The Hasura Community Call Roundup - May 2021

This blog post is a part of our newest series of monthly roundups for the Hasura Community Call in which we summarise all the cool demos and updates from the previous event.

If this is the first time you're coming across this event, below is all you need to know about it—

The Hasura Community Call is a monthly event hosted by yours truly (Vish 💜) on the last Thursdays of the month at 9AM PT. This is a place where our engineering and product teams hang out with our user community to showcase upcoming features, give product updates and take deep-dives into the roadmap, present interesting RFCs, and everything awesome; you name it!

Additionally, we invite a community member to present a brief demo of the work they've been doing using Hasura and talk about their experience with it. The community presenters put the 'Community' in our 'Calls'... No kidding!

So without further ado, let's jump right into the last month's spread!

In this customary 10 min product update, our CEO & Co-founder, Tanmai Gopal takes us over the roadmap and gives us an exciting view into the upcoming features as well as cool stuff that the team is currently working on.

In the month of May, Tanmai talked about two super exciting specifications that we're starting to actively work on:

1. Inherited Roles: Currently, we only allow for deriving 'table select' permissions for an inherited role and not for mutations/functions/remote schema permissions, etc. Hence, we want to bring three primary improvements in inherited roles to make them more useful—
   
   - Derive non-table select permissions for simpler cases where there is no scope for conflicting definitions.
   - Allow explicit permissions definitions or inherited roles and unify 'roles' & 'inherited roles'.
   - Try & handle special cases where there are no presets defined for the parent roles.
   
2. Schema Sharing: Have an idea about what you want to build in Hasura? How amazing would it be to be able to load a sample data model from an existing repository of schemas? We're working on bringing the ability to either create a new or load an existing sample schema into your database with the metadata associated to it which would make bootstrapping common use-cases from the community a lot easier. Tanmai gave a really cool sneak-peek of what you can be expecting.

Tanmai also briefly talked about our recent Hasura 2.0-alpha.11 upgrade that includes read-only Postgres support and the SSO launch on our Cloud & Enterprise offerings this week (we'd love your feedback on it!)

Vamshi demonstrated what's new with one-to-one relationships & the features updates in our latest OLAP data sources—BigQuery & Citus.

One-to-One Relationships: With the recent upgrade of Hasura GraphQL Engine 2.0-alpha.11, you can now create one-to-one object relationships between two tables. Vamshi shows a typical use-case of splitting a larger table into smaller ones where a one-to-one relationships would be useful. Prior to the upgrade, this wasn't possible. This new API improvement has certain benefits like better response shapes, ability to use complex ordering clauses, and easier filtering. This also allows for relational inserts in the case of mutations.  

Multiple Data sources: At Hasura, we’re working on empowering our users with universal data access to build modern apps and integrations by supporting all your databases. In this segment, we bring you exciting demos of graphql-engine’s newly added support for two popular OLAP data sources

1. BigQuery: Google Big Query is one from our suite of data sources that you can leverage to create reusable GraphQL and REST APIs within minutes. Vamshi demonstrated the features that are currently supported on BigQuery.
2. Citus: Citus transforms Postgres into a distributed database. It is one of the new generation of databases that aim to target both OLAP and OLTP use cases. Vamshi talked about the exciting work the team has been doing in bringing the official beta to you.

Postgres lets you use SSL certificates for client authentication when you're connecting to your database. We currently have support for Client SSL certificates only for our Open Source and On-Premise offerings as a user has full control over the file system in those environments and can easily create their own certificates to add them to the file system. Solomon explained what Client SSL certificates are, how they work, and the challenges of adding it to a Cloud service like Hasura Cloud as different users use a shared environment and do not have access to the file system.

Our Cloud API team is working on a basic implementation that brings this feature to Hasura Cloud as well. The requirements are:

• Securely operate in a shared environment
• User has no visibility into the file system
• Simple integration into the existing metadata API and Console UX

About the implementation:

• Stores certificate data into a secure vault
• "Lazily" writes certificates on the disk at runtime
• Leverage the existing env var system

Basically, when the project is launched, the implementation looks up the source metadata, looks up the env variables and writes them to the disk, constructs a connection string and all of this happens internally in the GraphQL Engine.

Check out the recording for a really cool demo of this!

Tiru showcased some of the upcoming security features in Hasura Cloud such as Node Limit, GraphQL Request Timeout & Disabling GraphQL Introspection for Roles.

1. Node Limit: This feature lets you restrict your API's runtime characteristics. This is useful when you want to customise the limits on your public facing APIs or restrict the operations that can be run to minimise the load. We already offer a similar feature called depth limit that helps limit the nesting in your GraphQL query. Similarly, the node limit feature lets you limit your API for a certain number of nodes. You can define the node limit both per role and globally for all roles.
2. Disabling Introspection for Roles: This one is pretty self-explanatory. You can now disable the schema introspection for certain roles to expose less information in your GraphQL API to those users.
3. Operation Timeout: This is yet another powerful security feature that allows you to configure an expiration time on your GraphQL operations on a per role or global level so that you can avoid certain operations running for longer times.

Our community champion, Gustavo Fune, joined us in May to talk about how they implemented authentication using Supertokens in Hasura at Off Script.

Here are a few things we loved about Gus's demo:

1. Implementing Auth with Supertokens has rotating JWT keys. To avoid having to update their keys on their end, they implemented authentication using Webhooks on Hasura.
2. To configure the Webhook on Hasura, they initially tested out lambdas and API gateways. However, they decided to build their own server to solve for latency in their Webhook configuration. This turned out to be faster than some of the other JWT providers out there.
3. They open sourced their implementation that follows the Webhook pattern on their dedicated server. Check it out!
4. The hasura-supertokens implementation has out-of-the-box support for role based access control with Hasura. Hasura checks with hasura-supertokens for a session handle to make sure the user id exists and changes in Hasura are reflected in real-time without refreshing the keys.
5. You can return custom session variables for your production instances with the hasura-supertokens implementation. They're working on a tutorial that teaches how to do that, so keep your eyes peeled for it!

Hasura’s annual user conference is back! HasuraCon'21, our 'Biggest Community Call of The Year', is happening on 23-24 June, 2021. Agenda is live, check it out and register to join us for 2 days of exciting talks and in-depth workshops.

If you've built something with (or for) Hasura, we'd love for you to showcase this in an upcoming community call. Let us know through this form. Lastly, we'd appreciate your feedback so that we can make our community calls better.

See you at HasuraCon'21!