kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-12-12 01:42:32 +00:00
Code Issues Projects Releases Wiki Activity

Update analytics code.

Browse Source
This commit is contained in:
James Cole
2020-01-17 04:30:44 +01:00
parent 3852dbeacc
commit ff44dbaea0
9 changed files with 73 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.deploy/heroku/.env.heroku
View File

@@ -110,7 +110,8 @@ CER_PROVIDER=fixer
FIXER_API_KEY= FIXER_API_KEY=
# If you wish to track your own behavior over Firefly III, set a valid analytics tracker ID here. # If you wish to track your own behavior over Firefly III, set a valid analytics tracker ID here.
ANALYTICS_ID= TRACKER_SITE_ID=
TRACKER_URL=
# Most parts of the database are encrypted by default, but you can turn this off if you want to. # Most parts of the database are encrypted by default, but you can turn this off if you want to.
# This makes it easier to migrate your database. Not that some fields will never be decrypted. # This makes it easier to migrate your database. Not that some fields will never be decrypted.

10
.env.example
View File

@@ -117,9 +117,6 @@ CER_PROVIDER=ratesapi
# the free API up to the point where you might as well offer nothing. # the free API up to the point where you might as well offer nothing.
FIXER_API_KEY= FIXER_API_KEY=
# If you wish to track your own behavior over Firefly III, set a valid analytics tracker ID here.
ANALYTICS_ID=
# Firefly III has two options for user authentication. "eloquent" is the default, # Firefly III has two options for user authentication. "eloquent" is the default,
# and "ldap" for LDAP servers. # and "ldap" for LDAP servers.
# For full instructions on these settings please visit: # For full instructions on these settings please visit:
@@ -171,6 +168,13 @@ DISABLE_FRAME_HEADER=false
# This is at your own risk. # This is at your own risk.
DISABLE_CSP_HEADER=false DISABLE_CSP_HEADER=false
# If you wish to track your own behavior over Firefly III, set valid analytics tracker information here.
# Nobody uses this except for me on the demo site. But hey, feel free to use this if you want to.
# Do not prepend the TRACKER_URL with http:// or https://
# The only tracker supported is Matomo.
TRACKER_SITE_ID=
TRACKER_URL=
# You can fine tune the start-up of a Docker container by editing these environment variables. # You can fine tune the start-up of a Docker container by editing these environment variables.
# Use this at your own risk. Disabling certain checks and features may result in lost of inconsistent data. # Use this at your own risk. Disabling certain checks and features may result in lost of inconsistent data.
# However if you know what you're doing you can significantly speed up container start times. # However if you know what you're doing you can significantly speed up container start times.

13
.github/ISSUE_TEMPLATE/Bug_report.md vendored
View File

@@ -16,11 +16,10 @@ I am running Firefly III version x.x.x, and my problem is:
<!-- Please add extra info here, such as OS, browser, and the output from the /debug page of your Firefly III installation (click the version at the bottom). --> <!-- Please add extra info here, such as OS, browser, and the output from the /debug page of your Firefly III installation (click the version at the bottom). -->
**Bonus points** **Bonus points**
<!-- Earn bonus points by: <!-- Earn bonus points by checking the boxes -->
- Post a stacktrace from your log files - [ ] Nobody reported this bug before
- Add a screenshot - [ ] I have added a stack trace from my log files.
- Make a drawing - [ ] I have added a screenshot.
- Donate money (just kidding ;) - [ ] I was able to replicate it on the demo site https://demo.firefly-iii.org/
- Replicate the problem on the demo site https://demo.firefly-iii.org/ <!-- - [ ] I donated money (this is a joke :wink:)-->
-->

29
app/Http/Middleware/SecureHeaders.php
View File

@@ -47,18 +47,17 @@ class SecureHeaders
$nonce = base64_encode(random_bytes(16)); $nonce = base64_encode(random_bytes(16));
app('view')->share('JS_NONCE', $nonce); app('view')->share('JS_NONCE', $nonce);
$response = $next($request); $response = $next($request);
$googleScriptSrc = $this->getGoogleScriptSource(); $trackingScriptSrc = $this->getTrackingScriptSource();
$googleImgSrc = $this->getGoogleImgSource(); $csp = [
$csp = [
"default-src 'none'", "default-src 'none'",
"object-src 'self'", "object-src 'self'",
sprintf("script-src 'unsafe-inline' 'nonce-%1s' %2s", $nonce, $googleScriptSrc), sprintf("script-src 'unsafe-inline' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc),
"style-src 'self' 'unsafe-inline'", "style-src 'self' 'unsafe-inline'",
"base-uri 'self'", "base-uri 'self'",
"font-src 'self' data:", "font-src 'self' data:",
"connect-src 'self'", "connect-src 'self'",
sprintf("img-src 'self' data: https://api.tiles.mapbox.com %s", $googleImgSrc), sprintf("img-src 'self' data: https://api.tiles.mapbox.com %s", $trackingScriptSrc),
"manifest-src 'self'", "manifest-src 'self'",
]; ];
@@ -99,27 +98,15 @@ class SecureHeaders
return $response; return $response;
} }
/**
* @return string
*/
private function getGoogleImgSource(): string
{
if ('' !== config('firefly.analytics_id')) {
return 'www.google-analytics.com';
}
return '';
}
/** /**
* Return part of a CSP header allowing scripts from Google. * Return part of a CSP header allowing scripts from Google.
* *
* @return string * @return string
*/ */
private function getGoogleScriptSource(): string private function getTrackingScriptSource(): string
{ {
if ('' !== config('firefly.analytics_id')) { if ('' !== (string)config('firefly.tracker_site_id') && '' !== (string)config('firefly.tracker_url')) {
return 'www.googletagmanager.com www.google-analytics.com'; return (string)config('firefly.tracker_url');
} }
return ''; return '';

3
config/firefly.php
View File

@@ -152,7 +152,8 @@ return [
'trusted_proxies' => env('TRUSTED_PROXIES', ''), 'trusted_proxies' => env('TRUSTED_PROXIES', ''),
'search_result_limit' => env('SEARCH_RESULT_LIMIT', 50), 'search_result_limit' => env('SEARCH_RESULT_LIMIT', 50),
'send_report_journals' => envNonEmpty('SEND_REPORT_JOURNALS', true), 'send_report_journals' => envNonEmpty('SEND_REPORT_JOURNALS', true),
'analytics_id' => env('ANALYTICS_ID', ''), 'tracker_site_id' => env('TRACKER_SITE_ID', ''),
'tracker_url' => env('TRACKER_URL', ''),
'disable_frame_header' => env('DISABLE_FRAME_HEADER', false), 'disable_frame_header' => env('DISABLE_FRAME_HEADER', false),
'disable_csp_header' => env('DISABLE_CSP_HEADER', false), 'disable_csp_header' => env('DISABLE_CSP_HEADER', false),
'login_provider' => envNonEmpty('LOGIN_PROVIDER', 'eloquent'), 'login_provider' => envNonEmpty('LOGIN_PROVIDER', 'eloquent'),

24
resources/views/v1/layout/default.twig
View File

@@ -204,18 +204,22 @@
{% endif %} {% endif %}
{% block scripts %}{% endblock %} {% block scripts %}{% endblock %}
{% if config('firefly.analytics_id') != '' %} {% if config('firefly.tracker_site_id') != '' and config('firefly.tracker_url') != '' %}
<!-- Global site tag (gtag.js) - Google Analytics --> <!-- This tracker tag is only here because this instance of Firefly III was purposefully configured to include it -->
<!-- This tag is only here because this instance of Firefly III was purposefully configured to include it --> <!-- Your own installation will NOT include it, unless you explicitely configure it to have it. -->
<!-- Your own installation will NOT include it -->
<script type="text/javascript" async src="https://www.googletagmanager.com/gtag/js?id={{ config('firefly.analytics_id') }}" nonce="{{ JS_NONCE }}"></script>
<script type="text/javascript" nonce="{{ JS_NONCE }}"> <script type="text/javascript" nonce="{{ JS_NONCE }}">
window.dataLayer = window.dataLayer || []; var _paq = window._paq || [];
function gtag(){dataLayer.push(arguments);} _paq.push(['trackPageView']);
gtag('js', new Date()); _paq.push(['enableLinkTracking']);
(function() {
gtag('config', '{{ config('firefly.analytics_id') }}'); var u="//{{ config('firefly.tracker_url') }}/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '{{ config('firefly.tracker_site_id') }}']);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
})();
</script> </script>
<noscript><p><img src="//{{ config('firefly.tracker_url') }}/matomo.php?idsite=1&amp;rec=1" style="border:0;" alt="" /></p></noscript>
{% endif %} {% endif %}
</body> </body>

26
resources/views/v1/layout/empty.twig
View File

@@ -42,18 +42,24 @@
</div> </div>
<script src="v1/js/app.js?v={{ FF_VERSION }}" type="text/javascript" nonce="{{ JS_NONCE }}"></script> <script src="v1/js/app.js?v={{ FF_VERSION }}" type="text/javascript" nonce="{{ JS_NONCE }}"></script>
{% if config('firefly.analytics_id') != '' %}
<!-- Global site tag (gtag.js) - Google Analytics -->
<!-- This tag is only here because this instance of Firefly III was purposefully configured to include it -->
<!-- Your own installation will NOT include it -->
<script type="text/javascript" async src="https://www.googletagmanager.com/gtag/js?id={{ config('firefly.analytics_id') }}" nonce="{{ JS_NONCE }}"></script>
<script type="text/javascript" nonce="{{ JS_NONCE }}">
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', '{{ config('firefly.analytics_id') }}'); {% if config('firefly.tracker_site_id') != '' and config('firefly.tracker_url') != '' %}
<!-- This tracker tag is only here because this instance of Firefly III was purposefully configured to include it -->
<!-- Your own installation will NOT include it, unless you explicitely configure it to have it. -->
<script type="text/javascript" nonce="{{ JS_NONCE }}">
var _paq = window._paq || [];
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="//{{ config('firefly.tracker_url') }}/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '{{ config('firefly.tracker_site_id') }}']);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
})();
</script> </script>
<noscript><p><img src="//{{ config('firefly.tracker_url') }}/matomo.php?idsite=1&amp;rec=1" style="border:0;" alt="" /></p></noscript>
{% endif %} {% endif %}
</body> </body>
</html> </html>

26
resources/views/v1/layout/guest.twig
View File

@@ -57,18 +57,24 @@
</div> </div>
<script src="v1/js/app.js?v={{ FF_VERSION }}" type="text/javascript" nonce="{{ JS_NONCE }}"></script> <script src="v1/js/app.js?v={{ FF_VERSION }}" type="text/javascript" nonce="{{ JS_NONCE }}"></script>
<script type="text/javascript" src="v1/js/ff/guest.js?v={{ FF_VERSION }}" nonce="{{ JS_NONCE }}"></script> <script type="text/javascript" src="v1/js/ff/guest.js?v={{ FF_VERSION }}" nonce="{{ JS_NONCE }}"></script>
{% if config('firefly.analytics_id') != '' %}
<!-- Global site tag (gtag.js) - Google Analytics -->
<!-- This tag is only here because this instance of Firefly III was purposefully configured to include it -->
<!-- Your own installation will NOT include it -->
<script type="text/javascript" async src="https://www.googletagmanager.com/gtag/js?id={{ config('firefly.analytics_id') }}" nonce="{{ JS_NONCE }}"></script>
<script type="text/javascript" nonce="{{ JS_NONCE }}">
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', '{{ config('firefly.analytics_id') }}'); {% if config('firefly.tracker_site_id') != '' and config('firefly.tracker_url') != '' %}
<!-- This tracker tag is only here because this instance of Firefly III was purposefully configured to include it -->
<!-- Your own installation will NOT include it, unless you explicitely configure it to have it. -->
<script type="text/javascript" nonce="{{ JS_NONCE }}">
var _paq = window._paq || [];
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="//{{ config('firefly.tracker_url') }}/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '{{ config('firefly.tracker_site_id') }}']);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
})();
</script> </script>
<noscript><p><img src="//{{ config('firefly.tracker_url') }}/matomo.php?idsite=1&amp;rec=1" style="border:0;" alt="" /></p></noscript>
{% endif %} {% endif %}
</body> </body>
</html> </html>

2
tests/Unit/Middleware/SecureHeadersTest.php
View File

@@ -71,6 +71,8 @@ class SecureHeadersTest extends TestCase
} }
/** /**
* TODO this test tests nothing.
*
* @covers \FireflyIII\Http\Middleware\SecureHeaders * @covers \FireflyIII\Http\Middleware\SecureHeaders
*/ */
public function testMiddlewareGoogleAnalytics(): void public function testMiddlewareGoogleAnalytics(): void