Chore: Pass signed user_hash to Intercom via Rudderstack (#63921)

* move analytics identifiers to backend * implement hash function * grab secret from env * expose and retrieve intercom secret from config * concat email with appUrl to ensure uniqueness * revert to just using email * Revert "revert to just using email" This reverts commit 8f10f9b1bc. * add docstring
2025-02-25 18:55:37 -06:00 · 2023-03-03 14:39:53 +00:00
parent fed59b1d43
commit d61bcdf4ca
15 changed files with 89 additions and 66 deletions
--- a/pkg/services/user/userimpl/store.go
+++ b/pkg/services/user/userimpl/store.go
@@ -432,6 +432,8 @@ func (ss *sqlStore) GetSignedInUser(ctx context.Context, query *user.GetSignedIn
 		if signedInUser.ExternalAuthModule != "oauth_grafana_com" {
 			signedInUser.ExternalAuthID = ""
 		}
+
+		signedInUser.Analytics = buildUserAnalyticsSettings(signedInUser, ss.cfg.IntercomSecret)
 		return nil
 	})
 	return &signedInUser, err
--- a/pkg/services/user/userimpl/user.go
+++ b/pkg/services/user/userimpl/user.go
@@ -2,6 +2,9 @@ package userimpl

 import (
 	"context"
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -560,3 +563,25 @@ func (s *Service) supportBundleCollector() supportbundles.Collector {
 		Fn:                collectorFn,
 	}
 }
+
+func hashUserIdentifier(identifier string, secret string) string {
+	key := []byte(secret)
+	h := hmac.New(sha256.New, key)
+	h.Write([]byte(identifier))
+	return hex.EncodeToString(h.Sum(nil))
+}
+
+func buildUserAnalyticsSettings(signedInUser user.SignedInUser, intercomSecret string) user.AnalyticsSettings {
+	var settings user.AnalyticsSettings
+
+	if signedInUser.ExternalAuthID != "" {
+		settings.Identifier = signedInUser.ExternalAuthID
+	} else {
+		settings.Identifier = signedInUser.Email + "@" + setting.AppUrl
+	}
+
+	if intercomSecret != "" {
+		settings.IntercomIdentifier = hashUserIdentifier(settings.Identifier, intercomSecret)
+	}
+	return settings
+}