analytics/lib/plausible_web/plugs/authorize_stats_api.ex

defmodule PlausibleWeb.AuthorizeStatsApiPlug do
  import Plug.Conn
  use Plausible.Repo
  alias Plausible.Auth
  alias Plausible.Sites
  alias Plausible.RateLimit
  alias PlausibleWeb.Api.Helpers, as: H

  def init(options) do
    options
  end

  def call(conn, _opts) do
    with {:ok, token} <- get_bearer_token(conn),
         {:ok, api_key} <- Auth.find_api_key(token),
         :ok <- check_api_key_rate_limit(api_key),
         {:ok, site} <- verify_access(api_key, conn.params["site_id"]) do
      Plausible.OpenTelemetry.add_site_attributes(site)
      site = Plausible.Imported.load_import_data(site)
      assign(conn, :site, site)
    else
      {:error, :missing_api_key} ->
        H.unauthorized(
          conn,
          "Missing API key. Please use a valid Plausible API key as a Bearer Token."
        )

      {:error, :missing_site_id} ->
        H.bad_request(
          conn,
          "Missing site ID. Please provide the required site_id parameter with your request."
        )

      {:error, :rate_limit, limit} ->
        H.too_many_requests(
          conn,
          "Too many API requests. Your API key is limited to #{limit} requests per hour. Please contact us to request more capacity."
        )

      {:error, :invalid_api_key} ->
        H.unauthorized(
          conn,
          "Invalid API key or site ID. Please make sure you're using a valid API key with access to the site you've requested."
        )

      {:error, :upgrade_required} ->
        H.payment_required(
          conn,
          "The account that owns this API key does not have access to Stats API. Please make sure you're using the API key of a subscriber account and that the subscription plan includes Stats API"
        )

      {:error, :site_locked} ->
        H.payment_required(
          conn,
          "This Plausible site is locked due to missing active subscription. In order to access it, the site owner should subscribe to a suitable plan"
        )
    end
  end

  defp verify_access(_api_key, nil), do: {:error, :missing_site_id}

  defp verify_access(api_key, site_id) do
    domain_based_search =
      from s in Plausible.Site, where: s.domain == ^site_id or s.domain_changed_from == ^site_id

    case Repo.one(domain_based_search) do
      %Plausible.Site{} = site ->
        is_member? = Sites.is_member?(api_key.user_id, site)
        is_super_admin? = Plausible.Auth.is_super_admin?(api_key.user_id)

        cond do
          is_super_admin? ->
            {:ok, site}

          Sites.locked?(site) ->
            {:error, :site_locked}

          Plausible.Billing.Feature.StatsAPI.check_availability(api_key.user) !== :ok ->
            {:error, :upgrade_required}

          is_member? ->
            {:ok, site}

          true ->
            {:error, :invalid_api_key}
        end

      nil ->
        {:error, :invalid_api_key}
    end
  end

  defp get_bearer_token(conn) do
    authorization_header =
      Plug.Conn.get_req_header(conn, "authorization")
      |> List.first()

    case authorization_header do
      "Bearer " <> token -> {:ok, String.trim(token)}
      _ -> {:error, :missing_api_key}
    end
  end

  @one_hour 60 * 60 * 1000
  defp check_api_key_rate_limit(api_key) do
    case RateLimit.check_rate(
           "api_request:#{api_key.id}",
           @one_hour,
           api_key.hourly_request_limit
         ) do
      {:allow, _} -> :ok
      {:deny, _} -> {:error, :rate_limit, api_key.hourly_request_limit}
    end
  end
end
Add API endpoints for site and shared link creation 2021-04-09 10:30:51 +03:00			`defmodule PlausibleWeb.AuthorizeStatsApiPlug do`
Stats API (#679) * WIP * Add ability to filter by anything * Add API keys * Add version to api endpoint * Fix API test route * Fix API tests * Allow 'date' parameter in '6mo' and '12mo' * Rename session -> visit in API filters * Filter expressions in the API * Implement filters in aggregate call * Add `compare` option to aggregate call * Add way to manage API keys through the UI * Authenticate with API key * Use API key in tests 2021-02-05 12:23:30 +03:00			`import Plug.Conn`
			`use Plausible.Repo`
Implement Stats API feature gate (#3411) * Include ApiKey functions in Auth context * Make feature notice work without %Site{} Previously the extra feature notice required a %Site{} in order to check the owner plan. However, not every feature is scoped by site, for example the Stats API. For features like this, a %User{} is required, and not a %Site{}. This commit replaces the `:site` param with `:billable_user`, which is common to both site and user-scoped features. * Add stats_api to the list of extra features * Limit API Key creation based on user plan 2023-10-11 23:24:16 +03:00			`alias Plausible.Auth`
Block Stats API for locked sites (#2302) * Extract Sites.locked? predicate * Lock Stats API when dashboard is locked * Tidy tests * Don't pollute application env from tests * Add changelog entry * Revert "Add changelog entry" This reverts commit 76346074f936ca6d6b267f27d48e66dd53222a3a. 2022-10-04 15:34:45 +03:00			`alias Plausible.Sites`
rm Hammer (#3571) 2023-12-06 17:07:37 +03:00			`alias Plausible.RateLimit`
Update shared link API 2021-04-15 11:38:44 +03:00			`alias PlausibleWeb.Api.Helpers, as: H`
Stats API (#679) * WIP * Add ability to filter by anything * Add API keys * Add version to api endpoint * Fix API test route * Fix API tests * Allow 'date' parameter in '6mo' and '12mo' * Rename session -> visit in API filters * Filter expressions in the API * Implement filters in aggregate call * Add `compare` option to aggregate call * Add way to manage API keys through the UI * Authenticate with API key * Use API key in tests 2021-02-05 12:23:30 +03:00
			`def init(options) do`
			`options`
			`end`

			`def call(conn, _opts) do`
Add rate limit to API requests 2021-05-25 11:58:49 +03:00			`with {:ok, token} <- get_bearer_token(conn),`
Implement Stats API feature gate (#3411) * Include ApiKey functions in Auth context * Make feature notice work without %Site{} Previously the extra feature notice required a %Site{} in order to check the owner plan. However, not every feature is scoped by site, for example the Stats API. For features like this, a %User{} is required, and not a %Site{}. This commit replaces the `:site` param with `:billable_user`, which is common to both site and user-scoped features. * Add stats_api to the list of extra features * Limit API Key creation based on user plan 2023-10-11 23:24:16 +03:00			`{:ok, api_key} <- Auth.find_api_key(token),`
Add rate limit to API requests 2021-05-25 11:58:49 +03:00			`:ok <- check_api_key_rate_limit(api_key),`
Api improvements (#723) * Require date parameter with custom period * Validate format of the `date` param with custom period * Return proper status codes for auth failures * Add breakdown endpoint * Fix pagination * Add API validations for breakdown call * Change the breakdown endpoint to return an object instead of an array * Remove change to aggregate call * Change timeseries call 2021-02-22 11:21:25 +03:00			`{:ok, site} <- verify_access(api_key, conn.params["site_id"]) do`
OpenTelemetry (OTEL) Implementation (#2317) This pull request improves the current OpenTelemetry implementation. Currently only 1% of the spans are sent, due to the high volume of ingestion requests to /api/event. I enabled the 1% sampling to /api/event only, recording 100% of the other traces. 2022-10-18 18:11:30 +03:00			`Plausible.OpenTelemetry.add_site_attributes(site)`
Add multiple imports per site (#3724) * Clean up references to no longer active `google_analytics_imports` Oban queue * Stub CSV importer * Add SiteImport schema * Rename `Plausible.Imported` module file to match module name * Add `import_id` column to `Imported.` CH schemas Implement Importer behavior and manage imports state using new entities * Implement importer callbacks and maintain site.imported_data for UA * Keep imports in sync when forgetting all imports * Scope imported data queries to completed import IDs * Mark newly imported data with respective import ID * Clean up Importer implementation a bit * Test querying legacy and new imported data * Send Oban notifications on import worker failure too * Fix checking for forgettable imports and remove redundant function * Fix UA integration test * Change site import source to atom enum and add source label * Add typespecs and reduce repetition in `Plausible.Imported` * Improve documentation and typespecs * Add test for purging particular import * Switch email notification templates depending on import source * Document running import synchronously * Fix UA importer args parsing and ensure it's covered by tests * Clear `site.stats_start_date` on complete import to force recalculation * Test Oban notifications (h/t @ruslandoga) * Purge stats on import failure right away to reduce a chance of leaving debris behind * Fix typos Co-authored-by: hq1 <hq@mtod.org> * Fix another typo * Refactor fetching earliest import and earliest stats start date * Use `Date.after?` instead of `Timex.after?` * Cache import data in site virtual fields and limit queried imports to 5 * Ensure always current `stats_start_date` is used * Work around broken typespec in Timex * Make `SiteController.forget_imported` action idempotent * Discard irrecoverably failed import tasks * Use macros for site import statuses There's also a fix ensuring only complete imports are considered where relevant - couldn't isolate it as it was in a common hunk * Use `import_id` as worker job uniqueness criterion * Do not load imported stats data in plugins API context --------- Co-authored-by: hq1 <hq@mtod.org> 2024-02-14 11:32:36 +03:00			`site = Plausible.Imported.load_import_data(site)`
Api improvements (#723) * Require date parameter with custom period * Validate format of the `date` param with custom period * Return proper status codes for auth failures * Add breakdown endpoint * Fix pagination * Add API validations for breakdown call * Change the breakdown endpoint to return an object instead of an array * Remove change to aggregate call * Change timeseries call 2021-02-22 11:21:25 +03:00			`assign(conn, :site, site)`
Stats API (#679) * WIP * Add ability to filter by anything * Add API keys * Add version to api endpoint * Fix API test route * Fix API tests * Allow 'date' parameter in '6mo' and '12mo' * Rename session -> visit in API filters * Filter expressions in the API * Implement filters in aggregate call * Add `compare` option to aggregate call * Add way to manage API keys through the UI * Authenticate with API key * Use API key in tests 2021-02-05 12:23:30 +03:00			`else`
Api improvements (#723) * Require date parameter with custom period * Validate format of the `date` param with custom period * Return proper status codes for auth failures * Add breakdown endpoint * Fix pagination * Add API validations for breakdown call * Change the breakdown endpoint to return an object instead of an array * Remove change to aggregate call * Change timeseries call 2021-02-22 11:21:25 +03:00			`{:error, :missing_api_key} ->`
Update shared link API 2021-04-15 11:38:44 +03:00			`H.unauthorized(`
Api improvements (#723) * Require date parameter with custom period * Validate format of the `date` param with custom period * Return proper status codes for auth failures * Add breakdown endpoint * Fix pagination * Add API validations for breakdown call * Change the breakdown endpoint to return an object instead of an array * Remove change to aggregate call * Change timeseries call 2021-02-22 11:21:25 +03:00			`conn,`
			`"Missing API key. Please use a valid Plausible API key as a Bearer Token."`
			`)`

			`{:error, :missing_site_id} ->`
Update shared link API 2021-04-15 11:38:44 +03:00			`H.bad_request(`
Api improvements (#723) * Require date parameter with custom period * Validate format of the `date` param with custom period * Return proper status codes for auth failures * Add breakdown endpoint * Fix pagination * Add API validations for breakdown call * Change the breakdown endpoint to return an object instead of an array * Remove change to aggregate call * Change timeseries call 2021-02-22 11:21:25 +03:00			`conn,`
			`"Missing site ID. Please provide the required site_id parameter with your request."`
			`)`

Add rate limit to API requests 2021-05-25 11:58:49 +03:00			`{:error, :rate_limit, limit} ->`
			`H.too_many_requests(`
			`conn,`
Adding a note to contact us for more API calls (#2858) this should make it clearer to people that they can get more API capacity when they encounter the "Too many API requests" error 2023-04-18 17:38:32 +03:00			`"Too many API requests. Your API key is limited to #{limit} requests per hour. Please contact us to request more capacity."`
Add rate limit to API requests 2021-05-25 11:58:49 +03:00			`)`

Api improvements (#723) * Require date parameter with custom period * Validate format of the `date` param with custom period * Return proper status codes for auth failures * Add breakdown endpoint * Fix pagination * Add API validations for breakdown call * Change the breakdown endpoint to return an object instead of an array * Remove change to aggregate call * Change timeseries call 2021-02-22 11:21:25 +03:00			`{:error, :invalid_api_key} ->`
Update shared link API 2021-04-15 11:38:44 +03:00			`H.unauthorized(`
Api improvements (#723) * Require date parameter with custom period * Validate format of the `date` param with custom period * Return proper status codes for auth failures * Add breakdown endpoint * Fix pagination * Add API validations for breakdown call * Change the breakdown endpoint to return an object instead of an array * Remove change to aggregate call * Change timeseries call 2021-02-22 11:21:25 +03:00			`conn,`
			`"Invalid API key or site ID. Please make sure you're using a valid API key with access to the site you've requested."`
			`)`
Block Stats API for locked sites (#2302) * Extract Sites.locked? predicate * Lock Stats API when dashboard is locked * Tidy tests * Don't pollute application env from tests * Add changelog entry * Revert "Add changelog entry" This reverts commit 76346074f936ca6d6b267f27d48e66dd53222a3a. 2022-10-04 15:34:45 +03:00
Implement Stats API feature gate (#3411) * Include ApiKey functions in Auth context * Make feature notice work without %Site{} Previously the extra feature notice required a %Site{} in order to check the owner plan. However, not every feature is scoped by site, for example the Stats API. For features like this, a %User{} is required, and not a %Site{}. This commit replaces the `:site` param with `:billable_user`, which is common to both site and user-scoped features. * Add stats_api to the list of extra features * Limit API Key creation based on user plan 2023-10-11 23:24:16 +03:00			`{:error, :upgrade_required} ->`
			`H.payment_required(`
			`conn,`
improve stats api upgrade required error message (#3747) 2024-02-01 20:00:09 +03:00			`"The account that owns this API key does not have access to Stats API. Please make sure you're using the API key of a subscriber account and that the subscription plan includes Stats API"`
Implement Stats API feature gate (#3411) * Include ApiKey functions in Auth context * Make feature notice work without %Site{} Previously the extra feature notice required a %Site{} in order to check the owner plan. However, not every feature is scoped by site, for example the Stats API. For features like this, a %User{} is required, and not a %Site{}. This commit replaces the `:site` param with `:billable_user`, which is common to both site and user-scoped features. * Add stats_api to the list of extra features * Limit API Key creation based on user plan 2023-10-11 23:24:16 +03:00			`)`

Block Stats API for locked sites (#2302) * Extract Sites.locked? predicate * Lock Stats API when dashboard is locked * Tidy tests * Don't pollute application env from tests * Add changelog entry * Revert "Add changelog entry" This reverts commit 76346074f936ca6d6b267f27d48e66dd53222a3a. 2022-10-04 15:34:45 +03:00			`{:error, :site_locked} ->`
			`H.payment_required(`
			`conn,`
			`"This Plausible site is locked due to missing active subscription. In order to access it, the site owner should subscribe to a suitable plan"`
			`)`
Api improvements (#723) * Require date parameter with custom period * Validate format of the `date` param with custom period * Return proper status codes for auth failures * Add breakdown endpoint * Fix pagination * Add API validations for breakdown call * Change the breakdown endpoint to return an object instead of an array * Remove change to aggregate call * Change timeseries call 2021-02-22 11:21:25 +03:00			`end`
			`end`

			`defp verify_access(_api_key, nil), do: {:error, :missing_site_id}`

			`defp verify_access(api_key, site_id) do`
Allow domain change (#2803) * Migration (PR: https://github.com/plausible/analytics/pull/2802) * Implement Site.Domain interface allowing change and expiry * Fixup seeds so they work with V2_MIGRATION_DONE=1 * Update Sites.Cache so it's capable of multi-keyed lookups * Implement worker handling domain change expiration * Implement domain change UI * Implement transition period for public APIs * Exclude v2 tests in primary test run * Update lib/plausible_web/controllers/site_controller.ex Co-authored-by: Vini Brasil <vini@hey.com> * Update lib/plausible_web/controllers/site_controller.ex Co-authored-by: Vini Brasil <vini@hey.com> * Update moduledoc * Update changelog * Remove remnant from previous implementation attempt * !fixup * !fixup * Implement domain change via Sites API cc @ukutaht * Update CHANGELOG * Credo * !fixup commit missing tests * Allow continuous domain change within the same site --------- Co-authored-by: Vini Brasil <vini@hey.com> 2023-04-04 11:55:12 +03:00			`domain_based_search =`
			`from s in Plausible.Site, where: s.domain == ^site_id or s.domain_changed_from == ^site_id`

			`case Repo.one(domain_based_search) do`
Block Stats API for locked sites (#2302) * Extract Sites.locked? predicate * Lock Stats API when dashboard is locked * Tidy tests * Don't pollute application env from tests * Add changelog entry * Revert "Add changelog entry" This reverts commit 76346074f936ca6d6b267f27d48e66dd53222a3a. 2022-10-04 15:34:45 +03:00			`%Plausible.Site{} = site ->`
			`is_member? = Sites.is_member?(api_key.user_id, site)`
			`is_super_admin? = Plausible.Auth.is_super_admin?(api_key.user_id)`

			`cond do`
Implement Stats API feature gate (#3411) * Include ApiKey functions in Auth context * Make feature notice work without %Site{} Previously the extra feature notice required a %Site{} in order to check the owner plan. However, not every feature is scoped by site, for example the Stats API. For features like this, a %User{} is required, and not a %Site{}. This commit replaces the `:site` param with `:billable_user`, which is common to both site and user-scoped features. * Add stats_api to the list of extra features * Limit API Key creation based on user plan 2023-10-11 23:24:16 +03:00			`is_super_admin? ->`
			`{:ok, site}`

			`Sites.locked?(site) ->`
			`{:error, :site_locked}`

			`Plausible.Billing.Feature.StatsAPI.check_availability(api_key.user) !== :ok ->`
			`{:error, :upgrade_required}`

			`is_member? ->`
			`{:ok, site}`

			`true ->`
			`{:error, :invalid_api_key}`
Block Stats API for locked sites (#2302) * Extract Sites.locked? predicate * Lock Stats API when dashboard is locked * Tidy tests * Don't pollute application env from tests * Add changelog entry * Revert "Add changelog entry" This reverts commit 76346074f936ca6d6b267f27d48e66dd53222a3a. 2022-10-04 15:34:45 +03:00			`end`
Api improvements (#723) * Require date parameter with custom period * Validate format of the `date` param with custom period * Return proper status codes for auth failures * Add breakdown endpoint * Fix pagination * Add API validations for breakdown call * Change the breakdown endpoint to return an object instead of an array * Remove change to aggregate call * Change timeseries call 2021-02-22 11:21:25 +03:00
Block Stats API for locked sites (#2302) * Extract Sites.locked? predicate * Lock Stats API when dashboard is locked * Tidy tests * Don't pollute application env from tests * Add changelog entry * Revert "Add changelog entry" This reverts commit 76346074f936ca6d6b267f27d48e66dd53222a3a. 2022-10-04 15:34:45 +03:00			`nil ->`
			`{:error, :invalid_api_key}`
Stats API (#679) * WIP * Add ability to filter by anything * Add API keys * Add version to api endpoint * Fix API test route * Fix API tests * Allow 'date' parameter in '6mo' and '12mo' * Rename session -> visit in API filters * Filter expressions in the API * Implement filters in aggregate call * Add `compare` option to aggregate call * Add way to manage API keys through the UI * Authenticate with API key * Use API key in tests 2021-02-05 12:23:30 +03:00			`end`
			`end`

			`defp get_bearer_token(conn) do`
			`authorization_header =`
			`Plug.Conn.get_req_header(conn, "authorization")`
			`\|> List.first()`

			`case authorization_header do`
Api improvements (#723) * Require date parameter with custom period * Validate format of the `date` param with custom period * Return proper status codes for auth failures * Add breakdown endpoint * Fix pagination * Add API validations for breakdown call * Change the breakdown endpoint to return an object instead of an array * Remove change to aggregate call * Change timeseries call 2021-02-22 11:21:25 +03:00			`"Bearer " <> token -> {:ok, String.trim(token)}`
			`_ -> {:error, :missing_api_key}`
Stats API (#679) * WIP * Add ability to filter by anything * Add API keys * Add version to api endpoint * Fix API test route * Fix API tests * Allow 'date' parameter in '6mo' and '12mo' * Rename session -> visit in API filters * Filter expressions in the API * Implement filters in aggregate call * Add `compare` option to aggregate call * Add way to manage API keys through the UI * Authenticate with API key * Use API key in tests 2021-02-05 12:23:30 +03:00			`end`
			`end`
Add rate limit to API requests 2021-05-25 11:58:49 +03:00
			`@one_hour 60 * 60 * 1000`
			`defp check_api_key_rate_limit(api_key) do`
rm Hammer (#3571) 2023-12-06 17:07:37 +03:00			`case RateLimit.check_rate(`
			`"api_request:#{api_key.id}",`
			`@one_hour,`
			`api_key.hourly_request_limit`
			`) do`
Add rate limit to API requests 2021-05-25 11:58:49 +03:00			`{:allow, _} -> :ok`
			`{:deny, _} -> {:error, :rate_limit, api_key.hourly_request_limit}`
			`end`
			`end`
Stats API (#679) * WIP * Add ability to filter by anything * Add API keys * Add version to api endpoint * Fix API test route * Fix API tests * Allow 'date' parameter in '6mo' and '12mo' * Rename session -> visit in API filters * Filter expressions in the API * Implement filters in aggregate call * Add `compare` option to aggregate call * Add way to manage API keys through the UI * Authenticate with API key * Use API key in tests 2021-02-05 12:23:30 +03:00			`end`