =>
+        policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader()));
+
+var app = builder.Build();
+
+app.UseCors();
+app.UseFastEndpoints();
+
+if (app.Environment.IsDevelopment())
+    app.UseSwaggerGen();
+
+app.Run();

package/HelloWorldApp.Api/Properties/launchSettings.json

@@ -0,0 +1,24 @@
+{
+  "$schema": "https://json.schemastore.org/launchsettings.json",
+  "profiles": {
+    "http": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": false,
+      "applicationUrl": "http://localhost:50143",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "http (with Swagger)": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "launchUrl": "swagger",
+      "applicationUrl": "http://localhost:50143",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

package/HelloWorldApp.Api/Services/ErpApiService.cs

@@ -0,0 +1,102 @@
+using System.Text;
+using System.Text.Json;
+
+namespace {{APP_NAME_PASCAL}}.Api.Services;
+
+public class ErpApiService
+{
+    private readonly IHttpClientFactory _httpClientFactory;
+    private readonly IConfiguration _configuration;
+    private readonly ILogger<ErpApiService> _logger;
+
+    public ErpApiService(
+        IHttpClientFactory httpClientFactory,
+        IConfiguration configuration,
+        ILogger<ErpApiService> logger)
+    {
+        _httpClientFactory = httpClientFactory;
+        _configuration = configuration;
+        _logger = logger;
+    }
+
+    /// <summary>
+    /// Fetches a short-lived access token via the OAuth2 client credentials flow.
+    /// Equivalent to getJwt() in the Node.js sample.
+    /// </summary>
+    public async Task<string> GetAccessTokenAsync()
+    {
+        var clientId = _configuration["JtlPlatform:ClientId"];
+        var clientSecret = _configuration["JtlPlatform:ClientSecret"];
+
+        if (string.IsNullOrWhiteSpace(clientId) || string.IsNullOrWhiteSpace(clientSecret))
+            throw new InvalidOperationException(
+                "JtlPlatform:ClientId and JtlPlatform:ClientSecret must be set in appsettings.Local.json " +
+                "or via environment variables JtlPlatform__ClientId / JtlPlatform__ClientSecret.");
+
+        _logger.LogInformation("Fetching access token for client {ClientId}", clientId);
+
+        var authString = Convert.ToBase64String(Encoding.UTF8.GetBytes($"{clientId}:{clientSecret}"));
+        var client = _httpClientFactory.CreateClient();
+        client.DefaultRequestHeaders.Authorization =
+            new System.Net.Http.Headers.AuthenticationHeaderValue("Basic", authString);
+
+        var body = new FormUrlEncodedContent([
+            new KeyValuePair<string, string>("grant_type", "client_credentials")
+        ]);
+
+        var response = await client.PostAsync(GetAuthEndpoint(), body);
+        var json = await response.Content.ReadAsStringAsync();
+
+        if (!response.IsSuccessStatusCode)
+        {
+            var error = JsonSerializer.Deserialize<JsonElement>(json);
+            throw new InvalidOperationException(
+                $"Failed to fetch access token ({response.StatusCode}): {error.GetProperty("error")}");
+        }
+
+        var data = JsonSerializer.Deserialize<JsonElement>(json);
+        return data.GetProperty("access_token").GetString()!;
+    }
+
+    /// <summary>
+    /// Proxies an arbitrary HTTP request to the JTL Platform ERP API.
+    /// Equivalent to the /erp-info route in the Node.js sample.
+    /// </summary>
+    public async Task<(int StatusCode, string Body)> ProxyErpRequestAsync(
+        string tenantId, string endpoint, HttpMethod method, string? jsonBody)
+    {
+        var jwt = await GetAccessTokenAsync();
+        var client = _httpClientFactory.CreateClient();
+        client.DefaultRequestHeaders.Authorization =
+            new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", jwt);
+        client.DefaultRequestHeaders.Add("X-Tenant-ID", tenantId);
+
+        var request = new HttpRequestMessage(method,
+            $"https://api{EnvironmentSuffix}.jtl-cloud.com/erp/{endpoint}");
+
+        if (jsonBody is not null && (method == HttpMethod.Post || method == HttpMethod.Put || method == HttpMethod.Patch))
+            request.Content = new StringContent(jsonBody, Encoding.UTF8, "application/json");
+
+        var response = await client.SendAsync(request);
+        var responseBody = await response.Content.ReadAsStringAsync();
+        return ((int)response.StatusCode, responseBody);
+    }
+
+    private string GetAuthEndpoint()
+    {
+        // prod and beta share the same auth host
+        var env = _configuration["JtlPlatform:Environment"] ?? "prod";
+        return env is "prod" or "beta"
+            ? "https://auth.jtl-cloud.com/oauth2/token"
+            : $"https://auth.{env}.jtl-cloud.com/oauth2/token";
+    }
+
+    private string EnvironmentSuffix
+    {
+        get
+        {
+            var env = _configuration["JtlPlatform:Environment"] ?? "prod";
+            return env == "prod" ? "" : $".{env}";
+        }
+    }
+}

package/HelloWorldApp.Api/Services/JwtVerificationService.cs

@@ -0,0 +1,99 @@
+using System.Text;
+using System.Text.Json;
+using {{APP_NAME_PASCAL}}.Api.Models;
+using NSec.Cryptography;
+
+namespace {{APP_NAME_PASCAL}}.Api.Services;
+
+/// <summary>
+/// Verifies JWTs signed with Ed25519 (EdDSA / OKP keys) using the JTL Platform JWKS endpoint.
+/// Equivalent to verifySessionTokenAndExtractPayload() in the Node.js sample.
+/// </summary>
+public class JwtVerificationService
+{
+    private readonly IHttpClientFactory _httpClientFactory;
+    private readonly ErpApiService _erpApiService;
+    private readonly IConfiguration _configuration;
+    private readonly ILogger<JwtVerificationService> _logger;
+
+    public JwtVerificationService(
+        IHttpClientFactory httpClientFactory,
+        ErpApiService erpApiService,
+        IConfiguration configuration,
+        ILogger<JwtVerificationService> logger)
+    {
+        _httpClientFactory = httpClientFactory;
+        _erpApiService = erpApiService;
+        _configuration = configuration;
+        _logger = logger;
+    }
+
+    public async Task<SessionTokenPayload> VerifySessionTokenAsync(string sessionToken)
+    {
+        var env = _configuration["JtlPlatform:Environment"] ?? "prod";
+        var suffix = env == "prod" ? "" : $".{env}";
+        var wellKnownUrl = $"https://api{suffix}.jtl-cloud.com/account/.well-known/jwks.json";
+
+        // Use client credentials token to access the JWKS endpoint
+        var accessToken = await _erpApiService.GetAccessTokenAsync();
+
+        var client = _httpClientFactory.CreateClient();
+        client.DefaultRequestHeaders.Authorization =
+            new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken);
+
+        var response = await client.GetAsync(wellKnownUrl);
+        response.EnsureSuccessStatusCode();
+
+        var jwksJson = await response.Content.ReadAsStringAsync();
+        var jwks = JsonSerializer.Deserialize<JsonElement>(jwksJson);
+
+        // Use the first key in the JWKS (OKP / Ed25519)
+        var key = jwks.GetProperty("keys")[0];
+        var publicKeyBytes = Base64UrlDecode(key.GetProperty("x").GetString()!);
+
+        return VerifyAndDecode(sessionToken, publicKeyBytes);
+    }
+
+    private SessionTokenPayload VerifyAndDecode(string token, byte[] publicKeyBytes)
+    {
+        var parts = token.Split('.');
+        if (parts.Length != 3)
+            throw new ArgumentException("Invalid JWT format – expected 3 dot-separated parts.");
+
+        // The signed data is the ASCII bytes of "header.payload"
+        var signedData = Encoding.ASCII.GetBytes($"{parts[0]}.{parts[1]}");
+        var signature = Base64UrlDecode(parts[2]);
+
+        var algorithm = SignatureAlgorithm.Ed25519;
+        var publicKey = PublicKey.Import(algorithm, publicKeyBytes, KeyBlobFormat.RawPublicKey);
+
+        if (!algorithm.Verify(publicKey, signedData, signature))
+        {
+            _logger.LogError("JWT signature verification failed");
+            throw new UnauthorizedAccessException("Invalid token signature.");
+        }
+
+        _logger.LogInformation("JWT signature verified successfully");
+
+        var payloadJson = Encoding.UTF8.GetString(Base64UrlDecode(parts[1]));
+        var payload = JsonSerializer.Deserialize<JsonElement>(payloadJson);
+
+        return new SessionTokenPayload(
+            UserId: payload.GetProperty("userId").GetString()!,
+            TenantId: payload.GetProperty("tenantId").GetString()!,
+            TenantSlug: payload.TryGetProperty("tenantSlug", out var slug) ? slug.GetString() : null
+        );
+    }
+
+    private static byte[] Base64UrlDecode(string input)
+    {
+        var padded = input.Replace('-', '+').Replace('_', '/');
+        padded += (padded.Length % 4) switch
+        {
+            2 => "==",
+            3 => "=",
+            _ => ""
+        };
+        return Convert.FromBase64String(padded);
+    }
+}

package/HelloWorldApp.Api/Services/TenantMappingService.cs

@@ -0,0 +1,86 @@
+using System.Collections.Concurrent;
+using System.Text.Json;
+
+namespace {{APP_NAME_PASCAL}}.Api.Services;
+
+/// <summary>
+/// Persists the mapping between this application's local tenant IDs and JTL Platform tenant IDs.
+/// Data is stored as JSON in the platform-appropriate user data directory:
+///   Windows : %APPDATA%\{{APP_NAME_PASCAL}}\tenant-mapping.json
+///   Linux   : ~/.config/{{APP_NAME_PASCAL}}/tenant-mapping.json
+///   macOS   : ~/Library/Application Support/{{APP_NAME_PASCAL}}/tenant-mapping.json
+/// </summary>
+public class TenantMappingService
+{
+    private readonly string _filePath;
+    private readonly ILogger<TenantMappingService> _logger;
+    private readonly ConcurrentDictionary<string, TenantEntry> _cache;
+
+    public TenantMappingService(ILogger<TenantMappingService> logger)
+    {
+        _logger = logger;
+
+        var dataDir = Path.Combine(
+            Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),
+            "{{APP_NAME_PASCAL}}");
+
+        Directory.CreateDirectory(dataDir);
+        _filePath = Path.Combine(dataDir, "tenant-mapping.json");
+
+        _cache = Load();
+        _logger.LogInformation("Tenant mapping loaded from {Path} ({Count} entries)", _filePath, _cache.Count);
+    }
+
+    public void Set(string localTenantId, string jtlTenantId, string? tenantSlug = null)
+    {
+        _cache[localTenantId] = new TenantEntry(jtlTenantId, tenantSlug);
+        Save();
+    }
+
+    public TenantEntry? Get(string localTenantId) =>
+        _cache.TryGetValue(localTenantId, out var entry) ? entry : null;
+
+    public IReadOnlyDictionary<string, TenantEntry> GetAll() => _cache;
+
+    /// <summary>Looks up local tenant ID by JTL Platform tenant ID.</summary>
+    public (string LocalTenantId, TenantEntry Entry)? FindByJtlTenantId(string jtlTenantId)
+    {
+        var match = _cache.FirstOrDefault(kv => kv.Value.JtlTenantId == jtlTenantId);
+        return match.Key is null ? null : (match.Key, match.Value);
+    }
+
+    private ConcurrentDictionary<string, TenantEntry> Load()
+    {
+        try
+        {
+            if (!File.Exists(_filePath))
+                return new ConcurrentDictionary<string, TenantEntry>();
+
+            var json = File.ReadAllText(_filePath);
+            var data = JsonSerializer.Deserialize<Dictionary<string, TenantEntry>>(json);
+            return data is null
+                ? new ConcurrentDictionary<string, TenantEntry>()
+                : new ConcurrentDictionary<string, TenantEntry>(data);
+        }
+        catch (Exception ex)
+        {
+            _logger.LogWarning(ex, "Could not load tenant mapping from {Path}, starting fresh", _filePath);
+            return new ConcurrentDictionary<string, TenantEntry>();
+        }
+    }
+
+    private void Save()
+    {
+        try
+        {
+            var json = JsonSerializer.Serialize(_cache, new JsonSerializerOptions { WriteIndented = true });
+            File.WriteAllText(_filePath, json);
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "Could not persist tenant mapping to {Path}", _filePath);
+        }
+    }
+}
+
+public record TenantEntry(string JtlTenantId, string? TenantSlug);

package/HelloWorldApp.Api/appsettings.Development.json

@@ -0,0 +1,8 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Debug",
+      "Microsoft.AspNetCore": "Information"
+    }
+  }
+}

package/HelloWorldApp.Api/appsettings.Local.json.example

@@ -0,0 +1,7 @@
+{
+  "JtlPlatform": {
+    "Environment": "prod",
+    "ClientId": "YOUR_CLIENT_ID",
+    "ClientSecret": "YOUR_CLIENT_SECRET"
+  }
+}

package/HelloWorldApp.Api/appsettings.json

@@ -0,0 +1,18 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  },
+  "AllowedHosts": "*",
+  "JtlPlatform": {
+    // "prod" | "dev" | "beta" | "qa"
+    // Translates to the API host suffix: prod → no suffix, others → .<env>
+    "Environment": "prod",
+    // Set these in appsettings.Local.json or via environment variables:
+    //   JtlPlatform__ClientId and JtlPlatform__ClientSecret
+    "ClientId": "",
+    "ClientSecret": ""
+  }
+}

package/package.json

@@ -0,0 +1,6 @@
+{
+  "name": "@jtl-software/cloud-app-template-backend-dotnet",
+  "version": "0.0.1",
+  "publishConfig": { "access": "public" },
+  "description": ".NET (ASP.NET Core + FastEndpoints) backend template for JTL Platform cloud apps"
+}