Removed unused tinybird filters

[tomerqodo]

Benchmark PR from qodo-benchmark#248

Summary by CodeRabbit

Release Notes

• Bug Fixes / Changes
  • Removed device, browser, and operating system filtering capabilities from analytics queries across multiple endpoints.
  • Removed analytics endpoints for top browsers, top devices, and top operating system reports.
  • Updated test cases to reflect the removal of device, browser, and OS filter parameters.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This pull request removes browser, device, and OS filtering capabilities from multiple Tinybird pipe definitions and corresponding test cases. Additionally, the TinybirdService is updated to remove references to three browser/device/OS pipes and modify JWT token handling logic.

Changes

Cohort / File(s)	Summary
Pipe Filter Removals ghost/core/core/server/data/tinybird/endpoints/api_kpis.pipe, ghost/core/core/server/data/tinybird/endpoints/api_top_locations.pipe, ghost/core/core/server/data/tinybird/endpoints/api_top_pages.pipe, ghost/core/core/server/data/tinybird/pipes/filtered_sessions.pipe	Removed conditional filter clauses for device, browser, and OS from WHERE clause logic. These filters will no longer be applied to queries, simplifying the filtering options.
Test Case Updates ghost/core/core/server/data/tinybird/tests/api_kpis.yaml, ghost/core/core/server/data/tinybird/tests/api_top_locations.yaml, ghost/core/core/server/data/tinybird/tests/api_top_pages.yaml, ghost/core/core/server/data/tinybird/tests/api_top_sources.yaml, ghost/core/core/server/data/tinybird/tests/api_top_utm_*.yaml	Removed test scenarios for browser, device, and OS filtering. Updated combined-filter test cases to use source and pathname parameters instead of device/browser, with adjusted expected results.
TinybirdService Configuration ghost/core/core/server/services/tinybird/TinybirdService.js	Removed three pipe entries from TINYBIRD_PIPES (api_top_browsers, api_top_devices, api_top_os). Modified JWT token handling: now stores full tokenData object instead of just token, removed noTimestamp option from signing, and changed token verification from jwt.verify to jwt.decode. Added documentation comment for local test commands.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 Whiskers twitched with delight
Browser, device, OS—now out of sight!
Pipes run cleaner, tests align,
Tokens flow in simpler line.
A lighter load for Tinybird to bear! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Removed unused tinybird filters' directly and accurately summarizes the main change across the pull request, which removes device, browser, and OS filter logic from multiple Tinybird pipe files and their corresponding tests.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5e2713e and 784a04f.

📒 Files selected for processing (14)

• ghost/core/core/server/data/tinybird/endpoints/api_kpis.pipe
• ghost/core/core/server/data/tinybird/endpoints/api_top_locations.pipe
• ghost/core/core/server/data/tinybird/endpoints/api_top_pages.pipe
• ghost/core/core/server/data/tinybird/pipes/filtered_sessions.pipe
• ghost/core/core/server/data/tinybird/tests/api_kpis.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_locations.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_pages.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_sources.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_campaigns.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_contents.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_mediums.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_sources.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_terms.yaml
• ghost/core/core/server/services/tinybird/TinybirdService.js

💤 Files with no reviewable changes (5)

• ghost/core/core/server/data/tinybird/endpoints/api_top_locations.pipe
• ghost/core/core/server/data/tinybird/endpoints/api_kpis.pipe
• ghost/core/core/server/data/tinybird/endpoints/api_top_pages.pipe
• ghost/core/core/server/data/tinybird/pipes/filtered_sessions.pipe
• ghost/core/core/server/data/tinybird/tests/api_kpis.yaml

🧰 Additional context used

🧬 Code graph analysis (1)

ghost/core/core/server/services/tinybird/TinybirdService.js (3)

ghost/core/core/server/api/endpoints/tinybird.js (1)

• tokenData (17-17)

ghost/core/test/unit/server/services/tinybird/TinybirdService.test.js (5)

• jwt (3-3)
• decoded (54-54)
• decoded (60-60)
• decoded (67-67)
• decoded (79-79)

ghost/core/test/e2e-api/admin/tinybird.test.js (2)

• jwt (53-53)
• decoded (54-54)

🔇 Additional comments (10)

ghost/core/core/server/data/tinybird/tests/api_top_utm_campaigns.yaml (1)

74-79: LGTM! Test case correctly updated to use remaining filter dimensions.

The combined filter test now uses source and pathname instead of the removed device and browser filters. The expected results (retention_q4 and newsletter_weekly) correctly represent the intersection of the individual source=bing.com (lines 42-47) and pathname=/about/ (lines 22-30) filter results.

ghost/core/core/server/data/tinybird/tests/api_top_utm_terms.yaml (1)

77-82: LGTM! Combined filter test correctly updated.

The expected results (subscribers and loyal_customers) correctly represent the intersection of sessions matching both source=bing.com and pathname=/about/ based on the individual filter test cases in this file.

ghost/core/core/server/data/tinybird/tests/api_top_utm_contents.yaml (1)

76-81: LGTM! Test parameters and expected results correctly updated.

The combined filter results match the intersection of the source=bing.com and pathname=/about/ individual filter results defined earlier in this file.

ghost/core/core/server/data/tinybird/tests/api_top_utm_sources.yaml (1)

83-88: LGTM! Combined filter test correctly reflects the intersection of filter criteria.

The expected results are consistent with the intersection of source=bing.com and pathname=/about/ individual test results.

ghost/core/core/server/data/tinybird/tests/api_top_sources.yaml (1)

84-88: LGTM! Combined filter test correctly updated.

The expected result of bing.com with 2 visits is consistent with filtering by both source=bing.com and pathname=/about/, as verified against the individual filter test cases.

ghost/core/core/server/data/tinybird/tests/api_top_utm_mediums.yaml (1)

74-79: LGTM! Combined filter test correctly updated with proper intersection logic.

The expected results (social with 1 visit and email with 1 visit) correctly represent sessions matching both filter criteria. This aligns with the source=bing.com individual filter results.

ghost/core/core/server/data/tinybird/tests/api_top_locations.yaml (1)

71-76: Update aligns with new filter set.

Looks consistent after switching the combined filters to source + pathname and narrowing the expected result accordingly.

ghost/core/core/server/data/tinybird/tests/api_top_pages.yaml (1)

65-70: Combined filter test looks consistent.

The updated parameters and narrowed expected result line up with the new source + pathname filter combination.

ghost/core/core/server/services/tinybird/TinybirdService.js (2)

61-67: Helpful local Tinybird test guidance.

Nice addition for local test setup.

---

128-152: No action needed—Tinybird accepts standard JWT claims.

Tinybird's JWT validation only enforces the required claims (workspace_id, name, exp, scopes) and does not reject extra standard claims. The iat claim added by default in jwt.sign() is compliant with RFC 7519 and will not cause issues with Tinybird token validation. Reintroducing noTimestamp is unnecessary.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

ghost/core/core/server/services/tinybird/TinybirdService.js (2)

92-104: Return a token string, not the token object.

Line 98 now stores the full object, so getToken() returns { token: { token, exp }, exp }, and _isJWTExpired receives an object. This breaks call sites/tests that expect result.token to be a JWT string (e.g., ghost/core/test/unit/server/services/tinybird/TinybirdService.test.js Line 53 uses jwt.verify(result.token, ...)). Please keep _serverToken as the string or update all usages.

🐛 Proposed fix (minimal)

-                this._serverToken = tokenData;
+                this._serverToken = tokenData.token;

---

162-170: Add signature verification to prevent acceptance of tokens signed with rotated keys.

Currently jwt.decode only decodes without validating the signature. If adminToken is rotated, tokens signed with the old key will still be accepted until their exp time, creating a security window. Use jwt.verify with ignoreExpiration: true to validate the signature while preserving manual expiration checking:

Proposed fix

-            const decoded = jwt.decode(token);
+            const decoded = jwt.verify(token, this.tinybirdConfig.adminToken, {ignoreExpiration: true});

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5e2713e and 784a04f.

📒 Files selected for processing (14)

• ghost/core/core/server/data/tinybird/endpoints/api_kpis.pipe
• ghost/core/core/server/data/tinybird/endpoints/api_top_locations.pipe
• ghost/core/core/server/data/tinybird/endpoints/api_top_pages.pipe
• ghost/core/core/server/data/tinybird/pipes/filtered_sessions.pipe
• ghost/core/core/server/data/tinybird/tests/api_kpis.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_locations.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_pages.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_sources.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_campaigns.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_contents.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_mediums.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_sources.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_terms.yaml
• ghost/core/core/server/services/tinybird/TinybirdService.js

💤 Files with no reviewable changes (5)

• ghost/core/core/server/data/tinybird/endpoints/api_top_locations.pipe
• ghost/core/core/server/data/tinybird/endpoints/api_kpis.pipe
• ghost/core/core/server/data/tinybird/endpoints/api_top_pages.pipe
• ghost/core/core/server/data/tinybird/pipes/filtered_sessions.pipe
• ghost/core/core/server/data/tinybird/tests/api_kpis.yaml

🧰 Additional context used

🧬 Code graph analysis (1)

ghost/core/core/server/services/tinybird/TinybirdService.js (3)

ghost/core/core/server/api/endpoints/tinybird.js (1)

• tokenData (17-17)

ghost/core/test/unit/server/services/tinybird/TinybirdService.test.js (5)

• jwt (3-3)
• decoded (54-54)
• decoded (60-60)
• decoded (67-67)
• decoded (79-79)

ghost/core/test/e2e-api/admin/tinybird.test.js (2)

• jwt (53-53)
• decoded (54-54)

🔇 Additional comments (10)

ghost/core/core/server/data/tinybird/tests/api_top_utm_campaigns.yaml (1)

74-79: LGTM! Test case correctly updated to use remaining filter dimensions.

The combined filter test now uses source and pathname instead of the removed device and browser filters. The expected results (retention_q4 and newsletter_weekly) correctly represent the intersection of the individual source=bing.com (lines 42-47) and pathname=/about/ (lines 22-30) filter results.

ghost/core/core/server/data/tinybird/tests/api_top_utm_terms.yaml (1)

77-82: LGTM! Combined filter test correctly updated.

The expected results (subscribers and loyal_customers) correctly represent the intersection of sessions matching both source=bing.com and pathname=/about/ based on the individual filter test cases in this file.

ghost/core/core/server/data/tinybird/tests/api_top_utm_contents.yaml (1)

76-81: LGTM! Test parameters and expected results correctly updated.

The combined filter results match the intersection of the source=bing.com and pathname=/about/ individual filter results defined earlier in this file.

ghost/core/core/server/data/tinybird/tests/api_top_utm_sources.yaml (1)

83-88: LGTM! Combined filter test correctly reflects the intersection of filter criteria.

The expected results are consistent with the intersection of source=bing.com and pathname=/about/ individual test results.

ghost/core/core/server/data/tinybird/tests/api_top_sources.yaml (1)

84-88: LGTM! Combined filter test correctly updated.

The expected result of bing.com with 2 visits is consistent with filtering by both source=bing.com and pathname=/about/, as verified against the individual filter test cases.

ghost/core/core/server/data/tinybird/tests/api_top_utm_mediums.yaml (1)

74-79: LGTM! Combined filter test correctly updated with proper intersection logic.

The expected results (social with 1 visit and email with 1 visit) correctly represent sessions matching both filter criteria. This aligns with the source=bing.com individual filter results.

ghost/core/core/server/data/tinybird/tests/api_top_locations.yaml (1)

71-76: Update aligns with new filter set.

Looks consistent after switching the combined filters to source + pathname and narrowing the expected result accordingly.

ghost/core/core/server/data/tinybird/tests/api_top_pages.yaml (1)

65-70: Combined filter test looks consistent.

The updated parameters and narrowed expected result line up with the new source + pathname filter combination.

ghost/core/core/server/services/tinybird/TinybirdService.js (2)

61-67: Helpful local Tinybird test guidance.

Nice addition for local test setup.

---

128-152: No action needed—Tinybird accepts standard JWT claims.

Tinybird's JWT validation only enforces the required claims (workspace_id, name, exp, scopes) and does not reject extra standard claims. The iat claim added by default in jwt.sign() is compliant with RFC 7519 and will not cause issues with Tinybird token validation. Reintroducing noTimestamp is unnecessary.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}