cleanup public websites

Author: izadoesdev

apps/api/src/routes/query.ts

@@ -67,9 +67,9 @@ function getAccessibleWebsites(authCtx: AuthContext) {
 				? eq(websites.organizationId, authCtx.apiKey.organizationId)
 				: authCtx.apiKey.userId
 					? and(
-							eq(websites.userId, authCtx.apiKey.userId),
-							isNull(websites.organizationId)
-						)
+						eq(websites.userId, authCtx.apiKey.userId),
+						isNull(websites.organizationId)
+					)
 					: eq(websites.id, "");
 			return db
 				.select(select)
@@ -92,6 +92,56 @@ function getAccessibleWebsites(authCtx: AuthContext) {
 	return [];
 }
 
+async function verifyWebsiteAccess(
+	ctx: AuthContext,
+	websiteId: string
+): Promise<boolean> {
+	if (!ctx.isAuthenticated) {
+		return false;
+	}
+
+	const website = await db.query.websites.findFirst({
+		where: eq(websites.id, websiteId),
+		columns: {
+			id: true,
+			isPublic: true,
+			userId: true,
+			organizationId: true,
+		},
+	});
+
+	if (!website) {
+		return false;
+	}
+
+	if (website.isPublic) {
+		return true;
+	}
+
+	if (ctx.apiKey) {
+		if (hasGlobalAccess(ctx.apiKey)) {
+			if (ctx.apiKey.organizationId) {
+				return website.organizationId === ctx.apiKey.organizationId;
+			}
+			if (ctx.apiKey.userId) {
+				return (
+					website.userId === ctx.apiKey.userId && !website.organizationId
+				);
+			}
+			return false;
+		}
+
+		const accessibleIds = getAccessibleWebsiteIds(ctx.apiKey);
+		return accessibleIds.includes(websiteId);
+	}
+
+	if (ctx.user) {
+		return website.userId === ctx.user.id && !website.organizationId;
+	}
+
+	return false;
+}
+
 const MS_PER_DAY = 86_400_000;
 
 function getTimeUnit(
@@ -116,12 +166,12 @@ function getTimeUnit(
 type ParamInput =
 	| string
 	| {
-			name: string;
-			start_date?: string;
-			end_date?: string;
-			granularity?: string;
-			id?: string;
-	  };
+		name: string;
+		start_date?: string;
+		end_date?: string;
+		granularity?: string;
+		id?: string;
+	};
 
 function parseParam(p: ParamInput) {
 	if (typeof p === "string") {
@@ -200,10 +250,30 @@ export const query = new Elysia({ prefix: "/v1/query" })
 		async ({
 			body,
 			query: q,
+			auth: ctx,
 		}: {
 			body: CompileRequestType;
 			query: { website_id?: string; timezone?: string };
+			auth: AuthContext;
 		}) => {
+			if (!ctx.isAuthenticated) {
+				return AUTH_FAILED;
+			}
+
+			if (q.website_id) {
+				const hasAccess = await verifyWebsiteAccess(ctx, q.website_id);
+				if (!hasAccess) {
+					return new Response(
+						JSON.stringify({
+							success: false,
+							error: "Access denied to this website",
+							code: "ACCESS_DENIED",
+						}),
+						{ status: 403, headers: { "Content-Type": "application/json" } }
+					);
+				}
+			}
+
 			try {
 				const domain = q.website_id
 					? await getWebsiteDomain(q.website_id)
@@ -227,11 +297,28 @@ export const query = new Elysia({ prefix: "/v1/query" })
 		({
 			body,
 			query: q,
+			auth: ctx,
 		}: {
 			body: DynamicQueryRequestType | DynamicQueryRequestType[];
 			query: { website_id?: string; timezone?: string };
+			auth: AuthContext;
 		}) =>
 			record("executeQuery", async () => {
+				if (!ctx.isAuthenticated) {
+					return AUTH_FAILED;
+				}
+
+				if (q.website_id) {
+					const hasAccess = await verifyWebsiteAccess(ctx, q.website_id);
+					if (!hasAccess) {
+						return {
+							success: false,
+							error: "Access denied to this website",
+							code: "ACCESS_DENIED",
+						};
+					}
+				}
+
 				const tz = q.timezone || "UTC";
 				const isBatch = Array.isArray(body);
 				setAttributes({

apps/dashboard/components/layout/category-sidebar.tsx

@@ -52,7 +52,10 @@ export function CategorySidebar({
 	user = null,
 }: CategorySidebarProps) {
 	const pathname = usePathname();
-	const { websites, isLoading: isLoadingWebsites } = useWebsites();
+	const isDemo = pathname.startsWith("/demo");
+	const { websites, isLoading: isLoadingWebsites } = useWebsites({
+		enabled: !isDemo,
+	});
 	const [helpOpen, setHelpOpen] = useState(false);
 	const { isOn } = useFlags();
 

apps/dashboard/components/layout/navigation/mobile-category-selector.tsx

@@ -22,18 +22,21 @@ import {
 	getDefaultCategory,
 } from "./navigation-config";
 
-type MobileCategorySelectorProps = {
+interface MobileCategorySelectorProps {
 	onCategoryChangeAction?: (categoryId: string) => void;
 	selectedCategory?: string;
-};
+}
 
 export function MobileCategorySelector({
 	onCategoryChangeAction,
 	selectedCategory,
 }: MobileCategorySelectorProps) {
 	const pathname = usePathname();
-	const { websites, isLoading: isLoadingWebsites } = useWebsites();
-	const { isEnabled } = useFlags();
+	const isDemo = pathname.startsWith("/demo");
+	const { websites, isLoading: isLoadingWebsites } = useWebsites({
+		enabled: !isDemo,
+	});
+	const { isOn } = useFlags();
 
 	const { categories, defaultCategory } = useMemo(() => {
 		const baseConfig = getContextConfig(pathname);
@@ -56,14 +59,14 @@ export function MobileCategorySelector({
 			pathname
 		).filter((category) => {
 			if (category.flag) {
-				const flagState = isEnabled(category.flag);
-				return flagState.isReady && flagState.enabled;
+				const flagState = isOn(category.flag);
+				return flagState;
 			}
 			return true;
 		});
 
 		return { categories: filteredCategories, defaultCategory: defaultCat };
-	}, [pathname, websites, isLoadingWebsites, isEnabled]);
+	}, [pathname, websites, isLoadingWebsites, isOn]);
 
 	const activeCategory = selectedCategory || defaultCategory;
 	const currentCategory = categories.find((cat) => cat.id === activeCategory);

apps/dashboard/components/layout/sidebar.tsx

@@ -90,13 +90,17 @@ export function Sidebar({ user = null }: SidebarProps) {
 	const [selectedCategory, setSelectedCategory] = useState<string | undefined>(
 		undefined
 	);
-	const { websites, isLoading: isLoadingWebsites } = useWebsites();
-	const accordionStates = useAccordionStates();
-	const sidebarRef = useRef<HTMLDivElement>(null);
-	const previousFocusRef = useRef<HTMLElement | null>(null);
 
 	const isDemo = pathname.startsWith("/demo");
 	const isWebsite = pathname.startsWith("/websites/");
+	const enabled = !isDemo;
+
+	const { websites, isLoading: isLoadingWebsites } = useWebsites({
+		enabled,
+	});
+	const accordionStates = useAccordionStates();
+	const sidebarRef = useRef<HTMLDivElement>(null);
+	const previousFocusRef = useRef<HTMLElement | null>(null);
 
 	const websiteId = useMemo(
 		() => (isDemo || isWebsite ? pathname.split("/")[2] : null),

apps/dashboard/hooks/use-websites.ts

@@ -79,15 +79,15 @@ const removeWebsiteFromList = (
 	};
 };
 
-export function useWebsites() {
+export function useWebsites(options?: { enabled?: boolean }) {
 	const { activeOrganization, isLoading: isLoadingOrganization } =
 		useOrganizationsContext();
 
 	const query = useQuery({
 		...orpc.websites.listWithCharts.queryOptions({
 			input: { organizationId: activeOrganization?.id },
 		}),
-		enabled: !isLoadingOrganization,
+		enabled: options?.enabled !== false && !isLoadingOrganization,
 	});
 
 	return {