@appforgeapps/shieldforge-graphql 0.0.5

package/README.md

@@ -0,0 +1,178 @@
+# @shieldforge/graphql
+
+GraphQL schema definitions and resolvers for authentication.
+
+## Installation
+
+```bash
+npm install @shieldforge/graphql
+```
+
+Peer dependencies:
+```bash
+npm install graphql
+```
+
+## Quick Start
+
+### Backend Setup
+
+```typescript
+import { createResolvers, typeDefs } from '@shieldforge/graphql';
+import { ShieldForge } from '@shieldforge/core';
+
+const auth = new ShieldForge({
+  jwtSecret: process.env.JWT_SECRET!,
+});
+
+// Implement data source
+const dataSource = {
+  getUserById: async (id) => await db.user.findUnique({ where: { id } }),
+  getUserByEmail: async (email) => await db.user.findUnique({ where: { email } }),
+  createUser: async (input) => await db.user.create({ data: input }),
+  updateUser: async (id, input) => await db.user.update({ where: { id }, data: input }),
+  createPasswordReset: async (userId, code, expiresAt) => {
+    await db.passwordReset.create({ data: { userId, code, expiresAt } });
+  },
+  getPasswordReset: async (code) => {
+    return await db.passwordReset.findUnique({ where: { code } });
+  },
+  deletePasswordReset: async (code) => {
+    await db.passwordReset.delete({ where: { code } });
+  },
+};
+
+// Create resolvers
+const resolvers = createResolvers({
+  dataSource,
+  auth: {
+    hashPassword: (password) => auth.hashPassword(password),
+    verifyPassword: (password, hash) => auth.verifyPassword(password, hash),
+    generateToken: (payload) => auth.generateToken(payload),
+    verifyToken: (token) => auth.verifyToken(token),
+    calculatePasswordStrength: (password) => auth.calculatePasswordStrength(password),
+    sanitizeUser: (user) => auth.sanitizeUser(user),
+    generateResetCode: () => auth.generateResetCode(),
+    sendPasswordResetEmail: (to, code) => auth.sendPasswordResetEmail(to, code),
+  },
+});
+
+// Use with Apollo Server
+import { ApolloServer } from '@apollo/server';
+
+const server = new ApolloServer({
+  typeDefs,
+  resolvers,
+  context: ({ req }) => {
+    const token = req.headers.authorization?.replace('Bearer ', '');
+    if (token) {
+      try {
+        const payload = auth.verifyToken(token);
+        return { userId: payload.userId, token };
+      } catch (error) {
+        return {};
+      }
+    }
+    return {};
+  },
+});
+```
+
+### Frontend Usage
+
+```tsx
+import { LOGIN_MUTATION, REGISTER_MUTATION, ME_QUERY } from '@shieldforge/graphql';
+import { useMutation, useQuery } from '@apollo/client';
+import { useAuth } from '@shieldforge/react';
+
+function LoginForm() {
+  const [login, { loading, error }] = useMutation(LOGIN_MUTATION);
+  const { login: authLogin } = useAuth();
+
+  const handleSubmit = async (email: string, password: string) => {
+    const { data } = await login({
+      variables: { input: { email, password } }
+    });
+    
+    authLogin(data.login.token, data.login.user);
+  };
+
+  return (/* your form */);
+}
+
+function Profile() {
+  const { data, loading } = useQuery(ME_QUERY);
+  
+  if (loading) return <div>Loading...</div>;
+  
+  return <div>Email: {data.me.email}</div>;
+}
+```
+
+## Type Definitions
+
+The package exports complete GraphQL schema:
+
+- `User` type
+- `AuthPayload` type
+- `LoginInput`, `RegisterInput`, `UpdateProfileInput`, `UpdatePasswordInput`
+- `Query.me` - Get current user
+- `Query.checkPasswordStrength` - Check password strength
+- `Mutation.login` - Login user
+- `Mutation.register` - Register user
+- `Mutation.logout` - Logout user
+- `Mutation.updateProfile` - Update user profile
+- `Mutation.updatePassword` - Change password
+- `Mutation.requestPasswordReset` - Request password reset
+- `Mutation.resetPassword` - Reset password with code
+
+## Documents
+
+Pre-built query/mutation strings:
+
+```typescript
+import {
+  LOGIN_MUTATION,
+  REGISTER_MUTATION,
+  LOGOUT_MUTATION,
+  ME_QUERY,
+  UPDATE_PROFILE_MUTATION,
+  UPDATE_PASSWORD_MUTATION,
+  REQUEST_PASSWORD_RESET_MUTATION,
+  RESET_PASSWORD_MUTATION,
+  CHECK_PASSWORD_STRENGTH_QUERY,
+  USER_FIELDS_FRAGMENT,
+  AUTH_PAYLOAD_FRAGMENT,
+} from '@shieldforge/graphql';
+```
+
+## Extending the Schema
+
+You can extend the User type with your own fields:
+
+```graphql
+extend type User {
+  customField: String
+  anotherField: Int
+}
+```
+
+Then update your data source to return the additional fields.
+
+## Data Source Interface
+
+```typescript
+interface AuthDataSource {
+  getUserById(id: string): Promise<User | null>;
+  getUserByEmail(email: string): Promise<User | null>;
+  createUser(input: RegisterInput & { passwordHash: string }): Promise<User>;
+  updateUser(id: string, input: Partial<User>): Promise<User>;
+  createPasswordReset(userId: string, code: string, expiresAt: Date): Promise<void>;
+  getPasswordReset(code: string): Promise<{ userId: string; expiresAt: Date } | null>;
+  deletePasswordReset(code: string): Promise<void>;
+}
+```
+
+## License
+
+MIT

package/dist/documents.d.ts

@@ -0,0 +1,23 @@
+/**
+ * GraphQL query and mutation documents for Apollo Client
+ * These can be used directly with Apollo Client's useQuery and useMutation hooks
+ */
+export declare const LOGIN_MUTATION = "\n  mutation Login($input: LoginInput!) {\n    login(input: $input) {\n      user {\n        id\n        email\n        username\n        name\n        accountStatus\n        emailVerified\n        createdAt\n        updatedAt\n      }\n      token\n    }\n  }\n";
+export declare const REGISTER_MUTATION = "\n  mutation Register($input: RegisterInput!) {\n    register(input: $input) {\n      user {\n        id\n        email\n        username\n        name\n        accountStatus\n        emailVerified\n        createdAt\n        updatedAt\n      }\n      token\n    }\n  }\n";
+export declare const LOGOUT_MUTATION = "\n  mutation Logout {\n    logout\n  }\n";
+export declare const ME_QUERY = "\n  query Me {\n    me {\n      id\n      email\n      username\n      name\n      accountStatus\n      emailVerified\n      createdAt\n      updatedAt\n    }\n  }\n";
+export declare const UPDATE_PROFILE_MUTATION = "\n  mutation UpdateProfile($input: UpdateProfileInput!) {\n    updateProfile(input: $input) {\n      id\n      email\n      username\n      name\n      accountStatus\n      emailVerified\n      createdAt\n      updatedAt\n    }\n  }\n";
+export declare const UPDATE_PASSWORD_MUTATION = "\n  mutation UpdatePassword($input: UpdatePasswordInput!) {\n    updatePassword(input: $input)\n  }\n";
+export declare const REQUEST_PASSWORD_RESET_MUTATION = "\n  mutation RequestPasswordReset($email: String!) {\n    requestPasswordReset(email: $email)\n  }\n";
+export declare const RESET_PASSWORD_MUTATION = "\n  mutation ResetPassword($code: String!, $newPassword: String!) {\n    resetPassword(code: $code, newPassword: $newPassword)\n  }\n";
+export declare const CHECK_PASSWORD_STRENGTH_QUERY = "\n  query CheckPasswordStrength($password: String!) {\n    checkPasswordStrength(password: $password) {\n      score\n      feedback\n    }\n  }\n";
+/**
+ * Fragment for User fields
+ * Can be composed into other queries
+ */
+export declare const USER_FIELDS_FRAGMENT = "\n  fragment UserFields on User {\n    id\n    email\n    username\n    name\n    accountStatus\n    emailVerified\n    createdAt\n    updatedAt\n  }\n";
+/**
+ * Fragment for AuthPayload fields
+ */
+export declare const AUTH_PAYLOAD_FRAGMENT = "\n  fragment AuthPayloadFields on AuthPayload {\n    user {\n      ...UserFields\n    }\n    token\n  }\n  \n  fragment UserFields on User {\n    id\n    email\n    username\n    name\n    accountStatus\n    emailVerified\n    createdAt\n    updatedAt\n  }\n\n";
+//# sourceMappingURL=documents.d.ts.map

package/dist/documents.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"documents.d.ts","sourceRoot":"","sources":["../src/documents.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,cAAc,2QAgB1B,CAAC;AAEF,eAAO,MAAM,iBAAiB,oRAgB7B,CAAC;AAEF,eAAO,MAAM,eAAe,6CAI3B,CAAC;AAEF,eAAO,MAAM,QAAQ,0KAapB,CAAC;AAEF,eAAO,MAAM,uBAAuB,+OAanC,CAAC;AAEF,eAAO,MAAM,wBAAwB,0GAIpC,CAAC;AAEF,eAAO,MAAM,+BAA+B,yGAI3C,CAAC;AAEF,eAAO,MAAM,uBAAuB,0IAInC,CAAC;AAEF,eAAO,MAAM,6BAA6B,uJAOzC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,oBAAoB,4JAWhC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,yQAQjC,CAAC"}

package/dist/documents.js

@@ -0,0 +1,123 @@
+/**
+ * GraphQL query and mutation documents for Apollo Client
+ * These can be used directly with Apollo Client's useQuery and useMutation hooks
+ */
+export const LOGIN_MUTATION = `
+  mutation Login($input: LoginInput!) {
+    login(input: $input) {
+      user {
+        id
+        email
+        username
+        name
+        accountStatus
+        emailVerified
+        createdAt
+        updatedAt
+      }
+      token
+    }
+  }
+`;
+export const REGISTER_MUTATION = `
+  mutation Register($input: RegisterInput!) {
+    register(input: $input) {
+      user {
+        id
+        email
+        username
+        name
+        accountStatus
+        emailVerified
+        createdAt
+        updatedAt
+      }
+      token
+    }
+  }
+`;
+export const LOGOUT_MUTATION = `
+  mutation Logout {
+    logout
+  }
+`;
+export const ME_QUERY = `
+  query Me {
+    me {
+      id
+      email
+      username
+      name
+      accountStatus
+      emailVerified
+      createdAt
+      updatedAt
+    }
+  }
+`;
+export const UPDATE_PROFILE_MUTATION = `
+  mutation UpdateProfile($input: UpdateProfileInput!) {
+    updateProfile(input: $input) {
+      id
+      email
+      username
+      name
+      accountStatus
+      emailVerified
+      createdAt
+      updatedAt
+    }
+  }
+`;
+export const UPDATE_PASSWORD_MUTATION = `
+  mutation UpdatePassword($input: UpdatePasswordInput!) {
+    updatePassword(input: $input)
+  }
+`;
+export const REQUEST_PASSWORD_RESET_MUTATION = `
+  mutation RequestPasswordReset($email: String!) {
+    requestPasswordReset(email: $email)
+  }
+`;
+export const RESET_PASSWORD_MUTATION = `
+  mutation ResetPassword($code: String!, $newPassword: String!) {
+    resetPassword(code: $code, newPassword: $newPassword)
+  }
+`;
+export const CHECK_PASSWORD_STRENGTH_QUERY = `
+  query CheckPasswordStrength($password: String!) {
+    checkPasswordStrength(password: $password) {
+      score
+      feedback
+    }
+  }
+`;
+/**
+ * Fragment for User fields
+ * Can be composed into other queries
+ */
+export const USER_FIELDS_FRAGMENT = `
+  fragment UserFields on User {
+    id
+    email
+    username
+    name
+    accountStatus
+    emailVerified
+    createdAt
+    updatedAt
+  }
+`;
+/**
+ * Fragment for AuthPayload fields
+ */
+export const AUTH_PAYLOAD_FRAGMENT = `
+  fragment AuthPayloadFields on AuthPayload {
+    user {
+      ...UserFields
+    }
+    token
+  }
+  ${USER_FIELDS_FRAGMENT}
+`;
+//# sourceMappingURL=documents.js.map

package/dist/documents.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"documents.js","sourceRoot":"","sources":["../src/documents.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,CAAC,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;CAgB7B,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG;;;;;;;;;;;;;;;;CAgBhC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG;;;;CAI9B,CAAC;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAG;;;;;;;;;;;;;CAavB,CAAC;AAEF,MAAM,CAAC,MAAM,uBAAuB,GAAG;;;;;;;;;;;;;CAatC,CAAC;AAEF,MAAM,CAAC,MAAM,wBAAwB,GAAG;;;;CAIvC,CAAC;AAEF,MAAM,CAAC,MAAM,+BAA+B,GAAG;;;;CAI9C,CAAC;AAEF,MAAM,CAAC,MAAM,uBAAuB,GAAG;;;;CAItC,CAAC;AAEF,MAAM,CAAC,MAAM,6BAA6B,GAAG;;;;;;;CAO5C,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG;;;;;;;;;;;CAWnC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG;;;;;;;IAOjC,oBAAoB;CACvB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export { typeDefs } from './typeDefs';
+export { createResolvers } from './resolvers';
+export type { AuthDataSource, AuthContext, ResolverDependencies } from './resolvers';
+export { LOGIN_MUTATION, REGISTER_MUTATION, LOGOUT_MUTATION, ME_QUERY, UPDATE_PROFILE_MUTATION, UPDATE_PASSWORD_MUTATION, REQUEST_PASSWORD_RESET_MUTATION, RESET_PASSWORD_MUTATION, CHECK_PASSWORD_STRENGTH_QUERY, USER_FIELDS_FRAGMENT, AUTH_PAYLOAD_FRAGMENT, } from './documents';
+export type { User, AuthUser, LoginInput, RegisterInput, UpdateProfileInput, UpdatePasswordInput, AuthPayload, PasswordStrength, } from '@appforgeapps/shieldforge-types';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,YAAY,EAAE,cAAc,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAErF,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,eAAe,EACf,QAAQ,EACR,uBAAuB,EACvB,wBAAwB,EACxB,+BAA+B,EAC/B,uBAAuB,EACvB,6BAA6B,EAC7B,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,aAAa,CAAC;AAGrB,YAAY,EACV,IAAI,EACJ,QAAQ,EACR,UAAU,EACV,aAAa,EACb,kBAAkB,EAClB,mBAAmB,EACnB,WAAW,EACX,gBAAgB,GACjB,MAAM,iCAAiC,CAAC"}

package/dist/index.js

@@ -0,0 +1,4 @@
+export { typeDefs } from './typeDefs';
+export { createResolvers } from './resolvers';
+export { LOGIN_MUTATION, REGISTER_MUTATION, LOGOUT_MUTATION, ME_QUERY, UPDATE_PROFILE_MUTATION, UPDATE_PASSWORD_MUTATION, REQUEST_PASSWORD_RESET_MUTATION, RESET_PASSWORD_MUTATION, CHECK_PASSWORD_STRENGTH_QUERY, USER_FIELDS_FRAGMENT, AUTH_PAYLOAD_FRAGMENT, } from './documents';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAG9C,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,eAAe,EACf,QAAQ,EACR,uBAAuB,EACvB,wBAAwB,EACxB,+BAA+B,EAC/B,uBAAuB,EACvB,6BAA6B,EAC7B,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,aAAa,CAAC"}

package/dist/resolvers.d.ts

@@ -0,0 +1,81 @@
+import { User, AuthUser, LoginInput, RegisterInput, UpdateProfileInput, UpdatePasswordInput, AuthPayload, PasswordStrength } from '@appforgeapps/shieldforge-types';
+/**
+ * Data source functions that must be implemented by the consumer
+ */
+export interface AuthDataSource {
+    getUserById(id: string): Promise<User | null>;
+    getUserByEmail(email: string): Promise<User | null>;
+    createUser(input: RegisterInput & {
+        passwordHash: string;
+    }): Promise<User>;
+    updateUser(id: string, input: Partial<User>): Promise<User>;
+    createPasswordReset(userId: string, code: string, expiresAt: Date): Promise<void>;
+    getPasswordReset(code: string): Promise<{
+        userId: string;
+        expiresAt: Date;
+    } | null>;
+    deletePasswordReset(code: string): Promise<void>;
+}
+/**
+ * Context interface that must be provided to resolvers
+ */
+export interface AuthContext {
+    userId?: string;
+    token?: string;
+}
+/**
+ * Resolver dependencies
+ */
+export interface ResolverDependencies {
+    dataSource: AuthDataSource;
+    auth: {
+        hashPassword(password: string): Promise<string>;
+        verifyPassword(password: string, hash: string): Promise<boolean>;
+        generateToken(payload: {
+            userId: string;
+            email: string;
+        }): string;
+        verifyToken(token: string): {
+            userId: string;
+            email: string;
+        };
+        calculatePasswordStrength(password: string): PasswordStrength;
+        sanitizeUser(user: User): AuthUser;
+        generateResetCode(length?: number): string;
+        sendPasswordResetEmail(to: string, code: string, resetUrl?: string): Promise<void>;
+    };
+}
+/**
+ * Create GraphQL resolvers with dependency injection
+ */
+export declare function createResolvers(deps: ResolverDependencies): {
+    Query: {
+        me: (_parent: any, _args: any, context: AuthContext) => Promise<AuthUser | null>;
+        checkPasswordStrength: (_parent: any, args: {
+            password: string;
+        }) => PasswordStrength;
+    };
+    Mutation: {
+        login: (_parent: any, args: {
+            input: LoginInput;
+        }) => Promise<AuthPayload>;
+        register: (_parent: any, args: {
+            input: RegisterInput;
+        }) => Promise<AuthPayload>;
+        logout: (_parent: any, _args: any, _context: AuthContext) => boolean;
+        updateProfile: (_parent: any, args: {
+            input: UpdateProfileInput;
+        }, context: AuthContext) => Promise<AuthUser>;
+        updatePassword: (_parent: any, args: {
+            input: UpdatePasswordInput;
+        }, context: AuthContext) => Promise<boolean>;
+        requestPasswordReset: (_parent: any, args: {
+            email: string;
+        }) => Promise<boolean>;
+        resetPassword: (_parent: any, args: {
+            code: string;
+            newPassword: string;
+        }) => Promise<boolean>;
+    };
+};
+//# sourceMappingURL=resolvers.d.ts.map

package/dist/resolvers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolvers.d.ts","sourceRoot":"","sources":["../src/resolvers.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,IAAI,EACJ,QAAQ,EACR,UAAU,EACV,aAAa,EACb,kBAAkB,EAClB,mBAAmB,EACnB,WAAW,EACX,gBAAgB,EACjB,MAAM,iCAAiC,CAAC;AAEzC;;GAEG;AACH,MAAM,WAAW,cAAc;IAE7B,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IAC9C,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IACpD,UAAU,CAAC,KAAK,EAAE,aAAa,GAAG;QAAE,YAAY,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3E,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAG5D,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClF,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;IACpF,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAClD;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,cAAc,CAAC;IAC3B,IAAI,EAAE;QACJ,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;QAChD,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QACjE,aAAa,CAAC,OAAO,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,GAAG,MAAM,CAAC;QAClE,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC;QAC9D,yBAAyB,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB,CAAC;QAC9D,YAAY,CAAC,IAAI,EAAE,IAAI,GAAG,QAAQ,CAAC;QACnC,iBAAiB,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAC3C,sBAAsB,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;KACpF,CAAC;CACH;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,oBAAoB;;sBAKhC,GAAG,SAAS,GAAG,WAAW,WAAW,KAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;yCAQnD,GAAG,QAAQ;YAAE,QAAQ,EAAE,MAAM,CAAA;SAAE,KAAG,gBAAgB;;;yBAM5D,GAAG,QAAQ;YAAE,KAAK,EAAE,UAAU,CAAA;SAAE,KAAG,OAAO,CAAC,WAAW,CAAC;4BAqBpD,GAAG,QAAQ;YAAE,KAAK,EAAE,aAAa,CAAA;SAAE,KAAG,OAAO,CAAC,WAAW,CAAC;0BAiClE,GAAG,SAAS,GAAG,YAAY,WAAW,KAAG,OAAO;iCAOvD,GAAG,QACN;YAAE,KAAK,EAAE,kBAAkB,CAAA;SAAE,WAC1B,WAAW,KACnB,OAAO,CAAC,QAAQ,CAAC;kCAUT,GAAG,QACN;YAAE,KAAK,EAAE,mBAAmB,CAAA;SAAE,WAC3B,WAAW,KACnB,OAAO,CAAC,OAAO,CAAC;wCA0BmB,GAAG,QAAQ;YAAE,KAAK,EAAE,MAAM,CAAA;SAAE,KAAG,OAAO,CAAC,OAAO,CAAC;iCAiB1E,GAAG,QACN;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,WAAW,EAAE,MAAM,CAAA;SAAE,KAC1C,OAAO,CAAC,OAAO,CAAC;;EAwBxB"}

package/dist/resolvers.js

@@ -0,0 +1,128 @@
+/**
+ * Create GraphQL resolvers with dependency injection
+ */
+export function createResolvers(deps) {
+    const { dataSource, auth } = deps;
+    return {
+        Query: {
+            me: async (_parent, _args, context) => {
+                if (!context.userId) {
+                    return null;
+                }
+                const user = await dataSource.getUserById(context.userId);
+                return user ? auth.sanitizeUser(user) : null;
+            },
+            checkPasswordStrength: (_parent, args) => {
+                return auth.calculatePasswordStrength(args.password);
+            },
+        },
+        Mutation: {
+            login: async (_parent, args) => {
+                const { email, password } = args.input;
+                const user = await dataSource.getUserByEmail(email);
+                if (!user || !user.passwordHash) {
+                    throw new Error('Invalid email or password');
+                }
+                const isValid = await auth.verifyPassword(password, user.passwordHash);
+                if (!isValid) {
+                    throw new Error('Invalid email or password');
+                }
+                const token = auth.generateToken({ userId: user.id, email: user.email });
+                return {
+                    user: auth.sanitizeUser(user),
+                    token,
+                };
+            },
+            register: async (_parent, args) => {
+                const { email, password, username, name } = args.input;
+                // Check if user already exists
+                const existingUser = await dataSource.getUserByEmail(email);
+                if (existingUser) {
+                    throw new Error('User with this email already exists');
+                }
+                // Validate password strength
+                const strength = auth.calculatePasswordStrength(password);
+                if (strength.score < 2) {
+                    throw new Error(`Password is too weak: ${strength.feedback.join(', ')}`);
+                }
+                // Hash password and create user
+                const passwordHash = await auth.hashPassword(password);
+                const user = await dataSource.createUser({
+                    email,
+                    password,
+                    username,
+                    name,
+                    passwordHash,
+                });
+                const token = auth.generateToken({ userId: user.id, email: user.email });
+                return {
+                    user: auth.sanitizeUser(user),
+                    token,
+                };
+            },
+            logout: (_parent, _args, _context) => {
+                // Logout is typically handled client-side by removing the token
+                // Server-side can optionally invalidate the token if using a token blacklist
+                return true;
+            },
+            updateProfile: async (_parent, args, context) => {
+                if (!context.userId) {
+                    throw new Error('Not authenticated');
+                }
+                const user = await dataSource.updateUser(context.userId, args.input);
+                return auth.sanitizeUser(user);
+            },
+            updatePassword: async (_parent, args, context) => {
+                if (!context.userId) {
+                    throw new Error('Not authenticated');
+                }
+                const user = await dataSource.getUserById(context.userId);
+                if (!user || !user.passwordHash) {
+                    throw new Error('User not found');
+                }
+                const isValid = await auth.verifyPassword(args.input.currentPassword, user.passwordHash);
+                if (!isValid) {
+                    throw new Error('Current password is incorrect');
+                }
+                const strength = auth.calculatePasswordStrength(args.input.newPassword);
+                if (strength.score < 2) {
+                    throw new Error(`New password is too weak: ${strength.feedback.join(', ')}`);
+                }
+                const newPasswordHash = await auth.hashPassword(args.input.newPassword);
+                await dataSource.updateUser(context.userId, { passwordHash: newPasswordHash });
+                return true;
+            },
+            requestPasswordReset: async (_parent, args) => {
+                const user = await dataSource.getUserByEmail(args.email);
+                if (!user) {
+                    // Don't reveal whether the email exists
+                    return true;
+                }
+                const resetCode = auth.generateResetCode();
+                const expiresAt = new Date(Date.now() + 60 * 60 * 1000); // 1 hour
+                await dataSource.createPasswordReset(user.id, resetCode, expiresAt);
+                await auth.sendPasswordResetEmail(user.email, resetCode);
+                return true;
+            },
+            resetPassword: async (_parent, args) => {
+                const reset = await dataSource.getPasswordReset(args.code);
+                if (!reset) {
+                    throw new Error('Invalid or expired reset code');
+                }
+                if (new Date() > reset.expiresAt) {
+                    await dataSource.deletePasswordReset(args.code);
+                    throw new Error('Reset code has expired');
+                }
+                const strength = auth.calculatePasswordStrength(args.newPassword);
+                if (strength.score < 2) {
+                    throw new Error(`New password is too weak: ${strength.feedback.join(', ')}`);
+                }
+                const newPasswordHash = await auth.hashPassword(args.newPassword);
+                await dataSource.updateUser(reset.userId, { passwordHash: newPasswordHash });
+                await dataSource.deletePasswordReset(args.code);
+                return true;
+            },
+        },
+    };
+}
+//# sourceMappingURL=resolvers.js.map

package/dist/resolvers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolvers.js","sourceRoot":"","sources":["../src/resolvers.ts"],"names":[],"mappings":"AAoDA;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAA0B;IACxD,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;IAElC,OAAO;QACL,KAAK,EAAE;YACL,EAAE,EAAE,KAAK,EAAE,OAAY,EAAE,KAAU,EAAE,OAAoB,EAA4B,EAAE;gBACrF,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;oBACpB,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAC1D,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAC/C,CAAC;YAED,qBAAqB,EAAE,CAAC,OAAY,EAAE,IAA0B,EAAoB,EAAE;gBACpF,OAAO,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvD,CAAC;SACF;QAED,QAAQ,EAAE;YACR,KAAK,EAAE,KAAK,EAAE,OAAY,EAAE,IAA2B,EAAwB,EAAE;gBAC/E,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;gBAEvC,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;gBACpD,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;oBAChC,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;gBAC/C,CAAC;gBAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;gBACvE,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;gBAC/C,CAAC;gBAED,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;gBAEzE,OAAO;oBACL,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;oBAC7B,KAAK;iBACN,CAAC;YACJ,CAAC;YAED,QAAQ,EAAE,KAAK,EAAE,OAAY,EAAE,IAA8B,EAAwB,EAAE;gBACrF,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;gBAEvD,+BAA+B;gBAC/B,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;gBAC5D,IAAI,YAAY,EAAE,CAAC;oBACjB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;gBACzD,CAAC;gBAED,6BAA6B;gBAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAC;gBAC1D,IAAI,QAAQ,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;oBACvB,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC3E,CAAC;gBAED,gCAAgC;gBAChC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;gBACvD,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC;oBACvC,KAAK;oBACL,QAAQ;oBACR,QAAQ;oBACR,IAAI;oBACJ,YAAY;iBACb,CAAC,CAAC;gBAEH,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;gBAEzE,OAAO;oBACL,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;oBAC7B,KAAK;iBACN,CAAC;YACJ,CAAC;YAED,MAAM,EAAE,CAAC,OAAY,EAAE,KAAU,EAAE,QAAqB,EAAW,EAAE;gBACnE,gEAAgE;gBAChE,6EAA6E;gBAC7E,OAAO,IAAI,CAAC;YACd,CAAC;YAED,aAAa,EAAE,KAAK,EAClB,OAAY,EACZ,IAAmC,EACnC,OAAoB,EACD,EAAE;gBACrB,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;oBACpB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;gBACvC,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;gBACrE,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;YACjC,CAAC;YAED,cAAc,EAAE,KAAK,EACnB,OAAY,EACZ,IAAoC,EACpC,OAAoB,EACF,EAAE;gBACpB,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;oBACpB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;gBACvC,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAC1D,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;oBAChC,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;gBACpC,CAAC;gBAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;gBACzF,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBACnD,CAAC;gBAED,MAAM,QAAQ,GAAG,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBACxE,IAAI,QAAQ,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;oBACvB,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC/E,CAAC;gBAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBACxE,MAAM,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,YAAY,EAAE,eAAe,EAAE,CAAC,CAAC;gBAE/E,OAAO,IAAI,CAAC;YACd,CAAC;YAED,oBAAoB,EAAE,KAAK,EAAE,OAAY,EAAE,IAAuB,EAAoB,EAAE;gBACtF,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACzD,IAAI,CAAC,IAAI,EAAE,CAAC;oBACV,wCAAwC;oBACxC,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC3C,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,SAAS;gBAElE,MAAM,UAAU,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;gBACpE,MAAM,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;gBAEzD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,aAAa,EAAE,KAAK,EAClB,OAAY,EACZ,IAA2C,EACzB,EAAE;gBACpB,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC3D,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBACnD,CAAC;gBAED,IAAI,IAAI,IAAI,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;oBACjC,MAAM,UAAU,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAChD,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;gBAC5C,CAAC;gBAED,MAAM,QAAQ,GAAG,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAClE,IAAI,QAAQ,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;oBACvB,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC/E,CAAC;gBAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAClE,MAAM,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,YAAY,EAAE,eAAe,EAAE,CAAC,CAAC;gBAC7E,MAAM,UAAU,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEhD,OAAO,IAAI,CAAC;YACd,CAAC;SACF;KACF,CAAC;AACJ,CAAC"}

package/dist/typeDefs.d.ts

@@ -0,0 +1,5 @@
+/**
+ * GraphQL type definitions for authentication
+ */
+export declare const typeDefs = "\n  enum UserAccountStatus {\n    ACTIVE\n    INACTIVE\n    SUSPENDED\n    PENDING\n  }\n\n  type User {\n    id: ID!\n    email: String!\n    username: String\n    name: String\n    accountStatus: UserAccountStatus\n    emailVerified: Boolean\n    createdAt: String\n    updatedAt: String\n  }\n\n  type AuthPayload {\n    user: User!\n    token: String!\n  }\n\n  input LoginInput {\n    email: String!\n    password: String!\n  }\n\n  input RegisterInput {\n    email: String!\n    password: String!\n    username: String\n    name: String\n  }\n\n  input UpdateProfileInput {\n    username: String\n    name: String\n    email: String\n  }\n\n  input UpdatePasswordInput {\n    currentPassword: String!\n    newPassword: String!\n  }\n\n  type PasswordStrength {\n    score: Int!\n    feedback: [String!]!\n  }\n\n  type Query {\n    me: User\n    checkPasswordStrength(password: String!): PasswordStrength!\n  }\n\n  type Mutation {\n    login(input: LoginInput!): AuthPayload!\n    register(input: RegisterInput!): AuthPayload!\n    logout: Boolean!\n    updateProfile(input: UpdateProfileInput!): User!\n    updatePassword(input: UpdatePasswordInput!): Boolean!\n    requestPasswordReset(email: String!): Boolean!\n    resetPassword(code: String!, newPassword: String!): Boolean!\n  }\n";
+//# sourceMappingURL=typeDefs.d.ts.map

package/dist/typeDefs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"typeDefs.d.ts","sourceRoot":"","sources":["../src/typeDefs.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,eAAO,MAAM,QAAQ,kxCAkEpB,CAAC"}

package/dist/typeDefs.js

@@ -0,0 +1,71 @@
+/**
+ * GraphQL type definitions for authentication
+ */
+export const typeDefs = `
+  enum UserAccountStatus {
+    ACTIVE
+    INACTIVE
+    SUSPENDED
+    PENDING
+  }
+
+  type User {
+    id: ID!
+    email: String!
+    username: String
+    name: String
+    accountStatus: UserAccountStatus
+    emailVerified: Boolean
+    createdAt: String
+    updatedAt: String
+  }
+
+  type AuthPayload {
+    user: User!
+    token: String!
+  }
+
+  input LoginInput {
+    email: String!
+    password: String!
+  }
+
+  input RegisterInput {
+    email: String!
+    password: String!
+    username: String
+    name: String
+  }
+
+  input UpdateProfileInput {
+    username: String
+    name: String
+    email: String
+  }
+
+  input UpdatePasswordInput {
+    currentPassword: String!
+    newPassword: String!
+  }
+
+  type PasswordStrength {
+    score: Int!
+    feedback: [String!]!
+  }
+
+  type Query {
+    me: User
+    checkPasswordStrength(password: String!): PasswordStrength!
+  }
+
+  type Mutation {
+    login(input: LoginInput!): AuthPayload!
+    register(input: RegisterInput!): AuthPayload!
+    logout: Boolean!
+    updateProfile(input: UpdateProfileInput!): User!
+    updatePassword(input: UpdatePasswordInput!): Boolean!
+    requestPasswordReset(email: String!): Boolean!
+    resetPassword(code: String!, newPassword: String!): Boolean!
+  }
+`;
+//# sourceMappingURL=typeDefs.js.map

package/dist/typeDefs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"typeDefs.js","sourceRoot":"","sources":["../src/typeDefs.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,CAAC,MAAM,QAAQ,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkEvB,CAAC"}

package/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "@appforgeapps/shieldforge-graphql",
+  "version": "0.0.5",
+  "description": "GraphQL schema definitions and resolvers for ShieldForge authentication",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/chriscase/ShieldForge.git",
+    "directory": "packages/graphql"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist",
+    "src",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "clean": "rm -rf dist tsconfig.tsbuildinfo",
+    "test": "echo \"No tests specified\"",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "graphql",
+    "authentication",
+    "auth",
+    "schema",
+    "resolvers",
+    "shieldforge"
+  ],
+  "author": "chriscase",
+  "license": "MIT",
+  "dependencies": {
+    "@appforgeapps/shieldforge-types": "*"
+  },
+  "peerDependencies": {
+    "graphql": "^15.0.0 || ^16.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.10.0",
+    "graphql": "^16.8.1",
+    "typescript": "^5.3.3"
+  }
+}

package/src/documents.ts

@@ -0,0 +1,133 @@
+/**
+ * GraphQL query and mutation documents for Apollo Client
+ * These can be used directly with Apollo Client's useQuery and useMutation hooks
+ */
+
+export const LOGIN_MUTATION = `
+  mutation Login($input: LoginInput!) {
+    login(input: $input) {
+      user {
+        id
+        email
+        username
+        name
+        accountStatus
+        emailVerified
+        createdAt
+        updatedAt
+      }
+      token
+    }
+  }
+`;
+
+export const REGISTER_MUTATION = `
+  mutation Register($input: RegisterInput!) {
+    register(input: $input) {
+      user {
+        id
+        email
+        username
+        name
+        accountStatus
+        emailVerified
+        createdAt
+        updatedAt
+      }
+      token
+    }
+  }
+`;
+
+export const LOGOUT_MUTATION = `
+  mutation Logout {
+    logout
+  }
+`;
+
+export const ME_QUERY = `
+  query Me {
+    me {
+      id
+      email
+      username
+      name
+      accountStatus
+      emailVerified
+      createdAt
+      updatedAt
+    }
+  }
+`;
+
+export const UPDATE_PROFILE_MUTATION = `
+  mutation UpdateProfile($input: UpdateProfileInput!) {
+    updateProfile(input: $input) {
+      id
+      email
+      username
+      name
+      accountStatus
+      emailVerified
+      createdAt
+      updatedAt
+    }
+  }
+`;
+
+export const UPDATE_PASSWORD_MUTATION = `
+  mutation UpdatePassword($input: UpdatePasswordInput!) {
+    updatePassword(input: $input)
+  }
+`;
+
+export const REQUEST_PASSWORD_RESET_MUTATION = `
+  mutation RequestPasswordReset($email: String!) {
+    requestPasswordReset(email: $email)
+  }
+`;
+
+export const RESET_PASSWORD_MUTATION = `
+  mutation ResetPassword($code: String!, $newPassword: String!) {
+    resetPassword(code: $code, newPassword: $newPassword)
+  }
+`;
+
+export const CHECK_PASSWORD_STRENGTH_QUERY = `
+  query CheckPasswordStrength($password: String!) {
+    checkPasswordStrength(password: $password) {
+      score
+      feedback
+    }
+  }
+`;
+
+/**
+ * Fragment for User fields
+ * Can be composed into other queries
+ */
+export const USER_FIELDS_FRAGMENT = `
+  fragment UserFields on User {
+    id
+    email
+    username
+    name
+    accountStatus
+    emailVerified
+    createdAt
+    updatedAt
+  }
+`;
+
+/**
+ * Fragment for AuthPayload fields
+ */
+export const AUTH_PAYLOAD_FRAGMENT = `
+  fragment AuthPayloadFields on AuthPayload {
+    user {
+      ...UserFields
+    }
+    token
+  }
+  ${USER_FIELDS_FRAGMENT}
+`;

package/src/index.ts

@@ -0,0 +1,29 @@
+export { typeDefs } from './typeDefs';
+export { createResolvers } from './resolvers';
+export type { AuthDataSource, AuthContext, ResolverDependencies } from './resolvers';
+
+export {
+  LOGIN_MUTATION,
+  REGISTER_MUTATION,
+  LOGOUT_MUTATION,
+  ME_QUERY,
+  UPDATE_PROFILE_MUTATION,
+  UPDATE_PASSWORD_MUTATION,
+  REQUEST_PASSWORD_RESET_MUTATION,
+  RESET_PASSWORD_MUTATION,
+  CHECK_PASSWORD_STRENGTH_QUERY,
+  USER_FIELDS_FRAGMENT,
+  AUTH_PAYLOAD_FRAGMENT,
+} from './documents';
+
+// Re-export types
+export type {
+  User,
+  AuthUser,
+  LoginInput,
+  RegisterInput,
+  UpdateProfileInput,
+  UpdatePasswordInput,
+  AuthPayload,
+  PasswordStrength,
+} from '@appforgeapps/shieldforge-types';

package/src/resolvers.ts

@@ -0,0 +1,221 @@
+import {
+  User,
+  AuthUser,
+  LoginInput,
+  RegisterInput,
+  UpdateProfileInput,
+  UpdatePasswordInput,
+  AuthPayload,
+  PasswordStrength,
+} from '@appforgeapps/shieldforge-types';
+
+/**
+ * Data source functions that must be implemented by the consumer
+ */
+export interface AuthDataSource {
+  // User operations
+  getUserById(id: string): Promise<User | null>;
+  getUserByEmail(email: string): Promise<User | null>;
+  createUser(input: RegisterInput & { passwordHash: string }): Promise<User>;
+  updateUser(id: string, input: Partial<User>): Promise<User>;
+  
+  // Password reset operations
+  createPasswordReset(userId: string, code: string, expiresAt: Date): Promise<void>;
+  getPasswordReset(code: string): Promise<{ userId: string; expiresAt: Date } | null>;
+  deletePasswordReset(code: string): Promise<void>;
+}
+
+/**
+ * Context interface that must be provided to resolvers
+ */
+export interface AuthContext {
+  userId?: string;
+  token?: string;
+}
+
+/**
+ * Resolver dependencies
+ */
+export interface ResolverDependencies {
+  dataSource: AuthDataSource;
+  auth: {
+    hashPassword(password: string): Promise<string>;
+    verifyPassword(password: string, hash: string): Promise<boolean>;
+    generateToken(payload: { userId: string; email: string }): string;
+    verifyToken(token: string): { userId: string; email: string };
+    calculatePasswordStrength(password: string): PasswordStrength;
+    sanitizeUser(user: User): AuthUser;
+    generateResetCode(length?: number): string;
+    sendPasswordResetEmail(to: string, code: string, resetUrl?: string): Promise<void>;
+  };
+}
+
+/**
+ * Create GraphQL resolvers with dependency injection
+ */
+export function createResolvers(deps: ResolverDependencies) {
+  const { dataSource, auth } = deps;
+
+  return {
+    Query: {
+      me: async (_parent: any, _args: any, context: AuthContext): Promise<AuthUser | null> => {
+        if (!context.userId) {
+          return null;
+        }
+        const user = await dataSource.getUserById(context.userId);
+        return user ? auth.sanitizeUser(user) : null;
+      },
+
+      checkPasswordStrength: (_parent: any, args: { password: string }): PasswordStrength => {
+        return auth.calculatePasswordStrength(args.password);
+      },
+    },
+
+    Mutation: {
+      login: async (_parent: any, args: { input: LoginInput }): Promise<AuthPayload> => {
+        const { email, password } = args.input;
+        
+        const user = await dataSource.getUserByEmail(email);
+        if (!user || !user.passwordHash) {
+          throw new Error('Invalid email or password');
+        }
+
+        const isValid = await auth.verifyPassword(password, user.passwordHash);
+        if (!isValid) {
+          throw new Error('Invalid email or password');
+        }
+
+        const token = auth.generateToken({ userId: user.id, email: user.email });
+        
+        return {
+          user: auth.sanitizeUser(user),
+          token,
+        };
+      },
+
+      register: async (_parent: any, args: { input: RegisterInput }): Promise<AuthPayload> => {
+        const { email, password, username, name } = args.input;
+
+        // Check if user already exists
+        const existingUser = await dataSource.getUserByEmail(email);
+        if (existingUser) {
+          throw new Error('User with this email already exists');
+        }
+
+        // Validate password strength
+        const strength = auth.calculatePasswordStrength(password);
+        if (strength.score < 2) {
+          throw new Error(`Password is too weak: ${strength.feedback.join(', ')}`);
+        }
+
+        // Hash password and create user
+        const passwordHash = await auth.hashPassword(password);
+        const user = await dataSource.createUser({
+          email,
+          password,
+          username,
+          name,
+          passwordHash,
+        });
+
+        const token = auth.generateToken({ userId: user.id, email: user.email });
+
+        return {
+          user: auth.sanitizeUser(user),
+          token,
+        };
+      },
+
+      logout: (_parent: any, _args: any, _context: AuthContext): boolean => {
+        // Logout is typically handled client-side by removing the token
+        // Server-side can optionally invalidate the token if using a token blacklist
+        return true;
+      },
+
+      updateProfile: async (
+        _parent: any,
+        args: { input: UpdateProfileInput },
+        context: AuthContext
+      ): Promise<AuthUser> => {
+        if (!context.userId) {
+          throw new Error('Not authenticated');
+        }
+
+        const user = await dataSource.updateUser(context.userId, args.input);
+        return auth.sanitizeUser(user);
+      },
+
+      updatePassword: async (
+        _parent: any,
+        args: { input: UpdatePasswordInput },
+        context: AuthContext
+      ): Promise<boolean> => {
+        if (!context.userId) {
+          throw new Error('Not authenticated');
+        }
+
+        const user = await dataSource.getUserById(context.userId);
+        if (!user || !user.passwordHash) {
+          throw new Error('User not found');
+        }
+
+        const isValid = await auth.verifyPassword(args.input.currentPassword, user.passwordHash);
+        if (!isValid) {
+          throw new Error('Current password is incorrect');
+        }
+
+        const strength = auth.calculatePasswordStrength(args.input.newPassword);
+        if (strength.score < 2) {
+          throw new Error(`New password is too weak: ${strength.feedback.join(', ')}`);
+        }
+
+        const newPasswordHash = await auth.hashPassword(args.input.newPassword);
+        await dataSource.updateUser(context.userId, { passwordHash: newPasswordHash });
+
+        return true;
+      },
+
+      requestPasswordReset: async (_parent: any, args: { email: string }): Promise<boolean> => {
+        const user = await dataSource.getUserByEmail(args.email);
+        if (!user) {
+          // Don't reveal whether the email exists
+          return true;
+        }
+
+        const resetCode = auth.generateResetCode();
+        const expiresAt = new Date(Date.now() + 60 * 60 * 1000); // 1 hour
+
+        await dataSource.createPasswordReset(user.id, resetCode, expiresAt);
+        await auth.sendPasswordResetEmail(user.email, resetCode);
+
+        return true;
+      },
+
+      resetPassword: async (
+        _parent: any,
+        args: { code: string; newPassword: string }
+      ): Promise<boolean> => {
+        const reset = await dataSource.getPasswordReset(args.code);
+        if (!reset) {
+          throw new Error('Invalid or expired reset code');
+        }
+
+        if (new Date() > reset.expiresAt) {
+          await dataSource.deletePasswordReset(args.code);
+          throw new Error('Reset code has expired');
+        }
+
+        const strength = auth.calculatePasswordStrength(args.newPassword);
+        if (strength.score < 2) {
+          throw new Error(`New password is too weak: ${strength.feedback.join(', ')}`);
+        }
+
+        const newPasswordHash = await auth.hashPassword(args.newPassword);
+        await dataSource.updateUser(reset.userId, { passwordHash: newPasswordHash });
+        await dataSource.deletePasswordReset(args.code);
+
+        return true;
+      },
+    },
+  };
+}

package/src/typeDefs.ts

@@ -0,0 +1,70 @@
+/**
+ * GraphQL type definitions for authentication
+ */
+export const typeDefs = `
+  enum UserAccountStatus {
+    ACTIVE
+    INACTIVE
+    SUSPENDED
+    PENDING
+  }
+
+  type User {
+    id: ID!
+    email: String!
+    username: String
+    name: String
+    accountStatus: UserAccountStatus
+    emailVerified: Boolean
+    createdAt: String
+    updatedAt: String
+  }
+
+  type AuthPayload {
+    user: User!
+    token: String!
+  }
+
+  input LoginInput {
+    email: String!
+    password: String!
+  }
+
+  input RegisterInput {
+    email: String!
+    password: String!
+    username: String
+    name: String
+  }
+
+  input UpdateProfileInput {
+    username: String
+    name: String
+    email: String
+  }
+
+  input UpdatePasswordInput {
+    currentPassword: String!
+    newPassword: String!
+  }
+
+  type PasswordStrength {
+    score: Int!
+    feedback: [String!]!
+  }
+
+  type Query {
+    me: User
+    checkPasswordStrength(password: String!): PasswordStrength!
+  }
+
+  type Mutation {
+    login(input: LoginInput!): AuthPayload!
+    register(input: RegisterInput!): AuthPayload!
+    logout: Boolean!
+    updateProfile(input: UpdateProfileInput!): User!
+    updatePassword(input: UpdatePasswordInput!): Boolean!
+    requestPasswordReset(email: String!): Boolean!
+    resetPassword(code: String!, newPassword: String!): Boolean!
+  }
+`;