feat: add supertokens

platform/cerbos/client.ts

@@ -1,17 +0,0 @@
-import { HTTP } from "@cerbos/http";
-import { getEnvironmentVariable } from "@platform/config/environment.ts";
-import z from "zod";
-
-export const cerbos = new HTTP(
-  getEnvironmentVariable({
-    key: "CERBOS_URL",
-    type: z.string(),
-    fallback: "http://localhost:3592",
-  }),
-  {
-    adminCredentials: {
-      username: "cerbos",
-      password: "cerbosAdmin",
-    },
-  },
-);

platform/cerbos/config.yaml

@@ -1,14 +0,0 @@
-server:
-  adminAPI:
-    enabled: true
-    adminCredentials:
-      username: cerbos
-      passwordHash: JDJ5JDEwJDc5VzBkQ0NUWHFTT3N1OW9xZkx5ZC43M0tuM0JBSTU0dVRsMVBkOEtuYVBCaWFzVXk5d0phCgo=
-  httpListenAddr: ":3592"
-  grpcListenAddr: ":3593"
-
-storage:
-  driver: disk
-  disk:
-    directory: /data/policies
-    watchForChanges: true

platform/cerbos/package.json

@@ -1,12 +0,0 @@
-{
-  "name": "@platform/cerbos",
-  "version": "0.0.0",
-  "private": true,
-  "type": "module",
-  "dependencies": {
-    "@cerbos/http": "0.23.1",
-    "@platform/config": "workspace:*",
-    "@valkyr/auth": "npm:@jsr/valkyr__auth@2.1.4",
-    "zod": "4.1.11"
-  }
-}

platform/cerbos/policies/identity.yaml

@@ -1,47 +0,0 @@
-# yaml-language-server: $schema=https://api.cerbos.dev/latest/cerbos/policy/v1/Policy.schema.json
-# docs: https://docs.cerbos.dev/cerbos/latest/policies/resource_policies
-
-apiVersion: api.cerbos.dev/v1
-resourcePolicy:
-  resource: identity
-  version: default
-  rules:
-
-    ### Read
-
-    - actions:
-        - read
-      effect: EFFECT_ALLOW
-      roles:
-        - admin
-
-    - actions:
-        - read
-      effect: EFFECT_ALLOW
-      roles:
-        - user
-      condition:
-        match:
-          expr: request.resource.id == request.principal.id
-
-    ### Update
-
-    - actions:
-        - update
-      effect: EFFECT_ALLOW
-      roles:
-        - user
-      condition:
-        match:
-          expr: request.resource.id == request.principal.id
-
-    ### Delete
-    
-    - actions:
-        - delete
-      effect: EFFECT_ALLOW
-      roles:
-        - user
-      condition:
-        match:
-          expr: request.resource.id == request.principal.id

platform/cerbos/policies/workspace.yaml

@@ -1,42 +0,0 @@
-# yaml-language-server: $schema=https://api.cerbos.dev/latest/cerbos/policy/v1/Policy.schema.json
-# docs: https://docs.cerbos.dev/cerbos/latest/policies/resource_policies
-
-apiVersion: api.cerbos.dev/v1
-resourcePolicy:
-  resource: workspace
-  version: default
-  rules:
-
-    ### Read
-
-    - actions:
-        - read
-      effect: EFFECT_ALLOW
-      roles:
-        - admin
-        - user
-      condition:
-        match:
-          expr: request.principal.workspaceIds.includes(request.resource.id)
-
-    ### Update
-
-    - actions:
-        - update
-      effect: EFFECT_ALLOW
-      roles:
-        - admin
-      condition:
-        match:
-          expr: request.principal.workspaceIds.includes(request.resource.id)
-
-    ### Delete
-    
-    - actions:
-        - delete
-      effect: EFFECT_ALLOW
-      roles:
-        - admin
-      condition:
-        match:
-          expr: request.principal.workspaceIds.includes(request.resource.id)

platform/cerbos/resources.ts

@@ -1,14 +0,0 @@
-import { ResourceRegistry } from "@valkyr/auth";
-
-export const resources = new ResourceRegistry([
-  {
-    kind: "identity",
-    attr: {},
-  },
-  {
-    kind: "workspace",
-    attr: {},
-  },
-] as const);
-
-export type Resource = typeof resources.$resource;