ekyc

auth.ts (1688B)

---

 import { Code } from "#core/domain/code.ts";
 import { nonceUUID } from "#core/domain/crypto.ts";
 import { Email } from "#core/domain/email.ts";
 import { EmailChallenge } from "#core/domain/email_challenge.ts";
 import { Password } from "#core/domain/password.ts";
 import {
   ExpiredSessionToken,
   SessionToken,
 } from "#core/domain/session_token.ts";
 import { Token } from "#core/domain/token.ts";
 import { UUID } from "#core/domain/uuid.ts";
 import { Logger } from "#core/domain/logger.ts";
 
 export class Auth {
   static register(
     email: Email,
     password: Password,
     passwordConfirm: string,
   ) {
     password.attempt(passwordConfirm);
     return new this(
       nonceUUID(),
       new EmailChallenge(email),
       password,
     );
   }
 
   constructor(
     readonly id: UUID,
     readonly email: EmailChallenge,
     readonly password: Password,
     private _session: SessionToken = SessionToken.none(),
     public version: number = 0,
   ) {}
 
   get session() {
     return this._session;
   }
 
   requestEmailChallenge() {
     return this.email.requestChallenge();
   }
 
   verifyEmailChallenge(code: Code): void {
     this.email.attemptChallenge(code);
   }
 
   login(candidatePassword: string): Token {
     this.email.assertVerified();
     this.password.attempt(candidatePassword);
     this._session = SessionToken.issue();
     return this._session.valueOf()!;
   }
 
   authenticate(token: Token): void {
     this.email.assertVerified();
     if (!this._session.grant(token)) {
       throw new ExpiredSessionToken();
     }
   }
 
   logout(token: Token): void {
     this.email.assertVerified();
     if (this._session.grant(token)) {
       this._session = SessionToken.none();
     }
   }
 }