watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-10 15:47:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Add api validations.

Browse source
This commit is contained in:
Brian Cao 2023-08-19 22:23:15 -07:00
parent 7d5a24044a
commit 7a7233ead4
41 changed files with 690 additions and 180 deletions
Download patch file Download diff file Expand all files Collapse all files

36
pages/api/reports/[id].ts
View file

@ -1,9 +1,10 @@
import { canUpdateReport, canViewReport, canDeleteReport } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { NextApiRequestQueryBody } from 'lib/types';
import { canDeleteReport, canUpdateReport, canViewReport } from 'lib/auth';
import { useAuth, useCors, useValidate } from 'lib/middleware';
import { NextApiRequestQueryBody, ReportType, YupRequest } from 'lib/types';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getReportById, updateReport, deleteReport } from 'queries';
import { deleteReport, getReportById, updateReport } from 'queries';
import * as yup from 'yup';
export interface ReportRequestQuery {
id: string;
@ -11,12 +12,34 @@ export interface ReportRequestQuery {
export interface ReportRequestBody {
websiteId: string;
type: string;
type: ReportType;
name: string;
description: string;
parameters: string;
}
const schema: YupRequest = {
GET: yup.object().shape({
id: yup.string().uuid().required(),
}),
POST: yup.object().shape({
id: yup.string().uuid().required(),
websiteId: yup.string().uuid().required(),
type: yup
.string()
.matches(/funnel|insights|retention/i)
.required(),
name: yup.string().max(200).required(),
description: yup.string().max(500),
parameters: yup
.object()
.test('len', 'Must not exceed 6000 characters.', val => JSON.stringify(val).length < 6000),
}),
DELETE: yup.object().shape({
id: yup.string().uuid().required(),
}),
};
export default async (
req: NextApiRequestQueryBody<ReportRequestQuery, ReportRequestBody>,
res: NextApiResponse,
@ -24,6 +47,9 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
req.yup = schema;
await useValidate(req, res);
const { id: reportId } = req.query;
const {
user: { id: userId },

23
pages/api/reports/funnel.ts
View file

@ -1,9 +1,10 @@
import { canViewWebsite } from 'lib/auth';
import { useCors, useAuth } from 'lib/middleware';
import { useAuth, useCors, useValidate } from 'lib/middleware';
import { NextApiRequestQueryBody } from 'lib/types';
import { NextApiResponse } from 'next';
import { ok, methodNotAllowed, unauthorized } from 'next-basics';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getFunnel } from 'queries';
import * as yup from 'yup';
export interface FunnelRequestBody {
websiteId: string;
@ -22,6 +23,21 @@ export interface FunnelResponse {
endAt: number;
}
const schema = {
POST: yup.object().shape({
websiteId: yup.string().uuid().required(),
urls: yup.array().min(2).of(yup.string()).required(),
window: yup.number().positive().required(),
dateRange: yup
.object()
.shape({
startDate: yup.date().required(),
endDate: yup.date().required(),
})
.required(),
}),
};
export default async (
req: NextApiRequestQueryBody<any, FunnelRequestBody>,
res: NextApiResponse<FunnelResponse>,
@ -29,6 +45,9 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
req.yup = schema;
await useValidate(req, res);
if (req.method === 'POST') {
const {
websiteId,

33
pages/api/reports/index.ts
View file

@ -1,10 +1,11 @@
import { canViewWebsite } from 'lib/auth';
import { uuid } from 'lib/crypto';
import { useAuth, useCors } from 'lib/middleware';
import { useAuth, useCors, useValidate } from 'lib/middleware';
import { NextApiRequestQueryBody, ReportSearchFilterType, SearchFilter } from 'lib/types';
import { getFilterValidation } from 'lib/yup';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { createReport, getReportsByUserId, getReportsByWebsiteId } from 'queries';
import { methodNotAllowed, ok } from 'next-basics';
import { createReport, getReportsByUserId } from 'queries';
import * as yup from 'yup';
export interface ReportsRequestQuery extends SearchFilter<ReportSearchFilterType> {}
@ -14,11 +15,28 @@ export interface ReportRequestBody {
type: string;
description: string;
parameters: {
window: string;
urls: string[];
[key: string]: any;
};
}
const schema = {
GET: yup.object().shape({
...getFilterValidation(/All|Name|Description|Type|Username|Website Name|Website Domain/i),
}),
POST: yup.object().shape({
websiteId: yup.string().uuid().required(),
name: yup.string().max(200).required(),
type: yup
.string()
.matches(/funnel|insights|retention/i)
.required(),
description: yup.string().max(500),
parameters: yup
.object()
.test('len', 'Must not exceed 6000 characters.', val => JSON.stringify(val).length < 6000),
}),
};
export default async (
req: NextApiRequestQueryBody<any, ReportRequestBody>,
res: NextApiResponse,
@ -26,6 +44,9 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
req.yup = schema;
await useValidate(req, res);
const {
user: { id: userId },
} = req.auth;

39
pages/api/reports/insights.ts
View file

@ -1,9 +1,10 @@
import { canViewWebsite } from 'lib/auth';
import { useCors, useAuth } from 'lib/middleware';
import { useAuth, useCors, useValidate } from 'lib/middleware';
import { NextApiRequestQueryBody } from 'lib/types';
import { NextApiResponse } from 'next';
import { ok, methodNotAllowed, unauthorized } from 'next-basics';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getInsights } from 'queries';
import * as yup from 'yup';
export interface InsightsRequestBody {
websiteId: string;
@ -16,6 +17,37 @@ export interface InsightsRequestBody {
groups: { name: string; type: string }[];
}
const schema = {
POST: yup.object().shape({
websiteId: yup.string().uuid().required(),
dateRange: yup
.object()
.shape({
startDate: yup.date().required(),
endDate: yup.date().required(),
})
.required(),
fields: yup
.array()
.of(
yup.object().shape({
name: yup.string().required(),
type: yup.string().required(),
value: yup.string().required(),
}),
)
.min(1)
.required(),
filters: yup.array().of(yup.string()).min(1).required(),
groups: yup.array().of(
yup.object().shape({
name: yup.string().required(),
type: yup.string().required(),
}),
),
}),
};
function convertFilters(filters) {
return filters.reduce((obj, { name, ...value }) => {
obj[name] = value;
@ -31,6 +63,9 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
req.yup = schema;
await useValidate(req, res);
if (req.method === 'POST') {
const {
websiteId,

31
pages/api/reports/retention.ts
View file

@ -1,33 +1,43 @@
import { canViewWebsite } from 'lib/auth';
import { useCors, useAuth } from 'lib/middleware';
import { useAuth, useCors, useValidate } from 'lib/middleware';
import { NextApiRequestQueryBody } from 'lib/types';
import { NextApiResponse } from 'next';
import { ok, methodNotAllowed, unauthorized } from 'next-basics';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getRetention } from 'queries';
import * as yup from 'yup';
export interface RetentionRequestBody {
websiteId: string;
dateRange: { window; startDate: string; endDate: string };
timezone: string;
dateRange: { startDate: string; endDate: string };
}
export interface RetentionResponse {
startAt: number;
endAt: number;
}
const schema = {
POST: yup.object().shape({
websiteId: yup.string().uuid().required(),
dateRange: yup
.object()
.shape({
startDate: yup.date().required(),
endDate: yup.date().required(),
})
.required(),
}),
};
export default async (
req: NextApiRequestQueryBody<any, RetentionRequestBody>,
res: NextApiResponse<RetentionResponse>,
res: NextApiResponse,
) => {
await useCors(req, res);
await useAuth(req, res);
req.yup = schema;
await useValidate(req, res);
if (req.method === 'POST') {
const {
websiteId,
dateRange: { startDate, endDate },
timezone,
} = req.body;
if (!(await canViewWebsite(req.auth, websiteId))) {
@ -37,7 +47,6 @@ export default async (
const data = await getRetention(websiteId, {
startDate: new Date(startDate),
endDate: new Date(endDate),
timezone,
});
return ok(res, data);