Merge branch 'dev' of https://github.com/umami-software/umami into feat/clickhouse-mv

src/pages/api/scripts/telemetry.ts

@@ -1,24 +0,0 @@
-import { ok } from 'next-basics';
-import { CURRENT_VERSION, TELEMETRY_PIXEL } from 'lib/constants';
-import { NextApiRequest, NextApiResponse } from 'next';
-
-export default function handler(req: NextApiRequest, res: NextApiResponse) {
-  if (process.env.NODE_ENV === 'production') {
-    res.setHeader('content-type', 'text/javascript');
-
-    if (process.env.DISABLE_TELEMETRY || process.env.PRIVATE_MODE) {
-      return res.send('/* telemetry disabled */');
-    }
-
-    const script = `
-    (()=>{const i=document.createElement('img');
-      i.setAttribute('src','${TELEMETRY_PIXEL}?v=${CURRENT_VERSION}');
-      i.setAttribute('style','width:0;height:0;position:absolute;pointer-events:none;');
-      document.body.appendChild(i);})();
-  `;
-
-    return res.send(script.replace(/\s\s+/g, ''));
-  }
-
-  return ok(res);
-}

src/pages/api/send.ts

@@ -1,4 +1,3 @@
-import ipaddr from 'ipaddr.js';
 import { isbot } from 'isbot';
 import { NextApiRequest, NextApiResponse } from 'next';
 import {
@@ -12,7 +11,7 @@ import {
 } from 'next-basics';
 import { COLLECTION_TYPE, HOSTNAME_REGEX, IP_REGEX } from 'lib/constants';
 import { secret, visitSalt, uuid } from 'lib/crypto';
-import { getIpAddress } from 'lib/detect';
+import { hasBlockedIp } from 'lib/detect';
 import { useCors, useSession, useValidate } from 'lib/middleware';
 import { CollectionType, YupRequest } from 'lib/types';
 import { saveEvent, saveSessionData } from 'queries';
@@ -122,7 +121,7 @@ export default async (req: NextApiRequestCollect, res: NextApiResponse) => {
         urlPath = '/';
       }
 
-      if (referrerPath?.startsWith('http')) {
+      if (/^[\w-]+:\/\/\w+/.test(referrerPath)) {
         const refUrl = new URL(referrer);
         referrerPath = refUrl.pathname;
         referrerQuery = refUrl.search.substring(1);
@@ -166,31 +165,3 @@ export default async (req: NextApiRequestCollect, res: NextApiResponse) => {
 
   return methodNotAllowed(res);
 };
-
-function hasBlockedIp(req: NextApiRequestCollect) {
-  const ignoreIps = process.env.IGNORE_IP;
-
-  if (ignoreIps) {
-    const ips = [];
-
-    if (ignoreIps) {
-      ips.push(...ignoreIps.split(',').map(n => n.trim()));
-    }
-
-    const clientIp = getIpAddress(req);
-
-    return ips.find(ip => {
-      if (ip === clientIp) return true;
-
-      // CIDR notation
-      if (ip.indexOf('/') > 0) {
-        const addr = ipaddr.parse(clientIp);
-        const range = ipaddr.parseCIDR(ip);
-
-        if (addr.kind() === range[0].kind() && addr.match(range)) return true;
-      }
-    });
-  }
-
-  return false;
-}

src/pages/api/websites/[websiteId]/sessions.ts

@@ -0,0 +1,42 @@
+import * as yup from 'yup';
+import { canViewWebsite } from 'lib/auth';
+import { useAuth, useCors, useValidate } from 'lib/middleware';
+import { NextApiRequestQueryBody, PageParams } from 'lib/types';
+import { NextApiResponse } from 'next';
+import { methodNotAllowed, ok, unauthorized } from 'next-basics';
+import { pageInfo } from 'lib/schema';
+import { getSessions } from 'queries';
+
+export interface ReportsRequestQuery extends PageParams {
+  websiteId: string;
+}
+
+const schema = {
+  GET: yup.object().shape({
+    websiteId: yup.string().uuid().required(),
+    ...pageInfo,
+  }),
+};
+
+export default async (
+  req: NextApiRequestQueryBody<ReportsRequestQuery, any>,
+  res: NextApiResponse,
+) => {
+  await useCors(req, res);
+  await useAuth(req, res);
+  await useValidate(schema, req, res);
+
+  const { websiteId } = req.query;
+
+  if (req.method === 'GET') {
+    if (!(await canViewWebsite(req.auth, websiteId))) {
+      return unauthorized(res);
+    }
+
+    const data = await getSessions(websiteId, {}, req.query);
+
+    return ok(res, data);
+  }
+
+  return methodNotAllowed(res);
+};