Changelog

2019-05-16 17:45 IST: The fixed image has been pushed with tag v1.0.0-beta.1
2019-05-16 15:53 IST: (We have taken the docker images down from docker hub as there seem to be some issue serving console html - will post an update soon)

A new v1/graphql endpoint 🎉

This release introduces a new endpoint, /v1/graphql, that will be the primary GraphQL endpoint going forward. Breaking changes in this release (described below) have been released only into this endpoint, leaving the /v1alpha1/graphql endpoint unaffected by them.

New Features & enhancements 🎁

• Allow-list: A list of safe queries can now be configured in GraphQL engine. When enabled, it is used to restrict GraphQL engine so that it executes only those queries that are present in the list. See docs for more details. This is enforced over both v1 and v1alpha1 GraphQL endpoints. (closes #989) (#2075)

• Optimised server startup time: Startup time for GraphQL engine has been reduced by ~7X to ~30X depending on the quantum of metadata (startup time is ~0.26 secs with 300 tables and 1300 relationships). (closes #1430) (#2120)

• Manual Event triggers: Events can now be configured to be triggered manually using the console. Read more here. (closes #1687) (#2077)

• Console features: The console now has native support for creating/deleting the following Postgres elements:

  • Multi-column unique constraints (closes #506) (#2148)
  • Schemas (closes #2142) (#2143)

• Offline mode for console: GraphQL engine's console now works without access to a public network. The console's static assets are bundled into the Docker image, and GraphQL engine can be configured to use locally available static files instead of relying on a CDN. This feature is currently not available for a console instance served by the CLI, this will be addressed in the next releases. See docs for
  more information. (closes #516, #521, #2130) (#2192, #2201)

Breaking change in v1/graphql 🔨

The following changes are available only in the v1/graphql endpoint and are breaking only when compared to the behaviour of the v1alpha1/graphql endpoint:

• Response codes: All graphql responses in the /v1/graphql endpoint will be 200 OK. Most GraphQL clients expect responses to be HTTP 200 to parse the error properly. Non-200 responses are considered transport layer errors.

• Consistent error messages: Errors in HTTP and Websocket layer are now consistent and have the same structure. (closes #1368) (#2064) (#2173)

Bug Fixes 🐞

• Websocket connections will now be closed automatically on JWT expiry. (fixes #578) (#2156)
• Fixed sending duplicate content-type headers to remote schemas. (fixes #2159) (#2170) (#2197)
• Boolean Environment variables will be compared with a case-insensitive match. (fixes #2177) (#2182)

Other changes

• Fixes and enhancements for https://learn.hasura.io. (closes #2161) (#2158, #2166, #2162, #2136, #2169, #2134, #2091, #2154)
• Console bug fixes. (closes #2164, #1777, #2094) (#2187, #2152, #2127, #2123)
• Community content & docs changes. (#2157, #2145, #2149, #1963, #2110, #2126, #2196, #2150)

Changelog

Breaking Fixes

• This fix changes the behavior of aggregate queries when used in conjunction with the limit configuration in select permissions. In versions prior to this, aggregate functions account for the value of the limit setting when calculating the aggregate value. This will not be the case going forward and aggregate values will calculated over all the rows that the role has permissions for. (fix #1837) (#2027)

  E.g.: Assuming a role has permissions to access all the rows in the authors table and the limit configuration is set to 2. Query:

  {
    authors {
      id
      num_articles
    }
    authors_aggregate {
      aggregate {
        max {
          num_articles
        }
      }
    }
  }

  Before the fix:

  {
    "data": {
      "authors": [
        {
          "id": 1,
          "num_articles": 1
        },
        {
          "id": 2,
          "num_articles": 2
        }
      ],
      "authors_aggregate": {
        "aggregate": {
          "max": {
            "num_articles": 2
          }
        }
      }
    }
  }

  After the fix:

  {
    "data": {
      "authors": [
        {
          "id": 1,
          "num_articles": 1
        },
        {
          "id": 2,
          "num_articles": 2
        }
      ],
      "authors_aggregate": {
        "aggregate": {
          "max": {
            "num_articles": 5
          }
        }
      }
    }
  }

Bug Fixes

• Server now adds variable name to the path when there is an error. Earlier, the path key in the error response when there is an issue with variables was just $.variableValues. Now, it includes the variable name as well, like $.variableValues.<var_name>. (close #2050) (#2051)
• Fixes a bug that allowed null values for non-nullable fields. (close #1981) (#2057)
• Fixes a bug on server that allowed dropping of columns that were used in the permissions rules with column operators. (close #2054) (#2055)
• Fixes a bug that caused server to send duplicate headers to remote schema server. (#2118)
• Fixes a bug that caused server not to update the GraphQL Schema when a column's nullability or type is changed. (fix #2101) (#2106)

New Features

• Server adds a new API to execute pg_dump on the connected Postgres server. The migrations workflow has improved a lot because of this. To get the schema and metadata from a server, only one CLI command is enough. See docs for more details. (close #1939) (#1967)

  hasura migrate create "init" --from-server

Other changes

• server: multiplexed subscription improvements (#2081)
• server: log inconsistent metadata objects only when there are any (close #2053) (#2058)
• server: schema cache sync improvements (#2098)
• console: change Github to GitHub at multiple places (#2046)
• console: fix console bugs (close #2030, #2032, #226) (#2044)
• console: change position of constraint names in table modify (#2070)
• console: restructure console files (#2078)
• console: fix console expandable editor styles (#2111)
• console: fix set column as unique bug (close #2096) (#2108)

Changelog

Bug fixes

• Fixes a bug with multiplexed subscription planning introduced in alpha43, candidate id shouldn't be part of the plan in multiplexed subscriptions (#2029)
• Introspection queries are now much faster and are only recomputed when the schema changes, reduces the memory footprint of the server for introspection queries, use ByteString to cache introspection response, closes #1942 (#2028)
• console: fix typo in the field name for accessing headers (#2026)

Changelog

🚨 Breaking change 🚨

You cannot access the current user with current_setting('hasura.user') from custom SQL functions/views anymore. This information is still available inside triggers for mutations. If you are using current user information inside custom functions you'll need to wait for the next release where we will pass user information to custom functions. Unless you know what we are talking about, you are most definitely not affected by this.

🎁 New features 🎁

Recovery from inconsistent metadata

The server now starts even when the metadata is inconsistent. You can then fix/drop this metadata from the console. You can apply a new metadata, execute Hasura Metadata API actions to fix the inconsistencies or drop the inconsistent objects altogether. All this while, Hasura will be serving the GraphQL schema with only the consistent metadata. (closes #231) (#1863)

⚡ Performance improvements for subscriptions ⚡

This release greatly improves the performance of subscriptions backend. Hasura will now let you handle more active subscriptions (at least 10-100x more) while reducing the load on Postgres (CPU usage reduces by 5-10x while number of connections used reduces by 20-40x).

These optimisations only kick in when your susbscriptions meet the following conditions:

1. All the variable types are non-nullable scalars.
2. All the variables are part of the where condition (i.e, not limit/offset).

Few example,

This susbscription will be optimised:

subscription s ($id: uuid!) {
  build(where: {id: {_eq: $id}}) {
    status
  }
}

This will not be (notice the absence of non-nullable '!' in the declaraton of $id):

subscription s ($id: uuid) {
  build(where: {id: {_eq: $id}}) {
    status
  }
}

This will not be optimised ($condition is not a scalar):

subscription s ($condition: build_bool_exp!) {
  build(where: {id: {_eq: $id}}) {
    status
  }
}

This will not be optimised ($type is nullable, all arguments have to be non-nullable):

subscription s ($category: String! $type: String) {
  build(where: {category: {_eq: $category} type: {_eq: $type}) {
    status
  }
}

We'll document the architecture and the usage patterns more clearly in the coming few days. (#1934)

⚡ Performance improvements for queries ⚡

Reduces the number of trips to Postgres, so your queries will be faster. You'll notice a speedup particularly if the connection between graphql-engine and postgres has high RTT (round trip time). (#1934)

Composite foreign key and primary key support with Console

Console now supports creating composite primary and foreign keys. (close #1707) (#1854)

Bug fixes

• server: fix excessive memory consumption with bulk queries (#1972)
• server: fix incorrect default values for inserts after column drop, fix #1991 (#1993)
• console: fix webhook url edit for event triggers (#1987)
• console: fix fk bug in non-public schemas (#2010)

Other changes

• server: read version from env var during server build time (close #1398) (#1897)
• cli: fix cli contrib instructions (#1958)
• console: fix styles in browse rows, relationship and permission tables (#1969)
• console: update console permissions ui (#1924)
• console: re-add same as other action options in permissions (#1970)
• console: add placeholder for bool type fields while inserting rows (#1962)
• console: fix save function in console's retry config editor (fix #1975) (#1976)
• console: optimise introspection query calls (#1971)
• console: handle permission api shorthands in console (#1986)
• console: show default values as placeholder during insert row (#1985)
• console: make console function fetchTableListBySchema reusable (#2008)
• console: persist explorer / endpoint / headers collapsed state in ApiExplorer (#1992)
• console: refactor permissions types handling (#2009)

Changelog

Bug fixes

• Fixes a bug on server which caused event trigger update API to return success without actually updating the trigger metadata. This bug was introduced in the last release. (#1950)
• Fixes a bug that caused server to generate incorrect types for arguments of custom SQL functions, in certain cases. (close #1952) (#1953)

Other changes

• server: specify better error msgs for remote schema conflicts (fix #1805) (#1904)
• server: run graphql tests on both http and websocket; add parallelism (close #1868) (#1921)
• cli: fix bash completion example docs on cli (#1832)
• cli: rename metadata reset to metadta clear (close #1851) (#1893)
• cli: added feedback for metadata commands (close #1411) (#1929)
• cli: improve error messages for metadata apply (close #1877) (#1895)
• cli: added feedback on migration commands (close #1410) (#1931)
• console: make graphiql api endpoint and request header sections collapsible (#1723)
• console: refactor some console components for readability (#1928)
• console: update raw sql notes and tooltips (#1926)
• console: remove remote schema env var note (#1932)
• console: update track relationship text in console (#1927)
• console: improve console error page (close #272) (#1890)
• console: persist queries in GraphiQL (closes #1894) (#1903)

Changelog

UPDATE (26 Mar 2019 12:20 PM GMT): We have identified an issue with the docker image for alpha41 where a shared library is missing. Please DONT upgrade until we push the fixed image.

UPDATE (26 Mar 2019 01:00 PM GMT): The docker bug has been fixed and a new docker image is pushed. You can now upgrade to this release.

UPDATE (28 Mar 2019 03:15 PM GMT): (#1809) has been moved from bug fixes to breaking changes as it could break queries with variables for which right types are not used.

🚨 🚨 Breaking changes 🚨 🚨

• To fix a bug that caused event trigger id to change on metadata replace operations, the id column is dropped from the metadata entirely. This affects the event payloads as it will be missing in the trigger key as well. You can find the complete payload reference in docs. (fix #1840) (#1857)

  Payload before alpha41:

  ...
    "trigger": {
      "id": "e9723071-d6a8-47c3-981b-811e891ac6dd",
      "name": "email_trigger"
    }
  ...

  Payload after alpha41:

  ...
    "trigger": {
      "name": "email_trigger"
    }
  ...

• Fixes a long standing bug which didn't enforce type validations for input variables since Postgres allows it. With this fix, if a String variable is used for an Int input type, validation error will be thrown. This could break your existing queries if you are not using the right types for variables. (e.g. using $value: Float while the column is of Numeric type) (close #21) (#1809)

• This is not a breaking change on the server, but a change in behaviour for Console. It now uses inflection to suggest relationship names. For example, if author_id column in article table has a foreign key constraint to id column of author table, the object relationship suggested on article table will be author instead of authorByAuthorId, and the array relationship on author table will articles instead of articlesByAuthorId. If you depend on the names generated by console elsewhere, please pay extra attention. This change applies to all releases, not just alpha41 since console follows a rolling update strategy. (close #1665) (#1801)

🎁 🎁 New features 🎁 🎁

• Server now supports ST_DWithin and ST_Intersects spatial predicates for PostGIS GEOGRAPHY columns directly in GraphQL queries and permissions builder. (close #1674) (#1735)
• JSON/JSONB columns now have a path argument which accepts a JSON Path and the field value returns the value for the path. You can find an example in the docs. (close #1598) (#1661)
• CLI now supports creating migration files by reading an SQL file and getting metadata from server. Command details can be found in the docs. (close #1699) (#1761)
• metadata apply command on CLI now accepts a JSON or YAML file. (close #1698) (#1746)
• Console now includes OneGraph Explorer. (close #1616) (#1680)
• New favicons for Console and Docs. (close #1485) (#1760)

🐛 🐛 Bug fixes 🐛 🐛

• Over websocket transport, in some cases of query validation errors, connection_error was thrown (which is for protocol errors) instead of error. This is now fixed to send GQL_ERROR instead of GQL_CONNECTION_ERROR. (fix #1790) (#1792)
• Fixes a bug that was introduced in alpha40 which mandated a table/view to have a primary key or a unique constraint if the delete mutation had to return the data in response. This requirement is not there anymore and delete mutations returns the correct data. (fix #1794) (fix #1763) (#1827)
• Fixes a bug that skipped validations for relationship definitions on startup (#1849)
• Fixes a bug on console that caused issues with the Track this checkbox in SQL tab. (close #1671, #1627) (#1717)

Other changes

• server: bump stackage to lts 13 and refer to hasura's pg-client-hs (#1747)
• server: use bytestring builder to represent encoded json (makes things faster) (#1800)
• server: add for update skip locked to fetch query (#1798)
• server: specify needed node version, clarify setup instructions (close #1754) (#1815)
• server: reduce server build time on ci (#1836)
• server: Revert "reduce server build time on ci (#1836)"
• server: refactor graphql query execution logic (#1855)
• server: bump haskell-docker-packager version (#1870)
• server: add user information to transactions in ws protocol (fix #1867) (#1869)
• console: change try it out link for remote schema in console #1788
• console: show migration name section only if This is migration is checked (close #1732) (#1762)
• console: reload onegraph schema on header change (#1810)
• console: remove graphiql suggestions on page navigation (#1803)
• console: fix relationship editor bug in console (#1814)
• console: handle capital letters and quotes in Raw SQL Track this (#1811)

Changelog

Update on 14 March 2019:

🚨 🚨 Breaking change 🚨 🚨

From alpha40, relationships/nested objects can be retrieved in mutations ONLY if the table has a primary key or a unique constraint. The approach taken prior to alpha40 would only work in some cases and could trigger inconsistent results such as those documented in #1576.

• Please add either a primary key or a unique constraint to tables with such mutations.
• If you are using updatable views, you can either have mutations on the underlying tables directly or you can downgrade to alpha39 by following these instructions:
  1. Stop graphql-engine alpha40
  2. Run this SQL on your database:

  DROP TABLE hdb_catalog.hdb_schema_update_event;
  DROP FUNCTION hdb_catalog.hdb_schema_update_event_notifier();
  UPDATE hdb_catalog.hdb_version SET version = '10';

  3. Start graphql-engine alpha39

We are looking into inferring the constraints on an updatable view from the underlying base table asap.

Sorry about missing this in the previous announcement! If you need any help with this, please reach out to @team hasura on the #general channel on Discord.

🎁 🎁 New features 🎁 🎁

• The server can now sync metadata changes across multiple instances. Previously, if there were more than one Hasura instances connected to a database, metadata had to be reloaded on all instances of Hasura when migrations were applied or if the schema was changed via one of the Hasura instances. With this release, updating schema on one instance emits an event that other instances will listen to and reload the metadata automatically. (closes #1182) (#1574)
• Server now respects x-hasura- headers for unauthorized role permissions (close #1686) (#1689)

🐛 🐛 Bug fixes 🐛 🐛

• Queries/Mutations on remote schema now works over websocket. (fix #1619) (#1621)
• Mutation now returns the updated data over relationships (fix #1576) (#1703)

Other changes

• console: fix console browse rows bugs (#1691)
• console: console code refactor (#1688)
• console: add quickstart content to console remote schema and event triggers pages (#1630)

Changelog

🚨 🚨 Breaking change 🚨 🚨

Prior to this release, the server stringified certain Postgres numeric types like bigint. Starting with this release, server will only stringify these types if --stringify-numeric-types flag or the env var HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES is set. Specifically bigint, numeric, decimal and double precision as they don't fit into the IEEE-754 spec for JSON encoding-decoding. If you depend on the stringification of these types, please enable this flag while upgrading. (fix #1523) (#1662)

🎁 🎁 New features 🎁 🎁

• Server now allows renaming tables, columns through the run_sql API and relationships through rename_relationship API. Console now has option on the corresponding screen to do the renames. (close #79) (#1542)
• A new flag/env var (--enabled-apis, HASURA_GRAPHQL_ENABLED_APIS) is added to enable/disable certain APIs. This is particularly useful for production deployment scenarios where there is a requirement to disable the metadata APIs. Default is metadata,graphql where both APIs are enabled. (close #1088) (#1650)
• Cookies are now read while establishing a websocket connection. Note that if CORS is disabled server will NOT read the cookie and a special flag (--ws-read-cookie, HASURA_GRAPHQL_WS_READ_COOKIE) should be set to force server to read the cookie. Care should be taken to handle CORS elsewhere if you're forcing the behaviour. Otherwise this is vulnerable for cross-site scripting type attacks.. (fix #1660) (#1668)

Bug fixes

• Server now enforces the column presets of update permissions on upsert mutations. (fix #1647) (#1653)
• Bug fixes and new updates on console permissions screen. (close #1503, #1529, #1567, #1470) (#1605) (#1658)
• Events and Remote schema tabs are now independent of update checker API, they appear as soon as the app is loaded. (#1604)
• Ace editor cursor now matches with the text. (#1620)
• Fixes a bug that caused event trigger definitions to break when columns are added/removed/renamed on a table. (close #1629) (#1673)
• Server now generates Scalar types for SQL function arguments. (fix #1632) (#1633)

Other changes

• server: remove grep from server makefile (#1614)
• server: refactor event processing logic (#1639)
• server: forward response headers from remote servers (fix #1654) (#1664)
• server: revert "forward response headers from remote servers (#1664)"
• server: update event triggers on rename operations (#1684)
• console: fix console hot reloading and upgrade to babel 7 (#1618)
• console: update console unable to connect to server msg (#1625)
• console: handle empty header key in console APIExplorer (#1641)
• console: make button texts consistent across event trigger and remote schemas (close #1634) (#1666)
• console: fix console sidebar links highlighting (#1657)
• console: refactor console code, update react to 16.8.2 (close #1467) (#1608)
• console: update console browse rows section (close #1622) (#1642)

Changelog

🎁 🎁 New Features 🎁 🎁

• ACCESS_KEY is now renamed to ADMIN_SECRET. This will not break existing applications/servers as access key is just marked as deprecated, not removed. This change will make it clear that it should not be stored on the client side. (close #1347) (#1540)
• Column presets are now supported in update mutations (closes #1449, closes #1464) (#1473)
• Server now supports specifying the JWT claims in stringified JSON format. This particularly addresses issues with AWS Cognito where the claims can only be string: string key-value pairs. Congnito can now be integrated by setting "claims_format": "stringified_json" in the JWT config. (See #1176 for more details) (#1538)
• Multiple domains are now supported in CORS config; set comma separated domains' list as flag or env var. (close #1436) (#1536)
• Adds delivery info (like the number of retries left and the current retry number) to event trigger payload. (close #1476) (#1517)
• Response timeout is now configurable for event trigger HTTP calls. (close #1477) (#1501)

🐛 🐛 Bug Fixes 🐛 🐛

• Improves the error message shown when no operation specs are provided during event trigger creation. (close #998) (#1541)
• Server will not allow altering a tracked SQL function type to VOLATILE. (fix #1546) (#1547)
• Server will not allow overloading already tracked functions. (#1563)
• Console will not strip x-hasura-access-key from headers for explain/analyze query (closes #1533) (#1534)
• Multiple UI bug fixes on console. (close #1548, #1549) (#1552) (#1562) (close #1561) (#1566) (#1578) (#1518)

Other changes

• server: Update CONTRIBUTING.md
• cli: update help text for console command (close #1507) (#1508)
• cli: add update-cli command to cli (close #1239) (#1251)
• cli: added a cli flag to skip update checks (close #1586) (#1600)
• cli: add new install script, commands (#1556)
• console: add note for env var usage in webhook, remote schema urls. Shout-out to @gopal-virtual for this PR. (fix #970) (#1384)
• console: sort table names alphabetically when creating new triggers. Shout-out to @pthm for this PR. (#1194)

Changelog

• Fixes a bug that caused alpha36 upgrades to fail: hdb_views should always be cleared before building schema cache (#1513)
• console: remove the usage of spread operator in setState (#1490)

For new features and other changes, see changelog for v1.0.0-alpha36.