Right now the API is limited and incomplete. the Dash's current focus is current user.
We need an admin panel and admin commands. The plan is to make 2 graphql endpoints: one for the context of self (current user) and a second for admin commands. This way we can cleanly provide a second middleware for checkUserRole/isAdmin for commands that impact other users.
This means we need a few things
user roles
admin only GraphQL endpoint
admin dashboard views/endpoints
create/update/delete users
reset a user's password
renew a user's token
remove user management from /api/
fix /docs/ so auth token browser plugin isn't required
discovered & added GraphQL descriptions
many code comments & cleanup
replace fetch with XHRs
add sessions to the database
fix database setup and session schema
user pagination in admin view (mutation works)
delete user
AWS/gmail/mailgun emails: invite, password reset/notify, token expires soon, deactivated user
request a password reset (without a working password or token)