feat: modular domain driven boilerplate

modules/identity/routes/identities/get/handle.ts

@@ -0,0 +1,16 @@
+import { ForbiddenError, NotFoundError } from "@platform/relay";
+
+import { getIdentityById } from "../../../database.ts";
+import route from "./spec.ts";
+
+export default route.access("session").handle(async ({ params: { id } }, { access }) => {
+  const identity = await getIdentityById(id);
+  if (identity === undefined) {
+    return new NotFoundError("Identity does not exist, or has been removed.");
+  }
+  const decision = await access.isAllowed({ kind: "identity", id: identity.id, attr: {} }, "read");
+  if (decision === false) {
+    return new ForbiddenError("You do not have permission to view this identity.");
+  }
+  return identity;
+});

modules/identity/routes/identities/get/spec.ts

@@ -0,0 +1,12 @@
+import { ForbiddenError, NotFoundError, route, UnauthorizedError } from "@platform/relay";
+import z from "zod";
+
+import { IdentitySchema } from "../../../models/identity.ts";
+
+export default route
+  .get("/api/v1/identities/:id")
+  .params({
+    id: z.string(),
+  })
+  .errors([UnauthorizedError, ForbiddenError, NotFoundError])
+  .response(IdentitySchema);

modules/identity/routes/identities/me/handle.ts

@@ -0,0 +1,12 @@
+import { UnauthorizedError } from "@platform/relay";
+
+import { getIdentityById } from "../../../database.ts";
+import route from "./spec.ts";
+
+export default route.access("session").handle(async ({ principal }) => {
+  const identity = await getIdentityById(principal.id);
+  if (identity === undefined) {
+    return new UnauthorizedError("You must be signed in to view your session.");
+  }
+  return identity;
+});

modules/identity/routes/identities/me/spec.ts

@@ -0,0 +1,5 @@
+import { NotFoundError, route, UnauthorizedError } from "@platform/relay";
+
+import { IdentitySchema } from "../../../models/identity.ts";
+
+export default route.get("/api/v1/identities/me").response(IdentitySchema).errors([UnauthorizedError, NotFoundError]);

modules/identity/routes/identities/register/handle.ts

@@ -0,0 +1,11 @@
+import { Identity, isEmailClaimed } from "../../../aggregates/identity.ts";
+import { IdentityEmailClaimedError } from "../../../errors.ts";
+import { eventStore } from "../../../event-store.ts";
+import route from "./spec.ts";
+
+export default route.access("public").handle(async ({ body: { name, email } }) => {
+  if ((await isEmailClaimed(email)) === true) {
+    return new IdentityEmailClaimedError(email);
+  }
+  return eventStore.aggregate.from(Identity).create().addName(name).addEmailStrategy(email).addRole("user").save();
+});

modules/identity/routes/identities/register/spec.ts

@@ -0,0 +1,17 @@
+import { route } from "@platform/relay";
+import z from "zod";
+
+import { IdentityEmailClaimedError } from "../../../errors.ts";
+import { IdentitySchema } from "../../../models/identity.ts";
+import { NameSchema } from "../../../schemas/name.ts";
+
+export default route
+  .post("/api/v1/identities")
+  .body(
+    z.object({
+      name: NameSchema,
+      email: z.email(),
+    }),
+  )
+  .errors([IdentityEmailClaimedError])
+  .response(IdentitySchema);

modules/identity/routes/identities/resolve/handle.ts

@@ -0,0 +1,13 @@
+import { NotFoundError } from "@platform/relay";
+
+import { config } from "../../../config.ts";
+import { getIdentityById } from "../../../database.ts";
+import route from "./spec.ts";
+
+export default route.access(["internal:public", config.internal.privateKey]).handle(async ({ params: { id } }) => {
+  const identity = await getIdentityById(id);
+  if (identity === undefined) {
+    return new NotFoundError();
+  }
+  return identity;
+});

modules/identity/routes/identities/resolve/keys.ts

@@ -0,0 +1,5 @@
+import { importVault } from "@platform/vault";
+
+import { config } from "../../../config.ts";
+
+export const vault = importVault(config.internal);

modules/identity/routes/identities/resolve/spec.ts

@@ -0,0 +1,12 @@
+import { NotFoundError, route, UnauthorizedError } from "@platform/relay";
+import z from "zod";
+
+import { IdentitySchema } from "../../../models/identity.ts";
+
+export default route
+  .get("/api/v1/identities/:id/resolve")
+  .params({
+    id: z.string(),
+  })
+  .response(IdentitySchema)
+  .errors([UnauthorizedError, NotFoundError]);

modules/identity/routes/login/code/handle.ts

@@ -0,0 +1,85 @@
+import { logger } from "@platform/logger";
+import cookie from "cookie";
+
+import { Code } from "../../../aggregates/code.ts";
+import { Identity } from "../../../aggregates/identity.ts";
+import { auth } from "../../../auth.ts";
+import { config } from "../../../config.ts";
+import { eventStore } from "../../../event-store.ts";
+import route from "./spec.ts";
+
+export default route.access("public").handle(async ({ params: { identityId, codeId, value }, query: { next } }) => {
+  const code = await eventStore.aggregate.getByStream(Code, codeId);
+
+  if (code === undefined) {
+    return logger.info({
+      type: "code:claimed",
+      session: false,
+      message: "Invalid Code ID",
+      received: codeId,
+    });
+  }
+
+  if (code.claimedAt !== undefined) {
+    return logger.info({
+      type: "code:claimed",
+      session: false,
+      message: "Code Already Claimed",
+      received: codeId,
+    });
+  }
+
+  await code.claim().save();
+
+  if (code.value !== value) {
+    return logger.info({
+      type: "code:claimed",
+      session: false,
+      message: "Invalid Value",
+      expected: code.value,
+      received: value,
+    });
+  }
+
+  if (code.identity.id !== identityId) {
+    return logger.info({
+      type: "code:claimed",
+      session: false,
+      message: "Invalid Identity ID",
+      expected: code.identity.id,
+      received: identityId,
+    });
+  }
+
+  const account = await eventStore.aggregate.getByStream(Identity, identityId);
+  if (account === undefined) {
+    return logger.info({
+      type: "code:claimed",
+      session: false,
+      message: "Account Not Found",
+      expected: code.identity.id,
+      received: undefined,
+    });
+  }
+
+  logger.info({ type: "code:claimed", session: true });
+
+  const options = config.cookie(1000 * 60 * 60 * 24 * 7);
+
+  if (next !== undefined) {
+    return new Response(null, {
+      status: 302,
+      headers: {
+        location: next,
+        "set-cookie": cookie.serialize("token", await auth.generate({ id: account.id }, "1 week"), options),
+      },
+    });
+  }
+
+  return new Response(null, {
+    status: 200,
+    headers: {
+      "set-cookie": cookie.serialize("token", await auth.generate({ id: account.id }, "1 week"), options),
+    },
+  });
+});

modules/identity/routes/login/code/spec.ts

@@ -0,0 +1,13 @@
+import { route } from "@platform/relay";
+import z from "zod";
+
+export default route
+  .get("/api/v1/identities/login/code/:identityId/code/:codeId/:value")
+  .params({
+    identityId: z.string(),
+    codeId: z.string(),
+    value: z.string(),
+  })
+  .query({
+    next: z.string().optional(),
+  });

modules/identity/routes/login/email/handle.ts

@@ -0,0 +1,27 @@
+import { logger } from "@platform/logger";
+
+import { Code } from "../../../aggregates/code.ts";
+import { getIdentityEmailRelation, Identity } from "../../../aggregates/identity.ts";
+import { eventStore } from "../../../event-store.ts";
+import route from "./spec.ts";
+
+export default route.access("public").handle(async ({ body: { base, email } }) => {
+  const identity = await eventStore.aggregate.getByRelation(Identity, getIdentityEmailRelation(email));
+  if (identity === undefined) {
+    return logger.info({
+      type: "auth:email",
+      code: false,
+      message: "Identity Not Found",
+      received: email,
+    });
+  }
+  const code = await eventStore.aggregate.from(Code).create({ id: identity.id }).save();
+  logger.info({
+    type: "auth:email",
+    data: {
+      code: code.id,
+      identityId: identity.id,
+    },
+    link: `${base}/api/v1/admin/auth/${identity.id}/code/${code.id}/${code.value}?next=${base}/admin`,
+  });
+});

modules/identity/routes/login/email/spec.ts

@@ -0,0 +1,9 @@
+import { route } from "@platform/relay";
+import z from "zod";
+
+export default route.post("/api/v1/identities/login/email").body(
+  z.object({
+    base: z.url(),
+    email: z.email(),
+  }),
+);

modules/identity/routes/login/password/handle.ts

@@ -0,0 +1,36 @@
+import { logger } from "@platform/logger";
+import { BadRequestError } from "@platform/relay";
+import cookie from "cookie";
+
+import { auth } from "../../../auth.ts";
+import { config } from "../../../config.ts";
+import { password } from "../../../crypto/password.ts";
+import { getPasswordStrategyByAlias } from "../../../database.ts";
+import route from "./spec.ts";
+
+export default route.access("public").handle(async ({ body: { alias, password: userPassword } }) => {
+  const strategy = await getPasswordStrategyByAlias(alias);
+  if (strategy === undefined) {
+    return logger.info({
+      type: "auth:password",
+      message: "Failed to get account with 'password' strategy.",
+      alias,
+    });
+  }
+
+  const isValidPassword = await password.verify(userPassword, strategy.password);
+  if (isValidPassword === false) {
+    return new BadRequestError("Invalid email/password provided.");
+  }
+
+  return new Response(null, {
+    status: 204,
+    headers: {
+      "set-cookie": cookie.serialize(
+        "token",
+        await auth.generate({ id: strategy.accountId }, "1 week"),
+        config.cookie(1000 * 60 * 60 * 24 * 7),
+      ),
+    },
+  });
+});

modules/identity/routes/login/password/spec.ts

@@ -0,0 +1,9 @@
+import { route } from "@platform/relay";
+import z from "zod";
+
+export default route.post("/api/v1/identities/login/password").body(
+  z.object({
+    alias: z.string(),
+    password: z.string(),
+  }),
+);