Implement OAuth2 server, link oauth:Client and auth::Oauth2Client, implement permission checks

app/models/auth/Group.model.js

@@ -0,0 +1,35 @@
+const { Model } = require('flitter-orm')
+
+// For organizational purposes only.
+class GroupModel extends Model {
+    static get services() {
+        return [...super.services, 'models']
+    }
+
+    static get schema() {
+        return {
+            name: String,
+            user_ids: [String],
+            active: { type: Boolean, default: true },
+        }
+    }
+
+    identifier() {
+        return this.name.toLowerCase().replace(/\s/g, '_')
+    }
+
+    async users() {
+        const User = this.models.get('auth:User')
+        return await User.find({ _id: { $in: this.user_ids.map(x => this.constructor.to_object_id(x)) } })
+    }
+
+    async to_api() {
+        return {
+            id: this.id,
+            name: this.name,
+            user_ids: this.user_ids,
+        }
+    }
+}
+
+module.exports = exports = GroupModel

app/models/auth/User.model.js

@@ -31,6 +31,7 @@ class User extends AuthUser {
             app_passwords: [AppPassword],
             mfa_enabled: {type: Boolean, default: false},
             mfa_enable_date: Date,
+            create_date: {type: Date, default: () => new Date},
         }}
     }
 
@@ -42,6 +43,7 @@ class User extends AuthUser {
             last_name: this.last_name,
             email: this.email,
             tagline: this.tagline,
+            group_ids: (await this.groups()).map(x => x.id),
         }
     }
 
@@ -112,6 +114,11 @@ class User extends AuthUser {
         return { password: gen, record: pw }
     }
 
+    async groups() {
+        const Group = this.models.get('auth:Group')
+        return Group.find({ active: true, user_ids: this.id })
+    }
+
     async ldap_groups() {
         const Group = this.models.get('ldap:Group')
         return await Group.find({