chore: update versions

nhost · Jan 27, 2023 · 55d4c66 · 55d4c66
1 parent fff9d1f
commit 55d4c66
Show file tree

Hide file tree

Showing 10 changed files with 63 additions and 84 deletions.
diff --git a/.changeset/chilled-pugs-check.md b/.changeset/chilled-pugs-check.md
diff --git a/.changeset/clever-pianos-bake.md b/.changeset/clever-pianos-bake.md
diff --git a/.changeset/curvy-rice-sin.md b/.changeset/curvy-rice-sin.md
diff --git a/.changeset/hungry-insects-reflect.md b/.changeset/hungry-insects-reflect.md
diff --git a/.changeset/khaki-peaches-obey.md b/.changeset/khaki-peaches-obey.md
diff --git a/.changeset/poor-singers-complain.md b/.changeset/poor-singers-complain.md
diff --git a/.changeset/silver-cars-applaud.md b/.changeset/silver-cars-applaud.md
diff --git a/.changeset/strong-impalas-marry.md b/.changeset/strong-impalas-marry.md
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,67 @@
 ## Changelog
 
+## 0.18.0
+
+### Minor Changes
+
+- 45afb45: Stop sending the refresh token in the hash part of the redirection
+
+  Originally, hasura-auth was adding the refresh token to the hash part of the redirection urls, but [we decided to add it to the query parameters](https://github.com/nhost/hasura-auth/pull/146), as the hash was not accessible in SSR pages.
+  We decided to add the refresh token in both places during a transition period in order to prevent a breaking change with legacy versions of the SDK, that were looking for the refresh token in the hash.
+  However, since `@nhost/[email protected]` (April), the SDK also finds (and removes) the refresh token in both places.
+
+  Sending the refresh in the hash has a significant impact on Vue users, as the vue-router is handling routes in the hash part of the url in its own way that conflicts with the urls sent by hasura-auth.
+
+  This is a breaking change for clients using previous versions of the SDK, or manually looking for the refresh token in the hash instead of the query parameter
+
+- d5eed8f: Use SQL instead of GraphQL to interact with the DB
+
+  Run DB operations through SQL rather than GraphQL, so the user can pick any [Hasura naming convention configuration](https://hasura.io/docs/latest/schema/postgres/naming-convention/) they want.
+
+  As the SQL operations are simpler than the ones generated by Hasura, and as we don't use Hasura anymore to proxy DB operations, it also comes with a slight performance increase.
+
+  Hasura-auth now only uses the GraphQL API to generate custom claims.
+
+- 2e15427: Introduce a new `refresh_tokens.refresh_token_hash` column.
+
+  Preparatory work to store refresh tokens as a SHA256 hash.
+
+  To avoid a breaking change, the `refresh_tokens.refresh_token` column remains unchanged until the next major release.
+
+  - The `refresh_tokens.refresh_token` column is now deprecated.
+  - The hashed refresh token is a Postgres stored generated column.
+  - The internal GraphQL queries are using the hashed refresh token.
+  - The internal GraphQL mutations are still updating the `refresh_token` column.
+
+  When introducing the breaking change, we will:
+
+  - Rename `refresh_tokens.refresh_token` to `refresh_tokens.id`.
+  - Use the `id` column as an identifier.
+  - Remove the `generated` expression in the `refresh_token_hash` column.
+  - New refresh tokens will then be saved uniquely as SHA256.
+
+### Patch Changes
+
+- de0b163: Added spanish email templates, thanks [@JepriCreations](https://github.com/JepriCreations) for the contribution
+- b398ae2: A custom claim that is expected to be an array (ie. contains "[]" in its path) will be set to an empty array - instead of being undefined - when its query returns no value.
+
+  This allows permissions of the form "something IN X-Hasura-myCustomClaimArray" to work as intended
+  when the array is empty.
+
+- 87a3e96: Added czech email templates, thanks [@suplere](https://github.com/suplere) for the contribution
+- fff9d1f: Added bulgarian email templates, thanks [@azlekov](https://github.com/azlekov) for the contribution
+- 5a224e6: Improve the logging of the SMTP errors
+
+  When an email could not be sent, the logs where too limited. As a result, it was not possible to know the reason why emails could not be sent, nor knowing why hasura-auth was returning an HTTP 500 error.
+
+  When an email can't be sent, hasura-auth now adds two more lines to the logs before the standard http log row:
+
+  ```json
+  {"address":"127.0.0.1","code":"ESOCKET","command":"CONN","errno":-61,"level":"warn","message":"SMTP error","port":1026,"syscall":"connect"}
+  {"level":"warn","message":"SMTP error context","template":"email-verify","to":"[email protected]"}
+  {"latencyInNs":271000000,"level":"error","message":"POST /signup/email-password 500 271ms","method":"POST","statusCode":500,"url":"/signup/email-password"}
+  ```
+
 ## 0.17.1
 
 ### Patch Changes

diff --git a/package.json b/package.json
@@ -5,7 +5,7 @@
     "url": "git://github.com/nhost/hasura-auth.git",
     "type": "git"
   },
-  "version": "0.17.1",
+  "version": "0.18.0",
   "main": "dist/start.js",
   "scripts": {
     "preinstall": "npx only-allow pnpm",