Feat/um 154 add event data rewrite queries (#1739)

* Cherry pick prisma query protection.

* Re-write CH queries to use query params.

* Fix query.

* Fix modal.  Re-add form css.

queries/analytics/event/getEventData.ts

@@ -38,17 +38,17 @@ async function relationalQuery(
   },
 ) {
   const { startDate, endDate, eventName, columns, filters } = data;
-  const { rawQuery, getEventDataColumnsQuery, getEventDataFilterQuery } = prisma;
-  const params = [startDate, endDate];
+  const { toUuid, rawQuery, getEventDataColumnsQuery, getEventDataFilterQuery } = prisma;
+  const params: any = [websiteId, startDate, endDate, eventName];
 
   return rawQuery(
     `select
       ${getEventDataColumnsQuery('event_data', columns)}
     from website_event
-    where website_id ='${websiteId}'
-      and created_at between $1 and $2
+    where website_id = $1${toUuid()}
+      and created_at between $2 and $3
       and event_type = ${EVENT_TYPE.customEvent}
-      ${eventName ? `and eventName = ${eventName}` : ''}
+      ${eventName ? `and eventName = $4` : ''}
       ${
         Object.keys(filters).length > 0
           ? `and ${getEventDataFilterQuery('event_data', filters)}`
@@ -72,14 +72,14 @@ async function clickhouseQuery(
   const { rawQuery, getBetweenDates, getEventDataColumnsQuery, getEventDataFilterQuery } =
     clickhouse;
   const website = await cache.fetchWebsite(websiteId);
-  const params = [websiteId, website?.revId || 0];
+  const params = { websiteId, revId: website?.revId || 0 };
 
   return rawQuery(
     `select
       ${getEventDataColumnsQuery('event_data', columns)}
     from event
-    where website_id = $1
-      and rev_id = $2
+    where website_id = {websiteId:UUID}
+      and rev_id = {revId:UInt32}
       and event_type = ${EVENT_TYPE.customEvent}
       ${eventName ? `and eventName = ${eventName}` : ''}
       and ${getBetweenDates('created_at', startDate, endDate)}