@lazyneoaz/metachat 1.0.1 → 1.0.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lazyneoaz/metachat",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "type": "commonjs",
   "types": "src/types/index.d.ts",
   "description": "Advanced Facebook Chat API client for building Messenger bots — real-time messaging, thread management, MQTT, and session stability.",

package/src/engine/models/buildAPI.js

@@ -54,7 +54,7 @@ async function buildAPI(html, jar, netData, globalOptions, fbLinkFunc, errorRetr
     
     const dtsgResult = { 
         fb_dtsg: dtsg, 
-        jazoest: `2${Array.from(dtsg).reduce((a, b) => a + b.charCodeAt(0), '')}`,
+        jazoest: `2${Array.from(dtsg).reduce((a, b) => a + b.charCodeAt(0), 0)}`,
         lsd: lsd
     };
 

package/src/engine/models/loginHelper.js

@@ -415,9 +415,11 @@ async function loginHelper(credentials, globalOptions, callback, setOptionsFunc,
               // Use the lightweight presence endpoint instead of fetching the
               // full homepage (~400 kB). Returns 200 JSON when authenticated,
               // 302→login when the session is expired.
+              // Do NOT send fb_dtsg_ag= (empty) — real browsers always send a
+              // real token here, so an empty value is a bot fingerprint.
               const resp = await utils.get(
-                'https://www.facebook.com/ajax/presence/reconnect.php?reason=14&fb_dtsg_ag=&__a=1',
-                ctx.jar, null, ctx.globalOptions, { noRef: true }
+                'https://www.facebook.com/ajax/presence/reconnect.php',
+                ctx.jar, { reason: '14', __a: '1' }, ctx.globalOptions, { noRef: true, _skipSessionInspect: true }
               );
               const html = resp.body || '';
 

package/src/utils/antiSuspension.js

@@ -83,8 +83,8 @@ class AntiSuspension {
         this.lastActivity = new Map();
         this.typing = new Map();
 
-        this.messageDelayMs = 100;
-        this.threadDelayMs = 200;
+        this.messageDelayMs = 300;
+        this.threadDelayMs = 400;
         this.loginAttempts = 0;
         this.maxLoginAttempts = 3;
         this.loginCooldown = 300000;
@@ -279,9 +279,11 @@ class AntiSuspension {
     }
 
     async addSmartDelay() {
-        const base = 30 + Math.random() * 70;
-        const jitter = (Math.random() - 0.5) * 20;
-        const total = Math.max(20, base + jitter);
+        // Minimum realistic inter-request pause — short enough not to block
+        // high-throughput flows but long enough to avoid sub-100ms bot patterns.
+        const base = 500 + Math.random() * 700;
+        const jitter = (Math.random() - 0.5) * 150;
+        const total = Math.max(350, base + jitter);
         await new Promise(resolve => setTimeout(resolve, total));
     }
 
@@ -293,14 +295,14 @@ class AntiSuspension {
         const threadCount = this.dailyStats.threadStats.get(String(threadID))?.count || 0;
         const globalCount = this.dailyStats.messageCount;
 
-        let base = 30;
-        if (globalCount > 800) base = 150;
-        else if (globalCount > 400) base = 80;
+        let base = 120;
+        if (globalCount > 800) base = 500;
+        else if (globalCount > 400) base = 250;
 
-        if (threadCount > 50) base += 50;
+        if (threadCount > 50) base += 180;
 
         const jitter = Math.random() * base * 0.4;
-        const total = Math.max(20, base + jitter);
+        const total = Math.max(80, base + jitter);
         await new Promise(resolve => setTimeout(resolve, total));
     }
 
@@ -320,7 +322,7 @@ class AntiSuspension {
 
     async enforceMessageRate() {
         await new Promise(resolve =>
-            setTimeout(resolve, this.messageDelayMs + Math.random() * 50)
+            setTimeout(resolve, this.messageDelayMs + Math.random() * 300)
         );
     }
 
@@ -457,7 +459,6 @@ class AntiSuspension {
         }
 
         await this.enforceThreadThrottling(threadID);
-        await this.addAdaptiveDelay(threadID);
         this._incrementDailyStats(threadID);
     }
 

package/src/utils/axios.js

@@ -111,18 +111,19 @@ async function inspectResponseForSessionIssues(adapted, ctx) {
 
         if (!ctx.auto_login && typeof ctx.performAutoLogin === 'function') {
             ctx.auto_login = true;
+            // Always reset the flag in a finally block so a synchronous throw
+            // or a rejected promise can never leave auto_login stuck at true,
+            // which would permanently prevent future re-login attempts.
             try {
                 const ok = await ctx.performAutoLogin();
-                ctx.auto_login = false;
                 if (!ok) {
                     const err = new Error('Not logged in. Auto re-login failed.');
                     err.error = 'Not logged in.';
                     err.res = body;
                     throw err;
                 }
-            } catch (autoErr) {
+            } finally {
                 ctx.auto_login = false;
-                throw autoErr;
             }
         } else {
             const err = new Error('Not logged in. Session has expired.');

package/src/utils/tokenRefresh.js

@@ -95,6 +95,11 @@ class TokenRefreshManager {
                 probeCtx
             );
 
+            // Save any rotated cookies Facebook returns (fr, xs, etc.) so the
+            // jar stays fresh.  Dropping rotated cookies causes Facebook to
+            // treat the session as stale and forces a logout.
+            try { utils.saveCookies(ctx.jar)(resp); } catch (_) {}
+
             const body = resp.body;
             if (!body) return false;
 
@@ -188,6 +193,9 @@ class TokenRefreshManager {
                 for (let i = 0; i < ctx.fb_dtsg.length; i++) {
                     ctx.ttstamp += ctx.fb_dtsg.charCodeAt(i);
                 }
+                // Recalculate jazoest whenever fb_dtsg changes — it must stay in sync.
+                // jazoest = "2" + sum-of-char-codes (numeric sum, not concatenation).
+                ctx.jazoest = `2${Array.from(ctx.fb_dtsg).reduce((a, b) => a + b.charCodeAt(0), 0)}`;
             } else {
                 throw new Error("Failed to extract fb_dtsg token");
             }