graphql-engine/server/src-lib/Hasura/Server/API/Config.hs

-- | API related to server configuration
module Hasura.Server.API.Config
  -- required by pro
  ( ServerConfig(..)
  , runGetConfig
  ) where

import           Hasura.Prelude

import           Data.Aeson.TH

import qualified Hasura.GraphQL.Execute.LiveQuery.Options as LQ

import           Hasura.RQL.Types                         (FunctionPermissionsCtx)
import           Hasura.Server.Auth
import           Hasura.Server.Auth.JWT
import           Hasura.Server.Version                    (HasVersion, Version, currentVersion)


data JWTInfo
  = JWTInfo
  { jwtiClaimsNamespace :: !JWTNamespace
  , jwtiClaimsFormat    :: !JWTClaimsFormat
  , jwtiClaimsMap       :: !(Maybe JWTCustomClaimsMap)
  } deriving (Show, Eq)

$(deriveToJSON hasuraJSON ''JWTInfo)

data ServerConfig
  = ServerConfig
  { scfgVersion                       :: !Version
  , scfgIsFunctionPermissionsInferred :: !FunctionPermissionsCtx
  , scfgIsAdminSecretSet              :: !Bool
  , scfgIsAuthHookSet                 :: !Bool
  , scfgIsJwtSet                      :: !Bool
  , scfgJwt                           :: !(Maybe JWTInfo)
  , scfgIsAllowListEnabled            :: !Bool
  , scfgLiveQueries                   :: !LQ.LiveQueriesOptions
  , scfgConsoleAssetsDir              :: !(Maybe Text)
  } deriving (Show, Eq)

$(deriveToJSON hasuraJSON ''ServerConfig)

runGetConfig :: HasVersion => FunctionPermissionsCtx ->  AuthMode -> Bool -> LQ.LiveQueriesOptions -> Maybe Text -> ServerConfig
runGetConfig functionPermsCtx am isAllowListEnabled liveQueryOpts consoleAssetsDir = ServerConfig
    currentVersion
    functionPermsCtx
    (isAdminSecretSet am)
    (isAuthHookSet am)
    (isJWTSet am)
    (getJWTInfo am)
    isAllowListEnabled
    liveQueryOpts
    consoleAssetsDir

isAdminSecretSet :: AuthMode -> Bool
isAdminSecretSet = \case
  AMNoAuth -> False
  _        -> True

isAuthHookSet :: AuthMode -> Bool
isAuthHookSet = \case
  AMAdminSecretAndHook _ _ -> True
  _                        -> False

isJWTSet :: AuthMode -> Bool
isJWTSet = \case
  AMAdminSecretAndJWT{} -> True
  _                     -> False

getJWTInfo :: AuthMode -> Maybe JWTInfo
getJWTInfo (AMAdminSecretAndJWT _ jwtCtx _) =
  Just $ case jcxClaims jwtCtx of
    JCNamespace namespace claimsFormat ->
      JWTInfo namespace claimsFormat Nothing
    JCMap claimsMap ->
      JWTInfo (ClaimNs defaultClaimsNamespace) defaultClaimsFormat $ Just claimsMap
getJWTInfo _ = Nothing
improve debug information in actions errors response (close #4031) (#4432) * config options for internal errors for non-admin role, close #4031 More detailed action debug info is added in response 'internal' field * add docs * update CHANGELOG.md * set admin graphql errors option in ci tests, minor changes to docs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * Apply suggestions from code review Co-Authored-By: Marion Schleifer <marion@hasura.io> * use a new sum type to represent the inclusion of internal errors As suggested in review by @0x777 -> Move around few modules in to specific API folder -> Saperate types from Init.hs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * move 'HttpResponse' to 'Hasura.HTTP' module * update change log with breaking change warning * Update CHANGELOG.md Co-authored-by: Marion Schleifer <marion@hasura.io> Co-authored-by: Tirumarai Selvan <tiru@hasura.io> 2020-04-24 10:55:51 +03:00			`-- \| API related to server configuration`
server: changes catalog initialization and logging for pro customization (#5139) * new typeclass to abstract the logic of QueryLog-ing * abstract the logic of logging websocket-server logs introduce a MonadWSLog typeclass * move catalog initialization to init step expose a helper function to migrate catalog create schema cache in initialiseCtx * expose various modules and functions for pro 2020-06-19 09:42:32 +03:00			`module Hasura.Server.API.Config`
			`-- required by pro`
			`( ServerConfig(..)`
			`, runGetConfig`
			`) where`
add api to get server config details (close #1831); add jwt-analyzer (close #1369) (#1925) 2019-06-11 16:29:03 +03:00
server: simplify JSON instances GITHUB_PR_NUMBER: 6152 GITHUB_PR_URL: https://github.com/hasura/graphql-engine/pull/6152 Co-authored-by: Antoine Leblanc <1618949+nicuveo@users.noreply.github.com> GitOrigin-RevId: 6c94aef8c57e852b3d41b8355c09e64fce756a7c 2021-01-19 22:14:42 +03:00			`import Hasura.Prelude`

add api to get server config details (close #1831); add jwt-analyzer (close #1369) (#1925) 2019-06-11 16:29:03 +03:00			`import Data.Aeson.TH`

server: simplify JSON instances GITHUB_PR_NUMBER: 6152 GITHUB_PR_URL: https://github.com/hasura/graphql-engine/pull/6152 Co-authored-by: Antoine Leblanc <1618949+nicuveo@users.noreply.github.com> GitOrigin-RevId: 6c94aef8c57e852b3d41b8355c09e64fce756a7c 2021-01-19 22:14:42 +03:00			`import qualified Hasura.GraphQL.Execute.LiveQuery.Options as LQ`

console: function permissions UI (#413) GitOrigin-RevId: ccdfab19751b0d238a4ebcec59ba73a798103ca9 2021-02-12 20:01:41 +03:00			`import Hasura.RQL.Types (FunctionPermissionsCtx)`
add api to get server config details (close #1831); add jwt-analyzer (close #1369) (#1925) 2019-06-11 16:29:03 +03:00			`import Hasura.Server.Auth`
			`import Hasura.Server.Auth.JWT`
server: add more info about server to config api (#3412) Co-authored-by: Toan Nguyen <hgiasac@gmail.com> Co-authored-by: Vamshi Surabhi <0x777@users.noreply.github.com> 2020-04-06 07:53:58 +03:00			`import Hasura.Server.Version (HasVersion, Version, currentVersion)`

add api to get server config details (close #1831); add jwt-analyzer (close #1369) (#1925) 2019-06-11 16:29:03 +03:00
			`data JWTInfo`
			`= JWTInfo`
support customizing JWT claims (close #3485) (#3575) * improve jsonpath parser to accept special characters and property tests for the same * make the JWTClaimsMapValueG parametrizable * add documentation in the JWT file * modify processAuthZHeader Co-authored-by: Karthikeyan Chinnakonda <karthikeyan@hasura.io> Co-authored-by: Marion Schleifer <marion@hasura.io> 2020-08-31 19:40:01 +03:00			`{ jwtiClaimsNamespace :: !JWTNamespace`
improve debug information in actions errors response (close #4031) (#4432) * config options for internal errors for non-admin role, close #4031 More detailed action debug info is added in response 'internal' field * add docs * update CHANGELOG.md * set admin graphql errors option in ci tests, minor changes to docs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * Apply suggestions from code review Co-Authored-By: Marion Schleifer <marion@hasura.io> * use a new sum type to represent the inclusion of internal errors As suggested in review by @0x777 -> Move around few modules in to specific API folder -> Saperate types from Init.hs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * move 'HttpResponse' to 'Hasura.HTTP' module * update change log with breaking change warning * Update CHANGELOG.md Co-authored-by: Marion Schleifer <marion@hasura.io> Co-authored-by: Tirumarai Selvan <tiru@hasura.io> 2020-04-24 10:55:51 +03:00			`, jwtiClaimsFormat :: !JWTClaimsFormat`
support customizing JWT claims (close #3485) (#3575) * improve jsonpath parser to accept special characters and property tests for the same * make the JWTClaimsMapValueG parametrizable * add documentation in the JWT file * modify processAuthZHeader Co-authored-by: Karthikeyan Chinnakonda <karthikeyan@hasura.io> Co-authored-by: Marion Schleifer <marion@hasura.io> 2020-08-31 19:40:01 +03:00			`, jwtiClaimsMap :: !(Maybe JWTCustomClaimsMap)`
add api to get server config details (close #1831); add jwt-analyzer (close #1369) (#1925) 2019-06-11 16:29:03 +03:00			`} deriving (Show, Eq)`

server: simplify JSON instances GITHUB_PR_NUMBER: 6152 GITHUB_PR_URL: https://github.com/hasura/graphql-engine/pull/6152 Co-authored-by: Antoine Leblanc <1618949+nicuveo@users.noreply.github.com> GitOrigin-RevId: 6c94aef8c57e852b3d41b8355c09e64fce756a7c 2021-01-19 22:14:42 +03:00			`$(deriveToJSON hasuraJSON ''JWTInfo)`
add api to get server config details (close #1831); add jwt-analyzer (close #1369) (#1925) 2019-06-11 16:29:03 +03:00
			`data ServerConfig`
			`= ServerConfig`
console: function permissions UI (#413) GitOrigin-RevId: ccdfab19751b0d238a4ebcec59ba73a798103ca9 2021-02-12 20:01:41 +03:00			`{ scfgVersion :: !Version`
			`, scfgIsFunctionPermissionsInferred :: !FunctionPermissionsCtx`
			`, scfgIsAdminSecretSet :: !Bool`
			`, scfgIsAuthHookSet :: !Bool`
			`, scfgIsJwtSet :: !Bool`
			`, scfgJwt :: !(Maybe JWTInfo)`
			`, scfgIsAllowListEnabled :: !Bool`
			`, scfgLiveQueries :: !LQ.LiveQueriesOptions`
			`, scfgConsoleAssetsDir :: !(Maybe Text)`
server: add more info about server to config api (#3412) Co-authored-by: Toan Nguyen <hgiasac@gmail.com> Co-authored-by: Vamshi Surabhi <0x777@users.noreply.github.com> 2020-04-06 07:53:58 +03:00			`} deriving (Show, Eq)`
add api to get server config details (close #1831); add jwt-analyzer (close #1369) (#1925) 2019-06-11 16:29:03 +03:00
server: simplify JSON instances GITHUB_PR_NUMBER: 6152 GITHUB_PR_URL: https://github.com/hasura/graphql-engine/pull/6152 Co-authored-by: Antoine Leblanc <1618949+nicuveo@users.noreply.github.com> GitOrigin-RevId: 6c94aef8c57e852b3d41b8355c09e64fce756a7c 2021-01-19 22:14:42 +03:00			`$(deriveToJSON hasuraJSON ''ServerConfig)`
add api to get server config details (close #1831); add jwt-analyzer (close #1369) (#1925) 2019-06-11 16:29:03 +03:00
console: function permissions UI (#413) GitOrigin-RevId: ccdfab19751b0d238a4ebcec59ba73a798103ca9 2021-02-12 20:01:41 +03:00			`runGetConfig :: HasVersion => FunctionPermissionsCtx -> AuthMode -> Bool -> LQ.LiveQueriesOptions -> Maybe Text -> ServerConfig`
			`runGetConfig functionPermsCtx am isAllowListEnabled liveQueryOpts consoleAssetsDir = ServerConfig`
server: add more info about server to config api (#3412) Co-authored-by: Toan Nguyen <hgiasac@gmail.com> Co-authored-by: Vamshi Surabhi <0x777@users.noreply.github.com> 2020-04-06 07:53:58 +03:00			`currentVersion`
console: function permissions UI (#413) GitOrigin-RevId: ccdfab19751b0d238a4ebcec59ba73a798103ca9 2021-02-12 20:01:41 +03:00			`functionPermsCtx`
server: add more info about server to config api (#3412) Co-authored-by: Toan Nguyen <hgiasac@gmail.com> Co-authored-by: Vamshi Surabhi <0x777@users.noreply.github.com> 2020-04-06 07:53:58 +03:00			`(isAdminSecretSet am)`
			`(isAuthHookSet am)`
			`(isJWTSet am)`
			`(getJWTInfo am)`
			`isAllowListEnabled`
			`liveQueryOpts`
cli: load assets from server if cdn is disabled (close #3382) (#3851) 2020-06-03 07:06:23 +03:00			`consoleAssetsDir`
server: add more info about server to config api (#3412) Co-authored-by: Toan Nguyen <hgiasac@gmail.com> Co-authored-by: Vamshi Surabhi <0x777@users.noreply.github.com> 2020-04-06 07:53:58 +03:00
add api to get server config details (close #1831); add jwt-analyzer (close #1369) (#1925) 2019-06-11 16:29:03 +03:00			`isAdminSecretSet :: AuthMode -> Bool`
			`isAdminSecretSet = \case`
			`AMNoAuth -> False`
			`_ -> True`

			`isAuthHookSet :: AuthMode -> Bool`
			`isAuthHookSet = \case`
			`AMAdminSecretAndHook _ _ -> True`
			`_ -> False`

			`isJWTSet :: AuthMode -> Bool`
			`isJWTSet = \case`
			`AMAdminSecretAndJWT{} -> True`
			`_ -> False`

			`getJWTInfo :: AuthMode -> Maybe JWTInfo`
			`getJWTInfo (AMAdminSecretAndJWT _ jwtCtx _) =`
support customizing JWT claims (close #3485) (#3575) * improve jsonpath parser to accept special characters and property tests for the same * make the JWTClaimsMapValueG parametrizable * add documentation in the JWT file * modify processAuthZHeader Co-authored-by: Karthikeyan Chinnakonda <karthikeyan@hasura.io> Co-authored-by: Marion Schleifer <marion@hasura.io> 2020-08-31 19:40:01 +03:00			`Just $ case jcxClaims jwtCtx of`
			`JCNamespace namespace claimsFormat ->`
			`JWTInfo namespace claimsFormat Nothing`
			`JCMap claimsMap ->`
			`JWTInfo (ClaimNs defaultClaimsNamespace) defaultClaimsFormat $ Just claimsMap`
add api to get server config details (close #1831); add jwt-analyzer (close #1369) (#1925) 2019-06-11 16:29:03 +03:00			`getJWTInfo _ = Nothing`