Commit Graph

370 Commits

Author SHA1 Message Date
Brandon Simmons
eafdda4f33
Add missing migration to initialise.sql for #3839 (#4212) 2020-03-26 23:50:45 -05:00
Phil Freeman
4ce4eb1d2f
Remove any outstanding hdb_views (fixes #3940) (#3965) 2020-03-26 15:42:33 -05:00
Rakesh Emmadi
f80b69e931
few actions' fixes and improvements (fix #3977, #4061 & close #4021) (#4109)
* add 'ID' to default scalars for custom types, fix #4061

* preserve cookie headers from sync action webhook, close #4021

* validate action webhook response to conform to output type, fix #3977

* fix tests, don't run actions' tests on PG version < 10

* update CHANGELOG.md

* no-op refactor, use types from http-network more

Co-authored-by: Vamshi Surabhi <0x777@users.noreply.github.com>
2020-03-20 12:16:45 +05:30
Brandon Simmons
4d2dbe68fa
Use AssertNF for leak prophylaxis when doing mutable writes. Closes #3937 (#4097)
Writing to a mutable var is a particularly potent source of leaks since
it mostly defeats GHC's analysis. Here we add assertions to all mutable
writes, and fix a couple spots where we wrote some thunks to a mutable
var (compiled with -O2).

Some of these thunks were probably benign, but others looked liked they
might be retaining big args. Didn't do much analysis, just fixed.

Actually pretty happy with how easy this was to use and as a diagnostic,
once I sorted out some issues. We should consider using it elsewhere,
and maybe extending so that we can use it with tests, enable when
`-fenable-assertsions` etc.

Relates #3388

Also simplified codepaths that use `AcceptWith`, which has unnecessary
`Maybe` fields.
2020-03-17 20:31:22 -05:00
Brandon Simmons
c425b554b8
server(events): utilize proper backpressure scheme (close #3839) (#4013)
* Test working through a backlog of change events

* Use a slightly more performant threaded http server in eventing pytests

This helped locally but not on CI it seems...

* Rework event processing for backpressure. Closes #3839

With loo low `HASURA_GRAPHQL_EVENTS_FETCH_INTERVAL` and/or slow webhooks
and/or too small `HASURA_GRAPHQL_EVENTS_HTTP_POOL_SIZE` we might
previously check out events from the DB faster than we can service them,
leading to space leaks, weirdness, etc.

Other changes:
- avoid fetch interval sleep latency when we previously did a non-empty
  fetch
- prefetch event batch while http pool is working
- warn when it appears we can't keep up with events being generated
- make some effort to process events in creation order so we don't
  starve older ones.

ALSO NOTE: HASURA_GRAPHQL_EVENTS_FETCH_INTERVAL changes semantics
slightly, since it only comes into play after an empty fetch. The old
semantics weren't documented in detail, so I think this is fine.
2020-03-11 11:57:31 +05:30
Vamshi Surabhi
c52bfc540d
More robust forking, exception safety. Closes #3768 (#3860)
This is the result of a general audit of how we fork threads, with a
detour into how we're using mutable state especially in websocket
codepaths, making more robust to async exceptions and exceptions
resulting from bugs.

Some highlights:
- use a wrapper around 'immortal' so threads that die due to bugs are
  restarted, and log the error
- use 'withAsync' some places
- use bracket a few places where we might break invariants
- log some codepaths that represent bugs
- export UnstructuredLog for ad hoc logging (the alternative is we
  continue not logging useful stuff)

I had to timebox this. There are a few TODOs I didn't want to address.
And we'll wait until this is merged to attempt #3705 for
Control.Concurrent.Extended
2020-03-05 23:29:26 +05:30
Vamshi Surabhi
8a648e77f3
Don't update catalog version if using --dryRun (#3970) 2020-03-05 11:12:38 +05:30
Aravind Shankar
45bcb6b536
cli, server: use prerelease tag as channel for console assets cdn (#3975)
Co-authored-by: Shahidh K Muhammed <muhammedshahid.k@gmail.com>
2020-03-04 20:10:47 +05:30
Praveen Durairaju
865b150c82
noop: replace subdomain links with subpath (#3869)
Co-authored-by: Rikin Kachhia <54616969+rikinsk@users.noreply.github.com>
2020-02-27 15:43:07 +05:30
Phil Freeman
8df0151f99
Maintain downgrade commands in a text file, update when tagging (#3933) 2020-02-24 20:03:56 +05:30
Phil Freeman
e72bd922dc
Update Init.hs for newer tags (#3931) 2020-02-24 12:45:24 +05:30
Vamshi Surabhi
b84db36ebb
allow custom mutations through actions (#3042)
* basic doc for actions

* custom_types, sync and async actions

* switch to graphql-parser-hs on github

* update docs

* metadata import/export

* webhook calls are now supported

* relationships in sync actions

* initialise.sql is now in sync with the migration file

* fix metadata tests

* allow specifying arguments of actions

* fix blacklist check on check_build_worthiness job

* track custom_types and actions related tables

* handlers are now triggered on async actions

* default to pgjson unless a field is involved in relationships, for generating definition list

* use 'true' for action filter for non admin role

* fix create_action_permission sql query

* drop permissions when dropping an action

* add a hdb_role view (and relationships) to fetch all roles in the system

* rename 'webhook' key in action definition to 'handler'

* allow templating actions wehook URLs with env vars

* add 'update_action' /v1/query type

* allow forwarding client headers by setting `forward_client_headers` in action definition

* add 'headers' configuration in action definition

* handle webhook error response based on status codes

* support array relationships for custom types

* implement single row mutation, see https://github.com/hasura/graphql-engine/issues/3731

* single row mutation: rename 'pk_columns' -> 'columns' and no-op refactor

* use top level primary key inputs for delete_by_pk & account select permissions for single row mutations

* use only REST semantics to resolve the webhook response

* use 'pk_columns' instead of 'columns' for update_by_pk input

* add python basic tests for single row mutations

* add action context (name) in webhook payload

* Async action response is accessible for non admin roles only if
  the request session vars equals to action's

* clean nulls, empty arrays for actions, custom types in export metadata

* async action mutation returns only the UUID of the action

* unit tests for URL template parser

* Basic sync actions python tests

* fix output in async query & add async tests

* add admin secret header in async actions python test

* document async action architecture in Resolve/Action.hs file

* support actions returning array of objects

* tests for list type response actions

* update docs with actions and custom types metadata API reference

* update actions python tests as per #f8e1330

Co-authored-by: Tirumarai Selvan <tirumarai.selvan@gmail.com>
Co-authored-by: Aravind Shankar <face11301@gmail.com>
Co-authored-by: Rakesh Emmadi <12475069+rakeshkky@users.noreply.github.com>
2020-02-13 23:08:23 +05:30
Phil Freeman
94102c0460
Add downgrade command (close #1156) (#3760)
* Add downgrade command

* Add docs per @lexi-lambda's suggestions

* make tests pass

* Update hdb_version once, from Haskell

* more work based on feedback

* Improve the usage message

* Small docs changes

* Test downgrades exist for each tag

* Update downgrading.rst

* Use git-log to find tags which are ancestors of the current commit

Co-authored-by: Vamshi Surabhi <0x777@users.noreply.github.com>
2020-02-07 16:33:12 +05:30
Vamshi Surabhi
2de663d2a8
Merge branch 'master' into 3759-3791-minor-metadata-build-bugfixes 2020-02-05 18:25:46 +05:30
Anon Ray
c6e34baad8
fix parsing JWK expiry time from headers on startup (fix #3655) (#3779) 2020-02-05 12:37:30 +05:30
Brandon Simmons
f506cb397f Log time spent consuming request bytes from socket. Closes #3547
Add a new 'request_read_time' to the logging record.

We also use 'withElapsedTime' to get proper monotonic clock for
'query_execution_time' as well.
2020-02-03 18:50:10 -06:00
Brandon Simmons
58ef316118 Add request timings and count histograms to telemetry. Closes #3552
We upload a set of accumulating timers and counters to track service
time for different types of operations, across several dimensions (e.g.
did we hit the plan cache, was a remote involved, etc.)

Also...

Standardize on DiffTime as a standard duration type, and try to use it
consistently.

See discussion here:
https://github.com/hasura/graphql-engine/pull/3584#pullrequestreview-340679369

It should be possible to overwrite that module so the new threadDelay
sticks per the pattern in #3705 blocked on #3558

Rename the Control.Concurrent.Extended.threadDelay to `sleep` since a
naive use with a literal argument would be very bad!

We catch a bug in 'computeTimeDiff'.

Add convenient 'Read' instances to the time unit utility types. Make
'Second' a newtype to support this.
2020-02-03 18:50:10 -06:00
Lyndon Maydwell
be6f966ce0
New ENV variable support for disabling CORS headers (close #3782) (#3785) 2020-02-03 16:43:03 +05:30
Alexis King
8ef205fba5 Explicitly invalidate enum values when metadata is reloaded
This fixes #3759. Also, while we’re at it, also improve the way
invalidations are synced across instances so enums and remote schemas
are appropriately reloaded by the schema syncing process.
2020-01-30 18:17:29 -06:00
Alexis King
5bd5a548fa
server: Parameterize the graphql-engine library over the version (#3668) 2020-01-22 15:55:55 -06:00
Karthikeyan Chinnakonda
b344e7f39c disable explain end-points when metadata API is disabled, fix #3717 (#3751) 2020-01-22 16:20:49 +05:30
Phil Freeman
9ed8f717a7 remove hdb_views for inserts (#3598)
* WIP: Remove hdb_views for inserts

* Show failing row in check constraint error

* Revert "Show failing row in check constraint error"

This reverts commit dd2cac29d0.

* Use the better query plan

* Simplify things

* fix cli test

* Update downgrading.rst

* remove 1.1 asset for cli
2020-01-16 10:23:28 +05:30
Alexis King
feb4a05618
Add fast path for server internal metadata migrations (#3686) 2020-01-14 01:09:10 -06:00
Anon Ray
dca8559703 fix cache-control header parsing for JWK (fix #3655) (#3676)
write a proper parser according to the RFC
https://tools.ietf.org/html/rfc7234#section-5.2
2020-01-13 15:56:51 -06:00
Alexis King
e47a8c4b86 incremental metadata: Clean up a few lingering loose ends
- Move MonadBase/MonadBaseControl instances for TxE into pg-client-hs
- Set the -qn2 RTS option by default to limit the parallel GC to 2
  threads
- Remove eventlog instrumentation
- Don’t rebuild the schema cache again after running a query that needs
  it to be rebuilt, since we do that explicitly now.
- Remove some redundant checks, and relocate a couple others.
2020-01-08 17:19:03 -06:00
Alexis King
e2eabcd54e Properly check that custom field names do not conflict with other fields 2020-01-08 16:45:53 -06:00
Alexis King
27997107ab Add caching for recreating event trigger functions 2020-01-08 16:45:46 -06:00
Alexis King
780857fb19 Switch to a CPS implementation of Rule
This is significantly more performance, even without specialization,
which dramatically improves compile times.
2020-01-08 16:45:46 -06:00
Alexis King
c322e8a5d4 Use a significantly more efficient table_info_agg view
Also, use the view in Schema.Diff to share some more logic.
2020-01-08 16:45:46 -06:00
Alexis King
447bac74e7 Split up Hasura.RQL.DDL.Schema.Cache
This should hopefully improve compile times by avoiding the need to
specialize everything at once.
2020-01-08 16:45:46 -06:00
Alexis King
5b969208c6 Use arrows instead of monads to define the schema cache construction 2020-01-08 16:43:06 -06:00
Alexis King
1387722970 Refactor schema cache construction to avoid imperative updates
wip: fix error codes in remote schema tests
2020-01-08 16:43:06 -06:00
Toan Nguyen
2aba7edf81 add query execution time and response size to ws-server logs in websocket transport (#3584) 2020-01-07 14:25:32 -06:00
Phil Freeman
c766881125 Support batched queries (fix #1812) (#3490) 2019-12-20 10:04:02 -06:00
nizar-m
c0038a74a5 Allow request body to be logged even with successful queries (#3529) 2019-12-16 15:02:05 -06:00
Brandon Simmons
55bc9d57ef Fix documentation of HASURA_GRAPHQL_PG_CONNECTIONS (#3495) 2019-12-12 14:10:04 -06:00
Anon Ray
b81d22f583 fix resolving user info in websocket transport (#3509)
The connection handler in websocket transport was not using the
  'UserAuthentication' interface to resolve user info. Fix resolving
  user info in websocket transport to use the common
  'UserAuthentication' interface
2019-12-10 19:04:49 -06:00
Tirumarai Selvan
ff4b2bf8b0 bulk query should not care about access mode of select or count queries (#3467) 2019-12-04 13:16:37 -06:00
Anon Ray
afd6f30e72 read cache control header to refresh JWK (fix #3301) (#3446) 2019-12-03 14:56:59 -06:00
Tirumarai Selvan
3cd656f3c7 check db connection in healthz endpoint (close #2645) (#3440)
* check db connection in healthz endpoint
* use Spock.text to automatically set Content-Type
* update docs
2019-12-03 13:18:10 -06:00
Anon Ray
c9b9ed5055 fix various functions to not create their own logger (#3439) 2019-11-28 14:33:14 +05:30
Anon Ray
490b639981 refactor some internal components (#3414) 2019-11-26 17:44:21 +05:30
Vamshi Surabhi
6abe8d7927 allow specifying an upper limit on the query plan cache size (#3012) 2019-11-25 11:12:23 -06:00
Rakesh Emmadi
9b8e6b42d1 functions can access session info via input arg (close #2322) (#3143) 2019-11-20 12:17:06 +05:30
Tirumarai Selvan
d2b2a58c0e add read_only to run_sql metadata api (#3191) 2019-11-14 18:20:18 -06:00
Tirumarai Selvan
3cad1319c4 improve event fetch query (#3236) 2019-11-13 12:59:19 +05:30
Shahidh K Muhammed
31e0225230
add tests with postgres 12 (close #2749) (#3102) 2019-10-26 11:09:57 +05:30
Rakesh Emmadi
6d92e4f9db save permissions, relationships and collections in catalog with 'is_system_defined' explicitly (#3165)
* save permissions, relationships and collections in catalog with 'is_system_defined'
* Use common stanzas in the .cabal file
* Refactor migration code into lib instead of exe
* Add new server test suite that exercises migrations
* Make graphql-engine clean succeed even if the schema does not exist
2019-10-21 11:01:05 -05:00
Rakesh Emmadi
d8d21c1487 support computed fields returning scalars or set of tables (close #1387) (#2917) 2019-10-18 13:59:47 +05:30
Ajeet D'Souza
a66fb42ce2 Make catalog metadata migrations work on all schema versions (fix #2826) (#2379)
* Separate DB and metadata migrations
* Refactor Migrate.hs to generate list of migrations at compile-time
* Replace ginger with shakespeare to improve performance
* Improve migration log messages
2019-10-11 00:13:57 -05:00
Toan Nguyen
0c74839934 add raw query field for error http log (close #2963) (#3020) 2019-10-07 13:04:33 -05:00
Rakesh Emmadi
8972dfb018 remove brotli compression (#2967)
Although brotli itself is MIT-licensed, the Haskell brotli library that provides bindings to it is GPL-licensed, so we cannot use it unless we get a response on haskell-hvr/brotli#1.
2019-10-05 02:20:50 -05:00
Vamshi Surabhi
0f143f0ea8 fixes to the subscriptions improvements introduced with #2942 (#3005)
* fix incorrect references to result variables
* remove docs/code related to 'fallback' backend
2019-10-03 14:35:55 -05:00
Rakesh Emmadi
8a0615ff70 add gzip brotli compression to http responses (close #2674) (#2751) 2019-09-19 18:24:40 +05:30
Rakesh Emmadi
9bd5826020 allow customising graphql schema for a table (close #981) (#2509)
* allow customizing GraphQL root field names, close #981

* document v2 track_table API in reference

* support customising column field names in GraphQL schema

* [docs] add custom column fields doc in API reference

* add tests

* rename 'ColField' to 'ColumnField'

* embed column's graphql field in 'PGColumnInfo'

-> Value constructor of 'PGCol' is not exposed
-> Using 'parseJSON' to construct 'PGCol' in 'FromJSON' instances

* avoid using 'Maybe TableConfig'

* refactors & 'custom_column_fields' -> 'custom_column_names'

* cli-test: add configuration field in metadata export test

* update expected keys in `FromJSON` instance of `TableMeta`

* use `buildSchemaCacheFor` to update configuration in v2 track_table

* remove 'GraphQLName' type and use 'isValidName' exposed from parser lib

* point graphql-parser-hs library git repo to hasura

* support 'set_table_custom_fields' query API & added docs and tests
2019-09-19 10:17:36 +05:30
Alexis King
264d70644b Multiplex all subscriptions, grouping them by their resolved SQL query 2019-09-16 22:00:46 -05:00
José Lorenzo Rodríguez
5609fba393 Implemented graceful shutdown for websockets (#2827) 2019-09-09 15:26:04 -05:00
Rakesh Emmadi
c148e5753a support optional parameters in database url (close #1709) (#2344) 2019-09-05 15:59:26 -07:00
Rakesh Emmadi
d9fb0f8780 use named notation for function arguments if any argument is not specified (fix #2730) (#2777)
* use positional arguments in SQL functions
* only allow omitting set of last arguments in functions
* disallow omitting of a non default argument in functions
2019-08-28 14:27:15 -05:00
Alexis King
78ec906794 server: Include number of enum tables in metrics 2019-08-26 00:54:56 -05:00
Alexis King
c46ecc72dc Refactor non-table functions out of Hasura.RQL.DDL.Table 2019-08-26 00:54:56 -05:00
Alexis King
7fa1452ca0 server: Rename a whole bunch of things
* PGTypeSimple → PGTypeScalar
* PGScalarTyped → WithScalarType
* PGColValue → PGScalarValue
* PGColInfo → PGColumnInfo
* PGRawColInfo → PGRawColumnInfo
* mkScalarSessionVar → mkTypedSessionVar
2019-08-26 00:54:56 -05:00
Alexis King
ed26da59a6 Add support for GraphQL enum types via enum table references
These changes also add a new type, PGColumnType, between PGColInfo and
PGScalarType, and they process PGRawColumnType values into PGColumnType
values during schema cache generation.
2019-08-26 00:54:56 -05:00
Vamshi Surabhi
a5a07634a5
Merge branch 'master' into dev-scripts-and-doc-tweaks 2019-08-07 12:08:46 +05:30
Anon Ray
b4a0a03631 log when request body parsing fails (fix #2555) (#2556) 2019-08-01 16:21:59 +05:30
Rakesh Emmadi
db24d3248f schema sync process will not generate garbage data (close #2542) (#2585)
schema syncing logic now requires only a single row in `hdb_schema_update_event`.
2019-07-31 14:31:48 +05:30
Brandon Simmons
bc32130d09 Clarify HASURA_GRAPHQL_EVENTS_FETCH_INTERVAL docs 2019-07-26 01:17:56 -04:00
Vamshi Surabhi
4facb3c780 remove support for query templates (#2560)
query templates is a little known feature that lets you template rql
queries and serve them as rest apis. This is not relevant anymore
given the GraphQL interface and getting rid of it reduces the dev
time when adding features in few subsystems.

This feature has never been used outside hasura's internal projects or
documented or exposed through console and hence can safely be removed.
2019-07-23 19:11:34 +00:00
Anon Ray
f2f14e727b Merge pull request from GHSA-2j98-fw5g-j43v
* fix bug in audience check while verifying JWT

  - previously the check was converting the audience type into a string
  and then comparing with the conf value. all audience types (as it is a
  string or URI) will convert to plain strings
  - use the Audience type from the jose library for comparing

* add docs for audience

* add issuer check as well

* docs minor syntax fix

* skip audience check if not given in conf

* minor docs update

* qualify import jose library
2019-07-11 09:58:39 +00:00
Ajeet D'Souza
92c4cff79e check input for empty strings for metadata api (close #2302) (#2300) 2019-07-11 09:00:45 +00:00
Anon Ray
8f1e7dbc8d breaking: server logging changes (close #507, close #2171) (#1835) 2019-07-11 05:37:06 +00:00
Vamshi Surabhi
5aa4a46e72
allow fetching gc stats through dev api (#2489) 2019-07-10 17:31:52 +05:30
Rakesh Emmadi
9eb38e6c96 cache remote schema's introspection query response (fix #1679) (#2089) 2019-07-08 11:21:41 +05:30
Ajeet D'Souza
666fd1bbc7 improve code for release channel detection (#2456) 2019-07-04 09:47:17 +00:00
Alexis King
fb3794c31a Support Node v12.x and fix tests on macOS (#2455)
* Bump node-sass to version ^4.12.0

This avoids sass/node-sass#2632, which causes compilation failures on
Node v12.x.

* Do most of the work in /pg_dump in Haskell instead of shell

The shell version caused problems on non-Linux systems since it relied
on the non-POSIX -i option for sed, which works slightly differently on
BSD and macOS.
2019-07-03 14:07:13 +05:30
Ajeet D'Souza
b184ce0188 add server version to console html (close #2444) (#2452) 2019-07-02 12:44:29 +00:00
Ajeet D'Souza
08df38aa8c add name of ci environment to telemetry data (#2382) 2019-06-26 11:53:40 +05:30
Shahidh K Muhammed
a8dd3b3deb add api to get server config details (close #1831); add jwt-analyzer (close #1369) (#1925) 2019-06-11 18:59:03 +05:30
Anon Ray
278f26b073 forward set-cookie headers from remote servers (fix #1654) (#2305) 2019-06-04 15:40:28 +05:30
Anon Ray
95a27fba89 fix response for remote schema queries over ws (fix #2246) (#2248) 2019-05-29 17:21:09 +05:30
Rakesh Emmadi
4aabbd5a28 fix and improve help description for stripes and connections (#2278) 2019-05-27 13:46:53 +05:30
Josha Inglis
277be9074e fix transaction isolation settings on server (#2211) 2019-05-20 19:48:17 +05:30
Shahidh K Muhammed
7c89e951f2 serve console assets without any authorization checks (#2201) 2019-05-16 16:58:50 +05:30
Anon Ray
81bdfafd69 ignore content-type header in auth webhook (#2197) 2019-05-16 14:41:15 +05:30
Shahidh K Muhammed
76ceb707f4
bundle console assets into server (close #516, close #521, close #2130) (#2192)
This PR builds console static assets into the server docker image at `/srv/console-assets`. When env var `HASURA_GRAPHQL_CONSOLE_ASSETS_DIR=/srv/console-assets` or flag `--console-assets-dir=/srv/console-assets` is set on the server, the files in this directory are served at `/console/assets/*`.

The console html template will have a variable called `cdnAssets: false` when this flag is set and it loads assets from server itself instead of CDN.

The assets are moved to a new bucket with a new naming scheme:

```
graphql-engine-cdn.hasura.io/console/assets/
   /common/{}
   /versioned/<version/{}
   /channel/<channel>/<version>/{}
```

Console served by CLI will still load assets from CDN - will fix that in the next release.
2019-05-16 13:15:29 +05:30
Rakesh Emmadi
0b210cc245 support allow-list for graphql queries (closes #989) (#2075) 2019-05-16 11:43:25 +05:30
Anon Ray
935eaf2211 booleans from env are case insensitve (fix #2177) (#2182) 2019-05-14 16:52:05 +05:30
Anon Ray
7d03e7af2f fix non-200 response for authorization errors on /v1/graphql (#2173) 2019-05-14 16:50:55 +05:30
Rakesh Emmadi
c6f40df6d5 close websocket connection on JWT expiry (fix #578) (#2156) 2019-05-14 11:54:46 +05:30
Tirumarai Selvan
36e49ea75b manual event triggers (close #1687) (#2077) 2019-05-13 15:11:07 +05:30
Anon Ray
a21f6cd648 introduce v1/graphql (fix #1368) (#2064)
Changes compared to `/v1alpha1/graphql`

* Changed all graphql responses in **/v1/graphql** endpoint to be 200. All graphql clients expect responses to be HTTP 200. Non-200 responses are considered transport layer errors. 

* Errors in http and websocket layer are now consistent and have similar structure.
2019-05-10 11:35:10 +05:30
Rakesh Emmadi
c4c36e0ef4 schema cache sync improvements (#2098)
* build schema cache function without db setup

The setup shouldn't happen for sync. The database is already setup by the instance which generated the event. This means that the sync is now faster.

* use SQL loop to drop hdb_views schema views and routines with ordering

This avoids deadlocks when schema is being changed concurrently

* schema sync now only processes the latest event

This becomes useful when a lot of schema change
events happen while we are still processing an
earlier event.
2019-05-03 16:12:26 +05:30
Shahidh K Muhammed
71cf017197 add an api to dump postgres schema (close #1939) (#1967) 2019-04-30 14:04:08 +05:30
Vamshi Surabhi
8389a7e273
multiplexed subscription improvements (#2081)
* split stm transactions when snapshotting to make it faster

* mx subs: push to both old and new sinks at the same time

* expose dev APIs through allowed APIs flag
2019-04-30 10:45:23 +05:30
Rakesh Emmadi
39f43bdd59 log inconsistent metadata objects only when there are any (close #2053) (#2058) 2019-04-29 11:52:48 +05:30
Rakesh Emmadi
1d7cbc7f24 recover from inconsistent database state (closes #231) (#1863) 2019-04-17 21:59:39 +05:30
Vamshi Surabhi
ce243f5899
multiplexed subscriptions (#1934)
* add types to represent unparsed http gql requests

This will help when we add caching of frequently used ASTs

* query plan caching

* move livequery to execute

* add multiplexed module

* session variable can be customised depending on the context

Previously the value was always "current_setting('hasura.user')"

* get rid of typemap requirement in reusable plan

* subscriptions are multiplexed when possible

* use lazytx for introspection to avoid acquiring a pg connection

* refactor to make execute a completely decoupled module

* don't issue a transaction for a query

* don't use current setting for explained sql

* move postgres related types to a different module

* validate variableValues on postgres before multiplexing subs

* don't user current_setting for queries over ws

* plan_cache is only visible when developer flag is enabled

* introduce 'batch size' when multiplexing subscriptions

* bump stackage to 13.16

* fix schema_stitching test case error code

* store hashes instead of actual responses for subscriptions

* internal api to dump subscriptions state

* remove PlanCache from SchemaCacheRef

* allow live query options to be configured on server startup

* capture metrics for multiplexed subscriptions

* more metrics captured for multiplexed subs

* switch to tvar based hashmap for faster snapshotting

* livequery modules do not expose internal details

* fix typo in live query env vars

* switch to hasura's pg-client-hs
2019-04-17 15:18:41 +05:30
Shahidh K Muhammed
de24cfd43a read version from env var during server build time (close #1398) (#1897)
* read version from env var at build time (close #1398)

* remove un-used imports, edit makefile

* edit makefile to add new targets and export variables

* only export VERSION in makefile

* read version by executing the script if env var is absent
2019-04-11 09:41:48 +05:30
Tirumarai Selvan
36781199d0 breaking: drop id from event_triggers table (fix #1840) (#1857) 2019-03-25 22:40:52 +05:30
Vamshi Surabhi
d61c90f1b7
validate relationship definitions on startup (#1849) 2019-03-25 14:26:29 +05:30
Vamshi Surabhi
24dcefb142
use bytestring builder to represent encoded json (#1800) 2019-03-18 21:52:21 +05:30
Rakesh Emmadi
e32f5a1fb1 sync metadata cache across multiple instances connected to same db (closes #1182) (#1574)
1. Haskel library `pg-client-hs` has been updated to expose a function that helps listen to `postgres` notifications over a `channel` in this [PR](https://github.com/hasura/pg-client-hs/pull/5)
2. The server records an event in a table `hdb_catalog.hdb_cache_update_event` whenever any `/v1/query` (that changes metadata) is requested. A trigger notifies a `cache update` event via `hasura_cache_update` channel
3. The server runs two concurrent threads namely `listener` and `processor`. The `listener` thread listens to events on `hasura_cache_update` channel and pushed into a `Queue`. The `processor` thread fetches events from that `Queue` and processes it. Thus server rebuilds schema cache from database and updates.
2019-03-12 11:16:27 +05:30
Vamshi Surabhi
98405fdc0c
allow x-hasura- req headers for jwt unauth role, closes #1686 (#1689) 2019-03-05 17:54:47 +05:30
Anon Ray
02d80c9ac6 read cookie while initialising websocket connection (fix #1660) (#1668)
* read cookie while initialising websocket connection (fix #1660)

* add tests for cookie on websocket init

* fix logic for tests

* enforce cors, and flag to force read cookie when cors disabled

  - as browsers don't enforce SOP on websockets, we enforce CORS policy
  on websocket handshake
  - if CORS is disabled, by default cookie is not read (because XSS
  risk!). Add special flag to force override this behaviour

* add log and forward origin header to webhook

  - add log notice when cors is disabled, and cookie is not read on
  websocket handshake
  - forward origin header to webhook in POST mode. So that when CORS is
  disabled, webhook can also enforce CORS independently.

* add docs, and forward all client headers to webhook
2019-03-04 13:16:53 +05:30
Rakesh Emmadi
377290a058 breaking: correct (de)serialisation of postgres numeric types in json (fix #1523) (#1662) 2019-03-01 17:15:04 +05:30
Rakesh Emmadi
6c20ca8a55 allow renaming tables, columns and relationships (close #79) (#1542) 2019-03-01 14:47:22 +05:30
nizar-m
1fa66dc622 add option to disable metadata and graphql apis (close #1088) (#1650) 2019-02-28 19:23:03 +05:30
Shahidh K Muhammed
097bfb6bfa revert "forward response headers from remote servers (#1664)"
This reverts commit c19fe35f4e.
2019-02-28 17:20:56 +05:30
Anon Ray
c19fe35f4e forward response headers from remote servers (fix #1654) (#1664) 2019-02-28 17:15:07 +05:30
nizar-m
f83a8e591f rename access-key to admin-secret (close #1347) (#1540)
Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret.

Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 15:07:47 +05:30
Anon Ray
199a24d050 add support for multiple domains in cors config (close #1436) (#1536)
Support for multiple domains (as CSV) in the `--cors-domain` flag and `HASURA_GRAPHQL_CORS_DOMAIN` env var.

Following are all valid configurations (must include scheme and optional port):
```shell
HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com:8080"
HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com, http://*.localhost, https://example.com"
HASURA_GRAPHQL_CORS_DOMAIN="*"
HASURA_GRAPHQL_CORS_DOMAIN="http://example.com, http://*.localhost, http://localhost:3000, https://*.foo.bar.com, https://foo.bar.com"
```

**Note**: top-level domains are not considered as part of wildcard domains. You have to add them separately. E.g - `https://*.foo.com` doesn't include `https://foo.com`.

The default (if the flag or env var is not specified) is `*`. Which means CORS headers are sent for all domains.
2019-02-14 11:28:38 +05:30
Anon Ray
4f6462e98f add config for stringified hasura claims in JWT (fix #1176) (#1538) 2019-02-05 17:34:16 +05:30
Rakesh Emmadi
4ef50d95c7 hdb_views should always be cleared before building schema cache (#1513) 2019-01-29 15:39:58 +05:30
Anon Ray
4ae44f7b5d add functions to server telemetry (#1500) 2019-01-28 22:16:44 +05:30
Shahidh K Muhammed
11e7c3f9d6 add anonymous telemetry (#1401) 2019-01-28 19:25:28 +05:30
Rakesh Emmadi
0bf2457e23 allow exposing postgres functions through GraphQL interface (close #333) (#1073) 2019-01-25 09:01:54 +05:30
nizar-m
916caf1575 add flag to disable prepared statements (close #1392) (#1396) 2019-01-18 19:50:41 +05:30
Rakesh Emmadi
d91d7e658a optimise 'run_sql' query, closes #1362 (#1406) 2019-01-18 16:15:59 +05:30
Nathan Stitt
1b9540f996 allow specifying network interface with "server-host" option (#1280)
* allow specifying network interface with "server-host" option

* store host value as a HostPreference

* document server-host options
2019-01-11 16:37:13 +05:30
Rakesh Emmadi
41e487d203 fix auth hook mode env var (fix #1270) (#1285)
Support HASURA_GRAPHQL_AUTH_HOOK_MODE env var for --auth-hook-mode flag.
Drop support for HASURA_GRAPHQL_AUTH_HOOK_TYPE env var in next major
update (beta/stable)
2019-01-04 12:12:36 +05:30
Rakesh Emmadi
4d9d1505dd improve startup logging, close #1236 (#1258) 2019-01-02 16:54:17 +05:30
Vamshi Surabhi
ea4d2644e8
local console during development (#1252)
* console now works on local builds of the server

1. local console assets can be served at /static/ by a build time flag
'local-console'. This can be set with stack as follows:
   `stack build --flag graphql-engine:local-console`
2. the --root-dir option is removed which was used as a temporary hack
for serving graphiql
3. remove server's graphiql source code
2018-12-21 13:21:02 +05:30
Rakesh Emmadi
d4e6ffcae8 revert back to older cli options parser type (#1231) 2018-12-19 17:08:33 +05:30
Rakesh Emmadi
b5bbb966f2 add consolePath in console.html template (#1222)
Server templates `consolePath` key in `window.__env` object in console html template.
If server is hit at `/console/table/author` then `window.__env` in served html looks like
```
{
   consoleMode: "server",
   urlPrefix: "/console",
   consolePath: "/console/table/author",
   isAccessKeySet: true
}
```
2018-12-18 15:09:01 +05:30
Rakesh Emmadi
3026c49087 apply update permissions for upsert mutations (#628) 2018-12-15 21:40:29 +05:30
Rakesh Emmadi
708a29fc89 refactor server cli code, add more cli options & version command (closes #51, #144, #1090, #1195) (#1200) 2018-12-14 08:51:41 +05:30
Vamshi Surabhi
ec8b2c80b5
refactor to remove warnings especially with orphan instances (#1163)
* remove phase one/two distinction and hdbquery typeclass

* move extensions to default-extensions

* switch to LazyTx which only acquires a connection if needed

* move defns from TH module into Ops module

* remove tojson orphan instance for http exception

* remove orphan instance for dmlp1

* getTopLevelNodes will not throw any exceptions
2018-12-13 12:56:15 +05:30
Rakesh Emmadi
3ea20bc4d7 allow authentication webhook with POST (close #1138) (#1147) 2018-12-03 16:49:08 +05:30
Anon Ray
512ee6fb9f adds basic support for remote schemas/schema stitching (#952) 2018-11-23 18:32:46 +05:30
Vamshi Surabhi
47dcae1614
fix sql generation for boolean expressions, closes #853 (#1037)
When using self referential relationships in boolean expressions, the exists clause incorrectly uses the table names to qualify columns which will be the same for parent table and the child table. This is now fixed by generating unique aliases as we traverse down the relationships.
2018-11-16 18:10:23 +05:30
Rakesh Emmadi
1539d6b5a6 server port can be set with HASURA_GRAPHQL_SERVER_PORT env variable, closes #1033 (#1038) 2018-11-15 10:25:39 +05:30
Rakesh Emmadi
9af591e2cb remove x-hasura-access-key header from logs (fix #1016) (#1017) 2018-11-13 14:05:44 +05:30
Rakesh Emmadi
0e9d6994ac refactor nested insert mutation and fix returning (fix #844) (#852)
* improved nested insert execution logic

* integrate error path, improve executing 'withExp' and improve tests

* add more readable types in '/Resolve/Insert.hs'

* set conflict context just before executing WITH expression
2018-11-02 19:31:01 +05:30
Vamshi Surabhi
58582be644
fix parsing webhook response, closes #890 (#894) 2018-10-28 22:01:24 +05:30
Vamshi Surabhi
8b0082eac1
clean up user variables parsing logic and fix explain api (#869) 2018-10-26 21:27:22 +05:30
Rakesh Emmadi
f6ed169219 allow ordering using columns from object relationships (closes #463) (#672)
* allow ordering using columns from object relationships, close #463

* validate table fields in nested insert

* add tests

* add docs

* change 'table_order_by' type from enums to ordered map

* remove unwanted code from 'Schema.hs' file

* 'AnnGObject' is not list of field name and value tuple

* update docs for new order_by type

* use 'InsOrdHashMap' for 'AnnGObj'

* handle empty fields in order_by

* remove '_' prefixes for asc/desc

* fix the changed order_by syntax across the repo
2018-10-26 17:27:33 +05:30
Rakesh Emmadi
10d8529d28 allow unauthorized role in accesskey and JWT modes (closes #595) (#856) 2018-10-25 23:46:25 +05:30
Vamshi Surabhi
199531cbd9
http and websocket logs now correctly have user information, closes #849 (#850) 2018-10-25 15:07:57 +05:30
Vamshi Surabhi
ab9692da4d
set all session data in a single paramater, 'hasura.user' (closes #825) 2018-10-24 16:09:47 +05:30
Vamshi Surabhi
ac537330d0 explain a graphql query, similar to explain of an sql statement (close #562) (#805) 2018-10-19 07:45:28 +05:30
Rakesh Emmadi
37e848ccca fix input object validation logic (fix #693) (#711) 2018-10-12 16:06:47 +05:30
Rakesh Emmadi
fc7ea9213c fix non-admin insert returns null column values when query affects zero rows in postgres (fix #563) (#565)
Insert trigger function: If query affects no rows then return `null`

Insert trigger function is modified to have 
 `IF r IS NULL THEN RETURN null; ELSE RETURN r; END IF;` in return statement.
2018-09-29 11:12:47 +05:30
Anon Ray
1a0af29920 remove 's' unit from query_execution_time in logs (close #509) (#553)
Removes the seconds unit (trailing `s`) from `query_execution_time` in logs.

- [x] Server

It was a string before, changed to double.

- [x] Bug fix (non-breaking change which fixes an issue)

Docs should mention the type/unit of `query_execution_time` is numeric/double.
2018-09-27 18:02:21 +05:30
Anon Ray
75090d51b9 jwt config now takes a jwk url (close #465) (#527)
JWT config now takes an optional jwk_url parameter (which points to published JWK Set). This is useful for providers who rotate their JWK Set.

Optional jwk_url parameter is taken. The published JWK set under that URL should be in standard JWK format (tools.ietf.org/html/rfc7517#section-4.8).

If the response contains an Expires header, the JWK set is automatically refreshed.
2018-09-27 16:52:49 +05:30
Rakesh Emmadi
e6c5aa5b43 indicate access key is set in the console context (close #426) (#447) 2018-09-14 18:57:46 +05:30
Anon Ray
af6121f83d jwt claims check should be case-insensitive (fix #435) (#438) 2018-09-13 18:34:50 +05:30
Shahidh K Muhammed
be20a11d37
update checks on ci systems (close #319) (#383) 2018-09-12 16:33:36 +05:30
Anon Ray
a5930edd8a uri-decode database uri strings (fix #372) (#424) 2018-09-12 11:49:08 +05:30
Tirumarai Selvan
e905535beb implement api to deliver a particular event (close #371) (#373) 2018-09-07 17:21:01 +05:30
Anon Ray
f726bb549d add custom namespace in jwt claims (close #350) (#364) 2018-09-07 11:30:50 +05:30
Karthik Venkateswaran
e3102dfd5e ui buttons to export and import metadata, reload metadata api (close #293) (#323) 2018-09-05 20:55:30 +05:30
Tirumarai Selvan
82e09efce6 add event triggers (#329) 2018-09-05 16:56:46 +05:30
Rakesh Emmadi
0a3f68a6eb allow selectively updating columns on a conflict during insert (fix #342)
* fix primary key changing on upsert, fix #342

* add 'update_columns' in 'on_conflict' object, consider 'allowUpsert'

* 'ConflictCtx' type should respect upsert cases

* validation for not null fields in an object
2018-09-04 19:09:48 +05:30
Anon Ray
b2f88ff28a add support for jwt authorization (close #186) (#255)
The API:
1. HGE has `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var. The value of which is a JSON.

2. The structure of this JSON is: `{"type": "<standard-JWT-algorithms>", "key": "<the-key>"}`
`type` : Standard JWT algos : `HS256`, `RS256`, `RS512` etc. (see jwt.io).
`key`:
  i. Incase of symmetric key, the key as it is.
  ii. Incase of asymmetric keys, only the public key, in a PEM encoded string or as a X509 certificate.

3. The claims in the JWT token must contain the following:
  i. `x-hasura-default-role` field: default role of that user
  ii. `x-hasura-allowed-roles` : A list of allowed roles for the user. The default role is overriden by `x-hasura-role` header.

4. The claims in the JWT token,  can have other `x-hasura-*` fields where their values can only be strings.

5. The JWT tokens are sent as `Authorization: Bearer <token>` headers.

---
To test:
1. Generate a shared secret (for HMAC-SHA256) or RSA key pair.
2. Goto https://jwt.io/ , add the keys
3. Edit the claims to have `x-hasura-role` (mandatory) and other `x-hasura-*` fields. Add permissions related to the claims to test permissions.
4. Start HGE with `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var, which takes a JSON string: `{"type": "HS256", "key": "mylongsharedsecret"}` or `{"type":"RS256", "key": "<PEM-encoded-public-key>"}`
5. Copy the JWT token from jwt.io and use it in the `Authorization: Bearer <token>` header.

---
TODO: Support EC public keys. It is blocked on frasertweedale/hs-jose#61
2018-08-30 16:02:09 +05:30
Rakesh Emmadi
75e4400bc5 add req_user_id as alias to x-hasura-user-id (fix #317) (#320) 2018-08-29 11:17:13 +05:30
Vamshi Surabhi
c901767cd1
update packages (#251)
* move to stackage 12.4

* upgrade pg-client

* docker build improvements
2018-08-08 13:10:13 +05:30
Vamshi Surabhi
dcde969d66 ignore certain headers from the request when calling the webhook (close #260) (#261) 2018-08-06 19:36:48 +05:30
Rakesh Emmadi
8ef2692eb7 improve logs on webhook errors (closes #238, #242) (#243)
* logging for webhook IO exceptions, fix log request for errors, fix #238

* log status code and response in case of any error for webhook
2018-08-03 14:13:35 +05:30
Anon Ray
62b7b800c5 check for updates every 24 hrs in background (fix #204) (#209) 2018-07-27 15:04:50 +05:30
Vamshi Surabhi
e3f960da96 initial support for livequeries (#176)
fix #59
2018-07-20 12:52:46 +05:30
Rakesh Emmadi
5efa366b49 add 'on_conflict' argument to insert mutation (closes #105)
* add 'on_conflict' condition to allow upsert mutation, closes #105

* check for empty unique or primary key constraints

* add 'on_conflict' condition test cases and introspection test case

* update 'conflict_action' enum values' description
2018-07-17 18:53:23 +05:30
Rakesh Emmadi
4a76c7e89e server: throw 401 exception for accesskey mismatch/notfound, fix #67 (#71)
return 401 when access key does not match or is not found, closes #67
2018-07-11 11:07:53 +05:30
Rakesh Emmadi
38c91e2b9e catch and log http exceptions from auth webhook, closes #28 2018-07-09 11:34:41 +05:30
Rakesh Emmadi
b9ff99329a server: process headers only for known urls, fixes #46 2018-07-06 10:46:42 +05:30
Rakesh Emmadi
e834bc51a6 server: try environment variables if flags are missing, closes #45 2018-07-06 10:43:46 +05:30
Rakesh Emmadi
b9dd3b2ab2 server: close #34 render console assets version as v[maj.min] (#39) 2018-07-04 18:15:34 +05:30
Rakesh Emmadi
400a0e3f16 server: add v1/version api, fix #34 (#37) 2018-07-03 21:04:25 +05:30
Rakesh Emmadi
128ed2388b server: console is served at /console Closes #16 (#22) 2018-06-29 16:35:09 +05:30
Rakesh Emmadi
f625882199 [server] allow only one of db url or conn params. Closes #5 (#11) 2018-06-28 16:19:40 +05:30
Vamshi Surabhi
530027cf20 move raven into graphql-engine repo 2018-06-28 00:32:00 +05:30