# GraphQL schema example
#
# https://gqlgen.com/getting-started/
scalar Int64
scalar Map
scalar Any

type Pagination {
	limit: Int64!
	page: Int64!
	offset: Int64!
	total: Int64!
}

type Meta {
	version: String!
	client_id: String!
	is_google_login_enabled: Boolean!
	is_facebook_login_enabled: Boolean!
	is_github_login_enabled: Boolean!
	is_linkedin_login_enabled: Boolean!
	is_apple_login_enabled: Boolean!
	is_twitter_login_enabled: Boolean!
	is_email_verification_enabled: Boolean!
	is_basic_authentication_enabled: Boolean!
	is_magic_link_login_enabled: Boolean!
	is_sign_up_enabled: Boolean!
	is_strong_password_enabled: Boolean!
	is_multi_factor_auth_enabled: Boolean!
}

type User {
	id: ID!
	email: String!
	email_verified: Boolean!
	signup_methods: String!
	given_name: String
	family_name: String
	middle_name: String
	nickname: String
	# defaults to email
	preferred_username: String
	gender: String
	birthdate: String
	phone_number: String
	phone_number_verified: Boolean
	picture: String
	roles: [String!]!
	created_at: Int64
	updated_at: Int64
	revoked_timestamp: Int64
	is_multi_factor_auth_enabled: Boolean
}

type Users {
	pagination: Pagination!
	users: [User!]!
}

type VerificationRequest {
	id: ID!
	identifier: String
	token: String
	email: String
	expires: Int64
	created_at: Int64
	updated_at: Int64
	nonce: String
	redirect_uri: String
}

type VerificationRequests {
	pagination: Pagination!
	verification_requests: [VerificationRequest!]!
}

type Error {
	message: String!
	reason: String!
}

type AuthResponse {
	message: String!
	should_show_otp_screen: Boolean
	access_token: String
	id_token: String
	refresh_token: String
	expires_in: Int64
	user: User
}

type Response {
	message: String!
}

type Env {
	ACCESS_TOKEN_EXPIRY_TIME: String
	ADMIN_SECRET: String
	DATABASE_NAME: String
	DATABASE_URL: String
	DATABASE_TYPE: String
	DATABASE_USERNAME: String
	DATABASE_PASSWORD: String
	DATABASE_HOST: String
	DATABASE_PORT: String
	CLIENT_ID: String!
	CLIENT_SECRET: String!
	CUSTOM_ACCESS_TOKEN_SCRIPT: String
	SMTP_HOST: String
	SMTP_PORT: String
	SMTP_USERNAME: String
	SMTP_PASSWORD: String
	SMTP_LOCAL_NAME: String
	SENDER_EMAIL: String
	JWT_TYPE: String
	JWT_SECRET: String
	JWT_PRIVATE_KEY: String
	JWT_PUBLIC_KEY: String
	ALLOWED_ORIGINS: [String!]
	APP_URL: String
	REDIS_URL: String
	RESET_PASSWORD_URL: String
	DISABLE_EMAIL_VERIFICATION: Boolean!
	DISABLE_BASIC_AUTHENTICATION: Boolean!
	DISABLE_MAGIC_LINK_LOGIN: Boolean!
	DISABLE_LOGIN_PAGE: Boolean!
	DISABLE_SIGN_UP: Boolean!
	DISABLE_REDIS_FOR_ENV: Boolean!
	DISABLE_STRONG_PASSWORD: Boolean!
	DISABLE_MULTI_FACTOR_AUTHENTICATION: Boolean!
	ENFORCE_MULTI_FACTOR_AUTHENTICATION: Boolean!
	ROLES: [String!]
	PROTECTED_ROLES: [String!]
	DEFAULT_ROLES: [String!]
	JWT_ROLE_CLAIM: String
	GOOGLE_CLIENT_ID: String
	GOOGLE_CLIENT_SECRET: String
	GITHUB_CLIENT_ID: String
	GITHUB_CLIENT_SECRET: String
	FACEBOOK_CLIENT_ID: String
	FACEBOOK_CLIENT_SECRET: String
	LINKEDIN_CLIENT_ID: String
	LINKEDIN_CLIENT_SECRET: String
	APPLE_CLIENT_ID: String
	APPLE_CLIENT_SECRET: String
	TWITTER_CLIENT_ID: String
	TWITTER_CLIENT_SECRET: String
	ORGANIZATION_NAME: String
	ORGANIZATION_LOGO: String
	APP_COOKIE_SECURE: Boolean!
	ADMIN_COOKIE_SECURE: Boolean!
}

type ValidateJWTTokenResponse {
	is_valid: Boolean!
	claims: Map
}

type GenerateJWTKeysResponse {
	secret: String
	public_key: String
	private_key: String
}

type Webhook {
	id: ID!
	event_name: String
	endpoint: String
	enabled: Boolean
	headers: Map
	created_at: Int64
	updated_at: Int64
}

type Webhooks {
	pagination: Pagination!
	webhooks: [Webhook!]!
}

type WebhookLog {
	id: ID!
	http_status: Int64
	response: String
	request: String
	webhook_id: ID
	created_at: Int64
	updated_at: Int64
}

type TestEndpointResponse {
	http_status: Int64
	response: String
}

type WebhookLogs {
	pagination: Pagination!
	webhook_logs: [WebhookLog!]!
}

type EmailTemplate {
	id: ID!
	event_name: String!
	template: String!
	design: String!
	subject: String!
	created_at: Int64
	updated_at: Int64
}

type EmailTemplates {
	pagination: Pagination!
	email_templates: [EmailTemplate!]!
}

input UpdateEnvInput {
	ACCESS_TOKEN_EXPIRY_TIME: String
	ADMIN_SECRET: String
	CUSTOM_ACCESS_TOKEN_SCRIPT: String
	OLD_ADMIN_SECRET: String
	SMTP_HOST: String
	SMTP_PORT: String
	SMTP_USERNAME: String
	SMTP_PASSWORD: String
	SMTP_LOCAL_NAME: String
	SENDER_EMAIL: String
	JWT_TYPE: String
	JWT_SECRET: String
	JWT_PRIVATE_KEY: String
	JWT_PUBLIC_KEY: String
	ALLOWED_ORIGINS: [String!]
	APP_URL: String
	RESET_PASSWORD_URL: String
	APP_COOKIE_SECURE: Boolean
	ADMIN_COOKIE_SECURE: Boolean
	DISABLE_EMAIL_VERIFICATION: Boolean
	DISABLE_BASIC_AUTHENTICATION: Boolean
	DISABLE_MAGIC_LINK_LOGIN: Boolean
	DISABLE_LOGIN_PAGE: Boolean
	DISABLE_SIGN_UP: Boolean
	DISABLE_REDIS_FOR_ENV: Boolean
	DISABLE_STRONG_PASSWORD: Boolean
	DISABLE_MULTI_FACTOR_AUTHENTICATION: Boolean
	ENFORCE_MULTI_FACTOR_AUTHENTICATION: Boolean
	ROLES: [String!]
	PROTECTED_ROLES: [String!]
	DEFAULT_ROLES: [String!]
	JWT_ROLE_CLAIM: String
	GOOGLE_CLIENT_ID: String
	GOOGLE_CLIENT_SECRET: String
	GITHUB_CLIENT_ID: String
	GITHUB_CLIENT_SECRET: String
	FACEBOOK_CLIENT_ID: String
	FACEBOOK_CLIENT_SECRET: String
	LINKEDIN_CLIENT_ID: String
	LINKEDIN_CLIENT_SECRET: String
	APPLE_CLIENT_ID: String
	APPLE_CLIENT_SECRET: String
	TWITTER_CLIENT_ID: String
	TWITTER_CLIENT_SECRET: String
	ORGANIZATION_NAME: String
	ORGANIZATION_LOGO: String
}

input AdminLoginInput {
	admin_secret: String!
}

input AdminSignupInput {
	admin_secret: String!
}

input SignUpInput {
	email: String!
	given_name: String
	family_name: String
	middle_name: String
	nickname: String
	gender: String
	birthdate: String
	phone_number: String
	picture: String
	password: String!
	confirm_password: String!
	roles: [String!]
	scope: [String!]
	redirect_uri: String
	is_multi_factor_auth_enabled: Boolean
	# state is used for authorization code grant flow
	# it is used to get code for an on-going auth process during login
	# and use that code for setting `c_hash` in id_token
	state: String
}

input LoginInput {
	email: String!
	password: String!
	roles: [String!]
	scope: [String!]
	# state is used for authorization code grant flow
	# it is used to get code for an on-going auth process during login
	# and use that code for setting `c_hash` in id_token
	state: String
}

input VerifyEmailInput {
	token: String!
	# state is used for authorization code grant flow
	# it is used to get code for an on-going auth process during login
	# and use that code for setting `c_hash` in id_token
	state: String
}

input ResendVerifyEmailInput {
	email: String!
	identifier: String!
	# state is used for authorization code grant flow
	# it is used to get code for an on-going auth process during login
	# and use that code for setting `c_hash` in id_token
	state: String
}

input UpdateProfileInput {
	old_password: String
	new_password: String
	confirm_new_password: String
	email: String
	given_name: String
	family_name: String
	middle_name: String
	nickname: String
	gender: String
	birthdate: String
	phone_number: String
	picture: String
	is_multi_factor_auth_enabled: Boolean
}

input UpdateUserInput {
	id: ID!
	email: String
	email_verified: Boolean
	given_name: String
	family_name: String
	middle_name: String
	nickname: String
	gender: String
	birthdate: String
	phone_number: String
	picture: String
	roles: [String]
	is_multi_factor_auth_enabled: Boolean
}

input ForgotPasswordInput {
	email: String!
	state: String
	redirect_uri: String
}

input ResetPasswordInput {
	token: String!
	password: String!
	confirm_password: String!
}

input DeleteUserInput {
	email: String!
}

input MagicLinkLoginInput {
	email: String!
	roles: [String!]
	scope: [String!]
	state: String
	redirect_uri: String
}

input SessionQueryInput {
	roles: [String!]
	scope: [String!]
}

input PaginationInput {
	limit: Int64
	page: Int64
}

input PaginatedInput {
	pagination: PaginationInput
}

input OAuthRevokeInput {
	refresh_token: String!
}

input InviteMemberInput {
	emails: [String!]!
	redirect_uri: String
}

input UpdateAccessInput {
	user_id: String!
}

input ValidateJWTTokenInput {
	token_type: String!
	token: String!
	roles: [String!]
}

input GenerateJWTKeysInput {
	type: String!
}

input ListWebhookLogRequest {
	pagination: PaginationInput
	webhook_id: String
}

input AddWebhookRequest {
	event_name: String!
	endpoint: String!
	enabled: Boolean!
	headers: Map
}

input UpdateWebhookRequest {
	id: ID!
	event_name: String
	endpoint: String
	enabled: Boolean
	headers: Map
}

input WebhookRequest {
	id: ID!
}

input TestEndpointRequest {
	endpoint: String!
	event_name: String!
	headers: Map
}

input AddEmailTemplateRequest {
	event_name: String!
	subject: String!
	template: String!
	# Design value is set when editor is used
	# If raw HTML is used design value is set to null
	design: String
}

input UpdateEmailTemplateRequest {
	id: ID!
	event_name: String
	template: String
	subject: String
	# Design value is set when editor is used
	# If raw HTML is used design value is set to null
	design: String
}

input DeleteEmailTemplateRequest {
	id: ID!
}

input VerifyOTPRequest {
	email: String!
	otp: String!
	# state is used for authorization code grant flow
	# it is used to get code for an on-going auth process during login
	# and use that code for setting `c_hash` in id_token
	state: String
}

input ResendOTPRequest {
	email: String!
	# state is used for authorization code grant flow
	# it is used to get code for an on-going auth process during login
	# and use that code for setting `c_hash` in id_token
	state: String
}

type Mutation {
	signup(params: SignUpInput!): AuthResponse!
	login(params: LoginInput!): AuthResponse!
	magic_link_login(params: MagicLinkLoginInput!): Response!
	logout: Response!
	update_profile(params: UpdateProfileInput!): Response!
	verify_email(params: VerifyEmailInput!): AuthResponse!
	resend_verify_email(params: ResendVerifyEmailInput!): Response!
	forgot_password(params: ForgotPasswordInput!): Response!
	reset_password(params: ResetPasswordInput!): Response!
	revoke(params: OAuthRevokeInput!): Response!
	verify_otp(params: VerifyOTPRequest!): AuthResponse!
	resend_otp(params: ResendOTPRequest!): Response!
	# admin only apis
	_delete_user(params: DeleteUserInput!): Response!
	_update_user(params: UpdateUserInput!): User!
	_admin_signup(params: AdminSignupInput!): Response!
	_admin_login(params: AdminLoginInput!): Response!
	_admin_logout: Response!
	_update_env(params: UpdateEnvInput!): Response!
	_invite_members(params: InviteMemberInput!): Response!
	_revoke_access(param: UpdateAccessInput!): Response!
	_enable_access(param: UpdateAccessInput!): Response!
	_generate_jwt_keys(params: GenerateJWTKeysInput!): GenerateJWTKeysResponse!
	_add_webhook(params: AddWebhookRequest!): Response!
	_update_webhook(params: UpdateWebhookRequest!): Response!
	_delete_webhook(params: WebhookRequest!): Response!
	_test_endpoint(params: TestEndpointRequest!): TestEndpointResponse!
	_add_email_template(params: AddEmailTemplateRequest!): Response!
	_update_email_template(params: UpdateEmailTemplateRequest!): Response!
	_delete_email_template(params: DeleteEmailTemplateRequest!): Response!
}

type Query {
	meta: Meta!
	session(params: SessionQueryInput): AuthResponse!
	profile: User!
	validate_jwt_token(params: ValidateJWTTokenInput!): ValidateJWTTokenResponse!
	# admin only apis
	_users(params: PaginatedInput): Users!
	_verification_requests(params: PaginatedInput): VerificationRequests!
	_admin_session: Response!
	_env: Env!
	_webhook(params: WebhookRequest!): Webhook!
	_webhooks(params: PaginatedInput): Webhooks!
	_webhook_logs(params: ListWebhookLogRequest): WebhookLogs!
	_email_templates(params: PaginatedInput): EmailTemplates!
}