feat(graphql): scaffolding

modules/core/graph/resolvers/apitoken.js

@@ -6,5 +6,16 @@ module.exports = {
     async apiTokens( parent, args, context, info ) {
       return await getUserTokens( context.userId )
     }
+  },
+  Mutation: {
+    async apiTokenCreate( parent, args, context, info ) {
+      //@todo enforce token creation authorization
+      await createToken( context.userId, args.name, args.scopes, args.lifespan )
+    },
+    async apiTokenRevoke( parent, args, context, info ) {
+      //@todo enforce token revokation authorization
+      await revokeToken( args.token )
+      return true
+    }
   }
 }

modules/core/graph/resolvers/user.js

@@ -8,10 +8,11 @@ module.exports = {
   Query: {
     async user( parent, args, context, info ) {
       if ( !context.auth ) throw new AuthenticationError( )
+
       if ( !args.id && !context.userId ) {
-        throw new UserInputError( )
+        throw new UserInputError( 'You must provide an user id.' )
       }
-      console.log(args)
+
       return await getUser( args.id || context.userId )
     }
   },
@@ -22,7 +23,11 @@ module.exports = {
       return token
     },
     async userEdit( parent, args, context, info ) {
-      // TODO
+      if ( context.userId !== args.user.id )
+        throw new AuthenticationError( 'Not authorized' )
+      
+      await updateUser( context.userId, args.user )
+      return true
     },
   }
 }

modules/core/graph/schemas/apitoken.graphql

@@ -11,6 +11,17 @@ type ApiToken {
   lastChars: String!
   scopes: [String]!
   createdAt: String! #date
-  lifespan: Int!
+  lifespan: BigInt!
   lastUsed: String! #date
+}
+
+extend type Mutation { 
+  """
+  Creates an api token.
+  """
+  apiTokenCreate(scopes: [String!]!, name: String!, lifespan: BigInt):String
+  """
+  Revokes (deletes) an api token.
+  """
+  apiTokenRevoke(token: String!):String
 }

modules/core/graph/schemas/user.graphql

@@ -1,4 +1,7 @@
 extend type Query {
+  """
+  Gets the profile of a user. If no id argument is provided, will return the current authenticated user's profile (as extracted from the authorization header).
+  """
   user(id: String): User
 }
 
@@ -23,7 +26,7 @@ extend type Mutation {
   Temporary measure, equal to local registration. Should be disabled if local_auth is false.
   """
   userCreate(user: UserCreateInput): String
-  userEdit(user: UserEditInput): String
+  userEdit(user: UserEditInput): Boolean
 }
 
 input UserCreateInput {
@@ -34,6 +37,7 @@ input UserCreateInput {
 }
 
 input UserEditInput {
+  id: String!
   name: String!
   username: String!
   company: String!