umami/pages/api/collect.js

const { Resolver } = require('dns').promises;
import isbot from 'isbot';
import ipaddr from 'ipaddr.js';
import { savePageView, saveEvent } from 'lib/queries';
import { useCors, useSession } from 'lib/middleware';
import { getJsonBody, getIpAddress } from 'lib/request';
import { ok, send, badRequest, forbidden } from 'lib/response';
import { createToken } from 'lib/crypto';
import { removeTrailingSlash } from 'lib/url';

export default async (req, res) => {
  await useCors(req, res);

  if (isbot(req.headers['user-agent'])) {
    return ok(res);
  }

  const ignoreIps = process.env.IGNORE_IP;
  const ignoreHostnames = process.env.IGNORE_HOSTNAME;

  if (ignoreIps || ignoreHostnames) {
    const ips = [];

    if (ignoreIps) {
      ips.push(...ignoreIps.split(',').map(n => n.trim()));
    }

    if (ignoreHostnames) {
      const resolver = new Resolver();
      const promises = ignoreHostnames
        .split(',')
        .map(n => resolver.resolve4(n.trim()).catch(() => {}));

      await Promise.all(promises).then(resolvedIps => {
        ips.push(...resolvedIps.filter(n => n).flatMap(n => n));
      });
    }

    const clientIp = getIpAddress(req);

    const blocked = ips.find(ip => {
      if (ip === clientIp) return true;

      // CIDR notation
      if (ip.indexOf('/') > 0) {
        const addr = ipaddr.parse(clientIp);
        const range = ipaddr.parseCIDR(ip);

        if (addr.kind() === range[0].kind() && addr.match(range)) return true;
      }

      return false;
    });

    if (blocked) {
      return forbidden(res);
    }
  }

  await useSession(req, res);

  const {
    session: { website_id, session_id },
  } = req;

  const { type, payload } = getJsonBody(req);

  let { url, referrer, event_type, event_value } = payload;

  if (process.env.REMOVE_TRAILING_SLASH) {
    url = removeTrailingSlash(url);
  }

  if (type === 'pageview') {
    await savePageView(website_id, session_id, url, referrer);
  } else if (type === 'event') {
    await saveEvent(website_id, session_id, url, event_type, event_value);
  } else {
    return badRequest(res);
  }

  const token = await createToken({ website_id, session_id });

  return send(res, token);
};
Added IGNORE_HOSTNAME environment variable. Closes #1151. 2022-06-27 10:46:21 +02:00			`const { Resolver } = require('dns').promises;`
Updated bot detection library. 2021-03-13 07:44:25 +01:00			`import isbot from 'isbot';`
Support CIDR notation in IGNORE_IP, closes #544. 2021-04-26 08:57:49 +02:00			`import ipaddr from 'ipaddr.js';`
Refactor database queries. 2020-08-12 07:24:41 +02:00			`import { savePageView, saveEvent } from 'lib/queries';`
Auth and session middleware. 2020-07-28 08:52:14 +02:00			`import { useCors, useSession } from 'lib/middleware';`
Fix issue with sendBeacon request. 2022-03-11 04:01:33 +01:00			`import { getJsonBody, getIpAddress } from 'lib/request';`
Added IGNORE_HOSTNAME environment variable. Closes #1151. 2022-06-27 10:46:21 +02:00			`import { ok, send, badRequest, forbidden } from 'lib/response';`
Implement session caching. 2020-10-03 05:33:46 +02:00			`import { createToken } from 'lib/crypto';`
Added option to remove trailing slash from urls. 2022-01-26 06:23:40 +01:00			`import { removeTrailingSlash } from 'lib/url';`
Initial commit. 2020-07-17 10:03:38 +02:00
			`export default async (req, res) => {`
Updated log merge logic to prevent duplicates. 2020-10-09 19:48:47 +02:00			`await useCors(req, res);`

Updated bot detection library. 2021-03-13 07:44:25 +01:00			`if (isbot(req.headers['user-agent'])) {`
Added check for bots. 2020-09-11 05:37:07 +02:00			`return ok(res);`
			`}`

Allow filtering on session fields. 2022-04-10 12:51:43 +02:00			`const ignoreIps = process.env.IGNORE_IP;`
Added IGNORE_HOSTNAME environment variable. Closes #1151. 2022-06-27 10:46:21 +02:00			`const ignoreHostnames = process.env.IGNORE_HOSTNAME;`

			`if (ignoreIps \|\| ignoreHostnames) {`
			`const ips = [];`

			`if (ignoreIps) {`
			`ips.push(...ignoreIps.split(',').map(n => n.trim()));`
			`}`

			`if (ignoreHostnames) {`
			`const resolver = new Resolver();`
			`const promises = ignoreHostnames`
			`.split(',')`
			`.map(n => resolver.resolve4(n.trim()).catch(() => {}));`

			`await Promise.all(promises).then(resolvedIps => {`
			`ips.push(...resolvedIps.filter(n => n).flatMap(n => n));`
			`});`
			`}`

			`const clientIp = getIpAddress(req);`

			`const blocked = ips.find(ip => {`
			`if (ip === clientIp) return true;`
Added IP address ignore list. 2020-10-04 04:07:56 +02:00
Support CIDR notation in IGNORE_IP, closes #544. 2021-04-26 08:57:49 +02:00			`// CIDR notation`
Added IGNORE_HOSTNAME environment variable. Closes #1151. 2022-06-27 10:46:21 +02:00			`if (ip.indexOf('/') > 0) {`
			`const addr = ipaddr.parse(clientIp);`
			`const range = ipaddr.parseCIDR(ip);`
Support CIDR notation in IGNORE_IP, closes #544. 2021-04-26 08:57:49 +02:00
Ensure comparaison of same CIDR IP version 2021-08-11 14:31:32 +02:00			`if (addr.kind() === range[0].kind() && addr.match(range)) return true;`
Support CIDR notation in IGNORE_IP, closes #544. 2021-04-26 08:57:49 +02:00			`}`

			`return false;`
			`});`

			`if (blocked) {`
Added IGNORE_HOSTNAME environment variable. Closes #1151. 2022-06-27 10:46:21 +02:00			`return forbidden(res);`
Added IP address ignore list. 2020-10-04 04:07:56 +02:00			`}`
			`}`

Auth and session middleware. 2020-07-28 08:52:14 +02:00			`await useSession(req, res);`
Added CORS middleware. Updated umami script. 2020-07-18 19:36:46 +02:00
Removed session code. 2020-08-21 04:17:27 +02:00			`const {`
			`session: { website_id, session_id },`
			`} = req;`
Initial commit. 2020-07-17 10:03:38 +02:00
Fix issue with sendBeacon request. 2022-03-11 04:01:33 +01:00			`const { type, payload } = getJsonBody(req);`

Added option to remove trailing slash from urls. 2022-01-26 06:23:40 +01:00			`let { url, referrer, event_type, event_value } = payload;`

			`if (process.env.REMOVE_TRAILING_SLASH) {`
			`url = removeTrailingSlash(url);`
			`}`
Accounts and login. 2020-07-24 04:56:55 +02:00
Added option to remove trailing slash from urls. 2022-01-26 06:23:40 +01:00			`if (type === 'pageview') {`
Accounts and login. 2020-07-24 04:56:55 +02:00			`await savePageView(website_id, session_id, url, referrer);`
Refactored session and collect process. 2020-07-20 10:54:21 +02:00			`} else if (type === 'event') {`
Accounts and login. 2020-07-24 04:56:55 +02:00			`await saveEvent(website_id, session_id, url, event_type, event_value);`
Handle website delete. Added response helper functions. 2020-08-08 02:19:42 +02:00			`} else {`
			`return badRequest(res);`
Accounts and login. 2020-07-24 04:56:55 +02:00			`}`
Switch to json web tokens. 2020-07-23 05:45:09 +02:00
Implement session caching. 2020-10-03 05:33:46 +02:00			`const token = await createToken({ website_id, session_id });`

Updated collect API response. 2022-03-11 05:39:11 +01:00			`return send(res, token);`
Initial commit. 2020-07-17 10:03:38 +02:00			`};`