Merge branch 'main' into feat/ga4-importer

Author: Blaumaus

backend/apps/cloud/src/analytics/analytics.service.ts

@@ -26,7 +26,6 @@ import utc from 'dayjs/plugin/utc'
 import dayjsTimezone from 'dayjs/plugin/timezone'
 import isSameOrBefore from 'dayjs/plugin/isSameOrBefore'
 import ipRangeCheck from 'ip-range-check'
-import validator from 'validator'
 import {
   Injectable,
   BadRequestException,
@@ -110,6 +109,15 @@ dayjs.extend(utc)
 dayjs.extend(dayjsTimezone)
 dayjs.extend(isSameOrBefore)
 
+const isValidLocale = (lc: string): boolean => {
+  try {
+    Intl.getCanonicalLocales(lc.replace(/_/g, '-'))
+    return true
+  } catch {
+    return false
+  }
+}
+
 // 2 minutes
 const LIVE_SESSION_THRESHOLD_SECONDS = 120
 
@@ -465,7 +473,7 @@ export class AnalyticsService {
 
     // validate locale ('lc' param)
     if (!_isEmpty(lc)) {
-      if (validator.isLocale(lc)) {
+      if (isValidLocale(lc)) {
         // uppercase the locale after '-' char, so for example both 'en-gb' and 'en-GB' in result will be 'en-GB'
         const lcParted = _split(lc, '-')
 

backend/apps/cloud/src/app.module.ts

@@ -4,7 +4,6 @@ import { ConfigModule } from '@nestjs/config'
 import { APP_FILTER } from '@nestjs/core'
 import { SentryModule, SentryGlobalFilter } from '@sentry/nestjs/setup'
 import { ScheduleModule } from '@nestjs/schedule'
-import { NestjsFormDataModule } from 'nestjs-form-data'
 import { MailerModule as NodeMailerModule } from '@nestjs-modules/mailer'
 
 import { I18nModule } from 'nestjs-i18n'
@@ -72,7 +71,6 @@ const modules = [
   }),
   I18nModule.forRootAsync(getI18nConfig()),
   ScheduleModule.forRoot(),
-  NestjsFormDataModule.config({ isGlobal: true }),
   BullModule.forRoot({
     connection: {
       host: process.env.REDIS_HOST,

backend/apps/cloud/src/auth/auth.service.ts

@@ -9,7 +9,7 @@ import {
 } from '@nestjs/common'
 import { ConfigService } from '@nestjs/config'
 import { JwtService } from '@nestjs/jwt'
-import axios from 'axios'
+
 import { genSalt, hash, compare } from 'bcrypt'
 import { getCountry } from 'countries-and-timezones'
 import { OAuth2Client } from 'google-auth-library'
@@ -116,30 +116,27 @@ export class AuthService {
     const lastChars = sha1Hash.slice(5)
 
     try {
-      const response = await axios.get(
+      const response = await fetch(
         `https://api.pwnedpasswords.com/range/${firstFiveChars}`,
         {
-          timeout: 5000,
+          signal: AbortSignal.timeout(5000),
           headers: {
-            // Helps against traffic analysis; supported by HIBP.
             'Add-Padding': 'true',
             'User-Agent': 'Swetrix',
           },
         },
       )
 
-      if (response.status !== 200) {
+      if (!response.ok) {
         console.error(
           `[ERROR][AuthService -> checkIfLeaked]: Failed to get pwned passwords for ${firstFiveChars}: ${response.status}`,
         )
         return false
       }
 
-      // Response lines look like: "<HASH_SUFFIX>:<COUNT>"
+      const body = await response.text()
       const needle = `${lastChars}:`
-      return String(response.data)
-        .split('\n')
-        .some((line) => line.startsWith(needle))
+      return body.split('\n').some((line) => line.startsWith(needle))
     } catch (error) {
       console.error(
         `[ERROR][AuthService -> checkIfLeaked]: ${error} (prefix ${firstFiveChars})`,
@@ -980,39 +977,42 @@ export class AuthService {
     let tokenInfo
 
     try {
-      const response = await axios.post(
+      const tokenRes = await fetch(
         'https://github.com/login/oauth/access_token',
         {
-          client_id: GITHUB_OAUTH2_CLIENT_ID,
-          client_secret: GITHUB_OAUTH2_CLIENT_SECRET,
-          code,
-        },
-        {
+          method: 'POST',
           headers: {
+            'Content-Type': 'application/json',
             Accept: 'application/json',
           },
+          body: JSON.stringify({
+            client_id: GITHUB_OAUTH2_CLIENT_ID,
+            client_secret: GITHUB_OAUTH2_CLIENT_SECRET,
+            code,
+          }),
         },
       )
 
-      token = response.data.access_token
+      const tokenData = await tokenRes.json()
+      token = tokenData.access_token
     } catch (reason) {
       console.error(
-        `[ERROR][AuthService -> processGithubCode -> axios.post]: ${reason}`,
+        `[ERROR][AuthService -> processGithubCode -> fetch (token)]: ${reason}`,
       )
       throw new BadRequestException('Invalid Github code supplied')
     }
 
     try {
-      const response = await axios.get('https://api.github.com/user', {
+      const userRes = await fetch('https://api.github.com/user', {
         headers: {
           Authorization: `token ${token}`,
         },
       })
 
-      tokenInfo = response.data
+      tokenInfo = await userRes.json()
     } catch (reason) {
       console.error(
-        `[ERROR][AuthService -> processGithubCode -> axios.get]: ${reason}`,
+        `[ERROR][AuthService -> processGithubCode -> fetch (user)]: ${reason}`,
       )
       throw new BadRequestException('Invalid Github token')
     }
@@ -1022,13 +1022,13 @@ export class AuthService {
 
     if (!email) {
       try {
-        const response = await axios.get('https://api.github.com/user/emails', {
+        const emailsRes = await fetch('https://api.github.com/user/emails', {
           headers: {
             Authorization: `token ${token}`,
           },
         })
 
-        const emails = response.data
+        const emails = await emailsRes.json()
 
         if (_isEmpty(emails)) {
           console.error(
@@ -1040,7 +1040,7 @@ export class AuthService {
         email = _find(emails, (e) => e.primary).email
       } catch (reason) {
         console.error(
-          `[ERROR][AuthService -> processGithubCode -> axios.get (emails)]: ${reason}`,
+          `[ERROR][AuthService -> processGithubCode -> fetch (emails)]: ${reason}`,
         )
         throw new BadRequestException('Invalid Github token')
       }

backend/apps/cloud/src/common/utils.ts

@@ -5,7 +5,7 @@ import net from 'net'
 import { Reader, CityResponse } from 'maxmind'
 import { HttpException } from '@nestjs/common'
 import timezones from 'countries-and-timezones'
-import randomstring from 'randomstring'
+
 import _sample from 'lodash/sample'
 import _toNumber from 'lodash/toNumber'
 import _replace from 'lodash/replace'
@@ -184,18 +184,18 @@ export const calculateRelativePercentage = (
   return _round((1 - newVal / oldVal) * -100, round)
 }
 
-export const generateRecoveryCode = () =>
-  randomstring.generate({
-    length: 30,
-    charset: 'alphabetic',
-    capitalization: 'uppercase',
-  })
+const ALPHA_UPPER = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+
+export const generateRecoveryCode = () => generateRandomId(ALPHA_UPPER, 30)
 
 export const millisecondsToSeconds = (milliseconds: number) =>
   milliseconds / 1000
 
+const ALPHANUMERIC =
+  'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
+
 export const generateRandomString = (length: number): string =>
-  randomstring.generate(length)
+  generateRandomId(ALPHANUMERIC, length)
 
 /**
  * This is used to determine if the current node is the primary node.

backend/apps/cloud/src/data-import/ga4-import.service.ts

@@ -5,7 +5,6 @@ import {
 } from '@nestjs/common'
 import { ConfigService } from '@nestjs/config'
 import { OAuth2Client } from 'google-auth-library'
-import axios from 'axios'
 import CryptoJS from 'crypto-js'
 
 import { isDevelopment, PRODUCTION_ORIGIN, redis } from '../common/constants'
@@ -158,14 +157,28 @@ export class Ga4ImportService {
     await redis.expire(REDIS_TOKEN_PREFIX + `${uid}:${pid}`, REDIS_TOKEN_TTL)
 
     try {
-      const { data } = await axios.get(
+      const url = new URL(
         'https://analyticsadmin.googleapis.com/v1beta/accountSummaries',
-        {
-          headers: { Authorization: `Bearer ${token}` },
-          params: { pageSize: 200 },
-        },
       )
+      url.searchParams.set('pageSize', '200')
 
+      const response = await fetch(url, {
+        headers: { Authorization: `Bearer ${token}` },
+      })
+
+      if (response.status === 403) {
+        const body = await response.json()
+        throw new BadRequestException(
+          body?.error?.message ||
+            'Access denied by Google. Please ensure the "Google Analytics Admin API" is enabled in your Google Cloud project and that your Google account has access to at least one GA4 property.',
+        )
+      }
+
+      if (!response.ok) {
+        throw new Error(`Google API responded with status ${response.status}`)
+      }
+
+      const data = await response.json()
       const properties: Ga4Property[] = []
 
       for (const account of data.accountSummaries || []) {
@@ -179,13 +192,7 @@ export class Ga4ImportService {
 
       return properties
     } catch (error) {
-      const status = error?.response?.status
-      if (status === 403) {
-        throw new BadRequestException(
-          error?.response?.data?.error?.message ||
-            'Access denied by Google. Please ensure the "Google Analytics Admin API" is enabled in your Google Cloud project and that your Google account has access to at least one GA4 property.',
-        )
-      }
+      if (error instanceof BadRequestException) throw error
 
       throw new InternalServerErrorException(
         'Failed to fetch Google Analytics properties. Please try again.',

backend/apps/cloud/src/integrations/discord/discord.module.ts

@@ -1,9 +1,7 @@
-import { HttpModule } from '@nestjs/axios'
 import { Module } from '@nestjs/common'
 import { DiscordService } from './discord.service'
 
 @Module({
-  imports: [HttpModule],
   providers: [DiscordService],
   exports: [DiscordService],
 })

backend/apps/cloud/src/integrations/discord/discord.service.ts

@@ -1,20 +1,12 @@
-import { HttpService } from '@nestjs/axios'
-import { firstValueFrom } from 'rxjs'
 import { Injectable, Logger } from '@nestjs/common'
 import { WebhookAbcService } from '../webhook-abc/webhook-abc.service'
 
 @Injectable()
 export class DiscordService extends WebhookAbcService {
   private readonly logger = new Logger(DiscordService.name)
 
-  constructor(private readonly httpService: HttpService) {
-    super()
-  }
-
   async sendWebhook(webhookUrl: string, message: unknown): Promise<void> {
     try {
-      // Defense-in-depth: DTO validation should already enforce Discord webhook URL format.
-      // Still, validate basic URL properties here to reduce SSRF surface area.
       const url = new URL(webhookUrl)
       const host = url.hostname.toLowerCase()
       if (
@@ -37,24 +29,27 @@ export class DiscordService extends WebhookAbcService {
         }
       }
 
-      // Discord content max length is 2000 chars; keep some buffer.
       if (content.length > 1900) {
         content = `${content.slice(0, 1900)}…`
       }
 
       const payload = { content }
-      await firstValueFrom(
-        this.httpService.post(webhookUrl, payload, {
-          timeout: 10_000,
-          maxRedirects: 0,
-        }),
-      )
+      const res = await fetch(webhookUrl, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(payload),
+        signal: AbortSignal.timeout(10_000),
+        redirect: 'error',
+      })
+
+      if (!res.ok) {
+        this.logger.error(
+          `Error sending Discord webhook (status ${res.status})`,
+        )
+      }
     } catch (error) {
-      const status = (error as any)?.response?.status
       const message = (error as any)?.message || String(error)
-      this.logger.error(
-        `Error sending Discord webhook${status ? ` (status ${status})` : ''}: ${message}`,
-      )
+      this.logger.error(`Error sending Discord webhook: ${message}`)
     }
   }
 }

backend/apps/cloud/src/integrations/slack/slack.module.ts

@@ -1,9 +1,7 @@
 import { Module } from '@nestjs/common'
-import { HttpModule } from '@nestjs/axios'
 import { SlackService } from './slack.service'
 
 @Module({
-  imports: [HttpModule],
   providers: [SlackService],
   exports: [SlackService],
 })