Add rrweb-based session recording feature.

Implements full session recording with rrweb for DOM capture and rrweb-player for playback. Includes: Prisma schema for SessionRecording model, chunked gzip-compressed storage, recorder script built via Rollup, collection API endpoint, recordings list/playback UI pages, website recording settings, and cascade delete support. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-11 08:07:12 +01:00 · 2026-02-06 15:49:59 -08:00 · 2026-02-06 15:49:59 -08:00 · 72b5c658e2
commit 72b5c658e2
parent b9eb5f9800
36 changed files with 1131 additions and 21 deletions
--- a/src/app/api/websites/[websiteId]/recordings/[sessionId]/route.ts
+++ b/src/app/api/websites/[websiteId]/recordings/[sessionId]/route.ts
@ -0,0 +1,41 @@
+import { gunzipSync } from 'node:zlib';
+import { parseRequest } from '@/lib/request';
+import { json, unauthorized } from '@/lib/response';
+import { canViewWebsite } from '@/permissions';
+import { getRecordingChunks } from '@/queries/sql';
+
+export async function GET(
+  request: Request,
+  { params }: { params: Promise<{ websiteId: string; sessionId: string }> },
+) {
+  const { auth, error } = await parseRequest(request);
+
+  if (error) {
+    return error();
+  }
+
+  const { websiteId, sessionId } = await params;
+
+  if (!(await canViewWebsite(auth, websiteId))) {
+    return unauthorized();
+  }
+
+  const chunks = await getRecordingChunks(websiteId, sessionId);
+
+  // Decompress and concatenate all chunks
+  const allEvents = chunks.flatMap(chunk => {
+    const decompressed = gunzipSync(Buffer.from(chunk.events));
+    return JSON.parse(decompressed.toString('utf-8'));
+  });
+
+  const startedAt = chunks.length > 0 ? chunks[0].startedAt : null;
+  const endedAt = chunks.length > 0 ? chunks[chunks.length - 1].endedAt : null;
+
+  return json({
+    events: allEvents,
+    startedAt,
+    endedAt,
+    eventCount: allEvents.length,
+    chunkCount: chunks.length,
+  });
+}
--- a/src/app/api/websites/[websiteId]/recordings/route.ts
+++ b/src/app/api/websites/[websiteId]/recordings/route.ts
@ -0,0 +1,35 @@
+import { z } from 'zod';
+import { getQueryFilters, parseRequest } from '@/lib/request';
+import { json, unauthorized } from '@/lib/response';
+import { dateRangeParams, pagingParams, searchParams } from '@/lib/schema';
+import { canViewWebsite } from '@/permissions';
+import { getSessionRecordings } from '@/queries/sql';
+
+export async function GET(
+  request: Request,
+  { params }: { params: Promise<{ websiteId: string }> },
+) {
+  const schema = z.object({
+    ...dateRangeParams,
+    ...pagingParams,
+    ...searchParams,
+  });
+
+  const { auth, query, error } = await parseRequest(request, schema);
+
+  if (error) {
+    return error();
+  }
+
+  const { websiteId } = await params;
+
+  if (!(await canViewWebsite(auth, websiteId))) {
+    return unauthorized();
+  }
+
+  const filters = await getQueryFilters(query, websiteId);
+
+  const data = await getSessionRecordings(websiteId, filters);
+
+  return json(data);
+}
--- a/src/app/api/websites/[websiteId]/route.ts
+++ b/src/app/api/websites/[websiteId]/route.ts
@ -42,6 +42,17 @@ export async function POST(
    name: z.string().optional(),
    domain: z.string().optional(),
    shareId: z.string().max(50).nullable().optional(),
+    recordingEnabled: z.boolean().optional(),
+    recordingConfig: z
+      .object({
+        sampleRate: z.number().min(0).max(1).optional(),
+        maskLevel: z.enum(['strict', 'moderate', 'relaxed']).optional(),
+        maxDuration: z.number().int().positive().optional(),
+        blockSelector: z.string().optional(),
+        retentionDays: z.number().int().positive().optional(),
+      })
+      .nullable()
+      .optional(),
  });

  const { auth, body, error } = await parseRequest(request, schema);
@ -51,14 +62,19 @@ export async function POST(
  }

  const { websiteId } = await params;
-  const { name, domain, shareId } = body;
+  const { name, domain, shareId, recordingEnabled, recordingConfig } = body;

  if (!(await canUpdateWebsite(auth, websiteId))) {
    return unauthorized();
  }

  try {
-    const website = await updateWebsite(websiteId, { name, domain });
+    const website = await updateWebsite(websiteId, {
+      name,
+      domain,
+      ...(recordingEnabled !== undefined && { recordingEnabled }),
+      ...(recordingConfig !== undefined && { recordingConfig }),
+    });

    if (shareId === null) {
      await deleteSharesByEntityId(website.id);