@webresto/graphql 1.3.7 → 1.4.0

package/.gitattributes

@@ -0,0 +1,2 @@
+*.ejs linguist-detectable=false
+*.js linguist-detectable=false

package/.gitlab-ci.yml

@@ -0,0 +1,18 @@
+variables:
+  DOC_PUB_SH: https://raw.githubusercontent.com/webresto/docs/master/ci-publish.sh
+  DOC_DIR: content/en/docs/graphql
+stages:
+  - doc
+
+doc-publish:
+  stage: doc
+  # only: 
+  #   - master
+  #   - main
+  script:
+    - curl $DOC_PUB_SH | bash /dev/stdin  docs/authorization.md $DOC_DIR/authorization.md
+    - curl $DOC_PUB_SH | bash /dev/stdin  docs/captcha.md $DOC_DIR/captcha.md
+    - curl $DOC_PUB_SH | bash /dev/stdin  docs/messages.md $DOC_DIR/messages.md
+    - curl $DOC_PUB_SH | bash /dev/stdin  docs/actions.md $DOC_DIR/actions.md
+    - curl $DOC_PUB_SH | bash /dev/stdin  docs/user.md $DOC_DIR/user.md
+    - curl $DOC_PUB_SH | bash /dev/stdin  docs/device-id.md $DOC_DIR/device-id.md

package/.vscode/extensions.json

@@ -0,0 +1,5 @@
+{
+  "recommendations": [
+    "orsenkucher.vscode-graphql"
+  ]
+}

package/docs/actions.md

@@ -0,0 +1,25 @@
+---
+title: "Actions"
+linkTitle: "Actions"
+description: >
+    WebServer action subscription
+---
+
+
+> ⚠️ [`X-Device-Id`](./device-id.md)  You should pass deviceID
+
+
+    const action = {
+                  type: "PaymentRedirect",
+                  data: {
+                    redirectLink: paymentResponse.redirectLink,
+                  },
+                };
+
+
+let action: Action = {
+          type: "GoTo",
+          data: {
+            "section": "login"
+          }
+        }

package/docs/authorization.md

@@ -0,0 +1,215 @@
+---
+title: "Login and authorization process for the webresto server"
+linkTitle: "Authorization & login"
+description: >
+    Webresto server  GraphQL API login process
+---
+
+## Lyrics
+
+Registration can be flexibly configured through flags in restrictions. In fact, the two main cases that we want to cover are quick registration by phone or email.
+
+The email can be useful for corporate catering, or nutrition subscriptions. Email and phone are the same.
+
+We understand that in most cases the phone will be selected as the login for the webresto account account. therefore it is the default when the site is deployed.
+
+[There is a method for quick entry by OTP](#login) `login`, with quick registration. In this case, we register an account if there is none, or we carry out authorization
+
+If a `passwordPolicy` is required, then the user must also specify a password during registration. In next login, it will be possible to enter with a password. It is possible that the password is set from the last OTP `from_otp`. So the password may be, not be, or even the last of the OTP is put
+
+Other types of authorization must be implemented in-house and are not included in the basic package
+
+
+> ⚠️ By default setting `passwordPolicy = from_otp` it means what last OTP was setting as password, but you can get OTP in any time
+
+> ⚠️ `X-Device-Id` you should pass  [deviceId](./device-id.md)
+
+> ⚠️ read more about [mocks](./mocks.md) 
+
+
+
+## User restrictions
+
+To get user settings use the user section in restrictions
+
+```gql
+{restrictions{
+    user {
+        loginField # by default: `phone`
+        passwordPolicy # possible 3 variants ['required', 'from_otp', 'disabled'] by default: `from_otp` it means what need only OTP, for next logins  passwordRequired, disabled is means password forbidden and you need all time get OTP password
+        loginOTPRequired # by default: `false`
+        allowedPhoneCountries # List of all countries allowed to login by phone
+        linkToProcessingPersonalData # Link to doc
+        linkToUserAgreement # Link to doc
+        customFields # Zodiac sign, Human desing type, Best Friend, referal link 
+    }
+}}
+
+```
+
+---
+
+## 🛡 Authentication
+
+Get JWTtoken from `action` field on `login` mutation responce, and next pass JWT token without any marks in header `Authorization` 
+```
+header: {
+    Authorization: "ciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InVzZX",
+}
+```
+
+
+## OTPRequest
+Send OTP for specific login
+
+>  ⚠️ See stdout nodejs log in development mode you will see OTPcode
+
+### Definition
+
+```gql
+mutation OTPRequest(
+login: String! (by loginField)
+captcha: Captcha! (solved captcha for label "OTPRequest:%login%")
+): OTPResponse
+```
+
+1. The OTPRequest mutation requests an OTP code for the provided phone or email login.
+2. The captcha provided must match the solved captcha for the label "OTPRequest:%login%".
+3. The OTP is generated and sent to the provided phone or email login.
+
+ ### Error Handling
+
+If the provided captcha does not match, a generic error message with the message "bad captcha" will be thrown.
+Example
+
+```gql
+
+mutation {
+    OTPRequest(
+        login: "13450000123",
+        captcha: {
+            id: "uuid",
+            solution: "123n"
+        }
+    ) {
+        id
+        nextOTPSeconds
+        message {
+            id
+            title
+            type
+            message
+        }
+        action {
+            id
+            type
+            data
+        }
+    }
+}
+```
+
+
+---
+
+## Login
+
+If you getting account access by OTP for unknown account, server create new account. For cases when account is registred 
+server restore account and send login token automaticaly in action. When account is not registred, server make new account, (with `hasFilledAllCustomFields: false` ).  
+
+> ⚠️ It's funny but we first create an account and then go through the process of filling it out (registration)
+
+>Step by step:
+>1. get OTP
+>2. Solve captcha
+>3. Send auth mutatuion and receive JWT token
+
+> ⚠️ After login you receive JWT in action (login)
+
+### Definition
+
+```gql
+mutation login(
+  login: String!
+
+  "(required when login field is phone)"
+  phone: Phone 
+  
+  "(when passwordPolicy is required )"
+  password: String
+  
+  "from otpRequest"
+  otp: String! 
+  
+  "(solved captcha for label 'auth:%login%')"
+  captcha: Captcha! 
+): UserResponse
+```
+
+### Function
+
+1. if  `passwordPolicy ==  'required'` you should pass password for setup password in next time, in other case last OTP sets as password
+2. When `passwordPolicy ==  'from_otp'` you can pass password or OTP
+3. When `passwordPolicy ==  'disabled'` you not need pass password
+4. When loginField is phone you need pass Phone in Object format
+5. When `loginOTPRequired` you should pass OTP
+
+### Error Handling
+
+
+### Example
+
+```gql
+mutation {
+login(
+    login: "13450000123", 
+    password: "Password",
+    otp: "123456"
+    phone: { otp: "+1", number: "3450000123" }, 
+    captcha: {
+        id: "uuid",
+        solution: "123n"
+    }
+    ) {
+        user {
+            id
+            name
+        }
+        # Toast "You logined successfully", also this will be sent by Messages subscription
+        message {
+            id # unique id is equal subscription message id
+            title
+            type
+            message
+        }
+        # Here  recive JWT token, also this will be sent by Actions subscription
+        action {
+            id # unique id is equal subscription action id
+            type # returns `authorization`
+            data # retruns `JWT_TOKEN`
+        }
+}}
+```
+
+---
+
+## Logout
+
+> 🛡 Authentication required 
+>
+```gql
+logout(
+    deviceID: String (Optional field if not pass logout from current device) 
+): Response
+```
+      
+
+
+## logout from all devices
+
+> 🛡 Authentication required
+
+```gql
+logoutFromAllDevices: Response
+```
+

package/docs/captcha.md

@@ -0,0 +1,71 @@
+---
+title: "Catcha POW captcha"
+linkTitle: "Captcha"
+description: >
+    WebServer generate captcha for request
+---
+
+## Get captcha type
+Where a captcha is expected, it is required at the beginning to request the type of captcha, and solve it. Before making a mutation on the server
+
+```gql
+{restrictions{
+    captchaType
+}}
+```
+
+## POW captcha type
+By default you recive `captchaType='POW'` this captcha refer from https://github.com/fabiospampinato/crypto-puzzle
+This module implements a simple cryptographic captcha.
+
+```js
+import Puzzle from 'crypto-puzzle';
+
+const difficulty = 100000;
+const puzzle = await Puzzle.generate ( difficulty );
+const solution = await Puzzle.solve ( puzzle.question );
+
+console.assert ( puzzle.solution === solution );
+```
+
+The server generates a job and issues a job request to the client `captchaGetJob`
+
+
+## Get captcha job
+
+```gql
+{captchaGetJob(label: "login:+12340000123") {
+    id
+    task
+}}
+```
+
+The label is calculated according to the formula for each mutation differently. This gives us the opportunity to separate each mutation in and the task for the captcha into a separate thread. If the stream is attacked then the server will increase difficulty for separate thread.
+
+> Default make formula logic for **`label` = [mutation name] + ":" + [some `id` or `login`]**
+
+> ⚠️ **Any mutation which required captcha must contain label description.** See in graphql sandbox
+
+## Other captchas
+Server can connect other captcha it possible by captcha adapter
+But all data types will remain the same
+
+## Data types
+
+```gql
+type CaptchaJob {
+    ""
+    id: String
+    ""
+    task: String
+}
+
+input Captcha {
+    "Captcha job ID"
+    id: String
+    "Resolved captcha"
+    solution: String
+}
+```
+
+input Captcha

package/docs/device-id.md

@@ -0,0 +1,30 @@
+---
+title: "Device ID"
+linkTitle: "DeviceID"
+description: >
+    Abount WebResto server deviceID 
+---
+
+
+> ⚠️ `X-Device-Id`  header required for all graphql request
+
+## Device ID
+
+`deviceId` is Unique `string` passed as Header `X-Device-Id: 3d5ab688e195587101e2aa9496448d9b`
+
+For `subscribtions` you should pass deviceId as params 
+
+```gql
+order(deviceId: String): Order
+```
+
+> 🧠 After login you can pass only JWT token because `deviceId` present in JWT
+
+If user restore account from same browser/device it can helps to identify. When user wants to close session on forgoten, need just select session by DeviceId
+
+As example you can use:
+[**biri**](https://github.com/dashersw/biri)
+[**fingerprintjs**](https://fingerprintjs.github.io/fingerprintjs/)
+
+
+Please set deviceId header globaly for all request

package/docs/messages.md

@@ -0,0 +1,10 @@
+---
+title: "Messages"
+linkTitle: "Messages"
+description: >
+    WebServer message subscription
+---
+
+> ⚠️ You should pass deviceID
+
+Only "error" | "info" | 

package/docs/user.md

@@ -0,0 +1,54 @@
+---
+title: "User methods"
+linkTitle: "User methods"
+description: >
+    User methods after login
+---
+
+> ⚠️ `X-Device-Id` you should pass  [deviceId](./device-id.md)
+
+## Get user info
+
+> 🛡 Authentication required 
+
+To get user model data
+
+```gql
+    aboutMe {
+        firstName
+        lastName
+        hasFilledAllCustomFields
+        customFields
+    }
+```
+
+---
+
+
+## Update user info
+
+> 🛡 Authentication required 
+
+Update user model
+
+### Definition
+
+```gql
+mutation updateMe(
+    user: InputUser
+): UserResponse
+```
+
+## Delete the User
+
+> 🛡 Authentication required 
+
+Deleting after depend of webresto server flag `KEEP_DELETED_USER_DAYS`
+
+### Definition
+
+```gql
+mutation deleteMe(
+    otp: String
+): UserResponse
+```

package/index.d.ts

@@ -1,3 +1,2 @@
 export * from './lib/eventHelper';
 export * from './lib/graphqlHelper';
-export * from './lib/errorWrapper';

package/index.js

@@ -1,7 +1,11 @@
 'use strict';
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
-    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     o[k2] = m[k];
@@ -10,6 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+/// <reference path="../node_modules/@webresto/core/interfaces/globalTypes.d.ts"/>
 const helper = require('./lib/graphqlHelper').default;
 module.exports = function (sails) {
     return {
@@ -19,4 +24,3 @@ module.exports = function (sails) {
 };
 __exportStar(require("./lib/eventHelper"), exports);
 __exportStar(require("./lib/graphqlHelper"), exports);
-__exportStar(require("./lib/errorWrapper"), exports);

package/index.ts

@@ -1,4 +1,5 @@
 'use strict';
+/// <reference path="../node_modules/@webresto/core/interfaces/globalTypes.d.ts"/>
 
 const helper = require('./lib/graphqlHelper').default;
 
@@ -10,5 +11,4 @@ module.exports = function (sails) {
 };
 
 export * from './lib/eventHelper';
-export * from './lib/graphqlHelper';
-export * from './lib/errorWrapper';
+export * from './lib/graphqlHelper';

package/lib/afterHook.js

@@ -1,7 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 const graphql_1 = require("../src/graphql");
+const bindTranslations_1 = require("./bindTranslations");
 let cache = null;
+const eventHelper_1 = require("./eventHelper");
 async function default_1() {
     try {
         sails.log.verbose('>>> graphql hook starting');
@@ -16,6 +18,12 @@ async function default_1() {
             sails.hooks.http.app._router.stack.splice(1, 0, layer);
             graphServer.installSubscriptionHandlers(sails.hooks.http.server);
         });
+        if (await Settings.get("JWT_SECRET") === undefined) {
+            //@ts-ignore
+            const random = (0, eventHelper_1.getRandom)();
+            await Settings.set("JWT_SECRET", random);
+        }
+        (0, bindTranslations_1.default)();
     }
     catch (e) {
         sails.log.error('graphql > afterHook > error1', e);

package/lib/afterHook.ts

@@ -1,5 +1,7 @@
 import graphql from '../src/graphql';
+import bindTranslations from './bindTranslations';
 let cache = null;
+import { getRandom } from "./eventHelper";
 
 export default async function () {
   try {
@@ -18,7 +20,14 @@ export default async function () {
       graphServer.installSubscriptionHandlers(sails.hooks.http.server);
     })
 
+    if (await Settings.get("JWT_SECRET") === undefined) {
+      //@ts-ignore
+      const random = getRandom();
+      await Settings.set("JWT_SECRET", random)
+    }
 
+  
+    bindTranslations()
   } catch (e) {
     sails.log.error('graphql > afterHook > error1', e);
   }

package/lib/bindTranslations.d.ts

@@ -0,0 +1 @@
+export default function bindTranslations(): void;

package/lib/bindTranslations.js

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const path = require("path");
+const fs = require("fs");
+function bindTranslations() {
+    // load adminpanel translations
+    const moduleTranslationPath = path.resolve(__dirname, `../translations`);
+    if (fs.existsSync(moduleTranslationPath)) {
+        loadTranslations(path.resolve(moduleTranslationPath));
+    }
+}
+exports.default = bindTranslations;
+function loadTranslations(translationsPath) {
+    console.log(translationsPath);
+    try {
+        let translationsDirectoryPath = path.resolve(translationsPath);
+        let translations = fs.readdirSync(translationsDirectoryPath).filter(function (file) {
+            return path.extname(file).toLowerCase() === ".json";
+        });
+        let localesList = sails.config.i18n.locales;
+        for (let locale of localesList) {
+            if (translations.includes(`${locale}.json`)) {
+                try {
+                    let jsonData = require(`${translationsDirectoryPath}/${locale}.json`);
+                    console.log(locale, jsonData);
+                    sails.hooks.i18n.appendLocale(locale, jsonData);
+                }
+                catch (error) {
+                    sails.log.error(`Load translations > Error when reading ${locale}.json: ${error}`);
+                }
+            }
+            else {
+                sails.log.debug(`Load translations > Cannot find ${locale} locale in translations directory`);
+            }
+        }
+    }
+    catch (e) {
+        sails.log.error("Load translations > Error when loading translations", e);
+    }
+}

package/lib/bindTranslations.ts

@@ -0,0 +1,39 @@
+import * as path from "path";
+import * as fs from "fs";
+
+export default function bindTranslations() {
+    // load adminpanel translations
+
+    const moduleTranslationPath = path.resolve(__dirname, `../translations`)
+    if (fs.existsSync(moduleTranslationPath)) {
+        loadTranslations(path.resolve(moduleTranslationPath));
+    }
+}
+
+function loadTranslations(translationsPath: string): void {
+    console.log(translationsPath)
+
+    try {
+        let translationsDirectoryPath = path.resolve(translationsPath);
+        let translations = fs.readdirSync(translationsDirectoryPath).filter(function (file) {
+                return path.extname(file).toLowerCase() === ".json";
+            });
+
+        let localesList = sails.config.i18n.locales;
+        for (let locale of localesList) {
+            if (translations.includes(`${locale}.json`)) {
+                try {
+                    let jsonData = require(`${translationsDirectoryPath}/${locale}.json`);
+                    console.log(locale, jsonData)
+                    sails.hooks.i18n.appendLocale(locale, jsonData);
+                } catch (error) {
+                    sails.log.error(`Load translations > Error when reading ${locale}.json: ${error}`);
+                }
+            } else {
+                sails.log.debug(`Load translations > Cannot find ${locale} locale in translations directory`)
+            }
+        }
+    } catch (e) {
+        sails.log.error("Load translations > Error when loading translations", e)
+    }
+}

package/lib/defaults.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/defaults.js

@@ -1,12 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+let userConfig = {};
+if (process.env.USER_API != "NO") {
+    userConfig = {
+        ...userConfig,
+        user: ['query', 'subscription'],
+    };
+    if (process.env.BONUS_PROGRAM_API != "NO") {
+        userConfig = {
+            ...userConfig,
+            bonusprogram: ['query', 'subscription'],
+            userbonusprogram: ['query', 'subscription'],
+            userbonustransaction: ['query', 'subscription']
+        };
+    }
+    if (process.env.USER_LOCATION_API != "NO") {
+        userConfig = {
+            ...userConfig,
+            userlocation: ['query', 'subscription'],
+        };
+    }
+    if (process.env.USER_ORDER_HISTORY_API != "NO") {
+        userConfig = {
+            ...userConfig,
+            userorderhistory: ['query', 'subscription']
+        };
+    }
+}
 module.exports.restographql = {
-  whiteListAutoGen: {
-    group: ['query', 'subscription'],
-    dish: ['query', 'subscription']
-  },
-  blackList: [
-    'Order.groupModifiers',
-    'isDeleted',
-    'createdAt',
-    'updatedAt'
-  ]
+    whiteListAutoGen: {
+        group: ['query', 'subscription'],
+        dish: ['query', 'subscription'],
+        ...userConfig
+    },
+    blackList: [
+        'Order.groupModifiers',
+        'Order.promotionCode',
+        'Order.isPromoting',
+        'Order.rmsOrderData',
+        'Order.promotionFlatDiscount',
+        'Order.promotionDelivery',
+        'Order.promotionCodeCheckValidTill',
+        'Dish.favorites',
+        'worktime',
+        'hash',
+        'isDeleted',
+        'createdAt',
+        'updatedAt'
+    ]
 };