fix: vector blocked traffic batch

Author: izadoesdev

apps/basket/src/lib/blocked-traffic.ts

@@ -6,10 +6,7 @@ import { sanitizeString, VALIDATION_LIMITS } from "../utils/validation";
 import { logger } from "./logger";
 import { sendEvent } from "./producer";
 
-/**
- * Log blocked traffic for security and monitoring purposes
- */
-export async function logBlockedTraffic(
+async function _logBlockedTrafficAsync(
 	request: Request,
 	body: any,
 	_query: any,
@@ -106,3 +103,28 @@ export async function logBlockedTraffic(
 		logger.error({ error }, "Failed to log blocked traffic");
 	}
 }
+
+/**
+ * Log blocked traffic for security and monitoring purposes (fire-and-forget)
+ */
+export function logBlockedTraffic(
+	request: Request,
+	body: any,
+	query: any,
+	blockReason: string,
+	blockCategory: string,
+	botName?: string,
+	clientId?: string
+): void {
+	_logBlockedTrafficAsync(
+		request,
+		body,
+		query,
+		blockReason,
+		blockCategory,
+		botName,
+		clientId
+	).catch((error) => {
+		logger.error({ error }, "Failed to log blocked traffic");
+	});
+}

apps/basket/src/lib/event-service.ts

@@ -16,7 +16,7 @@ import {
 } from "../utils/validation";
 import { logger } from "./logger";
 import { sendEvent, sendEventBatch } from "./producer";
-import { checkDuplicate } from "./security";
+import { checkDuplicate, getDailySalt, saltAnonymousId } from "./security";
 
 /**
  * Insert an error event into the database
@@ -291,16 +291,25 @@ export async function insertTrackEvent(
 		eventId = randomUUID();
 	}
 
-	const [isDuplicate, geoData] = await Promise.all([
+	const [isDuplicate, geoData, salt] = await Promise.all([
 		checkDuplicate(eventId, "track"),
 		getGeo(ip),
+		getDailySalt(),
 	]);
 
 	if (isDuplicate) {
 		console.timeEnd("insertTrackEvent");
 		return;
 	}
 
+	let anonymousId = sanitizeString(
+		trackData.anonymousId,
+		VALIDATION_LIMITS.SHORT_STRING_MAX_LENGTH
+	);
+	if (anonymousId) {
+		anonymousId = saltAnonymousId(anonymousId, salt);
+	}
+
 	const { anonymizedIP, country, region, city } = geoData;
 	const {
 		browserName,
@@ -320,10 +329,7 @@ export async function insertTrackEvent(
 			trackData.name,
 			VALIDATION_LIMITS.SHORT_STRING_MAX_LENGTH
 		),
-		anonymous_id: sanitizeString(
-			trackData.anonymousId,
-			VALIDATION_LIMITS.SHORT_STRING_MAX_LENGTH
-		),
+		anonymous_id: anonymousId,
 		time: typeof trackData.timestamp === "number" ? trackData.timestamp : now,
 		session_id: validateSessionId(trackData.sessionId),
 		event_type: "track",

apps/basket/src/lib/request-validation.ts

@@ -52,7 +52,7 @@ export async function validateRequest(
 ): Promise<ValidationResult | ValidationError> {
 	console.time("validateRequest");
 	if (!validatePayloadSize(body, VALIDATION_LIMITS.PAYLOAD_MAX_SIZE)) {
-		await logBlockedTraffic(
+		logBlockedTraffic(
 			request,
 			body,
 			query,
@@ -68,7 +68,7 @@ export async function validateRequest(
 		VALIDATION_LIMITS.SHORT_STRING_MAX_LENGTH
 	);
 	if (!clientId) {
-		await logBlockedTraffic(
+		logBlockedTraffic(
 			request,
 			body,
 			query,
@@ -81,7 +81,7 @@ export async function validateRequest(
 
 	const website = await getWebsiteByIdV2(clientId);
 	if (!website || website.status !== "ACTIVE") {
-		await logBlockedTraffic(
+		logBlockedTraffic(
 			request,
 			body,
 			query,
@@ -101,7 +101,7 @@ export async function validateRequest(
 			const data = await checkAutumnCached(website.ownerId);
 
 			if (data && !(data.allowed || data.overage_allowed)) {
-				await logBlockedTraffic(
+				logBlockedTraffic(
 					request,
 					body,
 					query,
@@ -120,7 +120,7 @@ export async function validateRequest(
 
 	const origin = request.headers.get("origin");
 	if (origin && !isValidOrigin(origin, website.domain)) {
-		await logBlockedTraffic(
+		logBlockedTraffic(
 			request,
 			body,
 			query,
@@ -155,16 +155,16 @@ export async function validateRequest(
  * Check if request is from a bot
  * Returns error object if bot detected, undefined otherwise
  */
-export async function checkForBot(
+export function checkForBot(
 	request: Request,
 	body: any,
 	query: any,
 	clientId: string,
 	userAgent: string
-): Promise<{ error?: { status: string } } | undefined> {
+): { error?: { status: string } } | undefined {
 	const botCheck = detectBot(userAgent, request);
 	if (botCheck.isBot) {
-		await logBlockedTraffic(
+		logBlockedTraffic(
 			request,
 			body,
 			query,

apps/basket/src/lib/security.ts

@@ -1,38 +1,46 @@
 import crypto, { createHash } from "node:crypto";
-import { redis } from "@databuddy/redis";
+import { cacheable, redis } from "@databuddy/redis";
 import { logger } from "./logger";
 
-const MS_PER_DAY = 24 * 60 * 60 * 1000;
-const SALT_TTL = 60 * 60 * 24;
 const EXIT_EVENT_TTL = 172_800;
 const STANDARD_EVENT_TTL = 86_400;
 
 function getCurrentDay(): number {
+	const MS_PER_DAY = 24 * 60 * 60 * 1000;
 	return Math.floor(Date.now() / MS_PER_DAY);
 }
 
-export async function getDailySalt(): Promise<string> {
-	console.time("getDailySalt");
-	const saltKey = `salt:${getCurrentDay()}`;
-	try {
-		const salt = await redis.get(saltKey);
-		if (salt) {
+export const getDailySalt = cacheable(
+	async (): Promise<string> => {
+		console.time("getDailySalt");
+		const saltKey = `salt:${getCurrentDay()}`;
+		try {
+			const salt = await redis.get(saltKey);
+			if (salt) {
+				console.timeEnd("getDailySalt");
+				return salt;
+			}
+
+			const newSalt = crypto.randomBytes(32).toString("hex");
+			const SALT_TTL = 60 * 60 * 24;
+			redis.setex(saltKey, SALT_TTL, newSalt).catch((error) => {
+				logger.error({ error }, "Failed to set daily salt in Redis");
+			});
+			console.timeEnd("getDailySalt");
+			return newSalt;
+		} catch (error) {
+			logger.error({ error }, "Failed to get daily salt from Redis");
 			console.timeEnd("getDailySalt");
-			return salt;
+			return crypto.randomBytes(32).toString("hex");
 		}
-
-		const newSalt = crypto.randomBytes(32).toString("hex");
-		redis.setex(saltKey, SALT_TTL, newSalt).catch((error) => {
-			logger.error({ error }, "Failed to set daily salt in Redis");
-		});
-		console.timeEnd("getDailySalt");
-		return newSalt;
-	} catch (error) {
-		logger.error({ error }, "Failed to get daily salt from Redis");
-		console.timeEnd("getDailySalt");
-		return crypto.randomBytes(32).toString("hex");
+	},
+	{
+		expireInSec: 3600,
+		prefix: "daily_salt",
+		staleWhileRevalidate: true,
+		staleTime: 300,
 	}
-}
+);
 
 export function saltAnonymousId(anonymousId: string, salt: string): string {
 	try {
@@ -49,18 +57,12 @@ export async function checkDuplicate(
 ): Promise<boolean> {
 	console.time("checkDuplicate");
 	const key = `dedup:${eventType}:${eventId}`;
-	try {
-		if (await redis.exists(key)) {
-			console.timeEnd("checkDuplicate");
-			return true;
-		}
+	const ttl = eventId.startsWith("exit_") ? EXIT_EVENT_TTL : STANDARD_EVENT_TTL;
 
-		const ttl = eventId.startsWith("exit_") ? EXIT_EVENT_TTL : STANDARD_EVENT_TTL;
-		redis.setex(key, ttl, "1").catch((error) => {
-			logger.error({ error, eventId, eventType }, "Failed to set duplicate key in Redis");
-		});
+	try {
+		const result = await redis.set(key, "1", "EX", ttl, "NX");
 		console.timeEnd("checkDuplicate");
-		return false;
+		return result === null;
 	} catch (error) {
 		logger.error({ error, eventId, eventType }, "Failed to check duplicate event in Redis");
 		console.timeEnd("checkDuplicate");