move to internal api

Author: audisaudisaudis

src/app/_common/fastApiTracking.ts

@@ -0,0 +1,43 @@
+"use client";
+
+import { useEffect } from "react";
+import { CookieBannerUtils } from "@navikt/arbeidsplassen-react";
+import { usePathname, useSearchParams } from "next/navigation";
+
+export function FastApiTracker(): null {
+    const pathname = usePathname();
+    const searchParams = useSearchParams();
+
+    useEffect(() => {
+        const trackPageView = async () => {
+            try {
+                const userActionTaken: boolean = CookieBannerUtils.getUserActionTakenValue(document.cookie);
+                const hasCookieConsent: { analyticsConsent: boolean } = CookieBannerUtils.getConsentValues(
+                    document.cookie,
+                );
+                const eventName: string = userActionTaken
+                    ? hasCookieConsent.analyticsConsent
+                        ? "accepted"
+                        : "not-accepted"
+                    : "no-action";
+
+                await fetch("/stillinger/api/internal/fastapi", {
+                    method: "POST",
+                    headers: { "Content-Type": "application/json" },
+                    body: JSON.stringify({
+                        url_host: window.location.host,
+                        url_path: pathname,
+                        url_query: searchParams.toString(),
+                        event_name: eventName,
+                    }),
+                });
+            } catch (err) {
+                console.error("An error occurred sending event to API route:", err);
+            }
+        };
+
+        trackPageView();
+    }, [pathname, searchParams]);
+
+    return null;
+}

src/app/layout.tsx

@@ -17,6 +17,7 @@ import { defaultMetadataDescription, defaultOpenGraphImage, getMetadataTitle } f
 import App from "./App";
 import Providers from "./Providers";
 import { CookieBannerUtils } from "@navikt/arbeidsplassen-react";
+import { FastApiTracker } from "@/app/_common/fastApiTracking";
 
 export async function generateMetadata(): Promise<Metadata> {
     return {
@@ -55,6 +56,7 @@ export default async function RootLayout({ children }: RootLayoutProps): Promise
             <body data-theme="arbeidsplassen" className={localFont.className}>
                 <Providers userPreferences={await actions.getUserPreferences()}>
                     <App userActionTaken={userActionTaken}>{children}</App>
+                    <FastApiTracker />
                 </Providers>
             </body>
         </html>

src/app/stillinger/api/internal/fastapi/route.ts

@@ -0,0 +1,44 @@
+import { NextRequest, NextResponse } from "next/server";
+
+const FAST_API_APP_ID_PROD = "41fb84fd-4ff3-43f4-b7e0-d84444fb2f91";
+const FAST_API_APP_ID_DEV = "501ec40e-4010-4cb4-ad13-61ab529dd765";
+
+export async function POST(req: NextRequest) {
+    const allowedOrigins = ["https://arbeidsplassen.intern.dev.nav.no", "https://arbeidsplassen.nav.no"];
+
+    const origin = req.headers.get("origin");
+    if (!origin || !allowedOrigins.includes(origin)) {
+        return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+    }
+
+    try {
+        const { url_host, url_path, url_query, event_name } = await req.json();
+
+        const appId = process.env.NODE_ENV === "production" ? FAST_API_APP_ID_PROD : FAST_API_APP_ID_DEV;
+
+        if (!appId) {
+            return NextResponse.json({ error: "Missing API ID" }, { status: 500 });
+        }
+
+        const response = await fetch("https://fastapi.nav.no/api/send", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+                app_id: appId,
+                url_host,
+                url_path,
+                url_query,
+                event_name,
+            }),
+        });
+
+        if (!response.ok) {
+            throw new Error("Failed to send event to Fast API");
+        }
+
+        return NextResponse.json({ success: true });
+    } catch (err) {
+        console.error("Fast API Server Error:", err);
+        return NextResponse.json({ error: "Internal Server Error" }, { status: 500 });
+    }
+}

src/middleware.ts

@@ -3,7 +3,6 @@ import { getCallId, NAV_CALL_ID_TAG } from "@/app/stillinger/_common/monitoring/
 import { getSessionId, SESSION_ID_TAG } from "@/app/stillinger/_common/monitoring/session";
 import { CURRENT_VERSION, migrateSearchParams } from "@/app/stillinger/(sok)/_utils/versioning/searchParamsVersioning";
 import { QueryNames } from "@/app/stillinger/(sok)/_utils/QueryNames";
-import { CookieBannerUtils } from "@navikt/arbeidsplassen-react";
 
 /*
  * Match all request paths except for the ones starting with:
@@ -13,18 +12,11 @@ import { CookieBannerUtils } from "@navikt/arbeidsplassen-react";
  * Source: https://nextjs.org/docs/pages/building-your-application/configuring/content-security-policy
  */
 const CSP_HEADER_MATCH = /^\/((?!api|_next\/static|favicon.ico).*)$/;
-const FAST_API_HEADER_MATCH = /^\/((?!.*api.*|_next\/static|favicon.ico).*)$/;
-const FAST_API_APP_ID_PROD = "41fb84fd-4ff3-43f4-b7e0-d84444fb2f91";
-const FAST_API_APP_ID_DEV = "501ec40e-4010-4cb4-ad13-61ab529dd765";
 
 function shouldAddCspHeaders(request: NextRequest) {
     return new RegExp(CSP_HEADER_MATCH).exec(request.nextUrl.pathname);
 }
 
-function shouldLogToFastApi(request: NextRequest) {
-    return new RegExp(FAST_API_HEADER_MATCH).exec(request.nextUrl.pathname);
-}
-
 function addCspHeaders(requestHeaders: Headers, responseHeaders: Headers) {
     const nonce = Buffer.from(crypto.randomUUID()).toString("base64");
     const cspHeader = `
@@ -43,7 +35,7 @@ function addCspHeaders(requestHeaders: Headers, responseHeaders: Headers) {
             frame-src 'self';
             block-all-mixed-content;
             ${process.env.NODE_ENV === "production" ? "upgrade-insecure-requests;" : ""};
-            connect-src 'self' https://sentry.gc.nav.no umami.nav.no;
+            connect-src 'self' https://sentry.gc.nav.no umami.nav.no https://fastapi.nav.no;
     `;
 
     // Replace newline characters and spaces
@@ -63,47 +55,6 @@ function addSessionIdHeader(requestHeaders: Headers) {
     requestHeaders.set(SESSION_ID_TAG, getSessionId());
 }
 
-function logCookieValueToFastApi(request: NextRequest) {
-    const pathname = request.nextUrl.pathname;
-    const appId = process.env.NODE_ENV === "production" ? FAST_API_APP_ID_PROD : FAST_API_APP_ID_DEV;
-
-    if (!/\.[a-zA-Z0-9]+$/.test(pathname)) {
-        try {
-            const userActionTaken = CookieBannerUtils.getUserActionTakenValue(request.cookies?.toString());
-            const hasCookieConsent = CookieBannerUtils.getConsentValues(request.cookies?.toString());
-            let eventName = "";
-
-            if (!userActionTaken) {
-                eventName = "no-action";
-            } else {
-                if (hasCookieConsent.analyticsConsent) {
-                    eventName = "accepted";
-                } else {
-                    eventName = "not-accepted";
-                }
-            }
-
-            // Fire & Forget API Call (Non-blocking) + Log Response
-            fetch("https://fastapi.nav.no/api/send", {
-                method: "POST",
-                headers: { "Content-Type": "application/json" },
-                body: JSON.stringify({
-                    app_id: appId,
-                    url_host: request.nextUrl.host,
-                    url_path: pathname,
-                    url_query: request.nextUrl.search,
-                    event_name: eventName,
-                }),
-            })
-                .then((response) => response.text())
-                .then((data) => console.log("Event sent successfully to Fast API:", data))
-                .catch((err) => console.error("Failed to send event to Fast API:", err));
-        } catch (err) {
-            console.error("An error occured sending event to Fast API:", err);
-        }
-    }
-}
-
 const PUBLIC_FILE = /\.(.*)$/;
 
 // Due to limitations in the edge runtime, we can't use the prom-client library to track metrics directly here.
@@ -134,10 +85,6 @@ export function middleware(request: NextRequest) {
         addCspHeaders(requestHeaders, responseHeaders);
     }
 
-    if (shouldLogToFastApi(request)) {
-        logCookieValueToFastApi(request);
-    }
-
     addCallIdHeader(requestHeaders);
     addSessionIdHeader(requestHeaders);