Commit Graph

1408 Commits

Author SHA1 Message Date
Anon Ray
b2f88ff28a add support for jwt authorization (close #186) (#255)
The API:
1. HGE has `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var. The value of which is a JSON.

2. The structure of this JSON is: `{"type": "<standard-JWT-algorithms>", "key": "<the-key>"}`
`type` : Standard JWT algos : `HS256`, `RS256`, `RS512` etc. (see jwt.io).
`key`:
  i. Incase of symmetric key, the key as it is.
  ii. Incase of asymmetric keys, only the public key, in a PEM encoded string or as a X509 certificate.

3. The claims in the JWT token must contain the following:
  i. `x-hasura-default-role` field: default role of that user
  ii. `x-hasura-allowed-roles` : A list of allowed roles for the user. The default role is overriden by `x-hasura-role` header.

4. The claims in the JWT token,  can have other `x-hasura-*` fields where their values can only be strings.

5. The JWT tokens are sent as `Authorization: Bearer <token>` headers.

---
To test:
1. Generate a shared secret (for HMAC-SHA256) or RSA key pair.
2. Goto https://jwt.io/ , add the keys
3. Edit the claims to have `x-hasura-role` (mandatory) and other `x-hasura-*` fields. Add permissions related to the claims to test permissions.
4. Start HGE with `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var, which takes a JSON string: `{"type": "HS256", "key": "mylongsharedsecret"}` or `{"type":"RS256", "key": "<PEM-encoded-public-key>"}`
5. Copy the JWT token from jwt.io and use it in the `Authorization: Bearer <token>` header.

---
TODO: Support EC public keys. It is blocked on frasertweedale/hs-jose#61
2018-08-30 16:02:09 +05:30
Rakesh Emmadi
daf01c2b9d mutation return type and query type are same (close #315) (#324) 2018-08-30 15:19:21 +05:30
Rakesh Emmadi
f72d8de87a fix insert fails for non-admin roles on v1/query (fix #327) (#328)
* fix insert fails for non-admin roles on v1/query, fix #327

* add test case for user role upsert usint constraint name
2018-08-29 19:11:33 +05:30
Rakesh Emmadi
75e4400bc5 add req_user_id as alias to x-hasura-user-id (fix #317) (#320) 2018-08-29 11:17:13 +05:30
Praveen Durairaj
798efdd1c0 add links to share and help (#303) 2018-08-27 19:55:34 +05:30
Rakesh Emmadi
efc9fc7ba9 simpler root level select fields using primary keys (fix #304) (#306)
* select fields by primary key col values as argument values, fix #304

* change field name 'table_by_pkey' to 'table_by_pk'
2018-08-27 19:47:03 +05:30
Rakesh Emmadi
0f13f72bfe do not allow creating permissions for admin role, fix #310 (#312) 2018-08-27 17:20:18 +05:30
Praveen Durairaj
c645fc5c46 permissions ui/ux improvements (close #205) (#295)
- Delete role(s)
- Apply same type of permission to multiple roles

Closes #205
2018-08-22 13:55:48 +05:30
Rakesh Emmadi
a0574307c3 set header variables in subscription transaction, fix #297 (#299) 2018-08-22 13:53:53 +05:30
Aravind Shankar
396a2ccf8d change hasuradb url format, export some migrate functions (#294)
* fix migrate to use headers in query params

* export executeMigrations and PrintStatus
2018-08-22 00:07:47 +05:30
Rakesh Emmadi
e3b56ac368 fix upsert queries to work on non admin roles (fix #239) (#291) 2018-08-17 20:14:43 +05:30
Shahidh K Muhammed
0e22c1fa61
update newsletter link 2018-08-16 11:57:24 +05:30
Aswin M Prabhu
b47172974f ignore case when comparing header names to detect access key (fix #286) (#287) 2018-08-15 14:17:18 +05:30
Rishichandra Wawhal
6ba9c759e6 import queries into graphiql from url in query params (#283)
If there are a bunch of queries at a file path, say: `https://raw.githubusercontent.com/wawhal/test-repo/master/queries.graphql`, you can template GraphiQL with those queries by passing the URL in query params.

For example: if the console is running at `https://wofoo.herokuapp.com/console`, to template the queries, the URL would be: `https://wofoo.herokuapp.com/console?query_file=https://raw.githubusercontent.com/wawhal/test-repo/master/queries.graphql`
2018-08-14 15:35:57 +05:30
Shahidh K Muhammed
0ea2ab45f8
add default cmd to dockerfile (close #228) (#281) 2018-08-13 15:58:22 +05:30
Praveen Durairaj
f3d22cbbb3 export console as npm module (#279) 2018-08-13 14:38:17 +05:30
Rakesh Emmadi
0797407dbf respect the nullability of columns in generated schema (fix #256) (#276) 2018-08-10 18:14:44 +05:30
Rakesh Emmadi
adf973dee5 better error code when insertion check constraint fails (fix #257) (#267) 2018-08-10 17:35:07 +05:30
Vamshi Surabhi
c901767cd1
update packages (#251)
* move to stackage 12.4

* upgrade pg-client

* docker build improvements
2018-08-08 13:10:13 +05:30
Rakesh Emmadi
cffa808d19 returning returns [] when mutations affect no rows (fix #265) (#269)
* fix returning returns null, fix #265

* add a test case for delete mutation with returning
2018-08-08 12:31:49 +05:30
Rikin Kachhia
816b480df3 handle legacy operators in permissions builder (fix #268) (#270) 2018-08-08 11:41:00 +05:30
Rakesh Emmadi
8ecb80d2da accept null values for input values, closes #252 (#266) 2018-08-07 16:13:42 +05:30
Shahidh K Muhammed
887b7ca835
add realtime indicators to readme (#262) 2018-08-06 19:37:03 +05:30
Vamshi Surabhi
dcde969d66 ignore certain headers from the request when calling the webhook (close #260) (#261) 2018-08-06 19:36:48 +05:30
Rakesh Emmadi
9c55490e98 add limit in select permission which overrides limit in query (close #178) (#237) 2018-08-06 17:45:08 +05:30
Shahidh K Muhammed
0ed3ff6418
remove manifests directory from init (close #254) (#258) 2018-08-06 17:03:17 +05:30
Praveen Durairaj
60f15c654b create table, modify table ui alignment fix (#249) 2018-08-03 16:16:42 +05:30
Rakesh Emmadi
c94640a377 don't allow creating relationships from/to a table that isn't tracked (fix #185) (#229)
* don't allow fkey based relations from/to a table that isn't tracked, fix #185

Check if remote table exist in metadata when creating foreign-key
based object relationship.

* add tests for adding object relation using fkey if remote table is untracked
2018-08-03 15:04:37 +05:30
Rakesh Emmadi
8ef2692eb7 improve logs on webhook errors (closes #238, #242) (#243)
* logging for webhook IO exceptions, fix log request for errors, fix #238

* log status code and response in case of any error for webhook
2018-08-03 14:13:35 +05:30
Praveen Durairaj
40602fcc6e add url prefix for console add table redirect (fix #245) (#247) 2018-08-03 12:41:29 +05:30
Praveen Durairaj
6340a5074a show graphql-engine version on console (close #184) (#230) 2018-07-31 12:06:20 +05:30
Praveen Durairaj
2e58483af3 modify comments for tables/columns and views (#220)
* console: modify comments for tables/columns

* console: fix bugs, css

* console: update package.json

* console: fix comment
2018-07-30 19:09:18 +05:30
Rakesh Emmadi
a0590598e5 filter schema identifiers to conform to graphql naming scheme (close #134) (#211)
* filter schema identifiers to conform to graphql naming scheme,closes #134

Filter out tables, columns, relationships etc which does not conform to
graphql naming scheme.
This ensures GraphiQL initialisation works properly for existing
databases.

* rename `isGraphQLConform` to `isValidName`

* rename all graphQL validators
2018-07-27 15:20:12 +05:30
Anon Ray
62b7b800c5 check for updates every 24 hrs in background (fix #204) (#209) 2018-07-27 15:04:50 +05:30
Praveen Durairaj
70d7c7deb1 add version update checker (#215) 2018-07-26 17:10:32 +05:30
Anon Ray
c747971f2d server tests now run across supported postgres versions >= 9.5 (fix #154) (#199) 2018-07-26 11:17:21 +05:30
Aswin M Prabhu
94b309d69a remove legacy react lifecycle methods (fix #99) (#208)
* remove legacy react lifecycle methods (#99)
2018-07-25 20:40:54 +05:30
Aswin M Prabhu
7feb82ed98 add test for subscriptions, improve coverage (fix #191) 2018-07-25 12:14:27 +05:30
Aswin M Prabhu
a127b5ae59 show access key as password on the console (fix #98) (#203) 2018-07-24 17:29:53 +05:30
Rishichandra Wawhal
9b61964b71 retry websocket connection on failure (fix #198) (#200) 2018-07-24 15:22:47 +05:30
Rakesh Emmadi
ad31f02b51 add ca certificates to packager (fix #195) (#197) 2018-07-24 13:17:09 +05:30
Aravind Shankar
aef56ba196 configure git while updating manifests repo (#190) 2018-07-24 09:35:32 +05:30
Cosmin Radoi
453f7d8b7f refactor: convert function expression to arrow function (#181)
Just a few cases of converting a traditional function to ES6 arrow functions. Pure refactoring.
2018-07-23 11:59:56 +05:30
Shahidh K Muhammed
9081a27259
open secure websockets if console and endpoint are both on https (fix 182) (#183) 2018-07-21 05:18:57 +05:30
Shahidh
0b15987db9
ciignore: always pass checks for tags 2018-07-21 01:38:16 +05:30
Shahidh
80db149cbd
fix typo in godoc link 2018-07-21 00:37:40 +05:30
Shahidh
7980012e1d
update md files 2018-07-21 00:35:51 +05:30
Shahidh K Muhammed
dec39a10ba
create statically linked binaries for cli (close #175) (#179)
[skip ci]
2018-07-20 16:30:25 +05:30
Rakesh Emmadi
27e2d647bb add _inc and jsonb operators to update_mutation (close #159) (#169) 2018-07-20 16:21:20 +05:30
Aravind Shankar
75dbe35a21 create down migrations for actions from console (close #164) (#173) 2018-07-20 16:01:33 +05:30