Commit Graph

60 Commits

Author SHA1 Message Date
RobertJoonas
8616dd46fb
added file-downloads script extension (#1775)
* added file-downloads script extension

* fixed the issues and made it compatible with IE

* changelog update
2022-03-31 13:52:09 +03:00
RobertJoonas
6b22806e1f
Allow admin access to locked dashboards (#1710)
* added super-admin access to locked dashboards

* fixed formatting
2022-02-23 13:48:33 -06:00
Uku Taht
d1fe1f7e41 Cache the tracking script for 24 hours 2022-01-24 16:01:30 -06:00
Uku Taht
7e93500834 Allow admins to access the stats API 2021-11-25 15:32:01 +02:00
Uku Taht
23a4f37ab4 Add 'manual' script variant 2021-10-10 13:07:37 +02:00
Uku Taht
a7fd23a804 Revert "Reduce database roundtrips on critical path for authorization"
This reverts commit 71d1988ee8.
2021-09-30 09:45:58 +02:00
Uku Taht
71d1988ee8 Reduce database roundtrips on critical path for authorization 2021-09-24 23:04:26 +02:00
Uku Taht
27abbc8ebb Add script alias to the filename 2021-09-23 11:57:48 +02:00
Uku Taht
7af62e2cc4 Prevent MIME sniffing for tracker JS
Fixes #1247
2021-09-23 11:33:42 +02:00
Martin DONADIEU
56b485f2e6
feat: add variant local (#1218)
* Update plausible.js

* feat: add new variant

* feat: add allow-localhost

* Update tracker.ex

* Update compile.js

* Update plausible.js

* Update tracker.ex

* Update compile.js

* Update plausible.js
2021-08-13 15:13:25 +03:00
Uku Taht
7e78157c4b
Merge branch 'master' into stats-module 2021-08-04 16:11:40 +03:00
Uku Taht
6758931431 Add plug for source favicons 2021-08-04 12:01:50 +03:00
Uku Taht
369f63bc58 Adds an option to rename the script file 2021-07-23 15:17:32 +03:00
Uku Taht
adf9c1acfb Add access-control-allow-origin to script HTTP response 2021-06-29 15:33:13 +03:00
Uku Taht
a378935aac Add IE11 compatibility mode 2021-06-17 10:55:45 +03:00
Uku Taht
18ddf9dd9d Admin access 2021-06-16 15:33:37 +03:00
Uku Taht
62dfb43f10 Admin access 2021-06-16 15:18:25 +03:00
Uku Taht
e71de6dc1f
Invitations (#1122)
* Invite existing user to a site

* Add invitation flow for non-existing users

* Accept and reject invitations

* Use invitation flow for existing users

* Locking mechanism for sites

* Authorization for site settings

* Show usage based on site ownership

* Add ability to remove members from a site

* Do not show settings link to viewer roles

* Ability to remove invitations

* Remove `Plausible.Sites.count_for/1`

* Fix tests

* Do not show the trial banner after the trial

* Correct trial emails

* Transfer ownership

* Send invitation email to existing user

* Add invitation email flows

* Add plug for role-based authorization

* Rename AuthorizeStatsPlug -> AuthorizeSiteAccess

* Add email flow for ownership transfer

* Fix URLs in emails

* Fix small copy issues

* Make 'People' its own section in site settings

* Notify user via email if their access has been removed

* Check site lock status when invitation is accepted

* Check lock status when user subscribes

* Make sure only admins and owners can create shared links

* Changelog

* Add LockSites to daily cron

* Clean invitations after 48 hours

* Add notices about expiry

* Add invitation expired page

* Add doc link
2021-06-16 15:00:07 +03:00
Uku Taht
d03b31450f Removes cache-control header from tracker file 2021-05-28 11:20:48 +03:00
Uku Taht
1a93542cd7 Add rate limit to API requests 2021-05-25 11:58:49 +03:00
Uku Taht
e80fc7bb8e
Tracker script improvements (#1048)
* Use `document.currentScript` to get script host

* Add data-api
2021-05-18 15:24:45 +03:00
Vignesh Joglekar
7f3e55418b
Changes from static tracker script name assignments to dynamic (#786)
Co-authored-by: Uku Taht <Uku.taht@gmail.com>
2021-05-18 11:36:12 +03:00
Uku Taht
119b9514b2 Add limit of 20 sites 2021-05-05 10:30:05 +03:00
Uku Taht
7982c236c1 Better Sentry tracking 2021-04-23 11:56:41 +03:00
Uku Taht
70f0657327 Update shared link API 2021-04-15 11:38:44 +03:00
Uku Taht
d473accf40 Add API key scopes 2021-04-14 11:45:45 +03:00
Uku Taht
3ed964b45b Add API endpoints for site and shared link creation 2021-04-14 11:45:45 +03:00
Uku Taht
c97043e191 Add ability to delete account and start over in activate flow
Fixes #581
2021-04-01 10:43:32 +03:00
Uku Taht
e315d0cf38
Fix shared link download link (#884)
* Fix shared link download link

* Add test and changelog entry

* Format
2021-03-26 13:48:06 +02:00
Uku Taht
cda031d453
Bookmarkable shared links (#752)
* Implement shared links with a static URL

* Separate sessio cookie from shared link cookie
2021-03-02 11:15:43 +02:00
Uku Taht
a29ac44434
Api improvements (#723)
* Require date parameter with custom period

* Validate format of the `date` param with custom period

* Return proper status codes for auth failures

* Add breakdown endpoint

* Fix pagination

* Add API validations for breakdown call

* Change the breakdown endpoint to return an object instead of an array

* Remove change to aggregate call

* Change timeseries call
2021-02-22 10:21:25 +02:00
Uku Taht
5acb5b7039
Stats API (#679)
* WIP

* Add ability to filter by anything

* Add API keys

* Add version to api endpoint

* Fix API test route

* Fix API tests

* Allow 'date' parameter in '6mo' and '12mo'

* Rename session -> visit in API filters

* Filter expressions in the API

* Implement filters in aggregate call

* Add `compare` option to aggregate call

* Add way to manage API keys through the UI

* Authenticate with API key

* Use API key in tests
2021-02-05 11:23:30 +02:00
Jon Uhlmann
8516e2c458
Fix: Re-add hash and outbound-links only options 2021-01-26 11:39:43 +01:00
Vignesh Joglekar
fb7a3fef89
Adds data-exclude support and localStorage.plausible_ignore support (#489)
* Adds data-exclude support and plausible_ignore support

* Splits exclusion into separate script option

* localStorage parsing upgrades

* Additional script type additions

I'm unsure about the formatting decision in tracker.ex - lmk.

* Adds new compiled files

This will certainly have conflicts with my other PRs related to the tracking scripts right now, I'll make one extra PR after both are done to ensure they're consolidated into the compiled scripts.

* Moves localStorage blocker out of special script

* Changelog

* Second thoughts on localStorage exclusion

* Updates `*` to not match `/` or whitespace

* Fix formatting

* Removes zero-length asterisks

* Adds support for double glob, zero-length replacements

* Update to reduce size+allow localStorage exclude

Co-authored-by: Uku Taht <Uku.taht@gmail.com>
2021-01-22 13:32:40 +02:00
Uku Taht
97df923c7f Do not allow logged out users to access crm 2021-01-07 16:53:29 +02:00
Oliver Kriska
ae42b86792
Dialyzer and Credo checks (#558)
* Checks

 - added Dialyzer
 - fixed Dialyzer errors
 - added Dialyzer check to GitHub Actions with cache
 - added Credo
 - fixed Credo Warnings
 - added Credo Warnings check to GitHub Actions with cache
 - added compile warnings check to GitHub Actions
 - reformated GitHub Actions YAML

* Dialyzer

 - allow it in test env

* Dialyzer

 - fixed test env
 - renamed GitHub actions steps

* AppSignal

 - upgraded deprecated version
 - Upgraded:
  appsignal 2.0.5 => 2.0.7
  certifi 2.5.2 => 2.5.3
  hackney 1.16.0 => 1.17.0
  idna 6.0.1 => 6.1.1
  parse_trans 3.3.0 => 3.3.1
  unicode_util_compat 0.5.0 => 0.7.0 (minor)

* Credo

 - fixed CRM plug
2021-01-07 15:16:04 +02:00
Uku Taht
650378f367
Add CRM for admin emails (#557) 2021-01-07 10:42:45 +02:00
Uku Taht
81c12884cd
Add elixir action (#526)
* Add elixir action

* Format the codebase

* Add postgresql

* Postgres config

* Run postgres on localhost

* Add clickhouse to CI
2020-12-29 15:17:27 +02:00
Uku Taht
b7827fee6a Increase postmark timeout 2020-12-22 15:50:25 +02:00
Vignesh Joglekar
e98558fc2d
Extends "logged_in" cookie to 5000 years (#485) 2020-12-17 11:24:02 +02:00
Uku Taht
aa7ae87811
Onboarding UX improvements (#441)
* WIP

* Actually activate the user

* Send email verification codes

* Send activation code with email

* Only show onboarding steps during first site creation

* Add worker to config

* Consistent form styles

* Send welcome email when user activates account

* Add changelog entry

* Use https in new site form

* Correct spelling in email
2020-12-15 11:30:45 +02:00
Uku Taht
00d39c5c13 Halt when redirecting to settings 2020-11-26 16:01:14 +02:00
Guido Zuidhof
2b1dcd99d3
Add Cross-Origin-Resource-Policy header to script
Hey Plausible devs,

I am trying to embed the `plausible.js` onto a page that has the [`require-corp`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy) header set, which means that for every resource that is loaded they must be clearly marked as cross-origin OK.

The tracker script response currently doesn't have that header set, so I can't load it right now. This would solve that.
2020-11-18 07:30:43 +01:00
Uku Taht
7685239204 Fix tracker plug configuration 2020-11-03 11:35:08 +02:00
Uku Taht
0a7684f3bc Mix format 2020-11-03 11:20:11 +02:00
Uku Taht
f0cbf33d7c
Add tracker feature to automatically track outbound links (#389)
* Add tracker feature to automatically track outbound links

* Precompute templates and allow aliases

* Fix /js/analytics.js

* Remove change to tracking code

* Update CHANGELOG
2020-11-03 11:09:50 +02:00
Preslav Rachev
431c02ad58
#332: Refactor stats controller (#337)
* #332: Refactor stats controller

* Simplify the conditional logic
2020-10-02 12:02:32 +03:00
Uku Taht
74b74a271e Fix configuration for firewall 2020-08-11 13:52:03 +03:00
Uku Taht
3a1c9e67cd Add ability to block certain IP addresses 2020-08-11 11:04:26 +03:00
Chandra Tungathurthi
f7b37fe9ea
Selhosted version Improvements and additional features (#209)
* first commit with test and compile job

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* adding 'prepare' stage

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* updated ci script to include "test" compile phase

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* adding environment variables for connecting to postgresql

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* updated ci config for postgres

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* using non-alpine version of elixir

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* re-using the 'compile' artifacts and added explict env variables for testing

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* removing redundant deps fetching from common code

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* formatting using mix.format -- beware no-code changes!

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* added release config

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* adding consistent env variable for Database

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* more cleaning up of environment variables

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* Adding releases config for enabling releases

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* cleaning up env configs

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* Cleaned up config and prepared config for releases

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* updated CI script with new config for test

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* Added Dockerfile for creating production docker image

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* Adding "docker" build job yay!

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* using non-slim version of debian and installing webpack

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* Adding overlays for migrations on releases

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* restricting the docker built to master branch only

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* typo fix

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* adding "Hosting.md" to explain hosting instructions

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* removed the default comments

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* Added documentation related to env variables

* updated documentation and fixed typo

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* updated documentation

* Bumping up elixir version as `overlays` are only supported in latest version

read release notes: https://github.com/elixir-lang/elixir/releases/tag/v1.10.0

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* Adding tarball assembly during release

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* updated HOSTING.md

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* Added support for db migration

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* minor corrections

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* initializing admin user

Admin user has been added in the "migration" phase. A default user is automatically created in the process. One can provide the related env variables, else a new one will be automatically created for you.

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* Initial base domain update - phase#1

These changes are only meant for correct operating it under self-hosting. There are many other cosmetic changes, that require updates to email, site and other places where the original website and author is used.

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* Using dedicated config variable `base_domain` instead

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* adding base_domain to releases config

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* removing the dedicated config "base_domain", relying on endpoint host

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* Removed the usage of "Mix" in code!

It is bad practice to use "mix" module inside the code as in actual release this module is unavailable. Replacing this with a config environment variable

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* Added support for SMTP via Bamboo Smtp Adapter

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* Capturing SMTP errors via Sentry

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* Minor updates

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* Adding junit formatter -- useful for generating test reports

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* adding documentation for default user

* Resolve "Gitlab Adoption: Add supported services in "Security & Compliance""

* bumping up the debian version to fix issues

fixing some vulnerabilities identified by the scanning tools

* More updates for self-hosting

Changes in most of the places to suit self-hosting. Although, there are some which have been left-off.

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* quick-dirty-fix!

* bumping up the db connect timeout

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* bumping up the db connect timeout

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* bumping up the db connect timeout

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* bumping up timeout - skipping MRs :-/

* removing restrictions on watching for changes

this stuff isn't working

* Update HOSTING.md

* renamed the module name

* reverting formatting-whitespace changes

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* reverting the name to release

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* adding docker-compose.yml and related instructions

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* using `plausible_url` instead of assuming `https`

this is because, it is much to test in local dev machines and in most cases there's already a layer above which is capable for `https` termination and http -> https upgrade

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* WIP: merging changes from upstream

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* wip: more changes

* Pushing in changes from upstream

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* changes to ci for testing

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* cleaning up and finishing clickhouse integration

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* updating readme with hosting details

* removing deleted files from upstream

* minor config adjustments

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* formatting changes

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* changing the connection strategy for clickhouse during release

since clickhouse integration doesn't have an ecto support, we need to prepare the db _before_ the clickhouse migration. One workaround is to connect to a default db on init and then create a db

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* formatting

* cleanup and added separated migration to setup

* Big improvements to selfhosting

- added ability for disabling
  - authentication completely
  - registration
  - landing page

- formatting cleanups

* Big improvements to selfhosting

- added ability for disabling
  - authentication completely
  - registration
  - landing page

- formatting cleanups

* changing smtp auth  to optional

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* removed stale templates and permanently removed landing page

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* removed stale templates and permanently removed landing page

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* removed stale templates and permanently removed landing page

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* WIP

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* fixes form upstream merge

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* added disabling subscription for selfhosted version

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* updated doc

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* formatting

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* Remove reference to file that doesn't exist

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* do not show direct traffic if there's no data

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* addressing PR comments

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>

* formatting

Signed-off-by: Chandra Tungathurthi <tckb@tgrthi.me>
2020-07-21 09:58:00 +03:00