diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fc5cda8..5c8abe5d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,8 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Changed + +- **Fine-grained authorization is always enforcing.** The previously-proposed `--authorization-enforcement` flag and its dual `permissive`/`enforcing` modes were removed before shipping. `required_permissions` checks against an unmatched or denied `(resource, scope)` pair return `unauthorized`. There is no permissive "log but allow" mode. +- **Authz Prometheus shape**: `authorizer_authz_checks_total` has only a `result` label (`allowed|denied|unmatched|error`); `authorizer_authz_unmatched_total` has no labels. + ### Added +- **`authorizer_required_permissions_checks_total{endpoint, outcome}`**: per-endpoint Prometheus counter for FGA adoption + enforcement signal. Outcomes are `granted`, `denied`, `not_requested`, `error`. Endpoints are `session`, `validate_session`, `validate_jwt_token`. Alert on `outcome="error"` rising; it indicates a storage/validation failure preventing checks from completing. - **`--rate-limit-fail-closed`**: when the rate-limit backend returns an error, respond with `503` instead of allowing the request (default remains fail-open). - **`--metrics-host`**: bind address for the dedicated `/metrics` listener (default `127.0.0.1`). Use `0.0.0.0` when a scraper on another host/pod must reach the metrics port over the network; keep the metrics port off public ingress. - **OIDC Discovery — `grant_types_supported` includes `implicit`**: honestly reflects that `/authorize` accepts `response_type=token` and `response_type=id_token`. diff --git a/MIGRATION.md b/MIGRATION.md index e8df1dca..ca3fbe73 100644 --- a/MIGRATION.md +++ b/MIGRATION.md @@ -502,3 +502,55 @@ The v2 repo ships with a `Makefile` that wraps the most common development and b - **authorizer-react:** [github.com/authorizerdev/authorizer-react](https://github.com/authorizerdev/authorizer-react) (v2.0.0-rc.1, see CHANGELOG.md) - **Docs:** [docs.authorizer.dev](https://docs.authorizer.dev/) (to be updated for v2) +--- + +## Fine-Grained Authorization (FGA) — new in v2 + +> v1 had no FGA. This section is a quick-start for the new feature, not a migration step. Skip it if you don't plan to use `required_permissions`. + +### Model + +v2 ships a Keycloak-inspired four-pillar authorization engine: + +| Concept | Purpose | +| ---------- | ----------------------------------------------------------------------- | +| Resource | A noun you protect (`docs`, `billing`). | +| Scope | An action on a resource (`read`, `write`). | +| Policy | A principal selector — by role, user ID, or attribute. | +| Permission | Binds `(resource, scopes, policies, decision_strategy)` together. | + +Authorization is **always enforcing**. A `required_permissions` check against an undefined or denied `(resource, scope)` returns `unauthorized` — there is no permissive "log but allow" mode. + +### Adoption pattern + +Three GraphQL operations accept an optional `required_permissions: [PermissionInput!]` field: + +- `session` +- `validate_session` +- `validate_jwt_token` + +Pre-existing callers that don't pass the field see no behavior change. **Define the policy graph (resources → scopes → policies → permissions) via the dashboard or admin GraphQL mutations before any caller starts sending `required_permissions`.** Otherwise the call returns `unauthorized`. + +### Observability + +Per-endpoint adoption + denial signal: + +```promql +sum by (endpoint, outcome) (rate(authorizer_required_permissions_checks_total[5m])) +``` + +| `outcome` | What it means | Operator action | +| --------------- | ------------------------------------------------------------------ | -------------------------------------------------------------- | +| `granted` | All requested permissions allowed. | Healthy baseline. | +| `denied` | One or more requested permissions denied. | Investigate policy gap or attacker probe. | +| `not_requested` | Caller omitted `required_permissions`. | Track adoption rate per endpoint. | +| `error` | `CheckPermission` errored (storage / validation failure). | **Alert.** Should sit at zero — non-zero means infra problem. | + +### Startup probe + +If the server boots with zero permissions configured, you'll see a single warn line: + +``` +authz: 0 permissions configured — all authorization checks will DENY. Seed permissions via the dashboard or admin GraphQL mutations. +``` + diff --git a/Makefile b/Makefile index 1d792ce6..5dd97b62 100644 --- a/Makefile +++ b/Makefile @@ -87,7 +87,8 @@ dev: --jwt-public-key="$$PUBLIC_KEY" \ --admin-secret=admin \ --client-id=kbyuFDidLLm280LIwVFiazOqjO3ty8KH \ - --client-secret=60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa + --client-secret=60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa \ + --authorization-enforcement=enforcing test: go clean --testcache && TEST_DBS="sqlite" $(GO_TEST_ALL) diff --git a/cmd/root.go b/cmd/root.go index 81d9e2f9..0ea13e72 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -15,10 +15,12 @@ import ( "github.com/authorizerdev/authorizer/internal/audit" "github.com/authorizerdev/authorizer/internal/authenticators" + "github.com/authorizerdev/authorizer/internal/authorization" "github.com/authorizerdev/authorizer/internal/config" "github.com/authorizerdev/authorizer/internal/constants" "github.com/authorizerdev/authorizer/internal/email" "github.com/authorizerdev/authorizer/internal/events" + "github.com/authorizerdev/authorizer/internal/graph/model" "github.com/authorizerdev/authorizer/internal/http_handlers" "github.com/authorizerdev/authorizer/internal/memory_store" "github.com/authorizerdev/authorizer/internal/metrics" @@ -235,6 +237,11 @@ func init() { // Back-channel logout (OIDC BCL 1.0) f.StringVar(&rootArgs.config.BackchannelLogoutURI, "backchannel-logout-uri", "", "URL to POST a signed logout_token to when users log out successfully. Leave empty (default) to disable back-channel logout notifications. See OIDC Back-Channel Logout 1.0.") + // Fine-grained authorization flags + f.Int64Var(&rootArgs.config.AuthorizationCacheTTL, "authorization-cache-ttl", 300, "Cache TTL in seconds for permission checks (0 to disable)") + f.BoolVar(&rootArgs.config.IncludePermissionsInToken, "include-permissions-in-token", false, "Include permissions in JWT access tokens") + f.BoolVar(&rootArgs.config.AuthorizationLogAllChecks, "authorization-log-all-checks", false, "Audit log all permission checks, not just denials") + // Deprecated flags f.MarkDeprecated("database_url", "use --database-url instead") f.MarkDeprecated("database_type", "use --database-type instead") @@ -455,6 +462,35 @@ func runRoot(c *cobra.Command, args []string) { } defer rateLimitProvider.Close() + // Authorization provider + authorizationProvider, err := authorization.New( + &authorization.Config{ + CacheTTL: rootArgs.config.AuthorizationCacheTTL, + }, + &authorization.Dependencies{ + Log: &log, + StorageProvider: storageProvider, + }, + ) + if err != nil { + log.Fatal().Err(err).Msg("failed to create authorization provider") + } + + // Check once at startup whether any permissions exist. If zero, emit a + // loud warn so operators don't lock themselves out in prod. Bounded + // context prevents a hung DB at boot from blocking startup indefinitely. + probeCtx, probeCancel := context.WithTimeout(context.Background(), 5*time.Second) + _, pr, lerr := storageProvider.ListPermissions(probeCtx, &model.Pagination{Limit: 1, Page: 1}) + probeCancel() + switch { + case lerr != nil: + log.Warn().Err(lerr).Msg("authz: failed to probe permission count at startup; authorization is enforcing") + case pr != nil && pr.Total == 0: + log.Warn().Msg("authz: 0 permissions configured — all authorization checks will DENY. Seed permissions via the dashboard or admin GraphQL mutations.") + default: + log.Info().Msg("authz: enforcing; unmatched CheckPermission calls will be DENIED.") + } + // SMS provider smsProvider, err := sms.New(&rootArgs.config, &sms.Dependencies{ Log: &log, @@ -505,6 +541,7 @@ func runRoot(c *cobra.Command, args []string) { TokenProvider: tokenProvider, OAuthProvider: oauthProvider, RateLimitProvider: rateLimitProvider, + AuthorizationProvider: authorizationProvider, }) if err != nil { log.Fatal().Err(err).Msg("failed to create http provider") diff --git a/go.mod b/go.mod index fe6714c4..19a8bdbd 100644 --- a/go.mod +++ b/go.mod @@ -37,9 +37,9 @@ require ( golang.org/x/time v0.15.0 gopkg.in/mail.v2 v2.3.1 gorm.io/driver/mysql v1.5.2 - gorm.io/driver/postgres v1.5.4 + gorm.io/driver/postgres v1.6.0 gorm.io/driver/sqlserver v1.5.2 - gorm.io/gorm v1.25.5 + gorm.io/gorm v1.25.10 ) require ( @@ -88,13 +88,14 @@ require ( github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect - github.com/jackc/pgx/v5 v5.5.4 // indirect - github.com/jackc/puddle/v2 v2.2.1 // indirect + github.com/jackc/pgx/v5 v5.9.1 // indirect + github.com/jackc/puddle/v2 v2.2.2 // indirect github.com/jinzhu/inflection v1.0.0 // indirect github.com/jinzhu/now v1.1.5 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.18.0 // indirect github.com/klauspost/cpuid/v2 v2.2.4 // indirect + github.com/kylelemons/godebug v1.1.0 // indirect github.com/leodido/go-urn v1.2.4 // indirect github.com/libsql/libsql-client-go v0.0.0-20231026052543-fce76c0f39a7 // indirect github.com/libsql/sqlite-antlr4-parser v0.0.0-20230802215326-5cb5bb604475 // indirect diff --git a/go.sum b/go.sum index 53c54f41..2218e45c 100644 --- a/go.sum +++ b/go.sum @@ -210,10 +210,10 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= -github.com/jackc/pgx/v5 v5.5.4 h1:Xp2aQS8uXButQdnCMWNmvx6UysWQQC+u1EoizjguY+8= -github.com/jackc/pgx/v5 v5.5.4/go.mod h1:ez9gk+OAat140fv9ErkZDYFWmXLfV+++K0uAOiwgm1A= -github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk= -github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= +github.com/jackc/pgx/v5 v5.9.1 h1:uwrxJXBnx76nyISkhr33kQLlUqjv7et7b9FjCen/tdc= +github.com/jackc/pgx/v5 v5.9.1/go.mod h1:mal1tBGAFfLHvZzaYh77YS/eC6IX9OWbRV1QIIM0Jn4= +github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo= +github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= github.com/jcmturner/gofork v1.7.6/go.mod h1:1622LH6i/EZqLloHfE7IeZ0uEJwMSUyQ/nDd82IeqRo= @@ -481,14 +481,14 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gorm.io/driver/mysql v1.5.2 h1:QC2HRskSE75wBuOxe0+iCkyJZ+RqpudsQtqkp+IMuXs= gorm.io/driver/mysql v1.5.2/go.mod h1:pQLhh1Ut/WUAySdTHwBpBv6+JKcj+ua4ZFx1QQTBzb8= -gorm.io/driver/postgres v1.5.4 h1:Iyrp9Meh3GmbSuyIAGyjkN+n9K+GHX9b9MqsTL4EJCo= -gorm.io/driver/postgres v1.5.4/go.mod h1:Bgo89+h0CRcdA33Y6frlaHHVuTdOf87pmyzwW9C/BH0= +gorm.io/driver/postgres v1.6.0 h1:2dxzU8xJ+ivvqTRph34QX+WrRaJlmfyPqXmoGVjMBa4= +gorm.io/driver/postgres v1.6.0/go.mod h1:vUw0mrGgrTK+uPHEhAdV4sfFELrByKVGnaVRkXDhtWo= gorm.io/driver/sqlserver v1.5.2 h1:+o4RQ8w1ohPbADhFqDxeeZnSWjwOcBnxBckjTbcP4wk= gorm.io/driver/sqlserver v1.5.2/go.mod h1:gaKF0MO0cfTq9Q3/XhkowSw4g6nIwHPGAs4hzKCmvBo= gorm.io/gorm v1.25.2-0.20230530020048-26663ab9bf55/go.mod h1:L4uxeKpfBml98NYqVqwAdmV1a2nBtAec/cf3fpucW/k= gorm.io/gorm v1.25.2-0.20230610234218-206613868439/go.mod h1:L4uxeKpfBml98NYqVqwAdmV1a2nBtAec/cf3fpucW/k= -gorm.io/gorm v1.25.5 h1:zR9lOiiYf09VNh5Q1gphfyia1JpiClIWG9hQaxB/mls= -gorm.io/gorm v1.25.5/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8= +gorm.io/gorm v1.25.10 h1:dQpO+33KalOA+aFYGlK+EfxcI5MbO7EP2yYygwh9h+s= +gorm.io/gorm v1.25.10/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8= modernc.org/libc v1.22.5 h1:91BNch/e5B0uPbJFgqbxXuOnxBQjlS//icfQEGmvyjE= modernc.org/libc v1.22.5/go.mod h1:jj+Z7dTNX8fBScMVNRAYZ/jF91K8fdT2hYMThc3YjBY= modernc.org/mathutil v1.5.0 h1:rV0Ko/6SfM+8G+yKiyI830l3Wuz1zRutdslNoQ0kfiQ= diff --git a/internal/authorization/cache.go b/internal/authorization/cache.go new file mode 100644 index 00000000..18b8258f --- /dev/null +++ b/internal/authorization/cache.go @@ -0,0 +1,161 @@ +package authorization + +import ( + "strings" + "sync" + "sync/atomic" + "time" +) + +// cache is a local in-memory cache with TTL support. +// It uses sync.Map for concurrent access and tracks per-key expiry. +// A distributed cache (via memory_store) will be layered on top in Phase 7. +type cache struct { + ttl time.Duration + data sync.Map + expiryMap sync.Map + counters sync.Map // counter key string -> *int64 (atomic-incremented) + // validSets holds membership-style caches (known resource names, known scope names). + // Stored separately from .data so string-valued entries never collide, and so + // the typed map lookup is O(1) without string parsing. + // A zero-length set is a valid cached value meaning "DB was reachable and empty". + validSets sync.Map // cache key -> map[string]struct{} +} + +// newCache creates a new local cache. If ttlSeconds is 0, caching is disabled. +func newCache(ttlSeconds int64) *cache { + return &cache{ + ttl: time.Duration(ttlSeconds) * time.Second, + } +} + +// enabled returns true if caching is active (TTL > 0). +func (c *cache) enabled() bool { + return c.ttl > 0 +} + +// get retrieves a cached value by key. Returns the value and whether the key +// was found and still valid. Expired entries are lazily deleted on access. +// Both positive and negative cached results (authorization "true"/"false") +// follow the same lookup path, avoiding a cache-stampede on repeated +// deny evaluations for the same (principal, resource, scope). +func (c *cache) get(key string) (string, bool) { + if !c.enabled() { + return "", false + } + + expiry, ok := c.expiryMap.Load(key) + if !ok { + return "", false + } + if time.Now().After(expiry.(time.Time)) { + // Lazily evict expired entry. + c.data.Delete(key) + c.expiryMap.Delete(key) + return "", false + } + + val, ok := c.data.Load(key) + if !ok { + return "", false + } + return val.(string), true +} + +// set stores a value in the cache with the configured TTL. +// Both "true" and "false" values are cached (negative caching) +// to prevent cache stampede on non-existent resource:scope combos. +func (c *cache) set(key string, value string) { + if !c.enabled() { + return + } + c.data.Store(key, value) + c.expiryMap.Store(key, time.Now().Add(c.ttl)) +} + +// deleteByPrefix removes all cached entries whose key starts with the given prefix. +// Used when admin mutations change resources, scopes, or policies to invalidate +// all related cached decisions. Iterates both the string-valued data map and the +// typed validSets map so both storage tiers are wiped in lockstep. +func (c *cache) deleteByPrefix(prefix string) { + c.data.Range(func(key, _ any) bool { + if strings.HasPrefix(key.(string), prefix) { + c.data.Delete(key) + c.expiryMap.Delete(key) + } + return true + }) + c.validSets.Range(func(key, _ any) bool { + if strings.HasPrefix(key.(string), prefix) { + c.validSets.Delete(key) + c.expiryMap.Delete(key) + } + return true + }) +} + +// getValidSet returns the cached membership set for the given key. +// The second return value reports whether the cache had an entry at all. +// Callers must not mutate the returned map. +func (c *cache) getValidSet(key string) (map[string]struct{}, bool) { + if !c.enabled() { + return nil, false + } + expiry, ok := c.expiryMap.Load(key) + if !ok { + return nil, false + } + if time.Now().After(expiry.(time.Time)) { + c.validSets.Delete(key) + c.expiryMap.Delete(key) + return nil, false + } + v, ok := c.validSets.Load(key) + if !ok { + return nil, false + } + return v.(map[string]struct{}), true +} + +// setValidSet stores a membership set under the given key with the configured TTL. +func (c *cache) setValidSet(key string, set map[string]struct{}) { + if !c.enabled() { + return + } + c.validSets.Store(key, set) + c.expiryMap.Store(key, time.Now().Add(c.ttl)) +} + +// validResourcesKey returns the cache key for the set of known resource names. +func validResourcesKey() string { + return "authz:valid_resources" +} + +// validScopesKey returns the cache key for the set of known scope names. +func validScopesKey() string { + return "authz:valid_scopes" +} + +// unmatchedCounterKey builds the map key for a (resource, scope) unmatched event. +func unmatchedCounterKey(resource, scope string) string { + return "authz:unmatched:" + resource + ":" + scope +} + +// bumpUnmatched increments the unmatched-check counter for the given (resource, scope). +// Counters are in-process only; they are reset on restart. A future dashboard view +// reads them to surface "uncovered checks" to operators during rollout. +func (c *cache) bumpUnmatched(resource, scope string) { + key := unmatchedCounterKey(resource, scope) + v, _ := c.counters.LoadOrStore(key, new(int64)) + atomic.AddInt64(v.(*int64), 1) +} + +// unmatchedCount returns the current unmatched counter for the given (resource, scope). +// Returns 0 if the key has never been bumped. +func (c *cache) unmatchedCount(resource, scope string) int64 { + key := unmatchedCounterKey(resource, scope) + if v, ok := c.counters.Load(key); ok { + return atomic.LoadInt64(v.(*int64)) + } + return 0 +} diff --git a/internal/authorization/cache_test.go b/internal/authorization/cache_test.go new file mode 100644 index 00000000..074218ee --- /dev/null +++ b/internal/authorization/cache_test.go @@ -0,0 +1,22 @@ +package authorization + +import ( + "testing" +) + +func TestCache_UnmatchedCounter_IncrementsAndReads(t *testing.T) { + c := newCache(60) // 60s TTL, irrelevant for counter which persists in the separate map + c.bumpUnmatched("orders", "read") + c.bumpUnmatched("orders", "read") + c.bumpUnmatched("users", "delete") + + if got := c.unmatchedCount("orders", "read"); got != 2 { + t.Fatalf("expected orders:read count=2, got %d", got) + } + if got := c.unmatchedCount("users", "delete"); got != 1 { + t.Fatalf("expected users:delete count=1, got %d", got) + } + if got := c.unmatchedCount("nope", "nope"); got != 0 { + t.Fatalf("expected unknown count=0, got %d", got) + } +} diff --git a/internal/authorization/evaluator.go b/internal/authorization/evaluator.go new file mode 100644 index 00000000..9e7fc384 --- /dev/null +++ b/internal/authorization/evaluator.go @@ -0,0 +1,536 @@ +package authorization + +import ( + "context" + "crypto/sha256" + "encoding/hex" + "fmt" + "sort" + "strings" + "time" + + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/metrics" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// MaxPrincipalPermissionEvaluations caps GetPrincipalPermissions at this many +// resource*scope evaluations per call. Callers hitting the cap receive a sentinel +// error so they can detect incomplete output. +const MaxPrincipalPermissionEvaluations = 10000 + +// Boolean-valued cache entries use these sentinel strings. Any other value +// stored under an evalKey is a bug — the lookup branch below treats it as a +// cache miss (returns to the full evaluation path) rather than silently +// coercing to false. +const ( + cacheValTrue = "true" + cacheValFalse = "false" +) + +// policyResult holds the outcome of a single policy evaluation. +type policyResult struct { + denied bool + granted bool + policyName string +} + +// CheckPermission evaluates whether a principal can perform a scope on a resource. +// It is fail-closed: any missing permission row or unknown (resource, scope) pair +// results in a deny. It follows this sequence: +// 1. Validate inputs +// 2. Check MaxScopes ceiling +// 3. Check cache +// 4. Query storage for matching permissions +// 5. Evaluate policies using decision strategies +// 6. Cache and return result +// +// Every terminal path records exactly one metrics.RecordAuthzCheck call, and +// AuthzCheckDuration is observed via defer. +func (p *provider) CheckPermission(ctx context.Context, principal *Principal, resource string, scope string) (result *CheckResult, err error) { + start := time.Now() + defer func() { + metrics.AuthzCheckDuration.Observe(time.Since(start).Seconds()) + }() + + // Validate inputs. + if principal == nil { + metrics.RecordAuthzCheck(metrics.AuthzResultError) + return nil, fmt.Errorf("principal is required") + } + if !isValidIdentifier(principal.ID) { + metrics.RecordAuthzCheck(metrics.AuthzResultError) + return nil, fmt.Errorf("invalid principal ID: %q", principal.ID) + } + if !isValidIdentifier(resource) { + metrics.RecordAuthzCheck(metrics.AuthzResultError) + return nil, fmt.Errorf("invalid resource: %q", resource) + } + if !isValidIdentifier(scope) { + metrics.RecordAuthzCheck(metrics.AuthzResultError) + return nil, fmt.Errorf("invalid scope: %q", scope) + } + + // MaxScopes ceiling. + if principal.MaxScopes != nil { + scopeStr := resource + ":" + scope + found := false + for _, ms := range principal.MaxScopes { + if ms == scopeStr { + found = true + break + } + } + if !found { + p.log.Debug(). + Str("principal_id", principal.ID). + Str("resource", resource). + Str("scope", scope). + Msg("denied by MaxScopes ceiling") + metrics.RecordAuthzCheck(metrics.AuthzResultDenied) + return &CheckResult{Allowed: false}, nil + } + } + + // Cache. + cacheKey := evalKey(principal, resource, scope) + if cached, ok := p.cache.get(cacheKey); ok { + switch cached { + case cacheValTrue: + p.log.Debug(). + Str("principal_id", principal.ID). + Str("resource", resource). + Str("scope", scope). + Bool("allowed", true). + Msg("authorization cache hit") + metrics.RecordAuthzCheck(metrics.AuthzResultAllowed) + return &CheckResult{Allowed: true}, nil + case cacheValFalse: + p.log.Debug(). + Str("principal_id", principal.ID). + Str("resource", resource). + Str("scope", scope). + Bool("allowed", false). + Msg("authorization cache hit") + metrics.RecordAuthzCheck(metrics.AuthzResultDenied) + return &CheckResult{Allowed: false}, nil + default: + // Unexpected cache value — treat as a miss and fall through to full eval. + p.log.Warn().Str("cache_key", cacheKey).Str("value", cached). + Msg("authz: unexpected cached eval value, ignoring") + } + } + + // Resource/scope existence. Fail-closed: if the probe itself errors, surface the error to + // the caller rather than falling through to handleNoPermission. + knownResource, err := p.validateResourceExists(ctx, resource) + if err != nil { + metrics.RecordAuthzCheck(metrics.AuthzResultError) + return nil, err + } + knownScope := true + if knownResource { + // Only probe scope when resource is valid; avoids a second lookup on + // the unknown-resource path. + knownScope, err = p.validateScopeExists(ctx, scope) + if err != nil { + metrics.RecordAuthzCheck(metrics.AuthzResultError) + return nil, err + } + } + if !knownResource || !knownScope { + // Unknown identifier — skip counter bumps (DoS guard for attacker- + // controlled inputs reaching CheckPermission, e.g. via GraphQL + // myPermissions / required_permissions on authenticated endpoints). + return p.handleNoPermission(cacheKey, principal, resource, scope, false /* isKnown */), nil + } + + // Permissions. + perms, err := p.storageProvider.GetPermissionsForResourceScope(ctx, resource, scope) + if err != nil { + metrics.RecordAuthzCheck(metrics.AuthzResultError) + return nil, fmt.Errorf("failed to query permissions: %w", err) + } + if len(perms) == 0 { + // Known (resource, scope) but no permission row — this is the signal + // we DO want to track for rollout. + return p.handleNoPermission(cacheKey, principal, resource, scope, true /* isKnown */), nil + } + + // Policy evaluation. Track the first non-empty deny attribution so we + // can surface it on the deny path for audit/debugging — resolveDecision + // returns the denying policy name when an explicit deny fires; empty + // strings mean "no policy contributed a verdict." + var denyMatchedPolicy string + for _, perm := range perms { + allowed, matchedPolicy := p.evaluatePermission(principal, perm) + if allowed { + p.cache.set(cacheKey, cacheValTrue) + p.log.Debug(). + Str("principal_id", principal.ID). + Str("resource", resource). + Str("scope", scope). + Str("matched_policy", matchedPolicy). + Msg("authorization granted") + metrics.RecordAuthzCheck(metrics.AuthzResultAllowed) + return &CheckResult{Allowed: true, MatchedPolicy: matchedPolicy}, nil + } + if denyMatchedPolicy == "" && matchedPolicy != "" { + denyMatchedPolicy = matchedPolicy + } + } + + // No permission granted access. + p.cache.set(cacheKey, cacheValFalse) + p.log.Debug(). + Str("principal_id", principal.ID). + Str("resource", resource). + Str("scope", scope). + Str("matched_policy", denyMatchedPolicy). + Msg("authorization denied") + metrics.RecordAuthzCheck(metrics.AuthzResultDenied) + return &CheckResult{Allowed: false, MatchedPolicy: denyMatchedPolicy}, nil +} + +// handleNoPermission returns a deny result for an unmatched (resource, scope) +// pair. The isKnown parameter reports whether the pair is both registered in +// the DB — counters are bumped only for known pairs to prevent unbounded +// growth of cache.counters from attacker-controlled input reaching +// CheckPermission via authenticated GraphQL (myPermissions / +// required_permissions). +func (p *provider) handleNoPermission(cacheKey string, _ *Principal, resource, scope string, isKnown bool) *CheckResult { + if isKnown { + p.cache.bumpUnmatched(resource, scope) + metrics.RecordAuthzUnmatched() + } + p.cache.set(cacheKey, cacheValFalse) + metrics.RecordAuthzCheck(metrics.AuthzResultUnmatched) + return &CheckResult{Allowed: false} +} + +// evaluatePermission evaluates all policies attached to a single permission +// and combines their results using the permission's decision strategy. +func (p *provider) evaluatePermission(principal *Principal, perm *schemas.PermissionWithPolicies) (bool, string) { + if len(perm.Policies) == 0 { + return false, "" + } + + results := make([]policyResult, 0, len(perm.Policies)) + for i := range perm.Policies { + policy := &perm.Policies[i] + denied, granted := p.evaluatePolicy(principal, policy) + results = append(results, policyResult{ + denied: denied, + granted: granted, + policyName: policy.PolicyName, + }) + } + + return resolveDecision(results, perm.DecisionStrategy) +} + +// evaluatePolicy evaluates a single policy against the principal. +// It checks whether the principal matches any of the policy's targets, +// then applies the policy's logic (positive = grant, negative = deny). +func (p *provider) evaluatePolicy(principal *Principal, policy *schemas.PolicyWithTargets) (denied bool, granted bool) { + if len(policy.Targets) == 0 { + return false, false + } + + var matched bool + switch policy.Type { + case constants.PolicyTypeRole: + matched = evaluateRoleTargets(policy.Targets, principal.Roles, policy.DecisionStrategy) + case constants.PolicyTypeUser: + matched = evaluateUserTargets(policy.Targets, principal.ID) + default: + // Unknown policy type -- fail closed. + p.log.Warn(). + Str("policy_type", policy.Type). + Str("policy_name", policy.PolicyName). + Msg("unknown policy type, denying") + return true, false + } + + // Apply logic: positive policies grant on match, negative policies deny on match. + if policy.Logic == constants.PolicyLogicNegative { + return matched, false + } + return false, matched +} + +// evaluateRoleTargets checks whether any (affirmative) or all (unanimous) of the +// role targets match the principal's roles. +func evaluateRoleTargets(targets []schemas.PolicyTargetView, roles []string, strategy string) bool { + roleSet := make(map[string]struct{}, len(roles)) + for _, r := range roles { + roleSet[r] = struct{}{} + } + + switch strategy { + case constants.DecisionStrategyUnanimous: + // All role targets must be present in the principal's roles. + evaluated := false + for _, t := range targets { + if t.TargetType != constants.TargetTypeRole { + continue + } + evaluated = true + if _, ok := roleSet[t.TargetValue]; !ok { + return false + } + } + return evaluated // false if no role targets existed + default: + // Affirmative (default): any role target match is sufficient. + for _, t := range targets { + if t.TargetType != constants.TargetTypeRole { + continue + } + if _, ok := roleSet[t.TargetValue]; ok { + return true + } + } + return false + } +} + +// evaluateUserTargets checks whether any of the user targets match the principal's ID. +func evaluateUserTargets(targets []schemas.PolicyTargetView, principalID string) bool { + for _, t := range targets { + if t.TargetType == constants.TargetTypeUser && t.TargetValue == principalID { + return true + } + } + return false +} + +// resolveDecision combines multiple policy results using the given strategy. +// Any explicit deny wins. Otherwise, affirmative grants on any allow, while +// unanimous requires every policy to grant. +func resolveDecision(results []policyResult, strategy string) (bool, string) { + if len(results) == 0 { + return false, "" + } + + for _, r := range results { + if r.denied { + return false, r.policyName + } + } + + switch strategy { + case constants.DecisionStrategyUnanimous: + // All policies must grant. + for _, r := range results { + if !r.granted { + return false, "" + } + } + return true, results[0].policyName + default: + // Affirmative: first grant wins. + for _, r := range results { + if r.granted { + return true, r.policyName + } + } + return false, "" + } +} + +// evalKey constructs a cache key for an authorization evaluation result. The +// effective roles and delegation ceiling are part of the key because the same +// principal ID can legitimately evaluate to different answers across sessions. +func evalKey(principal *Principal, resource, scope string) string { + fp := principalFingerprint(principal) + return fmt.Sprintf("authz:eval:%s:%s:%s:%s", principal.ID, fp, resource, scope) +} + +func principalFingerprint(principal *Principal) string { + roles := append([]string(nil), principal.Roles...) + sort.Strings(roles) + maxScopes := append([]string(nil), principal.MaxScopes...) + sort.Strings(maxScopes) + + h := sha256.New() + _, _ = h.Write([]byte(principal.Type)) + _, _ = h.Write([]byte{0}) + _, _ = h.Write([]byte(strings.Join(roles, "\x00"))) + _, _ = h.Write([]byte{0}) + _, _ = h.Write([]byte(strings.Join(maxScopes, "\x00"))) + return hex.EncodeToString(h.Sum(nil))[:16] +} + +// GetPrincipalPermissions returns all granted resource:scope pairs for a principal. +// It iterates all known resources and scopes, checking each combination. +func (p *provider) GetPrincipalPermissions(ctx context.Context, principal *Principal) ([]ResourceScope, error) { + if principal == nil { + return nil, fmt.Errorf("principal is required") + } + if !isValidIdentifier(principal.ID) { + return nil, fmt.Errorf("invalid principal ID: %q", principal.ID) + } + + // Fetch all resources. + resources, err := p.fetchAllResources(ctx) + if err != nil { + return nil, fmt.Errorf("failed to list resources: %w", err) + } + + // Fetch all scopes. + scopes, err := p.fetchAllScopes(ctx) + if err != nil { + return nil, fmt.Errorf("failed to list scopes: %w", err) + } + + // Hard ceiling: refuse to enumerate O(R*S) permissions beyond the cap. + // A tenant with, e.g., 1000 resources * 100 scopes = 100k CheckPermission + // calls per request would otherwise saturate the authz subsystem. + if int64(len(resources))*int64(len(scopes)) > int64(MaxPrincipalPermissionEvaluations) { + return nil, fmt.Errorf("too many permissions to enumerate: %d resources * %d scopes exceeds cap of %d", + len(resources), len(scopes), MaxPrincipalPermissionEvaluations) + } + + var granted []ResourceScope + for _, res := range resources { + for _, sc := range scopes { + result, err := p.CheckPermission(ctx, principal, res, sc) + if err != nil { + p.log.Warn().Err(err). + Str("resource", res). + Str("scope", sc). + Msg("error checking permission, skipping") + continue + } + if result.Allowed { + granted = append(granted, ResourceScope{ + Resource: res, + Scope: sc, + }) + } + } + } + + return granted, nil +} + +// InvalidateCache removes cached authorization data matching the given prefix. +// Called by admin mutations when permissions/policies change. +func (p *provider) InvalidateCache(ctx context.Context, prefix string) { + p.cache.deleteByPrefix(prefix) + p.log.Debug().Str("prefix", prefix).Msg("authorization cache invalidated") +} + +// validateResourceExists reports whether the given resource is registered. +// Returns (true, nil) if known; (false, nil) if definitively unknown; +// (false, err) if the storage probe itself failed. +// +// A probe error must NOT be masked as "unknown" — fail-closed on probe +// error so a transient DB blip surfaces as an error to the caller rather +// than falling through to handleNoPermission's deny path (which would +// look indistinguishable from a legitimate unknown resource). +func (p *provider) validateResourceExists(ctx context.Context, resource string) (bool, error) { + cacheKey := validResourcesKey() + if set, ok := p.cache.getValidSet(cacheKey); ok { + _, found := set[resource] + return found, nil + } + + names, err := p.fetchAllResources(ctx) + if err != nil { + return false, fmt.Errorf("probe resources: %w", err) + } + + set := make(map[string]struct{}, len(names)) + for _, n := range names { + set[n] = struct{}{} + } + p.cache.setValidSet(cacheKey, set) + + _, found := set[resource] + return found, nil +} + +// validateScopeExists reports whether the given scope is registered. +// Returns (true, nil) if known; (false, nil) if definitively unknown; +// (false, err) if the storage probe itself failed. +func (p *provider) validateScopeExists(ctx context.Context, scope string) (bool, error) { + cacheKey := validScopesKey() + if set, ok := p.cache.getValidSet(cacheKey); ok { + _, found := set[scope] + return found, nil + } + + names, err := p.fetchAllScopes(ctx) + if err != nil { + return false, fmt.Errorf("probe scopes: %w", err) + } + + set := make(map[string]struct{}, len(names)) + for _, n := range names { + set[n] = struct{}{} + } + p.cache.setValidSet(cacheKey, set) + + _, found := set[scope] + return found, nil +} + +// fetchAllResources retrieves all resource names from storage using pagination. +func (p *provider) fetchAllResources(ctx context.Context) ([]string, error) { + var names []string + page := int64(1) + limit := int64(100) + + for { + pagination := &model.Pagination{ + Limit: limit, + Offset: (page - 1) * limit, + Page: page, + } + resources, paginationResult, err := p.storageProvider.ListResources(ctx, pagination) + if err != nil { + return nil, err + } + for _, r := range resources { + names = append(names, r.Name) + } + // If we got fewer results than the limit, or reached the total, we're done. + if int64(len(resources)) < limit || (paginationResult != nil && paginationResult.Total <= page*limit) { + break + } + page++ + } + + return names, nil +} + +// fetchAllScopes retrieves all scope names from storage using pagination. +func (p *provider) fetchAllScopes(ctx context.Context) ([]string, error) { + var names []string + page := int64(1) + limit := int64(100) + + for { + pagination := &model.Pagination{ + Limit: limit, + Offset: (page - 1) * limit, + Page: page, + } + scopes, paginationResult, err := p.storageProvider.ListScopes(ctx, pagination) + if err != nil { + return nil, err + } + for _, s := range scopes { + names = append(names, s.Name) + } + if int64(len(scopes)) < limit || (paginationResult != nil && paginationResult.Total <= page*limit) { + break + } + page++ + } + + return names, nil +} diff --git a/internal/authorization/provider.go b/internal/authorization/provider.go new file mode 100644 index 00000000..18460883 --- /dev/null +++ b/internal/authorization/provider.go @@ -0,0 +1,90 @@ +package authorization + +import ( + "context" + + "github.com/rs/zerolog" + + "github.com/authorizerdev/authorizer/internal/storage" +) + +// Principal represents the entity requesting access. +// It is deliberately agnostic -- a Principal can be a human user, +// a service account (M2M), or an AI agent. The evaluation engine +// does not care about the origin; it only evaluates policies against +// the principal's identity and roles. +type Principal struct { + // ID is the unique identifier of the principal (user ID, client ID, agent ID). + ID string + // Type is the kind of principal: "user", "client", or "agent". + Type string + // Roles are the roles assigned to this principal. + Roles []string + // MaxScopes is an optional delegation ceiling. If set, the principal + // can never be granted permissions beyond this set, regardless of + // what policies say. Format: []string{"resource:scope", ...}. + // Nil means no ceiling (full access based on policies). + MaxScopes []string +} + +// ResourceScope pairs a resource name with a scope name. +// Used for returning all permissions a principal has. +type ResourceScope struct { + Resource string `json:"resource"` + Scope string `json:"scope"` +} + +// CheckResult contains the result of a permission check with debugging info. +type CheckResult struct { + // Allowed is true if the principal has the requested permission. + Allowed bool + // MatchedPolicy is the name of the policy that granted access (empty if denied). + MatchedPolicy string +} + +// Provider defines the authorization evaluation engine interface. +type Provider interface { + // CheckPermission evaluates whether a principal can perform a scope on a resource. + CheckPermission(ctx context.Context, principal *Principal, resource string, scope string) (*CheckResult, error) + + // GetPrincipalPermissions returns all granted resource:scope pairs for a principal. + // Used for JWT embedding and dashboard display. + GetPrincipalPermissions(ctx context.Context, principal *Principal) ([]ResourceScope, error) + + // InvalidateCache removes cached authorization data matching the given prefix. + // Called by admin mutations when permissions/policies change. + InvalidateCache(ctx context.Context, prefix string) +} + +// Dependencies carries shared resources for constructing an authorization Provider. +type Dependencies struct { + Log *zerolog.Logger + StorageProvider storage.Provider +} + +// Config holds authorization-specific configuration. +// This is separate from the main config to avoid circular imports. +// The values are passed in from cmd/root.go. +type Config struct { + // CacheTTL is the cache time-to-live in seconds. 0 disables caching. + CacheTTL int64 +} + +// provider implements the Provider interface. +type provider struct { + config *Config + log *zerolog.Logger + storageProvider storage.Provider + cache *cache +} + +// New creates a new authorization provider. +func New(cfg *Config, deps *Dependencies) (Provider, error) { + p := &provider{ + config: cfg, + log: deps.Log, + storageProvider: deps.StorageProvider, + cache: newCache(cfg.CacheTTL), + } + return p, nil +} diff --git a/internal/authorization/validators.go b/internal/authorization/validators.go new file mode 100644 index 00000000..b91422ce --- /dev/null +++ b/internal/authorization/validators.go @@ -0,0 +1,22 @@ +package authorization + +import ( + "unicode" + + "github.com/authorizerdev/authorizer/internal/constants" +) + +// isValidIdentifier checks that a string is safe for use in cache keys +// and database queries. Allows alphanumeric, hyphens, underscores. +// Max constants.MaxAuthzIdentifierLength characters. Empty strings are invalid. +func isValidIdentifier(s string) bool { + if len(s) == 0 || len(s) > constants.MaxAuthzIdentifierLength { + return false + } + for _, r := range s { + if !unicode.IsLetter(r) && !unicode.IsDigit(r) && r != '-' && r != '_' { + return false + } + } + return true +} diff --git a/internal/config/config.go b/internal/config/config.go index 185e1c2e..213ca073 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -316,4 +316,15 @@ type Config struct { // empty (default), back-channel logout notifications are disabled. // See OIDC Back-Channel Logout 1.0 §2.5 for the protocol. BackchannelLogoutURI string + + // Fine-Grained Authorization + // AuthorizationCacheTTL is the cache time-to-live in seconds for permission checks. + // Set to 0 to disable caching. Default: 300 (5 minutes). + AuthorizationCacheTTL int64 + // IncludePermissionsInToken controls whether permissions are embedded in JWT access tokens. + // When true, the permissions claim is added to access tokens. Default: false. + IncludePermissionsInToken bool + // AuthorizationLogAllChecks controls whether all permission checks are audit logged. + // When false (default), only denied checks are logged. When true, all checks are logged. + AuthorizationLogAllChecks bool } diff --git a/internal/constants/audit_event.go b/internal/constants/audit_event.go index 665bb20c..804b775b 100644 --- a/internal/constants/audit_event.go +++ b/internal/constants/audit_event.go @@ -22,6 +22,14 @@ const ( AuditResourceTypeEmailTemplate = "email_template" // AuditResourceTypeToken represents an auth token. AuditResourceTypeToken = "token" + // AuditResourceTypeAuthzPermission represents a fine-grained-authorization permission entity. + AuditResourceTypeAuthzPermission = "authz_permission" + // AuditResourceTypeAuthzPolicy represents a fine-grained-authorization policy entity. + AuditResourceTypeAuthzPolicy = "authz_policy" + // AuditResourceTypeAuthzResource represents a fine-grained-authorization resource entity. + AuditResourceTypeAuthzResource = "authz_resource" + // AuditResourceTypeAuthzScope represents a fine-grained-authorization scope entity. + AuditResourceTypeAuthzScope = "authz_scope" ) // Audit event type constants used for structured audit logging. @@ -95,6 +103,31 @@ const ( // AuditAdminEmailTemplateDeletedEvent is logged when an admin deletes an email template. AuditAdminEmailTemplateDeletedEvent = "admin.email_template_deleted" + // AuditAdminAuthzPermissionCreatedEvent is logged when an admin creates an authz permission. + AuditAdminAuthzPermissionCreatedEvent = "admin.authz_permission_created" + // AuditAdminAuthzPermissionUpdatedEvent is logged when an admin updates an authz permission. + AuditAdminAuthzPermissionUpdatedEvent = "admin.authz_permission_updated" + // AuditAdminAuthzPermissionDeletedEvent is logged when an admin deletes an authz permission. + AuditAdminAuthzPermissionDeletedEvent = "admin.authz_permission_deleted" + // AuditAdminAuthzPolicyCreatedEvent is logged when an admin creates an authz policy. + AuditAdminAuthzPolicyCreatedEvent = "admin.authz_policy_created" + // AuditAdminAuthzPolicyUpdatedEvent is logged when an admin updates an authz policy. + AuditAdminAuthzPolicyUpdatedEvent = "admin.authz_policy_updated" + // AuditAdminAuthzPolicyDeletedEvent is logged when an admin deletes an authz policy. + AuditAdminAuthzPolicyDeletedEvent = "admin.authz_policy_deleted" + // AuditAdminAuthzResourceCreatedEvent is logged when an admin creates an authz resource. + AuditAdminAuthzResourceCreatedEvent = "admin.authz_resource_created" + // AuditAdminAuthzResourceUpdatedEvent is logged when an admin updates an authz resource. + AuditAdminAuthzResourceUpdatedEvent = "admin.authz_resource_updated" + // AuditAdminAuthzResourceDeletedEvent is logged when an admin deletes an authz resource. + AuditAdminAuthzResourceDeletedEvent = "admin.authz_resource_deleted" + // AuditAdminAuthzScopeCreatedEvent is logged when an admin creates an authz scope. + AuditAdminAuthzScopeCreatedEvent = "admin.authz_scope_created" + // AuditAdminAuthzScopeUpdatedEvent is logged when an admin updates an authz scope. + AuditAdminAuthzScopeUpdatedEvent = "admin.authz_scope_updated" + // AuditAdminAuthzScopeDeletedEvent is logged when an admin deletes an authz scope. + AuditAdminAuthzScopeDeletedEvent = "admin.authz_scope_deleted" + // AuditOAuthLoginInitiatedEvent is logged when an OAuth login flow is started. AuditOAuthLoginInitiatedEvent = "oauth.login_initiated" // AuditOAuthCallbackSuccessEvent is logged when an OAuth callback completes successfully. diff --git a/internal/constants/authorization.go b/internal/constants/authorization.go new file mode 100644 index 00000000..b16ad784 --- /dev/null +++ b/internal/constants/authorization.go @@ -0,0 +1,38 @@ +package constants + +const ( + // PolicyTypeRole is the policy type for role-based policies. + // A role-based policy grants or denies access based on the principal's roles. + PolicyTypeRole = "role" + // PolicyTypeUser is the policy type for user-based policies. + // A user-based policy grants or denies access to specific user IDs. + PolicyTypeUser = "user" + + // PolicyLogicPositive grants access when the policy condition matches. + PolicyLogicPositive = "positive" + // PolicyLogicNegative denies access when the policy condition matches (blacklist). + PolicyLogicNegative = "negative" + + // DecisionStrategyAffirmative grants if ANY policy/target grants (OR logic). + DecisionStrategyAffirmative = "affirmative" + // DecisionStrategyUnanimous grants only if ALL policies/targets agree (AND logic). + DecisionStrategyUnanimous = "unanimous" + + // PrincipalTypeUser identifies a human user principal (from authorization_code grant). + PrincipalTypeUser = "user" + // PrincipalTypeClient identifies a service/M2M principal (from client_credentials grant). + PrincipalTypeClient = "client" + // PrincipalTypeAgent identifies an AI agent principal (future use). + PrincipalTypeAgent = "agent" + + // TargetTypeRole is a policy target that matches by role name. + TargetTypeRole = "role" + // TargetTypeUser is a policy target that matches by user ID. + TargetTypeUser = "user" + + // MaxAuthzIdentifierLength is the maximum allowed length for + // authorization resource names, scope names, policy names, and other + // FGA identifiers. The limit keeps caches bounded and ensures identifiers + // fit within reasonable index / column sizes across all storage providers. + MaxAuthzIdentifierLength = 100 +) diff --git a/internal/constants/webhook_event_authorization.go b/internal/constants/webhook_event_authorization.go new file mode 100644 index 00000000..059ed8d0 --- /dev/null +++ b/internal/constants/webhook_event_authorization.go @@ -0,0 +1,31 @@ +package constants + +const ( + // ResourceCreatedWebhookEvent is fired when an authorization resource is created. + ResourceCreatedWebhookEvent = "resource.created" + // ResourceUpdatedWebhookEvent is fired when an authorization resource is updated. + ResourceUpdatedWebhookEvent = "resource.updated" + // ResourceDeletedWebhookEvent is fired when an authorization resource is deleted. + ResourceDeletedWebhookEvent = "resource.deleted" + // ScopeCreatedWebhookEvent is fired when an authorization scope is created. + ScopeCreatedWebhookEvent = "scope.created" + // ScopeUpdatedWebhookEvent is fired when an authorization scope is updated. + ScopeUpdatedWebhookEvent = "scope.updated" + // ScopeDeletedWebhookEvent is fired when an authorization scope is deleted. + ScopeDeletedWebhookEvent = "scope.deleted" + // PolicyCreatedWebhookEvent is fired when an authorization policy is created. + PolicyCreatedWebhookEvent = "policy.created" + // PolicyUpdatedWebhookEvent is fired when an authorization policy is updated. + PolicyUpdatedWebhookEvent = "policy.updated" + // PolicyDeletedWebhookEvent is fired when an authorization policy is deleted. + PolicyDeletedWebhookEvent = "policy.deleted" + // PermissionCreatedWebhookEvent is fired when an authorization permission is created. + PermissionCreatedWebhookEvent = "permission.created" + // PermissionUpdatedWebhookEvent is fired when an authorization permission is updated. + PermissionUpdatedWebhookEvent = "permission.updated" + // PermissionDeletedWebhookEvent is fired when an authorization permission is deleted. + PermissionDeletedWebhookEvent = "permission.deleted" + // PermissionCheckDeniedWebhookEvent is fired when a permission check is denied + // in enforcing mode. Useful for agent kill-switches and security alerting. + PermissionCheckDeniedWebhookEvent = "permission.check_denied" +) diff --git a/internal/graph/generated/generated.go b/internal/graph/generated/generated.go index 58c15c77..9a05d66b 100644 --- a/internal/graph/generated/generated.go +++ b/internal/graph/generated/generated.go @@ -80,6 +80,72 @@ type ComplexityRoot struct { User func(childComplexity int) int } + AuthzPermission struct { + CreatedAt func(childComplexity int) int + DecisionStrategy func(childComplexity int) int + Description func(childComplexity int) int + ID func(childComplexity int) int + Name func(childComplexity int) int + Policies func(childComplexity int) int + Resource func(childComplexity int) int + Scopes func(childComplexity int) int + UpdatedAt func(childComplexity int) int + } + + AuthzPermissions struct { + Pagination func(childComplexity int) int + Permissions func(childComplexity int) int + } + + AuthzPolicies struct { + Pagination func(childComplexity int) int + Policies func(childComplexity int) int + } + + AuthzPolicy struct { + CreatedAt func(childComplexity int) int + DecisionStrategy func(childComplexity int) int + Description func(childComplexity int) int + ID func(childComplexity int) int + Logic func(childComplexity int) int + Name func(childComplexity int) int + Targets func(childComplexity int) int + Type func(childComplexity int) int + UpdatedAt func(childComplexity int) int + } + + AuthzPolicyTarget struct { + ID func(childComplexity int) int + TargetType func(childComplexity int) int + TargetValue func(childComplexity int) int + } + + AuthzResource struct { + CreatedAt func(childComplexity int) int + Description func(childComplexity int) int + ID func(childComplexity int) int + Name func(childComplexity int) int + UpdatedAt func(childComplexity int) int + } + + AuthzResources struct { + Pagination func(childComplexity int) int + Resources func(childComplexity int) int + } + + AuthzScope struct { + CreatedAt func(childComplexity int) int + Description func(childComplexity int) int + ID func(childComplexity int) int + Name func(childComplexity int) int + UpdatedAt func(childComplexity int) int + } + + AuthzScopes struct { + Pagination func(childComplexity int) int + Scopes func(childComplexity int) int + } + EmailTemplate struct { CreatedAt func(childComplexity int) int Design func(childComplexity int) int @@ -215,12 +281,20 @@ type ComplexityRoot struct { Mutation struct { AddEmailTemplate func(childComplexity int, params model.AddEmailTemplateRequest) int + AddPermission func(childComplexity int, params model.AddPermissionInput) int + AddPolicy func(childComplexity int, params model.AddPolicyInput) int + AddResource func(childComplexity int, params model.AddResourceInput) int + AddScope func(childComplexity int, params model.AddScopeInput) int AddWebhook func(childComplexity int, params model.AddWebhookRequest) int AdminLogin func(childComplexity int, params model.AdminLoginRequest) int AdminLogout func(childComplexity int) int AdminSignup func(childComplexity int, params model.AdminSignupRequest) int DeactivateAccount func(childComplexity int) int DeleteEmailTemplate func(childComplexity int, params model.DeleteEmailTemplateRequest) int + DeletePermission func(childComplexity int, id string) int + DeletePolicy func(childComplexity int, id string) int + DeleteResource func(childComplexity int, id string) int + DeleteScope func(childComplexity int, id string) int DeleteUser func(childComplexity int, params model.DeleteUserRequest) int DeleteWebhook func(childComplexity int, params model.WebhookRequest) int EnableAccess func(childComplexity int, param model.UpdateAccessRequest) int @@ -241,7 +315,11 @@ type ComplexityRoot struct { TestEndpoint func(childComplexity int, params model.TestEndpointRequest) int UpdateEmailTemplate func(childComplexity int, params model.UpdateEmailTemplateRequest) int UpdateEnv func(childComplexity int, params model.UpdateEnvRequest) int + UpdatePermission func(childComplexity int, params model.UpdatePermissionInput) int + UpdatePolicy func(childComplexity int, params model.UpdatePolicyInput) int UpdateProfile func(childComplexity int, params model.UpdateProfileRequest) int + UpdateResource func(childComplexity int, params model.UpdateResourceInput) int + UpdateScope func(childComplexity int, params model.UpdateScopeInput) int UpdateUser func(childComplexity int, params model.UpdateUserRequest) int UpdateWebhook func(childComplexity int, params model.UpdateWebhookRequest) int VerifyEmail func(childComplexity int, params model.VerifyEmailRequest) int @@ -255,13 +333,23 @@ type ComplexityRoot struct { Total func(childComplexity int) int } + Permission struct { + Resource func(childComplexity int) int + Scope func(childComplexity int) int + } + Query struct { AdminSession func(childComplexity int) int AuditLogs func(childComplexity int, params *model.ListAuditLogRequest) int EmailTemplates func(childComplexity int, params *model.PaginatedRequest) int Env func(childComplexity int) int Meta func(childComplexity int) int + MyPermissions func(childComplexity int) int + Permissions func(childComplexity int, params *model.PaginatedRequest) int + Policies func(childComplexity int, params *model.PaginatedRequest) int Profile func(childComplexity int) int + Resources func(childComplexity int, params *model.PaginatedRequest) int + Scopes func(childComplexity int, params *model.PaginatedRequest) int Session func(childComplexity int, params *model.SessionQueryRequest) int User func(childComplexity int, params model.GetUserRequest) int Users func(childComplexity int, params *model.PaginatedRequest) int @@ -402,6 +490,18 @@ type MutationResolver interface { AddEmailTemplate(ctx context.Context, params model.AddEmailTemplateRequest) (*model.Response, error) UpdateEmailTemplate(ctx context.Context, params model.UpdateEmailTemplateRequest) (*model.Response, error) DeleteEmailTemplate(ctx context.Context, params model.DeleteEmailTemplateRequest) (*model.Response, error) + AddResource(ctx context.Context, params model.AddResourceInput) (*model.AuthzResource, error) + UpdateResource(ctx context.Context, params model.UpdateResourceInput) (*model.AuthzResource, error) + DeleteResource(ctx context.Context, id string) (*model.Response, error) + AddScope(ctx context.Context, params model.AddScopeInput) (*model.AuthzScope, error) + UpdateScope(ctx context.Context, params model.UpdateScopeInput) (*model.AuthzScope, error) + DeleteScope(ctx context.Context, id string) (*model.Response, error) + AddPolicy(ctx context.Context, params model.AddPolicyInput) (*model.AuthzPolicy, error) + UpdatePolicy(ctx context.Context, params model.UpdatePolicyInput) (*model.AuthzPolicy, error) + DeletePolicy(ctx context.Context, id string) (*model.Response, error) + AddPermission(ctx context.Context, params model.AddPermissionInput) (*model.AuthzPermission, error) + UpdatePermission(ctx context.Context, params model.UpdatePermissionInput) (*model.AuthzPermission, error) + DeletePermission(ctx context.Context, id string) (*model.Response, error) } type QueryResolver interface { Meta(ctx context.Context) (*model.Meta, error) @@ -419,6 +519,11 @@ type QueryResolver interface { WebhookLogs(ctx context.Context, params *model.ListWebhookLogRequest) (*model.WebhookLogs, error) EmailTemplates(ctx context.Context, params *model.PaginatedRequest) (*model.EmailTemplates, error) AuditLogs(ctx context.Context, params *model.ListAuditLogRequest) (*model.AuditLogs, error) + Resources(ctx context.Context, params *model.PaginatedRequest) (*model.AuthzResources, error) + Scopes(ctx context.Context, params *model.PaginatedRequest) (*model.AuthzScopes, error) + Policies(ctx context.Context, params *model.PaginatedRequest) (*model.AuthzPolicies, error) + Permissions(ctx context.Context, params *model.PaginatedRequest) (*model.AuthzPermissions, error) + MyPermissions(ctx context.Context) ([]*model.Permission, error) } type executableSchema struct { @@ -615,6 +720,279 @@ func (e *executableSchema) Complexity(ctx context.Context, typeName, field strin return e.complexity.AuthResponse.User(childComplexity), true + case "AuthzPermission.created_at": + if e.complexity.AuthzPermission.CreatedAt == nil { + break + } + + return e.complexity.AuthzPermission.CreatedAt(childComplexity), true + + case "AuthzPermission.decision_strategy": + if e.complexity.AuthzPermission.DecisionStrategy == nil { + break + } + + return e.complexity.AuthzPermission.DecisionStrategy(childComplexity), true + + case "AuthzPermission.description": + if e.complexity.AuthzPermission.Description == nil { + break + } + + return e.complexity.AuthzPermission.Description(childComplexity), true + + case "AuthzPermission.id": + if e.complexity.AuthzPermission.ID == nil { + break + } + + return e.complexity.AuthzPermission.ID(childComplexity), true + + case "AuthzPermission.name": + if e.complexity.AuthzPermission.Name == nil { + break + } + + return e.complexity.AuthzPermission.Name(childComplexity), true + + case "AuthzPermission.policies": + if e.complexity.AuthzPermission.Policies == nil { + break + } + + return e.complexity.AuthzPermission.Policies(childComplexity), true + + case "AuthzPermission.resource": + if e.complexity.AuthzPermission.Resource == nil { + break + } + + return e.complexity.AuthzPermission.Resource(childComplexity), true + + case "AuthzPermission.scopes": + if e.complexity.AuthzPermission.Scopes == nil { + break + } + + return e.complexity.AuthzPermission.Scopes(childComplexity), true + + case "AuthzPermission.updated_at": + if e.complexity.AuthzPermission.UpdatedAt == nil { + break + } + + return e.complexity.AuthzPermission.UpdatedAt(childComplexity), true + + case "AuthzPermissions.pagination": + if e.complexity.AuthzPermissions.Pagination == nil { + break + } + + return e.complexity.AuthzPermissions.Pagination(childComplexity), true + + case "AuthzPermissions.permissions": + if e.complexity.AuthzPermissions.Permissions == nil { + break + } + + return e.complexity.AuthzPermissions.Permissions(childComplexity), true + + case "AuthzPolicies.pagination": + if e.complexity.AuthzPolicies.Pagination == nil { + break + } + + return e.complexity.AuthzPolicies.Pagination(childComplexity), true + + case "AuthzPolicies.policies": + if e.complexity.AuthzPolicies.Policies == nil { + break + } + + return e.complexity.AuthzPolicies.Policies(childComplexity), true + + case "AuthzPolicy.created_at": + if e.complexity.AuthzPolicy.CreatedAt == nil { + break + } + + return e.complexity.AuthzPolicy.CreatedAt(childComplexity), true + + case "AuthzPolicy.decision_strategy": + if e.complexity.AuthzPolicy.DecisionStrategy == nil { + break + } + + return e.complexity.AuthzPolicy.DecisionStrategy(childComplexity), true + + case "AuthzPolicy.description": + if e.complexity.AuthzPolicy.Description == nil { + break + } + + return e.complexity.AuthzPolicy.Description(childComplexity), true + + case "AuthzPolicy.id": + if e.complexity.AuthzPolicy.ID == nil { + break + } + + return e.complexity.AuthzPolicy.ID(childComplexity), true + + case "AuthzPolicy.logic": + if e.complexity.AuthzPolicy.Logic == nil { + break + } + + return e.complexity.AuthzPolicy.Logic(childComplexity), true + + case "AuthzPolicy.name": + if e.complexity.AuthzPolicy.Name == nil { + break + } + + return e.complexity.AuthzPolicy.Name(childComplexity), true + + case "AuthzPolicy.targets": + if e.complexity.AuthzPolicy.Targets == nil { + break + } + + return e.complexity.AuthzPolicy.Targets(childComplexity), true + + case "AuthzPolicy.type": + if e.complexity.AuthzPolicy.Type == nil { + break + } + + return e.complexity.AuthzPolicy.Type(childComplexity), true + + case "AuthzPolicy.updated_at": + if e.complexity.AuthzPolicy.UpdatedAt == nil { + break + } + + return e.complexity.AuthzPolicy.UpdatedAt(childComplexity), true + + case "AuthzPolicyTarget.id": + if e.complexity.AuthzPolicyTarget.ID == nil { + break + } + + return e.complexity.AuthzPolicyTarget.ID(childComplexity), true + + case "AuthzPolicyTarget.target_type": + if e.complexity.AuthzPolicyTarget.TargetType == nil { + break + } + + return e.complexity.AuthzPolicyTarget.TargetType(childComplexity), true + + case "AuthzPolicyTarget.target_value": + if e.complexity.AuthzPolicyTarget.TargetValue == nil { + break + } + + return e.complexity.AuthzPolicyTarget.TargetValue(childComplexity), true + + case "AuthzResource.created_at": + if e.complexity.AuthzResource.CreatedAt == nil { + break + } + + return e.complexity.AuthzResource.CreatedAt(childComplexity), true + + case "AuthzResource.description": + if e.complexity.AuthzResource.Description == nil { + break + } + + return e.complexity.AuthzResource.Description(childComplexity), true + + case "AuthzResource.id": + if e.complexity.AuthzResource.ID == nil { + break + } + + return e.complexity.AuthzResource.ID(childComplexity), true + + case "AuthzResource.name": + if e.complexity.AuthzResource.Name == nil { + break + } + + return e.complexity.AuthzResource.Name(childComplexity), true + + case "AuthzResource.updated_at": + if e.complexity.AuthzResource.UpdatedAt == nil { + break + } + + return e.complexity.AuthzResource.UpdatedAt(childComplexity), true + + case "AuthzResources.pagination": + if e.complexity.AuthzResources.Pagination == nil { + break + } + + return e.complexity.AuthzResources.Pagination(childComplexity), true + + case "AuthzResources.resources": + if e.complexity.AuthzResources.Resources == nil { + break + } + + return e.complexity.AuthzResources.Resources(childComplexity), true + + case "AuthzScope.created_at": + if e.complexity.AuthzScope.CreatedAt == nil { + break + } + + return e.complexity.AuthzScope.CreatedAt(childComplexity), true + + case "AuthzScope.description": + if e.complexity.AuthzScope.Description == nil { + break + } + + return e.complexity.AuthzScope.Description(childComplexity), true + + case "AuthzScope.id": + if e.complexity.AuthzScope.ID == nil { + break + } + + return e.complexity.AuthzScope.ID(childComplexity), true + + case "AuthzScope.name": + if e.complexity.AuthzScope.Name == nil { + break + } + + return e.complexity.AuthzScope.Name(childComplexity), true + + case "AuthzScope.updated_at": + if e.complexity.AuthzScope.UpdatedAt == nil { + break + } + + return e.complexity.AuthzScope.UpdatedAt(childComplexity), true + + case "AuthzScopes.pagination": + if e.complexity.AuthzScopes.Pagination == nil { + break + } + + return e.complexity.AuthzScopes.Pagination(childComplexity), true + + case "AuthzScopes.scopes": + if e.complexity.AuthzScopes.Scopes == nil { + break + } + + return e.complexity.AuthzScopes.Scopes(childComplexity), true + case "EmailTemplate.created_at": if e.complexity.EmailTemplate.CreatedAt == nil { break @@ -1390,6 +1768,54 @@ func (e *executableSchema) Complexity(ctx context.Context, typeName, field strin return e.complexity.Mutation.AddEmailTemplate(childComplexity, args["params"].(model.AddEmailTemplateRequest)), true + case "Mutation._add_permission": + if e.complexity.Mutation.AddPermission == nil { + break + } + + args, err := ec.field_Mutation__add_permission_args(ctx, rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Mutation.AddPermission(childComplexity, args["params"].(model.AddPermissionInput)), true + + case "Mutation._add_policy": + if e.complexity.Mutation.AddPolicy == nil { + break + } + + args, err := ec.field_Mutation__add_policy_args(ctx, rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Mutation.AddPolicy(childComplexity, args["params"].(model.AddPolicyInput)), true + + case "Mutation._add_resource": + if e.complexity.Mutation.AddResource == nil { + break + } + + args, err := ec.field_Mutation__add_resource_args(ctx, rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Mutation.AddResource(childComplexity, args["params"].(model.AddResourceInput)), true + + case "Mutation._add_scope": + if e.complexity.Mutation.AddScope == nil { + break + } + + args, err := ec.field_Mutation__add_scope_args(ctx, rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Mutation.AddScope(childComplexity, args["params"].(model.AddScopeInput)), true + case "Mutation._add_webhook": if e.complexity.Mutation.AddWebhook == nil { break @@ -1452,77 +1878,125 @@ func (e *executableSchema) Complexity(ctx context.Context, typeName, field strin return e.complexity.Mutation.DeleteEmailTemplate(childComplexity, args["params"].(model.DeleteEmailTemplateRequest)), true - case "Mutation._delete_user": - if e.complexity.Mutation.DeleteUser == nil { + case "Mutation._delete_permission": + if e.complexity.Mutation.DeletePermission == nil { break } - args, err := ec.field_Mutation__delete_user_args(ctx, rawArgs) + args, err := ec.field_Mutation__delete_permission_args(ctx, rawArgs) if err != nil { return 0, false } - return e.complexity.Mutation.DeleteUser(childComplexity, args["params"].(model.DeleteUserRequest)), true + return e.complexity.Mutation.DeletePermission(childComplexity, args["id"].(string)), true - case "Mutation._delete_webhook": - if e.complexity.Mutation.DeleteWebhook == nil { + case "Mutation._delete_policy": + if e.complexity.Mutation.DeletePolicy == nil { break } - args, err := ec.field_Mutation__delete_webhook_args(ctx, rawArgs) + args, err := ec.field_Mutation__delete_policy_args(ctx, rawArgs) if err != nil { return 0, false } - return e.complexity.Mutation.DeleteWebhook(childComplexity, args["params"].(model.WebhookRequest)), true + return e.complexity.Mutation.DeletePolicy(childComplexity, args["id"].(string)), true - case "Mutation._enable_access": - if e.complexity.Mutation.EnableAccess == nil { + case "Mutation._delete_resource": + if e.complexity.Mutation.DeleteResource == nil { break } - args, err := ec.field_Mutation__enable_access_args(ctx, rawArgs) + args, err := ec.field_Mutation__delete_resource_args(ctx, rawArgs) if err != nil { return 0, false } - return e.complexity.Mutation.EnableAccess(childComplexity, args["param"].(model.UpdateAccessRequest)), true + return e.complexity.Mutation.DeleteResource(childComplexity, args["id"].(string)), true - case "Mutation.forgot_password": - if e.complexity.Mutation.ForgotPassword == nil { + case "Mutation._delete_scope": + if e.complexity.Mutation.DeleteScope == nil { break } - args, err := ec.field_Mutation_forgot_password_args(ctx, rawArgs) + args, err := ec.field_Mutation__delete_scope_args(ctx, rawArgs) if err != nil { return 0, false } - return e.complexity.Mutation.ForgotPassword(childComplexity, args["params"].(model.ForgotPasswordRequest)), true + return e.complexity.Mutation.DeleteScope(childComplexity, args["id"].(string)), true - case "Mutation._generate_jwt_keys": - if e.complexity.Mutation.GenerateJwtKeys == nil { + case "Mutation._delete_user": + if e.complexity.Mutation.DeleteUser == nil { break } - args, err := ec.field_Mutation__generate_jwt_keys_args(ctx, rawArgs) + args, err := ec.field_Mutation__delete_user_args(ctx, rawArgs) if err != nil { return 0, false } - return e.complexity.Mutation.GenerateJwtKeys(childComplexity, args["params"].(model.GenerateJWTKeysRequest)), true + return e.complexity.Mutation.DeleteUser(childComplexity, args["params"].(model.DeleteUserRequest)), true - case "Mutation._invite_members": - if e.complexity.Mutation.InviteMembers == nil { + case "Mutation._delete_webhook": + if e.complexity.Mutation.DeleteWebhook == nil { break } - args, err := ec.field_Mutation__invite_members_args(ctx, rawArgs) + args, err := ec.field_Mutation__delete_webhook_args(ctx, rawArgs) if err != nil { return 0, false } - return e.complexity.Mutation.InviteMembers(childComplexity, args["params"].(model.InviteMemberRequest)), true + return e.complexity.Mutation.DeleteWebhook(childComplexity, args["params"].(model.WebhookRequest)), true + + case "Mutation._enable_access": + if e.complexity.Mutation.EnableAccess == nil { + break + } + + args, err := ec.field_Mutation__enable_access_args(ctx, rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Mutation.EnableAccess(childComplexity, args["param"].(model.UpdateAccessRequest)), true + + case "Mutation.forgot_password": + if e.complexity.Mutation.ForgotPassword == nil { + break + } + + args, err := ec.field_Mutation_forgot_password_args(ctx, rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Mutation.ForgotPassword(childComplexity, args["params"].(model.ForgotPasswordRequest)), true + + case "Mutation._generate_jwt_keys": + if e.complexity.Mutation.GenerateJwtKeys == nil { + break + } + + args, err := ec.field_Mutation__generate_jwt_keys_args(ctx, rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Mutation.GenerateJwtKeys(childComplexity, args["params"].(model.GenerateJWTKeysRequest)), true + + case "Mutation._invite_members": + if e.complexity.Mutation.InviteMembers == nil { + break + } + + args, err := ec.field_Mutation__invite_members_args(ctx, rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Mutation.InviteMembers(childComplexity, args["params"].(model.InviteMemberRequest)), true case "Mutation.login": if e.complexity.Mutation.Login == nil { @@ -1687,6 +2161,30 @@ func (e *executableSchema) Complexity(ctx context.Context, typeName, field strin return e.complexity.Mutation.UpdateEnv(childComplexity, args["params"].(model.UpdateEnvRequest)), true + case "Mutation._update_permission": + if e.complexity.Mutation.UpdatePermission == nil { + break + } + + args, err := ec.field_Mutation__update_permission_args(ctx, rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Mutation.UpdatePermission(childComplexity, args["params"].(model.UpdatePermissionInput)), true + + case "Mutation._update_policy": + if e.complexity.Mutation.UpdatePolicy == nil { + break + } + + args, err := ec.field_Mutation__update_policy_args(ctx, rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Mutation.UpdatePolicy(childComplexity, args["params"].(model.UpdatePolicyInput)), true + case "Mutation.update_profile": if e.complexity.Mutation.UpdateProfile == nil { break @@ -1699,6 +2197,30 @@ func (e *executableSchema) Complexity(ctx context.Context, typeName, field strin return e.complexity.Mutation.UpdateProfile(childComplexity, args["params"].(model.UpdateProfileRequest)), true + case "Mutation._update_resource": + if e.complexity.Mutation.UpdateResource == nil { + break + } + + args, err := ec.field_Mutation__update_resource_args(ctx, rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Mutation.UpdateResource(childComplexity, args["params"].(model.UpdateResourceInput)), true + + case "Mutation._update_scope": + if e.complexity.Mutation.UpdateScope == nil { + break + } + + args, err := ec.field_Mutation__update_scope_args(ctx, rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Mutation.UpdateScope(childComplexity, args["params"].(model.UpdateScopeInput)), true + case "Mutation._update_user": if e.complexity.Mutation.UpdateUser == nil { break @@ -1775,6 +2297,20 @@ func (e *executableSchema) Complexity(ctx context.Context, typeName, field strin return e.complexity.Pagination.Total(childComplexity), true + case "Permission.resource": + if e.complexity.Permission.Resource == nil { + break + } + + return e.complexity.Permission.Resource(childComplexity), true + + case "Permission.scope": + if e.complexity.Permission.Scope == nil { + break + } + + return e.complexity.Permission.Scope(childComplexity), true + case "Query._admin_session": if e.complexity.Query.AdminSession == nil { break @@ -1820,6 +2356,37 @@ func (e *executableSchema) Complexity(ctx context.Context, typeName, field strin return e.complexity.Query.Meta(childComplexity), true + case "Query.my_permissions": + if e.complexity.Query.MyPermissions == nil { + break + } + + return e.complexity.Query.MyPermissions(childComplexity), true + + case "Query._permissions": + if e.complexity.Query.Permissions == nil { + break + } + + args, err := ec.field_Query__permissions_args(ctx, rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Query.Permissions(childComplexity, args["params"].(*model.PaginatedRequest)), true + + case "Query._policies": + if e.complexity.Query.Policies == nil { + break + } + + args, err := ec.field_Query__policies_args(ctx, rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Query.Policies(childComplexity, args["params"].(*model.PaginatedRequest)), true + case "Query.profile": if e.complexity.Query.Profile == nil { break @@ -1827,6 +2394,30 @@ func (e *executableSchema) Complexity(ctx context.Context, typeName, field strin return e.complexity.Query.Profile(childComplexity), true + case "Query._resources": + if e.complexity.Query.Resources == nil { + break + } + + args, err := ec.field_Query__resources_args(ctx, rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Query.Resources(childComplexity, args["params"].(*model.PaginatedRequest)), true + + case "Query._scopes": + if e.complexity.Query.Scopes == nil { + break + } + + args, err := ec.field_Query__scopes_args(ctx, rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Query.Scopes(childComplexity, args["params"].(*model.PaginatedRequest)), true + case "Query.session": if e.complexity.Query.Session == nil { break @@ -2357,6 +2948,10 @@ func (e *executableSchema) Exec(ctx context.Context) graphql.ResponseHandler { ec := executionContext{opCtx, e, 0, 0, make(chan graphql.DeferredResult)} inputUnmarshalMap := graphql.BuildUnmarshalerMap( ec.unmarshalInputAddEmailTemplateRequest, + ec.unmarshalInputAddPermissionInput, + ec.unmarshalInputAddPolicyInput, + ec.unmarshalInputAddResourceInput, + ec.unmarshalInputAddScopeInput, ec.unmarshalInputAddWebhookRequest, ec.unmarshalInputAdminLoginRequest, ec.unmarshalInputAdminSignupRequest, @@ -2375,6 +2970,8 @@ func (e *executableSchema) Exec(ctx context.Context) graphql.ResponseHandler { ec.unmarshalInputOAuthRevokeRequest, ec.unmarshalInputPaginatedRequest, ec.unmarshalInputPaginationRequest, + ec.unmarshalInputPermissionInput, + ec.unmarshalInputPolicyTargetInput, ec.unmarshalInputResendOTPRequest, ec.unmarshalInputResendVerifyEmailRequest, ec.unmarshalInputResetPasswordRequest, @@ -2384,7 +2981,11 @@ func (e *executableSchema) Exec(ctx context.Context) graphql.ResponseHandler { ec.unmarshalInputUpdateAccessRequest, ec.unmarshalInputUpdateEmailTemplateRequest, ec.unmarshalInputUpdateEnvRequest, + ec.unmarshalInputUpdatePermissionInput, + ec.unmarshalInputUpdatePolicyInput, ec.unmarshalInputUpdateProfileRequest, + ec.unmarshalInputUpdateResourceInput, + ec.unmarshalInputUpdateScopeInput, ec.unmarshalInputUpdateUserRequest, ec.unmarshalInputUpdateWebhookRequest, ec.unmarshalInputValidateJWTTokenRequest, @@ -3001,6 +3602,10 @@ input SessionQueryRequest { # when a session already exists and the login UI auto-detects it, # passing state ensures the authorization code state is properly stored state: String + # required_permissions is an optional list of resource:scope pairs that + # must all be granted to the principal. If any is denied the query returns + # unauthorized (AND semantics, matching the roles filter). + required_permissions: [PermissionInput!] } input PaginationRequest { @@ -3029,11 +3634,13 @@ input ValidateJWTTokenRequest { token_type: String! token: String! roles: [String!] + required_permissions: [PermissionInput!] } input ValidateSessionRequest { cookie: String! roles: [String!] + required_permissions: [PermissionInput!] } input GenerateJWTKeysRequest { @@ -3132,6 +3739,145 @@ input GetUserRequest { email: String } +type AuthzResource { + id: ID! + name: String! + description: String + created_at: Int64! + updated_at: Int64! +} + +type AuthzResources { + pagination: Pagination! + resources: [AuthzResource!]! +} + +type AuthzScope { + id: ID! + name: String! + description: String + created_at: Int64! + updated_at: Int64! +} + +type AuthzScopes { + pagination: Pagination! + scopes: [AuthzScope!]! +} + +type AuthzPolicyTarget { + id: ID! + target_type: String! + target_value: String! +} + +type AuthzPolicy { + id: ID! + name: String! + description: String + type: String! + logic: String! + decision_strategy: String! + targets: [AuthzPolicyTarget!]! + created_at: Int64! + updated_at: Int64! +} + +type AuthzPolicies { + pagination: Pagination! + policies: [AuthzPolicy!]! +} + +type AuthzPermission { + id: ID! + name: String! + description: String + resource: AuthzResource! + scopes: [AuthzScope!]! + policies: [AuthzPolicy!]! + decision_strategy: String! + created_at: Int64! + updated_at: Int64! +} + +type AuthzPermissions { + pagination: Pagination! + permissions: [AuthzPermission!]! +} + +type Permission { + resource: String! + scope: String! +} + +input AddResourceInput { + name: String! + description: String +} + +input UpdateResourceInput { + id: ID! + name: String + description: String +} + +input AddScopeInput { + name: String! + description: String +} + +input UpdateScopeInput { + id: ID! + name: String + description: String +} + +input PolicyTargetInput { + target_type: String! + target_value: String! +} + +input AddPolicyInput { + name: String! + description: String + type: String! + logic: String + decision_strategy: String + targets: [PolicyTargetInput!]! +} + +input UpdatePolicyInput { + id: ID! + name: String + description: String + logic: String + decision_strategy: String + targets: [PolicyTargetInput!] +} + +input AddPermissionInput { + name: String! + description: String + resource_id: ID! + scope_ids: [ID!]! + policy_ids: [ID!]! + decision_strategy: String +} + +input UpdatePermissionInput { + id: ID! + name: String + description: String + scope_ids: [ID!] + policy_ids: [ID!] + decision_strategy: String +} + +input PermissionInput { + resource: String! + scope: String! +} + type Mutation { signup(params: SignUpRequest!): AuthResponse! # Deprecated from v1.2.0 @@ -3171,6 +3917,22 @@ type Mutation { _add_email_template(params: AddEmailTemplateRequest!): Response! _update_email_template(params: UpdateEmailTemplateRequest!): Response! _delete_email_template(params: DeleteEmailTemplateRequest!): Response! + # Authorization: Resources + _add_resource(params: AddResourceInput!): AuthzResource! + _update_resource(params: UpdateResourceInput!): AuthzResource! + _delete_resource(id: ID!): Response! + # Authorization: Scopes + _add_scope(params: AddScopeInput!): AuthzScope! + _update_scope(params: UpdateScopeInput!): AuthzScope! + _delete_scope(id: ID!): Response! + # Authorization: Policies + _add_policy(params: AddPolicyInput!): AuthzPolicy! + _update_policy(params: UpdatePolicyInput!): AuthzPolicy! + _delete_policy(id: ID!): Response! + # Authorization: Permissions + _add_permission(params: AddPermissionInput!): AuthzPermission! + _update_permission(params: UpdatePermissionInput!): AuthzPermission! + _delete_permission(id: ID!): Response! } type Query { @@ -3191,6 +3953,13 @@ type Query { _webhook_logs(params: ListWebhookLogRequest): WebhookLogs! _email_templates(params: PaginatedRequest): EmailTemplates! _audit_logs(params: ListAuditLogRequest): AuditLogs! + # Authorization: Admin queries + _resources(params: PaginatedRequest): AuthzResources! + _scopes(params: PaginatedRequest): AuthzScopes! + _policies(params: PaginatedRequest): AuthzPolicies! + _permissions(params: PaginatedRequest): AuthzPermissions! + # Authorization: User-facing queries + my_permissions: [Permission!]! } `, BuiltIn: false}, } @@ -3228,1579 +3997,1696 @@ func (ec *executionContext) field_Mutation__add_email_template_argsParams( return zeroVal, nil } -func (ec *executionContext) field_Mutation__add_webhook_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__add_permission_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation__add_webhook_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__add_permission_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation__add_webhook_argsParams( +func (ec *executionContext) field_Mutation__add_permission_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.AddWebhookRequest, error) { +) (model.AddPermissionInput, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.AddWebhookRequest + var zeroVal model.AddPermissionInput return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNAddWebhookRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAddWebhookRequest(ctx, tmp) + return ec.unmarshalNAddPermissionInput2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAddPermissionInput(ctx, tmp) } - var zeroVal model.AddWebhookRequest + var zeroVal model.AddPermissionInput return zeroVal, nil } -func (ec *executionContext) field_Mutation__admin_login_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__add_policy_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation__admin_login_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__add_policy_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation__admin_login_argsParams( +func (ec *executionContext) field_Mutation__add_policy_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.AdminLoginRequest, error) { +) (model.AddPolicyInput, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.AdminLoginRequest + var zeroVal model.AddPolicyInput return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNAdminLoginRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAdminLoginRequest(ctx, tmp) + return ec.unmarshalNAddPolicyInput2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAddPolicyInput(ctx, tmp) } - var zeroVal model.AdminLoginRequest + var zeroVal model.AddPolicyInput return zeroVal, nil } -func (ec *executionContext) field_Mutation__admin_signup_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__add_resource_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation__admin_signup_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__add_resource_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation__admin_signup_argsParams( +func (ec *executionContext) field_Mutation__add_resource_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.AdminSignupRequest, error) { +) (model.AddResourceInput, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.AdminSignupRequest + var zeroVal model.AddResourceInput return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNAdminSignupRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAdminSignupRequest(ctx, tmp) + return ec.unmarshalNAddResourceInput2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAddResourceInput(ctx, tmp) } - var zeroVal model.AdminSignupRequest + var zeroVal model.AddResourceInput return zeroVal, nil } -func (ec *executionContext) field_Mutation__delete_email_template_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__add_scope_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation__delete_email_template_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__add_scope_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation__delete_email_template_argsParams( +func (ec *executionContext) field_Mutation__add_scope_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.DeleteEmailTemplateRequest, error) { +) (model.AddScopeInput, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.DeleteEmailTemplateRequest + var zeroVal model.AddScopeInput return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNDeleteEmailTemplateRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐDeleteEmailTemplateRequest(ctx, tmp) + return ec.unmarshalNAddScopeInput2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAddScopeInput(ctx, tmp) } - var zeroVal model.DeleteEmailTemplateRequest + var zeroVal model.AddScopeInput return zeroVal, nil } -func (ec *executionContext) field_Mutation__delete_user_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__add_webhook_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation__delete_user_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__add_webhook_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation__delete_user_argsParams( +func (ec *executionContext) field_Mutation__add_webhook_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.DeleteUserRequest, error) { +) (model.AddWebhookRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.DeleteUserRequest + var zeroVal model.AddWebhookRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNDeleteUserRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐDeleteUserRequest(ctx, tmp) + return ec.unmarshalNAddWebhookRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAddWebhookRequest(ctx, tmp) } - var zeroVal model.DeleteUserRequest + var zeroVal model.AddWebhookRequest return zeroVal, nil } -func (ec *executionContext) field_Mutation__delete_webhook_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__admin_login_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation__delete_webhook_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__admin_login_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation__delete_webhook_argsParams( +func (ec *executionContext) field_Mutation__admin_login_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.WebhookRequest, error) { +) (model.AdminLoginRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.WebhookRequest + var zeroVal model.AdminLoginRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNWebhookRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐWebhookRequest(ctx, tmp) + return ec.unmarshalNAdminLoginRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAdminLoginRequest(ctx, tmp) } - var zeroVal model.WebhookRequest + var zeroVal model.AdminLoginRequest return zeroVal, nil } -func (ec *executionContext) field_Mutation__enable_access_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__admin_signup_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation__enable_access_argsParam(ctx, rawArgs) + arg0, err := ec.field_Mutation__admin_signup_argsParams(ctx, rawArgs) if err != nil { return nil, err } - args["param"] = arg0 + args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation__enable_access_argsParam( +func (ec *executionContext) field_Mutation__admin_signup_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.UpdateAccessRequest, error) { - if _, ok := rawArgs["param"]; !ok { - var zeroVal model.UpdateAccessRequest +) (model.AdminSignupRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal model.AdminSignupRequest return zeroVal, nil } - ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("param")) - if tmp, ok := rawArgs["param"]; ok { - return ec.unmarshalNUpdateAccessRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateAccessRequest(ctx, tmp) + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalNAdminSignupRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAdminSignupRequest(ctx, tmp) } - var zeroVal model.UpdateAccessRequest + var zeroVal model.AdminSignupRequest return zeroVal, nil } -func (ec *executionContext) field_Mutation__generate_jwt_keys_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__delete_email_template_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation__generate_jwt_keys_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__delete_email_template_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation__generate_jwt_keys_argsParams( +func (ec *executionContext) field_Mutation__delete_email_template_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.GenerateJWTKeysRequest, error) { +) (model.DeleteEmailTemplateRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.GenerateJWTKeysRequest + var zeroVal model.DeleteEmailTemplateRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNGenerateJWTKeysRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐGenerateJWTKeysRequest(ctx, tmp) + return ec.unmarshalNDeleteEmailTemplateRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐDeleteEmailTemplateRequest(ctx, tmp) } - var zeroVal model.GenerateJWTKeysRequest + var zeroVal model.DeleteEmailTemplateRequest return zeroVal, nil } -func (ec *executionContext) field_Mutation__invite_members_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__delete_permission_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation__invite_members_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__delete_permission_argsID(ctx, rawArgs) if err != nil { return nil, err } - args["params"] = arg0 + args["id"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation__invite_members_argsParams( +func (ec *executionContext) field_Mutation__delete_permission_argsID( ctx context.Context, rawArgs map[string]any, -) (model.InviteMemberRequest, error) { - if _, ok := rawArgs["params"]; !ok { - var zeroVal model.InviteMemberRequest +) (string, error) { + if _, ok := rawArgs["id"]; !ok { + var zeroVal string return zeroVal, nil } - ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) - if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNInviteMemberRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐInviteMemberRequest(ctx, tmp) + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) + if tmp, ok := rawArgs["id"]; ok { + return ec.unmarshalNID2string(ctx, tmp) } - var zeroVal model.InviteMemberRequest + var zeroVal string return zeroVal, nil } -func (ec *executionContext) field_Mutation__revoke_access_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__delete_policy_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation__revoke_access_argsParam(ctx, rawArgs) + arg0, err := ec.field_Mutation__delete_policy_argsID(ctx, rawArgs) if err != nil { return nil, err } - args["param"] = arg0 + args["id"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation__revoke_access_argsParam( +func (ec *executionContext) field_Mutation__delete_policy_argsID( ctx context.Context, rawArgs map[string]any, -) (model.UpdateAccessRequest, error) { - if _, ok := rawArgs["param"]; !ok { - var zeroVal model.UpdateAccessRequest +) (string, error) { + if _, ok := rawArgs["id"]; !ok { + var zeroVal string return zeroVal, nil } - ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("param")) - if tmp, ok := rawArgs["param"]; ok { - return ec.unmarshalNUpdateAccessRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateAccessRequest(ctx, tmp) + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) + if tmp, ok := rawArgs["id"]; ok { + return ec.unmarshalNID2string(ctx, tmp) } - var zeroVal model.UpdateAccessRequest + var zeroVal string return zeroVal, nil } -func (ec *executionContext) field_Mutation__test_endpoint_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__delete_resource_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation__test_endpoint_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__delete_resource_argsID(ctx, rawArgs) if err != nil { return nil, err } - args["params"] = arg0 + args["id"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation__test_endpoint_argsParams( +func (ec *executionContext) field_Mutation__delete_resource_argsID( ctx context.Context, rawArgs map[string]any, -) (model.TestEndpointRequest, error) { - if _, ok := rawArgs["params"]; !ok { - var zeroVal model.TestEndpointRequest +) (string, error) { + if _, ok := rawArgs["id"]; !ok { + var zeroVal string return zeroVal, nil } - ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) - if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNTestEndpointRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐTestEndpointRequest(ctx, tmp) + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) + if tmp, ok := rawArgs["id"]; ok { + return ec.unmarshalNID2string(ctx, tmp) } - var zeroVal model.TestEndpointRequest + var zeroVal string return zeroVal, nil } -func (ec *executionContext) field_Mutation__update_email_template_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__delete_scope_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation__update_email_template_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__delete_scope_argsID(ctx, rawArgs) if err != nil { return nil, err } - args["params"] = arg0 + args["id"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation__update_email_template_argsParams( +func (ec *executionContext) field_Mutation__delete_scope_argsID( ctx context.Context, rawArgs map[string]any, -) (model.UpdateEmailTemplateRequest, error) { - if _, ok := rawArgs["params"]; !ok { - var zeroVal model.UpdateEmailTemplateRequest +) (string, error) { + if _, ok := rawArgs["id"]; !ok { + var zeroVal string return zeroVal, nil } - ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) - if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNUpdateEmailTemplateRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateEmailTemplateRequest(ctx, tmp) + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) + if tmp, ok := rawArgs["id"]; ok { + return ec.unmarshalNID2string(ctx, tmp) } - var zeroVal model.UpdateEmailTemplateRequest + var zeroVal string return zeroVal, nil } -func (ec *executionContext) field_Mutation__update_env_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__delete_user_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation__update_env_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__delete_user_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation__update_env_argsParams( +func (ec *executionContext) field_Mutation__delete_user_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.UpdateEnvRequest, error) { +) (model.DeleteUserRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.UpdateEnvRequest + var zeroVal model.DeleteUserRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNUpdateEnvRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateEnvRequest(ctx, tmp) + return ec.unmarshalNDeleteUserRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐDeleteUserRequest(ctx, tmp) } - var zeroVal model.UpdateEnvRequest + var zeroVal model.DeleteUserRequest return zeroVal, nil } -func (ec *executionContext) field_Mutation__update_user_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__delete_webhook_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation__update_user_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__delete_webhook_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation__update_user_argsParams( +func (ec *executionContext) field_Mutation__delete_webhook_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.UpdateUserRequest, error) { +) (model.WebhookRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.UpdateUserRequest + var zeroVal model.WebhookRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNUpdateUserRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateUserRequest(ctx, tmp) + return ec.unmarshalNWebhookRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐWebhookRequest(ctx, tmp) } - var zeroVal model.UpdateUserRequest + var zeroVal model.WebhookRequest return zeroVal, nil } -func (ec *executionContext) field_Mutation__update_webhook_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__enable_access_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation__update_webhook_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__enable_access_argsParam(ctx, rawArgs) if err != nil { return nil, err } - args["params"] = arg0 + args["param"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation__update_webhook_argsParams( +func (ec *executionContext) field_Mutation__enable_access_argsParam( ctx context.Context, rawArgs map[string]any, -) (model.UpdateWebhookRequest, error) { - if _, ok := rawArgs["params"]; !ok { - var zeroVal model.UpdateWebhookRequest +) (model.UpdateAccessRequest, error) { + if _, ok := rawArgs["param"]; !ok { + var zeroVal model.UpdateAccessRequest return zeroVal, nil } - ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) - if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNUpdateWebhookRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateWebhookRequest(ctx, tmp) + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("param")) + if tmp, ok := rawArgs["param"]; ok { + return ec.unmarshalNUpdateAccessRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateAccessRequest(ctx, tmp) } - var zeroVal model.UpdateWebhookRequest + var zeroVal model.UpdateAccessRequest return zeroVal, nil } -func (ec *executionContext) field_Mutation_forgot_password_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__generate_jwt_keys_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation_forgot_password_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__generate_jwt_keys_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation_forgot_password_argsParams( +func (ec *executionContext) field_Mutation__generate_jwt_keys_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.ForgotPasswordRequest, error) { +) (model.GenerateJWTKeysRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.ForgotPasswordRequest + var zeroVal model.GenerateJWTKeysRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNForgotPasswordRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐForgotPasswordRequest(ctx, tmp) + return ec.unmarshalNGenerateJWTKeysRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐGenerateJWTKeysRequest(ctx, tmp) } - var zeroVal model.ForgotPasswordRequest + var zeroVal model.GenerateJWTKeysRequest return zeroVal, nil } -func (ec *executionContext) field_Mutation_login_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__invite_members_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation_login_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__invite_members_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation_login_argsParams( +func (ec *executionContext) field_Mutation__invite_members_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.LoginRequest, error) { +) (model.InviteMemberRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.LoginRequest + var zeroVal model.InviteMemberRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNLoginRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐLoginRequest(ctx, tmp) + return ec.unmarshalNInviteMemberRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐInviteMemberRequest(ctx, tmp) } - var zeroVal model.LoginRequest + var zeroVal model.InviteMemberRequest return zeroVal, nil } -func (ec *executionContext) field_Mutation_magic_link_login_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__revoke_access_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation_magic_link_login_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__revoke_access_argsParam(ctx, rawArgs) if err != nil { return nil, err } - args["params"] = arg0 + args["param"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation_magic_link_login_argsParams( +func (ec *executionContext) field_Mutation__revoke_access_argsParam( ctx context.Context, rawArgs map[string]any, -) (model.MagicLinkLoginRequest, error) { - if _, ok := rawArgs["params"]; !ok { - var zeroVal model.MagicLinkLoginRequest +) (model.UpdateAccessRequest, error) { + if _, ok := rawArgs["param"]; !ok { + var zeroVal model.UpdateAccessRequest return zeroVal, nil } - ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) - if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNMagicLinkLoginRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐMagicLinkLoginRequest(ctx, tmp) + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("param")) + if tmp, ok := rawArgs["param"]; ok { + return ec.unmarshalNUpdateAccessRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateAccessRequest(ctx, tmp) } - var zeroVal model.MagicLinkLoginRequest + var zeroVal model.UpdateAccessRequest return zeroVal, nil } -func (ec *executionContext) field_Mutation_mobile_login_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__test_endpoint_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation_mobile_login_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__test_endpoint_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation_mobile_login_argsParams( +func (ec *executionContext) field_Mutation__test_endpoint_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.MobileLoginRequest, error) { +) (model.TestEndpointRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.MobileLoginRequest + var zeroVal model.TestEndpointRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNMobileLoginRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐMobileLoginRequest(ctx, tmp) + return ec.unmarshalNTestEndpointRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐTestEndpointRequest(ctx, tmp) } - var zeroVal model.MobileLoginRequest + var zeroVal model.TestEndpointRequest return zeroVal, nil } -func (ec *executionContext) field_Mutation_mobile_signup_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__update_email_template_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation_mobile_signup_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__update_email_template_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation_mobile_signup_argsParams( +func (ec *executionContext) field_Mutation__update_email_template_argsParams( ctx context.Context, rawArgs map[string]any, -) (*model.MobileSignUpRequest, error) { +) (model.UpdateEmailTemplateRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal *model.MobileSignUpRequest + var zeroVal model.UpdateEmailTemplateRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalOMobileSignUpRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐMobileSignUpRequest(ctx, tmp) + return ec.unmarshalNUpdateEmailTemplateRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateEmailTemplateRequest(ctx, tmp) } - var zeroVal *model.MobileSignUpRequest + var zeroVal model.UpdateEmailTemplateRequest return zeroVal, nil } -func (ec *executionContext) field_Mutation_resend_otp_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__update_env_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation_resend_otp_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__update_env_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation_resend_otp_argsParams( +func (ec *executionContext) field_Mutation__update_env_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.ResendOTPRequest, error) { +) (model.UpdateEnvRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.ResendOTPRequest + var zeroVal model.UpdateEnvRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNResendOTPRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResendOTPRequest(ctx, tmp) + return ec.unmarshalNUpdateEnvRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateEnvRequest(ctx, tmp) } - var zeroVal model.ResendOTPRequest + var zeroVal model.UpdateEnvRequest return zeroVal, nil } -func (ec *executionContext) field_Mutation_resend_verify_email_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__update_permission_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation_resend_verify_email_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__update_permission_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation_resend_verify_email_argsParams( +func (ec *executionContext) field_Mutation__update_permission_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.ResendVerifyEmailRequest, error) { +) (model.UpdatePermissionInput, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.ResendVerifyEmailRequest + var zeroVal model.UpdatePermissionInput return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNResendVerifyEmailRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResendVerifyEmailRequest(ctx, tmp) + return ec.unmarshalNUpdatePermissionInput2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdatePermissionInput(ctx, tmp) } - var zeroVal model.ResendVerifyEmailRequest + var zeroVal model.UpdatePermissionInput return zeroVal, nil } -func (ec *executionContext) field_Mutation_reset_password_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__update_policy_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation_reset_password_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__update_policy_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation_reset_password_argsParams( +func (ec *executionContext) field_Mutation__update_policy_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.ResetPasswordRequest, error) { +) (model.UpdatePolicyInput, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.ResetPasswordRequest + var zeroVal model.UpdatePolicyInput return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNResetPasswordRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResetPasswordRequest(ctx, tmp) + return ec.unmarshalNUpdatePolicyInput2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdatePolicyInput(ctx, tmp) } - var zeroVal model.ResetPasswordRequest + var zeroVal model.UpdatePolicyInput return zeroVal, nil } -func (ec *executionContext) field_Mutation_revoke_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__update_resource_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation_revoke_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__update_resource_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation_revoke_argsParams( +func (ec *executionContext) field_Mutation__update_resource_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.OAuthRevokeRequest, error) { +) (model.UpdateResourceInput, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.OAuthRevokeRequest + var zeroVal model.UpdateResourceInput return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNOAuthRevokeRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐOAuthRevokeRequest(ctx, tmp) + return ec.unmarshalNUpdateResourceInput2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateResourceInput(ctx, tmp) } - var zeroVal model.OAuthRevokeRequest + var zeroVal model.UpdateResourceInput return zeroVal, nil } -func (ec *executionContext) field_Mutation_signup_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__update_scope_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation_signup_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__update_scope_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation_signup_argsParams( +func (ec *executionContext) field_Mutation__update_scope_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.SignUpRequest, error) { +) (model.UpdateScopeInput, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.SignUpRequest + var zeroVal model.UpdateScopeInput return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNSignUpRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐSignUpRequest(ctx, tmp) + return ec.unmarshalNUpdateScopeInput2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateScopeInput(ctx, tmp) } - var zeroVal model.SignUpRequest + var zeroVal model.UpdateScopeInput return zeroVal, nil } -func (ec *executionContext) field_Mutation_update_profile_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__update_user_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation_update_profile_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__update_user_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation_update_profile_argsParams( +func (ec *executionContext) field_Mutation__update_user_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.UpdateProfileRequest, error) { +) (model.UpdateUserRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.UpdateProfileRequest + var zeroVal model.UpdateUserRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNUpdateProfileRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateProfileRequest(ctx, tmp) + return ec.unmarshalNUpdateUserRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateUserRequest(ctx, tmp) } - var zeroVal model.UpdateProfileRequest + var zeroVal model.UpdateUserRequest return zeroVal, nil } -func (ec *executionContext) field_Mutation_verify_email_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation__update_webhook_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation_verify_email_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation__update_webhook_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation_verify_email_argsParams( +func (ec *executionContext) field_Mutation__update_webhook_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.VerifyEmailRequest, error) { +) (model.UpdateWebhookRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.VerifyEmailRequest + var zeroVal model.UpdateWebhookRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNVerifyEmailRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐVerifyEmailRequest(ctx, tmp) + return ec.unmarshalNUpdateWebhookRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateWebhookRequest(ctx, tmp) } - var zeroVal model.VerifyEmailRequest + var zeroVal model.UpdateWebhookRequest return zeroVal, nil } -func (ec *executionContext) field_Mutation_verify_otp_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation_forgot_password_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Mutation_verify_otp_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation_forgot_password_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Mutation_verify_otp_argsParams( +func (ec *executionContext) field_Mutation_forgot_password_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.VerifyOTPRequest, error) { +) (model.ForgotPasswordRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.VerifyOTPRequest + var zeroVal model.ForgotPasswordRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNVerifyOTPRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐVerifyOTPRequest(ctx, tmp) + return ec.unmarshalNForgotPasswordRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐForgotPasswordRequest(ctx, tmp) } - var zeroVal model.VerifyOTPRequest + var zeroVal model.ForgotPasswordRequest return zeroVal, nil } -func (ec *executionContext) field_Query___type_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation_login_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Query___type_argsName(ctx, rawArgs) + arg0, err := ec.field_Mutation_login_argsParams(ctx, rawArgs) if err != nil { return nil, err } - args["name"] = arg0 + args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Query___type_argsName( +func (ec *executionContext) field_Mutation_login_argsParams( ctx context.Context, rawArgs map[string]any, -) (string, error) { - if _, ok := rawArgs["name"]; !ok { - var zeroVal string +) (model.LoginRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal model.LoginRequest return zeroVal, nil } - ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("name")) - if tmp, ok := rawArgs["name"]; ok { - return ec.unmarshalNString2string(ctx, tmp) + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalNLoginRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐLoginRequest(ctx, tmp) } - var zeroVal string + var zeroVal model.LoginRequest return zeroVal, nil } -func (ec *executionContext) field_Query__audit_logs_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation_magic_link_login_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Query__audit_logs_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation_magic_link_login_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Query__audit_logs_argsParams( +func (ec *executionContext) field_Mutation_magic_link_login_argsParams( ctx context.Context, rawArgs map[string]any, -) (*model.ListAuditLogRequest, error) { +) (model.MagicLinkLoginRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal *model.ListAuditLogRequest + var zeroVal model.MagicLinkLoginRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalOListAuditLogRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐListAuditLogRequest(ctx, tmp) + return ec.unmarshalNMagicLinkLoginRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐMagicLinkLoginRequest(ctx, tmp) } - var zeroVal *model.ListAuditLogRequest + var zeroVal model.MagicLinkLoginRequest return zeroVal, nil } -func (ec *executionContext) field_Query__email_templates_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation_mobile_login_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Query__email_templates_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation_mobile_login_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Query__email_templates_argsParams( +func (ec *executionContext) field_Mutation_mobile_login_argsParams( ctx context.Context, rawArgs map[string]any, -) (*model.PaginatedRequest, error) { +) (model.MobileLoginRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal *model.PaginatedRequest + var zeroVal model.MobileLoginRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalOPaginatedRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginatedRequest(ctx, tmp) + return ec.unmarshalNMobileLoginRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐMobileLoginRequest(ctx, tmp) } - var zeroVal *model.PaginatedRequest + var zeroVal model.MobileLoginRequest return zeroVal, nil } -func (ec *executionContext) field_Query__user_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation_mobile_signup_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Query__user_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation_mobile_signup_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Query__user_argsParams( +func (ec *executionContext) field_Mutation_mobile_signup_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.GetUserRequest, error) { +) (*model.MobileSignUpRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.GetUserRequest + var zeroVal *model.MobileSignUpRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNGetUserRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐGetUserRequest(ctx, tmp) + return ec.unmarshalOMobileSignUpRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐMobileSignUpRequest(ctx, tmp) } - var zeroVal model.GetUserRequest + var zeroVal *model.MobileSignUpRequest return zeroVal, nil } -func (ec *executionContext) field_Query__users_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation_resend_otp_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Query__users_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation_resend_otp_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Query__users_argsParams( +func (ec *executionContext) field_Mutation_resend_otp_argsParams( ctx context.Context, rawArgs map[string]any, -) (*model.PaginatedRequest, error) { +) (model.ResendOTPRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal *model.PaginatedRequest + var zeroVal model.ResendOTPRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalOPaginatedRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginatedRequest(ctx, tmp) + return ec.unmarshalNResendOTPRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResendOTPRequest(ctx, tmp) } - var zeroVal *model.PaginatedRequest + var zeroVal model.ResendOTPRequest return zeroVal, nil } -func (ec *executionContext) field_Query__verification_requests_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation_resend_verify_email_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Query__verification_requests_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation_resend_verify_email_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Query__verification_requests_argsParams( +func (ec *executionContext) field_Mutation_resend_verify_email_argsParams( ctx context.Context, rawArgs map[string]any, -) (*model.PaginatedRequest, error) { +) (model.ResendVerifyEmailRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal *model.PaginatedRequest + var zeroVal model.ResendVerifyEmailRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalOPaginatedRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginatedRequest(ctx, tmp) + return ec.unmarshalNResendVerifyEmailRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResendVerifyEmailRequest(ctx, tmp) } - var zeroVal *model.PaginatedRequest + var zeroVal model.ResendVerifyEmailRequest return zeroVal, nil } -func (ec *executionContext) field_Query__webhook_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation_reset_password_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Query__webhook_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation_reset_password_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Query__webhook_argsParams( +func (ec *executionContext) field_Mutation_reset_password_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.WebhookRequest, error) { +) (model.ResetPasswordRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.WebhookRequest + var zeroVal model.ResetPasswordRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNWebhookRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐWebhookRequest(ctx, tmp) + return ec.unmarshalNResetPasswordRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResetPasswordRequest(ctx, tmp) } - var zeroVal model.WebhookRequest + var zeroVal model.ResetPasswordRequest return zeroVal, nil } -func (ec *executionContext) field_Query__webhook_logs_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation_revoke_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Query__webhook_logs_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation_revoke_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Query__webhook_logs_argsParams( +func (ec *executionContext) field_Mutation_revoke_argsParams( ctx context.Context, rawArgs map[string]any, -) (*model.ListWebhookLogRequest, error) { +) (model.OAuthRevokeRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal *model.ListWebhookLogRequest + var zeroVal model.OAuthRevokeRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalOListWebhookLogRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐListWebhookLogRequest(ctx, tmp) + return ec.unmarshalNOAuthRevokeRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐOAuthRevokeRequest(ctx, tmp) } - var zeroVal *model.ListWebhookLogRequest + var zeroVal model.OAuthRevokeRequest return zeroVal, nil } -func (ec *executionContext) field_Query__webhooks_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation_signup_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Query__webhooks_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation_signup_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Query__webhooks_argsParams( +func (ec *executionContext) field_Mutation_signup_argsParams( ctx context.Context, rawArgs map[string]any, -) (*model.PaginatedRequest, error) { +) (model.SignUpRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal *model.PaginatedRequest + var zeroVal model.SignUpRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalOPaginatedRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginatedRequest(ctx, tmp) + return ec.unmarshalNSignUpRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐSignUpRequest(ctx, tmp) } - var zeroVal *model.PaginatedRequest + var zeroVal model.SignUpRequest return zeroVal, nil } -func (ec *executionContext) field_Query_session_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation_update_profile_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Query_session_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation_update_profile_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Query_session_argsParams( +func (ec *executionContext) field_Mutation_update_profile_argsParams( ctx context.Context, rawArgs map[string]any, -) (*model.SessionQueryRequest, error) { +) (model.UpdateProfileRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal *model.SessionQueryRequest + var zeroVal model.UpdateProfileRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalOSessionQueryRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐSessionQueryRequest(ctx, tmp) + return ec.unmarshalNUpdateProfileRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateProfileRequest(ctx, tmp) } - var zeroVal *model.SessionQueryRequest + var zeroVal model.UpdateProfileRequest return zeroVal, nil } -func (ec *executionContext) field_Query_validate_jwt_token_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation_verify_email_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Query_validate_jwt_token_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation_verify_email_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Query_validate_jwt_token_argsParams( +func (ec *executionContext) field_Mutation_verify_email_argsParams( ctx context.Context, rawArgs map[string]any, -) (model.ValidateJWTTokenRequest, error) { +) (model.VerifyEmailRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal model.ValidateJWTTokenRequest + var zeroVal model.VerifyEmailRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalNValidateJWTTokenRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐValidateJWTTokenRequest(ctx, tmp) + return ec.unmarshalNVerifyEmailRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐVerifyEmailRequest(ctx, tmp) } - var zeroVal model.ValidateJWTTokenRequest + var zeroVal model.VerifyEmailRequest return zeroVal, nil } -func (ec *executionContext) field_Query_validate_session_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Mutation_verify_otp_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field_Query_validate_session_argsParams(ctx, rawArgs) + arg0, err := ec.field_Mutation_verify_otp_argsParams(ctx, rawArgs) if err != nil { return nil, err } args["params"] = arg0 return args, nil } -func (ec *executionContext) field_Query_validate_session_argsParams( +func (ec *executionContext) field_Mutation_verify_otp_argsParams( ctx context.Context, rawArgs map[string]any, -) (*model.ValidateSessionRequest, error) { +) (model.VerifyOTPRequest, error) { if _, ok := rawArgs["params"]; !ok { - var zeroVal *model.ValidateSessionRequest + var zeroVal model.VerifyOTPRequest return zeroVal, nil } ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) if tmp, ok := rawArgs["params"]; ok { - return ec.unmarshalOValidateSessionRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐValidateSessionRequest(ctx, tmp) + return ec.unmarshalNVerifyOTPRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐVerifyOTPRequest(ctx, tmp) } - var zeroVal *model.ValidateSessionRequest + var zeroVal model.VerifyOTPRequest return zeroVal, nil } -func (ec *executionContext) field___Directive_args_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Query___type_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field___Directive_args_argsIncludeDeprecated(ctx, rawArgs) + arg0, err := ec.field_Query___type_argsName(ctx, rawArgs) if err != nil { return nil, err } - args["includeDeprecated"] = arg0 + args["name"] = arg0 return args, nil } -func (ec *executionContext) field___Directive_args_argsIncludeDeprecated( +func (ec *executionContext) field_Query___type_argsName( ctx context.Context, rawArgs map[string]any, -) (*bool, error) { - if _, ok := rawArgs["includeDeprecated"]; !ok { - var zeroVal *bool +) (string, error) { + if _, ok := rawArgs["name"]; !ok { + var zeroVal string return zeroVal, nil } - ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("includeDeprecated")) - if tmp, ok := rawArgs["includeDeprecated"]; ok { - return ec.unmarshalOBoolean2ᚖbool(ctx, tmp) + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("name")) + if tmp, ok := rawArgs["name"]; ok { + return ec.unmarshalNString2string(ctx, tmp) } - var zeroVal *bool + var zeroVal string return zeroVal, nil } -func (ec *executionContext) field___Field_args_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Query__audit_logs_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field___Field_args_argsIncludeDeprecated(ctx, rawArgs) + arg0, err := ec.field_Query__audit_logs_argsParams(ctx, rawArgs) if err != nil { return nil, err } - args["includeDeprecated"] = arg0 + args["params"] = arg0 return args, nil } -func (ec *executionContext) field___Field_args_argsIncludeDeprecated( +func (ec *executionContext) field_Query__audit_logs_argsParams( ctx context.Context, rawArgs map[string]any, -) (*bool, error) { - if _, ok := rawArgs["includeDeprecated"]; !ok { - var zeroVal *bool +) (*model.ListAuditLogRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal *model.ListAuditLogRequest return zeroVal, nil } - ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("includeDeprecated")) - if tmp, ok := rawArgs["includeDeprecated"]; ok { - return ec.unmarshalOBoolean2ᚖbool(ctx, tmp) + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalOListAuditLogRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐListAuditLogRequest(ctx, tmp) } - var zeroVal *bool + var zeroVal *model.ListAuditLogRequest return zeroVal, nil } -func (ec *executionContext) field___Type_enumValues_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Query__email_templates_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field___Type_enumValues_argsIncludeDeprecated(ctx, rawArgs) + arg0, err := ec.field_Query__email_templates_argsParams(ctx, rawArgs) if err != nil { return nil, err } - args["includeDeprecated"] = arg0 + args["params"] = arg0 return args, nil } -func (ec *executionContext) field___Type_enumValues_argsIncludeDeprecated( +func (ec *executionContext) field_Query__email_templates_argsParams( ctx context.Context, rawArgs map[string]any, -) (bool, error) { - if _, ok := rawArgs["includeDeprecated"]; !ok { - var zeroVal bool +) (*model.PaginatedRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal *model.PaginatedRequest return zeroVal, nil } - ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("includeDeprecated")) - if tmp, ok := rawArgs["includeDeprecated"]; ok { - return ec.unmarshalOBoolean2bool(ctx, tmp) + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalOPaginatedRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginatedRequest(ctx, tmp) } - var zeroVal bool + var zeroVal *model.PaginatedRequest return zeroVal, nil } -func (ec *executionContext) field___Type_fields_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { +func (ec *executionContext) field_Query__permissions_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { var err error args := map[string]any{} - arg0, err := ec.field___Type_fields_argsIncludeDeprecated(ctx, rawArgs) + arg0, err := ec.field_Query__permissions_argsParams(ctx, rawArgs) if err != nil { return nil, err } - args["includeDeprecated"] = arg0 + args["params"] = arg0 return args, nil } -func (ec *executionContext) field___Type_fields_argsIncludeDeprecated( +func (ec *executionContext) field_Query__permissions_argsParams( ctx context.Context, rawArgs map[string]any, -) (bool, error) { - if _, ok := rawArgs["includeDeprecated"]; !ok { - var zeroVal bool +) (*model.PaginatedRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal *model.PaginatedRequest return zeroVal, nil } - ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("includeDeprecated")) - if tmp, ok := rawArgs["includeDeprecated"]; ok { - return ec.unmarshalOBoolean2bool(ctx, tmp) + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalOPaginatedRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginatedRequest(ctx, tmp) } - var zeroVal bool + var zeroVal *model.PaginatedRequest return zeroVal, nil } -// endregion ***************************** args.gotpl ***************************** - -// region ************************** directives.gotpl ************************** +func (ec *executionContext) field_Query__policies_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { + var err error + args := map[string]any{} + arg0, err := ec.field_Query__policies_argsParams(ctx, rawArgs) + if err != nil { + return nil, err + } + args["params"] = arg0 + return args, nil +} +func (ec *executionContext) field_Query__policies_argsParams( + ctx context.Context, + rawArgs map[string]any, +) (*model.PaginatedRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal *model.PaginatedRequest + return zeroVal, nil + } -// endregion ************************** directives.gotpl ************************** + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalOPaginatedRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginatedRequest(ctx, tmp) + } -// region **************************** field.gotpl ***************************** + var zeroVal *model.PaginatedRequest + return zeroVal, nil +} -func (ec *executionContext) _AuditLog_id(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuditLog_id(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { - ctx = rctx // use context from middleware stack in children - return obj.ID, nil - }) +func (ec *executionContext) field_Query__resources_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { + var err error + args := map[string]any{} + arg0, err := ec.field_Query__resources_argsParams(ctx, rawArgs) if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null + return nil, err } - res := resTmp.(string) - fc.Result = res - return ec.marshalNID2string(ctx, field.Selections, res) + args["params"] = arg0 + return args, nil } +func (ec *executionContext) field_Query__resources_argsParams( + ctx context.Context, + rawArgs map[string]any, +) (*model.PaginatedRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal *model.PaginatedRequest + return zeroVal, nil + } -func (ec *executionContext) fieldContext_AuditLog_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "AuditLog", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type ID does not have child fields") - }, + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalOPaginatedRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginatedRequest(ctx, tmp) } - return fc, nil + + var zeroVal *model.PaginatedRequest + return zeroVal, nil } -func (ec *executionContext) _AuditLog_actor_id(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuditLog_actor_id(ctx, field) +func (ec *executionContext) field_Query__scopes_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { + var err error + args := map[string]any{} + arg0, err := ec.field_Query__scopes_argsParams(ctx, rawArgs) if err != nil { - return graphql.Null + return nil, err } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { - ctx = rctx // use context from middleware stack in children - return obj.ActorID, nil - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null + args["params"] = arg0 + return args, nil +} +func (ec *executionContext) field_Query__scopes_argsParams( + ctx context.Context, + rawArgs map[string]any, +) (*model.PaginatedRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal *model.PaginatedRequest + return zeroVal, nil } - if resTmp == nil { - return graphql.Null + + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalOPaginatedRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginatedRequest(ctx, tmp) } - res := resTmp.(*string) - fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + + var zeroVal *model.PaginatedRequest + return zeroVal, nil } -func (ec *executionContext) fieldContext_AuditLog_actor_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "AuditLog", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") - }, +func (ec *executionContext) field_Query__user_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { + var err error + args := map[string]any{} + arg0, err := ec.field_Query__user_argsParams(ctx, rawArgs) + if err != nil { + return nil, err } - return fc, nil + args["params"] = arg0 + return args, nil } +func (ec *executionContext) field_Query__user_argsParams( + ctx context.Context, + rawArgs map[string]any, +) (model.GetUserRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal model.GetUserRequest + return zeroVal, nil + } -func (ec *executionContext) _AuditLog_actor_type(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuditLog_actor_type(ctx, field) - if err != nil { - return graphql.Null + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalNGetUserRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐGetUserRequest(ctx, tmp) } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { - ctx = rctx // use context from middleware stack in children - return obj.ActorType, nil - }) + + var zeroVal model.GetUserRequest + return zeroVal, nil +} + +func (ec *executionContext) field_Query__users_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { + var err error + args := map[string]any{} + arg0, err := ec.field_Query__users_argsParams(ctx, rawArgs) if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - return graphql.Null + return nil, err } - res := resTmp.(*string) - fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + args["params"] = arg0 + return args, nil } +func (ec *executionContext) field_Query__users_argsParams( + ctx context.Context, + rawArgs map[string]any, +) (*model.PaginatedRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal *model.PaginatedRequest + return zeroVal, nil + } -func (ec *executionContext) fieldContext_AuditLog_actor_type(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "AuditLog", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") - }, + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalOPaginatedRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginatedRequest(ctx, tmp) } - return fc, nil + + var zeroVal *model.PaginatedRequest + return zeroVal, nil } -func (ec *executionContext) _AuditLog_actor_email(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuditLog_actor_email(ctx, field) +func (ec *executionContext) field_Query__verification_requests_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { + var err error + args := map[string]any{} + arg0, err := ec.field_Query__verification_requests_argsParams(ctx, rawArgs) if err != nil { - return graphql.Null + return nil, err } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { - ctx = rctx // use context from middleware stack in children - return obj.ActorEmail, nil - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - return graphql.Null - } - res := resTmp.(*string) - fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + args["params"] = arg0 + return args, nil } +func (ec *executionContext) field_Query__verification_requests_argsParams( + ctx context.Context, + rawArgs map[string]any, +) (*model.PaginatedRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal *model.PaginatedRequest + return zeroVal, nil + } -func (ec *executionContext) fieldContext_AuditLog_actor_email(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "AuditLog", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") - }, + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalOPaginatedRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginatedRequest(ctx, tmp) } - return fc, nil + + var zeroVal *model.PaginatedRequest + return zeroVal, nil } -func (ec *executionContext) _AuditLog_action(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuditLog_action(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { - ctx = rctx // use context from middleware stack in children - return obj.Action, nil - }) +func (ec *executionContext) field_Query__webhook_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { + var err error + args := map[string]any{} + arg0, err := ec.field_Query__webhook_argsParams(ctx, rawArgs) if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - return graphql.Null + return nil, err } - res := resTmp.(*string) - fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + args["params"] = arg0 + return args, nil } +func (ec *executionContext) field_Query__webhook_argsParams( + ctx context.Context, + rawArgs map[string]any, +) (model.WebhookRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal model.WebhookRequest + return zeroVal, nil + } -func (ec *executionContext) fieldContext_AuditLog_action(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "AuditLog", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") - }, + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalNWebhookRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐWebhookRequest(ctx, tmp) } - return fc, nil + + var zeroVal model.WebhookRequest + return zeroVal, nil } -func (ec *executionContext) _AuditLog_resource_type(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuditLog_resource_type(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { - ctx = rctx // use context from middleware stack in children - return obj.ResourceType, nil - }) +func (ec *executionContext) field_Query__webhook_logs_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { + var err error + args := map[string]any{} + arg0, err := ec.field_Query__webhook_logs_argsParams(ctx, rawArgs) if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - return graphql.Null + return nil, err } - res := resTmp.(*string) - fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + args["params"] = arg0 + return args, nil } +func (ec *executionContext) field_Query__webhook_logs_argsParams( + ctx context.Context, + rawArgs map[string]any, +) (*model.ListWebhookLogRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal *model.ListWebhookLogRequest + return zeroVal, nil + } -func (ec *executionContext) fieldContext_AuditLog_resource_type(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "AuditLog", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") - }, + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalOListWebhookLogRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐListWebhookLogRequest(ctx, tmp) } - return fc, nil + + var zeroVal *model.ListWebhookLogRequest + return zeroVal, nil } -func (ec *executionContext) _AuditLog_resource_id(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuditLog_resource_id(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { - ctx = rctx // use context from middleware stack in children - return obj.ResourceID, nil - }) +func (ec *executionContext) field_Query__webhooks_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { + var err error + args := map[string]any{} + arg0, err := ec.field_Query__webhooks_argsParams(ctx, rawArgs) if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - return graphql.Null + return nil, err } - res := resTmp.(*string) - fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + args["params"] = arg0 + return args, nil } +func (ec *executionContext) field_Query__webhooks_argsParams( + ctx context.Context, + rawArgs map[string]any, +) (*model.PaginatedRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal *model.PaginatedRequest + return zeroVal, nil + } -func (ec *executionContext) fieldContext_AuditLog_resource_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "AuditLog", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") - }, + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalOPaginatedRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginatedRequest(ctx, tmp) } - return fc, nil + + var zeroVal *model.PaginatedRequest + return zeroVal, nil } -func (ec *executionContext) _AuditLog_ip_address(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuditLog_ip_address(ctx, field) +func (ec *executionContext) field_Query_session_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { + var err error + args := map[string]any{} + arg0, err := ec.field_Query_session_argsParams(ctx, rawArgs) if err != nil { - return graphql.Null + return nil, err } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { - ctx = rctx // use context from middleware stack in children - return obj.IPAddress, nil - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null + args["params"] = arg0 + return args, nil +} +func (ec *executionContext) field_Query_session_argsParams( + ctx context.Context, + rawArgs map[string]any, +) (*model.SessionQueryRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal *model.SessionQueryRequest + return zeroVal, nil } - if resTmp == nil { - return graphql.Null + + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalOSessionQueryRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐSessionQueryRequest(ctx, tmp) } - res := resTmp.(*string) - fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + + var zeroVal *model.SessionQueryRequest + return zeroVal, nil } -func (ec *executionContext) fieldContext_AuditLog_ip_address(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "AuditLog", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") - }, +func (ec *executionContext) field_Query_validate_jwt_token_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { + var err error + args := map[string]any{} + arg0, err := ec.field_Query_validate_jwt_token_argsParams(ctx, rawArgs) + if err != nil { + return nil, err } - return fc, nil + args["params"] = arg0 + return args, nil } +func (ec *executionContext) field_Query_validate_jwt_token_argsParams( + ctx context.Context, + rawArgs map[string]any, +) (model.ValidateJWTTokenRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal model.ValidateJWTTokenRequest + return zeroVal, nil + } -func (ec *executionContext) _AuditLog_user_agent(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuditLog_user_agent(ctx, field) + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalNValidateJWTTokenRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐValidateJWTTokenRequest(ctx, tmp) + } + + var zeroVal model.ValidateJWTTokenRequest + return zeroVal, nil +} + +func (ec *executionContext) field_Query_validate_session_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { + var err error + args := map[string]any{} + arg0, err := ec.field_Query_validate_session_argsParams(ctx, rawArgs) + if err != nil { + return nil, err + } + args["params"] = arg0 + return args, nil +} +func (ec *executionContext) field_Query_validate_session_argsParams( + ctx context.Context, + rawArgs map[string]any, +) (*model.ValidateSessionRequest, error) { + if _, ok := rawArgs["params"]; !ok { + var zeroVal *model.ValidateSessionRequest + return zeroVal, nil + } + + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("params")) + if tmp, ok := rawArgs["params"]; ok { + return ec.unmarshalOValidateSessionRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐValidateSessionRequest(ctx, tmp) + } + + var zeroVal *model.ValidateSessionRequest + return zeroVal, nil +} + +func (ec *executionContext) field___Directive_args_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { + var err error + args := map[string]any{} + arg0, err := ec.field___Directive_args_argsIncludeDeprecated(ctx, rawArgs) + if err != nil { + return nil, err + } + args["includeDeprecated"] = arg0 + return args, nil +} +func (ec *executionContext) field___Directive_args_argsIncludeDeprecated( + ctx context.Context, + rawArgs map[string]any, +) (*bool, error) { + if _, ok := rawArgs["includeDeprecated"]; !ok { + var zeroVal *bool + return zeroVal, nil + } + + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("includeDeprecated")) + if tmp, ok := rawArgs["includeDeprecated"]; ok { + return ec.unmarshalOBoolean2ᚖbool(ctx, tmp) + } + + var zeroVal *bool + return zeroVal, nil +} + +func (ec *executionContext) field___Field_args_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { + var err error + args := map[string]any{} + arg0, err := ec.field___Field_args_argsIncludeDeprecated(ctx, rawArgs) + if err != nil { + return nil, err + } + args["includeDeprecated"] = arg0 + return args, nil +} +func (ec *executionContext) field___Field_args_argsIncludeDeprecated( + ctx context.Context, + rawArgs map[string]any, +) (*bool, error) { + if _, ok := rawArgs["includeDeprecated"]; !ok { + var zeroVal *bool + return zeroVal, nil + } + + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("includeDeprecated")) + if tmp, ok := rawArgs["includeDeprecated"]; ok { + return ec.unmarshalOBoolean2ᚖbool(ctx, tmp) + } + + var zeroVal *bool + return zeroVal, nil +} + +func (ec *executionContext) field___Type_enumValues_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { + var err error + args := map[string]any{} + arg0, err := ec.field___Type_enumValues_argsIncludeDeprecated(ctx, rawArgs) + if err != nil { + return nil, err + } + args["includeDeprecated"] = arg0 + return args, nil +} +func (ec *executionContext) field___Type_enumValues_argsIncludeDeprecated( + ctx context.Context, + rawArgs map[string]any, +) (bool, error) { + if _, ok := rawArgs["includeDeprecated"]; !ok { + var zeroVal bool + return zeroVal, nil + } + + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("includeDeprecated")) + if tmp, ok := rawArgs["includeDeprecated"]; ok { + return ec.unmarshalOBoolean2bool(ctx, tmp) + } + + var zeroVal bool + return zeroVal, nil +} + +func (ec *executionContext) field___Type_fields_args(ctx context.Context, rawArgs map[string]any) (map[string]any, error) { + var err error + args := map[string]any{} + arg0, err := ec.field___Type_fields_argsIncludeDeprecated(ctx, rawArgs) + if err != nil { + return nil, err + } + args["includeDeprecated"] = arg0 + return args, nil +} +func (ec *executionContext) field___Type_fields_argsIncludeDeprecated( + ctx context.Context, + rawArgs map[string]any, +) (bool, error) { + if _, ok := rawArgs["includeDeprecated"]; !ok { + var zeroVal bool + return zeroVal, nil + } + + ctx = graphql.WithPathContext(ctx, graphql.NewPathWithField("includeDeprecated")) + if tmp, ok := rawArgs["includeDeprecated"]; ok { + return ec.unmarshalOBoolean2bool(ctx, tmp) + } + + var zeroVal bool + return zeroVal, nil +} + +// endregion ***************************** args.gotpl ***************************** + +// region ************************** directives.gotpl ************************** + +// endregion ************************** directives.gotpl ************************** + +// region **************************** field.gotpl ***************************** + +func (ec *executionContext) _AuditLog_id(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuditLog_id(ctx, field) if err != nil { return graphql.Null } @@ -4813,35 +5699,38 @@ func (ec *executionContext) _AuditLog_user_agent(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.UserAgent, nil + return obj.ID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNID2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuditLog_user_agent(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuditLog_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "AuditLog", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type ID does not have child fields") }, } return fc, nil } -func (ec *executionContext) _AuditLog_metadata(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuditLog_metadata(ctx, field) +func (ec *executionContext) _AuditLog_actor_id(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuditLog_actor_id(ctx, field) if err != nil { return graphql.Null } @@ -4854,7 +5743,7 @@ func (ec *executionContext) _AuditLog_metadata(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Metadata, nil + return obj.ActorID, nil }) if err != nil { ec.Error(ctx, err) @@ -4868,7 +5757,7 @@ func (ec *executionContext) _AuditLog_metadata(ctx context.Context, field graphq return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuditLog_metadata(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuditLog_actor_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "AuditLog", Field: field, @@ -4881,8 +5770,8 @@ func (ec *executionContext) fieldContext_AuditLog_metadata(_ context.Context, fi return fc, nil } -func (ec *executionContext) _AuditLog_created_at(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuditLog_created_at(ctx, field) +func (ec *executionContext) _AuditLog_actor_type(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuditLog_actor_type(ctx, field) if err != nil { return graphql.Null } @@ -4895,7 +5784,7 @@ func (ec *executionContext) _AuditLog_created_at(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.CreatedAt, nil + return obj.ActorType, nil }) if err != nil { ec.Error(ctx, err) @@ -4904,26 +5793,26 @@ func (ec *executionContext) _AuditLog_created_at(ctx context.Context, field grap if resTmp == nil { return graphql.Null } - res := resTmp.(*int64) + res := resTmp.(*string) fc.Result = res - return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuditLog_created_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuditLog_actor_type(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "AuditLog", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _AuditLogs_pagination(ctx context.Context, field graphql.CollectedField, obj *model.AuditLogs) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuditLogs_pagination(ctx, field) +func (ec *executionContext) _AuditLog_actor_email(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuditLog_actor_email(ctx, field) if err != nil { return graphql.Null } @@ -4936,48 +5825,35 @@ func (ec *executionContext) _AuditLogs_pagination(ctx context.Context, field gra }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Pagination, nil + return obj.ActorEmail, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.Pagination) + res := resTmp.(*string) fc.Result = res - return ec.marshalNPagination2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPagination(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuditLogs_pagination(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuditLog_actor_email(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "AuditLogs", + Object: "AuditLog", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "limit": - return ec.fieldContext_Pagination_limit(ctx, field) - case "page": - return ec.fieldContext_Pagination_page(ctx, field) - case "offset": - return ec.fieldContext_Pagination_offset(ctx, field) - case "total": - return ec.fieldContext_Pagination_total(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Pagination", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _AuditLogs_audit_logs(ctx context.Context, field graphql.CollectedField, obj *model.AuditLogs) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuditLogs_audit_logs(ctx, field) +func (ec *executionContext) _AuditLog_action(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuditLog_action(ctx, field) if err != nil { return graphql.Null } @@ -4990,62 +5866,35 @@ func (ec *executionContext) _AuditLogs_audit_logs(ctx context.Context, field gra }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.AuditLogs, nil + return obj.Action, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.([]*model.AuditLog) + res := resTmp.(*string) fc.Result = res - return ec.marshalNAuditLog2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuditLogᚄ(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuditLogs_audit_logs(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuditLog_action(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "AuditLogs", + Object: "AuditLog", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "id": - return ec.fieldContext_AuditLog_id(ctx, field) - case "actor_id": - return ec.fieldContext_AuditLog_actor_id(ctx, field) - case "actor_type": - return ec.fieldContext_AuditLog_actor_type(ctx, field) - case "actor_email": - return ec.fieldContext_AuditLog_actor_email(ctx, field) - case "action": - return ec.fieldContext_AuditLog_action(ctx, field) - case "resource_type": - return ec.fieldContext_AuditLog_resource_type(ctx, field) - case "resource_id": - return ec.fieldContext_AuditLog_resource_id(ctx, field) - case "ip_address": - return ec.fieldContext_AuditLog_ip_address(ctx, field) - case "user_agent": - return ec.fieldContext_AuditLog_user_agent(ctx, field) - case "metadata": - return ec.fieldContext_AuditLog_metadata(ctx, field) - case "created_at": - return ec.fieldContext_AuditLog_created_at(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type AuditLog", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _AuthResponse_message(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuthResponse_message(ctx, field) +func (ec *executionContext) _AuditLog_resource_type(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuditLog_resource_type(ctx, field) if err != nil { return graphql.Null } @@ -5058,26 +5907,23 @@ func (ec *executionContext) _AuthResponse_message(ctx context.Context, field gra }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Message, nil + return obj.ResourceType, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*string) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuthResponse_message(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuditLog_resource_type(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "AuthResponse", + Object: "AuditLog", Field: field, IsMethod: false, IsResolver: false, @@ -5088,8 +5934,8 @@ func (ec *executionContext) fieldContext_AuthResponse_message(_ context.Context, return fc, nil } -func (ec *executionContext) _AuthResponse_should_show_email_otp_screen(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuthResponse_should_show_email_otp_screen(ctx, field) +func (ec *executionContext) _AuditLog_resource_id(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuditLog_resource_id(ctx, field) if err != nil { return graphql.Null } @@ -5102,7 +5948,7 @@ func (ec *executionContext) _AuthResponse_should_show_email_otp_screen(ctx conte }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.ShouldShowEmailOtpScreen, nil + return obj.ResourceID, nil }) if err != nil { ec.Error(ctx, err) @@ -5111,26 +5957,26 @@ func (ec *executionContext) _AuthResponse_should_show_email_otp_screen(ctx conte if resTmp == nil { return graphql.Null } - res := resTmp.(*bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuthResponse_should_show_email_otp_screen(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuditLog_resource_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "AuthResponse", + Object: "AuditLog", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _AuthResponse_should_show_mobile_otp_screen(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuthResponse_should_show_mobile_otp_screen(ctx, field) +func (ec *executionContext) _AuditLog_ip_address(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuditLog_ip_address(ctx, field) if err != nil { return graphql.Null } @@ -5143,7 +5989,7 @@ func (ec *executionContext) _AuthResponse_should_show_mobile_otp_screen(ctx cont }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.ShouldShowMobileOtpScreen, nil + return obj.IPAddress, nil }) if err != nil { ec.Error(ctx, err) @@ -5152,26 +5998,26 @@ func (ec *executionContext) _AuthResponse_should_show_mobile_otp_screen(ctx cont if resTmp == nil { return graphql.Null } - res := resTmp.(*bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuthResponse_should_show_mobile_otp_screen(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuditLog_ip_address(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "AuthResponse", + Object: "AuditLog", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _AuthResponse_should_show_totp_screen(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuthResponse_should_show_totp_screen(ctx, field) +func (ec *executionContext) _AuditLog_user_agent(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuditLog_user_agent(ctx, field) if err != nil { return graphql.Null } @@ -5184,7 +6030,7 @@ func (ec *executionContext) _AuthResponse_should_show_totp_screen(ctx context.Co }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.ShouldShowTotpScreen, nil + return obj.UserAgent, nil }) if err != nil { ec.Error(ctx, err) @@ -5193,26 +6039,26 @@ func (ec *executionContext) _AuthResponse_should_show_totp_screen(ctx context.Co if resTmp == nil { return graphql.Null } - res := resTmp.(*bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuthResponse_should_show_totp_screen(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuditLog_user_agent(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "AuthResponse", + Object: "AuditLog", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _AuthResponse_access_token(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuthResponse_access_token(ctx, field) +func (ec *executionContext) _AuditLog_metadata(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuditLog_metadata(ctx, field) if err != nil { return graphql.Null } @@ -5225,7 +6071,7 @@ func (ec *executionContext) _AuthResponse_access_token(ctx context.Context, fiel }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.AccessToken, nil + return obj.Metadata, nil }) if err != nil { ec.Error(ctx, err) @@ -5239,9 +6085,9 @@ func (ec *executionContext) _AuthResponse_access_token(ctx context.Context, fiel return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuthResponse_access_token(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuditLog_metadata(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "AuthResponse", + Object: "AuditLog", Field: field, IsMethod: false, IsResolver: false, @@ -5252,8 +6098,8 @@ func (ec *executionContext) fieldContext_AuthResponse_access_token(_ context.Con return fc, nil } -func (ec *executionContext) _AuthResponse_id_token(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuthResponse_id_token(ctx, field) +func (ec *executionContext) _AuditLog_created_at(ctx context.Context, field graphql.CollectedField, obj *model.AuditLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuditLog_created_at(ctx, field) if err != nil { return graphql.Null } @@ -5266,7 +6112,7 @@ func (ec *executionContext) _AuthResponse_id_token(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IDToken, nil + return obj.CreatedAt, nil }) if err != nil { ec.Error(ctx, err) @@ -5275,26 +6121,26 @@ func (ec *executionContext) _AuthResponse_id_token(ctx context.Context, field gr if resTmp == nil { return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*int64) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuthResponse_id_token(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuditLog_created_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "AuthResponse", + Object: "AuditLog", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) _AuthResponse_refresh_token(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuthResponse_refresh_token(ctx, field) +func (ec *executionContext) _AuditLogs_pagination(ctx context.Context, field graphql.CollectedField, obj *model.AuditLogs) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuditLogs_pagination(ctx, field) if err != nil { return graphql.Null } @@ -5307,35 +6153,48 @@ func (ec *executionContext) _AuthResponse_refresh_token(ctx context.Context, fie }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.RefreshToken, nil + return obj.Pagination, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.Pagination) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNPagination2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPagination(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuthResponse_refresh_token(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuditLogs_pagination(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "AuthResponse", + Object: "AuditLogs", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "limit": + return ec.fieldContext_Pagination_limit(ctx, field) + case "page": + return ec.fieldContext_Pagination_page(ctx, field) + case "offset": + return ec.fieldContext_Pagination_offset(ctx, field) + case "total": + return ec.fieldContext_Pagination_total(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Pagination", field.Name) }, } return fc, nil } -func (ec *executionContext) _AuthResponse_expires_in(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuthResponse_expires_in(ctx, field) +func (ec *executionContext) _AuditLogs_audit_logs(ctx context.Context, field graphql.CollectedField, obj *model.AuditLogs) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuditLogs_audit_logs(ctx, field) if err != nil { return graphql.Null } @@ -5348,35 +6207,62 @@ func (ec *executionContext) _AuthResponse_expires_in(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.ExpiresIn, nil + return obj.AuditLogs, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*int64) + res := resTmp.([]*model.AuditLog) fc.Result = res - return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) + return ec.marshalNAuditLog2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuditLogᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuthResponse_expires_in(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuditLogs_audit_logs(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "AuthResponse", + Object: "AuditLogs", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_AuditLog_id(ctx, field) + case "actor_id": + return ec.fieldContext_AuditLog_actor_id(ctx, field) + case "actor_type": + return ec.fieldContext_AuditLog_actor_type(ctx, field) + case "actor_email": + return ec.fieldContext_AuditLog_actor_email(ctx, field) + case "action": + return ec.fieldContext_AuditLog_action(ctx, field) + case "resource_type": + return ec.fieldContext_AuditLog_resource_type(ctx, field) + case "resource_id": + return ec.fieldContext_AuditLog_resource_id(ctx, field) + case "ip_address": + return ec.fieldContext_AuditLog_ip_address(ctx, field) + case "user_agent": + return ec.fieldContext_AuditLog_user_agent(ctx, field) + case "metadata": + return ec.fieldContext_AuditLog_metadata(ctx, field) + case "created_at": + return ec.fieldContext_AuditLog_created_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuditLog", field.Name) }, } return fc, nil } -func (ec *executionContext) _AuthResponse_user(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuthResponse_user(ctx, field) +func (ec *executionContext) _AuthResponse_message(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthResponse_message(ctx, field) if err != nil { return graphql.Null } @@ -5389,77 +6275,38 @@ func (ec *executionContext) _AuthResponse_user(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.User, nil + return obj.Message, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*model.User) + res := resTmp.(string) fc.Result = res - return ec.marshalOUser2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUser(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuthResponse_user(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthResponse_message(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "AuthResponse", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "id": - return ec.fieldContext_User_id(ctx, field) - case "email": - return ec.fieldContext_User_email(ctx, field) - case "email_verified": - return ec.fieldContext_User_email_verified(ctx, field) - case "signup_methods": - return ec.fieldContext_User_signup_methods(ctx, field) - case "given_name": - return ec.fieldContext_User_given_name(ctx, field) - case "family_name": - return ec.fieldContext_User_family_name(ctx, field) - case "middle_name": - return ec.fieldContext_User_middle_name(ctx, field) - case "nickname": - return ec.fieldContext_User_nickname(ctx, field) - case "preferred_username": - return ec.fieldContext_User_preferred_username(ctx, field) - case "gender": - return ec.fieldContext_User_gender(ctx, field) - case "birthdate": - return ec.fieldContext_User_birthdate(ctx, field) - case "phone_number": - return ec.fieldContext_User_phone_number(ctx, field) - case "phone_number_verified": - return ec.fieldContext_User_phone_number_verified(ctx, field) - case "picture": - return ec.fieldContext_User_picture(ctx, field) - case "roles": - return ec.fieldContext_User_roles(ctx, field) - case "created_at": - return ec.fieldContext_User_created_at(ctx, field) - case "updated_at": - return ec.fieldContext_User_updated_at(ctx, field) - case "revoked_timestamp": - return ec.fieldContext_User_revoked_timestamp(ctx, field) - case "is_multi_factor_auth_enabled": - return ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field) - case "app_data": - return ec.fieldContext_User_app_data(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type User", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _AuthResponse_authenticator_scanner_image(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuthResponse_authenticator_scanner_image(ctx, field) +func (ec *executionContext) _AuthResponse_should_show_email_otp_screen(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthResponse_should_show_email_otp_screen(ctx, field) if err != nil { return graphql.Null } @@ -5472,7 +6319,7 @@ func (ec *executionContext) _AuthResponse_authenticator_scanner_image(ctx contex }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.AuthenticatorScannerImage, nil + return obj.ShouldShowEmailOtpScreen, nil }) if err != nil { ec.Error(ctx, err) @@ -5481,26 +6328,26 @@ func (ec *executionContext) _AuthResponse_authenticator_scanner_image(ctx contex if resTmp == nil { return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*bool) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuthResponse_authenticator_scanner_image(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthResponse_should_show_email_otp_screen(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "AuthResponse", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _AuthResponse_authenticator_secret(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuthResponse_authenticator_secret(ctx, field) +func (ec *executionContext) _AuthResponse_should_show_mobile_otp_screen(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthResponse_should_show_mobile_otp_screen(ctx, field) if err != nil { return graphql.Null } @@ -5513,7 +6360,7 @@ func (ec *executionContext) _AuthResponse_authenticator_secret(ctx context.Conte }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.AuthenticatorSecret, nil + return obj.ShouldShowMobileOtpScreen, nil }) if err != nil { ec.Error(ctx, err) @@ -5522,26 +6369,26 @@ func (ec *executionContext) _AuthResponse_authenticator_secret(ctx context.Conte if resTmp == nil { return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*bool) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuthResponse_authenticator_secret(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthResponse_should_show_mobile_otp_screen(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "AuthResponse", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _AuthResponse_authenticator_recovery_codes(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_AuthResponse_authenticator_recovery_codes(ctx, field) +func (ec *executionContext) _AuthResponse_should_show_totp_screen(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthResponse_should_show_totp_screen(ctx, field) if err != nil { return graphql.Null } @@ -5554,7 +6401,7 @@ func (ec *executionContext) _AuthResponse_authenticator_recovery_codes(ctx conte }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.AuthenticatorRecoveryCodes, nil + return obj.ShouldShowTotpScreen, nil }) if err != nil { ec.Error(ctx, err) @@ -5563,26 +6410,26 @@ func (ec *executionContext) _AuthResponse_authenticator_recovery_codes(ctx conte if resTmp == nil { return graphql.Null } - res := resTmp.([]*string) + res := resTmp.(*bool) fc.Result = res - return ec.marshalOString2ᚕᚖstring(ctx, field.Selections, res) + return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_AuthResponse_authenticator_recovery_codes(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthResponse_should_show_totp_screen(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "AuthResponse", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _EmailTemplate_id(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplate) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_EmailTemplate_id(ctx, field) +func (ec *executionContext) _AuthResponse_access_token(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthResponse_access_token(ctx, field) if err != nil { return graphql.Null } @@ -5595,38 +6442,35 @@ func (ec *executionContext) _EmailTemplate_id(ctx context.Context, field graphql }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.ID, nil + return obj.AccessToken, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*string) fc.Result = res - return ec.marshalNID2string(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_EmailTemplate_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthResponse_access_token(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "EmailTemplate", + Object: "AuthResponse", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type ID does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _EmailTemplate_event_name(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplate) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_EmailTemplate_event_name(ctx, field) +func (ec *executionContext) _AuthResponse_id_token(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthResponse_id_token(ctx, field) if err != nil { return graphql.Null } @@ -5639,26 +6483,23 @@ func (ec *executionContext) _EmailTemplate_event_name(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.EventName, nil + return obj.IDToken, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*string) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_EmailTemplate_event_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthResponse_id_token(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "EmailTemplate", + Object: "AuthResponse", Field: field, IsMethod: false, IsResolver: false, @@ -5669,8 +6510,8 @@ func (ec *executionContext) fieldContext_EmailTemplate_event_name(_ context.Cont return fc, nil } -func (ec *executionContext) _EmailTemplate_template(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplate) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_EmailTemplate_template(ctx, field) +func (ec *executionContext) _AuthResponse_refresh_token(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthResponse_refresh_token(ctx, field) if err != nil { return graphql.Null } @@ -5683,26 +6524,23 @@ func (ec *executionContext) _EmailTemplate_template(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Template, nil + return obj.RefreshToken, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*string) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_EmailTemplate_template(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthResponse_refresh_token(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "EmailTemplate", + Object: "AuthResponse", Field: field, IsMethod: false, IsResolver: false, @@ -5713,8 +6551,8 @@ func (ec *executionContext) fieldContext_EmailTemplate_template(_ context.Contex return fc, nil } -func (ec *executionContext) _EmailTemplate_design(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplate) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_EmailTemplate_design(ctx, field) +func (ec *executionContext) _AuthResponse_expires_in(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthResponse_expires_in(ctx, field) if err != nil { return graphql.Null } @@ -5727,38 +6565,35 @@ func (ec *executionContext) _EmailTemplate_design(ctx context.Context, field gra }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Design, nil + return obj.ExpiresIn, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*int64) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_EmailTemplate_design(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthResponse_expires_in(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "EmailTemplate", + Object: "AuthResponse", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) _EmailTemplate_subject(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplate) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_EmailTemplate_subject(ctx, field) +func (ec *executionContext) _AuthResponse_user(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthResponse_user(ctx, field) if err != nil { return graphql.Null } @@ -5771,38 +6606,77 @@ func (ec *executionContext) _EmailTemplate_subject(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Subject, nil + return obj.User, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*model.User) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalOUser2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUser(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_EmailTemplate_subject(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthResponse_user(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "EmailTemplate", + Object: "AuthResponse", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_User_id(ctx, field) + case "email": + return ec.fieldContext_User_email(ctx, field) + case "email_verified": + return ec.fieldContext_User_email_verified(ctx, field) + case "signup_methods": + return ec.fieldContext_User_signup_methods(ctx, field) + case "given_name": + return ec.fieldContext_User_given_name(ctx, field) + case "family_name": + return ec.fieldContext_User_family_name(ctx, field) + case "middle_name": + return ec.fieldContext_User_middle_name(ctx, field) + case "nickname": + return ec.fieldContext_User_nickname(ctx, field) + case "preferred_username": + return ec.fieldContext_User_preferred_username(ctx, field) + case "gender": + return ec.fieldContext_User_gender(ctx, field) + case "birthdate": + return ec.fieldContext_User_birthdate(ctx, field) + case "phone_number": + return ec.fieldContext_User_phone_number(ctx, field) + case "phone_number_verified": + return ec.fieldContext_User_phone_number_verified(ctx, field) + case "picture": + return ec.fieldContext_User_picture(ctx, field) + case "roles": + return ec.fieldContext_User_roles(ctx, field) + case "created_at": + return ec.fieldContext_User_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_User_updated_at(ctx, field) + case "revoked_timestamp": + return ec.fieldContext_User_revoked_timestamp(ctx, field) + case "is_multi_factor_auth_enabled": + return ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field) + case "app_data": + return ec.fieldContext_User_app_data(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type User", field.Name) }, } return fc, nil } -func (ec *executionContext) _EmailTemplate_created_at(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplate) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_EmailTemplate_created_at(ctx, field) +func (ec *executionContext) _AuthResponse_authenticator_scanner_image(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthResponse_authenticator_scanner_image(ctx, field) if err != nil { return graphql.Null } @@ -5815,7 +6689,7 @@ func (ec *executionContext) _EmailTemplate_created_at(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.CreatedAt, nil + return obj.AuthenticatorScannerImage, nil }) if err != nil { ec.Error(ctx, err) @@ -5824,26 +6698,26 @@ func (ec *executionContext) _EmailTemplate_created_at(ctx context.Context, field if resTmp == nil { return graphql.Null } - res := resTmp.(*int64) + res := resTmp.(*string) fc.Result = res - return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_EmailTemplate_created_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthResponse_authenticator_scanner_image(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "EmailTemplate", + Object: "AuthResponse", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _EmailTemplate_updated_at(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplate) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_EmailTemplate_updated_at(ctx, field) +func (ec *executionContext) _AuthResponse_authenticator_secret(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthResponse_authenticator_secret(ctx, field) if err != nil { return graphql.Null } @@ -5856,7 +6730,7 @@ func (ec *executionContext) _EmailTemplate_updated_at(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.UpdatedAt, nil + return obj.AuthenticatorSecret, nil }) if err != nil { ec.Error(ctx, err) @@ -5865,26 +6739,26 @@ func (ec *executionContext) _EmailTemplate_updated_at(ctx context.Context, field if resTmp == nil { return graphql.Null } - res := resTmp.(*int64) + res := resTmp.(*string) fc.Result = res - return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_EmailTemplate_updated_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthResponse_authenticator_secret(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "EmailTemplate", + Object: "AuthResponse", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _EmailTemplates_pagination(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplates) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_EmailTemplates_pagination(ctx, field) +func (ec *executionContext) _AuthResponse_authenticator_recovery_codes(ctx context.Context, field graphql.CollectedField, obj *model.AuthResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthResponse_authenticator_recovery_codes(ctx, field) if err != nil { return graphql.Null } @@ -5897,48 +6771,35 @@ func (ec *executionContext) _EmailTemplates_pagination(ctx context.Context, fiel }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Pagination, nil + return obj.AuthenticatorRecoveryCodes, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.Pagination) + res := resTmp.([]*string) fc.Result = res - return ec.marshalNPagination2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPagination(ctx, field.Selections, res) + return ec.marshalOString2ᚕᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_EmailTemplates_pagination(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthResponse_authenticator_recovery_codes(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "EmailTemplates", + Object: "AuthResponse", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "limit": - return ec.fieldContext_Pagination_limit(ctx, field) - case "page": - return ec.fieldContext_Pagination_page(ctx, field) - case "offset": - return ec.fieldContext_Pagination_offset(ctx, field) - case "total": - return ec.fieldContext_Pagination_total(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Pagination", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _EmailTemplates_email_templates(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplates) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_EmailTemplates_email_templates(ctx, field) +func (ec *executionContext) _AuthzPermission_id(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPermission) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPermission_id(ctx, field) if err != nil { return graphql.Null } @@ -5951,7 +6812,7 @@ func (ec *executionContext) _EmailTemplates_email_templates(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.EmailTemplates, nil + return obj.ID, nil }) if err != nil { ec.Error(ctx, err) @@ -5963,42 +6824,26 @@ func (ec *executionContext) _EmailTemplates_email_templates(ctx context.Context, } return graphql.Null } - res := resTmp.([]*model.EmailTemplate) + res := resTmp.(string) fc.Result = res - return ec.marshalNEmailTemplate2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐEmailTemplateᚄ(ctx, field.Selections, res) + return ec.marshalNID2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_EmailTemplates_email_templates(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPermission_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "EmailTemplates", + Object: "AuthzPermission", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "id": - return ec.fieldContext_EmailTemplate_id(ctx, field) - case "event_name": - return ec.fieldContext_EmailTemplate_event_name(ctx, field) - case "template": - return ec.fieldContext_EmailTemplate_template(ctx, field) - case "design": - return ec.fieldContext_EmailTemplate_design(ctx, field) - case "subject": - return ec.fieldContext_EmailTemplate_subject(ctx, field) - case "created_at": - return ec.fieldContext_EmailTemplate_created_at(ctx, field) - case "updated_at": - return ec.fieldContext_EmailTemplate_updated_at(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type EmailTemplate", field.Name) + return nil, errors.New("field of type ID does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_ACCESS_TOKEN_EXPIRY_TIME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_ACCESS_TOKEN_EXPIRY_TIME(ctx, field) +func (ec *executionContext) _AuthzPermission_name(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPermission) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPermission_name(ctx, field) if err != nil { return graphql.Null } @@ -6011,23 +6856,26 @@ func (ec *executionContext) _Env_ACCESS_TOKEN_EXPIRY_TIME(ctx context.Context, f }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.AccessTokenExpiryTime, nil + return obj.Name, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_ACCESS_TOKEN_EXPIRY_TIME(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPermission_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPermission", Field: field, IsMethod: false, IsResolver: false, @@ -6038,8 +6886,8 @@ func (ec *executionContext) fieldContext_Env_ACCESS_TOKEN_EXPIRY_TIME(_ context. return fc, nil } -func (ec *executionContext) _Env_ADMIN_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_ADMIN_SECRET(ctx, field) +func (ec *executionContext) _AuthzPermission_description(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPermission) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPermission_description(ctx, field) if err != nil { return graphql.Null } @@ -6052,7 +6900,7 @@ func (ec *executionContext) _Env_ADMIN_SECRET(ctx context.Context, field graphql }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.AdminSecret, nil + return obj.Description, nil }) if err != nil { ec.Error(ctx, err) @@ -6066,9 +6914,9 @@ func (ec *executionContext) _Env_ADMIN_SECRET(ctx context.Context, field graphql return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_ADMIN_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPermission_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPermission", Field: field, IsMethod: false, IsResolver: false, @@ -6079,8 +6927,8 @@ func (ec *executionContext) fieldContext_Env_ADMIN_SECRET(_ context.Context, fie return fc, nil } -func (ec *executionContext) _Env_DATABASE_NAME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DATABASE_NAME(ctx, field) +func (ec *executionContext) _AuthzPermission_resource(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPermission) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPermission_resource(ctx, field) if err != nil { return graphql.Null } @@ -6093,35 +6941,50 @@ func (ec *executionContext) _Env_DATABASE_NAME(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DatabaseName, nil + return obj.Resource, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.AuthzResource) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNAuthzResource2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzResource(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DATABASE_NAME(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPermission_resource(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPermission", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_AuthzResource_id(ctx, field) + case "name": + return ec.fieldContext_AuthzResource_name(ctx, field) + case "description": + return ec.fieldContext_AuthzResource_description(ctx, field) + case "created_at": + return ec.fieldContext_AuthzResource_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_AuthzResource_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuthzResource", field.Name) }, } return fc, nil } -func (ec *executionContext) _Env_DATABASE_URL(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DATABASE_URL(ctx, field) +func (ec *executionContext) _AuthzPermission_scopes(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPermission) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPermission_scopes(ctx, field) if err != nil { return graphql.Null } @@ -6134,35 +6997,50 @@ func (ec *executionContext) _Env_DATABASE_URL(ctx context.Context, field graphql }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DatabaseURL, nil + return obj.Scopes, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.([]*model.AuthzScope) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNAuthzScope2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzScopeᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DATABASE_URL(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPermission_scopes(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPermission", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_AuthzScope_id(ctx, field) + case "name": + return ec.fieldContext_AuthzScope_name(ctx, field) + case "description": + return ec.fieldContext_AuthzScope_description(ctx, field) + case "created_at": + return ec.fieldContext_AuthzScope_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_AuthzScope_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuthzScope", field.Name) }, } return fc, nil } -func (ec *executionContext) _Env_DATABASE_TYPE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DATABASE_TYPE(ctx, field) +func (ec *executionContext) _AuthzPermission_policies(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPermission) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPermission_policies(ctx, field) if err != nil { return graphql.Null } @@ -6175,35 +7053,58 @@ func (ec *executionContext) _Env_DATABASE_TYPE(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DatabaseType, nil + return obj.Policies, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.([]*model.AuthzPolicy) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNAuthzPolicy2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPolicyᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DATABASE_TYPE(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPermission_policies(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPermission", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_AuthzPolicy_id(ctx, field) + case "name": + return ec.fieldContext_AuthzPolicy_name(ctx, field) + case "description": + return ec.fieldContext_AuthzPolicy_description(ctx, field) + case "type": + return ec.fieldContext_AuthzPolicy_type(ctx, field) + case "logic": + return ec.fieldContext_AuthzPolicy_logic(ctx, field) + case "decision_strategy": + return ec.fieldContext_AuthzPolicy_decision_strategy(ctx, field) + case "targets": + return ec.fieldContext_AuthzPolicy_targets(ctx, field) + case "created_at": + return ec.fieldContext_AuthzPolicy_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_AuthzPolicy_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuthzPolicy", field.Name) }, } return fc, nil } -func (ec *executionContext) _Env_DATABASE_USERNAME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DATABASE_USERNAME(ctx, field) +func (ec *executionContext) _AuthzPermission_decision_strategy(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPermission) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPermission_decision_strategy(ctx, field) if err != nil { return graphql.Null } @@ -6216,23 +7117,26 @@ func (ec *executionContext) _Env_DATABASE_USERNAME(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DatabaseUsername, nil + return obj.DecisionStrategy, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DATABASE_USERNAME(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPermission_decision_strategy(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPermission", Field: field, IsMethod: false, IsResolver: false, @@ -6243,8 +7147,8 @@ func (ec *executionContext) fieldContext_Env_DATABASE_USERNAME(_ context.Context return fc, nil } -func (ec *executionContext) _Env_DATABASE_PASSWORD(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DATABASE_PASSWORD(ctx, field) +func (ec *executionContext) _AuthzPermission_created_at(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPermission) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPermission_created_at(ctx, field) if err != nil { return graphql.Null } @@ -6257,35 +7161,38 @@ func (ec *executionContext) _Env_DATABASE_PASSWORD(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DatabasePassword, nil + return obj.CreatedAt, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(int64) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNInt642int64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DATABASE_PASSWORD(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPermission_created_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPermission", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_DATABASE_HOST(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DATABASE_HOST(ctx, field) +func (ec *executionContext) _AuthzPermission_updated_at(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPermission) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPermission_updated_at(ctx, field) if err != nil { return graphql.Null } @@ -6298,35 +7205,38 @@ func (ec *executionContext) _Env_DATABASE_HOST(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DatabaseHost, nil + return obj.UpdatedAt, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(int64) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNInt642int64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DATABASE_HOST(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPermission_updated_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPermission", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_DATABASE_PORT(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DATABASE_PORT(ctx, field) +func (ec *executionContext) _AuthzPermissions_pagination(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPermissions) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPermissions_pagination(ctx, field) if err != nil { return graphql.Null } @@ -6339,35 +7249,48 @@ func (ec *executionContext) _Env_DATABASE_PORT(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DatabasePort, nil + return obj.Pagination, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.Pagination) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNPagination2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPagination(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DATABASE_PORT(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPermissions_pagination(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPermissions", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "limit": + return ec.fieldContext_Pagination_limit(ctx, field) + case "page": + return ec.fieldContext_Pagination_page(ctx, field) + case "offset": + return ec.fieldContext_Pagination_offset(ctx, field) + case "total": + return ec.fieldContext_Pagination_total(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Pagination", field.Name) }, } return fc, nil } -func (ec *executionContext) _Env_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_CLIENT_ID(ctx, field) +func (ec *executionContext) _AuthzPermissions_permissions(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPermissions) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPermissions_permissions(ctx, field) if err != nil { return graphql.Null } @@ -6380,7 +7303,7 @@ func (ec *executionContext) _Env_CLIENT_ID(ctx context.Context, field graphql.Co }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.ClientID, nil + return obj.Permissions, nil }) if err != nil { ec.Error(ctx, err) @@ -6392,26 +7315,46 @@ func (ec *executionContext) _Env_CLIENT_ID(ctx context.Context, field graphql.Co } return graphql.Null } - res := resTmp.(string) + res := resTmp.([]*model.AuthzPermission) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalNAuthzPermission2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPermissionᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPermissions_permissions(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPermissions", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_AuthzPermission_id(ctx, field) + case "name": + return ec.fieldContext_AuthzPermission_name(ctx, field) + case "description": + return ec.fieldContext_AuthzPermission_description(ctx, field) + case "resource": + return ec.fieldContext_AuthzPermission_resource(ctx, field) + case "scopes": + return ec.fieldContext_AuthzPermission_scopes(ctx, field) + case "policies": + return ec.fieldContext_AuthzPermission_policies(ctx, field) + case "decision_strategy": + return ec.fieldContext_AuthzPermission_decision_strategy(ctx, field) + case "created_at": + return ec.fieldContext_AuthzPermission_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_AuthzPermission_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuthzPermission", field.Name) }, } return fc, nil } -func (ec *executionContext) _Env_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_CLIENT_SECRET(ctx, field) +func (ec *executionContext) _AuthzPolicies_pagination(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPolicies) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPolicies_pagination(ctx, field) if err != nil { return graphql.Null } @@ -6424,7 +7367,7 @@ func (ec *executionContext) _Env_CLIENT_SECRET(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.ClientSecret, nil + return obj.Pagination, nil }) if err != nil { ec.Error(ctx, err) @@ -6436,26 +7379,36 @@ func (ec *executionContext) _Env_CLIENT_SECRET(ctx context.Context, field graphq } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*model.Pagination) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalNPagination2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPagination(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPolicies_pagination(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPolicies", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "limit": + return ec.fieldContext_Pagination_limit(ctx, field) + case "page": + return ec.fieldContext_Pagination_page(ctx, field) + case "offset": + return ec.fieldContext_Pagination_offset(ctx, field) + case "total": + return ec.fieldContext_Pagination_total(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Pagination", field.Name) }, } return fc, nil } -func (ec *executionContext) _Env_CUSTOM_ACCESS_TOKEN_SCRIPT(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_CUSTOM_ACCESS_TOKEN_SCRIPT(ctx, field) +func (ec *executionContext) _AuthzPolicies_policies(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPolicies) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPolicies_policies(ctx, field) if err != nil { return graphql.Null } @@ -6468,35 +7421,58 @@ func (ec *executionContext) _Env_CUSTOM_ACCESS_TOKEN_SCRIPT(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.CustomAccessTokenScript, nil + return obj.Policies, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.([]*model.AuthzPolicy) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNAuthzPolicy2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPolicyᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_CUSTOM_ACCESS_TOKEN_SCRIPT(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPolicies_policies(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPolicies", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_AuthzPolicy_id(ctx, field) + case "name": + return ec.fieldContext_AuthzPolicy_name(ctx, field) + case "description": + return ec.fieldContext_AuthzPolicy_description(ctx, field) + case "type": + return ec.fieldContext_AuthzPolicy_type(ctx, field) + case "logic": + return ec.fieldContext_AuthzPolicy_logic(ctx, field) + case "decision_strategy": + return ec.fieldContext_AuthzPolicy_decision_strategy(ctx, field) + case "targets": + return ec.fieldContext_AuthzPolicy_targets(ctx, field) + case "created_at": + return ec.fieldContext_AuthzPolicy_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_AuthzPolicy_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuthzPolicy", field.Name) }, } return fc, nil } -func (ec *executionContext) _Env_SMTP_HOST(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_SMTP_HOST(ctx, field) +func (ec *executionContext) _AuthzPolicy_id(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPolicy) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPolicy_id(ctx, field) if err != nil { return graphql.Null } @@ -6509,35 +7485,38 @@ func (ec *executionContext) _Env_SMTP_HOST(ctx context.Context, field graphql.Co }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.SMTPHost, nil + return obj.ID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNID2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_SMTP_HOST(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPolicy_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPolicy", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type ID does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_SMTP_PORT(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_SMTP_PORT(ctx, field) +func (ec *executionContext) _AuthzPolicy_name(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPolicy) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPolicy_name(ctx, field) if err != nil { return graphql.Null } @@ -6550,23 +7529,26 @@ func (ec *executionContext) _Env_SMTP_PORT(ctx context.Context, field graphql.Co }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.SMTPPort, nil + return obj.Name, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_SMTP_PORT(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPolicy_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPolicy", Field: field, IsMethod: false, IsResolver: false, @@ -6577,8 +7559,8 @@ func (ec *executionContext) fieldContext_Env_SMTP_PORT(_ context.Context, field return fc, nil } -func (ec *executionContext) _Env_SMTP_USERNAME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_SMTP_USERNAME(ctx, field) +func (ec *executionContext) _AuthzPolicy_description(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPolicy) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPolicy_description(ctx, field) if err != nil { return graphql.Null } @@ -6591,7 +7573,7 @@ func (ec *executionContext) _Env_SMTP_USERNAME(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.SMTPUsername, nil + return obj.Description, nil }) if err != nil { ec.Error(ctx, err) @@ -6605,9 +7587,9 @@ func (ec *executionContext) _Env_SMTP_USERNAME(ctx context.Context, field graphq return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_SMTP_USERNAME(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPolicy_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPolicy", Field: field, IsMethod: false, IsResolver: false, @@ -6618,8 +7600,8 @@ func (ec *executionContext) fieldContext_Env_SMTP_USERNAME(_ context.Context, fi return fc, nil } -func (ec *executionContext) _Env_SMTP_PASSWORD(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_SMTP_PASSWORD(ctx, field) +func (ec *executionContext) _AuthzPolicy_type(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPolicy) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPolicy_type(ctx, field) if err != nil { return graphql.Null } @@ -6632,23 +7614,26 @@ func (ec *executionContext) _Env_SMTP_PASSWORD(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.SMTPPassword, nil + return obj.Type, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_SMTP_PASSWORD(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPolicy_type(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPolicy", Field: field, IsMethod: false, IsResolver: false, @@ -6659,8 +7644,8 @@ func (ec *executionContext) fieldContext_Env_SMTP_PASSWORD(_ context.Context, fi return fc, nil } -func (ec *executionContext) _Env_SMTP_LOCAL_NAME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_SMTP_LOCAL_NAME(ctx, field) +func (ec *executionContext) _AuthzPolicy_logic(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPolicy) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPolicy_logic(ctx, field) if err != nil { return graphql.Null } @@ -6673,23 +7658,26 @@ func (ec *executionContext) _Env_SMTP_LOCAL_NAME(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.SMTPLocalName, nil + return obj.Logic, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_SMTP_LOCAL_NAME(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPolicy_logic(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPolicy", Field: field, IsMethod: false, IsResolver: false, @@ -6700,8 +7688,8 @@ func (ec *executionContext) fieldContext_Env_SMTP_LOCAL_NAME(_ context.Context, return fc, nil } -func (ec *executionContext) _Env_SENDER_EMAIL(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_SENDER_EMAIL(ctx, field) +func (ec *executionContext) _AuthzPolicy_decision_strategy(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPolicy) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPolicy_decision_strategy(ctx, field) if err != nil { return graphql.Null } @@ -6714,23 +7702,26 @@ func (ec *executionContext) _Env_SENDER_EMAIL(ctx context.Context, field graphql }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.SenderEmail, nil + return obj.DecisionStrategy, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_SENDER_EMAIL(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPolicy_decision_strategy(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPolicy", Field: field, IsMethod: false, IsResolver: false, @@ -6741,8 +7732,8 @@ func (ec *executionContext) fieldContext_Env_SENDER_EMAIL(_ context.Context, fie return fc, nil } -func (ec *executionContext) _Env_SENDER_NAME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_SENDER_NAME(ctx, field) +func (ec *executionContext) _AuthzPolicy_targets(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPolicy) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPolicy_targets(ctx, field) if err != nil { return graphql.Null } @@ -6755,35 +7746,46 @@ func (ec *executionContext) _Env_SENDER_NAME(ctx context.Context, field graphql. }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.SenderName, nil + return obj.Targets, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.([]*model.AuthzPolicyTarget) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNAuthzPolicyTarget2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPolicyTargetᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_SENDER_NAME(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPolicy_targets(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPolicy", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_AuthzPolicyTarget_id(ctx, field) + case "target_type": + return ec.fieldContext_AuthzPolicyTarget_target_type(ctx, field) + case "target_value": + return ec.fieldContext_AuthzPolicyTarget_target_value(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuthzPolicyTarget", field.Name) }, } return fc, nil } -func (ec *executionContext) _Env_JWT_TYPE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_JWT_TYPE(ctx, field) +func (ec *executionContext) _AuthzPolicy_created_at(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPolicy) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPolicy_created_at(ctx, field) if err != nil { return graphql.Null } @@ -6796,35 +7798,38 @@ func (ec *executionContext) _Env_JWT_TYPE(ctx context.Context, field graphql.Col }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.JwtType, nil + return obj.CreatedAt, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(int64) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNInt642int64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_JWT_TYPE(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPolicy_created_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPolicy", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_JWT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_JWT_SECRET(ctx, field) +func (ec *executionContext) _AuthzPolicy_updated_at(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPolicy) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPolicy_updated_at(ctx, field) if err != nil { return graphql.Null } @@ -6837,35 +7842,38 @@ func (ec *executionContext) _Env_JWT_SECRET(ctx context.Context, field graphql.C }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.JwtSecret, nil + return obj.UpdatedAt, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(int64) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNInt642int64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_JWT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPolicy_updated_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPolicy", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_JWT_PRIVATE_KEY(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_JWT_PRIVATE_KEY(ctx, field) +func (ec *executionContext) _AuthzPolicyTarget_id(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPolicyTarget) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPolicyTarget_id(ctx, field) if err != nil { return graphql.Null } @@ -6878,35 +7886,38 @@ func (ec *executionContext) _Env_JWT_PRIVATE_KEY(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.JwtPrivateKey, nil + return obj.ID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNID2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_JWT_PRIVATE_KEY(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPolicyTarget_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPolicyTarget", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type ID does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_JWT_PUBLIC_KEY(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_JWT_PUBLIC_KEY(ctx, field) +func (ec *executionContext) _AuthzPolicyTarget_target_type(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPolicyTarget) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPolicyTarget_target_type(ctx, field) if err != nil { return graphql.Null } @@ -6919,23 +7930,26 @@ func (ec *executionContext) _Env_JWT_PUBLIC_KEY(ctx context.Context, field graph }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.JwtPublicKey, nil + return obj.TargetType, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_JWT_PUBLIC_KEY(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPolicyTarget_target_type(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPolicyTarget", Field: field, IsMethod: false, IsResolver: false, @@ -6946,8 +7960,8 @@ func (ec *executionContext) fieldContext_Env_JWT_PUBLIC_KEY(_ context.Context, f return fc, nil } -func (ec *executionContext) _Env_ALLOWED_ORIGINS(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_ALLOWED_ORIGINS(ctx, field) +func (ec *executionContext) _AuthzPolicyTarget_target_value(ctx context.Context, field graphql.CollectedField, obj *model.AuthzPolicyTarget) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzPolicyTarget_target_value(ctx, field) if err != nil { return graphql.Null } @@ -6960,23 +7974,26 @@ func (ec *executionContext) _Env_ALLOWED_ORIGINS(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.AllowedOrigins, nil + return obj.TargetValue, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.([]string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚕstringᚄ(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_ALLOWED_ORIGINS(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzPolicyTarget_target_value(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzPolicyTarget", Field: field, IsMethod: false, IsResolver: false, @@ -6987,8 +8004,8 @@ func (ec *executionContext) fieldContext_Env_ALLOWED_ORIGINS(_ context.Context, return fc, nil } -func (ec *executionContext) _Env_APP_URL(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_APP_URL(ctx, field) +func (ec *executionContext) _AuthzResource_id(ctx context.Context, field graphql.CollectedField, obj *model.AuthzResource) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzResource_id(ctx, field) if err != nil { return graphql.Null } @@ -7001,35 +8018,38 @@ func (ec *executionContext) _Env_APP_URL(ctx context.Context, field graphql.Coll }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.AppURL, nil + return obj.ID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNID2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_APP_URL(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzResource_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzResource", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type ID does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_REDIS_URL(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_REDIS_URL(ctx, field) +func (ec *executionContext) _AuthzResource_name(ctx context.Context, field graphql.CollectedField, obj *model.AuthzResource) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzResource_name(ctx, field) if err != nil { return graphql.Null } @@ -7042,23 +8062,26 @@ func (ec *executionContext) _Env_REDIS_URL(ctx context.Context, field graphql.Co }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.RedisURL, nil + return obj.Name, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_REDIS_URL(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzResource_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzResource", Field: field, IsMethod: false, IsResolver: false, @@ -7069,8 +8092,8 @@ func (ec *executionContext) fieldContext_Env_REDIS_URL(_ context.Context, field return fc, nil } -func (ec *executionContext) _Env_RESET_PASSWORD_URL(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_RESET_PASSWORD_URL(ctx, field) +func (ec *executionContext) _AuthzResource_description(ctx context.Context, field graphql.CollectedField, obj *model.AuthzResource) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzResource_description(ctx, field) if err != nil { return graphql.Null } @@ -7083,7 +8106,7 @@ func (ec *executionContext) _Env_RESET_PASSWORD_URL(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.ResetPasswordURL, nil + return obj.Description, nil }) if err != nil { ec.Error(ctx, err) @@ -7097,9 +8120,9 @@ func (ec *executionContext) _Env_RESET_PASSWORD_URL(ctx context.Context, field g return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_RESET_PASSWORD_URL(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzResource_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzResource", Field: field, IsMethod: false, IsResolver: false, @@ -7110,8 +8133,8 @@ func (ec *executionContext) fieldContext_Env_RESET_PASSWORD_URL(_ context.Contex return fc, nil } -func (ec *executionContext) _Env_DISABLE_EMAIL_VERIFICATION(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DISABLE_EMAIL_VERIFICATION(ctx, field) +func (ec *executionContext) _AuthzResource_created_at(ctx context.Context, field graphql.CollectedField, obj *model.AuthzResource) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzResource_created_at(ctx, field) if err != nil { return graphql.Null } @@ -7124,7 +8147,7 @@ func (ec *executionContext) _Env_DISABLE_EMAIL_VERIFICATION(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DisableEmailVerification, nil + return obj.CreatedAt, nil }) if err != nil { ec.Error(ctx, err) @@ -7136,26 +8159,26 @@ func (ec *executionContext) _Env_DISABLE_EMAIL_VERIFICATION(ctx context.Context, } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(int64) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalNInt642int64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DISABLE_EMAIL_VERIFICATION(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzResource_created_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzResource", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_DISABLE_BASIC_AUTHENTICATION(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DISABLE_BASIC_AUTHENTICATION(ctx, field) +func (ec *executionContext) _AuthzResource_updated_at(ctx context.Context, field graphql.CollectedField, obj *model.AuthzResource) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzResource_updated_at(ctx, field) if err != nil { return graphql.Null } @@ -7168,7 +8191,7 @@ func (ec *executionContext) _Env_DISABLE_BASIC_AUTHENTICATION(ctx context.Contex }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DisableBasicAuthentication, nil + return obj.UpdatedAt, nil }) if err != nil { ec.Error(ctx, err) @@ -7180,26 +8203,26 @@ func (ec *executionContext) _Env_DISABLE_BASIC_AUTHENTICATION(ctx context.Contex } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(int64) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalNInt642int64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DISABLE_BASIC_AUTHENTICATION(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzResource_updated_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzResource", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_DISABLE_MOBILE_BASIC_AUTHENTICATION(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DISABLE_MOBILE_BASIC_AUTHENTICATION(ctx, field) +func (ec *executionContext) _AuthzResources_pagination(ctx context.Context, field graphql.CollectedField, obj *model.AuthzResources) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzResources_pagination(ctx, field) if err != nil { return graphql.Null } @@ -7212,7 +8235,7 @@ func (ec *executionContext) _Env_DISABLE_MOBILE_BASIC_AUTHENTICATION(ctx context }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DisableMobileBasicAuthentication, nil + return obj.Pagination, nil }) if err != nil { ec.Error(ctx, err) @@ -7224,26 +8247,36 @@ func (ec *executionContext) _Env_DISABLE_MOBILE_BASIC_AUTHENTICATION(ctx context } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*model.Pagination) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalNPagination2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPagination(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DISABLE_MOBILE_BASIC_AUTHENTICATION(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzResources_pagination(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzResources", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + switch field.Name { + case "limit": + return ec.fieldContext_Pagination_limit(ctx, field) + case "page": + return ec.fieldContext_Pagination_page(ctx, field) + case "offset": + return ec.fieldContext_Pagination_offset(ctx, field) + case "total": + return ec.fieldContext_Pagination_total(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Pagination", field.Name) }, } return fc, nil } -func (ec *executionContext) _Env_DISABLE_MAGIC_LINK_LOGIN(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DISABLE_MAGIC_LINK_LOGIN(ctx, field) +func (ec *executionContext) _AuthzResources_resources(ctx context.Context, field graphql.CollectedField, obj *model.AuthzResources) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzResources_resources(ctx, field) if err != nil { return graphql.Null } @@ -7256,7 +8289,7 @@ func (ec *executionContext) _Env_DISABLE_MAGIC_LINK_LOGIN(ctx context.Context, f }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DisableMagicLinkLogin, nil + return obj.Resources, nil }) if err != nil { ec.Error(ctx, err) @@ -7268,26 +8301,38 @@ func (ec *executionContext) _Env_DISABLE_MAGIC_LINK_LOGIN(ctx context.Context, f } return graphql.Null } - res := resTmp.(bool) + res := resTmp.([]*model.AuthzResource) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalNAuthzResource2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzResourceᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DISABLE_MAGIC_LINK_LOGIN(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzResources_resources(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzResources", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_AuthzResource_id(ctx, field) + case "name": + return ec.fieldContext_AuthzResource_name(ctx, field) + case "description": + return ec.fieldContext_AuthzResource_description(ctx, field) + case "created_at": + return ec.fieldContext_AuthzResource_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_AuthzResource_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuthzResource", field.Name) }, } return fc, nil } -func (ec *executionContext) _Env_DISABLE_LOGIN_PAGE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DISABLE_LOGIN_PAGE(ctx, field) +func (ec *executionContext) _AuthzScope_id(ctx context.Context, field graphql.CollectedField, obj *model.AuthzScope) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzScope_id(ctx, field) if err != nil { return graphql.Null } @@ -7300,7 +8345,7 @@ func (ec *executionContext) _Env_DISABLE_LOGIN_PAGE(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DisableLoginPage, nil + return obj.ID, nil }) if err != nil { ec.Error(ctx, err) @@ -7312,26 +8357,26 @@ func (ec *executionContext) _Env_DISABLE_LOGIN_PAGE(ctx context.Context, field g } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalNID2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DISABLE_LOGIN_PAGE(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzScope_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzScope", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type ID does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_DISABLE_SIGN_UP(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DISABLE_SIGN_UP(ctx, field) +func (ec *executionContext) _AuthzScope_name(ctx context.Context, field graphql.CollectedField, obj *model.AuthzScope) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzScope_name(ctx, field) if err != nil { return graphql.Null } @@ -7344,7 +8389,7 @@ func (ec *executionContext) _Env_DISABLE_SIGN_UP(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DisableSignUp, nil + return obj.Name, nil }) if err != nil { ec.Error(ctx, err) @@ -7356,26 +8401,26 @@ func (ec *executionContext) _Env_DISABLE_SIGN_UP(ctx context.Context, field grap } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DISABLE_SIGN_UP(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzScope_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzScope", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_DISABLE_REDIS_FOR_ENV(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DISABLE_REDIS_FOR_ENV(ctx, field) +func (ec *executionContext) _AuthzScope_description(ctx context.Context, field graphql.CollectedField, obj *model.AuthzScope) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzScope_description(ctx, field) if err != nil { return graphql.Null } @@ -7388,38 +8433,35 @@ func (ec *executionContext) _Env_DISABLE_REDIS_FOR_ENV(ctx context.Context, fiel }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DisableRedisForEnv, nil + return obj.Description, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DISABLE_REDIS_FOR_ENV(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzScope_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzScope", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_DISABLE_STRONG_PASSWORD(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DISABLE_STRONG_PASSWORD(ctx, field) +func (ec *executionContext) _AuthzScope_created_at(ctx context.Context, field graphql.CollectedField, obj *model.AuthzScope) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzScope_created_at(ctx, field) if err != nil { return graphql.Null } @@ -7432,7 +8474,7 @@ func (ec *executionContext) _Env_DISABLE_STRONG_PASSWORD(ctx context.Context, fi }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DisableStrongPassword, nil + return obj.CreatedAt, nil }) if err != nil { ec.Error(ctx, err) @@ -7444,26 +8486,26 @@ func (ec *executionContext) _Env_DISABLE_STRONG_PASSWORD(ctx context.Context, fi } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(int64) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalNInt642int64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DISABLE_STRONG_PASSWORD(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzScope_created_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzScope", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_DISABLE_MULTI_FACTOR_AUTHENTICATION(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DISABLE_MULTI_FACTOR_AUTHENTICATION(ctx, field) +func (ec *executionContext) _AuthzScope_updated_at(ctx context.Context, field graphql.CollectedField, obj *model.AuthzScope) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzScope_updated_at(ctx, field) if err != nil { return graphql.Null } @@ -7476,7 +8518,7 @@ func (ec *executionContext) _Env_DISABLE_MULTI_FACTOR_AUTHENTICATION(ctx context }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DisableMultiFactorAuthentication, nil + return obj.UpdatedAt, nil }) if err != nil { ec.Error(ctx, err) @@ -7488,26 +8530,26 @@ func (ec *executionContext) _Env_DISABLE_MULTI_FACTOR_AUTHENTICATION(ctx context } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(int64) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalNInt642int64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DISABLE_MULTI_FACTOR_AUTHENTICATION(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzScope_updated_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzScope", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_ENFORCE_MULTI_FACTOR_AUTHENTICATION(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_ENFORCE_MULTI_FACTOR_AUTHENTICATION(ctx, field) +func (ec *executionContext) _AuthzScopes_pagination(ctx context.Context, field graphql.CollectedField, obj *model.AuthzScopes) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzScopes_pagination(ctx, field) if err != nil { return graphql.Null } @@ -7520,7 +8562,7 @@ func (ec *executionContext) _Env_ENFORCE_MULTI_FACTOR_AUTHENTICATION(ctx context }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.EnforceMultiFactorAuthentication, nil + return obj.Pagination, nil }) if err != nil { ec.Error(ctx, err) @@ -7532,26 +8574,36 @@ func (ec *executionContext) _Env_ENFORCE_MULTI_FACTOR_AUTHENTICATION(ctx context } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*model.Pagination) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalNPagination2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPagination(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_ENFORCE_MULTI_FACTOR_AUTHENTICATION(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzScopes_pagination(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzScopes", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + switch field.Name { + case "limit": + return ec.fieldContext_Pagination_limit(ctx, field) + case "page": + return ec.fieldContext_Pagination_page(ctx, field) + case "offset": + return ec.fieldContext_Pagination_offset(ctx, field) + case "total": + return ec.fieldContext_Pagination_total(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Pagination", field.Name) }, } return fc, nil } -func (ec *executionContext) _Env_ROLES(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_ROLES(ctx, field) +func (ec *executionContext) _AuthzScopes_scopes(ctx context.Context, field graphql.CollectedField, obj *model.AuthzScopes) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_AuthzScopes_scopes(ctx, field) if err != nil { return graphql.Null } @@ -7564,35 +8616,50 @@ func (ec *executionContext) _Env_ROLES(ctx context.Context, field graphql.Collec }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Roles, nil + return obj.Scopes, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.([]string) + res := resTmp.([]*model.AuthzScope) fc.Result = res - return ec.marshalOString2ᚕstringᚄ(ctx, field.Selections, res) + return ec.marshalNAuthzScope2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzScopeᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_ROLES(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_AuthzScopes_scopes(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "AuthzScopes", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_AuthzScope_id(ctx, field) + case "name": + return ec.fieldContext_AuthzScope_name(ctx, field) + case "description": + return ec.fieldContext_AuthzScope_description(ctx, field) + case "created_at": + return ec.fieldContext_AuthzScope_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_AuthzScope_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuthzScope", field.Name) }, } return fc, nil } -func (ec *executionContext) _Env_PROTECTED_ROLES(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_PROTECTED_ROLES(ctx, field) +func (ec *executionContext) _EmailTemplate_id(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplate) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_EmailTemplate_id(ctx, field) if err != nil { return graphql.Null } @@ -7605,35 +8672,38 @@ func (ec *executionContext) _Env_PROTECTED_ROLES(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.ProtectedRoles, nil + return obj.ID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.([]string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚕstringᚄ(ctx, field.Selections, res) + return ec.marshalNID2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_PROTECTED_ROLES(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_EmailTemplate_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "EmailTemplate", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type ID does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_DEFAULT_ROLES(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DEFAULT_ROLES(ctx, field) +func (ec *executionContext) _EmailTemplate_event_name(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplate) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_EmailTemplate_event_name(ctx, field) if err != nil { return graphql.Null } @@ -7646,23 +8716,26 @@ func (ec *executionContext) _Env_DEFAULT_ROLES(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DefaultRoles, nil + return obj.EventName, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.([]string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚕstringᚄ(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DEFAULT_ROLES(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_EmailTemplate_event_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "EmailTemplate", Field: field, IsMethod: false, IsResolver: false, @@ -7673,8 +8746,8 @@ func (ec *executionContext) fieldContext_Env_DEFAULT_ROLES(_ context.Context, fi return fc, nil } -func (ec *executionContext) _Env_JWT_ROLE_CLAIM(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_JWT_ROLE_CLAIM(ctx, field) +func (ec *executionContext) _EmailTemplate_template(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplate) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_EmailTemplate_template(ctx, field) if err != nil { return graphql.Null } @@ -7687,23 +8760,26 @@ func (ec *executionContext) _Env_JWT_ROLE_CLAIM(ctx context.Context, field graph }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.JwtRoleClaim, nil + return obj.Template, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_JWT_ROLE_CLAIM(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_EmailTemplate_template(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "EmailTemplate", Field: field, IsMethod: false, IsResolver: false, @@ -7714,8 +8790,8 @@ func (ec *executionContext) fieldContext_Env_JWT_ROLE_CLAIM(_ context.Context, f return fc, nil } -func (ec *executionContext) _Env_GOOGLE_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_GOOGLE_CLIENT_ID(ctx, field) +func (ec *executionContext) _EmailTemplate_design(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplate) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_EmailTemplate_design(ctx, field) if err != nil { return graphql.Null } @@ -7728,23 +8804,26 @@ func (ec *executionContext) _Env_GOOGLE_CLIENT_ID(ctx context.Context, field gra }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.GoogleClientID, nil + return obj.Design, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_GOOGLE_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_EmailTemplate_design(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "EmailTemplate", Field: field, IsMethod: false, IsResolver: false, @@ -7755,8 +8834,8 @@ func (ec *executionContext) fieldContext_Env_GOOGLE_CLIENT_ID(_ context.Context, return fc, nil } -func (ec *executionContext) _Env_GOOGLE_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_GOOGLE_CLIENT_SECRET(ctx, field) +func (ec *executionContext) _EmailTemplate_subject(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplate) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_EmailTemplate_subject(ctx, field) if err != nil { return graphql.Null } @@ -7769,23 +8848,26 @@ func (ec *executionContext) _Env_GOOGLE_CLIENT_SECRET(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.GoogleClientSecret, nil + return obj.Subject, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_GOOGLE_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_EmailTemplate_subject(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "EmailTemplate", Field: field, IsMethod: false, IsResolver: false, @@ -7796,8 +8878,8 @@ func (ec *executionContext) fieldContext_Env_GOOGLE_CLIENT_SECRET(_ context.Cont return fc, nil } -func (ec *executionContext) _Env_GITHUB_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_GITHUB_CLIENT_ID(ctx, field) +func (ec *executionContext) _EmailTemplate_created_at(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplate) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_EmailTemplate_created_at(ctx, field) if err != nil { return graphql.Null } @@ -7810,7 +8892,7 @@ func (ec *executionContext) _Env_GITHUB_CLIENT_ID(ctx context.Context, field gra }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.GithubClientID, nil + return obj.CreatedAt, nil }) if err != nil { ec.Error(ctx, err) @@ -7819,26 +8901,26 @@ func (ec *executionContext) _Env_GITHUB_CLIENT_ID(ctx context.Context, field gra if resTmp == nil { return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*int64) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_GITHUB_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_EmailTemplate_created_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "EmailTemplate", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_GITHUB_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_GITHUB_CLIENT_SECRET(ctx, field) +func (ec *executionContext) _EmailTemplate_updated_at(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplate) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_EmailTemplate_updated_at(ctx, field) if err != nil { return graphql.Null } @@ -7851,7 +8933,7 @@ func (ec *executionContext) _Env_GITHUB_CLIENT_SECRET(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.GithubClientSecret, nil + return obj.UpdatedAt, nil }) if err != nil { ec.Error(ctx, err) @@ -7860,26 +8942,26 @@ func (ec *executionContext) _Env_GITHUB_CLIENT_SECRET(ctx context.Context, field if resTmp == nil { return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*int64) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_GITHUB_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_EmailTemplate_updated_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "EmailTemplate", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_FACEBOOK_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_FACEBOOK_CLIENT_ID(ctx, field) +func (ec *executionContext) _EmailTemplates_pagination(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplates) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_EmailTemplates_pagination(ctx, field) if err != nil { return graphql.Null } @@ -7892,35 +8974,48 @@ func (ec *executionContext) _Env_FACEBOOK_CLIENT_ID(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.FacebookClientID, nil + return obj.Pagination, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.Pagination) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNPagination2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPagination(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_FACEBOOK_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_EmailTemplates_pagination(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "EmailTemplates", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "limit": + return ec.fieldContext_Pagination_limit(ctx, field) + case "page": + return ec.fieldContext_Pagination_page(ctx, field) + case "offset": + return ec.fieldContext_Pagination_offset(ctx, field) + case "total": + return ec.fieldContext_Pagination_total(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Pagination", field.Name) }, } return fc, nil } -func (ec *executionContext) _Env_FACEBOOK_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_FACEBOOK_CLIENT_SECRET(ctx, field) +func (ec *executionContext) _EmailTemplates_email_templates(ctx context.Context, field graphql.CollectedField, obj *model.EmailTemplates) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_EmailTemplates_email_templates(ctx, field) if err != nil { return graphql.Null } @@ -7933,35 +9028,54 @@ func (ec *executionContext) _Env_FACEBOOK_CLIENT_SECRET(ctx context.Context, fie }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.FacebookClientSecret, nil + return obj.EmailTemplates, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.([]*model.EmailTemplate) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNEmailTemplate2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐEmailTemplateᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_FACEBOOK_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_EmailTemplates_email_templates(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Env", + Object: "EmailTemplates", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_EmailTemplate_id(ctx, field) + case "event_name": + return ec.fieldContext_EmailTemplate_event_name(ctx, field) + case "template": + return ec.fieldContext_EmailTemplate_template(ctx, field) + case "design": + return ec.fieldContext_EmailTemplate_design(ctx, field) + case "subject": + return ec.fieldContext_EmailTemplate_subject(ctx, field) + case "created_at": + return ec.fieldContext_EmailTemplate_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_EmailTemplate_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type EmailTemplate", field.Name) }, } return fc, nil } -func (ec *executionContext) _Env_LINKEDIN_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_LINKEDIN_CLIENT_ID(ctx, field) +func (ec *executionContext) _Env_ACCESS_TOKEN_EXPIRY_TIME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_ACCESS_TOKEN_EXPIRY_TIME(ctx, field) if err != nil { return graphql.Null } @@ -7974,7 +9088,7 @@ func (ec *executionContext) _Env_LINKEDIN_CLIENT_ID(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.LinkedinClientID, nil + return obj.AccessTokenExpiryTime, nil }) if err != nil { ec.Error(ctx, err) @@ -7988,7 +9102,7 @@ func (ec *executionContext) _Env_LINKEDIN_CLIENT_ID(ctx context.Context, field g return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_LINKEDIN_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_ACCESS_TOKEN_EXPIRY_TIME(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8001,8 +9115,8 @@ func (ec *executionContext) fieldContext_Env_LINKEDIN_CLIENT_ID(_ context.Contex return fc, nil } -func (ec *executionContext) _Env_LINKEDIN_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_LINKEDIN_CLIENT_SECRET(ctx, field) +func (ec *executionContext) _Env_ADMIN_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_ADMIN_SECRET(ctx, field) if err != nil { return graphql.Null } @@ -8015,7 +9129,7 @@ func (ec *executionContext) _Env_LINKEDIN_CLIENT_SECRET(ctx context.Context, fie }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.LinkedinClientSecret, nil + return obj.AdminSecret, nil }) if err != nil { ec.Error(ctx, err) @@ -8029,7 +9143,7 @@ func (ec *executionContext) _Env_LINKEDIN_CLIENT_SECRET(ctx context.Context, fie return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_LINKEDIN_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_ADMIN_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8042,8 +9156,8 @@ func (ec *executionContext) fieldContext_Env_LINKEDIN_CLIENT_SECRET(_ context.Co return fc, nil } -func (ec *executionContext) _Env_APPLE_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_APPLE_CLIENT_ID(ctx, field) +func (ec *executionContext) _Env_DATABASE_NAME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DATABASE_NAME(ctx, field) if err != nil { return graphql.Null } @@ -8056,7 +9170,7 @@ func (ec *executionContext) _Env_APPLE_CLIENT_ID(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.AppleClientID, nil + return obj.DatabaseName, nil }) if err != nil { ec.Error(ctx, err) @@ -8070,7 +9184,7 @@ func (ec *executionContext) _Env_APPLE_CLIENT_ID(ctx context.Context, field grap return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_APPLE_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DATABASE_NAME(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8083,8 +9197,8 @@ func (ec *executionContext) fieldContext_Env_APPLE_CLIENT_ID(_ context.Context, return fc, nil } -func (ec *executionContext) _Env_APPLE_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_APPLE_CLIENT_SECRET(ctx, field) +func (ec *executionContext) _Env_DATABASE_URL(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DATABASE_URL(ctx, field) if err != nil { return graphql.Null } @@ -8097,7 +9211,7 @@ func (ec *executionContext) _Env_APPLE_CLIENT_SECRET(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.AppleClientSecret, nil + return obj.DatabaseURL, nil }) if err != nil { ec.Error(ctx, err) @@ -8111,7 +9225,7 @@ func (ec *executionContext) _Env_APPLE_CLIENT_SECRET(ctx context.Context, field return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_APPLE_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DATABASE_URL(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8124,8 +9238,8 @@ func (ec *executionContext) fieldContext_Env_APPLE_CLIENT_SECRET(_ context.Conte return fc, nil } -func (ec *executionContext) _Env_DISCORD_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DISCORD_CLIENT_ID(ctx, field) +func (ec *executionContext) _Env_DATABASE_TYPE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DATABASE_TYPE(ctx, field) if err != nil { return graphql.Null } @@ -8138,7 +9252,7 @@ func (ec *executionContext) _Env_DISCORD_CLIENT_ID(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DiscordClientID, nil + return obj.DatabaseType, nil }) if err != nil { ec.Error(ctx, err) @@ -8152,7 +9266,7 @@ func (ec *executionContext) _Env_DISCORD_CLIENT_ID(ctx context.Context, field gr return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DISCORD_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DATABASE_TYPE(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8165,8 +9279,8 @@ func (ec *executionContext) fieldContext_Env_DISCORD_CLIENT_ID(_ context.Context return fc, nil } -func (ec *executionContext) _Env_DISCORD_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DISCORD_CLIENT_SECRET(ctx, field) +func (ec *executionContext) _Env_DATABASE_USERNAME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DATABASE_USERNAME(ctx, field) if err != nil { return graphql.Null } @@ -8179,7 +9293,7 @@ func (ec *executionContext) _Env_DISCORD_CLIENT_SECRET(ctx context.Context, fiel }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DiscordClientSecret, nil + return obj.DatabaseUsername, nil }) if err != nil { ec.Error(ctx, err) @@ -8193,7 +9307,7 @@ func (ec *executionContext) _Env_DISCORD_CLIENT_SECRET(ctx context.Context, fiel return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DISCORD_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DATABASE_USERNAME(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8206,8 +9320,8 @@ func (ec *executionContext) fieldContext_Env_DISCORD_CLIENT_SECRET(_ context.Con return fc, nil } -func (ec *executionContext) _Env_TWITTER_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_TWITTER_CLIENT_ID(ctx, field) +func (ec *executionContext) _Env_DATABASE_PASSWORD(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DATABASE_PASSWORD(ctx, field) if err != nil { return graphql.Null } @@ -8220,7 +9334,7 @@ func (ec *executionContext) _Env_TWITTER_CLIENT_ID(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.TwitterClientID, nil + return obj.DatabasePassword, nil }) if err != nil { ec.Error(ctx, err) @@ -8234,7 +9348,7 @@ func (ec *executionContext) _Env_TWITTER_CLIENT_ID(ctx context.Context, field gr return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_TWITTER_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DATABASE_PASSWORD(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8247,8 +9361,8 @@ func (ec *executionContext) fieldContext_Env_TWITTER_CLIENT_ID(_ context.Context return fc, nil } -func (ec *executionContext) _Env_TWITTER_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_TWITTER_CLIENT_SECRET(ctx, field) +func (ec *executionContext) _Env_DATABASE_HOST(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DATABASE_HOST(ctx, field) if err != nil { return graphql.Null } @@ -8261,7 +9375,7 @@ func (ec *executionContext) _Env_TWITTER_CLIENT_SECRET(ctx context.Context, fiel }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.TwitterClientSecret, nil + return obj.DatabaseHost, nil }) if err != nil { ec.Error(ctx, err) @@ -8275,7 +9389,7 @@ func (ec *executionContext) _Env_TWITTER_CLIENT_SECRET(ctx context.Context, fiel return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_TWITTER_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DATABASE_HOST(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8288,8 +9402,8 @@ func (ec *executionContext) fieldContext_Env_TWITTER_CLIENT_SECRET(_ context.Con return fc, nil } -func (ec *executionContext) _Env_MICROSOFT_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_MICROSOFT_CLIENT_ID(ctx, field) +func (ec *executionContext) _Env_DATABASE_PORT(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DATABASE_PORT(ctx, field) if err != nil { return graphql.Null } @@ -8302,7 +9416,7 @@ func (ec *executionContext) _Env_MICROSOFT_CLIENT_ID(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.MicrosoftClientID, nil + return obj.DatabasePort, nil }) if err != nil { ec.Error(ctx, err) @@ -8316,7 +9430,7 @@ func (ec *executionContext) _Env_MICROSOFT_CLIENT_ID(ctx context.Context, field return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_MICROSOFT_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DATABASE_PORT(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8329,8 +9443,8 @@ func (ec *executionContext) fieldContext_Env_MICROSOFT_CLIENT_ID(_ context.Conte return fc, nil } -func (ec *executionContext) _Env_MICROSOFT_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_MICROSOFT_CLIENT_SECRET(ctx, field) +func (ec *executionContext) _Env_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_CLIENT_ID(ctx, field) if err != nil { return graphql.Null } @@ -8343,21 +9457,24 @@ func (ec *executionContext) _Env_MICROSOFT_CLIENT_SECRET(ctx context.Context, fi }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.MicrosoftClientSecret, nil + return obj.ClientID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_MICROSOFT_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8370,8 +9487,8 @@ func (ec *executionContext) fieldContext_Env_MICROSOFT_CLIENT_SECRET(_ context.C return fc, nil } -func (ec *executionContext) _Env_MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID(ctx, field) +func (ec *executionContext) _Env_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_CLIENT_SECRET(ctx, field) if err != nil { return graphql.Null } @@ -8384,21 +9501,24 @@ func (ec *executionContext) _Env_MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID(ctx contex }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.MicrosoftActiveDirectoryTenantID, nil + return obj.ClientSecret, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8411,8 +9531,8 @@ func (ec *executionContext) fieldContext_Env_MICROSOFT_ACTIVE_DIRECTORY_TENANT_I return fc, nil } -func (ec *executionContext) _Env_TWITCH_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_TWITCH_CLIENT_ID(ctx, field) +func (ec *executionContext) _Env_CUSTOM_ACCESS_TOKEN_SCRIPT(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_CUSTOM_ACCESS_TOKEN_SCRIPT(ctx, field) if err != nil { return graphql.Null } @@ -8425,7 +9545,7 @@ func (ec *executionContext) _Env_TWITCH_CLIENT_ID(ctx context.Context, field gra }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.TwitchClientID, nil + return obj.CustomAccessTokenScript, nil }) if err != nil { ec.Error(ctx, err) @@ -8439,7 +9559,7 @@ func (ec *executionContext) _Env_TWITCH_CLIENT_ID(ctx context.Context, field gra return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_TWITCH_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_CUSTOM_ACCESS_TOKEN_SCRIPT(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8452,8 +9572,8 @@ func (ec *executionContext) fieldContext_Env_TWITCH_CLIENT_ID(_ context.Context, return fc, nil } -func (ec *executionContext) _Env_TWITCH_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_TWITCH_CLIENT_SECRET(ctx, field) +func (ec *executionContext) _Env_SMTP_HOST(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_SMTP_HOST(ctx, field) if err != nil { return graphql.Null } @@ -8466,7 +9586,7 @@ func (ec *executionContext) _Env_TWITCH_CLIENT_SECRET(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.TwitchClientSecret, nil + return obj.SMTPHost, nil }) if err != nil { ec.Error(ctx, err) @@ -8480,7 +9600,7 @@ func (ec *executionContext) _Env_TWITCH_CLIENT_SECRET(ctx context.Context, field return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_TWITCH_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_SMTP_HOST(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8493,8 +9613,8 @@ func (ec *executionContext) fieldContext_Env_TWITCH_CLIENT_SECRET(_ context.Cont return fc, nil } -func (ec *executionContext) _Env_ROBLOX_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_ROBLOX_CLIENT_ID(ctx, field) +func (ec *executionContext) _Env_SMTP_PORT(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_SMTP_PORT(ctx, field) if err != nil { return graphql.Null } @@ -8507,7 +9627,7 @@ func (ec *executionContext) _Env_ROBLOX_CLIENT_ID(ctx context.Context, field gra }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.RobloxClientID, nil + return obj.SMTPPort, nil }) if err != nil { ec.Error(ctx, err) @@ -8521,7 +9641,7 @@ func (ec *executionContext) _Env_ROBLOX_CLIENT_ID(ctx context.Context, field gra return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_ROBLOX_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_SMTP_PORT(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8534,8 +9654,8 @@ func (ec *executionContext) fieldContext_Env_ROBLOX_CLIENT_ID(_ context.Context, return fc, nil } -func (ec *executionContext) _Env_ROBLOX_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_ROBLOX_CLIENT_SECRET(ctx, field) +func (ec *executionContext) _Env_SMTP_USERNAME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_SMTP_USERNAME(ctx, field) if err != nil { return graphql.Null } @@ -8548,7 +9668,7 @@ func (ec *executionContext) _Env_ROBLOX_CLIENT_SECRET(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.RobloxClientSecret, nil + return obj.SMTPUsername, nil }) if err != nil { ec.Error(ctx, err) @@ -8562,7 +9682,7 @@ func (ec *executionContext) _Env_ROBLOX_CLIENT_SECRET(ctx context.Context, field return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_ROBLOX_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_SMTP_USERNAME(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8575,8 +9695,8 @@ func (ec *executionContext) fieldContext_Env_ROBLOX_CLIENT_SECRET(_ context.Cont return fc, nil } -func (ec *executionContext) _Env_ORGANIZATION_NAME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_ORGANIZATION_NAME(ctx, field) +func (ec *executionContext) _Env_SMTP_PASSWORD(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_SMTP_PASSWORD(ctx, field) if err != nil { return graphql.Null } @@ -8589,7 +9709,7 @@ func (ec *executionContext) _Env_ORGANIZATION_NAME(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.OrganizationName, nil + return obj.SMTPPassword, nil }) if err != nil { ec.Error(ctx, err) @@ -8603,7 +9723,7 @@ func (ec *executionContext) _Env_ORGANIZATION_NAME(ctx context.Context, field gr return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_ORGANIZATION_NAME(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_SMTP_PASSWORD(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8616,8 +9736,8 @@ func (ec *executionContext) fieldContext_Env_ORGANIZATION_NAME(_ context.Context return fc, nil } -func (ec *executionContext) _Env_ORGANIZATION_LOGO(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_ORGANIZATION_LOGO(ctx, field) +func (ec *executionContext) _Env_SMTP_LOCAL_NAME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_SMTP_LOCAL_NAME(ctx, field) if err != nil { return graphql.Null } @@ -8630,7 +9750,7 @@ func (ec *executionContext) _Env_ORGANIZATION_LOGO(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.OrganizationLogo, nil + return obj.SMTPLocalName, nil }) if err != nil { ec.Error(ctx, err) @@ -8644,7 +9764,7 @@ func (ec *executionContext) _Env_ORGANIZATION_LOGO(ctx context.Context, field gr return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_ORGANIZATION_LOGO(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_SMTP_LOCAL_NAME(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8657,8 +9777,8 @@ func (ec *executionContext) fieldContext_Env_ORGANIZATION_LOGO(_ context.Context return fc, nil } -func (ec *executionContext) _Env_APP_COOKIE_SECURE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_APP_COOKIE_SECURE(ctx, field) +func (ec *executionContext) _Env_SENDER_EMAIL(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_SENDER_EMAIL(ctx, field) if err != nil { return graphql.Null } @@ -8671,38 +9791,35 @@ func (ec *executionContext) _Env_APP_COOKIE_SECURE(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.AppCookieSecure, nil + return obj.SenderEmail, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_APP_COOKIE_SECURE(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_SENDER_EMAIL(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_ADMIN_COOKIE_SECURE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_ADMIN_COOKIE_SECURE(ctx, field) +func (ec *executionContext) _Env_SENDER_NAME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_SENDER_NAME(ctx, field) if err != nil { return graphql.Null } @@ -8715,38 +9832,35 @@ func (ec *executionContext) _Env_ADMIN_COOKIE_SECURE(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.AdminCookieSecure, nil + return obj.SenderName, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_ADMIN_COOKIE_SECURE(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_SENDER_NAME(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(ctx, field) +func (ec *executionContext) _Env_JWT_TYPE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_JWT_TYPE(ctx, field) if err != nil { return graphql.Null } @@ -8759,7 +9873,7 @@ func (ec *executionContext) _Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(ctx context.Con }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DefaultAuthorizeResponseType, nil + return obj.JwtType, nil }) if err != nil { ec.Error(ctx, err) @@ -8773,7 +9887,7 @@ func (ec *executionContext) _Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(ctx context.Con return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_JWT_TYPE(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8786,8 +9900,8 @@ func (ec *executionContext) fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(_ c return fc, nil } -func (ec *executionContext) _Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(ctx, field) +func (ec *executionContext) _Env_JWT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_JWT_SECRET(ctx, field) if err != nil { return graphql.Null } @@ -8800,7 +9914,7 @@ func (ec *executionContext) _Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(ctx context.Con }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DefaultAuthorizeResponseMode, nil + return obj.JwtSecret, nil }) if err != nil { ec.Error(ctx, err) @@ -8814,7 +9928,7 @@ func (ec *executionContext) _Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(ctx context.Con return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_JWT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, @@ -8827,8 +9941,8 @@ func (ec *executionContext) fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(_ c return fc, nil } -func (ec *executionContext) _Env_DISABLE_PLAYGROUND(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DISABLE_PLAYGROUND(ctx, field) +func (ec *executionContext) _Env_JWT_PRIVATE_KEY(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_JWT_PRIVATE_KEY(ctx, field) if err != nil { return graphql.Null } @@ -8841,38 +9955,35 @@ func (ec *executionContext) _Env_DISABLE_PLAYGROUND(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DisablePlayground, nil + return obj.JwtPrivateKey, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DISABLE_PLAYGROUND(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_JWT_PRIVATE_KEY(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_DISABLE_MAIL_OTP_LOGIN(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DISABLE_MAIL_OTP_LOGIN(ctx, field) +func (ec *executionContext) _Env_JWT_PUBLIC_KEY(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_JWT_PUBLIC_KEY(ctx, field) if err != nil { return graphql.Null } @@ -8885,38 +9996,35 @@ func (ec *executionContext) _Env_DISABLE_MAIL_OTP_LOGIN(ctx context.Context, fie }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DisableMailOtpLogin, nil + return obj.JwtPublicKey, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DISABLE_MAIL_OTP_LOGIN(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_JWT_PUBLIC_KEY(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Env_DISABLE_TOTP_LOGIN(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Env_DISABLE_TOTP_LOGIN(ctx, field) +func (ec *executionContext) _Env_ALLOWED_ORIGINS(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_ALLOWED_ORIGINS(ctx, field) if err != nil { return graphql.Null } @@ -8929,38 +10037,35 @@ func (ec *executionContext) _Env_DISABLE_TOTP_LOGIN(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DisableTotpLogin, nil + return obj.AllowedOrigins, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.([]string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚕstringᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Env_DISABLE_TOTP_LOGIN(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_ALLOWED_ORIGINS(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Error_message(ctx context.Context, field graphql.CollectedField, obj *model.Error) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Error_message(ctx, field) +func (ec *executionContext) _Env_APP_URL(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_APP_URL(ctx, field) if err != nil { return graphql.Null } @@ -8973,26 +10078,23 @@ func (ec *executionContext) _Error_message(ctx context.Context, field graphql.Co }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Message, nil + return obj.AppURL, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*string) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Error_message(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_APP_URL(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Error", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, @@ -9003,8 +10105,8 @@ func (ec *executionContext) fieldContext_Error_message(_ context.Context, field return fc, nil } -func (ec *executionContext) _Error_reason(ctx context.Context, field graphql.CollectedField, obj *model.Error) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Error_reason(ctx, field) +func (ec *executionContext) _Env_REDIS_URL(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_REDIS_URL(ctx, field) if err != nil { return graphql.Null } @@ -9017,26 +10119,23 @@ func (ec *executionContext) _Error_reason(ctx context.Context, field graphql.Col }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Reason, nil + return obj.RedisURL, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*string) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Error_reason(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_REDIS_URL(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Error", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, @@ -9047,9 +10146,9 @@ func (ec *executionContext) fieldContext_Error_reason(_ context.Context, field g return fc, nil } -func (ec *executionContext) _ForgotPasswordResponse_message(ctx context.Context, field graphql.CollectedField, obj *model.ForgotPasswordResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_ForgotPasswordResponse_message(ctx, field) - if err != nil { +func (ec *executionContext) _Env_RESET_PASSWORD_URL(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_RESET_PASSWORD_URL(ctx, field) + if err != nil { return graphql.Null } ctx = graphql.WithFieldContext(ctx, fc) @@ -9061,26 +10160,23 @@ func (ec *executionContext) _ForgotPasswordResponse_message(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Message, nil + return obj.ResetPasswordURL, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*string) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_ForgotPasswordResponse_message(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_RESET_PASSWORD_URL(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "ForgotPasswordResponse", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, @@ -9091,8 +10187,8 @@ func (ec *executionContext) fieldContext_ForgotPasswordResponse_message(_ contex return fc, nil } -func (ec *executionContext) _ForgotPasswordResponse_should_show_mobile_otp_screen(ctx context.Context, field graphql.CollectedField, obj *model.ForgotPasswordResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_ForgotPasswordResponse_should_show_mobile_otp_screen(ctx, field) +func (ec *executionContext) _Env_DISABLE_EMAIL_VERIFICATION(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DISABLE_EMAIL_VERIFICATION(ctx, field) if err != nil { return graphql.Null } @@ -9105,23 +10201,26 @@ func (ec *executionContext) _ForgotPasswordResponse_should_show_mobile_otp_scree }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.ShouldShowMobileOtpScreen, nil + return obj.DisableEmailVerification, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*bool) + res := resTmp.(bool) fc.Result = res - return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_ForgotPasswordResponse_should_show_mobile_otp_screen(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DISABLE_EMAIL_VERIFICATION(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "ForgotPasswordResponse", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, @@ -9132,8 +10231,8 @@ func (ec *executionContext) fieldContext_ForgotPasswordResponse_should_show_mobi return fc, nil } -func (ec *executionContext) _GenerateJWTKeysResponse_secret(ctx context.Context, field graphql.CollectedField, obj *model.GenerateJWTKeysResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_GenerateJWTKeysResponse_secret(ctx, field) +func (ec *executionContext) _Env_DISABLE_BASIC_AUTHENTICATION(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DISABLE_BASIC_AUTHENTICATION(ctx, field) if err != nil { return graphql.Null } @@ -9146,35 +10245,38 @@ func (ec *executionContext) _GenerateJWTKeysResponse_secret(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Secret, nil + return obj.DisableBasicAuthentication, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(bool) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_GenerateJWTKeysResponse_secret(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DISABLE_BASIC_AUTHENTICATION(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "GenerateJWTKeysResponse", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _GenerateJWTKeysResponse_public_key(ctx context.Context, field graphql.CollectedField, obj *model.GenerateJWTKeysResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_GenerateJWTKeysResponse_public_key(ctx, field) +func (ec *executionContext) _Env_DISABLE_MOBILE_BASIC_AUTHENTICATION(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DISABLE_MOBILE_BASIC_AUTHENTICATION(ctx, field) if err != nil { return graphql.Null } @@ -9187,35 +10289,38 @@ func (ec *executionContext) _GenerateJWTKeysResponse_public_key(ctx context.Cont }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.PublicKey, nil + return obj.DisableMobileBasicAuthentication, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(bool) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_GenerateJWTKeysResponse_public_key(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DISABLE_MOBILE_BASIC_AUTHENTICATION(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "GenerateJWTKeysResponse", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _GenerateJWTKeysResponse_private_key(ctx context.Context, field graphql.CollectedField, obj *model.GenerateJWTKeysResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_GenerateJWTKeysResponse_private_key(ctx, field) +func (ec *executionContext) _Env_DISABLE_MAGIC_LINK_LOGIN(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DISABLE_MAGIC_LINK_LOGIN(ctx, field) if err != nil { return graphql.Null } @@ -9228,35 +10333,38 @@ func (ec *executionContext) _GenerateJWTKeysResponse_private_key(ctx context.Con }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.PrivateKey, nil + return obj.DisableMagicLinkLogin, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(bool) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_GenerateJWTKeysResponse_private_key(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DISABLE_MAGIC_LINK_LOGIN(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "GenerateJWTKeysResponse", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _InviteMembersResponse_message(ctx context.Context, field graphql.CollectedField, obj *model.InviteMembersResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_InviteMembersResponse_message(ctx, field) +func (ec *executionContext) _Env_DISABLE_LOGIN_PAGE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DISABLE_LOGIN_PAGE(ctx, field) if err != nil { return graphql.Null } @@ -9269,7 +10377,7 @@ func (ec *executionContext) _InviteMembersResponse_message(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Message, nil + return obj.DisableLoginPage, nil }) if err != nil { ec.Error(ctx, err) @@ -9281,26 +10389,26 @@ func (ec *executionContext) _InviteMembersResponse_message(ctx context.Context, } return graphql.Null } - res := resTmp.(string) + res := resTmp.(bool) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_InviteMembersResponse_message(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DISABLE_LOGIN_PAGE(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "InviteMembersResponse", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _InviteMembersResponse_Users(ctx context.Context, field graphql.CollectedField, obj *model.InviteMembersResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_InviteMembersResponse_Users(ctx, field) +func (ec *executionContext) _Env_DISABLE_SIGN_UP(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DISABLE_SIGN_UP(ctx, field) if err != nil { return graphql.Null } @@ -9313,7 +10421,7 @@ func (ec *executionContext) _InviteMembersResponse_Users(ctx context.Context, fi }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Users, nil + return obj.DisableSignUp, nil }) if err != nil { ec.Error(ctx, err) @@ -9325,68 +10433,26 @@ func (ec *executionContext) _InviteMembersResponse_Users(ctx context.Context, fi } return graphql.Null } - res := resTmp.([]*model.User) + res := resTmp.(bool) fc.Result = res - return ec.marshalNUser2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUserᚄ(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_InviteMembersResponse_Users(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DISABLE_SIGN_UP(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "InviteMembersResponse", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "id": - return ec.fieldContext_User_id(ctx, field) - case "email": - return ec.fieldContext_User_email(ctx, field) - case "email_verified": - return ec.fieldContext_User_email_verified(ctx, field) - case "signup_methods": - return ec.fieldContext_User_signup_methods(ctx, field) - case "given_name": - return ec.fieldContext_User_given_name(ctx, field) - case "family_name": - return ec.fieldContext_User_family_name(ctx, field) - case "middle_name": - return ec.fieldContext_User_middle_name(ctx, field) - case "nickname": - return ec.fieldContext_User_nickname(ctx, field) - case "preferred_username": - return ec.fieldContext_User_preferred_username(ctx, field) - case "gender": - return ec.fieldContext_User_gender(ctx, field) - case "birthdate": - return ec.fieldContext_User_birthdate(ctx, field) - case "phone_number": - return ec.fieldContext_User_phone_number(ctx, field) - case "phone_number_verified": - return ec.fieldContext_User_phone_number_verified(ctx, field) - case "picture": - return ec.fieldContext_User_picture(ctx, field) - case "roles": - return ec.fieldContext_User_roles(ctx, field) - case "created_at": - return ec.fieldContext_User_created_at(ctx, field) - case "updated_at": - return ec.fieldContext_User_updated_at(ctx, field) - case "revoked_timestamp": - return ec.fieldContext_User_revoked_timestamp(ctx, field) - case "is_multi_factor_auth_enabled": - return ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field) - case "app_data": - return ec.fieldContext_User_app_data(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type User", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_version(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_version(ctx, field) +func (ec *executionContext) _Env_DISABLE_REDIS_FOR_ENV(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DISABLE_REDIS_FOR_ENV(ctx, field) if err != nil { return graphql.Null } @@ -9399,7 +10465,7 @@ func (ec *executionContext) _Meta_version(ctx context.Context, field graphql.Col }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Version, nil + return obj.DisableRedisForEnv, nil }) if err != nil { ec.Error(ctx, err) @@ -9411,26 +10477,26 @@ func (ec *executionContext) _Meta_version(ctx context.Context, field graphql.Col } return graphql.Null } - res := resTmp.(string) + res := resTmp.(bool) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_version(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DISABLE_REDIS_FOR_ENV(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_client_id(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_client_id(ctx, field) +func (ec *executionContext) _Env_DISABLE_STRONG_PASSWORD(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DISABLE_STRONG_PASSWORD(ctx, field) if err != nil { return graphql.Null } @@ -9443,7 +10509,7 @@ func (ec *executionContext) _Meta_client_id(ctx context.Context, field graphql.C }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.ClientID, nil + return obj.DisableStrongPassword, nil }) if err != nil { ec.Error(ctx, err) @@ -9455,26 +10521,26 @@ func (ec *executionContext) _Meta_client_id(ctx context.Context, field graphql.C } return graphql.Null } - res := resTmp.(string) + res := resTmp.(bool) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_client_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DISABLE_STRONG_PASSWORD(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_is_google_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_google_login_enabled(ctx, field) +func (ec *executionContext) _Env_DISABLE_MULTI_FACTOR_AUTHENTICATION(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DISABLE_MULTI_FACTOR_AUTHENTICATION(ctx, field) if err != nil { return graphql.Null } @@ -9487,7 +10553,7 @@ func (ec *executionContext) _Meta_is_google_login_enabled(ctx context.Context, f }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsGoogleLoginEnabled, nil + return obj.DisableMultiFactorAuthentication, nil }) if err != nil { ec.Error(ctx, err) @@ -9504,9 +10570,9 @@ func (ec *executionContext) _Meta_is_google_login_enabled(ctx context.Context, f return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_google_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DISABLE_MULTI_FACTOR_AUTHENTICATION(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, @@ -9517,8 +10583,8 @@ func (ec *executionContext) fieldContext_Meta_is_google_login_enabled(_ context. return fc, nil } -func (ec *executionContext) _Meta_is_facebook_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_facebook_login_enabled(ctx, field) +func (ec *executionContext) _Env_ENFORCE_MULTI_FACTOR_AUTHENTICATION(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_ENFORCE_MULTI_FACTOR_AUTHENTICATION(ctx, field) if err != nil { return graphql.Null } @@ -9531,7 +10597,7 @@ func (ec *executionContext) _Meta_is_facebook_login_enabled(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsFacebookLoginEnabled, nil + return obj.EnforceMultiFactorAuthentication, nil }) if err != nil { ec.Error(ctx, err) @@ -9548,9 +10614,9 @@ func (ec *executionContext) _Meta_is_facebook_login_enabled(ctx context.Context, return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_facebook_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_ENFORCE_MULTI_FACTOR_AUTHENTICATION(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, @@ -9561,8 +10627,8 @@ func (ec *executionContext) fieldContext_Meta_is_facebook_login_enabled(_ contex return fc, nil } -func (ec *executionContext) _Meta_is_github_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_github_login_enabled(ctx, field) +func (ec *executionContext) _Env_ROLES(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_ROLES(ctx, field) if err != nil { return graphql.Null } @@ -9575,38 +10641,35 @@ func (ec *executionContext) _Meta_is_github_login_enabled(ctx context.Context, f }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsGithubLoginEnabled, nil + return obj.Roles, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.([]string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚕstringᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_github_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_ROLES(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_is_linkedin_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_linkedin_login_enabled(ctx, field) +func (ec *executionContext) _Env_PROTECTED_ROLES(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_PROTECTED_ROLES(ctx, field) if err != nil { return graphql.Null } @@ -9619,38 +10682,35 @@ func (ec *executionContext) _Meta_is_linkedin_login_enabled(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsLinkedinLoginEnabled, nil + return obj.ProtectedRoles, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.([]string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚕstringᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_linkedin_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_PROTECTED_ROLES(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_is_apple_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_apple_login_enabled(ctx, field) +func (ec *executionContext) _Env_DEFAULT_ROLES(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DEFAULT_ROLES(ctx, field) if err != nil { return graphql.Null } @@ -9663,38 +10723,35 @@ func (ec *executionContext) _Meta_is_apple_login_enabled(ctx context.Context, fi }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsAppleLoginEnabled, nil + return obj.DefaultRoles, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.([]string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚕstringᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_apple_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DEFAULT_ROLES(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_is_discord_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_discord_login_enabled(ctx, field) +func (ec *executionContext) _Env_JWT_ROLE_CLAIM(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_JWT_ROLE_CLAIM(ctx, field) if err != nil { return graphql.Null } @@ -9707,38 +10764,35 @@ func (ec *executionContext) _Meta_is_discord_login_enabled(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsDiscordLoginEnabled, nil + return obj.JwtRoleClaim, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_discord_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_JWT_ROLE_CLAIM(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_is_twitter_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_twitter_login_enabled(ctx, field) +func (ec *executionContext) _Env_GOOGLE_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_GOOGLE_CLIENT_ID(ctx, field) if err != nil { return graphql.Null } @@ -9751,38 +10805,35 @@ func (ec *executionContext) _Meta_is_twitter_login_enabled(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsTwitterLoginEnabled, nil + return obj.GoogleClientID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_twitter_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_GOOGLE_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_is_microsoft_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_microsoft_login_enabled(ctx, field) +func (ec *executionContext) _Env_GOOGLE_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_GOOGLE_CLIENT_SECRET(ctx, field) if err != nil { return graphql.Null } @@ -9795,38 +10846,35 @@ func (ec *executionContext) _Meta_is_microsoft_login_enabled(ctx context.Context }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsMicrosoftLoginEnabled, nil + return obj.GoogleClientSecret, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_microsoft_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_GOOGLE_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_is_twitch_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_twitch_login_enabled(ctx, field) +func (ec *executionContext) _Env_GITHUB_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_GITHUB_CLIENT_ID(ctx, field) if err != nil { return graphql.Null } @@ -9839,38 +10887,35 @@ func (ec *executionContext) _Meta_is_twitch_login_enabled(ctx context.Context, f }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsTwitchLoginEnabled, nil + return obj.GithubClientID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_twitch_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_GITHUB_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_is_roblox_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_roblox_login_enabled(ctx, field) +func (ec *executionContext) _Env_GITHUB_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_GITHUB_CLIENT_SECRET(ctx, field) if err != nil { return graphql.Null } @@ -9883,38 +10928,35 @@ func (ec *executionContext) _Meta_is_roblox_login_enabled(ctx context.Context, f }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsRobloxLoginEnabled, nil + return obj.GithubClientSecret, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_roblox_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_GITHUB_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_is_email_verification_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_email_verification_enabled(ctx, field) +func (ec *executionContext) _Env_FACEBOOK_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_FACEBOOK_CLIENT_ID(ctx, field) if err != nil { return graphql.Null } @@ -9927,38 +10969,35 @@ func (ec *executionContext) _Meta_is_email_verification_enabled(ctx context.Cont }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsEmailVerificationEnabled, nil + return obj.FacebookClientID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_email_verification_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_FACEBOOK_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_is_basic_authentication_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_basic_authentication_enabled(ctx, field) +func (ec *executionContext) _Env_FACEBOOK_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_FACEBOOK_CLIENT_SECRET(ctx, field) if err != nil { return graphql.Null } @@ -9971,38 +11010,35 @@ func (ec *executionContext) _Meta_is_basic_authentication_enabled(ctx context.Co }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsBasicAuthenticationEnabled, nil + return obj.FacebookClientSecret, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_basic_authentication_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_FACEBOOK_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_is_magic_link_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_magic_link_login_enabled(ctx, field) +func (ec *executionContext) _Env_LINKEDIN_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_LINKEDIN_CLIENT_ID(ctx, field) if err != nil { return graphql.Null } @@ -10015,38 +11051,35 @@ func (ec *executionContext) _Meta_is_magic_link_login_enabled(ctx context.Contex }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsMagicLinkLoginEnabled, nil + return obj.LinkedinClientID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_magic_link_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_LINKEDIN_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_is_sign_up_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_sign_up_enabled(ctx, field) +func (ec *executionContext) _Env_LINKEDIN_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_LINKEDIN_CLIENT_SECRET(ctx, field) if err != nil { return graphql.Null } @@ -10059,38 +11092,35 @@ func (ec *executionContext) _Meta_is_sign_up_enabled(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsSignUpEnabled, nil + return obj.LinkedinClientSecret, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_sign_up_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_LINKEDIN_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_is_strong_password_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_strong_password_enabled(ctx, field) +func (ec *executionContext) _Env_APPLE_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_APPLE_CLIENT_ID(ctx, field) if err != nil { return graphql.Null } @@ -10103,38 +11133,35 @@ func (ec *executionContext) _Meta_is_strong_password_enabled(ctx context.Context }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsStrongPasswordEnabled, nil + return obj.AppleClientID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_strong_password_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_APPLE_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_is_multi_factor_auth_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_multi_factor_auth_enabled(ctx, field) +func (ec *executionContext) _Env_APPLE_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_APPLE_CLIENT_SECRET(ctx, field) if err != nil { return graphql.Null } @@ -10147,38 +11174,35 @@ func (ec *executionContext) _Meta_is_multi_factor_auth_enabled(ctx context.Conte }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsMultiFactorAuthEnabled, nil + return obj.AppleClientSecret, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_multi_factor_auth_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_APPLE_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_is_mobile_basic_authentication_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_mobile_basic_authentication_enabled(ctx, field) +func (ec *executionContext) _Env_DISCORD_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DISCORD_CLIENT_ID(ctx, field) if err != nil { return graphql.Null } @@ -10191,38 +11215,35 @@ func (ec *executionContext) _Meta_is_mobile_basic_authentication_enabled(ctx con }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsMobileBasicAuthenticationEnabled, nil + return obj.DiscordClientID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_mobile_basic_authentication_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DISCORD_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Meta_is_phone_verification_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Meta_is_phone_verification_enabled(ctx, field) +func (ec *executionContext) _Env_DISCORD_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DISCORD_CLIENT_SECRET(ctx, field) if err != nil { return graphql.Null } @@ -10235,38 +11256,35 @@ func (ec *executionContext) _Meta_is_phone_verification_enabled(ctx context.Cont }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsPhoneVerificationEnabled, nil + return obj.DiscordClientSecret, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Meta_is_phone_verification_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DISCORD_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Meta", + Object: "Env", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Mutation_signup(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_signup(ctx, field) +func (ec *executionContext) _Env_TWITTER_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_TWITTER_CLIENT_ID(ctx, field) if err != nil { return graphql.Null } @@ -10279,75 +11297,35 @@ func (ec *executionContext) _Mutation_signup(ctx context.Context, field graphql. }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().Signup(rctx, fc.Args["params"].(model.SignUpRequest)) + return obj.TwitterClientID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.AuthResponse) + res := resTmp.(*string) fc.Result = res - return ec.marshalNAuthResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_signup(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_TWITTER_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_AuthResponse_message(ctx, field) - case "should_show_email_otp_screen": - return ec.fieldContext_AuthResponse_should_show_email_otp_screen(ctx, field) - case "should_show_mobile_otp_screen": - return ec.fieldContext_AuthResponse_should_show_mobile_otp_screen(ctx, field) - case "should_show_totp_screen": - return ec.fieldContext_AuthResponse_should_show_totp_screen(ctx, field) - case "access_token": - return ec.fieldContext_AuthResponse_access_token(ctx, field) - case "id_token": - return ec.fieldContext_AuthResponse_id_token(ctx, field) - case "refresh_token": - return ec.fieldContext_AuthResponse_refresh_token(ctx, field) - case "expires_in": - return ec.fieldContext_AuthResponse_expires_in(ctx, field) - case "user": - return ec.fieldContext_AuthResponse_user(ctx, field) - case "authenticator_scanner_image": - return ec.fieldContext_AuthResponse_authenticator_scanner_image(ctx, field) - case "authenticator_secret": - return ec.fieldContext_AuthResponse_authenticator_secret(ctx, field) - case "authenticator_recovery_codes": - return ec.fieldContext_AuthResponse_authenticator_recovery_codes(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type AuthResponse", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_signup_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation_mobile_signup(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_mobile_signup(ctx, field) +func (ec *executionContext) _Env_TWITTER_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_TWITTER_CLIENT_SECRET(ctx, field) if err != nil { return graphql.Null } @@ -10360,75 +11338,35 @@ func (ec *executionContext) _Mutation_mobile_signup(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().MobileSignup(rctx, fc.Args["params"].(*model.MobileSignUpRequest)) + return obj.TwitterClientSecret, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.AuthResponse) + res := resTmp.(*string) fc.Result = res - return ec.marshalNAuthResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_mobile_signup(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_TWITTER_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_AuthResponse_message(ctx, field) - case "should_show_email_otp_screen": - return ec.fieldContext_AuthResponse_should_show_email_otp_screen(ctx, field) - case "should_show_mobile_otp_screen": - return ec.fieldContext_AuthResponse_should_show_mobile_otp_screen(ctx, field) - case "should_show_totp_screen": - return ec.fieldContext_AuthResponse_should_show_totp_screen(ctx, field) - case "access_token": - return ec.fieldContext_AuthResponse_access_token(ctx, field) - case "id_token": - return ec.fieldContext_AuthResponse_id_token(ctx, field) - case "refresh_token": - return ec.fieldContext_AuthResponse_refresh_token(ctx, field) - case "expires_in": - return ec.fieldContext_AuthResponse_expires_in(ctx, field) - case "user": - return ec.fieldContext_AuthResponse_user(ctx, field) - case "authenticator_scanner_image": - return ec.fieldContext_AuthResponse_authenticator_scanner_image(ctx, field) - case "authenticator_secret": - return ec.fieldContext_AuthResponse_authenticator_secret(ctx, field) - case "authenticator_recovery_codes": - return ec.fieldContext_AuthResponse_authenticator_recovery_codes(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type AuthResponse", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_mobile_signup_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation_login(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_login(ctx, field) +func (ec *executionContext) _Env_MICROSOFT_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_MICROSOFT_CLIENT_ID(ctx, field) if err != nil { return graphql.Null } @@ -10441,75 +11379,35 @@ func (ec *executionContext) _Mutation_login(ctx context.Context, field graphql.C }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().Login(rctx, fc.Args["params"].(model.LoginRequest)) + return obj.MicrosoftClientID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.AuthResponse) + res := resTmp.(*string) fc.Result = res - return ec.marshalNAuthResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_login(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_MICROSOFT_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_AuthResponse_message(ctx, field) - case "should_show_email_otp_screen": - return ec.fieldContext_AuthResponse_should_show_email_otp_screen(ctx, field) - case "should_show_mobile_otp_screen": - return ec.fieldContext_AuthResponse_should_show_mobile_otp_screen(ctx, field) - case "should_show_totp_screen": - return ec.fieldContext_AuthResponse_should_show_totp_screen(ctx, field) - case "access_token": - return ec.fieldContext_AuthResponse_access_token(ctx, field) - case "id_token": - return ec.fieldContext_AuthResponse_id_token(ctx, field) - case "refresh_token": - return ec.fieldContext_AuthResponse_refresh_token(ctx, field) - case "expires_in": - return ec.fieldContext_AuthResponse_expires_in(ctx, field) - case "user": - return ec.fieldContext_AuthResponse_user(ctx, field) - case "authenticator_scanner_image": - return ec.fieldContext_AuthResponse_authenticator_scanner_image(ctx, field) - case "authenticator_secret": - return ec.fieldContext_AuthResponse_authenticator_secret(ctx, field) - case "authenticator_recovery_codes": - return ec.fieldContext_AuthResponse_authenticator_recovery_codes(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type AuthResponse", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_login_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation_mobile_login(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_mobile_login(ctx, field) +func (ec *executionContext) _Env_MICROSOFT_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_MICROSOFT_CLIENT_SECRET(ctx, field) if err != nil { return graphql.Null } @@ -10522,75 +11420,35 @@ func (ec *executionContext) _Mutation_mobile_login(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().MobileLogin(rctx, fc.Args["params"].(model.MobileLoginRequest)) + return obj.MicrosoftClientSecret, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.AuthResponse) + res := resTmp.(*string) fc.Result = res - return ec.marshalNAuthResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_mobile_login(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_MICROSOFT_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_AuthResponse_message(ctx, field) - case "should_show_email_otp_screen": - return ec.fieldContext_AuthResponse_should_show_email_otp_screen(ctx, field) - case "should_show_mobile_otp_screen": - return ec.fieldContext_AuthResponse_should_show_mobile_otp_screen(ctx, field) - case "should_show_totp_screen": - return ec.fieldContext_AuthResponse_should_show_totp_screen(ctx, field) - case "access_token": - return ec.fieldContext_AuthResponse_access_token(ctx, field) - case "id_token": - return ec.fieldContext_AuthResponse_id_token(ctx, field) - case "refresh_token": - return ec.fieldContext_AuthResponse_refresh_token(ctx, field) - case "expires_in": - return ec.fieldContext_AuthResponse_expires_in(ctx, field) - case "user": - return ec.fieldContext_AuthResponse_user(ctx, field) - case "authenticator_scanner_image": - return ec.fieldContext_AuthResponse_authenticator_scanner_image(ctx, field) - case "authenticator_secret": - return ec.fieldContext_AuthResponse_authenticator_secret(ctx, field) - case "authenticator_recovery_codes": - return ec.fieldContext_AuthResponse_authenticator_recovery_codes(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type AuthResponse", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_mobile_login_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation_magic_link_login(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_magic_link_login(ctx, field) +func (ec *executionContext) _Env_MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID(ctx, field) if err != nil { return graphql.Null } @@ -10603,53 +11461,35 @@ func (ec *executionContext) _Mutation_magic_link_login(ctx context.Context, fiel }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().MagicLinkLogin(rctx, fc.Args["params"].(model.MagicLinkLoginRequest)) + return obj.MicrosoftActiveDirectoryTenantID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(*string) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_magic_link_login(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_magic_link_login_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation_logout(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_logout(ctx, field) +func (ec *executionContext) _Env_TWITCH_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_TWITCH_CLIENT_ID(ctx, field) if err != nil { return graphql.Null } @@ -10662,42 +11502,35 @@ func (ec *executionContext) _Mutation_logout(ctx context.Context, field graphql. }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().Logout(rctx) + return obj.TwitchClientID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(*string) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_logout(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_TWITCH_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Mutation_update_profile(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_update_profile(ctx, field) +func (ec *executionContext) _Env_TWITCH_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_TWITCH_CLIENT_SECRET(ctx, field) if err != nil { return graphql.Null } @@ -10710,53 +11543,35 @@ func (ec *executionContext) _Mutation_update_profile(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().UpdateProfile(rctx, fc.Args["params"].(model.UpdateProfileRequest)) + return obj.TwitchClientSecret, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(*string) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_update_profile(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_TWITCH_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_update_profile_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation_verify_email(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_verify_email(ctx, field) +func (ec *executionContext) _Env_ROBLOX_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_ROBLOX_CLIENT_ID(ctx, field) if err != nil { return graphql.Null } @@ -10769,75 +11584,35 @@ func (ec *executionContext) _Mutation_verify_email(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().VerifyEmail(rctx, fc.Args["params"].(model.VerifyEmailRequest)) + return obj.RobloxClientID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.AuthResponse) + res := resTmp.(*string) fc.Result = res - return ec.marshalNAuthResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_verify_email(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_ROBLOX_CLIENT_ID(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_AuthResponse_message(ctx, field) - case "should_show_email_otp_screen": - return ec.fieldContext_AuthResponse_should_show_email_otp_screen(ctx, field) - case "should_show_mobile_otp_screen": - return ec.fieldContext_AuthResponse_should_show_mobile_otp_screen(ctx, field) - case "should_show_totp_screen": - return ec.fieldContext_AuthResponse_should_show_totp_screen(ctx, field) - case "access_token": - return ec.fieldContext_AuthResponse_access_token(ctx, field) - case "id_token": - return ec.fieldContext_AuthResponse_id_token(ctx, field) - case "refresh_token": - return ec.fieldContext_AuthResponse_refresh_token(ctx, field) - case "expires_in": - return ec.fieldContext_AuthResponse_expires_in(ctx, field) - case "user": - return ec.fieldContext_AuthResponse_user(ctx, field) - case "authenticator_scanner_image": - return ec.fieldContext_AuthResponse_authenticator_scanner_image(ctx, field) - case "authenticator_secret": - return ec.fieldContext_AuthResponse_authenticator_secret(ctx, field) - case "authenticator_recovery_codes": - return ec.fieldContext_AuthResponse_authenticator_recovery_codes(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type AuthResponse", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_verify_email_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation_resend_verify_email(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_resend_verify_email(ctx, field) +func (ec *executionContext) _Env_ROBLOX_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_ROBLOX_CLIENT_SECRET(ctx, field) if err != nil { return graphql.Null } @@ -10850,53 +11625,35 @@ func (ec *executionContext) _Mutation_resend_verify_email(ctx context.Context, f }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().ResendVerifyEmail(rctx, fc.Args["params"].(model.ResendVerifyEmailRequest)) + return obj.RobloxClientSecret, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(*string) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_resend_verify_email(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_ROBLOX_CLIENT_SECRET(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_resend_verify_email_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation_forgot_password(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_forgot_password(ctx, field) +func (ec *executionContext) _Env_ORGANIZATION_NAME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_ORGANIZATION_NAME(ctx, field) if err != nil { return graphql.Null } @@ -10909,55 +11666,35 @@ func (ec *executionContext) _Mutation_forgot_password(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().ForgotPassword(rctx, fc.Args["params"].(model.ForgotPasswordRequest)) + return obj.OrganizationName, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.ForgotPasswordResponse) + res := resTmp.(*string) fc.Result = res - return ec.marshalNForgotPasswordResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐForgotPasswordResponse(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_forgot_password(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_ORGANIZATION_NAME(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_ForgotPasswordResponse_message(ctx, field) - case "should_show_mobile_otp_screen": - return ec.fieldContext_ForgotPasswordResponse_should_show_mobile_otp_screen(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type ForgotPasswordResponse", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_forgot_password_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation_reset_password(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_reset_password(ctx, field) +func (ec *executionContext) _Env_ORGANIZATION_LOGO(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_ORGANIZATION_LOGO(ctx, field) if err != nil { return graphql.Null } @@ -10970,53 +11707,35 @@ func (ec *executionContext) _Mutation_reset_password(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().ResetPassword(rctx, fc.Args["params"].(model.ResetPasswordRequest)) + return obj.OrganizationLogo, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(*string) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_reset_password(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_ORGANIZATION_LOGO(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_reset_password_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation_revoke(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_revoke(ctx, field) +func (ec *executionContext) _Env_APP_COOKIE_SECURE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_APP_COOKIE_SECURE(ctx, field) if err != nil { return graphql.Null } @@ -11029,7 +11748,7 @@ func (ec *executionContext) _Mutation_revoke(ctx context.Context, field graphql. }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().Revoke(rctx, fc.Args["params"].(model.OAuthRevokeRequest)) + return obj.AppCookieSecure, nil }) if err != nil { ec.Error(ctx, err) @@ -11041,41 +11760,26 @@ func (ec *executionContext) _Mutation_revoke(ctx context.Context, field graphql. } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(bool) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_revoke(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_APP_COOKIE_SECURE(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_revoke_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation_verify_otp(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_verify_otp(ctx, field) +func (ec *executionContext) _Env_ADMIN_COOKIE_SECURE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_ADMIN_COOKIE_SECURE(ctx, field) if err != nil { return graphql.Null } @@ -11088,7 +11792,7 @@ func (ec *executionContext) _Mutation_verify_otp(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().VerifyOtp(rctx, fc.Args["params"].(model.VerifyOTPRequest)) + return obj.AdminCookieSecure, nil }) if err != nil { ec.Error(ctx, err) @@ -11100,63 +11804,26 @@ func (ec *executionContext) _Mutation_verify_otp(ctx context.Context, field grap } return graphql.Null } - res := resTmp.(*model.AuthResponse) + res := resTmp.(bool) fc.Result = res - return ec.marshalNAuthResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_verify_otp(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_ADMIN_COOKIE_SECURE(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_AuthResponse_message(ctx, field) - case "should_show_email_otp_screen": - return ec.fieldContext_AuthResponse_should_show_email_otp_screen(ctx, field) - case "should_show_mobile_otp_screen": - return ec.fieldContext_AuthResponse_should_show_mobile_otp_screen(ctx, field) - case "should_show_totp_screen": - return ec.fieldContext_AuthResponse_should_show_totp_screen(ctx, field) - case "access_token": - return ec.fieldContext_AuthResponse_access_token(ctx, field) - case "id_token": - return ec.fieldContext_AuthResponse_id_token(ctx, field) - case "refresh_token": - return ec.fieldContext_AuthResponse_refresh_token(ctx, field) - case "expires_in": - return ec.fieldContext_AuthResponse_expires_in(ctx, field) - case "user": - return ec.fieldContext_AuthResponse_user(ctx, field) - case "authenticator_scanner_image": - return ec.fieldContext_AuthResponse_authenticator_scanner_image(ctx, field) - case "authenticator_secret": - return ec.fieldContext_AuthResponse_authenticator_secret(ctx, field) - case "authenticator_recovery_codes": - return ec.fieldContext_AuthResponse_authenticator_recovery_codes(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type AuthResponse", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_verify_otp_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation_resend_otp(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_resend_otp(ctx, field) +func (ec *executionContext) _Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(ctx, field) if err != nil { return graphql.Null } @@ -11169,53 +11836,76 @@ func (ec *executionContext) _Mutation_resend_otp(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().ResendOtp(rctx, fc.Args["params"].(model.ResendOTPRequest)) + return obj.DefaultAuthorizeResponseType, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(*string) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_resend_otp(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } + return fc, nil +} + +func (ec *executionContext) _Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) defer func() { if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null } }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_resend_otp_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.DefaultAuthorizeResponseMode, nil + }) + if err != nil { ec.Error(ctx, err) - return fc, err + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Env", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, } return fc, nil } -func (ec *executionContext) _Mutation_deactivate_account(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_deactivate_account(ctx, field) +func (ec *executionContext) _Env_DISABLE_PLAYGROUND(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DISABLE_PLAYGROUND(ctx, field) if err != nil { return graphql.Null } @@ -11228,7 +11918,7 @@ func (ec *executionContext) _Mutation_deactivate_account(ctx context.Context, fi }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().DeactivateAccount(rctx) + return obj.DisablePlayground, nil }) if err != nil { ec.Error(ctx, err) @@ -11240,30 +11930,26 @@ func (ec *executionContext) _Mutation_deactivate_account(ctx context.Context, fi } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(bool) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_deactivate_account(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DISABLE_PLAYGROUND(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Mutation__delete_user(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__delete_user(ctx, field) +func (ec *executionContext) _Env_DISABLE_MAIL_OTP_LOGIN(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DISABLE_MAIL_OTP_LOGIN(ctx, field) if err != nil { return graphql.Null } @@ -11276,7 +11962,7 @@ func (ec *executionContext) _Mutation__delete_user(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().DeleteUser(rctx, fc.Args["params"].(model.DeleteUserRequest)) + return obj.DisableMailOtpLogin, nil }) if err != nil { ec.Error(ctx, err) @@ -11288,41 +11974,26 @@ func (ec *executionContext) _Mutation__delete_user(ctx context.Context, field gr } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(bool) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__delete_user(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DISABLE_MAIL_OTP_LOGIN(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation__delete_user_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation__update_user(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__update_user(ctx, field) +func (ec *executionContext) _Env_DISABLE_TOTP_LOGIN(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Env_DISABLE_TOTP_LOGIN(ctx, field) if err != nil { return graphql.Null } @@ -11335,7 +12006,7 @@ func (ec *executionContext) _Mutation__update_user(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().UpdateUser(rctx, fc.Args["params"].(model.UpdateUserRequest)) + return obj.DisableTotpLogin, nil }) if err != nil { ec.Error(ctx, err) @@ -11347,79 +12018,26 @@ func (ec *executionContext) _Mutation__update_user(ctx context.Context, field gr } return graphql.Null } - res := resTmp.(*model.User) + res := resTmp.(bool) fc.Result = res - return ec.marshalNUser2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUser(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__update_user(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Env_DISABLE_TOTP_LOGIN(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Env", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "id": - return ec.fieldContext_User_id(ctx, field) - case "email": - return ec.fieldContext_User_email(ctx, field) - case "email_verified": - return ec.fieldContext_User_email_verified(ctx, field) - case "signup_methods": - return ec.fieldContext_User_signup_methods(ctx, field) - case "given_name": - return ec.fieldContext_User_given_name(ctx, field) - case "family_name": - return ec.fieldContext_User_family_name(ctx, field) - case "middle_name": - return ec.fieldContext_User_middle_name(ctx, field) - case "nickname": - return ec.fieldContext_User_nickname(ctx, field) - case "preferred_username": - return ec.fieldContext_User_preferred_username(ctx, field) - case "gender": - return ec.fieldContext_User_gender(ctx, field) - case "birthdate": - return ec.fieldContext_User_birthdate(ctx, field) - case "phone_number": - return ec.fieldContext_User_phone_number(ctx, field) - case "phone_number_verified": - return ec.fieldContext_User_phone_number_verified(ctx, field) - case "picture": - return ec.fieldContext_User_picture(ctx, field) - case "roles": - return ec.fieldContext_User_roles(ctx, field) - case "created_at": - return ec.fieldContext_User_created_at(ctx, field) - case "updated_at": - return ec.fieldContext_User_updated_at(ctx, field) - case "revoked_timestamp": - return ec.fieldContext_User_revoked_timestamp(ctx, field) - case "is_multi_factor_auth_enabled": - return ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field) - case "app_data": - return ec.fieldContext_User_app_data(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type User", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation__update_user_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation__admin_signup(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__admin_signup(ctx, field) +func (ec *executionContext) _Error_message(ctx context.Context, field graphql.CollectedField, obj *model.Error) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Error_message(ctx, field) if err != nil { return graphql.Null } @@ -11432,7 +12050,7 @@ func (ec *executionContext) _Mutation__admin_signup(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().AdminSignup(rctx, fc.Args["params"].(model.AdminSignupRequest)) + return obj.Message, nil }) if err != nil { ec.Error(ctx, err) @@ -11444,41 +12062,26 @@ func (ec *executionContext) _Mutation__admin_signup(ctx context.Context, field g } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(string) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__admin_signup(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Error_message(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Error", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation__admin_signup_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation__admin_login(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__admin_login(ctx, field) +func (ec *executionContext) _Error_reason(ctx context.Context, field graphql.CollectedField, obj *model.Error) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Error_reason(ctx, field) if err != nil { return graphql.Null } @@ -11491,7 +12094,7 @@ func (ec *executionContext) _Mutation__admin_login(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().AdminLogin(rctx, fc.Args["params"].(model.AdminLoginRequest)) + return obj.Reason, nil }) if err != nil { ec.Error(ctx, err) @@ -11503,41 +12106,26 @@ func (ec *executionContext) _Mutation__admin_login(ctx context.Context, field gr } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(string) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__admin_login(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Error_reason(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Error", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation__admin_login_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation__admin_logout(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__admin_logout(ctx, field) +func (ec *executionContext) _ForgotPasswordResponse_message(ctx context.Context, field graphql.CollectedField, obj *model.ForgotPasswordResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_ForgotPasswordResponse_message(ctx, field) if err != nil { return graphql.Null } @@ -11550,7 +12138,7 @@ func (ec *executionContext) _Mutation__admin_logout(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().AdminLogout(rctx) + return obj.Message, nil }) if err != nil { ec.Error(ctx, err) @@ -11562,30 +12150,26 @@ func (ec *executionContext) _Mutation__admin_logout(ctx context.Context, field g } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(string) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__admin_logout(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_ForgotPasswordResponse_message(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "ForgotPasswordResponse", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Mutation__update_env(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__update_env(ctx, field) +func (ec *executionContext) _ForgotPasswordResponse_should_show_mobile_otp_screen(ctx context.Context, field graphql.CollectedField, obj *model.ForgotPasswordResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_ForgotPasswordResponse_should_show_mobile_otp_screen(ctx, field) if err != nil { return graphql.Null } @@ -11598,53 +12182,35 @@ func (ec *executionContext) _Mutation__update_env(ctx context.Context, field gra }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().UpdateEnv(rctx, fc.Args["params"].(model.UpdateEnvRequest)) + return obj.ShouldShowMobileOtpScreen, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(*bool) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__update_env(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_ForgotPasswordResponse_should_show_mobile_otp_screen(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "ForgotPasswordResponse", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation__update_env_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation__invite_members(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__invite_members(ctx, field) +func (ec *executionContext) _GenerateJWTKeysResponse_secret(ctx context.Context, field graphql.CollectedField, obj *model.GenerateJWTKeysResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_GenerateJWTKeysResponse_secret(ctx, field) if err != nil { return graphql.Null } @@ -11657,55 +12223,35 @@ func (ec *executionContext) _Mutation__invite_members(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().InviteMembers(rctx, fc.Args["params"].(model.InviteMemberRequest)) + return obj.Secret, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.InviteMembersResponse) + res := resTmp.(*string) fc.Result = res - return ec.marshalNInviteMembersResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐInviteMembersResponse(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__invite_members(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_GenerateJWTKeysResponse_secret(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "GenerateJWTKeysResponse", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_InviteMembersResponse_message(ctx, field) - case "Users": - return ec.fieldContext_InviteMembersResponse_Users(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type InviteMembersResponse", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation__invite_members_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation__revoke_access(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__revoke_access(ctx, field) +func (ec *executionContext) _GenerateJWTKeysResponse_public_key(ctx context.Context, field graphql.CollectedField, obj *model.GenerateJWTKeysResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_GenerateJWTKeysResponse_public_key(ctx, field) if err != nil { return graphql.Null } @@ -11718,53 +12264,35 @@ func (ec *executionContext) _Mutation__revoke_access(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().RevokeAccess(rctx, fc.Args["param"].(model.UpdateAccessRequest)) + return obj.PublicKey, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(*string) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__revoke_access(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_GenerateJWTKeysResponse_public_key(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "GenerateJWTKeysResponse", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation__revoke_access_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation__enable_access(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__enable_access(ctx, field) +func (ec *executionContext) _GenerateJWTKeysResponse_private_key(ctx context.Context, field graphql.CollectedField, obj *model.GenerateJWTKeysResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_GenerateJWTKeysResponse_private_key(ctx, field) if err != nil { return graphql.Null } @@ -11777,53 +12305,35 @@ func (ec *executionContext) _Mutation__enable_access(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().EnableAccess(rctx, fc.Args["param"].(model.UpdateAccessRequest)) + return obj.PrivateKey, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(*string) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__enable_access(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_GenerateJWTKeysResponse_private_key(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "GenerateJWTKeysResponse", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation__enable_access_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation__generate_jwt_keys(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__generate_jwt_keys(ctx, field) +func (ec *executionContext) _InviteMembersResponse_message(ctx context.Context, field graphql.CollectedField, obj *model.InviteMembersResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_InviteMembersResponse_message(ctx, field) if err != nil { return graphql.Null } @@ -11836,7 +12346,7 @@ func (ec *executionContext) _Mutation__generate_jwt_keys(ctx context.Context, fi }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().GenerateJwtKeys(rctx, fc.Args["params"].(model.GenerateJWTKeysRequest)) + return obj.Message, nil }) if err != nil { ec.Error(ctx, err) @@ -11848,45 +12358,26 @@ func (ec *executionContext) _Mutation__generate_jwt_keys(ctx context.Context, fi } return graphql.Null } - res := resTmp.(*model.GenerateJWTKeysResponse) + res := resTmp.(string) fc.Result = res - return ec.marshalNGenerateJWTKeysResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐGenerateJWTKeysResponse(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__generate_jwt_keys(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_InviteMembersResponse_message(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "InviteMembersResponse", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "secret": - return ec.fieldContext_GenerateJWTKeysResponse_secret(ctx, field) - case "public_key": - return ec.fieldContext_GenerateJWTKeysResponse_public_key(ctx, field) - case "private_key": - return ec.fieldContext_GenerateJWTKeysResponse_private_key(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type GenerateJWTKeysResponse", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation__generate_jwt_keys_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation__add_webhook(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__add_webhook(ctx, field) +func (ec *executionContext) _InviteMembersResponse_Users(ctx context.Context, field graphql.CollectedField, obj *model.InviteMembersResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_InviteMembersResponse_Users(ctx, field) if err != nil { return graphql.Null } @@ -11899,7 +12390,7 @@ func (ec *executionContext) _Mutation__add_webhook(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().AddWebhook(rctx, fc.Args["params"].(model.AddWebhookRequest)) + return obj.Users, nil }) if err != nil { ec.Error(ctx, err) @@ -11911,41 +12402,68 @@ func (ec *executionContext) _Mutation__add_webhook(ctx context.Context, field gr } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.([]*model.User) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalNUser2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUserᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__add_webhook(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_InviteMembersResponse_Users(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "InviteMembersResponse", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) + case "id": + return ec.fieldContext_User_id(ctx, field) + case "email": + return ec.fieldContext_User_email(ctx, field) + case "email_verified": + return ec.fieldContext_User_email_verified(ctx, field) + case "signup_methods": + return ec.fieldContext_User_signup_methods(ctx, field) + case "given_name": + return ec.fieldContext_User_given_name(ctx, field) + case "family_name": + return ec.fieldContext_User_family_name(ctx, field) + case "middle_name": + return ec.fieldContext_User_middle_name(ctx, field) + case "nickname": + return ec.fieldContext_User_nickname(ctx, field) + case "preferred_username": + return ec.fieldContext_User_preferred_username(ctx, field) + case "gender": + return ec.fieldContext_User_gender(ctx, field) + case "birthdate": + return ec.fieldContext_User_birthdate(ctx, field) + case "phone_number": + return ec.fieldContext_User_phone_number(ctx, field) + case "phone_number_verified": + return ec.fieldContext_User_phone_number_verified(ctx, field) + case "picture": + return ec.fieldContext_User_picture(ctx, field) + case "roles": + return ec.fieldContext_User_roles(ctx, field) + case "created_at": + return ec.fieldContext_User_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_User_updated_at(ctx, field) + case "revoked_timestamp": + return ec.fieldContext_User_revoked_timestamp(ctx, field) + case "is_multi_factor_auth_enabled": + return ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field) + case "app_data": + return ec.fieldContext_User_app_data(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, fmt.Errorf("no field named %q was found under type User", field.Name) }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation__add_webhook_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation__update_webhook(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__update_webhook(ctx, field) +func (ec *executionContext) _Meta_version(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_version(ctx, field) if err != nil { return graphql.Null } @@ -11958,7 +12476,7 @@ func (ec *executionContext) _Mutation__update_webhook(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().UpdateWebhook(rctx, fc.Args["params"].(model.UpdateWebhookRequest)) + return obj.Version, nil }) if err != nil { ec.Error(ctx, err) @@ -11970,41 +12488,26 @@ func (ec *executionContext) _Mutation__update_webhook(ctx context.Context, field } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(string) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__update_webhook(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_version(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Meta", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation__update_webhook_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation__delete_webhook(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__delete_webhook(ctx, field) +func (ec *executionContext) _Meta_client_id(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_client_id(ctx, field) if err != nil { return graphql.Null } @@ -12017,7 +12520,7 @@ func (ec *executionContext) _Mutation__delete_webhook(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().DeleteWebhook(rctx, fc.Args["params"].(model.WebhookRequest)) + return obj.ClientID, nil }) if err != nil { ec.Error(ctx, err) @@ -12029,41 +12532,26 @@ func (ec *executionContext) _Mutation__delete_webhook(ctx context.Context, field } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(string) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__delete_webhook(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_client_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Meta", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation__delete_webhook_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation__test_endpoint(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__test_endpoint(ctx, field) +func (ec *executionContext) _Meta_is_google_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_google_login_enabled(ctx, field) if err != nil { return graphql.Null } @@ -12076,7 +12564,7 @@ func (ec *executionContext) _Mutation__test_endpoint(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().TestEndpoint(rctx, fc.Args["params"].(model.TestEndpointRequest)) + return obj.IsGoogleLoginEnabled, nil }) if err != nil { ec.Error(ctx, err) @@ -12088,43 +12576,26 @@ func (ec *executionContext) _Mutation__test_endpoint(ctx context.Context, field } return graphql.Null } - res := resTmp.(*model.TestEndpointResponse) + res := resTmp.(bool) fc.Result = res - return ec.marshalNTestEndpointResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐTestEndpointResponse(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__test_endpoint(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_is_google_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Meta", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "http_status": - return ec.fieldContext_TestEndpointResponse_http_status(ctx, field) - case "response": - return ec.fieldContext_TestEndpointResponse_response(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type TestEndpointResponse", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation__test_endpoint_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation__add_email_template(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__add_email_template(ctx, field) +func (ec *executionContext) _Meta_is_facebook_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_facebook_login_enabled(ctx, field) if err != nil { return graphql.Null } @@ -12137,7 +12608,7 @@ func (ec *executionContext) _Mutation__add_email_template(ctx context.Context, f }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().AddEmailTemplate(rctx, fc.Args["params"].(model.AddEmailTemplateRequest)) + return obj.IsFacebookLoginEnabled, nil }) if err != nil { ec.Error(ctx, err) @@ -12149,41 +12620,26 @@ func (ec *executionContext) _Mutation__add_email_template(ctx context.Context, f } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(bool) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__add_email_template(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_is_facebook_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Meta", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation__add_email_template_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation__update_email_template(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__update_email_template(ctx, field) +func (ec *executionContext) _Meta_is_github_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_github_login_enabled(ctx, field) if err != nil { return graphql.Null } @@ -12196,7 +12652,7 @@ func (ec *executionContext) _Mutation__update_email_template(ctx context.Context }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().UpdateEmailTemplate(rctx, fc.Args["params"].(model.UpdateEmailTemplateRequest)) + return obj.IsGithubLoginEnabled, nil }) if err != nil { ec.Error(ctx, err) @@ -12208,41 +12664,26 @@ func (ec *executionContext) _Mutation__update_email_template(ctx context.Context } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(bool) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__update_email_template(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_is_github_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Meta", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation__update_email_template_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Mutation__delete_email_template(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation__delete_email_template(ctx, field) +func (ec *executionContext) _Meta_is_linkedin_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_linkedin_login_enabled(ctx, field) if err != nil { return graphql.Null } @@ -12255,7 +12696,7 @@ func (ec *executionContext) _Mutation__delete_email_template(ctx context.Context }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().DeleteEmailTemplate(rctx, fc.Args["params"].(model.DeleteEmailTemplateRequest)) + return obj.IsLinkedinLoginEnabled, nil }) if err != nil { ec.Error(ctx, err) @@ -12267,41 +12708,26 @@ func (ec *executionContext) _Mutation__delete_email_template(ctx context.Context } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(bool) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation__delete_email_template(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_is_linkedin_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Mutation", + Object: "Meta", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_Response_message(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation__delete_email_template_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Pagination_limit(ctx context.Context, field graphql.CollectedField, obj *model.Pagination) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Pagination_limit(ctx, field) +func (ec *executionContext) _Meta_is_apple_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_apple_login_enabled(ctx, field) if err != nil { return graphql.Null } @@ -12314,7 +12740,7 @@ func (ec *executionContext) _Pagination_limit(ctx context.Context, field graphql }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Limit, nil + return obj.IsAppleLoginEnabled, nil }) if err != nil { ec.Error(ctx, err) @@ -12326,26 +12752,26 @@ func (ec *executionContext) _Pagination_limit(ctx context.Context, field graphql } return graphql.Null } - res := resTmp.(int64) + res := resTmp.(bool) fc.Result = res - return ec.marshalNInt642int64(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Pagination_limit(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_is_apple_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Pagination", + Object: "Meta", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Pagination_page(ctx context.Context, field graphql.CollectedField, obj *model.Pagination) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Pagination_page(ctx, field) +func (ec *executionContext) _Meta_is_discord_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_discord_login_enabled(ctx, field) if err != nil { return graphql.Null } @@ -12358,7 +12784,7 @@ func (ec *executionContext) _Pagination_page(ctx context.Context, field graphql. }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Page, nil + return obj.IsDiscordLoginEnabled, nil }) if err != nil { ec.Error(ctx, err) @@ -12370,26 +12796,26 @@ func (ec *executionContext) _Pagination_page(ctx context.Context, field graphql. } return graphql.Null } - res := resTmp.(int64) + res := resTmp.(bool) fc.Result = res - return ec.marshalNInt642int64(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Pagination_page(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_is_discord_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Pagination", + Object: "Meta", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Pagination_offset(ctx context.Context, field graphql.CollectedField, obj *model.Pagination) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Pagination_offset(ctx, field) +func (ec *executionContext) _Meta_is_twitter_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_twitter_login_enabled(ctx, field) if err != nil { return graphql.Null } @@ -12402,7 +12828,7 @@ func (ec *executionContext) _Pagination_offset(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Offset, nil + return obj.IsTwitterLoginEnabled, nil }) if err != nil { ec.Error(ctx, err) @@ -12414,26 +12840,26 @@ func (ec *executionContext) _Pagination_offset(ctx context.Context, field graphq } return graphql.Null } - res := resTmp.(int64) + res := resTmp.(bool) fc.Result = res - return ec.marshalNInt642int64(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Pagination_offset(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_is_twitter_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Pagination", + Object: "Meta", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Pagination_total(ctx context.Context, field graphql.CollectedField, obj *model.Pagination) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Pagination_total(ctx, field) +func (ec *executionContext) _Meta_is_microsoft_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_microsoft_login_enabled(ctx, field) if err != nil { return graphql.Null } @@ -12446,7 +12872,7 @@ func (ec *executionContext) _Pagination_total(ctx context.Context, field graphql }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Total, nil + return obj.IsMicrosoftLoginEnabled, nil }) if err != nil { ec.Error(ctx, err) @@ -12458,26 +12884,26 @@ func (ec *executionContext) _Pagination_total(ctx context.Context, field graphql } return graphql.Null } - res := resTmp.(int64) + res := resTmp.(bool) fc.Result = res - return ec.marshalNInt642int64(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Pagination_total(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_is_microsoft_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Pagination", + Object: "Meta", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Query_meta(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query_meta(ctx, field) +func (ec *executionContext) _Meta_is_twitch_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_twitch_login_enabled(ctx, field) if err != nil { return graphql.Null } @@ -12490,7 +12916,7 @@ func (ec *executionContext) _Query_meta(ctx context.Context, field graphql.Colle }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().Meta(rctx) + return obj.IsTwitchLoginEnabled, nil }) if err != nil { ec.Error(ctx, err) @@ -12502,68 +12928,26 @@ func (ec *executionContext) _Query_meta(ctx context.Context, field graphql.Colle } return graphql.Null } - res := resTmp.(*model.Meta) + res := resTmp.(bool) fc.Result = res - return ec.marshalNMeta2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐMeta(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query_meta(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_is_twitch_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Meta", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "version": - return ec.fieldContext_Meta_version(ctx, field) - case "client_id": - return ec.fieldContext_Meta_client_id(ctx, field) - case "is_google_login_enabled": - return ec.fieldContext_Meta_is_google_login_enabled(ctx, field) - case "is_facebook_login_enabled": - return ec.fieldContext_Meta_is_facebook_login_enabled(ctx, field) - case "is_github_login_enabled": - return ec.fieldContext_Meta_is_github_login_enabled(ctx, field) - case "is_linkedin_login_enabled": - return ec.fieldContext_Meta_is_linkedin_login_enabled(ctx, field) - case "is_apple_login_enabled": - return ec.fieldContext_Meta_is_apple_login_enabled(ctx, field) - case "is_discord_login_enabled": - return ec.fieldContext_Meta_is_discord_login_enabled(ctx, field) - case "is_twitter_login_enabled": - return ec.fieldContext_Meta_is_twitter_login_enabled(ctx, field) - case "is_microsoft_login_enabled": - return ec.fieldContext_Meta_is_microsoft_login_enabled(ctx, field) - case "is_twitch_login_enabled": - return ec.fieldContext_Meta_is_twitch_login_enabled(ctx, field) - case "is_roblox_login_enabled": - return ec.fieldContext_Meta_is_roblox_login_enabled(ctx, field) - case "is_email_verification_enabled": - return ec.fieldContext_Meta_is_email_verification_enabled(ctx, field) - case "is_basic_authentication_enabled": - return ec.fieldContext_Meta_is_basic_authentication_enabled(ctx, field) - case "is_magic_link_login_enabled": - return ec.fieldContext_Meta_is_magic_link_login_enabled(ctx, field) - case "is_sign_up_enabled": - return ec.fieldContext_Meta_is_sign_up_enabled(ctx, field) - case "is_strong_password_enabled": - return ec.fieldContext_Meta_is_strong_password_enabled(ctx, field) - case "is_multi_factor_auth_enabled": - return ec.fieldContext_Meta_is_multi_factor_auth_enabled(ctx, field) - case "is_mobile_basic_authentication_enabled": - return ec.fieldContext_Meta_is_mobile_basic_authentication_enabled(ctx, field) - case "is_phone_verification_enabled": - return ec.fieldContext_Meta_is_phone_verification_enabled(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Meta", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Query_session(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query_session(ctx, field) +func (ec *executionContext) _Meta_is_roblox_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_roblox_login_enabled(ctx, field) if err != nil { return graphql.Null } @@ -12576,7 +12960,7 @@ func (ec *executionContext) _Query_session(ctx context.Context, field graphql.Co }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().Session(rctx, fc.Args["params"].(*model.SessionQueryRequest)) + return obj.IsRobloxLoginEnabled, nil }) if err != nil { ec.Error(ctx, err) @@ -12588,63 +12972,26 @@ func (ec *executionContext) _Query_session(ctx context.Context, field graphql.Co } return graphql.Null } - res := resTmp.(*model.AuthResponse) + res := resTmp.(bool) fc.Result = res - return ec.marshalNAuthResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query_session(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_is_roblox_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Meta", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "message": - return ec.fieldContext_AuthResponse_message(ctx, field) - case "should_show_email_otp_screen": - return ec.fieldContext_AuthResponse_should_show_email_otp_screen(ctx, field) - case "should_show_mobile_otp_screen": - return ec.fieldContext_AuthResponse_should_show_mobile_otp_screen(ctx, field) - case "should_show_totp_screen": - return ec.fieldContext_AuthResponse_should_show_totp_screen(ctx, field) - case "access_token": - return ec.fieldContext_AuthResponse_access_token(ctx, field) - case "id_token": - return ec.fieldContext_AuthResponse_id_token(ctx, field) - case "refresh_token": - return ec.fieldContext_AuthResponse_refresh_token(ctx, field) - case "expires_in": - return ec.fieldContext_AuthResponse_expires_in(ctx, field) - case "user": - return ec.fieldContext_AuthResponse_user(ctx, field) - case "authenticator_scanner_image": - return ec.fieldContext_AuthResponse_authenticator_scanner_image(ctx, field) - case "authenticator_secret": - return ec.fieldContext_AuthResponse_authenticator_secret(ctx, field) - case "authenticator_recovery_codes": - return ec.fieldContext_AuthResponse_authenticator_recovery_codes(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type AuthResponse", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query_session_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Query_profile(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query_profile(ctx, field) +func (ec *executionContext) _Meta_is_email_verification_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_email_verification_enabled(ctx, field) if err != nil { return graphql.Null } @@ -12657,7 +13004,7 @@ func (ec *executionContext) _Query_profile(ctx context.Context, field graphql.Co }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().Profile(rctx) + return obj.IsEmailVerificationEnabled, nil }) if err != nil { ec.Error(ctx, err) @@ -12669,68 +13016,26 @@ func (ec *executionContext) _Query_profile(ctx context.Context, field graphql.Co } return graphql.Null } - res := resTmp.(*model.User) + res := resTmp.(bool) fc.Result = res - return ec.marshalNUser2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUser(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query_profile(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_is_email_verification_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Meta", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "id": - return ec.fieldContext_User_id(ctx, field) - case "email": - return ec.fieldContext_User_email(ctx, field) - case "email_verified": - return ec.fieldContext_User_email_verified(ctx, field) - case "signup_methods": - return ec.fieldContext_User_signup_methods(ctx, field) - case "given_name": - return ec.fieldContext_User_given_name(ctx, field) - case "family_name": - return ec.fieldContext_User_family_name(ctx, field) - case "middle_name": - return ec.fieldContext_User_middle_name(ctx, field) - case "nickname": - return ec.fieldContext_User_nickname(ctx, field) - case "preferred_username": - return ec.fieldContext_User_preferred_username(ctx, field) - case "gender": - return ec.fieldContext_User_gender(ctx, field) - case "birthdate": - return ec.fieldContext_User_birthdate(ctx, field) - case "phone_number": - return ec.fieldContext_User_phone_number(ctx, field) - case "phone_number_verified": - return ec.fieldContext_User_phone_number_verified(ctx, field) - case "picture": - return ec.fieldContext_User_picture(ctx, field) - case "roles": - return ec.fieldContext_User_roles(ctx, field) - case "created_at": - return ec.fieldContext_User_created_at(ctx, field) - case "updated_at": - return ec.fieldContext_User_updated_at(ctx, field) - case "revoked_timestamp": - return ec.fieldContext_User_revoked_timestamp(ctx, field) - case "is_multi_factor_auth_enabled": - return ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field) - case "app_data": - return ec.fieldContext_User_app_data(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type User", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Query_validate_jwt_token(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query_validate_jwt_token(ctx, field) +func (ec *executionContext) _Meta_is_basic_authentication_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_basic_authentication_enabled(ctx, field) if err != nil { return graphql.Null } @@ -12743,7 +13048,7 @@ func (ec *executionContext) _Query_validate_jwt_token(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().ValidateJwtToken(rctx, fc.Args["params"].(model.ValidateJWTTokenRequest)) + return obj.IsBasicAuthenticationEnabled, nil }) if err != nil { ec.Error(ctx, err) @@ -12755,43 +13060,26 @@ func (ec *executionContext) _Query_validate_jwt_token(ctx context.Context, field } return graphql.Null } - res := resTmp.(*model.ValidateJWTTokenResponse) + res := resTmp.(bool) fc.Result = res - return ec.marshalNValidateJWTTokenResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐValidateJWTTokenResponse(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query_validate_jwt_token(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_is_basic_authentication_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Meta", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "is_valid": - return ec.fieldContext_ValidateJWTTokenResponse_is_valid(ctx, field) - case "claims": - return ec.fieldContext_ValidateJWTTokenResponse_claims(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type ValidateJWTTokenResponse", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query_validate_jwt_token_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Query_validate_session(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query_validate_session(ctx, field) +func (ec *executionContext) _Meta_is_magic_link_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_magic_link_login_enabled(ctx, field) if err != nil { return graphql.Null } @@ -12804,7 +13092,7 @@ func (ec *executionContext) _Query_validate_session(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().ValidateSession(rctx, fc.Args["params"].(*model.ValidateSessionRequest)) + return obj.IsMagicLinkLoginEnabled, nil }) if err != nil { ec.Error(ctx, err) @@ -12816,43 +13104,26 @@ func (ec *executionContext) _Query_validate_session(ctx context.Context, field g } return graphql.Null } - res := resTmp.(*model.ValidateSessionResponse) + res := resTmp.(bool) fc.Result = res - return ec.marshalNValidateSessionResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐValidateSessionResponse(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query_validate_session(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_is_magic_link_login_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Meta", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "is_valid": - return ec.fieldContext_ValidateSessionResponse_is_valid(ctx, field) - case "user": - return ec.fieldContext_ValidateSessionResponse_user(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type ValidateSessionResponse", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query_validate_session_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Query__users(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query__users(ctx, field) +func (ec *executionContext) _Meta_is_sign_up_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_sign_up_enabled(ctx, field) if err != nil { return graphql.Null } @@ -12865,7 +13136,7 @@ func (ec *executionContext) _Query__users(ctx context.Context, field graphql.Col }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().Users(rctx, fc.Args["params"].(*model.PaginatedRequest)) + return obj.IsSignUpEnabled, nil }) if err != nil { ec.Error(ctx, err) @@ -12877,43 +13148,70 @@ func (ec *executionContext) _Query__users(ctx context.Context, field graphql.Col } return graphql.Null } - res := resTmp.(*model.Users) + res := resTmp.(bool) fc.Result = res - return ec.marshalNUsers2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUsers(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query__users(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_is_sign_up_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Meta", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "pagination": - return ec.fieldContext_Users_pagination(ctx, field) - case "users": - return ec.fieldContext_Users_users(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Users", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } + return fc, nil +} + +func (ec *executionContext) _Meta_is_strong_password_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_strong_password_enabled(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) defer func() { if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null } }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query__users_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.IsStrongPasswordEnabled, nil + }) + if err != nil { ec.Error(ctx, err) - return fc, err + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(bool) + fc.Result = res + return ec.marshalNBoolean2bool(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Meta_is_strong_password_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Meta", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type Boolean does not have child fields") + }, } return fc, nil } -func (ec *executionContext) _Query__user(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query__user(ctx, field) +func (ec *executionContext) _Meta_is_multi_factor_auth_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_multi_factor_auth_enabled(ctx, field) if err != nil { return graphql.Null } @@ -12926,7 +13224,7 @@ func (ec *executionContext) _Query__user(ctx context.Context, field graphql.Coll }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().User(rctx, fc.Args["params"].(model.GetUserRequest)) + return obj.IsMultiFactorAuthEnabled, nil }) if err != nil { ec.Error(ctx, err) @@ -12938,79 +13236,114 @@ func (ec *executionContext) _Query__user(ctx context.Context, field graphql.Coll } return graphql.Null } - res := resTmp.(*model.User) + res := resTmp.(bool) fc.Result = res - return ec.marshalNUser2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUser(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query__user(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Meta_is_multi_factor_auth_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Meta", Field: field, - IsMethod: true, - IsResolver: true, + IsMethod: false, + IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "id": - return ec.fieldContext_User_id(ctx, field) - case "email": - return ec.fieldContext_User_email(ctx, field) - case "email_verified": - return ec.fieldContext_User_email_verified(ctx, field) - case "signup_methods": - return ec.fieldContext_User_signup_methods(ctx, field) - case "given_name": - return ec.fieldContext_User_given_name(ctx, field) - case "family_name": - return ec.fieldContext_User_family_name(ctx, field) - case "middle_name": - return ec.fieldContext_User_middle_name(ctx, field) - case "nickname": - return ec.fieldContext_User_nickname(ctx, field) - case "preferred_username": - return ec.fieldContext_User_preferred_username(ctx, field) - case "gender": - return ec.fieldContext_User_gender(ctx, field) - case "birthdate": - return ec.fieldContext_User_birthdate(ctx, field) - case "phone_number": - return ec.fieldContext_User_phone_number(ctx, field) - case "phone_number_verified": - return ec.fieldContext_User_phone_number_verified(ctx, field) - case "picture": - return ec.fieldContext_User_picture(ctx, field) - case "roles": - return ec.fieldContext_User_roles(ctx, field) - case "created_at": - return ec.fieldContext_User_created_at(ctx, field) - case "updated_at": - return ec.fieldContext_User_updated_at(ctx, field) - case "revoked_timestamp": - return ec.fieldContext_User_revoked_timestamp(ctx, field) - case "is_multi_factor_auth_enabled": - return ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field) - case "app_data": - return ec.fieldContext_User_app_data(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type User", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } + return fc, nil +} + +func (ec *executionContext) _Meta_is_mobile_basic_authentication_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_mobile_basic_authentication_enabled(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) defer func() { if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null } }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.IsMobileBasicAuthenticationEnabled, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(bool) + fc.Result = res + return ec.marshalNBoolean2bool(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Meta_is_mobile_basic_authentication_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Meta", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type Boolean does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _Meta_is_phone_verification_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Meta_is_phone_verification_enabled(ctx, field) + if err != nil { + return graphql.Null + } ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query__user_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.IsPhoneVerificationEnabled, nil + }) + if err != nil { ec.Error(ctx, err) - return fc, err + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(bool) + fc.Result = res + return ec.marshalNBoolean2bool(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Meta_is_phone_verification_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Meta", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type Boolean does not have child fields") + }, } return fc, nil } -func (ec *executionContext) _Query__verification_requests(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query__verification_requests(ctx, field) +func (ec *executionContext) _Mutation_signup(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_signup(ctx, field) if err != nil { return graphql.Null } @@ -13023,7 +13356,7 @@ func (ec *executionContext) _Query__verification_requests(ctx context.Context, f }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().VerificationRequests(rctx, fc.Args["params"].(*model.PaginatedRequest)) + return ec.resolvers.Mutation().Signup(rctx, fc.Args["params"].(model.SignUpRequest)) }) if err != nil { ec.Error(ctx, err) @@ -13035,25 +13368,45 @@ func (ec *executionContext) _Query__verification_requests(ctx context.Context, f } return graphql.Null } - res := resTmp.(*model.VerificationRequests) + res := resTmp.(*model.AuthResponse) fc.Result = res - return ec.marshalNVerificationRequests2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐVerificationRequests(ctx, field.Selections, res) + return ec.marshalNAuthResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query__verification_requests(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_signup(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Mutation", Field: field, IsMethod: true, IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "pagination": - return ec.fieldContext_VerificationRequests_pagination(ctx, field) - case "verification_requests": - return ec.fieldContext_VerificationRequests_verification_requests(ctx, field) + case "message": + return ec.fieldContext_AuthResponse_message(ctx, field) + case "should_show_email_otp_screen": + return ec.fieldContext_AuthResponse_should_show_email_otp_screen(ctx, field) + case "should_show_mobile_otp_screen": + return ec.fieldContext_AuthResponse_should_show_mobile_otp_screen(ctx, field) + case "should_show_totp_screen": + return ec.fieldContext_AuthResponse_should_show_totp_screen(ctx, field) + case "access_token": + return ec.fieldContext_AuthResponse_access_token(ctx, field) + case "id_token": + return ec.fieldContext_AuthResponse_id_token(ctx, field) + case "refresh_token": + return ec.fieldContext_AuthResponse_refresh_token(ctx, field) + case "expires_in": + return ec.fieldContext_AuthResponse_expires_in(ctx, field) + case "user": + return ec.fieldContext_AuthResponse_user(ctx, field) + case "authenticator_scanner_image": + return ec.fieldContext_AuthResponse_authenticator_scanner_image(ctx, field) + case "authenticator_secret": + return ec.fieldContext_AuthResponse_authenticator_secret(ctx, field) + case "authenticator_recovery_codes": + return ec.fieldContext_AuthResponse_authenticator_recovery_codes(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type VerificationRequests", field.Name) + return nil, fmt.Errorf("no field named %q was found under type AuthResponse", field.Name) }, } defer func() { @@ -13063,15 +13416,15 @@ func (ec *executionContext) fieldContext_Query__verification_requests(ctx contex } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query__verification_requests_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_signup_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Query__admin_session(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query__admin_session(ctx, field) +func (ec *executionContext) _Mutation_mobile_signup(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_mobile_signup(ctx, field) if err != nil { return graphql.Null } @@ -13084,7 +13437,7 @@ func (ec *executionContext) _Query__admin_session(ctx context.Context, field gra }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().AdminSession(rctx) + return ec.resolvers.Mutation().MobileSignup(rctx, fc.Args["params"].(*model.MobileSignUpRequest)) }) if err != nil { ec.Error(ctx, err) @@ -13096,30 +13449,63 @@ func (ec *executionContext) _Query__admin_session(ctx context.Context, field gra } return graphql.Null } - res := resTmp.(*model.Response) + res := resTmp.(*model.AuthResponse) fc.Result = res - return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) + return ec.marshalNAuthResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query__admin_session(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_mobile_signup(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Mutation", Field: field, IsMethod: true, IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "message": - return ec.fieldContext_Response_message(ctx, field) + return ec.fieldContext_AuthResponse_message(ctx, field) + case "should_show_email_otp_screen": + return ec.fieldContext_AuthResponse_should_show_email_otp_screen(ctx, field) + case "should_show_mobile_otp_screen": + return ec.fieldContext_AuthResponse_should_show_mobile_otp_screen(ctx, field) + case "should_show_totp_screen": + return ec.fieldContext_AuthResponse_should_show_totp_screen(ctx, field) + case "access_token": + return ec.fieldContext_AuthResponse_access_token(ctx, field) + case "id_token": + return ec.fieldContext_AuthResponse_id_token(ctx, field) + case "refresh_token": + return ec.fieldContext_AuthResponse_refresh_token(ctx, field) + case "expires_in": + return ec.fieldContext_AuthResponse_expires_in(ctx, field) + case "user": + return ec.fieldContext_AuthResponse_user(ctx, field) + case "authenticator_scanner_image": + return ec.fieldContext_AuthResponse_authenticator_scanner_image(ctx, field) + case "authenticator_secret": + return ec.fieldContext_AuthResponse_authenticator_secret(ctx, field) + case "authenticator_recovery_codes": + return ec.fieldContext_AuthResponse_authenticator_recovery_codes(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + return nil, fmt.Errorf("no field named %q was found under type AuthResponse", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation_mobile_signup_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _Query__env(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query__env(ctx, field) +func (ec *executionContext) _Mutation_login(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_login(ctx, field) if err != nil { return graphql.Null } @@ -13132,7 +13518,7 @@ func (ec *executionContext) _Query__env(ctx context.Context, field graphql.Colle }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().Env(rctx) + return ec.resolvers.Mutation().Login(rctx, fc.Args["params"].(model.LoginRequest)) }) if err != nil { ec.Error(ctx, err) @@ -13144,170 +13530,63 @@ func (ec *executionContext) _Query__env(ctx context.Context, field graphql.Colle } return graphql.Null } - res := resTmp.(*model.Env) + res := resTmp.(*model.AuthResponse) fc.Result = res - return ec.marshalNEnv2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐEnv(ctx, field.Selections, res) + return ec.marshalNAuthResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query__env(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_login(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Mutation", Field: field, IsMethod: true, IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "ACCESS_TOKEN_EXPIRY_TIME": - return ec.fieldContext_Env_ACCESS_TOKEN_EXPIRY_TIME(ctx, field) - case "ADMIN_SECRET": - return ec.fieldContext_Env_ADMIN_SECRET(ctx, field) - case "DATABASE_NAME": - return ec.fieldContext_Env_DATABASE_NAME(ctx, field) - case "DATABASE_URL": - return ec.fieldContext_Env_DATABASE_URL(ctx, field) - case "DATABASE_TYPE": - return ec.fieldContext_Env_DATABASE_TYPE(ctx, field) - case "DATABASE_USERNAME": - return ec.fieldContext_Env_DATABASE_USERNAME(ctx, field) - case "DATABASE_PASSWORD": - return ec.fieldContext_Env_DATABASE_PASSWORD(ctx, field) - case "DATABASE_HOST": - return ec.fieldContext_Env_DATABASE_HOST(ctx, field) - case "DATABASE_PORT": - return ec.fieldContext_Env_DATABASE_PORT(ctx, field) - case "CLIENT_ID": - return ec.fieldContext_Env_CLIENT_ID(ctx, field) - case "CLIENT_SECRET": - return ec.fieldContext_Env_CLIENT_SECRET(ctx, field) - case "CUSTOM_ACCESS_TOKEN_SCRIPT": - return ec.fieldContext_Env_CUSTOM_ACCESS_TOKEN_SCRIPT(ctx, field) - case "SMTP_HOST": - return ec.fieldContext_Env_SMTP_HOST(ctx, field) - case "SMTP_PORT": - return ec.fieldContext_Env_SMTP_PORT(ctx, field) - case "SMTP_USERNAME": - return ec.fieldContext_Env_SMTP_USERNAME(ctx, field) - case "SMTP_PASSWORD": - return ec.fieldContext_Env_SMTP_PASSWORD(ctx, field) - case "SMTP_LOCAL_NAME": - return ec.fieldContext_Env_SMTP_LOCAL_NAME(ctx, field) - case "SENDER_EMAIL": - return ec.fieldContext_Env_SENDER_EMAIL(ctx, field) - case "SENDER_NAME": - return ec.fieldContext_Env_SENDER_NAME(ctx, field) - case "JWT_TYPE": - return ec.fieldContext_Env_JWT_TYPE(ctx, field) - case "JWT_SECRET": - return ec.fieldContext_Env_JWT_SECRET(ctx, field) - case "JWT_PRIVATE_KEY": - return ec.fieldContext_Env_JWT_PRIVATE_KEY(ctx, field) - case "JWT_PUBLIC_KEY": - return ec.fieldContext_Env_JWT_PUBLIC_KEY(ctx, field) - case "ALLOWED_ORIGINS": - return ec.fieldContext_Env_ALLOWED_ORIGINS(ctx, field) - case "APP_URL": - return ec.fieldContext_Env_APP_URL(ctx, field) - case "REDIS_URL": - return ec.fieldContext_Env_REDIS_URL(ctx, field) - case "RESET_PASSWORD_URL": - return ec.fieldContext_Env_RESET_PASSWORD_URL(ctx, field) - case "DISABLE_EMAIL_VERIFICATION": - return ec.fieldContext_Env_DISABLE_EMAIL_VERIFICATION(ctx, field) - case "DISABLE_BASIC_AUTHENTICATION": - return ec.fieldContext_Env_DISABLE_BASIC_AUTHENTICATION(ctx, field) - case "DISABLE_MOBILE_BASIC_AUTHENTICATION": - return ec.fieldContext_Env_DISABLE_MOBILE_BASIC_AUTHENTICATION(ctx, field) - case "DISABLE_MAGIC_LINK_LOGIN": - return ec.fieldContext_Env_DISABLE_MAGIC_LINK_LOGIN(ctx, field) - case "DISABLE_LOGIN_PAGE": - return ec.fieldContext_Env_DISABLE_LOGIN_PAGE(ctx, field) - case "DISABLE_SIGN_UP": - return ec.fieldContext_Env_DISABLE_SIGN_UP(ctx, field) - case "DISABLE_REDIS_FOR_ENV": - return ec.fieldContext_Env_DISABLE_REDIS_FOR_ENV(ctx, field) - case "DISABLE_STRONG_PASSWORD": - return ec.fieldContext_Env_DISABLE_STRONG_PASSWORD(ctx, field) - case "DISABLE_MULTI_FACTOR_AUTHENTICATION": - return ec.fieldContext_Env_DISABLE_MULTI_FACTOR_AUTHENTICATION(ctx, field) - case "ENFORCE_MULTI_FACTOR_AUTHENTICATION": - return ec.fieldContext_Env_ENFORCE_MULTI_FACTOR_AUTHENTICATION(ctx, field) - case "ROLES": - return ec.fieldContext_Env_ROLES(ctx, field) - case "PROTECTED_ROLES": - return ec.fieldContext_Env_PROTECTED_ROLES(ctx, field) - case "DEFAULT_ROLES": - return ec.fieldContext_Env_DEFAULT_ROLES(ctx, field) - case "JWT_ROLE_CLAIM": - return ec.fieldContext_Env_JWT_ROLE_CLAIM(ctx, field) - case "GOOGLE_CLIENT_ID": - return ec.fieldContext_Env_GOOGLE_CLIENT_ID(ctx, field) - case "GOOGLE_CLIENT_SECRET": - return ec.fieldContext_Env_GOOGLE_CLIENT_SECRET(ctx, field) - case "GITHUB_CLIENT_ID": - return ec.fieldContext_Env_GITHUB_CLIENT_ID(ctx, field) - case "GITHUB_CLIENT_SECRET": - return ec.fieldContext_Env_GITHUB_CLIENT_SECRET(ctx, field) - case "FACEBOOK_CLIENT_ID": - return ec.fieldContext_Env_FACEBOOK_CLIENT_ID(ctx, field) - case "FACEBOOK_CLIENT_SECRET": - return ec.fieldContext_Env_FACEBOOK_CLIENT_SECRET(ctx, field) - case "LINKEDIN_CLIENT_ID": - return ec.fieldContext_Env_LINKEDIN_CLIENT_ID(ctx, field) - case "LINKEDIN_CLIENT_SECRET": - return ec.fieldContext_Env_LINKEDIN_CLIENT_SECRET(ctx, field) - case "APPLE_CLIENT_ID": - return ec.fieldContext_Env_APPLE_CLIENT_ID(ctx, field) - case "APPLE_CLIENT_SECRET": - return ec.fieldContext_Env_APPLE_CLIENT_SECRET(ctx, field) - case "DISCORD_CLIENT_ID": - return ec.fieldContext_Env_DISCORD_CLIENT_ID(ctx, field) - case "DISCORD_CLIENT_SECRET": - return ec.fieldContext_Env_DISCORD_CLIENT_SECRET(ctx, field) - case "TWITTER_CLIENT_ID": - return ec.fieldContext_Env_TWITTER_CLIENT_ID(ctx, field) - case "TWITTER_CLIENT_SECRET": - return ec.fieldContext_Env_TWITTER_CLIENT_SECRET(ctx, field) - case "MICROSOFT_CLIENT_ID": - return ec.fieldContext_Env_MICROSOFT_CLIENT_ID(ctx, field) - case "MICROSOFT_CLIENT_SECRET": - return ec.fieldContext_Env_MICROSOFT_CLIENT_SECRET(ctx, field) - case "MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID": - return ec.fieldContext_Env_MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID(ctx, field) - case "TWITCH_CLIENT_ID": - return ec.fieldContext_Env_TWITCH_CLIENT_ID(ctx, field) - case "TWITCH_CLIENT_SECRET": - return ec.fieldContext_Env_TWITCH_CLIENT_SECRET(ctx, field) - case "ROBLOX_CLIENT_ID": - return ec.fieldContext_Env_ROBLOX_CLIENT_ID(ctx, field) - case "ROBLOX_CLIENT_SECRET": - return ec.fieldContext_Env_ROBLOX_CLIENT_SECRET(ctx, field) - case "ORGANIZATION_NAME": - return ec.fieldContext_Env_ORGANIZATION_NAME(ctx, field) - case "ORGANIZATION_LOGO": - return ec.fieldContext_Env_ORGANIZATION_LOGO(ctx, field) - case "APP_COOKIE_SECURE": - return ec.fieldContext_Env_APP_COOKIE_SECURE(ctx, field) - case "ADMIN_COOKIE_SECURE": - return ec.fieldContext_Env_ADMIN_COOKIE_SECURE(ctx, field) - case "DEFAULT_AUTHORIZE_RESPONSE_TYPE": - return ec.fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(ctx, field) - case "DEFAULT_AUTHORIZE_RESPONSE_MODE": - return ec.fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(ctx, field) - case "DISABLE_PLAYGROUND": - return ec.fieldContext_Env_DISABLE_PLAYGROUND(ctx, field) - case "DISABLE_MAIL_OTP_LOGIN": - return ec.fieldContext_Env_DISABLE_MAIL_OTP_LOGIN(ctx, field) - case "DISABLE_TOTP_LOGIN": - return ec.fieldContext_Env_DISABLE_TOTP_LOGIN(ctx, field) + case "message": + return ec.fieldContext_AuthResponse_message(ctx, field) + case "should_show_email_otp_screen": + return ec.fieldContext_AuthResponse_should_show_email_otp_screen(ctx, field) + case "should_show_mobile_otp_screen": + return ec.fieldContext_AuthResponse_should_show_mobile_otp_screen(ctx, field) + case "should_show_totp_screen": + return ec.fieldContext_AuthResponse_should_show_totp_screen(ctx, field) + case "access_token": + return ec.fieldContext_AuthResponse_access_token(ctx, field) + case "id_token": + return ec.fieldContext_AuthResponse_id_token(ctx, field) + case "refresh_token": + return ec.fieldContext_AuthResponse_refresh_token(ctx, field) + case "expires_in": + return ec.fieldContext_AuthResponse_expires_in(ctx, field) + case "user": + return ec.fieldContext_AuthResponse_user(ctx, field) + case "authenticator_scanner_image": + return ec.fieldContext_AuthResponse_authenticator_scanner_image(ctx, field) + case "authenticator_secret": + return ec.fieldContext_AuthResponse_authenticator_secret(ctx, field) + case "authenticator_recovery_codes": + return ec.fieldContext_AuthResponse_authenticator_recovery_codes(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type Env", field.Name) + return nil, fmt.Errorf("no field named %q was found under type AuthResponse", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation_login_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _Query__webhook(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query__webhook(ctx, field) +func (ec *executionContext) _Mutation_mobile_login(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_mobile_login(ctx, field) if err != nil { return graphql.Null } @@ -13320,7 +13599,7 @@ func (ec *executionContext) _Query__webhook(ctx context.Context, field graphql.C }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().Webhook(rctx, fc.Args["params"].(model.WebhookRequest)) + return ec.resolvers.Mutation().MobileLogin(rctx, fc.Args["params"].(model.MobileLoginRequest)) }) if err != nil { ec.Error(ctx, err) @@ -13332,37 +13611,45 @@ func (ec *executionContext) _Query__webhook(ctx context.Context, field graphql.C } return graphql.Null } - res := resTmp.(*model.Webhook) + res := resTmp.(*model.AuthResponse) fc.Result = res - return ec.marshalNWebhook2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐWebhook(ctx, field.Selections, res) + return ec.marshalNAuthResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query__webhook(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_mobile_login(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Mutation", Field: field, IsMethod: true, IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "id": - return ec.fieldContext_Webhook_id(ctx, field) - case "event_name": - return ec.fieldContext_Webhook_event_name(ctx, field) - case "event_description": - return ec.fieldContext_Webhook_event_description(ctx, field) - case "endpoint": - return ec.fieldContext_Webhook_endpoint(ctx, field) - case "enabled": - return ec.fieldContext_Webhook_enabled(ctx, field) - case "headers": - return ec.fieldContext_Webhook_headers(ctx, field) - case "created_at": - return ec.fieldContext_Webhook_created_at(ctx, field) - case "updated_at": - return ec.fieldContext_Webhook_updated_at(ctx, field) + case "message": + return ec.fieldContext_AuthResponse_message(ctx, field) + case "should_show_email_otp_screen": + return ec.fieldContext_AuthResponse_should_show_email_otp_screen(ctx, field) + case "should_show_mobile_otp_screen": + return ec.fieldContext_AuthResponse_should_show_mobile_otp_screen(ctx, field) + case "should_show_totp_screen": + return ec.fieldContext_AuthResponse_should_show_totp_screen(ctx, field) + case "access_token": + return ec.fieldContext_AuthResponse_access_token(ctx, field) + case "id_token": + return ec.fieldContext_AuthResponse_id_token(ctx, field) + case "refresh_token": + return ec.fieldContext_AuthResponse_refresh_token(ctx, field) + case "expires_in": + return ec.fieldContext_AuthResponse_expires_in(ctx, field) + case "user": + return ec.fieldContext_AuthResponse_user(ctx, field) + case "authenticator_scanner_image": + return ec.fieldContext_AuthResponse_authenticator_scanner_image(ctx, field) + case "authenticator_secret": + return ec.fieldContext_AuthResponse_authenticator_secret(ctx, field) + case "authenticator_recovery_codes": + return ec.fieldContext_AuthResponse_authenticator_recovery_codes(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type Webhook", field.Name) + return nil, fmt.Errorf("no field named %q was found under type AuthResponse", field.Name) }, } defer func() { @@ -13372,15 +13659,15 @@ func (ec *executionContext) fieldContext_Query__webhook(ctx context.Context, fie } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query__webhook_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_mobile_login_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Query__webhooks(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query__webhooks(ctx, field) +func (ec *executionContext) _Mutation_magic_link_login(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_magic_link_login(ctx, field) if err != nil { return graphql.Null } @@ -13393,7 +13680,7 @@ func (ec *executionContext) _Query__webhooks(ctx context.Context, field graphql. }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().Webhooks(rctx, fc.Args["params"].(*model.PaginatedRequest)) + return ec.resolvers.Mutation().MagicLinkLogin(rctx, fc.Args["params"].(model.MagicLinkLoginRequest)) }) if err != nil { ec.Error(ctx, err) @@ -13405,25 +13692,23 @@ func (ec *executionContext) _Query__webhooks(ctx context.Context, field graphql. } return graphql.Null } - res := resTmp.(*model.Webhooks) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalNWebhooks2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐWebhooks(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query__webhooks(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_magic_link_login(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Mutation", Field: field, IsMethod: true, IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "pagination": - return ec.fieldContext_Webhooks_pagination(ctx, field) - case "webhooks": - return ec.fieldContext_Webhooks_webhooks(ctx, field) + case "message": + return ec.fieldContext_Response_message(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type Webhooks", field.Name) + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } defer func() { @@ -13433,15 +13718,15 @@ func (ec *executionContext) fieldContext_Query__webhooks(ctx context.Context, fi } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query__webhooks_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_magic_link_login_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Query__webhook_logs(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query__webhook_logs(ctx, field) +func (ec *executionContext) _Mutation_logout(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_logout(ctx, field) if err != nil { return graphql.Null } @@ -13454,7 +13739,7 @@ func (ec *executionContext) _Query__webhook_logs(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().WebhookLogs(rctx, fc.Args["params"].(*model.ListWebhookLogRequest)) + return ec.resolvers.Mutation().Logout(rctx) }) if err != nil { ec.Error(ctx, err) @@ -13466,43 +13751,30 @@ func (ec *executionContext) _Query__webhook_logs(ctx context.Context, field grap } return graphql.Null } - res := resTmp.(*model.WebhookLogs) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalNWebhookLogs2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐWebhookLogs(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query__webhook_logs(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_logout(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Mutation", Field: field, IsMethod: true, IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "pagination": - return ec.fieldContext_WebhookLogs_pagination(ctx, field) - case "webhook_logs": - return ec.fieldContext_WebhookLogs_webhook_logs(ctx, field) + case "message": + return ec.fieldContext_Response_message(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type WebhookLogs", field.Name) + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query__webhook_logs_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) _Query__email_templates(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query__email_templates(ctx, field) +func (ec *executionContext) _Mutation_update_profile(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_update_profile(ctx, field) if err != nil { return graphql.Null } @@ -13515,7 +13787,7 @@ func (ec *executionContext) _Query__email_templates(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().EmailTemplates(rctx, fc.Args["params"].(*model.PaginatedRequest)) + return ec.resolvers.Mutation().UpdateProfile(rctx, fc.Args["params"].(model.UpdateProfileRequest)) }) if err != nil { ec.Error(ctx, err) @@ -13527,25 +13799,23 @@ func (ec *executionContext) _Query__email_templates(ctx context.Context, field g } return graphql.Null } - res := resTmp.(*model.EmailTemplates) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalNEmailTemplates2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐEmailTemplates(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query__email_templates(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_update_profile(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Mutation", Field: field, IsMethod: true, IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "pagination": - return ec.fieldContext_EmailTemplates_pagination(ctx, field) - case "email_templates": - return ec.fieldContext_EmailTemplates_email_templates(ctx, field) + case "message": + return ec.fieldContext_Response_message(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type EmailTemplates", field.Name) + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } defer func() { @@ -13555,15 +13825,15 @@ func (ec *executionContext) fieldContext_Query__email_templates(ctx context.Cont } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query__email_templates_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_update_profile_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Query__audit_logs(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query__audit_logs(ctx, field) +func (ec *executionContext) _Mutation_verify_email(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_verify_email(ctx, field) if err != nil { return graphql.Null } @@ -13576,7 +13846,7 @@ func (ec *executionContext) _Query__audit_logs(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().AuditLogs(rctx, fc.Args["params"].(*model.ListAuditLogRequest)) + return ec.resolvers.Mutation().VerifyEmail(rctx, fc.Args["params"].(model.VerifyEmailRequest)) }) if err != nil { ec.Error(ctx, err) @@ -13588,25 +13858,45 @@ func (ec *executionContext) _Query__audit_logs(ctx context.Context, field graphq } return graphql.Null } - res := resTmp.(*model.AuditLogs) + res := resTmp.(*model.AuthResponse) fc.Result = res - return ec.marshalNAuditLogs2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuditLogs(ctx, field.Selections, res) + return ec.marshalNAuthResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query__audit_logs(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_verify_email(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Mutation", Field: field, IsMethod: true, IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "pagination": - return ec.fieldContext_AuditLogs_pagination(ctx, field) - case "audit_logs": - return ec.fieldContext_AuditLogs_audit_logs(ctx, field) + case "message": + return ec.fieldContext_AuthResponse_message(ctx, field) + case "should_show_email_otp_screen": + return ec.fieldContext_AuthResponse_should_show_email_otp_screen(ctx, field) + case "should_show_mobile_otp_screen": + return ec.fieldContext_AuthResponse_should_show_mobile_otp_screen(ctx, field) + case "should_show_totp_screen": + return ec.fieldContext_AuthResponse_should_show_totp_screen(ctx, field) + case "access_token": + return ec.fieldContext_AuthResponse_access_token(ctx, field) + case "id_token": + return ec.fieldContext_AuthResponse_id_token(ctx, field) + case "refresh_token": + return ec.fieldContext_AuthResponse_refresh_token(ctx, field) + case "expires_in": + return ec.fieldContext_AuthResponse_expires_in(ctx, field) + case "user": + return ec.fieldContext_AuthResponse_user(ctx, field) + case "authenticator_scanner_image": + return ec.fieldContext_AuthResponse_authenticator_scanner_image(ctx, field) + case "authenticator_secret": + return ec.fieldContext_AuthResponse_authenticator_secret(ctx, field) + case "authenticator_recovery_codes": + return ec.fieldContext_AuthResponse_authenticator_recovery_codes(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type AuditLogs", field.Name) + return nil, fmt.Errorf("no field named %q was found under type AuthResponse", field.Name) }, } defer func() { @@ -13616,15 +13906,15 @@ func (ec *executionContext) fieldContext_Query__audit_logs(ctx context.Context, } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query__audit_logs_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_verify_email_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Query___type(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query___type(ctx, field) +func (ec *executionContext) _Mutation_resend_verify_email(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_resend_verify_email(ctx, field) if err != nil { return graphql.Null } @@ -13637,52 +13927,35 @@ func (ec *executionContext) _Query___type(ctx context.Context, field graphql.Col }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.introspectType(fc.Args["name"].(string)) + return ec.resolvers.Mutation().ResendVerifyEmail(rctx, fc.Args["params"].(model.ResendVerifyEmailRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*introspection.Type) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalO__Type2ᚖgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐType(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query___type(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_resend_verify_email(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Mutation", Field: field, IsMethod: true, - IsResolver: false, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "kind": - return ec.fieldContext___Type_kind(ctx, field) - case "name": - return ec.fieldContext___Type_name(ctx, field) - case "description": - return ec.fieldContext___Type_description(ctx, field) - case "specifiedByURL": - return ec.fieldContext___Type_specifiedByURL(ctx, field) - case "fields": - return ec.fieldContext___Type_fields(ctx, field) - case "interfaces": - return ec.fieldContext___Type_interfaces(ctx, field) - case "possibleTypes": - return ec.fieldContext___Type_possibleTypes(ctx, field) - case "enumValues": - return ec.fieldContext___Type_enumValues(ctx, field) - case "inputFields": - return ec.fieldContext___Type_inputFields(ctx, field) - case "ofType": - return ec.fieldContext___Type_ofType(ctx, field) - case "isOneOf": - return ec.fieldContext___Type_isOneOf(ctx, field) + case "message": + return ec.fieldContext_Response_message(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } defer func() { @@ -13692,15 +13965,15 @@ func (ec *executionContext) fieldContext_Query___type(ctx context.Context, field } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query___type_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_resend_verify_email_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Query___schema(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query___schema(ctx, field) +func (ec *executionContext) _Mutation_forgot_password(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_forgot_password(ctx, field) if err != nil { return graphql.Null } @@ -13713,49 +13986,55 @@ func (ec *executionContext) _Query___schema(ctx context.Context, field graphql.C }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return ec.introspectSchema() + return ec.resolvers.Mutation().ForgotPassword(rctx, fc.Args["params"].(model.ForgotPasswordRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*introspection.Schema) + res := resTmp.(*model.ForgotPasswordResponse) fc.Result = res - return ec.marshalO__Schema2ᚖgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐSchema(ctx, field.Selections, res) + return ec.marshalNForgotPasswordResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐForgotPasswordResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query___schema(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_forgot_password(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Query", + Object: "Mutation", Field: field, IsMethod: true, - IsResolver: false, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "description": - return ec.fieldContext___Schema_description(ctx, field) - case "types": - return ec.fieldContext___Schema_types(ctx, field) - case "queryType": - return ec.fieldContext___Schema_queryType(ctx, field) - case "mutationType": - return ec.fieldContext___Schema_mutationType(ctx, field) - case "subscriptionType": - return ec.fieldContext___Schema_subscriptionType(ctx, field) - case "directives": - return ec.fieldContext___Schema_directives(ctx, field) + case "message": + return ec.fieldContext_ForgotPasswordResponse_message(ctx, field) + case "should_show_mobile_otp_screen": + return ec.fieldContext_ForgotPasswordResponse_should_show_mobile_otp_screen(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type __Schema", field.Name) + return nil, fmt.Errorf("no field named %q was found under type ForgotPasswordResponse", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation_forgot_password_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _Response_message(ctx context.Context, field graphql.CollectedField, obj *model.Response) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Response_message(ctx, field) +func (ec *executionContext) _Mutation_reset_password(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_reset_password(ctx, field) if err != nil { return graphql.Null } @@ -13768,7 +14047,7 @@ func (ec *executionContext) _Response_message(ctx context.Context, field graphql }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Message, nil + return ec.resolvers.Mutation().ResetPassword(rctx, fc.Args["params"].(model.ResetPasswordRequest)) }) if err != nil { ec.Error(ctx, err) @@ -13780,26 +14059,41 @@ func (ec *executionContext) _Response_message(ctx context.Context, field graphql } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Response_message(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_reset_password(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Response", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation_reset_password_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _TestEndpointResponse_http_status(ctx context.Context, field graphql.CollectedField, obj *model.TestEndpointResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_TestEndpointResponse_http_status(ctx, field) +func (ec *executionContext) _Mutation_revoke(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_revoke(ctx, field) if err != nil { return graphql.Null } @@ -13812,35 +14106,53 @@ func (ec *executionContext) _TestEndpointResponse_http_status(ctx context.Contex }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.HTTPStatus, nil + return ec.resolvers.Mutation().Revoke(rctx, fc.Args["params"].(model.OAuthRevokeRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*int64) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_TestEndpointResponse_http_status(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_revoke(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "TestEndpointResponse", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } - return fc, nil -} - -func (ec *executionContext) _TestEndpointResponse_response(ctx context.Context, field graphql.CollectedField, obj *model.TestEndpointResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_TestEndpointResponse_response(ctx, field) + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation_revoke_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } + return fc, nil +} + +func (ec *executionContext) _Mutation_verify_otp(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_verify_otp(ctx, field) if err != nil { return graphql.Null } @@ -13853,35 +14165,75 @@ func (ec *executionContext) _TestEndpointResponse_response(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Response, nil + return ec.resolvers.Mutation().VerifyOtp(rctx, fc.Args["params"].(model.VerifyOTPRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.AuthResponse) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNAuthResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_TestEndpointResponse_response(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_verify_otp(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "TestEndpointResponse", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_AuthResponse_message(ctx, field) + case "should_show_email_otp_screen": + return ec.fieldContext_AuthResponse_should_show_email_otp_screen(ctx, field) + case "should_show_mobile_otp_screen": + return ec.fieldContext_AuthResponse_should_show_mobile_otp_screen(ctx, field) + case "should_show_totp_screen": + return ec.fieldContext_AuthResponse_should_show_totp_screen(ctx, field) + case "access_token": + return ec.fieldContext_AuthResponse_access_token(ctx, field) + case "id_token": + return ec.fieldContext_AuthResponse_id_token(ctx, field) + case "refresh_token": + return ec.fieldContext_AuthResponse_refresh_token(ctx, field) + case "expires_in": + return ec.fieldContext_AuthResponse_expires_in(ctx, field) + case "user": + return ec.fieldContext_AuthResponse_user(ctx, field) + case "authenticator_scanner_image": + return ec.fieldContext_AuthResponse_authenticator_scanner_image(ctx, field) + case "authenticator_secret": + return ec.fieldContext_AuthResponse_authenticator_secret(ctx, field) + case "authenticator_recovery_codes": + return ec.fieldContext_AuthResponse_authenticator_recovery_codes(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuthResponse", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation_verify_otp_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_id(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_id(ctx, field) +func (ec *executionContext) _Mutation_resend_otp(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_resend_otp(ctx, field) if err != nil { return graphql.Null } @@ -13894,7 +14246,7 @@ func (ec *executionContext) _User_id(ctx context.Context, field graphql.Collecte }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.ID, nil + return ec.resolvers.Mutation().ResendOtp(rctx, fc.Args["params"].(model.ResendOTPRequest)) }) if err != nil { ec.Error(ctx, err) @@ -13906,26 +14258,41 @@ func (ec *executionContext) _User_id(ctx context.Context, field graphql.Collecte } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalNID2string(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_resend_otp(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type ID does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation_resend_otp_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_email(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_email(ctx, field) +func (ec *executionContext) _Mutation_deactivate_account(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_deactivate_account(ctx, field) if err != nil { return graphql.Null } @@ -13938,35 +14305,42 @@ func (ec *executionContext) _User_email(ctx context.Context, field graphql.Colle }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Email, nil + return ec.resolvers.Mutation().DeactivateAccount(rctx) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_email(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_deactivate_account(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } return fc, nil } -func (ec *executionContext) _User_email_verified(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_email_verified(ctx, field) +func (ec *executionContext) _Mutation__delete_user(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__delete_user(ctx, field) if err != nil { return graphql.Null } @@ -13979,7 +14353,7 @@ func (ec *executionContext) _User_email_verified(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.EmailVerified, nil + return ec.resolvers.Mutation().DeleteUser(rctx, fc.Args["params"].(model.DeleteUserRequest)) }) if err != nil { ec.Error(ctx, err) @@ -13991,26 +14365,41 @@ func (ec *executionContext) _User_email_verified(ctx context.Context, field grap } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_email_verified(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__delete_user(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__delete_user_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_signup_methods(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_signup_methods(ctx, field) +func (ec *executionContext) _Mutation__update_user(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__update_user(ctx, field) if err != nil { return graphql.Null } @@ -14023,7 +14412,7 @@ func (ec *executionContext) _User_signup_methods(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.SignupMethods, nil + return ec.resolvers.Mutation().UpdateUser(rctx, fc.Args["params"].(model.UpdateUserRequest)) }) if err != nil { ec.Error(ctx, err) @@ -14035,26 +14424,79 @@ func (ec *executionContext) _User_signup_methods(ctx context.Context, field grap } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*model.User) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalNUser2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUser(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_signup_methods(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__update_user(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_User_id(ctx, field) + case "email": + return ec.fieldContext_User_email(ctx, field) + case "email_verified": + return ec.fieldContext_User_email_verified(ctx, field) + case "signup_methods": + return ec.fieldContext_User_signup_methods(ctx, field) + case "given_name": + return ec.fieldContext_User_given_name(ctx, field) + case "family_name": + return ec.fieldContext_User_family_name(ctx, field) + case "middle_name": + return ec.fieldContext_User_middle_name(ctx, field) + case "nickname": + return ec.fieldContext_User_nickname(ctx, field) + case "preferred_username": + return ec.fieldContext_User_preferred_username(ctx, field) + case "gender": + return ec.fieldContext_User_gender(ctx, field) + case "birthdate": + return ec.fieldContext_User_birthdate(ctx, field) + case "phone_number": + return ec.fieldContext_User_phone_number(ctx, field) + case "phone_number_verified": + return ec.fieldContext_User_phone_number_verified(ctx, field) + case "picture": + return ec.fieldContext_User_picture(ctx, field) + case "roles": + return ec.fieldContext_User_roles(ctx, field) + case "created_at": + return ec.fieldContext_User_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_User_updated_at(ctx, field) + case "revoked_timestamp": + return ec.fieldContext_User_revoked_timestamp(ctx, field) + case "is_multi_factor_auth_enabled": + return ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field) + case "app_data": + return ec.fieldContext_User_app_data(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type User", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__update_user_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_given_name(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_given_name(ctx, field) +func (ec *executionContext) _Mutation__admin_signup(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__admin_signup(ctx, field) if err != nil { return graphql.Null } @@ -14067,35 +14509,53 @@ func (ec *executionContext) _User_given_name(ctx context.Context, field graphql. }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.GivenName, nil + return ec.resolvers.Mutation().AdminSignup(rctx, fc.Args["params"].(model.AdminSignupRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_given_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__admin_signup(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__admin_signup_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_family_name(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_family_name(ctx, field) +func (ec *executionContext) _Mutation__admin_login(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__admin_login(ctx, field) if err != nil { return graphql.Null } @@ -14108,35 +14568,53 @@ func (ec *executionContext) _User_family_name(ctx context.Context, field graphql }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.FamilyName, nil + return ec.resolvers.Mutation().AdminLogin(rctx, fc.Args["params"].(model.AdminLoginRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_family_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__admin_login(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__admin_login_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_middle_name(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_middle_name(ctx, field) +func (ec *executionContext) _Mutation__admin_logout(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__admin_logout(ctx, field) if err != nil { return graphql.Null } @@ -14149,35 +14627,42 @@ func (ec *executionContext) _User_middle_name(ctx context.Context, field graphql }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.MiddleName, nil + return ec.resolvers.Mutation().AdminLogout(rctx) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_middle_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__admin_logout(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } return fc, nil } -func (ec *executionContext) _User_nickname(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_nickname(ctx, field) +func (ec *executionContext) _Mutation__update_env(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__update_env(ctx, field) if err != nil { return graphql.Null } @@ -14190,35 +14675,53 @@ func (ec *executionContext) _User_nickname(ctx context.Context, field graphql.Co }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Nickname, nil + return ec.resolvers.Mutation().UpdateEnv(rctx, fc.Args["params"].(model.UpdateEnvRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_nickname(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__update_env(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__update_env_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_preferred_username(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_preferred_username(ctx, field) +func (ec *executionContext) _Mutation__invite_members(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__invite_members(ctx, field) if err != nil { return graphql.Null } @@ -14231,35 +14734,55 @@ func (ec *executionContext) _User_preferred_username(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.PreferredUsername, nil + return ec.resolvers.Mutation().InviteMembers(rctx, fc.Args["params"].(model.InviteMemberRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.InviteMembersResponse) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNInviteMembersResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐInviteMembersResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_preferred_username(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__invite_members(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_InviteMembersResponse_message(ctx, field) + case "Users": + return ec.fieldContext_InviteMembersResponse_Users(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type InviteMembersResponse", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__invite_members_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_gender(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_gender(ctx, field) +func (ec *executionContext) _Mutation__revoke_access(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__revoke_access(ctx, field) if err != nil { return graphql.Null } @@ -14272,35 +14795,53 @@ func (ec *executionContext) _User_gender(ctx context.Context, field graphql.Coll }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Gender, nil + return ec.resolvers.Mutation().RevokeAccess(rctx, fc.Args["param"].(model.UpdateAccessRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_gender(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__revoke_access(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__revoke_access_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_birthdate(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_birthdate(ctx, field) +func (ec *executionContext) _Mutation__enable_access(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__enable_access(ctx, field) if err != nil { return graphql.Null } @@ -14313,35 +14854,53 @@ func (ec *executionContext) _User_birthdate(ctx context.Context, field graphql.C }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Birthdate, nil + return ec.resolvers.Mutation().EnableAccess(rctx, fc.Args["param"].(model.UpdateAccessRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_birthdate(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__enable_access(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__enable_access_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_phone_number(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_phone_number(ctx, field) +func (ec *executionContext) _Mutation__generate_jwt_keys(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__generate_jwt_keys(ctx, field) if err != nil { return graphql.Null } @@ -14354,35 +14913,57 @@ func (ec *executionContext) _User_phone_number(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.PhoneNumber, nil + return ec.resolvers.Mutation().GenerateJwtKeys(rctx, fc.Args["params"].(model.GenerateJWTKeysRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.GenerateJWTKeysResponse) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNGenerateJWTKeysResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐGenerateJWTKeysResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_phone_number(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__generate_jwt_keys(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "secret": + return ec.fieldContext_GenerateJWTKeysResponse_secret(ctx, field) + case "public_key": + return ec.fieldContext_GenerateJWTKeysResponse_public_key(ctx, field) + case "private_key": + return ec.fieldContext_GenerateJWTKeysResponse_private_key(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type GenerateJWTKeysResponse", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__generate_jwt_keys_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_phone_number_verified(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_phone_number_verified(ctx, field) +func (ec *executionContext) _Mutation__add_webhook(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__add_webhook(ctx, field) if err != nil { return graphql.Null } @@ -14395,7 +14976,7 @@ func (ec *executionContext) _User_phone_number_verified(ctx context.Context, fie }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.PhoneNumberVerified, nil + return ec.resolvers.Mutation().AddWebhook(rctx, fc.Args["params"].(model.AddWebhookRequest)) }) if err != nil { ec.Error(ctx, err) @@ -14407,26 +14988,41 @@ func (ec *executionContext) _User_phone_number_verified(ctx context.Context, fie } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_phone_number_verified(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__add_webhook(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__add_webhook_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_picture(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_picture(ctx, field) +func (ec *executionContext) _Mutation__update_webhook(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__update_webhook(ctx, field) if err != nil { return graphql.Null } @@ -14439,35 +15035,53 @@ func (ec *executionContext) _User_picture(ctx context.Context, field graphql.Col }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Picture, nil + return ec.resolvers.Mutation().UpdateWebhook(rctx, fc.Args["params"].(model.UpdateWebhookRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_picture(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__update_webhook(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__update_webhook_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_roles(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_roles(ctx, field) +func (ec *executionContext) _Mutation__delete_webhook(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__delete_webhook(ctx, field) if err != nil { return graphql.Null } @@ -14480,7 +15094,7 @@ func (ec *executionContext) _User_roles(ctx context.Context, field graphql.Colle }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Roles, nil + return ec.resolvers.Mutation().DeleteWebhook(rctx, fc.Args["params"].(model.WebhookRequest)) }) if err != nil { ec.Error(ctx, err) @@ -14492,26 +15106,41 @@ func (ec *executionContext) _User_roles(ctx context.Context, field graphql.Colle } return graphql.Null } - res := resTmp.([]string) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalNString2ᚕstringᚄ(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_roles(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__delete_webhook(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__delete_webhook_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_created_at(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_created_at(ctx, field) +func (ec *executionContext) _Mutation__test_endpoint(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__test_endpoint(ctx, field) if err != nil { return graphql.Null } @@ -14524,35 +15153,55 @@ func (ec *executionContext) _User_created_at(ctx context.Context, field graphql. }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.CreatedAt, nil + return ec.resolvers.Mutation().TestEndpoint(rctx, fc.Args["params"].(model.TestEndpointRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*int64) + res := resTmp.(*model.TestEndpointResponse) fc.Result = res - return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) + return ec.marshalNTestEndpointResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐTestEndpointResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_created_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__test_endpoint(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + switch field.Name { + case "http_status": + return ec.fieldContext_TestEndpointResponse_http_status(ctx, field) + case "response": + return ec.fieldContext_TestEndpointResponse_response(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type TestEndpointResponse", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__test_endpoint_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_updated_at(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_updated_at(ctx, field) +func (ec *executionContext) _Mutation__add_email_template(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__add_email_template(ctx, field) if err != nil { return graphql.Null } @@ -14565,35 +15214,53 @@ func (ec *executionContext) _User_updated_at(ctx context.Context, field graphql. }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.UpdatedAt, nil + return ec.resolvers.Mutation().AddEmailTemplate(rctx, fc.Args["params"].(model.AddEmailTemplateRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*int64) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_updated_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__add_email_template(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__add_email_template_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_revoked_timestamp(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_revoked_timestamp(ctx, field) +func (ec *executionContext) _Mutation__update_email_template(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__update_email_template(ctx, field) if err != nil { return graphql.Null } @@ -14606,35 +15273,53 @@ func (ec *executionContext) _User_revoked_timestamp(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.RevokedTimestamp, nil + return ec.resolvers.Mutation().UpdateEmailTemplate(rctx, fc.Args["params"].(model.UpdateEmailTemplateRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*int64) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_revoked_timestamp(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__update_email_template(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__update_email_template_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_is_multi_factor_auth_enabled(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field) +func (ec *executionContext) _Mutation__delete_email_template(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__delete_email_template(ctx, field) if err != nil { return graphql.Null } @@ -14647,35 +15332,53 @@ func (ec *executionContext) _User_is_multi_factor_auth_enabled(ctx context.Conte }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsMultiFactorAuthEnabled, nil + return ec.resolvers.Mutation().DeleteEmailTemplate(rctx, fc.Args["params"].(model.DeleteEmailTemplateRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*bool) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_is_multi_factor_auth_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__delete_email_template(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__delete_email_template_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _User_app_data(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_User_app_data(ctx, field) +func (ec *executionContext) _Mutation__add_resource(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__add_resource(ctx, field) if err != nil { return graphql.Null } @@ -14688,35 +15391,61 @@ func (ec *executionContext) _User_app_data(ctx context.Context, field graphql.Co }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.AppData, nil + return ec.resolvers.Mutation().AddResource(rctx, fc.Args["params"].(model.AddResourceInput)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(map[string]any) + res := resTmp.(*model.AuthzResource) fc.Result = res - return ec.marshalOMap2map(ctx, field.Selections, res) + return ec.marshalNAuthzResource2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzResource(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_User_app_data(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__add_resource(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "User", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Map does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_AuthzResource_id(ctx, field) + case "name": + return ec.fieldContext_AuthzResource_name(ctx, field) + case "description": + return ec.fieldContext_AuthzResource_description(ctx, field) + case "created_at": + return ec.fieldContext_AuthzResource_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_AuthzResource_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuthzResource", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__add_resource_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _Users_pagination(ctx context.Context, field graphql.CollectedField, obj *model.Users) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Users_pagination(ctx, field) +func (ec *executionContext) _Mutation__update_resource(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__update_resource(ctx, field) if err != nil { return graphql.Null } @@ -14729,7 +15458,7 @@ func (ec *executionContext) _Users_pagination(ctx context.Context, field graphql }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Pagination, nil + return ec.resolvers.Mutation().UpdateResource(rctx, fc.Args["params"].(model.UpdateResourceInput)) }) if err != nil { ec.Error(ctx, err) @@ -14741,36 +15470,49 @@ func (ec *executionContext) _Users_pagination(ctx context.Context, field graphql } return graphql.Null } - res := resTmp.(*model.Pagination) + res := resTmp.(*model.AuthzResource) fc.Result = res - return ec.marshalNPagination2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPagination(ctx, field.Selections, res) + return ec.marshalNAuthzResource2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzResource(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Users_pagination(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__update_resource(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Users", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "limit": - return ec.fieldContext_Pagination_limit(ctx, field) - case "page": - return ec.fieldContext_Pagination_page(ctx, field) - case "offset": - return ec.fieldContext_Pagination_offset(ctx, field) - case "total": - return ec.fieldContext_Pagination_total(ctx, field) + case "id": + return ec.fieldContext_AuthzResource_id(ctx, field) + case "name": + return ec.fieldContext_AuthzResource_name(ctx, field) + case "description": + return ec.fieldContext_AuthzResource_description(ctx, field) + case "created_at": + return ec.fieldContext_AuthzResource_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_AuthzResource_updated_at(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type Pagination", field.Name) + return nil, fmt.Errorf("no field named %q was found under type AuthzResource", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__update_resource_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _Users_users(ctx context.Context, field graphql.CollectedField, obj *model.Users) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Users_users(ctx, field) +func (ec *executionContext) _Mutation__delete_resource(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__delete_resource(ctx, field) if err != nil { return graphql.Null } @@ -14783,7 +15525,7 @@ func (ec *executionContext) _Users_users(ctx context.Context, field graphql.Coll }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Users, nil + return ec.resolvers.Mutation().DeleteResource(rctx, fc.Args["id"].(string)) }) if err != nil { ec.Error(ctx, err) @@ -14795,68 +15537,41 @@ func (ec *executionContext) _Users_users(ctx context.Context, field graphql.Coll } return graphql.Null } - res := resTmp.([]*model.User) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalNUser2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUserᚄ(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Users_users(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__delete_resource(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Users", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "id": - return ec.fieldContext_User_id(ctx, field) - case "email": - return ec.fieldContext_User_email(ctx, field) - case "email_verified": - return ec.fieldContext_User_email_verified(ctx, field) - case "signup_methods": - return ec.fieldContext_User_signup_methods(ctx, field) - case "given_name": - return ec.fieldContext_User_given_name(ctx, field) - case "family_name": - return ec.fieldContext_User_family_name(ctx, field) - case "middle_name": - return ec.fieldContext_User_middle_name(ctx, field) - case "nickname": - return ec.fieldContext_User_nickname(ctx, field) - case "preferred_username": - return ec.fieldContext_User_preferred_username(ctx, field) - case "gender": - return ec.fieldContext_User_gender(ctx, field) - case "birthdate": - return ec.fieldContext_User_birthdate(ctx, field) - case "phone_number": - return ec.fieldContext_User_phone_number(ctx, field) - case "phone_number_verified": - return ec.fieldContext_User_phone_number_verified(ctx, field) - case "picture": - return ec.fieldContext_User_picture(ctx, field) - case "roles": - return ec.fieldContext_User_roles(ctx, field) - case "created_at": - return ec.fieldContext_User_created_at(ctx, field) - case "updated_at": - return ec.fieldContext_User_updated_at(ctx, field) - case "revoked_timestamp": - return ec.fieldContext_User_revoked_timestamp(ctx, field) - case "is_multi_factor_auth_enabled": - return ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field) - case "app_data": - return ec.fieldContext_User_app_data(ctx, field) + case "message": + return ec.fieldContext_Response_message(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type User", field.Name) + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__delete_resource_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _ValidateJWTTokenResponse_is_valid(ctx context.Context, field graphql.CollectedField, obj *model.ValidateJWTTokenResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_ValidateJWTTokenResponse_is_valid(ctx, field) +func (ec *executionContext) _Mutation__add_scope(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__add_scope(ctx, field) if err != nil { return graphql.Null } @@ -14869,7 +15584,7 @@ func (ec *executionContext) _ValidateJWTTokenResponse_is_valid(ctx context.Conte }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsValid, nil + return ec.resolvers.Mutation().AddScope(rctx, fc.Args["params"].(model.AddScopeInput)) }) if err != nil { ec.Error(ctx, err) @@ -14881,26 +15596,49 @@ func (ec *executionContext) _ValidateJWTTokenResponse_is_valid(ctx context.Conte } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*model.AuthzScope) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalNAuthzScope2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzScope(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_ValidateJWTTokenResponse_is_valid(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__add_scope(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "ValidateJWTTokenResponse", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_AuthzScope_id(ctx, field) + case "name": + return ec.fieldContext_AuthzScope_name(ctx, field) + case "description": + return ec.fieldContext_AuthzScope_description(ctx, field) + case "created_at": + return ec.fieldContext_AuthzScope_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_AuthzScope_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuthzScope", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__add_scope_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _ValidateJWTTokenResponse_claims(ctx context.Context, field graphql.CollectedField, obj *model.ValidateJWTTokenResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_ValidateJWTTokenResponse_claims(ctx, field) +func (ec *executionContext) _Mutation__update_scope(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__update_scope(ctx, field) if err != nil { return graphql.Null } @@ -14913,35 +15651,61 @@ func (ec *executionContext) _ValidateJWTTokenResponse_claims(ctx context.Context }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Claims, nil + return ec.resolvers.Mutation().UpdateScope(rctx, fc.Args["params"].(model.UpdateScopeInput)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(map[string]any) + res := resTmp.(*model.AuthzScope) fc.Result = res - return ec.marshalOMap2map(ctx, field.Selections, res) + return ec.marshalNAuthzScope2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzScope(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_ValidateJWTTokenResponse_claims(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__update_scope(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "ValidateJWTTokenResponse", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Map does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_AuthzScope_id(ctx, field) + case "name": + return ec.fieldContext_AuthzScope_name(ctx, field) + case "description": + return ec.fieldContext_AuthzScope_description(ctx, field) + case "created_at": + return ec.fieldContext_AuthzScope_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_AuthzScope_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuthzScope", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__update_scope_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _ValidateSessionResponse_is_valid(ctx context.Context, field graphql.CollectedField, obj *model.ValidateSessionResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_ValidateSessionResponse_is_valid(ctx, field) +func (ec *executionContext) _Mutation__delete_scope(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__delete_scope(ctx, field) if err != nil { return graphql.Null } @@ -14954,7 +15718,7 @@ func (ec *executionContext) _ValidateSessionResponse_is_valid(ctx context.Contex }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsValid, nil + return ec.resolvers.Mutation().DeleteScope(rctx, fc.Args["id"].(string)) }) if err != nil { ec.Error(ctx, err) @@ -14966,26 +15730,41 @@ func (ec *executionContext) _ValidateSessionResponse_is_valid(ctx context.Contex } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_ValidateSessionResponse_is_valid(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__delete_scope(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "ValidateSessionResponse", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") - }, - } - return fc, nil -} + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) + }, + } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__delete_scope_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } + return fc, nil +} -func (ec *executionContext) _ValidateSessionResponse_user(ctx context.Context, field graphql.CollectedField, obj *model.ValidateSessionResponse) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_ValidateSessionResponse_user(ctx, field) +func (ec *executionContext) _Mutation__add_policy(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__add_policy(ctx, field) if err != nil { return graphql.Null } @@ -14998,7 +15777,7 @@ func (ec *executionContext) _ValidateSessionResponse_user(ctx context.Context, f }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.User, nil + return ec.resolvers.Mutation().AddPolicy(rctx, fc.Args["params"].(model.AddPolicyInput)) }) if err != nil { ec.Error(ctx, err) @@ -15010,68 +15789,57 @@ func (ec *executionContext) _ValidateSessionResponse_user(ctx context.Context, f } return graphql.Null } - res := resTmp.(*model.User) + res := resTmp.(*model.AuthzPolicy) fc.Result = res - return ec.marshalNUser2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUser(ctx, field.Selections, res) + return ec.marshalNAuthzPolicy2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPolicy(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_ValidateSessionResponse_user(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__add_policy(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "ValidateSessionResponse", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "id": - return ec.fieldContext_User_id(ctx, field) - case "email": - return ec.fieldContext_User_email(ctx, field) - case "email_verified": - return ec.fieldContext_User_email_verified(ctx, field) - case "signup_methods": - return ec.fieldContext_User_signup_methods(ctx, field) - case "given_name": - return ec.fieldContext_User_given_name(ctx, field) - case "family_name": - return ec.fieldContext_User_family_name(ctx, field) - case "middle_name": - return ec.fieldContext_User_middle_name(ctx, field) - case "nickname": - return ec.fieldContext_User_nickname(ctx, field) - case "preferred_username": - return ec.fieldContext_User_preferred_username(ctx, field) - case "gender": - return ec.fieldContext_User_gender(ctx, field) - case "birthdate": - return ec.fieldContext_User_birthdate(ctx, field) - case "phone_number": - return ec.fieldContext_User_phone_number(ctx, field) - case "phone_number_verified": - return ec.fieldContext_User_phone_number_verified(ctx, field) - case "picture": - return ec.fieldContext_User_picture(ctx, field) - case "roles": - return ec.fieldContext_User_roles(ctx, field) + return ec.fieldContext_AuthzPolicy_id(ctx, field) + case "name": + return ec.fieldContext_AuthzPolicy_name(ctx, field) + case "description": + return ec.fieldContext_AuthzPolicy_description(ctx, field) + case "type": + return ec.fieldContext_AuthzPolicy_type(ctx, field) + case "logic": + return ec.fieldContext_AuthzPolicy_logic(ctx, field) + case "decision_strategy": + return ec.fieldContext_AuthzPolicy_decision_strategy(ctx, field) + case "targets": + return ec.fieldContext_AuthzPolicy_targets(ctx, field) case "created_at": - return ec.fieldContext_User_created_at(ctx, field) + return ec.fieldContext_AuthzPolicy_created_at(ctx, field) case "updated_at": - return ec.fieldContext_User_updated_at(ctx, field) - case "revoked_timestamp": - return ec.fieldContext_User_revoked_timestamp(ctx, field) - case "is_multi_factor_auth_enabled": - return ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field) - case "app_data": - return ec.fieldContext_User_app_data(ctx, field) + return ec.fieldContext_AuthzPolicy_updated_at(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type User", field.Name) + return nil, fmt.Errorf("no field named %q was found under type AuthzPolicy", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__add_policy_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _VerificationRequest_id(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VerificationRequest_id(ctx, field) +func (ec *executionContext) _Mutation__update_policy(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__update_policy(ctx, field) if err != nil { return graphql.Null } @@ -15084,7 +15852,7 @@ func (ec *executionContext) _VerificationRequest_id(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.ID, nil + return ec.resolvers.Mutation().UpdatePolicy(rctx, fc.Args["params"].(model.UpdatePolicyInput)) }) if err != nil { ec.Error(ctx, err) @@ -15096,26 +15864,57 @@ func (ec *executionContext) _VerificationRequest_id(ctx context.Context, field g } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*model.AuthzPolicy) fc.Result = res - return ec.marshalNID2string(ctx, field.Selections, res) + return ec.marshalNAuthzPolicy2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPolicy(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VerificationRequest_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__update_policy(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VerificationRequest", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type ID does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_AuthzPolicy_id(ctx, field) + case "name": + return ec.fieldContext_AuthzPolicy_name(ctx, field) + case "description": + return ec.fieldContext_AuthzPolicy_description(ctx, field) + case "type": + return ec.fieldContext_AuthzPolicy_type(ctx, field) + case "logic": + return ec.fieldContext_AuthzPolicy_logic(ctx, field) + case "decision_strategy": + return ec.fieldContext_AuthzPolicy_decision_strategy(ctx, field) + case "targets": + return ec.fieldContext_AuthzPolicy_targets(ctx, field) + case "created_at": + return ec.fieldContext_AuthzPolicy_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_AuthzPolicy_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuthzPolicy", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__update_policy_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _VerificationRequest_identifier(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VerificationRequest_identifier(ctx, field) +func (ec *executionContext) _Mutation__delete_policy(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__delete_policy(ctx, field) if err != nil { return graphql.Null } @@ -15128,35 +15927,53 @@ func (ec *executionContext) _VerificationRequest_identifier(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Identifier, nil + return ec.resolvers.Mutation().DeletePolicy(rctx, fc.Args["id"].(string)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VerificationRequest_identifier(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__delete_policy(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VerificationRequest", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__delete_policy_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _VerificationRequest_token(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VerificationRequest_token(ctx, field) +func (ec *executionContext) _Mutation__add_permission(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__add_permission(ctx, field) if err != nil { return graphql.Null } @@ -15169,35 +15986,69 @@ func (ec *executionContext) _VerificationRequest_token(ctx context.Context, fiel }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Token, nil + return ec.resolvers.Mutation().AddPermission(rctx, fc.Args["params"].(model.AddPermissionInput)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.AuthzPermission) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNAuthzPermission2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPermission(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VerificationRequest_token(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__add_permission(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VerificationRequest", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_AuthzPermission_id(ctx, field) + case "name": + return ec.fieldContext_AuthzPermission_name(ctx, field) + case "description": + return ec.fieldContext_AuthzPermission_description(ctx, field) + case "resource": + return ec.fieldContext_AuthzPermission_resource(ctx, field) + case "scopes": + return ec.fieldContext_AuthzPermission_scopes(ctx, field) + case "policies": + return ec.fieldContext_AuthzPermission_policies(ctx, field) + case "decision_strategy": + return ec.fieldContext_AuthzPermission_decision_strategy(ctx, field) + case "created_at": + return ec.fieldContext_AuthzPermission_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_AuthzPermission_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuthzPermission", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__add_permission_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _VerificationRequest_email(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VerificationRequest_email(ctx, field) +func (ec *executionContext) _Mutation__update_permission(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__update_permission(ctx, field) if err != nil { return graphql.Null } @@ -15210,35 +16061,69 @@ func (ec *executionContext) _VerificationRequest_email(ctx context.Context, fiel }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Email, nil + return ec.resolvers.Mutation().UpdatePermission(rctx, fc.Args["params"].(model.UpdatePermissionInput)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.AuthzPermission) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNAuthzPermission2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPermission(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VerificationRequest_email(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__update_permission(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VerificationRequest", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_AuthzPermission_id(ctx, field) + case "name": + return ec.fieldContext_AuthzPermission_name(ctx, field) + case "description": + return ec.fieldContext_AuthzPermission_description(ctx, field) + case "resource": + return ec.fieldContext_AuthzPermission_resource(ctx, field) + case "scopes": + return ec.fieldContext_AuthzPermission_scopes(ctx, field) + case "policies": + return ec.fieldContext_AuthzPermission_policies(ctx, field) + case "decision_strategy": + return ec.fieldContext_AuthzPermission_decision_strategy(ctx, field) + case "created_at": + return ec.fieldContext_AuthzPermission_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_AuthzPermission_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuthzPermission", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__update_permission_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _VerificationRequest_expires(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VerificationRequest_expires(ctx, field) +func (ec *executionContext) _Mutation__delete_permission(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation__delete_permission(ctx, field) if err != nil { return graphql.Null } @@ -15251,35 +16136,53 @@ func (ec *executionContext) _VerificationRequest_expires(ctx context.Context, fi }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Expires, nil + return ec.resolvers.Mutation().DeletePermission(rctx, fc.Args["id"].(string)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*int64) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VerificationRequest_expires(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation__delete_permission(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VerificationRequest", + Object: "Mutation", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Mutation__delete_permission_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _VerificationRequest_created_at(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VerificationRequest_created_at(ctx, field) +func (ec *executionContext) _Pagination_limit(ctx context.Context, field graphql.CollectedField, obj *model.Pagination) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Pagination_limit(ctx, field) if err != nil { return graphql.Null } @@ -15292,23 +16195,26 @@ func (ec *executionContext) _VerificationRequest_created_at(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.CreatedAt, nil + return obj.Limit, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*int64) + res := resTmp.(int64) fc.Result = res - return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) + return ec.marshalNInt642int64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VerificationRequest_created_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Pagination_limit(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VerificationRequest", + Object: "Pagination", Field: field, IsMethod: false, IsResolver: false, @@ -15319,8 +16225,8 @@ func (ec *executionContext) fieldContext_VerificationRequest_created_at(_ contex return fc, nil } -func (ec *executionContext) _VerificationRequest_updated_at(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VerificationRequest_updated_at(ctx, field) +func (ec *executionContext) _Pagination_page(ctx context.Context, field graphql.CollectedField, obj *model.Pagination) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Pagination_page(ctx, field) if err != nil { return graphql.Null } @@ -15333,23 +16239,26 @@ func (ec *executionContext) _VerificationRequest_updated_at(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.UpdatedAt, nil + return obj.Page, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*int64) + res := resTmp.(int64) fc.Result = res - return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) + return ec.marshalNInt642int64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VerificationRequest_updated_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Pagination_page(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VerificationRequest", + Object: "Pagination", Field: field, IsMethod: false, IsResolver: false, @@ -15360,8 +16269,8 @@ func (ec *executionContext) fieldContext_VerificationRequest_updated_at(_ contex return fc, nil } -func (ec *executionContext) _VerificationRequest_nonce(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VerificationRequest_nonce(ctx, field) +func (ec *executionContext) _Pagination_offset(ctx context.Context, field graphql.CollectedField, obj *model.Pagination) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Pagination_offset(ctx, field) if err != nil { return graphql.Null } @@ -15374,35 +16283,38 @@ func (ec *executionContext) _VerificationRequest_nonce(ctx context.Context, fiel }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Nonce, nil + return obj.Offset, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(int64) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNInt642int64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VerificationRequest_nonce(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Pagination_offset(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VerificationRequest", + Object: "Pagination", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) _VerificationRequest_redirect_uri(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VerificationRequest_redirect_uri(ctx, field) +func (ec *executionContext) _Pagination_total(ctx context.Context, field graphql.CollectedField, obj *model.Pagination) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Pagination_total(ctx, field) if err != nil { return graphql.Null } @@ -15415,35 +16327,38 @@ func (ec *executionContext) _VerificationRequest_redirect_uri(ctx context.Contex }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.RedirectURI, nil + return obj.Total, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(int64) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNInt642int64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VerificationRequest_redirect_uri(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Pagination_total(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VerificationRequest", + Object: "Pagination", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) _VerificationRequests_pagination(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequests) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VerificationRequests_pagination(ctx, field) +func (ec *executionContext) _Permission_resource(ctx context.Context, field graphql.CollectedField, obj *model.Permission) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Permission_resource(ctx, field) if err != nil { return graphql.Null } @@ -15456,7 +16371,7 @@ func (ec *executionContext) _VerificationRequests_pagination(ctx context.Context }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Pagination, nil + return obj.Resource, nil }) if err != nil { ec.Error(ctx, err) @@ -15468,36 +16383,26 @@ func (ec *executionContext) _VerificationRequests_pagination(ctx context.Context } return graphql.Null } - res := resTmp.(*model.Pagination) + res := resTmp.(string) fc.Result = res - return ec.marshalNPagination2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPagination(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VerificationRequests_pagination(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Permission_resource(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VerificationRequests", + Object: "Permission", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "limit": - return ec.fieldContext_Pagination_limit(ctx, field) - case "page": - return ec.fieldContext_Pagination_page(ctx, field) - case "offset": - return ec.fieldContext_Pagination_offset(ctx, field) - case "total": - return ec.fieldContext_Pagination_total(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type Pagination", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _VerificationRequests_verification_requests(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequests) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VerificationRequests_verification_requests(ctx, field) +func (ec *executionContext) _Permission_scope(ctx context.Context, field graphql.CollectedField, obj *model.Permission) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Permission_scope(ctx, field) if err != nil { return graphql.Null } @@ -15510,7 +16415,7 @@ func (ec *executionContext) _VerificationRequests_verification_requests(ctx cont }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.VerificationRequests, nil + return obj.Scope, nil }) if err != nil { ec.Error(ctx, err) @@ -15522,46 +16427,26 @@ func (ec *executionContext) _VerificationRequests_verification_requests(ctx cont } return graphql.Null } - res := resTmp.([]*model.VerificationRequest) + res := resTmp.(string) fc.Result = res - return ec.marshalNVerificationRequest2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐVerificationRequestᚄ(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VerificationRequests_verification_requests(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Permission_scope(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VerificationRequests", + Object: "Permission", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "id": - return ec.fieldContext_VerificationRequest_id(ctx, field) - case "identifier": - return ec.fieldContext_VerificationRequest_identifier(ctx, field) - case "token": - return ec.fieldContext_VerificationRequest_token(ctx, field) - case "email": - return ec.fieldContext_VerificationRequest_email(ctx, field) - case "expires": - return ec.fieldContext_VerificationRequest_expires(ctx, field) - case "created_at": - return ec.fieldContext_VerificationRequest_created_at(ctx, field) - case "updated_at": - return ec.fieldContext_VerificationRequest_updated_at(ctx, field) - case "nonce": - return ec.fieldContext_VerificationRequest_nonce(ctx, field) - case "redirect_uri": - return ec.fieldContext_VerificationRequest_redirect_uri(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type VerificationRequest", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) _Webhook_id(ctx context.Context, field graphql.CollectedField, obj *model.Webhook) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Webhook_id(ctx, field) +func (ec *executionContext) _Query_meta(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query_meta(ctx, field) if err != nil { return graphql.Null } @@ -15574,7 +16459,7 @@ func (ec *executionContext) _Webhook_id(ctx context.Context, field graphql.Colle }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.ID, nil + return ec.resolvers.Query().Meta(rctx) }) if err != nil { ec.Error(ctx, err) @@ -15586,26 +16471,68 @@ func (ec *executionContext) _Webhook_id(ctx context.Context, field graphql.Colle } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*model.Meta) fc.Result = res - return ec.marshalNID2string(ctx, field.Selections, res) + return ec.marshalNMeta2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐMeta(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Webhook_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query_meta(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Webhook", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type ID does not have child fields") + switch field.Name { + case "version": + return ec.fieldContext_Meta_version(ctx, field) + case "client_id": + return ec.fieldContext_Meta_client_id(ctx, field) + case "is_google_login_enabled": + return ec.fieldContext_Meta_is_google_login_enabled(ctx, field) + case "is_facebook_login_enabled": + return ec.fieldContext_Meta_is_facebook_login_enabled(ctx, field) + case "is_github_login_enabled": + return ec.fieldContext_Meta_is_github_login_enabled(ctx, field) + case "is_linkedin_login_enabled": + return ec.fieldContext_Meta_is_linkedin_login_enabled(ctx, field) + case "is_apple_login_enabled": + return ec.fieldContext_Meta_is_apple_login_enabled(ctx, field) + case "is_discord_login_enabled": + return ec.fieldContext_Meta_is_discord_login_enabled(ctx, field) + case "is_twitter_login_enabled": + return ec.fieldContext_Meta_is_twitter_login_enabled(ctx, field) + case "is_microsoft_login_enabled": + return ec.fieldContext_Meta_is_microsoft_login_enabled(ctx, field) + case "is_twitch_login_enabled": + return ec.fieldContext_Meta_is_twitch_login_enabled(ctx, field) + case "is_roblox_login_enabled": + return ec.fieldContext_Meta_is_roblox_login_enabled(ctx, field) + case "is_email_verification_enabled": + return ec.fieldContext_Meta_is_email_verification_enabled(ctx, field) + case "is_basic_authentication_enabled": + return ec.fieldContext_Meta_is_basic_authentication_enabled(ctx, field) + case "is_magic_link_login_enabled": + return ec.fieldContext_Meta_is_magic_link_login_enabled(ctx, field) + case "is_sign_up_enabled": + return ec.fieldContext_Meta_is_sign_up_enabled(ctx, field) + case "is_strong_password_enabled": + return ec.fieldContext_Meta_is_strong_password_enabled(ctx, field) + case "is_multi_factor_auth_enabled": + return ec.fieldContext_Meta_is_multi_factor_auth_enabled(ctx, field) + case "is_mobile_basic_authentication_enabled": + return ec.fieldContext_Meta_is_mobile_basic_authentication_enabled(ctx, field) + case "is_phone_verification_enabled": + return ec.fieldContext_Meta_is_phone_verification_enabled(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Meta", field.Name) }, } return fc, nil } -func (ec *executionContext) _Webhook_event_name(ctx context.Context, field graphql.CollectedField, obj *model.Webhook) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Webhook_event_name(ctx, field) +func (ec *executionContext) _Query_session(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query_session(ctx, field) if err != nil { return graphql.Null } @@ -15618,35 +16545,75 @@ func (ec *executionContext) _Webhook_event_name(ctx context.Context, field graph }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.EventName, nil + return ec.resolvers.Query().Session(rctx, fc.Args["params"].(*model.SessionQueryRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.AuthResponse) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNAuthResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Webhook_event_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query_session(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Webhook", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_AuthResponse_message(ctx, field) + case "should_show_email_otp_screen": + return ec.fieldContext_AuthResponse_should_show_email_otp_screen(ctx, field) + case "should_show_mobile_otp_screen": + return ec.fieldContext_AuthResponse_should_show_mobile_otp_screen(ctx, field) + case "should_show_totp_screen": + return ec.fieldContext_AuthResponse_should_show_totp_screen(ctx, field) + case "access_token": + return ec.fieldContext_AuthResponse_access_token(ctx, field) + case "id_token": + return ec.fieldContext_AuthResponse_id_token(ctx, field) + case "refresh_token": + return ec.fieldContext_AuthResponse_refresh_token(ctx, field) + case "expires_in": + return ec.fieldContext_AuthResponse_expires_in(ctx, field) + case "user": + return ec.fieldContext_AuthResponse_user(ctx, field) + case "authenticator_scanner_image": + return ec.fieldContext_AuthResponse_authenticator_scanner_image(ctx, field) + case "authenticator_secret": + return ec.fieldContext_AuthResponse_authenticator_secret(ctx, field) + case "authenticator_recovery_codes": + return ec.fieldContext_AuthResponse_authenticator_recovery_codes(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuthResponse", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query_session_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _Webhook_event_description(ctx context.Context, field graphql.CollectedField, obj *model.Webhook) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Webhook_event_description(ctx, field) +func (ec *executionContext) _Query_profile(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query_profile(ctx, field) if err != nil { return graphql.Null } @@ -15659,35 +16626,80 @@ func (ec *executionContext) _Webhook_event_description(ctx context.Context, fiel }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.EventDescription, nil + return ec.resolvers.Query().Profile(rctx) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.User) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNUser2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUser(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Webhook_event_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query_profile(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Webhook", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_User_id(ctx, field) + case "email": + return ec.fieldContext_User_email(ctx, field) + case "email_verified": + return ec.fieldContext_User_email_verified(ctx, field) + case "signup_methods": + return ec.fieldContext_User_signup_methods(ctx, field) + case "given_name": + return ec.fieldContext_User_given_name(ctx, field) + case "family_name": + return ec.fieldContext_User_family_name(ctx, field) + case "middle_name": + return ec.fieldContext_User_middle_name(ctx, field) + case "nickname": + return ec.fieldContext_User_nickname(ctx, field) + case "preferred_username": + return ec.fieldContext_User_preferred_username(ctx, field) + case "gender": + return ec.fieldContext_User_gender(ctx, field) + case "birthdate": + return ec.fieldContext_User_birthdate(ctx, field) + case "phone_number": + return ec.fieldContext_User_phone_number(ctx, field) + case "phone_number_verified": + return ec.fieldContext_User_phone_number_verified(ctx, field) + case "picture": + return ec.fieldContext_User_picture(ctx, field) + case "roles": + return ec.fieldContext_User_roles(ctx, field) + case "created_at": + return ec.fieldContext_User_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_User_updated_at(ctx, field) + case "revoked_timestamp": + return ec.fieldContext_User_revoked_timestamp(ctx, field) + case "is_multi_factor_auth_enabled": + return ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field) + case "app_data": + return ec.fieldContext_User_app_data(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type User", field.Name) }, } return fc, nil } -func (ec *executionContext) _Webhook_endpoint(ctx context.Context, field graphql.CollectedField, obj *model.Webhook) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Webhook_endpoint(ctx, field) +func (ec *executionContext) _Query_validate_jwt_token(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query_validate_jwt_token(ctx, field) if err != nil { return graphql.Null } @@ -15700,35 +16712,55 @@ func (ec *executionContext) _Webhook_endpoint(ctx context.Context, field graphql }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Endpoint, nil + return ec.resolvers.Query().ValidateJwtToken(rctx, fc.Args["params"].(model.ValidateJWTTokenRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.ValidateJWTTokenResponse) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNValidateJWTTokenResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐValidateJWTTokenResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Webhook_endpoint(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query_validate_jwt_token(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Webhook", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "is_valid": + return ec.fieldContext_ValidateJWTTokenResponse_is_valid(ctx, field) + case "claims": + return ec.fieldContext_ValidateJWTTokenResponse_claims(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type ValidateJWTTokenResponse", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query_validate_jwt_token_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _Webhook_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Webhook) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Webhook_enabled(ctx, field) +func (ec *executionContext) _Query_validate_session(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query_validate_session(ctx, field) if err != nil { return graphql.Null } @@ -15741,35 +16773,55 @@ func (ec *executionContext) _Webhook_enabled(ctx context.Context, field graphql. }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Enabled, nil + return ec.resolvers.Query().ValidateSession(rctx, fc.Args["params"].(*model.ValidateSessionRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*bool) + res := resTmp.(*model.ValidateSessionResponse) fc.Result = res - return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res) + return ec.marshalNValidateSessionResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐValidateSessionResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Webhook_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query_validate_session(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Webhook", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + switch field.Name { + case "is_valid": + return ec.fieldContext_ValidateSessionResponse_is_valid(ctx, field) + case "user": + return ec.fieldContext_ValidateSessionResponse_user(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type ValidateSessionResponse", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query_validate_session_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _Webhook_headers(ctx context.Context, field graphql.CollectedField, obj *model.Webhook) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Webhook_headers(ctx, field) +func (ec *executionContext) _Query__users(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query__users(ctx, field) if err != nil { return graphql.Null } @@ -15782,35 +16834,55 @@ func (ec *executionContext) _Webhook_headers(ctx context.Context, field graphql. }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Headers, nil + return ec.resolvers.Query().Users(rctx, fc.Args["params"].(*model.PaginatedRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(map[string]any) + res := resTmp.(*model.Users) fc.Result = res - return ec.marshalOMap2map(ctx, field.Selections, res) + return ec.marshalNUsers2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUsers(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Webhook_headers(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query__users(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Webhook", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Map does not have child fields") + switch field.Name { + case "pagination": + return ec.fieldContext_Users_pagination(ctx, field) + case "users": + return ec.fieldContext_Users_users(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Users", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query__users_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _Webhook_created_at(ctx context.Context, field graphql.CollectedField, obj *model.Webhook) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Webhook_created_at(ctx, field) +func (ec *executionContext) _Query__user(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query__user(ctx, field) if err != nil { return graphql.Null } @@ -15823,35 +16895,91 @@ func (ec *executionContext) _Webhook_created_at(ctx context.Context, field graph }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.CreatedAt, nil + return ec.resolvers.Query().User(rctx, fc.Args["params"].(model.GetUserRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*int64) + res := resTmp.(*model.User) fc.Result = res - return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) + return ec.marshalNUser2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUser(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Webhook_created_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query__user(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Webhook", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_User_id(ctx, field) + case "email": + return ec.fieldContext_User_email(ctx, field) + case "email_verified": + return ec.fieldContext_User_email_verified(ctx, field) + case "signup_methods": + return ec.fieldContext_User_signup_methods(ctx, field) + case "given_name": + return ec.fieldContext_User_given_name(ctx, field) + case "family_name": + return ec.fieldContext_User_family_name(ctx, field) + case "middle_name": + return ec.fieldContext_User_middle_name(ctx, field) + case "nickname": + return ec.fieldContext_User_nickname(ctx, field) + case "preferred_username": + return ec.fieldContext_User_preferred_username(ctx, field) + case "gender": + return ec.fieldContext_User_gender(ctx, field) + case "birthdate": + return ec.fieldContext_User_birthdate(ctx, field) + case "phone_number": + return ec.fieldContext_User_phone_number(ctx, field) + case "phone_number_verified": + return ec.fieldContext_User_phone_number_verified(ctx, field) + case "picture": + return ec.fieldContext_User_picture(ctx, field) + case "roles": + return ec.fieldContext_User_roles(ctx, field) + case "created_at": + return ec.fieldContext_User_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_User_updated_at(ctx, field) + case "revoked_timestamp": + return ec.fieldContext_User_revoked_timestamp(ctx, field) + case "is_multi_factor_auth_enabled": + return ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field) + case "app_data": + return ec.fieldContext_User_app_data(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type User", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query__user_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _Webhook_updated_at(ctx context.Context, field graphql.CollectedField, obj *model.Webhook) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Webhook_updated_at(ctx, field) +func (ec *executionContext) _Query__verification_requests(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query__verification_requests(ctx, field) if err != nil { return graphql.Null } @@ -15864,35 +16992,55 @@ func (ec *executionContext) _Webhook_updated_at(ctx context.Context, field graph }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.UpdatedAt, nil + return ec.resolvers.Query().VerificationRequests(rctx, fc.Args["params"].(*model.PaginatedRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*int64) + res := resTmp.(*model.VerificationRequests) fc.Result = res - return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) + return ec.marshalNVerificationRequests2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐVerificationRequests(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Webhook_updated_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query__verification_requests(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Webhook", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + switch field.Name { + case "pagination": + return ec.fieldContext_VerificationRequests_pagination(ctx, field) + case "verification_requests": + return ec.fieldContext_VerificationRequests_verification_requests(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type VerificationRequests", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query__verification_requests_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _WebhookLog_id(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_WebhookLog_id(ctx, field) +func (ec *executionContext) _Query__admin_session(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query__admin_session(ctx, field) if err != nil { return graphql.Null } @@ -15905,7 +17053,7 @@ func (ec *executionContext) _WebhookLog_id(ctx context.Context, field graphql.Co }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.ID, nil + return ec.resolvers.Query().AdminSession(rctx) }) if err != nil { ec.Error(ctx, err) @@ -15917,26 +17065,30 @@ func (ec *executionContext) _WebhookLog_id(ctx context.Context, field graphql.Co } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*model.Response) fc.Result = res - return ec.marshalNID2string(ctx, field.Selections, res) + return ec.marshalNResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResponse(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_WebhookLog_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query__admin_session(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "WebhookLog", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type ID does not have child fields") + switch field.Name { + case "message": + return ec.fieldContext_Response_message(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Response", field.Name) }, } return fc, nil } -func (ec *executionContext) _WebhookLog_http_status(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_WebhookLog_http_status(ctx, field) +func (ec *executionContext) _Query__env(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query__env(ctx, field) if err != nil { return graphql.Null } @@ -15949,35 +17101,182 @@ func (ec *executionContext) _WebhookLog_http_status(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.HTTPStatus, nil + return ec.resolvers.Query().Env(rctx) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*int64) + res := resTmp.(*model.Env) fc.Result = res - return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) + return ec.marshalNEnv2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐEnv(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_WebhookLog_http_status(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query__env(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "WebhookLog", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + switch field.Name { + case "ACCESS_TOKEN_EXPIRY_TIME": + return ec.fieldContext_Env_ACCESS_TOKEN_EXPIRY_TIME(ctx, field) + case "ADMIN_SECRET": + return ec.fieldContext_Env_ADMIN_SECRET(ctx, field) + case "DATABASE_NAME": + return ec.fieldContext_Env_DATABASE_NAME(ctx, field) + case "DATABASE_URL": + return ec.fieldContext_Env_DATABASE_URL(ctx, field) + case "DATABASE_TYPE": + return ec.fieldContext_Env_DATABASE_TYPE(ctx, field) + case "DATABASE_USERNAME": + return ec.fieldContext_Env_DATABASE_USERNAME(ctx, field) + case "DATABASE_PASSWORD": + return ec.fieldContext_Env_DATABASE_PASSWORD(ctx, field) + case "DATABASE_HOST": + return ec.fieldContext_Env_DATABASE_HOST(ctx, field) + case "DATABASE_PORT": + return ec.fieldContext_Env_DATABASE_PORT(ctx, field) + case "CLIENT_ID": + return ec.fieldContext_Env_CLIENT_ID(ctx, field) + case "CLIENT_SECRET": + return ec.fieldContext_Env_CLIENT_SECRET(ctx, field) + case "CUSTOM_ACCESS_TOKEN_SCRIPT": + return ec.fieldContext_Env_CUSTOM_ACCESS_TOKEN_SCRIPT(ctx, field) + case "SMTP_HOST": + return ec.fieldContext_Env_SMTP_HOST(ctx, field) + case "SMTP_PORT": + return ec.fieldContext_Env_SMTP_PORT(ctx, field) + case "SMTP_USERNAME": + return ec.fieldContext_Env_SMTP_USERNAME(ctx, field) + case "SMTP_PASSWORD": + return ec.fieldContext_Env_SMTP_PASSWORD(ctx, field) + case "SMTP_LOCAL_NAME": + return ec.fieldContext_Env_SMTP_LOCAL_NAME(ctx, field) + case "SENDER_EMAIL": + return ec.fieldContext_Env_SENDER_EMAIL(ctx, field) + case "SENDER_NAME": + return ec.fieldContext_Env_SENDER_NAME(ctx, field) + case "JWT_TYPE": + return ec.fieldContext_Env_JWT_TYPE(ctx, field) + case "JWT_SECRET": + return ec.fieldContext_Env_JWT_SECRET(ctx, field) + case "JWT_PRIVATE_KEY": + return ec.fieldContext_Env_JWT_PRIVATE_KEY(ctx, field) + case "JWT_PUBLIC_KEY": + return ec.fieldContext_Env_JWT_PUBLIC_KEY(ctx, field) + case "ALLOWED_ORIGINS": + return ec.fieldContext_Env_ALLOWED_ORIGINS(ctx, field) + case "APP_URL": + return ec.fieldContext_Env_APP_URL(ctx, field) + case "REDIS_URL": + return ec.fieldContext_Env_REDIS_URL(ctx, field) + case "RESET_PASSWORD_URL": + return ec.fieldContext_Env_RESET_PASSWORD_URL(ctx, field) + case "DISABLE_EMAIL_VERIFICATION": + return ec.fieldContext_Env_DISABLE_EMAIL_VERIFICATION(ctx, field) + case "DISABLE_BASIC_AUTHENTICATION": + return ec.fieldContext_Env_DISABLE_BASIC_AUTHENTICATION(ctx, field) + case "DISABLE_MOBILE_BASIC_AUTHENTICATION": + return ec.fieldContext_Env_DISABLE_MOBILE_BASIC_AUTHENTICATION(ctx, field) + case "DISABLE_MAGIC_LINK_LOGIN": + return ec.fieldContext_Env_DISABLE_MAGIC_LINK_LOGIN(ctx, field) + case "DISABLE_LOGIN_PAGE": + return ec.fieldContext_Env_DISABLE_LOGIN_PAGE(ctx, field) + case "DISABLE_SIGN_UP": + return ec.fieldContext_Env_DISABLE_SIGN_UP(ctx, field) + case "DISABLE_REDIS_FOR_ENV": + return ec.fieldContext_Env_DISABLE_REDIS_FOR_ENV(ctx, field) + case "DISABLE_STRONG_PASSWORD": + return ec.fieldContext_Env_DISABLE_STRONG_PASSWORD(ctx, field) + case "DISABLE_MULTI_FACTOR_AUTHENTICATION": + return ec.fieldContext_Env_DISABLE_MULTI_FACTOR_AUTHENTICATION(ctx, field) + case "ENFORCE_MULTI_FACTOR_AUTHENTICATION": + return ec.fieldContext_Env_ENFORCE_MULTI_FACTOR_AUTHENTICATION(ctx, field) + case "ROLES": + return ec.fieldContext_Env_ROLES(ctx, field) + case "PROTECTED_ROLES": + return ec.fieldContext_Env_PROTECTED_ROLES(ctx, field) + case "DEFAULT_ROLES": + return ec.fieldContext_Env_DEFAULT_ROLES(ctx, field) + case "JWT_ROLE_CLAIM": + return ec.fieldContext_Env_JWT_ROLE_CLAIM(ctx, field) + case "GOOGLE_CLIENT_ID": + return ec.fieldContext_Env_GOOGLE_CLIENT_ID(ctx, field) + case "GOOGLE_CLIENT_SECRET": + return ec.fieldContext_Env_GOOGLE_CLIENT_SECRET(ctx, field) + case "GITHUB_CLIENT_ID": + return ec.fieldContext_Env_GITHUB_CLIENT_ID(ctx, field) + case "GITHUB_CLIENT_SECRET": + return ec.fieldContext_Env_GITHUB_CLIENT_SECRET(ctx, field) + case "FACEBOOK_CLIENT_ID": + return ec.fieldContext_Env_FACEBOOK_CLIENT_ID(ctx, field) + case "FACEBOOK_CLIENT_SECRET": + return ec.fieldContext_Env_FACEBOOK_CLIENT_SECRET(ctx, field) + case "LINKEDIN_CLIENT_ID": + return ec.fieldContext_Env_LINKEDIN_CLIENT_ID(ctx, field) + case "LINKEDIN_CLIENT_SECRET": + return ec.fieldContext_Env_LINKEDIN_CLIENT_SECRET(ctx, field) + case "APPLE_CLIENT_ID": + return ec.fieldContext_Env_APPLE_CLIENT_ID(ctx, field) + case "APPLE_CLIENT_SECRET": + return ec.fieldContext_Env_APPLE_CLIENT_SECRET(ctx, field) + case "DISCORD_CLIENT_ID": + return ec.fieldContext_Env_DISCORD_CLIENT_ID(ctx, field) + case "DISCORD_CLIENT_SECRET": + return ec.fieldContext_Env_DISCORD_CLIENT_SECRET(ctx, field) + case "TWITTER_CLIENT_ID": + return ec.fieldContext_Env_TWITTER_CLIENT_ID(ctx, field) + case "TWITTER_CLIENT_SECRET": + return ec.fieldContext_Env_TWITTER_CLIENT_SECRET(ctx, field) + case "MICROSOFT_CLIENT_ID": + return ec.fieldContext_Env_MICROSOFT_CLIENT_ID(ctx, field) + case "MICROSOFT_CLIENT_SECRET": + return ec.fieldContext_Env_MICROSOFT_CLIENT_SECRET(ctx, field) + case "MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID": + return ec.fieldContext_Env_MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID(ctx, field) + case "TWITCH_CLIENT_ID": + return ec.fieldContext_Env_TWITCH_CLIENT_ID(ctx, field) + case "TWITCH_CLIENT_SECRET": + return ec.fieldContext_Env_TWITCH_CLIENT_SECRET(ctx, field) + case "ROBLOX_CLIENT_ID": + return ec.fieldContext_Env_ROBLOX_CLIENT_ID(ctx, field) + case "ROBLOX_CLIENT_SECRET": + return ec.fieldContext_Env_ROBLOX_CLIENT_SECRET(ctx, field) + case "ORGANIZATION_NAME": + return ec.fieldContext_Env_ORGANIZATION_NAME(ctx, field) + case "ORGANIZATION_LOGO": + return ec.fieldContext_Env_ORGANIZATION_LOGO(ctx, field) + case "APP_COOKIE_SECURE": + return ec.fieldContext_Env_APP_COOKIE_SECURE(ctx, field) + case "ADMIN_COOKIE_SECURE": + return ec.fieldContext_Env_ADMIN_COOKIE_SECURE(ctx, field) + case "DEFAULT_AUTHORIZE_RESPONSE_TYPE": + return ec.fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(ctx, field) + case "DEFAULT_AUTHORIZE_RESPONSE_MODE": + return ec.fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(ctx, field) + case "DISABLE_PLAYGROUND": + return ec.fieldContext_Env_DISABLE_PLAYGROUND(ctx, field) + case "DISABLE_MAIL_OTP_LOGIN": + return ec.fieldContext_Env_DISABLE_MAIL_OTP_LOGIN(ctx, field) + case "DISABLE_TOTP_LOGIN": + return ec.fieldContext_Env_DISABLE_TOTP_LOGIN(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Env", field.Name) }, } return fc, nil } -func (ec *executionContext) _WebhookLog_response(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_WebhookLog_response(ctx, field) +func (ec *executionContext) _Query__webhook(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query__webhook(ctx, field) if err != nil { return graphql.Null } @@ -15990,35 +17289,67 @@ func (ec *executionContext) _WebhookLog_response(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Response, nil + return ec.resolvers.Query().Webhook(rctx, fc.Args["params"].(model.WebhookRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.Webhook) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNWebhook2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐWebhook(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_WebhookLog_response(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query__webhook(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "WebhookLog", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_Webhook_id(ctx, field) + case "event_name": + return ec.fieldContext_Webhook_event_name(ctx, field) + case "event_description": + return ec.fieldContext_Webhook_event_description(ctx, field) + case "endpoint": + return ec.fieldContext_Webhook_endpoint(ctx, field) + case "enabled": + return ec.fieldContext_Webhook_enabled(ctx, field) + case "headers": + return ec.fieldContext_Webhook_headers(ctx, field) + case "created_at": + return ec.fieldContext_Webhook_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_Webhook_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Webhook", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query__webhook_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _WebhookLog_request(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_WebhookLog_request(ctx, field) +func (ec *executionContext) _Query__webhooks(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query__webhooks(ctx, field) if err != nil { return graphql.Null } @@ -16031,35 +17362,55 @@ func (ec *executionContext) _WebhookLog_request(ctx context.Context, field graph }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Request, nil + return ec.resolvers.Query().Webhooks(rctx, fc.Args["params"].(*model.PaginatedRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.Webhooks) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNWebhooks2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐWebhooks(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_WebhookLog_request(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query__webhooks(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "WebhookLog", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "pagination": + return ec.fieldContext_Webhooks_pagination(ctx, field) + case "webhooks": + return ec.fieldContext_Webhooks_webhooks(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Webhooks", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query__webhooks_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _WebhookLog_webhook_id(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_WebhookLog_webhook_id(ctx, field) +func (ec *executionContext) _Query__webhook_logs(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query__webhook_logs(ctx, field) if err != nil { return graphql.Null } @@ -16072,35 +17423,55 @@ func (ec *executionContext) _WebhookLog_webhook_id(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.WebhookID, nil + return ec.resolvers.Query().WebhookLogs(rctx, fc.Args["params"].(*model.ListWebhookLogRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.WebhookLogs) fc.Result = res - return ec.marshalOID2ᚖstring(ctx, field.Selections, res) + return ec.marshalNWebhookLogs2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐWebhookLogs(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_WebhookLog_webhook_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query__webhook_logs(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "WebhookLog", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type ID does not have child fields") + switch field.Name { + case "pagination": + return ec.fieldContext_WebhookLogs_pagination(ctx, field) + case "webhook_logs": + return ec.fieldContext_WebhookLogs_webhook_logs(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type WebhookLogs", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query__webhook_logs_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _WebhookLog_created_at(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_WebhookLog_created_at(ctx, field) +func (ec *executionContext) _Query__email_templates(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query__email_templates(ctx, field) if err != nil { return graphql.Null } @@ -16113,35 +17484,55 @@ func (ec *executionContext) _WebhookLog_created_at(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.CreatedAt, nil + return ec.resolvers.Query().EmailTemplates(rctx, fc.Args["params"].(*model.PaginatedRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*int64) + res := resTmp.(*model.EmailTemplates) fc.Result = res - return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) + return ec.marshalNEmailTemplates2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐEmailTemplates(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_WebhookLog_created_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query__email_templates(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "WebhookLog", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + switch field.Name { + case "pagination": + return ec.fieldContext_EmailTemplates_pagination(ctx, field) + case "email_templates": + return ec.fieldContext_EmailTemplates_email_templates(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type EmailTemplates", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query__email_templates_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _WebhookLog_updated_at(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLog) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_WebhookLog_updated_at(ctx, field) +func (ec *executionContext) _Query__audit_logs(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query__audit_logs(ctx, field) if err != nil { return graphql.Null } @@ -16154,35 +17545,55 @@ func (ec *executionContext) _WebhookLog_updated_at(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.UpdatedAt, nil + return ec.resolvers.Query().AuditLogs(rctx, fc.Args["params"].(*model.ListAuditLogRequest)) }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*int64) + res := resTmp.(*model.AuditLogs) fc.Result = res - return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) + return ec.marshalNAuditLogs2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuditLogs(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_WebhookLog_updated_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query__audit_logs(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "WebhookLog", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int64 does not have child fields") + switch field.Name { + case "pagination": + return ec.fieldContext_AuditLogs_pagination(ctx, field) + case "audit_logs": + return ec.fieldContext_AuditLogs_audit_logs(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type AuditLogs", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query__audit_logs_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _WebhookLogs_pagination(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLogs) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_WebhookLogs_pagination(ctx, field) +func (ec *executionContext) _Query__resources(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query__resources(ctx, field) if err != nil { return graphql.Null } @@ -16195,7 +17606,7 @@ func (ec *executionContext) _WebhookLogs_pagination(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Pagination, nil + return ec.resolvers.Query().Resources(rctx, fc.Args["params"].(*model.PaginatedRequest)) }) if err != nil { ec.Error(ctx, err) @@ -16207,36 +17618,43 @@ func (ec *executionContext) _WebhookLogs_pagination(ctx context.Context, field g } return graphql.Null } - res := resTmp.(*model.Pagination) + res := resTmp.(*model.AuthzResources) fc.Result = res - return ec.marshalNPagination2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPagination(ctx, field.Selections, res) + return ec.marshalNAuthzResources2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzResources(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_WebhookLogs_pagination(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query__resources(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "WebhookLogs", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "limit": - return ec.fieldContext_Pagination_limit(ctx, field) - case "page": - return ec.fieldContext_Pagination_page(ctx, field) - case "offset": - return ec.fieldContext_Pagination_offset(ctx, field) - case "total": - return ec.fieldContext_Pagination_total(ctx, field) + case "pagination": + return ec.fieldContext_AuthzResources_pagination(ctx, field) + case "resources": + return ec.fieldContext_AuthzResources_resources(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type Pagination", field.Name) + return nil, fmt.Errorf("no field named %q was found under type AuthzResources", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query__resources_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _WebhookLogs_webhook_logs(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLogs) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_WebhookLogs_webhook_logs(ctx, field) +func (ec *executionContext) _Query__scopes(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query__scopes(ctx, field) if err != nil { return graphql.Null } @@ -16249,7 +17667,7 @@ func (ec *executionContext) _WebhookLogs_webhook_logs(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.WebhookLogs, nil + return ec.resolvers.Query().Scopes(rctx, fc.Args["params"].(*model.PaginatedRequest)) }) if err != nil { ec.Error(ctx, err) @@ -16261,42 +17679,43 @@ func (ec *executionContext) _WebhookLogs_webhook_logs(ctx context.Context, field } return graphql.Null } - res := resTmp.([]*model.WebhookLog) + res := resTmp.(*model.AuthzScopes) fc.Result = res - return ec.marshalNWebhookLog2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐWebhookLogᚄ(ctx, field.Selections, res) + return ec.marshalNAuthzScopes2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzScopes(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_WebhookLogs_webhook_logs(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query__scopes(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "WebhookLogs", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "id": - return ec.fieldContext_WebhookLog_id(ctx, field) - case "http_status": - return ec.fieldContext_WebhookLog_http_status(ctx, field) - case "response": - return ec.fieldContext_WebhookLog_response(ctx, field) - case "request": - return ec.fieldContext_WebhookLog_request(ctx, field) - case "webhook_id": - return ec.fieldContext_WebhookLog_webhook_id(ctx, field) - case "created_at": - return ec.fieldContext_WebhookLog_created_at(ctx, field) - case "updated_at": - return ec.fieldContext_WebhookLog_updated_at(ctx, field) + case "pagination": + return ec.fieldContext_AuthzScopes_pagination(ctx, field) + case "scopes": + return ec.fieldContext_AuthzScopes_scopes(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type WebhookLog", field.Name) + return nil, fmt.Errorf("no field named %q was found under type AuthzScopes", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query__scopes_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _Webhooks_pagination(ctx context.Context, field graphql.CollectedField, obj *model.Webhooks) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Webhooks_pagination(ctx, field) +func (ec *executionContext) _Query__policies(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query__policies(ctx, field) if err != nil { return graphql.Null } @@ -16309,7 +17728,7 @@ func (ec *executionContext) _Webhooks_pagination(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Pagination, nil + return ec.resolvers.Query().Policies(rctx, fc.Args["params"].(*model.PaginatedRequest)) }) if err != nil { ec.Error(ctx, err) @@ -16321,36 +17740,43 @@ func (ec *executionContext) _Webhooks_pagination(ctx context.Context, field grap } return graphql.Null } - res := resTmp.(*model.Pagination) + res := resTmp.(*model.AuthzPolicies) fc.Result = res - return ec.marshalNPagination2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPagination(ctx, field.Selections, res) + return ec.marshalNAuthzPolicies2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPolicies(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Webhooks_pagination(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query__policies(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Webhooks", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "limit": - return ec.fieldContext_Pagination_limit(ctx, field) - case "page": - return ec.fieldContext_Pagination_page(ctx, field) - case "offset": - return ec.fieldContext_Pagination_offset(ctx, field) - case "total": - return ec.fieldContext_Pagination_total(ctx, field) + case "pagination": + return ec.fieldContext_AuthzPolicies_pagination(ctx, field) + case "policies": + return ec.fieldContext_AuthzPolicies_policies(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type Pagination", field.Name) + return nil, fmt.Errorf("no field named %q was found under type AuthzPolicies", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query__policies_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) _Webhooks_webhooks(ctx context.Context, field graphql.CollectedField, obj *model.Webhooks) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Webhooks_webhooks(ctx, field) +func (ec *executionContext) _Query__permissions(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query__permissions(ctx, field) if err != nil { return graphql.Null } @@ -16363,7 +17789,7 @@ func (ec *executionContext) _Webhooks_webhooks(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Webhooks, nil + return ec.resolvers.Query().Permissions(rctx, fc.Args["params"].(*model.PaginatedRequest)) }) if err != nil { ec.Error(ctx, err) @@ -16375,44 +17801,43 @@ func (ec *executionContext) _Webhooks_webhooks(ctx context.Context, field graphq } return graphql.Null } - res := resTmp.([]*model.Webhook) + res := resTmp.(*model.AuthzPermissions) fc.Result = res - return ec.marshalNWebhook2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐWebhookᚄ(ctx, field.Selections, res) + return ec.marshalNAuthzPermissions2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPermissions(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Webhooks_webhooks(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query__permissions(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "Webhooks", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "id": - return ec.fieldContext_Webhook_id(ctx, field) - case "event_name": - return ec.fieldContext_Webhook_event_name(ctx, field) - case "event_description": - return ec.fieldContext_Webhook_event_description(ctx, field) - case "endpoint": - return ec.fieldContext_Webhook_endpoint(ctx, field) - case "enabled": - return ec.fieldContext_Webhook_enabled(ctx, field) - case "headers": - return ec.fieldContext_Webhook_headers(ctx, field) - case "created_at": - return ec.fieldContext_Webhook_created_at(ctx, field) - case "updated_at": - return ec.fieldContext_Webhook_updated_at(ctx, field) + case "pagination": + return ec.fieldContext_AuthzPermissions_pagination(ctx, field) + case "permissions": + return ec.fieldContext_AuthzPermissions_permissions(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type Webhook", field.Name) + return nil, fmt.Errorf("no field named %q was found under type AuthzPermissions", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query__permissions_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) ___Directive_name(ctx context.Context, field graphql.CollectedField, obj *introspection.Directive) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Directive_name(ctx, field) +func (ec *executionContext) _Query_my_permissions(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query_my_permissions(ctx, field) if err != nil { return graphql.Null } @@ -16425,7 +17850,7 @@ func (ec *executionContext) ___Directive_name(ctx context.Context, field graphql }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Name, nil + return ec.resolvers.Query().MyPermissions(rctx) }) if err != nil { ec.Error(ctx, err) @@ -16437,26 +17862,32 @@ func (ec *executionContext) ___Directive_name(ctx context.Context, field graphql } return graphql.Null } - res := resTmp.(string) + res := resTmp.([]*model.Permission) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalNPermission2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPermissionᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Directive_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query_my_permissions(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Directive", + Object: "Query", Field: field, - IsMethod: false, - IsResolver: false, + IsMethod: true, + IsResolver: true, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "resource": + return ec.fieldContext_Permission_resource(ctx, field) + case "scope": + return ec.fieldContext_Permission_scope(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Permission", field.Name) }, } return fc, nil } -func (ec *executionContext) ___Directive_description(ctx context.Context, field graphql.CollectedField, obj *introspection.Directive) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Directive_description(ctx, field) +func (ec *executionContext) _Query___type(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query___type(ctx, field) if err != nil { return graphql.Null } @@ -16469,7 +17900,7 @@ func (ec *executionContext) ___Directive_description(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Description(), nil + return ec.introspectType(fc.Args["name"].(string)) }) if err != nil { ec.Error(ctx, err) @@ -16478,26 +17909,61 @@ func (ec *executionContext) ___Directive_description(ctx context.Context, field if resTmp == nil { return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*introspection.Type) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalO__Type2ᚖgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐType(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Directive_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query___type(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Directive", + Object: "Query", Field: field, IsMethod: true, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "kind": + return ec.fieldContext___Type_kind(ctx, field) + case "name": + return ec.fieldContext___Type_name(ctx, field) + case "description": + return ec.fieldContext___Type_description(ctx, field) + case "specifiedByURL": + return ec.fieldContext___Type_specifiedByURL(ctx, field) + case "fields": + return ec.fieldContext___Type_fields(ctx, field) + case "interfaces": + return ec.fieldContext___Type_interfaces(ctx, field) + case "possibleTypes": + return ec.fieldContext___Type_possibleTypes(ctx, field) + case "enumValues": + return ec.fieldContext___Type_enumValues(ctx, field) + case "inputFields": + return ec.fieldContext___Type_inputFields(ctx, field) + case "ofType": + return ec.fieldContext___Type_ofType(ctx, field) + case "isOneOf": + return ec.fieldContext___Type_isOneOf(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) }, } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query___type_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } return fc, nil } -func (ec *executionContext) ___Directive_isRepeatable(ctx context.Context, field graphql.CollectedField, obj *introspection.Directive) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Directive_isRepeatable(ctx, field) +func (ec *executionContext) _Query___schema(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query___schema(ctx, field) if err != nil { return graphql.Null } @@ -16510,38 +17976,49 @@ func (ec *executionContext) ___Directive_isRepeatable(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsRepeatable, nil + return ec.introspectSchema() }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*introspection.Schema) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalO__Schema2ᚖgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐSchema(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Directive_isRepeatable(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query___schema(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Directive", + Object: "Query", Field: field, - IsMethod: false, + IsMethod: true, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + switch field.Name { + case "description": + return ec.fieldContext___Schema_description(ctx, field) + case "types": + return ec.fieldContext___Schema_types(ctx, field) + case "queryType": + return ec.fieldContext___Schema_queryType(ctx, field) + case "mutationType": + return ec.fieldContext___Schema_mutationType(ctx, field) + case "subscriptionType": + return ec.fieldContext___Schema_subscriptionType(ctx, field) + case "directives": + return ec.fieldContext___Schema_directives(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __Schema", field.Name) }, } return fc, nil } -func (ec *executionContext) ___Directive_locations(ctx context.Context, field graphql.CollectedField, obj *introspection.Directive) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Directive_locations(ctx, field) +func (ec *executionContext) _Response_message(ctx context.Context, field graphql.CollectedField, obj *model.Response) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Response_message(ctx, field) if err != nil { return graphql.Null } @@ -16554,7 +18031,7 @@ func (ec *executionContext) ___Directive_locations(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Locations, nil + return obj.Message, nil }) if err != nil { ec.Error(ctx, err) @@ -16566,26 +18043,26 @@ func (ec *executionContext) ___Directive_locations(ctx context.Context, field gr } return graphql.Null } - res := resTmp.([]string) + res := resTmp.(string) fc.Result = res - return ec.marshalN__DirectiveLocation2ᚕstringᚄ(ctx, field.Selections, res) + return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Directive_locations(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Response_message(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Directive", + Object: "Response", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type __DirectiveLocation does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___Directive_args(ctx context.Context, field graphql.CollectedField, obj *introspection.Directive) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Directive_args(ctx, field) +func (ec *executionContext) _TestEndpointResponse_http_status(ctx context.Context, field graphql.CollectedField, obj *model.TestEndpointResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_TestEndpointResponse_http_status(ctx, field) if err != nil { return graphql.Null } @@ -16598,63 +18075,35 @@ func (ec *executionContext) ___Directive_args(ctx context.Context, field graphql }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Args, nil + return obj.HTTPStatus, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.([]introspection.InputValue) + res := resTmp.(*int64) fc.Result = res - return ec.marshalN__InputValue2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐInputValueᚄ(ctx, field.Selections, res) + return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Directive_args(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_TestEndpointResponse_http_status(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Directive", + Object: "TestEndpointResponse", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "name": - return ec.fieldContext___InputValue_name(ctx, field) - case "description": - return ec.fieldContext___InputValue_description(ctx, field) - case "type": - return ec.fieldContext___InputValue_type(ctx, field) - case "defaultValue": - return ec.fieldContext___InputValue_defaultValue(ctx, field) - case "isDeprecated": - return ec.fieldContext___InputValue_isDeprecated(ctx, field) - case "deprecationReason": - return ec.fieldContext___InputValue_deprecationReason(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type __InputValue", field.Name) + return nil, errors.New("field of type Int64 does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field___Directive_args_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) ___EnumValue_name(ctx context.Context, field graphql.CollectedField, obj *introspection.EnumValue) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___EnumValue_name(ctx, field) +func (ec *executionContext) _TestEndpointResponse_response(ctx context.Context, field graphql.CollectedField, obj *model.TestEndpointResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_TestEndpointResponse_response(ctx, field) if err != nil { return graphql.Null } @@ -16667,26 +18116,23 @@ func (ec *executionContext) ___EnumValue_name(ctx context.Context, field graphql }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Name, nil + return obj.Response, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*string) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___EnumValue_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_TestEndpointResponse_response(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__EnumValue", + Object: "TestEndpointResponse", Field: field, IsMethod: false, IsResolver: false, @@ -16697,8 +18143,8 @@ func (ec *executionContext) fieldContext___EnumValue_name(_ context.Context, fie return fc, nil } -func (ec *executionContext) ___EnumValue_description(ctx context.Context, field graphql.CollectedField, obj *introspection.EnumValue) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___EnumValue_description(ctx, field) +func (ec *executionContext) _User_id(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_id(ctx, field) if err != nil { return graphql.Null } @@ -16711,35 +18157,38 @@ func (ec *executionContext) ___EnumValue_description(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Description(), nil + return obj.ID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(string) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNID2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___EnumValue_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__EnumValue", + Object: "User", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type ID does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___EnumValue_isDeprecated(ctx context.Context, field graphql.CollectedField, obj *introspection.EnumValue) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___EnumValue_isDeprecated(ctx, field) +func (ec *executionContext) _User_email(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_email(ctx, field) if err != nil { return graphql.Null } @@ -16752,38 +18201,35 @@ func (ec *executionContext) ___EnumValue_isDeprecated(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsDeprecated(), nil + return obj.Email, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___EnumValue_isDeprecated(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_email(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__EnumValue", + Object: "User", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___EnumValue_deprecationReason(ctx context.Context, field graphql.CollectedField, obj *introspection.EnumValue) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___EnumValue_deprecationReason(ctx, field) +func (ec *executionContext) _User_email_verified(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_email_verified(ctx, field) if err != nil { return graphql.Null } @@ -16796,35 +18242,38 @@ func (ec *executionContext) ___EnumValue_deprecationReason(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DeprecationReason(), nil + return obj.EmailVerified, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(bool) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___EnumValue_deprecationReason(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_email_verified(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__EnumValue", + Object: "User", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___Field_name(ctx context.Context, field graphql.CollectedField, obj *introspection.Field) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Field_name(ctx, field) +func (ec *executionContext) _User_signup_methods(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_signup_methods(ctx, field) if err != nil { return graphql.Null } @@ -16837,7 +18286,7 @@ func (ec *executionContext) ___Field_name(ctx context.Context, field graphql.Col }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Name, nil + return obj.SignupMethods, nil }) if err != nil { ec.Error(ctx, err) @@ -16854,9 +18303,9 @@ func (ec *executionContext) ___Field_name(ctx context.Context, field graphql.Col return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Field_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_signup_methods(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Field", + Object: "User", Field: field, IsMethod: false, IsResolver: false, @@ -16867,8 +18316,8 @@ func (ec *executionContext) fieldContext___Field_name(_ context.Context, field g return fc, nil } -func (ec *executionContext) ___Field_description(ctx context.Context, field graphql.CollectedField, obj *introspection.Field) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Field_description(ctx, field) +func (ec *executionContext) _User_given_name(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_given_name(ctx, field) if err != nil { return graphql.Null } @@ -16881,7 +18330,7 @@ func (ec *executionContext) ___Field_description(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Description(), nil + return obj.GivenName, nil }) if err != nil { ec.Error(ctx, err) @@ -16895,11 +18344,11 @@ func (ec *executionContext) ___Field_description(ctx context.Context, field grap return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Field_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_given_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Field", + Object: "User", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { return nil, errors.New("field of type String does not have child fields") @@ -16908,8 +18357,8 @@ func (ec *executionContext) fieldContext___Field_description(_ context.Context, return fc, nil } -func (ec *executionContext) ___Field_args(ctx context.Context, field graphql.CollectedField, obj *introspection.Field) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Field_args(ctx, field) +func (ec *executionContext) _User_family_name(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_family_name(ctx, field) if err != nil { return graphql.Null } @@ -16922,63 +18371,76 @@ func (ec *executionContext) ___Field_args(ctx context.Context, field graphql.Col }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Args, nil + return obj.FamilyName, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.([]introspection.InputValue) + res := resTmp.(*string) fc.Result = res - return ec.marshalN__InputValue2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐInputValueᚄ(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Field_args(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_family_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Field", + Object: "User", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "name": - return ec.fieldContext___InputValue_name(ctx, field) - case "description": - return ec.fieldContext___InputValue_description(ctx, field) - case "type": - return ec.fieldContext___InputValue_type(ctx, field) - case "defaultValue": - return ec.fieldContext___InputValue_defaultValue(ctx, field) - case "isDeprecated": - return ec.fieldContext___InputValue_isDeprecated(ctx, field) - case "deprecationReason": - return ec.fieldContext___InputValue_deprecationReason(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type __InputValue", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } + return fc, nil +} + +func (ec *executionContext) _User_middle_name(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_middle_name(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) defer func() { if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null } }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field___Field_args_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.MiddleName, nil + }) + if err != nil { ec.Error(ctx, err) - return fc, err + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_User_middle_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "User", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, } return fc, nil } -func (ec *executionContext) ___Field_type(ctx context.Context, field graphql.CollectedField, obj *introspection.Field) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Field_type(ctx, field) +func (ec *executionContext) _User_nickname(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_nickname(ctx, field) if err != nil { return graphql.Null } @@ -16991,62 +18453,35 @@ func (ec *executionContext) ___Field_type(ctx context.Context, field graphql.Col }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Type, nil + return obj.Nickname, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*introspection.Type) + res := resTmp.(*string) fc.Result = res - return ec.marshalN__Type2ᚖgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐType(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Field_type(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_nickname(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Field", + Object: "User", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "kind": - return ec.fieldContext___Type_kind(ctx, field) - case "name": - return ec.fieldContext___Type_name(ctx, field) - case "description": - return ec.fieldContext___Type_description(ctx, field) - case "specifiedByURL": - return ec.fieldContext___Type_specifiedByURL(ctx, field) - case "fields": - return ec.fieldContext___Type_fields(ctx, field) - case "interfaces": - return ec.fieldContext___Type_interfaces(ctx, field) - case "possibleTypes": - return ec.fieldContext___Type_possibleTypes(ctx, field) - case "enumValues": - return ec.fieldContext___Type_enumValues(ctx, field) - case "inputFields": - return ec.fieldContext___Type_inputFields(ctx, field) - case "ofType": - return ec.fieldContext___Type_ofType(ctx, field) - case "isOneOf": - return ec.fieldContext___Type_isOneOf(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___Field_isDeprecated(ctx context.Context, field graphql.CollectedField, obj *introspection.Field) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Field_isDeprecated(ctx, field) +func (ec *executionContext) _User_preferred_username(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_preferred_username(ctx, field) if err != nil { return graphql.Null } @@ -17059,38 +18494,35 @@ func (ec *executionContext) ___Field_isDeprecated(ctx context.Context, field gra }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsDeprecated(), nil + return obj.PreferredUsername, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Field_isDeprecated(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_preferred_username(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Field", + Object: "User", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___Field_deprecationReason(ctx context.Context, field graphql.CollectedField, obj *introspection.Field) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Field_deprecationReason(ctx, field) +func (ec *executionContext) _User_gender(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_gender(ctx, field) if err != nil { return graphql.Null } @@ -17103,7 +18535,7 @@ func (ec *executionContext) ___Field_deprecationReason(ctx context.Context, fiel }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DeprecationReason(), nil + return obj.Gender, nil }) if err != nil { ec.Error(ctx, err) @@ -17117,11 +18549,11 @@ func (ec *executionContext) ___Field_deprecationReason(ctx context.Context, fiel return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Field_deprecationReason(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_gender(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Field", + Object: "User", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { return nil, errors.New("field of type String does not have child fields") @@ -17130,8 +18562,8 @@ func (ec *executionContext) fieldContext___Field_deprecationReason(_ context.Con return fc, nil } -func (ec *executionContext) ___InputValue_name(ctx context.Context, field graphql.CollectedField, obj *introspection.InputValue) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___InputValue_name(ctx, field) +func (ec *executionContext) _User_birthdate(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_birthdate(ctx, field) if err != nil { return graphql.Null } @@ -17144,26 +18576,23 @@ func (ec *executionContext) ___InputValue_name(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Name, nil + return obj.Birthdate, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(string) + res := resTmp.(*string) fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___InputValue_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_birthdate(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__InputValue", + Object: "User", Field: field, IsMethod: false, IsResolver: false, @@ -17174,8 +18603,8 @@ func (ec *executionContext) fieldContext___InputValue_name(_ context.Context, fi return fc, nil } -func (ec *executionContext) ___InputValue_description(ctx context.Context, field graphql.CollectedField, obj *introspection.InputValue) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___InputValue_description(ctx, field) +func (ec *executionContext) _User_phone_number(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_phone_number(ctx, field) if err != nil { return graphql.Null } @@ -17188,7 +18617,7 @@ func (ec *executionContext) ___InputValue_description(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Description(), nil + return obj.PhoneNumber, nil }) if err != nil { ec.Error(ctx, err) @@ -17202,11 +18631,11 @@ func (ec *executionContext) ___InputValue_description(ctx context.Context, field return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___InputValue_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_phone_number(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__InputValue", + Object: "User", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { return nil, errors.New("field of type String does not have child fields") @@ -17215,8 +18644,8 @@ func (ec *executionContext) fieldContext___InputValue_description(_ context.Cont return fc, nil } -func (ec *executionContext) ___InputValue_type(ctx context.Context, field graphql.CollectedField, obj *introspection.InputValue) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___InputValue_type(ctx, field) +func (ec *executionContext) _User_phone_number_verified(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_phone_number_verified(ctx, field) if err != nil { return graphql.Null } @@ -17229,7 +18658,7 @@ func (ec *executionContext) ___InputValue_type(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Type, nil + return obj.PhoneNumberVerified, nil }) if err != nil { ec.Error(ctx, err) @@ -17241,50 +18670,26 @@ func (ec *executionContext) ___InputValue_type(ctx context.Context, field graphq } return graphql.Null } - res := resTmp.(*introspection.Type) + res := resTmp.(bool) fc.Result = res - return ec.marshalN__Type2ᚖgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐType(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___InputValue_type(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_phone_number_verified(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__InputValue", + Object: "User", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "kind": - return ec.fieldContext___Type_kind(ctx, field) - case "name": - return ec.fieldContext___Type_name(ctx, field) - case "description": - return ec.fieldContext___Type_description(ctx, field) - case "specifiedByURL": - return ec.fieldContext___Type_specifiedByURL(ctx, field) - case "fields": - return ec.fieldContext___Type_fields(ctx, field) - case "interfaces": - return ec.fieldContext___Type_interfaces(ctx, field) - case "possibleTypes": - return ec.fieldContext___Type_possibleTypes(ctx, field) - case "enumValues": - return ec.fieldContext___Type_enumValues(ctx, field) - case "inputFields": - return ec.fieldContext___Type_inputFields(ctx, field) - case "ofType": - return ec.fieldContext___Type_ofType(ctx, field) - case "isOneOf": - return ec.fieldContext___Type_isOneOf(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___InputValue_defaultValue(ctx context.Context, field graphql.CollectedField, obj *introspection.InputValue) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___InputValue_defaultValue(ctx, field) +func (ec *executionContext) _User_picture(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_picture(ctx, field) if err != nil { return graphql.Null } @@ -17297,7 +18702,7 @@ func (ec *executionContext) ___InputValue_defaultValue(ctx context.Context, fiel }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DefaultValue, nil + return obj.Picture, nil }) if err != nil { ec.Error(ctx, err) @@ -17311,9 +18716,9 @@ func (ec *executionContext) ___InputValue_defaultValue(ctx context.Context, fiel return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___InputValue_defaultValue(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_picture(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__InputValue", + Object: "User", Field: field, IsMethod: false, IsResolver: false, @@ -17324,8 +18729,8 @@ func (ec *executionContext) fieldContext___InputValue_defaultValue(_ context.Con return fc, nil } -func (ec *executionContext) ___InputValue_isDeprecated(ctx context.Context, field graphql.CollectedField, obj *introspection.InputValue) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___InputValue_isDeprecated(ctx, field) +func (ec *executionContext) _User_roles(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_roles(ctx, field) if err != nil { return graphql.Null } @@ -17338,7 +18743,7 @@ func (ec *executionContext) ___InputValue_isDeprecated(ctx context.Context, fiel }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsDeprecated(), nil + return obj.Roles, nil }) if err != nil { ec.Error(ctx, err) @@ -17350,26 +18755,26 @@ func (ec *executionContext) ___InputValue_isDeprecated(ctx context.Context, fiel } return graphql.Null } - res := resTmp.(bool) + res := resTmp.([]string) fc.Result = res - return ec.marshalNBoolean2bool(ctx, field.Selections, res) + return ec.marshalNString2ᚕstringᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___InputValue_isDeprecated(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_roles(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__InputValue", + Object: "User", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___InputValue_deprecationReason(ctx context.Context, field graphql.CollectedField, obj *introspection.InputValue) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___InputValue_deprecationReason(ctx, field) +func (ec *executionContext) _User_created_at(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_created_at(ctx, field) if err != nil { return graphql.Null } @@ -17382,7 +18787,7 @@ func (ec *executionContext) ___InputValue_deprecationReason(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.DeprecationReason(), nil + return obj.CreatedAt, nil }) if err != nil { ec.Error(ctx, err) @@ -17391,26 +18796,26 @@ func (ec *executionContext) ___InputValue_deprecationReason(ctx context.Context, if resTmp == nil { return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*int64) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___InputValue_deprecationReason(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_created_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__InputValue", + Object: "User", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___Schema_description(ctx context.Context, field graphql.CollectedField, obj *introspection.Schema) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Schema_description(ctx, field) +func (ec *executionContext) _User_updated_at(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_updated_at(ctx, field) if err != nil { return graphql.Null } @@ -17423,7 +18828,7 @@ func (ec *executionContext) ___Schema_description(ctx context.Context, field gra }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Description(), nil + return obj.UpdatedAt, nil }) if err != nil { ec.Error(ctx, err) @@ -17432,26 +18837,26 @@ func (ec *executionContext) ___Schema_description(ctx context.Context, field gra if resTmp == nil { return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*int64) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Schema_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_updated_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Schema", + Object: "User", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___Schema_types(ctx context.Context, field graphql.CollectedField, obj *introspection.Schema) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Schema_types(ctx, field) +func (ec *executionContext) _User_revoked_timestamp(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_revoked_timestamp(ctx, field) if err != nil { return graphql.Null } @@ -17464,62 +18869,35 @@ func (ec *executionContext) ___Schema_types(ctx context.Context, field graphql.C }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Types(), nil + return obj.RevokedTimestamp, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.([]introspection.Type) + res := resTmp.(*int64) fc.Result = res - return ec.marshalN__Type2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐTypeᚄ(ctx, field.Selections, res) + return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Schema_types(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_revoked_timestamp(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Schema", + Object: "User", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "kind": - return ec.fieldContext___Type_kind(ctx, field) - case "name": - return ec.fieldContext___Type_name(ctx, field) - case "description": - return ec.fieldContext___Type_description(ctx, field) - case "specifiedByURL": - return ec.fieldContext___Type_specifiedByURL(ctx, field) - case "fields": - return ec.fieldContext___Type_fields(ctx, field) - case "interfaces": - return ec.fieldContext___Type_interfaces(ctx, field) - case "possibleTypes": - return ec.fieldContext___Type_possibleTypes(ctx, field) - case "enumValues": - return ec.fieldContext___Type_enumValues(ctx, field) - case "inputFields": - return ec.fieldContext___Type_inputFields(ctx, field) - case "ofType": - return ec.fieldContext___Type_ofType(ctx, field) - case "isOneOf": - return ec.fieldContext___Type_isOneOf(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___Schema_queryType(ctx context.Context, field graphql.CollectedField, obj *introspection.Schema) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Schema_queryType(ctx, field) +func (ec *executionContext) _User_is_multi_factor_auth_enabled(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field) if err != nil { return graphql.Null } @@ -17532,62 +18910,35 @@ func (ec *executionContext) ___Schema_queryType(ctx context.Context, field graph }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.QueryType(), nil + return obj.IsMultiFactorAuthEnabled, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } return graphql.Null } - res := resTmp.(*introspection.Type) + res := resTmp.(*bool) fc.Result = res - return ec.marshalN__Type2ᚖgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐType(ctx, field.Selections, res) + return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Schema_queryType(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_is_multi_factor_auth_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Schema", + Object: "User", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "kind": - return ec.fieldContext___Type_kind(ctx, field) - case "name": - return ec.fieldContext___Type_name(ctx, field) - case "description": - return ec.fieldContext___Type_description(ctx, field) - case "specifiedByURL": - return ec.fieldContext___Type_specifiedByURL(ctx, field) - case "fields": - return ec.fieldContext___Type_fields(ctx, field) - case "interfaces": - return ec.fieldContext___Type_interfaces(ctx, field) - case "possibleTypes": - return ec.fieldContext___Type_possibleTypes(ctx, field) - case "enumValues": - return ec.fieldContext___Type_enumValues(ctx, field) - case "inputFields": - return ec.fieldContext___Type_inputFields(ctx, field) - case "ofType": - return ec.fieldContext___Type_ofType(ctx, field) - case "isOneOf": - return ec.fieldContext___Type_isOneOf(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___Schema_mutationType(ctx context.Context, field graphql.CollectedField, obj *introspection.Schema) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Schema_mutationType(ctx, field) +func (ec *executionContext) _User_app_data(ctx context.Context, field graphql.CollectedField, obj *model.User) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_User_app_data(ctx, field) if err != nil { return graphql.Null } @@ -17600,7 +18951,7 @@ func (ec *executionContext) ___Schema_mutationType(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.MutationType(), nil + return obj.AppData, nil }) if err != nil { ec.Error(ctx, err) @@ -17609,50 +18960,26 @@ func (ec *executionContext) ___Schema_mutationType(ctx context.Context, field gr if resTmp == nil { return graphql.Null } - res := resTmp.(*introspection.Type) + res := resTmp.(map[string]any) fc.Result = res - return ec.marshalO__Type2ᚖgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐType(ctx, field.Selections, res) + return ec.marshalOMap2map(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Schema_mutationType(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_User_app_data(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Schema", + Object: "User", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "kind": - return ec.fieldContext___Type_kind(ctx, field) - case "name": - return ec.fieldContext___Type_name(ctx, field) - case "description": - return ec.fieldContext___Type_description(ctx, field) - case "specifiedByURL": - return ec.fieldContext___Type_specifiedByURL(ctx, field) - case "fields": - return ec.fieldContext___Type_fields(ctx, field) - case "interfaces": - return ec.fieldContext___Type_interfaces(ctx, field) - case "possibleTypes": - return ec.fieldContext___Type_possibleTypes(ctx, field) - case "enumValues": - return ec.fieldContext___Type_enumValues(ctx, field) - case "inputFields": - return ec.fieldContext___Type_inputFields(ctx, field) - case "ofType": - return ec.fieldContext___Type_ofType(ctx, field) - case "isOneOf": - return ec.fieldContext___Type_isOneOf(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + return nil, errors.New("field of type Map does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___Schema_subscriptionType(ctx context.Context, field graphql.CollectedField, obj *introspection.Schema) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Schema_subscriptionType(ctx, field) +func (ec *executionContext) _Users_pagination(ctx context.Context, field graphql.CollectedField, obj *model.Users) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Users_pagination(ctx, field) if err != nil { return graphql.Null } @@ -17665,59 +18992,48 @@ func (ec *executionContext) ___Schema_subscriptionType(ctx context.Context, fiel }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.SubscriptionType(), nil + return obj.Pagination, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*introspection.Type) + res := resTmp.(*model.Pagination) fc.Result = res - return ec.marshalO__Type2ᚖgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐType(ctx, field.Selections, res) + return ec.marshalNPagination2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPagination(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Schema_subscriptionType(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Users_pagination(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Schema", + Object: "Users", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "kind": - return ec.fieldContext___Type_kind(ctx, field) - case "name": - return ec.fieldContext___Type_name(ctx, field) - case "description": - return ec.fieldContext___Type_description(ctx, field) - case "specifiedByURL": - return ec.fieldContext___Type_specifiedByURL(ctx, field) - case "fields": - return ec.fieldContext___Type_fields(ctx, field) - case "interfaces": - return ec.fieldContext___Type_interfaces(ctx, field) - case "possibleTypes": - return ec.fieldContext___Type_possibleTypes(ctx, field) - case "enumValues": - return ec.fieldContext___Type_enumValues(ctx, field) - case "inputFields": - return ec.fieldContext___Type_inputFields(ctx, field) - case "ofType": - return ec.fieldContext___Type_ofType(ctx, field) - case "isOneOf": - return ec.fieldContext___Type_isOneOf(ctx, field) + case "limit": + return ec.fieldContext_Pagination_limit(ctx, field) + case "page": + return ec.fieldContext_Pagination_page(ctx, field) + case "offset": + return ec.fieldContext_Pagination_offset(ctx, field) + case "total": + return ec.fieldContext_Pagination_total(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + return nil, fmt.Errorf("no field named %q was found under type Pagination", field.Name) }, } return fc, nil } -func (ec *executionContext) ___Schema_directives(ctx context.Context, field graphql.CollectedField, obj *introspection.Schema) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Schema_directives(ctx, field) +func (ec *executionContext) _Users_users(ctx context.Context, field graphql.CollectedField, obj *model.Users) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Users_users(ctx, field) if err != nil { return graphql.Null } @@ -17730,7 +19046,7 @@ func (ec *executionContext) ___Schema_directives(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Directives(), nil + return obj.Users, nil }) if err != nil { ec.Error(ctx, err) @@ -17742,38 +19058,68 @@ func (ec *executionContext) ___Schema_directives(ctx context.Context, field grap } return graphql.Null } - res := resTmp.([]introspection.Directive) + res := resTmp.([]*model.User) fc.Result = res - return ec.marshalN__Directive2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐDirectiveᚄ(ctx, field.Selections, res) + return ec.marshalNUser2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUserᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Schema_directives(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Users_users(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Schema", + Object: "Users", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { - case "name": - return ec.fieldContext___Directive_name(ctx, field) - case "description": - return ec.fieldContext___Directive_description(ctx, field) - case "isRepeatable": - return ec.fieldContext___Directive_isRepeatable(ctx, field) - case "locations": - return ec.fieldContext___Directive_locations(ctx, field) - case "args": - return ec.fieldContext___Directive_args(ctx, field) + case "id": + return ec.fieldContext_User_id(ctx, field) + case "email": + return ec.fieldContext_User_email(ctx, field) + case "email_verified": + return ec.fieldContext_User_email_verified(ctx, field) + case "signup_methods": + return ec.fieldContext_User_signup_methods(ctx, field) + case "given_name": + return ec.fieldContext_User_given_name(ctx, field) + case "family_name": + return ec.fieldContext_User_family_name(ctx, field) + case "middle_name": + return ec.fieldContext_User_middle_name(ctx, field) + case "nickname": + return ec.fieldContext_User_nickname(ctx, field) + case "preferred_username": + return ec.fieldContext_User_preferred_username(ctx, field) + case "gender": + return ec.fieldContext_User_gender(ctx, field) + case "birthdate": + return ec.fieldContext_User_birthdate(ctx, field) + case "phone_number": + return ec.fieldContext_User_phone_number(ctx, field) + case "phone_number_verified": + return ec.fieldContext_User_phone_number_verified(ctx, field) + case "picture": + return ec.fieldContext_User_picture(ctx, field) + case "roles": + return ec.fieldContext_User_roles(ctx, field) + case "created_at": + return ec.fieldContext_User_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_User_updated_at(ctx, field) + case "revoked_timestamp": + return ec.fieldContext_User_revoked_timestamp(ctx, field) + case "is_multi_factor_auth_enabled": + return ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field) + case "app_data": + return ec.fieldContext_User_app_data(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type __Directive", field.Name) + return nil, fmt.Errorf("no field named %q was found under type User", field.Name) }, } return fc, nil } -func (ec *executionContext) ___Type_kind(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Type_kind(ctx, field) +func (ec *executionContext) _ValidateJWTTokenResponse_is_valid(ctx context.Context, field graphql.CollectedField, obj *model.ValidateJWTTokenResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_ValidateJWTTokenResponse_is_valid(ctx, field) if err != nil { return graphql.Null } @@ -17786,7 +19132,7 @@ func (ec *executionContext) ___Type_kind(ctx context.Context, field graphql.Coll }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Kind(), nil + return obj.IsValid, nil }) if err != nil { ec.Error(ctx, err) @@ -17798,26 +19144,26 @@ func (ec *executionContext) ___Type_kind(ctx context.Context, field graphql.Coll } return graphql.Null } - res := resTmp.(string) + res := resTmp.(bool) fc.Result = res - return ec.marshalN__TypeKind2string(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Type_kind(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_ValidateJWTTokenResponse_is_valid(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Type", + Object: "ValidateJWTTokenResponse", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type __TypeKind does not have child fields") + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___Type_name(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Type_name(ctx, field) +func (ec *executionContext) _ValidateJWTTokenResponse_claims(ctx context.Context, field graphql.CollectedField, obj *model.ValidateJWTTokenResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_ValidateJWTTokenResponse_claims(ctx, field) if err != nil { return graphql.Null } @@ -17830,7 +19176,7 @@ func (ec *executionContext) ___Type_name(ctx context.Context, field graphql.Coll }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Name(), nil + return obj.Claims, nil }) if err != nil { ec.Error(ctx, err) @@ -17839,26 +19185,26 @@ func (ec *executionContext) ___Type_name(ctx context.Context, field graphql.Coll if resTmp == nil { return graphql.Null } - res := resTmp.(*string) + res := resTmp.(map[string]any) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalOMap2map(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Type_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_ValidateJWTTokenResponse_claims(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Type", + Object: "ValidateJWTTokenResponse", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Map does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___Type_description(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Type_description(ctx, field) +func (ec *executionContext) _ValidateSessionResponse_is_valid(ctx context.Context, field graphql.CollectedField, obj *model.ValidateSessionResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_ValidateSessionResponse_is_valid(ctx, field) if err != nil { return graphql.Null } @@ -17871,35 +19217,38 @@ func (ec *executionContext) ___Type_description(ctx context.Context, field graph }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Description(), nil + return obj.IsValid, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(bool) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNBoolean2bool(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Type_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_ValidateSessionResponse_is_valid(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Type", + Object: "ValidateSessionResponse", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + return nil, errors.New("field of type Boolean does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___Type_specifiedByURL(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Type_specifiedByURL(ctx, field) +func (ec *executionContext) _ValidateSessionResponse_user(ctx context.Context, field graphql.CollectedField, obj *model.ValidateSessionResponse) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_ValidateSessionResponse_user(ctx, field) if err != nil { return graphql.Null } @@ -17912,35 +19261,80 @@ func (ec *executionContext) ___Type_specifiedByURL(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.SpecifiedByURL(), nil + return obj.User, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.(*string) + res := resTmp.(*model.User) fc.Result = res - return ec.marshalOString2ᚖstring(ctx, field.Selections, res) + return ec.marshalNUser2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUser(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Type_specifiedByURL(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_ValidateSessionResponse_user(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Type", + Object: "ValidateSessionResponse", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_User_id(ctx, field) + case "email": + return ec.fieldContext_User_email(ctx, field) + case "email_verified": + return ec.fieldContext_User_email_verified(ctx, field) + case "signup_methods": + return ec.fieldContext_User_signup_methods(ctx, field) + case "given_name": + return ec.fieldContext_User_given_name(ctx, field) + case "family_name": + return ec.fieldContext_User_family_name(ctx, field) + case "middle_name": + return ec.fieldContext_User_middle_name(ctx, field) + case "nickname": + return ec.fieldContext_User_nickname(ctx, field) + case "preferred_username": + return ec.fieldContext_User_preferred_username(ctx, field) + case "gender": + return ec.fieldContext_User_gender(ctx, field) + case "birthdate": + return ec.fieldContext_User_birthdate(ctx, field) + case "phone_number": + return ec.fieldContext_User_phone_number(ctx, field) + case "phone_number_verified": + return ec.fieldContext_User_phone_number_verified(ctx, field) + case "picture": + return ec.fieldContext_User_picture(ctx, field) + case "roles": + return ec.fieldContext_User_roles(ctx, field) + case "created_at": + return ec.fieldContext_User_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_User_updated_at(ctx, field) + case "revoked_timestamp": + return ec.fieldContext_User_revoked_timestamp(ctx, field) + case "is_multi_factor_auth_enabled": + return ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field) + case "app_data": + return ec.fieldContext_User_app_data(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type User", field.Name) }, } return fc, nil } -func (ec *executionContext) ___Type_fields(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Type_fields(ctx, field) +func (ec *executionContext) _VerificationRequest_id(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VerificationRequest_id(ctx, field) if err != nil { return graphql.Null } @@ -17953,60 +19347,38 @@ func (ec *executionContext) ___Type_fields(ctx context.Context, field graphql.Co }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Fields(fc.Args["includeDeprecated"].(bool)), nil + return obj.ID, nil }) if err != nil { ec.Error(ctx, err) return graphql.Null } if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } return graphql.Null } - res := resTmp.([]introspection.Field) + res := resTmp.(string) fc.Result = res - return ec.marshalO__Field2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐFieldᚄ(ctx, field.Selections, res) + return ec.marshalNID2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Type_fields(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_VerificationRequest_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Type", + Object: "VerificationRequest", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "name": - return ec.fieldContext___Field_name(ctx, field) - case "description": - return ec.fieldContext___Field_description(ctx, field) - case "args": - return ec.fieldContext___Field_args(ctx, field) - case "type": - return ec.fieldContext___Field_type(ctx, field) - case "isDeprecated": - return ec.fieldContext___Field_isDeprecated(ctx, field) - case "deprecationReason": - return ec.fieldContext___Field_deprecationReason(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type __Field", field.Name) + return nil, errors.New("field of type ID does not have child fields") }, } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field___Type_fields_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } return fc, nil } -func (ec *executionContext) ___Type_interfaces(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Type_interfaces(ctx, field) +func (ec *executionContext) _VerificationRequest_identifier(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VerificationRequest_identifier(ctx, field) if err != nil { return graphql.Null } @@ -18019,7 +19391,7 @@ func (ec *executionContext) ___Type_interfaces(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.Interfaces(), nil + return obj.Identifier, nil }) if err != nil { ec.Error(ctx, err) @@ -18028,50 +19400,26 @@ func (ec *executionContext) ___Type_interfaces(ctx context.Context, field graphq if resTmp == nil { return graphql.Null } - res := resTmp.([]introspection.Type) + res := resTmp.(*string) fc.Result = res - return ec.marshalO__Type2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐTypeᚄ(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Type_interfaces(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_VerificationRequest_identifier(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Type", + Object: "VerificationRequest", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "kind": - return ec.fieldContext___Type_kind(ctx, field) - case "name": - return ec.fieldContext___Type_name(ctx, field) - case "description": - return ec.fieldContext___Type_description(ctx, field) - case "specifiedByURL": - return ec.fieldContext___Type_specifiedByURL(ctx, field) - case "fields": - return ec.fieldContext___Type_fields(ctx, field) - case "interfaces": - return ec.fieldContext___Type_interfaces(ctx, field) - case "possibleTypes": - return ec.fieldContext___Type_possibleTypes(ctx, field) - case "enumValues": - return ec.fieldContext___Type_enumValues(ctx, field) - case "inputFields": - return ec.fieldContext___Type_inputFields(ctx, field) - case "ofType": - return ec.fieldContext___Type_ofType(ctx, field) - case "isOneOf": - return ec.fieldContext___Type_isOneOf(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___Type_possibleTypes(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Type_possibleTypes(ctx, field) +func (ec *executionContext) _VerificationRequest_token(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VerificationRequest_token(ctx, field) if err != nil { return graphql.Null } @@ -18084,7 +19432,7 @@ func (ec *executionContext) ___Type_possibleTypes(ctx context.Context, field gra }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.PossibleTypes(), nil + return obj.Token, nil }) if err != nil { ec.Error(ctx, err) @@ -18093,50 +19441,26 @@ func (ec *executionContext) ___Type_possibleTypes(ctx context.Context, field gra if resTmp == nil { return graphql.Null } - res := resTmp.([]introspection.Type) + res := resTmp.(*string) fc.Result = res - return ec.marshalO__Type2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐTypeᚄ(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Type_possibleTypes(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_VerificationRequest_token(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Type", + Object: "VerificationRequest", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "kind": - return ec.fieldContext___Type_kind(ctx, field) - case "name": - return ec.fieldContext___Type_name(ctx, field) - case "description": - return ec.fieldContext___Type_description(ctx, field) - case "specifiedByURL": - return ec.fieldContext___Type_specifiedByURL(ctx, field) - case "fields": - return ec.fieldContext___Type_fields(ctx, field) - case "interfaces": - return ec.fieldContext___Type_interfaces(ctx, field) - case "possibleTypes": - return ec.fieldContext___Type_possibleTypes(ctx, field) - case "enumValues": - return ec.fieldContext___Type_enumValues(ctx, field) - case "inputFields": - return ec.fieldContext___Type_inputFields(ctx, field) - case "ofType": - return ec.fieldContext___Type_ofType(ctx, field) - case "isOneOf": - return ec.fieldContext___Type_isOneOf(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___Type_enumValues(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Type_enumValues(ctx, field) +func (ec *executionContext) _VerificationRequest_email(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VerificationRequest_email(ctx, field) if err != nil { return graphql.Null } @@ -18149,7 +19473,7 @@ func (ec *executionContext) ___Type_enumValues(ctx context.Context, field graphq }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.EnumValues(fc.Args["includeDeprecated"].(bool)), nil + return obj.Email, nil }) if err != nil { ec.Error(ctx, err) @@ -18158,47 +19482,67 @@ func (ec *executionContext) ___Type_enumValues(ctx context.Context, field graphq if resTmp == nil { return graphql.Null } - res := resTmp.([]introspection.EnumValue) + res := resTmp.(*string) fc.Result = res - return ec.marshalO__EnumValue2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐEnumValueᚄ(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Type_enumValues(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_VerificationRequest_email(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Type", + Object: "VerificationRequest", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "name": - return ec.fieldContext___EnumValue_name(ctx, field) - case "description": - return ec.fieldContext___EnumValue_description(ctx, field) - case "isDeprecated": - return ec.fieldContext___EnumValue_isDeprecated(ctx, field) - case "deprecationReason": - return ec.fieldContext___EnumValue_deprecationReason(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type __EnumValue", field.Name) + return nil, errors.New("field of type String does not have child fields") }, } + return fc, nil +} + +func (ec *executionContext) _VerificationRequest_expires(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VerificationRequest_expires(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) defer func() { if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null } }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field___Type_enumValues_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Expires, nil + }) + if err != nil { ec.Error(ctx, err) - return fc, err + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*int64) + fc.Result = res + return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_VerificationRequest_expires(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "VerificationRequest", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type Int64 does not have child fields") + }, } return fc, nil } -func (ec *executionContext) ___Type_inputFields(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Type_inputFields(ctx, field) +func (ec *executionContext) _VerificationRequest_created_at(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VerificationRequest_created_at(ctx, field) if err != nil { return graphql.Null } @@ -18211,7 +19555,7 @@ func (ec *executionContext) ___Type_inputFields(ctx context.Context, field graph }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.InputFields(), nil + return obj.CreatedAt, nil }) if err != nil { ec.Error(ctx, err) @@ -18220,40 +19564,26 @@ func (ec *executionContext) ___Type_inputFields(ctx context.Context, field graph if resTmp == nil { return graphql.Null } - res := resTmp.([]introspection.InputValue) + res := resTmp.(*int64) fc.Result = res - return ec.marshalO__InputValue2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐInputValueᚄ(ctx, field.Selections, res) + return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Type_inputFields(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_VerificationRequest_created_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Type", + Object: "VerificationRequest", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "name": - return ec.fieldContext___InputValue_name(ctx, field) - case "description": - return ec.fieldContext___InputValue_description(ctx, field) - case "type": - return ec.fieldContext___InputValue_type(ctx, field) - case "defaultValue": - return ec.fieldContext___InputValue_defaultValue(ctx, field) - case "isDeprecated": - return ec.fieldContext___InputValue_isDeprecated(ctx, field) - case "deprecationReason": - return ec.fieldContext___InputValue_deprecationReason(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type __InputValue", field.Name) + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___Type_ofType(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Type_ofType(ctx, field) +func (ec *executionContext) _VerificationRequest_updated_at(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VerificationRequest_updated_at(ctx, field) if err != nil { return graphql.Null } @@ -18266,7 +19596,7 @@ func (ec *executionContext) ___Type_ofType(ctx context.Context, field graphql.Co }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.OfType(), nil + return obj.UpdatedAt, nil }) if err != nil { ec.Error(ctx, err) @@ -18275,50 +19605,26 @@ func (ec *executionContext) ___Type_ofType(ctx context.Context, field graphql.Co if resTmp == nil { return graphql.Null } - res := resTmp.(*introspection.Type) + res := resTmp.(*int64) fc.Result = res - return ec.marshalO__Type2ᚖgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐType(ctx, field.Selections, res) + return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Type_ofType(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_VerificationRequest_updated_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Type", + Object: "VerificationRequest", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "kind": - return ec.fieldContext___Type_kind(ctx, field) - case "name": - return ec.fieldContext___Type_name(ctx, field) - case "description": - return ec.fieldContext___Type_description(ctx, field) - case "specifiedByURL": - return ec.fieldContext___Type_specifiedByURL(ctx, field) - case "fields": - return ec.fieldContext___Type_fields(ctx, field) - case "interfaces": - return ec.fieldContext___Type_interfaces(ctx, field) - case "possibleTypes": - return ec.fieldContext___Type_possibleTypes(ctx, field) - case "enumValues": - return ec.fieldContext___Type_enumValues(ctx, field) - case "inputFields": - return ec.fieldContext___Type_inputFields(ctx, field) - case "ofType": - return ec.fieldContext___Type_ofType(ctx, field) - case "isOneOf": - return ec.fieldContext___Type_isOneOf(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + return nil, errors.New("field of type Int64 does not have child fields") }, } return fc, nil } -func (ec *executionContext) ___Type_isOneOf(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { - fc, err := ec.fieldContext___Type_isOneOf(ctx, field) +func (ec *executionContext) _VerificationRequest_nonce(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VerificationRequest_nonce(ctx, field) if err != nil { return graphql.Null } @@ -18331,7 +19637,7 @@ func (ec *executionContext) ___Type_isOneOf(ctx context.Context, field graphql.C }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { ctx = rctx // use context from middleware stack in children - return obj.IsOneOf(), nil + return obj.Nonce, nil }) if err != nil { ec.Error(ctx, err) @@ -18340,247 +19646,3814 @@ func (ec *executionContext) ___Type_isOneOf(ctx context.Context, field graphql.C if resTmp == nil { return graphql.Null } - res := resTmp.(bool) + res := resTmp.(*string) fc.Result = res - return ec.marshalOBoolean2bool(ctx, field.Selections, res) + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext___Type_isOneOf(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_VerificationRequest_nonce(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "__Type", + Object: "VerificationRequest", Field: field, - IsMethod: true, + IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Boolean does not have child fields") + return nil, errors.New("field of type String does not have child fields") }, } return fc, nil } -// endregion **************************** field.gotpl ***************************** - -// region **************************** input.gotpl ***************************** - -func (ec *executionContext) unmarshalInputAddEmailTemplateRequest(ctx context.Context, obj any) (model.AddEmailTemplateRequest, error) { - var it model.AddEmailTemplateRequest - asMap := map[string]any{} - for k, v := range obj.(map[string]any) { - asMap[k] = v +func (ec *executionContext) _VerificationRequest_redirect_uri(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VerificationRequest_redirect_uri(ctx, field) + if err != nil { + return graphql.Null } - - fieldsInOrder := [...]string{"event_name", "subject", "template", "design"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.RedirectURI, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_VerificationRequest_redirect_uri(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "VerificationRequest", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _VerificationRequests_pagination(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequests) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VerificationRequests_pagination(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Pagination, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(*model.Pagination) + fc.Result = res + return ec.marshalNPagination2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPagination(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_VerificationRequests_pagination(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "VerificationRequests", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "limit": + return ec.fieldContext_Pagination_limit(ctx, field) + case "page": + return ec.fieldContext_Pagination_page(ctx, field) + case "offset": + return ec.fieldContext_Pagination_offset(ctx, field) + case "total": + return ec.fieldContext_Pagination_total(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Pagination", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) _VerificationRequests_verification_requests(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequests) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VerificationRequests_verification_requests(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.VerificationRequests, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.([]*model.VerificationRequest) + fc.Result = res + return ec.marshalNVerificationRequest2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐVerificationRequestᚄ(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_VerificationRequests_verification_requests(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "VerificationRequests", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "id": + return ec.fieldContext_VerificationRequest_id(ctx, field) + case "identifier": + return ec.fieldContext_VerificationRequest_identifier(ctx, field) + case "token": + return ec.fieldContext_VerificationRequest_token(ctx, field) + case "email": + return ec.fieldContext_VerificationRequest_email(ctx, field) + case "expires": + return ec.fieldContext_VerificationRequest_expires(ctx, field) + case "created_at": + return ec.fieldContext_VerificationRequest_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_VerificationRequest_updated_at(ctx, field) + case "nonce": + return ec.fieldContext_VerificationRequest_nonce(ctx, field) + case "redirect_uri": + return ec.fieldContext_VerificationRequest_redirect_uri(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type VerificationRequest", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) _Webhook_id(ctx context.Context, field graphql.CollectedField, obj *model.Webhook) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Webhook_id(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.ID, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(string) + fc.Result = res + return ec.marshalNID2string(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Webhook_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Webhook", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type ID does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _Webhook_event_name(ctx context.Context, field graphql.CollectedField, obj *model.Webhook) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Webhook_event_name(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.EventName, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Webhook_event_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Webhook", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _Webhook_event_description(ctx context.Context, field graphql.CollectedField, obj *model.Webhook) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Webhook_event_description(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.EventDescription, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Webhook_event_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Webhook", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _Webhook_endpoint(ctx context.Context, field graphql.CollectedField, obj *model.Webhook) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Webhook_endpoint(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Endpoint, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Webhook_endpoint(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Webhook", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _Webhook_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Webhook) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Webhook_enabled(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Enabled, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*bool) + fc.Result = res + return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Webhook_enabled(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Webhook", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type Boolean does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _Webhook_headers(ctx context.Context, field graphql.CollectedField, obj *model.Webhook) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Webhook_headers(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Headers, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(map[string]any) + fc.Result = res + return ec.marshalOMap2map(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Webhook_headers(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Webhook", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type Map does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _Webhook_created_at(ctx context.Context, field graphql.CollectedField, obj *model.Webhook) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Webhook_created_at(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.CreatedAt, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*int64) + fc.Result = res + return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Webhook_created_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Webhook", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type Int64 does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _Webhook_updated_at(ctx context.Context, field graphql.CollectedField, obj *model.Webhook) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Webhook_updated_at(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.UpdatedAt, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*int64) + fc.Result = res + return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Webhook_updated_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Webhook", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type Int64 does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _WebhookLog_id(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_WebhookLog_id(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.ID, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(string) + fc.Result = res + return ec.marshalNID2string(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_WebhookLog_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "WebhookLog", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type ID does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _WebhookLog_http_status(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_WebhookLog_http_status(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.HTTPStatus, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*int64) + fc.Result = res + return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_WebhookLog_http_status(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "WebhookLog", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type Int64 does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _WebhookLog_response(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_WebhookLog_response(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Response, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_WebhookLog_response(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "WebhookLog", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _WebhookLog_request(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_WebhookLog_request(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Request, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_WebhookLog_request(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "WebhookLog", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _WebhookLog_webhook_id(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_WebhookLog_webhook_id(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.WebhookID, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOID2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_WebhookLog_webhook_id(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "WebhookLog", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type ID does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _WebhookLog_created_at(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_WebhookLog_created_at(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.CreatedAt, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*int64) + fc.Result = res + return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_WebhookLog_created_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "WebhookLog", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type Int64 does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _WebhookLog_updated_at(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLog) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_WebhookLog_updated_at(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.UpdatedAt, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*int64) + fc.Result = res + return ec.marshalOInt642ᚖint64(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_WebhookLog_updated_at(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "WebhookLog", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type Int64 does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _WebhookLogs_pagination(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLogs) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_WebhookLogs_pagination(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Pagination, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(*model.Pagination) + fc.Result = res + return ec.marshalNPagination2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPagination(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_WebhookLogs_pagination(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "WebhookLogs", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "limit": + return ec.fieldContext_Pagination_limit(ctx, field) + case "page": + return ec.fieldContext_Pagination_page(ctx, field) + case "offset": + return ec.fieldContext_Pagination_offset(ctx, field) + case "total": + return ec.fieldContext_Pagination_total(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Pagination", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) _WebhookLogs_webhook_logs(ctx context.Context, field graphql.CollectedField, obj *model.WebhookLogs) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_WebhookLogs_webhook_logs(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.WebhookLogs, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.([]*model.WebhookLog) + fc.Result = res + return ec.marshalNWebhookLog2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐWebhookLogᚄ(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_WebhookLogs_webhook_logs(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "WebhookLogs", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "id": + return ec.fieldContext_WebhookLog_id(ctx, field) + case "http_status": + return ec.fieldContext_WebhookLog_http_status(ctx, field) + case "response": + return ec.fieldContext_WebhookLog_response(ctx, field) + case "request": + return ec.fieldContext_WebhookLog_request(ctx, field) + case "webhook_id": + return ec.fieldContext_WebhookLog_webhook_id(ctx, field) + case "created_at": + return ec.fieldContext_WebhookLog_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_WebhookLog_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type WebhookLog", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) _Webhooks_pagination(ctx context.Context, field graphql.CollectedField, obj *model.Webhooks) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Webhooks_pagination(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Pagination, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(*model.Pagination) + fc.Result = res + return ec.marshalNPagination2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPagination(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Webhooks_pagination(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Webhooks", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "limit": + return ec.fieldContext_Pagination_limit(ctx, field) + case "page": + return ec.fieldContext_Pagination_page(ctx, field) + case "offset": + return ec.fieldContext_Pagination_offset(ctx, field) + case "total": + return ec.fieldContext_Pagination_total(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Pagination", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) _Webhooks_webhooks(ctx context.Context, field graphql.CollectedField, obj *model.Webhooks) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Webhooks_webhooks(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Webhooks, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.([]*model.Webhook) + fc.Result = res + return ec.marshalNWebhook2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐWebhookᚄ(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Webhooks_webhooks(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Webhooks", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "id": + return ec.fieldContext_Webhook_id(ctx, field) + case "event_name": + return ec.fieldContext_Webhook_event_name(ctx, field) + case "event_description": + return ec.fieldContext_Webhook_event_description(ctx, field) + case "endpoint": + return ec.fieldContext_Webhook_endpoint(ctx, field) + case "enabled": + return ec.fieldContext_Webhook_enabled(ctx, field) + case "headers": + return ec.fieldContext_Webhook_headers(ctx, field) + case "created_at": + return ec.fieldContext_Webhook_created_at(ctx, field) + case "updated_at": + return ec.fieldContext_Webhook_updated_at(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Webhook", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) ___Directive_name(ctx context.Context, field graphql.CollectedField, obj *introspection.Directive) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Directive_name(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Name, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(string) + fc.Result = res + return ec.marshalNString2string(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Directive_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Directive", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___Directive_description(ctx context.Context, field graphql.CollectedField, obj *introspection.Directive) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Directive_description(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Description(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Directive_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Directive", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___Directive_isRepeatable(ctx context.Context, field graphql.CollectedField, obj *introspection.Directive) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Directive_isRepeatable(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.IsRepeatable, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(bool) + fc.Result = res + return ec.marshalNBoolean2bool(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Directive_isRepeatable(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Directive", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type Boolean does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___Directive_locations(ctx context.Context, field graphql.CollectedField, obj *introspection.Directive) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Directive_locations(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Locations, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.([]string) + fc.Result = res + return ec.marshalN__DirectiveLocation2ᚕstringᚄ(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Directive_locations(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Directive", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type __DirectiveLocation does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___Directive_args(ctx context.Context, field graphql.CollectedField, obj *introspection.Directive) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Directive_args(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Args, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.([]introspection.InputValue) + fc.Result = res + return ec.marshalN__InputValue2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐInputValueᚄ(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Directive_args(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Directive", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "name": + return ec.fieldContext___InputValue_name(ctx, field) + case "description": + return ec.fieldContext___InputValue_description(ctx, field) + case "type": + return ec.fieldContext___InputValue_type(ctx, field) + case "defaultValue": + return ec.fieldContext___InputValue_defaultValue(ctx, field) + case "isDeprecated": + return ec.fieldContext___InputValue_isDeprecated(ctx, field) + case "deprecationReason": + return ec.fieldContext___InputValue_deprecationReason(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __InputValue", field.Name) + }, + } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field___Directive_args_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } + return fc, nil +} + +func (ec *executionContext) ___EnumValue_name(ctx context.Context, field graphql.CollectedField, obj *introspection.EnumValue) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___EnumValue_name(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Name, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(string) + fc.Result = res + return ec.marshalNString2string(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___EnumValue_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__EnumValue", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___EnumValue_description(ctx context.Context, field graphql.CollectedField, obj *introspection.EnumValue) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___EnumValue_description(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Description(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___EnumValue_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__EnumValue", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___EnumValue_isDeprecated(ctx context.Context, field graphql.CollectedField, obj *introspection.EnumValue) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___EnumValue_isDeprecated(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.IsDeprecated(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(bool) + fc.Result = res + return ec.marshalNBoolean2bool(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___EnumValue_isDeprecated(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__EnumValue", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type Boolean does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___EnumValue_deprecationReason(ctx context.Context, field graphql.CollectedField, obj *introspection.EnumValue) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___EnumValue_deprecationReason(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.DeprecationReason(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___EnumValue_deprecationReason(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__EnumValue", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___Field_name(ctx context.Context, field graphql.CollectedField, obj *introspection.Field) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Field_name(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Name, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(string) + fc.Result = res + return ec.marshalNString2string(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Field_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Field", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___Field_description(ctx context.Context, field graphql.CollectedField, obj *introspection.Field) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Field_description(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Description(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Field_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Field", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___Field_args(ctx context.Context, field graphql.CollectedField, obj *introspection.Field) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Field_args(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Args, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.([]introspection.InputValue) + fc.Result = res + return ec.marshalN__InputValue2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐInputValueᚄ(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Field_args(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Field", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "name": + return ec.fieldContext___InputValue_name(ctx, field) + case "description": + return ec.fieldContext___InputValue_description(ctx, field) + case "type": + return ec.fieldContext___InputValue_type(ctx, field) + case "defaultValue": + return ec.fieldContext___InputValue_defaultValue(ctx, field) + case "isDeprecated": + return ec.fieldContext___InputValue_isDeprecated(ctx, field) + case "deprecationReason": + return ec.fieldContext___InputValue_deprecationReason(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __InputValue", field.Name) + }, + } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field___Field_args_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } + return fc, nil +} + +func (ec *executionContext) ___Field_type(ctx context.Context, field graphql.CollectedField, obj *introspection.Field) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Field_type(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Type, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(*introspection.Type) + fc.Result = res + return ec.marshalN__Type2ᚖgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐType(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Field_type(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Field", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "kind": + return ec.fieldContext___Type_kind(ctx, field) + case "name": + return ec.fieldContext___Type_name(ctx, field) + case "description": + return ec.fieldContext___Type_description(ctx, field) + case "specifiedByURL": + return ec.fieldContext___Type_specifiedByURL(ctx, field) + case "fields": + return ec.fieldContext___Type_fields(ctx, field) + case "interfaces": + return ec.fieldContext___Type_interfaces(ctx, field) + case "possibleTypes": + return ec.fieldContext___Type_possibleTypes(ctx, field) + case "enumValues": + return ec.fieldContext___Type_enumValues(ctx, field) + case "inputFields": + return ec.fieldContext___Type_inputFields(ctx, field) + case "ofType": + return ec.fieldContext___Type_ofType(ctx, field) + case "isOneOf": + return ec.fieldContext___Type_isOneOf(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) ___Field_isDeprecated(ctx context.Context, field graphql.CollectedField, obj *introspection.Field) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Field_isDeprecated(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.IsDeprecated(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(bool) + fc.Result = res + return ec.marshalNBoolean2bool(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Field_isDeprecated(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Field", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type Boolean does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___Field_deprecationReason(ctx context.Context, field graphql.CollectedField, obj *introspection.Field) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Field_deprecationReason(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.DeprecationReason(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Field_deprecationReason(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Field", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___InputValue_name(ctx context.Context, field graphql.CollectedField, obj *introspection.InputValue) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___InputValue_name(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Name, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(string) + fc.Result = res + return ec.marshalNString2string(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___InputValue_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__InputValue", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___InputValue_description(ctx context.Context, field graphql.CollectedField, obj *introspection.InputValue) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___InputValue_description(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Description(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___InputValue_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__InputValue", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___InputValue_type(ctx context.Context, field graphql.CollectedField, obj *introspection.InputValue) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___InputValue_type(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Type, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(*introspection.Type) + fc.Result = res + return ec.marshalN__Type2ᚖgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐType(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___InputValue_type(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__InputValue", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "kind": + return ec.fieldContext___Type_kind(ctx, field) + case "name": + return ec.fieldContext___Type_name(ctx, field) + case "description": + return ec.fieldContext___Type_description(ctx, field) + case "specifiedByURL": + return ec.fieldContext___Type_specifiedByURL(ctx, field) + case "fields": + return ec.fieldContext___Type_fields(ctx, field) + case "interfaces": + return ec.fieldContext___Type_interfaces(ctx, field) + case "possibleTypes": + return ec.fieldContext___Type_possibleTypes(ctx, field) + case "enumValues": + return ec.fieldContext___Type_enumValues(ctx, field) + case "inputFields": + return ec.fieldContext___Type_inputFields(ctx, field) + case "ofType": + return ec.fieldContext___Type_ofType(ctx, field) + case "isOneOf": + return ec.fieldContext___Type_isOneOf(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) ___InputValue_defaultValue(ctx context.Context, field graphql.CollectedField, obj *introspection.InputValue) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___InputValue_defaultValue(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.DefaultValue, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___InputValue_defaultValue(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__InputValue", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___InputValue_isDeprecated(ctx context.Context, field graphql.CollectedField, obj *introspection.InputValue) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___InputValue_isDeprecated(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.IsDeprecated(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(bool) + fc.Result = res + return ec.marshalNBoolean2bool(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___InputValue_isDeprecated(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__InputValue", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type Boolean does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___InputValue_deprecationReason(ctx context.Context, field graphql.CollectedField, obj *introspection.InputValue) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___InputValue_deprecationReason(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.DeprecationReason(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___InputValue_deprecationReason(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__InputValue", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___Schema_description(ctx context.Context, field graphql.CollectedField, obj *introspection.Schema) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Schema_description(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Description(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Schema_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Schema", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___Schema_types(ctx context.Context, field graphql.CollectedField, obj *introspection.Schema) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Schema_types(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Types(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.([]introspection.Type) + fc.Result = res + return ec.marshalN__Type2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐTypeᚄ(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Schema_types(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Schema", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "kind": + return ec.fieldContext___Type_kind(ctx, field) + case "name": + return ec.fieldContext___Type_name(ctx, field) + case "description": + return ec.fieldContext___Type_description(ctx, field) + case "specifiedByURL": + return ec.fieldContext___Type_specifiedByURL(ctx, field) + case "fields": + return ec.fieldContext___Type_fields(ctx, field) + case "interfaces": + return ec.fieldContext___Type_interfaces(ctx, field) + case "possibleTypes": + return ec.fieldContext___Type_possibleTypes(ctx, field) + case "enumValues": + return ec.fieldContext___Type_enumValues(ctx, field) + case "inputFields": + return ec.fieldContext___Type_inputFields(ctx, field) + case "ofType": + return ec.fieldContext___Type_ofType(ctx, field) + case "isOneOf": + return ec.fieldContext___Type_isOneOf(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) ___Schema_queryType(ctx context.Context, field graphql.CollectedField, obj *introspection.Schema) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Schema_queryType(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.QueryType(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(*introspection.Type) + fc.Result = res + return ec.marshalN__Type2ᚖgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐType(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Schema_queryType(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Schema", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "kind": + return ec.fieldContext___Type_kind(ctx, field) + case "name": + return ec.fieldContext___Type_name(ctx, field) + case "description": + return ec.fieldContext___Type_description(ctx, field) + case "specifiedByURL": + return ec.fieldContext___Type_specifiedByURL(ctx, field) + case "fields": + return ec.fieldContext___Type_fields(ctx, field) + case "interfaces": + return ec.fieldContext___Type_interfaces(ctx, field) + case "possibleTypes": + return ec.fieldContext___Type_possibleTypes(ctx, field) + case "enumValues": + return ec.fieldContext___Type_enumValues(ctx, field) + case "inputFields": + return ec.fieldContext___Type_inputFields(ctx, field) + case "ofType": + return ec.fieldContext___Type_ofType(ctx, field) + case "isOneOf": + return ec.fieldContext___Type_isOneOf(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) ___Schema_mutationType(ctx context.Context, field graphql.CollectedField, obj *introspection.Schema) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Schema_mutationType(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.MutationType(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*introspection.Type) + fc.Result = res + return ec.marshalO__Type2ᚖgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐType(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Schema_mutationType(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Schema", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "kind": + return ec.fieldContext___Type_kind(ctx, field) + case "name": + return ec.fieldContext___Type_name(ctx, field) + case "description": + return ec.fieldContext___Type_description(ctx, field) + case "specifiedByURL": + return ec.fieldContext___Type_specifiedByURL(ctx, field) + case "fields": + return ec.fieldContext___Type_fields(ctx, field) + case "interfaces": + return ec.fieldContext___Type_interfaces(ctx, field) + case "possibleTypes": + return ec.fieldContext___Type_possibleTypes(ctx, field) + case "enumValues": + return ec.fieldContext___Type_enumValues(ctx, field) + case "inputFields": + return ec.fieldContext___Type_inputFields(ctx, field) + case "ofType": + return ec.fieldContext___Type_ofType(ctx, field) + case "isOneOf": + return ec.fieldContext___Type_isOneOf(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) ___Schema_subscriptionType(ctx context.Context, field graphql.CollectedField, obj *introspection.Schema) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Schema_subscriptionType(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.SubscriptionType(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*introspection.Type) + fc.Result = res + return ec.marshalO__Type2ᚖgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐType(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Schema_subscriptionType(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Schema", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "kind": + return ec.fieldContext___Type_kind(ctx, field) + case "name": + return ec.fieldContext___Type_name(ctx, field) + case "description": + return ec.fieldContext___Type_description(ctx, field) + case "specifiedByURL": + return ec.fieldContext___Type_specifiedByURL(ctx, field) + case "fields": + return ec.fieldContext___Type_fields(ctx, field) + case "interfaces": + return ec.fieldContext___Type_interfaces(ctx, field) + case "possibleTypes": + return ec.fieldContext___Type_possibleTypes(ctx, field) + case "enumValues": + return ec.fieldContext___Type_enumValues(ctx, field) + case "inputFields": + return ec.fieldContext___Type_inputFields(ctx, field) + case "ofType": + return ec.fieldContext___Type_ofType(ctx, field) + case "isOneOf": + return ec.fieldContext___Type_isOneOf(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) ___Schema_directives(ctx context.Context, field graphql.CollectedField, obj *introspection.Schema) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Schema_directives(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Directives(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.([]introspection.Directive) + fc.Result = res + return ec.marshalN__Directive2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐDirectiveᚄ(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Schema_directives(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Schema", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "name": + return ec.fieldContext___Directive_name(ctx, field) + case "description": + return ec.fieldContext___Directive_description(ctx, field) + case "isRepeatable": + return ec.fieldContext___Directive_isRepeatable(ctx, field) + case "locations": + return ec.fieldContext___Directive_locations(ctx, field) + case "args": + return ec.fieldContext___Directive_args(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __Directive", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) ___Type_kind(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Type_kind(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Kind(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(string) + fc.Result = res + return ec.marshalN__TypeKind2string(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Type_kind(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Type", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type __TypeKind does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___Type_name(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Type_name(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Name(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Type_name(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Type", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___Type_description(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Type_description(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Description(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Type_description(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Type", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___Type_specifiedByURL(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Type_specifiedByURL(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.SpecifiedByURL(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*string) + fc.Result = res + return ec.marshalOString2ᚖstring(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Type_specifiedByURL(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Type", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) ___Type_fields(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Type_fields(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Fields(fc.Args["includeDeprecated"].(bool)), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.([]introspection.Field) + fc.Result = res + return ec.marshalO__Field2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐFieldᚄ(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Type_fields(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Type", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "name": + return ec.fieldContext___Field_name(ctx, field) + case "description": + return ec.fieldContext___Field_description(ctx, field) + case "args": + return ec.fieldContext___Field_args(ctx, field) + case "type": + return ec.fieldContext___Field_type(ctx, field) + case "isDeprecated": + return ec.fieldContext___Field_isDeprecated(ctx, field) + case "deprecationReason": + return ec.fieldContext___Field_deprecationReason(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __Field", field.Name) + }, + } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field___Type_fields_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } + return fc, nil +} + +func (ec *executionContext) ___Type_interfaces(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Type_interfaces(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.Interfaces(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.([]introspection.Type) + fc.Result = res + return ec.marshalO__Type2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐTypeᚄ(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Type_interfaces(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Type", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "kind": + return ec.fieldContext___Type_kind(ctx, field) + case "name": + return ec.fieldContext___Type_name(ctx, field) + case "description": + return ec.fieldContext___Type_description(ctx, field) + case "specifiedByURL": + return ec.fieldContext___Type_specifiedByURL(ctx, field) + case "fields": + return ec.fieldContext___Type_fields(ctx, field) + case "interfaces": + return ec.fieldContext___Type_interfaces(ctx, field) + case "possibleTypes": + return ec.fieldContext___Type_possibleTypes(ctx, field) + case "enumValues": + return ec.fieldContext___Type_enumValues(ctx, field) + case "inputFields": + return ec.fieldContext___Type_inputFields(ctx, field) + case "ofType": + return ec.fieldContext___Type_ofType(ctx, field) + case "isOneOf": + return ec.fieldContext___Type_isOneOf(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) ___Type_possibleTypes(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Type_possibleTypes(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.PossibleTypes(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.([]introspection.Type) + fc.Result = res + return ec.marshalO__Type2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐTypeᚄ(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Type_possibleTypes(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Type", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "kind": + return ec.fieldContext___Type_kind(ctx, field) + case "name": + return ec.fieldContext___Type_name(ctx, field) + case "description": + return ec.fieldContext___Type_description(ctx, field) + case "specifiedByURL": + return ec.fieldContext___Type_specifiedByURL(ctx, field) + case "fields": + return ec.fieldContext___Type_fields(ctx, field) + case "interfaces": + return ec.fieldContext___Type_interfaces(ctx, field) + case "possibleTypes": + return ec.fieldContext___Type_possibleTypes(ctx, field) + case "enumValues": + return ec.fieldContext___Type_enumValues(ctx, field) + case "inputFields": + return ec.fieldContext___Type_inputFields(ctx, field) + case "ofType": + return ec.fieldContext___Type_ofType(ctx, field) + case "isOneOf": + return ec.fieldContext___Type_isOneOf(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) ___Type_enumValues(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Type_enumValues(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.EnumValues(fc.Args["includeDeprecated"].(bool)), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.([]introspection.EnumValue) + fc.Result = res + return ec.marshalO__EnumValue2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐEnumValueᚄ(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Type_enumValues(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Type", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "name": + return ec.fieldContext___EnumValue_name(ctx, field) + case "description": + return ec.fieldContext___EnumValue_description(ctx, field) + case "isDeprecated": + return ec.fieldContext___EnumValue_isDeprecated(ctx, field) + case "deprecationReason": + return ec.fieldContext___EnumValue_deprecationReason(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __EnumValue", field.Name) + }, + } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field___Type_enumValues_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } + return fc, nil +} + +func (ec *executionContext) ___Type_inputFields(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Type_inputFields(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.InputFields(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.([]introspection.InputValue) + fc.Result = res + return ec.marshalO__InputValue2ᚕgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐInputValueᚄ(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Type_inputFields(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Type", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "name": + return ec.fieldContext___InputValue_name(ctx, field) + case "description": + return ec.fieldContext___InputValue_description(ctx, field) + case "type": + return ec.fieldContext___InputValue_type(ctx, field) + case "defaultValue": + return ec.fieldContext___InputValue_defaultValue(ctx, field) + case "isDeprecated": + return ec.fieldContext___InputValue_isDeprecated(ctx, field) + case "deprecationReason": + return ec.fieldContext___InputValue_deprecationReason(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __InputValue", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) ___Type_ofType(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Type_ofType(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.OfType(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(*introspection.Type) + fc.Result = res + return ec.marshalO__Type2ᚖgithubᚗcomᚋ99designsᚋgqlgenᚋgraphqlᚋintrospectionᚐType(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Type_ofType(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Type", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "kind": + return ec.fieldContext___Type_kind(ctx, field) + case "name": + return ec.fieldContext___Type_name(ctx, field) + case "description": + return ec.fieldContext___Type_description(ctx, field) + case "specifiedByURL": + return ec.fieldContext___Type_specifiedByURL(ctx, field) + case "fields": + return ec.fieldContext___Type_fields(ctx, field) + case "interfaces": + return ec.fieldContext___Type_interfaces(ctx, field) + case "possibleTypes": + return ec.fieldContext___Type_possibleTypes(ctx, field) + case "enumValues": + return ec.fieldContext___Type_enumValues(ctx, field) + case "inputFields": + return ec.fieldContext___Type_inputFields(ctx, field) + case "ofType": + return ec.fieldContext___Type_ofType(ctx, field) + case "isOneOf": + return ec.fieldContext___Type_isOneOf(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type __Type", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) ___Type_isOneOf(ctx context.Context, field graphql.CollectedField, obj *introspection.Type) (ret graphql.Marshaler) { + fc, err := ec.fieldContext___Type_isOneOf(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (any, error) { + ctx = rctx // use context from middleware stack in children + return obj.IsOneOf(), nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + return graphql.Null + } + res := resTmp.(bool) + fc.Result = res + return ec.marshalOBoolean2bool(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext___Type_isOneOf(_ context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "__Type", + Field: field, + IsMethod: true, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type Boolean does not have child fields") + }, + } + return fc, nil +} + +// endregion **************************** field.gotpl ***************************** + +// region **************************** input.gotpl ***************************** + +func (ec *executionContext) unmarshalInputAddEmailTemplateRequest(ctx context.Context, obj any) (model.AddEmailTemplateRequest, error) { + var it model.AddEmailTemplateRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"event_name", "subject", "template", "design"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "event_name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("event_name")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.EventName = data + case "subject": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("subject")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.Subject = data + case "template": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("template")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.Template = data + case "design": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("design")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.Design = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputAddPermissionInput(ctx context.Context, obj any) (model.AddPermissionInput, error) { + var it model.AddPermissionInput + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"name", "description", "resource_id", "scope_ids", "policy_ids", "decision_strategy"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("name")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.Name = data + case "description": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("description")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.Description = data + case "resource_id": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("resource_id")) + data, err := ec.unmarshalNID2string(ctx, v) + if err != nil { + return it, err + } + it.ResourceID = data + case "scope_ids": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("scope_ids")) + data, err := ec.unmarshalNID2ᚕstringᚄ(ctx, v) + if err != nil { + return it, err + } + it.ScopeIds = data + case "policy_ids": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("policy_ids")) + data, err := ec.unmarshalNID2ᚕstringᚄ(ctx, v) + if err != nil { + return it, err + } + it.PolicyIds = data + case "decision_strategy": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("decision_strategy")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.DecisionStrategy = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputAddPolicyInput(ctx context.Context, obj any) (model.AddPolicyInput, error) { + var it model.AddPolicyInput + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"name", "description", "type", "logic", "decision_strategy", "targets"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("name")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.Name = data + case "description": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("description")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.Description = data + case "type": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("type")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.Type = data + case "logic": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("logic")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.Logic = data + case "decision_strategy": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("decision_strategy")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.DecisionStrategy = data + case "targets": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("targets")) + data, err := ec.unmarshalNPolicyTargetInput2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPolicyTargetInputᚄ(ctx, v) + if err != nil { + return it, err + } + it.Targets = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputAddResourceInput(ctx context.Context, obj any) (model.AddResourceInput, error) { + var it model.AddResourceInput + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"name", "description"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("name")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.Name = data + case "description": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("description")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.Description = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputAddScopeInput(ctx context.Context, obj any) (model.AddScopeInput, error) { + var it model.AddScopeInput + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"name", "description"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("name")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.Name = data + case "description": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("description")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.Description = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputAddWebhookRequest(ctx context.Context, obj any) (model.AddWebhookRequest, error) { + var it model.AddWebhookRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"event_name", "event_description", "endpoint", "enabled", "headers"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "event_name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("event_name")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.EventName = data + case "event_description": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("event_description")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.EventDescription = data + case "endpoint": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("endpoint")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.Endpoint = data + case "enabled": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("enabled")) + data, err := ec.unmarshalNBoolean2bool(ctx, v) + if err != nil { + return it, err + } + it.Enabled = data + case "headers": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("headers")) + data, err := ec.unmarshalOMap2map(ctx, v) + if err != nil { + return it, err + } + it.Headers = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputAdminLoginRequest(ctx context.Context, obj any) (model.AdminLoginRequest, error) { + var it model.AdminLoginRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"admin_secret"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] if !ok { continue } switch k { - case "event_name": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("event_name")) + case "admin_secret": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("admin_secret")) data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.EventName = data - case "subject": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("subject")) + it.AdminSecret = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputAdminSignupRequest(ctx context.Context, obj any) (model.AdminSignupRequest, error) { + var it model.AdminSignupRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"admin_secret"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "admin_secret": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("admin_secret")) data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.Subject = data - case "template": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("template")) + it.AdminSecret = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputDeleteEmailTemplateRequest(ctx context.Context, obj any) (model.DeleteEmailTemplateRequest, error) { + var it model.DeleteEmailTemplateRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"id"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "id": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) + data, err := ec.unmarshalNID2string(ctx, v) + if err != nil { + return it, err + } + it.ID = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputDeleteUserRequest(ctx context.Context, obj any) (model.DeleteUserRequest, error) { + var it model.DeleteUserRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"email"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "email": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.Template = data - case "design": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("design")) + it.Email = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputForgotPasswordRequest(ctx context.Context, obj any) (model.ForgotPasswordRequest, error) { + var it model.ForgotPasswordRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"email", "phone_number", "state", "redirect_uri"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "email": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.Email = data + case "phone_number": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.PhoneNumber = data + case "state": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.State = data + case "redirect_uri": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("redirect_uri")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.RedirectURI = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputGenerateJWTKeysRequest(ctx context.Context, obj any) (model.GenerateJWTKeysRequest, error) { + var it model.GenerateJWTKeysRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"type"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "type": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("type")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.Type = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputGetUserRequest(ctx context.Context, obj any) (model.GetUserRequest, error) { + var it model.GetUserRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"id", "email"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "id": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.ID = data + case "email": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.Email = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputInviteMemberRequest(ctx context.Context, obj any) (model.InviteMemberRequest, error) { + var it model.InviteMemberRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"emails", "redirect_uri"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "emails": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("emails")) + data, err := ec.unmarshalNString2ᚕstringᚄ(ctx, v) + if err != nil { + return it, err + } + it.Emails = data + case "redirect_uri": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("redirect_uri")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Design = data + it.RedirectURI = data } } return it, nil } -func (ec *executionContext) unmarshalInputAddWebhookRequest(ctx context.Context, obj any) (model.AddWebhookRequest, error) { - var it model.AddWebhookRequest +func (ec *executionContext) unmarshalInputListAuditLogRequest(ctx context.Context, obj any) (model.ListAuditLogRequest, error) { + var it model.ListAuditLogRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"event_name", "event_description", "endpoint", "enabled", "headers"} + fieldsInOrder := [...]string{"pagination", "action", "actor_id", "resource_type", "resource_id", "from_timestamp", "to_timestamp"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "event_name": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("event_name")) - data, err := ec.unmarshalNString2string(ctx, v) + case "pagination": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("pagination")) + data, err := ec.unmarshalOPaginationRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginationRequest(ctx, v) if err != nil { return it, err } - it.EventName = data - case "event_description": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("event_description")) + it.Pagination = data + case "action": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("action")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.EventDescription = data - case "endpoint": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("endpoint")) - data, err := ec.unmarshalNString2string(ctx, v) + it.Action = data + case "actor_id": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("actor_id")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Endpoint = data - case "enabled": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("enabled")) - data, err := ec.unmarshalNBoolean2bool(ctx, v) + it.ActorID = data + case "resource_type": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("resource_type")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Enabled = data - case "headers": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("headers")) - data, err := ec.unmarshalOMap2map(ctx, v) + it.ResourceType = data + case "resource_id": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("resource_id")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Headers = data + it.ResourceID = data + case "from_timestamp": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("from_timestamp")) + data, err := ec.unmarshalOInt642ᚖint64(ctx, v) + if err != nil { + return it, err + } + it.FromTimestamp = data + case "to_timestamp": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("to_timestamp")) + data, err := ec.unmarshalOInt642ᚖint64(ctx, v) + if err != nil { + return it, err + } + it.ToTimestamp = data } } return it, nil } -func (ec *executionContext) unmarshalInputAdminLoginRequest(ctx context.Context, obj any) (model.AdminLoginRequest, error) { - var it model.AdminLoginRequest +func (ec *executionContext) unmarshalInputListWebhookLogRequest(ctx context.Context, obj any) (model.ListWebhookLogRequest, error) { + var it model.ListWebhookLogRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"admin_secret"} + fieldsInOrder := [...]string{"pagination", "webhook_id"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "admin_secret": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("admin_secret")) - data, err := ec.unmarshalNString2string(ctx, v) + case "pagination": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("pagination")) + data, err := ec.unmarshalOPaginationRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginationRequest(ctx, v) if err != nil { return it, err } - it.AdminSecret = data + it.Pagination = data + case "webhook_id": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("webhook_id")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.WebhookID = data } } return it, nil } -func (ec *executionContext) unmarshalInputAdminSignupRequest(ctx context.Context, obj any) (model.AdminSignupRequest, error) { - var it model.AdminSignupRequest +func (ec *executionContext) unmarshalInputLoginRequest(ctx context.Context, obj any) (model.LoginRequest, error) { + var it model.LoginRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"admin_secret"} + fieldsInOrder := [...]string{"email", "phone_number", "password", "roles", "scope", "state"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "admin_secret": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("admin_secret")) + case "email": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.Email = data + case "phone_number": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.PhoneNumber = data + case "password": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("password")) data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.AdminSecret = data + it.Password = data + case "roles": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("roles")) + data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + if err != nil { + return it, err + } + it.Roles = data + case "scope": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("scope")) + data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + if err != nil { + return it, err + } + it.Scope = data + case "state": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.State = data } } return it, nil } -func (ec *executionContext) unmarshalInputDeleteEmailTemplateRequest(ctx context.Context, obj any) (model.DeleteEmailTemplateRequest, error) { - var it model.DeleteEmailTemplateRequest +func (ec *executionContext) unmarshalInputMagicLinkLoginRequest(ctx context.Context, obj any) (model.MagicLinkLoginRequest, error) { + var it model.MagicLinkLoginRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"id"} + fieldsInOrder := [...]string{"email", "roles", "scope", "state", "redirect_uri"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "id": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) - data, err := ec.unmarshalNID2string(ctx, v) + case "email": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) + data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.ID = data + it.Email = data + case "roles": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("roles")) + data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + if err != nil { + return it, err + } + it.Roles = data + case "scope": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("scope")) + data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + if err != nil { + return it, err + } + it.Scope = data + case "state": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.State = data + case "redirect_uri": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("redirect_uri")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.RedirectURI = data } } return it, nil } -func (ec *executionContext) unmarshalInputDeleteUserRequest(ctx context.Context, obj any) (model.DeleteUserRequest, error) { - var it model.DeleteUserRequest +func (ec *executionContext) unmarshalInputMobileLoginRequest(ctx context.Context, obj any) (model.MobileLoginRequest, error) { + var it model.MobileLoginRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"email"} + fieldsInOrder := [...]string{"phone_number", "password", "roles", "scope", "state"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "email": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) + case "phone_number": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number")) data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.Email = data + it.PhoneNumber = data + case "password": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("password")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.Password = data + case "roles": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("roles")) + data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + if err != nil { + return it, err + } + it.Roles = data + case "scope": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("scope")) + data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + if err != nil { + return it, err + } + it.Scope = data + case "state": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.State = data } } return it, nil } -func (ec *executionContext) unmarshalInputForgotPasswordRequest(ctx context.Context, obj any) (model.ForgotPasswordRequest, error) { - var it model.ForgotPasswordRequest +func (ec *executionContext) unmarshalInputMobileSignUpRequest(ctx context.Context, obj any) (model.MobileSignUpRequest, error) { + var it model.MobileSignUpRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"email", "phone_number", "state", "redirect_uri"} + fieldsInOrder := [...]string{"email", "given_name", "family_name", "middle_name", "nickname", "gender", "birthdate", "phone_number", "picture", "password", "confirm_password", "roles", "scope", "redirect_uri", "is_multi_factor_auth_enabled", "state", "app_data"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { @@ -18593,21 +23466,91 @@ func (ec *executionContext) unmarshalInputForgotPasswordRequest(ctx context.Cont if err != nil { return it, err } - it.Email = data + it.Email = data + case "given_name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("given_name")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.GivenName = data + case "family_name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("family_name")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.FamilyName = data + case "middle_name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("middle_name")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.MiddleName = data + case "nickname": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("nickname")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.Nickname = data + case "gender": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("gender")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.Gender = data + case "birthdate": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("birthdate")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.Birthdate = data case "phone_number": ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } it.PhoneNumber = data - case "state": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) + case "picture": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("picture")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.State = data + it.Picture = data + case "password": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("password")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.Password = data + case "confirm_password": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("confirm_password")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.ConfirmPassword = data + case "roles": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("roles")) + data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + if err != nil { + return it, err + } + it.Roles = data + case "scope": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("scope")) + data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + if err != nil { + return it, err + } + it.Scope = data case "redirect_uri": ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("redirect_uri")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) @@ -18615,218 +23558,197 @@ func (ec *executionContext) unmarshalInputForgotPasswordRequest(ctx context.Cont return it, err } it.RedirectURI = data + case "is_multi_factor_auth_enabled": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("is_multi_factor_auth_enabled")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) + if err != nil { + return it, err + } + it.IsMultiFactorAuthEnabled = data + case "state": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.State = data + case "app_data": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("app_data")) + data, err := ec.unmarshalOMap2map(ctx, v) + if err != nil { + return it, err + } + it.AppData = data } } return it, nil } -func (ec *executionContext) unmarshalInputGenerateJWTKeysRequest(ctx context.Context, obj any) (model.GenerateJWTKeysRequest, error) { - var it model.GenerateJWTKeysRequest +func (ec *executionContext) unmarshalInputOAuthRevokeRequest(ctx context.Context, obj any) (model.OAuthRevokeRequest, error) { + var it model.OAuthRevokeRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"type"} + fieldsInOrder := [...]string{"refresh_token"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "type": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("type")) + case "refresh_token": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("refresh_token")) data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.Type = data + it.RefreshToken = data } } return it, nil } -func (ec *executionContext) unmarshalInputGetUserRequest(ctx context.Context, obj any) (model.GetUserRequest, error) { - var it model.GetUserRequest +func (ec *executionContext) unmarshalInputPaginatedRequest(ctx context.Context, obj any) (model.PaginatedRequest, error) { + var it model.PaginatedRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"id", "email"} + fieldsInOrder := [...]string{"pagination"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "id": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err - } - it.ID = data - case "email": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + case "pagination": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("pagination")) + data, err := ec.unmarshalOPaginationRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginationRequest(ctx, v) if err != nil { return it, err } - it.Email = data + it.Pagination = data } } return it, nil } -func (ec *executionContext) unmarshalInputInviteMemberRequest(ctx context.Context, obj any) (model.InviteMemberRequest, error) { - var it model.InviteMemberRequest +func (ec *executionContext) unmarshalInputPaginationRequest(ctx context.Context, obj any) (model.PaginationRequest, error) { + var it model.PaginationRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"emails", "redirect_uri"} + fieldsInOrder := [...]string{"limit", "page"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "emails": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("emails")) - data, err := ec.unmarshalNString2ᚕstringᚄ(ctx, v) + case "limit": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("limit")) + data, err := ec.unmarshalOInt642ᚖint64(ctx, v) if err != nil { return it, err } - it.Emails = data - case "redirect_uri": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("redirect_uri")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.Limit = data + case "page": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("page")) + data, err := ec.unmarshalOInt642ᚖint64(ctx, v) if err != nil { return it, err } - it.RedirectURI = data + it.Page = data } } return it, nil } -func (ec *executionContext) unmarshalInputListAuditLogRequest(ctx context.Context, obj any) (model.ListAuditLogRequest, error) { - var it model.ListAuditLogRequest +func (ec *executionContext) unmarshalInputPermissionInput(ctx context.Context, obj any) (model.PermissionInput, error) { + var it model.PermissionInput asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"pagination", "action", "actor_id", "resource_type", "resource_id", "from_timestamp", "to_timestamp"} + fieldsInOrder := [...]string{"resource", "scope"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "pagination": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("pagination")) - data, err := ec.unmarshalOPaginationRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginationRequest(ctx, v) - if err != nil { - return it, err - } - it.Pagination = data - case "action": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("action")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err - } - it.Action = data - case "actor_id": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("actor_id")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err - } - it.ActorID = data - case "resource_type": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("resource_type")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err - } - it.ResourceType = data - case "resource_id": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("resource_id")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err - } - it.ResourceID = data - case "from_timestamp": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("from_timestamp")) - data, err := ec.unmarshalOInt642ᚖint64(ctx, v) + case "resource": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("resource")) + data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.FromTimestamp = data - case "to_timestamp": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("to_timestamp")) - data, err := ec.unmarshalOInt642ᚖint64(ctx, v) + it.Resource = data + case "scope": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("scope")) + data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.ToTimestamp = data + it.Scope = data } } return it, nil } -func (ec *executionContext) unmarshalInputListWebhookLogRequest(ctx context.Context, obj any) (model.ListWebhookLogRequest, error) { - var it model.ListWebhookLogRequest +func (ec *executionContext) unmarshalInputPolicyTargetInput(ctx context.Context, obj any) (model.PolicyTargetInput, error) { + var it model.PolicyTargetInput asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"pagination", "webhook_id"} + fieldsInOrder := [...]string{"target_type", "target_value"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "pagination": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("pagination")) - data, err := ec.unmarshalOPaginationRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginationRequest(ctx, v) + case "target_type": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("target_type")) + data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.Pagination = data - case "webhook_id": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("webhook_id")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.TargetType = data + case "target_value": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("target_value")) + data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.WebhookID = data + it.TargetValue = data } } return it, nil } -func (ec *executionContext) unmarshalInputLoginRequest(ctx context.Context, obj any) (model.LoginRequest, error) { - var it model.LoginRequest +func (ec *executionContext) unmarshalInputResendOTPRequest(ctx context.Context, obj any) (model.ResendOTPRequest, error) { + var it model.ResendOTPRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"email", "phone_number", "password", "roles", "scope", "state"} + fieldsInOrder := [...]string{"email", "phone_number", "state"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { @@ -18847,27 +23769,47 @@ func (ec *executionContext) unmarshalInputLoginRequest(ctx context.Context, obj return it, err } it.PhoneNumber = data - case "password": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("password")) - data, err := ec.unmarshalNString2string(ctx, v) + case "state": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Password = data - case "roles": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("roles")) - data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + it.State = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputResendVerifyEmailRequest(ctx context.Context, obj any) (model.ResendVerifyEmailRequest, error) { + var it model.ResendVerifyEmailRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"email", "identifier", "state"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "email": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) + data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.Roles = data - case "scope": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("scope")) - data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + it.Email = data + case "identifier": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("identifier")) + data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.Scope = data + it.Identifier = data case "state": ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) @@ -18881,89 +23823,75 @@ func (ec *executionContext) unmarshalInputLoginRequest(ctx context.Context, obj return it, nil } -func (ec *executionContext) unmarshalInputMagicLinkLoginRequest(ctx context.Context, obj any) (model.MagicLinkLoginRequest, error) { - var it model.MagicLinkLoginRequest +func (ec *executionContext) unmarshalInputResetPasswordRequest(ctx context.Context, obj any) (model.ResetPasswordRequest, error) { + var it model.ResetPasswordRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"email", "roles", "scope", "state", "redirect_uri"} + fieldsInOrder := [...]string{"token", "otp", "phone_number", "password", "confirm_password"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "email": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) - data, err := ec.unmarshalNString2string(ctx, v) - if err != nil { - return it, err - } - it.Email = data - case "roles": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("roles")) - data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + case "token": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("token")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Roles = data - case "scope": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("scope")) - data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + it.Token = data + case "otp": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("otp")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Scope = data - case "state": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) + it.Otp = data + case "phone_number": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.State = data - case "redirect_uri": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("redirect_uri")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.PhoneNumber = data + case "password": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("password")) + data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.RedirectURI = data + it.Password = data + case "confirm_password": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("confirm_password")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.ConfirmPassword = data } } return it, nil } -func (ec *executionContext) unmarshalInputMobileLoginRequest(ctx context.Context, obj any) (model.MobileLoginRequest, error) { - var it model.MobileLoginRequest +func (ec *executionContext) unmarshalInputSessionQueryRequest(ctx context.Context, obj any) (model.SessionQueryRequest, error) { + var it model.SessionQueryRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"phone_number", "password", "roles", "scope", "state"} + fieldsInOrder := [...]string{"roles", "scope", "state", "required_permissions"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "phone_number": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number")) - data, err := ec.unmarshalNString2string(ctx, v) - if err != nil { - return it, err - } - it.PhoneNumber = data - case "password": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("password")) - data, err := ec.unmarshalNString2string(ctx, v) - if err != nil { - return it, err - } - it.Password = data case "roles": ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("roles")) data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) @@ -18985,14 +23913,21 @@ func (ec *executionContext) unmarshalInputMobileLoginRequest(ctx context.Context return it, err } it.State = data + case "required_permissions": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("required_permissions")) + data, err := ec.unmarshalOPermissionInput2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPermissionInputᚄ(ctx, v) + if err != nil { + return it, err + } + it.RequiredPermissions = data } } return it, nil } -func (ec *executionContext) unmarshalInputMobileSignUpRequest(ctx context.Context, obj any) (model.MobileSignUpRequest, error) { - var it model.MobileSignUpRequest +func (ec *executionContext) unmarshalInputSignUpRequest(ctx context.Context, obj any) (model.SignUpRequest, error) { + var it model.SignUpRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v @@ -19056,7 +23991,7 @@ func (ec *executionContext) unmarshalInputMobileSignUpRequest(ctx context.Contex it.Birthdate = data case "phone_number": ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number")) - data, err := ec.unmarshalNString2string(ctx, v) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } @@ -19130,1134 +24065,1238 @@ func (ec *executionContext) unmarshalInputMobileSignUpRequest(ctx context.Contex return it, nil } -func (ec *executionContext) unmarshalInputOAuthRevokeRequest(ctx context.Context, obj any) (model.OAuthRevokeRequest, error) { - var it model.OAuthRevokeRequest +func (ec *executionContext) unmarshalInputTestEndpointRequest(ctx context.Context, obj any) (model.TestEndpointRequest, error) { + var it model.TestEndpointRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"refresh_token"} + fieldsInOrder := [...]string{"endpoint", "event_name", "event_description", "headers"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "refresh_token": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("refresh_token")) + case "endpoint": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("endpoint")) data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.RefreshToken = data - } - } - - return it, nil -} - -func (ec *executionContext) unmarshalInputPaginatedRequest(ctx context.Context, obj any) (model.PaginatedRequest, error) { - var it model.PaginatedRequest - asMap := map[string]any{} - for k, v := range obj.(map[string]any) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"pagination"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "pagination": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("pagination")) - data, err := ec.unmarshalOPaginationRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPaginationRequest(ctx, v) + it.Endpoint = data + case "event_name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("event_name")) + data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.Pagination = data + it.EventName = data + case "event_description": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("event_description")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.EventDescription = data + case "headers": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("headers")) + data, err := ec.unmarshalOMap2map(ctx, v) + if err != nil { + return it, err + } + it.Headers = data } } return it, nil } -func (ec *executionContext) unmarshalInputPaginationRequest(ctx context.Context, obj any) (model.PaginationRequest, error) { - var it model.PaginationRequest +func (ec *executionContext) unmarshalInputUpdateAccessRequest(ctx context.Context, obj any) (model.UpdateAccessRequest, error) { + var it model.UpdateAccessRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"limit", "page"} + fieldsInOrder := [...]string{"user_id"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "limit": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("limit")) - data, err := ec.unmarshalOInt642ᚖint64(ctx, v) - if err != nil { - return it, err - } - it.Limit = data - case "page": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("page")) - data, err := ec.unmarshalOInt642ᚖint64(ctx, v) + case "user_id": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("user_id")) + data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.Page = data + it.UserID = data } } return it, nil } -func (ec *executionContext) unmarshalInputResendOTPRequest(ctx context.Context, obj any) (model.ResendOTPRequest, error) { - var it model.ResendOTPRequest +func (ec *executionContext) unmarshalInputUpdateEmailTemplateRequest(ctx context.Context, obj any) (model.UpdateEmailTemplateRequest, error) { + var it model.UpdateEmailTemplateRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"email", "phone_number", "state"} + fieldsInOrder := [...]string{"id", "event_name", "template", "subject", "design"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "email": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + case "id": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) + data, err := ec.unmarshalNID2string(ctx, v) if err != nil { return it, err } - it.Email = data - case "phone_number": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number")) + it.ID = data + case "event_name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("event_name")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.PhoneNumber = data - case "state": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) + it.EventName = data + case "template": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("template")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.State = data - } - } - - return it, nil -} - -func (ec *executionContext) unmarshalInputResendVerifyEmailRequest(ctx context.Context, obj any) (model.ResendVerifyEmailRequest, error) { - var it model.ResendVerifyEmailRequest - asMap := map[string]any{} - for k, v := range obj.(map[string]any) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"email", "identifier", "state"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "email": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) - data, err := ec.unmarshalNString2string(ctx, v) - if err != nil { - return it, err - } - it.Email = data - case "identifier": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("identifier")) - data, err := ec.unmarshalNString2string(ctx, v) + it.Template = data + case "subject": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("subject")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Identifier = data - case "state": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) + it.Subject = data + case "design": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("design")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.State = data + it.Design = data } } return it, nil } -func (ec *executionContext) unmarshalInputResetPasswordRequest(ctx context.Context, obj any) (model.ResetPasswordRequest, error) { - var it model.ResetPasswordRequest +func (ec *executionContext) unmarshalInputUpdateEnvRequest(ctx context.Context, obj any) (model.UpdateEnvRequest, error) { + var it model.UpdateEnvRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"token", "otp", "phone_number", "password", "confirm_password"} + fieldsInOrder := [...]string{"ACCESS_TOKEN_EXPIRY_TIME", "ADMIN_SECRET", "CUSTOM_ACCESS_TOKEN_SCRIPT", "OLD_ADMIN_SECRET", "SMTP_HOST", "SMTP_PORT", "SMTP_USERNAME", "SMTP_PASSWORD", "SMTP_LOCAL_NAME", "SENDER_EMAIL", "SENDER_NAME", "JWT_TYPE", "JWT_SECRET", "JWT_PRIVATE_KEY", "JWT_PUBLIC_KEY", "ALLOWED_ORIGINS", "APP_URL", "RESET_PASSWORD_URL", "APP_COOKIE_SECURE", "ADMIN_COOKIE_SECURE", "DISABLE_EMAIL_VERIFICATION", "DISABLE_BASIC_AUTHENTICATION", "DISABLE_MOBILE_BASIC_AUTHENTICATION", "DISABLE_MAGIC_LINK_LOGIN", "DISABLE_LOGIN_PAGE", "DISABLE_SIGN_UP", "DISABLE_REDIS_FOR_ENV", "DISABLE_STRONG_PASSWORD", "DISABLE_MULTI_FACTOR_AUTHENTICATION", "ENFORCE_MULTI_FACTOR_AUTHENTICATION", "ROLES", "PROTECTED_ROLES", "DEFAULT_ROLES", "JWT_ROLE_CLAIM", "GOOGLE_CLIENT_ID", "GOOGLE_CLIENT_SECRET", "GITHUB_CLIENT_ID", "GITHUB_CLIENT_SECRET", "FACEBOOK_CLIENT_ID", "FACEBOOK_CLIENT_SECRET", "LINKEDIN_CLIENT_ID", "LINKEDIN_CLIENT_SECRET", "APPLE_CLIENT_ID", "APPLE_CLIENT_SECRET", "DISCORD_CLIENT_ID", "DISCORD_CLIENT_SECRET", "TWITTER_CLIENT_ID", "TWITTER_CLIENT_SECRET", "MICROSOFT_CLIENT_ID", "MICROSOFT_CLIENT_SECRET", "MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID", "TWITCH_CLIENT_ID", "TWITCH_CLIENT_SECRET", "ROBLOX_CLIENT_ID", "ROBLOX_CLIENT_SECRET", "ORGANIZATION_NAME", "ORGANIZATION_LOGO", "DEFAULT_AUTHORIZE_RESPONSE_TYPE", "DEFAULT_AUTHORIZE_RESPONSE_MODE", "DISABLE_PLAYGROUND", "DISABLE_MAIL_OTP_LOGIN", "DISABLE_TOTP_LOGIN"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "token": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("token")) + case "ACCESS_TOKEN_EXPIRY_TIME": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ACCESS_TOKEN_EXPIRY_TIME")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Token = data - case "otp": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("otp")) + it.AccessTokenExpiryTime = data + case "ADMIN_SECRET": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ADMIN_SECRET")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Otp = data - case "phone_number": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number")) + it.AdminSecret = data + case "CUSTOM_ACCESS_TOKEN_SCRIPT": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("CUSTOM_ACCESS_TOKEN_SCRIPT")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.PhoneNumber = data - case "password": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("password")) - data, err := ec.unmarshalNString2string(ctx, v) + it.CustomAccessTokenScript = data + case "OLD_ADMIN_SECRET": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("OLD_ADMIN_SECRET")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Password = data - case "confirm_password": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("confirm_password")) - data, err := ec.unmarshalNString2string(ctx, v) + it.OldAdminSecret = data + case "SMTP_HOST": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("SMTP_HOST")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.ConfirmPassword = data - } - } - - return it, nil -} - -func (ec *executionContext) unmarshalInputSessionQueryRequest(ctx context.Context, obj any) (model.SessionQueryRequest, error) { - var it model.SessionQueryRequest - asMap := map[string]any{} - for k, v := range obj.(map[string]any) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"roles", "scope", "state"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "roles": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("roles")) - data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + it.SMTPHost = data + case "SMTP_PORT": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("SMTP_PORT")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Roles = data - case "scope": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("scope")) - data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + it.SMTPPort = data + case "SMTP_USERNAME": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("SMTP_USERNAME")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Scope = data - case "state": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) + it.SMTPUsername = data + case "SMTP_PASSWORD": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("SMTP_PASSWORD")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.State = data - } - } - - return it, nil -} - -func (ec *executionContext) unmarshalInputSignUpRequest(ctx context.Context, obj any) (model.SignUpRequest, error) { - var it model.SignUpRequest - asMap := map[string]any{} - for k, v := range obj.(map[string]any) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"email", "given_name", "family_name", "middle_name", "nickname", "gender", "birthdate", "phone_number", "picture", "password", "confirm_password", "roles", "scope", "redirect_uri", "is_multi_factor_auth_enabled", "state", "app_data"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "email": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) + it.SMTPPassword = data + case "SMTP_LOCAL_NAME": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("SMTP_LOCAL_NAME")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Email = data - case "given_name": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("given_name")) + it.SMTPLocalName = data + case "SENDER_EMAIL": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("SENDER_EMAIL")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.GivenName = data - case "family_name": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("family_name")) + it.SenderEmail = data + case "SENDER_NAME": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("SENDER_NAME")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.FamilyName = data - case "middle_name": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("middle_name")) + it.SenderName = data + case "JWT_TYPE": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("JWT_TYPE")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.MiddleName = data - case "nickname": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("nickname")) + it.JwtType = data + case "JWT_SECRET": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("JWT_SECRET")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Nickname = data - case "gender": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("gender")) + it.JwtSecret = data + case "JWT_PRIVATE_KEY": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("JWT_PRIVATE_KEY")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Gender = data - case "birthdate": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("birthdate")) + it.JwtPrivateKey = data + case "JWT_PUBLIC_KEY": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("JWT_PUBLIC_KEY")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Birthdate = data - case "phone_number": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number")) + it.JwtPublicKey = data + case "ALLOWED_ORIGINS": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ALLOWED_ORIGINS")) + data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + if err != nil { + return it, err + } + it.AllowedOrigins = data + case "APP_URL": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("APP_URL")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.PhoneNumber = data - case "picture": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("picture")) + it.AppURL = data + case "RESET_PASSWORD_URL": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("RESET_PASSWORD_URL")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Picture = data - case "password": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("password")) - data, err := ec.unmarshalNString2string(ctx, v) + it.ResetPasswordURL = data + case "APP_COOKIE_SECURE": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("APP_COOKIE_SECURE")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.Password = data - case "confirm_password": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("confirm_password")) - data, err := ec.unmarshalNString2string(ctx, v) + it.AppCookieSecure = data + case "ADMIN_COOKIE_SECURE": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ADMIN_COOKIE_SECURE")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.ConfirmPassword = data - case "roles": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("roles")) - data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + it.AdminCookieSecure = data + case "DISABLE_EMAIL_VERIFICATION": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_EMAIL_VERIFICATION")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.Roles = data - case "scope": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("scope")) - data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + it.DisableEmailVerification = data + case "DISABLE_BASIC_AUTHENTICATION": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_BASIC_AUTHENTICATION")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.Scope = data - case "redirect_uri": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("redirect_uri")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.DisableBasicAuthentication = data + case "DISABLE_MOBILE_BASIC_AUTHENTICATION": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_MOBILE_BASIC_AUTHENTICATION")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.RedirectURI = data - case "is_multi_factor_auth_enabled": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("is_multi_factor_auth_enabled")) + it.DisableMobileBasicAuthentication = data + case "DISABLE_MAGIC_LINK_LOGIN": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_MAGIC_LINK_LOGIN")) data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.IsMultiFactorAuthEnabled = data - case "state": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.DisableMagicLinkLogin = data + case "DISABLE_LOGIN_PAGE": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_LOGIN_PAGE")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.State = data - case "app_data": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("app_data")) - data, err := ec.unmarshalOMap2map(ctx, v) + it.DisableLoginPage = data + case "DISABLE_SIGN_UP": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_SIGN_UP")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.AppData = data - } - } - - return it, nil -} - -func (ec *executionContext) unmarshalInputTestEndpointRequest(ctx context.Context, obj any) (model.TestEndpointRequest, error) { - var it model.TestEndpointRequest - asMap := map[string]any{} - for k, v := range obj.(map[string]any) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"endpoint", "event_name", "event_description", "headers"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "endpoint": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("endpoint")) - data, err := ec.unmarshalNString2string(ctx, v) + it.DisableSignUp = data + case "DISABLE_REDIS_FOR_ENV": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_REDIS_FOR_ENV")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.Endpoint = data - case "event_name": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("event_name")) - data, err := ec.unmarshalNString2string(ctx, v) + it.DisableRedisForEnv = data + case "DISABLE_STRONG_PASSWORD": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_STRONG_PASSWORD")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.EventName = data - case "event_description": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("event_description")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.DisableStrongPassword = data + case "DISABLE_MULTI_FACTOR_AUTHENTICATION": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_MULTI_FACTOR_AUTHENTICATION")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.EventDescription = data - case "headers": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("headers")) - data, err := ec.unmarshalOMap2map(ctx, v) + it.DisableMultiFactorAuthentication = data + case "ENFORCE_MULTI_FACTOR_AUTHENTICATION": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ENFORCE_MULTI_FACTOR_AUTHENTICATION")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.Headers = data - } - } - - return it, nil -} - -func (ec *executionContext) unmarshalInputUpdateAccessRequest(ctx context.Context, obj any) (model.UpdateAccessRequest, error) { - var it model.UpdateAccessRequest - asMap := map[string]any{} - for k, v := range obj.(map[string]any) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"user_id"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "user_id": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("user_id")) - data, err := ec.unmarshalNString2string(ctx, v) + it.EnforceMultiFactorAuthentication = data + case "ROLES": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ROLES")) + data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + if err != nil { + return it, err + } + it.Roles = data + case "PROTECTED_ROLES": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("PROTECTED_ROLES")) + data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + if err != nil { + return it, err + } + it.ProtectedRoles = data + case "DEFAULT_ROLES": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DEFAULT_ROLES")) + data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + if err != nil { + return it, err + } + it.DefaultRoles = data + case "JWT_ROLE_CLAIM": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("JWT_ROLE_CLAIM")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.UserID = data - } - } - - return it, nil -} - -func (ec *executionContext) unmarshalInputUpdateEmailTemplateRequest(ctx context.Context, obj any) (model.UpdateEmailTemplateRequest, error) { - var it model.UpdateEmailTemplateRequest - asMap := map[string]any{} - for k, v := range obj.(map[string]any) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"id", "event_name", "template", "subject", "design"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "id": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) - data, err := ec.unmarshalNID2string(ctx, v) + it.JwtRoleClaim = data + case "GOOGLE_CLIENT_ID": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("GOOGLE_CLIENT_ID")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.ID = data - case "event_name": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("event_name")) + it.GoogleClientID = data + case "GOOGLE_CLIENT_SECRET": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("GOOGLE_CLIENT_SECRET")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.EventName = data - case "template": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("template")) + it.GoogleClientSecret = data + case "GITHUB_CLIENT_ID": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("GITHUB_CLIENT_ID")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Template = data - case "subject": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("subject")) + it.GithubClientID = data + case "GITHUB_CLIENT_SECRET": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("GITHUB_CLIENT_SECRET")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Subject = data - case "design": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("design")) + it.GithubClientSecret = data + case "FACEBOOK_CLIENT_ID": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("FACEBOOK_CLIENT_ID")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Design = data - } - } - - return it, nil -} - -func (ec *executionContext) unmarshalInputUpdateEnvRequest(ctx context.Context, obj any) (model.UpdateEnvRequest, error) { - var it model.UpdateEnvRequest - asMap := map[string]any{} - for k, v := range obj.(map[string]any) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"ACCESS_TOKEN_EXPIRY_TIME", "ADMIN_SECRET", "CUSTOM_ACCESS_TOKEN_SCRIPT", "OLD_ADMIN_SECRET", "SMTP_HOST", "SMTP_PORT", "SMTP_USERNAME", "SMTP_PASSWORD", "SMTP_LOCAL_NAME", "SENDER_EMAIL", "SENDER_NAME", "JWT_TYPE", "JWT_SECRET", "JWT_PRIVATE_KEY", "JWT_PUBLIC_KEY", "ALLOWED_ORIGINS", "APP_URL", "RESET_PASSWORD_URL", "APP_COOKIE_SECURE", "ADMIN_COOKIE_SECURE", "DISABLE_EMAIL_VERIFICATION", "DISABLE_BASIC_AUTHENTICATION", "DISABLE_MOBILE_BASIC_AUTHENTICATION", "DISABLE_MAGIC_LINK_LOGIN", "DISABLE_LOGIN_PAGE", "DISABLE_SIGN_UP", "DISABLE_REDIS_FOR_ENV", "DISABLE_STRONG_PASSWORD", "DISABLE_MULTI_FACTOR_AUTHENTICATION", "ENFORCE_MULTI_FACTOR_AUTHENTICATION", "ROLES", "PROTECTED_ROLES", "DEFAULT_ROLES", "JWT_ROLE_CLAIM", "GOOGLE_CLIENT_ID", "GOOGLE_CLIENT_SECRET", "GITHUB_CLIENT_ID", "GITHUB_CLIENT_SECRET", "FACEBOOK_CLIENT_ID", "FACEBOOK_CLIENT_SECRET", "LINKEDIN_CLIENT_ID", "LINKEDIN_CLIENT_SECRET", "APPLE_CLIENT_ID", "APPLE_CLIENT_SECRET", "DISCORD_CLIENT_ID", "DISCORD_CLIENT_SECRET", "TWITTER_CLIENT_ID", "TWITTER_CLIENT_SECRET", "MICROSOFT_CLIENT_ID", "MICROSOFT_CLIENT_SECRET", "MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID", "TWITCH_CLIENT_ID", "TWITCH_CLIENT_SECRET", "ROBLOX_CLIENT_ID", "ROBLOX_CLIENT_SECRET", "ORGANIZATION_NAME", "ORGANIZATION_LOGO", "DEFAULT_AUTHORIZE_RESPONSE_TYPE", "DEFAULT_AUTHORIZE_RESPONSE_MODE", "DISABLE_PLAYGROUND", "DISABLE_MAIL_OTP_LOGIN", "DISABLE_TOTP_LOGIN"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "ACCESS_TOKEN_EXPIRY_TIME": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ACCESS_TOKEN_EXPIRY_TIME")) + it.FacebookClientID = data + case "FACEBOOK_CLIENT_SECRET": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("FACEBOOK_CLIENT_SECRET")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.AccessTokenExpiryTime = data - case "ADMIN_SECRET": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ADMIN_SECRET")) + it.FacebookClientSecret = data + case "LINKEDIN_CLIENT_ID": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("LINKEDIN_CLIENT_ID")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.AdminSecret = data - case "CUSTOM_ACCESS_TOKEN_SCRIPT": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("CUSTOM_ACCESS_TOKEN_SCRIPT")) + it.LinkedinClientID = data + case "LINKEDIN_CLIENT_SECRET": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("LINKEDIN_CLIENT_SECRET")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.CustomAccessTokenScript = data - case "OLD_ADMIN_SECRET": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("OLD_ADMIN_SECRET")) + it.LinkedinClientSecret = data + case "APPLE_CLIENT_ID": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("APPLE_CLIENT_ID")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.OldAdminSecret = data - case "SMTP_HOST": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("SMTP_HOST")) + it.AppleClientID = data + case "APPLE_CLIENT_SECRET": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("APPLE_CLIENT_SECRET")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.SMTPHost = data - case "SMTP_PORT": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("SMTP_PORT")) + it.AppleClientSecret = data + case "DISCORD_CLIENT_ID": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISCORD_CLIENT_ID")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.SMTPPort = data - case "SMTP_USERNAME": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("SMTP_USERNAME")) + it.DiscordClientID = data + case "DISCORD_CLIENT_SECRET": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISCORD_CLIENT_SECRET")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.SMTPUsername = data - case "SMTP_PASSWORD": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("SMTP_PASSWORD")) + it.DiscordClientSecret = data + case "TWITTER_CLIENT_ID": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("TWITTER_CLIENT_ID")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.SMTPPassword = data - case "SMTP_LOCAL_NAME": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("SMTP_LOCAL_NAME")) + it.TwitterClientID = data + case "TWITTER_CLIENT_SECRET": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("TWITTER_CLIENT_SECRET")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.SMTPLocalName = data - case "SENDER_EMAIL": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("SENDER_EMAIL")) + it.TwitterClientSecret = data + case "MICROSOFT_CLIENT_ID": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("MICROSOFT_CLIENT_ID")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.SenderEmail = data - case "SENDER_NAME": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("SENDER_NAME")) + it.MicrosoftClientID = data + case "MICROSOFT_CLIENT_SECRET": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("MICROSOFT_CLIENT_SECRET")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.SenderName = data - case "JWT_TYPE": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("JWT_TYPE")) + it.MicrosoftClientSecret = data + case "MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.JwtType = data - case "JWT_SECRET": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("JWT_SECRET")) + it.MicrosoftActiveDirectoryTenantID = data + case "TWITCH_CLIENT_ID": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("TWITCH_CLIENT_ID")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.JwtSecret = data - case "JWT_PRIVATE_KEY": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("JWT_PRIVATE_KEY")) + it.TwitchClientID = data + case "TWITCH_CLIENT_SECRET": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("TWITCH_CLIENT_SECRET")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.JwtPrivateKey = data - case "JWT_PUBLIC_KEY": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("JWT_PUBLIC_KEY")) + it.TwitchClientSecret = data + case "ROBLOX_CLIENT_ID": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ROBLOX_CLIENT_ID")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.JwtPublicKey = data - case "ALLOWED_ORIGINS": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ALLOWED_ORIGINS")) - data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + it.RobloxClientID = data + case "ROBLOX_CLIENT_SECRET": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ROBLOX_CLIENT_SECRET")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.AllowedOrigins = data - case "APP_URL": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("APP_URL")) + it.RobloxClientSecret = data + case "ORGANIZATION_NAME": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ORGANIZATION_NAME")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.AppURL = data - case "RESET_PASSWORD_URL": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("RESET_PASSWORD_URL")) + it.OrganizationName = data + case "ORGANIZATION_LOGO": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ORGANIZATION_LOGO")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.ResetPasswordURL = data - case "APP_COOKIE_SECURE": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("APP_COOKIE_SECURE")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) + it.OrganizationLogo = data + case "DEFAULT_AUTHORIZE_RESPONSE_TYPE": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DEFAULT_AUTHORIZE_RESPONSE_TYPE")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.AppCookieSecure = data - case "ADMIN_COOKIE_SECURE": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ADMIN_COOKIE_SECURE")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) + it.DefaultAuthorizeResponseType = data + case "DEFAULT_AUTHORIZE_RESPONSE_MODE": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DEFAULT_AUTHORIZE_RESPONSE_MODE")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.AdminCookieSecure = data - case "DISABLE_EMAIL_VERIFICATION": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_EMAIL_VERIFICATION")) + it.DefaultAuthorizeResponseMode = data + case "DISABLE_PLAYGROUND": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_PLAYGROUND")) data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.DisableEmailVerification = data - case "DISABLE_BASIC_AUTHENTICATION": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_BASIC_AUTHENTICATION")) + it.DisablePlayground = data + case "DISABLE_MAIL_OTP_LOGIN": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_MAIL_OTP_LOGIN")) data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.DisableBasicAuthentication = data - case "DISABLE_MOBILE_BASIC_AUTHENTICATION": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_MOBILE_BASIC_AUTHENTICATION")) + it.DisableMailOtpLogin = data + case "DISABLE_TOTP_LOGIN": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_TOTP_LOGIN")) data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.DisableMobileBasicAuthentication = data - case "DISABLE_MAGIC_LINK_LOGIN": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_MAGIC_LINK_LOGIN")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) + it.DisableTotpLogin = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputUpdatePermissionInput(ctx context.Context, obj any) (model.UpdatePermissionInput, error) { + var it model.UpdatePermissionInput + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"id", "name", "description", "scope_ids", "policy_ids", "decision_strategy"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "id": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) + data, err := ec.unmarshalNID2string(ctx, v) + if err != nil { + return it, err + } + it.ID = data + case "name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("name")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.Name = data + case "description": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("description")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.Description = data + case "scope_ids": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("scope_ids")) + data, err := ec.unmarshalOID2ᚕstringᚄ(ctx, v) if err != nil { return it, err } - it.DisableMagicLinkLogin = data - case "DISABLE_LOGIN_PAGE": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_LOGIN_PAGE")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) + it.ScopeIds = data + case "policy_ids": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("policy_ids")) + data, err := ec.unmarshalOID2ᚕstringᚄ(ctx, v) if err != nil { return it, err } - it.DisableLoginPage = data - case "DISABLE_SIGN_UP": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_SIGN_UP")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) + it.PolicyIds = data + case "decision_strategy": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("decision_strategy")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.DisableSignUp = data - case "DISABLE_REDIS_FOR_ENV": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_REDIS_FOR_ENV")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) + it.DecisionStrategy = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputUpdatePolicyInput(ctx context.Context, obj any) (model.UpdatePolicyInput, error) { + var it model.UpdatePolicyInput + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"id", "name", "description", "logic", "decision_strategy", "targets"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "id": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) + data, err := ec.unmarshalNID2string(ctx, v) if err != nil { return it, err } - it.DisableRedisForEnv = data - case "DISABLE_STRONG_PASSWORD": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_STRONG_PASSWORD")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) + it.ID = data + case "name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("name")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.DisableStrongPassword = data - case "DISABLE_MULTI_FACTOR_AUTHENTICATION": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_MULTI_FACTOR_AUTHENTICATION")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) + it.Name = data + case "description": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("description")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.DisableMultiFactorAuthentication = data - case "ENFORCE_MULTI_FACTOR_AUTHENTICATION": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ENFORCE_MULTI_FACTOR_AUTHENTICATION")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) + it.Description = data + case "logic": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("logic")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.EnforceMultiFactorAuthentication = data - case "ROLES": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ROLES")) - data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + it.Logic = data + case "decision_strategy": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("decision_strategy")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Roles = data - case "PROTECTED_ROLES": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("PROTECTED_ROLES")) - data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + it.DecisionStrategy = data + case "targets": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("targets")) + data, err := ec.unmarshalOPolicyTargetInput2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPolicyTargetInputᚄ(ctx, v) if err != nil { return it, err } - it.ProtectedRoles = data - case "DEFAULT_ROLES": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DEFAULT_ROLES")) - data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) + it.Targets = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputUpdateProfileRequest(ctx context.Context, obj any) (model.UpdateProfileRequest, error) { + var it model.UpdateProfileRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"old_password", "new_password", "confirm_new_password", "email", "given_name", "family_name", "middle_name", "nickname", "gender", "birthdate", "phone_number", "picture", "is_multi_factor_auth_enabled", "app_data"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "old_password": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("old_password")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.DefaultRoles = data - case "JWT_ROLE_CLAIM": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("JWT_ROLE_CLAIM")) + it.OldPassword = data + case "new_password": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("new_password")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.JwtRoleClaim = data - case "GOOGLE_CLIENT_ID": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("GOOGLE_CLIENT_ID")) + it.NewPassword = data + case "confirm_new_password": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("confirm_new_password")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.GoogleClientID = data - case "GOOGLE_CLIENT_SECRET": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("GOOGLE_CLIENT_SECRET")) + it.ConfirmNewPassword = data + case "email": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.GoogleClientSecret = data - case "GITHUB_CLIENT_ID": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("GITHUB_CLIENT_ID")) + it.Email = data + case "given_name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("given_name")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.GithubClientID = data - case "GITHUB_CLIENT_SECRET": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("GITHUB_CLIENT_SECRET")) + it.GivenName = data + case "family_name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("family_name")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.GithubClientSecret = data - case "FACEBOOK_CLIENT_ID": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("FACEBOOK_CLIENT_ID")) + it.FamilyName = data + case "middle_name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("middle_name")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.FacebookClientID = data - case "FACEBOOK_CLIENT_SECRET": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("FACEBOOK_CLIENT_SECRET")) + it.MiddleName = data + case "nickname": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("nickname")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.FacebookClientSecret = data - case "LINKEDIN_CLIENT_ID": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("LINKEDIN_CLIENT_ID")) + it.Nickname = data + case "gender": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("gender")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.LinkedinClientID = data - case "LINKEDIN_CLIENT_SECRET": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("LINKEDIN_CLIENT_SECRET")) + it.Gender = data + case "birthdate": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("birthdate")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.LinkedinClientSecret = data - case "APPLE_CLIENT_ID": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("APPLE_CLIENT_ID")) + it.Birthdate = data + case "phone_number": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.AppleClientID = data - case "APPLE_CLIENT_SECRET": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("APPLE_CLIENT_SECRET")) + it.PhoneNumber = data + case "picture": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("picture")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.AppleClientSecret = data - case "DISCORD_CLIENT_ID": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISCORD_CLIENT_ID")) + it.Picture = data + case "is_multi_factor_auth_enabled": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("is_multi_factor_auth_enabled")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) + if err != nil { + return it, err + } + it.IsMultiFactorAuthEnabled = data + case "app_data": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("app_data")) + data, err := ec.unmarshalOMap2map(ctx, v) + if err != nil { + return it, err + } + it.AppData = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputUpdateResourceInput(ctx context.Context, obj any) (model.UpdateResourceInput, error) { + var it model.UpdateResourceInput + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"id", "name", "description"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "id": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) + data, err := ec.unmarshalNID2string(ctx, v) + if err != nil { + return it, err + } + it.ID = data + case "name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("name")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.DiscordClientID = data - case "DISCORD_CLIENT_SECRET": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISCORD_CLIENT_SECRET")) + it.Name = data + case "description": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("description")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.DiscordClientSecret = data - case "TWITTER_CLIENT_ID": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("TWITTER_CLIENT_ID")) + it.Description = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputUpdateScopeInput(ctx context.Context, obj any) (model.UpdateScopeInput, error) { + var it model.UpdateScopeInput + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"id", "name", "description"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "id": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) + data, err := ec.unmarshalNID2string(ctx, v) + if err != nil { + return it, err + } + it.ID = data + case "name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("name")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.TwitterClientID = data - case "TWITTER_CLIENT_SECRET": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("TWITTER_CLIENT_SECRET")) + it.Name = data + case "description": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("description")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.TwitterClientSecret = data - case "MICROSOFT_CLIENT_ID": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("MICROSOFT_CLIENT_ID")) + it.Description = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputUpdateUserRequest(ctx context.Context, obj any) (model.UpdateUserRequest, error) { + var it model.UpdateUserRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"id", "email", "email_verified", "given_name", "family_name", "middle_name", "nickname", "gender", "birthdate", "phone_number", "phone_number_verified", "picture", "roles", "is_multi_factor_auth_enabled", "app_data"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "id": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) + data, err := ec.unmarshalNID2string(ctx, v) + if err != nil { + return it, err + } + it.ID = data + case "email": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.MicrosoftClientID = data - case "MICROSOFT_CLIENT_SECRET": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("MICROSOFT_CLIENT_SECRET")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.Email = data + case "email_verified": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email_verified")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.MicrosoftClientSecret = data - case "MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID")) + it.EmailVerified = data + case "given_name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("given_name")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.MicrosoftActiveDirectoryTenantID = data - case "TWITCH_CLIENT_ID": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("TWITCH_CLIENT_ID")) + it.GivenName = data + case "family_name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("family_name")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.TwitchClientID = data - case "TWITCH_CLIENT_SECRET": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("TWITCH_CLIENT_SECRET")) + it.FamilyName = data + case "middle_name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("middle_name")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.TwitchClientSecret = data - case "ROBLOX_CLIENT_ID": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ROBLOX_CLIENT_ID")) + it.MiddleName = data + case "nickname": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("nickname")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.RobloxClientID = data - case "ROBLOX_CLIENT_SECRET": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ROBLOX_CLIENT_SECRET")) + it.Nickname = data + case "gender": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("gender")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.RobloxClientSecret = data - case "ORGANIZATION_NAME": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ORGANIZATION_NAME")) + it.Gender = data + case "birthdate": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("birthdate")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.OrganizationName = data - case "ORGANIZATION_LOGO": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ORGANIZATION_LOGO")) + it.Birthdate = data + case "phone_number": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.OrganizationLogo = data - case "DEFAULT_AUTHORIZE_RESPONSE_TYPE": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DEFAULT_AUTHORIZE_RESPONSE_TYPE")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.PhoneNumber = data + case "phone_number_verified": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number_verified")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.DefaultAuthorizeResponseType = data - case "DEFAULT_AUTHORIZE_RESPONSE_MODE": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DEFAULT_AUTHORIZE_RESPONSE_MODE")) + it.PhoneNumberVerified = data + case "picture": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("picture")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.DefaultAuthorizeResponseMode = data - case "DISABLE_PLAYGROUND": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_PLAYGROUND")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) + it.Picture = data + case "roles": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("roles")) + data, err := ec.unmarshalOString2ᚕᚖstring(ctx, v) if err != nil { return it, err } - it.DisablePlayground = data - case "DISABLE_MAIL_OTP_LOGIN": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_MAIL_OTP_LOGIN")) + it.Roles = data + case "is_multi_factor_auth_enabled": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("is_multi_factor_auth_enabled")) data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.DisableMailOtpLogin = data - case "DISABLE_TOTP_LOGIN": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_TOTP_LOGIN")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) + it.IsMultiFactorAuthEnabled = data + case "app_data": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("app_data")) + data, err := ec.unmarshalOMap2map(ctx, v) if err != nil { return it, err } - it.DisableTotpLogin = data + it.AppData = data } } return it, nil } -func (ec *executionContext) unmarshalInputUpdateProfileRequest(ctx context.Context, obj any) (model.UpdateProfileRequest, error) { - var it model.UpdateProfileRequest +func (ec *executionContext) unmarshalInputUpdateWebhookRequest(ctx context.Context, obj any) (model.UpdateWebhookRequest, error) { + var it model.UpdateWebhookRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"old_password", "new_password", "confirm_new_password", "email", "given_name", "family_name", "middle_name", "nickname", "gender", "birthdate", "phone_number", "picture", "is_multi_factor_auth_enabled", "app_data"} + fieldsInOrder := [...]string{"id", "event_name", "event_description", "endpoint", "enabled", "headers"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "old_password": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("old_password")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + case "id": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) + data, err := ec.unmarshalNID2string(ctx, v) if err != nil { return it, err } - it.OldPassword = data - case "new_password": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("new_password")) + it.ID = data + case "event_name": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("event_name")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.NewPassword = data - case "confirm_new_password": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("confirm_new_password")) + it.EventName = data + case "event_description": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("event_description")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.ConfirmNewPassword = data - case "email": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) + it.EventDescription = data + case "endpoint": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("endpoint")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Email = data - case "given_name": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("given_name")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.Endpoint = data + case "enabled": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("enabled")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.GivenName = data - case "family_name": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("family_name")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.Enabled = data + case "headers": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("headers")) + data, err := ec.unmarshalOMap2map(ctx, v) if err != nil { return it, err } - it.FamilyName = data - case "middle_name": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("middle_name")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.Headers = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputValidateJWTTokenRequest(ctx context.Context, obj any) (model.ValidateJWTTokenRequest, error) { + var it model.ValidateJWTTokenRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"token_type", "token", "roles", "required_permissions"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "token_type": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("token_type")) + data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.MiddleName = data - case "nickname": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("nickname")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.TokenType = data + case "token": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("token")) + data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.Nickname = data - case "gender": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("gender")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.Token = data + case "roles": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("roles")) + data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) if err != nil { return it, err } - it.Gender = data - case "birthdate": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("birthdate")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.Roles = data + case "required_permissions": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("required_permissions")) + data, err := ec.unmarshalOPermissionInput2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPermissionInputᚄ(ctx, v) if err != nil { return it, err } - it.Birthdate = data - case "phone_number": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.RequiredPermissions = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputValidateSessionRequest(ctx context.Context, obj any) (model.ValidateSessionRequest, error) { + var it model.ValidateSessionRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"cookie", "roles", "required_permissions"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "cookie": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("cookie")) + data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.PhoneNumber = data - case "picture": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("picture")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.Cookie = data + case "roles": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("roles")) + data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) if err != nil { return it, err } - it.Picture = data - case "is_multi_factor_auth_enabled": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("is_multi_factor_auth_enabled")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) + it.Roles = data + case "required_permissions": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("required_permissions")) + data, err := ec.unmarshalOPermissionInput2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPermissionInputᚄ(ctx, v) + if err != nil { + return it, err + } + it.RequiredPermissions = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputVerifyEmailRequest(ctx context.Context, obj any) (model.VerifyEmailRequest, error) { + var it model.VerifyEmailRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"token", "state"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "token": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("token")) + data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.IsMultiFactorAuthEnabled = data - case "app_data": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("app_data")) - data, err := ec.unmarshalOMap2map(ctx, v) + it.Token = data + case "state": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.AppData = data + it.State = data } } return it, nil } -func (ec *executionContext) unmarshalInputUpdateUserRequest(ctx context.Context, obj any) (model.UpdateUserRequest, error) { - var it model.UpdateUserRequest +func (ec *executionContext) unmarshalInputVerifyOTPRequest(ctx context.Context, obj any) (model.VerifyOTPRequest, error) { + var it model.VerifyOTPRequest asMap := map[string]any{} for k, v := range obj.(map[string]any) { asMap[k] = v } - fieldsInOrder := [...]string{"id", "email", "email_verified", "given_name", "family_name", "middle_name", "nickname", "gender", "birthdate", "phone_number", "phone_number_verified", "picture", "roles", "is_multi_factor_auth_enabled", "app_data"} + fieldsInOrder := [...]string{"email", "phone_number", "otp", "is_totp", "state"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { continue } switch k { - case "id": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) - data, err := ec.unmarshalNID2string(ctx, v) - if err != nil { - return it, err - } - it.ID = data case "email": ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) @@ -20265,400 +25304,561 @@ func (ec *executionContext) unmarshalInputUpdateUserRequest(ctx context.Context, return it, err } it.Email = data - case "email_verified": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email_verified")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) - if err != nil { - return it, err - } - it.EmailVerified = data - case "given_name": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("given_name")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err - } - it.GivenName = data - case "family_name": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("family_name")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err - } - it.FamilyName = data - case "middle_name": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("middle_name")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err - } - it.MiddleName = data - case "nickname": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("nickname")) + case "phone_number": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.Nickname = data - case "gender": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("gender")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.PhoneNumber = data + case "otp": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("otp")) + data, err := ec.unmarshalNString2string(ctx, v) if err != nil { return it, err } - it.Gender = data - case "birthdate": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("birthdate")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) + it.Otp = data + case "is_totp": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("is_totp")) + data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) if err != nil { return it, err } - it.Birthdate = data - case "phone_number": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number")) + it.IsTotp = data + case "state": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) data, err := ec.unmarshalOString2ᚖstring(ctx, v) if err != nil { return it, err } - it.PhoneNumber = data - case "phone_number_verified": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number_verified")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) + it.State = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputWebhookRequest(ctx context.Context, obj any) (model.WebhookRequest, error) { + var it model.WebhookRequest + asMap := map[string]any{} + for k, v := range obj.(map[string]any) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"id"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "id": + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) + data, err := ec.unmarshalNID2string(ctx, v) if err != nil { return it, err } - it.PhoneNumberVerified = data - case "picture": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("picture")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err + it.ID = data + } + } + + return it, nil +} + +// endregion **************************** input.gotpl ***************************** + +// region ************************** interface.gotpl *************************** + +// endregion ************************** interface.gotpl *************************** + +// region **************************** object.gotpl **************************** + +var auditLogImplementors = []string{"AuditLog"} + +func (ec *executionContext) _AuditLog(ctx context.Context, sel ast.SelectionSet, obj *model.AuditLog) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, auditLogImplementors) + + out := graphql.NewFieldSet(fields) + deferred := make(map[string]*graphql.FieldSet) + for i, field := range fields { + switch field.Name { + case "__typename": + out.Values[i] = graphql.MarshalString("AuditLog") + case "id": + out.Values[i] = ec._AuditLog_id(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.Picture = data - case "roles": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("roles")) - data, err := ec.unmarshalOString2ᚕᚖstring(ctx, v) - if err != nil { - return it, err + case "actor_id": + out.Values[i] = ec._AuditLog_actor_id(ctx, field, obj) + case "actor_type": + out.Values[i] = ec._AuditLog_actor_type(ctx, field, obj) + case "actor_email": + out.Values[i] = ec._AuditLog_actor_email(ctx, field, obj) + case "action": + out.Values[i] = ec._AuditLog_action(ctx, field, obj) + case "resource_type": + out.Values[i] = ec._AuditLog_resource_type(ctx, field, obj) + case "resource_id": + out.Values[i] = ec._AuditLog_resource_id(ctx, field, obj) + case "ip_address": + out.Values[i] = ec._AuditLog_ip_address(ctx, field, obj) + case "user_agent": + out.Values[i] = ec._AuditLog_user_agent(ctx, field, obj) + case "metadata": + out.Values[i] = ec._AuditLog_metadata(ctx, field, obj) + case "created_at": + out.Values[i] = ec._AuditLog_created_at(ctx, field, obj) + default: + panic("unknown field " + strconv.Quote(field.Name)) + } + } + out.Dispatch(ctx) + if out.Invalids > 0 { + return graphql.Null + } + + atomic.AddInt32(&ec.deferred, int32(len(deferred))) + + for label, dfs := range deferred { + ec.processDeferredGroup(graphql.DeferredGroup{ + Label: label, + Path: graphql.GetPath(ctx), + FieldSet: dfs, + Context: ctx, + }) + } + + return out +} + +var auditLogsImplementors = []string{"AuditLogs"} + +func (ec *executionContext) _AuditLogs(ctx context.Context, sel ast.SelectionSet, obj *model.AuditLogs) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, auditLogsImplementors) + + out := graphql.NewFieldSet(fields) + deferred := make(map[string]*graphql.FieldSet) + for i, field := range fields { + switch field.Name { + case "__typename": + out.Values[i] = graphql.MarshalString("AuditLogs") + case "pagination": + out.Values[i] = ec._AuditLogs_pagination(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.Roles = data - case "is_multi_factor_auth_enabled": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("is_multi_factor_auth_enabled")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) - if err != nil { - return it, err + case "audit_logs": + out.Values[i] = ec._AuditLogs_audit_logs(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.IsMultiFactorAuthEnabled = data - case "app_data": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("app_data")) - data, err := ec.unmarshalOMap2map(ctx, v) - if err != nil { - return it, err + default: + panic("unknown field " + strconv.Quote(field.Name)) + } + } + out.Dispatch(ctx) + if out.Invalids > 0 { + return graphql.Null + } + + atomic.AddInt32(&ec.deferred, int32(len(deferred))) + + for label, dfs := range deferred { + ec.processDeferredGroup(graphql.DeferredGroup{ + Label: label, + Path: graphql.GetPath(ctx), + FieldSet: dfs, + Context: ctx, + }) + } + + return out +} + +var authResponseImplementors = []string{"AuthResponse"} + +func (ec *executionContext) _AuthResponse(ctx context.Context, sel ast.SelectionSet, obj *model.AuthResponse) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, authResponseImplementors) + + out := graphql.NewFieldSet(fields) + deferred := make(map[string]*graphql.FieldSet) + for i, field := range fields { + switch field.Name { + case "__typename": + out.Values[i] = graphql.MarshalString("AuthResponse") + case "message": + out.Values[i] = ec._AuthResponse_message(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.AppData = data + case "should_show_email_otp_screen": + out.Values[i] = ec._AuthResponse_should_show_email_otp_screen(ctx, field, obj) + case "should_show_mobile_otp_screen": + out.Values[i] = ec._AuthResponse_should_show_mobile_otp_screen(ctx, field, obj) + case "should_show_totp_screen": + out.Values[i] = ec._AuthResponse_should_show_totp_screen(ctx, field, obj) + case "access_token": + out.Values[i] = ec._AuthResponse_access_token(ctx, field, obj) + case "id_token": + out.Values[i] = ec._AuthResponse_id_token(ctx, field, obj) + case "refresh_token": + out.Values[i] = ec._AuthResponse_refresh_token(ctx, field, obj) + case "expires_in": + out.Values[i] = ec._AuthResponse_expires_in(ctx, field, obj) + case "user": + out.Values[i] = ec._AuthResponse_user(ctx, field, obj) + case "authenticator_scanner_image": + out.Values[i] = ec._AuthResponse_authenticator_scanner_image(ctx, field, obj) + case "authenticator_secret": + out.Values[i] = ec._AuthResponse_authenticator_secret(ctx, field, obj) + case "authenticator_recovery_codes": + out.Values[i] = ec._AuthResponse_authenticator_recovery_codes(ctx, field, obj) + default: + panic("unknown field " + strconv.Quote(field.Name)) } } + out.Dispatch(ctx) + if out.Invalids > 0 { + return graphql.Null + } - return it, nil -} + atomic.AddInt32(&ec.deferred, int32(len(deferred))) -func (ec *executionContext) unmarshalInputUpdateWebhookRequest(ctx context.Context, obj any) (model.UpdateWebhookRequest, error) { - var it model.UpdateWebhookRequest - asMap := map[string]any{} - for k, v := range obj.(map[string]any) { - asMap[k] = v + for label, dfs := range deferred { + ec.processDeferredGroup(graphql.DeferredGroup{ + Label: label, + Path: graphql.GetPath(ctx), + FieldSet: dfs, + Context: ctx, + }) } - fieldsInOrder := [...]string{"id", "event_name", "event_description", "endpoint", "enabled", "headers"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { + return out +} + +var authzPermissionImplementors = []string{"AuthzPermission"} + +func (ec *executionContext) _AuthzPermission(ctx context.Context, sel ast.SelectionSet, obj *model.AuthzPermission) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, authzPermissionImplementors) + + out := graphql.NewFieldSet(fields) + deferred := make(map[string]*graphql.FieldSet) + for i, field := range fields { + switch field.Name { + case "__typename": + out.Values[i] = graphql.MarshalString("AuthzPermission") case "id": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) - data, err := ec.unmarshalNID2string(ctx, v) - if err != nil { - return it, err + out.Values[i] = ec._AuthzPermission_id(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.ID = data - case "event_name": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("event_name")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err + case "name": + out.Values[i] = ec._AuthzPermission_name(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.EventName = data - case "event_description": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("event_description")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err + case "description": + out.Values[i] = ec._AuthzPermission_description(ctx, field, obj) + case "resource": + out.Values[i] = ec._AuthzPermission_resource(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.EventDescription = data - case "endpoint": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("endpoint")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err + case "scopes": + out.Values[i] = ec._AuthzPermission_scopes(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.Endpoint = data - case "enabled": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("enabled")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) - if err != nil { - return it, err + case "policies": + out.Values[i] = ec._AuthzPermission_policies(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.Enabled = data - case "headers": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("headers")) - data, err := ec.unmarshalOMap2map(ctx, v) - if err != nil { - return it, err + case "decision_strategy": + out.Values[i] = ec._AuthzPermission_decision_strategy(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.Headers = data + case "created_at": + out.Values[i] = ec._AuthzPermission_created_at(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "updated_at": + out.Values[i] = ec._AuthzPermission_updated_at(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + default: + panic("unknown field " + strconv.Quote(field.Name)) } } - - return it, nil -} - -func (ec *executionContext) unmarshalInputValidateJWTTokenRequest(ctx context.Context, obj any) (model.ValidateJWTTokenRequest, error) { - var it model.ValidateJWTTokenRequest - asMap := map[string]any{} - for k, v := range obj.(map[string]any) { - asMap[k] = v + out.Dispatch(ctx) + if out.Invalids > 0 { + return graphql.Null } - fieldsInOrder := [...]string{"token_type", "token", "roles"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "token_type": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("token_type")) - data, err := ec.unmarshalNString2string(ctx, v) - if err != nil { - return it, err - } - it.TokenType = data - case "token": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("token")) - data, err := ec.unmarshalNString2string(ctx, v) - if err != nil { - return it, err - } - it.Token = data - case "roles": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("roles")) - data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) - if err != nil { - return it, err - } - it.Roles = data - } + atomic.AddInt32(&ec.deferred, int32(len(deferred))) + + for label, dfs := range deferred { + ec.processDeferredGroup(graphql.DeferredGroup{ + Label: label, + Path: graphql.GetPath(ctx), + FieldSet: dfs, + Context: ctx, + }) } - return it, nil + return out } -func (ec *executionContext) unmarshalInputValidateSessionRequest(ctx context.Context, obj any) (model.ValidateSessionRequest, error) { - var it model.ValidateSessionRequest - asMap := map[string]any{} - for k, v := range obj.(map[string]any) { - asMap[k] = v - } +var authzPermissionsImplementors = []string{"AuthzPermissions"} - fieldsInOrder := [...]string{"cookie", "roles"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "cookie": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("cookie")) - data, err := ec.unmarshalNString2string(ctx, v) - if err != nil { - return it, err +func (ec *executionContext) _AuthzPermissions(ctx context.Context, sel ast.SelectionSet, obj *model.AuthzPermissions) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, authzPermissionsImplementors) + + out := graphql.NewFieldSet(fields) + deferred := make(map[string]*graphql.FieldSet) + for i, field := range fields { + switch field.Name { + case "__typename": + out.Values[i] = graphql.MarshalString("AuthzPermissions") + case "pagination": + out.Values[i] = ec._AuthzPermissions_pagination(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.Cookie = data - case "roles": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("roles")) - data, err := ec.unmarshalOString2ᚕstringᚄ(ctx, v) - if err != nil { - return it, err + case "permissions": + out.Values[i] = ec._AuthzPermissions_permissions(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.Roles = data + default: + panic("unknown field " + strconv.Quote(field.Name)) } } + out.Dispatch(ctx) + if out.Invalids > 0 { + return graphql.Null + } - return it, nil -} + atomic.AddInt32(&ec.deferred, int32(len(deferred))) -func (ec *executionContext) unmarshalInputVerifyEmailRequest(ctx context.Context, obj any) (model.VerifyEmailRequest, error) { - var it model.VerifyEmailRequest - asMap := map[string]any{} - for k, v := range obj.(map[string]any) { - asMap[k] = v + for label, dfs := range deferred { + ec.processDeferredGroup(graphql.DeferredGroup{ + Label: label, + Path: graphql.GetPath(ctx), + FieldSet: dfs, + Context: ctx, + }) } - fieldsInOrder := [...]string{"token", "state"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "token": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("token")) - data, err := ec.unmarshalNString2string(ctx, v) - if err != nil { - return it, err + return out +} + +var authzPoliciesImplementors = []string{"AuthzPolicies"} + +func (ec *executionContext) _AuthzPolicies(ctx context.Context, sel ast.SelectionSet, obj *model.AuthzPolicies) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, authzPoliciesImplementors) + + out := graphql.NewFieldSet(fields) + deferred := make(map[string]*graphql.FieldSet) + for i, field := range fields { + switch field.Name { + case "__typename": + out.Values[i] = graphql.MarshalString("AuthzPolicies") + case "pagination": + out.Values[i] = ec._AuthzPolicies_pagination(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.Token = data - case "state": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err + case "policies": + out.Values[i] = ec._AuthzPolicies_policies(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.State = data + default: + panic("unknown field " + strconv.Quote(field.Name)) } } + out.Dispatch(ctx) + if out.Invalids > 0 { + return graphql.Null + } - return it, nil -} + atomic.AddInt32(&ec.deferred, int32(len(deferred))) -func (ec *executionContext) unmarshalInputVerifyOTPRequest(ctx context.Context, obj any) (model.VerifyOTPRequest, error) { - var it model.VerifyOTPRequest - asMap := map[string]any{} - for k, v := range obj.(map[string]any) { - asMap[k] = v + for label, dfs := range deferred { + ec.processDeferredGroup(graphql.DeferredGroup{ + Label: label, + Path: graphql.GetPath(ctx), + FieldSet: dfs, + Context: ctx, + }) } - fieldsInOrder := [...]string{"email", "phone_number", "otp", "is_totp", "state"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "email": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("email")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err + return out +} + +var authzPolicyImplementors = []string{"AuthzPolicy"} + +func (ec *executionContext) _AuthzPolicy(ctx context.Context, sel ast.SelectionSet, obj *model.AuthzPolicy) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, authzPolicyImplementors) + + out := graphql.NewFieldSet(fields) + deferred := make(map[string]*graphql.FieldSet) + for i, field := range fields { + switch field.Name { + case "__typename": + out.Values[i] = graphql.MarshalString("AuthzPolicy") + case "id": + out.Values[i] = ec._AuthzPolicy_id(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.Email = data - case "phone_number": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("phone_number")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err + case "name": + out.Values[i] = ec._AuthzPolicy_name(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.PhoneNumber = data - case "otp": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("otp")) - data, err := ec.unmarshalNString2string(ctx, v) - if err != nil { - return it, err + case "description": + out.Values[i] = ec._AuthzPolicy_description(ctx, field, obj) + case "type": + out.Values[i] = ec._AuthzPolicy_type(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.Otp = data - case "is_totp": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("is_totp")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) - if err != nil { - return it, err + case "logic": + out.Values[i] = ec._AuthzPolicy_logic(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.IsTotp = data - case "state": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("state")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err + case "decision_strategy": + out.Values[i] = ec._AuthzPolicy_decision_strategy(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.State = data + case "targets": + out.Values[i] = ec._AuthzPolicy_targets(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "created_at": + out.Values[i] = ec._AuthzPolicy_created_at(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "updated_at": + out.Values[i] = ec._AuthzPolicy_updated_at(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + default: + panic("unknown field " + strconv.Quote(field.Name)) } } + out.Dispatch(ctx) + if out.Invalids > 0 { + return graphql.Null + } - return it, nil -} + atomic.AddInt32(&ec.deferred, int32(len(deferred))) -func (ec *executionContext) unmarshalInputWebhookRequest(ctx context.Context, obj any) (model.WebhookRequest, error) { - var it model.WebhookRequest - asMap := map[string]any{} - for k, v := range obj.(map[string]any) { - asMap[k] = v + for label, dfs := range deferred { + ec.processDeferredGroup(graphql.DeferredGroup{ + Label: label, + Path: graphql.GetPath(ctx), + FieldSet: dfs, + Context: ctx, + }) } - fieldsInOrder := [...]string{"id"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { + return out +} + +var authzPolicyTargetImplementors = []string{"AuthzPolicyTarget"} + +func (ec *executionContext) _AuthzPolicyTarget(ctx context.Context, sel ast.SelectionSet, obj *model.AuthzPolicyTarget) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, authzPolicyTargetImplementors) + + out := graphql.NewFieldSet(fields) + deferred := make(map[string]*graphql.FieldSet) + for i, field := range fields { + switch field.Name { + case "__typename": + out.Values[i] = graphql.MarshalString("AuthzPolicyTarget") case "id": - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) - data, err := ec.unmarshalNID2string(ctx, v) - if err != nil { - return it, err + out.Values[i] = ec._AuthzPolicyTarget_id(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ } - it.ID = data + case "target_type": + out.Values[i] = ec._AuthzPolicyTarget_target_type(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "target_value": + out.Values[i] = ec._AuthzPolicyTarget_target_value(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + default: + panic("unknown field " + strconv.Quote(field.Name)) } } + out.Dispatch(ctx) + if out.Invalids > 0 { + return graphql.Null + } - return it, nil -} - -// endregion **************************** input.gotpl ***************************** - -// region ************************** interface.gotpl *************************** + atomic.AddInt32(&ec.deferred, int32(len(deferred))) -// endregion ************************** interface.gotpl *************************** + for label, dfs := range deferred { + ec.processDeferredGroup(graphql.DeferredGroup{ + Label: label, + Path: graphql.GetPath(ctx), + FieldSet: dfs, + Context: ctx, + }) + } -// region **************************** object.gotpl **************************** + return out +} -var auditLogImplementors = []string{"AuditLog"} +var authzResourceImplementors = []string{"AuthzResource"} -func (ec *executionContext) _AuditLog(ctx context.Context, sel ast.SelectionSet, obj *model.AuditLog) graphql.Marshaler { - fields := graphql.CollectFields(ec.OperationContext, sel, auditLogImplementors) +func (ec *executionContext) _AuthzResource(ctx context.Context, sel ast.SelectionSet, obj *model.AuthzResource) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, authzResourceImplementors) out := graphql.NewFieldSet(fields) deferred := make(map[string]*graphql.FieldSet) for i, field := range fields { switch field.Name { case "__typename": - out.Values[i] = graphql.MarshalString("AuditLog") + out.Values[i] = graphql.MarshalString("AuthzResource") case "id": - out.Values[i] = ec._AuditLog_id(ctx, field, obj) + out.Values[i] = ec._AuthzResource_id(ctx, field, obj) if out.Values[i] == graphql.Null { out.Invalids++ } - case "actor_id": - out.Values[i] = ec._AuditLog_actor_id(ctx, field, obj) - case "actor_type": - out.Values[i] = ec._AuditLog_actor_type(ctx, field, obj) - case "actor_email": - out.Values[i] = ec._AuditLog_actor_email(ctx, field, obj) - case "action": - out.Values[i] = ec._AuditLog_action(ctx, field, obj) - case "resource_type": - out.Values[i] = ec._AuditLog_resource_type(ctx, field, obj) - case "resource_id": - out.Values[i] = ec._AuditLog_resource_id(ctx, field, obj) - case "ip_address": - out.Values[i] = ec._AuditLog_ip_address(ctx, field, obj) - case "user_agent": - out.Values[i] = ec._AuditLog_user_agent(ctx, field, obj) - case "metadata": - out.Values[i] = ec._AuditLog_metadata(ctx, field, obj) + case "name": + out.Values[i] = ec._AuthzResource_name(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "description": + out.Values[i] = ec._AuthzResource_description(ctx, field, obj) case "created_at": - out.Values[i] = ec._AuditLog_created_at(ctx, field, obj) + out.Values[i] = ec._AuthzResource_created_at(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "updated_at": + out.Values[i] = ec._AuthzResource_updated_at(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } default: panic("unknown field " + strconv.Quote(field.Name)) } @@ -20682,24 +25882,80 @@ func (ec *executionContext) _AuditLog(ctx context.Context, sel ast.SelectionSet, return out } -var auditLogsImplementors = []string{"AuditLogs"} +var authzResourcesImplementors = []string{"AuthzResources"} -func (ec *executionContext) _AuditLogs(ctx context.Context, sel ast.SelectionSet, obj *model.AuditLogs) graphql.Marshaler { - fields := graphql.CollectFields(ec.OperationContext, sel, auditLogsImplementors) +func (ec *executionContext) _AuthzResources(ctx context.Context, sel ast.SelectionSet, obj *model.AuthzResources) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, authzResourcesImplementors) + + out := graphql.NewFieldSet(fields) + deferred := make(map[string]*graphql.FieldSet) + for i, field := range fields { + switch field.Name { + case "__typename": + out.Values[i] = graphql.MarshalString("AuthzResources") + case "pagination": + out.Values[i] = ec._AuthzResources_pagination(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "resources": + out.Values[i] = ec._AuthzResources_resources(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + default: + panic("unknown field " + strconv.Quote(field.Name)) + } + } + out.Dispatch(ctx) + if out.Invalids > 0 { + return graphql.Null + } + + atomic.AddInt32(&ec.deferred, int32(len(deferred))) + + for label, dfs := range deferred { + ec.processDeferredGroup(graphql.DeferredGroup{ + Label: label, + Path: graphql.GetPath(ctx), + FieldSet: dfs, + Context: ctx, + }) + } + + return out +} + +var authzScopeImplementors = []string{"AuthzScope"} + +func (ec *executionContext) _AuthzScope(ctx context.Context, sel ast.SelectionSet, obj *model.AuthzScope) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, authzScopeImplementors) out := graphql.NewFieldSet(fields) deferred := make(map[string]*graphql.FieldSet) for i, field := range fields { switch field.Name { case "__typename": - out.Values[i] = graphql.MarshalString("AuditLogs") - case "pagination": - out.Values[i] = ec._AuditLogs_pagination(ctx, field, obj) + out.Values[i] = graphql.MarshalString("AuthzScope") + case "id": + out.Values[i] = ec._AuthzScope_id(ctx, field, obj) if out.Values[i] == graphql.Null { out.Invalids++ } - case "audit_logs": - out.Values[i] = ec._AuditLogs_audit_logs(ctx, field, obj) + case "name": + out.Values[i] = ec._AuthzScope_name(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "description": + out.Values[i] = ec._AuthzScope_description(ctx, field, obj) + case "created_at": + out.Values[i] = ec._AuthzScope_created_at(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "updated_at": + out.Values[i] = ec._AuthzScope_updated_at(ctx, field, obj) if out.Values[i] == graphql.Null { out.Invalids++ } @@ -20726,44 +25982,27 @@ func (ec *executionContext) _AuditLogs(ctx context.Context, sel ast.SelectionSet return out } -var authResponseImplementors = []string{"AuthResponse"} +var authzScopesImplementors = []string{"AuthzScopes"} -func (ec *executionContext) _AuthResponse(ctx context.Context, sel ast.SelectionSet, obj *model.AuthResponse) graphql.Marshaler { - fields := graphql.CollectFields(ec.OperationContext, sel, authResponseImplementors) +func (ec *executionContext) _AuthzScopes(ctx context.Context, sel ast.SelectionSet, obj *model.AuthzScopes) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, authzScopesImplementors) out := graphql.NewFieldSet(fields) deferred := make(map[string]*graphql.FieldSet) for i, field := range fields { switch field.Name { case "__typename": - out.Values[i] = graphql.MarshalString("AuthResponse") - case "message": - out.Values[i] = ec._AuthResponse_message(ctx, field, obj) + out.Values[i] = graphql.MarshalString("AuthzScopes") + case "pagination": + out.Values[i] = ec._AuthzScopes_pagination(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "scopes": + out.Values[i] = ec._AuthzScopes_scopes(ctx, field, obj) if out.Values[i] == graphql.Null { out.Invalids++ } - case "should_show_email_otp_screen": - out.Values[i] = ec._AuthResponse_should_show_email_otp_screen(ctx, field, obj) - case "should_show_mobile_otp_screen": - out.Values[i] = ec._AuthResponse_should_show_mobile_otp_screen(ctx, field, obj) - case "should_show_totp_screen": - out.Values[i] = ec._AuthResponse_should_show_totp_screen(ctx, field, obj) - case "access_token": - out.Values[i] = ec._AuthResponse_access_token(ctx, field, obj) - case "id_token": - out.Values[i] = ec._AuthResponse_id_token(ctx, field, obj) - case "refresh_token": - out.Values[i] = ec._AuthResponse_refresh_token(ctx, field, obj) - case "expires_in": - out.Values[i] = ec._AuthResponse_expires_in(ctx, field, obj) - case "user": - out.Values[i] = ec._AuthResponse_user(ctx, field, obj) - case "authenticator_scanner_image": - out.Values[i] = ec._AuthResponse_authenticator_scanner_image(ctx, field, obj) - case "authenticator_secret": - out.Values[i] = ec._AuthResponse_authenticator_secret(ctx, field, obj) - case "authenticator_recovery_codes": - out.Values[i] = ec._AuthResponse_authenticator_recovery_codes(ctx, field, obj) default: panic("unknown field " + strconv.Quote(field.Name)) } @@ -21667,6 +26906,90 @@ func (ec *executionContext) _Mutation(ctx context.Context, sel ast.SelectionSet) if out.Values[i] == graphql.Null { out.Invalids++ } + case "_add_resource": + out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { + return ec._Mutation__add_resource(ctx, field) + }) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "_update_resource": + out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { + return ec._Mutation__update_resource(ctx, field) + }) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "_delete_resource": + out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { + return ec._Mutation__delete_resource(ctx, field) + }) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "_add_scope": + out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { + return ec._Mutation__add_scope(ctx, field) + }) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "_update_scope": + out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { + return ec._Mutation__update_scope(ctx, field) + }) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "_delete_scope": + out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { + return ec._Mutation__delete_scope(ctx, field) + }) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "_add_policy": + out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { + return ec._Mutation__add_policy(ctx, field) + }) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "_update_policy": + out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { + return ec._Mutation__update_policy(ctx, field) + }) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "_delete_policy": + out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { + return ec._Mutation__delete_policy(ctx, field) + }) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "_add_permission": + out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { + return ec._Mutation__add_permission(ctx, field) + }) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "_update_permission": + out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { + return ec._Mutation__update_permission(ctx, field) + }) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "_delete_permission": + out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { + return ec._Mutation__delete_permission(ctx, field) + }) + if out.Values[i] == graphql.Null { + out.Invalids++ + } default: panic("unknown field " + strconv.Quote(field.Name)) } @@ -21744,6 +27067,50 @@ func (ec *executionContext) _Pagination(ctx context.Context, sel ast.SelectionSe return out } +var permissionImplementors = []string{"Permission"} + +func (ec *executionContext) _Permission(ctx context.Context, sel ast.SelectionSet, obj *model.Permission) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, permissionImplementors) + + out := graphql.NewFieldSet(fields) + deferred := make(map[string]*graphql.FieldSet) + for i, field := range fields { + switch field.Name { + case "__typename": + out.Values[i] = graphql.MarshalString("Permission") + case "resource": + out.Values[i] = ec._Permission_resource(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "scope": + out.Values[i] = ec._Permission_scope(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + default: + panic("unknown field " + strconv.Quote(field.Name)) + } + } + out.Dispatch(ctx) + if out.Invalids > 0 { + return graphql.Null + } + + atomic.AddInt32(&ec.deferred, int32(len(deferred))) + + for label, dfs := range deferred { + ec.processDeferredGroup(graphql.DeferredGroup{ + Label: label, + Path: graphql.GetPath(ctx), + FieldSet: dfs, + Context: ctx, + }) + } + + return out +} + var queryImplementors = []string{"Query"} func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) graphql.Marshaler { @@ -21882,7 +27249,117 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query__users(ctx, field) + res = ec._Query__users(ctx, field) + if res == graphql.Null { + atomic.AddUint32(&fs.Invalids, 1) + } + return res + } + + rrm := func(ctx context.Context) graphql.Marshaler { + return ec.OperationContext.RootResolverMiddleware(ctx, + func(ctx context.Context) graphql.Marshaler { return innerFunc(ctx, out) }) + } + + out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) + case "_user": + field := field + + innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + } + }() + res = ec._Query__user(ctx, field) + if res == graphql.Null { + atomic.AddUint32(&fs.Invalids, 1) + } + return res + } + + rrm := func(ctx context.Context) graphql.Marshaler { + return ec.OperationContext.RootResolverMiddleware(ctx, + func(ctx context.Context) graphql.Marshaler { return innerFunc(ctx, out) }) + } + + out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) + case "_verification_requests": + field := field + + innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + } + }() + res = ec._Query__verification_requests(ctx, field) + if res == graphql.Null { + atomic.AddUint32(&fs.Invalids, 1) + } + return res + } + + rrm := func(ctx context.Context) graphql.Marshaler { + return ec.OperationContext.RootResolverMiddleware(ctx, + func(ctx context.Context) graphql.Marshaler { return innerFunc(ctx, out) }) + } + + out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) + case "_admin_session": + field := field + + innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + } + }() + res = ec._Query__admin_session(ctx, field) + if res == graphql.Null { + atomic.AddUint32(&fs.Invalids, 1) + } + return res + } + + rrm := func(ctx context.Context) graphql.Marshaler { + return ec.OperationContext.RootResolverMiddleware(ctx, + func(ctx context.Context) graphql.Marshaler { return innerFunc(ctx, out) }) + } + + out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) + case "_env": + field := field + + innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + } + }() + res = ec._Query__env(ctx, field) + if res == graphql.Null { + atomic.AddUint32(&fs.Invalids, 1) + } + return res + } + + rrm := func(ctx context.Context) graphql.Marshaler { + return ec.OperationContext.RootResolverMiddleware(ctx, + func(ctx context.Context) graphql.Marshaler { return innerFunc(ctx, out) }) + } + + out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) + case "_webhook": + field := field + + innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + } + }() + res = ec._Query__webhook(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -21895,7 +27372,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "_user": + case "_webhooks": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -21904,7 +27381,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query__user(ctx, field) + res = ec._Query__webhooks(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -21917,7 +27394,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "_verification_requests": + case "_webhook_logs": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -21926,7 +27403,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query__verification_requests(ctx, field) + res = ec._Query__webhook_logs(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -21939,7 +27416,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "_admin_session": + case "_email_templates": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -21948,7 +27425,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query__admin_session(ctx, field) + res = ec._Query__email_templates(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -21961,7 +27438,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "_env": + case "_audit_logs": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -21970,7 +27447,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query__env(ctx, field) + res = ec._Query__audit_logs(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -21983,7 +27460,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "_webhook": + case "_resources": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -21992,7 +27469,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query__webhook(ctx, field) + res = ec._Query__resources(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -22005,7 +27482,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "_webhooks": + case "_scopes": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -22014,7 +27491,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query__webhooks(ctx, field) + res = ec._Query__scopes(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -22027,7 +27504,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "_webhook_logs": + case "_policies": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -22036,7 +27513,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query__webhook_logs(ctx, field) + res = ec._Query__policies(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -22049,7 +27526,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "_email_templates": + case "_permissions": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -22058,7 +27535,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query__email_templates(ctx, field) + res = ec._Query__permissions(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -22071,7 +27548,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "_audit_logs": + case "my_permissions": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -22080,7 +27557,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query__audit_logs(ctx, field) + res = ec._Query_my_permissions(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -22907,165 +28384,469 @@ func (ec *executionContext) ___InputValue(ctx context.Context, sel ast.Selection default: panic("unknown field " + strconv.Quote(field.Name)) } - } - out.Dispatch(ctx) - if out.Invalids > 0 { + } + out.Dispatch(ctx) + if out.Invalids > 0 { + return graphql.Null + } + + atomic.AddInt32(&ec.deferred, int32(len(deferred))) + + for label, dfs := range deferred { + ec.processDeferredGroup(graphql.DeferredGroup{ + Label: label, + Path: graphql.GetPath(ctx), + FieldSet: dfs, + Context: ctx, + }) + } + + return out +} + +var __SchemaImplementors = []string{"__Schema"} + +func (ec *executionContext) ___Schema(ctx context.Context, sel ast.SelectionSet, obj *introspection.Schema) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, __SchemaImplementors) + + out := graphql.NewFieldSet(fields) + deferred := make(map[string]*graphql.FieldSet) + for i, field := range fields { + switch field.Name { + case "__typename": + out.Values[i] = graphql.MarshalString("__Schema") + case "description": + out.Values[i] = ec.___Schema_description(ctx, field, obj) + case "types": + out.Values[i] = ec.___Schema_types(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "queryType": + out.Values[i] = ec.___Schema_queryType(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "mutationType": + out.Values[i] = ec.___Schema_mutationType(ctx, field, obj) + case "subscriptionType": + out.Values[i] = ec.___Schema_subscriptionType(ctx, field, obj) + case "directives": + out.Values[i] = ec.___Schema_directives(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + default: + panic("unknown field " + strconv.Quote(field.Name)) + } + } + out.Dispatch(ctx) + if out.Invalids > 0 { + return graphql.Null + } + + atomic.AddInt32(&ec.deferred, int32(len(deferred))) + + for label, dfs := range deferred { + ec.processDeferredGroup(graphql.DeferredGroup{ + Label: label, + Path: graphql.GetPath(ctx), + FieldSet: dfs, + Context: ctx, + }) + } + + return out +} + +var __TypeImplementors = []string{"__Type"} + +func (ec *executionContext) ___Type(ctx context.Context, sel ast.SelectionSet, obj *introspection.Type) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, __TypeImplementors) + + out := graphql.NewFieldSet(fields) + deferred := make(map[string]*graphql.FieldSet) + for i, field := range fields { + switch field.Name { + case "__typename": + out.Values[i] = graphql.MarshalString("__Type") + case "kind": + out.Values[i] = ec.___Type_kind(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "name": + out.Values[i] = ec.___Type_name(ctx, field, obj) + case "description": + out.Values[i] = ec.___Type_description(ctx, field, obj) + case "specifiedByURL": + out.Values[i] = ec.___Type_specifiedByURL(ctx, field, obj) + case "fields": + out.Values[i] = ec.___Type_fields(ctx, field, obj) + case "interfaces": + out.Values[i] = ec.___Type_interfaces(ctx, field, obj) + case "possibleTypes": + out.Values[i] = ec.___Type_possibleTypes(ctx, field, obj) + case "enumValues": + out.Values[i] = ec.___Type_enumValues(ctx, field, obj) + case "inputFields": + out.Values[i] = ec.___Type_inputFields(ctx, field, obj) + case "ofType": + out.Values[i] = ec.___Type_ofType(ctx, field, obj) + case "isOneOf": + out.Values[i] = ec.___Type_isOneOf(ctx, field, obj) + default: + panic("unknown field " + strconv.Quote(field.Name)) + } + } + out.Dispatch(ctx) + if out.Invalids > 0 { + return graphql.Null + } + + atomic.AddInt32(&ec.deferred, int32(len(deferred))) + + for label, dfs := range deferred { + ec.processDeferredGroup(graphql.DeferredGroup{ + Label: label, + Path: graphql.GetPath(ctx), + FieldSet: dfs, + Context: ctx, + }) + } + + return out +} + +// endregion **************************** object.gotpl **************************** + +// region ***************************** type.gotpl ***************************** + +func (ec *executionContext) unmarshalNAddEmailTemplateRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAddEmailTemplateRequest(ctx context.Context, v any) (model.AddEmailTemplateRequest, error) { + res, err := ec.unmarshalInputAddEmailTemplateRequest(ctx, v) + return res, graphql.ErrorOnPath(ctx, err) +} + +func (ec *executionContext) unmarshalNAddPermissionInput2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAddPermissionInput(ctx context.Context, v any) (model.AddPermissionInput, error) { + res, err := ec.unmarshalInputAddPermissionInput(ctx, v) + return res, graphql.ErrorOnPath(ctx, err) +} + +func (ec *executionContext) unmarshalNAddPolicyInput2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAddPolicyInput(ctx context.Context, v any) (model.AddPolicyInput, error) { + res, err := ec.unmarshalInputAddPolicyInput(ctx, v) + return res, graphql.ErrorOnPath(ctx, err) +} + +func (ec *executionContext) unmarshalNAddResourceInput2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAddResourceInput(ctx context.Context, v any) (model.AddResourceInput, error) { + res, err := ec.unmarshalInputAddResourceInput(ctx, v) + return res, graphql.ErrorOnPath(ctx, err) +} + +func (ec *executionContext) unmarshalNAddScopeInput2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAddScopeInput(ctx context.Context, v any) (model.AddScopeInput, error) { + res, err := ec.unmarshalInputAddScopeInput(ctx, v) + return res, graphql.ErrorOnPath(ctx, err) +} + +func (ec *executionContext) unmarshalNAddWebhookRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAddWebhookRequest(ctx context.Context, v any) (model.AddWebhookRequest, error) { + res, err := ec.unmarshalInputAddWebhookRequest(ctx, v) + return res, graphql.ErrorOnPath(ctx, err) +} + +func (ec *executionContext) unmarshalNAdminLoginRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAdminLoginRequest(ctx context.Context, v any) (model.AdminLoginRequest, error) { + res, err := ec.unmarshalInputAdminLoginRequest(ctx, v) + return res, graphql.ErrorOnPath(ctx, err) +} + +func (ec *executionContext) unmarshalNAdminSignupRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAdminSignupRequest(ctx context.Context, v any) (model.AdminSignupRequest, error) { + res, err := ec.unmarshalInputAdminSignupRequest(ctx, v) + return res, graphql.ErrorOnPath(ctx, err) +} + +func (ec *executionContext) marshalNAuditLog2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuditLogᚄ(ctx context.Context, sel ast.SelectionSet, v []*model.AuditLog) graphql.Marshaler { + ret := make(graphql.Array, len(v)) + var wg sync.WaitGroup + isLen1 := len(v) == 1 + if !isLen1 { + wg.Add(len(v)) + } + for i := range v { + i := i + fc := &graphql.FieldContext{ + Index: &i, + Result: &v[i], + } + ctx := graphql.WithFieldContext(ctx, fc) + f := func(i int) { + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = nil + } + }() + if !isLen1 { + defer wg.Done() + } + ret[i] = ec.marshalNAuditLog2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuditLog(ctx, sel, v[i]) + } + if isLen1 { + f(i) + } else { + go f(i) + } + + } + wg.Wait() + + for _, e := range ret { + if e == graphql.Null { + return graphql.Null + } + } + + return ret +} + +func (ec *executionContext) marshalNAuditLog2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuditLog(ctx context.Context, sel ast.SelectionSet, v *model.AuditLog) graphql.Marshaler { + if v == nil { + if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { + ec.Errorf(ctx, "the requested element is null which the schema does not allow") + } + return graphql.Null + } + return ec._AuditLog(ctx, sel, v) +} + +func (ec *executionContext) marshalNAuditLogs2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuditLogs(ctx context.Context, sel ast.SelectionSet, v model.AuditLogs) graphql.Marshaler { + return ec._AuditLogs(ctx, sel, &v) +} + +func (ec *executionContext) marshalNAuditLogs2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuditLogs(ctx context.Context, sel ast.SelectionSet, v *model.AuditLogs) graphql.Marshaler { + if v == nil { + if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { + ec.Errorf(ctx, "the requested element is null which the schema does not allow") + } return graphql.Null } + return ec._AuditLogs(ctx, sel, v) +} - atomic.AddInt32(&ec.deferred, int32(len(deferred))) +func (ec *executionContext) marshalNAuthResponse2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx context.Context, sel ast.SelectionSet, v model.AuthResponse) graphql.Marshaler { + return ec._AuthResponse(ctx, sel, &v) +} - for label, dfs := range deferred { - ec.processDeferredGroup(graphql.DeferredGroup{ - Label: label, - Path: graphql.GetPath(ctx), - FieldSet: dfs, - Context: ctx, - }) +func (ec *executionContext) marshalNAuthResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx context.Context, sel ast.SelectionSet, v *model.AuthResponse) graphql.Marshaler { + if v == nil { + if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { + ec.Errorf(ctx, "the requested element is null which the schema does not allow") + } + return graphql.Null } + return ec._AuthResponse(ctx, sel, v) +} - return out +func (ec *executionContext) marshalNAuthzPermission2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPermission(ctx context.Context, sel ast.SelectionSet, v model.AuthzPermission) graphql.Marshaler { + return ec._AuthzPermission(ctx, sel, &v) } -var __SchemaImplementors = []string{"__Schema"} +func (ec *executionContext) marshalNAuthzPermission2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPermissionᚄ(ctx context.Context, sel ast.SelectionSet, v []*model.AuthzPermission) graphql.Marshaler { + ret := make(graphql.Array, len(v)) + var wg sync.WaitGroup + isLen1 := len(v) == 1 + if !isLen1 { + wg.Add(len(v)) + } + for i := range v { + i := i + fc := &graphql.FieldContext{ + Index: &i, + Result: &v[i], + } + ctx := graphql.WithFieldContext(ctx, fc) + f := func(i int) { + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = nil + } + }() + if !isLen1 { + defer wg.Done() + } + ret[i] = ec.marshalNAuthzPermission2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPermission(ctx, sel, v[i]) + } + if isLen1 { + f(i) + } else { + go f(i) + } -func (ec *executionContext) ___Schema(ctx context.Context, sel ast.SelectionSet, obj *introspection.Schema) graphql.Marshaler { - fields := graphql.CollectFields(ec.OperationContext, sel, __SchemaImplementors) + } + wg.Wait() - out := graphql.NewFieldSet(fields) - deferred := make(map[string]*graphql.FieldSet) - for i, field := range fields { - switch field.Name { - case "__typename": - out.Values[i] = graphql.MarshalString("__Schema") - case "description": - out.Values[i] = ec.___Schema_description(ctx, field, obj) - case "types": - out.Values[i] = ec.___Schema_types(ctx, field, obj) - if out.Values[i] == graphql.Null { - out.Invalids++ - } - case "queryType": - out.Values[i] = ec.___Schema_queryType(ctx, field, obj) - if out.Values[i] == graphql.Null { - out.Invalids++ - } - case "mutationType": - out.Values[i] = ec.___Schema_mutationType(ctx, field, obj) - case "subscriptionType": - out.Values[i] = ec.___Schema_subscriptionType(ctx, field, obj) - case "directives": - out.Values[i] = ec.___Schema_directives(ctx, field, obj) - if out.Values[i] == graphql.Null { - out.Invalids++ - } - default: - panic("unknown field " + strconv.Quote(field.Name)) + for _, e := range ret { + if e == graphql.Null { + return graphql.Null } } - out.Dispatch(ctx) - if out.Invalids > 0 { + + return ret +} + +func (ec *executionContext) marshalNAuthzPermission2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPermission(ctx context.Context, sel ast.SelectionSet, v *model.AuthzPermission) graphql.Marshaler { + if v == nil { + if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { + ec.Errorf(ctx, "the requested element is null which the schema does not allow") + } return graphql.Null } + return ec._AuthzPermission(ctx, sel, v) +} - atomic.AddInt32(&ec.deferred, int32(len(deferred))) +func (ec *executionContext) marshalNAuthzPermissions2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPermissions(ctx context.Context, sel ast.SelectionSet, v model.AuthzPermissions) graphql.Marshaler { + return ec._AuthzPermissions(ctx, sel, &v) +} - for label, dfs := range deferred { - ec.processDeferredGroup(graphql.DeferredGroup{ - Label: label, - Path: graphql.GetPath(ctx), - FieldSet: dfs, - Context: ctx, - }) +func (ec *executionContext) marshalNAuthzPermissions2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPermissions(ctx context.Context, sel ast.SelectionSet, v *model.AuthzPermissions) graphql.Marshaler { + if v == nil { + if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { + ec.Errorf(ctx, "the requested element is null which the schema does not allow") + } + return graphql.Null } + return ec._AuthzPermissions(ctx, sel, v) +} - return out +func (ec *executionContext) marshalNAuthzPolicies2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPolicies(ctx context.Context, sel ast.SelectionSet, v model.AuthzPolicies) graphql.Marshaler { + return ec._AuthzPolicies(ctx, sel, &v) } -var __TypeImplementors = []string{"__Type"} +func (ec *executionContext) marshalNAuthzPolicies2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPolicies(ctx context.Context, sel ast.SelectionSet, v *model.AuthzPolicies) graphql.Marshaler { + if v == nil { + if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { + ec.Errorf(ctx, "the requested element is null which the schema does not allow") + } + return graphql.Null + } + return ec._AuthzPolicies(ctx, sel, v) +} -func (ec *executionContext) ___Type(ctx context.Context, sel ast.SelectionSet, obj *introspection.Type) graphql.Marshaler { - fields := graphql.CollectFields(ec.OperationContext, sel, __TypeImplementors) +func (ec *executionContext) marshalNAuthzPolicy2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPolicy(ctx context.Context, sel ast.SelectionSet, v model.AuthzPolicy) graphql.Marshaler { + return ec._AuthzPolicy(ctx, sel, &v) +} - out := graphql.NewFieldSet(fields) - deferred := make(map[string]*graphql.FieldSet) - for i, field := range fields { - switch field.Name { - case "__typename": - out.Values[i] = graphql.MarshalString("__Type") - case "kind": - out.Values[i] = ec.___Type_kind(ctx, field, obj) - if out.Values[i] == graphql.Null { - out.Invalids++ +func (ec *executionContext) marshalNAuthzPolicy2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPolicyᚄ(ctx context.Context, sel ast.SelectionSet, v []*model.AuthzPolicy) graphql.Marshaler { + ret := make(graphql.Array, len(v)) + var wg sync.WaitGroup + isLen1 := len(v) == 1 + if !isLen1 { + wg.Add(len(v)) + } + for i := range v { + i := i + fc := &graphql.FieldContext{ + Index: &i, + Result: &v[i], + } + ctx := graphql.WithFieldContext(ctx, fc) + f := func(i int) { + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = nil + } + }() + if !isLen1 { + defer wg.Done() } - case "name": - out.Values[i] = ec.___Type_name(ctx, field, obj) - case "description": - out.Values[i] = ec.___Type_description(ctx, field, obj) - case "specifiedByURL": - out.Values[i] = ec.___Type_specifiedByURL(ctx, field, obj) - case "fields": - out.Values[i] = ec.___Type_fields(ctx, field, obj) - case "interfaces": - out.Values[i] = ec.___Type_interfaces(ctx, field, obj) - case "possibleTypes": - out.Values[i] = ec.___Type_possibleTypes(ctx, field, obj) - case "enumValues": - out.Values[i] = ec.___Type_enumValues(ctx, field, obj) - case "inputFields": - out.Values[i] = ec.___Type_inputFields(ctx, field, obj) - case "ofType": - out.Values[i] = ec.___Type_ofType(ctx, field, obj) - case "isOneOf": - out.Values[i] = ec.___Type_isOneOf(ctx, field, obj) - default: - panic("unknown field " + strconv.Quote(field.Name)) + ret[i] = ec.marshalNAuthzPolicy2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPolicy(ctx, sel, v[i]) + } + if isLen1 { + f(i) + } else { + go f(i) } - } - out.Dispatch(ctx) - if out.Invalids > 0 { - return graphql.Null - } - atomic.AddInt32(&ec.deferred, int32(len(deferred))) + } + wg.Wait() - for label, dfs := range deferred { - ec.processDeferredGroup(graphql.DeferredGroup{ - Label: label, - Path: graphql.GetPath(ctx), - FieldSet: dfs, - Context: ctx, - }) + for _, e := range ret { + if e == graphql.Null { + return graphql.Null + } } - return out + return ret } -// endregion **************************** object.gotpl **************************** +func (ec *executionContext) marshalNAuthzPolicy2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPolicy(ctx context.Context, sel ast.SelectionSet, v *model.AuthzPolicy) graphql.Marshaler { + if v == nil { + if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { + ec.Errorf(ctx, "the requested element is null which the schema does not allow") + } + return graphql.Null + } + return ec._AuthzPolicy(ctx, sel, v) +} -// region ***************************** type.gotpl ***************************** +func (ec *executionContext) marshalNAuthzPolicyTarget2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPolicyTargetᚄ(ctx context.Context, sel ast.SelectionSet, v []*model.AuthzPolicyTarget) graphql.Marshaler { + ret := make(graphql.Array, len(v)) + var wg sync.WaitGroup + isLen1 := len(v) == 1 + if !isLen1 { + wg.Add(len(v)) + } + for i := range v { + i := i + fc := &graphql.FieldContext{ + Index: &i, + Result: &v[i], + } + ctx := graphql.WithFieldContext(ctx, fc) + f := func(i int) { + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = nil + } + }() + if !isLen1 { + defer wg.Done() + } + ret[i] = ec.marshalNAuthzPolicyTarget2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPolicyTarget(ctx, sel, v[i]) + } + if isLen1 { + f(i) + } else { + go f(i) + } -func (ec *executionContext) unmarshalNAddEmailTemplateRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAddEmailTemplateRequest(ctx context.Context, v any) (model.AddEmailTemplateRequest, error) { - res, err := ec.unmarshalInputAddEmailTemplateRequest(ctx, v) - return res, graphql.ErrorOnPath(ctx, err) -} + } + wg.Wait() -func (ec *executionContext) unmarshalNAddWebhookRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAddWebhookRequest(ctx context.Context, v any) (model.AddWebhookRequest, error) { - res, err := ec.unmarshalInputAddWebhookRequest(ctx, v) - return res, graphql.ErrorOnPath(ctx, err) + for _, e := range ret { + if e == graphql.Null { + return graphql.Null + } + } + + return ret } -func (ec *executionContext) unmarshalNAdminLoginRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAdminLoginRequest(ctx context.Context, v any) (model.AdminLoginRequest, error) { - res, err := ec.unmarshalInputAdminLoginRequest(ctx, v) - return res, graphql.ErrorOnPath(ctx, err) +func (ec *executionContext) marshalNAuthzPolicyTarget2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzPolicyTarget(ctx context.Context, sel ast.SelectionSet, v *model.AuthzPolicyTarget) graphql.Marshaler { + if v == nil { + if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { + ec.Errorf(ctx, "the requested element is null which the schema does not allow") + } + return graphql.Null + } + return ec._AuthzPolicyTarget(ctx, sel, v) } -func (ec *executionContext) unmarshalNAdminSignupRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAdminSignupRequest(ctx context.Context, v any) (model.AdminSignupRequest, error) { - res, err := ec.unmarshalInputAdminSignupRequest(ctx, v) - return res, graphql.ErrorOnPath(ctx, err) +func (ec *executionContext) marshalNAuthzResource2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzResource(ctx context.Context, sel ast.SelectionSet, v model.AuthzResource) graphql.Marshaler { + return ec._AuthzResource(ctx, sel, &v) } -func (ec *executionContext) marshalNAuditLog2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuditLogᚄ(ctx context.Context, sel ast.SelectionSet, v []*model.AuditLog) graphql.Marshaler { +func (ec *executionContext) marshalNAuthzResource2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzResourceᚄ(ctx context.Context, sel ast.SelectionSet, v []*model.AuthzResource) graphql.Marshaler { ret := make(graphql.Array, len(v)) var wg sync.WaitGroup isLen1 := len(v) == 1 @@ -23089,7 +28870,7 @@ func (ec *executionContext) marshalNAuditLog2ᚕᚖgithubᚗcomᚋauthorizerdev if !isLen1 { defer wg.Done() } - ret[i] = ec.marshalNAuditLog2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuditLog(ctx, sel, v[i]) + ret[i] = ec.marshalNAuthzResource2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzResource(ctx, sel, v[i]) } if isLen1 { f(i) @@ -23109,42 +28890,100 @@ func (ec *executionContext) marshalNAuditLog2ᚕᚖgithubᚗcomᚋauthorizerdev return ret } -func (ec *executionContext) marshalNAuditLog2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuditLog(ctx context.Context, sel ast.SelectionSet, v *model.AuditLog) graphql.Marshaler { +func (ec *executionContext) marshalNAuthzResource2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzResource(ctx context.Context, sel ast.SelectionSet, v *model.AuthzResource) graphql.Marshaler { if v == nil { if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { ec.Errorf(ctx, "the requested element is null which the schema does not allow") } return graphql.Null } - return ec._AuditLog(ctx, sel, v) + return ec._AuthzResource(ctx, sel, v) } -func (ec *executionContext) marshalNAuditLogs2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuditLogs(ctx context.Context, sel ast.SelectionSet, v model.AuditLogs) graphql.Marshaler { - return ec._AuditLogs(ctx, sel, &v) +func (ec *executionContext) marshalNAuthzResources2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzResources(ctx context.Context, sel ast.SelectionSet, v model.AuthzResources) graphql.Marshaler { + return ec._AuthzResources(ctx, sel, &v) } -func (ec *executionContext) marshalNAuditLogs2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuditLogs(ctx context.Context, sel ast.SelectionSet, v *model.AuditLogs) graphql.Marshaler { +func (ec *executionContext) marshalNAuthzResources2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzResources(ctx context.Context, sel ast.SelectionSet, v *model.AuthzResources) graphql.Marshaler { if v == nil { if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { ec.Errorf(ctx, "the requested element is null which the schema does not allow") } return graphql.Null } - return ec._AuditLogs(ctx, sel, v) + return ec._AuthzResources(ctx, sel, v) } -func (ec *executionContext) marshalNAuthResponse2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx context.Context, sel ast.SelectionSet, v model.AuthResponse) graphql.Marshaler { - return ec._AuthResponse(ctx, sel, &v) +func (ec *executionContext) marshalNAuthzScope2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzScope(ctx context.Context, sel ast.SelectionSet, v model.AuthzScope) graphql.Marshaler { + return ec._AuthzScope(ctx, sel, &v) } -func (ec *executionContext) marshalNAuthResponse2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthResponse(ctx context.Context, sel ast.SelectionSet, v *model.AuthResponse) graphql.Marshaler { +func (ec *executionContext) marshalNAuthzScope2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzScopeᚄ(ctx context.Context, sel ast.SelectionSet, v []*model.AuthzScope) graphql.Marshaler { + ret := make(graphql.Array, len(v)) + var wg sync.WaitGroup + isLen1 := len(v) == 1 + if !isLen1 { + wg.Add(len(v)) + } + for i := range v { + i := i + fc := &graphql.FieldContext{ + Index: &i, + Result: &v[i], + } + ctx := graphql.WithFieldContext(ctx, fc) + f := func(i int) { + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = nil + } + }() + if !isLen1 { + defer wg.Done() + } + ret[i] = ec.marshalNAuthzScope2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzScope(ctx, sel, v[i]) + } + if isLen1 { + f(i) + } else { + go f(i) + } + + } + wg.Wait() + + for _, e := range ret { + if e == graphql.Null { + return graphql.Null + } + } + + return ret +} + +func (ec *executionContext) marshalNAuthzScope2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzScope(ctx context.Context, sel ast.SelectionSet, v *model.AuthzScope) graphql.Marshaler { if v == nil { if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { ec.Errorf(ctx, "the requested element is null which the schema does not allow") } return graphql.Null } - return ec._AuthResponse(ctx, sel, v) + return ec._AuthzScope(ctx, sel, v) +} + +func (ec *executionContext) marshalNAuthzScopes2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzScopes(ctx context.Context, sel ast.SelectionSet, v model.AuthzScopes) graphql.Marshaler { + return ec._AuthzScopes(ctx, sel, &v) +} + +func (ec *executionContext) marshalNAuthzScopes2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐAuthzScopes(ctx context.Context, sel ast.SelectionSet, v *model.AuthzScopes) graphql.Marshaler { + if v == nil { + if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { + ec.Errorf(ctx, "the requested element is null which the schema does not allow") + } + return graphql.Null + } + return ec._AuthzScopes(ctx, sel, v) } func (ec *executionContext) unmarshalNBoolean2bool(ctx context.Context, v any) (bool, error) { @@ -23314,6 +29153,36 @@ func (ec *executionContext) marshalNID2string(ctx context.Context, sel ast.Selec return res } +func (ec *executionContext) unmarshalNID2ᚕstringᚄ(ctx context.Context, v any) ([]string, error) { + var vSlice []any + vSlice = graphql.CoerceList(v) + var err error + res := make([]string, len(vSlice)) + for i := range vSlice { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithIndex(i)) + res[i], err = ec.unmarshalNID2string(ctx, vSlice[i]) + if err != nil { + return nil, err + } + } + return res, nil +} + +func (ec *executionContext) marshalNID2ᚕstringᚄ(ctx context.Context, sel ast.SelectionSet, v []string) graphql.Marshaler { + ret := make(graphql.Array, len(v)) + for i := range v { + ret[i] = ec.marshalNID2string(ctx, sel, v[i]) + } + + for _, e := range ret { + if e == graphql.Null { + return graphql.Null + } + } + + return ret +} + func (ec *executionContext) unmarshalNInt642int64(ctx context.Context, v any) (int64, error) { res, err := graphql.UnmarshalInt64(v) return res, graphql.ErrorOnPath(ctx, err) @@ -23393,6 +29262,85 @@ func (ec *executionContext) marshalNPagination2ᚖgithubᚗcomᚋauthorizerdev return ec._Pagination(ctx, sel, v) } +func (ec *executionContext) marshalNPermission2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPermissionᚄ(ctx context.Context, sel ast.SelectionSet, v []*model.Permission) graphql.Marshaler { + ret := make(graphql.Array, len(v)) + var wg sync.WaitGroup + isLen1 := len(v) == 1 + if !isLen1 { + wg.Add(len(v)) + } + for i := range v { + i := i + fc := &graphql.FieldContext{ + Index: &i, + Result: &v[i], + } + ctx := graphql.WithFieldContext(ctx, fc) + f := func(i int) { + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = nil + } + }() + if !isLen1 { + defer wg.Done() + } + ret[i] = ec.marshalNPermission2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPermission(ctx, sel, v[i]) + } + if isLen1 { + f(i) + } else { + go f(i) + } + + } + wg.Wait() + + for _, e := range ret { + if e == graphql.Null { + return graphql.Null + } + } + + return ret +} + +func (ec *executionContext) marshalNPermission2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPermission(ctx context.Context, sel ast.SelectionSet, v *model.Permission) graphql.Marshaler { + if v == nil { + if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { + ec.Errorf(ctx, "the requested element is null which the schema does not allow") + } + return graphql.Null + } + return ec._Permission(ctx, sel, v) +} + +func (ec *executionContext) unmarshalNPermissionInput2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPermissionInput(ctx context.Context, v any) (*model.PermissionInput, error) { + res, err := ec.unmarshalInputPermissionInput(ctx, v) + return &res, graphql.ErrorOnPath(ctx, err) +} + +func (ec *executionContext) unmarshalNPolicyTargetInput2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPolicyTargetInputᚄ(ctx context.Context, v any) ([]*model.PolicyTargetInput, error) { + var vSlice []any + vSlice = graphql.CoerceList(v) + var err error + res := make([]*model.PolicyTargetInput, len(vSlice)) + for i := range vSlice { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithIndex(i)) + res[i], err = ec.unmarshalNPolicyTargetInput2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPolicyTargetInput(ctx, vSlice[i]) + if err != nil { + return nil, err + } + } + return res, nil +} + +func (ec *executionContext) unmarshalNPolicyTargetInput2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPolicyTargetInput(ctx context.Context, v any) (*model.PolicyTargetInput, error) { + res, err := ec.unmarshalInputPolicyTargetInput(ctx, v) + return &res, graphql.ErrorOnPath(ctx, err) +} + func (ec *executionContext) unmarshalNResendOTPRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐResendOTPRequest(ctx context.Context, v any) (model.ResendOTPRequest, error) { res, err := ec.unmarshalInputResendOTPRequest(ctx, v) return res, graphql.ErrorOnPath(ctx, err) @@ -23507,11 +29455,31 @@ func (ec *executionContext) unmarshalNUpdateEnvRequest2githubᚗcomᚋauthorizer return res, graphql.ErrorOnPath(ctx, err) } +func (ec *executionContext) unmarshalNUpdatePermissionInput2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdatePermissionInput(ctx context.Context, v any) (model.UpdatePermissionInput, error) { + res, err := ec.unmarshalInputUpdatePermissionInput(ctx, v) + return res, graphql.ErrorOnPath(ctx, err) +} + +func (ec *executionContext) unmarshalNUpdatePolicyInput2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdatePolicyInput(ctx context.Context, v any) (model.UpdatePolicyInput, error) { + res, err := ec.unmarshalInputUpdatePolicyInput(ctx, v) + return res, graphql.ErrorOnPath(ctx, err) +} + func (ec *executionContext) unmarshalNUpdateProfileRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateProfileRequest(ctx context.Context, v any) (model.UpdateProfileRequest, error) { res, err := ec.unmarshalInputUpdateProfileRequest(ctx, v) return res, graphql.ErrorOnPath(ctx, err) } +func (ec *executionContext) unmarshalNUpdateResourceInput2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateResourceInput(ctx context.Context, v any) (model.UpdateResourceInput, error) { + res, err := ec.unmarshalInputUpdateResourceInput(ctx, v) + return res, graphql.ErrorOnPath(ctx, err) +} + +func (ec *executionContext) unmarshalNUpdateScopeInput2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateScopeInput(ctx context.Context, v any) (model.UpdateScopeInput, error) { + res, err := ec.unmarshalInputUpdateScopeInput(ctx, v) + return res, graphql.ErrorOnPath(ctx, err) +} + func (ec *executionContext) unmarshalNUpdateUserRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐUpdateUserRequest(ctx context.Context, v any) (model.UpdateUserRequest, error) { res, err := ec.unmarshalInputUpdateUserRequest(ctx, v) return res, graphql.ErrorOnPath(ctx, err) @@ -24133,6 +30101,42 @@ func (ec *executionContext) marshalOBoolean2ᚖbool(ctx context.Context, sel ast return res } +func (ec *executionContext) unmarshalOID2ᚕstringᚄ(ctx context.Context, v any) ([]string, error) { + if v == nil { + return nil, nil + } + var vSlice []any + vSlice = graphql.CoerceList(v) + var err error + res := make([]string, len(vSlice)) + for i := range vSlice { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithIndex(i)) + res[i], err = ec.unmarshalNID2string(ctx, vSlice[i]) + if err != nil { + return nil, err + } + } + return res, nil +} + +func (ec *executionContext) marshalOID2ᚕstringᚄ(ctx context.Context, sel ast.SelectionSet, v []string) graphql.Marshaler { + if v == nil { + return graphql.Null + } + ret := make(graphql.Array, len(v)) + for i := range v { + ret[i] = ec.marshalNID2string(ctx, sel, v[i]) + } + + for _, e := range ret { + if e == graphql.Null { + return graphql.Null + } + } + + return ret +} + func (ec *executionContext) unmarshalOID2ᚖstring(ctx context.Context, v any) (*string, error) { if v == nil { return nil, nil @@ -24227,6 +30231,42 @@ func (ec *executionContext) unmarshalOPaginationRequest2ᚖgithubᚗcomᚋauthor return &res, graphql.ErrorOnPath(ctx, err) } +func (ec *executionContext) unmarshalOPermissionInput2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPermissionInputᚄ(ctx context.Context, v any) ([]*model.PermissionInput, error) { + if v == nil { + return nil, nil + } + var vSlice []any + vSlice = graphql.CoerceList(v) + var err error + res := make([]*model.PermissionInput, len(vSlice)) + for i := range vSlice { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithIndex(i)) + res[i], err = ec.unmarshalNPermissionInput2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPermissionInput(ctx, vSlice[i]) + if err != nil { + return nil, err + } + } + return res, nil +} + +func (ec *executionContext) unmarshalOPolicyTargetInput2ᚕᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPolicyTargetInputᚄ(ctx context.Context, v any) ([]*model.PolicyTargetInput, error) { + if v == nil { + return nil, nil + } + var vSlice []any + vSlice = graphql.CoerceList(v) + var err error + res := make([]*model.PolicyTargetInput, len(vSlice)) + for i := range vSlice { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithIndex(i)) + res[i], err = ec.unmarshalNPolicyTargetInput2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐPolicyTargetInput(ctx, vSlice[i]) + if err != nil { + return nil, err + } + } + return res, nil +} + func (ec *executionContext) unmarshalOSessionQueryRequest2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋinternalᚋgraphᚋmodelᚐSessionQueryRequest(ctx context.Context, v any) (*model.SessionQueryRequest, error) { if v == nil { return nil, nil diff --git a/internal/graph/model/models_gen.go b/internal/graph/model/models_gen.go index 8c2ada58..028a0b1a 100644 --- a/internal/graph/model/models_gen.go +++ b/internal/graph/model/models_gen.go @@ -9,6 +9,34 @@ type AddEmailTemplateRequest struct { Design *string `json:"design,omitempty"` } +type AddPermissionInput struct { + Name string `json:"name"` + Description *string `json:"description,omitempty"` + ResourceID string `json:"resource_id"` + ScopeIds []string `json:"scope_ids"` + PolicyIds []string `json:"policy_ids"` + DecisionStrategy *string `json:"decision_strategy,omitempty"` +} + +type AddPolicyInput struct { + Name string `json:"name"` + Description *string `json:"description,omitempty"` + Type string `json:"type"` + Logic *string `json:"logic,omitempty"` + DecisionStrategy *string `json:"decision_strategy,omitempty"` + Targets []*PolicyTargetInput `json:"targets"` +} + +type AddResourceInput struct { + Name string `json:"name"` + Description *string `json:"description,omitempty"` +} + +type AddScopeInput struct { + Name string `json:"name"` + Description *string `json:"description,omitempty"` +} + type AddWebhookRequest struct { EventName string `json:"event_name"` EventDescription *string `json:"event_description,omitempty"` @@ -59,6 +87,72 @@ type AuthResponse struct { AuthenticatorRecoveryCodes []*string `json:"authenticator_recovery_codes,omitempty"` } +type AuthzPermission struct { + ID string `json:"id"` + Name string `json:"name"` + Description *string `json:"description,omitempty"` + Resource *AuthzResource `json:"resource"` + Scopes []*AuthzScope `json:"scopes"` + Policies []*AuthzPolicy `json:"policies"` + DecisionStrategy string `json:"decision_strategy"` + CreatedAt int64 `json:"created_at"` + UpdatedAt int64 `json:"updated_at"` +} + +type AuthzPermissions struct { + Pagination *Pagination `json:"pagination"` + Permissions []*AuthzPermission `json:"permissions"` +} + +type AuthzPolicies struct { + Pagination *Pagination `json:"pagination"` + Policies []*AuthzPolicy `json:"policies"` +} + +type AuthzPolicy struct { + ID string `json:"id"` + Name string `json:"name"` + Description *string `json:"description,omitempty"` + Type string `json:"type"` + Logic string `json:"logic"` + DecisionStrategy string `json:"decision_strategy"` + Targets []*AuthzPolicyTarget `json:"targets"` + CreatedAt int64 `json:"created_at"` + UpdatedAt int64 `json:"updated_at"` +} + +type AuthzPolicyTarget struct { + ID string `json:"id"` + TargetType string `json:"target_type"` + TargetValue string `json:"target_value"` +} + +type AuthzResource struct { + ID string `json:"id"` + Name string `json:"name"` + Description *string `json:"description,omitempty"` + CreatedAt int64 `json:"created_at"` + UpdatedAt int64 `json:"updated_at"` +} + +type AuthzResources struct { + Pagination *Pagination `json:"pagination"` + Resources []*AuthzResource `json:"resources"` +} + +type AuthzScope struct { + ID string `json:"id"` + Name string `json:"name"` + Description *string `json:"description,omitempty"` + CreatedAt int64 `json:"created_at"` + UpdatedAt int64 `json:"updated_at"` +} + +type AuthzScopes struct { + Pagination *Pagination `json:"pagination"` + Scopes []*AuthzScope `json:"scopes"` +} + type DeleteEmailTemplateRequest struct { ID string `json:"id"` } @@ -304,6 +398,21 @@ type PaginationRequest struct { Page *int64 `json:"page,omitempty"` } +type Permission struct { + Resource string `json:"resource"` + Scope string `json:"scope"` +} + +type PermissionInput struct { + Resource string `json:"resource"` + Scope string `json:"scope"` +} + +type PolicyTargetInput struct { + TargetType string `json:"target_type"` + TargetValue string `json:"target_value"` +} + type Query struct { } @@ -332,9 +441,10 @@ type Response struct { } type SessionQueryRequest struct { - Roles []string `json:"roles,omitempty"` - Scope []string `json:"scope,omitempty"` - State *string `json:"state,omitempty"` + Roles []string `json:"roles,omitempty"` + Scope []string `json:"scope,omitempty"` + State *string `json:"state,omitempty"` + RequiredPermissions []*PermissionInput `json:"required_permissions,omitempty"` } type SignUpRequest struct { @@ -446,6 +556,24 @@ type UpdateEnvRequest struct { DisableTotpLogin *bool `json:"DISABLE_TOTP_LOGIN,omitempty"` } +type UpdatePermissionInput struct { + ID string `json:"id"` + Name *string `json:"name,omitempty"` + Description *string `json:"description,omitempty"` + ScopeIds []string `json:"scope_ids,omitempty"` + PolicyIds []string `json:"policy_ids,omitempty"` + DecisionStrategy *string `json:"decision_strategy,omitempty"` +} + +type UpdatePolicyInput struct { + ID string `json:"id"` + Name *string `json:"name,omitempty"` + Description *string `json:"description,omitempty"` + Logic *string `json:"logic,omitempty"` + DecisionStrategy *string `json:"decision_strategy,omitempty"` + Targets []*PolicyTargetInput `json:"targets,omitempty"` +} + type UpdateProfileRequest struct { OldPassword *string `json:"old_password,omitempty"` NewPassword *string `json:"new_password,omitempty"` @@ -463,6 +591,18 @@ type UpdateProfileRequest struct { AppData map[string]any `json:"app_data,omitempty"` } +type UpdateResourceInput struct { + ID string `json:"id"` + Name *string `json:"name,omitempty"` + Description *string `json:"description,omitempty"` +} + +type UpdateScopeInput struct { + ID string `json:"id"` + Name *string `json:"name,omitempty"` + Description *string `json:"description,omitempty"` +} + type UpdateUserRequest struct { ID string `json:"id"` Email *string `json:"email,omitempty"` @@ -519,9 +659,10 @@ type Users struct { } type ValidateJWTTokenRequest struct { - TokenType string `json:"token_type"` - Token string `json:"token"` - Roles []string `json:"roles,omitempty"` + TokenType string `json:"token_type"` + Token string `json:"token"` + Roles []string `json:"roles,omitempty"` + RequiredPermissions []*PermissionInput `json:"required_permissions,omitempty"` } type ValidateJWTTokenResponse struct { @@ -530,8 +671,9 @@ type ValidateJWTTokenResponse struct { } type ValidateSessionRequest struct { - Cookie string `json:"cookie"` - Roles []string `json:"roles,omitempty"` + Cookie string `json:"cookie"` + Roles []string `json:"roles,omitempty"` + RequiredPermissions []*PermissionInput `json:"required_permissions,omitempty"` } type ValidateSessionResponse struct { diff --git a/internal/graph/schema.graphqls b/internal/graph/schema.graphqls index 44e232d1..3b41638a 100644 --- a/internal/graph/schema.graphqls +++ b/internal/graph/schema.graphqls @@ -510,6 +510,10 @@ input SessionQueryRequest { # when a session already exists and the login UI auto-detects it, # passing state ensures the authorization code state is properly stored state: String + # required_permissions is an optional list of resource:scope pairs that + # must all be granted to the principal. If any is denied the query returns + # unauthorized (AND semantics, matching the roles filter). + required_permissions: [PermissionInput!] } input PaginationRequest { @@ -538,11 +542,13 @@ input ValidateJWTTokenRequest { token_type: String! token: String! roles: [String!] + required_permissions: [PermissionInput!] } input ValidateSessionRequest { cookie: String! roles: [String!] + required_permissions: [PermissionInput!] } input GenerateJWTKeysRequest { @@ -641,6 +647,145 @@ input GetUserRequest { email: String } +type AuthzResource { + id: ID! + name: String! + description: String + created_at: Int64! + updated_at: Int64! +} + +type AuthzResources { + pagination: Pagination! + resources: [AuthzResource!]! +} + +type AuthzScope { + id: ID! + name: String! + description: String + created_at: Int64! + updated_at: Int64! +} + +type AuthzScopes { + pagination: Pagination! + scopes: [AuthzScope!]! +} + +type AuthzPolicyTarget { + id: ID! + target_type: String! + target_value: String! +} + +type AuthzPolicy { + id: ID! + name: String! + description: String + type: String! + logic: String! + decision_strategy: String! + targets: [AuthzPolicyTarget!]! + created_at: Int64! + updated_at: Int64! +} + +type AuthzPolicies { + pagination: Pagination! + policies: [AuthzPolicy!]! +} + +type AuthzPermission { + id: ID! + name: String! + description: String + resource: AuthzResource! + scopes: [AuthzScope!]! + policies: [AuthzPolicy!]! + decision_strategy: String! + created_at: Int64! + updated_at: Int64! +} + +type AuthzPermissions { + pagination: Pagination! + permissions: [AuthzPermission!]! +} + +type Permission { + resource: String! + scope: String! +} + +input AddResourceInput { + name: String! + description: String +} + +input UpdateResourceInput { + id: ID! + name: String + description: String +} + +input AddScopeInput { + name: String! + description: String +} + +input UpdateScopeInput { + id: ID! + name: String + description: String +} + +input PolicyTargetInput { + target_type: String! + target_value: String! +} + +input AddPolicyInput { + name: String! + description: String + type: String! + logic: String + decision_strategy: String + targets: [PolicyTargetInput!]! +} + +input UpdatePolicyInput { + id: ID! + name: String + description: String + logic: String + decision_strategy: String + targets: [PolicyTargetInput!] +} + +input AddPermissionInput { + name: String! + description: String + resource_id: ID! + scope_ids: [ID!]! + policy_ids: [ID!]! + decision_strategy: String +} + +input UpdatePermissionInput { + id: ID! + name: String + description: String + scope_ids: [ID!] + policy_ids: [ID!] + decision_strategy: String +} + +input PermissionInput { + resource: String! + scope: String! +} + type Mutation { signup(params: SignUpRequest!): AuthResponse! # Deprecated from v1.2.0 @@ -680,6 +825,22 @@ type Mutation { _add_email_template(params: AddEmailTemplateRequest!): Response! _update_email_template(params: UpdateEmailTemplateRequest!): Response! _delete_email_template(params: DeleteEmailTemplateRequest!): Response! + # Authorization: Resources + _add_resource(params: AddResourceInput!): AuthzResource! + _update_resource(params: UpdateResourceInput!): AuthzResource! + _delete_resource(id: ID!): Response! + # Authorization: Scopes + _add_scope(params: AddScopeInput!): AuthzScope! + _update_scope(params: UpdateScopeInput!): AuthzScope! + _delete_scope(id: ID!): Response! + # Authorization: Policies + _add_policy(params: AddPolicyInput!): AuthzPolicy! + _update_policy(params: UpdatePolicyInput!): AuthzPolicy! + _delete_policy(id: ID!): Response! + # Authorization: Permissions + _add_permission(params: AddPermissionInput!): AuthzPermission! + _update_permission(params: UpdatePermissionInput!): AuthzPermission! + _delete_permission(id: ID!): Response! } type Query { @@ -700,4 +861,11 @@ type Query { _webhook_logs(params: ListWebhookLogRequest): WebhookLogs! _email_templates(params: PaginatedRequest): EmailTemplates! _audit_logs(params: ListAuditLogRequest): AuditLogs! + # Authorization: Admin queries + _resources(params: PaginatedRequest): AuthzResources! + _scopes(params: PaginatedRequest): AuthzScopes! + _policies(params: PaginatedRequest): AuthzPolicies! + _permissions(params: PaginatedRequest): AuthzPermissions! + # Authorization: User-facing queries + my_permissions: [Permission!]! } diff --git a/internal/graph/schema.resolvers.go b/internal/graph/schema.resolvers.go index f931d469..2cd65d23 100644 --- a/internal/graph/schema.resolvers.go +++ b/internal/graph/schema.resolvers.go @@ -172,6 +172,66 @@ func (r *mutationResolver) DeleteEmailTemplate(ctx context.Context, params model return r.GraphQLProvider.DeleteEmailTemplate(ctx, ¶ms) } +// AddResource is the resolver for the _add_resource field. +func (r *mutationResolver) AddResource(ctx context.Context, params model.AddResourceInput) (*model.AuthzResource, error) { + return r.GraphQLProvider.AddResource(ctx, ¶ms) +} + +// UpdateResource is the resolver for the _update_resource field. +func (r *mutationResolver) UpdateResource(ctx context.Context, params model.UpdateResourceInput) (*model.AuthzResource, error) { + return r.GraphQLProvider.UpdateResource(ctx, ¶ms) +} + +// DeleteResource is the resolver for the _delete_resource field. +func (r *mutationResolver) DeleteResource(ctx context.Context, id string) (*model.Response, error) { + return r.GraphQLProvider.DeleteResource(ctx, id) +} + +// AddScope is the resolver for the _add_scope field. +func (r *mutationResolver) AddScope(ctx context.Context, params model.AddScopeInput) (*model.AuthzScope, error) { + return r.GraphQLProvider.AddScope(ctx, ¶ms) +} + +// UpdateScope is the resolver for the _update_scope field. +func (r *mutationResolver) UpdateScope(ctx context.Context, params model.UpdateScopeInput) (*model.AuthzScope, error) { + return r.GraphQLProvider.UpdateScope(ctx, ¶ms) +} + +// DeleteScope is the resolver for the _delete_scope field. +func (r *mutationResolver) DeleteScope(ctx context.Context, id string) (*model.Response, error) { + return r.GraphQLProvider.DeleteScope(ctx, id) +} + +// AddPolicy is the resolver for the _add_policy field. +func (r *mutationResolver) AddPolicy(ctx context.Context, params model.AddPolicyInput) (*model.AuthzPolicy, error) { + return r.GraphQLProvider.AddPolicy(ctx, ¶ms) +} + +// UpdatePolicy is the resolver for the _update_policy field. +func (r *mutationResolver) UpdatePolicy(ctx context.Context, params model.UpdatePolicyInput) (*model.AuthzPolicy, error) { + return r.GraphQLProvider.UpdatePolicy(ctx, ¶ms) +} + +// DeletePolicy is the resolver for the _delete_policy field. +func (r *mutationResolver) DeletePolicy(ctx context.Context, id string) (*model.Response, error) { + return r.GraphQLProvider.DeletePolicy(ctx, id) +} + +// AddPermission is the resolver for the _add_permission field. +func (r *mutationResolver) AddPermission(ctx context.Context, params model.AddPermissionInput) (*model.AuthzPermission, error) { + return r.GraphQLProvider.AddPermission(ctx, ¶ms) +} + +// UpdatePermission is the resolver for the _update_permission field. +func (r *mutationResolver) UpdatePermission(ctx context.Context, params model.UpdatePermissionInput) (*model.AuthzPermission, error) { + return r.GraphQLProvider.UpdatePermission(ctx, ¶ms) +} + +// DeletePermission is the resolver for the _delete_permission field. +func (r *mutationResolver) DeletePermission(ctx context.Context, id string) (*model.Response, error) { + return r.GraphQLProvider.DeletePermission(ctx, id) +} + // Meta is the resolver for the meta field. func (r *queryResolver) Meta(ctx context.Context) (*model.Meta, error) { return r.GraphQLProvider.Meta(ctx) @@ -247,6 +307,31 @@ func (r *queryResolver) AuditLogs(ctx context.Context, params *model.ListAuditLo return r.GraphQLProvider.AuditLogs(ctx, params) } +// Resources is the resolver for the _resources field. +func (r *queryResolver) Resources(ctx context.Context, params *model.PaginatedRequest) (*model.AuthzResources, error) { + return r.GraphQLProvider.Resources(ctx, params) +} + +// Scopes is the resolver for the _scopes field. +func (r *queryResolver) Scopes(ctx context.Context, params *model.PaginatedRequest) (*model.AuthzScopes, error) { + return r.GraphQLProvider.Scopes(ctx, params) +} + +// Policies is the resolver for the _policies field. +func (r *queryResolver) Policies(ctx context.Context, params *model.PaginatedRequest) (*model.AuthzPolicies, error) { + return r.GraphQLProvider.Policies(ctx, params) +} + +// Permissions is the resolver for the _permissions field. +func (r *queryResolver) Permissions(ctx context.Context, params *model.PaginatedRequest) (*model.AuthzPermissions, error) { + return r.GraphQLProvider.Permissions(ctx, params) +} + +// MyPermissions is the resolver for the my_permissions field. +func (r *queryResolver) MyPermissions(ctx context.Context) ([]*model.Permission, error) { + return r.GraphQLProvider.MyPermissions(ctx) +} + // Mutation returns generated.MutationResolver implementation. func (r *Resolver) Mutation() generated.MutationResolver { return &mutationResolver{r} } diff --git a/internal/graphql/add_permission.go b/internal/graphql/add_permission.go new file mode 100644 index 00000000..4bc3e9c0 --- /dev/null +++ b/internal/graphql/add_permission.go @@ -0,0 +1,176 @@ +package graphql + +import ( + "context" + "fmt" + "strings" + "unicode" + + "github.com/authorizerdev/authorizer/internal/audit" + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// AddPermission is the method to create a new authorization permission +// binding a resource to scopes and policies. +// Permissions: authorizer:admin +func (g *graphqlProvider) AddPermission(ctx context.Context, params *model.AddPermissionInput) (*model.AuthzPermission, error) { + log := g.Log.With().Str("func", "AddPermission").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + if !g.TokenProvider.IsSuperAdmin(gc) { + log.Debug().Msg("Not logged in as super admin") + return nil, fmt.Errorf("unauthorized") + } + + name := strings.TrimSpace(params.Name) + if name == "" { + return nil, fmt.Errorf("permission name is required") + } + if len(name) > constants.MaxAuthzIdentifierLength { + return nil, fmt.Errorf("invalid name: must be %d characters or fewer", constants.MaxAuthzIdentifierLength) + } + for _, r := range name { + if !unicode.IsLetter(r) && !unicode.IsDigit(r) && r != '-' && r != '_' { + return nil, fmt.Errorf("invalid name: must contain only letters, digits, hyphens, and underscores") + } + } + + if strings.TrimSpace(params.ResourceID) == "" { + return nil, fmt.Errorf("resource_id is required") + } + + if len(params.ScopeIds) == 0 { + return nil, fmt.Errorf("at least one scope_id is required") + } + + if len(params.PolicyIds) == 0 { + return nil, fmt.Errorf("at least one policy_id is required") + } + + description := "" + if params.Description != nil { + description = *params.Description + } + + decisionStrategy := constants.DecisionStrategyAffirmative + if params.DecisionStrategy != nil { + decisionStrategy = *params.DecisionStrategy + } + if decisionStrategy != constants.DecisionStrategyAffirmative && decisionStrategy != constants.DecisionStrategyUnanimous { + return nil, fmt.Errorf("invalid decision strategy: must be '%s' or '%s'", + constants.DecisionStrategyAffirmative, constants.DecisionStrategyUnanimous) + } + + // Verify resource exists + resource, err := g.StorageProvider.GetResourceByID(ctx, params.ResourceID) + if err != nil { + log.Debug().Err(err).Msg("Failed to get resource by ID") + return nil, fmt.Errorf("resource not found: %s", params.ResourceID) + } + + permission, err := g.StorageProvider.AddPermission(ctx, &schemas.Permission{ + Name: name, + Description: description, + ResourceID: params.ResourceID, + DecisionStrategy: decisionStrategy, + }) + if err != nil { + log.Debug().Err(err).Msg("Failed to add permission") + return nil, err + } + + // Attach scopes + policies. The storage layer does not expose transactions + // across these provider-level calls, so a failure mid-attach would leave + // the newly created permission row orphaned (present but with partial or + // no scope/policy links). To keep the system consistent we compensate by + // deleting the permission when any attach step fails. The delete uses + // context.Background() so it survives request cancellation (mirrors the + // pattern already used for InvalidateCache below). If the compensation + // itself fails, log at ERROR level so operators can manually clean up, + // but still return the ORIGINAL error — that is the failure operators + // need to see first. + apiScopes, apiPolicies, err := g.attachPermissionScopesAndPolicies(ctx, permission.ID, params) + if err != nil { + if delErr := g.StorageProvider.DeletePermission(context.Background(), permission.ID); delErr != nil { + log.Error(). + Err(delErr). + Str("permission_id", permission.ID). + Msg("failed to roll back orphaned permission after partial AddPermission failure; manual cleanup required") + } + return nil, err + } + + g.AuthorizationProvider.InvalidateCache(context.Background(), "authz:") + + g.AuditProvider.LogEvent(audit.Event{ + Action: constants.AuditAdminAuthzPermissionCreatedEvent, + ActorType: constants.AuditActorTypeAdmin, + ResourceType: constants.AuditResourceTypeAuthzPermission, + ResourceID: permission.ID, + IPAddress: utils.GetIP(gc.Request), + UserAgent: utils.GetUserAgent(gc.Request), + }) + + return permission.AsAPIPermission(resource.AsAPIResource(), apiScopes, apiPolicies), nil +} + +// attachPermissionScopesAndPolicies creates PermissionScope and PermissionPolicy +// link rows for a newly added permission and returns the API-shape scope and +// policy slices used to build the GraphQL response. It returns the first error +// encountered so the caller can roll back the permission. +func (g *graphqlProvider) attachPermissionScopesAndPolicies( + ctx context.Context, + permissionID string, + params *model.AddPermissionInput, +) ([]*model.AuthzScope, []*model.AuthzPolicy, error) { + log := g.Log.With().Str("func", "attachPermissionScopesAndPolicies").Logger() + + apiScopes := make([]*model.AuthzScope, 0, len(params.ScopeIds)) + for _, scopeID := range params.ScopeIds { + _, err := g.StorageProvider.AddPermissionScope(ctx, &schemas.PermissionScope{ + PermissionID: permissionID, + ScopeID: scopeID, + }) + if err != nil { + log.Debug().Err(err).Str("scope_id", scopeID).Msg("Failed to add permission scope") + return nil, nil, err + } + scope, err := g.StorageProvider.GetScopeByID(ctx, scopeID) + if err != nil { + log.Debug().Err(err).Str("scope_id", scopeID).Msg("Failed to get scope by ID") + return nil, nil, err + } + apiScopes = append(apiScopes, scope.AsAPIScope()) + } + + apiPolicies := make([]*model.AuthzPolicy, 0, len(params.PolicyIds)) + for _, policyID := range params.PolicyIds { + _, err := g.StorageProvider.AddPermissionPolicy(ctx, &schemas.PermissionPolicy{ + PermissionID: permissionID, + PolicyID: policyID, + }) + if err != nil { + log.Debug().Err(err).Str("policy_id", policyID).Msg("Failed to add permission policy") + return nil, nil, err + } + policy, err := g.StorageProvider.GetPolicyByID(ctx, policyID) + if err != nil { + log.Debug().Err(err).Str("policy_id", policyID).Msg("Failed to get policy by ID") + return nil, nil, err + } + targets, err := g.StorageProvider.GetPolicyTargets(ctx, policyID) + if err != nil { + log.Debug().Err(err).Str("policy_id", policyID).Msg("Failed to get policy targets") + return nil, nil, err + } + apiPolicies = append(apiPolicies, policy.AsAPIPolicy(targets)) + } + + return apiScopes, apiPolicies, nil +} diff --git a/internal/graphql/add_policy.go b/internal/graphql/add_policy.go new file mode 100644 index 00000000..5dd2e4ab --- /dev/null +++ b/internal/graphql/add_policy.go @@ -0,0 +1,122 @@ +package graphql + +import ( + "context" + "fmt" + "strings" + "unicode" + + "github.com/authorizerdev/authorizer/internal/audit" + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// AddPolicy is the method to create a new authorization policy with targets. +// Permissions: authorizer:admin +func (g *graphqlProvider) AddPolicy(ctx context.Context, params *model.AddPolicyInput) (*model.AuthzPolicy, error) { + log := g.Log.With().Str("func", "AddPolicy").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + if !g.TokenProvider.IsSuperAdmin(gc) { + log.Debug().Msg("Not logged in as super admin") + return nil, fmt.Errorf("unauthorized") + } + + name := strings.TrimSpace(params.Name) + if name == "" { + return nil, fmt.Errorf("policy name is required") + } + if len(name) > constants.MaxAuthzIdentifierLength { + return nil, fmt.Errorf("invalid name: must be %d characters or fewer", constants.MaxAuthzIdentifierLength) + } + for _, r := range name { + if !unicode.IsLetter(r) && !unicode.IsDigit(r) && r != '-' && r != '_' { + return nil, fmt.Errorf("invalid name: must contain only letters, digits, hyphens, and underscores") + } + } + + policyType := strings.TrimSpace(params.Type) + if policyType == "" { + return nil, fmt.Errorf("policy type is required") + } + validPolicyTypes := map[string]bool{ + constants.PolicyTypeRole: true, + constants.PolicyTypeUser: true, + } + if !validPolicyTypes[policyType] { + return nil, fmt.Errorf("invalid policy type: must be '%s' or '%s'", + constants.PolicyTypeRole, constants.PolicyTypeUser) + } + + description := "" + if params.Description != nil { + description = *params.Description + } + + logic := constants.PolicyLogicPositive + if params.Logic != nil { + logic = *params.Logic + } + if logic != constants.PolicyLogicPositive && logic != constants.PolicyLogicNegative { + return nil, fmt.Errorf("invalid policy logic: must be '%s' or '%s'", + constants.PolicyLogicPositive, constants.PolicyLogicNegative) + } + + decisionStrategy := constants.DecisionStrategyAffirmative + if params.DecisionStrategy != nil { + decisionStrategy = *params.DecisionStrategy + } + if decisionStrategy != constants.DecisionStrategyAffirmative && decisionStrategy != constants.DecisionStrategyUnanimous { + return nil, fmt.Errorf("invalid decision strategy: must be '%s' or '%s'", + constants.DecisionStrategyAffirmative, constants.DecisionStrategyUnanimous) + } + + if err := validatePolicyTargets(policyType, params.Targets, g.Config.Roles); err != nil { + return nil, err + } + + policy, err := g.StorageProvider.AddPolicy(ctx, &schemas.Policy{ + Name: name, + Description: description, + Type: policyType, + Logic: logic, + DecisionStrategy: decisionStrategy, + }) + if err != nil { + log.Debug().Err(err).Msg("Failed to add policy") + return nil, err + } + + // Create policy targets + var targets []*schemas.PolicyTarget + for _, t := range params.Targets { + target, err := g.StorageProvider.AddPolicyTarget(ctx, &schemas.PolicyTarget{ + PolicyID: policy.ID, + TargetType: t.TargetType, + TargetValue: t.TargetValue, + }) + if err != nil { + log.Debug().Err(err).Msg("Failed to add policy target") + return nil, err + } + targets = append(targets, target) + } + + g.AuthorizationProvider.InvalidateCache(context.Background(), "authz:") + + g.AuditProvider.LogEvent(audit.Event{ + Action: constants.AuditAdminAuthzPolicyCreatedEvent, + ActorType: constants.AuditActorTypeAdmin, + ResourceType: constants.AuditResourceTypeAuthzPolicy, + ResourceID: policy.ID, + IPAddress: utils.GetIP(gc.Request), + UserAgent: utils.GetUserAgent(gc.Request), + }) + + return policy.AsAPIPolicy(targets), nil +} diff --git a/internal/graphql/add_resource.go b/internal/graphql/add_resource.go new file mode 100644 index 00000000..1fd24237 --- /dev/null +++ b/internal/graphql/add_resource.go @@ -0,0 +1,69 @@ +package graphql + +import ( + "context" + "fmt" + "strings" + "unicode" + + "github.com/authorizerdev/authorizer/internal/audit" + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// AddResource is the method to create a new authorization resource. +// Permissions: authorizer:admin +func (g *graphqlProvider) AddResource(ctx context.Context, params *model.AddResourceInput) (*model.AuthzResource, error) { + log := g.Log.With().Str("func", "AddResource").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + if !g.TokenProvider.IsSuperAdmin(gc) { + log.Debug().Msg("Not logged in as super admin") + return nil, fmt.Errorf("unauthorized") + } + + name := strings.TrimSpace(params.Name) + if name == "" { + return nil, fmt.Errorf("resource name is required") + } + if len(name) > constants.MaxAuthzIdentifierLength { + return nil, fmt.Errorf("invalid name: must be %d characters or fewer", constants.MaxAuthzIdentifierLength) + } + for _, r := range name { + if !unicode.IsLetter(r) && !unicode.IsDigit(r) && r != '-' && r != '_' { + return nil, fmt.Errorf("invalid name: must contain only letters, digits, hyphens, and underscores") + } + } + + description := "" + if params.Description != nil { + description = *params.Description + } + + resource, err := g.StorageProvider.AddResource(ctx, &schemas.Resource{ + Name: name, + Description: description, + }) + if err != nil { + log.Debug().Err(err).Msg("Failed to add resource") + return nil, err + } + + g.AuthorizationProvider.InvalidateCache(context.Background(), "authz:") + + g.AuditProvider.LogEvent(audit.Event{ + Action: constants.AuditAdminAuthzResourceCreatedEvent, + ActorType: constants.AuditActorTypeAdmin, + ResourceType: constants.AuditResourceTypeAuthzResource, + ResourceID: resource.ID, + IPAddress: utils.GetIP(gc.Request), + UserAgent: utils.GetUserAgent(gc.Request), + }) + + return resource.AsAPIResource(), nil +} diff --git a/internal/graphql/add_scope.go b/internal/graphql/add_scope.go new file mode 100644 index 00000000..3503d3f7 --- /dev/null +++ b/internal/graphql/add_scope.go @@ -0,0 +1,69 @@ +package graphql + +import ( + "context" + "fmt" + "strings" + "unicode" + + "github.com/authorizerdev/authorizer/internal/audit" + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// AddScope is the method to create a new authorization scope. +// Permissions: authorizer:admin +func (g *graphqlProvider) AddScope(ctx context.Context, params *model.AddScopeInput) (*model.AuthzScope, error) { + log := g.Log.With().Str("func", "AddScope").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + if !g.TokenProvider.IsSuperAdmin(gc) { + log.Debug().Msg("Not logged in as super admin") + return nil, fmt.Errorf("unauthorized") + } + + name := strings.TrimSpace(params.Name) + if name == "" { + return nil, fmt.Errorf("scope name is required") + } + if len(name) > constants.MaxAuthzIdentifierLength { + return nil, fmt.Errorf("invalid name: must be %d characters or fewer", constants.MaxAuthzIdentifierLength) + } + for _, r := range name { + if !unicode.IsLetter(r) && !unicode.IsDigit(r) && r != '-' && r != '_' { + return nil, fmt.Errorf("invalid name: must contain only letters, digits, hyphens, and underscores") + } + } + + description := "" + if params.Description != nil { + description = *params.Description + } + + scope, err := g.StorageProvider.AddScope(ctx, &schemas.Scope{ + Name: name, + Description: description, + }) + if err != nil { + log.Debug().Err(err).Msg("Failed to add scope") + return nil, err + } + + g.AuthorizationProvider.InvalidateCache(context.Background(), "authz:") + + g.AuditProvider.LogEvent(audit.Event{ + Action: constants.AuditAdminAuthzScopeCreatedEvent, + ActorType: constants.AuditActorTypeAdmin, + ResourceType: constants.AuditResourceTypeAuthzScope, + ResourceID: scope.ID, + IPAddress: utils.GetIP(gc.Request), + UserAgent: utils.GetUserAgent(gc.Request), + }) + + return scope.AsAPIScope(), nil +} diff --git a/internal/graphql/delete_permission.go b/internal/graphql/delete_permission.go new file mode 100644 index 00000000..d8de0202 --- /dev/null +++ b/internal/graphql/delete_permission.go @@ -0,0 +1,65 @@ +package graphql + +import ( + "context" + "fmt" + "strings" + + "github.com/authorizerdev/authorizer/internal/audit" + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// DeletePermission is the method to delete an authorization permission. +// Permissions: authorizer:admin +func (g *graphqlProvider) DeletePermission(ctx context.Context, id string) (*model.Response, error) { + log := g.Log.With().Str("func", "DeletePermission").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + if !g.TokenProvider.IsSuperAdmin(gc) { + log.Debug().Msg("Not logged in as super admin") + return nil, fmt.Errorf("unauthorized") + } + + if strings.TrimSpace(id) == "" { + return nil, fmt.Errorf("permission ID is required") + } + + // Clean up join tables first + err = g.StorageProvider.DeletePermissionScopesByPermissionID(ctx, id) + if err != nil { + log.Debug().Err(err).Msg("Failed to delete permission scopes") + return nil, err + } + + err = g.StorageProvider.DeletePermissionPoliciesByPermissionID(ctx, id) + if err != nil { + log.Debug().Err(err).Msg("Failed to delete permission policies") + return nil, err + } + + err = g.StorageProvider.DeletePermission(ctx, id) + if err != nil { + log.Debug().Err(err).Msg("Failed to delete permission") + return nil, err + } + + g.AuthorizationProvider.InvalidateCache(context.Background(), "authz:") + + g.AuditProvider.LogEvent(audit.Event{ + Action: constants.AuditAdminAuthzPermissionDeletedEvent, + ActorType: constants.AuditActorTypeAdmin, + ResourceType: constants.AuditResourceTypeAuthzPermission, + ResourceID: id, + IPAddress: utils.GetIP(gc.Request), + UserAgent: utils.GetUserAgent(gc.Request), + }) + + return &model.Response{ + Message: "Permission deleted successfully", + }, nil +} diff --git a/internal/graphql/delete_policy.go b/internal/graphql/delete_policy.go new file mode 100644 index 00000000..4f65a9de --- /dev/null +++ b/internal/graphql/delete_policy.go @@ -0,0 +1,54 @@ +package graphql + +import ( + "context" + "fmt" + "strings" + + "github.com/authorizerdev/authorizer/internal/audit" + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// DeletePolicy is the method to delete an authorization policy. +// Permissions: authorizer:admin +func (g *graphqlProvider) DeletePolicy(ctx context.Context, id string) (*model.Response, error) { + log := g.Log.With().Str("func", "DeletePolicy").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + if !g.TokenProvider.IsSuperAdmin(gc) { + log.Debug().Msg("Not logged in as super admin") + return nil, fmt.Errorf("unauthorized") + } + + if strings.TrimSpace(id) == "" { + return nil, fmt.Errorf("policy ID is required") + } + + // DeletePolicy checks referential integrity (permission_policy refs) and + // cascade-deletes policy targets internally. + err = g.StorageProvider.DeletePolicy(ctx, id) + if err != nil { + log.Debug().Err(err).Msg("Failed to delete policy") + return nil, err + } + + g.AuthorizationProvider.InvalidateCache(context.Background(), "authz:") + + g.AuditProvider.LogEvent(audit.Event{ + Action: constants.AuditAdminAuthzPolicyDeletedEvent, + ActorType: constants.AuditActorTypeAdmin, + ResourceType: constants.AuditResourceTypeAuthzPolicy, + ResourceID: id, + IPAddress: utils.GetIP(gc.Request), + UserAgent: utils.GetUserAgent(gc.Request), + }) + + return &model.Response{ + Message: "Policy deleted successfully", + }, nil +} diff --git a/internal/graphql/delete_resource.go b/internal/graphql/delete_resource.go new file mode 100644 index 00000000..73d92035 --- /dev/null +++ b/internal/graphql/delete_resource.go @@ -0,0 +1,52 @@ +package graphql + +import ( + "context" + "fmt" + "strings" + + "github.com/authorizerdev/authorizer/internal/audit" + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// DeleteResource is the method to delete an authorization resource. +// Permissions: authorizer:admin +func (g *graphqlProvider) DeleteResource(ctx context.Context, id string) (*model.Response, error) { + log := g.Log.With().Str("func", "DeleteResource").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + if !g.TokenProvider.IsSuperAdmin(gc) { + log.Debug().Msg("Not logged in as super admin") + return nil, fmt.Errorf("unauthorized") + } + + if strings.TrimSpace(id) == "" { + return nil, fmt.Errorf("resource ID is required") + } + + err = g.StorageProvider.DeleteResource(ctx, id) + if err != nil { + log.Debug().Err(err).Msg("Failed to delete resource") + return nil, err + } + + g.AuthorizationProvider.InvalidateCache(context.Background(), "authz:") + + g.AuditProvider.LogEvent(audit.Event{ + Action: constants.AuditAdminAuthzResourceDeletedEvent, + ActorType: constants.AuditActorTypeAdmin, + ResourceType: constants.AuditResourceTypeAuthzResource, + ResourceID: id, + IPAddress: utils.GetIP(gc.Request), + UserAgent: utils.GetUserAgent(gc.Request), + }) + + return &model.Response{ + Message: "Resource deleted successfully", + }, nil +} diff --git a/internal/graphql/delete_scope.go b/internal/graphql/delete_scope.go new file mode 100644 index 00000000..c9562937 --- /dev/null +++ b/internal/graphql/delete_scope.go @@ -0,0 +1,52 @@ +package graphql + +import ( + "context" + "fmt" + "strings" + + "github.com/authorizerdev/authorizer/internal/audit" + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// DeleteScope is the method to delete an authorization scope. +// Permissions: authorizer:admin +func (g *graphqlProvider) DeleteScope(ctx context.Context, id string) (*model.Response, error) { + log := g.Log.With().Str("func", "DeleteScope").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + if !g.TokenProvider.IsSuperAdmin(gc) { + log.Debug().Msg("Not logged in as super admin") + return nil, fmt.Errorf("unauthorized") + } + + if strings.TrimSpace(id) == "" { + return nil, fmt.Errorf("scope ID is required") + } + + err = g.StorageProvider.DeleteScope(ctx, id) + if err != nil { + log.Debug().Err(err).Msg("Failed to delete scope") + return nil, err + } + + g.AuthorizationProvider.InvalidateCache(context.Background(), "authz:") + + g.AuditProvider.LogEvent(audit.Event{ + Action: constants.AuditAdminAuthzScopeDeletedEvent, + ActorType: constants.AuditActorTypeAdmin, + ResourceType: constants.AuditResourceTypeAuthzScope, + ResourceID: id, + IPAddress: utils.GetIP(gc.Request), + UserAgent: utils.GetUserAgent(gc.Request), + }) + + return &model.Response{ + Message: "Scope deleted successfully", + }, nil +} diff --git a/internal/graphql/my_permissions.go b/internal/graphql/my_permissions.go new file mode 100644 index 00000000..d4cf5e92 --- /dev/null +++ b/internal/graphql/my_permissions.go @@ -0,0 +1,62 @@ +package graphql + +import ( + "context" + "fmt" + "strings" + + "github.com/authorizerdev/authorizer/internal/authorization" + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// MyPermissions is the method to get all permissions for the authenticated user. +// Permissions: authorized user +func (g *graphqlProvider) MyPermissions(ctx context.Context) ([]*model.Permission, error) { + log := g.Log.With().Str("func", "MyPermissions").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + + tokenData, err := g.TokenProvider.GetUserIDFromSessionOrAccessToken(gc) + if err != nil { + log.Debug().Err(err).Msg("Failed to get user from token") + return nil, fmt.Errorf("unauthorized") + } + + user, err := g.StorageProvider.GetUserByID(ctx, tokenData.UserID) + if err != nil { + log.Debug().Err(err).Msg("Failed to get user by ID") + return nil, err + } + + var roles []string + if user.Roles != "" { + roles = strings.Split(user.Roles, ",") + } + + principal := &authorization.Principal{ + ID: user.ID, + Type: constants.PrincipalTypeUser, + Roles: roles, + } + + resourceScopes, err := g.AuthorizationProvider.GetPrincipalPermissions(ctx, principal) + if err != nil { + log.Debug().Err(err).Msg("Failed to get principal permissions") + return nil, err + } + + res := make([]*model.Permission, len(resourceScopes)) + for i, rs := range resourceScopes { + res[i] = &model.Permission{ + Resource: rs.Resource, + Scope: rs.Scope, + } + } + + return res, nil +} diff --git a/internal/graphql/permission_check.go b/internal/graphql/permission_check.go new file mode 100644 index 00000000..dcf27240 --- /dev/null +++ b/internal/graphql/permission_check.go @@ -0,0 +1,67 @@ +package graphql + +import ( + "context" + "errors" + + "github.com/rs/zerolog" + + "github.com/authorizerdev/authorizer/internal/authorization" + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/metrics" +) + +// enforceRequiredPermissions evaluates each required permission against the +// authorization provider with AND semantics — every entry must be allowed, +// otherwise the caller is treated as unauthorized. +// +// endpoint identifies the GraphQL operation that called this helper and +// becomes the `endpoint` label on authorizer_required_permissions_checks_total. +// It must be one of metrics.RequiredPermissionsEndpoint* — passing an +// unbounded string risks Prometheus cardinality explosion. +// +// When required is empty (the common case) callers observe no error, +// though the metric is still incremented with outcome=not_requested so +// adoption can be measured per endpoint. +// +// Each terminal return below MUST be paired with exactly one +// RecordRequiredPermissionsCheck call. The loop returns on the first +// error or deny, so per-iteration emission cannot double-count — preserve +// that invariant if you refactor. +func (g *graphqlProvider) enforceRequiredPermissions( + ctx context.Context, + log zerolog.Logger, + endpoint string, + userID string, + roles []string, + required []*model.PermissionInput, +) error { + if len(required) == 0 { + metrics.RecordRequiredPermissionsCheck(endpoint, metrics.RequiredPermissionsOutcomeNotRequested) + return nil + } + principal := &authorization.Principal{ + ID: userID, + Type: constants.PrincipalTypeUser, + Roles: roles, + } + for _, p := range required { + if p == nil { + continue + } + res, err := g.AuthorizationProvider.CheckPermission(ctx, principal, p.Resource, p.Scope) + if err != nil { + log.Debug().Err(err).Str("resource", p.Resource).Str("scope", p.Scope).Msg("required permission check errored") + metrics.RecordRequiredPermissionsCheck(endpoint, metrics.RequiredPermissionsOutcomeError) + return errors.New("unauthorized") + } + if res == nil || !res.Allowed { + log.Debug().Str("resource", p.Resource).Str("scope", p.Scope).Msg("required permission denied") + metrics.RecordRequiredPermissionsCheck(endpoint, metrics.RequiredPermissionsOutcomeDenied) + return errors.New("unauthorized") + } + } + metrics.RecordRequiredPermissionsCheck(endpoint, metrics.RequiredPermissionsOutcomeGranted) + return nil +} diff --git a/internal/graphql/permissions.go b/internal/graphql/permissions.go new file mode 100644 index 00000000..d52df923 --- /dev/null +++ b/internal/graphql/permissions.go @@ -0,0 +1,97 @@ +package graphql + +import ( + "context" + "fmt" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// Permissions is the method to list authorization permissions with pagination. +// Permissions: authorizer:admin +func (g *graphqlProvider) Permissions(ctx context.Context, params *model.PaginatedRequest) (*model.AuthzPermissions, error) { + log := g.Log.With().Str("func", "Permissions").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + if !g.TokenProvider.IsSuperAdmin(gc) { + log.Debug().Msg("Not logged in as super admin") + return nil, fmt.Errorf("unauthorized") + } + + pagination := utils.GetPagination(params) + permissions, pagination, err := g.StorageProvider.ListPermissions(ctx, pagination) + if err != nil { + log.Debug().Err(err).Msg("Failed to list permissions") + return nil, err + } + + res := make([]*model.AuthzPermission, len(permissions)) + for i, p := range permissions { + resource, err := g.StorageProvider.GetResourceByID(ctx, p.ResourceID) + if err != nil { + log.Debug().Err(err).Str("resource_id", p.ResourceID).Msg("Failed to get resource") + return nil, err + } + + apiScopes, err := g.resolvePermissionScopes(ctx, p.ID) + if err != nil { + log.Debug().Err(err).Str("permission_id", p.ID).Msg("Failed to resolve permission scopes") + return nil, err + } + + apiPolicies, err := g.resolvePermissionPolicies(ctx, p.ID) + if err != nil { + log.Debug().Err(err).Str("permission_id", p.ID).Msg("Failed to resolve permission policies") + return nil, err + } + + res[i] = p.AsAPIPermission(resource.AsAPIResource(), apiScopes, apiPolicies) + } + + return &model.AuthzPermissions{ + Pagination: pagination, + Permissions: res, + }, nil +} + +// resolvePermissionScopes resolves the scopes for a permission. +func (g *graphqlProvider) resolvePermissionScopes(ctx context.Context, permissionID string) ([]*model.AuthzScope, error) { + permissionScopes, err := g.StorageProvider.GetPermissionScopes(ctx, permissionID) + if err != nil { + return nil, err + } + apiScopes := make([]*model.AuthzScope, 0, len(permissionScopes)) + for _, ps := range permissionScopes { + scope, err := g.StorageProvider.GetScopeByID(ctx, ps.ScopeID) + if err != nil { + return nil, err + } + apiScopes = append(apiScopes, scope.AsAPIScope()) + } + return apiScopes, nil +} + +// resolvePermissionPolicies resolves the policies with their targets for a permission. +func (g *graphqlProvider) resolvePermissionPolicies(ctx context.Context, permissionID string) ([]*model.AuthzPolicy, error) { + permissionPolicies, err := g.StorageProvider.GetPermissionPolicies(ctx, permissionID) + if err != nil { + return nil, err + } + apiPolicies := make([]*model.AuthzPolicy, 0, len(permissionPolicies)) + for _, pp := range permissionPolicies { + policy, err := g.StorageProvider.GetPolicyByID(ctx, pp.PolicyID) + if err != nil { + return nil, err + } + targets, err := g.StorageProvider.GetPolicyTargets(ctx, policy.ID) + if err != nil { + return nil, err + } + apiPolicies = append(apiPolicies, policy.AsAPIPolicy(targets)) + } + return apiPolicies, nil +} diff --git a/internal/graphql/policies.go b/internal/graphql/policies.go new file mode 100644 index 00000000..5f21aa18 --- /dev/null +++ b/internal/graphql/policies.go @@ -0,0 +1,46 @@ +package graphql + +import ( + "context" + "fmt" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// Policies is the method to list authorization policies with pagination. +// Permissions: authorizer:admin +func (g *graphqlProvider) Policies(ctx context.Context, params *model.PaginatedRequest) (*model.AuthzPolicies, error) { + log := g.Log.With().Str("func", "Policies").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + if !g.TokenProvider.IsSuperAdmin(gc) { + log.Debug().Msg("Not logged in as super admin") + return nil, fmt.Errorf("unauthorized") + } + + pagination := utils.GetPagination(params) + policies, pagination, err := g.StorageProvider.ListPolicies(ctx, pagination) + if err != nil { + log.Debug().Err(err).Msg("Failed to list policies") + return nil, err + } + + res := make([]*model.AuthzPolicy, len(policies)) + for i, p := range policies { + targets, err := g.StorageProvider.GetPolicyTargets(ctx, p.ID) + if err != nil { + log.Debug().Err(err).Str("policy_id", p.ID).Msg("Failed to get policy targets") + return nil, err + } + res[i] = p.AsAPIPolicy(targets) + } + + return &model.AuthzPolicies{ + Pagination: pagination, + Policies: res, + }, nil +} diff --git a/internal/graphql/policy_targets.go b/internal/graphql/policy_targets.go new file mode 100644 index 00000000..430652da --- /dev/null +++ b/internal/graphql/policy_targets.go @@ -0,0 +1,47 @@ +package graphql + +import ( + "fmt" + "strings" + + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" +) + +// validatePolicyTargets enforces that every target on a policy is consistent +// with the policy's type and references a real value: +// +// - target_type must equal policyType (role or user) so that the storage row +// and the evaluator agree on how to match it. +// - target_value must be non-empty after trimming. +// - For role targets, target_value must be one of the configured ROLES so +// that policies cannot be silently dead — a typo'd role would evaluate to +// "no match" forever. +// +// User targets are not checked against the users table here: that lookup is +// per-target and would race with deletes, so we only enforce non-emptiness +// and let the evaluator no-op on missing IDs. +func validatePolicyTargets(policyType string, targets []*model.PolicyTargetInput, configRoles []string) error { + if len(targets) == 0 { + return fmt.Errorf("at least one policy target is required") + } + + allowedRoles := make(map[string]bool, len(configRoles)) + for _, r := range configRoles { + allowedRoles[r] = true + } + + for i, t := range targets { + if t.TargetType != policyType { + return fmt.Errorf("target %d: target_type %q does not match policy type %q", i, t.TargetType, policyType) + } + value := strings.TrimSpace(t.TargetValue) + if value == "" { + return fmt.Errorf("target %d: target_value is required", i) + } + if policyType == constants.PolicyTypeRole && !allowedRoles[value] { + return fmt.Errorf("target %d: role %q is not in configured ROLES", i, value) + } + } + return nil +} diff --git a/internal/graphql/policy_targets_test.go b/internal/graphql/policy_targets_test.go new file mode 100644 index 00000000..d1285aa1 --- /dev/null +++ b/internal/graphql/policy_targets_test.go @@ -0,0 +1,61 @@ +package graphql + +import ( + "testing" + + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/stretchr/testify/assert" +) + +func TestValidatePolicyTargets(t *testing.T) { + roles := []string{"admin", "editor", "viewer"} + + t.Run("rejects empty targets", func(t *testing.T) { + err := validatePolicyTargets(constants.PolicyTypeRole, nil, roles) + assert.Error(t, err) + }) + + t.Run("rejects target_type mismatch", func(t *testing.T) { + err := validatePolicyTargets(constants.PolicyTypeRole, []*model.PolicyTargetInput{ + {TargetType: constants.TargetTypeUser, TargetValue: "admin"}, + }, roles) + assert.ErrorContains(t, err, "does not match policy type") + }) + + t.Run("rejects empty target_value", func(t *testing.T) { + err := validatePolicyTargets(constants.PolicyTypeRole, []*model.PolicyTargetInput{ + {TargetType: constants.TargetTypeRole, TargetValue: " "}, + }, roles) + assert.ErrorContains(t, err, "target_value is required") + }) + + t.Run("rejects role not in configured ROLES", func(t *testing.T) { + err := validatePolicyTargets(constants.PolicyTypeRole, []*model.PolicyTargetInput{ + {TargetType: constants.TargetTypeRole, TargetValue: "ghost"}, + }, roles) + assert.ErrorContains(t, err, "not in configured ROLES") + }) + + t.Run("accepts role in configured ROLES", func(t *testing.T) { + err := validatePolicyTargets(constants.PolicyTypeRole, []*model.PolicyTargetInput{ + {TargetType: constants.TargetTypeRole, TargetValue: "admin"}, + {TargetType: constants.TargetTypeRole, TargetValue: "editor"}, + }, roles) + assert.NoError(t, err) + }) + + t.Run("user targets are not checked against ROLES", func(t *testing.T) { + err := validatePolicyTargets(constants.PolicyTypeUser, []*model.PolicyTargetInput{ + {TargetType: constants.TargetTypeUser, TargetValue: "6f1a2b3c-4d5e-6f70-8a9b-0c1d2e3f4a5b"}, + }, roles) + assert.NoError(t, err) + }) + + t.Run("user targets still require non-empty value", func(t *testing.T) { + err := validatePolicyTargets(constants.PolicyTypeUser, []*model.PolicyTargetInput{ + {TargetType: constants.TargetTypeUser, TargetValue: ""}, + }, roles) + assert.ErrorContains(t, err, "target_value is required") + }) +} diff --git a/internal/graphql/provider.go b/internal/graphql/provider.go index e8d2a9fa..f295a9c6 100644 --- a/internal/graphql/provider.go +++ b/internal/graphql/provider.go @@ -7,6 +7,7 @@ import ( "github.com/authorizerdev/authorizer/internal/audit" "github.com/authorizerdev/authorizer/internal/authenticators" + "github.com/authorizerdev/authorizer/internal/authorization" "github.com/authorizerdev/authorizer/internal/config" "github.com/authorizerdev/authorizer/internal/email" "github.com/authorizerdev/authorizer/internal/events" @@ -38,6 +39,8 @@ type Dependencies struct { StorageProvider storage.Provider // TokenProvider is used to generate tokens TokenProvider token.Provider + // AuthorizationProvider is used for fine-grained authorization checks + AuthorizationProvider authorization.Provider } // New constructs a new graphql provider with given arguments @@ -184,4 +187,62 @@ type Provider interface { // Webhooks is the method to list webhooks. // Permissions: authorizer:admin Webhooks(ctx context.Context, in *model.PaginatedRequest) (*model.Webhooks, error) + + // === Fine-Grained Authorization === + + // AddResource creates a new authorization resource. + // Permissions: authorizer:admin + AddResource(ctx context.Context, params *model.AddResourceInput) (*model.AuthzResource, error) + // UpdateResource updates an existing authorization resource. + // Permissions: authorizer:admin + UpdateResource(ctx context.Context, params *model.UpdateResourceInput) (*model.AuthzResource, error) + // DeleteResource deletes an authorization resource by ID. + // Permissions: authorizer:admin + DeleteResource(ctx context.Context, id string) (*model.Response, error) + // Resources lists authorization resources with pagination. + // Permissions: authorizer:admin + Resources(ctx context.Context, params *model.PaginatedRequest) (*model.AuthzResources, error) + + // AddScope creates a new authorization scope. + // Permissions: authorizer:admin + AddScope(ctx context.Context, params *model.AddScopeInput) (*model.AuthzScope, error) + // UpdateScope updates an existing authorization scope. + // Permissions: authorizer:admin + UpdateScope(ctx context.Context, params *model.UpdateScopeInput) (*model.AuthzScope, error) + // DeleteScope deletes an authorization scope by ID. + // Permissions: authorizer:admin + DeleteScope(ctx context.Context, id string) (*model.Response, error) + // Scopes lists authorization scopes with pagination. + // Permissions: authorizer:admin + Scopes(ctx context.Context, params *model.PaginatedRequest) (*model.AuthzScopes, error) + + // AddPolicy creates a new authorization policy with targets. + // Permissions: authorizer:admin + AddPolicy(ctx context.Context, params *model.AddPolicyInput) (*model.AuthzPolicy, error) + // UpdatePolicy updates an existing authorization policy. + // Permissions: authorizer:admin + UpdatePolicy(ctx context.Context, params *model.UpdatePolicyInput) (*model.AuthzPolicy, error) + // DeletePolicy deletes an authorization policy by ID. + // Permissions: authorizer:admin + DeletePolicy(ctx context.Context, id string) (*model.Response, error) + // Policies lists authorization policies with pagination. + // Permissions: authorizer:admin + Policies(ctx context.Context, params *model.PaginatedRequest) (*model.AuthzPolicies, error) + + // AddPermission creates a new authorization permission binding a resource to scopes and policies. + // Permissions: authorizer:admin + AddPermission(ctx context.Context, params *model.AddPermissionInput) (*model.AuthzPermission, error) + // UpdatePermission updates an existing authorization permission. + // Permissions: authorizer:admin + UpdatePermission(ctx context.Context, params *model.UpdatePermissionInput) (*model.AuthzPermission, error) + // DeletePermission deletes an authorization permission by ID. + // Permissions: authorizer:admin + DeletePermission(ctx context.Context, id string) (*model.Response, error) + // Permissions lists authorization permissions with pagination. + // Permissions: authorizer:admin + Permissions(ctx context.Context, params *model.PaginatedRequest) (*model.AuthzPermissions, error) + + // MyPermissions returns all resource:scope pairs the authenticated user has access to. + // Permissions: authorized user + MyPermissions(ctx context.Context) ([]*model.Permission, error) } diff --git a/internal/graphql/resources.go b/internal/graphql/resources.go new file mode 100644 index 00000000..c999fc0b --- /dev/null +++ b/internal/graphql/resources.go @@ -0,0 +1,41 @@ +package graphql + +import ( + "context" + "fmt" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// Resources is the method to list authorization resources with pagination. +// Permissions: authorizer:admin +func (g *graphqlProvider) Resources(ctx context.Context, params *model.PaginatedRequest) (*model.AuthzResources, error) { + log := g.Log.With().Str("func", "Resources").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + if !g.TokenProvider.IsSuperAdmin(gc) { + log.Debug().Msg("Not logged in as super admin") + return nil, fmt.Errorf("unauthorized") + } + + pagination := utils.GetPagination(params) + resources, pagination, err := g.StorageProvider.ListResources(ctx, pagination) + if err != nil { + log.Debug().Err(err).Msg("Failed to list resources") + return nil, err + } + + res := make([]*model.AuthzResource, len(resources)) + for i, r := range resources { + res[i] = r.AsAPIResource() + } + + return &model.AuthzResources{ + Pagination: pagination, + Resources: res, + }, nil +} diff --git a/internal/graphql/scopes.go b/internal/graphql/scopes.go new file mode 100644 index 00000000..da5054e9 --- /dev/null +++ b/internal/graphql/scopes.go @@ -0,0 +1,41 @@ +package graphql + +import ( + "context" + "fmt" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// Scopes is the method to list authorization scopes with pagination. +// Permissions: authorizer:admin +func (g *graphqlProvider) Scopes(ctx context.Context, params *model.PaginatedRequest) (*model.AuthzScopes, error) { + log := g.Log.With().Str("func", "Scopes").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + if !g.TokenProvider.IsSuperAdmin(gc) { + log.Debug().Msg("Not logged in as super admin") + return nil, fmt.Errorf("unauthorized") + } + + pagination := utils.GetPagination(params) + scopes, pagination, err := g.StorageProvider.ListScopes(ctx, pagination) + if err != nil { + log.Debug().Err(err).Msg("Failed to list scopes") + return nil, err + } + + res := make([]*model.AuthzScope, len(scopes)) + for i, s := range scopes { + res[i] = s.AsAPIScope() + } + + return &model.AuthzScopes{ + Pagination: pagination, + Scopes: res, + }, nil +} diff --git a/internal/graphql/session.go b/internal/graphql/session.go index f5ff18f9..2539f434 100644 --- a/internal/graphql/session.go +++ b/internal/graphql/session.go @@ -12,6 +12,7 @@ import ( "github.com/authorizerdev/authorizer/internal/constants" "github.com/authorizerdev/authorizer/internal/cookie" "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/metrics" "github.com/authorizerdev/authorizer/internal/parsers" "github.com/authorizerdev/authorizer/internal/refs" "github.com/authorizerdev/authorizer/internal/token" @@ -63,6 +64,12 @@ func (g *graphqlProvider) Session(ctx context.Context, params *model.SessionQuer } } + if params != nil { + if err := g.enforceRequiredPermissions(ctx, log, metrics.RequiredPermissionsEndpointSession, user.ID, claimRoles, params.RequiredPermissions); err != nil { + return nil, err + } + } + scope := []string{"openid", "email", "profile"} if params != nil && params.Scope != nil && len(params.Scope) > 0 { scope = params.Scope @@ -121,16 +128,10 @@ func (g *graphqlProvider) Session(ctx context.Context, params *model.SessionQuer } } - // rollover the session for security sessionKey := userID if claims.LoginMethod != "" { sessionKey = claims.LoginMethod + ":" + userID } - go func() { - if err := g.MemoryStoreProvider.DeleteUserSession(sessionKey, claims.Nonce); err != nil { - g.Log.Warn().Err(err).Str("session_key", sessionKey).Msg("failed to delete old session during rollover") - } - }() expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix() if expiresIn <= 0 { @@ -145,6 +146,12 @@ func (g *graphqlProvider) Session(ctx context.Context, params *model.SessionQuer User: user.AsAPIUser(), } + // Establish the new session first, then revoke the old one. Doing both + // synchronously closes the window where a stolen pre-rotation token + // remains valid alongside the rotated one; doing "new then old" avoids + // any moment where the user has no valid session token. DeleteUserSession + // is in-memory or a single Redis DEL — failure is non-fatal (log and + // continue) since the new session is already live. cookie.SetSession(gc, authToken.FingerPrintHash, g.Config.AppCookieSecure, cookie.ParseSameSite(g.Config.AppCookieSameSite)) g.MemoryStoreProvider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash, authToken.SessionTokenExpiresAt) g.MemoryStoreProvider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token, authToken.AccessToken.ExpiresAt) @@ -153,5 +160,9 @@ func (g *graphqlProvider) Session(ctx context.Context, params *model.SessionQuer res.RefreshToken = &authToken.RefreshToken.Token g.MemoryStoreProvider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token, authToken.RefreshToken.ExpiresAt) } + + if err := g.MemoryStoreProvider.DeleteUserSession(sessionKey, claims.Nonce); err != nil { + log.Warn().Err(err).Str("session_key", sessionKey).Msg("failed to delete old session during rollover") + } return res, nil } diff --git a/internal/graphql/update_permission.go b/internal/graphql/update_permission.go new file mode 100644 index 00000000..d73e954a --- /dev/null +++ b/internal/graphql/update_permission.go @@ -0,0 +1,239 @@ +package graphql + +import ( + "context" + "fmt" + "strings" + "unicode" + + "github.com/authorizerdev/authorizer/internal/audit" + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// UpdatePermission is the method to update an existing authorization permission. +// Permissions: authorizer:admin +func (g *graphqlProvider) UpdatePermission(ctx context.Context, params *model.UpdatePermissionInput) (*model.AuthzPermission, error) { + log := g.Log.With().Str("func", "UpdatePermission").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + if !g.TokenProvider.IsSuperAdmin(gc) { + log.Debug().Msg("Not logged in as super admin") + return nil, fmt.Errorf("unauthorized") + } + + if strings.TrimSpace(params.ID) == "" { + return nil, fmt.Errorf("permission ID is required") + } + + permission, err := g.StorageProvider.GetPermissionByID(ctx, params.ID) + if err != nil { + log.Debug().Err(err).Msg("Failed to get permission by ID") + return nil, err + } + + // Build a copy of the permission with the requested field changes applied. + // Persistence is deferred until AFTER the link-rebuild loops succeed so that + // a link-attach failure does not leave the row with new fields but old links. + newPermission := *permission + if params.Name != nil { + name := strings.TrimSpace(*params.Name) + if name == "" { + return nil, fmt.Errorf("permission name cannot be empty") + } + if len(name) > constants.MaxAuthzIdentifierLength { + return nil, fmt.Errorf("invalid name: must be %d characters or fewer", constants.MaxAuthzIdentifierLength) + } + for _, r := range name { + if !unicode.IsLetter(r) && !unicode.IsDigit(r) && r != '-' && r != '_' { + return nil, fmt.Errorf("invalid name: must contain only letters, digits, hyphens, and underscores") + } + } + newPermission.Name = name + } + if params.Description != nil { + newPermission.Description = *params.Description + } + if params.DecisionStrategy != nil { + ds := *params.DecisionStrategy + if ds != constants.DecisionStrategyAffirmative && ds != constants.DecisionStrategyUnanimous { + return nil, fmt.Errorf("invalid decision strategy: must be '%s' or '%s'", + constants.DecisionStrategyAffirmative, constants.DecisionStrategyUnanimous) + } + newPermission.DecisionStrategy = ds + } + + var apiScopes []*model.AuthzScope + if params.ScopeIds != nil { + if len(params.ScopeIds) == 0 { + return nil, fmt.Errorf("at least one scope_id is required") + } + apiScopes = make([]*model.AuthzScope, 0, len(params.ScopeIds)) + for _, scopeID := range params.ScopeIds { + scope, err := g.StorageProvider.GetScopeByID(ctx, scopeID) + if err != nil { + log.Debug().Err(err).Str("scope_id", scopeID).Msg("Failed to get scope by ID") + return nil, fmt.Errorf("scope not found: %s", scopeID) + } + apiScopes = append(apiScopes, scope.AsAPIScope()) + } + } + + var apiPolicies []*model.AuthzPolicy + if params.PolicyIds != nil { + if len(params.PolicyIds) == 0 { + return nil, fmt.Errorf("at least one policy_id is required") + } + apiPolicies = make([]*model.AuthzPolicy, 0, len(params.PolicyIds)) + for _, policyID := range params.PolicyIds { + policy, err := g.StorageProvider.GetPolicyByID(ctx, policyID) + if err != nil { + log.Debug().Err(err).Str("policy_id", policyID).Msg("Failed to get policy by ID") + return nil, fmt.Errorf("policy not found: %s", policyID) + } + targets, err := g.StorageProvider.GetPolicyTargets(ctx, policyID) + if err != nil { + log.Debug().Err(err).Str("policy_id", policyID).Msg("Failed to get policy targets") + return nil, err + } + apiPolicies = append(apiPolicies, policy.AsAPIPolicy(targets)) + } + } + + oldScopeLinks, err := g.StorageProvider.GetPermissionScopes(ctx, permission.ID) + if err != nil { + log.Debug().Err(err).Msg("Failed to get existing permission scopes") + return nil, err + } + oldPolicyLinks, err := g.StorageProvider.GetPermissionPolicies(ctx, permission.ID) + if err != nil { + log.Debug().Err(err).Msg("Failed to get existing permission policies") + return nil, err + } + + // Replace scopes if provided. Delete-then-add ordering avoids accumulating + // duplicates. On failure, restore the previous link sets and bail out + // WITHOUT persisting the field changes (newPermission has not been written + // yet), so the on-disk permission row remains untouched. + if params.ScopeIds != nil { + err = g.StorageProvider.DeletePermissionScopesByPermissionID(ctx, permission.ID) + if err != nil { + log.Debug().Err(err).Msg("Failed to delete existing permission scopes") + return nil, err + } + for _, scopeID := range params.ScopeIds { + _, err := g.StorageProvider.AddPermissionScope(ctx, &schemas.PermissionScope{ + PermissionID: permission.ID, + ScopeID: scopeID, + }) + if err != nil { + log.Debug().Err(err).Str("scope_id", scopeID).Msg("Failed to add permission scope") + g.rollbackPermissionLinks(permission.ID, oldScopeLinks, oldPolicyLinks) + g.AuthorizationProvider.InvalidateCache(context.Background(), "authz:") + return nil, err + } + } + } + + // Replace policies if provided. Same delete-then-add semantics as scopes. + if params.PolicyIds != nil { + err = g.StorageProvider.DeletePermissionPoliciesByPermissionID(ctx, permission.ID) + if err != nil { + log.Debug().Err(err).Msg("Failed to delete existing permission policies") + g.rollbackPermissionLinks(permission.ID, oldScopeLinks, oldPolicyLinks) + g.AuthorizationProvider.InvalidateCache(context.Background(), "authz:") + return nil, err + } + for _, policyID := range params.PolicyIds { + _, err := g.StorageProvider.AddPermissionPolicy(ctx, &schemas.PermissionPolicy{ + PermissionID: permission.ID, + PolicyID: policyID, + }) + if err != nil { + log.Debug().Err(err).Str("policy_id", policyID).Msg("Failed to add permission policy") + g.rollbackPermissionLinks(permission.ID, oldScopeLinks, oldPolicyLinks) + g.AuthorizationProvider.InvalidateCache(context.Background(), "authz:") + return nil, err + } + } + } + + // Persist the field changes only AFTER both link-rebuild loops have + // succeeded. If this fails, undo the link replacements so the permission + // row + its links remain consistent (old fields, old links). + updated, err := g.StorageProvider.UpdatePermission(ctx, &newPermission) + if err != nil { + log.Debug().Err(err).Msg("Failed to update permission") + g.rollbackPermissionLinks(permission.ID, oldScopeLinks, oldPolicyLinks) + g.AuthorizationProvider.InvalidateCache(context.Background(), "authz:") + return nil, err + } + permission = updated + + // Resolve the full permission for the response + resource, err := g.StorageProvider.GetResourceByID(ctx, permission.ResourceID) + if err != nil { + log.Debug().Err(err).Msg("Failed to get resource") + return nil, err + } + + if params.ScopeIds == nil { + apiScopes, err = g.resolvePermissionScopes(ctx, permission.ID) + if err != nil { + log.Debug().Err(err).Msg("Failed to resolve permission scopes") + return nil, err + } + } + + if params.PolicyIds == nil { + apiPolicies, err = g.resolvePermissionPolicies(ctx, permission.ID) + if err != nil { + log.Debug().Err(err).Msg("Failed to resolve permission policies") + return nil, err + } + } + + g.AuthorizationProvider.InvalidateCache(context.Background(), "authz:") + + g.AuditProvider.LogEvent(audit.Event{ + Action: constants.AuditAdminAuthzPermissionUpdatedEvent, + ActorType: constants.AuditActorTypeAdmin, + ResourceType: constants.AuditResourceTypeAuthzPermission, + ResourceID: permission.ID, + IPAddress: utils.GetIP(gc.Request), + UserAgent: utils.GetUserAgent(gc.Request), + }) + + return permission.AsAPIPermission(resource.AsAPIResource(), apiScopes, apiPolicies), nil +} + +func (g *graphqlProvider) rollbackPermissionLinks(permissionID string, scopes []*schemas.PermissionScope, policies []*schemas.PermissionPolicy) { + log := g.Log.With().Str("func", "rollbackPermissionLinks").Logger() + if err := g.StorageProvider.DeletePermissionScopesByPermissionID(context.Background(), permissionID); err != nil { + log.Error().Err(err).Str("permission_id", permissionID).Msg("failed to delete permission scopes during rollback") + } + for _, scope := range scopes { + if _, err := g.StorageProvider.AddPermissionScope(context.Background(), &schemas.PermissionScope{ + PermissionID: permissionID, + ScopeID: scope.ScopeID, + }); err != nil { + log.Error().Err(err).Str("permission_id", permissionID).Str("scope_id", scope.ScopeID).Msg("failed to restore permission scope during rollback") + } + } + if err := g.StorageProvider.DeletePermissionPoliciesByPermissionID(context.Background(), permissionID); err != nil { + log.Error().Err(err).Str("permission_id", permissionID).Msg("failed to delete permission policies during rollback") + } + for _, policy := range policies { + if _, err := g.StorageProvider.AddPermissionPolicy(context.Background(), &schemas.PermissionPolicy{ + PermissionID: permissionID, + PolicyID: policy.PolicyID, + }); err != nil { + log.Error().Err(err).Str("permission_id", permissionID).Str("policy_id", policy.PolicyID).Msg("failed to restore permission policy during rollback") + } + } +} diff --git a/internal/graphql/update_policy.go b/internal/graphql/update_policy.go new file mode 100644 index 00000000..46d88bf5 --- /dev/null +++ b/internal/graphql/update_policy.go @@ -0,0 +1,126 @@ +package graphql + +import ( + "context" + "fmt" + "strings" + "unicode" + + "github.com/authorizerdev/authorizer/internal/audit" + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// UpdatePolicy is the method to update an existing authorization policy. +// Permissions: authorizer:admin +func (g *graphqlProvider) UpdatePolicy(ctx context.Context, params *model.UpdatePolicyInput) (*model.AuthzPolicy, error) { + log := g.Log.With().Str("func", "UpdatePolicy").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + if !g.TokenProvider.IsSuperAdmin(gc) { + log.Debug().Msg("Not logged in as super admin") + return nil, fmt.Errorf("unauthorized") + } + + if strings.TrimSpace(params.ID) == "" { + return nil, fmt.Errorf("policy ID is required") + } + + policy, err := g.StorageProvider.GetPolicyByID(ctx, params.ID) + if err != nil { + log.Debug().Err(err).Msg("Failed to get policy by ID") + return nil, err + } + + if params.Name != nil { + name := strings.TrimSpace(*params.Name) + if name == "" { + return nil, fmt.Errorf("policy name cannot be empty") + } + if len(name) > constants.MaxAuthzIdentifierLength { + return nil, fmt.Errorf("invalid name: must be %d characters or fewer", constants.MaxAuthzIdentifierLength) + } + for _, r := range name { + if !unicode.IsLetter(r) && !unicode.IsDigit(r) && r != '-' && r != '_' { + return nil, fmt.Errorf("invalid name: must contain only letters, digits, hyphens, and underscores") + } + } + policy.Name = name + } + if params.Description != nil { + policy.Description = *params.Description + } + if params.Logic != nil { + logic := *params.Logic + if logic != constants.PolicyLogicPositive && logic != constants.PolicyLogicNegative { + return nil, fmt.Errorf("invalid policy logic: must be '%s' or '%s'", + constants.PolicyLogicPositive, constants.PolicyLogicNegative) + } + policy.Logic = logic + } + if params.DecisionStrategy != nil { + ds := *params.DecisionStrategy + if ds != constants.DecisionStrategyAffirmative && ds != constants.DecisionStrategyUnanimous { + return nil, fmt.Errorf("invalid decision strategy: must be '%s' or '%s'", + constants.DecisionStrategyAffirmative, constants.DecisionStrategyUnanimous) + } + policy.DecisionStrategy = ds + } + + policy, err = g.StorageProvider.UpdatePolicy(ctx, policy) + if err != nil { + log.Debug().Err(err).Msg("Failed to update policy") + return nil, err + } + + // Replace targets if provided + var targets []*schemas.PolicyTarget + if params.Targets != nil { + // Validate against the existing policy.Type — Type is immutable on update, + // so targets must conform to whatever the policy was created with. + if err := validatePolicyTargets(policy.Type, params.Targets, g.Config.Roles); err != nil { + return nil, err + } + err = g.StorageProvider.DeletePolicyTargetsByPolicyID(ctx, policy.ID) + if err != nil { + log.Debug().Err(err).Msg("Failed to delete existing policy targets") + return nil, err + } + for _, t := range params.Targets { + target, err := g.StorageProvider.AddPolicyTarget(ctx, &schemas.PolicyTarget{ + PolicyID: policy.ID, + TargetType: t.TargetType, + TargetValue: t.TargetValue, + }) + if err != nil { + log.Debug().Err(err).Msg("Failed to add policy target") + return nil, err + } + targets = append(targets, target) + } + } else { + targets, err = g.StorageProvider.GetPolicyTargets(ctx, policy.ID) + if err != nil { + log.Debug().Err(err).Msg("Failed to get policy targets") + return nil, err + } + } + + g.AuthorizationProvider.InvalidateCache(context.Background(), "authz:") + + g.AuditProvider.LogEvent(audit.Event{ + Action: constants.AuditAdminAuthzPolicyUpdatedEvent, + ActorType: constants.AuditActorTypeAdmin, + ResourceType: constants.AuditResourceTypeAuthzPolicy, + ResourceID: policy.ID, + IPAddress: utils.GetIP(gc.Request), + UserAgent: utils.GetUserAgent(gc.Request), + }) + + return policy.AsAPIPolicy(targets), nil +} diff --git a/internal/graphql/update_resource.go b/internal/graphql/update_resource.go new file mode 100644 index 00000000..5dd00897 --- /dev/null +++ b/internal/graphql/update_resource.go @@ -0,0 +1,76 @@ +package graphql + +import ( + "context" + "fmt" + "strings" + "unicode" + + "github.com/authorizerdev/authorizer/internal/audit" + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// UpdateResource is the method to update an existing authorization resource. +// Permissions: authorizer:admin +func (g *graphqlProvider) UpdateResource(ctx context.Context, params *model.UpdateResourceInput) (*model.AuthzResource, error) { + log := g.Log.With().Str("func", "UpdateResource").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + if !g.TokenProvider.IsSuperAdmin(gc) { + log.Debug().Msg("Not logged in as super admin") + return nil, fmt.Errorf("unauthorized") + } + + if strings.TrimSpace(params.ID) == "" { + return nil, fmt.Errorf("resource ID is required") + } + + resource, err := g.StorageProvider.GetResourceByID(ctx, params.ID) + if err != nil { + log.Debug().Err(err).Msg("Failed to get resource by ID") + return nil, err + } + + if params.Name != nil { + name := strings.TrimSpace(*params.Name) + if name == "" { + return nil, fmt.Errorf("resource name cannot be empty") + } + if len(name) > constants.MaxAuthzIdentifierLength { + return nil, fmt.Errorf("invalid name: must be %d characters or fewer", constants.MaxAuthzIdentifierLength) + } + for _, r := range name { + if !unicode.IsLetter(r) && !unicode.IsDigit(r) && r != '-' && r != '_' { + return nil, fmt.Errorf("invalid name: must contain only letters, digits, hyphens, and underscores") + } + } + resource.Name = name + } + if params.Description != nil { + resource.Description = *params.Description + } + + resource, err = g.StorageProvider.UpdateResource(ctx, resource) + if err != nil { + log.Debug().Err(err).Msg("Failed to update resource") + return nil, err + } + + g.AuthorizationProvider.InvalidateCache(context.Background(), "authz:") + + g.AuditProvider.LogEvent(audit.Event{ + Action: constants.AuditAdminAuthzResourceUpdatedEvent, + ActorType: constants.AuditActorTypeAdmin, + ResourceType: constants.AuditResourceTypeAuthzResource, + ResourceID: resource.ID, + IPAddress: utils.GetIP(gc.Request), + UserAgent: utils.GetUserAgent(gc.Request), + }) + + return resource.AsAPIResource(), nil +} diff --git a/internal/graphql/update_scope.go b/internal/graphql/update_scope.go new file mode 100644 index 00000000..0f6550e1 --- /dev/null +++ b/internal/graphql/update_scope.go @@ -0,0 +1,76 @@ +package graphql + +import ( + "context" + "fmt" + "strings" + "unicode" + + "github.com/authorizerdev/authorizer/internal/audit" + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/utils" +) + +// UpdateScope is the method to update an existing authorization scope. +// Permissions: authorizer:admin +func (g *graphqlProvider) UpdateScope(ctx context.Context, params *model.UpdateScopeInput) (*model.AuthzScope, error) { + log := g.Log.With().Str("func", "UpdateScope").Logger() + gc, err := utils.GinContextFromContext(ctx) + if err != nil { + log.Debug().Err(err).Msg("Failed to get GinContext") + return nil, err + } + if !g.TokenProvider.IsSuperAdmin(gc) { + log.Debug().Msg("Not logged in as super admin") + return nil, fmt.Errorf("unauthorized") + } + + if strings.TrimSpace(params.ID) == "" { + return nil, fmt.Errorf("scope ID is required") + } + + scope, err := g.StorageProvider.GetScopeByID(ctx, params.ID) + if err != nil { + log.Debug().Err(err).Msg("Failed to get scope by ID") + return nil, err + } + + if params.Name != nil { + name := strings.TrimSpace(*params.Name) + if name == "" { + return nil, fmt.Errorf("scope name cannot be empty") + } + if len(name) > constants.MaxAuthzIdentifierLength { + return nil, fmt.Errorf("invalid name: must be %d characters or fewer", constants.MaxAuthzIdentifierLength) + } + for _, r := range name { + if !unicode.IsLetter(r) && !unicode.IsDigit(r) && r != '-' && r != '_' { + return nil, fmt.Errorf("invalid name: must contain only letters, digits, hyphens, and underscores") + } + } + scope.Name = name + } + if params.Description != nil { + scope.Description = *params.Description + } + + scope, err = g.StorageProvider.UpdateScope(ctx, scope) + if err != nil { + log.Debug().Err(err).Msg("Failed to update scope") + return nil, err + } + + g.AuthorizationProvider.InvalidateCache(context.Background(), "authz:") + + g.AuditProvider.LogEvent(audit.Event{ + Action: constants.AuditAdminAuthzScopeUpdatedEvent, + ActorType: constants.AuditActorTypeAdmin, + ResourceType: constants.AuditResourceTypeAuthzScope, + ResourceID: scope.ID, + IPAddress: utils.GetIP(gc.Request), + UserAgent: utils.GetUserAgent(gc.Request), + }) + + return scope.AsAPIScope(), nil +} diff --git a/internal/graphql/validate_jwt_token.go b/internal/graphql/validate_jwt_token.go index 3e1eb468..8b17ff50 100644 --- a/internal/graphql/validate_jwt_token.go +++ b/internal/graphql/validate_jwt_token.go @@ -9,6 +9,7 @@ import ( "github.com/authorizerdev/authorizer/internal/constants" "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/metrics" "github.com/authorizerdev/authorizer/internal/parsers" "github.com/authorizerdev/authorizer/internal/storage/schemas" "github.com/authorizerdev/authorizer/internal/token" @@ -99,9 +100,15 @@ func (g *graphqlProvider) ValidateJWTToken(ctx context.Context, params *model.Va } } - claimKey := g.Config.JWTRoleClaim - claimRolesInterface := claims[claimKey] + // Read roles from the configured claim key (used for id_token), falling + // back to the hardcoded "roles" claim that CreateAccessToken emits. This + // avoids a missing-roles principal when JWTRoleClaim is the default + // "role" (singular) but the token is an access_token (plural "roles"). + claimRolesInterface := claims[g.Config.JWTRoleClaim] roleSlice := utils.ConvertInterfaceToSlice(claimRolesInterface) + if len(roleSlice) == 0 { + roleSlice = utils.ConvertInterfaceToSlice(claims["roles"]) + } for _, v := range roleSlice { roleStr, ok := v.(string) if !ok || roleStr == "" { @@ -119,6 +126,9 @@ func (g *graphqlProvider) ValidateJWTToken(ctx context.Context, params *model.Va } } } + if err := g.enforceRequiredPermissions(ctx, log, metrics.RequiredPermissionsEndpointValidateJWTToken, userID, claimRoles, params.RequiredPermissions); err != nil { + return nil, err + } return &model.ValidateJWTTokenResponse{ IsValid: true, Claims: claims, diff --git a/internal/graphql/validate_session.go b/internal/graphql/validate_session.go index b3afe7d4..f5686cad 100644 --- a/internal/graphql/validate_session.go +++ b/internal/graphql/validate_session.go @@ -7,6 +7,7 @@ import ( "github.com/authorizerdev/authorizer/internal/cookie" "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/metrics" "github.com/authorizerdev/authorizer/internal/utils" ) @@ -60,6 +61,11 @@ func (g *graphqlProvider) ValidateSession(ctx context.Context, params *model.Val } } } + if params != nil { + if err := g.enforceRequiredPermissions(ctx, log, metrics.RequiredPermissionsEndpointValidateSession, user.ID, claimRoles, params.RequiredPermissions); err != nil { + return nil, err + } + } return &model.ValidateSessionResponse{ IsValid: true, User: user.AsAPIUser(), diff --git a/internal/http_handlers/app.go b/internal/http_handlers/app.go index 675d8625..1f4e1510 100644 --- a/internal/http_handlers/app.go +++ b/internal/http_handlers/app.go @@ -60,6 +60,9 @@ func (h *httpProvider) AppHandler() gin.HandlerFunc { orgName := h.Config.OrganizationName orgLogo := h.Config.OrganizationLogo + // Always revalidate the SPA shell so cached pointers to obsolete + // content-hashed chunks don't survive a deploy. + c.Header("Cache-Control", "no-cache, must-revalidate") c.HTML(http.StatusOK, "app.tmpl", gin.H{ "data": map[string]interface{}{ "authorizerURL": hostname, diff --git a/internal/http_handlers/dashboard.go b/internal/http_handlers/dashboard.go index b05cecb5..ecebe43e 100644 --- a/internal/http_handlers/dashboard.go +++ b/internal/http_handlers/dashboard.go @@ -6,10 +6,15 @@ import ( "github.com/gin-gonic/gin" ) -// DashboardHandler is the handler for the /dashboard route +// DashboardHandler is the handler for the /dashboard route. +// +// The shell HTML is the entry point that references the (content-hashed) +// SPA bundle. We send Cache-Control: no-cache so browsers always revalidate +// — otherwise after a deploy users may hold a cached shell that points at +// chunks the new build no longer publishes, breaking the app. func (h *httpProvider) DashboardHandler() gin.HandlerFunc { return func(c *gin.Context) { - + c.Header("Cache-Control", "no-cache, must-revalidate") c.HTML(http.StatusOK, "dashboard.tmpl", gin.H{ "data": map[string]interface{}{ "isOnboardingCompleted": true, diff --git a/internal/http_handlers/graphql.go b/internal/http_handlers/graphql.go index 92375ac8..ad6e5e97 100644 --- a/internal/http_handlers/graphql.go +++ b/internal/http_handlers/graphql.go @@ -43,7 +43,7 @@ type queryLimits struct { } var ( - _ gql.HandlerExtension = (*queryLimits)(nil) + _ gql.HandlerExtension = (*queryLimits)(nil) _ gql.OperationContextMutator = (*queryLimits)(nil) ) @@ -218,6 +218,7 @@ func (h *httpProvider) GraphqlHandler() gin.HandlerFunc { SMSProvider: h.SMSProvider, StorageProvider: h.StorageProvider, TokenProvider: h.TokenProvider, + AuthorizationProvider: h.AuthorizationProvider, }) if err != nil { h.Log.Error().Err(err).Msg("Failed to create graphql provider") diff --git a/internal/http_handlers/oauth_authorize_state_test.go b/internal/http_handlers/oauth_authorize_state_test.go index ea6f4088..8d1db8e9 100644 --- a/internal/http_handlers/oauth_authorize_state_test.go +++ b/internal/http_handlers/oauth_authorize_state_test.go @@ -236,3 +236,8 @@ func (f *fakeMemoryStore) GetAndRemoveState(key string) (string, error) { return val, nil } func (f *fakeMemoryStore) GetAllData() (map[string]string, error) { return map[string]string{}, nil } +func (f *fakeMemoryStore) SetCache(key string, value string, ttlSeconds int64) error { + return nil +} +func (f *fakeMemoryStore) GetCache(key string) (string, error) { return "", nil } +func (f *fakeMemoryStore) DeleteCacheByPrefix(prefix string) error { return nil } diff --git a/internal/http_handlers/provider.go b/internal/http_handlers/provider.go index 0afadbdf..966c2c3c 100644 --- a/internal/http_handlers/provider.go +++ b/internal/http_handlers/provider.go @@ -6,6 +6,7 @@ import ( "github.com/authorizerdev/authorizer/internal/audit" "github.com/authorizerdev/authorizer/internal/authenticators" + "github.com/authorizerdev/authorizer/internal/authorization" "github.com/authorizerdev/authorizer/internal/config" "github.com/authorizerdev/authorizer/internal/email" "github.com/authorizerdev/authorizer/internal/events" @@ -42,6 +43,8 @@ type Dependencies struct { OAuthProvider oauth.Provider // RateLimitProvider is used for per-IP rate limiting RateLimitProvider rate_limit.Provider + // AuthorizationProvider is used for fine-grained authorization checks + AuthorizationProvider authorization.Provider } // New constructs a new http provider with given arguments diff --git a/internal/http_handlers/security_headers.go b/internal/http_handlers/security_headers.go index a5c3ec51..ef091828 100644 --- a/internal/http_handlers/security_headers.go +++ b/internal/http_handlers/security_headers.go @@ -18,6 +18,19 @@ const defaultCSP = "default-src 'self'; " + "base-uri 'self'; " + "form-action 'self'" +// playgroundCSP relaxes script/style/font sources for the embedded GraphQL +// playground, which loads React + GraphiQL bundles from jsdelivr at runtime. +// Scoped to /playground only — the rest of the app keeps defaultCSP. +const playgroundCSP = "default-src 'self'; " + + "script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; " + + "style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; " + + "img-src 'self' data: https:; " + + "font-src 'self' data: https://cdn.jsdelivr.net; " + + "connect-src 'self'; " + + "frame-ancestors 'none'; " + + "base-uri 'self'; " + + "form-action 'self'" + // SecurityHeadersMiddleware sets standard security headers on every response. func (h *httpProvider) SecurityHeadersMiddleware() gin.HandlerFunc { return func(c *gin.Context) { @@ -37,7 +50,11 @@ func (h *httpProvider) SecurityHeadersMiddleware() gin.HandlerFunc { // CSP is on by default; disable via --disable-csp if it breaks a // dashboard in the wild while we tighten the policy. if !h.Config.DisableCSP { - hdr.Set("Content-Security-Policy", defaultCSP) + csp := defaultCSP + if c.Request.URL.Path == "/playground" { + csp = playgroundCSP + } + hdr.Set("Content-Security-Policy", csp) } c.Next() diff --git a/internal/integration_tests/authorization_test.go b/internal/integration_tests/authorization_test.go new file mode 100644 index 00000000..dfdb7a3a --- /dev/null +++ b/internal/integration_tests/authorization_test.go @@ -0,0 +1,1114 @@ +package integration_tests + +import ( + "context" + "fmt" + "testing" + + "github.com/authorizerdev/authorizer/internal/authorization" + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/crypto" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/metrics" + "github.com/authorizerdev/authorizer/internal/refs" + "github.com/authorizerdev/authorizer/internal/storage/schemas" + "github.com/google/uuid" + "github.com/prometheus/client_golang/prometheus/testutil" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestAuthorizationCRUD tests the fine-grained authorization CRUD operations +// and permission checking. +func TestAuthorizationCRUD(t *testing.T) { + cfg := getTestConfig() + ts := initTestSetup(t, cfg) + req, ctx := createContext(ts) + + // Set admin auth cookie for admin operations + adminHash, err := crypto.EncryptPassword(cfg.AdminSecret) + require.NoError(t, err) + req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, adminHash)) + + // IDs collected across subtests + var resourceID string + var scopeID string + var policyID string + var permissionID string + + t.Run("should add resource", func(t *testing.T) { + res, err := ts.GraphQLProvider.AddResource(ctx, &model.AddResourceInput{ + Name: "documents", + Description: refs.NewStringRef("Document resource for testing"), + }) + require.NoError(t, err) + require.NotNil(t, res) + assert.NotEmpty(t, res.ID) + assert.Equal(t, "documents", res.Name) + assert.NotNil(t, res.Description) + assert.Equal(t, "Document resource for testing", *res.Description) + resourceID = res.ID + }) + + t.Run("should add scope", func(t *testing.T) { + res, err := ts.GraphQLProvider.AddScope(ctx, &model.AddScopeInput{ + Name: "read", + Description: refs.NewStringRef("Read access scope"), + }) + require.NoError(t, err) + require.NotNil(t, res) + assert.NotEmpty(t, res.ID) + assert.Equal(t, "read", res.Name) + scopeID = res.ID + }) + + t.Run("should add policy", func(t *testing.T) { + res, err := ts.GraphQLProvider.AddPolicy(ctx, &model.AddPolicyInput{ + Name: "user-role-policy", + Description: refs.NewStringRef("Policy for user role"), + Type: "role", + Targets: []*model.PolicyTargetInput{ + { + TargetType: "role", + TargetValue: "user", + }, + }, + }) + require.NoError(t, err) + require.NotNil(t, res) + assert.NotEmpty(t, res.ID) + assert.Equal(t, "user-role-policy", res.Name) + assert.Equal(t, "role", res.Type) + assert.Equal(t, "positive", res.Logic) + assert.Equal(t, "affirmative", res.DecisionStrategy) + require.Len(t, res.Targets, 1) + assert.Equal(t, "role", res.Targets[0].TargetType) + assert.Equal(t, "user", res.Targets[0].TargetValue) + policyID = res.ID + }) + + t.Run("should add permission", func(t *testing.T) { + require.NotEmpty(t, resourceID, "resourceID must be set from prior subtest") + require.NotEmpty(t, scopeID, "scopeID must be set from prior subtest") + require.NotEmpty(t, policyID, "policyID must be set from prior subtest") + + res, err := ts.GraphQLProvider.AddPermission(ctx, &model.AddPermissionInput{ + Name: "documents-read", + ResourceID: resourceID, + ScopeIds: []string{scopeID}, + PolicyIds: []string{policyID}, + }) + require.NoError(t, err) + require.NotNil(t, res) + assert.NotEmpty(t, res.ID) + assert.Equal(t, "documents-read", res.Name) + assert.Equal(t, "affirmative", res.DecisionStrategy) + require.NotNil(t, res.Resource) + assert.Equal(t, resourceID, res.Resource.ID) + require.Len(t, res.Scopes, 1) + assert.Equal(t, scopeID, res.Scopes[0].ID) + require.Len(t, res.Policies, 1) + assert.Equal(t, policyID, res.Policies[0].ID) + permissionID = res.ID + }) + + t.Run("should list resources", func(t *testing.T) { + res, err := ts.GraphQLProvider.Resources(ctx, &model.PaginatedRequest{}) + require.NoError(t, err) + require.NotNil(t, res) + assert.GreaterOrEqual(t, len(res.Resources), 1) + assert.NotNil(t, res.Pagination) + + found := false + for _, r := range res.Resources { + if r.ID == resourceID { + found = true + assert.Equal(t, "documents", r.Name) + break + } + } + assert.True(t, found, "expected resource not found in list") + }) + + t.Run("should list scopes", func(t *testing.T) { + res, err := ts.GraphQLProvider.Scopes(ctx, &model.PaginatedRequest{}) + require.NoError(t, err) + require.NotNil(t, res) + assert.GreaterOrEqual(t, len(res.Scopes), 1) + }) + + t.Run("should list policies", func(t *testing.T) { + res, err := ts.GraphQLProvider.Policies(ctx, &model.PaginatedRequest{}) + require.NoError(t, err) + require.NotNil(t, res) + assert.GreaterOrEqual(t, len(res.Policies), 1) + }) + + t.Run("should list permissions", func(t *testing.T) { + res, err := ts.GraphQLProvider.Permissions(ctx, &model.PaginatedRequest{}) + require.NoError(t, err) + require.NotNil(t, res) + assert.GreaterOrEqual(t, len(res.Permissions), 1) + }) + + t.Run("should update resource", func(t *testing.T) { + require.NotEmpty(t, resourceID) + newName := "documents-updated" + res, err := ts.GraphQLProvider.UpdateResource(ctx, &model.UpdateResourceInput{ + ID: resourceID, + Name: &newName, + Description: refs.NewStringRef("Updated description"), + }) + require.NoError(t, err) + require.NotNil(t, res) + assert.Equal(t, resourceID, res.ID) + assert.Equal(t, "documents-updated", res.Name) + assert.Equal(t, "Updated description", *res.Description) + + // Revert name for subsequent tests that reference "documents" by ID + origName := "documents" + _, err = ts.GraphQLProvider.UpdateResource(ctx, &model.UpdateResourceInput{ + ID: resourceID, + Name: &origName, + }) + require.NoError(t, err) + }) + + t.Run("should check permission granted by role", func(t *testing.T) { + res, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: uuid.New().String(), + Type: constants.PrincipalTypeUser, + Roles: []string{"user"}, + }, "documents", "read") + require.NoError(t, err) + require.NotNil(t, res) + assert.True(t, res.Allowed, "principal with 'user' role should have read access to documents") + }) + + t.Run("should check permission denied for wrong role", func(t *testing.T) { + // Add an admin-only policy + a "write" scope + a permission requiring + // the "admin" role for "write" on documents. + adminPolicy, err := ts.GraphQLProvider.AddPolicy(ctx, &model.AddPolicyInput{ + Name: "admin-only-policy", + Type: "role", + Targets: []*model.PolicyTargetInput{ + { + TargetType: "role", + TargetValue: "admin", + }, + }, + }) + require.NoError(t, err) + + writeScope, err := ts.GraphQLProvider.AddScope(ctx, &model.AddScopeInput{ + Name: "write", + }) + require.NoError(t, err) + + _, err = ts.GraphQLProvider.AddPermission(ctx, &model.AddPermissionInput{ + Name: "documents-write", + ResourceID: resourceID, + ScopeIds: []string{writeScope.ID}, + PolicyIds: []string{adminPolicy.ID}, + }) + require.NoError(t, err) + + res, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: uuid.New().String(), + Type: constants.PrincipalTypeUser, + Roles: []string{"user"}, + }, "documents", "write") + require.NoError(t, err) + require.NotNil(t, res) + assert.False(t, res.Allowed, "principal with 'user' role should NOT have write access requiring 'admin' role") + }) + + // Re-set admin cookie for remaining admin operations + t.Run("should delete permission", func(t *testing.T) { + req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, adminHash)) + require.NotEmpty(t, permissionID) + + res, err := ts.GraphQLProvider.DeletePermission(ctx, permissionID) + require.NoError(t, err) + require.NotNil(t, res) + assert.Contains(t, res.Message, "deleted") + }) + + t.Run("should delete resource blocked by permission", func(t *testing.T) { + // The "documents-write" permission still references this resource, + // so delete should fail. + _, err := ts.GraphQLProvider.DeleteResource(ctx, resourceID) + assert.Error(t, err) + assert.Contains(t, err.Error(), "permission") + }) + + t.Run("should delete scope blocked by permission", func(t *testing.T) { + // The "write" scope is referenced by "documents-write" permission. + // Find the write scope ID from the scopes list. + scopes, err := ts.GraphQLProvider.Scopes(ctx, &model.PaginatedRequest{}) + require.NoError(t, err) + var writeScopeID string + for _, s := range scopes.Scopes { + if s.Name == "write" { + writeScopeID = s.ID + break + } + } + require.NotEmpty(t, writeScopeID, "write scope must exist") + + _, err = ts.GraphQLProvider.DeleteScope(ctx, writeScopeID) + assert.Error(t, err) + assert.Contains(t, err.Error(), "permission") + }) + + t.Run("should delete policy blocked by permission", func(t *testing.T) { + // The "admin-only-policy" is referenced by "documents-write" permission. + policies, err := ts.GraphQLProvider.Policies(ctx, &model.PaginatedRequest{}) + require.NoError(t, err) + var adminPolicyID string + for _, p := range policies.Policies { + if p.Name == "admin-only-policy" { + adminPolicyID = p.ID + break + } + } + require.NotEmpty(t, adminPolicyID, "admin-only-policy must exist") + + _, err = ts.GraphQLProvider.DeletePolicy(ctx, adminPolicyID) + assert.Error(t, err) + assert.Contains(t, err.Error(), "permission") + }) + + // Cleanup: delete the remaining permission first, then the rest + t.Run("cleanup should delete remaining permission then resources", func(t *testing.T) { + // Find and delete the "documents-write" permission + perms, err := ts.GraphQLProvider.Permissions(ctx, &model.PaginatedRequest{}) + require.NoError(t, err) + + for _, p := range perms.Permissions { + if p.Name == "documents-write" { + res, err := ts.GraphQLProvider.DeletePermission(ctx, p.ID) + require.NoError(t, err) + assert.Contains(t, res.Message, "deleted") + break + } + } + + // Now resource, scope, and policy should be deletable + res, err := ts.GraphQLProvider.DeleteResource(ctx, resourceID) + require.NoError(t, err) + assert.Contains(t, res.Message, "deleted") + + res, err = ts.GraphQLProvider.DeleteScope(ctx, scopeID) + require.NoError(t, err) + assert.Contains(t, res.Message, "deleted") + + res, err = ts.GraphQLProvider.DeletePolicy(ctx, policyID) + require.NoError(t, err) + assert.Contains(t, res.Message, "deleted") + }) +} + +// TestCheckPermission_NoPermissions_Denies verifies that a check for a +// (resource, scope) pair with no matching permission is denied. +func TestCheckPermission_NoPermissions_Denies(t *testing.T) { + ts := initTestSetup(t, getTestConfig()) + _, ctx := createContext(ts) + + result, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-1", + Type: constants.PrincipalTypeUser, + }, "orders", "read") + + require.NoError(t, err) + require.False(t, result.Allowed, "no matching permission must deny") +} + +// TestCheckPermission_ExplicitDenyPolicy_Denies verifies that once a +// permission exists for the (resource, scope) and attaches a negative-logic +// policy that matches the principal, the check is denied. +func TestCheckPermission_ExplicitDenyPolicy_Denies(t *testing.T) { + ts := initTestSetup(t, getTestConfig()) + req, ctx := createContext(ts) + + // Authenticate as admin for seeding operations. + adminHash, err := crypto.EncryptPassword(ts.Config.AdminSecret) + require.NoError(t, err) + req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, adminHash)) + + // Seed resource + scope + permission + negative role policy targeting "blocked-role". + seedResourceScopePermissionWithDenyPolicy(t, ts, ctx, "orders", "read", "blocked-role") + + // Clear admin cookie — CheckPermission here is a direct provider call; no auth context needed. + req.Header.Del("Cookie") + + result, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-1", + Type: constants.PrincipalTypeUser, + Roles: []string{"blocked-role"}, + }, "orders", "read") + + require.NoError(t, err) + require.False(t, result.Allowed, "explicit deny must apply even in permissive mode") +} + +func TestCheckPermission_ExplicitDenyOverridesAffirmativeGrant(t *testing.T) { + ts := initTestSetup(t, getTestConfig()) + req, ctx := createContext(ts) + + adminHash, err := crypto.EncryptPassword(ts.Config.AdminSecret) + require.NoError(t, err) + req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, adminHash)) + + res, err := ts.GraphQLProvider.AddResource(ctx, &model.AddResourceInput{Name: "deny-override-docs"}) + require.NoError(t, err) + sc, err := ts.GraphQLProvider.AddScope(ctx, &model.AddScopeInput{Name: "read-deny-override"}) + require.NoError(t, err) + + positive := constants.PolicyLogicPositive + grantPolicy, err := ts.GraphQLProvider.AddPolicy(ctx, &model.AddPolicyInput{ + Name: "grant-user-" + uuid.New().String(), + Type: constants.PolicyTypeRole, + Logic: &positive, + Targets: []*model.PolicyTargetInput{{ + TargetType: constants.TargetTypeRole, + TargetValue: "user", + }}, + }) + require.NoError(t, err) + + negative := constants.PolicyLogicNegative + denyPolicy, err := ts.GraphQLProvider.AddPolicy(ctx, &model.AddPolicyInput{ + Name: "deny-blocked-" + uuid.New().String(), + Type: constants.PolicyTypeRole, + Logic: &negative, + Targets: []*model.PolicyTargetInput{{ + TargetType: constants.TargetTypeRole, + TargetValue: "blocked-role", + }}, + }) + require.NoError(t, err) + + _, err = ts.GraphQLProvider.AddPermission(ctx, &model.AddPermissionInput{ + Name: "deny-override-permission-" + uuid.New().String(), + ResourceID: res.ID, + ScopeIds: []string{sc.ID}, + PolicyIds: []string{grantPolicy.ID, denyPolicy.ID}, + }) + require.NoError(t, err) + + result, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-1", + Type: constants.PrincipalTypeUser, + Roles: []string{"user", "blocked-role"}, + }, "deny-override-docs", "read-deny-override") + require.NoError(t, err) + require.False(t, result.Allowed, "matching negative policy must override an affirmative grant") + + result, err = ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-2", + Type: constants.PrincipalTypeUser, + Roles: []string{"user"}, + }, "deny-override-docs", "read-deny-override") + require.NoError(t, err) + require.True(t, result.Allowed, "non-matching negative policy must not block a positive grant") + + result, err = ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-3", + Type: constants.PrincipalTypeUser, + Roles: []string{"other-role"}, + }, "deny-override-docs", "read-deny-override") + require.NoError(t, err) + require.False(t, result.Allowed, "non-matching negative policy must not grant access by itself") +} + +func TestCheckPermission_CacheKeyIncludesRoles(t *testing.T) { + ts := initTestSetup(t, getTestConfig()) + req, ctx := createContext(ts) + + adminHash, err := crypto.EncryptPassword(ts.Config.AdminSecret) + require.NoError(t, err) + req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, adminHash)) + + seedResourceScopePermissionWithPositivePolicy(t, ts, ctx, "cached-docs", "read", "viewer") + + result, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-1", + Type: constants.PrincipalTypeUser, + Roles: []string{"viewer"}, + }, "cached-docs", "read") + require.NoError(t, err) + require.True(t, result.Allowed) + + result, err = ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-1", + Type: constants.PrincipalTypeUser, + }, "cached-docs", "read") + require.NoError(t, err) + require.False(t, result.Allowed, "cached allow for viewer role must not apply to the same user without that role") +} + +func TestUpdatePermission_InvalidScopeDoesNotDropExistingLinks(t *testing.T) { + ts := initTestSetup(t, getTestConfig()) + req, ctx := createContext(ts) + + adminHash, err := crypto.EncryptPassword(ts.Config.AdminSecret) + require.NoError(t, err) + req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, adminHash)) + + res, err := ts.GraphQLProvider.AddResource(ctx, &model.AddResourceInput{Name: "update-safe-docs"}) + require.NoError(t, err) + sc, err := ts.GraphQLProvider.AddScope(ctx, &model.AddScopeInput{Name: "update-safe-read"}) + require.NoError(t, err) + policy, err := ts.GraphQLProvider.AddPolicy(ctx, &model.AddPolicyInput{ + Name: "update-safe-policy-" + uuid.New().String(), + Type: constants.PolicyTypeRole, + Targets: []*model.PolicyTargetInput{{ + TargetType: constants.TargetTypeRole, + TargetValue: "viewer", + }}, + }) + require.NoError(t, err) + perm, err := ts.GraphQLProvider.AddPermission(ctx, &model.AddPermissionInput{ + Name: "update-safe-permission-" + uuid.New().String(), + ResourceID: res.ID, + ScopeIds: []string{sc.ID}, + PolicyIds: []string{policy.ID}, + }) + require.NoError(t, err) + + // Capture pre-failure state. Field-level rollback is part of the contract: + // a failed update must leave Name, Description, and DecisionStrategy + // untouched on the persisted permission row. + origPerm, err := ts.StorageProvider.GetPermissionByID(ctx, perm.ID) + require.NoError(t, err) + origName := origPerm.Name + origDescription := origPerm.Description + origDecision := origPerm.DecisionStrategy + + newName := "should-not-be-applied" + newDescription := "should-not-be-applied-description" + newDecision := constants.DecisionStrategyUnanimous + _, err = ts.GraphQLProvider.UpdatePermission(ctx, &model.UpdatePermissionInput{ + ID: perm.ID, + Name: &newName, + Description: &newDescription, + DecisionStrategy: &newDecision, + ScopeIds: []string{"missing-scope-id"}, + }) + require.Error(t, err) + + scopes, err := ts.StorageProvider.GetPermissionScopes(ctx, perm.ID) + require.NoError(t, err) + require.Len(t, scopes, 1) + require.Equal(t, sc.ID, scopes[0].ScopeID) + + // Verify field changes were rolled back. The persisted row must still hold + // the original values; the attempted update must have written nothing. + after, err := ts.StorageProvider.GetPermissionByID(ctx, perm.ID) + require.NoError(t, err) + require.Equal(t, origName, after.Name, "name must not change when update fails") + require.Equal(t, origDescription, after.Description, "description must not change when update fails") + require.Equal(t, origDecision, after.DecisionStrategy, "decision strategy must not change when update fails") + + result, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-1", + Type: constants.PrincipalTypeUser, + Roles: []string{"viewer"}, + }, "update-safe-docs", "update-safe-read") + require.NoError(t, err) + require.True(t, result.Allowed, "failed update must not remove existing permission scope") +} + +func TestAddPermission_DuplicateNameReturnsConflict(t *testing.T) { + ts := initTestSetup(t, getTestConfig()) + req, ctx := createContext(ts) + + adminHash, err := crypto.EncryptPassword(ts.Config.AdminSecret) + require.NoError(t, err) + req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, adminHash)) + + res, err := ts.GraphQLProvider.AddResource(ctx, &model.AddResourceInput{Name: "duplicate-docs"}) + require.NoError(t, err) + sc, err := ts.GraphQLProvider.AddScope(ctx, &model.AddScopeInput{Name: "duplicate-read"}) + require.NoError(t, err) + policy, err := ts.GraphQLProvider.AddPolicy(ctx, &model.AddPolicyInput{ + Name: "duplicate-policy-" + uuid.New().String(), + Type: constants.PolicyTypeRole, + Targets: []*model.PolicyTargetInput{{ + TargetType: constants.TargetTypeRole, + TargetValue: "viewer", + }}, + }) + require.NoError(t, err) + + input := &model.AddPermissionInput{ + Name: "duplicate-permission", + ResourceID: res.ID, + ScopeIds: []string{sc.ID}, + PolicyIds: []string{policy.ID}, + } + _, err = ts.GraphQLProvider.AddPermission(ctx, input) + require.NoError(t, err) + + // The exact error wording is provider-specific (SQL emits "already exists", + // while NoSQL backends surface their native duplicate-key errors). Only the + // presence of an error is contractual. + _, err = ts.GraphQLProvider.AddPermission(ctx, input) + require.Error(t, err, "duplicate permission name must surface as an error from any storage backend") +} + +// TestCheckPermission_IncrementsPrometheusCounters verifies that an unmatched +// check increments metrics.AuthzUnmatchedTotal by exactly one. The +// (resource, scope) pair MUST be registered first so that the "known but no +// matching permission" path is exercised — unknown identifiers intentionally +// do not bump the counter (DoS guard). +func TestCheckPermission_IncrementsPrometheusCounters(t *testing.T) { + ts := initTestSetup(t, getTestConfig()) + _, ctx := createContext(ts) + + // Seed resource + scope directly via storage (no permission). This makes + // validateResourceExists / validateScopeExists return known=true, so the + // subsequent CheckPermission lands on the "known, no permission" path + // that DOES bump counters. + seedKnownResourceScopeNoPermission(t, ts, ctx, "orders", "read") + + before := testutil.ToFloat64(metrics.AuthzUnmatchedTotal) + + _, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-1", + Type: constants.PrincipalTypeUser, + }, "orders", "read") + require.NoError(t, err) + + after := testutil.ToFloat64(metrics.AuthzUnmatchedTotal) + require.Equal(t, before+1, after, "unmatched counter must increment once per unmatched check") +} + +// TestCheckPermission_UnknownResource_DeniesAndDoesNotBumpUnmatchedCounter +// verifies the DoS guard: unknown (resource, scope) pairs are denied +// (enforcing is the only mode), and the unmatched counter must NOT grow for +// attacker-controlled input. Authenticated callers can still reach +// CheckPermission with arbitrary identifiers via GraphQL (myPermissions / +// required_permissions) — without this guard they could flood the in-process +// sync.Map with arbitrary (resource, scope) pairs. +func TestCheckPermission_UnknownResource_DeniesAndDoesNotBumpUnmatchedCounter(t *testing.T) { + ts := initTestSetup(t, getTestConfig()) + _, ctx := createContext(ts) + + before := testutil.ToFloat64(metrics.AuthzUnmatchedTotal) + + result, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-1", Type: constants.PrincipalTypeUser, + }, "unknown-resource", "unknown-scope") + + require.NoError(t, err) + require.False(t, result.Allowed, "unknown resource is always denied (enforcing-only)") + + after := testutil.ToFloat64(metrics.AuthzUnmatchedTotal) + require.Equal(t, before, after, "unknown-resource calls must NOT bump the unmatched counter (DoS guard)") +} + +// seedKnownResourceScopeNoPermission inserts a Resource and Scope row via the +// storage provider without attaching a Permission. This is the minimal seed +// needed to exercise the "known (resource, scope), no matching permission" +// path in CheckPermission after Fix B/C. +func seedKnownResourceScopeNoPermission(t *testing.T, ts *testSetup, _ context.Context, resource, scope string) { + t.Helper() + _, err := ts.StorageProvider.AddResource(context.Background(), &schemas.Resource{ + Name: resource, + Description: "seed (no permission) resource", + }) + require.NoError(t, err) + _, err = ts.StorageProvider.AddScope(context.Background(), &schemas.Scope{ + Name: scope, + Description: "seed (no permission) scope", + }) + require.NoError(t, err) +} + +// seedResourceScopePermissionWithDenyPolicy seeds a resource, scope, a +// negative-logic role policy targeting the given role, and a permission that +// links them. It uses the GraphQL provider (mirroring TestAuthorizationCRUD), +// so the caller must have already authenticated as admin on the request +// attached to ts.GinContext. +func seedResourceScopePermissionWithDenyPolicy( + t *testing.T, + ts *testSetup, + ctx context.Context, + resource, scope, role string, +) { + t.Helper() + + res, err := ts.GraphQLProvider.AddResource(ctx, &model.AddResourceInput{ + Name: resource, + Description: refs.NewStringRef("seed resource"), + }) + require.NoError(t, err) + require.NotNil(t, res) + + sc, err := ts.GraphQLProvider.AddScope(ctx, &model.AddScopeInput{ + Name: scope, + Description: refs.NewStringRef("seed scope"), + }) + require.NoError(t, err) + require.NotNil(t, sc) + + negative := constants.PolicyLogicNegative + policy, err := ts.GraphQLProvider.AddPolicy(ctx, &model.AddPolicyInput{ + Name: "deny-" + role + "-" + uuid.New().String(), + Description: refs.NewStringRef("seed deny policy"), + Type: constants.PolicyTypeRole, + Logic: &negative, + Targets: []*model.PolicyTargetInput{ + { + TargetType: constants.TargetTypeRole, + TargetValue: role, + }, + }, + }) + require.NoError(t, err) + require.NotNil(t, policy) + require.Equal(t, constants.PolicyLogicNegative, policy.Logic, "policy must be stored as negative") + + perm, err := ts.GraphQLProvider.AddPermission(ctx, &model.AddPermissionInput{ + Name: resource + "-" + scope, + ResourceID: res.ID, + ScopeIds: []string{sc.ID}, + PolicyIds: []string{policy.ID}, + }) + require.NoError(t, err) + require.NotNil(t, perm) +} + +// TestCheckPermission_ResultLabels_IncrementCorrectCounter covers the result +// labels on authorizer_authz_checks_total: allowed, denied, unmatched, and +// error. Each subtest builds the exact shape needed to land on one terminal +// path in CheckPermission and asserts that exactly one increment is recorded +// on the matching counter series. +// Co-located with the authz tests because it shares their fixtures. +func TestCheckPermission_ResultLabels_IncrementCorrectCounter(t *testing.T) { + t.Run("allowed", func(t *testing.T) { + ts := initTestSetup(t, getTestConfig()) + req, ctx := createContext(ts) + adminHash, err := crypto.EncryptPassword(ts.Config.AdminSecret) + require.NoError(t, err) + req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, adminHash)) + + // Seed a granting role policy + permission for (orders, read) and a + // user principal with the "user" role so the affirmative grant fires. + seedResourceScopePermissionAllowingRole(t, ts, ctx, "orders", "read", "user") + + before := testutil.ToFloat64(metrics.AuthzChecksTotal.WithLabelValues(metrics.AuthzResultAllowed)) + + res, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-allowed", Type: constants.PrincipalTypeUser, Roles: []string{"user"}, + }, "orders", "read") + require.NoError(t, err) + require.True(t, res.Allowed) + + after := testutil.ToFloat64(metrics.AuthzChecksTotal.WithLabelValues(metrics.AuthzResultAllowed)) + require.Equal(t, before+1, after, "allowed counter must increment once") + }) + + t.Run("denied", func(t *testing.T) { + ts := initTestSetup(t, getTestConfig()) + req, ctx := createContext(ts) + adminHash, err := crypto.EncryptPassword(ts.Config.AdminSecret) + require.NoError(t, err) + req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, adminHash)) + + // Negative-logic policy targeting "user" — any principal with that + // role is explicitly denied on (orders, read). + seedResourceScopePermissionWithDenyPolicy(t, ts, ctx, "orders", "read", "user") + + before := testutil.ToFloat64(metrics.AuthzChecksTotal.WithLabelValues(metrics.AuthzResultDenied)) + + res, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-denied", Type: constants.PrincipalTypeUser, Roles: []string{"user"}, + }, "orders", "read") + require.NoError(t, err) + require.False(t, res.Allowed) + + after := testutil.ToFloat64(metrics.AuthzChecksTotal.WithLabelValues(metrics.AuthzResultDenied)) + require.Equal(t, before+1, after, "denied counter must increment once") + }) + + t.Run("unmatched", func(t *testing.T) { + ts := initTestSetup(t, getTestConfig()) + _, ctx := createContext(ts) + + // Known (resource, scope) with no permission row → denied, increments unmatched. + seedKnownResourceScopeNoPermission(t, ts, ctx, "orders", "read") + + before := testutil.ToFloat64(metrics.AuthzChecksTotal.WithLabelValues(metrics.AuthzResultUnmatched)) + + res, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-unmatched", Type: constants.PrincipalTypeUser, + }, "orders", "read") + require.NoError(t, err) + require.False(t, res.Allowed) + + after := testutil.ToFloat64(metrics.AuthzChecksTotal.WithLabelValues(metrics.AuthzResultUnmatched)) + require.Equal(t, before+1, after, "unmatched counter must increment once") + }) + + t.Run("error", func(t *testing.T) { + ts := initTestSetup(t, getTestConfig()) + _, ctx := createContext(ts) + + before := testutil.ToFloat64(metrics.AuthzChecksTotal.WithLabelValues(metrics.AuthzResultError)) + + // Invalid identifier — fails the input validation path which records + // AuthzResultError before any storage or cache lookup. + _, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-error", Type: constants.PrincipalTypeUser, + }, "bad resource with spaces", "read") + require.Error(t, err) + + after := testutil.ToFloat64(metrics.AuthzChecksTotal.WithLabelValues(metrics.AuthzResultError)) + require.Equal(t, before+1, after, "error counter must increment once") + }) +} + +// seedResourceScopePermissionAllowingRole seeds a resource + scope and an +// affirmative-logic role policy targeting `role`, then attaches a permission +// linking them. Mirrors seedResourceScopePermissionWithDenyPolicy but for the +// grant path. +func seedResourceScopePermissionAllowingRole( + t *testing.T, + ts *testSetup, + ctx context.Context, + resource, scope, role string, +) { + t.Helper() + + res, err := ts.GraphQLProvider.AddResource(ctx, &model.AddResourceInput{ + Name: resource, + Description: refs.NewStringRef("seed resource"), + }) + require.NoError(t, err) + + sc, err := ts.GraphQLProvider.AddScope(ctx, &model.AddScopeInput{ + Name: scope, + Description: refs.NewStringRef("seed scope"), + }) + require.NoError(t, err) + + pol, err := ts.GraphQLProvider.AddPolicy(ctx, &model.AddPolicyInput{ + Name: "allow-" + role + "-" + uuid.New().String()[:8], + Description: refs.NewStringRef("seed allow policy"), + Type: constants.PolicyTypeRole, + Logic: refs.NewStringRef(constants.PolicyLogicPositive), + Targets: []*model.PolicyTargetInput{ + {TargetType: constants.TargetTypeRole, TargetValue: role}, + }, + }) + require.NoError(t, err) + + perm, err := ts.GraphQLProvider.AddPermission(ctx, &model.AddPermissionInput{ + Name: "allow-" + resource + "-" + scope + "-" + uuid.New().String()[:8], + Description: refs.NewStringRef("seed allow permission"), + ResourceID: res.ID, + ScopeIds: []string{sc.ID}, + PolicyIds: []string{pol.ID}, + }) + require.NoError(t, err) + require.NotNil(t, perm) +} + +// seedResourceScopePermissionWithRolePolicy seeds a resource, scope, a +// role policy with the given logic targeting the given role, and a permission +// that links them. Shared implementation used by the positive- and +// negative-logic helpers. +func seedResourceScopePermissionWithRolePolicy( + t *testing.T, + ts *testSetup, + ctx context.Context, + resource, scope, role, logic string, +) { + t.Helper() + + res, err := ts.GraphQLProvider.AddResource(ctx, &model.AddResourceInput{ + Name: resource, + Description: refs.NewStringRef("seed resource"), + }) + require.NoError(t, err) + require.NotNil(t, res) + + sc, err := ts.GraphQLProvider.AddScope(ctx, &model.AddScopeInput{ + Name: scope, + Description: refs.NewStringRef("seed scope"), + }) + require.NoError(t, err) + require.NotNil(t, sc) + + logicRef := logic + policy, err := ts.GraphQLProvider.AddPolicy(ctx, &model.AddPolicyInput{ + Name: logic + "-" + role + "-" + uuid.New().String(), + Description: refs.NewStringRef("seed role policy"), + Type: constants.PolicyTypeRole, + Logic: &logicRef, + Targets: []*model.PolicyTargetInput{ + { + TargetType: constants.TargetTypeRole, + TargetValue: role, + }, + }, + }) + require.NoError(t, err) + require.NotNil(t, policy) + require.Equal(t, logic, policy.Logic, "policy must be stored with requested logic") + + perm, err := ts.GraphQLProvider.AddPermission(ctx, &model.AddPermissionInput{ + Name: resource + "-" + scope + "-" + uuid.New().String(), + ResourceID: res.ID, + ScopeIds: []string{sc.ID}, + PolicyIds: []string{policy.ID}, + }) + require.NoError(t, err) + require.NotNil(t, perm) +} + +// seedResourceScopePermissionWithPositivePolicy seeds a resource, scope, a +// positive-logic role policy targeting the given role, and a permission that +// links them. Mirrors seedResourceScopePermissionWithDenyPolicy but with grant +// semantics. +func seedResourceScopePermissionWithPositivePolicy( + t *testing.T, + ts *testSetup, + ctx context.Context, + resource, scope, role string, +) { + t.Helper() + seedResourceScopePermissionWithRolePolicy(t, ts, ctx, resource, scope, role, constants.PolicyLogicPositive) +} + +// seedResourceScopeWithUnanimousDualRolePolicy seeds a resource, scope, TWO +// positive-logic role policies (one per role), and a permission that links +// them with DecisionStrategy=unanimous. This is the minimal setup to exercise +// the unanimous evaluation path (all attached policies must agree). +func seedResourceScopeWithUnanimousDualRolePolicy( + t *testing.T, + ts *testSetup, + ctx context.Context, + resource, scope, roleA, roleB string, +) { + t.Helper() + + res, err := ts.GraphQLProvider.AddResource(ctx, &model.AddResourceInput{ + Name: resource, + Description: refs.NewStringRef("seed resource"), + }) + require.NoError(t, err) + require.NotNil(t, res) + + sc, err := ts.GraphQLProvider.AddScope(ctx, &model.AddScopeInput{ + Name: scope, + Description: refs.NewStringRef("seed scope"), + }) + require.NoError(t, err) + require.NotNil(t, sc) + + positive := constants.PolicyLogicPositive + + policyA, err := ts.GraphQLProvider.AddPolicy(ctx, &model.AddPolicyInput{ + Name: "grant-" + roleA + "-" + uuid.New().String(), + Description: refs.NewStringRef("seed positive role policy A"), + Type: constants.PolicyTypeRole, + Logic: &positive, + Targets: []*model.PolicyTargetInput{ + { + TargetType: constants.TargetTypeRole, + TargetValue: roleA, + }, + }, + }) + require.NoError(t, err) + require.NotNil(t, policyA) + + policyB, err := ts.GraphQLProvider.AddPolicy(ctx, &model.AddPolicyInput{ + Name: "grant-" + roleB + "-" + uuid.New().String(), + Description: refs.NewStringRef("seed positive role policy B"), + Type: constants.PolicyTypeRole, + Logic: &positive, + Targets: []*model.PolicyTargetInput{ + { + TargetType: constants.TargetTypeRole, + TargetValue: roleB, + }, + }, + }) + require.NoError(t, err) + require.NotNil(t, policyB) + + unanimous := constants.DecisionStrategyUnanimous + perm, err := ts.GraphQLProvider.AddPermission(ctx, &model.AddPermissionInput{ + Name: resource + "-" + scope + "-" + uuid.New().String(), + ResourceID: res.ID, + ScopeIds: []string{sc.ID}, + PolicyIds: []string{policyA.ID, policyB.ID}, + DecisionStrategy: &unanimous, + }) + require.NoError(t, err) + require.NotNil(t, perm) + require.Equal(t, constants.DecisionStrategyUnanimous, perm.DecisionStrategy, + "permission must be persisted with unanimous strategy") +} + +// seedResourceScopeWithUserPolicyPermission seeds a resource, scope, a +// positive-logic user policy targeting the given userID, and a permission that +// links them. Exercises the PolicyTypeUser path: the policy matches on +// principal.ID, not roles. +func seedResourceScopeWithUserPolicyPermission( + t *testing.T, + ts *testSetup, + ctx context.Context, + resource, scope, userID string, +) { + t.Helper() + + res, err := ts.GraphQLProvider.AddResource(ctx, &model.AddResourceInput{ + Name: resource, + Description: refs.NewStringRef("seed resource"), + }) + require.NoError(t, err) + require.NotNil(t, res) + + sc, err := ts.GraphQLProvider.AddScope(ctx, &model.AddScopeInput{ + Name: scope, + Description: refs.NewStringRef("seed scope"), + }) + require.NoError(t, err) + require.NotNil(t, sc) + + positive := constants.PolicyLogicPositive + policy, err := ts.GraphQLProvider.AddPolicy(ctx, &model.AddPolicyInput{ + Name: "user-grant-" + uuid.New().String(), + Description: refs.NewStringRef("seed user policy"), + Type: constants.PolicyTypeUser, + Logic: &positive, + Targets: []*model.PolicyTargetInput{ + { + TargetType: constants.TargetTypeUser, + TargetValue: userID, + }, + }, + }) + require.NoError(t, err) + require.NotNil(t, policy) + + perm, err := ts.GraphQLProvider.AddPermission(ctx, &model.AddPermissionInput{ + Name: resource + "-" + scope + "-" + uuid.New().String(), + ResourceID: res.ID, + ScopeIds: []string{sc.ID}, + PolicyIds: []string{policy.ID}, + }) + require.NoError(t, err) + require.NotNil(t, perm) +} + +// TestCheckPermission_MaxScopes_InsideCeiling_UsesPolicy verifies that when a +// principal's delegation ceiling (MaxScopes) explicitly includes the requested +// resource:scope, the normal policy evaluation proceeds and a matching +// positive policy still grants access. +func TestCheckPermission_MaxScopes_InsideCeiling_UsesPolicy(t *testing.T) { + ts := initTestSetup(t, getTestConfig()) + req, ctx := createContext(ts) + adminHash, err := crypto.EncryptPassword(ts.Config.AdminSecret) + require.NoError(t, err) + req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, adminHash)) + + seedResourceScopePermissionWithPositivePolicy(t, ts, ctx, "docs", "read", "viewer") + + result, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-1", + Type: constants.PrincipalTypeUser, + Roles: []string{"viewer"}, + MaxScopes: []string{"docs:read"}, + }, "docs", "read") + require.NoError(t, err) + require.True(t, result.Allowed) +} + +// TestCheckPermission_MaxScopes_OutsideCeiling_DeniesBeforePolicy verifies that +// even when a principal's roles/policies would normally grant access, a +// MaxScopes ceiling that does not include the requested resource:scope MUST +// deny the check short-circuit — delegation ceilings are evaluated before +// policy matching. +func TestCheckPermission_MaxScopes_OutsideCeiling_DeniesBeforePolicy(t *testing.T) { + ts := initTestSetup(t, getTestConfig()) + req, ctx := createContext(ts) + adminHash, err := crypto.EncryptPassword(ts.Config.AdminSecret) + require.NoError(t, err) + req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, adminHash)) + + seedResourceScopePermissionWithPositivePolicy(t, ts, ctx, "docs", "read", "viewer") + + result, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-1", + Type: constants.PrincipalTypeUser, + Roles: []string{"viewer"}, + MaxScopes: []string{"docs:write"}, + }, "docs", "read") + require.NoError(t, err) + require.False(t, result.Allowed, "MaxScopes ceiling must deny before policy eval") +} + +// TestCheckPermission_UnanimousDecisionStrategy_AllPoliciesMustAgree verifies +// that a permission with DecisionStrategy=unanimous only grants when every +// attached policy's target matches the principal. A principal with only one of +// the two required roles must be denied; a principal with both is allowed. +func TestCheckPermission_UnanimousDecisionStrategy_AllPoliciesMustAgree(t *testing.T) { + ts := initTestSetup(t, getTestConfig()) + req, ctx := createContext(ts) + adminHash, err := crypto.EncryptPassword(ts.Config.AdminSecret) + require.NoError(t, err) + req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, adminHash)) + + seedResourceScopeWithUnanimousDualRolePolicy(t, ts, ctx, "ledger", "read", "accountant", "auditor") + + res, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-1", + Type: constants.PrincipalTypeUser, + Roles: []string{"accountant"}, + }, "ledger", "read") + require.NoError(t, err) + require.False(t, res.Allowed, "unanimous: missing one role") + + res2, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-2", + Type: constants.PrincipalTypeUser, + Roles: []string{"accountant", "auditor"}, + }, "ledger", "read") + require.NoError(t, err) + require.True(t, res2.Allowed, "unanimous: all roles present") +} + +// TestCheckPermission_UserTypePolicy_MatchesOnPrincipalID verifies that a +// PolicyTypeUser policy matches the principal by its ID (not by role). The +// seeded policy grants access to a specific user; any other user must be +// denied. +func TestCheckPermission_UserTypePolicy_MatchesOnPrincipalID(t *testing.T) { + ts := initTestSetup(t, getTestConfig()) + req, ctx := createContext(ts) + adminHash, err := crypto.EncryptPassword(ts.Config.AdminSecret) + require.NoError(t, err) + req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, adminHash)) + + seedResourceScopeWithUserPolicyPermission(t, ts, ctx, "secret", "read", "user-alice") + + res, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-alice", + Type: constants.PrincipalTypeUser, + }, "secret", "read") + require.NoError(t, err) + require.True(t, res.Allowed) + + res2, err := ts.Authz.CheckPermission(ctx, &authorization.Principal{ + ID: "user-bob", + Type: constants.PrincipalTypeUser, + }, "secret", "read") + require.NoError(t, err) + require.False(t, res2.Allowed) +} diff --git a/internal/integration_tests/metrics_test.go b/internal/integration_tests/metrics_test.go index 2f83a8ad..50d2e6bd 100644 --- a/internal/integration_tests/metrics_test.go +++ b/internal/integration_tests/metrics_test.go @@ -300,6 +300,35 @@ func TestRecordAuthEventHelpers(t *testing.T) { }) } +// TestMetrics_AuthzCollectorsRegistered verifies the FGA authz collectors +// (checks total, unmatched total, and check duration histogram) are registered +// with the default Prometheus registry and appear in the scrape output once +// incremented. It also asserts the low-cardinality label values are exactly +// the package constants. +func TestMetrics_AuthzCollectorsRegistered(t *testing.T) { + cfg := getTestConfig() + ts := initTestSetup(t, cfg) + + router := gin.New() + router.GET("/metrics", ts.HttpProvider.MetricsHandler()) + + // Bump each collector once so it appears in scrape output. + metrics.RecordAuthzCheck(metrics.AuthzResultUnmatched) + metrics.RecordAuthzUnmatched() + metrics.AuthzCheckDuration.Observe(0.001) + + w := httptest.NewRecorder() + req, err := http.NewRequest(http.MethodGet, "/metrics", nil) + require.NoError(t, err) + router.ServeHTTP(w, req) + + body := w.Body.String() + require.Contains(t, body, "authorizer_authz_checks_total") + require.Contains(t, body, "authorizer_authz_unmatched_total") + require.Contains(t, body, "authorizer_authz_check_duration_seconds") + require.Contains(t, body, `result="unmatched"`) +} + // TestAdminLoginMetrics verifies admin login records metrics. func TestAdminLoginMetrics(t *testing.T) { cfg := getTestConfig() diff --git a/internal/integration_tests/profile_test.go b/internal/integration_tests/profile_test.go index a206ff50..6d9d9037 100644 --- a/internal/integration_tests/profile_test.go +++ b/internal/integration_tests/profile_test.go @@ -55,15 +55,8 @@ func TestProfile(t *testing.T) { }) t.Run("should return profile with browser session", func(t *testing.T) { - allData, err := ts.MemoryStoreProvider.GetAllData() - require.NoError(t, err) - sessionToken := "" - for k, v := range allData { - if strings.Contains(k, constants.TokenTypeSessionToken) { - sessionToken = v - break - } - } + sessionToken := latestAppSessionCookie(ts) + require.NotEmpty(t, sessionToken) req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AppCookieName+"_session", sessionToken)) defer func() { req.Header.Del("Cookie") diff --git a/internal/integration_tests/required_permissions_test.go b/internal/integration_tests/required_permissions_test.go new file mode 100644 index 00000000..69a0a4cb --- /dev/null +++ b/internal/integration_tests/required_permissions_test.go @@ -0,0 +1,276 @@ +package integration_tests + +import ( + "fmt" + "strings" + "testing" + + "github.com/authorizerdev/authorizer/internal/constants" + "github.com/authorizerdev/authorizer/internal/crypto" + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/metrics" + "github.com/google/uuid" + "github.com/prometheus/client_golang/prometheus/testutil" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// captureTokens returns the most recent session and access tokens from the +// in-memory store. Helper for tests that need to read tokens minted by Login. +func captureTokens(t *testing.T, ts *testSetup) (sessionToken, accessToken string) { + t.Helper() + allData, err := ts.MemoryStoreProvider.GetAllData() + require.NoError(t, err) + for k, v := range allData { + switch { + case strings.Contains(k, constants.TokenTypeSessionToken): + sessionToken = v + case strings.Contains(k, constants.TokenTypeAccessToken): + accessToken = v + } + } + require.NotEmpty(t, sessionToken, "session token must be present") + require.NotEmpty(t, accessToken, "access token must be present") + return sessionToken, accessToken +} + +// TestRequiredPermissions verifies the new optional required_permissions field +// on session, validate_jwt_token, and validate_session. It also asserts the +// backward-compatible path (callers that omit the field see no change). +func TestRequiredPermissions(t *testing.T) { + cfg := getTestConfig() + ts := initTestSetup(t, cfg) + req, ctx := createContext(ts) + + // Seed an authz permission as admin: docs:read granted to the "user" + // role. The default signup assigns "user" role. + adminHash, err := crypto.EncryptPassword(cfg.AdminSecret) + require.NoError(t, err) + req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, adminHash)) + + resource, err := ts.GraphQLProvider.AddResource(ctx, &model.AddResourceInput{Name: "docs"}) + require.NoError(t, err) + + scope, err := ts.GraphQLProvider.AddScope(ctx, &model.AddScopeInput{Name: "read"}) + require.NoError(t, err) + + policy, err := ts.GraphQLProvider.AddPolicy(ctx, &model.AddPolicyInput{ + Name: "user-role-can-read", + Type: "role", + Targets: []*model.PolicyTargetInput{ + {TargetType: "role", TargetValue: "user"}, + }, + }) + require.NoError(t, err) + + _, err = ts.GraphQLProvider.AddPermission(ctx, &model.AddPermissionInput{ + Name: "docs-read", + ResourceID: resource.ID, + ScopeIds: []string{scope.ID}, + PolicyIds: []string{policy.ID}, + }) + require.NoError(t, err) + + req.Header.Del("Cookie") + + password := "Password@123" + signupEmail := "required_perms_" + uuid.New().String() + "@authorizer.dev" + _, err = ts.GraphQLProvider.SignUp(ctx, &model.SignUpRequest{ + Email: &signupEmail, + Password: password, + ConfirmPassword: password, + }) + require.NoError(t, err) + + login := func(t *testing.T) { + t.Helper() + _, err := ts.GraphQLProvider.Login(ctx, &model.LoginRequest{ + Email: &signupEmail, + Password: password, + }) + require.NoError(t, err) + } + + // validate_jwt_token and validate_session do NOT rotate, so a single login + // suffices for all six of their subtests. + login(t) + sessionToken, accessToken := captureTokens(t, ts) + + t.Run("validate_jwt_token", func(t *testing.T) { + t.Run("backward compat: no required_permissions still works", func(t *testing.T) { + res, err := ts.GraphQLProvider.ValidateJWTToken(ctx, &model.ValidateJWTTokenRequest{ + Token: accessToken, + TokenType: constants.TokenTypeAccessToken, + }) + require.NoError(t, err) + require.NotNil(t, res) + assert.True(t, res.IsValid) + }) + + t.Run("granted permission passes", func(t *testing.T) { + res, err := ts.GraphQLProvider.ValidateJWTToken(ctx, &model.ValidateJWTTokenRequest{ + Token: accessToken, + TokenType: constants.TokenTypeAccessToken, + RequiredPermissions: []*model.PermissionInput{ + {Resource: "docs", Scope: "read"}, + }, + }) + require.NoError(t, err) + require.NotNil(t, res) + assert.True(t, res.IsValid) + }) + + t.Run("denied permission returns unauthorized", func(t *testing.T) { + res, err := ts.GraphQLProvider.ValidateJWTToken(ctx, &model.ValidateJWTTokenRequest{ + Token: accessToken, + TokenType: constants.TokenTypeAccessToken, + RequiredPermissions: []*model.PermissionInput{ + {Resource: "docs", Scope: "write"}, + }, + }) + require.Error(t, err) + require.Nil(t, res) + assert.Contains(t, err.Error(), "unauthorized") + }) + }) + + t.Run("validate_session", func(t *testing.T) { + t.Run("backward compat: no required_permissions still works", func(t *testing.T) { + res, err := ts.GraphQLProvider.ValidateSession(ctx, &model.ValidateSessionRequest{ + Cookie: sessionToken, + }) + require.NoError(t, err) + require.NotNil(t, res) + assert.True(t, res.IsValid) + }) + + t.Run("granted permission passes", func(t *testing.T) { + res, err := ts.GraphQLProvider.ValidateSession(ctx, &model.ValidateSessionRequest{ + Cookie: sessionToken, + RequiredPermissions: []*model.PermissionInput{ + {Resource: "docs", Scope: "read"}, + }, + }) + require.NoError(t, err) + require.NotNil(t, res) + assert.True(t, res.IsValid) + }) + + t.Run("denied permission returns unauthorized", func(t *testing.T) { + res, err := ts.GraphQLProvider.ValidateSession(ctx, &model.ValidateSessionRequest{ + Cookie: sessionToken, + RequiredPermissions: []*model.PermissionInput{ + {Resource: "docs", Scope: "write"}, + }, + }) + require.Error(t, err) + require.Nil(t, res) + assert.Contains(t, err.Error(), "unauthorized") + }) + }) + + // session() rotates the session on every successful call — re-login per + // subtest so each one starts with a fresh, valid session cookie. + callSession := func(t *testing.T, params *model.SessionQueryRequest) (*model.AuthResponse, error) { + t.Helper() + login(t) + st, _ := captureTokens(t, ts) + req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AppCookieName+"_session", st)) + defer req.Header.Del("Cookie") + return ts.GraphQLProvider.Session(ctx, params) + } + + t.Run("session", func(t *testing.T) { + t.Run("backward compat: no required_permissions still works", func(t *testing.T) { + res, err := callSession(t, &model.SessionQueryRequest{}) + require.NoError(t, err) + require.NotNil(t, res) + assert.NotEmpty(t, res.AccessToken) + }) + + t.Run("granted permission passes", func(t *testing.T) { + res, err := callSession(t, &model.SessionQueryRequest{ + RequiredPermissions: []*model.PermissionInput{ + {Resource: "docs", Scope: "read"}, + }, + }) + require.NoError(t, err) + require.NotNil(t, res) + assert.NotEmpty(t, res.AccessToken) + }) + + t.Run("denied permission returns unauthorized", func(t *testing.T) { + res, err := callSession(t, &model.SessionQueryRequest{ + RequiredPermissions: []*model.PermissionInput{ + {Resource: "docs", Scope: "write"}, + }, + }) + require.Error(t, err) + require.Nil(t, res) + assert.Contains(t, err.Error(), "unauthorized") + }) + }) + + t.Run("metrics counters increment per outcome", func(t *testing.T) { + // Re-login to get a fresh access token — the session subtests above each + // call login() internally (session rotates on every call), which replaces + // the memory-store entries and makes the top-level accessToken stale. + login(t) + _, freshAccessToken := captureTokens(t, ts) + + grantedBefore := testutil.ToFloat64(metrics.RequiredPermissionsChecksTotal.WithLabelValues( + metrics.RequiredPermissionsEndpointValidateJWTToken, + metrics.RequiredPermissionsOutcomeGranted, + )) + deniedBefore := testutil.ToFloat64(metrics.RequiredPermissionsChecksTotal.WithLabelValues( + metrics.RequiredPermissionsEndpointValidateJWTToken, + metrics.RequiredPermissionsOutcomeDenied, + )) + notReqBefore := testutil.ToFloat64(metrics.RequiredPermissionsChecksTotal.WithLabelValues( + metrics.RequiredPermissionsEndpointValidateJWTToken, + metrics.RequiredPermissionsOutcomeNotRequested, + )) + + // not_requested + _, err := ts.GraphQLProvider.ValidateJWTToken(ctx, &model.ValidateJWTTokenRequest{ + Token: freshAccessToken, + TokenType: constants.TokenTypeAccessToken, + }) + require.NoError(t, err) + + // granted + _, err = ts.GraphQLProvider.ValidateJWTToken(ctx, &model.ValidateJWTTokenRequest{ + Token: freshAccessToken, + TokenType: constants.TokenTypeAccessToken, + RequiredPermissions: []*model.PermissionInput{ + {Resource: "docs", Scope: "read"}, + }, + }) + require.NoError(t, err) + + // denied — error is intentional; only the counter increment matters. + // outcome=error is not exercised here: simulating a CheckPermission + // storage fault from an integration test requires fault injection + // the provider doesn't currently expose. + _, _ = ts.GraphQLProvider.ValidateJWTToken(ctx, &model.ValidateJWTTokenRequest{ + Token: freshAccessToken, + TokenType: constants.TokenTypeAccessToken, + RequiredPermissions: []*model.PermissionInput{ + {Resource: "docs", Scope: "write"}, + }, + }) + + assert.Equal(t, grantedBefore+1, testutil.ToFloat64(metrics.RequiredPermissionsChecksTotal.WithLabelValues( + metrics.RequiredPermissionsEndpointValidateJWTToken, + metrics.RequiredPermissionsOutcomeGranted, + ))) + assert.Equal(t, deniedBefore+1, testutil.ToFloat64(metrics.RequiredPermissionsChecksTotal.WithLabelValues( + metrics.RequiredPermissionsEndpointValidateJWTToken, + metrics.RequiredPermissionsOutcomeDenied, + ))) + assert.Equal(t, notReqBefore+1, testutil.ToFloat64(metrics.RequiredPermissionsChecksTotal.WithLabelValues( + metrics.RequiredPermissionsEndpointValidateJWTToken, + metrics.RequiredPermissionsOutcomeNotRequested, + ))) + }) +} diff --git a/internal/integration_tests/session_test.go b/internal/integration_tests/session_test.go index bd10dd6a..b39ce364 100644 --- a/internal/integration_tests/session_test.go +++ b/internal/integration_tests/session_test.go @@ -2,7 +2,6 @@ package integration_tests import ( "fmt" - "strings" "testing" "github.com/authorizerdev/authorizer/internal/constants" @@ -55,15 +54,13 @@ func TestSession(t *testing.T) { }) t.Run("should return new access token with cookie", func(t *testing.T) { - allData, err := ts.MemoryStoreProvider.GetAllData() - require.NoError(t, err) - sessionToken := "" - for k, v := range allData { - if strings.Contains(k, constants.TokenTypeSessionToken) { - sessionToken = v - break - } - } + // Use the cookie that Login() just wrote to the response. Reading + // from memory store via map iteration is racy: Session()'s async + // session rollover leaves the previous token transiently present + // in memory, and a random pick can land on a token about to be + // deleted by the rollover goroutine. + sessionToken := latestAppSessionCookie(ts) + require.NotEmpty(t, sessionToken) req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AppCookieName+"_session", sessionToken)) res, err := ts.GraphQLProvider.Session(ctx, &model.SessionQueryRequest{}) require.NoError(t, err) @@ -74,15 +71,10 @@ func TestSession(t *testing.T) { }) t.Run("should use default scopes when empty scope list is provided", func(t *testing.T) { - allData, err := ts.MemoryStoreProvider.GetAllData() - require.NoError(t, err) - sessionToken := "" - for k, v := range allData { - if strings.Contains(k, constants.TokenTypeSessionToken) { - sessionToken = v - break - } - } + // Pick up the rotated cookie from the previous Session() call — + // same rationale as the subtest above. + sessionToken := latestAppSessionCookie(ts) + require.NotEmpty(t, sessionToken) req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AppCookieName+"_session", sessionToken)) res, err := ts.GraphQLProvider.Session(ctx, &model.SessionQueryRequest{ Scope: []string{}, diff --git a/internal/integration_tests/test_helper.go b/internal/integration_tests/test_helper.go index 52767e1a..f45e19a7 100644 --- a/internal/integration_tests/test_helper.go +++ b/internal/integration_tests/test_helper.go @@ -6,6 +6,7 @@ import ( "net/http/httptest" "os" "path/filepath" + "strings" "testing" "github.com/gin-gonic/gin" @@ -14,6 +15,7 @@ import ( "github.com/authorizerdev/authorizer/internal/audit" "github.com/authorizerdev/authorizer/internal/authenticators" + "github.com/authorizerdev/authorizer/internal/authorization" "github.com/authorizerdev/authorizer/internal/config" "github.com/authorizerdev/authorizer/internal/constants" "github.com/authorizerdev/authorizer/internal/email" @@ -42,6 +44,9 @@ type testSetup struct { MemoryStoreProvider memory_store.Provider AuthenticatorProvider authenticators.Provider TokenProvider token.Provider + // Authz is the authorization provider, exposed for tests that exercise + // CheckPermission / GetPrincipalPermissions directly (bypassing GraphQL). + Authz authorization.Provider } func createContext(s *testSetup) (*http.Request, context.Context) { @@ -68,21 +73,26 @@ func getTestConfig() *config.Config { // getTestConfigForDB returns a test config for a specific database type and URL func getTestConfigForDB(dbType, dbURL string) *config.Config { cfg := &config.Config{ - Env: constants.TestEnv, - SkipTestEndpointSSRFValidation: true, - DatabaseType: dbType, - DatabaseURL: dbURL, - JWTSecret: "test-secret", - ClientID: "test-client-id", - ClientSecret: "test-client-secret", - AllowedOrigins: []string{"http://localhost:3000"}, - JWTType: "HS256", - AdminSecret: "test-admin-secret", - TwilioAPISecret: "test-twilio-api-secret", - TwilioAPIKey: "test-twilio-api-key", - TwilioAccountSID: "test-twilio-account-sid", - TwilioSender: "test-twilio-sender", - DefaultRoles: []string{"user"}, + Env: constants.TestEnv, + SkipTestEndpointSSRFValidation: true, + DatabaseType: dbType, + DatabaseURL: dbURL, + JWTSecret: "test-secret", + ClientID: "test-client-id", + ClientSecret: "test-client-secret", + AllowedOrigins: []string{"http://localhost:3000"}, + JWTType: "HS256", + AdminSecret: "test-admin-secret", + TwilioAPISecret: "test-twilio-api-secret", + TwilioAPIKey: "test-twilio-api-key", + TwilioAccountSID: "test-twilio-account-sid", + TwilioSender: "test-twilio-sender", + DefaultRoles: []string{"user"}, + Roles: []string{ + "user", "admin", "viewer", "editor", + "accountant", "auditor", + "blocked-role", "other-role", + }, EnableSignup: true, EnableBasicAuthentication: true, EnableMobileBasicAuthentication: true, @@ -178,6 +188,15 @@ func initTestSetup(t *testing.T, cfg *config.Config) *testSetup { }) require.NoError(t, err) + // Initialize authorization provider (always enforcing — the single mode after Task 3). + authzProvider, err := authorization.New(&authorization.Config{ + CacheTTL: 0, + }, &authorization.Dependencies{ + Log: &logger, + StorageProvider: storageProvider, + }) + require.NoError(t, err) + // Initialize audit provider auditProvider := audit.New(&audit.Dependencies{ Log: &logger, @@ -189,6 +208,7 @@ func initTestSetup(t *testing.T, cfg *config.Config) *testSetup { Log: &logger, AuditProvider: auditProvider, AuthenticatorProvider: authProvider, + AuthorizationProvider: authzProvider, EmailProvider: emailProvider, EventsProvider: eventsProvider, MemoryStoreProvider: memoryStoreProvider, @@ -233,8 +253,13 @@ func initTestSetup(t *testing.T, cfg *config.Config) *testSetup { t.Cleanup(func() { server.Close() if storageProvider != nil { + // Fire-and-forget goroutines from RegisterEvent / LogEvent / AddSession + // (started by Login, SignUp, VerifyOTP, etc.) may still be holding pool + // connections when cleanup runs. The driver can surface that as a Close + // error even though the test logic itself succeeded — log it instead of + // failing the parent test on cleanup noise. if err := storageProvider.Close(); err != nil { - t.Errorf("close storage provider: %v", err) + t.Logf("close storage provider: %v", err) } } }) @@ -250,5 +275,32 @@ func initTestSetup(t *testing.T, cfg *config.Config) *testSetup { MemoryStoreProvider: memoryStoreProvider, AuthenticatorProvider: authProvider, TokenProvider: tokenProvider, + Authz: authzProvider, + } +} + +// latestAppSessionCookie returns the most recent value of the +// AppCookieName+"_session" cookie that has been written to the gin response +// writer in this test. Session() and Login() both rotate the cookie and the +// async rollover transiently leaves stale session_token entries in memory — +// reading the writer is the only race-free way for tests to follow the +// rotation, since http.Request cookies are not auto-updated from responses. +func latestAppSessionCookie(s *testSetup) string { + prefix := constants.AppCookieName + "_session=" + latest := "" + for _, h := range s.GinContext.Writer.Header().Values("Set-Cookie") { + // A Set-Cookie value is "name=value; attr=...; attr=...". Only the + // first segment is the name/value pair. The "_session_domain" cookie + // uses a different name so HasPrefix on "_session=" is sufficient + // to disambiguate. + first := h + if i := strings.IndexByte(h, ';'); i >= 0 { + first = h[:i] + } + first = strings.TrimSpace(first) + if strings.HasPrefix(first, prefix) { + latest = strings.TrimPrefix(first, prefix) + } } + return latest } diff --git a/internal/integration_tests/validate_session_test.go b/internal/integration_tests/validate_session_test.go index a5cd959f..bf82ac99 100644 --- a/internal/integration_tests/validate_session_test.go +++ b/internal/integration_tests/validate_session_test.go @@ -1,10 +1,8 @@ package integration_tests import ( - "strings" "testing" - "github.com/authorizerdev/authorizer/internal/constants" "github.com/authorizerdev/authorizer/internal/graph/model" "github.com/google/uuid" "github.com/stretchr/testify/assert" @@ -62,15 +60,8 @@ func TestValidateSession(t *testing.T) { }) t.Run("should pass with valid input", func(t *testing.T) { - allData, err := ts.MemoryStoreProvider.GetAllData() - require.NoError(t, err) - sessionToken := "" - for k, v := range allData { - if strings.Contains(k, constants.TokenTypeSessionToken) { - sessionToken = v - break - } - } + sessionToken := latestAppSessionCookie(ts) + require.NotEmpty(t, sessionToken) res, err := ts.GraphQLProvider.ValidateSession(ctx, &model.ValidateSessionRequest{ Cookie: sessionToken, }) diff --git a/internal/memory_store/db/cache.go b/internal/memory_store/db/cache.go new file mode 100644 index 00000000..1764f23f --- /dev/null +++ b/internal/memory_store/db/cache.go @@ -0,0 +1,69 @@ +package db + +import ( + "strings" + "sync" + "time" +) + +// cacheEntry holds a cached value with its expiration time. +type cacheEntry struct { + Value string + ExpiresAt int64 +} + +// cacheStore is a simple in-memory cache used by the DB-backed memory store provider. +// The DB provider delegates session/state storage to the database, but cache +// entries are kept in-memory for performance since they are short-lived and +// tolerant of loss on restart. +var ( + cache = make(map[string]*cacheEntry) + cacheMutex sync.RWMutex +) + +// SetCache stores a key-value pair with a TTL in seconds. +func (p *provider) SetCache(key string, value string, ttlSeconds int64) error { + cacheMutex.Lock() + defer cacheMutex.Unlock() + cache[key] = &cacheEntry{ + Value: value, + ExpiresAt: time.Now().Unix() + ttlSeconds, + } + return nil +} + +// GetCache retrieves a cached value by key. +// Returns empty string and nil error if the key is not found or expired. +func (p *provider) GetCache(key string) (string, error) { + cacheMutex.RLock() + defer cacheMutex.RUnlock() + entry, ok := cache[key] + if !ok { + return "", nil + } + if entry.ExpiresAt < time.Now().Unix() { + // Entry expired; clean up asynchronously to avoid write lock in read path. + go func() { + cacheMutex.Lock() + defer cacheMutex.Unlock() + // Re-check to avoid deleting a refreshed entry. + if e, exists := cache[key]; exists && e.ExpiresAt < time.Now().Unix() { + delete(cache, key) + } + }() + return "", nil + } + return entry.Value, nil +} + +// DeleteCacheByPrefix removes all cache entries whose keys start with the given prefix. +func (p *provider) DeleteCacheByPrefix(prefix string) error { + cacheMutex.Lock() + defer cacheMutex.Unlock() + for k := range cache { + if strings.HasPrefix(k, prefix) { + delete(cache, k) + } + } + return nil +} diff --git a/internal/memory_store/in_memory/cache.go b/internal/memory_store/in_memory/cache.go new file mode 100644 index 00000000..66464405 --- /dev/null +++ b/internal/memory_store/in_memory/cache.go @@ -0,0 +1,50 @@ +package in_memory + +import ( + "strings" + "sync" + "time" +) + +// cacheEntry holds a cached value with its expiration time. +type cacheEntry struct { + Value string + ExpiresAt int64 +} + +var cacheStore sync.Map + +// SetCache stores a key-value pair with a TTL in seconds. +func (c *provider) SetCache(key string, value string, ttlSeconds int64) error { + cacheStore.Store(key, &cacheEntry{ + Value: value, + ExpiresAt: time.Now().Unix() + ttlSeconds, + }) + return nil +} + +// GetCache retrieves a cached value by key. +// Returns empty string and nil error if the key is not found or expired. +func (c *provider) GetCache(key string) (string, error) { + val, ok := cacheStore.Load(key) + if !ok { + return "", nil + } + entry := val.(*cacheEntry) + if entry.ExpiresAt < time.Now().Unix() { + cacheStore.Delete(key) + return "", nil + } + return entry.Value, nil +} + +// DeleteCacheByPrefix removes all cache entries whose keys start with the given prefix. +func (c *provider) DeleteCacheByPrefix(prefix string) error { + cacheStore.Range(func(key, value any) bool { + if k, ok := key.(string); ok && strings.HasPrefix(k, prefix) { + cacheStore.Delete(key) + } + return true + }) + return nil +} diff --git a/internal/memory_store/provider.go b/internal/memory_store/provider.go index d16a9dea..878837d3 100644 --- a/internal/memory_store/provider.go +++ b/internal/memory_store/provider.go @@ -68,6 +68,15 @@ type Provider interface { // prevent authorization code replay (RFC 6749 §4.1.2). GetAndRemoveState(key string) (string, error) + // SetCache stores a key-value pair with a TTL in seconds. + // Used by the authorization engine for permission evaluation caching. + SetCache(key string, value string, ttlSeconds int64) error + // GetCache retrieves a cached value by key. Returns empty string and nil error if not found. + GetCache(key string) (string, error) + // DeleteCacheByPrefix removes all cache entries whose keys start with the given prefix. + // Used for cache invalidation when permissions/policies change. + DeleteCacheByPrefix(prefix string) error + // GetAllData returns all the data from the session store // This is used for testing purposes only GetAllData() (map[string]string, error) diff --git a/internal/memory_store/redis/cache.go b/internal/memory_store/redis/cache.go new file mode 100644 index 00000000..c630aa42 --- /dev/null +++ b/internal/memory_store/redis/cache.go @@ -0,0 +1,59 @@ +package redis + +import ( + "time" + + goredis "github.com/redis/go-redis/v9" +) + +const cachePrefix = "authorizer_cache:" + +// SetCache stores a key-value pair in Redis with a TTL in seconds. +func (p *provider) SetCache(key string, value string, ttlSeconds int64) error { + duration := time.Duration(ttlSeconds) * time.Second + err := p.store.Set(p.ctx, cachePrefix+key, value, duration).Err() + if err != nil { + p.dependencies.Log.Debug().Err(err).Msg("Error setting cache in redis") + return err + } + return nil +} + +// GetCache retrieves a cached value by key from Redis. +// Returns empty string and nil error if the key is not found. +func (p *provider) GetCache(key string) (string, error) { + data, err := p.store.Get(p.ctx, cachePrefix+key).Result() + if err != nil { + if err == goredis.Nil { + return "", nil + } + p.dependencies.Log.Debug().Err(err).Msg("Error getting cache from redis") + return "", err + } + return data, nil +} + +// DeleteCacheByPrefix removes all cache entries whose keys start with the given prefix. +// Uses SCAN to avoid blocking Redis on large datasets. +func (p *provider) DeleteCacheByPrefix(prefix string) error { + pattern := cachePrefix + prefix + "*" + var cursor uint64 + for { + keys, nextCursor, err := p.store.Scan(p.ctx, cursor, pattern, 100).Result() + if err != nil { + p.dependencies.Log.Debug().Err(err).Msg("Error scanning cache keys from redis") + return err + } + if len(keys) > 0 { + if err := p.store.Del(p.ctx, keys...).Err(); err != nil { + p.dependencies.Log.Debug().Err(err).Msg("Error deleting cache keys from redis") + return err + } + } + cursor = nextCursor + if cursor == 0 { + break + } + } + return nil +} diff --git a/internal/metrics/metrics.go b/internal/metrics/metrics.go index 56e6e9c3..f76d482b 100644 --- a/internal/metrics/metrics.go +++ b/internal/metrics/metrics.go @@ -35,6 +35,32 @@ const ( StatusFailure = "failure" ) +// Authorization check result labels. +const ( + AuthzResultAllowed = "allowed" // matched policy, granted + AuthzResultDenied = "denied" // matched policy, denied + AuthzResultUnmatched = "unmatched" // no permission row for (resource, scope) + AuthzResultError = "error" // validation / storage error +) + +// Outcome constants for the required_permissions counter (per-request bucket, +// distinct from per-CheckPermission AuthzResult* above). Low cardinality. +const ( + RequiredPermissionsOutcomeGranted = "granted" // all listed permissions allowed + RequiredPermissionsOutcomeDenied = "denied" // one or more denied by policy + RequiredPermissionsOutcomeNotRequested = "not_requested" // caller omitted required_permissions + RequiredPermissionsOutcomeError = "error" // CheckPermission errored (DB/validation) +) + +// RequiredPermissionsEndpoint* are the bounded endpoint label values for the +// required_permissions counter. New endpoints adopting required_permissions +// must add a constant here rather than passing raw strings. +const ( + RequiredPermissionsEndpointSession = "session" + RequiredPermissionsEndpointValidateSession = "validate_session" + RequiredPermissionsEndpointValidateJWTToken = "validate_jwt_token" +) + var ( // HTTPRequestsTotal is the total number of HTTP requests received. HTTPRequestsTotal = prometheus.NewCounterVec( @@ -129,6 +155,44 @@ var ( Help: "Total requests that omitted X-Authorizer-Client-ID (allowed for some routes)", }, ) + + // AuthzChecksTotal counts every CheckPermission call, labelled by result. + AuthzChecksTotal = prometheus.NewCounterVec( + prometheus.CounterOpts{ + Name: "authorizer_authz_checks_total", + Help: "Total fine-grained authorization checks. result=allowed|denied|unmatched|error", + }, + []string{"result"}, + ) + + // AuthzUnmatchedTotal counts checks that found no matching permission. + AuthzUnmatchedTotal = prometheus.NewCounter( + prometheus.CounterOpts{ + Name: "authorizer_authz_unmatched_total", + Help: "Total CheckPermission calls where no permission matched the (resource, scope) pair.", + }, + ) + + // AuthzCheckDuration measures end-to-end CheckPermission latency. + AuthzCheckDuration = prometheus.NewHistogram( + prometheus.HistogramOpts{ + Name: "authorizer_authz_check_duration_seconds", + Help: "CheckPermission latency including validation, cache, and storage queries", + Buckets: prometheus.DefBuckets, + }, + ) + + // RequiredPermissionsChecksTotal counts each endpoint invocation that the + // required_permissions field flows through, labelled by endpoint and the + // per-request outcome. This is the FGA adoption + enforcement signal; + // the per-CheckPermission AuthzChecksTotal is the evaluator signal. + RequiredPermissionsChecksTotal = prometheus.NewCounterVec( + prometheus.CounterOpts{ + Name: "authorizer_required_permissions_checks_total", + Help: "Per-endpoint required_permissions outcome. endpoint=session|validate_session|validate_jwt_token. outcome=granted|denied|not_requested|error.", + }, + []string{"endpoint", "outcome"}, + ) ) // staticAssetPathSuffixes are path suffixes (after lowercasing) treated as static files @@ -211,6 +275,10 @@ func Init() { prometheus.MustRegister(GraphQLRequestDuration) prometheus.MustRegister(DBHealthCheckTotal) prometheus.MustRegister(ClientIDHeaderMissingTotal) + prometheus.MustRegister(AuthzChecksTotal) + prometheus.MustRegister(AuthzUnmatchedTotal) + prometheus.MustRegister(AuthzCheckDuration) + prometheus.MustRegister(RequiredPermissionsChecksTotal) }) } @@ -260,3 +328,21 @@ func RecordGraphQLLimitRejection(limit string) { func RecordClientIDHeaderMissing() { ClientIDHeaderMissingTotal.Inc() } + +// RecordAuthzCheck records a CheckPermission call outcome. +// result must be one of AuthzResult* constants. +func RecordAuthzCheck(result string) { + AuthzChecksTotal.WithLabelValues(result).Inc() +} + +// RecordAuthzUnmatched records a CheckPermission call that found no matching permission. +func RecordAuthzUnmatched() { + AuthzUnmatchedTotal.Inc() +} + +// RecordRequiredPermissionsCheck records the per-request outcome of +// enforceRequiredPermissions. endpoint must be one of RequiredPermissionsEndpoint*; +// outcome must be one of RequiredPermissionsOutcome*. +func RecordRequiredPermissionsCheck(endpoint, outcome string) { + RequiredPermissionsChecksTotal.WithLabelValues(endpoint, outcome).Inc() +} diff --git a/internal/server/http_routes.go b/internal/server/http_routes.go index d4c13b47..f619092b 100644 --- a/internal/server/http_routes.go +++ b/internal/server/http_routes.go @@ -3,11 +3,30 @@ package server import ( "encoding/json" "html/template" + "path" "strings" "github.com/gin-gonic/gin" ) +// spaBuildCacheMiddleware sets cache headers for SPA build assets: +// - "index.js" / "main.css" (unhashed entry points the shell HTML loads +// by name) → no-cache, so browsers always pick up new chunk references +// after a deploy. +// - everything else (content-hashed chunks, immutable assets) → long-lived +// immutable cache, since a content change produces a new filename. +func spaBuildCacheMiddleware() gin.HandlerFunc { + return func(c *gin.Context) { + base := path.Base(c.Request.URL.Path) + if base == "index.js" || base == "main.css" { + c.Header("Cache-Control", "no-cache, must-revalidate") + } else { + c.Header("Cache-Control", "public, max-age=31536000, immutable") + } + c.Next() + } +} + // NewRouter creates new gin router func (s *server) NewRouter() *gin.Engine { router := gin.New() @@ -70,7 +89,9 @@ func (s *server) NewRouter() *gin.Engine { app := router.Group("/app") { app.Static("/favicon_io", "web/app/favicon_io") - app.Static("/build", "web/app/build") + appBuild := app.Group("/build") + appBuild.Use(spaBuildCacheMiddleware()) + appBuild.Static("", "web/app/build") app.GET("/", s.Dependencies.HTTPProvider.AppHandler()) app.GET("/:page", s.Dependencies.HTTPProvider.AppHandler()) } @@ -79,10 +100,37 @@ func (s *server) NewRouter() *gin.Engine { dashboard := router.Group("/dashboard") { dashboard.Static("/favicon_io", "web/dashboard/favicon_io") - dashboard.Static("/build", "web/dashboard/build") + dashboardBuild := dashboard.Group("/build") + dashboardBuild.Use(spaBuildCacheMiddleware()) + dashboardBuild.Static("", "web/dashboard/build") dashboard.Static("/public", "web/dashboard/public") dashboard.GET("/", s.Dependencies.HTTPProvider.DashboardHandler()) dashboard.GET("/:page", s.Dependencies.HTTPProvider.DashboardHandler()) } + + // SPA fallback: any unmatched GET inside /app/ or /dashboard/ serves the + // SPA shell so deep links and browser refresh on multi-segment routes + // (e.g. /dashboard/authorization/resources) don't return 404. Static + // routes (/build, /favicon_io, /public) and the explicit /, /:page + // handlers above take precedence; this only catches the multi-segment + // gap. Non-GET methods and other paths fall through to gin's default + // 404 handler. + dashboardHandler := s.Dependencies.HTTPProvider.DashboardHandler() + appHandler := s.Dependencies.HTTPProvider.AppHandler() + router.NoRoute(func(c *gin.Context) { + if c.Request.Method != "GET" { + c.AbortWithStatus(404) + return + } + path := c.Request.URL.Path + switch { + case strings.HasPrefix(path, "/dashboard/"): + dashboardHandler(c) + case strings.HasPrefix(path, "/app/"): + appHandler(c) + default: + c.AbortWithStatus(404) + } + }) return router } diff --git a/internal/storage/db/arangodb/permission.go b/internal/storage/db/arangodb/permission.go new file mode 100644 index 00000000..5a56e7b1 --- /dev/null +++ b/internal/storage/db/arangodb/permission.go @@ -0,0 +1,367 @@ +package arangodb + +import ( + "context" + "fmt" + "time" + + arangoDriver "github.com/arangodb/go-driver" + "github.com/google/uuid" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddPermission creates a new authorization permission. +func (p *provider) AddPermission(ctx context.Context, permission *schemas.Permission) (*schemas.Permission, error) { + if permission.ID == "" { + permission.ID = uuid.New().String() + } + permission.Key = permission.ID + permission.CreatedAt = time.Now().Unix() + permission.UpdatedAt = time.Now().Unix() + collection, _ := p.db.Collection(ctx, schemas.Collections.Permission) + meta, err := collection.CreateDocument(ctx, permission) + if err != nil { + return nil, err + } + permission.Key = meta.Key + permission.ID = meta.ID.String() + return permission, nil +} + +// UpdatePermission updates an existing authorization permission. +func (p *provider) UpdatePermission(ctx context.Context, permission *schemas.Permission) (*schemas.Permission, error) { + permission.UpdatedAt = time.Now().Unix() + collection, _ := p.db.Collection(ctx, schemas.Collections.Permission) + meta, err := collection.UpdateDocument(ctx, permission.Key, permission) + if err != nil { + return nil, err + } + permission.Key = meta.Key + permission.ID = meta.ID.String() + return permission, nil +} + +// DeletePermission deletes an authorization permission by ID. +// Cascade-deletes associated permission_scopes and permission_policies. +func (p *provider) DeletePermission(ctx context.Context, id string) error { + // Cascade-delete permission_scopes + deleteScopesQuery := fmt.Sprintf("FOR d IN %s FILTER d.permission_id == @permission_id REMOVE d IN %s", schemas.Collections.PermissionScope, schemas.Collections.PermissionScope) + scopeCursor, err := p.db.Query(ctx, deleteScopesQuery, map[string]interface{}{ + "permission_id": id, + }) + if err != nil { + return err + } + defer scopeCursor.Close() + + // Cascade-delete permission_policies + deletePoliciesQuery := fmt.Sprintf("FOR d IN %s FILTER d.permission_id == @permission_id REMOVE d IN %s", schemas.Collections.PermissionPolicy, schemas.Collections.PermissionPolicy) + policyCursor, err := p.db.Query(ctx, deletePoliciesQuery, map[string]interface{}{ + "permission_id": id, + }) + if err != nil { + return err + } + defer policyCursor.Close() + + // Find the document key for this permission + permission, err := p.GetPermissionByID(ctx, id) + if err != nil { + return err + } + collection, _ := p.db.Collection(ctx, schemas.Collections.Permission) + _, err = collection.RemoveDocument(ctx, permission.Key) + return err +} + +// GetPermissionByID returns an authorization permission by its ID. +func (p *provider) GetPermissionByID(ctx context.Context, id string) (*schemas.Permission, error) { + var permission *schemas.Permission + query := fmt.Sprintf("FOR d IN %s FILTER d._id == @id RETURN d", schemas.Collections.Permission) + bindVars := map[string]interface{}{ + "id": id, + } + cursor, err := p.db.Query(ctx, query, bindVars) + if err != nil { + return nil, err + } + defer cursor.Close() + for { + if !cursor.HasMore() { + if permission == nil { + return nil, fmt.Errorf("permission not found") + } + break + } + _, err := cursor.ReadDocument(ctx, &permission) + if err != nil { + return nil, err + } + } + return permission, nil +} + +// ListPermissions returns a paginated list of authorization permissions. +func (p *provider) ListPermissions(ctx context.Context, pagination *model.Pagination) ([]*schemas.Permission, *model.Pagination, error) { + permissions := []*schemas.Permission{} + query := fmt.Sprintf("FOR d IN %s SORT d.created_at DESC LIMIT %d, %d RETURN d", schemas.Collections.Permission, pagination.Offset, pagination.Limit) + sctx := arangoDriver.WithQueryFullCount(ctx) + cursor, err := p.db.Query(sctx, query, nil) + if err != nil { + return nil, nil, err + } + defer cursor.Close() + paginationClone := pagination + paginationClone.Total = cursor.Statistics().FullCount() + for { + var permission *schemas.Permission + meta, err := cursor.ReadDocument(ctx, &permission) + if arangoDriver.IsNoMoreDocuments(err) { + break + } else if err != nil { + return nil, nil, err + } + if meta.Key != "" { + permissions = append(permissions, permission) + } + } + return permissions, paginationClone, nil +} + +// AddPermissionScope links a scope to a permission. +func (p *provider) AddPermissionScope(ctx context.Context, ps *schemas.PermissionScope) (*schemas.PermissionScope, error) { + if ps.ID == "" { + ps.ID = uuid.New().String() + } + ps.Key = ps.ID + ps.CreatedAt = time.Now().Unix() + collection, _ := p.db.Collection(ctx, schemas.Collections.PermissionScope) + meta, err := collection.CreateDocument(ctx, ps) + if err != nil { + return nil, err + } + ps.Key = meta.Key + ps.ID = meta.ID.String() + return ps, nil +} + +// DeletePermissionScopesByPermissionID removes all scope links for a permission. +func (p *provider) DeletePermissionScopesByPermissionID(ctx context.Context, permissionID string) error { + query := fmt.Sprintf("FOR d IN %s FILTER d.permission_id == @permission_id REMOVE d IN %s", schemas.Collections.PermissionScope, schemas.Collections.PermissionScope) + cursor, err := p.db.Query(ctx, query, map[string]interface{}{ + "permission_id": permissionID, + }) + if err != nil { + return err + } + defer cursor.Close() + return nil +} + +// GetPermissionScopes returns all scope links for a permission. +func (p *provider) GetPermissionScopes(ctx context.Context, permissionID string) ([]*schemas.PermissionScope, error) { + scopes := []*schemas.PermissionScope{} + query := fmt.Sprintf("FOR d IN %s FILTER d.permission_id == @permission_id RETURN d", schemas.Collections.PermissionScope) + cursor, err := p.db.Query(ctx, query, map[string]interface{}{ + "permission_id": permissionID, + }) + if err != nil { + return nil, err + } + defer cursor.Close() + for { + var ps *schemas.PermissionScope + if _, err := cursor.ReadDocument(ctx, &ps); arangoDriver.IsNoMoreDocuments(err) { + break + } else if err != nil { + return nil, err + } + scopes = append(scopes, ps) + } + return scopes, nil +} + +// AddPermissionPolicy links a policy to a permission. +func (p *provider) AddPermissionPolicy(ctx context.Context, pp *schemas.PermissionPolicy) (*schemas.PermissionPolicy, error) { + if pp.ID == "" { + pp.ID = uuid.New().String() + } + pp.Key = pp.ID + pp.CreatedAt = time.Now().Unix() + collection, _ := p.db.Collection(ctx, schemas.Collections.PermissionPolicy) + meta, err := collection.CreateDocument(ctx, pp) + if err != nil { + return nil, err + } + pp.Key = meta.Key + pp.ID = meta.ID.String() + return pp, nil +} + +// DeletePermissionPoliciesByPermissionID removes all policy links for a permission. +func (p *provider) DeletePermissionPoliciesByPermissionID(ctx context.Context, permissionID string) error { + query := fmt.Sprintf("FOR d IN %s FILTER d.permission_id == @permission_id REMOVE d IN %s", schemas.Collections.PermissionPolicy, schemas.Collections.PermissionPolicy) + cursor, err := p.db.Query(ctx, query, map[string]interface{}{ + "permission_id": permissionID, + }) + if err != nil { + return err + } + defer cursor.Close() + return nil +} + +// GetPermissionPolicies returns all policy links for a permission. +func (p *provider) GetPermissionPolicies(ctx context.Context, permissionID string) ([]*schemas.PermissionPolicy, error) { + policies := []*schemas.PermissionPolicy{} + query := fmt.Sprintf("FOR d IN %s FILTER d.permission_id == @permission_id RETURN d", schemas.Collections.PermissionPolicy) + cursor, err := p.db.Query(ctx, query, map[string]interface{}{ + "permission_id": permissionID, + }) + if err != nil { + return nil, err + } + defer cursor.Close() + for { + var pp *schemas.PermissionPolicy + if _, err := cursor.ReadDocument(ctx, &pp); arangoDriver.IsNoMoreDocuments(err) { + break + } else if err != nil { + return nil, err + } + policies = append(policies, pp) + } + return policies, nil +} + +// GetPermissionsForResourceScope returns all permissions (with their policies and targets) +// that match a given resource name and scope name. This is the hot-path query used by +// the evaluation engine. Uses sequential lookups across collections. +func (p *provider) GetPermissionsForResourceScope(ctx context.Context, resourceName string, scopeName string) ([]*schemas.PermissionWithPolicies, error) { + // Step 1: Find the resource by name + resource, err := p.GetResourceByName(ctx, resourceName) + if err != nil { + return nil, nil // Resource not found means no permissions + } + + // Step 2: Find the scope by name + scope, err := p.GetScopeByName(ctx, scopeName) + if err != nil { + return nil, nil // Scope not found means no permissions + } + + // Step 3: Find permissions for this resource + permQuery := fmt.Sprintf("FOR d IN %s FILTER d.resource_id == @resource_id RETURN d", schemas.Collections.Permission) + permCursor, err := p.db.Query(ctx, permQuery, map[string]interface{}{ + "resource_id": resource.ID, + }) + if err != nil { + return nil, err + } + defer permCursor.Close() + + var permissions []*schemas.Permission + for { + var perm *schemas.Permission + if _, err := permCursor.ReadDocument(ctx, &perm); arangoDriver.IsNoMoreDocuments(err) { + break + } else if err != nil { + return nil, err + } + permissions = append(permissions, perm) + } + + if len(permissions) == 0 { + return nil, nil + } + + // Step 4: Filter permissions that have this scope linked + var matchedPermissions []*schemas.Permission + for _, perm := range permissions { + psQuery := fmt.Sprintf("FOR d IN %s FILTER d.permission_id == @permission_id AND d.scope_id == @scope_id RETURN d", schemas.Collections.PermissionScope) + psCursor, err := p.db.Query(ctx, psQuery, map[string]interface{}{ + "permission_id": perm.ID, + "scope_id": scope.ID, + }) + if err != nil { + return nil, err + } + var ps *schemas.PermissionScope + if _, err := psCursor.ReadDocument(ctx, &ps); err == nil && ps != nil { + matchedPermissions = append(matchedPermissions, perm) + } + psCursor.Close() + } + + if len(matchedPermissions) == 0 { + return nil, nil + } + + // Step 5: For each matched permission, resolve policies and targets + var result []*schemas.PermissionWithPolicies + for _, perm := range matchedPermissions { + pwp := &schemas.PermissionWithPolicies{ + PermissionID: perm.ID, + PermissionName: perm.Name, + DecisionStrategy: perm.DecisionStrategy, + } + + // Get permission_policies for this permission + ppQuery := fmt.Sprintf("FOR d IN %s FILTER d.permission_id == @permission_id RETURN d", schemas.Collections.PermissionPolicy) + ppCursor, err := p.db.Query(ctx, ppQuery, map[string]interface{}{ + "permission_id": perm.ID, + }) + if err != nil { + return nil, err + } + + var permPolicies []*schemas.PermissionPolicy + for { + var pp *schemas.PermissionPolicy + if _, err := ppCursor.ReadDocument(ctx, &pp); arangoDriver.IsNoMoreDocuments(err) { + break + } else if err != nil { + ppCursor.Close() + return nil, err + } + permPolicies = append(permPolicies, pp) + } + ppCursor.Close() + + // For each linked policy, resolve the policy and its targets + for _, pp := range permPolicies { + policy, err := p.GetPolicyByID(ctx, pp.PolicyID) + if err != nil { + continue // Skip policies that can't be found + } + + pwt := schemas.PolicyWithTargets{ + PolicyID: policy.ID, + PolicyName: policy.Name, + Type: policy.Type, + Logic: policy.Logic, + DecisionStrategy: policy.DecisionStrategy, + } + + // Get targets for this policy + targets, err := p.GetPolicyTargets(ctx, policy.ID) + if err != nil { + return nil, err + } + for _, t := range targets { + pwt.Targets = append(pwt.Targets, schemas.PolicyTargetView{ + TargetType: t.TargetType, + TargetValue: t.TargetValue, + }) + } + + pwp.Policies = append(pwp.Policies, pwt) + } + + result = append(result, pwp) + } + + return result, nil +} diff --git a/internal/storage/db/arangodb/policy.go b/internal/storage/db/arangodb/policy.go new file mode 100644 index 00000000..eb976f5b --- /dev/null +++ b/internal/storage/db/arangodb/policy.go @@ -0,0 +1,194 @@ +package arangodb + +import ( + "context" + "fmt" + "time" + + arangoDriver "github.com/arangodb/go-driver" + "github.com/google/uuid" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddPolicy creates a new authorization policy. +func (p *provider) AddPolicy(ctx context.Context, policy *schemas.Policy) (*schemas.Policy, error) { + if policy.ID == "" { + policy.ID = uuid.New().String() + } + policy.Key = policy.ID + policy.CreatedAt = time.Now().Unix() + policy.UpdatedAt = time.Now().Unix() + collection, _ := p.db.Collection(ctx, schemas.Collections.Policy) + meta, err := collection.CreateDocument(ctx, policy) + if err != nil { + return nil, err + } + policy.Key = meta.Key + policy.ID = meta.ID.String() + return policy, nil +} + +// UpdatePolicy updates an existing authorization policy. +func (p *provider) UpdatePolicy(ctx context.Context, policy *schemas.Policy) (*schemas.Policy, error) { + policy.UpdatedAt = time.Now().Unix() + collection, _ := p.db.Collection(ctx, schemas.Collections.Policy) + meta, err := collection.UpdateDocument(ctx, policy.Key, policy) + if err != nil { + return nil, err + } + policy.Key = meta.Key + policy.ID = meta.ID.String() + return policy, nil +} + +// DeletePolicy deletes an authorization policy by ID. +// Returns an error if any permission_policy references this policy. +// Cascade-deletes associated policy targets. +func (p *provider) DeletePolicy(ctx context.Context, id string) error { + // Check for referencing permission_policies + countQuery := fmt.Sprintf("FOR d IN %s FILTER d.policy_id == @policy_id COLLECT WITH COUNT INTO length RETURN length", schemas.Collections.PermissionPolicy) + cursor, err := p.db.Query(ctx, countQuery, map[string]interface{}{ + "policy_id": id, + }) + if err != nil { + return err + } + defer cursor.Close() + var count int64 + if cursor.HasMore() { + if _, err := cursor.ReadDocument(ctx, &count); err != nil { + return err + } + } + if count > 0 { + return fmt.Errorf("cannot delete policy: %d permission_policy(s) reference it", count) + } + + // Cascade-delete policy targets + deleteTargetsQuery := fmt.Sprintf("FOR d IN %s FILTER d.policy_id == @policy_id REMOVE d IN %s", schemas.Collections.PolicyTarget, schemas.Collections.PolicyTarget) + targetCursor, err := p.db.Query(ctx, deleteTargetsQuery, map[string]interface{}{ + "policy_id": id, + }) + if err != nil { + return err + } + defer targetCursor.Close() + + // Find the document key for this policy + policy, err := p.GetPolicyByID(ctx, id) + if err != nil { + return err + } + collection, _ := p.db.Collection(ctx, schemas.Collections.Policy) + _, err = collection.RemoveDocument(ctx, policy.Key) + return err +} + +// GetPolicyByID returns an authorization policy by its ID. +func (p *provider) GetPolicyByID(ctx context.Context, id string) (*schemas.Policy, error) { + var policy *schemas.Policy + query := fmt.Sprintf("FOR d IN %s FILTER d._id == @id RETURN d", schemas.Collections.Policy) + bindVars := map[string]interface{}{ + "id": id, + } + cursor, err := p.db.Query(ctx, query, bindVars) + if err != nil { + return nil, err + } + defer cursor.Close() + for { + if !cursor.HasMore() { + if policy == nil { + return nil, fmt.Errorf("policy not found") + } + break + } + _, err := cursor.ReadDocument(ctx, &policy) + if err != nil { + return nil, err + } + } + return policy, nil +} + +// ListPolicies returns a paginated list of authorization policies. +func (p *provider) ListPolicies(ctx context.Context, pagination *model.Pagination) ([]*schemas.Policy, *model.Pagination, error) { + policies := []*schemas.Policy{} + query := fmt.Sprintf("FOR d IN %s SORT d.created_at DESC LIMIT %d, %d RETURN d", schemas.Collections.Policy, pagination.Offset, pagination.Limit) + sctx := arangoDriver.WithQueryFullCount(ctx) + cursor, err := p.db.Query(sctx, query, nil) + if err != nil { + return nil, nil, err + } + defer cursor.Close() + paginationClone := pagination + paginationClone.Total = cursor.Statistics().FullCount() + for { + var policy *schemas.Policy + meta, err := cursor.ReadDocument(ctx, &policy) + if arangoDriver.IsNoMoreDocuments(err) { + break + } else if err != nil { + return nil, nil, err + } + if meta.Key != "" { + policies = append(policies, policy) + } + } + return policies, paginationClone, nil +} + +// AddPolicyTarget adds a target (role name or user ID) to a policy. +func (p *provider) AddPolicyTarget(ctx context.Context, target *schemas.PolicyTarget) (*schemas.PolicyTarget, error) { + if target.ID == "" { + target.ID = uuid.New().String() + } + target.Key = target.ID + target.CreatedAt = time.Now().Unix() + collection, _ := p.db.Collection(ctx, schemas.Collections.PolicyTarget) + meta, err := collection.CreateDocument(ctx, target) + if err != nil { + return nil, err + } + target.Key = meta.Key + target.ID = meta.ID.String() + return target, nil +} + +// DeletePolicyTargetsByPolicyID removes all targets for a policy. +func (p *provider) DeletePolicyTargetsByPolicyID(ctx context.Context, policyID string) error { + query := fmt.Sprintf("FOR d IN %s FILTER d.policy_id == @policy_id REMOVE d IN %s", schemas.Collections.PolicyTarget, schemas.Collections.PolicyTarget) + cursor, err := p.db.Query(ctx, query, map[string]interface{}{ + "policy_id": policyID, + }) + if err != nil { + return err + } + defer cursor.Close() + return nil +} + +// GetPolicyTargets returns all targets for a policy. +func (p *provider) GetPolicyTargets(ctx context.Context, policyID string) ([]*schemas.PolicyTarget, error) { + targets := []*schemas.PolicyTarget{} + query := fmt.Sprintf("FOR d IN %s FILTER d.policy_id == @policy_id RETURN d", schemas.Collections.PolicyTarget) + cursor, err := p.db.Query(ctx, query, map[string]interface{}{ + "policy_id": policyID, + }) + if err != nil { + return nil, err + } + defer cursor.Close() + for { + var target *schemas.PolicyTarget + if _, err := cursor.ReadDocument(ctx, &target); arangoDriver.IsNoMoreDocuments(err) { + break + } else if err != nil { + return nil, err + } + targets = append(targets, target) + } + return targets, nil +} diff --git a/internal/storage/db/arangodb/resource.go b/internal/storage/db/arangodb/resource.go new file mode 100644 index 00000000..507ae097 --- /dev/null +++ b/internal/storage/db/arangodb/resource.go @@ -0,0 +1,157 @@ +package arangodb + +import ( + "context" + "fmt" + "time" + + arangoDriver "github.com/arangodb/go-driver" + "github.com/google/uuid" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddResource creates a new authorization resource. +func (p *provider) AddResource(ctx context.Context, resource *schemas.Resource) (*schemas.Resource, error) { + if resource.ID == "" { + resource.ID = uuid.New().String() + } + resource.Key = resource.ID + resource.CreatedAt = time.Now().Unix() + resource.UpdatedAt = time.Now().Unix() + collection, _ := p.db.Collection(ctx, schemas.Collections.Resource) + meta, err := collection.CreateDocument(ctx, resource) + if err != nil { + return nil, err + } + resource.Key = meta.Key + resource.ID = meta.ID.String() + return resource, nil +} + +// UpdateResource updates an existing authorization resource. +func (p *provider) UpdateResource(ctx context.Context, resource *schemas.Resource) (*schemas.Resource, error) { + resource.UpdatedAt = time.Now().Unix() + collection, _ := p.db.Collection(ctx, schemas.Collections.Resource) + meta, err := collection.UpdateDocument(ctx, resource.Key, resource) + if err != nil { + return nil, err + } + resource.Key = meta.Key + resource.ID = meta.ID.String() + return resource, nil +} + +// DeleteResource deletes an authorization resource by ID. +// Returns an error if any permission references this resource. +func (p *provider) DeleteResource(ctx context.Context, id string) error { + // Check for referencing permissions + countQuery := fmt.Sprintf("FOR d IN %s FILTER d.resource_id == @resource_id COLLECT WITH COUNT INTO length RETURN length", schemas.Collections.Permission) + cursor, err := p.db.Query(ctx, countQuery, map[string]interface{}{ + "resource_id": id, + }) + if err != nil { + return err + } + defer cursor.Close() + var count int64 + if cursor.HasMore() { + if _, err := cursor.ReadDocument(ctx, &count); err != nil { + return err + } + } + if count > 0 { + return fmt.Errorf("cannot delete resource: %d permission(s) reference it", count) + } + + // Find the document key for this resource + resource, err := p.GetResourceByID(ctx, id) + if err != nil { + return err + } + collection, _ := p.db.Collection(ctx, schemas.Collections.Resource) + _, err = collection.RemoveDocument(ctx, resource.Key) + return err +} + +// GetResourceByID returns an authorization resource by its ID. +func (p *provider) GetResourceByID(ctx context.Context, id string) (*schemas.Resource, error) { + var resource *schemas.Resource + query := fmt.Sprintf("FOR d IN %s FILTER d._id == @id RETURN d", schemas.Collections.Resource) + bindVars := map[string]interface{}{ + "id": id, + } + cursor, err := p.db.Query(ctx, query, bindVars) + if err != nil { + return nil, err + } + defer cursor.Close() + for { + if !cursor.HasMore() { + if resource == nil { + return nil, fmt.Errorf("resource not found") + } + break + } + _, err := cursor.ReadDocument(ctx, &resource) + if err != nil { + return nil, err + } + } + return resource, nil +} + +// GetResourceByName returns an authorization resource by its unique name. +func (p *provider) GetResourceByName(ctx context.Context, name string) (*schemas.Resource, error) { + var resource *schemas.Resource + query := fmt.Sprintf("FOR d IN %s FILTER d.name == @name RETURN d", schemas.Collections.Resource) + bindVars := map[string]interface{}{ + "name": name, + } + cursor, err := p.db.Query(ctx, query, bindVars) + if err != nil { + return nil, err + } + defer cursor.Close() + for { + if !cursor.HasMore() { + if resource == nil { + return nil, fmt.Errorf("resource not found") + } + break + } + _, err := cursor.ReadDocument(ctx, &resource) + if err != nil { + return nil, err + } + } + return resource, nil +} + +// ListResources returns a paginated list of authorization resources. +func (p *provider) ListResources(ctx context.Context, pagination *model.Pagination) ([]*schemas.Resource, *model.Pagination, error) { + resources := []*schemas.Resource{} + query := fmt.Sprintf("FOR d IN %s SORT d.created_at DESC LIMIT %d, %d RETURN d", schemas.Collections.Resource, pagination.Offset, pagination.Limit) + sctx := arangoDriver.WithQueryFullCount(ctx) + cursor, err := p.db.Query(sctx, query, nil) + if err != nil { + return nil, nil, err + } + defer cursor.Close() + paginationClone := pagination + paginationClone.Total = cursor.Statistics().FullCount() + for { + var resource *schemas.Resource + meta, err := cursor.ReadDocument(ctx, &resource) + if arangoDriver.IsNoMoreDocuments(err) { + break + } else if err != nil { + return nil, nil, err + } + if meta.Key != "" { + resources = append(resources, resource) + } + } + return resources, paginationClone, nil +} diff --git a/internal/storage/db/arangodb/scope.go b/internal/storage/db/arangodb/scope.go new file mode 100644 index 00000000..8b8fb918 --- /dev/null +++ b/internal/storage/db/arangodb/scope.go @@ -0,0 +1,157 @@ +package arangodb + +import ( + "context" + "fmt" + "time" + + arangoDriver "github.com/arangodb/go-driver" + "github.com/google/uuid" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddScope creates a new authorization scope. +func (p *provider) AddScope(ctx context.Context, scope *schemas.Scope) (*schemas.Scope, error) { + if scope.ID == "" { + scope.ID = uuid.New().String() + } + scope.Key = scope.ID + scope.CreatedAt = time.Now().Unix() + scope.UpdatedAt = time.Now().Unix() + collection, _ := p.db.Collection(ctx, schemas.Collections.Scope) + meta, err := collection.CreateDocument(ctx, scope) + if err != nil { + return nil, err + } + scope.Key = meta.Key + scope.ID = meta.ID.String() + return scope, nil +} + +// UpdateScope updates an existing authorization scope. +func (p *provider) UpdateScope(ctx context.Context, scope *schemas.Scope) (*schemas.Scope, error) { + scope.UpdatedAt = time.Now().Unix() + collection, _ := p.db.Collection(ctx, schemas.Collections.Scope) + meta, err := collection.UpdateDocument(ctx, scope.Key, scope) + if err != nil { + return nil, err + } + scope.Key = meta.Key + scope.ID = meta.ID.String() + return scope, nil +} + +// DeleteScope deletes an authorization scope by ID. +// Returns an error if any permission_scope references this scope. +func (p *provider) DeleteScope(ctx context.Context, id string) error { + // Check for referencing permission_scopes + countQuery := fmt.Sprintf("FOR d IN %s FILTER d.scope_id == @scope_id COLLECT WITH COUNT INTO length RETURN length", schemas.Collections.PermissionScope) + cursor, err := p.db.Query(ctx, countQuery, map[string]interface{}{ + "scope_id": id, + }) + if err != nil { + return err + } + defer cursor.Close() + var count int64 + if cursor.HasMore() { + if _, err := cursor.ReadDocument(ctx, &count); err != nil { + return err + } + } + if count > 0 { + return fmt.Errorf("cannot delete scope: %d permission_scope(s) reference it", count) + } + + // Find the document key for this scope + scope, err := p.GetScopeByID(ctx, id) + if err != nil { + return err + } + collection, _ := p.db.Collection(ctx, schemas.Collections.Scope) + _, err = collection.RemoveDocument(ctx, scope.Key) + return err +} + +// GetScopeByID returns an authorization scope by its ID. +func (p *provider) GetScopeByID(ctx context.Context, id string) (*schemas.Scope, error) { + var scope *schemas.Scope + query := fmt.Sprintf("FOR d IN %s FILTER d._id == @id RETURN d", schemas.Collections.Scope) + bindVars := map[string]interface{}{ + "id": id, + } + cursor, err := p.db.Query(ctx, query, bindVars) + if err != nil { + return nil, err + } + defer cursor.Close() + for { + if !cursor.HasMore() { + if scope == nil { + return nil, fmt.Errorf("scope not found") + } + break + } + _, err := cursor.ReadDocument(ctx, &scope) + if err != nil { + return nil, err + } + } + return scope, nil +} + +// GetScopeByName returns an authorization scope by its unique name. +func (p *provider) GetScopeByName(ctx context.Context, name string) (*schemas.Scope, error) { + var scope *schemas.Scope + query := fmt.Sprintf("FOR d IN %s FILTER d.name == @name RETURN d", schemas.Collections.Scope) + bindVars := map[string]interface{}{ + "name": name, + } + cursor, err := p.db.Query(ctx, query, bindVars) + if err != nil { + return nil, err + } + defer cursor.Close() + for { + if !cursor.HasMore() { + if scope == nil { + return nil, fmt.Errorf("scope not found") + } + break + } + _, err := cursor.ReadDocument(ctx, &scope) + if err != nil { + return nil, err + } + } + return scope, nil +} + +// ListScopes returns a paginated list of authorization scopes. +func (p *provider) ListScopes(ctx context.Context, pagination *model.Pagination) ([]*schemas.Scope, *model.Pagination, error) { + scopes := []*schemas.Scope{} + query := fmt.Sprintf("FOR d IN %s SORT d.created_at DESC LIMIT %d, %d RETURN d", schemas.Collections.Scope, pagination.Offset, pagination.Limit) + sctx := arangoDriver.WithQueryFullCount(ctx) + cursor, err := p.db.Query(sctx, query, nil) + if err != nil { + return nil, nil, err + } + defer cursor.Close() + paginationClone := pagination + paginationClone.Total = cursor.Statistics().FullCount() + for { + var scope *schemas.Scope + meta, err := cursor.ReadDocument(ctx, &scope) + if arangoDriver.IsNoMoreDocuments(err) { + break + } else if err != nil { + return nil, nil, err + } + if meta.Key != "" { + scopes = append(scopes, scope) + } + } + return scopes, paginationClone, nil +} diff --git a/internal/storage/db/cassandradb/permission.go b/internal/storage/db/cassandradb/permission.go new file mode 100644 index 00000000..6421c917 --- /dev/null +++ b/internal/storage/db/cassandradb/permission.go @@ -0,0 +1,423 @@ +package cassandradb + +import ( + "context" + "encoding/json" + "fmt" + "strings" + "time" + + "github.com/gocql/gocql" + "github.com/google/uuid" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddPermission creates a new authorization permission. +func (p *provider) AddPermission(ctx context.Context, permission *schemas.Permission) (*schemas.Permission, error) { + if permission.ID == "" { + permission.ID = uuid.New().String() + } + permission.Key = permission.ID + permission.CreatedAt = time.Now().Unix() + permission.UpdatedAt = time.Now().Unix() + insertQuery := fmt.Sprintf("INSERT INTO %s (id, name, description, resource_id, decision_strategy, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?)", + KeySpace+"."+schemas.Collections.Permission) + err := p.db.Query(insertQuery, permission.ID, permission.Name, permission.Description, permission.ResourceID, permission.DecisionStrategy, permission.CreatedAt, permission.UpdatedAt).Exec() + if err != nil { + return nil, err + } + return permission, nil +} + +// UpdatePermission updates an existing authorization permission. +func (p *provider) UpdatePermission(ctx context.Context, permission *schemas.Permission) (*schemas.Permission, error) { + permission.UpdatedAt = time.Now().Unix() + bytes, err := json.Marshal(permission) + if err != nil { + return nil, err + } + decoder := json.NewDecoder(strings.NewReader(string(bytes))) + decoder.UseNumber() + permissionMap := map[string]interface{}{} + err = decoder.Decode(&permissionMap) + if err != nil { + return nil, err + } + convertMapValues(permissionMap) + updateFields := "" + var updateValues []interface{} + for key, value := range permissionMap { + if key == "_id" || key == "_key" || key == "id" || key == "key" { + continue + } + if value == nil { + updateFields += fmt.Sprintf("%s = null,", key) + continue + } + updateFields += fmt.Sprintf("%s = ?, ", key) + updateValues = append(updateValues, value) + } + updateFields = strings.Trim(updateFields, " ") + updateFields = strings.TrimSuffix(updateFields, ",") + updateValues = append(updateValues, permission.ID) + query := fmt.Sprintf("UPDATE %s SET %s WHERE id = ?", KeySpace+"."+schemas.Collections.Permission, updateFields) + err = p.db.Query(query, updateValues...).Exec() + if err != nil { + return nil, err + } + return permission, nil +} + +// DeletePermission deletes an authorization permission by ID. +// Cascade-deletes associated permission_scopes and permission_policies. +func (p *provider) DeletePermission(ctx context.Context, id string) error { + // Cascade-delete permission_scopes + getScopesQuery := fmt.Sprintf("SELECT id FROM %s WHERE permission_id = ? ALLOW FILTERING", KeySpace+"."+schemas.Collections.PermissionScope) + scanner := p.db.Query(getScopesQuery, id).Iter().Scanner() + var scopeIDs []string + for scanner.Next() { + var scopeID string + err := scanner.Scan(&scopeID) + if err != nil { + return err + } + scopeIDs = append(scopeIDs, scopeID) + } + if len(scopeIDs) > 0 { + placeholders := strings.Repeat("?,", len(scopeIDs)) + placeholders = strings.TrimSuffix(placeholders, ",") + deleteValues := make([]interface{}, len(scopeIDs)) + for i, sid := range scopeIDs { + deleteValues[i] = sid + } + deleteScopesQuery := fmt.Sprintf("DELETE FROM %s WHERE id IN (%s)", KeySpace+"."+schemas.Collections.PermissionScope, placeholders) + err := p.db.Query(deleteScopesQuery, deleteValues...).Exec() + if err != nil { + return err + } + } + // Cascade-delete permission_policies + getPoliciesQuery := fmt.Sprintf("SELECT id FROM %s WHERE permission_id = ? ALLOW FILTERING", KeySpace+"."+schemas.Collections.PermissionPolicy) + scanner = p.db.Query(getPoliciesQuery, id).Iter().Scanner() + var policyIDs []string + for scanner.Next() { + var policyID string + err := scanner.Scan(&policyID) + if err != nil { + return err + } + policyIDs = append(policyIDs, policyID) + } + if len(policyIDs) > 0 { + placeholders := strings.Repeat("?,", len(policyIDs)) + placeholders = strings.TrimSuffix(placeholders, ",") + deleteValues := make([]interface{}, len(policyIDs)) + for i, pid := range policyIDs { + deleteValues[i] = pid + } + deletePoliciesQuery := fmt.Sprintf("DELETE FROM %s WHERE id IN (%s)", KeySpace+"."+schemas.Collections.PermissionPolicy, placeholders) + err := p.db.Query(deletePoliciesQuery, deleteValues...).Exec() + if err != nil { + return err + } + } + // Delete the permission itself + query := fmt.Sprintf("DELETE FROM %s WHERE id = ?", KeySpace+"."+schemas.Collections.Permission) + err := p.db.Query(query, id).Exec() + if err != nil { + return err + } + return nil +} + +// GetPermissionByID returns an authorization permission by its ID. +func (p *provider) GetPermissionByID(ctx context.Context, id string) (*schemas.Permission, error) { + var permission schemas.Permission + query := fmt.Sprintf("SELECT id, name, description, resource_id, decision_strategy, created_at, updated_at FROM %s WHERE id = ? LIMIT 1", + KeySpace+"."+schemas.Collections.Permission) + err := p.db.Query(query, id).Consistency(gocql.One).Scan( + &permission.ID, &permission.Name, &permission.Description, &permission.ResourceID, &permission.DecisionStrategy, &permission.CreatedAt, &permission.UpdatedAt) + if err != nil { + return nil, err + } + return &permission, nil +} + +// ListPermissions returns a paginated list of authorization permissions. +func (p *provider) ListPermissions(ctx context.Context, pagination *model.Pagination) ([]*schemas.Permission, *model.Pagination, error) { + permissions := []*schemas.Permission{} + paginationClone := pagination + totalCountQuery := fmt.Sprintf("SELECT COUNT(*) FROM %s", KeySpace+"."+schemas.Collections.Permission) + err := p.db.Query(totalCountQuery).Consistency(gocql.One).Scan(&paginationClone.Total) + if err != nil { + return nil, nil, err + } + query := fmt.Sprintf("SELECT id, name, description, resource_id, decision_strategy, created_at, updated_at FROM %s LIMIT %d", + KeySpace+"."+schemas.Collections.Permission, pagination.Limit+pagination.Offset) + scanner := p.db.Query(query).Iter().Scanner() + counter := int64(0) + for scanner.Next() { + if counter >= pagination.Offset { + var permission schemas.Permission + err := scanner.Scan(&permission.ID, &permission.Name, &permission.Description, &permission.ResourceID, &permission.DecisionStrategy, &permission.CreatedAt, &permission.UpdatedAt) + if err != nil { + return nil, nil, err + } + permissions = append(permissions, &permission) + } + counter++ + } + return permissions, paginationClone, nil +} + +// AddPermissionScope links a scope to a permission. +func (p *provider) AddPermissionScope(ctx context.Context, ps *schemas.PermissionScope) (*schemas.PermissionScope, error) { + if ps.ID == "" { + ps.ID = uuid.New().String() + } + ps.Key = ps.ID + ps.CreatedAt = time.Now().Unix() + insertQuery := fmt.Sprintf("INSERT INTO %s (id, permission_id, scope_id, created_at) VALUES (?, ?, ?, ?)", + KeySpace+"."+schemas.Collections.PermissionScope) + err := p.db.Query(insertQuery, ps.ID, ps.PermissionID, ps.ScopeID, ps.CreatedAt).Exec() + if err != nil { + return nil, err + } + return ps, nil +} + +// DeletePermissionScopesByPermissionID removes all scope links for a permission. +func (p *provider) DeletePermissionScopesByPermissionID(ctx context.Context, permissionID string) error { + getQuery := fmt.Sprintf("SELECT id FROM %s WHERE permission_id = ? ALLOW FILTERING", KeySpace+"."+schemas.Collections.PermissionScope) + scanner := p.db.Query(getQuery, permissionID).Iter().Scanner() + var ids []string + for scanner.Next() { + var id string + err := scanner.Scan(&id) + if err != nil { + return err + } + ids = append(ids, id) + } + if len(ids) > 0 { + placeholders := strings.Repeat("?,", len(ids)) + placeholders = strings.TrimSuffix(placeholders, ",") + deleteValues := make([]interface{}, len(ids)) + for i, id := range ids { + deleteValues[i] = id + } + query := fmt.Sprintf("DELETE FROM %s WHERE id IN (%s)", KeySpace+"."+schemas.Collections.PermissionScope, placeholders) + err := p.db.Query(query, deleteValues...).Exec() + if err != nil { + return err + } + } + return nil +} + +// GetPermissionScopes returns all scope links for a permission. +func (p *provider) GetPermissionScopes(ctx context.Context, permissionID string) ([]*schemas.PermissionScope, error) { + scopes := []*schemas.PermissionScope{} + query := fmt.Sprintf("SELECT id, permission_id, scope_id, created_at FROM %s WHERE permission_id = ? ALLOW FILTERING", + KeySpace+"."+schemas.Collections.PermissionScope) + scanner := p.db.Query(query, permissionID).Iter().Scanner() + for scanner.Next() { + var ps schemas.PermissionScope + err := scanner.Scan(&ps.ID, &ps.PermissionID, &ps.ScopeID, &ps.CreatedAt) + if err != nil { + return nil, err + } + scopes = append(scopes, &ps) + } + return scopes, nil +} + +// AddPermissionPolicy links a policy to a permission. +func (p *provider) AddPermissionPolicy(ctx context.Context, pp *schemas.PermissionPolicy) (*schemas.PermissionPolicy, error) { + if pp.ID == "" { + pp.ID = uuid.New().String() + } + pp.Key = pp.ID + pp.CreatedAt = time.Now().Unix() + insertQuery := fmt.Sprintf("INSERT INTO %s (id, permission_id, policy_id, created_at) VALUES (?, ?, ?, ?)", + KeySpace+"."+schemas.Collections.PermissionPolicy) + err := p.db.Query(insertQuery, pp.ID, pp.PermissionID, pp.PolicyID, pp.CreatedAt).Exec() + if err != nil { + return nil, err + } + return pp, nil +} + +// DeletePermissionPoliciesByPermissionID removes all policy links for a permission. +func (p *provider) DeletePermissionPoliciesByPermissionID(ctx context.Context, permissionID string) error { + getQuery := fmt.Sprintf("SELECT id FROM %s WHERE permission_id = ? ALLOW FILTERING", KeySpace+"."+schemas.Collections.PermissionPolicy) + scanner := p.db.Query(getQuery, permissionID).Iter().Scanner() + var ids []string + for scanner.Next() { + var id string + err := scanner.Scan(&id) + if err != nil { + return err + } + ids = append(ids, id) + } + if len(ids) > 0 { + placeholders := strings.Repeat("?,", len(ids)) + placeholders = strings.TrimSuffix(placeholders, ",") + deleteValues := make([]interface{}, len(ids)) + for i, id := range ids { + deleteValues[i] = id + } + query := fmt.Sprintf("DELETE FROM %s WHERE id IN (%s)", KeySpace+"."+schemas.Collections.PermissionPolicy, placeholders) + err := p.db.Query(query, deleteValues...).Exec() + if err != nil { + return err + } + } + return nil +} + +// GetPermissionPolicies returns all policy links for a permission. +func (p *provider) GetPermissionPolicies(ctx context.Context, permissionID string) ([]*schemas.PermissionPolicy, error) { + policies := []*schemas.PermissionPolicy{} + query := fmt.Sprintf("SELECT id, permission_id, policy_id, created_at FROM %s WHERE permission_id = ? ALLOW FILTERING", + KeySpace+"."+schemas.Collections.PermissionPolicy) + scanner := p.db.Query(query, permissionID).Iter().Scanner() + for scanner.Next() { + var pp schemas.PermissionPolicy + err := scanner.Scan(&pp.ID, &pp.PermissionID, &pp.PolicyID, &pp.CreatedAt) + if err != nil { + return nil, err + } + policies = append(policies, &pp) + } + return policies, nil +} + +// GetPermissionsForResourceScope returns all permissions (with their policies and targets) +// that match a given resource name and scope name. This is the hot-path query used by +// the evaluation engine. Uses sequential queries since Cassandra does not support JOINs. +func (p *provider) GetPermissionsForResourceScope(ctx context.Context, resourceName string, scopeName string) ([]*schemas.PermissionWithPolicies, error) { + // 1. Find resource by name + var resourceID string + resourceQuery := fmt.Sprintf("SELECT id FROM %s WHERE name = ? LIMIT 1 ALLOW FILTERING", + KeySpace+"."+schemas.Collections.Resource) + err := p.db.Query(resourceQuery, resourceName).Consistency(gocql.One).Scan(&resourceID) + if err != nil { + return nil, err + } + + // 2. Find scope by name + var scopeID string + scopeQuery := fmt.Sprintf("SELECT id FROM %s WHERE name = ? LIMIT 1 ALLOW FILTERING", + KeySpace+"."+schemas.Collections.Scope) + err = p.db.Query(scopeQuery, scopeName).Consistency(gocql.One).Scan(&scopeID) + if err != nil { + return nil, err + } + + // 3. Find permissions for this resource + permQuery := fmt.Sprintf("SELECT id, name, decision_strategy FROM %s WHERE resource_id = ? ALLOW FILTERING", + KeySpace+"."+schemas.Collections.Permission) + permScanner := p.db.Query(permQuery, resourceID).Iter().Scanner() + + type permInfo struct { + ID string + Name string + DecisionStrategy string + } + var permissions []permInfo + for permScanner.Next() { + var pi permInfo + err := permScanner.Scan(&pi.ID, &pi.Name, &pi.DecisionStrategy) + if err != nil { + return nil, err + } + permissions = append(permissions, pi) + } + + if len(permissions) == 0 { + return nil, nil + } + + // 4. For each permission, check if it has the requested scope + var result []*schemas.PermissionWithPolicies + + for _, perm := range permissions { + var scopeCount int64 + scopeCountQuery := fmt.Sprintf("SELECT COUNT(*) FROM %s WHERE permission_id = ? AND scope_id = ? ALLOW FILTERING", + KeySpace+"."+schemas.Collections.PermissionScope) + err := p.db.Query(scopeCountQuery, perm.ID, scopeID).Consistency(gocql.One).Scan(&scopeCount) + if err != nil { + return nil, err + } + if scopeCount == 0 { + continue + } + + // 5. Find permission_policies for this permission + ppQuery := fmt.Sprintf("SELECT policy_id FROM %s WHERE permission_id = ? ALLOW FILTERING", + KeySpace+"."+schemas.Collections.PermissionPolicy) + ppScanner := p.db.Query(ppQuery, perm.ID).Iter().Scanner() + var policyIDs []string + for ppScanner.Next() { + var policyID string + err := ppScanner.Scan(&policyID) + if err != nil { + return nil, err + } + policyIDs = append(policyIDs, policyID) + } + + if len(policyIDs) == 0 { + continue + } + + // 6. For each policy, resolve the policy and its targets + var policiesWithTargets []schemas.PolicyWithTargets + for _, policyID := range policyIDs { + var policy schemas.Policy + policyQuery := fmt.Sprintf("SELECT id, name, type, logic, decision_strategy FROM %s WHERE id = ? LIMIT 1", + KeySpace+"."+schemas.Collections.Policy) + err := p.db.Query(policyQuery, policyID).Consistency(gocql.One).Scan( + &policy.ID, &policy.Name, &policy.Type, &policy.Logic, &policy.DecisionStrategy) + if err != nil { + return nil, err + } + + // Get targets for this policy + targetQuery := fmt.Sprintf("SELECT target_type, target_value FROM %s WHERE policy_id = ? ALLOW FILTERING", + KeySpace+"."+schemas.Collections.PolicyTarget) + targetScanner := p.db.Query(targetQuery, policyID).Iter().Scanner() + var targets []schemas.PolicyTargetView + for targetScanner.Next() { + var tv schemas.PolicyTargetView + err := targetScanner.Scan(&tv.TargetType, &tv.TargetValue) + if err != nil { + return nil, err + } + targets = append(targets, tv) + } + + policiesWithTargets = append(policiesWithTargets, schemas.PolicyWithTargets{ + PolicyID: policy.ID, + PolicyName: policy.Name, + Type: policy.Type, + Logic: policy.Logic, + DecisionStrategy: policy.DecisionStrategy, + Targets: targets, + }) + } + + result = append(result, &schemas.PermissionWithPolicies{ + PermissionID: perm.ID, + PermissionName: perm.Name, + DecisionStrategy: perm.DecisionStrategy, + Policies: policiesWithTargets, + }) + } + + return result, nil +} diff --git a/internal/storage/db/cassandradb/policy.go b/internal/storage/db/cassandradb/policy.go new file mode 100644 index 00000000..20754505 --- /dev/null +++ b/internal/storage/db/cassandradb/policy.go @@ -0,0 +1,221 @@ +package cassandradb + +import ( + "context" + "encoding/json" + "fmt" + "strings" + "time" + + "github.com/gocql/gocql" + "github.com/google/uuid" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddPolicy creates a new authorization policy. +func (p *provider) AddPolicy(ctx context.Context, policy *schemas.Policy) (*schemas.Policy, error) { + if policy.ID == "" { + policy.ID = uuid.New().String() + } + policy.Key = policy.ID + policy.CreatedAt = time.Now().Unix() + policy.UpdatedAt = time.Now().Unix() + insertQuery := fmt.Sprintf("INSERT INTO %s (id, name, description, type, logic, decision_strategy, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?)", + KeySpace+"."+schemas.Collections.Policy) + err := p.db.Query(insertQuery, policy.ID, policy.Name, policy.Description, policy.Type, policy.Logic, policy.DecisionStrategy, policy.CreatedAt, policy.UpdatedAt).Exec() + if err != nil { + return nil, err + } + return policy, nil +} + +// UpdatePolicy updates an existing authorization policy. +func (p *provider) UpdatePolicy(ctx context.Context, policy *schemas.Policy) (*schemas.Policy, error) { + policy.UpdatedAt = time.Now().Unix() + bytes, err := json.Marshal(policy) + if err != nil { + return nil, err + } + decoder := json.NewDecoder(strings.NewReader(string(bytes))) + decoder.UseNumber() + policyMap := map[string]interface{}{} + err = decoder.Decode(&policyMap) + if err != nil { + return nil, err + } + convertMapValues(policyMap) + updateFields := "" + var updateValues []interface{} + for key, value := range policyMap { + if key == "_id" || key == "_key" || key == "id" || key == "key" { + continue + } + if value == nil { + updateFields += fmt.Sprintf("%s = null,", key) + continue + } + updateFields += fmt.Sprintf("%s = ?, ", key) + updateValues = append(updateValues, value) + } + updateFields = strings.Trim(updateFields, " ") + updateFields = strings.TrimSuffix(updateFields, ",") + updateValues = append(updateValues, policy.ID) + query := fmt.Sprintf("UPDATE %s SET %s WHERE id = ?", KeySpace+"."+schemas.Collections.Policy, updateFields) + err = p.db.Query(query, updateValues...).Exec() + if err != nil { + return nil, err + } + return policy, nil +} + +// DeletePolicy deletes an authorization policy by ID. +// Returns an error if any permission_policy references this policy. +// Cascade-deletes associated policy targets. +func (p *provider) DeletePolicy(ctx context.Context, id string) error { + // Check for referencing permission_policies + var count int64 + countQuery := fmt.Sprintf("SELECT COUNT(*) FROM %s WHERE policy_id = ? ALLOW FILTERING", KeySpace+"."+schemas.Collections.PermissionPolicy) + err := p.db.Query(countQuery, id).Consistency(gocql.One).Scan(&count) + if err != nil { + return err + } + if count > 0 { + return fmt.Errorf("cannot delete policy: %d permission_policy(s) reference it", count) + } + // Cascade-delete policy targets + getTargetsQuery := fmt.Sprintf("SELECT id FROM %s WHERE policy_id = ? ALLOW FILTERING", KeySpace+"."+schemas.Collections.PolicyTarget) + scanner := p.db.Query(getTargetsQuery, id).Iter().Scanner() + var targetIDs []string + for scanner.Next() { + var targetID string + err = scanner.Scan(&targetID) + if err != nil { + return err + } + targetIDs = append(targetIDs, targetID) + } + if len(targetIDs) > 0 { + placeholders := strings.Repeat("?,", len(targetIDs)) + placeholders = strings.TrimSuffix(placeholders, ",") + deleteValues := make([]interface{}, len(targetIDs)) + for i, tid := range targetIDs { + deleteValues[i] = tid + } + deleteTargetsQuery := fmt.Sprintf("DELETE FROM %s WHERE id IN (%s)", KeySpace+"."+schemas.Collections.PolicyTarget, placeholders) + err = p.db.Query(deleteTargetsQuery, deleteValues...).Exec() + if err != nil { + return err + } + } + // Delete the policy itself + query := fmt.Sprintf("DELETE FROM %s WHERE id = ?", KeySpace+"."+schemas.Collections.Policy) + err = p.db.Query(query, id).Exec() + if err != nil { + return err + } + return nil +} + +// GetPolicyByID returns an authorization policy by its ID. +func (p *provider) GetPolicyByID(ctx context.Context, id string) (*schemas.Policy, error) { + var policy schemas.Policy + query := fmt.Sprintf("SELECT id, name, description, type, logic, decision_strategy, created_at, updated_at FROM %s WHERE id = ? LIMIT 1", + KeySpace+"."+schemas.Collections.Policy) + err := p.db.Query(query, id).Consistency(gocql.One).Scan( + &policy.ID, &policy.Name, &policy.Description, &policy.Type, &policy.Logic, &policy.DecisionStrategy, &policy.CreatedAt, &policy.UpdatedAt) + if err != nil { + return nil, err + } + return &policy, nil +} + +// ListPolicies returns a paginated list of authorization policies. +func (p *provider) ListPolicies(ctx context.Context, pagination *model.Pagination) ([]*schemas.Policy, *model.Pagination, error) { + policies := []*schemas.Policy{} + paginationClone := pagination + totalCountQuery := fmt.Sprintf("SELECT COUNT(*) FROM %s", KeySpace+"."+schemas.Collections.Policy) + err := p.db.Query(totalCountQuery).Consistency(gocql.One).Scan(&paginationClone.Total) + if err != nil { + return nil, nil, err + } + query := fmt.Sprintf("SELECT id, name, description, type, logic, decision_strategy, created_at, updated_at FROM %s LIMIT %d", + KeySpace+"."+schemas.Collections.Policy, pagination.Limit+pagination.Offset) + scanner := p.db.Query(query).Iter().Scanner() + counter := int64(0) + for scanner.Next() { + if counter >= pagination.Offset { + var policy schemas.Policy + err := scanner.Scan(&policy.ID, &policy.Name, &policy.Description, &policy.Type, &policy.Logic, &policy.DecisionStrategy, &policy.CreatedAt, &policy.UpdatedAt) + if err != nil { + return nil, nil, err + } + policies = append(policies, &policy) + } + counter++ + } + return policies, paginationClone, nil +} + +// AddPolicyTarget adds a target (role name or user ID) to a policy. +func (p *provider) AddPolicyTarget(ctx context.Context, target *schemas.PolicyTarget) (*schemas.PolicyTarget, error) { + if target.ID == "" { + target.ID = uuid.New().String() + } + target.Key = target.ID + target.CreatedAt = time.Now().Unix() + insertQuery := fmt.Sprintf("INSERT INTO %s (id, policy_id, target_type, target_value, created_at) VALUES (?, ?, ?, ?, ?)", + KeySpace+"."+schemas.Collections.PolicyTarget) + err := p.db.Query(insertQuery, target.ID, target.PolicyID, target.TargetType, target.TargetValue, target.CreatedAt).Exec() + if err != nil { + return nil, err + } + return target, nil +} + +// DeletePolicyTargetsByPolicyID removes all targets for a policy. +func (p *provider) DeletePolicyTargetsByPolicyID(ctx context.Context, policyID string) error { + getTargetsQuery := fmt.Sprintf("SELECT id FROM %s WHERE policy_id = ? ALLOW FILTERING", KeySpace+"."+schemas.Collections.PolicyTarget) + scanner := p.db.Query(getTargetsQuery, policyID).Iter().Scanner() + var targetIDs []string + for scanner.Next() { + var targetID string + err := scanner.Scan(&targetID) + if err != nil { + return err + } + targetIDs = append(targetIDs, targetID) + } + if len(targetIDs) > 0 { + placeholders := strings.Repeat("?,", len(targetIDs)) + placeholders = strings.TrimSuffix(placeholders, ",") + deleteValues := make([]interface{}, len(targetIDs)) + for i, tid := range targetIDs { + deleteValues[i] = tid + } + query := fmt.Sprintf("DELETE FROM %s WHERE id IN (%s)", KeySpace+"."+schemas.Collections.PolicyTarget, placeholders) + err := p.db.Query(query, deleteValues...).Exec() + if err != nil { + return err + } + } + return nil +} + +// GetPolicyTargets returns all targets for a policy. +func (p *provider) GetPolicyTargets(ctx context.Context, policyID string) ([]*schemas.PolicyTarget, error) { + targets := []*schemas.PolicyTarget{} + query := fmt.Sprintf("SELECT id, policy_id, target_type, target_value, created_at FROM %s WHERE policy_id = ? ALLOW FILTERING", + KeySpace+"."+schemas.Collections.PolicyTarget) + scanner := p.db.Query(query, policyID).Iter().Scanner() + for scanner.Next() { + var target schemas.PolicyTarget + err := scanner.Scan(&target.ID, &target.PolicyID, &target.TargetType, &target.TargetValue, &target.CreatedAt) + if err != nil { + return nil, err + } + targets = append(targets, &target) + } + return targets, nil +} diff --git a/internal/storage/db/cassandradb/provider.go b/internal/storage/db/cassandradb/provider.go index ff7aa371..9e621b32 100644 --- a/internal/storage/db/cassandradb/provider.go +++ b/internal/storage/db/cassandradb/provider.go @@ -366,6 +366,110 @@ func NewProvider(cfg *config.Config, deps *Dependencies) (*provider, error) { return nil, err } + // Resource table + resourceCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, name text, description text, created_at bigint, updated_at bigint, PRIMARY KEY (id))", KeySpace, schemas.Collections.Resource) + err = session.Query(resourceCollectionQuery).Exec() + if err != nil { + return nil, err + } + resourceNameIndex := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_resource_name ON %s.%s (name)", KeySpace, schemas.Collections.Resource) + err = session.Query(resourceNameIndex).Exec() + if err != nil { + return nil, err + } + + // Scope table + scopeCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, name text, description text, created_at bigint, updated_at bigint, PRIMARY KEY (id))", KeySpace, schemas.Collections.Scope) + err = session.Query(scopeCollectionQuery).Exec() + if err != nil { + return nil, err + } + scopeNameIndex := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_scope_name ON %s.%s (name)", KeySpace, schemas.Collections.Scope) + err = session.Query(scopeNameIndex).Exec() + if err != nil { + return nil, err + } + + // Policy table + policyCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, name text, description text, type text, logic text, decision_strategy text, created_at bigint, updated_at bigint, PRIMARY KEY (id))", KeySpace, schemas.Collections.Policy) + err = session.Query(policyCollectionQuery).Exec() + if err != nil { + return nil, err + } + policyNameIndex := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_policy_name ON %s.%s (name)", KeySpace, schemas.Collections.Policy) + err = session.Query(policyNameIndex).Exec() + if err != nil { + return nil, err + } + policyTypeIndex := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_policy_type ON %s.%s (type)", KeySpace, schemas.Collections.Policy) + err = session.Query(policyTypeIndex).Exec() + if err != nil { + return nil, err + } + + // PolicyTarget table + policyTargetCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, policy_id text, target_type text, target_value text, created_at bigint, PRIMARY KEY (id))", KeySpace, schemas.Collections.PolicyTarget) + err = session.Query(policyTargetCollectionQuery).Exec() + if err != nil { + return nil, err + } + policyTargetPolicyIDIndex := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_policy_target_policy_id ON %s.%s (policy_id)", KeySpace, schemas.Collections.PolicyTarget) + err = session.Query(policyTargetPolicyIDIndex).Exec() + if err != nil { + return nil, err + } + + // Permission table + permissionCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, name text, description text, resource_id text, decision_strategy text, created_at bigint, updated_at bigint, PRIMARY KEY (id))", KeySpace, schemas.Collections.Permission) + err = session.Query(permissionCollectionQuery).Exec() + if err != nil { + return nil, err + } + permissionNameIndex := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_permission_name ON %s.%s (name)", KeySpace, schemas.Collections.Permission) + err = session.Query(permissionNameIndex).Exec() + if err != nil { + return nil, err + } + permissionResourceIDIndex := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_permission_resource_id ON %s.%s (resource_id)", KeySpace, schemas.Collections.Permission) + err = session.Query(permissionResourceIDIndex).Exec() + if err != nil { + return nil, err + } + + // PermissionScope join table + permissionScopeCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, permission_id text, scope_id text, created_at bigint, PRIMARY KEY (id))", KeySpace, schemas.Collections.PermissionScope) + err = session.Query(permissionScopeCollectionQuery).Exec() + if err != nil { + return nil, err + } + permissionScopePermIDIndex := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_permission_scope_permission_id ON %s.%s (permission_id)", KeySpace, schemas.Collections.PermissionScope) + err = session.Query(permissionScopePermIDIndex).Exec() + if err != nil { + return nil, err + } + permissionScopeScopeIDIndex := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_permission_scope_scope_id ON %s.%s (scope_id)", KeySpace, schemas.Collections.PermissionScope) + err = session.Query(permissionScopeScopeIDIndex).Exec() + if err != nil { + return nil, err + } + + // PermissionPolicy join table + permissionPolicyCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, permission_id text, policy_id text, created_at bigint, PRIMARY KEY (id))", KeySpace, schemas.Collections.PermissionPolicy) + err = session.Query(permissionPolicyCollectionQuery).Exec() + if err != nil { + return nil, err + } + permissionPolicyPermIDIndex := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_permission_policy_permission_id ON %s.%s (permission_id)", KeySpace, schemas.Collections.PermissionPolicy) + err = session.Query(permissionPolicyPermIDIndex).Exec() + if err != nil { + return nil, err + } + permissionPolicyPolicyIDIndex := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_permission_policy_policy_id ON %s.%s (policy_id)", KeySpace, schemas.Collections.PermissionPolicy) + err = session.Query(permissionPolicyPolicyIDIndex).Exec() + if err != nil { + return nil, err + } + return &provider{ config: cfg, dependencies: deps, diff --git a/internal/storage/db/cassandradb/resource.go b/internal/storage/db/cassandradb/resource.go new file mode 100644 index 00000000..485436e6 --- /dev/null +++ b/internal/storage/db/cassandradb/resource.go @@ -0,0 +1,144 @@ +package cassandradb + +import ( + "context" + "encoding/json" + "fmt" + "strings" + "time" + + "github.com/gocql/gocql" + "github.com/google/uuid" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddResource creates a new authorization resource. +func (p *provider) AddResource(ctx context.Context, resource *schemas.Resource) (*schemas.Resource, error) { + if resource.ID == "" { + resource.ID = uuid.New().String() + } + resource.Key = resource.ID + resource.CreatedAt = time.Now().Unix() + resource.UpdatedAt = time.Now().Unix() + insertQuery := fmt.Sprintf("INSERT INTO %s (id, name, description, created_at, updated_at) VALUES (?, ?, ?, ?, ?)", + KeySpace+"."+schemas.Collections.Resource) + err := p.db.Query(insertQuery, resource.ID, resource.Name, resource.Description, resource.CreatedAt, resource.UpdatedAt).Exec() + if err != nil { + return nil, err + } + return resource, nil +} + +// UpdateResource updates an existing authorization resource. +func (p *provider) UpdateResource(ctx context.Context, resource *schemas.Resource) (*schemas.Resource, error) { + resource.UpdatedAt = time.Now().Unix() + bytes, err := json.Marshal(resource) + if err != nil { + return nil, err + } + decoder := json.NewDecoder(strings.NewReader(string(bytes))) + decoder.UseNumber() + resourceMap := map[string]interface{}{} + err = decoder.Decode(&resourceMap) + if err != nil { + return nil, err + } + convertMapValues(resourceMap) + updateFields := "" + var updateValues []interface{} + for key, value := range resourceMap { + if key == "_id" || key == "_key" || key == "id" || key == "key" { + continue + } + if value == nil { + updateFields += fmt.Sprintf("%s = null,", key) + continue + } + updateFields += fmt.Sprintf("%s = ?, ", key) + updateValues = append(updateValues, value) + } + updateFields = strings.Trim(updateFields, " ") + updateFields = strings.TrimSuffix(updateFields, ",") + updateValues = append(updateValues, resource.ID) + query := fmt.Sprintf("UPDATE %s SET %s WHERE id = ?", KeySpace+"."+schemas.Collections.Resource, updateFields) + err = p.db.Query(query, updateValues...).Exec() + if err != nil { + return nil, err + } + return resource, nil +} + +// DeleteResource deletes an authorization resource by ID. +// Returns an error if any permission references this resource. +func (p *provider) DeleteResource(ctx context.Context, id string) error { + var count int64 + countQuery := fmt.Sprintf("SELECT COUNT(*) FROM %s WHERE resource_id = ? ALLOW FILTERING", KeySpace+"."+schemas.Collections.Permission) + err := p.db.Query(countQuery, id).Consistency(gocql.One).Scan(&count) + if err != nil { + return err + } + if count > 0 { + return fmt.Errorf("cannot delete resource: %d permission(s) reference it", count) + } + query := fmt.Sprintf("DELETE FROM %s WHERE id = ?", KeySpace+"."+schemas.Collections.Resource) + err = p.db.Query(query, id).Exec() + if err != nil { + return err + } + return nil +} + +// GetResourceByID returns an authorization resource by its ID. +func (p *provider) GetResourceByID(ctx context.Context, id string) (*schemas.Resource, error) { + var resource schemas.Resource + query := fmt.Sprintf("SELECT id, name, description, created_at, updated_at FROM %s WHERE id = ? LIMIT 1", + KeySpace+"."+schemas.Collections.Resource) + err := p.db.Query(query, id).Consistency(gocql.One).Scan( + &resource.ID, &resource.Name, &resource.Description, &resource.CreatedAt, &resource.UpdatedAt) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetResourceByName returns an authorization resource by its unique name. +func (p *provider) GetResourceByName(ctx context.Context, name string) (*schemas.Resource, error) { + var resource schemas.Resource + query := fmt.Sprintf("SELECT id, name, description, created_at, updated_at FROM %s WHERE name = ? LIMIT 1 ALLOW FILTERING", + KeySpace+"."+schemas.Collections.Resource) + err := p.db.Query(query, name).Consistency(gocql.One).Scan( + &resource.ID, &resource.Name, &resource.Description, &resource.CreatedAt, &resource.UpdatedAt) + if err != nil { + return nil, err + } + return &resource, nil +} + +// ListResources returns a paginated list of authorization resources. +func (p *provider) ListResources(ctx context.Context, pagination *model.Pagination) ([]*schemas.Resource, *model.Pagination, error) { + resources := []*schemas.Resource{} + paginationClone := pagination + totalCountQuery := fmt.Sprintf("SELECT COUNT(*) FROM %s", KeySpace+"."+schemas.Collections.Resource) + err := p.db.Query(totalCountQuery).Consistency(gocql.One).Scan(&paginationClone.Total) + if err != nil { + return nil, nil, err + } + query := fmt.Sprintf("SELECT id, name, description, created_at, updated_at FROM %s LIMIT %d", + KeySpace+"."+schemas.Collections.Resource, pagination.Limit+pagination.Offset) + scanner := p.db.Query(query).Iter().Scanner() + counter := int64(0) + for scanner.Next() { + if counter >= pagination.Offset { + var resource schemas.Resource + err := scanner.Scan(&resource.ID, &resource.Name, &resource.Description, &resource.CreatedAt, &resource.UpdatedAt) + if err != nil { + return nil, nil, err + } + resources = append(resources, &resource) + } + counter++ + } + return resources, paginationClone, nil +} diff --git a/internal/storage/db/cassandradb/scope.go b/internal/storage/db/cassandradb/scope.go new file mode 100644 index 00000000..de6b0cc2 --- /dev/null +++ b/internal/storage/db/cassandradb/scope.go @@ -0,0 +1,144 @@ +package cassandradb + +import ( + "context" + "encoding/json" + "fmt" + "strings" + "time" + + "github.com/gocql/gocql" + "github.com/google/uuid" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddScope creates a new authorization scope. +func (p *provider) AddScope(ctx context.Context, scope *schemas.Scope) (*schemas.Scope, error) { + if scope.ID == "" { + scope.ID = uuid.New().String() + } + scope.Key = scope.ID + scope.CreatedAt = time.Now().Unix() + scope.UpdatedAt = time.Now().Unix() + insertQuery := fmt.Sprintf("INSERT INTO %s (id, name, description, created_at, updated_at) VALUES (?, ?, ?, ?, ?)", + KeySpace+"."+schemas.Collections.Scope) + err := p.db.Query(insertQuery, scope.ID, scope.Name, scope.Description, scope.CreatedAt, scope.UpdatedAt).Exec() + if err != nil { + return nil, err + } + return scope, nil +} + +// UpdateScope updates an existing authorization scope. +func (p *provider) UpdateScope(ctx context.Context, scope *schemas.Scope) (*schemas.Scope, error) { + scope.UpdatedAt = time.Now().Unix() + bytes, err := json.Marshal(scope) + if err != nil { + return nil, err + } + decoder := json.NewDecoder(strings.NewReader(string(bytes))) + decoder.UseNumber() + scopeMap := map[string]interface{}{} + err = decoder.Decode(&scopeMap) + if err != nil { + return nil, err + } + convertMapValues(scopeMap) + updateFields := "" + var updateValues []interface{} + for key, value := range scopeMap { + if key == "_id" || key == "_key" || key == "id" || key == "key" { + continue + } + if value == nil { + updateFields += fmt.Sprintf("%s = null,", key) + continue + } + updateFields += fmt.Sprintf("%s = ?, ", key) + updateValues = append(updateValues, value) + } + updateFields = strings.Trim(updateFields, " ") + updateFields = strings.TrimSuffix(updateFields, ",") + updateValues = append(updateValues, scope.ID) + query := fmt.Sprintf("UPDATE %s SET %s WHERE id = ?", KeySpace+"."+schemas.Collections.Scope, updateFields) + err = p.db.Query(query, updateValues...).Exec() + if err != nil { + return nil, err + } + return scope, nil +} + +// DeleteScope deletes an authorization scope by ID. +// Returns an error if any permission_scope references this scope. +func (p *provider) DeleteScope(ctx context.Context, id string) error { + var count int64 + countQuery := fmt.Sprintf("SELECT COUNT(*) FROM %s WHERE scope_id = ? ALLOW FILTERING", KeySpace+"."+schemas.Collections.PermissionScope) + err := p.db.Query(countQuery, id).Consistency(gocql.One).Scan(&count) + if err != nil { + return err + } + if count > 0 { + return fmt.Errorf("cannot delete scope: %d permission_scope(s) reference it", count) + } + query := fmt.Sprintf("DELETE FROM %s WHERE id = ?", KeySpace+"."+schemas.Collections.Scope) + err = p.db.Query(query, id).Exec() + if err != nil { + return err + } + return nil +} + +// GetScopeByID returns an authorization scope by its ID. +func (p *provider) GetScopeByID(ctx context.Context, id string) (*schemas.Scope, error) { + var scope schemas.Scope + query := fmt.Sprintf("SELECT id, name, description, created_at, updated_at FROM %s WHERE id = ? LIMIT 1", + KeySpace+"."+schemas.Collections.Scope) + err := p.db.Query(query, id).Consistency(gocql.One).Scan( + &scope.ID, &scope.Name, &scope.Description, &scope.CreatedAt, &scope.UpdatedAt) + if err != nil { + return nil, err + } + return &scope, nil +} + +// GetScopeByName returns an authorization scope by its unique name. +func (p *provider) GetScopeByName(ctx context.Context, name string) (*schemas.Scope, error) { + var scope schemas.Scope + query := fmt.Sprintf("SELECT id, name, description, created_at, updated_at FROM %s WHERE name = ? LIMIT 1 ALLOW FILTERING", + KeySpace+"."+schemas.Collections.Scope) + err := p.db.Query(query, name).Consistency(gocql.One).Scan( + &scope.ID, &scope.Name, &scope.Description, &scope.CreatedAt, &scope.UpdatedAt) + if err != nil { + return nil, err + } + return &scope, nil +} + +// ListScopes returns a paginated list of authorization scopes. +func (p *provider) ListScopes(ctx context.Context, pagination *model.Pagination) ([]*schemas.Scope, *model.Pagination, error) { + scopes := []*schemas.Scope{} + paginationClone := pagination + totalCountQuery := fmt.Sprintf("SELECT COUNT(*) FROM %s", KeySpace+"."+schemas.Collections.Scope) + err := p.db.Query(totalCountQuery).Consistency(gocql.One).Scan(&paginationClone.Total) + if err != nil { + return nil, nil, err + } + query := fmt.Sprintf("SELECT id, name, description, created_at, updated_at FROM %s LIMIT %d", + KeySpace+"."+schemas.Collections.Scope, pagination.Limit+pagination.Offset) + scanner := p.db.Query(query).Iter().Scanner() + counter := int64(0) + for scanner.Next() { + if counter >= pagination.Offset { + var scope schemas.Scope + err := scanner.Scan(&scope.ID, &scope.Name, &scope.Description, &scope.CreatedAt, &scope.UpdatedAt) + if err != nil { + return nil, nil, err + } + scopes = append(scopes, &scope) + } + counter++ + } + return scopes, paginationClone, nil +} diff --git a/internal/storage/db/couchbase/permission.go b/internal/storage/db/couchbase/permission.go new file mode 100644 index 00000000..ba0fb901 --- /dev/null +++ b/internal/storage/db/couchbase/permission.go @@ -0,0 +1,429 @@ +package couchbase + +import ( + "context" + "encoding/json" + "fmt" + "log" + "strings" + "time" + + "github.com/couchbase/gocb/v2" + "github.com/google/uuid" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddPermission creates a new authorization permission. +func (p *provider) AddPermission(ctx context.Context, permission *schemas.Permission) (*schemas.Permission, error) { + if permission.ID == "" { + permission.ID = uuid.New().String() + } + permission.Key = permission.ID + permission.CreatedAt = time.Now().Unix() + permission.UpdatedAt = time.Now().Unix() + insertOpt := gocb.InsertOptions{ + Context: ctx, + } + _, err := p.db.Collection(schemas.Collections.Permission).Insert(permission.ID, permission, &insertOpt) + if err != nil { + return nil, err + } + return permission, nil +} + +// UpdatePermission updates an existing authorization permission. +func (p *provider) UpdatePermission(ctx context.Context, permission *schemas.Permission) (*schemas.Permission, error) { + permission.UpdatedAt = time.Now().Unix() + bytes, err := json.Marshal(permission) + if err != nil { + return nil, err + } + decoder := json.NewDecoder(strings.NewReader(string(bytes))) + decoder.UseNumber() + permissionMap := map[string]interface{}{} + err = decoder.Decode(&permissionMap) + if err != nil { + return nil, err + } + updateFields, params := GetSetFields(permissionMap) + params["_id"] = permission.ID + query := fmt.Sprintf(`UPDATE %s.%s SET %s WHERE _id=$_id`, p.scopeName, schemas.Collections.Permission, updateFields) + _, err = p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, err + } + return permission, nil +} + +// DeletePermission deletes an authorization permission by ID. +// Cascade-deletes associated permission_scopes and permission_policies. +func (p *provider) DeletePermission(ctx context.Context, id string) error { + params := make(map[string]interface{}, 1) + params["permission_id"] = id + // Cascade-delete permission_scopes + scopeQuery := fmt.Sprintf(`DELETE FROM %s.%s WHERE permission_id=$permission_id`, p.scopeName, schemas.Collections.PermissionScope) + _, err := p.db.Query(scopeQuery, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return err + } + // Cascade-delete permission_policies + policyQuery := fmt.Sprintf(`DELETE FROM %s.%s WHERE permission_id=$permission_id`, p.scopeName, schemas.Collections.PermissionPolicy) + _, err = p.db.Query(policyQuery, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return err + } + removeOpt := gocb.RemoveOptions{ + Context: ctx, + } + _, err = p.db.Collection(schemas.Collections.Permission).Remove(id, &removeOpt) + if err != nil { + return err + } + return nil +} + +// GetPermissionByID returns an authorization permission by its ID. +func (p *provider) GetPermissionByID(ctx context.Context, id string) (*schemas.Permission, error) { + var permission *schemas.Permission + params := make(map[string]interface{}, 1) + params["_id"] = id + query := fmt.Sprintf(`SELECT _id, name, description, resource_id, decision_strategy, created_at, updated_at FROM %s.%s WHERE _id=$_id LIMIT 1`, p.scopeName, schemas.Collections.Permission) + q, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, err + } + err = q.One(&permission) + if err != nil { + return nil, err + } + return permission, nil +} + +// ListPermissions returns a paginated list of authorization permissions. +func (p *provider) ListPermissions(ctx context.Context, pagination *model.Pagination) ([]*schemas.Permission, *model.Pagination, error) { + permissions := []*schemas.Permission{} + paginationClone := pagination + params := make(map[string]interface{}, 1) + params["offset"] = paginationClone.Offset + params["limit"] = paginationClone.Limit + total, err := p.GetTotalDocs(ctx, schemas.Collections.Permission) + if err != nil { + return nil, nil, err + } + paginationClone.Total = total + query := fmt.Sprintf("SELECT _id, name, description, resource_id, decision_strategy, created_at, updated_at FROM %s.%s ORDER BY created_at DESC OFFSET $offset LIMIT $limit", p.scopeName, schemas.Collections.Permission) + queryResult, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, nil, err + } + for queryResult.Next() { + var permission schemas.Permission + err := queryResult.Row(&permission) + if err != nil { + log.Fatal(err) + } + permissions = append(permissions, &permission) + } + if err := queryResult.Err(); err != nil { + return nil, nil, err + } + return permissions, paginationClone, nil +} + +// AddPermissionScope links a scope to a permission. +func (p *provider) AddPermissionScope(ctx context.Context, ps *schemas.PermissionScope) (*schemas.PermissionScope, error) { + if ps.ID == "" { + ps.ID = uuid.New().String() + } + ps.Key = ps.ID + ps.CreatedAt = time.Now().Unix() + insertOpt := gocb.InsertOptions{ + Context: ctx, + } + _, err := p.db.Collection(schemas.Collections.PermissionScope).Insert(ps.ID, ps, &insertOpt) + if err != nil { + return nil, err + } + return ps, nil +} + +// DeletePermissionScopesByPermissionID removes all scope links for a permission. +func (p *provider) DeletePermissionScopesByPermissionID(ctx context.Context, permissionID string) error { + params := make(map[string]interface{}, 1) + params["permission_id"] = permissionID + query := fmt.Sprintf(`DELETE FROM %s.%s WHERE permission_id=$permission_id`, p.scopeName, schemas.Collections.PermissionScope) + _, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return err + } + return nil +} + +// GetPermissionScopes returns all scope links for a permission. +func (p *provider) GetPermissionScopes(ctx context.Context, permissionID string) ([]*schemas.PermissionScope, error) { + scopes := []*schemas.PermissionScope{} + params := make(map[string]interface{}, 1) + params["permission_id"] = permissionID + query := fmt.Sprintf(`SELECT _id, permission_id, scope_id, created_at FROM %s.%s WHERE permission_id=$permission_id`, p.scopeName, schemas.Collections.PermissionScope) + queryResult, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, err + } + for queryResult.Next() { + var ps schemas.PermissionScope + err := queryResult.Row(&ps) + if err != nil { + log.Fatal(err) + } + scopes = append(scopes, &ps) + } + if err := queryResult.Err(); err != nil { + return nil, err + } + return scopes, nil +} + +// AddPermissionPolicy links a policy to a permission. +func (p *provider) AddPermissionPolicy(ctx context.Context, pp *schemas.PermissionPolicy) (*schemas.PermissionPolicy, error) { + if pp.ID == "" { + pp.ID = uuid.New().String() + } + pp.Key = pp.ID + pp.CreatedAt = time.Now().Unix() + insertOpt := gocb.InsertOptions{ + Context: ctx, + } + _, err := p.db.Collection(schemas.Collections.PermissionPolicy).Insert(pp.ID, pp, &insertOpt) + if err != nil { + return nil, err + } + return pp, nil +} + +// DeletePermissionPoliciesByPermissionID removes all policy links for a permission. +func (p *provider) DeletePermissionPoliciesByPermissionID(ctx context.Context, permissionID string) error { + params := make(map[string]interface{}, 1) + params["permission_id"] = permissionID + query := fmt.Sprintf(`DELETE FROM %s.%s WHERE permission_id=$permission_id`, p.scopeName, schemas.Collections.PermissionPolicy) + _, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return err + } + return nil +} + +// GetPermissionPolicies returns all policy links for a permission. +func (p *provider) GetPermissionPolicies(ctx context.Context, permissionID string) ([]*schemas.PermissionPolicy, error) { + policies := []*schemas.PermissionPolicy{} + params := make(map[string]interface{}, 1) + params["permission_id"] = permissionID + query := fmt.Sprintf(`SELECT _id, permission_id, policy_id, created_at FROM %s.%s WHERE permission_id=$permission_id`, p.scopeName, schemas.Collections.PermissionPolicy) + queryResult, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, err + } + for queryResult.Next() { + var pp schemas.PermissionPolicy + err := queryResult.Row(&pp) + if err != nil { + log.Fatal(err) + } + policies = append(policies, &pp) + } + if err := queryResult.Err(); err != nil { + return nil, err + } + return policies, nil +} + +// GetPermissionsForResourceScope returns all permissions (with their policies and targets) +// that match a given resource name and scope name. This is the hot-path query used by +// the evaluation engine. Uses sequential queries for clarity. +func (p *provider) GetPermissionsForResourceScope(ctx context.Context, resourceName string, scopeName string) ([]*schemas.PermissionWithPolicies, error) { + // 1. Find resource by name + resource, err := p.GetResourceByName(ctx, resourceName) + if err != nil { + return nil, err + } + + // 2. Find scope by name + scope, err := p.GetScopeByName(ctx, scopeName) + if err != nil { + return nil, err + } + + // 3. Find permissions for this resource + permParams := make(map[string]interface{}, 1) + permParams["resource_id"] = resource.ID + permQuery := fmt.Sprintf(`SELECT _id, name, description, resource_id, decision_strategy, created_at, updated_at FROM %s.%s WHERE resource_id=$resource_id`, p.scopeName, schemas.Collections.Permission) + permResult, err := p.db.Query(permQuery, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: permParams, + }) + if err != nil { + return nil, err + } + var permissions []schemas.Permission + for permResult.Next() { + var perm schemas.Permission + if err := permResult.Row(&perm); err != nil { + return nil, err + } + permissions = append(permissions, perm) + } + if err := permResult.Err(); err != nil { + return nil, err + } + + if len(permissions) == 0 { + return nil, nil + } + + // 4. For each permission, check if it has the requested scope + var result []*schemas.PermissionWithPolicies + + for _, perm := range permissions { + // Check if this permission has the requested scope + scopeCheckParams := make(map[string]interface{}, 2) + scopeCheckParams["permission_id"] = perm.ID + scopeCheckParams["scope_id"] = scope.ID + scopeCountQuery := fmt.Sprintf(`SELECT COUNT(*) as Total FROM %s.%s WHERE permission_id=$permission_id AND scope_id=$scope_id`, p.scopeName, schemas.Collections.PermissionScope) + scopeCountResult, err := p.db.Query(scopeCountQuery, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: scopeCheckParams, + }) + if err != nil { + return nil, err + } + var countDocs TotalDocs + err = scopeCountResult.One(&countDocs) + if err != nil { + return nil, err + } + if countDocs.Total == 0 { + continue + } + + // 5. Find permission_policies for this permission + ppParams := make(map[string]interface{}, 1) + ppParams["permission_id"] = perm.ID + ppQuery := fmt.Sprintf(`SELECT _id, permission_id, policy_id, created_at FROM %s.%s WHERE permission_id=$permission_id`, p.scopeName, schemas.Collections.PermissionPolicy) + ppResult, err := p.db.Query(ppQuery, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: ppParams, + }) + if err != nil { + return nil, err + } + var permPolicies []schemas.PermissionPolicy + for ppResult.Next() { + var pp schemas.PermissionPolicy + if err := ppResult.Row(&pp); err != nil { + return nil, err + } + permPolicies = append(permPolicies, pp) + } + if err := ppResult.Err(); err != nil { + return nil, err + } + + if len(permPolicies) == 0 { + continue + } + + // 6. For each permission_policy, resolve the policy and its targets + var policiesWithTargets []schemas.PolicyWithTargets + for _, pp := range permPolicies { + policy, err := p.GetPolicyByID(ctx, pp.PolicyID) + if err != nil { + return nil, err + } + + // Get targets for this policy + targetParams := make(map[string]interface{}, 1) + targetParams["policy_id"] = policy.ID + targetQuery := fmt.Sprintf(`SELECT _id, policy_id, target_type, target_value, created_at FROM %s.%s WHERE policy_id=$policy_id`, p.scopeName, schemas.Collections.PolicyTarget) + targetResult, err := p.db.Query(targetQuery, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: targetParams, + }) + if err != nil { + return nil, err + } + var targets []schemas.PolicyTargetView + for targetResult.Next() { + var target schemas.PolicyTarget + if err := targetResult.Row(&target); err != nil { + return nil, err + } + targets = append(targets, schemas.PolicyTargetView{ + TargetType: target.TargetType, + TargetValue: target.TargetValue, + }) + } + if err := targetResult.Err(); err != nil { + return nil, err + } + + policiesWithTargets = append(policiesWithTargets, schemas.PolicyWithTargets{ + PolicyID: policy.ID, + PolicyName: policy.Name, + Type: policy.Type, + Logic: policy.Logic, + DecisionStrategy: policy.DecisionStrategy, + Targets: targets, + }) + } + + result = append(result, &schemas.PermissionWithPolicies{ + PermissionID: perm.ID, + PermissionName: perm.Name, + DecisionStrategy: perm.DecisionStrategy, + Policies: policiesWithTargets, + }) + } + + return result, nil +} diff --git a/internal/storage/db/couchbase/policy.go b/internal/storage/db/couchbase/policy.go new file mode 100644 index 00000000..481fbdd3 --- /dev/null +++ b/internal/storage/db/couchbase/policy.go @@ -0,0 +1,223 @@ +package couchbase + +import ( + "context" + "encoding/json" + "fmt" + "log" + "strings" + "time" + + "github.com/couchbase/gocb/v2" + "github.com/google/uuid" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddPolicy creates a new authorization policy. +func (p *provider) AddPolicy(ctx context.Context, policy *schemas.Policy) (*schemas.Policy, error) { + if policy.ID == "" { + policy.ID = uuid.New().String() + } + policy.Key = policy.ID + policy.CreatedAt = time.Now().Unix() + policy.UpdatedAt = time.Now().Unix() + insertOpt := gocb.InsertOptions{ + Context: ctx, + } + _, err := p.db.Collection(schemas.Collections.Policy).Insert(policy.ID, policy, &insertOpt) + if err != nil { + return nil, err + } + return policy, nil +} + +// UpdatePolicy updates an existing authorization policy. +func (p *provider) UpdatePolicy(ctx context.Context, policy *schemas.Policy) (*schemas.Policy, error) { + policy.UpdatedAt = time.Now().Unix() + bytes, err := json.Marshal(policy) + if err != nil { + return nil, err + } + decoder := json.NewDecoder(strings.NewReader(string(bytes))) + decoder.UseNumber() + policyMap := map[string]interface{}{} + err = decoder.Decode(&policyMap) + if err != nil { + return nil, err + } + updateFields, params := GetSetFields(policyMap) + params["_id"] = policy.ID + query := fmt.Sprintf(`UPDATE %s.%s SET %s WHERE _id=$_id`, p.scopeName, schemas.Collections.Policy, updateFields) + _, err = p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, err + } + return policy, nil +} + +// DeletePolicy deletes an authorization policy by ID. +// Returns an error if any permission_policy references this policy. +// Cascade-deletes associated policy targets. +func (p *provider) DeletePolicy(ctx context.Context, id string) error { + // Check for permission_policy references + params := make(map[string]interface{}, 1) + params["policy_id"] = id + query := fmt.Sprintf(`SELECT COUNT(*) as Total FROM %s.%s WHERE policy_id=$policy_id`, p.scopeName, schemas.Collections.PermissionPolicy) + queryResult, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return err + } + var totalDocs TotalDocs + err = queryResult.One(&totalDocs) + if err != nil { + return err + } + if totalDocs.Total > 0 { + return fmt.Errorf("cannot delete policy: %d permission_policy(s) reference it", totalDocs.Total) + } + // Cascade-delete policy targets + deleteQuery := fmt.Sprintf(`DELETE FROM %s.%s WHERE policy_id=$policy_id`, p.scopeName, schemas.Collections.PolicyTarget) + _, err = p.db.Query(deleteQuery, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return err + } + removeOpt := gocb.RemoveOptions{ + Context: ctx, + } + _, err = p.db.Collection(schemas.Collections.Policy).Remove(id, &removeOpt) + if err != nil { + return err + } + return nil +} + +// GetPolicyByID returns an authorization policy by its ID. +func (p *provider) GetPolicyByID(ctx context.Context, id string) (*schemas.Policy, error) { + var policy *schemas.Policy + params := make(map[string]interface{}, 1) + params["_id"] = id + query := fmt.Sprintf(`SELECT _id, name, description, type, logic, decision_strategy, created_at, updated_at FROM %s.%s WHERE _id=$_id LIMIT 1`, p.scopeName, schemas.Collections.Policy) + q, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, err + } + err = q.One(&policy) + if err != nil { + return nil, err + } + return policy, nil +} + +// ListPolicies returns a paginated list of authorization policies. +func (p *provider) ListPolicies(ctx context.Context, pagination *model.Pagination) ([]*schemas.Policy, *model.Pagination, error) { + policies := []*schemas.Policy{} + paginationClone := pagination + params := make(map[string]interface{}, 1) + params["offset"] = paginationClone.Offset + params["limit"] = paginationClone.Limit + total, err := p.GetTotalDocs(ctx, schemas.Collections.Policy) + if err != nil { + return nil, nil, err + } + paginationClone.Total = total + query := fmt.Sprintf("SELECT _id, name, description, type, logic, decision_strategy, created_at, updated_at FROM %s.%s ORDER BY created_at DESC OFFSET $offset LIMIT $limit", p.scopeName, schemas.Collections.Policy) + queryResult, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, nil, err + } + for queryResult.Next() { + var policy schemas.Policy + err := queryResult.Row(&policy) + if err != nil { + log.Fatal(err) + } + policies = append(policies, &policy) + } + if err := queryResult.Err(); err != nil { + return nil, nil, err + } + return policies, paginationClone, nil +} + +// AddPolicyTarget adds a target (role name or user ID) to a policy. +func (p *provider) AddPolicyTarget(ctx context.Context, target *schemas.PolicyTarget) (*schemas.PolicyTarget, error) { + if target.ID == "" { + target.ID = uuid.New().String() + } + target.Key = target.ID + target.CreatedAt = time.Now().Unix() + insertOpt := gocb.InsertOptions{ + Context: ctx, + } + _, err := p.db.Collection(schemas.Collections.PolicyTarget).Insert(target.ID, target, &insertOpt) + if err != nil { + return nil, err + } + return target, nil +} + +// DeletePolicyTargetsByPolicyID removes all targets for a policy. +func (p *provider) DeletePolicyTargetsByPolicyID(ctx context.Context, policyID string) error { + params := make(map[string]interface{}, 1) + params["policy_id"] = policyID + query := fmt.Sprintf(`DELETE FROM %s.%s WHERE policy_id=$policy_id`, p.scopeName, schemas.Collections.PolicyTarget) + _, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return err + } + return nil +} + +// GetPolicyTargets returns all targets for a policy. +func (p *provider) GetPolicyTargets(ctx context.Context, policyID string) ([]*schemas.PolicyTarget, error) { + targets := []*schemas.PolicyTarget{} + params := make(map[string]interface{}, 1) + params["policy_id"] = policyID + query := fmt.Sprintf(`SELECT _id, policy_id, target_type, target_value, created_at FROM %s.%s WHERE policy_id=$policy_id`, p.scopeName, schemas.Collections.PolicyTarget) + queryResult, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, err + } + for queryResult.Next() { + var target schemas.PolicyTarget + err := queryResult.Row(&target) + if err != nil { + log.Fatal(err) + } + targets = append(targets, &target) + } + if err := queryResult.Err(); err != nil { + return nil, err + } + return targets, nil +} diff --git a/internal/storage/db/couchbase/provider.go b/internal/storage/db/couchbase/provider.go index 9efccfcc..e0163e19 100644 --- a/internal/storage/db/couchbase/provider.go +++ b/internal/storage/db/couchbase/provider.go @@ -243,5 +243,37 @@ func getIndex(scopeName string) map[string][]string { auditLogIndex3 := fmt.Sprintf("CREATE INDEX AuditLogTimestampIndex ON %s.%s(timestamp)", scopeName, schemas.Collections.AuditLog) indices[schemas.Collections.AuditLog] = []string{auditLogIndex1, auditLogIndex2, auditLogIndex3} + // Resource index + resourceIndex1 := fmt.Sprintf("CREATE INDEX ResourceNameIndex ON %s.%s(name)", scopeName, schemas.Collections.Resource) + indices[schemas.Collections.Resource] = []string{resourceIndex1} + + // Scope index + scopeIndex1 := fmt.Sprintf("CREATE INDEX ScopeNameIndex ON %s.%s(name)", scopeName, schemas.Collections.Scope) + indices[schemas.Collections.Scope] = []string{scopeIndex1} + + // Policy index + policyIndex1 := fmt.Sprintf("CREATE INDEX PolicyNameIndex ON %s.%s(name)", scopeName, schemas.Collections.Policy) + policyIndex2 := fmt.Sprintf("CREATE INDEX PolicyTypeIndex ON %s.%s(type)", scopeName, schemas.Collections.Policy) + indices[schemas.Collections.Policy] = []string{policyIndex1, policyIndex2} + + // PolicyTarget index + policyTargetIndex1 := fmt.Sprintf("CREATE INDEX PolicyTargetPolicyIdIndex ON %s.%s(policy_id)", scopeName, schemas.Collections.PolicyTarget) + indices[schemas.Collections.PolicyTarget] = []string{policyTargetIndex1} + + // Permission index + permissionIndex1 := fmt.Sprintf("CREATE INDEX PermissionNameIndex ON %s.%s(name)", scopeName, schemas.Collections.Permission) + permissionIndex2 := fmt.Sprintf("CREATE INDEX PermissionResourceIdIndex ON %s.%s(resource_id)", scopeName, schemas.Collections.Permission) + indices[schemas.Collections.Permission] = []string{permissionIndex1, permissionIndex2} + + // PermissionScope index + permissionScopeIndex1 := fmt.Sprintf("CREATE INDEX PermissionScopePermissionIdIndex ON %s.%s(permission_id)", scopeName, schemas.Collections.PermissionScope) + permissionScopeIndex2 := fmt.Sprintf("CREATE INDEX PermissionScopeScopeIdIndex ON %s.%s(scope_id)", scopeName, schemas.Collections.PermissionScope) + indices[schemas.Collections.PermissionScope] = []string{permissionScopeIndex1, permissionScopeIndex2} + + // PermissionPolicy index + permissionPolicyIndex1 := fmt.Sprintf("CREATE INDEX PermissionPolicyPermissionIdIndex ON %s.%s(permission_id)", scopeName, schemas.Collections.PermissionPolicy) + permissionPolicyIndex2 := fmt.Sprintf("CREATE INDEX PermissionPolicyPolicyIdIndex ON %s.%s(policy_id)", scopeName, schemas.Collections.PermissionPolicy) + indices[schemas.Collections.PermissionPolicy] = []string{permissionPolicyIndex1, permissionPolicyIndex2} + return indices } diff --git a/internal/storage/db/couchbase/resource.go b/internal/storage/db/couchbase/resource.go new file mode 100644 index 00000000..c54a8426 --- /dev/null +++ b/internal/storage/db/couchbase/resource.go @@ -0,0 +1,172 @@ +package couchbase + +import ( + "context" + "encoding/json" + "fmt" + "log" + "strings" + "time" + + "github.com/couchbase/gocb/v2" + "github.com/google/uuid" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddResource creates a new authorization resource. +func (p *provider) AddResource(ctx context.Context, resource *schemas.Resource) (*schemas.Resource, error) { + if resource.ID == "" { + resource.ID = uuid.New().String() + } + resource.Key = resource.ID + resource.CreatedAt = time.Now().Unix() + resource.UpdatedAt = time.Now().Unix() + insertOpt := gocb.InsertOptions{ + Context: ctx, + } + _, err := p.db.Collection(schemas.Collections.Resource).Insert(resource.ID, resource, &insertOpt) + if err != nil { + return nil, err + } + return resource, nil +} + +// UpdateResource updates an existing authorization resource. +func (p *provider) UpdateResource(ctx context.Context, resource *schemas.Resource) (*schemas.Resource, error) { + resource.UpdatedAt = time.Now().Unix() + bytes, err := json.Marshal(resource) + if err != nil { + return nil, err + } + decoder := json.NewDecoder(strings.NewReader(string(bytes))) + decoder.UseNumber() + resourceMap := map[string]interface{}{} + err = decoder.Decode(&resourceMap) + if err != nil { + return nil, err + } + updateFields, params := GetSetFields(resourceMap) + params["_id"] = resource.ID + query := fmt.Sprintf(`UPDATE %s.%s SET %s WHERE _id=$_id`, p.scopeName, schemas.Collections.Resource, updateFields) + _, err = p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, err + } + return resource, nil +} + +// DeleteResource deletes an authorization resource by ID. +// Returns an error if any permission references this resource. +func (p *provider) DeleteResource(ctx context.Context, id string) error { + // Check for permission references + params := make(map[string]interface{}, 1) + params["resource_id"] = id + query := fmt.Sprintf(`SELECT COUNT(*) as Total FROM %s.%s WHERE resource_id=$resource_id`, p.scopeName, schemas.Collections.Permission) + queryResult, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return err + } + var totalDocs TotalDocs + err = queryResult.One(&totalDocs) + if err != nil { + return err + } + if totalDocs.Total > 0 { + return fmt.Errorf("cannot delete resource: %d permission(s) reference it", totalDocs.Total) + } + removeOpt := gocb.RemoveOptions{ + Context: ctx, + } + _, err = p.db.Collection(schemas.Collections.Resource).Remove(id, &removeOpt) + if err != nil { + return err + } + return nil +} + +// GetResourceByID returns an authorization resource by its ID. +func (p *provider) GetResourceByID(ctx context.Context, id string) (*schemas.Resource, error) { + var resource *schemas.Resource + params := make(map[string]interface{}, 1) + params["_id"] = id + query := fmt.Sprintf(`SELECT _id, name, description, created_at, updated_at FROM %s.%s WHERE _id=$_id LIMIT 1`, p.scopeName, schemas.Collections.Resource) + q, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, err + } + err = q.One(&resource) + if err != nil { + return nil, err + } + return resource, nil +} + +// GetResourceByName returns an authorization resource by its unique name. +func (p *provider) GetResourceByName(ctx context.Context, name string) (*schemas.Resource, error) { + var resource *schemas.Resource + params := make(map[string]interface{}, 1) + params["name"] = name + query := fmt.Sprintf(`SELECT _id, name, description, created_at, updated_at FROM %s.%s WHERE name=$name LIMIT 1`, p.scopeName, schemas.Collections.Resource) + q, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, err + } + err = q.One(&resource) + if err != nil { + return nil, err + } + return resource, nil +} + +// ListResources returns a paginated list of authorization resources. +func (p *provider) ListResources(ctx context.Context, pagination *model.Pagination) ([]*schemas.Resource, *model.Pagination, error) { + resources := []*schemas.Resource{} + paginationClone := pagination + params := make(map[string]interface{}, 1) + params["offset"] = paginationClone.Offset + params["limit"] = paginationClone.Limit + total, err := p.GetTotalDocs(ctx, schemas.Collections.Resource) + if err != nil { + return nil, nil, err + } + paginationClone.Total = total + query := fmt.Sprintf("SELECT _id, name, description, created_at, updated_at FROM %s.%s ORDER BY created_at DESC OFFSET $offset LIMIT $limit", p.scopeName, schemas.Collections.Resource) + queryResult, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, nil, err + } + for queryResult.Next() { + var resource schemas.Resource + err := queryResult.Row(&resource) + if err != nil { + log.Fatal(err) + } + resources = append(resources, &resource) + } + if err := queryResult.Err(); err != nil { + return nil, nil, err + } + return resources, paginationClone, nil +} diff --git a/internal/storage/db/couchbase/scope.go b/internal/storage/db/couchbase/scope.go new file mode 100644 index 00000000..2bcfe0ae --- /dev/null +++ b/internal/storage/db/couchbase/scope.go @@ -0,0 +1,172 @@ +package couchbase + +import ( + "context" + "encoding/json" + "fmt" + "log" + "strings" + "time" + + "github.com/couchbase/gocb/v2" + "github.com/google/uuid" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddScope creates a new authorization scope. +func (p *provider) AddScope(ctx context.Context, scope *schemas.Scope) (*schemas.Scope, error) { + if scope.ID == "" { + scope.ID = uuid.New().String() + } + scope.Key = scope.ID + scope.CreatedAt = time.Now().Unix() + scope.UpdatedAt = time.Now().Unix() + insertOpt := gocb.InsertOptions{ + Context: ctx, + } + _, err := p.db.Collection(schemas.Collections.Scope).Insert(scope.ID, scope, &insertOpt) + if err != nil { + return nil, err + } + return scope, nil +} + +// UpdateScope updates an existing authorization scope. +func (p *provider) UpdateScope(ctx context.Context, scope *schemas.Scope) (*schemas.Scope, error) { + scope.UpdatedAt = time.Now().Unix() + bytes, err := json.Marshal(scope) + if err != nil { + return nil, err + } + decoder := json.NewDecoder(strings.NewReader(string(bytes))) + decoder.UseNumber() + scopeMap := map[string]interface{}{} + err = decoder.Decode(&scopeMap) + if err != nil { + return nil, err + } + updateFields, params := GetSetFields(scopeMap) + params["_id"] = scope.ID + query := fmt.Sprintf(`UPDATE %s.%s SET %s WHERE _id=$_id`, p.scopeName, schemas.Collections.Scope, updateFields) + _, err = p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, err + } + return scope, nil +} + +// DeleteScope deletes an authorization scope by ID. +// Returns an error if any permission_scope references this scope. +func (p *provider) DeleteScope(ctx context.Context, id string) error { + // Check for permission_scope references + params := make(map[string]interface{}, 1) + params["scope_id"] = id + query := fmt.Sprintf(`SELECT COUNT(*) as Total FROM %s.%s WHERE scope_id=$scope_id`, p.scopeName, schemas.Collections.PermissionScope) + queryResult, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return err + } + var totalDocs TotalDocs + err = queryResult.One(&totalDocs) + if err != nil { + return err + } + if totalDocs.Total > 0 { + return fmt.Errorf("cannot delete scope: %d permission_scope(s) reference it", totalDocs.Total) + } + removeOpt := gocb.RemoveOptions{ + Context: ctx, + } + _, err = p.db.Collection(schemas.Collections.Scope).Remove(id, &removeOpt) + if err != nil { + return err + } + return nil +} + +// GetScopeByID returns an authorization scope by its ID. +func (p *provider) GetScopeByID(ctx context.Context, id string) (*schemas.Scope, error) { + var scope *schemas.Scope + params := make(map[string]interface{}, 1) + params["_id"] = id + query := fmt.Sprintf(`SELECT _id, name, description, created_at, updated_at FROM %s.%s WHERE _id=$_id LIMIT 1`, p.scopeName, schemas.Collections.Scope) + q, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, err + } + err = q.One(&scope) + if err != nil { + return nil, err + } + return scope, nil +} + +// GetScopeByName returns an authorization scope by its unique name. +func (p *provider) GetScopeByName(ctx context.Context, name string) (*schemas.Scope, error) { + var scope *schemas.Scope + params := make(map[string]interface{}, 1) + params["name"] = name + query := fmt.Sprintf(`SELECT _id, name, description, created_at, updated_at FROM %s.%s WHERE name=$name LIMIT 1`, p.scopeName, schemas.Collections.Scope) + q, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, err + } + err = q.One(&scope) + if err != nil { + return nil, err + } + return scope, nil +} + +// ListScopes returns a paginated list of authorization scopes. +func (p *provider) ListScopes(ctx context.Context, pagination *model.Pagination) ([]*schemas.Scope, *model.Pagination, error) { + scopes := []*schemas.Scope{} + paginationClone := pagination + params := make(map[string]interface{}, 1) + params["offset"] = paginationClone.Offset + params["limit"] = paginationClone.Limit + total, err := p.GetTotalDocs(ctx, schemas.Collections.Scope) + if err != nil { + return nil, nil, err + } + paginationClone.Total = total + query := fmt.Sprintf("SELECT _id, name, description, created_at, updated_at FROM %s.%s ORDER BY created_at DESC OFFSET $offset LIMIT $limit", p.scopeName, schemas.Collections.Scope) + queryResult, err := p.db.Query(query, &gocb.QueryOptions{ + Context: ctx, + ScanConsistency: gocb.QueryScanConsistencyRequestPlus, + NamedParameters: params, + }) + if err != nil { + return nil, nil, err + } + for queryResult.Next() { + var scope schemas.Scope + err := queryResult.Row(&scope) + if err != nil { + log.Fatal(err) + } + scopes = append(scopes, &scope) + } + if err := queryResult.Err(); err != nil { + return nil, nil, err + } + return scopes, paginationClone, nil +} diff --git a/internal/storage/db/dynamodb/permission.go b/internal/storage/db/dynamodb/permission.go new file mode 100644 index 00000000..9b02e298 --- /dev/null +++ b/internal/storage/db/dynamodb/permission.go @@ -0,0 +1,318 @@ +package dynamodb + +import ( + "context" + "errors" + "time" + + "github.com/aws/aws-sdk-go-v2/feature/dynamodb/expression" + "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" + "github.com/google/uuid" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddPermission creates a new authorization permission. +func (p *provider) AddPermission(ctx context.Context, permission *schemas.Permission) (*schemas.Permission, error) { + if permission.ID == "" { + permission.ID = uuid.New().String() + } + permission.Key = permission.ID + permission.CreatedAt = time.Now().Unix() + permission.UpdatedAt = time.Now().Unix() + if err := p.putItem(ctx, schemas.Collections.Permission, permission); err != nil { + return nil, err + } + return permission, nil +} + +// UpdatePermission updates an existing authorization permission. +func (p *provider) UpdatePermission(ctx context.Context, permission *schemas.Permission) (*schemas.Permission, error) { + permission.UpdatedAt = time.Now().Unix() + if err := p.updateByHashKey(ctx, schemas.Collections.Permission, "id", permission.ID, permission); err != nil { + return nil, err + } + return permission, nil +} + +// DeletePermission deletes an authorization permission by ID. +// Cascade-deletes all permission_scopes and permission_policies for this permission. +func (p *provider) DeletePermission(ctx context.Context, id string) error { + if err := p.DeletePermissionScopesByPermissionID(ctx, id); err != nil { + return err + } + if err := p.DeletePermissionPoliciesByPermissionID(ctx, id); err != nil { + return err + } + return p.deleteItemByHash(ctx, schemas.Collections.Permission, "id", id) +} + +// GetPermissionByID returns an authorization permission by its ID. +func (p *provider) GetPermissionByID(ctx context.Context, id string) (*schemas.Permission, error) { + var permission schemas.Permission + if err := p.getItemByHash(ctx, schemas.Collections.Permission, "id", id, &permission); err != nil { + return nil, err + } + if permission.ID == "" { + return nil, errors.New("no document found") + } + return &permission, nil +} + +// ListPermissions returns a paginated list of authorization permissions. +func (p *provider) ListPermissions(ctx context.Context, pagination *model.Pagination) ([]*schemas.Permission, *model.Pagination, error) { + var lastKey map[string]types.AttributeValue + var iteration int64 + paginationClone := pagination + var permissions []*schemas.Permission + + count, err := p.scanCount(ctx, schemas.Collections.Permission, nil) + if err != nil { + return nil, nil, err + } + + for (paginationClone.Offset + paginationClone.Limit) > iteration { + items, next, err := p.scanPageIter(ctx, schemas.Collections.Permission, nil, int32(paginationClone.Limit), lastKey) + if err != nil { + return nil, nil, err + } + for _, it := range items { + var perm schemas.Permission + if err := unmarshalItem(it, &perm); err != nil { + return nil, nil, err + } + if paginationClone.Offset == iteration { + permissions = append(permissions, &perm) + } + } + lastKey = next + iteration += paginationClone.Limit + if lastKey == nil { + break + } + } + paginationClone.Total = count + return permissions, paginationClone, nil +} + +// AddPermissionScope links a scope to a permission. +func (p *provider) AddPermissionScope(ctx context.Context, ps *schemas.PermissionScope) (*schemas.PermissionScope, error) { + if ps.ID == "" { + ps.ID = uuid.New().String() + } + ps.Key = ps.ID + ps.CreatedAt = time.Now().Unix() + if err := p.putItem(ctx, schemas.Collections.PermissionScope, ps); err != nil { + return nil, err + } + return ps, nil +} + +// DeletePermissionScopesByPermissionID removes all scope links for a permission. +func (p *provider) DeletePermissionScopesByPermissionID(ctx context.Context, permissionID string) error { + f := expression.Name("permission_id").Equal(expression.Value(permissionID)) + items, err := p.scanFilteredAll(ctx, schemas.Collections.PermissionScope, nil, &f) + if err != nil { + return err + } + for _, it := range items { + var ps schemas.PermissionScope + if err := unmarshalItem(it, &ps); err != nil { + return err + } + if err := p.deleteItemByHash(ctx, schemas.Collections.PermissionScope, "id", ps.ID); err != nil { + return err + } + } + return nil +} + +// GetPermissionScopes returns all scope links for a permission. +func (p *provider) GetPermissionScopes(ctx context.Context, permissionID string) ([]*schemas.PermissionScope, error) { + f := expression.Name("permission_id").Equal(expression.Value(permissionID)) + items, err := p.scanFilteredAll(ctx, schemas.Collections.PermissionScope, nil, &f) + if err != nil { + return nil, err + } + var scopes []*schemas.PermissionScope + for _, it := range items { + var ps schemas.PermissionScope + if err := unmarshalItem(it, &ps); err != nil { + return nil, err + } + scopes = append(scopes, &ps) + } + return scopes, nil +} + +// AddPermissionPolicy links a policy to a permission. +func (p *provider) AddPermissionPolicy(ctx context.Context, pp *schemas.PermissionPolicy) (*schemas.PermissionPolicy, error) { + if pp.ID == "" { + pp.ID = uuid.New().String() + } + pp.Key = pp.ID + pp.CreatedAt = time.Now().Unix() + if err := p.putItem(ctx, schemas.Collections.PermissionPolicy, pp); err != nil { + return nil, err + } + return pp, nil +} + +// DeletePermissionPoliciesByPermissionID removes all policy links for a permission. +func (p *provider) DeletePermissionPoliciesByPermissionID(ctx context.Context, permissionID string) error { + f := expression.Name("permission_id").Equal(expression.Value(permissionID)) + items, err := p.scanFilteredAll(ctx, schemas.Collections.PermissionPolicy, nil, &f) + if err != nil { + return err + } + for _, it := range items { + var pp schemas.PermissionPolicy + if err := unmarshalItem(it, &pp); err != nil { + return err + } + if err := p.deleteItemByHash(ctx, schemas.Collections.PermissionPolicy, "id", pp.ID); err != nil { + return err + } + } + return nil +} + +// GetPermissionPolicies returns all policy links for a permission. +func (p *provider) GetPermissionPolicies(ctx context.Context, permissionID string) ([]*schemas.PermissionPolicy, error) { + f := expression.Name("permission_id").Equal(expression.Value(permissionID)) + items, err := p.scanFilteredAll(ctx, schemas.Collections.PermissionPolicy, nil, &f) + if err != nil { + return nil, err + } + var policies []*schemas.PermissionPolicy + for _, it := range items { + var pp schemas.PermissionPolicy + if err := unmarshalItem(it, &pp); err != nil { + return nil, err + } + policies = append(policies, &pp) + } + return policies, nil +} + +// GetPermissionsForResourceScope returns all permissions (with their policies and targets) +// that apply to a given resource name and scope name. Used by the evaluation engine. +func (p *provider) GetPermissionsForResourceScope(ctx context.Context, resourceName string, scopeName string) ([]*schemas.PermissionWithPolicies, error) { + // 1. Find resource by name + resourceItems, err := p.queryEqLimit(ctx, schemas.Collections.Resource, "name", "name", resourceName, nil, 1) + if err != nil { + return nil, err + } + if len(resourceItems) == 0 { + return nil, errors.New("no document found") + } + var resource schemas.Resource + if err := unmarshalItem(resourceItems[0], &resource); err != nil { + return nil, err + } + + // 2. Find scope by name + scopeItems, err := p.queryEqLimit(ctx, schemas.Collections.Scope, "name", "name", scopeName, nil, 1) + if err != nil { + return nil, err + } + if len(scopeItems) == 0 { + return nil, errors.New("no document found") + } + var scope schemas.Scope + if err := unmarshalItem(scopeItems[0], &scope); err != nil { + return nil, err + } + + // 3. Find permissions for this resource + f := expression.Name("resource_id").Equal(expression.Value(resource.ID)) + permItems, err := p.scanFilteredAll(ctx, schemas.Collections.Permission, nil, &f) + if err != nil { + return nil, err + } + if len(permItems) == 0 { + return nil, nil + } + + var result []*schemas.PermissionWithPolicies + + for _, permItem := range permItems { + var perm schemas.Permission + if err := unmarshalItem(permItem, &perm); err != nil { + return nil, err + } + + // 4. Check if this permission has the requested scope + psFilter := expression.Name("permission_id").Equal(expression.Value(perm.ID)). + And(expression.Name("scope_id").Equal(expression.Value(scope.ID))) + psItems, err := p.scanFilteredAll(ctx, schemas.Collections.PermissionScope, nil, &psFilter) + if err != nil { + return nil, err + } + if len(psItems) == 0 { + continue + } + + // 5. Find permission_policies for this permission + ppFilter := expression.Name("permission_id").Equal(expression.Value(perm.ID)) + ppItems, err := p.scanFilteredAll(ctx, schemas.Collections.PermissionPolicy, nil, &ppFilter) + if err != nil { + return nil, err + } + if len(ppItems) == 0 { + continue + } + + // 6. For each permission_policy, resolve the policy and its targets + var policiesWithTargets []schemas.PolicyWithTargets + for _, ppItem := range ppItems { + var pp schemas.PermissionPolicy + if err := unmarshalItem(ppItem, &pp); err != nil { + return nil, err + } + + var policy schemas.Policy + if err := p.getItemByHash(ctx, schemas.Collections.Policy, "id", pp.PolicyID, &policy); err != nil { + return nil, err + } + + // Get targets for this policy + tFilter := expression.Name("policy_id").Equal(expression.Value(policy.ID)) + tItems, err := p.scanFilteredAll(ctx, schemas.Collections.PolicyTarget, nil, &tFilter) + if err != nil { + return nil, err + } + + var targets []schemas.PolicyTargetView + for _, tItem := range tItems { + var target schemas.PolicyTarget + if err := unmarshalItem(tItem, &target); err != nil { + return nil, err + } + targets = append(targets, schemas.PolicyTargetView{ + TargetType: target.TargetType, + TargetValue: target.TargetValue, + }) + } + + policiesWithTargets = append(policiesWithTargets, schemas.PolicyWithTargets{ + PolicyID: policy.ID, + PolicyName: policy.Name, + Type: policy.Type, + Logic: policy.Logic, + DecisionStrategy: policy.DecisionStrategy, + Targets: targets, + }) + } + + result = append(result, &schemas.PermissionWithPolicies{ + PermissionID: perm.ID, + PermissionName: perm.Name, + DecisionStrategy: perm.DecisionStrategy, + Policies: policiesWithTargets, + }) + } + + return result, nil +} diff --git a/internal/storage/db/dynamodb/policy.go b/internal/storage/db/dynamodb/policy.go new file mode 100644 index 00000000..daa4f1ee --- /dev/null +++ b/internal/storage/db/dynamodb/policy.go @@ -0,0 +1,156 @@ +package dynamodb + +import ( + "context" + "errors" + "fmt" + "time" + + "github.com/aws/aws-sdk-go-v2/feature/dynamodb/expression" + "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" + "github.com/google/uuid" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddPolicy creates a new authorization policy. +func (p *provider) AddPolicy(ctx context.Context, policy *schemas.Policy) (*schemas.Policy, error) { + if policy.ID == "" { + policy.ID = uuid.New().String() + } + policy.Key = policy.ID + policy.CreatedAt = time.Now().Unix() + policy.UpdatedAt = time.Now().Unix() + if err := p.putItem(ctx, schemas.Collections.Policy, policy); err != nil { + return nil, err + } + return policy, nil +} + +// UpdatePolicy updates an existing authorization policy. +func (p *provider) UpdatePolicy(ctx context.Context, policy *schemas.Policy) (*schemas.Policy, error) { + policy.UpdatedAt = time.Now().Unix() + if err := p.updateByHashKey(ctx, schemas.Collections.Policy, "id", policy.ID, policy); err != nil { + return nil, err + } + return policy, nil +} + +// DeletePolicy deletes an authorization policy by ID. +// Returns an error if any permission_policy references this policy. +// Also cascade-deletes all policy_targets for this policy. +func (p *provider) DeletePolicy(ctx context.Context, id string) error { + // Check for referencing permission_policies + f := expression.Name("policy_id").Equal(expression.Value(id)) + items, err := p.scanFilteredAll(ctx, schemas.Collections.PermissionPolicy, nil, &f) + if err != nil { + return err + } + if len(items) > 0 { + return fmt.Errorf("cannot delete policy: %d permission_policy(ies) reference it", len(items)) + } + // Cascade-delete policy targets + if err := p.DeletePolicyTargetsByPolicyID(ctx, id); err != nil { + return err + } + return p.deleteItemByHash(ctx, schemas.Collections.Policy, "id", id) +} + +// GetPolicyByID returns an authorization policy by its ID. +func (p *provider) GetPolicyByID(ctx context.Context, id string) (*schemas.Policy, error) { + var policy schemas.Policy + if err := p.getItemByHash(ctx, schemas.Collections.Policy, "id", id, &policy); err != nil { + return nil, err + } + if policy.ID == "" { + return nil, errors.New("no document found") + } + return &policy, nil +} + +// ListPolicies returns a paginated list of authorization policies. +func (p *provider) ListPolicies(ctx context.Context, pagination *model.Pagination) ([]*schemas.Policy, *model.Pagination, error) { + var lastKey map[string]types.AttributeValue + var iteration int64 + paginationClone := pagination + var policies []*schemas.Policy + + count, err := p.scanCount(ctx, schemas.Collections.Policy, nil) + if err != nil { + return nil, nil, err + } + + for (paginationClone.Offset + paginationClone.Limit) > iteration { + items, next, err := p.scanPageIter(ctx, schemas.Collections.Policy, nil, int32(paginationClone.Limit), lastKey) + if err != nil { + return nil, nil, err + } + for _, it := range items { + var pol schemas.Policy + if err := unmarshalItem(it, &pol); err != nil { + return nil, nil, err + } + if paginationClone.Offset == iteration { + policies = append(policies, &pol) + } + } + lastKey = next + iteration += paginationClone.Limit + if lastKey == nil { + break + } + } + paginationClone.Total = count + return policies, paginationClone, nil +} + +// AddPolicyTarget adds a target (role name or user ID) to a policy. +func (p *provider) AddPolicyTarget(ctx context.Context, target *schemas.PolicyTarget) (*schemas.PolicyTarget, error) { + if target.ID == "" { + target.ID = uuid.New().String() + } + target.Key = target.ID + target.CreatedAt = time.Now().Unix() + if err := p.putItem(ctx, schemas.Collections.PolicyTarget, target); err != nil { + return nil, err + } + return target, nil +} + +// DeletePolicyTargetsByPolicyID removes all targets for a policy. +func (p *provider) DeletePolicyTargetsByPolicyID(ctx context.Context, policyID string) error { + f := expression.Name("policy_id").Equal(expression.Value(policyID)) + items, err := p.scanFilteredAll(ctx, schemas.Collections.PolicyTarget, nil, &f) + if err != nil { + return err + } + for _, it := range items { + var target schemas.PolicyTarget + if err := unmarshalItem(it, &target); err != nil { + return err + } + if err := p.deleteItemByHash(ctx, schemas.Collections.PolicyTarget, "id", target.ID); err != nil { + return err + } + } + return nil +} + +// GetPolicyTargets returns all targets for a policy. +func (p *provider) GetPolicyTargets(ctx context.Context, policyID string) ([]*schemas.PolicyTarget, error) { + f := expression.Name("policy_id").Equal(expression.Value(policyID)) + items, err := p.scanFilteredAll(ctx, schemas.Collections.PolicyTarget, nil, &f) + if err != nil { + return nil, err + } + var targets []*schemas.PolicyTarget + for _, it := range items { + var target schemas.PolicyTarget + if err := unmarshalItem(it, &target); err != nil { + return nil, err + } + targets = append(targets, &target) + } + return targets, nil +} diff --git a/internal/storage/db/dynamodb/resource.go b/internal/storage/db/dynamodb/resource.go new file mode 100644 index 00000000..cae7ba7e --- /dev/null +++ b/internal/storage/db/dynamodb/resource.go @@ -0,0 +1,117 @@ +package dynamodb + +import ( + "context" + "errors" + "fmt" + "time" + + "github.com/aws/aws-sdk-go-v2/feature/dynamodb/expression" + "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" + "github.com/google/uuid" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddResource creates a new authorization resource. +func (p *provider) AddResource(ctx context.Context, resource *schemas.Resource) (*schemas.Resource, error) { + if resource.ID == "" { + resource.ID = uuid.New().String() + } + resource.Key = resource.ID + resource.CreatedAt = time.Now().Unix() + resource.UpdatedAt = time.Now().Unix() + if err := p.putItem(ctx, schemas.Collections.Resource, resource); err != nil { + return nil, err + } + return resource, nil +} + +// UpdateResource updates an existing authorization resource. +func (p *provider) UpdateResource(ctx context.Context, resource *schemas.Resource) (*schemas.Resource, error) { + resource.UpdatedAt = time.Now().Unix() + if err := p.updateByHashKey(ctx, schemas.Collections.Resource, "id", resource.ID, resource); err != nil { + return nil, err + } + return resource, nil +} + +// DeleteResource deletes an authorization resource by ID. +// Returns an error if any permission references this resource. +func (p *provider) DeleteResource(ctx context.Context, id string) error { + // Check for referencing permissions via resource_id GSI + f := expression.Name("resource_id").Equal(expression.Value(id)) + items, err := p.scanFilteredAll(ctx, schemas.Collections.Permission, nil, &f) + if err != nil { + return err + } + if len(items) > 0 { + return fmt.Errorf("cannot delete resource: %d permission(s) reference it", len(items)) + } + return p.deleteItemByHash(ctx, schemas.Collections.Resource, "id", id) +} + +// GetResourceByID returns an authorization resource by its ID. +func (p *provider) GetResourceByID(ctx context.Context, id string) (*schemas.Resource, error) { + var resource schemas.Resource + if err := p.getItemByHash(ctx, schemas.Collections.Resource, "id", id, &resource); err != nil { + return nil, err + } + if resource.ID == "" { + return nil, errors.New("no document found") + } + return &resource, nil +} + +// GetResourceByName returns an authorization resource by its unique name. +func (p *provider) GetResourceByName(ctx context.Context, name string) (*schemas.Resource, error) { + items, err := p.queryEqLimit(ctx, schemas.Collections.Resource, "name", "name", name, nil, 1) + if err != nil { + return nil, err + } + if len(items) == 0 { + return nil, errors.New("no document found") + } + var resource schemas.Resource + if err := unmarshalItem(items[0], &resource); err != nil { + return nil, err + } + return &resource, nil +} + +// ListResources returns a paginated list of authorization resources. +func (p *provider) ListResources(ctx context.Context, pagination *model.Pagination) ([]*schemas.Resource, *model.Pagination, error) { + var lastKey map[string]types.AttributeValue + var iteration int64 + paginationClone := pagination + var resources []*schemas.Resource + + count, err := p.scanCount(ctx, schemas.Collections.Resource, nil) + if err != nil { + return nil, nil, err + } + + for (paginationClone.Offset + paginationClone.Limit) > iteration { + items, next, err := p.scanPageIter(ctx, schemas.Collections.Resource, nil, int32(paginationClone.Limit), lastKey) + if err != nil { + return nil, nil, err + } + for _, it := range items { + var r schemas.Resource + if err := unmarshalItem(it, &r); err != nil { + return nil, nil, err + } + if paginationClone.Offset == iteration { + resources = append(resources, &r) + } + } + lastKey = next + iteration += paginationClone.Limit + if lastKey == nil { + break + } + } + paginationClone.Total = count + return resources, paginationClone, nil +} diff --git a/internal/storage/db/dynamodb/scope.go b/internal/storage/db/dynamodb/scope.go new file mode 100644 index 00000000..0184ebdb --- /dev/null +++ b/internal/storage/db/dynamodb/scope.go @@ -0,0 +1,116 @@ +package dynamodb + +import ( + "context" + "errors" + "fmt" + "time" + + "github.com/aws/aws-sdk-go-v2/feature/dynamodb/expression" + "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" + "github.com/google/uuid" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddScope creates a new authorization scope. +func (p *provider) AddScope(ctx context.Context, scope *schemas.Scope) (*schemas.Scope, error) { + if scope.ID == "" { + scope.ID = uuid.New().String() + } + scope.Key = scope.ID + scope.CreatedAt = time.Now().Unix() + scope.UpdatedAt = time.Now().Unix() + if err := p.putItem(ctx, schemas.Collections.Scope, scope); err != nil { + return nil, err + } + return scope, nil +} + +// UpdateScope updates an existing authorization scope. +func (p *provider) UpdateScope(ctx context.Context, scope *schemas.Scope) (*schemas.Scope, error) { + scope.UpdatedAt = time.Now().Unix() + if err := p.updateByHashKey(ctx, schemas.Collections.Scope, "id", scope.ID, scope); err != nil { + return nil, err + } + return scope, nil +} + +// DeleteScope deletes an authorization scope by ID. +// Returns an error if any permission_scope references this scope. +func (p *provider) DeleteScope(ctx context.Context, id string) error { + f := expression.Name("scope_id").Equal(expression.Value(id)) + items, err := p.scanFilteredAll(ctx, schemas.Collections.PermissionScope, nil, &f) + if err != nil { + return err + } + if len(items) > 0 { + return fmt.Errorf("cannot delete scope: %d permission_scope(s) reference it", len(items)) + } + return p.deleteItemByHash(ctx, schemas.Collections.Scope, "id", id) +} + +// GetScopeByID returns an authorization scope by its ID. +func (p *provider) GetScopeByID(ctx context.Context, id string) (*schemas.Scope, error) { + var scope schemas.Scope + if err := p.getItemByHash(ctx, schemas.Collections.Scope, "id", id, &scope); err != nil { + return nil, err + } + if scope.ID == "" { + return nil, errors.New("no document found") + } + return &scope, nil +} + +// GetScopeByName returns an authorization scope by its unique name. +func (p *provider) GetScopeByName(ctx context.Context, name string) (*schemas.Scope, error) { + items, err := p.queryEqLimit(ctx, schemas.Collections.Scope, "name", "name", name, nil, 1) + if err != nil { + return nil, err + } + if len(items) == 0 { + return nil, errors.New("no document found") + } + var scope schemas.Scope + if err := unmarshalItem(items[0], &scope); err != nil { + return nil, err + } + return &scope, nil +} + +// ListScopes returns a paginated list of authorization scopes. +func (p *provider) ListScopes(ctx context.Context, pagination *model.Pagination) ([]*schemas.Scope, *model.Pagination, error) { + var lastKey map[string]types.AttributeValue + var iteration int64 + paginationClone := pagination + var scopes []*schemas.Scope + + count, err := p.scanCount(ctx, schemas.Collections.Scope, nil) + if err != nil { + return nil, nil, err + } + + for (paginationClone.Offset + paginationClone.Limit) > iteration { + items, next, err := p.scanPageIter(ctx, schemas.Collections.Scope, nil, int32(paginationClone.Limit), lastKey) + if err != nil { + return nil, nil, err + } + for _, it := range items { + var s schemas.Scope + if err := unmarshalItem(it, &s); err != nil { + return nil, nil, err + } + if paginationClone.Offset == iteration { + scopes = append(scopes, &s) + } + } + lastKey = next + iteration += paginationClone.Limit + if lastKey == nil { + break + } + } + paginationClone.Total = count + return scopes, paginationClone, nil +} diff --git a/internal/storage/db/dynamodb/tables.go b/internal/storage/db/dynamodb/tables.go index 81b8b705..0109a204 100644 --- a/internal/storage/db/dynamodb/tables.go +++ b/internal/storage/db/dynamodb/tables.go @@ -173,6 +173,74 @@ func (p *provider) ensureTables(ctx context.Context) error { gsi("action", "action"), }, }, + // Authorization tables + { + name: schemas.Collections.Resource, + hash: "id", + attr: []types.AttributeDefinition{ + {AttributeName: aws.String("id"), AttributeType: types.ScalarAttributeTypeS}, + {AttributeName: aws.String("name"), AttributeType: types.ScalarAttributeTypeS}, + }, + gsi: []types.GlobalSecondaryIndex{gsi("name", "name")}, + }, + { + name: schemas.Collections.Scope, + hash: "id", + attr: []types.AttributeDefinition{ + {AttributeName: aws.String("id"), AttributeType: types.ScalarAttributeTypeS}, + {AttributeName: aws.String("name"), AttributeType: types.ScalarAttributeTypeS}, + }, + gsi: []types.GlobalSecondaryIndex{gsi("name", "name")}, + }, + { + name: schemas.Collections.Policy, + hash: "id", + attr: []types.AttributeDefinition{ + {AttributeName: aws.String("id"), AttributeType: types.ScalarAttributeTypeS}, + {AttributeName: aws.String("name"), AttributeType: types.ScalarAttributeTypeS}, + }, + gsi: []types.GlobalSecondaryIndex{gsi("name", "name")}, + }, + { + name: schemas.Collections.PolicyTarget, + hash: "id", + attr: []types.AttributeDefinition{ + {AttributeName: aws.String("id"), AttributeType: types.ScalarAttributeTypeS}, + {AttributeName: aws.String("policy_id"), AttributeType: types.ScalarAttributeTypeS}, + }, + gsi: []types.GlobalSecondaryIndex{gsi("policy_id", "policy_id")}, + }, + { + name: schemas.Collections.Permission, + hash: "id", + attr: []types.AttributeDefinition{ + {AttributeName: aws.String("id"), AttributeType: types.ScalarAttributeTypeS}, + {AttributeName: aws.String("name"), AttributeType: types.ScalarAttributeTypeS}, + {AttributeName: aws.String("resource_id"), AttributeType: types.ScalarAttributeTypeS}, + }, + gsi: []types.GlobalSecondaryIndex{ + gsi("name", "name"), + gsi("resource_id", "resource_id"), + }, + }, + { + name: schemas.Collections.PermissionScope, + hash: "id", + attr: []types.AttributeDefinition{ + {AttributeName: aws.String("id"), AttributeType: types.ScalarAttributeTypeS}, + {AttributeName: aws.String("permission_id"), AttributeType: types.ScalarAttributeTypeS}, + }, + gsi: []types.GlobalSecondaryIndex{gsi("permission_id", "permission_id")}, + }, + { + name: schemas.Collections.PermissionPolicy, + hash: "id", + attr: []types.AttributeDefinition{ + {AttributeName: aws.String("id"), AttributeType: types.ScalarAttributeTypeS}, + {AttributeName: aws.String("permission_id"), AttributeType: types.ScalarAttributeTypeS}, + }, + gsi: []types.GlobalSecondaryIndex{gsi("permission_id", "permission_id")}, + }, } for _, t := range tables { diff --git a/internal/storage/db/mongodb/permission.go b/internal/storage/db/mongodb/permission.go new file mode 100644 index 00000000..b28870a3 --- /dev/null +++ b/internal/storage/db/mongodb/permission.go @@ -0,0 +1,325 @@ +package mongodb + +import ( + "context" + "time" + + "github.com/google/uuid" + "go.mongodb.org/mongo-driver/bson" + "go.mongodb.org/mongo-driver/mongo/options" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddPermission creates a new authorization permission. +func (p *provider) AddPermission(ctx context.Context, permission *schemas.Permission) (*schemas.Permission, error) { + if permission.ID == "" { + permission.ID = uuid.New().String() + } + permission.Key = permission.ID + permission.CreatedAt = time.Now().Unix() + permission.UpdatedAt = time.Now().Unix() + collection := p.db.Collection(schemas.Collections.Permission, options.Collection()) + _, err := collection.InsertOne(ctx, permission) + if err != nil { + return nil, err + } + return permission, nil +} + +// UpdatePermission updates an existing authorization permission. +func (p *provider) UpdatePermission(ctx context.Context, permission *schemas.Permission) (*schemas.Permission, error) { + permission.UpdatedAt = time.Now().Unix() + collection := p.db.Collection(schemas.Collections.Permission, options.Collection()) + _, err := collection.UpdateOne(ctx, bson.M{"_id": bson.M{"$eq": permission.ID}}, bson.M{"$set": permission}, options.MergeUpdateOptions()) + if err != nil { + return nil, err + } + return permission, nil +} + +// DeletePermission deletes an authorization permission by ID. +// Cascade-deletes associated permission_scopes and permission_policies. +func (p *provider) DeletePermission(ctx context.Context, id string) error { + permissionScopeCollection := p.db.Collection(schemas.Collections.PermissionScope, options.Collection()) + _, err := permissionScopeCollection.DeleteMany(ctx, bson.M{"permission_id": id}, options.Delete()) + if err != nil { + return err + } + permissionPolicyCollection := p.db.Collection(schemas.Collections.PermissionPolicy, options.Collection()) + _, err = permissionPolicyCollection.DeleteMany(ctx, bson.M{"permission_id": id}, options.Delete()) + if err != nil { + return err + } + collection := p.db.Collection(schemas.Collections.Permission, options.Collection()) + _, err = collection.DeleteOne(ctx, bson.M{"_id": id}, options.Delete()) + if err != nil { + return err + } + return nil +} + +// GetPermissionByID returns an authorization permission by its ID. +func (p *provider) GetPermissionByID(ctx context.Context, id string) (*schemas.Permission, error) { + var permission schemas.Permission + collection := p.db.Collection(schemas.Collections.Permission, options.Collection()) + err := collection.FindOne(ctx, bson.M{"_id": id}).Decode(&permission) + if err != nil { + return nil, err + } + return &permission, nil +} + +// ListPermissions returns a paginated list of authorization permissions. +func (p *provider) ListPermissions(ctx context.Context, pagination *model.Pagination) ([]*schemas.Permission, *model.Pagination, error) { + permissions := []*schemas.Permission{} + opts := options.Find() + opts.SetLimit(pagination.Limit) + opts.SetSkip(pagination.Offset) + opts.SetSort(bson.M{"created_at": -1}) + paginationClone := pagination + collection := p.db.Collection(schemas.Collections.Permission, options.Collection()) + count, err := collection.CountDocuments(ctx, bson.M{}, options.Count()) + if err != nil { + return nil, nil, err + } + paginationClone.Total = count + cursor, err := collection.Find(ctx, bson.M{}, opts) + if err != nil { + return nil, nil, err + } + defer cursor.Close(ctx) + for cursor.Next(ctx) { + var permission *schemas.Permission + err := cursor.Decode(&permission) + if err != nil { + return nil, nil, err + } + permissions = append(permissions, permission) + } + return permissions, paginationClone, nil +} + +// AddPermissionScope links a scope to a permission. +func (p *provider) AddPermissionScope(ctx context.Context, ps *schemas.PermissionScope) (*schemas.PermissionScope, error) { + if ps.ID == "" { + ps.ID = uuid.New().String() + } + ps.Key = ps.ID + ps.CreatedAt = time.Now().Unix() + collection := p.db.Collection(schemas.Collections.PermissionScope, options.Collection()) + _, err := collection.InsertOne(ctx, ps) + if err != nil { + return nil, err + } + return ps, nil +} + +// DeletePermissionScopesByPermissionID removes all scope links for a permission. +func (p *provider) DeletePermissionScopesByPermissionID(ctx context.Context, permissionID string) error { + collection := p.db.Collection(schemas.Collections.PermissionScope, options.Collection()) + _, err := collection.DeleteMany(ctx, bson.M{"permission_id": permissionID}, options.Delete()) + if err != nil { + return err + } + return nil +} + +// GetPermissionScopes returns all scope links for a permission. +func (p *provider) GetPermissionScopes(ctx context.Context, permissionID string) ([]*schemas.PermissionScope, error) { + scopes := []*schemas.PermissionScope{} + collection := p.db.Collection(schemas.Collections.PermissionScope, options.Collection()) + cursor, err := collection.Find(ctx, bson.M{"permission_id": permissionID}) + if err != nil { + return nil, err + } + defer cursor.Close(ctx) + for cursor.Next(ctx) { + var ps *schemas.PermissionScope + err := cursor.Decode(&ps) + if err != nil { + return nil, err + } + scopes = append(scopes, ps) + } + return scopes, nil +} + +// AddPermissionPolicy links a policy to a permission. +func (p *provider) AddPermissionPolicy(ctx context.Context, pp *schemas.PermissionPolicy) (*schemas.PermissionPolicy, error) { + if pp.ID == "" { + pp.ID = uuid.New().String() + } + pp.Key = pp.ID + pp.CreatedAt = time.Now().Unix() + collection := p.db.Collection(schemas.Collections.PermissionPolicy, options.Collection()) + _, err := collection.InsertOne(ctx, pp) + if err != nil { + return nil, err + } + return pp, nil +} + +// DeletePermissionPoliciesByPermissionID removes all policy links for a permission. +func (p *provider) DeletePermissionPoliciesByPermissionID(ctx context.Context, permissionID string) error { + collection := p.db.Collection(schemas.Collections.PermissionPolicy, options.Collection()) + _, err := collection.DeleteMany(ctx, bson.M{"permission_id": permissionID}, options.Delete()) + if err != nil { + return err + } + return nil +} + +// GetPermissionPolicies returns all policy links for a permission. +func (p *provider) GetPermissionPolicies(ctx context.Context, permissionID string) ([]*schemas.PermissionPolicy, error) { + policies := []*schemas.PermissionPolicy{} + collection := p.db.Collection(schemas.Collections.PermissionPolicy, options.Collection()) + cursor, err := collection.Find(ctx, bson.M{"permission_id": permissionID}) + if err != nil { + return nil, err + } + defer cursor.Close(ctx) + for cursor.Next(ctx) { + var pp *schemas.PermissionPolicy + err := cursor.Decode(&pp) + if err != nil { + return nil, err + } + policies = append(policies, pp) + } + return policies, nil +} + +// GetPermissionsForResourceScope returns all permissions (with their policies and targets) +// that match a given resource name and scope name. This is the hot-path query used by +// the evaluation engine. Uses sequential queries for clarity. +func (p *provider) GetPermissionsForResourceScope(ctx context.Context, resourceName string, scopeName string) ([]*schemas.PermissionWithPolicies, error) { + // 1. Find resource by name + var resource schemas.Resource + resourceCollection := p.db.Collection(schemas.Collections.Resource, options.Collection()) + err := resourceCollection.FindOne(ctx, bson.M{"name": resourceName}).Decode(&resource) + if err != nil { + return nil, err + } + + // 2. Find scope by name + var scope schemas.Scope + scopeCollection := p.db.Collection(schemas.Collections.Scope, options.Collection()) + err = scopeCollection.FindOne(ctx, bson.M{"name": scopeName}).Decode(&scope) + if err != nil { + return nil, err + } + + // 3. Find permissions for this resource + permissionCollection := p.db.Collection(schemas.Collections.Permission, options.Collection()) + permCursor, err := permissionCollection.Find(ctx, bson.M{"resource_id": resource.ID}) + if err != nil { + return nil, err + } + defer permCursor.Close(ctx) + + var permissions []schemas.Permission + for permCursor.Next(ctx) { + var perm schemas.Permission + if err := permCursor.Decode(&perm); err != nil { + return nil, err + } + permissions = append(permissions, perm) + } + + if len(permissions) == 0 { + return nil, nil + } + + // 4. For each permission, check if it has the requested scope + permissionScopeCollection := p.db.Collection(schemas.Collections.PermissionScope, options.Collection()) + permissionPolicyCollection := p.db.Collection(schemas.Collections.PermissionPolicy, options.Collection()) + policyCollection := p.db.Collection(schemas.Collections.Policy, options.Collection()) + policyTargetCollection := p.db.Collection(schemas.Collections.PolicyTarget, options.Collection()) + + var result []*schemas.PermissionWithPolicies + + for _, perm := range permissions { + // Check if this permission has the requested scope + scopeCount, err := permissionScopeCollection.CountDocuments(ctx, bson.M{ + "permission_id": perm.ID, + "scope_id": scope.ID, + }, options.Count()) + if err != nil { + return nil, err + } + if scopeCount == 0 { + continue + } + + // 5. Find permission_policies for this permission + ppCursor, err := permissionPolicyCollection.Find(ctx, bson.M{"permission_id": perm.ID}) + if err != nil { + return nil, err + } + + var permPolicies []schemas.PermissionPolicy + for ppCursor.Next(ctx) { + var pp schemas.PermissionPolicy + if err := ppCursor.Decode(&pp); err != nil { + ppCursor.Close(ctx) + return nil, err + } + permPolicies = append(permPolicies, pp) + } + ppCursor.Close(ctx) + + if len(permPolicies) == 0 { + continue + } + + // 6. For each permission_policy, resolve the policy and its targets + var policiesWithTargets []schemas.PolicyWithTargets + for _, pp := range permPolicies { + var policy schemas.Policy + err := policyCollection.FindOne(ctx, bson.M{"_id": pp.PolicyID}).Decode(&policy) + if err != nil { + return nil, err + } + + // Get targets for this policy + targetCursor, err := policyTargetCollection.Find(ctx, bson.M{"policy_id": policy.ID}) + if err != nil { + return nil, err + } + + var targets []schemas.PolicyTargetView + for targetCursor.Next(ctx) { + var target schemas.PolicyTarget + if err := targetCursor.Decode(&target); err != nil { + targetCursor.Close(ctx) + return nil, err + } + targets = append(targets, schemas.PolicyTargetView{ + TargetType: target.TargetType, + TargetValue: target.TargetValue, + }) + } + targetCursor.Close(ctx) + + policiesWithTargets = append(policiesWithTargets, schemas.PolicyWithTargets{ + PolicyID: policy.ID, + PolicyName: policy.Name, + Type: policy.Type, + Logic: policy.Logic, + DecisionStrategy: policy.DecisionStrategy, + Targets: targets, + }) + } + + result = append(result, &schemas.PermissionWithPolicies{ + PermissionID: perm.ID, + PermissionName: perm.Name, + DecisionStrategy: perm.DecisionStrategy, + Policies: policiesWithTargets, + }) + } + + return result, nil +} diff --git a/internal/storage/db/mongodb/policy.go b/internal/storage/db/mongodb/policy.go new file mode 100644 index 00000000..129aa74e --- /dev/null +++ b/internal/storage/db/mongodb/policy.go @@ -0,0 +1,153 @@ +package mongodb + +import ( + "context" + "fmt" + "time" + + "github.com/google/uuid" + "go.mongodb.org/mongo-driver/bson" + "go.mongodb.org/mongo-driver/mongo/options" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddPolicy creates a new authorization policy. +func (p *provider) AddPolicy(ctx context.Context, policy *schemas.Policy) (*schemas.Policy, error) { + if policy.ID == "" { + policy.ID = uuid.New().String() + } + policy.Key = policy.ID + policy.CreatedAt = time.Now().Unix() + policy.UpdatedAt = time.Now().Unix() + collection := p.db.Collection(schemas.Collections.Policy, options.Collection()) + _, err := collection.InsertOne(ctx, policy) + if err != nil { + return nil, err + } + return policy, nil +} + +// UpdatePolicy updates an existing authorization policy. +func (p *provider) UpdatePolicy(ctx context.Context, policy *schemas.Policy) (*schemas.Policy, error) { + policy.UpdatedAt = time.Now().Unix() + collection := p.db.Collection(schemas.Collections.Policy, options.Collection()) + _, err := collection.UpdateOne(ctx, bson.M{"_id": bson.M{"$eq": policy.ID}}, bson.M{"$set": policy}, options.MergeUpdateOptions()) + if err != nil { + return nil, err + } + return policy, nil +} + +// DeletePolicy deletes an authorization policy by ID. +// Returns an error if any permission_policy references this policy. +// Cascade-deletes associated policy targets. +func (p *provider) DeletePolicy(ctx context.Context, id string) error { + permissionPolicyCollection := p.db.Collection(schemas.Collections.PermissionPolicy, options.Collection()) + count, err := permissionPolicyCollection.CountDocuments(ctx, bson.M{"policy_id": id}, options.Count()) + if err != nil { + return err + } + if count > 0 { + return fmt.Errorf("cannot delete policy: %d permission_policy(s) reference it", count) + } + // Cascade-delete policy targets + policyTargetCollection := p.db.Collection(schemas.Collections.PolicyTarget, options.Collection()) + _, err = policyTargetCollection.DeleteMany(ctx, bson.M{"policy_id": id}, options.Delete()) + if err != nil { + return err + } + collection := p.db.Collection(schemas.Collections.Policy, options.Collection()) + _, err = collection.DeleteOne(ctx, bson.M{"_id": id}, options.Delete()) + if err != nil { + return err + } + return nil +} + +// GetPolicyByID returns an authorization policy by its ID. +func (p *provider) GetPolicyByID(ctx context.Context, id string) (*schemas.Policy, error) { + var policy schemas.Policy + collection := p.db.Collection(schemas.Collections.Policy, options.Collection()) + err := collection.FindOne(ctx, bson.M{"_id": id}).Decode(&policy) + if err != nil { + return nil, err + } + return &policy, nil +} + +// ListPolicies returns a paginated list of authorization policies. +func (p *provider) ListPolicies(ctx context.Context, pagination *model.Pagination) ([]*schemas.Policy, *model.Pagination, error) { + policies := []*schemas.Policy{} + opts := options.Find() + opts.SetLimit(pagination.Limit) + opts.SetSkip(pagination.Offset) + opts.SetSort(bson.M{"created_at": -1}) + paginationClone := pagination + collection := p.db.Collection(schemas.Collections.Policy, options.Collection()) + count, err := collection.CountDocuments(ctx, bson.M{}, options.Count()) + if err != nil { + return nil, nil, err + } + paginationClone.Total = count + cursor, err := collection.Find(ctx, bson.M{}, opts) + if err != nil { + return nil, nil, err + } + defer cursor.Close(ctx) + for cursor.Next(ctx) { + var policy *schemas.Policy + err := cursor.Decode(&policy) + if err != nil { + return nil, nil, err + } + policies = append(policies, policy) + } + return policies, paginationClone, nil +} + +// AddPolicyTarget adds a target (role name or user ID) to a policy. +func (p *provider) AddPolicyTarget(ctx context.Context, target *schemas.PolicyTarget) (*schemas.PolicyTarget, error) { + if target.ID == "" { + target.ID = uuid.New().String() + } + target.Key = target.ID + target.CreatedAt = time.Now().Unix() + collection := p.db.Collection(schemas.Collections.PolicyTarget, options.Collection()) + _, err := collection.InsertOne(ctx, target) + if err != nil { + return nil, err + } + return target, nil +} + +// DeletePolicyTargetsByPolicyID removes all targets for a policy. +func (p *provider) DeletePolicyTargetsByPolicyID(ctx context.Context, policyID string) error { + collection := p.db.Collection(schemas.Collections.PolicyTarget, options.Collection()) + _, err := collection.DeleteMany(ctx, bson.M{"policy_id": policyID}, options.Delete()) + if err != nil { + return err + } + return nil +} + +// GetPolicyTargets returns all targets for a policy. +func (p *provider) GetPolicyTargets(ctx context.Context, policyID string) ([]*schemas.PolicyTarget, error) { + targets := []*schemas.PolicyTarget{} + collection := p.db.Collection(schemas.Collections.PolicyTarget, options.Collection()) + cursor, err := collection.Find(ctx, bson.M{"policy_id": policyID}) + if err != nil { + return nil, err + } + defer cursor.Close(ctx) + for cursor.Next(ctx) { + var target *schemas.PolicyTarget + err := cursor.Decode(&target) + if err != nil { + return nil, err + } + targets = append(targets, target) + } + return targets, nil +} diff --git a/internal/storage/db/mongodb/resource.go b/internal/storage/db/mongodb/resource.go new file mode 100644 index 00000000..f77cd73d --- /dev/null +++ b/internal/storage/db/mongodb/resource.go @@ -0,0 +1,112 @@ +package mongodb + +import ( + "context" + "fmt" + "time" + + "github.com/google/uuid" + "go.mongodb.org/mongo-driver/bson" + "go.mongodb.org/mongo-driver/mongo/options" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddResource creates a new authorization resource. +func (p *provider) AddResource(ctx context.Context, resource *schemas.Resource) (*schemas.Resource, error) { + if resource.ID == "" { + resource.ID = uuid.New().String() + } + resource.Key = resource.ID + resource.CreatedAt = time.Now().Unix() + resource.UpdatedAt = time.Now().Unix() + collection := p.db.Collection(schemas.Collections.Resource, options.Collection()) + _, err := collection.InsertOne(ctx, resource) + if err != nil { + return nil, err + } + return resource, nil +} + +// UpdateResource updates an existing authorization resource. +func (p *provider) UpdateResource(ctx context.Context, resource *schemas.Resource) (*schemas.Resource, error) { + resource.UpdatedAt = time.Now().Unix() + collection := p.db.Collection(schemas.Collections.Resource, options.Collection()) + _, err := collection.UpdateOne(ctx, bson.M{"_id": bson.M{"$eq": resource.ID}}, bson.M{"$set": resource}, options.MergeUpdateOptions()) + if err != nil { + return nil, err + } + return resource, nil +} + +// DeleteResource deletes an authorization resource by ID. +// Returns an error if any permission references this resource. +func (p *provider) DeleteResource(ctx context.Context, id string) error { + permissionCollection := p.db.Collection(schemas.Collections.Permission, options.Collection()) + count, err := permissionCollection.CountDocuments(ctx, bson.M{"resource_id": id}, options.Count()) + if err != nil { + return err + } + if count > 0 { + return fmt.Errorf("cannot delete resource: %d permission(s) reference it", count) + } + collection := p.db.Collection(schemas.Collections.Resource, options.Collection()) + _, err = collection.DeleteOne(ctx, bson.M{"_id": id}, options.Delete()) + if err != nil { + return err + } + return nil +} + +// GetResourceByID returns an authorization resource by its ID. +func (p *provider) GetResourceByID(ctx context.Context, id string) (*schemas.Resource, error) { + var resource schemas.Resource + collection := p.db.Collection(schemas.Collections.Resource, options.Collection()) + err := collection.FindOne(ctx, bson.M{"_id": id}).Decode(&resource) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetResourceByName returns an authorization resource by its unique name. +func (p *provider) GetResourceByName(ctx context.Context, name string) (*schemas.Resource, error) { + var resource schemas.Resource + collection := p.db.Collection(schemas.Collections.Resource, options.Collection()) + err := collection.FindOne(ctx, bson.M{"name": name}).Decode(&resource) + if err != nil { + return nil, err + } + return &resource, nil +} + +// ListResources returns a paginated list of authorization resources. +func (p *provider) ListResources(ctx context.Context, pagination *model.Pagination) ([]*schemas.Resource, *model.Pagination, error) { + resources := []*schemas.Resource{} + opts := options.Find() + opts.SetLimit(pagination.Limit) + opts.SetSkip(pagination.Offset) + opts.SetSort(bson.M{"created_at": -1}) + paginationClone := pagination + collection := p.db.Collection(schemas.Collections.Resource, options.Collection()) + count, err := collection.CountDocuments(ctx, bson.M{}, options.Count()) + if err != nil { + return nil, nil, err + } + paginationClone.Total = count + cursor, err := collection.Find(ctx, bson.M{}, opts) + if err != nil { + return nil, nil, err + } + defer cursor.Close(ctx) + for cursor.Next(ctx) { + var resource *schemas.Resource + err := cursor.Decode(&resource) + if err != nil { + return nil, nil, err + } + resources = append(resources, resource) + } + return resources, paginationClone, nil +} diff --git a/internal/storage/db/mongodb/scope.go b/internal/storage/db/mongodb/scope.go new file mode 100644 index 00000000..4d942217 --- /dev/null +++ b/internal/storage/db/mongodb/scope.go @@ -0,0 +1,112 @@ +package mongodb + +import ( + "context" + "fmt" + "time" + + "github.com/google/uuid" + "go.mongodb.org/mongo-driver/bson" + "go.mongodb.org/mongo-driver/mongo/options" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddScope creates a new authorization scope. +func (p *provider) AddScope(ctx context.Context, scope *schemas.Scope) (*schemas.Scope, error) { + if scope.ID == "" { + scope.ID = uuid.New().String() + } + scope.Key = scope.ID + scope.CreatedAt = time.Now().Unix() + scope.UpdatedAt = time.Now().Unix() + collection := p.db.Collection(schemas.Collections.Scope, options.Collection()) + _, err := collection.InsertOne(ctx, scope) + if err != nil { + return nil, err + } + return scope, nil +} + +// UpdateScope updates an existing authorization scope. +func (p *provider) UpdateScope(ctx context.Context, scope *schemas.Scope) (*schemas.Scope, error) { + scope.UpdatedAt = time.Now().Unix() + collection := p.db.Collection(schemas.Collections.Scope, options.Collection()) + _, err := collection.UpdateOne(ctx, bson.M{"_id": bson.M{"$eq": scope.ID}}, bson.M{"$set": scope}, options.MergeUpdateOptions()) + if err != nil { + return nil, err + } + return scope, nil +} + +// DeleteScope deletes an authorization scope by ID. +// Returns an error if any permission_scope references this scope. +func (p *provider) DeleteScope(ctx context.Context, id string) error { + permissionScopeCollection := p.db.Collection(schemas.Collections.PermissionScope, options.Collection()) + count, err := permissionScopeCollection.CountDocuments(ctx, bson.M{"scope_id": id}, options.Count()) + if err != nil { + return err + } + if count > 0 { + return fmt.Errorf("cannot delete scope: %d permission_scope(s) reference it", count) + } + collection := p.db.Collection(schemas.Collections.Scope, options.Collection()) + _, err = collection.DeleteOne(ctx, bson.M{"_id": id}, options.Delete()) + if err != nil { + return err + } + return nil +} + +// GetScopeByID returns an authorization scope by its ID. +func (p *provider) GetScopeByID(ctx context.Context, id string) (*schemas.Scope, error) { + var scope schemas.Scope + collection := p.db.Collection(schemas.Collections.Scope, options.Collection()) + err := collection.FindOne(ctx, bson.M{"_id": id}).Decode(&scope) + if err != nil { + return nil, err + } + return &scope, nil +} + +// GetScopeByName returns an authorization scope by its unique name. +func (p *provider) GetScopeByName(ctx context.Context, name string) (*schemas.Scope, error) { + var scope schemas.Scope + collection := p.db.Collection(schemas.Collections.Scope, options.Collection()) + err := collection.FindOne(ctx, bson.M{"name": name}).Decode(&scope) + if err != nil { + return nil, err + } + return &scope, nil +} + +// ListScopes returns a paginated list of authorization scopes. +func (p *provider) ListScopes(ctx context.Context, pagination *model.Pagination) ([]*schemas.Scope, *model.Pagination, error) { + scopes := []*schemas.Scope{} + opts := options.Find() + opts.SetLimit(pagination.Limit) + opts.SetSkip(pagination.Offset) + opts.SetSort(bson.M{"created_at": -1}) + paginationClone := pagination + collection := p.db.Collection(schemas.Collections.Scope, options.Collection()) + count, err := collection.CountDocuments(ctx, bson.M{}, options.Count()) + if err != nil { + return nil, nil, err + } + paginationClone.Total = count + cursor, err := collection.Find(ctx, bson.M{}, opts) + if err != nil { + return nil, nil, err + } + defer cursor.Close(ctx) + for cursor.Next(ctx) { + var scope *schemas.Scope + err := cursor.Decode(&scope) + if err != nil { + return nil, nil, err + } + scopes = append(scopes, scope) + } + return scopes, paginationClone, nil +} diff --git a/internal/storage/db/sql/permission.go b/internal/storage/db/sql/permission.go new file mode 100644 index 00000000..51dc80a5 --- /dev/null +++ b/internal/storage/db/sql/permission.go @@ -0,0 +1,250 @@ +package sql + +import ( + "context" + "fmt" + "time" + + "github.com/google/uuid" + "gorm.io/gorm/clause" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddPermission creates a new authorization permission. +func (p *provider) AddPermission(ctx context.Context, permission *schemas.Permission) (*schemas.Permission, error) { + if permission.ID == "" { + permission.ID = uuid.New().String() + } + permission.Key = permission.ID + permission.CreatedAt = time.Now().Unix() + permission.UpdatedAt = time.Now().Unix() + res := p.db.Clauses(clause.OnConflict{DoNothing: true}).Create(&permission) + if res.Error != nil { + return nil, res.Error + } + if res.RowsAffected == 0 { + return nil, fmt.Errorf("permission already exists: %s", permission.Name) + } + return permission, nil +} + +// UpdatePermission updates an existing authorization permission. +func (p *provider) UpdatePermission(ctx context.Context, permission *schemas.Permission) (*schemas.Permission, error) { + permission.UpdatedAt = time.Now().Unix() + result := p.db.Save(&permission) + if result.Error != nil { + return nil, result.Error + } + return permission, nil +} + +// DeletePermission deletes an authorization permission by ID. +// Cascade-deletes associated permission_scopes and permission_policies. +func (p *provider) DeletePermission(ctx context.Context, id string) error { + result := p.db.Where("permission_id = ?", id).Delete(&schemas.PermissionScope{}) + if result.Error != nil { + return result.Error + } + result = p.db.Where("permission_id = ?", id).Delete(&schemas.PermissionPolicy{}) + if result.Error != nil { + return result.Error + } + result = p.db.Where("id = ?", id).Delete(&schemas.Permission{}) + if result.Error != nil { + return result.Error + } + return nil +} + +// GetPermissionByID returns an authorization permission by its ID. +func (p *provider) GetPermissionByID(ctx context.Context, id string) (*schemas.Permission, error) { + var permission schemas.Permission + result := p.db.Where("id = ?", id).First(&permission) + if result.Error != nil { + return nil, result.Error + } + return &permission, nil +} + +// ListPermissions returns a paginated list of authorization permissions. +func (p *provider) ListPermissions(ctx context.Context, pagination *model.Pagination) ([]*schemas.Permission, *model.Pagination, error) { + var permissions []*schemas.Permission + result := p.db.Limit(int(pagination.Limit)).Offset(int(pagination.Offset)).Order("created_at DESC").Find(&permissions) + if result.Error != nil { + return nil, nil, result.Error + } + var total int64 + totalRes := p.db.Model(&schemas.Permission{}).Count(&total) + if totalRes.Error != nil { + return nil, nil, totalRes.Error + } + paginationClone := pagination + paginationClone.Total = total + return permissions, paginationClone, nil +} + +// AddPermissionScope links a scope to a permission. +func (p *provider) AddPermissionScope(ctx context.Context, ps *schemas.PermissionScope) (*schemas.PermissionScope, error) { + if ps.ID == "" { + ps.ID = uuid.New().String() + } + ps.Key = ps.ID + ps.CreatedAt = time.Now().Unix() + res := p.db.Clauses(clause.OnConflict{DoNothing: true}).Create(&ps) + if res.Error != nil { + return nil, res.Error + } + return ps, nil +} + +// DeletePermissionScopesByPermissionID removes all scope links for a permission. +func (p *provider) DeletePermissionScopesByPermissionID(ctx context.Context, permissionID string) error { + result := p.db.Where("permission_id = ?", permissionID).Delete(&schemas.PermissionScope{}) + if result.Error != nil { + return result.Error + } + return nil +} + +// GetPermissionScopes returns all scope links for a permission. +func (p *provider) GetPermissionScopes(ctx context.Context, permissionID string) ([]*schemas.PermissionScope, error) { + var scopes []*schemas.PermissionScope + result := p.db.Where("permission_id = ?", permissionID).Find(&scopes) + if result.Error != nil { + return nil, result.Error + } + return scopes, nil +} + +// AddPermissionPolicy links a policy to a permission. +func (p *provider) AddPermissionPolicy(ctx context.Context, pp *schemas.PermissionPolicy) (*schemas.PermissionPolicy, error) { + if pp.ID == "" { + pp.ID = uuid.New().String() + } + pp.Key = pp.ID + pp.CreatedAt = time.Now().Unix() + res := p.db.Clauses(clause.OnConflict{DoNothing: true}).Create(&pp) + if res.Error != nil { + return nil, res.Error + } + return pp, nil +} + +// DeletePermissionPoliciesByPermissionID removes all policy links for a permission. +func (p *provider) DeletePermissionPoliciesByPermissionID(ctx context.Context, permissionID string) error { + result := p.db.Where("permission_id = ?", permissionID).Delete(&schemas.PermissionPolicy{}) + if result.Error != nil { + return result.Error + } + return nil +} + +// GetPermissionPolicies returns all policy links for a permission. +func (p *provider) GetPermissionPolicies(ctx context.Context, permissionID string) ([]*schemas.PermissionPolicy, error) { + var policies []*schemas.PermissionPolicy + result := p.db.Where("permission_id = ?", permissionID).Find(&policies) + if result.Error != nil { + return nil, result.Error + } + return policies, nil +} + +// permissionRow is an intermediate struct for scanning the multi-JOIN query result +// in GetPermissionsForResourceScope. +type permissionRow struct { + PermissionID string `gorm:"column:permission_id"` + PermissionName string `gorm:"column:permission_name"` + DecisionStrategy string `gorm:"column:decision_strategy"` + PolicyID string `gorm:"column:policy_id"` + PolicyName string `gorm:"column:policy_name"` + PolicyType string `gorm:"column:policy_type"` + PolicyLogic string `gorm:"column:policy_logic"` + PolicyDecisionStrategy string `gorm:"column:policy_decision_strategy"` + TargetType string `gorm:"column:target_type"` + TargetValue string `gorm:"column:target_value"` +} + +// GetPermissionsForResourceScope returns all permissions (with their policies and targets) +// that match a given resource name and scope name. This is the hot-path query used by +// the evaluation engine. +func (p *provider) GetPermissionsForResourceScope(ctx context.Context, resourceName string, scopeName string) ([]*schemas.PermissionWithPolicies, error) { + query := `SELECT p.id AS permission_id, p.name AS permission_name, p.decision_strategy, + pol.id AS policy_id, pol.name AS policy_name, pol.type AS policy_type, pol.logic AS policy_logic, pol.decision_strategy AS policy_decision_strategy, + pt.target_type, pt.target_value +FROM ` + schemas.Prefix + `permissions p +JOIN ` + schemas.Prefix + `resources r ON r.id = p.resource_id +JOIN ` + schemas.Prefix + `permission_scopes ps ON ps.permission_id = p.id +JOIN ` + schemas.Prefix + `scopes s ON s.id = ps.scope_id +JOIN ` + schemas.Prefix + `permission_policies pp ON pp.permission_id = p.id +JOIN ` + schemas.Prefix + `policies pol ON pol.id = pp.policy_id +JOIN ` + schemas.Prefix + `policy_targets pt ON pt.policy_id = pol.id +WHERE r.name = ? AND s.name = ?` + + var rows []permissionRow + result := p.db.Raw(query, resourceName, scopeName).Scan(&rows) + if result.Error != nil { + return nil, result.Error + } + + return groupPermissionRows(rows), nil +} + +// groupPermissionRows groups flat permissionRow results into nested PermissionWithPolicies structs. +func groupPermissionRows(rows []permissionRow) []*schemas.PermissionWithPolicies { + // Track insertion order for permissions and policies + permOrder := make([]string, 0) + permMap := make(map[string]*schemas.PermissionWithPolicies) + policyOrderMap := make(map[string][]string) // permissionID -> ordered policy IDs + policyMap := make(map[string]*schemas.PolicyWithTargets) // "permID:polID" -> policy + + for _, row := range rows { + // Ensure permission exists + perm, ok := permMap[row.PermissionID] + if !ok { + perm = &schemas.PermissionWithPolicies{ + PermissionID: row.PermissionID, + PermissionName: row.PermissionName, + DecisionStrategy: row.DecisionStrategy, + Policies: nil, + } + permMap[row.PermissionID] = perm + permOrder = append(permOrder, row.PermissionID) + } + + // Ensure policy exists within this permission + policyKey := row.PermissionID + ":" + row.PolicyID + pol, ok := policyMap[policyKey] + if !ok { + pol = &schemas.PolicyWithTargets{ + PolicyID: row.PolicyID, + PolicyName: row.PolicyName, + Type: row.PolicyType, + Logic: row.PolicyLogic, + DecisionStrategy: row.PolicyDecisionStrategy, + Targets: nil, + } + policyMap[policyKey] = pol + policyOrderMap[row.PermissionID] = append(policyOrderMap[row.PermissionID], policyKey) + } + + // Add target + pol.Targets = append(pol.Targets, schemas.PolicyTargetView{ + TargetType: row.TargetType, + TargetValue: row.TargetValue, + }) + } + + // Assemble in order + result := make([]*schemas.PermissionWithPolicies, 0, len(permOrder)) + for _, permID := range permOrder { + perm := permMap[permID] + for _, policyKey := range policyOrderMap[permID] { + pol := policyMap[policyKey] + perm.Policies = append(perm.Policies, *pol) + } + result = append(result, perm) + } + return result +} diff --git a/internal/storage/db/sql/policy.go b/internal/storage/db/sql/policy.go new file mode 100644 index 00000000..41acec57 --- /dev/null +++ b/internal/storage/db/sql/policy.go @@ -0,0 +1,122 @@ +package sql + +import ( + "context" + "fmt" + "time" + + "github.com/google/uuid" + "gorm.io/gorm/clause" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddPolicy creates a new authorization policy. +func (p *provider) AddPolicy(ctx context.Context, policy *schemas.Policy) (*schemas.Policy, error) { + if policy.ID == "" { + policy.ID = uuid.New().String() + } + policy.Key = policy.ID + policy.CreatedAt = time.Now().Unix() + policy.UpdatedAt = time.Now().Unix() + res := p.db.Clauses(clause.OnConflict{DoNothing: true}).Create(&policy) + if res.Error != nil { + return nil, res.Error + } + if res.RowsAffected == 0 { + return nil, fmt.Errorf("policy already exists: %s", policy.Name) + } + return policy, nil +} + +// UpdatePolicy updates an existing authorization policy. +func (p *provider) UpdatePolicy(ctx context.Context, policy *schemas.Policy) (*schemas.Policy, error) { + policy.UpdatedAt = time.Now().Unix() + result := p.db.Save(&policy) + if result.Error != nil { + return nil, result.Error + } + return policy, nil +} + +// DeletePolicy deletes an authorization policy by ID. +// Returns an error if any permission_policy references this policy. +// Cascade-deletes associated policy targets. +func (p *provider) DeletePolicy(ctx context.Context, id string) error { + var count int64 + p.db.Model(&schemas.PermissionPolicy{}).Where("policy_id = ?", id).Count(&count) + if count > 0 { + return fmt.Errorf("cannot delete policy: %d permission_policy(s) reference it", count) + } + // Cascade-delete policy targets + result := p.db.Where("policy_id = ?", id).Delete(&schemas.PolicyTarget{}) + if result.Error != nil { + return result.Error + } + result = p.db.Where("id = ?", id).Delete(&schemas.Policy{}) + if result.Error != nil { + return result.Error + } + return nil +} + +// GetPolicyByID returns an authorization policy by its ID. +func (p *provider) GetPolicyByID(ctx context.Context, id string) (*schemas.Policy, error) { + var policy schemas.Policy + result := p.db.Where("id = ?", id).First(&policy) + if result.Error != nil { + return nil, result.Error + } + return &policy, nil +} + +// ListPolicies returns a paginated list of authorization policies. +func (p *provider) ListPolicies(ctx context.Context, pagination *model.Pagination) ([]*schemas.Policy, *model.Pagination, error) { + var policies []*schemas.Policy + result := p.db.Limit(int(pagination.Limit)).Offset(int(pagination.Offset)).Order("created_at DESC").Find(&policies) + if result.Error != nil { + return nil, nil, result.Error + } + var total int64 + totalRes := p.db.Model(&schemas.Policy{}).Count(&total) + if totalRes.Error != nil { + return nil, nil, totalRes.Error + } + paginationClone := pagination + paginationClone.Total = total + return policies, paginationClone, nil +} + +// AddPolicyTarget adds a target (role name or user ID) to a policy. +func (p *provider) AddPolicyTarget(ctx context.Context, target *schemas.PolicyTarget) (*schemas.PolicyTarget, error) { + if target.ID == "" { + target.ID = uuid.New().String() + } + target.Key = target.ID + target.CreatedAt = time.Now().Unix() + res := p.db.Clauses(clause.OnConflict{DoNothing: true}).Create(&target) + if res.Error != nil { + return nil, res.Error + } + return target, nil +} + +// DeletePolicyTargetsByPolicyID removes all targets for a policy. +func (p *provider) DeletePolicyTargetsByPolicyID(ctx context.Context, policyID string) error { + result := p.db.Where("policy_id = ?", policyID).Delete(&schemas.PolicyTarget{}) + if result.Error != nil { + return result.Error + } + return nil +} + +// GetPolicyTargets returns all targets for a policy. +func (p *provider) GetPolicyTargets(ctx context.Context, policyID string) ([]*schemas.PolicyTarget, error) { + var targets []*schemas.PolicyTarget + result := p.db.Where("policy_id = ?", policyID).Find(&targets) + if result.Error != nil { + return nil, result.Error + } + return targets, nil +} diff --git a/internal/storage/db/sql/provider.go b/internal/storage/db/sql/provider.go index c9c7eaa0..495c1551 100644 --- a/internal/storage/db/sql/provider.go +++ b/internal/storage/db/sql/provider.go @@ -83,7 +83,7 @@ func NewProvider( } } - err = sqlDB.AutoMigrate(&schemas.User{}, &schemas.VerificationRequest{}, &schemas.Session{}, &schemas.Env{}, &schemas.Webhook{}, &schemas.WebhookLog{}, &schemas.EmailTemplate{}, &schemas.OTP{}, &schemas.Authenticator{}, &schemas.SessionToken{}, &schemas.MFASession{}, &schemas.OAuthState{}, &schemas.AuditLog{}) + err = sqlDB.AutoMigrate(&schemas.User{}, &schemas.VerificationRequest{}, &schemas.Session{}, &schemas.Env{}, &schemas.Webhook{}, &schemas.WebhookLog{}, &schemas.EmailTemplate{}, &schemas.OTP{}, &schemas.Authenticator{}, &schemas.SessionToken{}, &schemas.MFASession{}, &schemas.OAuthState{}, &schemas.AuditLog{}, &schemas.Resource{}, &schemas.Scope{}, &schemas.Policy{}, &schemas.PolicyTarget{}, &schemas.Permission{}, &schemas.PermissionScope{}, &schemas.PermissionPolicy{}) if err != nil { return nil, err } diff --git a/internal/storage/db/sql/resource.go b/internal/storage/db/sql/resource.go new file mode 100644 index 00000000..12b3d8cb --- /dev/null +++ b/internal/storage/db/sql/resource.go @@ -0,0 +1,93 @@ +package sql + +import ( + "context" + "fmt" + "time" + + "github.com/google/uuid" + "gorm.io/gorm/clause" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddResource creates a new authorization resource. +func (p *provider) AddResource(ctx context.Context, resource *schemas.Resource) (*schemas.Resource, error) { + if resource.ID == "" { + resource.ID = uuid.New().String() + } + resource.Key = resource.ID + resource.CreatedAt = time.Now().Unix() + resource.UpdatedAt = time.Now().Unix() + res := p.db.Clauses(clause.OnConflict{DoNothing: true}).Create(&resource) + if res.Error != nil { + return nil, res.Error + } + if res.RowsAffected == 0 { + return nil, fmt.Errorf("resource already exists: %s", resource.Name) + } + return resource, nil +} + +// UpdateResource updates an existing authorization resource. +func (p *provider) UpdateResource(ctx context.Context, resource *schemas.Resource) (*schemas.Resource, error) { + resource.UpdatedAt = time.Now().Unix() + result := p.db.Save(&resource) + if result.Error != nil { + return nil, result.Error + } + return resource, nil +} + +// DeleteResource deletes an authorization resource by ID. +// Returns an error if any permission references this resource. +func (p *provider) DeleteResource(ctx context.Context, id string) error { + var count int64 + p.db.Model(&schemas.Permission{}).Where("resource_id = ?", id).Count(&count) + if count > 0 { + return fmt.Errorf("cannot delete resource: %d permission(s) reference it", count) + } + result := p.db.Where("id = ?", id).Delete(&schemas.Resource{}) + if result.Error != nil { + return result.Error + } + return nil +} + +// GetResourceByID returns an authorization resource by its ID. +func (p *provider) GetResourceByID(ctx context.Context, id string) (*schemas.Resource, error) { + var resource schemas.Resource + result := p.db.Where("id = ?", id).First(&resource) + if result.Error != nil { + return nil, result.Error + } + return &resource, nil +} + +// GetResourceByName returns an authorization resource by its unique name. +func (p *provider) GetResourceByName(ctx context.Context, name string) (*schemas.Resource, error) { + var resource schemas.Resource + result := p.db.Where("name = ?", name).First(&resource) + if result.Error != nil { + return nil, result.Error + } + return &resource, nil +} + +// ListResources returns a paginated list of authorization resources. +func (p *provider) ListResources(ctx context.Context, pagination *model.Pagination) ([]*schemas.Resource, *model.Pagination, error) { + var resources []*schemas.Resource + result := p.db.Limit(int(pagination.Limit)).Offset(int(pagination.Offset)).Order("created_at DESC").Find(&resources) + if result.Error != nil { + return nil, nil, result.Error + } + var total int64 + totalRes := p.db.Model(&schemas.Resource{}).Count(&total) + if totalRes.Error != nil { + return nil, nil, totalRes.Error + } + paginationClone := pagination + paginationClone.Total = total + return resources, paginationClone, nil +} diff --git a/internal/storage/db/sql/scope.go b/internal/storage/db/sql/scope.go new file mode 100644 index 00000000..93bb0987 --- /dev/null +++ b/internal/storage/db/sql/scope.go @@ -0,0 +1,93 @@ +package sql + +import ( + "context" + "fmt" + "time" + + "github.com/google/uuid" + "gorm.io/gorm/clause" + + "github.com/authorizerdev/authorizer/internal/graph/model" + "github.com/authorizerdev/authorizer/internal/storage/schemas" +) + +// AddScope creates a new authorization scope. +func (p *provider) AddScope(ctx context.Context, scope *schemas.Scope) (*schemas.Scope, error) { + if scope.ID == "" { + scope.ID = uuid.New().String() + } + scope.Key = scope.ID + scope.CreatedAt = time.Now().Unix() + scope.UpdatedAt = time.Now().Unix() + res := p.db.Clauses(clause.OnConflict{DoNothing: true}).Create(&scope) + if res.Error != nil { + return nil, res.Error + } + if res.RowsAffected == 0 { + return nil, fmt.Errorf("scope already exists: %s", scope.Name) + } + return scope, nil +} + +// UpdateScope updates an existing authorization scope. +func (p *provider) UpdateScope(ctx context.Context, scope *schemas.Scope) (*schemas.Scope, error) { + scope.UpdatedAt = time.Now().Unix() + result := p.db.Save(&scope) + if result.Error != nil { + return nil, result.Error + } + return scope, nil +} + +// DeleteScope deletes an authorization scope by ID. +// Returns an error if any permission_scope references this scope. +func (p *provider) DeleteScope(ctx context.Context, id string) error { + var count int64 + p.db.Model(&schemas.PermissionScope{}).Where("scope_id = ?", id).Count(&count) + if count > 0 { + return fmt.Errorf("cannot delete scope: %d permission_scope(s) reference it", count) + } + result := p.db.Where("id = ?", id).Delete(&schemas.Scope{}) + if result.Error != nil { + return result.Error + } + return nil +} + +// GetScopeByID returns an authorization scope by its ID. +func (p *provider) GetScopeByID(ctx context.Context, id string) (*schemas.Scope, error) { + var scope schemas.Scope + result := p.db.Where("id = ?", id).First(&scope) + if result.Error != nil { + return nil, result.Error + } + return &scope, nil +} + +// GetScopeByName returns an authorization scope by its unique name. +func (p *provider) GetScopeByName(ctx context.Context, name string) (*schemas.Scope, error) { + var scope schemas.Scope + result := p.db.Where("name = ?", name).First(&scope) + if result.Error != nil { + return nil, result.Error + } + return &scope, nil +} + +// ListScopes returns a paginated list of authorization scopes. +func (p *provider) ListScopes(ctx context.Context, pagination *model.Pagination) ([]*schemas.Scope, *model.Pagination, error) { + var scopes []*schemas.Scope + result := p.db.Limit(int(pagination.Limit)).Offset(int(pagination.Offset)).Order("created_at DESC").Find(&scopes) + if result.Error != nil { + return nil, nil, result.Error + } + var total int64 + totalRes := p.db.Model(&schemas.Scope{}).Count(&total) + if totalRes.Error != nil { + return nil, nil, totalRes.Error + } + paginationClone := pagination + paginationClone.Total = total + return scopes, paginationClone, nil +} diff --git a/internal/storage/provider.go b/internal/storage/provider.go index bbf1b551..4854dc1f 100644 --- a/internal/storage/provider.go +++ b/internal/storage/provider.go @@ -174,6 +174,101 @@ type Provider interface { // Close releases resources held by the provider (e.g. database connection pools). Close() error + + // === Authorization: Resources === + + // AddResource creates a new authorization resource. + AddResource(ctx context.Context, resource *schemas.Resource) (*schemas.Resource, error) + // UpdateResource updates an existing authorization resource. + UpdateResource(ctx context.Context, resource *schemas.Resource) (*schemas.Resource, error) + // DeleteResource deletes an authorization resource by ID. + // Returns an error if any permission references this resource. + DeleteResource(ctx context.Context, id string) error + // GetResourceByID returns an authorization resource by its ID. + GetResourceByID(ctx context.Context, id string) (*schemas.Resource, error) + // GetResourceByName returns an authorization resource by its unique name. + GetResourceByName(ctx context.Context, name string) (*schemas.Resource, error) + // ListResources returns a paginated list of authorization resources. + ListResources(ctx context.Context, pagination *model.Pagination) ([]*schemas.Resource, *model.Pagination, error) + + // === Authorization: Scopes === + + // AddScope creates a new authorization scope. + AddScope(ctx context.Context, scope *schemas.Scope) (*schemas.Scope, error) + // UpdateScope updates an existing authorization scope. + UpdateScope(ctx context.Context, scope *schemas.Scope) (*schemas.Scope, error) + // DeleteScope deletes an authorization scope by ID. + // Returns an error if any permission_scope references this scope. + DeleteScope(ctx context.Context, id string) error + // GetScopeByID returns an authorization scope by its ID. + GetScopeByID(ctx context.Context, id string) (*schemas.Scope, error) + // GetScopeByName returns an authorization scope by its unique name. + GetScopeByName(ctx context.Context, name string) (*schemas.Scope, error) + // ListScopes returns a paginated list of authorization scopes. + ListScopes(ctx context.Context, pagination *model.Pagination) ([]*schemas.Scope, *model.Pagination, error) + + // === Authorization: Policies === + + // AddPolicy creates a new authorization policy. + AddPolicy(ctx context.Context, policy *schemas.Policy) (*schemas.Policy, error) + // UpdatePolicy updates an existing authorization policy. + UpdatePolicy(ctx context.Context, policy *schemas.Policy) (*schemas.Policy, error) + // DeletePolicy deletes an authorization policy by ID. + // Returns an error if any permission_policy references this policy. + DeletePolicy(ctx context.Context, id string) error + // GetPolicyByID returns an authorization policy by its ID. + GetPolicyByID(ctx context.Context, id string) (*schemas.Policy, error) + // ListPolicies returns a paginated list of authorization policies. + ListPolicies(ctx context.Context, pagination *model.Pagination) ([]*schemas.Policy, *model.Pagination, error) + + // === Authorization: Policy Targets === + + // AddPolicyTarget adds a target (role name or user ID) to a policy. + AddPolicyTarget(ctx context.Context, target *schemas.PolicyTarget) (*schemas.PolicyTarget, error) + // DeletePolicyTargetsByPolicyID removes all targets for a policy. + // Used during policy update to replace targets atomically. + DeletePolicyTargetsByPolicyID(ctx context.Context, policyID string) error + // GetPolicyTargets returns all targets for a policy. + GetPolicyTargets(ctx context.Context, policyID string) ([]*schemas.PolicyTarget, error) + + // === Authorization: Permissions === + + // AddPermission creates a new authorization permission. + AddPermission(ctx context.Context, permission *schemas.Permission) (*schemas.Permission, error) + // UpdatePermission updates an existing authorization permission. + UpdatePermission(ctx context.Context, permission *schemas.Permission) (*schemas.Permission, error) + // DeletePermission deletes an authorization permission by ID. + DeletePermission(ctx context.Context, id string) error + // GetPermissionByID returns an authorization permission by its ID. + GetPermissionByID(ctx context.Context, id string) (*schemas.Permission, error) + // ListPermissions returns a paginated list of authorization permissions. + ListPermissions(ctx context.Context, pagination *model.Pagination) ([]*schemas.Permission, *model.Pagination, error) + + // === Authorization: Permission Scopes (join table) === + + // AddPermissionScope links a scope to a permission. + AddPermissionScope(ctx context.Context, ps *schemas.PermissionScope) (*schemas.PermissionScope, error) + // DeletePermissionScopesByPermissionID removes all scope links for a permission. + DeletePermissionScopesByPermissionID(ctx context.Context, permissionID string) error + // GetPermissionScopes returns all scope links for a permission. + GetPermissionScopes(ctx context.Context, permissionID string) ([]*schemas.PermissionScope, error) + + // === Authorization: Permission Policies (join table) === + + // AddPermissionPolicy links a policy to a permission. + AddPermissionPolicy(ctx context.Context, pp *schemas.PermissionPolicy) (*schemas.PermissionPolicy, error) + // DeletePermissionPoliciesByPermissionID removes all policy links for a permission. + DeletePermissionPoliciesByPermissionID(ctx context.Context, permissionID string) error + // GetPermissionPolicies returns all policy links for a permission. + GetPermissionPolicies(ctx context.Context, permissionID string) ([]*schemas.PermissionPolicy, error) + + // === Authorization: Optimized Evaluation Query === + + // GetPermissionsForResourceScope returns all permissions (with their policies and targets) + // that match a given resource name and scope name. This is the hot-path query used by + // the evaluation engine. SQL providers use a single JOIN query. NoSQL providers use + // a denormalized lookup collection. + GetPermissionsForResourceScope(ctx context.Context, resourceName string, scopeName string) ([]*schemas.PermissionWithPolicies, error) } // New creates a new database provider based on the configuration diff --git a/internal/storage/schemas/model.go b/internal/storage/schemas/model.go index 43f4e464..86653692 100644 --- a/internal/storage/schemas/model.go +++ b/internal/storage/schemas/model.go @@ -16,6 +16,14 @@ type CollectionList struct { MFASession string OAuthState string AuditLog string + // Authorization tables + Resource string + Scope string + Policy string + PolicyTarget string + Permission string + PermissionScope string + PermissionPolicy string } var ( @@ -37,5 +45,13 @@ var ( MFASession: Prefix + "mfa_sessions", OAuthState: Prefix + "oauth_states", AuditLog: Prefix + "audit_logs", + // Authorization collections + Resource: Prefix + "resources", + Scope: Prefix + "scopes", + Policy: Prefix + "policies", + PolicyTarget: Prefix + "policy_targets", + Permission: Prefix + "permissions", + PermissionScope: Prefix + "permission_scopes", + PermissionPolicy: Prefix + "permission_policies", } ) diff --git a/internal/storage/schemas/permission.go b/internal/storage/schemas/permission.go new file mode 100644 index 00000000..1ad7e20f --- /dev/null +++ b/internal/storage/schemas/permission.go @@ -0,0 +1,112 @@ +package schemas + +import "github.com/authorizerdev/authorizer/internal/graph/model" + +// Permission is the binding layer of the authorization model. +// It connects a Resource to Scopes (via PermissionScope) and Policies (via PermissionPolicy). +// A permission answers: "WHO can do WHAT on WHICH resource?" +type Permission struct { + // ID is the unique identifier (UUID v4). + ID string `json:"id" gorm:"primaryKey;type:char(36)" bson:"_id" cql:"id" dynamo:"id,hash"` + // Key is an alias for ID used by some NoSQL providers. + Key string `json:"key" gorm:"type:char(36)" bson:"key" cql:"key" dynamo:"key"` + // Name is a unique human-readable identifier (e.g., "edit-documents"). + Name string `json:"name" gorm:"type:varchar(100);uniqueIndex" bson:"name" cql:"name" dynamo:"name"` + // Description provides optional context about this permission. + Description string `json:"description" gorm:"type:text" bson:"description" cql:"description" dynamo:"description"` + // ResourceID is the foreign key to the Resource this permission protects. + ResourceID string `json:"resource_id" gorm:"type:char(36);index" bson:"resource_id" cql:"resource_id" dynamo:"resource_id"` + // DecisionStrategy controls how multiple policies attached to this permission are evaluated. + // "affirmative" = any policy grants access (OR), "unanimous" = all must agree (AND). + DecisionStrategy string `json:"decision_strategy" gorm:"type:varchar(20);default:affirmative" bson:"decision_strategy" cql:"decision_strategy" dynamo:"decision_strategy"` + // CreatedAt is the unix timestamp of creation. + CreatedAt int64 `json:"created_at" gorm:"autoCreateTime" bson:"created_at" cql:"created_at" dynamo:"created_at"` + // UpdatedAt is the unix timestamp of last update. + UpdatedAt int64 `json:"updated_at" gorm:"autoUpdateTime" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"` +} + +// PermissionScope is the join table linking a Permission to its allowed Scopes. +// A permission can cover multiple scopes (e.g., "read" and "write"). +type PermissionScope struct { + // ID is the unique identifier (UUID v4). + ID string `json:"id" gorm:"primaryKey;type:char(36)" bson:"_id" cql:"id" dynamo:"id,hash"` + // Key is an alias for ID used by some NoSQL providers. + Key string `json:"key" gorm:"type:char(36)" bson:"key" cql:"key" dynamo:"key"` + // PermissionID is the foreign key to the parent Permission. + PermissionID string `json:"permission_id" gorm:"type:char(36);index;uniqueIndex:idx_ps_unique" bson:"permission_id" cql:"permission_id" dynamo:"permission_id"` + // ScopeID is the foreign key to the Scope. + ScopeID string `json:"scope_id" gorm:"type:char(36);index;uniqueIndex:idx_ps_unique" bson:"scope_id" cql:"scope_id" dynamo:"scope_id"` + // CreatedAt is the unix timestamp of creation. + CreatedAt int64 `json:"created_at" gorm:"autoCreateTime" bson:"created_at" cql:"created_at" dynamo:"created_at"` +} + +// PermissionPolicy is the join table linking a Permission to its governing Policies. +// A permission can be governed by multiple policies, evaluated using the permission's DecisionStrategy. +type PermissionPolicy struct { + // ID is the unique identifier (UUID v4). + ID string `json:"id" gorm:"primaryKey;type:char(36)" bson:"_id" cql:"id" dynamo:"id,hash"` + // Key is an alias for ID used by some NoSQL providers. + Key string `json:"key" gorm:"type:char(36)" bson:"key" cql:"key" dynamo:"key"` + // PermissionID is the foreign key to the parent Permission. + PermissionID string `json:"permission_id" gorm:"type:char(36);index;uniqueIndex:idx_pp_unique" bson:"permission_id" cql:"permission_id" dynamo:"permission_id"` + // PolicyID is the foreign key to the Policy. + PolicyID string `json:"policy_id" gorm:"type:char(36);index;uniqueIndex:idx_pp_unique" bson:"policy_id" cql:"policy_id" dynamo:"policy_id"` + // CreatedAt is the unix timestamp of creation. + CreatedAt int64 `json:"created_at" gorm:"autoCreateTime" bson:"created_at" cql:"created_at" dynamo:"created_at"` +} + +// PermissionWithPolicies is a denormalized view used by the evaluation engine. +// It bundles a permission with its resolved policies and targets for efficient +// single-query evaluation. Not a database table -- constructed by +// GetPermissionsForResourceScope(). +type PermissionWithPolicies struct { + // PermissionID is the permission being evaluated. + PermissionID string + // PermissionName is for logging and debugging. + PermissionName string + // DecisionStrategy is how to combine policy results for this permission. + DecisionStrategy string + // Policies contains the resolved policies with their targets. + Policies []PolicyWithTargets +} + +// PolicyWithTargets bundles a policy with its resolved targets. +// Used by the evaluation engine to avoid N+1 queries. +type PolicyWithTargets struct { + // PolicyID is the policy identifier. + PolicyID string + // PolicyName is for logging and debugging. + PolicyName string + // Type is the policy type discriminator (role, user, client, agent). + Type string + // Logic is positive or negative. + Logic string + // DecisionStrategy is how to combine targets within this policy. + DecisionStrategy string + // Targets are the resolved policy targets. + Targets []PolicyTargetView +} + +// PolicyTargetView is a read-only view of a policy target for evaluation. +type PolicyTargetView struct { + // TargetType is "role", "user", "client", or "agent". + TargetType string + // TargetValue is the role name, user ID, client ID, or agent ID. + TargetValue string +} + +// AsAPIPermission converts a storage Permission to the GraphQL API model +// with its resolved resource, scopes, and policies. +func (p *Permission) AsAPIPermission(resource *model.AuthzResource, scopes []*model.AuthzScope, policies []*model.AuthzPolicy) *model.AuthzPermission { + return &model.AuthzPermission{ + ID: p.ID, + Name: p.Name, + Description: &p.Description, + Resource: resource, + Scopes: scopes, + Policies: policies, + DecisionStrategy: p.DecisionStrategy, + CreatedAt: p.CreatedAt, + UpdatedAt: p.UpdatedAt, + } +} diff --git a/internal/storage/schemas/policy.go b/internal/storage/schemas/policy.go new file mode 100644 index 00000000..f80b5ab6 --- /dev/null +++ b/internal/storage/schemas/policy.go @@ -0,0 +1,73 @@ +package schemas + +import "github.com/authorizerdev/authorizer/internal/graph/model" + +// Policy defines conditions for granting or denying access. +// Policies are the brain of the authorization model -- they determine WHO gets access. +// A policy has a Type (role-based, user-based, etc.) and Logic (positive=grant, negative=deny). +type Policy struct { + // ID is the unique identifier (UUID v4). + ID string `json:"id" gorm:"primaryKey;type:char(36)" bson:"_id" cql:"id" dynamo:"id,hash"` + // Key is an alias for ID used by some NoSQL providers. + Key string `json:"key" gorm:"type:char(36)" bson:"key" cql:"key" dynamo:"key"` + // Name is a unique human-readable identifier (e.g., "editors-policy"). + Name string `json:"name" gorm:"type:varchar(100);uniqueIndex" bson:"name" cql:"name" dynamo:"name"` + // Description provides optional context about this policy. + Description string `json:"description" gorm:"type:text" bson:"description" cql:"description" dynamo:"description"` + // Type is the policy type discriminator: "role" or "user" (extensible to "client", "agent"). + // See constants.PolicyTypeRole, constants.PolicyTypeUser. + Type string `json:"type" gorm:"type:varchar(50);index" bson:"type" cql:"type" dynamo:"type"` + // Logic determines whether matching GRANTS or DENIES access. + // "positive" = grant when matched, "negative" = deny when matched. + // See constants.PolicyLogicPositive, constants.PolicyLogicNegative. + Logic string `json:"logic" gorm:"type:varchar(10);default:positive" bson:"logic" cql:"logic" dynamo:"logic"` + // DecisionStrategy controls how multiple targets within this policy are evaluated. + // "affirmative" = any target match grants, "unanimous" = all targets must match. + // See constants.DecisionStrategyAffirmative, constants.DecisionStrategyUnanimous. + DecisionStrategy string `json:"decision_strategy" gorm:"type:varchar(20);default:affirmative" bson:"decision_strategy" cql:"decision_strategy" dynamo:"decision_strategy"` + // CreatedAt is the unix timestamp of creation. + CreatedAt int64 `json:"created_at" gorm:"autoCreateTime" bson:"created_at" cql:"created_at" dynamo:"created_at"` + // UpdatedAt is the unix timestamp of last update. + UpdatedAt int64 `json:"updated_at" gorm:"autoUpdateTime" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"` +} + +// PolicyTarget specifies who/what a policy applies to. +// For a role-based policy, targets are role names. For a user-based policy, targets are user IDs. +type PolicyTarget struct { + // ID is the unique identifier (UUID v4). + ID string `json:"id" gorm:"primaryKey;type:char(36)" bson:"_id" cql:"id" dynamo:"id,hash"` + // Key is an alias for ID used by some NoSQL providers. + Key string `json:"key" gorm:"type:char(36)" bson:"key" cql:"key" dynamo:"key"` + // PolicyID is the foreign key to the parent Policy. + PolicyID string `json:"policy_id" gorm:"type:char(36);index;uniqueIndex:idx_pt_unique" bson:"policy_id" cql:"policy_id" dynamo:"policy_id"` + // TargetType describes what kind of target this is: "role" or "user" + // (extensible to "client", "agent"). + TargetType string `json:"target_type" gorm:"type:varchar(50);uniqueIndex:idx_pt_unique" bson:"target_type" cql:"target_type" dynamo:"target_type"` + // TargetValue is the role name or user/client/agent ID this target matches. + TargetValue string `json:"target_value" gorm:"type:varchar(256);uniqueIndex:idx_pt_unique" bson:"target_value" cql:"target_value" dynamo:"target_value"` + // CreatedAt is the unix timestamp of creation. + CreatedAt int64 `json:"created_at" gorm:"autoCreateTime" bson:"created_at" cql:"created_at" dynamo:"created_at"` +} + +// AsAPIPolicy converts a storage Policy and its targets to the GraphQL API model. +func (p *Policy) AsAPIPolicy(targets []*PolicyTarget) *model.AuthzPolicy { + apiTargets := make([]*model.AuthzPolicyTarget, len(targets)) + for i, t := range targets { + apiTargets[i] = &model.AuthzPolicyTarget{ + ID: t.ID, + TargetType: t.TargetType, + TargetValue: t.TargetValue, + } + } + return &model.AuthzPolicy{ + ID: p.ID, + Name: p.Name, + Description: &p.Description, + Type: p.Type, + Logic: p.Logic, + DecisionStrategy: p.DecisionStrategy, + Targets: apiTargets, + CreatedAt: p.CreatedAt, + UpdatedAt: p.UpdatedAt, + } +} diff --git a/internal/storage/schemas/resource.go b/internal/storage/schemas/resource.go new file mode 100644 index 00000000..baad5de0 --- /dev/null +++ b/internal/storage/schemas/resource.go @@ -0,0 +1,33 @@ +package schemas + +import "github.com/authorizerdev/authorizer/internal/graph/model" + +// Resource represents a protected resource type in the authorization model. +// Resources are types (e.g., "document", "invoice"), not instances. +// They define WHAT is being protected. +type Resource struct { + // ID is the unique identifier (UUID v4). + ID string `json:"id" gorm:"primaryKey;type:char(36)" bson:"_id" cql:"id" dynamo:"id,hash"` + // Key is an alias for ID used by some NoSQL providers. + Key string `json:"key" gorm:"type:char(36)" bson:"key" cql:"key" dynamo:"key"` + // Name is a unique human-readable identifier (e.g., "document", "invoice"). + // Must be alphanumeric with hyphens and underscores, max 100 chars. + Name string `json:"name" gorm:"type:varchar(100);uniqueIndex" bson:"name" cql:"name" dynamo:"name"` + // Description provides optional context about what this resource represents. + Description string `json:"description" gorm:"type:text" bson:"description" cql:"description" dynamo:"description"` + // CreatedAt is the unix timestamp of creation. + CreatedAt int64 `json:"created_at" gorm:"autoCreateTime" bson:"created_at" cql:"created_at" dynamo:"created_at"` + // UpdatedAt is the unix timestamp of last update. + UpdatedAt int64 `json:"updated_at" gorm:"autoUpdateTime" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"` +} + +// AsAPIResource converts a storage Resource to the GraphQL API model. +func (r *Resource) AsAPIResource() *model.AuthzResource { + return &model.AuthzResource{ + ID: r.ID, + Name: r.Name, + Description: &r.Description, + CreatedAt: r.CreatedAt, + UpdatedAt: r.UpdatedAt, + } +} diff --git a/internal/storage/schemas/scope.go b/internal/storage/schemas/scope.go new file mode 100644 index 00000000..6e5d35e1 --- /dev/null +++ b/internal/storage/schemas/scope.go @@ -0,0 +1,33 @@ +package schemas + +import "github.com/authorizerdev/authorizer/internal/graph/model" + +// Scope represents an action that can be performed on a resource. +// Scopes are global verbs (e.g., "read", "write", "delete", "approve"). +// They define WHAT ACTIONS are allowed. +type Scope struct { + // ID is the unique identifier (UUID v4). + ID string `json:"id" gorm:"primaryKey;type:char(36)" bson:"_id" cql:"id" dynamo:"id,hash"` + // Key is an alias for ID used by some NoSQL providers. + Key string `json:"key" gorm:"type:char(36)" bson:"key" cql:"key" dynamo:"key"` + // Name is a unique human-readable identifier (e.g., "read", "write"). + // Must be alphanumeric with hyphens and underscores, max 100 chars. + Name string `json:"name" gorm:"type:varchar(100);uniqueIndex" bson:"name" cql:"name" dynamo:"name"` + // Description provides optional context about what this scope represents. + Description string `json:"description" gorm:"type:text" bson:"description" cql:"description" dynamo:"description"` + // CreatedAt is the unix timestamp of creation. + CreatedAt int64 `json:"created_at" gorm:"autoCreateTime" bson:"created_at" cql:"created_at" dynamo:"created_at"` + // UpdatedAt is the unix timestamp of last update. + UpdatedAt int64 `json:"updated_at" gorm:"autoUpdateTime" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"` +} + +// AsAPIScope converts a storage Scope to the GraphQL API model. +func (s *Scope) AsAPIScope() *model.AuthzScope { + return &model.AuthzScope{ + ID: s.ID, + Name: s.Name, + Description: &s.Description, + CreatedAt: s.CreatedAt, + UpdatedAt: s.UpdatedAt, + } +} diff --git a/web/dashboard/src/components/Sidebar.tsx b/web/dashboard/src/components/Sidebar.tsx index ba0756e6..bc4d7dbd 100644 --- a/web/dashboard/src/components/Sidebar.tsx +++ b/web/dashboard/src/components/Sidebar.tsx @@ -11,6 +11,7 @@ import { LogOut, Menu, ExternalLink, + Shield, } from 'lucide-react'; import type { LucideIcon } from 'lucide-react'; import { cn } from '../lib/utils'; @@ -31,6 +32,7 @@ const navItems: NavItemConfig[] = [ { name: 'Users', icon: Users, route: '/users' }, { name: 'Webhooks', icon: Webhook, route: '/webhooks' }, { name: 'Email Templates', icon: Mail, route: '/email-templates' }, + { name: 'Authorization', icon: Shield, route: '/authorization' }, { name: 'Audit Logs', icon: ScrollText, route: '/audit-logs' }, { name: 'API Playground', diff --git a/web/dashboard/src/graphql/mutation/index.ts b/web/dashboard/src/graphql/mutation/index.ts index 91dcdaec..403aac60 100644 --- a/web/dashboard/src/graphql/mutation/index.ts +++ b/web/dashboard/src/graphql/mutation/index.ts @@ -121,6 +121,148 @@ export const EditEmailTemplate = ` } `; +// Authorization mutations +export const AddResource = ` + mutation addResource($params: AddResourceInput!) { + _add_resource(params: $params) { + id + name + description + } + } +`; + +export const UpdateResource = ` + mutation updateResource($params: UpdateResourceInput!) { + _update_resource(params: $params) { + id + name + description + } + } +`; + +export const DeleteResource = ` + mutation deleteResource($id: ID!) { + _delete_resource(id: $id) { + message + } + } +`; + +export const AddScope = ` + mutation addScope($params: AddScopeInput!) { + _add_scope(params: $params) { + id + name + description + } + } +`; + +export const UpdateScope = ` + mutation updateScope($params: UpdateScopeInput!) { + _update_scope(params: $params) { + id + name + description + } + } +`; + +export const DeleteScope = ` + mutation deleteScope($id: ID!) { + _delete_scope(id: $id) { + message + } + } +`; + +export const AddPolicy = ` + mutation addPolicy($params: AddPolicyInput!) { + _add_policy(params: $params) { + id + name + description + type + logic + decision_strategy + targets { + id + target_type + target_value + } + } + } +`; + +export const UpdatePolicy = ` + mutation updatePolicy($params: UpdatePolicyInput!) { + _update_policy(params: $params) { + id + name + description + logic + decision_strategy + targets { + id + target_type + target_value + } + } + } +`; + +export const DeletePolicy = ` + mutation deletePolicy($id: ID!) { + _delete_policy(id: $id) { + message + } + } +`; + +export const AddPermission = ` + mutation addPermission($params: AddPermissionInput!) { + _add_permission(params: $params) { + id + name + description + resource { + id + name + } + scopes { + id + name + } + policies { + id + name + } + decision_strategy + } + } +`; + +export const UpdatePermission = ` + mutation updatePermission($params: UpdatePermissionInput!) { + _update_permission(params: $params) { + id + name + description + decision_strategy + } + } +`; + +export const DeletePermission = ` + mutation deletePermission($id: ID!) { + _delete_permission(id: $id) { + message + } + } +`; + export const DeleteEmailTemplate = ` mutation deleteEmailTemplate($params: DeleteEmailTemplateRequest!) { _delete_email_template(params: $params) { diff --git a/web/dashboard/src/graphql/queries/index.ts b/web/dashboard/src/graphql/queries/index.ts index 053913a9..f5425cf0 100644 --- a/web/dashboard/src/graphql/queries/index.ts +++ b/web/dashboard/src/graphql/queries/index.ts @@ -109,6 +109,118 @@ export const WebhookLogsQuery = ` } `; +// Authorization queries +export const ResourcesQuery = ` + query getResources($params: PaginatedRequest) { + _resources(params: $params) { + resources { + id + name + description + created_at + updated_at + } + pagination { + limit + page + offset + total + } + } + } +`; + +export const ScopesQuery = ` + query getScopes($params: PaginatedRequest) { + _scopes(params: $params) { + scopes { + id + name + description + created_at + updated_at + } + pagination { + limit + page + offset + total + } + } + } +`; + +export const PoliciesQuery = ` + query getPolicies($params: PaginatedRequest) { + _policies(params: $params) { + policies { + id + name + description + type + logic + decision_strategy + targets { + id + target_type + target_value + } + created_at + updated_at + } + pagination { + limit + page + offset + total + } + } + } +`; + +export const PermissionsQuery = ` + query getPermissions($params: PaginatedRequest) { + _permissions(params: $params) { + permissions { + id + name + description + resource { + id + name + description + } + scopes { + id + name + description + } + policies { + id + name + type + logic + decision_strategy + targets { + id + target_type + target_value + } + } + decision_strategy + created_at + updated_at + } + pagination { + limit + page + offset + total + } + } + } +`; + export const AuditLogsQuery = ` query getAuditLogs($params: ListAuditLogRequest!) { _audit_logs(params: $params) { diff --git a/web/dashboard/src/pages/Authorization.tsx b/web/dashboard/src/pages/Authorization.tsx new file mode 100644 index 00000000..cee60df2 --- /dev/null +++ b/web/dashboard/src/pages/Authorization.tsx @@ -0,0 +1,68 @@ +import React, { lazy, Suspense } from 'react'; +import { NavLink, Routes, Route, Navigate } from 'react-router-dom'; +import { cn } from '../lib/utils'; + +const Resources = lazy(() => import('./authorization/Resources')); +const Scopes = lazy(() => import('./authorization/Scopes')); +const Policies = lazy(() => import('./authorization/Policies')); +const Permissions = lazy(() => import('./authorization/Permissions')); + +// Tab paths are absolute (relative to the BrowserRouter basename "/dashboard"). +// Using relative paths here would resolve against the current URL — clicking +// "Scopes" while on "/dashboard/authorization/resources" would yield +// "/dashboard/authorization/resources/scopes" and break the inner . +const tabs = [ + { name: 'Resources', path: '/authorization/resources' }, + { name: 'Scopes', path: '/authorization/scopes' }, + { name: 'Policies', path: '/authorization/policies' }, + { name: 'Permissions', path: '/authorization/permissions' }, +]; + +export default function Authorization() { + return ( +
+
+

+ Authorization +

+

+ Fine-grained authorization management: resources, scopes, policies, + and permissions. +

+
+ + {/* Tab navigation */} +
+ +
+ + {/* Tab content */} + Loading...
}> + + } /> + } /> + } /> + } /> + } /> + + + + ); +} diff --git a/web/dashboard/src/pages/authorization/Permissions.tsx b/web/dashboard/src/pages/authorization/Permissions.tsx new file mode 100644 index 00000000..be09508e --- /dev/null +++ b/web/dashboard/src/pages/authorization/Permissions.tsx @@ -0,0 +1,580 @@ +import React from 'react'; +import { useClient } from 'urql'; +import { toast } from 'sonner'; +import dayjs from 'dayjs'; +import { Plus, Pencil, Trash2, AlertCircle } from 'lucide-react'; +import { + PermissionsQuery, + ResourcesQuery, + ScopesQuery, + PoliciesQuery, +} from '../../graphql/queries'; +import { + AddPermission, + UpdatePermission, + DeletePermission, +} from '../../graphql/mutation'; +import { getGraphQLErrorMessage } from '../../utils'; +import { Button } from '../../components/ui/button'; +import { Input } from '../../components/ui/input'; +import { Textarea } from '../../components/ui/textarea'; +import { Label } from '../../components/ui/label'; +import { Badge } from '../../components/ui/badge'; +import { Skeleton } from '../../components/ui/skeleton'; +import { Select } from '../../components/ui/select'; +import { + Dialog, + DialogContent, + DialogHeader, + DialogTitle, + DialogFooter, + DialogDescription, +} from '../../components/ui/dialog'; +import { + Table, + TableHeader, + TableBody, + TableRow, + TableHead, + TableCell, +} from '../../components/ui/table'; +import type { + AuthzPermission, + AuthzPermissionsResponse, + AuthzResource, + AuthzResourcesResponse, + AuthzScope, + AuthzScopesResponse, + AuthzPolicy, + AuthzPoliciesResponse, +} from '../../types'; + +export default function Permissions() { + const client = useClient(); + const [permissions, setPermissions] = React.useState([]); + const [allResources, setAllResources] = React.useState([]); + const [allScopes, setAllScopes] = React.useState([]); + const [allPolicies, setAllPolicies] = React.useState([]); + const [loading, setLoading] = React.useState(false); + const [dialogOpen, setDialogOpen] = React.useState(false); + const [deleteDialogOpen, setDeleteDialogOpen] = React.useState(false); + const [editingPermission, setEditingPermission] = + React.useState(null); + const [deletingPermission, setDeletingPermission] = + React.useState(null); + const [formName, setFormName] = React.useState(''); + const [formDescription, setFormDescription] = React.useState(''); + const [formResourceId, setFormResourceId] = React.useState(''); + const [formScopeIds, setFormScopeIds] = React.useState([]); + const [formPolicyIds, setFormPolicyIds] = React.useState([]); + const [formDecisionStrategy, setFormDecisionStrategy] = + React.useState('affirmative'); + const [saving, setSaving] = React.useState(false); + + const fetchPermissions = async () => { + setLoading(true); + const { data, error } = await client + .query(PermissionsQuery, { + params: { pagination: { limit: 100, page: 1 } }, + }) + .toPromise(); + if (data?._permissions) { + setPermissions(data._permissions.permissions); + } + if (error) { + toast.error( + getGraphQLErrorMessage(error, 'Failed to load permissions'), + ); + } + setLoading(false); + }; + + const fetchRelatedData = async () => { + const [resourcesRes, scopesRes, policiesRes] = await Promise.all([ + client + .query(ResourcesQuery, { + params: { pagination: { limit: 100, page: 1 } }, + }) + .toPromise(), + client + .query(ScopesQuery, { + params: { pagination: { limit: 100, page: 1 } }, + }) + .toPromise(), + client + .query(PoliciesQuery, { + params: { pagination: { limit: 100, page: 1 } }, + }) + .toPromise(), + ]); + if (resourcesRes.data?._resources) { + setAllResources(resourcesRes.data._resources.resources); + } + if (scopesRes.data?._scopes) { + setAllScopes(scopesRes.data._scopes.scopes); + } + if (policiesRes.data?._policies) { + setAllPolicies(policiesRes.data._policies.policies); + } + }; + + React.useEffect(() => { + fetchPermissions(); + fetchRelatedData(); + }, []); + + const openAddDialog = () => { + setEditingPermission(null); + setFormName(''); + setFormDescription(''); + setFormResourceId(''); + setFormScopeIds([]); + setFormPolicyIds([]); + setFormDecisionStrategy('affirmative'); + setDialogOpen(true); + }; + + const openEditDialog = (permission: AuthzPermission) => { + setEditingPermission(permission); + setFormName(permission.name); + setFormDescription(permission.description || ''); + setFormResourceId(permission.resource.id); + setFormScopeIds(permission.scopes.map((s) => s.id)); + setFormPolicyIds(permission.policies.map((p) => p.id)); + setFormDecisionStrategy(permission.decision_strategy); + setDialogOpen(true); + }; + + const openDeleteDialog = (permission: AuthzPermission) => { + setDeletingPermission(permission); + setDeleteDialogOpen(true); + }; + + const toggleScopeId = (id: string) => { + setFormScopeIds((prev) => + prev.includes(id) ? prev.filter((s) => s !== id) : [...prev, id], + ); + }; + + const togglePolicyId = (id: string) => { + setFormPolicyIds((prev) => + prev.includes(id) ? prev.filter((p) => p !== id) : [...prev, id], + ); + }; + + const handleSave = async () => { + if (!formName.trim()) { + toast.error('Name is required'); + return; + } + if (!formResourceId) { + toast.error('Resource is required'); + return; + } + if (formScopeIds.length === 0) { + toast.error('At least one scope is required'); + return; + } + if (formPolicyIds.length === 0) { + toast.error('At least one policy is required'); + return; + } + setSaving(true); + if (editingPermission) { + const { error } = await client + .mutation(UpdatePermission, { + params: { + id: editingPermission.id, + name: formName, + description: formDescription || undefined, + scope_ids: formScopeIds, + policy_ids: formPolicyIds, + decision_strategy: formDecisionStrategy, + }, + }) + .toPromise(); + if (error) { + toast.error( + getGraphQLErrorMessage(error, 'Failed to update permission'), + ); + } else { + toast.success('Permission updated'); + setDialogOpen(false); + fetchPermissions(); + } + } else { + const { error } = await client + .mutation(AddPermission, { + params: { + name: formName, + description: formDescription || undefined, + resource_id: formResourceId, + scope_ids: formScopeIds, + policy_ids: formPolicyIds, + decision_strategy: formDecisionStrategy, + }, + }) + .toPromise(); + if (error) { + toast.error( + getGraphQLErrorMessage(error, 'Failed to add permission'), + ); + } else { + toast.success('Permission added'); + setDialogOpen(false); + fetchPermissions(); + } + } + setSaving(false); + }; + + const handleDelete = async () => { + if (!deletingPermission) return; + setSaving(true); + const { error } = await client + .mutation(DeletePermission, { id: deletingPermission.id }) + .toPromise(); + if (error) { + toast.error( + getGraphQLErrorMessage(error, 'Failed to delete permission'), + ); + } else { + toast.success('Permission deleted'); + setDeleteDialogOpen(false); + setDeletingPermission(null); + fetchPermissions(); + } + setSaving(false); + }; + + // Build natural language summary + const buildSummary = (): string => { + const resource = allResources.find((r) => r.id === formResourceId); + const scopes = allScopes.filter((s) => formScopeIds.includes(s.id)); + const policies = allPolicies.filter((p) => formPolicyIds.includes(p.id)); + if (!resource || scopes.length === 0 || policies.length === 0) { + return 'Select a resource, scopes, and policies to see a summary.'; + } + const scopeNames = scopes.map((s) => s.name).join(', '); + const policyNames = policies.map((p) => `${p.name} (${p.type})`).join(', '); + const strategy = + formDecisionStrategy === 'affirmative' + ? 'any matching policy grants access' + : 'all policies must match'; + return `Allow ${scopeNames} on "${resource.name}" when ${policyNames} — ${strategy}.`; + }; + + return ( +
+
+
+

Permissions

+

+ Combine resources, scopes, and policies into permission rules. +

+
+ +
+ + {loading ? ( +
+ {[1, 2, 3].map((i) => ( + + ))} +
+ ) : permissions.length > 0 ? ( + + + + Name + Resource + Scopes + Policies + Strategy + Created + Actions + + + + {permissions.map((perm) => ( + + {perm.name} + + {perm.resource.name} + + +
+ {perm.scopes.map((s) => ( + + {s.name} + + ))} +
+ + +
+ {perm.policies.map((p) => ( + + {p.name} + + ))} +
+ + + {perm.decision_strategy === 'affirmative' + ? 'Any match' + : 'All must match'} + + + {dayjs(perm.created_at * 1000).format('MMM DD, YYYY')} + + +
+ + +
+ + + ))} + +
+ ) : ( +
+ +

No Permissions

+

+ Create resources, scopes, and policies first, then combine them + into permissions. +

+
+ )} + + {/* Add/Edit Dialog */} + + + + + {editingPermission ? 'Edit Permission' : 'Add Permission'} + + + {editingPermission + ? 'Update the permission configuration.' + : 'Build a permission by combining resource, scopes, and policies.'} + + +
+
+ + setFormName(e.target.value)} + className="mt-1" + /> +

+ Letters, digits, hyphens, and underscores only. Max 100 + characters. No spaces. +

+
+
+ +