2018-06-29 14:05:09 +03:00
|
|
|
{-# LANGUAGE DataKinds #-}
|
|
|
|
|
{-# LANGUAGE FlexibleContexts #-}
|
|
|
|
|
{-# LANGUAGE MultiParamTypeClasses #-}
|
|
|
|
|
{-# LANGUAGE OverloadedStrings #-}
|
add support for jwt authorization (close #186) (#255)
The API:
1. HGE has `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var. The value of which is a JSON.
2. The structure of this JSON is: `{"type": "<standard-JWT-algorithms>", "key": "<the-key>"}`
`type` : Standard JWT algos : `HS256`, `RS256`, `RS512` etc. (see jwt.io).
`key`:
i. Incase of symmetric key, the key as it is.
ii. Incase of asymmetric keys, only the public key, in a PEM encoded string or as a X509 certificate.
3. The claims in the JWT token must contain the following:
i. `x-hasura-default-role` field: default role of that user
ii. `x-hasura-allowed-roles` : A list of allowed roles for the user. The default role is overriden by `x-hasura-role` header.
4. The claims in the JWT token, can have other `x-hasura-*` fields where their values can only be strings.
5. The JWT tokens are sent as `Authorization: Bearer <token>` headers.
---
To test:
1. Generate a shared secret (for HMAC-SHA256) or RSA key pair.
2. Goto https://jwt.io/ , add the keys
3. Edit the claims to have `x-hasura-role` (mandatory) and other `x-hasura-*` fields. Add permissions related to the claims to test permissions.
4. Start HGE with `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var, which takes a JSON string: `{"type": "HS256", "key": "mylongsharedsecret"}` or `{"type":"RS256", "key": "<PEM-encoded-public-key>"}`
5. Copy the JWT token from jwt.io and use it in the `Authorization: Bearer <token>` header.
---
TODO: Support EC public keys. It is blocked on frasertweedale/hs-jose#61
2018-08-30 13:32:09 +03:00
|
|
|
|
2018-07-20 10:22:46 +03:00
|
|
|
{-# LANGUAGE RankNTypes #-}
|
2018-06-29 14:05:09 +03:00
|
|
|
{-# LANGUAGE ScopedTypeVariables #-}
|
|
|
|
|
{-# LANGUAGE TemplateHaskell #-}
|
2018-06-27 16:11:32 +03:00
|
|
|
|
|
|
|
|
module Hasura.Server.App where
|
|
|
|
|
|
2018-09-14 16:27:46 +03:00
|
|
|
import Control.Arrow ((***))
|
2018-06-27 16:11:32 +03:00
|
|
|
import Control.Concurrent.MVar
|
|
|
|
|
import Data.IORef
|
|
|
|
|
|
2018-07-20 10:22:46 +03:00
|
|
|
import Data.Aeson hiding (json)
|
|
|
|
|
import qualified Data.ByteString.Lazy as BL
|
|
|
|
|
import qualified Data.HashMap.Strict as M
|
|
|
|
|
import qualified Data.Text as T
|
|
|
|
|
import Data.Time.Clock (UTCTime,
|
|
|
|
|
getCurrentTime)
|
|
|
|
|
import Network.Wai (requestHeaders,
|
|
|
|
|
strictRequestBody)
|
|
|
|
|
import qualified Text.Mustache as M
|
|
|
|
|
import qualified Text.Mustache.Compile as M
|
2018-06-27 16:11:32 +03:00
|
|
|
|
|
|
|
|
import Web.Spock.Core
|
|
|
|
|
|
2018-07-20 10:22:46 +03:00
|
|
|
import qualified Network.HTTP.Client as HTTP
|
|
|
|
|
import qualified Network.Wai.Middleware.Static as MS
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2018-07-20 10:22:46 +03:00
|
|
|
import qualified Database.PG.Query as Q
|
2018-10-19 05:15:28 +03:00
|
|
|
import qualified Hasura.GraphQL.Explain as GE
|
2018-07-20 10:22:46 +03:00
|
|
|
import qualified Hasura.GraphQL.Schema as GS
|
|
|
|
|
import qualified Hasura.GraphQL.Transport.HTTP as GH
|
|
|
|
|
import qualified Hasura.GraphQL.Transport.HTTP.Protocol as GH
|
|
|
|
|
import qualified Hasura.GraphQL.Transport.WebSocket as WS
|
add support for jwt authorization (close #186) (#255)
The API:
1. HGE has `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var. The value of which is a JSON.
2. The structure of this JSON is: `{"type": "<standard-JWT-algorithms>", "key": "<the-key>"}`
`type` : Standard JWT algos : `HS256`, `RS256`, `RS512` etc. (see jwt.io).
`key`:
i. Incase of symmetric key, the key as it is.
ii. Incase of asymmetric keys, only the public key, in a PEM encoded string or as a X509 certificate.
3. The claims in the JWT token must contain the following:
i. `x-hasura-default-role` field: default role of that user
ii. `x-hasura-allowed-roles` : A list of allowed roles for the user. The default role is overriden by `x-hasura-role` header.
4. The claims in the JWT token, can have other `x-hasura-*` fields where their values can only be strings.
5. The JWT tokens are sent as `Authorization: Bearer <token>` headers.
---
To test:
1. Generate a shared secret (for HMAC-SHA256) or RSA key pair.
2. Goto https://jwt.io/ , add the keys
3. Edit the claims to have `x-hasura-role` (mandatory) and other `x-hasura-*` fields. Add permissions related to the claims to test permissions.
4. Start HGE with `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var, which takes a JSON string: `{"type": "HS256", "key": "mylongsharedsecret"}` or `{"type":"RS256", "key": "<PEM-encoded-public-key>"}`
5. Copy the JWT token from jwt.io and use it in the `Authorization: Bearer <token>` header.
---
TODO: Support EC public keys. It is blocked on frasertweedale/hs-jose#61
2018-08-30 13:32:09 +03:00
|
|
|
import qualified Hasura.Logging as L
|
2018-07-20 10:22:46 +03:00
|
|
|
import qualified Network.Wai as Wai
|
|
|
|
|
import qualified Network.Wai.Handler.WebSockets as WS
|
|
|
|
|
import qualified Network.WebSockets as WS
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2018-07-20 10:22:46 +03:00
|
|
|
import Hasura.Prelude hiding (get, put)
|
2018-06-27 16:11:32 +03:00
|
|
|
import Hasura.RQL.DDL.Schema.Table
|
2018-07-27 12:34:50 +03:00
|
|
|
--import Hasura.RQL.DML.Explain
|
2018-06-27 16:11:32 +03:00
|
|
|
import Hasura.RQL.DML.QueryTemplate
|
|
|
|
|
import Hasura.RQL.Types
|
2018-09-14 16:27:46 +03:00
|
|
|
import Hasura.Server.Auth (AuthMode (..),
|
|
|
|
|
getUserInfo)
|
2018-06-27 16:11:32 +03:00
|
|
|
import Hasura.Server.Init
|
|
|
|
|
import Hasura.Server.Logging
|
2018-07-20 10:22:46 +03:00
|
|
|
import Hasura.Server.Middleware (corsMiddleware,
|
|
|
|
|
mkDefaultCorsPolicy)
|
2018-06-27 16:11:32 +03:00
|
|
|
import Hasura.Server.Query
|
|
|
|
|
import Hasura.Server.Utils
|
2018-07-03 18:34:25 +03:00
|
|
|
import Hasura.Server.Version
|
2018-06-27 16:11:32 +03:00
|
|
|
import Hasura.SQL.Types
|
|
|
|
|
|
|
|
|
|
|
2018-07-27 12:34:50 +03:00
|
|
|
|
2018-07-03 18:34:25 +03:00
|
|
|
consoleTmplt :: M.Template
|
|
|
|
|
consoleTmplt = $(M.embedSingleTemplate "src-rsr/console.html")
|
|
|
|
|
|
2018-09-14 16:27:46 +03:00
|
|
|
isAccessKeySet :: AuthMode -> T.Text
|
|
|
|
|
isAccessKeySet AMNoAuth = "false"
|
|
|
|
|
isAccessKeySet _ = "true"
|
|
|
|
|
|
|
|
|
|
mkConsoleHTML :: AuthMode -> IO T.Text
|
|
|
|
|
mkConsoleHTML authMode =
|
2018-07-03 18:34:25 +03:00
|
|
|
bool (initErrExit errMsg) (return res) (null errs)
|
|
|
|
|
where
|
|
|
|
|
(errs, res) = M.checkedSubstitute consoleTmplt $
|
2018-09-14 16:27:46 +03:00
|
|
|
object [ "version" .= consoleVersion
|
|
|
|
|
, "isAccessKeySet" .= isAccessKeySet authMode
|
|
|
|
|
]
|
2018-07-03 18:34:25 +03:00
|
|
|
errMsg = "Fatal Error : console template rendering failed"
|
|
|
|
|
++ show errs
|
2018-06-29 14:05:09 +03:00
|
|
|
|
2018-06-27 16:11:32 +03:00
|
|
|
data ServerCtx
|
|
|
|
|
= ServerCtx
|
2018-07-20 10:22:46 +03:00
|
|
|
{ scIsolation :: Q.TxIsolation
|
|
|
|
|
, scPGPool :: Q.PGPool
|
|
|
|
|
, scLogger :: L.Logger
|
|
|
|
|
, scCacheRef :: IORef (SchemaCache, GS.GCtxMap)
|
|
|
|
|
, scCacheLock :: MVar ()
|
|
|
|
|
, scAuthMode :: AuthMode
|
|
|
|
|
, scManager :: HTTP.Manager
|
2018-06-27 16:11:32 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
data HandlerCtx
|
|
|
|
|
= HandlerCtx
|
|
|
|
|
{ hcServerCtx :: ServerCtx
|
|
|
|
|
, hcReqBody :: BL.ByteString
|
2018-07-20 10:22:46 +03:00
|
|
|
, hcUser :: UserInfo
|
2018-06-27 16:11:32 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type Handler = ExceptT QErr (ReaderT HandlerCtx IO)
|
|
|
|
|
|
2018-07-20 10:22:46 +03:00
|
|
|
-- {-# SCC parseBody #-}
|
2018-06-27 16:11:32 +03:00
|
|
|
parseBody :: (FromJSON a) => Handler a
|
|
|
|
|
parseBody = do
|
|
|
|
|
reqBody <- hcReqBody <$> ask
|
|
|
|
|
case decode' reqBody of
|
|
|
|
|
Just jVal -> decodeValue jVal
|
|
|
|
|
Nothing -> throw400 InvalidJSON "invalid json"
|
|
|
|
|
|
|
|
|
|
filterHeaders :: [(T.Text, T.Text)] -> [(T.Text, T.Text)]
|
|
|
|
|
filterHeaders hdrs = flip filter hdrs $ \(h, _) ->
|
|
|
|
|
isXHasuraTxt h && (T.toLower h /= userRoleHeader)
|
|
|
|
|
&& (T.toLower h /= accessKeyHeader)
|
|
|
|
|
|
|
|
|
|
onlyAdmin :: Handler ()
|
|
|
|
|
onlyAdmin = do
|
2018-07-20 10:22:46 +03:00
|
|
|
uRole <- asks (userRole . hcUser)
|
2018-06-27 16:11:32 +03:00
|
|
|
when (uRole /= adminRole) $
|
|
|
|
|
throw400 AccessDenied "You have to be an admin to access this endpoint"
|
|
|
|
|
|
|
|
|
|
buildQCtx :: Handler QCtx
|
|
|
|
|
buildQCtx = do
|
|
|
|
|
scRef <- scCacheRef . hcServerCtx <$> ask
|
2018-07-20 10:22:46 +03:00
|
|
|
userInfo <- asks hcUser
|
2018-06-27 16:11:32 +03:00
|
|
|
cache <- liftIO $ readIORef scRef
|
|
|
|
|
return $ QCtx userInfo $ fst cache
|
|
|
|
|
|
2018-07-06 08:16:42 +03:00
|
|
|
logResult
|
|
|
|
|
:: (MonadIO m)
|
2018-08-03 11:43:35 +03:00
|
|
|
=> Wai.Request -> BL.ByteString -> ServerCtx
|
|
|
|
|
-> Either QErr BL.ByteString -> Maybe (UTCTime, UTCTime)
|
|
|
|
|
-> m ()
|
|
|
|
|
logResult req reqBody sc res qTime =
|
2018-07-20 10:22:46 +03:00
|
|
|
liftIO $ logger $ mkAccessLog req (reqBody, res) qTime
|
2018-07-06 08:16:42 +03:00
|
|
|
where
|
2018-09-27 14:22:49 +03:00
|
|
|
logger = L.unLogger $ scLogger sc
|
2018-07-06 08:16:42 +03:00
|
|
|
|
2018-08-03 11:43:35 +03:00
|
|
|
logError
|
|
|
|
|
:: MonadIO m
|
|
|
|
|
=> Wai.Request -> BL.ByteString -> ServerCtx -> QErr -> m ()
|
|
|
|
|
logError req reqBody sc qErr = logResult req reqBody sc (Left qErr) Nothing
|
2018-07-09 09:04:41 +03:00
|
|
|
|
2018-06-27 16:11:32 +03:00
|
|
|
mkSpockAction
|
|
|
|
|
:: (MonadIO m)
|
2018-07-20 10:22:46 +03:00
|
|
|
=> (Bool -> QErr -> Value)
|
2018-06-27 16:11:32 +03:00
|
|
|
-> ServerCtx
|
|
|
|
|
-> Handler BL.ByteString
|
|
|
|
|
-> ActionT m ()
|
|
|
|
|
mkSpockAction qErrEncoder serverCtx handler = do
|
|
|
|
|
req <- request
|
|
|
|
|
reqBody <- liftIO $ strictRequestBody req
|
2018-07-20 10:22:46 +03:00
|
|
|
let headers = requestHeaders req
|
|
|
|
|
authMode = scAuthMode serverCtx
|
|
|
|
|
manager = scManager serverCtx
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2018-08-03 11:43:35 +03:00
|
|
|
userInfoE <- liftIO $ runExceptT $ getUserInfo logger manager headers authMode
|
|
|
|
|
userInfo <- either (logAndThrow req reqBody False) return userInfoE
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2018-07-20 10:22:46 +03:00
|
|
|
let handlerState = HandlerCtx serverCtx reqBody userInfo
|
2018-06-27 16:11:32 +03:00
|
|
|
|
|
|
|
|
t1 <- liftIO getCurrentTime -- for measuring response time purposes
|
|
|
|
|
result <- liftIO $ runReaderT (runExceptT handler) handlerState
|
|
|
|
|
t2 <- liftIO getCurrentTime -- for measuring response time purposes
|
|
|
|
|
|
2018-07-06 08:16:42 +03:00
|
|
|
-- log result
|
2018-08-03 11:43:35 +03:00
|
|
|
logResult req reqBody serverCtx result $ Just (t1, t2)
|
2018-07-20 10:22:46 +03:00
|
|
|
either (qErrToResp $ userRole userInfo == adminRole) resToResp result
|
|
|
|
|
|
2018-06-27 16:11:32 +03:00
|
|
|
where
|
2018-09-27 14:22:49 +03:00
|
|
|
logger = L.unLogger $ scLogger serverCtx
|
2018-06-27 16:11:32 +03:00
|
|
|
-- encode error response
|
2018-07-20 10:22:46 +03:00
|
|
|
qErrToResp includeInternal qErr = do
|
2018-06-27 16:11:32 +03:00
|
|
|
setStatus $ qeStatus qErr
|
2018-07-20 10:22:46 +03:00
|
|
|
json $ qErrEncoder includeInternal qErr
|
2018-07-09 09:04:41 +03:00
|
|
|
|
2018-08-03 11:43:35 +03:00
|
|
|
logAndThrow req reqBody includeInternal qErr = do
|
|
|
|
|
logError req reqBody serverCtx qErr
|
2018-07-20 10:22:46 +03:00
|
|
|
qErrToResp includeInternal qErr
|
2018-06-27 16:11:32 +03:00
|
|
|
|
|
|
|
|
resToResp resp = do
|
|
|
|
|
uncurry setHeader jsonHeader
|
|
|
|
|
lazyBytes resp
|
|
|
|
|
|
|
|
|
|
withLock :: (MonadIO m, MonadError e m)
|
|
|
|
|
=> MVar () -> m a -> m a
|
|
|
|
|
withLock lk action = do
|
|
|
|
|
acquireLock
|
|
|
|
|
res <- action `catchError` onError
|
|
|
|
|
releaseLock
|
|
|
|
|
return res
|
|
|
|
|
where
|
|
|
|
|
onError e = releaseLock >> throwError e
|
|
|
|
|
acquireLock = liftIO $ takeMVar lk
|
|
|
|
|
releaseLock = liftIO $ putMVar lk ()
|
|
|
|
|
|
|
|
|
|
v1QueryHandler :: RQLQuery -> Handler BL.ByteString
|
|
|
|
|
v1QueryHandler query = do
|
|
|
|
|
lk <- scCacheLock . hcServerCtx <$> ask
|
|
|
|
|
bool (fst <$> dbAction) (withLock lk dbActionReload) $
|
|
|
|
|
queryNeedsReload query
|
|
|
|
|
where
|
|
|
|
|
-- Hit postgres
|
|
|
|
|
dbAction = do
|
2018-07-20 10:22:46 +03:00
|
|
|
userInfo <- asks hcUser
|
2018-06-27 16:11:32 +03:00
|
|
|
scRef <- scCacheRef . hcServerCtx <$> ask
|
|
|
|
|
schemaCache <- liftIO $ readIORef scRef
|
|
|
|
|
pool <- scPGPool . hcServerCtx <$> ask
|
|
|
|
|
isoL <- scIsolation . hcServerCtx <$> ask
|
|
|
|
|
runQuery pool isoL userInfo (fst schemaCache) query
|
|
|
|
|
|
|
|
|
|
-- Also update the schema cache
|
|
|
|
|
dbActionReload = do
|
|
|
|
|
(resp, newSc) <- dbAction
|
|
|
|
|
newGCtxMap <- GS.mkGCtxMap $ scTables newSc
|
|
|
|
|
scRef <- scCacheRef . hcServerCtx <$> ask
|
|
|
|
|
liftIO $ writeIORef scRef (newSc, newGCtxMap)
|
|
|
|
|
return resp
|
|
|
|
|
|
2018-07-20 10:22:46 +03:00
|
|
|
v1Alpha1GQHandler :: GH.GraphQLRequest -> Handler BL.ByteString
|
2018-06-27 16:11:32 +03:00
|
|
|
v1Alpha1GQHandler query = do
|
2018-07-20 10:22:46 +03:00
|
|
|
userInfo <- asks hcUser
|
2018-06-27 16:11:32 +03:00
|
|
|
scRef <- scCacheRef . hcServerCtx <$> ask
|
|
|
|
|
cache <- liftIO $ readIORef scRef
|
|
|
|
|
pool <- scPGPool . hcServerCtx <$> ask
|
|
|
|
|
isoL <- scIsolation . hcServerCtx <$> ask
|
2018-07-20 10:22:46 +03:00
|
|
|
GH.runGQ pool isoL userInfo (snd cache) query
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2018-10-19 05:15:28 +03:00
|
|
|
gqlExplainHandler :: GE.GQLExplain -> Handler BL.ByteString
|
|
|
|
|
gqlExplainHandler query = do
|
|
|
|
|
onlyAdmin
|
|
|
|
|
scRef <- scCacheRef . hcServerCtx <$> ask
|
|
|
|
|
cache <- liftIO $ readIORef scRef
|
|
|
|
|
pool <- scPGPool . hcServerCtx <$> ask
|
|
|
|
|
isoL <- scIsolation . hcServerCtx <$> ask
|
|
|
|
|
GE.explainGQLQuery pool isoL (snd cache) query
|
2018-06-27 16:11:32 +03:00
|
|
|
|
|
|
|
|
newtype QueryParser
|
|
|
|
|
= QueryParser { getQueryParser :: QualifiedTable -> Handler RQLQuery }
|
|
|
|
|
|
|
|
|
|
queryParsers :: M.HashMap T.Text QueryParser
|
|
|
|
|
queryParsers =
|
|
|
|
|
M.fromList
|
|
|
|
|
[ ("select", mkQueryParser RQSelect)
|
|
|
|
|
, ("insert", mkQueryParser RQInsert)
|
|
|
|
|
, ("update", mkQueryParser RQUpdate)
|
|
|
|
|
, ("delete", mkQueryParser RQDelete)
|
|
|
|
|
, ("count", mkQueryParser RQCount)
|
|
|
|
|
]
|
|
|
|
|
where
|
|
|
|
|
mkQueryParser f =
|
|
|
|
|
QueryParser $ \qt -> do
|
|
|
|
|
obj <- parseBody
|
|
|
|
|
let val = Object $ M.insert "table" (toJSON qt) obj
|
|
|
|
|
q <- decodeValue val
|
|
|
|
|
return $ f q
|
|
|
|
|
|
|
|
|
|
legacyQueryHandler :: TableName -> T.Text -> Handler BL.ByteString
|
|
|
|
|
legacyQueryHandler tn queryType =
|
|
|
|
|
case M.lookup queryType queryParsers of
|
|
|
|
|
Just queryParser -> getQueryParser queryParser qt >>= v1QueryHandler
|
2018-07-20 10:22:46 +03:00
|
|
|
Nothing -> throw404 "No such resource exists"
|
2018-06-27 16:11:32 +03:00
|
|
|
where
|
|
|
|
|
qt = QualifiedTable publicSchema tn
|
|
|
|
|
|
2018-07-20 10:22:46 +03:00
|
|
|
mkWaiApp
|
2018-06-27 16:11:32 +03:00
|
|
|
:: Q.TxIsolation
|
|
|
|
|
-> Maybe String
|
2018-07-20 10:22:46 +03:00
|
|
|
-> L.LoggerCtx
|
2018-06-27 16:11:32 +03:00
|
|
|
-> Q.PGPool
|
2018-07-27 12:34:50 +03:00
|
|
|
-> HTTP.Manager
|
2018-06-27 16:11:32 +03:00
|
|
|
-> AuthMode
|
|
|
|
|
-> CorsConfig
|
2018-06-29 14:05:09 +03:00
|
|
|
-> Bool
|
2018-09-05 14:26:46 +03:00
|
|
|
-> IO (Wai.Application, IORef (SchemaCache, GS.GCtxMap))
|
2018-07-27 12:34:50 +03:00
|
|
|
mkWaiApp isoLevel mRootDir loggerCtx pool httpManager mode corsCfg enableConsole = do
|
2018-07-20 10:22:46 +03:00
|
|
|
cacheRef <- do
|
2018-06-27 16:11:32 +03:00
|
|
|
pgResp <- liftIO $ runExceptT $ Q.runTx pool (Q.Serializable, Nothing) $ do
|
|
|
|
|
Q.catchE defaultTxErrorHandler initStateTx
|
|
|
|
|
sc <- buildSchemaCache
|
|
|
|
|
(,) sc <$> GS.mkGCtxMap (scTables sc)
|
|
|
|
|
either initErrExit return pgResp >>= newIORef
|
|
|
|
|
|
2018-07-20 10:22:46 +03:00
|
|
|
cacheLock <- newMVar ()
|
|
|
|
|
|
|
|
|
|
let serverCtx =
|
|
|
|
|
ServerCtx isoLevel pool (L.mkLogger loggerCtx) cacheRef
|
|
|
|
|
cacheLock mode httpManager
|
|
|
|
|
|
|
|
|
|
spockApp <- spockAsApp $ spockT id $
|
|
|
|
|
httpApp mRootDir corsCfg serverCtx enableConsole
|
|
|
|
|
|
|
|
|
|
let runTx tx = runExceptT $ Q.runTx pool (isoLevel, Nothing) tx
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2018-07-20 10:22:46 +03:00
|
|
|
wsServerEnv <- WS.createWSServerEnv (scLogger serverCtx) httpManager cacheRef runTx
|
|
|
|
|
let wsServerApp = WS.createWSServerApp mode wsServerEnv
|
2018-09-05 14:26:46 +03:00
|
|
|
return (WS.websocketsOr WS.defaultConnectionOptions wsServerApp spockApp, cacheRef)
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2018-07-20 10:22:46 +03:00
|
|
|
httpApp :: Maybe String -> CorsConfig -> ServerCtx -> Bool -> SpockT IO ()
|
|
|
|
|
httpApp mRootDir corsCfg serverCtx enableConsole = do
|
2018-06-27 16:11:32 +03:00
|
|
|
liftIO $ putStrLn "HasuraDB is now waiting for connections"
|
|
|
|
|
|
|
|
|
|
-- cors middleware
|
|
|
|
|
unless (ccDisabled corsCfg) $
|
|
|
|
|
middleware $ corsMiddleware (mkDefaultCorsPolicy $ ccDomain corsCfg)
|
|
|
|
|
|
2018-06-29 14:05:09 +03:00
|
|
|
-- API Console and Root Dir
|
2018-07-03 18:34:25 +03:00
|
|
|
if enableConsole then do
|
2018-09-14 16:27:46 +03:00
|
|
|
consoleHTML <- lift $ mkConsoleHTML $ scAuthMode serverCtx
|
2018-07-03 18:34:25 +03:00
|
|
|
serveApiConsole consoleHTML
|
2018-06-29 14:05:09 +03:00
|
|
|
else maybe (return ()) (middleware . MS.staticPolicy . MS.addBase) mRootDir
|
|
|
|
|
|
2018-07-27 12:34:50 +03:00
|
|
|
get "v1/version" $ do
|
|
|
|
|
uncurry setHeader jsonHeader
|
|
|
|
|
lazyBytes $ encode $ object [ "version" .= currentVersion ]
|
2018-07-03 18:34:25 +03:00
|
|
|
|
2018-07-20 10:22:46 +03:00
|
|
|
get ("v1/template" <//> var) tmpltGetOrDeleteH
|
|
|
|
|
post ("v1/template" <//> var) tmpltPutOrPostH
|
|
|
|
|
put ("v1/template" <//> var) tmpltPutOrPostH
|
|
|
|
|
delete ("v1/template" <//> var) tmpltGetOrDeleteH
|
2018-06-27 16:11:32 +03:00
|
|
|
|
|
|
|
|
post "v1/query" $ mkSpockAction encodeQErr serverCtx $ do
|
|
|
|
|
query <- parseBody
|
|
|
|
|
v1QueryHandler query
|
|
|
|
|
|
2018-10-19 05:15:28 +03:00
|
|
|
post "v1alpha1/graphql/explain" $ mkSpockAction encodeQErr serverCtx $ do
|
|
|
|
|
expQuery <- parseBody
|
|
|
|
|
gqlExplainHandler expQuery
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2018-07-20 10:22:46 +03:00
|
|
|
post "v1alpha1/graphql" $ mkSpockAction GH.encodeGQErr serverCtx $ do
|
2018-06-27 16:11:32 +03:00
|
|
|
query <- parseBody
|
|
|
|
|
v1Alpha1GQHandler query
|
|
|
|
|
|
|
|
|
|
-- get "v1alpha1/graphql/schema" $
|
|
|
|
|
-- mkSpockAction encodeQErr serverCtx v1Alpha1GQSchemaHandler
|
|
|
|
|
|
|
|
|
|
post ("api/1/table" <//> var <//> var) $ \tableName queryType ->
|
2018-07-20 10:22:46 +03:00
|
|
|
mkSpockAction encodeQErr serverCtx $
|
|
|
|
|
legacyQueryHandler (TableName tableName) queryType
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2018-07-06 08:16:42 +03:00
|
|
|
hookAny GET $ \_ -> do
|
|
|
|
|
let qErr = err404 NotFound "resource does not exist"
|
2018-08-03 11:43:35 +03:00
|
|
|
req <- request
|
|
|
|
|
reqBody <- liftIO $ strictRequestBody req
|
|
|
|
|
logError req reqBody serverCtx qErr
|
2018-07-06 08:16:42 +03:00
|
|
|
uncurry setHeader jsonHeader
|
|
|
|
|
lazyBytes $ encode qErr
|
2018-06-27 16:11:32 +03:00
|
|
|
|
|
|
|
|
where
|
2018-07-20 10:22:46 +03:00
|
|
|
tmpltGetOrDeleteH tmpltName = do
|
2018-06-27 16:11:32 +03:00
|
|
|
tmpltArgs <- tmpltArgsFromQueryParams
|
|
|
|
|
mkSpockAction encodeQErr serverCtx $ mkQTemplateAction tmpltName tmpltArgs
|
|
|
|
|
|
2018-07-20 10:22:46 +03:00
|
|
|
tmpltPutOrPostH tmpltName = do
|
2018-06-27 16:11:32 +03:00
|
|
|
tmpltArgs <- tmpltArgsFromQueryParams
|
|
|
|
|
mkSpockAction encodeQErr serverCtx $ do
|
|
|
|
|
bodyTmpltArgs <- parseBody
|
|
|
|
|
mkQTemplateAction tmpltName $ M.union bodyTmpltArgs tmpltArgs
|
|
|
|
|
|
|
|
|
|
tmpltArgsFromQueryParams = do
|
|
|
|
|
qparams <- params
|
|
|
|
|
return $ M.fromList $ flip map qparams $
|
2018-09-14 16:27:46 +03:00
|
|
|
TemplateParam *** String
|
2018-06-27 16:11:32 +03:00
|
|
|
|
|
|
|
|
mkQTemplateAction tmpltName tmpltArgs =
|
|
|
|
|
v1QueryHandler $ RQExecuteQueryTemplate $
|
|
|
|
|
ExecQueryTemplate (TQueryName tmpltName) tmpltArgs
|
2018-06-29 14:05:09 +03:00
|
|
|
|
|
|
|
|
serveApiConsole htmlFile = do
|
|
|
|
|
get root $ redirect "/console"
|
|
|
|
|
get ("console" <//> wildcard) $ const $ html htmlFile
|
