From 925c7562153a0ef656cf5199e892e8d4e7616804 Mon Sep 17 00:00:00 2001
From: Mike Cao <moocao@gmail.com>
Date: Sat, 1 Mar 2025 16:29:35 -0800
Subject: [PATCH] Updated salt methods.

---
 next-env.d.ts                       |  2 +-
 src/app/api/send/route.ts           | 25 +++++++++++++++----------
 src/lib/crypto.ts                   | 15 +--------------
 src/queries/sql/events/saveEvent.ts |  3 +--
 4 files changed, 18 insertions(+), 27 deletions(-)

diff --git a/next-env.d.ts b/next-env.d.ts
index 1b3be084..40c3d680 100644
--- a/next-env.d.ts
+++ b/next-env.d.ts
@@ -2,4 +2,4 @@
 /// <reference types="next/image-types/global" />
 
 // NOTE: This file should not be edited
-// see https://nextjs.org/docs/app/api-reference/config/typescript for more information.
+// see https://nextjs.org/docs/app/building-your-application/configuring/typescript for more information.
diff --git a/src/app/api/send/route.ts b/src/app/api/send/route.ts
index b9556ddd..8519a73e 100644
--- a/src/app/api/send/route.ts
+++ b/src/app/api/send/route.ts
@@ -1,12 +1,13 @@
 import { z } from 'zod';
 import { isbot } from 'isbot';
-import { createToken, parseToken } from '@/lib/jwt';
+import { startOfHour, startOfMonth } from 'date-fns';
 import clickhouse from '@/lib/clickhouse';
 import { parseRequest } from '@/lib/request';
 import { badRequest, json, forbidden, serverError } from '@/lib/response';
 import { fetchSession, fetchWebsite } from '@/lib/load';
 import { getClientInfo, hasBlockedIp } from '@/lib/detect';
-import { secret, uuid, visitSalt } from '@/lib/crypto';
+import { createToken, parseToken } from '@/lib/jwt';
+import { secret, uuid, hash } from '@/lib/crypto';
 import { COLLECTION_TYPE } from '@/lib/constants';
 import { anyObjectParam, urlOrPathParam } from '@/lib/schema';
 import { createSession, saveEvent, saveSessionData } from '@/queries';
@@ -89,8 +90,13 @@ export async function POST(request: Request) {
       return forbidden();
     }
 
-    const sessionId = uuid(websiteId, ip, userAgent);
     const createdAt = timestamp ? new Date(timestamp * 1000) : new Date();
+    const now = Math.floor(new Date().getTime() / 1000);
+
+    const sessionSalt = hash(startOfMonth(createdAt).toUTCString());
+    const visitSalt = hash(startOfHour(createdAt).toUTCString());
+
+    const sessionId = uuid(websiteId, ip, userAgent, sessionSalt);
 
     // Find session
     if (!clickhouse.enabled && !cache?.sessionId) {
@@ -122,14 +128,13 @@ export async function POST(request: Request) {
     }
 
     // Visit info
-    const createdAt = Math.floor((reqCreatedAt || new Date()).getTime() / 1000);
-    let visitId = cache?.visitId || uuid(sessionId, visitSalt());
-    let iat = cache?.iat || createdAt;
+    let visitId = cache?.visitId || uuid(sessionId, visitSalt);
+    let iat = cache?.iat || now;
 
     // Expire visit after 30 minutes
-    if (createdAt - iat > 1800) {
-      visitId = uuid(sessionId, visitSalt());
-      iat = createdAt;
+    if (!timestamp && now - iat > 1800) {
+      visitId = uuid(sessionId, visitSalt);
+      iat = now;
     }
 
     if (type === COLLECTION_TYPE.event) {
@@ -201,7 +206,7 @@ export async function POST(request: Request) {
 
     const token = createToken({ websiteId, sessionId, visitId, iat }, secret());
 
-    return json({ cache: token });
+    return json({ cache: token, sessionId, visitId });
   } catch (e) {
     return serverError(e);
   }
diff --git a/src/lib/crypto.ts b/src/lib/crypto.ts
index a4ff3a52..d22bad09 100644
--- a/src/lib/crypto.ts
+++ b/src/lib/crypto.ts
@@ -1,5 +1,4 @@
 import crypto from 'crypto';
-import { startOfHour, startOfMonth } from 'date-fns';
 import prand from 'pure-rand';
 import { v4, v5 } from 'uuid';
 
@@ -77,20 +76,8 @@ export function secret() {
   return hash(process.env.APP_SECRET || process.env.DATABASE_URL);
 }
 
-export function salt() {
-  const ROTATING_SALT = hash(startOfMonth(new Date()).toUTCString());
-
-  return hash(secret(), ROTATING_SALT);
-}
-
-export function visitSalt() {
-  const ROTATING_SALT = hash(startOfHour(new Date()).toUTCString());
-
-  return hash(secret(), ROTATING_SALT);
-}
-
 export function uuid(...args: any) {
   if (!args.length) return v4();
 
-  return v5(hash(...args, salt()), v5.DNS);
+  return v5(hash(...args, secret()), v5.DNS);
 }
diff --git a/src/queries/sql/events/saveEvent.ts b/src/queries/sql/events/saveEvent.ts
index 5df276e1..148b03f3 100644
--- a/src/queries/sql/events/saveEvent.ts
+++ b/src/queries/sql/events/saveEvent.ts
@@ -83,7 +83,6 @@ async function relationalQuery(data: {
       pageTitle: pageTitle?.substring(0, PAGE_TITLE_LENGTH),
       eventType: eventName ? EVENT_TYPE.customEvent : EVENT_TYPE.pageView,
       eventName: eventName ? eventName?.substring(0, EVENT_NAME_LENGTH) : null,
-      createdAt,
       tag,
       createdAt,
     },
@@ -194,7 +193,7 @@ async function clickhouseQuery(data: {
       urlPath: urlPath?.substring(0, URL_LENGTH),
       eventName: eventName?.substring(0, EVENT_NAME_LENGTH),
       eventData,
-      createdAt: createdAtUTC,
+      createdAt,
     });
   }