feat: add functional authentication

api/stores/event-store/events/account.ts

@@ -0,0 +1,14 @@
+import { EmailSchema } from "@spec/schemas/email.ts";
+import { NameSchema } from "@spec/schemas/name.ts";
+import { event } from "@valkyr/event-store";
+import z from "zod";
+
+import { AuditorSchema } from "./auditor.ts";
+
+export default [
+  event.type("account:created").meta(AuditorSchema),
+  event.type("account:avatar:added").data(z.string()).meta(AuditorSchema),
+  event.type("account:name:added").data(NameSchema).meta(AuditorSchema),
+  event.type("account:email:added").data(EmailSchema).meta(AuditorSchema),
+  event.type("account:role:added").data(z.string()).meta(AuditorSchema),
+];

api/stores/event-store/events/auditor.ts

@@ -0,0 +1,21 @@
+import z from "zod";
+
+export const AuditorSchema = z.object({
+  auditor: z.union([
+    z.object({
+      type: z.literal("system"),
+    }),
+    z.object({
+      type: z.literal("account"),
+      accountId: z.string(),
+    }),
+  ]),
+});
+
+export const systemAuditor: Auditor = {
+  auditor: {
+    type: "system",
+  },
+};
+
+export type Auditor = z.infer<typeof AuditorSchema>;

api/stores/event-store/events/code.ts

@@ -0,0 +1,18 @@
+import { event } from "@valkyr/event-store";
+import z from "zod";
+
+const CodeIdentitySchema = z.object({
+  accountId: z.string(),
+});
+
+export default [
+  event.type("code:created").data(
+    z.object({
+      identity: CodeIdentitySchema,
+      value: z.string(),
+    }),
+  ),
+  event.type("code:claimed"),
+];
+
+export type CodeIdentity = z.infer<typeof CodeIdentitySchema>;

api/stores/event-store/events/mod.ts

@@ -0,0 +1,11 @@
+import { EventFactory } from "@valkyr/event-store";
+
+import account from "./account.ts";
+import code from "./code.ts";
+import organization from "./organization.ts";
+import role from "./role.ts";
+import strategy from "./strategy.ts";
+
+export const events = new EventFactory([...account, ...code, ...organization, ...role, ...strategy]);
+
+export type EventStoreFactory = typeof events;

api/stores/event-store/events/organization.ts

@@ -0,0 +1,11 @@
+import { event } from "@valkyr/event-store";
+import z from "zod";
+
+import { AuditorSchema } from "./auditor.ts";
+
+export default [
+  event
+    .type("organization:created")
+    .data(z.object({ name: z.string() }))
+    .meta(AuditorSchema),
+];

api/stores/event-store/events/role.ts

@@ -0,0 +1,37 @@
+import { event } from "@valkyr/event-store";
+import z from "zod";
+
+import { AuditorSchema } from "./auditor.ts";
+
+const CreatedSchema = z.object({
+  name: z.string(),
+  permissions: z.array(
+    z.object({
+      resource: z.string(),
+      actions: z.array(z.string()),
+    }),
+  ),
+});
+
+const OperationSchema = z.discriminatedUnion("type", [
+  z.object({
+    type: z.literal("grant"),
+    resource: z.string(),
+    action: z.string(),
+  }),
+  z.object({
+    type: z.literal("deny"),
+    resource: z.string(),
+    action: z.string().optional(),
+  }),
+]);
+
+export default [
+  event.type("role:created").data(CreatedSchema).meta(AuditorSchema),
+  event.type("role:name-set").data(z.string()).meta(AuditorSchema),
+  event.type("role:permissions-set").data(z.array(OperationSchema)).meta(AuditorSchema),
+];
+
+export type RoleCreatedData = z.infer<typeof CreatedSchema>;
+
+export type RolePermissionOperation = z.infer<typeof OperationSchema>;

api/stores/event-store/events/strategy.ts

@@ -0,0 +1,13 @@
+import { event } from "@valkyr/event-store";
+import z from "zod";
+
+import { AuditorSchema } from "./auditor.ts";
+
+export default [
+  event.type("strategy:email:added").data(z.string()).meta(AuditorSchema),
+  event.type("strategy:passkey:added").meta(AuditorSchema),
+  event
+    .type("strategy:password:added")
+    .data(z.object({ alias: z.string(), password: z.string() }))
+    .meta(AuditorSchema),
+];