analytics/lib/plausible_web/controllers/api/stats_controller.ex

defmodule PlausibleWeb.Api.StatsController do
  use PlausibleWeb, :controller
  use Plausible.Repo
  alias Plausible.Stats
  plug :authorize

  def main_graph(conn, params) do
    site = conn.assigns[:site]
    query = Stats.Query.from(site.timezone, params)

    plot_task = Task.async(fn -> Stats.calculate_plot(site, query) end)
    {pageviews, visitors} = Stats.pageviews_and_visitors(site, query)
    {change_pageviews, change_visitors} = Stats.compare_pageviews_and_visitors(site, query, {pageviews, visitors})
    {plot, labels, present_index} = Task.await(plot_task)

    json(conn, %{
      plot: plot,
      labels: labels,
      present_index: present_index,
      pageviews: pageviews,
      unique_visitors: visitors,
      change_pageviews: change_pageviews,
      change_visitors: change_visitors,
      interval: query.step_type
    })
  end

  def referrers(conn, params) do
    site = conn.assigns[:site]
    query = Stats.Query.from(site.timezone, params)

    json(conn, Stats.top_referrers(site, query, params["limit"] || 5))
  end

  def referrer_drilldown(conn, %{"referrer" => "Google"} = params) do
    site = conn.assigns[:site] |> Repo.preload(:google_auth)
    query = Stats.Query.from(site.timezone, params)

    search_terms = if site.google_auth && site.google_auth.property do
      Plausible.Google.Api.fetch_stats(site.google_auth, query)
    end

    case search_terms do
      nil ->
        total_visitors = Stats.visitors_from_referrer(site, query, "Google")
        user_id = get_session(conn, :current_user_id)
        is_owner = user_id && Plausible.Sites.is_owner?(user_id, site)
        json(conn, %{not_configured: true, is_owner: is_owner, total_visitors: total_visitors})
      {:ok, terms} ->
        total_visitors = Stats.visitors_from_referrer(site, query, "Google")
        json(conn, %{search_terms: terms, total_visitors: total_visitors})
      {:error, e} ->
        put_status(conn, 500)
        |> json(%{error: e})
    end
  end

  def referrer_drilldown(conn, %{"referrer" => referrer} = params) do
    site = conn.assigns[:site]
    query = Stats.Query.from(site.timezone, params)

    referrers = Stats.referrer_drilldown(site, query, referrer)
    total_visitors = Stats.visitors_from_referrer(site, query, referrer)
    json(conn, %{referrers: referrers, total_visitors: total_visitors})
  end

  def pages(conn, params) do
    site = conn.assigns[:site]
    query = Stats.Query.from(site.timezone, params)

    json(conn, Stats.top_pages(site, query, params["limit"] || 5))
  end

  def countries(conn, params) do
    site = conn.assigns[:site]
    query = Stats.Query.from(site.timezone, params)

    json(conn, Stats.countries(site, query, parse_integer(params["limit"]) || 5))
  end

  def browsers(conn, params) do
    site = conn.assigns[:site]
    query = Stats.Query.from(site.timezone, params)

    json(conn, Stats.browsers(site, query, parse_integer(params["limit"]) || 5))
  end

  def operating_systems(conn, params) do
    site = conn.assigns[:site]
    query = Stats.Query.from(site.timezone, params)

    json(conn, Stats.operating_systems(site, query, parse_integer(params["limit"]) || 5))
  end

  def screen_sizes(conn, params) do
    site = conn.assigns[:site]
    query = Stats.Query.from(site.timezone, params)

    json(conn, Stats.top_screen_sizes(site, query))
  end

  def conversions(conn, params) do
    site = conn.assigns[:site]
    query = Stats.Query.from(site.timezone, params)

    json(conn, Stats.goal_conversions(site, query))
  end

  def current_visitors(conn, _) do
    json(conn, Stats.current_visitors(conn.assigns[:site]))
  end

  defp parse_integer(nil), do: nil

  defp parse_integer(nr) do
    case Integer.parse(nr) do
      {number, ""} -> number
      _ -> nil
    end
  end

  @doc """
    When the stats dashboard is loaded we make > 8 API calls. Instead of hitting the DB to authorize each
    request we 'memoize' the fact that the current user has access to the site stats. It is invalidated
    every 30 minutes and we hit the DB again to make sure their access hasn't been revoked.
  """
  def authorize(conn, _opts) do
    site_session_key = "authorized_site__" <> conn.params["domain"]
    user_id = get_session(conn, :current_user_id)

    case get_session(conn, site_session_key) do
      nil ->
        verify_access_via_db(conn, user_id, site_session_key)
      site_session ->
        if site_session[:valid_until] > DateTime.to_unix(Timex.now()) do
          assign(conn, :site, %Plausible.Site{
            id: site_session[:id],
            domain: site_session[:domain],
            timezone: site_session[:timezone]
          })
        else
          verify_access_via_db(conn, user_id, site_session_key)
        end
    end
  end

  defp verify_access_via_db(conn, user_id, site_session_key) do
    site = Repo.get_by(Plausible.Site, domain: conn.params["domain"])

    if !site do
      send_resp(conn, 401, "") |> halt
    else
      can_access = site.public || (user_id && Plausible.Sites.is_owner?(user_id, site))

      if !can_access do
        send_resp(conn, 401, "") |> halt
      else
        put_session(conn, site_session_key, %{
          id: site.id,
          domain: site.domain,
          timezone: site.timezone,
          valid_until: Timex.now() |> Timex.shift(minutes: 30) |> DateTime.to_unix()
        })
        |> assign(:site, site)
      end
    end
  end
end
React (#17) * Load dashboard with react * Rename stast2 to dashboard * Save timeframe on the frontend * Implement current visitors * Implement comparisons * React to route changes * Add modals * Show number of visitors on hover * Show 'Today' for today * Add 30 days * Show referrer drilldown * Arrow keys to go back and forward * Improve comparisons UI * Fix dropdown when clicking on it * Verify API access in a memoized fashion * Test API access * Test stats through controller * Move map formatting from stats controller to stats * Remove unused code * Remove dead code from query * Remove dead code from stats templates * Add stats view test back in * Render modal inside the modal component * Implement google search terms * Add explanation for screen sizes * Separate dashboard JS from the app js 2019-11-19 07:30:42 +03:00			`defmodule PlausibleWeb.Api.StatsController do`
			`use PlausibleWeb, :controller`
			`use Plausible.Repo`
			`alias Plausible.Stats`
			`plug :authorize`

			`def main_graph(conn, params) do`
			`site = conn.assigns[:site]`
			`query = Stats.Query.from(site.timezone, params)`

			`plot_task = Task.async(fn -> Stats.calculate_plot(site, query) end)`
			`{pageviews, visitors} = Stats.pageviews_and_visitors(site, query)`
			`{change_pageviews, change_visitors} = Stats.compare_pageviews_and_visitors(site, query, {pageviews, visitors})`
			`{plot, labels, present_index} = Task.await(plot_task)`

			`json(conn, %{`
			`plot: plot,`
			`labels: labels,`
			`present_index: present_index,`
			`pageviews: pageviews,`
			`unique_visitors: visitors,`
			`change_pageviews: change_pageviews,`
			`change_visitors: change_visitors,`
			`interval: query.step_type`
			`})`
			`end`

			`def referrers(conn, params) do`
			`site = conn.assigns[:site]`
			`query = Stats.Query.from(site.timezone, params)`

			`json(conn, Stats.top_referrers(site, query, params["limit"] \|\| 5))`
			`end`

			`def referrer_drilldown(conn, %{"referrer" => "Google"} = params) do`
			`site = conn.assigns[:site] \|> Repo.preload(:google_auth)`
			`query = Stats.Query.from(site.timezone, params)`

			`search_terms = if site.google_auth && site.google_auth.property do`
			`Plausible.Google.Api.fetch_stats(site.google_auth, query)`
			`end`

			`case search_terms do`
			`nil ->`
			`total_visitors = Stats.visitors_from_referrer(site, query, "Google")`
			`user_id = get_session(conn, :current_user_id)`
			`is_owner = user_id && Plausible.Sites.is_owner?(user_id, site)`
			`json(conn, %{not_configured: true, is_owner: is_owner, total_visitors: total_visitors})`
			`{:ok, terms} ->`
			`total_visitors = Stats.visitors_from_referrer(site, query, "Google")`
			`json(conn, %{search_terms: terms, total_visitors: total_visitors})`
			`{:error, e} ->`
			`put_status(conn, 500)`
			`\|> json(%{error: e})`
			`end`
			`end`

			`def referrer_drilldown(conn, %{"referrer" => referrer} = params) do`
			`site = conn.assigns[:site]`
			`query = Stats.Query.from(site.timezone, params)`

			`referrers = Stats.referrer_drilldown(site, query, referrer)`
			`total_visitors = Stats.visitors_from_referrer(site, query, referrer)`
			`json(conn, %{referrers: referrers, total_visitors: total_visitors})`
			`end`

			`def pages(conn, params) do`
			`site = conn.assigns[:site]`
			`query = Stats.Query.from(site.timezone, params)`

			`json(conn, Stats.top_pages(site, query, params["limit"] \|\| 5))`
			`end`

			`def countries(conn, params) do`
			`site = conn.assigns[:site]`
			`query = Stats.Query.from(site.timezone, params)`

			`json(conn, Stats.countries(site, query, parse_integer(params["limit"]) \|\| 5))`
			`end`

			`def browsers(conn, params) do`
			`site = conn.assigns[:site]`
			`query = Stats.Query.from(site.timezone, params)`

			`json(conn, Stats.browsers(site, query, parse_integer(params["limit"]) \|\| 5))`
			`end`

			`def operating_systems(conn, params) do`
			`site = conn.assigns[:site]`
			`query = Stats.Query.from(site.timezone, params)`

			`json(conn, Stats.operating_systems(site, query, parse_integer(params["limit"]) \|\| 5))`
			`end`

			`def screen_sizes(conn, params) do`
			`site = conn.assigns[:site]`
			`query = Stats.Query.from(site.timezone, params)`

			`json(conn, Stats.top_screen_sizes(site, query))`
			`end`

			`def conversions(conn, params) do`
			`site = conn.assigns[:site]`
			`query = Stats.Query.from(site.timezone, params)`

			`json(conn, Stats.goal_conversions(site, query))`
			`end`

			`def current_visitors(conn, _) do`
			`json(conn, Stats.current_visitors(conn.assigns[:site]))`
			`end`

			`defp parse_integer(nil), do: nil`

			`defp parse_integer(nr) do`
			`case Integer.parse(nr) do`
			`{number, ""} -> number`
			`_ -> nil`
			`end`
			`end`

			`@doc """`
			`When the stats dashboard is loaded we make > 8 API calls. Instead of hitting the DB to authorize each`
			`request we 'memoize' the fact that the current user has access to the site stats. It is invalidated`
			`every 30 minutes and we hit the DB again to make sure their access hasn't been revoked.`
			`"""`
			`def authorize(conn, _opts) do`
			`site_session_key = "authorized_site__" <> conn.params["domain"]`
			`user_id = get_session(conn, :current_user_id)`

			`case get_session(conn, site_session_key) do`
			`nil ->`
			`verify_access_via_db(conn, user_id, site_session_key)`
			`site_session ->`
			`if site_session[:valid_until] > DateTime.to_unix(Timex.now()) do`
			`assign(conn, :site, %Plausible.Site{`
			`id: site_session[:id],`
			`domain: site_session[:domain],`
			`timezone: site_session[:timezone]`
			`})`
			`else`
			`verify_access_via_db(conn, user_id, site_session_key)`
			`end`
			`end`
			`end`

			`defp verify_access_via_db(conn, user_id, site_session_key) do`
			`site = Repo.get_by(Plausible.Site, domain: conn.params["domain"])`

			`if !site do`
			`send_resp(conn, 401, "") \|> halt`
			`else`
			`can_access = site.public \|\| (user_id && Plausible.Sites.is_owner?(user_id, site))`

			`if !can_access do`
			`send_resp(conn, 401, "") \|> halt`
			`else`
			`put_session(conn, site_session_key, %{`
			`id: site.id,`
			`domain: site.domain,`
			`timezone: site.timezone,`
			`valid_until: Timex.now() \|> Timex.shift(minutes: 30) \|> DateTime.to_unix()`
			`})`
			`\|> assign(:site, site)`
			`end`
			`end`
			`end`
			`end`