npm - cdp-edge - Versions diffs - 2.5.9 → 2.6.1 - Mend

cdp-edge 2.5.9 → 2.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

package/server-edge-tracker/modules/db.ts CHANGED Viewed

@@ -55,7 +55,7 @@ export async function saveLead(env: Env, eventName: string, payload: TrackPayloa
       city, state, country,
       fbp, fbc, userId,
       utmSource, utmMedium, utmCampaign, utmContent, utmTerm,
-      pageUrl, value, currency, eventId, botScore,
+      pageUrl, value, currency, eventId, event_id, botScore,
       engagementScore, intentionLevel, utmRestored,
     } = payload;
@@ -69,7 +69,7 @@ export async function saveLead(env: Env, eventName: string, payload: TrackPayloa
       ) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,datetime('now'))
     `).bind(
       eventName,
-      eventId       || null,
+      eventId       || event_id || null,
       email         || null,
       normalizePhone(phone) || null,
       firstName     || null,

package/server-edge-tracker/modules/dispatch/meta.ts CHANGED Viewed

@@ -15,6 +15,9 @@ interface EnrichedPayload {
 }
 export async function sendMetaCapi(env: Env, eventName: string, payload: TrackPayload, request: Request | null, ctx: ExecutionContext | null): Promise<any> {
+  if (env.DISABLE_EXTERNAL_DISPATCH === '1') return { skipped: 'external dispatch disabled' };
+  if (!env.META_ACCESS_TOKEN) return { skipped: 'META_ACCESS_TOKEN not set' };
   // Auto-enriquecer payload com dados do Identity Graph antes do envio
   let recovered = { email: false, utm: false };
   if (env.DB && payload) {

package/server-edge-tracker/modules/dispatch/tiktok.ts CHANGED Viewed

@@ -9,6 +9,7 @@ import { Env, TrackPayload } from '../../types.js';
 import { ExecutionContext } from '@cloudflare/workers-types';
 export async function sendTikTokApi(env: Env, eventName: string, payload: TrackPayload, request: Request | null, ctx: ExecutionContext | null): Promise<any> {
+  if (env.DISABLE_EXTERNAL_DISPATCH === '1') return { skipped: 'external dispatch disabled' };
   if (!env.TIKTOK_ACCESS_TOKEN) return { skipped: 'TIKTOK_ACCESS_TOKEN not set' };
   const pixelId = env.TIKTOK_PIXEL_ID;

package/server-edge-tracker/modules/dispatch/whatsapp.ts CHANGED Viewed

@@ -264,6 +264,9 @@ export async function processWhatsAppWebhook(env: Env, body: any, request: Reque
 export async function verifyHmac(secret: string, rawBody: string, receivedSignature: string): Promise<boolean> {
   if (!secret || !receivedSignature) return false;
   try {
+    const normalizedSignature = receivedSignature.startsWith('sha256=')
+      ? receivedSignature.slice('sha256='.length)
+      : receivedSignature;
     const key = await crypto.subtle.importKey(
       'raw',
       new TextEncoder().encode(secret),
@@ -273,10 +276,10 @@ export async function verifyHmac(secret: string, rawBody: string, receivedSignat
     );
     const sig = await crypto.subtle.sign('HMAC', key, new TextEncoder().encode(rawBody));
     const computed = Array.from(new Uint8Array(sig)).map(b => b.toString(16).padStart(2, '0')).join('');
-    if (computed.length !== receivedSignature.length) return false;
+    if (computed.length !== normalizedSignature.length) return false;
     let diff = 0;
     for (let i = 0; i < computed.length; i++) {
-      diff |= computed.charCodeAt(i) ^ receivedSignature.charCodeAt(i);
+      diff |= computed.charCodeAt(i) ^ normalizedSignature.toLowerCase().charCodeAt(i);
     }
     return diff === 0;
   } catch {

package/server-edge-tracker/modules/utils.ts CHANGED Viewed

@@ -36,7 +36,7 @@ export function corsHeaders(origin: string | null, siteDomain: string | null): R
   return {
     'Access-Control-Allow-Origin':  allowed || '*',
     'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
-    'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With',
+    'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With, Authorization',
     'Access-Control-Max-Age':       '86400',
   };
 }

package/server-edge-tracker/types.ts CHANGED Viewed

@@ -30,11 +30,14 @@ export interface Env {
   GA4_MEASUREMENT_ID?: string;
   TIKTOK_PIXEL_ID?: string;
   SITE_DOMAIN?: string;
+  DISABLE_EXTERNAL_DISPATCH?: string;
   // Secrets
+  ADMIN_API_TOKEN?: string;
   META_ACCESS_TOKEN?: string;
   GA4_API_SECRET?: string;
   TIKTOK_ACCESS_TOKEN?: string;
+  META_APP_SECRET?: string;
   WA_WEBHOOK_VERIFY_TOKEN?: string;
   // WhatsApp Cloud API — nomes canônicos (Meta Cloud API v25.0)
   WHATSAPP_ACCESS_TOKEN?: string;       // canonical: Bearer token do System User

package/server-edge-tracker/wrangler.toml CHANGED Viewed

@@ -125,6 +125,7 @@ head_sampling_rate = 1
 # Só execute o comando abaixo se o secret ainda não existir:
 #
 # wrangler secret put META_ACCESS_TOKEN        ← token Meta CAPI
+# wrangler secret put ADMIN_API_TOKEN          ← token Bearer para rotas /api/* administrativas
 # wrangler secret put GA4_API_SECRET           ← secret GA4 Measurement Protocol
 # wrangler secret put TIKTOK_ACCESS_TOKEN      ← token TikTok Events API (opcional)
 # wrangler secret put META_AD_ACCOUNT_ID       ← ID da conta de anúncios Meta
@@ -134,6 +135,7 @@ head_sampling_rate = 1
 # wrangler secret put WA_PHONE_ID              ← ID legado do número (compatibilidade)
 # wrangler secret put WA_NOTIFY_NUMBER         ← Número que recebe alertas de venda/lead
 # wrangler secret put WA_WEBHOOK_VERIFY_TOKEN  ← Token de verificação do webhook WhatsApp
+# wrangler secret put META_APP_SECRET          ← App Secret para validar x-hub-signature-256 do WhatsApp
 # wrangler secret put WEBHOOK_SECRET_TICTO     ← HMAC-SHA256 Ticto
 # wrangler secret put CALLMEBOT_PHONE          ← Número CallMeBot para alertas
 # wrangler secret put CALLMEBOT_APIKEY         ← API Key CallMeBot

package/templates/checkout-proprio.md CHANGED Viewed

@@ -31,7 +31,7 @@ Este script captura dados à medida que o usuário preenche o formulário.
 ```javascript
 <script>
 (function() {
-  const WORKER_URL = 'https://api.seusite.com/api/tracking';
+  const WORKER_URL = 'https://api.seusite.com/track';
   // Atualização de identidade ao sair do campo (Blur Event)
   const inputs = document.querySelectorAll('input[type="email"], input[type="tel"]');

package/templates/install/CLAUDE.md CHANGED Viewed

@@ -58,7 +58,7 @@ cdp-edge/
 ## Regras obrigatórias (CDP Edge)
-- **Nunca usar GTM, Stape.io ou VPS** — sempre Cloudflare Native
+- **Arquitetura Cloudflare Native** — Workers, D1, KV, Queues e rotas same-domain
 - **Same-domain only** — o Worker deve rodar no domínio do funil
 - **SHA256 no Worker** — nunca hashar no browser
 - **event_id idêntico** entre browser e server para deduplicação

package/templates/multi-step-checkout.md CHANGED Viewed

@@ -50,7 +50,7 @@ Step 4: Confirmação / Obrigado
 <script src="/js/cdpTrack.js" async></script>
 <script>
   window.cdpConfig = {
-    workerUrl: '/api/tracking',  // Same-Domain (furtivo)
+    workerUrl: '/track',  // Same-Domain (furtivo)
     metaId: 'SEU_PIXEL_ID',
     ga4Id: 'G-XXXXXXXX',
     tiktokId: 'C4XXXXXXXXXXXXXXX',
@@ -204,7 +204,7 @@ document.addEventListener('visibilitychange', async () => {
     const cdp_uid = document.cookie.match(/cdp_uid=([^;]+)/)?.[1] || '';
     // Usa navigator.sendBeacon para garantir envio mesmo se browser encerrar
-    navigator.sendBeacon('/api/tracking', JSON.stringify({
+    navigator.sendBeacon('/track', JSON.stringify({
       event_name: 'CheckoutAbandonment',
       cdp_uid,
       step: checkoutState.step,
@@ -236,7 +236,7 @@ export default {
       return new Response(null, { headers: cors });
     }
-    if (url.pathname === '/api/tracking') {
+    if (url.pathname === '/track') {
       return handleTracking(request, env, ctx);
     }
@@ -589,7 +589,7 @@ CREATE INDEX IF NOT EXISTS idx_events_created ON events_log(created_at);
 - [ ] CheckoutAbandonment usa `navigator.sendBeacon` para garantir envio
 ### Cloudflare Worker
-- [ ] Endpoint `/api/tracking` configurado como Route no Cloudflare
+- [ ] Endpoint `/track` configurado como Route no Cloudflare
 - [ ] Identity Graph atualizado progressivamente conforme usuário preenche campos
 - [ ] Meta CAPI v25.0 endpoint correto
 - [ ] TikTok Events API v1.3 endpoint correto

package/templates/reddit/conversions-api-template.js CHANGED Viewed

@@ -183,7 +183,7 @@ function generateEventId() {
  * @param {Object} data - Dados completos do evento
  */
 async function sendToServer(eventName, data) {
-  const serverUrl = '/api/track'; // ou URL configurada
+  const serverUrl = '/track'; // ou URL configurada
   await fetch(serverUrl, {
     method: 'POST',

package/templates/scenarios/behavior-engine.js CHANGED Viewed

@@ -299,7 +299,7 @@ const BehaviorEngine = {
             fields_count: formInteracted.size,
             meta_intensity: 'medium',
           });
-          navigator.sendBeacon('/api/tracking', new Blob([data], { type: 'application/json' }));
+          navigator.sendBeacon('/track', new Blob([data], { type: 'application/json' }));
         }
       }
     });

package/templates/scenarios/sales-page-logic.md CHANGED Viewed

@@ -19,7 +19,7 @@ Mede a eficácia do vídeo de vendas antes do botão de compra aparecer.
 *   **Ação**: Disparar `ViewContent` (25/50/75) e `AddToCart` (100% ou clique no botão).
 ### 3. Adblock Immunity (Stealth Tracking)
-Utiliza rotas no mesmo domínio (ex: `/api/tracking`) para garantir que o script de rastreamento não seja bloqueado por uBlock ou Ghostery.
+Utiliza rotas no mesmo domínio (ex: `/track`) para garantir que o script de rastreamento não seja bloqueado por uBlock ou Ghostery.
 ---

package/templates/trafego-direto.md CHANGED Viewed

@@ -34,7 +34,7 @@
 ┌─────────────────────────────────────────────────────────────┐
 │ Cloudflare Worker (Quantum Tier)                            │
 │
-│  Endpoint: /api/tracking (Same-Domain)                 │
+│  Endpoint: /track (Same-Domain)                 │
 │  - Recebe eventos do browser                            │
 │  - Salva sessão no D1 (fbp, fbc, ttp, UTMs)       │
 │  - Despacha para APIs: Meta, GA4, TikTok              │
@@ -78,7 +78,7 @@
 <script src="/js/cdpTrack.js" async></script>
 <script>
   window.cdpConfig = {
-    workerUrl: '/api/tracking',  // Same-Domain (furtivo)
+    workerUrl: '/track',  // Same-Domain (furtivo)
     metaId: 'SEU_PIXEL_ID',
     ga4Id: 'G-XXXXXXXX',
     tiktokId: 'C4XXXXXXXXXXXXXXX',
@@ -182,7 +182,7 @@ export default {
     }
     // Endpoint principal de tracking
-    if (url.pathname === '/api/tracking') {
+    if (url.pathname === '/track') {
       return handleTracking(request, env, ctx);
     }
@@ -500,13 +500,13 @@ CREATE INDEX IF NOT EXISTS idx_fbc ON identity_graph(fbc);
 ### Browser
 - [ ] cdp_uid gerado no primeiro acesso e persistido por 1 ano
-- [ ] PageView disparado via Fetch para `/api/tracking`
+- [ ] PageView disparado via Fetch para `/track`
 - [ ] InitiateCheckout disparado antes do redirecionamento
 - [ ] cdp_uid injetado na URL do checkout (xcod/sck/src)
 - [ ] UTMs capturados e salvos no D1
 ### Cloudflare Worker
-- [ ] Endpoint `/api/tracking` configurado como Route no Cloudflare
+- [ ] Endpoint `/track` configurado como Route no Cloudflare
 - [ ] Endpoint `/api/wh/{plataforma}` para webhooks
 - [ ] Salvar sessão no D1 com todos os cookies
 - [ ] D1 lookup pelo cdp_uid ao receber webhook
@@ -527,13 +527,13 @@ CREATE INDEX IF NOT EXISTS idx_fbc ON identity_graph(fbc);
 ```
 1. Visitante acessa a página de vendas
    └── JS: gera cdp_uid → salva cookie (1 ano)
-   └── JS: dispara PageView → /api/tracking
+   └── JS: dispara PageView → /track
    └── Worker: salva sessão no D1 (fbp, fbc, ttp, UTMs, IP)
    └── Worker: dispatch → Meta, GA4, TikTok (PageView)
 2. Visitante clica no botão de compra
    └── JS: intercepta clique → previne redirecionamento
-   └── JS: dispara InitiateCheckout → /api/tracking
+   └── JS: dispara InitiateCheckout → /track
    └── Worker: atualiza sessão no D1
    └── Worker: dispatch → Meta, GA4, TikTok (InitiateCheckout)
    └── JS: injeta cdp_uid na URL (xcod/sck/src)

package/templates/vsl-page.md CHANGED Viewed

@@ -35,7 +35,7 @@
 ┌─────────────────────────────────────────────────────────────────┐
 │ Cloudflare Worker                                               │
 │                                                                 │
-│  /api/tracking:                                                 │
+│  /track:                                                 │
 │    VideoProgress 75% → Meta: ViewContent + TikTok: ViewContent  │
 │    Lead → Meta: Lead + GA4: generate_lead + TikTok: SubmitForm  │
 │    InitiateCheckout → Meta + GA4 + TikTok                       │
@@ -175,7 +175,7 @@ function dispatchEvent(eventName, data = {}) {
 ### Configurar no Worker (`worker.js`) — handler de VideoProgress:
 ```javascript
-// Dentro do handler /api/tracking, adicionar case para VideoProgress
+// Dentro do handler /track, adicionar case para VideoProgress
 case 'VideoProgress':
   const vp = payload.behavioral_data?.progress_percent || 0;
   // Só disparar plataformas em thresholds significativos