Removed unused tinybird filters

[tomerqodo]

Benchmark PR from qodo-benchmark#248

Summary by CodeRabbit

Release Notes

• Removed Features
  • Device, browser, and operating system filters have been removed from analytics queries across all endpoints
  • Browser breakdown, device breakdown, and operating system breakdown reports are no longer available

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR removes device, browser, and OS filtering capabilities from multiple Tinybird pipe endpoints and their tests, while removing the corresponding browser, device, and OS-focused pipes from service configuration. Token handling logic in TinybirdService is refactored.

Changes

Cohort / File(s)	Summary
API Endpoint Pipes ghost/core/core/server/data/tinybird/endpoints/api_kpis.pipe, api_top_locations.pipe, api_top_pages.pipe	Removed conditional WHERE clause filters for device, browser, and os parameters from SQL templates across three endpoint pipes. Other filter logic (date, source, location, pathname, post_uuid, member_status) remains intact.
Session Filter Pipe ghost/core/core/server/data/tinybird/pipes/filtered_sessions.pipe	Removed three conditional filter clauses (device, browser, os) guarded by {% if defined(...) %} blocks. Remaining filters and query structure unchanged.
Endpoint Test Files ghost/core/core/server/data/tinybird/tests/api_kpis.yaml, api_top_locations.yaml, api_top_pages.yaml	Removed test scenarios for "Filtered by browser - Chrome", "Filtered by device - desktop", and "Filtered by OS - Windows" across three test files. Updated "Test with multiple filters combined" scenarios to use source and pathname filters instead of device/browser, with corresponding expected result adjustments.
Additional Test Files ghost/core/core/server/data/tinybird/tests/api_top_sources.yaml, api_top_utm_campaigns.yaml, api_top_utm_contents.yaml, api_top_utm_mediums.yaml, api_top_utm_sources.yaml, api_top_utm_terms.yaml	Removed device, browser, and OS filter test cases from six additional test files. Updated "Test with multiple filters combined" scenarios to replace device/browser parameters with source and pathname, with corresponding expected result changes.
Tinybird Service ghost/core/core/services/tinybird/TinybirdService.js	Removed three pipe entries (api_top_browsers, api_top_devices, api_top_os) from TINYBIRD_PIPES list. Refactored token handling: \getToken\\ now stores entire tokenData object instead of tokenData.token; \_generateToken\\ simplified JWT creation; \_isJWTExpired\\ changed from \jwt.verify\\ to \jwt.decode\\ for token validation.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 The filters fade like morning dew,
Device, browser, OS—adieu!
With source and path we chart our way,
While tokens dance in JWT's display,
Analytics lean, simplified and true!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title 'Removed unused tinybird filters' accurately summarizes the main change: systematic removal of device, browser, and OS filter options across multiple Tinybird API endpoints and their corresponding test files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5e2713e and 784a04f.

📒 Files selected for processing (14)

• ghost/core/core/server/data/tinybird/endpoints/api_kpis.pipe
• ghost/core/core/server/data/tinybird/endpoints/api_top_locations.pipe
• ghost/core/core/server/data/tinybird/endpoints/api_top_pages.pipe
• ghost/core/core/server/data/tinybird/pipes/filtered_sessions.pipe
• ghost/core/core/server/data/tinybird/tests/api_kpis.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_locations.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_pages.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_sources.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_campaigns.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_contents.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_mediums.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_sources.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_terms.yaml
• ghost/core/core/server/services/tinybird/TinybirdService.js

💤 Files with no reviewable changes (5)

• ghost/core/core/server/data/tinybird/endpoints/api_top_pages.pipe
• ghost/core/core/server/data/tinybird/endpoints/api_kpis.pipe
• ghost/core/core/server/data/tinybird/pipes/filtered_sessions.pipe
• ghost/core/core/server/data/tinybird/tests/api_kpis.yaml
• ghost/core/core/server/data/tinybird/endpoints/api_top_locations.pipe

🧰 Additional context used

🧬 Code graph analysis (1)

ghost/core/core/server/services/tinybird/TinybirdService.js (3)

ghost/core/core/server/api/endpoints/tinybird.js (1)

• tokenData (17-17)

ghost/core/test/unit/server/services/tinybird/TinybirdService.test.js (5)

• jwt (3-3)
• decoded (54-54)
• decoded (60-60)
• decoded (67-67)
• decoded (79-79)

ghost/core/test/e2e-api/admin/tinybird.test.js (2)

• jwt (53-53)
• decoded (54-54)

🔇 Additional comments (12)

ghost/core/core/server/data/tinybird/tests/api_top_locations.yaml (1)

73-75: Multi-filter scenario aligns with new filter set.
The updated source+pathname parameters and expected_result look consistent with the removal of device/browser/os filters.

ghost/core/core/server/data/tinybird/tests/api_top_sources.yaml (1)

86-88: Multi-filter test update looks good.
Switching to source+pathname with the narrowed expected_result matches the new filter behavior.

ghost/core/core/server/data/tinybird/tests/api_top_utm_campaigns.yaml (1)

76-79: Multi-filter UTM campaign fixture update is consistent.
The new source+pathname parameters and expected_result match the revised filter scope.

ghost/core/core/server/data/tinybird/tests/api_top_utm_contents.yaml (1)

78-81: Multi-filter UTM content scenario update looks solid.
The expected_result reflects the new source+pathname filter combination.

ghost/core/core/server/data/tinybird/tests/api_top_utm_sources.yaml (1)

85-88: Multi-filter UTM source expectations look aligned.
The updated parameters and expected_result match the new filter inputs.

ghost/core/core/server/data/tinybird/tests/api_top_pages.yaml (1)

67-69: Multi-filter parameters updated appropriately.
Switching to source+pathname aligns with the removal of device/browser filtering.

ghost/core/core/server/data/tinybird/tests/api_top_utm_terms.yaml (1)

77-82: LGTM!

The updated combined filter test using source=bing.com&pathname=%2Fabout%2F is consistent with the PR's objective to remove browser/device/OS filters. The expected results correctly reflect the intersection of source and pathname filters based on the individual test cases above.

ghost/core/core/server/data/tinybird/tests/api_top_utm_mediums.yaml (1)

74-79: LGTM!

The updated combined filter test is consistent with the individual filter tests. The expected results correctly reflect the intersection of source=bing.com (social:1, email:1) and pathname=/about/ filters.

ghost/core/core/server/services/tinybird/TinybirdService.js (4)

47-59: LGTM!

The removal of api_top_browsers, api_top_devices, and api_top_os from the pipes list aligns with the PR objective to remove unused Tinybird filters.

---

61-67: LGTM!

Helpful documentation for local Tinybird test setup.

---

162-174: Acceptable change to use jwt.decode() for expiration check.

Using jwt.decode() instead of jwt.verify() is reasonable here since we're only checking the expiration of our own locally-generated token. Signature verification isn't necessary for self-generated tokens cached in memory.

---

147-148: JWT will now include iat claim.

Removing the {noTimestamp: true} option means generated tokens will include an iat (issued at) claim. This is beneficial for debugging and audit purposes. The existing tests validate specific token claims without asserting on exact payload structure, so they will continue to pass with the added iat claim.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

ghost/core/core/server/services/tinybird/TinybirdService.js (1)

96-104: Critical bug: Type mismatch causes broken token handling.

Line 98 stores the entire tokenData object ({token, exp}) in this._serverToken, but:

1. Line 96 passes this._serverToken to _isJWTExpired(), which calls jwt.decode() expecting a string
2. Line 102 returns this._serverToken as the token value, but callers expect a string (see tinybird.js:16 and test files using jwt.verify(result.token, ...))

This will cause jwt.decode() to fail on subsequent calls, and API consumers will receive an object instead of a JWT string.

🐛 Proposed fix

             if (!this._serverToken || this._isJWTExpired(this._serverToken)) {
                 const tokenData = this._generateToken({name, expiresInMinutes});
-                this._serverToken = tokenData;
+                this._serverToken = tokenData.token;
                 this._serverTokenExp = tokenData.exp;
             }
             return {
                 token: this._serverToken,
                 exp: this._serverTokenExp
             };

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5e2713e and 784a04f.

📒 Files selected for processing (14)

• ghost/core/core/server/data/tinybird/endpoints/api_kpis.pipe
• ghost/core/core/server/data/tinybird/endpoints/api_top_locations.pipe
• ghost/core/core/server/data/tinybird/endpoints/api_top_pages.pipe
• ghost/core/core/server/data/tinybird/pipes/filtered_sessions.pipe
• ghost/core/core/server/data/tinybird/tests/api_kpis.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_locations.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_pages.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_sources.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_campaigns.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_contents.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_mediums.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_sources.yaml
• ghost/core/core/server/data/tinybird/tests/api_top_utm_terms.yaml
• ghost/core/core/server/services/tinybird/TinybirdService.js

💤 Files with no reviewable changes (5)

• ghost/core/core/server/data/tinybird/endpoints/api_top_pages.pipe
• ghost/core/core/server/data/tinybird/endpoints/api_kpis.pipe
• ghost/core/core/server/data/tinybird/pipes/filtered_sessions.pipe
• ghost/core/core/server/data/tinybird/tests/api_kpis.yaml
• ghost/core/core/server/data/tinybird/endpoints/api_top_locations.pipe

🧰 Additional context used

🧬 Code graph analysis (1)

ghost/core/core/server/services/tinybird/TinybirdService.js (3)

ghost/core/core/server/api/endpoints/tinybird.js (1)

• tokenData (17-17)

ghost/core/test/unit/server/services/tinybird/TinybirdService.test.js (5)

• jwt (3-3)
• decoded (54-54)
• decoded (60-60)
• decoded (67-67)
• decoded (79-79)

ghost/core/test/e2e-api/admin/tinybird.test.js (2)

• jwt (53-53)
• decoded (54-54)

🔇 Additional comments (12)

ghost/core/core/server/data/tinybird/tests/api_top_locations.yaml (1)

73-75: Multi-filter scenario aligns with new filter set.
The updated source+pathname parameters and expected_result look consistent with the removal of device/browser/os filters.

ghost/core/core/server/data/tinybird/tests/api_top_sources.yaml (1)

86-88: Multi-filter test update looks good.
Switching to source+pathname with the narrowed expected_result matches the new filter behavior.

ghost/core/core/server/data/tinybird/tests/api_top_utm_campaigns.yaml (1)

76-79: Multi-filter UTM campaign fixture update is consistent.
The new source+pathname parameters and expected_result match the revised filter scope.

ghost/core/core/server/data/tinybird/tests/api_top_utm_contents.yaml (1)

78-81: Multi-filter UTM content scenario update looks solid.
The expected_result reflects the new source+pathname filter combination.

ghost/core/core/server/data/tinybird/tests/api_top_utm_sources.yaml (1)

85-88: Multi-filter UTM source expectations look aligned.
The updated parameters and expected_result match the new filter inputs.

ghost/core/core/server/data/tinybird/tests/api_top_pages.yaml (1)

67-69: Multi-filter parameters updated appropriately.
Switching to source+pathname aligns with the removal of device/browser filtering.

ghost/core/core/server/data/tinybird/tests/api_top_utm_terms.yaml (1)

77-82: LGTM!

The updated combined filter test using source=bing.com&pathname=%2Fabout%2F is consistent with the PR's objective to remove browser/device/OS filters. The expected results correctly reflect the intersection of source and pathname filters based on the individual test cases above.

ghost/core/core/server/data/tinybird/tests/api_top_utm_mediums.yaml (1)

74-79: LGTM!

The updated combined filter test is consistent with the individual filter tests. The expected results correctly reflect the intersection of source=bing.com (social:1, email:1) and pathname=/about/ filters.

ghost/core/core/server/services/tinybird/TinybirdService.js (4)

47-59: LGTM!

The removal of api_top_browsers, api_top_devices, and api_top_os from the pipes list aligns with the PR objective to remove unused Tinybird filters.

---

61-67: LGTM!

Helpful documentation for local Tinybird test setup.

---

162-174: Acceptable change to use jwt.decode() for expiration check.

Using jwt.decode() instead of jwt.verify() is reasonable here since we're only checking the expiration of our own locally-generated token. Signature verification isn't necessary for self-generated tokens cached in memory.

---

147-148: JWT will now include iat claim.

Removing the {noTimestamp: true} option means generated tokens will include an iat (issued at) claim. This is beneficial for debugging and audit purposes. The existing tests validate specific token claims without asserting on exact payload structure, so they will continue to pass with the added iat claim.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}