fix: graphql auth user (pass by bearer token)

app/controllers/graphql_controller.rb

@@ -11,7 +11,7 @@ def execute
     query = params[:query]
     operation_name = params[:operationName]
     context = {
-      current_user: current_user,
+      current_user: validated_user,
     }
     result = ZealotSchema.execute(query, variables: variables, context: context, operation_name: operation_name)
     render json: result
@@ -48,4 +48,16 @@ def handle_error_in_development(e)
 
     render json: { errors: [{ message: e.message, backtrace: e.backtrace }], data: {} }, status: 500
   end
+
+  def validated_user
+    auth_value = request.authorization
+    return unless auth_value.downcase.start_with?('bearer')
+
+    token = auth_value.split(' ').last
+
+  logger.debug "token token token #{token}"
+    return if token.blank?
+
+    User.find_by(token: token)
+  end
 end

app/graphql/types/base_interface.rb

@@ -3,8 +3,8 @@
 module Types
   module BaseInterface
     include GraphQL::Schema::Interface
-    edge_type_class(Types::BaseEdge)
-    connection_type_class(Types::BaseConnection)
+    # edge_type_class(Types::BaseEdge)
+    # connection_type_class(Types::BaseConnection)
 
     field_class Types::BaseField
   end

app/graphql/types/base_object.rb

@@ -2,8 +2,8 @@
 
 module Types
   class BaseObject < GraphQL::Schema::Object
-    edge_type_class(Types::BaseEdge)
-    connection_type_class(Types::BaseConnection)
+    # edge_type_class Types::BaseEdge
+    # connection_type_class Types::BaseConnection
     field_class Types::BaseField
   end
 end

app/graphql/types/base_union.rb

@@ -2,7 +2,7 @@
 
 module Types
   class BaseUnion < GraphQL::Schema::Union
-    edge_type_class(Types::BaseEdge)
-    connection_type_class(Types::BaseConnection)
+    # edge_type_class(Types::BaseEdge)
+    # connection_type_class(Types::BaseConnection)
   end
 end

app/graphql/zealot_schema.rb

@@ -23,6 +23,9 @@ def self.resolve_type(abstract_type, obj, ctx)
     raise(GraphQL::RequiredImplementationMissingError)
   end
 
+  # Stop validating when it encounters this many errors:
+  validate_max_errors(100)
+
   # Relay-style Object Identification:
 
   # Return a string UUID for `object`
@@ -50,4 +53,18 @@ def self.object_from_id(encoded_id_with_hint, query_ctx)
     full_global_id = "gid://#{GlobalID.app}/#{id}"
     GlobalID::Locator.locate(full_global_id)
   end
+
+  # Relay-style Object Identification:
+
+  # Return a string UUID for `object`
+  def self.id_from_object(object, type_definition, query_ctx)
+    # For example, use Rails' GlobalID library (https://github.com/rails/globalid):
+    object.to_gid_param
+  end
+
+  # Given a string UUID, find the object
+  def self.object_from_id(global_id, query_ctx)
+    # For example, use Rails' GlobalID library (https://github.com/rails/globalid):
+    GlobalID.find(global_id)
+  end
 end

config/routes.rb

@@ -207,8 +207,16 @@
   post '/graphql', to: 'graphql#execute'
 
   #############################################
-  # URL Friendly
+  # Development Only
   #############################################
+  if Rails.env.development?
+    mount LetterOpenerWeb::Engine, at: '/inbox'
+    mount GraphiQL::Rails::Engine, at: "/graphiql", graphql_path: "/graphql"
+  end
+
+  ############################################
+  # URL Friendly
+  ############################################
   scope path: ':channel', format: false, as: :friendly_channel do
     get '/overview', to: 'channels#show'
     get '', to: 'releases#index', as: 'releases'
@@ -220,14 +228,6 @@
     # get ':id/download', to: 'download/releases#show', as: 'channel_release_download'
   end
 
-  #############################################
-  # Development Only
-  #############################################
-  if Rails.env.development?
-    mount LetterOpenerWeb::Engine, at: '/inbox'
-    mount GraphiQL::Rails::Engine, at: "/graphiql", graphql_path: "/graphql"
-  end
-
   match '/', via: %i[post put patch delete], to: 'application#raise_not_found', format: false
   match '*unmatched_route', via: :all, to: 'application#raise_not_found', format: false
 end