Commit Graph

282 Commits

Author SHA1 Message Date
Tirumarai Selvan
36781199d0 breaking: drop id from event_triggers table (fix #1840) (#1857) 2019-03-25 22:40:52 +05:30
Toan Nguyen
560c31f9fd add a json path argument to query values inside json columns (close #1598) (#1661) 2019-03-25 19:15:35 +05:30
Shahidh K Muhammed
b8700cce70
add spatial predicates for geography columns (close #1674) (#1735)
This PR adds support for PostGIS spatial predicates on geography columns. The predicates are _st_d_within and _st_intersects.
2019-03-25 17:59:52 +05:30
Vamshi Surabhi
d61c90f1b7
validate relationship definitions on startup (#1849) 2019-03-25 14:26:29 +05:30
Rakesh Emmadi
5bafdce9a3 fix delete mutation returning incorrect data (fix #1794) (fix #1763) (#1827)
From `alpha-40` we've been using a `WHERE` clause to fetch required rows and generate mutation response. This has a few limitations like the requirement of a primary key/unique constraint. This also returns inconsistent data on `delete` mutation as mentioned in #1794. 
Now, we're using `VALUES (..)` (refer [here](https://www.postgresql.org/docs/current/sql-values.html)) expression to form virtual table rows in `SQL` to generate mutation response.

Internal changes:-
- Not to use primary key/unique constraint columns:-
  - Revert back to `ConstraintName` from `TableConstraint` in `TableInfo` type
  - Remove `tcCols` field in `TableConstraint` type
  - Modify `table_info.sql` and `fetchTableMeta` function `SQL`
- A test case to perform `delete` mutation and returning relational objects.
2019-03-22 12:38:42 +05:30
Vamshi Surabhi
ac1749c764 add type, variable information to input value's ast (close #21) (#1809) 2019-03-20 12:01:49 +05:30
Tirumarai Selvan
8615c306ec add for update skip locked to fetch query (#1798) 2019-03-19 10:00:44 +05:30
Vamshi Surabhi
24dcefb142
use bytestring builder to represent encoded json (#1800) 2019-03-18 21:52:21 +05:30
Anon Ray
961f1af528 send error not connection_error on query validation errors (fix #1790) (#1792) 2019-03-17 17:30:54 +05:30
Vamshi Surabhi
c7346fd55a bump stackage to lts 13 and refer to hasura's pg-client-hs (#1747) 2019-03-14 20:25:33 +05:30
Rakesh Emmadi
e32f5a1fb1 sync metadata cache across multiple instances connected to same db (closes #1182) (#1574)
1. Haskel library `pg-client-hs` has been updated to expose a function that helps listen to `postgres` notifications over a `channel` in this [PR](https://github.com/hasura/pg-client-hs/pull/5)
2. The server records an event in a table `hdb_catalog.hdb_cache_update_event` whenever any `/v1/query` (that changes metadata) is requested. A trigger notifies a `cache update` event via `hasura_cache_update` channel
3. The server runs two concurrent threads namely `listener` and `processor`. The `listener` thread listens to events on `hasura_cache_update` channel and pushed into a `Queue`. The `processor` thread fetches events from that `Queue` and processes it. Thus server rebuilds schema cache from database and updates.
2019-03-12 11:16:27 +05:30
Rakesh Emmadi
5f274b5527 fix mutation returning when relationships are present (fix #1576) (#1703)
If returning field contains nested selections then mutation is performed in two steps
1. Mutation is performed with returning columns of any primary key and unique constraints
2. returning fields are queried on rows returned by selecting from table by filtering with column values returned in Step 1.

Since mutation takes two courses based on selecting relations in returning field, it is hard to maintain sequence of prepared arguments (PrepArg) generated while resolving returning field. So, we're using txtConverter instead of prepare to resolve mutation fields.
2019-03-07 15:54:07 +05:30
Vamshi Surabhi
98405fdc0c
allow x-hasura- req headers for jwt unauth role, closes #1686 (#1689) 2019-03-05 17:54:47 +05:30
Anon Ray
d9882fcb03 fix remote queries/mutations to work over websocket (fix #1619) (#1621) 2019-03-05 16:39:02 +05:30
Anon Ray
02d80c9ac6 read cookie while initialising websocket connection (fix #1660) (#1668)
* read cookie while initialising websocket connection (fix #1660)

* add tests for cookie on websocket init

* fix logic for tests

* enforce cors, and flag to force read cookie when cors disabled

  - as browsers don't enforce SOP on websockets, we enforce CORS policy
  on websocket handshake
  - if CORS is disabled, by default cookie is not read (because XSS
  risk!). Add special flag to force override this behaviour

* add log and forward origin header to webhook

  - add log notice when cors is disabled, and cookie is not read on
  websocket handshake
  - forward origin header to webhook in POST mode. So that when CORS is
  disabled, webhook can also enforce CORS independently.

* add docs, and forward all client headers to webhook
2019-03-04 13:16:53 +05:30
Vamshi Surabhi
f794653b69
update event triggers on rename operations (#1684) 2019-03-01 19:29:24 +05:30
Rakesh Emmadi
377290a058 breaking: correct (de)serialisation of postgres numeric types in json (fix #1523) (#1662) 2019-03-01 17:15:04 +05:30
Rakesh Emmadi
6c20ca8a55 allow renaming tables, columns and relationships (close #79) (#1542) 2019-03-01 14:47:22 +05:30
nizar-m
1fa66dc622 add option to disable metadata and graphql apis (close #1088) (#1650) 2019-02-28 19:23:03 +05:30
Shahidh K Muhammed
097bfb6bfa revert "forward response headers from remote servers (#1664)"
This reverts commit c19fe35f4e.
2019-02-28 17:20:56 +05:30
Anon Ray
c19fe35f4e forward response headers from remote servers (fix #1654) (#1664) 2019-02-28 17:15:07 +05:30
Rakesh Emmadi
c731fde1e3 enforce column presets of update permission with upserts (fix #1647) (#1653) 2019-02-23 16:06:42 +05:30
Tirumarai Selvan
7851015cb2 refactor event processing logic (#1639) 2019-02-22 17:55:36 +05:30
Rakesh Emmadi
0833d35088 generate scalar types for SQL function arguments (fix #1632) (#1633)
Also involved a refactor of the internals to localise the context needed for each field
2019-02-22 15:57:38 +05:30
nizar-m
f83a8e591f rename access-key to admin-secret (close #1347) (#1540)
Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret.

Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 15:07:47 +05:30
Tirumarai Selvan
51dd6157e1 remove wreq and set response timeout (close #1477) (#1501) 2019-02-14 13:07:59 +05:30
Anon Ray
199a24d050 add support for multiple domains in cors config (close #1436) (#1536)
Support for multiple domains (as CSV) in the `--cors-domain` flag and `HASURA_GRAPHQL_CORS_DOMAIN` env var.

Following are all valid configurations (must include scheme and optional port):
```shell
HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com:8080"
HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com, http://*.localhost, https://example.com"
HASURA_GRAPHQL_CORS_DOMAIN="*"
HASURA_GRAPHQL_CORS_DOMAIN="http://example.com, http://*.localhost, http://localhost:3000, https://*.foo.bar.com, https://foo.bar.com"
```

**Note**: top-level domains are not considered as part of wildcard domains. You have to add them separately. E.g - `https://*.foo.com` doesn't include `https://foo.com`.

The default (if the flag or env var is not specified) is `*`. Which means CORS headers are sent for all domains.
2019-02-14 11:28:38 +05:30
Rakesh Emmadi
2054bdc44e do not allow overloading already tracked functions (#1563) 2019-02-14 09:35:18 +05:30
Rakesh Emmadi
cba732d439 support column presets in update mutation (closes #1449, closes #1464) (#1473)
Also restricts altering type of columns which are used in presets
2019-02-11 18:15:30 +05:30
Tirumarai Selvan
9a6fa7fafc add delivery info to event payload (close #1476) (#1517)
Adds the following to the event payload:
```
    "delivery_info": {
        "max_retries": 0,
        "current_retry": 0
    }
```
2019-02-07 18:07:28 +05:30
Anon Ray
4f6462e98f add config for stringified hasura claims in JWT (fix #1176) (#1538) 2019-02-05 17:34:16 +05:30
Rakesh Emmadi
96f8b05326 don't allow altering tracked SQL functions type to VOLATILE (fix #1546) (#1547) 2019-02-05 11:27:03 +05:30
nizar-m
68da491d9d Improve error message when no operation specs are provided during event trigger creation (close #998) (#1541) 2019-02-01 15:07:38 +05:30
Rakesh Emmadi
4ef50d95c7 hdb_views should always be cleared before building schema cache (#1513) 2019-01-29 15:39:58 +05:30
Rakesh Emmadi
3caff9b924 support jsonb and postgis operators in permissions (#1461)
* support jsonb and geometry operators on RQL bool exps, close #1408

* add tests for jsonb operators in /v1/query

TODO:-
-> add tests for geometry (postgis) operators

* support parsing session variables for st_d_within and has_key ops

-> Add tests for boolExp operators and select permissions

* improve parsing $st_d_within op's json value logic
2019-01-28 23:16:31 +05:30
Anon Ray
4ae44f7b5d add functions to server telemetry (#1500) 2019-01-28 22:16:44 +05:30
nizar-m
32387ba964 support union and interface types in remote schema (close #1276) (#1361) 2019-01-28 22:15:10 +05:30
Anon Ray
39bc3acffd fix conversion when merging remote schema scalars with hasura (fix #1244) (#1497) 2019-01-28 21:01:37 +05:30
Shahidh K Muhammed
11e7c3f9d6 add anonymous telemetry (#1401) 2019-01-28 19:25:28 +05:30
nizar-m
8e3b8f51c9 Support default values (in inputvalue) from the remote schema (close #1491) (#1493) 2019-01-28 18:08:38 +05:30
Rakesh Emmadi
fc73d4d30a handle the absence of any update operators, fix #1448 (#1475) 2019-01-28 12:54:24 +05:30
Tirumarai Selvan
e590144d02 send session variables in event trigger payload (close #1328) (#1458) 2019-01-28 11:42:52 +05:30
Rakesh Emmadi
0bf2457e23 allow exposing postgres functions through GraphQL interface (close #333) (#1073) 2019-01-25 09:01:54 +05:30
Rakesh Emmadi
ae63ed9603 simplify SQL generated for _eq and _neq operators in GraphQL API (#1466) 2019-01-25 00:04:44 +05:30
Vamshi Surabhi
5514b40de2
dependencies of object relationship now includes remote table, closes #1441 (#1442) 2019-01-24 18:56:13 +05:30
nizar-m
916caf1575 add flag to disable prepared statements (close #1392) (#1396) 2019-01-18 19:50:41 +05:30
Rakesh Emmadi
d91d7e658a optimise 'run_sql' query, closes #1362 (#1406) 2019-01-18 16:15:59 +05:30
Rakesh Emmadi
7ff1c8829a add PostGIS operators in boolean expressions (closes #1051) (#1372) 2019-01-17 11:51:38 +05:30
Nathan Stitt
1b9540f996 allow specifying network interface with "server-host" option (#1280)
* allow specifying network interface with "server-host" option

* store host value as a HostPreference

* document server-host options
2019-01-11 16:37:13 +05:30
Rakesh Emmadi
1008c08420 accept null and empty values for relationships during insert, closes #1352 2019-01-11 12:52:58 +05:30
Rakesh Emmadi
41e487d203 fix auth hook mode env var (fix #1270) (#1285)
Support HASURA_GRAPHQL_AUTH_HOOK_MODE env var for --auth-hook-mode flag.
Drop support for HASURA_GRAPHQL_AUTH_HOOK_TYPE env var in next major
update (beta/stable)
2019-01-04 12:12:36 +05:30
Vamshi Surabhi
380fdad468 update constraint enum types when a new constraint is added (#1287)
* update metadata when constraints on a table are altered, fix #240

* capture only unique or primary constraints in tableinfo
2019-01-03 09:28:12 +05:30
Rakesh Emmadi
4d9d1505dd improve startup logging, close #1236 (#1258) 2019-01-02 16:54:17 +05:30
Vamshi Surabhi
be1d9414f8
diff's query should account for table having no columns (#1256) 2018-12-21 15:24:22 +05:30
Vamshi Surabhi
ea4d2644e8
local console during development (#1252)
* console now works on local builds of the server

1. local console assets can be served at /static/ by a build time flag
'local-console'. This can be set with stack as follows:
   `stack build --flag graphql-engine:local-console`
2. the --root-dir option is removed which was used as a temporary hack
for serving graphiql
3. remove server's graphiql source code
2018-12-21 13:21:02 +05:30
Rakesh Emmadi
63acd0e7b2 generate aggregate order by types only if relevant columns are present, closes #1243 (#1248) 2018-12-20 19:31:54 +05:30
Rakesh Emmadi
d4e6ffcae8 revert back to older cli options parser type (#1231) 2018-12-19 17:08:33 +05:30
Vamshi Surabhi
c28fbd3f98
faster retrieval of table information from postgres (#1235) 2018-12-19 16:11:06 +05:30
Vamshi Surabhi
8feff0daca
clear event_triggers when clear_metadata is called, closes #1232 (#1233) 2018-12-19 12:04:27 +05:30
Rakesh Emmadi
b5bbb966f2 add consolePath in console.html template (#1222)
Server templates `consolePath` key in `window.__env` object in console html template.
If server is hit at `/console/table/author` then `window.__env` in served html looks like
```
{
   consoleMode: "server",
   urlPrefix: "/console",
   consolePath: "/console/table/author",
   isAccessKeySet: true
}
```
2018-12-18 15:09:01 +05:30
Rakesh Emmadi
3026c49087 apply update permissions for upsert mutations (#628) 2018-12-15 21:40:29 +05:30
Tirumarai Selvan
6de17b303f drop trigger functions on updating event triggers (#1214) 2018-12-15 10:35:29 +05:30
Rakesh Emmadi
708a29fc89 refactor server cli code, add more cli options & version command (closes #51, #144, #1090, #1195) (#1200) 2018-12-14 08:51:41 +05:30
Vamshi Surabhi
ec8b2c80b5
refactor to remove warnings especially with orphan instances (#1163)
* remove phase one/two distinction and hdbquery typeclass

* move extensions to default-extensions

* switch to LazyTx which only acquires a connection if needed

* move defns from TH module into Ops module

* remove tojson orphan instance for http exception

* remove orphan instance for dmlp1

* getTopLevelNodes will not throw any exceptions
2018-12-13 12:56:15 +05:30
Rakesh Emmadi
ff6c95c2f8 allow ordering with aggregated fields (close #1039) (#1042) 2018-12-12 18:28:39 +05:30
Anon Ray
77cbf12bb7 merge types with same structure in remote schema (closes #1112, #1135) (#1145) 2018-12-12 17:31:18 +05:30
Rakesh Emmadi
9fbd407374 parse graphql input objects and arrays as scalar values (close #1132) (#1137) 2018-12-04 19:51:58 +05:30
Rakesh Emmadi
29ba490296 conform to graphql subscription and error spec (close #1056, close #1059) (#1126) 2018-12-04 19:07:38 +05:30
Rakesh Emmadi
3ea20bc4d7 allow authentication webhook with POST (close #1138) (#1147) 2018-12-03 16:49:08 +05:30
Rakesh Emmadi
1e896a9c42 handle null values for input arguments, fix #1113 (#1123) 2018-11-27 17:54:51 +05:30
Anon Ray
0d14c13f98 metadata should be backwards compatible for remote schemas (fix #1120) (#1121) 2018-11-27 16:56:10 +05:30
Rakesh Emmadi
8df23ad6c9 use postgres IN experssion for _in operator (fix #1109) (#1111) 2018-11-26 15:39:55 +05:30
Anon Ray
512ee6fb9f adds basic support for remote schemas/schema stitching (#952) 2018-11-23 18:32:46 +05:30
Rakesh Emmadi
58fe579497 support Postgres's DISTINCT ON (close #1040) (#1099) 2018-11-23 07:23:56 +05:30
Dimitrios Mavrommatis
ef6e53a407 change descending ordering to nulls first (fix #1008) (#1009) 2018-11-22 10:28:18 +05:30
Rakesh Emmadi
030f094de9 handle empty array for _in and _nin operators, fix #1075 (#1076) 2018-11-21 12:28:29 +05:30
Vamshi Surabhi
47dcae1614
fix sql generation for boolean expressions, closes #853 (#1037)
When using self referential relationships in boolean expressions, the exists clause incorrectly uses the table names to qualify columns which will be the same for parent table and the child table. This is now fixed by generating unique aliases as we traverse down the relationships.
2018-11-16 18:10:23 +05:30
Rakesh Emmadi
1539d6b5a6 server port can be set with HASURA_GRAPHQL_SERVER_PORT env variable, closes #1033 (#1038) 2018-11-15 10:25:39 +05:30
Rakesh Emmadi
b719e82e89 add statistical aggregate operations and count on columns (close #1028) (#1029) 2018-11-14 18:29:59 +05:30
Tirumarai Selvan
317efb81f1 event triggers: take webhook url from env (close #966) (#968) 2018-11-14 12:43:01 +05:30
Rakesh Emmadi
9af591e2cb remove x-hasura-access-key header from logs (fix #1016) (#1017) 2018-11-13 14:05:44 +05:30
Tirumarai Selvan
d4d31838cb quote function and trigger names, allow hyphen in trigger name (#1012) 2018-11-13 11:28:55 +05:30
Rakesh Emmadi
8c1700e76f improve SQL generation for '_in' operation (close #1013) (#1014) 2018-11-12 18:57:47 +05:30
Rakesh Emmadi
80de0e019a do not generate prefix for column identifiers in agg select, fix #1004 (#1005) 2018-11-12 12:58:46 +05:30
Rakesh Emmadi
999580481c allow specifying a list of columns that can be inserted (close #250) (#917) 2018-11-02 20:38:38 +05:30
Rakesh Emmadi
0e9d6994ac refactor nested insert mutation and fix returning (fix #844) (#852)
* improved nested insert execution logic

* integrate error path, improve executing 'withExp' and improve tests

* add more readable types in '/Resolve/Insert.hs'

* set conflict context just before executing WITH expression
2018-11-02 19:31:01 +05:30
Rakesh Emmadi
1a91399298 extract session variables from relational bool expression (fix #960) (#961) 2018-11-02 15:06:33 +05:30
Rakesh Emmadi
0803738df1 refactor select query generation (#941) 2018-10-31 18:21:20 +05:30
Tirumarai Selvan
c5c2ed2389 give precedence to retry-after header over retry conf (#954) 2018-10-31 17:22:41 +05:30
Tirumarai Selvan
b40807c9ec change type of fetch interval to milliseconds (#939) 2018-10-30 20:50:18 +05:30
Vamshi Surabhi
58582be644
fix parsing webhook response, closes #890 (#894) 2018-10-28 22:01:24 +05:30
Tirumarai Selvan
baf7c493bc respect retry-after header on event trigger response (#525) 2018-10-26 21:58:03 +05:30
Vamshi Surabhi
8b0082eac1
clean up user variables parsing logic and fix explain api (#869) 2018-10-26 21:27:22 +05:30
Rakesh Emmadi
fb842fde6f optional 'set' field in insert permissions, closes #216 (#622) 2018-10-26 20:28:20 +05:30
Rakesh Emmadi
f6ed169219 allow ordering using columns from object relationships (closes #463) (#672)
* allow ordering using columns from object relationships, close #463

* validate table fields in nested insert

* add tests

* add docs

* change 'table_order_by' type from enums to ordered map

* remove unwanted code from 'Schema.hs' file

* 'AnnGObject' is not list of field name and value tuple

* update docs for new order_by type

* use 'InsOrdHashMap' for 'AnnGObj'

* handle empty fields in order_by

* remove '_' prefixes for asc/desc

* fix the changed order_by syntax across the repo
2018-10-26 17:27:33 +05:30
Rakesh Emmadi
a8cee16ab5 support aggregations (closes #786) (#787)
* support for count and aggregations on columns, close #786

* support explain query for aggregations

* '<arr-rel>_agg' in '<table>' type, fix order by for aggregations

* add 'allow_aggregations' key in select permissions

* Add checkbox to toggle count and aggregations on columns on select permission

* align aggregation checkbox with columns div

* improve readability of the generated sql

* alias is needed at the top level aggregation

* throw internal errors for unexpected fields

* rename SelFld to more readable TableAggFld

* rename agg to aggregate
2018-10-26 14:32:43 +05:30
Rakesh Emmadi
10d8529d28 allow unauthorized role in accesskey and JWT modes (closes #595) (#856) 2018-10-25 23:46:25 +05:30
Vamshi Surabhi
199531cbd9
http and websocket logs now correctly have user information, closes #849 (#850) 2018-10-25 15:07:57 +05:30
Tirumarai Selvan
810b440089 trigger webhooks on column level changes instead of row (close #547, close #680) (#550) 2018-10-25 12:52:51 +05:30
Vamshi Surabhi
ab9692da4d
set all session data in a single paramater, 'hasura.user' (closes #825) 2018-10-24 16:09:47 +05:30
nizar-m
cd030068c2 GeoJSON: Fix MultiPolygon parse error (closes #840) 2018-10-24 13:51:37 +05:30
Vamshi Surabhi
ac537330d0 explain a graphql query, similar to explain of an sql statement (close #562) (#805) 2018-10-19 07:45:28 +05:30
Vamshi Surabhi
67168b3632 send 'completed' after an error when handling start in ws (close #671) (#776) 2018-10-16 17:19:24 +05:30
Rakesh Emmadi
45691e3509 for views consider only insertable ones in generating nested insert input objects (fix #773) (#774) 2018-10-16 15:55:41 +05:30
Rakesh Emmadi
49dd7bf98b allow mutations on views only if they are allowed by postgres (fix #232) (#339) 2018-10-12 17:36:12 +05:30
Rakesh Emmadi
37e848ccca fix input object validation logic (fix #693) (#711) 2018-10-12 16:06:47 +05:30
Vamshi Surabhi
ecf8c760ec workaround postgres default limit of 63 chars for identifiers (close #688) (#707) 2018-10-12 14:58:43 +05:30
Vamshi Surabhi
603461ad8f track connection_init error on each ws connection (close #682) (#683) 2018-10-09 15:51:05 +05:30
Rakesh Emmadi
d57be587b3 format schema name and table name as identifiers in event triggers (fix #639) (#644) 2018-10-09 12:09:20 +05:30
Rakesh Emmadi
00d5a5c1a3 insert mutations can now handle nested-data/relationsips (close #343) (#429) 2018-10-05 20:43:51 +05:30
Vamshi Surabhi
32ae105279 improved sql generation for select queries (closes #6, #121, #278) (#643)
Better SQL generation for select queries (the query plans will be the same but much more readable). This closes some long standing issues (#6, #121, #278).
2018-10-05 14:26:47 +05:30
Rakesh Emmadi
91376316f2 breaking: encode bigint and bigserial postgres types as strings in response (fix #633) (#640)
This is breaking change where bigint and bigserial Postgres types will be encoded as GraphQL String types, as opposed to Int as present in earlier releases.

Input types were already encoded as String.

This is achieved by selecting `bigint` and `bigserial` columns as `text`s in the SQL query: `select "big_id"::text ..` instead of `select "big_id" .. `.

Reason for that change is outlined in #633 where JavaScript cannot decode 64 bit Integers.
2018-10-05 10:46:21 +05:30
Vamshi Surabhi
67ee3fc0f2 on a conn_init error send connection_err message instead of closing the ws conn (fix #537) (#572) 2018-09-29 13:21:49 +05:30
Rakesh Emmadi
fc7ea9213c fix non-admin insert returns null column values when query affects zero rows in postgres (fix #563) (#565)
Insert trigger function: If query affects no rows then return `null`

Insert trigger function is modified to have 
 `IF r IS NULL THEN RETURN null; ELSE RETURN r; END IF;` in return statement.
2018-09-29 11:12:47 +05:30
Vamshi Surabhi
b084249e01 do not clean hdb_views by dropping and creating the schema (closes #567) (#568)
Fix migration logic to accommodate for non superuser permissions. Closes #567 

- [x] Server

By clearing the `hdb_views` schema of existing views and functions instead of dropping and creating it again. 

- [x] Bug fix (non-breaking change which fixes an issue)
2018-09-28 16:22:54 +05:30
Anon Ray
1a0af29920 remove 's' unit from query_execution_time in logs (close #509) (#553)
Removes the seconds unit (trailing `s`) from `query_execution_time` in logs.

- [x] Server

It was a string before, changed to double.

- [x] Bug fix (non-breaking change which fixes an issue)

Docs should mention the type/unit of `query_execution_time` is numeric/double.
2018-09-27 18:02:21 +05:30
Vamshi Surabhi
5e619cc479 fix geojson inconsistencies (closes #510) (#513)
Graphql-engine now accepts crs key to specify the Coordinate Reference System as accepted in GeoJSON 2008 spec.

- [x] Server
2018-09-27 17:53:17 +05:30
Anon Ray
75090d51b9 jwt config now takes a jwk url (close #465) (#527)
JWT config now takes an optional jwk_url parameter (which points to published JWK Set). This is useful for providers who rotate their JWK Set.

Optional jwk_url parameter is taken. The published JWK set under that URL should be in standard JWK format (tools.ietf.org/html/rfc7517#section-4.8).

If the response contains an Expires header, the JWK set is automatically refreshed.
2018-09-27 16:52:49 +05:30
Tirumarai Selvan
2cd2b23b2d add custom headers for webhooks, refactor retry logic (#419) 2018-09-24 17:20:11 +05:30
Rakesh Emmadi
8f6b19d6f1 quote constraint name for non-admin inserts (fix #494) (#497)
### Description
What component does this PR affect? 

- [x] Server
### Related Issue
#494 

### Solution and Design
Use `quote_ident()` SQL function over `constraint_name` in insert trigger function definition.

### Type
- [x] Bug fix (non-breaking change which fixes an issue)
2018-09-20 20:54:20 +05:30
Tirumarai Selvan
c42af444f7 implement query to update an event trigger (#367) 2018-09-19 17:42:57 +05:30
Rakesh Emmadi
ec516ce55b allow _is_null operator for filter/check permissions (close #456) (#477) 2018-09-18 17:15:35 +05:30
nizar-m
cde559fe58 dont set non-null constraint for manual object relationships (close #462) 2018-09-18 17:01:16 +05:30
Vamshi Surabhi
85df9ac1e8 payload is now optional in connection_init message (close #470) (#471) 2018-09-18 13:13:30 +05:30
Rakesh Emmadi
e6c5aa5b43 indicate access key is set in the console context (close #426) (#447) 2018-09-14 18:57:46 +05:30
Tirumarai Selvan
f94de38e4c dont reload schema cache for event deliveries (#453) 2018-09-14 18:13:42 +05:30
Anon Ray
af6121f83d jwt claims check should be case-insensitive (fix #435) (#438) 2018-09-13 18:34:50 +05:30
Tirumarai Selvan
c3a38517cd dont retry http requests in the client (close #434) (#436) 2018-09-13 17:22:11 +05:30
Shahidh K Muhammed
be20a11d37
update checks on ci systems (close #319) (#383) 2018-09-12 16:33:36 +05:30
Anon Ray
a5930edd8a uri-decode database uri strings (fix #372) (#424) 2018-09-12 11:49:08 +05:30
Rakesh Emmadi
86b769c8e5 returning on json queries now returns only affected row (fix #380) (#381) 2018-09-08 23:02:58 +05:30
Vamshi Surabhi
dd8e09d6cb add jsonb boolean operators (close #369) (#376) 2018-09-07 17:45:28 +05:30
Tirumarai Selvan
e905535beb implement api to deliver a particular event (close #371) (#373) 2018-09-07 17:21:01 +05:30
Tirumarai Selvan
2814e87e37 make sure only events for existing triggers are fetched (#368) 2018-09-07 13:53:56 +05:30
Anon Ray
f726bb549d add custom namespace in jwt claims (close #350) (#364) 2018-09-07 11:30:50 +05:30
Karthik Venkateswaran
e3102dfd5e ui buttons to export and import metadata, reload metadata api (close #293) (#323) 2018-09-05 20:55:30 +05:30
Tirumarai Selvan
82e09efce6 add event triggers (#329) 2018-09-05 16:56:46 +05:30
Rakesh Emmadi
0a3f68a6eb allow selectively updating columns on a conflict during insert (fix #342)
* fix primary key changing on upsert, fix #342

* add 'update_columns' in 'on_conflict' object, consider 'allowUpsert'

* 'ConflictCtx' type should respect upsert cases

* validation for not null fields in an object
2018-09-04 19:09:48 +05:30
Rakesh Emmadi
10edb431e4 generate a returning field in a mutation only when the select permission is defined (fix #340) (#341) 2018-09-03 12:35:00 +05:30
Anon Ray
b2f88ff28a add support for jwt authorization (close #186) (#255)
The API:
1. HGE has `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var. The value of which is a JSON.

2. The structure of this JSON is: `{"type": "<standard-JWT-algorithms>", "key": "<the-key>"}`
`type` : Standard JWT algos : `HS256`, `RS256`, `RS512` etc. (see jwt.io).
`key`:
  i. Incase of symmetric key, the key as it is.
  ii. Incase of asymmetric keys, only the public key, in a PEM encoded string or as a X509 certificate.

3. The claims in the JWT token must contain the following:
  i. `x-hasura-default-role` field: default role of that user
  ii. `x-hasura-allowed-roles` : A list of allowed roles for the user. The default role is overriden by `x-hasura-role` header.

4. The claims in the JWT token,  can have other `x-hasura-*` fields where their values can only be strings.

5. The JWT tokens are sent as `Authorization: Bearer <token>` headers.

---
To test:
1. Generate a shared secret (for HMAC-SHA256) or RSA key pair.
2. Goto https://jwt.io/ , add the keys
3. Edit the claims to have `x-hasura-role` (mandatory) and other `x-hasura-*` fields. Add permissions related to the claims to test permissions.
4. Start HGE with `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var, which takes a JSON string: `{"type": "HS256", "key": "mylongsharedsecret"}` or `{"type":"RS256", "key": "<PEM-encoded-public-key>"}`
5. Copy the JWT token from jwt.io and use it in the `Authorization: Bearer <token>` header.

---
TODO: Support EC public keys. It is blocked on frasertweedale/hs-jose#61
2018-08-30 16:02:09 +05:30
Rakesh Emmadi
daf01c2b9d mutation return type and query type are same (close #315) (#324) 2018-08-30 15:19:21 +05:30
Rakesh Emmadi
f72d8de87a fix insert fails for non-admin roles on v1/query (fix #327) (#328)
* fix insert fails for non-admin roles on v1/query, fix #327

* add test case for user role upsert usint constraint name
2018-08-29 19:11:33 +05:30
Rakesh Emmadi
75e4400bc5 add req_user_id as alias to x-hasura-user-id (fix #317) (#320) 2018-08-29 11:17:13 +05:30
Rakesh Emmadi
efc9fc7ba9 simpler root level select fields using primary keys (fix #304) (#306)
* select fields by primary key col values as argument values, fix #304

* change field name 'table_by_pkey' to 'table_by_pk'
2018-08-27 19:47:03 +05:30
Rakesh Emmadi
0f13f72bfe do not allow creating permissions for admin role, fix #310 (#312) 2018-08-27 17:20:18 +05:30
Rakesh Emmadi
a0574307c3 set header variables in subscription transaction, fix #297 (#299) 2018-08-22 13:53:53 +05:30
Rakesh Emmadi
e3b56ac368 fix upsert queries to work on non admin roles (fix #239) (#291) 2018-08-17 20:14:43 +05:30
Rakesh Emmadi
0797407dbf respect the nullability of columns in generated schema (fix #256) (#276) 2018-08-10 18:14:44 +05:30
Rakesh Emmadi
adf973dee5 better error code when insertion check constraint fails (fix #257) (#267) 2018-08-10 17:35:07 +05:30
Vamshi Surabhi
c901767cd1
update packages (#251)
* move to stackage 12.4

* upgrade pg-client

* docker build improvements
2018-08-08 13:10:13 +05:30