feat: Stub the new modular auth module and set up flow management.

modules/auth/config.ts

@@ -1,8 +1,5 @@
-export interface Config {
-	email?: EmailConfig;
-}
+import { Provider } from "./utils/types.ts";
 
-export interface EmailConfig {
-	fromEmail: string;
-	fromName?: string;
+export interface Config {
+	providers: Provider[];
 }

modules/auth/db/migrations/20240627174615_init_stub/migration.sql

@@ -0,0 +1,22 @@
+-- CreateTable
+CREATE TABLE "IdentityEmail" (
+    "userId" UUID NOT NULL,
+    "email" TEXT NOT NULL,
+
+    CONSTRAINT "IdentityEmail_pkey" PRIMARY KEY ("email")
+);
+
+-- CreateTable
+CREATE TABLE "IdentityOAuth" (
+    "userId" UUID NOT NULL,
+    "provider" TEXT NOT NULL,
+    "subId" TEXT NOT NULL,
+
+    CONSTRAINT "IdentityOAuth_pkey" PRIMARY KEY ("provider","subId")
+);
+
+-- CreateIndex
+CREATE INDEX "IdentityEmail_userId_idx" ON "IdentityEmail"("userId");
+
+-- CreateIndex
+CREATE INDEX "IdentityOAuth_userId_idx" ON "IdentityOAuth"("userId");

modules/auth/db/schema.prisma

@@ -3,28 +3,16 @@ datasource db {
     url      = env("DATABASE_URL")
 }
 
-model EmailPasswordless {
-    id        String   @id @default(uuid()) @db.Uuid
-    userId    String   @db.Uuid @unique
-    email     String   @unique
-    createdAt DateTime @default(now()) @db.Timestamp
+model IdentityEmail {
+    userId String @db.Uuid
+    email String @id
+    @@index([userId])
 }
 
-model EmailPasswordlessVerification {
-    id String @id @default(uuid()) @db.Uuid
-
-    // If exists, link to existing identity. If null, create new identity.
-    userId String? @db.Uuid
-
-    email String
-
-    // Code the user has to input to verify the email
-    code String @unique
-
-    attemptCount    Int @default(0)
-    maxAttemptCount Int
-
-    createdAt   DateTime  @default(now()) @db.Timestamp
-    expireAt    DateTime  @db.Timestamp
-    completedAt DateTime? @db.Timestamp
+model IdentityOAuth {
+    userId String @db.Uuid
+    provider String
+    subId String
+    @@id([provider, subId])
+    @@index([userId])
 }

modules/auth/module.json

@@ -1,52 +1,71 @@
 {
-    "name": "Authentication",
-    "description": "Authenticate users with multiple authentication methods.",
-    "icon": "key",
-    "tags": [
-        "core",
-        "auth",
-        "user"
-    ],
-    "authors": [
-        "rivet-gg",
-        "NathanFlurry"
-    ],
-    "status": "stable",
-    "dependencies": {
-        "email": {},
-        "users": {},
-        "rate_limit": {}
-    },
-    "scripts": {
-        "send_email_verification": {
-            "name": "Send Email Verification",
-            "description": "Send a one-time verification code to a user's email address to authenticate them.",
-            "public": true
-        },
-        "complete_email_verification": {
-            "name": "Complete Email Verification",
-            "description": "Verify a user's email address with a one-time verification code.",
-            "public": true
-        }
-    },
-    "errors": {
-        "provider_disabled": {
-            "name": "Provider Disabled"
-        },
-        "verification_code_invalid": {
-            "name": "Verification Code Invalid"
-        },
-        "verification_code_attempt_limit": {
-            "name": "Verification Code Attempt Limit"
-        },
-        "verification_code_expired": {
-            "name": "Verification Code Expired"
-        },
-        "verification_code_already_used": {
-            "name": "Verification Code Already Used"
-        },
-        "email_already_used": {
-            "name": "Email Already Used"
-        }
-    }
+	"name": "Authentication",
+	"description": "Authenticate users with multiple authentication methods.",
+	"icon": "key",
+	"tags": [
+		"core",
+		"auth",
+		"user"
+	],
+	"authors": [
+		"rivet-gg",
+		"NathanFlurry"
+	],
+	"status": "stable",
+	"dependencies": {
+		"email": {},
+		"users": {},
+		"rate_limit": {},
+		"tokens": {}
+	},
+	"scripts": {
+		"get_flow_status": {
+			"name": "Get Flow Status",
+			"description": "Get the status of a login flow by the flow token. Returns the userToken if the flow is completed.",
+			"public": true
+		},
+		"cancel_flow": {
+			"name": "Cancel Flow",
+			"description": "Cancels a login flow. This is irreversible and will error if the flow is not `pending`."
+		},
+		"complete_flow": {
+			"name": "Complete Flow",
+			"description": "Completes a login flow and generates a user token. This is irreversible and will error if the flow is not `pending`."
+		},
+		"list_providers": {
+			"name": "Send Email Verification",
+			"description": "Send a one-time verification code to a user's email address to authenticate them.",
+			"public": true
+		},
+		"start_login_flow": {
+			"name": "Send Email Verification",
+			"description": "Send a one-time verification code to a user's email address to authenticate them.",
+			"public": true
+		},
+		"list_identities": {
+			"name": "Complete Email Verification",
+			"description": "Verify a user's email address with a one-time verification code.",
+			"public": true
+		}
+	},
+	"errors": {
+		"provider_disabled": {
+			"name": "Provider Disabled"
+		},
+		"verification_code_invalid": {
+			"name": "Verification Code Invalid"
+		},
+		"verification_code_attempt_limit": {
+			"name": "Verification Code Attempt Limit"
+		},
+		"verification_code_expired": {
+			"name": "Verification Code Expired"
+		},
+		"verification_code_already_used": {
+			"name": "Verification Code Already Used"
+		},
+		"email_already_used": {
+			"name": "Email Already Used"
+		}
+	}
 }

modules/auth/scripts/cancel_flow.ts

@@ -0,0 +1,15 @@
+import { Empty, ScriptContext } from "../module.gen.ts";
+import { cancelFlow } from "../utils/flow.ts";
+
+export interface Request {
+	flowToken: string;
+}
+export type Response = Empty;
+
+export async function run(
+	ctx: ScriptContext,
+	req: Request,
+): Promise<Response> {
+	await cancelFlow(ctx, req.flowToken);
+	return {};
+}