chore: make it even more anonymous

2025-02-07 22:25:55 +01:00 · 2025-02-07 22:25:55 +01:00 · 272296bfe0
commit 272296bfe0
parent 56efecc7ce
3 changed files with 31 additions and 10 deletions
--- a/prisma/migrations/20250207212502_analytics_privacy/migration.sql
+++ b/prisma/migrations/20250207212502_analytics_privacy/migration.sql
@ -0,0 +1,22 @@
+/*
+  Warnings:
+
+  - You are about to drop the column `ipAddress` on the `VisitorAnalytics` table. All the data in the column will be lost.
+  - You are about to drop the column `referrer` on the `VisitorAnalytics` table. All the data in the column will be lost.
+  - You are about to drop the column `userAgent` on the `VisitorAnalytics` table. All the data in the column will be lost.
+
+*/
+-- RedefineTables
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_VisitorAnalytics" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "path" TEXT NOT NULL,
+    "uniqueId" TEXT,
+    "timestamp" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+INSERT INTO "new_VisitorAnalytics" ("id", "path", "timestamp") SELECT "id", "path", "timestamp" FROM "VisitorAnalytics";
+DROP TABLE "VisitorAnalytics";
+ALTER TABLE "new_VisitorAnalytics" RENAME TO "VisitorAnalytics";
+CREATE UNIQUE INDEX "VisitorAnalytics_id_key" ON "VisitorAnalytics"("id");
+PRAGMA foreign_key_check;
+PRAGMA foreign_keys=ON;
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@ -68,8 +68,6 @@ model Settings {
 model VisitorAnalytics {
    id        String   @id @unique @default(uuid())
    path      String // The page path that was visited
-    userAgent String? // Browser user agent
-    ipAddress String? // Visitor IP address (hashed for privacy)
-    referrer  String? // Where the visitor came from
+    uniqueId  String?
    timestamp DateTime @default(now())
 }
--- a/server/controllers/analytics.js
+++ b/server/controllers/analytics.js
@ -6,9 +6,12 @@ import prisma from '../services/prisma.js';

 const { enabled, ipSalt } = config.get('analytics');

-function hashIP(ip) {
+function createUniqueId(ip, userAgent) {
    // Use HMAC for secure hashing
-    return crypto.createHmac('sha256', ipSalt).update(ip).digest('hex');
+    return crypto
+        .createHmac('sha256', ipSalt)
+        .update(ip + userAgent)
+        .digest('hex');
 }

 // Validate path to prevent malicious inputs
@ -39,9 +42,9 @@ async function analytics(fastify) {
            }

            try {
-                const { path, referrer } = request.body;
+                const { path } = request.body;
                const userAgent = request.headers['user-agent'];
-                const ipAddress = hashIP(getClientIp(request.headers));
+                const uniqueId = createUniqueId(getClientIp(request.headers), userAgent);

                if (isbot(userAgent)) {
                    return reply.code(403).send({ success: false });
@ -55,9 +58,7 @@ async function analytics(fastify) {
                await prisma.visitorAnalytics.create({
                    data: {
                        path,
-                        userAgent,
-                        ipAddress,
-                        referrer: referrer?.slice(0, 1024) || '', // Limit referrer length
+                        uniqueId,
                    },
                });