aggressive data collection :PP

This commit is contained in:
Heidi
2026-05-14 22:52:33 +01:00
parent 98f374a300
commit ef10da8b0b
6 changed files with 735 additions and 34 deletions
+25
View File
@@ -8,6 +8,7 @@ Routes:
- `/teams` TSS team leaderboard
- `/teams/:teamname` generated team profile with roster, summary, rating history, and battle results
- `/battle-logs` Battle Logs
- `/viewers` public consented viewer analytics dashboard
## Local development
@@ -83,6 +84,30 @@ UPTIME_HISTORY_LIMIT=336
The server creates the storage folder, SQLite database, and `uptime_snapshots`
table automatically.
## Viewer analytics
The site shows a GDPR-style consent banner before analytics start. If a visitor
allows analytics, the browser sends page-view and heartbeat events to
`POST /api/viewers/event`. The public `/viewers` page reads `GET /api/viewers`
and shows active pages, client/browser information, 24-hour page totals, and
top pages.
Viewer analytics are stored in SQLite under the same `UPTIME_STORAGE_DIR` by
default. Raw IP addresses are not stored in the public response; the server
stores a salted IP hash for deduplication and abuse review. Set a unique salt in
production:
```sh
ANALYTICS_DATABASE_FILE=viewers.sqlite
ANALYTICS_RETENTION_DAYS=30
ANALYTICS_ACTIVE_WINDOW_SECONDS=75
ANALYTICS_SALT=replace-with-a-random-secret
```
This is an implementation aid, not legal advice. For production GDPR compliance,
publish a privacy notice that matches the configured retention period and data
fields, and make sure the configured salt is secret.
## GitHub webhook
The webhook process listens on port `3011` at `/github`. Configure GitHub to send