@oneuptime/common 10.0.19 → 10.0.21

package/Server/API/GitHubAPI.ts

@@ -2,12 +2,19 @@ import Express, {
   ExpressRequest,
   ExpressResponse,
   ExpressRouter,
+  OneUptimeRequest,
 } from "../Utils/Express";
 import Response from "../Utils/Response";
 import BadDataException from "../../Types/Exception/BadDataException";
+import NotAuthenticatedException from "../../Types/Exception/NotAuthenticatedException";
+import NotAuthorizedException from "../../Types/Exception/NotAuthorizedException";
 import logger from "../Utils/Logger";
 import { JSONObject } from "../../Types/JSON";
-import { DashboardClientUrl, GitHubAppName } from "../EnvironmentConfig";
+import {
+  DashboardClientUrl,
+  GitHubAppName,
+  HomeClientUrl,
+} from "../EnvironmentConfig";
 import ObjectID from "../../Types/ObjectID";
 import GitHubUtil, {
   GitHubRepository,
@@ -15,11 +22,14 @@ import GitHubUtil, {
 } from "../Utils/CodeRepository/GitHub/GitHub";
 import CodeRepositoryService from "../Services/CodeRepositoryService";
 import ProjectService from "../Services/ProjectService";
+import AccessTokenService from "../Services/AccessTokenService";
 import CodeRepository from "../../Models/DatabaseModels/CodeRepository";
 import CodeRepositoryType from "../../Types/CodeRepository/CodeRepositoryType";
 import URL from "../../Types/API/URL";
 import UserMiddleware from "../Middleware/UserAuthorization";
+import JSONWebToken from "../Utils/JsonWebToken";
 import BaseModel from "../../Models/DatabaseModels/DatabaseBaseModel/DatabaseBaseModel";
+import { UserTenantAccessPermission } from "../../Types/Permission";
 
 export default class GitHubAPI {
   public getRouter(): ExpressRouter {
@@ -45,20 +55,22 @@ export default class GitHubAPI {
             );
           }
 
-          // Decode the state parameter to get projectId and userId
+          // Verify and decode the signed state token
           let projectId: string | undefined;
           let userId: string | undefined;
 
           try {
-            const decodedState: { projectId?: string; userId?: string } =
-              JSON.parse(Buffer.from(state, "base64").toString("utf-8"));
-            projectId = decodedState.projectId;
-            userId = decodedState.userId;
+            const decodedState: JSONObject =
+              JSONWebToken.decodeJsonPayload(state);
+            projectId = decodedState["projectId"] as string | undefined;
+            userId = decodedState["userId"] as string | undefined;
           } catch {
             return Response.sendErrorResponse(
               req,
               res,
-              new BadDataException("Invalid state parameter"),
+              new BadDataException(
+                "Invalid or expired state parameter. Please restart the GitHub App installation.",
+              ),
             );
           }
 
@@ -78,6 +90,23 @@ export default class GitHubAPI {
             );
           }
 
+          // Verify the user is a member of this project
+          const userTenantAccessPermission: UserTenantAccessPermission | null =
+            await AccessTokenService.getUserTenantAccessPermission(
+              new ObjectID(userId),
+              new ObjectID(projectId),
+            );
+
+          if (!userTenantAccessPermission) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new NotAuthorizedException(
+                "You do not have access to this project.",
+              ),
+            );
+          }
+
           // GitHub sends installation_id in query params after app installation
           const installationId: string | undefined =
             req.query["installation_id"]?.toString();
@@ -153,13 +182,16 @@ export default class GitHubAPI {
 
           /*
            * Redirect to GitHub App installation page
-           * The state parameter helps us track the installation
+           * The state parameter is a signed JWT to prevent tampering
+           * It expires in 1 hour to limit the window for replay attacks
            */
-          const state: string = Buffer.from(
-            JSON.stringify({ projectId, userId }),
-          ).toString("base64");
+          const state: string = JSONWebToken.signJsonPayload(
+            { projectId, userId },
+            3600, // 1 hour expiry
+          );
 
-          const installUrl: string = `https://github.com/apps/${GitHubAppName}/installations/new?state=${state}`;
+          const callbackUrl: string = `${HomeClientUrl.toString()}api/github/auth/callback`;
+          const installUrl: string = `https://github.com/apps/${GitHubAppName}/installations/new?state=${encodeURIComponent(state)}&redirect_uri=${encodeURIComponent(callbackUrl)}`;
 
           return Response.redirect(req, res, URL.fromString(installUrl));
         } catch (error) {
@@ -182,6 +214,19 @@ export default class GitHubAPI {
       UserMiddleware.getUserMiddleware,
       async (req: ExpressRequest, res: ExpressResponse) => {
         try {
+          const oneuptimeRequest: OneUptimeRequest = req as OneUptimeRequest;
+
+          // Require authentication
+          if (!oneuptimeRequest.userAuthorization) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new NotAuthenticatedException(
+                "Authentication is required to list repositories.",
+              ),
+            );
+          }
+
           const projectId: string | undefined =
             req.params["projectId"]?.toString();
           const installationId: string | undefined =
@@ -203,6 +248,23 @@ export default class GitHubAPI {
             );
           }
 
+          // Verify user has access to this project
+          const userTenantAccessPermission: UserTenantAccessPermission | null =
+            await AccessTokenService.getUserTenantAccessPermission(
+              oneuptimeRequest.userAuthorization.userId,
+              new ObjectID(projectId),
+            );
+
+          if (!userTenantAccessPermission) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new NotAuthorizedException(
+                "You do not have access to this project.",
+              ),
+            );
+          }
+
           const repositories: Array<GitHubRepository> =
             await GitHubUtil.listRepositoriesForInstallation(installationId);
 
@@ -263,6 +325,19 @@ export default class GitHubAPI {
       UserMiddleware.getUserMiddleware,
       async (req: ExpressRequest, res: ExpressResponse) => {
         try {
+          const oneuptimeRequest: OneUptimeRequest = req as OneUptimeRequest;
+
+          // Require authentication
+          if (!oneuptimeRequest.userAuthorization) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new NotAuthenticatedException(
+                "Authentication is required to connect a repository.",
+              ),
+            );
+          }
+
           const body: JSONObject = req.body;
 
           const projectId: string | undefined = body["projectId"]?.toString();
@@ -296,6 +371,23 @@ export default class GitHubAPI {
             );
           }
 
+          // Verify user has access to this project
+          const userTenantAccessPermission: UserTenantAccessPermission | null =
+            await AccessTokenService.getUserTenantAccessPermission(
+              oneuptimeRequest.userAuthorization.userId,
+              new ObjectID(projectId),
+            );
+
+          if (!userTenantAccessPermission) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new NotAuthorizedException(
+                "You do not have access to this project.",
+              ),
+            );
+          }
+
           if (!repositoryName) {
             return Response.sendErrorResponse(
               req,

package/Server/API/TelemetryAPI.ts

@@ -11,6 +11,15 @@ import CommonAPI from "./CommonAPI";
 import DatabaseCommonInteractionProps from "../../Types/BaseDatabase/DatabaseCommonInteractionProps";
 import TelemetryType from "../../Types/Telemetry/TelemetryType";
 import TelemetryAttributeService from "../Services/TelemetryAttributeService";
+import LogAggregationService, {
+  HistogramBucket,
+  HistogramRequest,
+  FacetValue,
+  FacetRequest,
+} from "../Services/LogAggregationService";
+import ObjectID from "../../Types/ObjectID";
+import OneUptimeDate from "../../Types/Date";
+import { JSONObject } from "../../Types/JSON";
 
 const router: ExpressRouter = Express.getRouter();
 
@@ -85,4 +94,203 @@ const getAttributes: GetAttributesFunction = async (
   }
 };
 
+// --- Log Histogram Endpoint ---
+
+router.post(
+  "/telemetry/logs/histogram",
+  UserMiddleware.getUserMiddleware,
+  async (
+    req: ExpressRequest,
+    res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> => {
+    try {
+      const databaseProps: DatabaseCommonInteractionProps =
+        await CommonAPI.getDatabaseCommonInteractionProps(req);
+
+      if (!databaseProps?.tenantId) {
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new BadDataException("Invalid Project ID"),
+        );
+      }
+
+      const body: JSONObject = req.body as JSONObject;
+
+      const startTime: Date = body["startTime"]
+        ? OneUptimeDate.fromString(body["startTime"] as string)
+        : OneUptimeDate.addRemoveHours(OneUptimeDate.getCurrentDate(), -1);
+
+      const endTime: Date = body["endTime"]
+        ? OneUptimeDate.fromString(body["endTime"] as string)
+        : OneUptimeDate.getCurrentDate();
+
+      const bucketSizeInMinutes: number =
+        (body["bucketSizeInMinutes"] as number) ||
+        computeDefaultBucketSize(startTime, endTime);
+
+      const serviceIds: Array<ObjectID> | undefined = body["serviceIds"]
+        ? (body["serviceIds"] as Array<string>).map((id: string) => {
+            return new ObjectID(id);
+          })
+        : undefined;
+
+      const severityTexts: Array<string> | undefined = body["severityTexts"]
+        ? (body["severityTexts"] as Array<string>)
+        : undefined;
+
+      const bodySearchText: string | undefined = body["bodySearchText"]
+        ? (body["bodySearchText"] as string)
+        : undefined;
+
+      const traceIds: Array<string> | undefined = body["traceIds"]
+        ? (body["traceIds"] as Array<string>)
+        : undefined;
+
+      const spanIds: Array<string> | undefined = body["spanIds"]
+        ? (body["spanIds"] as Array<string>)
+        : undefined;
+
+      const request: HistogramRequest = {
+        projectId: databaseProps.tenantId,
+        startTime,
+        endTime,
+        bucketSizeInMinutes,
+        serviceIds,
+        severityTexts,
+        bodySearchText,
+        traceIds,
+        spanIds,
+      };
+
+      const buckets: Array<HistogramBucket> =
+        await LogAggregationService.getHistogram(request);
+
+      return Response.sendJsonObjectResponse(req, res, {
+        buckets: buckets as unknown as JSONObject,
+      });
+    } catch (err: unknown) {
+      next(err);
+    }
+  },
+);
+
+// --- Log Facets Endpoint ---
+
+router.post(
+  "/telemetry/logs/facets",
+  UserMiddleware.getUserMiddleware,
+  async (
+    req: ExpressRequest,
+    res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> => {
+    try {
+      const databaseProps: DatabaseCommonInteractionProps =
+        await CommonAPI.getDatabaseCommonInteractionProps(req);
+
+      if (!databaseProps?.tenantId) {
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new BadDataException("Invalid Project ID"),
+        );
+      }
+
+      const body: JSONObject = req.body as JSONObject;
+
+      const facetKeys: Array<string> = body["facetKeys"]
+        ? (body["facetKeys"] as Array<string>)
+        : ["severityText", "serviceId"];
+
+      const startTime: Date = body["startTime"]
+        ? OneUptimeDate.fromString(body["startTime"] as string)
+        : OneUptimeDate.addRemoveHours(OneUptimeDate.getCurrentDate(), -1);
+
+      const endTime: Date = body["endTime"]
+        ? OneUptimeDate.fromString(body["endTime"] as string)
+        : OneUptimeDate.getCurrentDate();
+
+      const limit: number = (body["limit"] as number) || 10;
+
+      const serviceIds: Array<ObjectID> | undefined = body["serviceIds"]
+        ? (body["serviceIds"] as Array<string>).map((id: string) => {
+            return new ObjectID(id);
+          })
+        : undefined;
+
+      const severityTexts: Array<string> | undefined = body["severityTexts"]
+        ? (body["severityTexts"] as Array<string>)
+        : undefined;
+
+      const bodySearchText: string | undefined = body["bodySearchText"]
+        ? (body["bodySearchText"] as string)
+        : undefined;
+
+      const traceIds: Array<string> | undefined = body["traceIds"]
+        ? (body["traceIds"] as Array<string>)
+        : undefined;
+
+      const spanIds: Array<string> | undefined = body["spanIds"]
+        ? (body["spanIds"] as Array<string>)
+        : undefined;
+
+      const facets: Record<string, Array<FacetValue>> = {};
+
+      for (const facetKey of facetKeys) {
+        const request: FacetRequest = {
+          projectId: databaseProps.tenantId,
+          startTime,
+          endTime,
+          facetKey,
+          limit,
+          serviceIds,
+          severityTexts,
+          bodySearchText,
+          traceIds,
+          spanIds,
+        };
+
+        facets[facetKey] = await LogAggregationService.getFacetValues(request);
+      }
+
+      return Response.sendJsonObjectResponse(req, res, {
+        facets: facets as unknown as JSONObject,
+      });
+    } catch (err: unknown) {
+      next(err);
+    }
+  },
+);
+
+// --- Helpers ---
+
+function computeDefaultBucketSize(startTime: Date, endTime: Date): number {
+  const diffMs: number = endTime.getTime() - startTime.getTime();
+  const diffMinutes: number = diffMs / (1000 * 60);
+
+  if (diffMinutes <= 60) {
+    return 1;
+  }
+
+  if (diffMinutes <= 360) {
+    return 5;
+  }
+
+  if (diffMinutes <= 1440) {
+    return 15;
+  }
+
+  if (diffMinutes <= 10080) {
+    return 60;
+  }
+
+  if (diffMinutes <= 43200) {
+    return 360;
+  }
+
+  return 1440;
+}
+
 export default router;

package/Server/API/UserCallAPI.ts

@@ -136,6 +136,35 @@ export default class UserCallAPI extends BaseAPI<
             );
           }
 
+          const item: UserCall | null = await this.service.findOneById({
+            id: req.body["itemId"],
+            props: {
+              isRoot: true,
+            },
+            select: {
+              userId: true,
+            },
+          });
+
+          if (!item) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Item not found"),
+            );
+          }
+
+          if (
+            item.userId?.toString() !==
+            (req as OneUptimeRequest)?.userAuthorization?.userId?.toString()
+          ) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Invalid user ID"),
+            );
+          }
+
           await this.service.resendVerificationCode(req.body.itemId);
 
           return Response.sendEmptySuccessResponse(req, res);

package/Server/API/UserEmailAPI.ts

@@ -137,6 +137,35 @@ export default class UserEmailAPI extends BaseAPI<
             );
           }
 
+          const item: UserEmail | null = await this.service.findOneById({
+            id: req.body["itemId"],
+            props: {
+              isRoot: true,
+            },
+            select: {
+              userId: true,
+            },
+          });
+
+          if (!item) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Item not found"),
+            );
+          }
+
+          if (
+            item.userId?.toString() !==
+            (req as OneUptimeRequest)?.userAuthorization?.userId?.toString()
+          ) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Invalid user ID"),
+            );
+          }
+
           await this.service.resendVerificationCode(req.body.itemId);
 
           return Response.sendEmptySuccessResponse(req, res);

package/Server/API/UserSmsAPI.ts

@@ -132,6 +132,35 @@ export default class UserSMSAPI extends BaseAPI<UserSMS, UserSMSServiceType> {
             );
           }
 
+          const item: UserSMS | null = await this.service.findOneById({
+            id: req.body["itemId"],
+            props: {
+              isRoot: true,
+            },
+            select: {
+              userId: true,
+            },
+          });
+
+          if (!item) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Item not found"),
+            );
+          }
+
+          if (
+            item.userId?.toString() !==
+            (req as OneUptimeRequest)?.userAuthorization?.userId?.toString()
+          ) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Invalid user ID"),
+            );
+          }
+
           await this.service.resendVerificationCode(req.body.itemId);
 
           return Response.sendEmptySuccessResponse(req, res);

package/Server/API/UserWhatsAppAPI.ts

@@ -143,6 +143,35 @@ export default class UserWhatsAppAPI extends BaseAPI<
             );
           }
 
+          const item: UserWhatsApp | null = await this.service.findOneById({
+            id: req.body["itemId"],
+            props: {
+              isRoot: true,
+            },
+            select: {
+              userId: true,
+            },
+          });
+
+          if (!item) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Item not found"),
+            );
+          }
+
+          if (
+            item.userId?.toString() !==
+            (req as OneUptimeRequest)?.userAuthorization?.userId?.toString()
+          ) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Invalid user ID"),
+            );
+          }
+
           await this.service.resendVerificationCode(req.body.itemId);
 
           return Response.sendEmptySuccessResponse(req, res);