Modular Monolith with DDD

Showing how you can implement the monolith application in a modular way
Presentation of the full implementation of the application. This is not another simple application. This is not another proof of concept (PoC). The assumption is to present the implementation of the application that would be ready to run on production
Showing the application of best practices and object-oriented programming principles
Presentation of the use of design patterns. When, how and why they can be used
Presentation of some architectural considerations, decisions, approaches
Presentation of the implementation using Domain-Driven Design approach (tactical patterns)

1.2 Out of scope

This is list of subjects which are out of scope of this repository:

Business requirements gathering and analysis
System analysis
Domain exploration
Domain distillation
Domain-Driven Design strategic patterns
Architecture evaluation, quality attributes analyzes
Integration, system tests
Project management
Infrastructure
Containerization
Software engineering process, CI/CD
Deployment process
Maintenance
Documentation

1.3 Reason

The reason for creating this repository is the lack of something similar. Most sample applications on GitHub have at least one issue of the following:

it is very, very simple - few entities and use cases implemented
it is not finished (for example there is no authentication, logging, etc..)
it is poor designed (in my opinion)
it is poor implemented (in my opinion)
it is not well described
assumptions and decisions are not clearly explained
it implements "Orders" domain. Yes, everyone knows this domain, but something different is needed
is implemented in old technology
is not maintained

To sum up, there are some very good examples, but there are far too few of them. This repository has the task of filling this gap at some level.

1.4 Disclaimer

Software architecture should always be created to resolve specific business problems. Software architecture always supports some of quality attributes and at the same time does not support others. A lot of other factors influence your software architecture - your team, opinions, preferences, experiences, technical constraints, time, budget etc.

Always functional requirements, quality attributes, technical constraints and other factors should be considered before architectural decision is made.

Because of the above, the architecture and implementation presented in this repository is one of the many ways to solve some problems. Take from this repository as much as you want, use it as you like but remember to always pick the best solution which is appropriate to problem class you have.

1.5 Give a Star

In this project on the first place I focus on its quality. Create good quality involves a lot of analysis, research and work. It takes a lot of time. If you like this project, learned something or you are using it in your applications, please give it a star ⭐. This is the best motivation for me to continue this work. Thanks!

1.6 Share it

As it is written above there are very few really good examples of this type of application. If you think this repository makes a difference and is worth it, please share it with your friends and on social networks. I will be extremely grateful.

2. Domain

2.1 Description

Definition:

Domain - A sphere of knowledge, influence, or activity. The subject area to which the user applies a program is the domain of the software. Domain-Driven Design Reference, Eric Evans

For the purposes of this project, the meeting groups domain, based on the Meetup system, was selected.

Main reasons of selection this domain:

It is common, a lot of people use Meetup site to organize or attend meetings.
There is system for it, so everyone can check how software which supports this domain works
It is not complex so it is easy to understand
It is not trivial, there are some business rules and logic. It does not have only CRUD operations
You don't need much specific domain knowledge as for other domains like financing, banking, medical
It is not big so it is easier to implement

Meetings

Main business entities are Member, Meeting Group and Meeting. Member can create Meeting Group, be part of Meeting Group or can attend the Meeting.

Meeting Group Member can be an Organizer of this group or normal Member.

Only Organizer of Meeting Group can create new Meeting.

Meeting have attendees, not attendees (Members which declare that not attendee Meeting) and Members on Waitlist.

Meeting can have attendees limit. If the limit is reach, Members can only sign up to Waitlist.

Meeting Attendee can bring to Meeting guests. Number of guests is an attribute of Meeting. Bringing guests can be not allowed.

Meeting Attendee can have one of two roles : normal Attendee or Host. Meeting must have at least one Host. Host is special role which can edit Meeting information or change attendees list.

Administration

To create new Meeting Group, Member needs to propose this group. Meeting Group Proposal is sent to Administrators. Administrator can accept or reject Meeting Group Proposal. If Meeting Group Proposal is accepted, Meeting Group is created.

Payments

To be able to organize Meetings, the Meeting Group must be paid for. Meeting Group Organizer who is the Payer, must pay some fee according to payment plan.

Additionally, Meeting organizer can set Event Fee. Each Meeting Attendee of is obliged to pay a fee. All guests should be payed by Meeting Attendee too.

Users

Each Administrator,Member and Payer is an User. To be an User, User Registration is required and confirmed.

Each User has assigned one or more User Role.

Each User Role has set of Permissions. Permission defines whether User can invoke particular action.

2.2 Conceptual Model

Definition:

Conceptual Model - A conceptual model is a representation of a system, made of the composition of concepts which are used to help people know, understand, or simulate a subject the model represents. Wikipedia - Conceptual model

Conceptual Model

2.3 Event Storming

Conceptual Model focuses on structures and relationships between them. What is more important is behavior end events that occurs in our domain.

There are many ways to show behavior and events. One of them is a light technique called Event Storming which is becoming more popular. Below are presented 3 main business processes using this technique : user registration, meeting group creation and meeting organization.

Note: Event Storming is light, live workshop. Here is presented only one of the possible outputs of this workshop. Even you are not doing Event Storming workshops, this type of presentation of process can be very valuable to you and your stakeholders.

User Registration process

Meeting Group creation

Meeting organization

3. Architecture

3.1 High Level View

Modules description:

API - REST API application. Very thin, hosting ASP.NET MVC Core application. Main responsibilities are 1. Take request 1. Authenticate and Authorize request (using User Access module) 2. Delegate work to specific module sending Command or Query 3. Return response
User Access - responsible for users authentication, authorization and registration
Meetings - implements Meetings Bounded Context: creating meeting groups, meetings
Administration - implements Administration Bounded Context: implements administrative tasks like meeting group proposal verification
Payments - implements Payments Bounded Context: implements all functionalities associated with payments
In Memory Events Bus - Publish/Subscribe implementation to asynchronously integrate all modules using events (Event Driven Architecture).

Key assumptions:

API doesn't have any application logic.
API communicates with module using small interface to send Queries and Commands.
Each module has its own interface which is used by API.
Modules communicate each other only asynchronously using Events Bus. Remote Procedure Call is not allowed.
Each Module has own data - in separate schema or database. Shared data is not allowed.
Module doesn't have dependency to other module. Module can have only dependency to integration events assembly of other module (see Module level view).
Each Module has its own Composition Root. Which implies that each Module has its own Inversion Of Control container.
API as a host needs to initialize each module. Each module has initialization method.
Each module is highly encapsulated. Only required types and members are public - rest is internal or private.

3.2 Module Level View

Each Module consists of the following submodules (assemblies):

Application - it is main submodule which is responsible for initialization, processing all requests, internal commands, integration events.
Domain - Domain Model in Domain-Driven Design terms implementation applicable in particular Bounded Context.
Infrastructure - implementation of infrastructural code like EF configuration and mappings.
IntegrationEvents - Integration Events contracts which are published to Events Bus. Only this assembly can be shared between other modules.

Note: Application, Domain and Infrastructure assemblies can be merged to one assembly. Some people like horizontal layering or more decomposition, some don't. Implementing Domain Model or Infrastructure in separate assembly gives opportunity to encapsulate it using internal keyword. Sometimes Bounded Context logic is not worth it because it is too simple. As always, be pragmatic and take approach whatever you like.

3.3 API and Module Communication

API communicates with Module only in two places: during module initialization and request processing.

Module initialization

Each module has static Initialize method which is invoked in API Startup class. All configuration needed by this module should be provided as argument in this method. During initialization all services are configured and Composition Root using Inversion Of Control Container is created.

public static void Initialize(
    string connectionString, 
    IExecutionContextAccessor executionContextAccessor,
    ILogger logger,
    EmailsConfiguration emailsConfiguration)
{
    var moduleLogger = logger.ForContext("Module", "Meetings");

    ConfigureCompositionRoot(connectionString, executionContextAccessor, moduleLogger, emailsConfiguration);

    QuartzStartup.Initialize(moduleLogger);

    EventsBusStartup.Initialize(moduleLogger);
}

Requests processing

Each module has the same signature interface exposed to API. It contains 3 methods: to execute command with result, command without result and query.

public interface IMeetingsModule
{
    Task<TResult> ExecuteCommandAsync<TResult>(ICommand<TResult> command);

    Task ExecuteCommandAsync(ICommand command);

    Task<TResult> ExecuteQueryAsync<TResult>(IQuery<TResult> query);
}

Note: Some people say that processing of command shouldn't return a result. This is good approach but sometimes impractical, especially when you create resource and want immediately return ID of this resource. Sometimes, boundary between Command and Query is blurry. One of the example is AuthenticateCommand - it returns token but it is not a query (has side effect).

3.4 Module requests processing CQRS

Commands and Queries processing is separated applying architectural style/pattern Command Query Responsibility Segregation (CQRS).

Commands are processed using Write Model which is implemented using DDD tactical patterns:

internal class CreateNewMeetingGroupCommandHandler : ICommandHandler<CreateNewMeetingGroupCommand>
{
    private readonly IMeetingGroupRepository _meetingGroupRepository;
    private readonly IMeetingGroupProposalRepository _meetingGroupProposalRepository;

    internal CreateNewMeetingGroupCommandHandler(
        IMeetingGroupRepository meetingGroupRepository, 
        IMeetingGroupProposalRepository meetingGroupProposalRepository)
    {
        _meetingGroupRepository = meetingGroupRepository;
        _meetingGroupProposalRepository = meetingGroupProposalRepository;
    }

    public async Task<Unit> Handle(CreateNewMeetingGroupCommand request, CancellationToken cancellationToken)
    {
        var meetingGroupProposal = await _meetingGroupProposalRepository.GetByIdAsync(request.MeetingGroupProposalId);

        var meetingGroup = meetingGroupProposal.CreateMeetingGroup();

        await _meetingGroupRepository.AddAsync(meetingGroup);

        return Unit.Value;
    }
}

Queries are processed using Read Model which is implemented by executing raw SQL statements on database views:

internal class GetAllMeetingGroupsQueryHandler : IQueryHandler<GetAllMeetingGroupsQuery, List<MeetingGroupDto>>
{
    private readonly ISqlConnectionFactory _sqlConnectionFactory;

    internal GetAllMeetingGroupsQueryHandler(ISqlConnectionFactory sqlConnectionFactory)
    {
        _sqlConnectionFactory = sqlConnectionFactory;
    }

    public async Task<List<MeetingGroupDto>> Handle(GetAllMeetingGroupsQuery request, CancellationToken cancellationToken)
    {
        var connection = _sqlConnectionFactory.GetOpenConnection();

        const string sql = "SELECT " +
                           "[MeetingGroup].[Id], " +
                           "[MeetingGroup].[Name], " +
                           "[MeetingGroup].[Description], " +
                           "[MeetingGroup].[LocationCountryCode], " +
                           "[MeetingGroup].[LocationCity]" +
                           "FROM [meetings].[v_MeetingGroups] AS [MeetingGroup]";
        var meetingGroups = await connection.QueryAsync<MeetingGroupDto>(sql);

        return meetingGroups.AsList();
    }
}

Key advantages:

Solution appropriate to problem - reading and writing needs are usually different
Supports SRP - one handler does one thing
Supports ISP - each handler implements interface with exactly one method
Commands and Queries are objects (Parameter Object pattern) which are easy to serialize/deserialize
Easy way to apply Decorator pattern to handle cross-cutting concerns.
Louse coupling - introduction of Mediator pattern separates invoker of request from handler of request.

One disadvantage - introduction of mediation gives more indirection and is harder to reason about which class handles the request.

More info can be found here: Simple CQRS implementation with raw SQL and DDD

3.5 Domain Model principles and attributes

Domain Model, which is the central and most critical part in the system, should be designed with special attention. Here are some key principles and attributes which are applied to Domain Models of each modules:

High level of encapsulation

All members are private by default, then internal, only at the very end public.

High level of PI (Persistence Ignorance)

No dependencies to infrastructure, databases, other stuff. All classes are POCO.

Rich in behavior

All business logic is located in Domain Model. No leaks to application layer or other places.

Low level of primitive obssesion

Primitive attributes of Entites grouped together using ValueObjects.

Business language

All classes, methods and other members named in business language used in this Bounded Context.

public class MeetingGroup : Entity, IAggregateRoot
{
    public MeetingGroupId Id { get; private set; }

    private string _name;

    private string _description;

    private MeetingGroupLocation _location;

    private MemberId _creatorId;

    private List<MeetingGroupMember> _members;

    private DateTime _createDate;

    private DateTime? _paymentDateTo;

    internal static MeetingGroup CreateBasedOnProposal(
        MeetingGroupProposalId meetingGroupProposalId, 
        string name, 
        string description,
        MeetingGroupLocation location, MemberId creatorId)
    {
        return new MeetingGroup(meetingGroupProposalId, name, description, location, creatorId);
    }
    
     public Meeting CreateMeeting(
            string title,
            MeetingTerm term,
            string description,
            MeetingLocation location,
            int? attendeesLimit,
            int guestsLimit,
            Term rsvpTerm,
            MoneyValue eventFee,
            List<MemberId> hostsMembersIds,
            MemberId creatorId)
        {
            this.CheckRule(new MeetingCanBeOrganizedOnlyByPayedGroupRule(_paymentDateTo));

            this.CheckRule(new MeetingHostMustBeAMeetingGroupMemberRule(creatorId, hostsMembersIds, _members));

            return new Meeting(this.Id,
                title,
                term,
                description,
                location,
                attendeesLimit,
                guestsLimit,
                rsvpTerm,
                eventFee,
                hostsMembersIds,
                creatorId);
        }

3.6 Cross-cutting concerns

To support Single Responsibility Principle and Don't Repeat Yourself principles, implementation of cross-cutting concerns is done using Decorator Pattern. Each Command processing is decorated by 3 decorators: logging, validation and unit of work.

Logging

Logging decorator logs execution, arguments and processing of each Command. This way each log inside processing has log context of processing command.

internal class LoggingCommandHandlerDecorator<T> : ICommandHandler<T> where T:ICommand
{
    private readonly ILogger _logger;
    private readonly IExecutionContextAccessor _executionContextAccessor;
    private readonly ICommandHandler<T> _decorated;

    public LoggingCommandHandlerDecorator(
        ILogger logger, 
        IExecutionContextAccessor executionContextAccessor, 
        ICommandHandler<T> decorated)
    {
        _logger = logger;
        _executionContextAccessor = executionContextAccessor;
        _decorated = decorated;
    }
    public async Task<Unit> Handle(T command, CancellationToken cancellationToken)
    {
        if (command is IRecurringCommand)
        {
            return await _decorated.Handle(command, cancellationToken);
        }
        using (
            LogContext.Push(
                new RequestLogEnricher(_executionContextAccessor),
                new CommandLogEnricher(command)))
        {
            try
            {
                this._logger.Information(
                    "Executing command {Command}",
                    command.GetType().Name);

                var result = await _decorated.Handle(command, cancellationToken);

                this._logger.Information("Command {Command} processed successful", command.GetType().Name);

                return result;
            }
            catch (Exception exception)
            {
                this._logger.Error(exception, "Command {Command} processing failed", command.GetType().Name);
                throw;
            }
        }
    }

    private class CommandLogEnricher : ILogEventEnricher
    {
        private readonly ICommand _command;

        public CommandLogEnricher(ICommand command)
        {
            _command = command;
        }
        public void Enrich(LogEvent logEvent, ILogEventPropertyFactory propertyFactory)
        {
            logEvent.AddOrUpdateProperty(new LogEventProperty("Context", new ScalarValue($"Command:{_command.Id.ToString()}")));
        }
    }

    private class RequestLogEnricher : ILogEventEnricher
    {
        private readonly IExecutionContextAccessor _executionContextAccessor;
        public RequestLogEnricher(IExecutionContextAccessor executionContextAccessor)
        {
            _executionContextAccessor = executionContextAccessor;
        }
        public void Enrich(LogEvent logEvent, ILogEventPropertyFactory propertyFactory)
        {
            if (_executionContextAccessor.IsAvailable)
            {
                logEvent.AddOrUpdateProperty(new LogEventProperty("CorrelationId", new ScalarValue(_executionContextAccessor.CorrelationId))); 
            }               
        }
    }
}

Validation

Validation decorator performs Command data validation. It checks rules against Command arguments. It uses FluentValidation library to do it.

internal class ValidationCommandHandlerDecorator<T> : ICommandHandler<T> where T:ICommand
{
    private readonly IList<IValidator<T>> _validators;
    private readonly ICommandHandler<T> _decorated;

    public ValidationCommandHandlerDecorator(
        IList<IValidator<T>> validators, 
        ICommandHandler<T> decorated)
    {
        this._validators = validators;
        _decorated = decorated;
    }

    public Task<Unit> Handle(T command, CancellationToken cancellationToken)
    {
        var errors = _validators
            .Select(v => v.Validate(command))
            .SelectMany(result => result.Errors)
            .Where(error => error != null)
            .ToList();

        if (errors.Any())
        {
            var errorBuilder = new StringBuilder();

            errorBuilder.AppendLine("Invalid command, reason: ");

            foreach (var error in errors)
            {
                errorBuilder.AppendLine(error.ErrorMessage);
            }

            throw new InvalidCommandException(errorBuilder.ToString(), null);
        }

        return _decorated.Handle(command, cancellationToken);
    }
}

Unit Of Work Every Command processing has side effects. To not call commit on every handler, UnitOfWorkCommandHandlerDecorator is used. It additionally marks InternalCommand as processed (if it is Internal Command) and dispatches all Domain Events (as part of Unit Of Work).

public class UnitOfWorkCommandHandlerDecorator<T> : ICommandHandler<T> where T:ICommand
{
    private readonly ICommandHandler<T> _decorated;
    private readonly IUnitOfWork _unitOfWork;
    private readonly MeetingsContext _meetingContext;

    public UnitOfWorkCommandHandlerDecorator(
        ICommandHandler<T> decorated, 
        IUnitOfWork unitOfWork, 
        MeetingsContext meetingContext)
    {
        _decorated = decorated;
        _unitOfWork = unitOfWork;
        _meetingContext = meetingContext;
    }

    public async Task<Unit> Handle(T command, CancellationToken cancellationToken)
    {
        await this._decorated.Handle(command, cancellationToken);

        if (command is InternalCommandBase)
        {
            var internalCommand =
                await _meetingContext.InternalCommands.FirstOrDefaultAsync(x => x.Id == command.Id,
                    cancellationToken: cancellationToken);

            if (internalCommand != null)
            {
                internalCommand.ProcessedDate = DateTime.UtcNow;
            }
        }

        await this._unitOfWork.CommitAsync(cancellationToken);

        return Unit.Value;
    }
}

3.7 Modules integration

Integration between modules takes place only in an asynchronous way using Integration Events and In Memory Events Bus as broker. In this way coupling between modules is minimal and exists only on structure of Integration Events.

Modules don't share data so it is not possible and wanted to create transaction which spans more than one module. To ensure maximum reliability, Outbox / Inbox pattern are used. They provide accordingly "At-Least-Once delivery" and "At-Least-Once processing".

Outbox and Inbox is implemented using two SQL tables and background worker for each module. Background worker is implemented using Quartz.NET library.

Saving to Outbox:

Processing Outbox:

3.8 Internal processing

The main principle of this system is that you can change its state only by calling a specific Command.

Sometimes, Command can be called not by API but by processing module itself. The main use case which uses this mechanism is data processing in eventual consistency mode, when we want process something in different process and transaction. This applies for example for Inbox processing, because we want do something (calling a Command) based on Integration Event from Inbox.

This idea is taken from Alberto's Brandolini Event Storming picture called "The picture that explains “almost” everything" which shows that every side effect (domain event) is created by invoking Command on Aggregate. See EventStorming cheat sheat article for more details.

Implementation of internal processing is very similar to implementation of Outbox and Inbox. One SQL table and one background worker for processing. Each internally processing Command must inherit from InternalCommandBase class:

internal abstract class InternalCommandBase : ICommand
{
    public Guid Id { get; }

    protected InternalCommandBase(Guid id)
    {
        this.Id = id;
    }
}

This is important because UnitOfWorkCommandHandlerDecorator must mark internal Command as processed during committing:

public async Task<Unit> Handle(T command, CancellationToken cancellationToken)
{
    await this._decorated.Handle(command, cancellationToken);

    if (command is InternalCommandBase)
    {
        var internalCommand =
            await _meetingContext.InternalCommands.FirstOrDefaultAsync(x => x.Id == command.Id,
                cancellationToken: cancellationToken);

        if (internalCommand != null)
        {
            internalCommand.ProcessedDate = DateTime.UtcNow;
        }
    }

    await this._unitOfWork.CommitAsync(cancellationToken);

    return Unit.Value;
}

3.9 Security

Authentication

Authentication is implemented using JWT Token and Bearer scheme using IdentityServer. For now, only one authentication method is implemented (forms authentication by providing login and password). It requires implementation of IResourceOwnerPasswordValidator interface:

public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
{
    private readonly IUserAccessModule _userAccessModule;

    public ResourceOwnerPasswordValidator(IUserAccessModule userAccessModule)
    {
        _userAccessModule = userAccessModule;
    }

    public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
    {
        var authenticationResult = await _userAccessModule.ExecuteCommandAsync(new AuthenticateCommand(context.UserName, context.Password));
        if (!authenticationResult.IsAuthenticated)
        {
            context.Result = new GrantValidationResult(
                TokenRequestErrors.InvalidGrant, 
                authenticationResult.AuthenticationError);
            return;
        }
        context.Result = new GrantValidationResult(
            authenticationResult.User.Id.ToString(), 
            "forms", 
            authenticationResult.User.Claims);
    }
}

Authorization

Authorization mechanism implements RBAC (Role Based Access Control) using Permissions. Permissions are more granular and much better way to secure your application than Roles. Each User has set of Roles and each Role contains one or more Permission. With this mapping User has set of Permissions which are always checked on Controller level:

[HttpPost]
[Route("")]
[HasPermission(MeetingsPermissions.ProposeMeetingGroup)]
public async Task<IActionResult> ProposeMeetingGroup(ProposeMeetingGroupRequest request)
{
    await _meetingsModule.ExecuteCommandAsync(
        new ProposeMeetingGroupCommand(
            request.Name, 
            request.Description, 
            request.LocationCity, 
            request.LocationCountryCode));

    return Ok();
}

4. Technology

List of technologies, frameworks and libraries used to implementation:

.NET Core 2.2 (platform)
MS SQL Server Express (database)
Entity Framework Core 2.2 (ORM Write Model implementation for DDD)
Autofac (Inversion of Control Container)
IdentityServer4 (Authentication and Authorization)
Serilog (structured logging)
Hellang.Middleware.ProblemDetails (API Problem Details support)
Swashbuckle (Swagger automated documentation)
Dapper (micro ORM for Read Model)
Newtonsoft.Json (serialization/deserialization to/from JSON)
Quartz.NET (background processing)
FluentValidation (data validation)
MediatR (mediator implementation)
Postman (API tests)

5. How to run

Download and install .NET Core 2.2 SDK
Download and install MS SQL Server Express or other
Create empty database and run script
Set connection string to database in appsettings.json file or using Secrets

6. Contribution

This project is still under analysis and development. I assume its maintenance for a long time. I would appreciate if you would like to contribute to it. Please let me know, create an Issue or Pull Request.

7. Roadmap

List of features/tasks/approaches to add:

Name	Priority
Domain Model Unit Tests	High
API automated tests	Normal
FrontEnd SPA application	Normal
Meeting comments feature	Low
Notifications feature	Low
Messages feature	Low
Migration to .NET Core 3.0	Low
More advanced Payments module	Low

NOTE: Please don't hesitate to suggest something else or change to existing code. All proposals will be considered.

8. Author

Kamil Grzybek

Blog: https://kamilgrzybek.com

Twitter: https://twitter.com/kamgrzybek

LinkedIn: https://www.linkedin.com/in/kamilgrzybek/

GitHub: https://github.com/kgrzybek

9. License

The project is under MIT license.

lulzzz / modular-monolith-with-ddd Goto Github PK