Updated salt methods.

2026-02-04 04:37:11 +01:00 · 2025-03-01 16:29:35 -08:00 · 2025-03-01 16:29:35 -08:00 · 925c756215
commit 925c756215
parent 0a5a79e046
4 changed files with 18 additions and 27 deletions
--- a/next-env.d.ts
+++ b/next-env.d.ts
@ -2,4 +2,4 @@
 /// <reference types="next/image-types/global" />
 // NOTE: This file should not be edited
-// see https://nextjs.org/docs/app/api-reference/config/typescript for more information.
+// see https://nextjs.org/docs/app/building-your-application/configuring/typescript for more information.
--- a/src/app/api/send/route.ts
+++ b/src/app/api/send/route.ts
@ -1,12 +1,13 @@
 import { z } from 'zod';
 import { isbot } from 'isbot';
-import { createToken, parseToken } from '@/lib/jwt';
+import { startOfHour, startOfMonth } from 'date-fns';
 import clickhouse from '@/lib/clickhouse';
 import { parseRequest } from '@/lib/request';
 import { badRequest, json, forbidden, serverError } from '@/lib/response';
 import { fetchSession, fetchWebsite } from '@/lib/load';
 import { getClientInfo, hasBlockedIp } from '@/lib/detect';
-import { secret, uuid, visitSalt } from '@/lib/crypto';
+import { createToken, parseToken } from '@/lib/jwt';
 import { secret, uuid, hash } from '@/lib/crypto';
 import { COLLECTION_TYPE } from '@/lib/constants';
 import { anyObjectParam, urlOrPathParam } from '@/lib/schema';
 import { createSession, saveEvent, saveSessionData } from '@/queries';
@ -89,8 +90,13 @@ export async function POST(request: Request) {
      return forbidden();
    }
    const sessionId = uuid(websiteId, ip, userAgent);
    const createdAt = timestamp ? new Date(timestamp * 1000) : new Date();
    const now = Math.floor(new Date().getTime() / 1000);
    const sessionSalt = hash(startOfMonth(createdAt).toUTCString());
    const visitSalt = hash(startOfHour(createdAt).toUTCString());
    const sessionId = uuid(websiteId, ip, userAgent, sessionSalt);
    // Find session
    if (!clickhouse.enabled && !cache?.sessionId) {
@ -122,14 +128,13 @@ export async function POST(request: Request) {
    }
    // Visit info
-    const createdAt = Math.floor((reqCreatedAt || new Date()).getTime() / 1000);
+    let visitId = cache?.visitId || uuid(sessionId, visitSalt);
-    let visitId = cache?.visitId || uuid(sessionId, visitSalt());
+    let iat = cache?.iat || now;
    let iat = cache?.iat || createdAt;
    // Expire visit after 30 minutes
-    if (createdAt - iat > 1800) {
+    if (!timestamp && now - iat > 1800) {
-      visitId = uuid(sessionId, visitSalt());
+      visitId = uuid(sessionId, visitSalt);
-      iat = createdAt;
+      iat = now;
    }
    if (type === COLLECTION_TYPE.event) {
@ -201,7 +206,7 @@ export async function POST(request: Request) {
    const token = createToken({ websiteId, sessionId, visitId, iat }, secret());
-    return json({ cache: token });
+    return json({ cache: token, sessionId, visitId });
  } catch (e) {
    return serverError(e);
  }
--- a/src/lib/crypto.ts
+++ b/src/lib/crypto.ts
@ -1,5 +1,4 @@
 import crypto from 'crypto';
 import { startOfHour, startOfMonth } from 'date-fns';
 import prand from 'pure-rand';
 import { v4, v5 } from 'uuid';
@ -77,20 +76,8 @@ export function secret() {
  return hash(process.env.APP_SECRET || process.env.DATABASE_URL);
 }
 export function salt() {
  const ROTATING_SALT = hash(startOfMonth(new Date()).toUTCString());
  return hash(secret(), ROTATING_SALT);
 }
 export function visitSalt() {
  const ROTATING_SALT = hash(startOfHour(new Date()).toUTCString());
  return hash(secret(), ROTATING_SALT);
 }
 export function uuid(...args: any) {
  if (!args.length) return v4();
-  return v5(hash(...args, salt()), v5.DNS);
+  return v5(hash(...args, secret()), v5.DNS);
 }
--- a/src/queries/sql/events/saveEvent.ts
+++ b/src/queries/sql/events/saveEvent.ts
@ -83,7 +83,6 @@ async function relationalQuery(data: {
      pageTitle: pageTitle?.substring(0, PAGE_TITLE_LENGTH),
      eventType: eventName ? EVENT_TYPE.customEvent : EVENT_TYPE.pageView,
      eventName: eventName ? eventName?.substring(0, EVENT_NAME_LENGTH) : null,
      createdAt,
      tag,
      createdAt,
    },
@ -194,7 +193,7 @@ async function clickhouseQuery(data: {
      urlPath: urlPath?.substring(0, URL_LENGTH),
      eventName: eventName?.substring(0, EVENT_NAME_LENGTH),
      eventData,
-      createdAt: createdAtUTC,
+      createdAt,
    });
  }