log to supabase

app/routes.py

@@ -7,6 +7,33 @@ from app.training.mock_trainer import MockTrainer
 from app.training.privacy_calculator import PrivacyCalculator
 from flask_cors import cross_origin
 import os
+import requests
+
+
+SUPABASE_URL = os.getenv("SUPABASE_URL", "")
+SUPABASE_SERVICE_KEY = os.getenv("SUPABASE_SERVICE_KEY", "")
+
+def supabase_insert_event(row: dict) -> None:
+    """Insert one event row into Supabase (best-effort)."""
+    if not SUPABASE_URL or not SUPABASE_SERVICE_KEY:
+        # No secrets set; silently skip to avoid breaking your app
+        return
+
+    r = requests.post(
+        f"{SUPABASE_URL}/rest/v1/events",
+        headers={
+            "apikey": SUPABASE_SERVICE_KEY,
+            "Authorization": f"Bearer {SUPABASE_SERVICE_KEY}",
+            "Content-Type": "application/json",
+            "Prefer": "return=minimal",
+        },
+        json=row,
+        timeout=3,
+    )
+    # optional: raise if you want strictness
+    if r.status_code >= 300:
+        print("Supabase insert failed:", r.status_code, r.text[:300])
+
 
 # Try to import RealTrainer, fallback to MockTrainer if dependencies aren't available
 try:
@@ -289,15 +316,70 @@ def _ensure_vid_cookie(resp=None):
         return vid, resp
     return vid, resp
 
+# @main.route("/api/whoami", methods=["GET"])
+# @cross_origin()
+# def whoami():
+#     ua = request.headers.get("User-Agent", "")[:200]
+#     dnt = request.headers.get("DNT") == "1"
+#     gpc = request.headers.get("Sec-GPC") == "1"
+#     vid, resp = _ensure_vid_cookie()
+#     payload = {"vid": vid, "user_agent": ua, "dnt": dnt, "gpc": gpc}
+#     return jsonify(payload)
+
+# @main.route('/api/track', methods=['POST', 'OPTIONS'])
+# @cross_origin()
+# def track_event():
+#     if request.method == 'OPTIONS':
+#         return jsonify({'status': 'ok'})
+#     try:
+#         evt = request.get_json(force=True, silent=True) or {}
+#
+#         dnt = request.headers.get("DNT") == "1"
+#         gpc = request.headers.get("Sec-GPC") == "1"
+#         ua = request.headers.get("User-Agent", "")[:200]
+#         ref = request.headers.get("Referer", "")[:200]
+#         vid, resp = _ensure_vid_cookie()
+#
+#         # Allow only specific user fields if provided
+#         user = evt.get("user") if isinstance(evt.get("user"), dict) else {}
+#         allowed_user = {k: user[k] for k in ["id", "role", "org", "plan"] if k in user and isinstance(user[k], (str, int))}
+#
+#         evt.update({
+#             "server_time": datetime.utcnow().isoformat() + "Z",
+#             "visitor_id": vid,
+#             "client_ip_truncated": _client_ip(),
+#             "user_agent": ua,
+#             "referer": ref,
+#             "dnt": dnt,
+#             "gpc": gpc,
+#             "user": allowed_user
+#         })
+#
+#         logfile = os.path.join(current_app.root_path, 'analytics.log.jsonl')
+#         with open(logfile, 'a', encoding='utf-8') as f:
+#             f.write(json.dumps(evt, ensure_ascii=False) + '\n')
+#
+#         return jsonify({'ok': True})
+#     except Exception as e:
+#         return jsonify({'ok': False, 'error': str(e)}), 400
+
+
 @main.route("/api/whoami", methods=["GET"])
 @cross_origin()
 def whoami():
     ua = request.headers.get("User-Agent", "")[:200]
     dnt = request.headers.get("DNT") == "1"
     gpc = request.headers.get("Sec-GPC") == "1"
-    vid, resp = _ensure_vid_cookie()
-    payload = {"vid": vid, "user_agent": ua, "dnt": dnt, "gpc": gpc}
-    return jsonify(payload)
+
+    payload = {"vid": request.cookies.get(COOKIE_NAME) or uuid.uuid4().hex,
+               "user_agent": ua, "dnt": dnt, "gpc": gpc}
+
+    resp = make_response(jsonify(payload))
+    if not request.cookies.get(COOKIE_NAME):
+        resp.set_cookie(COOKIE_NAME, payload["vid"], max_age=60*60*24*365*2,
+                        httponly=True, secure=True, samesite="Lax", path="/")
+    return resp
+
 
 @main.route('/api/track', methods=['POST', 'OPTIONS'])
 @cross_origin()
@@ -311,15 +393,21 @@ def track_event():
         gpc = request.headers.get("Sec-GPC") == "1"
         ua = request.headers.get("User-Agent", "")[:200]
         ref = request.headers.get("Referer", "")[:200]
-        vid, resp = _ensure_vid_cookie()
 
-        # Allow only specific user fields if provided
+        resp = make_response(jsonify({'ok': True}))
+        cookie_vid, resp = _ensure_vid_cookie(resp)
+
+        visitor_id = evt.get("vid") or cookie_vid
+        session_id = evt.get("sessionId")
+
         user = evt.get("user") if isinstance(evt.get("user"), dict) else {}
-        allowed_user = {k: user[k] for k in ["id", "role", "org", "plan"] if k in user and isinstance(user[k], (str, int))}
+        allowed_user = {k: user[k] for k in ["id", "role", "org", "plan"]
+                        if k in user and isinstance(user[k], (str, int))}
 
         evt.update({
             "server_time": datetime.utcnow().isoformat() + "Z",
-            "visitor_id": vid,
+            "visitor_id": visitor_id,
+            "session_id": session_id,
             "client_ip_truncated": _client_ip(),
             "user_agent": ua,
             "referer": ref,
@@ -328,11 +416,24 @@ def track_event():
             "user": allowed_user
         })
 
-        logfile = os.path.join(current_app.root_path, 'analytics.log.jsonl')
-        with open(logfile, 'a', encoding='utf-8') as f:
-            f.write(json.dumps(evt, ensure_ascii=False) + '\n')
+        row = {
+            "visitor_id": str(visitor_id),
+            "session_id": str(session_id) if session_id else None,
+            "event_type": str(evt.get("eventType", "unknown")),
+            "payload": evt,
+            "user_agent": ua,
+            "referer": ref,
+            "client_ip_truncated": _client_ip(),
+            "dnt": dnt,
+            "gpc": gpc
+        }
+        supabase_insert_event(row)
+
+        return resp
 
-        return jsonify({'ok': True})
     except Exception as e:
         return jsonify({'ok': False, 'error': str(e)}), 400
+
+
+
 # ===== End Analytics =====