watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-11 08:07:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

API security updates.

Browse source
This commit is contained in:
Mike Cao 2020-09-11 13:49:43 -07:00
parent 01432266ef
commit 8e3286179a
7 changed files with 115 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

17
pages/api/website/[id]/active.js
View file

@ -1,11 +1,18 @@
import { getActiveVisitors } from 'lib/queries';
import { ok } from 'lib/response';
import { methodNotAllowed, ok } from 'lib/response';
import { useAuth } from 'lib/middleware';
export default async (req, res) => {
const { id } = req.query;
const website_id = +id;
await useAuth(req, res);
const result = await getActiveVisitors(website_id);
if (req.method === 'GET') {
const { id } = req.query;
const website_id = +id;
return ok(res, result);
const result = await getActiveVisitors(website_id);
return ok(res, result);
}
return methodNotAllowed(res);
};

29
pages/api/website/[id]/events.js
View file

@ -1,21 +1,28 @@
import moment from 'moment-timezone';
import { getEvents } from 'lib/queries';
import { ok, badRequest } from 'lib/response';
import { ok, badRequest, methodNotAllowed } from 'lib/response';
import { useAuth } from 'lib/middleware';
const unitTypes = ['month', 'hour', 'day'];
export default async (req, res) => {
const { id, start_at, end_at, unit, tz } = req.query;
await useAuth(req, res);
if (!moment.tz.zone(tz) || !unitTypes.includes(unit)) {
return badRequest(res);
if (req.method === 'GET') {
const { id, start_at, end_at, unit, tz } = req.query;
if (!moment.tz.zone(tz) || !unitTypes.includes(unit)) {
return badRequest(res);
}
const websiteId = +id;
const startDate = new Date(+start_at);
const endDate = new Date(+end_at);
const events = await getEvents(websiteId, startDate, endDate, tz, unit);
return ok(res, events);
}
const websiteId = +id;
const startDate = new Date(+start_at);
const endDate = new Date(+end_at);
const events = await getEvents(websiteId, startDate, endDate, tz, unit);
return ok(res, events);
return methodNotAllowed(res);
};

29
pages/api/website/[id]/metrics.js
View file

@ -1,18 +1,25 @@
import { getMetrics } from 'lib/queries';
import { ok } from 'lib/response';
import { methodNotAllowed, ok } from 'lib/response';
import { useAuth } from 'lib/middleware';
export default async (req, res) => {
const { id, start_at, end_at } = req.query;
const websiteId = +id;
const startDate = new Date(+start_at);
const endDate = new Date(+end_at);
await useAuth(req, res);
const metrics = await getMetrics(websiteId, startDate, endDate);
if (req.method === 'GET') {
const { id, start_at, end_at } = req.query;
const websiteId = +id;
const startDate = new Date(+start_at);
const endDate = new Date(+end_at);
const stats = Object.keys(metrics[0]).reduce((obj, key) => {
obj[key] = Number(metrics[0][key]) || 0;
return obj;
}, {});
const metrics = await getMetrics(websiteId, startDate, endDate);
return ok(res, stats);
const stats = Object.keys(metrics[0]).reduce((obj, key) => {
obj[key] = Number(metrics[0][key]) || 0;
return obj;
}, {});
return ok(res, stats);
}
return methodNotAllowed(res);
};

35
pages/api/website/[id]/pageviews.js
View file

@ -1,24 +1,31 @@
import moment from 'moment-timezone';
import { getPageviews } from 'lib/queries';
import { ok, badRequest } from 'lib/response';
import { ok, badRequest, methodNotAllowed } from 'lib/response';
import { useAuth } from 'lib/middleware';
const unitTypes = ['month', 'hour', 'day'];
export default async (req, res) => {
const { id, start_at, end_at, unit, tz } = req.query;
await useAuth(req, res);
if (!moment.tz.zone(tz) || !unitTypes.includes(unit)) {
return badRequest(res);
if (req.method === 'GET') {
const { id, start_at, end_at, unit, tz } = req.query;
if (!moment.tz.zone(tz) || !unitTypes.includes(unit)) {
return badRequest(res);
}
const websiteId = +id;
const startDate = new Date(+start_at);
const endDate = new Date(+end_at);
const [pageviews, uniques] = await Promise.all([
getPageviews(websiteId, startDate, endDate, tz, unit, '*'),
getPageviews(websiteId, startDate, endDate, tz, unit, 'distinct session_id'),
]);
return ok(res, { pageviews, uniques });
}
const websiteId = +id;
const startDate = new Date(+start_at);
const endDate = new Date(+end_at);
const [pageviews, uniques] = await Promise.all([
getPageviews(websiteId, startDate, endDate, tz, unit, '*'),
getPageviews(websiteId, startDate, endDate, tz, unit, 'distinct session_id'),
]);
return ok(res, { pageviews, uniques });
return methodNotAllowed(res);
};

55
pages/api/website/[id]/rankings.js
View file

@ -1,6 +1,7 @@
import { getRankings } from 'lib/queries';
import { ok, badRequest } from 'lib/response';
import { DOMAIN_REGEX } from '../../../../lib/constants';
import { ok, badRequest, methodNotAllowed } from 'lib/response';
import { DOMAIN_REGEX } from 'lib/constants';
import { useAuth } from 'lib/middleware';
const sessionColumns = ['browser', 'os', 'device', 'country'];
const pageviewColumns = ['url', 'referrer'];
@ -25,29 +26,35 @@ function getColumn(type) {
}
export default async (req, res) => {
const { id, type, start_at, end_at, domain } = req.query;
const websiteId = +id;
const startDate = new Date(+start_at);
const endDate = new Date(+end_at);
await useAuth(req, res);
if (
type !== 'event' &&
!sessionColumns.includes(type) &&
!pageviewColumns.includes(type) &&
domain &&
DOMAIN_REGEX.test(domain)
) {
return badRequest(res);
if (req.method === 'GET') {
const { id, type, start_at, end_at, domain } = req.query;
const websiteId = +id;
const startDate = new Date(+start_at);
const endDate = new Date(+end_at);
if (
type !== 'event' &&
!sessionColumns.includes(type) &&
!pageviewColumns.includes(type) &&
domain &&
DOMAIN_REGEX.test(domain)
) {
return badRequest(res);
}
const rankings = await getRankings(
websiteId,
startDate,
endDate,
getColumn(type),
getTable(type),
domain,
);
return ok(res, rankings);
}
const rankings = await getRankings(
websiteId,
startDate,
endDate,
getColumn(type),
getTable(type),
domain,
);
return ok(res, rankings);
return methodNotAllowed(res);
};