1
0
mirror of https://github.com/hasura/graphql-engine.git synced 2024-12-21 06:21:39 +03:00
Commit Graph

64 Commits

Author SHA1 Message Date
Vamshi Surabhi
ec8b2c80b5
refactor to remove warnings especially with orphan instances ()
* remove phase one/two distinction and hdbquery typeclass

* move extensions to default-extensions

* switch to LazyTx which only acquires a connection if needed

* move defns from TH module into Ops module

* remove tojson orphan instance for http exception

* remove orphan instance for dmlp1

* getTopLevelNodes will not throw any exceptions
2018-12-13 12:56:15 +05:30
Rakesh Emmadi
3ea20bc4d7 allow authentication webhook with POST (close ) () 2018-12-03 16:49:08 +05:30
Anon Ray
512ee6fb9f adds basic support for remote schemas/schema stitching () 2018-11-23 18:32:46 +05:30
Vamshi Surabhi
58582be644
fix parsing webhook response, closes () 2018-10-28 22:01:24 +05:30
Vamshi Surabhi
8b0082eac1
clean up user variables parsing logic and fix explain api () 2018-10-26 21:27:22 +05:30
Rakesh Emmadi
10d8529d28 allow unauthorized role in accesskey and JWT modes (closes ) () 2018-10-25 23:46:25 +05:30
Vamshi Surabhi
199531cbd9
http and websocket logs now correctly have user information, closes () 2018-10-25 15:07:57 +05:30
Vamshi Surabhi
ab9692da4d
set all session data in a single paramater, 'hasura.user' (closes ) 2018-10-24 16:09:47 +05:30
Anon Ray
75090d51b9 jwt config now takes a jwk url (close ) ()
JWT config now takes an optional jwk_url parameter (which points to published JWK Set). This is useful for providers who rotate their JWK Set.

Optional jwk_url parameter is taken. The published JWK set under that URL should be in standard JWK format (tools.ietf.org/html/rfc7517#section-4.8).

If the response contains an Expires header, the JWK set is automatically refreshed.
2018-09-27 16:52:49 +05:30
Anon Ray
b2f88ff28a add support for jwt authorization (close ) ()
The API:
1. HGE has `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var. The value of which is a JSON.

2. The structure of this JSON is: `{"type": "<standard-JWT-algorithms>", "key": "<the-key>"}`
`type` : Standard JWT algos : `HS256`, `RS256`, `RS512` etc. (see jwt.io).
`key`:
  i. Incase of symmetric key, the key as it is.
  ii. Incase of asymmetric keys, only the public key, in a PEM encoded string or as a X509 certificate.

3. The claims in the JWT token must contain the following:
  i. `x-hasura-default-role` field: default role of that user
  ii. `x-hasura-allowed-roles` : A list of allowed roles for the user. The default role is overriden by `x-hasura-role` header.

4. The claims in the JWT token,  can have other `x-hasura-*` fields where their values can only be strings.

5. The JWT tokens are sent as `Authorization: Bearer <token>` headers.

---
To test:
1. Generate a shared secret (for HMAC-SHA256) or RSA key pair.
2. Goto https://jwt.io/ , add the keys
3. Edit the claims to have `x-hasura-role` (mandatory) and other `x-hasura-*` fields. Add permissions related to the claims to test permissions.
4. Start HGE with `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var, which takes a JSON string: `{"type": "HS256", "key": "mylongsharedsecret"}` or `{"type":"RS256", "key": "<PEM-encoded-public-key>"}`
5. Copy the JWT token from jwt.io and use it in the `Authorization: Bearer <token>` header.

---
TODO: Support EC public keys. It is blocked on 
2018-08-30 16:02:09 +05:30
Vamshi Surabhi
dcde969d66 ignore certain headers from the request when calling the webhook (close ) () 2018-08-06 19:36:48 +05:30
Rakesh Emmadi
8ef2692eb7 improve logs on webhook errors (closes , ) ()
* logging for webhook IO exceptions, fix log request for errors, fix 

* log status code and response in case of any error for webhook
2018-08-03 14:13:35 +05:30
Anon Ray
62b7b800c5 check for updates every 24 hrs in background (fix ) () 2018-07-27 15:04:50 +05:30
Vamshi Surabhi
e3f960da96 initial support for livequeries ()
fix 
2018-07-20 12:52:46 +05:30