✨ feat: Add auth flow (#146)

This adds a simple way to incorporate a centralized authentication flow. The idea is to have the user, API and SSH (for machine authentication) all in one place using `openauthjs` + `SST` We also have a database now :) > We are using InstantDB as it allows us to authenticate a use with just the email. Plus it is super simple simple to use _of course after the initial fumbles trying to design the db and relationships_
2025-12-12 16:55:37 +02:00 · 2025-01-04 00:02:28 +03:00
parent 33895974a7
commit fc5a755408
136 changed files with 3512 additions and 1914 deletions
--- a/packages/core/src/actor.ts
+++ b/packages/core/src/actor.ts
@@ -0,0 +1,85 @@
+import { createContext } from "./context";
+import { VisibleError } from "./error";
+
+export interface UserActor {
+    type: "user";
+    properties: {
+        accessToken: string;
+        userID: string;
+        auth?:
+        | {
+            type: "personal";
+            token: string;
+        }
+        | {
+            type: "oauth";
+            clientID: string;
+        };
+    };
+}
+
+export interface DeviceActor {
+    type: "device";
+    properties: {
+        fingerprint: string;
+        id: string;
+        auth?:
+        | {
+            type: "personal";
+            token: string;
+        }
+        | {
+            type: "oauth";
+            clientID: string;
+        };
+    };
+}
+
+export interface PublicActor {
+    type: "public";
+    properties: {};
+}
+
+type Actor = UserActor | PublicActor | DeviceActor;
+export const ActorContext = createContext<Actor>();
+
+export function useCurrentUser() {
+    const actor = ActorContext.use();
+    if (actor.type === "user") return {
+      id:actor.properties.userID,
+      token: actor.properties.accessToken
+    };
+    throw new VisibleError(
+        "auth",
+        "unauthorized",
+        `You don't have permission to access this resource`,
+    );
+}
+
+export function useCurrentDevice() {
+    const actor = ActorContext.use();
+    if (actor.type === "device") return {
+      fingerprint:actor.properties.fingerprint,
+      id: actor.properties.id
+    };
+    throw new VisibleError(
+        "auth",
+        "unauthorized",
+        `You don't have permission to access this resource`,
+    );
+}
+
+export function useActor() {
+    try {
+      return ActorContext.use();
+    } catch {
+      return { type: "public", properties: {} } as PublicActor;
+    }
+  }
+  
+  export function assertActor<T extends Actor["type"]>(type: T) {
+    const actor = useActor();
+    if (actor.type !== type)
+      throw new VisibleError("auth", "actor.invalid", `Actor is not "${type}"`);
+    return actor as Extract<Actor, { type: T }>;
+  }