 |
VOOZH | about |
|
VOOZH | about |
Light\Type\App is the root query type in the GraphQL schema. It exposes read-only operations for system information, user data, configuration, permissions, menus, filesystem access, and internationalization. The class is decorated with #[Type] from GraphQLite src/Type/App.php28 and each public method decorated with #[Field] becomes a GraphQL query field.
This document covers query fields exposed by Light\Type\App. For mutations, see Controllers. For authentication queries, see Light\Type\Auth src/Type/Auth.php
Sources: src/Type/App.php1-544
Light\Type\App contains 40+ query fields. The class uses GraphQLite annotations:
#[Type] marks the class as a GraphQL object type src/Type/App.php28#[Field] exposes methods as query fields#[Logged] requires authentication via Auth\Service#[Right("permission")] enforces RBAC authorization#[Autowire] injects services from League\Container#[InjectUser] injects the authenticated Light\Model\UserSources: src/Type/App.php1-28 src/App.php59-147 src/App.php529-536
Light\Type\App uses TheCodingMachine\GraphQLite annotations:
| Annotation | Location | Purpose | Code Reference |
|---|---|---|---|
#[Type] | Class | Marks class as GraphQL object type | src/Type/App.php28 |
#[Field] | Method | Exposes method as query field | src/Type/App.php32 and others |
#[Logged] | Method | Requires authentication via Auth\Service::isLogged() | src/Type/App.php33 and others |
#[Right("permission")] | Method | Enforces RBAC permission check | src/Type/App.php343 and others |
#[Autowire] | Parameter | Injects service from League\Container | src/Type/App.php101 and others |
#[InjectUser] | Parameter | Injects authenticated Light\Model\User from Auth\Service | src/Type/App.php144 and others |
Sources: src/Type/App.php21-26 src/Type/App.php28
System-level queries that do not require authentication:
| Method | Return Type | Implementation | Code Reference |
|---|---|---|---|
getVersion() | string | Returns Composer\InstalledVersions::getVersion("mathsgod/light") | src/Type/App.php108-112 |
isDevMode() | bool | Calls LightApp::isDevMode() which checks Config::Value("mode") === "dev" | src/Type/App.php180-184 |
| Method | Return Type | Default Value | Config Key | Code Reference |
|---|---|---|---|---|
getCompany() | string | "HostLink" | company | src/Type/App.php300-304 |
getCompanyLogo() | ?string | null | company_logo | src/Type/App.php312-316 |
getCopyrightYear() | ?string | Current year | copyright_year | src/Type/App.php318-322 |
getCopyrightName() | ?string | "HostLink(HK)" | copyright_name | src/Type/App.php324-328 |
| Method | Return Type | Default Value | Config Key | Code Reference |
|---|---|---|---|---|
isPasswordBasedEnabled() | bool | true | authentication_password_based | src/Type/App.php306-310 |
isWebAuthnEnabled() | bool | true | webauthn_enabled | src/Type/App.php287-291 |
isForgetPasswordEnabled() | bool | true | forget_password_enabled | src/Type/App.php294-298 |
isTwoFactorAuthentication() | bool | N/A | Calls LightApp::isTwoFactorAuthentication() | src/Type/App.php174-178 |
hasBioAuth() | bool | N/A | Checks if web-auth/webauthn-lib is installed | src/Type/App.php167-172 |
hasFavorite() | bool | N/A | Calls LightApp::hasFavorite() to check for MyFavorite table | src/Type/App.php121-125 |
OAuth queries delegate to Light\Type\Auth instance:
| Method | Delegation | Code Reference |
|---|---|---|
getFacebookAppId() | new Auth()->getFacebookAppId() | src/Type/App.php276-279 |
getGoogleClientId() | new Auth()->getGoogleClientId() | src/Type/App.php282-285 |
getMicrosoftClientId() | new Auth()->getMicrosoftClientId() | src/Type/App.php269-272 |
getMicrosoftTenantId() | new Auth()->getMicrosoftTenantId() | src/Type/App.php263-267 |
Sources: src/Type/App.php108-328 src/App.php174-206 src/App.php687-693
| Method | Return Type | Annotations | Implementation | Code Reference |
|---|---|---|---|---|
getAuth() | Light\Type\Auth | None | Returns new Auth() | src/Type/App.php92-96 |
isLogged() | bool | #[Field] | Injects user via #[InjectUser], checks if user has role via Rbac::getUser()->is() | src/Type/App.php330-337 |
isViewAsMode() | bool | #[Field] | Calls Auth\Service::isViewAsMode() | src/Type/App.php161-165 |
The isLogged() method verifies the user has one of three roles: "Users", "Administrators", or "Powers Users" src/Type/App.php336
Sources: src/Type/App.php92-165
These queries require authentication and appropriate permissions:
| Method | Return Type | Annotations | Special Logic | Code Reference |
|---|---|---|---|---|
listUser() | Light\Db\Query | #[Logged], #[Right("user.list")] | Non-admins cannot see administrators src/Type/App.php466-469 | src/Type/App.php460-473 |
| Method | Return Type | Annotations | Implementation | Code Reference |
|---|---|---|---|---|
getRole() | ?Light\Model\Role | #[Logged] | Checks Rbac::hasRole(), returns Role::LoadByRole() | src/Type/App.php99-105 |
getRoles() | Light\Model\Role[] | #[Logged], #[Right("role.list")] | Filters "Administrators" and "Everyone" for non-admins | src/Type/App.php477-498 |
getPermissions() | string[] | #[Logged] | Calls LightApp::getPermissions() which scans #[Right] annotations | src/Type/App.php186-194 |
listPermission() | Light\Db\Query | #[Right("permission.list")] | Returns Permission::Query()->filters()->sort() | src/Type/App.php534-543 |
The listUser() method filters administrators from non-admin users by adding a WHERE clause src/Type/App.php468-469 The getRoles() method iterates Rbac::getRoles() and filters specific roles src/Type/App.php485-495
Sources: src/Type/App.php99-105 src/Type/App.php186-194 src/Type/App.php460-498 src/Type/App.php534-543
| Method | Return Type | Annotations | Implementation | Code Reference |
|---|---|---|---|---|
getConfig() | Light\Model\Config[] | #[Logged], #[Right("config")] | Returns Config::Query()->toArray() | src/Type/App.php341-350 |
listConfig() | Light\Db\Query | #[Logged], #[Right("config.list")] | Returns Config::Query()->filters()->sort() | src/Type/App.php441-451 |
| Method | Return Type | Annotations | Implementation | Code Reference |
|---|---|---|---|---|
getMenus() | mixed (array) | #[Logged] | Calls filterMenus() with LightApp::getMenus() | src/Type/App.php197-202 |
getCustomMenus() | array | #[Logged] | Calls LightApp::getCustomMenus() | src/Type/App.php352-360 |
The filterMenus() private method src/Type/App.php204-261 implements menu filtering logic:
Config::Value("custom_field_models") is empty src/Type/App.php212-216Rbac::getRole()->can() src/Type/App.php244-249Sources: src/Type/App.php197-261 src/Type/App.php341-360 src/Type/App.php441-451
| Method | Return Type | Annotations | Implementation | Code Reference |
|---|---|---|---|---|
fs() | Light\Type\Filesystem | #[Logged] | Returns new \Light\Type\Filesystem() | src/Type/App.php32-37 |
getDrive() | Light\Drive\Drive | #[Logged] | Gets config from LightApp::getFSConfig(), calls LightApp::getFS() | src/Type/App.php386-393 |
getDrives() | Light\Drive\Drive[] | #[Logged] | Iterates filesystem configs, creates Drive instances | src/Type/App.php395-409 |
getDriveTypes() | string[] | #[Logged] | Checks installed Composer packages | src/Type/App.php362-384 |
listFileSystem() | mixed (array) | #[Right("filesystem.list")] | Returns json_decode(Config::Get("fs")->value) | src/Type/App.php500-508 |
The getDriveTypes() method detects available storage adapters:
| Adapter Type | Composer Package | Code Reference |
|---|---|---|
"local" | Always included | src/Type/App.php370 |
"s3" | league/flysystem-aws-s3-v3 | src/Type/App.php372-374 |
"hostlink" | hostlink/hostlink-storage-adapter | src/Type/App.php376-378 |
"aliyun-oss" | alphasnow/aliyun-oss-flysystem | src/Type/App.php380-382 |
Sources: src/Type/App.php32-37 src/Type/App.php362-409 src/Type/App.php500-508
| Method | Return Type | Annotations | Implementation | Code Reference |
|---|---|---|---|---|
getTranslates() | Light\Model\Translate[] | #[Logged] | Returns Translate::Query()->toArray() | src/Type/App.php128-136 |
getI18nMessages() | Light\Model\Translate[] | #[Logged] | Filters by user language: Translate::Query(["language" => $user->language ?? 'en']) | src/Type/App.php139-149 |
getLanguages() | mixed (array) | None | Returns hardcoded array: [["name" => "English", "value" => "en"], ["name" => "中文", "value" => "zh-hk"]] | src/Type/App.php152-159 |
Sources: src/Type/App.php128-159
All listing methods return Light\Db\Query objects supporting filtering and sorting:
| Method | Required Permission | Model | Special Filtering | Code Reference |
|---|---|---|---|---|
listUser() | user.list | Light\Model\User | Hides administrators for non-admins | src/Type/App.php460-473 |
listConfig() | config.list | Light\Model\Config | None | src/Type/App.php441-451 |
listEventLog() | eventlog.list | Light\Model\EventLog | Username substring search via subquery | src/Type/App.php422-439 |
listMailLog() | maillog.list | Light\Model\MailLog | None | src/Type/App.php411-420 |
listUserLog() | userlog.list | Light\Model\UserLog | None | src/Type/App.php522-532 |
listPermission() | permission.list | Light\Model\Permission | None | src/Type/App.php534-543 |
listSystemValue() | systemvalue.list | Light\Model\SystemValue | None | src/Type/App.php510-520 |
listFileSystem() | filesystem.list | N/A | Returns json_decode(Config::Get("fs")->value) | src/Type/App.php500-508 |
All listing methods follow this pattern:
listEventLog() supports username filtering via a SQL subquery src/Type/App.php433-436:
Sources: src/Type/App.php411-543
| Method | Return Type | Implementation | Code Reference |
|---|---|---|---|
getCustomFieldModels() | string[] | Reads Config::Value("custom_field_models"), splits by comma | src/Type/App.php82-90 |
getCustomFieldSchema() | mixed[] (array) | Queries CustomField::Query(["model" => $model]), calls getFormKitSchema() | src/Type/App.php58-79 |
Sources: src/Type/App.php58-90
| Method | Return Type | Implementation | Code Reference |
|---|---|---|---|
generate2FASecret() | array | Uses TwoFactorAuthentication::generateSecret(), creates QR code with Endroid\QrCode | src/Type/App.php39-54 |
The method returns an array with three keys:
secret: Base32-encoded TOTP secret from TwoFactorAuthentication::generateSecret() src/Type/App.php42host: Server hostname from $_SERVER["HTTP_HOST"] src/Type/App.php44image: Data URI with QR code PNG generated by PngWriter src/Type/App.php47-52The QR code encodes an otpauth:// URL src/Type/App.php45:
otpauth://totp/{username}@{host}?secret={secret}
Sources: src/Type/App.php39-54
| Method | Return Type | Implementation | Code Reference |
|---|---|---|---|
isValidPassword() | bool | Calls (new System)->isValidPassword($password) | src/Type/App.php114-118 |
hasFavorite() | bool | Calls LightApp::hasFavorite() which checks for MyFavorite table | src/Type/App.php121-125 |
Sources: src/Type/App.php114-125 src/App.php687-693
#[Logged]Applied to 25+ query fields. Enforced by GraphQLite before method execution. User context injected via #[InjectUser] parameter. Implementation checks JWT token in Auth\Service::isLogged().
#[Right("permission")]Applied to sensitive queries. Checked via Light\Rbac\Rbac after authentication. Permission strings follow format "model.action":
| Permission String | Query Method | Code Reference |
|---|---|---|
"user.list" | listUser() | src/Type/App.php460 |
"config" | getConfig() | src/Type/App.php343 |
"config.list" | listConfig() | src/Type/App.php442 |
"role.list" | getRoles() | src/Type/App.php482 |
"permission.list" | listPermission() | src/Type/App.php535 |
"eventlog.list" | listEventLog() | src/Type/App.php427 |
"maillog.list" | listMailLog() | src/Type/App.php416 |
"userlog.list" | listUserLog() | src/Type/App.php528 |
"systemvalue.list" | listSystemValue() | src/Type/App.php516 |
"filesystem.list" | listFileSystem() | src/Type/App.php501 |
Additional security implemented in resolver logic:
| Method | Filtering Logic | Code Reference |
|---|---|---|
listUser() | Adds WHERE clause to exclude administrators if user not in "Administrators" role | src/Type/App.php466-469 |
getRoles() | Skips "Administrators" and "Everyone" roles if user not in "Administrators" role | src/Type/App.php488-492 |
Sources: src/Type/App.php343-543
| Annotation | Service Type | Typical Usage | Example Reference |
|---|---|---|---|
#[Autowire] LightApp | Light\App | Access RBAC, config, menus, filesystem | src/Type/App.php199 |
#[Autowire] Rbac | Light\Rbac\Rbac | Check roles and permissions | src/Type/App.php101 |
#[Autowire] Auth\Service | Light\Auth\Service | Check view-as mode | src/Type/App.php162 |
#[InjectUser] User | Light\Model\User | Access current user data | src/Type/App.php144 |
The getMenus() method demonstrates both injection types src/Type/App.php197-202:
Sources: src/Type/App.php101 src/Type/App.php144 src/Type/App.php162 src/Type/App.php197-202
SchemaFactory builds GraphQL schema with Light\Type\App as root query type src/App.php577webonyx/graphql-php parses query document and identifies requested fields#[Logged] present, Auth\Service::isLogged() verifies JWT token#[Right("permission")] present, Rbac::check() verifies permission#[Autowire] from container, #[InjectUser] from Auth\ServiceLight\Model::Query() or Light\Model::Get()Sources: src/App.php567-579 src/App.php529-536 src/Type/App.php1-544
The Light\Type\App query type acts as a facade to the core Light\App class, delegating many operations:
| Query Field | Delegation Target | Purpose |
|---|---|---|
getMenus() | LightApp::getMenus() | Retrieve menu structure |
getCustomMenus() | LightApp::getCustomMenus() | Retrieve custom menus |
getPermissions() | LightApp::getPermissions() | Discover all permissions |
getDrive() | LightApp::getDrive() | Get filesystem drive |
getDrives() | LightApp::getFSConfig(), getFS() | Get all drives |
isTwoFactorAuthentication() | LightApp::isTwoFactorAuthentication() | Check 2FA enabled |
isDevMode() | LightApp::isDevMode() | Check dev/prod mode |
hasFavorite() | LightApp::hasFavorite() | Check favorites feature |
This separation allows the query interface (Light\Type\App) to focus on GraphQL schema definition while delegating business logic to the core application (Light\App).
Refresh this wiki