Zero 0.15

Install

Copynpm install @rocicorp/zero@0.15

Upgrade Guide

This release changes the way that permissions are sent to the server. Before, permissions were sent to the server by setting the ZERO_SCHEMA_JSON or ZERO_SCHEMA_FILE environment variables, which include the permissions.

In 0.15, these variables go away and are replaced by a new command: npx zero-deploy-permissions. This command writes the permissions to a new table in the upstream database. This design allows live permission updates, without restarting the server. It also solves problems with max env var size that users were seeing.

This release also flips the default permission from allow to deny for all rules.

To upgrade your app:

1. See the changes to hello-zero or hello-zero-solid for how to update your permissions.
2. Remove the ZERO_SCHEMA_JSON and ZERO_SCHEMA_FILE environment variables from your setup. They aren't used anymore.
3. Use npx zero-deploy-permissions to deploy permissions when necessary. You can hook this up to your CI to automate it. See the zbugs implementation as an example.

Features

• Live-updating permissions (docs).
• Permissions now default to deny rather than allow (docs).

Fixes

• Multiple whereExists in same query not working (PR)
• Allow overlapped mutators (bug)
• "Immutable type too deep" error (PR)
• Log server version at startup (PR)
• Eliminate quadratic CVR writes (PR)
• Handle numeric in the replication stream (PR)
• Make the auto-reset required error more prominent (PR)
• Add "type":"module" recommendation when schema load fails (PR)
• Throw error if multiple auth options set (PR)
• Handle NULL characters in JSON columns (PR)

Breaking Changes

• Making permissions deny by default breaks existing apps. To fix add ANYONE_CAN or other appropriate permissions for your tables. See docs.
• The ZERO_SCHEMA_JSON and ZERO_SCHEMA_FILE environment variables are no longer used. Remove them from your setup and use npx zero-deploy-permissions instead.