def _get_team_from_request(self) -> Optional["Team"]:
team_found = None
token, _ = get_token(None, self.request)
if token:
team = Team.objects.get_team_from_token(token)
if team:
team_found = team
else:
raise AuthenticationFailed()
return team_found
def get_event(request):
timer = statsd.timer("posthog_cloud_event_endpoint").start()
now = timezone.now()
data, error_response = get_data(request)
if error_response:
return error_response
sent_at = _get_sent_at(data, request)
token = get_token(data, request)
if not token:
return cors_response(
request,
generate_exception_response(
"capture",
"API key not provided. You can find your project API key in PostHog project settings.",
type="authentication_error",
code="missing_api_key",
status_code=status.HTTP_401_UNAUTHORIZED,
),
)
ingestion_context, db_error, error_response = get_event_ingestion_context(request, data, token)
if error_response:
return error_response
send_events_to_dead_letter_queue = False
if db_error:
send_events_to_dead_letter_queue = True
if isinstance(data, dict):
if data.get("batch"): # posthog-python and posthog-ruby
data = data["batch"]
assert data is not None
elif "engage" in request.path_info: # JS identify call
data["event"] = "$identify" # make sure it has an event name
if isinstance(data, list):
events = data
else:
events = [data]
try:
events = preprocess_session_recording_events(events)
except ValueError as e:
return cors_response(
request, generate_exception_response("capture", f"Invalid payload: {e}", code="invalid_payload")
)
site_url = request.build_absolute_uri("/")[:-1]
ip = None if not ingestion_context or ingestion_context.anonymize_ips else get_ip_address(request)
for event in events:
event_uuid = UUIDT()
distinct_id = get_distinct_id(event)
if not distinct_id:
continue
payload_uuid = event.get("uuid", None)
if payload_uuid:
if UUIDT.is_valid_uuid(payload_uuid):
event_uuid = UUIDT(uuid_str=payload_uuid)
else:
statsd.incr("invalid_event_uuid")
event = parse_event(event, distinct_id, ingestion_context)
if not event:
continue
if send_events_to_dead_letter_queue:
kafka_event = parse_kafka_event_data(
distinct_id=distinct_id,
ip=None,
site_url=site_url,
team_id=None,
now=now,
event_uuid=event_uuid,
data=event,
sent_at=sent_at,
)
log_event_to_dead_letter_queue(
data,
event["event"],
kafka_event,
f"Unable to fetch team from Postgres. Error: {db_error}",
"django_server_capture_endpoint",
)
continue
try:
capture_internal(event, distinct_id, ip, site_url, now, sent_at, ingestion_context.team_id, event_uuid) # type: ignore
except Exception as e:
timer.stop()
capture_exception(e, {"data": data})
statsd.incr(
"posthog_cloud_raw_endpoint_failure", tags={"endpoint": "capture",},
)
return cors_response(
request,
generate_exception_response(
"capture",
"Unable to store event. Please try again. If you are the owner of this app you can check the logs for further details.",
code="server_error",
type="server_error",
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
),
)
timer.stop()
statsd.incr(
"posthog_cloud_raw_endpoint_success", tags={"endpoint": "capture",},
)
return cors_response(request, JsonResponse({"status": 1}))
def get_decide(request: HttpRequest):
response = {
"config": {
"enable_collect_everything": True
},
"editorParams": {},
"isAuthenticated": False,
"supportedCompression": ["gzip", "gzip-js", "lz64"],
}
if request.COOKIES.get(
settings.TOOLBAR_COOKIE_NAME) and request.user.is_authenticated:
response["isAuthenticated"] = True
if settings.JS_URL and request.user.toolbar_mode == User.TOOLBAR:
response["editorParams"] = {
"jsURL": settings.JS_URL,
"toolbarVersion": "toolbar"
}
if request.user.is_authenticated:
r, update_user_token = decide_editor_params(request)
response.update(r)
if update_user_token:
request.user.temporary_token = secrets.token_urlsafe(32)
request.user.save()
response["featureFlags"] = []
response["sessionRecording"] = False
if request.method == "POST":
try:
data = load_data_from_request(request)
api_version_string = request.GET.get("v")
# NOTE: This does not support semantic versioning e.g. 2.1.0
api_version = int(api_version_string) if api_version_string else 1
except ValueError:
# default value added because of bug in posthog-js 1.19.0
# see https://sentry.io/organizations/posthog2/issues/2738865125/?project=1899813
# as a tombstone if the below statsd counter hasn't seen errors for N days
# then it is likely that no clients are running posthog-js 1.19.0
# and this defaulting could be removed
statsd.incr(
f"posthog_cloud_decide_defaulted_api_version_on_value_error",
tags={
"endpoint": "decide",
"api_version_string": api_version_string
},
)
api_version = 2
except RequestParsingError as error:
capture_exception(
error
) # We still capture this on Sentry to identify actual potential bugs
return cors_response(
request,
generate_exception_response("decide",
f"Malformed request data: {error}",
code="malformed_data"),
)
token = get_token(data, request)
team = Team.objects.get_team_from_token(token)
if team is None and token:
project_id = get_project_id(data, request)
if not project_id:
return cors_response(
request,
generate_exception_response(
"decide",
"Project API key invalid. You can find your project API key in PostHog project settings.",
code="invalid_api_key",
type="authentication_error",
status_code=status.HTTP_401_UNAUTHORIZED,
),
)
user = User.objects.get_from_personal_api_key(token)
if user is None:
return cors_response(
request,
generate_exception_response(
"decide",
"Invalid Personal API key.",
code="invalid_personal_key",
type="authentication_error",
status_code=status.HTTP_401_UNAUTHORIZED,
),
)
team = user.teams.get(id=project_id)
if team:
feature_flags = get_overridden_feature_flags(
team.pk, data["distinct_id"], data.get("groups", {}))
response[
"featureFlags"] = feature_flags if api_version >= 2 else list(
feature_flags.keys())
if team.session_recording_opt_in and (on_permitted_domain(
team, request) or len(team.app_urls) == 0):
response["sessionRecording"] = {"endpoint": "/s/"}
statsd.incr(
f"posthog_cloud_raw_endpoint_success",
tags={
"endpoint": "decide",
},
)
return cors_response(request, JsonResponse(response))
def get_decide(request: HttpRequest):
response = {
"config": {
"enable_collect_everything": True
},
"editorParams": {},
"isAuthenticated": False,
"supportedCompression": ["gzip", "gzip-js", "lz64"],
}
if request.COOKIES.get(settings.TOOLBAR_COOKIE_NAME):
response["isAuthenticated"] = True
if settings.JS_URL:
response["editorParams"] = {
"jsURL": settings.JS_URL,
"toolbarVersion": "toolbar"
}
if request.user.is_authenticated:
r, update_user_token = decide_editor_params(request)
response.update(r)
if update_user_token:
request.user.temporary_token = secrets.token_urlsafe(32)
request.user.save()
response["featureFlags"] = []
response["sessionRecording"] = False
if request.method == "POST":
try:
data = load_data_from_request(request)
except RequestParsingError as error:
capture_exception(
error
) # We still capture this on Sentry to identify actual potential bugs
return cors_response(
request,
generate_exception_response("decide",
f"Malformed request data: {error}",
code="malformed_data"),
)
token, _ = get_token(data, request)
team = Team.objects.get_team_from_token(token)
if team is None and token:
project_id = _get_project_id(data, request)
if not project_id:
return cors_response(
request,
generate_exception_response(
"decide",
"Project API key invalid. You can find your project API key in PostHog project settings.",
code="invalid_api_key",
type="authentication_error",
status_code=status.HTTP_401_UNAUTHORIZED,
),
)
user = User.objects.get_from_personal_api_key(token)
if user is None:
return cors_response(
request,
generate_exception_response(
"decide",
"Invalid Personal API key.",
code="invalid_personal_key",
type="authentication_error",
status_code=status.HTTP_401_UNAUTHORIZED,
),
)
team = user.teams.get(id=project_id)
if team:
response["featureFlags"] = get_active_feature_flags(
team, data["distinct_id"])
if team.session_recording_opt_in and (on_permitted_domain(
team, request) or len(team.app_urls) == 0):
response["sessionRecording"] = {"endpoint": "/s/"}
statsd.incr(
f"posthog_cloud_raw_endpoint_success",
tags={
"endpoint": "decide",
},
)
return cors_response(request, JsonResponse(response))
def get_event(request):
timer = statsd.timer("posthog_cloud_event_endpoint").start()
now = timezone.now()
try:
data = load_data_from_request(request)
except RequestParsingError as error:
capture_exception(
error
) # We still capture this on Sentry to identify actual potential bugs
return cors_response(
request,
generate_exception_response("capture",
f"Malformed request data: {error}",
code="invalid_payload"),
)
if not data:
return cors_response(
request,
generate_exception_response(
"capture",
"No data found. Make sure to use a POST request when sending the payload in the body of the request.",
code="no_data",
),
)
sent_at = _get_sent_at(data, request)
token, is_test_environment = get_token(data, request)
if not token:
return cors_response(
request,
generate_exception_response(
"capture",
"API key not provided. You can find your project API key in PostHog project settings.",
type="authentication_error",
code="missing_api_key",
status_code=status.HTTP_401_UNAUTHORIZED,
),
)
team = Team.objects.get_team_from_token(token)
if team is None:
try:
project_id = _get_project_id(data, request)
except ValueError:
return cors_response(
request,
generate_exception_response("capture",
"Invalid Project ID.",
code="invalid_project",
attr="project_id"),
)
if not project_id:
return cors_response(
request,
generate_exception_response(
"capture",
"Project API key invalid. You can find your project API key in PostHog project settings.",
type="authentication_error",
code="invalid_api_key",
status_code=status.HTTP_401_UNAUTHORIZED,
),
)
user = User.objects.get_from_personal_api_key(token)
if user is None:
return cors_response(
request,
generate_exception_response(
"capture",
"Invalid Personal API key.",
type="authentication_error",
code="invalid_personal_api_key",
status_code=status.HTTP_401_UNAUTHORIZED,
),
)
team = user.teams.get(id=project_id)
if isinstance(data, dict):
if data.get("batch"): # posthog-python and posthog-ruby
data = data["batch"]
assert data is not None
elif "engage" in request.path_info: # JS identify call
data["event"] = "$identify" # make sure it has an event name
if isinstance(data, list):
events = data
else:
events = [data]
try:
events = preprocess_session_recording_events(events)
except ValueError as e:
return cors_response(
request,
generate_exception_response("capture",
f"Invalid payload: {e}",
code="invalid_payload"))
for event in events:
try:
distinct_id = _get_distinct_id(event)
except KeyError:
return cors_response(
request,
generate_exception_response(
"capture",
"You need to set user distinct ID field `distinct_id`.",
code="required",
attr="distinct_id",
),
)
except ValueError:
return cors_response(
request,
generate_exception_response(
"capture",
"Distinct ID field `distinct_id` must have a non-empty value.",
code="required",
attr="distinct_id",
),
)
if not event.get("event"):
return cors_response(
request,
generate_exception_response(
"capture",
"You need to set user event name, field `event`.",
code="required",
attr="event"),
)
site_url = request.build_absolute_uri("/")[:-1]
ip = None if team.anonymize_ips else get_ip_address(request)
if not event.get("properties"):
event["properties"] = {}
# Support test_[apiKey] for users with multiple environments
if event["properties"].get(
"$environment") is None and is_test_environment:
event["properties"]["$environment"] = ENVIRONMENT_TEST
_ensure_web_feature_flags_in_properties(event, team, distinct_id)
statsd.incr("posthog_cloud_plugin_server_ingestion")
capture_internal(event, distinct_id, ip, site_url, now, sent_at,
team.pk)
timer.stop()
statsd.incr(
f"posthog_cloud_raw_endpoint_success",
tags={
"endpoint": "capture",
},
)
return cors_response(request, JsonResponse({"status": 1}))
def get_event(request):
timer = statsd.timer("posthog_cloud_event_endpoint").start()
now = timezone.now()
data, error_response = get_data(request)
if error_response:
return error_response
sent_at = _get_sent_at(data, request)
token = get_token(data, request)
if not token:
return cors_response(
request,
generate_exception_response(
"capture",
"API key not provided. You can find your project API key in PostHog project settings.",
type="authentication_error",
code="missing_api_key",
status_code=status.HTTP_401_UNAUTHORIZED,
),
)
team, db_error, error_response = get_team(request, data, token)
if error_response:
return error_response
send_events_to_dead_letter_queue = False
if db_error and is_clickhouse_enabled():
send_events_to_dead_letter_queue = True
if isinstance(data, dict):
if data.get("batch"): # posthog-python and posthog-ruby
data = data["batch"]
assert data is not None
elif "engage" in request.path_info: # JS identify call
data["event"] = "$identify" # make sure it has an event name
if isinstance(data, list):
events = data
else:
events = [data]
try:
events = preprocess_session_recording_events(events)
except ValueError as e:
return cors_response(
request,
generate_exception_response("capture",
f"Invalid payload: {e}",
code="invalid_payload"))
site_url = request.build_absolute_uri("/")[:-1]
ip = None if not team or team.anonymize_ips else get_ip_address(request)
for event in events:
event_uuid = UUIDT()
distinct_id = get_distinct_id(event)
if not distinct_id:
continue
event = parse_event(event, distinct_id, team)
if not event:
continue
if send_events_to_dead_letter_queue:
kafka_event = parse_kafka_event_data(
distinct_id=distinct_id,
ip=None,
site_url=site_url,
team_id=None,
now=now,
event_uuid=event_uuid,
data=event,
sent_at=sent_at,
)
log_event_to_dead_letter_queue(
data,
event["event"],
kafka_event,
f"Unable to fetch team from Postgres. Error: {db_error}",
"django_server_capture_endpoint",
)
continue
statsd.incr("posthog_cloud_plugin_server_ingestion")
capture_internal(event, distinct_id, ip, site_url, now, sent_at,
team.pk, event_uuid) # type: ignore
timer.stop()
statsd.incr(
f"posthog_cloud_raw_endpoint_success",
tags={
"endpoint": "capture",
},
)
return cors_response(request, JsonResponse({"status": 1}))