Commit Graph

161 Commits

Author SHA1 Message Date
Rakesh Emmadi
d9fb0f8780 use named notation for function arguments if any argument is not specified (fix #2730) (#2777)
* use positional arguments in SQL functions
* only allow omitting set of last arguments in functions
* disallow omitting of a non default argument in functions
2019-08-28 14:27:15 -05:00
Tirumarai Selvan
67d3eb3e27 unlock only locked rows during startup (#2778) 2019-08-26 19:41:38 -05:00
Alexis King
c46ecc72dc Refactor non-table functions out of Hasura.RQL.DDL.Table 2019-08-26 00:54:56 -05:00
Alexis King
ed26da59a6 Add support for GraphQL enum types via enum table references
These changes also add a new type, PGColumnType, between PGColInfo and
PGScalarType, and they process PGRawColumnType values into PGColumnType
values during schema cache generation.
2019-08-26 00:54:56 -05:00
José Lorenzo Rodríguez
c7a2320456 Implemented graceful shutdown for HTTP requests (close #2698) (#2717)
* Listens for SIGTERM as the termination signal
* Stops accepting new connections once the signal is received
* Waits for all connections to be drained, before shutting down
* Forcefully kills all pending connections after 30 seconds

Currently this does not send a close message to websocket clients, I'd
like to submit that change as a separate pull request, but at least this
solve my biggest concern which is not getting confirmation for mutations
while restarting the server.
2019-08-26 00:31:27 -05:00
Rakesh Emmadi
db24d3248f schema sync process will not generate garbage data (close #2542) (#2585)
schema syncing logic now requires only a single row in `hdb_schema_update_event`.
2019-07-31 14:31:48 +05:30
Vamshi Surabhi
4facb3c780 remove support for query templates (#2560)
query templates is a little known feature that lets you template rql
queries and serve them as rest apis. This is not relevant anymore
given the GraphQL interface and getting rid of it reduces the dev
time when adding features in few subsystems.

This feature has never been used outside hasura's internal projects or
documented or exposed through console and hence can safely be removed.
2019-07-23 19:11:34 +00:00
Anon Ray
8f1e7dbc8d breaking: server logging changes (close #507, close #2171) (#1835) 2019-07-11 05:37:06 +00:00
Rakesh Emmadi
94a8a50410 set allowlist table as system defined on catalog migration, fix #2225 (#2226) 2019-05-20 10:27:32 +05:30
Shahidh K Muhammed
76ceb707f4
bundle console assets into server (close #516, close #521, close #2130) (#2192)
This PR builds console static assets into the server docker image at `/srv/console-assets`. When env var `HASURA_GRAPHQL_CONSOLE_ASSETS_DIR=/srv/console-assets` or flag `--console-assets-dir=/srv/console-assets` is set on the server, the files in this directory are served at `/console/assets/*`.

The console html template will have a variable called `cdnAssets: false` when this flag is set and it loads assets from server itself instead of CDN.

The assets are moved to a new bucket with a new naming scheme:

```
graphql-engine-cdn.hasura.io/console/assets/
   /common/{}
   /versioned/<version/{}
   /channel/<channel>/<version>/{}
```

Console served by CLI will still load assets from CDN - will fix that in the next release.
2019-05-16 13:15:29 +05:30
Rakesh Emmadi
0b210cc245 support allow-list for graphql queries (closes #989) (#2075) 2019-05-16 11:43:25 +05:30
Tirumarai Selvan
36e49ea75b manual event triggers (close #1687) (#2077) 2019-05-13 15:11:07 +05:30
Rakesh Emmadi
204cd3514b optimise server startup time (close #1430) (#2120)
1. Reuses postgres connections during startup which reduces the overhead of opening and closing connections. 
2. Faster schema cache building. This is done by fetching all the required data in a single sql statement.
2019-05-08 13:06:42 +05:30
Shahidh K Muhammed
71cf017197 add an api to dump postgres schema (close #1939) (#1967) 2019-04-30 14:04:08 +05:30
Rakesh Emmadi
39f43bdd59 log inconsistent metadata objects only when there are any (close #2053) (#2058) 2019-04-29 11:52:48 +05:30
Rakesh Emmadi
1d7cbc7f24 recover from inconsistent database state (closes #231) (#1863) 2019-04-17 21:59:39 +05:30
Vamshi Surabhi
ce243f5899
multiplexed subscriptions (#1934)
* add types to represent unparsed http gql requests

This will help when we add caching of frequently used ASTs

* query plan caching

* move livequery to execute

* add multiplexed module

* session variable can be customised depending on the context

Previously the value was always "current_setting('hasura.user')"

* get rid of typemap requirement in reusable plan

* subscriptions are multiplexed when possible

* use lazytx for introspection to avoid acquiring a pg connection

* refactor to make execute a completely decoupled module

* don't issue a transaction for a query

* don't use current setting for explained sql

* move postgres related types to a different module

* validate variableValues on postgres before multiplexing subs

* don't user current_setting for queries over ws

* plan_cache is only visible when developer flag is enabled

* introduce 'batch size' when multiplexing subscriptions

* bump stackage to 13.16

* fix schema_stitching test case error code

* store hashes instead of actual responses for subscriptions

* internal api to dump subscriptions state

* remove PlanCache from SchemaCacheRef

* allow live query options to be configured on server startup

* capture metrics for multiplexed subscriptions

* more metrics captured for multiplexed subs

* switch to tvar based hashmap for faster snapshotting

* livequery modules do not expose internal details

* fix typo in live query env vars

* switch to hasura's pg-client-hs
2019-04-17 15:18:41 +05:30
Rakesh Emmadi
3708f95036 fix input argument types for custom SQL functions (close #1952) (#1953) 2019-04-08 12:28:56 +05:30
Tirumarai Selvan
36781199d0 breaking: drop id from event_triggers table (fix #1840) (#1857) 2019-03-25 22:40:52 +05:30
Vamshi Surabhi
24dcefb142
use bytestring builder to represent encoded json (#1800) 2019-03-18 21:52:21 +05:30
Rakesh Emmadi
e32f5a1fb1 sync metadata cache across multiple instances connected to same db (closes #1182) (#1574)
1. Haskel library `pg-client-hs` has been updated to expose a function that helps listen to `postgres` notifications over a `channel` in this [PR](https://github.com/hasura/pg-client-hs/pull/5)
2. The server records an event in a table `hdb_catalog.hdb_cache_update_event` whenever any `/v1/query` (that changes metadata) is requested. A trigger notifies a `cache update` event via `hasura_cache_update` channel
3. The server runs two concurrent threads namely `listener` and `processor`. The `listener` thread listens to events on `hasura_cache_update` channel and pushed into a `Queue`. The `processor` thread fetches events from that `Queue` and processes it. Thus server rebuilds schema cache from database and updates.
2019-03-12 11:16:27 +05:30
Anon Ray
02d80c9ac6 read cookie while initialising websocket connection (fix #1660) (#1668)
* read cookie while initialising websocket connection (fix #1660)

* add tests for cookie on websocket init

* fix logic for tests

* enforce cors, and flag to force read cookie when cors disabled

  - as browsers don't enforce SOP on websockets, we enforce CORS policy
  on websocket handshake
  - if CORS is disabled, by default cookie is not read (because XSS
  risk!). Add special flag to force override this behaviour

* add log and forward origin header to webhook

  - add log notice when cors is disabled, and cookie is not read on
  websocket handshake
  - forward origin header to webhook in POST mode. So that when CORS is
  disabled, webhook can also enforce CORS independently.

* add docs, and forward all client headers to webhook
2019-03-04 13:16:53 +05:30
Rakesh Emmadi
377290a058 breaking: correct (de)serialisation of postgres numeric types in json (fix #1523) (#1662) 2019-03-01 17:15:04 +05:30
Rakesh Emmadi
6c20ca8a55 allow renaming tables, columns and relationships (close #79) (#1542) 2019-03-01 14:47:22 +05:30
nizar-m
1fa66dc622 add option to disable metadata and graphql apis (close #1088) (#1650) 2019-02-28 19:23:03 +05:30
nizar-m
f83a8e591f rename access-key to admin-secret (close #1347) (#1540)
Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret.

Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 15:07:47 +05:30
Tirumarai Selvan
51dd6157e1 remove wreq and set response timeout (close #1477) (#1501) 2019-02-14 13:07:59 +05:30
Rakesh Emmadi
4ef50d95c7 hdb_views should always be cleared before building schema cache (#1513) 2019-01-29 15:39:58 +05:30
Shahidh K Muhammed
11e7c3f9d6 add anonymous telemetry (#1401) 2019-01-28 19:25:28 +05:30
Rakesh Emmadi
0bf2457e23 allow exposing postgres functions through GraphQL interface (close #333) (#1073) 2019-01-25 09:01:54 +05:30
Nathan Stitt
1b9540f996 allow specifying network interface with "server-host" option (#1280)
* allow specifying network interface with "server-host" option

* store host value as a HostPreference

* document server-host options
2019-01-11 16:37:13 +05:30
Anon Ray
e9121a903f fix typo in pgcrypto error message (fix #1322) (#1331) 2019-01-08 14:35:25 +05:30
Rakesh Emmadi
e2fe078b89 fix fetching primary key columns for non table owners (close #1269) (#1300) 2019-01-04 16:36:05 +05:30
Rakesh Emmadi
4d9d1505dd improve startup logging, close #1236 (#1258) 2019-01-02 16:54:17 +05:30
Vamshi Surabhi
ea4d2644e8
local console during development (#1252)
* console now works on local builds of the server

1. local console assets can be served at /static/ by a build time flag
'local-console'. This can be set with stack as follows:
   `stack build --flag graphql-engine:local-console`
2. the --root-dir option is removed which was used as a temporary hack
for serving graphiql
3. remove server's graphiql source code
2018-12-21 13:21:02 +05:30
Rakesh Emmadi
d4e6ffcae8 revert back to older cli options parser type (#1231) 2018-12-19 17:08:33 +05:30
Rakesh Emmadi
708a29fc89 refactor server cli code, add more cli options & version command (closes #51, #144, #1090, #1195) (#1200) 2018-12-14 08:51:41 +05:30
Vamshi Surabhi
ec8b2c80b5
refactor to remove warnings especially with orphan instances (#1163)
* remove phase one/two distinction and hdbquery typeclass

* move extensions to default-extensions

* switch to LazyTx which only acquires a connection if needed

* move defns from TH module into Ops module

* remove tojson orphan instance for http exception

* remove orphan instance for dmlp1

* getTopLevelNodes will not throw any exceptions
2018-12-13 12:56:15 +05:30
Rakesh Emmadi
3ea20bc4d7 allow authentication webhook with POST (close #1138) (#1147) 2018-12-03 16:49:08 +05:30
Vamshi Surabhi
db1f6c1a39
remove dependency on 'first' aggregate, closes #1085 (#1089) 2018-11-27 21:40:54 +05:30
Anon Ray
512ee6fb9f adds basic support for remote schemas/schema stitching (#952) 2018-11-23 18:32:46 +05:30
Rakesh Emmadi
1539d6b5a6 server port can be set with HASURA_GRAPHQL_SERVER_PORT env variable, closes #1033 (#1038) 2018-11-15 10:25:39 +05:30
Tirumarai Selvan
317efb81f1 event triggers: take webhook url from env (close #966) (#968) 2018-11-14 12:43:01 +05:30
Tirumarai Selvan
b40807c9ec change type of fetch interval to milliseconds (#939) 2018-10-30 20:50:18 +05:30
Tirumarai Selvan
baf7c493bc respect retry-after header on event trigger response (#525) 2018-10-26 21:58:03 +05:30
Rakesh Emmadi
10d8529d28 allow unauthorized role in accesskey and JWT modes (closes #595) (#856) 2018-10-25 23:46:25 +05:30
Rakesh Emmadi
be28f8c947 add env var to enable console (close #632) (#642) 2018-10-10 12:16:38 +05:30
Vamshi Surabhi
b084249e01 do not clean hdb_views by dropping and creating the schema (closes #567) (#568)
Fix migration logic to accommodate for non superuser permissions. Closes #567 

- [x] Server

By clearing the `hdb_views` schema of existing views and functions instead of dropping and creating it again. 

- [x] Bug fix (non-breaking change which fixes an issue)
2018-09-28 16:22:54 +05:30
Anon Ray
75090d51b9 jwt config now takes a jwk url (close #465) (#527)
JWT config now takes an optional jwk_url parameter (which points to published JWK Set). This is useful for providers who rotate their JWK Set.

Optional jwk_url parameter is taken. The published JWK set under that URL should be in standard JWK format (tools.ietf.org/html/rfc7517#section-4.8).

If the response contains an Expires header, the JWK set is automatically refreshed.
2018-09-27 16:52:49 +05:30
Tirumarai Selvan
2cd2b23b2d add custom headers for webhooks, refactor retry logic (#419) 2018-09-24 17:20:11 +05:30
Anon Ray
04696aec45 fix pgcrypto extension creation failures on heroku (fix #495) (#496)
### Description
Fixes #495 

What component does this PR affect? 

- [x] Server

### Solution and Design
Create the extension explicitly mentioning the public schema. 

### Type

- [x] Bug fix (non-breaking change which fixes an issue)
2018-09-20 12:55:39 +05:30
Anon Ray
4b4c675ab7 better handling for pgcrypto extension (fix #338) (#423) 2018-09-14 17:11:51 +05:30
Tirumarai Selvan
e402d11318 update catalog version to 2 (#357) 2018-09-05 17:12:20 +05:30
Tirumarai Selvan
82e09efce6 add event triggers (#329) 2018-09-05 16:56:46 +05:30
Anon Ray
b2f88ff28a add support for jwt authorization (close #186) (#255)
The API:
1. HGE has `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var. The value of which is a JSON.

2. The structure of this JSON is: `{"type": "<standard-JWT-algorithms>", "key": "<the-key>"}`
`type` : Standard JWT algos : `HS256`, `RS256`, `RS512` etc. (see jwt.io).
`key`:
  i. Incase of symmetric key, the key as it is.
  ii. Incase of asymmetric keys, only the public key, in a PEM encoded string or as a X509 certificate.

3. The claims in the JWT token must contain the following:
  i. `x-hasura-default-role` field: default role of that user
  ii. `x-hasura-allowed-roles` : A list of allowed roles for the user. The default role is overriden by `x-hasura-role` header.

4. The claims in the JWT token,  can have other `x-hasura-*` fields where their values can only be strings.

5. The JWT tokens are sent as `Authorization: Bearer <token>` headers.

---
To test:
1. Generate a shared secret (for HMAC-SHA256) or RSA key pair.
2. Goto https://jwt.io/ , add the keys
3. Edit the claims to have `x-hasura-role` (mandatory) and other `x-hasura-*` fields. Add permissions related to the claims to test permissions.
4. Start HGE with `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var, which takes a JSON string: `{"type": "HS256", "key": "mylongsharedsecret"}` or `{"type":"RS256", "key": "<PEM-encoded-public-key>"}`
5. Copy the JWT token from jwt.io and use it in the `Authorization: Bearer <token>` header.

---
TODO: Support EC public keys. It is blocked on frasertweedale/hs-jose#61
2018-08-30 16:02:09 +05:30
Anon Ray
62b7b800c5 check for updates every 24 hrs in background (fix #204) (#209) 2018-07-27 15:04:50 +05:30
Vamshi Surabhi
e3f960da96 initial support for livequeries (#176)
fix #59
2018-07-20 12:52:46 +05:30
Rakesh Emmadi
6160e24085 rename 'raven' to 'graphql-engine' in help text, closes #87 2018-07-11 13:54:13 +05:30
Rakesh Emmadi
e834bc51a6 server: try environment variables if flags are missing, closes #45 2018-07-06 10:43:46 +05:30
Rakesh Emmadi
128ed2388b server: console is served at /console Closes #16 (#22) 2018-06-29 16:35:09 +05:30
Vamshi Surabhi
530027cf20 move raven into graphql-engine repo 2018-06-28 00:32:00 +05:30