@alannxd/baileys 6.0.6 → 6.0.9

package/lib/Utils/noise-handler.js

@@ -1,74 +1,131 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.makeNoiseHandler = void 0;
-const boom_1 = require("@hapi/boom");
-const WAProto_1 = require("../../WAProto");
-const Defaults_1 = require("../Defaults");
-const WABinary_1 = require("../WABinary");
-const crypto_1 = require("./crypto");
+import { Boom } from '@hapi/boom';
+import { proto } from '../../WAProto/index.js';
+import { NOISE_MODE, WA_CERT_DETAILS } from '../Defaults/index.js';
+import { decodeBinaryNode } from '../WABinary/index.js';
+import { aesDecryptGCM, aesEncryptGCM, Curve, hkdf, sha256 } from './crypto.js';
+const IV_LENGTH = 12;
+const EMPTY_BUFFER = Buffer.alloc(0);
 const generateIV = (counter) => {
-    const iv = new ArrayBuffer(12);
+    const iv = new ArrayBuffer(IV_LENGTH);
     new DataView(iv).setUint32(8, counter);
     return new Uint8Array(iv);
 };
-const makeNoiseHandler = ({ keyPair: { private: privateKey, public: publicKey }, NOISE_HEADER, mobile, logger, routingInfo }) => {
+class TransportState {
+    constructor(encKey, decKey) {
+        this.encKey = encKey;
+        this.decKey = decKey;
+        this.readCounter = 0;
+        this.writeCounter = 0;
+        this.iv = new Uint8Array(IV_LENGTH);
+    }
+    encrypt(plaintext) {
+        const c = this.writeCounter++;
+        this.iv[8] = (c >>> 24) & 0xff;
+        this.iv[9] = (c >>> 16) & 0xff;
+        this.iv[10] = (c >>> 8) & 0xff;
+        this.iv[11] = c & 0xff;
+        return aesEncryptGCM(plaintext, this.encKey, this.iv, EMPTY_BUFFER);
+    }
+    decrypt(ciphertext) {
+        const c = this.readCounter++;
+        this.iv[8] = (c >>> 24) & 0xff;
+        this.iv[9] = (c >>> 16) & 0xff;
+        this.iv[10] = (c >>> 8) & 0xff;
+        this.iv[11] = c & 0xff;
+        return aesDecryptGCM(ciphertext, this.decKey, this.iv, EMPTY_BUFFER);
+    }
+}
+export const makeNoiseHandler = ({ keyPair: { private: privateKey, public: publicKey }, NOISE_HEADER, logger, routingInfo }) => {
     logger = logger.child({ class: 'ns' });
+    const data = Buffer.from(NOISE_MODE);
+    let hash = data.byteLength === 32 ? data : sha256(data);
+    let salt = hash;
+    let encKey = hash;
+    let decKey = hash;
+    let counter = 0;
+    let sentIntro = false;
+    let inBytes = Buffer.alloc(0);
+    let transport = null;
+    let isWaitingForTransport = false;
+    let pendingOnFrame = null;
+    let introHeader;
+    if (routingInfo) {
+        introHeader = Buffer.alloc(7 + routingInfo.byteLength + NOISE_HEADER.length);
+        introHeader.write('ED', 0, 'utf8');
+        introHeader.writeUint8(0, 2);
+        introHeader.writeUint8(1, 3);
+        introHeader.writeUint8(routingInfo.byteLength >> 16, 4);
+        introHeader.writeUint16BE(routingInfo.byteLength & 65535, 5);
+        introHeader.set(routingInfo, 7);
+        introHeader.set(NOISE_HEADER, 7 + routingInfo.byteLength);
+    }
+    else {
+        introHeader = Buffer.from(NOISE_HEADER);
+    }
     const authenticate = (data) => {
-        if (!isFinished) {
-            hash = (0, crypto_1.sha256)(Buffer.concat([hash, data]));
+        if (!transport) {
+            hash = sha256(Buffer.concat([hash, data]));
         }
     };
     const encrypt = (plaintext) => {
-        const result = (0, crypto_1.aesEncryptGCM)(plaintext, encKey, generateIV(writeCounter), hash);
-        writeCounter += 1;
+        if (transport) {
+            return transport.encrypt(plaintext);
+        }
+        const result = aesEncryptGCM(plaintext, encKey, generateIV(counter++), hash);
         authenticate(result);
         return result;
     };
     const decrypt = (ciphertext) => {
-        // before the handshake is finished, we use the same counter
-        // after handshake, the counters are different
-        const iv = generateIV(isFinished ? readCounter : writeCounter);
-        const result = (0, crypto_1.aesDecryptGCM)(ciphertext, decKey, iv, hash);
-        if (isFinished) {
-            readCounter += 1;
-        }
-        else {
-            writeCounter += 1;
+        if (transport) {
+            return transport.decrypt(ciphertext);
         }
+        const result = aesDecryptGCM(ciphertext, decKey, generateIV(counter++), hash);
         authenticate(ciphertext);
         return result;
     };
     const localHKDF = (data) => {
-        const key = (0, crypto_1.hkdf)(Buffer.from(data), 64, { salt, info: '' });
-        return [key.slice(0, 32), key.slice(32)];
+        const key = hkdf(Buffer.from(data), 64, { salt, info: '' });
+        return [key.subarray(0, 32), key.subarray(32)];
     };
     const mixIntoKey = (data) => {
         const [write, read] = localHKDF(data);
         salt = write;
         encKey = read;
         decKey = read;
-        readCounter = 0;
-        writeCounter = 0;
+        counter = 0;
     };
-    const finishInit = () => {
+    const finishInit = async () => {
+        isWaitingForTransport = true;
         const [write, read] = localHKDF(new Uint8Array(0));
-        encKey = write;
-        decKey = read;
-        hash = Buffer.from([]);
-        readCounter = 0;
-        writeCounter = 0;
-        isFinished = true;
+        transport = new TransportState(write, read);
+        isWaitingForTransport = false;
+        logger.trace('Noise handler transitioned to Transport state');
+        if (pendingOnFrame) {
+            logger.trace({ length: inBytes.length }, 'Flushing buffered frames after transport ready');
+            await processData(pendingOnFrame);
+            pendingOnFrame = null;
+        }
+    };
+    const processData = async (onFrame) => {
+        let size;
+        while (true) {
+            if (inBytes.length < 3)
+                return;
+            size = (inBytes[0] << 16) | (inBytes[1] << 8) | inBytes[2];
+            if (inBytes.length < size + 3)
+                return;
+            let frame = inBytes.subarray(3, size + 3);
+            inBytes = inBytes.subarray(size + 3);
+            if (transport) {
+                const result = transport.decrypt(frame);
+                frame = await decodeBinaryNode(result);
+            }
+            if (logger.level === 'trace') {
+                logger.trace({ msg: frame?.attrs?.id }, 'recv frame');
+            }
+            onFrame(frame);
+        }
     };
-    const data = Buffer.from(Defaults_1.NOISE_MODE);
-    let hash = Buffer.from(data.byteLength === 32 ? data : (0, crypto_1.sha256)(data));
-    let salt = hash;
-    let encKey = hash;
-    let decKey = hash;
-    let readCounter = 0;
-    let writeCounter = 0;
-    let isFinished = false;
-    let sentIntro = false;
-    let inBytes = Buffer.alloc(0);
     authenticate(NOISE_HEADER);
     authenticate(publicKey);
     return {
@@ -79,77 +136,66 @@ const makeNoiseHandler = ({ keyPair: { private: privateKey, public: publicKey },
         finishInit,
         processHandshake: ({ serverHello }, noiseKey) => {
             authenticate(serverHello.ephemeral);
-            mixIntoKey(crypto_1.Curve.sharedKey(privateKey, serverHello.ephemeral));
+            mixIntoKey(Curve.sharedKey(privateKey, serverHello.ephemeral));
             const decStaticContent = decrypt(serverHello.static);
-            mixIntoKey(crypto_1.Curve.sharedKey(privateKey, decStaticContent));
+            mixIntoKey(Curve.sharedKey(privateKey, decStaticContent));
             const certDecoded = decrypt(serverHello.payload);
-            if (mobile) {
-                WAProto_1.proto.CertChain.NoiseCertificate.decode(certDecoded);
+            const { intermediate: certIntermediate, leaf } = proto.CertChain.decode(certDecoded);
+            // leaf
+            if (!leaf?.details || !leaf?.signature) {
+                throw new Boom('invalid noise leaf certificate', { statusCode: 400 });
             }
-            else {
-                const { intermediate: certIntermediate } = WAProto_1.proto.CertChain.decode(certDecoded);
-                const { issuerSerial } = WAProto_1.proto.CertChain.NoiseCertificate.Details.decode(certIntermediate.details);
-                if (issuerSerial !== Defaults_1.WA_CERT_DETAILS.SERIAL) {
-                    throw new boom_1.Boom('certification match failed', { statusCode: 400 });
-                }
+            if (!certIntermediate?.details || !certIntermediate?.signature) {
+                throw new Boom('invalid noise intermediate certificate', { statusCode: 400 });
+            }
+            const details = proto.CertChain.NoiseCertificate.Details.decode(certIntermediate.details);
+            const { issuerSerial } = details;
+            const verify = Curve.verify(details.key, leaf.details, leaf.signature);
+            const verifyIntermediate = Curve.verify(WA_CERT_DETAILS.PUBLIC_KEY, certIntermediate.details, certIntermediate.signature);
+            if (!verify) {
+                throw new Boom('noise certificate signature invalid', { statusCode: 400 });
+            }
+            if (!verifyIntermediate) {
+                throw new Boom('noise intermediate certificate signature invalid', { statusCode: 400 });
+            }
+            if (issuerSerial !== WA_CERT_DETAILS.SERIAL) {
+                throw new Boom('certification match failed', { statusCode: 400 });
             }
             const keyEnc = encrypt(noiseKey.public);
-            mixIntoKey(crypto_1.Curve.sharedKey(noiseKey.private, serverHello.ephemeral));
+            mixIntoKey(Curve.sharedKey(noiseKey.private, serverHello.ephemeral));
             return keyEnc;
         },
         encodeFrame: (data) => {
-            if (isFinished) {
-                data = encrypt(data);
-            }
-            let header;
-            if (routingInfo) {
-                header = Buffer.alloc(7);
-                header.write('ED', 0, 'utf8');
-                header.writeUint8(0, 2);
-                header.writeUint8(1, 3);
-                header.writeUint8(routingInfo.byteLength >> 16, 4);
-                header.writeUint16BE(routingInfo.byteLength & 65535, 5);
-                header = Buffer.concat([header, routingInfo, NOISE_HEADER]);
-            }
-            else {
-                header = Buffer.from(NOISE_HEADER);
+            if (transport) {
+                data = transport.encrypt(data);
             }
-            const introSize = sentIntro ? 0 : header.length;
-            const frame = Buffer.alloc(introSize + 3 + data.byteLength);
+            const dataLen = data.byteLength;
+            const introSize = sentIntro ? 0 : introHeader.length;
+            const frame = Buffer.allocUnsafe(introSize + 3 + dataLen);
             if (!sentIntro) {
-                frame.set(header);
+                frame.set(introHeader);
                 sentIntro = true;
             }
-            frame.writeUInt8(data.byteLength >> 16, introSize);
-            frame.writeUInt16BE(65535 & data.byteLength, introSize + 1);
+            frame[introSize] = (dataLen >>> 16) & 0xff;
+            frame[introSize + 1] = (dataLen >>> 8) & 0xff;
+            frame[introSize + 2] = dataLen & 0xff;
             frame.set(data, introSize + 3);
             return frame;
         },
-        decodeFrame: (newData, onFrame) => {
-            var _a;
-            // the binary protocol uses its own framing mechanism
-            // on top of the WS frames
-            // so we get this data and separate out the frames
-            const getBytesSize = () => {
-                if (inBytes.length >= 3) {
-                    return (inBytes.readUInt8() << 16) | inBytes.readUInt16BE(1);
-                }
-            };
-            inBytes = Buffer.concat([inBytes, newData]);
-            logger.trace(`recv ${newData.length} bytes, total recv ${inBytes.length} bytes`);
-            let size = getBytesSize();
-            while (size && inBytes.length >= size + 3) {
-                let frame = inBytes.slice(3, size + 3);
-                inBytes = inBytes.slice(size + 3);
-                if (isFinished) {
-                    const result = decrypt(frame);
-                    frame = (0, WABinary_1.decodeBinaryNode)(result);
-                }
-                logger.trace({ msg: (_a = frame === null || frame === void 0 ? void 0 : frame.attrs) === null || _a === void 0 ? void 0 : _a.id }, 'recv frame');
-                onFrame(frame);
-                size = getBytesSize();
+        decodeFrame: async (newData, onFrame) => {
+            if (isWaitingForTransport) {
+                inBytes = Buffer.concat([inBytes, newData]);
+                pendingOnFrame = onFrame;
+                return;
+            }
+            if (inBytes.length === 0) {
+                inBytes = Buffer.from(newData);
+            }
+            else {
+                inBytes = Buffer.concat([inBytes, newData]);
             }
+            await processData(onFrame);
         }
     };
 };
-exports.makeNoiseHandler = makeNoiseHandler;
+//# sourceMappingURL=noise-handler.js.map

package/lib/Utils/offline-node-processor.js

@@ -0,0 +1,40 @@
+/**
+ * Creates a processor for offline stanza nodes that:
+ * - Queues nodes for sequential processing
+ * - Yields to the event loop periodically to avoid blocking
+ * - Catches handler errors to prevent the processing loop from crashing
+ */
+export function makeOfflineNodeProcessor(nodeProcessorMap, deps, batchSize = 10) {
+    const nodes = [];
+    let isProcessing = false;
+    const enqueue = (type, node) => {
+        nodes.push({ type, node });
+        if (isProcessing) {
+            return;
+        }
+        isProcessing = true;
+        const promise = async () => {
+            let processedInBatch = 0;
+            while (nodes.length && deps.isWsOpen()) {
+                const { type, node } = nodes.shift();
+                const nodeProcessor = nodeProcessorMap.get(type);
+                if (!nodeProcessor) {
+                    deps.onUnexpectedError(new Error(`unknown offline node type: ${type}`), 'processing offline node');
+                    continue;
+                }
+                await nodeProcessor(node).catch(err => deps.onUnexpectedError(err, `processing offline ${type}`));
+                processedInBatch++;
+                // Yield to event loop after processing a batch
+                // This prevents blocking the event loop for too long when there are many offline nodes
+                if (processedInBatch >= batchSize) {
+                    processedInBatch = 0;
+                    await deps.yieldToEventLoop();
+                }
+            }
+            isProcessing = false;
+        };
+        promise().catch(error => deps.onUnexpectedError(error, 'processing offline nodes'));
+    };
+    return { enqueue };
+}
+//# sourceMappingURL=offline-node-processor.js.map

package/lib/Utils/pre-key-manager.js

@@ -0,0 +1,106 @@
+import PQueue from 'p-queue';
+/**
+ * Manages pre-key operations with proper concurrency control
+ */
+export class PreKeyManager {
+    constructor(store, logger) {
+        this.store = store;
+        this.logger = logger;
+        this.queues = new Map();
+    }
+    /**
+     * Get or create a queue for a specific key type
+     */
+    getQueue(keyType) {
+        if (!this.queues.has(keyType)) {
+            this.queues.set(keyType, new PQueue({ concurrency: 1 }));
+        }
+        return this.queues.get(keyType);
+    }
+    /**
+     * Process pre-key operations (updates and deletions)
+     */
+    async processOperations(data, keyType, transactionCache, mutations, isInTransaction) {
+        const keyData = data[keyType];
+        if (!keyData)
+            return;
+        return this.getQueue(keyType).add(async () => {
+            // Ensure structures exist
+            transactionCache[keyType] = transactionCache[keyType] || {};
+            mutations[keyType] = mutations[keyType] || {};
+            // Separate deletions from updates
+            const deletions = [];
+            const updates = {};
+            for (const keyId in keyData) {
+                if (keyData[keyId] === null) {
+                    deletions.push(keyId);
+                }
+                else {
+                    updates[keyId] = keyData[keyId];
+                }
+            }
+            // Process updates (no validation needed)
+            if (Object.keys(updates).length > 0) {
+                Object.assign(transactionCache[keyType], updates);
+                Object.assign(mutations[keyType], updates);
+            }
+            // Process deletions with validation
+            if (deletions.length > 0) {
+                await this.processDeletions(keyType, deletions, transactionCache, mutations, isInTransaction);
+            }
+        });
+    }
+    /**
+     * Process deletions with validation
+     */
+    async processDeletions(keyType, ids, transactionCache, mutations, isInTransaction) {
+        if (isInTransaction) {
+            // In transaction, only allow deletion if key exists in cache
+            for (const keyId of ids) {
+                if (transactionCache[keyType]?.[keyId]) {
+                    transactionCache[keyType][keyId] = null;
+                    mutations[keyType][keyId] = null;
+                }
+                else {
+                    this.logger.warn(`Skipping deletion of non-existent ${keyType} in transaction: ${keyId}`);
+                }
+            }
+        }
+        else {
+            // Outside transaction, validate against store
+            const existingKeys = await this.store.get(keyType, ids);
+            for (const keyId of ids) {
+                if (existingKeys[keyId]) {
+                    transactionCache[keyType][keyId] = null;
+                    mutations[keyType][keyId] = null;
+                }
+                else {
+                    this.logger.warn(`Skipping deletion of non-existent ${keyType}: ${keyId}`);
+                }
+            }
+        }
+    }
+    /**
+     * Validate and process pre-key deletions outside transactions
+     */
+    async validateDeletions(data, keyType) {
+        const keyData = data[keyType];
+        if (!keyData)
+            return;
+        return this.getQueue(keyType).add(async () => {
+            // Find all deletion requests
+            const deletionIds = Object.keys(keyData).filter(id => keyData[id] === null);
+            if (deletionIds.length === 0)
+                return;
+            // Validate deletions
+            const existingKeys = await this.store.get(keyType, deletionIds);
+            for (const keyId of deletionIds) {
+                if (!existingKeys[keyId]) {
+                    this.logger.warn(`Skipping deletion of non-existent ${keyType}: ${keyId}`);
+                    delete data[keyType][keyId];
+                }
+            }
+        });
+    }
+}
+//# sourceMappingURL=pre-key-manager.js.map