Changelog

🚨 🚨 We have identified issues with the upgrade to this release if there are insert permissions defined. We are investigating the issue.
The bug is now fixed in v1.0.0-alpha37. Please skip this version and upgrade to the latest version instead.

🎁 New Features 🎁

• PostgreSQL functions that return tablesets can now be queried via GraphQL (close #333) (#1073).
  Example - Building a search function for articles:

  • Create a function from SQL window on console and track it:

    CREATE FUNCTION search_articles(keyword TEXT)
        RETURNS SETOF article AS $$
            SELECT *
            FROM article
            WHERE
            title ILIKE ('%' || keyword || '%') or
            content ILIKE ('%' || keyword || '%')
        $$ LANGUAGE SQL STABLE;

  • GraphQL Engine generates the following query type:

    search_articles (
      args: search_articles_args! 
      where: artcle_bool_exp
      order_by: [article_order_by!] 
      limit: Int
      offset: Int
    ): [article!]! 
    
    input search_article_args {
      keyword: String!
    }

  • Now, search through articles via GraphQL:

    query searchArticles {
      search_articles(
        args: {keyword: "Hasura"}
      ){
        id
        title
        content
        author_id
      }
    }

• Event trigger payload now contains session_variables which has all the x-hasura-* variables present in the context of the event. (close #1328) (#1458)

• Remote schemas now supports default values for input types. (close #1491) (#1493)

• Union and Interface types are now supported in Remote Schema. (close #1276) (#1361)

• JSONB and PostGIS operators are now supported in permissions, console changes are pending. (track #1503) (#1461)

• While creating a relationship, console now auto-fills a generated name. (closes #1095) (#1437)

• Analyze SQL on the console now works for all roles. (close #1457) (#1459)

• Simplifies SQL generation for _eq and _neq operators in GraphQL API (#1466)

• Adds anonymous telemetry data collection to server, cli and console. The data collected is minimal, statistical in nature and cannot be used to uniquely identify a user. To understand what data is collected and for instructions to opt-out, head to docs. (#1401)

🐛 Bug Fixes 🐛

• Fixes a bug that caused values to be set as NULL if they were not passed in the variables for _set update operator. (close #1448) (#1475)
• Remote schemas can now handle scalars separately from Hasura scalars. This finally enables merging multiple Hasura schemas under one Hasura instance. (fix #1244) (#1497)
• Fixes a bug on server that caused un-tracking tables to fail in certain cases where there are relationships defined on it. (close #1441) (#1442)
• Fixes a bug that caused console to create incorrect down migration for delete_event_trigger action. (close #1390) (#1391)
• Fixes a console bug that caused modifying event trigger options to fail. (#1465)

Other changes

• modify contributing guides for docs, cli, server console and community (#1427) (close #1370) (#1414) (#1412)
• server: test jwt with invalid signtaure and expired token (#1492)
• console: reuse buttons across console for uniformity (#1400)
• console: console ui fixes (#1455)
• console: change json field placeholder from 'asdf' to 'bar' (close #1260) (#1261)

Changelog

New features

• Hasura now supports PostGIS topology operators in the GraphQL boolean expression itself.
  Example - Fetch a list of geometry values which are within the given polygon value using ST_within:

  query geom_table($polygon: geometry){
    geom_table(where: {geom_col: {_st_within: $polygon}}){
      id geom_col
    }
  }

  Where $polygon is:

  {
    "polygon": {
      "type": "Polygon",
      "coordinates": [
        [[0,0],[0,2],[2,2],[2,0],[0,0]]
      ]
    }
  }

  See docs for more details. (closes #1051) (#1372)
• Adds a new flag --server-host and env var HASURA_GRAPHQL_SERVER_HOST tp specify the host address the server should bind to. Huge shoutout 📣 to @nathanstitt for submitting this PR. (#1280)
• Introduces new optimisation in the run_sql query type, which will result in better performance for non-schema modifying queries (like insert/select/update/delete etc.). (close #1362) (#1406)

Bug fixes

• Fixes a typo in the error message shown when pgcrypto extension is not available. (fix #1322) (#1331)
• Server now accept null (null) and empty arrays ([]) for relationship values and object values during insert. (closes #1352) (#1360)
• Fixes a console redirect bug that occurs when the schema is changes. (#1389)
• Console now creates correct down migrations for permission actions. (close #1366) (#1376)
• Fixes a bug that caused incorrect array relationships to show up as suggested when there are circular foreign keys. (close #1296) (#1306)

Other changes

• Adds a new flag --use-prepared-statements <bool> and env var HASURA_GRAPHQL_USE_PREPARED_STATEMENTS to disable using prepared statements while executing SQL on the database. It is enabled by default. (close #1392) (#1396)
• Schema selection drop down on the console is moved to the top on the left sidebar. (close #1092) (#1118)
• Console now redirects to login page only if access-denied response happens. (close #1364) (#1363)
• Fixes a bug that caused incorrect delivered time to appear on the event trigger logs in console. (close #1309) (#1312)
• console: add css property to completely show column values (close #1246) (#1337)
• Fixes various console bugs. (close #1303) (close #1049) (close #1282) (#1330) (close #1307) (close #1308) (close #1332) (#1336)

Changelog

New features

• Headers in the GraphiQL tab are now persisted in localstorage (close #275) (#1262)
• Server can now be hosted on a subpath using a reverse proxy without breaking any console redirects. E.g. /somepath/console (#1228)
• Alter column type in modify table page now shows only compatible types. (close #544) (#1174)

Bug fixes

• Server now generates aggregate order_by types only if relevant columns are present. This fixes a bug that caused schema introspection to fail in certain cases. (closes #1243) (#1248)
• Auth hook mode (--auth-hook-mode) environment variable was fixed to be HASURA_GRAPHQL_AUTH_HOOK_MODE as indicated in docs, instead of HASURA_GRAPHQL_AUTH_HOOK_TYPE. Support for TYPE will be dropped in the next release. (fix #1270) (#1285)
• Fixed a bug that caused detection of primary key to fail for certain tables where the Hasura user is not the owner. (close #1269) (#1300)
• CLI now displays proper error messages when an invalid migration file is present. (fix #1224) (#1238)
• Fixes a bug that caused untracking to fail when a table with no columns is dropped from SQL window. (close #1255) (#1256)

Other changes

• server: serve local console on development builds (#1252)
• server: improve startup log messages (close #1236) (#1258)
• server: update constraint enum types when a new constraint is added (#1287)
• console: add a section title to add column in modify tab (fix #1096) (#1245)
• console: ui improvements on event trigger update columns (close #1257) (#1259)
• console: highlight actionable buttons when its on focus (close #1294)
• console: display table name for manual array relationship from view to table (fix #1292) (#1293)

Changelog

Please make sure you go through the 🚨 breaking changes 🚨 introduced in v1.0.0-alpha32 if you're upgrading from a version below that.

The primary objective of this release is to fix a bug that was introduced on alpha32. GraphQL Engine server command line flags can now be used in any order. (#1231)

Also fixes a bug that caused resetting metadata to fail when event triggers are present. (close #1232) (#1233)

We have also added an optimisation that improves startup times for the server, by optimizing the initial number of queries made to the database. (#1235)

Changelog

⚠️ 🐛 A recent refactor in the way how command line flags are parsed casued a bug in which the flags have become positional. Please hold off on updating to this release if you're using flags. Environment variables continue to work.

This bug is now fixed in v1.0.0-alpha33. Please ignore this version and update to the latest.

🚨 Breaking changes 🚨

Please read the changelog carefully before upgrading to this release

1. If you are using the upsert feature (on_conflict argument in inserts), this release will most likely break your mutations.
   The changes were necessary to make graphql-engine's permissions as close to Postgres's RLS as possible so that we do not inadvertently introduce any security bugs.

   1. Previously graphql-engine allowed upsert behavior with an option called Allow Upsert in the insert permissions. From now on,
      upsert (on_conflict argument) is allowed only if update permissions are defined on the table. graphql-engine will then enforce these conditions:
      1. Only the columns that are specified in update permissions are allowed with update_columns.
      2. Only the rows that match the update permissions' filter are allowed to be updated.
   2. We've also removed the deprecated action field from on_conflict
   3. update_columns is now mandatory in on_conflict.

2. The structure of errors has changed and conforms to the current GraphQL spec. These are potentially breaking changes.

   The previous error structure looked like this:

   {
     "errors": [
       {
         "path": "$.selectionSet.author.args.order_by[0].articles_aggregate.cout",
         "code": "validation-failed",
         "message": "field \"cout\" not found in type: 'article_aggregate_order_by'"
       }
     ] 
   }

   The current error structure looks like this:

   {
     "errors": [
       {
         "extensions": {
           "path": "$.selectionSet.author.args.order_by[0].articles_aggregate.cout",
           "code": "validation-failed"
         },
         "message": "field \"cout\" not found in type: 'article_aggregate_order_by'"
       }
     ]
   }

3. Previously graphql-engine allowed any number of top level fields in subscriptions, this is now restricted to one as per the spec. This will
   help us with the optimisations that are planned for the next release.

🎁 New features 🎁

• Authentication webhook can now be triggered with POST requests. Set HASURA_AUTH_HOOK_MODE=POST and server now sends incoming headers as JSON POST body to the webhook. (close #1138) (#1147)
• GraphQL input objects and arrays are now parsed as scalar values. This means that non-native GraphQL types (e.g. json, jsonb etc.) can now be passed in the query itself. Earlier these had to passed separatly in variables. (close #1132) (#1137)
• Conflicting GraphQL types from remote schemas are merged into one type if they have same structure. This enables adding other Hasura GraphQL Engine schemas as remote schemas. (closes #1112, #1135) (#1145)
• order_by can now refer to aggregates on related columns. For example, order authors based on the number of their articles: (close #1039) (#1042)

  {
    author (order_by: {articles_aggregate: { count: desc }}) {
      id
      name
    }
  }

• CLI now shows better error messages (including filenames) if there are errors in applying migrations. (close #1136) (#1143)
• Console now shows column types next to names while setting update columns on event triggers. Shoutout to @pthm who proposed and worked on this PR 🙏. (#1188)
• Console can now be used to update event triggers. (close #489) (#1124)

🐛 🚫 Bug fixes 🚫 🐛

• The JWT library jose is updated to fixe a bug that threw a cryptic error when x5t is present in claims. (closes #983) (#1202)
• Fixes a bug that caused old trigger functions to remain while updating the event trigger. (#1214)
• CLI now handles duplicate migration versions gracefully and throws better error messages. (close #1148) (#1157)
• Fixes a bug in console that caused numbers to get stripped off while auto-generating relationship names. (close #1139) (#1144)
• Console now handles cross-schema references in permissions builder gracefully. (close #1127, #1152) (#1158)

Other changes

• server: refactor to remove warnings especially with orphan instances (#1163)
• server: refactor server cli code, add more cli options & version command (closes #51, #144, #1090, #1195) (#1200)
• server: add consolePath in console.html template (#1222)
• console: console semver check fix for non-tag versions (#1134)
• console: export console remote schemas (#1165)
• console: fix preloader refresh on events page (close #1000) (#1153)
• console: show response status code in event trigger events tab (close #1022) (#1203)
• console: permissions ui improvments (close #1068) (#1205)
• console: optimise the on-load queries on console using bulk api (close #1191) (#1196)

Changelog

This is a bug fix release.

Fixes

• Use Postgres IN expression for _in operator (fix #1109) (#1111)
• Metadata is backwards compatible for remote schemas (fix #1120) (#1121)
• Handles null values for input arguments (fix #1113) (#1123)

Other changes

• server: test: implement internal graphql server for remote schema tests (#1117)
• server: remove dependency on 'first' aggregate, closes #1085 (#1089)
• console: update notes in the sql section (close #1093) (#1116)
• console: console semver fix for commits on master branch (#1131)

Known Issues

There is a bug in this release which causes applying metadata (exported from a previous version) to fail. A workaround is to add remote_schemas: [] as a top-level key in the meatadata.yaml file.

A fix (#1121) is already in the works and we should be releasing it by Wednesday.

Changelog

There is a minor breaking change so please read carefully before upgrading to v1.0.0-alpha30.

Breaking change

The behavior of desc in order_by clause is now changed to DESC NULLS FIRST from DESC NULLS LAST. This was needed as Postgres cannot use a btree index on the ordering column with DESC NULLS LAST resulting in bad performance. After the change, the behavior is similar to that o Postgres when you specify ORDER BY column DESC.

This will only affect you if you are using desc in an order_by clause with a column which is nullable. If you want the previous behavior, you can force it by {order_by: {column: desc_nulls_last}.

Features

1. Postgres's DISTINCT ON feature is now supported in queries with a new argument distinct_on. You can find an example here: https://docs.hasura.io/1.0/graphql/manual/queries/distinct-queries.html and Postgres's docs here: https://www.postgresql.org/docs/11/sql-select.html#SQL-DISTINCT.

2. We have added experimental support for remote schemas/schema stitching in graphql-engine. If you currently have your own graphql server which schema stitches with hasura, we do not recommend you to use this feature yet as it has these limitations:

• Type names and top level field names need to be unique across all merged schemas.
• Top level fields from different GraphQL servers cannot be used in the same query/mutation. All top-level fields have to be from the same GraphQL server.
• Subscriptions on remote GraphQL server are not supported.
• Interfaces and unions are not supported - if a remote schema has interfaces/errors, an error will be thrown if you try to merge it.

These limitations will be addressed over the course of next few releases.

Fixes

1. The new SQL generation logic for _in introduced in alpha29 couldn't handle empty arrays for input. This is now fixed.
2. Previously the server docker image had ENV HASURA_GRAPHQL_ENABLE_CONSOLE=true by default. This has been removed in this release, which means that console will not be enabled unless this env var is added or the --enable-console is used.

Commit history

• server: handle empty array for _in and _nin operators, fix #1075 (#1076)
• server: change descending ordering to nulls first (fix #1008) (#1009)
• server: support Postgres's DISTINCT ON (close #1040) (#1099)
• server: update server dockerfile, install manifests and docs (#1097)
• server: cli: console: adds basic support for remote schemas/schema stitching (#952)

Features

• You can now configure event triggers with a webhook url from an environment variable. (#966) (#968)
• Improved aggregations support: Aggregate functions for statistics (stddev, variance etc.) and count on columns with distincts are added. (close #1028) (#1029)

Improvements

• Better SQL generation for _in operator. (#1013) (#1014)
• Prevent x-hasura-access-key from getting logged or accessed by current_setting('hasura.user'). (#1016) (#1017)
• server port can be set with HASURA_GRAPHQL_SERVER_PORT env variable (#1033) (#1038)
• console: track table when 'create or replace' is used in run sql (#995) (#1021)

Bug fixes

• server: do not generate prefix for column identifiers in agg select, (#1004) (#1005)
• server: fix sql generation for boolean expressions which uses self referential relationships, (#853) (#1037)

This is a minor release with few bug fixes.

Features:

In the insert permissions, you can now specify the columns that are allowed to be inserted.

Improvements:

1. server: Retry-After header of the webhook response takes precedence over the configured retry policy (event triggers).
2. server: EVENTS_FETCH_INTERVAL can now be specified in milliseconds (event triggers).
3. console: handle non-public schema cases for manual relationship creation (#911)

Fixes:

1. server: fixes an issue with insert mutations with relationships where returning is not specified.
2. console: fix an issue with pending event trigger logs when opened (#926)
3. console: fix broken redirect from table/edit to table/brows

Complete changelog

• server: gitignore generated .tix files in pytest folder (#924)
• server: pep8 fixes for python files (#875)
• server: change type of fetch interval to milliseconds (#939)
• server: give precedence to retry-after header over retry conf (#954)
• server: refactor select query generation (#941)
• server: extract session variables from relational bool expression (fix #960) (#961)
• server: remove enable console from docker cmd and add it as env var (close #907) (#938)
• server: refactor nested insert mutation and fix returning (fix #844) (#852)
• server: allow specifying a list of columns that can be inserted (close #250) (#917)
• cli: remove docs from cli folder (#918)
• console: handle non-public schema cases for manual relationship creation (close #911) (#912)
• console: remove tries filter from where clause for pending events (#921)
• console: fix issue with pending event trigger logs when opened (#926)
• console: fix broken redirect from table/edit to table/browse (close #905) (#935)
• console: update logo in console (#934)
• console: allow specifying a list of columns that can be inserted (close #250) (#917)

Changelog

Fixes

This release fixes a bug introduced by alpha26, which caused server to deny all requests if auth-webhook was configured. Skip updating to 26 and update to alpha27 directly. Note that order_by API breaks from alpha26 on-wards. (closes #890) (#894)

Features

• Custom headers (like Authorization) can be set for event triggers. You can now secure your trigger endpoints/webhooks using these headers. (close 523) (#812)
• Console now suggests relationships over composite foreign keys too. (close #284) (#808)

Other changes

• server: add tests for server with access control, jwt and auth webhooks (#710)
• console: update advanced settings in create trigger page (close #654) (#868)
• console: handle table/schema names in relationship suggestions properly (close #876) (#879)