feat(server): support access token (#13372)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Introduced user access tokens, enabling users to generate, list, and
revoke personal access tokens via the GraphQL API.
* Added GraphQL mutations and queries for managing access tokens,
including token creation (with optional expiration), listing, and
revocation.
* Implemented authentication support for private API endpoints using
access tokens in addition to session cookies.

* **Bug Fixes**
  * None.

* **Tests**
* Added comprehensive tests for access token creation, listing,
revocation, expiration handling, and authentication using tokens.

* **Chores**
* Updated backend models, schema, and database migrations to support
access token functionality.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This commit is contained in:
Yii
2025-07-31 13:55:10 +08:00
committed by GitHub
parent feb42e34be
commit 49e8f339d4
21 changed files with 564 additions and 9 deletions
+24
View File
@@ -2,6 +2,13 @@
# THIS FILE WAS AUTOMATICALLY GENERATED (DO NOT MODIFY)
# ------------------------------------------------------
type AccessToken {
createdAt: DateTime!
expiresAt: DateTime
id: String!
name: String!
}
input AddContextBlobInput {
blobId: String!
contextId: String!
@@ -812,6 +819,11 @@ input ForkChatSessionInput {
workspaceId: String!
}
input GenerateAccessTokenInput {
expiresAt: DateTime
name: String!
}
input GrantDocUserRolesInput {
docId: String!
role: DocRole!
@@ -1247,6 +1259,7 @@ type Mutation {
"""Create a chat session"""
forkCopilotSession(options: ForkChatSessionInput!): String!
generateLicenseKey(sessionId: String!): String!
generateUserAccessToken(input: GenerateAccessTokenInput!): RevealedAccessToken!
grantDocUserRoles(input: GrantDocUserRolesInput!): Boolean!
grantMember(permission: Permission!, userId: String!, workspaceId: String!): Boolean!
@@ -1302,6 +1315,7 @@ type Mutation {
revokeMember(userId: String!, workspaceId: String!): Boolean!
revokePublicDoc(docId: String!, workspaceId: String!): DocType!
revokePublicPage(docId: String!, workspaceId: String!): DocType! @deprecated(reason: "use revokePublicDoc instead")
revokeUserAccessToken(id: String!): Boolean!
sendChangeEmail(callbackUrl: String!, email: String): Boolean!
sendChangePasswordEmail(callbackUrl: String!, email: String @deprecated(reason: "fetched from signed in user")): Boolean!
sendSetPasswordEmail(callbackUrl: String!, email: String @deprecated(reason: "fetched from signed in user")): Boolean!
@@ -1536,6 +1550,8 @@ type PublicUserType {
}
type Query {
accessTokens: [AccessToken!]!
"""get the whole app configuration"""
appConfig: JSONObject!
@@ -1685,6 +1701,14 @@ input ReplyUpdateInput {
id: ID!
}
type RevealedAccessToken {
createdAt: DateTime!
expiresAt: DateTime
id: String!
name: String!
token: String!
}
input RevokeDocUserRoleInput {
docId: String!
userId: String!