@lazyneoaz/metachat 1.0.0 → 1.0.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lazyneoaz/metachat",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "type": "commonjs",
   "types": "src/types/index.d.ts",
   "description": "Advanced Facebook Chat API client for building Messenger bots — real-time messaging, thread management, MQTT, and session stability.",
@@ -8,8 +8,7 @@
   "files": [
     "index.js",
     "src/",
-    "LICENSE",
-    "README.md"
+    "LICENSE"
   ],
   "repository": {
     "type": "git",
@@ -41,18 +40,18 @@
     "axios": "^1.13.5",
     "axios-cookiejar-support": "^4.0.7",
     "bluebird": "^3.7.2",
-    "cheerio": "^1.0.0",
+    "cheerio": "^1.0.0-rc.12",
     "cli-progress": "^3.12.0",
     "deepdash": "^5.3.9",
     "duplexify": "^4.1.3",
     "form-data": "^4.0.4",
-    "gradient-string": "^3.0.0",
+    "gradient-string": "^2.0.2",
     "https-proxy-agent": "^7.0.6",
     "jsonpath-plus": "^10.3.0",
     "lodash": "^4.17.21",
     "mqtt": "^4.3.8",
     "node-cron": "^3.0.3",
-    "ora": "^9.4.0",
+    "ora": "^5.4.1",
     "picocolors": "^1.1.1",
     "sequelize": "^6.37.5",
     "sqlite3": "^5.1.7",

package/src/apis/enableAutoSaveAppState.js

@@ -22,10 +22,10 @@ module.exports = function (defaultFuncs, api, ctx) {
   return function enableAutoSaveAppState(options) {
     options = options || {};
     const filePath   = options.filePath  || path.join(process.cwd(), "appstate.json");
-    const interval   = options.interval  || 10 * 60 * 1000;
+    const interval   = options.interval  || 5 * 60 * 1000;  // 5 min default (was 10 min)
     const saveOnLogin = options.saveOnLogin !== false;
 
-    function saveAppState() {
+    async function saveAppState() {
       try {
         const appState = api.getAppState ? api.getAppState() : null;
         if (!appState || (Array.isArray(appState) && appState.length === 0)) {
@@ -33,9 +33,20 @@ module.exports = function (defaultFuncs, api, ctx) {
         }
         const payload = Array.isArray(appState) ? appState : (appState.appState || appState);
         fs.writeFileSync(filePath, JSON.stringify(payload, null, 2), "utf8");
-      } catch (err) {
-        // Silently ignore write errors (e.g. read-only FS in some environments)
+      } catch (_) {
+        // Silently ignore file-write errors (e.g. read-only FS)
       }
+
+      // Keep the database backup in sync so re-login always uses fresh cookies.
+      try {
+        const { backupAppStateSQL } = require('../database/appStateBackup');
+        const jar = (ctx && ctx.jar) ? ctx.jar : require('../utils').getJar();
+        const userID = (ctx && ctx.userID) ? ctx.userID :
+                       (typeof api.getCurrentUserID === 'function' ? api.getCurrentUserID() : null);
+        if (jar && userID) {
+          await backupAppStateSQL(jar, userID);
+        }
+      } catch (_) {}
     }
 
     let immediateTimer = null;

package/src/engine/models/loginHelper.js

@@ -206,7 +206,19 @@ async function loginHelper(credentials, globalOptions, callback, setOptionsFunc,
             globalAntiSuspension.enableWarmup();
         } catch (_) {}
 
-        const resp = await utils.get(fbLinkFunc(), jar, null, globalOptions, { noRef: true }).then(utils.saveCookies(jar));
+        let resp = await utils.get(fbLinkFunc(), jar, null, globalOptions, { noRef: true }).then(utils.saveCookies(jar));
+
+        // Auto-dismiss the FBScrapingWarning checkpoint before building the API.
+        // If left unhandled this checkpoint escalates to a permanent account ban.
+        try {
+            const { bypassScrapingWarning } = require('../../utils/checkpointBypass');
+            const bypassedResp = await bypassScrapingWarning(jar, globalOptions, null, resp);
+            if (bypassedResp) {
+                resp = bypassedResp;
+                utils.log("LoginHelper", "Session restored after scraping-warning bypass");
+            }
+        } catch (_) {}
+
         const extractNetData = (html) => {
             const allScriptsData = [];
             const scriptRegex = /<script type="application\/json"[^>]*>(.*?)<\/script>/g;

package/src/types/index.d.ts

@@ -2,7 +2,7 @@
 import { ReadStream } from "fs";
 import { EventEmitter } from "events";
 
-declare module "dhoner-fca" {
+declare module "@lazyneoaz/metachat" {
     export type UserID = string;
     export type ThreadID = string;
     export type MessageID = string;

package/src/utils/checkpointBypass.js

@@ -0,0 +1,138 @@
+"use strict";
+
+const utils = require('./index');
+
+/**
+ * Detects and auto-dismisses Facebook's FBScrapingWarning checkpoint.
+ *
+ * This checkpoint (at /checkpoint/601051028565049) is triggered when Facebook
+ * suspects automated access. If left unhandled it escalates to a permanent
+ * account suspension. The fix is to POST the FBScrapingWarningMutation GraphQL
+ * call with doc_id 6339492849481770, which silently acknowledges the warning.
+ *
+ * @param {object}      jar           - The cookie jar.
+ * @param {object}      globalOptions - Global request options.
+ * @param {string|null} userID        - User ID (extracted from cookies/HTML if omitted).
+ * @param {object|null} existingResp  - An already-fetched homepage response to inspect
+ *                                      first.  When provided, a fresh fetch is skipped
+ *                                      unless the checkpoint is actually detected.
+ * @returns {Promise<object|null>} The refreshed response after bypass, or null if no
+ *                                  checkpoint was present.
+ */
+async function bypassScrapingWarning(jar, globalOptions, userID = null, existingResp = null) {
+    try {
+        const toStr = (x) => (typeof x === 'string' ? x : JSON.stringify(x || ""));
+
+        const isCp = (resp) => {
+            if (!resp) return false;
+            const body = toStr(resp.body || resp.data || "");
+            return (
+                body.includes('checkpoint/601051028565049') ||
+                body.includes('XCheckpointFBScrapingWarningController')
+            );
+        };
+
+        // Use the existing response if provided, otherwise fetch the homepage.
+        let initial = existingResp || null;
+        if (!initial) {
+            initial = await utils.get(
+                'https://www.facebook.com/',
+                jar, null, globalOptions,
+                { noRef: true, _skipSessionInspect: true }
+            );
+            utils.saveCookies(jar)(initial);
+        }
+
+        if (!isCp(initial)) {
+            return null;
+        }
+
+        utils.warn("BYPASS", "FBScrapingWarning checkpoint detected — auto-dismissing...");
+
+        const html = toStr(initial.body || initial.data || "");
+
+        // --- Extract user ID ---
+        let uid = userID || null;
+        if (!uid) {
+            try {
+                const cookies = jar.getCookiesSync('https://www.facebook.com');
+                const pick = (key) => (cookies.find(c => c.key === key) || {}).value;
+                uid = pick('i_user') || pick('c_user') || null;
+            } catch (_) {}
+        }
+        if (!uid) {
+            const m = html.match(/"USER_ID"\s*:\s*"(\d+)"/) ||
+                      html.match(/\["CurrentUserInitialData",\[\],\{[^}]*"USER_ID":"(\d+)"/);
+            if (m) uid = m[1];
+        }
+
+        // --- Extract CSRF tokens ---
+        const grab = (patterns) => {
+            for (const re of patterns) {
+                const m = html.match(re);
+                if (m && m[1]) return m[1];
+            }
+            return null;
+        };
+
+        const fb_dtsg = grab([
+            /"DTSGInitData",\[\],\{"token":"([^"]+)"/,
+            /name="fb_dtsg"\s+value="([^"]+)"/,
+            /"DTSGInitialData",\[\],\{"token":"([^"]+)"/
+        ]);
+        const jazoest = grab([
+            /name="jazoest"\s+value="([^"]+)"/,
+            /jazoest=(\d+)/
+        ]);
+        const lsd = grab([
+            /"LSD",\[\],\{"token":"([^"]+)"/,
+            /name="lsd"\s+value="([^"]+)"/
+        ]);
+
+        if (!fb_dtsg || !uid) {
+            utils.warn("BYPASS", `Cannot bypass — missing tokens (uid=${uid ? 'ok' : 'missing'}, fb_dtsg=${fb_dtsg ? 'ok' : 'missing'})`);
+            return initial;
+        }
+
+        // --- POST FBScrapingWarningMutation ---
+        const form = {
+            av: uid,
+            fb_dtsg,
+            jazoest: jazoest || "",
+            lsd: lsd || "",
+            fb_api_caller_class: "RelayModern",
+            fb_api_req_friendly_name: "FBScrapingWarningMutation",
+            variables: "{}",
+            server_timestamps: "true",
+            doc_id: "6339492849481770"
+        };
+
+        const mutResp = await utils.post(
+            'https://www.facebook.com/api/graphql/',
+            jar, form, globalOptions,
+            { noRef: true, _skipSessionInspect: true }
+        );
+        utils.saveCookies(jar)(mutResp);
+
+        // --- Re-fetch homepage to confirm checkpoint is gone ---
+        const refreshed = await utils.get(
+            'https://www.facebook.com/',
+            jar, null, globalOptions,
+            { noRef: true, _skipSessionInspect: true }
+        );
+        utils.saveCookies(jar)(refreshed);
+
+        if (isCp(refreshed)) {
+            utils.warn("BYPASS", "Checkpoint still present after FBScrapingWarningMutation — may need manual intervention");
+        } else {
+            utils.log("BYPASS", "FBScrapingWarning checkpoint dismissed. Session restored.");
+        }
+
+        return refreshed;
+    } catch (err) {
+        utils.error("BYPASS", `bypassScrapingWarning error: ${err && err.message ? err.message : String(err)}`);
+        return null;
+    }
+}
+
+module.exports = { bypassScrapingWarning };

package/src/utils/tokenRefresh.js

@@ -140,13 +140,29 @@ class TokenRefreshManager {
         const RETRY_DELAYS = [2000, 5000, 10000];
         
         try {
-            const resp = await utils.get(fbLink, ctx.jar, null, ctx.globalOptions, { noRef: true });
-            
-            const html = resp.body;
+            let resp = await utils.get(fbLink, ctx.jar, null, ctx.globalOptions, { noRef: true });
+            utils.saveCookies(ctx.jar)(resp);
+
+            let html = resp.body;
             if (!html) {
                 throw new Error("Empty response from Facebook");
             }
 
+            // Auto-dismiss FBScrapingWarning before any other checks
+            const isScrapingWarning = html.includes('XCheckpointFBScrapingWarningController') ||
+                                      html.includes('checkpoint/601051028565049');
+            if (isScrapingWarning) {
+                try {
+                    const { bypassScrapingWarning } = require('./checkpointBypass');
+                    const bypassed = await bypassScrapingWarning(ctx.jar, ctx.globalOptions, ctx.userID, resp);
+                    if (bypassed) {
+                        resp = bypassed;
+                        html = resp.body || html;
+                        utils.log("TokenRefresh", "Scraping-warning checkpoint dismissed during token refresh");
+                    }
+                } catch (_) {}
+            }
+
             // Precise check - broad html.includes("login") is a false positive because
             // Facebook includes the word "login" all over authenticated pages too.
             const isLoginPage = html.includes('<form id="login_form"') ||
@@ -193,12 +209,19 @@ class TokenRefreshManager {
 
             this.lastRefresh = Date.now();
             this.failureCount = 0;
+
+            // Persist fresh cookies and update the DB backup so re-login
+            // attempts always use the newest session state.
             try {
                 if (globalAutoReLoginManager && globalAutoReLoginManager.isEnabled && globalAutoReLoginManager.isEnabled()) {
                     const appState = utils.getAppState(ctx.jar);
                     globalAutoReLoginManager.updateAppState(appState);
                 }
             } catch (_) {}
+            try {
+                const { backupAppStateSQL } = require('../database/appStateBackup');
+                await backupAppStateSQL(ctx.jar, ctx.userID);
+            } catch (_) {}
             return true;
         } catch (error) {
             this.failureCount++;