refactor: identity -> iam

2025-10-03 16:07:10 +02:00
parent fe50394ec0
commit 7504361d88
46 changed files with 16 additions and 10 deletions
--- a/modules/iam/routes/login/code/handle.ts
+++ b/modules/iam/routes/login/code/handle.ts
@@ -0,0 +1,16 @@
+import { NotFoundError } from "@platform/relay";
+
+import { auth } from "../../../services/auth.ts";
+import { logger } from "../../../services/logger.ts";
+import route from "./spec.ts";
+
+export default route.access("public").handle(async ({ body: { email, otp } }) => {
+  const response = await auth.api.signInEmailOTP({ body: { email, otp }, asResponse: true, returnHeaders: true });
+  if (response.status !== 200) {
+    logger.error("OTP Signin Failed", await response.json());
+    return new NotFoundError();
+  }
+  return new Response(null, {
+    headers: response.headers,
+  });
+});
--- a/modules/iam/routes/login/code/spec.ts
+++ b/modules/iam/routes/login/code/spec.ts
@@ -0,0 +1,14 @@
+import { route } from "@platform/relay";
+import z from "zod";
+
+export default route
+  .post("/api/v1/identity/login/code")
+  .body(
+    z.strictObject({
+      email: z.string(),
+      otp: z.string(),
+    }),
+  )
+  .query({
+    next: z.string().optional(),
+  });
--- a/modules/iam/routes/login/email/handle.ts
+++ b/modules/iam/routes/login/email/handle.ts
@@ -0,0 +1,14 @@
+import { auth } from "../../../services/auth.ts";
+import { logger } from "../../../services/logger.ts";
+import route from "./spec.ts";
+
+export default route.access("public").handle(async ({ body: { email } }) => {
+  const response = await auth.api.sendVerificationOTP({ body: { email, type: "sign-in" } });
+  if (response.success === false) {
+    logger.info({
+      type: "auth:passwordless",
+      message: "OTP Email verification failed.",
+      received: email,
+    });
+  }
+});
--- a/modules/iam/routes/login/email/spec.ts
+++ b/modules/iam/routes/login/email/spec.ts
@@ -0,0 +1,8 @@
+import { route } from "@platform/relay";
+import z from "zod";
+
+export default route.post("/api/v1/identity/login/email").body(
+  z.object({
+    email: z.email(),
+  }),
+);
--- a/modules/iam/routes/login/password/handle.ts
+++ b/modules/iam/routes/login/password/handle.ts
@@ -0,0 +1,36 @@
+import { logger } from "@platform/logger";
+import { BadRequestError } from "@platform/relay";
+import cookie from "cookie";
+
+import { auth } from "../../../auth.ts";
+import { config } from "../../../config.ts";
+import { password } from "../../../crypto/password.ts";
+import { getPasswordStrategyByAlias } from "../../../database.ts";
+import route from "./spec.ts";
+
+export default route.access("public").handle(async ({ body: { alias, password: userPassword } }) => {
+  const strategy = await getPasswordStrategyByAlias(alias);
+  if (strategy === undefined) {
+    return logger.info({
+      type: "auth:password",
+      message: "Failed to get account with 'password' strategy.",
+      alias,
+    });
+  }
+
+  const isValidPassword = await password.verify(userPassword, strategy.password);
+  if (isValidPassword === false) {
+    return new BadRequestError("Invalid email/password provided.");
+  }
+
+  return new Response(null, {
+    status: 204,
+    headers: {
+      "set-cookie": cookie.serialize(
+        "token",
+        await auth.generate({ id: strategy.accountId }, "1 week"),
+        config.cookie(1000 * 60 * 60 * 24 * 7),
+      ),
+    },
+  });
+});
--- a/modules/iam/routes/login/password/spec.ts
+++ b/modules/iam/routes/login/password/spec.ts
@@ -0,0 +1,9 @@
+import { route } from "@platform/relay";
+import z from "zod";
+
+export default route.post("/api/v1/identities/login/password").body(
+  z.object({
+    alias: z.string(),
+    password: z.string(),
+  }),
+);
--- a/modules/iam/routes/login/sudo/handle.ts
+++ b/modules/iam/routes/login/sudo/handle.ts
@@ -0,0 +1,39 @@
+import route from "./spec.ts";
+
+export default route.access("public").handle(async () => {
+  // const code = await Passwordless.createCode({ tenantId: "public", email });
+  // if (code.status !== "OK") {
+  //   return logger.info({
+  //     type: "auth:passwordless",
+  //     message: "Create code failed.",
+  //     received: email,
+  //   });
+  // }
+  // logger.info({
+  //   type: "auth:passwordless",
+  //   data: {
+  //     deviceId: code.deviceId,
+  //     preAuthSessionId: code.preAuthSessionId,
+  //     userInputCode: code.userInputCode,
+  //   },
+  // });
+  // const response = await Passwordless.consumeCode({
+  //   tenantId: "public",
+  //   preAuthSessionId: code.preAuthSessionId,
+  //   deviceId: code.deviceId,
+  //   userInputCode: code.userInputCode,
+  // });
+  // if (response.status !== "OK") {
+  //   return new NotFoundError();
+  // }
+  // logger.info({
+  //   type: "code:claimed",
+  //   session: true,
+  //   message: "Identity resolved",
+  //   user: response.user.toJson(),
+  // });
+  // return new Response(null, {
+  //   status: 200,
+  //   headers: await getSessionHeaders("public", response.recipeUserId),
+  // });
+});
--- a/modules/iam/routes/login/sudo/spec.ts
+++ b/modules/iam/routes/login/sudo/spec.ts
@@ -0,0 +1,8 @@
+import { route } from "@platform/relay";
+import z from "zod";
+
+export default route.post("/api/v1/identities/login/sudo").body(
+  z.object({
+    email: z.email(),
+  }),
+);