2020-04-24 10:55:51 +03:00
|
|
|
-- | Types and functions related to the server initialisation
|
2020-06-01 10:36:26 +03:00
|
|
|
{-# LANGUAGE CPP #-}
|
|
|
|
{-# OPTIONS_GHC -O0 #-}
|
2020-04-24 10:55:51 +03:00
|
|
|
module Hasura.Server.Init
|
|
|
|
( DbUid(..)
|
|
|
|
, getDbId
|
|
|
|
|
|
|
|
, PGVersion(..)
|
|
|
|
, getPgVersion
|
|
|
|
|
|
|
|
, InstanceId(..)
|
|
|
|
, generateInstanceId
|
|
|
|
|
|
|
|
, StartupTimeInfo(..)
|
|
|
|
|
|
|
|
-- * Server command related
|
|
|
|
, parseRawConnInfo
|
|
|
|
, mkRawConnInfo
|
|
|
|
, mkHGEOptions
|
|
|
|
, mkConnInfo
|
|
|
|
, serveOptionsParser
|
|
|
|
|
|
|
|
-- * Downgrade command related
|
|
|
|
, downgradeShortcuts
|
|
|
|
, downgradeOptionsParser
|
|
|
|
|
|
|
|
-- * Help footers
|
|
|
|
, mainCmdFooter
|
|
|
|
, serveCmdFooter
|
|
|
|
|
|
|
|
-- * Startup logs
|
|
|
|
, mkGenericStrLog
|
|
|
|
, mkGenericLog
|
|
|
|
, inconsistentMetadataLog
|
|
|
|
, serveOptsToLog
|
|
|
|
, connInfoToLog
|
|
|
|
|
|
|
|
, module Hasura.Server.Init.Config
|
|
|
|
) where
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2019-04-17 12:48:41 +03:00
|
|
|
import qualified Data.Aeson as J
|
2019-07-11 08:37:06 +03:00
|
|
|
import qualified Data.Aeson.Casing as J
|
|
|
|
import qualified Data.Aeson.TH as J
|
2019-04-17 12:48:41 +03:00
|
|
|
import qualified Data.HashSet as Set
|
|
|
|
import qualified Data.String as DataString
|
|
|
|
import qualified Data.Text as T
|
2019-09-06 01:59:26 +03:00
|
|
|
import qualified Data.Text.Encoding as TE
|
2019-11-26 15:14:21 +03:00
|
|
|
import qualified Database.PG.Query as Q
|
2020-02-24 17:33:56 +03:00
|
|
|
import qualified Language.Haskell.TH.Syntax as TH
|
2019-09-06 01:59:26 +03:00
|
|
|
import qualified Text.PrettyPrint.ANSI.Leijen as PP
|
|
|
|
|
2020-02-24 17:33:56 +03:00
|
|
|
import Data.FileEmbed (embedStringFile)
|
2019-09-06 01:59:26 +03:00
|
|
|
import Network.Wai.Handler.Warp (HostPreference)
|
|
|
|
import Options.Applicative
|
|
|
|
|
2019-11-25 20:12:23 +03:00
|
|
|
import qualified Hasura.Cache as Cache
|
|
|
|
import qualified Hasura.GraphQL.Execute as E
|
2019-04-17 12:48:41 +03:00
|
|
|
import qualified Hasura.GraphQL.Execute.LiveQuery as LQ
|
|
|
|
import qualified Hasura.Logging as L
|
2019-02-14 08:58:38 +03:00
|
|
|
|
2019-11-26 15:14:21 +03:00
|
|
|
import Hasura.Db
|
2018-06-27 16:11:32 +03:00
|
|
|
import Hasura.Prelude
|
2020-04-24 12:10:53 +03:00
|
|
|
import Hasura.RQL.Types (QErr, SchemaCache (..))
|
add support for jwt authorization (close #186) (#255)
The API:
1. HGE has `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var. The value of which is a JSON.
2. The structure of this JSON is: `{"type": "<standard-JWT-algorithms>", "key": "<the-key>"}`
`type` : Standard JWT algos : `HS256`, `RS256`, `RS512` etc. (see jwt.io).
`key`:
i. Incase of symmetric key, the key as it is.
ii. Incase of asymmetric keys, only the public key, in a PEM encoded string or as a X509 certificate.
3. The claims in the JWT token must contain the following:
i. `x-hasura-default-role` field: default role of that user
ii. `x-hasura-allowed-roles` : A list of allowed roles for the user. The default role is overriden by `x-hasura-role` header.
4. The claims in the JWT token, can have other `x-hasura-*` fields where their values can only be strings.
5. The JWT tokens are sent as `Authorization: Bearer <token>` headers.
---
To test:
1. Generate a shared secret (for HMAC-SHA256) or RSA key pair.
2. Goto https://jwt.io/ , add the keys
3. Edit the claims to have `x-hasura-role` (mandatory) and other `x-hasura-*` fields. Add permissions related to the claims to test permissions.
4. Start HGE with `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var, which takes a JSON string: `{"type": "HS256", "key": "mylongsharedsecret"}` or `{"type":"RS256", "key": "<PEM-encoded-public-key>"}`
5. Copy the JWT token from jwt.io and use it in the `Authorization: Bearer <token>` header.
---
TODO: Support EC public keys. It is blocked on frasertweedale/hs-jose#61
2018-08-30 13:32:09 +03:00
|
|
|
import Hasura.Server.Auth
|
2019-02-14 08:58:38 +03:00
|
|
|
import Hasura.Server.Cors
|
2020-04-24 10:55:51 +03:00
|
|
|
import Hasura.Server.Init.Config
|
2019-01-02 14:24:17 +03:00
|
|
|
import Hasura.Server.Logging
|
2018-06-28 13:49:40 +03:00
|
|
|
import Hasura.Server.Utils
|
2020-04-24 12:10:53 +03:00
|
|
|
import Hasura.Session
|
2019-09-06 01:59:26 +03:00
|
|
|
import Network.URI (parseURI)
|
2019-02-14 08:58:38 +03:00
|
|
|
|
2019-11-26 15:14:21 +03:00
|
|
|
newtype DbUid
|
|
|
|
= DbUid { getDbUid :: Text }
|
|
|
|
deriving (Show, Eq, J.ToJSON, J.FromJSON)
|
|
|
|
|
2020-04-01 18:14:26 +03:00
|
|
|
newtype PGVersion = PGVersion { unPGVersion :: Int } deriving (Show, Eq, J.ToJSON)
|
|
|
|
|
2019-11-26 15:14:21 +03:00
|
|
|
getDbId :: Q.TxE QErr Text
|
|
|
|
getDbId =
|
|
|
|
(runIdentity . Q.getRow) <$>
|
|
|
|
Q.withQE defaultTxErrorHandler
|
|
|
|
[Q.sql|
|
|
|
|
SELECT (hasura_uuid :: text) FROM hdb_catalog.hdb_version
|
|
|
|
|] () False
|
|
|
|
|
2020-04-01 18:14:26 +03:00
|
|
|
getPgVersion :: Q.TxE QErr PGVersion
|
|
|
|
getPgVersion = PGVersion <$> Q.serverVersion
|
2019-11-26 15:14:21 +03:00
|
|
|
|
2019-03-12 08:46:27 +03:00
|
|
|
newtype InstanceId
|
2019-07-11 08:37:06 +03:00
|
|
|
= InstanceId { getInstanceId :: Text }
|
2019-07-31 12:01:48 +03:00
|
|
|
deriving (Show, Eq, J.ToJSON, J.FromJSON, Q.FromCol, Q.ToPrepArg)
|
2019-01-11 14:07:13 +03:00
|
|
|
|
2019-07-31 12:01:48 +03:00
|
|
|
generateInstanceId :: IO InstanceId
|
|
|
|
generateInstanceId = InstanceId <$> generateFingerprint
|
2019-07-11 08:37:06 +03:00
|
|
|
|
|
|
|
data StartupTimeInfo
|
|
|
|
= StartupTimeInfo
|
|
|
|
{ _stiMessage :: !Text
|
|
|
|
, _stiTimeTaken :: !Double
|
|
|
|
}
|
|
|
|
$(J.deriveJSON (J.aesonDrop 4 J.snakeCase) ''StartupTimeInfo)
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2018-12-14 06:21:41 +03:00
|
|
|
returnJust :: Monad m => a -> m (Maybe a)
|
|
|
|
returnJust = return . Just
|
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
considerEnv :: FromEnv a => String -> WithEnv (Maybe a)
|
2018-12-14 06:21:41 +03:00
|
|
|
considerEnv envVar = do
|
|
|
|
env <- ask
|
2018-12-19 14:38:33 +03:00
|
|
|
case lookup envVar env of
|
2018-12-14 06:21:41 +03:00
|
|
|
Nothing -> return Nothing
|
2018-12-19 14:38:33 +03:00
|
|
|
Just val -> either throwErr returnJust $ fromEnv val
|
2018-12-14 06:21:41 +03:00
|
|
|
where
|
|
|
|
throwErr s = throwError $
|
2018-12-19 14:38:33 +03:00
|
|
|
"Fatal Error:- Environment variable " ++ envVar ++ ": " ++ s
|
|
|
|
|
2019-02-14 12:37:47 +03:00
|
|
|
considerEnvs :: FromEnv a => [String] -> WithEnv (Maybe a)
|
2019-03-01 14:45:04 +03:00
|
|
|
considerEnvs envVars = foldl1 (<|>) <$> mapM considerEnv envVars
|
2019-02-14 12:37:47 +03:00
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
withEnv :: FromEnv a => Maybe a -> String -> WithEnv (Maybe a)
|
|
|
|
withEnv mVal envVar =
|
|
|
|
maybe (considerEnv envVar) returnJust mVal
|
|
|
|
|
2019-02-14 12:37:47 +03:00
|
|
|
withEnvs :: FromEnv a => Maybe a -> [String] -> WithEnv (Maybe a)
|
|
|
|
withEnvs mVal envVars =
|
|
|
|
maybe (considerEnvs envVars) returnJust mVal
|
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
withEnvBool :: Bool -> String -> WithEnv Bool
|
|
|
|
withEnvBool bVal envVar =
|
|
|
|
bool considerEnv' (return True) bVal
|
|
|
|
where
|
|
|
|
considerEnv' = do
|
|
|
|
mEnvVal <- considerEnv envVar
|
|
|
|
maybe (return False) return mEnvVal
|
|
|
|
|
2019-07-11 08:37:06 +03:00
|
|
|
withEnvJwtConf :: Maybe JWTConfig -> String -> WithEnv (Maybe JWTConfig)
|
|
|
|
withEnvJwtConf jVal envVar =
|
|
|
|
maybe (considerEnv envVar) returnJust jVal
|
|
|
|
|
2019-11-26 15:14:21 +03:00
|
|
|
mkHGEOptions :: L.EnabledLogTypes impl => RawHGEOptions impl -> WithEnv (HGEOptions impl)
|
2018-12-19 14:38:33 +03:00
|
|
|
mkHGEOptions (HGEOptionsG rawConnInfo rawCmd) =
|
|
|
|
HGEOptionsG <$> connInfo <*> cmd
|
|
|
|
where
|
|
|
|
connInfo = mkRawConnInfo rawConnInfo
|
|
|
|
cmd = case rawCmd of
|
2020-02-07 14:03:12 +03:00
|
|
|
HCServe rso -> HCServe <$> mkServeOptions rso
|
|
|
|
HCExport -> return HCExport
|
|
|
|
HCClean -> return HCClean
|
|
|
|
HCExecute -> return HCExecute
|
|
|
|
HCVersion -> return HCVersion
|
|
|
|
HCDowngrade tgt -> return (HCDowngrade tgt)
|
2018-12-19 14:38:33 +03:00
|
|
|
|
|
|
|
mkRawConnInfo :: RawConnInfo -> WithEnv RawConnInfo
|
|
|
|
mkRawConnInfo rawConnInfo = do
|
|
|
|
withEnvUrl <- withEnv rawDBUrl $ fst databaseUrlEnv
|
2019-03-12 08:46:27 +03:00
|
|
|
withEnvRetries <- withEnv retries $ fst retriesNumEnv
|
|
|
|
return $ rawConnInfo { connUrl = withEnvUrl
|
|
|
|
, connRetries = withEnvRetries
|
|
|
|
}
|
2018-12-19 14:38:33 +03:00
|
|
|
where
|
|
|
|
rawDBUrl = connUrl rawConnInfo
|
2019-03-12 08:46:27 +03:00
|
|
|
retries = connRetries rawConnInfo
|
2018-12-19 14:38:33 +03:00
|
|
|
|
2019-11-26 15:14:21 +03:00
|
|
|
mkServeOptions :: L.EnabledLogTypes impl => RawServeOptions impl -> WithEnv (ServeOptions impl)
|
2018-12-19 14:38:33 +03:00
|
|
|
mkServeOptions rso = do
|
|
|
|
port <- fromMaybe 8080 <$>
|
|
|
|
withEnv (rsoPort rso) (fst servePortEnv)
|
2019-01-11 14:07:13 +03:00
|
|
|
host <- fromMaybe "*" <$>
|
|
|
|
withEnv (rsoHost rso) (fst serveHostEnv)
|
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
connParams <- mkConnParams $ rsoConnParams rso
|
2019-07-11 08:37:06 +03:00
|
|
|
txIso <- fromMaybe Q.ReadCommitted <$> withEnv (rsoTxIso rso) (fst txIsoEnv)
|
2019-02-14 12:37:47 +03:00
|
|
|
adminScrt <- withEnvs (rsoAdminSecret rso) $ map fst [adminSecretEnv, accessKeyEnv]
|
2018-12-19 14:38:33 +03:00
|
|
|
authHook <- mkAuthHook $ rsoAuthHook rso
|
2019-07-11 08:37:06 +03:00
|
|
|
jwtSecret <- withEnvJwtConf (rsoJwtSecret rso) $ fst jwtSecretEnv
|
2018-12-19 14:38:33 +03:00
|
|
|
unAuthRole <- withEnv (rsoUnAuthRole rso) $ fst unAuthRoleEnv
|
|
|
|
corsCfg <- mkCorsConfig $ rsoCorsConfig rso
|
|
|
|
enableConsole <- withEnvBool (rsoEnableConsole rso) $
|
|
|
|
fst enableConsoleEnv
|
2019-05-16 10:45:29 +03:00
|
|
|
consoleAssetsDir <- withEnv (rsoConsoleAssetsDir rso) (fst consoleAssetsDirEnv)
|
2019-01-28 16:55:28 +03:00
|
|
|
enableTelemetry <- fromMaybe True <$>
|
|
|
|
withEnv (rsoEnableTelemetry rso) (fst enableTelemetryEnv)
|
2019-03-01 14:45:04 +03:00
|
|
|
strfyNum <- withEnvBool (rsoStringifyNum rso) $ fst stringifyNumEnv
|
2019-04-30 08:15:23 +03:00
|
|
|
enabledAPIs <- Set.fromList . fromMaybe defaultAPIs <$>
|
2019-02-28 16:53:03 +03:00
|
|
|
withEnv (rsoEnabledAPIs rso) (fst enabledAPIsEnv)
|
2019-04-17 12:48:41 +03:00
|
|
|
lqOpts <- mkLQOpts
|
2019-05-16 09:13:25 +03:00
|
|
|
enableAL <- withEnvBool (rsoEnableAllowlist rso) $ fst enableAllowlistEnv
|
2019-11-26 15:14:21 +03:00
|
|
|
enabledLogs <- maybe L.defaultEnabledLogTypes (Set.fromList) <$>
|
2019-07-11 08:37:06 +03:00
|
|
|
withEnv (rsoEnabledLogTypes rso) (fst enabledLogsEnv)
|
|
|
|
serverLogLevel <- fromMaybe L.LevelInfo <$> withEnv (rsoLogLevel rso) (fst logLevelEnv)
|
2020-05-13 12:17:32 +03:00
|
|
|
planCacheOptions <- E.PlanCacheOptions <$> withEnv (rsoPlanCacheSize rso) (fst planCacheSizeEnv)
|
2020-04-24 10:55:51 +03:00
|
|
|
devMode <- withEnvBool (rsoDevMode rso) $ fst devModeEnv
|
|
|
|
adminInternalErrors <- fromMaybe True <$> -- Default to `true` to enable backwards compatibility
|
|
|
|
withEnv (rsoAdminInternalErrors rso) (fst adminInternalErrorsEnv)
|
|
|
|
let internalErrorsConfig =
|
|
|
|
if | devMode -> InternalErrorsAllRequests
|
|
|
|
| adminInternalErrors -> InternalErrorsAdminOnly
|
|
|
|
| otherwise -> InternalErrorsDisabled
|
|
|
|
|
2019-02-14 12:37:47 +03:00
|
|
|
return $ ServeOptions port host connParams txIso adminScrt authHook jwtSecret
|
2019-05-16 10:45:29 +03:00
|
|
|
unAuthRole corsCfg enableConsole consoleAssetsDir
|
2019-05-16 09:13:25 +03:00
|
|
|
enableTelemetry strfyNum enabledAPIs lqOpts enableAL
|
2019-11-25 20:12:23 +03:00
|
|
|
enabledLogs serverLogLevel planCacheOptions
|
2020-04-24 10:55:51 +03:00
|
|
|
internalErrorsConfig
|
2018-12-19 14:38:33 +03:00
|
|
|
where
|
2019-04-30 08:15:23 +03:00
|
|
|
#ifdef DeveloperAPIs
|
2019-06-11 16:29:03 +03:00
|
|
|
defaultAPIs = [METADATA,GRAPHQL,PGDUMP,CONFIG,DEVELOPER]
|
2019-04-30 08:15:23 +03:00
|
|
|
#else
|
2019-06-11 16:29:03 +03:00
|
|
|
defaultAPIs = [METADATA,GRAPHQL,PGDUMP,CONFIG]
|
2019-04-30 08:15:23 +03:00
|
|
|
#endif
|
2019-01-18 17:20:41 +03:00
|
|
|
mkConnParams (RawConnParams s c i p) = do
|
2018-12-19 14:38:33 +03:00
|
|
|
stripes <- fromMaybe 1 <$> withEnv s (fst pgStripesEnv)
|
2019-12-12 23:10:04 +03:00
|
|
|
-- Note: by Little's Law we can expect e.g. (with 50 max connections) a
|
|
|
|
-- hard throughput cap at 1000RPS when db queries take 50ms on average:
|
2018-12-19 14:38:33 +03:00
|
|
|
conns <- fromMaybe 50 <$> withEnv c (fst pgConnsEnv)
|
|
|
|
iTime <- fromMaybe 180 <$> withEnv i (fst pgTimeoutEnv)
|
2019-01-18 17:20:41 +03:00
|
|
|
allowPrepare <- fromMaybe True <$> withEnv p (fst pgUsePrepareEnv)
|
|
|
|
return $ Q.ConnParams stripes conns iTime allowPrepare
|
2018-12-19 14:38:33 +03:00
|
|
|
|
|
|
|
mkAuthHook (AuthHookG mUrl mType) = do
|
|
|
|
mUrlEnv <- withEnv mUrl $ fst authHookEnv
|
2019-01-04 09:42:36 +03:00
|
|
|
authModeM <- withEnv mType (fst authHookModeEnv)
|
|
|
|
ty <- maybe (authHookTyEnv mType) return authModeM
|
2018-12-19 14:38:33 +03:00
|
|
|
return (flip AuthHookG ty <$> mUrlEnv)
|
|
|
|
|
2019-01-04 09:42:36 +03:00
|
|
|
-- Also support HASURA_GRAPHQL_AUTH_HOOK_TYPE
|
|
|
|
-- TODO:- drop this in next major update
|
|
|
|
authHookTyEnv mType = fromMaybe AHTGet <$>
|
|
|
|
withEnv mType "HASURA_GRAPHQL_AUTH_HOOK_TYPE"
|
|
|
|
|
2019-03-04 10:46:53 +03:00
|
|
|
mkCorsConfig mCfg = do
|
2020-02-03 14:13:03 +03:00
|
|
|
corsDisabled <- withEnvBool False (fst corsDisableEnv)
|
|
|
|
corsCfg <- if corsDisabled
|
|
|
|
then return (CCDisabled True)
|
|
|
|
else fromMaybe CCAllowAll <$> withEnv mCfg (fst corsDomainEnv)
|
|
|
|
|
2019-03-04 10:46:53 +03:00
|
|
|
readCookVal <- withEnvBool (rsoWsReadCookie rso) (fst wsReadCookieEnv)
|
|
|
|
wsReadCookie <- case (isCorsDisabled corsCfg, readCookVal) of
|
|
|
|
(True, _) -> return readCookVal
|
|
|
|
(False, True) -> throwError $ fst wsReadCookieEnv
|
|
|
|
<> " can only be used when CORS is disabled"
|
|
|
|
(False, False) -> return False
|
|
|
|
return $ case corsCfg of
|
|
|
|
CCDisabled _ -> CCDisabled wsReadCookie
|
|
|
|
_ -> corsCfg
|
|
|
|
|
2019-04-17 12:48:41 +03:00
|
|
|
mkLQOpts = do
|
2019-08-28 15:19:21 +03:00
|
|
|
mxRefetchIntM <- withEnv (rsoMxRefetchInt rso) $ fst mxRefetchDelayEnv
|
|
|
|
mxBatchSizeM <- withEnv (rsoMxBatchSize rso) $ fst mxBatchSizeEnv
|
|
|
|
return $ LQ.mkLiveQueriesOptions mxBatchSizeM mxRefetchIntM
|
2019-04-17 12:48:41 +03:00
|
|
|
|
2018-12-14 06:21:41 +03:00
|
|
|
|
|
|
|
mkExamplesDoc :: [[String]] -> PP.Doc
|
|
|
|
mkExamplesDoc exampleLines =
|
|
|
|
PP.text "Examples: " PP.<$> PP.indent 2 (PP.vsep examples)
|
|
|
|
where
|
|
|
|
examples = map PP.text $ intercalate [""] exampleLines
|
|
|
|
|
|
|
|
mkEnvVarDoc :: [(String, String)] -> PP.Doc
|
|
|
|
mkEnvVarDoc envVars =
|
|
|
|
PP.text "Environment variables: " PP.<$>
|
|
|
|
PP.indent 2 (PP.vsep $ map mkEnvVarLine envVars)
|
|
|
|
where
|
|
|
|
mkEnvVarLine (var, desc) =
|
2019-01-28 16:55:28 +03:00
|
|
|
(PP.fillBreak 40 (PP.text var) PP.<+> prettifyDesc desc) <> PP.hardline
|
2018-12-14 06:21:41 +03:00
|
|
|
prettifyDesc = PP.align . PP.fillSep . map PP.text . words
|
|
|
|
|
|
|
|
mainCmdFooter :: PP.Doc
|
|
|
|
mainCmdFooter =
|
|
|
|
examplesDoc PP.<$> PP.text "" PP.<$> envVarDoc
|
|
|
|
where
|
|
|
|
examplesDoc = mkExamplesDoc examples
|
|
|
|
examples =
|
|
|
|
[
|
|
|
|
[ "# Serve GraphQL Engine on default port (8080) with console disabled"
|
|
|
|
, "graphql-engine --database-url <database-url> serve"
|
|
|
|
]
|
|
|
|
, [ "# For more options, checkout"
|
|
|
|
, "graphql-engine serve --help"
|
|
|
|
]
|
|
|
|
]
|
|
|
|
|
2019-03-12 08:46:27 +03:00
|
|
|
envVarDoc = mkEnvVarDoc [databaseUrlEnv, retriesNumEnv]
|
2018-12-14 06:21:41 +03:00
|
|
|
|
|
|
|
databaseUrlEnv :: (String, String)
|
|
|
|
databaseUrlEnv =
|
|
|
|
( "HASURA_GRAPHQL_DATABASE_URL"
|
|
|
|
, "Postgres database URL. Example postgres://foo:bar@example.com:2345/database"
|
|
|
|
)
|
|
|
|
|
|
|
|
serveCmdFooter :: PP.Doc
|
|
|
|
serveCmdFooter =
|
|
|
|
examplesDoc PP.<$> PP.text "" PP.<$> envVarDoc
|
|
|
|
where
|
|
|
|
examplesDoc = mkExamplesDoc examples
|
|
|
|
examples =
|
|
|
|
[
|
|
|
|
[ "# Start GraphQL Engine on default port (8080) with console enabled"
|
|
|
|
, "graphql-engine --database-url <database-url> serve --enable-console"
|
|
|
|
]
|
|
|
|
, [ "# Start GraphQL Engine on default port (8080) with console disabled"
|
|
|
|
, "graphql-engine --database-url <database-url> serve"
|
|
|
|
]
|
|
|
|
, [ "# Start GraphQL Engine on a different port (say 9090) with console disabled"
|
|
|
|
, "graphql-engine --database-url <database-url> serve --server-port 9090"
|
|
|
|
]
|
2019-02-14 12:37:47 +03:00
|
|
|
, [ "# Start GraphQL Engine with admin secret key"
|
|
|
|
, "graphql-engine --database-url <database-url> serve --admin-secret <adminsecretkey>"
|
2018-12-14 06:21:41 +03:00
|
|
|
]
|
|
|
|
, [ "# Start GraphQL Engine with restrictive CORS policy (only allow https://example.com:8080)"
|
|
|
|
, "graphql-engine --database-url <database-url> serve --cors-domain https://example.com:8080"
|
|
|
|
]
|
2019-02-14 08:58:38 +03:00
|
|
|
, [ "# Start GraphQL Engine with multiple domains for CORS (https://example.com, http://localhost:3000 and https://*.foo.bar.com)"
|
|
|
|
, "graphql-engine --database-url <database-url> serve --cors-domain \"https://example.com, https://*.foo.bar.com, http://localhost:3000\""
|
|
|
|
]
|
2018-12-14 06:21:41 +03:00
|
|
|
, [ "# Start GraphQL Engine with Authentication Webhook (GET)"
|
2019-02-14 12:37:47 +03:00
|
|
|
, "graphql-engine --database-url <database-url> serve --admin-secret <adminsecretkey>"
|
2018-12-14 06:21:41 +03:00
|
|
|
<> " --auth-hook https://mywebhook.com/get"
|
|
|
|
]
|
|
|
|
, [ "# Start GraphQL Engine with Authentication Webhook (POST)"
|
2019-02-14 12:37:47 +03:00
|
|
|
, "graphql-engine --database-url <database-url> serve --admin-secret <adminsecretkey>"
|
2018-12-14 06:21:41 +03:00
|
|
|
<> " --auth-hook https://mywebhook.com/post --auth-hook-mode POST"
|
|
|
|
]
|
2019-01-28 16:55:28 +03:00
|
|
|
, [ "# Start GraphQL Engine with telemetry enabled/disabled"
|
|
|
|
, "graphql-engine --database-url <database-url> serve --enable-telemetry true|false"
|
|
|
|
]
|
2019-09-19 15:54:40 +03:00
|
|
|
, [ "# Start GraphQL Engine with HTTP compression enabled for '/v1/query' and '/v1/graphql' endpoints"
|
|
|
|
, "graphql-engine --database-url <database-url> serve --enable-compression"
|
|
|
|
]
|
2020-04-24 10:55:51 +03:00
|
|
|
, [ "# Start GraphQL Engine with enable/disable including 'internal' information in an error response for the request made by an 'admin'"
|
|
|
|
, "graphql-engine --database-url <database-url> serve --admin-internal-errors true|false"
|
|
|
|
]
|
2018-12-14 06:21:41 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
envVarDoc = mkEnvVarDoc $ envVars <> eventEnvs
|
|
|
|
envVars =
|
2019-07-11 08:37:06 +03:00
|
|
|
[ databaseUrlEnv, retriesNumEnv, servePortEnv, serveHostEnv
|
|
|
|
, pgStripesEnv, pgConnsEnv, pgTimeoutEnv, pgUsePrepareEnv, txIsoEnv
|
|
|
|
, adminSecretEnv , accessKeyEnv, authHookEnv, authHookModeEnv
|
2020-02-03 14:13:03 +03:00
|
|
|
, jwtSecretEnv, unAuthRoleEnv, corsDomainEnv, corsDisableEnv, enableConsoleEnv
|
2019-03-04 10:46:53 +03:00
|
|
|
, enableTelemetryEnv, wsReadCookieEnv, stringifyNumEnv, enabledAPIsEnv
|
2020-04-24 10:55:51 +03:00
|
|
|
, enableAllowlistEnv, enabledLogsEnv, logLevelEnv, devModeEnv
|
|
|
|
, adminInternalErrorsEnv
|
2018-12-14 06:21:41 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
eventEnvs =
|
|
|
|
[ ( "HASURA_GRAPHQL_EVENTS_HTTP_POOL_SIZE"
|
|
|
|
, "Max event threads"
|
|
|
|
)
|
|
|
|
, ( "HASURA_GRAPHQL_EVENTS_FETCH_INTERVAL"
|
2020-04-24 10:55:51 +03:00
|
|
|
, "Interval in milliseconds to sleep before trying to fetch events again after a "
|
2020-03-11 09:27:31 +03:00
|
|
|
<> "fetch returned no events from postgres."
|
2018-12-14 06:21:41 +03:00
|
|
|
)
|
|
|
|
]
|
|
|
|
|
2019-03-12 08:46:27 +03:00
|
|
|
retriesNumEnv :: (String, String)
|
|
|
|
retriesNumEnv =
|
|
|
|
( "HASURA_GRAPHQL_NO_OF_RETRIES"
|
|
|
|
, "No.of retries if Postgres connection error occurs (default: 1)"
|
|
|
|
)
|
|
|
|
|
2018-12-14 06:21:41 +03:00
|
|
|
servePortEnv :: (String, String)
|
|
|
|
servePortEnv =
|
|
|
|
( "HASURA_GRAPHQL_SERVER_PORT"
|
|
|
|
, "Port on which graphql-engine should be served (default: 8080)"
|
|
|
|
)
|
|
|
|
|
2019-01-11 14:07:13 +03:00
|
|
|
serveHostEnv :: (String, String)
|
|
|
|
serveHostEnv =
|
|
|
|
( "HASURA_GRAPHQL_SERVER_HOST"
|
|
|
|
, "Host on which graphql-engine will listen (default: *)"
|
|
|
|
)
|
|
|
|
|
2018-12-14 06:21:41 +03:00
|
|
|
pgConnsEnv :: (String, String)
|
|
|
|
pgConnsEnv =
|
|
|
|
( "HASURA_GRAPHQL_PG_CONNECTIONS"
|
2019-12-12 23:10:04 +03:00
|
|
|
, "Maximum number of Postgres connections that can be opened per stripe (default: 50). "
|
|
|
|
<> "When the maximum is reached we will block until a new connection becomes available, "
|
|
|
|
<> "even if there is capacity in other stripes."
|
2018-12-14 06:21:41 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
pgStripesEnv :: (String, String)
|
|
|
|
pgStripesEnv =
|
|
|
|
( "HASURA_GRAPHQL_PG_STRIPES"
|
2019-12-12 23:10:04 +03:00
|
|
|
, "Number of stripes (distinct sub-pools) to maintain with Postgres (default: 1). "
|
|
|
|
<> "New connections will be taken from a particular stripe pseudo-randomly."
|
2019-05-27 11:16:53 +03:00
|
|
|
)
|
2018-12-14 06:21:41 +03:00
|
|
|
|
|
|
|
pgTimeoutEnv :: (String, String)
|
|
|
|
pgTimeoutEnv =
|
|
|
|
( "HASURA_GRAPHQL_PG_TIMEOUT"
|
|
|
|
, "Each connection's idle time before it is closed (default: 180 sec)"
|
|
|
|
)
|
|
|
|
|
2019-01-18 17:20:41 +03:00
|
|
|
pgUsePrepareEnv :: (String, String)
|
|
|
|
pgUsePrepareEnv =
|
|
|
|
( "HASURA_GRAPHQL_USE_PREPARED_STATEMENTS"
|
2019-02-14 08:58:38 +03:00
|
|
|
, "Use prepared statements for queries (default: true)"
|
2019-01-18 17:20:41 +03:00
|
|
|
)
|
|
|
|
|
2018-12-14 06:21:41 +03:00
|
|
|
txIsoEnv :: (String, String)
|
|
|
|
txIsoEnv =
|
|
|
|
( "HASURA_GRAPHQL_TX_ISOLATION"
|
|
|
|
, "transaction isolation. read-committed / repeatable-read / serializable (default: read-commited)"
|
|
|
|
)
|
|
|
|
|
|
|
|
accessKeyEnv :: (String, String)
|
|
|
|
accessKeyEnv =
|
|
|
|
( "HASURA_GRAPHQL_ACCESS_KEY"
|
2019-02-14 12:37:47 +03:00
|
|
|
, "Admin secret key, required to access this instance (deprecated: use HASURA_GRAPHQL_ADMIN_SECRET instead)"
|
|
|
|
)
|
|
|
|
|
|
|
|
adminSecretEnv :: (String, String)
|
|
|
|
adminSecretEnv =
|
|
|
|
( "HASURA_GRAPHQL_ADMIN_SECRET"
|
|
|
|
, "Admin Secret key, required to access this instance"
|
2018-12-14 06:21:41 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
authHookEnv :: (String, String)
|
|
|
|
authHookEnv =
|
|
|
|
( "HASURA_GRAPHQL_AUTH_HOOK"
|
2019-02-14 08:58:38 +03:00
|
|
|
, "URL of the authorization webhook required to authorize requests"
|
2018-12-14 06:21:41 +03:00
|
|
|
)
|
|
|
|
|
2019-01-04 09:42:36 +03:00
|
|
|
authHookModeEnv :: (String, String)
|
|
|
|
authHookModeEnv =
|
|
|
|
( "HASURA_GRAPHQL_AUTH_HOOK_MODE"
|
2019-02-14 08:58:38 +03:00
|
|
|
, "HTTP method to use for authorization webhook (default: GET)"
|
2018-12-14 06:21:41 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
jwtSecretEnv :: (String, String)
|
|
|
|
jwtSecretEnv =
|
|
|
|
( "HASURA_GRAPHQL_JWT_SECRET"
|
|
|
|
, jwtSecretHelp
|
|
|
|
)
|
|
|
|
|
|
|
|
unAuthRoleEnv :: (String, String)
|
|
|
|
unAuthRoleEnv =
|
|
|
|
( "HASURA_GRAPHQL_UNAUTHORIZED_ROLE"
|
2019-02-14 12:37:47 +03:00
|
|
|
, "Unauthorized role, used when admin-secret is not sent in admin-secret only mode "
|
2018-12-14 06:21:41 +03:00
|
|
|
++ "or \"Authorization\" header is absent in JWT mode"
|
|
|
|
)
|
|
|
|
|
2020-02-03 14:13:03 +03:00
|
|
|
corsDisableEnv :: (String, String)
|
|
|
|
corsDisableEnv =
|
|
|
|
( "HASURA_GRAPHQL_DISABLE_CORS"
|
|
|
|
, "Disable CORS. Do not send any CORS headers on any request"
|
|
|
|
)
|
|
|
|
|
2018-12-14 06:21:41 +03:00
|
|
|
corsDomainEnv :: (String, String)
|
|
|
|
corsDomainEnv =
|
|
|
|
( "HASURA_GRAPHQL_CORS_DOMAIN"
|
2019-02-14 08:58:38 +03:00
|
|
|
, "CSV of list of domains, excluding scheme (http/https) and including port, "
|
|
|
|
++ "to allow CORS for. Wildcard domains are allowed. See docs for details."
|
2018-12-14 06:21:41 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
enableConsoleEnv :: (String, String)
|
|
|
|
enableConsoleEnv =
|
|
|
|
( "HASURA_GRAPHQL_ENABLE_CONSOLE"
|
2019-09-19 15:54:40 +03:00
|
|
|
, "Enable API Console (default: false)"
|
2018-12-14 06:21:41 +03:00
|
|
|
)
|
|
|
|
|
2019-01-28 16:55:28 +03:00
|
|
|
enableTelemetryEnv :: (String, String)
|
|
|
|
enableTelemetryEnv =
|
|
|
|
( "HASURA_GRAPHQL_ENABLE_TELEMETRY"
|
|
|
|
-- TODO: better description
|
|
|
|
, "Enable anonymous telemetry (default: true)"
|
|
|
|
)
|
|
|
|
|
2019-03-04 10:46:53 +03:00
|
|
|
wsReadCookieEnv :: (String, String)
|
|
|
|
wsReadCookieEnv =
|
|
|
|
( "HASURA_GRAPHQL_WS_READ_COOKIE"
|
|
|
|
, "Read cookie on WebSocket initial handshake, even when CORS is disabled."
|
|
|
|
++ " This can be a potential security flaw! Please make sure you know "
|
|
|
|
++ "what you're doing."
|
|
|
|
++ "This configuration is only applicable when CORS is disabled."
|
|
|
|
)
|
|
|
|
|
2019-03-01 14:45:04 +03:00
|
|
|
stringifyNumEnv :: (String, String)
|
|
|
|
stringifyNumEnv =
|
|
|
|
( "HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES"
|
|
|
|
, "Stringify numeric types (default: false)"
|
|
|
|
)
|
|
|
|
|
2019-03-04 10:46:53 +03:00
|
|
|
enabledAPIsEnv :: (String, String)
|
2019-02-28 16:53:03 +03:00
|
|
|
enabledAPIsEnv =
|
|
|
|
( "HASURA_GRAPHQL_ENABLED_APIS"
|
2019-07-11 08:37:06 +03:00
|
|
|
, "Comma separated list of enabled APIs. (default: metadata,graphql,pgdump,config)"
|
2019-02-28 16:53:03 +03:00
|
|
|
)
|
|
|
|
|
2019-05-16 10:45:29 +03:00
|
|
|
consoleAssetsDirEnv :: (String, String)
|
|
|
|
consoleAssetsDirEnv =
|
|
|
|
( "HASURA_GRAPHQL_CONSOLE_ASSETS_DIR"
|
|
|
|
, "A directory from which static assets required for console is served at"
|
|
|
|
++ "'/console/assets' path. Can be set to '/srv/console-assets' on the"
|
|
|
|
++ " default docker image to disable loading assets from CDN."
|
|
|
|
)
|
|
|
|
|
2019-07-11 08:37:06 +03:00
|
|
|
enabledLogsEnv :: (String, String)
|
|
|
|
enabledLogsEnv =
|
|
|
|
( "HASURA_GRAPHQL_ENABLED_LOG_TYPES"
|
|
|
|
, "Comma separated list of enabled log types "
|
|
|
|
<> "(default: startup,http-log,webhook-log,websocket-log)"
|
|
|
|
<> "(all: startup,http-log,webhook-log,websocket-log,query-log)"
|
|
|
|
)
|
|
|
|
|
|
|
|
logLevelEnv :: (String, String)
|
|
|
|
logLevelEnv =
|
|
|
|
( "HASURA_GRAPHQL_LOG_LEVEL"
|
|
|
|
, "Server log level (default: info) (all: error, warn, info, debug)"
|
|
|
|
)
|
|
|
|
|
2020-04-24 10:55:51 +03:00
|
|
|
devModeEnv :: (String, String)
|
|
|
|
devModeEnv =
|
|
|
|
( "HASURA_GRAPHQL_DEV_MODE"
|
|
|
|
, "Set dev mode for GraphQL requests; include 'internal' key in the errors extensions (if required) of the response"
|
|
|
|
)
|
|
|
|
|
|
|
|
adminInternalErrorsEnv :: (String, String)
|
|
|
|
adminInternalErrorsEnv =
|
|
|
|
( "HASURA_GRAPHQL_ADMIN_INTERNAL_ERRORS"
|
|
|
|
, "Enables including 'internal' information in an error response for requests made by an 'admin' (default: true)"
|
|
|
|
)
|
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
parseRawConnInfo :: Parser RawConnInfo
|
|
|
|
parseRawConnInfo =
|
2018-12-14 06:21:41 +03:00
|
|
|
RawConnInfo <$> host <*> port <*> user <*> password
|
|
|
|
<*> dbUrl <*> dbName <*> pure Nothing
|
2019-03-12 08:46:27 +03:00
|
|
|
<*> retries
|
2018-12-14 06:21:41 +03:00
|
|
|
where
|
2018-12-19 14:38:33 +03:00
|
|
|
host = optional $
|
|
|
|
strOption ( long "host" <>
|
2019-02-14 08:58:38 +03:00
|
|
|
metavar "<HOST>" <>
|
2018-12-19 14:38:33 +03:00
|
|
|
help "Postgres server host" )
|
2018-12-14 06:21:41 +03:00
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
port = optional $
|
|
|
|
option auto ( long "port" <>
|
2018-06-27 16:11:32 +03:00
|
|
|
short 'p' <>
|
2019-02-14 08:58:38 +03:00
|
|
|
metavar "<PORT>" <>
|
2018-12-19 14:38:33 +03:00
|
|
|
help "Postgres server port" )
|
2018-12-14 06:21:41 +03:00
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
user = optional $
|
|
|
|
strOption ( long "user" <>
|
2018-06-27 16:11:32 +03:00
|
|
|
short 'u' <>
|
2019-02-14 08:58:38 +03:00
|
|
|
metavar "<USER>" <>
|
2018-12-19 14:38:33 +03:00
|
|
|
help "Database user name" )
|
2018-12-14 06:21:41 +03:00
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
password =
|
2018-12-14 06:21:41 +03:00
|
|
|
strOption ( long "password" <>
|
2019-02-14 08:58:38 +03:00
|
|
|
metavar "<PASSWORD>" <>
|
2018-06-27 16:11:32 +03:00
|
|
|
value "" <>
|
2018-12-19 14:38:33 +03:00
|
|
|
help "Password of the user"
|
|
|
|
)
|
2018-12-14 06:21:41 +03:00
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
dbUrl = optional $
|
|
|
|
strOption
|
|
|
|
( long "database-url" <>
|
2019-02-14 08:58:38 +03:00
|
|
|
metavar "<DATABASE-URL>" <>
|
2018-12-19 14:38:33 +03:00
|
|
|
help (snd databaseUrlEnv)
|
|
|
|
)
|
2018-12-14 06:21:41 +03:00
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
dbName = optional $
|
|
|
|
strOption ( long "dbname" <>
|
2018-06-27 16:11:32 +03:00
|
|
|
short 'd' <>
|
2019-02-14 08:58:38 +03:00
|
|
|
metavar "<DBNAME>" <>
|
2018-12-19 14:38:33 +03:00
|
|
|
help "Database name to connect to"
|
|
|
|
)
|
2019-03-12 08:46:27 +03:00
|
|
|
retries = optional $
|
|
|
|
option auto ( long "retries" <>
|
|
|
|
metavar "NO OF RETRIES" <>
|
|
|
|
help (snd retriesNumEnv)
|
|
|
|
)
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2019-09-06 01:59:26 +03:00
|
|
|
mkConnInfo :: RawConnInfo -> Either String Q.ConnInfo
|
2019-07-22 15:47:13 +03:00
|
|
|
mkConnInfo (RawConnInfo mHost mPort mUser password mURL mDB opts mRetries) =
|
2019-09-06 01:59:26 +03:00
|
|
|
Q.ConnInfo retries <$>
|
2018-12-14 06:21:41 +03:00
|
|
|
case (mHost, mPort, mUser, mDB, mURL) of
|
2018-06-28 13:49:40 +03:00
|
|
|
|
2018-06-27 16:11:32 +03:00
|
|
|
(Just host, Just port, Just user, Just db, Nothing) ->
|
2019-09-06 01:59:26 +03:00
|
|
|
return $ Q.CDOptions $ Q.ConnOptions host port user password db opts
|
2018-06-28 13:49:40 +03:00
|
|
|
|
2019-09-06 01:59:26 +03:00
|
|
|
(_, _, _, _, Just dbURL) ->
|
|
|
|
return $ Q.CDDatabaseURI $ TE.encodeUtf8 $ T.pack dbURL
|
2018-06-28 13:49:40 +03:00
|
|
|
_ -> throwError $ "Invalid options. "
|
|
|
|
++ "Expecting all database connection params "
|
|
|
|
++ "(host, port, user, dbname, password) or "
|
2018-07-06 08:13:46 +03:00
|
|
|
++ "database-url (HASURA_GRAPHQL_DATABASE_URL)"
|
2018-06-28 13:49:40 +03:00
|
|
|
where
|
2019-03-12 08:46:27 +03:00
|
|
|
retries = fromMaybe 1 mRetries
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
parseTxIsolation :: Parser (Maybe Q.TxIsolation)
|
|
|
|
parseTxIsolation = optional $
|
|
|
|
option (eitherReader readIsoLevel)
|
|
|
|
( long "tx-iso" <>
|
|
|
|
short 'i' <>
|
2019-02-14 08:58:38 +03:00
|
|
|
metavar "<TXISO>" <>
|
2018-12-19 14:38:33 +03:00
|
|
|
help (snd txIsoEnv)
|
|
|
|
)
|
|
|
|
|
|
|
|
parseConnParams :: Parser RawConnParams
|
|
|
|
parseConnParams =
|
2019-01-18 17:20:41 +03:00
|
|
|
RawConnParams <$> stripes <*> conns <*> timeout <*> allowPrepare
|
2018-12-14 06:21:41 +03:00
|
|
|
where
|
2018-12-19 14:38:33 +03:00
|
|
|
stripes = optional $
|
|
|
|
option auto
|
2018-12-14 06:21:41 +03:00
|
|
|
( long "stripes" <>
|
|
|
|
short 's' <>
|
2019-02-14 08:58:38 +03:00
|
|
|
metavar "<NO OF STRIPES>" <>
|
2018-12-19 14:38:33 +03:00
|
|
|
help (snd pgStripesEnv)
|
2018-12-14 06:21:41 +03:00
|
|
|
)
|
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
conns = optional $
|
|
|
|
option auto
|
2018-12-14 06:21:41 +03:00
|
|
|
( long "connections" <>
|
2018-06-27 16:11:32 +03:00
|
|
|
short 'c' <>
|
2019-02-14 08:58:38 +03:00
|
|
|
metavar "<NO OF CONNS>" <>
|
2018-12-19 14:38:33 +03:00
|
|
|
help (snd pgConnsEnv)
|
2018-12-14 06:21:41 +03:00
|
|
|
)
|
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
timeout = optional $
|
|
|
|
option auto
|
2018-12-14 06:21:41 +03:00
|
|
|
( long "timeout" <>
|
2019-02-14 08:58:38 +03:00
|
|
|
metavar "<SECONDS>" <>
|
2018-12-19 14:38:33 +03:00
|
|
|
help (snd pgTimeoutEnv)
|
2018-11-15 07:55:39 +03:00
|
|
|
)
|
2019-01-18 17:20:41 +03:00
|
|
|
allowPrepare = optional $
|
2020-04-24 12:10:53 +03:00
|
|
|
option (eitherReader parseStringAsBool)
|
2019-01-18 17:20:41 +03:00
|
|
|
( long "use-prepared-statements" <>
|
2019-02-14 08:58:38 +03:00
|
|
|
metavar "<true|false>" <>
|
2019-01-18 17:20:41 +03:00
|
|
|
help (snd pgUsePrepareEnv)
|
|
|
|
)
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
parseServerPort :: Parser (Maybe Int)
|
|
|
|
parseServerPort = optional $
|
|
|
|
option auto
|
2018-12-14 06:21:41 +03:00
|
|
|
( long "server-port" <>
|
2019-02-14 08:58:38 +03:00
|
|
|
metavar "<PORT>" <>
|
2018-12-19 14:38:33 +03:00
|
|
|
help (snd servePortEnv)
|
2018-12-14 06:21:41 +03:00
|
|
|
)
|
2018-12-19 14:38:33 +03:00
|
|
|
|
2019-01-11 14:07:13 +03:00
|
|
|
parseServerHost :: Parser (Maybe HostPreference)
|
|
|
|
parseServerHost = optional $ strOption ( long "server-host" <>
|
2019-02-14 08:58:38 +03:00
|
|
|
metavar "<HOST>" <>
|
2019-01-11 14:07:13 +03:00
|
|
|
help "Host on which graphql-engine will listen (default: *)"
|
|
|
|
)
|
|
|
|
|
2019-02-14 12:37:47 +03:00
|
|
|
parseAccessKey :: Parser (Maybe AdminSecret)
|
2018-12-19 14:38:33 +03:00
|
|
|
parseAccessKey =
|
2019-02-14 12:37:47 +03:00
|
|
|
optional $ AdminSecret <$>
|
2018-12-19 14:38:33 +03:00
|
|
|
strOption ( long "access-key" <>
|
2019-02-14 12:37:47 +03:00
|
|
|
metavar "ADMIN SECRET KEY (DEPRECATED: USE --admin-secret)" <>
|
|
|
|
help (snd adminSecretEnv)
|
|
|
|
)
|
|
|
|
|
|
|
|
parseAdminSecret :: Parser (Maybe AdminSecret)
|
|
|
|
parseAdminSecret =
|
|
|
|
optional $ AdminSecret <$>
|
|
|
|
strOption ( long "admin-secret" <>
|
|
|
|
metavar "ADMIN SECRET KEY" <>
|
|
|
|
help (snd adminSecretEnv)
|
2018-12-19 14:38:33 +03:00
|
|
|
)
|
add support for jwt authorization (close #186) (#255)
The API:
1. HGE has `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var. The value of which is a JSON.
2. The structure of this JSON is: `{"type": "<standard-JWT-algorithms>", "key": "<the-key>"}`
`type` : Standard JWT algos : `HS256`, `RS256`, `RS512` etc. (see jwt.io).
`key`:
i. Incase of symmetric key, the key as it is.
ii. Incase of asymmetric keys, only the public key, in a PEM encoded string or as a X509 certificate.
3. The claims in the JWT token must contain the following:
i. `x-hasura-default-role` field: default role of that user
ii. `x-hasura-allowed-roles` : A list of allowed roles for the user. The default role is overriden by `x-hasura-role` header.
4. The claims in the JWT token, can have other `x-hasura-*` fields where their values can only be strings.
5. The JWT tokens are sent as `Authorization: Bearer <token>` headers.
---
To test:
1. Generate a shared secret (for HMAC-SHA256) or RSA key pair.
2. Goto https://jwt.io/ , add the keys
3. Edit the claims to have `x-hasura-role` (mandatory) and other `x-hasura-*` fields. Add permissions related to the claims to test permissions.
4. Start HGE with `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var, which takes a JSON string: `{"type": "HS256", "key": "mylongsharedsecret"}` or `{"type":"RS256", "key": "<PEM-encoded-public-key>"}`
5. Copy the JWT token from jwt.io and use it in the `Authorization: Bearer <token>` header.
---
TODO: Support EC public keys. It is blocked on frasertweedale/hs-jose#61
2018-08-30 13:32:09 +03:00
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
parseWebHook :: Parser RawAuthHook
|
|
|
|
parseWebHook =
|
|
|
|
AuthHookG <$> url <*> urlType
|
2018-12-14 06:21:41 +03:00
|
|
|
where
|
2018-12-19 14:38:33 +03:00
|
|
|
url = optional $
|
|
|
|
strOption ( long "auth-hook" <>
|
2019-02-14 08:58:38 +03:00
|
|
|
metavar "<WEB HOOK URL>" <>
|
2018-12-19 14:38:33 +03:00
|
|
|
help (snd authHookEnv)
|
|
|
|
)
|
|
|
|
urlType = optional $
|
|
|
|
option (eitherReader readHookType)
|
2018-12-14 06:21:41 +03:00
|
|
|
( long "auth-hook-mode" <>
|
2019-02-14 08:58:38 +03:00
|
|
|
metavar "<GET|POST>" <>
|
2019-01-04 09:42:36 +03:00
|
|
|
help (snd authHookModeEnv)
|
2018-12-14 06:21:41 +03:00
|
|
|
)
|
|
|
|
|
2019-07-11 08:37:06 +03:00
|
|
|
parseJwtSecret :: Parser (Maybe JWTConfig)
|
2018-12-19 14:38:33 +03:00
|
|
|
parseJwtSecret =
|
2019-07-11 08:37:06 +03:00
|
|
|
optional $
|
|
|
|
option (eitherReader readJson)
|
|
|
|
( long "jwt-secret" <>
|
|
|
|
metavar "<JSON CONFIG>" <>
|
|
|
|
help (snd jwtSecretEnv)
|
|
|
|
)
|
add support for jwt authorization (close #186) (#255)
The API:
1. HGE has `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var. The value of which is a JSON.
2. The structure of this JSON is: `{"type": "<standard-JWT-algorithms>", "key": "<the-key>"}`
`type` : Standard JWT algos : `HS256`, `RS256`, `RS512` etc. (see jwt.io).
`key`:
i. Incase of symmetric key, the key as it is.
ii. Incase of asymmetric keys, only the public key, in a PEM encoded string or as a X509 certificate.
3. The claims in the JWT token must contain the following:
i. `x-hasura-default-role` field: default role of that user
ii. `x-hasura-allowed-roles` : A list of allowed roles for the user. The default role is overriden by `x-hasura-role` header.
4. The claims in the JWT token, can have other `x-hasura-*` fields where their values can only be strings.
5. The JWT tokens are sent as `Authorization: Bearer <token>` headers.
---
To test:
1. Generate a shared secret (for HMAC-SHA256) or RSA key pair.
2. Goto https://jwt.io/ , add the keys
3. Edit the claims to have `x-hasura-role` (mandatory) and other `x-hasura-*` fields. Add permissions related to the claims to test permissions.
4. Start HGE with `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var, which takes a JSON string: `{"type": "HS256", "key": "mylongsharedsecret"}` or `{"type":"RS256", "key": "<PEM-encoded-public-key>"}`
5. Copy the JWT token from jwt.io and use it in the `Authorization: Bearer <token>` header.
---
TODO: Support EC public keys. It is blocked on frasertweedale/hs-jose#61
2018-08-30 13:32:09 +03:00
|
|
|
|
|
|
|
jwtSecretHelp :: String
|
|
|
|
jwtSecretHelp = "The JSON containing type and the JWK used for verifying. e.g: "
|
2018-09-07 09:00:50 +03:00
|
|
|
<> "`{\"type\": \"HS256\", \"key\": \"<your-hmac-shared-secret>\", \"claims_namespace\": \"<optional-custom-claims-key-name>\"}`,"
|
|
|
|
<> "`{\"type\": \"RS256\", \"key\": \"<your-PEM-RSA-public-key>\", \"claims_namespace\": \"<optional-custom-claims-key-name>\"}`"
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
parseUnAuthRole :: Parser (Maybe RoleName)
|
2020-04-24 12:10:53 +03:00
|
|
|
parseUnAuthRole = fmap mkRoleName' $ optional $
|
2019-07-11 12:00:45 +03:00
|
|
|
strOption ( long "unauthorized-role" <>
|
|
|
|
metavar "<ROLE>" <>
|
|
|
|
help (snd unAuthRoleEnv)
|
|
|
|
)
|
|
|
|
where
|
2020-04-24 12:10:53 +03:00
|
|
|
mkRoleName' mText = mText >>= mkRoleName
|
2018-07-06 08:13:46 +03:00
|
|
|
|
2019-02-14 08:58:38 +03:00
|
|
|
parseCorsConfig :: Parser (Maybe CorsConfig)
|
|
|
|
parseCorsConfig = mapCC <$> disableCors <*> corsDomain
|
2018-12-14 06:21:41 +03:00
|
|
|
where
|
2019-02-14 08:58:38 +03:00
|
|
|
corsDomain = optional $
|
|
|
|
option (eitherReader readCorsDomains)
|
|
|
|
( long "cors-domain" <>
|
|
|
|
metavar "<DOMAINS>" <>
|
|
|
|
help (snd corsDomainEnv)
|
|
|
|
)
|
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
disableCors =
|
2018-12-14 06:21:41 +03:00
|
|
|
switch ( long "disable-cors" <>
|
2020-02-03 14:13:03 +03:00
|
|
|
help (snd corsDisableEnv)
|
2018-06-27 16:11:32 +03:00
|
|
|
)
|
|
|
|
|
2019-02-14 08:58:38 +03:00
|
|
|
mapCC isDisabled domains =
|
2019-03-04 10:46:53 +03:00
|
|
|
bool domains (Just $ CCDisabled False) isDisabled
|
2019-02-14 08:58:38 +03:00
|
|
|
|
2018-12-19 14:38:33 +03:00
|
|
|
parseEnableConsole :: Parser Bool
|
|
|
|
parseEnableConsole =
|
|
|
|
switch ( long "enable-console" <>
|
|
|
|
help (snd enableConsoleEnv)
|
|
|
|
)
|
2019-01-02 14:24:17 +03:00
|
|
|
|
2019-05-16 10:45:29 +03:00
|
|
|
parseConsoleAssetsDir :: Parser (Maybe Text)
|
|
|
|
parseConsoleAssetsDir = optional $
|
|
|
|
option (eitherReader fromEnv)
|
|
|
|
( long "console-assets-dir" <>
|
|
|
|
help (snd consoleAssetsDirEnv)
|
|
|
|
)
|
|
|
|
|
2019-01-28 16:55:28 +03:00
|
|
|
parseEnableTelemetry :: Parser (Maybe Bool)
|
|
|
|
parseEnableTelemetry = optional $
|
2020-04-24 12:10:53 +03:00
|
|
|
option (eitherReader parseStringAsBool)
|
2019-01-28 16:55:28 +03:00
|
|
|
( long "enable-telemetry" <>
|
|
|
|
help (snd enableTelemetryEnv)
|
|
|
|
)
|
|
|
|
|
2019-03-04 10:46:53 +03:00
|
|
|
parseWsReadCookie :: Parser Bool
|
|
|
|
parseWsReadCookie =
|
|
|
|
switch ( long "ws-read-cookie" <>
|
|
|
|
help (snd wsReadCookieEnv)
|
|
|
|
)
|
|
|
|
|
2019-03-01 14:45:04 +03:00
|
|
|
parseStringifyNum :: Parser Bool
|
|
|
|
parseStringifyNum =
|
|
|
|
switch ( long "stringify-numeric-types" <>
|
|
|
|
help (snd stringifyNumEnv)
|
|
|
|
)
|
|
|
|
|
2019-02-28 16:53:03 +03:00
|
|
|
parseEnabledAPIs :: Parser (Maybe [API])
|
|
|
|
parseEnabledAPIs = optional $
|
|
|
|
option (eitherReader readAPIs)
|
|
|
|
( long "enabled-apis" <>
|
|
|
|
help (snd enabledAPIsEnv)
|
|
|
|
)
|
|
|
|
|
2019-04-17 12:48:41 +03:00
|
|
|
parseMxRefetchInt :: Parser (Maybe LQ.RefetchInterval)
|
|
|
|
parseMxRefetchInt =
|
|
|
|
optional $
|
|
|
|
option (eitherReader fromEnv)
|
|
|
|
( long "live-queries-multiplexed-refetch-interval" <>
|
|
|
|
metavar "<INTERVAL(ms)>" <>
|
|
|
|
help (snd mxRefetchDelayEnv)
|
|
|
|
)
|
|
|
|
|
|
|
|
parseMxBatchSize :: Parser (Maybe LQ.BatchSize)
|
|
|
|
parseMxBatchSize =
|
|
|
|
optional $
|
|
|
|
option (eitherReader fromEnv)
|
|
|
|
( long "live-queries-multiplexed-batch-size" <>
|
|
|
|
metavar "BATCH_SIZE" <>
|
|
|
|
help (snd mxBatchSizeEnv)
|
|
|
|
)
|
|
|
|
|
2019-05-16 09:13:25 +03:00
|
|
|
parseEnableAllowlist :: Parser Bool
|
|
|
|
parseEnableAllowlist =
|
|
|
|
switch ( long "enable-allowlist" <>
|
|
|
|
help (snd enableAllowlistEnv)
|
|
|
|
)
|
|
|
|
|
2020-04-24 10:55:51 +03:00
|
|
|
parseGraphqlDevMode :: Parser Bool
|
|
|
|
parseGraphqlDevMode =
|
|
|
|
switch ( long "dev-mode" <>
|
|
|
|
help (snd devModeEnv)
|
|
|
|
)
|
|
|
|
|
|
|
|
parseGraphqlAdminInternalErrors :: Parser (Maybe Bool)
|
|
|
|
parseGraphqlAdminInternalErrors = optional $
|
|
|
|
option (eitherReader parseStrAsBool)
|
|
|
|
( long "admin-internal-errors" <>
|
|
|
|
help (snd adminInternalErrorsEnv)
|
|
|
|
)
|
|
|
|
|
2019-04-17 12:48:41 +03:00
|
|
|
mxRefetchDelayEnv :: (String, String)
|
|
|
|
mxRefetchDelayEnv =
|
|
|
|
( "HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL"
|
2019-07-11 08:37:06 +03:00
|
|
|
, "results will only be sent once in this interval (in milliseconds) for "
|
|
|
|
<> "live queries which can be multiplexed. Default: 1000 (1sec)"
|
2019-04-17 12:48:41 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
mxBatchSizeEnv :: (String, String)
|
|
|
|
mxBatchSizeEnv =
|
|
|
|
( "HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE"
|
2019-07-11 08:37:06 +03:00
|
|
|
, "multiplexed live queries are split into batches of the specified "
|
|
|
|
<> "size. Default 100. "
|
2019-04-17 12:48:41 +03:00
|
|
|
)
|
|
|
|
|
2019-05-16 09:13:25 +03:00
|
|
|
enableAllowlistEnv :: (String, String)
|
|
|
|
enableAllowlistEnv =
|
|
|
|
( "HASURA_GRAPHQL_ENABLE_ALLOWLIST"
|
|
|
|
, "Only accept allowed GraphQL queries"
|
|
|
|
)
|
|
|
|
|
2019-11-25 20:12:23 +03:00
|
|
|
planCacheSizeEnv :: (String, String)
|
|
|
|
planCacheSizeEnv =
|
|
|
|
( "HASURA_GRAPHQL_QUERY_PLAN_CACHE_SIZE"
|
|
|
|
, "The maximum number of query plans that can be cached, allowed values: 0-65535, " <>
|
|
|
|
"0 disables the cache. If this value is not set, there is no limit on the number " <>
|
|
|
|
"of plans that are cached"
|
2019-04-17 12:48:41 +03:00
|
|
|
)
|
|
|
|
|
2019-11-25 20:12:23 +03:00
|
|
|
parsePlanCacheSize :: Parser (Maybe Cache.CacheSize)
|
|
|
|
parsePlanCacheSize =
|
|
|
|
optional $
|
2020-05-13 12:17:32 +03:00
|
|
|
option (eitherReader Cache.parseCacheSize)
|
2019-11-25 20:12:23 +03:00
|
|
|
( long "query-plan-cache-size" <>
|
|
|
|
metavar "QUERY_PLAN_CACHE_SIZE" <>
|
|
|
|
help (snd planCacheSizeEnv)
|
|
|
|
)
|
|
|
|
|
2019-11-26 15:14:21 +03:00
|
|
|
parseEnabledLogs :: L.EnabledLogTypes impl => Parser (Maybe [L.EngineLogType impl])
|
2019-07-11 08:37:06 +03:00
|
|
|
parseEnabledLogs = optional $
|
2019-11-26 15:14:21 +03:00
|
|
|
option (eitherReader L.parseEnabledLogTypes)
|
2019-07-11 08:37:06 +03:00
|
|
|
( long "enabled-log-types" <>
|
|
|
|
help (snd enabledLogsEnv)
|
|
|
|
)
|
|
|
|
|
|
|
|
parseLogLevel :: Parser (Maybe L.LogLevel)
|
|
|
|
parseLogLevel = optional $
|
|
|
|
option (eitherReader readLogLevel)
|
|
|
|
( long "log-level" <>
|
|
|
|
help (snd logLevelEnv)
|
|
|
|
)
|
|
|
|
|
2019-01-02 14:24:17 +03:00
|
|
|
-- Init logging related
|
|
|
|
connInfoToLog :: Q.ConnInfo -> StartupLog
|
2019-09-06 01:59:26 +03:00
|
|
|
connInfoToLog connInfo =
|
2019-01-02 14:24:17 +03:00
|
|
|
StartupLog L.LevelInfo "postgres_connection" infoVal
|
|
|
|
where
|
2019-09-06 01:59:26 +03:00
|
|
|
Q.ConnInfo retries details = connInfo
|
|
|
|
infoVal = case details of
|
|
|
|
Q.CDDatabaseURI uri -> mkDBUriLog $ T.unpack $ bsToTxt uri
|
|
|
|
Q.CDOptions co ->
|
|
|
|
J.object [ "host" J..= Q.connHost co
|
|
|
|
, "port" J..= Q.connPort co
|
|
|
|
, "user" J..= Q.connUser co
|
|
|
|
, "database" J..= Q.connDatabase co
|
|
|
|
, "retries" J..= retries
|
|
|
|
]
|
|
|
|
|
|
|
|
mkDBUriLog uri =
|
|
|
|
case show <$> parseURI uri of
|
|
|
|
Nothing -> J.object
|
|
|
|
[ "error" J..= ("parsing database url failed" :: String)]
|
|
|
|
Just s -> J.object
|
|
|
|
[ "retries" J..= retries
|
|
|
|
, "database_url" J..= s
|
|
|
|
]
|
2019-01-02 14:24:17 +03:00
|
|
|
|
2019-11-26 15:14:21 +03:00
|
|
|
serveOptsToLog :: J.ToJSON (L.EngineLogType impl) => ServeOptions impl -> StartupLog
|
2019-01-02 14:24:17 +03:00
|
|
|
serveOptsToLog so =
|
2019-07-11 08:37:06 +03:00
|
|
|
StartupLog L.LevelInfo "server_configuration" infoVal
|
2019-01-02 14:24:17 +03:00
|
|
|
where
|
2019-11-25 20:12:23 +03:00
|
|
|
infoVal =
|
|
|
|
J.object
|
|
|
|
[ "port" J..= soPort so
|
|
|
|
, "server_host" J..= show (soHost so)
|
|
|
|
, "transaction_isolation" J..= show (soTxIso so)
|
|
|
|
, "admin_secret_set" J..= isJust (soAdminSecret so)
|
|
|
|
, "auth_hook" J..= (ahUrl <$> soAuthHook so)
|
|
|
|
, "auth_hook_mode" J..= (show . ahType <$> soAuthHook so)
|
|
|
|
, "jwt_secret" J..= (J.toJSON <$> soJwtSecret so)
|
|
|
|
, "unauth_role" J..= soUnAuthRole so
|
|
|
|
, "cors_config" J..= soCorsConfig so
|
|
|
|
, "enable_console" J..= soEnableConsole so
|
|
|
|
, "console_assets_dir" J..= soConsoleAssetsDir so
|
|
|
|
, "enable_telemetry" J..= soEnableTelemetry so
|
|
|
|
, "use_prepared_statements" J..= (Q.cpAllowPrepare . soConnParams) so
|
|
|
|
, "stringify_numeric_types" J..= soStringifyNum so
|
|
|
|
, "enabled_apis" J..= soEnabledAPIs so
|
|
|
|
, "live_query_options" J..= soLiveQueryOpts so
|
|
|
|
, "enable_allowlist" J..= soEnableAllowlist so
|
|
|
|
, "enabled_log_types" J..= soEnabledLogTypes so
|
|
|
|
, "log_level" J..= soLogLevel so
|
|
|
|
, "plan_cache_options" J..= soPlanCacheOptions so
|
|
|
|
]
|
2019-01-02 14:24:17 +03:00
|
|
|
|
2019-07-11 08:37:06 +03:00
|
|
|
mkGenericStrLog :: L.LogLevel -> T.Text -> String -> StartupLog
|
|
|
|
mkGenericStrLog logLevel k msg =
|
|
|
|
StartupLog logLevel k $ J.toJSON msg
|
|
|
|
|
|
|
|
mkGenericLog :: (J.ToJSON a) => L.LogLevel -> Text -> a -> StartupLog
|
|
|
|
mkGenericLog logLevel k msg =
|
|
|
|
StartupLog logLevel k $ J.toJSON msg
|
2019-04-17 19:29:39 +03:00
|
|
|
|
|
|
|
inconsistentMetadataLog :: SchemaCache -> StartupLog
|
|
|
|
inconsistentMetadataLog sc =
|
|
|
|
StartupLog L.LevelWarn "inconsistent_metadata" infoVal
|
|
|
|
where
|
|
|
|
infoVal = J.object ["objects" J..= scInconsistentObjs sc]
|
2019-11-25 20:12:23 +03:00
|
|
|
|
2019-11-26 15:14:21 +03:00
|
|
|
serveOptionsParser :: L.EnabledLogTypes impl => Parser (RawServeOptions impl)
|
|
|
|
serveOptionsParser =
|
2019-11-25 20:12:23 +03:00
|
|
|
RawServeOptions
|
|
|
|
<$> parseServerPort
|
|
|
|
<*> parseServerHost
|
|
|
|
<*> parseConnParams
|
|
|
|
<*> parseTxIsolation
|
|
|
|
<*> (parseAdminSecret <|> parseAccessKey)
|
|
|
|
<*> parseWebHook
|
|
|
|
<*> parseJwtSecret
|
|
|
|
<*> parseUnAuthRole
|
|
|
|
<*> parseCorsConfig
|
|
|
|
<*> parseEnableConsole
|
|
|
|
<*> parseConsoleAssetsDir
|
|
|
|
<*> parseEnableTelemetry
|
|
|
|
<*> parseWsReadCookie
|
|
|
|
<*> parseStringifyNum
|
|
|
|
<*> parseEnabledAPIs
|
|
|
|
<*> parseMxRefetchInt
|
|
|
|
<*> parseMxBatchSize
|
|
|
|
<*> parseEnableAllowlist
|
|
|
|
<*> parseEnabledLogs
|
|
|
|
<*> parseLogLevel
|
|
|
|
<*> parsePlanCacheSize
|
2020-04-24 10:55:51 +03:00
|
|
|
<*> parseGraphqlDevMode
|
|
|
|
<*> parseGraphqlAdminInternalErrors
|
2020-02-07 14:03:12 +03:00
|
|
|
|
|
|
|
-- | This implements the mapping between application versions
|
|
|
|
-- and catalog schema versions.
|
|
|
|
downgradeShortcuts :: [(String, String)]
|
2020-04-24 10:55:51 +03:00
|
|
|
downgradeShortcuts =
|
2020-02-24 17:33:56 +03:00
|
|
|
$(do let s = $(embedStringFile "src-rsr/catalog_versions.txt")
|
2020-04-24 10:55:51 +03:00
|
|
|
|
2020-02-24 17:33:56 +03:00
|
|
|
parseVersions = map (parseVersion . words) . lines
|
2020-04-24 10:55:51 +03:00
|
|
|
|
2020-02-24 17:33:56 +03:00
|
|
|
parseVersion [tag, version] = (tag, version)
|
2020-04-24 10:55:51 +03:00
|
|
|
parseVersion other = error ("unrecognized tag/catalog mapping " ++ show other)
|
|
|
|
TH.lift (parseVersions s))
|
2020-02-07 14:03:12 +03:00
|
|
|
|
|
|
|
downgradeOptionsParser :: Parser DowngradeOptions
|
2020-04-24 10:55:51 +03:00
|
|
|
downgradeOptionsParser =
|
2020-02-07 14:03:12 +03:00
|
|
|
DowngradeOptions
|
|
|
|
<$> choice
|
|
|
|
(strOption
|
|
|
|
( long "to-catalog-version" <>
|
|
|
|
metavar "<VERSION>" <>
|
|
|
|
help "The target catalog schema version (e.g. 31)"
|
|
|
|
)
|
|
|
|
: map (uncurry shortcut) downgradeShortcuts
|
|
|
|
)
|
|
|
|
<*> switch
|
|
|
|
( long "dryRun" <>
|
|
|
|
help "Don't run any migrations, just print out the SQL."
|
|
|
|
)
|
|
|
|
where
|
2020-04-24 10:55:51 +03:00
|
|
|
shortcut v catalogVersion =
|
2020-02-07 14:03:12 +03:00
|
|
|
flag' (DataString.fromString catalogVersion)
|
|
|
|
( long ("to-" <> v) <>
|
|
|
|
help ("Downgrade to graphql-engine version " <> v <> " (equivalent to --to-catalog-version " <> catalogVersion <> ")")
|
|
|
|
)
|