Skip to content

0.18.0
Compare
Choose a tag to compare
@github-actions github-actions released this 27 Jan 09:07
· 169 commits to main since this release
0.18.0
55d4c66

Minor Changes

  • 45afb45: Stop sending the refresh token in the hash part of the redirection

    Originally, hasura-auth was adding the refresh token to the hash part of the redirection urls, but we decided to add it to the query parameters, as the hash was not accessible in SSR pages.
    We decided to add the refresh token in both places during a transition period in order to prevent a breaking change with legacy versions of the SDK, that were looking for the refresh token in the hash.
    However, since @nhost/[email protected] (April), the SDK also finds (and removes) the refresh token in both places.

    Sending the refresh in the hash has a significant impact on Vue users, as the vue-router is handling routes in the hash part of the url in its own way that conflicts with the urls sent by hasura-auth.

    This is a breaking change for clients using previous versions of the SDK, or manually looking for the refresh token in the hash instead of the query parameter

  • d5eed8f: Use SQL instead of GraphQL to interact with the DB

    Run DB operations through SQL rather than GraphQL, so the user can pick any Hasura naming convention configuration they want.

    As the SQL operations are simpler than the ones generated by Hasura, and as we don't use Hasura anymore to proxy DB operations, it also comes with a slight performance increase.

    Hasura-auth now only uses the GraphQL API to generate custom claims.

  • 2e15427: Introduce a new refresh_tokens.refresh_token_hash column.

    Preparatory work to store refresh tokens as a SHA256 hash.

    To avoid a breaking change, the refresh_tokens.refresh_token column remains unchanged until the next major release.

    • The refresh_tokens.refresh_token column is now deprecated.
    • The hashed refresh token is a Postgres stored generated column.
    • The internal GraphQL queries are using the hashed refresh token.
    • The internal GraphQL mutations are still updating the refresh_token column.

    When introducing the breaking change, we will:

    • Rename refresh_tokens.refresh_token to refresh_tokens.id.
    • Use the id column as an identifier.
    • Remove the generated expression in the refresh_token_hash column.
    • New refresh tokens will then be saved uniquely as SHA256.

Patch Changes

  • de0b163: Added spanish email templates, thanks @JepriCreations for the contribution

  • b398ae2: A custom claim that is expected to be an array (ie. contains "[]" in its path) will be set to an empty array - instead of being undefined - when its query returns no value.

    This allows permissions of the form "something IN X-Hasura-myCustomClaimArray" to work as intended
    when the array is empty.

  • 87a3e96: Added czech email templates, thanks @suplere for the contribution

  • fff9d1f: Added bulgarian email templates, thanks @azlekov for the contribution

  • 5a224e6: Improve the logging of the SMTP errors

    When an email could not be sent, the logs where too limited. As a result, it was not possible to know the reason why emails could not be sent, nor knowing why hasura-auth was returning an HTTP 500 error.

    When an email can't be sent, hasura-auth now adds two more lines to the logs before the standard http log row:

    {"address":"127.0.0.1","code":"ESOCKET","command":"CONN","errno":-61,"level":"warn","message":"SMTP error","port":1026,"syscall":"connect"}
{"level":"warn","message":"SMTP error context","template":"email-verify","to":"[email protected]"}
{"latencyInNs":271000000,"level":"error","message":"POST /signup/email-password 500 271ms","method":"POST","statusCode":500,"url":"/signup/email-password"}
Assets 2
Loading