Sprint 13.2: Implement YARP API Gateway, migrate geoblocking, and cleanup ApiService

.github/actions/setup-backend/action.yml

@@ -28,7 +28,7 @@ runs:
 
     - name: Restore dependencies
       shell: bash
-      run: dotnet restore ${{ inputs.solution-path }}
+      run: dotnet restore ${{ inputs.solution-path }} --force-evaluate
 
     - name: Install Tools
       shell: bash

.github/workflows/ci-backend.yml

@@ -6,6 +6,7 @@ on:
     paths:
       - 'src/Modules/**'
       - 'src/Bootstrapper/**'
+      - 'src/Aspire/**'
       - 'src/Shared/**'
       - 'src/Contracts/**'
       - 'tests/**'
@@ -20,6 +21,7 @@ on:
     paths:
       - 'src/Modules/**'
       - 'src/Bootstrapper/**'
+      - 'src/Aspire/**'
       - 'src/Shared/**'
       - 'src/Contracts/**'
       - 'tests/**'
@@ -181,6 +183,7 @@ jobs:
             "src/Modules/Bookings/Tests/MeAjudaAi.Modules.Bookings.Tests.csproj"
             "tests/MeAjudaAi.Shared.Tests/MeAjudaAi.Shared.Tests.csproj"
             "tests/MeAjudaAi.ApiService.Tests/MeAjudaAi.ApiService.Tests.csproj"
+            "tests/MeAjudaAi.Gateway.Tests/MeAjudaAi.Gateway.Tests.csproj"
             "tests/MeAjudaAi.Architecture.Tests/MeAjudaAi.Architecture.Tests.csproj"
           )
 

Directory.Packages.props

@@ -15,6 +15,7 @@
     <PackageVersion Include="HtmlSanitizer" Version="9.0.892" />
     <PackageVersion Include="Microsoft.Extensions.Http" Version="10.0.7" />
     <!-- .NET & Microsoft Core -->
+    <PackageVersion Include="Microsoft.Extensions.Http.Polly" Version="10.0.7" />
     <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="18.4.0" />
     <PackageVersion Include="Microsoft.CSharp" Version="4.7.0" />
     <!-- Pacotes Microsoft.Build - atualizados para 18.0.2 (CVE-2025-55247 resolvido) -->
@@ -177,7 +178,6 @@
     <PackageVersion Include="Fluxor.Blazor.Web.ReduxDevTools" Version="6.9.0" />
     <PackageVersion Include="Refit" Version="10.1.6" />
     <PackageVersion Include="Refit.HttpClientFactory" Version="10.1.6" />
-    <!-- Testes Blazor -->
-    <PackageVersion Include="bUnit" Version="2.6.2" />
+    <PackageVersion Include="Yarp.ReverseProxy" Version="2.3.0" />
   </ItemGroup>
 </Project>

MeAjudaAi.slnx

@@ -15,6 +15,7 @@
   </Folder>
   <Folder Name="/src/Bootstrapper/">
     <Project Path="src/Bootstrapper/MeAjudaAi.ApiService/MeAjudaAi.ApiService.csproj" />
+    <Project Path="src/Bootstrapper/MeAjudaAi.Gateway/MeAjudaAi.Gateway.csproj" />
   </Folder>
   <Folder Name="/src/Client/">
     <Project Path="src/Client/MeAjudaAi.Client.Contracts/MeAjudaAi.Client.Contracts.csproj" />
@@ -192,6 +193,7 @@
     <Project Path="tests/MeAjudaAi.ApiService.Tests/MeAjudaAi.ApiService.Tests.csproj" />
     <Project Path="tests/MeAjudaAi.Architecture.Tests/MeAjudaAi.Architecture.Tests.csproj" />
     <Project Path="tests/MeAjudaAi.E2E.Tests/MeAjudaAi.E2E.Tests.csproj" />
+    <Project Path="tests/MeAjudaAi.Gateway.Tests/MeAjudaAi.Gateway.Tests.csproj" />
     <Project Path="tests/MeAjudaAi.Integration.Tests/MeAjudaAi.Integration.Tests.csproj" />
     <Project Path="tests/MeAjudaAi.Shared.Tests/MeAjudaAi.Shared.Tests.csproj" />
   </Folder>

docs/roadmap.md

@@ -22,6 +22,14 @@ Este é o planejamento estratégico unificado da plataforma MeAjudaAi.
 *   **API Client Collections**: Adição de endpoints SSE para streaming de eventos (`/bookings/{id}/events`, `/providers/{id}/verification-events`), correções de paths em AllowedCitiesAdmin, padronização de variáveis (`{{bookingId}}`), remoção de tools/api-collections e referências a Postman nos docs.
 *   **Código e Testes**: Extração de constantes de mensagens SSE em BookingRealtimeEventsHandler, pré-compilação de Regex em BusinessMetricsMiddleware, expansão de casos de teste para headers de localização malformados.
 
+## 🚀 Sprint 13.2: Edge Infrastructure & API Gateway (Planejado)
+
+*   **Implementação do YARP Gateway**: Criação do projeto `MeAjudaAi.Gateway` como ponto único de entrada para todos os frontends (Admin, Mobile, Web).
+*   **BFF (Backend for Frontend)**: Configuração de rotas segregadas e políticas de CORS/Rate Limiting específicas para cada perfil de acesso.
+*   **Security Hardening**: Centralização de validação de tokens JWT/Keycloak e sanitização de headers globais no Gateway.
+*   **Service Discovery**: Integração com .NET Aspire para roteamento dinâmico para o ApiService.
+*   **Resiliência**: Configuração de retentativas (Retries) e Circuit Breaker para endpoints críticos de integração.
+
 ---
 
 ## 🔮 Roadmaps Futuros (MVP Launch & Além)

src/Aspire/MeAjudaAi.AppHost/MeAjudaAi.AppHost.csproj

@@ -35,6 +35,7 @@
     <ProjectReference Include="..\..\Modules\SearchProviders\Infrastructure\MeAjudaAi.Modules.SearchProviders.Infrastructure.csproj" IsAspireProjectResource="false" />
     <ProjectReference Include="..\..\Modules\ServiceCatalogs\Infrastructure\MeAjudaAi.Modules.ServiceCatalogs.Infrastructure.csproj" IsAspireProjectResource="false" />
     <ProjectReference Include="..\..\Modules\Users\Infrastructure\MeAjudaAi.Modules.Users.Infrastructure.csproj" IsAspireProjectResource="false" />
+    <ProjectReference Include="..\..\Bootstrapper\MeAjudaAi.Gateway\MeAjudaAi.Gateway.csproj" />
   </ItemGroup>
 
 </Project>

src/Aspire/MeAjudaAi.AppHost/Program.cs

@@ -210,6 +210,11 @@ void AddSocialProviderEnv(string providerName, string clientIdKey, string client
             .WaitFor(keycloakBootstrap)
             .WithEnvironment("ASPNETCORE_ENVIRONMENT", EnvironmentHelpers.GetEnvironmentName(builder));
 
+        var gateway = builder.AddProject<Projects.MeAjudaAi_Gateway>("gateway")
+            .WithReference(apiService)
+            .WithExternalHttpEndpoints()
+            .WaitFor(apiService);
+
         // Admin Portal (Next.js 15 React)
         var adminWebPath = Path.Combine(builder.AppHostDirectory, "..", "..", "..", "src", "Web", "MeAjudaAi.Web.Admin");
         if (!Directory.Exists(adminWebPath))
@@ -220,8 +225,8 @@ void AddSocialProviderEnv(string providerName, string clientIdKey, string client
         var adminPortal = builder.AddJavaScriptApp("admin-portal", adminWebPath)
             .WithHttpEndpoint(port: 3002, env: "PORT")
             .WithExternalHttpEndpoints()
-            .WithEnvironment("NEXT_PUBLIC_API_URL", apiService.GetEndpoint("http"))
-            .WaitFor(apiService)
+            .WithEnvironment("NEXT_PUBLIC_API_URL", gateway.GetEndpoint("http"))
+            .WaitFor(gateway)
             .WaitFor(keycloak.Keycloak)
             .WaitFor(keycloakBootstrap);
 
@@ -235,8 +240,8 @@ void AddSocialProviderEnv(string providerName, string clientIdKey, string client
         var customerWeb = builder.AddJavaScriptApp("customer-web", customerWebPath)
             .WithHttpEndpoint(port: 3000, env: "PORT")
             .WithExternalHttpEndpoints()
-            .WithEnvironment("NEXT_PUBLIC_API_URL", apiService.GetEndpoint("http"))
-            .WaitFor(apiService)
+            .WithEnvironment("NEXT_PUBLIC_API_URL", gateway.GetEndpoint("http"))
+            .WaitFor(gateway)
             .WaitFor(keycloakBootstrap);
             // Nota: AddJavaScriptApp usa "dev" script por padrão em desenvolvimento
             // e "build" script em produção. Ver package.json para scripts configurados.
@@ -251,8 +256,8 @@ void AddSocialProviderEnv(string providerName, string clientIdKey, string client
         var providerWeb = builder.AddJavaScriptApp("provider-web", providerWebPath)
             .WithHttpEndpoint(port: 3001, env: "PORT")
             .WithExternalHttpEndpoints()
-            .WithEnvironment("NEXT_PUBLIC_API_URL", apiService.GetEndpoint("http"))
-            .WaitFor(apiService)
+            .WithEnvironment("NEXT_PUBLIC_API_URL", gateway.GetEndpoint("http"))
+            .WaitFor(gateway)
             .WaitFor(keycloakBootstrap);
 
         // Pass resolved endpoints to Keycloak options for bootstrap
@@ -275,7 +280,7 @@ private static void ConfigureProductionEnvironment(IDistributedApplicationBuilde
 
         var keycloak = builder.AddMeAjudaAiKeycloakProduction();
 
-        builder.AddProject<Projects.MeAjudaAi_ApiService>("apiservice")
+        var apiService = builder.AddProject<Projects.MeAjudaAi_ApiService>("apiservice")
             .WithReference(postgresql.MainDatabase, "DefaultConnection")
             .WithReference(redis)
             .WaitFor(postgresql.MainDatabase)
@@ -286,5 +291,10 @@ private static void ConfigureProductionEnvironment(IDistributedApplicationBuilde
             .WaitFor(keycloak.Keycloak)
             .WaitFor(keycloakBootstrap)
             .WithEnvironment("ASPNETCORE_ENVIRONMENT", EnvironmentHelpers.GetEnvironmentName(builder));
+
+        var gateway = builder.AddProject<Projects.MeAjudaAi_Gateway>("gateway")
+            .WithReference(apiService)
+            .WithExternalHttpEndpoints()
+            .WaitFor(apiService);
     }
 }

src/Aspire/MeAjudaAi.AppHost/appsettings.json

@@ -14,8 +14,5 @@
         "EndpointUrls": "https://localhost:15889"
       }
     }
-  },
-  "FeatureManagement": {
-    "GeographicRestriction": false
   }
 }

src/Bootstrapper/MeAjudaAi.ApiService/Endpoints/ProviderRegistrationEndpoints.cs

@@ -33,8 +33,7 @@ public static IEndpointRouteBuilder MapProviderRegistrationEndpoints(this IEndpo
                 "e a entidade Provider com Tier=Standard. Endpoint público, sem autenticação.")
             .Produces<Response<ProviderDto>>(StatusCodes.Status201Created)
             .Produces(StatusCodes.Status400BadRequest)
-            .AllowAnonymous()
-            .RequireRateLimiting(RateLimitPolicies.ProviderRegistration);
+            .AllowAnonymous();
 
         return endpoints;
     }

src/Bootstrapper/MeAjudaAi.ApiService/Extensions/MiddlewareExtensions.cs

@@ -11,9 +11,6 @@ public static IApplicationBuilder UseApiMiddlewares(this IApplicationBuilder app
         // Cabeçalhos de segurança (no início do pipeline)
         app.UseMiddleware<SecurityHeadersMiddleware>();
 
-        // Limitação de taxa (rate limiting)
-        app.UseMiddleware<RateLimitingMiddleware>();
-
         return app;
     }
 }