search

brave / ads-ui

Self-service ads UI
Mozilla Public License 2.0
25 stars 11 forks source link

feat: use new performance apis for search campaigns #1127

Closed tackley closed 8 months ago

tackley commented 8 months ago

Use the updated performance apis that do server-based aggregation, so the screens do not overwhelm the browser on large campaigns.

To introduce this incrementally, this is being added for search campaigns only initially, with the intention of subsequently switching other campaign types to use this in due course.

Although the original intention was to keep the UI the same, this required a lot of throw-away work, so I've brought in the experience of what we now do on our internal dashboards.

Outstanding steps:

github-actions[bot] commented 8 months ago

[puLL-Merge] - brave/ads-ui@1127

Description

This PR introduces several updates across different files, primarily focusing on enhancing analytics features, integrating grid system properties, and refining metric collection and representation in the ads-ui system. The motivation behind these changes seems to be to provide more detailed and granular analytics, particularly for campaign performance, and to introduce a more flexible grid system for UI elements.

Changes ### Changes - **`.eslintrc.js`**: Added rules for new grid system properties, enabling linting support for `gridTemplateColumns`, `gridTemplateRows`, and `gridTemplateAreas`. - **`src/graphql/analytics-overview.generated.tsx` and `src/graphql/analytics-overview.graphql`**: Expanded analytics with new types and queries, particularly around campaign metrics, daily values, ad set metrics, and detailed campaign metric values. This includes renaming certain fragments for clarity and consistency. - **`src/graphql/campaign.generated.tsx` and `src/graphql/campaign.graphql`**: Added a new query for loading campaign summaries, which includes a comprehensive list of campaign properties such as name, state, budget, and more.

Security Hotspots

  1. Exposure of Sensitive Data: Given the expansion in the analytics and metrics queries, there's potential risk related to the exposure of sensitive campaign data. Care should be taken to ensure that data is accessed only by authorized users and that any public facing APIs are properly secured. (High Risk)
  2. Injection Vulnerabilities: The addition of detailed analytics queries increases the surface area for injection attacks, especially if user input is used to construct or filter queries. Special attention should be paid to validating and sanitizing inputs to these queries. (Medium Risk)
  3. Performance Implications: With the introduction of more complex queries and potentially large datasets (e.g., daily metrics for campaigns), there's a risk of performance degradation, either through slow query times or increased load on the server. It's essential to monitor performance and optimize queries as needed. (Medium Risk)