feat: Implement order placement functionality with validation and event handling

- Added OrderEvents.cs to define events related to order placement and payment simulation.
- Created OrderHandlers.cs to handle the PlaceOrder command, including validation and event streaming.
- Introduced logging for order-related actions in Log.Orders.cs.
- Developed OrderSummaryProjection.cs to project order summaries from events.
- Defined IOrdersClient.cs for API interactions related to orders.
- Created OrderModels.cs to define data transfer objects for orders.
- Implemented Orders.razor for displaying user orders in the UI.
- Developed CheckoutDialog.razor for handling the checkout process.
- Added unit tests for order handling and aggregate behavior in OrderHandlerTests.cs and OrderAggregateTests.cs.
- Created integration tests for order placement and retrieval in OrderTests.cs.

Author: aalmada

src/BookStore.ApiService/Aggregates/OrderAggregate.cs

@@ -0,0 +1,34 @@
+using BookStore.ApiService.Events;
+
+namespace BookStore.ApiService.Aggregates;
+
+public class OrderAggregate
+{
+    public Guid Id { get; private set; }
+    public string TenantId { get; private set; } = string.Empty;
+    public Guid? UserId { get; private set; }
+    public string CustomerEmail { get; private set; } = string.Empty;
+    public List<OrderItemData> Items { get; private set; } = [];
+    public DeliveryAddressData DeliveryAddress { get; private set; } = new(string.Empty, string.Empty, string.Empty, string.Empty, string.Empty);
+    public PaymentInfoData PaymentInfo { get; private set; } = new(string.Empty, string.Empty, 0, 0);
+    public decimal TotalAmount { get; private set; }
+    public string Status { get; private set; } = string.Empty;
+    public DateTimeOffset PlacedAt { get; private set; }
+    public long Version { get; private set; }
+
+    void Apply(OrderPlaced @event)
+    {
+        Id = @event.OrderId;
+        TenantId = @event.TenantId;
+        UserId = @event.UserId;
+        CustomerEmail = @event.CustomerEmail;
+        Items = @event.Items;
+        DeliveryAddress = @event.DeliveryAddress;
+        PaymentInfo = @event.PaymentInfo;
+        TotalAmount = @event.TotalAmount;
+        PlacedAt = @event.PlacedAt;
+        Status = "Placed";
+    }
+
+    void Apply(PaymentSimulated _) => Status = "PaymentSimulated";
+}

src/BookStore.ApiService/Commands/Orders/OrderCommands.cs

@@ -0,0 +1,11 @@
+using BookStore.ApiService.Events;
+
+namespace BookStore.ApiService.Commands;
+
+public record PlaceOrder(
+    Guid OrderId,
+    Guid? UserId,
+    string CustomerEmail,
+    List<OrderItemData> Items,
+    DeliveryAddressData DeliveryAddress,
+    PaymentInfoData PaymentInfo);

src/BookStore.ApiService/Endpoints/OrderEndpoints.cs

@@ -0,0 +1,159 @@
+using BookStore.ApiService.Commands;
+using BookStore.ApiService.Events;
+using BookStore.ApiService.Infrastructure;
+using BookStore.ApiService.Infrastructure.Extensions;
+using BookStore.ApiService.Infrastructure.Tenant;
+using BookStore.ApiService.Projections;
+using BookStore.Shared.Infrastructure;
+using BookStore.Shared.Models;
+using Marten;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Caching.Hybrid;
+using Wolverine;
+
+namespace BookStore.ApiService.Endpoints;
+
+public static class OrderEndpoints
+{
+    public static void MapOrderEndpoints(this IEndpointRouteBuilder endpoints)
+    {
+        var group = endpoints.MapGroup("/api/orders")
+            .WithTags("Orders")
+            .WithMetadata(new AllowAnonymousTenantAttribute());
+
+        // safe: checkout must allow anonymous shoppers to place an order with explicit email provided in the request body.
+        _ = group.MapPost("/", PlaceOrder)
+            .WithName("PlaceOrder")
+            .AllowAnonymous();
+
+        _ = group.MapGet("/", GetOrders)
+            .WithName("GetOrders")
+            .RequireAuthorization();
+    }
+
+    static async Task<IResult> PlaceOrder(
+        [FromBody] PlaceOrderRequest request,
+        [FromServices] IMessageBus bus,
+        [FromServices] ITenantContext tenantContext,
+        HttpContext context,
+        CancellationToken cancellationToken)
+    {
+        var userId = context.User.GetUserId();
+        var isAuthenticated = userId != Guid.Empty;
+
+        var customerEmail = isAuthenticated
+            ? context.User.GetEmail() ?? request.CustomerEmail
+            : request.CustomerEmail;
+
+        if (string.IsNullOrWhiteSpace(customerEmail))
+        {
+            return Result.Failure(Error.Validation(ErrorCodes.Orders.EmailRequired, "Customer email is required")).ToProblemDetails();
+        }
+
+        if (!customerEmail.Contains('@', StringComparison.Ordinal))
+        {
+            return Result.Failure(Error.Validation(ErrorCodes.Orders.InvalidEmail, "Customer email is invalid")).ToProblemDetails();
+        }
+
+        var cardNumberLast4 = ExtractCardLast4(request.PaymentInfo.CardNumberLast4);
+        if (cardNumberLast4 is null)
+        {
+            return Result.Failure(Error.Validation(ErrorCodes.Orders.InvalidPayment, "Card number must contain at least four digits")).ToProblemDetails();
+        }
+
+        var command = new BookStore.ApiService.Commands.PlaceOrder(
+            Guid.CreateVersion7(),
+            isAuthenticated ? userId : null,
+            customerEmail,
+            [.. request.Items.Select(item => new OrderItemData(item.BookId, item.Title, item.Quantity, item.UnitPrice))],
+            new DeliveryAddressData(
+                request.DeliveryAddress.FullName,
+                request.DeliveryAddress.Street,
+                request.DeliveryAddress.City,
+                request.DeliveryAddress.PostalCode,
+                request.DeliveryAddress.Country),
+            new PaymentInfoData(
+                request.PaymentInfo.CardHolderName,
+                cardNumberLast4,
+                request.PaymentInfo.ExpiryMonth,
+                request.PaymentInfo.ExpiryYear));
+
+        return await bus.InvokeAsync<IResult>(
+            command,
+            new DeliveryOptions { TenantId = tenantContext.TenantId },
+            cancellationToken);
+    }
+
+    static async Task<IResult> GetOrders(
+        [FromServices] IQuerySession session,
+        [FromServices] HybridCache cache,
+        HttpContext context,
+        CancellationToken cancellationToken)
+    {
+        var userId = context.User.GetUserId();
+        if (userId == Guid.Empty)
+        {
+            return Result.Failure(Error.Unauthorized(ErrorCodes.Auth.InvalidToken, "User not authenticated.")).ToProblemDetails();
+        }
+
+        var tenantId = session.TenantId;
+        var cacheKey = $"orders:{tenantId}:{userId}";
+
+        var response = await cache.GetOrCreateAsync(
+            cacheKey,
+            async ct =>
+            {
+                var projections = await session.Query<OrderSummaryProjection>()
+                    .Where(order => order.UserId == userId)
+                    .OrderByDescending(order => order.PlacedAt)
+                    .ToListAsync(ct);
+
+                return (IReadOnlyList<OrderSummaryDto>)[.. projections.Select(MapToSummaryDto)];
+            },
+            options: new HybridCacheEntryOptions
+            {
+                Expiration = TimeSpan.FromMinutes(2),
+                LocalCacheExpiration = TimeSpan.FromMinutes(1)
+            },
+            tags: [CacheTags.OrderList],
+            cancellationToken: cancellationToken);
+
+        return TypedResults.Ok(response);
+    }
+
+    static string? ExtractCardLast4(string cardNumber)
+    {
+        if (string.IsNullOrWhiteSpace(cardNumber))
+        {
+            return null;
+        }
+
+        var digits = new string([.. cardNumber.Where(char.IsDigit)]);
+        if (digits.Length < 4)
+        {
+            return null;
+        }
+
+        return digits[^4..];
+    }
+
+    static OrderSummaryDto MapToSummaryDto(OrderSummaryProjection projection)
+        => new(
+            projection.Id,
+            projection.CustomerEmail,
+            [.. projection.Items.Select(item => new OrderItemDto(item.BookId, item.Title, item.Quantity, item.UnitPrice))],
+            new DeliveryAddressDto(
+                projection.DeliveryAddress.FullName,
+                projection.DeliveryAddress.Street,
+                projection.DeliveryAddress.City,
+                projection.DeliveryAddress.PostalCode,
+                projection.DeliveryAddress.Country),
+            new PaymentInfoDto(
+                projection.PaymentInfo.CardHolderName,
+                projection.PaymentInfo.CardNumberLast4,
+                projection.PaymentInfo.ExpiryMonth,
+                projection.PaymentInfo.ExpiryYear),
+            projection.TotalAmount,
+            projection.Status,
+            projection.PlacedAt);
+}

src/BookStore.ApiService/Events/OrderEvents.cs

@@ -0,0 +1,35 @@
+namespace BookStore.ApiService.Events;
+
+public record DeliveryAddressData(
+    string FullName,
+    string Street,
+    string City,
+    string PostalCode,
+    string Country);
+
+public record PaymentInfoData(
+    string CardHolderName,
+    string CardNumberLast4,
+    int ExpiryMonth,
+    int ExpiryYear);
+
+public record OrderItemData(
+    Guid BookId,
+    string Title,
+    int Quantity,
+    decimal UnitPrice);
+
+public record OrderPlaced(
+    Guid OrderId,
+    string TenantId,
+    Guid? UserId,
+    string CustomerEmail,
+    List<OrderItemData> Items,
+    DeliveryAddressData DeliveryAddress,
+    PaymentInfoData PaymentInfo,
+    decimal TotalAmount,
+    DateTimeOffset PlacedAt);
+
+public record PaymentSimulated(
+    Guid OrderId,
+    DateTimeOffset SimulatedAt);

src/BookStore.ApiService/Handlers/Orders/OrderHandlers.cs

@@ -0,0 +1,152 @@
+using BookStore.ApiService.Aggregates;
+using BookStore.ApiService.Commands;
+using BookStore.ApiService.Events;
+using BookStore.ApiService.Infrastructure;
+using BookStore.ApiService.Infrastructure.Extensions;
+using BookStore.ApiService.Infrastructure.Logging;
+using BookStore.ApiService.Projections;
+using BookStore.Shared.Messages.Events;
+using BookStore.Shared.Models;
+using Marten;
+using Microsoft.Extensions.Caching.Hybrid;
+
+namespace BookStore.ApiService.Handlers.Orders;
+
+public static partial class OrderHandlers
+{
+    public static async Task<IResult> Handle(
+        PlaceOrder command,
+        IDocumentSession session,
+        HybridCache cache,
+        ILogger logger,
+        CancellationToken cancellationToken)
+    {
+        var validationResult = Validate(command);
+        if (validationResult.IsFailure)
+        {
+            Log.Orders.OrderValidationFailed(logger, command.OrderId, validationResult.Error.Code);
+            return validationResult.ToProblemDetails();
+        }
+
+        var placedAt = DateTimeOffset.UtcNow;
+        var simulatedAt = DateTimeOffset.UtcNow;
+        var totalAmount = command.Items.Sum(item => item.Quantity * item.UnitPrice);
+
+        var orderPlaced = new OrderPlaced(
+            command.OrderId,
+            session.TenantId,
+            command.UserId,
+            command.CustomerEmail,
+            command.Items,
+            command.DeliveryAddress,
+            command.PaymentInfo,
+            totalAmount,
+            placedAt);
+
+        var paymentSimulated = new PaymentSimulated(command.OrderId, simulatedAt);
+
+        _ = session.Events.StartStream<OrderAggregate>(command.OrderId, orderPlaced, paymentSimulated);
+
+        if (command.UserId is Guid userId)
+        {
+            var userProfile = await session.Events.AggregateStreamAsync<UserProfile>(userId, token: cancellationToken);
+            if (userProfile is not null && userProfile.ShoppingCartItems.Count > 0)
+            {
+                _ = session.Events.Append(userId, new ShoppingCartCleared());
+            }
+        }
+
+        await cache.RemoveByTagAsync([CacheTags.OrderList], cancellationToken);
+
+        Log.Orders.OrderPlaced(logger, command.OrderId, command.CustomerEmail);
+
+        var summary = MapToSummaryDto(command, totalAmount, placedAt, "PaymentSimulated");
+        return TypedResults.Created($"/api/orders/{command.OrderId}", summary);
+    }
+
+    static Result Validate(PlaceOrder command)
+    {
+        if (command.Items.Count == 0)
+        {
+            return Result.Failure(Error.Validation(ErrorCodes.Orders.EmptyItems, "Order must contain at least one item"));
+        }
+
+        if (string.IsNullOrWhiteSpace(command.CustomerEmail))
+        {
+            return Result.Failure(Error.Validation(ErrorCodes.Orders.EmailRequired, "Customer email is required"));
+        }
+
+        if (!command.CustomerEmail.Contains('@', StringComparison.Ordinal))
+        {
+            return Result.Failure(Error.Validation(ErrorCodes.Orders.InvalidEmail, "Customer email is invalid"));
+        }
+
+        if (command.Items.Any(item => item.Quantity <= 0))
+        {
+            return Result.Failure(Error.Validation(ErrorCodes.Orders.InvalidQuantity, "Order item quantity must be greater than zero"));
+        }
+
+        if (command.Items.Any(item => item.UnitPrice <= 0))
+        {
+            return Result.Failure(Error.Validation(ErrorCodes.Orders.InvalidUnitPrice, "Order item unit price must be greater than zero"));
+        }
+
+        if (!IsValidAddress(command.DeliveryAddress))
+        {
+            return Result.Failure(Error.Validation(ErrorCodes.Orders.InvalidAddress, "Delivery address is invalid"));
+        }
+
+        if (!IsValidPayment(command.PaymentInfo))
+        {
+            return Result.Failure(Error.Validation(ErrorCodes.Orders.InvalidPayment, "Payment information is invalid"));
+        }
+
+        return Result.Success();
+    }
+
+    static bool IsValidAddress(DeliveryAddressData address)
+        => !string.IsNullOrWhiteSpace(address.FullName)
+           && !string.IsNullOrWhiteSpace(address.Street)
+           && !string.IsNullOrWhiteSpace(address.City)
+           && !string.IsNullOrWhiteSpace(address.PostalCode)
+           && !string.IsNullOrWhiteSpace(address.Country);
+
+    static bool IsValidPayment(PaymentInfoData payment)
+    {
+        if (string.IsNullOrWhiteSpace(payment.CardHolderName))
+        {
+            return false;
+        }
+
+        if (payment.CardNumberLast4.Length != 4)
+        {
+            return false;
+        }
+
+        return payment.CardNumberLast4.All(char.IsDigit);
+    }
+
+    static OrderSummaryDto MapToSummaryDto(
+        PlaceOrder command,
+        decimal totalAmount,
+        DateTimeOffset placedAt,
+        string status)
+        => new(
+            command.OrderId,
+            command.CustomerEmail,
+            [.. command.Items.Select(item => new OrderItemDto(item.BookId, item.Title, item.Quantity, item.UnitPrice))],
+            new DeliveryAddressDto(
+                command.DeliveryAddress.FullName,
+                command.DeliveryAddress.Street,
+                command.DeliveryAddress.City,
+                command.DeliveryAddress.PostalCode,
+                command.DeliveryAddress.Country),
+            new PaymentInfoDto(
+                command.PaymentInfo.CardHolderName,
+                command.PaymentInfo.CardNumberLast4,
+                command.PaymentInfo.ExpiryMonth,
+                command.PaymentInfo.ExpiryYear),
+            totalAmount,
+            status,
+            placedAt);
+}