@kaikybrofc/omnizap-system 2.2.3 → 2.2.4

package/app/modules/stickerPackModule/stickerPackCatalogHttp.js

@@ -8,6 +8,7 @@ import { getJidUser, normalizeJid, resolveBotJid } from '../../config/baileysCon
 import { getAdminPhone, getAdminRawValue, resolveAdminJid } from '../../config/adminIdentity.js';
 import { getActiveSocket } from '../../services/socketState.js';
 import { extractUserIdInfo, resolveUserId } from '../../services/lidMapService.js';
+import { resolveWhatsAppOwnerJidFromLoginPayload, toWhatsAppOwnerJid, toWhatsAppPhoneDigits } from '../../services/whatsappLoginLinkService.js';
 import logger from '../../utils/logger/loggerModule.js';
 import { getSystemMetrics } from '../../utils/systemMetrics/systemMetricsModule.js';
 import {
@@ -143,12 +144,15 @@ const STICKER_API_BASE_PATH = normalizeBasePath(process.env.STICKER_API_BASE_PAT
 const STICKER_ORPHAN_API_PATH = `${STICKER_API_BASE_PATH}/orphan-stickers`;
 const STICKER_CREATE_WEB_PATH = `${STICKER_WEB_PATH}/create`;
 const STICKER_ADMIN_WEB_PATH = `${STICKER_WEB_PATH}/admin`;
+const STICKER_LOGIN_WEB_PATH = normalizeBasePath(process.env.STICKER_LOGIN_WEB_PATH, '/login');
+const USER_PROFILE_WEB_PATH = normalizeBasePath(process.env.USER_PROFILE_WEB_PATH, '/user');
 const STICKER_DATA_PUBLIC_PATH = normalizeBasePath(process.env.STICKER_DATA_PUBLIC_PATH, '/data');
 const STICKER_DATA_PUBLIC_DIR = path.resolve(process.env.STICKER_DATA_PUBLIC_DIR || path.join(process.cwd(), 'data'));
 const CATALOG_PUBLIC_DIR = path.resolve(process.cwd(), 'public');
 const CATALOG_TEMPLATE_PATH = path.join(CATALOG_PUBLIC_DIR, 'stickers', 'index.html');
 const CREATE_PACK_TEMPLATE_PATH = path.join(CATALOG_PUBLIC_DIR, 'stickers', 'create', 'index.html');
 const ADMIN_PANEL_TEMPLATE_PATH = path.join(CATALOG_PUBLIC_DIR, 'stickers', 'admin', 'index.html');
+const USER_DASHBOARD_TEMPLATE_PATH = path.join(CATALOG_PUBLIC_DIR, 'user', 'index.html');
 const CATALOG_STYLES_FILE_PATH = path.join(CATALOG_PUBLIC_DIR, 'css', 'styles.css');
 const CATALOG_SCRIPT_FILE_PATH = path.join(CATALOG_PUBLIC_DIR, 'js', 'catalog.js');
 const DEFAULT_LIST_LIMIT = clampInt(process.env.STICKER_WEB_LIST_LIMIT, 24, 1, 60);
@@ -920,6 +924,7 @@ const normalizeGoogleWebSessionRow = (row) => {
   const token = String(row.session_token || '').trim();
   const sub = normalizeGoogleSubject(row.google_sub);
   const ownerJid = normalizeJid(row.owner_jid) || '';
+  const ownerPhone = toWhatsAppPhoneDigits(row.owner_phone || ownerJid) || '';
   const expiresAt = Number(new Date(row.expires_at || 0));
   if (!token || !sub || !ownerJid || !Number.isFinite(expiresAt)) return null;
   const createdAtRaw = Number(new Date(row.created_at || 0));
@@ -931,6 +936,7 @@ const normalizeGoogleWebSessionRow = (row) => {
     name: sanitizeText(row.name || '', 120, { allowEmpty: true }) || null,
     picture: String(row.picture_url || '').trim() || null,
     ownerJid,
+    ownerPhone,
     createdAt: Number.isFinite(createdAtRaw) ? createdAtRaw : Date.now(),
     expiresAt,
     lastSeenAt: Number.isFinite(lastSeenAtRaw) ? lastSeenAtRaw : 0,
@@ -959,10 +965,20 @@ const upsertGoogleWebUserRecord = async (user, connection = null) => {
   const sub = normalizeGoogleSubject(user?.sub);
   const ownerJid = normalizeJid(user?.ownerJid) || '';
   if (!sub || !ownerJid) return;
+  const ownerPhone = toWhatsAppPhoneDigits(ownerJid) || null;
   const email = String(user?.email || '').trim().toLowerCase() || null;
   const name = sanitizeText(user?.name || '', 120, { allowEmpty: true }) || null;
   const pictureUrl = String(user?.picture || '').trim().slice(0, 1024) || null;
 
+  // owner_jid e unico; removemos vinculos antigos desse numero antes do upsert para manter 1:1.
+  await executeQuery(
+    `DELETE FROM ${TABLES.STICKER_WEB_GOOGLE_USER}
+      WHERE owner_jid = ?
+        AND google_sub <> ?`,
+    [ownerJid, sub],
+    connection,
+  );
+
   await executeQuery(
     `INSERT INTO ${TABLES.STICKER_WEB_GOOGLE_USER}
       (google_sub, owner_jid, email, name, picture_url, last_login_at, last_seen_at)
@@ -977,12 +993,22 @@ const upsertGoogleWebUserRecord = async (user, connection = null) => {
     [sub, ownerJid, email, name, pictureUrl],
     connection,
   );
+
+  // Persistimos o telefone normalizado do owner para facilitar consultas administrativas.
+  await executeQuery(
+    `UPDATE ${TABLES.STICKER_WEB_GOOGLE_USER}
+        SET owner_phone = COALESCE(?, owner_phone)
+      WHERE google_sub = ?`,
+    [ownerPhone, sub],
+    connection,
+  ).catch(() => {});
 };
 
 const upsertGoogleWebSessionRecord = async (session, connection = null) => {
   const token = String(session?.token || '').trim();
   const sub = normalizeGoogleSubject(session?.sub);
   const ownerJid = normalizeJid(session?.ownerJid) || '';
+  const ownerPhone = toWhatsAppPhoneDigits(session?.ownerPhone || ownerJid) || null;
   const expiresAt = Number(session?.expiresAt || 0);
   if (!token || !sub || !ownerJid || !Number.isFinite(expiresAt) || expiresAt <= 0) return;
   const email = String(session?.email || '').trim().toLowerCase() || null;
@@ -1005,6 +1031,42 @@ const upsertGoogleWebSessionRecord = async (session, connection = null) => {
     [token, sub, ownerJid, email, name, pictureUrl, new Date(expiresAt)],
     connection,
   );
+
+  await executeQuery(
+    `UPDATE ${TABLES.STICKER_WEB_GOOGLE_SESSION}
+        SET owner_phone = COALESCE(?, owner_phone)
+      WHERE session_token = ?`,
+    [ownerPhone, token],
+    connection,
+  ).catch(() => {});
+};
+
+const deleteOtherGoogleWebSessionsInDb = async ({ token = '', ownerJid = '', sub = '' } = {}, connection = null) => {
+  const sessionToken = String(token || '').trim();
+  const normalizedOwnerJid = normalizeJid(ownerJid) || '';
+  const normalizedSub = normalizeGoogleSubject(sub);
+  if (!sessionToken || (!normalizedOwnerJid && !normalizedSub)) return 0;
+
+  const clauses = [];
+  const params = [];
+  if (normalizedOwnerJid) {
+    clauses.push('owner_jid = ?');
+    params.push(normalizedOwnerJid);
+  }
+  if (normalizedSub) {
+    clauses.push('google_sub = ?');
+    params.push(normalizedSub);
+  }
+  if (!clauses.length) return 0;
+
+  const result = await executeQuery(
+    `DELETE FROM ${TABLES.STICKER_WEB_GOOGLE_SESSION}
+      WHERE session_token <> ?
+        AND (${clauses.join(' OR ')})`,
+    [sessionToken, ...params],
+    connection,
+  );
+  return Number(result?.affectedRows || 0);
 };
 
 const persistGoogleWebSessionToDb = async (session) => {
@@ -1021,6 +1083,14 @@ const persistGoogleWebSessionToDb = async (session) => {
       },
       connection,
     );
+    await deleteOtherGoogleWebSessionsInDb(
+      {
+        token: session.token,
+        ownerJid: session.ownerJid,
+        sub: session.sub,
+      },
+      connection,
+    );
     await upsertGoogleWebSessionRecord(session, connection);
   });
 };
@@ -1030,7 +1100,7 @@ const findGoogleWebSessionInDbByToken = async (sessionToken) => {
   if (!token) return null;
   await maybePruneExpiredGoogleSessionsFromDb();
   const rows = await executeQuery(
-    `SELECT session_token, google_sub, owner_jid, email, name, picture_url, created_at, expires_at, last_seen_at
+    `SELECT session_token, google_sub, owner_jid, owner_phone, email, name, picture_url, created_at, expires_at, last_seen_at
        FROM ${TABLES.STICKER_WEB_GOOGLE_SESSION}
       WHERE session_token = ?
         AND revoked_at IS NULL
@@ -1624,26 +1694,42 @@ const requireOwnerAdminPanelSession = (req, res) => {
   return session;
 };
 
-const createGoogleWebSession = (claims) => {
+const createGoogleWebSession = (claims, { ownerJid } = {}) => {
   pruneExpiredGoogleSessions();
   const token = randomUUID();
   const now = Date.now();
+  const resolvedOwnerJid = normalizeJid(ownerJid) || buildGoogleOwnerJid(claims.sub);
+  const resolvedOwnerPhone = toWhatsAppPhoneDigits(resolvedOwnerJid) || '';
   const session = {
     token,
     sub: claims.sub,
     email: claims.email || null,
     name: claims.name || null,
     picture: claims.picture || null,
-    ownerJid: buildGoogleOwnerJid(claims.sub),
+    ownerJid: resolvedOwnerJid,
+    ownerPhone: resolvedOwnerPhone,
     createdAt: now,
     expiresAt: now + STICKER_WEB_GOOGLE_SESSION_TTL_MS,
     lastSeenAt: now,
     lastDbTouchAt: 0,
   };
-  webGoogleSessionMap.set(token, session);
   return session;
 };
 
+const activateGoogleWebSession = (session) => {
+  if (!session?.token) return;
+  pruneExpiredGoogleSessions();
+  webGoogleSessionMap.set(session.token, session);
+  for (const [token, existing] of webGoogleSessionMap.entries()) {
+    if (!existing || token === session.token) continue;
+    const sameOwner = normalizeJid(existing.ownerJid) === normalizeJid(session.ownerJid);
+    const sameSub = normalizeGoogleSubject(existing.sub) === normalizeGoogleSubject(session.sub);
+    if (sameOwner || sameSub) {
+      webGoogleSessionMap.delete(token);
+    }
+  }
+};
+
 const resolveGoogleWebSessionFromRequest = async (req) => {
   pruneExpiredGoogleSessions();
   const sessionToken = getGoogleWebSessionTokenFromRequest(req);
@@ -2266,6 +2352,27 @@ const buildSupportInfo = async () => {
   };
 };
 
+const buildBotContactInfo = () => {
+  const phone = String(resolveCatalogBotPhone() || '').replace(/\D+/g, '');
+  if (!phone) return null;
+  const loginText = String(process.env.WHATSAPP_LOGIN_TRIGGER || 'iniciar').trim() || 'iniciar';
+  const menuText = `${PACK_COMMAND_PREFIX}menu`;
+  const buildUrl = (text) =>
+    `https://api.whatsapp.com/send/?phone=${encodeURIComponent(phone)}&text=${encodeURIComponent(
+      String(text || '').trim(),
+    )}&type=custom_url&app_absent=0`;
+
+  return {
+    phone,
+    login_text: loginText,
+    menu_text: menuText,
+    urls: {
+      login: buildUrl(loginText),
+      menu: buildUrl(menuText),
+    },
+  };
+};
+
 const listDataImageFiles = async () => {
   const files = [];
   const queue = [STICKER_DATA_PUBLIC_DIR];
@@ -2869,6 +2976,7 @@ const renderCatalogHtml = async ({ initialPackKey }) => {
     __STICKER_WEB_PATH__: escapeHtmlAttribute(STICKER_WEB_PATH),
     __STICKER_API_BASE_PATH__: escapeHtmlAttribute(STICKER_API_BASE_PATH),
     __STICKER_ORPHAN_API_PATH__: escapeHtmlAttribute(buildOrphanStickersApiUrl()),
+    __STICKER_LOGIN_WEB_PATH__: escapeHtmlAttribute(STICKER_LOGIN_WEB_PATH),
     __STICKER_DATA_PUBLIC_PATH__: escapeHtmlAttribute(STICKER_DATA_PUBLIC_PATH),
     __DEFAULT_LIST_LIMIT__: String(DEFAULT_LIST_LIMIT),
     __DEFAULT_ORPHAN_LIST_LIMIT__: String(DEFAULT_ORPHAN_LIST_LIMIT),
@@ -3014,11 +3122,12 @@ const renderPackSeoHtml = ({ packSummary }) => {
     data-web-path="${escapeHtmlAttribute(STICKER_WEB_PATH)}"
     data-api-base-path="${escapeHtmlAttribute(STICKER_API_BASE_PATH)}"
     data-orphan-api-path="${escapeHtmlAttribute(STICKER_ORPHAN_API_PATH)}"
+    data-login-path="${escapeHtmlAttribute(STICKER_LOGIN_WEB_PATH)}"
     data-default-limit="${DEFAULT_LIST_LIMIT}"
     data-default-orphan-limit="${DEFAULT_ORPHAN_LIST_LIMIT}"
     data-initial-pack-key="${escapeHtmlAttribute(packSummary?.pack_key || '')}"
   ></div>
-  <script type="module" src="/js/apps/stickersApp.js?v=20260227-ui-hotfix-v5"></script>
+  <script type="module" src="/js/apps/stickersApp.js?v=20260228-login-redirect-my-packs1"></script>
 </body>
 </html>`;
 };
@@ -3054,6 +3163,7 @@ const renderCreatePackHtml = async () => {
   const replacements = {
     __STICKER_WEB_PATH__: escapeHtmlAttribute(STICKER_WEB_PATH),
     __STICKER_CREATE_WEB_PATH__: escapeHtmlAttribute(STICKER_CREATE_WEB_PATH),
+    __STICKER_LOGIN_WEB_PATH__: escapeHtmlAttribute(STICKER_LOGIN_WEB_PATH),
     __STICKER_API_BASE_PATH__: escapeHtmlAttribute(STICKER_API_BASE_PATH),
     __PACK_COMMAND_PREFIX__: escapeHtmlAttribute(PACK_COMMAND_PREFIX),
     __CURRENT_YEAR__: String(new Date().getFullYear()),
@@ -3082,6 +3192,23 @@ const renderAdminPanelHtml = async () => {
   return html;
 };
 
+const renderUserDashboardHtml = async () => {
+  const template = await fs.readFile(USER_DASHBOARD_TEMPLATE_PATH, 'utf8');
+  const replacements = {
+    __STICKER_WEB_PATH__: escapeHtmlAttribute(STICKER_WEB_PATH),
+    __STICKER_LOGIN_WEB_PATH__: escapeHtmlAttribute(STICKER_LOGIN_WEB_PATH),
+    __STICKER_API_BASE_PATH__: escapeHtmlAttribute(STICKER_API_BASE_PATH),
+    __USER_PROFILE_WEB_PATH__: escapeHtmlAttribute(USER_PROFILE_WEB_PATH),
+    __CURRENT_YEAR__: String(new Date().getFullYear()),
+  };
+
+  let html = template;
+  for (const [token, value] of Object.entries(replacements)) {
+    html = html.replaceAll(token, value);
+  }
+  return html;
+};
+
 const buildSitemapXml = async () => {
   if (SITEMAP_CACHE.expiresAt > Date.now() && SITEMAP_CACHE.xml) {
     return SITEMAP_CACHE.xml;
@@ -3514,24 +3641,7 @@ const handleGoogleAuthSessionRequest = async (req, res) => {
   if (req.method === 'GET' || req.method === 'HEAD') {
     const session = await resolveGoogleWebSessionFromRequest(req);
     sendJson(req, res, 200, {
-      data: session
-        ? {
-            authenticated: true,
-            provider: 'google',
-            user: {
-              sub: session.sub,
-              email: session.email,
-              name: session.name,
-              picture: session.picture,
-            },
-            expires_at: toIsoOrNull(session.expiresAt),
-          }
-        : {
-            authenticated: false,
-            provider: 'google',
-            user: null,
-            expires_at: null,
-          },
+      data: mapGoogleSessionResponseData(session),
     });
     return;
   }
@@ -3567,20 +3677,57 @@ const handleGoogleAuthSessionRequest = async (req, res) => {
 
   try {
     const claims = await verifyGoogleIdToken(payload?.google_id_token || payload?.id_token);
+    const linkedOwner = resolveWhatsAppOwnerJidFromLoginPayload(payload);
+    if (!linkedOwner.ownerJid) {
+      if (!linkedOwner.hasPayload) {
+        sendJson(req, res, 400, {
+          error: 'Abra esta pagina pelo link enviado no WhatsApp. Envie "iniciar" no bot para gerar o link de login.',
+          code: 'WHATSAPP_LOGIN_LINK_REQUIRED',
+          reason: 'missing_link',
+        });
+        return;
+      }
+
+      const reason = String(linkedOwner.reason || '').trim().toLowerCase();
+      const isUnauthorizedAttempt = ['invalid_signature', 'missing_signature'].includes(reason);
+      const statusCode = isUnauthorizedAttempt ? 403 : 400;
+      const errorMessage =
+        reason === 'expired'
+          ? 'Link de login expirado. Envie "iniciar" novamente no WhatsApp.'
+          : isUnauthorizedAttempt
+            ? 'Tentativa de login sem permissao detectada. Gere um novo link enviando "iniciar" no privado do bot.'
+            : 'Link de login invalido. Envie "iniciar" novamente no WhatsApp.';
+
+      logger.warn('Tentativa de login web bloqueada por validacao do link WhatsApp.', {
+        action: 'sticker_pack_google_web_login_link_blocked',
+        reason: reason || 'unknown',
+        remote_ip: req.socket?.remoteAddress || null,
+        user_agent: req.headers?.['user-agent'] || null,
+      });
+
+      sendJson(req, res, statusCode, {
+        error: errorMessage,
+        code: 'WHATSAPP_LOGIN_LINK_INVALID',
+        reason: reason || 'invalid_link',
+      });
+      return;
+    }
+    const ownerJid = linkedOwner.ownerJid;
+
     await assertGoogleIdentityNotBanned({
       sub: claims.sub,
       email: claims.email,
-      ownerJid: buildGoogleOwnerJid(claims.sub),
+      ownerJid,
     });
-    const session = createGoogleWebSession(claims);
+    const session = createGoogleWebSession(claims, { ownerJid });
     if (!session.ownerJid) {
       sendJson(req, res, 400, { error: 'Nao foi possivel vincular a conta Google.' });
       return;
     }
     try {
       await persistGoogleWebSessionToDb(session);
+      activateGoogleWebSession(session);
     } catch (persistError) {
-      webGoogleSessionMap.delete(session.token);
       logger.error('Falha ao persistir sessão Google web no banco.', {
         action: 'sticker_pack_google_web_session_db_persist_failed',
         error: persistError?.message,
@@ -3596,17 +3743,7 @@ const handleGoogleAuthSessionRequest = async (req, res) => {
       }),
     );
     sendJson(req, res, 200, {
-      data: {
-        authenticated: true,
-        provider: 'google',
-        user: {
-          sub: session.sub,
-          email: session.email,
-          name: session.name,
-          picture: session.picture,
-        },
-        expires_at: toIsoOrNull(session.expiresAt),
-      },
+      data: mapGoogleSessionResponseData(session),
     });
   } catch (error) {
     sendJson(req, res, Number(error?.statusCode || 401), {
@@ -3627,16 +3764,195 @@ const mapGoogleSessionResponseData = (session) =>
           name: session.name,
           picture: session.picture,
         },
+        owner_jid: session.ownerJid,
+        owner_phone: toWhatsAppPhoneDigits(session.ownerPhone || session.ownerJid) || null,
         expires_at: toIsoOrNull(session.expiresAt),
       }
     : {
         authenticated: false,
         provider: 'google',
         user: null,
+        owner_jid: null,
+        owner_phone: null,
         expires_at: null,
       };
 
-const handleMyProfileRequest = async (req, res) => {
+const buildOwnerLookupJids = (value) => {
+  const normalized = normalizeJid(value) || '';
+  if (!normalized || !normalized.includes('@')) return [];
+  const lookup = new Set([normalized]);
+  const phoneDigits = toWhatsAppPhoneDigits(normalized);
+  if (!phoneDigits) return Array.from(lookup);
+  lookup.add(normalizeJid(`${phoneDigits}@s.whatsapp.net`) || '');
+  lookup.add(normalizeJid(`${phoneDigits}@c.us`) || '');
+  lookup.add(normalizeJid(`${phoneDigits}@hosted`) || '');
+  return Array.from(lookup).filter(Boolean);
+};
+
+const appendMyProfileOwnerCandidate = (candidateSet, lookupSet, value) => {
+  const normalized = normalizeJid(value) || '';
+  if (!normalized || !normalized.includes('@')) return;
+
+  candidateSet.add(normalized);
+  for (const lookupJid of buildOwnerLookupJids(normalized)) {
+    lookupSet.add(lookupJid);
+  }
+
+  const phoneOwner = toWhatsAppOwnerJid(value);
+  if (phoneOwner) {
+    candidateSet.add(phoneOwner);
+    for (const lookupJid of buildOwnerLookupJids(phoneOwner)) {
+      lookupSet.add(lookupJid);
+    }
+  }
+};
+
+const buildPhoneSet = (...values) => {
+  const set = new Set();
+  for (const value of values) {
+    const digits = toWhatsAppPhoneDigits(value);
+    if (digits) set.add(digits);
+  }
+  return set;
+};
+
+const resolveMyProfileOwnerCandidates = async (session) => {
+  const candidates = new Set();
+  const lookupByJid = new Set();
+  const lidCandidates = new Set();
+  const appendCandidate = (value) => appendMyProfileOwnerCandidate(candidates, lookupByJid, value);
+  const trustedPhones = new Set();
+  const blockedJids = new Set();
+  const blockedPhones = new Set();
+
+  appendCandidate(session?.ownerJid);
+  appendCandidate(toWhatsAppOwnerJid(session?.ownerPhone || session?.ownerJid));
+  for (const phone of buildPhoneSet(session?.ownerPhone, session?.ownerJid)) {
+    trustedPhones.add(phone);
+  }
+
+  const activeSocket = getActiveSocket();
+  const botJid = normalizeJid(resolveBotJid(activeSocket?.user?.id || '') || '');
+  if (botJid) {
+    blockedJids.add(botJid);
+    for (const phone of buildPhoneSet(botJid)) {
+      blockedPhones.add(phone);
+    }
+  }
+
+  const legacyGoogleOwner = buildGoogleOwnerJid(session?.sub);
+  if (legacyGoogleOwner) appendCandidate(legacyGoogleOwner);
+
+  const sessionResolved = await resolveUserId(extractUserIdInfo(session?.ownerJid || session?.ownerPhone || null)).catch(() => null);
+  if (sessionResolved) {
+    appendCandidate(sessionResolved);
+    for (const phone of buildPhoneSet(sessionResolved)) {
+      trustedPhones.add(phone);
+    }
+  }
+
+  const normalizedSub = normalizeGoogleSubject(session?.sub);
+  if (normalizedSub) {
+    try {
+      const rows = await executeQuery(
+        `SELECT owner_jid, owner_phone
+           FROM ${TABLES.STICKER_WEB_GOOGLE_USER}
+          WHERE google_sub = ?
+          LIMIT 1`,
+        [normalizedSub],
+      );
+      const row = Array.isArray(rows) ? rows[0] : null;
+      appendCandidate(row?.owner_jid || '');
+      appendCandidate(row?.owner_phone || '');
+      const mappedResolved = await resolveUserId(extractUserIdInfo(row?.owner_jid || row?.owner_phone || null)).catch(() => null);
+      if (mappedResolved) appendCandidate(mappedResolved);
+    } catch (error) {
+      logger.warn('Falha ao resolver owners para perfil web.', {
+        action: 'sticker_pack_my_profile_owner_candidates_failed',
+        google_sub: normalizedSub,
+        error: error?.message,
+      });
+    }
+  }
+
+  for (const ownerJid of Array.from(candidates)) {
+    const identity = extractUserIdInfo(ownerJid);
+    if (identity?.lid) lidCandidates.add(identity.lid);
+    if (!identity?.lid && !identity?.jid) continue;
+    const resolved = await resolveUserId(identity).catch(() => null);
+    if (!resolved) continue;
+    appendCandidate(resolved);
+    const resolvedIdentity = extractUserIdInfo(resolved);
+    if (resolvedIdentity?.lid) lidCandidates.add(resolvedIdentity.lid);
+  }
+
+  const lookupValues = Array.from(lookupByJid).filter(Boolean);
+  for (let offset = 0; offset < lookupValues.length; offset += 200) {
+    const chunk = lookupValues.slice(offset, offset + 200);
+    if (!chunk.length) continue;
+    const placeholders = chunk.map(() => '?').join(', ');
+    const rows = await executeQuery(
+      `SELECT lid, jid
+         FROM ${TABLES.LID_MAP}
+        WHERE jid IN (${placeholders})
+        ORDER BY last_seen DESC
+        LIMIT 500`,
+      chunk,
+    ).catch(() => []);
+
+    for (const row of Array.isArray(rows) ? rows : []) {
+      appendCandidate(row?.jid || '');
+      const resolvedLid = normalizeJid(row?.lid || '');
+      if (resolvedLid) lidCandidates.add(resolvedLid);
+    }
+  }
+
+  for (const lid of lidCandidates) {
+    const resolved = await resolveUserId(extractUserIdInfo(lid)).catch(() => null);
+    if (resolved) {
+      appendCandidate(resolved);
+      appendCandidate(lid);
+    }
+  }
+
+  const filtered = [];
+  for (const candidate of Array.from(candidates)) {
+    const normalized = normalizeJid(candidate) || '';
+    if (!normalized || !normalized.includes('@')) continue;
+    if (blockedJids.has(normalized)) continue;
+
+    const directPhone = toWhatsAppPhoneDigits(normalized);
+    if (directPhone && blockedPhones.has(directPhone)) continue;
+
+    const isGoogleOwner = normalized.endsWith('@google.oauth');
+    if (trustedPhones.size === 0) {
+      filtered.push(normalized);
+      continue;
+    }
+
+    if (directPhone) {
+      if (!trustedPhones.has(directPhone)) continue;
+      filtered.push(normalized);
+      continue;
+    }
+
+    const resolved = await resolveUserId(extractUserIdInfo(normalized)).catch(() => null);
+    const resolvedPhone = toWhatsAppPhoneDigits(resolved || '');
+    if (resolvedPhone) {
+      if (!trustedPhones.has(resolvedPhone) || blockedPhones.has(resolvedPhone)) continue;
+      filtered.push(normalized);
+      continue;
+    }
+
+    if (isGoogleOwner) {
+      filtered.push(normalized);
+    }
+  }
+
+  return Array.from(new Set(filtered));
+};
+
+const handleMyProfileRequest = async (req, res, url = null) => {
   if (!['GET', 'HEAD'].includes(req.method || '')) {
     sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
     return;
@@ -3669,7 +3985,65 @@ const handleMyProfileRequest = async (req, res) => {
     return;
   }
 
-  const packs = await listStickerPacksByOwner(session.ownerJid, { limit: 200, offset: 0 });
+  const ownerCandidates = await resolveMyProfileOwnerCandidates(session);
+  if (!ownerCandidates.length) {
+    sendJson(req, res, 200, {
+      data: {
+        auth: { google: authGoogle },
+        session: mapGoogleSessionResponseData(session),
+        owner_jid: session.ownerJid,
+        owner_jids: [],
+        packs: [],
+        stats: {
+          total: 0,
+          published: 0,
+          drafts: 0,
+          private: 0,
+          unlisted: 0,
+          public: 0,
+        },
+      },
+    });
+    return;
+  }
+
+  const ownerPacks = await Promise.all(
+    ownerCandidates.map((ownerJid) => listStickerPacksByOwner(ownerJid, { limit: 200, offset: 0 })),
+  );
+  const includeAutoPacks = parseEnvBool(
+    url?.searchParams?.get('include_auto'),
+    parseEnvBool(process.env.STICKER_WEB_MY_PROFILE_INCLUDE_AUTO_PACKS, false),
+  );
+
+  const dedupPacks = new Map();
+  for (const packList of ownerPacks) {
+    for (const pack of Array.isArray(packList) ? packList : []) {
+      if (!pack?.id) continue;
+      if (!includeAutoPacks && pack?.is_auto_pack === true) continue;
+      const existing = dedupPacks.get(pack.id);
+      if (!existing) {
+        dedupPacks.set(pack.id, pack);
+        continue;
+      }
+      const currentUpdatedAt = Date.parse(String(pack.updated_at || pack.created_at || ''));
+      const existingUpdatedAt = Date.parse(String(existing.updated_at || existing.created_at || ''));
+      if (Number.isFinite(currentUpdatedAt) && (!Number.isFinite(existingUpdatedAt) || currentUpdatedAt > existingUpdatedAt)) {
+        dedupPacks.set(pack.id, pack);
+      }
+    }
+  }
+
+  const packs = Array.from(dedupPacks.values())
+    .sort((a, b) => {
+      const aUpdatedAt = Date.parse(String(a?.updated_at || a?.created_at || ''));
+      const bUpdatedAt = Date.parse(String(b?.updated_at || b?.created_at || ''));
+      if (!Number.isFinite(aUpdatedAt) && !Number.isFinite(bUpdatedAt)) return 0;
+      if (!Number.isFinite(aUpdatedAt)) return 1;
+      if (!Number.isFinite(bUpdatedAt)) return -1;
+      return bUpdatedAt - aUpdatedAt;
+    })
+    .slice(0, 300);
+
   const engagementByPackId = await listStickerPackEngagementByPackIds(packs.map((pack) => pack.id));
 
   const mappedPacks = packs.map((pack) => {
@@ -3702,6 +4076,7 @@ const handleMyProfileRequest = async (req, res) => {
       auth: { google: authGoogle },
       session: mapGoogleSessionResponseData(session),
       owner_jid: session.ownerJid,
+      owner_jids: ownerCandidates,
       packs: mappedPacks,
       stats,
     },
@@ -3891,23 +4266,39 @@ const loadOwnedPackForWebManagement = async (req, res, packKey, { allowMissing =
     return null;
   }
 
-  try {
-    const pack = await stickerPackService.getPackInfo({
-      ownerJid: session.ownerJid,
-      identifier: normalizedPackKey,
-    });
-    return { session, packKey: normalizedPackKey, pack };
-  } catch (error) {
-    if (allowMissing && error instanceof StickerPackError && error.code === STICKER_PACK_ERROR_CODES.PACK_NOT_FOUND) {
-      return { session, packKey: normalizedPackKey, pack: null, missing: true };
+  const ownerCandidatesRaw = await resolveMyProfileOwnerCandidates(session).catch(() => []);
+  const ownerCandidates = Array.from(new Set([normalizeJid(session.ownerJid) || '', ...ownerCandidatesRaw].filter(Boolean)));
+  const fallbackOwnerJid = ownerCandidates[0] || normalizeJid(session.ownerJid) || '';
+
+  for (const ownerJid of ownerCandidates) {
+    try {
+      const pack = await stickerPackService.getPackInfo({
+        ownerJid,
+        identifier: normalizedPackKey,
+      });
+      return { session, ownerJid, ownerCandidates, packKey: normalizedPackKey, pack };
+    } catch (error) {
+      if (error instanceof StickerPackError && error.code === STICKER_PACK_ERROR_CODES.PACK_NOT_FOUND) {
+        continue;
+      }
+      const mapped = mapStickerPackWebManageError(error);
+      sendJson(req, res, mapped.statusCode, {
+        error: mapped.message,
+        code: mapped.code,
+      });
+      return null;
     }
-    const mapped = mapStickerPackWebManageError(error);
-    sendJson(req, res, mapped.statusCode, {
-      error: mapped.message,
-      code: mapped.code,
-    });
-    return null;
   }
+
+  if (allowMissing) {
+    return { session, ownerJid: fallbackOwnerJid, ownerCandidates, packKey: normalizedPackKey, pack: null, missing: true };
+  }
+
+  sendJson(req, res, 404, {
+    error: 'Pack nao encontrado para este usuario.',
+    code: STICKER_PACK_ERROR_CODES.PACK_NOT_FOUND,
+  });
+  return null;
 };
 
 const buildManagedPackAnalytics = async (pack) => {
@@ -3990,7 +4381,7 @@ const handleManagedPackRequest = async (req, res, packKey) => {
   const isMutableMethod = req.method === 'PATCH' || req.method === 'DELETE';
   const context = await loadOwnedPackForWebManagement(req, res, packKey, { allowMissing: isMutableMethod });
   if (!context) return;
-  const { session, packKey: normalizedPackKey } = context;
+  const { packKey: normalizedPackKey } = context;
 
   if (req.method === 'GET' || req.method === 'HEAD') {
     await sendManagedPackResponse(req, res, context.pack);
@@ -4008,7 +4399,7 @@ const handleManagedPackRequest = async (req, res, packKey) => {
 
     try {
       const result = await deleteManagedPackWithCleanup({
-        ownerJid: session.ownerJid,
+        ownerJid: context.ownerJid,
         identifier: normalizedPackKey,
         fallbackPack: context.pack,
       });
@@ -4059,13 +4450,13 @@ const handleManagedPackRequest = async (req, res, packKey) => {
       const currentName = sanitizeText(updatedPack?.name, PACK_CREATE_MAX_NAME_LENGTH, { allowEmpty: false });
       if (!nextName) {
         updatedPack = await stickerPackService.renamePack({
-          ownerJid: session.ownerJid,
+          ownerJid: context.ownerJid,
           identifier: normalizedPackKey,
           name: payload.name,
         });
       } else if (nextName !== currentName) {
         updatedPack = await stickerPackService.renamePack({
-          ownerJid: session.ownerJid,
+          ownerJid: context.ownerJid,
           identifier: normalizedPackKey,
           name: payload.name,
         });
@@ -4078,13 +4469,13 @@ const handleManagedPackRequest = async (req, res, packKey) => {
       const currentPublisher = sanitizeText(updatedPack?.publisher, PACK_CREATE_MAX_PUBLISHER_LENGTH, { allowEmpty: false });
       if (!nextPublisher) {
         updatedPack = await stickerPackService.setPackPublisher({
-          ownerJid: session.ownerJid,
+          ownerJid: context.ownerJid,
           identifier: normalizedPackKey,
           publisher: payload.publisher,
         });
       } else if (nextPublisher !== currentPublisher) {
         updatedPack = await stickerPackService.setPackPublisher({
-          ownerJid: session.ownerJid,
+          ownerJid: context.ownerJid,
           identifier: normalizedPackKey,
           publisher: payload.publisher,
         });
@@ -4097,13 +4488,13 @@ const handleManagedPackRequest = async (req, res, packKey) => {
       const currentVisibility = String(updatedPack?.visibility || '').trim().toLowerCase();
       if (!nextVisibility) {
         updatedPack = await stickerPackService.setPackVisibility({
-          ownerJid: session.ownerJid,
+          ownerJid: context.ownerJid,
           identifier: normalizedPackKey,
           visibility: payload.visibility,
         });
       } else if (nextVisibility !== currentVisibility) {
         updatedPack = await stickerPackService.setPackVisibility({
-          ownerJid: session.ownerJid,
+          ownerJid: context.ownerJid,
           identifier: normalizedPackKey,
           visibility: payload.visibility,
         });
@@ -4119,7 +4510,7 @@ const handleManagedPackRequest = async (req, res, packKey) => {
       const currentDescriptionWithTags = buildPackDescriptionWithTags(currentMeta.cleanDescription || '', currentMeta.tags);
       if (String(descriptionWithTags || '') !== String(currentDescriptionWithTags || '')) {
         updatedPack = await stickerPackService.setPackDescription({
-          ownerJid: session.ownerJid,
+          ownerJid: context.ownerJid,
           identifier: normalizedPackKey,
           description: descriptionWithTags || '',
         });
@@ -4167,7 +4558,7 @@ const handleManagedPackCloneRequest = async (req, res, packKey) => {
 
   try {
     const cloned = await stickerPackService.clonePack({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       identifier: context.packKey,
       newName,
     });
@@ -4205,7 +4596,7 @@ const handleManagedPackCoverRequest = async (req, res, packKey) => {
 
   try {
     const updated = await stickerPackService.setPackCover({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       identifier: context.packKey,
       stickerId: payload?.sticker_id,
     });
@@ -4218,7 +4609,7 @@ const handleManagedPackCoverRequest = async (req, res, packKey) => {
     }
     if (error instanceof StickerPackError && error.code === STICKER_PACK_ERROR_CODES.STICKER_NOT_FOUND) {
       const fresh = await stickerPackService
-        .getPackInfo({ ownerJid: context.session.ownerJid, identifier: context.packKey })
+        .getPackInfo({ ownerJid: context.ownerJid, identifier: context.packKey })
         .catch(() => context.pack);
       await sendManagedPackMutationStatus(req, res, 'already_deleted', fresh, {
         pack_key: context.packKey,
@@ -4270,7 +4661,7 @@ const handleManagedPackReorderRequest = async (req, res, packKey) => {
 
   try {
     const updated = await stickerPackService.reorderPackItems({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       identifier: context.packKey,
       orderStickerIds: requestedOrderIds,
     });
@@ -4283,7 +4674,7 @@ const handleManagedPackReorderRequest = async (req, res, packKey) => {
     }
     if (error instanceof StickerPackError && error.code === STICKER_PACK_ERROR_CODES.INVALID_INPUT) {
       const fresh = await stickerPackService
-        .getPackInfo({ ownerJid: context.session.ownerJid, identifier: context.packKey })
+        .getPackInfo({ ownerJid: context.ownerJid, identifier: context.packKey })
         .catch(() => context.pack);
       await sendManagedPackMutationStatus(req, res, 'noop', fresh, {
         pack_key: context.packKey,
@@ -4313,7 +4704,7 @@ const handleManagedPackStickerDeleteRequest = async (req, res, packKey, stickerI
 
   try {
     const result = await stickerPackService.removeStickerFromPack({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       identifier: context.packKey,
       selector: stickerId,
     });
@@ -4336,7 +4727,7 @@ const handleManagedPackStickerDeleteRequest = async (req, res, packKey, stickerI
     }
     if (error instanceof StickerPackError && error.code === STICKER_PACK_ERROR_CODES.STICKER_NOT_FOUND) {
       const fresh = await stickerPackService
-        .getPackInfo({ ownerJid: context.session.ownerJid, identifier: context.packKey })
+        .getPackInfo({ ownerJid: context.ownerJid, identifier: context.packKey })
         .catch(() => context.pack);
       await sendManagedPackMutationStatus(req, res, 'already_deleted', fresh, {
         pack_key: context.packKey,
@@ -4390,19 +4781,19 @@ const handleManagedPackStickerCreateRequest = async (req, res, packKey) => {
   let uploadedAssetId = '';
   try {
     const normalizedUpload = await convertUploadMediaToWebp({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       buffer: decoded.buffer,
       mimetype: decoded.mimetype || 'image/webp',
     });
     const asset = await saveStickerAssetFromBuffer({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       buffer: normalizedUpload.buffer,
       mimetype: normalizedUpload.mimetype || 'image/webp',
     });
     uploadedAssetId = String(asset?.id || '').trim();
 
     let updatedPack = await stickerPackService.addStickerToPack({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       identifier: context.packKey,
       asset: { id: uploadedAssetId },
       emojis: [],
@@ -4411,7 +4802,7 @@ const handleManagedPackStickerCreateRequest = async (req, res, packKey) => {
 
     if (payload?.set_cover === true) {
       updatedPack = await stickerPackService.setPackCover({
-        ownerJid: context.session.ownerJid,
+        ownerJid: context.ownerJid,
         identifier: context.packKey,
         stickerId: uploadedAssetId,
       });
@@ -4490,7 +4881,7 @@ const handleManagedPackStickerReplaceRequest = async (req, res, packKey, sticker
   let uploadedAssetId = '';
   try {
     const originalPack = await stickerPackService.getPackInfo({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       identifier: context.packKey,
     });
     const originalItems = Array.isArray(originalPack?.items) ? originalPack.items : [];
@@ -4504,12 +4895,12 @@ const handleManagedPackStickerReplaceRequest = async (req, res, packKey, sticker
     }
 
     const normalizedUpload = await convertUploadMediaToWebp({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       buffer: decoded.buffer,
       mimetype: decoded.mimetype || 'image/webp',
     });
     const asset = await saveStickerAssetFromBuffer({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       buffer: normalizedUpload.buffer,
       mimetype: normalizedUpload.mimetype || 'image/webp',
     });
@@ -4525,7 +4916,7 @@ const handleManagedPackStickerReplaceRequest = async (req, res, packKey, sticker
     }
 
     const swapResult = await runSqlTransaction(async (connection) => {
-      const packRow = await findStickerPackByOwnerAndIdentifier(context.session.ownerJid, context.packKey, { connection });
+      const packRow = await findStickerPackByOwnerAndIdentifier(context.ownerJid, context.packKey, { connection });
       if (!packRow) return { status: 'pack_missing' };
 
       const liveOldItem = await getStickerPackItemByStickerId(packRow.id, normalizedStickerId, connection);
@@ -4577,7 +4968,7 @@ const handleManagedPackStickerReplaceRequest = async (req, res, packKey, sticker
 
     if (swapResult?.status === 'old_sticker_missing') {
       const fresh = await stickerPackService
-        .getPackInfo({ ownerJid: context.session.ownerJid, identifier: context.packKey })
+        .getPackInfo({ ownerJid: context.ownerJid, identifier: context.packKey })
         .catch(() => originalPack);
       await cleanupOrphanStickerAssets(uploadedAssetId ? [uploadedAssetId] : [], { reason: 'replace_sticker_old_missing' });
       await sendManagedPackMutationStatus(req, res, 'already_deleted', fresh, {
@@ -4589,7 +4980,7 @@ const handleManagedPackStickerReplaceRequest = async (req, res, packKey, sticker
 
     if (swapResult?.status === 'duplicate_target') {
       const fresh = await stickerPackService
-        .getPackInfo({ ownerJid: context.session.ownerJid, identifier: context.packKey })
+        .getPackInfo({ ownerJid: context.ownerJid, identifier: context.packKey })
         .catch(() => originalPack);
       await sendManagedPackMutationStatus(req, res, 'noop', fresh, {
         pack_key: context.packKey,
@@ -4602,7 +4993,7 @@ const handleManagedPackStickerReplaceRequest = async (req, res, packKey, sticker
 
     invalidateStickerCatalogDerivedCaches();
     const finalPack = await stickerPackService.getPackInfo({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       identifier: context.packKey,
     });
     await cleanupOrphanStickerAssets([normalizedStickerId], { reason: 'replace_sticker_old_cleanup' });
@@ -4715,55 +5106,37 @@ const handleCreatePackRequest = async (req, res) => {
   const manualTags = mergeUniqueTags(Array.isArray(payload?.tags) ? payload.tags : []).slice(0, 8);
   const persistedDescription = buildPackDescriptionWithTags(description, manualTags);
   const visibility = String(payload?.visibility || 'public').trim().toLowerCase();
-  const explicitOwnerJid = toOwnerJid(payload?.owner_jid);
   const googleSession = await resolveGoogleWebSessionFromRequest(req);
-  let googleCreator = null;
+  if (!googleSession?.ownerJid || !googleSession?.sub) {
+    sendJson(req, res, 401, {
+      error: 'Sessão expirada ou ausente. Faça login novamente para criar packs.',
+      code: STICKER_PACK_ERROR_CODES.NOT_ALLOWED,
+    });
+    return;
+  }
 
-  if (googleSession) {
-    googleCreator = {
-      ownerJid: googleSession.ownerJid,
+  try {
+    await assertGoogleIdentityNotBanned({
       sub: googleSession.sub,
       email: googleSession.email,
-      name: googleSession.name,
-      picture: googleSession.picture,
-    };
-  } else if (STICKER_WEB_GOOGLE_AUTH_REQUIRED || payload?.google_id_token) {
-    try {
-      const googleClaims = await verifyGoogleIdToken(payload?.google_id_token);
-      const googleOwnerJid = buildGoogleOwnerJid(googleClaims.sub);
-      await assertGoogleIdentityNotBanned({
-        sub: googleClaims.sub,
-        email: googleClaims.email,
-        ownerJid: googleOwnerJid,
-      });
-      if (!googleOwnerJid) {
-        sendJson(req, res, 400, {
-          error: 'Não foi possível vincular a conta Google ao criador.',
-          code: STICKER_PACK_ERROR_CODES.INVALID_INPUT,
-        });
-        return;
-      }
-      googleCreator = {
-        ownerJid: googleOwnerJid,
-        ...googleClaims,
-      };
-    } catch (error) {
-      sendJson(req, res, Number(error?.statusCode || 401), {
-        error: error?.message || 'Login Google inválido.',
-        code: STICKER_PACK_ERROR_CODES.NOT_ALLOWED,
-      });
-      return;
-    }
-  }
-
-  if (STICKER_WEB_GOOGLE_AUTH_REQUIRED && !googleCreator) {
-    sendJson(req, res, 400, {
-      error: 'Faça login com Google para criar packs nesta página.',
-      code: STICKER_PACK_ERROR_CODES.INVALID_INPUT,
+      ownerJid: googleSession.ownerJid,
+    });
+  } catch (error) {
+    sendJson(req, res, Number(error?.statusCode || 403), {
+      error: error?.message || 'Conta sem permissão para criar packs.',
+      code: STICKER_PACK_ERROR_CODES.NOT_ALLOWED,
     });
     return;
   }
 
+  const googleCreator = {
+    ownerJid: googleSession.ownerJid,
+    sub: googleSession.sub,
+    email: googleSession.email,
+    name: googleSession.name,
+    picture: googleSession.picture,
+  };
+
   if (googleCreator?.sub && googleCreator?.ownerJid) {
     await upsertGoogleWebUserRecord({
       sub: googleCreator.sub,
@@ -4779,17 +5152,7 @@ const handleCreatePackRequest = async (req, res) => {
     });
   }
 
-  const ownerJid = googleCreator?.ownerJid || explicitOwnerJid;
-
-  if (!ownerJid) {
-    sendJson(req, res, 400, {
-      error: STICKER_WEB_GOOGLE_AUTH_REQUIRED
-        ? 'Faça login com Google para criar packs nesta página.'
-        : 'Não foi possível resolver owner_jid para criar o pack.',
-      code: STICKER_PACK_ERROR_CODES.INVALID_INPUT,
-    });
-    return;
-  }
+  const ownerJid = googleCreator.ownerJid;
 
   try {
     logPackWebFlow('info', 'create_pack_start', {
@@ -5581,6 +5944,7 @@ const buildSystemSummarySnapshot = async () => {
 
   const socketReadyState = Number(activeSocket?.ws?.readyState);
   const botJid = resolveBotJid(activeSocket?.user?.id) || null;
+  const botPhone = String(resolveCatalogBotPhone() || '').replace(/\D+/g, '') || null;
   const botConnected = Boolean(botJid) && socketReadyState === 1;
   const botConnectionStatus = botConnected
     ? 'online'
@@ -5646,6 +6010,7 @@ const buildSystemSummarySnapshot = async () => {
         connected: botConnected,
         connection_status: botConnectionStatus,
         jid: botJid,
+        phone: botPhone,
         ready_state: Number.isFinite(socketReadyState) ? socketReadyState : null,
       },
       platform,
@@ -6510,6 +6875,15 @@ const handleSupportInfoRequest = async (req, res) => {
   sendJson(req, res, 200, { data });
 };
 
+const handleBotContactInfoRequest = async (req, res) => {
+  const data = buildBotContactInfo();
+  if (!data) {
+    sendJson(req, res, 404, { error: 'Contato do bot indisponivel no momento.' });
+    return;
+  }
+  sendJson(req, res, 200, { data });
+};
+
 const handlePublicDataAssetRequest = async (req, res, pathname) => {
   const suffix = pathname.slice(STICKER_DATA_PUBLIC_PATH.length).replace(/^\/+/, '');
   if (!suffix) {
@@ -6759,7 +7133,7 @@ const handlePackInteractionRequest = async (req, res, packKey, interaction, url)
 const listAdminActiveGoogleWebSessions = async ({ limit = 200 } = {}) => {
   const safeLimit = Math.max(1, Math.min(500, Number(limit || 200)));
   const rows = await executeQuery(
-    `SELECT session_token, google_sub, owner_jid, email, name, picture_url, created_at, last_seen_at, expires_at
+    `SELECT session_token, google_sub, owner_jid, owner_phone, email, name, picture_url, created_at, last_seen_at, expires_at
        FROM ${TABLES.STICKER_WEB_GOOGLE_SESSION}
       WHERE revoked_at IS NULL
         AND expires_at > UTC_TIMESTAMP()
@@ -6770,6 +7144,7 @@ const listAdminActiveGoogleWebSessions = async ({ limit = 200 } = {}) => {
     session_token: String(row.session_token || '').trim(),
     google_sub: normalizeGoogleSubject(row.google_sub),
     owner_jid: normalizeJid(row.owner_jid) || null,
+    owner_phone: toWhatsAppPhoneDigits(row.owner_phone || row.owner_jid) || null,
     email: normalizeEmail(row.email) || null,
     name: sanitizeText(row.name || '', 120, { allowEmpty: true }) || null,
     picture: String(row.picture_url || '').trim() || null,
@@ -6782,7 +7157,7 @@ const listAdminActiveGoogleWebSessions = async ({ limit = 200 } = {}) => {
 const listAdminKnownGoogleUsers = async ({ limit = 200 } = {}) => {
   const safeLimit = Math.max(1, Math.min(500, Number(limit || 200)));
   const rows = await executeQuery(
-    `SELECT google_sub, owner_jid, email, name, picture_url, created_at, updated_at, last_login_at, last_seen_at
+    `SELECT google_sub, owner_jid, owner_phone, email, name, picture_url, created_at, updated_at, last_login_at, last_seen_at
        FROM ${TABLES.STICKER_WEB_GOOGLE_USER}
       ORDER BY COALESCE(last_seen_at, last_login_at, updated_at, created_at) DESC
       LIMIT ${safeLimit}`,
@@ -6790,6 +7165,7 @@ const listAdminKnownGoogleUsers = async ({ limit = 200 } = {}) => {
   return (Array.isArray(rows) ? rows : []).map((row) => ({
     google_sub: normalizeGoogleSubject(row.google_sub),
     owner_jid: normalizeJid(row.owner_jid) || null,
+    owner_phone: toWhatsAppPhoneDigits(row.owner_phone || row.owner_jid) || null,
     email: normalizeEmail(row.email) || null,
     name: sanitizeText(row.name || '', 120, { allowEmpty: true }) || null,
     picture: String(row.picture_url || '').trim() || null,
@@ -7307,7 +7683,7 @@ const handleCatalogApiRequest = async (req, res, pathname, url) => {
   }
 
   if (pathname === `${STICKER_API_BASE_PATH}/me`) {
-    await handleMyProfileRequest(req, res);
+    await handleMyProfileRequest(req, res, url);
     return true;
   }
 
@@ -7453,6 +7829,15 @@ const handleCatalogApiRequest = async (req, res, pathname, url) => {
     return true;
   }
 
+  if (segments.length === 1 && segments[0] === 'bot-contact') {
+    if (!['GET', 'HEAD'].includes(req.method || '')) {
+      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
+      return true;
+    }
+    await handleBotContactInfoRequest(req, res);
+    return true;
+  }
+
   if (segments[0] === 'admin') {
     if (segments.length === 2 && segments[1] === 'overview') {
       await handleAdminOverviewRequest(req, res);
@@ -7624,6 +8009,20 @@ const handleCatalogPageRequest = async (req, res, pathname) => {
 
   if (normalizedPath === STICKER_CREATE_WEB_PATH) {
     try {
+      const googleSession = await resolveGoogleWebSessionFromRequest(req);
+      if (!googleSession?.ownerJid) {
+        const requestUrl = new URL(req.url || `${STICKER_CREATE_WEB_PATH}/`, SITE_ORIGIN);
+        const nextPath = `${requestUrl.pathname}${requestUrl.search}`;
+        const loginRedirectUrl = new URL(`${STICKER_LOGIN_WEB_PATH}/`, SITE_ORIGIN);
+        loginRedirectUrl.searchParams.set('next', nextPath);
+
+        res.statusCode = 302;
+        res.setHeader('Location', `${loginRedirectUrl.pathname}${loginRedirectUrl.search}`);
+        res.setHeader('Cache-Control', 'no-store');
+        res.end();
+        return;
+      }
+
       const html = await renderCreatePackHtml();
       sendText(req, res, 200, html, 'text/html; charset=utf-8');
       return;
@@ -7711,6 +8110,7 @@ export const isStickerCatalogEnabled = () => STICKER_CATALOG_ENABLED;
 export const getStickerCatalogConfig = () => ({
   enabled: STICKER_CATALOG_ENABLED,
   webPath: STICKER_WEB_PATH,
+  userProfilePath: USER_PROFILE_WEB_PATH,
   apiBasePath: STICKER_API_BASE_PATH,
   orphanApiPath: STICKER_ORPHAN_API_PATH,
   dataPublicPath: STICKER_DATA_PUBLIC_PATH,
@@ -7734,6 +8134,29 @@ export async function maybeHandleStickerCatalogRequest(req, res, { pathname, url
   if (!['GET', 'HEAD', 'POST', 'PATCH', 'DELETE'].includes(req.method || '')) return false;
   if (maybeRedirectToCanonicalHost(req, res, url)) return true;
 
+  if (pathname === USER_PROFILE_WEB_PATH || pathname === `${USER_PROFILE_WEB_PATH}/`) {
+    if (!['GET', 'HEAD'].includes(req.method || '')) return false;
+    try {
+      const html = await renderUserDashboardHtml();
+      res.setHeader('Cache-Control', 'no-store');
+      res.setHeader('X-Robots-Tag', 'noindex, nofollow');
+      sendText(req, res, 200, html, 'text/html; charset=utf-8');
+    } catch (error) {
+      if (error?.code === 'ENOENT') {
+        sendJson(req, res, 404, { error: 'Template da pagina de usuario nao encontrado.' });
+        return true;
+      }
+
+      logger.error('Falha ao renderizar pagina de usuario.', {
+        action: 'user_dashboard_page_render_failed',
+        path: pathname,
+        error: error?.message,
+      });
+      sendJson(req, res, 500, { error: 'Falha interna ao renderizar pagina de usuario.' });
+    }
+    return true;
+  }
+
   if (pathname === '/sitemap.xml') {
     if (!['GET', 'HEAD'].includes(req.method || '')) return false;
     try {