Commit Graph

251 Commits

Author SHA1 Message Date
Tirumarai Selvan
d4d31838cb quote function and trigger names, allow hyphen in trigger name (#1012) 2018-11-13 11:28:55 +05:30
Rakesh Emmadi
8c1700e76f improve SQL generation for '_in' operation (close #1013) (#1014) 2018-11-12 18:57:47 +05:30
Rakesh Emmadi
80de0e019a do not generate prefix for column identifiers in agg select, fix #1004 (#1005) 2018-11-12 12:58:46 +05:30
Rakesh Emmadi
999580481c allow specifying a list of columns that can be inserted (close #250) (#917) 2018-11-02 20:38:38 +05:30
Rakesh Emmadi
0e9d6994ac refactor nested insert mutation and fix returning (fix #844) (#852)
* improved nested insert execution logic

* integrate error path, improve executing 'withExp' and improve tests

* add more readable types in '/Resolve/Insert.hs'

* set conflict context just before executing WITH expression
2018-11-02 19:31:01 +05:30
Rakesh Emmadi
1a91399298 extract session variables from relational bool expression (fix #960) (#961) 2018-11-02 15:06:33 +05:30
Rakesh Emmadi
0803738df1 refactor select query generation (#941) 2018-10-31 18:21:20 +05:30
Tirumarai Selvan
c5c2ed2389 give precedence to retry-after header over retry conf (#954) 2018-10-31 17:22:41 +05:30
Tirumarai Selvan
b40807c9ec change type of fetch interval to milliseconds (#939) 2018-10-30 20:50:18 +05:30
Vamshi Surabhi
58582be644
fix parsing webhook response, closes #890 (#894) 2018-10-28 22:01:24 +05:30
Tirumarai Selvan
baf7c493bc respect retry-after header on event trigger response (#525) 2018-10-26 21:58:03 +05:30
Vamshi Surabhi
8b0082eac1
clean up user variables parsing logic and fix explain api (#869) 2018-10-26 21:27:22 +05:30
Rakesh Emmadi
fb842fde6f optional 'set' field in insert permissions, closes #216 (#622) 2018-10-26 20:28:20 +05:30
Rakesh Emmadi
f6ed169219 allow ordering using columns from object relationships (closes #463) (#672)
* allow ordering using columns from object relationships, close #463

* validate table fields in nested insert

* add tests

* add docs

* change 'table_order_by' type from enums to ordered map

* remove unwanted code from 'Schema.hs' file

* 'AnnGObject' is not list of field name and value tuple

* update docs for new order_by type

* use 'InsOrdHashMap' for 'AnnGObj'

* handle empty fields in order_by

* remove '_' prefixes for asc/desc

* fix the changed order_by syntax across the repo
2018-10-26 17:27:33 +05:30
Rakesh Emmadi
a8cee16ab5 support aggregations (closes #786) (#787)
* support for count and aggregations on columns, close #786

* support explain query for aggregations

* '<arr-rel>_agg' in '<table>' type, fix order by for aggregations

* add 'allow_aggregations' key in select permissions

* Add checkbox to toggle count and aggregations on columns on select permission

* align aggregation checkbox with columns div

* improve readability of the generated sql

* alias is needed at the top level aggregation

* throw internal errors for unexpected fields

* rename SelFld to more readable TableAggFld

* rename agg to aggregate
2018-10-26 14:32:43 +05:30
Rakesh Emmadi
10d8529d28 allow unauthorized role in accesskey and JWT modes (closes #595) (#856) 2018-10-25 23:46:25 +05:30
Vamshi Surabhi
199531cbd9
http and websocket logs now correctly have user information, closes #849 (#850) 2018-10-25 15:07:57 +05:30
Tirumarai Selvan
810b440089 trigger webhooks on column level changes instead of row (close #547, close #680) (#550) 2018-10-25 12:52:51 +05:30
Vamshi Surabhi
ab9692da4d
set all session data in a single paramater, 'hasura.user' (closes #825) 2018-10-24 16:09:47 +05:30
nizar-m
cd030068c2 GeoJSON: Fix MultiPolygon parse error (closes #840) 2018-10-24 13:51:37 +05:30
Vamshi Surabhi
ac537330d0 explain a graphql query, similar to explain of an sql statement (close #562) (#805) 2018-10-19 07:45:28 +05:30
Vamshi Surabhi
67168b3632 send 'completed' after an error when handling start in ws (close #671) (#776) 2018-10-16 17:19:24 +05:30
Rakesh Emmadi
45691e3509 for views consider only insertable ones in generating nested insert input objects (fix #773) (#774) 2018-10-16 15:55:41 +05:30
Rakesh Emmadi
49dd7bf98b allow mutations on views only if they are allowed by postgres (fix #232) (#339) 2018-10-12 17:36:12 +05:30
Rakesh Emmadi
37e848ccca fix input object validation logic (fix #693) (#711) 2018-10-12 16:06:47 +05:30
Vamshi Surabhi
ecf8c760ec workaround postgres default limit of 63 chars for identifiers (close #688) (#707) 2018-10-12 14:58:43 +05:30
Vamshi Surabhi
603461ad8f track connection_init error on each ws connection (close #682) (#683) 2018-10-09 15:51:05 +05:30
Rakesh Emmadi
d57be587b3 format schema name and table name as identifiers in event triggers (fix #639) (#644) 2018-10-09 12:09:20 +05:30
Rakesh Emmadi
00d5a5c1a3 insert mutations can now handle nested-data/relationsips (close #343) (#429) 2018-10-05 20:43:51 +05:30
Vamshi Surabhi
32ae105279 improved sql generation for select queries (closes #6, #121, #278) (#643)
Better SQL generation for select queries (the query plans will be the same but much more readable). This closes some long standing issues (#6, #121, #278).
2018-10-05 14:26:47 +05:30
Rakesh Emmadi
91376316f2 breaking: encode bigint and bigserial postgres types as strings in response (fix #633) (#640)
This is breaking change where bigint and bigserial Postgres types will be encoded as GraphQL String types, as opposed to Int as present in earlier releases.

Input types were already encoded as String.

This is achieved by selecting `bigint` and `bigserial` columns as `text`s in the SQL query: `select "big_id"::text ..` instead of `select "big_id" .. `.

Reason for that change is outlined in #633 where JavaScript cannot decode 64 bit Integers.
2018-10-05 10:46:21 +05:30
Vamshi Surabhi
67ee3fc0f2 on a conn_init error send connection_err message instead of closing the ws conn (fix #537) (#572) 2018-09-29 13:21:49 +05:30
Rakesh Emmadi
fc7ea9213c fix non-admin insert returns null column values when query affects zero rows in postgres (fix #563) (#565)
Insert trigger function: If query affects no rows then return `null`

Insert trigger function is modified to have 
 `IF r IS NULL THEN RETURN null; ELSE RETURN r; END IF;` in return statement.
2018-09-29 11:12:47 +05:30
Vamshi Surabhi
b084249e01 do not clean hdb_views by dropping and creating the schema (closes #567) (#568)
Fix migration logic to accommodate for non superuser permissions. Closes #567 

- [x] Server

By clearing the `hdb_views` schema of existing views and functions instead of dropping and creating it again. 

- [x] Bug fix (non-breaking change which fixes an issue)
2018-09-28 16:22:54 +05:30
Anon Ray
1a0af29920 remove 's' unit from query_execution_time in logs (close #509) (#553)
Removes the seconds unit (trailing `s`) from `query_execution_time` in logs.

- [x] Server

It was a string before, changed to double.

- [x] Bug fix (non-breaking change which fixes an issue)

Docs should mention the type/unit of `query_execution_time` is numeric/double.
2018-09-27 18:02:21 +05:30
Vamshi Surabhi
5e619cc479 fix geojson inconsistencies (closes #510) (#513)
Graphql-engine now accepts crs key to specify the Coordinate Reference System as accepted in GeoJSON 2008 spec.

- [x] Server
2018-09-27 17:53:17 +05:30
Anon Ray
75090d51b9 jwt config now takes a jwk url (close #465) (#527)
JWT config now takes an optional jwk_url parameter (which points to published JWK Set). This is useful for providers who rotate their JWK Set.

Optional jwk_url parameter is taken. The published JWK set under that URL should be in standard JWK format (tools.ietf.org/html/rfc7517#section-4.8).

If the response contains an Expires header, the JWK set is automatically refreshed.
2018-09-27 16:52:49 +05:30
Tirumarai Selvan
2cd2b23b2d add custom headers for webhooks, refactor retry logic (#419) 2018-09-24 17:20:11 +05:30
Rakesh Emmadi
8f6b19d6f1 quote constraint name for non-admin inserts (fix #494) (#497)
### Description
What component does this PR affect? 

- [x] Server
### Related Issue
#494 

### Solution and Design
Use `quote_ident()` SQL function over `constraint_name` in insert trigger function definition.

### Type
- [x] Bug fix (non-breaking change which fixes an issue)
2018-09-20 20:54:20 +05:30
Tirumarai Selvan
c42af444f7 implement query to update an event trigger (#367) 2018-09-19 17:42:57 +05:30
Rakesh Emmadi
ec516ce55b allow _is_null operator for filter/check permissions (close #456) (#477) 2018-09-18 17:15:35 +05:30
nizar-m
cde559fe58 dont set non-null constraint for manual object relationships (close #462) 2018-09-18 17:01:16 +05:30
Vamshi Surabhi
85df9ac1e8 payload is now optional in connection_init message (close #470) (#471) 2018-09-18 13:13:30 +05:30
Rakesh Emmadi
e6c5aa5b43 indicate access key is set in the console context (close #426) (#447) 2018-09-14 18:57:46 +05:30
Tirumarai Selvan
f94de38e4c dont reload schema cache for event deliveries (#453) 2018-09-14 18:13:42 +05:30
Anon Ray
af6121f83d jwt claims check should be case-insensitive (fix #435) (#438) 2018-09-13 18:34:50 +05:30
Tirumarai Selvan
c3a38517cd dont retry http requests in the client (close #434) (#436) 2018-09-13 17:22:11 +05:30
Shahidh K Muhammed
be20a11d37
update checks on ci systems (close #319) (#383) 2018-09-12 16:33:36 +05:30
Anon Ray
a5930edd8a uri-decode database uri strings (fix #372) (#424) 2018-09-12 11:49:08 +05:30
Rakesh Emmadi
86b769c8e5 returning on json queries now returns only affected row (fix #380) (#381) 2018-09-08 23:02:58 +05:30
Vamshi Surabhi
dd8e09d6cb add jsonb boolean operators (close #369) (#376) 2018-09-07 17:45:28 +05:30
Tirumarai Selvan
e905535beb implement api to deliver a particular event (close #371) (#373) 2018-09-07 17:21:01 +05:30
Tirumarai Selvan
2814e87e37 make sure only events for existing triggers are fetched (#368) 2018-09-07 13:53:56 +05:30
Anon Ray
f726bb549d add custom namespace in jwt claims (close #350) (#364) 2018-09-07 11:30:50 +05:30
Karthik Venkateswaran
e3102dfd5e ui buttons to export and import metadata, reload metadata api (close #293) (#323) 2018-09-05 20:55:30 +05:30
Tirumarai Selvan
82e09efce6 add event triggers (#329) 2018-09-05 16:56:46 +05:30
Rakesh Emmadi
0a3f68a6eb allow selectively updating columns on a conflict during insert (fix #342)
* fix primary key changing on upsert, fix #342

* add 'update_columns' in 'on_conflict' object, consider 'allowUpsert'

* 'ConflictCtx' type should respect upsert cases

* validation for not null fields in an object
2018-09-04 19:09:48 +05:30
Rakesh Emmadi
10edb431e4 generate a returning field in a mutation only when the select permission is defined (fix #340) (#341) 2018-09-03 12:35:00 +05:30
Anon Ray
b2f88ff28a add support for jwt authorization (close #186) (#255)
The API:
1. HGE has `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var. The value of which is a JSON.

2. The structure of this JSON is: `{"type": "<standard-JWT-algorithms>", "key": "<the-key>"}`
`type` : Standard JWT algos : `HS256`, `RS256`, `RS512` etc. (see jwt.io).
`key`:
  i. Incase of symmetric key, the key as it is.
  ii. Incase of asymmetric keys, only the public key, in a PEM encoded string or as a X509 certificate.

3. The claims in the JWT token must contain the following:
  i. `x-hasura-default-role` field: default role of that user
  ii. `x-hasura-allowed-roles` : A list of allowed roles for the user. The default role is overriden by `x-hasura-role` header.

4. The claims in the JWT token,  can have other `x-hasura-*` fields where their values can only be strings.

5. The JWT tokens are sent as `Authorization: Bearer <token>` headers.

---
To test:
1. Generate a shared secret (for HMAC-SHA256) or RSA key pair.
2. Goto https://jwt.io/ , add the keys
3. Edit the claims to have `x-hasura-role` (mandatory) and other `x-hasura-*` fields. Add permissions related to the claims to test permissions.
4. Start HGE with `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var, which takes a JSON string: `{"type": "HS256", "key": "mylongsharedsecret"}` or `{"type":"RS256", "key": "<PEM-encoded-public-key>"}`
5. Copy the JWT token from jwt.io and use it in the `Authorization: Bearer <token>` header.

---
TODO: Support EC public keys. It is blocked on frasertweedale/hs-jose#61
2018-08-30 16:02:09 +05:30
Rakesh Emmadi
daf01c2b9d mutation return type and query type are same (close #315) (#324) 2018-08-30 15:19:21 +05:30
Rakesh Emmadi
f72d8de87a fix insert fails for non-admin roles on v1/query (fix #327) (#328)
* fix insert fails for non-admin roles on v1/query, fix #327

* add test case for user role upsert usint constraint name
2018-08-29 19:11:33 +05:30
Rakesh Emmadi
75e4400bc5 add req_user_id as alias to x-hasura-user-id (fix #317) (#320) 2018-08-29 11:17:13 +05:30
Rakesh Emmadi
efc9fc7ba9 simpler root level select fields using primary keys (fix #304) (#306)
* select fields by primary key col values as argument values, fix #304

* change field name 'table_by_pkey' to 'table_by_pk'
2018-08-27 19:47:03 +05:30
Rakesh Emmadi
0f13f72bfe do not allow creating permissions for admin role, fix #310 (#312) 2018-08-27 17:20:18 +05:30
Rakesh Emmadi
a0574307c3 set header variables in subscription transaction, fix #297 (#299) 2018-08-22 13:53:53 +05:30
Rakesh Emmadi
e3b56ac368 fix upsert queries to work on non admin roles (fix #239) (#291) 2018-08-17 20:14:43 +05:30
Rakesh Emmadi
0797407dbf respect the nullability of columns in generated schema (fix #256) (#276) 2018-08-10 18:14:44 +05:30
Rakesh Emmadi
adf973dee5 better error code when insertion check constraint fails (fix #257) (#267) 2018-08-10 17:35:07 +05:30
Vamshi Surabhi
c901767cd1
update packages (#251)
* move to stackage 12.4

* upgrade pg-client

* docker build improvements
2018-08-08 13:10:13 +05:30
Rakesh Emmadi
cffa808d19 returning returns [] when mutations affect no rows (fix #265) (#269)
* fix returning returns null, fix #265

* add a test case for delete mutation with returning
2018-08-08 12:31:49 +05:30
Rakesh Emmadi
8ecb80d2da accept null values for input values, closes #252 (#266) 2018-08-07 16:13:42 +05:30
Vamshi Surabhi
dcde969d66 ignore certain headers from the request when calling the webhook (close #260) (#261) 2018-08-06 19:36:48 +05:30
Rakesh Emmadi
9c55490e98 add limit in select permission which overrides limit in query (close #178) (#237) 2018-08-06 17:45:08 +05:30
Rakesh Emmadi
c94640a377 don't allow creating relationships from/to a table that isn't tracked (fix #185) (#229)
* don't allow fkey based relations from/to a table that isn't tracked, fix #185

Check if remote table exist in metadata when creating foreign-key
based object relationship.

* add tests for adding object relation using fkey if remote table is untracked
2018-08-03 15:04:37 +05:30
Rakesh Emmadi
8ef2692eb7 improve logs on webhook errors (closes #238, #242) (#243)
* logging for webhook IO exceptions, fix log request for errors, fix #238

* log status code and response in case of any error for webhook
2018-08-03 14:13:35 +05:30
Rakesh Emmadi
a0590598e5 filter schema identifiers to conform to graphql naming scheme (close #134) (#211)
* filter schema identifiers to conform to graphql naming scheme,closes #134

Filter out tables, columns, relationships etc which does not conform to
graphql naming scheme.
This ensures GraphiQL initialisation works properly for existing
databases.

* rename `isGraphQLConform` to `isValidName`

* rename all graphQL validators
2018-07-27 15:20:12 +05:30
Anon Ray
62b7b800c5 check for updates every 24 hrs in background (fix #204) (#209) 2018-07-27 15:04:50 +05:30
Rakesh Emmadi
27e2d647bb add _inc and jsonb operators to update_mutation (close #159) (#169) 2018-07-20 16:21:20 +05:30
Vamshi Surabhi
e3f960da96 initial support for livequeries (#176)
fix #59
2018-07-20 12:52:46 +05:30
Vamshi Surabhi
679310b008
accomodate for the precedence of IS before 9.5, closes #150 2018-07-17 22:26:47 +05:30
Rakesh Emmadi
5efa366b49 add 'on_conflict' argument to insert mutation (closes #105)
* add 'on_conflict' condition to allow upsert mutation, closes #105

* check for empty unique or primary key constraints

* add 'on_conflict' condition test cases and introspection test case

* update 'conflict_action' enum values' description
2018-07-17 18:53:23 +05:30
rakeshkky
a094394f38 server: add _is_null operator, closes #106 2018-07-12 19:33:02 +05:30
Rakesh Emmadi
4a76c7e89e server: throw 401 exception for accesskey mismatch/notfound, fix #67 (#71)
return 401 when access key does not match or is not found, closes #67
2018-07-11 11:07:53 +05:30
rakeshkky
82e81cd540 server: use row expressions instead of json_build_object 2018-07-09 12:55:49 +05:30
Rakesh Emmadi
38c91e2b9e catch and log http exceptions from auth webhook, closes #28 2018-07-09 11:34:41 +05:30
Rakesh Emmadi
b9ff99329a server: process headers only for known urls, fixes #46 2018-07-06 10:46:42 +05:30
Rakesh Emmadi
e834bc51a6 server: try environment variables if flags are missing, closes #45 2018-07-06 10:43:46 +05:30
Rakesh Emmadi
b9dd3b2ab2 server: close #34 render console assets version as v[maj.min] (#39) 2018-07-04 18:15:34 +05:30
Rakesh Emmadi
400a0e3f16 server: add v1/version api, fix #34 (#37) 2018-07-03 21:04:25 +05:30
Vamshi Surabhi
9a845b4932 server: mutationRoot is optional in __schema 2018-06-29 17:32:59 +05:30
Rakesh Emmadi
128ed2388b server: console is served at /console Closes #16 (#22) 2018-06-29 16:35:09 +05:30
Vamshi Surabhi
db1a098b3b server: do not publish schema for system defined tables 2018-06-29 16:30:54 +05:30
Vamshi Surabhi
114418c378 server: support @skip and @include directives. closes #7 2018-06-29 14:50:49 +05:30
Vamshi Surabhi
f6bb130240 server: improved error messages. closes #8 2018-06-29 12:51:04 +05:30
Vamshi Surabhi
c09725ba79 server: coerce 'a' to '[a]' for list input types 2018-06-29 10:17:53 +05:30
Vamshi Surabhi
7e0bb03f17 server: map pgvarchar to GraphQL String 2018-06-29 10:17:53 +05:30
Rakesh Emmadi
a4dbe58c15 server: Disallow untrack_table for system defined tables. Fix #12 (#15) 2018-06-28 17:26:40 +05:30
Rakesh Emmadi
f625882199 [server] allow only one of db url or conn params. Closes #5 (#11) 2018-06-28 16:19:40 +05:30
Vamshi Surabhi
47c73f750f server: use insert-ordered-containers for ordered map 2018-06-28 13:49:52 +05:30
Vamshi Surabhi
3b8c5a1848 server: use attoparsec-iso8601 for parsing time information 2018-06-28 13:49:52 +05:30
Vamshi Surabhi
530027cf20 move raven into graphql-engine repo 2018-06-28 00:32:00 +05:30