From db165ca0fbf35771053f1f4640d634a7883452d3 Mon Sep 17 00:00:00 2001 From: Aaron Boodman Date: Mon, 13 Jan 2025 16:13:13 -1000 Subject: [PATCH] v0.11 --- contents/docs/permissions/index.mdx | 16 ++++++++++ contents/docs/reading-data/index.mdx | 4 --- contents/docs/release-notes/0.11/index.mdx | 34 ++++++++++++++++++++++ contents/docs/release-notes/index.mdx | 1 + contents/docs/zero-cache-config/index.mdx | 16 ++++++++++ 5 files changed, 67 insertions(+), 4 deletions(-) create mode 100644 contents/docs/release-notes/0.11/index.mdx diff --git a/contents/docs/permissions/index.mdx b/contents/docs/permissions/index.mdx index 67231c5..e047dc1 100644 --- a/contents/docs/permissions/index.mdx +++ b/contents/docs/permissions/index.mdx @@ -48,6 +48,22 @@ Each operation on a policy has a _ruleset_ containing zero or more _rules_. A rule is just a TypeScript function that receives the logged in user's `AuthData` and generates a ZQL [where expression](reading-data#compound-filters). At least one rule in a ruleset must return a row for the operation to be allowed. + +Although they look like normal TypeScript functions, permission rules are "compiled" into a [JSON/ZQL format](zero-cache-config#schema-file) at compile-time. Those JSON rules are uploaded to zero-cache and *that's* what is evaluated. + +These functions aren't really ever run against a real auth token. They are instead run against a "placeholder" auth token at compile time. We track which fields are accessed and create a ZQL expression that extracts the right fields out of the real auth token at runtime. + +This is confusing and we will be reworking it to make what's really happening more clear. + +In the meantime, what you need to understand is that the only JS that is supported in these rules is accessing fields and subfields. + +Specifically: + +* Iterate over properties or array elements in the auth token +* Use any JS features beyond property access +* Use any conditional or global state + + ## Select Permissions You can limit the data a user can read by specifying a `select` ruleset. diff --git a/contents/docs/reading-data/index.mdx b/contents/docs/reading-data/index.mdx index b3d1b9a..a7391cb 100644 --- a/contents/docs/reading-data/index.mdx +++ b/contents/docs/reading-data/index.mdx @@ -282,10 +282,6 @@ if (issueResult.type === 'complete') { } ``` - - Sorry about that. Ping us in Discord if you need this in SolidJS. - - The possible values of `result.type` are currently `complete` and `unknown`. The `complete` value is currently only returned when Zero has received the server result. But in the future, Zero will be able to return this result type when it _knows_ that all possible data for this query is already available locally. Additionally, we plan to add a `prefix` result for when the data is known to be a prefix of the complete result. See [Consistency](/docs/preloading#consistency) for more information. diff --git a/contents/docs/release-notes/0.11/index.mdx b/contents/docs/release-notes/0.11/index.mdx new file mode 100644 index 0000000..3088887 --- /dev/null +++ b/contents/docs/release-notes/0.11/index.mdx @@ -0,0 +1,34 @@ +--- +title: Zero 0.11 +description: Windows +--- + +## Install + +```bash +npm install @rocicorp/zero@0.11 +``` + +## Features + +- Windows should work a lot better now. Thank you very much to [aexylus](https://aexylus.com/) and [Sergio Leon](https://www.cbnsndwch.io/) for the testing and contributions here. +- Support nested property access in JWT auth tokens ([docs](/docs/permissions#rules)). +- Make initial sync configurable ([docs](/docs/zero-cache-config#initial-sync-table-copy-workers)). +- Add query result type to SolidJS ([docs](/docs/reading-data#completeness)) +- Docker image now contains native amd64 and arm64 binaries. +- Add `storageKey` constructor parameter to enable multiple `Zero` instances for same `userID`. + +## Fixes + +Many, many fixes, including: + +- Fix downstream replication of primitive values +- Fix replication of `TRUNCATE` messages +- Fix large storage use for idle pg instances +- Add runtime sanity checks for when a table is referenced but not synced +- Fix `zero-cache-dev` for multitenant + + +## Breaking Changes + +- The addition of result types to SolidJS is a breaking API change. See the changes to [`hello-zero-solid`](https://github.com/rocicorp/hello-zero-solid/commit/7c6c3a47479f037f8323b102013244881c74fe9e) for upgrade example. diff --git a/contents/docs/release-notes/index.mdx b/contents/docs/release-notes/index.mdx index fe2d350..3ae2c3e 100644 --- a/contents/docs/release-notes/index.mdx +++ b/contents/docs/release-notes/index.mdx @@ -2,6 +2,7 @@ title: Release Notes --- +- [Zero 0.11: Windows](/docs/release-notes/0.11) - [Zero 0.10: Remove Top-Level Await](/docs/release-notes/0.10) - [Zero 0.9: JWK Support](/docs/release-notes/0.9) - [Zero 0.8: Schema Autobuild, Result Types, and Enums](/docs/release-notes/0.8) diff --git a/contents/docs/zero-cache-config/index.mdx b/contents/docs/zero-cache-config/index.mdx index a16fc93..5577e00 100644 --- a/contents/docs/zero-cache-config/index.mdx +++ b/contents/docs/zero-cache-config/index.mdx @@ -234,6 +234,22 @@ flag: `--storage-db-tmp-dir`
env: `ZERO_STORAGE_DB_TMP_DIR`
optional: `true` +## Initial Sync Table Copy Workers + +The number of parallel workers used to copy tables during initial sync. Each worker copies a single table at a time, fetching rows in batches of `initial-sync-row-batch-size`. + +flag: `--initial-sync-table-copy-workers`
+env: `ZERO_INITIAL_SYNC_TABLE_COPY_WORKERS`
+default: `5` + +## Initial Sync Row Batch Size + +The number of rows each table copy worker fetches at a time during initial sync. This can be increased to speed up initial sync, or decreased to reduce the amount of heap memory used during initial sync (e.g. for tables with large rows). + +flag: `--initial-sync-row-batch-size`
+env: `ZERO_INITIAL_SYNC_ROW_BATCH_SIZE`
+default: `10000` + ## Tenants JSON JSON encoding of per-tenant configs for running the server in multi-tenant mode: