Skip to content

Commit

Permalink
Pageview ID shouldn't be generated from the tracker
Browse files Browse the repository at this point in the history
The ID should always be server generated - so in this case from the collector. Generating it on the client and just "storing" it on the collector makes it difficult and insecure. Because of backward compability we limit the generated UUID to only 32 chars.

Closes #322
Closes #312

Signed-off-by: Lukas Kämmerling <[email protected]>
  • Loading branch information
LKaemmerling committed May 2, 2022
1 parent 1700c28 commit 4067114
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 20 deletions.
6 changes: 0 additions & 6 deletions assets/src/js/tracker.js
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,6 @@
}).join('&');
}

function randomString(n) {
var s = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
return Array(n).join().split(',').map(() => s.charAt(Math.floor(Math.random() * s.length))).join('');
}

function getCookie(name) {
var cookies = document.cookie ? document.cookie.split('; ') : [];

Expand Down Expand Up @@ -160,7 +155,6 @@

let data = getData();
const d = {
id: randomString(20),
pid: data.previousPageviewId || '',
p: path,
h: hostname,
Expand Down
6 changes: 1 addition & 5 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ go 1.17
require (
github.com/go-sql-driver/mysql v1.4.1-0.20181113023849-369b5d6e5e8e
github.com/gobuffalo/packr v1.13.7
github.com/google/uuid v1.3.0
github.com/gorilla/context v1.1.1
github.com/gorilla/handlers v1.3.1-0.20180717233320-6257a585e449
github.com/gorilla/mux v1.6.3-0.20180605211556-cb4698366aa6
Expand All @@ -23,13 +24,8 @@ require (

require (
github.com/gorilla/securecookie v1.1.2-0.20180608144417-78f3d318a8bf // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/pkg/errors v0.8.1-0.20180311214515-816c9085562c // indirect
github.com/spf13/cobra v0.0.3 // indirect
github.com/spf13/pflag v1.0.2 // indirect
github.com/ziutek/mymysql v1.5.5-0.20171217234033-ff6cc86d3d93 // indirect
golang.org/x/net v0.0.0-20180921000356-2f5d2388922f // indirect
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f // indirect
golang.org/x/sys v0.0.0-20180724212812-e072cadbbdc8 // indirect
google.golang.org/appengine v1.1.0 // indirect
gopkg.in/airbrake/gobrake.v2 v2.0.9 // indirect
Expand Down
9 changes: 2 additions & 7 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ github.com/go-sql-driver/mysql v1.4.1-0.20181113023849-369b5d6e5e8e h1:Xw+e5SXKk
github.com/go-sql-driver/mysql v1.4.1-0.20181113023849-369b5d6e5e8e/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
github.com/gobuffalo/packr v1.13.7 h1:2uZgLd6b/W4yRBZV/ScaORxZLNGMHO0VCvqQNkKukNA=
github.com/gobuffalo/packr v1.13.7/go.mod h1:KkinLIn/n6+3tVXMwg6KkNvWwVsrRAz4ph+jgpk3Z24=
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
github.com/gorilla/handlers v1.3.1-0.20180717233320-6257a585e449 h1:xvx+89oAmZAh0wLoEwx2ynicSQP3QR80g1M9zcS3IZE=
Expand All @@ -16,7 +18,6 @@ github.com/gorilla/securecookie v1.1.2-0.20180608144417-78f3d318a8bf h1:tgJ+TrHb
github.com/gorilla/securecookie v1.1.2-0.20180608144417-78f3d318a8bf/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
github.com/gorilla/sessions v1.1.1 h1:YMDmfaK68mUixINzY/XjscuJ47uXFWSSHzFbBQM0PrE=
github.com/gorilla/sessions v1.1.1/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/jmoiron/sqlx v1.2.1-0.20181024163419-82935fac6c1a h1:7F1aETmIWwSQAv4S2415VrWj9eJyxR3epEEb6O5isgA=
github.com/jmoiron/sqlx v1.2.1-0.20181024163419-82935fac6c1a/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks=
Expand All @@ -30,8 +31,6 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.0.1-0.20181016162627-9eb73efc1fcc h1:9GUJohDyEsZO3cDfQuSxTf38xvk+gRWe+fDv3L9oWHA=
github.com/lib/pq v1.0.1-0.20181016162627-9eb73efc1fcc/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.10.4 h1:SO9z7FRPzA03QhHKJrH5BXA6HU1rS4V2nIVrrNC1iYk=
github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
Expand All @@ -48,9 +47,7 @@ github.com/rubenv/sql-migrate v0.0.0-20180704111356-3f452fc0ebeb h1:lAOy8O8yKU3u
github.com/rubenv/sql-migrate v0.0.0-20180704111356-3f452fc0ebeb/go.mod h1:WS0rl9eEliYI8DPnr3TOwz4439pay+qNgzJoVya/DmY=
github.com/sirupsen/logrus v1.0.7-0.20180723115307-c108f5553c36 h1:NvBdWUXstAlJwU7RjOTudVgMj5N/NTYKJxwoJN5+0XY=
github.com/sirupsen/logrus v1.0.7-0.20180723115307-c108f5553c36/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8=
github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
github.com/spf13/pflag v1.0.2 h1:Fy0orTDgHdbnzHcsOgfCN4LtHf0ec3wwtiwJqwvf3Gc=
github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
Expand All @@ -60,9 +57,7 @@ github.com/ziutek/mymysql v1.5.5-0.20171217234033-ff6cc86d3d93 h1:neEPpeeJDl7Rs0
github.com/ziutek/mymysql v1.5.5-0.20171217234033-ff6cc86d3d93/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
golang.org/x/crypto v0.0.0-20180723164146-c126467f60eb h1:Ah9YqXLj6fEgeKqcmBuLCbAsrF3ScD7dJ/bYM0C6tXI=
golang.org/x/crypto v0.0.0-20180723164146-c126467f60eb/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/net v0.0.0-20180921000356-2f5d2388922f h1:QM2QVxvDoW9PFSPp/zy9FgxJLfaWTZlS61KEPtBwacM=
golang.org/x/net v0.0.0-20180921000356-2f5d2388922f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180724212812-e072cadbbdc8 h1:7T3bTJEttnfJdEY+NY/VYT7IXRaul8potWiyw/n7LB8=
golang.org/x/sys v0.0.0-20180724212812-e072cadbbdc8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
Expand Down
5 changes: 3 additions & 2 deletions pkg/api/collect.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"strings"
"time"

"github.com/google/uuid"
log "github.com/sirupsen/logrus"

"github.com/mssola/user_agent"
Expand Down Expand Up @@ -52,7 +53,7 @@ func (c *Collector) ServeHTTP(w http.ResponseWriter, r *http.Request) {
now := time.Now()

pageview := &models.Pageview{
ID: q.Get("id"),
ID: uuid.NewString()[0:30],
SiteTrackingID: q.Get("sid"),
Hostname: parseHostname(q.Get("h")),
Pathname: parsePathname(q.Get("p")),
Expand Down Expand Up @@ -194,7 +195,7 @@ func shouldCollect(r *http.Request) bool {
}

// discard if required query vars are missing
requiredQueryVars := []string{"id", "h", "p"}
requiredQueryVars := []string{"h", "p"}
q := r.URL.Query()
for _, k := range requiredQueryVars {
if q.Get(k) == "" {
Expand Down

0 comments on commit 4067114

Please sign in to comment.