Exclude anonymous users from metrics

N2D4 · N2D4 · commit c228e1c019a5 · 2025-08-27T11:38:47.000-07:00
diff --git a/apps/backend/src/app/api/latest/internal/metrics/route.tsx b/apps/backend/src/app/api/latest/internal/metrics/route.tsx
@@ -27,6 +27,7 @@ async function loadUsersByCountry(tenancy: Tenancy): Promise<Record<string, numb
         ON "Event"."endUserIpInfoGuessId" = eip.id
       WHERE '$user-activity' = ANY("systemEventTypeIds"::text[])
         AND "data"->>'projectId' = ${tenancy.project.id}
+        AND "data"->>'isAnonymous' != 'true'
         AND COALESCE("data"->>'branchId', 'main') = ${tenancy.branchId}
         AND "countryCode" IS NOT NULL
       ORDER BY "userId", "eventStartedAt" DESC
@@ -62,7 +63,9 @@ async function loadTotalUsers(tenancy: Tenancy, now: Date): Promise<DataPoints>
       SUM(COALESCE(COUNT(pu."projectUserId"), 0)) OVER (ORDER BY ds.registration_day) AS "cumUsers"
     FROM date_series ds
     LEFT JOIN ${sqlQuoteIdent(schema)}."ProjectUser" pu
-    ON DATE(pu."createdAt") = ds.registration_day AND pu."tenancyId" = ${tenancy.id}::UUID
+    ON DATE(pu."createdAt") = ds.registration_day 
+      AND pu."tenancyId" = ${tenancy.id}::UUID
+      AND pu."isAnonymous" = false
     GROUP BY ds.registration_day
     ORDER BY ds.registration_day
   `).map((x) => ({
@@ -84,7 +87,7 @@ async function loadDailyActiveUsers(tenancy: Tenancy, now: Date) {
     daily_users AS (
       SELECT
         DATE_TRUNC('day', "eventStartedAt") AS "day",
-        COUNT(DISTINCT "data"->'userId') AS "dau"
+        COUNT(DISTINCT CASE WHEN "data"->>'isAnonymous' = 'false' THEN "data"->'userId' ELSE NULL END) AS "dau"
       FROM "Event"
       WHERE "eventStartedAt" >= ${now}::date - INTERVAL '30 days'
         AND '$user-activity' = ANY("systemEventTypeIds"::text[])
@@ -143,6 +146,7 @@ async function loadRecentlyActiveUsers(tenancy: Tenancy): Promise<UsersCrud["Adm
         ) as rn
       FROM "Event"
       WHERE "data"->>'projectId' = ${tenancy.project.id}
+        AND "data"->>'isAnonymous' != 'true'
         AND COALESCE("data"->>'branchId', 'main') = ${tenancy.branchId}
         AND '$user-activity' = ANY("systemEventTypeIds"::text[])
     )
@@ -214,22 +218,23 @@ export const GET = createSmartRouteHandler({
       loginMethods
     ] = await Promise.all([
       prisma.projectUser.count({
-        where: { tenancyId: req.auth.tenancy.id, },
+        where: { tenancyId: req.auth.tenancy.id, isAnonymous: false },
       }),
       loadTotalUsers(req.auth.tenancy, now),
       loadDailyActiveUsers(req.auth.tenancy, now),
       loadUsersByCountry(req.auth.tenancy),
-      (await usersCrudHandlers.adminList({
+      usersCrudHandlers.adminList({
         tenancy: req.auth.tenancy,
         query: {
           order_by: 'signed_up_at',
           desc: "true",
           limit: 5,
+          include_anonymous: "false",
         },
         allowedErrorTypes: [
           KnownErrors.UserNotFound,
         ],
-      })).items,
+      }).then(res => res.items),
       loadRecentlyActiveUsers(req.auth.tenancy),
       loadLoginMethods(req.auth.tenancy),
     ] as const);
diff --git a/apps/backend/src/lib/events.tsx b/apps/backend/src/lib/events.tsx
@@ -1,7 +1,7 @@
 import withPostHog from "@/analytics";
 import { globalPrismaClient } from "@/prisma-client";
 import { runAsynchronouslyAndWaitUntil } from "@/utils/vercel";
-import { urlSchema, yupMixed, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
+import { urlSchema, yupBoolean, yupMixed, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { getEnvVariable, getNodeEnvironment } from "@stackframe/stack-shared/dist/utils/env";
 import { StackAssertionError, throwErr } from "@stackframe/stack-shared/dist/utils/errors";
 import { HTTP_METHODS } from "@stackframe/stack-shared/dist/utils/http";
@@ -49,6 +49,8 @@ const UserActivityEventType = {
     // old events of this type may not have a branchId field, so we default to the default branch ID
     branchId: yupString().defined().default(DEFAULT_BRANCH_ID),
     userId: yupString().uuid().defined(),
+    // old events of this type may not have an isAnonymous field, so we default to false
+    isAnonymous: yupBoolean().defined().default(false),
   }),
   inherits: [ProjectActivityEventType],
 } as const satisfies SystemEventTypeBase;
diff --git a/apps/backend/src/lib/tokens.tsx b/apps/backend/src/lib/tokens.tsx
@@ -116,21 +116,22 @@ export async function generateAccessToken(options: {
   userId: string,
   refreshTokenId: string,
 }) {
+  const user = await usersCrudHandlers.adminRead({
+    tenancy: options.tenancy,
+    user_id: options.userId,
+  });
+
   await logEvent(
     [SystemEventTypes.SessionActivity],
     {
       projectId: options.tenancy.project.id,
       branchId: options.tenancy.branchId,
       userId: options.userId,
       sessionId: options.refreshTokenId,
+      isAnonymous: user.is_anonymous,
     }
   );
 
-  const user = await usersCrudHandlers.adminRead({
-    tenancy: options.tenancy,
-    user_id: options.userId,
-  });
-
   return await signJWT({
     issuer: getIssuer(options.tenancy.project.id, user.is_anonymous),
     audience: getAudience(options.tenancy.project.id, user.is_anonymous),
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/internal-metrics.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/internal-metrics.test.ts
@@ -1,7 +1,17 @@
 import { wait } from "@stackframe/stack-shared/dist/utils/promises";
-import { it } from "../../../../helpers";
+import { expect } from "vitest";
+import { NiceResponse, it } from "../../../../helpers";
 import { Auth, InternalApiKey, Project, backendContext, createMailbox, niceBackendFetch } from "../../../backend-helpers";
 
+async function ensureAnonymousUsersAreStillExcluded(metricsResponse: NiceResponse) {
+  for (let i = 0; i < 2; i++) {
+    await Auth.Anonymous.signUp();
+  }
+  await wait(1000);
+  const response = await niceBackendFetch("/api/v1/internal/metrics", { accessType: 'admin' });
+  expect(response.body).toEqual(metricsResponse.body);
+}
+
 it("should return metrics data", async ({ expect }) => {
   await Project.createAndSwitch({
     config: {
@@ -13,6 +23,8 @@ it("should return metrics data", async ({ expect }) => {
 
   const response = await niceBackendFetch("/api/v1/internal/metrics", { accessType: 'admin' });
   expect(response).toMatchSnapshot(`metrics_result_no_users`);
+
+  await ensureAnonymousUsersAreStillExcluded(response);
 });
 
 it("should return metrics data with users", async ({ expect }) => {
@@ -54,6 +66,8 @@ it("should return metrics data with users", async ({ expect }) => {
 
   const response = await niceBackendFetch("/api/v1/internal/metrics", { accessType: 'admin' });
   expect(response).toMatchSnapshot();
+
+  await ensureAnonymousUsersAreStillExcluded(response);
 }, {
   timeout: 120_000,
 });
@@ -87,4 +101,134 @@ it("should not work for non-admins", async ({ expect }) => {
       },
     }
   `);
+
+  await ensureAnonymousUsersAreStillExcluded(response);
+});
+
+it("should exclude anonymous users from metrics", async ({ expect }) => {
+  await Project.createAndSwitch({
+    config: {
+      magic_link_enabled: true,
+    }
+  });
+
+  await InternalApiKey.createAndSetProjectKeys();
+
+  // Create 1 regular user
+  backendContext.set({ mailbox: createMailbox(), ipData: { country: "US", ipAddress: "127.0.0.1", city: "New York", region: "NY", latitude: 40.7128, longitude: -74.0060, tzIdentifier: "America/New_York" } });
+  await Auth.Otp.signIn();
+
+  // Store metrics so we can compare them later
+  const beforeMetrics = await niceBackendFetch("/api/v1/internal/metrics", { accessType: 'admin' });
+
+  // Create 2 anonymous users
+  for (let i = 0; i < 2; i++) {
+    await Auth.Anonymous.signUp();
+  }
+
+  await wait(1000);  // the event log is async, so let's give it some time to be written to the DB
+
+  const response = await niceBackendFetch("/api/v1/internal/metrics", { accessType: 'admin' });
+  expect(beforeMetrics.body).toEqual(response.body);
+
+  // Verify that total_users only counts the 1 regular user, not the anonymous ones
+  expect(response.body.total_users).toBe(1);
+
+  // Verify anonymous users don't appear in recently_registered
+  expect(response.body.recently_registered.length).toBe(1);
+  expect(response.body.recently_registered.every((user: any) => !user.is_anonymous)).toBe(true);
+
+  // Verify anonymous users don't appear in recently_active
+  expect(response.body.recently_active.every((user: any) => !user.is_anonymous)).toBe(true);
+
+  // Verify anonymous users aren't counted in daily_users
+  const lastDayUsers = response.body.daily_users[response.body.daily_users.length - 1];
+  expect(lastDayUsers.activity).toBe(1);
+
+  // Verify users_by_country only includes regular users
+  expect(response.body.users_by_country["US"]).toBe(1);
+
+  await ensureAnonymousUsersAreStillExcluded(response);
+});
+
+it("should handle anonymous users with activity correctly", async ({ expect }) => {
+  await Project.createAndSwitch({
+    config: {
+      magic_link_enabled: true,
+    }
+  });
+
+  await InternalApiKey.createAndSetProjectKeys();
+
+  // Create 1 regular user with activity
+  const regularMailbox = createMailbox();
+  backendContext.set({ mailbox: regularMailbox, ipData: { country: "CA", ipAddress: "127.0.0.1", city: "Toronto", region: "ON", latitude: 43.6532, longitude: -79.3832, tzIdentifier: "America/Toronto" } });
+  await Auth.Otp.signIn();
+
+  // Generate some activity for regular user
+  await niceBackendFetch("/api/v1/users/me", { accessType: 'client' });
+
+  // Create 3 anonymous users with activity
+  for (let i = 0; i < 3; i++) {
+    await Auth.Anonymous.signUp();
+  }
+
+  await wait(3000);  // the event log is async, so let's give it some time to be written to the DB
+
+  const response = await niceBackendFetch("/api/v1/internal/metrics", { accessType: 'admin' });
+
+  // Should only count 1 regular user
+  expect(response.body.total_users).toBe(1);
+
+  // Daily active users should only count regular users
+  const todayDAU = response.body.daily_active_users[response.body.daily_active_users.length - 1];
+  expect(todayDAU.activity).toBe(1);
+
+  // Users by country should only count regular users
+  expect(response.body.users_by_country["CA"]).toBe(1);
+  expect(response.body.users_by_country["US"]).toBeUndefined();
+
+  await ensureAnonymousUsersAreStillExcluded(response);
+});
+
+it("should handle mixed auth methods excluding anonymous users", async ({ expect }) => {
+  await Project.createAndSwitch({
+    config: {
+      magic_link_enabled: true,
+      credential_enabled: true,
+    }
+  });
+
+  await InternalApiKey.createAndSetProjectKeys();
+
+  // Create users with different auth methods
+  const regularMailbox = createMailbox();
+
+  // Regular user with OTP
+  backendContext.set({ mailbox: regularMailbox });
+  await Auth.Otp.signIn();
+
+  // Regular user with password
+  const passwordMailbox = createMailbox();
+  backendContext.set({ mailbox: passwordMailbox });
+  await Auth.Password.signUpWithEmail({ password: "test1234" });
+
+  // Anonymous users (should not be counted)
+  for (let i = 0; i < 5; i++) {
+    await Auth.Anonymous.signUp();
+  }
+
+  await wait(3000);
+
+  const response = await niceBackendFetch("/api/v1/internal/metrics", { accessType: 'admin' });
+
+  // Should only count 2 regular users
+  expect(response.body.total_users).toBe(2);
+
+  // Login methods should only count regular users' methods
+  const loginMethods = response.body.login_methods;
+  const totalMethodCount = loginMethods.reduce((sum: number, method: any) => sum + method.count, 0);
+  expect(totalMethodCount).toBe(2); // 1 OTP + 1 password, no anonymous
+
+  await ensureAnonymousUsersAreStillExcluded(response);
 });
diff --git a/apps/e2e/tests/helpers.ts b/apps/e2e/tests/helpers.ts
@@ -182,7 +182,7 @@ export async function niceFetch(url: string | URL, options?: NiceRequestInit): P
   let body;
   if (fetchRes.headers.get("content-type")?.includes("application/json")) {
     body = await fetchRes.json();
-  } else if (fetchRes.headers.get("content-type")?.includes("text")) {
+  } else if (fetchRes.headers.get("content-type")?.startsWith("text/")) {
     body = await fetchRes.text();
   } else {
     body = await fetchRes.arrayBuffer();
diff --git a/packages/stack-shared/src/utils/strings.tsx b/packages/stack-shared/src/utils/strings.tsx
@@ -575,6 +575,9 @@ export function nicify(
       if (ArrayBuffer.isView(value)) {
         return `${value.constructor.name}([${value.toString()}])`;
       }
+      if (value instanceof ArrayBuffer) {
+        return `ArrayBuffer [${new Uint8Array(value).toString()}]`;
+      }
       if (value instanceof Error) {
         let stack = value.stack ?? "";
         const toString = value.toString();
