watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-09 15:17:23 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Dev (#1702)

Browse source 
* Initial Typescript models.

* Re-add realtime data

* get distinct sessions for session metrics

* Add queries for new schema.

* Fix Typo.

* Add some api/team endpoints.

* Fix destructure error.

* Fix getWebsites call.

* Ignore typescript build errors.

* Fix enum issue.

* add clickhouse route to deleteWebsite

* Fix Website auth.

* Updated lint-staged config.

* Add permission checks.

* Add user role api.

* Fix error when updating website.

* Fix isAdmin check.  Fix Schema.

* Initial conversion to react-basics.

* Remove user/team transfer from website update.

* delete website in relational query

* Fix login secure token creation.

* Add event type to event.

* Allow user to be added to team with role.

* Updated login form.

* Add Role to TeamUser.

* Add database migration.

* Refactored permissions check. Updated redis lib.

* Feat/um 114 roles and permissions (#1683)

* Auth checkpoint.

* Merge branch 'dev' into feat/um-114-roles-and-permissions

* Add 02 migration.

* Added lib/types.

* Updated schema.

* Updated roles and permissions logic.

* Implement react-basics styles. Fix queries.

* Update website details layout.

* Add 01 migration.

* Fix admin create.

* Update react-basics.

Co-authored-by: Francis Cao <franciscao@gmail.com>
Co-authored-by: Mike Cao <mike@mikecao.com>
Co-authored-by: Mike Cao <moocao@gmail.com>
This commit is contained in:
Brian Cao 2022-12-12 19:45:38 -08:00 committed by GitHub
parent 94848cc41b
commit 8732d056dd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
165 changed files with 3370 additions and 6268 deletions
Download patch file Download diff file Expand all files Collapse all files

23
pages/api/auth/login.js → pages/api/auth/login.ts
View file

@ -7,11 +7,26 @@ import {
methodNotAllowed,
getRandomChars,
} from 'next-basics';
import { getUser } from 'queries';
import { getUser, User } from 'queries';
import { secret } from 'lib/crypto';
import redis from 'lib/redis';
import { NextApiRequestQueryBody } from 'lib/types';
import { NextApiResponse } from 'next';
export default async (req, res) => {
export interface LoginRequestBody {
username: string;
password: string;
}
export interface LoginResponse {
token: string;
user: User;
}
export default async (
req: NextApiRequestQueryBody<any, LoginRequestBody>,
res: NextApiResponse<LoginResponse>,
) => {
if (req.method === 'POST') {
const { username, password } = req.body;
@ -19,7 +34,7 @@ export default async (req, res) => {
return badRequest(res);
}
const user = await getUser({ username });
const user = await getUser({ username }, { includePassword: true });
if (user && checkPassword(password, user.password)) {
if (redis.enabled) {
@ -27,7 +42,7 @@ export default async (req, res) => {
await redis.set(key, user);
const token = createSecureToken(key, secret());
const token = createSecureToken({ key }, secret());
return ok(res, { token, user });
}

3
pages/api/auth/logout.js → pages/api/auth/logout.ts
View file

@ -2,8 +2,9 @@ import { methodNotAllowed, ok } from 'next-basics';
import { useAuth } from 'lib/middleware';
import redis from 'lib/redis';
import { getAuthToken } from 'lib/auth';
import { NextApiRequest, NextApiResponse } from 'next';
export default async (req, res) => {
export default async (req: NextApiRequest, res: NextApiResponse) => {
await useAuth(req, res);
if (req.method === 'POST') {

8
pages/api/auth/verify.js
View file

@ -1,8 +0,0 @@
import { useAuth } from 'lib/middleware';
import { ok } from 'next-basics';
export default async (req, res) => {
await useAuth(req, res);
return ok(res, req.auth);
};

10
pages/api/auth/verify.ts Normal file
View file

@ -0,0 +1,10 @@
import { NextApiRequestAuth } from 'lib/types';
import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { ok } from 'next-basics';
export default async (req: NextApiRequestAuth, res: NextApiResponse) => {
await useAuth(req, res);
return ok(res, req.auth);
};

34
pages/api/collect.js → pages/api/collect.ts
View file

@ -6,14 +6,41 @@ import { savePageView, saveEvent } from 'queries';
import { useCors, useSession } from 'lib/middleware';
import { getJsonBody, getIpAddress } from 'lib/request';
import { secret } from 'lib/crypto';
import { NextApiRequest, NextApiResponse } from 'next';
export default async (req, res) => {
export interface NextApiRequestCollect extends NextApiRequest {
session: {
id: string;
websiteId: string;
hostname: string;
browser: string;
os: string;
device: string;
screen: string;
language: string;
country: string;
};
}
export default async (req: NextApiRequestCollect, res: NextApiResponse) => {
await useCors(req, res);
if (isbot(req.headers['user-agent']) && !process.env.DISABLE_BOT_CHECK) {
return unauthorized(res);
}
const { type, payload } = getJsonBody(req);
const { referrer, event_name: eventName, event_data: eventData } = payload;
let { url } = payload;
// Validate eventData is JSON
const valid = eventData && typeof eventData === 'object' && !Array.isArray(eventData);
if (!valid) {
return badRequest(res, 'Event Data must be in the form of a JSON Object.');
}
const ignoreIps = process.env.IGNORE_IP;
const ignoreHostnames = process.env.IGNORE_HOSTNAME;
@ -60,10 +87,6 @@ export default async (req, res) => {
const session = req.session;
const { type, payload } = getJsonBody(req);
let { url, referrer, event_name: eventName, event_data: eventData } = payload;
if (process.env.REMOVE_TRAILING_SLASH) {
url = url.replace(/\/$/, '');
}
@ -74,6 +97,7 @@ export default async (req, res) => {
await saveEvent({
...session,
url,
referrer,
eventName,
eventData,
});

11
pages/api/config.js → pages/api/config.ts
View file

@ -1,6 +1,15 @@
import { NextApiRequest, NextApiResponse } from 'next';
import { ok, methodNotAllowed } from 'next-basics';
export default async (req, res) => {
export interface ConfigResponse {
basePath: string;
trackerScriptName: string;
updatesDisabled: boolean;
telemetryDisabled: boolean;
adminDisabled: boolean;
}
export default async (req: NextApiRequest, res: NextApiResponse<ConfigResponse>) => {
if (req.method === 'GET') {
return ok(res, {
basePath: process.env.BASE_PATH || '',

5
pages/api/heartbeat.js
View file

@ -1,5 +0,0 @@
import { ok } from 'next-basics';
export default async (req, res) => {
return ok(res);
};

6
pages/api/heartbeat.ts Normal file
View file

@ -0,0 +1,6 @@
import { NextApiRequest, NextApiResponse } from 'next';
import { ok } from 'next-basics';
export default async (req: NextApiRequest, res: NextApiResponse) => {
return ok(res);
};

11
pages/api/realtime/init.js → pages/api/realtime/init.ts
View file

@ -1,10 +1,13 @@
import { subMinutes } from 'date-fns';
import { ok, methodNotAllowed, createToken } from 'next-basics';
import { useAuth } from 'lib/middleware';
import { getUserWebsites, getRealtimeData } from 'queries';
import { RealtimeInit } from 'lib/types';
import { NextApiRequestAuth } from 'lib/types';
import { secret } from 'lib/crypto';
import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { createToken, methodNotAllowed, ok } from 'next-basics';
import { getRealtimeData, getUserWebsites } from 'queries';
export default async (req, res) => {
export default async (req: NextApiRequestAuth, res: NextApiResponse<RealtimeInit>) => {
await useAuth(req, res);
if (req.method === 'GET') {

12
pages/api/realtime/update.js → pages/api/realtime/update.ts
View file

@ -3,8 +3,18 @@ import { useAuth } from 'lib/middleware';
import { getRealtimeData } from 'queries';
import { SHARE_TOKEN_HEADER } from 'lib/constants';
import { secret } from 'lib/crypto';
import { NextApiRequestQueryBody } from 'lib/types';
import { NextApiResponse } from 'next';
import { RealtimeUpdate } from 'lib/types';
export default async (req, res) => {
export interface InitUpdateRequestQuery {
start_at: string;
}
export default async (
req: NextApiRequestQueryBody<InitUpdateRequestQuery>,
res: NextApiResponse<RealtimeUpdate>,
) => {
await useAuth(req, res);
if (req.method === 'GET') {

20
pages/api/share/[id].js → pages/api/share/[id].ts
View file

@ -1,8 +1,22 @@
import { getWebsite } from 'queries';
import { ok, notFound, methodNotAllowed, createToken } from 'next-basics';
import { NextApiRequestQueryBody } from 'lib/types';
import { secret } from 'lib/crypto';
import { NextApiResponse } from 'next';
import { createToken, methodNotAllowed, notFound, ok } from 'next-basics';
import { getWebsite } from 'queries';
export default async (req, res) => {
export interface ShareRequestQuery {
id: string;
}
export interface ShareResponse {
id: string;
token: string;
}
export default async (
req: NextApiRequestQueryBody<ShareRequestQuery>,
res: NextApiResponse<ShareResponse>,
) => {
const { id: shareId } = req.query;
if (req.method === 'GET') {

61
pages/api/teams/[id]/index.ts Normal file
View file

@ -0,0 +1,61 @@
import { Team } from '@prisma/client';
import { NextApiRequestQueryBody } from 'lib/types';
import { canDeleteTeam, canUpdateTeam, canViewTeam } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { deleteTeam, getTeam, updateTeam } from 'queries';
export interface TeamRequestQuery {
id: string;
}
export interface TeamRequestBody {
name: string;
}
export default async (
req: NextApiRequestQueryBody<TeamRequestQuery, TeamRequestBody>,
res: NextApiResponse<Team>,
) => {
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: teamId } = req.query;
if (req.method === 'GET') {
if (!(await canViewTeam(userId, teamId))) {
return unauthorized(res);
}
const user = await getTeam({ id: teamId });
return ok(res, user);
}
if (req.method === 'POST') {
const { name } = req.body;
if (!(await canUpdateTeam(userId, teamId))) {
return unauthorized(res, 'You must be the owner of this team.');
}
const updated = await updateTeam({ name }, { id: teamId });
return ok(res, updated);
}
if (req.method === 'DELETE') {
if (!(await canDeleteTeam(userId, teamId))) {
return unauthorized(res, 'You must be the owner of this team.');
}
await deleteTeam(teamId);
return ok(res);
}
return methodNotAllowed(res);
};

70
pages/api/teams/[id]/users.ts Normal file
View file

@ -0,0 +1,70 @@
import { NextApiRequestQueryBody } from 'lib/types';
import { canUpdateTeam, canViewTeam } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
import { createTeamUser, deleteTeamUser, getUser, getTeamUsers } from 'queries';
export interface TeamUserRequestQuery {
id: string;
}
export interface TeamUserRequestBody {
email: string;
role_id: string;
team_user_id?: string;
}
export default async (
req: NextApiRequestQueryBody<TeamUserRequestQuery, TeamUserRequestBody>,
res: NextApiResponse,
) => {
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: teamId } = req.query;
if (req.method === 'GET') {
if (!(await canViewTeam(userId, teamId))) {
return unauthorized(res);
}
const users = await getTeamUsers(teamId);
return ok(res, users);
}
if (req.method === 'POST') {
if (!(await canUpdateTeam(userId, teamId))) {
return unauthorized(res, 'You must be the owner of this team.');
}
const { email, role_id: roleId } = req.body;
// Check for User
const user = await getUser({ username: email });
if (!user) {
return badRequest(res, 'The User does not exists.');
}
const updated = await createTeamUser(user.id, teamId, roleId);
return ok(res, updated);
}
if (req.method === 'DELETE') {
if (await canUpdateTeam(userId, teamId)) {
return unauthorized(res, 'You must be the owner of this team.');
}
const { team_user_id } = req.body;
await deleteTeamUser(team_user_id);
return ok(res);
}
return methodNotAllowed(res);
};

39
pages/api/teams/[id]/websites.ts Normal file
View file

@ -0,0 +1,39 @@
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { NextApiRequestQueryBody } from 'lib/types';
import { canViewTeam } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { getTeamWebsites } from 'queries/admin/team';
export interface TeamWebsiteRequestQuery {
id: string;
}
export interface TeamWebsiteRequestBody {
website_id: string;
team_website_id?: string;
}
export default async (
req: NextApiRequestQueryBody<TeamWebsiteRequestQuery, TeamWebsiteRequestBody>,
res: NextApiResponse,
) => {
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: teamId } = req.query;
if (req.method === 'GET') {
if (await canViewTeam(userId, teamId)) {
return unauthorized(res);
}
const websites = await getTeamWebsites(teamId);
return ok(res, websites);
}
return methodNotAllowed(res);
};

47
pages/api/teams/index.ts Normal file
View file

@ -0,0 +1,47 @@
import { Team } from '@prisma/client';
import { NextApiRequestQueryBody } from 'lib/types';
import { canCreateTeam } from 'lib/auth';
import { uuid } from 'lib/crypto';
import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { createTeam, getUserTeams } from 'queries';
export interface TeamsRequestBody {
name: string;
}
export default async (
req: NextApiRequestQueryBody<any, TeamsRequestBody>,
res: NextApiResponse<Team[] | Team>,
) => {
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
if (req.method === 'GET') {
const teams = await getUserTeams(userId);
return ok(res, teams);
}
if (req.method === 'POST') {
if (!(await canCreateTeam(userId))) {
return unauthorized(res);
}
const { name } = req.body;
const created = await createTeam({
id: uuid(),
name,
userId,
});
return ok(res, created);
}
return methodNotAllowed(res);
};

41
pages/api/users/[id]/index.js → pages/api/users/[id]/index.ts
View file

@ -1,8 +1,23 @@
import { badRequest, hashPassword, methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getUser, deleteUser, updateUser } from 'queries';
import { NextApiRequestQueryBody } from 'lib/types';
import { canUpdateUser, canViewUser } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { badRequest, hashPassword, methodNotAllowed, ok, unauthorized } from 'next-basics';
import { deleteUser, getUser, updateUser, User } from 'queries';
export default async (req, res) => {
export interface UserRequestQuery {
id: string;
}
export interface UserRequestBody {
username: string;
password: string;
}
export default async (
req: NextApiRequestQueryBody<UserRequestQuery, UserRequestBody>,
res: NextApiResponse<User>,
) => {
await useAuth(req, res);
const {
@ -11,7 +26,7 @@ export default async (req, res) => {
const { id } = req.query;
if (req.method === 'GET') {
if (id !== userId && !isAdmin) {
if (await canViewUser(userId, id)) {
return unauthorized(res);
}
@ -21,22 +36,22 @@ export default async (req, res) => {
}
if (req.method === 'POST') {
const { username, password } = req.body;
if (id !== userId && !isAdmin) {
if (await canUpdateUser(userId, id)) {
return unauthorized(res);
}
const { username, password } = req.body;
const user = await getUser({ id });
const data = {};
const data: any = {};
if (password) {
data.password = hashPassword(password);
}
// Only admin can change these fields
if (isAdmin) {
if (username && isAdmin) {
data.username = username;
}
@ -55,12 +70,12 @@ export default async (req, res) => {
}
if (req.method === 'DELETE') {
if (id === userId) {
return badRequest(res, 'You cannot delete your own user.');
if (isAdmin) {
return unauthorized(res);
}
if (!isAdmin) {
return unauthorized(res);
if (id === userId) {
return badRequest(res, 'You cannot delete your own user.');
}
await deleteUser(id);

36
pages/api/users/[id]/password.js → pages/api/users/[id]/password.ts
View file

@ -1,27 +1,43 @@
import { getUser, updateUser } from 'queries';
import { NextApiRequestQueryBody } from 'lib/types';
import { canUpdateUser } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next';
import {
badRequest,
checkPassword,
hashPassword,
methodNotAllowed,
ok,
unauthorized,
checkPassword,
hashPassword,
} from 'next-basics';
import { allowQuery } from 'lib/auth';
import { TYPE_USER } from 'lib/constants';
import { getUser, updateUser, User } from 'queries';
export default async (req, res) => {
export interface UserPasswordRequestQuery {
id: string;
}
export interface UserPasswordRequestBody {
current_password: string;
new_password: string;
}
export default async (
req: NextApiRequestQueryBody<UserPasswordRequestQuery, UserPasswordRequestBody>,
res: NextApiResponse<User>,
) => {
await useAuth(req, res);
const { current_password, new_password } = req.body;
const { id } = req.query;
if (!(await allowQuery(req, TYPE_USER))) {
return unauthorized(res);
}
const {
user: { id: userId },
} = req.auth;
if (req.method === 'POST') {
if (canUpdateUser(userId, id)) {
return unauthorized(res);
}
const user = await getUser({ id });
if (!checkPassword(current_password, user.password)) {

57
pages/api/users/[id]/websites.ts Normal file
View file

@ -0,0 +1,57 @@
import { Prisma } from '@prisma/client';
import { NextApiRequestQueryBody } from 'lib/types';
import { uuid } from 'lib/crypto';
import { useAuth, useCors } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok } from 'next-basics';
import { createWebsite, getUserWebsites } from 'queries';
export interface WebsitesRequestQuery {}
export interface WebsitesRequestBody {
name: string;
domain: string;
shareId: string;
teamId?: string;
}
export default async (
req: NextApiRequestQueryBody<WebsitesRequestQuery, WebsitesRequestBody>,
res: NextApiResponse,
) => {
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
if (req.method === 'GET') {
const websites = await getUserWebsites(userId);
return ok(res, websites);
}
if (req.method === 'POST') {
const { name, domain, shareId, teamId } = req.body;
const data: Prisma.WebsiteUncheckedCreateInput = {
id: uuid(),
name,
domain,
shareId,
};
if (teamId) {
data.teamId = teamId;
} else {
data.userId = userId;
}
const website = await createWebsite(data);
return ok(res, website);
}
return methodNotAllowed(res);
};

42
pages/api/users/index.js
View file

@ -1,42 +0,0 @@
import { ok, unauthorized, methodNotAllowed, badRequest, hashPassword } from 'next-basics';
import { useAuth } from 'lib/middleware';
import { uuid } from 'lib/crypto';
import { createUser, getUser, getUsers } from 'queries';
export default async (req, res) => {
await useAuth(req, res);
const {
user: { isAdmin },
} = req.auth;
if (!isAdmin) {
return unauthorized(res);
}
if (req.method === 'GET') {
const users = await getUsers();
return ok(res, users);
}
if (req.method === 'POST') {
const { username, password, id } = req.body;
const user = await getUser({ username });
if (user) {
return badRequest(res, 'User already exists');
}
const created = await createUser({
id: id || uuid(),
username,
password: hashPassword(password),
});
return ok(res, created);
}
return methodNotAllowed(res);
};

59
pages/api/users/index.ts Normal file
View file

@ -0,0 +1,59 @@
import { NextApiRequestQueryBody } from 'lib/types';
import { uuid } from 'lib/crypto';
import { useAuth } from 'lib/middleware';
import { ROLES } from 'lib/constants';
import { NextApiResponse } from 'next';
import { badRequest, hashPassword, methodNotAllowed, ok, unauthorized } from 'next-basics';
import { createUser, getUser, getUsers, User } from 'queries';
export interface UsersRequestBody {
username: string;
password: string;
id: string;
}
export default async (
req: NextApiRequestQueryBody<any, UsersRequestBody>,
res: NextApiResponse<User[] | User>,
) => {
await useAuth(req, res);
const {
user: { isAdmin },
} = req.auth;
if (req.method === 'GET') {
if (isAdmin) {
return unauthorized(res);
}
const users = await getUsers();
return ok(res, users);
}
if (req.method === 'POST') {
if (isAdmin) {
return unauthorized(res);
}
const { username, password, id } = req.body;
const existingUser = await getUser({ username });
if (existingUser) {
return badRequest(res, 'User already exists');
}
const created = await createUser({
id: id || uuid(),
username,
password: hashPassword(password),
role: ROLES.user,
});
return ok(res, created);
}
return methodNotAllowed(res);
};

24
pages/api/websites/[id]/active.js
View file

@ -1,24 +0,0 @@
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { allowQuery } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { getActiveVisitors } from 'queries';
import { TYPE_WEBSITE } from 'lib/constants';
export default async (req, res) => {
await useCors(req, res);
await useAuth(req, res);
if (req.method === 'GET') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
return unauthorized(res);
}
const { id: websiteId } = req.query;
const result = await getActiveVisitors(websiteId);
return ok(res, result);
}
return methodNotAllowed(res);
};

36
pages/api/websites/[id]/active.ts Normal file
View file

@ -0,0 +1,36 @@
import { WebsiteActive } from 'lib/types';
import { NextApiRequestQueryBody } from 'lib/types';
import { canViewWebsite } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getActiveVisitors } from 'queries';
export interface WebsiteActiveRequestQuery {
id: string;
}
export default async (
req: NextApiRequestQueryBody<WebsiteActiveRequestQuery>,
res: NextApiResponse<WebsiteActive>,
) => {
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: websiteId } = req.query;
if (req.method === 'GET') {
if (await canViewWebsite(userId, websiteId)) {
return unauthorized(res);
}
const result = await getActiveVisitors(websiteId);
return ok(res, result);
}
return methodNotAllowed(res);
};

41
pages/api/websites/[id]/eventdata.js
View file

@ -1,41 +0,0 @@
import moment from 'moment-timezone';
import { getEventData } from 'queries';
import { ok, badRequest, methodNotAllowed, unauthorized } from 'next-basics';
import { allowQuery } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { TYPE_WEBSITE } from 'lib/constants';
export default async (req, res) => {
await useCors(req, res);
await useAuth(req, res);
if (req.method === 'POST') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
return unauthorized(res);
}
const { id: websiteId } = req.query;
const { start_at, end_at, timezone, event_name: eventName, columns, filters } = req.body;
if (!moment.tz.zone(timezone)) {
return badRequest(res);
}
const startDate = new Date(+start_at);
const endDate = new Date(+end_at);
const events = await getEventData(websiteId, {
startDate,
endDate,
timezone,
eventName,
columns,
filters,
});
return ok(res, events);
}
return methodNotAllowed(res);
};

54
pages/api/websites/[id]/eventdata.ts Normal file
View file

@ -0,0 +1,54 @@
import { WebsiteMetric, NextApiRequestQueryBody } from 'lib/types';
import { canViewWebsite } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getEventData } from 'queries';
export interface WebsiteEventDataRequestQuery {
id: string;
}
export interface WebsiteEventDataRequestBody {
start_at: string;
end_at: string;
event_name: string;
columns: { [key: string]: 'count' | 'max' | 'min' | 'avg' | 'sum' };
filters?: { [key: string]: any };
}
export default async (
req: NextApiRequestQueryBody<WebsiteEventDataRequestQuery, WebsiteEventDataRequestBody>,
res: NextApiResponse<WebsiteMetric>,
) => {
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: websiteId } = req.query;
if (req.method === 'POST') {
if (canViewWebsite(userId, websiteId)) {
return unauthorized(res);
}
const { start_at, end_at, event_name: eventName, columns, filters } = req.body;
const startDate = new Date(+start_at);
const endDate = new Date(+end_at);
const events = await getEventData(websiteId, {
startDate,
endDate,
eventName,
columns,
filters,
});
return ok(res, events);
}
return methodNotAllowed(res);
};

36
pages/api/websites/[id]/events.js
View file

@ -1,36 +0,0 @@
import moment from 'moment-timezone';
import { getEventMetrics } from 'queries';
import { ok, badRequest, methodNotAllowed, unauthorized } from 'next-basics';
import { allowQuery } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { TYPE_WEBSITE } from 'lib/constants';
const unitTypes = ['year', 'month', 'hour', 'day'];
export default async (req, res) => {
await useCors(req, res);
await useAuth(req, res);
if (req.method === 'GET') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
return unauthorized(res);
}
const { id: websiteId, start_at, end_at, unit, tz, url, event_name } = req.query;
if (!moment.tz.zone(tz) || !unitTypes.includes(unit)) {
return badRequest(res);
}
const startDate = new Date(+start_at);
const endDate = new Date(+end_at);
const events = await getEventMetrics(websiteId, startDate, endDate, tz, unit, {
url,
eventName: event_name,
});
return ok(res, events);
}
return methodNotAllowed(res);
};

59
pages/api/websites/[id]/events.ts Normal file
View file

@ -0,0 +1,59 @@
import { WebsiteMetric, NextApiRequestQueryBody } from 'lib/types';
import { canViewWebsite } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import moment from 'moment-timezone';
import { NextApiResponse } from 'next';
import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getEventMetrics } from 'queries';
const unitTypes = ['year', 'month', 'hour', 'day'];
export interface WebsiteEventsRequestQuery {
id: string;
start_at: string;
end_at: string;
unit: string;
tz: string;
url: string;
event_name: string;
}
export default async (
req: NextApiRequestQueryBody<WebsiteEventsRequestQuery>,
res: NextApiResponse<WebsiteMetric>,
) => {
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: websiteId, start_at, end_at, unit, tz, url, event_name } = req.query;
if (req.method === 'GET') {
if (canViewWebsite(userId, websiteId)) {
return unauthorized(res);
}
if (!moment.tz.zone(tz) || !unitTypes.includes(unit)) {
return badRequest(res);
}
const startDate = new Date(+start_at);
const endDate = new Date(+end_at);
const events = await getEventMetrics(websiteId, {
startDate,
endDate,
timezone: tz,
unit,
filters: {
url,
eventName: event_name,
},
});
return ok(res, events);
}
return methodNotAllowed(res);
};

45
pages/api/websites/[id]/index.js → pages/api/websites/[id]/index.ts
View file

@ -1,35 +1,52 @@
import { allowQuery } from 'lib/auth';
import { Website, NextApiRequestQueryBody } from 'lib/types';
import { canViewWebsite, canUpdateWebsite, canDeleteWebsite } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, serverError, unauthorized } from 'next-basics';
import { deleteWebsite, getWebsite, updateWebsite } from 'queries';
import { TYPE_WEBSITE } from 'lib/constants';
export default async (req, res) => {
export interface WebsiteRequestQuery {
id: string;
}
export interface WebsiteRequestBody {
name: string;
domain: string;
shareId: string;
}
export default async (
req: NextApiRequestQueryBody<WebsiteRequestQuery, WebsiteRequestBody>,
res: NextApiResponse<Website>,
) => {
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: websiteId } = req.query;
if (!(await allowQuery(req, TYPE_WEBSITE))) {
return unauthorized(res);
}
if (req.method === 'GET') {
if (!(await canViewWebsite(userId, websiteId))) {
return unauthorized(res);
}
const website = await getWebsite({ id: websiteId });
return ok(res, website);
}
if (req.method === 'POST') {
if (!(await canUpdateWebsite(userId, websiteId))) {
return unauthorized(res);
}
const { name, domain, shareId } = req.body;
try {
await updateWebsite(websiteId, {
name,
domain,
shareId,
});
} catch (e) {
await updateWebsite(websiteId, { name, domain, shareId });
} catch (e: any) {
if (e.message.includes('Unique constraint') && e.message.includes('share_id')) {
return serverError(res, 'That share ID is already taken.');
}
@ -39,7 +56,7 @@ export default async (req, res) => {
}
if (req.method === 'DELETE') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
if (!(await canDeleteWebsite(userId, websiteId))) {
return unauthorized(res);
}

55
pages/api/websites/[id]/metrics.js → pages/api/websites/[id]/metrics.ts
View file

@ -1,6 +1,8 @@
import { allowQuery } from 'lib/auth';
import { FILTER_IGNORED, TYPE_WEBSITE } from 'lib/constants';
import { WebsiteMetric, NextApiRequestQueryBody } from 'lib/types';
import { canViewWebsite } from 'lib/auth';
import { FILTER_IGNORED } from 'lib/constants';
import { useAuth, useCors } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getPageviewMetrics, getSessionMetrics, getWebsite } from 'queries';
@ -33,28 +35,47 @@ function getColumn(type) {
return type;
}
export default async (req, res) => {
export interface WebsiteMetricsRequestQuery {
id: string;
type: string;
start_at: number;
end_at: number;
url: string;
referrer: string;
os: string;
browser: string;
device: string;
country: string;
}
export default async (
req: NextApiRequestQueryBody<WebsiteMetricsRequestQuery>,
res: NextApiResponse<WebsiteMetric[]>,
) => {
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const {
id: websiteId,
type,
start_at,
end_at,
url,
referrer,
os,
browser,
device,
country,
} = req.query;
if (req.method === 'GET') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
if (!(await canViewWebsite(userId, websiteId))) {
return unauthorized(res);
}
const {
id: websiteId,
type,
start_at,
end_at,
url,
referrer,
os,
browser,
device,
country,
} = req.query;
const startDate = new Date(+start_at);
const endDate = new Date(+end_at);

72
pages/api/websites/[id]/pageviews.js → pages/api/websites/[id]/pageviews.ts
View file

@ -1,35 +1,57 @@
import moment from 'moment-timezone';
import { getPageviewStats } from 'queries';
import { ok, badRequest, methodNotAllowed, unauthorized } from 'next-basics';
import { allowQuery } from 'lib/auth';
import { NextApiRequestQueryBody, WebsitePageviews } from 'lib/types';
import { canViewWebsite } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { TYPE_WEBSITE } from 'lib/constants';
import moment from 'moment-timezone';
import { NextApiResponse } from 'next';
import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getPageviewStats } from 'queries';
const unitTypes = ['year', 'month', 'hour', 'day'];
export default async (req, res) => {
export interface WebsitePageviewRequestQuery {
id: string;
websiteId: string;
start_at: number;
end_at: number;
unit: string;
tz: string;
url?: string;
referrer?: string;
os?: string;
browser?: string;
device?: string;
country?: string;
}
export default async (
req: NextApiRequestQueryBody<WebsitePageviewRequestQuery>,
res: NextApiResponse<WebsitePageviews>,
) => {
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const {
id: websiteId,
start_at,
end_at,
unit,
tz,
url,
referrer,
os,
browser,
device,
country,
} = req.query;
if (req.method === 'GET') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
if (!(await canViewWebsite(userId, websiteId))) {
return unauthorized(res);
}
const {
id: websiteId,
start_at,
end_at,
unit,
tz,
url,
referrer,
os,
browser,
device,
country,
} = req.query;
const startDate = new Date(+start_at);
const endDate = new Date(+end_at);
@ -39,8 +61,8 @@ export default async (req, res) => {
const [pageviews, sessions] = await Promise.all([
getPageviewStats(websiteId, {
start_at: startDate,
end_at: endDate,
startDate,
endDate,
timezone: tz,
unit,
count: '*',
@ -54,8 +76,8 @@ export default async (req, res) => {
},
}),
getPageviewStats(websiteId, {
start_at: startDate,
end_at: endDate,
startDate,
endDate,
timezone: tz,
unit,
count: 'distinct pageview.',

23
pages/api/websites/[id]/reset.js → pages/api/websites/[id]/reset.ts
View file

@ -1,17 +1,28 @@
import { resetWebsite } from 'queries';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { allowQuery } from 'lib/auth';
import { NextApiRequestQueryBody } from 'lib/types';
import { canViewWebsite } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { TYPE_WEBSITE } from 'lib/constants';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { resetWebsite } from 'queries';
export default async (req, res) => {
export interface WebsiteResetRequestQuery {
id: string;
}
export default async (
req: NextApiRequestQueryBody<WebsiteResetRequestQuery>,
res: NextApiResponse,
) => {
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: websiteId } = req.query;
if (req.method === 'POST') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
if (!(await canViewWebsite(userId, websiteId))) {
return unauthorized(res);
}

65
pages/api/websites/[id]/stats.js → pages/api/websites/[id]/stats.ts
View file

@ -1,30 +1,51 @@
import { getWebsiteStats } from 'queries';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { allowQuery } from 'lib/auth';
import { WebsiteStats } from 'lib/types';
import { NextApiRequestQueryBody } from 'lib/types';
import { canViewWebsite } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { TYPE_WEBSITE } from 'lib/constants';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getWebsiteStats } from 'queries';
export default async (req, res) => {
export interface WebsiteStatsRequestQuery {
id: string;
type: string;
start_at: number;
end_at: number;
url: string;
referrer: string;
os: string;
browser: string;
device: string;
country: string;
}
export default async (
req: NextApiRequestQueryBody<WebsiteStatsRequestQuery>,
res: NextApiResponse<WebsiteStats>,
) => {
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const {
id: websiteId,
start_at,
end_at,
url,
referrer,
os,
browser,
device,
country,
} = req.query;
if (req.method === 'GET') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
if (!(await canViewWebsite(userId, websiteId))) {
return unauthorized(res);
}
const {
id: websiteId,
start_at,
end_at,
url,
referrer,
os,
browser,
device,
country,
} = req.query;
const startDate = new Date(+start_at);
const endDate = new Date(+end_at);
@ -33,8 +54,8 @@ export default async (req, res) => {
const prevEndDate = new Date(+end_at - distance);
const metrics = await getWebsiteStats(websiteId, {
start_at: startDate,
end_at: endDate,
startDate,
endDate,
filters: {
url,
referrer,
@ -45,8 +66,8 @@ export default async (req, res) => {
},
});
const prevPeriod = await getWebsiteStats(websiteId, {
start_at: prevStartDate,
end_at: prevEndDate,
startDate: prevStartDate,
endDate: prevEndDate,
filters: {
url,
referrer,

33
pages/api/websites/index.js
View file

@ -1,33 +0,0 @@
import { createWebsite, getAllWebsites, getUserWebsites } from 'queries';
import { ok, methodNotAllowed, getRandomChars } from 'next-basics';
import { useAuth, useCors } from 'lib/middleware';
import { uuid } from 'lib/crypto';
export default async (req, res) => {
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId, isAdmin },
} = req.auth;
if (req.method === 'GET') {
const { include_all } = req.query;
const websites =
isAdmin && include_all ? await getAllWebsites() : await getUserWebsites(userId);
return ok(res, websites);
}
if (req.method === 'POST') {
const { name, domain, enableShareUrl } = req.body;
const shareId = enableShareUrl ? getRandomChars(8) : null;
const website = await createWebsite(userId, { id: uuid(), name, domain, shareId });
return ok(res, website);
}
return methodNotAllowed(res);
};

57
pages/api/websites/index.ts Normal file
View file

@ -0,0 +1,57 @@
import { Prisma } from '@prisma/client';
import { NextApiRequestQueryBody } from 'lib/types';
import { uuid } from 'lib/crypto';
import { useAuth, useCors } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok } from 'next-basics';
import { createWebsite, getUserWebsites } from 'queries';
export interface WebsitesRequestQuery {}
export interface WebsitesRequestBody {
name: string;
domain: string;
shareId: string;
teamId?: string;
}
export default async (
req: NextApiRequestQueryBody<WebsitesRequestQuery, WebsitesRequestBody>,
res: NextApiResponse,
) => {
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
if (req.method === 'GET') {
const websites = await getUserWebsites(userId);
return ok(res, websites);
}
if (req.method === 'POST') {
const { name, domain, shareId, teamId } = req.body;
const data: Prisma.WebsiteUncheckedCreateInput = {
id: uuid(),
name,
domain,
shareId,
};
if (teamId) {
data.teamId = teamId;
} else {
data.userId = userId;
}
const website = await createWebsite(data);
return ok(res, website);
}
return methodNotAllowed(res);
};