From bc35d5adeec3c52d89df7aa9bf1bfbf90643cb1a Mon Sep 17 00:00:00 2001 From: Uku Taht Date: Fri, 26 Mar 2021 13:48:06 +0200 Subject: [PATCH] Fix shared link download link (#884) * Fix shared link download link * Add test and changelog entry * Format --- CHANGELOG.md | 1 + assets/js/dashboard/api.js | 1 + lib/plausible_web/plugs/authorize_stats_plug.ex | 4 ++-- .../controllers/stats_controller_test.exs | 13 +++++++++++++ 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 02718b5a03be..79efbe957b43 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ All notable changes to this project will be documented in this file. - Capitalized date/time selection keybinds not working plausible/analytics#709 - Invisible text on Google Search Console settings page in dark mode plausible/analytics#759 - Disable analytics tracking when running Cypress tests +- CSV reports can be downloaded via shared links plausible/analytics#884 ## [1.2] - 2021-01-26 diff --git a/assets/js/dashboard/api.js b/assets/js/dashboard/api.js index 3233bc10a038..e0d4071884e0 100644 --- a/assets/js/dashboard/api.js +++ b/assets/js/dashboard/api.js @@ -41,6 +41,7 @@ export function serializeQuery(query, extraQuery=[]) { if (query.from) { queryObj.from = formatISO(query.from) } if (query.to) { queryObj.to = formatISO(query.to) } if (query.filters) { queryObj.filters = serializeFilters(query.filters) } + if (SHARED_LINK_AUTH) { queryObj.auth = SHARED_LINK_AUTH } Object.assign(queryObj, ...extraQuery) return '?' + serialize(queryObj) diff --git a/lib/plausible_web/plugs/authorize_stats_plug.ex b/lib/plausible_web/plugs/authorize_stats_plug.ex index 4732fbe7368a..37076c092b41 100644 --- a/lib/plausible_web/plugs/authorize_stats_plug.ex +++ b/lib/plausible_web/plugs/authorize_stats_plug.ex @@ -8,8 +8,8 @@ defmodule PlausibleWeb.AuthorizeStatsPlug do def call(conn, _opts) do site = Repo.get_by(Plausible.Site, domain: conn.params["domain"]) - shared_link_auth = get_req_header(conn, "x-shared-link-auth") |> List.first() - # SHOULD GENERATE A NEW PHOENIX TOKEN WHEN MOUNTING THE STATS + shared_link_auth = conn.params["auth"] + shared_link_record = shared_link_auth && Repo.get_by(Plausible.Site.SharedLink, slug: shared_link_auth) diff --git a/test/plausible_web/controllers/stats_controller_test.exs b/test/plausible_web/controllers/stats_controller_test.exs index 77a784c0a075..ab36c19bba6d 100644 --- a/test/plausible_web/controllers/stats_controller_test.exs +++ b/test/plausible_web/controllers/stats_controller_test.exs @@ -50,6 +50,19 @@ defmodule PlausibleWeb.StatsControllerTest do end end + describe "GET /:website/visitors.csv - via shared link" do + test "exports graph as csv", %{conn: conn} do + site = insert(:site, domain: "test-site.com") + link = insert(:shared_link, site: site) + + today = Timex.today() |> Timex.format!("{ISOdate}") + + conn = get(conn, "/" <> site.domain <> "/visitors.csv?auth=#{link.slug}") + assert response(conn, 200) =~ "Date,Visitors" + assert response(conn, 200) =~ "#{today},3" + end + end + describe "GET /share/:slug" do test "prompts a password for a password-protected link", %{conn: conn} do site = insert(:site)