v1.39.2 (#1599)

* Fixed issue with realtime page rendering.

* fix auth, add pg extension (#1596)

* Fixed change password issue. API refactoring. Closes #1592.

* Fixed account lookup.

* Fixed issue with accessing user dashboards. Closes #1590

* fix sort on dashboard (#1600)

Co-authored-by: Brian Cao <brian@umami.is>

pages/api/websites/[id]/active.js

@@ -2,13 +2,14 @@ import { methodNotAllowed, ok, unauthorized } from 'next-basics';
 import { allowQuery } from 'lib/auth';
 import { useAuth, useCors } from 'lib/middleware';
 import { getActiveVisitors } from 'queries';
+import { TYPE_WEBSITE } from 'lib/constants';
 
 export default async (req, res) => {
   await useCors(req, res);
   await useAuth(req, res);
 
   if (req.method === 'GET') {
-    if (!(await allowQuery(req))) {
+    if (!(await allowQuery(req, TYPE_WEBSITE))) {
       return unauthorized(res);
     }
 

pages/api/websites/[id]/eventdata.js

@@ -3,13 +3,14 @@ import { getEventData } from 'queries';
 import { ok, badRequest, methodNotAllowed, unauthorized } from 'next-basics';
 import { allowQuery } from 'lib/auth';
 import { useAuth, useCors } from 'lib/middleware';
+import { TYPE_WEBSITE } from 'lib/constants';
 
 export default async (req, res) => {
   await useCors(req, res);
   await useAuth(req, res);
 
   if (req.method === 'POST') {
-    if (!(await allowQuery(req))) {
+    if (!(await allowQuery(req, TYPE_WEBSITE))) {
       return unauthorized(res);
     }
 

pages/api/websites/[id]/events.js

@@ -3,6 +3,7 @@ import { getEventMetrics } from 'queries';
 import { ok, badRequest, methodNotAllowed, unauthorized } from 'next-basics';
 import { allowQuery } from 'lib/auth';
 import { useAuth, useCors } from 'lib/middleware';
+import { TYPE_WEBSITE } from 'lib/constants';
 
 const unitTypes = ['year', 'month', 'hour', 'day'];
 
@@ -11,7 +12,7 @@ export default async (req, res) => {
   await useAuth(req, res);
 
   if (req.method === 'GET') {
-    if (!(await allowQuery(req))) {
+    if (!(await allowQuery(req, TYPE_WEBSITE))) {
       return unauthorized(res);
     }
 

pages/api/websites/[id]/index.js

@@ -2,19 +2,20 @@ import { allowQuery } from 'lib/auth';
 import { useAuth, useCors } from 'lib/middleware';
 import { getRandomChars, methodNotAllowed, ok, serverError, unauthorized } from 'next-basics';
 import { deleteWebsite, getAccount, getWebsite, updateWebsite } from 'queries';
+import { TYPE_WEBSITE } from 'lib/constants';
 
 export default async (req, res) => {
   await useCors(req, res);
   await useAuth(req, res);
 
-  const { id: websiteId } = req.query;
+  const { id: websiteUuid } = req.query;
 
-  if (!(await allowQuery(req))) {
+  if (!(await allowQuery(req, TYPE_WEBSITE))) {
     return unauthorized(res);
   }
 
   if (req.method === 'GET') {
-    const website = await getWebsite({ websiteUuid: websiteId });
+    const website = await getWebsite({ websiteUuid });
 
     return ok(res, website);
   }
@@ -32,7 +33,7 @@ export default async (req, res) => {
       }
     }
 
-    const website = await getWebsite({ websiteUuid: websiteId });
+    const website = await getWebsite({ websiteUuid });
 
     const newShareId = enableShareUrl ? website.shareId || getRandomChars(8) : null;
 
@@ -44,7 +45,7 @@ export default async (req, res) => {
           shareId: shareId ? shareId : newShareId,
           userId: account ? account.id : +owner || undefined,
         },
-        { websiteUuid: websiteId },
+        { websiteUuid },
       );
     } catch (e) {
       if (e.message.includes('Unique constraint') && e.message.includes('share_id')) {
@@ -56,11 +57,11 @@ export default async (req, res) => {
   }
 
   if (req.method === 'DELETE') {
-    if (!(await allowQuery(req, true))) {
+    if (!(await allowQuery(req, TYPE_WEBSITE))) {
       return unauthorized(res);
     }
 
-    await deleteWebsite(websiteId);
+    await deleteWebsite(websiteUuid);
 
     return ok(res);
   }

pages/api/websites/[id]/metrics.js

@@ -1,8 +1,8 @@
 import { allowQuery } from 'lib/auth';
-import { FILTER_IGNORED } from 'lib/constants';
+import { FILTER_IGNORED, TYPE_WEBSITE } from 'lib/constants';
 import { useAuth, useCors } from 'lib/middleware';
 import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
-import { getPageviewMetrics, getSessionMetrics, getWebsiteByUuid } from 'queries';
+import { getPageviewMetrics, getSessionMetrics, getWebsite } from 'queries';
 
 const sessionColumns = ['browser', 'os', 'device', 'screen', 'country', 'language'];
 const pageviewColumns = ['url', 'referrer', 'query'];
@@ -38,7 +38,7 @@ export default async (req, res) => {
   await useAuth(req, res);
 
   if (req.method === 'GET') {
-    if (!(await allowQuery(req))) {
+    if (!(await allowQuery(req, TYPE_WEBSITE))) {
       return unauthorized(res);
     }
 
@@ -94,7 +94,7 @@ export default async (req, res) => {
       let domain;
 
       if (type === 'referrer') {
-        const website = await getWebsiteByUuid(websiteId);
+        const website = await getWebsite({ websiteUuid: websiteId });
 
         if (!website) {
           return badRequest(res);

pages/api/websites/[id]/pageviews.js

@@ -3,6 +3,7 @@ import { getPageviewStats } from 'queries';
 import { ok, badRequest, methodNotAllowed, unauthorized } from 'next-basics';
 import { allowQuery } from 'lib/auth';
 import { useAuth, useCors } from 'lib/middleware';
+import { TYPE_WEBSITE } from 'lib/constants';
 
 const unitTypes = ['year', 'month', 'hour', 'day'];
 
@@ -11,7 +12,7 @@ export default async (req, res) => {
   await useAuth(req, res);
 
   if (req.method === 'GET') {
-    if (!(await allowQuery(req))) {
+    if (!(await allowQuery(req, TYPE_WEBSITE))) {
       return unauthorized(res);
     }
 

pages/api/websites/[id]/reset.js

@@ -2,6 +2,7 @@ import { resetWebsite } from 'queries';
 import { methodNotAllowed, ok, unauthorized } from 'next-basics';
 import { allowQuery } from 'lib/auth';
 import { useAuth, useCors } from 'lib/middleware';
+import { TYPE_WEBSITE } from 'lib/constants';
 
 export default async (req, res) => {
   await useCors(req, res);
@@ -10,7 +11,7 @@ export default async (req, res) => {
   const { id: websiteId } = req.query;
 
   if (req.method === 'POST') {
-    if (!(await allowQuery(req))) {
+    if (!(await allowQuery(req, TYPE_WEBSITE))) {
       return unauthorized(res);
     }
 

pages/api/websites/[id]/stats.js

@@ -2,13 +2,14 @@ import { getWebsiteStats } from 'queries';
 import { methodNotAllowed, ok, unauthorized } from 'next-basics';
 import { allowQuery } from 'lib/auth';
 import { useAuth, useCors } from 'lib/middleware';
+import { TYPE_WEBSITE } from 'lib/constants';
 
 export default async (req, res) => {
   await useCors(req, res);
   await useAuth(req, res);
 
   if (req.method === 'GET') {
-    if (!(await allowQuery(req))) {
+    if (!(await allowQuery(req, TYPE_WEBSITE))) {
       return unauthorized(res);
     }
 

pages/api/websites/index.js

@@ -6,15 +6,16 @@ import { uuid } from 'lib/crypto';
 export default async (req, res) => {
   await useAuth(req, res);
 
-  const { userId: currentUserId, isAdmin, accountUuid } = req.auth;
   const { user_id, include_all } = req.query;
+  const { userId: currentUserId, isAdmin } = req.auth;
+  const accountUuid = user_id || req.auth.accountUuid;
   let account;
 
   if (accountUuid) {
-    account = await getAccount({ accountUuid: accountUuid });
+    account = await getAccount({ accountUuid });
   }
 
-  const userId = account ? account.id : +user_id;
+  const userId = account ? account.id : user_id;
 
   if (req.method === 'GET') {
     if (userId && userId !== currentUserId && !isAdmin) {
@@ -24,7 +25,7 @@ export default async (req, res) => {
     const websites =
       isAdmin && include_all
         ? await getAllWebsites()
-        : await getUserWebsites(userId || currentUserId);
+        : await getUserWebsites({ userId: account.id });
 
     return ok(res, websites);
   }