feat: add functional authentication

api/routes/account/create.ts

@@ -0,0 +1,18 @@
+import { AccountEmailClaimedError } from "@spec/schemas/account/errors.ts";
+import { create } from "@spec/schemas/account/routes.ts";
+
+import { Account, isEmailClaimed } from "~stores/event-store/aggregates/account.ts";
+import { eventStore } from "~stores/event-store/event-store.ts";
+
+export default create.access("public").handle(async ({ body: { name, email } }) => {
+  if ((await isEmailClaimed(email)) === true) {
+    return new AccountEmailClaimedError(email);
+  }
+  return eventStore.aggregate
+    .from(Account)
+    .create()
+    .addName(name)
+    .addEmailStrategy(email)
+    .save()
+    .then((account) => account.id);
+});

api/routes/auth/code.ts

@@ -0,0 +1,84 @@
+import { code } from "@spec/schemas/auth/routes.ts";
+import cookie from "cookie";
+
+import { auth, config } from "~libraries/auth/mod.ts";
+import { logger } from "~libraries/logger/mod.ts";
+import { Account } from "~stores/event-store/aggregates/account.ts";
+import { Code } from "~stores/event-store/aggregates/code.ts";
+import { eventStore } from "~stores/event-store/event-store.ts";
+
+export default code.access("public").handle(async ({ params: { accountId, codeId, value }, query: { next } }) => {
+  const code = await eventStore.aggregate.getByStream(Code, codeId);
+
+  if (code === undefined) {
+    return logger.info({
+      type: "code:claimed",
+      session: false,
+      message: "Invalid Code ID",
+      received: codeId,
+    });
+  }
+
+  if (code.claimedAt !== undefined) {
+    return logger.info({
+      type: "code:claimed",
+      session: false,
+      message: "Code Already Claimed",
+      received: codeId,
+    });
+  }
+
+  await code.claim().save();
+
+  if (code.value !== value) {
+    return logger.info({
+      type: "code:claimed",
+      session: false,
+      message: "Invalid Value",
+      expected: code.value,
+      received: value,
+    });
+  }
+
+  if (code.identity.accountId !== accountId) {
+    return logger.info({
+      type: "code:claimed",
+      session: false,
+      message: "Invalid Account ID",
+      expected: code.identity.accountId,
+      received: accountId,
+    });
+  }
+
+  const account = await eventStore.aggregate.getByStream(Account, accountId);
+  if (account === undefined) {
+    return logger.info({
+      type: "code:claimed",
+      session: false,
+      message: "Account Not Found",
+      expected: code.identity.accountId,
+      received: undefined,
+    });
+  }
+
+  logger.info({ type: "code:claimed", session: true });
+
+  const options = config.cookie(1000 * 60 * 60 * 24 * 7);
+
+  if (next !== undefined) {
+    return new Response(null, {
+      status: 302,
+      headers: {
+        location: next,
+        "set-cookie": cookie.serialize("token", await auth.generate({ accountId: account.id }, "1 week"), options),
+      },
+    });
+  }
+
+  return new Response(null, {
+    status: 200,
+    headers: {
+      "set-cookie": cookie.serialize("token", await auth.generate({ accountId: account.id }, "1 week"), options),
+    },
+  });
+});

api/routes/auth/email.ts

@@ -0,0 +1,27 @@
+import { email } from "@spec/schemas/auth/routes.ts";
+
+import { logger } from "~libraries/logger/mod.ts";
+import { Account, getAccountEmailRelation } from "~stores/event-store/aggregates/account.ts";
+import { Code } from "~stores/event-store/aggregates/code.ts";
+import { eventStore } from "~stores/event-store/event-store.ts";
+
+export default email.access("public").handle(async ({ body: { base, email } }) => {
+  const account = await eventStore.aggregate.getByRelation(Account, getAccountEmailRelation(email));
+  if (account === undefined) {
+    return logger.info({
+      type: "auth:email",
+      code: false,
+      message: "Account Not Found",
+      received: email,
+    });
+  }
+  const code = await eventStore.aggregate.from(Code).create({ accountId: account.id }).save();
+  logger.info({
+    type: "auth:email",
+    data: {
+      code: code.id,
+      accountId: account.id,
+    },
+    link: `${base}/api/v1/admin/auth/${account.id}/code/${code.id}/${code.value}?next=${base}/admin`,
+  });
+});

api/routes/auth/password.ts

@@ -0,0 +1,36 @@
+import { BadRequestError } from "@spec/relay";
+import { password as route } from "@spec/schemas/auth/routes.ts";
+import cookie from "cookie";
+
+import { config } from "~config";
+import { auth } from "~libraries/auth/mod.ts";
+import { password } from "~libraries/crypto/mod.ts";
+import { logger } from "~libraries/logger/mod.ts";
+import { getPasswordStrategyByAlias } from "~stores/read-store/methods.ts";
+
+export default route.handle(async ({ body: { alias, password: userPassword } }) => {
+  const strategy = await getPasswordStrategyByAlias(alias);
+  if (strategy === undefined) {
+    return logger.info({
+      type: "auth:password",
+      message: "Failed to get account with 'password' strategy.",
+      alias,
+    });
+  }
+
+  const isValidPassword = await password.verify(userPassword, strategy.password);
+  if (isValidPassword === false) {
+    return new BadRequestError("Invalid email/password provided.");
+  }
+
+  return new Response(null, {
+    status: 204,
+    headers: {
+      "set-cookie": cookie.serialize(
+        "token",
+        await auth.generate({ accountId: strategy.accountId }, "1 week"),
+        config.cookie(1000 * 60 * 60 * 24 * 7),
+      ),
+    },
+  });
+});

api/routes/auth/session.ts

@@ -0,0 +1,12 @@
+import { UnauthorizedError } from "@spec/relay/mod.ts";
+import { session } from "@spec/schemas/auth/routes.ts";
+
+import { getAccountById } from "~stores/read-store/methods.ts";
+
+export default session.access("session").handle(async ({ accountId }) => {
+  const account = await getAccountById(accountId);
+  if (account === undefined) {
+    return new UnauthorizedError();
+  }
+  return account;
+});