v0.9.1

* data plotting with hour and minute resolution
* minor bug fixes
* dependencies update
* js linting improvements
* logbook search fix

.gitignore

@@ -3,6 +3,5 @@ ui/node_modules
 public/*
 vendor/*
 .DS_Store
-composer.lock
 composer.phar
 /.php-cs-fixer.cache

.htaccess

@@ -1,7 +1,8 @@
 Options -Indexes
 RewriteEngine On
 
-RewriteRule ^(\..+|Dockerfile|app|config|logs|db|tmp|vendor|libs|sensor/src|sensor/tests|.+\.sh|.+\.yml|.+\.conf|.+\.ini|.+\.log|.+\.sql|.+\.json|composer\.lock|phpcs\.xml)$ - [R=404,L]
+RewriteRule ^(\..+|Dockerfile|.+\.sh|.+\.yml|.+\.conf|.+\.ini|.+\.log|.+\.sql|.+\.json|.+\.md|composer\.lock|phpcs\.xml)$ - [R=404,L]
+RewriteRule ^(app|config|logs|db|tmp|vendor|libs|sensor/src|sensor/tests|ui/templates).*$ - [R=404,L]
 
 # Exclude /sensor path from general rules
 RewriteRule ^sensor(?:\/.*)?$ /sensor/ [L,QSA]
@@ -10,4 +11,4 @@ RewriteCond %{REQUEST_FILENAME} !-l
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule .* index.php [L,QSA]
-RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
+RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

CHANGELOG.md

@@ -1,4 +1,13 @@
-Changelog
-=========
+# Tirreno Changelog
 
-The changelog is at [https://www.tirreno.com/changelog/](https://www.tirreno.com/changelog/).
+## Tirreno v0.9.1
+
+* data plotting with hour and minute resolution
+* minor bug fixes
+* dependencies update
+* js linting improvements
+* logbook search fix
+
+## Tirreno v0.9.0
+
+* initial release

README.md

@@ -1,12 +1,12 @@
-# Tirreno
+# tirreno
 
 <p align="center">
     <a href="https://www.tirreno.com/" target="_blank">
         <img src="https://www.tirreno.com/double-screen.jpg" alt="Tirreno screenshot" />
     </a>
 </p>
 
-Tirreno is open-source user analytics software.
+Tirreno is an open-source user security analytics for mission-critical web applications.
 
 Tirreno is a universal analytic tool for monitoring online platforms, web applications, SaaS, communities, IoT, mobile applications, intranets, and e-commerce websites. It is effective against external threats associated with partners or customers, as well as internal risks posed by employees or suppliers.
 
@@ -28,16 +28,14 @@ Check out the online demo at [play.tirreno.com](https://play.tirreno.com) (admin
 * **PHP**: Version 8.0 to 8.3
 * **PostgreSQL**: Version 12 or greater
 * **PHP Extensions**: `PDO_PGSQL`, `cURL`
-* **HTTP Web Server**: Any, configured to work with PHP
+* **HTTP Web Server**: `Apache` with `mod_rewrite` and `mod_headers` enabled
 * **Operating System**: A Unix-like system is recommended
 * **Minimum Hardware Requirements**:
     * **PostgreSQL**: 512 MB RAM (2 GB recommended)
     * **Application**: 512 MB RAM (1 GB recommended)
     * **Storage**: Approximately 1 GB PostgreSQL storage per 1 million events
 
-If you prefer Apache web server, `mod_rewrite` and `mod_headers` should be enabled.
-
-## Installation instructions
+## Quickstart install
 
 1. [Download](https://www.tirreno.com/download.php) the latest version of Tirreno (ZIP file).
 2. Extract the tirreno-master.zip file to the location where you want it installed on your web server.
@@ -67,21 +65,20 @@ The idea for Tirreno arose from a challenge: an online platform was in need of a
 
 While building Tirreno, we concentrated on **privacy**, **trust**, and true **sovereignty**. As a result, we have built Tirreno in a secure and independent manner. The application does not have a long list of development dependencies, nor does it rely on heavy frameworks. This approach minimizes the potential attack surface.
 
-### Enrichment API
-
-As the solution we built has proved to be efficient in guarding our platform, over time we have implemented a data enrichment API. The goal was to provide our partners and clients with ethical means in their struggle against malicious actors.
-
-We have built the Tirreno API in-house, eliminating the need to share information with third parties. It operates without collecting or storing user data.
-
-Along with making Tirreno's code publicly available, we provide access to this API on a [monthly subscription](https://www.tirreno.com/pricing/) basis.
-
 ### Why the name Tirreno?
 
-History suggests the Tyrrhenian people may have lived in Tuscany and eastern Switzerland as far back as the 10th-9th centuries BC. The term "Tyrrhenian” became more commonly associated with the Etruscans, and it is from them that the Tyrrhenian Sea derives its name — a name still in use today. This name is believed to be an exonym, possibly meaning “tower”.
+History suggests that the Tyrrhenian people may have lived in Tuscany and eastern Switzerland as far back as 800 BC. The term "Tyrrhenian” became more commonly associated with the Etruscans, and it is from them that the Tyrrhenian Sea derives its name — a name still in use today. This name is believed to be an exonym, possibly meaning “tower”.
 
 While working on the logo, we conducted our own historical study and traced mentions of 'tirreno' back to the 15th-century printed edition of the Vulgate (the Latin Bible). We kept it lowercase to stay true to the original — quite literally, by the book.
 
-Finally, the 'tirreno' wordmark is cropped at the bottom, creating a horizon line that symbolises the continuous development cycle of cybersecurity software.
+The tirreno wordmark, positioned beyond a horizon line, as a metaphor for the constant evolution of the cybersecurity landscape and our commitment to staying ahead of these never-ending changes.
+
+## Links
+
+- [Website](https://www.tirreno.com)
+- [Live demo](https://play.tirreno.com)
+- [Documentation](https://docs.tirreno.com)
+- [Mattermost community](https://chat.tirreno.com)
 
 ## Reporting a security issue
 

RELEASE_NOTES.md

@@ -1,5 +1,6 @@
-Release song: https://youtu.be/OXeh742_jak
+Release song: https://youtu.be/5TySnF_Pb3M
 
-We are thrilled to announce the release of Tirreno version 0.9.0! This marks a significant milestone in our 
-journey and is the result of 1,000 days of dedicated development and over 6,038 commits. We're incredibly
-proud of the collective effort of the Tirreno team to bring this project to life.
+Tirreno is pleased to announce version v0.9.1.
+
+This update enhances data plotting with hour and minute resolutions,
+improves JS linting and dependency security, and fixes minor bugs including logbook search issues.

SECURITY.md

@@ -8,7 +8,7 @@ After receiving a report, Tirreno will take the following steps:
 
 - Confirmation that the issue has been received and that it's in the process of being addressed.
 - Attempt to reproduce the problem and confirm the vulnerability.
-- Create a patch or implement the necessary changes to address the vulnerability.  
+- Create a patch or implement the necessary changes to address the vulnerability.
 - Release a new version of all the affected versions.
 - Prominently announce the problem in the release notes.
-- If requested, give credit to the reporter.
+- If requested, give credit to the reporter.

app/Controllers/Admin/Blacklist/Page.php

@@ -22,12 +22,13 @@ public function getPageParams(): array {
         $searchPlacholder = $this->f3->get('AdminBlacklist_search_placeholder');
 
         $pageParams = [
-            'SEARCH_PLACEHOLDER' => $searchPlacholder,
-            'LOAD_UPLOT' => true,
-            'LOAD_DATATABLE' => true,
-            'LOAD_AUTOCOMPLETE' => true,
-            'HTML_FILE' => 'admin/blacklist.html',
-            'JS' => 'admin_blacklist.js',
+            'SEARCH_PLACEHOLDER'    => $searchPlacholder,
+            'LOAD_UPLOT'            => true,
+            'LOAD_DATATABLE'        => true,
+            'LOAD_AUTOCOMPLETE'     => true,
+            'HTML_FILE'             => 'admin/blacklist.html',
+            'JS'                    => 'admin_blacklist.js',
+            'OFFSET'                => \Utils\TimeZones::getCurrentOperatorOffset(),
         ];
 
         return parent::applyPageParams($pageParams);

app/Controllers/Admin/Bot/Page.php

@@ -42,6 +42,7 @@ public function getPageParams(): array {
             'LOAD_UPLOT'                    => true,
             'JS'                            => 'admin_bot.js',
             'IS_ENRICHABLE'                 => $isEnrichable,
+            'OFFSET'                        => \Utils\TimeZones::getCurrentOperatorOffset(),
         ];
 
         if ($this->isPostRequest()) {

app/Controllers/Admin/Bots/Page.php

@@ -22,13 +22,14 @@ public function getPageParams(): array {
         $searchPlacholder = $this->f3->get('AdminBots_search_placeholder');
 
         $pageParams = [
-            'SEARCH_PLACEHOLDER' => $searchPlacholder,
-            'LOAD_UPLOT' => true,
-            'LOAD_DATATABLE' => true,
-            'LOAD_ACCEPT_LANGUAGE_PARSER' => true,
-            'LOAD_AUTOCOMPLETE' => true,
-            'HTML_FILE' => 'admin/bots.html',
-            'JS' => 'admin_bots.js',
+            'SEARCH_PLACEHOLDER'            => $searchPlacholder,
+            'LOAD_UPLOT'                    => true,
+            'LOAD_DATATABLE'                => true,
+            'LOAD_ACCEPT_LANGUAGE_PARSER'   => true,
+            'LOAD_AUTOCOMPLETE'             => true,
+            'HTML_FILE'                     => 'admin/bots.html',
+            'JS'                            => 'admin_bots.js',
+            'OFFSET'                        => \Utils\TimeZones::getCurrentOperatorOffset(),
         ];
 
         return parent::applyPageParams($pageParams);

app/Controllers/Admin/Countries/Page.php

@@ -22,12 +22,13 @@ public function getPageParams(): array {
         $searchPlacholder = $this->f3->get('AdminCountries_search_placeholder');
 
         $pageParams = [
-            'SEARCH_PLACEHOLDER' => $searchPlacholder,
-            'LOAD_JVECTORMAP' => true,
-            'LOAD_DATATABLE' => true,
-            'LOAD_AUTOCOMPLETE' => true,
-            'HTML_FILE' => 'admin/countries.html',
-            'JS' => 'admin_countries.js',
+            'SEARCH_PLACEHOLDER'    => $searchPlacholder,
+            'LOAD_JVECTORMAP'       => true,
+            'LOAD_DATATABLE'        => true,
+            'LOAD_AUTOCOMPLETE'     => true,
+            'HTML_FILE'             => 'admin/countries.html',
+            'JS'                    => 'admin_countries.js',
+            'OFFSET'                => \Utils\TimeZones::getCurrentOperatorOffset(),
         ];
 
         return parent::applyPageParams($pageParams);

app/Controllers/Admin/Country/Page.php

@@ -36,14 +36,15 @@ public function getPageParams(): array {
         $pageTitle = $this->getInternalPageTitleWithPostfix($country['value']);
 
         $pageParams = [
-            'LOAD_DATATABLE' => true,
-            'LOAD_UPLOT' => true,
-            'LOAD_AUTOCOMPLETE' => true,
-            'LOAD_ACCEPT_LANGUAGE_PARSER' => true,
-            'HTML_FILE' => 'admin/country.html',
-            'COUNTRY' => $country,
-            'PAGE_TITLE' => $pageTitle,
-            'JS' => 'admin_country.js',
+            'LOAD_DATATABLE'                => true,
+            'LOAD_UPLOT'                    => true,
+            'LOAD_AUTOCOMPLETE'             => true,
+            'LOAD_ACCEPT_LANGUAGE_PARSER'   => true,
+            'HTML_FILE'                     => 'admin/country.html',
+            'COUNTRY'                       => $country,
+            'PAGE_TITLE'                    => $pageTitle,
+            'JS'                            => 'admin_country.js',
+            'OFFSET'                        => \Utils\TimeZones::getCurrentOperatorOffset(),
         ];
 
         return parent::applyPageParams($pageParams);

app/Controllers/Admin/Domain/Page.php

@@ -45,6 +45,7 @@ public function getPageParams(): array {
             'LOAD_ACCEPT_LANGUAGE_PARSER'   => true,
             'JS'                            => 'admin_domain.js',
             'IS_ENRICHABLE'                 => $isEnrichable,
+            'OFFSET'                        => \Utils\TimeZones::getCurrentOperatorOffset(),
         ];
 
         if ($this->isPostRequest()) {

app/Controllers/Admin/Domains/Page.php

@@ -22,12 +22,13 @@ public function getPageParams(): array {
         $searchPlacholder = $this->f3->get('AdminDomains_search_placeholder');
 
         $pageParams = [
-            'SEARCH_PLACEHOLDER' => $searchPlacholder,
-            'LOAD_UPLOT' => true,
-            'LOAD_DATATABLE' => true,
-            'LOAD_AUTOCOMPLETE' => true,
-            'HTML_FILE' => 'admin/domains.html',
-            'JS' => 'admin_domains.js',
+            'SEARCH_PLACEHOLDER'    => $searchPlacholder,
+            'LOAD_UPLOT'            => true,
+            'LOAD_DATATABLE'        => true,
+            'LOAD_AUTOCOMPLETE'     => true,
+            'HTML_FILE'             => 'admin/domains.html',
+            'JS'                    => 'admin_domains.js',
+            'OFFSET'                => \Utils\TimeZones::getCurrentOperatorOffset(),
         ];
 
         return parent::applyPageParams($pageParams);

app/Controllers/Admin/Events/Page.php

@@ -16,24 +16,20 @@
 namespace Controllers\Admin\Events;
 
 class Page extends \Controllers\Pages\Base {
-    use \Traits\Filter;
-
     public $page = 'AdminEvents';
 
     public function getPageParams(): array {
-        [$startDate, $endDate] = $this->getFilter();
         $searchPlacholder = $this->f3->get('AdminEvents_search_placeholder');
 
         $pageParams = [
-            'FILTER_START_DATE' => $startDate,
-            'FILTER_END_DATE' => $endDate,
-            'SEARCH_PLACEHOLDER' => $searchPlacholder,
-            'LOAD_ACCEPT_LANGUAGE_PARSER' => true,
-            'LOAD_UPLOT' => true,
-            'LOAD_DATATABLE' => true,
-            'LOAD_AUTOCOMPLETE' => true,
-            'HTML_FILE' => 'admin/events.html',
-            'JS' => 'admin_events.js',
+            'SEARCH_PLACEHOLDER'            => $searchPlacholder,
+            'LOAD_ACCEPT_LANGUAGE_PARSER'   => true,
+            'LOAD_UPLOT'                    => true,
+            'LOAD_DATATABLE'                => true,
+            'LOAD_AUTOCOMPLETE'             => true,
+            'HTML_FILE'                     => 'admin/events.html',
+            'JS'                            => 'admin_events.js',
+            'OFFSET'                        => \Utils\TimeZones::getCurrentOperatorOffset(),
         ];
 
         return parent::applyPageParams($pageParams);

app/Controllers/Admin/Home/Data.php

@@ -26,50 +26,7 @@ public function getChart(int $apiKey): array {
 
         $model = array_key_exists($mode, $modelMap) ? new $modelMap[$mode]() : null;
 
-        if (in_array($mode, \Utils\Constants::LINE_CHARTS)) {
-            return $model->getData($apiKey);
-        }
-
-        $itemsByDate = [];
-        $items = $model ? $model->getData($apiKey) : [];
-
-        foreach ($items as $item) {
-            $ts = strtotime($item['day']);
-            $dt = date('Y-m-d', $ts);
-            $itemsByDate[$dt] = $item['event_count'];
-        }
-
-        $datesRange = $this->getLatest180DatesRange();
-        $itemsByDate = $this->addEmptyDays($itemsByDate, $datesRange);
-
-        $ox = [];
-        $data = [];
-
-        foreach ($itemsByDate as $key => $value) {
-            $ox[] = strtotime($key);
-            $data[] = $value;
-        }
-
-        return [$ox, $data];
-    }
-
-    //TODO: move to base chart model component and use in the Bar charts models
-    private function addEmptyDays(array $itemsByDate, array $datesRange): array {
-        $endTs = strtotime($datesRange['endDate']);
-        $startTs = strtotime($datesRange['startDate']);
-
-        while ($endTs > $startTs) {
-            $dt = date('Y-m-d', $startTs);
-            if (!isset($itemsByDate[$dt])) {
-                $itemsByDate[$dt] = null;
-            }
-
-            $startTs = strtotime('+1 day', $startTs);
-        }
-
-        ksort($itemsByDate);
-
-        return $itemsByDate;
+        return $model ? $model->getData($apiKey) : [[], []];
     }
 
     public function getStat(int $apiKey): array {

app/Controllers/Admin/Home/Page.php

@@ -16,20 +16,15 @@
 namespace Controllers\Admin\Home;
 
 class Page extends \Controllers\Pages\Base {
-    use \Traits\Filter;
-
     public $page = 'AdminHome';
 
     public function getPageParams(): array {
-        [$startDate, $endDate] = $this->getFilter();
-
         $pageParams = [
-            'FILTER_START_DATE' => $startDate,
-            'FILTER_END_DATE' => $endDate,
-            'LOAD_DATATABLE' => true,
+            'LOAD_DATATABLE'    => true,
             'LOAD_AUTOCOMPLETE' => true,
-            'HTML_FILE' => 'admin/home.html',
-            'JS' => 'admin_dashboard.js',
+            'HTML_FILE'         => 'admin/home.html',
+            'JS'                => 'admin_dashboard.js',
+            'OFFSET'            => \Utils\TimeZones::getCurrentOperatorOffset(),
         ];
 
         return parent::applyPageParams($pageParams);

app/Controllers/Admin/IP/Page.php

@@ -43,6 +43,7 @@ public function getPageParams(): array {
             'LOAD_ACCEPT_LANGUAGE_PARSER'   => true,
             'JS'                            => 'admin_ip.js',
             'IS_ENRICHABLE'                 => $isEnrichable,
+            'OFFSET'                        => \Utils\TimeZones::getCurrentOperatorOffset(),
         ];
 
         if ($this->isPostRequest()) {

app/Controllers/Admin/IPs/Page.php

@@ -22,12 +22,13 @@ public function getPageParams(): array {
         $searchPlacholder = $this->f3->get('AdminIps_search_placeholder');
 
         $pageParams = [
-            'SEARCH_PLACEHOLDER' => $searchPlacholder,
-            'LOAD_UPLOT' => true,
-            'LOAD_DATATABLE' => true,
-            'LOAD_AUTOCOMPLETE' => true,
-            'HTML_FILE' => 'admin/ips.html',
-            'JS' => 'admin_ips.js',
+            'SEARCH_PLACEHOLDER'    => $searchPlacholder,
+            'LOAD_UPLOT'            => true,
+            'LOAD_DATATABLE'        => true,
+            'LOAD_AUTOCOMPLETE'     => true,
+            'HTML_FILE'             => 'admin/ips.html',
+            'JS'                    => 'admin_ips.js',
+            'OFFSET'                => \Utils\TimeZones::getCurrentOperatorOffset(),
         ];
 
         return parent::applyPageParams($pageParams);