cdp-edge 2.3.1 → 2.3.6

package/server-edge-tracker/index.ts

@@ -23,6 +23,12 @@ import {
   distanceBucketWeight,
   computeMetaSignalWeights,
   metaSignalBucket,
+  isValidEmail,
+  sanitizeString,
+  isValidUrl,
+  isValidValue,
+  isValidCurrency,
+  isValidUTM,
 } from './modules/utils';
 
 // ── Banco de dados (D1) ───────────────────────────────────────────────────────
@@ -39,6 +45,7 @@ import {
   resurrectUTM,
   upsertLtvProfile,
   recordLtvFeedback,
+  processWebhookDuplicateCheck,
 } from './modules/db';
 
 // ── Dispatch — plataformas de ads ─────────────────────────────────────────────
@@ -135,10 +142,10 @@ export default {
     const url = new URL(request.url);
 
     // ── Rate Limiter — camada 0, antes do Fraud Gate ─────────────────────────
+    // Usa apenas CF-Connecting-IP (injetado pela Cloudflare, não pode ser spoofado)
+    // X-Forwarded-For pode ser falsificado por atacantes para bypass rate limiter
     if (url.pathname === '/track' && request.method === 'POST' && env.RATE_LIMITER) {
-      const ip = request.headers.get('CF-Connecting-IP')
-              || request.headers.get('X-Forwarded-For')?.split(',')[0].trim()
-              || '0.0.0.0';
+      const ip = request.headers.get('CF-Connecting-IP') || 'unknown';
       const { success } = await env.RATE_LIMITER.limit({ key: ip });
       if (!success) {
         return new Response(JSON.stringify({ status: 'ok', queued: true }), { status: 200, headers });
@@ -265,6 +272,7 @@ export default {
       const { eventName, behavioral_data, ...payload } = body as { eventName?: string; behavioral_data?: BehavioralData; [key: string]: any };
       const trackPayload: TrackPayload = payload;
 
+      // ── Validação de eventName ────────────────────────────────────────
       if (!eventName) {
         return new Response(JSON.stringify({ error: 'eventName é obrigatório' }), { status: 400, headers });
       }
@@ -273,20 +281,91 @@ export default {
         return new Response(JSON.stringify({ error: `eventName desconhecido: ${eventName.slice(0, 64)}` }), { status: 400, headers });
       }
 
-      for (const field of STR_FIELDS) {
-        if (trackPayload[field as keyof TrackPayload] !== undefined && trackPayload[field as keyof TrackPayload] !== null) {
-          if (typeof trackPayload[field as keyof TrackPayload] !== 'string' || String(trackPayload[field as keyof TrackPayload]).length > 512) {
-            return new Response(JSON.stringify({ error: `Campo inválido: ${field}` }), { status: 400, headers });
+      // ── Sanitização e Validação de Campos String ──────────────────────
+      type SanitizeResult = { error?: string; sanitized: string | null };
+
+      const SANITIZE_FIELDS: Record<string, (val: string) => SanitizeResult> = {
+        email: (val: string) => {
+          if (!isValidEmail(val)) return { error: 'email inválido (formato incorreto)' };
+          return { sanitized: val.toLowerCase().trim() };
+        },
+        firstName: (val: string) => ({ sanitized: sanitizeString(val, 100) }),
+        lastName: (val: string) => ({ sanitized: sanitizeString(val, 100) }),
+        city: (val: string) => ({ sanitized: sanitizeString(val, 100) }),
+        state: (val: string) => ({ sanitized: sanitizeString(val, 100) }),
+        zip: (val: string) => ({ sanitized: sanitizeString(val, 20) }),
+        dob: (val: string) => ({ sanitized: sanitizeString(val, 20) }),
+        productName: (val: string) => ({ sanitized: sanitizeString(val, 200) }),
+        pageUrl: (val: string) => {
+          if (!isValidUrl(val)) return { error: 'pageUrl inválido (formato incorreto)' };
+          return { sanitized: val.trim() };
+        },
+        currency: (val: string) => {
+          if (!isValidCurrency(val)) return { error: 'currency inválido (deve ser código ISO 4217)' };
+          return { sanitized: val.trim().toUpperCase() };
+        },
+      };
+
+      // Sanitiza e valida campos específicos
+      for (const [field, validator] of Object.entries(SANITIZE_FIELDS)) {
+        const value = trackPayload[field as keyof TrackPayload];
+        if (value !== undefined && value !== null) {
+          if (typeof value !== 'string') {
+            return new Response(JSON.stringify({ error: `Campo ${field} deve ser string` }), { status: 400, headers });
+          }
+          const result = validator(value);
+          if (result.error) {
+            return new Response(JSON.stringify({ error: result.error }), { status: 400, headers });
+          }
+          if (result.sanitized !== null) {
+            trackPayload[field as keyof TrackPayload] = result.sanitized as any;
           }
         }
       }
 
+      // Sanitiza campos de string genéricos
+      const GENERIC_SANITIZE_FIELDS = ['utmSource', 'utmMedium', 'utmCampaign', 'utmContent', 'utmTerm'];
+      for (const field of GENERIC_SANITIZE_FIELDS) {
+        const value = trackPayload[field as keyof TrackPayload];
+        if (value !== undefined && value !== null) {
+          if (typeof value !== 'string') {
+            return new Response(JSON.stringify({ error: `Campo ${field} deve ser string` }), { status: 400, headers });
+          }
+          const utmType = `utm_${field.replace('utm', '').toLowerCase()}`;
+          if (!isValidUTM(value, utmType)) {
+            return new Response(JSON.stringify({ error: `Campo ${field} contém caracteres perigosos` }), { status: 400, headers });
+          }
+          const sanitized = sanitizeString(value, 200);
+          if (sanitized === null) {
+            return new Response(JSON.stringify({ error: `Campo ${field} inválido após sanitização` }), { status: 400, headers });
+          }
+          trackPayload[field as keyof TrackPayload] = sanitized as any;
+        }
+      }
+
+      // Sanitiza campos de string restantes
+      const TRACKING_ID_FIELDS = ['transactionId', 'fbclid', 'ttclid', 'gclid'];
+
+      for (const field of TRACKING_ID_FIELDS) {
+        const value = trackPayload[field as keyof TrackPayload];
+        if (value !== undefined && value !== null) {
+          if (typeof value !== 'string') {
+            return new Response(JSON.stringify({ error: `Campo ${field} deve ser string` }), { status: 400, headers });
+          }
+          const sanitized = sanitizeString(value, 512);
+          if (sanitized === null) {
+            return new Response(JSON.stringify({ error: `Campo ${field} inválido após sanitização` }), { status: 400, headers });
+          }
+          trackPayload[field as keyof TrackPayload] = sanitized as any;
+        }
+      }
+
+      // ── Validação de Valor Numérico ───────────────────────────────────
       if (trackPayload.value !== undefined && trackPayload.value !== null) {
-        const v = Number(trackPayload.value);
-        if (isNaN(v) || v < 0 || v > 9_999_999) {
-          return new Response(JSON.stringify({ error: 'value fora do intervalo permitido' }), { status: 400, headers });
+        if (!isValidValue(trackPayload.value)) {
+          return new Response(JSON.stringify({ error: 'value fora do intervalo permitido (0-9,999,999)' }), { status: 400, headers });
         }
-        trackPayload.value = v;
+        trackPayload.value = Number(trackPayload.value);
       }
 
       // ── Extrair dados comportamentais do browser ──────────────────────────
@@ -297,14 +376,46 @@ export default {
         // Sinais de engajamento profundo — usados no anti-falso-positivo e no LTV
         payload.scrollScore     = behavioral_data.scroll_score     ?? null;
         payload.timeLevel       = behavioral_data.time_level       ?? null;
-        payload.email     = payload.email     || behavioral_data.email      || null;
-        payload.phone     = payload.phone     || behavioral_data.phone      || null;
-        payload.firstName = payload.firstName || behavioral_data.first_name  || behavioral_data.firstName || null;
-        payload.lastName  = payload.lastName  || behavioral_data.last_name   || behavioral_data.lastName  || null;
-        payload.city      = payload.city      || behavioral_data.city        || null;
-        payload.state     = payload.state     || behavioral_data.state       || null;
-        payload.zip       = payload.zip       || behavioral_data.zip         || null;
-        payload.dob       = payload.dob       || behavioral_data.dob         || null;
+
+        // ── Sanitiza dados do behavioral_data ────────────────────────
+        // Os dados do behavioral_data podem vir do browser e ser manipulados
+        const sanitizedBehavioralEmail = behavioral_data.email && isValidEmail(behavioral_data.email)
+          ? behavioral_data.email.toLowerCase().trim()
+          : null;
+        const sanitizedBehavioralPhone = behavioral_data.phone
+          ? sanitizeString(behavioral_data.phone, 50)
+          : null;
+        const sanitizedBehavioralFirstName = behavioral_data.first_name || behavioral_data.firstName
+          ? sanitizeString(behavioral_data.first_name || behavioral_data.firstName, 100)
+          : null;
+        const sanitizedBehavioralLastName = behavioral_data.last_name || behavioral_data.lastName
+          ? sanitizeString(behavioral_data.last_name || behavioral_data.lastName, 100)
+          : null;
+        const sanitizedBehavioralCity = behavioral_data.city
+          ? sanitizeString(behavioral_data.city, 100)
+          : null;
+
+        // Usa dados sanitizados do behavioral_data se não existirem no payload principal
+        payload.email     = payload.email     || sanitizedBehavioralEmail;
+        payload.phone     = payload.phone     || sanitizedBehavioralPhone;
+        payload.firstName = payload.firstName || sanitizedBehavioralFirstName;
+        payload.lastName  = payload.lastName  || sanitizedBehavioralLastName;
+        payload.city      = payload.city      || sanitizedBehavioralCity;
+
+        // Sanitiza campos restantes do behavioral_data
+        const sanitizedBehavioralState = behavioral_data.state
+          ? sanitizeString(behavioral_data.state, 100)
+          : null;
+        const sanitizedBehavioralZip = behavioral_data.zip
+          ? sanitizeString(behavioral_data.zip, 20)
+          : null;
+        const sanitizedBehavioralDob = behavioral_data.dob
+          ? sanitizeString(behavioral_data.dob, 20)
+          : null;
+
+        payload.state = payload.state || sanitizedBehavioralState;
+        payload.zip   = payload.zip   || sanitizedBehavioralZip;
+        payload.dob   = payload.dob   || sanitizedBehavioralDob;
       }
 
       // ── Normalização de intent_score → 0.0–1.0 ──────────────────────────
@@ -510,7 +621,13 @@ export default {
         try {
           const profileRow = await env.DB.prepare('SELECT score FROM user_profiles WHERE user_id = ?').bind(trackPayload.userId).first();
           if (profileRow) currentScore = Number(profileRow.score) || 0;
-        } catch {}
+        } catch (err: any) {
+          console.error('[POST /track] Error fetching user profile score:', {
+            userId: trackPayload.userId,
+            error: err?.message || String(err),
+            stack: err?.stack,
+          });
+        }
       }
 
       const resHeaders = new Headers(headers);
@@ -549,15 +666,12 @@ export default {
       }
 
       const hmTxId = String(purchase.transaction || '');
-      if (hmTxId && env.DB) {
-        try {
-          const dup = await env.DB.prepare(
-            'SELECT id FROM webhook_events WHERE transaction_id = ? AND status = ?'
-          ).bind(hmTxId, 'processed').first();
-          if (dup) {
-            return new Response(JSON.stringify({ ok: true, skipped: 'duplicate' }), { status: 200, headers });
-          }
-        } catch {}
+      const dupCheck = await processWebhookDuplicateCheck(env, 'hotmart', hmTxId, JSON.stringify(wh), {
+        email: buyer.email,
+      });
+
+      if (dupCheck.duplicate) {
+        return new Response(JSON.stringify({ ok: true, skipped: 'duplicate' }), { status: 200, headers });
       }
 
       const profile = await getProfileByEmail(env, buyer.email);
@@ -584,14 +698,6 @@ export default {
         country:     profile?.country,
       };
 
-      if (hmTxId && env.DB) {
-        try {
-          await env.DB.prepare(
-            'INSERT OR IGNORE INTO webhook_events (platform, transaction_id, email, status, raw_payload) VALUES (?,?,?,?,?)'
-          ).bind('hotmart', hmTxId, buyer.email || null, 'processed', JSON.stringify(wh)).run();
-        } catch {}
-      }
-
       ctx.waitUntil(Promise.allSettled([
         sendMetaCapi(env, 'Purchase', payload, request, ctx),
         sendGA4Mp(env, 'purchase', payload, ctx),
@@ -622,15 +728,12 @@ export default {
       }
 
       const kwTxId = String(wh.order_id || '');
-      if (kwTxId && env.DB) {
-        try {
-          const dup = await env.DB.prepare(
-            'SELECT id FROM webhook_events WHERE transaction_id = ? AND status = ?'
-          ).bind(kwTxId, 'processed').first();
-          if (dup) {
-            return new Response(JSON.stringify({ ok: true, skipped: 'duplicate' }), { status: 200, headers });
-          }
-        } catch {}
+      const dupCheck = await processWebhookDuplicateCheck(env, 'kiwify', kwTxId, JSON.stringify(wh), {
+        email: customer.email,
+      });
+
+      if (dupCheck.duplicate) {
+        return new Response(JSON.stringify({ ok: true, skipped: 'duplicate' }), { status: 200, headers });
       }
 
       const customer = wh.Customer || {};
@@ -659,14 +762,6 @@ export default {
         country:     profile?.country,
       };
 
-      if (kwTxId && env.DB) {
-        try {
-          await env.DB.prepare(
-            'INSERT OR IGNORE INTO webhook_events (platform, transaction_id, email, status, raw_payload) VALUES (?,?,?,?,?)'
-          ).bind('kiwify', kwTxId, customer.email || null, 'processed', JSON.stringify(wh)).run();
-        } catch {}
-      }
-
       ctx.waitUntil(Promise.allSettled([
         sendMetaCapi(env, 'Purchase', payload, request, ctx),
         sendGA4Mp(env, 'purchase', payload, ctx),
@@ -716,15 +811,12 @@ export default {
       const transactionId = order.hash || order.transaction_hash || order.id;
       const tcTxId        = String(order.hash || order.transaction_hash || order.id || '');
 
-      if (tcTxId && env.DB) {
-        try {
-          const dup = await env.DB.prepare(
-            'SELECT id FROM webhook_events WHERE transaction_id = ? AND status = ?'
-          ).bind(tcTxId, 'processed').first();
-          if (dup) {
-            return new Response(JSON.stringify({ ok: true, skipped: 'duplicate' }), { status: 200, headers });
-          }
-        } catch {}
+      const dupCheck = await processWebhookDuplicateCheck(env, 'ticto', tcTxId, rawBody, {
+        email: customer.email,
+      });
+
+      if (dupCheck.duplicate) {
+        return new Response(JSON.stringify({ ok: true, skipped: 'duplicate' }), { status: 200, headers });
       }
 
       const urlUserId = tracking.user_id || wh.url_params?.user_id;
@@ -734,7 +826,14 @@ export default {
           profile = await env.DB.prepare(
             'SELECT * FROM user_profiles WHERE user_id = ? ORDER BY updated_at DESC LIMIT 1'
           ).bind(urlUserId).first();
-        } catch {}
+        } catch (err: any) {
+          console.error('[POST /webhook/ticto] Error fetching user profile by userId:', {
+            userId: urlUserId,
+            email: customer.email,
+            error: err?.message || String(err),
+            stack: err?.stack,
+          });
+        }
       }
 
       const fbclid = tracking.fbclid || wh.url_params?.fbclid;
@@ -767,14 +866,6 @@ export default {
         utmContent:  tracking.utm_content  || '',
       };
 
-      if (tcTxId && env.DB) {
-        try {
-          await env.DB.prepare(
-            'INSERT OR IGNORE INTO webhook_events (platform, transaction_id, email, status, raw_payload) VALUES (?,?,?,?,?)'
-          ).bind('ticto', tcTxId, customer.email || null, 'processed', JSON.stringify(wh)).run();
-        } catch {}
-      }
-
       ctx.waitUntil(Promise.allSettled([
         sendMetaCapi(env, 'Purchase', payload, request, ctx),
         sendGA4Mp(env, 'purchase', payload, ctx),
@@ -882,15 +973,18 @@ export default {
   },
 
   // ── Queue Consumer — Retry de eventos com falha ───────────────────────────────
-  async queue(batch: any, env: Env) {
+  async queue(batch: any, env: Env, ctx: ExecutionContext) {
     for (const message of batch.messages) {
       const { eventType, payload, platform } = message.body as { eventType: string; payload: TrackPayload; platform: string; attempt?: number };
 
-
       try {
-        if (platform === 'meta')   await sendMetaCapi(env, eventType, payload, null, null);
-        if (platform === 'ga4')    await sendGA4Mp(env, eventType, payload, null);
-        if (platform === 'tiktok') await sendTikTokApi(env, eventType, payload, null, null);
+        if (platform === 'meta')      await sendMetaCapi(env, eventType, payload, null, ctx);
+        if (platform === 'ga4')       await sendGA4Mp(env, eventType, payload, ctx);
+        if (platform === 'tiktok')    await sendTikTokApi(env, eventType, payload, null, ctx);
+        if (platform === 'pinterest') await sendPinterestCapi(env, eventType, payload, null, ctx);
+        if (platform === 'reddit')    await sendRedditCapi(env, eventType, payload, null, ctx);
+        if (platform === 'linkedin')  await sendLinkedInCapi(env, eventType, payload, null, ctx);
+        if (platform === 'spotify')   await sendSpotifyCapi(env, eventType, payload, null, ctx);
 
         message.ack();
       } catch (err: any) {

package/server-edge-tracker/modules/db.ts

@@ -332,7 +332,13 @@ export async function enrichGeoFromEdge(request: Request, env: Env, payload: Tra
     try {
       const cached = await env.GEO_CACHE.get(`geo:${ip}`, 'json') as GeoData | null;
       if (cached) geoData = cached;
-    } catch {}
+    } catch (err: any) {
+      console.error('[DB] Error fetching geo data from cache:', {
+        ip,
+        error: err?.message || String(err),
+        stack: err?.stack,
+      });
+    }
   }
 
   if (!geoData) {
@@ -355,7 +361,14 @@ export async function enrichGeoFromEdge(request: Request, env: Env, payload: Tra
     if (env.GEO_CACHE && ip && geoData.country) {
       try {
         await env.GEO_CACHE.put(`geo:${ip}`, JSON.stringify(geoData), { expirationTtl: 3600 });
-      } catch {}
+      } catch (err: any) {
+        console.error('[DB] Error caching geo data:', {
+          ip,
+          country: geoData.country,
+          error: err?.message || String(err),
+          stack: err?.stack,
+        });
+      }
     }
   }
 
@@ -640,3 +653,50 @@ export async function logIntelligence(DB: D1Database, runType: string, platform:
     console.error('logIntelligence error:', err?.message || String(err));
   }
 }
+
+// ── Webhook Processing Helper ─────────────────────────────────────────────────
+/**
+ * Processa webhook de e-commerce (Hotmart, Kiwify, Ticto, etc.)
+ * - Verifica duplicatas
+ * - Registra evento em webhook_events
+ * - Retorna true se já foi processado, false se deve continuar
+ */
+export async function processWebhookDuplicateCheck(
+  env: Env,
+  platform: string,
+  transactionId: string,
+  rawPayload: string,
+  context?: { email?: string; orderId?: string }
+): Promise<{ duplicate: boolean; error?: string }> {
+  if (!env.DB) {
+    return { duplicate: false };
+  }
+
+  try {
+    // 1. Verifica duplicatas
+    const dup = await env.DB.prepare(
+      'SELECT id FROM webhook_events WHERE transaction_id = ? AND platform = ? AND status = ?'
+    ).bind(transactionId, platform, 'processed').first();
+
+    if (dup) {
+      console.log(`[Webhook] Duplicate event skipped: ${platform}/${transactionId}`);
+      return { duplicate: true };
+    }
+
+    // 2. Registra o evento
+    await env.DB.prepare(
+      'INSERT OR IGNORE INTO webhook_events (platform, transaction_id, email, status, raw_payload) VALUES (?,?,?,?,?)'
+    ).bind(platform, transactionId, context?.email || null, 'processed', rawPayload).run();
+
+    return { duplicate: false };
+  } catch (err: any) {
+    console.error(`[Webhook] Error processing ${platform}/${transactionId}:`, {
+      platform,
+      transactionId,
+      email: context?.email,
+      error: err?.message || String(err),
+      stack: err?.stack,
+    });
+    return { duplicate: false, error: err?.message || String(err) };
+  }
+}

package/server-edge-tracker/modules/dispatch/ga4.ts

@@ -62,6 +62,11 @@ export async function sendGA4Mp(env: Env, ga4EventName: string, payload: TrackPa
       ctx.waitUntil(logApiFailure(env.DB, 'ga4', ga4EventName, 'FETCH_ERROR', err?.message || String(err), '', JSON.stringify(body)));
     }
 
+    if (env.RETRY_QUEUE) {
+      const send = env.RETRY_QUEUE.send({ eventType: ga4EventName, payload, platform: 'ga4' });
+      if (ctx) ctx.waitUntil(send); else send.catch(() => {});
+    }
+
     return { error: err?.message || String(err) };
   }
 }

package/server-edge-tracker/modules/dispatch/meta.ts

@@ -133,6 +133,11 @@ export async function sendMetaCapi(env: Env, eventName: string, payload: TrackPa
       ctx.waitUntil(logApiFailure(env.DB, 'meta', eventName, 'FETCH_ERROR', err?.message || String(err), eventPayload.event_id, JSON.stringify(requestBody)));
     }
 
+    if (env.RETRY_QUEUE) {
+      const send = env.RETRY_QUEUE.send({ eventType: eventName, payload, platform: 'meta' });
+      if (ctx) ctx.waitUntil(send); else send.catch(() => {});
+    }
+
     return { error: err?.message || String(err) };
   }
 }

package/server-edge-tracker/modules/dispatch/platforms.ts

@@ -65,6 +65,10 @@ export async function sendPinterestCapi(env: Env, eventName: string, payload: Tr
   } catch (err: any) {
     console.error('Pinterest CAPI fetch failed:', err?.message || String(err));
     if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'pinterest', eventName, 'FETCH_ERROR', err?.message || String(err), '', JSON.stringify(body)));
+    if (env.RETRY_QUEUE) {
+      const send = env.RETRY_QUEUE.send({ eventType: eventName, payload, platform: 'pinterest' });
+      if (ctx) ctx.waitUntil(send); else send.catch(() => {});
+    }
     return { error: err?.message || String(err) };
   }
 }
@@ -123,6 +127,10 @@ export async function sendRedditCapi(env: Env, eventName: string, payload: Track
   } catch (err: any) {
     console.error('Reddit CAPI fetch failed:', err?.message || String(err));
     if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'reddit', eventName, 'FETCH_ERROR', err?.message || String(err), '', JSON.stringify(body)));
+    if (env.RETRY_QUEUE) {
+      const send = env.RETRY_QUEUE.send({ eventType: eventName, payload, platform: 'reddit' });
+      if (ctx) ctx.waitUntil(send); else send.catch(() => {});
+    }
     return { error: err?.message || String(err) };
   }
 }
@@ -178,6 +186,10 @@ export async function sendLinkedInCapi(env: Env, eventName: string, payload: Tra
   } catch (err: any) {
     console.error('LinkedIn CAPI fetch failed:', err?.message || String(err));
     if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'linkedin', eventName, 'FETCH_ERROR', err?.message || String(err), '', JSON.stringify(body)));
+    if (env.RETRY_QUEUE) {
+      const send = env.RETRY_QUEUE.send({ eventType: eventName, payload, platform: 'linkedin' });
+      if (ctx) ctx.waitUntil(send); else send.catch(() => {});
+    }
     return { error: err?.message || String(err) };
   }
 }
@@ -234,6 +246,10 @@ export async function sendSpotifyCapi(env: Env, eventName: string, payload: Trac
   } catch (err: any) {
     console.error('Spotify CAPI fetch failed:', err?.message || String(err));
     if (env.DB && ctx) ctx.waitUntil(logApiFailure(env.DB, 'spotify', eventName, 'FETCH_ERROR', err?.message || String(err), '', JSON.stringify(body)));
+    if (env.RETRY_QUEUE) {
+      const send = env.RETRY_QUEUE.send({ eventType: eventName, payload, platform: 'spotify' });
+      if (ctx) ctx.waitUntil(send); else send.catch(() => {});
+    }
     return { error: err?.message || String(err) };
   }
 }

package/server-edge-tracker/modules/dispatch/tiktok.ts

@@ -97,6 +97,11 @@ export async function sendTikTokApi(env: Env, eventName: string, payload: TrackP
       ctx.waitUntil(logApiFailure(env.DB, 'tiktok', eventName, 'FETCH_ERROR', err?.message || String(err), '', JSON.stringify(body)));
     }
 
+    if (env.RETRY_QUEUE) {
+      const send = env.RETRY_QUEUE.send({ eventType: eventName, payload, platform: 'tiktok' });
+      if (ctx) ctx.waitUntil(send); else send.catch(() => {});
+    }
+
     return { error: err?.message || String(err) };
   }
 }

package/server-edge-tracker/modules/ml/fraud.ts

@@ -110,7 +110,15 @@ export async function logFraudSignal(env: Env, request: Request, payload: TrackP
 
     let emailHash = null;
     if (payload.email) {
-      try { emailHash = await sha256(payload.email.trim().toLowerCase()); } catch {}
+      try {
+        emailHash = await sha256(payload.email.trim().toLowerCase());
+      } catch (err: any) {
+        console.error('[Fraud] Error generating email hash:', {
+          email: payload.email,
+          error: err?.message || String(err),
+          stack: err?.stack,
+        });
+      }
     }
 
     await env.DB.prepare(`

package/server-edge-tracker/modules/ml/logistic.ts

@@ -177,7 +177,13 @@ export async function loadActiveWeights(env: Env): Promise<LogisticModel | null>
     try {
       const cached = await env.GEO_CACHE.get(LTV_WEIGHTS_KV_KEY, 'json') as LogisticModel | null;
       if (cached?.weights?.length) return cached;
-    } catch {}
+    } catch (err: any) {
+      console.error('[Logistic] Error fetching LTV weights from KV cache:', {
+        key: LTV_WEIGHTS_KV_KEY,
+        error: err?.message || String(err),
+        stack: err?.stack,
+      });
+    }
   }
 
   // 2. Fallback: D1

package/server-edge-tracker/modules/ml/ltv.ts

@@ -378,13 +378,28 @@ export async function handleLtvAbTestResults(env: Env, request: Request, headers
   if (!env.DB) return new Response(JSON.stringify({ error: 'DB não configurado' }), { status: 503, headers });
 
   const url    = new URL(request.url);
-  const testId = url.searchParams.get('test_id') || null;
+  const testId = url.searchParams.get('test_id');
 
   try {
-    const cond    = testId ? 'WHERE test_id = ?' : 'WHERE status = \'running\'';
-    const testBind = testId ? [parseInt(testId)] : [];
-
-    const testRes = await env.DB.prepare(`SELECT id, name, status, min_sample, winner_id, started_at FROM ltv_ab_tests ${cond} LIMIT 1`).bind(...testBind).first();
+    let testRes: any;
+
+    if (testId) {
+      // Query específica para teste por ID
+      testRes = await env.DB.prepare(`
+        SELECT id, name, status, min_sample, winner_id, started_at
+        FROM ltv_ab_tests
+        WHERE test_id = ?
+        LIMIT 1
+      `).bind(parseInt(testId)).first();
+    } else {
+      // Query padrão: busca teste ativo em execução
+      testRes = await env.DB.prepare(`
+        SELECT id, name, status, min_sample, winner_id, started_at
+        FROM ltv_ab_tests
+        WHERE status = 'running'
+        LIMIT 1
+      `).first();
+    }
     if (!testRes) return new Response(JSON.stringify({ error: 'Nenhum teste encontrado' }), { status: 404, headers });
 
     const perf = await env.DB.prepare(`SELECT * FROM v_ab_test_performance WHERE test_id = ?`).bind((testRes as any).id).all();

package/server-edge-tracker/modules/ml/matchquality.ts

@@ -101,7 +101,14 @@ export async function autoEnrichPayload(env: Env, payload: TrackPayload): Promis
         if (profile.fbc && !payload.fbc)  payload.fbc = profile.fbc as string;
         if (profile.phone && !payload.phone) payload.phone = profile.phone as string;
       }
-    } catch {}
+    } catch (err: any) {
+      console.error('[MatchQuality] Error enriching payload with profile data:', {
+        userId: payload.userId,
+        email: payload.email,
+        error: err?.message || String(err),
+        stack: err?.stack,
+      });
+    }
   }
 
   // 2. UTM Resurrection já foi tentada no /track handler (payload.utmRestored)
@@ -216,5 +223,10 @@ export async function purgeOldMatchQualityLogs(DB: D1Database): Promise<void> {
     await DB.prepare(
       `DELETE FROM match_quality_log WHERE logged_at < datetime('now', '-30 days')`
     ).run();
-  } catch {}
+  } catch (err: any) {
+    console.error('[MatchQuality] Error purging old match quality logs:', {
+      error: err?.message || String(err),
+      stack: err?.stack,
+    });
+  }
 }