feat: add functional authentication

spec/schemas/account/account.ts

@@ -0,0 +1,27 @@
+import { z } from "zod";
+
+import { RoleSchema } from "../access/role.ts";
+import { AvatarSchema } from "../avatar.ts";
+import { ContactSchema } from "../contact.ts";
+import { makeSchemaParser } from "../database.ts";
+import { NameSchema } from "../name.ts";
+import { StrategySchema } from "./strategies.ts";
+
+export const AccountSchema = z.object({
+  id: z.uuid(),
+  avatar: AvatarSchema.optional(),
+  name: NameSchema.optional(),
+  contact: ContactSchema.default({
+    emails: [],
+  }),
+  strategies: z.array(StrategySchema).default([]),
+  roles: z.array(RoleSchema).default([]),
+});
+
+export const AccountDocumentSchema = AccountSchema.omit({ roles: true }).extend({ roles: z.array(z.string()) });
+
+export const toAccountDocument = makeSchemaParser(AccountDocumentSchema);
+export const fromAccountDocument = makeSchemaParser(AccountSchema);
+
+export type Account = z.infer<typeof AccountSchema>;
+export type AccountDocument = z.infer<typeof AccountDocumentSchema>;

spec/schemas/account/errors.ts

@@ -0,0 +1,7 @@
+import { ConflictError } from "@spec/relay/mod.ts";
+
+export class AccountEmailClaimedError extends ConflictError {
+  constructor(email: string) {
+    super(`Email '${email}' is already claimed by another account.`);
+  }
+}

spec/schemas/account/routes.ts

@@ -0,0 +1,20 @@
+import { route } from "@spec/relay";
+import z from "zod";
+
+import { NameSchema } from "../name.ts";
+import { AccountEmailClaimedError } from "./errors.ts";
+
+export const create = route
+  .post("/api/v1/accounts")
+  .body(
+    z.object({
+      name: NameSchema,
+      email: z.email(),
+    }),
+  )
+  .errors([AccountEmailClaimedError])
+  .response(z.uuid());
+
+export const routes = {
+  create,
+};

spec/schemas/account/strategies.ts

@@ -0,0 +1,33 @@
+import z from "zod";
+
+const EmailStrategySchema = z.object({
+  type: z.literal("email"),
+  value: z.string(),
+});
+
+const PasswordStrategySchema = z.object({
+  type: z.literal("password"),
+  alias: z.string(),
+  password: z.string(),
+});
+
+const PasskeyStrategySchema = z.object({
+  type: z.literal("passkey"),
+  credId: z.string(),
+  credPublicKey: z.string(),
+  webauthnUserId: z.string(),
+  counter: z.number(),
+  backupEligible: z.boolean(),
+  backupStatus: z.boolean(),
+  transports: z.string(),
+  createdAt: z.date(),
+  lastUsed: z.date(),
+});
+
+export const StrategySchema = z.discriminatedUnion("type", [
+  EmailStrategySchema,
+  PasswordStrategySchema,
+  PasskeyStrategySchema,
+]);
+
+export type Strategy = z.infer<typeof StrategySchema>;