Commit Graph

42 Commits

Author SHA1 Message Date
Phil Freeman
0dddbe9e9d
Add MonadTrace and MonadExecuteQuery abstractions (#5383)
Co-authored-by: Vamshi Surabhi <0x777@users.noreply.github.com>
2020-07-15 16:10:48 +05:30
Lyndon Maydwell
24592a516b
Pass environment variables around as a data structure, via @sordina (#5374)
* Pass environment variables around as a data structure, via @sordina

* Resolving build error

* Adding Environment passing note to changelog

* Removing references to ILTPollerLog as this seems to have been reintroduced from a bad merge

* removing commented-out imports

* Language pragmas already set by project

* Linking async thread

* Apply suggestions from code review

Use `runQueryTx` instead of `runLazyTx` for queries.

* remove the non-user facing entry in the changelog

Co-authored-by: Phil Freeman <paf31@cantab.net>
Co-authored-by: Phil Freeman <phil@hasura.io>
Co-authored-by: Vamshi Surabhi <0x777@users.noreply.github.com>
2020-07-14 12:00:58 -07:00
Brandon Simmons
5e37350561 Refactor and unit test authentication code paths (closes #4736)
The bulk of changes here is some shifting of code around and a little
parameterizing of functions for easier testing.

Also: comments, some renaming for clarity/less-chance-for-misue.
2020-06-08 13:10:58 -04:00
Brandon Simmons
d747bc1148 Tighten up handling of admin secret, more docs
Store the admin secret only as a hash to prevent leaking the secret
inadvertently, and to prevent timing attacks on the secret.

NOTE: best practice for stored user passwords is a function with a
tunable cost like bcrypt, but our threat model is quite different (even
if we thought we could reasonably protect the secret from an attacker
who could read arbitrary regions of memory), and bcrypt is far too slow
(by design) to perform on each request. We'd have to rely on our
(technically savvy) users to choose high entropy passwords in any case.

Referencing #4736
2020-06-08 13:09:25 -04:00
Vamshi Surabhi
ff99b24031 fix a security issue with 1.2 2020-05-22 14:40:57 +05:30
Tirumarai Selvan
cc8e2ccc78
Scheduled triggers (close #1914) (#3553)
server: add scheduled triggers 

Co-authored-by: Alexis King <lexi.lambda@gmail.com>
Co-authored-by: Marion Schleifer <marion@hasura.io>
Co-authored-by: Karthikeyan Chinnakonda <karthikeyan@hasura.io>
Co-authored-by: Aleksandra Sikora <ola.zxcvbnm@gmail.com>
2020-05-13 18:03:16 +05:30
Rakesh Emmadi
d52bfcda4e
backend only insert permissions (rfc #4120) (#4224)
* move user info related code to Hasura.User module

* the RFC #4120 implementation; insert permissions with admin secret

* revert back to old RoleName based schema maps

An attempt made to avoid duplication of schema contexts in types
if any role doesn't possess any admin secret specific schema

* fix compile errors in haskell test

* keep 'user_vars' for session variables in http-logs

* no-op refacto

* tests for admin only inserts

* update docs for admin only inserts

* updated CHANGELOG.md

* default behaviour when admin secret is not set

* fix x-hasura-role to X-Hasura-Role in pytests

* introduce effective timeout in actions async tests

* update docs for admin-secret not configured case

* Update docs/graphql/manual/api-reference/schema-metadata-api/permission.rst

Co-Authored-By: Marion Schleifer <marion@hasura.io>

* Apply suggestions from code review

Co-Authored-By: Marion Schleifer <marion@hasura.io>

* a complete iteration

backend insert permissions accessable via 'x-hasura-backend-privilege'
session variable

* console changes for backend-only permissions

* provide tooltip id; update labels and tooltips;

* requested changes

* requested changes

- remove className from Toggle component
- use appropriate function name (capitalizeFirstChar -> capitalize)

* use toggle props from definitelyTyped

* fix accidental commit

* Revert "introduce effective timeout in actions async tests"

This reverts commit b7a59c19d6.

* generate complete schema for both 'default' and 'backend' sessions

* Apply suggestions from code review

Co-Authored-By: Marion Schleifer <marion@hasura.io>

* remove unnecessary import, export Toggle as is

* update session variable in tooltip

* 'x-hasura-use-backend-only-permissions' variable to switch

* update help texts

* update docs

* update docs

* update console help text

* regenerate package-lock

* serve no backend schema when backend_only: false and header set to true

- Few type name refactor as suggested by @0x777

* update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* fix a merge bug where a certain entity didn't get removed

Co-authored-by: Marion Schleifer <marion@hasura.io>
Co-authored-by: Rishichandra Wawhal <rishi@hasura.io>
Co-authored-by: rikinsk <rikin.kachhia@gmail.com>
Co-authored-by: Tirumarai Selvan <tiru@hasura.io>
2020-04-24 14:40:53 +05:30
Antoine Leblanc
5b54f9d766
server: add support for webhook connection expiration (#4196)
* add expiry time to webhook user info

This also adds an optional message to webhook errors: if we fail to
parse an expiry time, we will log a warning with the parse error.

* refactored Auth

This change had one main goal: put in common all expiry time
extraction code between the JWT and WebHook parts of the
code. Furthermore, this change also moves all WebHook specific code to
its own module, similarly to what is done for JWT.

* Remove dependency on string-conversions in favor of text-conversions

string-conversions silently uses UTF8 instead of being explicit about
it, and it uses lenientDecode when decoding ByteStrings when it’s
usually better to reject invalid UTF8 input outright. text-conversions
solves both those problems.

Co-authored-by: Alexis King <lexi.lambda@gmail.com>
2020-04-02 19:00:13 -05:00
Rakesh Emmadi
f80b69e931
few actions' fixes and improvements (fix #3977, #4061 & close #4021) (#4109)
* add 'ID' to default scalars for custom types, fix #4061

* preserve cookie headers from sync action webhook, close #4021

* validate action webhook response to conform to output type, fix #3977

* fix tests, don't run actions' tests on PG version < 10

* update CHANGELOG.md

* no-op refactor, use types from http-network more

Co-authored-by: Vamshi Surabhi <0x777@users.noreply.github.com>
2020-03-20 12:16:45 +05:30
Vamshi Surabhi
c52bfc540d
More robust forking, exception safety. Closes #3768 (#3860)
This is the result of a general audit of how we fork threads, with a
detour into how we're using mutable state especially in websocket
codepaths, making more robust to async exceptions and exceptions
resulting from bugs.

Some highlights:
- use a wrapper around 'immortal' so threads that die due to bugs are
  restarted, and log the error
- use 'withAsync' some places
- use bracket a few places where we might break invariants
- log some codepaths that represent bugs
- export UnstructuredLog for ad hoc logging (the alternative is we
  continue not logging useful stuff)

I had to timebox this. There are a few TODOs I didn't want to address.
And we'll wait until this is merged to attempt #3705 for
Control.Concurrent.Extended
2020-03-05 23:29:26 +05:30
Anon Ray
c6e34baad8
fix parsing JWK expiry time from headers on startup (fix #3655) (#3779) 2020-02-05 12:37:30 +05:30
Brandon Simmons
58ef316118 Add request timings and count histograms to telemetry. Closes #3552
We upload a set of accumulating timers and counters to track service
time for different types of operations, across several dimensions (e.g.
did we hit the plan cache, was a remote involved, etc.)

Also...

Standardize on DiffTime as a standard duration type, and try to use it
consistently.

See discussion here:
https://github.com/hasura/graphql-engine/pull/3584#pullrequestreview-340679369

It should be possible to overwrite that module so the new threadDelay
sticks per the pattern in #3705 blocked on #3558

Rename the Control.Concurrent.Extended.threadDelay to `sleep` since a
naive use with a literal argument would be very bad!

We catch a bug in 'computeTimeDiff'.

Add convenient 'Read' instances to the time unit utility types. Make
'Second' a newtype to support this.
2020-02-03 18:50:10 -06:00
Alexis King
5bd5a548fa
server: Parameterize the graphql-engine library over the version (#3668) 2020-01-22 15:55:55 -06:00
Anon Ray
b81d22f583 fix resolving user info in websocket transport (#3509)
The connection handler in websocket transport was not using the
  'UserAuthentication' interface to resolve user info. Fix resolving
  user info in websocket transport to use the common
  'UserAuthentication' interface
2019-12-10 19:04:49 -06:00
Anon Ray
c9b9ed5055 fix various functions to not create their own logger (#3439) 2019-11-28 14:33:14 +05:30
Anon Ray
490b639981 refactor some internal components (#3414) 2019-11-26 17:44:21 +05:30
Anon Ray
f2f14e727b Merge pull request from GHSA-2j98-fw5g-j43v
* fix bug in audience check while verifying JWT

  - previously the check was converting the audience type into a string
  and then comparing with the conf value. all audience types (as it is a
  string or URI) will convert to plain strings
  - use the Audience type from the jose library for comparing

* add docs for audience

* add issuer check as well

* docs minor syntax fix

* skip audience check if not given in conf

* minor docs update

* qualify import jose library
2019-07-11 09:58:39 +00:00
Anon Ray
8f1e7dbc8d breaking: server logging changes (close #507, close #2171) (#1835) 2019-07-11 05:37:06 +00:00
Anon Ray
81bdfafd69 ignore content-type header in auth webhook (#2197) 2019-05-16 14:41:15 +05:30
Rakesh Emmadi
c6f40df6d5 close websocket connection on JWT expiry (fix #578) (#2156) 2019-05-14 11:54:46 +05:30
Vamshi Surabhi
98405fdc0c
allow x-hasura- req headers for jwt unauth role, closes #1686 (#1689) 2019-03-05 17:54:47 +05:30
Shahidh K Muhammed
097bfb6bfa revert "forward response headers from remote servers (#1664)"
This reverts commit c19fe35f4e.
2019-02-28 17:20:56 +05:30
Anon Ray
c19fe35f4e forward response headers from remote servers (fix #1654) (#1664) 2019-02-28 17:15:07 +05:30
nizar-m
f83a8e591f rename access-key to admin-secret (close #1347) (#1540)
Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret.

Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 15:07:47 +05:30
Anon Ray
4f6462e98f add config for stringified hasura claims in JWT (fix #1176) (#1538) 2019-02-05 17:34:16 +05:30
Rakesh Emmadi
4d9d1505dd improve startup logging, close #1236 (#1258) 2019-01-02 16:54:17 +05:30
Rakesh Emmadi
d4e6ffcae8 revert back to older cli options parser type (#1231) 2018-12-19 17:08:33 +05:30
Rakesh Emmadi
708a29fc89 refactor server cli code, add more cli options & version command (closes #51, #144, #1090, #1195) (#1200) 2018-12-14 08:51:41 +05:30
Vamshi Surabhi
ec8b2c80b5
refactor to remove warnings especially with orphan instances (#1163)
* remove phase one/two distinction and hdbquery typeclass

* move extensions to default-extensions

* switch to LazyTx which only acquires a connection if needed

* move defns from TH module into Ops module

* remove tojson orphan instance for http exception

* remove orphan instance for dmlp1

* getTopLevelNodes will not throw any exceptions
2018-12-13 12:56:15 +05:30
Rakesh Emmadi
3ea20bc4d7 allow authentication webhook with POST (close #1138) (#1147) 2018-12-03 16:49:08 +05:30
Anon Ray
512ee6fb9f adds basic support for remote schemas/schema stitching (#952) 2018-11-23 18:32:46 +05:30
Vamshi Surabhi
58582be644
fix parsing webhook response, closes #890 (#894) 2018-10-28 22:01:24 +05:30
Vamshi Surabhi
8b0082eac1
clean up user variables parsing logic and fix explain api (#869) 2018-10-26 21:27:22 +05:30
Rakesh Emmadi
10d8529d28 allow unauthorized role in accesskey and JWT modes (closes #595) (#856) 2018-10-25 23:46:25 +05:30
Vamshi Surabhi
199531cbd9
http and websocket logs now correctly have user information, closes #849 (#850) 2018-10-25 15:07:57 +05:30
Vamshi Surabhi
ab9692da4d
set all session data in a single paramater, 'hasura.user' (closes #825) 2018-10-24 16:09:47 +05:30
Anon Ray
75090d51b9 jwt config now takes a jwk url (close #465) (#527)
JWT config now takes an optional jwk_url parameter (which points to published JWK Set). This is useful for providers who rotate their JWK Set.

Optional jwk_url parameter is taken. The published JWK set under that URL should be in standard JWK format (tools.ietf.org/html/rfc7517#section-4.8).

If the response contains an Expires header, the JWK set is automatically refreshed.
2018-09-27 16:52:49 +05:30
Anon Ray
b2f88ff28a add support for jwt authorization (close #186) (#255)
The API:
1. HGE has `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var. The value of which is a JSON.

2. The structure of this JSON is: `{"type": "<standard-JWT-algorithms>", "key": "<the-key>"}`
`type` : Standard JWT algos : `HS256`, `RS256`, `RS512` etc. (see jwt.io).
`key`:
  i. Incase of symmetric key, the key as it is.
  ii. Incase of asymmetric keys, only the public key, in a PEM encoded string or as a X509 certificate.

3. The claims in the JWT token must contain the following:
  i. `x-hasura-default-role` field: default role of that user
  ii. `x-hasura-allowed-roles` : A list of allowed roles for the user. The default role is overriden by `x-hasura-role` header.

4. The claims in the JWT token,  can have other `x-hasura-*` fields where their values can only be strings.

5. The JWT tokens are sent as `Authorization: Bearer <token>` headers.

---
To test:
1. Generate a shared secret (for HMAC-SHA256) or RSA key pair.
2. Goto https://jwt.io/ , add the keys
3. Edit the claims to have `x-hasura-role` (mandatory) and other `x-hasura-*` fields. Add permissions related to the claims to test permissions.
4. Start HGE with `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var, which takes a JSON string: `{"type": "HS256", "key": "mylongsharedsecret"}` or `{"type":"RS256", "key": "<PEM-encoded-public-key>"}`
5. Copy the JWT token from jwt.io and use it in the `Authorization: Bearer <token>` header.

---
TODO: Support EC public keys. It is blocked on frasertweedale/hs-jose#61
2018-08-30 16:02:09 +05:30
Vamshi Surabhi
dcde969d66 ignore certain headers from the request when calling the webhook (close #260) (#261) 2018-08-06 19:36:48 +05:30
Rakesh Emmadi
8ef2692eb7 improve logs on webhook errors (closes #238, #242) (#243)
* logging for webhook IO exceptions, fix log request for errors, fix #238

* log status code and response in case of any error for webhook
2018-08-03 14:13:35 +05:30
Anon Ray
62b7b800c5 check for updates every 24 hrs in background (fix #204) (#209) 2018-07-27 15:04:50 +05:30
Vamshi Surabhi
e3f960da96 initial support for livequeries (#176)
fix #59
2018-07-20 12:52:46 +05:30