@dongdev/fca-unofficial 2.0.24 → 2.0.26

package/CHANGELOG.md

@@ -107,3 +107,9 @@ Too lazy to write changelog, sorry! (will write changelog in the next release, t
 
 ## v2.0.23 - 2025-10-11
 - Hotfix / auto bump
+
+## v2.0.24 - 2025-10-11
+- Hotfix / auto bump
+
+## v2.0.25 - 2025-10-12
+- Hotfix / auto bump

package/module/loginHelper.js

@@ -1,3 +1,4 @@
+"use strict";
 const fs = require("fs");
 const path = require("path");
 const models = require("../src/database/models");
@@ -230,6 +231,10 @@ async function backupAppStateSQL(j, userID) {
     const ck = cookieHeaderFromJar(j);
     await upsertBackup(Model, userID, "appstate", JSON.stringify(appJson));
     await upsertBackup(Model, userID, "cookie", ck);
+    try {
+      const out = path.join(process.cwd(), "appstate.json");
+      fs.writeFileSync(out, JSON.stringify(appJson, null, 2));
+    } catch { }
     logger("Backup stored (overwrite mode)", "info");
   } catch (e) {
     logger(`Failed to save appstate backup ${e && e.message ? e.message : String(e)}`, "warn");
@@ -258,66 +263,171 @@ async function getLatestBackupAny(type) {
   }
 }
 
-async function tokens(username, password, twofactor = null) {
-  const t0 = process.hrtime.bigint();
-  if (!username || !password) {
-    logger("Missing email or password", "error");
-    return { status: false, message: "Please provide email and password" };
+const MESSENGER_USER_AGENT = "Dalvik/2.1.0 (Linux; U; Android 9; ASUS_Z01QD Build/PQ3A.190605.003) [FBAN/Orca-Android;FBAV/391.2.0.20.404;FBPN/com.facebook.orca;FBLC/vi_VN;FBBV/437533963;FBCR/Viettel Telecom;FBMF/asus;FBBD/asus;FBDV/ASUS_Z01QD;FBSV/9;FBCA/x86:armeabi-v7a;FBDM/{density=1.5,width=1600,height=900};FB_FW/1;]";
+
+function encodesig(obj) {
+  let data = "";
+  Object.keys(obj).forEach(k => { data += `${k}=${obj[k]}`; });
+  return md5(data + "62f8ce9f74b12f84c123cc23437a4a32");
+}
+
+function sort(obj) {
+  const keys = Object.keys(obj).sort();
+  const out = {};
+  for (const k of keys) out[k] = obj[k];
+  return out;
+}
+
+async function setJarCookies(j, appstate) {
+  const tasks = [];
+  for (const c of appstate) {
+    const dom = (c.domain || ".facebook.com").replace(/^\./, "");
+    const path = c.path || "/";
+    const base1 = `https://${dom}${path}`;
+    const base2 = `https://www.${dom}${path}`;
+    const str = `${c.key}=${c.value}; Domain=${c.domain || ".facebook.com"}; Path=${path};`;
+    tasks.push(j.setCookie(str, base1));
+    tasks.push(j.setCookie(str, base2));
   }
-  logger(`AUTO-LOGIN: Initialize login ${mask(username, 2)}`, "info");
-  const cj = new CookieJar();
-  const axios = wrapper(axiosBase.create({ jar: cj, withCredentials: true, validateStatus: () => true, timeout: 30000 }));
-  const loginUrl = "https://b-graph.facebook.com/auth/login";
-  const baseForm = { adid: uuidv4(), email: username, password: password, format: "json", device_id: uuidv4(), cpl: "true", family_device_id: uuidv4(), locale: "en_US", client_country_code: "US", credentials_type: "device_based_login_password", generate_session_cookies: "1", generate_analytics_claim: "1", generate_machine_id: "1", currently_logged_in_userid: "0", irisSeqID: 1, try_num: "1", enroll_misauth: "false", meta_inf_fbmeta: "", source: "login", machine_id: randomString(24), fb_api_req_friendly_name: "authenticate", fb_api_caller_class: "com.facebook.account.login.protocol.Fb4aAuthHandler", api_key: "882a8490361da98702bf97a021ddc14d", access_token: "350685531728%7C62f8ce9f74b12f84c123cc23437a4a32" };
-  try {
-    const form1 = { ...baseForm };
-    form1.sig = encodeSig(sortObject(form1));
-    logger("AUTO-LOGIN: Send login request", "info");
-    const r0 = process.hrtime.bigint();
-    const res1 = await axios.post(loginUrl, qs.stringify(form1), { headers: buildHeaders(loginUrl, { "x-fb-friendly-name": form1.fb_api_req_friendly_name }) });
-    const dt1 = Number(process.hrtime.bigint() - r0) / 1e6;
-    logger(`AUTO-LOGIN: Received response ${res1.status} ${Math.round(dt1)}ms`, "info");
-    if (res1.status >= 400) throw { response: res1 };
-    if (res1.data && res1.data.session_cookies) {
-      const cookies = res1.data.session_cookies.map(e => ({ key: e.name, value: e.value, domain: "facebook.com", path: e.path, hostOnly: false }));
-      logger(`AUTO-LOGIN: Login success (first attempt) ${cookies.length} cookies`, "info");
-      const t1 = Number(process.hrtime.bigint() - t0) / 1e6;
-      logger(`Done success login ${Math.round(t1)}ms`, "info");
-      return { status: true, cookies };
-    }
-    throw { response: res1 };
-  } catch (err) {
-    const e = err && err.response ? err.response : null;
-    const code = e && e.data && e.data.error ? e.data.error.code : null;
-    const message = e && e.data && e.data.error ? e.data.error.message : "";
-    if (code) logger(`AUTO-LOGIN: Error on request #1 ${code} ${message}`, "warn");
-    logger("AUTO-LOGIN: Processing twofactor...", "info");
-    if (code === 401) return { status: false, message: message || "Unauthorized" };
-    if (!config.credentials?.twofactor) {
-      logger("AUTO-LOGIN: 2FA required but secret missing", "warn");
-      return { status: false, message: "Please provide the 2FA secret!" };
-    }
+  await Promise.all(tasks);
+}
+
+async function loginViaGraph(username, password, twofactorSecretOrCode, i_user, externalJar) {
+  const cookieJar = externalJar instanceof CookieJar ? externalJar : new CookieJar();
+  const client = wrapper(axiosBase.create({ jar: cookieJar, withCredentials: true, timeout: 30000, validateStatus: () => true }));
+  const device_id = uuidv4();
+  const family_device_id = device_id;
+  const machine_id = randomString(24);
+  const base = {
+    adid: "00000000-0000-0000-0000-000000000000",
+    format: "json",
+    device_id,
+    email: username,
+    password,
+    generate_analytics_claim: "1",
+    community_id: "",
+    cpl: "true",
+    try_num: "1",
+    family_device_id,
+    secure_family_device_id: "",
+    credentials_type: "password",
+    enroll_misauth: "false",
+    generate_session_cookies: "1",
+    source: "login",
+    generate_machine_id: "1",
+    jazoest: "22297",
+    meta_inf_fbmeta: "NO_FILE",
+    advertiser_id: "00000000-0000-0000-0000-000000000000",
+    currently_logged_in_userid: "0",
+    locale: "vi_VN",
+    client_country_code: "VN",
+    fb_api_req_friendly_name: "authenticate",
+    fb_api_caller_class: "AuthOperations$PasswordAuthOperation",
+    api_key: "256002347743983",
+    access_token: "256002347743983|374e60f8b9bb6b8cbb30f78030438895"
+  };
+  const headers = {
+    "User-Agent": MESSENGER_USER_AGENT,
+    "Accept-Encoding": "gzip, deflate",
+    "Content-Type": "application/x-www-form-urlencoded",
+    "x-fb-connection-quality": "EXCELLENT",
+    "x-fb-sim-hni": "45204",
+    "x-fb-net-hni": "45204",
+    "x-fb-connection-type": "WIFI",
+    "x-tigon-is-retry": "False",
+    "x-fb-friendly-name": "authenticate",
+    "x-fb-request-analytics-tags": '{"network_tags":{"retry_attempt":"0"},"application_tags":"unknown"}',
+    "x-fb-http-engine": "Liger",
+    "x-fb-client-ip": "True",
+    "x-fb-server-cluster": "True",
+    authorization: `OAuth ${base.access_token}`
+  };
+  const form1 = { ...base };
+  form1.sig = encodesig(sort(form1));
+  const res1 = await client.request({ url: "https://b-graph.facebook.com/auth/login", method: "post", data: qs.stringify(form1), headers });
+  if (res1.status === 200 && res1.data && res1.data.session_cookies) {
+    const appstate = res1.data.session_cookies.map(c => ({ key: c.name, value: c.value, domain: c.domain, path: c.path }));
+    const cUserCookie = appstate.find(c => c.key === "c_user");
+    if (i_user) appstate.push({ key: "i_user", value: i_user, domain: ".facebook.com", path: "/" });
+    else if (cUserCookie) appstate.push({ key: "i_user", value: cUserCookie.value, domain: ".facebook.com", path: "/" });
+    await setJarCookies(cookieJar, appstate);
+    let eaau = null;
+    let eaad6v7 = null;
+    try {
+      const r1 = await client.request({ url: `https://api.facebook.com/method/auth.getSessionforApp?format=json&access_token=${res1.data.access_token}&new_app_id=350685531728`, method: "get", headers: { "user-agent": MESSENGER_USER_AGENT, "x-fb-connection-type": "WIFI", authorization: `OAuth ${res1.data.access_token}` } });
+      eaau = r1.data && r1.data.access_token ? r1.data.access_token : null;
+    } catch { }
     try {
-      const dataErr = e && e.data && e.data.error && e.data.error.error_data ? e.data.error_data : {};
-      const codeTotp = await genTotp(config.credentials.twofactor);
-      logger(`AUTO-LOGIN: Performing 2FA ${mask(codeTotp, 2)}`, "info");
-      const form2 = { ...baseForm, twofactor_code: codeTotp, encrypted_msisdn: "", userid: dataErr.uid || "", machine_id: dataErr.machine_id || baseForm.machine_id, first_factor: dataErr.login_first_factor || "", credentials_type: "two_factor" };
-      form2.sig = encodeSig(sortObject(form2));
-      const r1 = process.hrtime.bigint();
-      const res2 = await axios.post(loginUrl, qs.stringify(form2), { headers: buildHeaders(loginUrl, { "x-fb-friendly-name": form2.fb_api_req_friendly_name }) });
-      const dt2 = Number(process.hrtime.bigint() - r1) / 1e6;
-      logger(`AUTO-LOGIN: Received 2FA response ${res2.status} ${Math.round(dt2)}ms`, "info");
-      if (res2.status >= 400 || !(res2.data && res2.data.session_cookies)) throw new Error("2FA failed");
-      const cookies = res2.data.session_cookies.map(e => ({ key: e.name, value: e.value, domain: "facebook.com", path: e.path, hostOnly: false }));
-      logger(`AUTO-LOGIN: Login success with 2FA ${cookies.length} cookies`, "info");
-      const t1 = Number(process.hrtime.bigint() - t0) / 1e6;
-      logger(`AUTO-LOGIN: Done success login with 2FA ${Math.round(t1)}ms`, "info");
-      return { status: true, cookies };
-    } catch {
-      logger("AUTO-LOGIN: 2FA failed", "error");
-      return { status: false, message: "Invalid two-factor code!" };
+      const r2 = await client.request({ url: `https://api.facebook.com/method/auth.getSessionforApp?format=json&access_token=${res1.data.access_token}&new_app_id=275254692598279`, method: "get", headers: { "user-agent": MESSENGER_USER_AGENT, "x-fb-connection-type": "WIFI", authorization: `OAuth ${res1.data.access_token}` } });
+      eaad6v7 = r2.data && r2.data.access_token ? r2.data.access_token : null;
+    } catch { }
+    return { ok: true, cookies: appstate.map(c => ({ key: c.key, value: c.value })), jar: cookieJar, access_token_mess: res1.data.access_token || null, access_token: eaau, access_token_eaad6v7: eaad6v7, uid: res1.data.uid || cUserCookie?.value || null, session_key: res1.data.session_key || null };
+  }
+  const err = res1 && res1.data && res1.data.error ? res1.data.error : {};
+  if (err && err.code === 406) {
+    const data = err.error_data || {};
+    let code = null;
+    if (twofactorSecretOrCode && /^\d{6}$/.test(String(twofactorSecretOrCode))) code = String(twofactorSecretOrCode);
+    else if (twofactorSecretOrCode) {
+      try {
+        const clean = decodeURI(twofactorSecretOrCode).replace(/\s+/g, "").toUpperCase();
+        const { otp } = await TOTP.generate(clean);
+        code = otp;
+      } catch { }
+    } else if (config.credentials?.twofactor) {
+      const { otp } = await TOTP.generate(String(config.credentials.twofactor).replace(/\s+/g, "").toUpperCase());
+      code = otp;
     }
+    if (!code) return { ok: false, message: "2FA required" };
+    const form2 = {
+      ...base,
+      credentials_type: "two_factor",
+      twofactor_code: code,
+      userid: data.uid || username,
+      first_factor: data.login_first_factor || "",
+      machine_id: data.machine_id || machine_id
+    };
+    form2.sig = encodesig(sort(form2));
+    const res2 = await client.request({ url: "https://b-graph.facebook.com/auth/login", method: "post", data: qs.stringify(form2), headers });
+    if (res2.status === 200 && res2.data && res2.data.session_cookies) {
+      const appstate = res2.data.session_cookies.map(c => ({ key: c.name, value: c.value, domain: c.domain, path: c.path }));
+      const cUserCookie = appstate.find(c => c.key === "c_user");
+      if (i_user) appstate.push({ key: "i_user", value: i_user, domain: ".facebook.com", path: "/" });
+      else if (cUserCookie) appstate.push({ key: "i_user", value: cUserCookie.value, domain: ".facebook.com", path: "/" });
+      await setJarCookies(cookieJar, appstate);
+      let eaau = null;
+      let eaad6v7 = null;
+      try {
+        const r1 = await client.request({ url: `https://api.facebook.com/method/auth.getSessionforApp?format=json&access_token=${res2.data.access_token}&new_app_id=350685531728`, method: "get", headers: { "user-agent": MESSENGER_USER_AGENT, "x-fb-connection-type": "WIFI", authorization: `OAuth ${res2.data.access_token}` } });
+        eaau = r1.data && r1.data.access_token ? r1.data.access_token : null;
+      } catch { }
+      try {
+        const r2 = await client.request({ url: `https://api.facebook.com/method/auth.getSessionforApp?format=json&access_token=${res2.data.access_token}&new_app_id=275254692598279`, method: "get", headers: { "user-agent": MESSENGER_USER_AGENT, "x-fb-connection-type": "WIFI", authorization: `OAuth ${res2.data.access_token}` } });
+        eaad6v7 = r2.data && r2.data.access_token ? r2.data.access_token : null;
+      } catch { }
+      return { ok: true, cookies: appstate.map(c => ({ key: c.key, value: c.value })), jar: cookieJar, access_token_mess: res2.data.access_token || null, access_token: eaau, access_token_eaad6v7: eaad6v7, uid: res2.data.uid || cUserCookie?.value || null, session_key: res2.data.session_key || null };
+    }
+    return { ok: false, message: "2FA failed" };
+  }
+  return { ok: false, message: "Login failed" };
+}
+
+async function tokens(username, password, twofactor = null) {
+  const t0 = process.hrtime.bigint();
+  if (!username || !password) return { status: false, message: "Please provide email and password" };
+  logger(`AUTO-LOGIN: Initialize login ${mask(username, 2)}`, "info");
+  const res = await loginViaGraph(username, password, twofactor, null, jar);
+  if (res && res.ok && Array.isArray(res.cookies)) {
+    logger(`AUTO-LOGIN: Login success ${res.cookies.length} cookies`, "info");
+    const t1 = Number(process.hrtime.bigint() - t0) / 1e6;
+    logger(`Done success login ${Math.round(t1)}ms`, "info");
+    return { status: true, cookies: res.cookies };
+  }
+  if (res && res.message === "2FA required") {
+    logger("AUTO-LOGIN: 2FA required but secret missing", "warn");
+    return { status: false, message: "Please provide the 2FA secret!" };
   }
+  return { status: false, message: res && res.message ? res.message : "Login failed" };
 }
 
 async function hydrateJarFromDB(userID) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dongdev/fca-unofficial",
-  "version": "2.0.24",
+  "version": "2.0.26",
   "description": "Unofficial Facebook Chat API for Node.js - Interact with Facebook Messenger programmatically",
   "main": "index.js",
   "scripts": {

package/src/api/messaging/getThemePictures.js

@@ -0,0 +1,62 @@
+"use strict";
+
+const log = require("npmlog");
+const { parseAndCheckLogin } = require("../../utils/client");
+const { getType } = require("../../utils/format");
+module.exports = function (defaultFuncs, api, ctx) {
+  return function getThemePictures(id, callback) {
+    let resolveFunc = function () { };
+    let rejectFunc = function () { };
+    const returnPromise = new Promise(function (resolve, reject) {
+      resolveFunc = resolve;
+      rejectFunc = reject;
+    });
+
+    if (!callback) {
+      if (
+        getType(callback) == "Function" ||
+        getType(callback) == "AsyncFunction"
+      ) {
+        callback = callback;
+      } else {
+        callback = function (err, data) {
+          if (err) {
+            return rejectFunc(err);
+          }
+          resolveFunc(data);
+        };
+      }
+    }
+
+    if (getType(id) != "String") {
+      id = "";
+    }
+
+    const form = {
+      fb_api_caller_class: "RelayModern",
+      fb_api_req_friendly_name: "MWPThreadThemeProviderQuery",
+      doc_id: "9734829906576883",
+      server_timestamps: true,
+      variables: JSON.stringify({
+        id
+      }),
+      av: ctx.userID
+    };
+    defaultFuncs
+      .post("https://www.facebook.com/api/graphql/", ctx.jar, form)
+      .then(parseAndCheckLogin(ctx, defaultFuncs))
+      .then(function (resData) {
+        if (resData.errors) {
+          throw resData;
+        }
+
+        return callback(null, resData);
+      })
+      .catch(function (err) {
+        log.error("getThemePictures", err);
+        return callback(err);
+      });
+
+    return returnPromise;
+  };
+};

package/src/api/messaging/removeUserFromGroup.js

@@ -1,6 +1,7 @@
 "use strict";
 
-const { parseAndCheckLogin, getType } = require("../../utils/format");
+const { getType } = require("../../utils/format");
+const { parseAndCheckLogin } = require("../../utils/client");
 const log = require("npmlog");
 
 module.exports = function (defaultFuncs, api, ctx) {

package/src/api/socket/core/connectMqtt.js

@@ -80,23 +80,30 @@ module.exports = function createListenMqtt(deps) {
     const mqttClient = ctx.mqttClient;
     global.mqttClient = mqttClient;
 
-
     mqttClient.on("error", function (err) {
       const msg = String(err && err.message ? err.message : err || "");
-
-      if ((ctx._ending || ctx._cycling) && isEndingLikeError(msg)) {
+      if ((ctx._ending || ctx._cycling) && /No subscription existed|client disconnecting/i.test(msg)) {
         logger(`mqtt expected during shutdown: ${msg}`, "info");
         return;
       }
+
+      if (/Not logged in|Not logged in.|blocked the login|401|403/i.test(msg)) {
+        try { mqttClient.end(true); } catch (_) { }
+        return emitAuth(ctx, api, globalCallback,
+          /blocked/i.test(msg) ? "login_blocked" : "not_logged_in",
+          msg
+        );
+      }
       logger(`mqtt error: ${msg}`, "error");
       try { mqttClient.end(true); } catch (_) { }
       if (ctx._ending || ctx._cycling) return;
 
       if (ctx.globalOptions.autoReconnect) {
-        scheduleReconnect();
+        const d = (ctx._mqttOpt && ctx._mqttOpt.reconnectDelayMs) || 2000;
+        logger(`mqtt autoReconnect listenMqtt() in ${d}ms`, "warn");
+        setTimeout(() => listenMqtt(defaultFuncs, api, ctx, globalCallback), d);
       } else {
-
-        globalCallback({ type: "stop_listen", error: msg || "Connection refused: Server unavailable" }, null);
+        globalCallback({ type: "stop_listen", error: msg || "Connection refused" }, null);
       }
     });
 

package/src/api/socket/core/emitAuth.js

@@ -0,0 +1,22 @@
+"use strict";
+module.exports = function createEmitAuth({ logger }) {
+  return function emitAuth(ctx, api, globalCallback, reason, detail) {
+    try { if (ctx._autoCycleTimer) clearInterval(ctx._autoCycleTimer); } catch (_) { }
+    try { ctx._ending = true; } catch (_) { }
+    try { if (ctx.mqttClient) ctx.mqttClient.end(true); } catch (_) { }
+    ctx.mqttClient = undefined;
+    ctx.loggedIn = false;
+
+    const msg = detail || reason;
+    logger(`auth change -> ${reason}: ${msg}`, "error");
+
+    if (typeof globalCallback === "function") {
+      globalCallback({
+        type: "account_inactive",
+        reason,
+        error: msg,
+        timestamp: Date.now()
+      }, null);
+    }
+  };
+};

package/src/api/socket/core/getSeqID.js

@@ -2,24 +2,38 @@
 const { getType } = require("../../../utils/format");
 const { parseAndCheckLogin } = require("../../../utils/client");
 module.exports = function createGetSeqID(deps) {
-  const { listenMqtt } = deps;
+  const { listenMqtt, logger, emitAuth } = deps;
+
   return function getSeqID(defaultFuncs, api, ctx, globalCallback, form) {
     ctx.t_mqttCalled = false;
-    return defaultFuncs.post("https://www.facebook.com/api/graphqlbatch/", ctx.jar, form).then(parseAndCheckLogin(ctx, defaultFuncs)).then(resData => {
-      if (getType(resData) !== "Array") throw { error: "Not logged in", res: resData };
-      if (!Array.isArray(resData) || !resData.length) return;
-      const lastRes = resData[resData.length - 1];
-      if (lastRes && lastRes.successful_results === 0) return;
-      const syncSeqId = resData[0] && resData[0].o0 && resData[0].o0.data && resData[0].o0.data.viewer && resData[0].o0.data.viewer.message_threads && resData[0].o0.data.viewer.message_threads.sync_sequence_id;
-      if (syncSeqId) {
-        ctx.lastSeqId = syncSeqId;
-        listenMqtt(defaultFuncs, api, ctx, globalCallback);
-      } else {
-        throw { error: "getSeqId: no sync_sequence_id found.", res: resData };
-      }
-    }).catch(err => {
-      if (getType(err) === "Object" && err.error === "Not logged in") ctx.loggedIn = false;
-      return globalCallback(err);
-    });
+    return defaultFuncs
+      .post("https://www.facebook.com/api/graphqlbatch/", ctx.jar, form)
+      .then(parseAndCheckLogin(ctx, defaultFuncs))
+      .then(resData => {
+        if (getType(resData) !== "Array") throw { error: "Not logged in" };
+        if (!Array.isArray(resData) || !resData.length) return;
+        const lastRes = resData[resData.length - 1];
+        if (lastRes && lastRes.successful_results === 0) return;
+
+        const syncSeqId = resData[0]?.o0?.data?.viewer?.message_threads?.sync_sequence_id;
+        if (syncSeqId) {
+          ctx.lastSeqId = syncSeqId;
+          logger("mqtt getSeqID ok -> listenMqtt()", "info");
+          listenMqtt(defaultFuncs, api, ctx, globalCallback);
+        } else {
+          throw { error: "getSeqId: no sync_sequence_id found." };
+        }
+      })
+      .catch(err => {
+        const msg = (err && err.error) || (err && err.message) || String(err || "");
+        if (/Not logged in/i.test(msg)) {
+          return emitAuth(ctx, api, globalCallback, "not_logged_in", msg);
+        }
+        if (/blocked the login/i.test(msg)) {
+          return emitAuth(ctx, api, globalCallback, "login_blocked", msg);
+        }
+        logger(`getSeqID error: ${msg}`, "error");
+        return emitAuth(ctx, api, globalCallback, "auth_error", msg);
+      });
   };
 };

package/src/api/socket/listenMqtt.js

@@ -12,9 +12,11 @@ const createListenMqtt = require("./core/connectMqtt");
 const createGetSeqID = require("./core/getSeqID");
 const markDelivery = require("./core/markDelivery");
 const getTaskResponseData = require("./core/getTaskResponseData");
+const createEmitAuth = require("./core/emitAuth");
 const parseDelta = createParseDelta({ markDelivery, parseAndCheckLogin });
 const listenMqtt = createListenMqtt({ WebSocket, mqtt, HttpsProxyAgent, buildStream, buildProxy, topics, parseDelta, getTaskResponseData, logger });
 const getSeqIDFactory = createGetSeqID({ parseAndCheckLogin, listenMqtt, logger });
+const emitAuth = createEmitAuth({ logger });
 
 const MQTT_DEFAULTS = { cycleMs: 60 * 60 * 1000, reconnectDelayMs: 2000, autoReconnect: true, reconnectAfterStop: false };
 function mqttConf(ctx, overrides) {
@@ -26,6 +28,33 @@ function mqttConf(ctx, overrides) {
 module.exports = function (defaultFuncs, api, ctx, opts) {
   const identity = function () { };
   let globalCallback = identity;
+
+  function installPostGuard() {
+    if (ctx._postGuarded) return defaultFuncs.post;
+    const rawPost = defaultFuncs.post && defaultFuncs.post.bind(defaultFuncs);
+    if (!rawPost) return defaultFuncs.post;
+
+    function postSafe(...args) {
+      return rawPost(...args).catch(err => {
+        const msg = (err && err.error) || (err && err.message) || String(err || "");
+        if (/Not logged in|blocked the login/i.test(msg)) {
+          emitAuth(
+            ctx,
+            api,
+            globalCallback,
+            /blocked/i.test(msg) ? "login_blocked" : "not_logged_in",
+            msg
+          );
+        }
+        throw err;
+      });
+    }
+    defaultFuncs.post = postSafe;
+    ctx._postGuarded = true;
+    logger("postSafe guard installed for defaultFuncs.post", "info");
+    return postSafe;
+  }
+
   let conf = mqttConf(ctx, opts);
 
   function getSeqIDWrapper() {
@@ -34,7 +63,10 @@ module.exports = function (defaultFuncs, api, ctx, opts) {
       queries: JSON.stringify({
         o0: {
           doc_id: "3336396659757871",
-          query_params: { limit: 1, before: null, tags: ["INBOX"], includeDeliveryReceipts: false, includeSeqID: true }
+          query_params: {
+            limit: 1, before: null, tags: ["INBOX"],
+            includeDeliveryReceipts: false, includeSeqID: true
+          }
         }
       })
     };
@@ -85,7 +117,7 @@ module.exports = function (defaultFuncs, api, ctx, opts) {
   }
 
   function forceCycle() {
-    if (ctx._cycling) return;           // đừng cycle chồng
+    if (ctx._cycling) return;
     ctx._cycling = true;
     ctx._ending = true;
     logger("mqtt force cycle begin", "warn");
@@ -119,12 +151,16 @@ module.exports = function (defaultFuncs, api, ctx, opts) {
     }
 
     const msgEmitter = new MessageEmitter();
+
     globalCallback = callback || function (error, message) {
       if (error) { logger("mqtt emit error", "error"); return msgEmitter.emit("error", error); }
       msgEmitter.emit("message", message);
     };
 
     conf = mqttConf(ctx, conf);
+
+    installPostGuard();
+
     if (!ctx.firstListen) ctx.lastSeqId = null;
     ctx.syncToken = undefined;
     ctx.t_mqttCalled = false;

package/src/api/threads/getThreadInfo.js

@@ -1,5 +1,3 @@
-"use strict";
-
 const fs = require("fs");
 const path = require("path");
 const logger = require("../../../func/logger");
@@ -122,6 +120,8 @@ let isProcessingQueue = false;
 const processingThreads = new Set();
 const queuedThreads = new Set();
 const cooldown = new Map();
+const inflight = new Map();
+let loopStarted = false;
 
 module.exports = function (defaultFuncs, api, ctx) {
   const getMultiInfo = async function (threadIDs) {
@@ -204,6 +204,17 @@ module.exports = function (defaultFuncs, api, ctx) {
     }
   }
 
+  async function createOrUpdateThread(id, data) {
+    const existing = await get(id);
+    if (existing) {
+      await update(id, { data });
+      return "update";
+    } else {
+      await create(id, { data });
+      return "create";
+    }
+  }
+
   async function fetchThreadInfo(tID, isNew) {
     try {
       const response = await getMultiInfo([tID]);
@@ -214,13 +225,8 @@ module.exports = function (defaultFuncs, api, ctx) {
       }
       const threadInfo = response.Data[0];
       await upsertUsersFromThreadInfo(threadInfo);
-      if (isNew) {
-        await create(tID, { data: threadInfo });
-        logger(`Success create data thread: ${tID}`, "info");
-      } else {
-        await update(tID, { data: threadInfo });
-        logger(`Success update data thread: ${tID}`, "info");
-      }
+      const op = await createOrUpdateThread(tID, threadInfo);
+      logger(`${op === "create" ? "Success create data thread" : "Success update data thread"}: ${tID}`, "info");
     } catch (err) {
       cooldown.set(tID, Date.now() + 5 * 60 * 1000);
       logger(`fetchThreadInfo error ${tID}: ${err?.message || err}`, "error");
@@ -242,7 +248,6 @@ module.exports = function (defaultFuncs, api, ctx) {
         const lastUpdated = new Date(result.updatedAt).getTime();
         if ((now - lastUpdated) / (1000 * 60) > 10 && !queuedThreads.has(t)) {
           queuedThreads.add(t);
-          logger(`ThreadID ${t} queued for refresh`, "info");
           queue.push(() => fetchThreadInfo(t, false));
         }
       }
@@ -265,10 +270,13 @@ module.exports = function (defaultFuncs, api, ctx) {
     isProcessingQueue = false;
   }
 
-  setInterval(() => {
-    checkAndUpdateThreads();
-    processQueue();
-  }, 10000);
+  if (!loopStarted) {
+    loopStarted = true;
+    setInterval(() => {
+      checkAndUpdateThreads();
+      processQueue();
+    }, 10000);
+  }
 
   return async function getThreadInfoGraphQL(threadID, callback) {
     let resolveFunc = function () { };
@@ -284,25 +292,89 @@ module.exports = function (defaultFuncs, api, ctx) {
       };
     }
     if (getType(threadID) !== "Array") threadID = [threadID];
+    const tid = String(threadID[0]);
     try {
-      const cached = await get(threadID[0]);
+      const cd = cooldown.get(tid);
+      if (cd && Date.now() < cd) {
+        const cachedCd = await get(tid);
+        if (cachedCd?.data && isValidThread(cachedCd.data)) {
+          await upsertUsersFromThreadInfo(cachedCd.data);
+          callback(null, cachedCd.data);
+          return returnPromise;
+        }
+        const stub = {
+          threadID: tid,
+          threadName: null,
+          participantIDs: [],
+          userInfo: [],
+          unreadCount: 0,
+          messageCount: 0,
+          timestamp: null,
+          muteUntil: null,
+          isGroup: false,
+          isSubscribed: false,
+          isArchived: false,
+          folder: null,
+          cannotReplyReason: null,
+          eventReminders: [],
+          emoji: null,
+          color: null,
+          threadTheme: null,
+          nicknames: {},
+          adminIDs: [],
+          approvalMode: false,
+          approvalQueue: [],
+          reactionsMuteMode: "",
+          mentionsMuteMode: "",
+          isPinProtected: false,
+          relatedPageThread: null,
+          name: null,
+          snippet: null,
+          snippetSender: null,
+          snippetAttachments: [],
+          serverTimestamp: null,
+          imageSrc: null,
+          isCanonicalUser: false,
+          isCanonical: true,
+          recipientsLoadable: false,
+          hasEmailParticipant: false,
+          readOnly: false,
+          canReply: false,
+          lastMessageTimestamp: null,
+          lastMessageType: "message",
+          lastReadTimestamp: null,
+          threadType: 1,
+          inviteLink: { enable: false, link: null },
+          __status: "cooldown",
+        };
+        await createOrUpdateThread(tid, stub);
+        callback(null, stub);
+        return returnPromise;
+      }
+
+      const cached = await get(tid);
       if (cached?.data && isValidThread(cached.data)) {
         await upsertUsersFromThreadInfo(cached.data);
         callback(null, cached.data);
         return returnPromise;
       }
-      if (!processingThreads.has(threadID[0])) {
-        processingThreads.add(threadID[0]);
-        logger(`Created new thread data: ${threadID[0]}`, "info");
-        const response = await getMultiInfo(threadID);
+
+      if (inflight.has(tid)) {
+        inflight.get(tid).then(data => callback(null, data)).catch(err => callback(err));
+        return returnPromise;
+      }
+
+      const p = (async () => {
+        processingThreads.add(tid);
+        const response = await getMultiInfo([tid]);
         if (response.Success && response.Data && isValidThread(response.Data[0])) {
           const data = response.Data[0];
           await upsertUsersFromThreadInfo(data);
-          await create(threadID[0], { data });
-          callback(null, data);
+          await createOrUpdateThread(tid, data);
+          return data;
         } else {
           const stub = {
-            threadID: threadID[0],
+            threadID: tid,
             threadName: null,
             participantIDs: [],
             userInfo: [],
@@ -346,11 +418,18 @@ module.exports = function (defaultFuncs, api, ctx) {
             inviteLink: { enable: false, link: null },
             __status: "unavailable",
           };
-          cooldown.set(threadID[0], Date.now() + 5 * 60 * 1000);
-          callback(null, stub);
+          cooldown.set(tid, Date.now() + 5 * 60 * 1000);
+          await createOrUpdateThread(tid, stub);
+          return stub;
         }
-        processingThreads.delete(threadID[0]);
-      }
+      })()
+        .finally(() => {
+          processingThreads.delete(tid);
+          inflight.delete(tid);
+        });
+
+      inflight.set(tid, p);
+      p.then(data => callback(null, data)).catch(err => callback(err));
     } catch (err) {
       callback(err);
     }