feat: refactor account

spec/modules/access/role.ts

@@ -0,0 +1,12 @@
+import { makeSchemaParser } from "@spec/shared";
+import z from "zod";
+
+export const RoleSchema = z.object({
+  id: z.uuid(),
+  name: z.string(),
+  permissions: z.record(z.string(), z.array(z.string())),
+});
+
+export const parseRole = makeSchemaParser(RoleSchema);
+
+export type Role = z.infer<typeof RoleSchema>;

spec/modules/account/account.ts

@@ -0,0 +1,23 @@
+import { AvatarSchema, ContactSchema, makeSchemaParser, NameSchema } from "@spec/shared";
+import { z } from "zod";
+
+import { RoleSchema } from "../access/role.ts";
+import { StrategySchema } from "./strategies.ts";
+
+export const AccountSchema = z.object({
+  id: z.uuid(),
+  avatar: AvatarSchema.optional(),
+  name: NameSchema.optional(),
+  contact: ContactSchema.default({
+    emails: [],
+  }),
+  strategies: z.array(StrategySchema).default([]),
+  roles: z.array(RoleSchema).default([]),
+});
+
+export const AccountDocumentSchema = AccountSchema.omit({ roles: true }).extend({ roles: z.string().array() });
+
+export const parseAccount = makeSchemaParser(AccountSchema);
+
+export type Account = z.infer<typeof AccountSchema>;
+export type AccountDocument = z.infer<typeof AccountDocumentSchema>;

spec/modules/account/mod.ts

@@ -0,0 +1,5 @@
+import { create } from "./routes/create.ts";
+
+export const routes = {
+  create,
+};

spec/modules/account/routes/create.ts

@@ -0,0 +1,5 @@
+import { route } from "@spec/relay";
+import { NameSchema } from "@spec/shared";
+import z from "zod";
+
+export const create = route.post("/api/v1/accounts").body(z.object({ name: NameSchema }));

spec/modules/account/strategies.ts

@@ -0,0 +1,33 @@
+import z from "zod";
+
+const EmailStrategySchema = z.object({
+  type: z.literal("email"),
+  value: z.string(),
+});
+
+const PasswordStrategySchema = z.object({
+  type: z.literal("password"),
+  alias: z.string(),
+  password: z.string(),
+});
+
+const PasskeyStrategySchema = z.object({
+  type: z.literal("passkey"),
+  credId: z.string(),
+  credPublicKey: z.string(),
+  webauthnUserId: z.string(),
+  counter: z.number(),
+  backupEligible: z.boolean(),
+  backupStatus: z.boolean(),
+  transports: z.string(),
+  createdAt: z.date(),
+  lastUsed: z.date(),
+});
+
+export const StrategySchema = z.discriminatedUnion("type", [
+  EmailStrategySchema,
+  PasswordStrategySchema,
+  PasskeyStrategySchema,
+]);
+
+export type Strategy = z.infer<typeof StrategySchema>;

spec/modules/auth/strategies.ts

@@ -2,48 +2,36 @@ import { z } from "zod";
 
 export const PasskeyStrategySchema = z.object({
   type: z.literal("passkey").describe("Authentication strategy type for WebAuthn/Passkey"),
-  payload: z
+  id: z.string().describe("Base64URL encoded credential ID"),
+  rawId: z.string().describe("Raw credential ID as base64URL encoded string"),
+  response: z
     .object({
-      id: z.string().describe("Base64URL encoded credential ID"),
-      rawId: z.string().describe("Raw credential ID as base64URL encoded string"),
-      response: z
-        .object({
-          clientDataJSON: z.string().describe("Base64URL encoded client data JSON"),
-          authenticatorData: z.string().describe("Base64URL encoded authenticator data"),
-          signature: z.string().optional().describe("Signature for authentication responses"),
-          userHandle: z.string().optional().describe("Optional user handle identifier"),
-          attestationObject: z.string().optional().describe("Attestation object for registration responses"),
-        })
-        .describe("WebAuthn response data"),
-      clientExtensionResults: z
-        .record(z.string(), z.unknown())
-        .default({})
-        .describe("Results from WebAuthn extension inputs"),
-      authenticatorAttachment: z
-        .enum(["platform", "cross-platform"])
-        .optional()
-        .describe("Type of authenticator used (platform or cross-platform)"),
+      clientDataJSON: z.string().describe("Base64URL encoded client data JSON"),
+      authenticatorData: z.string().describe("Base64URL encoded authenticator data"),
+      signature: z.string().optional().describe("Signature for authentication responses"),
+      userHandle: z.string().optional().describe("Optional user handle identifier"),
+      attestationObject: z.string().optional().describe("Attestation object for registration responses"),
     })
-    .describe("WebAuthn credential payload"),
+    .describe("WebAuthn response data"),
+  clientExtensionResults: z
+    .record(z.string(), z.unknown())
+    .default({})
+    .describe("Results from WebAuthn extension inputs"),
+  authenticatorAttachment: z
+    .enum(["platform", "cross-platform"])
+    .optional()
+    .describe("Type of authenticator used (platform or cross-platform)"),
 });
 
 export const EmailStrategySchema = z.object({
   type: z.literal("email").describe("Authentication strategy type for email"),
-  payload: z
-    .object({
-      email: z.email().describe("User's email address for authentication"),
-    })
-    .describe("Email authentication payload"),
+  email: z.email().describe("User's email address for authentication"),
 });
 
 export const PasswordStrategySchema = z.object({
   type: z.literal("password").describe("Authentication strategy type for password"),
-  payload: z
-    .object({
-      identifier: z.string().describe("User identifier (username or email)"),
-      password: z.string().describe("User's password"),
-    })
-    .describe("Password authentication payload"),
+  alias: z.string().describe("User alias (username or email)"),
+  password: z.string().describe("User's password"),
 });
 
 export const StrategyPayloadSchema = z

spec/shared/avatar.ts

@@ -0,0 +1,7 @@
+import z from "zod";
+
+export const AvatarSchema = z.object({
+  url: z.string().describe("A valid URL pointing to the user's avatar image."),
+});
+
+export type Avatar = z.infer<typeof AvatarSchema>;

spec/shared/contact.ts

@@ -0,0 +1,9 @@
+import z from "zod";
+
+import { EmailSchema } from "./email.ts";
+
+export const ContactSchema = z.object({
+  emails: z.array(EmailSchema).default([]).describe("A list of email addresses associated with the contact."),
+});
+
+export type Contact = z.infer<typeof ContactSchema>;

spec/shared/database.ts

@@ -0,0 +1,15 @@
+import z, { ZodObject } from "zod";
+
+export function makeSchemaParser<TSchema extends ZodObject>(schema: TSchema): SchemaParserFn<TSchema> {
+  return ((value: unknown | unknown[]) => {
+    if (Array.isArray(value)) {
+      return value.map((value: unknown) => schema.parse(value));
+    }
+    return schema.parse(value);
+  }) as SchemaParserFn<TSchema>;
+}
+
+type SchemaParserFn<TSchema extends ZodObject> = {
+  (value: unknown): z.infer<TSchema>;
+  (value: unknown[]): z.infer<TSchema>[];
+};

spec/shared/email.ts

@@ -0,0 +1,11 @@
+import z from "zod";
+
+export const EmailSchema = z.object({
+  type: z.enum(["personal", "work"]).describe("The context of the email address, e.g., personal or work."),
+  value: z.email().describe("A valid email address string."),
+  primary: z.boolean().describe("Indicates if this is the primary email."),
+  verified: z.boolean().describe("True if the email address has been verified."),
+  label: z.string().optional().describe("Optional display label for the email address."),
+});
+
+export type Email = z.infer<typeof EmailSchema>;

spec/shared/mod.ts

@@ -0,0 +1,5 @@
+export * from "./avatar.ts";
+export * from "./contact.ts";
+export * from "./database.ts";
+export * from "./email.ts";
+export * from "./name.ts";

spec/shared/name.ts

@@ -0,0 +1,8 @@
+import { z } from "zod";
+
+export const NameSchema = z.object({
+  family: z.string().nullable().describe("Family name, also known as last name or surname."),
+  given: z.string().nullable().describe("Given name, also known as first name."),
+});
+
+export type Name = z.infer<typeof NameSchema>;