After refactor, it turned out that when the _legacy_ session times out,
the conn is halted but no body is sent. This results in 500 error (`Plug.Conn.NotSentError`).
This PR fixes it by redirecting to login page.
* Turn `Plausible.Auth.UserSession` into full schema
* Implement token based sessions and use them as default
* Ignore expired user sessions during retrieval from DB
* Implement plug bumping user session last used and timeout timestamps
* Implement Oban worker removing expired user sessions with grace period
* Implement legacy session conversion on touch, when applicable
* Update `UserAuth` moduledoc
* Extend `UserAuth` tests to account for db-backed session tokens
* Update CHANGELOG
* Add tests for `UserSessionTouch` plug
* Add test for `CleanUserSessions` worker
* Add logging of legacy session retrievals
* Use single update permitting stale records when touching user session
* Don't fetch session and user for external API endpoints (/api/event too)
* Refactor `Users.with_subscription/1` and expose helper query
* Skip fetching session in legacy `SessionTimeoutPlug`
* Rely on user session assign from `AuthContext` in `SentryContext`
* Silence legacy session warnings in `UserSessionTouchTest`
* Rely on session assign from `AuthPlug` in `SuperAdminOnlyPlug`
* Change `UserAuth` to get session, user and last subscription in one go
* Avoid refetching user session in `AuthorizeSiteAccess` plug
* Fix code formatting
* Refactor `UserAuth.get_user_token/1` (h/t @aerosol)
* Remove bogus empty opts from `scope` declarations in router
* Only touch session once an hour and keep `user.last_seen` in sync
* Bring back logging of legacy token use
* Extract session management from AuthController
* Don't explicitly pass `current_user_id` to `live_render`'s session
* Add ability to retrieve session and user from token via `UserAuth`
* Always fetch current user (or just id) via `UserAuth` API
* Introduce `UserSession` as an embedded schema for now
* Make `UserAuth.get_user/1` accept `UserSession` as an input
* Introduce LV auth context populating user data from session on mount
* Refactor `AuthPlug` and make it populate `current_user_session` as well
* Rely on authenticated user data provided by auth plug or LV context
* Make `Sites.get_for_user(!)` accept `User` struct as well
* Set `logged_in` cookie explicitly when it's out of sync with session
* Expand modules documentation a bit
* Improve and extend tests slightly
* Refactor and unify auth plugs for Stats and Sites APIs
* Expose get site Sites API endpoint to all API keys
* Test the new plug
* Add test for endpoint with modified scope
* Fix typos
Co-authored-by: hq1 <hq@mtod.org>
* Rename plug for consistency (h/t @aerosol)
---------
Co-authored-by: hq1 <hq@mtod.org>
* Add `GET /capabilities` to Plugins API
It aims to:
- help the client verify the data-domain the token is associated with
- list all the features available for the site's owner
(and therefore determine availability of the subset of those for the current
Plugins API caller)
The endpoint does not require authentication, in the sense that it'll
always respond with 200 OK. However when the token is provided,
a verification lookup is made.
* Remove IO.inspect() call
* Credo
* Aesthetics
* s/send_resp/send_error/
* Call preload just once
* Disable super-admin checks on small build
* Mute a test writing to stdout
* Move sampling outside of small build
* Convert waiting_first_pageview to heex and stop relying on env vars
* Set site limit unlimited on small build
* Stop relying on app env to get trial expiry
* Remove custom domains - including migration
* Remove is_selfhosted from layout view
* Quota fixup
* Stop relying on app env for self hosted registration
* Stop relying on app env for pass reset success
* Apply on_trial? check only on full build
* Update templates relying on app env
* Adjusts auth controller tests for small build
* Trial fixup
* Fixup
* Stop relying on app env
* Rest of the fsckn owl
* Update typespecs
* Fix dialyzer warning
* Remove unused module
* Credo + format
* GeoIP is not, for full build
* Use `small_build?()` where applicable
* Implement bypassing FirstLaunchPlug without insertions
* Get Marko's patch de58a18a85
* Test is-dbip=false presence
* Fix typespec
* Remove future hardcodes
* Handle `nil` from `Plausible.Geo.database_type()`
* Remove XXX marker
* Use one typespec for two clauses
* Introduce `MIX_ENV=small_dev`
* Revert "Use one typespec for two clauses"
This reverts commit 8d8cd21764.
* Migration: track last seen usage for Plugins API Tokens
* Track and interpret Token.last_seen_at
* Display last used
* Order tokens by inserted date, rather than UUID :clown:
* s/Last seen/Last used in the UI
* Test for "Last used" column presence
* Fix table layout for very long descriptions
* Update lib/plausible/plugins/api/tokens.ex
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Update lib/plausible/plugins/api/token.ex
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Update test/plausible/plugins/api/token_test.exs
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* s/last_seen_at/last_used_at
* Update lib/plausible_web/live/plugins/api/settings.ex
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* fixup
* Document reasoning behind 5m windows
* s/last_seen/last_used
* Mute credo
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Implement Plugins API Token schema
* Work with domain change grace period
* Do not cast internal data, extend schema with hints
* Implement Plugins API authorization
* Test no authorization header passed
* Preload authorized site
* Fixup typespecs
* Add noindex,nofollow to dashboard pages
* Implement NoRobots plug
* Enable NoRobots plug in the router
* Fixup internal route
* Fix double slash in the router
* Add special bot treatment to plausible.io live demo page
* Revert aggressive protection with agent detection
* Escape domain when constructing favicon URL
A domain may include a slash, and in that case the domain must be
escaped, before it is used as an attribute for the image tag.
* match with 'conn.request_path' instead + test
---------
Co-authored-by: Robert Joonas <robertjoonas16@gmail.com>
* Set pg pool size for MIX_ENV=test
* Include slow tests in CI run
* Exclude slow tests by default
* Mark tests slow/async where applicable
* Restructure captcha mocks
* Revert async where env is relied upon
* Add --max-failures=1 to CI run
* Set warnings as errors
* Disable async where various mocks are used
* Revert "Disable async where various mocks are used"
This reverts commit 2446b72a29.
* Disable async for test using vcr
* Make TestUtils module available in all tests
* Add macros patching the application env in tests
Unfortunately a lot of existing functionality relies on
certain application env setup. This isn't ideal because
the app config is a shared state that prevents us from
running the tests in parallel.
Those macros encapsulate setting up new env for test purposes
and make sure the changes are reverted when the test finishes.
* Allow passing request opts to HTTPClient.post/4
We need this to swap custom request building in
Google Analytics import.
* Unify errors when listing sites
* React: propagate backend error messages if available
* React: catch API errors in Search Terms component
* Propagate google API errors on referrer drilldown
* Handle verified properties errors in SC settings
* Add missing tests for SC settings controller
* Unify errors for fetching search analytics queries (list stats)
* Unify errors refreshing Google Auth Token
* Test fetch_stats/3 errors and replace Double with Mox
* Fixup makrup
* s/class/className
* Simplify Search Terms display in case of errors
* Fix warnings
* remove tracker files from git index
* generate tracker files on npm test
* generate tracker files for elixir tests/dev/CI
* update tracker/package-lock.json
* exclude npm run deploy from mix test + some docs
* Overrides content-type for SVG favicons
* Organize favicon rendering
Make sure the placeholder icon is always requested from
/favicon/sources/placeholder
* Run prettier on site-switcher.js
* Yak Shave: upgrade Heroicons to 2.0
* Use HeroIcons instead of custom svg
* Update lib/plausible_web/plugs/favicon.ex
Co-authored-by: Adam Rutkowski <hq@mtod.org>
Co-authored-by: Adam Rutkowski <hq@mtod.org>
* first commit with test and compile job
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* adding 'prepare' stage
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* updated ci script to include "test" compile phase
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* adding environment variables for connecting to postgresql
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* updated ci config for postgres
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* using non-alpine version of elixir
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* re-using the 'compile' artifacts and added explict env variables for testing
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* removing redundant deps fetching from common code
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* formatting using mix.format -- beware no-code changes!
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* added release config
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* adding consistent env variable for Database
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* more cleaning up of environment variables
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Adding releases config for enabling releases
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* cleaning up env configs
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Cleaned up config and prepared config for releases
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* updated CI script with new config for test
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Added Dockerfile for creating production docker image
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Adding "docker" build job yay!
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* using non-slim version of debian and installing webpack
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Adding overlays for migrations on releases
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* restricting the docker built to master branch only
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* typo fix
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* adding "Hosting.md" to explain hosting instructions
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* removed the default comments
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Added documentation related to env variables
* updated documentation and fixed typo
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* updated documentation
* Bumping up elixir version as `overlays` are only supported in latest version
read release notes: https://github.com/elixir-lang/elixir/releases/tag/v1.10.0
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Adding tarball assembly during release
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* updated HOSTING.md
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Added support for db migration
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* minor corrections
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* initializing admin user
Admin user has been added in the "migration" phase. A default user is automatically created in the process. One can provide the related env variables, else a new one will be automatically created for you.
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Initial base domain update - phase#1
These changes are only meant for correct operating it under self-hosting. There are many other cosmetic changes, that require updates to email, site and other places where the original website and author is used.
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Using dedicated config variable `base_domain` instead
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* adding base_domain to releases config
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* removing the dedicated config "base_domain", relying on endpoint host
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Removed the usage of "Mix" in code!
It is bad practice to use "mix" module inside the code as in actual release this module is unavailable. Replacing this with a config environment variable
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Added support for SMTP via Bamboo Smtp Adapter
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Capturing SMTP errors via Sentry
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Minor updates
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Adding junit formatter -- useful for generating test reports
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* adding documentation for default user
* Resolve "Gitlab Adoption: Add supported services in "Security & Compliance""
* bumping up the debian version to fix issues
fixing some vulnerabilities identified by the scanning tools
* More updates for self-hosting
Changes in most of the places to suit self-hosting. Although, there are some which have been left-off.
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* quick-dirty-fix!
* bumping up the db connect timeout
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* bumping up the db connect timeout
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* bumping up the db connect timeout
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* bumping up timeout - skipping MRs :-/
* removing restrictions on watching for changes
this stuff isn't working
* Update HOSTING.md
* renamed the module name
* reverting formatting-whitespace changes
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* reverting the name to release
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* adding docker-compose.yml and related instructions
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* using `plausible_url` instead of assuming `https`
this is because, it is much to test in local dev machines and in most cases there's already a layer above which is capable for `https` termination and http -> https upgrade
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* WIP: merging changes from upstream
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* wip: more changes
* Pushing in changes from upstream
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* changes to ci for testing
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* cleaning up and finishing clickhouse integration
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* updating readme with hosting details
* removing deleted files from upstream
* minor config adjustments
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* formatting changes
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* changing the connection strategy for clickhouse during release
since clickhouse integration doesn't have an ecto support, we need to prepare the db _before_ the clickhouse migration. One workaround is to connect to a default db on init and then create a db
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* formatting
* cleanup and added separated migration to setup
* Big improvements to selfhosting
- added ability for disabling
- authentication completely
- registration
- landing page
- formatting cleanups
* Big improvements to selfhosting
- added ability for disabling
- authentication completely
- registration
- landing page
- formatting cleanups
* changing smtp auth to optional
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* removed stale templates and permanently removed landing page
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* removed stale templates and permanently removed landing page
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* removed stale templates and permanently removed landing page
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* WIP
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* fixes form upstream merge
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* added disabling subscription for selfhosted version
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* updated doc
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* formatting
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Remove reference to file that doesn't exist
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* do not show direct traffic if there's no data
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* addressing PR comments
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* formatting
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Show past due subscription in user settings
* Users who are past due keep their access
* Add more info in the past due banner
* Show cancelled subscription plan
* Add init admin back into test suite
* Make sure users have access to their stats until the end of billing
cycle
* Fix free subscription bug
* Ensure the latest subscription is loaded
* first commit with test and compile job
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* adding 'prepare' stage
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* updated ci script to include "test" compile phase
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* adding environment variables for connecting to postgresql
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* updated ci config for postgres
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* using non-alpine version of elixir
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* re-using the 'compile' artifacts and added explict env variables for testing
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* removing redundant deps fetching from common code
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* formatting using mix.format -- beware no-code changes!
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* added release config
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* adding consistent env variable for Database
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* more cleaning up of environment variables
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Adding releases config for enabling releases
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* cleaning up env configs
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Cleaned up config and prepared config for releases
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* updated CI script with new config for test
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Added Dockerfile for creating production docker image
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Adding "docker" build job yay!
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* using non-slim version of debian and installing webpack
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Adding overlays for migrations on releases
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* restricting the docker built to master branch only
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* typo fix
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* adding "Hosting.md" to explain hosting instructions
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* removed the default comments
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Added documentation related to env variables
* updated documentation and fixed typo
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* updated documentation
* Bumping up elixir version as `overlays` are only supported in latest version
read release notes: https://github.com/elixir-lang/elixir/releases/tag/v1.10.0
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Adding tarball assembly during release
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* updated HOSTING.md
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Added support for db migration
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* minor corrections
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* initializing admin user
Admin user has been added in the "migration" phase. A default user is automatically created in the process. One can provide the related env variables, else a new one will be automatically created for you.
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Initial base domain update - phase#1
These changes are only meant for correct operating it under self-hosting. There are many other cosmetic changes, that require updates to email, site and other places where the original website and author is used.
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Using dedicated config variable `base_domain` instead
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* adding base_domain to releases config
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* removing the dedicated config "base_domain", relying on endpoint host
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Removed the usage of "Mix" in code!
It is bad practice to use "mix" module inside the code as in actual release this module is unavailable. Replacing this with a config environment variable
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Added support for SMTP via Bamboo Smtp Adapter
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Capturing SMTP errors via Sentry
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Minor updates
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* Adding junit formatter -- useful for generating test reports
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* adding documentation for default user
* Resolve "Gitlab Adoption: Add supported services in "Security & Compliance""
* bumping up the debian version to fix issues
fixing some vulnerabilities identified by the scanning tools
* More updates for self-hosting
Changes in most of the places to suit self-hosting. Although, there are some which have been left-off.
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* quick-dirty-fix!
* bumping up the db connect timeout
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* bumping up the db connect timeout
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* bumping up the db connect timeout
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* bumping up timeout - skipping MRs :-/
* removing restrictions on watching for changes
this stuff isn't working
* Update HOSTING.md
* renamed the module name
* reverting formatting-whitespace changes
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* reverting the name to release
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* adding docker-compose.yml and related instructions
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* using `plausible_url` instead of assuming `https`
this is because, it is much to test in local dev machines and in most cases there's already a layer above which is capable for `https` termination and http -> https upgrade
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* WIP: merging changes from upstream
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* wip: more changes
* Pushing in changes from upstream
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* changes to ci for testing
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* cleaning up and finishing clickhouse integration
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* updating readme with hosting details
* removing deleted files from upstream
* minor config adjustments
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
* formatting changes
Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
