watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-14 01:25:37 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Cherry pick prisma query protection.

Browse source
This commit is contained in:
Brian Cao 2023-01-12 11:29:37 -08:00
parent 4c202741c2
commit 9a7385e4d5
9 changed files with 68 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

17
queries/analytics/pageview/getPageviewMetrics.ts
View file

@ -32,18 +32,23 @@ async function relationalQuery(
filters: object;
},
) {
const { startDate, endDate, column, filters = {} } = data;
const { rawQuery, parseFilters } = prisma;
const params = [startDate, endDate];
const { startDate, endDate, column, filters = {}, type } = data;
const { rawQuery, parseFilters, toUuid } = prisma;
const params: any = [
websiteId,
startDate,
endDate,
type === 'event' ? EVENT_TYPE.customEvent : EVENT_TYPE.pageView,
];
const { filterQuery, joinSession } = parseFilters(filters, params);
return rawQuery(
`select ${column} x, count(*) y
from website_event
${joinSession}
where website_id='${websiteId}'
and website_event.created_at between $1 and $2
and event_type = ${EVENT_TYPE.pageView}
where website_event.website_id = $1${toUuid()}
and website_event.created_at between $2 and $3
and event_type = $4
${filterQuery}
group by 1
order by 2 desc`,

10
queries/analytics/pageview/getPageviewStats.ts
View file

@ -45,8 +45,8 @@ async function relationalQuery(
filters = {},
sessionKey = 'session_id',
} = data;
const { getDateQuery, parseFilters, rawQuery } = prisma;
const params = [startDate, endDate];
const { toUuid, getDateQuery, parseFilters, rawQuery } = prisma;
const params: any = [websiteId, startDate, endDate];
const { filterQuery, joinSession } = parseFilters(filters, params);
return rawQuery(
@ -54,8 +54,8 @@ async function relationalQuery(
count(${count !== '*' ? `${count}${sessionKey}` : count}) y
from website_event
${joinSession}
where website.website_id='${websiteId}'
and pageview.created_at between $1 and $2
where website_event.website_id = $1${toUuid()}
and website_event.created_at between $2 and $3
and event_type = ${EVENT_TYPE.pageView}
${filterQuery}
group by 1`,
@ -90,7 +90,7 @@ async function clickhouseQuery(
${getDateQuery('created_at', unit, timezone)} t,
count(${count !== '*' ? 'distinct session_id' : count}) y
from event
where website_id = $1
where website_id = $1
and rev_id = $2
and event_type = ${EVENT_TYPE.pageView}
and ${getBetweenDates('created_at', startDate, endDate)}