update visitId hash and expiration logic

2024-03-25 17:47:53 -07:00
parent d3ca856521
commit 0aaf2c0b3b
5 changed files with 44 additions and 10 deletions
--- a/src/lib/crypto.ts
+++ b/src/lib/crypto.ts
@@ -1,4 +1,4 @@
-import { startOfMonth } from 'date-fns';
+import { startOfHour, startOfMonth } from 'date-fns';
 import { hash } from 'next-basics';
 import { v4, v5, validate } from 'uuid';

@@ -12,6 +12,12 @@ export function salt() {
  return hash(secret(), ROTATING_SALT);
 }

+export function sessionSalt() {
+  const ROTATING_SALT = hash(startOfHour(new Date()).toUTCString());
+
+  return hash(secret(), ROTATING_SALT);
+}
+
 export function uuid(...args: any) {
  if (!args.length) return v4();

--- a/src/lib/session.ts
+++ b/src/lib/session.ts
@@ -1,4 +1,4 @@
-import { isUuid, secret, uuid } from 'lib/crypto';
+import { isUuid, secret, sessionSalt, uuid } from 'lib/crypto';
 import { getClientInfo } from 'lib/detect';
 import { parseToken } from 'next-basics';
 import { NextApiRequestCollect } from 'pages/api/send';
@@ -10,6 +10,7 @@ import { loadSession, loadWebsite } from './load';
 export async function findSession(req: NextApiRequestCollect): Promise<{
  id: any;
  websiteId: string;
+  visitId: string;
  hostname: string;
  browser: string;
  os: any;
@@ -67,12 +68,14 @@ export async function findSession(req: NextApiRequestCollect): Promise<{
    await getClientInfo(req, payload);

  const sessionId = uuid(websiteId, hostname, ip, userAgent);
+  const visitId = uuid(sessionId, sessionSalt());

  // Clickhouse does not require session lookup
  if (clickhouse.enabled) {
    return {
      id: sessionId,
      websiteId,
+      visitId,
      hostname,
      browser,
      os: os as any,
@@ -114,7 +117,7 @@ export async function findSession(req: NextApiRequestCollect): Promise<{
    }
  }

-  return { ...session, ownerId: website.userId };
+  return { ...session, ownerId: website.userId, visitId: visitId };
 }

 async function checkUserBlock(userId: string) {