Description:
The /api/analytics/overview endpoint computes unique viewer count via:
const uniqueViewersQuery = await app.prisma.cardView.groupBy({
by: ['viewerId', 'viewerIp'],
where: { ownerId: userId },
});
const uniqueViewers = uniqueViewersQuery.length;Grouping by the composite key (viewerId, viewerIp) means a single authenticated viewer who visits from two different IP addresses generates two group rows, and an anonymous viewer (viewerId = null) with three different IPs generates three rows — all counted as separate unique viewers. The result can massively overcount uniqueness, especially for anonymous visitors where viewerId is null and viewerIp varies (mobile networks, VPNs, proxies).
The comment in the code even acknowledges that the correct query is COUNT(DISTINCT viewer_id), but the implemented workaround does not actually approximate that.
Affected file: apps/backend/src/routes/analytics.ts (lines 72–78)
Steps to reproduce:
- A logged-in viewer visits a profile from two different network connections (two IPs).
uniqueViewers returns 2 for that single viewer.- Ten anonymous web scrapers visiting from different IPs each increment the counter by 1, regardless of whether they are the same agent.
Description:
The
/api/analytics/overviewendpoint computes unique viewer count via:Grouping by the composite key
(viewerId, viewerIp)means a single authenticated viewer who visits from two different IP addresses generates two group rows, and an anonymous viewer (viewerId = null) with three different IPs generates three rows — all counted as separate unique viewers. The result can massively overcount uniqueness, especially for anonymous visitors whereviewerIdisnullandviewerIpvaries (mobile networks, VPNs, proxies).The comment in the code even acknowledges that the correct query is
COUNT(DISTINCT viewer_id), but the implemented workaround does not actually approximate that.Affected file:
apps/backend/src/routes/analytics.ts(lines 72–78)Steps to reproduce:
uniqueViewersreturns 2 for that single viewer.