npm - @webresto/graphql - Versions diffs - 1.3.7 → 1.3.8 - Mend

@webresto/graphql 1.3.7 → 1.3.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (142) hide show

package/.gitattributes +2 -0
package/.gitlab-ci.yml +18 -0
package/.vscode/extensions.json +5 -0
package/docs/actions.md +25 -0
package/docs/authorization.md +215 -0
package/docs/captcha.md +71 -0
package/docs/device-id.md +30 -0
package/docs/messages.md +10 -0
package/docs/user.md +54 -0
package/index.d.ts +0 -1
package/index.js +6 -2
package/index.ts +2 -2
package/lib/afterHook.js +8 -0
package/lib/afterHook.ts +9 -0
package/lib/bindTranslations.d.ts +1 -0
package/lib/bindTranslations.js +40 -0
package/lib/bindTranslations.ts +39 -0
package/lib/defaults.d.ts +1 -0
package/lib/defaults.js +49 -10
package/lib/defaults.ts +55 -0
package/lib/eventHelper.d.ts +14 -5
package/lib/eventHelper.js +28 -9
package/lib/eventHelper.ts +41 -8
package/lib/getRecomended.d.ts +1 -0
package/lib/getRecomended.js +29 -0
package/lib/getRecomended.ts +31 -0
package/lib/graphqlHelper.d.ts +3 -4
package/lib/graphqlHelper.js +184 -72
package/lib/graphqlHelper.ts +329 -185
package/lib/jwt.d.ts +10 -0
package/lib/jwt.js +43 -0
package/lib/jwt.ts +61 -0
package/package.json +13 -6
package/src/additionalResolvers.d.ts +72 -9
package/src/additionalResolvers.js +93 -24
package/src/additionalResolvers.ts +105 -34
package/src/graphql.d.ts +5 -3
package/src/graphql.js +170 -37
package/src/graphql.ts +210 -60
package/src/resolvers/bonusProgram.d.ts +32 -0
package/src/resolvers/bonusProgram.js +65 -0
package/src/resolvers/bonusProgram.ts +79 -0
package/src/resolvers/captcha.d.ts +11 -0
package/src/resolvers/captcha.js +19 -0
package/src/resolvers/captcha.ts +16 -0
package/src/resolvers/checkout.d.ts +35 -16
package/src/resolvers/checkout.js +171 -94
package/src/resolvers/checkout.ts +214 -104
package/src/resolvers/dishAndModifier.js +8 -4
package/src/resolvers/dishAndModifier.ts +4 -0
package/src/resolvers/error.d.ts +9 -0
package/src/resolvers/error.js +21 -0
package/src/resolvers/error.ts +21 -0
package/src/resolvers/menu.d.ts +9 -0
package/src/resolvers/menu.js +12 -0
package/src/resolvers/menu.ts +10 -0
package/src/resolvers/order.d.ts +527 -0
package/src/resolvers/order.js +349 -0
package/src/resolvers/order.ts +435 -0
package/src/resolvers/paymentMethod.js +7 -3
package/src/resolvers/paymentMethod.ts +9 -5
package/src/resolvers/pickupPoint.d.ts +1 -0
package/src/resolvers/pickupPoint.js +24 -0
package/src/resolvers/pickupPoint.ts +23 -0
package/src/resolvers/recomended.d.ts +13 -0
package/src/resolvers/recomended.js +80 -0
package/src/resolvers/recomended.ts +86 -0
package/src/resolvers/restrictions.d.ts +37 -1
package/src/resolvers/restrictions.js +100 -15
package/src/resolvers/restrictions.ts +106 -14
package/src/resolvers/streets.d.ts +1 -1
package/src/resolvers/streets.js +1 -4
package/src/resolvers/streets.ts +1 -3
package/src/resolvers/subscriptions.d.ts +4 -4
package/src/resolvers/subscriptions.js +49 -12
package/src/resolvers/subscriptions.ts +59 -14
package/src/resolvers/telemetry.d.ts +14 -0
package/src/resolvers/telemetry.js +25 -0
package/src/resolvers/telemetry.ts +24 -0
package/src/resolvers/user.d.ts +82 -0
package/src/resolvers/user.js +416 -0
package/src/resolvers/user.ts +621 -0
package/src/resolvers/userLocation.d.ts +53 -0
package/src/resolvers/userLocation.js +74 -0
package/src/resolvers/userLocation.ts +125 -0
package/src/resolvers/userOTPrequest.d.ts +21 -0
package/src/resolvers/userOTPrequest.js +57 -0
package/src/resolvers/userOTPrequest.ts +75 -0
package/test/e2e_helper.js +157 -0
package/test/e2e_helper.ts +212 -0
package/test/fixture/config/i18n.js +7 -20
package/test/fixture/config/locales/de.json +1 -0
package/test/fixture/config/locales/en.json +10 -0
package/test/fixture/config/locales/es.json +3 -0
package/test/fixture/config/locales/fr.json +1 -0
package/test/fixture/config/log.js +1 -1
package/test/fixture/package.json +5 -6
package/test/fixture/patches/rttc+10.0.1.patch +17 -0
package/test/integration/captcha.test.js +20 -0
package/test/integration/captcha.test.ts +25 -0
package/test/integration/dish.test.js +35 -0
package/test/integration/dish.test.ts +43 -0
package/test/integration/graphql.test.js +5 -2
package/test/integration/graphql.test.ts +2 -4
package/test/integration/images.test.js +35 -0
package/test/integration/images.test.ts +40 -0
package/test/integration/locale.test.js +26 -0
package/test/integration/locale.test.ts +32 -0
package/test/integration/order.test.js +56 -43
package/test/integration/order.test.ts +59 -59
package/test/integration/subscriptions.test.js +136 -0
package/test/integration/subscriptions.test.ts +162 -0
package/test/integration/user.test.js +249 -0
package/test/integration/user.test.ts +299 -0
package/test/unit/first.test.js +4 -2
package/test/unit/first.test.ts +1 -1
package/test/unit/get-recomended.test.js +56 -0
package/test/unit/get-recomended.test.ts +63 -0
package/translations/de.json +2 -0
package/translations/en.json +3 -0
package/translations/es.json +3 -0
package/translations/fr.json +2 -0
package/translations/ru.json +36 -0
package/tsconfig.json +20 -5
package/types/global.d.ts +30 -0
package/types/global.js +2 -0
package/types/global.ts +31 -0
package/types/primitives.d.ts +19 -0
package/types/references.d.ts +1 -0
package/types/restoGraphQLConfig.d.ts +13 -0
package/lib/afterHook.ts___graphql-transport-ws +0 -138
package/lib/afterHook.ts___graphql-ws +0 -133
package/lib/errorWrapper.d.ts +0 -4
package/lib/errorWrapper.js +0 -13
package/lib/errorWrapper.ts +0 -12
package/notes.md +0 -1976
package/src/resolvers/cart.d.ts +0 -343
package/src/resolvers/cart.js +0 -196
package/src/resolvers/cart.ts +0 -278
package/test/fixture/config/connections.js +0 -9
package/test/integration/sails_not_crash.test.js +0 -3
package/test/integration/sails_not_crash.test.ts +0 -3

package/lib/graphqlHelper.ts CHANGED Viewed

@@ -1,23 +1,18 @@
-/// <reference path="../../core/libs/globalTypes.ts"/>
 import _ = require("lodash");
-import { WorkTimeValidator} from '@webresto/worktime'
-import getEmitter from "@webresto/core/libs/getEmitter";
+import { WorkTimeValidator } from '@webresto/worktime'
 import *  as WLCriteria from 'waterline-criteria';
-const fs = require('fs');
-const path = require('path');
- const scalarTypes = {
-    string: "String",
-    text: "String",
-    date: "String",
-    datetime: "String",
-    integer: "Int",
-    float: "Float",
-    boolean: "Boolean",
-    // "json": "Json",
-    // "array": "Array",
+import { JWTAuth } from "./jwt";
+import * as fs from 'fs';
+import * as path from 'path';
+const scalarTypes = {
+  string: "String",
+  number: "Float",
+  boolean: "Boolean",
+  // json: "Json",
+  // "array": "Array",
 }
 /*
@@ -75,30 +70,31 @@ const models: Set<string> = new Set();
  * @returns void
  */
-function addModel (modelName: string) {
-    modelName = firstLetterToUpperCase(modelName);
-    if (blackList.includes(modelName)) {
-        // schemaScalars.add(modelName);
-        return;
-    }
-    models.add(modelName.toLowerCase());
+function addModel(modelName: string) {
+  modelName = firstLetterToUpperCase(modelName);
+  if (blackList.includes(modelName)) {
+    // schemaScalars.add(modelName);
+    return;
+  }
+  models.add(modelName.toLowerCase());
 }
-function addType (typeString: String) {
-    schemaTypes.push(typeString);
+function addType(type: string) {
+  schemaTypes.push(type);
 }
 /**
  * Мержит новый резолвер с объектом резолверов. Новый резолвер заменит старый при совпадении имен
  *
  * @param resolvers
  * resolverExample = {
- *      def: "user(id: String)",
+ *      def: "user(id: string)",
  *      fn: function (parent, args, context) {
  *          return User.find({id: args.id})
  *      }
  * }
  */
-function addResolvers (resolvers: Object) {
-    _.merge(schemaResolvers, resolvers);
+function addResolvers(resolvers: Object) {
+  _.merge(schemaResolvers, resolvers);
 }
 /**
@@ -107,7 +103,7 @@ function addResolvers (resolvers: Object) {
 function addAllSailsModels() {
   Object.keys(sails.models).forEach((key) => {
     if (key.includes("__")) return;
-    if (sails.models[key].graphql && sails.models[key].graphql.public === false){
+    if (sails.models[key].graphql && sails.models[key].graphql.public === false) {
       addToBlackList([key]);
       return;
     }
@@ -125,12 +121,12 @@ function addAllSailsModels() {
  * @param list array<string>
  */
 function addToBlackList(list: Array<string>) {
-    blackList.push(...list);
+  blackList.push(...list);
 }
 /**
  * Добавляет в указаную модель новое поле
- * Пример: addCustomField("Order", "customField: String")
+ * Пример: addCustomField("Order", "customField: string")
  *
  * @param model string
  * @param field string
@@ -148,7 +144,7 @@ function addCustomField(model, field) {
  * @param field string
  */
 function addToReplaceList(model, field) {
-    replaceList[model] = field;
+  replaceList[model] = field;
 }
 /**
@@ -174,7 +170,7 @@ function addDirResolvers(dir) {
  *
  * @returns {schemaTypes, schemaResolvers}
  */
-function getSchema () {
+function getSchema() {
   Object.keys(whiteList).forEach(modelname => {
     if (sails.models[modelname]?.graphql?.public !== false) {
       addModelResolver(modelname);
@@ -182,7 +178,7 @@ function getSchema () {
   });
   addResolvers(modelsResolvers);
-  return createSchema({types: schemaTypes, resolvers: schemaResolvers});
+  return createSchema({ types: schemaTypes, resolvers: schemaResolvers });
 }
 function firstLetterToUpperCase(string) {
@@ -213,26 +209,37 @@ function createType(model) {
     let scalarType;
     if (attributes[prop].type) {
-      if (scalarTypes[attributes[prop].type.toLowerCase()]) {
-        scalarType = scalarTypes[attributes[prop].type.toLowerCase()];
+      // TODO: make method  add AddModelFieldType(path, type) for pass custom type for specific model
+      if (modelName.toLowerCase() === "user" && prop === "phone") {
+        scalarType = "Phone"
       } else {
-        scalarType = firstLetterToUpperCase(attributes[prop].type);
-        schemaScalars.add(scalarType);
+        if (scalarTypes[attributes[prop].type.toLowerCase()]) {
+          scalarType = scalarTypes[attributes[prop].type.toLowerCase()];
+        } else {
+          scalarType = firstLetterToUpperCase(attributes[prop].type);
+          schemaScalars.add(scalarType);
+        }
       }
       type += '  ' + prop + ': ' + scalarType + '\n';
     }
     // MODEL SCHEMA GENERATION
     if (attributes[prop].model) {
       let relationModel = sails.models[attributes[prop].model.toLowerCase()]
-      scalarType = scalarTypes[relationModel.attributes[relationModel.primaryKey].type]
+      scalarType = scalarTypes[relationModel.attributes[relationModel.primaryKey].type.toLowerCase()]
       const name = sails.models[attributes[prop].model.toLowerCase()].globalId;
       type += `  ${prop}: ${name}\n`;
+      // Virtual Id field
+      type += `  ${prop}Id: ${scalarType}\n`;
     }
     // COLLECTION SCHEMA GENERATION
     if (attributes[prop].collection) {
-      scalarType = scalarTypes[attributes[sails.models[attributes[prop].collection.toLowerCase()].primaryKey].type.toLowerCase()]
+      let collectionModel = sails.models[attributes[prop].collection.toLowerCase()];
+      scalarType = scalarTypes[collectionModel.attributes[collectionModel.primaryKey].type.toLowerCase()];
       const name = sails.models[attributes[prop].collection.toLowerCase()].globalId;
       type += `  ${prop}: [${name}]\n`;
     }
@@ -241,7 +248,7 @@ function createType(model) {
     type += `  ${customFields[modelName]}\n`;
   }
   if (!attributes.customData) {
-    type += '""" autogenerated """  customData: Json';
+    type += `""" [autogenerated] ${isAuthRequired(modelName) ? '\n[auth required]' : ''}"""  customData: Json`;
   }
   type += '}\n';
   return type;
@@ -308,10 +315,9 @@ function createSchema(typeDefsObj) {
 const whiteList = {
   // group: ['subscription', 'query'] // order - modelname , 'subscription' - resolver type
 }
-const userAuth = typeof sails.config.restographql?.authService === 'function' ? sails.config.restographql.authService : null;
-let modelsResolvers: {Query?: Object, Subscription?: Object} = { Query: {}};
-const { withFilter } = require("apollo-server");
+let modelsResolvers: { Query?: Object, Subscription?: Object } = { Query: {} };
+import { withFilter } from "apollo-server";
 /**
  * Патчит waterline criteria во время автогенерации
@@ -322,17 +328,17 @@ const { withFilter } = require("apollo-server");
  */
 function sanitizeCriteria(modelname, criteria) {
-  if (sails.models[modelname].attributes.enable){
+  if (sails.models[modelname].attributes.enable) {
     criteria.enable = true;
   }
-  if (sails.models[modelname].attributes.isDeleted){
+  if (sails.models[modelname].attributes.isDeleted) {
     criteria.isDeleted = false;
   }
   switch (modelname) {
     case 'dish':
-      criteria.balance = {'!=': 0};
+      criteria.balance = { '!=': 0 };
       criteria.isDeleted = false;
       break;
     case 'group':
@@ -376,52 +382,81 @@ function addModelResolver(modelname) {
     models.add(modelname); // make schema Type for Model
     const methodName = firstLetterToLowerCase(modelName)
     let resolverQuery = {
-      def: `""" autogenerated """ ${methodName}(criteria: Json): [${modelName}]`,
+      def: `""" [autogenerated] ${isAuthRequired(modelname) ? '\n[auth required]' : ''}""" ${methodName}(criteria: Json, skip: Int, limit: Int, sort: String): [${modelName}]`,
       fn: async function (parent, args, context) {
         let criteria = args.criteria || {};
         criteria = sanitizeCriteria(modelname, criteria);
         // If model has User field need auth
-        if (sails.models[modelname].attributes.user) {
-          if (userAuth) {
-            let user = await userAuth(
-              context.connectionParams.authorization
-            );
-            if (user.id) {
-              criteria.user = user.id;
-            } else return null;
+        if (isAuthRequired(modelName)) {
+          let auth = await JWTAuth.verify(
+            context.connectionParams.authorization
+          );
+          if (auth.userId && UserDevice.checkSession(auth.sessionId, auth.userId, { lastIP: "IP", userAgent: context.connectionParams["user-agent"] })) {
+            if (modelName.toLowerCase() === "user") {
+              criteria.id = auth.userId
+            } else {
+              criteria.user = auth.userId
+            }
           } else {
-            return null;
+            throw 'Authorization failed'
           }
         }
-        let query: any = { where: criteria};
+        let query: any;
+        if (criteria.where === undefined) {
+          query = { where: criteria }
+        } else {
+          query = criteria
+        }
         //sorting
-        if (sails.models[modelname].attributes.order) {
-          query.sort = 'order ASC'
+        if (sails.models[modelname].attributes.sortOrder) {
+          query.sort = 'sortOrder ASC'
         }
-        let result = await sails.models[modelname].find(query);
-        getEmitter().emit(`graphql-query-${modelname}`, result);
+        let ORMrequest = sails.models[modelname].find(query);
+        if (args.skip) {
+          ORMrequest.skip(args.skip)
+        }
+        if (args.limit) {
+          ORMrequest.limit(args.limit)
+        }
+        if (args.sort) {
+          ORMrequest.sort(args.sort)
+        } else {
+          if (sails.models[modelname].attributes.sortOrder) {
+            ORMrequest.sort('sortOrder ASC')
+          }
+        }
-        //workTime filter
+        let result = await ORMrequest
-        if (sails.models[modelname].attributes.workTime) {
+        emitter.emit(`graphql-query-${modelname}`, result);
+        //worktime filter
+        if (sails.models[modelname].attributes.worktime) {
           result = result.filter(record => {
-            if (!record.workTime) return true;
+            if (!record.worktime) return true;
             try {
-                return (WorkTimeValidator.isWorkNow({workTime: record.workTime})).workNow
+              return (WorkTimeValidator.isWorkNow({ worktime: record.worktime })).workNow
             } catch (error) {
-                sails.log.error("Graphql > helper > error: ",error)
+              sails.log.error("Graphql > helper > error: ", error)
             }
           })
         }
         result.forEach(item => {
-          getEmitter().emit(
+          emitter.emit(
             `http-api:before-send-${modelname.toLowerCase()}`,
             item
           );
@@ -431,105 +466,206 @@ function addModelResolver(modelname) {
       },
     };
     modelsResolvers.Query[methodName] = resolverQuery;
+    let resolverQueryCount = {
+      def: `""" [autogenerated] ${isAuthRequired(modelname) ? '\n[auth required]' : ''}""" ${methodName}Count(criteria: Json): Int`,
+      fn: async function (parent, args, context) {
+        let criteria = args.criteria || {};
+        criteria = sanitizeCriteria(modelname, criteria);
+        // If model has User field need auth
+        if (isAuthRequired(modelName)) {
+          let auth = await JWTAuth.verify(
+            context.connectionParams.authorization
+          );
+          if (auth.userId && UserDevice.checkSession(auth.sessionId, auth.userId, { lastIP: "IP", userAgent: context.connectionParams["user-agent"] })) {
+            if (modelName.toLowerCase() === "user") {
+              criteria.id = auth.userId
+            } else {
+              criteria.user = auth.userId
+            }
+          } else {
+            throw 'Authorization failed'
+          }
+        }
+        let query: any;
+        if (criteria.where === undefined) {
+          query = { where: criteria }
+        } else {
+          query = criteria
+        }
+        let ORMrequest = sails.models[modelname].find(query);
+        let result = await ORMrequest
+        //worktime filter
+        if (sails.models[modelname].attributes.worktime) {
+          result = result.filter(record => {
+            if (!record.worktime) return true;
+            try {
+              return (WorkTimeValidator.isWorkNow({ worktime: record.worktime })).workNow
+            } catch (error) {
+              sails.log.error("Graphql > helper > error: ", error)
+            }
+          })
+        }
+        return result.length;
+      },
+    };
+    modelsResolvers.Query[`${methodName}Count`] = resolverQueryCount;
   }
-    // Model fields resolvers
-    let resolvers = {};
-    // iterate separate resolvers in model (type])
-    Object.keys(sails.models[modelname].attributes).forEach((key) => {
-      if (key.includes("__")) return;
-      if (blackList.includes(`${modelName}.${key}`) || blackList.includes(`${key}`)) return;
-      if (typeof sails.models[modelname].attributes[key] === 'function') return;
-      if (sails.models[modelname].attributes[key].graphql) {
-        if (sails.models[modelname].attributes[key].graphql.public === false)
-          return;
-      }
+  // Model fields resolvers
+  let resolvers = {};
+  // iterate separate resolvers in model (type])
+  Object.keys(sails.models[modelname].attributes).forEach((key) => {
+    if (key.includes("__")) return;
+    if (blackList.includes(`${modelName}.${key}`) || blackList.includes(`${key}`)) return;
+    if (typeof sails.models[modelname].attributes[key] === 'function') return;
+    if (sails.models[modelname].attributes[key].graphql) {
+      if (sails.models[modelname].attributes[key].graphql.public === false)
+        return;
+    }
-      let modelAttribute = sails.models[modelname].attributes[key];
+    let modelAttribute = sails.models[modelname].attributes[key];
-      if (modelAttribute.collection || modelAttribute.model) {
-        let modelRelationType = modelAttribute.collection
-          ? "collection"
-          : "model";
+    if (modelAttribute.collection || modelAttribute.model) {
+      let modelRelationType = modelAttribute.collection
+        ? "collection"
+        : "model";
-        let relationKey =
-            modelAttribute.via !== undefined
-            ? modelAttribute.via
-            : "id";
+      let relationKey =
+        modelAttribute.via !== undefined
+          ? modelAttribute.via
+          : "id";
-        let criteria = {};
-        criteria = sanitizeCriteria(modelAttribute[modelRelationType], criteria);
+      let criteria = {};
+      criteria = sanitizeCriteria(modelAttribute[modelRelationType], criteria);
-        switch (modelRelationType) {
-          case "model":
-            resolvers[key] = async (parent, args, context) => {
-              criteria[relationKey] = parent[key];
-              let result = await sails.models[modelAttribute[modelRelationType]].findOne(criteria);
+      switch (modelRelationType) {
+        case "model":
+          resolvers[key] = async (parent, args, context) => {
+            criteria[relationKey] = parent[key];
-              // TODO: this need only for support legacy patching (discount)
-              getEmitter().emit(
-                `http-api:before-send-${modelAttribute.model.toLowerCase()}`,
-                result
+            // Check access rights
+            if (isAuthRequired(modelAttribute[modelRelationType])) {
+              let auth = await JWTAuth.verify(
+                context.connectionParams.authorization
               );
-              // celan if not work time
-              if (result && result.workTime && !WorkTimeValidator.isWorkNow({workTime: result.workTime}).workNow) {
-                result = null;
+              if (auth.userId && UserDevice.checkSession(auth.sessionId, auth.userId, { lastIP: "IP", userAgent: context.connectionParams["user-agent"] })) {
+                if (modelName.toLowerCase() === "user") {
+                  criteria["id"] = auth.userId
+                } else {
+                  criteria["user"] = auth.userId
+                }
+              } else {
+                throw 'Authorization failed'
               }
-            };
-            return;
-          case "collection":
-            resolvers[key] = async (parent, args, context) => {
+            }
+            let result = await sails.models[modelAttribute[modelRelationType]].findOne(criteria);
-              let subcriteria: any = {};
+            // TODO: this need only for support legacy patching (discount)
+            emitter.emit(
+              `http-api:before-send-${modelAttribute.model.toLowerCase()}`,
+              result
+            );
-              let subquery: any = { where: criteria};
-              //sorting
-              if (sails.models[modelname].attributes.order) {
-                subquery.sort = 'order ASC'
-              }
+            // celan if not work time
+            if (result && result.worktime && !WorkTimeValidator.isWorkNow({ worktime: result.worktime }).workNow) {
+              result = null;
+            }
+            return result;
+          };
-              let result = (await sails.models[modelname].findOne({id: parent.id}).populate(key, subquery));
-              result = result ? result[key] : null;
-              // TODO: this need only for support legacy patching (discount)
-              if (result && result.length){
-                result.forEach(item => {
-                  getEmitter().emit(
-                    `http-api:before-send-${modelAttribute.collection.toLowerCase()}`,
-                    item
-                  );
-                });
-              }
+          // add virtual ids
+          resolvers[`${key}Id`] = async (parent, args, context) => {
+            return parent && parent[key];
+          };
+          return;
+        case "collection":
+          resolvers[key] = async (parent, args, context) => {
+            let parentPrimaryKey = sails.models[modelname].primaryKey
+            let criteria = {}
+            criteria[relationKey] = parent[parentPrimaryKey];
+            // Check access rights
+            if (isAuthRequired(modelAttribute[modelRelationType])) {
+              let auth = await JWTAuth.verify(
+                context.connectionParams.authorization
+              );
-              if (sails.models[modelname].attributes.workTime && Array.isArray(result)) {
-                result = result.filter(record => {
-                  if (!record.workTime) return true
-                  try {
-                    return (WorkTimeValidator.isWorkNow({workTime: record.workTime})).workNow
-                  } catch (error) {
-                    sails.log.error("Graphql > helper > error: ",error)
-                  }
-                });
+              if (auth.userId && UserDevice.checkSession(auth.sessionId, auth.userId, { lastIP: "IP", userAgent: context.connectionParams["user-agent"] })) {
+                if (modelName.toLowerCase() === "user") {
+                  criteria["id"] = auth.userId
+                } else {
+                  criteria["user"] = auth.userId
+                }
+              } else {
+                throw 'Authorization failed'
               }
-              return result;
-            };
+            }
-            return;
-          default:
-            // empty
-            break;
-        }
+            let result: any = null;
+            result = (await sails.models[modelname].findOne({ id: parent.id }).populate(key))[key];
+            if (result && sails.models[modelAttribute[modelRelationType]].attributes.sortOrder) {
+              result.sort((a, b) => a.sortOrder - b.sortOrder);
+            }
+            if (!result) result = []
+            // TODO: this need only for support legacy patching (discount)
+            if (result && result.length) {
+              result.forEach(item => {
+                emitter.emit(
+                  `http-api:before-send-${modelAttribute.collection.toLowerCase()}`,
+                  item
+                );
+              });
+            }
+            if (sails.models[modelAttribute[modelRelationType]].attributes.worktime && Array.isArray(result) && result.length > 0) {
+              result = result.filter(record => {
+                if (!record.worktime) return true
+                try {
+                  return (WorkTimeValidator.isWorkNow({ worktime: record.worktime })).workNow
+                } catch (error) {
+                  sails.log.error("Graphql > helper > error: ", error)
+                }
+              });
+            }
+            return result;
+          };
+          return;
+        default:
+          // empty
+          break;
       }
+    }
-      resolvers[key] = async (parent, args, context) => {
-        return parent && parent[key];
-      };
-    });
+    resolvers[key] = async (parent, args, context) => {
+      return parent && parent[key];
+    };
+  });
-    modelsResolvers[modelName] = resolvers;
+  modelsResolvers[modelName] = resolvers;
   // Subscription resolver
@@ -537,7 +673,7 @@ function addModelResolver(modelname) {
     models.add(modelname);
     const methodName = `${firstLetterToLowerCase(modelName)}`;
     let subscription = {
-      def: `""" Generated """ ${methodName}(criteria: Json): ${modelName}`,
+      def: `""" [autogenerated] ${isAuthRequired(modelname) ? '\n[auth required]' : ''} """ ${methodName}(criteria: Json): ${modelName} `,
       fn: {
         subscribe: withFilter(
           (rootValue, args, context, info) =>
@@ -545,38 +681,42 @@ function addModelResolver(modelname) {
           async (payload, args, context, info) => {
             // For User models
-            if (sails.models[modelname].attributes.user) {
-              if (userAuth) {
-                let user = await userAuth(
-                  context.connectionParams.authorization
-                );
-                if (user.id === payload.user){
-                  if (args.criteria) {
-                    checkCriteria(payload, args.criteria)
-                  } else {
-                    return true;
-                  }
-                };
+            if (sails.models[modelname].attributes.user || modelname === 'user') {
+              let auth = await JWTAuth.verify(
+                context.connectionParams.authorization
+              );
+              if (!args.criteria) {
+                args.criteria = {}
+              }
+              if (auth.userId) {
+                if (modelName.toLowerCase() === "user") {
+                  args.criteria.id = auth.userId
+                } else {
+                  args.criteria.user = auth.userId
+                }
               } else {
-                return false;
+                throw 'Authorization failed'
               }
             }
             return checkCriteria(payload, args.criteria)
             // Filter by waterline criteria
-            function checkCriteria(payload: any, criteria: any): boolean{
+            function checkCriteria(payload: any, criteria: any): boolean {
               // For id's array
-              if (Array.isArray(criteria) ||  typeof criteria === "string"){
-                return (WLCriteria(payload, { where: { id: criteria }}).results).length > 0
+              if (Array.isArray(criteria) || typeof criteria === "string") {
+                return (WLCriteria(payload, { where: { id: criteria } }).results).length > 0
               }
               // Where cause
-              if ( typeof criteria === 'object' && !Array.isArray(criteria) && criteria !== null ) {
+              if (typeof criteria === 'object' && !Array.isArray(criteria) && criteria !== null) {
                 return (WLCriteria(payload, { where: criteria }).results).length > 0
               }
               return false
             }
@@ -604,23 +744,23 @@ function modelPublishExtend(modelname) {
   let modelName = sails.models[modelname].globalId;
   let afterCreate = sails.models[modelname].afterCreate;
-  sails.models[modelname].afterCreate = async function (values, cb ) {
-      await sails.models[modelname].publish(values.id);
-      if (afterCreate) {
-        afterCreate(values, cb);
-      } else {
-        cb();
-      }
+  sails.models[modelname].afterCreate = async function (values, cb) {
+    await sails.models[modelname].publish(values.id);
+    if (afterCreate) {
+      afterCreate(values, cb);
+    } else {
+      cb();
+    }
   };
   let afterUpdate = sails.models[modelname].afterUpdate;
-  sails.models[modelname].afterUpdate = async function (values, cb ) {
-      await sails.models[modelname].publish(values.id);
-      if (afterUpdate) {
-        afterUpdate(values, cb);
-      } else {
-        cb();
-      }
+  sails.models[modelname].afterUpdate = async function (values, cb) {
+    await sails.models[modelname].publish(values.id);
+    if (afterUpdate) {
+      afterUpdate(values, cb);
+    } else {
+      cb();
+    }
   };
   let modelPublishExtendObj = {
@@ -628,7 +768,7 @@ function modelPublishExtend(modelname) {
       let data = await sails.models[modelname].findOne(id);
       // `http-api:request-${modelAttribute.collection.toLowerCase()}model-list`,
-      getEmitter().emit(`http-api:before-send-${modelname.toLowerCase()}`, data);
+      emitter.emit(`http-api:before-send-${modelname.toLowerCase()}`, data);
       sails.graphql.pubsub.publish(modelName, data);
     },
   };
@@ -636,6 +776,10 @@ function modelPublishExtend(modelname) {
   _.merge(sails.models[modelname], modelPublishExtendObj);
 }
+function isAuthRequired(modelname: string): Boolean {
+  modelname = modelname.toLowerCase();
+  return sails.models[modelname].attributes.user !== undefined || modelname === 'user';
+}
 export default {
   addModel,