Skip to content

feat: add HMAC-authenticated analytics API endpoints #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ceyvibes merged 1 commit into from
Mar 31, 2026
+776 −8
Merged

feat: add HMAC-authenticated analytics API endpoints #63

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,10 @@ LightningTipBot
LightningTipBot.exe
BitcoinDeepaBot
test_pay_api.sh
ANALYTICS_API.md
.gitignore
ANALYTICS_QUICKSTART.md

.DS_Store
.claude/settings.local.json
analytics_requirements.txt
analytics_export.py
analytics_requirements.txt
ANALYTICS_API.md
ANALYTICS_QUICKSTART.md
Comment on lines +13 to +15
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check if analytics documentation files exist and preview their content

echo "=== Checking for analytics documentation files ==="
for file in ANALYTICS_API.md ANALYTICS_QUICKSTART.md; do
  if [ -f "$file" ]; then
    echo -e "\n📄 Found: $file"
    echo "Size: $(wc -l < "$file") lines"
    echo "First 10 lines:"
    head -n 10 "$file"
  else
    echo -e "\n❌ Not found: $file"
  fi
done

Repository: CeyLabs/BitcoinDeepaBot

Length of output: 186

🏁 Script executed:

# Search for any references to analytics documentation
rg -i "ANALYTICS_API|ANALYTICS_QUICKSTART" --type md --type txt --type py

Repository: CeyLabs/BitcoinDeepaBot

Length of output: 49

🏁 Script executed:

# Check if there are other analytics-related files
fd "analytics" -i

Repository: CeyLabs/BitcoinDeepaBot

Length of output: 92

🏁 Script executed:

# Check the git diff for the .gitignore change to understand context
git diff HEAD -- .gitignore

Repository: CeyLabs/BitcoinDeepaBot

Length of output: 49

🏁 Script executed:

# Check the analytics.go file to understand what it does
head -n 50 internal/api/analytics.go

Repository: CeyLabs/BitcoinDeepaBot

Length of output: 1828

🏁 Script executed:

# Search for any existing API documentation patterns
fd "\.md$" | head -20

Repository: CeyLabs/BitcoinDeepaBot

Length of output: 99

🏁 Script executed:

# Check if there's a docs directory or README with API documentation
find . -type f \( -name "README*" -o -name "CONTRIBUTING*" -o -name "API*" \) | head -20

Repository: CeyLabs/BitcoinDeepaBot

Length of output: 103

🏁 Script executed:

# Check the main README for API documentation
cat README.md

Repository: CeyLabs/BitcoinDeepaBot

Length of output: 7939

🏁 Script executed:

# Check the .gitignore context - look at the full file to understand the pattern
cat .gitignore

Repository: CeyLabs/BitcoinDeepaBot

Length of output: 312

🏁 Script executed:

# Check if API_SEND_DOCUMENTATION.md exists (referenced in README)
ls -la API_SEND_DOCUMENTATION.md 2>/dev/null || echo "File not found"

Repository: CeyLabs/BitcoinDeepaBot

Length of output: 81

🏁 Script executed:

# Check git history to understand when these entries were added
git log --oneline -S "ANALYTICS_API.md" -- .gitignore

Repository: CeyLabs/BitcoinDeepaBot

Length of output: 146

Remove unnecessary .gitignore entries for non-existent analytics documentation files.

ANALYTICS_API.md and ANALYTICS_QUICKSTART.md do not exist in the repository and are not referenced anywhere in the codebase. The .gitignore entries for these files appear to be preventative but serve no current purpose.

Either:

  • Remove these .gitignore entries if documentation is not planned, or
  • Create and commit these documentation files if they should document the new analytics API endpoints

If these files are intended as documentation for the analytics functionality in internal/api/analytics.go, they should be tracked in version control.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.gitignore around lines 13 - 15, The .gitignore currently lists
ANALYTICS_API.md and ANALYTICS_QUICKSTART.md even though those files do not
exist; either remove those two entries from .gitignore or add and commit the
corresponding documentation files (e.g., ANALYTICS_API.md and
ANALYTICS_QUICKSTART.md) documenting the analytics endpoints referenced in
internal/api/analytics.go so they are tracked; update the repo accordingly and
ensure references in internal/api/analytics.go (if any) point to the committed
docs.

17 changes: 16 additions & 1 deletion config.yaml.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,23 @@ generate:
nostr:
private_key: "hex private key here"

# API Send Configuration
# API Configuration
api:
# Analytics API - HMAC authenticated endpoints for data export
# Generate secrets with: openssl rand -hex 32
analytics:
enabled: true
timestamp_tolerance: 300 # seconds (5 minutes)
api_keys:
data-team:
name: "Data Team"
hmac_secret: "your-analytics-hmac-secret-here"
Comment on lines +44 to +49
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

The sample analytics config disables itself as written.

internal/config.go rejects analytics secrets shorter than 32 chars, so this example plus enabled: true will log an error and skip route registration. At minimum, default the example to disabled until a real secret is generated.

Suggested fix 
-    enabled: true
+    enabled: false
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
enabled: true
timestamp_tolerance: 300 # seconds (5 minutes)
api_keys:
data-team:
name: "Data Team"
hmac_secret: "your-analytics-hmac-secret-here"
enabled: false
timestamp_tolerance: 300 # seconds (5 minutes)
api_keys:
data-team:
name: "Data Team"
hmac_secret: "your-analytics-hmac-secret-here"
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@config.yaml.example` around lines 44 - 49, The sample analytics config uses
enabled: true but provides hmac_secret too short for the validation in
internal/config.go (which rejects secrets < 32 chars), causing an error and
skipped route registration; change the example to enabled: false (or provide a
placeholder secret >= 32 characters) and add a comment explaining that analytics
must be explicitly enabled only after generating a 32+ char HMAC secret so
internal/config.go will accept the api_keys -> data-team -> hmac_secret value.

# Add more keys for different consumers:
# dashboard:
# name: "Internal Dashboard"
# hmac_secret: "another-secure-secret-here"

# Send API - wallet-based HMAC authenticated endpoints
send:
enabled: true
internal_network: "10.0.0.0/24"
Expand Down
Loading
Loading