0

In my Application project I have INestedRequestObjectEncryptor interface, which is frequently used (in all endpoints), because it's used to decrypt requests and encrypt responses. Where should I put implementation of this interface in Clean Architecture? I think not in Infrastructure, because it's for data access. Also not in Core, because implementation needs to use external NuGet package, and Application layer should contain only Interfaces for other layers, as I read here: https://medium.com/dotnet-hub/clean-architecture-with-dotnet-and-dotnet-core-aspnetcore-overview-introduction-getting-started-ec922e53bb97. So where is the place for implementations like this?

Szyszka947
  • 473
  • 2
  • 5
  • 21
  • 1
    Do you use `INestedRequestObjectEncryptor` in `Web/API` only? If so, place it there – Alex Buyny Aug 19 '22 at 08:18
  • Yes, I should use it only for decrypt requests and encrypt responses. But (for better context) I'm writing something like OpenID Connect provider, so app core is based on endpoints like authorize or token. That's why I'm confused. – Szyszka947 Aug 19 '22 at 08:26
  • 1
    I'd start with putting it in the `Web` still, if nothing else needs to know about it. Later on if something else needs it, you can move it. – Alex Buyny Aug 19 '22 at 09:01

1 Answers1

1

Here is a mental model to consider while getting to the solution:
If I am asked to change the application to have a Command Line Interface, will it cause the application/domain logic to change?

In your case, INestedRequestObjectEncryptor is limited to drive request/response (HTTP interface) only. Even if it is accessing the data (which should be immutable and should be driven by domain logic), the purpose of this interface will strictly be limited to Web/API.

You can think of layering as follows:

  • Domain handles/provides User
  • Application makes use of the domain entity and provides business logic per use case for that User
    (e.g. Consider Twitter, business logic can provide the capacity to create tweets, persist, and so on, while invariant violations for a tweet are handled by the domain while being created)
  • Interface like Web/API are used to make the logic available to users. So they can use read entities, ask to change/update entities and provide the result to the end user(client).

As I see this, even if INestedRequestObjectEncryptor is accessing the data, it is limited to enabling the Web/API to work. It is not business logic.

Obviously, I have little to no understanding of what your actual application is, I am only hoping to provide a mental model of thinking about interactions.

advay rajhansa
  • 1,129
  • 9
  • 17