Skip to content

Track marketing notification opens#6067

Open
peachbits wants to merge 2 commits into
developfrom
matthew/marketing-push-tracking
Open

Track marketing notification opens#6067
peachbits wants to merge 2 commits into
developfrom
matthew/marketing-push-tracking

Conversation

@peachbits

@peachbits peachbits commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

CHANGELOG

Does this branch warrant an entry to the CHANGELOG?

  • Yes
  • No

Dependencies

none

Requirements

If you have made any visual changes to the GUI. Make sure you have:

  • Tested on iOS device
  • Tested on Android device
  • Tested on small-screen device (iPod Touch)
  • Tested on large-screen device (tablet)

No visual changes — this is push-payload parsing plus navigation/analytics, no new UI.

Description

Recognizes a marketing push notification and, when the user opens the app from it, reports the campaign open to analytics and navigates to an optional deep link.

  • parsePushMessage now recognizes a { type: 'marketing', campaignId, url? } FCM data payload and returns a new MarketingLink deep-link type. An unrecognized or malformed url degrades to track-only.
  • On open (background tap or cold start), the deep-link handler dispatches a Marketing_Notification_Opened PostHog event carrying the campaignId, then navigates to the optional deep link through the existing handler.
  • Adds a PushMessageParser unit test.

Verified with the unit test and end-to-end on a real Android device against a local push server: the open was tracked in PostHog and the deep link navigated.

The sending side lives in edge-push-server (companion PR EdgeApp/edge-push-server#78). This PR is the receiving side and is safe to merge on its own — it only acts on notifications that carry the marketing payload.


Note

Low Risk
Opt-in behavior on a new FCM payload type; analytics plus optional navigation with defensive fallbacks—no auth, payments, or existing push flows altered beyond additive marketing handling.

Overview
Adds end-to-end handling when a user opens the app from a marketing FCM push: the payload { type: 'marketing', campaignId, url? } is turned into a new MarketingLink deep-link type, analytics records Marketing_Notification_Opened with campaignId, and an optional url is parsed for navigation through the existing deep-link handler (same pattern as affiliate links).

parsePushMessage now recognizes marketing data after price-change handling. Recognized Edge URLs become a nested link; unknown or malformed URLs (including other from lenient parsing) and parse errors degrade to track-only so opens are still counted. Price-change parsing is unchanged.

Adds PushMessageParser unit tests and a campaignId tracking field for the new event.

Reviewed by Cursor Bugbot for commit b4eafc8. Bugbot is set up for automated code reviews on this repo. Configure here.

peachbits added 2 commits July 1, 2026 12:10
Recognize a marketing push payload (type 'marketing' with a campaignId and
optional deep-link url) in parsePushMessage. When the user opens the app from
one, report a Marketing_Notification_Opened event carrying the campaignId to
analytics, and navigate to the deep link when present. Unrecognized or
malformed urls degrade to track-only. Includes a parser unit test.
// Only navigate for a recognized Edge deep link. `parseDeepLink` is
// lenient and returns an `other` link for anything it does not know, so
// an unrecognized or malformed URL degrades to track-only.
if (parsed.type !== 'other') link = parsed

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Agentic Security Review
Severity: MEDIUM

The marketing push path accepts any recognized deep link type from message.data.url and forwards it into the shared deep-link dispatcher. This means a marketing payload is not constrained to benign campaign destinations and can invoke broader in-app actions.

Impact: A compromised or misconfigured campaign sender could cause notification opens to trigger higher-risk flows (for example auth/session or internal navigation handlers) instead of only safe marketing navigation.

Fix in Cursor Fix in Web

Reviewed by Cursor Security Reviewer for commit b4eafc8. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant