[vsurabhi]

Very similar projects ! The emphasis of Hasura is to make it seamless to work with existing databases.

The primary difference is how authorization is handled. In Postgraphile, you map your application roles to Postgres users and define policies using Postgres's RLS. With Hasura, you define rules on roles (similar to Postgres's RLS) but it integrates into your existing auth system using webhooks.

[rogerrohrbach]

Another salient difference (and, for me, a deal-breaker): PostGraphile exposes user-defined functions in the GraphQL API, making it possible to define application logic and build a complete service without recourse to any other server-side technology.

[tango12]

True! We actually do support this via triggers at the moment; but exposing UDFs directly is on our roadmap too.

[rogerrohrbach]

Ah—good to know!

[fictorial]

Would you mind expanding on this a bit? It seems HGE makes a call to a webhook for every GraphQL query/mutation [1]? This sounds rather expensive to me. Thanks!

[1] https://docs.hasura.io/1.0/graphql/manual/auth/index.html

[tango12]

We're adding support for JWT soon too which should prevent this overhead for applications that support JWT. But basically the idea here is to be equivalent to session cache hit.

Another deployment pattern is to make everything go through an API gateway which would usually do the auth resolution for all microservices, and thus can set the dynamic variables required for access control for HGE directly too. In this case, auth-webhook is disabled.