feat: initial boilerplate

2025-08-11 20:45:41 +02:00
parent d98524254f
commit 1215a98afc
148 changed files with 6935 additions and 2060 deletions
--- a/api/libraries/auth/auth.ts
+++ b/api/libraries/auth/auth.ts
@@ -0,0 +1,87 @@
+import { Auth, ResolvedSession } from "@valkyr/auth";
+import z from "zod";
+
+import { db } from "~libraries/read-store/database.ts";
+
+import { config } from "./config.ts";
+
+export const auth = new Auth(
+  {
+    settings: {
+      algorithm: "RS256",
+      privateKey: config.privateKey,
+      publicKey: config.publicKey,
+      issuer: "https://balto.health",
+      audience: "https://balto.health",
+    },
+    session: z.object({
+      accountId: z.string(),
+    }),
+    permissions: {
+      admin: ["create", "read", "update", "delete"],
+      organization: ["create", "read", "update", "delete"],
+      consultant: ["create", "read", "update", "delete"],
+      task: ["create", "update", "read", "delete"],
+    } as const,
+    guards: [],
+  },
+  {
+    roles: {
+      async add(role) {
+        await db.collection("roles").insertOne(role);
+      },
+
+      async getById(id) {
+        const role = await db.collection("roles").findOne({ id });
+        if (role === null) {
+          return undefined;
+        }
+        return role;
+      },
+
+      async getBySession({ accountId }) {
+        const account = await db.collection("accounts").findOne({ id: accountId });
+        if (account === null) {
+          return [];
+        }
+        return db
+          .collection("roles")
+          .find({ id: { $in: account.roles } })
+          .toArray();
+      },
+
+      async setPermissions() {
+        throw new Error("MongoRolesProvider > .setPermissions is managed by Role aggregate projections");
+      },
+
+      async delete(id) {
+        await db.collection("roles").deleteOne({ id });
+      },
+
+      async assignAccount(roleId: string, accountId: string): Promise<void> {
+        await db.collection("accounts").updateOne(
+          { id: accountId },
+          {
+            $push: {
+              roles: roleId,
+            },
+          },
+        );
+      },
+
+      async removeAccount(roleId: string, accountId: string): Promise<void> {
+        await db.collection("roles").updateOne(
+          { id: accountId },
+          {
+            $pull: {
+              roles: roleId,
+            },
+          },
+        );
+      },
+    },
+  },
+);
+
+export type Session = ResolvedSession<typeof auth>;
+export type Permissions = (typeof auth)["$permissions"];