import { Auth, ResolvedSession } from "@valkyr/auth"; import z from "zod"; import { db } from "~libraries/read-store/database.ts"; import { config } from "./config.ts"; export const auth = new Auth( { settings: { algorithm: "RS256", privateKey: config.privateKey, publicKey: config.publicKey, issuer: "https://balto.health", audience: "https://balto.health", }, session: z.object({ accountId: z.string(), }), permissions: { admin: ["create", "read", "update", "delete"], organization: ["create", "read", "update", "delete"], consultant: ["create", "read", "update", "delete"], task: ["create", "update", "read", "delete"], } as const, guards: [], }, { roles: { async add(role) { await db.collection("roles").insertOne(role); }, async getById(id) { const role = await db.collection("roles").findOne({ id }); if (role === null) { return undefined; } return role; }, async getBySession({ accountId }) { const account = await db.collection("accounts").findOne({ id: accountId }); if (account === null) { return []; } return db .collection("roles") .find({ id: { $in: account.roles } }) .toArray(); }, async setPermissions() { throw new Error("MongoRolesProvider > .setPermissions is managed by Role aggregate projections"); }, async delete(id) { await db.collection("roles").deleteOne({ id }); }, async assignAccount(roleId: string, accountId: string): Promise { await db.collection("accounts").updateOne( { id: accountId }, { $push: { roles: roleId, }, }, ); }, async removeAccount(roleId: string, accountId: string): Promise { await db.collection("roles").updateOne( { id: accountId }, { $pull: { roles: roleId, }, }, ); }, }, }, ); export type Session = ResolvedSession; export type Permissions = (typeof auth)["$permissions"];