Have a look at the accounts api, and the passwords package, which should save you writing most of the boilerplate code for implementing user accounts.
There is also the accounts-ui package with support for facebook, google, and others.
You'll need to implement your own ACL and make sure collections have appropriate permissions.
Finally have a look at the All Tomorrow's Parties demo for some sample implementation.