⭐ feat(infra): Update infra and add support for teams to SST (#186)

## Description
- [x] Adds support for AWS SSO, which makes us (the team) able to use
SST and update the components independently
- [x] Splits the webpage into the landing page (Qwik), and Astro (the
console) in charge of playing. This allows us to pass in Environment
Variables to the console
- ~Migrates the docs from Nuxt to Nextjs, and connects them to SST. This
allows us to use Fumadocs _citation needed_ that's much more beautiful,
and supports OpenApi~
- Cloudflare pages with github integration is not working on our new CF
account. So we will have to push the pages deployment manually with
Github actions
- [x] Moves the current set up from my personal CF and AWS accounts to
dedicated Nestri accounts -

## Related Issues
<!-- List any related issues (e.g., "Closes #123", "Fixes #456") -->

## Type of Change

- [ ] Bug fix (non-breaking change)
- [x] New feature (non-breaking change)
- [ ] Breaking change (fix or feature that changes existing
functionality)
- [x] Documentation update
- [ ] Other (please describe):

## Checklist

- [x] I have updated relevant documentation
- [x] My code follows the project's coding style
- [x] My changes generate no new warnings/errors

## Notes for Reviewers
<!-- Point out areas you'd like reviewers to focus on, questions you
have, or decisions that need discussion -->
Please approve my PR 🥹


## Screenshots/Demo
<!-- If applicable, add screenshots or a GIF demo of your changes
(especially for UI changes) -->

## Additional Context
<!-- Add any other context about the pull request here -->

packages/functions/src/api/auth.ts

@@ -0,0 +1,69 @@
+import { Resource } from "sst";
+import { subjects } from "../subjects";
+import { type MiddlewareHandler } from "hono";
+// import { User } from "@nestri/core/user/index";
+import { VisibleError } from "@nestri/core/error";
+import { HTTPException } from "hono/http-exception";
+import { useActor, withActor } from "@nestri/core/actor";
+import { createClient } from "@openauthjs/openauth/client";
+
+const client = createClient({
+  issuer: Resource.Urls.auth,
+  clientID: "api",
+});
+
+export const notPublic: MiddlewareHandler = async (c, next) => {
+  const actor = useActor();
+  if (actor.type === "public")
+    throw new HTTPException(401, { message: "Unauthorized" });
+  return next();
+};
+
+export const auth: MiddlewareHandler = async (c, next) => {
+  const authHeader =
+    c.req.query("authorization") ?? c.req.header("authorization");
+  if (!authHeader) return next();
+  const match = authHeader.match(/^Bearer (.+)$/);
+  if (!match) {
+    throw new VisibleError(
+      "auth.token",
+      "Bearer token not found or improperly formatted",
+    );
+  }
+  const bearerToken = match[1];
+  let result = await client.verify(subjects, bearerToken!);
+  if (result.err) {
+    throw new HTTPException(401, {
+      message: "Unauthorized",
+    });
+  }
+
+  if (result.subject.type === "user") {
+    const teamID = c.req.header("x-nestri-team") //|| c.req.query("teamID");
+    if (!teamID) return withActor(result.subject, next);
+    // const email = result.subject.properties.email;
+    return withActor(
+      {
+        type: "system",
+        properties: {
+          teamID,
+        },
+      },
+      next
+    //   async () => {
+    //     const user = await User.fromEmail(email);
+    //     if (!user || user.length === 0) {
+    //       c.status(401);
+    //       return c.text("Unauthorized");
+    //     }
+    //     return withActor(
+    //       {
+    //         type: "member",
+    //         properties: { userID: user[0].id, workspaceID: user.workspaceID },
+    //       },
+    //       next,
+    //     );
+    //   },
+    );
+  }
+};