umami/src/lib/session.ts

import { isUuid, secret, sessionSalt, uuid } from 'lib/crypto';
import { getClientInfo } from 'lib/detect';
import { parseToken } from 'next-basics';
import { NextApiRequestCollect } from 'pages/api/send';
import { createSession } from 'queries';
import cache from './cache';
import clickhouse from './clickhouse';
import { loadSession, loadWebsite } from './load';

export async function findSession(req: NextApiRequestCollect): Promise<{
  id: any;
  websiteId: string;
  visitId: string;
  hostname: string;
  browser: string;
  os: any;
  device: string;
  screen: string;
  language: string;
  country: any;
  subdivision1: any;
  subdivision2: any;
  city: any;
  ownerId: string;
}> {
  const { payload } = req.body;

  if (!payload) {
    throw new Error('Invalid payload.');
  }

  // Check if cache token is passed
  const cacheToken = req.headers['x-umami-cache'];

  if (cacheToken) {
    const result = await parseToken(cacheToken, secret());

    if (result) {
      await checkUserBlock(result?.ownerId);

      return result;
    }
  }

  // Verify payload
  const { website: websiteId, hostname, screen, language } = payload;

  // Check the hostname value for legality to eliminate dirty data
  const validHostnameRegex = /^[\w-.]+$/;
  if (!validHostnameRegex.test(hostname)) {
    throw new Error('Invalid hostname.');
  }

  if (!isUuid(websiteId)) {
    throw new Error('Invalid website ID.');
  }

  // Find website
  const website = await loadWebsite(websiteId);

  if (!website) {
    throw new Error(`Website not found: ${websiteId}.`);
  }

  await checkUserBlock(website.userId);

  const { userAgent, browser, os, ip, country, subdivision1, subdivision2, city, device } =
    await getClientInfo(req, payload);

  const sessionId = uuid(websiteId, hostname, ip, userAgent);
  const visitId = uuid(sessionId, sessionSalt());

  // Clickhouse does not require session lookup
  if (clickhouse.enabled) {
    return {
      id: sessionId,
      websiteId,
      visitId,
      hostname,
      browser,
      os: os as any,
      device,
      screen,
      language,
      country,
      subdivision1,
      subdivision2,
      city,
      ownerId: website.userId,
    };
  }

  // Find session
  let session = await loadSession(sessionId);

  // Create a session if not found
  if (!session) {
    try {
      session = await createSession({
        id: sessionId,
        websiteId,
        hostname,
        browser,
        os,
        device,
        screen,
        language,
        country,
        subdivision1,
        subdivision2,
        city,
      });
    } catch (e: any) {
      if (!e.message.toLowerCase().includes('unique constraint')) {
        throw e;
      }
    }
  }

  return { ...session, ownerId: website.userId, visitId: visitId };
}

async function checkUserBlock(userId: string) {
  if (process.env.ENABLE_BLOCKER && (await cache.fetchUserBlock(userId))) {
    await cache.incrementUserBlock(userId);

    throw new Error('Usage Limit.');
  }
}
update visitId hash and expiration logic 2024-03-26 01:47:53 +01:00			`import { isUuid, secret, sessionSalt, uuid } from 'lib/crypto';`
Removed getJsonBody. 2023-08-31 01:40:32 +02:00			`import { getClientInfo } from 'lib/detect';`
Revert uuid. 2023-07-29 02:21:34 +02:00			`import { parseToken } from 'next-basics';`
Removed getJsonBody. 2023-08-31 01:40:32 +02:00			`import { NextApiRequestCollect } from 'pages/api/send';`
Updated queries to use cache. 2023-04-02 02:38:35 +02:00			`import { createSession } from 'queries';`
Add usage. 2023-05-16 05:41:12 +02:00			`import cache from './cache';`
Roll back session insert. 2023-08-23 20:55:45 +02:00			`import clickhouse from './clickhouse';`
Added parseDateRangeQuery function. 2023-07-26 08:59:08 +02:00			`import { loadSession, loadWebsite } from './load';`
Refactored session and collect process. 2020-07-20 10:54:21 +02:00
Roll back session insert. 2023-08-23 20:55:45 +02:00			`export async function findSession(req: NextApiRequestCollect): Promise<{`
			`id: any;`
			`websiteId: string;`
update visitId hash and expiration logic 2024-03-26 01:47:53 +01:00			`visitId: string;`
Roll back session insert. 2023-08-23 20:55:45 +02:00			`hostname: string;`
			`browser: string;`
			`os: any;`
			`device: string;`
			`screen: string;`
			`language: string;`
			`country: any;`
			`subdivision1: any;`
			`subdivision2: any;`
			`city: any;`
			`ownerId: string;`
			`}> {`
Removed getJsonBody. 2023-08-31 01:40:32 +02:00			`const { payload } = req.body;`
Account settings page. 2020-08-09 08:48:43 +02:00
			`if (!payload) {`
Improved error handling for useSession middleware. 2023-04-22 23:17:57 +02:00			`throw new Error('Invalid payload.');`
Account settings page. 2020-08-09 08:48:43 +02:00			`}`

Refactored redis usage. Added lib/cache. 2022-11-08 07:35:51 +01:00			`// Check if cache token is passed`
			`const cacheToken = req.headers['x-umami-cache'];`
Implement session caching. 2020-10-03 05:33:46 +02:00
Refactored redis usage. Added lib/cache. 2022-11-08 07:35:51 +01:00			`if (cacheToken) {`
			`const result = await parseToken(cacheToken, secret());`
Implement session caching. 2020-10-03 05:33:46 +02:00
			`if (result) {`
Add usage. 2023-05-16 05:41:12 +02:00			`await checkUserBlock(result?.ownerId);`

Implement session caching. 2020-10-03 05:33:46 +02:00			`return result;`
			`}`
			`}`
Refactored session and collect process. 2020-07-20 10:54:21 +02:00
Refactored redis usage. Added lib/cache. 2022-11-08 07:35:51 +01:00			`// Verify payload`
use uuid 2022-11-01 07:42:37 +01:00			`const { website: websiteId, hostname, screen, language } = payload;`
add redis placeholder 2022-08-26 08:12:47 +02:00
Check the hostname value for legality to eliminate dirty data Check the hostname value for legality to eliminate dirty data 2023-07-13 06:27:38 +02:00			`// Check the hostname value for legality to eliminate dirty data`
			`const validHostnameRegex = /^[\w-.]+$/;`
			`if (!validHostnameRegex.test(hostname)) {`
			`throw new Error('Invalid hostname.');`
			`}`

Update uuid usage. 2023-07-29 00:52:21 +02:00			`if (!isUuid(websiteId)) {`
Improved error handling for useSession middleware. 2023-04-22 23:17:57 +02:00			`throw new Error('Invalid website ID.');`
Add support for MySQL. 2020-08-12 05:05:40 +02:00			`}`

Refactored redis usage. Added lib/cache. 2022-11-08 07:35:51 +01:00			`// Find website`
Updated queries to use cache. 2023-04-02 02:38:35 +02:00			`const website = await loadWebsite(websiteId);`
add db call as fallback 2022-08-29 22:04:58 +02:00
Updated queries to use cache. 2023-04-02 02:38:35 +02:00			`if (!website) {`
Improved error handling for useSession middleware. 2023-04-22 23:17:57 +02:00			throw new Error(`Website not found: ${websiteId}.`);
Removed session code. 2020-08-21 04:17:27 +02:00			`}`
Add support for MySQL. 2020-08-12 05:05:40 +02:00
Add usage. 2023-05-16 05:41:12 +02:00			`await checkUserBlock(website.userId);`

add subdivision1/2, cities to query logic 2023-02-20 18:04:20 +01:00			`const { userAgent, browser, os, ip, country, subdivision1, subdivision2, city, device } =`
			`await getClientInfo(req, payload);`
Add support for MySQL. 2020-08-12 05:05:40 +02:00
Feat/um 305 unique session ch (#2065) * Add session_data / session redis to CH. * Add mysql migration. 2023-06-01 06:46:49 +02:00			`const sessionId = uuid(websiteId, hostname, ip, userAgent);`
update visitId hash and expiration logic 2024-03-26 01:47:53 +01:00			`const visitId = uuid(sessionId, sessionSalt());`
Handle website delete. Added response helper functions. 2020-08-08 02:19:42 +02:00
Roll back session insert. 2023-08-23 20:55:45 +02:00			`// Clickhouse does not require session lookup`
			`if (clickhouse.enabled) {`
			`return {`
			`id: sessionId,`
			`websiteId,`
update visitId hash and expiration logic 2024-03-26 01:47:53 +01:00			`visitId,`
Roll back session insert. 2023-08-23 20:55:45 +02:00			`hostname,`
			`browser,`
			`os: os as any,`
			`device,`
			`screen,`
			`language,`
			`country,`
			`subdivision1,`
			`subdivision2,`
			`city,`
			`ownerId: website.userId,`
			`};`
			`}`

Updated Clickhouse session logic. 2022-11-09 02:11:08 +01:00			`// Find session`
Fix session lookup. 2023-04-03 02:23:12 +02:00			`let session = await loadSession(sessionId);`
Updated Clickhouse session logic. 2022-11-09 02:11:08 +01:00
			`// Create a session if not found`
			`if (!session) {`
			`try {`
			`session = await createSession({`
			`id: sessionId,`
			`websiteId,`
			`hostname,`
			`browser,`
			`os,`
			`device,`
			`screen,`
			`language,`
			`country,`
add subdivision1/2, cities to query logic 2023-02-20 18:04:20 +01:00			`subdivision1,`
			`subdivision2,`
			`city,`
Updated Clickhouse session logic. 2022-11-09 02:11:08 +01:00			`});`
Convert send to TS. 2023-03-30 20:18:57 +02:00			`} catch (e: any) {`
Updated Clickhouse session logic. 2022-11-09 02:11:08 +01:00			`if (!e.message.toLowerCase().includes('unique constraint')) {`
			`throw e;`
			`}`
			`}`
			`}`

update visitId hash and expiration logic 2024-03-26 01:47:53 +01:00			`return { ...session, ownerId: website.userId, visitId: visitId };`
Add usage. 2023-05-16 05:41:12 +02:00			`}`

			`async function checkUserBlock(userId: string) {`
			`if (process.env.ENABLE_BLOCKER && (await cache.fetchUserBlock(userId))) {`
Add increment to usage. 2023-06-01 20:54:24 +02:00			`await cache.incrementUserBlock(userId);`

Add usage. 2023-05-16 05:41:12 +02:00			`throw new Error('Usage Limit.');`
			`}`
Implement redux. 2020-08-05 07:45:05 +02:00			`}`