src/app/api/public/email-pixel/%5BsendId%5D/route.ts

import { NextResponse, type NextRequest } from 'next/server';
import { and, eq, sql } from 'drizzle-orm';

import { db } from '@/lib/db';
import { documentSendOpens, documentSends } from '@/lib/db/schema/brochures';
import { logger } from '@/lib/logger';
import { trackEvent } from '@/lib/services/umami.service';

/**
 * GET /api/public/email-pixel/[sendId]
 *
 * Returns a 1×1 transparent GIF and records an open event in
 * `document_send_opens` + bumps the cached aggregates on `document_sends`.
 *
 * Lookups are gated by `track_opens=true` on the send row, so a leaked
 * sendId for an untracked email is a no-op (the pixel still returns
 * 200/GIF so email clients don't surface a broken-image icon).
 *
 * Privacy: we deliberately don't store IP addresses or any data beyond
 * user-agent + referer. Apple Mail privacy proxy pre-fetches images, so
 * opens from iOS users are over-counted; image-blocking clients
 * (Outlook with images disabled) under-count. Standard email-tracking
 * caveats apply.
 */

// 1×1 transparent GIF, base64-encoded. Generated once at module-load so
// every request returns the same buffer without re-allocating.
const TRANSPARENT_GIF = Buffer.from(
  'R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7',
  'base64',
);

function gifResponse(): NextResponse {
  return new NextResponse(TRANSPARENT_GIF as unknown as BodyInit, {
    status: 200,
    headers: {
      'Content-Type': 'image/gif',
      'Content-Length': String(TRANSPARENT_GIF.length),
      // Tell every upstream cache to keep its hands off — we count opens
      // on the FETCH itself, so any cached response is a missed open.
      'Cache-Control': 'no-store, no-cache, must-revalidate, private',
      Pragma: 'no-cache',
      Expires: '0',
    },
  });
}

export async function GET(
  req: NextRequest,
  ctx: { params: Promise<{ sendId: string }> },
): Promise<NextResponse> {
  const { sendId } = await ctx.params;

  try {
    // Look up the send row; ignore unknown / un-tracked sends silently.
    const sendRow = await db.query.documentSends.findFirst({
      where: and(eq(documentSends.id, sendId), eq(documentSends.trackOpens, true)),
      columns: { id: true, portId: true, recipientEmail: true, documentKind: true },
    });
    if (!sendRow) return gifResponse();

    const userAgent = req.headers.get('user-agent');
    const referer = req.headers.get('referer');

    // Best-effort write — never block the pixel response on a slow DB.
    // The pixel must return promptly so email clients render normally.
    db.insert(documentSendOpens)
      .values({
        portId: sendRow.portId,
        sendId: sendRow.id,
        userAgent: userAgent ?? null,
        referer: referer ?? null,
      })
      .then(() =>
        db
          .update(documentSends)
          .set({
            openCount: sql`${documentSends.openCount} + 1`,
            firstOpenedAt: sql`COALESCE(${documentSends.firstOpenedAt}, NOW())`,
          })
          .where(eq(documentSends.id, sendRow.id)),
      )
      .catch((err) => {
        logger.warn({ err, sendId: sendRow.id }, 'email-pixel: failed to record open');
      });

    // Cross-post to Umami so the marketing funnel includes opens. Don't
    // await — fire-and-forget so the pixel response stays fast.
    trackEvent(
      sendRow.portId,
      'email-opened',
      {
        sendId: sendRow.id,
        documentKind: sendRow.documentKind,
      },
      'email://pixel',
    ).catch((err) => {
      logger.debug({ err, sendId: sendRow.id }, 'email-pixel: umami cross-post failed');
    });

    return gifResponse();
  } catch (err) {
    logger.warn({ err, sendId }, 'email-pixel: unexpected error');
    return gifResponse();
  }
}
-												feat(analytics): Umami website-analytics suite — world map, realtime, sessions, heatmap, pixel tracking, tracked links

Adds the read-side Umami integration queued in last week's
website-analytics plan (Phases 1–6 of `docs/website-analytics-flesh-out-plan.md`):

- Realtime panel polls Umami at 5s intervals; world map renders visitor
  origins via echarts + `public/world-map/echarts-world.json` topo.
- Sessions list + session-detail-sheet drill-down (per-session event
  timeline pulled from `/api/v1/website-analytics`).
- Weekly heatmap (day-of-week × hour-of-day) for engagement timing.
- Metric-detail pages under `/[portSlug]/website-analytics/[metric]`
  for pageviews / referrers / events deep-dives.
- Email-pixel write path: `/api/public/email-pixel/[sendId]` 1×1 GIF
  beacon backed by `email_open_tracking` (migration 0076); resolves
  inline on render in inbox.
- Tracked-link redirect: `/q/[slug]` routes through `tracked_links`
  (migration 0077) and forwards to the canonical destination after
  logging the click.
- Dashboard `website-glance-tile` now reads from the live Umami service
  instead of placeholder data.

Deps: `@umami/node`, `echarts`, `echarts-for-react`, `@types/geojson`,
`@types/topojson-client`.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

											
										
										
											2026-05-20 15:53:41 +02:00
+								import { NextResponse, type NextRequest } from 'next/server';
 								import { and, eq, sql } from 'drizzle-orm';
 								import { db } from '@/lib/db';
 								import { documentSendOpens, documentSends } from '@/lib/db/schema/brochures';
 								import { logger } from '@/lib/logger';
 								import { trackEvent } from '@/lib/services/umami.service';
 								/**
 								 * GET /api/public/email-pixel/[sendId]
 								 *
 								 * Returns a 1×1 transparent GIF and records an open event in
 								 * `document_send_opens` + bumps the cached aggregates on `document_sends`.
 								 *
 								 * Lookups are gated by `track_opens=true` on the send row, so a leaked
 								 * sendId for an untracked email is a no-op (the pixel still returns
 								 * 200/GIF so email clients don't surface a broken-image icon).
 								 *
 								 * Privacy: we deliberately don't store IP addresses or any data beyond
 								 * user-agent + referer. Apple Mail privacy proxy pre-fetches images, so
 								 * opens from iOS users are over-counted; image-blocking clients
 								 * (Outlook with images disabled) under-count. Standard email-tracking
 								 * caveats apply.
 								 */
 								// 1×1 transparent GIF, base64-encoded. Generated once at module-load so
 								// every request returns the same buffer without re-allocating.
 								const TRANSPARENT_GIF = Buffer.from(
 								  'R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7',
 								  'base64',
 								);
 								function gifResponse(): NextResponse {
 								  return new NextResponse(TRANSPARENT_GIF as unknown as BodyInit, {
 								    status: 200,
 								    headers: {
 								      'Content-Type': 'image/gif',
 								      'Content-Length': String(TRANSPARENT_GIF.length),
 								      // Tell every upstream cache to keep its hands off — we count opens
 								      // on the FETCH itself, so any cached response is a missed open.
 								      'Cache-Control': 'no-store, no-cache, must-revalidate, private',
 								      Pragma: 'no-cache',
 								      Expires: '0',
 								    },
 								  });
 								}
 								export async function GET(
 								  req: NextRequest,
 								  ctx: { params: Promise<{ sendId: string }> },
 								): Promise<NextResponse> {
 								  const { sendId } = await ctx.params;
 								  try {
 								    // Look up the send row; ignore unknown / un-tracked sends silently.
 								    const sendRow = await db.query.documentSends.findFirst({
 								      where: and(eq(documentSends.id, sendId), eq(documentSends.trackOpens, true)),
 								      columns: { id: true, portId: true, recipientEmail: true, documentKind: true },
 								    });
 								    if (!sendRow) return gifResponse();
 								    const userAgent = req.headers.get('user-agent');
 								    const referer = req.headers.get('referer');
 								    // Best-effort write — never block the pixel response on a slow DB.
 								    // The pixel must return promptly so email clients render normally.
 								    db.insert(documentSendOpens)
 								      .values({
 								        portId: sendRow.portId,
 								        sendId: sendRow.id,
 								        userAgent: userAgent ?? null,
 								        referer: referer ?? null,
 								      })
 								      .then(() =>
 								        db
 								          .update(documentSends)
 								          .set({
 								            openCount: sql`${documentSends.openCount} + 1`,
 								            firstOpenedAt: sql`COALESCE(${documentSends.firstOpenedAt}, NOW())`,
 								          })
 								          .where(eq(documentSends.id, sendRow.id)),
 								      )
 								      .catch((err) => {
 								        logger.warn({ err, sendId: sendRow.id }, 'email-pixel: failed to record open');
 								      });
 								    // Cross-post to Umami so the marketing funnel includes opens. Don't
 								    // await — fire-and-forget so the pixel response stays fast.
 								    trackEvent(
 								      sendRow.portId,
 								      'email-opened',
 								      {
 								        sendId: sendRow.id,
 								        documentKind: sendRow.documentKind,
 								      },
 								      'email://pixel',
 								    ).catch((err) => {
 								      logger.debug({ err, sendId: sendRow.id }, 'email-pixel: umami cross-post failed');
 								    });
 								    return gifResponse();
 								  } catch (err) {
 								    logger.warn({ err, sendId }, 'email-pixel: unexpected error');
 								    return gifResponse();
 								  }
 								}