这是indexloc提供的服务,不要输入任何密码
Skip to content

support allow-list for graphql queries (closes #989) #2075

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 78 commits into from
May 16, 2019
Merged

support allow-list for graphql queries (closes #989) #2075

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
78 commits
Select commit Hold shift + click to select a range
e839d78
[wip] support whitelisting queries
rakeshkky Apr 26, 2019
ae6dc77
add/remove queries to collections & minor refactor
rakeshkky Apr 26, 2019
5ae3a52
add tests for whitelisting queries
rakeshkky Apr 26, 2019
409f262
Merge branch 'master' into issue-989-query-whitelisting
rikinsk Apr 26, 2019
2a19895
restructure metadata section files
rikinsk Apr 26, 2019
e155109
add reference documentation for whitelist queries metadata api
rakeshkky Apr 26, 2019
a0aa981
fix ci tests for whitelisted queries
rakeshkky Apr 26, 2019
86ec4bf
Merge branch 'master' into issue-989-query-whitelisting
rakeshkky May 2, 2019
b37ba02
define toJSON instance to graphql executable document using printer
rakeshkky May 2, 2019
fa43d0c
query whitelist UI WIP
rikinsk May 2, 2019
af50e9b
fix editor styling
rikinsk May 2, 2019
b3df66f
whitelist wuery editor
rikinsk May 2, 2019
4d91181
Merge branch 'issue-989-query-whitelisting' of github.com:rakeshkky/g…
rikinsk May 2, 2019
5b82a76
Merge branch 'master' into issue-989-query-whitelisting
rikinsk May 3, 2019
46ae889
point graphql parser library to latest commit on master
rakeshkky May 3, 2019
03afabc
add query name inputs
rikinsk May 3, 2019
157e593
update docs
rikinsk May 3, 2019
6be98d3
Merge branch 'issue-989-query-whitelisting' of github.com:rakeshkky/g…
rikinsk May 3, 2019
6b6f452
update docs
rikinsk May 3, 2019
f51ab7b
set query whitelisting local state
rikinsk May 3, 2019
2edbc26
fix editor buttons margin
rikinsk May 3, 2019
bca68a3
update sidebar
rikinsk May 3, 2019
7dd3249
update
rikinsk May 3, 2019
712b64b
Merge branch 'master' into issue-989-query-whitelisting
rakeshkky May 6, 2019
8ecd161
refactor internal code names in server and server tests
rakeshkky May 6, 2019
95c097d
Merge branch 'issue-989-query-whitelisting' of github.com:rakeshkky/g…
rakeshkky May 6, 2019
2f66dde
update
rikinsk May 6, 2019
d914e14
fix cli migrate tests
rikinsk May 6, 2019
e49ddd7
Merge branch 'issue-989-query-whitelisting' of github.com:rakeshkky/g…
rikinsk May 6, 2019
b8f9847
Merge branch 'master' into issue-989-query-whitelisting
rikinsk May 6, 2019
2fbd789
Merge branch 'master' into issue-989-query-whitelisting
rakeshkky May 8, 2019
e9dbaac
Merge branch 'issue-989-query-whitelisting' of github.com:rakeshkky/g…
rakeshkky May 8, 2019
1808581
Merge branch 'master' into issue-989-query-whitelisting
rakeshkky May 9, 2019
2c6f12c
integrate allow-list apis
rikinsk May 9, 2019
07b817a
Merge branch 'issue-989-query-whitelisting' of github.com:rakeshkky/g…
rikinsk May 9, 2019
6cd3291
update add allowed query ui
rikinsk May 9, 2019
a0d31dc
Merge branch 'master' into issue-989-query-whitelisting
rikinsk May 9, 2019
9c4ae8b
Merge branch 'issue-989-query-whitelisting' of github.com:rakeshkky/g…
rakeshkky May 9, 2019
05e312a
add allowlist metadata api
rakeshkky May 9, 2019
52c483e
update metadata api reference docs with allowlist apis
rakeshkky May 9, 2019
e3a8fcc
fix cli test
arvi3411301 May 10, 2019
cadecd2
do not enforce allowlist on admin role
rakeshkky May 10, 2019
63b78f9
use add to allowlist api
rikinsk May 10, 2019
606aef1
bug fix
rikinsk May 10, 2019
93a78cc
ask confirmation before delete allowed-query
rikinsk May 10, 2019
1e0c4f7
Merge branch 'master' into issue-989-query-whitelisting
rikinsk May 10, 2019
6d099ee
Merge branch 'master' into issue-989-query-whitelisting
rikinsk May 10, 2019
8c8b425
update width
rikinsk May 10, 2019
9aa5513
Merge branch 'issue-989-query-whitelisting' of github.com:rakeshkky/g…
rikinsk May 10, 2019
16e6d31
update text:
rikinsk May 10, 2019
9e7f0e9
update allowlist test cases to support /v1/graphql
rakeshkky May 11, 2019
2f1621e
added file upload
rikinsk May 11, 2019
b736fa7
Merge branch 'issue-989-query-whitelisting' of github.com:rakeshkky/g…
rikinsk May 11, 2019
656b0ea
remove json instances to graphql exec doc & use instances defined in …
rakeshkky May 13, 2019
89819aa
refactor logic of checking an allowed query for better readability
rakeshkky May 13, 2019
de60cd8
Merge branch 'master' into issue-989-query-whitelisting
rakeshkky May 13, 2019
8989f82
accept single collection name in allowlist metadata API
rakeshkky May 13, 2019
dfd0536
stripeOffTypeNames -> stripTypenames
rakeshkky May 13, 2019
68f0f64
check if collection present in allowlist before dropping
rakeshkky May 13, 2019
e219f8f
fix migrate
rakeshkky May 13, 2019
fbdd414
Merge branch 'master' into issue-989-query-whitelisting
rakeshkky May 13, 2019
704d145
Merge branch 'master' into issue-989-query-whitelisting
0x777 May 14, 2019
7f2c383
add cascade field to drop_query_collection metadata api
rakeshkky May 14, 2019
a80e5b9
add manual docs for allow-list
dsandip May 14, 2019
1999cfa
docs update
rikinsk May 14, 2019
0e5495d
docs update
rikinsk May 14, 2019
a43a712
track only hash set of allow queries in schema cache
rakeshkky May 14, 2019
21cb61f
Merge branch 'master' into issue-989-query-whitelisting
rakeshkky May 14, 2019
9e53044
Merge branch 'issue-989-query-whitelisting' of github.com:rakeshkky/g…
rakeshkky May 14, 2019
3b5cb1e
use cascade to drop allow-list
rikinsk May 15, 2019
4e0f3ad
handle queries with fragments
rikinsk May 15, 2019
6f10956
save unparsed GraphQL query in database
rakeshkky May 15, 2019
33ea522
Merge branch 'master' into issue-989-query-whitelisting
0x777 May 15, 2019
e3a7751
Merge branch 'master' into issue-989-query-whitelisting
0x777 May 15, 2019
4c72507
Merge branch 'master' into issue-989-query-whitelisting
shahidhk May 16, 2019
a8b7708
add docs link
rikinsk May 16, 2019
9d6b4c6
fix link
rikinsk May 16, 2019
5c013ff
fix text
rikinsk May 16, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions .circleci/test-server.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -432,6 +432,33 @@ if [ "$RUN_WEBHOOK_TESTS" == "true" ] ; then

fi

# allowlist queries test
unset HASURA_GRAPHQL_AUTH_HOOK
unset HASURA_GRAPHQL_AUTH_HOOK_MODE
unset HASURA_GRAPHQL_JWT_SECRET
unset HASURA_GRAPHQL_ENABLE_ALLOWLIST

echo -e "\n$(time_elapsed): <########## TEST GRAPHQL-ENGINE WITH ALLOWLIST QUERIES ########> \n"
export HASURA_GRAPHQL_ENABLE_ALLOWLIST=true
TEST_TYPE="allowlist-queries"

run_hge_with_args serve
wait_for_port 8080

pytest -n 1 -vv --hge-urls "$HGE_URL" --pg-urls "$HASURA_GRAPHQL_DATABASE_URL" --hge-key="$HASURA_GRAPHQL_ADMIN_SECRET" --test-allowlist-queries test_allowlist_queries.py

kill_hge_servers
unset HASURA_GRAPHQL_ENABLE_ALLOWLIST

run_hge_with_args serve --enable-allowlist
wait_for_port 8080

pytest -n 1 -vv --hge-urls "$HGE_URL" --pg-urls "$HASURA_GRAPHQL_DATABASE_URL" --hge-key="$HASURA_GRAPHQL_ADMIN_SECRET" --test-allowlist-queries test_allowlist_queries.py

kill_hge_servers

# end allowlist queries test

# horizontal scale test
unset HASURA_GRAPHQL_AUTH_HOOK
unset HASURA_GRAPHQL_AUTH_HOOK_MODE
Expand Down
55 changes: 50 additions & 5 deletions cli/commands/migrate_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,11 @@ import (
"path/filepath"
"testing"

"github.com/Masterminds/semver"

"github.com/hasura/graphql-engine/cli/migrate"
mt "github.com/hasura/graphql-engine/cli/migrate/testing"
"github.com/hasura/graphql-engine/cli/version"
_ "github.com/lib/pq"
"github.com/parnurzeal/gorequest"
"github.com/stretchr/testify/assert"
Expand All @@ -27,7 +30,7 @@ var ravenVersions = []mt.Version{
{Image: "hasura/graphql-engine:190d78e", Cmd: []string{"raven", "serve", "--database-url"}, ExposedPort: 8080},
}

var testMetadata = map[string][]byte{
var testMetadataPrev = map[string][]byte{
"metadata": []byte(`functions: []
query_templates: []
remote_schemas: []
Expand All @@ -48,6 +51,31 @@ tables: []
`),
}

var testMetadataCurrent = map[string][]byte{
"metadata": []byte(`allowlist: []
functions: []
query_collections: []
query_templates: []
remote_schemas: []
tables:
- array_relationships: []
delete_permissions: []
event_triggers: []
insert_permissions: []
object_relationships: []
select_permissions: []
table: test
update_permissions: []
`),
"empty-metadata": []byte(`allowlist: []
functions: []
query_collections: []
query_templates: []
remote_schemas: []
tables: []
`),
}

func isReadyPostgres(i mt.Instance) bool {
db, err := sql.Open("postgres", fmt.Sprintf("postgres://postgres@%v:%v/postgres?sslmode=disable", i.Host(), i.Port()))
if err != nil {
Expand Down Expand Up @@ -119,6 +147,13 @@ func TestMigrateCmd(t *testing.T) {
}

func testMigrate(t *testing.T, endpoint *url.URL, migrationsDir string) {
versionCtx := version.New()
v, err := version.FetchServerVersion(endpoint.String())
if err != nil {
t.Fatal(err)
}
versionCtx.SetServerVersion(v)

metadataFile := filepath.Join(migrationsDir, "metadata.yaml")
// Create 1_create_table_test.up.sql which creates table test
mustWriteFile(t, migrationsDir, "1_create_table_test.up.sql", `CREATE TABLE "test"("id" serial NOT NULL, PRIMARY KEY ("id") )`)
Expand Down Expand Up @@ -208,15 +243,15 @@ func testMigrate(t *testing.T, endpoint *url.URL, migrationsDir string) {
testMigrateApply(t, endpoint, migrationsDir, "", "", "", "")

testMetadataExport(t, metadataFile, endpoint)
compareMetadata(t, metadataFile, testMetadata["metadata"])
compareMetadata(t, metadataFile, "metadata", versionCtx.ServerSemver)

testMetadataApply(t, metadataFile, endpoint)
testMetadataExport(t, metadataFile, endpoint)
compareMetadata(t, metadataFile, testMetadata["metadata"])
compareMetadata(t, metadataFile, "metadata", versionCtx.ServerSemver)

testMetadataReset(t, metadataFile, endpoint)
testMetadataExport(t, metadataFile, endpoint)
compareMetadata(t, metadataFile, testMetadata["empty-metadata"])
compareMetadata(t, metadataFile, "empty-metadata", versionCtx.ServerSemver)
}

func mustWriteFile(t testing.TB, dir, file string, body string) {
Expand All @@ -225,7 +260,17 @@ func mustWriteFile(t testing.TB, dir, file string, body string) {
}
}

func compareMetadata(t testing.TB, metadataFile string, actualData []byte) {
func compareMetadata(t testing.TB, metadataFile string, actualType string, serverVersion *semver.Version) {
var actualData []byte
c, err := semver.NewConstraint("<= 1.0.0-alpha45")
if err != nil {
t.Fatal(err)
}
if serverVersion == nil || !c.Check(serverVersion) {
actualData = testMetadataCurrent[actualType]
} else {
actualData = testMetadataPrev[actualType]
}
data, err := ioutil.ReadFile(metadataFile)
if err != nil {
t.Fatalf("error reading metadata %s", err)
Expand Down
6 changes: 3 additions & 3 deletions console/package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion console/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@
"deep-equal": "^1.0.1",
"graphiql": "^0.11.11",
"graphiql-explorer-hasura": "0.0.7",
"graphql": "^14.0.2",
"graphql": "^14.3.0",
"hasura-console-graphiql": "0.0.10",
"history": "^3.0.0",
"hoist-non-react-statics": "^1.0.3",
Expand Down
24 changes: 4 additions & 20 deletions console/src/components/Common/CollapsibleToggle/CollapsibleToggle.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ class CollapsibleToggle extends React.Component {
let _title;

if (useDefaultTitleStyle) {
_title = <div className={styles.collapsibleTitle}>{title}</div>;
_title = <div className={styles.defaultCollapsibleTitle}>{title}</div>;
} else {
_title = title;
}
Expand All @@ -52,23 +52,7 @@ class CollapsibleToggle extends React.Component {
};

const getChildren = () => {
let _children;

if (isOpen) {
_children = <div className={styles.collapsibleContent}>{children}</div>;
}

return _children;
};

const getIndicatorType = () => {
let _indicatorStateStyle;

if (isOpen) {
_indicatorStateStyle = styles.collapsibleIndicatorOpen;
}

return _indicatorStateStyle;
return <div className={styles.collapsibleContent}>{children}</div>;
};

return (
Expand All @@ -82,14 +66,14 @@ class CollapsibleToggle extends React.Component {
<i
className={`fa fa-chevron-right ${
styles.collapsibleIndicator
} ${getIndicatorType()}`}
} ${isOpen && styles.collapsibleIndicatorOpen}`}
/>
</span>

<span className={styles.titleWrapper}>{getTitle()}</span>
</div>

{getChildren()}
{isOpen && getChildren()}
</div>
);
}
Expand Down
2 changes: 1 addition & 1 deletion console/src/components/Common/CollapsibleToggle/CollapsibleToggle.scss
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
display: inline-block;
}

.collapsibleTitle {
.defaultCollapsibleTitle {
color: #788095;
font-weight: bold;
font-size: 14px;
Expand Down
16 changes: 9 additions & 7 deletions console/src/components/Common/Common.scss
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -574,10 +574,6 @@ code {
padding-bottom: 10px !important;
}

.ul_padd_left {
-webkit-padding-start: 15px;
}

.add_pad_bottom {
padding-bottom: 20px;
}
Expand All @@ -590,16 +586,22 @@ code {
padding-right: 15px;
}

.padd_top {
padding-top: 20px !important;
}


.clear_fix {
clear: both;
}

.remove_ul_left {
.ul_left_small {
-webkit-padding-start: 15px;
}

.padd_top {
padding-top: 20px !important;
.subsection {
padding-left: 15px;
padding-right: 15px;
}

.disabled {
Expand Down
6 changes: 3 additions & 3 deletions console/src/components/Common/Layout/ExpandableEditor/Editor.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ class Editor extends React.Component {
data-test={`${service}-${property}-save`}
disabled={isProcessing}
>
Save
{this.props.saveButtonText || 'Save'}
</Button>
);
};
Expand All @@ -82,7 +82,7 @@ class Editor extends React.Component {
data-test={`${service}-${property}-remove`}
disabled={isProcessing}
>
Remove
{this.props.removeButtonText || 'Remove'}
</Button>
);
};
Expand Down Expand Up @@ -139,7 +139,7 @@ class Editor extends React.Component {
{editorLabel}
</div>
{editorContent}
{actionButtons}
<div className={styles.add_mar_top_small}>{actionButtons}</div>
</div>
);
}
Expand Down
4 changes: 0 additions & 4 deletions console/src/components/Common/TableCommon/Table.scss
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,10 +144,6 @@ a.expanded {
display: inline-block;
}

.remove_ul_left {

}

.select {
display: inline-block;
width: 300px;
Expand Down
3 changes: 1 addition & 2 deletions ...s/Services/EventTrigger/Modify/Tooltip.js → .../src/components/Common/Tooltip/Tooltip.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
import React from 'react';
import OverlayTrigger from 'react-bootstrap/lib/OverlayTrigger';
import Tooltip from 'react-bootstrap/lib/Tooltip';

const styles = require('./ModifyEvent.scss');
import styles from './Tooltip.scss';

const tooltipGen = message => {
return <Tooltip id={message}>{message}</Tooltip>;
Expand Down
3 changes: 3 additions & 0 deletions console/src/components/Common/Tooltip/Tooltip.scss
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
.tooltipIcon{
margin-left: 5px;
}
2 changes: 1 addition & 1 deletion console/src/components/Services/CustomResolver/Edit/View.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import { push } from 'react-router-redux';
import { fetchResolver, RESET } from '../Add/addResolverReducer';

import { VIEW_RESOLVER } from '../customActions';
import ReloadMetadata from '../../Metadata/ReloadMetadata';
import ReloadMetadata from '../../Metadata/MetadataOptions/ReloadMetadata';

import { appPrefix } from '../constants';

Expand Down
2 changes: 1 addition & 1 deletion console/src/components/Services/Data/Migrations/MigrationsHome.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ const MigrationsHome = ({ dispatch, migrationMode }) => {
</div>
<div className={styles.add_mar_top}>
<b>Note</b>
<ul className={styles.remove_ul_left + ' ' + styles.add_mar_top_small}>
<ul className={styles.ul_left_small + ' ' + styles.add_mar_top_small}>
<li>
Recommend that you turn this off if you're working with an existing
app or database.
Expand Down
2 changes: 1 addition & 1 deletion console/src/components/Services/EventTrigger/Add/Operations.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ const Operations = ({
</OverlayTrigger>
&nbsp;&nbsp;
<a
href="https://docs.hasura.io/graphql/manual/event-triggers/invoke-trigger-console.html"
href="https://docs.hasura.io/1.0/graphql/manual/event-triggers/invoke-trigger-console.html"
target="_blank"
rel="noopener noreferrer"
>
Expand Down
2 changes: 1 addition & 1 deletion console/src/components/Services/EventTrigger/Modify/HeadersEditor.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import {
setHeaderValue,
} from './Actions';
import DropdownButton from '../../../Common/DropdownButton/DropdownButton';
import Tooltip from './Tooltip';
import Tooltip from '../../../Common/Tooltip/Tooltip';

class HeadersEditor extends React.Component {
setValues = () => {
Expand Down
2 changes: 1 addition & 1 deletion console/src/components/Services/EventTrigger/Modify/Info.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import React from 'react';
import Tooltip from './Tooltip';
import Tooltip from '../../../Common/Tooltip/Tooltip';

const Info = ({ triggerName, tableName, schemaName, styles }) => (
<div className={`${styles.container} ${styles.borderBottom}`}>
Expand Down
4 changes: 0 additions & 4 deletions console/src/components/Services/EventTrigger/Modify/ModifyEvent.scss
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -289,10 +289,6 @@ modifyHeadersCollapsedHeadings {
margin-bottom: 20px;
}

.tooltipIcon{
padding-left: 5px;
}

.cursorPointer {
cursor: pointer;
}
Expand Down
2 changes: 1 addition & 1 deletion console/src/components/Services/EventTrigger/Modify/OperationEditor.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import React from 'react';
import Editor from '../../../Common/Layout/ExpandableEditor/Editor';
import Tooltip from './Tooltip';
import Tooltip from '../../../Common/Tooltip/Tooltip';

import { toggleQueryType, toggleColumn, toggleManualType } from './Actions';

Expand Down
2 changes: 1 addition & 1 deletion console/src/components/Services/EventTrigger/Modify/RetryConfEditor.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import {
setRetryTimeout,
showValidationError,
} from './Actions';
import Tooltip from './Tooltip';
import Tooltip from '../../../Common/Tooltip/Tooltip';

import semverCheck from '../../../../helpers/semver';

Expand Down
2 changes: 1 addition & 1 deletion console/src/components/Services/EventTrigger/Modify/WebhookEditor.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import {
setWebhookUrlType,
showValidationError,
} from './Actions';
import Tooltip from './Tooltip';
import Tooltip from '../../../Common/Tooltip/Tooltip';

class WebhookEditor extends React.Component {
setValues = () => {
Expand Down
Loading