@kaikybrofc/omnizap-system 2.2.3 → 2.2.5

package/app/modules/stickerPackModule/stickerPackCatalogHttp.js

@@ -1,6 +1,7 @@
 import fs from 'node:fs/promises';
 import path from 'node:path';
 import { createHash, randomBytes, randomUUID, scryptSync, timingSafeEqual } from 'node:crypto';
+import { URL, URLSearchParams } from 'node:url';
 import axios from 'axios';
 
 import { executeQuery, pool, TABLES } from '../../../database/index.js';
@@ -8,6 +9,7 @@ import { getJidUser, normalizeJid, resolveBotJid } from '../../config/baileysCon
 import { getAdminPhone, getAdminRawValue, resolveAdminJid } from '../../config/adminIdentity.js';
 import { getActiveSocket } from '../../services/socketState.js';
 import { extractUserIdInfo, resolveUserId } from '../../services/lidMapService.js';
+import { resolveWhatsAppOwnerJidFromLoginPayload, toWhatsAppOwnerJid, toWhatsAppPhoneDigits } from '../../services/whatsappLoginLinkService.js';
 import logger from '../../utils/logger/loggerModule.js';
 import { getSystemMetrics } from '../../utils/systemMetrics/systemMetricsModule.js';
 import {
@@ -63,6 +65,8 @@ import {
   buildViewerTagAffinity,
   computePackSignals,
 } from './stickerPackMarketplaceService.js';
+import { listStickerPackScoreSnapshotsByPackIds } from './stickerPackScoreSnapshotRepository.js';
+import { createCatalogApiRouter } from './catalogRouter.js';
 import {
   buildAdminMenu,
   buildAiMenu,
@@ -74,11 +78,17 @@ import {
   buildStickerMenu,
 } from '../menuModule/common.js';
 import { getMarketplaceDriftSnapshot } from './stickerMarketplaceDriftService.js';
-import { getStickerStorageConfig, readStickerAssetBuffer, saveStickerAssetFromBuffer } from './stickerStorageService.js';
+import {
+  getStickerAssetExternalUrl,
+  getStickerStorageConfig,
+  readStickerAssetBuffer,
+  saveStickerAssetFromBuffer,
+} from './stickerStorageService.js';
 import { convertToWebp } from '../stickerModule/convertToWebp.js';
 import { sanitizeText } from './stickerPackUtils.js';
 import stickerPackService from './stickerPackServiceRuntime.js';
 import { STICKER_PACK_ERROR_CODES, StickerPackError } from './stickerPackErrors.js';
+import { isFeatureEnabled } from '../../services/featureFlagService.js';
 
 const parseEnvBool = (value, fallback) => {
   if (value === undefined || value === null || value === '') return fallback;
@@ -143,12 +153,15 @@ const STICKER_API_BASE_PATH = normalizeBasePath(process.env.STICKER_API_BASE_PAT
 const STICKER_ORPHAN_API_PATH = `${STICKER_API_BASE_PATH}/orphan-stickers`;
 const STICKER_CREATE_WEB_PATH = `${STICKER_WEB_PATH}/create`;
 const STICKER_ADMIN_WEB_PATH = `${STICKER_WEB_PATH}/admin`;
+const STICKER_LOGIN_WEB_PATH = normalizeBasePath(process.env.STICKER_LOGIN_WEB_PATH, '/login');
+const USER_PROFILE_WEB_PATH = normalizeBasePath(process.env.USER_PROFILE_WEB_PATH, '/user');
 const STICKER_DATA_PUBLIC_PATH = normalizeBasePath(process.env.STICKER_DATA_PUBLIC_PATH, '/data');
 const STICKER_DATA_PUBLIC_DIR = path.resolve(process.env.STICKER_DATA_PUBLIC_DIR || path.join(process.cwd(), 'data'));
 const CATALOG_PUBLIC_DIR = path.resolve(process.cwd(), 'public');
 const CATALOG_TEMPLATE_PATH = path.join(CATALOG_PUBLIC_DIR, 'stickers', 'index.html');
 const CREATE_PACK_TEMPLATE_PATH = path.join(CATALOG_PUBLIC_DIR, 'stickers', 'create', 'index.html');
 const ADMIN_PANEL_TEMPLATE_PATH = path.join(CATALOG_PUBLIC_DIR, 'stickers', 'admin', 'index.html');
+const USER_DASHBOARD_TEMPLATE_PATH = path.join(CATALOG_PUBLIC_DIR, 'user', 'index.html');
 const CATALOG_STYLES_FILE_PATH = path.join(CATALOG_PUBLIC_DIR, 'css', 'styles.css');
 const CATALOG_SCRIPT_FILE_PATH = path.join(CATALOG_PUBLIC_DIR, 'js', 'catalog.js');
 const DEFAULT_LIST_LIMIT = clampInt(process.env.STICKER_WEB_LIST_LIMIT, 24, 1, 60);
@@ -199,6 +212,19 @@ const GITHUB_REPOSITORY = String(process.env.GITHUB_REPOSITORY || 'Kaikygr/omniz
 const GITHUB_TOKEN = String(process.env.GITHUB_TOKEN || '').trim();
 const GITHUB_PROJECT_CACHE_SECONDS = clampInt(process.env.GITHUB_PROJECT_CACHE_SECONDS, 300, 30, 3600);
 const GLOBAL_RANK_REFRESH_SECONDS = clampInt(process.env.GLOBAL_RANK_REFRESH_SECONDS, 600, 60, 3600);
+const CATALOG_LIST_CACHE_SECONDS = clampInt(process.env.STICKER_CATALOG_LIST_CACHE_SECONDS, 90, 15, 900);
+const CATALOG_CREATOR_RANKING_CACHE_SECONDS = clampInt(
+  process.env.STICKER_CATALOG_CREATOR_RANKING_CACHE_SECONDS,
+  120,
+  15,
+  900,
+);
+const CATALOG_PACK_PAYLOAD_CACHE_SECONDS = clampInt(
+  process.env.STICKER_CATALOG_PACK_PAYLOAD_CACHE_SECONDS,
+  300,
+  30,
+  1800,
+);
 const MARKETPLACE_GLOBAL_STATS_API_PATH = '/api/marketplace/stats';
 const MARKETPLACE_GLOBAL_STATS_CACHE_SECONDS = clampInt(process.env.MARKETPLACE_GLOBAL_STATS_CACHE_SECONDS, 45, 30, 60);
 const HOME_MARKETPLACE_STATS_CACHE_SECONDS = clampInt(process.env.HOME_MARKETPLACE_STATS_CACHE_SECONDS, 45, 10, 300);
@@ -214,6 +240,14 @@ const SITE_CANONICAL_REDIRECT_ENABLED = parseEnvBool(process.env.SITE_CANONICAL_
 const SITE_ORIGIN = String(process.env.SITE_ORIGIN || `${SITE_CANONICAL_SCHEME}://${SITE_CANONICAL_HOST}`)
   .trim()
   .replace(/\/+$/, '');
+const SITE_COOKIE_DOMAIN = String(process.env.SITE_COOKIE_DOMAIN || SITE_CANONICAL_HOST)
+  .trim()
+  .toLowerCase()
+  .replace(/^https?:\/\//, '')
+  .split('/')[0]
+  .split(':')[0]
+  .replace(/^\.+/, '')
+  .replace(/\.+$/, '');
 const SITEMAP_MAX_PACKS = clampInt(process.env.STICKER_SITEMAP_MAX_PACKS, 45000, 100, 50000);
 const SITEMAP_CACHE_SECONDS = clampInt(process.env.STICKER_SITEMAP_CACHE_SECONDS, 180, 30, 3600);
 const SEO_DISCOVERY_LINK_LIMIT = clampInt(process.env.STICKER_SEO_DISCOVERY_LINK_LIMIT, 60, 10, 200);
@@ -291,6 +325,9 @@ const MARKETPLACE_GLOBAL_STATS_CACHE = {
   pending: null,
 };
 const HOME_MARKETPLACE_STATS_CACHE = new Map();
+const CATALOG_LIST_CACHE = new Map();
+const CATALOG_CREATOR_RANKING_CACHE = new Map();
+const CATALOG_PACK_PAYLOAD_CACHE = new Map();
 const SYSTEM_SUMMARY_CACHE = {
   expiresAt: 0,
   value: null,
@@ -320,6 +357,69 @@ const formatDuration = (totalSeconds) => {
   return days > 0 ? `${days}d ${hhmmss}` : hhmmss;
 };
 
+const buildCacheKey = (parts) => JSON.stringify(parts);
+
+const getCacheBucket = (cacheMap, key) => {
+  let bucket = cacheMap.get(key);
+  if (!bucket) {
+    bucket = {
+      expiresAt: 0,
+      value: null,
+      pending: null,
+    };
+    cacheMap.set(key, bucket);
+  }
+  return bucket;
+};
+
+const getCachedSnapshot = async ({
+  cacheMap,
+  key,
+  ttlSeconds,
+  staleWhileRefresh = true,
+  staleOnError = true,
+  load,
+}) => {
+  const bucket = getCacheBucket(cacheMap, key);
+  const now = Date.now();
+  const hasValue = bucket.value !== null;
+  const hasFreshValue = hasValue && now < bucket.expiresAt;
+
+  if (hasFreshValue) {
+    return bucket.value;
+  }
+
+  if (!bucket.pending) {
+    bucket.pending = Promise.resolve()
+      .then(load)
+      .then((value) => {
+        bucket.value = value;
+        bucket.expiresAt = Date.now() + ttlSeconds * 1000;
+        return value;
+      })
+      .finally(() => {
+        bucket.pending = null;
+      });
+  }
+
+  if (hasValue && staleWhileRefresh) {
+    return bucket.value;
+  }
+
+  try {
+    return await bucket.pending;
+  } catch (error) {
+    if (hasValue && staleOnError) return bucket.value;
+    throw error;
+  }
+};
+
+const canUseRankingSnapshotRead = async (subjectKey = 'catalog') =>
+  isFeatureEnabled('enable_ranking_snapshot_read', {
+    fallback: true,
+    subjectKey,
+  });
+
 const sendJson = (req, res, statusCode, payload) => {
   const body = JSON.stringify(payload);
   res.statusCode = statusCode;
@@ -358,6 +458,22 @@ const toRequestHost = (req) =>
     .replace(/\.$/, '')
     .split(':')[0];
 
+const isIpLiteralHost = (value) => {
+  const host = String(value || '').trim().toLowerCase();
+  if (!host) return false;
+  if (/^\d{1,3}(?:\.\d{1,3}){3}$/.test(host)) return true;
+  return host.includes(':');
+};
+
+const resolveCookieDomainForRequest = (req) => {
+  if (!SITE_COOKIE_DOMAIN || isIpLiteralHost(SITE_COOKIE_DOMAIN)) return '';
+  const requestHost = toRequestHost(req);
+  if (!requestHost || isIpLiteralHost(requestHost) || requestHost === 'localhost') return '';
+  if (requestHost === SITE_COOKIE_DOMAIN) return SITE_COOKIE_DOMAIN;
+  if (requestHost.endsWith(`.${SITE_COOKIE_DOMAIN}`)) return SITE_COOKIE_DOMAIN;
+  return '';
+};
+
 const maybeRedirectToCanonicalHost = (req, res, url) => {
   if (!SITE_CANONICAL_REDIRECT_ENABLED) return false;
   if (!['GET', 'HEAD'].includes(req.method || '')) return false;
@@ -391,6 +507,33 @@ const parseCookies = (req) => {
   }, {});
 };
 
+const getCookieValuesFromRequest = (req, cookieName) => {
+  const target = String(cookieName || '').trim();
+  if (!target) return [];
+  const raw = String(req?.headers?.cookie || '');
+  if (!raw) return [];
+
+  const values = [];
+  for (const chunk of raw.split(';')) {
+    const trimmed = String(chunk || '').trim();
+    if (!trimmed) continue;
+    const separatorIndex = trimmed.indexOf('=');
+    if (separatorIndex <= 0) continue;
+    const key = trimmed.slice(0, separatorIndex).trim();
+    if (key !== target) continue;
+    const encodedValue = trimmed.slice(separatorIndex + 1).trim();
+    if (!encodedValue) continue;
+    let decodedValue = encodedValue;
+    try {
+      decodedValue = decodeURIComponent(encodedValue);
+    } catch {}
+    const normalizedValue = String(decodedValue || '').trim();
+    if (!normalizedValue) continue;
+    if (!values.includes(normalizedValue)) values.push(normalizedValue);
+  }
+  return values;
+};
+
 const isRequestSecure = (req) => {
   const proto = String(req?.headers?.['x-forwarded-proto'] || '').split(',')[0].trim().toLowerCase();
   if (proto) return proto === 'https';
@@ -499,6 +642,11 @@ const runSqlTransaction = async (handler) => {
 const buildCookieString = (name, value, req, options = {}) => {
   const parts = [`${name}=${encodeURIComponent(String(value ?? ''))}`];
   parts.push(`Path=${options.path || '/'}`);
+  const cookieDomain =
+    options.domain === false
+      ? ''
+      : String(options.domain || resolveCookieDomainForRequest(req)).trim();
+  if (cookieDomain) parts.push(`Domain=${cookieDomain}`);
   if (options.httpOnly !== false) parts.push('HttpOnly');
   parts.push(`SameSite=${options.sameSite || 'Lax'}`);
   if (isRequestSecure(req)) parts.push('Secure');
@@ -910,16 +1058,22 @@ const pruneExpiredGoogleSessions = () => {
   }
 };
 
-const getGoogleWebSessionTokenFromRequest = (req) => {
+const getGoogleWebSessionTokensFromRequest = (req) => {
+  const direct = getCookieValuesFromRequest(req, GOOGLE_WEB_SESSION_COOKIE_NAME);
+  if (direct.length > 0) return direct;
   const cookies = parseCookies(req);
-  return String(cookies[GOOGLE_WEB_SESSION_COOKIE_NAME] || '').trim();
+  const fallback = String(cookies[GOOGLE_WEB_SESSION_COOKIE_NAME] || '').trim();
+  return fallback ? [fallback] : [];
 };
 
+const getGoogleWebSessionTokenFromRequest = (req) => getGoogleWebSessionTokensFromRequest(req)[0] || '';
+
 const normalizeGoogleWebSessionRow = (row) => {
   if (!row || typeof row !== 'object') return null;
   const token = String(row.session_token || '').trim();
   const sub = normalizeGoogleSubject(row.google_sub);
   const ownerJid = normalizeJid(row.owner_jid) || '';
+  const ownerPhone = toWhatsAppPhoneDigits(row.owner_phone || ownerJid) || '';
   const expiresAt = Number(new Date(row.expires_at || 0));
   if (!token || !sub || !ownerJid || !Number.isFinite(expiresAt)) return null;
   const createdAtRaw = Number(new Date(row.created_at || 0));
@@ -931,6 +1085,7 @@ const normalizeGoogleWebSessionRow = (row) => {
     name: sanitizeText(row.name || '', 120, { allowEmpty: true }) || null,
     picture: String(row.picture_url || '').trim() || null,
     ownerJid,
+    ownerPhone,
     createdAt: Number.isFinite(createdAtRaw) ? createdAtRaw : Date.now(),
     expiresAt,
     lastSeenAt: Number.isFinite(lastSeenAtRaw) ? lastSeenAtRaw : 0,
@@ -959,10 +1114,20 @@ const upsertGoogleWebUserRecord = async (user, connection = null) => {
   const sub = normalizeGoogleSubject(user?.sub);
   const ownerJid = normalizeJid(user?.ownerJid) || '';
   if (!sub || !ownerJid) return;
+  const ownerPhone = toWhatsAppPhoneDigits(ownerJid) || null;
   const email = String(user?.email || '').trim().toLowerCase() || null;
   const name = sanitizeText(user?.name || '', 120, { allowEmpty: true }) || null;
   const pictureUrl = String(user?.picture || '').trim().slice(0, 1024) || null;
 
+  // owner_jid e unico; removemos vinculos antigos desse numero antes do upsert para manter 1:1.
+  await executeQuery(
+    `DELETE FROM ${TABLES.STICKER_WEB_GOOGLE_USER}
+      WHERE owner_jid = ?
+        AND google_sub <> ?`,
+    [ownerJid, sub],
+    connection,
+  );
+
   await executeQuery(
     `INSERT INTO ${TABLES.STICKER_WEB_GOOGLE_USER}
       (google_sub, owner_jid, email, name, picture_url, last_login_at, last_seen_at)
@@ -977,12 +1142,22 @@ const upsertGoogleWebUserRecord = async (user, connection = null) => {
     [sub, ownerJid, email, name, pictureUrl],
     connection,
   );
+
+  // Persistimos o telefone normalizado do owner para facilitar consultas administrativas.
+  await executeQuery(
+    `UPDATE ${TABLES.STICKER_WEB_GOOGLE_USER}
+        SET owner_phone = COALESCE(?, owner_phone)
+      WHERE google_sub = ?`,
+    [ownerPhone, sub],
+    connection,
+  ).catch(() => {});
 };
 
 const upsertGoogleWebSessionRecord = async (session, connection = null) => {
   const token = String(session?.token || '').trim();
   const sub = normalizeGoogleSubject(session?.sub);
   const ownerJid = normalizeJid(session?.ownerJid) || '';
+  const ownerPhone = toWhatsAppPhoneDigits(session?.ownerPhone || ownerJid) || null;
   const expiresAt = Number(session?.expiresAt || 0);
   if (!token || !sub || !ownerJid || !Number.isFinite(expiresAt) || expiresAt <= 0) return;
   const email = String(session?.email || '').trim().toLowerCase() || null;
@@ -1005,6 +1180,42 @@ const upsertGoogleWebSessionRecord = async (session, connection = null) => {
     [token, sub, ownerJid, email, name, pictureUrl, new Date(expiresAt)],
     connection,
   );
+
+  await executeQuery(
+    `UPDATE ${TABLES.STICKER_WEB_GOOGLE_SESSION}
+        SET owner_phone = COALESCE(?, owner_phone)
+      WHERE session_token = ?`,
+    [ownerPhone, token],
+    connection,
+  ).catch(() => {});
+};
+
+const deleteOtherGoogleWebSessionsInDb = async ({ token = '', ownerJid = '', sub = '' } = {}, connection = null) => {
+  const sessionToken = String(token || '').trim();
+  const normalizedOwnerJid = normalizeJid(ownerJid) || '';
+  const normalizedSub = normalizeGoogleSubject(sub);
+  if (!sessionToken || (!normalizedOwnerJid && !normalizedSub)) return 0;
+
+  const clauses = [];
+  const params = [];
+  if (normalizedOwnerJid) {
+    clauses.push('owner_jid = ?');
+    params.push(normalizedOwnerJid);
+  }
+  if (normalizedSub) {
+    clauses.push('google_sub = ?');
+    params.push(normalizedSub);
+  }
+  if (!clauses.length) return 0;
+
+  const result = await executeQuery(
+    `DELETE FROM ${TABLES.STICKER_WEB_GOOGLE_SESSION}
+      WHERE session_token <> ?
+        AND (${clauses.join(' OR ')})`,
+    [sessionToken, ...params],
+    connection,
+  );
+  return Number(result?.affectedRows || 0);
 };
 
 const persistGoogleWebSessionToDb = async (session) => {
@@ -1021,6 +1232,14 @@ const persistGoogleWebSessionToDb = async (session) => {
       },
       connection,
     );
+    await deleteOtherGoogleWebSessionsInDb(
+      {
+        token: session.token,
+        ownerJid: session.ownerJid,
+        sub: session.sub,
+      },
+      connection,
+    );
     await upsertGoogleWebSessionRecord(session, connection);
   });
 };
@@ -1030,7 +1249,7 @@ const findGoogleWebSessionInDbByToken = async (sessionToken) => {
   if (!token) return null;
   await maybePruneExpiredGoogleSessionsFromDb();
   const rows = await executeQuery(
-    `SELECT session_token, google_sub, owner_jid, email, name, picture_url, created_at, expires_at, last_seen_at
+    `SELECT session_token, google_sub, owner_jid, owner_phone, email, name, picture_url, created_at, expires_at, last_seen_at
        FROM ${TABLES.STICKER_WEB_GOOGLE_SESSION}
       WHERE session_token = ?
         AND revoked_at IS NULL
@@ -1504,6 +1723,8 @@ const pruneExpiredAdminPanelSessions = () => {
 };
 
 const getAdminPanelSessionTokenFromRequest = (req) => {
+  const direct = getCookieValuesFromRequest(req, ADMIN_PANEL_SESSION_COOKIE_NAME);
+  if (direct.length > 0) return direct[0];
   const cookies = parseCookies(req);
   return String(cookies[ADMIN_PANEL_SESSION_COOKIE_NAME] || '').trim();
 };
@@ -1515,6 +1736,14 @@ const clearAdminPanelSessionCookie = (req, res) => {
       maxAgeSeconds: 0,
     }),
   );
+  // Also clear host-only variant (legacy cookie written without Domain).
+  appendSetCookie(
+    res,
+    buildCookieString(ADMIN_PANEL_SESSION_COOKIE_NAME, '', req, {
+      maxAgeSeconds: 0,
+      domain: false,
+    }),
+  );
 };
 
 const createAdminPanelSession = (googleSession, { role = 'owner' } = {}) => {
@@ -1624,83 +1853,105 @@ const requireOwnerAdminPanelSession = (req, res) => {
   return session;
 };
 
-const createGoogleWebSession = (claims) => {
+const createGoogleWebSession = (claims, { ownerJid } = {}) => {
   pruneExpiredGoogleSessions();
   const token = randomUUID();
   const now = Date.now();
+  const resolvedOwnerJid = normalizeJid(ownerJid) || buildGoogleOwnerJid(claims.sub);
+  const resolvedOwnerPhone = toWhatsAppPhoneDigits(resolvedOwnerJid) || '';
   const session = {
     token,
     sub: claims.sub,
     email: claims.email || null,
     name: claims.name || null,
     picture: claims.picture || null,
-    ownerJid: buildGoogleOwnerJid(claims.sub),
+    ownerJid: resolvedOwnerJid,
+    ownerPhone: resolvedOwnerPhone,
     createdAt: now,
     expiresAt: now + STICKER_WEB_GOOGLE_SESSION_TTL_MS,
     lastSeenAt: now,
     lastDbTouchAt: 0,
   };
-  webGoogleSessionMap.set(token, session);
   return session;
 };
 
+const activateGoogleWebSession = (session) => {
+  if (!session?.token) return;
+  pruneExpiredGoogleSessions();
+  webGoogleSessionMap.set(session.token, session);
+  for (const [token, existing] of webGoogleSessionMap.entries()) {
+    if (!existing || token === session.token) continue;
+    const sameOwner = normalizeJid(existing.ownerJid) === normalizeJid(session.ownerJid);
+    const sameSub = normalizeGoogleSubject(existing.sub) === normalizeGoogleSubject(session.sub);
+    if (sameOwner || sameSub) {
+      webGoogleSessionMap.delete(token);
+    }
+  }
+};
+
 const resolveGoogleWebSessionFromRequest = async (req) => {
   pruneExpiredGoogleSessions();
-  const sessionToken = getGoogleWebSessionTokenFromRequest(req);
-  if (!sessionToken) return null;
-  const session = webGoogleSessionMap.get(sessionToken);
-  if (session) {
+  const sessionTokens = getGoogleWebSessionTokensFromRequest(req);
+  if (!sessionTokens.length) return null;
+
+  for (const sessionToken of sessionTokens) {
+    const session = webGoogleSessionMap.get(sessionToken);
+    if (!session) continue;
     if (Number(session.expiresAt || 0) <= Date.now()) {
       webGoogleSessionMap.delete(sessionToken);
-    } else {
-      const now = Date.now();
-      session.lastSeenAt = now;
-      if (now - Number(session.lastDbTouchAt || 0) >= GOOGLE_WEB_SESSION_DB_TOUCH_INTERVAL_MS) {
-        session.lastDbTouchAt = now;
-        void touchGoogleWebSessionSeenInDb(sessionToken).catch((error) => {
-          logger.warn('Falha ao atualizar last_seen da sessão Google web.', {
-            action: 'sticker_pack_google_web_session_touch_failed',
-            error: error?.message,
-          });
-        });
-        void touchGoogleWebUserSeenInDb(session.sub).catch(() => {});
-      }
-      try {
-        await assertGoogleIdentityNotBanned({
-          sub: session.sub,
-          email: session.email,
-          ownerJid: session.ownerJid,
+      continue;
+    }
+
+    const now = Date.now();
+    session.lastSeenAt = now;
+    if (now - Number(session.lastDbTouchAt || 0) >= GOOGLE_WEB_SESSION_DB_TOUCH_INTERVAL_MS) {
+      session.lastDbTouchAt = now;
+      void touchGoogleWebSessionSeenInDb(sessionToken).catch((error) => {
+        logger.warn('Falha ao atualizar last_seen da sessão Google web.', {
+          action: 'sticker_pack_google_web_session_touch_failed',
+          error: error?.message,
         });
-      } catch (banError) {
-        webGoogleSessionMap.delete(sessionToken);
-        void deleteGoogleWebSessionFromDb(sessionToken).catch(() => {});
-        return null;
-      }
-      return session;
+      });
+      void touchGoogleWebUserSeenInDb(session.sub).catch(() => {});
     }
-  }
-  try {
-    const persistedSession = await findGoogleWebSessionInDbByToken(sessionToken);
-    if (!persistedSession) return null;
     try {
       await assertGoogleIdentityNotBanned({
-        sub: persistedSession.sub,
-        email: persistedSession.email,
-        ownerJid: persistedSession.ownerJid,
+        sub: session.sub,
+        email: session.email,
+        ownerJid: session.ownerJid,
       });
+      return session;
     } catch {
-      await deleteGoogleWebSessionFromDb(sessionToken).catch(() => {});
-      return null;
+      webGoogleSessionMap.delete(sessionToken);
+      void deleteGoogleWebSessionFromDb(sessionToken).catch(() => {});
+    }
+  }
+
+  for (const sessionToken of sessionTokens) {
+    try {
+      const persistedSession = await findGoogleWebSessionInDbByToken(sessionToken);
+      if (!persistedSession) continue;
+      try {
+        await assertGoogleIdentityNotBanned({
+          sub: persistedSession.sub,
+          email: persistedSession.email,
+          ownerJid: persistedSession.ownerJid,
+        });
+      } catch {
+        await deleteGoogleWebSessionFromDb(sessionToken).catch(() => {});
+        continue;
+      }
+      webGoogleSessionMap.set(sessionToken, persistedSession);
+      return persistedSession;
+    } catch (error) {
+      logger.warn('Falha ao resolver sessão Google web no banco.', {
+        action: 'sticker_pack_google_web_session_db_resolve_failed',
+        error: error?.message,
+      });
     }
-    webGoogleSessionMap.set(sessionToken, persistedSession);
-    return persistedSession;
-  } catch (error) {
-    logger.warn('Falha ao resolver sessão Google web no banco.', {
-      action: 'sticker_pack_google_web_session_db_resolve_failed',
-      error: error?.message,
-    });
-    return null;
   }
+
+  return null;
 };
 
 const clearGoogleWebSessionCookie = (req, res) => {
@@ -1710,6 +1961,14 @@ const clearGoogleWebSessionCookie = (req, res) => {
       maxAgeSeconds: 0,
     }),
   );
+  // Also clear host-only variant (legacy cookie written without Domain).
+  appendSetCookie(
+    res,
+    buildCookieString(GOOGLE_WEB_SESSION_COOKIE_NAME, '', req, {
+      maxAgeSeconds: 0,
+      domain: false,
+    }),
+  );
 };
 
 const sendAsset = (req, res, buffer, mimetype = 'image/webp') => {
@@ -2060,7 +2319,9 @@ const resolveWebCreateOwnerJid = async (explicitOwner = '') => {
     const resolvedAdminJid = await resolveAdminJid();
     const fromAdmin = toOwnerJid(resolvedAdminJid);
     if (fromAdmin) return fromAdmin;
-  } catch {}
+  } catch {
+    // Ignore fallback errors while resolving owner identity.
+  }
 
   const adminCandidates = [
     getAdminRawValue(),
@@ -2230,14 +2491,18 @@ const resolveSupportAdminPhone = async () => {
       const resolvedFromLidMap = await resolveUserId(extractUserIdInfo(adminRaw));
       const resolvedPhoneFromLidMap = isPlausibleWhatsAppPhone(getJidUser(resolvedFromLidMap || ''));
       if (resolvedPhoneFromLidMap) return resolvedPhoneFromLidMap;
-    } catch {}
+    } catch {
+      // Ignore and fallback to other admin sources.
+    }
   }
 
   try {
     const resolvedAdminJid = await resolveAdminJid();
     const resolvedPhone = isPlausibleWhatsAppPhone(getJidUser(resolvedAdminJid || ''));
     if (resolvedPhone) return resolvedPhone;
-  } catch {}
+  } catch {
+    // Ignore and fallback to static admin phone sources.
+  }
 
   const rawPhone = isPlausibleWhatsAppPhone(getJidUser(adminRaw) || adminRaw);
   if (rawPhone) return rawPhone;
@@ -2266,6 +2531,27 @@ const buildSupportInfo = async () => {
   };
 };
 
+const buildBotContactInfo = () => {
+  const phone = String(resolveCatalogBotPhone() || '').replace(/\D+/g, '');
+  if (!phone) return null;
+  const loginText = String(process.env.WHATSAPP_LOGIN_TRIGGER || 'iniciar').trim() || 'iniciar';
+  const menuText = `${PACK_COMMAND_PREFIX}menu`;
+  const buildUrl = (text) =>
+    `https://api.whatsapp.com/send/?phone=${encodeURIComponent(phone)}&text=${encodeURIComponent(
+      String(text || '').trim(),
+    )}&type=custom_url&app_absent=0`;
+
+  return {
+    phone,
+    login_text: loginText,
+    menu_text: menuText,
+    urls: {
+      login: buildUrl(loginText),
+      menu: buildUrl(menuText),
+    },
+  };
+};
+
 const listDataImageFiles = async () => {
   const files = [];
   const queue = [STICKER_DATA_PUBLIC_DIR];
@@ -2618,6 +2904,10 @@ const hydrateMarketplaceEntries = async (packs, { includeItems = true, driftSnap
   const packIds = packs.map((pack) => pack.id);
   const engagementByPackId = await listStickerPackEngagementByPackIds(packIds);
   const interactionStatsByPackId = await listStickerPackInteractionStatsByPackIds(packIds);
+  const useSnapshot = await canUseRankingSnapshotRead(`hydrate:${packIds.length}:${includeItems ? 1 : 0}`);
+  const snapshotByPackId = useSnapshot
+    ? await listStickerPackScoreSnapshotsByPackIds(packIds).catch(() => new Map())
+    : new Map();
 
   const entries = [];
   const packClassificationById = new Map();
@@ -2636,14 +2926,24 @@ const hydrateMarketplaceEntries = async (packs, { includeItems = true, driftSnap
     const packMetadata = parsePackDescriptionMetadata(pack.description);
     const decoratedClassification = decoratePackClassificationSummary(packClassification);
     const mergedPackTags = mergeUniqueTags(decoratedClassification?.tags || [], packMetadata.tags);
-    const signals = computePackSignals({
-      pack: { ...pack, items },
-      engagement,
-      packClassification,
-      itemClassifications: orderedClassifications,
-      interactionStats,
-      scoringWeights: driftSnapshot?.weights || null,
-    });
+    const snapshot = snapshotByPackId.get(pack.id);
+    const signals = snapshot?.signals
+      ? {
+          ...snapshot.signals,
+          ranking_score: Number(snapshot?.signals?.ranking_score || 0),
+          pack_score: Number(snapshot?.signals?.pack_score || 0),
+          trend_score: Number(snapshot?.signals?.trend_score || 0),
+          nsfw_level: String(snapshot?.signals?.nsfw_level || 'safe'),
+          sensitive_content: Boolean(snapshot?.signals?.sensitive_content),
+        }
+      : computePackSignals({
+          pack: { ...pack, items },
+          engagement,
+          packClassification,
+          itemClassifications: orderedClassifications,
+          interactionStats,
+          scoringWeights: driftSnapshot?.weights || null,
+        });
 
     const entry = {
       pack,
@@ -2869,6 +3169,7 @@ const renderCatalogHtml = async ({ initialPackKey }) => {
     __STICKER_WEB_PATH__: escapeHtmlAttribute(STICKER_WEB_PATH),
     __STICKER_API_BASE_PATH__: escapeHtmlAttribute(STICKER_API_BASE_PATH),
     __STICKER_ORPHAN_API_PATH__: escapeHtmlAttribute(buildOrphanStickersApiUrl()),
+    __STICKER_LOGIN_WEB_PATH__: escapeHtmlAttribute(STICKER_LOGIN_WEB_PATH),
     __STICKER_DATA_PUBLIC_PATH__: escapeHtmlAttribute(STICKER_DATA_PUBLIC_PATH),
     __DEFAULT_LIST_LIMIT__: String(DEFAULT_LIST_LIMIT),
     __DEFAULT_ORPHAN_LIST_LIMIT__: String(DEFAULT_ORPHAN_LIST_LIMIT),
@@ -3014,11 +3315,12 @@ const renderPackSeoHtml = ({ packSummary }) => {
     data-web-path="${escapeHtmlAttribute(STICKER_WEB_PATH)}"
     data-api-base-path="${escapeHtmlAttribute(STICKER_API_BASE_PATH)}"
     data-orphan-api-path="${escapeHtmlAttribute(STICKER_ORPHAN_API_PATH)}"
+    data-login-path="${escapeHtmlAttribute(STICKER_LOGIN_WEB_PATH)}"
     data-default-limit="${DEFAULT_LIST_LIMIT}"
     data-default-orphan-limit="${DEFAULT_ORPHAN_LIST_LIMIT}"
     data-initial-pack-key="${escapeHtmlAttribute(packSummary?.pack_key || '')}"
   ></div>
-  <script type="module" src="/js/apps/stickersApp.js?v=20260227-ui-hotfix-v5"></script>
+  <script type="module" src="/js/apps/stickersApp.js?v=20260228-login-redirect-my-packs1"></script>
 </body>
 </html>`;
 };
@@ -3054,6 +3356,7 @@ const renderCreatePackHtml = async () => {
   const replacements = {
     __STICKER_WEB_PATH__: escapeHtmlAttribute(STICKER_WEB_PATH),
     __STICKER_CREATE_WEB_PATH__: escapeHtmlAttribute(STICKER_CREATE_WEB_PATH),
+    __STICKER_LOGIN_WEB_PATH__: escapeHtmlAttribute(STICKER_LOGIN_WEB_PATH),
     __STICKER_API_BASE_PATH__: escapeHtmlAttribute(STICKER_API_BASE_PATH),
     __PACK_COMMAND_PREFIX__: escapeHtmlAttribute(PACK_COMMAND_PREFIX),
     __CURRENT_YEAR__: String(new Date().getFullYear()),
@@ -3082,6 +3385,23 @@ const renderAdminPanelHtml = async () => {
   return html;
 };
 
+const renderUserDashboardHtml = async () => {
+  const template = await fs.readFile(USER_DASHBOARD_TEMPLATE_PATH, 'utf8');
+  const replacements = {
+    __STICKER_WEB_PATH__: escapeHtmlAttribute(STICKER_WEB_PATH),
+    __STICKER_LOGIN_WEB_PATH__: escapeHtmlAttribute(STICKER_LOGIN_WEB_PATH),
+    __STICKER_API_BASE_PATH__: escapeHtmlAttribute(STICKER_API_BASE_PATH),
+    __USER_PROFILE_WEB_PATH__: escapeHtmlAttribute(USER_PROFILE_WEB_PATH),
+    __CURRENT_YEAR__: String(new Date().getFullYear()),
+  };
+
+  let html = template;
+  for (const [token, value] of Object.entries(replacements)) {
+    html = html.replaceAll(token, value);
+  }
+  return html;
+};
+
 const buildSitemapXml = async () => {
   if (SITEMAP_CACHE.expiresAt > Date.now() && SITEMAP_CACHE.xml) {
     return SITEMAP_CACHE.xml;
@@ -3194,95 +3514,118 @@ const handleListRequest = async (req, res, url) => {
   const limit = clampInt(url.searchParams.get('limit'), DEFAULT_LIST_LIMIT, 1, MAX_LIST_LIMIT);
   const offset = clampInt(url.searchParams.get('offset'), 0, 0, 100000);
   const normalizedIntent = normalizeCategoryToken(intent).replace(/-/g, '_');
-  const batchLimit = Math.max(limit, Math.min(MAX_LIST_LIMIT, 24));
-  const maxPagesToScan = 8;
   const googleSession = await resolveGoogleWebSessionFromRequest(req);
   const hasNsfwAccess = Boolean(googleSession?.sub && googleSession?.ownerJid);
-  const seenPackIds = new Set();
-  const collectedEntries = [];
-  const driftSnapshot = await getMarketplaceDriftSnapshot();
-  let sourceHasMore = true;
-  let cursorOffset = offset;
-  let pagesScanned = 0;
+  const cacheKey = buildCacheKey([
+    'list',
+    q,
+    visibility,
+    sort,
+    categories.join(','),
+    normalizedIntent,
+    includeSensitive ? 1 : 0,
+    limit,
+    offset,
+    hasNsfwAccess ? 1 : 0,
+  ]);
+  const payload = await getCachedSnapshot({
+    cacheMap: CATALOG_LIST_CACHE,
+    key: cacheKey,
+    ttlSeconds: CATALOG_LIST_CACHE_SECONDS,
+    staleWhileRefresh: true,
+    staleOnError: true,
+    load: async () => {
+      const batchLimit = Math.max(limit, Math.min(MAX_LIST_LIMIT, 24));
+      const maxPagesToScan = 8;
+      const seenPackIds = new Set();
+      const collectedEntries = [];
+      const driftSnapshot = await getMarketplaceDriftSnapshot();
+      let sourceHasMore = true;
+      let cursorOffset = offset;
+      let pagesScanned = 0;
+
+      while (collectedEntries.length < limit && sourceHasMore && pagesScanned < maxPagesToScan) {
+        pagesScanned += 1;
+        const { packs, hasMore } = await listStickerPacksForCatalog({
+          visibility,
+          search: q,
+          limit: batchLimit,
+          offset: cursorOffset,
+        });
+        sourceHasMore = hasMore;
+        cursorOffset += batchLimit;
+        if (!packs.length) break;
+
+        const { entries } = await hydrateMarketplaceEntries(packs, { driftSnapshot });
+        const entriesClassified = STICKER_CATALOG_ONLY_CLASSIFIED
+          ? entries.filter((entry) => isPackClassified(entry.packClassification))
+          : entries;
+        const entriesByCategory = categories.length
+          ? entriesClassified.filter((entry) => hasAnyCategory(entry.packClassification?.tags || [], categories))
+          : entriesClassified;
+        const entriesBySensitivity = includeSensitive
+          ? entriesByCategory
+          : entriesByCategory.filter((entry) => entry.signals?.nsfw_level === 'safe');
+        const entriesByIntent = intent
+          ? entriesBySensitivity.filter((entry) => classifyPackIntent(entry) === normalizedIntent)
+          : entriesBySensitivity;
+        const sortedEntries = [...entriesByIntent].sort((left, right) => {
+          const completenessDelta = compareEntriesByPackCompleteness(left, right);
+          if (completenessDelta !== 0) return completenessDelta;
+          if (sort === 'recent') {
+            return Date.parse(right?.pack?.created_at || right?.pack?.updated_at || 0) - Date.parse(left?.pack?.created_at || left?.pack?.updated_at || 0);
+          }
+          if (sort === 'likes') {
+            return Number(right?.engagement?.like_count || 0) - Number(left?.engagement?.like_count || 0);
+          }
+          if (sort === 'downloads') {
+            return Number(right?.engagement?.open_count || 0) - Number(left?.engagement?.open_count || 0);
+          }
+          if (sort === 'comments') {
+            const commentDelta = Number(right?.engagement?.comment_count || 0) - Number(left?.engagement?.comment_count || 0);
+            if (commentDelta !== 0) return commentDelta;
+            return Number(right?.engagement?.like_count || 0) - Number(left?.engagement?.like_count || 0);
+          }
+          if (sort === 'trending') {
+            const trendDelta = Number(right?.signals?.trend_score || 0) - Number(left?.signals?.trend_score || 0);
+            if (trendDelta !== 0) return trendDelta;
+          }
+          const leftScore = Number(left?.signals?.ranking_score || 0);
+          const rightScore = Number(right?.signals?.ranking_score || 0);
+          if (rightScore !== leftScore) return rightScore - leftScore;
+          return Date.parse(right?.pack?.updated_at || 0) - Date.parse(left?.pack?.updated_at || 0);
+        });
 
-  while (collectedEntries.length < limit && sourceHasMore && pagesScanned < maxPagesToScan) {
-    pagesScanned += 1;
-    const { packs, hasMore } = await listStickerPacksForCatalog({
-      visibility,
-      search: q,
-      limit: batchLimit,
-      offset: cursorOffset,
-    });
-    sourceHasMore = hasMore;
-    cursorOffset += batchLimit;
-    if (!packs.length) break;
-
-    const { entries } = await hydrateMarketplaceEntries(packs, { driftSnapshot });
-    const entriesClassified = STICKER_CATALOG_ONLY_CLASSIFIED
-      ? entries.filter((entry) => isPackClassified(entry.packClassification))
-      : entries;
-    const entriesByCategory = categories.length
-      ? entriesClassified.filter((entry) => hasAnyCategory(entry.packClassification?.tags || [], categories))
-      : entriesClassified;
-    const entriesBySensitivity = includeSensitive
-      ? entriesByCategory
-      : entriesByCategory.filter((entry) => entry.signals?.nsfw_level === 'safe');
-    const entriesByIntent = intent
-      ? entriesBySensitivity.filter((entry) => classifyPackIntent(entry) === normalizedIntent)
-      : entriesBySensitivity;
-    const sortedEntries = [...entriesByIntent].sort((left, right) => {
-      const completenessDelta = compareEntriesByPackCompleteness(left, right);
-      if (completenessDelta !== 0) return completenessDelta;
-      if (sort === 'recent') {
-        return Date.parse(right?.pack?.created_at || right?.pack?.updated_at || 0) - Date.parse(left?.pack?.created_at || left?.pack?.updated_at || 0);
-      }
-      if (sort === 'likes') {
-        return Number(right?.engagement?.like_count || 0) - Number(left?.engagement?.like_count || 0);
-      }
-      if (sort === 'downloads') {
-        return Number(right?.engagement?.open_count || 0) - Number(left?.engagement?.open_count || 0);
-      }
-      if (sort === 'comments') {
-        const commentDelta = Number(right?.engagement?.comment_count || 0) - Number(left?.engagement?.comment_count || 0);
-        if (commentDelta !== 0) return commentDelta;
-        return Number(right?.engagement?.like_count || 0) - Number(left?.engagement?.like_count || 0);
-      }
-      if (sort === 'trending') {
-        const trendDelta = Number(right?.signals?.trend_score || 0) - Number(left?.signals?.trend_score || 0);
-        if (trendDelta !== 0) return trendDelta;
+        for (const entry of sortedEntries) {
+          if (!entry?.pack?.id) continue;
+          if (seenPackIds.has(entry.pack.id)) continue;
+          seenPackIds.add(entry.pack.id);
+          collectedEntries.push(entry);
+          if (collectedEntries.length >= limit) break;
+        }
       }
-      const leftScore = Number(left?.signals?.ranking_score || 0);
-      const rightScore = Number(right?.signals?.ranking_score || 0);
-      if (rightScore !== leftScore) return rightScore - leftScore;
-      return Date.parse(right?.pack?.updated_at || 0) - Date.parse(left?.pack?.updated_at || 0);
-    });
-
-    for (const entry of sortedEntries) {
-      if (!entry?.pack?.id) continue;
-      if (seenPackIds.has(entry.pack.id)) continue;
-      seenPackIds.add(entry.pack.id);
-      collectedEntries.push(entry);
-      if (collectedEntries.length >= limit) break;
-    }
-  }
 
-  sendJson(req, res, 200, {
-    data: collectedEntries.map((entry) => toSummaryEntry(entry, { hideSensitiveCover: !hasNsfwAccess })),
-    pagination: {
-      limit,
-      offset,
-      has_more: sourceHasMore,
-      next_offset: sourceHasMore ? cursorOffset : null,
-    },
-    filters: {
-      q,
-      visibility,
-      sort,
-      categories,
-      intent: intent || null,
-      include_sensitive: includeSensitive,
+      return {
+        data: collectedEntries.map((entry) => toSummaryEntry(entry, { hideSensitiveCover: !hasNsfwAccess })),
+        pagination: {
+          limit,
+          offset,
+          has_more: sourceHasMore,
+          next_offset: sourceHasMore ? cursorOffset : null,
+        },
+        filters: {
+          q,
+          visibility,
+          sort,
+          categories,
+          intent: intent || null,
+          include_sensitive: includeSensitive,
+        },
+      };
     },
   });
+
+  sendJson(req, res, 200, payload);
 };
 
 const handleIntentCollectionsRequest = async (req, res, url) => {
@@ -3514,32 +3857,15 @@ const handleGoogleAuthSessionRequest = async (req, res) => {
   if (req.method === 'GET' || req.method === 'HEAD') {
     const session = await resolveGoogleWebSessionFromRequest(req);
     sendJson(req, res, 200, {
-      data: session
-        ? {
-            authenticated: true,
-            provider: 'google',
-            user: {
-              sub: session.sub,
-              email: session.email,
-              name: session.name,
-              picture: session.picture,
-            },
-            expires_at: toIsoOrNull(session.expiresAt),
-          }
-        : {
-            authenticated: false,
-            provider: 'google',
-            user: null,
-            expires_at: null,
-          },
+      data: mapGoogleSessionResponseData(session),
     });
     return;
   }
 
   if (req.method === 'DELETE') {
-    const token = getGoogleWebSessionTokenFromRequest(req);
-    if (token) webGoogleSessionMap.delete(token);
-    if (token) {
+    const tokens = getGoogleWebSessionTokensFromRequest(req);
+    for (const token of tokens) {
+      webGoogleSessionMap.delete(token);
       await deleteGoogleWebSessionFromDb(token).catch((error) => {
         logger.warn('Falha ao remover sessão Google web do banco.', {
           action: 'sticker_pack_google_web_session_db_delete_failed',
@@ -3567,20 +3893,57 @@ const handleGoogleAuthSessionRequest = async (req, res) => {
 
   try {
     const claims = await verifyGoogleIdToken(payload?.google_id_token || payload?.id_token);
+    const linkedOwner = resolveWhatsAppOwnerJidFromLoginPayload(payload);
+    if (!linkedOwner.ownerJid) {
+      if (!linkedOwner.hasPayload) {
+        sendJson(req, res, 400, {
+          error: 'Abra esta pagina pelo link enviado no WhatsApp. Envie "iniciar" no bot para gerar o link de login.',
+          code: 'WHATSAPP_LOGIN_LINK_REQUIRED',
+          reason: 'missing_link',
+        });
+        return;
+      }
+
+      const reason = String(linkedOwner.reason || '').trim().toLowerCase();
+      const isUnauthorizedAttempt = ['invalid_signature', 'missing_signature'].includes(reason);
+      const statusCode = isUnauthorizedAttempt ? 403 : 400;
+      const errorMessage =
+        reason === 'expired'
+          ? 'Link de login expirado. Envie "iniciar" novamente no WhatsApp.'
+          : isUnauthorizedAttempt
+            ? 'Tentativa de login sem permissao detectada. Gere um novo link enviando "iniciar" no privado do bot.'
+            : 'Link de login invalido. Envie "iniciar" novamente no WhatsApp.';
+
+      logger.warn('Tentativa de login web bloqueada por validacao do link WhatsApp.', {
+        action: 'sticker_pack_google_web_login_link_blocked',
+        reason: reason || 'unknown',
+        remote_ip: req.socket?.remoteAddress || null,
+        user_agent: req.headers?.['user-agent'] || null,
+      });
+
+      sendJson(req, res, statusCode, {
+        error: errorMessage,
+        code: 'WHATSAPP_LOGIN_LINK_INVALID',
+        reason: reason || 'invalid_link',
+      });
+      return;
+    }
+    const ownerJid = linkedOwner.ownerJid;
+
     await assertGoogleIdentityNotBanned({
       sub: claims.sub,
       email: claims.email,
-      ownerJid: buildGoogleOwnerJid(claims.sub),
+      ownerJid,
     });
-    const session = createGoogleWebSession(claims);
+    const session = createGoogleWebSession(claims, { ownerJid });
     if (!session.ownerJid) {
       sendJson(req, res, 400, { error: 'Nao foi possivel vincular a conta Google.' });
       return;
     }
     try {
       await persistGoogleWebSessionToDb(session);
+      activateGoogleWebSession(session);
     } catch (persistError) {
-      webGoogleSessionMap.delete(session.token);
       logger.error('Falha ao persistir sessão Google web no banco.', {
         action: 'sticker_pack_google_web_session_db_persist_failed',
         error: persistError?.message,
@@ -3596,17 +3959,7 @@ const handleGoogleAuthSessionRequest = async (req, res) => {
       }),
     );
     sendJson(req, res, 200, {
-      data: {
-        authenticated: true,
-        provider: 'google',
-        user: {
-          sub: session.sub,
-          email: session.email,
-          name: session.name,
-          picture: session.picture,
-        },
-        expires_at: toIsoOrNull(session.expiresAt),
-      },
+      data: mapGoogleSessionResponseData(session),
     });
   } catch (error) {
     sendJson(req, res, Number(error?.statusCode || 401), {
@@ -3627,20 +3980,199 @@ const mapGoogleSessionResponseData = (session) =>
           name: session.name,
           picture: session.picture,
         },
+        owner_jid: session.ownerJid,
+        owner_phone: toWhatsAppPhoneDigits(session.ownerPhone || session.ownerJid) || null,
         expires_at: toIsoOrNull(session.expiresAt),
       }
     : {
         authenticated: false,
         provider: 'google',
         user: null,
+        owner_jid: null,
+        owner_phone: null,
         expires_at: null,
       };
 
-const handleMyProfileRequest = async (req, res) => {
-  if (!['GET', 'HEAD'].includes(req.method || '')) {
-    sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-    return;
-  }
+const buildOwnerLookupJids = (value) => {
+  const normalized = normalizeJid(value) || '';
+  if (!normalized || !normalized.includes('@')) return [];
+  const lookup = new Set([normalized]);
+  const phoneDigits = toWhatsAppPhoneDigits(normalized);
+  if (!phoneDigits) return Array.from(lookup);
+  lookup.add(normalizeJid(`${phoneDigits}@s.whatsapp.net`) || '');
+  lookup.add(normalizeJid(`${phoneDigits}@c.us`) || '');
+  lookup.add(normalizeJid(`${phoneDigits}@hosted`) || '');
+  return Array.from(lookup).filter(Boolean);
+};
+
+const appendMyProfileOwnerCandidate = (candidateSet, lookupSet, value) => {
+  const normalized = normalizeJid(value) || '';
+  if (!normalized || !normalized.includes('@')) return;
+
+  candidateSet.add(normalized);
+  for (const lookupJid of buildOwnerLookupJids(normalized)) {
+    lookupSet.add(lookupJid);
+  }
+
+  const phoneOwner = toWhatsAppOwnerJid(value);
+  if (phoneOwner) {
+    candidateSet.add(phoneOwner);
+    for (const lookupJid of buildOwnerLookupJids(phoneOwner)) {
+      lookupSet.add(lookupJid);
+    }
+  }
+};
+
+const buildPhoneSet = (...values) => {
+  const set = new Set();
+  for (const value of values) {
+    const digits = toWhatsAppPhoneDigits(value);
+    if (digits) set.add(digits);
+  }
+  return set;
+};
+
+const resolveMyProfileOwnerCandidates = async (session) => {
+  const candidates = new Set();
+  const lookupByJid = new Set();
+  const lidCandidates = new Set();
+  const appendCandidate = (value) => appendMyProfileOwnerCandidate(candidates, lookupByJid, value);
+  const trustedPhones = new Set();
+  const blockedJids = new Set();
+  const blockedPhones = new Set();
+
+  appendCandidate(session?.ownerJid);
+  appendCandidate(toWhatsAppOwnerJid(session?.ownerPhone || session?.ownerJid));
+  for (const phone of buildPhoneSet(session?.ownerPhone, session?.ownerJid)) {
+    trustedPhones.add(phone);
+  }
+
+  const activeSocket = getActiveSocket();
+  const botJid = normalizeJid(resolveBotJid(activeSocket?.user?.id || '') || '');
+  if (botJid) {
+    blockedJids.add(botJid);
+    for (const phone of buildPhoneSet(botJid)) {
+      blockedPhones.add(phone);
+    }
+  }
+
+  const legacyGoogleOwner = buildGoogleOwnerJid(session?.sub);
+  if (legacyGoogleOwner) appendCandidate(legacyGoogleOwner);
+
+  const sessionResolved = await resolveUserId(extractUserIdInfo(session?.ownerJid || session?.ownerPhone || null)).catch(() => null);
+  if (sessionResolved) {
+    appendCandidate(sessionResolved);
+    for (const phone of buildPhoneSet(sessionResolved)) {
+      trustedPhones.add(phone);
+    }
+  }
+
+  const normalizedSub = normalizeGoogleSubject(session?.sub);
+  if (normalizedSub) {
+    try {
+      const rows = await executeQuery(
+        `SELECT owner_jid, owner_phone
+           FROM ${TABLES.STICKER_WEB_GOOGLE_USER}
+          WHERE google_sub = ?
+          LIMIT 1`,
+        [normalizedSub],
+      );
+      const row = Array.isArray(rows) ? rows[0] : null;
+      appendCandidate(row?.owner_jid || '');
+      appendCandidate(row?.owner_phone || '');
+      const mappedResolved = await resolveUserId(extractUserIdInfo(row?.owner_jid || row?.owner_phone || null)).catch(() => null);
+      if (mappedResolved) appendCandidate(mappedResolved);
+    } catch (error) {
+      logger.warn('Falha ao resolver owners para perfil web.', {
+        action: 'sticker_pack_my_profile_owner_candidates_failed',
+        google_sub: normalizedSub,
+        error: error?.message,
+      });
+    }
+  }
+
+  for (const ownerJid of Array.from(candidates)) {
+    const identity = extractUserIdInfo(ownerJid);
+    if (identity?.lid) lidCandidates.add(identity.lid);
+    if (!identity?.lid && !identity?.jid) continue;
+    const resolved = await resolveUserId(identity).catch(() => null);
+    if (!resolved) continue;
+    appendCandidate(resolved);
+    const resolvedIdentity = extractUserIdInfo(resolved);
+    if (resolvedIdentity?.lid) lidCandidates.add(resolvedIdentity.lid);
+  }
+
+  const lookupValues = Array.from(lookupByJid).filter(Boolean);
+  for (let offset = 0; offset < lookupValues.length; offset += 200) {
+    const chunk = lookupValues.slice(offset, offset + 200);
+    if (!chunk.length) continue;
+    const placeholders = chunk.map(() => '?').join(', ');
+    const rows = await executeQuery(
+      `SELECT lid, jid
+         FROM ${TABLES.LID_MAP}
+        WHERE jid IN (${placeholders})
+        ORDER BY last_seen DESC
+        LIMIT 500`,
+      chunk,
+    ).catch(() => []);
+
+    for (const row of Array.isArray(rows) ? rows : []) {
+      appendCandidate(row?.jid || '');
+      const resolvedLid = normalizeJid(row?.lid || '');
+      if (resolvedLid) lidCandidates.add(resolvedLid);
+    }
+  }
+
+  for (const lid of lidCandidates) {
+    const resolved = await resolveUserId(extractUserIdInfo(lid)).catch(() => null);
+    if (resolved) {
+      appendCandidate(resolved);
+      appendCandidate(lid);
+    }
+  }
+
+  const filtered = [];
+  for (const candidate of Array.from(candidates)) {
+    const normalized = normalizeJid(candidate) || '';
+    if (!normalized || !normalized.includes('@')) continue;
+    if (blockedJids.has(normalized)) continue;
+
+    const directPhone = toWhatsAppPhoneDigits(normalized);
+    if (directPhone && blockedPhones.has(directPhone)) continue;
+
+    const isGoogleOwner = normalized.endsWith('@google.oauth');
+    if (trustedPhones.size === 0) {
+      filtered.push(normalized);
+      continue;
+    }
+
+    if (directPhone) {
+      if (!trustedPhones.has(directPhone)) continue;
+      filtered.push(normalized);
+      continue;
+    }
+
+    const resolved = await resolveUserId(extractUserIdInfo(normalized)).catch(() => null);
+    const resolvedPhone = toWhatsAppPhoneDigits(resolved || '');
+    if (resolvedPhone) {
+      if (!trustedPhones.has(resolvedPhone) || blockedPhones.has(resolvedPhone)) continue;
+      filtered.push(normalized);
+      continue;
+    }
+
+    if (isGoogleOwner) {
+      filtered.push(normalized);
+    }
+  }
+
+  return Array.from(new Set(filtered));
+};
+
+const handleMyProfileRequest = async (req, res, url = null) => {
+  if (!['GET', 'HEAD'].includes(req.method || '')) {
+    sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
+    return;
+  }
 
   const session = await resolveGoogleWebSessionFromRequest(req);
   const authGoogle = {
@@ -3669,7 +4201,65 @@ const handleMyProfileRequest = async (req, res) => {
     return;
   }
 
-  const packs = await listStickerPacksByOwner(session.ownerJid, { limit: 200, offset: 0 });
+  const ownerCandidates = await resolveMyProfileOwnerCandidates(session);
+  if (!ownerCandidates.length) {
+    sendJson(req, res, 200, {
+      data: {
+        auth: { google: authGoogle },
+        session: mapGoogleSessionResponseData(session),
+        owner_jid: session.ownerJid,
+        owner_jids: [],
+        packs: [],
+        stats: {
+          total: 0,
+          published: 0,
+          drafts: 0,
+          private: 0,
+          unlisted: 0,
+          public: 0,
+        },
+      },
+    });
+    return;
+  }
+
+  const ownerPacks = await Promise.all(
+    ownerCandidates.map((ownerJid) => listStickerPacksByOwner(ownerJid, { limit: 200, offset: 0 })),
+  );
+  const includeAutoPacks = parseEnvBool(
+    url?.searchParams?.get('include_auto'),
+    parseEnvBool(process.env.STICKER_WEB_MY_PROFILE_INCLUDE_AUTO_PACKS, false),
+  );
+
+  const dedupPacks = new Map();
+  for (const packList of ownerPacks) {
+    for (const pack of Array.isArray(packList) ? packList : []) {
+      if (!pack?.id) continue;
+      if (!includeAutoPacks && pack?.is_auto_pack === true) continue;
+      const existing = dedupPacks.get(pack.id);
+      if (!existing) {
+        dedupPacks.set(pack.id, pack);
+        continue;
+      }
+      const currentUpdatedAt = Date.parse(String(pack.updated_at || pack.created_at || ''));
+      const existingUpdatedAt = Date.parse(String(existing.updated_at || existing.created_at || ''));
+      if (Number.isFinite(currentUpdatedAt) && (!Number.isFinite(existingUpdatedAt) || currentUpdatedAt > existingUpdatedAt)) {
+        dedupPacks.set(pack.id, pack);
+      }
+    }
+  }
+
+  const packs = Array.from(dedupPacks.values())
+    .sort((a, b) => {
+      const aUpdatedAt = Date.parse(String(a?.updated_at || a?.created_at || ''));
+      const bUpdatedAt = Date.parse(String(b?.updated_at || b?.created_at || ''));
+      if (!Number.isFinite(aUpdatedAt) && !Number.isFinite(bUpdatedAt)) return 0;
+      if (!Number.isFinite(aUpdatedAt)) return 1;
+      if (!Number.isFinite(bUpdatedAt)) return -1;
+      return bUpdatedAt - aUpdatedAt;
+    })
+    .slice(0, 300);
+
   const engagementByPackId = await listStickerPackEngagementByPackIds(packs.map((pack) => pack.id));
 
   const mappedPacks = packs.map((pack) => {
@@ -3702,6 +4292,7 @@ const handleMyProfileRequest = async (req, res) => {
       auth: { google: authGoogle },
       session: mapGoogleSessionResponseData(session),
       owner_jid: session.ownerJid,
+      owner_jids: ownerCandidates,
       packs: mappedPacks,
       stats,
     },
@@ -3715,6 +4306,9 @@ const invalidateStickerCatalogDerivedCaches = () => {
   GLOBAL_RANK_CACHE.value = null;
   GLOBAL_RANK_CACHE.pending = null;
   HOME_MARKETPLACE_STATS_CACHE.clear();
+  CATALOG_LIST_CACHE.clear();
+  CATALOG_CREATOR_RANKING_CACHE.clear();
+  CATALOG_PACK_PAYLOAD_CACHE.clear();
   SYSTEM_SUMMARY_CACHE.expiresAt = 0;
   SYSTEM_SUMMARY_CACHE.value = null;
   SYSTEM_SUMMARY_CACHE.pending = null;
@@ -3891,23 +4485,39 @@ const loadOwnedPackForWebManagement = async (req, res, packKey, { allowMissing =
     return null;
   }
 
-  try {
-    const pack = await stickerPackService.getPackInfo({
-      ownerJid: session.ownerJid,
-      identifier: normalizedPackKey,
-    });
-    return { session, packKey: normalizedPackKey, pack };
-  } catch (error) {
-    if (allowMissing && error instanceof StickerPackError && error.code === STICKER_PACK_ERROR_CODES.PACK_NOT_FOUND) {
-      return { session, packKey: normalizedPackKey, pack: null, missing: true };
+  const ownerCandidatesRaw = await resolveMyProfileOwnerCandidates(session).catch(() => []);
+  const ownerCandidates = Array.from(new Set([normalizeJid(session.ownerJid) || '', ...ownerCandidatesRaw].filter(Boolean)));
+  const fallbackOwnerJid = ownerCandidates[0] || normalizeJid(session.ownerJid) || '';
+
+  for (const ownerJid of ownerCandidates) {
+    try {
+      const pack = await stickerPackService.getPackInfo({
+        ownerJid,
+        identifier: normalizedPackKey,
+      });
+      return { session, ownerJid, ownerCandidates, packKey: normalizedPackKey, pack };
+    } catch (error) {
+      if (error instanceof StickerPackError && error.code === STICKER_PACK_ERROR_CODES.PACK_NOT_FOUND) {
+        continue;
+      }
+      const mapped = mapStickerPackWebManageError(error);
+      sendJson(req, res, mapped.statusCode, {
+        error: mapped.message,
+        code: mapped.code,
+      });
+      return null;
     }
-    const mapped = mapStickerPackWebManageError(error);
-    sendJson(req, res, mapped.statusCode, {
-      error: mapped.message,
-      code: mapped.code,
-    });
-    return null;
   }
+
+  if (allowMissing) {
+    return { session, ownerJid: fallbackOwnerJid, ownerCandidates, packKey: normalizedPackKey, pack: null, missing: true };
+  }
+
+  sendJson(req, res, 404, {
+    error: 'Pack nao encontrado para este usuario.',
+    code: STICKER_PACK_ERROR_CODES.PACK_NOT_FOUND,
+  });
+  return null;
 };
 
 const buildManagedPackAnalytics = async (pack) => {
@@ -3990,7 +4600,7 @@ const handleManagedPackRequest = async (req, res, packKey) => {
   const isMutableMethod = req.method === 'PATCH' || req.method === 'DELETE';
   const context = await loadOwnedPackForWebManagement(req, res, packKey, { allowMissing: isMutableMethod });
   if (!context) return;
-  const { session, packKey: normalizedPackKey } = context;
+  const { packKey: normalizedPackKey } = context;
 
   if (req.method === 'GET' || req.method === 'HEAD') {
     await sendManagedPackResponse(req, res, context.pack);
@@ -4008,7 +4618,7 @@ const handleManagedPackRequest = async (req, res, packKey) => {
 
     try {
       const result = await deleteManagedPackWithCleanup({
-        ownerJid: session.ownerJid,
+        ownerJid: context.ownerJid,
         identifier: normalizedPackKey,
         fallbackPack: context.pack,
       });
@@ -4059,13 +4669,13 @@ const handleManagedPackRequest = async (req, res, packKey) => {
       const currentName = sanitizeText(updatedPack?.name, PACK_CREATE_MAX_NAME_LENGTH, { allowEmpty: false });
       if (!nextName) {
         updatedPack = await stickerPackService.renamePack({
-          ownerJid: session.ownerJid,
+          ownerJid: context.ownerJid,
           identifier: normalizedPackKey,
           name: payload.name,
         });
       } else if (nextName !== currentName) {
         updatedPack = await stickerPackService.renamePack({
-          ownerJid: session.ownerJid,
+          ownerJid: context.ownerJid,
           identifier: normalizedPackKey,
           name: payload.name,
         });
@@ -4078,13 +4688,13 @@ const handleManagedPackRequest = async (req, res, packKey) => {
       const currentPublisher = sanitizeText(updatedPack?.publisher, PACK_CREATE_MAX_PUBLISHER_LENGTH, { allowEmpty: false });
       if (!nextPublisher) {
         updatedPack = await stickerPackService.setPackPublisher({
-          ownerJid: session.ownerJid,
+          ownerJid: context.ownerJid,
           identifier: normalizedPackKey,
           publisher: payload.publisher,
         });
       } else if (nextPublisher !== currentPublisher) {
         updatedPack = await stickerPackService.setPackPublisher({
-          ownerJid: session.ownerJid,
+          ownerJid: context.ownerJid,
           identifier: normalizedPackKey,
           publisher: payload.publisher,
         });
@@ -4097,13 +4707,13 @@ const handleManagedPackRequest = async (req, res, packKey) => {
       const currentVisibility = String(updatedPack?.visibility || '').trim().toLowerCase();
       if (!nextVisibility) {
         updatedPack = await stickerPackService.setPackVisibility({
-          ownerJid: session.ownerJid,
+          ownerJid: context.ownerJid,
           identifier: normalizedPackKey,
           visibility: payload.visibility,
         });
       } else if (nextVisibility !== currentVisibility) {
         updatedPack = await stickerPackService.setPackVisibility({
-          ownerJid: session.ownerJid,
+          ownerJid: context.ownerJid,
           identifier: normalizedPackKey,
           visibility: payload.visibility,
         });
@@ -4119,7 +4729,7 @@ const handleManagedPackRequest = async (req, res, packKey) => {
       const currentDescriptionWithTags = buildPackDescriptionWithTags(currentMeta.cleanDescription || '', currentMeta.tags);
       if (String(descriptionWithTags || '') !== String(currentDescriptionWithTags || '')) {
         updatedPack = await stickerPackService.setPackDescription({
-          ownerJid: session.ownerJid,
+          ownerJid: context.ownerJid,
           identifier: normalizedPackKey,
           description: descriptionWithTags || '',
         });
@@ -4167,7 +4777,7 @@ const handleManagedPackCloneRequest = async (req, res, packKey) => {
 
   try {
     const cloned = await stickerPackService.clonePack({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       identifier: context.packKey,
       newName,
     });
@@ -4205,7 +4815,7 @@ const handleManagedPackCoverRequest = async (req, res, packKey) => {
 
   try {
     const updated = await stickerPackService.setPackCover({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       identifier: context.packKey,
       stickerId: payload?.sticker_id,
     });
@@ -4218,7 +4828,7 @@ const handleManagedPackCoverRequest = async (req, res, packKey) => {
     }
     if (error instanceof StickerPackError && error.code === STICKER_PACK_ERROR_CODES.STICKER_NOT_FOUND) {
       const fresh = await stickerPackService
-        .getPackInfo({ ownerJid: context.session.ownerJid, identifier: context.packKey })
+        .getPackInfo({ ownerJid: context.ownerJid, identifier: context.packKey })
         .catch(() => context.pack);
       await sendManagedPackMutationStatus(req, res, 'already_deleted', fresh, {
         pack_key: context.packKey,
@@ -4270,7 +4880,7 @@ const handleManagedPackReorderRequest = async (req, res, packKey) => {
 
   try {
     const updated = await stickerPackService.reorderPackItems({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       identifier: context.packKey,
       orderStickerIds: requestedOrderIds,
     });
@@ -4283,7 +4893,7 @@ const handleManagedPackReorderRequest = async (req, res, packKey) => {
     }
     if (error instanceof StickerPackError && error.code === STICKER_PACK_ERROR_CODES.INVALID_INPUT) {
       const fresh = await stickerPackService
-        .getPackInfo({ ownerJid: context.session.ownerJid, identifier: context.packKey })
+        .getPackInfo({ ownerJid: context.ownerJid, identifier: context.packKey })
         .catch(() => context.pack);
       await sendManagedPackMutationStatus(req, res, 'noop', fresh, {
         pack_key: context.packKey,
@@ -4313,7 +4923,7 @@ const handleManagedPackStickerDeleteRequest = async (req, res, packKey, stickerI
 
   try {
     const result = await stickerPackService.removeStickerFromPack({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       identifier: context.packKey,
       selector: stickerId,
     });
@@ -4336,7 +4946,7 @@ const handleManagedPackStickerDeleteRequest = async (req, res, packKey, stickerI
     }
     if (error instanceof StickerPackError && error.code === STICKER_PACK_ERROR_CODES.STICKER_NOT_FOUND) {
       const fresh = await stickerPackService
-        .getPackInfo({ ownerJid: context.session.ownerJid, identifier: context.packKey })
+        .getPackInfo({ ownerJid: context.ownerJid, identifier: context.packKey })
         .catch(() => context.pack);
       await sendManagedPackMutationStatus(req, res, 'already_deleted', fresh, {
         pack_key: context.packKey,
@@ -4390,19 +5000,19 @@ const handleManagedPackStickerCreateRequest = async (req, res, packKey) => {
   let uploadedAssetId = '';
   try {
     const normalizedUpload = await convertUploadMediaToWebp({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       buffer: decoded.buffer,
       mimetype: decoded.mimetype || 'image/webp',
     });
     const asset = await saveStickerAssetFromBuffer({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       buffer: normalizedUpload.buffer,
       mimetype: normalizedUpload.mimetype || 'image/webp',
     });
     uploadedAssetId = String(asset?.id || '').trim();
 
     let updatedPack = await stickerPackService.addStickerToPack({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       identifier: context.packKey,
       asset: { id: uploadedAssetId },
       emojis: [],
@@ -4411,7 +5021,7 @@ const handleManagedPackStickerCreateRequest = async (req, res, packKey) => {
 
     if (payload?.set_cover === true) {
       updatedPack = await stickerPackService.setPackCover({
-        ownerJid: context.session.ownerJid,
+        ownerJid: context.ownerJid,
         identifier: context.packKey,
         stickerId: uploadedAssetId,
       });
@@ -4490,7 +5100,7 @@ const handleManagedPackStickerReplaceRequest = async (req, res, packKey, sticker
   let uploadedAssetId = '';
   try {
     const originalPack = await stickerPackService.getPackInfo({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       identifier: context.packKey,
     });
     const originalItems = Array.isArray(originalPack?.items) ? originalPack.items : [];
@@ -4504,12 +5114,12 @@ const handleManagedPackStickerReplaceRequest = async (req, res, packKey, sticker
     }
 
     const normalizedUpload = await convertUploadMediaToWebp({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       buffer: decoded.buffer,
       mimetype: decoded.mimetype || 'image/webp',
     });
     const asset = await saveStickerAssetFromBuffer({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       buffer: normalizedUpload.buffer,
       mimetype: normalizedUpload.mimetype || 'image/webp',
     });
@@ -4525,7 +5135,7 @@ const handleManagedPackStickerReplaceRequest = async (req, res, packKey, sticker
     }
 
     const swapResult = await runSqlTransaction(async (connection) => {
-      const packRow = await findStickerPackByOwnerAndIdentifier(context.session.ownerJid, context.packKey, { connection });
+      const packRow = await findStickerPackByOwnerAndIdentifier(context.ownerJid, context.packKey, { connection });
       if (!packRow) return { status: 'pack_missing' };
 
       const liveOldItem = await getStickerPackItemByStickerId(packRow.id, normalizedStickerId, connection);
@@ -4577,7 +5187,7 @@ const handleManagedPackStickerReplaceRequest = async (req, res, packKey, sticker
 
     if (swapResult?.status === 'old_sticker_missing') {
       const fresh = await stickerPackService
-        .getPackInfo({ ownerJid: context.session.ownerJid, identifier: context.packKey })
+        .getPackInfo({ ownerJid: context.ownerJid, identifier: context.packKey })
         .catch(() => originalPack);
       await cleanupOrphanStickerAssets(uploadedAssetId ? [uploadedAssetId] : [], { reason: 'replace_sticker_old_missing' });
       await sendManagedPackMutationStatus(req, res, 'already_deleted', fresh, {
@@ -4589,7 +5199,7 @@ const handleManagedPackStickerReplaceRequest = async (req, res, packKey, sticker
 
     if (swapResult?.status === 'duplicate_target') {
       const fresh = await stickerPackService
-        .getPackInfo({ ownerJid: context.session.ownerJid, identifier: context.packKey })
+        .getPackInfo({ ownerJid: context.ownerJid, identifier: context.packKey })
         .catch(() => originalPack);
       await sendManagedPackMutationStatus(req, res, 'noop', fresh, {
         pack_key: context.packKey,
@@ -4602,7 +5212,7 @@ const handleManagedPackStickerReplaceRequest = async (req, res, packKey, sticker
 
     invalidateStickerCatalogDerivedCaches();
     const finalPack = await stickerPackService.getPackInfo({
-      ownerJid: context.session.ownerJid,
+      ownerJid: context.ownerJid,
       identifier: context.packKey,
     });
     await cleanupOrphanStickerAssets([normalizedStickerId], { reason: 'replace_sticker_old_cleanup' });
@@ -4715,55 +5325,37 @@ const handleCreatePackRequest = async (req, res) => {
   const manualTags = mergeUniqueTags(Array.isArray(payload?.tags) ? payload.tags : []).slice(0, 8);
   const persistedDescription = buildPackDescriptionWithTags(description, manualTags);
   const visibility = String(payload?.visibility || 'public').trim().toLowerCase();
-  const explicitOwnerJid = toOwnerJid(payload?.owner_jid);
   const googleSession = await resolveGoogleWebSessionFromRequest(req);
-  let googleCreator = null;
+  if (!googleSession?.ownerJid || !googleSession?.sub) {
+    sendJson(req, res, 401, {
+      error: 'Sessão expirada ou ausente. Faça login novamente para criar packs.',
+      code: STICKER_PACK_ERROR_CODES.NOT_ALLOWED,
+    });
+    return;
+  }
 
-  if (googleSession) {
-    googleCreator = {
-      ownerJid: googleSession.ownerJid,
+  try {
+    await assertGoogleIdentityNotBanned({
       sub: googleSession.sub,
       email: googleSession.email,
-      name: googleSession.name,
-      picture: googleSession.picture,
-    };
-  } else if (STICKER_WEB_GOOGLE_AUTH_REQUIRED || payload?.google_id_token) {
-    try {
-      const googleClaims = await verifyGoogleIdToken(payload?.google_id_token);
-      const googleOwnerJid = buildGoogleOwnerJid(googleClaims.sub);
-      await assertGoogleIdentityNotBanned({
-        sub: googleClaims.sub,
-        email: googleClaims.email,
-        ownerJid: googleOwnerJid,
-      });
-      if (!googleOwnerJid) {
-        sendJson(req, res, 400, {
-          error: 'Não foi possível vincular a conta Google ao criador.',
-          code: STICKER_PACK_ERROR_CODES.INVALID_INPUT,
-        });
-        return;
-      }
-      googleCreator = {
-        ownerJid: googleOwnerJid,
-        ...googleClaims,
-      };
-    } catch (error) {
-      sendJson(req, res, Number(error?.statusCode || 401), {
-        error: error?.message || 'Login Google inválido.',
-        code: STICKER_PACK_ERROR_CODES.NOT_ALLOWED,
-      });
-      return;
-    }
-  }
-
-  if (STICKER_WEB_GOOGLE_AUTH_REQUIRED && !googleCreator) {
-    sendJson(req, res, 400, {
-      error: 'Faça login com Google para criar packs nesta página.',
-      code: STICKER_PACK_ERROR_CODES.INVALID_INPUT,
+      ownerJid: googleSession.ownerJid,
+    });
+  } catch (error) {
+    sendJson(req, res, Number(error?.statusCode || 403), {
+      error: error?.message || 'Conta sem permissão para criar packs.',
+      code: STICKER_PACK_ERROR_CODES.NOT_ALLOWED,
     });
     return;
   }
 
+  const googleCreator = {
+    ownerJid: googleSession.ownerJid,
+    sub: googleSession.sub,
+    email: googleSession.email,
+    name: googleSession.name,
+    picture: googleSession.picture,
+  };
+
   if (googleCreator?.sub && googleCreator?.ownerJid) {
     await upsertGoogleWebUserRecord({
       sub: googleCreator.sub,
@@ -4779,17 +5371,7 @@ const handleCreatePackRequest = async (req, res) => {
     });
   }
 
-  const ownerJid = googleCreator?.ownerJid || explicitOwnerJid;
-
-  if (!ownerJid) {
-    sendJson(req, res, 400, {
-      error: STICKER_WEB_GOOGLE_AUTH_REQUIRED
-        ? 'Faça login com Google para criar packs nesta página.'
-        : 'Não foi possível resolver owner_jid para criar o pack.',
-      code: STICKER_PACK_ERROR_CODES.INVALID_INPUT,
-    });
-    return;
-  }
+  const ownerJid = googleCreator.ownerJid;
 
   try {
     logPackWebFlow('info', 'create_pack_start', {
@@ -5390,46 +5972,63 @@ const handleCreatorRankingRequest = async (req, res, url) => {
   const limit = clampInt(url.searchParams.get('limit'), 50, 5, 200);
   const googleSession = await resolveGoogleWebSessionFromRequest(req);
   const hasNsfwAccess = Boolean(googleSession?.sub && googleSession?.ownerJid);
-
-  const { packs } = await listStickerPacksForCatalog({
+  const cacheKey = buildCacheKey([
+    'creator_ranking',
     visibility,
-    search: q,
-    limit: 120,
-    offset: 0,
-  });
-  const driftSnapshot = await getMarketplaceDriftSnapshot();
-  const { entries } = await hydrateMarketplaceEntries(packs, { driftSnapshot });
-  const ranking = buildCreatorRanking(
-    STICKER_CATALOG_ONLY_CLASSIFIED ? entries.filter((entry) => isPackClassified(entry.packClassification)) : entries,
-    { limit },
-  );
+    q,
+    limit,
+    hasNsfwAccess ? 1 : 0,
+  ]);
+  const payload = await getCachedSnapshot({
+    cacheMap: CATALOG_CREATOR_RANKING_CACHE,
+    key: cacheKey,
+    ttlSeconds: CATALOG_CREATOR_RANKING_CACHE_SECONDS,
+    staleWhileRefresh: true,
+    staleOnError: true,
+    load: async () => {
+      const { packs } = await listStickerPacksForCatalog({
+        visibility,
+        search: q,
+        limit: 120,
+        offset: 0,
+      });
+      const driftSnapshot = await getMarketplaceDriftSnapshot();
+      const { entries } = await hydrateMarketplaceEntries(packs, { driftSnapshot });
+      const ranking = buildCreatorRanking(
+        STICKER_CATALOG_ONLY_CLASSIFIED ? entries.filter((entry) => isPackClassified(entry.packClassification)) : entries,
+        { limit },
+      );
 
-  sendJson(req, res, 200, {
-    data: ranking.map((creator) => ({
-      creator_score: Number(
-        (
-          Number(creator.avg_pack_score || 0) * 0.45 +
-          Number(creator.total_likes || 0) * 0.0008 +
-          Number(creator.total_opens || 0) * 0.00015
-        ).toFixed(6),
-      ),
-      publisher: creator.publisher,
-      verified: Boolean(creator.verified),
-      badges: creator.verified ? ['verified_creator'] : [],
-      stats: {
-        packs_count: Number(creator.packs_count || 0),
-        total_likes: Number(creator.total_likes || 0),
-        total_opens: Number(creator.total_opens || 0),
-        avg_pack_score: Number(creator.avg_pack_score || 0),
-      },
-      top_pack: creator.top_pack ? toSummaryEntry(creator.top_pack, { hideSensitiveCover: !hasNsfwAccess }) : null,
-    })),
-    filters: {
-      visibility,
-      q,
-      limit,
+      return {
+        data: ranking.map((creator) => ({
+          creator_score: Number(
+            (
+              Number(creator.avg_pack_score || 0) * 0.45 +
+              Number(creator.total_likes || 0) * 0.0008 +
+              Number(creator.total_opens || 0) * 0.00015
+            ).toFixed(6),
+          ),
+          publisher: creator.publisher,
+          verified: Boolean(creator.verified),
+          badges: creator.verified ? ['verified_creator'] : [],
+          stats: {
+            packs_count: Number(creator.packs_count || 0),
+            total_likes: Number(creator.total_likes || 0),
+            total_opens: Number(creator.total_opens || 0),
+            avg_pack_score: Number(creator.avg_pack_score || 0),
+          },
+          top_pack: creator.top_pack ? toSummaryEntry(creator.top_pack, { hideSensitiveCover: !hasNsfwAccess }) : null,
+        })),
+        filters: {
+          visibility,
+          q,
+          limit,
+        },
+      };
     },
   });
+
+  sendJson(req, res, 200, payload);
 };
 
 const handleRecommendationsRequest = async (req, res, url) => {
@@ -5581,6 +6180,7 @@ const buildSystemSummarySnapshot = async () => {
 
   const socketReadyState = Number(activeSocket?.ws?.readyState);
   const botJid = resolveBotJid(activeSocket?.user?.id) || null;
+  const botPhone = String(resolveCatalogBotPhone() || '').replace(/\D+/g, '') || null;
   const botConnected = Boolean(botJid) && socketReadyState === 1;
   const botConnectionStatus = botConnected
     ? 'online'
@@ -5646,6 +6246,7 @@ const buildSystemSummarySnapshot = async () => {
         connected: botConnected,
         connection_status: botConnectionStatus,
         jid: botJid,
+        phone: botPhone,
         ready_state: Number.isFinite(socketReadyState) ? socketReadyState : null,
       },
       platform,
@@ -6510,6 +7111,15 @@ const handleSupportInfoRequest = async (req, res) => {
   sendJson(req, res, 200, { data });
 };
 
+const handleBotContactInfoRequest = async (req, res) => {
+  const data = buildBotContactInfo();
+  if (!data) {
+    sendJson(req, res, 404, { error: 'Contato do bot indisponivel no momento.' });
+    return;
+  }
+  sendJson(req, res, 200, { data });
+};
+
 const handlePublicDataAssetRequest = async (req, res, pathname) => {
   const suffix = pathname.slice(STICKER_DATA_PUBLIC_PATH.length).replace(/^\/+/, '');
   if (!suffix) {
@@ -6560,42 +7170,60 @@ const handlePublicDataAssetRequest = async (req, res, pathname) => {
 };
 
 const fetchPublicPackPayload = async (normalizedPackKey) => {
-  const pack = await findStickerPackByPackKey(normalizedPackKey);
-  if (!pack || !isPackPubliclyVisible(pack)) return null;
-
-  const items = await listStickerPackItems(pack.id);
-  const stickerIds = items.map((item) => item.sticker_id);
-  const [classifications, packClassification, engagement] = await Promise.all([
-    listStickerClassificationsByAssetIds(stickerIds),
-    getPackClassificationSummaryByAssetIds(stickerIds),
-    getStickerPackEngagementByPackId(pack.id),
-  ]);
+  const cacheKey = buildCacheKey(['pack_payload', normalizedPackKey]);
+  return getCachedSnapshot({
+    cacheMap: CATALOG_PACK_PAYLOAD_CACHE,
+    key: cacheKey,
+    ttlSeconds: CATALOG_PACK_PAYLOAD_CACHE_SECONDS,
+    staleWhileRefresh: true,
+    staleOnError: true,
+    load: async () => {
+      const pack = await findStickerPackByPackKey(normalizedPackKey);
+      if (!pack || !isPackPubliclyVisible(pack)) return null;
+
+      const items = await listStickerPackItems(pack.id);
+      const stickerIds = items.map((item) => item.sticker_id);
+      const [classifications, packClassification, engagement] = await Promise.all([
+        listStickerClassificationsByAssetIds(stickerIds),
+        getPackClassificationSummaryByAssetIds(stickerIds),
+        getStickerPackEngagementByPackId(pack.id),
+      ]);
+
+      if (STICKER_CATALOG_ONLY_CLASSIFIED && !isPackClassified(packClassification)) {
+        return null;
+      }
 
-  if (STICKER_CATALOG_ONLY_CLASSIFIED && !isPackClassified(packClassification)) {
-    return null;
-  }
+      const [interactionStatsByPack, driftSnapshot, snapshotByPackId] = await Promise.all([
+        listStickerPackInteractionStatsByPackIds([pack.id]),
+        getMarketplaceDriftSnapshot(),
+        canUseRankingSnapshotRead(`pack_payload:${pack.id}`)
+          .then((enabled) => (enabled ? listStickerPackScoreSnapshotsByPackIds([pack.id]) : new Map()))
+          .catch(() => new Map()),
+      ]);
+      const byAssetClassification = new Map(classifications.map((entry) => [entry.asset_id, entry]));
+      const orderedClassifications = stickerIds.map((stickerId) => byAssetClassification.get(stickerId)).filter(Boolean);
+      const snapshot = snapshotByPackId.get(pack.id);
+      const signals = snapshot?.signals
+        ? snapshot.signals
+        : computePackSignals({
+            pack: { ...pack, items },
+            engagement,
+            packClassification,
+            itemClassifications: orderedClassifications,
+            interactionStats: interactionStatsByPack.get(pack.id) || null,
+            scoringWeights: driftSnapshot.weights,
+          });
 
-  const interactionStatsByPack = await listStickerPackInteractionStatsByPackIds([pack.id]);
-  const driftSnapshot = await getMarketplaceDriftSnapshot();
-  const byAssetClassification = new Map(classifications.map((entry) => [entry.asset_id, entry]));
-  const orderedClassifications = stickerIds.map((stickerId) => byAssetClassification.get(stickerId)).filter(Boolean);
-  const signals = computePackSignals({
-    pack: { ...pack, items },
-    engagement,
-    packClassification,
-    itemClassifications: orderedClassifications,
-    interactionStats: interactionStatsByPack.get(pack.id) || null,
-    scoringWeights: driftSnapshot.weights,
+      return {
+        pack,
+        items,
+        byAssetClassification,
+        packClassification,
+        engagement,
+        signals,
+      };
+    },
   });
-
-  return {
-    pack,
-    items,
-    byAssetClassification,
-    packClassification,
-    engagement,
-    signals,
-  };
 };
 
 const handleDetailsRequest = async (req, res, packKey, url) => {
@@ -6686,6 +7314,23 @@ const handleAssetRequest = async (req, res, packKey, stickerToken) => {
         return;
       }
     }
+
+    const externalAssetUrl = await getStickerAssetExternalUrl(item.asset, {
+      secure: true,
+      expiresInSeconds: Math.max(60, Math.min(3600, Number(process.env.STICKER_OBJECT_STORAGE_SIGNED_URL_TTL_SECONDS) || 300)),
+    }).catch(() => null);
+    if (externalAssetUrl) {
+      res.statusCode = 302;
+      res.setHeader('Location', externalAssetUrl);
+      res.setHeader('Cache-Control', 'private, max-age=45');
+      if (req.method === 'HEAD') {
+        res.end();
+        return;
+      }
+      res.end();
+      return;
+    }
+
     if (decorated) {
       res.setHeader('X-Sticker-Category', String(decorated?.category || 'unknown'));
       res.setHeader('X-Sticker-NSFW', decorated?.is_nsfw ? '1' : '0');
@@ -6759,7 +7404,7 @@ const handlePackInteractionRequest = async (req, res, packKey, interaction, url)
 const listAdminActiveGoogleWebSessions = async ({ limit = 200 } = {}) => {
   const safeLimit = Math.max(1, Math.min(500, Number(limit || 200)));
   const rows = await executeQuery(
-    `SELECT session_token, google_sub, owner_jid, email, name, picture_url, created_at, last_seen_at, expires_at
+    `SELECT session_token, google_sub, owner_jid, owner_phone, email, name, picture_url, created_at, last_seen_at, expires_at
        FROM ${TABLES.STICKER_WEB_GOOGLE_SESSION}
       WHERE revoked_at IS NULL
         AND expires_at > UTC_TIMESTAMP()
@@ -6770,6 +7415,7 @@ const listAdminActiveGoogleWebSessions = async ({ limit = 200 } = {}) => {
     session_token: String(row.session_token || '').trim(),
     google_sub: normalizeGoogleSubject(row.google_sub),
     owner_jid: normalizeJid(row.owner_jid) || null,
+    owner_phone: toWhatsAppPhoneDigits(row.owner_phone || row.owner_jid) || null,
     email: normalizeEmail(row.email) || null,
     name: sanitizeText(row.name || '', 120, { allowEmpty: true }) || null,
     picture: String(row.picture_url || '').trim() || null,
@@ -6782,7 +7428,7 @@ const listAdminActiveGoogleWebSessions = async ({ limit = 200 } = {}) => {
 const listAdminKnownGoogleUsers = async ({ limit = 200 } = {}) => {
   const safeLimit = Math.max(1, Math.min(500, Number(limit || 200)));
   const rows = await executeQuery(
-    `SELECT google_sub, owner_jid, email, name, picture_url, created_at, updated_at, last_login_at, last_seen_at
+    `SELECT google_sub, owner_jid, owner_phone, email, name, picture_url, created_at, updated_at, last_login_at, last_seen_at
        FROM ${TABLES.STICKER_WEB_GOOGLE_USER}
       ORDER BY COALESCE(last_seen_at, last_login_at, updated_at, created_at) DESC
       LIMIT ${safeLimit}`,
@@ -6790,6 +7436,7 @@ const listAdminKnownGoogleUsers = async ({ limit = 200 } = {}) => {
   return (Array.isArray(rows) ? rows : []).map((row) => ({
     google_sub: normalizeGoogleSubject(row.google_sub),
     owner_jid: normalizeJid(row.owner_jid) || null,
+    owner_phone: toWhatsAppPhoneDigits(row.owner_phone || row.owner_jid) || null,
     email: normalizeEmail(row.email) || null,
     name: sanitizeText(row.name || '', 120, { allowEmpty: true }) || null,
     picture: String(row.picture_url || '').trim() || null,
@@ -7291,314 +7938,60 @@ const handleAdminBanRevokeRequest = async (req, res, banId) => {
   }
 };
 
-const handleCatalogApiRequest = async (req, res, pathname, url) => {
-  if (pathname === `${STICKER_API_BASE_PATH}/create`) {
-    if (req.method !== 'POST') {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleCreatePackRequest(req, res);
-    return true;
-  }
-
-  if (pathname === `${STICKER_API_BASE_PATH}/auth/google/session`) {
-    await handleGoogleAuthSessionRequest(req, res);
-    return true;
-  }
-
-  if (pathname === `${STICKER_API_BASE_PATH}/me`) {
-    await handleMyProfileRequest(req, res);
-    return true;
-  }
-
-  if (pathname === `${STICKER_API_BASE_PATH}/admin/session`) {
-    await handleAdminPanelSessionRequest(req, res);
-    return true;
-  }
-
-  if (pathname === STICKER_API_BASE_PATH) {
-    if (!['GET', 'HEAD'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleListRequest(req, res, url);
-    return true;
-  }
-
-  if (pathname === `${STICKER_API_BASE_PATH}/intents`) {
-    if (!['GET', 'HEAD'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleIntentCollectionsRequest(req, res, url);
-    return true;
-  }
-
-  if (pathname === `${STICKER_API_BASE_PATH}/creators`) {
-    if (!['GET', 'HEAD'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleCreatorRankingRequest(req, res, url);
-    return true;
-  }
-
-  if (pathname === `${STICKER_API_BASE_PATH}/recommendations`) {
-    if (!['GET', 'HEAD'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleRecommendationsRequest(req, res, url);
-    return true;
-  }
-
-  if (pathname === `${STICKER_API_BASE_PATH}/stats`) {
-    if (!['GET', 'HEAD'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleMarketplaceStatsRequest(req, res, url);
-    return true;
-  }
-
-  if (pathname === `${STICKER_API_BASE_PATH}/create-config`) {
-    if (!['GET', 'HEAD'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleCreatePackConfigRequest(req, res);
-    return true;
-  }
-
-  if (pathname === STICKER_ORPHAN_API_PATH) {
-    if (!['GET', 'HEAD'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleOrphanStickerListRequest(req, res, url);
-    return true;
-  }
-
-  const suffix = pathname.slice(STICKER_API_BASE_PATH.length).replace(/^\/+/, '');
-  if (!suffix) return false;
-
-  const segments = suffix.split('/').filter(Boolean).map((segment) => {
-    try {
-      return decodeURIComponent(segment);
-    } catch {
-      return segment;
-    }
-  });
-
-  if (segments.length === 1 && segments[0] === 'data-files') {
-    if (!['GET', 'HEAD'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleDataFileListRequest(req, res, url);
-    return true;
-  }
-
-  if (segments.length === 1 && segments[0] === 'system-summary') {
-    if (!['GET', 'HEAD'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleSystemSummaryRequest(req, res);
-    return true;
-  }
-
-  if (segments.length === 1 && segments[0] === 'project-summary') {
-    if (!['GET', 'HEAD'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleGitHubProjectSummaryRequest(req, res);
-    return true;
-  }
-
-  if (segments.length === 1 && segments[0] === 'global-ranking-summary') {
-    if (!['GET', 'HEAD'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleGlobalRankingSummaryRequest(req, res);
-    return true;
-  }
-
-  if (segments.length === 1 && segments[0] === 'readme-summary') {
-    if (!['GET', 'HEAD'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleReadmeSummaryRequest(req, res);
-    return true;
-  }
-
-  if (segments.length === 1 && segments[0] === 'readme-markdown') {
-    if (!['GET', 'HEAD'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleReadmeMarkdownRequest(req, res);
-    return true;
-  }
-
-  if (segments.length === 1 && segments[0] === 'support') {
-    if (!['GET', 'HEAD'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleSupportInfoRequest(req, res);
-    return true;
-  }
-
-  if (segments[0] === 'admin') {
-    if (segments.length === 2 && segments[1] === 'overview') {
-      await handleAdminOverviewRequest(req, res);
-      return true;
-    }
-    if (segments.length === 2 && segments[1] === 'users') {
-      await handleAdminUsersRequest(req, res, url);
-      return true;
-    }
-    if (segments.length === 2 && segments[1] === 'moderators') {
-      await handleAdminModeratorsRequest(req, res);
-      return true;
-    }
-    if (segments.length === 3 && segments[1] === 'moderators') {
-      await handleAdminModeratorDeleteRequest(req, res, segments[2]);
-      return true;
-    }
-    if (segments.length === 2 && segments[1] === 'packs') {
-      await handleAdminPacksRequest(req, res, url);
-      return true;
-    }
-    if (segments.length === 3 && segments[1] === 'packs') {
-      await handleAdminPackDetailsRequest(req, res, segments[2]);
-      return true;
-    }
-    if (segments.length === 4 && segments[1] === 'packs' && segments[3] === 'delete') {
-      await handleAdminPackDeleteRequest(req, res, segments[2]);
-      return true;
-    }
-    if (segments.length === 6 && segments[1] === 'packs' && segments[3] === 'stickers' && segments[5] === 'delete') {
-      await handleAdminPackStickerDeleteRequest(req, res, segments[2], segments[4]);
-      return true;
-    }
-    if (segments.length === 4 && segments[1] === 'stickers' && segments[3] === 'delete') {
-      await handleAdminGlobalStickerDeleteRequest(req, res, segments[2]);
-      return true;
-    }
-    if (segments.length === 2 && segments[1] === 'bans') {
-      await handleAdminBansRequest(req, res);
-      return true;
-    }
-    if (segments.length === 4 && segments[1] === 'bans' && segments[3] === 'revoke') {
-      await handleAdminBanRevokeRequest(req, res, segments[2]);
-      return true;
-    }
-    sendJson(req, res, 404, { error: 'Rota admin nao encontrada.' });
-    return true;
-  }
-
-  if (segments.length === 1) {
-    if (!['GET', 'HEAD'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleDetailsRequest(req, res, segments[0], url);
-    return true;
-  }
-
-  if (segments.length === 2 && ['open', 'like', 'dislike'].includes(segments[1])) {
-    if (req.method !== 'POST') {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handlePackInteractionRequest(req, res, segments[0], segments[1], url);
-    return true;
-  }
-
-  if (segments.length === 2 && segments[1] === 'manage') {
-    await handleManagedPackRequest(req, res, segments[0]);
-    return true;
-  }
-
-  if (segments.length === 3 && segments[1] === 'manage' && segments[2] === 'clone') {
-    await handleManagedPackCloneRequest(req, res, segments[0]);
-    return true;
-  }
-
-  if (segments.length === 3 && segments[1] === 'manage' && segments[2] === 'cover') {
-    await handleManagedPackCoverRequest(req, res, segments[0]);
-    return true;
-  }
-
-  if (segments.length === 3 && segments[1] === 'manage' && segments[2] === 'reorder') {
-    await handleManagedPackReorderRequest(req, res, segments[0]);
-    return true;
-  }
-
-  if (segments.length === 3 && segments[1] === 'manage' && segments[2] === 'analytics') {
-    await handleManagedPackAnalyticsRequest(req, res, segments[0]);
-    return true;
-  }
-
-  if (segments.length === 3 && segments[1] === 'manage' && segments[2] === 'stickers') {
-    await handleManagedPackStickerCreateRequest(req, res, segments[0]);
-    return true;
-  }
-
-  if (segments.length === 4 && segments[1] === 'manage' && segments[2] === 'stickers') {
-    await handleManagedPackStickerDeleteRequest(req, res, segments[0], segments[3]);
-    return true;
-  }
-
-  if (segments.length === 5 && segments[1] === 'manage' && segments[2] === 'stickers' && segments[4] === 'replace') {
-    await handleManagedPackStickerReplaceRequest(req, res, segments[0], segments[3]);
-    return true;
-  }
-
-  if (segments.length === 2 && segments[1] === 'publish-state') {
-    if (!['GET', 'HEAD', 'POST'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handlePackPublishStateRequest(req, res, segments[0], url);
-    return true;
-  }
-
-  if (segments.length === 2 && segments[1] === 'finalize') {
-    if (req.method !== 'POST') {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleFinalizePackRequest(req, res, segments[0]);
-    return true;
-  }
-
-  if (segments.length === 2 && segments[1] === 'stickers-upload') {
-    if (req.method !== 'POST') {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleUploadStickerToPackRequest(req, res, segments[0]);
-    return true;
-  }
-
-  if (segments.length === 3 && segments[1] === 'stickers') {
-    if (!['GET', 'HEAD'].includes(req.method || '')) {
-      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
-      return true;
-    }
-    await handleAssetRequest(req, res, segments[0], segments[2]);
-    return true;
-  }
+const catalogApiRouter = createCatalogApiRouter({
+  apiBasePath: STICKER_API_BASE_PATH,
+  orphanApiPath: STICKER_ORPHAN_API_PATH,
+  sendJson,
+  handlers: {
+    handleCreatePackRequest,
+    handleGoogleAuthSessionRequest,
+    handleMyProfileRequest,
+    handleAdminPanelSessionRequest,
+    handleListRequest,
+    handleIntentCollectionsRequest,
+    handleCreatorRankingRequest,
+    handleRecommendationsRequest,
+    handleMarketplaceStatsRequest,
+    handleCreatePackConfigRequest,
+    handleOrphanStickerListRequest,
+    handleDataFileListRequest,
+    handleSystemSummaryRequest,
+    handleGitHubProjectSummaryRequest,
+    handleGlobalRankingSummaryRequest,
+    handleReadmeSummaryRequest,
+    handleReadmeMarkdownRequest,
+    handleSupportInfoRequest,
+    handleBotContactInfoRequest,
+    handleAdminOverviewRequest,
+    handleAdminUsersRequest,
+    handleAdminModeratorsRequest,
+    handleAdminModeratorDeleteRequest,
+    handleAdminPacksRequest,
+    handleAdminPackDetailsRequest,
+    handleAdminPackDeleteRequest,
+    handleAdminPackStickerDeleteRequest,
+    handleAdminGlobalStickerDeleteRequest,
+    handleAdminBansRequest,
+    handleAdminBanRevokeRequest,
+    handleDetailsRequest,
+    handlePackInteractionRequest,
+    handleManagedPackRequest,
+    handleManagedPackCloneRequest,
+    handleManagedPackCoverRequest,
+    handleManagedPackReorderRequest,
+    handleManagedPackAnalyticsRequest,
+    handleManagedPackStickerCreateRequest,
+    handleManagedPackStickerDeleteRequest,
+    handleManagedPackStickerReplaceRequest,
+    handlePackPublishStateRequest,
+    handleFinalizePackRequest,
+    handleUploadStickerToPackRequest,
+    handleAssetRequest,
+  },
+});
 
-  sendJson(req, res, 404, { error: 'Rota de sticker pack nao encontrada.' });
-  return true;
-};
+const handleCatalogApiRequest = async (req, res, pathname, url) =>
+  catalogApiRouter({ req, res, pathname, url });
 
 const handleCatalogPageRequest = async (req, res, pathname) => {
   const normalizedPath = pathname.length > 1 ? pathname.replace(/\/+$/, '') : pathname;
@@ -7624,6 +8017,20 @@ const handleCatalogPageRequest = async (req, res, pathname) => {
 
   if (normalizedPath === STICKER_CREATE_WEB_PATH) {
     try {
+      const googleSession = await resolveGoogleWebSessionFromRequest(req);
+      if (!googleSession?.ownerJid) {
+        const requestUrl = new URL(req.url || `${STICKER_CREATE_WEB_PATH}/`, SITE_ORIGIN);
+        const nextPath = `${requestUrl.pathname}${requestUrl.search}`;
+        const loginRedirectUrl = new URL(`${STICKER_LOGIN_WEB_PATH}/`, SITE_ORIGIN);
+        loginRedirectUrl.searchParams.set('next', nextPath);
+
+        res.statusCode = 302;
+        res.setHeader('Location', `${loginRedirectUrl.pathname}${loginRedirectUrl.search}`);
+        res.setHeader('Cache-Control', 'no-store');
+        res.end();
+        return;
+      }
+
       const html = await renderCreatePackHtml();
       sendText(req, res, 200, html, 'text/html; charset=utf-8');
       return;
@@ -7711,6 +8118,7 @@ export const isStickerCatalogEnabled = () => STICKER_CATALOG_ENABLED;
 export const getStickerCatalogConfig = () => ({
   enabled: STICKER_CATALOG_ENABLED,
   webPath: STICKER_WEB_PATH,
+  userProfilePath: USER_PROFILE_WEB_PATH,
   apiBasePath: STICKER_API_BASE_PATH,
   orphanApiPath: STICKER_ORPHAN_API_PATH,
   dataPublicPath: STICKER_DATA_PUBLIC_PATH,
@@ -7734,6 +8142,29 @@ export async function maybeHandleStickerCatalogRequest(req, res, { pathname, url
   if (!['GET', 'HEAD', 'POST', 'PATCH', 'DELETE'].includes(req.method || '')) return false;
   if (maybeRedirectToCanonicalHost(req, res, url)) return true;
 
+  if (pathname === USER_PROFILE_WEB_PATH || pathname === `${USER_PROFILE_WEB_PATH}/`) {
+    if (!['GET', 'HEAD'].includes(req.method || '')) return false;
+    try {
+      const html = await renderUserDashboardHtml();
+      res.setHeader('Cache-Control', 'no-store');
+      res.setHeader('X-Robots-Tag', 'noindex, nofollow');
+      sendText(req, res, 200, html, 'text/html; charset=utf-8');
+    } catch (error) {
+      if (error?.code === 'ENOENT') {
+        sendJson(req, res, 404, { error: 'Template da pagina de usuario nao encontrado.' });
+        return true;
+      }
+
+      logger.error('Falha ao renderizar pagina de usuario.', {
+        action: 'user_dashboard_page_render_failed',
+        path: pathname,
+        error: error?.message,
+      });
+      sendJson(req, res, 500, { error: 'Falha interna ao renderizar pagina de usuario.' });
+    }
+    return true;
+  }
+
   if (pathname === '/sitemap.xml') {
     if (!['GET', 'HEAD'].includes(req.method || '')) return false;
     try {