ORM type refactor

- Create migration directives & migrators
- Modify Cache classes to support array manipulation
- Create Redis unit and RedisCache implementation
- Create Queueable base class and Queue class that uses Cache backend

.drone.yml

@@ -1,3 +1,86 @@
+kind: pipeline
+type: docker
+name: docs
+steps:
+  # ============ BUILD STEPS ===============
+  - name: build documentation
+    image: glmdev/node-pnpm:latest
+    commands:
+      - pnpm i --silent
+      - pnpm docs:build
+      - cd docs && tar czf ../extollo_api_documentation.tar.gz www
+
+  # =============== DEPLOY STEPS ===============
+  - name: copy artifacts to static host
+    image: appleboy/drone-scp
+    settings:
+      host:
+        from_secret: docs_deploy_host
+      username:
+        from_secret: docs_deploy_user
+      key:
+        from_secret: docs_deploy_key
+      port: 22
+      source: extollo_api_documentation.tar.gz
+      target: /var/nfs/storage/static/sites/extollo
+    when:
+      event: promote
+      target: docs
+
+  - name: deploy artifacts on static host
+    image: appleboy/drone-ssh
+    settings:
+      host:
+        from_secret: docs_deploy_host
+      username:
+        from_secret: docs_deploy_user
+      key:
+        from_secret: docs_deploy_key
+      port: 22
+      script:
+        - cd /var/nfs/storage/static/sites/extollo
+        - rm -rf docs
+        - tar xzf extollo_api_documentation.tar.gz
+        - rm -rf extollo_api_documentation.tar.gz
+        - mv www docs
+    when:
+      event: promote
+      target: docs
+
+  # =============== BUILD NOTIFICATIONS ===============
+  - name: send build success notifications
+    image: plugins/webhook
+    settings:
+      urls:
+        from_secret: notify_webhook_url
+      content_type: application/json
+      template: |
+        {
+          "title": "Drone-CI [extollo/docs @ ${DRONE_BUILD_NUMBER}]",
+          "message": "Build & deploy completed successfully.",
+          "priority": 4
+        }
+    when:
+      status: success
+      event:
+        - promote
+
+  - name: send build error notifications
+    image: plugins/webhook
+    settings:
+      urls:
+        from_secret: notify_webhook_url
+      content_type: application/json
+      template: |
+        {
+          "title": "Drone-CI [extollo/docs @ ${DRONE_BUILD_NUMBER}]",
+          "message": "Documentation build failed!",
+          "priority": 6
+        }
+    when:
+      status: failure
+---
+
 kind: pipeline
 name: default
 type: docker
@@ -20,10 +103,19 @@ steps:
       event:
         exclude: tag
 
-  - name: build module
+  - name: Install dependencies
     image: glmdev/node-pnpm:latest
     commands:
       - pnpm i
+
+  - name: Lint code
+    image: glmdev/node-pnpm:latest
+    commands:
+      - pnpm lint
+
+  - name: build module
+    image: glmdev/node-pnpm:latest
+    commands:
       - pnpm build
       - mkdir artifacts
       - tar czf artifacts/extollo-lib.tar.gz lib
@@ -134,18 +226,3 @@ steps:
     when:
       status: failure
       event: pull_request
-
-  - name: trigger documentation build
-    image: plugins/downstream
-    settings:
-      server: https://ci.garrettmills.dev
-      token:
-        from_secret: drone_token
-      fork: false
-      last_successful: true
-      deploy: production
-      repositories:
-        - Extollo/docs@master
-    when:
-      status: success
-      event: tag

.eslintignore

@@ -0,0 +1,3 @@
+node_modules
+lib
+dist

.eslintrc.json

@@ -0,0 +1,113 @@
+{
+    "env": {
+        "browser": true,
+        "es2021": true
+    },
+    "extends": [
+        "eslint:recommended",
+        "plugin:@typescript-eslint/eslint-recommended",
+        "plugin:@typescript-eslint/recommended"
+    ],
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": {
+        "ecmaVersion": 12,
+        "sourceType": "module"
+    },
+    "plugins": [
+        "@typescript-eslint"
+    ],
+    "rules": {
+        "indent": [
+            "error",
+            4
+        ],
+        "linebreak-style": [
+            "error",
+            "unix"
+        ],
+        "quotes": [
+            "error",
+            "single",
+            {
+                "allowTemplateLiterals": true
+            }
+        ],
+        "semi": [
+            "error",
+            "never"
+        ],
+        "no-console": "error",
+        "curly": "error",
+        "eqeqeq": "error",
+        "guard-for-in": "error",
+        "no-alert": "error",
+        "no-caller": "error",
+        "no-constructor-return": "error",
+        "no-eval": "error",
+        "no-implicit-coercion": "error",
+        "no-implied-eval": "error",
+        "no-invalid-this": "error",
+        "no-return-await": "error",
+        "no-throw-literal": "error",
+        "no-useless-call": "error",
+        "radix": "error",
+        "yoda": "error",
+        "@typescript-eslint/no-shadow": "error",
+        "brace-style": "error",
+        "camelcase": "error",
+        "comma-dangle": [
+            "error",
+            "always-multiline"
+        ],
+        "comma-spacing": [
+            "error",
+            {
+                "before": false,
+                "after": true
+            }
+        ],
+        "comma-style": [
+            "error",
+            "last"
+        ],
+        "computed-property-spacing": [
+            "error",
+            "never"
+        ],
+        "eol-last": "error",
+        "func-call-spacing": [
+            "error",
+            "never"
+        ],
+        "keyword-spacing": [
+            "error",
+            {
+                "before": true,
+                "after": true
+            }
+        ],
+        "lines-between-class-members": "error",
+        "max-params": [
+            "error",
+            4
+        ],
+        "new-parens": [
+            "error",
+            "always"
+        ],
+        "newline-per-chained-call": "error",
+        "no-trailing-spaces": "error",
+        "no-underscore-dangle": "error",
+        "no-unneeded-ternary": "error",
+        "no-whitespace-before-property": "error",
+        "object-property-newline": "error",
+        "prefer-exponentiation-operator": "error",
+        "prefer-object-spread": "error",
+        "spaced-comment": [
+            "error",
+            "always"
+        ],
+        "prefer-const": "error",
+        "@typescript-eslint/no-explicit-any": "off"
+    }
+}

.idea/codeStyles/Project.xml

@@ -0,0 +1,55 @@
+<component name="ProjectCodeStyleConfiguration">
+  <code_scheme name="Project" version="173">
+    <JSCodeStyleSettings version="0">
+      <option name="USE_SEMICOLON_AFTER_STATEMENT" value="false" />
+      <option name="FORCE_SEMICOLON_STYLE" value="true" />
+      <option name="USE_DOUBLE_QUOTES" value="false" />
+      <option name="FORCE_QUOTE_STYlE" value="true" />
+      <option name="ENFORCE_TRAILING_COMMA" value="WhenMultiline" />
+      <option name="OBJECT_LITERAL_WRAP" value="2" />
+    </JSCodeStyleSettings>
+    <TypeScriptCodeStyleSettings version="0">
+      <option name="USE_SEMICOLON_AFTER_STATEMENT" value="false" />
+      <option name="FORCE_SEMICOLON_STYLE" value="true" />
+      <option name="USE_DOUBLE_QUOTES" value="false" />
+      <option name="FORCE_QUOTE_STYlE" value="true" />
+      <option name="ENFORCE_TRAILING_COMMA" value="WhenMultiline" />
+      <option name="OBJECT_LITERAL_WRAP" value="2" />
+    </TypeScriptCodeStyleSettings>
+    <editorconfig>
+      <option name="ENABLED" value="false" />
+    </editorconfig>
+    <codeStyleSettings language="JavaScript">
+      <option name="INDENT_CASE_FROM_SWITCH" value="false" />
+      <option name="ALIGN_MULTILINE_PARAMETERS" value="false" />
+      <option name="ALIGN_MULTILINE_FOR" value="false" />
+      <option name="METHOD_CALL_CHAIN_WRAP" value="2" />
+      <option name="IF_BRACE_FORCE" value="3" />
+      <option name="DOWHILE_BRACE_FORCE" value="3" />
+      <option name="WHILE_BRACE_FORCE" value="3" />
+      <option name="FOR_BRACE_FORCE" value="3" />
+    </codeStyleSettings>
+    <codeStyleSettings language="PHP">
+      <indentOptions>
+        <option name="USE_TAB_CHARACTER" value="true" />
+        <option name="SMART_TABS" value="true" />
+      </indentOptions>
+    </codeStyleSettings>
+    <codeStyleSettings language="Shell Script">
+      <indentOptions>
+        <option name="INDENT_SIZE" value="4" />
+        <option name="TAB_SIZE" value="4" />
+      </indentOptions>
+    </codeStyleSettings>
+    <codeStyleSettings language="TypeScript">
+      <option name="INDENT_CASE_FROM_SWITCH" value="false" />
+      <option name="ALIGN_MULTILINE_PARAMETERS" value="false" />
+      <option name="ALIGN_MULTILINE_FOR" value="false" />
+      <option name="METHOD_CALL_CHAIN_WRAP" value="2" />
+      <option name="IF_BRACE_FORCE" value="3" />
+      <option name="DOWHILE_BRACE_FORCE" value="3" />
+      <option name="WHILE_BRACE_FORCE" value="3" />
+      <option name="FOR_BRACE_FORCE" value="3" />
+    </codeStyleSettings>
+  </code_scheme>
+</component>

.idea/codeStyles/codeStyleConfig.xml

@@ -0,0 +1,5 @@
+<component name="ProjectCodeStyleConfiguration">
+  <state>
+    <option name="USE_PER_PROJECT_SETTINGS" value="true" />
+  </state>
+</component>

.idea/dataSources.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="DataSourceManagerImpl" format="xml" multifile-model="true">
+    <data-source source="LOCAL" name="mongo@localhost" uuid="b05ce3f5-fadc-47d6-8621-e232ed1ad2f3">
+      <driver-ref>mongo</driver-ref>
+      <synchronize>true</synchronize>
+      <jdbc-driver>com.dbschema.MongoJdbcDriver</jdbc-driver>
+      <jdbc-url>mongodb://localhost:27017/extollo_1</jdbc-url>
+      <working-dir>$ProjectFileDir$</working-dir>
+    </data-source>
+    <data-source source="LOCAL" name="extollo_1@db03.platform.local" uuid="c8dc268d-b69d-497a-9e6d-b5c6e5275835">
+      <driver-ref>postgresql</driver-ref>
+      <synchronize>true</synchronize>
+      <jdbc-driver>org.postgresql.Driver</jdbc-driver>
+      <jdbc-url>jdbc:postgresql://db03.platform.local:5432/extollo_1</jdbc-url>
+      <working-dir>$ProjectFileDir$</working-dir>
+    </data-source>
+  </component>
+</project>

.idea/lib.iml

@@ -4,5 +4,6 @@
     <content url="file://$MODULE_DIR$" />
     <orderEntry type="inheritedJdk" />
     <orderEntry type="sourceFolder" forTests="false" />
+    <orderEntry type="module" module-name="extollo" />
   </component>
 </module>

.idea/modules.xml

@@ -2,6 +2,7 @@
 <project version="4">
   <component name="ProjectModuleManager">
     <modules>
+      <module fileurl="file://$PROJECT_DIR$/../app/.idea/extollo.iml" filepath="$PROJECT_DIR$/../app/.idea/extollo.iml" />
       <module fileurl="file://$PROJECT_DIR$/.idea/lib.iml" filepath="$PROJECT_DIR$/.idea/lib.iml" />
     </modules>
   </component>

.idea/vcs.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="" vcs="Git" />
+  </component>
+</project>

docs/.gitignore

@@ -0,0 +1 @@
+www*

docs/HOME.md

@@ -0,0 +1,31 @@
+<center>
+<br>
+<img alt="The Extollo logo" src="https://static.garrettmills.dev/sites/extollo/docs/assets/logo/svg/Extollo-Icon-and-Text-LIGHT-Final.svg" height="150">
+<br><br>
+<b>extollo</b> - (v. <em>latin</em>) - to lift up, to elevate
+<br><br>
+Extollo is a <a href="https://www.gnu.org/philosophy/floss-and-foss.en.html" target="_blank">free & libre</a> application framework in TypeScript.
+</center>
+<hr>
+
+Built on principles of modularity, strict-typing, inversion-of-control, and developer ergonomics, Extollo enables developers to build maintainable, scalable, and expressive applications.
+
+Node.js provides an excellent platform for quickly getting an application up and running, but this loose minimalism can lead to larger, more unweildy code-bases as your application grows. Extollo fixes this by providing an opinionated, robust framework and first-party modules that provide, among other things:
+
+- Type-based dependency injection
+- Strongly-typed ORM with an expressive query-builder and models
+- Customizable session & caching interfaces
+- Modular, pre-compiled, nest-able routes
+- First-party, extensible command line tools
+- Unit-based application structure
+
+## Getting Started
+Writing an application with Extollo is very straightforward if you are familiar with Node.js/TypeScript, or similar frameworks like Laravel.
+
+Check out the [Getting Started](https://extollo.garrettmills.dev/pages/Documentation/Getting-Started.html) page site for more information.
+
+## License & Philosophy
+The Extollo project is, and will always be, free & libre software. The framework itself is open-source available [here](https://code.garrettmills.dev/Extollo), and is licensed under the terms of the MIT license. See the LICENSE file for more information.
+
+## Contributing
+Have an improvement or fix to Extollo? Contributors are always welcome. See the CONTRIBUTING.md file for next steps.

docs/pages/About-Extollo.md

@@ -0,0 +1 @@
+# About the Extollo Project

docs/pages/Getting-Started.md

@@ -0,0 +1,7 @@
+# Getting Started with Extollo
+
+## Requirements
+
+- Node.js v14 or later
+- [PNPM](https://pnpm.js.org/) (not NPM/Yarn)
+- Postgres credentials (if you want to use [@extollo/orm](../modules/orm_src.html))

docs/sourcefile-map.json

@@ -0,0 +1,6 @@
+[
+  {
+    "pattern": "^",
+    "replace": "https://code.garrettmills.dev/extollo/lib/src/branch/master/"
+  }
+]

docs/static/humans.txt

@@ -0,0 +1,19 @@
+/* PROJECT */
+
+    Site Name:   The Extollo Framework
+    Site URL:    https://extollo.garrettmills.dev/
+    Created:     2021/03/24
+    Standards:   HTML5, CSS3
+    Software:    TypeDoc
+
+/* AUTHOR */
+
+    Name:        Garrett Mills
+    Location:    Lawrence, Kansas
+    Site:        https://garrettmills.dev/
+    Blog:        https://garrettmills.dev/blog/
+    Contact:     https://garrettmills.dev/#contact
+
+/* THANKS */
+
+    To Piper Mills for the excellent font, color, and logo design.

docs/theme/assets/css/pages.css

@@ -0,0 +1,64 @@
+h2 code {
+	font-size: 1em;
+}
+
+h3 code {
+	font-size: 1em;
+}
+
+.tsd-navigation.primary ul {
+	border-bottom: none;
+}
+
+.tsd-navigation.primary li {
+	border-top: none;
+}
+
+.tsd-navigation li.label.pp-nav.pp-group:first-child span {
+	padding-top: 0;
+}
+
+.tsd-navigation li.label.pp-nav.pp-group {
+	font-weight: 700;
+	border-bottom: 1px solid #eee;
+}
+
+.tsd-navigation li.label.pp-nav.pp-group span {
+	color: #222;
+}
+
+.tsd-navigation li.pp-nav.pp-page.current {
+	background-color: #f8f8f8;
+	border-left: 2px solid #222;
+}
+
+.tsd-navigation li.pp-nav.pp-page.current a {
+	color: #222;
+}
+
+.tsd-navigation li.pp-nav.pp-page.pp-parent.pp-active {
+	border-left: 2px solid #eee;
+}
+
+.tsd-navigation li.pp-nav.pp-page.pp-child {
+	border-left: 2px solid #eee;
+    padding-left: 15px;
+}
+
+.tsd-navigation li.pp-nav.pp-page.pp-child.current {
+	border-left: 2px solid #222;
+}
+
+.tsd-kind-page .tsd-kind-icon:before {
+	display: inline-block;
+	vertical-align: middle;
+	height: 16px;
+	width: 16px;
+	content: "";
+	background-image: url("../images/page-icon.svg");
+	background-size: 16px 16px;
+}
+
+#tsd-search .results span.parent {
+	color: #b3b2b2 !important;
+}

docs/theme/assets/images/page-icon.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="#AA43FF" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-file-text"><path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z"></path><polyline points="14 2 14 8 20 8"></polyline><line x1="16" y1="13" x2="8" y2="13"></line><line x1="16" y1="17" x2="8" y2="17"></line><polyline points="10 9 9 9 8 9"></polyline></svg>

docs/theme/assets/logo/svg/Extollo-Icon-NO-TEXT-light-and-dark-Final.svg

@@ -0,0 +1 @@
+<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 336.67 432"><defs><style>.cls-1{fill:#49686a;}.cls-2{fill:#f2c373;}.cls-3{fill:#2e5252;}.cls-4{fill:#ffe293;}</style></defs><polygon class="cls-1" points="39.28 359.8 202.72 4.89 336.67 303.76 280.63 303.76 194.94 129.42 98.43 359.8 39.28 359.8"/><polygon class="cls-2" points="335.04 310.28 308.57 366.31 252.54 366.31 279 310.28 335.04 310.28"/><polygon class="cls-3" points="246.02 363.06 272.49 307.02 194.94 145.7 165.56 215.83 246.02 363.06"/><polygon class="cls-3" points="194.58 0 140.1 0 0 298.88 31.13 354.92 194.58 0"/><ellipse class="cls-4" cx="170.63" cy="420.6" rx="122.95" ry="11.4"/></svg>

docs/theme/assets/logo/svg/Extollo-Icon-and-Text-DARK-Final.svg

@@ -0,0 +1 @@
+<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 646.49 291.04"><defs><style>.cls-1{fill:#49686a;}.cls-2{fill:#f2c373;}.cls-3{fill:#2e5252;}.cls-4{fill:#ffe293;}</style></defs><polygon class="cls-1" points="26.46 242.4 136.57 3.29 226.81 204.64 189.06 204.64 131.33 87.19 66.31 242.4 26.46 242.4"/><polygon class="cls-2" points="225.72 209.03 207.89 246.79 170.13 246.79 187.96 209.03 225.72 209.03"/><polygon class="cls-3" points="165.75 244.59 183.57 206.84 131.33 98.16 111.54 145.41 165.75 244.59"/><polygon class="cls-3" points="131.09 0 94.38 0 0 201.35 20.97 239.11 131.09 0"/><ellipse class="cls-4" cx="114.95" cy="283.36" rx="82.83" ry="7.68"/><path class="cls-2" d="M290.79,131.24H344v14.32h-35.6v27.38h32.06V187.4H308.37v28.79H344v14.33H290.79Z" transform="translate(-18 -34.48)"/><path class="cls-2" d="M353.19,220.59l15.46-27-13.9-24.11V159.6h13.33l14.75,27.66,14.75-27.66h13.33v9.93L397,193.64l15.46,27v9.93H399.14L382.83,200l-16.31,30.49H353.19Z" transform="translate(-18 -34.48)"/><path class="cls-2" d="M426.93,172.94h-9.5V159.6h9.5V144h19.15L438,159.6h20v13.34H443.39V211.8a5.11,5.11,0,0,0,5.39,5.39H458v13.33H445.66q-8.37,0-13.55-5.18t-5.18-13.54Z" transform="translate(-18 -34.48)"/><path class="cls-2" d="M475,167.05q8.65-8.73,23-8.72,14.17,0,22.83,8.72T529.48,190v10.21q0,14.18-8.66,22.9T498,231.79q-14.33,0-23-8.72t-8.65-22.9V190Q466.36,175.77,475,167.05Zm12,46.24a14.85,14.85,0,0,0,11,4.18q6.81,0,10.92-4.18A14.83,14.83,0,0,0,513,202.44V187.69q0-6.81-4.11-10.93T498,172.65a15,15,0,0,0-11,4.11q-4.19,4.13-4.19,10.93v14.75A14.69,14.69,0,0,0,487,213.29Z" transform="translate(-18 -34.48)"/><path class="cls-2" d="M541.53,127.69H558V230.52H541.53Z" transform="translate(-18 -34.48)"/><path class="cls-2" d="M573,127.69h16.45V230.52H573Z" transform="translate(-18 -34.48)"/><path class="cls-2" d="M610,167.05q8.64-8.73,23-8.72t22.84,8.72q8.65,8.72,8.65,22.91v10.21q0,14.18-8.65,22.9T633,231.79q-14.32,0-23-8.72t-8.65-22.9V190Q601.38,175.77,610,167.05Zm12,46.24a14.85,14.85,0,0,0,11,4.18q6.81,0,10.92-4.18A14.8,14.8,0,0,0,648,202.44V187.69q0-6.81-4.12-10.93T633,172.65a15,15,0,0,0-11,4.11q-4.18,4.13-4.18,10.93v14.75A14.68,14.68,0,0,0,622,213.29Z" transform="translate(-18 -34.48)"/></svg>

docs/theme/assets/logo/svg/Extollo-Icon-and-Text-LIGHT-Final.svg

@@ -0,0 +1 @@
+<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 648 290.82"><defs><style>.cls-1{fill:#49686a;}.cls-2{fill:#f2c373;}.cls-3{fill:#2e5252;}.cls-4{fill:#ffe293;}</style></defs><polygon class="cls-1" points="26.44 242.22 136.47 3.29 226.64 204.49 188.92 204.49 131.23 87.12 66.26 242.22 26.44 242.22"/><polygon class="cls-2" points="225.54 208.88 207.73 246.6 170 246.6 187.82 208.88 225.54 208.88"/><polygon class="cls-3" points="165.62 244.41 183.43 206.68 131.23 98.09 111.45 145.3 165.62 244.41"/><polygon class="cls-3" points="130.99 0 94.31 0 0 201.2 20.96 238.93 130.99 0"/><ellipse class="cls-4" cx="114.87" cy="283.14" rx="82.77" ry="7.67"/><path class="cls-3" d="M292.58,131.27h53.14v14.32H310.15v27.35h32V187.4h-32v28.77h35.57v14.31H292.58Z" transform="translate(-18 -34.59)"/><path class="cls-3" d="M354.93,220.56l15.45-26.93-13.89-24.09v-9.92h13.32l14.74,27.64,14.74-27.64h13.32v9.92l-13.89,24.09,15.45,26.93v9.92H400.85L384.55,200l-16.3,30.47H354.93Z" transform="translate(-18 -34.59)"/><path class="cls-3" d="M428.62,172.94h-9.49V159.62h9.49V144h19.14l-8.08,15.59h20v13.32h-14.6v38.83a5.11,5.11,0,0,0,5.39,5.39h9.21v13.32H447.33q-8.35,0-13.53-5.17t-5.18-13.54Z" transform="translate(-18 -34.59)"/><path class="cls-3" d="M476.67,167.06q8.64-8.72,22.95-8.72t22.82,8.72q8.65,8.72,8.65,22.89v10.2q0,14.17-8.65,22.89t-22.82,8.72q-14.31,0-22.95-8.72T468,200.15V190Q468,175.78,476.67,167.06Zm12,46.2a14.84,14.84,0,0,0,11,4.18q6.81,0,10.92-4.18a14.81,14.81,0,0,0,4.11-10.84V187.68q0-6.8-4.11-10.91t-10.92-4.11a15,15,0,0,0-11,4.11q-4.18,4.11-4.18,10.91v14.74A14.66,14.66,0,0,0,488.64,213.26Z" transform="translate(-18 -34.59)"/><path class="cls-3" d="M543.13,127.73h16.44V230.48H543.13Z" transform="translate(-18 -34.59)"/><path class="cls-3" d="M574.59,127.73H591V230.48H574.59Z" transform="translate(-18 -34.59)"/><path class="cls-3" d="M611.58,167.06q8.64-8.72,23-8.72t22.81,8.72Q666,175.78,666,190v10.2q0,14.17-8.65,22.89t-22.81,8.72q-14.32,0-23-8.72t-8.65-22.89V190Q602.93,175.78,611.58,167.06Zm12,46.2a14.85,14.85,0,0,0,11,4.18q6.8,0,10.91-4.18a14.81,14.81,0,0,0,4.11-10.84V187.68q0-6.8-4.11-10.91t-10.91-4.11a15,15,0,0,0-11,4.11q-4.17,4.11-4.18,10.91v14.74A14.7,14.7,0,0,0,623.55,213.26Z" transform="translate(-18 -34.59)"/></svg>

docs/theme/assets/logo/svg/Extollo-Text-NO-ICON-Dark-final.svg

@@ -0,0 +1 @@
+<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 432 162.99"><defs><style>.cls-1{fill:#49686a;opacity:0.75;}.cls-2{fill:#f2c373;}</style></defs><ellipse class="cls-1" cx="214.64" cy="153.99" rx="180" ry="9"/><path class="cls-2" d="M5,9H66.44V25.53H25.29V57.17H62.34V73.89H25.29v33.29H66.44v16.56H5Z" transform="translate(-4.96 -4.87)"/><path class="cls-2" d="M77.09,112.26,95,81.11,78.9,53.23V41.76H94.31l17,32,17-32h15.41V53.23L127.75,81.11l17.88,31.15v11.48H130.21L111.36,88.49,92.5,123.74H77.09Z" transform="translate(-4.96 -4.87)"/><path class="cls-2" d="M162.34,57.17h-11V41.76h11v-18h22.14l-9.35,18h23.12V57.17H181.36v44.92a5.9,5.9,0,0,0,6.23,6.23h10.66v15.42H184q-9.68,0-15.66-6t-6-15.66Z" transform="translate(-4.96 -4.87)"/><path class="cls-2" d="M217.92,50.36q10-10.08,26.56-10.08,16.4,0,26.4,10.08t10,26.48V88.65q0,16.39-10,26.48t-26.4,10.08q-16.56,0-26.56-10.08t-10-26.48V76.84Q207.92,60.44,217.92,50.36Zm13.86,53.45q4.83,4.84,12.7,4.84t12.63-4.84q4.75-4.83,4.75-12.54v-17q0-7.87-4.75-12.62t-12.63-4.76q-7.86,0-12.7,4.76t-4.84,12.62v17A16.93,16.93,0,0,0,231.78,103.81Z" transform="translate(-4.96 -4.87)"/><path class="cls-2" d="M294.81,4.87h19V123.74h-19Z" transform="translate(-4.96 -4.87)"/><path class="cls-2" d="M331.21,4.87h19V123.74h-19Z" transform="translate(-4.96 -4.87)"/><path class="cls-2" d="M374,50.36q10-10.08,26.56-10.08,16.4,0,26.39,10.08t10,26.48V88.65q0,16.39-10,26.48t-26.39,10.08q-16.56,0-26.56-10.08T364,88.65V76.84Q364,60.44,374,50.36Zm13.85,53.45q4.84,4.84,12.71,4.84t12.62-4.84q4.76-4.83,4.76-12.54v-17q0-7.87-4.76-12.62t-12.62-4.76q-7.87,0-12.71,4.76T383,74.22v17A17,17,0,0,0,387.85,103.81Z" transform="translate(-4.96 -4.87)"/></svg>

docs/theme/assets/logo/svg/Extollo-Text-NO-ICON-Light-final.svg

@@ -0,0 +1 @@
+<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 432 162.99"><defs><style>.cls-1{fill:#ffe293;}.cls-2{fill:#2e5252;}</style></defs><ellipse class="cls-1" cx="213.64" cy="153.99" rx="180" ry="9"/><path class="cls-2" d="M3.6,9H65.08V25.56H23.93V57.21H61V73.93h-37v33.28H65.08v16.56H3.6Z" transform="translate(-3.6 -4.9)"/><path class="cls-2" d="M75.73,112.3,93.61,81.14,77.54,53.27V41.79H93l17,32,17-32h15.42V53.27L126.4,81.14l17.87,31.16v11.47H128.86L110,88.52,91.15,123.77H75.73Z" transform="translate(-3.6 -4.9)"/><path class="cls-2" d="M161,57.21H150V41.79h11v-18h22.13l-9.34,18h23.11V57.21H180v44.92a5.9,5.9,0,0,0,6.23,6.23h10.65v15.41H182.63q-9.67,0-15.66-6t-6-15.66Z" transform="translate(-3.6 -4.9)"/><path class="cls-2" d="M216.57,50.4q10-10.08,26.56-10.08,16.39,0,26.39,10.08t10,26.48V88.69q0,16.4-10,26.47t-26.39,10.09q-16.56,0-26.56-10.09t-10-26.47V76.88Q206.56,60.49,216.57,50.4Zm13.85,53.45q4.83,4.84,12.71,4.84t12.62-4.84q4.75-4.83,4.75-12.54v-17q0-7.87-4.75-12.63t-12.62-4.75q-7.87,0-12.71,4.75t-4.84,12.63v17A16.93,16.93,0,0,0,230.42,103.85Z" transform="translate(-3.6 -4.9)"/><path class="cls-2" d="M293.45,4.9h19V123.77h-19Z" transform="translate(-3.6 -4.9)"/><path class="cls-2" d="M329.85,4.9h19V123.77h-19Z" transform="translate(-3.6 -4.9)"/><path class="cls-2" d="M372.64,50.4q10-10.08,26.56-10.08,16.4,0,26.4,10.08t10,26.48V88.69q0,16.4-10,26.47t-26.4,10.09q-16.56,0-26.56-10.09t-10-26.47V76.88Q362.64,60.49,372.64,50.4Zm13.86,53.45q4.83,4.84,12.7,4.84t12.63-4.84q4.76-4.83,4.75-12.54v-17q0-7.87-4.75-12.63T399.2,56.88q-7.87,0-12.7,4.75t-4.84,12.63v17A16.93,16.93,0,0,0,386.5,103.85Z" transform="translate(-3.6 -4.9)"/></svg>

docs/theme/layouts/default.hbs

@@ -0,0 +1,51 @@
+<!doctype html>
+<html class="default no-js">
+<head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <title>{{#ifCond model.name '==' project.name}}{{project.name}}{{else}}{{model.name}} | {{project.name}}{{/ifCond}}</title>
+    <meta name="description" content="Documentation for {{project.name}}">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+
+    <link rel="stylesheet" href="{{relativeURL "assets/css/main.css"}}">
+    <link rel="author" href="{{relativeURL "humans.txt"}}">
+    <script async src="{{relativeURL "assets/js/search.js"}}" id="search-script"></script>
+</head>
+<body>
+
+{{> header}}
+
+<div class="container container-main">
+    <div class="row">
+        <div class="col-8 col-content">
+            {{{contents}}}
+        </div>
+        <div class="col-4 col-menu menu-sticky-wrap menu-highlight">
+            <nav class="tsd-navigation primary">
+                <ul>
+                    {{#each navigation.children}}
+                        {{> navigation}}
+                    {{/each}}
+                </ul>
+            </nav>
+
+            <nav class="tsd-navigation secondary menu-sticky">
+                <ul class="before-current">
+                    {{#each toc.children}}
+                        {{> toc.root}}
+                    {{/each}}
+                </ul>
+            </nav>
+        </div>
+    </div>
+</div>
+
+{{> footer}}
+
+<div class="overlay"></div>
+<script src="{{relativeURL "assets/js/main.js"}}"></script>
+
+{{> analytics}}
+
+</body>
+</html>

docs/theme/partials/footer.hbs

@@ -0,0 +1,35 @@
+
+<footer>
+    <div class="container">
+        <h2>Legend</h2>
+        <div class="tsd-legend-group">
+            {{#each legend}}
+                <ul class="tsd-legend">
+                    {{#each .}}
+                        <li class="{{#compact}}{{#each classes}} {{.}}{{/each}}{{/compact}}"><span class="tsd-kind-icon">{{name}}</span></li>
+                    {{/each}}
+                </ul>
+            {{/each}}
+        </div>
+    </div>
+</footer>
+
+{{#unless settings.hideGenerator}}
+    <div class="tsd-generator extollo-end-cap">
+        <img src="{{relativeURL "assets/logo/svg/Extollo-Icon-and-Text-DARK-Final.svg"}}" style="max-height: 100px" class="svg-filter-white" alt="Extollo Logo">
+        <p><b>extollo</b> (v. <em>latin</em>) - to lift up, to elevate</p>
+        <p>
+            Extollo is a <a href="https://www.gnu.org/philosophy/floss-and-foss.en.html" target="_blank">free & libre</a> application framework in TypeScript.
+        </p>
+        <p class="list-of-links">
+            <ul>
+                <li><a href="{{relativeURL "/"}}">Home</a></li>
+                <li><a href="{{relativeURL "pages/Documentation/Getting-Started.html"}}">Getting Started</a></li>
+                <li><a href="{{relativeURL "pages/Documentation/About-Extollo.html"}}">About Extollo</a></li>
+                <li><a href="https://code.garrettmills.dev/Extollo" target="_blank">Source Code</a></li>
+                <li><a href="https://code.garrettmills.dev/extollo/extollo/src/branch/master/CONTRIBUTING.md" target="_blank">Contributing</a></li>
+                <li><a href="https://code.garrettmills.dev/Extollo/docs" target="_blank">Build These Docs</a></li>
+            </ul>
+        </p>
+    </div>
+{{/unless}}

docs/theme/partials/header.hbs

@@ -0,0 +1,71 @@
+<header>
+    <div class="tsd-page-toolbar">
+        <div class="container">
+            <div class="table-wrap">
+                <div class="table-cell" id="tsd-search" data-index="{{relativeURL "assets/js/search.json"}}" data-base="{{relativeURL "./"}}">
+                    <div class="field">
+                        <label for="tsd-search-field" class="tsd-widget search no-caption">Search</label>
+                        <input id="tsd-search-field" type="text" />
+                    </div>
+
+                    <ul class="results">
+                        <li class="state loading">Preparing search index...</li>
+                        <li class="state failure">The search index is not available</li>
+                    </ul>
+
+                    <img src="{{relativeURL "assets/logo/svg/Extollo-Icon-NO-TEXT-light-and-dark-Final.svg"}}" alt="Extollo Icon" class="token-logo" style="max-height: 30px; margin-bottom: -10px; padding-right: 10px;">
+                    <a href="{{relativeURL "index.html"}}" class="title">{{project.name}}</a>
+                </div>
+
+                <div class="table-cell" id="tsd-widgets">
+                    <div id="tsd-filter">
+                        <a href="#" class="tsd-widget options no-caption" data-toggle="options">Options</a>
+                        <div class="tsd-filter-group">
+                            <div class="tsd-select" id="tsd-filter-visibility">
+                                <span class="tsd-select-label">All</span>
+                                <ul class="tsd-select-list">
+                                    <li data-value="public">Public</li>
+                                    <li data-value="protected">Public/Protected</li>
+                                    <li data-value="private" class="selected">All</li>
+                                </ul>
+                            </div>
+
+                            <input type="checkbox" id="tsd-filter-inherited" checked />
+                            <label class="tsd-widget" for="tsd-filter-inherited">Inherited</label>
+
+                            {{#unless settings.excludeExternals}}
+                                <input type="checkbox" id="tsd-filter-externals" checked />
+                                <label class="tsd-widget" for="tsd-filter-externals">Externals</label>
+                            {{/unless}}
+                        </div>
+                    </div>
+
+                    <a href="#" class="tsd-widget menu no-caption" data-toggle="menu">Menu</a>
+                </div>
+            </div>
+        </div>
+    </div>
+    <div class="tsd-page-title">
+        <div class="container">
+            {{#if model.parent}} {{! Don't show breadcrumbs on main project page, it is the root page. !}}
+                <ul class="tsd-breadcrumb">
+                    {{#with model}}{{> breadcrumb}}{{/with}}
+                </ul>
+            {{/if}}
+            <h1>{{#compact}}
+                {{#ifCond model.kindString "!==" "Project" }}
+                    {{model.kindString}}&nbsp;
+                {{/ifCond}}
+                {{model.name}}
+                {{#if model.typeParameters}}
+                    &lt;
+                    {{#each model.typeParameters}}
+                        {{#if @index}},&nbsp;{{/if}}
+                        {{name}}
+                    {{/each}}
+                    &gt;
+                {{/if}}
+            {{/compact}}</h1>
+        </div>
+    </div>
+</header>

docs/theme/templates/markdown-page.hbs

@@ -0,0 +1,3 @@
+<div class="tsd-panel tsd-typography">
+    {{#markdown}}{{{model.pagesPlugin.item.contents}}}{{/markdown}}
+</div>

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@extollo/lib",
-  "version": "0.1.3",
+  "version": "0.9.23",
   "description": "The framework library that lifts up your code.",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",
@@ -8,25 +8,56 @@
     "lib": "lib"
   },
   "dependencies": {
-    "@extollo/di": "git+https://code.garrettmills.dev/extollo/di",
-    "@extollo/util": "git+https://code.garrettmills.dev/extollo/util",
+    "@atao60/fse-cli": "^0.1.6",
+    "@extollo/ui": "^0.1.0",
+    "@types/bcrypt": "^5.0.0",
     "@types/busboy": "^0.2.3",
+    "@types/cli-table": "^0.3.0",
+    "@types/ioredis": "^4.26.6",
+    "@types/jsonwebtoken": "^8.5.8",
+    "@types/mime-types": "^2.1.0",
+    "@types/mkdirp": "^1.0.1",
     "@types/negotiator": "^0.6.1",
-    "@types/node": "^14.14.37",
+    "@types/node": "^14.17.4",
+    "@types/pg": "^8.6.0",
+    "@types/pluralize": "^0.0.29",
     "@types/pug": "^2.0.4",
+    "@types/rimraf": "^3.0.0",
+    "@types/ssh2": "^0.5.46",
+    "@types/uuid": "^8.3.0",
+    "bcrypt": "^5.0.1",
     "busboy": "^0.3.1",
+    "cli-table": "^0.3.6",
     "colors": "^1.4.0",
     "dotenv": "^8.2.0",
+    "ioredis": "^4.27.6",
+    "jsonwebtoken": "^8.5.1",
+    "mime-types": "^2.1.31",
+    "mkdirp": "^1.0.4",
     "negotiator": "^0.6.2",
+    "node-fetch": "^3",
+    "pg": "^8.6.0",
+    "pluralize": "^8.0.0",
     "pug": "^3.0.2",
+    "reflect-metadata": "^0.1.13",
+    "rimraf": "^3.0.2",
+    "ssh2": "^1.1.0",
     "ts-node": "^9.1.1",
-    "typescript": "^4.2.3"
+    "typedoc": "^0.20.36",
+    "typedoc-plugin-pages-fork": "^0.0.1",
+    "typedoc-plugin-sourcefile-url": "^1.0.6",
+    "typescript": "^4.2.3",
+    "uuid": "^8.3.2",
+    "zod": "^3.11.6"
   },
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1",
-    "build": "tsc",
+    "test": "env TS_NODE_COMPILER_OPTIONS='{\"module\": \"commonjs\" }' mocha -r ts-node/register 'tests/**/*.ts'",
+    "build": "pnpm run lint && rimraf lib && tsc && fse copy --all --dereference --preserveTimestamps --keepExisting=false --quiet --errorOnExist=false src/resources lib/resources",
     "app": "tsc && node lib/index.js",
-    "prepare": "pnpm run build"
+    "prepare": "pnpm run build",
+    "docs:build": "typedoc --options typedoc.json",
+    "lint": "eslint . --ext .ts",
+    "lint:fix": "eslint --fix . --ext .ts"
   },
   "files": [
     "lib/**/*"
@@ -38,5 +69,27 @@
     "url": "https://code.garrettmills.dev/extollo/lib"
   },
   "author": "garrettmills <shout@garrettmills.dev>",
-  "license": "MIT"
+  "license": "MIT",
+  "devDependencies": {
+    "@types/chai": "^4.2.22",
+    "@types/mocha": "^9.0.0",
+    "@types/sinon": "^10.0.6",
+    "@types/wtfnode": "^0.7.0",
+    "@typescript-eslint/eslint-plugin": "^4.26.0",
+    "@typescript-eslint/parser": "^4.26.0",
+    "chai": "^4.3.4",
+    "eslint": "^7.27.0",
+    "mocha": "^9.1.3",
+    "sinon": "^12.0.1",
+    "wtfnode": "^0.9.1"
+  },
+  "extollo": {
+    "discover": true,
+    "units": {
+      "discover": false
+    },
+    "recursiveDependencies": {
+      "discover": true
+    }
+  }
 }

pagesconfig.json

@@ -0,0 +1,17 @@
+{
+  "groups": [
+    {
+      "title": "Documentation",
+      "pages": [
+        {
+          "title": "Getting Started",
+          "source": "./docs/pages/Getting-Started.md"
+        },
+        {
+          "title": "About Extollo",
+          "source": "./docs/pages/About-Extollo.md"
+        }
+      ]
+    }
+  ]
+}

src/auth/AuthenticatableAlreadyExistsError.ts

@@ -0,0 +1,5 @@
+import {ErrorWithContext} from '../util'
+
+export class AuthenticatableAlreadyExistsError extends ErrorWithContext {
+
+}

src/auth/Authentication.ts

@@ -0,0 +1,77 @@
+import {Unit} from '../lifecycle/Unit'
+import {Injectable, Inject, StaticInstantiable} from '../di'
+import {Logging} from '../service/Logging'
+import {Middlewares} from '../service/Middlewares'
+import {CanonicalResolver} from '../service/Canonical'
+import {Middleware} from '../http/routing/Middleware'
+import {AuthRequiredMiddleware} from './middleware/AuthRequiredMiddleware'
+import {GuestRequiredMiddleware} from './middleware/GuestRequiredMiddleware'
+import {SessionAuthMiddleware} from './middleware/SessionAuthMiddleware'
+import {ViewEngine} from '../views/ViewEngine'
+import {SecurityContext} from './context/SecurityContext'
+import {LoginProvider, LoginProviderConfig} from './provider/LoginProvider'
+import {Config} from '../service/Config'
+import {ErrorWithContext, hasOwnProperty} from '../util'
+import {Route} from '../http/routing/Route'
+
+@Injectable()
+export class Authentication extends Unit {
+    @Inject()
+    protected readonly logging!: Logging
+
+    @Inject()
+    protected readonly middleware!: Middlewares
+
+    @Inject()
+    protected readonly config!: Config
+
+    protected providers: {[name: string]: LoginProvider<LoginProviderConfig>} = {}
+
+    async up(): Promise<void> {
+        this.middleware.registerNamespace('@auth', this.getMiddlewareResolver())
+
+        this.container().onResolve<ViewEngine>(ViewEngine)
+            .then((engine: ViewEngine) => {
+                engine.registerGlobalFactory('user', req => {
+                    return () => req?.make<SecurityContext>(SecurityContext)?.getUser()
+                })
+            })
+
+        const config = this.config.get('auth.providers', {})
+        const middleware = this.config.get('auth.middleware', SessionAuthMiddleware)
+
+        if ( !(middleware?.prototype instanceof Middleware) ) {
+            throw new ErrorWithContext('Auth middleware must extend Middleware base class', {
+                providedValue: middleware,
+                configKey: 'auth.middleware',
+            })
+        }
+
+        for ( const name in config ) {
+            if ( !hasOwnProperty(config, name) ) {
+                continue
+            }
+
+            if ( this.providers[name] ) {
+                this.logging.warn(`Registering duplicate authentication provider: ${name}`)
+            }
+
+            this.logging.verbose(`Registered authentication provider: ${name}`)
+            this.providers[name] = this.make(config[name].driver, name, config[name].config)
+
+            Route.group(`/auth/${name}`, () => {
+                this.providers[name].routes()
+            }).pre(middleware)
+        }
+    }
+
+    protected getMiddlewareResolver(): CanonicalResolver<StaticInstantiable<Middleware>> {
+        return (key: string) => {
+            return ({
+                required: AuthRequiredMiddleware,
+                guest: GuestRequiredMiddleware,
+                web: SessionAuthMiddleware,
+            })[key]
+        }
+    }
+}

src/auth/NotAuthorizedError.ts

@@ -0,0 +1,11 @@
+import {HTTPError} from '../http/HTTPError'
+import {HTTPStatus} from '../util'
+
+/**
+ * Error thrown when a user attempts an action that they are not authorized to perform.
+ */
+export class NotAuthorizedError extends HTTPError {
+    constructor(message = 'Not Authorized') {
+        super(HTTPStatus.FORBIDDEN, message)
+    }
+}

src/auth/config.ts

@@ -0,0 +1,51 @@
+import {Instantiable, isInstantiable} from '../di'
+import {AuthenticatableRepository} from './types'
+import {hasOwnProperty} from '../util'
+import {LoginProvider, LoginProviderConfig} from './provider/LoginProvider'
+import {Middleware} from '../http/routing/Middleware'
+
+export interface AuthenticationConfig {
+    storage: Instantiable<AuthenticatableRepository>,
+    middleware?: Instantiable<Middleware>,
+    providers?: {
+        [key: string]: {
+            driver: Instantiable<LoginProvider<LoginProviderConfig>>,
+            config: LoginProviderConfig,
+        },
+    },
+}
+
+export function isAuthenticationConfig(what: unknown): what is AuthenticationConfig {
+    if ( typeof what !== 'object' || !what ) {
+        return false
+    }
+
+    if ( !hasOwnProperty(what, 'storage') || !hasOwnProperty(what, 'providers') ) {
+        return false
+    }
+
+    if ( !isInstantiable(what.storage) || !(what.storage.prototype instanceof AuthenticatableRepository) ) {
+        return false
+    }
+
+    if ( typeof what.providers !== 'object' ) {
+        return false
+    }
+
+    for ( const key in what.providers ) {
+        if ( !hasOwnProperty(what.providers, key) ) {
+            continue
+        }
+
+        const source = what.providers[key]
+        if ( typeof source !== 'object' || source === null || !hasOwnProperty(source, 'driver') ) {
+            return false
+        }
+
+        if ( !isInstantiable(source.driver) || !(source.driver.prototype instanceof LoginProvider) ) {
+            return false
+        }
+    }
+
+    return true
+}

src/auth/context/SecurityContext.ts

@@ -0,0 +1,119 @@
+import {Inject, Injectable} from '../../di'
+import {Awaitable, HTTPStatus, Maybe} from '../../util'
+import {Authenticatable, AuthenticatableRepository} from '../types'
+import {Logging} from '../../service/Logging'
+import {UserAuthenticatedEvent} from '../event/UserAuthenticatedEvent'
+import {UserFlushedEvent} from '../event/UserFlushedEvent'
+import {Bus} from '../../support/bus'
+import {HTTPError} from '../../http/HTTPError'
+
+/**
+ * Base-class for a context that authenticates users and manages security.
+ */
+@Injectable()
+export abstract class SecurityContext {
+    @Inject()
+    protected readonly bus!: Bus
+
+    @Inject()
+    protected readonly logging!: Logging
+
+    /** The currently authenticated user, if one exists. */
+    protected authenticatedUser?: Authenticatable
+
+    constructor(
+        /** The repository where users are persisted. */
+        public readonly repository: AuthenticatableRepository,
+
+        /** The name of this context. */
+        public readonly name: string,
+    ) { }
+
+    /**
+     * Called when the context is created. Can be used by child-classes to do setup work.
+     */
+    initialize(): Awaitable<void> {}  // eslint-disable-line @typescript-eslint/no-empty-function
+
+    /**
+     * Authenticate the given user, without persisting the authentication.
+     * That is, when the lifecycle ends, the user will be unauthenticated implicitly.
+     * @param user
+     */
+    async authenticateOnce(user: Authenticatable): Promise<void> {
+        this.authenticatedUser = user
+        await this.bus.push(new UserAuthenticatedEvent(user, this))
+    }
+
+    /**
+     * Authenticate the given user and persist the authentication.
+     * @param user
+     */
+    async authenticate(user: Authenticatable): Promise<void> {
+        this.authenticatedUser = user
+        await this.persist()
+        await this.bus.push(new UserAuthenticatedEvent(user, this))
+    }
+
+    /**
+     * Unauthenticate the current user, if one exists, but do not persist the change.
+     */
+    async flushOnce(): Promise<void> {
+        const user = this.authenticatedUser
+        if ( user ) {
+            this.authenticatedUser = undefined
+            await this.bus.push(new UserFlushedEvent(user, this))
+        }
+    }
+
+    /**
+     * Unauthenticate the current user, if one exists, and persist the change.
+     */
+    async flush(): Promise<void> {
+        const user = this.authenticatedUser
+        if ( user ) {
+            this.authenticatedUser = undefined
+            await this.persist()
+            await this.bus.push(new UserFlushedEvent(user, this))
+        }
+    }
+
+    /**
+     * Assuming a user is still authenticated in the context,
+     * try to look up and fill in the user.
+     */
+    abstract resume(): Awaitable<void>
+
+    /**
+     * Write the current state of the security context to whatever storage
+     * medium the context's host provides.
+     */
+    abstract persist(): Awaitable<void>
+
+    /**
+     * Get the currently authenticated user, if one exists.
+     */
+    getUser(): Maybe<Authenticatable> {
+        return this.authenticatedUser
+    }
+
+    /** Get the current user or throw an authorization error. */
+    user(): Authenticatable {
+        if ( !this.hasUser() ) {
+            throw new HTTPError(HTTPStatus.UNAUTHORIZED)
+        }
+
+        const user = this.getUser()
+        if ( !user ) {
+            throw new HTTPError(HTTPStatus.UNAUTHORIZED)
+        }
+
+        return user
+    }
+
+    /**
+     * Returns true if there is a currently authenticated user.
+     */
+    hasUser(): boolean {
+        return Boolean(this.authenticatedUser)
+    }
+}

src/auth/context/SessionSecurityContext.ts

@@ -0,0 +1,39 @@
+import {SecurityContext} from './SecurityContext'
+import {Inject, Injectable} from '../../di'
+import {Session} from '../../http/session/Session'
+import {Awaitable} from '../../util'
+import {AuthenticatableRepository} from '../types'
+import {UserAuthenticationResumedEvent} from '../event/UserAuthenticationResumedEvent'
+
+export const EXTOLLO_AUTH_SESSION_KEY = '@extollo:auth.securityIdentifier'
+
+/**
+ * Security context implementation that uses the session as storage.
+ */
+@Injectable()
+export class SessionSecurityContext extends SecurityContext {
+    @Inject()
+    protected readonly session!: Session
+
+    constructor(
+        /** The repository from which to draw users. */
+        public readonly repository: AuthenticatableRepository,
+    ) {
+        super(repository, 'session')
+    }
+
+    persist(): Awaitable<void> {
+        this.session.set(EXTOLLO_AUTH_SESSION_KEY, this.getUser()?.getIdentifier())
+    }
+
+    async resume(): Promise<void> {
+        const identifier = this.session.get(EXTOLLO_AUTH_SESSION_KEY)
+        if ( identifier ) {
+            const user = await this.repository.getByIdentifier(identifier)
+            if ( user ) {
+                this.authenticatedUser = user
+                await this.bus.push(new UserAuthenticationResumedEvent(user, this))
+            }
+        }
+    }
+}

src/auth/event/AuthenticationEvent.ts

@@ -0,0 +1,12 @@
+import {SecurityContext} from '../context/SecurityContext'
+import {Authenticatable} from '../types'
+import {BaseEvent} from '../../support/bus'
+
+export abstract class AuthenticationEvent extends BaseEvent {
+    constructor(
+        public readonly user: Authenticatable,
+        public readonly context: SecurityContext,
+    ) {
+        super()
+    }
+}

src/auth/event/UserAuthenticatedEvent.ts

@@ -0,0 +1,8 @@
+import {AuthenticationEvent} from './AuthenticationEvent'
+
+/**
+ * Event fired when a user is authenticated.
+ */
+export class UserAuthenticatedEvent extends AuthenticationEvent {
+    public readonly eventName = '@extollo/lib:UserAuthenticatedEvent'
+}

src/auth/event/UserAuthenticationResumedEvent.ts

@@ -0,0 +1,8 @@
+import {AuthenticationEvent} from './AuthenticationEvent'
+
+/**
+ * Event raised when a user is re-authenticated to a security context
+ */
+export class UserAuthenticationResumedEvent extends AuthenticationEvent {
+    public readonly eventName = '@extollo/lib:UserAuthenticationResumedEvent'
+}

src/auth/event/UserFlushedEvent.ts

@@ -0,0 +1,8 @@
+import {AuthenticationEvent} from './AuthenticationEvent'
+
+/**
+ * Event fired when a user is unauthenticated.
+ */
+export class UserFlushedEvent extends AuthenticationEvent {
+    public readonly eventName = '@extollo/lib:UserFlushedEvent'
+}

src/auth/index.ts

@@ -0,0 +1,42 @@
+export * from './types'
+export * from './AuthenticatableAlreadyExistsError'
+export * from './NotAuthorizedError'
+export * from './Authentication'
+
+export * from './context/SecurityContext'
+export * from './context/SessionSecurityContext'
+
+export * from './event/AuthenticationEvent'
+export * from './event/UserAuthenticatedEvent'
+export * from './event/UserAuthenticationResumedEvent'
+export * from './event/UserFlushedEvent'
+
+export * from './middleware/AuthRequiredMiddleware'
+export * from './middleware/GuestRequiredMiddleware'
+export * from './middleware/SessionAuthMiddleware'
+
+export * from './provider/basic/BasicLoginAttempt'
+export * from './provider/basic/BasicLoginProvider'
+export * from './provider/basic/BasicRegistrationAttempt'
+
+export * from './provider/oauth/OAuth2LoginProvider'
+export * from './provider/oauth/CoreIDLoginProvider'
+
+export * from './serial/AuthenticationEventSerializer'
+
+export * from './repository/orm/ORMUser'
+export * from './repository/orm/ORMUserRepository'
+
+export * from './config'
+
+export * from './server/types'
+export * from './server/models/OAuth2TokenModel'
+export * from './server/repositories/ConfigClientRepository'
+export * from './server/repositories/ConfigScopeRepository'
+export * from './server/repositories/ClientRepositoryFactory'
+export * from './server/repositories/ScopeRepositoryFactory'
+export * from './server/repositories/ORMTokenRepository'
+export * from './server/repositories/TokenRepositoryFactory'
+export * from './server/repositories/CacheRedemptionCodeRepository'
+export * from './server/repositories/RedemptionCodeRepositoryFactory'
+export * from './server/OAuth2Server'

src/auth/middleware/AuthRequiredMiddleware.ts

@@ -0,0 +1,36 @@
+import {Middleware} from '../../http/routing/Middleware'
+import {Inject, Injectable} from '../../di'
+import {SecurityContext} from '../context/SecurityContext'
+import {ResponseObject} from '../../http/routing/Route'
+import {error} from '../../http/response/ErrorResponseFactory'
+import {NotAuthorizedError} from '../NotAuthorizedError'
+import {HTTPStatus} from '../../util'
+import {redirect} from '../../http/response/RedirectResponseFactory'
+import {Routing} from '../../service/Routing'
+import {Session} from '../../http/session/Session'
+
+// TODO handle JSON and non-web
+
+@Injectable()
+export class AuthRequiredMiddleware extends Middleware {
+    @Inject()
+    protected readonly security!: SecurityContext
+
+    @Inject()
+    protected readonly routing!: Routing
+
+    @Inject()
+    protected readonly session!: Session
+
+    async apply(): Promise<ResponseObject> {
+        if ( !this.security.hasUser() ) {
+            this.session.set('@extollo:auth.intention', this.request.url)
+
+            if ( this.routing.hasNamedRoute('@auth:login') ) {
+                return redirect(this.routing.getNamedPath('@auth:login').toRemote)
+            } else {
+                return error(new NotAuthorizedError(), HTTPStatus.FORBIDDEN)
+            }
+        }
+    }
+}

src/auth/middleware/GuestRequiredMiddleware.ts

@@ -0,0 +1,30 @@
+import {Middleware} from '../../http/routing/Middleware'
+import {Inject, Injectable} from '../../di'
+import {SecurityContext} from '../context/SecurityContext'
+import {ResponseObject} from '../../http/routing/Route'
+import {error} from '../../http/response/ErrorResponseFactory'
+import {NotAuthorizedError} from '../NotAuthorizedError'
+import {HTTPStatus} from '../../util'
+import {Routing} from '../../service/Routing'
+import {redirect} from '../../http/response/RedirectResponseFactory'
+
+// TODO handle JSON and non-web
+
+@Injectable()
+export class GuestRequiredMiddleware extends Middleware {
+    @Inject()
+    protected readonly security!: SecurityContext
+
+    @Inject()
+    protected readonly routing!: Routing
+
+    async apply(): Promise<ResponseObject> {
+        if ( this.security.hasUser() ) {
+            if ( this.routing.hasNamedRoute('@auth.redirectFromGuest') ) {
+                return redirect(this.routing.getNamedPath('@auth.redirectFromGuest').toRemote)
+            } else {
+                return error(new NotAuthorizedError(), HTTPStatus.FORBIDDEN)
+            }
+        }
+    }
+}

src/auth/middleware/SessionAuthMiddleware.ts

@@ -0,0 +1,44 @@
+import {Middleware} from '../../http/routing/Middleware'
+import {Inject, Injectable, Instantiable} from '../../di'
+import {Config} from '../../service/Config'
+import {Logging} from '../../service/Logging'
+import {AuthenticatableRepository} from '../types'
+import {Maybe} from '../../util'
+import {AuthenticationConfig, isAuthenticationConfig} from '../config'
+import {ResponseObject} from '../../http/routing/Route'
+import {SessionSecurityContext} from '../context/SessionSecurityContext'
+import {SecurityContext} from '../context/SecurityContext'
+
+/**
+ * Injects a SessionSecurityContext into the request and attempts to
+ * resume the user's authentication.
+ */
+@Injectable()
+export class SessionAuthMiddleware extends Middleware {
+    @Inject()
+    protected readonly config!: Config
+
+    @Inject()
+    protected readonly logging!: Logging
+
+    async apply(): Promise<ResponseObject> {
+        this.logging.debug('Applying session auth middleware.')
+        const context = <SessionSecurityContext> this.make(SessionSecurityContext, this.getRepository())
+        this.request.registerSingletonInstance(SecurityContext, context)
+        await context.resume()
+    }
+
+    /**
+     * Build the correct AuthenticatableRepository based on the auth config.
+     * @protected
+     */
+    protected getRepository(): AuthenticatableRepository {
+        const config: Maybe<AuthenticationConfig> = this.config.get('auth')
+        if ( !isAuthenticationConfig(config) ) {
+            throw new TypeError('Invalid authentication config.')
+        }
+
+        const repo: Instantiable<AuthenticatableRepository> = config.storage
+        return this.make(repo)
+    }
+}

src/auth/provider/LoginProvider.ts

@@ -0,0 +1,74 @@
+import {Request} from '../../http/lifecycle/Request'
+import {ResponseObject, Route} from '../../http/routing/Route'
+import {GuestRequiredMiddleware} from '../middleware/GuestRequiredMiddleware'
+import {AuthRequiredMiddleware} from '../middleware/AuthRequiredMiddleware'
+import {Inject, Injectable} from '../../di'
+import {SecurityContext} from '../context/SecurityContext'
+import {redirect} from '../../http/response/RedirectResponseFactory'
+import {RequestLocalStorage} from '../../http/RequestLocalStorage'
+import {Session} from '../../http/session/Session'
+
+export interface LoginProviderConfig {
+    default: boolean,
+    allow?: {
+        login?: boolean,
+        registration?: boolean,
+    },
+}
+
+@Injectable()
+export abstract class LoginProvider<TConfig extends LoginProviderConfig> {
+    @Inject()
+    protected readonly request!: RequestLocalStorage
+
+    protected get security(): SecurityContext {
+        return this.request.get().make(SecurityContext)
+    }
+
+    constructor(
+        protected name: string,
+        protected config: TConfig,
+    ) {}
+
+    public routes(): void {
+        Route.get('login')
+            .alias(`@auth:${this.name}:login`)
+            .pipe(line => line.when(this.config.default, route => route.alias('@auth:login')))
+            .pre(GuestRequiredMiddleware)
+            .passingRequest()
+            .handledBy(this.login.bind(this))
+
+        Route.any('logout')
+            .alias(`@auth:${this.name}:logout`)
+            .pipe(line => line.when(this.config.default, route => route.alias('@auth:logout')))
+            .pre(AuthRequiredMiddleware)
+            .passingRequest()
+            .handledBy(this.logout.bind(this))
+
+        Route.get('register')
+            .alias(`@auth:${this.name}:register`)
+            .pipe(line => line.when(this.config.default, route => route.alias('@auth:register')))
+            .pre(GuestRequiredMiddleware)
+            .passingRequest()
+            .handledBy(this.registration.bind(this))
+    }
+
+    public abstract login(request: Request): ResponseObject
+
+    public abstract logout(request: Request): ResponseObject
+
+    public registration(request: Request): ResponseObject {
+        return this.login(request)
+    }
+
+    protected redirectToIntendedRoute(): ResponseObject {
+        const intent = this.request
+            .get()
+            .make<Session>(Session)
+            .safe('@extollo:auth.intention')
+            .or('/')
+            .string()
+
+        return redirect(intent)
+    }
+}

src/auth/provider/basic/BasicLoginAttempt.ts

@@ -0,0 +1,8 @@
+import { z } from 'zod'
+
+export type BasicLoginAttempt = z.infer<typeof BasicLoginAttemptType>
+
+export const BasicLoginAttemptType = z.object({
+    username: z.string().nonempty(),
+    password: z.string().nonempty(),
+})

src/auth/provider/basic/BasicLoginProvider.ts

@@ -0,0 +1,75 @@
+import {LoginProvider, LoginProviderConfig} from '../LoginProvider'
+import {ResponseObject, Route} from '../../../http/routing/Route'
+import {view} from '../../../http/response/ViewResponseFactory'
+import {Valid, Validator} from '../../../validation/Validator'
+import {BasicLoginAttempt, BasicLoginAttemptType} from './BasicLoginAttempt'
+import {BasicRegistrationAttempt, BasicRegistrationAttemptType} from './BasicRegistrationAttempt'
+
+/**
+ * LoginProvider implementation that provides basic username/password login.
+ */
+export class BasicLoginProvider extends LoginProvider<LoginProviderConfig> {
+    public routes(): void {
+        super.routes()
+
+        Route.post('/login')
+            .alias(`@auth:${this.name}:login.submit`)
+            .input(Validator.fromSchema<BasicLoginAttempt>(BasicLoginAttemptType))
+            .handledBy((...p) => this.attemptLogin(...p))
+
+        Route.post('/register')
+            .alias(`@auth:${this.name}:register.submit`)
+            .input(Validator.fromSchema<BasicRegistrationAttempt>(BasicRegistrationAttemptType))
+            .handledBy((...p) => this.attemptRegistration(...p))
+    }
+
+    public login(): ResponseObject {
+        return view('@extollo:auth:login')
+    }
+
+    public async logout(): Promise<ResponseObject> {
+        await this.security.flush()
+        return view('@extollo:auth:logout')
+    }
+
+    public registration(): ResponseObject {
+        return view('@extollo:auth:register')
+    }
+
+    /** Attempt to authenticate the user with a username/password. */
+    public async attemptLogin(attempt: Valid<BasicLoginAttempt>): Promise<ResponseObject> {
+        const user = await this.security.repository.getByIdentifier(attempt.username)
+        if ( !user ) {
+            throw new Error('TODO')
+        }
+
+        if ( !(await user.validateCredential(attempt.password)) ) {
+            throw new Error('TODO')
+        }
+
+        await this.security.authenticate(user)
+        return this.redirectToIntendedRoute()
+    }
+
+    /** Attempt to register the user with a username/password. */
+    public async attemptRegistration(attempt: Valid<BasicRegistrationAttempt>): Promise<ResponseObject> {
+        const existingUser = await this.security.repository.getByIdentifier(attempt.username)
+        if ( existingUser ) {
+            throw new Error('TODO')
+        }
+
+        if ( attempt.password !== attempt.passwordConfirmation ) {
+            throw new Error('TODO')
+        }
+
+        const user = await this.security.repository.createFromCredentials(attempt.username, attempt.password)
+        ;(user as any).firstName = attempt.firstName
+        ;(user as any).lastName = attempt.lastName
+        if ( typeof (user as any).save === 'function' ) {
+            await (user as any).save()
+        }
+
+        await this.security.authenticate(user)
+        return this.redirectToIntendedRoute()
+    }
+}

src/auth/provider/basic/BasicRegistrationAttempt.ts

@@ -0,0 +1,19 @@
+import { z } from 'zod'
+
+export type BasicRegistrationAttempt = z.infer<typeof BasicRegistrationAttemptType>
+
+export const BasicRegistrationAttemptType = z.object({
+    firstName: z.string().nonempty(),
+
+    lastName: z.string().nonempty(),
+
+    username: z.string().nonempty(),
+
+    password: z.string()
+        .nonempty()
+        .min(8),
+
+    passwordConfirmation: z.string()
+        .nonempty()
+        .min(8),
+})

src/auth/provider/oauth/CoreIDLoginProvider.ts

@@ -0,0 +1,101 @@
+/* eslint camelcase: 0 */
+import {OAuth2LoginProvider, OAuth2LoginProviderConfig} from './OAuth2LoginProvider'
+import {Authenticatable} from '../../types'
+import {Request} from '../../../http/lifecycle/Request'
+import {ErrorWithContext, uuid4, fetch} from '../../../util'
+
+/**
+ * OAuth2LoginProvider implementation that authenticates users against a
+ * Starship CoreID server.
+ */
+export class CoreIDLoginProvider extends OAuth2LoginProvider<OAuth2LoginProviderConfig> {
+    protected async callback(request: Request): Promise<Authenticatable> {
+        // Get authentication_code from the request
+        const code = String(request.input('code') || '')
+        if ( !code ) {
+            throw new ErrorWithContext('Unable to authenticate user: missing login code', {
+                input: request.input(),
+            })
+        }
+
+        // Get OAuth2 token from CoreID
+        const token = await this.getToken(code)
+
+        // Get user from endpoint
+        const userData = await this.getUserData(token)
+
+        // Return authenticatable instance
+        const existing = await this.security.repository.getByIdentifier(userData.uid)
+        if ( existing ) {
+            this.updateUser(existing, userData)
+            return existing
+        }
+
+        const user = await this.security.repository.createFromCredentials(userData.uid, uuid4())
+        this.updateUser(user, userData)
+        return user
+    }
+
+    /** Given an access token, look up the associated user's information. */
+    protected async getUserData(token: string): Promise<any> {
+        const userResponse = await fetch(
+            this.config.userUrl,
+            {
+                method: 'GET',
+                headers: {
+                    Authorization: `Bearer ${token}`,
+                },
+            },
+        )
+
+        const userData: any = await userResponse.json()
+        if ( !userData?.data?.uid ) {
+            throw new ErrorWithContext('Unable to extract user from response', {
+                userData,
+            })
+        }
+
+        return userData.data
+    }
+
+    /** Given a login code, redeem it for an access token. */
+    protected async getToken(code: string): Promise<string> {
+        const body: string[] = [
+            'code=' + encodeURIComponent(code),
+            'client_id=' + encodeURIComponent(this.config.clientId),
+            'client_secret=' + encodeURIComponent(this.config.clientSecret),
+            'grant_type=authorization_code',
+        ]
+
+        const response = await fetch(
+            this.config.tokenUrl,
+            {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/x-www-form-urlencoded',
+                },
+                body: body.join('&'),
+            },
+        )
+
+        const data = await response.json()
+        const token = (data as any).access_token
+        if ( !token ) {
+            throw new ErrorWithContext('Unable to obtain access token from response', {
+                data,
+            })
+        }
+
+        return String(token)
+    }
+
+    /** Update values on the Authenticatable from user data. */
+    // eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types
+    protected updateUser(user: any, data: any): void {
+        user.firstName = data.first_name
+        user.lastName = data.last_name
+        user.email = data.email
+        user.tagline = data.tagline
+        user.photoUrl = data.profile_photo
+    }
+}

src/auth/provider/oauth/OAuth2LoginProvider.ts

@@ -0,0 +1,98 @@
+import {LoginProvider, LoginProviderConfig} from '../LoginProvider'
+import {ResponseObject, Route} from '../../../http/routing/Route'
+import {Inject, Injectable} from '../../../di'
+import {Routing} from '../../../service/Routing'
+import {GuestRequiredMiddleware} from '../../middleware/GuestRequiredMiddleware'
+import {redirect} from '../../../http/response/RedirectResponseFactory'
+import {view} from '../../../http/response/ViewResponseFactory'
+import {Request} from '../../../http/lifecycle/Request'
+import {Awaitable} from '../../../util'
+import {Authenticatable} from '../../types'
+
+export interface OAuth2LoginProviderConfig extends LoginProviderConfig {
+    displayName: string,
+    clientId: string|number
+    clientSecret: string
+    loginUrl: string
+    loginMessage?: string
+    logoutUrl?: string
+    tokenUrl: string,
+    userUrl: string,
+}
+
+/**
+ * LoginProvider implementation for OAuth2-based logins.
+ */
+@Injectable()
+export abstract class OAuth2LoginProvider<TConfig extends OAuth2LoginProviderConfig> extends LoginProvider<TConfig> {
+    @Inject()
+    protected readonly routing!: Routing
+
+    public routes(): void {
+        super.routes()
+
+        Route.any('redirect')
+            .alias(`@auth:${this.name}:redirect`)
+            .pre(GuestRequiredMiddleware)
+            .handledBy(() => redirect(this.getLoginUrl()))
+
+        Route.any('callback')
+            .alias(`@auth:${this.name}:callback`)
+            .pre(GuestRequiredMiddleware)
+            .passingRequest()
+            .handledBy(this.handleCallback.bind(this))
+    }
+
+    protected async handleCallback(request: Request): Promise<ResponseObject> {
+        const user = await this.callback(request)
+        if ( user ) {
+            await this.security.authenticate(user)
+            return this.redirectToIntendedRoute()
+        }
+
+        return redirect(this.routing.getNamedPath(`@auth:${this.name}:login`).toRemote)
+    }
+
+    /**
+     * After redirecting back from the OAuth2 server, look up the user information.
+     * @param request
+     * @protected
+     */
+    protected abstract callback(request: Request): Awaitable<Authenticatable>
+
+    public login(): ResponseObject {
+        const buttonUrl = this.routing
+            .getNamedPath(`@auth:${this.name}:redirect`)
+            .toRemote
+
+        return view('@extollo:auth:message', {
+            message: this.config.loginMessage ?? `Sign-in with ${this.config.displayName} to continue`,
+            buttonText: 'Sign-in',
+            buttonUrl,
+        })
+    }
+
+    public async logout(): Promise<ResponseObject> {
+        await this.security.flush()
+
+        if ( this.config.logoutUrl ) {
+            return redirect(this.config.logoutUrl)
+        }
+
+        return view('@extollo:auth:message', {
+            message: 'You have been signed-out',
+        })
+    }
+
+    /**
+     * Get the URL where the user should be redirected to sign-in.
+     * @protected
+     */
+    protected getLoginUrl(): string {
+        const callbackRoute = this.routing.getNamedPath(`@auth:${this.name}:callback`)
+
+        return this.config.loginUrl
+            .replace(/%c/g, String(this.config.clientId))
+            .replace(/%r/g, callbackRoute.toRemote)
+    }
+}

src/auth/repository/orm/ORMUser.ts

@@ -0,0 +1,77 @@
+import * as bcrypt from 'bcrypt'
+import {Field, FieldType, Model} from '../../../orm'
+import {Authenticatable, AuthenticatableIdentifier} from '../../types'
+import {Injectable} from '../../../di'
+import {Awaitable, JSONState} from '../../../util'
+
+/**
+ * A basic ORM-driven user class.
+ */
+@Injectable()
+export class ORMUser extends Model implements Authenticatable {
+
+    protected static table = 'users'
+
+    protected static key = 'user_id'
+
+    /** The primary key of the user in the table. */
+    @Field(FieldType.serial, 'user_id')
+    public userId!: number
+
+    /** The unique string-identifier of the user. */
+    @Field(FieldType.varchar)
+    public username!: string
+
+    /** The user's first name. */
+    @Field(FieldType.varchar, 'first_name')
+    public firstName?: string
+
+    /** The user's last name. */
+    @Field(FieldType.varchar, 'last_name')
+    public lastName?: string
+
+    /** The hashed and salted password of the user. */
+    @Field(FieldType.varchar, 'password_hash')
+    public passwordHash!: string
+
+    /** Human-readable display name of the user. */
+    getDisplay(): string {
+        if ( this.firstName || this.lastName ) {
+            return `${this.firstName} ${this.lastName}`
+        }
+
+        return this.username
+    }
+
+    /** Globally-unique identifier of the user. */
+    getUniqueIdentifier(): AuthenticatableIdentifier {
+        return `user-${this.userId}`
+    }
+
+    /** Unique identifier of the user. */
+    getIdentifier(): AuthenticatableIdentifier {
+        return this.username
+    }
+
+    /** Check if the provided password is valid for the user. */
+    verifyPassword(password: string): Awaitable<boolean> {
+        return bcrypt.compare(password, this.passwordHash)
+    }
+
+    /** Change the user's password, hashing it. */
+    async setPassword(password: string): Promise<void> {
+        this.passwordHash = await bcrypt.hash(password, 10)
+    }
+
+    validateCredential(credential: string): Awaitable<boolean> {
+        return this.verifyPassword(credential)
+    }
+
+    async dehydrate(): Promise<JSONState> {
+        return this.toQueryRow()
+    }
+
+    async rehydrate(state: JSONState): Promise<void> {
+        await this.assumeFromSource(state)
+    }
+}

src/auth/repository/orm/ORMUserRepository.ts

@@ -0,0 +1,51 @@
+import {
+    Authenticatable,
+    AuthenticatableIdentifier,
+    AuthenticatableRepository,
+} from '../../types'
+import {Awaitable, Maybe, uuid4} from '../../../util'
+import {ORMUser} from './ORMUser'
+import {Container, Inject, Injectable} from '../../../di'
+import {AuthenticatableAlreadyExistsError} from '../../AuthenticatableAlreadyExistsError'
+
+/**
+ * A user repository implementation that looks up users stored in the database.
+ */
+@Injectable()
+export class ORMUserRepository extends AuthenticatableRepository {
+    @Inject('injector')
+    protected readonly injector!: Container
+
+    /** Look up the user by their username. */
+    getByIdentifier(id: AuthenticatableIdentifier): Awaitable<Maybe<Authenticatable>> {
+        return (this.injector.getStaticOverride(ORMUser) as typeof ORMUser).query()
+            .where('username', '=', id)
+            .first()
+    }
+
+    /** Returns true if this repository supports registering users. */
+    supportsRegistration(): boolean {
+        return true
+    }
+
+    /** Create a user in this repository from basic credentials. */
+    async createFromCredentials(username: string, password: string): Promise<Authenticatable> {
+        if ( await this.getByIdentifier(username) ) {
+            throw new AuthenticatableAlreadyExistsError(`Authenticatable already exists with credentials.`, {
+                username,
+            })
+        }
+
+        const user = <ORMUser> this.injector.makeByStaticOverride(ORMUser)
+        user.username = username
+        await user.setPassword(password)
+        await user.save()
+
+        return user
+    }
+
+    /** Create a user in this repository from an external Authenticatable instance. */
+    async createFromExternal(user: Authenticatable): Promise<Authenticatable> {
+        return this.createFromCredentials(String(user.getUniqueIdentifier()), uuid4())
+    }
+}

src/auth/serial/AuthenticationEventSerializer.ts

@@ -0,0 +1,54 @@
+import {BaseSerializer, ObjectSerializer, SerialPayload} from '../../support/bus'
+import {AuthenticationEvent} from '../event/AuthenticationEvent'
+import {ErrorWithContext, JSONState} from '../../util'
+import {Authenticatable} from '../types'
+import {StaticInstantiable} from '../../di'
+import {SecurityContext} from '../context/SecurityContext'
+import {UserAuthenticatedEvent} from '../event/UserAuthenticatedEvent'
+import {UserAuthenticationResumedEvent} from '../event/UserAuthenticationResumedEvent'
+import {UserFlushedEvent} from '../event/UserFlushedEvent'
+
+export interface AuthenticationEventSerialPayload extends JSONState {
+    user: SerialPayload<Authenticatable, JSONState>
+    eventName: string
+}
+
+@ObjectSerializer()
+export class AuthenticationEventSerializer extends BaseSerializer<AuthenticationEvent, AuthenticationEventSerialPayload> {
+    protected async decodeSerial(serial: AuthenticationEventSerialPayload): Promise<AuthenticationEvent> {
+        const user = await this.getSerialization().decode(serial.user)
+        const context = await this.getRequest().make(SecurityContext)
+
+        const EventClass = this.getEventClass(serial.eventName)
+        return new EventClass(user, context)
+    }
+
+    protected async encodeActual(actual: AuthenticationEvent): Promise<AuthenticationEventSerialPayload> {
+        return {
+            eventName: actual.eventName,
+            user: await this.getSerialization().encode(actual.user),
+        }
+    }
+
+    protected getName(): string {
+        return '@extollo/lib:AuthenticationEventSerializer'
+    }
+
+    matchActual(some: AuthenticationEvent): boolean {
+        return some instanceof AuthenticationEvent
+    }
+
+    protected getEventClass(name: string): StaticInstantiable<AuthenticationEvent> {
+        if ( name === '@extollo/lib:UserAuthenticatedEvent' ) {
+            return UserAuthenticatedEvent
+        } else if ( name === '@extollo/lib:UserAuthenticationResumedEvent' ) {
+            return UserAuthenticationResumedEvent
+        } else if ( name === '@extollo/lib:UserFlushedEvent' ) {
+            return UserFlushedEvent
+        }
+
+        throw new ErrorWithContext('Unable to map event name to AuthenticationEvent implementation', {
+            eventName: name,
+        })
+    }
+}

src/auth/server/OAuth2Server.ts

@@ -0,0 +1,158 @@
+import {Controller} from '../../http/Controller'
+import {Injectable} from '../../di'
+import {ResponseObject, Route} from '../../http/routing/Route'
+import {Request} from '../../http/lifecycle/Request'
+import {Session} from '../../http/session/Session'
+import {
+    ClientRepository,
+    OAuth2Client,
+    OAuth2FlowType,
+    OAuth2Scope,
+    RedemptionCodeRepository,
+    ScopeRepository,
+} from './types'
+import {HTTPError} from '../../http/HTTPError'
+import {HTTPStatus, Maybe} from '../../util'
+import {view} from '../../http/response/ViewResponseFactory'
+import {SecurityContext} from '../context/SecurityContext'
+import {redirect} from '../../http/response/RedirectResponseFactory'
+import {AuthRequiredMiddleware} from '../middleware/AuthRequiredMiddleware'
+
+@Injectable()
+export class OAuth2Server extends Controller {
+    public static routes(): void {
+        Route.get('/oauth2/authorize')
+            .alias('@oauth2:authorize')
+            .pre(AuthRequiredMiddleware)
+            .passingRequest()
+            .calls<OAuth2Server>(OAuth2Server, x => x.promptForAuthorization)
+
+        Route.post('/oauth2/authorize')
+            .alias('@oauth2:authorize:submit')
+            .pre(AuthRequiredMiddleware)
+            .passingRequest()
+            .calls<OAuth2Server>(OAuth2Server, x => x.authorizeAndRedirect)
+
+        Route.post('/oauth2/redeem')
+            .alias('@oauth2:authorize:redeem')
+            .passingRequest()
+            .calls<OAuth2Server>(OAuth2Server, x => x.redeemToken)
+    }
+
+    async redeemToken(request: Request): Promise<ResponseObject> {
+        const authParts = String(request.getHeader('Authorization')).split(':')
+        if ( authParts.length !== 2 ) {
+            throw new HTTPError(HTTPStatus.BAD_REQUEST)
+        }
+
+        const clientRepo = <ClientRepository> request.make(ClientRepository)
+        const [clientId, clientSecret] = authParts
+        const client = await clientRepo.find(clientId)
+        if ( !client || client.secret !== clientSecret ) {
+            throw new HTTPError(HTTPStatus.UNAUTHORIZED)
+        }
+
+        const codeRepo = <RedemptionCodeRepository> request.make(RedemptionCodeRepository)
+        const codeString = request.safe('code').string()
+        const code = await codeRepo.find(codeString)
+        if ( !code ) {
+            throw new HTTPError(HTTPStatus.BAD_REQUEST)
+        }
+
+
+    }
+
+    async authorizeAndRedirect(request: Request): Promise<ResponseObject> {
+        // Look up the client in the client repo
+        const session = <Session> request.make(Session)
+        const clientId = session.safe('oauth2.authorize.clientId').string()
+        const client = await this.getClient(request, clientId)
+
+        const flowType = session.safe('oauth2.authorize.flow').in(client.allowedFlows)
+        if ( flowType === OAuth2FlowType.code ) {
+            return this.authorizeCodeFlow(request, client)
+        }
+    }
+
+    protected async authorizeCodeFlow(request: Request, client: OAuth2Client): Promise<ResponseObject> {
+        const session = <Session> request.make(Session)
+        const security = <SecurityContext> request.make(SecurityContext)
+        const codeRepository = <RedemptionCodeRepository> request.make(RedemptionCodeRepository)
+
+        const user = security.user()
+        const scope = session.get('oauth2.authorize.scope')
+        const redirectUri = session.safe('oauth2.authorize.redirectUri').in(client.allowedRedirectUris)
+
+        // FIXME store authorization
+
+        const code = await codeRepository.issue(user, client, scope)
+        const uri = new URL(redirectUri)
+        uri.searchParams.set('code', code.code)
+        return redirect(uri)
+    }
+
+    async promptForAuthorization(request: Request): Promise<ResponseObject> {
+        // Look up the client in the client repo
+        const clientId = request.safe('client_id').string()
+        const client = await this.getClient(request, clientId)
+
+        // Make sure the requested flow type is valid for this client
+        const session = <Session> request.make(Session)
+        const flowType = request.safe('response_type').in(client.allowedFlows)
+        const redirectUri = request.safe('redirect_uri').in(client.allowedRedirectUris)
+        session.set('oauth2.authorize.clientId', client.id)
+        session.set('oauth2.authorize.flow', flowType)
+        session.set('oauth2.authorize.redirectUri', redirectUri)
+
+        // Set the state if necessary
+        const state = request.input('state') || ''
+        if ( state ) {
+            session.set('oauth2.authorize.state', String(state))
+        } else {
+            session.forget('oauth2.authorize.state')
+        }
+
+        // If the request specified a scope, validate it and set it in the session
+        const scope = await this.getScope(request, client)
+
+        // Show a view prompting the user to approve the access
+        return view('@extollo:oauth2:authorize', {
+            clientName: client.display,
+            scopeDescription: scope?.description,
+            redirectDomain: (new URL(redirectUri)).host,
+        })
+    }
+
+    protected async getClient(request: Request, clientId: string): Promise<OAuth2Client> {
+        const clientRepo = <ClientRepository> request.make(ClientRepository)
+        const client = await clientRepo.find(clientId)
+        if ( !client ) {
+            throw new HTTPError(HTTPStatus.BAD_REQUEST, 'Invalid client configuration', {
+                clientId,
+            })
+        }
+
+        return client
+    }
+
+    protected async getScope(request: Request, client: OAuth2Client): Promise<Maybe<OAuth2Scope>> {
+        const session = <Session> request.make(Session)
+        const scopeName = String(request.input('scope') || '')
+        let scope: Maybe<OAuth2Scope> = undefined
+        if ( scopeName ) {
+            const scopeRepo = <ScopeRepository> request.make(ScopeRepository)
+            scope = await scopeRepo.findByName(scopeName)
+            if ( !scope || !client.allowedScopeIds.includes(scope.id) ) {
+                throw new HTTPError(HTTPStatus.BAD_REQUEST, 'Invalid scope', {
+                    scopeName,
+                })
+            }
+
+            session.set('oauth2.authorize.scope', scope.id)
+        } else {
+            session.forget('oauth2.authorize.state')
+        }
+
+        return scope
+    }
+}

src/auth/server/models/OAuth2TokenModel.ts

@@ -0,0 +1,30 @@
+import {Field, FieldType, Model} from '../../../orm'
+import {OAuth2Token} from '../types'
+
+export class OAuth2TokenModel extends Model implements OAuth2Token {
+    public static table = 'oauth2_tokens'
+
+    public static key = 'oauth2_token_id'
+
+    @Field(FieldType.serial, 'oauth2_token_id')
+    protected oauth2TokenId!: number
+
+    public get id(): string {
+        return String(this.oauth2TokenId)
+    }
+
+    @Field(FieldType.varchar, 'user_id')
+    public userId!: string
+
+    @Field(FieldType.varchar, 'client_id')
+    public clientId!: string
+
+    @Field(FieldType.timestamp)
+    public issued!: Date
+
+    @Field(FieldType.timestamp)
+    public expires!: Date
+
+    @Field(FieldType.varchar)
+    public scope?: string
+}

src/auth/server/repositories/CacheRedemptionCodeRepository.ts

@@ -0,0 +1,33 @@
+import {isOAuth2RedemptionCode, OAuth2Client, OAuth2RedemptionCode, RedemptionCodeRepository} from '../types'
+import {Inject, Injectable} from '../../../di'
+import {Cache, Maybe, uuid4} from '../../../util'
+import {Authenticatable} from '../../types'
+
+@Injectable()
+export class CacheRedemptionCodeRepository extends RedemptionCodeRepository {
+    @Inject()
+    protected readonly cache!: Cache
+
+    async find(codeString: string): Promise<Maybe<OAuth2RedemptionCode>> {
+        const cacheKey = `@extollo:oauth2:redemption:${codeString}`
+        if ( await this.cache.has(cacheKey) ) {
+            const code = await this.cache.safe(cacheKey).then(x => x.json())
+            if ( isOAuth2RedemptionCode(code) ) {
+                return code
+            }
+        }
+    }
+
+    async issue(user: Authenticatable, client: OAuth2Client, scope?: string): Promise<OAuth2RedemptionCode> {
+        const code = {
+            scope,
+            clientId: client.id,
+            userId: user.getUniqueIdentifier(),
+            code: uuid4(),
+        }
+
+        const cacheKey = `@extollo:oauth2:redemption:${code.code}`
+        await this.cache.put(cacheKey, JSON.stringify(code))
+        return code
+    }
+}

src/auth/server/repositories/ClientRepositoryFactory.ts

@@ -0,0 +1,74 @@
+import {
+    AbstractFactory,
+    Container,
+    DependencyRequirement,
+    PropertyDependency,
+    isInstantiable,
+    DEPENDENCY_KEYS_METADATA_KEY,
+    DEPENDENCY_KEYS_PROPERTY_METADATA_KEY, Instantiable, FactoryProducer,
+} from '../../../di'
+import {Collection, ErrorWithContext} from '../../../util'
+import {Config} from '../../../service/Config'
+import {ClientRepository} from '../types'
+import {ConfigClientRepository} from './ConfigClientRepository'
+
+/**
+ * A dependency injection factory that matches the abstract ClientRepository class
+ * and produces an instance of the configured repository driver implementation.
+ */
+@FactoryProducer()
+export class ClientRepositoryFactory extends AbstractFactory<ClientRepository> {
+    protected get config(): Config {
+        return Container.getContainer().make<Config>(Config)
+    }
+
+    produce(): ClientRepository {
+        return new (this.getClientRepositoryClass())()
+    }
+
+    match(something: unknown): boolean {
+        return something === ClientRepository
+    }
+
+    getDependencyKeys(): Collection<DependencyRequirement> {
+        const meta = Reflect.getMetadata(DEPENDENCY_KEYS_METADATA_KEY, this.getClientRepositoryClass())
+        if ( meta ) {
+            return meta
+        }
+        return new Collection<DependencyRequirement>()
+    }
+
+    getInjectedProperties(): Collection<PropertyDependency> {
+        const meta = new Collection<PropertyDependency>()
+        let currentToken = this.getClientRepositoryClass()
+
+        do {
+            const loadedMeta = Reflect.getMetadata(DEPENDENCY_KEYS_PROPERTY_METADATA_KEY, currentToken)
+            if ( loadedMeta ) {
+                meta.concat(loadedMeta)
+            }
+            currentToken = Object.getPrototypeOf(currentToken)
+        } while (Object.getPrototypeOf(currentToken) !== Function.prototype && Object.getPrototypeOf(currentToken) !== Object.prototype)
+
+        return meta
+    }
+
+    /**
+     * Return the instantiable class of the configured client repository backend.
+     * @protected
+     * @return Instantiable<ClientRepository>
+     */
+    protected getClientRepositoryClass(): Instantiable<ClientRepository> {
+        const ClientRepositoryClass = this.config.get('oauth2.repository.client', ConfigClientRepository)
+
+        if ( !isInstantiable(ClientRepositoryClass) || !(ClientRepositoryClass.prototype instanceof ClientRepository) ) {
+            const e = new ErrorWithContext('Provided client repository class does not extend from @extollo/lib.ClientRepository')
+            e.context = {
+                configKey: 'oauth2.repository.client',
+                class: ClientRepositoryClass.toString(),
+            }
+        }
+
+        return ClientRepositoryClass
+    }
+}

src/auth/server/repositories/ConfigClientRepository.ts

@@ -0,0 +1,22 @@
+import {ClientRepository, OAuth2Client, isOAuth2Client} from '../types'
+import {Awaitable, ErrorWithContext, Maybe} from '../../../util'
+import {Inject, Injectable} from '../../../di'
+import {Config} from '../../../service/Config'
+
+@Injectable()
+export class ConfigClientRepository extends ClientRepository {
+    @Inject()
+    protected readonly config!: Config
+
+    find(id: string): Awaitable<Maybe<OAuth2Client>> {
+        const client = this.config.get(`oauth2.clients.${id}`)
+        if ( !isOAuth2Client(client) ) {
+            throw new ErrorWithContext('Invalid OAuth2 client configuration', {
+                id,
+                client,
+            })
+        }
+
+        return client
+    }
+}

src/auth/server/repositories/ConfigScopeRepository.ts

@@ -0,0 +1,21 @@
+import {isOAuth2Scope, OAuth2Scope, ScopeRepository} from '../types'
+import {Inject, Injectable} from '../../../di'
+import {Config} from '../../../service/Config'
+import {Awaitable, Maybe} from '../../../util'
+
+@Injectable()
+export class ConfigScopeRepository extends ScopeRepository {
+    @Inject()
+    protected readonly config!: Config
+
+    find(id: string): Awaitable<Maybe<OAuth2Scope>> {
+        const scope = this.config.get(`oauth2.scopes.${id}`)
+        if ( isOAuth2Scope(scope) ) {
+            return scope
+        }
+    }
+
+    findByName(name: string): Awaitable<Maybe<OAuth2Scope>> {
+        return this.find(name)
+    }
+}

src/auth/server/repositories/ORMTokenRepository.ts

@@ -0,0 +1,88 @@
+import {isOAuth2Token, OAuth2Client, OAuth2Token, oauth2TokenString, OAuth2TokenString, TokenRepository} from '../types'
+import {Inject, Injectable} from '../../../di'
+import {Maybe} from '../../../util'
+import {OAuth2TokenModel} from '../models/OAuth2TokenModel'
+import {Config} from '../../../service/Config'
+import * as jwt from 'jsonwebtoken'
+import {Authenticatable} from '../../types'
+
+@Injectable()
+export class ORMTokenRepository extends TokenRepository {
+    @Inject()
+    protected readonly config!: Config
+
+    async find(id: string): Promise<Maybe<OAuth2Token>> {
+        const idNum = parseInt(id, 10)
+        if ( !isNaN(idNum) ) {
+            return OAuth2TokenModel.query()
+                .whereKey(idNum)
+                .first()
+        }
+    }
+
+    async issue(user: Authenticatable, client: OAuth2Client, scope?: string): Promise<OAuth2Token> {
+        const expiration = this.config.safe('outh2.token.lifetimeSeconds')
+            .or(60 * 60 * 6)
+            .integer() * 1000
+
+        const token = new OAuth2TokenModel()
+        token.scope = scope
+        token.userId = String(user.getUniqueIdentifier())
+        token.clientId = client.id
+        token.issued = new Date()
+        token.expires = new Date(Math.floor(Date.now() + expiration))
+        await token.save()
+
+        return token
+    }
+
+    async encode(token: OAuth2Token): Promise<OAuth2TokenString> {
+        const secret = this.config.safe('oauth2.secret').string()
+        const payload = {
+            id: token.id,
+            userId: token.userId,
+            clientId: token.clientId,
+            iat: Math.floor(token.issued.valueOf() / 1000),
+            exp: Math.floor(token.expires.valueOf() / 1000),
+            ...(token.scope ? { scope: token.scope } : {}),
+        }
+
+        const generated = await new Promise<string>((res, rej) => {
+            jwt.sign(payload, secret, {}, (err, gen) => {
+                if (err || err === null || !gen) {
+                    rej(err || new Error('Unable to encode JWT.'))
+                } else {
+                    res(gen)
+                }
+            })
+        })
+
+        return oauth2TokenString(generated)
+    }
+
+    async decode(token: OAuth2TokenString): Promise<Maybe<OAuth2Token>> {
+        const secret = this.config.safe('oauth2.secret').string()
+        const decoded = await new Promise<any>((res, rej) => {
+            jwt.verify(token, secret, {}, (err, payload) => {
+                if ( err ) {
+                    rej(err)
+                } else {
+                    res(payload)
+                }
+            })
+        })
+
+        const value = {
+            id: decoded.id,
+            userId: decoded.userId,
+            clientId: decoded.clientId,
+            issued: new Date(decoded.iat * 1000),
+            expires: new Date(decoded.exp * 1000),
+            ...(decoded.scope ? { scope: decoded.scope } : {}),
+        }
+
+        if ( isOAuth2Token(value) ) {
+            return value
+        }
+    }
+}

src/auth/server/repositories/RedemptionCodeRepositoryFactory.ts

@@ -0,0 +1,74 @@
+import {
+    AbstractFactory,
+    Container,
+    DependencyRequirement,
+    PropertyDependency,
+    isInstantiable,
+    DEPENDENCY_KEYS_METADATA_KEY,
+    DEPENDENCY_KEYS_PROPERTY_METADATA_KEY, Instantiable, FactoryProducer,
+} from '../../../di'
+import {Collection, ErrorWithContext} from '../../../util'
+import {Config} from '../../../service/Config'
+import {RedemptionCodeRepository} from '../types'
+import {CacheRedemptionCodeRepository} from './CacheRedemptionCodeRepository'
+
+/**
+ * A dependency injection factory that matches the abstract RedemptionCodeRepository class
+ * and produces an instance of the configured repository driver implementation.
+ */
+@FactoryProducer()
+export class RedemptionCodeRepositoryFactory extends AbstractFactory<RedemptionCodeRepository> {
+    protected get config(): Config {
+        return Container.getContainer().make<Config>(Config)
+    }
+
+    produce(): RedemptionCodeRepository {
+        return new (this.getRedemptionCodeRepositoryClass())()
+    }
+
+    match(something: unknown): boolean {
+        return something === RedemptionCodeRepository
+    }
+
+    getDependencyKeys(): Collection<DependencyRequirement> {
+        const meta = Reflect.getMetadata(DEPENDENCY_KEYS_METADATA_KEY, this.getRedemptionCodeRepositoryClass())
+        if ( meta ) {
+            return meta
+        }
+        return new Collection<DependencyRequirement>()
+    }
+
+    getInjectedProperties(): Collection<PropertyDependency> {
+        const meta = new Collection<PropertyDependency>()
+        let currentToken = this.getRedemptionCodeRepositoryClass()
+
+        do {
+            const loadedMeta = Reflect.getMetadata(DEPENDENCY_KEYS_PROPERTY_METADATA_KEY, currentToken)
+            if ( loadedMeta ) {
+                meta.concat(loadedMeta)
+            }
+            currentToken = Object.getPrototypeOf(currentToken)
+        } while (Object.getPrototypeOf(currentToken) !== Function.prototype && Object.getPrototypeOf(currentToken) !== Object.prototype)
+
+        return meta
+    }
+
+    /**
+     * Return the instantiable class of the configured client repository backend.
+     * @protected
+     * @return Instantiable<RedemptionCodeRepository>
+     */
+    protected getRedemptionCodeRepositoryClass(): Instantiable<RedemptionCodeRepository> {
+        const RedemptionCodeRepositoryClass = this.config.get('oauth2.repository.client', CacheRedemptionCodeRepository)
+
+        if ( !isInstantiable(RedemptionCodeRepositoryClass) || !(RedemptionCodeRepositoryClass.prototype instanceof RedemptionCodeRepository) ) {
+            const e = new ErrorWithContext('Provided client repository class does not extend from @extollo/lib.RedemptionCodeRepository')
+            e.context = {
+                configKey: 'oauth2.repository.client',
+                class: RedemptionCodeRepositoryClass.toString(),
+            }
+        }
+
+        return RedemptionCodeRepositoryClass
+    }
+}

src/auth/server/repositories/ScopeRepositoryFactory.ts

@@ -0,0 +1,74 @@
+import {
+    AbstractFactory,
+    Container,
+    DependencyRequirement,
+    PropertyDependency,
+    isInstantiable,
+    DEPENDENCY_KEYS_METADATA_KEY,
+    DEPENDENCY_KEYS_PROPERTY_METADATA_KEY, Instantiable, FactoryProducer,
+} from '../../../di'
+import {Collection, ErrorWithContext} from '../../../util'
+import {Config} from '../../../service/Config'
+import {ScopeRepository} from '../types'
+import {ConfigScopeRepository} from './ConfigScopeRepository'
+
+/**
+ * A dependency injection factory that matches the abstract ScopeRepository class
+ * and produces an instance of the configured repository driver implementation.
+ */
+@FactoryProducer()
+export class ScopeRepositoryFactory extends AbstractFactory<ScopeRepository> {
+    protected get config(): Config {
+        return Container.getContainer().make<Config>(Config)
+    }
+
+    produce(): ScopeRepository {
+        return new (this.getScopeRepositoryClass())()
+    }
+
+    match(something: unknown): boolean {
+        return something === ScopeRepository
+    }
+
+    getDependencyKeys(): Collection<DependencyRequirement> {
+        const meta = Reflect.getMetadata(DEPENDENCY_KEYS_METADATA_KEY, this.getScopeRepositoryClass())
+        if ( meta ) {
+            return meta
+        }
+        return new Collection<DependencyRequirement>()
+    }
+
+    getInjectedProperties(): Collection<PropertyDependency> {
+        const meta = new Collection<PropertyDependency>()
+        let currentToken = this.getScopeRepositoryClass()
+
+        do {
+            const loadedMeta = Reflect.getMetadata(DEPENDENCY_KEYS_PROPERTY_METADATA_KEY, currentToken)
+            if ( loadedMeta ) {
+                meta.concat(loadedMeta)
+            }
+            currentToken = Object.getPrototypeOf(currentToken)
+        } while (Object.getPrototypeOf(currentToken) !== Function.prototype && Object.getPrototypeOf(currentToken) !== Object.prototype)
+
+        return meta
+    }
+
+    /**
+     * Return the instantiable class of the configured scope repository backend.
+     * @protected
+     * @return Instantiable<ScopeRepository>
+     */
+    protected getScopeRepositoryClass(): Instantiable<ScopeRepository> {
+        const ScopeRepositoryClass = this.config.get('oauth2.repository.scope', ConfigScopeRepository)
+
+        if ( !isInstantiable(ScopeRepositoryClass) || !(ScopeRepositoryClass.prototype instanceof ScopeRepository) ) {
+            const e = new ErrorWithContext('Provided client repository class does not extend from @extollo/lib.ScopeRepository')
+            e.context = {
+                configKey: 'oauth2.repository.client',
+                class: ScopeRepositoryClass.toString(),
+            }
+        }
+
+        return ScopeRepositoryClass
+    }
+}

src/auth/server/repositories/TokenRepositoryFactory.ts

@@ -0,0 +1,74 @@
+import {
+    AbstractFactory,
+    Container,
+    DependencyRequirement,
+    PropertyDependency,
+    isInstantiable,
+    DEPENDENCY_KEYS_METADATA_KEY,
+    DEPENDENCY_KEYS_PROPERTY_METADATA_KEY, Instantiable, FactoryProducer,
+} from '../../../di'
+import {Collection, ErrorWithContext} from '../../../util'
+import {Config} from '../../../service/Config'
+import {TokenRepository} from '../types'
+import {ORMTokenRepository} from './ORMTokenRepository'
+
+/**
+ * A dependency injection factory that matches the abstract TokenRepository class
+ * and produces an instance of the configured repository driver implementation.
+ */
+@FactoryProducer()
+export class TokenRepositoryFactory extends AbstractFactory<TokenRepository> {
+    protected get config(): Config {
+        return Container.getContainer().make<Config>(Config)
+    }
+
+    produce(): TokenRepository {
+        return new (this.getTokenRepositoryClass())()
+    }
+
+    match(something: unknown): boolean {
+        return something === TokenRepository
+    }
+
+    getDependencyKeys(): Collection<DependencyRequirement> {
+        const meta = Reflect.getMetadata(DEPENDENCY_KEYS_METADATA_KEY, this.getTokenRepositoryClass())
+        if ( meta ) {
+            return meta
+        }
+        return new Collection<DependencyRequirement>()
+    }
+
+    getInjectedProperties(): Collection<PropertyDependency> {
+        const meta = new Collection<PropertyDependency>()
+        let currentToken = this.getTokenRepositoryClass()
+
+        do {
+            const loadedMeta = Reflect.getMetadata(DEPENDENCY_KEYS_PROPERTY_METADATA_KEY, currentToken)
+            if ( loadedMeta ) {
+                meta.concat(loadedMeta)
+            }
+            currentToken = Object.getPrototypeOf(currentToken)
+        } while (Object.getPrototypeOf(currentToken) !== Function.prototype && Object.getPrototypeOf(currentToken) !== Object.prototype)
+
+        return meta
+    }
+
+    /**
+     * Return the instantiable class of the configured token repository backend.
+     * @protected
+     * @return Instantiable<TokenRepository>
+     */
+    protected getTokenRepositoryClass(): Instantiable<TokenRepository> {
+        const TokenRepositoryClass = this.config.get('oauth2.repository.token', ORMTokenRepository)
+
+        if ( !isInstantiable(TokenRepositoryClass) || !(TokenRepositoryClass.prototype instanceof TokenRepository) ) {
+            const e = new ErrorWithContext('Provided token repository class does not extend from @extollo/lib.TokenRepository')
+            e.context = {
+                configKey: 'oauth2.repository.client',
+                class: TokenRepositoryClass.toString(),
+            }
+        }
+
+        return TokenRepositoryClass
+    }
+}

src/auth/server/types.ts

@@ -0,0 +1,174 @@
+import {Awaitable, hasOwnProperty, Maybe, TypeTag} from '../../util'
+import {Authenticatable, AuthenticatableIdentifier} from '../types'
+
+export enum OAuth2FlowType {
+    code = 'code',
+}
+
+// export const oauth2FlowTypes: OAuth2FlowType[] = Object.entries(OAuth2FlowType).map(([_, value]) => value)
+
+export function isOAuth2FlowType(what: unknown): what is OAuth2FlowType {
+    return [OAuth2FlowType.code].includes(what as any)
+}
+
+export interface OAuth2Client {
+    id: string
+    display: string
+    secret: string
+    allowedFlows: OAuth2FlowType[]
+    allowedScopeIds: string[]
+    allowedRedirectUris: string[]
+}
+
+export function isOAuth2Client(what: unknown): what is OAuth2Client {
+    if ( typeof what !== 'object' || what === null ) {
+        return false
+    }
+
+    if (
+        !hasOwnProperty(what, 'id')
+        || !hasOwnProperty(what, 'display')
+        || !hasOwnProperty(what, 'secret')
+        || !hasOwnProperty(what, 'allowedFlows')
+        || !hasOwnProperty(what, 'allowedScopeIds')
+        || !hasOwnProperty(what, 'allowedRedirectUris')
+    ) {
+        return false
+    }
+
+    if ( typeof what.id !== 'string' || typeof what.display !== 'string' || typeof what.secret !== 'string' ) {
+        return false
+    }
+
+    if ( !Array.isArray(what.allowedScopeIds) || !what.allowedScopeIds.every(x => typeof x === 'string') ) {
+        return false
+    }
+
+    if ( !Array.isArray(what.allowedRedirectUris) || !what.allowedRedirectUris.every(x => typeof x === 'string') ) {
+        return false
+    }
+
+    return !(!Array.isArray(what.allowedFlows) || !what.allowedFlows.every(x => isOAuth2FlowType(x)))
+}
+
+export abstract class ClientRepository {
+    abstract find(id: string): Awaitable<Maybe<OAuth2Client>>
+}
+
+export interface OAuth2Scope {
+    id: string
+    name: string
+    description?: string
+}
+
+export function isOAuth2Scope(what: unknown): what is OAuth2Scope {
+    if ( typeof what !== 'object' || what === null ) {
+        return false
+    }
+
+    if ( !hasOwnProperty(what, 'id') || !hasOwnProperty(what, 'name') ) {
+        return false
+    }
+
+    if ( typeof what.id !== 'string' || typeof what.name !== 'string' ) {
+        return false
+    }
+
+    return !hasOwnProperty(what, 'description') || typeof what.description === 'string'
+}
+
+export abstract class ScopeRepository {
+    abstract find(id: string): Awaitable<Maybe<OAuth2Scope>>
+
+    abstract findByName(name: string): Awaitable<Maybe<OAuth2Scope>>
+}
+
+export interface OAuth2Token {
+    id: string
+    userId: AuthenticatableIdentifier
+    clientId: string
+    issued: Date
+    expires: Date
+    scope?: string
+}
+
+export type OAuth2TokenString = TypeTag<'@extollo/lib.OAuth2TokenString'> & string
+
+export function oauth2TokenString(s: string): OAuth2TokenString {
+    return s as OAuth2TokenString
+}
+
+export function isOAuth2Token(what: unknown): what is OAuth2Token {
+    if ( typeof what !== 'object' || what === null ) {
+        return false
+    }
+
+    if (
+        !hasOwnProperty(what, 'id')
+        || !hasOwnProperty(what, 'userId')
+        || !hasOwnProperty(what, 'clientId')
+        || !hasOwnProperty(what, 'issued')
+        || !hasOwnProperty(what, 'expires')
+    ) {
+        return false
+    }
+
+    if (
+        typeof what.id !== 'string'
+        || !(typeof what.userId === 'string' || typeof what.userId === 'number')
+        || typeof what.clientId !== 'string'
+        || !(what.issued instanceof Date)
+        || !(what.expires instanceof Date)
+    ) {
+        return false
+    }
+
+    return !hasOwnProperty(what, 'scope') || typeof what.scope === 'string'
+}
+
+export abstract class TokenRepository {
+    abstract find(id: string): Awaitable<Maybe<OAuth2Token>>
+
+    abstract issue(user: Authenticatable, client: OAuth2Client, scope?: string): Awaitable<OAuth2Token>
+
+    abstract decode(token: OAuth2TokenString): Awaitable<Maybe<OAuth2Token>>
+
+    abstract encode(token: OAuth2Token): Awaitable<OAuth2TokenString>
+}
+
+export interface OAuth2RedemptionCode {
+    clientId: string
+    userId: AuthenticatableIdentifier
+    code: string
+    scope?: string
+}
+
+export function isOAuth2RedemptionCode(what: unknown): what is OAuth2RedemptionCode {
+    if ( typeof what !== 'object' || what === null ) {
+        return false
+    }
+
+    if (
+        !hasOwnProperty(what, 'clientId')
+        || !hasOwnProperty(what, 'userId')
+        || !hasOwnProperty(what, 'code')
+    ) {
+        return false
+    }
+
+    if (
+        typeof what.clientId !== 'string'
+        || !(typeof what.userId === 'number' || typeof what.userId === 'string')
+        || typeof what.code !== 'string'
+    ) {
+        return false
+    }
+
+    return !hasOwnProperty(what, 'scope') || typeof what.scope === 'string'
+}
+
+export abstract class RedemptionCodeRepository {
+    abstract find(code: string): Awaitable<Maybe<OAuth2RedemptionCode>>
+
+    abstract issue(user: Authenticatable, client: OAuth2Client, scope?: string): Awaitable<OAuth2RedemptionCode>
+}

src/auth/types.ts

@@ -0,0 +1,43 @@
+import {Awaitable, JSONState, Maybe, Rehydratable} from '../util'
+
+/** Value that can be used to uniquely identify a user. */
+export type AuthenticatableIdentifier = string | number
+
+/**
+ * Base class for entities that can be authenticated.
+ */
+export abstract class Authenticatable implements Rehydratable {
+
+    /** Get the globally-unique identifier of the user. */
+    abstract getUniqueIdentifier(): AuthenticatableIdentifier
+
+    /** Get the repository-unique identifier of the user. */
+    abstract getIdentifier(): AuthenticatableIdentifier
+
+    /** Get the human-readable identifier of the user. */
+    abstract getDisplay(): string
+
+    /** Attempt to validate a credential of the user. */
+    abstract validateCredential(credential: string): Awaitable<boolean>
+
+    abstract dehydrate(): Promise<JSONState>
+
+    abstract rehydrate(state: JSONState): Awaitable<void>
+}
+
+/**
+ * Base class for a repository that stores and recalls users.
+ */
+export abstract class AuthenticatableRepository {
+    /** Look up the user by their unique identifier. */
+    abstract getByIdentifier(id: AuthenticatableIdentifier): Awaitable<Maybe<Authenticatable>>
+
+    /** Returns true if this repository supports registering users. */
+    abstract supportsRegistration(): boolean
+
+    /** Create a user in this repository from an external Authenticatable instance. */
+    abstract createFromExternal(user: Authenticatable): Awaitable<Authenticatable>
+
+    /** Create a user in this repository from basic credentials. */
+    abstract createFromCredentials(username: string, password: string): Awaitable<Authenticatable>
+}

src/cli/Directive.ts

@@ -0,0 +1,489 @@
+import {Injectable, Inject} from '../di'
+import {infer, ErrorWithContext} from '../util'
+import {CLIOption} from './directive/options/CLIOption'
+import {PositionalOption} from './directive/options/PositionalOption'
+import {FlagOption} from './directive/options/FlagOption'
+import {AppClass} from '../lifecycle/AppClass'
+import {Logging} from '../service/Logging'
+
+/**
+ * Type alias for a definition of a command-line option.
+ *
+ * This can be either an instance of CLIOption or a string describing an option.
+ *
+ * @example
+ * Some examples of positional/flag options defined by strings:
+ * `'{file name} | canonical name of the resource to create'`
+ *
+ * `'--push -p {value} | the value to be pushed'`
+ *
+ * `'--force -f | do a force push'`
+ */
+export type OptionDefinition = CLIOption<any> | string
+
+/**
+ * An error thrown when an invalid option was detected.
+ */
+export class OptionValidationError extends ErrorWithContext {}
+
+/**
+ * A base class representing a sub-command in the command-line utility.
+ */
+@Injectable()
+export abstract class Directive extends AppClass {
+    @Inject()
+    protected readonly logging!: Logging
+
+    /** Parsed option values. */
+    private optionValues: any
+
+    /**
+     * Get the keyword or array of keywords that will specify this directive.
+     *
+     * @example
+     * If this returns `['up', 'start']`, the directive can be run by either of:
+     *
+     * ```shell
+     * ./ex up
+     * ./ex start
+     * ```
+     */
+    public abstract getKeywords(): string | string[]
+
+    /**
+     * Get the usage description of this directive. Should be brief (1 sentence).
+     */
+    public abstract getDescription(): string
+
+    /**
+     * Optionally, specify a longer usage text that is shown on the directive's `--help` page.
+     */
+    public getHelpText(): string {
+        return ''
+    }
+
+    /**
+     * Get an array of options defined for this command.
+     */
+    public getOptions(): OptionDefinition[] {
+        return []
+    }
+
+    /**
+     * Called when the directive is run from the command line.
+     *
+     * The raw arguments are provided as `argv`, but you are encouraged to use
+     * `getOptions()` and `option()` helpers to access the parsed options instead.
+     *
+     * @param argv
+     */
+    public abstract handle(argv: string[]): void | Promise<void>
+
+    /**
+     * Sets the parsed option values.
+     * @param optionValues
+     * @private
+     */
+    private setOptionValues(optionValues: any) {
+        this.optionValues = optionValues
+    }
+
+    /**
+     * Get the value of a parsed option. If none exists, return `defaultValue`.
+     * @param name
+     * @param defaultValue
+     */
+    public option(name: string, defaultValue?: unknown): any {
+        if ( name in this.optionValues ) {
+            return this.optionValues[name]
+        }
+
+        return defaultValue
+    }
+
+    /**
+     * Invoke this directive with the specified arguments.
+     *
+     * If usage was requested (see `didRequestUsage()`), it prints the extended usage info.
+     *
+     * Otherwise, it parses the options from `argv` and calls `handle()`.
+     *
+     * @param argv
+     */
+    async invoke(argv: string[]): Promise<void> {
+        const options = this.getResolvedOptions()
+
+        if ( this.didRequestUsage(argv) ) {
+            const positionalArguments: PositionalOption<any>[] = []
+            options.forEach(opt => {
+                if ( opt instanceof PositionalOption ) {
+                    positionalArguments.push(opt)
+                }
+            })
+
+            const flagArguments: FlagOption<any>[] = []
+            options.forEach(opt => {
+                if ( opt instanceof FlagOption ) {
+                    flagArguments.push(opt)
+                }
+            })
+
+            const positionalDisplay: string = positionalArguments.map(x => `<${x.getArgumentName()}>`).join(' ')
+            const flagDisplay: string = flagArguments.length ? ' [...flags]' : ''
+
+            this.nativeOutput([
+                '',
+                `DIRECTIVE: ${this.getMainKeyword()}  -  ${this.getDescription()}`,
+                '',
+                `USAGE: ${this.getMainKeyword()} ${positionalDisplay}${flagDisplay}`,
+            ].join('\n'))
+
+            if ( positionalArguments.length ) {
+                this.nativeOutput([
+                    '',
+                    `POSITIONAL ARGUMENTS:`,
+                    ...(positionalArguments.map(arg => {
+                        return `    ${arg.getArgumentName()}${arg.message ? ' - ' + arg.message : ''}`
+                    })),
+                ].join('\n'))
+            }
+
+            if ( flagArguments.length ) {
+                this.nativeOutput([
+                    '',
+                    `FLAGS:`,
+                    ...(flagArguments.map(arg => {
+                        return `    ${arg.shortFlag ? arg.shortFlag + ', ' : ''}${arg.longFlag}${arg.argumentDescription ? ' {' + arg.argumentDescription + '}' : ''}${arg.message ? ' - ' + arg.message : ''}`
+                    })),
+                ].join('\n'))
+            }
+
+            const help = this.getHelpText()
+            if ( help ) {
+                this.nativeOutput('\n' + help)
+            }
+
+            this.nativeOutput('\n')
+        } else {
+            try {
+                const optionValues = this.parseOptions(options, argv)
+                this.setOptionValues(optionValues)
+                await this.handle(argv)
+            } catch (e: unknown) {
+                if ( e instanceof Error ) {
+                    this.nativeOutput(e.message)
+                    this.error(e)
+                }
+
+                if ( e instanceof OptionValidationError ) {
+                    // expecting, value, requirements
+                    if ( e.context.expecting ) {
+                        this.nativeOutput(`  - Expecting: ${e.context.expecting}`)
+                    }
+
+                    if ( e.context.requirements && Array.isArray(e.context.requirements) ) {
+                        for ( const req of e.context.requirements ) {
+                            this.nativeOutput(`  - ${req}`)
+                        }
+                    }
+
+                    if ( e.context.value ) {
+                        this.nativeOutput(`  - ${e.context.value}`)
+                    }
+                }
+
+                this.nativeOutput('\nUse --help for more info.')
+            }
+        }
+    }
+
+    /**
+     * Resolve the array of option definitions to CLIOption instances.
+     * Of note, this resolves the string-form definitions to actual CLIOption instances.
+     */
+    public getResolvedOptions(): CLIOption<any>[] {
+        return this.getOptions().map(option => {
+            if ( typeof option === 'string' ) {
+                return this.instantiateOptionFromString(option)
+            } else {
+                return option
+            }
+        })
+    }
+
+    /**
+     * Get the main keyword displayed for this directive.
+     * @example
+     * If `getKeywords()` returns `['up', 'start']`, this will return `'up'`.
+     */
+    public getMainKeyword(): string {
+        const kws = this.getKeywords()
+
+        if ( Array.isArray(kws) ) {
+            return kws[0]
+        }
+
+        return kws
+    }
+
+    /**
+     * Returns true if the given keyword should invoke this directive.
+     * @param name
+     */
+    public matchesKeyword(name: string): boolean {
+        let kws = this.getKeywords()
+        if ( !Array.isArray(kws) ) {
+            kws = [kws]
+        }
+        return kws.includes(name)
+    }
+
+    /**
+     * Print the given output to the log as success text.
+     * @param output
+     */
+    success(output: unknown): void {
+        this.logging.success(output, true)
+    }
+
+    /**
+     * Print the given output to the log as error text.
+     * @param output
+     */
+    error(output: unknown): void {
+        this.logging.error(output, true)
+    }
+
+    /**
+     * Print the given output to the log as warning text.
+     * @param output
+     */
+    warn(output: unknown): void {
+        this.logging.warn(output, true)
+    }
+
+    /**
+     * Print the given output to the log as info text.
+     * @param output
+     */
+    info(output: unknown): void {
+        this.logging.info(output, true)
+    }
+
+    /**
+     * Print the given output to the log as debugging text.
+     * @param output
+     */
+    debug(output: unknown): void {
+        this.logging.debug(output, true)
+    }
+
+    /**
+     * Print the given output to the log as verbose text.
+     * @param output
+     */
+    verbose(output: unknown): void {
+        this.logging.verbose(output, true)
+    }
+
+    /**
+     * Get the flag option that signals help. Usually, this is named 'help'
+     * and supports the flags '--help' and '-?'.
+     */
+    getHelpOption(): FlagOption<any> {
+        return new FlagOption('--help', '-?', 'usage information about this directive')
+    }
+
+    /**
+     * Process the raw CLI arguments using an array of option class instances to build
+     * a mapping of option names to provided values.
+     */
+    parseOptions(options: CLIOption<any>[], args: string[]): {[key: string]: any} {
+        let positionalArguments: PositionalOption<any>[] = []
+        options.forEach(opt => {
+            if ( opt instanceof PositionalOption ) {
+                positionalArguments.push(opt)
+            }
+        })
+
+        const flagArguments: FlagOption<any>[] = []
+        options.forEach(opt => {
+            if ( opt instanceof FlagOption ) {
+                flagArguments.push(opt)
+            }
+        })
+
+        const optionValue: any = {}
+
+        flagArguments.push(this.getHelpOption())
+
+        let expectingFlagArgument = false
+        let positionalFlagName = ''
+        for ( const value of args ) {
+            if ( value.startsWith('--') ) {
+                if ( expectingFlagArgument ) {
+                    throw new OptionValidationError(`Unexpected flag argument. Expecting argument for flag: ${positionalFlagName}`, {
+                        expecting: positionalFlagName,
+                    })
+                } else {
+                    const flagArgument = flagArguments.filter(x => x.longFlag === value)
+                    if ( flagArgument.length < 1 ) {
+                        throw new OptionValidationError(`Unknown flag argument: ${value}`, {
+                            value,
+                        })
+                    } else {
+                        if ( flagArgument[0].argumentDescription ) {
+                            positionalFlagName = flagArgument[0].getArgumentName()
+                            expectingFlagArgument = true
+                        } else {
+                            optionValue[flagArgument[0].getArgumentName()] = true
+                        }
+                    }
+                }
+            } else if ( value.startsWith('-') ) {
+                if ( expectingFlagArgument ) {
+                    throw new OptionValidationError(`Unknown flag argument: ${value}`, {
+                        expecting: positionalFlagName,
+                    })
+                } else {
+                    const flagArgument = flagArguments.filter(x => x.shortFlag === value)
+                    if ( flagArgument.length < 1 ) {
+                        throw new OptionValidationError(`Unknown flag argument: ${value}`, {
+                            value,
+                        })
+                    } else {
+                        if ( flagArgument[0].argumentDescription ) {
+                            positionalFlagName = flagArgument[0].getArgumentName()
+                            expectingFlagArgument = true
+                        } else {
+                            optionValue[flagArgument[0].getArgumentName()] = true
+                        }
+                    }
+                }
+            } else if ( expectingFlagArgument ) {
+                const inferredValue = infer(value)
+                const optionInstance = flagArguments.filter(x => x.getArgumentName() === positionalFlagName)[0]
+                if ( !optionInstance.validate(inferredValue) ) {
+                    throw new OptionValidationError(`Invalid value for argument: ${positionalFlagName}`, {
+                        requirements: optionInstance.getRequirementDisplays(),
+                    })
+                }
+
+                optionValue[positionalFlagName] = inferredValue
+                expectingFlagArgument = false
+            } else {
+                if ( positionalArguments.length < 1 ) {
+                    throw new OptionValidationError(`Unknown positional argument: ${value}`, {
+                        value,
+                    })
+                } else {
+                    const inferredValue = infer(value)
+                    if ( !positionalArguments[0].validate(inferredValue) ) {
+                        throw new OptionValidationError(`Invalid value for argument: ${positionalArguments[0].getArgumentName()}`, {
+                            requirements: positionalArguments[0].getRequirementDisplays(),
+                        })
+                    }
+
+                    optionValue[positionalArguments[0].getArgumentName()] = infer(value)
+                    positionalArguments = positionalArguments.slice(1)
+                }
+            }
+        }
+
+        if ( expectingFlagArgument ) {
+            throw new OptionValidationError(`Missing argument for flag: ${positionalFlagName}`, {
+                expecting: positionalFlagName,
+            })
+        }
+
+        if ( positionalArguments.length > 0 ) {
+            throw new OptionValidationError(`Missing required argument: ${positionalArguments[0].getArgumentName()}`, {
+                expecting: positionalArguments[0].getArgumentName(),
+            })
+        }
+
+        return optionValue
+    }
+
+    /**
+     * Create an instance of CLIOption based on a string definition of a particular format.
+     *
+     * e.g. '{file name} | canonical name of the resource to create'
+     * e.g. '--push -p {value} | the value to be pushed'
+     * e.g. '--force -f | do a force push'
+     *
+     * @param string
+     */
+    protected instantiateOptionFromString(string: string): CLIOption<any> {
+        if ( string.startsWith('{') ) {
+            // The string is a positional argument
+            const stringParts = string.split('|').map(x => x.trim())
+            const name = stringParts[0].replace(/\{|\}/g, '')
+            return stringParts.length > 1 ? (new PositionalOption(name, stringParts[1])) : (new PositionalOption(name))
+        } else {
+            // The string is a flag argument
+            const stringParts = string.split('|').map(x => x.trim())
+
+            // Parse the flag parts first
+            const hasArgument = stringParts[0].indexOf('{') >= 0
+            const flagString = hasArgument ? stringParts[0].substr(0, stringParts[0].indexOf('{')).trim() : stringParts[0].trim()
+            const flagParts = flagString.split(' ')
+
+            let longFlag = flagParts[0].startsWith('--') ? flagParts[0] : undefined
+            if ( !longFlag && flagParts.length > 1 ) {
+                if ( flagParts[1].startsWith('--') ) {
+                    longFlag = flagParts[1]
+                }
+            }
+
+            let shortFlag = flagParts[0].length === 2 ? flagParts[0] : undefined
+            if ( !shortFlag && flagParts.length > 1 ) {
+                if ( flagParts[1].length === 2 ) {
+                    shortFlag = flagParts[1]
+                }
+            }
+
+            const argumentDescription = hasArgument ? stringParts[0].substring(stringParts[0].indexOf('{')+1, stringParts[0].indexOf('}')) : undefined
+            const description = stringParts.length > 1 ? stringParts[1] : undefined
+
+            return new FlagOption(longFlag, shortFlag, description, argumentDescription)
+        }
+    }
+
+    /**
+     * Determines if, at any point in the arguments, the help option's short or long flag appears.
+     * @returns {boolean} - true if the help flag appeared
+     */
+    didRequestUsage(argv: string[]): boolean {
+        const helpOption = this.getHelpOption()
+        for ( const arg of argv ) {
+            if ( arg.trim() === helpOption.longFlag || arg.trim() === helpOption.shortFlag ) {
+                return true
+            }
+        }
+
+        return false
+    }
+
+    protected nativeOutput(...outputs: any[]): void {
+        console.log(...outputs)  // eslint-disable-line no-console
+    }
+
+    /**
+     * Get a promise that resolves after SIGINT is received, executing a
+     * callback beforehand.
+     * @param callback
+     * @protected
+     */
+    protected async untilInterrupt(callback?: () => unknown): Promise<void> {
+        return new Promise<void>(res => {
+            process.on('SIGINT', async () => {
+                if ( callback ) {
+                    await callback()
+                }
+
+                res()
+            })
+        })
+    }
+}

src/cli/Template.ts

@@ -0,0 +1,64 @@
+import {UniversalPath} from '../util'
+
+/**
+ * Interface defining a template that can be generated using the TemplateDirective.
+ */
+export interface Template {
+    /**
+     * The name of the template as it will be specified from the command line.
+     *
+     * @example
+     * If this is `'mytemplate'`, then the template will be created with:
+     *
+     * ```shell
+     * ./ex new mytemplate some:path
+     * ```
+     */
+    name: string,
+
+    /**
+     * The suffix of the file generated by this template.
+     * @example `.mytemplate.ts`
+     * @example `.controller.ts`
+     */
+    fileSuffix: string,
+
+    /**
+     * Brief description of the template displayed on the --help page for the TemplateDirective.
+     * Should be brief (1 sentence).
+     */
+    description: string,
+
+    /**
+     * Array of path-strings that are resolved relative to the base `app` directory.
+     * @example `['http', 'controllers']`
+     * @example `['units']`
+     */
+    baseAppPath: string[],
+
+    /**
+     * Render the given template to a string which will be written to the file.
+     * Note: this method should NOT write the contents to `targetFilePath`.
+     *
+     * @example
+     * If the user enters:
+     *
+     * ```shell
+     * ./ex new mytemplate path:to:NewInstance
+     * ```
+     *
+     * Then, the following params are:
+     * ```typescript
+     * {
+     *     name: 'NewInstance',
+     *     fullCanonicalPath: 'path:to:NewInstance',
+     *     targetFilePath: UniversalPath { }
+     * }
+     * ```
+     *
+     * @param name - the singular name of the resource
+     * @param fullCanonicalName - the full canonical name of the resource
+     * @param targetFilePath - the UniversalPath where the file will be written
+     */
+    render: (name: string, fullCanonicalName: string, targetFilePath: UniversalPath) => string | Promise<string>
+}

src/cli/decorators.ts

@@ -0,0 +1,23 @@
+import {ContainerBlueprint, Instantiable, isInstantiableOf} from '../di'
+import {CommandLine} from './service'
+import {Directive} from './Directive'
+import {logIfDebugging} from '../util'
+
+/**
+ * Register a class as a command-line Directive.
+ * The class must extend Directive.
+ * @constructor
+ */
+export const CLIDirective = (): ClassDecorator => {
+    return (target) => {
+        if ( isInstantiableOf(target, Directive) ) {
+            logIfDebugging('extollo.cli.decorators', 'Registering CLIDirective blueprint:', target)
+            ContainerBlueprint.getContainerBlueprint()
+                .onResolve<CommandLine>(CommandLine, (cli: CommandLine) => {
+                    cli.registerDirective(target as Instantiable<Directive>)
+                })
+        } else {
+            logIfDebugging('extollo.cli.decorators', 'Skipping CLIDirective blueprint:', target)
+        }
+    }
+}

src/cli/directive/RouteDirective.ts

@@ -0,0 +1,72 @@
+import {Directive, OptionDefinition} from '../Directive'
+import {Inject, Injectable} from '../../di'
+import {Routing} from '../../service/Routing'
+import Table = require('cli-table')
+import {HTTPMethod} from '../../http/lifecycle/Request'
+
+@Injectable()
+export class RouteDirective extends Directive {
+    @Inject()
+    protected readonly routing!: Routing
+
+    getDescription(): string {
+        return 'Get information about a specific route'
+    }
+
+    getKeywords(): string | string[] {
+        return ['route']
+    }
+
+    getOptions(): OptionDefinition[] {
+        return [
+            '{route} | the path of the route',
+            '--method -m {value} | the HTTP method of the route',
+        ]
+    }
+
+    async handle(): Promise<void> {
+        const method: string | undefined = this.option('method')
+            ?.toLowerCase()
+            ?.trim()
+
+        const route: string = this.option('route')
+            .toLowerCase()
+            .trim()
+
+        const matched = this.routing.getCompiled()
+            .filter(match => {
+                if ( !method ) {
+                    return match.getRoute().trim() === route
+                }
+
+                return (
+                    (match.getRoute().trim() === route && match.getMethods().includes(method as HTTPMethod))
+                    || match.match(method as HTTPMethod, route)
+                )
+            })
+            .some(match => {
+                const displays = match.getDisplays()
+                    .map<[string, string]>(ware => [ware.stage, ware.display])
+
+                if ( displays.isEmpty() ) {
+                    return
+                }
+
+                const maxLen = displays.max(x => x[1].length)
+
+                const table = new Table({
+                    head: ['Stage', 'Handler'],
+                    colWidths: [10, maxLen + 2],
+                })
+
+                displays.each(x => table.push(x))
+
+                this.info(`\nRoute: ${match}\n\n${table}`)
+                return true
+            })
+
+        if ( !matched ) {
+            this.error('No matching routes found.')
+        }
+    }
+}

src/cli/directive/RoutesDirective.ts

@@ -0,0 +1,41 @@
+import {Directive} from '../Directive'
+import {Inject, Injectable} from '../../di'
+import {Routing} from '../../service/Routing'
+import Table = require('cli-table')
+
+@Injectable()
+export class RoutesDirective extends Directive {
+    @Inject()
+    protected readonly routing!: Routing
+
+    getDescription(): string {
+        return 'List routes registered in the application'
+    }
+
+    getKeywords(): string | string[] {
+        return ['routes']
+    }
+
+    async handle(): Promise<void> {
+        const compiled = this.routing.getCompiled()
+
+        const maxRouteLength = compiled.strings().max('length')
+        const maxHandlerLength = compiled.mapCall('getHandlerDisplay')
+            .whereDefined()
+            .max('length')
+        const maxNameLength = compiled.mapCall('getAlias')
+            .whereDefined()
+            .max('length')
+
+        const rows = compiled.map(route => [String(route), route.getHandlerDisplay(), route.getAlias() || ''])
+
+        const table = new Table({
+            head: ['Route', 'Handler', 'Name'],
+            colWidths: [maxRouteLength + 2, maxHandlerLength + 2, maxNameLength + 2],
+        })
+
+        table.push(...rows.toArray())
+
+        this.info('\n' + table)
+    }
+}

src/cli/directive/RunDirective.ts

@@ -0,0 +1,31 @@
+import {Directive} from '../Directive'
+import {CommandLineApplication} from '../service'
+import {Injectable} from '../../di'
+import {ErrorWithContext} from '../../util'
+import {Unit} from '../../lifecycle/Unit'
+
+/**
+ * A directive that starts the framework's final target normally.
+ * In most cases, this runs the HTTP server, which would have been replaced
+ * by the CommandLineApplication unit.
+ */
+@Injectable()
+export class RunDirective extends Directive {
+    getDescription(): string {
+        return 'run the application normally'
+    }
+
+    getKeywords(): string | string[] {
+        return ['run', 'up']
+    }
+
+    async handle(): Promise<void> {
+        if ( !CommandLineApplication.getReplacement() ) {
+            throw new ErrorWithContext(`Cannot run application: no run target specified.`)
+        }
+
+        const unit = <Unit> this.make(CommandLineApplication.getReplacement())
+        await this.app().startUnit(unit)
+        await this.app().stopUnit(unit)
+    }
+}

src/cli/directive/ShellDirective.ts

@@ -0,0 +1,48 @@
+import {Directive} from '../Directive'
+import * as colors from 'colors/safe'
+import * as repl from 'repl'
+import {DependencyKey} from '../../di'
+
+/**
+ * Launch an interactive REPL shell from within the application.
+ * This is very useful for debugging and testing things during development.
+ */
+export class ShellDirective extends Directive {
+    protected options: any = {
+        welcome: `powered by Extollo, © ${(new Date()).getFullYear()} Garrett Mills\nAccess your application using the "app" global.`,
+        prompt: `${colors.blue('(')}extollo${colors.blue(') ➤ ')}`,
+    }
+
+    /**
+     * The created Node.js REPL server.
+     * @protected
+     */
+    protected repl?: repl.REPLServer
+
+    getDescription(): string {
+        return 'launch an interactive shell inside your application'
+    }
+
+    getKeywords(): string | string[] {
+        return ['shell']
+    }
+
+    getHelpText(): string {
+        return ''
+    }
+
+    async handle(): Promise<void> {
+        const state: any = {
+            app: this.app(),
+            lib: await import('../../index'),
+            make: (target: DependencyKey, ...parameters: any[]) => this.make(target, ...parameters),
+        }
+
+        await new Promise<void>(res => {
+            this.nativeOutput(this.options.welcome)
+            this.repl = repl.start(this.options.prompt)
+            Object.assign(this.repl.context, state)
+            this.repl.on('exit', () => res())
+        })
+    }
+}

src/cli/directive/TemplateDirective.ts

@@ -0,0 +1,90 @@
+import {Directive, OptionDefinition} from '../Directive'
+import {PositionalOption} from './options/PositionalOption'
+import {CommandLine} from '../service'
+import {Inject, Injectable} from '../../di'
+import {ErrorWithContext} from '../../util'
+
+/**
+ * Create a new file based on a template registered with the CommandLine service.
+ */
+@Injectable()
+export class TemplateDirective extends Directive {
+    @Inject()
+    protected readonly cli!: CommandLine
+
+    getKeywords(): string | string[] {
+        return ['new', 'make']
+    }
+
+    getDescription(): string {
+        return 'create a new file from a registered template'
+    }
+
+    getOptions(): OptionDefinition[] {
+        const registeredTemplates = this.cli.getTemplates()
+        const template = new PositionalOption('template_name', 'the template to base the new file on (e.g. model, controller)')
+        template.whitelist(...registeredTemplates.pluck('name').all())
+
+        const destination = new PositionalOption('file_name', 'canonical name of the file to create (e.g. auth:Group, dash:Activity)')
+
+        return [template, destination]
+    }
+
+    getHelpText(): string {
+        const registeredTemplates = this.cli.getTemplates()
+
+        return [
+            'Modules in Extollo register templates that can be used to quickly create common file types.',
+            '',
+            'For example, you can create a new model from @extollo/orm using the "model" template:',
+            '',
+            './ex new model auth:Group',
+            '',
+            'This would create a new Group model in the ./src/app/models/auth/Group.model.ts file.',
+            '',
+            'AVAILABLE TEMPLATES:',
+            '',
+            ...(registeredTemplates.map(template => {
+                return `  - ${template.name}: ${template.description}`
+            }).all()),
+        ].join('\n')
+    }
+
+    async handle(): Promise<void> {
+        const templateName: string = this.option('template_name')
+        const destinationName: string = this.option('file_name')
+
+        if ( destinationName.includes('/') || destinationName.includes('\\') ) {
+            this.error(`The destination should be a canonical name, not a file path.`)
+            this.error(`Reference sub-directories using the : character instead.`)
+            this.error(`Did you mean ${destinationName.replace(/\/|\\/g, ':')}?`)
+            process.exitCode = 1
+            return
+        }
+
+        const template = this.cli.getTemplate(templateName)
+        if ( !template ) {
+            throw new ErrorWithContext(`Unable to find template supposedly registered with name: ${templateName}`, {
+                templateName,
+                destinationName,
+            })
+        }
+
+        const name = destinationName.split(':').reverse()[0]
+        const path = this.app().path('..', 'src', 'app', ...template.baseAppPath, ...(`${destinationName}${template.fileSuffix}`).split(':'))
+
+        if ( await path.exists() ) {
+            this.error(`File already exists: ${path}`)
+            process.exitCode = 1
+            return
+        }
+
+        // Make sure the parent direction exists
+        await path.concat('..').mkdir()
+
+        const contents = await template.render(name, destinationName, path.clone())
+        await path.write(contents)
+
+        this.success(`Created new ${template.name} in ${path}`)
+    }
+}

src/cli/directive/UsageDirective.ts

@@ -0,0 +1,54 @@
+import {Directive} from '../Directive'
+import {Injectable, Inject} from '../../di'
+import {padRight} from '../../util'
+import {CommandLine} from '../service'
+
+/**
+ * Directive that prints the help message and usage information about
+ * directives registered with the command line utility.
+ */
+@Injectable()
+export class UsageDirective extends Directive {
+    @Inject()
+    protected readonly cli!: CommandLine
+
+    public getKeywords(): string | string[] {
+        return 'help'
+    }
+
+    public getDescription(): string {
+        return 'print information about available commands'
+    }
+
+    public handle(): void | Promise<void> {
+        const directiveStrings = this.cli.getDirectives()
+            .map(cls => this.make<Directive>(cls))
+            .map<[string, string]>(dir => {
+                return [dir.getMainKeyword(), dir.getDescription()]
+            })
+
+        const maxLen = directiveStrings.max<number>(x => x[0].length)
+
+        const printStrings = directiveStrings.map(grp => {
+            return [padRight(grp[0], maxLen + 1), grp[1]]
+        })
+            .map(grp => {
+                return `    ${grp[0]}: ${grp[1]}`
+            })
+            .toArray()
+
+        this.nativeOutput(this.cli.getASCIILogo())
+        this.nativeOutput([
+            '',
+            'Welcome to Extollo! Specify a command to get started.',
+            '',
+            `USAGE: ex <directive> [..options]`,
+            '',
+            ...printStrings,
+            '',
+            'For usage information about a particular command, pass the --help flag.',
+            '-------------------------------------------',
+            `powered by Extollo, © ${(new Date()).getFullYear()} Garrett Mills`,
+        ].join('\n'))
+    }
+}

src/cli/directive/options/CLIOption.ts

@@ -0,0 +1,251 @@
+/**
+ * A CLI option. Supports basic comparative, and set-based validation.
+ * @class
+ */
+export abstract class CLIOption<T> {
+
+    /**
+     * Do we use the whitelist?
+     * @type {boolean}
+     * @private
+     */
+    protected useWhitelist = false
+
+    /**
+     * Do we use the blacklist?
+     * @type {boolean}
+     * @private
+     */
+    protected useBlacklist = false
+
+    /**
+     * Do we use the less-than comparison?
+     * @type {boolean}
+     * @private
+     */
+    protected useLessThan = false
+
+    /**
+     * Do we use the greater-than comparison?
+     * @type {boolean}
+     * @private
+     */
+    protected useGreaterThan = false
+
+    /**
+     * Do we use the equality operator?
+     * @type {boolean}
+     * @private
+     */
+    protected useEquality = false
+
+    /**
+     * Is this option optional?
+     * @type {boolean}
+     * @private
+     */
+    protected isOptional = false
+
+    /**
+     * Whitelisted values.
+     * @type {Array<*>}
+     * @private
+     */
+    protected whitelistItems: T[] = []
+
+    /**
+     * Blacklisted values.
+     * @type {Array<*>}
+     * @private
+     */
+    protected blacklistItems: T[] = []
+
+    /**
+     * Value to be compared in less than.
+     * @type {*}
+     * @private
+     */
+    protected lessThanValue?: T
+
+    /**
+     * If true, the less than will be less than or equal to.
+     * @type {boolean}
+     * @private
+     */
+    protected lessThanBit = false
+
+    /**
+     * Value to be compared in greater than.
+     * @type {*}
+     * @private
+     */
+    protected greaterThanValue?: T
+
+    /**
+     * If true, the greater than will be greater than or equal to.
+     * @type {boolean}
+     * @private
+     */
+    protected greaterThanBit = false
+
+    /**
+     * The value to be used to check equality.
+     * @type {*}
+     * @private
+     */
+    protected equalityValue?: T
+
+    /**
+     * Whitelist the specified item or items and enable the whitelist.
+     * @param {...*} items - the items to whitelist
+     */
+    whitelist(...items: T[]): this {
+        this.useWhitelist = true
+        items.forEach(item => this.whitelistItems.push(item))
+        return this
+    }
+
+    /**
+     * Blacklist the specified item or items and enable the blacklist.
+     * @param {...*} items - the items to blacklist
+     */
+    blacklist(...items: T[]): this {
+        this.useBlacklist = true
+        items.forEach(item => this.blacklistItems.push(item))
+        return this
+    }
+
+    /**
+     * Specifies the value to be used in less-than comparison and enables less-than comparison.
+     * @param {*} value
+     */
+    lessThan(value: T): this {
+        this.useLessThan = true
+        this.lessThanValue = value
+        return this
+    }
+
+    /**
+     * Specifies the value to be used in less-than or equal-to comparison and enables that comparison.
+     * @param {*} value
+     */
+    lessThanOrEqualTo(value: T): this {
+        this.lessThanBit = true
+        this.lessThan(value)
+        return this
+    }
+
+    /**
+     * Specifies the value to be used in greater-than comparison and enables that comparison.
+     * @param {*} value
+     */
+    greaterThan(value: T): this {
+        this.useGreaterThan = true
+        this.greaterThanValue = value
+        return this
+    }
+
+    /**
+     * Specifies the value to be used in greater-than or equal-to comparison and enables that comparison.
+     * @param {*} value
+     */
+    greaterThanOrEqualTo(value: T): this {
+        this.greaterThanBit = true
+        this.greaterThan(value)
+        return this
+    }
+
+    /**
+     * Specifies the value to be used in equality comparison and enables that comparison.
+     * @param {*} value
+     */
+    equals(value: T): this {
+        this.useEquality = true
+        this.equalityValue = value
+        return this
+    }
+
+    /**
+     * Checks if the specified value passes the configured comparisons.
+     * @param value
+     * @returns {boolean}
+     */
+    validate(value: T): boolean {
+        let isValid = true
+        if ( this.useEquality ) {
+            isValid = isValid && (this.equalityValue === value)
+        }
+
+        if ( this.useLessThan && typeof this.lessThanValue !== 'undefined' ) {
+            if ( this.lessThanBit ) {
+                isValid = isValid && (value <= this.lessThanValue)
+            } else {
+                isValid = isValid && (value < this.lessThanValue)
+            }
+        }
+
+        if ( this.useGreaterThan && typeof this.greaterThanValue !== 'undefined' ) {
+            if ( this.greaterThanBit ) {
+                isValid = isValid && (value >= this.greaterThanValue)
+            } else {
+                isValid = isValid && (value > this.greaterThanValue)
+            }
+        }
+
+        if ( this.useWhitelist ) {
+            isValid = isValid && this.whitelistItems.some(x => {
+                return x === value
+            })
+        }
+
+        if ( this.useBlacklist ) {
+            isValid = isValid && !(this.blacklistItems.some(x => x === value))
+        }
+
+        return isValid
+    }
+
+    /**
+     * Sets the Option as optional.
+     */
+    optional(): this {
+        this.isOptional = true
+        return this
+    }
+
+    /**
+     * Get the argument name. Should be overridden by child classes.
+     * @returns {string}
+     */
+    abstract getArgumentName(): string
+
+    /**
+     * Get an array of strings denoting the human-readable requirements for this option to be valid.
+     * @returns {Array<string>}
+     */
+    getRequirementDisplays(): string[] {
+        const clauses = []
+
+        if ( this.useBlacklist ) {
+            clauses.push(`must not be one of: ${this.blacklistItems.map(x => String(x)).join(', ')}`)
+        }
+
+        if ( this.useWhitelist ) {
+            clauses.push(`must be one of: ${this.whitelistItems.map(x => String(x)).join(', ')}`)
+        }
+
+        if ( this.useGreaterThan ) {
+            clauses.push(`must be greater than${this.greaterThanBit ? ' or equal to' : ''}: ${String(this.greaterThanValue)}`)
+        }
+
+        if ( this.useLessThan ) {
+            clauses.push(`must be less than${this.lessThanBit ? ' or equal to' : ''}: ${String(this.lessThanValue)}`)
+        }
+
+        if ( this.useEquality ) {
+            clauses.push(`must be equal to: ${String(this.equalityValue)}`)
+        }
+
+        return clauses
+    }
+}

src/cli/directive/options/FlagOption.ts

@@ -0,0 +1,47 @@
+import {CLIOption} from './CLIOption'
+
+/**
+ * Non-positional, flag-based CLI option.
+ */
+export class FlagOption<T> extends CLIOption<T> {
+
+    constructor(
+        /**
+         * The long-form flag for this option.
+         * @example --path, --create
+         */
+        public readonly longFlag?: string,
+        /**
+         * The short-form flag for this option.
+         * @example -p, -c
+         */
+        public readonly shortFlag?: string,
+        /**
+         * Usage message describing this flag.
+         */
+        public readonly message?: string,
+        /**
+         * Description of the argument required by this flag.
+         * If this is set, the flag will expect a positional argument to follow as a param.
+         */
+        public readonly argumentDescription?: string,
+    ) {
+        super()
+    }
+
+    /**
+     * Get the referential name for this option.
+     * Defaults to the long flag (without the '--'). If this cannot
+     * be found, the short flag (without the '-') is used.
+     * @returns {string}
+     */
+    getArgumentName(): string {
+        if ( this.longFlag ) {
+            return this.longFlag.replace('--', '')
+        } else if ( this.shortFlag ) {
+            return this.shortFlag.replace('-', '')
+        }
+
+        throw new Error('Missing either a long- or short-flag for FlagOption.')
+    }
+}

src/cli/directive/options/PositionalOption.ts

@@ -0,0 +1,34 @@
+import {CLIOption} from './CLIOption'
+
+/**
+ * A positional CLI option. Defined without a flag.
+ */
+export class PositionalOption<T> extends CLIOption<T> {
+
+    /**
+     * Instantiate the option.
+     * @param {string} name - the name of the option
+     * @param {string} message - message describing the option
+     */
+    constructor(
+        /**
+         * The display name of this positional argument.
+         * @example path, filename
+         */
+        public readonly name: string,
+        /**
+         * A usage message describing this parameter.
+         */
+        public readonly message: string = '',
+    ) {
+        super()
+    }
+
+    /**
+     * Gets the name of the option.
+     * @returns {string}
+     */
+    getArgumentName(): string {
+        return this.name
+    }
+}

src/cli/directive/queue/ListenDirective.ts

@@ -0,0 +1,64 @@
+import {Directive, OptionDefinition} from '../../Directive'
+import {Inject, Injectable} from '../../../di'
+import {Bus, PushedToQueue, Queue} from '../../../support/bus'
+import {Queueables} from '../../../service/Queueables'
+
+@Injectable()
+export class ListenDirective extends Directive {
+    @Inject()
+    protected readonly queue!: Queue
+
+    @Inject()
+    protected readonly queueables!: Queueables
+
+    @Inject()
+    protected readonly bus!: Bus
+
+    getDescription(): string {
+        return 'listen for jobs pushed to the queue and attempt to execute them'
+    }
+
+    getKeywords(): string | string[] {
+        return 'queue-listen'
+    }
+
+    getOptions(): OptionDefinition[] {
+        return []
+    }
+
+    async handle(): Promise<void> {
+        this.info('Subscribing to queue events...')
+        await this.bus.subscribe(PushedToQueue, async () => {
+            // A new job has been pushed to the queue, so try to pop it and execute it.
+            // We may get undefined if some other worker is running and picked up this job first.
+            await this.tryExecuteJob()
+        })
+
+        this.info('Setting periodic poll...')
+        const handle = setInterval(async () => {
+            await this.tryExecuteJob()
+        }, 5000)
+
+        this.info('Listening for jobs...')
+        await this.untilInterrupt()
+
+        this.info('Shutting down...')
+        clearInterval(handle)
+    }
+
+    protected async tryExecuteJob(): Promise<void> {
+        try {
+            const job = await this.queue.pop()
+            if ( !job ) {
+                return  // Some other worker already picked up this job
+            }
+
+            this.info(`Executing: ${job.constructor?.name || 'unknown job'}`)
+            await job.execute()
+            this.success('Execution finished.')
+        } catch (e: unknown) {
+            this.error('Failed to execute job.')
+            this.error(e)
+        }
+    }
+}

src/cli/directive/queue/WorkDirective.ts

@@ -0,0 +1,43 @@
+import {Directive, OptionDefinition} from '../../Directive'
+import {Inject, Injectable} from '../../../di'
+import {Queue} from '../../../support/bus'
+import {Queueables} from '../../../service/Queueables'
+
+@Injectable()
+export class WorkDirective extends Directive {
+    @Inject()
+    protected readonly queue!: Queue
+
+    @Inject()
+    protected readonly queueables!: Queueables
+
+    getDescription(): string {
+        return 'pop a single item from the queue and execute it'
+    }
+
+    getKeywords(): string | string[] {
+        return 'queue-work'
+    }
+
+    getOptions(): OptionDefinition[] {
+        return []
+    }
+
+    async handle(): Promise<void> {
+        try {
+            const queueable = await this.queue.pop()
+            if ( !queueable ) {
+                this.info('There are no items in the queue.')
+                return
+            }
+
+            this.info(`Fetched 1 item from the queue`)
+            await queueable.execute()
+            this.success('Executed 1 item from the queue')
+        } catch (e: unknown) {
+            this.error('Failed to execute queueable:')
+            this.error(e)
+            process.exitCode = 1
+        }
+    }
+}

src/cli/index.ts

@@ -0,0 +1,18 @@
+export * from './Directive'
+export * from './Template'
+
+export * from './service/CommandLineApplication'
+export * from './service/CommandLine'
+
+export * from './directive/options/CLIOption'
+export * from './directive/options/FlagOption'
+export * from './directive/options/PositionalOption'
+
+export * from './directive/ShellDirective'
+export * from './directive/TemplateDirective'
+export * from './directive/UsageDirective'
+
+export * from './decorators'
+
+export * from './directive/queue/ListenDirective'
+export * from './directive/queue/WorkDirective'

src/cli/service/CommandLine.ts

@@ -0,0 +1,130 @@
+import {Singleton, Instantiable, Inject} from '../../di'
+import {Collection} from '../../util'
+import {CommandLineApplication} from './CommandLineApplication'
+import {Directive} from '../Directive'
+import {Template} from '../Template'
+import {templateDirective} from '../templates/directive'
+import {templateUnit} from '../templates/unit'
+import {templateController} from '../templates/controller'
+import {templateMiddleware} from '../templates/middleware'
+import {templateRoutes} from '../templates/routes'
+import {templateConfig} from '../templates/config'
+import {Unit} from '../../lifecycle/Unit'
+import {Logging} from '../../service/Logging'
+
+/**
+ * Service for managing directives, templates, and other resources related
+ * to the command line utilities.
+ */
+@Singleton()
+export class CommandLine extends Unit {
+    @Inject()
+    protected readonly logging!: Logging
+
+    /** Directive classes registered with the CLI command. */
+    protected directives: Collection<Instantiable<Directive>> = new Collection<Instantiable<Directive>>()
+
+    /** Templates registered with the CLI command. These can be created with the TemplateDirective. */
+    protected templates: Collection<Template> = new Collection<Template>()
+
+    constructor() {
+        super()
+    }
+
+    async up(): Promise<void> {
+        this.registerTemplate(templateDirective)
+        this.registerTemplate(templateUnit)
+        this.registerTemplate(templateController)
+        this.registerTemplate(templateMiddleware)
+        this.registerTemplate(templateRoutes)
+        this.registerTemplate(templateConfig)
+    }
+
+    /**
+     * Returns true if the application was started from the command line.
+     */
+    public isCLI(): boolean {
+        return this.app().hasUnit(CommandLineApplication)
+    }
+
+    /**
+     * Returns a string containing the Extollo ASCII logo.
+     */
+    public getASCIILogo(): string {
+        return `     _       
+    / /\\       ______      _        _ _
+   / /  \\     |  ____|    | |      | | |
+  / / /\\ \\    | |__  __  _| |_ ___ | | | ___
+ / / /\\ \\ \\   |  __| \\ \\/ / __/ _ \\| | |/ _ \\
+/ / /  \\ \\_\\  | |____ >  <| || (_) | | | (_) |
+\\/_/    \\/_/  |______/_/\\_\\\\__\\___/|_|_|\\___/
+`
+    }
+
+    /**
+     * Register a Directive class with this service. This will make
+     * the directive available for use on the CLI.
+     * @param directiveClass
+     */
+    public registerDirective(directiveClass: Instantiable<Directive>): this {
+        if ( !this.directives.includes(directiveClass) ) {
+            this.directives.push(directiveClass)
+        }
+
+        return this
+    }
+
+    /**
+     * Returns true if the given directive is registered with this service.
+     * @param directiveClass
+     */
+    public hasDirective(directiveClass: Instantiable<Directive>): boolean {
+        return this.directives.includes(directiveClass)
+    }
+
+    /**
+     * Get a collection of all registered directives.
+     */
+    public getDirectives(): Collection<Instantiable<Directive>> {
+        return this.directives.clone()
+    }
+
+    /**
+     * Register the given template with this service. This makes the template
+     * available for use with the TemplateDirective service.
+     * @param template
+     */
+    public registerTemplate(template: Template): this {
+        if ( !this.templates.firstWhere('name', '=', template.name) ) {
+            this.templates.push(template)
+        } else {
+            this.logging.warn(`Duplicate template will not be registered: ${template.name}`)
+            this.logging.debug(`Duplicate template registered at: ${(new Error()).stack}`)
+        }
+
+        return this
+    }
+
+    /**
+     * Returns true if a template with the given name exists.
+     * @param name
+     */
+    public hasTemplate(name: string): boolean {
+        return Boolean(this.templates.firstWhere('name', '=', name))
+    }
+
+    /**
+     * Returns the template with the given name, if one exists.
+     * @param name
+     */
+    public getTemplate(name: string): Template | undefined {
+        return this.templates.firstWhere('name', '=', name)
+    }
+
+    /**
+     * Get a collection of all registered templates.
+     */
+    public getTemplates(): Collection<Template> {
+        return this.templates.clone()
+    }
+}

src/cli/service/CommandLineApplication.ts

@@ -0,0 +1,66 @@
+import {Unit} from '../../lifecycle/Unit'
+import {Logging} from '../../service/Logging'
+import {Singleton, Inject} from '../../di'
+import {CommandLine} from './CommandLine'
+import {UsageDirective} from '../directive/UsageDirective'
+import {Directive} from '../Directive'
+import {ShellDirective} from '../directive/ShellDirective'
+import {TemplateDirective} from '../directive/TemplateDirective'
+import {RunDirective} from '../directive/RunDirective'
+import {RoutesDirective} from '../directive/RoutesDirective'
+import {RouteDirective} from '../directive/RouteDirective'
+import {WorkDirective} from '../directive/queue/WorkDirective'
+import {ListenDirective} from '../directive/queue/ListenDirective'
+
+/**
+ * Unit that takes the place of the final unit in the application that handles
+ * invocations from the command line.
+ */
+@Singleton()
+export class CommandLineApplication extends Unit {
+    /** The unit that was replaced by the CLI app. */
+    private static replacement?: typeof Unit
+
+    /** Set the replaced unit. */
+    public static setReplacement(unitClass?: typeof Unit): void {
+        this.replacement = unitClass
+    }
+
+    /** Get the replaced unit. */
+    public static getReplacement(): typeof Unit | undefined {
+        return this.replacement
+    }
+
+    @Inject()
+    protected readonly cli!: CommandLine
+
+    @Inject()
+    protected readonly logging!: Logging
+
+    constructor() {
+        super()
+    }
+
+    public async up(): Promise<void> {
+        this.cli.registerDirective(UsageDirective)
+        this.cli.registerDirective(ShellDirective)
+        this.cli.registerDirective(TemplateDirective)
+        this.cli.registerDirective(RunDirective)
+        this.cli.registerDirective(RoutesDirective)
+        this.cli.registerDirective(RouteDirective)
+        this.cli.registerDirective(WorkDirective)
+        this.cli.registerDirective(ListenDirective)
+
+        const argv = process.argv.slice(2)
+        const match = this.cli.getDirectives()
+            .map(dirCls => this.make<Directive>(dirCls))
+            .firstWhere(dir => dir.matchesKeyword(argv[0]))
+
+        if ( match ) {
+            await match.invoke(argv.slice(1))
+        } else {
+            const usage = this.make<UsageDirective>(UsageDirective)
+            await usage.handle()
+        }
+    }
+}

src/cli/service/index.ts

@@ -0,0 +1,2 @@
+export * from './CommandLine'
+export * from './CommandLineApplication'

src/cli/templates/config.ts

@@ -0,0 +1,21 @@
+import {Template} from '../Template'
+
+/**
+ * A template that generates a new configuration file in the app/configs directory.
+ */
+const templateConfig: Template = {
+    name: 'config',
+    fileSuffix: '.config.ts',
+    description: 'Create a new config file.',
+    baseAppPath: ['configs'],
+    render() {
+        return `import { env } from '@extollo/lib'
+
+export default {
+    key: env('VALUE_ENV_VAR', 'default value'),
+}
+`
+    },
+}
+
+export { templateConfig }

src/cli/templates/controller.ts

@@ -0,0 +1,29 @@
+import {Template} from '../Template'
+
+/**
+ * Template that generates a new controller in the app/http/controllers directory.
+ */
+const templateController: Template = {
+    name: 'controller',
+    fileSuffix: '.controller.ts',
+    description: 'Create a controller class that can be used to handle requests.',
+    baseAppPath: ['http', 'controllers'],
+    render(name: string) {
+        return `import {Controller, view, Inject, Injectable} from '@extollo/lib'
+
+/**
+ * ${name} Controller
+ * ------------------------------------
+ * Put some description here.
+ */
+@Injectable()
+export class ${name} extends Controller {
+    public ${name.toLowerCase()}() {
+        return view('${name.toLowerCase()}')
+    }
+}
+`
+    },
+}
+
+export { templateController }

src/cli/templates/directive.ts

@@ -0,0 +1,41 @@
+import {Template} from '../Template'
+
+/**
+ * Template that generates a new Directive class in the app/directives directory.
+ */
+const templateDirective: Template = {
+    name: 'directive',
+    fileSuffix: '.directive.ts',
+    description: 'Create a new Directive class which adds functionality to the ./ex command.',
+    baseAppPath: ['directives'],
+    render(name: string) {
+        return `import {Directive, OptionDefinition, Injectable} from '@extollo/lib'
+
+/**
+ * ${name} Directive
+ * ---------------------------------------------------
+ * Put some description here.
+ */
+@Injectable()
+export class ${name}Directive extends Directive {
+    getKeywords(): string | string[] {
+        return ['${name.toLowerCase()}']
+    }
+
+    getDescription(): string {
+        return ''
+    }
+
+    getOptions(): OptionDefinition[] {
+        return []
+    }
+
+    async handle(argv: string[]) {
+
+    }
+}
+`
+    },
+}
+
+export { templateDirective }