dep better-auth

Author: izadoesdev

apps/basket/src/lib/request-validation.ts

@@ -46,10 +46,21 @@ export function validateRequest(
 			return { error: { status: "error", message: "Payload too large" } };
 		}
 
-		const clientId = sanitizeString(
+		let clientId = sanitizeString(
 			query.client_id,
 			VALIDATION_LIMITS.SHORT_STRING_MAX_LENGTH
 		);
+
+		if (!clientId) {
+			const headerClientId = request.headers.get("databuddy-client-id");
+			if (headerClientId) {
+				clientId = sanitizeString(
+					headerClientId,
+					VALIDATION_LIMITS.SHORT_STRING_MAX_LENGTH
+				);
+			}
+		}
+
 		if (!clientId) {
 			logBlockedTraffic(
 				request,

apps/basket/src/routes/basket.ts

@@ -151,10 +151,11 @@ function processErrorEventData(
 	ip: string
 ): Promise<ErrorEvent> {
 	return record("processErrorEventData", async () => {
-		const payload = errorData.payload;
-		const eventId = parseEventId(payload.eventId, randomUUID);
+		// Support both envelope format (payload) and direct format
+		const payload = errorData.payload || errorData;
+		const eventId = parseEventId(payload.eventId || errorData.eventId, randomUUID);
 		const now = Date.now();
-		const timestamp = parseTimestamp(payload.timestamp);
+		const timestamp = parseTimestamp(payload.timestamp || errorData.timestamp);
 
 		const [geoData, uaData] = await Promise.all([
 			getGeo(ip),
@@ -170,25 +171,25 @@ function processErrorEventData(
 			client_id: clientId,
 			event_id: eventId,
 			anonymous_id: sanitizeString(
-				payload.anonymousId,
+				payload.anonymousId || errorData.anonymousId,
 				VALIDATION_LIMITS.SHORT_STRING_MAX_LENGTH
 			),
-			session_id: validateSessionId(payload.sessionId),
+			session_id: validateSessionId(payload.sessionId || errorData.sessionId),
 			timestamp,
-			path: sanitizeString(payload.path, VALIDATION_LIMITS.STRING_MAX_LENGTH),
+			path: sanitizeString(payload.path || errorData.path, VALIDATION_LIMITS.STRING_MAX_LENGTH),
 			message: sanitizeString(
-				payload.message,
+				payload.message || errorData.message,
 				VALIDATION_LIMITS.STRING_MAX_LENGTH
 			),
 			filename: sanitizeString(
-				payload.filename,
+				payload.filename || errorData.filename,
 				VALIDATION_LIMITS.STRING_MAX_LENGTH
 			),
-			lineno: payload.lineno,
-			colno: payload.colno,
-			stack: sanitizeString(payload.stack, VALIDATION_LIMITS.STRING_MAX_LENGTH),
+			lineno: payload.lineno || errorData.lineno,
+			colno: payload.colno || errorData.colno,
+			stack: sanitizeString(payload.stack || errorData.stack, VALIDATION_LIMITS.STRING_MAX_LENGTH),
 			error_type: sanitizeString(
-				payload.errorType,
+				payload.errorType || errorData.errorType,
 				VALIDATION_LIMITS.SHORT_STRING_MAX_LENGTH
 			),
 			ip: anonymizedIP || "",
@@ -212,10 +213,11 @@ function processWebVitalsEventData(
 	ip: string
 ): Promise<WebVitalsEvent> {
 	return record("processWebVitalsEventData", async () => {
-		const payload = vitalsData.payload;
-		const eventId = parseEventId(payload.eventId, randomUUID);
+		// Support both envelope format (payload) and direct format
+		const payload = vitalsData.payload || vitalsData;
+		const eventId = parseEventId(payload.eventId || vitalsData.eventId, randomUUID);
 		const now = Date.now();
-		const timestamp = parseTimestamp(payload.timestamp);
+		const timestamp = parseTimestamp(payload.timestamp || vitalsData.timestamp);
 
 		const [geoData, uaData] = await Promise.all([
 			getGeo(ip),
@@ -231,17 +233,17 @@ function processWebVitalsEventData(
 			client_id: clientId,
 			event_id: eventId,
 			anonymous_id: sanitizeString(
-				payload.anonymousId,
+				payload.anonymousId || vitalsData.anonymousId,
 				VALIDATION_LIMITS.SHORT_STRING_MAX_LENGTH
 			),
-			session_id: validateSessionId(payload.sessionId),
+			session_id: validateSessionId(payload.sessionId || vitalsData.sessionId),
 			timestamp,
-			path: sanitizeString(payload.path, VALIDATION_LIMITS.STRING_MAX_LENGTH),
-			fcp: validatePerformanceMetric(payload.fcp),
-			lcp: validatePerformanceMetric(payload.lcp),
-			cls: validatePerformanceMetric(payload.cls),
-			fid: validatePerformanceMetric(payload.fid),
-			inp: validatePerformanceMetric(payload.inp),
+			path: sanitizeString(payload.path || vitalsData.path || vitalsData.url, VALIDATION_LIMITS.STRING_MAX_LENGTH), // Support both path and url
+			fcp: validatePerformanceMetric(payload.fcp || vitalsData.fcp),
+			lcp: validatePerformanceMetric(payload.lcp || vitalsData.lcp),
+			cls: validatePerformanceMetric(payload.cls || vitalsData.cls),
+			fid: validatePerformanceMetric(payload.fid || vitalsData.fid),
+			inp: validatePerformanceMetric(payload.inp || vitalsData.inp),
 			ip: "",
 			user_agent: "",
 			country: country || "",
@@ -299,6 +301,112 @@ function processOutgoingLinkData(
 }
 
 const app = new Elysia()
+	.post("/vitals", async (context) => {
+		const { body, query, request } = context as {
+			body: any;
+			query: any;
+			request: Request;
+		};
+
+		try {
+			const validation = await validateRequest(body, query, request);
+			if ("error" in validation) {
+				return validation.error;
+			}
+
+			const { clientId, userAgent, ip } = validation;
+
+			const [botError, parseResult] = await Promise.all([
+				checkForBot(request, body, query, clientId, userAgent),
+				validateEventSchema(
+					webVitalsEventSchema,
+					body,
+					request,
+					query,
+					clientId
+				),
+			]);
+
+			if (botError) {
+				return botError.error;
+			}
+
+			if (!parseResult.success) {
+				return createSchemaErrorResponse(parseResult.error.issues);
+			}
+
+			const vitalsEvent = await processWebVitalsEventData(
+				body,
+				clientId,
+				userAgent,
+				ip
+			);
+
+			await insertWebVitals(vitalsEvent, clientId, userAgent, ip);
+			return { status: "success", type: "web_vitals" };
+
+		} catch (error) {
+			captureError(error, { message: "Error processing vitals" });
+			return { status: "error", message: "Internal server error" };
+		}
+	})
+	.post("/errors", async (context) => {
+		const { body, query, request } = context as {
+			body: any;
+			query: any;
+			request: Request;
+		};
+
+		try {
+			const validation = await validateRequest(body, query, request);
+			if ("error" in validation) {
+				return validation.error;
+			}
+
+			const { clientId, userAgent, ip } = validation;
+
+			if (FILTERED_ERROR_MESSAGES.has(body.message)) {
+				return {
+					status: "ignored",
+					type: "error",
+					reason: "filtered_message",
+				};
+			}
+
+			const [botError, parseResult] = await Promise.all([
+				checkForBot(request, body, query, clientId, userAgent),
+				validateEventSchema(
+					errorEventSchema,
+					body,
+					request,
+					query,
+					clientId
+				),
+			]);
+
+			if (botError) {
+				return botError.error;
+			}
+
+			if (!parseResult.success) {
+				return createSchemaErrorResponse(parseResult.error.issues);
+			}
+
+			const errorEvent = await processErrorEventData(
+				body,
+				clientId,
+				userAgent,
+				ip
+			);
+
+			await insertError(errorEvent, clientId, userAgent, ip);
+			return { status: "success", type: "error" };
+
+		} catch (error) {
+			captureError(error, { message: "Error processing error" });
+			return { status: "error", message: "Internal server error" };
+		}
+	})
 	.post("/", async (context) => {
 		const { body, query, request } = context as {
 			body: any;
@@ -362,7 +470,8 @@ const app = new Elysia()
 					return createSchemaErrorResponse(parseResult.error.issues);
 				}
 
-				insertError(body, clientId, userAgent, ip);
+				const errorEvent = await processErrorEventData(body, clientId, userAgent, ip);
+				insertError(errorEvent, clientId, userAgent, ip);
 				return { status: "success", type: "error" };
 			}
 
@@ -386,7 +495,8 @@ const app = new Elysia()
 					return createSchemaErrorResponse(parseResult.error.issues);
 				}
 
-				insertWebVitals(body, clientId, userAgent, ip);
+				const vitalsEvent = await processWebVitalsEventData(body, clientId, userAgent, ip);
+				insertWebVitals(vitalsEvent, clientId, userAgent, ip);
 				return { status: "success", type: "web_vitals" };
 			}
 

apps/dashboard/app/layout.tsx

@@ -126,7 +126,7 @@ export default function RootLayout({
 				maskPatterns={["/websites/***"]}
 				scriptUrl={
 					isLocalhost
-						? "http://localhost:3000/databuddy.js"
+						? "https://databuddy.b-cdn.net/databuddy.js"
 						: "https://cdn.databuddy.cc/databuddy.js"
 				}
 				skipPatterns={[]}

apps/dashboard/public/databuddy.js

@@ -948,29 +948,55 @@
 			}
 
 			try {
-				const metrics = { fcp: null, lcp: null, cls: 0, fid: null, inp: null };
-				let reported = false;
-
+				const metrics = { fcp: undefined, lcp: undefined, cls: undefined, fid: undefined, inp: undefined, ttfb: undefined };
+				
 				const clamp = (v) =>
 					typeof v === 'number' ? Math.min(60_000, Math.max(0, v)) : v;
 
-				const report = () => {
-					if (
-						reported ||
-						!Object.values(metrics).some((m) => m !== null && m !== 0)
-					) {
+				const sendVitals = () => {
+					if (!Object.values(metrics).some((m) => m !== undefined)) {
 						return;
 					}
-					reported = true;
-					this.trackWebVitals({
+
+					const payload = {
+						eventId: generateUUIDv4(),
+						anonymousId: this.anonymousId,
+						sessionId: this.sessionId,
 						timestamp: Date.now(),
 						fcp: clamp(metrics.fcp),
 						lcp: clamp(metrics.lcp),
-						cls: metrics.cls,
-						fid: metrics.fid,
+						cls: clamp(metrics.cls),
 						inp: metrics.inp,
+						ttfb: clamp(metrics.ttfb),
+						url: window.location.href,
+					};
+
+					this.sendBeacon({
+						type: 'web_vitals',
+						payload
 					});
-					this.cleanupWebVitals();
+				};
+
+				// Send initial report after a delay to let FCP/LCP settle
+				setTimeout(() => {
+					sendVitals();
+				}, 4000);
+
+				const report = () => {
+					sendVitals();
+				};
+
+				// Debounce reporting to avoid multiple triggers close together
+				let reportTimeout;
+				const debouncedReport = (immediate = false) => {
+					if (reportTimeout) {
+						window.clearTimeout(reportTimeout);
+					}
+					if (immediate) {
+						report();
+					} else {
+						reportTimeout = window.setTimeout(report, 1000);
+					}
 				};
 
 				const observe = (type, callback) => {
@@ -1005,7 +1031,7 @@
 				observe('layout-shift', (entries) => {
 					for (const entry of entries) {
 						if (!entry.hadRecentInput) {
-							metrics.cls += entry.value;
+							metrics.cls = (metrics.cls || 0) + entry.value;
 						}
 					}
 				});
@@ -1024,26 +1050,29 @@
 						}
 					}
 				});
+				
+				// Navigation Timing API for TTFB
+				try {
+					const navEntry = performance.getEntriesByType('navigation')[0];
+					if (navEntry) {
+						metrics.ttfb = Math.round(navEntry.responseStart - navEntry.requestStart);
+					}
+				} catch (e) {}
 
 				this.webVitalsVisibilityChangeHandler = () => {
 					if (document.visibilityState === 'hidden') {
-						report();
+						debouncedReport(true);
 					}
 				};
+				
 				document.addEventListener(
 					'visibilitychange',
-					this.webVitalsVisibilityChangeHandler,
-					{
-						once: true,
-					}
+					this.webVitalsVisibilityChangeHandler
 				);
 
-				this.webVitalsPageHideHandler = report;
-				window.addEventListener('pagehide', this.webVitalsPageHideHandler, {
-					once: true,
-				});
+				this.webVitalsPageHideHandler = () => debouncedReport(true);
+				window.addEventListener('pagehide', this.webVitalsPageHideHandler);
 
-				this.webVitalsReportTimeoutId = setTimeout(report, 10_000);
 			} catch (_e) {
 				//
 			}

apps/docs/app/layout.tsx

@@ -98,7 +98,7 @@ export default function Layout({ children }: { children: ReactNode }) {
 				trackAttributes
 				trackErrors
 				trackOutgoingLinks
-				trackWebVitals
+				trackWebVitals 
 			/>
 			<body>
 				<ThemeProvider attribute="class" defaultTheme="system" enableSystem>