Commit Graph

626 Commits

Author SHA1 Message Date
Rakesh Emmadi
e6c5aa5b43 indicate access key is set in the console context (close #426) (#447) 2018-09-14 18:57:46 +05:30
Anon Ray
af6121f83d jwt claims check should be case-insensitive (fix #435) (#438) 2018-09-13 18:34:50 +05:30
Shahidh K Muhammed
be20a11d37
update checks on ci systems (close #319) (#383) 2018-09-12 16:33:36 +05:30
Anon Ray
a5930edd8a uri-decode database uri strings (fix #372) (#424) 2018-09-12 11:49:08 +05:30
Tirumarai Selvan
e905535beb implement api to deliver a particular event (close #371) (#373) 2018-09-07 17:21:01 +05:30
Anon Ray
f726bb549d add custom namespace in jwt claims (close #350) (#364) 2018-09-07 11:30:50 +05:30
Karthik Venkateswaran
e3102dfd5e ui buttons to export and import metadata, reload metadata api (close #293) (#323) 2018-09-05 20:55:30 +05:30
Tirumarai Selvan
82e09efce6 add event triggers (#329) 2018-09-05 16:56:46 +05:30
Rakesh Emmadi
0a3f68a6eb allow selectively updating columns on a conflict during insert (fix #342)
* fix primary key changing on upsert, fix #342

* add 'update_columns' in 'on_conflict' object, consider 'allowUpsert'

* 'ConflictCtx' type should respect upsert cases

* validation for not null fields in an object
2018-09-04 19:09:48 +05:30
Anon Ray
b2f88ff28a add support for jwt authorization (close #186) (#255)
The API:
1. HGE has `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var. The value of which is a JSON.

2. The structure of this JSON is: `{"type": "<standard-JWT-algorithms>", "key": "<the-key>"}`
`type` : Standard JWT algos : `HS256`, `RS256`, `RS512` etc. (see jwt.io).
`key`:
  i. Incase of symmetric key, the key as it is.
  ii. Incase of asymmetric keys, only the public key, in a PEM encoded string or as a X509 certificate.

3. The claims in the JWT token must contain the following:
  i. `x-hasura-default-role` field: default role of that user
  ii. `x-hasura-allowed-roles` : A list of allowed roles for the user. The default role is overriden by `x-hasura-role` header.

4. The claims in the JWT token,  can have other `x-hasura-*` fields where their values can only be strings.

5. The JWT tokens are sent as `Authorization: Bearer <token>` headers.

---
To test:
1. Generate a shared secret (for HMAC-SHA256) or RSA key pair.
2. Goto https://jwt.io/ , add the keys
3. Edit the claims to have `x-hasura-role` (mandatory) and other `x-hasura-*` fields. Add permissions related to the claims to test permissions.
4. Start HGE with `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var, which takes a JSON string: `{"type": "HS256", "key": "mylongsharedsecret"}` or `{"type":"RS256", "key": "<PEM-encoded-public-key>"}`
5. Copy the JWT token from jwt.io and use it in the `Authorization: Bearer <token>` header.

---
TODO: Support EC public keys. It is blocked on frasertweedale/hs-jose#61
2018-08-30 16:02:09 +05:30
Rakesh Emmadi
75e4400bc5 add req_user_id as alias to x-hasura-user-id (fix #317) (#320) 2018-08-29 11:17:13 +05:30
Vamshi Surabhi
c901767cd1
update packages (#251)
* move to stackage 12.4

* upgrade pg-client

* docker build improvements
2018-08-08 13:10:13 +05:30
Vamshi Surabhi
dcde969d66 ignore certain headers from the request when calling the webhook (close #260) (#261) 2018-08-06 19:36:48 +05:30
Rakesh Emmadi
8ef2692eb7 improve logs on webhook errors (closes #238, #242) (#243)
* logging for webhook IO exceptions, fix log request for errors, fix #238

* log status code and response in case of any error for webhook
2018-08-03 14:13:35 +05:30
Anon Ray
62b7b800c5 check for updates every 24 hrs in background (fix #204) (#209) 2018-07-27 15:04:50 +05:30
Vamshi Surabhi
e3f960da96 initial support for livequeries (#176)
fix #59
2018-07-20 12:52:46 +05:30
Rakesh Emmadi
5efa366b49 add 'on_conflict' argument to insert mutation (closes #105)
* add 'on_conflict' condition to allow upsert mutation, closes #105

* check for empty unique or primary key constraints

* add 'on_conflict' condition test cases and introspection test case

* update 'conflict_action' enum values' description
2018-07-17 18:53:23 +05:30
Rakesh Emmadi
4a76c7e89e server: throw 401 exception for accesskey mismatch/notfound, fix #67 (#71)
return 401 when access key does not match or is not found, closes #67
2018-07-11 11:07:53 +05:30
Rakesh Emmadi
38c91e2b9e catch and log http exceptions from auth webhook, closes #28 2018-07-09 11:34:41 +05:30
Rakesh Emmadi
b9ff99329a server: process headers only for known urls, fixes #46 2018-07-06 10:46:42 +05:30
Rakesh Emmadi
e834bc51a6 server: try environment variables if flags are missing, closes #45 2018-07-06 10:43:46 +05:30
Rakesh Emmadi
b9dd3b2ab2 server: close #34 render console assets version as v[maj.min] (#39) 2018-07-04 18:15:34 +05:30
Rakesh Emmadi
400a0e3f16 server: add v1/version api, fix #34 (#37) 2018-07-03 21:04:25 +05:30
Rakesh Emmadi
128ed2388b server: console is served at /console Closes #16 (#22) 2018-06-29 16:35:09 +05:30
Rakesh Emmadi
f625882199 [server] allow only one of db url or conn params. Closes #5 (#11) 2018-06-28 16:19:40 +05:30
Vamshi Surabhi
530027cf20 move raven into graphql-engine repo 2018-06-28 00:32:00 +05:30