mirrors
/
wikijs
mirror of https://github.com/Requarks/wiki.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213
							# ===============================================
# AUTHENTICATION
# ===============================================

extend type Query {
  apiKeys: [AuthenticationApiKey]

  apiState: Boolean

  authStrategies: [AuthenticationStrategy]

  authActiveStrategies(
    enabledOnly: Boolean
  ): [AuthenticationActiveStrategy]

  authSiteStrategies(
    siteId: UUID!
    visibleOnly: Boolean
  ): [AuthenticationSiteStrategy]
}

extend type Mutation {
  createApiKey(
    name: String!
    expiration: String!
    groups: [UUID]!
  ): AuthenticationCreateApiKeyResponse

  login(
    username: String!
    password: String!
    strategyId: UUID!
    siteId: UUID!
  ): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)

  loginTFA(
    continuationToken: String!
    securityCode: String!
    strategyId: UUID!
    siteId: UUID!
    setup: Boolean
  ): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)

  setupTFA(
    strategyId: UUID!
    siteId: UUID!
  ): AuthenticationSetupTFAResponse

  deactivateTFA(
    strategyId: UUID!
  ): DefaultResponse

  setupPasskey(
    siteId: UUID!
  ): AuthenticationSetupPasskeyResponse

  finalizePasskey(
    registrationResponse: JSON!
    name: String!
  ): DefaultResponse

  deactivatePasskey(
    id: UUID!
  ): DefaultResponse

  authenticatePasskeyGenerate(
    email: String!
    siteId: UUID!
  ): AuthenticationPasskeyResponse @rateLimit(limit: 5, duration: 60)

  authenticatePasskeyVerify(
    authResponse: JSON!
  ): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)

  changePassword(
    continuationToken: String
    currentPassword: String
    newPassword: String!
    strategyId: UUID!
    siteId: UUID!
  ): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)

  forgotPassword(
    email: String!
  ): DefaultResponse @rateLimit(limit: 3, duration: 60)

  register(
    email: String!
    password: String!
    name: String!
  ): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)

  refreshToken(
    token: String!
  ): AuthenticationTokenResponse @rateLimit(limit: 30, duration: 60)

  revokeApiKey(
    id: UUID!
  ): DefaultResponse

  setApiState(
    enabled: Boolean!
  ): DefaultResponse

  updateAuthStrategies(
    strategies: [AuthenticationStrategyInput]!
  ): DefaultResponse

  regenerateCertificates: DefaultResponse

  resetGuestUser: DefaultResponse
}

# -----------------------------------------------
# TYPES
# -----------------------------------------------

type AuthenticationStrategy {
  key: String
  props: JSON
  refs: JSON
  title: String
  description: String
  isAvailable: Boolean
  useForm: Boolean
  usernameType: String
  logo: String
  color: String
  vendor: String
  website: String
  icon: String
}

type AuthenticationActiveStrategy {
  id: UUID
  strategy: AuthenticationStrategy
  displayName: String
  isEnabled: Boolean
  config: JSON
  registration: Boolean
  allowedEmailRegex: String
  autoEnrollGroups: [UUID]
}

type AuthenticationSiteStrategy {
  id: UUID
  activeStrategy: AuthenticationActiveStrategy
  isVisible: Boolean
}

type AuthenticationAuthResponse {
  operation: Operation
  jwt: String
  nextAction: AuthenticationNextAction
  continuationToken: String
  redirect: String
  tfaQRImage: String
}

type AuthenticationTokenResponse {
  operation: Operation
  jwt: String
}

type AuthenticationSetupTFAResponse {
  operation: Operation
  continuationToken: String
  tfaQRImage: String
}

type AuthenticationSetupPasskeyResponse {
  operation: Operation
  registrationOptions: JSON
}

type AuthenticationPasskeyResponse {
  operation: Operation
  authOptions: JSON
}

input AuthenticationStrategyInput {
  key: String!
  strategyKey: String!
  config: JSON!
  displayName: String!
  order: Int!
  isEnabled: Boolean!
  registration: Boolean!
  allowedEmailRegex: String!
  autoEnrollGroups: [UUID]!
}

type AuthenticationApiKey {
  id: UUID
  name: String
  keyShort: String
  expiration: Date
  createdAt: Date
  updatedAt: Date
  isRevoked: Boolean
}

type AuthenticationCreateApiKeyResponse {
  operation: Operation
  key: String
}

enum AuthenticationNextAction {
  changePassword
  setupTfa
  provideTfa
  redirect
}