ClinicFlow is built on a clean-architecture layering model where the Domain and Application layers define contracts (interfaces) but contain no concrete infrastructure code. Sending emails, hashing passwords, verifying phone numbers, and enforcing regional scheduling rules are all responsibilities that must be fulfilled by the host application (or a dedicated Infrastructure project) through concrete implementations registered in the dependency injection container. Seven interfaces must be implemented in total: four in the Application layer and three in the Domain layer.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/0Crazy-0/ClinicFlow/llms.txt
Use this file to discover all available pages before exploring further.
All seven interfaces described on this page define the contract only. No default implementations are shipped with ClinicFlow’s Domain or Application assemblies. Your host project is responsible for providing implementations and registering them with the DI container before calling
AddApplicationServices().Interface Reference
The table below summarises all required service interfaces, their namespaces, and their purpose:| Interface | Namespace | Purpose |
|---|---|---|
IEmailService | ClinicFlow.Application.Interfaces | Send password-reset emails with a verification token |
IPasswordResetTokenService | ClinicFlow.Application.Interfaces | Generate and validate secure, short-lived password-reset tokens |
IRefreshTokenService | ClinicFlow.Application.Interfaces | Revoke all active refresh tokens for a user |
ICurrentUserService | ClinicFlow.Application.Interfaces | Expose the current authenticated user’s identity to application handlers |
IPasswordHasherService | ClinicFlow.Domain.Interfaces.Services | Hash plain-text passwords and verify hash matches |
IPhoneVerificationService | ClinicFlow.Domain.Interfaces.Services | Send SMS verification codes and validate responses |
IRegionalSchedulingService | ClinicFlow.Domain.Interfaces.Services | Enforce locale-specific regulations during appointment scheduling |
IEmailService
Defined inClinicFlow.Application.Interfaces, this interface is invoked by the password-reset workflow to deliver a reset link or token to the patient or user’s email address.
resetTokenis the raw token string returned byIPasswordResetTokenService.GenerateTokenAsync. You may embed it in a URL query parameter or present it as an OTP depending on your UX.- Use any transactional email provider (SendGrid, Mailgun, AWS SES, etc.) in your implementation.
IPasswordResetTokenService
Defined inClinicFlow.Application.Interfaces, this service manages the lifecycle of password-reset tokens: generation at request time and validation when the user submits the reset form.
- Tokens should be short-lived (15–60 minutes is typical).
- Store tokens in a cache (Redis, in-memory) or database table with an expiry column.
ValidateTokenAsyncreturningnullsignals an expired or tampered token; the calling handler will surface an appropriate error.
IRefreshTokenService
Defined inClinicFlow.Application.Interfaces, this interface is called whenever a user changes their password or the system needs to invalidate all active sessions for a user (e.g., after a security event).
- The implementation should mark all refresh tokens associated with
userIdas revoked in whatever store you use (database table, Redis set, etc.). - After revocation, any request using an old refresh token must be rejected by your token middleware.
ICurrentUserService
Defined inClinicFlow.Application.Interfaces, this service is consumed by application-layer command and query handlers that need to know who is performing the operation — for authorization checks, audit trails, and scoped queries.
- In an ASP.NET Core host, implement this by reading from
IHttpContextAccessorand parsing the JWT claims. - Register as
Scopedso each HTTP request receives its own instance. IsAuthenticatedshould returnfalsefor anonymous/unauthenticated contexts rather than throwing; handlers decide how to react.
IPasswordHasherService
Defined inClinicFlow.Domain.Interfaces.Services, this interface lives in the Domain layer because password-hashing is a core security concern used directly by domain entities during registration and credential verification.
- Use a modern adaptive hashing algorithm such as BCrypt, Argon2, or ASP.NET Core’s built-in
IPasswordHasher<T>(which uses PBKDF2). - Never implement this with MD5, SHA-1, or unsalted SHA-256.
IPhoneVerificationService
Defined inClinicFlow.Domain.Interfaces.Services, this service sends a one-time verification code to a PhoneNumber value object and later validates the code supplied by the user.
- Use an SMS gateway such as Twilio Verify, AWS SNS, or similar.
PhoneNumberis a domain value object that wraps a validated, normalized phone string.VerifyCodeAsyncreturnstrueon a valid code andfalseon an expired or incorrect one; the domain entity that calls it will throwDomainErrors.User.InvalidVerificationCodeonfalse.
IRegionalSchedulingService
Defined inClinicFlow.Domain.Interfaces.Services, this is the most domain-significant integration point. It is invoked during appointment scheduling to enforce local legal or operational regulations that vary by region, specialty, or appointment type.
SchedulingClearance value object. If the scheduling attempt violates a regulation, the implementation should either return a clearance that signals the violation or throw a DomainException — the exact contract is determined by the SchedulingClearance value object’s design.
Implementation notes:
- The default no-op implementation (for clinics with no regional restrictions) should return an approved
SchedulingClearanceunconditionally. - Complex implementations might consult a rules engine, a configuration store, or an external regulatory API.
- Register as
SingletonorScopeddepending on whether the implementation holds mutable state.
Registering Implementations
In your host or Infrastructure project, register all seven implementations before callingAddApplicationServices():