apptvty 0.2.4 → 0.3.0

package/dist/middleware/nextjs.js

@@ -353,7 +353,7 @@ var ApptvtyClient = class {
           this.log("X402 challenge auto-paid from wallet, retrying request");
           return this.post(path, body);
         }
-        let dashboardUrl = "https://dashboard.apptvty.com/login";
+        let dashboardUrl = (typeof process !== "undefined" ? process.env?.DASHBOARD_URL : void 0) ?? "https://dashboard.apptvty.com/login";
         try {
           const json = JSON.parse(text);
           dashboardUrl = json?.error?.details?.dashboard_url ?? dashboardUrl;
@@ -535,7 +535,7 @@ var RequestLogger = class {
     this.client = client;
     this.queue = [];
     this.timer = null;
-    this.flushing = false;
+    this.activeFlushPromise = null;
     this.batchSize = config.batchSize ?? 50;
     this.debug = config.debug ?? false;
     const interval = config.flushInterval ?? 5e3;
@@ -560,21 +560,31 @@ var RequestLogger = class {
   /** Enqueue a single log entry. Non-blocking. */
   enqueue(entry) {
     this.queue.push(entry);
-    if (this.queue.length >= this.batchSize) {
-      void this.flush();
-    }
+    void this.flush();
   }
-  /** Flush the current queue to the API. */
+  /** Flush the current queue to the API. Returns the active Promise so Edge runtimes can wait. */
   async flush() {
-    if (this.flushing || this.queue.length === 0) return;
-    this.flushing = true;
-    const batch = this.queue.splice(0, this.batchSize);
-    try {
-      await this.client.sendLogs(batch);
-    } catch {
-    } finally {
-      this.flushing = false;
+    if (this.queue.length === 0) {
+      return this.activeFlushPromise || Promise.resolve();
     }
+    if (this.activeFlushPromise) {
+      await this.activeFlushPromise;
+      if (this.queue.length > 0) return this.flush();
+      return Promise.resolve();
+    }
+    const batch = this.queue.splice(0, this.batchSize);
+    this.activeFlushPromise = (async () => {
+      try {
+        await this.client.sendLogs(batch);
+      } catch {
+      } finally {
+        this.activeFlushPromise = null;
+        if (this.queue.length > 0) {
+          void this.flush();
+        }
+      }
+    })();
+    return this.activeFlushPromise;
   }
   /**
    * Synchronous-ish flush for process shutdown.
@@ -665,7 +675,7 @@ function createQueryHandler(client, config) {
     if (trimmedQuery.length > 500) {
       return errorResponse(400, "QUERY_TOO_LONG", "Query must be 500 characters or fewer");
     }
-    const requestId = crypto.randomUUID();
+    const requestId = globalThis.crypto.randomUUID();
     const timestamp = (/* @__PURE__ */ new Date()).toISOString();
     const startMs = Date.now();
     const surfaceAds = req.surface_ads !== false;
@@ -693,16 +703,21 @@ function createQueryHandler(client, config) {
       return errorResponse(502, "UPSTREAM_ERROR", "Could not retrieve an answer at this time");
     }
     const responseTimeMs = Date.now() - startMs;
-    const ads = backendResponse.sponsored ? Array.isArray(backendResponse.sponsored) ? backendResponse.sponsored : [backendResponse.sponsored] : [];
-    for (const ad of ads) {
-      void client.logImpression({
-        impression_id: ad.impression_id,
-        site_id: config.siteId,
-        query: trimmedQuery,
-        agent_ua: req.userAgent,
-        agent_ip: req.ipAddress,
-        timestamp
-      });
+    const ads = backendResponse.related_resources ? Array.isArray(backendResponse.related_resources) ? backendResponse.related_resources : [backendResponse.related_resources] : [];
+    if (ads.length > 0) {
+      await Promise.all(
+        ads.map(
+          (ad) => client.logImpression({
+            impression_id: ad.impression_id,
+            site_id: config.siteId,
+            query: trimmedQuery,
+            agent_ua: req.userAgent,
+            agent_ip: req.ipAddress,
+            timestamp
+          }).catch(() => {
+          })
+        )
+      );
     }
     const agentResponse = {
       success: true,
@@ -711,7 +726,7 @@ function createQueryHandler(client, config) {
       answer: backendResponse.answer,
       sources: backendResponse.sources,
       confidence: backendResponse.confidence,
-      ...backendResponse.sponsored && { sponsored: backendResponse.sponsored },
+      ...backendResponse.related_resources && { related_resources: backendResponse.related_resources },
       metadata: {
         request_id: requestId,
         response_time_ms: responseTimeMs,
@@ -729,7 +744,7 @@ function errorResponse(status, code, message) {
     error: {
       code,
       message,
-      request_id: crypto.randomUUID(),
+      request_id: globalThis.crypto.randomUUID(),
       timestamp: (/* @__PURE__ */ new Date()).toISOString()
     }
   };
@@ -748,20 +763,49 @@ function getOrigin(url) {
 function createDashboardHandler(client, config) {
   return async function handleDashboard(req) {
     const { path, method, authHeader } = req;
-    if (config.dashboardSecret) {
-      const url2 = new URL(path, "http://localhost");
-      const secretParam = url2.searchParams.get("secret");
-      const bearerToken = authHeader?.startsWith("Bearer ") ? authHeader.substring(7) : null;
-      const isAuthorized = secretParam === config.dashboardSecret || bearerToken === config.dashboardSecret;
-      if (!isAuthorized) {
-        return jsonResponse(401, {
-          error: "Unauthorized",
-          message: "Dashboard access requires a valid secret. Please set APPTVTY_DASHBOARD_SECRET."
-        });
-      }
-    }
     const url = new URL(path, "http://localhost");
     const cleanPath = url.pathname;
+    if (cleanPath.includes("/api/apptvty/verify")) {
+      const challenge = url.searchParams.get("challenge");
+      if (!challenge) {
+        return jsonResponse(400, { error: "Challenge required" });
+      }
+      const encoder = new TextEncoder();
+      const keyData = encoder.encode(config.apiKey);
+      const cryptoKey = await globalThis.crypto.subtle.importKey(
+        "raw",
+        keyData,
+        { name: "HMAC", hash: "SHA-256" },
+        false,
+        ["sign"]
+      );
+      const prefixedChallenge = `apptvty_verify_challenge:${challenge}`;
+      const signatureBuffer = await globalThis.crypto.subtle.sign("HMAC", cryptoKey, encoder.encode(prefixedChallenge));
+      const signature = Array.from(new Uint8Array(signatureBuffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+      return jsonResponse(200, {
+        site_id: config.siteId,
+        verified: true,
+        signature
+      });
+    }
+    if (!config.dashboardSecret) {
+      return jsonResponse(401, {
+        error: "Unauthorized",
+        message: "Dashboard access is disabled because APPTVTY_DASHBOARD_SECRET is not configured."
+      });
+    }
+    const secretParam = url.searchParams.get("secret");
+    const bearerToken = authHeader?.startsWith("Bearer ") ? authHeader.substring(7) : null;
+    const isAuthorized = secretParam === config.dashboardSecret || bearerToken === config.dashboardSecret;
+    if (!isAuthorized) {
+      return jsonResponse(401, {
+        error: "Unauthorized",
+        message: "Invalid dashboard secret. Please provide a valid secret to access."
+      });
+    }
+    if (config.debug) {
+      console.error(`[apptvty] DashboardHandler: path=${path}, cleanPath=${cleanPath}`);
+    }
     if (cleanPath.includes("/api/overview")) {
       const data = await client.getSiteStats();
       return jsonResponse(200, data);
@@ -1122,16 +1166,38 @@ function getInstance(config) {
 function withApptvty(config, next) {
   const { client, logger } = getInstance(config);
   const queryPath = config.queryPath ?? "/query";
-  return async function apptvtyMiddleware(request) {
+  return async function apptvtyMiddleware(request, event) {
     const startMs = Date.now();
     const userAgent = request.headers.get("user-agent") ?? "";
     const crawlerInfo = detectCrawler(userAgent);
     const scraperService = detectScraperService(userAgent);
     const aiCrawlerParam = parseBoolParam(request.nextUrl.searchParams.get("ai_crawler"), false);
     const isCrawler = crawlerInfo.isAi || aiCrawlerParam || scraperService.isScraperService;
+    if (request.nextUrl.pathname === "/api/apptvty/verify") {
+      const challenge = request.nextUrl.searchParams.get("challenge");
+      if (challenge) {
+        const encoder = new TextEncoder();
+        const keyData = encoder.encode(config.apiKey);
+        const cryptoKey = await globalThis.crypto.subtle.importKey(
+          "raw",
+          keyData,
+          { name: "HMAC", hash: "SHA-256" },
+          false,
+          ["sign"]
+        );
+        const prefixedChallenge = `apptvty_verify_challenge:${challenge}`;
+        const signatureBuffer = await globalThis.crypto.subtle.sign("HMAC", cryptoKey, encoder.encode(prefixedChallenge));
+        const signature = Array.from(new Uint8Array(signatureBuffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+        return import_server.NextResponse.json({
+          site_id: config.siteId,
+          verified: true,
+          signature
+        });
+      }
+    }
     let response;
     try {
-      response = next ? await next(request) : import_server.NextResponse.next();
+      response = next ? await next(request, event) : import_server.NextResponse.next();
     } catch (err) {
       throw err;
     }
@@ -1144,13 +1210,13 @@ function withApptvty(config, next) {
     const entry = {
       site_id: config.siteId,
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-      method: request.method,
-      path: pathname,
-      status_code: response.status,
+      request_method: request.method,
+      request_path: pathname,
+      response_status: response.status,
       response_time_ms: responseTimeMs,
       ip_address: getClientIp(headers),
       user_agent: userAgent,
-      referer: request.headers.get("referer"),
+      referrer: request.headers.get("referer"),
       is_ai_crawler: crawlerInfo.isAi,
       crawler_type: crawlerInfo.name,
       crawler_organization: crawlerInfo.organization,
@@ -1158,6 +1224,9 @@ function withApptvty(config, next) {
       scraper_service: scraperService.name
     };
     logger.enqueue(entry);
+    if (event && typeof event.waitUntil === "function") {
+      event.waitUntil(logger.flush());
+    }
     if (isCrawler && response.ok && !pathname.startsWith(queryPath)) {
       const contentType = response.headers.get("content-type") ?? "";
       if (contentType.includes("text/html")) {