WIP POC, kind of works

Author: mcelicalderon

.gitignore

@@ -15,7 +15,9 @@ README.md.*
 /spec/dummy/tmp/
 /Gemfile.lock
 *.gemfile.lock
-/*.sqlite3
+*.sqlite3
+*.sqlite3-journal
+
 /spec/dummy/db/development.sqlite3
 /spec/dummy/db/test.sqlite3
 /*.gem

config/routes.rb

@@ -12,5 +12,7 @@
     GraphqlDevise::Schema.query(GraphqlDevise::Types::QueryType)
 
     GraphqlDevise.load_schema
+
+    Devise.mailer.helper(GraphqlDevise::MailerHelper)
   end
 end

lib/graphql_devise.rb

@@ -55,3 +55,5 @@ def self.mapping_by_name(name)
 require 'graphql_devise/mount_method/options_validator'
 require 'graphql_devise/mount_method/operation_preparer'
 require 'graphql_devise/mount_method/operation_sanitizer'
+
+require 'graphql_devise/schema_plugin'

lib/graphql_devise/rails/routes.rb

@@ -55,8 +55,6 @@ def mount_graphql_devise_for(resource, options = {})
       end
 
       GraphqlDevise.add_mapping(mapping_name, resource)
-
-      Devise.mailer.helper(GraphqlDevise::MailerHelper)
     end
   end
 end

lib/graphql_devise/schema_plugin.rb

@@ -0,0 +1,102 @@
+module GraphqlDevise
+  class SchemaPlugin
+    DEFAULT_NOT_AUTHENTICATED = ->(type, field) { raise GraphqlDevise::UserError, "#{type}.#{field} requires authentication" }
+
+    def initialize(resource, options, query, default = true, mutation = nil, unauthenticated = DEFAULT_NOT_AUTHENTICATED)
+      @resource        = resource
+      @options         = options
+      @query           = query
+      @mutation        = mutation
+      @unauthenticated = unauthenticated
+      @default         = default
+
+      load_fields
+    end
+
+    def use(schema_definition)
+      schema_definition.instrument(:field, self)
+    end
+
+    def instrument(type, field)
+      return field unless type.name == 'Query' || type.name == 'Mutation'
+
+      auth_value = find_auth_value(type, field)
+      authentication_required = if auth_value.nil?
+        @default
+      else
+        auth_value
+      end
+
+      old_resolve_proc = field.resolve_proc
+      new_resolve_proc = lambda do |object, arguments, context|
+        @unauthenticated.call(type, field.name.to_sym) if authentication_required && context[:current_user].blank?
+
+        old_resolve_proc.call(object, arguments, context)
+      end
+
+      field.redefine { resolve(new_resolve_proc) }
+    end
+
+    private
+
+    def load_fields
+      default_operations = GraphqlDevise::DefaultOperations::MUTATIONS.merge(GraphqlDevise::DefaultOperations::QUERIES)
+      mapping_name       = @resource.to_s.underscore.tr('/', '_').to_sym
+
+      # clean_options responds to all keys defined in GraphqlDevise::MountMethod::SUPPORTED_OPTIONS
+      clean_options = GraphqlDevise::MountMethod::OptionSanitizer.new(@options).call!
+
+      GraphqlDevise::MountMethod::OptionsValidator.new(
+        [
+          GraphqlDevise::MountMethod::OptionValidators::SkipOnlyValidator.new(options: clean_options),
+          GraphqlDevise::MountMethod::OptionValidators::ProvidedOperationsValidator.new(
+            options: clean_options, supported_operations: default_operations
+          )
+        ]
+      ).validate!
+
+      authenticatable_type = clean_options.authenticatable_type.presence ||
+                             "Types::#{@resource}Type".safe_constantize ||
+                             GraphqlDevise::Types::AuthenticatableType
+
+      prepared_mutations = GraphqlDevise::MountMethod::OperationPreparer.new(
+        mapping_name:          mapping_name,
+        custom:                clean_options.operations,
+        additional_operations: clean_options.additional_mutations,
+        preparer:              GraphqlDevise::MountMethod::OperationPreparers::MutationFieldSetter.new(authenticatable_type),
+        selected_operations:   GraphqlDevise::MountMethod::OperationSanitizer.call(
+          default: GraphqlDevise::DefaultOperations::MUTATIONS, only: clean_options.only, skipped: clean_options.skip
+        )
+      ).call
+
+      raise Error 'You need to define a mutation type' if prepared_mutations.any? && @mutation.blank?
+
+      prepared_mutations.each do |action, mutation|
+        @mutation.field(action, mutation: mutation, authenticate: false)
+      end
+
+      prepared_queries = GraphqlDevise::MountMethod::OperationPreparer.new(
+        mapping_name:          mapping_name,
+        custom:                clean_options.operations,
+        additional_operations: clean_options.additional_queries,
+        preparer:              GraphqlDevise::MountMethod::OperationPreparers::ResolverTypeSetter.new(authenticatable_type),
+        selected_operations:   GraphqlDevise::MountMethod::OperationSanitizer.call(
+          default: GraphqlDevise::DefaultOperations::QUERIES, only: clean_options.only, skipped: clean_options.skip
+        )
+      ).call
+
+      prepared_queries.each do |action, resolver|
+        @query.field(action, resolver: resolver, authenticate: false)
+      end
+
+      GraphqlDevise.add_mapping(mapping_name, @resource)
+    end
+
+    def find_auth_value(_, field)
+      field.metadata[:authenticate]
+    end
+  end
+end
+
+GraphQL::Field.accepts_definitions(authenticate: GraphQL::Define.assign_metadata_key(:authenticate))
+GraphQL::Schema::Field.accepts_definition(:authenticate)

spec/dummy/app/controllers/api/v1/graphql_controller.rb

@@ -3,10 +3,10 @@ module V1
     class GraphqlController < ApplicationController
       include GraphqlDevise::Concerns::SetUserByToken
 
-      before_action :authenticate_user!
+      before_action -> { set_user_by_token(:user) }
 
       def graphql
-        render json: DummySchema.execute(params[:query])
+        render json: DummySchema.execute(params[:query], context: { current_user: current_user, controller: self })
       end
 
       private

spec/dummy/app/graphql/dummy_schema.rb

@@ -1,4 +1,12 @@
 class DummySchema < GraphQL::Schema
+  use GraphqlDevise::SchemaPlugin.new(
+    User,
+    {},
+    Types::QueryType,
+    true,
+    Types::MutationType
+  )
+
   mutation(Types::MutationType)
   query(Types::QueryType)
 end

spec/requests/user_controller_spec.rb

@@ -3,7 +3,7 @@
 RSpec.describe 'Integrations with the user controller' do
   include_context 'with graphql query request'
 
-  let(:user) { create(:user, :confirmed) }
+  let(:user) { create(:user, :confirmed, password: '12345678') }
   let(:query) do
     <<-GRAPHQL
       query {
@@ -33,7 +33,30 @@
   context 'when user is not authenticated' do
     it 'returns a must sign in error' do
       expect(json_response[:errors]).to contain_exactly(
-        'You need to sign in or sign up before continuing.'
+        hash_including(message: 'Query.user requires authentication', extensions: { code: 'USER_ERROR' })
+      )
+    end
+  end
+
+  context 'when auth mutation' do
+    let(:query) do
+      <<-GRAPHQL
+        mutation {
+          userLogin(
+            email: "#{user.email}",
+            password: "12345678"
+          ) {
+            authenticatable { email }
+            credentials { accessToken client uid }
+          }
+        }
+      GRAPHQL
+    end
+
+    it 'works' do
+      expect(json_response[:data][:userLogin]).to include(
+        authenticatable: { email: user.email },
+        credentials:     hash_including(uid: user.uid)
       )
     end
   end