v1.0.0-alpha39

Changelog

🚨 🚨 Breaking change 🚨 🚨

Prior to this release, the server stringified certain Postgres numeric types like bigint. Starting with this release, server will only stringify these types if --stringify-numeric-types flag or the env var HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES is set. Specifically bigint, numeric, decimal and double precision as they don't fit into the IEEE-754 spec for JSON encoding-decoding. If you depend on the stringification of these types, please enable this flag while upgrading. (fix #1523) (#1662)

🎁 🎁 New features 🎁 🎁

• Server now allows renaming tables, columns through the run_sql API and relationships through rename_relationship API. Console now has option on the corresponding screen to do the renames. (close #79) (#1542)
• A new flag/env var (--enabled-apis, HASURA_GRAPHQL_ENABLED_APIS) is added to enable/disable certain APIs. This is particularly useful for production deployment scenarios where there is a requirement to disable the metadata APIs. Default is metadata,graphql where both APIs are enabled. (close #1088) (#1650)
• Cookies are now read while establishing a websocket connection. Note that if CORS is disabled server will NOT read the cookie and a special flag (--ws-read-cookie, HASURA_GRAPHQL_WS_READ_COOKIE) should be set to force server to read the cookie. Care should be taken to handle CORS elsewhere if you're forcing the behaviour. Otherwise this is vulnerable for cross-site scripting type attacks.. (fix #1660) (#1668)

Bug fixes

• Server now enforces the column presets of update permissions on upsert mutations. (fix #1647) (#1653)
• Bug fixes and new updates on console permissions screen. (close #1503, #1529, #1567, #1470) (#1605) (#1658)
• Events and Remote schema tabs are now independent of update checker API, they appear as soon as the app is loaded. (#1604)
• Ace editor cursor now matches with the text. (#1620)
• Fixes a bug that caused event trigger definitions to break when columns are added/removed/renamed on a table. (close #1629) (#1673)
• Server now generates Scalar types for SQL function arguments. (fix #1632) (#1633)

Other changes

• server: remove grep from server makefile (#1614)
• server: refactor event processing logic (#1639)
• server: forward response headers from remote servers (fix #1654) (#1664)
• server: revert "forward response headers from remote servers (#1664)"
• server: update event triggers on rename operations (#1684)
• console: fix console hot reloading and upgrade to babel 7 (#1618)
• console: update console unable to connect to server msg (#1625)
• console: handle empty header key in console APIExplorer (#1641)
• console: make button texts consistent across event trigger and remote schemas (close #1634) (#1666)
• console: fix console sidebar links highlighting (#1657)
• console: refactor console code, update react to 16.8.2 (close #1467) (#1608)
• console: update console browse rows section (close #1622) (#1642)

38th alpha release for v1.0.0

Changelog

🎁 🎁 New Features 🎁 🎁

• ACCESS_KEY is now renamed to ADMIN_SECRET. This will not break existing applications/servers as access key is just marked as deprecated, not removed. This change will make it clear that it should not be stored on the client side. (close #1347) (#1540)
• Column presets are now supported in update mutations (closes #1449, closes #1464) (#1473)
• Server now supports specifying the JWT claims in stringified JSON format. This particularly addresses issues with AWS Cognito where the claims can only be string: string key-value pairs. Congnito can now be integrated by setting "claims_format": "stringified_json" in the JWT config. (See #1176 for more details) (#1538)
• Multiple domains are now supported in CORS config; set comma separated domains' list as flag or env var. (close #1436) (#1536)
• Adds delivery info (like the number of retries left and the current retry number) to event trigger payload. (close #1476) (#1517)
• Response timeout is now configurable for event trigger HTTP calls. (close #1477) (#1501)

🐛 🐛 Bug Fixes 🐛 🐛

• Improves the error message shown when no operation specs are provided during event trigger creation. (close #998) (#1541)
• Server will not allow altering a tracked SQL function type to VOLATILE. (fix #1546) (#1547)
• Server will not allow overloading already tracked functions. (#1563)
• Console will not strip x-hasura-access-key from headers for explain/analyze query (closes #1533) (#1534)
• Multiple UI bug fixes on console. (close #1548, #1549) (#1552) (#1562) (close #1561) (#1566) (#1578) (#1518)

Other changes

• server: Update CONTRIBUTING.md
• cli: update help text for console command (close #1507) (#1508)
• cli: add update-cli command to cli (close #1239) (#1251)
• cli: added a cli flag to skip update checks (close #1586) (#1600)
• cli: add new install script, commands (#1556)
• console: add note for env var usage in webhook, remote schema urls. Shout-out to @gopal-virtual for this PR. (fix #970) (#1384)
• console: sort table names alphabetically when creating new triggers. Shout-out to @pthm for this PR. (#1194)

37th alpha release for v1.0.0 - bugfix

Changelog

• Fixes a bug that caused alpha36 upgrades to fail: hdb_views should always be cleared before building schema cache (#1513)
• console: remove the usage of spread operator in setState (#1490)

For new features and other changes, see changelog for v1.0.0-alpha36.

36th alpha release for v1.0.0

Changelog

🚨 🚨 We have identified issues with the upgrade to this release if there are insert permissions defined. We are investigating the issue.
The bug is now fixed in v1.0.0-alpha37. Please skip this version and upgrade to the latest version instead.

🎁 New Features 🎁

• PostgreSQL functions that return tablesets can now be queried via GraphQL (close #333) (#1073).
  Example - Building a search function for articles:

  • Create a function from SQL window on console and track it:

    CREATE FUNCTION search_articles(keyword TEXT)
        RETURNS SETOF article AS $$
            SELECT *
            FROM article
            WHERE
            title ILIKE ('%' || keyword || '%') or
            content ILIKE ('%' || keyword || '%')
        $$ LANGUAGE SQL STABLE;

  • GraphQL Engine generates the following query type:

    search_articles (
      args: search_articles_args! 
      where: artcle_bool_exp
      order_by: [article_order_by!] 
      limit: Int
      offset: Int
    ): [article!]! 
    
    input search_article_args {
      keyword: String!
    }

  • Now, search through articles via GraphQL:

    query searchArticles {
      search_articles(
        args: {keyword: "Hasura"}
      ){
        id
        title
        content
        author_id
      }
    }

• Event trigger payload now contains session_variables which has all the x-hasura-* variables present in the context of the event. (close #1328) (#1458)

• Remote schemas now supports default values for input types. (close #1491) (#1493)

• Union and Interface types are now supported in Remote Schema. (close #1276) (#1361)

• JSONB and PostGIS operators are now supported in permissions, console changes are pending. (track #1503) (#1461)

• While creating a relationship, console now auto-fills a generated name. (closes #1095) (#1437)

• Analyze SQL on the console now works for all roles. (close #1457) (#1459)

• Simplifies SQL generation for _eq and _neq operators in GraphQL API (#1466)

• Adds anonymous telemetry data collection to server, cli and console. The data collected is minimal, statistical in nature and cannot be used to uniquely identify a user. To understand what data is collected and for instructions to opt-out, head to docs. (#1401)

🐛 Bug Fixes 🐛

• Fixes a bug that caused values to be set as NULL if they were not passed in the variables for _set update operator. (close #1448) (#1475)
• Remote schemas can now handle scalars separately from Hasura scalars. This finally enables merging multiple Hasura schemas under one Hasura instance. (fix #1244) (#1497)
• Fixes a bug on server that caused un-tracking tables to fail in certain cases where there are relationships defined on it. (close #1441) (#1442)
• Fixes a bug that caused console to create incorrect down migration for delete_event_trigger action. (close #1390) (#1391)
• Fixes a console bug that caused modifying event trigger options to fail. (#1465)

Other changes

• modify contributing guides for docs, cli, server console and community (#1427) (close #1370) (#1414) (#1412)
• server: test jwt with invalid signtaure and expired token (#1492)
• console: reuse buttons across console for uniformity (#1400)
• console: console ui fixes (#1455)
• console: change json field placeholder from 'asdf' to 'bar' (close #1260) (#1261)

35th alpha release for v1.0.0

Changelog

New features

• Hasura now supports PostGIS topology operators in the GraphQL boolean expression itself.
  Example - Fetch a list of geometry values which are within the given polygon value using ST_within:

  query geom_table($polygon: geometry){
    geom_table(where: {geom_col: {_st_within: $polygon}}){
      id geom_col
    }
  }

  Where $polygon is:

  {
    "polygon": {
      "type": "Polygon",
      "coordinates": [
        [[0,0],[0,2],[2,2],[2,0],[0,0]]
      ]
    }
  }

  See docs for more details. (closes #1051) (#1372)
• Adds a new flag --server-host and env var HASURA_GRAPHQL_SERVER_HOST tp specify the host address the server should bind to. Huge shoutout 📣 to @nathanstitt for submitting this PR. (#1280)
• Introduces new optimisation in the run_sql query type, which will result in better performance for non-schema modifying queries (like insert/select/update/delete etc.). (close #1362) (#1406)

Bug fixes

• Fixes a typo in the error message shown when pgcrypto extension is not available. (fix #1322) (#1331)
• Server now accept null (null) and empty arrays ([]) for relationship values and object values during insert. (closes #1352) (#1360)
• Fixes a console redirect bug that occurs when the schema is changes. (#1389)
• Console now creates correct down migrations for permission actions. (close #1366) (#1376)
• Fixes a bug that caused incorrect array relationships to show up as suggested when there are circular foreign keys. (close #1296) (#1306)

Other changes

• Adds a new flag --use-prepared-statements <bool> and env var HASURA_GRAPHQL_USE_PREPARED_STATEMENTS to disable using prepared statements while executing SQL on the database. It is enabled by default. (close #1392) (#1396)
• Schema selection drop down on the console is moved to the top on the left sidebar. (close #1092) (#1118)
• Console now redirects to login page only if access-denied response happens. (close #1364) (#1363)
• Fixes a bug that caused incorrect delivered time to appear on the event trigger logs in console. (close #1309) (#1312)
• console: add css property to completely show column values (close #1246) (#1337)
• Fixes various console bugs. (close #1303) (close #1049) (close #1282) (#1330) (close #1307) (close #1308) (close #1332) (#1336)

34th alpha release for v1.0.0

Changelog

New features

• Headers in the GraphiQL tab are now persisted in localstorage (close #275) (#1262)
• Server can now be hosted on a subpath using a reverse proxy without breaking any console redirects. E.g. /somepath/console (#1228)
• Alter column type in modify table page now shows only compatible types. (close #544) (#1174)

Bug fixes

• Server now generates aggregate order_by types only if relevant columns are present. This fixes a bug that caused schema introspection to fail in certain cases. (closes #1243) (#1248)
• Auth hook mode (--auth-hook-mode) environment variable was fixed to be HASURA_GRAPHQL_AUTH_HOOK_MODE as indicated in docs, instead of HASURA_GRAPHQL_AUTH_HOOK_TYPE. Support for TYPE will be dropped in the next release. (fix #1270) (#1285)
• Fixed a bug that caused detection of primary key to fail for certain tables where the Hasura user is not the owner. (close #1269) (#1300)
• CLI now displays proper error messages when an invalid migration file is present. (fix #1224) (#1238)
• Fixes a bug that caused untracking to fail when a table with no columns is dropped from SQL window. (close #1255) (#1256)

Other changes

• server: serve local console on development builds (#1252)
• server: improve startup log messages (close #1236) (#1258)
• server: update constraint enum types when a new constraint is added (#1287)
• console: add a section title to add column in modify tab (fix #1096) (#1245)
• console: ui improvements on event trigger update columns (close #1257) (#1259)
• console: highlight actionable buttons when its on focus (close #1294)
• console: display table name for manual array relationship from view to table (fix #1292) (#1293)

33rd alpha release for v1.0.0 - bugfix

Changelog

Please make sure you go through the 🚨 breaking changes 🚨 introduced in v1.0.0-alpha32 if you're upgrading from a version below that.

The primary objective of this release is to fix a bug that was introduced on alpha32. GraphQL Engine server command line flags can now be used in any order. (#1231)

Also fixes a bug that caused resetting metadata to fail when event triggers are present. (close #1232) (#1233)

We have also added an optimisation that improves startup times for the server, by optimizing the initial number of queries made to the database. (#1235)

32nd alpha release for v1.0.0

Changelog

⚠️ 🐛 A recent refactor in the way how command line flags are parsed casued a bug in which the flags have become positional. Please hold off on updating to this release if you're using flags. Environment variables continue to work.

This bug is now fixed in v1.0.0-alpha33. Please ignore this version and update to the latest.

🚨 Breaking changes 🚨

Please read the changelog carefully before upgrading to this release

1. If you are using the upsert feature (on_conflict argument in inserts), this release will most likely break your mutations.
   The changes were necessary to make graphql-engine's permissions as close to Postgres's RLS as possible so that we do not inadvertently introduce any security bugs.

   1. Previously graphql-engine allowed upsert behavior with an option called Allow Upsert in the insert permissions. From now on,
      upsert (on_conflict argument) is allowed only if update permissions are defined on the table. graphql-engine will then enforce these conditions:
      1. Only the columns that are specified in update permissions are allowed with update_columns.
      2. Only the rows that match the update permissions' filter are allowed to be updated.
   2. We've also removed the deprecated action field from on_conflict
   3. update_columns is now mandatory in on_conflict.

2. The structure of errors has changed and conforms to the current GraphQL spec. These are potentially breaking changes.

   The previous error structure looked like this:

   {
     "errors": [
       {
         "path": "$.selectionSet.author.args.order_by[0].articles_aggregate.cout",
         "code": "validation-failed",
         "message": "field \"cout\" not found in type: 'article_aggregate_order_by'"
       }
     ] 
   }

   The current error structure looks like this:

   {
     "errors": [
       {
         "extensions": {
           "path": "$.selectionSet.author.args.order_by[0].articles_aggregate.cout",
           "code": "validation-failed"
         },
         "message": "field \"cout\" not found in type: 'article_aggregate_order_by'"
       }
     ]
   }

3. Previously graphql-engine allowed any number of top level fields in subscriptions, this is now restricted to one as per the spec. This will
   help us with the optimisations that are planned for the next release.

🎁 New features 🎁

• Authentication webhook can now be triggered with POST requests. Set HASURA_AUTH_HOOK_MODE=POST and server now sends incoming headers as JSON POST body to the webhook. (close #1138) (#1147)
• GraphQL input objects and arrays are now parsed as scalar values. This means that non-native GraphQL types (e.g. json, jsonb etc.) can now be passed in the query itself. Earlier these had to passed separatly in variables. (close #1132) (#1137)
• Conflicting GraphQL types from remote schemas are merged into one type if they have same structure. This enables adding other Hasura GraphQL Engine schemas as remote schemas. (closes #1112, #1135) (#1145)
• order_by can now refer to aggregates on related columns. For example, order authors based on the number of their articles: (close #1039) (#1042)

  {
    author (order_by: {articles_aggregate: { count: desc }}) {
      id
      name
    }
  }

• CLI now shows better error messages (including filenames) if there are errors in applying migrations. (close #1136) (#1143)
• Console now shows column types next to names while setting update columns on event triggers. Shoutout to @pthm who proposed and worked on this PR 🙏. (#1188)
• Console can now be used to update event triggers. (close #489) (#1124)

🐛 🚫 Bug fixes 🚫 🐛

• The JWT library jose is updated to fixe a bug that threw a cryptic error when x5t is present in claims. (closes #983) (#1202)
• Fixes a bug that caused old trigger functions to remain while updating the event trigger. (#1214)
• CLI now handles duplicate migration versions gracefully and throws better error messages. (close #1148) (#1157)
• Fixes a bug in console that caused numbers to get stripped off while auto-generating relationship names. (close #1139) (#1144)
• Console now handles cross-schema references in permissions builder gracefully. (close #1127, #1152) (#1158)

Other changes

• server: refactor to remove warnings especially with orphan instances (#1163)
• server: refactor server cli code, add more cli options & version command (closes #51, #144, #1090, #1195) (#1200)
• server: add consolePath in console.html template (#1222)
• console: console semver check fix for non-tag versions (#1134)
• console: export console remote schemas (#1165)
• console: fix preloader refresh on events page (close #1000) (#1153)
• console: show response status code in event trigger events tab (close #1022) (#1203)
• console: permissions ui improvments (close #1068) (#1205)
• console: optimise the on-load queries on console using bulk api (close #1191) (#1196)

31st alpha release for v1.0.0 - bugfix

Changelog

This is a bug fix release.

Fixes

• Use Postgres IN expression for _in operator (fix #1109) (#1111)
• Metadata is backwards compatible for remote schemas (fix #1120) (#1121)
• Handles null values for input arguments (fix #1113) (#1123)

Other changes

• server: test: implement internal graphql server for remote schema tests (#1117)
• server: remove dependency on 'first' aggregate, closes #1085 (#1089)
• console: update notes in the sql section (close #1093) (#1116)
• console: console semver fix for commits on master branch (#1131)

30th alpha release for v1.0.0

Known Issues

There is a bug in this release which causes applying metadata (exported from a previous version) to fail. A workaround is to add remote_schemas: [] as a top-level key in the meatadata.yaml file.

A fix (#1121) is already in the works and we should be releasing it by Wednesday.

Changelog

There is a minor breaking change so please read carefully before upgrading to v1.0.0-alpha30.

Breaking change

The behavior of desc in order_by clause is now changed to DESC NULLS FIRST from DESC NULLS LAST. This was needed as Postgres cannot use a btree index on the ordering column with DESC NULLS LAST resulting in bad performance. After the change, the behavior is similar to that o Postgres when you specify ORDER BY column DESC.

This will only affect you if you are using desc in an order_by clause with a column which is nullable. If you want the previous behavior, you can force it by {order_by: {column: desc_nulls_last}.

Features

1. Postgres's DISTINCT ON feature is now supported in queries with a new argument distinct_on. You can find an example here: https://docs.hasura.io/1.0/graphql/manual/queries/distinct-queries.html and Postgres's docs here: https://www.postgresql.org/docs/11/sql-select.html#SQL-DISTINCT.

2. We have added experimental support for remote schemas/schema stitching in graphql-engine. If you currently have your own graphql server which schema stitches with hasura, we do not recommend you to use this feature yet as it has these limitations:

• Type names and top level field names need to be unique across all merged schemas.
• Top level fields from different GraphQL servers cannot be used in the same query/mutation. All top-level fields have to be from the same GraphQL server.
• Subscriptions on remote GraphQL server are not supported.
• Interfaces and unions are not supported - if a remote schema has interfaces/errors, an error will be thrown if you try to merge it.

These limitations will be addressed over the course of next few releases.

Fixes

1. The new SQL generation logic for _in introduced in alpha29 couldn't handle empty arrays for input. This is now fixed.
2. Previously the server docker image had ENV HASURA_GRAPHQL_ENABLE_CONSOLE=true by default. This has been removed in this release, which means that console will not be enabled unless this env var is added or the --enable-console is used.

Commit history

• server: handle empty array for _in and _nin operators, fix #1075 (#1076)
• server: change descending ordering to nulls first (fix #1008) (#1009)
• server: support Postgres's DISTINCT ON (close #1040) (#1099)
• server: update server dockerfile, install manifests and docs (#1097)
• server: cli: console: adds basic support for remote schemas/schema stitching (#952)