npm - @oneuptime/common - Versions diffs - 10.0.20 → 10.0.22 - Mend

@oneuptime/common 10.0.20 → 10.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (95) hide show

package/Server/API/TelemetryAPI.ts CHANGED Viewed

@@ -11,6 +11,15 @@ import CommonAPI from "./CommonAPI";
 import DatabaseCommonInteractionProps from "../../Types/BaseDatabase/DatabaseCommonInteractionProps";
 import TelemetryType from "../../Types/Telemetry/TelemetryType";
 import TelemetryAttributeService from "../Services/TelemetryAttributeService";
+import LogAggregationService, {
+  HistogramBucket,
+  HistogramRequest,
+  FacetValue,
+  FacetRequest,
+} from "../Services/LogAggregationService";
+import ObjectID from "../../Types/ObjectID";
+import OneUptimeDate from "../../Types/Date";
+import { JSONObject } from "../../Types/JSON";
 const router: ExpressRouter = Express.getRouter();
@@ -85,4 +94,203 @@ const getAttributes: GetAttributesFunction = async (
   }
 };
+// --- Log Histogram Endpoint ---
+router.post(
+  "/telemetry/logs/histogram",
+  UserMiddleware.getUserMiddleware,
+  async (
+    req: ExpressRequest,
+    res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> => {
+    try {
+      const databaseProps: DatabaseCommonInteractionProps =
+        await CommonAPI.getDatabaseCommonInteractionProps(req);
+      if (!databaseProps?.tenantId) {
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new BadDataException("Invalid Project ID"),
+        );
+      }
+      const body: JSONObject = req.body as JSONObject;
+      const startTime: Date = body["startTime"]
+        ? OneUptimeDate.fromString(body["startTime"] as string)
+        : OneUptimeDate.addRemoveHours(OneUptimeDate.getCurrentDate(), -1);
+      const endTime: Date = body["endTime"]
+        ? OneUptimeDate.fromString(body["endTime"] as string)
+        : OneUptimeDate.getCurrentDate();
+      const bucketSizeInMinutes: number =
+        (body["bucketSizeInMinutes"] as number) ||
+        computeDefaultBucketSize(startTime, endTime);
+      const serviceIds: Array<ObjectID> | undefined = body["serviceIds"]
+        ? (body["serviceIds"] as Array<string>).map((id: string) => {
+            return new ObjectID(id);
+          })
+        : undefined;
+      const severityTexts: Array<string> | undefined = body["severityTexts"]
+        ? (body["severityTexts"] as Array<string>)
+        : undefined;
+      const bodySearchText: string | undefined = body["bodySearchText"]
+        ? (body["bodySearchText"] as string)
+        : undefined;
+      const traceIds: Array<string> | undefined = body["traceIds"]
+        ? (body["traceIds"] as Array<string>)
+        : undefined;
+      const spanIds: Array<string> | undefined = body["spanIds"]
+        ? (body["spanIds"] as Array<string>)
+        : undefined;
+      const request: HistogramRequest = {
+        projectId: databaseProps.tenantId,
+        startTime,
+        endTime,
+        bucketSizeInMinutes,
+        serviceIds,
+        severityTexts,
+        bodySearchText,
+        traceIds,
+        spanIds,
+      };
+      const buckets: Array<HistogramBucket> =
+        await LogAggregationService.getHistogram(request);
+      return Response.sendJsonObjectResponse(req, res, {
+        buckets: buckets as unknown as JSONObject,
+      });
+    } catch (err: unknown) {
+      next(err);
+    }
+  },
+);
+// --- Log Facets Endpoint ---
+router.post(
+  "/telemetry/logs/facets",
+  UserMiddleware.getUserMiddleware,
+  async (
+    req: ExpressRequest,
+    res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> => {
+    try {
+      const databaseProps: DatabaseCommonInteractionProps =
+        await CommonAPI.getDatabaseCommonInteractionProps(req);
+      if (!databaseProps?.tenantId) {
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new BadDataException("Invalid Project ID"),
+        );
+      }
+      const body: JSONObject = req.body as JSONObject;
+      const facetKeys: Array<string> = body["facetKeys"]
+        ? (body["facetKeys"] as Array<string>)
+        : ["severityText", "serviceId"];
+      const startTime: Date = body["startTime"]
+        ? OneUptimeDate.fromString(body["startTime"] as string)
+        : OneUptimeDate.addRemoveHours(OneUptimeDate.getCurrentDate(), -1);
+      const endTime: Date = body["endTime"]
+        ? OneUptimeDate.fromString(body["endTime"] as string)
+        : OneUptimeDate.getCurrentDate();
+      const limit: number = (body["limit"] as number) || 10;
+      const serviceIds: Array<ObjectID> | undefined = body["serviceIds"]
+        ? (body["serviceIds"] as Array<string>).map((id: string) => {
+            return new ObjectID(id);
+          })
+        : undefined;
+      const severityTexts: Array<string> | undefined = body["severityTexts"]
+        ? (body["severityTexts"] as Array<string>)
+        : undefined;
+      const bodySearchText: string | undefined = body["bodySearchText"]
+        ? (body["bodySearchText"] as string)
+        : undefined;
+      const traceIds: Array<string> | undefined = body["traceIds"]
+        ? (body["traceIds"] as Array<string>)
+        : undefined;
+      const spanIds: Array<string> | undefined = body["spanIds"]
+        ? (body["spanIds"] as Array<string>)
+        : undefined;
+      const facets: Record<string, Array<FacetValue>> = {};
+      for (const facetKey of facetKeys) {
+        const request: FacetRequest = {
+          projectId: databaseProps.tenantId,
+          startTime,
+          endTime,
+          facetKey,
+          limit,
+          serviceIds,
+          severityTexts,
+          bodySearchText,
+          traceIds,
+          spanIds,
+        };
+        facets[facetKey] = await LogAggregationService.getFacetValues(request);
+      }
+      return Response.sendJsonObjectResponse(req, res, {
+        facets: facets as unknown as JSONObject,
+      });
+    } catch (err: unknown) {
+      next(err);
+    }
+  },
+);
+// --- Helpers ---
+function computeDefaultBucketSize(startTime: Date, endTime: Date): number {
+  const diffMs: number = endTime.getTime() - startTime.getTime();
+  const diffMinutes: number = diffMs / (1000 * 60);
+  if (diffMinutes <= 60) {
+    return 1;
+  }
+  if (diffMinutes <= 360) {
+    return 5;
+  }
+  if (diffMinutes <= 1440) {
+    return 15;
+  }
+  if (diffMinutes <= 10080) {
+    return 60;
+  }
+  if (diffMinutes <= 43200) {
+    return 360;
+  }
+  return 1440;
+}
 export default router;

package/Server/API/UserCallAPI.ts CHANGED Viewed

@@ -136,6 +136,35 @@ export default class UserCallAPI extends BaseAPI<
             );
           }
+          const item: UserCall | null = await this.service.findOneById({
+            id: req.body["itemId"],
+            props: {
+              isRoot: true,
+            },
+            select: {
+              userId: true,
+            },
+          });
+          if (!item) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Item not found"),
+            );
+          }
+          if (
+            item.userId?.toString() !==
+            (req as OneUptimeRequest)?.userAuthorization?.userId?.toString()
+          ) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Invalid user ID"),
+            );
+          }
           await this.service.resendVerificationCode(req.body.itemId);
           return Response.sendEmptySuccessResponse(req, res);

package/Server/API/UserEmailAPI.ts CHANGED Viewed

@@ -137,6 +137,35 @@ export default class UserEmailAPI extends BaseAPI<
             );
           }
+          const item: UserEmail | null = await this.service.findOneById({
+            id: req.body["itemId"],
+            props: {
+              isRoot: true,
+            },
+            select: {
+              userId: true,
+            },
+          });
+          if (!item) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Item not found"),
+            );
+          }
+          if (
+            item.userId?.toString() !==
+            (req as OneUptimeRequest)?.userAuthorization?.userId?.toString()
+          ) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Invalid user ID"),
+            );
+          }
           await this.service.resendVerificationCode(req.body.itemId);
           return Response.sendEmptySuccessResponse(req, res);

package/Server/API/UserSmsAPI.ts CHANGED Viewed

@@ -132,6 +132,35 @@ export default class UserSMSAPI extends BaseAPI<UserSMS, UserSMSServiceType> {
             );
           }
+          const item: UserSMS | null = await this.service.findOneById({
+            id: req.body["itemId"],
+            props: {
+              isRoot: true,
+            },
+            select: {
+              userId: true,
+            },
+          });
+          if (!item) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Item not found"),
+            );
+          }
+          if (
+            item.userId?.toString() !==
+            (req as OneUptimeRequest)?.userAuthorization?.userId?.toString()
+          ) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Invalid user ID"),
+            );
+          }
           await this.service.resendVerificationCode(req.body.itemId);
           return Response.sendEmptySuccessResponse(req, res);

package/Server/API/UserWhatsAppAPI.ts CHANGED Viewed

@@ -143,6 +143,35 @@ export default class UserWhatsAppAPI extends BaseAPI<
             );
           }
+          const item: UserWhatsApp | null = await this.service.findOneById({
+            id: req.body["itemId"],
+            props: {
+              isRoot: true,
+            },
+            select: {
+              userId: true,
+            },
+          });
+          if (!item) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Item not found"),
+            );
+          }
+          if (
+            item.userId?.toString() !==
+            (req as OneUptimeRequest)?.userAuthorization?.userId?.toString()
+          ) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Invalid user ID"),
+            );
+          }
           await this.service.resendVerificationCode(req.body.itemId);
           return Response.sendEmptySuccessResponse(req, res);

package/Server/Services/LogAggregationService.ts ADDED Viewed

@@ -0,0 +1,251 @@
+import { SQL, Statement } from "../Utils/AnalyticsDatabase/Statement";
+import LogDatabaseService from "./LogService";
+import TableColumnType from "../../Types/AnalyticsDatabase/TableColumnType";
+import { JSONObject } from "../../Types/JSON";
+import ObjectID from "../../Types/ObjectID";
+import CaptureSpan from "../Utils/Telemetry/CaptureSpan";
+import { DbJSONResponse, Results } from "./AnalyticsDatabaseService";
+export interface HistogramBucket {
+  time: string;
+  severity: string;
+  count: number;
+}
+export interface HistogramRequest {
+  projectId: ObjectID;
+  startTime: Date;
+  endTime: Date;
+  bucketSizeInMinutes: number;
+  serviceIds?: Array<ObjectID> | undefined;
+  severityTexts?: Array<string> | undefined;
+  bodySearchText?: string | undefined;
+  traceIds?: Array<string> | undefined;
+  spanIds?: Array<string> | undefined;
+}
+export interface FacetValue {
+  value: string;
+  count: number;
+}
+export interface FacetRequest {
+  projectId: ObjectID;
+  startTime: Date;
+  endTime: Date;
+  facetKey: string;
+  limit?: number | undefined;
+  serviceIds?: Array<ObjectID> | undefined;
+  severityTexts?: Array<string> | undefined;
+  bodySearchText?: string | undefined;
+  traceIds?: Array<string> | undefined;
+  spanIds?: Array<string> | undefined;
+}
+export class LogAggregationService {
+  private static readonly DEFAULT_FACET_LIMIT: number = 10;
+  private static readonly TABLE_NAME: string = "LogItem";
+  @CaptureSpan()
+  public static async getHistogram(
+    request: HistogramRequest,
+  ): Promise<Array<HistogramBucket>> {
+    const statement: Statement =
+      LogAggregationService.buildHistogramStatement(request);
+    const dbResult: Results = await LogDatabaseService.executeQuery(statement);
+    const response: DbJSONResponse = await dbResult.json<{
+      data?: Array<JSONObject>;
+    }>();
+    const rows: Array<JSONObject> = response.data || [];
+    return rows.map((row: JSONObject): HistogramBucket => {
+      return {
+        time: String(row["bucket"] || ""),
+        severity: String(row["severityText"] || "Unspecified"),
+        count: Number(row["cnt"] || 0),
+      };
+    });
+  }
+  @CaptureSpan()
+  public static async getFacetValues(
+    request: FacetRequest,
+  ): Promise<Array<FacetValue>> {
+    const statement: Statement =
+      LogAggregationService.buildFacetStatement(request);
+    const dbResult: Results = await LogDatabaseService.executeQuery(statement);
+    const response: DbJSONResponse = await dbResult.json<{
+      data?: Array<JSONObject>;
+    }>();
+    const rows: Array<JSONObject> = response.data || [];
+    return rows
+      .map((row: JSONObject): FacetValue => {
+        return {
+          value: String(row["val"] || ""),
+          count: Number(row["cnt"] || 0),
+        };
+      })
+      .filter((facet: FacetValue): boolean => {
+        return facet.value.length > 0;
+      });
+  }
+  private static buildHistogramStatement(request: HistogramRequest): Statement {
+    const intervalSeconds: number = request.bucketSizeInMinutes * 60;
+    const statement: Statement = SQL`
+      SELECT
+        toStartOfInterval(time, INTERVAL ${{
+          type: TableColumnType.Number,
+          value: intervalSeconds,
+        }} SECOND) AS bucket,
+        severityText,
+        count() AS cnt
+      FROM ${LogAggregationService.TABLE_NAME}
+      WHERE projectId = ${{
+        type: TableColumnType.ObjectID,
+        value: request.projectId,
+      }}
+        AND time >= ${{
+          type: TableColumnType.Date,
+          value: request.startTime,
+        }}
+        AND time <= ${{
+          type: TableColumnType.Date,
+          value: request.endTime,
+        }}
+    `;
+    LogAggregationService.appendCommonFilters(statement, request);
+    statement.append(" GROUP BY bucket, severityText ORDER BY bucket ASC");
+    return statement;
+  }
+  private static buildFacetStatement(request: FacetRequest): Statement {
+    const limit: number =
+      request.limit ?? LogAggregationService.DEFAULT_FACET_LIMIT;
+    const isTopLevelColumn: boolean = LogAggregationService.isTopLevelColumn(
+      request.facetKey,
+    );
+    const escapedKey: string = LogAggregationService.escapeSingleQuotes(
+      request.facetKey,
+    );
+    const valueExpression: string = isTopLevelColumn
+      ? `toString(${escapedKey})`
+      : `JSONExtractRaw(attributes, '${escapedKey}')`;
+    // Build with raw SQL for the expression part, then parameterize WHERE values
+    const statement: Statement = new Statement();
+    statement.append(
+      `SELECT ${valueExpression} AS val, count() AS cnt FROM ${LogAggregationService.TABLE_NAME}`,
+    );
+    statement.append(
+      SQL` WHERE projectId = ${{
+        type: TableColumnType.ObjectID,
+        value: request.projectId,
+      }} AND time >= ${{
+        type: TableColumnType.Date,
+        value: request.startTime,
+      }} AND time <= ${{
+        type: TableColumnType.Date,
+        value: request.endTime,
+      }}`,
+    );
+    if (!isTopLevelColumn) {
+      statement.append(` AND JSONHas(attributes, '${escapedKey}') = 1`);
+    }
+    LogAggregationService.appendCommonFilters(statement, request);
+    statement.append(
+      SQL` GROUP BY val ORDER BY cnt DESC LIMIT ${{
+        type: TableColumnType.Number,
+        value: limit,
+      }}`,
+    );
+    return statement;
+  }
+  private static appendCommonFilters(
+    statement: Statement,
+    request: Pick<
+      HistogramRequest,
+      "serviceIds" | "severityTexts" | "bodySearchText" | "traceIds" | "spanIds"
+    >,
+  ): void {
+    if (request.serviceIds && request.serviceIds.length > 0) {
+      const idStrings: Array<string> = request.serviceIds.map(
+        (id: ObjectID): string => {
+          return `'${id.toString()}'`;
+        },
+      );
+      statement.append(` AND serviceId IN (${idStrings.join(",")})`);
+    }
+    if (request.severityTexts && request.severityTexts.length > 0) {
+      const sevStrings: Array<string> = request.severityTexts.map(
+        (s: string): string => {
+          return `'${LogAggregationService.escapeSingleQuotes(s)}'`;
+        },
+      );
+      statement.append(` AND severityText IN (${sevStrings.join(",")})`);
+    }
+    if (request.traceIds && request.traceIds.length > 0) {
+      const traceStrings: Array<string> = request.traceIds.map(
+        (s: string): string => {
+          return `'${LogAggregationService.escapeSingleQuotes(s)}'`;
+        },
+      );
+      statement.append(` AND traceId IN (${traceStrings.join(",")})`);
+    }
+    if (request.spanIds && request.spanIds.length > 0) {
+      const spanStrings: Array<string> = request.spanIds.map(
+        (s: string): string => {
+          return `'${LogAggregationService.escapeSingleQuotes(s)}'`;
+        },
+      );
+      statement.append(` AND spanId IN (${spanStrings.join(",")})`);
+    }
+    if (request.bodySearchText && request.bodySearchText.trim().length > 0) {
+      statement.append(
+        ` AND body ILIKE ${{
+          type: TableColumnType.Text,
+          value: `%${request.bodySearchText.trim()}%`,
+        }}`,
+      );
+    }
+  }
+  private static isTopLevelColumn(key: string): boolean {
+    const topLevelColumns: Set<string> = new Set([
+      "severityText",
+      "serviceId",
+      "traceId",
+      "spanId",
+    ]);
+    return topLevelColumns.has(key);
+  }
+  private static escapeSingleQuotes(value: string): string {
+    return value.replace(/'/g, "\\'");
+  }
+}
+export default LogAggregationService;

package/Server/Types/AnalyticsDatabase/ModelPermission.ts CHANGED Viewed

@@ -392,8 +392,8 @@ export default class ModelPermission {
       (query as any)[tenantColumn] = props.tenantId;
     } else if (
       tenantColumn &&
-      !props.tenantId &&
-      props.userGlobalAccessPermission
+      props.userGlobalAccessPermission &&
+      (!props.tenantId || props.isMultiTenantRequest)
     ) {
       /*
        * for each of these projectIds,

package/Server/Types/Database/Permissions/TenantPermission.ts CHANGED Viewed

@@ -42,8 +42,8 @@ export default class TenantPermission {
       (query as any)[model.getUserColumn() as string] = props.userId;
     } else if (
       tenantColumn &&
-      !props.tenantId &&
-      props.userGlobalAccessPermission
+      props.userGlobalAccessPermission &&
+      (!props.tenantId || props.isMultiTenantRequest)
     ) {
       /*
        * for each of these projectIds,

package/Server/Utils/VM/VMRunner.ts CHANGED Viewed

@@ -22,6 +22,16 @@ const BLOCKED_SANDBOX_PROPERTIES: ReadonlySet<string> = new Set([
   "__proto__",
   "prototype",
   "mainModule",
+  /*
+   * Block Playwright methods that can spawn processes or access internals.
+   * Prevents RCE via browser.browserType().launch({executablePath:"/bin/sh"})
+   * and traversal via page.context().browser().browserType().launch(...)
+   */
+  "browserType", // Browser → BrowserType (which has launch/connect)
+  "launch", // BrowserType.launch() spawns a child process
+  "launchPersistentContext", // BrowserType.launchPersistentContext() spawns a child process
+  "connectOverCDP", // BrowserType.connectOverCDP() connects via Chrome DevTools Protocol
+  "newCDPSession", // BrowserContext/Page.newCDPSession() opens raw CDP sessions
 ]);
 /**