Elizhium/litlyx
1
0
Fork 0
mirror of https://github.com/Litlyx/litlyx synced 2026-02-04 06:32:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

new selfhosted version

Browse Source
This commit is contained in:
antonio
2025-11-28 14:11:51 +01:00
parent afda29997d
commit 951860f67e
1046 changed files with 72586 additions and 574750 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
dashboard/server/utils/debug.ts Normal file
View File

@@ -0,0 +1,13 @@
export function getPrettyAggregation(aggregation: any[], indent: number = 0) {
const text = JSON.stringify(aggregation, null, indent);
const result = text.replace(
/"(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z)"/g,
(match, date) => `ISODate("${date}")`
).replace(
/"([a-fA-F0-9]{24})"/g,
(match, objectId) => `ObjectId("${objectId}")`
);
return result;
}

14
dashboard/server/utils/getBoolean.ts Normal file
View File

@@ -0,0 +1,14 @@
export function getBoolean(value: string | number | boolean | null | undefined) {
if (typeof value === 'string') {
if (value.toLowerCase() === 'true') return true;
if (value.toLowerCase() === 'false') return false;
} else if (typeof value === 'boolean') {
return value;
} else {
return false;
}
}

264
dashboard/server/utils/getRequestContext.ts Normal file
View File

@@ -0,0 +1,264 @@
import type { EventHandlerRequest, H3Event } from 'h3'
import { Types, Schema } from 'mongoose';
import { getPlanFromId } from '~/shared/data/PLANS';
import { PremiumModel } from '~/shared/schema/PremiumSchema';
import { ProjectModel, TProject } from '~/shared/schema/project/ProjectSchema';
import { TeamMemberModel, TeamMemberRole } from '~/shared/schema/TeamMemberSchema';
import { UserModel } from '~/shared/schema/UserSchema';
import { isValidSlice, Slice } from '~/shared/services/DateService';
import type { SecureSessionData, User } from '#auth-utils';
import { ProjectShareModel } from '~/shared/schema/project/ProjectShareSchema';
export type RequestContext = {
user_id: string,
user_email: string,
pid?: string,
project_id?: Types.ObjectId,
project?: TProject,
domain?: string,
from?: number,
to?: number,
slice?: Slice,
limit?: number,
role?: TeamMemberRole,
}
export function getDomainFromString(domainString?: string): string | undefined | null {
if (domainString === '*') return undefined;
if (!domainString) return null;
return domainString;
}
function getRequestDomain(event: H3Event<EventHandlerRequest>) {
const domain = getHeader(event, 'x-domain');
return getDomainFromString(domain);
}
function getRange(event: H3Event<EventHandlerRequest>, shared?: boolean) {
const from = getHeader(event, shared ? 'x-shared-from' : 'x-from');
const to = getHeader(event, shared ? 'x-shared-to' : 'x-to');
return {
from: parseInt(from ?? ''),
to: parseInt(to ?? '')
}
}
function getLimit(event: H3Event<EventHandlerRequest>) {
const limit = getHeader(event, 'x-limit');
if (limit) {
const limitNumber = parseInt(limit as string);
if (!isNaN(limitNumber)) return limitNumber;
}
}
type Permission = 'pid' | 'domain' | 'range' | 'slice' | 'limit' | 'flag:allowAnon' |
'permission:webAnalytics' | 'permission:events' | 'permission:ai' | 'permission:domains' | 'permission:member'
| 'admin' | 'flag:allowAnonRegistered' | 'flag:allowShare'
type PermissionFieldMap = {
pid: { pid: string; project_id: Types.ObjectId; project: TProject, role: TeamMemberRole },
domain: { domain: string | undefined },
range: { from: number; to: number },
slice: { slice: Slice },
limit: { limit: number },
'flag:allowShare': {},
'flag:allowAnon': {},
'flag:allowAnonRegistered': {},
'permission:member': {},
'permission:webAnalytics': {},
'permission:events': {},
'permission:ai': {},
'permission:domains': {},
'admin': {}
}
type ContextByPermissions<Permissions extends readonly Permission[]> =
RequestContext &
UnionToIntersection<Permissions[number] extends keyof PermissionFieldMap ? PermissionFieldMap[Permissions[number]] : never>;
type UnionToIntersection<U> =
(U extends any ? (k: U) => void : never) extends ((k: infer I) => void)
? I
: never;
function requirePermission(permissionList: Permission[]) {
const index = permissionList.findIndex(e => e.startsWith('permission:'));
return index != -1;
}
export async function getPlanInfoFromUserId(user_id: string) {
const premiumData = await PremiumModel.findOne({ user_id }, { premium_type: 1 });
if (!premiumData) return;
const plan = getPlanFromId(premiumData.premium_type);
return plan;
}
async function getSharedRequestContext<Permissions extends Permission[]>(event: H3Event<EventHandlerRequest>, sharedLink: string): Promise<ContextByPermissions<Permissions>> {
const limit = getLimit(event);
const { from, to } = getRange(event, true);
const slice = getHeader(event, 'x-shared-slice') as Slice | undefined;
const result: RequestContext = {
user_email: 'shared',
user_id: 'shared',
from, to, slice, limit
}
const sharedData = await ProjectShareModel.findOne({ link: sharedLink });
if (!sharedData) throw createError({ status: 400, message: 'Shared link is not valid.' });
const sharedProjectTarget = await ProjectModel.findOne({ _id: sharedData.project_id }, { owner: 1 });
if (!sharedProjectTarget) throw createError({ status: 400, message: 'Shared link is not valid.' });
const sharedUserPremiumTarget = await PremiumModel.findOne({ user_id: sharedProjectTarget.owner }, { premium_type: 1 });
if (!sharedUserPremiumTarget) throw createError({ status: 400, message: 'Shared link is not valid.' });
if (sharedUserPremiumTarget.premium_type === 7999) throw createError({ status: 400, message: 'Shared link is not valid.' });
if (sharedData.password && sharedData.password.length > 0) {
const password = getHeader(event, 'x-shared-pass');
if (!password) throw createError({ status: 403, message: 'Password invalid' })
if (sharedData.password !== password.toString()) throw createError({ status: 403, message: 'Password invalid' })
}
result.project_id = new Types.ObjectId(sharedData.project_id.toString());
result.domain = getDomainFromString(sharedData.domain) as any;
return result as ContextByPermissions<Permissions>;
}
export async function getRequestContext<Permissions extends Permission[]>(event: H3Event<EventHandlerRequest>, ...permissionList: Permissions): Promise<ContextByPermissions<Permissions>> {
const anonAccess = permissionList.includes('flag:allowAnon');
if (anonAccess) return { user_email: '', user_id: '' } as ContextByPermissions<Permissions>;
const shareAccess = permissionList.includes('flag:allowShare');
if (shareAccess) {
const sharedLink = getHeader(event, 'x-shared-link');
if (sharedLink) return await getSharedRequestContext(event, sharedLink);
}
const { secure, user } = await requireUserSession(event)
if (!secure) throw createError({ status: 500, message: 'Internal error (secure is undefined)' });
const userExist = await UserModel.exists({ _id: secure.user_id });
if (!userExist) throw createError({ status: 500, message: 'User does not exists' });
const anonAccessRegistered = permissionList.includes('flag:allowAnonRegistered');
if (anonAccessRegistered) return { user_email: user.email, user_id: secure.user_id } as ContextByPermissions<Permissions>;
if (permissionList.includes('admin')) {
//TODO: Create admin list
if (user.email != 'helplitlyx@gmail.com') throw createError({ status: 403, message: 'Admin only' })
}
const result: RequestContext = { user_id: secure.user_id, user_email: user.email }
const domain = getRequestDomain(event);
if (permissionList.includes('domain')) {
if (domain === null) throw createError({ status: 400, message: 'x-domain is required' });
result.domain = domain;
}
if (requirePermission(permissionList) && !permissionList.includes('pid')) {
throw createError({ status: 400, message: 'pid permission missing in the endpoint' })
}
const pid = getHeader(event, 'x-pid');
if (permissionList.includes('pid')) {
if (!pid) throw createError({ status: 400, message: 'x-pid is required' });
const project_id = new Types.ObjectId(pid);
const project = await ProjectModel.findById(project_id);
if (!project) throw createError({ status: 400, message: 'project not found' });
result.pid = pid;
result.project_id = project_id;
result.project = project;
if (project.owner.toString() == secure.user_id) {
//TODO: Create admin list
result.role = 'OWNER';
} else {
if (user.email === 'helplitlyx@gmail.com') {
result.role = 'OWNER';
} else {
if (!permissionList.includes('flag:allowAnon') && !permissionList.includes('flag:allowAnonRegistered') && !requirePermission(permissionList)) throw createError({ status: 403, message: 'no access to this project' });
const member = await TeamMemberModel.findOne({
project_id,
$or: [
{ user_id: secure.user_id },
{ email: user.email }
]
});
if (!member) throw createError({ status: 403, message: 'no access to this project' });
if (permissionList.includes('permission:webAnalytics')) {
if (!member.permission.webAnalytics) throw createError({ status: 403, message: 'webAnalytics permission required' });
}
if (permissionList.includes('permission:events')) {
if (!member.permission.events) throw createError({ status: 403, message: 'events permission required' });
}
if (permissionList.includes('permission:ai')) {
if (!member.permission.ai) throw createError({ status: 403, message: 'ai permission required' });
}
if (permissionList.includes('permission:domains')) {
if (!permissionList.includes('domain')) throw createError({ status: 403, message: 'domain permission missing in the endpoint' });
if (member.permission.domains.length == 0) throw createError({ status: 403, message: 'ai permission required' });
if (typeof domain === 'string') {
if (!member.permission.domains.includes(domain)) throw createError({ status: 403, message: 'domain permission required' });
} else {
if (!member.permission.domains.includes('*')) throw createError({ status: 403, message: 'all domains permission required' });
}
}
result.role = member.role;
}
}
}
const { from, to } = getRange(event);
if (permissionList.includes('range')) {
if (!from) throw createError({ status: 400, message: 'x-from is required' });
if (!to) throw createError({ status: 400, message: 'x-to is required' });
if (isNaN(from)) throw createError({ status: 400, message: 'x-from not valid' });
if (isNaN(to)) throw createError({ status: 400, message: 'x-to not valid' });
result.from = from;
result.to = to;
}
const slice = getHeader(event, 'x-slice') as Slice | undefined;
if (permissionList.includes('slice')) {
if (!slice) throw createError({ status: 400, message: 'x-slice is required' });
isValidSlice(slice);
result.slice = slice;
}
const limit = getLimit(event);
if (permissionList.includes('limit')) {
if (!limit) throw createError({ status: 400, message: 'x-limit is required' });
result.limit = limit;
}
return result as ContextByPermissions<Permissions>;
}

236
dashboard/server/utils/getRequestData.ts
View File

@@ -1,236 +0,0 @@
import type { AuthContext } from "../middleware/01-authorization";
import type { EventHandlerRequest, H3Event } from 'h3'
import { allowedModels, TModelName } from "../services/DataService";
import { ProjectModel, TProject } from "@schema/project/ProjectSchema";
import { Model, Types } from "mongoose";
import { TeamMemberModel, TPermission } from "@schema/TeamMemberSchema";
import { Slice } from "@services/DateService";
import { ADMIN_EMAILS } from "~/shared/data/ADMINS";
export function getRequestUser(event: H3Event<EventHandlerRequest>) {
if (!event.context.auth) return;
return event.context.auth as AuthContext;
}
export function getRequestProjectId(event: H3Event<EventHandlerRequest>) {
if (!event.context.params) return;
return event.context.params['project_id'];
}
export function getRequestAddress(event: H3Event<EventHandlerRequest>) {
if (process.dev) return '127.0.0.1';
return event.headers.get('x-real-ip') || event.headers.get('X-Forwarded-For') || '0.0.0.0';
}
export type GetRequestDataOptions = {
/** @default true */ allowGuests?: boolean,
/** @default false */ requireSchema?: boolean,
/** @default true */ allowLitlyx?: boolean,
/** @default false */ requireSlice?: boolean,
/** @default true */ requireRange?: boolean,
/** @default false */ requireOffset?: boolean,
}
export type RequestDataScope = 'SCHEMA' | 'ANON' | 'SLICE' | 'RANGE' | 'OFFSET' | 'DOMAIN';
export type RequestDataPermissions = 'WEB' | 'EVENTS' | 'AI' | 'OWNER';
async function getAccessPermission(user_id: string, project: TProject): Promise<TPermission> {
if (!project) return { ai: false, domains: [], events: false, webAnalytics: false }
//TODO: Create table with admins
if (user_id === '66520c90f381ec1e9284938b') return { ai: true, domains: ['All domains'], events: true, webAnalytics: true }
const owner = project.owner.toString();
const project_id = project._id;
if (owner === user_id) return { ai: true, domains: ['All domains'], events: true, webAnalytics: true }
const member = await TeamMemberModel.findOne({ project_id, user_id }, { permission: 1 });
if (!member) return { ai: false, domains: [], events: false, webAnalytics: false }
return { ai: false, domains: [], events: false, webAnalytics: false, ...member.permission as any }
}
async function hasAccessToProject(user_id: string, project: TProject) {
if (!project) return [false, 'NONE'];
const owner = project.owner.toString();
const project_id = project._id;
if (owner === user_id) return [true, 'OWNER'];
const isGuest = await TeamMemberModel.exists({ project_id, user_id });
if (isGuest) return [true, 'GUEST'];
//TODO: Create table with admins
if (user_id === '66520c90f381ec1e9284938b') return [true, 'ADMIN'];
return [false, 'NONE'];
}
export async function getRequestData(event: H3Event<EventHandlerRequest>, required_scopes: RequestDataScope[] = [], required_permissions: RequestDataPermissions[] = []) {
const requireSchema = required_scopes.includes('SCHEMA');
const allowAnon = required_scopes.includes('ANON');
const requireSlice = required_scopes.includes('SLICE');
const requireRange = required_scopes.includes('RANGE');
const requireOffset = required_scopes.includes('OFFSET');
const requireDomain = required_scopes.includes('DOMAIN');
const pid = getHeader(event, 'x-pid');
if (!pid) return setResponseStatus(event, 400, 'x-pid is required');
const originalDomain = getHeader(event, 'x-domain')?.toString();
let domain: any = originalDomain;
if (requireDomain) {
if (domain == null || domain == undefined || domain.length == 0) return setResponseStatus(event, 400, 'x-domain is required');
}
if (domain === 'All domains') {
domain = { $ne: '_NODOMAIN_' }
}
const slice = getHeader(event, 'x-slice') as Slice;
if (!slice && requireSlice) return setResponseStatus(event, 400, 'x-slice is required');
const from = getRequestHeader(event, 'x-from');
const to = getRequestHeader(event, 'x-to');
if (requireRange) {
if (!from || !to) return setResponseStatus(event, 400, 'x-from and x-to are required');
}
const offsetRaw = getRequestHeader(event, 'x-time-offset');
const offset = parseInt(offsetRaw?.toString() as string);
if (requireOffset) {
if (offset === null || offset === undefined || isNaN(offset)) return setResponseStatus(event, 400, 'x-time-offset is required');
}
let model: Model<any> = undefined as any;
const schemaName = getRequestHeader(event, 'x-schema');
if (requireSchema) {
if (!schemaName) return setResponseStatus(event, 400, 'x-schema is required');
if (!Object.keys(allowedModels).includes(schemaName)) return setResponseStatus(event, 400, 'x-schema value is not valid');
const allowedModel = allowedModels[schemaName as TModelName];
model = allowedModel.model;
}
const limitHeader = getRequestHeader(event, 'x-limit');
const limitNumber = parseInt(limitHeader as string);
const limit = isNaN(limitNumber) ? 10 : limitNumber;
const user = getRequestUser(event);
if (!user || !user.logged) return setResponseStatus(event, 403, 'you must be logged');
const project_id = new Types.ObjectId(pid);
const project = await ProjectModel.findById(project_id);
if (!project) return setResponseStatus(event, 400, 'project not found');
if (user.id != project.owner.toString()) {
if (required_permissions.includes('OWNER')) return setResponseStatus(event, 403, 'ADMIN permission required');
const hasAccess = await TeamMemberModel.findOne({ project_id, user_id: user.id });
if (!hasAccess) return setResponseStatus(event, 403, 'No permissions');
}
if (required_permissions.length > 0 || requireDomain) {
const permission = await getAccessPermission(user.id, project);
if (required_permissions.includes('WEB') && permission.webAnalytics === false) {
return setResponseStatus(event, 403, 'WEB permission required');
}
if (required_permissions.includes('EVENTS') && permission.events === false) {
return setResponseStatus(event, 403, 'EVENTS permission required');
}
if (required_permissions.includes('AI') && permission.ai === false) {
return setResponseStatus(event, 403, 'AI permission required');
}
if (requireDomain && originalDomain) {
if (!permission.domains.includes('All domains') && !permission.domains.includes(originalDomain)) {
return setResponseStatus(event, 403, 'DOMAIN permission required');
}
}
}
return {
from: from as string,
to: to as string,
domain: domain as string,
originalDomain: originalDomain as string,
pid, project_id, project, user, limit, slice, schemaName, model, timeOffset: offset
}
}
/**
* @deprecated - use getRequestData instead
*/
export async function getRequestDataOld(event: H3Event<EventHandlerRequest>, options?: GetRequestDataOptions) {
const requireSchema = options?.requireSchema || false;
const allowGuests = options?.allowGuests || true;
const allowLitlyx = options?.allowLitlyx || true;
const requireSlice = options?.requireSlice || false;
const requireRange = options?.requireRange || false;
const requireOffset = options?.requireOffset || false;
const pid = getHeader(event, 'x-pid');
if (!pid) return setResponseStatus(event, 400, 'x-pid is required');
const slice = getHeader(event, 'x-slice') as Slice;
if (!slice && requireSlice) return setResponseStatus(event, 400, 'x-slice is required');
const from = getRequestHeader(event, 'x-from');
const to = getRequestHeader(event, 'x-to');
if (requireRange) {
if (!from || !to) return setResponseStatus(event, 400, 'x-from and x-to are required');
}
const offsetRaw = getRequestHeader(event, 'x-time-offset');
const offset = parseInt(offsetRaw?.toString() as string);
if (requireOffset) {
if (offset === null || offset === undefined || isNaN(offset)) return setResponseStatus(event, 400, 'x-time-offset is required');
}
let model: Model<any> = undefined as any;
const schemaName = getRequestHeader(event, 'x-schema');
if (requireSchema) {
if (!schemaName) return setResponseStatus(event, 400, 'x-schema is required');
if (!Object.keys(allowedModels).includes(schemaName)) return setResponseStatus(event, 400, 'x-schema value is not valid');
const allowedModel = allowedModels[schemaName as TModelName];
model = allowedModel.model;
}
const limitHeader = getRequestHeader(event, 'x-limit');
const limitNumber = parseInt(limitHeader as string);
const limit = isNaN(limitNumber) ? 10 : limitNumber;
const user = getRequestUser(event);
if (!user || !user.logged) return setResponseStatus(event, 403, 'you must be logged');
const project_id = new Types.ObjectId(pid);
const project = await ProjectModel.findById(project_id);
if (!project) return setResponseStatus(event, 400, 'project not found');
if (pid !== "6643cd08a1854e3b81722ab5") {
const [hasAccess, role] = await hasAccessToProject(user.id, project);
if (!hasAccess) return setResponseStatus(event, 400, 'no access to project');
if (role === 'GUEST' && !allowGuests) return setResponseStatus(event, 403, 'only owner can access this');
} else {
if (!allowLitlyx) return setResponseStatus(event, 400, 'no access to project');
}
return {
from: from as string,
to: to as string,
pid, project_id, project, user, limit, slice, schemaName, model, timeOffset: offset
}
}

11
dashboard/server/utils/hasAccessToProject.ts
View File

@@ -1,11 +0,0 @@
import { ProjectModel, TProject } from "@schema/project/ProjectSchema";
import { TeamMemberModel } from "@schema/TeamMemberSchema";
export async function hasAccessToProject(user_id: string, project_id: string, project?: TProject) {
const targetProject = project ?? await ProjectModel.findById(project_id, { owner: true });
if (!targetProject) return [false, 'NONE'];
if (targetProject.owner.toString() === user_id) return [true, 'OWNER'];
const isGuest = await TeamMemberModel.exists({ project_id, user_id });
if (isGuest) return [true, 'GUEST'];
return [false, 'NONE'];
}

15
dashboard/server/utils/isSelfhosted.ts Normal file
View File

@@ -0,0 +1,15 @@
function truthy(value: any, ifNull: boolean) {
if (value === undefined || value === null || value === '') return ifNull;
return value === 'true' || value === true || value === '1' || value === 1;
}
export function isSelfhosted() {
const config = useRuntimeConfig();
return truthy(config.public.SELFHOSTED, false);
}
export function isAiEnabled() {
const config = useRuntimeConfig();
return truthy(config.public.AI_ENABLED, true);
}

12
dashboard/server/utils/useCors.ts
View File

@@ -1,12 +0,0 @@
import type { H3Event, EventHandlerRequest } from 'h3';
export function useCors(event: H3Event<EventHandlerRequest>) {
setResponseHeader(event, 'Access-Control-Allow-Origin', '*');
setResponseHeader(event, 'Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, DELETE');
setResponseHeader(event, 'Access-Control-Allow-Headers', 'Content-Type, Authorization');
if (event.method === 'OPTIONS') return true;
return false;
}

19
dashboard/server/utils/useTRPC.ts Normal file
View File

@@ -0,0 +1,19 @@
import type { tRpcPaymentsType, tRpcEmailsType } from "~/server/plugins/trpc";
export function useTRPC() {
const nitroApp = useNitroApp() as any;
const payments = nitroApp.shared.tRpcPayments;
const emails = nitroApp.shared.tRpcEmails;
return {
payments,
emails
} as {
payments: tRpcPaymentsType,
emails: tRpcEmailsType
}
}