Commit Graph

109 Commits

Author SHA1 Message Date
Adrian Gruntkowski
790984e1ad
Refactor Sites and Stats API authorization logic (#4297)
* Refactor and unify auth plugs for Stats and Sites APIs

* Expose get site Sites API endpoint to all API keys

* Test the new plug

* Add test for endpoint with modified scope

* Fix typos

Co-authored-by: hq1 <hq@mtod.org>

* Rename plug for consistency (h/t @aerosol)

---------

Co-authored-by: hq1 <hq@mtod.org>
2024-07-02 15:09:23 +02:00
Adrian Gruntkowski
d7ca8d9600
Revert "Debug queries for super-admins (#4010)" (#4073)
This reverts commit dd493fdad2.
2024-05-06 15:05:17 +02:00
hq1
dd493fdad2
Debug queries for super-admins (#4010)
* Debug queries for super-admins

* Fixup

* Update lib/plausible/clickhouse_repo.ex

Co-authored-by: ruslandoga <doga.ruslan@gmail.com>

* Try again with https://github.com/plausible/analytics/pull/3699

It's still clunky 😅

Co-authored-by: Karl-Aksel Puulmann <macobo@users.noreply.github.com>
Co-authored-by: ruslandoga <doga.ruslan@gmail.com>

* Move headers injection to a separate plug module

* Add tests

* Update repo test

* Format

* Add moduledoc

* Don't assume order in query_log

* Be patient about query_log maybe?

* huh?

* huh2

* Wait longer

* Guard against \x00 in response header - testing on stage

* Fixup

* fixup

* fixup

* s/debug_label/label

* Include `site_id` and `metadata` in `log_comment`

* Tolerate non-serializable log_comment contents

---------

Co-authored-by: ruslandoga <doga.ruslan@gmail.com>
Co-authored-by: Karl-Aksel Puulmann <macobo@users.noreply.github.com>
2024-04-30 09:57:28 +02:00
hq1
6035618213
Add GET /capabilities to Plugins API (#3808)
* Add `GET /capabilities` to Plugins API

It aims to:

 - help the client verify the data-domain the token is associated with
 - list all the features available for the site's owner
   (and therefore determine availability of the subset of those for the current
   Plugins API caller)

The endpoint does not require authentication, in the sense that it'll
always respond with 200 OK. However when the token is provided,
a verification lookup is made.

* Remove IO.inspect() call

* Credo

* Aesthetics

* s/send_resp/send_error/

* Call preload just once
2024-02-21 12:41:56 +01:00
Adrian Gruntkowski
f8b4d5066a
Add multiple imports per site (#3724)
* Clean up references to no longer active `google_analytics_imports` Oban queue

* Stub CSV importer

* Add SiteImport schema

* Rename `Plausible.Imported` module file to match module name

* Add `import_id` column to `Imported.*` CH schemas

* Implement Importer behavior and manage imports state using new entities

* Implement importer callbacks and maintain site.imported_data for UA

* Keep imports in sync when forgetting all imports

* Scope imported data queries to completed import IDs

* Mark newly imported data with respective import ID

* Clean up Importer implementation a bit

* Test querying legacy and new imported data

* Send Oban notifications on import worker failure too

* Fix checking for forgettable imports and remove redundant function

* Fix UA integration test

* Change site import source to atom enum and add source label

* Add typespecs and reduce repetition in `Plausible.Imported`

* Improve documentation and typespecs

* Add test for purging particular import

* Switch email notification templates depending on import source

* Document running import synchronously

* Fix UA importer args parsing and ensure it's covered by tests

* Clear `site.stats_start_date` on complete import to force recalculation

* Test Oban notifications (h/t @ruslandoga)

* Purge stats on import failure right away to reduce a chance of leaving debris behind

* Fix typos

Co-authored-by: hq1 <hq@mtod.org>

* Fix another typo

* Refactor fetching earliest import and earliest stats start date

* Use `Date.after?` instead of `Timex.after?`

* Cache import data in site virtual fields and limit queried imports to 5

* Ensure always current `stats_start_date` is used

* Work around broken typespec in Timex

* Make `SiteController.forget_imported` action idempotent

* Discard irrecoverably failed import tasks

* Use macros for site import statuses

There's also a fix ensuring only complete imports are considered
where relevant - couldn't isolate it as it was in a common hunk

* Use `import_id` as worker job uniqueness criterion

* Do not load imported stats data in plugins API context

---------

Co-authored-by: hq1 <hq@mtod.org>
2024-02-14 09:32:36 +01:00
RobertJoonas
51f0e406a0
improve stats api upgrade required error message (#3747) 2024-02-01 17:00:09 +00:00
hq1
c1a1d697a4
Partially revert #3661 - just keep the real errors wrapped, but don't display anything to the user (#3677)
* Revert "Remove unused RocketIcon"

This reverts commit c5e8d0c172.

* Revert "Display either hash or actual error message"

This reverts commit 0c091ab35f.

* Revert "Use ApiErrorNotice in funnels"

This reverts commit 5929de248e.

* Revert "Don't render "No data yet" when there's a NetworkError for example"

This reverts commit 70bee07632.

* Revert "Show the sinking shuttle notice whenever an API error occurs"

This reverts commit 9a62c8af2b.

* Revert "Add Hahash dependency"

This reverts commit b94207ea0a.

* Remove support hash
2024-01-09 17:17:42 +01:00
hq1
dc8210dd84
Use tags rather than context to annotate support hashes in Sentry (#3668) 2024-01-04 15:24:09 +01:00
hq1
4569ac09c1
Don't leak internal server errors, use support hash (#3661)
* Add Hahash dependency

* Don't leak internal server error details to the user

* Show the sinking shuttle notice whenever an API error occurs

* Don't render "No data yet" when there's a NetworkError for example

* Use ApiErrorNotice in funnels

* Display either hash or actual error message

The reason "internal-server-error" doesn't work well as a fallback
hash is that e.g. `NetworkError when attempting to fetch resource`
might be completely at client's fault. In such cases it's better
to display the whole thing still.

* Remove unused RocketIcon
2024-01-04 10:13:37 +01:00
ruslandoga
0eedf9aa98
rm Hammer (#3571) 2023-12-06 15:07:37 +01:00
hq1
a4b9c3b8ba
Remove custom domains support + update build options (#3559)
* Disable super-admin checks on small build

* Mute a test writing to stdout

* Move sampling outside of small build

* Convert waiting_first_pageview to heex and stop relying on env vars

* Set site limit unlimited on small build

* Stop relying on app env to get trial expiry

* Remove custom domains - including migration

* Remove is_selfhosted from layout view

* Quota fixup

* Stop relying on app env for self hosted registration

* Stop relying on app env for pass reset success

* Apply on_trial? check only on full build

* Update templates relying on app env

* Adjusts auth controller tests for small build

* Trial fixup

* Fixup

* Stop relying on app env

* Rest of the fsckn owl

* Update typespecs

* Fix dialyzer warning

* Remove unused module

* Credo + format

* GeoIP is not, for full build

* Use `small_build?()` where applicable

* Implement bypassing FirstLaunchPlug without insertions

* Get Marko's patch de58a18a85

* Test is-dbip=false presence

* Fix typespec

* Remove future hardcodes

* Handle `nil` from `Plausible.Geo.database_type()`

* Remove XXX marker

* Use one typespec for two clauses

* Introduce `MIX_ENV=small_dev`

* Revert "Use one typespec for two clauses"

This reverts commit 8d8cd21764.
2023-11-29 11:04:54 +01:00
hq1
0f577a998c
Update credo config + extras (#3547)
* Disable CyclomaticComplexity checks

* Move AuhtorizeSitesAPI plug under extra
2023-11-22 20:48:32 +01:00
hq1
19b2239eb9
Track tokens usage (#3438)
* Migration: track last seen usage for Plugins API Tokens

* Track and interpret Token.last_seen_at

* Display last used

* Order tokens by inserted date, rather than UUID :clown:

* s/Last seen/Last used in the UI

* Test for "Last used" column presence

* Fix table layout for very long descriptions

* Update lib/plausible/plugins/api/tokens.ex

Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>

* Update lib/plausible/plugins/api/token.ex

Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>

* Update test/plausible/plugins/api/token_test.exs

Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>

* s/last_seen_at/last_used_at

* Update lib/plausible_web/live/plugins/api/settings.ex

Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>

* fixup

* Document reasoning behind 5m windows

* s/last_seen/last_used

* Mute credo

---------

Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
2023-10-18 14:14:30 +02:00
Uku Taht
d7cd719d4f
Use default Phoenix.LiveView.Socket (#3404)
* Use default Phoenix.LiveView.Socket

* Pull socket definition highed in Endpoint config

* Simplify runtime plug session
2023-10-17 12:03:21 +03:00
hq1
99efb93082
No longer require domain to seek Plugins API Tokens (#3409)
* No longer require domain to seek Plugins API Tokens

* Accept raw token only
2023-10-16 13:22:09 +02:00
Vini Brasil
c0fe2a3996
Implement Stats API feature gate (#3411)
* Include ApiKey functions in Auth context

* Make feature notice work without %Site{}

Previously the extra feature notice required a %Site{} in order to check
the owner plan. However, not every feature is scoped by site, for
example the Stats API. For features like this, a %User{} is required,
and not a %Site{}.

This commit replaces the `:site` param with `:billable_user`, which is
common to both site and user-scoped features.

* Add stats_api to the list of extra features

* Limit API Key creation based on user plan
2023-10-11 17:24:16 -03:00
Adrian Gruntkowski
439c5014d4
Trigger email reverification on change (#3388)
* Implement PoC for email reverification flow on update

* Improve user settings form and email change validation

* Expose `previous_email` in Kaffy CRM

* Improve plugs setup and remove dead action from AuthController

* Fix seeds

* Extract predicate query functions from AuthController

* Add tests

* Update CHANGELOG.md

* Rename `has_any_sites?` to `Memberships.any?` and `has_any_memberships?`

* Improve flash message on cancelling email change

* Cover one more test case for email update
2023-10-11 10:25:00 +02:00
hq1
755345f4ba
Implement Plugins API authorization (#3373)
* Implement Plugins API Token schema

* Work with domain change grace period

* Do not cast internal data, extend schema with hints

* Implement Plugins API authorization

* Test no authorization header passed

* Preload authorized site

* Fixup typespecs
2023-09-26 13:13:08 +02:00
Adrian Gruntkowski
51c1138d0d
Implement better user password validation (#3344)
* Add zxcvbn dependency

* Change password length range requirement from 6-64 to 12-128

* Reimplement register form in LV

* Implement server-side check for password strength

* Add rudimentary strength meter

* Make password input with strength a separate component and improve it

* Fix existing tests to provide strong enough password

* Apply formatting

* Replace existing registration form with new one

* Hide built-in label in `.input` component when none provided

* Crop password to first 32 chars for analysis by zxcvbn

* Add tests for new form components

* Integrate hCaptcha into LV

* Fix existing AuthController tests

* Add tests for Live.RegisterForm

* Hide strength meter when password input is empty

* Randomize client IP in headers during tests to avoid hitting rate limit

* Apply auxilliary formatting fixes to AuthController

* Integrate registration from invitation into LV registration logic

* Fix existing password set and reset forms

* Make `password_length_hint` component more customizable

* Optimize `Auth.User.set_password/2`

* Remove unnecessary attribute from registration form

* Move password set and reset forms to LV

* Add tests for SetPasswordForm LV component

* Add tests for password checks in `Auth.User`

* Document code a bit

* Implement simpler approach to hCaptcha integration

* Update CHANGELOG.md

* Improve consistency of color scheme

* Introduce debounce across all text inputs in registration and password forms

* Fix email input background in register form

* Ensure only single error is rendered for empty password confirmation case

* Remove `/password` form entirely in favor of preferred password reset

* Remove unnecessary `router` option from `live_render` calls

* Make expensive assigns in LV with `assign_new` (h/t @aerosol)

* Accept passwords longer than 32 bytes uniformly as very strong

* Avoid displaying blank error side by side with weak password error

* Make register actions handle errors gracefully

* Render only a single piece of feedback to reduce noise

* Make register and password reset forms pw manager friendly (h/t @cnkk)

* Move registration forms to live routes

* Delete no longer used deadviews

* Adjust registration form in accordance to changes in #3290

* Reintroduce dogfood page path for invitation form from #3290

* Use alternative approach to submitting plausible metrics from LV form

* Rename metrics events and extend tests to account for them
2023-09-25 10:27:29 +02:00
hq1
b9fb6fd1a7
Revert "Revert "Reconfigure session cookie (#3274)" (#3284)" (#3285)
This reverts commit 65f7b4c5cc.
2023-08-22 08:18:08 +02:00
hq1
65f7b4c5cc
Revert "Reconfigure session cookie (#3274)" (#3284)
This reverts commit 63fabcbb5f.
2023-08-21 10:22:05 -03:00
hq1
63fabcbb5f
Reconfigure session cookie (#3274)
* Reconfigure session cookie

* Allow configure secure cookie (#3277)

* Update config/runtime.exs

Co-authored-by: ruslandoga <doga.ruslan@gmail.com>

* fix runtime conf

* Revert "fix runtime conf"

This reverts commit ff37e479e4.

* Revert "Update config/runtime.exs"

This reverts commit 5d9b310b02.

* Revert "Allow configure secure cookie (#3277)"

This reverts commit 7401a2ad3f.

* Read SECURE_COOKIE with defaults per cloud/selfhost

* Include environment in cookie name

* Remove redundant option

* Format

* s/Map.replace/Map.put

* up

* One more try

* Prevent browser refreshes on socket connection error

We'll keep the log and don't make the page look dumb
even if there's some misconfiguration going on.

---------

Co-authored-by: ruslandoga <doga.ruslan@gmail.com>
2023-08-21 11:47:11 +02:00
hq1
054d0655af
[pg migration] Delete account with multiple subscriptions (#3220)
* Migrate user deletion

So that subscriptions, google

* Make CRM deletion functional

* Preload subscriptions in an uniform manner
2023-08-02 13:45:49 +02:00
hq1
fea9bb32ee
Prevent robots from looking too much into public dashboards (#3118)
* Add noindex,nofollow to dashboard pages

* Implement NoRobots plug

* Enable NoRobots plug in the router

* Fixup internal route

* Fix double slash in the router

* Add special bot treatment to plausible.io live demo page

* Revert aggressive protection with agent detection
2023-07-11 10:47:03 +02:00
hq1
eb397a6c25
Dynamically set up session domain (#3089)
* Dynamically configure session domain

* Fix up error message in runtime config
2023-06-28 12:28:26 +02:00
Vini Brasil
8f6224b5de
Revenue tracking: goal conversions and tracker script (#3019)
* Add revenue average and total to Goal Conversions

* Add revenue option to tracker script

* Simplify revenue tracker script
2023-06-14 10:23:11 +01:00
Harry Vangberg
34a6b984c7
Escape domain when creating URL for favicon (#2942)
* Escape domain when constructing favicon URL

A domain may include a slash, and in that case the domain must be
escaped, before it is used as an attribute for the image tag.

* match with 'conn.request_path' instead + test

---------

Co-authored-by: Robert Joonas <robertjoonas16@gmail.com>
2023-05-19 13:26:13 +02:00
Marko Saric
586bbeb8ac
Adding a note to contact us for more API calls (#2858)
this should make it clearer to people that they can get more API capacity when they encounter the "Too many API requests" error
2023-04-18 16:38:32 +02:00
hq1
1d01328287
Allow domain change (#2803)
* Migration (PR: https://github.com/plausible/analytics/pull/2802)

* Implement Site.Domain interface allowing change and expiry

* Fixup seeds so they work with V2_MIGRATION_DONE=1

* Update Sites.Cache so it's capable of multi-keyed lookups

* Implement worker handling domain change expiration

* Implement domain change UI

* Implement transition period for public APIs

* Exclude v2 tests in primary test run

* Update lib/plausible_web/controllers/site_controller.ex

Co-authored-by: Vini Brasil <vini@hey.com>

* Update lib/plausible_web/controllers/site_controller.ex

Co-authored-by: Vini Brasil <vini@hey.com>

* Update moduledoc

* Update changelog

* Remove remnant from previous implementation attempt

* !fixup

* !fixup

* Implement domain change via Sites API

cc @ukutaht

* Update CHANGELOG

* Credo

* !fixup commit missing tests

* Allow continuous domain change within the same site

---------

Co-authored-by: Vini Brasil <vini@hey.com>
2023-04-04 10:55:12 +02:00
RobertJoonas
bc835895a2
Rename dimensions script to pageview-props (#2786)
* rename dimensions script to pageview-props

* commit mix.lock change
2023-03-27 17:50:15 +03:00
Adam
4b21b4e6d0
Remove Firewall plug; redundant at infra level (#2730)
* Remove Firewall plug; redundant at infra level

* Update changelog
2023-03-08 09:07:15 +01:00
Vini Brasil
9b32dace3e
Add Content-Security-Policy to favicon Plug (#2489) 2022-12-02 06:33:24 -03:00
RobertJoonas
135471c32e
Add tagged-events script extension (#2333)
Adds a new script extension that allows tracking interactions with specific HTML elements on a website. For example - to track link clicks on one specific `<a>` element, you can tag it like this:

```html
<a href=... class="plausible-event-name=<your_event_name>">
```

And you can also tag the link with custom property names and values:

```html
<a href=... class="plausible-event-name=<your_event_name> plausible-event-<your_custom_prop>=<your_value>">
```

Tagging a link as above will send a custom event with the given name and props, if a `click` or `auxclick` browser event happens, and targets the link element.

The tracking behavior is somewhat different based on the HTML element type:  

- `<a>` 
  - triggers on `click` and `auxclick` events
  - intercepts navigation based on the same rules as `outbound-links` and `file-downloads`
- `<form>`
  - triggers on `submit` event
  - always intercepts navigation (calls `form.submit()` after preventing default and sending the Plausible event)
- other (`<img>`, `<button>`, `<span>`, `<div>`, `<h2>`, etc ...)
  - triggers on `click` and `auxclick` events
  - does not prevent default to intercept possible navigation. Simply calls Plausible with the event name and props read from the element class list.
2022-11-21 16:17:44 +02:00
ruslandoga
0b7870dc4d
improve first launch experience for self-hosters (#2357)
* first launch

* dynamic children, wait for repo

* remove wait_for_repo and app env manipulations

* don't mention free trial in self-hosted pages

* add changelog

* assigns[:is_selfhost] -> @is_selfhost

* better changelog wording

* rm admin_user, admin_email, admin_pwd from app env

* rm DISABLE_AUTH

* redirect / to /login when not authenticated

* remove TODO

* Update lib/plausible_web/controllers/page_controller.ex

Co-authored-by: Uku Taht <Uku.taht@gmail.com>

* format

Co-authored-by: Uku Taht <Uku.taht@gmail.com>
2022-11-10 12:42:22 +01:00
Vinicius Brasil
9220d0034d
OpenTelemetry (OTEL) Implementation (#2317)
This pull request improves the current OpenTelemetry implementation. Currently only 1% of the spans are sent, due to the high volume of ingestion requests to /api/event. I enabled the 1% sampling to /api/event only, recording 100% of the other traces.
2022-10-18 12:11:30 -03:00
Adam Rutkowski
523b114682
Allow super-admin Stats API access for locked sites (#2308) 2022-10-05 12:04:37 +02:00
Adam Rutkowski
bf2b6880c5
Block Stats API for locked sites (#2302)
* Extract Sites.locked? predicate

* Lock Stats API when dashboard is locked

* Tidy tests

* Don't pollute application env from tests

* Add changelog entry

* Revert "Add changelog entry"

This reverts commit 76346074f9.
2022-10-04 15:34:45 +03:00
Uku Taht
0bc762bfdc
Fix svg favicons (#2295)
* Overrides content-type for SVG favicons

* Organize favicon rendering

Make sure the placeholder icon is always requested from
/favicon/sources/placeholder

* Run prettier on site-switcher.js

* Yak Shave: upgrade Heroicons to 2.0

* Use HeroIcons instead of custom svg

* Update lib/plausible_web/plugs/favicon.ex

Co-authored-by: Adam Rutkowski <hq@mtod.org>

Co-authored-by: Adam Rutkowski <hq@mtod.org>
2022-10-04 13:20:51 +03:00
Uku Taht
d104abb53d
Add fallback for favicon (#2279)
* Add fallback for favicon

* Add Favicon tests

* Changelog

* Move placeholder icon to priv folder
2022-09-28 08:55:46 -03:00
Uku Taht
e849e03058
Fix favicons (#2257) 2022-09-23 07:22:43 -03:00
Uku Taht
eb99133791 Fix favicon requests 2022-08-17 14:01:19 +03:00
Uku Taht
ad739f603b Fix compile error 2022-08-16 14:35:45 +03:00
Uku Taht
57c758cff9 Fix favicon HTTP response handling 2022-08-16 14:31:09 +03:00
Manu S Ajith
777c69b1d6
Migrate HTTPoison to Finch (#2054)
Signed-off-by: Manu S Ajith <neo@codingarena.in>

Signed-off-by: Manu S Ajith <neo@codingarena.in>
2022-08-15 10:41:48 +03:00
ruslandoga
ce461b5192 Auth updates 2022-08-10 10:37:37 +03:00
Uku Taht
1cdffb098e Revert "Temporarily return 404 for favicons"
This reverts commit 8d3bdd9816.
2022-07-06 17:46:05 +03:00
Uku Taht
8d3bdd9816 Temporarily return 404 for favicons 2022-07-05 19:52:15 +03:00
RobertJoonas
11654ddc07
Script extension additions (#1915)
* added data-include attribute to plausible.exclusions.js

* reorder extensions in filename when serving the plausible script

* fix formatting

* tweaks after review

* changelog update
2022-05-27 10:11:40 +03:00
RobertJoonas
199206babc
Dimensions continued (#1847)
* added the first version of dimensions extension

* finished dimensions script extension + updated tracking to use it

* script variants build
2022-04-25 10:56:11 +03:00
RobertJoonas
8616dd46fb
added file-downloads script extension (#1775)
* added file-downloads script extension

* fixed the issues and made it compatible with IE

* changelog update
2022-03-31 13:52:09 +03:00