feat(oga-app): add template to render Trader submissions correctly in OGA portal

[ginaxu1]

Closes #188

Screen.Recording.2026-03-20.at.10.03.19.mov

Summary

Add OGA view template support to render Trader-submitted information (including file downloads if a file was uploaded by Trader) in the OGA portal's application detail view. Update backend in order to render specific view templates and enabling file downloads
Flow:

1. Frontend FileControl detects format:"file" in the .view.json schema
2. It calls getDownloadUrl(key) → GET /api/oga/uploads/{key}
3. HandleGetUploadURL handler proxies the request to the NSW backend GET /uploads/{key}
4. The backend returns {download_url, expires_at}
5. We forward that JSON to the frontend

Changes

OGA Go service

• oga/internal/service.go add OgaForm field to the Application struct and .view form lookup logic in GetApplication
• oga/internal/handler.go add HandleGetUploadURL handler (mapped to GET /api/oga/uploads/{key}). This endpoint constructs a direct download URL to the main backend's /content endpoint to bypass identity provider authentication gaps for OGA users
• oga/internal/config.go add BackendAPIBaseURL to the Config struct, defaulting to http://localhost:8080/api/v1 or the BACKEND_API_BASE_URL environment variable
• oga/cmd/server/main.go register the GET /api/oga/uploads/{key} route

OGA frontend (oga-app):

• `portals/apps/oga-app/src/screens/WorkflowDetailScreen.tsx: refactor the "Submitted Information" section. It now checks for the existence of application.ogaForm; if present, it renders the data using JsonForms in a read-only state. It falls back to the previous key-value grid only if ogaForm is missing
• portals/apps/oga-app/src/api.ts update the OGAApplication interface to include the ogaForm property
• portals/apps/oga-app/src/services/upload.ts update getDownloadUrl to fetch the URL from the OGA service's new proxy endpoint /api/oga/uploads/${key}
• portals/apps/oga-app/docker-entrypoint.sh: add VITE_API_BASE_URL to the runtime configuration

Backend seed data

• 001_insert_seed_form_templates.sql add supportingDocuments with format: "file" to the Phytosanitary Certificate and Health Certificate forms
• 001_insert_seed_workflow_node_templates.sql add submission.request.meta into the Phytosanitary and Health Certificate nodes to allow the OGA service to identify the correct view templates
• 001_insert_seed_pre_consignment_template.sql update General Trader Verification node to use the structured submission block with request.meta instead of the deprecated submissionUrl.

Testing

• Verify the OGA app's /workflows/:id detail view renders submitted data using JsonForms when an ogaForm template exists for the application's meta type
• Verify file fields (supportingDocuments, labTestReport, tinCertificate, vatCertificate) render as clickable "View" download links (not raw key strings) via the FileControl renderer
• Verify the upload download URL resolves correctly through the OGA proxy (GET /api/oga/uploads/{key})
• Verify fallback: when no ogaForm is present, the detail view still shows the key-value grid
• Verify the Go service compiles with both OgaForm and FeedbackHistory on the Application struct
• Re-seed the database after pulling to pick up the updated form and workflow node configs

cd oga && go build ./...
cd ../portals && pnpm run --recursive --parallel lint
pnpm -r build
make dev-all

[gemini-code-assist]

Code Review

This pull request successfully adds support for rendering trader-submitted information using view templates in the OGA portal. However, a critical security vulnerability has been identified: the new endpoint for retrieving file download URLs lacks authentication and relies on an insecure backend mechanism, potentially exposing sensitive trader documents to unauthorized access. This issue is exacerbated by the fact that the proxy generates permanent, unauthenticated URLs while presenting them as temporary, creating a significant security risk if deployed outside of a local development environment.

[sthanikan2000]

LGTM!

[sthanikan2000]

@ginaxu1 can you rebase with current OpenNSW/main?

[sthanikan2000]

LGTM!

[sthanikan2000]

Check the nit
Otherwise LGTM

[mushrafmim]

Rendering The review form works fine on OGA side (Which satisfies this PR's objective) but still the file rendering is not working as expected (Let's solve this in a separate issue).

1. When I click on the view button, it's opened in a new window, which is forcing me to log in again.
2. When I get to the review screen I can see, multiple calls to the /oga/upload endpoint to fetch each file. Which is not intended. It is expected to call these endpoints on demand (When the user clicks on the view button).

Since the problem is only on file upload aspects. Approving this PR.

[sthanikan2000]

LGTM!