@huloglobal/vendure-plugin-visitor-analytics 0.2.0

package/dist/visitor-tracking.controller.js

@@ -0,0 +1,658 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VisitorTrackingController = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@vendure/core");
+const visitor_event_entity_1 = require("./visitor-event.entity");
+const visitor_tracking_service_1 = require("./visitor-tracking.service");
+const COOKIE_VISITOR = 'ees_vid';
+const COOKIE_SESSION = 'ees_sid';
+const VISITOR_TTL_DAYS = 730; // ~2 years
+const SESSION_IDLE_MIN = 30; // 30-minute idle session timeout
+function requireAdmin(ctx, res) {
+    if (!(ctx === null || ctx === void 0 ? void 0 : ctx.activeUserId)) {
+        res.status(401).json({ error: 'Authentication required' });
+        return false;
+    }
+    if (!ctx.userHasPermissions([core_1.Permission.ReadCustomer])) {
+        res.status(403).json({ error: 'Insufficient permissions' });
+        return false;
+    }
+    return true;
+}
+function clampInt(raw, fallback, min, max) {
+    const n = parseInt(String(raw !== null && raw !== void 0 ? raw : fallback), 10);
+    if (isNaN(n))
+        return fallback;
+    return Math.max(min, Math.min(max, n));
+}
+const proxy_headers_1 = require("./proxy-headers");
+function realIp(req) { return (0, proxy_headers_1.getRealIp)(req); }
+let VisitorTrackingController = class VisitorTrackingController {
+    constructor(connection, tracking) {
+        this.connection = connection;
+        this.tracking = tracking;
+    }
+    /**
+     * Ingest endpoint hit by the storefront tracker. Anonymous, takes
+     * a small JSON batch via fetch() or navigator.sendBeacon() (which
+     * uses text/plain). CORS is open because the storefront is on a
+     * different origin from the API.
+     *
+     *   POST /ees/track
+     *   body: {
+     *     channelId?: number,
+     *     customerId?: number | null,
+     *     events: [
+     *       { type, url, title?, referrer?, timeOnPageMs?, meta?, clientTs? }
+     *     ]
+     *   }
+     *
+     * Cookies `ees_vid` (visitor) and `ees_sid` (session) are issued
+     * on the first request and refreshed on every subsequent one.
+     */
+    async track(body, req, res) {
+        // Lenient CORS — analytics ingestion must work cross-origin from
+        // both storefronts (and dev hosts) without complex config.
+        this.applyCors(req, res);
+        if (req.method === 'OPTIONS')
+            return res.status(204).end();
+        const cookies = this.parseCookies(req);
+        let visitorId = String(cookies[COOKIE_VISITOR] || '').slice(0, 64);
+        let sessionId = String(cookies[COOKIE_SESSION] || '').slice(0, 64);
+        let issuedVisitor = false;
+        let issuedSession = false;
+        if (!visitorId || !/^[a-f0-9]{16,64}$/i.test(visitorId)) {
+            visitorId = this.tracking.newId();
+            issuedVisitor = true;
+        }
+        if (!sessionId || !/^[a-f0-9]{16,64}$/i.test(sessionId)) {
+            sessionId = this.tracking.newId();
+            issuedSession = true;
+        }
+        const channelId = Number(body === null || body === void 0 ? void 0 : body.channelId) || 1;
+        const customerId = (body === null || body === void 0 ? void 0 : body.customerId) != null ? Number(body.customerId) || null : null;
+        const events = Array.isArray(body === null || body === void 0 ? void 0 : body.events) ? body.events.slice(0, 50) : [];
+        const ip = realIp(req);
+        // Prefer the upstream proxy's resolved country / region (Cloudflare,
+        // Akamai, Fastly all populate these headers when configured) — saves
+        // the per-request MaxMind lookup. The service still falls back to a
+        // GeoLite2 lookup if the proxy values are absent.
+        const proxyCountry = (0, proxy_headers_1.getResolvedCountry)(req);
+        const proxyRegion = (0, proxy_headers_1.getResolvedRegion)(req);
+        const out = await this.tracking.ingest({
+            visitorId, sessionId, customerId, channelId, events,
+            ip,
+            userAgent: req.headers['user-agent'] || null,
+            acceptLanguage: req.headers['accept-language'] || null,
+            proxyCountry, proxyRegion,
+        });
+        // Refresh cookies on every hit so the session window slides while
+        // the visitor is active.
+        const cookieOpts = (maxAgeSec) => `Path=/; Max-Age=${maxAgeSec}; SameSite=Lax`;
+        res.setHeader('Set-Cookie', [
+            `${COOKIE_VISITOR}=${visitorId}; ${cookieOpts(VISITOR_TTL_DAYS * 86400)}`,
+            `${COOKIE_SESSION}=${sessionId}; ${cookieOpts(SESSION_IDLE_MIN * 60)}`,
+        ]);
+        return res.json({
+            stored: out.stored,
+            visitorId, sessionId,
+            issuedVisitor, issuedSession,
+        });
+    }
+    // ------------------------------------------------------------------
+    // Admin reads — feed the Visitor Journey UI.
+    // ------------------------------------------------------------------
+    /** Top-line counters + daily series for the dashboard header. */
+    async summary(ctx, req, res) {
+        if (!requireAdmin(ctx, res))
+            return;
+        const days = Math.min(Math.max(parseInt(String(req.query.days || '30'), 10) || 30, 1), 365);
+        const rows = await this.connection.rawConnection.query(`SELECT DATE(createdAt) AS day,
+                    COUNT(DISTINCT visitorId) AS visitors,
+                    COUNT(DISTINCT sessionId) AS sessions,
+                    COUNT(*) AS events,
+                    SUM(type='pageview') AS pageviews
+             FROM visitor_event
+             WHERE createdAt >= DATE_SUB(NOW(), INTERVAL ? DAY)
+             GROUP BY DATE(createdAt)
+             ORDER BY day`, [days]);
+        const [{ totalVisitors, totalSessions, totalPageviews, avgTimeMs }] = await this.connection.rawConnection.query(`SELECT COUNT(DISTINCT visitorId) AS totalVisitors,
+                    COUNT(DISTINCT sessionId) AS totalSessions,
+                    SUM(type='pageview')      AS totalPageviews,
+                    AVG(CASE WHEN type='unload' AND timeOnPageMs > 0 THEN timeOnPageMs END) AS avgTimeMs
+             FROM visitor_event
+             WHERE createdAt >= DATE_SUB(NOW(), INTERVAL ? DAY)`, [days]);
+        return res.json({
+            days,
+            totals: {
+                visitors: Number(totalVisitors) || 0,
+                sessions: Number(totalSessions) || 0,
+                pageviews: Number(totalPageviews) || 0,
+                avgTimeMs: Math.round(Number(avgTimeMs) || 0),
+            },
+            daily: rows.map((r) => ({
+                day: r.day,
+                visitors: Number(r.visitors) || 0,
+                sessions: Number(r.sessions) || 0,
+                events: Number(r.events) || 0,
+                pageviews: Number(r.pageviews) || 0,
+            })),
+        });
+    }
+    /** Traffic sources — UTM source breakdown + organic referrer
+     *  domains. Visitors are attributed by their first-pageview's UTM
+     *  / referrer combo per session. */
+    async sources(ctx, req, res) {
+        if (!requireAdmin(ctx, res))
+            return;
+        const days = clampInt(req.query.days, 30, 1, 365);
+        const take = clampInt(req.query.take, 25, 1, 500);
+        const skip = clampInt(req.query.skip, 0, 0, 1000000);
+        const rows = await this.connection.rawConnection.query(`SELECT source, medium, COALESCE(MAX(campaign), '') AS campaign,
+                    COUNT(DISTINCT visitorId) AS visitors,
+                    COUNT(DISTINCT sessionId) AS sessions,
+                    SUM(reached_product) AS productViewers,
+                    SUM(reached_checkout) AS checkoutReached
+             FROM (
+                 SELECT visitorId, sessionId,
+                        COALESCE(utmSource, referrerDomain, '(direct)') AS source,
+                        COALESCE(utmMedium, IF(referrerDomain IS NOT NULL, 'referral', 'none')) AS medium,
+                        utmCampaign AS campaign,
+                        MAX(CASE WHEN url LIKE '/products/%' AND type='pageview' THEN 1 ELSE 0 END) AS reached_product,
+                        MAX(CASE WHEN (url LIKE '%/checkout%' OR url LIKE '%cart%') AND type='pageview' THEN 1 ELSE 0 END) AS reached_checkout
+                 FROM visitor_event
+                 WHERE createdAt >= DATE_SUB(NOW(), INTERVAL ? DAY)
+                 GROUP BY visitorId, sessionId,
+                          COALESCE(utmSource, referrerDomain, '(direct)'),
+                          COALESCE(utmMedium, IF(referrerDomain IS NOT NULL, 'referral', 'none')),
+                          utmCampaign
+             ) by_session
+             GROUP BY source, medium
+             ORDER BY visitors DESC
+             LIMIT ? OFFSET ?`, [days, take, skip]);
+        const [{ total }] = await this.connection.rawConnection.query(`SELECT COUNT(*) AS total FROM (
+                SELECT DISTINCT
+                    COALESCE(utmSource, referrerDomain, '(direct)') AS source,
+                    COALESCE(utmMedium, IF(referrerDomain IS NOT NULL, 'referral', 'none')) AS medium
+                FROM visitor_event
+                WHERE createdAt >= DATE_SUB(NOW(), INTERVAL ? DAY)
+             ) sources`, [days]);
+        return res.json({
+            sources: rows.map((r) => ({
+                source: r.source,
+                medium: r.medium,
+                campaign: r.campaign,
+                visitors: Number(r.visitors) || 0,
+                sessions: Number(r.sessions) || 0,
+                productViewers: Number(r.productViewers) || 0,
+                checkoutReached: Number(r.checkoutReached) || 0,
+            })),
+            total: Number(total) || 0, take, skip,
+        });
+    }
+    /** Top pages by view count. Paginated via take + skip. */
+    async topPages(ctx, req, res) {
+        if (!requireAdmin(ctx, res))
+            return;
+        const days = clampInt(req.query.days, 30, 1, 365);
+        const take = clampInt(req.query.take, 25, 1, 500);
+        const skip = clampInt(req.query.skip, 0, 0, 1000000);
+        const rows = await this.connection.rawConnection.query(`SELECT url,
+                    MAX(title)               AS title,
+                    COUNT(*)                 AS views,
+                    COUNT(DISTINCT visitorId) AS uniqueVisitors,
+                    AVG(NULLIF(timeOnPageMs, 0)) AS avgTimeMs
+             FROM visitor_event
+             WHERE createdAt >= DATE_SUB(NOW(), INTERVAL ? DAY)
+               AND type IN ('pageview', 'unload')
+             GROUP BY url
+             ORDER BY views DESC
+             LIMIT ? OFFSET ?`, [days, take, skip]);
+        const [{ total }] = await this.connection.rawConnection.query(`SELECT COUNT(DISTINCT url) AS total FROM visitor_event
+             WHERE createdAt >= DATE_SUB(NOW(), INTERVAL ? DAY)
+               AND type IN ('pageview', 'unload')`, [days]);
+        return res.json({
+            pages: rows.map((r) => ({
+                url: r.url, title: r.title,
+                views: Number(r.views) || 0,
+                uniqueVisitors: Number(r.uniqueVisitors) || 0,
+                avgTimeMs: Math.round(Number(r.avgTimeMs) || 0),
+            })),
+            total: Number(total) || 0, take, skip,
+        });
+    }
+    /** Funnel: visitors → product views → cart → checkout completed. */
+    async funnel(ctx, req, res) {
+        if (!requireAdmin(ctx, res))
+            return;
+        const days = Math.min(Math.max(parseInt(String(req.query.days || '30'), 10) || 30, 1), 365);
+        const stages = [
+            { key: 'visited', label: 'Any page', where: `1=1` },
+            { key: 'viewed', label: 'Viewed a product', where: `url LIKE '/products/%'` },
+            { key: 'cart', label: 'Opened the cart', where: `url LIKE '%/checkout%' OR url LIKE '%cart%'` },
+            { key: 'confirmed', label: 'Reached checkout confirmation', where: `url LIKE '%/checkout/confirmation/%'` },
+        ];
+        const result = [];
+        for (const s of stages) {
+            const [{ n }] = await this.connection.rawConnection.query(`SELECT COUNT(DISTINCT visitorId) AS n FROM visitor_event
+                 WHERE createdAt >= DATE_SUB(NOW(), INTERVAL ? DAY)
+                   AND type='pageview' AND (${s.where})`, [days]);
+            result.push({ key: s.key, label: s.label, visitors: Number(n) || 0 });
+        }
+        return res.json({ days, stages: result });
+    }
+    /** Exit pages — pages where the last event in the session was a
+     *  pageview. Paginated via take + skip. */
+    async exitPages(ctx, req, res) {
+        if (!requireAdmin(ctx, res))
+            return;
+        const days = clampInt(req.query.days, 30, 1, 365);
+        const take = clampInt(req.query.take, 25, 1, 500);
+        const skip = clampInt(req.query.skip, 0, 0, 1000000);
+        const rows = await this.connection.rawConnection.query(`SELECT url,
+                    MAX(title) AS title,
+                    COUNT(*)   AS exits
+             FROM (
+                 SELECT sessionId, url, title, createdAt,
+                        ROW_NUMBER() OVER (PARTITION BY sessionId ORDER BY createdAt DESC) AS rn
+                 FROM visitor_event
+                 WHERE createdAt >= DATE_SUB(NOW(), INTERVAL ? DAY)
+                   AND type='pageview'
+             ) last_pages
+             WHERE rn = 1
+             GROUP BY url
+             ORDER BY exits DESC
+             LIMIT ? OFFSET ?`, [days, take, skip]);
+        const [{ total }] = await this.connection.rawConnection.query(`SELECT COUNT(DISTINCT url) AS total FROM (
+                SELECT sessionId, url,
+                       ROW_NUMBER() OVER (PARTITION BY sessionId ORDER BY createdAt DESC) AS rn
+                FROM visitor_event
+                WHERE createdAt >= DATE_SUB(NOW(), INTERVAL ? DAY) AND type='pageview'
+             ) lp WHERE rn = 1`, [days]);
+        return res.json({
+            exitPages: rows.map((r) => ({
+                url: r.url, title: r.title, exits: Number(r.exits) || 0,
+            })),
+            total: Number(total) || 0, take, skip,
+        });
+    }
+    /** Top custom events — `type` other than pageview / unload. Useful
+     *  for tracking add-to-cart / search / quote-request / signup
+     *  conversion rates. Paginated. */
+    async topEvents(ctx, req, res) {
+        if (!requireAdmin(ctx, res))
+            return;
+        const days = clampInt(req.query.days, 30, 1, 365);
+        const take = clampInt(req.query.take, 25, 1, 500);
+        const skip = clampInt(req.query.skip, 0, 0, 1000000);
+        const rows = await this.connection.rawConnection.query(`SELECT type,
+                    COUNT(*) AS count,
+                    COUNT(DISTINCT visitorId) AS uniqueVisitors,
+                    COUNT(DISTINCT sessionId) AS sessions
+             FROM visitor_event
+             WHERE createdAt >= DATE_SUB(NOW(), INTERVAL ? DAY)
+               AND type NOT IN ('pageview', 'unload')
+             GROUP BY type
+             ORDER BY count DESC
+             LIMIT ? OFFSET ?`, [days, take, skip]);
+        const [{ total }] = await this.connection.rawConnection.query(`SELECT COUNT(DISTINCT type) AS total FROM visitor_event
+             WHERE createdAt >= DATE_SUB(NOW(), INTERVAL ? DAY)
+               AND type NOT IN ('pageview', 'unload')`, [days]);
+        return res.json({
+            events: rows.map((r) => ({
+                type: r.type,
+                count: Number(r.count) || 0,
+                uniqueVisitors: Number(r.uniqueVisitors) || 0,
+                sessions: Number(r.sessions) || 0,
+            })),
+            total: Number(total) || 0, take, skip,
+        });
+    }
+    /**
+     * Live-now widget — Server-Sent Events stream pushing the current
+     * active-visitor count + their most recent URLs every 5 seconds.
+     * "Active" = at least one event in the last 5 minutes. SSE keeps
+     * the connection open; the admin UI consumes it via `EventSource`.
+     *
+     * Each event payload:
+     *   data: { ts, activeCount, recent: [{ visitorId, url, country, secondsAgo }] }
+     */
+    async live(ctx, req, res) {
+        var _a;
+        if (!requireAdmin(ctx, res))
+            return;
+        res.setHeader('Content-Type', 'text/event-stream');
+        res.setHeader('Cache-Control', 'no-cache, no-transform');
+        res.setHeader('Connection', 'keep-alive');
+        res.setHeader('X-Accel-Buffering', 'no'); // disable nginx buffering
+        (_a = res.flushHeaders) === null || _a === void 0 ? void 0 : _a.call(res);
+        const tick = async () => {
+            try {
+                const rows = await this.connection.rawConnection.query(`SELECT visitorId,
+                            MAX(url) AS url,
+                            MAX(country) AS country,
+                            TIMESTAMPDIFF(SECOND, MAX(createdAt), NOW()) AS secondsAgo
+                     FROM visitor_event
+                     WHERE createdAt >= DATE_SUB(NOW(), INTERVAL 5 MINUTE)
+                       AND type = 'pageview'
+                     GROUP BY visitorId
+                     ORDER BY MAX(createdAt) DESC
+                     LIMIT 20`);
+                const payload = {
+                    ts: new Date().toISOString(),
+                    activeCount: rows.length,
+                    recent: rows.map((r) => ({
+                        visitorId: r.visitorId,
+                        url: r.url,
+                        country: r.country,
+                        secondsAgo: Number(r.secondsAgo) || 0,
+                    })),
+                };
+                res.write(`data: ${JSON.stringify(payload)}\n\n`);
+            }
+            catch {
+                // Don't kill the stream on transient DB errors — the next
+                // tick will retry. SSE clients reconnect automatically
+                // if the connection drops.
+            }
+        };
+        // Fire immediately, then every 5s. Stop when the client disconnects.
+        await tick();
+        const interval = setInterval(() => { tick().catch(() => undefined); }, 5000);
+        req.on('close', () => clearInterval(interval));
+        req.on('end', () => clearInterval(interval));
+    }
+    /** Journey timeline for one visitor — every event in order. */
+    async journey(ctx, visitorId, res) {
+        if (!requireAdmin(ctx, res))
+            return;
+        const events = await this.connection.rawConnection.getRepository(visitor_event_entity_1.VisitorEvent).find({
+            where: { visitorId: String(visitorId).slice(0, 64) },
+            order: { createdAt: 'ASC' },
+            take: 1000,
+        });
+        return res.json({ visitorId, events });
+    }
+    /** Recent visitors — paginated via take + skip. */
+    async recent(ctx, req, res) {
+        if (!requireAdmin(ctx, res))
+            return;
+        const days = clampInt(req.query.days, 7, 1, 365);
+        const take = clampInt(req.query.take, 25, 1, 500);
+        const skip = clampInt(req.query.skip, 0, 0, 1000000);
+        const rows = await this.connection.rawConnection.query(`SELECT visitorId,
+                    MAX(customerId)            AS customerId,
+                    MIN(createdAt)             AS firstSeenAt,
+                    MAX(createdAt)             AS lastSeenAt,
+                    COUNT(DISTINCT sessionId)  AS sessions,
+                    SUM(type='pageview')       AS pageviews,
+                    MAX(country)               AS country,
+                    MAX(city)                  AS city,
+                    MAX(browser)               AS browser,
+                    MAX(os)                    AS os,
+                    MAX(device)                AS device
+             FROM visitor_event
+             WHERE createdAt >= DATE_SUB(NOW(), INTERVAL ? DAY)
+             GROUP BY visitorId
+             ORDER BY MAX(createdAt) DESC
+             LIMIT ? OFFSET ?`, [days, take, skip]);
+        const [{ total }] = await this.connection.rawConnection.query(`SELECT COUNT(DISTINCT visitorId) AS total
+             FROM visitor_event WHERE createdAt >= DATE_SUB(NOW(), INTERVAL ? DAY)`, [days]);
+        return res.json({
+            visitors: rows.map((r) => ({
+                visitorId: r.visitorId,
+                customerId: r.customerId,
+                firstSeenAt: r.firstSeenAt,
+                lastSeenAt: r.lastSeenAt,
+                sessions: Number(r.sessions) || 0,
+                pageviews: Number(r.pageviews) || 0,
+                country: r.country,
+                city: r.city,
+                browser: r.browser,
+                os: r.os,
+                device: r.device,
+            })),
+            total: Number(total) || 0, take, skip,
+        });
+    }
+    /** Full visitor profile — every available signal we have on this
+     *  visitor, plus the most-recent IP / UA / location / locale,
+     *  customer link, and per-session breakdown. Drives the clickable
+     *  detail drawer in the admin UI. */
+    async profile(ctx, visitorIdRaw, res) {
+        if (!requireAdmin(ctx, res))
+            return;
+        const visitorId = String(visitorIdRaw).slice(0, 64);
+        // One row with the latest non-null value of every column.
+        const [latest] = await this.connection.rawConnection.query(`SELECT visitorId,
+                    MAX(customerId)         AS customerId,
+                    MIN(createdAt)          AS firstSeenAt,
+                    MAX(createdAt)          AS lastSeenAt,
+                    COUNT(DISTINCT sessionId) AS totalSessions,
+                    SUM(type='pageview')    AS totalPageviews,
+                    SUM(type='unload')      AS totalUnloads,
+                    SUM(type='event')       AS totalEvents,
+                    SUM(timeOnPageMs)       AS totalTimeMs,
+                    MAX(ip)                 AS ip,
+                    MAX(ipHash)             AS ipHash,
+                    MAX(userAgent)          AS userAgent,
+                    MAX(browser)            AS browser,
+                    MAX(browserVersion)     AS browserVersion,
+                    MAX(os)                 AS os,
+                    MAX(osVersion)          AS osVersion,
+                    MAX(device)             AS device,
+                    MAX(acceptLanguage)     AS acceptLanguage,
+                    MAX(country)            AS country,
+                    MAX(region)             AS region,
+                    MAX(city)               AS city,
+                    MAX(timezone)           AS timezone,
+                    MAX(channelId)          AS channelId
+             FROM visitor_event
+             WHERE visitorId = ?
+             GROUP BY visitorId`, [visitorId]);
+        if (!latest)
+            return res.status(404).json({ error: 'visitor not found' });
+        const sessions = await this.connection.rawConnection.query(`SELECT sessionId,
+                    MIN(createdAt) AS startedAt,
+                    MAX(createdAt) AS endedAt,
+                    COUNT(*)       AS events,
+                    SUM(type='pageview') AS pageviews,
+                    SUM(timeOnPageMs)    AS timeMs,
+                    MIN(CASE WHEN type='pageview' THEN url END) AS entryUrl
+             FROM visitor_event
+             WHERE visitorId = ?
+             GROUP BY sessionId
+             ORDER BY MIN(createdAt) DESC
+             LIMIT 50`, [visitorId]);
+        let customer = null;
+        if (latest.customerId) {
+            const [c] = await this.connection.rawConnection.query(`SELECT id, firstName, lastName, emailAddress
+                 FROM customer WHERE id = ? LIMIT 1`, [Number(latest.customerId)]);
+            customer = c || null;
+        }
+        return res.json({
+            visitor: {
+                visitorId: latest.visitorId,
+                customerId: latest.customerId,
+                customer,
+                firstSeenAt: latest.firstSeenAt,
+                lastSeenAt: latest.lastSeenAt,
+                totals: {
+                    sessions: Number(latest.totalSessions) || 0,
+                    pageviews: Number(latest.totalPageviews) || 0,
+                    unloads: Number(latest.totalUnloads) || 0,
+                    events: Number(latest.totalEvents) || 0,
+                    timeMs: Number(latest.totalTimeMs) || 0,
+                },
+                ip: latest.ip,
+                ipHash: latest.ipHash,
+                userAgent: latest.userAgent,
+                browser: latest.browser,
+                browserVersion: latest.browserVersion,
+                os: latest.os,
+                osVersion: latest.osVersion,
+                device: latest.device,
+                acceptLanguage: latest.acceptLanguage,
+                country: latest.country,
+                region: latest.region,
+                city: latest.city,
+                timezone: latest.timezone,
+                channelId: latest.channelId,
+            },
+            sessions: sessions.map((s) => ({
+                sessionId: s.sessionId,
+                startedAt: s.startedAt,
+                endedAt: s.endedAt,
+                events: Number(s.events) || 0,
+                pageviews: Number(s.pageviews) || 0,
+                timeMs: Number(s.timeMs) || 0,
+                entryUrl: s.entryUrl,
+            })),
+        });
+    }
+    // ------------------------------------------------------------------
+    applyCors(req, res) {
+        const origin = String(req.headers.origin || '');
+        // Allow the two storefronts + local dev. Anything else gets a
+        // wildcard echo of the request origin so previews work without
+        // needing config — we trust the request itself for ingest.
+        res.setHeader('Access-Control-Allow-Origin', origin || '*');
+        res.setHeader('Vary', 'Origin');
+        res.setHeader('Access-Control-Allow-Credentials', 'true');
+        res.setHeader('Access-Control-Allow-Methods', 'POST, OPTIONS');
+        res.setHeader('Access-Control-Allow-Headers', 'content-type');
+    }
+    parseCookies(req) {
+        const raw = req.headers.cookie || '';
+        const out = {};
+        for (const part of raw.split(';')) {
+            const idx = part.indexOf('=');
+            if (idx < 0)
+                continue;
+            const k = part.slice(0, idx).trim();
+            const v = decodeURIComponent(part.slice(idx + 1).trim());
+            if (k)
+                out[k] = v;
+        }
+        return out;
+    }
+};
+exports.VisitorTrackingController = VisitorTrackingController;
+__decorate([
+    (0, common_1.Post)('track'),
+    __param(0, (0, common_1.Body)()),
+    __param(1, (0, common_1.Req)()),
+    __param(2, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Object]),
+    __metadata("design:returntype", Promise)
+], VisitorTrackingController.prototype, "track", null);
+__decorate([
+    (0, common_1.Get)('visitors/summary'),
+    __param(0, (0, core_1.Ctx)()),
+    __param(1, (0, common_1.Req)()),
+    __param(2, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [core_1.RequestContext, Object, Object]),
+    __metadata("design:returntype", Promise)
+], VisitorTrackingController.prototype, "summary", null);
+__decorate([
+    (0, common_1.Get)('visitors/sources'),
+    __param(0, (0, core_1.Ctx)()),
+    __param(1, (0, common_1.Req)()),
+    __param(2, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [core_1.RequestContext, Object, Object]),
+    __metadata("design:returntype", Promise)
+], VisitorTrackingController.prototype, "sources", null);
+__decorate([
+    (0, common_1.Get)('visitors/top-pages'),
+    __param(0, (0, core_1.Ctx)()),
+    __param(1, (0, common_1.Req)()),
+    __param(2, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [core_1.RequestContext, Object, Object]),
+    __metadata("design:returntype", Promise)
+], VisitorTrackingController.prototype, "topPages", null);
+__decorate([
+    (0, common_1.Get)('visitors/funnel'),
+    __param(0, (0, core_1.Ctx)()),
+    __param(1, (0, common_1.Req)()),
+    __param(2, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [core_1.RequestContext, Object, Object]),
+    __metadata("design:returntype", Promise)
+], VisitorTrackingController.prototype, "funnel", null);
+__decorate([
+    (0, common_1.Get)('visitors/exit-pages'),
+    __param(0, (0, core_1.Ctx)()),
+    __param(1, (0, common_1.Req)()),
+    __param(2, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [core_1.RequestContext, Object, Object]),
+    __metadata("design:returntype", Promise)
+], VisitorTrackingController.prototype, "exitPages", null);
+__decorate([
+    (0, common_1.Get)('visitors/top-events'),
+    __param(0, (0, core_1.Ctx)()),
+    __param(1, (0, common_1.Req)()),
+    __param(2, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [core_1.RequestContext, Object, Object]),
+    __metadata("design:returntype", Promise)
+], VisitorTrackingController.prototype, "topEvents", null);
+__decorate([
+    (0, common_1.Get)('visitors/live'),
+    __param(0, (0, core_1.Ctx)()),
+    __param(1, (0, common_1.Req)()),
+    __param(2, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [core_1.RequestContext, Object, Object]),
+    __metadata("design:returntype", Promise)
+], VisitorTrackingController.prototype, "live", null);
+__decorate([
+    (0, common_1.Get)('visitors/journey/:visitorId'),
+    __param(0, (0, core_1.Ctx)()),
+    __param(1, (0, common_1.Param)('visitorId')),
+    __param(2, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [core_1.RequestContext, String, Object]),
+    __metadata("design:returntype", Promise)
+], VisitorTrackingController.prototype, "journey", null);
+__decorate([
+    (0, common_1.Get)('visitors/recent'),
+    __param(0, (0, core_1.Ctx)()),
+    __param(1, (0, common_1.Req)()),
+    __param(2, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [core_1.RequestContext, Object, Object]),
+    __metadata("design:returntype", Promise)
+], VisitorTrackingController.prototype, "recent", null);
+__decorate([
+    (0, common_1.Get)('visitors/profile/:visitorId'),
+    __param(0, (0, core_1.Ctx)()),
+    __param(1, (0, common_1.Param)('visitorId')),
+    __param(2, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [core_1.RequestContext, String, Object]),
+    __metadata("design:returntype", Promise)
+], VisitorTrackingController.prototype, "profile", null);
+exports.VisitorTrackingController = VisitorTrackingController = __decorate([
+    (0, common_1.Controller)('ees'),
+    __metadata("design:paramtypes", [core_1.TransactionalConnection,
+        visitor_tracking_service_1.VisitorTrackingService])
+], VisitorTrackingController);
+//# sourceMappingURL=visitor-tracking.controller.js.map