watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2025-12-08 05:12:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Fix Website auth.

Browse source
This commit is contained in:
Brian Cao 2022-11-18 18:49:58 -08:00
parent 1af93a17a3
commit e28ee6597a
23 changed files with 108 additions and 105 deletions
Download patch file Download diff file Expand all files Collapse all files

3
pages/api/auth/login.ts
View file

@ -7,12 +7,11 @@ import {
methodNotAllowed,
getRandomChars,
} from 'next-basics';
import { getUser } from 'queries';
import { getUser, User } from 'queries';
import { secret } from 'lib/crypto';
import redis from 'lib/redis';
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { NextApiResponse } from 'next';
import { User } from 'interface/api/models';
export interface LoginRequestBody {
username: string;

17
pages/api/users/[id]/password.ts
View file

@ -1,18 +1,17 @@
import { getUser, updateUser } from 'queries';
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { allowQuery } from 'lib/auth';
import { UmamiApi } from 'lib/constants';
import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next';
import {
badRequest,
checkPassword,
hashPassword,
methodNotAllowed,
ok,
unauthorized,
checkPassword,
hashPassword,
} from 'next-basics';
import { allowQuery } from 'lib/auth';
import { TYPE_USER } from 'lib/constants';
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { NextApiResponse } from 'next';
import { User } from 'interface/api/models';
import { getUser, updateUser, User } from 'queries';
export interface UserPasswordRequestQuery {
id: string;
@ -32,7 +31,7 @@ export default async (
const { current_password, new_password } = req.body;
const { id } = req.query;
if (!(await allowQuery(req, TYPE_USER))) {
if (!(await allowQuery(req, UmamiApi.AuthType.User))) {
return unauthorized(res);
}

12
pages/api/websites/[id]/active.ts
View file

@ -1,11 +1,11 @@
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { allowQuery } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { getActiveVisitors } from 'queries';
import { TYPE_WEBSITE } from 'lib/constants';
import { WebsiteActive } from 'interface/api/models';
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { allowQuery } from 'lib/auth';
import { UmamiApi } from 'lib/constants';
import { useAuth, useCors } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getActiveVisitors } from 'queries';
export interface WebsiteActiveRequestQuery {
id: string;
@ -19,7 +19,7 @@ export default async (
await useAuth(req, res);
if (req.method === 'GET') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
if (!(await allowQuery(req, UmamiApi.AuthType.Website))) {
return unauthorized(res);
}

25
pages/api/websites/[id]/eventdata.ts
View file

@ -1,12 +1,11 @@
import moment from 'moment-timezone';
import { getEventData } from 'queries';
import { ok, badRequest, methodNotAllowed, unauthorized } from 'next-basics';
import { allowQuery } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { TYPE_WEBSITE } from 'lib/constants';
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { NextApiResponse } from 'next';
import { WebsiteMetric } from 'interface/api/models';
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { allowQuery } from 'lib/auth';
import { UmamiApi } from 'lib/constants';
import { useAuth, useCors } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getEventData } from 'queries';
export interface WebsiteEventDataRequestQuery {
id: string;
@ -15,7 +14,6 @@ export interface WebsiteEventDataRequestQuery {
export interface WebsiteEventDataRequestBody {
start_at: string;
end_at: string;
timezone: string;
event_name: string;
columns: { [key: string]: 'count' | 'max' | 'min' | 'avg' | 'sum' };
filters?: { [key: string]: any };
@ -29,17 +27,13 @@ export default async (
await useAuth(req, res);
if (req.method === 'POST') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
if (!(await allowQuery(req, UmamiApi.AuthType.Website))) {
return unauthorized(res);
}
const { id: websiteId } = req.query;
const { start_at, end_at, timezone, event_name: eventName, columns, filters } = req.body;
if (!moment.tz.zone(timezone)) {
return badRequest(res);
}
const { start_at, end_at, event_name: eventName, columns, filters } = req.body;
const startDate = new Date(+start_at);
const endDate = new Date(+end_at);
@ -47,7 +41,6 @@ export default async (
const events = await getEventData(websiteId, {
startDate,
endDate,
timezone,
eventName,
columns,
filters,

4
pages/api/websites/[id]/events.ts
View file

@ -1,7 +1,7 @@
import { WebsiteMetric } from 'interface/api/models';
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { allowQuery } from 'lib/auth';
import { TYPE_WEBSITE } from 'lib/constants';
import { UmamiApi } from 'lib/constants';
import { useAuth, useCors } from 'lib/middleware';
import moment from 'moment-timezone';
import { NextApiResponse } from 'next';
@ -28,7 +28,7 @@ export default async (
await useAuth(req, res);
if (req.method === 'GET') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
if (!(await allowQuery(req, UmamiApi.AuthType.Website))) {
return unauthorized(res);
}

14
pages/api/websites/[id]/index.ts
View file

@ -1,11 +1,11 @@
import { Website } from 'interface/api/models';
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { allowQuery } from 'lib/auth';
import { UmamiApi } from 'lib/constants';
import { useAuth, useCors } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, serverError, unauthorized } from 'next-basics';
import { deleteWebsite, getWebsite, updateWebsite } from 'queries';
import { TYPE_WEBSITE } from 'lib/constants';
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { NextApiResponse } from 'next';
import { Website } from 'interface/api/models';
export interface WebsiteRequestQuery {
id: string;
@ -26,7 +26,7 @@ export default async (
const { id: websiteId } = req.query;
if (!(await allowQuery(req, TYPE_WEBSITE))) {
if (!(await allowQuery(req, UmamiApi.AuthType.Website))) {
return unauthorized(res);
}
@ -45,7 +45,7 @@ export default async (
domain,
shareId,
});
} catch (e) {
} catch (e: any) {
if (e.message.includes('Unique constraint') && e.message.includes('share_id')) {
return serverError(res, 'That share ID is already taken.');
}
@ -55,7 +55,7 @@ export default async (
}
if (req.method === 'DELETE') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
if (!(await allowQuery(req, UmamiApi.AuthType.Website))) {
return unauthorized(res);
}

4
pages/api/websites/[id]/metrics.ts
View file

@ -1,7 +1,7 @@
import { WebsiteMetric } from 'interface/api/models';
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { allowQuery } from 'lib/auth';
import { FILTER_IGNORED, TYPE_WEBSITE } from 'lib/constants';
import { FILTER_IGNORED, UmamiApi } from 'lib/constants';
import { useAuth, useCors } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
@ -57,7 +57,7 @@ export default async (
await useAuth(req, res);
if (req.method === 'GET') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
if (!(await allowQuery(req, UmamiApi.AuthType.Website))) {
return unauthorized(res);
}

4
pages/api/websites/[id]/pageviews.ts
View file

@ -1,7 +1,7 @@
import { WebsitePageviews } from 'interface/api/models';
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { allowQuery } from 'lib/auth';
import { TYPE_WEBSITE } from 'lib/constants';
import { UmamiApi } from 'lib/constants';
import { useAuth, useCors } from 'lib/middleware';
import moment from 'moment-timezone';
import { NextApiResponse } from 'next';
@ -33,7 +33,7 @@ export default async (
await useAuth(req, res);
if (req.method === 'GET') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
if (!(await allowQuery(req, UmamiApi.AuthType.Website))) {
return unauthorized(res);
}

12
pages/api/websites/[id]/reset.ts
View file

@ -1,10 +1,10 @@
import { resetWebsite } from 'queries';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { allowQuery } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { TYPE_WEBSITE } from 'lib/constants';
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { allowQuery } from 'lib/auth';
import { UmamiApi } from 'lib/constants';
import { useAuth, useCors } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { resetWebsite } from 'queries';
export interface WebsiteResetRequestQuery {
id: string;
@ -20,7 +20,7 @@ export default async (
const { id: websiteId } = req.query;
if (req.method === 'POST') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
if (!(await allowQuery(req, UmamiApi.AuthType.Website))) {
return unauthorized(res);
}

12
pages/api/websites/[id]/stats.ts
View file

@ -1,11 +1,11 @@
import { getWebsiteStats } from 'queries';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { allowQuery } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { TYPE_WEBSITE } from 'lib/constants';
import { WebsiteStats } from 'interface/api/models';
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { allowQuery } from 'lib/auth';
import { UmamiApi } from 'lib/constants';
import { useAuth, useCors } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getWebsiteStats } from 'queries';
export interface WebsiteStatsRequestQuery {
id: string;
@ -28,7 +28,7 @@ export default async (
await useAuth(req, res);
if (req.method === 'GET') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
if (!(await allowQuery(req, UmamiApi.AuthType.Website))) {
return unauthorized(res);
}