wip: auth

d6bfa5fc · Steel · 515059a0 · d6bfa5fc · d6bfa5fc · d6bfa5fc
--- a/.npmrc
+++ b/.npmrc
 engine-strict=true
+strict-peer-dependencies=true
+@arise:registry=https://git.iiens.net/api/v4/packages/npm/
--- a/package.json
+++ b/package.json
@@ -43,6 +43,7 @@
 		"vite": "^5.0.3"
 	},
 	"dependencies": {
+		"@arise/aidc-sveltekit": "^0.4.1",
 		"@urql/core": "^5.0.6",
 		"formsnap": "^1.0.1",
 		"gql.tada": "^1.8.6",

--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
--- a/src/app.d.ts
+++ b/src/app.d.ts
+import type { Locals as AriseLocals } from "@arise/aidc-sveltekit/types";
+
 // See https://kit.svelte.dev/docs/types#app
 // for information about these interfaces
 declare global {
 	namespace App {
 		// interface Error {}
-		// interface Locals {}
+		type Locals = AriseLocals;
 		// interface PageData {}
 		// interface PageState {}
 		// interface Platform {}

--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
+import { sequence } from '@sveltejs/kit/hooks';
+import { type Handle, redirect } from '@sveltejs/kit';
+import { aidc } from '$lib/auth';
+
+const authGuard: Handle = async ({ event, resolve }) => {
+	if (!event.locals.user) {
+		redirect(303, event.locals.authPaths.login);
+	}
+	return resolve(event);
+};
+
+export const handle = sequence(aidc.handler(), authGuard);
--- a/src/lib/auth/index.ts
+++ b/src/lib/auth/index.ts
+import env from "$lib/env";
+import { AriseIdConnect } from "@arise/aidc-sveltekit";
+import { defaultLucia } from "@arise/aidc-sveltekit/default";
+
+export const aidc = await AriseIdConnect.init({
+  client_id: env.AIDC_CLIENT_ID,
+  client_secret: env.AIDC_CLIENT_SECRET,
+  scope: "openid offline_access profile",
+  wrapper: defaultLucia,
+});
--- a/src/lib/env.ts
+++ b/src/lib/env.ts
@@ -17,4 +17,10 @@ function ensureEnv<K extends readonly string[]>(keys: K): RecordFromKeys<K> {
 	return cleanEnv;
 }

-export default ensureEnv(['API_ORIGIN', 'API_TOKEN', 'COOKIE_SECRET'] as const);
+export default ensureEnv([
+	'API_ORIGIN',
+	'API_TOKEN',
+	'COOKIE_SECRET',
+	'AIDC_CLIENT_ID',
+	'AIDC_CLIENT_SECRET'
+] as const);
--- a/src/lib/graphql/index.ts
+++ b/src/lib/graphql/index.ts
 import { initGraphQLTada } from 'gql.tada';
-import type { introspection } from '../../graphql-env.d.ts';
+import type { introspection } from '$lib/../graphql';

 export const graphql = initGraphQLTada<{
 	introspection: introspection;

--- a/src/lib/graphql/schema.gql
+++ b/src/lib/graphql/schema.gql
-directive @concat(value: String!) on FIELD
-
-"""
-# Valeurs non nulles
-Transforme les champs `null` par une valeur par défaut.
-STRING => ""
-NUMBER => 0
-BOOLEAN => false
-LIST => []
-OBJECT => {}
-"""
-directive @non_null(from: FromNull!) on FIELD
-
-"""
-Indicates that an Input Object is a OneOf Input Object (and thus requires
-                        exactly one of its field be provided)
-"""
-directive @oneOf on INPUT_OBJECT
-
-type BuildInfo {
-	ref: String
-	sha: String
-}
-
-input CreateUnixAccount {
-	vhost: String
-}
-
-enum FromNull {
-	NUMBER
-	STRING
-	BOOLEAN
-	LIST
-	OBJECT
-}
-
-input GroupId {
-	id: SmolStr
-	email: String
-	uuid: UUID
-}
-
-type Health {
-	db: String!
-}
-
-scalar Identifier
-
-type Mutation {
-	createGroupUnixAccount(group: GroupId!, account: CreateUnixAccount!): UnixAccount!
-	status: Int!
-}
-
-"""
-Ensemble des requêtes possibles pour l'API Arise.
-Certaines peuvent être cachées, en fonction des permissions courantes.
-"""
-type Query {
-	trainings: [Training!]!
-	buildInfo: BuildInfo!
-	health: Health!
-}
-
-scalar SmolStr
-
-type Training {
-	uuid: UUID!
-	id: Identifier!
-	name: String!
-	fullName: String
-}
-
-"""
-A UUID is a unique 128-bit number, stored as 16 octets. UUIDs are parsed as
-Strings within GraphQL. UUIDs are used to assign unique identifiers to
-entities without requiring a central allocating authority.
-
-# References
-
-* [Wikipedia: Universally Unique Identifier](http://en.wikipedia.org/wiki/Universally_unique_identifier)
-* [RFC4122: A Universally Unique IDentifier (UUID) URN Namespace](http://tools.ietf.org/html/rfc4122)
-"""
-scalar UUID
-
-type UnixAccount {
-	accountUuid: UUID!
-	uid: Int!
-	vhost: String
-
-	"""
-	URL du site personnel de l'utilisateur
-
-	Page "perso" de l'utilisateur hébergée sur les serveurs d'ARISE.
-
-	Par exemple, `https://acier.perso.iiens.net`
-	"""
-	website: Url
-}
-
-"""
-URL is a String implementing the [URL Standard](http://url.spec.whatwg.org/)
-"""
-scalar Url