feat: refactor account

spec/modules/access/role.ts

@@ -0,0 +1,12 @@
+import { makeSchemaParser } from "@spec/shared";
+import z from "zod";
+
+export const RoleSchema = z.object({
+  id: z.uuid(),
+  name: z.string(),
+  permissions: z.record(z.string(), z.array(z.string())),
+});
+
+export const parseRole = makeSchemaParser(RoleSchema);
+
+export type Role = z.infer<typeof RoleSchema>;

spec/modules/account/account.ts

@@ -0,0 +1,23 @@
+import { AvatarSchema, ContactSchema, makeSchemaParser, NameSchema } from "@spec/shared";
+import { z } from "zod";
+
+import { RoleSchema } from "../access/role.ts";
+import { StrategySchema } from "./strategies.ts";
+
+export const AccountSchema = z.object({
+  id: z.uuid(),
+  avatar: AvatarSchema.optional(),
+  name: NameSchema.optional(),
+  contact: ContactSchema.default({
+    emails: [],
+  }),
+  strategies: z.array(StrategySchema).default([]),
+  roles: z.array(RoleSchema).default([]),
+});
+
+export const AccountDocumentSchema = AccountSchema.omit({ roles: true }).extend({ roles: z.string().array() });
+
+export const parseAccount = makeSchemaParser(AccountSchema);
+
+export type Account = z.infer<typeof AccountSchema>;
+export type AccountDocument = z.infer<typeof AccountDocumentSchema>;

spec/modules/account/mod.ts

@@ -0,0 +1,5 @@
+import { create } from "./routes/create.ts";
+
+export const routes = {
+  create,
+};

spec/modules/account/routes/create.ts

@@ -0,0 +1,5 @@
+import { route } from "@spec/relay";
+import { NameSchema } from "@spec/shared";
+import z from "zod";
+
+export const create = route.post("/api/v1/accounts").body(z.object({ name: NameSchema }));

spec/modules/account/strategies.ts

@@ -0,0 +1,33 @@
+import z from "zod";
+
+const EmailStrategySchema = z.object({
+  type: z.literal("email"),
+  value: z.string(),
+});
+
+const PasswordStrategySchema = z.object({
+  type: z.literal("password"),
+  alias: z.string(),
+  password: z.string(),
+});
+
+const PasskeyStrategySchema = z.object({
+  type: z.literal("passkey"),
+  credId: z.string(),
+  credPublicKey: z.string(),
+  webauthnUserId: z.string(),
+  counter: z.number(),
+  backupEligible: z.boolean(),
+  backupStatus: z.boolean(),
+  transports: z.string(),
+  createdAt: z.date(),
+  lastUsed: z.date(),
+});
+
+export const StrategySchema = z.discriminatedUnion("type", [
+  EmailStrategySchema,
+  PasswordStrategySchema,
+  PasskeyStrategySchema,
+]);
+
+export type Strategy = z.infer<typeof StrategySchema>;

spec/modules/auth/strategies.ts

@@ -2,48 +2,36 @@ import { z } from "zod";
 
 export const PasskeyStrategySchema = z.object({
   type: z.literal("passkey").describe("Authentication strategy type for WebAuthn/Passkey"),
-  payload: z
+  id: z.string().describe("Base64URL encoded credential ID"),
+  rawId: z.string().describe("Raw credential ID as base64URL encoded string"),
+  response: z
     .object({
-      id: z.string().describe("Base64URL encoded credential ID"),
-      rawId: z.string().describe("Raw credential ID as base64URL encoded string"),
-      response: z
-        .object({
-          clientDataJSON: z.string().describe("Base64URL encoded client data JSON"),
-          authenticatorData: z.string().describe("Base64URL encoded authenticator data"),
-          signature: z.string().optional().describe("Signature for authentication responses"),
-          userHandle: z.string().optional().describe("Optional user handle identifier"),
-          attestationObject: z.string().optional().describe("Attestation object for registration responses"),
-        })
-        .describe("WebAuthn response data"),
-      clientExtensionResults: z
-        .record(z.string(), z.unknown())
-        .default({})
-        .describe("Results from WebAuthn extension inputs"),
-      authenticatorAttachment: z
-        .enum(["platform", "cross-platform"])
-        .optional()
-        .describe("Type of authenticator used (platform or cross-platform)"),
+      clientDataJSON: z.string().describe("Base64URL encoded client data JSON"),
+      authenticatorData: z.string().describe("Base64URL encoded authenticator data"),
+      signature: z.string().optional().describe("Signature for authentication responses"),
+      userHandle: z.string().optional().describe("Optional user handle identifier"),
+      attestationObject: z.string().optional().describe("Attestation object for registration responses"),
     })
-    .describe("WebAuthn credential payload"),
+    .describe("WebAuthn response data"),
+  clientExtensionResults: z
+    .record(z.string(), z.unknown())
+    .default({})
+    .describe("Results from WebAuthn extension inputs"),
+  authenticatorAttachment: z
+    .enum(["platform", "cross-platform"])
+    .optional()
+    .describe("Type of authenticator used (platform or cross-platform)"),
 });
 
 export const EmailStrategySchema = z.object({
   type: z.literal("email").describe("Authentication strategy type for email"),
-  payload: z
-    .object({
-      email: z.email().describe("User's email address for authentication"),
-    })
-    .describe("Email authentication payload"),
+  email: z.email().describe("User's email address for authentication"),
 });
 
 export const PasswordStrategySchema = z.object({
   type: z.literal("password").describe("Authentication strategy type for password"),
-  payload: z
-    .object({
-      identifier: z.string().describe("User identifier (username or email)"),
-      password: z.string().describe("User's password"),
-    })
-    .describe("Password authentication payload"),
+  alias: z.string().describe("User alias (username or email)"),
+  password: z.string().describe("User's password"),
 });
 
 export const StrategyPayloadSchema = z