add jwt authentication on graphql controller

app/controllers/concerns/authenticable.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+module Authenticable
+  def current_auth
+    @current_auth ||= Auth::Authenticate.new(bearer_token).profile
+  end
+
+  def bearer_token
+    pattern = /^Bearer /
+    header  = request.headers["Authorization"]
+    header.gsub(pattern, "") if header&.match(pattern)
+  end
+end

app/controllers/graphql_controller.rb

@@ -1,17 +1,16 @@
 # frozen_string_literal: true
 class GraphqlController < ApplicationController
-  # If accessing from outside this domain, nullify the session
-  # This allows for outside API access while preventing CSRF attacks,
-  # but you'll have to authenticate your user separately
-  # protect_from_forgery with: :null_session
+  include Authenticable
+
+  protect_from_forgery with: :null_session
 
   def execute
     variables = prepare_variables(params[:variables])
     query = params[:query]
     operation_name = params[:operationName]
     context = {
-      # Query context goes here, for example:
-      current_user: current_admin_user,
+      current_user: current_admin_user, # || current_auth.current_user,
+      current_auth: current_auth,
     }
     result = XStakeSchema.execute(query, variables: variables, context: context, operation_name: operation_name)
     render(json: result)
@@ -22,7 +21,6 @@ class GraphqlController < ApplicationController
 
   private
 
-  # Handle variables in form data, JSON body, or a blank value
   def prepare_variables(variables_param)
     case variables_param
     when String
@@ -34,7 +32,7 @@ class GraphqlController < ApplicationController
     when Hash
       variables_param
     when ActionController::Parameters
-      variables_param.to_unsafe_hash # GraphQL-Ruby will validate name and type of incoming variables.
+      variables_param.to_unsafe_hash
     when nil
       {}
     else