watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-08 14:47:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Dev (#1702)

Browse source 
* Initial Typescript models.

* Re-add realtime data

* get distinct sessions for session metrics

* Add queries for new schema.

* Fix Typo.

* Add some api/team endpoints.

* Fix destructure error.

* Fix getWebsites call.

* Ignore typescript build errors.

* Fix enum issue.

* add clickhouse route to deleteWebsite

* Fix Website auth.

* Updated lint-staged config.

* Add permission checks.

* Add user role api.

* Fix error when updating website.

* Fix isAdmin check.  Fix Schema.

* Initial conversion to react-basics.

* Remove user/team transfer from website update.

* delete website in relational query

* Fix login secure token creation.

* Add event type to event.

* Allow user to be added to team with role.

* Updated login form.

* Add Role to TeamUser.

* Add database migration.

* Refactored permissions check. Updated redis lib.

* Feat/um 114 roles and permissions (#1683)

* Auth checkpoint.

* Merge branch 'dev' into feat/um-114-roles-and-permissions

* Add 02 migration.

* Added lib/types.

* Updated schema.

* Updated roles and permissions logic.

* Implement react-basics styles. Fix queries.

* Update website details layout.

* Add 01 migration.

* Fix admin create.

* Update react-basics.

Co-authored-by: Francis Cao <franciscao@gmail.com>
Co-authored-by: Mike Cao <mike@mikecao.com>
Co-authored-by: Mike Cao <moocao@gmail.com>
This commit is contained in:
Brian Cao 2022-12-12 19:45:38 -08:00 committed by GitHub
parent 94848cc41b
commit 8732d056dd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
165 changed files with 3370 additions and 6268 deletions
Download patch file Download diff file Expand all files Collapse all files

76
lib/auth.js
View file

@ -1,76 +0,0 @@
import { parseSecureToken, parseToken } from 'next-basics';
import { getUser, getWebsite } from 'queries';
import debug from 'debug';
import { SHARE_TOKEN_HEADER, TYPE_USER, TYPE_WEBSITE } from 'lib/constants';
import { secret } from 'lib/crypto';
const log = debug('umami:auth');
export function getAuthToken(req) {
try {
return req.headers.authorization.split(' ')[1];
} catch {
return null;
}
}
export function parseAuthToken(req) {
try {
return parseSecureToken(getAuthToken(req), secret());
} catch (e) {
log(e);
return null;
}
}
export function parseShareToken(req) {
try {
return parseToken(req.headers[SHARE_TOKEN_HEADER], secret());
} catch (e) {
log(e);
return null;
}
}
export function isValidToken(token, validation) {
try {
if (typeof validation === 'object') {
return !Object.keys(validation).find(key => token[key] !== validation[key]);
} else if (typeof validation === 'function') {
return validation(token);
}
} catch (e) {
log(e);
return false;
}
return false;
}
export async function allowQuery(req, type) {
const { id } = req.query;
const { user, shareToken } = req.auth;
if (user?.isAdmin) {
return true;
}
if (shareToken) {
return isValidToken(shareToken, { id });
}
if (user?.id) {
if (type === TYPE_WEBSITE) {
const website = await getWebsite({ id });
return website && website.userId === user.id;
} else if (type === TYPE_USER) {
const user = await getUser({ id });
return user && user.id === id;
}
}
return false;
}

129
lib/auth.ts Normal file
View file

@ -0,0 +1,129 @@
import { parseSecureToken, parseToken, ensureArray } from 'next-basics';
import debug from 'debug';
import cache from 'lib/cache';
import { SHARE_TOKEN_HEADER, PERMISSIONS, ROLE_PERMISSIONS } from 'lib/constants';
import { secret } from 'lib/crypto';
import { getTeamUser } from 'queries';
const log = debug('umami:auth');
export function getAuthToken(req) {
try {
return req.headers.authorization.split(' ')[1];
} catch {
return null;
}
}
export function parseAuthToken(req) {
try {
return parseSecureToken(getAuthToken(req), secret());
} catch (e) {
log(e);
return null;
}
}
export function parseShareToken(req) {
try {
return parseToken(req.headers[SHARE_TOKEN_HEADER], secret());
} catch (e) {
log(e);
return null;
}
}
export function isValidToken(token, validation) {
try {
if (typeof validation === 'object') {
return !Object.keys(validation).find(key => token[key] !== validation[key]);
} else if (typeof validation === 'function') {
return validation(token);
}
} catch (e) {
log(e);
return false;
}
return false;
}
export async function canViewWebsite(userId: string, websiteId: string) {
const website = await cache.fetchWebsite(websiteId);
if (website.userId) {
return userId === website.userId;
}
if (website.teamId) {
return getTeamUser(website.teamId, userId);
}
return false;
}
export async function canUpdateWebsite(userId: string, websiteId: string) {
const website = await cache.fetchWebsite(websiteId);
if (website.userId) {
return userId === website.userId;
}
if (website.teamId) {
const teamUser = await getTeamUser(website.teamId, userId);
return hasPermission(teamUser.role, PERMISSIONS.websiteUpdate);
}
return false;
}
export async function canDeleteWebsite(userId: string, websiteId: string) {
const website = await cache.fetchWebsite(websiteId);
if (website.userId) {
return userId === website.userId;
}
if (website.teamId) {
const teamUser = await getTeamUser(website.teamId, userId);
return hasPermission(teamUser.role, PERMISSIONS.websiteDelete);
}
return false;
}
// To-do: Implement when payments are setup.
export async function canCreateTeam(userId: string) {
return !!userId;
}
// To-do: Implement when payments are setup.
export async function canViewTeam(userId: string, teamId) {
return getTeamUser(teamId, userId);
}
export async function canUpdateTeam(userId: string, teamId: string) {
const teamUser = await getTeamUser(teamId, userId);
return hasPermission(teamUser.role, PERMISSIONS.teamUpdate);
}
export async function canDeleteTeam(userId: string, teamId: string) {
const teamUser = await getTeamUser(teamId, userId);
return hasPermission(teamUser.role, PERMISSIONS.teamDelete);
}
export async function canViewUser(userId: string, viewedUserId: string) {
return userId === viewedUserId;
}
export async function canUpdateUser(userId: string, viewedUserId: string) {
return userId === viewedUserId;
}
export async function hasPermission(role: string, permission: string | string[]) {
return ensureArray(permission).some(e => ROLE_PERMISSIONS[role]?.includes(e));
}

13
lib/cache.js → lib/cache.ts
View file

@ -1,5 +1,6 @@
import { getWebsite, getUser, getSession } from '../queries';
import redis, { DELETED } from 'lib/redis';
import { User, Website } from '@prisma/client';
import redis from 'lib/redis';
import { getSession, getUser, getWebsite } from '../queries';
async function fetchObject(key, query) {
const obj = await redis.get(key);
@ -22,10 +23,10 @@ async function storeObject(key, data) {
}
async function deleteObject(key) {
return redis.set(key, DELETED);
return redis.set(key, redis.DELETED);
}
async function fetchWebsite(id) {
async function fetchWebsite(id): Promise<Website> {
return fetchObject(`website:${id}`, () => getWebsite({ id }));
}
@ -40,8 +41,8 @@ async function deleteWebsite(id) {
return deleteObject(`website:${id}`);
}
async function fetchUser(id) {
return fetchObject(`user:${id}`, () => getUser({ id }));
async function fetchUser(id): Promise<User> {
return fetchObject(`user:${id}`, () => getUser({ id }, true));
}
async function storeUser(data) {

8
lib/clickhouse.js
View file

@ -106,7 +106,7 @@ function getEventDataFilterQuery(column, filters) {
return query.join('\nand ');
}
function getFilterQuery(column, filters = {}, params = []) {
function getFilterQuery(filters = {}, params = []) {
const query = Object.keys(filters).reduce((arr, key) => {
const filter = filters[key];
@ -146,7 +146,7 @@ function getFilterQuery(column, filters = {}, params = []) {
return query.join('\n');
}
function parseFilters(column, filters = {}, params = []) {
function parseFilters(filters = {}, params = []) {
const { domain, url, event_url, referrer, os, browser, device, country, event_name, query } =
filters;
@ -159,9 +159,7 @@ function parseFilters(column, filters = {}, params = []) {
sessionFilters,
eventFilters,
event: { event_name },
pageviewQuery: getFilterQuery(column, pageviewFilters, params),
sessionQuery: getFilterQuery(column, sessionFilters, params),
eventQuery: getFilterQuery(column, eventFilters, params),
filterQuery: getFilterQuery(filters, params),
};
}

14
lib/client.ts Normal file
View file

@ -0,0 +1,14 @@
import { getItem, setItem, removeItem } from 'next-basics';
import { AUTH_TOKEN } from './constants';
export function getAuthToken() {
return getItem(AUTH_TOKEN);
}
export function setAuthToken(token) {
setItem(AUTH_TOKEN, token);
}
export function removeAuthToken() {
removeItem(AUTH_TOKEN);
}

48
lib/constants.js → lib/constants.ts
View file

@ -1,3 +1,4 @@
/* eslint-disable no-unused-vars */
export const CURRENT_VERSION = process.env.currentVersion;
export const AUTH_TOKEN = 'umami.auth';
export const LOCALE_CONFIG = 'umami.locale';
@ -21,8 +22,51 @@ export const DEFAULT_WEBSITE_LIMIT = 10;
export const REALTIME_RANGE = 30;
export const REALTIME_INTERVAL = 3000;
export const TYPE_WEBSITE = 'website';
export const TYPE_USER = 'user';
export const EVENT_TYPE = {
pageView: 1,
customEvent: 2,
};
export const ROLES = {
admin: 'admin',
user: 'user',
teamOwner: 'team-owner',
teamMember: 'team-member',
teamGuest: 'team-guest',
};
export const PERMISSIONS = {
all: 'all',
websiteCreate: 'website:create',
websiteUpdate: 'website:update',
websiteDelete: 'website:delete',
teamCreate: 'team:create',
teamUpdate: 'team:update',
teamDelete: 'team:delete',
};
export const ROLE_PERMISSIONS = {
[ROLES.admin]: [PERMISSIONS.all],
[ROLES.user]: [
PERMISSIONS.websiteCreate,
PERMISSIONS.websiteUpdate,
PERMISSIONS.websiteDelete,
PERMISSIONS.teamCreate,
],
[ROLES.teamOwner]: [
PERMISSIONS.teamUpdate,
PERMISSIONS.teamDelete,
PERMISSIONS.websiteCreate,
PERMISSIONS.websiteUpdate,
PERMISSIONS.websiteDelete,
],
[ROLES.teamMember]: [
PERMISSIONS.websiteCreate,
PERMISSIONS.websiteUpdate,
PERMISSIONS.websiteDelete,
],
[ROLES.teamGuest]: [],
};
export const THEME_COLORS = {
light: {

7
lib/middleware.js
View file

@ -3,9 +3,10 @@ import debug from 'debug';
import cors from 'cors';
import { validate } from 'uuid';
import { findSession } from 'lib/session';
import { parseShareToken, getAuthToken } from 'lib/auth';
import { getAuthToken, parseShareToken } from 'lib/auth';
import { secret } from 'lib/crypto';
import redis from 'lib/redis';
import { ROLES } from 'lib/constants';
import { getUser } from '../queries';
const log = debug('umami:middleware');
@ -45,6 +46,10 @@ export const useAuth = createMiddleware(async (req, res, next) => {
return unauthorized(res);
}
if (user) {
user.isAdmin = user.role === ROLES.admin;
}
req.auth = { user, token, shareToken, key };
next();
});

74
lib/prisma.js → lib/prisma.ts
View file

@ -4,6 +4,7 @@ import moment from 'moment-timezone';
import debug from 'debug';
import { PRISMA, MYSQL, POSTGRESQL, getDatabaseType } from 'lib/db';
import { FILTER_IGNORED } from 'lib/constants';
import { PrismaClientOptions } from '@prisma/client/runtime';
const MYSQL_DATE_FORMATS = {
minute: '%Y-%m-%d %H:%i:00',
@ -37,7 +38,8 @@ function logQuery(e) {
}
function getClient(options) {
const prisma = new PrismaClient(options);
const prisma: PrismaClient<PrismaClientOptions, 'query' | 'error' | 'info' | 'warn'> =
new PrismaClient(options);
if (process.env.LOG_QUERY) {
prisma.$on('query', logQuery);
@ -52,7 +54,7 @@ function getClient(options) {
return prisma;
}
function getDateQuery(field, unit, timezone) {
function getDateQuery(field, unit, timezone?): string {
const db = getDatabaseType(process.env.DATABASE_URL);
if (db === POSTGRESQL) {
@ -73,7 +75,7 @@ function getDateQuery(field, unit, timezone) {
}
}
function getTimestampInterval(field) {
function getTimestampInterval(field): string {
const db = getDatabaseType(process.env.DATABASE_URL);
if (db === POSTGRESQL) {
@ -85,7 +87,7 @@ function getTimestampInterval(field) {
}
}
function getJsonField(column, property, isNumber) {
function getJsonField(column, property, isNumber): string {
const db = getDatabaseType(process.env.DATABASE_URL);
if (db === POSTGRESQL) {
@ -103,7 +105,7 @@ function getJsonField(column, property, isNumber) {
}
}
function getEventDataColumnsQuery(column, columns) {
function getEventDataColumnsQuery(column, columns): string {
const query = Object.keys(columns).reduce((arr, key) => {
const filter = columns[key];
@ -121,7 +123,7 @@ function getEventDataColumnsQuery(column, columns) {
return query.join(',\n');
}
function getEventDataFilterQuery(column, filters) {
function getEventDataFilterQuery(column, filters): string {
const query = Object.keys(filters).reduce((arr, key) => {
const filter = filters[key];
@ -143,7 +145,7 @@ function getEventDataFilterQuery(column, filters) {
return query.join('\nand ');
}
function getFilterQuery(table, column, filters = {}, params = []) {
function getFilterQuery(filters = {}, params = []): string {
const query = Object.keys(filters).reduce((arr, key) => {
const filter = filters[key];
@ -153,48 +155,25 @@ function getFilterQuery(table, column, filters = {}, params = []) {
switch (key) {
case 'url':
if (table === 'pageview' || table === 'event') {
arr.push(`and ${table}.${key}=$${params.length + 1}`);
params.push(decodeURIComponent(filter));
}
break;
case 'os':
case 'browser':
case 'device':
case 'country':
if (table === 'session') {
arr.push(`and ${table}.${key}=$${params.length + 1}`);
params.push(decodeURIComponent(filter));
}
break;
case 'event_name':
if (table === 'event') {
arr.push(`and ${table}.${key}=$${params.length + 1}`);
params.push(decodeURIComponent(filter));
}
arr.push(`and ${key}=$${params.length + 1}`);
params.push(decodeURIComponent(filter));
break;
case 'referrer':
if (table === 'pageview' || table === 'event') {
arr.push(`and ${table}.referrer like $${params.length + 1}`);
params.push(`%${decodeURIComponent(filter)}%`);
}
arr.push(`and referrer like $${params.length + 1}`);
params.push(`%${decodeURIComponent(filter)}%`);
break;
case 'domain':
if (table === 'pageview') {
arr.push(`and ${table}.referrer not like $${params.length + 1}`);
arr.push(`and ${table}.referrer not like '/%'`);
params.push(`%://${filter}/%`);
}
arr.push(`and referrer not like $${params.length + 1}`);
arr.push(`and referrer not like '/%'`);
params.push(`%://${filter}/%`);
break;
case 'query':
if (table === 'pageview') {
arr.push(`and ${table}.url like '%?%'`);
}
arr.push(`and url like '%?%'`);
}
return arr;
@ -203,7 +182,11 @@ function getFilterQuery(table, column, filters = {}, params = []) {
return query.join('\n');
}
function parseFilters(table, column, filters = {}, params = [], sessionKey = 'session_id') {
function parseFilters(
filters: { [key: string]: any } = {},
params = [],
sessionKey = 'session_id',
) {
const { domain, url, event_url, referrer, os, browser, device, country, event_name, query } =
filters;
@ -218,15 +201,13 @@ function parseFilters(table, column, filters = {}, params = [], sessionKey = 'se
event: { event_name },
joinSession:
os || browser || device || country
? `inner join session on ${table}.${sessionKey} = session.${sessionKey}`
? `inner join session on ${sessionKey} = session.${sessionKey}`
: '',
pageviewQuery: getFilterQuery('pageview', column, pageviewFilters, params),
sessionQuery: getFilterQuery('session', column, sessionFilters, params),
eventQuery: getFilterQuery('event', column, eventFilters, params),
filterQuery: getFilterQuery(filters, params),
};
}
async function rawQuery(query, params = []) {
async function rawQuery(query, params = []): Promise<any> {
const db = getDatabaseType(process.env.DATABASE_URL);
if (db !== POSTGRESQL && db !== MYSQL) {
@ -238,12 +219,13 @@ async function rawQuery(query, params = []) {
return prisma.$queryRawUnsafe.apply(prisma, [sql, ...params]);
}
async function transaction(queries) {
async function transaction(queries): Promise<any> {
return prisma.$transaction(queries);
}
// Initialization
const prisma = global[PRISMA] || getClient(PRISMA_OPTIONS);
const prisma: PrismaClient<PrismaClientOptions, 'query' | 'error' | 'info' | 'warn'> =
global[PRISMA] || getClient(PRISMA_OPTIONS);
export default {
client: prisma,

32
lib/redis.js
View file

@ -1,39 +1,39 @@
import { createClient } from 'redis';
import debug from 'debug';
import Redis from 'ioredis';
import { REDIS } from 'lib/db';
const log = debug('umami:redis');
export const DELETED = 'deleted';
const REDIS = Symbol();
const DELETED = 'DELETED';
let redis;
const enabled = Boolean(process.env.REDIS_URL);
const url = process.env.REDIS_URL;
const enabled = Boolean(url);
function getClient() {
async function getClient() {
if (!enabled) {
return null;
}
const redis = new Redis(process.env.REDIS_URL, {
retryStrategy(times) {
log(`Redis reconnecting attempt: ${times}`);
return 5000;
},
});
const client = createClient({ url });
client.on('error', err => log(err));
await client.connect();
if (process.env.NODE_ENV !== 'production') {
global[REDIS] = redis;
global[REDIS] = client;
}
log('Redis initialized');
return redis;
return client;
}
async function get(key) {
await connect();
const data = await redis.get(key);
try {
return JSON.parse(await redis.get(key));
return JSON.parse(data);
} catch {
return null;
}
@ -53,10 +53,10 @@ async function del(key) {
async function connect() {
if (!redis && enabled) {
redis = global[REDIS] || getClient();
redis = global[REDIS] || (await getClient());
}
return redis;
}
export default { enabled, client: redis, log, connect, get, set, del };
export default { enabled, client: redis, log, connect, get, set, del, DELETED };

2
lib/session.js
View file

@ -40,7 +40,7 @@ export async function findSession(req) {
website = await getWebsite({ id: websiteId });
}
if (!website || website.isDeleted) {
if (!website || website.deletedAt) {
throw new Error(`Website not found: ${websiteId}`);
}

90
lib/types.ts Normal file
View file

@ -0,0 +1,90 @@
import { NextApiRequest } from 'next';
export interface Auth {
user?: {
id: string;
username: string;
role: string;
isAdmin: boolean;
};
shareToken?: string;
}
export interface NextApiRequestQueryBody<TQuery = any, TBody = any> extends NextApiRequest {
auth?: Auth;
query: TQuery & { [key: string]: string | string[] };
body: TBody;
headers: any;
}
export interface NextApiRequestAuth extends NextApiRequest {
auth?: Auth;
headers: any;
}
export interface Website {
id: string;
userId: string;
revId: number;
name: string;
domain: string;
shareId: string;
createdAt: Date;
}
export interface Share {
id: string;
token: string;
}
export interface Empty {}
export interface WebsiteActive {
x: number;
}
export interface WebsiteEventDataMetric {
[key: string]: number;
}
export interface WebsiteMetric {
x: string;
y: number;
}
export interface WebsiteEventMetric {
x: string;
t: string;
y: number;
}
export interface WebsitePageviews {
pageviews: {
t: string;
y: number;
};
sessions: {
t: string;
y: number;
};
}
export interface WebsiteStats {
pageviews: { value: number; change: number };
uniques: { value: number; change: number };
bounces: { value: number; change: number };
totalTime: { value: number; change: number };
}
export interface RealtimeInit {
websites: Website[];
token: string;
data: RealtimeUpdate;
}
export interface RealtimeUpdate {
pageviews: any[];
sessions: any[];
events: any[];
timestamp: number;
}