feat(analytics): add automatic auth event tracking via shared-auth

Add inline Umami tracking to @manacore/shared-auth authService for login, signup, logout, SSO, and social auth events. Tracks both success and failure with auth method metadata. This automatically covers all web apps without any per-app code changes. No-ops silently in environments without Umami (mobile, SSR). Tracked events: login, login_failed, signup, signup_failed, logout, password_reset_requested (with method: email/google/apple/sso) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-14 20:41:09 +02:00 · 2026-03-22 18:44:03 +01:00 · 2026-03-22 18:44:03 +01:00 · f043db2b05
commit f043db2b05
parent 2c26fce736
2 changed files with 44 additions and 2 deletions
--- a/docs/ANALYTICS.md
+++ b/docs/ANALYTICS.md
@ -67,6 +67,23 @@ injectUmamiAnalytics(html)    → <script defer src="stats.mana.how/script.js" d

 ---

+## Automatisches Auth-Tracking
+
+Auth-Events werden automatisch in `@manacore/shared-auth` getrackt (alle Web-Apps):
+
+| Event | Wann | Data |
+|-------|------|------|
+| `login` | Erfolgreicher Login | `{ method: 'email' \| 'google' \| 'apple' \| 'sso' }` |
+| `login_failed` | Login fehlgeschlagen | `{ method: 'email' \| 'google' \| 'apple' }` |
+| `signup` | Erfolgreiche Registrierung | `{ method: 'email' }` |
+| `signup_failed` | Registrierung fehlgeschlagen | `{ method: 'email' }` |
+| `logout` | Benutzer hat sich abgemeldet | - |
+| `password_reset_requested` | Passwort-Reset angefragt | - |
+
+Diese Events erfordern **keinen Code in den einzelnen Apps** — sie werden automatisch vom shared Auth-Service ausgelöst.
+
+---
+
 ## Custom Event Tracking

 ### Installation
--- a/packages/shared-auth/src/core/authService.ts
+++ b/packages/shared-auth/src/core/authService.ts
@ -20,6 +20,20 @@ import {
 	getAppSettings as getAppSettingsFromToken,
 } from './jwtUtils';

+/**
+ * Inline analytics helper - tracks auth events via Umami if available.
+ * No-ops silently in environments without Umami (mobile, SSR, dev).
+ */
+function trackAuth(event: string, data?: Record<string, string | number | boolean>): void {
+	if (typeof window !== 'undefined' && (window as any).umami?.track) {
+		try {
+			(window as any).umami.track(event, data);
+		} catch {
+			// Silently ignore tracking errors
+		}
+	}
+}
+
 /**
 * Default storage keys
 */
@ -108,9 +122,11 @@ export function createAuthService(config: AuthServiceConfig) {
 					// SSO cookie is nice-to-have, don't fail login if this fails
 				}

+				trackAuth('login', { method: 'email' });
 				return { success: true };
 			} catch (error) {
 				console.error('Error signing in:', error);
+				trackAuth('login_failed', { method: 'email' });
 				return {
 					success: false,
 					error: error instanceof Error ? error.message : 'Unknown error during sign in',
@ -154,9 +170,11 @@ export function createAuthService(config: AuthServiceConfig) {

 				// Mana Core Auth returns user data immediately on registration
 				// User needs to sign in separately to get tokens
+				trackAuth('signup', { method: 'email' });
 				return { success: true, needsVerification: false };
 			} catch (error) {
 				console.error('Error signing up:', error);
+				trackAuth('signup_failed', { method: 'email' });
 				return {
 					success: false,
 					error: error instanceof Error ? error.message : 'Unknown error during sign up',
@ -180,6 +198,7 @@ export function createAuthService(config: AuthServiceConfig) {
 					}).catch((err) => console.error('Error logging out on server:', err));
 				}

+				trackAuth('logout');
 				await service.clearAuthStorage();
 			} catch (error) {
 				console.error('Error signing out:', error);
@ -209,6 +228,7 @@ export function createAuthService(config: AuthServiceConfig) {
 					return { success: false, error: errorData.message || 'Password reset failed' };
 				}

+				trackAuth('password_reset_requested');
 				return { success: true };
 			} catch (error) {
 				console.error('Error sending password reset email:', error);
@ -344,14 +364,18 @@ export function createAuthService(config: AuthServiceConfig) {
 		 * Sign in with Google
 		 */
 		async signInWithGoogle(idToken: string): Promise<AuthResult> {
-			return service.signInWithSocial(idToken, endpoints.googleSignIn);
+			const result = await service.signInWithSocial(idToken, endpoints.googleSignIn);
+			trackAuth(result.success ? 'login' : 'login_failed', { method: 'google' });
+			return result;
 		},

 		/**
 		 * Sign in with Apple
 		 */
 		async signInWithApple(identityToken: string): Promise<AuthResult> {
-			return service.signInWithSocial(identityToken, endpoints.appleSignIn);
+			const result = await service.signInWithSocial(identityToken, endpoints.appleSignIn);
+			trackAuth(result.success ? 'login' : 'login_failed', { method: 'apple' });
+			return result;
 		},

 		/**
@ -693,6 +717,7 @@ export function createAuthService(config: AuthServiceConfig) {
 				]);

 				console.log('SSO: Successfully authenticated via session cookie');
+				trackAuth('login', { method: 'sso' });
 				return { success: true };
 			} catch (error) {
 				// SSO failed - this is expected if user hasn't logged in anywhere