watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-06 05:37:20 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Convert /api/users.

Browse source
This commit is contained in:
Mike Cao 2025-01-21 19:10:34 -08:00
parent 090abcff81
commit baa3851fb4
61 changed files with 1064 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/app/api/heartbeat/route.ts Normal file
View file

@ -0,0 +1,3 @@
export async function GET() {
return Response.json({ ok: true });
}

72
src/app/api/users/[userId]/route.ts Normal file
View file

@ -0,0 +1,72 @@
import { z } from 'zod';
import { canUpdateUser, canViewUser, checkAuth } from 'lib/auth';
import { getUser, getUserByUsername, updateUser } from 'queries';
import { json, unauthorized, badRequest } from 'lib/response';
import { hashPassword } from 'next-basics';
import { checkRequest } from 'lib/request';
export async function GET(request: Request, { params }: { params: Promise<{ userId: string }> }) {
const { userId } = await params;
const auth = await checkAuth(request);
if (!auth || !(await canViewUser(auth, userId))) {
return unauthorized();
}
const user = await getUser(userId);
return json(user);
}
export async function POST(request: Request, { params }: { params: Promise<{ userId: string }> }) {
const schema = z.object({
username: z.string().max(255),
password: z.string().max(255),
role: z.string().regex(/admin|user|view-only/i),
});
const { body, error } = await checkRequest(request, schema);
if (error) {
return badRequest(error);
}
const { userId } = await params;
const auth = await checkAuth(request);
if (!auth || !(await canUpdateUser(auth, userId))) {
return unauthorized();
}
const { username, password, role } = body;
const user = await getUser(userId);
const data: any = {};
if (password) {
data.password = hashPassword(password);
}
// Only admin can change these fields
if (role && auth.user.isAdmin) {
data.role = role;
}
if (username && auth.user.isAdmin) {
data.username = username;
}
// Check when username changes
if (data.username && user.username !== data.username) {
const user = await getUserByUsername(username);
if (user) {
return badRequest('User already exists');
}
}
const updated = await updateUser(userId, data);
return json(updated);
}

30
src/app/api/users/[userId]/teams/route.ts Normal file
View file

@ -0,0 +1,30 @@
import { z } from 'zod';
import { pagingParams } from 'lib/schema';
import { getUserTeams } from 'queries';
import { checkAuth } from 'lib/auth';
import { unauthorized, badRequest, json } from 'lib/response';
import { checkRequest } from 'lib/request';
const schema = z.object({
...pagingParams,
});
export async function GET(request: Request, { params }: { params: Promise<{ userId: string }> }) {
const { userId } = await params;
const { query, error } = await checkRequest(request, schema);
if (error) {
return badRequest(error);
}
const auth = await checkAuth(request);
if (!auth || (!auth.user.isAdmin && (!userId || auth.user.id !== userId))) {
return unauthorized();
}
const teams = await getUserTeams(userId, query);
return json(teams);
}

66
src/app/api/users/[userId]/usage/route.ts Normal file
View file

@ -0,0 +1,66 @@
import { z } from 'zod';
import { json, unauthorized, badRequest } from 'lib/response';
import { getAllUserWebsitesIncludingTeamOwner } from 'queries/prisma/website';
import { getEventUsage } from 'queries/analytics/events/getEventUsage';
import { getEventDataUsage } from 'queries/analytics/events/getEventDataUsage';
import { checkAuth } from 'lib/auth';
import { checkRequest } from 'lib/request';
const schema = z.object({
startAt: z.coerce.number(),
endAt: z.coerce.number(),
});
export async function GET(request: Request, { params }: { params: Promise<{ userId: string }> }) {
const { query, error } = await checkRequest(request, schema);
if (error) {
return badRequest(error);
}
const auth = await checkAuth(request);
if (!auth || !auth.user.isAdmin) {
return unauthorized();
}
const { userId } = await params;
const { startAt, endAt } = query;
const startDate = new Date(+startAt);
const endDate = new Date(+endAt);
const websites = await getAllUserWebsitesIncludingTeamOwner(userId);
const websiteIds = websites.map(a => a.id);
const websiteEventUsage = await getEventUsage(websiteIds, startDate, endDate);
const eventDataUsage = await getEventDataUsage(websiteIds, startDate, endDate);
const websiteUsage = websites.map(a => ({
websiteId: a.id,
websiteName: a.name,
websiteEventUsage: websiteEventUsage.find(b => a.id === b.websiteId)?.count || 0,
eventDataUsage: eventDataUsage.find(b => a.id === b.websiteId)?.count || 0,
deletedAt: a.deletedAt,
}));
const usage = websiteUsage.reduce(
(acc, cv) => {
acc.websiteEventUsage += cv.websiteEventUsage;
acc.eventDataUsage += cv.eventDataUsage;
return acc;
},
{ websiteEventUsage: 0, eventDataUsage: 0 },
);
const filteredWebsiteUsage = websiteUsage.filter(
a => !a.deletedAt && (a.websiteEventUsage > 0 || a.eventDataUsage > 0),
);
return json({
...usage,
websites: filteredWebsiteUsage,
});
}

29
src/app/api/users/[userId]/websites/route.ts Normal file
View file

@ -0,0 +1,29 @@
import { z } from 'zod';
import { unauthorized, json, badRequest } from 'lib/response';
import { getUserWebsites } from 'queries/prisma/website';
import { pagingParams } from 'lib/schema';
import { checkRequest } from 'lib/request';
import { checkAuth } from 'lib/auth';
const schema = z.object({
...pagingParams,
});
export async function GET(request: Request, { params }: { params: Promise<{ userId: string }> }) {
const { query, error } = await checkRequest(request, schema);
if (error) {
return badRequest(error);
}
const { userId } = await params;
const auth = await checkAuth(request);
if (!auth || (!auth.user.isAdmin && auth.user.id !== userId)) {
return unauthorized();
}
const websites = await getUserWebsites(userId, query);
return json(websites);
}

46
src/app/api/users/route.ts Normal file
View file

@ -0,0 +1,46 @@
import { z } from 'zod';
import { hashPassword } from 'next-basics';
import { canCreateUser, checkAuth } from 'lib/auth';
import { ROLES } from 'lib/constants';
import { uuid } from 'lib/crypto';
import { checkRequest } from 'lib/request';
import { unauthorized, json, badRequest } from 'lib/response';
import { createUser, getUserByUsername } from 'queries';
const schema = z.object({
username: z.string().max(255),
password: z.string(),
id: z.string().uuid(),
role: z.string().regex(/admin|user|view-only/i),
});
export async function POST(request: Request) {
const { body, error } = await checkRequest(request, schema);
if (error) {
return badRequest(error);
}
const auth = await checkAuth(request);
if (!auth || !(await canCreateUser(auth))) {
return unauthorized();
}
const { username, password, role, id } = body;
const existingUser = await getUserByUsername(username, { showDeleted: true });
if (existingUser) {
return badRequest('User already exists');
}
const user = await createUser({
id: id || uuid(),
username,
password: hashPassword(password),
role: role ?? ROLES.user,
});
return json(user);
}

6
src/app/api/version/route.ts Normal file
View file

@ -0,0 +1,6 @@
import { json } from 'lib/response';
import { CURRENT_VERSION } from 'lib/constants';
export async function GET() {
return json({ version: CURRENT_VERSION });
}

24
src/app/api/websites/[websiteId]/active/route.ts Normal file
View file

@ -0,0 +1,24 @@
import { canViewWebsite, checkAuth } from 'lib/auth';
import { json, unauthorized } from 'lib/response';
import { getActiveVisitors } from 'queries';
export async function GET(
request: Request,
{ params }: { params: Promise<{ websiteId: string }> },
) {
const auth = await checkAuth(request);
if (!auth) {
return unauthorized();
}
const { websiteId } = await params;
if (!(await canViewWebsite(auth, websiteId))) {
return unauthorized();
}
const result = await getActiveVisitors(websiteId);
return json(result);
}

19
src/app/api/websites/[websiteId]/daterange/route.ts Normal file
View file

@ -0,0 +1,19 @@
import { canViewWebsite, checkAuth } from 'lib/auth';
import { getWebsiteDateRange } from 'queries';
import { json, unauthorized } from 'lib/response';
export async function GET(
request: Request,
{ params }: { params: Promise<{ websiteId: string }> },
) {
const auth = await checkAuth(request);
const { websiteId } = await params;
if (!auth || !(await canViewWebsite(auth, websiteId))) {
return unauthorized();
}
const result = await getWebsiteDateRange(websiteId);
return json(result);
}

97
src/app/api/websites/[websiteId]/metrics/route.ts Normal file
View file

@ -0,0 +1,97 @@
import { canViewWebsite, checkAuth } from 'lib/auth';
import { SESSION_COLUMNS, EVENT_COLUMNS, FILTER_COLUMNS, OPERATORS } from 'lib/constants';
import { getRequestFilters, getRequestDateRange, checkRequest } from 'lib/request';
import { getPageviewMetrics, getSessionMetrics } from 'queries';
import { z } from 'zod';
import { json, unauthorized, badRequest } from 'lib/response';
const schema = z.object({
type: z.string(),
startAt: z.coerce.number(),
endAt: z.coerce.number(),
// optional
url: z.string().optional(),
referrer: z.string().optional(),
title: z.string().optional(),
query: z.string().optional(),
host: z.string().optional(),
os: z.string().optional(),
browser: z.string().optional(),
device: z.string().optional(),
country: z.string().optional(),
region: z.string().optional(),
city: z.string().optional(),
language: z.string().optional(),
event: z.string().optional(),
limit: z.coerce.number().optional(),
offset: z.coerce.number().optional(),
search: z.string().optional(),
tag: z.string().optional(),
});
export async function GET(
request: Request,
{ params }: { params: Promise<{ websiteId: string }> },
) {
const { query, error } = await checkRequest(request, schema);
if (error) {
return badRequest(error);
}
const auth = await checkAuth(request);
const { websiteId } = await params;
const { type, limit, offset, search } = query;
if (!auth || !(await canViewWebsite(auth, websiteId))) {
return unauthorized();
}
const { startDate, endDate } = await getRequestDateRange(query);
const column = FILTER_COLUMNS[type] || type;
const filters = {
...getRequestFilters(query),
startDate,
endDate,
};
if (search) {
filters[type] = {
name: type,
column,
operator: OPERATORS.contains,
value: search,
};
}
if (SESSION_COLUMNS.includes(type)) {
const data = await getSessionMetrics(websiteId, type, filters, limit, offset);
if (type === 'language') {
const combined = {};
for (const { x, y } of data) {
const key = String(x).toLowerCase().split('-')[0];
if (combined[key] === undefined) {
combined[key] = { x: key, y };
} else {
combined[key].y += y;
}
}
return json(Object.values(combined));
}
return json(data);
}
if (EVENT_COLUMNS.includes(type)) {
const data = await getPageviewMetrics(websiteId, type, filters, limit, offset);
return json(data);
}
return badRequest();
}

96
src/app/api/websites/[websiteId]/pageviews/route.ts Normal file
View file

@ -0,0 +1,96 @@
import { z } from 'zod';
import { canViewWebsite, checkAuth } from 'lib/auth';
import { getRequestFilters, getRequestDateRange, checkRequest } from 'lib/request';
import { unit, timezone } from 'lib/schema';
import { getCompareDate } from 'lib/date';
import { badRequest, unauthorized, json } from 'lib/response';
import { getPageviewStats, getSessionStats } from 'queries';
const schema = z.object({
startAt: z.coerce.number(),
endAt: z.coerce.number(),
unit,
timezone,
url: z.string().optional(),
referrer: z.string().optional(),
title: z.string().optional(),
host: z.string().optional(),
os: z.string().optional(),
browser: z.string().optional(),
device: z.string().optional(),
country: z.string().optional(),
region: z.string().optional(),
city: z.string().optional(),
tag: z.string().optional(),
compare: z.string().optional(),
});
export async function GET(
request: Request,
{ params }: { params: Promise<{ websiteId: string }> },
) {
const { query, error } = await checkRequest(request, schema);
if (error) {
return badRequest(error);
}
const auth = await checkAuth(request);
const { websiteId } = await params;
const { timezone, compare } = query;
if (!auth || !(await canViewWebsite(auth, websiteId))) {
return unauthorized();
}
const { startDate, endDate, unit } = await getRequestDateRange(query);
const filters = {
...getRequestFilters(query),
startDate,
endDate,
timezone,
unit,
};
const [pageviews, sessions] = await Promise.all([
getPageviewStats(websiteId, filters),
getSessionStats(websiteId, filters),
]);
if (compare) {
const { startDate: compareStartDate, endDate: compareEndDate } = getCompareDate(
compare,
startDate,
endDate,
);
const [comparePageviews, compareSessions] = await Promise.all([
getPageviewStats(websiteId, {
...filters,
startDate: compareStartDate,
endDate: compareEndDate,
}),
getSessionStats(websiteId, {
...filters,
startDate: compareStartDate,
endDate: compareEndDate,
}),
]);
return json({
pageviews,
sessions,
startDate,
endDate,
compare: {
pageviews: comparePageviews,
sessions: compareSessions,
startDate: compareStartDate,
endDate: compareEndDate,
},
});
}
return json({ pageviews, sessions });
}

37
src/app/api/websites/[websiteId]/reports/route.ts Normal file
View file

@ -0,0 +1,37 @@
import { z } from 'zod';
import { canViewWebsite, checkAuth } from 'lib/auth';
import { getWebsiteReports } from 'queries';
import { pagingParams } from 'lib/schema';
import { checkRequest } from 'lib/request';
import { badRequest, unauthorized, json } from 'lib/response';
const schema = z.object({
...pagingParams,
});
export async function GET(
request: Request,
{ params }: { params: Promise<{ websiteId: string }> },
) {
const { query, error } = await checkRequest(request, schema);
if (error) {
return badRequest(error);
}
const auth = await checkAuth(request);
const { websiteId } = await params;
const { page, pageSize, search } = query;
if (!auth || !(await canViewWebsite(auth, websiteId))) {
return unauthorized();
}
const data = await getWebsiteReports(websiteId, {
page: +page,
pageSize: +pageSize,
search,
});
return json(data);
}

19
src/app/api/websites/[websiteId]/reset/route.ts Normal file
View file

@ -0,0 +1,19 @@
import { canUpdateWebsite, checkAuth } from 'lib/auth';
import { resetWebsite } from 'queries';
import { unauthorized, ok } from 'lib/response';
export async function POST(
request: Request,
{ params }: { params: Promise<{ websiteId: string }> },
) {
const auth = await checkAuth(request);
const { websiteId } = await params;
if (!auth || !(await canUpdateWebsite(auth, websiteId))) {
return unauthorized();
}
await resetWebsite(websiteId);
return ok();
}

85
src/app/api/websites/[websiteId]/route.ts Normal file
View file

@ -0,0 +1,85 @@
import { z } from 'zod';
import { canUpdateWebsite, canDeleteWebsite, checkAuth, canViewWebsite } from 'lib/auth';
import { SHARE_ID_REGEX } from 'lib/constants';
import { checkRequest } from 'lib/request';
import { ok, json, badRequest, unauthorized, serverError } from 'lib/response';
import { deleteWebsite, getWebsite, updateWebsite } from 'queries';
export async function GET(
request: Request,
{ params }: { params: Promise<{ websiteId: string }> },
) {
const auth = await checkAuth(request);
if (!auth) {
return unauthorized();
}
const { websiteId } = await params;
if (!(await canViewWebsite(auth, websiteId))) {
return unauthorized();
}
const website = await getWebsite(websiteId);
return json(website);
}
export async function POST(
request: Request,
{ params }: { params: Promise<{ websiteId: string }> },
) {
const schema = z.object({
name: z.string(),
domain: z.string(),
shareId: z.string().regex(SHARE_ID_REGEX).nullable(),
});
const { body, error } = await checkRequest(request, schema);
if (error) {
return badRequest(error);
}
const auth = await checkAuth(request);
const { websiteId } = await params;
const { name, domain, shareId } = body;
if (!auth || !(await canUpdateWebsite(auth, websiteId))) {
return unauthorized();
}
try {
const website = await updateWebsite(websiteId, { name, domain, shareId });
return Response.json(website);
} catch (e: any) {
if (e.message.includes('Unique constraint') && e.message.includes('share_id')) {
return serverError(new Error('That share ID is already taken.'));
}
return serverError(e);
}
}
export async function DELETE(
request: Request,
{ params }: { params: Promise<{ websiteId: string }> },
) {
const auth = await checkAuth(request);
if (!auth) {
return unauthorized();
}
const { websiteId } = await params;
if (!(await canDeleteWebsite(auth, websiteId))) {
return unauthorized();
}
await deleteWebsite(websiteId);
return ok();
}

76
src/app/api/websites/[websiteId]/stats/route.ts Normal file
View file

@ -0,0 +1,76 @@
import { z } from 'zod';
import { checkRequest, getRequestDateRange, getRequestFilters } from 'lib/request';
import { badRequest, unauthorized, json } from 'lib/response';
import { checkAuth, canViewWebsite } from 'lib/auth';
import { getCompareDate } from 'lib/date';
import { getWebsiteStats } from 'queries';
const schema = z.object({
startAt: z.coerce.number(),
endAt: z.coerce.number(),
// optional
url: z.string().optional(),
referrer: z.string().optional(),
title: z.string().optional(),
query: z.string().optional(),
event: z.string().optional(),
host: z.string().optional(),
os: z.string().optional(),
browser: z.string().optional(),
device: z.string().optional(),
country: z.string().optional(),
region: z.string().optional(),
city: z.string().optional(),
tag: z.string().optional(),
compare: z.string().optional(),
});
export async function GET(
request: Request,
{ params }: { params: Promise<{ websiteId: string }> },
) {
const { query, error } = await checkRequest(request, schema);
if (error) {
return badRequest(error);
}
const auth = await checkAuth(request);
const { websiteId } = await params;
const { compare } = query;
if (!auth || !(await canViewWebsite(auth, websiteId))) {
return unauthorized();
}
const { startDate, endDate } = await getRequestDateRange(query);
const { startDate: compareStartDate, endDate: compareEndDate } = getCompareDate(
compare,
startDate,
endDate,
);
const filters = getRequestFilters(query);
const metrics = await getWebsiteStats(websiteId, {
...filters,
startDate,
endDate,
});
const prevPeriod = await getWebsiteStats(websiteId, {
...filters,
startDate: compareStartDate,
endDate: compareEndDate,
});
const stats = Object.keys(metrics[0]).reduce((obj, key) => {
obj[key] = {
value: Number(metrics[0][key]) || 0,
prev: Number(prevPeriod[0][key]) || 0,
};
return obj;
}, {});
return json(stats);
}

51
src/app/api/websites/[websiteId]/transfer/route.ts Normal file
View file

@ -0,0 +1,51 @@
import { z } from 'zod';
import { canTransferWebsiteToTeam, canTransferWebsiteToUser, checkAuth } from 'lib/auth';
import { updateWebsite } from 'queries';
import { checkRequest } from 'lib/request';
import { badRequest, unauthorized, json } from 'lib/response';
const schema = z.object({
userId: z.string().uuid().optional(),
teamId: z.string().uuid().optional(),
});
export async function POST(
request: Request,
{ params }: { params: Promise<{ websiteId: string }> },
) {
const { body, error } = await checkRequest(request, schema);
if (error) {
return badRequest(error);
}
const auth = await checkAuth(request);
const { websiteId } = await params;
const { userId, teamId } = body;
if (!auth) {
return unauthorized();
} else if (userId) {
if (!(await canTransferWebsiteToUser(auth, websiteId, userId))) {
return unauthorized();
}
const website = await updateWebsite(websiteId, {
userId,
teamId: null,
});
return json(website);
} else if (teamId) {
if (!(await canTransferWebsiteToTeam(auth, websiteId, teamId))) {
return unauthorized();
}
const website = await updateWebsite(websiteId, {
userId: null,
teamId,
});
return json(website);
}
}

41
src/app/api/websites/[websiteId]/values/route.ts Normal file
View file

@ -0,0 +1,41 @@
import { z } from 'zod';
import { canViewWebsite, checkAuth } from 'lib/auth';
import { EVENT_COLUMNS, FILTER_COLUMNS, SESSION_COLUMNS } from 'lib/constants';
import { getValues } from 'queries';
import { checkRequest, getRequestDateRange } from 'lib/request';
import { badRequest, json, unauthorized } from 'lib/response';
const schema = z.object({
type: z.string(),
startAt: z.coerce.number(),
endAt: z.coerce.number(),
search: z.string().optional(),
});
export async function GET(
request: Request,
{ params }: { params: Promise<{ websiteId: string }> },
) {
const { query, error } = await checkRequest(request, schema);
if (error) {
return badRequest(error);
}
const auth = await checkAuth(request);
const { websiteId } = await params;
const { type, search } = query;
const { startDate, endDate } = await getRequestDateRange(request);
if (!auth || !(await canViewWebsite(auth, websiteId))) {
return unauthorized();
}
if (!SESSION_COLUMNS.includes(type) && !EVENT_COLUMNS.includes(type)) {
return badRequest();
}
const values = await getValues(websiteId, FILTER_COLUMNS[type], startDate, endDate, search);
return json(values.filter(n => n).sort());
}

71
src/app/api/websites/route.ts Normal file
View file

@ -0,0 +1,71 @@
import { z } from 'zod';
import { canCreateTeamWebsite, canCreateWebsite, checkAuth } from 'lib/auth';
import { json, badRequest, unauthorized } from 'lib/response';
import { uuid } from 'lib/crypto';
import { checkRequest } from 'lib/request';
import { createWebsite, getUserWebsites } from 'queries';
import { pagingParams } from 'lib/schema';
export async function GET(request: Request) {
const schema = z.object({ ...pagingParams });
const { query, error } = await checkRequest(request, schema);
if (error) {
return badRequest(error);
}
const auth = await checkAuth(request);
if (!auth) {
return unauthorized();
}
const websites = await getUserWebsites(auth.user.userId, query);
return json(websites);
}
export async function POST(request: Request) {
const schema = z.object({
name: z.string().max(100),
domain: z.string().max(500),
shareId: z.string().max(50).nullable(),
teamId: z.string().nullable(),
});
const { body, error } = await checkRequest(request, schema);
if (error) {
return badRequest(error);
}
const auth = await checkAuth(request);
if (!auth) {
return unauthorized();
}
const { name, domain, shareId, teamId } = body;
if ((teamId && !(await canCreateTeamWebsite(auth, teamId))) || !(await canCreateWebsite(auth))) {
return unauthorized();
}
const data: any = {
id: uuid(),
createdBy: auth.user.userId,
name,
domain,
shareId,
teamId,
};
if (!teamId) {
data.userId = auth.user.userId;
}
const website = await createWebsite(data);
return json(website);
}